@agent-native/core 0.22.4 → 0.22.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (179) hide show
  1. package/dist/agent/engine/builder-engine.d.ts.map +1 -1
  2. package/dist/agent/engine/builder-engine.js +10 -9
  3. package/dist/agent/engine/builder-engine.js.map +1 -1
  4. package/dist/agent/engine/builder-gateway-headers.d.ts +10 -0
  5. package/dist/agent/engine/builder-gateway-headers.d.ts.map +1 -0
  6. package/dist/agent/engine/builder-gateway-headers.js +44 -0
  7. package/dist/agent/engine/builder-gateway-headers.js.map +1 -0
  8. package/dist/agent/engine/index.d.ts +1 -1
  9. package/dist/agent/engine/index.d.ts.map +1 -1
  10. package/dist/agent/engine/index.js +1 -1
  11. package/dist/agent/engine/index.js.map +1 -1
  12. package/dist/agent/engine/registry.d.ts +1 -0
  13. package/dist/agent/engine/registry.d.ts.map +1 -1
  14. package/dist/agent/engine/registry.js +60 -1
  15. package/dist/agent/engine/registry.js.map +1 -1
  16. package/dist/agent/engine/translate-ai-sdk.d.ts.map +1 -1
  17. package/dist/agent/engine/translate-ai-sdk.js +3 -2
  18. package/dist/agent/engine/translate-ai-sdk.js.map +1 -1
  19. package/dist/agent/engine/translate-anthropic.d.ts +36 -2
  20. package/dist/agent/engine/translate-anthropic.d.ts.map +1 -1
  21. package/dist/agent/engine/translate-anthropic.js +159 -6
  22. package/dist/agent/engine/translate-anthropic.js.map +1 -1
  23. package/dist/agent/engine/types.d.ts +4 -2
  24. package/dist/agent/engine/types.d.ts.map +1 -1
  25. package/dist/agent/engine/types.js.map +1 -1
  26. package/dist/agent/production-agent.d.ts.map +1 -1
  27. package/dist/agent/production-agent.js +69 -9
  28. package/dist/agent/production-agent.js.map +1 -1
  29. package/dist/agent/types.d.ts +2 -0
  30. package/dist/agent/types.d.ts.map +1 -1
  31. package/dist/agent/types.js.map +1 -1
  32. package/dist/cli/connect.d.ts +1 -1
  33. package/dist/cli/connect.d.ts.map +1 -1
  34. package/dist/cli/connect.js +5 -2
  35. package/dist/cli/connect.js.map +1 -1
  36. package/dist/cli/create.d.ts.map +1 -1
  37. package/dist/cli/create.js +48 -6
  38. package/dist/cli/create.js.map +1 -1
  39. package/dist/client/AssistantChat.d.ts.map +1 -1
  40. package/dist/client/AssistantChat.js +7 -1
  41. package/dist/client/AssistantChat.js.map +1 -1
  42. package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
  43. package/dist/client/MultiTabAssistantChat.js +4 -3
  44. package/dist/client/MultiTabAssistantChat.js.map +1 -1
  45. package/dist/client/NewWorkspaceAppFlow.d.ts.map +1 -1
  46. package/dist/client/NewWorkspaceAppFlow.js +1 -0
  47. package/dist/client/NewWorkspaceAppFlow.js.map +1 -1
  48. package/dist/client/agent-chat-adapter.d.ts.map +1 -1
  49. package/dist/client/agent-chat-adapter.js +11 -5
  50. package/dist/client/agent-chat-adapter.js.map +1 -1
  51. package/dist/client/api-path.d.ts.map +1 -1
  52. package/dist/client/api-path.js +2 -0
  53. package/dist/client/api-path.js.map +1 -1
  54. package/dist/client/embed-auth.d.ts +4 -0
  55. package/dist/client/embed-auth.d.ts.map +1 -0
  56. package/dist/client/embed-auth.js +102 -0
  57. package/dist/client/embed-auth.js.map +1 -0
  58. package/dist/client/index.d.ts +1 -0
  59. package/dist/client/index.d.ts.map +1 -1
  60. package/dist/client/index.js +1 -0
  61. package/dist/client/index.js.map +1 -1
  62. package/dist/client/settings/SettingsPanel.d.ts.map +1 -1
  63. package/dist/client/settings/SettingsPanel.js +7 -3
  64. package/dist/client/settings/SettingsPanel.js.map +1 -1
  65. package/dist/client/use-action.d.ts.map +1 -1
  66. package/dist/client/use-action.js +2 -0
  67. package/dist/client/use-action.js.map +1 -1
  68. package/dist/client/use-chat-models.d.ts.map +1 -1
  69. package/dist/client/use-chat-models.js +4 -3
  70. package/dist/client/use-chat-models.js.map +1 -1
  71. package/dist/client/use-chat-threads.d.ts.map +1 -1
  72. package/dist/client/use-chat-threads.js +7 -7
  73. package/dist/client/use-chat-threads.js.map +1 -1
  74. package/dist/client/use-chat-threads.spec.js +70 -0
  75. package/dist/client/use-chat-threads.spec.js.map +1 -1
  76. package/dist/client/use-db-sync.d.ts.map +1 -1
  77. package/dist/client/use-db-sync.js +4 -0
  78. package/dist/client/use-db-sync.js.map +1 -1
  79. package/dist/deploy/route-discovery.js +1 -1
  80. package/dist/deploy/route-discovery.js.map +1 -1
  81. package/dist/index.d.ts +2 -0
  82. package/dist/index.d.ts.map +1 -1
  83. package/dist/index.js +2 -0
  84. package/dist/index.js.map +1 -1
  85. package/dist/mcp/build-server.d.ts.map +1 -1
  86. package/dist/mcp/build-server.js +49 -21
  87. package/dist/mcp/build-server.js.map +1 -1
  88. package/dist/mcp/builtin-tools.d.ts +1 -0
  89. package/dist/mcp/builtin-tools.d.ts.map +1 -1
  90. package/dist/mcp/builtin-tools.js +147 -8
  91. package/dist/mcp/builtin-tools.js.map +1 -1
  92. package/dist/mcp/connect-route.d.ts.map +1 -1
  93. package/dist/mcp/connect-route.js +79 -51
  94. package/dist/mcp/connect-route.js.map +1 -1
  95. package/dist/mcp/embed-app.d.ts +14 -0
  96. package/dist/mcp/embed-app.d.ts.map +1 -0
  97. package/dist/mcp/embed-app.js +191 -0
  98. package/dist/mcp/embed-app.js.map +1 -0
  99. package/dist/mcp/index.d.ts +1 -0
  100. package/dist/mcp/index.d.ts.map +1 -1
  101. package/dist/mcp/index.js +1 -0
  102. package/dist/mcp/index.js.map +1 -1
  103. package/dist/scripts/agent-engines/list-agent-engines.d.ts.map +1 -1
  104. package/dist/scripts/agent-engines/list-agent-engines.js +2 -1
  105. package/dist/scripts/agent-engines/list-agent-engines.js.map +1 -1
  106. package/dist/scripts/agent-engines/manage-agent-engine.d.ts.map +1 -1
  107. package/dist/scripts/agent-engines/manage-agent-engine.js +4 -1
  108. package/dist/scripts/agent-engines/manage-agent-engine.js.map +1 -1
  109. package/dist/scripts/agent-engines/set-agent-engine.d.ts.map +1 -1
  110. package/dist/scripts/agent-engines/set-agent-engine.js +4 -1
  111. package/dist/scripts/agent-engines/set-agent-engine.js.map +1 -1
  112. package/dist/server/action-discovery.d.ts.map +1 -1
  113. package/dist/server/action-discovery.js +10 -1
  114. package/dist/server/action-discovery.js.map +1 -1
  115. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  116. package/dist/server/agent-chat-plugin.js +9 -1
  117. package/dist/server/agent-chat-plugin.js.map +1 -1
  118. package/dist/server/auth.d.ts +7 -6
  119. package/dist/server/auth.d.ts.map +1 -1
  120. package/dist/server/auth.js +64 -15
  121. package/dist/server/auth.js.map +1 -1
  122. package/dist/server/core-routes-plugin.d.ts +2 -0
  123. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  124. package/dist/server/core-routes-plugin.js +7 -0
  125. package/dist/server/core-routes-plugin.js.map +1 -1
  126. package/dist/server/credential-provider.d.ts +6 -4
  127. package/dist/server/credential-provider.d.ts.map +1 -1
  128. package/dist/server/credential-provider.js +91 -12
  129. package/dist/server/credential-provider.js.map +1 -1
  130. package/dist/server/embed-route.d.ts +8 -0
  131. package/dist/server/embed-route.d.ts.map +1 -0
  132. package/dist/server/embed-route.js +71 -0
  133. package/dist/server/embed-route.js.map +1 -0
  134. package/dist/server/embed-session.d.ts +65 -0
  135. package/dist/server/embed-session.d.ts.map +1 -0
  136. package/dist/server/embed-session.js +433 -0
  137. package/dist/server/embed-session.js.map +1 -0
  138. package/dist/server/index.d.ts +2 -0
  139. package/dist/server/index.d.ts.map +1 -1
  140. package/dist/server/index.js +2 -0
  141. package/dist/server/index.js.map +1 -1
  142. package/dist/server/open-route.d.ts.map +1 -1
  143. package/dist/server/open-route.js +10 -0
  144. package/dist/server/open-route.js.map +1 -1
  145. package/dist/server/security-headers.d.ts.map +1 -1
  146. package/dist/server/security-headers.js +4 -2
  147. package/dist/server/security-headers.js.map +1 -1
  148. package/dist/shared/embed-auth.d.ts +6 -0
  149. package/dist/shared/embed-auth.d.ts.map +1 -0
  150. package/dist/shared/embed-auth.js +6 -0
  151. package/dist/shared/embed-auth.js.map +1 -0
  152. package/dist/shared/index.d.ts +1 -0
  153. package/dist/shared/index.d.ts.map +1 -1
  154. package/dist/shared/index.js +1 -0
  155. package/dist/shared/index.js.map +1 -1
  156. package/dist/templates/workspace-core/AGENTS.md +14 -5
  157. package/dist/templates/workspace-root/AGENTS.md +5 -0
  158. package/dist/templates/workspace-root/README.md +3 -0
  159. package/dist/vite/action-types-plugin.d.ts.map +1 -1
  160. package/dist/vite/action-types-plugin.js +10 -1
  161. package/dist/vite/action-types-plugin.js.map +1 -1
  162. package/docs/content/a2a-protocol.md +5 -1
  163. package/docs/content/actions.md +19 -4
  164. package/docs/content/cli-adapters.md +5 -0
  165. package/docs/content/client.md +35 -1
  166. package/docs/content/database.md +29 -0
  167. package/docs/content/dispatch.md +7 -1
  168. package/docs/content/external-agents.md +37 -13
  169. package/docs/content/key-concepts.md +3 -3
  170. package/docs/content/messaging.md +1 -1
  171. package/docs/content/onboarding.md +26 -0
  172. package/docs/content/template-content.md +1 -1
  173. package/docs/content/template-dispatch.md +9 -0
  174. package/docs/content/template-starter.md +2 -2
  175. package/package.json +1 -1
  176. package/src/templates/workspace-core/AGENTS.md +14 -5
  177. package/src/templates/workspace-root/AGENTS.md +5 -0
  178. package/src/templates/workspace-root/README.md +3 -0
  179. /package/docs/content/{template-video.md → template-videos.md} +0 -0
package/dist/server/embed-session.js ADDED
@@ -0,0 +1,433 @@
1
+ import crypto from "node:crypto";
2
+ import { getCookie, getHeader, getQuery, setCookie, setResponseHeader, } from "h3";
3
+ import { getDbExec, intType } from "../db/client.js";
4
+ import { getWorkspaceA2ADerivedSecret } from "./derived-secret.js";
5
+ import { getConfiguredAppBasePath } from "./app-base-path.js";
6
+ import { EMBED_MODE_QUERY_PARAM, EMBED_SESSION_COOKIE, EMBED_TARGET_HEADER, EMBED_TOKEN_QUERY_PARAM, } from "../shared/embed-auth.js";
7
+ const TOKEN_KIND = "agent-native-embed-session";
8
+ const DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;
9
+ const DEFAULT_TICKET_TTL_SECONDS = 5 * 60;
10
+ const CONTROL_CHARS = new RegExp("[\\u0000-\\u001f\\u007f]");
11
+ const OPEN_ROUTE_PATH = "/_agent-native/open";
12
+ let _initPromise;
13
+ let _devSigningKey;
14
+ async function ensureTable() {
15
+ if (!_initPromise) {
16
+ _initPromise = (async () => {
17
+ const client = getDbExec();
18
+ await client.execute(`
19
+ CREATE TABLE IF NOT EXISTS agent_native_embed_tickets (
20
+ ticket_hash TEXT PRIMARY KEY,
21
+ owner_email TEXT NOT NULL,
22
+ org_id TEXT,
23
+ target_path TEXT NOT NULL,
24
+ scope TEXT,
25
+ created_at ${intType()} NOT NULL,
26
+ expires_at ${intType()} NOT NULL,
27
+ consumed_at ${intType()}
28
+ )
29
+ `);
30
+ })().catch((err) => {
31
+ _initPromise = undefined;
32
+ throw err;
33
+ });
34
+ }
35
+ return _initPromise;
36
+ }
37
+ function getSigningKey() {
38
+ const secret = process.env.OAUTH_STATE_SECRET ||
