@agent-native/core 0.30.6 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (255) hide show
  1. package/dist/a2a/client.d.ts +2 -0
  2. package/dist/a2a/client.d.ts.map +1 -1
  3. package/dist/a2a/client.js +6 -4
  4. package/dist/a2a/client.js.map +1 -1
  5. package/dist/a2a/handlers.d.ts.map +1 -1
  6. package/dist/a2a/handlers.js +3 -0
  7. package/dist/a2a/handlers.js.map +1 -1
  8. package/dist/a2a/server.d.ts.map +1 -1
  9. package/dist/a2a/server.js.map +1 -1
  10. package/dist/a2a/task-store.js.map +1 -1
  11. package/dist/agent/engine/anthropic-engine.d.ts.map +1 -1
  12. package/dist/agent/engine/anthropic-engine.js +0 -7
  13. package/dist/agent/engine/anthropic-engine.js.map +1 -1
  14. package/dist/agent/engine/registry.d.ts.map +1 -1
  15. package/dist/agent/engine/registry.js.map +1 -1
  16. package/dist/agent/engine/translate-ai-sdk.d.ts.map +1 -1
  17. package/dist/agent/engine/translate-ai-sdk.js +5 -3
  18. package/dist/agent/engine/translate-ai-sdk.js.map +1 -1
  19. package/dist/agent/production-agent.js +7 -3
  20. package/dist/agent/production-agent.js.map +1 -1
  21. package/dist/agent/run-manager.d.ts.map +1 -1
  22. package/dist/agent/run-manager.js +14 -6
  23. package/dist/agent/run-manager.js.map +1 -1
  24. package/dist/application-state/store.d.ts.map +1 -1
  25. package/dist/application-state/store.js.map +1 -1
  26. package/dist/brand-kit/brand-signals.d.ts +31 -0
  27. package/dist/brand-kit/brand-signals.d.ts.map +1 -0
  28. package/dist/brand-kit/brand-signals.js +101 -0
  29. package/dist/brand-kit/brand-signals.js.map +1 -0
  30. package/dist/brand-kit/index.d.ts +21 -0
  31. package/dist/brand-kit/index.d.ts.map +1 -0
  32. package/dist/brand-kit/index.js +34 -0
  33. package/dist/brand-kit/index.js.map +1 -0
  34. package/dist/brand-kit/types.d.ts +103 -0
  35. package/dist/brand-kit/types.d.ts.map +1 -0
  36. package/dist/brand-kit/types.js +17 -0
  37. package/dist/brand-kit/types.js.map +1 -0
  38. package/dist/cli/code-agent-executor.d.ts.map +1 -1
  39. package/dist/cli/code-agent-executor.js.map +1 -1
  40. package/dist/cli/create.d.ts.map +1 -1
  41. package/dist/cli/create.js +0 -1
  42. package/dist/cli/create.js.map +1 -1
  43. package/dist/client/AgentNative.js.map +1 -1
  44. package/dist/client/AgentPanel.d.ts.map +1 -1
  45. package/dist/client/AgentPanel.js +0 -2
  46. package/dist/client/AgentPanel.js.map +1 -1
  47. package/dist/client/AssistantChat.d.ts.map +1 -1
  48. package/dist/client/AssistantChat.js +69 -17
  49. package/dist/client/AssistantChat.js.map +1 -1
  50. package/dist/client/IframeEmbed.d.ts.map +1 -1
  51. package/dist/client/IframeEmbed.js.map +1 -1
  52. package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
  53. package/dist/client/MultiTabAssistantChat.js +1 -1
  54. package/dist/client/MultiTabAssistantChat.js.map +1 -1
  55. package/dist/client/RunStuckBanner.js.map +1 -1
  56. package/dist/client/agent-chat.d.ts.map +1 -1
  57. package/dist/client/agent-chat.js.map +1 -1
  58. package/dist/client/builder-mark.d.ts.map +1 -1
  59. package/dist/client/builder-mark.js.map +1 -1
  60. package/dist/client/components/MissingKeyCard.d.ts.map +1 -1
  61. package/dist/client/components/MissingKeyCard.js.map +1 -1
  62. package/dist/client/composer/PromptComposer.d.ts.map +1 -1
  63. package/dist/client/composer/PromptComposer.js +6 -3
  64. package/dist/client/composer/PromptComposer.js.map +1 -1
  65. package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
  66. package/dist/client/composer/TiptapComposer.js +5 -0
  67. package/dist/client/composer/TiptapComposer.js.map +1 -1
  68. package/dist/client/composer/VoiceButton.d.ts.map +1 -1
  69. package/dist/client/composer/VoiceButton.js +9 -0
  70. package/dist/client/composer/VoiceButton.js.map +1 -1
  71. package/dist/client/composer/extensions/FileReference.d.ts.map +1 -1
  72. package/dist/client/composer/extensions/FileReference.js.map +1 -1
  73. package/dist/client/composer/extensions/MentionReference.d.ts.map +1 -1
  74. package/dist/client/composer/extensions/MentionReference.js.map +1 -1
  75. package/dist/client/composer/extensions/SkillReference.d.ts.map +1 -1
  76. package/dist/client/composer/extensions/SkillReference.js.map +1 -1
  77. package/dist/client/conversation/AgentConversation.js +8 -6
  78. package/dist/client/conversation/AgentConversation.js.map +1 -1
  79. package/dist/client/conversation/use-near-bottom-autoscroll.d.ts.map +1 -1
  80. package/dist/client/conversation/use-near-bottom-autoscroll.js +133 -35
  81. package/dist/client/conversation/use-near-bottom-autoscroll.js.map +1 -1
  82. package/dist/client/db-admin/DbAdminPage.js.map +1 -1
  83. package/dist/client/dev-overlay/DevOverlay.d.ts.map +1 -1
  84. package/dist/client/dev-overlay/DevOverlay.js +0 -1
  85. package/dist/client/dev-overlay/DevOverlay.js.map +1 -1
  86. package/dist/client/extensions/EmbeddedExtension.d.ts.map +1 -1
  87. package/dist/client/extensions/EmbeddedExtension.js +19 -0
  88. package/dist/client/extensions/EmbeddedExtension.js.map +1 -1
  89. package/dist/client/extensions/ExtensionViewer.d.ts.map +1 -1
  90. package/dist/client/extensions/ExtensionViewer.js +11 -3
  91. package/dist/client/extensions/ExtensionViewer.js.map +1 -1
  92. package/dist/client/integrations/IntegrationsPanel.d.ts.map +1 -1
  93. package/dist/client/integrations/IntegrationsPanel.js.map +1 -1
  94. package/dist/client/mcp-app-host.d.ts.map +1 -1
  95. package/dist/client/mcp-app-host.js +6 -1
  96. package/dist/client/mcp-app-host.js.map +1 -1
  97. package/dist/client/mcp-apps/McpAppRenderer.d.ts.map +1 -1
  98. package/dist/client/mcp-apps/McpAppRenderer.js +1 -1
  99. package/dist/client/mcp-apps/McpAppRenderer.js.map +1 -1
  100. package/dist/client/notifications/NotificationsBell.js.map +1 -1
  101. package/dist/client/onboarding/SetupButton.d.ts.map +1 -1
  102. package/dist/client/onboarding/SetupButton.js +6 -0
  103. package/dist/client/onboarding/SetupButton.js.map +1 -1
  104. package/dist/client/progress/RunsTray.js.map +1 -1
  105. package/dist/client/resources/McpServerDetail.d.ts.map +1 -1
  106. package/dist/client/resources/McpServerDetail.js.map +1 -1
  107. package/dist/client/settings/AgentsSection.d.ts.map +1 -1
