@agent-native/core 0.22.37 → 0.22.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (18) hide show
  1. package/dist/cli/workspace-dev.d.ts +26 -0
  2. package/dist/cli/workspace-dev.d.ts.map +1 -1
  3. package/dist/cli/workspace-dev.js +111 -1
  4. package/dist/cli/workspace-dev.js.map +1 -1
  5. package/dist/client/agent-chat.d.ts.map +1 -1
  6. package/dist/client/agent-chat.js +17 -1
  7. package/dist/client/agent-chat.js.map +1 -1
  8. package/dist/client/embed-auth.d.ts.map +1 -1
  9. package/dist/client/embed-auth.js +19 -3
  10. package/dist/client/embed-auth.js.map +1 -1
  11. package/dist/mcp/build-server.d.ts.map +1 -1
  12. package/dist/mcp/build-server.js +70 -4
  13. package/dist/mcp/build-server.js.map +1 -1
  14. package/dist/server/deep-link.d.ts +0 -2
  15. package/dist/server/deep-link.d.ts.map +1 -1
  16. package/dist/server/deep-link.js +0 -2
  17. package/dist/server/deep-link.js.map +1 -1
  18. package/package.json +1 -1
package/dist/client/agent-chat.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"agent-chat.js","sourceRoot":"","sources":["../../src/client/agent-chat.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEnE,OAAO,EACL,iBAAiB,EACjB,0BAA0B,EAC1B,4BAA4B,EAC5B,iCAAiC,GAClC,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAyD5B,MAAM,uBAAuB,GAAG,wBAAwB,CAAC;AACzD,MAAM,yBAAyB,GAAG,qBAAqB,CAAC;AAExD;;;GAGG;AACH,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;IAClC,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;QAC3C,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC,EAAE,CAAC;YACrE,OAAO;QACT,CAAC;QACD,IACE,KAAK,CAAC,IAAI,EAAE,IAAI,KAAK,yBAAyB;YAC9C,KAAK,CAAC,IAAI,EAAE,IAAI,KAAK,qBAAqB,EAC1C,CAAC;YACD,MAAM,CAAC,aAAa,CAClB,IAAI,WAAW,CAAC,yBAAyB,EAAE;gBACzC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI;aAC7C,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,+BAA+B;AAC/B,MAAM,UAAU,aAAa;IAC3B,OAAO,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AACxE,CAAC;AAED,SAAS,yBAAyB;IAChC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAC5E,IAAI,iCAAiC,EAAE;QAAE,4BAA4B,EAAE,CAAC;IACxE,OAAO,0BAA0B,EAAE,IAAI,iBAAiB,EAAE,CAAC;AAC7D,CAAC;AAED,SAAS,0BAA0B;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAC5E,IAAI,iCAAiC,EAAE;QAAE,4BAA4B,EAAE,CAAC;IACxE,OAAO,iBAAiB,EAAE,IAAI,CAAC,0BAA0B,EAAE,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAsB;IACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,aAAa,EAAE,CAAC;IAC5C,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC;IACzE,IAAI,aAAa,IAAI,gBAAgB,EAAE,EAAE,CAAC;QACxC,iBAAiB,CAAC;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG;QACd,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE;KACzB,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,yBAAyB,EAAE,EAAE,CAAC;QACzD,MAAM,iBAAiB,GAAG,qBAAqB,CAAC;YAC9C,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;QACH,IAAI,iBAAiB;YAAE,OAAO,KAAK,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC;IAEzE,MAAM,UAAU,GACd,CAAC,aAAa,IAAI,CAAC,gBAAgB,EAAE,IAAI,0BAA0B,EAAE,CAAC,CAAC;IACzE,MAAM,MAAM,GAAG,UAAU;QACvB,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,MAAM;YACxB,CAAC,CAAC,MAAM,CAAC,MAAM;YACf,CAAC,CAAC,MAAM,CAAC;IACb,MAAM,YAAY,GAAG,UAAU;QAC7B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;QACxB,CAAC,CAAC,cAAc,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;IAC/C,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,CAAC,aAAa,CAClB,IAAI,WAAW,CAAC,sBAAsB,EAAE;YACtC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;SACzB,CAAC,CACH,CAAC;QACF,MAAM,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5D,CAAC;SAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC1B,MAAM,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,yBAAyB,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,YAAY,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAErE,0EAA0E;IAC1E,4EAA4E;IAC5E,2EAA2E;IAC3E,IAAI,CAAC,aAAa,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACxC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,YAAY,EAAE,CAAC;IACjB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["/**\n * Agent Chat Bridge (browser)\n *\n * Sends structured messages to the agent chat from UI interactions.\n * Messages are sent via postMessage to the parent window (or self if top-level).\n * Builder frames are special: code requests go to Builder, but content prompts\n * stay inside the embedded app so its own AgentSidebar can receive them.\n */\n\nimport { getFrameOrigin, isTrustedFrameMessage } from \"./frame.js\";\nimport type { ReasoningEffort } from \"../shared/reasoning-effort.js\";\nimport {\n isEmbedAuthActive,\n isEmbedMcpChatBridgeActive,\n markEmbedMcpChatBridgeActive,\n readEmbedMcpChatBridgeFlagFromUrl,\n} from \"./embed-auth.js\";\nimport { sendMcpAppHostMessage } from \"./mcp-app-host.js\";\nimport {\n isInBuilderFrame,\n isTrustedBuilderMessage,\n sendToBuilderChat,\n} from \"./builder-frame.js\";\n\nexport interface AgentChatMessage {\n /** The visible prompt message sent to the chat */\n message: string;\n /** Hidden context appended to the message (not shown in chat UI) */\n context?: string;\n /** true = auto-submit, false = prefill only, omit = use project setting */\n submit?: boolean;\n /** Optional project slug for structured context */\n projectSlug?: string;\n /** Optional preset name for downstream consumers */\n preset?: string;\n /** Optional reference image paths */\n referenceImagePaths?: string[];\n /** Optional uploaded reference images */\n uploadedReferenceImages?: string[];\n /** Stable tab identifier — auto-generated if omitted */\n tabId?: string;\n /**\n * Message routing type:\n * - \"content\" (default): stays in the embedded app agent for content/data operations\n * - \"code\": routes to the code editing frame (Agent Native Desktop or Builder.io)\n *\n * When type is \"code\" and no frame is connected, a dialog is shown.\n * `requiresCode: true` is treated as `type: \"code\"` for backward compatibility.\n */\n type?: \"content\" | \"code\";\n /** @deprecated Use `type: \"code\"` instead. If true, treated as `type: \"code\"`. */\n requiresCode?: boolean;\n /** Model preference for this sub-agent (e.g. \"claude-haiku-4-5\"). Uses default if omitted */\n model?: string;\n /** Engine preference paired with model for cross-provider switches. */\n engine?: string;\n /** Reasoning effort preference paired with model. */\n effort?: ReasoningEffort;\n /** Scoped system prompt additions for this sub-agent */\n instructions?: string;\n /**\n * Whether to open the agent sidebar if it's currently hidden.\n * Defaults to true — submitting a chat should make the response visible.\n * Pass `false` for background/silent sends that shouldn't pop the UI open.\n */\n openSidebar?: boolean;\n /**\n * When true, opens a new chat tab before sending the message.\n * Use for creation requests (create tool, dashboard, etc.) that deserve\n * their own isolated thread rather than cluttering an existing conversation.\n */\n newTab?: boolean;\n /**\n * When true with newTab, creates the tab in the background without\n * focusing it or opening the sidebar. The message runs silently.\n */\n background?: boolean;\n}\n\nconst AGENT_CHAT_MESSAGE_TYPE = \"agentNative.submitChat\";\nconst AGENT_PANEL_PREPARE_EVENT = \"agent-panel:prepare\";\n\n/**\n * Listen for chatRunning messages from the frame (postMessage)\n * and re-dispatch as a CustomEvent so hooks like useAgentChatGenerating() work.\n */\nif (typeof window !== \"undefined\") {\n window.addEventListener(\"message\", (event) => {\n if (!isTrustedFrameMessage(event) && !isTrustedBuilderMessage(event)) {\n return;\n }\n if (\n event.data?.type === \"agentNative.chatRunning\" ||\n event.data?.type === \"builder.chatRunning\"\n ) {\n window.dispatchEvent(\n new CustomEvent(\"agentNative.chatRunning\", {\n detail: event.data.detail ?? event.data.data,\n }),\n );\n }\n });\n}\n\n/** Generate a unique tab ID */\nexport function generateTabId(): string {\n return `chat-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n}\n\nfunction isMcpAppChatBridgeEnabled(): boolean {\n if (typeof window === \"undefined\" || window.parent === window) return false;\n if (readEmbedMcpChatBridgeFlagFromUrl()) markEmbedMcpChatBridgeActive();\n return isEmbedMcpChatBridgeActive() && isEmbedAuthActive();\n}\n\nfunction isDirectMcpAppEmbedSession(): boolean {\n if (typeof window === \"undefined\" || window.parent === window) return false;\n if (readEmbedMcpChatBridgeFlagFromUrl()) markEmbedMcpChatBridgeActive();\n return isEmbedAuthActive() && !isEmbedMcpChatBridgeActive();\n}\n\n/**\n * Send a message to the agent chat via postMessage.\n */\n/**\n * Send a message to the agent chat via postMessage.\n * Returns the stable tabId for tracking this chat run.\n */\nexport function sendToAgentChat(opts: AgentChatMessage): string {\n const tabId = opts.tabId ?? generateTabId();\n const isCodeRequest = opts.type === \"code\" || opts.requiresCode === true;\n if (isCodeRequest && isInBuilderFrame()) {\n sendToBuilderChat({\n message: opts.message,\n context: opts.context,\n submit: opts.submit,\n });\n return tabId;\n }\n\n const payload = {\n type: AGENT_CHAT_MESSAGE_TYPE,\n data: { ...opts, tabId },\n };\n\n if (opts.submit !== false && isMcpAppChatBridgeEnabled()) {\n const directHostMessage = sendMcpAppHostMessage({\n message: opts.message,\n context: opts.context,\n });\n if (directHostMessage) return tabId;\n window.parent.postMessage(payload, getFrameOrigin() || \"*\");\n return tabId;\n }\n\n const shouldOpenSidebar = opts.openSidebar !== false && !opts.background;\n\n const targetSelf =\n !isCodeRequest && (isInBuilderFrame() || isDirectMcpAppEmbedSession());\n const target = targetSelf\n ? window\n : window.parent !== window\n ? window.parent\n : window;\n const targetOrigin = targetSelf\n ? window.location.origin\n : getFrameOrigin() || window.location.origin;\n if (shouldOpenSidebar) {\n window.dispatchEvent(\n new CustomEvent(\"agent-panel:set-mode\", {\n detail: { mode: \"chat\" },\n }),\n );\n window.dispatchEvent(new CustomEvent(\"agent-panel:open\"));\n } else if (!isCodeRequest) {\n window.dispatchEvent(new CustomEvent(AGENT_PANEL_PREPARE_EVENT));\n }\n\n const postToTarget = () => target.postMessage(payload, targetOrigin);\n\n // When the local app owns the chat surface, opening/preparing the sidebar\n // may mount the MessageEvent listener that receives this payload. Defer the\n // post one tick so a closed sidebar cannot drop the prompt while mounting.\n if (!isCodeRequest && target === window) {\n setTimeout(postToTarget, 0);\n } else {\n postToTarget();\n }\n return tabId;\n}\n"]}