39
+ process.env.BETTER_AUTH_SECRET ||
40
+ getWorkspaceA2ADerivedSecret("short-lived-token");
41
+ if (secret)
42
+ return secret;
43
+ if (process.env.NODE_ENV === "production") {
44
+ throw new Error("Embed session signing requires a server secret. Set OAUTH_STATE_SECRET, BETTER_AUTH_SECRET, or A2A_SECRET in production workspace deploys.");
45
+ }
46
+ if (!_devSigningKey) {
47
+ _devSigningKey = crypto.randomBytes(32).toString("hex");
48
+ }
49
+ return _devSigningKey;
50
+ }
51
+ function base64UrlEncode(buf) {
52
+ const b = typeof buf === "string" ? Buffer.from(buf, "utf8") : buf;
53
+ return b
54
+ .toString("base64")
55
+ .replace(/\+/g, "-")
56
+ .replace(/\//g, "_")
57
+ .replace(/=+$/g, "");
58
+ }
59
+ function base64UrlDecode(input) {
60
+ const padded = input + "=".repeat((4 - (input.length % 4)) % 4);
61
+ return Buffer.from(padded.replace(/-/g, "+").replace(/_/g, "/"), "base64");
62
+ }
63
+ function signPayload(payload) {
64
+ return base64UrlEncode(crypto.createHmac("sha256", getSigningKey()).update(payload).digest());
65
+ }
66
+ function hashTicket(ticket) {
67
+ return crypto.createHash("sha256").update(ticket).digest("hex");
68
+ }
69
+ function numberOrNull(value) {
70
+ if (value == null)
71
+ return null;
72
+ const n = Number(value);
73
+ return Number.isFinite(n) ? n : null;
74
+ }
75
+ function stringOrUndefined(value) {
76
+ return typeof value === "string" && value ? value : undefined;
77
+ }
78
+ function stripConfiguredBasePath(pathname) {
79
+ const base = getConfiguredAppBasePath();
80
+ if (!base)
81
+ return pathname;
82
+ if (pathname === base)
83
+ return "/";
84
+ if (pathname.startsWith(`${base}/`))
85
+ return pathname.slice(base.length) || "/";
86
+ return pathname;
87
+ }
88
+ function pathnameFromPath(path) {
89
+ const normalized = normalizeEmbedTargetPath(path);
90
+ if (!normalized)
91
+ return null;
92
+ try {
93
+ return new URL(normalized, "http://agent-native.invalid").pathname;
94
+ }
95
+ catch {
96
+ return null;
97
+ }
98
+ }
99
+ function safeOpenRouteTargetPathname(targetPath) {
100
+ let url;
101
+ try {
102
+ url = new URL(targetPath, "http://agent-native.invalid");
103
+ }
104
+ catch {
105
+ return null;
106
+ }
107
+ if (url.pathname !== OPEN_ROUTE_PATH) {
108
+ return null;
109
+ }
110
+ const to = normalizeEmbedTargetPath(url.searchParams.get("to"));
111
+ if (to)
112
+ return pathnameFromPath(to);
113
+ const view = url.searchParams.get("view")?.trim();
114
+ if (!view || CONTROL_CHARS.test(view))
115
+ return null;
116
+ const viewPath = view.startsWith("/") ? view : `/${view}`;
117
+ return pathnameFromPath(viewPath);
118
+ }
119
+ function allowedEmbedTargetPathnames(targetPath) {
120
+ const allowed = new Set();
121
+ const direct = pathnameFromPath(targetPath);
122
+ if (direct)
123
+ allowed.add(direct);
124
+ const openTarget = safeOpenRouteTargetPathname(targetPath);
125
+ if (openTarget)
126
+ allowed.add(openTarget);
127
+ return allowed;
128
+ }
129
+ function requestPathname(event) {
130
+ const raw = event.path ??
131
+ event.node?.req?.url ??
132
+ event.req?.url ??
133
+ event.url?.toString?.() ??
134
+ "/";
135
+ try {
136
+ const pathname = new URL(raw, "http://agent-native.invalid").pathname;
137
+ return stripConfiguredBasePath(pathname);
138
+ }
139
+ catch {
140
+ return null;
141
+ }
142
+ }
143
+ function headerTargetPathname(event) {
144
+ const direct = event.request?.headers?.get?.(EMBED_TARGET_HEADER) ??
145
+ event.headers?.get?.(EMBED_TARGET_HEADER) ??
146
+ event.node?.req?.headers?.[EMBED_TARGET_HEADER] ??
147
+ event.node?.req?.headers?.[EMBED_TARGET_HEADER.toLowerCase()];
148
+ if (typeof direct === "string")
149
+ return pathnameFromPath(direct);
150
+ try {
151
+ const raw = getHeader(event, EMBED_TARGET_HEADER);
152
+ return typeof raw === "string" ? pathnameFromPath(raw) : null;
153
+ }
154
+ catch {
155
+ return null;
156
+ }
157
+ }
158
+ export function requestMatchesEmbedTarget(event, targetPath) {
159
+ const allowed = allowedEmbedTargetPathnames(targetPath);
160
+ if (allowed.size === 0)
161
+ return false;
162
+ const current = requestPathname(event);
163
+ if (current && allowed.has(current))
164
+ return true;
165
+ const headerTarget = headerTargetPathname(event);
166
+ return !!headerTarget && allowed.has(headerTarget);
167
+ }
168
+ export function normalizeEmbedTargetPath(raw, requestOrigin) {
169
+ const value = String(raw ?? "").trim();
170
+ if (!value || CONTROL_CHARS.test(value))
171
+ return null;
172
+ let path = value;
173
+ try {
174
+ if (/^[a-z][a-z0-9+.-]*:\/\//i.test(value)) {
175
+ const parsed = new URL(value);
176
+ if (requestOrigin) {
177
+ const expected = new URL(requestOrigin);
178
+ if (parsed.origin !== expected.origin)
179
+ return null;
180
+ }
181
+ const base = getConfiguredAppBasePath();
182
+ if (base &&
183
+ parsed.pathname !== base &&
184
+ !parsed.pathname.startsWith(`${base}/`)) {
185
+ return null;
186
+ }
187
+ path = `${parsed.pathname}${parsed.search}${parsed.hash}`;
188
+ }
189
+ }
190
+ catch {
191
+ return null;
192
+ }
193
+ if (!path.startsWith("/"))
194
+ path = `/${path}`;
195
+ if (path.startsWith("//") || path.startsWith("/\\"))
196
+ return null;
197
+ if (/^\/[a-z][a-z0-9+.-]*:/i.test(path))
198
+ return null;
199
+ return stripConfiguredBasePath(path);
200
+ }
201
+ export async function createEmbedSessionTicket(input) {
202
+ const ownerEmail = input.ownerEmail.trim();
203
+ if (!ownerEmail)
204
+ throw new Error("Embed session ticket requires ownerEmail.");
205
+ const targetPath = normalizeEmbedTargetPath(input.targetPath);
206
+ if (!targetPath)
207
+ throw new Error("Embed session ticket requires a safe path.");
208
+ await ensureTable();
209
+ const ticket = crypto.randomBytes(32).toString("base64url");
210
+ const ticketHash = hashTicket(ticket);
211
+ const now = Date.now();
212
+ const ttlSeconds = input.ttlSeconds ?? DEFAULT_TICKET_TTL_SECONDS;
213
+ const expiresAt = now + Math.max(1, ttlSeconds) * 1000;
214
+ await getDbExec().execute({
215
+ sql: "INSERT INTO agent_native_embed_tickets " +
216
+ "(ticket_hash, owner_email, org_id, target_path, scope, created_at, expires_at, consumed_at) " +
217
+ "VALUES (?, ?, ?, ?, ?, ?, ?, ?)",
218
+ args: [
219
+ ticketHash,
220
+ ownerEmail,
221
+ input.orgId ?? null,
222
+ targetPath,
223
+ input.scope ?? null,
224
+ now,
225
+ expiresAt,
226
+ null,
227
+ ],
228
+ });
229
+ return { ticket, ticketHash, expiresAt };
230
+ }
231
+ export async function consumeEmbedSessionTicket(ticket, options = {}) {
232
+ if (!ticket)
233
+ return null;
234
+ await ensureTable();
235
+ const ticketHash = hashTicket(ticket);
236
+ const now = Date.now();
237
+ const { rows } = await getDbExec().execute({
238
+ sql: "SELECT ticket_hash, owner_email, org_id, target_path, scope, expires_at, consumed_at " +
239
+ "FROM agent_native_embed_tickets WHERE ticket_hash = ?",
240
+ args: [ticketHash],
241
+ });
242
+ if (rows.length === 0)
243
+ return null;
244
+ const row = rows[0];
245
+ const expiresAt = numberOrNull(row.expires_at ?? row.expiresAt);
246
+ const consumedAt = numberOrNull(row.consumed_at ?? row.consumedAt);
247
+ const orgId = stringOrUndefined(row.org_id ?? row.orgId);
248
+ if (consumedAt != null)
249
+ return null;
250
+ if (expiresAt != null && expiresAt < now)
251
+ return null;
252
+ if (options.expectedOrgId && orgId && orgId !== options.expectedOrgId) {
253
+ return null;
254
+ }
255
+ const result = await getDbExec().execute({
256
+ sql: "UPDATE agent_native_embed_tickets SET consumed_at = ? " +
257
+ "WHERE ticket_hash = ? AND consumed_at IS NULL",
258
+ args: [now, ticketHash],
259
+ });
260
+ if (result.rowsAffected === 0)
261
+ return null;
262
+ const targetPath = normalizeEmbedTargetPath(stringOrUndefined(row.target_path ?? row.targetPath));
263
+ const ownerEmail = stringOrUndefined(row.owner_email ?? row.ownerEmail);
264
+ if (!targetPath || !ownerEmail || expiresAt == null)
265
+ return null;
266
+ return {
267
+ ownerEmail,
268
+ ...(orgId ? { orgId } : {}),
269
+ targetPath,
270
+ ...(stringOrUndefined(row.scope)
271
+ ? { scope: stringOrUndefined(row.scope) }
272
+ : {}),
273
+ expiresAt,
274
+ };
275
+ }
276
+ export function signEmbedSessionToken(input) {
277
+ const targetPath = normalizeEmbedTargetPath(input.targetPath) ?? "/";
278
+ const now = Math.floor(Date.now() / 1000);
279
+ const ttl = Math.max(1, input.ttlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS);
280
+ const claims = {
281
+ kind: TOKEN_KIND,
282
+ ownerEmail: input.ownerEmail,
283
+ targetPath,
284
+ iat: now,
285
+ exp: now + ttl,
286
+ };
287
+ if (input.orgId)
288
+ claims.orgId = input.orgId;
289
+ if (input.scope)
290
+ claims.scope = input.scope;
291
+ const payload = base64UrlEncode(JSON.stringify(claims));
292
+ return `${payload}.${signPayload(payload)}`;
293
+ }
294
+ export function verifyEmbedSessionToken(token) {
295
+ if (!token || typeof token !== "string") {
296
+ return { ok: false, reason: "missing" };
297
+ }
298
+ const parts = token.split(".");
299
+ if (parts.length !== 2 || !parts[0] || !parts[1]) {
300
+ return { ok: false, reason: "shape" };
301
+ }
302
+ const [payload, signature] = parts;
303
+ const expected = signPayload(payload);
304
+ const sig = Buffer.from(signature);
305
+ const exp = Buffer.from(expected);
306
+ if (sig.length !== exp.length || !crypto.timingSafeEqual(sig, exp)) {
307
+ return { ok: false, reason: "signature" };
308
+ }
309
+ let claims;
310
+ try {
311
+ claims = JSON.parse(base64UrlDecode(payload).toString("utf8"));
312
+ }
313
+ catch {
314
+ return { ok: false, reason: "payload" };
315
+ }
316
+ if (!claims ||
317
+ claims.kind !== TOKEN_KIND ||
318
+ typeof claims.ownerEmail !== "string" ||
319
+ !claims.ownerEmail ||
320
+ typeof claims.exp !== "number" ||
321
+ !Number.isFinite(claims.exp)) {
322
+ return { ok: false, reason: "claims" };
323
+ }
324
+ if (claims.exp < Math.floor(Date.now() / 1000)) {
325
+ return { ok: false, reason: "expired" };
326
+ }
327
+ claims.targetPath = normalizeEmbedTargetPath(claims.targetPath) ?? "/";
328
+ return { ok: true, claims };
329
+ }
330
+ function isHttpsRequest(event) {
331
+ try {
332
+ const xfProto = getHeader(event, "x-forwarded-proto");
333
+ if (xfProto && String(xfProto).split(",")[0].trim() === "https") {
334
+ return true;
335
+ }
336
+ const url = event.url?.toString?.() ?? "";
337
+ if (url.startsWith("https://"))
338
+ return true;
339
+ const appUrl = process.env.APP_URL || process.env.BETTER_AUTH_URL || "";
340
+ if (appUrl.startsWith("https://"))
341
+ return true;
342
+ }
343
+ catch {
344
+ // ignore
345
+ }
346
+ return false;
347
+ }
348
+ function cookieDomainAttrs() {
349
+ const domain = process.env.COOKIE_DOMAIN?.trim();
350
+ return domain ? { domain } : {};
351
+ }
352
+ function crossSiteCookieAttrs(event) {
353
+ return isHttpsRequest(event)
354
+ ? { sameSite: "none", secure: true, partitioned: true }
355
+ : { sameSite: "lax", secure: false };
356
+ }
357
+ export function setEmbedSessionCookie(event, token) {
358
+ setCookie(event, EMBED_SESSION_COOKIE, token, {
359
+ httpOnly: true,