  108. package/dist/client/settings/AgentsSection.js +1 -1
  109. package/dist/client/settings/AgentsSection.js.map +1 -1
  110. package/dist/client/settings/AutomationsSection.js.map +1 -1
  111. package/dist/client/sharing/ShareButton.d.ts.map +1 -1
  112. package/dist/client/sharing/ShareButton.js +0 -4
  113. package/dist/client/sharing/ShareButton.js.map +1 -1
  114. package/dist/client/terminal/AgentTerminal.d.ts.map +1 -1
  115. package/dist/client/terminal/AgentTerminal.js +1 -1
  116. package/dist/client/terminal/AgentTerminal.js.map +1 -1
  117. package/dist/client/use-agent-chat.d.ts.map +1 -1
  118. package/dist/client/use-agent-chat.js +20 -4
  119. package/dist/client/use-agent-chat.js.map +1 -1
  120. package/dist/client/use-chat-threads.d.ts.map +1 -1
  121. package/dist/client/use-chat-threads.js +39 -25
  122. package/dist/client/use-chat-threads.js.map +1 -1
  123. package/dist/client/use-db-sync.d.ts.map +1 -1
  124. package/dist/client/use-db-sync.js +8 -0
  125. package/dist/client/use-db-sync.js.map +1 -1
  126. package/dist/client/use-dev-mode.d.ts.map +1 -1
  127. package/dist/client/use-dev-mode.js +25 -9
  128. package/dist/client/use-dev-mode.js.map +1 -1
  129. package/dist/client/useProductionAgent.d.ts.map +1 -1
  130. package/dist/client/useProductionAgent.js +6 -2
  131. package/dist/client/useProductionAgent.js.map +1 -1
  132. package/dist/collab/agent-presence.d.ts.map +1 -1
  133. package/dist/collab/agent-presence.js +1 -1
  134. package/dist/collab/agent-presence.js.map +1 -1
  135. package/dist/collab/awareness.d.ts.map +1 -1
  136. package/dist/collab/awareness.js +8 -0
  137. package/dist/collab/awareness.js.map +1 -1
  138. package/dist/collab/client-struct.js.map +1 -1
  139. package/dist/deploy/build.js +0 -5
  140. package/dist/deploy/build.js.map +1 -1
  141. package/dist/extensions/fetch-tool.d.ts.map +1 -1
  142. package/dist/extensions/fetch-tool.js +4 -1
  143. package/dist/extensions/fetch-tool.js.map +1 -1
  144. package/dist/file-upload/actions/upload-image.d.ts.map +1 -1
  145. package/dist/file-upload/actions/upload-image.js +39 -4
  146. package/dist/file-upload/actions/upload-image.js.map +1 -1
  147. package/dist/integrations/adapters/slack.d.ts.map +1 -1
  148. package/dist/integrations/adapters/slack.js.map +1 -1
  149. package/dist/integrations/google-docs-poller.d.ts.map +1 -1
  150. package/dist/integrations/google-docs-poller.js +14 -1
  151. package/dist/integrations/google-docs-poller.js.map +1 -1
  152. package/dist/integrations/plugin.d.ts.map +1 -1
  153. package/dist/integrations/plugin.js.map +1 -1
  154. package/dist/integrations/webhook-handler.d.ts.map +1 -1
  155. package/dist/integrations/webhook-handler.js +10 -1
  156. package/dist/integrations/webhook-handler.js.map +1 -1
  157. package/dist/jobs/scheduler.d.ts.map +1 -1
  158. package/dist/jobs/scheduler.js.map +1 -1
  159. package/dist/mcp/build-server.d.ts.map +1 -1
  160. package/dist/mcp/build-server.js +20 -8
  161. package/dist/mcp/build-server.js.map +1 -1
  162. package/dist/mcp/connect-store.d.ts.map +1 -1
  163. package/dist/mcp/connect-store.js +1 -1
  164. package/dist/mcp/connect-store.js.map +1 -1
  165. package/dist/notifications/channels.d.ts.map +1 -1
  166. package/dist/notifications/channels.js +3 -2
  167. package/dist/notifications/channels.js.map +1 -1
  168. package/dist/oauth-tokens/store.js.map +1 -1
  169. package/dist/observability/evals.d.ts.map +1 -1
  170. package/dist/observability/evals.js +7 -7
  171. package/dist/observability/evals.js.map +1 -1
  172. package/dist/observability/traces.d.ts.map +1 -1
  173. package/dist/observability/traces.js +15 -5
  174. package/dist/observability/traces.js.map +1 -1
  175. package/dist/org/handlers.d.ts.map +1 -1
  176. package/dist/org/handlers.js +3 -2
  177. package/dist/org/handlers.js.map +1 -1
  178. package/dist/resources/handlers.d.ts +5 -5
  179. package/dist/resources/handlers.d.ts.map +1 -1
  180. package/dist/resources/handlers.js.map +1 -1
  181. package/dist/scripts/db/schema.js.map +1 -1
  182. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  183. package/dist/server/agent-chat-plugin.js +0 -6
  184. package/dist/server/agent-chat-plugin.js.map +1 -1
  185. package/dist/server/auth.d.ts.map +1 -1
  186. package/dist/server/auth.js.map +1 -1
  187. package/dist/server/better-auth-instance.d.ts.map +1 -1
  188. package/dist/server/better-auth-instance.js +0 -3
  189. package/dist/server/better-auth-instance.js.map +1 -1
  190. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  191. package/dist/server/core-routes-plugin.js +1 -2
  192. package/dist/server/core-routes-plugin.js.map +1 -1
  193. package/dist/server/create-server.d.ts.map +1 -1
  194. package/dist/server/create-server.js +0 -23
  195. package/dist/server/create-server.js.map +1 -1
  196. package/dist/server/google-oauth.d.ts.map +1 -1
  197. package/dist/server/google-oauth.js +0 -3
  198. package/dist/server/google-oauth.js.map +1 -1
  199. package/dist/server/poll.d.ts.map +1 -1
  200. package/dist/server/poll.js +49 -18
  201. package/dist/server/poll.js.map +1 -1
  202. package/dist/settings/store.js.map +1 -1
  203. package/dist/sharing/access.d.ts.map +1 -1
  204. package/dist/sharing/access.js +25 -4
  205. package/dist/sharing/access.js.map +1 -1
  206. package/dist/triggers/dispatcher.d.ts.map +1 -1
  207. package/dist/triggers/dispatcher.js.map +1 -1
  208. package/dist/vite/client.d.ts.map +1 -1
  209. package/dist/vite/client.js +2 -0
  210. package/dist/vite/client.js.map +1 -1
  211. package/package.json +3 -2
  212. package/dist/client/conversation/AgentConversation.spec.d.ts +0 -2
  213. package/dist/client/conversation/AgentConversation.spec.d.ts.map +0 -1
  214. package/dist/client/conversation/AgentConversation.spec.js +0 -69
  215. package/dist/client/conversation/AgentConversation.spec.js.map +0 -1
  216. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.d.ts +0 -2
  217. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.d.ts.map +0 -1
  218. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.js +0 -110
  219. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.js.map +0 -1
  220. package/dist/client/extensions/AgentNativeExtensionFrame.spec.d.ts +0 -2