1
+ {"version":3,"file":"agent-chat.js","sourceRoot":"","sources":["../../src/client/agent-chat.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,cAAc,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEnE,OAAO,EACL,iBAAiB,EACjB,0BAA0B,EAC1B,4BAA4B,EAC5B,iCAAiC,GAClC,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAyD5B,MAAM,uBAAuB,GAAG,wBAAwB,CAAC;AACzD,MAAM,yBAAyB,GAAG,qBAAqB,CAAC;AAExD;;;GAGG;AACH,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;IAClC,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;QAC3C,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,IAAI,CAAC,uBAAuB,CAAC,KAAK,CAAC,EAAE,CAAC;YACrE,OAAO;QACT,CAAC;QACD,IACE,KAAK,CAAC,IAAI,EAAE,IAAI,KAAK,yBAAyB;YAC9C,KAAK,CAAC,IAAI,EAAE,IAAI,KAAK,qBAAqB,EAC1C,CAAC;YACD,MAAM,CAAC,aAAa,CAClB,IAAI,WAAW,CAAC,yBAAyB,EAAE;gBACzC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI;aAC7C,CAAC,CACH,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,+BAA+B;AAC/B,MAAM,UAAU,aAAa;IAC3B,OAAO,QAAQ,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AACxE,CAAC;AAED,SAAS,yBAAyB;IAChC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAC5E,IAAI,iCAAiC,EAAE;QAAE,4BAA4B,EAAE,CAAC;IACxE,OAAO,0BAA0B,EAAE,IAAI,iBAAiB,EAAE,CAAC;AAC7D,CAAC;AAED,SAAS,0BAA0B;IACjC,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IAC5E,IAAI,iCAAiC,EAAE;QAAE,4BAA4B,EAAE,CAAC;IACxE,OAAO,iBAAiB,EAAE,IAAI,CAAC,0BAA0B,EAAE,CAAC;AAC9D,CAAC;AAED,SAAS,wBAAwB,CAAC,SAAkB;IAClD,IAAI,OAAO,MAAM,KAAK,WAAW;QAAE,OAAO;IAC1C,MAAM,CAAC,aAAa,CAClB,IAAI,WAAW,CAAC,yBAAyB,EAAE;QACzC,MAAM,EAAE,EAAE,SAAS,EAAE;KACtB,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,IAAsB;IACpD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,aAAa,EAAE,CAAC;IAC5C,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,KAAK,MAAM,IAAI,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC;IACzE,IAAI,aAAa,IAAI,gBAAgB,EAAE,EAAE,CAAC;QACxC,iBAAiB,CAAC;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG;QACd,IAAI,EAAE,uBAAuB;QAC7B,IAAI,EAAE,EAAE,GAAG,IAAI,EAAE,KAAK,EAAE;KACzB,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,IAAI,yBAAyB,EAAE,EAAE,CAAC;QACzD,MAAM,iBAAiB,GAAG,qBAAqB,CAAC;YAC9C,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;QACH,IAAI,iBAAiB,EAAE,CAAC;YACtB,KAAK,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC;iBACpC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;gBACX,IAAI,CAAC,EAAE;oBAAE,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC;YACvE,CAAC,CAAC;iBACD,OAAO,CAAC,GAAG,EAAE;gBACZ,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAClC,CAAC,CAAC,CAAC;YACL,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,GAAG,CAAC,CAAC;QAC5D,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC;IAEzE,MAAM,UAAU,GACd,CAAC,aAAa,IAAI,CAAC,gBAAgB,EAAE,IAAI,0BAA0B,EAAE,CAAC,CAAC;IACzE,MAAM,MAAM,GAAG,UAAU;QACvB,CAAC,CAAC,MAAM;QACR,CAAC,CAAC,MAAM,CAAC,MAAM,KAAK,MAAM;YACxB,CAAC,CAAC,MAAM,CAAC,MAAM;YACf,CAAC,CAAC,MAAM,CAAC;IACb,MAAM,YAAY,GAAG,UAAU;QAC7B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM;QACxB,CAAC,CAAC,cAAc,EAAE,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;IAC/C,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,CAAC,aAAa,CAClB,IAAI,WAAW,CAAC,sBAAsB,EAAE;YACtC,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;SACzB,CAAC,CACH,CAAC;QACF,MAAM,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAC5D,CAAC;SAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC1B,MAAM,CAAC,aAAa,CAAC,IAAI,WAAW,CAAC,yBAAyB,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,YAAY,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAErE,0EAA0E;IAC1E,4EAA4E;IAC5E,2EAA2E;IAC3E,IAAI,CAAC,aAAa,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACxC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,YAAY,EAAE,CAAC;IACjB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["/**\n * Agent Chat Bridge (browser)\n *\n * Sends structured messages to the agent chat from UI interactions.\n * Messages are sent via postMessage to the parent window (or self if top-level).\n * Builder frames are special: code requests go to Builder, but content prompts\n * stay inside the embedded app so its own AgentSidebar can receive them.\n */\n\nimport { getFrameOrigin, isTrustedFrameMessage } from \"./frame.js\";\nimport type { ReasoningEffort } from \"../shared/reasoning-effort.js\";\nimport {\n isEmbedAuthActive,\n isEmbedMcpChatBridgeActive,\n markEmbedMcpChatBridgeActive,\n readEmbedMcpChatBridgeFlagFromUrl,\n} from \"./embed-auth.js\";\nimport { sendMcpAppHostMessage } from \"./mcp-app-host.js\";\nimport {\n isInBuilderFrame,\n isTrustedBuilderMessage,\n sendToBuilderChat,\n} from \"./builder-frame.js\";\n\nexport interface AgentChatMessage {\n /** The visible prompt message sent to the chat */\n message: string;\n /** Hidden context appended to the message (not shown in chat UI) */\n context?: string;\n /** true = auto-submit, false = prefill only, omit = use project setting */\n submit?: boolean;\n /** Optional project slug for structured context */\n projectSlug?: string;\n /** Optional preset name for downstream consumers */\n preset?: string;\n /** Optional reference image paths */\n referenceImagePaths?: string[];\n /** Optional uploaded reference images */\n uploadedReferenceImages?: string[];\n /** Stable tab identifier — auto-generated if omitted */\n tabId?: string;\n /**\n * Message routing type:\n * - \"content\" (default): stays in the embedded app agent for content/data operations\n * - \"code\": routes to the code editing frame (Agent Native Desktop or Builder.io)\n *\n * When type is \"code\" and no frame is connected, a dialog is shown.\n * `requiresCode: true` is treated as `type: \"code\"` for backward compatibility.\n */\n type?: \"content\" | \"code\";\n /** @deprecated Use `type: \"code\"` instead. If true, treated as `type: \"code\"`. */\n requiresCode?: boolean;\n /** Model preference for this sub-agent (e.g. \"claude-haiku-4-5\"). Uses default if omitted */\n model?: string;\n /** Engine preference paired with model for cross-provider switches. */\n engine?: string;\n /** Reasoning effort preference paired with model. */\n effort?: ReasoningEffort;\n /** Scoped system prompt additions for this sub-agent */\n instructions?: string;\n /**\n * Whether to open the agent sidebar if it's currently hidden.\n * Defaults to true — submitting a chat should make the response visible.\n * Pass `false` for background/silent sends that shouldn't pop the UI open.\n */\n openSidebar?: boolean;\n /**\n * When true, opens a new chat tab before sending the message.\n * Use for creation requests (create tool, dashboard, etc.) that deserve\n * their own isolated thread rather than cluttering an existing conversation.\n */\n newTab?: boolean;\n /**\n * When true with newTab, creates the tab in the background without\n * focusing it or opening the sidebar. The message runs silently.\n */\n background?: boolean;\n}\n\nconst AGENT_CHAT_MESSAGE_TYPE = \"agentNative.submitChat\";\nconst AGENT_PANEL_PREPARE_EVENT = \"agent-panel:prepare\";\n\n/**\n * Listen for chatRunning messages from the frame (postMessage)\n * and re-dispatch as a CustomEvent so hooks like useAgentChatGenerating() work.\n */\nif (typeof window !== \"undefined\") {\n window.addEventListener(\"message\", (event) => {\n if (!isTrustedFrameMessage(event) && !isTrustedBuilderMessage(event)) {\n return;\n }\n if (\n event.data?.type === \"agentNative.chatRunning\" ||\n event.data?.type === \"builder.chatRunning\"\n ) {\n window.dispatchEvent(\n new CustomEvent(\"agentNative.chatRunning\", {\n detail: event.data.detail ?? event.data.data,\n }),\n );\n }\n });\n}\n\n/** Generate a unique tab ID */\nexport function generateTabId(): string {\n return `chat-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;\n}\n\nfunction isMcpAppChatBridgeEnabled(): boolean {\n if (typeof window === \"undefined\" || window.parent === window) return false;\n if (readEmbedMcpChatBridgeFlagFromUrl()) markEmbedMcpChatBridgeActive();\n return isEmbedMcpChatBridgeActive() && isEmbedAuthActive();\n}\n\nfunction isDirectMcpAppEmbedSession(): boolean {\n if (typeof window === \"undefined\" || window.parent === window) return false;\n if (readEmbedMcpChatBridgeFlagFromUrl()) markEmbedMcpChatBridgeActive();\n return isEmbedAuthActive() && !isEmbedMcpChatBridgeActive();\n}\n\nfunction dispatchAgentChatRunning(isRunning: boolean): void {\n if (typeof window === \"undefined\") return;\n window.dispatchEvent(\n new CustomEvent(\"agentNative.chatRunning\", {\n detail: { isRunning },\n }),\n );\n}\n\n/**\n * Send a message to the agent chat via postMessage.\n */\n/**\n * Send a message to the agent chat via postMessage.\n * Returns the stable tabId for tracking this chat run.\n */\nexport function sendToAgentChat(opts: AgentChatMessage): string {\n const tabId = opts.tabId ?? generateTabId();\n const isCodeRequest = opts.type === \"code\" || opts.requiresCode === true;\n if (isCodeRequest && isInBuilderFrame()) {\n sendToBuilderChat({\n message: opts.message,\n context: opts.context,\n submit: opts.submit,\n });\n return tabId;\n }\n\n const payload = {\n type: AGENT_CHAT_MESSAGE_TYPE,\n data: { ...opts, tabId },\n };\n\n if (opts.submit !