360
+ ...crossSiteCookieAttrs(event),
361
+ ...cookieDomainAttrs(),
362
+ path: "/",
363
+ maxAge: DEFAULT_TOKEN_TTL_SECONDS,
364
+ });
365
+ }
366
+ function bearerToken(event) {
367
+ const auth = getHeader(event, "authorization");
368
+ if (!auth)
369
+ return undefined;
370
+ const match = /^Bearer\s+(.+)$/i.exec(String(auth).trim());
371
+ return match?.[1]?.trim();
372
+ }
373
+ function queryToken(event) {
374
+ const raw = getQuery(event)?.[EMBED_TOKEN_QUERY_PARAM];
375
+ return Array.isArray(raw) ? raw[0] : raw;
376
+ }
377
+ export async function resolveEmbedSessionFromRequest(event) {
378
+ const candidates = [
379
+ { token: queryToken(event), source: "query" },
380
+ { token: bearerToken(event), source: "bearer" },
381
+ { token: getCookie(event, EMBED_SESSION_COOKIE), source: "cookie" },
382
+ ];
383
+ for (const candidate of candidates) {
384
+ const verified = verifyEmbedSessionToken(candidate.token);
385
+ if (!verified.ok)
386
+ continue;
387
+ if (!requestMatchesEmbedTarget(event, verified.claims.targetPath)) {
388
+ continue;
389
+ }
390
+ if (candidate.source === "query" && candidate.token) {
391
+ setEmbedSessionCookie(event, candidate.token);
392
+ setResponseHeader(event, "Referrer-Policy", "no-referrer");
393
+ }
394
+ return {
395
+ email: verified.claims.ownerEmail,
396
+ token: candidate.token,
397
+ targetPath: verified.claims.targetPath,
398
+ ...(verified.claims.orgId ? { orgId: verified.claims.orgId } : {}),
399
+ ...(verified.claims.scope ? { scope: verified.claims.scope } : {}),
400
+ };
401
+ }
402
+ return null;
403
+ }
404
+ export function requestHasEmbedAuthMarker(event) {
405
+ try {
406
+ const q = getQuery(event) ?? {};
407
+ const queryToken = Array.isArray(q[EMBED_TOKEN_QUERY_PARAM])
408
+ ? q[EMBED_TOKEN_QUERY_PARAM][0]
409
+ : q[EMBED_TOKEN_QUERY_PARAM];
410
+ const cookieToken = getCookie(event, EMBED_SESSION_COOKIE);
411
+ for (const token of [queryToken, cookieToken]) {
412
+ const verified = verifyEmbedSessionToken(token);
413
+ if (verified.ok &&
414
+ requestMatchesEmbedTarget(event, verified.claims.targetPath)) {
415
+ return true;
416
+ }
417
+ }
418
+ }
419
+ catch {
420
+ // ignore
421
+ }
422
+ return false;
423
+ }
424
+ export function isEmbedModeRequest(event) {
425
+ try {
426
+ const q = getQuery(event) ?? {};
427
+ return (q[EMBED_MODE_QUERY_PARAM] === "1" || q[EMBED_MODE_QUERY_PARAM] === "true");
428
+ }
429
+ catch {
430
+ return false;
431
+ }
432
+ }
433
+ //# sourceMappingURL=embed-session.js.map
package/dist/server/embed-session.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"embed-session.js","sourceRoot":"","sources":["../../src/server/embed-session.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,OAAO,EACL,SAAS,EACT,SAAS,EACT,QAAQ,EACR,SAAS,EACT,iBAAiB,GAClB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACrD,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,UAAU,GAAG,4BAA4B,CAAC;AAChD,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,CAAC;AAC1C,MAAM,0BAA0B,GAAG,CAAC,GAAG,EAAE,CAAC;AAC1C,MAAM,aAAa,GAAG,IAAI,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAC7D,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAE9C,IAAI,YAAuC,CAAC;AAC5C,IAAI,cAAkC,CAAC;AAkDvC,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;uBAOJ,OAAO,EAAE;uBACT,OAAO,EAAE;wBACR,OAAO,EAAE;;OAE1B,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,aAAa;IACpB,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,4BAA4B,CAAC,mBAAmB,CAAC,CAAC;IACpD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,4IAA4I,CAC7I,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,SAAS,eAAe,CAAC,GAAoB;IAC3C,MAAM,CAAC,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACnE,OAAO,CAAC;SACL,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AACzB,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,MAAM,GAAG,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAChE,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,eAAe,CACpB,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,CACtE,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,MAAc;IAChC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAClE,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACxB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAgB;IAC/C,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,QAAQ,CAAC;IAC3B,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,GAAG,CAAC;IAClC,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC;QACjC,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC;IAC5C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,UAAU,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAClD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,IAAI,CAAC;QACH,OAAO,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAkB;IACrD,IAAI,GAAQ,CAAC;IACb,IAAI,CAAC;QACH,GAAG,GAAG,IAAI,GAAG,CAAC,UAAU,EAAE,6BAA6B,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,KAAK,eAAe,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,GAAG,wBAAwB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IAChE,IAAI,EAAE;QAAE,OAAO,gBAAgB,CAAC,EAAE,CAAC,CAAC;IAEpC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC;IAClD,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC;IAC1D,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,2BAA2B,CAAC,UAAkB;IACrD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,IAAI,MAAM;QAAE,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAChC,MAAM,UAAU,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IAC3D,IAAI,UAAU;QAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACxC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,eAAe,CAAC,KAAc;IACrC,MAAM,GAAG,GACN,KAAa,CAAC,IAAI;QAClB,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG;QAC3B,KAAa,CAAC,GAAG,EAAE,GAA0B;QAC9C,KAAa,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;QAChC,GAAG,CAAC;IACN,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC;QACtE,OAAO,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAC1C,MAAM,MAAM,GACT,KAAa,CAAC,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QAC1D,KAAa,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,mBAAmB,CAAC;QACjD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC;QACvD,KAAa,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,mBAAmB,CAAC,WAAW,EAAE,CAAC,CAAC;IACzE,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC;IAChE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QAClD,OAAO,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAc,EACd,UAAkB;IAElB,MAAM,OAAO,GAAG,2BAA2B,CAAC,UAAU,CAAC,CAAC;IACxD,IAAI,OAAO,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,OAAO,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IACjD,OAAO,CAAC,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,GAA8B,EAC9B,aAAsB;IAEtB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,KAAK,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAErD,IAAI,IAAI,GAAG,KAAK,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,0BAA0B,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;gBACxC,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;oBAAE,OAAO,IAAI,CAAC;YACrD,CAAC;YACD,MAAM,IAAI,GAAG,wBAAwB,EAAE,CAAC;YACxC,IACE,IAAI;gBACJ,MAAM,CAAC,QAAQ,KAAK,IAAI;gBACxB,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,EACvC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7C,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACjE,IAAI,wBAAwB,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,OAAO,uBAAuB,CAAC,IAAI,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAA8B;IAE9B,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IAC9E,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAC9D,IAAI,CAAC,UAAU;QACb,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAEhE,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,0BAA0B,CAAC;IAClE,MAAM,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,GAAG,IAAI,CAAC;IACvD,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EACD,yCAAyC;YACzC,8FAA8F;YAC9F,iCAAiC;QACnC,IAAI,EAAE;YACJ,UAAU;YACV,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,UAAU;YACV,KAAK,CAAC,KAAK,IAAI,IAAI;YACnB,GAAG;YACH,SAAS;YACT,IAAI;SACL;KACF,CAAC,CAAC;IACH,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,MAAiC,EACjC,UAA4C,EAAE;IAE9C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACzC,GAAG,EACD,uFAAuF;YACvF,uDAAuD;QACzD,IAAI,EAAE,CAAC,UAAU,CAAC;KACnB,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,GAAG,GAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAChE,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;IACzD,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,SAAS,IAAI,IAAI,IAAI,SAAS,GAAG,GAAG;QAAE,OAAO,IAAI,CAAC;IACtD,IAAI,OAAO,CAAC,aAAa,IAAI,KAAK,IAAI,KAAK,KAAK,OAAO,CAAC,aAAa,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACvC,GAAG,EACD,wDAAwD;YACxD,+CAA+C;QACjD,IAAI,EAAE,CAAC,GAAG,EAAE,UAAU,CAAC;KACxB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,UAAU,GAAG,wBAAwB,CACzC,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CACrD,CAAC;IACF,MAAM,UAAU,GAAG,iBAAiB,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IACxE,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,IAAI,SAAS,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAEjE,OAAO;QACL,UAAU;QACV,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC3B,UAAU;QACV,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC;YAC9B,CAAC,CAAC,EAAE,KAAK,EAAE,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,SAAS;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAMrC;IACC,MAAM,UAAU,GAAG,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACrE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,IAAI,yBAAyB,CAAC,CAAC;IACvE,MAAM,MAAM,GAA4B;QACtC,IAAI,EAAE,UAAU;QAChB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,UAAU;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,GAAG;KACf,CAAC;IACF,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,IAAI,KAAK,CAAC,KAAK;QAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;IAC5C,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACxD,OAAO,GAAG,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,KAAgC;IAEhC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;IACxC,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;IACnC,MAAM,QAAQ,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;IACtC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;QACnE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5C,CAAC;IAED,IAAI,MAA+B,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IAED,IACE,CAAC,MAAM;QACP,MAAM,CAAC,IAAI,KAAK,UAAU;QAC1B,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACrC,CAAC,MAAM,CAAC,UAAU;QAClB,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ;QAC9B,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,EAC5B,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC;IACzC,CAAC;IACD,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;QAC/C,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,CAAC,UAAU,GAAG,wBAAwB,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC;IACvE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,EAAE,mBAAmB,CAAC,CAAC;QACtD,IAAI,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC;QAC1C,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