  221. package/dist/client/extensions/AgentNativeExtensionFrame.spec.d.ts.map +0 -1
  222. package/dist/client/extensions/AgentNativeExtensionFrame.spec.js +0 -68
  223. package/dist/client/extensions/AgentNativeExtensionFrame.spec.js.map +0 -1
  224. package/dist/client/extensions/ExtensionViewer.spec.d.ts +0 -2
  225. package/dist/client/extensions/ExtensionViewer.spec.d.ts.map +0 -1
  226. package/dist/client/extensions/ExtensionViewer.spec.js +0 -94
  227. package/dist/client/extensions/ExtensionViewer.spec.js.map +0 -1
  228. package/dist/client/guided-questions.flow.spec.d.ts +0 -2
  229. package/dist/client/guided-questions.flow.spec.d.ts.map +0 -1
  230. package/dist/client/guided-questions.flow.spec.js +0 -147
  231. package/dist/client/guided-questions.flow.spec.js.map +0 -1
  232. package/dist/client/settings/useBuilderStatus.spec.d.ts +0 -2
  233. package/dist/client/settings/useBuilderStatus.spec.d.ts.map +0 -1
  234. package/dist/client/settings/useBuilderStatus.spec.js +0 -487
  235. package/dist/client/settings/useBuilderStatus.spec.js.map +0 -1
  236. package/dist/client/sharing/ShareButton.spec.d.ts +0 -2
  237. package/dist/client/sharing/ShareButton.spec.d.ts.map +0 -1
  238. package/dist/client/sharing/ShareButton.spec.js +0 -196
  239. package/dist/client/sharing/ShareButton.spec.js.map +0 -1
  240. package/dist/client/use-chat-models.spec.d.ts +0 -2
  241. package/dist/client/use-chat-models.spec.d.ts.map +0 -1
  242. package/dist/client/use-chat-models.spec.js +0 -39
  243. package/dist/client/use-chat-models.spec.js.map +0 -1
  244. package/dist/client/use-chat-threads.spec.d.ts +0 -2
  245. package/dist/client/use-chat-threads.spec.d.ts.map +0 -1
  246. package/dist/client/use-chat-threads.spec.js +0 -760
  247. package/dist/client/use-chat-threads.spec.js.map +0 -1
  248. package/dist/client/use-db-sync.spec.d.ts +0 -2
  249. package/dist/client/use-db-sync.spec.d.ts.map +0 -1
  250. package/dist/client/use-db-sync.spec.js +0 -107
  251. package/dist/client/use-db-sync.spec.js.map +0 -1
  252. package/dist/server/script-discovery.d.ts +0 -6
  253. package/dist/server/script-discovery.d.ts.map +0 -1
  254. package/dist/server/script-discovery.js +0 -6
  255. package/dist/server/script-discovery.js.map +0 -1
package/dist/server/poll.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"poll.js","sourceRoot":"","sources":["../../src/server/poll.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAC;AACrE,OAAO,EACL,wBAAwB,EACxB,uBAAuB,GAExB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EACL,2BAA2B,EAC3B,0BAA0B,GAE3B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAoBvC,oEAAoE;AACpE,2EAA2E;AAC3E,MAAM,UAAU,GAAG,GAAG,CAAC;AACvB,IAAI,QAAQ,GAAG,CAAC,CAAC;AACjB,MAAM,OAAO,GAAkB,EAAE,CAAC;AAClC,MAAM,CAAC,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAC/C,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;AACxC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;AAEhC;;;;;GAKG;AACH,IAAI,cAAc,GAAG,KAAK,CAAC;AAE3B,sEAAsE;AACtE,IAAI,YAAY,GAAG,CAAC,CAAC;AACrB,IAAI,eAAe,GAAG,CAAC,CAAC;AACxB,IAAI,eAAe,GAAG,CAAC,CAAC;AACxB,IAAI,iBAAiB,GAAG,CAAC,CAAC;AAC1B,IAAI,wBAAqD,CAAC;AAC1D,IAAI,sBAAsB,GAAG,CAAC,CAAC;AAC/B,IAAI,mBAAmB,GAAG,CAAC,CAAC;AAE5B;;;;;;;;;GASG;AACH,IAAI,oBAAoB,GAAG,CAAC,CAAC;AAC7B,IAAI,yBAAyB,GAAG,KAAK,CAAC;AACtC,MAAM,kBAAkB,GAAG,oBAAoB,CAAC;AAChD,IAAI,mBAAmB,GAAG,KAAK,CAAC;AAEhC,SAAS,iBAAiB;IACxB,IAAI,mBAAmB;QAAE,OAAO;IAChC,mBAAmB,GAAG,IAAI,CAAC;IAC3B,kBAAkB,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE;QAC7C,IACE,KAAK,CAAC,GAAG,KAAK,2BAA2B;YACzC,KAAK,CAAC,GAAG,KAAK,wBAAwB,EACtC,CAAC;YACD,OAAO;QACT,CAAC;QACD,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;IACH,kBAAkB,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE;QAC5C,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9B,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAChE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,EAIC,EACD,KAAiD;IAEjD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,CAC7B,yCAAyC,KAAK,EAAE,CACjD,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,4DAA4D;QAC5D,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,EAIC,EACD,KAAiD;IAEjD,OAAO,cAAc,CAAC,MAAM,mBAAmB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,+BAA+B,CAAC,EAI9C;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAC9B,GAAG,EAAE,uEAAuE;YAC5E,IAAI,EAAE,CAAC,2BAA2B,CAAC;SACpC,CAAC,CAAC;QACH,OAAO,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,KAAK,UAAU,4BAA4B,CAAC,EAI3C;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAC9B,GAAG,EAAE,uEAAuE;YAC5E,IAAI,EAAE,CAAC,wBAAwB,CAAC;SACjC,CAAC,CAAC;QACH,OAAO,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,UAAU;IACxB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,KAAkB,EAClB,SAAiB,EACjB,KAAyB;IAEzB,+DAA+D;IAC/D,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC1D,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAC/D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,YAAY,CAAC,KAK5B;IACC,qEAAqE;IACrE,iEAAiE;IACjE,0DAA0D;IAC1D,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAgB,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC3D,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,IAAI,OAAO,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC;IACjD,CAAC;IACD,YAAY,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA6B;IACvD,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC;IACjD,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;IAC/C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CACzB,OAA2C,EAC3C,MAA6B;IAE7B,MAAM,GAAG,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,GAAG;QAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAgC;IAC9D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAiC,CAAC;IAC/D,KAAK,MAAM,MAAM,IAAI,OAAO;QAAE,kBAAkB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IACxE,KAAK,MAAM,MAAM,IAAI,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;QAC5C,YAAY,CAAC;YACX,MAAM,EAAE,YAAY;YACpB,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,GAAG;YACR,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjD,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,OAA6B;IACxD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,YAAY,CAAC;YACX,MAAM,EAAE,QAAQ;YAChB,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,MAAM,CAAC,UAAU,IAAI,GAAG;YAC7B,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjD,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,GAA4B,EAC5B,SAAyC;IAEzC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;IACzD,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;IACzE,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/D,MAAM,UAAU,GACd,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAElE,IAAI,KAAK;QAAE,kBAAkB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,IAAI,UAAU,KAAK,KAAK,IAAI,KAAK;QAAE,kBAAkB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAE1E,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,aAAa,GACjB,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,WAAW,GACf,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,IAAI,aAAa,KAAK,MAAM,IAAI,WAAW,EAAE,CAAC;YAC5C,kBAAkB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACtD,CAAC;aAAM,IAAI,aAAa,KAAK,KAAK,IAAI,WAAW,EAAE,CAAC;YAClD,kBAAkB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,EAIC,EACD,IAAoC;IAEpC,MAAM,GAAG,GAAG,IAAI;SACb,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACxD,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAA0C,CAAC;IAE7E,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnD,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;gBACnC,GAAG,EAAE,2FAA2F,YAAY,GAAG;gBAC/G,IAAI,EAAE,GAAG;aACV,CAAC,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC;gBACrC,MAAM,UAAU,GACd,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC,UAAU;oBAAE,SAAS;gBAC1B,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBACxD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACnB,kBAAkB,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;QACjE,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACtB,sBAAsB,CACpB,GAAG,EACH,kBAAkB,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CACvE,CACF,CAAC;AACJ,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,eAAe,CAAC,KAAa;IAI3C,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC3C,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,KAAK,CAAC,CAAC;IACxD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAa,EACb,SAAiB,EACjB,KAAyB;IAEzB,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC3C,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,KAAK,IAAI,mBAAmB,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CACrE,CAAC;IACF,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iBAAiB;IAC9B,IAAI,cAAc;QAAE,OAAO;IAC3B,cAAc,GAAG,IAAI,CAAC;IAEtB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;QAEvB,MAAM,CACJ,KAAK,EACL,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,EACd,aAAa,EACd,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACpB,gBAAgB,CAAC,EAAE,EAAE,mBAAmB,CAAC;YACzC,gBAAgB,CAAC,EAAE,EAAE,UAAU,CAAC;YAChC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;YAChC,+BAA+B,CAAC,EAAE,CAAC;YACnC,4BAA4B,CAAC,EAAE,CAAC;YAChC,EAAE;iBACC,OAAO,CAAC;gBACP,GAAG,EAAE,wDAAwD;gBAC7D,IAAI,EAAE,CAAC,kBAAkB,CAAC;aAC3B,CAAC;iBACD,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;SAC/B,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QAEpE,qDAAqD;QACrD,QAAQ,GAAG,IAAI,CAAC,GAAG,CACjB,QAAQ,EACR,KAAK,EACL,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,cAAc,CACf,CAAC;QAEF,gEAAgE;QAChE,eAAe,GAAG,KAAK,CAAC;QACxB,eAAe,GAAG,UAAU,CAAC;QAC7B,iBAAiB,GAAG,YAAY,CAAC;QACjC,wBAAwB,GAAG,iBAAiB,CAAC,sBAAsB,CAAC,CAAC;QACrE,sBAAsB,GAAG,iBAAiB,CAAC;QAC3C,2EAA2E;QAC3E,2EAA2E;QAC3E,yEAAyE;QACzE,mBAAmB,GAAG,CAAC,CAAC;QACxB,oBAAoB,GAAG,SAAS,CAAC;QACjC,yBAAyB,GAAG,IAAI,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,YAAY,GAAG,IAAI;QAAE,OAAO;IACtC,YAAY,GAAG,GAAG,CAAC;IAEnB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;QAEvB,2EAA2E;QAC3E,8EAA8E;QAC9E,mEAAmE;QACnE,wDAAwD;QACxD,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YACjC,GAAG,EAAE,wGAAwG;YAC7G,IAAI,EAAE,CAAC,eAAe,CAAC;SACxB,CAAC,CAAC;QACH,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CACjC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAC3D,eAAe,CAChB,CAAC;YACF,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;gBACxB,KAAK,MAAM,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;oBACjC,MAAM,GAAG,GAAG,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;oBACxD,IACE,GAAG,KAAK,2BAA2B;wBACnC,GAAG,KAAK,wBAAwB,EAChC,CAAC;wBACD,SAAS;oBACX,CAAC;oBACD,MAAM,KAAK,GACT,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;oBAClE,YAAY,CAAC;wBACX,MAAM,EAAE,WAAW;wBACnB,IAAI,EAAE,QAAQ;wBACd,GAAG;wBACH,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBAC5B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,eAAe,GAAG,KAAK,CAAC;QAC1B,CAAC;QAED,wEAAwE;QACxE,kEAAkE;QAClE,yEAAyE;QACzE,0EAA0E;QAC1E,MAAM,cAAc,GAAG,MAAM,4BAA4B,CAAC,EAAE,CAAC,CAAC;QAC9D,IAAI,cAAc,GAAG,mBAAmB,EAAE,CAAC;YACzC,MAAM,kBAAkB,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;gBAC1C,GAAG,EAAE,mGAAmG;gBACxG,IAAI,EAAE,CAAC,wBAAwB,CAAC;aACjC,CAAC,CAAC;YACH,MAAM,oBAAoB,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CACzD,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,mBAAmB,CAC9D,CAAC;YACF,mBAAmB,CACjB,oBAAoB;iBACjB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;iBAChE,MAAM,CAAC,CAAC,MAAM,EAAgC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAC9D,CAAC;YACF,mBAAmB,GAAG,cAAc,CAAC;QACvC,CAAC;QAED,yEAAyE;QACzE,oEAAoE;QACpE,oEAAoE;QACpE,wEAAwE;QACxE,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YACrC,GAAG,EAAE,+DAA+D;YACpE,IAAI,EAAE,CAAC,kBAAkB,CAAC;SAC3B,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;QACpE,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAC/B,oBAAoB,GAAG,SAAS,CAAC;YACjC,yBAAyB,GAAG,IAAI,CAAC;QACnC,CAAC;aAAM,IAAI,SAAS,GAAG,oBAAoB,EAAE,CAAC;YAC5C,IAAI,KAAyB,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;gBACzC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;oBAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC/B,IAAI,OAAO,MAAM,EAAE,KAAK,KAAK,QAAQ;wBAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;gBAC9D,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;YACV,YAAY,CAAC;gBACX,MAAM,EAAE,gBAAgB;gBACxB,IAAI,EAAE,QAAQ;gBACd,GAAG,EAAE,kBAAkB;gBACvB,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5B,CAAC,CAAC;YACH,oBAAoB,GAAG,SAAS,CAAC;QACnC,CAAC;QAED,2EAA2E;QAC3E,wEAAwE;QACxE,oEAAoE;QACpE,gDAAgD;QAChD,MAAM,iBAAiB,GAAG,MAAM,+BAA+B,CAAC,EAAE,CAAC,CAAC;QACpE,IAAI,iBAAiB,GAAG,sBAAsB,EAAE,CAAC;YAC/C,MAAM,qBAAqB,