== false && isMcpAppChatBridgeEnabled()) {\n const directHostMessage = sendMcpAppHostMessage({\n message: opts.message,\n context: opts.context,\n });\n if (directHostMessage) {\n void Promise.resolve(directHostMessage)\n .then((ok) => {\n if (!ok) window.parent.postMessage(payload, getFrameOrigin() || \"*\");\n })\n .finally(() => {\n dispatchAgentChatRunning(false);\n });\n return tabId;\n }\n window.parent.postMessage(payload, getFrameOrigin() || \"*\");\n return tabId;\n }\n\n const shouldOpenSidebar = opts.openSidebar !== false && !opts.background;\n\n const targetSelf =\n !isCodeRequest && (isInBuilderFrame() || isDirectMcpAppEmbedSession());\n const target = targetSelf\n ? window\n : window.parent !== window\n ? window.parent\n : window;\n const targetOrigin = targetSelf\n ? window.location.origin\n : getFrameOrigin() || window.location.origin;\n if (shouldOpenSidebar) {\n window.dispatchEvent(\n new CustomEvent(\"agent-panel:set-mode\", {\n detail: { mode: \"chat\" },\n }),\n );\n window.dispatchEvent(new CustomEvent(\"agent-panel:open\"));\n } else if (!isCodeRequest) {\n window.dispatchEvent(new CustomEvent(AGENT_PANEL_PREPARE_EVENT));\n }\n\n const postToTarget = () => target.postMessage(payload, targetOrigin);\n\n // When the local app owns the chat surface, opening/preparing the sidebar\n // may mount the MessageEvent listener that receives this payload. Defer the\n // post one tick so a closed sidebar cannot drop the prompt while mounting.\n if (!isCodeRequest && target === window) {\n setTimeout(postToTarget, 0);\n } else {\n postToTarget();\n }\n return tabId;\n}\n"]}
package/dist/client/embed-auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-auth.d.ts","sourceRoot":"","sources":["../../src/client/embed-auth.ts"],"names":[],"mappings":"AAwDA,wBAAgB,iCAAiC,IAAI,OAAO,CAO3D;AAgBD,wBAAgB,4BAA4B,IAAI,IAAI,CAenD;AAED,wBAAgB,0BAA0B,IAAI,OAAO,CA6BpD;AAoBD,wBAAgB,iBAAiB,IAAI,MAAM,GAAG,IAAI,CASjD;AAED,wBAAgB,iBAAiB,IAAI,OAAO,CAM3C;AA2ED,oDAAoD;AACpD,wBAAgB,uBAAuB,IAAI,IAAI,CAO9C;AAkMD,wBAAgB,+BAA+B,IAAI,IAAI,CAyCtD"}
1
+ {"version":3,"file":"embed-auth.d.ts","sourceRoot":"","sources":["../../src/client/embed-auth.ts"],"names":[],"mappings":"AAwDA,wBAAgB,iCAAiC,IAAI,OAAO,CAO3D;AAgBD,wBAAgB,4BAA4B,IAAI,IAAI,CAenD;AAED,wBAAgB,0BAA0B,IAAI,OAAO,CA8CpD;AAoBD,wBAAgB,iBAAiB,IAAI,MAAM,GAAG,IAAI,CASjD;AAED,wBAAgB,iBAAiB,IAAI,OAAO,CAM3C;AA2ED,oDAAoD;AACpD,wBAAgB,uBAAuB,IAAI,IAAI,CAO9C;AAkMD,wBAAgB,+BAA+B,IAAI,IAAI,CAyCtD"}
package/dist/client/embed-auth.js CHANGED
@@ -82,17 +82,33 @@ export function isEmbedMcpChatBridgeActive() {
82
82
  return true;
83
83
  }
84
84
  const scope = currentMcpChatBridgeScope(win);
85
+ // Once we've enrolled in MCP bridge mode in this page, trust the in-memory
86
+ // flag. A null scope (because the URL token was stripped after enroll AND
87
+ // sessionStorage is denied — Safari private mode, third-party-cookie-blocked
88
+ // iframes, strict ChatGPT/Claude sandboxes) is NOT evidence of de-enrollment.
89
+ // Only an actual auth-scope CHANGE (a different non-null embed token) means
90
+ // we should clear the bridge.
85
91
  if (mcpChatBridgeActive) {
86
- if (scope && mcpChatBridgeScope === scope)
92
+ if (scope == null)
87
93
  return true;
94
+ if (mcpChatBridgeScope == null || mcpChatBridgeScope === scope) {
95
+ // Capture the scope now that we have one; future calls can compare.
96
+ mcpChatBridgeScope = scope;
97
+ return true;
98
+ }
88
99
  clearMcpChatBridge(win);
89
100
  return false;
90
101
  }
91
102
  try {
92
103
  const storedScope = win.sessionStorage?.getItem(MCP_CHAT_BRIDGE_STORAGE_KEY);
93
- if (scope && storedScope === scope)
104
+ if (storedScope && (scope == null || storedScope === scope)) {
105
+ // Promote the persisted enrollment into in-memory state so subsequent
106
+ // reads survive sessionStorage becoming unavailable later in the session.
107
+ mcpChatBridgeActive = true;
108
+ mcpChatBridgeScope = storedScope;
94
109
  return true;
95
- if (storedScope && storedScope !== scope) {
110
+ }
111
+ if (storedScope && scope != null && storedScope !== scope) {
96
112
  win.sessionStorage?.removeItem(MCP_CHAT_BRIDGE_STORAGE_KEY);
97
113
  }
98
114
  return false;
package/dist/client/embed-auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"embed-auth.js","sourceRoot":"","sources":["../../src/client/embed-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,mBAAmB,EACnB,uBAAuB,EACvB,+BAA+B,GAChC,MAAM,yBAAyB,CAAC;AAEjC,IAAI,SAAS,GAAG,KAAK,CAAC;AACtB,IAAI,WAAW,GAAkB,IAAI,CAAC;AACtC,IAAI,mBAAmB,GAAG,KAAK,CAAC;AAChC,IAAI,kBAAkB,GAAkB,IAAI,CAAC;AAC7C,MAAM,uBAAuB,GAAG,+BAA+B,CAAC;AAChE,MAAM,2BAA2B,GAAG,8BAA8B,CAAC;AAEnE,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AACjD,MAAM,mBAAmB,GAAG,qCAAqC,CAAC;AAClE,MAAM,iCAAiC,GACrC,uCAAuC,CAAC;AAC1C,MAAM,+BAA+B,GAAG,GAAG,CAAC;AAU5C,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA6B,CAAC;AAC9D,IAAI,gBAAgB,GAA6B,IAAI,CAAC;AAEtD,SAAS,aAAa;IACpB,OAAO,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC;AACvD,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,OAAO,IAAI,GAAG,CACZ,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,EAAE,EACvF,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,6BAA6B,CACrD,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW;IACnC,OAAO,UAAU,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,iCAAiC;IAC/C,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,GAAG,CAC7C,+BAA+B,CAChC,CAAC;IACF,OAAO,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,MAAM,CAAC;AAC3C,CAAC;AAED,SAAS,yBAAyB,CAAC,GAAW;IAC5C,OAAO,gBAAgB,CAAC,GAAG,CAAC,IAAI,WAAW,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,mBAAmB,GAAG,KAAK,CAAC;IAC5B,kBAAkB,GAAG,IAAI,CAAC;IAC1B,IAAI,CAAC;QACH,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,4BAA4B;IAC1C,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC1D,mBAAmB,GAAG,IAAI,CAAC;IAC3B,kBAAkB,GAAG,KAAK,CAAC;IAC3B,IAAI,CAAC;QACH,IAAI,KAAK,EAAE,CAAC;YACV,GAAG,EAAE,cAAc,EAAE,OAAO,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QACnE,CAAC;aAAM,CAAC;YACN,GAAG,EAAE,cAAc,EAAE,UAAU,CAAC,2BAA2B,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,oEAAoE;IACtE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,0BAA0B;IACxC,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACzB,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,iCAAiC,EAAE,EAAE,CAAC;QACxC,4BAA4B,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,KAAK,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,mBAAmB,EAAE,CAAC;QACxB,IAAI,KAAK,IAAI,kBAAkB,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC;QACvD,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,GAAG,CAAC,cAAc,EAAE,OAAO,CAC7C,2BAA2B,CAC5B,CAAC;QACF,IAAI,KAAK,IAAI,WAAW,KAAK,KAAK;YAAE,OAAO,IAAI,CAAC;QAChD,IAAI,WAAW,IAAI,WAAW,KAAK,KAAK,EAAE,CAAC;YACzC,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,2BAA2B,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAa,EAAE,GAAW;IAC5C,WAAW,GAAG,KAAK,CAAC;IACpB,IAAI,CAAC;QACH,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,oEAAoE;IACtE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,OAAO,EAAE,CAAC;QACZ,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACzB,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,OAAO,WAAW,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,IAAI,iBAAiB,EAAE;QAAE,OAAO,IAAI,CAAC;IACrC,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACvE,OAAO,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,MAAM,CAAC;AACzC,CAAC;AAED,SAAS,gCAAgC,CAAC,GAAW;IACnD,IAAI,CAAC,0BAA0B,EAAE;QAAE,OAAO;IAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC;IACzB,IAAI,CAAC,GAAG,EAAE,IAAI;QAAE,OAAO;IACvB,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,iCAAiC,CAAC,EAAE,CAAC;QAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACzC,KAAK,CAAC,EAAE,GAAG,iCAAiC,CAAC;QAC7C,MAAM,MAAM,GAAG,GAAG,+BAA+B,IAAI,CAAC;QACtD,KAAK,CAAC,WAAW,GAAG;;;;YAIZ,MAAM;gBACF,MAAM;;;;;;;;YAQV,MAAM;gBACF,MAAM;;;CAGrB,CAAC;QACE,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IACD,iCAAiC,CAAC,GAAG,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,iCAAiC,CAAC,GAAW;IACpD,MAAM,MAAM,GAAG,+BAA+B,CAAC;IAC/C,MAAM,MAAM,GAAG,GAAG,EAAE;QAClB,IAAI,CAAC;YACH,MAAM,MAAM,GACV,GAKD,CAAC,MAAM,CAAC;YACT,MAAM,EAAE,qBAAqB,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,oEAAoE;QACtE,CAAC;QAED,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,WAAW,CACpB;oBACE,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,+BAA+B;oBACvC,MAAM,EAAE,EAAE,MAAM,EAAE;iBACnB,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,4EAA4E;QAC9E,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,EAAE,CAAC;IACT,IAAI,CAAC;QACH,GAAG,CAAC,qBAAqB,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5C,GAAG,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC9B,GAAG,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,4EAA4E;IAC9E,CAAC;AACH,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,uBAAuB;IACrC,SAAS,GAAG,KAAK,CAAC;IAClB,WAAW,GAAG,IAAI,CAAC;IACnB,mBAAmB,GAAG,KAAK,CAAC;IAC5B,kBAAkB,GAAG,IAAI,CAAC;IAC1B,gBAAgB,CAAC,KAAK,EAAE,CAAC;IACzB,gBAAgB,GAAG,IAAI,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,CAAC,GAAG;YAAE,OAAO;QACjB,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC;YAAE,OAAO;QAC3D,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;QACjD,GAAG,CAAC,OAAO,CAAC,YAAY,CACtB,GAAG,CAAC,OAAO,CAAC,KAAK,EACjB,EAAE,EACF,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,CAC1C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW;IACnC,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,GAAG,EAAE,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,GAAG,CAAC,MAAM,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,MAAM,IAAI,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,KAAwB,EAAE,GAAW;IACrD,IAAI,CAAC;QACH,OAAO,KAAK,YAAY,OAAO;YAC7B,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;YACpB,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAwB,EAAE,GAAW;IACvD,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACrC,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC;AACpD,CAAC