;QACxE,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;AAClC,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc;IAK1C,OAAO,cAAc,CAAC,KAAK,CAAC;QAC1B,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;QACvD,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAc,EAAE,KAAa;IACjE,SAAS,CAAC,KAAK,EAAE,oBAAoB,EAAE,KAAK,EAAE;QAC5C,QAAQ,EAAE,IAAI;QACd,GAAG,oBAAoB,CAAC,KAAK,CAAC;QAC9B,GAAG,iBAAiB,EAAE;QACtB,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,yBAAyB;KAClC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IAC/C,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,UAAU,CAAC,KAAc;IAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,CAAC;IACvD,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,KAAc;IAEd,MAAM,UAAU,GAAG;QACjB,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE;QAC7C,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;QAC/C,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE;KACpE,CAAC;IACF,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,QAAQ,CAAC,EAAE;YAAE,SAAS;QAC3B,IAAI,CAAC,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QACD,IAAI,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,KAAK,EAAE,CAAC;YACpD,qBAAqB,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;YAC9C,iBAAiB,CAAC,KAAK,EAAE,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAC7D,CAAC;QACD,OAAO;YACL,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACjC,KAAK,EAAE,SAAS,CAAC,KAAM;YACvB,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU;YACtC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACtD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC1D,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;QAC/B,MAAM,WAAW,GAAG,SAAS,CAAC,KAAK,EAAE,oBAAoB,CAAC,CAAC;QAC3D,KAAK,MAAM,KAAK,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,EAAE,CAAC;YAC9C,MAAM,QAAQ,GAAG,uBAAuB,CAAC,KAAK,CAAC,CAAC;YAChD,IACE,QAAQ,CAAC,EAAE;gBACX,yBAAyB,CAAC,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAC5D,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAc;IAC/C,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QAChC,OAAO,CACL,CAAC,CAAC,sBAAsB,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,sBAAsB,CAAC,KAAK,MAAM,CAC1E,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["import crypto from \"node:crypto\";\nimport type { H3Event } from \"h3\";\nimport {\n getCookie,\n getHeader,\n getQuery,\n setCookie,\n setResponseHeader,\n} from \"h3\";\nimport { getDbExec, intType } from \"../db/client.js\";\nimport { getWorkspaceA2ADerivedSecret } from \"./derived-secret.js\";\nimport { getConfiguredAppBasePath } from \"./app-base-path.js\";\nimport {\n EMBED_MODE_QUERY_PARAM,\n EMBED_SESSION_COOKIE,\n EMBED_TARGET_HEADER,\n EMBED_TOKEN_QUERY_PARAM,\n} from \"../shared/embed-auth.js\";\n\nconst TOKEN_KIND = \"agent-native-embed-session\";\nconst DEFAULT_TOKEN_TTL_SECONDS = 60 * 60;\nconst DEFAULT_TICKET_TTL_SECONDS = 5 * 60;\nconst CONTROL_CHARS = new RegExp(\"[\\\\u0000-\\\\u001f\\\\u007f]\");\nconst OPEN_ROUTE_PATH = \"/_agent-native/open\";\n\nlet _initPromise: Promise<void> | undefined;\nlet _devSigningKey: string | undefined;\n\nexport interface EmbedSessionTicketInput {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}\n\nexport interface EmbedSessionTicket {\n ticket: string;\n ticketHash: string;\n expiresAt: number;\n}\n\nexport interface ConsumeEmbedSessionTicketOptions {\n expectedOrgId?: string | null;\n}\n\nexport interface ConsumedEmbedSessionTicket {\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n expiresAt: number;\n}\n\nexport interface EmbedSessionTokenClaims {\n kind: typeof TOKEN_KIND;\n ownerEmail: string;\n orgId?: string;\n targetPath: string;\n scope?: string;\n iat: number;\n exp: number;\n}\n\nexport type VerifyEmbedSessionTokenResult =\n | { ok: true; claims: EmbedSessionTokenClaims }\n | { ok: false; reason: string };\n\nexport type ResolvedEmbedSession = {\n email: string;\n orgId?: string;\n token: string;\n targetPath: string;\n scope?: string;\n};\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS agent_native_embed_tickets (\n ticket_hash TEXT PRIMARY KEY,\n owner_email TEXT NOT NULL,\n org_id TEXT,\n target_path TEXT NOT NULL,\n scope TEXT,\n created_at ${intType()} NOT NULL,\n expires_at ${intType()} NOT NULL,\n consumed_at ${intType()}\n )\n `);\n })().catch((err) => {\n _initPromise = undefined;\n throw err;\n });\n }\n return _initPromise;\n}\n\nfunction getSigningKey(): string {\n const secret =\n process.env.OAUTH_STATE_SECRET ||\n process.env.BETTER_AUTH_SECRET ||\n getWorkspaceA2ADerivedSecret(\"short-lived-token\");\n if (secret) return secret;\n\n if (process.env.NODE_ENV === \"production\") {\n throw new Error(\n \"Embed session signing requires a server secret. Set OAUTH_STATE_SECRET, BETTER_AUTH_SECRET, or A2A_SECRET in production workspace deploys.\",\n );\n }\n\n if (!_devSigningKey) {\n _devSigningKey = crypto.randomBytes(32).toString(\"hex\");\n }\n return _devSigningKey;\n}\n\nfunction base64UrlEncode(buf: Buffer | string): string {\n const b = typeof buf === \"string\" ? Buffer.from(buf, \"utf8\") : buf;\n return b\n .toString(\"base64\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\")\n .replace(/=+$/g, \"\");\n}\n\nfunction base64UrlDecode(input: string): Buffer {\n const padded = input + \"=\".repeat((4 - (input.length % 4)) % 4);\n return Buffer.from(padded.replace(/-/g, \"+\").replace(/_/g, \"/\"), \"base64\");\n}\n\nfunction signPayload(payload: string): string {\n return base64UrlEncode(\n crypto.createHmac(\"sha256\", getSigningKey()).update(payload).digest(),\n );\n}\n\nfunction hashTicket(ticket: string): string {\n return crypto.createHash(\"sha256\").update(ticket).digest(\"hex\");\n}\n\nfunction numberOrNull(value: unknown): number | null {\n if (value == null) return null;\n const n = Number(value);\n return Number.isFinite(n) ? n : null;\n}\n\nfunction stringOrUndefined(value: unknown): string | undefined {\n return typeof value === \"string\" && value ? value : undefined;\n}\n\nfunction stripConfiguredBasePath(pathname: string): string {\n const base = getConfiguredAppBasePath();\n if (!base) return pathname;\n if (pathname === base) return \"/\";\n if (pathname.startsWith(`${base}/`))\n return pathname.slice(base.length) || \"/\";\n return pathname;\n}\n\nfunction pathnameFromPath(path: string): string | null {\n const normalized = normalizeEmbedTargetPath(path);\n if (!normalized) return null;\n try {\n return new URL(normalized, \"http://agent-native.invalid\").pathname;\n } catch {\n return null;\n }\n}\n\nfunction safeOpenRouteTargetPathname(targetPath: string): string | null {\n let url: URL;\n try {\n url = new URL(targetPath, \"http://agent-native.invalid\");\n } catch {\n return null;\n }\n if (url.pathname !== OPEN_ROUTE_PATH) {\n return null;\n }\n\n const to = normalizeEmbedTargetPath(url.searchParams.get(\"to\"));\n if (to) return pathnameFromPath(to);\n\n const view = url.searchParams.get(\"view\")?.trim();\n if (!view || CONTROL_CHARS.test(view)) return null;\n const viewPath = view.startsWith(\"/\") ? view : `/${view}`;\n return pathnameFromPath(viewPath);\n}\n\nfunction allowedEmbedTargetPathnames(targetPath: string): Set<string> {\n const allowed = new Set<string>();\n const direct = pathnameFromPath(targetPath);\n if (direct) allowed.add(direct);\n const openTarget = safeOpenRouteTargetPathname(targetPath);\n if (openTarget) allowed.add(openTarget);\n return allowed;\n}\n\nfunction requestPathname(event: H3Event): string | null {\n const raw =\n (event as any).path ??\n (event as any).node?.req?.url ??\n ((event as any).req?.url as string | undefined) ??\n (event as any).url?.toString?.() ??\n \"/\";\n try {\n const pathname = new URL(raw, \"http://agent-native.invalid\").pathname;\n return stripConfiguredBasePath(pathname);\n } catch {\n return null;\n }\n}\n\nfunction headerTargetPathname(event: H3Event): string | null {\n const direct =\n (event as any).request?.headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).headers?.get?.(EMBED_TARGET_HEADER) ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER] ??\n (event as any).node?.req?.headers?.[EMBED_TARGET_HEADER.toLowerCase()];\n if (typeof direct === \"string\") return pathnameFromPath(direct);\n try {\n const raw = getHeader(event, EMBED_TARGET_HEADER);\n return typeof raw === \"string\" ? pathnameFromPath(raw) : null;\n } catch {\n return null;\n }\n}\n\nexport function requestMatchesEmbedTarget(\n event: H3Event,\n targetPath: string,\n): boolean {\n const allowed = allowedEmbedTargetPathnames(targetPath);\n if (allowed.size === 0) return false;\n\n const current = requestPathname(event);\n if (current && allowed.has(current)) return true;\n\n const headerTarget = headerTargetPathname(event);\n return !!headerTarget && allowed.has(headerTarget);\n}\n\nexport function normalizeEmbedTargetPath(\n raw: string | undefined | null,\n requestOrigin?: string,\n): string | null {\n const value = String(raw ?? \"\").trim();\n if (!value || CONTROL_CHARS.test(value)) return null;\n\n let path = value;\n try {\n if (/^[a-z][a-z0-9+.-]*:\\/\\//i.test(value)) {\n const parsed = new URL(value);\n if (requestOrigin) {\n const expected = new URL(requestOrigin);\n if (parsed.origin !== expected.origin) return null;\n }\n const base = getConfiguredAppBasePath();\n if (\n base &&\n parsed.pathname !== base &&\n !parsed.pathname.startsWith(`${base}/`)\n ) {\n return null;\n }\n path = `${parsed.pathname}${parsed.search}${parsed.hash}`;\n }\n } catch {\n return null;\n }\n\n if (!path.startsWith(\"/\")) path = `/${path}`;\n if (path.startsWith(\"//\") || path.startsWith(\"/\\\\\")) return null;\n if (/^\\/[a-z][a-z0-9+.-]*:/i.test(path)) return null;\n return stripConfiguredBasePath(path);\n}\n\nexport async function createEmbedSessionTicket(\n input: EmbedSessionTicketInput,\n): Promise<EmbedSessionTicket> {\n const ownerEmail = input.ownerEmail.trim();\n if (!ownerEmail) throw new Error(\"Embed session ticket requires ownerEmail.\");\n const targetPath = normalizeEmbedTargetPath(input.targetPath);\n if (!targetPath)\n throw new Error(\"Embed session ticket requires a safe path.\");\n\n await ensureTable();\n const ticket = crypto.randomBytes(32).toString(\"base64url\");\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const ttlSeconds = input.ttlSeconds ?? DEFAULT_TICKET_TTL_SECONDS;\n const expiresAt = now + Math.max(1, ttlSeconds) * 1000;\n await getDbExec().execute({\n sql:\n \"INSERT INTO agent_native_embed_tickets \" +\n \"(ticket_hash, owner_email, org_id, target_path, scope, created_at, expires_at, consumed_at) \" +\n \"VALUES (?, ?, ?, ?, ?, ?, ?, ?)\",\n args: [\n ticketHash,\n ownerEmail,\n input.orgId ?? null,\n targetPath,\n input.scope ?? null,\n now,\n expiresAt,\n null,\n ],\n });\n return { ticket, ticketHash, expiresAt };\n}\n\nexport async function consumeEmbedSessionTicket(\n ticket: string | undefined | null,\n options: ConsumeEmbedSessionTicketOptions = {},\n): Promise<ConsumedEmbedSessionTicket | null> {\n if (!ticket) return null;\n await ensureTable();\n const ticketHash = hashTicket(ticket);\n const now = Date.now();\n const { rows } = await getDbExec().execute({\n sql:\n \"SELECT ticket_hash, owner_email, org_id, target_path, scope, expires_at, consumed_at \" +\n \"FROM agent_native_embed_tickets WHERE ticket_hash = ?