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;gBAC7C,GAAG,EAAE,mGAAmG;gBACxG,IAAI,EAAE,CAAC,2BAA2B,CAAC;aACpC,CAAC,CAAC;YACH,MAAM,uBAAuB,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAC/D,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,sBAAsB,CACjE,CAAC;YACF,IAAI,sBAAsB,GAAG,CAAC,EAAE,CAAC;gBAC/B,sBAAsB,CACpB,uBAAuB;qBACpB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,0BAA0B,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;qBACnE,MAAM,CAAC,CAAC,MAAM,EAAmC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CACjE,CAAC;YACJ,CAAC;YACD,sBAAsB,GAAG,iBAAiB,CAAC;QAC7C,CAAC;QAED,qCAAqC;QACrC,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,UAAU,GAAG,eAAe,EAAE,CAAC;YACjC,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;gBACxB,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YACjE,CAAC;YACD,eAAe,GAAG,UAAU,CAAC;QAC/B,CAAC;QAED,2EAA2E;QAC3E,0EAA0E;QAC1E,wEAAwE;QACxE,MAAM,sBAAsB,GAAG,MAAM,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,YAAY,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;QAC5D,IAAI,YAAY,GAAG,iBAAiB,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,wBAAwB,CAAC;YACvC,MAAM,eAAe,GACnB,KAAK,KAAK,SAAS;gBACjB,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC;oBACf,GAAG,EAAE,2FAA2F;oBAChG,IAAI,EAAE,EAAE;iBACT,CAAC;gBACJ,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC;oBACf,GAAG,EAAE,gHAAgH;oBACrH,IAAI,EAAE,CAAC,KAAK,CAAC;iBACd,CAAC,CAAC;YACT,MAAM,oBAAoB,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CACtD,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,iBAAiB,CAC5D,CAAC;YACF,IAAI,iBAAiB,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,YAAY,GAAG,MAAM,2BAA2B,CACpD,EAAE,EACF,oBAAoB,CACrB,CAAC;gBACF,KAAK,MAAM,OAAO,IAAI,YAAY;oBAAE,sBAAsB,CAAC,OAAO,CAAC,CAAC;YACtE,CAAC;YACD,iBAAiB,GAAG,YAAY,CAAC;YACjC,wBAAwB,GAAG,iBAAiB,CAAC,sBAAsB,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB;IAC/B,iBAAiB,EAAE,CAAC;IACpB,OAAO,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACxC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;YACpB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;QACtC,CAAC;QACD,qEAAqE;QACrE,MAAM,iBAAiB,EAAE,CAAC;QAC1B,mDAAmD;QACnD,MAAM,sBAAsB,EAAE,CAAC;QAE/B,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QAC5D,OAAO,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["/**\n * Polling-based change notification.\n *\n * Replaces SSE with a simple version counter. Each DB mutation (app-state,\n * settings, resources) increments the version. Clients poll `/_agent-native/poll?since=N`\n * and receive any events that occurred after version N.\n *\n * Works in all deployment environments (serverless, edge, long-lived).\n *\n * Also detects cross-process DB writes by periodically checking the\n * application_state and settings tables' updated_at timestamps. This ensures\n * that changes made by external processes (e.g., CLI actions, cron jobs)\n * are picked up even though they don't call recordChange() in this process.\n */\n\nimport { EventEmitter } from \"node:events\";\nimport { defineEventHandler, getQuery, setResponseStatus } from \"h3\";\nimport {\n ACTION_CHANGE_MARKER_KEY,\n parseActionChangeMarker,\n type ActionChangeTarget,\n} from \"../action-change-marker.js\";\nimport { getAppStateEmitter } from \"../application-state/emitter.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport {\n EXTENSION_CHANGE_MARKER_KEY,\n parseExtensionChangeMarker,\n type ExtensionChangeTarget,\n} from \"../extensions/change-marker.js\";\nimport { getSettingsEmitter } from \"../settings/store.js\";\nimport { getSession } from \"./auth.js\";\n\nexport interface ChangeEvent {\n version: number;\n source: string;\n type: string;\n key?: string;\n /**\n * Owner email for tenant-scoped events. When absent, the event is treated\n * as deployment-global (e.g. table-level \"something changed\" pings) and\n * delivered to every authenticated poller. Specific events that should\n * only fan out to one user MUST set this — otherwise polling clients\n * across tenants see each other's signals.\n */\n owner?: string;\n /** Optional org ID for org-scoped events. */\n orgId?: string;\n [k: string]: unknown;\n}\n\n// In-memory ring buffer of recent changes. Kept small since clients\n// poll frequently (every 2-3s) and only need events since their last poll.\nconst MAX_BUFFER = 200;\nlet _version = 0;\nconst _buffer: ChangeEvent[] = [];\nexport const POLL_CHANGE_EVENT = \"poll-change\";\nconst _pollEmitter = new EventEmitter();\n_pollEmitter.setMaxListeners(0);\n\n/**\n * Whether we've seeded _version from the DB. In serverless (Netlify,\n * Vercel, etc.) each invocation starts fresh — without seeding, _version\n * resets to 0 and polling clients see the version jump backwards, causing\n * duplicate events and stuck UI.\n */\nlet _versionSeeded = false;\n\n/** Tracks the latest updated_at we've seen from the DB, per table. */\nlet _lastDbCheck = 0;\nlet _lastAppStateTs = 0;\nlet _lastSettingsTs = 0;\nlet _lastExtensionsTs = 0;\nlet _lastExtensionsUpdatedAt: string | number | undefined;\nlet _lastExtensionMarkerTs = 0;\nlet _lastActionMarkerTs = 0;\n\n/**\n * Tracks the latest updated_at seen on the `__screen_refresh__` key in\n * application_state. Bumped when the agent calls the `refresh-screen` tool,\n * and surfaced as a distinct `screen-refresh` event so clients can remount\n * the main content subtree via React key.\n *\n * `_screenRefreshInitialized` guards against spurious emits on the first\n * poll after a restart (where an existing row would look like a fresh bump).\n * Once we've taken a baseline reading, any subsequent increase emits.\n */\nlet _lastScreenRefreshTs = 0;\nlet _screenRefreshInitialized = false;\nconst SCREEN_REFRESH_KEY = \"__screen_refresh__\";\nlet _localEmittersWired = false;\n\nfunction wireLocalEmitters(): void {\n if (_localEmittersWired) return;\n _localEmittersWired = true;\n getAppStateEmitter().on(\"app-state\", (event) => {\n if (\n event.key === EXTENSION_CHANGE_MARKER_KEY ||\n event.key === ACTION_CHANGE_MARKER_KEY\n ) {\n return;\n }\n recordChange(event);\n });\n getSettingsEmitter().on(\"settings\", (event) => {\n recordChange(event);\n });\n}\n\nfunction timestampValue(value: unknown): number {\n if (typeof value === \"number\" && Number.isFinite(value)) return value;\n if (typeof value !