;AAED,SAAS,aAAa,CAAC,KAAwB,EAAE,IAAkB;IACjE,OAAO,CACL,IAAI,EAAE,MAAM;QACZ,CAAC,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;QACrD,KAAK,CACN,CAAC,WAAW,EAAE,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,MAAc,EAAE,GAAQ;IAC9C,OAAO,GAAG,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAc;IACzC,OAAO,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,CAAC;AAC1C,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAc,EAAE,GAAQ;IACtD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB;QAAE,OAAO,KAAK,CAAC;IACpD,IAAI,GAAG,CAAC,QAAQ,KAAK,wBAAwB;QAAE,OAAO,KAAK,CAAC;IAC5D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CACxB,MAA4C;IAE5C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,MAAM,CAAC;IACjD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAC3B,GAAW,EACX,mBAA4B;IAE5B,MAAM,MAAM,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAE7B,IAAI,CAAC,mBAAmB;QAAE,OAAO,IAAI,CAAC;IACtC,MAAM,WAAW,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;IACxD,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IACpC,gBAAgB,GAAG,IAAI,CAAC;IACxB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAyB;IACpD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,GAAG,CACT,aAAa,EACb,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CACvE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,GAAW,EACX,QAAkB,EAClB,mBAA4B;IAE5B,IAAI,IAAI,GAAkB,IAAI,CAAC;IAC/B,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,GAAG,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAuB,EAAE,CAAC;IACvC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,IACE,KAAK,KAAK,kBAAkB;YAC5B,KAAK,KAAK,gBAAgB;YAC1B,KAAK,KAAK,mBAAmB,EAC7B,CAAC;YACD,OAAO;QACT,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAsB;QAChC,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,OAAO;QACP,IAAI;QACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,wBAAwB;KACjD,CAAC;IACF,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAClC,IAAI,mBAAmB;QAAE,gBAAgB,GAAG,MAAM,CAAC;AACrD,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW,EAAE,mBAA4B;IACjE,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,mBAAmB;QAAE,gBAAgB,GAAG,IAAI,CAAC;AACnD,CAAC;AAED,SAAS,oBAAoB,CAC3B,KAAwB,EACxB,IAA6B,EAC7B,KAAa,EACb,GAAW;IAEX,MAAM,OAAO,GAAG,IAAI,OAAO,CACzB,IAAI,EAAE,OAAO,IAAI,CAAC,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CACxE,CAAC;IACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,KAAK,YAAY,OAAO,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,OAAO,CAAC,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,CAAC,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,gBAAgB,CACvB,KAAwB,EACxB,IAA6B,EAC7B,GAAW;IAOX,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,SAAS,CAAC;IAC/D,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC1C,OAAO;QACL,GAAG,EAAE,cAAc,CAAC,MAAM,EAAE,GAAG,CAAC;QAChC,WAAW,EAAE,sBAAsB,CAAC,MAAM,EAAE,GAAG,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,+BAA+B;IAC7C,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO;IAEjB,IAAI,iCAAiC,EAAE;QAAE,4BAA4B,EAAE,CAAC;IAExE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,QAAQ,EAAE,CAAC;QACb,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1B,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,gCAAgC,CAAC,GAAG,CAAC,CAAC;IAEtC,IAAI,SAAS;QAAE,OAAO;IACtB,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,UAAU;QAAE,OAAO;IAC5C,SAAS,GAAG,IAAI,CAAC;IAEjB,MAAM,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1C,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,EAAE,KAAwB,EAAE,IAAkB,EAAE,EAAE;QAClE,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;QACtC,IAAI,OAAO,EAAE,WAAW,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAC5D,IAAI,MAAM;gBAAE,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;QAClC,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,IAAI,SAAS,GAAG,IAAI,CAAC;QACrB,IAAI,KAAK,IAAI,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;YACpC,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,UAAiB,EAAE,SAAgB,CAAC,CAAC;QAC1E,IAAI,OAAO,EAAE,WAAW,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACjE,MAAM,iBAAiB,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;QACvE,CAAC;aAAM,IAAI,OAAO,EAAE,WAAW,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAC/C,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAiB,CAAC;AACrB,CAAC","sourcesContent":["import {\n EMBED_MODE_QUERY_PARAM,\n EMBED_START_PATH,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n MCP_APP_CHAT_BRIDGE_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nlet installed = false;\nlet memoryToken: string | null = null;\nlet mcpChatBridgeActive = false;\nlet mcpChatBridgeScope: string | null = null;\nconst EMBED_TOKEN_STORAGE_KEY = \"agent-native:embed-auth-token\";\nconst MCP_CHAT_BRIDGE_STORAGE_KEY = \"agent-native:mcp-chat-bridge\";\n\nconst AUTH_FAILURE_COOLDOWN_MS = 60_000;\nconst GUARDED_METHODS = new Set([\"GET\", \"HEAD\"]);\nconst AUTH_FAILURE_HEADER = \"x-agent-native-auth-circuit-breaker\";\nconst MCP_CHAT_BRIDGE_VIEWPORT_STYLE_ID =\n \"agent-native-mcp-chat-bridge-viewport\";\nconst MCP_CHAT_BRIDGE_VIEWPORT_HEIGHT = 560;\n\ntype AuthFailureRecord = {\n status: number;\n statusText: string;\n headers: [string, string][];\n body: string | null;\n expiresAt: number;\n};\n\nconst authFailureCache = new Map<string, AuthFailureRecord>();\nlet embedAuthFailure: AuthFailureRecord | null = null;\n\nfunction browserWindow(): Window | null {\n return typeof window === \"undefined\" ? null : window;\n}\n\nfunction currentUrl(win: Window): URL | null {\n try {\n return new URL(win.location.href);\n } catch {\n try {\n return new URL(\n `${win.location.pathname || \"/\"}${win.location.search || \"\"}${win.location.hash || \"\"}`,\n win.location.origin || \"http://agent-native.invalid\",\n );\n } catch {\n return null;\n }\n }\n}\n\nfunction readTokenFromUrl(win: Window): string | null {\n return currentUrl(win)?.searchParams.get(EMBED_TOKEN_QUERY_PARAM) ?? null;\n}\n\nexport function readEmbedMcpChatBridgeFlagFromUrl(): boolean {\n const win = browserWindow();\n if (!win) return false;\n const value = currentUrl(win)?.searchParams.get(\n MCP_APP_CHAT_BRIDGE_QUERY_PARAM,\n );\n return value === \"1\" || value === \"true\";\n}\n\nfunction currentMcpChatBridgeScope(win: Window): string | null {\n return readTokenFromUrl(win) ?? memoryToken ?? storedToken(win);\n}\n\nfunction clearMcpChatBridge(win: Window): void {\n mcpChatBridgeActive = false;\n mcpChatBridgeScope = null;\n try {\n win.sessionStorage?.removeItem(MCP_CHAT_BRIDGE_STORAGE_KEY);\n } catch {\n // ignore unavailable session storage\n }\n}\n\nexport function markEmbedMcpChatBridgeActive(): void {\n const win = browserWindow();\n const scope = win ? currentMcpChatBridgeScope(win) : null;\n mcpChatBridgeActive = true;\n mcpChatBridgeScope = scope;\n try {\n if (scope) {\n win?.sessionStorage?.setItem(MCP_CHAT_BRIDGE_STORAGE_KEY, scope);\n } else {\n win?.sessionStorage?.removeItem(MCP_CHAT_BRIDGE_STORAGE_KEY);\n }\n } catch {\n // Session storage may be unavailable in some sandboxed hosts. The\n // in-memory fallback still covers the normal single-page boot path.\n }\n}\n\nexport function isEmbedMcpChatBridgeActive(): boolean {\n const win = browserWindow();\n if (!win) return false;\n if (!isEmbedAuthActive()) {\n clearMcpChatBridge(win);\n return false;\n }\n if (readEmbedMcpChatBridgeFlagFromUrl()) {\n markEmbedMcpChatBridgeActive();\n return true;\n }\n const scope = currentMcpChatBridgeScope(win);\n if (mcpChatBridgeActive) {\n if (scope && mcpChatBridgeScope === scope) return true;\n clearMcpChatBridge(win);\n return false;\n }\n try {\n const storedScope = win.sessionStorage?.getItem(\n MCP_CHAT_BRIDGE_STORAGE_KEY,\n );\n if (scope && storedScope === scope) return true;\n if (storedScope && storedScope !== scope) {\n win.sessionStorage?.removeItem(MCP_CHAT_BRIDGE_STORAGE_KEY);\n }\n return false;\n } catch {\n return false;\n }\n}\n\nfunction storedToken(win: Window): string | null {\n try {\n return win.sessionStorage?.getItem(EMBED_TOKEN_STORAGE_KEY) ?? null;\n } catch {\n return null;\n }\n}\n\nfunction storeToken(token: string, win: Window): void {\n memoryToken = token;\n try {\n win.sessionStorage?.setItem(EMBED_TOKEN_STORAGE_KEY, token);\n } catch {\n // Session storage may be unavailable in some sandboxed hosts. The\n // in-memory fallback still covers the normal single-page boot path.\n }\n}\n\nexport function getEmbedAuthToken(): string | null {\n const win = browserWindow();\n if (!win) return null;\n const fromUrl = readTokenFromUrl(win);\n if (fromUrl) {\n storeToken(fromUrl, win);\n return fromUrl;\n }\n return memoryToken ?? storedToken(win);\n}\n\nexport function isEmbedAuthActive(): boolean {\n const win = browserWindow();\n if (!win) return false;\n if (getEmbedAuthToken()) return true;\n const mode = currentUrl(win)?.searchParams.get(EMBED_MODE_QUERY_PARAM);\n return mode === \"1\" || mode === \"true\";\n}\n\nfunction ensureMcpChatBridgeViewportClamp(win: Window): void {\n if (!isEmbedMcpChatBridgeActive()) return;\n const doc = win.document;\n if (!doc?.head) return;\n if (!doc.getElementById(MCP_CHAT_BRIDGE_VIEWPORT_STYLE_ID)) {\n const style = doc.createElement(\"style\");\n style.id = MCP_CHAT_BRIDGE_VIEWPORT_STYLE_ID;\n const height = `${MCP_CHAT_BRIDGE_VIEWPORT_HEIGHT}px`;\n style.textContent = `\nhtml,\nbody {\n min-height: 0 !important;\n height: ${height} !important;\n max-height: ${height} !important;\n overflow: hidden !important;\n}\n\n#root,\n#__next,\n[data-agent-native-app-root] {\n min-height: 0 !important;\n height: ${height} !important;\n max-height: ${height} !important;\n overflow: hidden !important;\n}\n`;\n doc.head.appendChild(style);\n }\n notifyMcpChatBridgeViewportHeight(win);\n}\n\nfunction notifyMcpChatBridgeViewportHeight(win: Window): void {\n const height = MCP_CHAT_BRIDGE_VIEWPORT_HEIGHT;\n const notify = () => {\n try {\n const openai = (\n win as Window & {\n openai?: {\n notifyIntrinsicHeight?: (payload: { height: number }) => void;\n };\n }\n ).openai;\n openai?.notifyIntrinsicHeight?.