\",\n args: [ticketHash],\n });\n if (rows.length === 0) return null;\n const row: any = rows[0];\n const expiresAt = numberOrNull(row.expires_at ?? row.expiresAt);\n const consumedAt = numberOrNull(row.consumed_at ?? row.consumedAt);\n const orgId = stringOrUndefined(row.org_id ?? row.orgId);\n if (consumedAt != null) return null;\n if (expiresAt != null && expiresAt < now) return null;\n if (options.expectedOrgId && orgId && orgId !== options.expectedOrgId) {\n return null;\n }\n\n const result = await getDbExec().execute({\n sql:\n \"UPDATE agent_native_embed_tickets SET consumed_at = ? \" +\n \"WHERE ticket_hash = ? AND consumed_at IS NULL\",\n args: [now, ticketHash],\n });\n if (result.rowsAffected === 0) return null;\n\n const targetPath = normalizeEmbedTargetPath(\n stringOrUndefined(row.target_path ?? row.targetPath),\n );\n const ownerEmail = stringOrUndefined(row.owner_email ?? row.ownerEmail);\n if (!targetPath || !ownerEmail || expiresAt == null) return null;\n\n return {\n ownerEmail,\n ...(orgId ? { orgId } : {}),\n targetPath,\n ...(stringOrUndefined(row.scope)\n ? { scope: stringOrUndefined(row.scope) }\n : {}),\n expiresAt,\n };\n}\n\nexport function signEmbedSessionToken(input: {\n ownerEmail: string;\n orgId?: string | null;\n targetPath: string;\n scope?: string | null;\n ttlSeconds?: number;\n}): string {\n const targetPath = normalizeEmbedTargetPath(input.targetPath) ?? \"/\";\n const now = Math.floor(Date.now() / 1000);\n const ttl = Math.max(1, input.ttlSeconds ?? DEFAULT_TOKEN_TTL_SECONDS);\n const claims: EmbedSessionTokenClaims = {\n kind: TOKEN_KIND,\n ownerEmail: input.ownerEmail,\n targetPath,\n iat: now,\n exp: now + ttl,\n };\n if (input.orgId) claims.orgId = input.orgId;\n if (input.scope) claims.scope = input.scope;\n const payload = base64UrlEncode(JSON.stringify(claims));\n return `${payload}.${signPayload(payload)}`;\n}\n\nexport function verifyEmbedSessionToken(\n token: string | undefined | null,\n): VerifyEmbedSessionTokenResult {\n if (!token || typeof token !== \"string\") {\n return { ok: false, reason: \"missing\" };\n }\n const parts = token.split(\".\");\n if (parts.length !== 2 || !parts[0] || !parts[1]) {\n return { ok: false, reason: \"shape\" };\n }\n const [payload, signature] = parts;\n const expected = signPayload(payload);\n const sig = Buffer.from(signature);\n const exp = Buffer.from(expected);\n if (sig.length !== exp.length || !crypto.timingSafeEqual(sig, exp)) {\n return { ok: false, reason: \"signature\" };\n }\n\n let claims: EmbedSessionTokenClaims;\n try {\n claims = JSON.parse(base64UrlDecode(payload).toString(\"utf8\"));\n } catch {\n return { ok: false, reason: \"payload\" };\n }\n\n if (\n !claims ||\n claims.kind !== TOKEN_KIND ||\n typeof claims.ownerEmail !== \"string\" ||\n !claims.ownerEmail ||\n typeof claims.exp !== \"number\" ||\n !Number.isFinite(claims.exp)\n ) {\n return { ok: false, reason: \"claims\" };\n }\n if (claims.exp < Math.floor(Date.now() / 1000)) {\n return { ok: false, reason: \"expired\" };\n }\n claims.targetPath = normalizeEmbedTargetPath(claims.targetPath) ?? \"/\";\n return { ok: true, claims };\n}\n\nfunction isHttpsRequest(event: H3Event): boolean {\n try {\n const xfProto = getHeader(event, \"x-forwarded-proto\");\n if (xfProto && String(xfProto).split(\",\")[0].trim() === \"https\") {\n return true;\n }\n const url = event.url?.toString?.() ?? \"\";\n if (url.startsWith(\"https://\")) return true;\n const appUrl = process.env.APP_URL || process.env.BETTER_AUTH_URL || \"\";\n if (appUrl.startsWith(\"https://\")) return true;\n } catch {\n // ignore\n }\n return false;\n}\n\nfunction cookieDomainAttrs(): { domain?: string } {\n const domain = process.env.COOKIE_DOMAIN?.trim();\n return domain ? { domain } : {};\n}\n\nfunction crossSiteCookieAttrs(event: H3Event): {\n sameSite: \"lax\" | \"none\";\n secure: boolean;\n partitioned?: boolean;\n} {\n return isHttpsRequest(event)\n ? { sameSite: \"none\", secure: true, partitioned: true }\n : { sameSite: \"lax\", secure: false };\n}\n\nexport function setEmbedSessionCookie(event: H3Event, token: string): void {\n setCookie(event, EMBED_SESSION_COOKIE, token, {\n httpOnly: true,\n ...crossSiteCookieAttrs(event),\n ...cookieDomainAttrs(),\n path: \"/\",\n maxAge: DEFAULT_TOKEN_TTL_SECONDS,\n });\n}\n\nfunction bearerToken(event: H3Event): string | undefined {\n const auth = getHeader(event, \"authorization\");\n if (!auth) return undefined;\n const match = /^Bearer\\s+(.+)$/i.exec(String(auth).trim());\n return match?.[1]?.trim();\n}\n\nfunction queryToken(event: H3Event): string | undefined {\n const raw = getQuery(event)?.[EMBED_TOKEN_QUERY_PARAM];\n return Array.isArray(raw) ? raw[0] : raw;\n}\n\nexport async function resolveEmbedSessionFromRequest(\n event: H3Event,\n): Promise<ResolvedEmbedSession | null> {\n const candidates = [\n { token: queryToken(event), source: \"query\" },\n { token: bearerToken(event), source: \"bearer\" },\n { token: getCookie(event, EMBED_SESSION_COOKIE), source: \"cookie\" },\n ];\n for (const candidate of candidates) {\n const verified = verifyEmbedSessionToken(candidate.token);\n if (!verified.ok) continue;\n if (!requestMatchesEmbedTarget(event, verified.claims.targetPath)) {\n continue;\n }\n if (candidate.source === \"query\" && candidate.token) {\n setEmbedSessionCookie(event, candidate.token);\n setResponseHeader(event, \"Referrer-Policy\", \"no-referrer\");\n }\n return {\n email: verified.claims.ownerEmail,\n token: candidate.token!,\n targetPath: verified.claims.targetPath,\n ...(verified.claims.orgId ? { orgId: verified.claims.orgId } : {}),\n ...(verified.claims.scope ? { scope: verified.claims.scope } : {}),\n };\n }\n return null;\n}\n\nexport function requestHasEmbedAuthMarker(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n const queryToken = Array.isArray(q[EMBED_TOKEN_QUERY_PARAM])\n ? q[EMBED_TOKEN_QUERY_PARAM][0]\n : q[EMBED_TOKEN_QUERY_PARAM];\n const cookieToken = getCookie(event, EMBED_SESSION_COOKIE);\n for (const token of [queryToken, cookieToken]) {\n const verified = verifyEmbedSessionToken(token);\n if (\n verified.ok &&\n requestMatchesEmbedTarget(event, verified.claims.targetPath)\n ) {\n return true;\n }\n }\n } catch {\n // ignore\n }\n return false;\n}\n\nexport function isEmbedModeRequest(event: H3Event): boolean {\n try {\n const q = getQuery(event) ?? {};\n return (\n q[EMBED_MODE_QUERY_PARAM] === \"1\" || q[EMBED_MODE_QUERY_PARAM] === \"true\"\n );\n } catch {\n return false;\n }\n}\n"]}
package/dist/server/index.d.ts CHANGED
@@ -2,6 +2,8 @@ export { createServer, upsertEnvFile, type CreateServerOptions, type EnvKeyConfi
2
2
  export { readBody, streamFile } from "./h3-helpers.js";
3
3
  export { buildDeepLink, toAbsoluteOpenUrl, toDesktopOpenUrl, OPEN_ROUTE_SUBPATH, DESKTOP_OPEN_URL, type DeepLinkInput, } from "./deep-link.js";
4
4
  export { createOpenRouteHandler, type OpenRouteOptions } from "./open-route.js";
5
+ export { createEmbedStartRouteHandler, buildEmbedStartPath, type EmbedStartRouteOptions, } from "./embed-route.js";
6
+ export { createEmbedSessionTicket, consumeEmbedSessionTicket, normalizeEmbedTargetPath, requestHasEmbedAuthMarker, resolveEmbedSessionFromRequest, setEmbedSessionCookie, signEmbedSessionToken, verifyEmbedSessionToken, type ConsumedEmbedSessionTicket, type ConsumeEmbedSessionTicketOptions, type EmbedSessionTicket, type EmbedSessionTicketInput, type EmbedSessionTokenClaims, type ResolvedEmbedSession, type VerifyEmbedSessionTokenResult, } from "./embed-session.js";
5
7
  export { createSSEHandler, type SSEHandlerOptions } from "./sse.js";
6
8
  export { mountAuthMiddleware, autoMountAuth, getSession, COOKIE_NAME, addSession, removeSession, getSessionEmail, getFrameworkSessionCookieValues, setFrameworkSessionCookie, clearFrameworkSessionCookies, runAuthGuard, setDesktopExchange, setDesktopExchangeError, safeReturnPath, type DesktopExchangeErrorPayload, type AuthSession, type AuthOptions, } from "./auth.js";
7
9
  export { handleIdentitySso, getIdentityHubUrl, isIdentitySsoEnabled, isIdentitySsoBypassPath, identitySsoLoginButtonHtml, IDENTITY_SSO_PROVIDER_ID, IDENTITY_SSO_SCOPE, } from "./identity-sso.js";
package/dist/server/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,YAAY,GAClB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,aAAa,GACnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAAE,KAAK,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,EACV,aAAa,EACb,eAAe,EACf,+BAA+B,EAC/B,yBAAyB,EACzB,4BAA4B,EAC5B,YAAY,EACZ,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,EACd,KAAK,2BAA2B,EAChC,KAAK,WAAW,EAChB,KAAK,WAAW,GACjB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,KAAK,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,KAAK,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EACL,4BAA4B,EAC5B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,2BAA2B,EAChC,KAAK,kCAAkC,EACvC,KAAK,iCAAiC,EACtC,KAAK,wBAAwB,EAC7B,KAAK,0BAA0B,GAChC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,GACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,EACjB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,4BAA4B,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAI7E,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EACL,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,sBAAsB,GAC5B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uCAAuC,EACvC,oCAAoC,EACpC,+BAA+B,EAC/B,wBAAwB,EACxB,mCAAmC,EACnC,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EAClC,KAAK,8BAA8B,EACnC,KAAK,gCAAgC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EACZ,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,cAAc,EACd,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,GACxB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iCAAiC,EACjC,KAAK,wCAAwC,GAC9C,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,uCAAuC,EACvC,0CAA0C,EAC1C,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,GACtC,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,yBAAyB,EACzB,+BAA+B,EAC/B,+BAA+B,EAC/B,gCAAgC,EAChC,sCAAsC,EACtC,oCAAoC,EACpC,2CAA2C,EAC3C,sCAAsC,GACvC,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,qBAAqB,GAC3B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,kBAAkB,EAClB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,SAAS,EACT,UAAU,EACV,eAAe,EACf,KAAK,SAAS,EACd,KAAK,gBAAgB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,cAAc,EACd,KAAK,SAAS,GACf,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,iBAAiB,EACjB,KAAK,wBAAwB,GAC9B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,EAC1B,KAAK,cAAc,EACnB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,2BAA2B,EAC3B,UAAU,EACV,yBAAyB,EACzB,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,GACtB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,EACZ,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,GAC/B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,SAAS,EACT,cAAc,EACd,SAAS,EACT,uBAAuB,EACvB