== \"string\") return 0;\n const numeric = Number(value);\n if (Number.isFinite(numeric)) return numeric;\n const parsed = Date.parse(value);\n return Number.isFinite(parsed) ? parsed : 0;\n}\n\nfunction sqlWatermarkValue(value: unknown): string | number | undefined {\n if (typeof value === \"string\" && value.length > 0) return value;\n if (typeof value === \"number\" && Number.isFinite(value)) return value;\n return undefined;\n}\n\nasync function readMaxUpdatedAtRaw(\n db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n },\n table: \"application_state\" | \"settings\" | \"tools\",\n): Promise<unknown> {\n try {\n const result = await db.execute(\n `SELECT MAX(updated_at) as max_ts FROM ${table}`,\n );\n return result.rows[0]?.max_ts;\n } catch {\n // Optional framework tables may not exist in every app yet.\n return undefined;\n }\n}\n\nasync function readMaxUpdatedAt(\n db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n },\n table: \"application_state\" | \"settings\" | \"tools\",\n): Promise<number> {\n return timestampValue(await readMaxUpdatedAtRaw(db, table));\n}\n\nasync function readExtensionMarkerMaxUpdatedAt(db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n}): Promise<number> {\n try {\n const result = await db.execute({\n sql: \"SELECT MAX(updated_at) as max_ts FROM application_state WHERE key = ?\",\n args: [EXTENSION_CHANGE_MARKER_KEY],\n });\n return timestampValue(result.rows[0]?.max_ts);\n } catch {\n return 0;\n }\n}\n\nasync function readActionMarkerMaxUpdatedAt(db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n}): Promise<number> {\n try {\n const result = await db.execute({\n sql: \"SELECT MAX(updated_at) as max_ts FROM application_state WHERE key = ?\",\n args: [ACTION_CHANGE_MARKER_KEY],\n });\n return timestampValue(result.rows[0]?.max_ts);\n } catch {\n return 0;\n }\n}\n\n/** Get the current global version counter. */\nexport function getVersion(): number {\n return _version;\n}\n\nexport function getPollEmitter(): EventEmitter {\n return _pollEmitter;\n}\n\nexport function canSeeChangeForUser(\n event: ChangeEvent,\n userEmail: string,\n orgId: string | undefined,\n): boolean {\n // Global / unowned events: every authenticated user gets them.\n if (!event.owner && !event.orgId) return true;\n if (event.owner && event.owner === userEmail) return true;\n if (event.orgId && orgId && event.orgId === orgId) return true;\n return false;\n}\n\n/** Record a change event. Called by emitter listeners. */\nexport function recordChange(event: {\n source: string;\n type: string;\n key?: string;\n [k: string]: unknown;\n}): void {\n // Use timestamp-aligned versions so all serverless instances produce\n // values in the same range (seeded from DB, then incremented via\n // Date.now). Plain ++counter diverges across cold starts.\n _version = Math.max(_version + 1, Date.now());\n const entry: ChangeEvent = { ...event, version: _version };\n _buffer.push(entry);\n if (_buffer.length > MAX_BUFFER) {\n _buffer.splice(0, _buffer.length - MAX_BUFFER);\n }\n _pollEmitter.emit(POLL_CHANGE_EVENT, entry);\n}\n\nfunction extensionTargetKey(target: ExtensionChangeTarget): string | null {\n if (target.owner) return `owner:${target.owner}`;\n if (target.orgId) return `org:${target.orgId}`;\n return null;\n}\n\nfunction addExtensionTarget(\n targets: Map<string, ExtensionChangeTarget>,\n target: ExtensionChangeTarget,\n): void {\n const key = extensionTargetKey(target);\n if (key) targets.set(key, target);\n}\n\nfunction recordExtensionChanges(targets: ExtensionChangeTarget[]): void {\n const uniqueTargets = new Map<string, ExtensionChangeTarget>();\n for (const target of targets) addExtensionTarget(uniqueTargets, target);\n for (const target of uniqueTargets.values()) {\n recordChange({\n source: \"extensions\",\n type: \"change\",\n key: \"*\",\n ...(target.owner ? { owner: target.owner } : {}),\n ...(target.orgId ? { orgId: target.orgId } : {}),\n });\n }\n}\n\nfunction recordActionChanges(targets: ActionChangeTarget[]): void {\n for (const target of targets) {\n recordChange({\n source: \"action\",\n type: \"change\",\n key: target.actionName ?? \"*\",\n ...(target.owner ? { owner: target.owner } : {}),\n ...(target.orgId ? { orgId: target.orgId } : {}),\n });\n }\n}\n\nfunction extensionTargetsForRow(\n row: Record<string, unknown>,\n shareRows: Array<Record<string, unknown>>,\n): ExtensionChangeTarget[] {\n const targets = new Map<string, ExtensionChangeTarget>();\n const owner = typeof row.owner_email === \"string\" ? row.owner_email : \"\";\n const orgId = typeof row.org_id === \"string\" ? row.org_id : \"\";\n const visibility =\n typeof row.visibility === \"string\" ? row.visibility : \"private\";\n\n if (owner) addExtensionTarget(targets, { owner });\n if (visibility === \"org\" && orgId) addExtensionTarget(targets, { orgId });\n\n for (const share of shareRows) {\n const principalType =\n typeof share.principal_type === \"string\" ? share.principal_type : \"\";\n const principalId =\n typeof share.principal_id === \"string\" ? share.principal_id : \"\";\n if (principalType === \"user\" && principalId) {\n addExtensionTarget(targets, { owner: principalId });\n } else if (principalType === \"org\" && principalId) {\n addExtensionTarget(targets, { orgId: principalId });\n }\n }\n\n return Array.from(targets.values());\n}\n\nasync function readExtensionTargetsForRows(\n db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n },\n rows: Array<Record<string, unknown>>,\n): Promise<ExtensionChangeTarget[][]> {\n const ids = rows\n .map((row) => (typeof row.id === \"string\" ? row.id : \"\"))\n .filter(Boolean);\n const sharesByResourceId = new Map<string, Array<Record<string, unknown>>>();\n\n if (ids.length > 0) {\n try {\n const placeholders = ids.map(() => \"?\").join(\", \");\n const shareResult = await db.execute({\n sql: `SELECT resource_id, principal_type, principal_id FROM tool_shares WHERE resource_id IN (${placeholders})`,\n args: ids,\n });\n for (const share of shareResult.rows) {\n const resourceId =\n typeof share.resource_id === \"string\" ? share.resource_id : \"\";\n if (!resourceId) continue;\n const bucket = sharesByResourceId.get(resourceId) ?? [];\n bucket.push(share);\n sharesByResourceId.set(resourceId, bucket);\n }\n } catch {\n // Sharing tables are optional during early app initialization.