({ height });\n } catch {\n // Host bridge availability varies by client; sizing is best-effort.\n }\n\n try {\n if (win.parent && win.parent !== win) {\n win.parent.postMessage(\n {\n jsonrpc: \"2.0\",\n method: \"ui/notifications/size-changed\",\n params: { height },\n },\n \"*\",\n );\n }\n } catch {\n // Cross-host embeds can deny parent messaging in tests or strict sandboxes.\n }\n };\n\n notify();\n try {\n win.requestAnimationFrame?.(() => notify());\n win.setTimeout?.(notify, 250);\n win.setTimeout?.(notify, 1000);\n } catch {\n // Timers are a progressive enhancement for late host bridge initialization.\n }\n}\n\n/** Internal test helper. Do not use in app code. */\nexport function _resetEmbedAuthForTests(): void {\n installed = false;\n memoryToken = null;\n mcpChatBridgeActive = false;\n mcpChatBridgeScope = null;\n authFailureCache.clear();\n embedAuthFailure = null;\n}\n\nfunction stripTokenFromUrl(win: Window): void {\n try {\n const url = currentUrl(win);\n if (!url) return;\n if (!url.searchParams.has(EMBED_TOKEN_QUERY_PARAM)) return;\n url.searchParams.delete(EMBED_TOKEN_QUERY_PARAM);\n win.history.replaceState(\n win.history.state,\n \"\",\n `${url.pathname}${url.search}${url.hash}`,\n );\n } catch {\n // best effort only\n }\n}\n\nfunction currentEmbedTarget(win: Window): string {\n return `${win.location.pathname}${win.location.search}`;\n}\n\nfunction currentAppOrigin(win: Window): string | null {\n const url = currentUrl(win);\n if (url?.origin && url.origin !== \"null\") return url.origin;\n try {\n const origin = win.location.origin;\n return origin && origin !== \"null\" ? origin : null;\n } catch {\n return null;\n }\n}\n\nfunction inputUrl(input: RequestInfo | URL, win: Window): URL | null {\n try {\n return input instanceof Request\n ? new URL(input.url)\n : new URL(String(input), currentUrl(win)?.href ?? win.location.href);\n } catch {\n return null;\n }\n}\n\nfunction sameOrigin(input: RequestInfo | URL, win: Window): boolean {\n const url = inputUrl(input, win);\n const origin = currentAppOrigin(win);\n return !!url && !!origin && url.origin === origin;\n}\n\nfunction requestMethod(input: RequestInfo | URL, init?: RequestInit): string {\n return (\n init?.method ??\n (input instanceof Request ? input.method : undefined) ??\n \"GET\"\n ).toUpperCase();\n}\n\nfunction authFailureKey(method: string, url: URL): string {\n return `${method} ${url.href}`;\n}\n\nfunction isAuthFailureStatus(status: number): boolean {\n return status === 401 || status === 403;\n}\n\nfunction shouldGuardAuthFailure(method: string, url: URL): boolean {\n if (!GUARDED_METHODS.has(method)) return false;\n if (url.pathname === EMBED_START_PATH) return false;\n if (url.pathname === \"/_agent-native/sign-in\") return false;\n return true;\n}\n\nfunction activeAuthFailure(\n record: AuthFailureRecord | null | undefined,\n): AuthFailureRecord | null {\n if (!record) return null;\n if (record.expiresAt > Date.now()) return record;\n return null;\n}\n\nfunction getCachedAuthFailure(\n key: string,\n useEmbedWideFailure: boolean,\n): AuthFailureRecord | null {\n const cached = activeAuthFailure(authFailureCache.get(key));\n if (cached) return cached;\n authFailureCache.delete(key);\n\n if (!useEmbedWideFailure) return null;\n const embedCached = activeAuthFailure(embedAuthFailure);\n if (embedCached) return embedCached;\n embedAuthFailure = null;\n return null;\n}\n\nfunction authFailureResponse(record: AuthFailureRecord): Response {\n const headers = new Headers(record.headers);\n headers.set(AUTH_FAILURE_HEADER, \"1\");\n if (!headers.has(\"retry-after\")) {\n headers.set(\n \"retry-after\",\n String(Math.max(1, Math.ceil((record.expiresAt - Date.now()) / 1000))),\n );\n }\n return new Response(record.body, {\n status: record.status,\n statusText: record.statusText,\n headers,\n });\n}\n\nasync function recordAuthFailure(\n key: string,\n response: Response,\n useEmbedWideFailure: boolean,\n): Promise<void> {\n let body: string | null = null;\n try {\n body = await response.clone().text();\n } catch {\n body = null;\n }\n\n const headers: [string, string][] = [];\n response.headers.forEach((value, name) => {\n const lower = name.toLowerCase();\n if (\n lower === \"content-encoding\" ||\n lower === \"content-length\" ||\n lower === \"transfer-encoding\"\n ) {\n return;\n }\n headers.push([name, value]);\n });\n\n const record: AuthFailureRecord = {\n status: response.status,\n statusText: response.statusText,\n headers,\n body,\n expiresAt: Date.now() + AUTH_FAILURE_COOLDOWN_MS,\n };\n authFailureCache.set(key, record);\n if (useEmbedWideFailure) embedAuthFailure = record;\n}\n\nfunction clearAuthFailure(key: string, useEmbedWideFailure: boolean): void {\n authFailureCache.delete(key);\n if (useEmbedWideFailure) embedAuthFailure = null;\n}\n\nfunction withEmbedAuthHeaders(\n input: RequestInfo | URL,\n init: RequestInit | undefined,\n token: string,\n win: Window,\n): [RequestInfo | URL, RequestInit | undefined] {\n const headers = new Headers(\n init?.headers ?? (input instanceof Request ? input.headers : undefined),\n );\n if (!headers.has(\"Authorization\")) {\n headers.set(\"Authorization\", `Bearer ${token}`);\n }\n if (!headers.has(EMBED_TARGET_HEADER)) {\n headers.set(EMBED_TARGET_HEADER, currentEmbedTarget(win));\n }\n\n if (input instanceof Request) {\n return [new Request(input, { ...init, headers }), undefined];\n }\n return [input, { ...init, headers }];\n}\n\nfunction requestUrlAndKey(\n input: RequestInfo | URL,\n init: RequestInit | undefined,\n win: Window,\n):\n | {\n key: string;\n shouldGuard: boolean;\n }\n | undefined {\n const url = inputUrl(input, win);\n const origin = currentAppOrigin(win);\n if (!url || !origin || url.origin !== origin) return undefined;\n const method = requestMethod(input, init);\n return {\n key: authFailureKey(method, url),\n shouldGuard: shouldGuardAuthFailure(method, url),\n };\n}\n\nexport function ensureEmbedAuthFetchInterceptor(): void {\n const win = browserWindow();\n if (!win) return;\n\n if (readEmbedMcpChatBridgeFlagFromUrl()) markEmbedMcpChatBridgeActive();\n\n const urlToken = readTokenFromUrl(win);\n if (urlToken) {\n storeToken(urlToken, win);\n stripTokenFromUrl(win);\n }\n ensureMcpChatBridgeViewportClamp(win);\n\n if (installed) return;\n if (typeof win.fetch !== \"function\") return;\n installed = true;\n\n const originalFetch = win.fetch.bind(win);\n win.fetch = (async (input: RequestInfo | URL, init?: RequestInit) => {\n const request = requestUrlAndKey(input, init, win);\n const embedMode = isEmbedAuthActive();\n if (request?.shouldGuard) {\n const cached = getCachedAuthFailure(request.key, embedMode);\n if (cached) return authFailureResponse(cached);\n }\n\n const token = getEmbedAuthToken();\n let fetchInput = input;\n let fetchInit = init;\n if (token && sameOrigin(input, win)) {\n [fetchInput, fetchInit] = withEmbedAuthHeaders(input, init, token, win);\n }\n\n const response = await originalFetch(fetchInput as any, fetchInit as any);\n if (request?.shouldGuard && isAuthFailureStatus(response.status)) {\n await recordAuthFailure(request.key, response, embedMode || !!token);\n } else if (request?.shouldGuard && response.ok) {\n clearAuthFailure(request.key, embedMode || !!token);\n }\n return response;\n }) as typeof fetch;\n}\n"]}
1
+ {"version":3,"file":"embed-auth.js","sourceRoot":"","sources":["../../src/client/embed-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,sBAAsB,EACtB,gBAAgB,EAChB,mBAAmB,EACnB,uBAAuB,EACvB,+BAA+B,GAChC,MAAM,yBAAyB,CAAC;AAEjC,IAAI,SAAS,GAAG,KAAK,CAAC;AACtB,IAAI,WAAW,GAAkB,IAAI,CAAC;AACtC,IAAI,mBAAmB,GAAG,KAAK,CAAC;AAChC,IAAI,kBAAkB,GAAkB,IAAI,CAAC;AAC7C,MAAM,uBAAuB,GAAG,+BAA+B,CAAC;AAChE,MAAM,2BAA2B,GAAG,8BAA8B,CAAC;AAEnE,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC;AACjD,MAAM,mBAAmB,GAAG,qCAAqC,CAAC;AAClE,MAAM,iCAAiC,GACrC,uCAAuC,CAAC;AAC1C,MAAM,+BAA+B,GAAG,GAAG,CAAC;AAU5C,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAA6B,CAAC;AAC9D,IAAI,gBAAgB,GAA6B,IAAI,CAAC;AAEtD,SAAS,aAAa;IACpB,OAAO,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC;AACvD,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,CAAC;YACH,OAAO,IAAI,GAAG,CACZ,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,EAAE,GAAG,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,EAAE,EACvF,GAAG,CAAC,QAAQ,CAAC,MAAM,IAAI,6BAA6B,CACrD,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW;IACnC,OAAO,UAAU,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,iCAAiC;IAC/C,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,GAAG,CAC7C,+BAA+B,CAChC,CAAC;IACF,OAAO,KAAK,KAAK,GAAG,IAAI,KAAK,KAAK,MAAM,CAAC;AAC3C,CAAC;AAED,SAAS,yBAAyB,CAAC,GAAW;IAC5C,OAAO,gBAAgB,CAAC,GAAG,CAAC,IAAI,WAAW,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,mBAAmB,GAAG,KAAK,CAAC;IAC5B,kBAAkB,GAAG,IAAI,CAAC;IAC1B,IAAI,CAAC;QACH,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,4BAA4B;IAC1C,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,yBAAyB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC1D,mBAAmB,GAAG,IAAI,CAAC;IAC3B,kBAAkB,GAAG,KAAK,CAAC;IAC3B,IAAI,CAAC;QACH,IAAI,KAAK,EAAE,CAAC;YACV,GAAG,EAAE,cAAc,EAAE,OAAO,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QACnE,CAAC;aAAM,CAAC;YACN,GAAG,EAAE,cAAc,EAAE,UAAU,CAAC,2BAA2B,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,oEAAoE;IACtE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,0BAA0B;IACxC,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC;QACzB,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,iCAAiC,EAAE,EAAE,CAAC;QACxC,4BAA4B,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,KAAK,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC;IAC7C,2EAA2E;IAC3E,0EAA0E;IAC1E,6EAA6E;IAC7E,8EAA8E;IAC9E,4EAA4E;IAC5E,8BAA8B;IAC9B,IAAI,mBAAmB,EAAE,CAAC;QACxB,IAAI,KAAK,IAAI,IAAI;YAAE,OAAO,IAAI,CAAC