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,wBAAwB,EACxB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,EACpB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,eAAe,EACf,KAAK,qBAAqB,GAC3B,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,aAAa,EAClB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,WAAW,EACX,SAAS,EACT,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,QAAQ,GACd,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,YAAY,IAAI,2BAA2B,GACjD,MAAM,wBAAwB,CAAC;AAUhC,MAAM,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AACrE,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,GAAG,cAAc,CAErE"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,YAAY,GAClB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,aAAa,GACnB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAE,KAAK,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAChF,OAAO,EACL,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,sBAAsB,GAC5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,EAC9B,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,0BAA0B,EAC/B,KAAK,gCAAgC,EACrC,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,EACzB,KAAK,6BAA6B,GACnC,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAAE,KAAK,iBAAiB,EAAE,MAAM,UAAU,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,EACV,aAAa,EACb,eAAe,EACf,+BAA+B,EAC/B,yBAAyB,EACzB,4BAA4B,EAC5B,YAAY,EACZ,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,EACd,KAAK,2BAA2B,EAChC,KAAK,WAAW,EAChB,KAAK,WAAW,GACjB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAAE,KAAK,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,KAAK,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACvE,OAAO,EACL,4BAA4B,EAC5B,KAAK,WAAW,EAChB,KAAK,WAAW,EAChB,KAAK,sBAAsB,EAC3B,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACrB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,2BAA2B,EAChC,KAAK,kCAAkC,EACvC,KAAK,iCAAiC,EACtC,KAAK,wBAAwB,EAC7B,KAAK,0BAA0B,GAChC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,GACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,EACjB,KAAK,iBAAiB,GACvB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,4BAA4B,EAC5B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAI7E,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EACL,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,YAAY,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,sBAAsB,GAC5B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uCAAuC,EACvC,oCAAoC,EACpC,+BAA+B,EAC/B,wBAAwB,EACxB,mCAAmC,EACnC,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EAClC,KAAK,8BAA8B,EACnC,KAAK,gCAAgC,GACtC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EACZ,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,cAAc,EACd,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,kBAAkB,GACxB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iCAAiC,EACjC,KAAK,wCAAwC,GAC9C,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,uCAAuC,EACvC,0CAA0C,EAC1C,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,EACzB,KAAK,gCAAgC,GACtC,MAAM,+BAA+B,CAAC;AACvC,YAAY,EACV,yBAAyB,EACzB,+BAA+B,EAC/B,+BAA+B,EAC/B,gCAAgC,EAChC,sCAAsC,EACtC,oCAAoC,EACpC,2CAA2C,EAC3C,sCAAsC,GACvC,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,qBAAqB,GAC3B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,kBAAkB,EAClB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,SAAS,EACT,UAAU,EACV,eAAe,EACf,KAAK,SAAS,EACd,KAAK,gBAAgB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,cAAc,EACd,KAAK,SAAS,GACf,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,iBAAiB,EACjB,KAAK,wBAAwB,GAC9B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,EAC1B,KAAK,cAAc,EACnB,KAAK,iBAAiB,GACvB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,2BAA2B,EAC3B,UAAU,EACV,yBAAyB,EACzB,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,GACtB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,EACZ,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,GAC/B,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,SAAS,EACT,cAAc,EACd,SAAS,EACT,uBAAuB,EACvB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,wBAAwB,EACxB,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,GACxB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,EACpB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,eAAe,EACf,KAAK,qBAAqB,GAC3B,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,gBAAgB,EAChB,KAAK,aAAa,EAClB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,WAAW,EACX,SAAS,EACT,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,QAAQ,GACd,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,KAAK,qBAAqB,EAC1B,KAAK,YAAY,IAAI,2BAA2B,GACjD,MAAM,wBAAwB,CAAC;AAUhC,MAAM,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AACrE,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,cAAc,GAAG,cAAc,CAErE"}
package/dist/server/index.js CHANGED
@@ -2,6 +2,8 @@ export { createServer, upsertEnvFile, } from "./create-server.js";
2
2
  export { readBody, streamFile } from "./h3-helpers.js";
3
3
  export { buildDeepLink, toAbsoluteOpenUrl, toDesktopOpenUrl, OPEN_ROUTE_SUBPATH, DESKTOP_OPEN_URL, } from "./deep-link.js";
4
4
  export { createOpenRouteHandler } from "./open-route.js";
5
+ export { createEmbedStartRouteHandler, buildEmbedStartPath, } from "./embed-route.js";
6
+ export { createEmbedSessionTicket, consumeEmbedSessionTicket, normalizeEmbedTargetPath, requestHasEmbedAuthMarker, resolveEmbedSessionFromRequest, setEmbedSessionCookie, signEmbedSessionToken, verifyEmbedSessionToken, } from "./embed-session.js";
5
7
  export { createSSEHandler } from "./sse.js";
6
8
  export { mountAuthMiddleware, autoMountAuth, getSession, COOKIE_NAME, addSession, removeSession, getSessionEmail, getFrameworkSessionCookieValues, setFrameworkSessionCookie, clearFrameworkSessionCookies, runAuthGuard, setDesktopExchange, setDesktopExchangeError, safeReturnPath, } from "./auth.js";
7
9
  export { handleIdentitySso, getIdentityHubUrl, isIdentitySsoEnabled, isIdentitySsoBypassPath, identitySsoLoginButtonHtml, IDENTITY_SSO_PROVIDER_ID, IDENTITY_SSO_SCOPE, } from "./identity-sso.js";
package/dist/server/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,GAGd,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,GAEjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAE,gBAAgB,EAA0B,MAAM,UAAU,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,EACV,aAAa,EACb,eAAe,EACf,+BAA+B,EAC/B,yBAAyB,EACzB,4BAA4B,EAC5B,YAAY,EACZ,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,GAIf,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAA2B,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAA4B,MAAM,cAAc,CAAC;AACvE,OAAO,EACL,4BAA4B,GAkB7B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,GACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,GAElB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,4BAA4B,GAG7B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,2EAA2E;AAC3E,2EAA2E;AAC3E,8DAA8D;AAC9D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EACL,sBAAsB,GAEvB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uCAAuC,EACvC,oCAAoC,EACpC,+BAA+B,EAC/B,wBAAwB,EACxB,mCAAmC,GAKpC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EACZ,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,cAAc,GAKf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,GAEvB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iCAAiC,GAElC,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,uCAAuC,EACvC,0CAA0C,EAC1C,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,GAE1B,MAAM,+BAA+B,CAAC;AAWvC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,GAEtB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,kBAAkB,GAEnB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,SAAS,EACT,UAAU,EACV,eAAe,GAGhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,cAAc,GAEf,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,GAG3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,2BAA2B,EAC3B,UAAU,EACV,yBAAyB,GAI1B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,GAMb,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,SAAS,EACT,cAAc,EACd,SAAS,EACT,uBAAuB,EACvB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,wBAAwB,GAIzB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,EACpB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,eAAe,GAEhB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,gBAAgB,GAGjB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,WAAW,EACX,SAAS,GAIV,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GAGtB,MAAM,wBAAwB,CAAC;AAWhC,MAAM,UAAU,iBAAiB,CAAC,GAAmB;IACnD,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["export {\n createServer,\n upsertEnvFile,\n type CreateServerOptions,\n type EnvKeyConfig,\n} from \"./create-server.js\";\n\nexport { readBody, streamFile } from \"./h3-helpers.js\";\nexport {\n buildDeepLink,\n toAbsoluteOpenUrl,\n toDesktopOpenUrl,\n OPEN_ROUTE_SUBPATH,\n DESKTOP_OPEN_URL,\n type DeepLinkInput,\n} from \"./deep-link.js\";\nexport { createOpenRouteHandler, type OpenRouteOptions } from \"./open-route.js\";\nexport { createSSEHandler, type SSEHandlerOptions } from \"./sse.js\";\nexport {\n mountAuthMiddleware,\n autoMountAuth,\n getSession,\n COOKIE_NAME,\n addSession,\n removeSession,\n getSessionEmail,\n getFrameworkSessionCookieValues,\n setFrameworkSessionCookie,\n clearFrameworkSessionCookies,\n runAuthGuard,\n setDesktopExchange,\n setDesktopExchangeError,\n safeReturnPath,\n type DesktopExchangeErrorPayload,\n type AuthSession,\n type AuthOptions,\n} from \"./auth.js\";\nexport {\n handleIdentitySso,\n getIdentityHubUrl,\n isIdentitySsoEnabled,\n isIdentitySsoBypassPath,\n identitySsoLoginButtonHtml,\n IDENTITY_SSO_PROVIDER_ID,\n IDENTITY_SSO_SCOPE,\n} from \"./identity-sso.js\";\nexport { requireEnvKey, type MissingKeyResponse } from \"./missing-key.js\";\nexport { verifyCaptcha, type CaptchaVerifyResult } from \"./captcha.js\";\nexport {\n createProductionAgentHandler,\n type ActionEntry,\n type ScriptEntry,\n type ProductionAgentOptions,\n type ActionTool,\n type ScriptTool,\n type AgentMessage,\n type AgentChatRequest,\n type AgentChatEvent,\n type AgentChatAttachment,\n type AgentChatReference,\n type MentionProvider,\n type MentionProviderItem,\n type AgentLoopFinalResponseGuard,\n type AgentLoopFinalResponseGuardContext,\n type AgentLoopFinalResponseGuardResult,\n type AgentLoopToolCallSummary,\n type AgentLoopToolResultSummary,\n} from \"../agent/index.js\";\nexport {\n actionsToEngineTools,\n getOwnerActiveApiKey,\n runAgentLoop,\n} from \"../agent/production-agent.js\";\nexport {\n getStoredModelForEngine,\n resolveEngine,\n} from \"../agent/engine/index.js\";\nexport { createDevScriptRegistry } from \"../scripts/dev/index.js\";\n\nexport {\n createPollHandler,\n recordChange,\n getVersion,\n getChangesSince,\n getPollEmitter,\n canSeeChangeForUser,\n POLL_CHANGE_EVENT,\n} from \"./poll.js\";\nexport { createPollEventsHandler } from \"./poll-events.js\";\nexport { createAuthPlugin, defaultAuthPlugin } from \"./auth-plugin.js\";\nexport {\n initServerSentry,\n isServerSentryEnabled,\n setSentryUserForRequest,\n captureRouteError,\n type RouteErrorContext,\n} from \"./sentry.js\";\nexport {\n captureError,\n captureServerError,\n registerErrorCaptureProvider,\n type CaptureErrorContext,\n type CaptureErrorProvider,\n} from \"./capture-error.js\";\nexport { createSentryPlugin, defaultSentryPlugin } from \"./sentry-plugin.js\";\n// Re-export the org plugin so the auto-discovery's DEFAULT_PLUGIN_REGISTRY\n// (which references \"defaultOrgPlugin\" from @agent-native/core/server) can\n// resolve it during the deploy build worker-entry generation.