\n }\n }\n\n return rows.map((row) =>\n extensionTargetsForRow(\n row,\n sharesByResourceId.get(typeof row.id === \"string\" ? row.id : \"\") ?? [],\n ),\n );\n}\n\n/** Get all changes after a given version. */\nexport function getChangesSince(since: number): {\n version: number;\n events: ChangeEvent[];\n} {\n if (since >= _version) {\n return { version: _version, events: [] };\n }\n const events = _buffer.filter((e) => e.version > since);\n return { version: _version, events };\n}\n\n/**\n * Get changes after a given version, filtered to events the caller is\n * allowed to see.\n *\n * Filtering rules:\n * - Events without an `owner` are deployment-global (table-level pings,\n * screen-refresh, etc.) and visible to every authenticated user.\n * - Events with `owner === userEmail` go to that user.\n * - Events with `orgId === orgId` go to anyone in that org.\n * - All other owned events are filtered out.\n */\nexport function getChangesSinceForUser(\n since: number,\n userEmail: string,\n orgId: string | undefined,\n): { version: number; events: ChangeEvent[] } {\n if (since >= _version) {\n return { version: _version, events: [] };\n }\n const events = _buffer.filter(\n (e) => e.version > since && canSeeChangeForUser(e, userEmail, orgId),\n );\n return { version: _version, events };\n}\n\n/**\n * Seed _version from DB timestamps on the first call so serverless\n * cold starts don't return version 0 and confuse polling clients.\n */\nasync function seedVersionFromDb(): Promise<void> {\n if (_versionSeeded) return;\n _versionSeeded = true;\n\n try {\n const db = getDbExec();\n\n const [\n appTs,\n settingsTs,\n extensionsMaxUpdatedAt,\n extensionMarkerTs,\n actionMarkerTs,\n refreshResult,\n ] = await Promise.all([\n readMaxUpdatedAt(db, \"application_state\"),\n readMaxUpdatedAt(db, \"settings\"),\n readMaxUpdatedAtRaw(db, \"tools\"),\n readExtensionMarkerMaxUpdatedAt(db),\n readActionMarkerMaxUpdatedAt(db),\n db\n .execute({\n sql: \"SELECT updated_at FROM application_state WHERE key = ?\",\n args: [SCREEN_REFRESH_KEY],\n })\n .catch(() => ({ rows: [] })),\n ]);\n\n const extensionsTs = timestampValue(extensionsMaxUpdatedAt);\n const refreshTs = timestampValue(refreshResult.rows[0]?.updated_at);\n\n // Seed version — never decrease an already-set value\n _version = Math.max(\n _version,\n appTs,\n settingsTs,\n extensionsTs,\n extensionMarkerTs,\n actionMarkerTs,\n );\n\n // Set baselines so checkExternalDbChanges detects future writes\n _lastAppStateTs = appTs;\n _lastSettingsTs = settingsTs;\n _lastExtensionsTs = extensionsTs;\n _lastExtensionsUpdatedAt = sqlWatermarkValue(extensionsMaxUpdatedAt);\n _lastExtensionMarkerTs = extensionMarkerTs;\n // Action markers are durable specifically so a web server can observe work\n // performed by a separate action process. Do not baseline past an existing\n // marker on cold start, or the first poll after the action will miss it.\n _lastActionMarkerTs = 0;\n _lastScreenRefreshTs = refreshTs;\n _screenRefreshInitialized = true;\n } catch {\n // Tables may not exist yet — ignore\n }\n}\n\n/**\n * Check for cross-process DB writes by comparing updated_at timestamps.\n * Runs at most once per second to avoid excessive queries.\n */\nasync function checkExternalDbChanges(): Promise<void> {\n const now = Date.now();\n if (now - _lastDbCheck < 1000) return;\n _lastDbCheck = now;\n\n try {\n const db = getDbExec();\n\n // Check application_state for external writes. Preserve the changed key so\n // clients can invalidate one-shot command queries (`navigate`, `__set_url__`)\n // only when those command rows actually change; noisy keys such as\n // `slide-fit-check` should not wake navigation readers.\n const appResult = await db.execute({\n sql: \"SELECT session_id, key, updated_at FROM application_state WHERE updated_at > ? ORDER BY updated_at ASC\",\n args: [_lastAppStateTs],\n });\n if (appResult.rows.length > 0) {\n const appTs = appResult.rows.reduce(\n (max, row) => Math.max(max, timestampValue(row.updated_at)),\n _lastAppStateTs,\n );\n if (_lastAppStateTs > 0) {\n for (const row of appResult.rows) {\n const key = typeof row.key === \"string\" ? row.key : \"*\";\n if (\n key === EXTENSION_CHANGE_MARKER_KEY ||\n key === ACTION_CHANGE_MARKER_KEY\n ) {\n continue;\n }\n const owner =\n typeof row.session_id === \"string\" ? row.session_id : undefined;\n recordChange({\n source: \"app-state\",\n type: \"change\",\n key,\n ...(owner ? { owner } : {}),\n });\n }\n }\n _lastAppStateTs = appTs;\n }\n\n // Mutating actions write a durable marker in addition to the in-process\n // event. This lets dev-mode `pnpm action ...` child processes and\n // serverless action invocations wake the web server's SSE/poll loop as a\n // first-class source:\"action\" event rather than a generic app-state bump.\n const actionMarkerTs = await readActionMarkerMaxUpdatedAt(db);\n if (actionMarkerTs > _lastActionMarkerTs) {\n const actionMarkerResult = await db.execute({\n sql: \"SELECT session_id, value, updated_at FROM application_state WHERE key = ? ORDER BY updated_at ASC\",\n args: [ACTION_CHANGE_MARKER_KEY],\n });\n const changedActionMarkers = actionMarkerResult.rows.filter(\n (row) => timestampValue(row.updated_at) > _lastActionMarkerTs,\n );\n recordActionChanges(\n changedActionMarkers\n .map((row) => parseActionChangeMarker(row.session_id, row.value))\n .filter((target): target is ActionChangeTarget => !!target),\n );\n _lastActionMarkerTs = actionMarkerTs;\n }\n\n // Check for screen-refresh requests from the agent. The `refresh-screen`\n // tool writes to application_state under a well-known key; when its\n // updated_at bumps, emit a distinct event so the client invalidates\n // all queries (not just the ones matching its default queryKey prefix).\n const refreshResult = await db.execute({\n sql: \"SELECT updated_at, value FROM application_state WHERE key = ?\",\n args: [SCREEN_REFRESH_KEY],\n });\n const refreshTs = timestampValue(refreshResult.rows[0]?.updated_at);\n if (!