;QAC/B,IAAI,kBAAkB,IAAI,IAAI,IAAI,kBAAkB,KAAK,KAAK,EAAE,CAAC;YAC/D,oEAAoE;YACpE,kBAAkB,GAAG,KAAK,CAAC;YAC3B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,kBAAkB,CAAC,GAAG,CAAC,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,GAAG,CAAC,cAAc,EAAE,OAAO,CAC7C,2BAA2B,CAC5B,CAAC;QACF,IAAI,WAAW,IAAI,CAAC,KAAK,IAAI,IAAI,IAAI,WAAW,KAAK,KAAK,CAAC,EAAE,CAAC;YAC5D,sEAAsE;YACtE,0EAA0E;YAC1E,mBAAmB,GAAG,IAAI,CAAC;YAC3B,kBAAkB,GAAG,WAAW,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,IAAI,WAAW,IAAI,KAAK,IAAI,IAAI,IAAI,WAAW,KAAK,KAAK,EAAE,CAAC;YAC1D,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,2BAA2B,CAAC,CAAC;QAC9D,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,uBAAuB,CAAC,IAAI,IAAI,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAa,EAAE,GAAW;IAC5C,WAAW,GAAG,KAAK,CAAC;IACpB,IAAI,CAAC;QACH,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,oEAAoE;IACtE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,OAAO,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACtC,IAAI,OAAO,EAAE,CAAC;QACZ,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACzB,OAAO,OAAO,CAAC;IACjB,CAAC;IACD,OAAO,WAAW,IAAI,WAAW,CAAC,GAAG,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,IAAI,iBAAiB,EAAE;QAAE,OAAO,IAAI,CAAC;IACrC,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IACvE,OAAO,IAAI,KAAK,GAAG,IAAI,IAAI,KAAK,MAAM,CAAC;AACzC,CAAC;AAED,SAAS,gCAAgC,CAAC,GAAW;IACnD,IAAI,CAAC,0BAA0B,EAAE;QAAE,OAAO;IAC1C,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC;IACzB,IAAI,CAAC,GAAG,EAAE,IAAI;QAAE,OAAO;IACvB,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,iCAAiC,CAAC,EAAE,CAAC;QAC3D,MAAM,KAAK,GAAG,GAAG,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QACzC,KAAK,CAAC,EAAE,GAAG,iCAAiC,CAAC;QAC7C,MAAM,MAAM,GAAG,GAAG,+BAA+B,IAAI,CAAC;QACtD,KAAK,CAAC,WAAW,GAAG;;;;YAIZ,MAAM;gBACF,MAAM;;;;;;;;YAQV,MAAM;gBACF,MAAM;;;CAGrB,CAAC;QACE,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IACD,iCAAiC,CAAC,GAAG,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,iCAAiC,CAAC,GAAW;IACpD,MAAM,MAAM,GAAG,+BAA+B,CAAC;IAC/C,MAAM,MAAM,GAAG,GAAG,EAAE;QAClB,IAAI,CAAC;YACH,MAAM,MAAM,GACV,GAKD,CAAC,MAAM,CAAC;YACT,MAAM,EAAE,qBAAqB,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,oEAAoE;QACtE,CAAC;QAED,IAAI,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACrC,GAAG,CAAC,MAAM,CAAC,WAAW,CACpB;oBACE,OAAO,EAAE,KAAK;oBACd,MAAM,EAAE,+BAA+B;oBACvC,MAAM,EAAE,EAAE,MAAM,EAAE;iBACnB,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,4EAA4E;QAC9E,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,EAAE,CAAC;IACT,IAAI,CAAC;QACH,GAAG,CAAC,qBAAqB,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;QAC5C,GAAG,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC9B,GAAG,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC;IAAC,MAAM,CAAC;QACP,4EAA4E;IAC9E,CAAC;AACH,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,uBAAuB;IACrC,SAAS,GAAG,KAAK,CAAC;IAClB,WAAW,GAAG,IAAI,CAAC;IACnB,mBAAmB,GAAG,KAAK,CAAC;IAC5B,kBAAkB,GAAG,IAAI,CAAC;IAC1B,gBAAgB,CAAC,KAAK,EAAE,CAAC;IACzB,gBAAgB,GAAG,IAAI,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,CAAC,GAAG;YAAE,OAAO;QACjB,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC;YAAE,OAAO;QAC3D,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;QACjD,GAAG,CAAC,OAAO,CAAC,YAAY,CACtB,GAAG,CAAC,OAAO,CAAC,KAAK,EACjB,EAAE,EACF,GAAG,GAAG,CAAC,QAAQ,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,CAC1C,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,mBAAmB;IACrB,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW;IACrC,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW;IACnC,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,GAAG,EAAE,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,GAAG,CAAC,MAAM,CAAC;IAC5D,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC;QACnC,OAAO,MAAM,IAAI,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,KAAwB,EAAE,GAAW;IACrD,IAAI,CAAC;QACH,OAAO,KAAK,YAAY,OAAO;YAC7B,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC;YACpB,CAAC,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,EAAE,IAAI,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAwB,EAAE,GAAW;IACvD,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACrC,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,CAAC;AACpD,CAAC;AAED,SAAS,aAAa,CAAC,KAAwB,EAAE,IAAkB;IACjE,OAAO,CACL,IAAI,EAAE,MAAM;QACZ,CAAC,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;QACrD,KAAK,CACN,CAAC,WAAW,EAAE,CAAC;AAClB,CAAC;AAED,SAAS,cAAc,CAAC,MAAc,EAAE,GAAQ;IAC9C,OAAO,GAAG,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAc;IACzC,OAAO,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG,CAAC;AAC1C,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAc,EAAE,GAAQ;IACtD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB;QAAE,OAAO,KAAK,CAAC;IACpD,IAAI,GAAG,CAAC,QAAQ,KAAK,wBAAwB;QAAE,OAAO,KAAK,CAAC;IAC5D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,iBAAiB,CACxB,MAA4C;IAE5C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,MAAM,CAAC;IACjD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAC3B,GAAW,EACX,mBAA4B;IAE5B,MAAM,MAAM,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAE7B,IAAI,CAAC,mBAAmB;QAAE,OAAO,IAAI,CAAC;IACtC,MAAM,WAAW,GAAG,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;IACxD,IAAI,WAAW;QAAE,OAAO,WAAW,CAAC;IACpC,gBAAgB,GAAG,IAAI,CAAC;IACxB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAyB;IACpD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC;IACtC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,GAAG,CACT,aAAa,EACb,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CACvE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE;QAC/B,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,GAAW,EACX,QAAkB,EAClB,mBAA4B;IAE5B,IAAI,IAAI,GAAkB,IAAI,CAAC;IAC/B,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,GAAG,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAuB,EAAE,CAAC;IACvC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,IACE,KAAK,KAAK,kBAAkB;YAC5B,KAAK,KAAK,gBAAgB;YAC1B,KAAK,KAAK,mBAAmB,EAC7B,CAAC;YACD,OAAO;QACT,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAsB;QAChC,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,OAAO;QACP,IAAI;QACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,wBAAwB;KACjD,CAAC;IACF,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAClC,IAAI,mBAAmB;QAAE,gBAAgB,GAAG,MAAM,CAAC;AACrD,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW,EAAE,mBAA4B;IACjE,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,mBAAmB;QAAE,gBAAgB,GAAG,IAAI,CAAC;AACnD,CAAC;AAED,SAAS,oBAAoB,CAC3B,KAAwB,EACxB,IAA6B,EAC7B,KAAa,EACb,GAAW;IAEX,MAAM,OAAO,GAAG,IAAI,OAAO,CACzB,IAAI,EAAE,OAAO,IAAI,CAAC,KAAK,YAAY,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CACxE,CAAC;IACF,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,KAAK,YAAY,OAAO,EAAE,CAAC;QAC7B,OAAO,CAAC,IAAI,OAAO,CAAC,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,CAAC,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,gBAAgB,CACvB,KAAwB,EACxB,IAA6B,EAC7B,GAAW;IAOX,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,SAAS,CAAC;IAC/D,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC1C,OAAO;QACL,GAAG,EAAE,cAAc,CAAC,MAAM,EAAE,GAAG,CAAC;QAChC,WAAW,EAAE,sBAAsB,CAAC,MAAM,EAAE,GAAG,CAAC;KACjD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,+BAA+B;IAC7C,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,IAAI,CAAC,GAAG;QAAE,OAAO;IAEjB,IAAI,iCAAiC,EAAE;QAAE,4BAA4B,EAAE,CAAC;IAExE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,QAAQ,EAAE,CAAC;QACb,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1B,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,gCAAgC,CAAC,GAAG,CAAC,CAAC;IAEtC,IAAI,SAAS;QAAE,OAAO;IACtB,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,UAAU;QAAE,OAAO;IAC5C,SAAS,GAAG,IAAI,CAAC;IAEjB,MAAM,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1C,GAAG,CAAC,KAAK,GAAG,CAAC,KAAK,EAAE,KAAwB,EAAE,IAAkB,EAAE,EAAE;QAClE,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;QACtC,IAAI,OAAO,EAAE,WAAW,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,oBAAoB,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YAC5D,IAAI,MAAM;gBAAE,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,KAAK,GAAG,iBAAiB,EAAE,CAAC;QAClC,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,IAAI,SAAS,GAAG,IAAI,CAAC;QACrB,IAAI,KAAK,IAAI,UAAU,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,CAAC;YACpC,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,UAAiB,EAAE,SAAgB,CAAC,CAAC;QAC1E,IAAI,OAAO,EAAE,WAAW,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACjE,MAAM,iBAAiB,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;QACvE,CAAC;aAAM,IAAI,OAAO,EAAE,WAAW,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;YAC/C,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAiB,CAAC;AACrB,CAAC","sourcesContent":["import {\n EMBED_MODE_QUERY_PARAM,\n EMBED_START_PATH,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n MCP_APP_CHAT_BRIDGE_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nlet installed = false;\nlet memoryToken: string | null = null;\nlet mcpChatBridgeActive = false;\nlet mcpChatBridgeScope: string | null = null;\nconst EMBED_TOKEN_STORAGE_KEY = \"agent-native:embed-auth-token\";\nconst MCP_CHAT_BRIDGE_STORAGE_KEY = \"agent-native:mcp-chat-bridge\";\n\nconst AUTH_FAILURE_COOLDOWN_MS = 60_000;\nconst GUARDED_METHODS = new Set([\"GET\", \"HEAD\"]);\nconst AUTH_FAILURE_HEADER = \"x-agent-native-auth-circuit-breaker\";\nconst MCP_CHAT_BRIDGE_VIEWPORT_STYLE_ID =\n \"agent-native-mcp-chat-bridge-viewport\";\nconst MCP_CHAT_BRIDGE_VIEWPORT_HEIGHT = 560;\n\ntype AuthFailureRecord = {\n status: number;\n statusText: string;\n headers: [string, string][];\n body: string | null;\n expiresAt: number;\n};\n\nconst authFailureCache = new Map<string, AuthFailureRecord>();\nlet embedAuthFailure: AuthFailureRecord | null = null;\n\nfunction browserWindow(): Window | null {\n return typeof window === \"undefined\" ? null : window;\n}\n\nfunction currentUrl(win: Window): URL | null {\n try {\n return new URL(win.location.href);\n } catch {\n try {\n return new URL(\n `${win.location.pathname || \"/\"}${win.location.search || \"\"}${win.location.hash || \"\"}`,\n win.location.origin || \"http://agent-native.invalid\",\n );\n } catch {\n return null;\n }\n }\n}\n\nfunction readTokenFromUrl(win: Window): string | null {\n return currentUrl(win)?.searchParams.get(EMBED_TOKEN_QUERY_PARAM) ?? null;\n}\n\nexport function readEmbedMcpChatBridgeFlagFromUrl(): boolean {\n const win = browserWindow();\n if (!win) return false;\n const value = currentUrl(win)?.searchParams.get(\n MCP_APP_CHAT_BRIDGE_QUERY_PARAM,\n );\n return value === \"1\" || value === \"true\";\n}\n\nfunction currentMcpChatBridgeScope(win: Window): string | null {\n return readTokenFromUrl(win) ?? memoryToken ?? storedToken(win);\n}\n\nfunction clearMcpChatBridge(win: Window): void {\n mcpChatBridgeActive = false;\n mcpChatBridgeScope = null;\n try {\n win.sessionStorage?.removeItem(MCP_CHAT_BRIDGE_STORAGE_KEY);\n } catch {\n // ignore unavailable session storage\n }\n}\n\nexport function markEmbedMcpChatBridgeActive(): void {\n const win = browserWindow();\n const scope = win ? currentMcpChatBridgeScope(win) : null;\n mcpChatBridgeActive = true;\n mcpChatBridgeScope = scope;\n try {\n if (scope) {\n win?.sessionStorage?.setItem(MCP_CHAT_BRIDGE_STORAGE_KEY, scope);\n } else {\n win?.sessionStorage?.removeItem(MCP_CHAT_BRIDGE_STORAGE_KEY);\n }\n } catch {\n // Session storage may be unavailable in some sandboxed hosts. The\n // in-memory fallback still covers the normal single-page boot path.\n }\n}\n\nexport function isEmbedMcpChatBridgeActive(): boolean {\n const win = browserWindow();\n if (!win) return false;\n if (!isEmbedAuthActive()) {\n clearMcpChatBridge(win);\n return false;\n }\n if (readEmbedMcpChatBridgeFlagFromUrl()) {\n markEmbedMcpChatBridgeActive();\n return true;\n }\n const scope = currentMcpChatBridgeScope(win);\n // Once we've enrolled in MCP bridge mode in this page, trust the in-memory\n // flag. A null scope (because the URL token was stripped after enroll AND\n // sessionStorage is denied — Safari private mode, third-party-cookie-blocked\n // iframes, strict ChatGPT/Claude sandboxes) is NOT evidence of de-enrollment.\n // Only an actual auth-scope CHANGE (a different non-null embed token) means\n // we should clear the bridge.\n if (mcpChatBridgeActive) {\n if (scope == null) return true;\n if (mcpChatBridgeScope == null || mcpChatBridgeScope === scope) {\n // Capture the scope now that we have one; future calls can compare.\n mcpChatBridgeScope = scope;\n return true;\n }\n clearMcpChatBridge(win);\n return false;\n }\n try {\n const storedScope = win.sessionStorage?.getItem(\n MCP_CHAT_BRIDGE_STORAGE_KEY,\n );\n if (storedScope && (scope == null || storedScope === scope)) {\n // Promote the persisted enrollment into in-memory state so subsequent\n // reads survive sessionStorage becoming unavailable later in the session.\n mcpChatBridgeActive = true;\n mcpChatBridgeScope = storedScope;\n return true;\n }\n if (storedScope && scope != null && storedScope !== scope) {\n win.sessionStorage?.removeItem(MCP_CHAT_BRIDGE_STORAGE_KEY);\n }\n return false;\n } catch {\n return false;\n }\n}\n\nfunction storedToken(win: Window): string | null {\n try {\n return win.sessionStorage?.getItem(EMBED_TOKEN_STORAGE_KEY) ?? null;\n } catch {\n return null;\n }\n}\n\nfunction storeToken(token: string, win: Window): void {\n memoryToken = token;\n try {\n win.sessionStorage?.setItem(EMBED_TOKEN_STORAGE_KEY, token);\n } catch {\n // Session storage may be unavailable in some sandboxed hosts. The\n // in-memory fallback still covers the normal single-page boot path.\n }\n}\n\nexport function getEmbedAuthToken(): string | null {\n const win = browserWindow();\n if (!win) return null;\n const fromUrl = readTokenFromUrl(win);\n if (fromUrl) {\n storeToken(fromUrl, win);\n return fromUrl;\n }\n return memoryToken ?? storedToken(win);\n}\n\nexport function isEmbedAuthActive(): boolean {\n const win = browserWindow();\n if (!win) return false;\n if (getEmbedAuthToken()) return true;\n const mode = currentUrl(win)?.searchParams.get(EMBED_MODE_QUERY_PARAM);\n return mode === \"1\" || mode === \"true\";\n}\n\nfunction ensureMcpChatBridgeViewportClamp(win: Window): void {\n if (!isEmbedMcpChatBridgeActive()) return;\n const doc = win.document;\n if (!doc?.head) return;\n if (!doc.getElementById(MCP_CHAT_BRIDGE_VIEWPORT_STYLE_ID)) {\n const style = doc.createElement(\"style\");\n style.id = MCP_CHAT_BRIDGE_VIEWPORT_STYLE_ID;\n const height = `${MCP_CHAT_BRIDGE_VIEWPORT_HEIGHT}px`;\n style.textContent = `\nhtml,\nbody {\n min-height: 0 !important;\n height: ${height} !important;\n max-height: ${height} !important;\n overflow: hidden !important;\n}\n\n#root,\n#__next,\n[data-agent-native-app-root] {\n min-height: 0 !important;\n height: ${height} !important;\n max-height: ${height} !important;\n overflow: hidden !important;\n}\n`;\n doc.head.appendChild(style);\n }\n notifyMcpChatBridgeViewportHeight(win);\n}\n\nfunction notifyMcpChatBridgeViewportHeight(win: Window): void {\n const height = MCP_CHAT_BRIDGE_VIEWPORT_HEIGHT;\n const notify = () => {\n try {\n const openai = (\n win as Window & {\n openai?: {\n notifyIntrinsicHeight?: (payload: { height: number }) => void;\n };\n }\n ).openai;\n openai?.notifyIntrinsicHeight?.({ height });\n } catch {\n // Host bridge availability varies by client; sizing is best-effort.\n }\n\n try {\n if (win.parent && win.parent !== win) {\n win.parent.postMessage(\n {\n jsonrpc: \"2.0\",\n method: \"ui/notifications/size-changed\",\n params: { height },\n },\n \"*\",\n );\n }\n } catch {\n // Cross-host embeds can deny parent messaging in tests or strict sandboxes.\n }\n };\n\n notify();\n try {\n win.requestAnimationFrame?.(() => notify());\n win.setTimeout?.(notify, 250);\n win.setTimeout?.(notify, 1000);\n } catch {\n // Timers are a progressive enhancement for late host bridge initialization.\n }\n}\n\n/** Internal test helper. Do not use in app code. */\nexport function _resetEmbedAuthForTests(): void {\n installed = false;\n memoryToken = null;\n mcpChatBridgeActive = false;\n mcpChatBridgeScope = null;\n authFailureCache.clear();\n embedAuthFailure = null;\n}\n\nfunction stripTokenFromUrl(win: Window): void {\n try {\n const url = currentUrl(win);\n if (!url) return;\n if (!url.searchParams.has(EMBED_TOKEN_QUERY_PARAM)) return;\n url.searchParams.delete(EMBED_TOKEN_QUERY_PARAM);\n win.history.replaceState(\n win.history.state,\n \"\",\n `${url.pathname}${url.search}${url.hash}`,\n );\n } catch {\n // best effort only\n }\n}\n\nfunction currentEmbedTarget(win: Window): string {\n return `${win.location.pathname}${win.location.search}`;\n}\n\nfunction currentAppOrigin(win: Window): string | null {\n const url = currentUrl(win);\n if (url?.origin && url.origin !== \"null\") return url.origin;\n try {\n const origin = win.location.origin;\n return origin && origin !== \"null\" ? origin : null;\n } catch {\n return null;\n }\n}\n\nfunction inputUrl(input: RequestInfo | URL, win: Window): URL | null {\n try {\n return input instanceof Request\n ? new URL(input.url)\n : new URL(String(input), currentUrl(win)?.href ?? win.location.href);\n } catch {\n return null;\n }\n}\n\nfunction sameOrigin(input: RequestInfo | URL, win: Window): boolean {\n const url = inputUrl(input, win);\n const origin = currentAppOrigin(win);\n return !!url && !!origin && url.origin === origin;\n}\n\nfunction requestMethod(input: RequestInfo | URL, init?: RequestInit): string {\n return (\n init?.method ??\n (input instanceof Request ? input.method : undefined) ??\n \"GET\"\n ).toUpperCase();\n}\n\nfunction authFailureKey(method: string, url: URL): string {\n return `${method} ${url.href}`;\n}\n\nfunction isAuthFailureStatus(status: number): boolean {\n return status === 401 || status === 403;\n}\n\nfunction shouldGuardAuthFailure(method: string, url: URL): boolean {\n if (!GUARDED_METHODS.has(method)) return false;\n if (url.pathname === EMBED_START_PATH) return false;\n if (url.pathname === \"/_agent-native/sign-in\") return false;\n return true;\n}\n\nfunction activeAuthFailure(\n record: AuthFailureRecord | null | undefined,\n): AuthFailureRecord | null {\n if (!record) return null;\n if (record.expiresAt > Date.now()) return record;\n return null;\n}\n\nfunction getCachedAuthFailure(\n key: string,\n useEmbedWideFailure: boolean,\n): AuthFailureRecord | null {\n const cached = activeAuthFailure(authFailureCache.get(key));\n if (cached) return cached;\n authFailureCache.delete(key);\n\n if (!useEmbedWideFailure) return null;\n const embedCached = activeAuthFailure(embedAuthFailure);\n if (embedCached) return embedCached;\n embedAuthFailure = null;\n return null;\n}\n\nfunction authFailureResponse(record: AuthFailureRecord): Response {\n const headers = new Headers(record.headers);\n headers.set(AUTH_FAILURE_HEADER, \"1\");\n if (!headers.has(\"retry-after\")) {\n headers.set(\n \"retry-after\",\n String(Math.max(1, Math.ceil((record.expiresAt - Date.now()) / 1000))),\n );\n }\n return new Response(record.body, {\n status: record.status,\n statusText: record.statusText,\n headers,\n });\n}\n\nasync function recordAuthFailure(\n key: string,\n response: Response,\n useEmbedWideFailure: boolean,\n): Promise<void> {\n let body: string | null = null;\n try {\n body = await response.clone().text();\n } catch {\n body = null;\n }\n\n const headers: [string, string][] = [];\n response.headers.forEach((value, name) => {\n const lower = name.toLowerCase();\n if (\n lower === \"content-encoding\" ||\n lower === \"content-length\" ||\n lower === \"transfer-encoding\"\n ) {\n return;\n }\n headers.push([name, value]);\n });\n\n const record: AuthFailureRecord = {\n status: response.status,\n statusText: response.statusText,\n headers,\n body,\n expiresAt: Date.now() + AUTH_FAILURE_COOLDOWN_MS,\n };\n authFailureCache.set(key, record);\n if (useEmbedWideFailure) embedAuthFailure = record;\n}\n\nfunction clearAuthFailure(key: string, useEmbedWideFailure: boolean): void {\n authFailureCache.delete(key);\n if (useEmbedWideFailure) embedAuthFailure = null;\n}\n\nfunction withEmbedAuthHeaders(\n input: RequestInfo | URL,\n init: RequestInit | undefined,\n token: string,\n win: Window,\n): [RequestInfo | URL, RequestInit | undefined] {\n const headers = new Headers(\n init?.headers ?? (input instanceof Request ? input.headers : undefined),\n );\n if (!headers.has(\"Authorization\")) {\n headers.set(\"Authorization\", `Bearer ${token}`);\n }\n if (!headers.has(EMBED_TARGET_HEADER)) {\n headers.set(EMBED_TARGET_HEADER, currentEmbedTarget(win));\n }\n\n if (input instanceof Request) {\n return [new Request(input, { ...init, headers }), undefined];\n }\n return [input, { ...init, headers }];\n}\n\nfunction requestUrlAndKey(\n input: RequestInfo | URL,\n init: RequestInit | undefined,\n win: Window,\n):\n | {\n key: string;\n shouldGuard: boolean;\n }\n | undefined {\n const url = inputUrl(input, win);\n const origin = currentAppOrigin(win);\n if (!url || !origin || url.origin !