\nexport { createOrgPlugin, defaultOrgPlugin } from \"../org/plugin.js\";\nexport {\n createGoogleAuthPlugin,\n type GoogleAuthPluginOptions,\n} from \"./google-auth-plugin.js\";\nexport type { GoogleAuthMode } from \"./google-auth-mode.js\";\nexport {\n createAgentChatPlugin,\n defaultAgentChatPlugin,\n type AgentChatPluginOptions,\n} from \"./agent-chat-plugin.js\";\nexport {\n configureAgentNativeEmbeddedEnvironment,\n createAgentNativeEmbeddedAuthOptions,\n createAgentNativeEmbeddedPlugin,\n mountAgentNativeEmbedded,\n normalizeAgentNativeEmbeddedSession,\n type AgentNativeEmbeddedAuthOptions,\n type AgentNativeEmbeddedGetSession,\n type AgentNativeEmbeddedHostSession,\n type AgentNativeEmbeddedPluginOptions,\n} from \"./embedded.js\";\nexport {\n createThread,\n getThread,\n listThreads,\n updateThreadData,\n deleteThread,\n setThreadScope,\n type ChatThread,\n type ChatThreadScope,\n type ChatThreadSummary,\n type ListThreadsOptions,\n} from \"../chat-threads/store.js\";\nexport {\n createResourcesPlugin,\n defaultResourcesPlugin,\n} from \"./resources-plugin.js\";\nexport {\n createCoreRoutesPlugin,\n defaultCoreRoutesPlugin,\n FRAMEWORK_ROUTE_PREFIX,\n type CoreRoutesPluginOptions,\n} from \"./core-routes-plugin.js\";\nexport {\n createBrowserSessionActionEntries,\n type CreateBrowserSessionActionEntriesOptions,\n} from \"../browser-sessions/actions.js\";\nexport {\n DEFAULT_BROWSER_SESSION_REQUEST_POLL_MS,\n DEFAULT_BROWSER_SESSION_REQUEST_TIMEOUT_MS,\n DEFAULT_BROWSER_SESSION_TTL_MS,\n callBrowserSession,\n claimBrowserSessionRequest,\n completeBrowserSessionRequest,\n createBrowserSessionRequest,\n disconnectBrowserSession,\n getBrowserSession,\n getBrowserSessionRequest,\n listBrowserSessions,\n registerBrowserSession,\n waitForBrowserSessionRequest,\n} from \"../browser-sessions/store.js\";\nexport {\n mountBrowserSessionRoutes,\n type MountBrowserSessionRoutesOptions,\n} from \"../browser-sessions/routes.js\";\nexport type {\n AgentNativeBrowserSession,\n AgentNativeBrowserSessionAction,\n AgentNativeBrowserSessionRecord,\n AgentNativeBrowserSessionRequest,\n AgentNativeBrowserSessionRequestStatus,\n AgentNativeBrowserSessionRequestType,\n CreateAgentNativeBrowserSessionRequestInput,\n RegisterAgentNativeBrowserSessionInput,\n} from \"../browser-sessions/types.js\";\nexport {\n createTerminalPlugin,\n defaultTerminalPlugin,\n type TerminalPluginOptions,\n} from \"../terminal/terminal-plugin.js\";\nexport {\n createCollabPlugin,\n type CollabPluginOptions,\n} from \"./collab-plugin.js\";\n\nexport {\n spawnTask,\n getTask,\n getTaskByThread,\n listTasks,\n sendToTask,\n markTaskErrored,\n type AgentTask,\n type SpawnTaskOptions,\n} from \"./agent-teams.js\";\nexport { isOAuthConnected, getOAuthAccounts } from \"./oauth-helpers.js\";\nexport { wrapWithAnalytics } from \"./analytics.js\";\nexport {\n getH3App,\n awaitBootstrap,\n type H3AppShim,\n} from \"./framework-request-handler.js\";\nexport {\n autoDiscoverActions,\n autoDiscoverScripts,\n loadActionsFromStaticRegistry,\n mergeCoreSharingActions,\n registerPackageActions,\n} from \"./action-discovery.js\";\nexport {\n mountActionRoutes,\n type MountActionRoutesOptions,\n} from \"./action-routes.js\";\nexport {\n runWithRequestContext,\n hasRequestContext,\n getRequestContext,\n getRequestUserEmail,\n getRequestUserName,\n getRequestOrgId,\n getRequestTimezone,\n getRequestRunContext,\n getCredentialContext,\n isIntegrationCallerRequest,\n type RequestContext,\n type RequestRunContext,\n} from \"./request-context.js\";\nexport { formatDateInTimezone, todayInTimezone } from \"./date-utils.js\";\n\nexport {\n createOnboardingPlugin,\n defaultOnboardingPlugin,\n} from \"../onboarding/plugin.js\";\n\nexport {\n registerFileUploadProvider,\n unregisterFileUploadProvider,\n listFileUploadProviders,\n getActiveFileUploadProvider,\n uploadFile,\n builderFileUploadProvider,\n type FileUploadInput,\n type FileUploadProvider,\n type FileUploadResult,\n} from \"../file-upload/index.js\";\n\nexport {\n createIntegrationsPlugin,\n defaultIntegrationsPlugin,\n enqueueRemoteCommand,\n slackAdapter,\n telegramAdapter,\n whatsappAdapter,\n emailAdapter,\n type PlatformAdapter,\n type IncomingMessage,\n type OutgoingMessage,\n type IntegrationStatus,\n type IntegrationsPluginOptions,\n} from \"../integrations/index.js\";\n\nexport {\n isElectron,\n isMobile,\n getOrigin,\n getAppBasePath,\n getAppUrl,\n resolveOAuthRedirectUri,\n isAllowedOAuthRedirectUri,\n encodeOAuthState,\n decodeOAuthState,\n resolveOAuthOwner,\n createOAuthSession,\n oauthCallbackResponse,\n oauthErrorPage,\n oauthDesktopExchangePage,\n type OAuthStatePayload,\n type OAuthOwnerResult,\n type OAuthSessionResult,\n} from \"./google-oauth.js\";\n\nexport {\n FeatureNotConfiguredError,\n hasBuilderPrivateKey,\n isBuilderEnvManaged,\n getBuilderProxyOrigin,\n getBuilderImageGenerationBaseUrl,\n getBuilderAuthHeader,\n resolveBuilderPrivateKey,\n resolveBuilderAuthHeader,\n resolveHasBuilderPrivateKey,\n resolveBuilderCredentials,\n resolveBuilderCredential,\n writeBuilderCredentials,\n deleteBuilderCredentials,\n resolveSecret,\n} from \"./credential-provider.js\";\nexport {\n getBuilderBranchProjectId,\n isBuilderBranchingEnabled,\n resolveBuilderBranchProjectId,\n resolveIsBuilderBranchingEnabled,\n runBuilderAgent,\n type RunBuilderAgentResult,\n} from \"./builder-browser.js\";\n\nexport {\n sendEmail,\n isEmailConfigured,\n getEmailProvider,\n type EmailProvider,\n type SendEmailArgs,\n} from \"./email.js\";\nexport {\n renderEmail,\n emailStrong,\n emailLink,\n type RenderEmailArgs,\n type RenderedEmail,\n type EmailCta,\n} from \"./email-template.js\";\nexport { getAppProductionUrl, getFirstPartyProdUrl } from \"./app-url.js\";\nexport {\n getConfiguredAppBasePath,\n normalizeAppBasePath,\n withConfiguredAppBasePath,\n} from \"./app-base-path.js\";\nexport {\n signShortLivedToken,\n verifyShortLivedToken,\n type ShortLivedTokenClaims,\n type VerifyResult as ShortLivedTokenVerifyResult,\n} from \"./short-lived-token.js\";\n\n// SSR handler is NOT re-exported here — it uses a virtual module\n// (virtual:react-router/server-build) that only exists at Vite dev/build time.\n// Including it in this barrel would break the esbuild CF Pages bundler.\n// Templates import directly: import { ssrHandler } from \"@agent-native/core/server/ssr-handler\"\n\n// Nitro plugin helper — re-exported so templates don't need nitro as a direct dependency.\n// defineNitroPlugin is an identity function; this typed wrapper lets templates use it\n// without resolving `nitro/runtime` (which requires Nitro's virtual modules at runtime).\nexport type NitroPluginDef = (nitroApp: any) => void | Promise<void>;\nexport function defineNitroPlugin(def: NitroPluginDef): NitroPluginDef {\n return def;\n}\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,YAAY,EACZ,aAAa,GAGd,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,gBAAgB,GAEjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iBAAiB,CAAC;AAChF,OAAO,EACL,4BAA4B,EAC5B,mBAAmB,GAEpB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,8BAA8B,EAC9B,qBAAqB,EACrB,qBAAqB,EACrB,uBAAuB,GAQxB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,gBAAgB,EAA0B,MAAM,UAAU,CAAC;AACpE,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,WAAW,EACX,UAAU,EACV,aAAa,EACb,eAAe,EACf,+BAA+B,EAC/B,yBAAyB,EACzB,4BAA4B,EAC5B,YAAY,EACZ,kBAAkB,EAClB,uBAAuB,EACvB,cAAc,GAIf,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,aAAa,EAA2B,MAAM,kBAAkB,CAAC;AAC1E,OAAO,EAAE,aAAa,EAA4B,MAAM,cAAc,CAAC;AACvE,OAAO,EACL,4BAA4B,GAkB7B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,YAAY,GACb,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAElE,OAAO,EACL,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,eAAe,EACf,cAAc,EACd,mBAAmB,EACnB,iBAAiB,GAClB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,kBAAkB,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,iBAAiB,GAElB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,4BAA4B,GAG7B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,2EAA2E;AAC3E,2EAA2E;AAC3E,8DAA8D;AAC9D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACrE,OAAO,EACL,sBAAsB,GAEvB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,uCAAuC,EACvC,oCAAoC,EACpC,+BAA+B,EAC/B,wBAAwB,EACxB,mCAAmC,GAKpC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,YAAY,EACZ,SAAS,EACT,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,cAAc,GAKf,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,GAEvB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,iCAAiC,GAElC,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,uCAAuC,EACvC,0CAA0C,EAC1C,8BAA8B,EAC9B,kBAAkB,EAClB,0BAA0B,EAC1B,6BAA6B,EAC7B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EACjB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,yBAAyB,GAE1B,MAAM,+BAA+B,CAAC;AAWvC,OAAO,EACL,oBAAoB,EACpB,qBAAqB,GAEtB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,kBAAkB,GAEnB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,SAAS,EACT,OAAO,EACP,eAAe,EACf,SAAS,EACT,UAAU,EACV,eAAe,GAGhB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,QAAQ,EACR,cAAc,GAEf,MAAM,gCAAgC,CAAC;AACxC,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,6BAA6B,EAC7B,uBAAuB,EACvB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,iBAAiB,GAElB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,0BAA0B,GAG3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAExE,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,0BAA0B,EAC1B,4BAA4B,EAC5B,uBAAuB,EACvB,2BAA2B,EAC3B,UAAU,EACV,yBAAyB,GAI1B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,YAAY,EACZ,eAAe,EACf,eAAe,EACf,YAAY,GAMb,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,UAAU,EACV,QAAQ,EACR,SAAS,EACT,cAAc,EACd,SAAS,EACT,uBAAuB,EACvB,yBAAyB,EACzB,gBAAgB,EAChB,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,wBAAwB,GAIzB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACnB,qBAAqB,EACrB,gCAAgC,EAChC,oBAAoB,EACpB,wBAAwB,EACxB,wBAAwB,EACxB,2BAA2B,EAC3B,yBAAyB,EACzB,wBAAwB,EACxB,uBAAuB,EACvB,wBAAwB,EACxB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,6BAA6B,EAC7B,gCAAgC,EAChC,eAAe,GAEhB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,SAAS,EACT,iBAAiB,EACjB,gBAAgB,GAGjB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,WAAW,EACX,WAAW,EACX,SAAS,GAIV,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACzE,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,GAGtB,MAAM,wBAAwB,CAAC;AAWhC,MAAM,UAAU,iBAAiB,CAAC,GAAmB;IACnD,OAAO,GAAG,CAAC;AACb,CAAC","sourcesContent":["export {\n createServer,\n upsertEnvFile,\n type CreateServerOptions,\n type EnvKeyConfig,\n} from \"./create-server.js\";\n\nexport { readBody, streamFile } from \"./h3-helpers.js\";\nexport {\n buildDeepLink,\n toAbsoluteOpenUrl,\n toDesktopOpenUrl,\n OPEN_ROUTE_SUBPATH,\n DESKTOP_OPEN_URL,\n type DeepLinkInput,\n} from \"./deep-link.js\";\nexport { createOpenRouteHandler, type OpenRouteOptions } from \"./open-route.js\";\nexport {\n createEmbedStartRouteHandler,\n buildEmbedStartPath,\n type EmbedStartRouteOptions,\n} from \"./embed-route.js\";\nexport {\n createEmbedSessionTicket,\n consumeEmbedSessionTicket,\n normalizeEmbedTargetPath,\n requestHasEmbedAuthMarker,\n resolveEmbedSessionFromRequest,\n setEmbedSessionCookie,\n signEmbedSessionToken,\n verifyEmbedSessionToken,\n type ConsumedEmbedSessionTicket,\n type ConsumeEmbedSessionTicketOptions,\n type EmbedSessionTicket,\n type EmbedSessionTicketInput,\n type EmbedSessionTokenClaims,\n type ResolvedEmbedSession,\n type VerifyEmbedSessionTokenResult,\n} from \"./embed-session.js\";\nexport { createSSEHandler, type SSEHandlerOptions } from \"./sse.js\";\nexport {\n mountAuthMiddleware,\n autoMountAuth,\n getSession,\n COOKIE_NAME,\n addSession,\n removeSession,\n getSessionEmail,\n getFrameworkSessionCookieValues,\n setFrameworkSessionCookie,\n clearFrameworkSessionCookies,\n runAuthGuard,\n setDesktopExchange,\n setDesktopExchangeError,\n safeReturnPath,\n type DesktopExchangeErrorPayload,\n type AuthSession,\n type AuthOptions,\n} from \"./auth.js\";\nexport {\n handleIdentitySso,\n getIdentityHubUrl,\n isIdentitySsoEnabled,\n isIdentitySsoBypassPath,\n identitySsoLoginButtonHtml,\n IDENTITY_SSO_PROVIDER_ID,\n IDENTITY_SSO_SCOPE,\n} from \"./identity-sso.js\";\nexport { requireEnvKey, type MissingKeyResponse } from \"./missing-key.js\";\nexport { verifyCaptcha, type CaptchaVerifyResult } from \"./captcha.js\";\nexport {\n createProductionAgentHandler,\n type ActionEntry,\n type ScriptEntry,\n type ProductionAgentOptions,\n type ActionTool,\n type ScriptTool,\n type AgentMessage,\n type AgentChatRequest,\n type AgentChatEvent,\n type AgentChatAttachment,\n type AgentChatReference,\n type MentionProvider,\n type MentionProviderItem,\n type AgentLoopFinalResponseGuard,\n type AgentLoopFinalResponseGuardContext,\n type AgentLoopFinalResponseGuardResult,\n type AgentLoopToolCallSummary,\n type AgentLoopToolResultSummary,\n} from \"../agent/index.js\";\nexport {\n actionsToEngineTools,\n getOwnerActiveApiKey,\n runAgentLoop,\n} from \"../agent/production-agent.js\";\nexport {\n getStoredModelForEngine,\n resolveEngine,\n} from \"../agent/engine/index.js\";\nexport { createDevScriptRegistry } from \"../scripts/dev/index.js\";\n\nexport {\n createPollHandler,\n recordChange,\n getVersion,\n getChangesSince,\n getPollEmitter,\n canSeeChangeForUser,\n POLL_CHANGE_EVENT,\n} from \"./poll.js\";\nexport { createPollEventsHandler } from \"./poll-events.js\";\nexport { createAuthPlugin, defaultAuthPlugin } from \"./auth-plugin.js\";\nexport {\n initServerSentry,\n isServerSentryEnabled,\n setSentryUserForRequest,\n captureRouteError,\n type RouteErrorContext,\n} from \"./sentry.js\";\nexport {\n captureError,\n captureServerError,\n registerErrorCaptureProvider,\n type CaptureErrorContext,\n type CaptureErrorProvider,\n} from \"./capture-error.js\";\nexport { createSentryPlugin, defaultSentryPlugin } from \"./sentry-plugin.js\";\n// Re-export the org plugin so the auto-discovery's DEFAULT_PLUGIN_REGISTRY\n// (which references \"defaultOrgPlugin\" from @agent-native/core/server) can\n// resolve it during the deploy build worker-entry generation.\nexport { createOrgPlugin, defaultOrgPlugin } from \"../org/plugin.js\";\nexport {\n createGoogleAuthPlugin,\n type GoogleAuthPluginOptions,\n} from \"./google-auth-plugin.js\";\nexport type { GoogleAuthMode } from \"./google-auth-mode.js\";\nexport {\n createAgentChatPlugin,\n defaultAgentChatPlugin,\n type AgentChatPluginOptions,\n} from \"./agent-chat-plugin.js\";\nexport {\n configureAgentNativeEmbeddedEnvironment,\n createAgentNativeEmbeddedAuthOptions,\n createAgentNativeEmbeddedPlugin,\n mountAgentNativeEmbedded,\n normalizeAgentNativeEmbeddedSession,\n type AgentNativeEmbeddedAuthOptions,\n type AgentNativeEmbeddedGetSession,\n type AgentNativeEmbeddedHostSession,\n type AgentNativeEmbeddedPluginOptions,\n} from \"./embedded.js\";\nexport {\n createThread,\n getThread,\n listThreads,\n updateThreadData,\n deleteThread,\n setThreadScope,\n type ChatThread,\n type ChatThreadScope,\n type ChatThreadSummary,\n type ListThreadsOptions,\n} from \"../chat-threads/store.js\";\nexport {\n createResourcesPlugin,\n defaultResourcesPlugin,\n} from \"./resources-plugin.js\";\nexport {\n createCoreRoutesPlugin,\n defaultCoreRoutesPlugin,\n FRAMEWORK_ROUTE_PREFIX,\n type CoreRoutesPluginOptions,\n} from \"./core-routes-plugin.js\";\nexport {\n createBrowserSessionActionEntries,\n type CreateBrowserSessionActionEntriesOptions,\n} from \"../browser-sessions/actions.js\";\nexport {\n DEFAULT_BROWSER_SESSION_REQUEST_POLL_MS,\n DEFAULT_BROWSER_SESSION_REQUEST_TIMEOUT_MS,\n DEFAULT_BROWSER_SESSION_TTL_MS,\n callBrowserSession,\n claimBrowserSessionRequest,\n completeBrowserSessionRequest,\n createBrowserSessionRequest,\n disconnectBrowserSession,\n getBrowserSession,\n getBrowserSessionRequest,\n listBrowserSessions,\n registerBrowserSession,\n waitForBrowserSessionRequest,\n} from \"../browser-sessions/store.js\";\nexport {\n mountBrowserSessionRoutes,\n type MountBrowserSessionRoutesOptions,\n} from \"../browser-sessions/routes.js\";\nexport type {\n AgentNativeBrowserSession,\n AgentNativeBrowserSessionAction,\n AgentNativeBrowserSessionRecord,\n AgentNativeBrowserSessionRequest,\n AgentNativeBrowserSessionRequestStatus,\n AgentNativeBrowserSessionRequestType,\n CreateAgentNativeBrowserSessionRequestInput,\n RegisterAgentNativeBrowserSessionInput,\n} from \"../browser-sessions/types.js\";\nexport {\n createTerminalPlugin,\n defaultTerminalPlugin,\n type TerminalPluginOptions,\n} from \"../terminal/terminal-plugin.js\";\nexport {\n createCollabPlugin,\n type CollabPluginOptions,\n} from \"./collab-plugin.js\";\n\nexport {\n spawnTask,\n getTask,\n getTaskByThread,\n listTasks,\n sendToTask,\n markTaskErrored,\n type AgentTask,\n type SpawnTaskOptions,\n} from \"./agent-teams.js\";\nexport { isOAuthConnected, getOAuthAccounts } from \"./oauth-helpers.js\";\nexport { wrapWithAnalytics } from \"./analytics.js\";\nexport {\n getH3App,\n awaitBootstrap,\n type H3AppShim,\n} from \"./framework-request-handler.js\";\nexport {\n autoDiscoverActions,\n autoDiscoverScripts,\n loadActionsFromStaticRegistry,\n mergeCoreSharingActions,\n registerPackageActions,\n} from \"./action-discovery.js\";\nexport {\n mountActionRoutes,\n type MountActionRoutesOptions,\n} from \"./action-routes.js\";\nexport {\n runWithRequestContext,\n hasRequestContext,\n getRequestContext,\n getRequestUserEmail,\n getRequestUserName,\n getRequestOrgId,\n getRequestTimezone,\n getRequestRunContext,\n getCredentialContext,\n isIntegrationCallerRequest,\n type RequestContext,\n type RequestRunContext,\n} from \"./request-context.js\";\nexport { formatDateInTimezone, todayInTimezone } from \"./date-utils.js\";\n\nexport {\n createOnboardingPlugin,\n defaultOnboardingPlugin,\n} from \"../onboarding/plugin.js\";\n\nexport {\n registerFileUploadProvider,\n unregisterFileUploadProvider,\n listFileUploadProviders,\n getActiveFileUploadProvider,\n uploadFile,\n builderFileUploadProvider,\n type FileUploadInput,\n type FileUploadProvider,\n type FileUploadResult,\n} from \"../file-upload/index.js\";\n\nexport {\n createIntegrationsPlugin,\n defaultIntegrationsPlugin,\n enqueueRemoteCommand,\n slackAdapter,\n telegramAdapter,\n whatsappAdapter,\n emailAdapter,\n type PlatformAdapter,\n type IncomingMessage,\n type OutgoingMessage,\n type IntegrationStatus,\n type IntegrationsPluginOptions,\n} from \"../integrations/index.js\";\n\nexport {\n isElectron,\n isMobile,\n getOrigin,\n getAppBasePath,\n getAppUrl,\n resolveOAuthRedirectUri,\n isAllowedOAuthRedirectUri,\n encodeOAuthState,\n decodeOAuthState,\n resolveOAuthOwner,\n createOAuthSession,\n oauthCallbackResponse,\n oauthErrorPage,\n oauthDesktopExchangePage,\n type OAuthStatePayload,\n type OAuthOwnerResult,\n type OAuthSessionResult,\n} from \"./google-oauth.js\";\n\nexport {\n FeatureNotConfiguredError,\n hasBuilderPrivateKey,\n isBuilderEnvManaged,\n getBuilderProxyOrigin,\n getBuilderImageGenerationBaseUrl,\n getBuilderAuthHeader,\n resolveBuilderPrivateKey,\n resolveBuilderAuthHeader,\n resolveHasBuilderPrivateKey,\n resolveBuilderCredentials,\n resolveBuilderCredential,\n writeBuilderCredentials,\n deleteBuilderCredentials,\n resolveSecret,\n} from \"./credential-provider.js\";\nexport {\n getBuilderBranchProjectId,\n isBuilderBranchingEnabled,\n resolveBuilderBranchProjectId,\n resolveIsBuilderBranchingEnabled,\n runBuilderAgent,\n type RunBuilderAgentResult,\n} from \"./builder-browser.js\";\n\nexport {\n sendEmail,\n isEmailConfigured,\n getEmailProvider,\n type EmailProvider,\n type SendEmailArgs,\n} from \"./email.js\";\nexport {\n renderEmail,\n emailStrong,\n emailLink,\n type RenderEmailArgs,\n type RenderedEmail,\n type EmailCta,\n} from \"./email-template.js\";\nexport { getAppProductionUrl, getFirstPartyProdUrl } from \"./app-url.js\";\nexport {\n getConfiguredAppBasePath,\n normalizeAppBasePath,\n withConfiguredAppBasePath,\n} from \"./app-base-path.js\";\nexport {\n signShortLivedToken,\n verifyShortLivedToken,\n type ShortLivedTokenClaims,\n type VerifyResult as ShortLivedTokenVerifyResult,\n} from \"./short-lived-token.js\";\n\n// SSR handler is NOT re-exported here — it uses a virtual module\n// (virtual:react-router/server-build) that only exists at Vite dev/build time.\n// Including it in this barrel would break the esbuild CF Pages bundler.\n// Templates import directly: import { ssrHandler } from \"@agent-native/core/server/ssr-handler\"\n\n// Nitro plugin helper — re-exported so templates don't need nitro as a direct dependency.\n// defineNitroPlugin is an identity function; this typed wrapper lets templates use it\n// without resolving `nitro/runtime` (which requires Nitro's virtual modules at runtime).\nexport type NitroPluginDef = (nitroApp: any) => void | Promise<void>;\nexport function defineNitroPlugin(def: NitroPluginDef): NitroPluginDef {\n return def;\n}\n"]}
package/dist/server/open-route.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"open-route.d.ts","sourceRoot":"","sources":["../../src/server/open-route.ts"],"names":[],"mappings":"AAmDA,MAAM,WAAW,gBAAgB;IAC/B;;yEAEqE;IACrE,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE;QACzB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAChC,KAAK,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACjC;AA0CD,wBAAgB,sBAAsB,CAAC,OAAO,GAAE,gBAAqB,2FAyHpE"}
1
+ {"version":3,"file":"open-route.d.ts","sourceRoot":"","sources":["../../src/server/open-route.ts"],"names":[],"mappings":"AAyDA,MAAM,WAAW,gBAAgB;IAC/B;;yEAEqE;IACrE,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE;QACzB,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAChC,KAAK,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC;CACjC;AA0CD,wBAAgB,sBAAsB,CAAC,OAAO,GAAE,gBAAqB,2FA+HpE"}