== origin) return undefined;\n const method = requestMethod(input, init);\n return {\n key: authFailureKey(method, url),\n shouldGuard: shouldGuardAuthFailure(method, url),\n };\n}\n\nexport function ensureEmbedAuthFetchInterceptor(): void {\n const win = browserWindow();\n if (!win) return;\n\n if (readEmbedMcpChatBridgeFlagFromUrl()) markEmbedMcpChatBridgeActive();\n\n const urlToken = readTokenFromUrl(win);\n if (urlToken) {\n storeToken(urlToken, win);\n stripTokenFromUrl(win);\n }\n ensureMcpChatBridgeViewportClamp(win);\n\n if (installed) return;\n if (typeof win.fetch !== \"function\") return;\n installed = true;\n\n const originalFetch = win.fetch.bind(win);\n win.fetch = (async (input: RequestInfo | URL, init?: RequestInit) => {\n const request = requestUrlAndKey(input, init, win);\n const embedMode = isEmbedAuthActive();\n if (request?.shouldGuard) {\n const cached = getCachedAuthFailure(request.key, embedMode);\n if (cached) return authFailureResponse(cached);\n }\n\n const token = getEmbedAuthToken();\n let fetchInput = input;\n let fetchInit = init;\n if (token && sameOrigin(input, win)) {\n [fetchInput, fetchInit] = withEmbedAuthHeaders(input, init, token, win);\n }\n\n const response = await originalFetch(fetchInput as any, fetchInit as any);\n if (request?.shouldGuard && isAuthFailureStatus(response.status)) {\n await recordAuthFailure(request.key, response, embedMode || !!token);\n } else if (request?.shouldGuard && response.ok) {\n clearAuthFailure(request.key, embedMode || !!token);\n }\n return response;\n }) as typeof fetch;\n}\n"]}
package/dist/mcp/build-server.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAyBhE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAsQD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAqYD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6Z7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AA+FD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAO,GAC7D,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAoHD;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}
1
+ {"version":3,"file":"build-server.d.ts","sourceRoot":"","sources":["../../src/mcp/build-server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAyBhE,MAAM,WAAW,SAAS;IACxB,wCAAwC;IACxC,IAAI,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mDAAmD;IACnD,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAChD,qEAAqE;IACrE,QAAQ,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,gEAAgE;IAChE,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;kEAGkE;AAClE,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,yEAAyE;IACzE,MAAM,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAC;IAC5C;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6EAA6E;IAC7E,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAwTD;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,WAAW,EAClB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,GAAG,EACX,IAAI,EAAE,cAAc,GAAG,SAAS,GAC/B;IACD,KAAK,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IACvC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAyBA;AAqZD;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,iBAAiB,GAAG,SAAS,EACvC,WAAW,CAAC,EAAE,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA6Z7B;AAOD,wBAAgB,eAAe,IAAI,MAAM,EAAE,CAc1C;AA+FD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,UAAU,CAC9B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,EACrC,OAAO,GAAE;IAAE,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAO,GAC7D,OAAO,CAAC;IACT,MAAM,EAAE,OAAO,CAAC;IAChB,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IAC7B;;;;;;OAMG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB,CAAC,CAoHD;AAED,wBAAsB,sBAAsB,CAC1C,SAAS,EAAE,MAAM,GAAG,SAAS,GAC5B,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAS7B"}
package/dist/mcp/build-server.js CHANGED
@@ -181,6 +181,43 @@ function isEmbedStartUrl(value) {
181
181
  return value.includes("/_agent-native/embed/start");
182
182
  }
183
183
  }
184
+ /**
185
+ * Recursively redact embed-ticket-bearing URLs from any value before it gets
186
+ * serialized into a model-visible text payload. Embed start URLs carry a
187
+ * single-use ticket that grants iframe access to the user's session — they
188
+ * MUST stay in `_meta` (where the embed runtime can consume them) and never
189
+ * appear in `content[].text` for the LLM. This is the generic safety net for
190
+ * actions that return `{ embedStartUrl, ... }` without declaring
191
+ * `mcpApp.resource` (the resource path already strips them via
192
+ * `mcpAppStructuredContent`).
193
+ *
194
+ * Depth-capped to avoid pathological / circular structures. Strings that
195
+ * embed an `isEmbedStartUrl` substring (e.g. a longer message that includes
196
+ * the URL) are replaced with `[hidden embed URL]`.
197
+ */
198
+ function purgeEmbedStartUrls(value, depth = 0) {
199
+ if (depth > 5)
200
+ return value;
201
+ if (typeof value === "string") {
202
+ return isEmbedStartUrl(value) ? "[hidden embed URL]" : value;
203
+ }
204
+ if (Array.isArray(value)) {
205
+ return value.map((item) => purgeEmbedStartUrls(item, depth + 1));
206
+ }
207
+ if (value && typeof value === "object") {
208
+ const out = {};
209
+ for (const [key, val] of Object.entries(value)) {
210
+ if (typeof val === "string" && isEmbedStartUrl(val)) {
211
+ // Drop the key entirely for object-typed inputs so a tool result like
212
+ // `{ embedStartUrl: "..." }` does not appear at all in the LLM text.
213
+ continue;
214
+ }
215
+ out[key] = purgeEmbedStartUrls(val, depth + 1);
216
+ }
217
+ return out;
218
+ }
219
+ return value;
220
+ }
184
221
  function mcpAppEmbedOpenLinkMeta(result, resource, meta) {
185
222
  const out = metadataObject(result);
186
223
  const embedStartUrl = typeof out.embedStartUrl === "string"
@@ -203,12 +240,24 @@ function mcpAppEmbedOpenLinkMeta(result, resource, meta) {
203
240
  : typeof out.path === "string" && out.path.trim()
204
241
  ? out.path.trim()
205
242
  : undefined;
206
- const safeViewOpenUrl = view ? view : undefined;
243
+ // Only fabricate an open URL when there is a real path-like value: an
244
+ // explicit deepLinkUrl, or a non-embed `out.url`, or a leading-slash
245
+ // `view`/`path` that's already a route. Bare view-name strings like
246
+ // "inbox" or "deck" must NOT be turned into `${origin}/inbox` — apps
247
+ // route views at app-specific paths (e.g. slides routes `view: "deck"`
248
+ // at `/deck/:id`), so a synthesized origin-relative URL is just a 404.
249
+ // In that case omit `openLink` entirely; the embedStart meta carries
250
+ // the actual launch reference.
251
+ const pathFromRouteLike = view && view.startsWith("/")
252
+ ? view
253
+ : typeof out.path === "string" && out.path.trim().startsWith("/")
254
+ ? out.path.trim()
255
+ : undefined;
207
256
  const explicitOpenUrl = deepLinkUrl
208
257
  ? deepLinkUrl
209
258
  : typeof out.url === "string" && !isEmbedStartUrl(out.url)
210
259
  ? out.url
211
- : safeViewOpenUrl;
260
+ : pathFromRouteLike;
212
261
  const safeOpenUrl = explicitOpenUrl
213
262
  ? toAbsoluteOpenUrl(explicitOpenUrl, meta?.origin)
214
263
  : null;
@@ -509,6 +558,23 @@ function mcpAppStructuredContent(result, meta) {
509
558
  if (typeof out.url === "string" && isEmbedStartUrl(out.url)) {
510
559
  delete out.url;
511
560
  }
561
+ // Internal embed-routing fields belong in `_meta["agent-native/embedStart"]`
562
+ // (consumed by the embed runtime), not in `structuredContent` (read by the
563
+ // LLM). `embedTargetPath` reveals the exact route + thread/draft id the user
564
+ // is looking at; `embedExpiresAt` is an unintended timestamp; ticket-bearing
565
+ // fields are single-use credentials. Drop all of them unconditionally.
566
+ for (const key of [
567
+ "embedTargetPath",
568
+ "embedExpiresAt",
569
+ "ticket",
570
+ "embedTicket",
571
+ ]) {
572
+ delete out[key];
573
+ }
574
+ for (const key of Object.keys(out)) {
575
+ if (/Ticket$/.test(key))
576
+ delete out[key];
577
+ }
512
578
  const openLink = meta?.["agent-native/openLink"];
513
579
  if (openLink && typeof openLink === "object" && !Array.isArray(openLink)) {
514
580
  const webUrl = openLink.webUrl;
@@ -786,8 +852,8 @@ export async function createMCPServerForRequest(config, identity, requestMeta) {
786
852
  const text = mcpAppResource
787
853
  ? conciseMcpAppToolText(name, resultForClient, structuredContent)
788
854
  : typeof resultForClient === "string"
789
- ? resultForClient
790
- : JSON.stringify(resultForClient);
855
+ ? purgeEmbedStartUrls(resultForClient)
856
+ : JSON.stringify(purgeEmbedStartUrls(resultForClient));
791
857
  const content = [{ type: "text", text }];
792
858
  if (block)
793
859
  content.push(block);