_screenRefreshInitialized) {\n _lastScreenRefreshTs = refreshTs;\n _screenRefreshInitialized = true;\n } else if (refreshTs > _lastScreenRefreshTs) {\n let scope: string | undefined;\n try {\n const raw = refreshResult.rows[0]?.value;\n if (typeof raw === \"string\") {\n const parsed = JSON.parse(raw);\n if (typeof parsed?.scope === \"string\") scope = parsed.scope;\n }\n } catch {}\n recordChange({\n source: \"screen-refresh\",\n type: \"change\",\n key: SCREEN_REFRESH_KEY,\n ...(scope ? { scope } : {}),\n });\n _lastScreenRefreshTs = refreshTs;\n }\n\n // Extension mutations write a durable marker row so delete and hide/unhide\n // operations are visible across serverless invocations. Translate those\n // marker rows back into extension-source events for targeted client\n // invalidation while preserving user/org scope.\n const extensionMarkerTs = await readExtensionMarkerMaxUpdatedAt(db);\n if (extensionMarkerTs > _lastExtensionMarkerTs) {\n const extensionMarkerResult = await db.execute({\n sql: \"SELECT session_id, value, updated_at FROM application_state WHERE key = ? ORDER BY updated_at ASC\",\n args: [EXTENSION_CHANGE_MARKER_KEY],\n });\n const changedExtensionMarkers = extensionMarkerResult.rows.filter(\n (row) => timestampValue(row.updated_at) > _lastExtensionMarkerTs,\n );\n if (_lastExtensionMarkerTs > 0) {\n recordExtensionChanges(\n changedExtensionMarkers\n .map((row) => parseExtensionChangeMarker(row.session_id, row.value))\n .filter((target): target is ExtensionChangeTarget => !!target),\n );\n }\n _lastExtensionMarkerTs = extensionMarkerTs;\n }\n\n // Check settings for external writes\n const settingsTs = await readMaxUpdatedAt(db, \"settings\");\n if (settingsTs > _lastSettingsTs) {\n if (_lastSettingsTs > 0) {\n recordChange({ source: \"settings\", type: \"change\", key: \"*\" });\n }\n _lastSettingsTs = settingsTs;\n }\n\n // Extension rows live in the legacy physical `tools` table. Keep this as a\n // compatibility fallback for direct table writes, but scope events to the\n // resource owner/share targets instead of broadcasting deployment-wide.\n const extensionsMaxUpdatedAt = await readMaxUpdatedAtRaw(db, \"tools\");\n const extensionsTs = timestampValue(extensionsMaxUpdatedAt);\n if (extensionsTs > _lastExtensionsTs) {\n const since = _lastExtensionsUpdatedAt;\n const extensionResult =\n since === undefined\n ? await db.execute({\n sql: \"SELECT id, owner_email, org_id, visibility, updated_at FROM tools ORDER BY updated_at ASC\",\n args: [],\n })\n : await db.execute({\n sql: \"SELECT id, owner_email, org_id, visibility, updated_at FROM tools WHERE updated_at > ? ORDER BY updated_at ASC\",\n args: [since],\n });\n const changedExtensionRows = extensionResult.rows.filter(\n (row) => timestampValue(row.updated_at) > _lastExtensionsTs,\n );\n if (_lastExtensionsTs > 0) {\n const targetsByRow = await readExtensionTargetsForRows(\n db,\n changedExtensionRows,\n );\n for (const targets of targetsByRow) recordExtensionChanges(targets);\n }\n _lastExtensionsTs = extensionsTs;\n _lastExtensionsUpdatedAt = sqlWatermarkValue(extensionsMaxUpdatedAt);\n }\n } catch {\n // Tables may not exist yet — ignore\n }\n}\n\n/**\n * Create an H3 handler for the poll endpoint.\n *\n * GET /_agent-native/poll?since=N → { version, events[] }\n *\n * Requires an authenticated session. Events are filtered to the caller's\n * tenant — global events (owner-less, table-level pings) reach every\n * authenticated caller; owned events reach only the matching user/org.\n * Without auth + filtering, an anonymous attacker could poll the deployment\n * and infer cross-tenant activity from the global event stream.\n */\nexport function createPollHandler() {\n wireLocalEmitters();\n return defineEventHandler(async (event) => {\n const session = await getSession(event).catch(() => null);\n if (!session?.email) {\n setResponseStatus(event, 401);\n return { error: \"Unauthenticated\" };\n }\n // On cold start, seed _version from DB so we don't return version: 0\n await seedVersionFromDb();\n // Check for cross-process writes before responding\n await checkExternalDbChanges();\n\n const query = getQuery(event);\n const since = parseInt(String(query.since ?? \"0\"), 10) || 0;\n return getChangesSinceForUser(since, session.email, session.orgId);\n });\n}\n"]}
1
+ {"version":3,"file":"poll.js","sourceRoot":"","sources":["../../src/server/poll.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,kBAAkB,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAC;AACrE,OAAO,EACL,wBAAwB,EACxB,uBAAuB,GAExB,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EACL,2BAA2B,EAC3B,0BAA0B,GAE3B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAoBvC,oEAAoE;AACpE,2EAA2E;AAC3E,MAAM,UAAU,GAAG,GAAG,CAAC;AACvB,IAAI,QAAQ,GAAG,CAAC,CAAC;AACjB,MAAM,OAAO,GAAkB,EAAE,CAAC;AAClC,MAAM,CAAC,MAAM,iBAAiB,GAAG,aAAa,CAAC;AAC/C,MAAM,YAAY,GAAG,IAAI,YAAY,EAAE,CAAC;AACxC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;AAEhC;;;;;GAKG;AACH,IAAI,cAAc,GAAG,KAAK,CAAC;AAE3B,sEAAsE;AACtE,IAAI,YAAY,GAAG,CAAC,CAAC;AACrB,IAAI,eAAe,GAAG,CAAC,CAAC;AACxB,IAAI,eAAe,GAAG,CAAC,CAAC;AACxB,IAAI,iBAAiB,GAAG,CAAC,CAAC;AAC1B,IAAI,wBAAqD,CAAC;AAC1D,IAAI,sBAAsB,GAAG,CAAC,CAAC;AAC/B,IAAI,mBAAmB,GAAG,CAAC,CAAC;AAE5B;;;;;;;;;GASG;AACH,IAAI,oBAAoB,GAAG,CAAC,CAAC;AAC7B,IAAI,yBAAyB,GAAG,KAAK,CAAC;AACtC,4EAA4E;AAC5E,8EAA8E;AAC9E,kEAAkE;AAClE,MAAM,6BAA6B,GAAG,IAAI,GAAG,EAAkB,CAAC;AAChE,MAAM,kBAAkB,GAAG,oBAAoB,CAAC;AAChD,IAAI,mBAAmB,GAAG,KAAK,CAAC;AAEhC,SAAS,iBAAiB;IACxB,IAAI,mBAAmB;QAAE,OAAO;IAChC,mBAAmB,GAAG,IAAI,CAAC;IAC3B,kBAAkB,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,EAAE;QAC7C,IACE,KAAK,CAAC,GAAG,KAAK,2BAA2B;YACzC,KAAK,CAAC,GAAG,KAAK,wBAAwB,EACtC,CAAC;YACD,OAAO;QACT,CAAC;QACD,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;IACH,kBAAkB,EAAE,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC,KAAK,EAAE,EAAE;QAC5C,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9B,IAAI,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAChE,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,EAIC,EACD,KAAiD;IAEjD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,CAC7B,yCAAyC,KAAK,EAAE,CACjD,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,4DAA4D;QAC5D,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,EAIC,EACD,KAAiD;IAEjD,OAAO,cAAc,CAAC,MAAM,mBAAmB,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,+BAA+B,CAAC,EAI9C;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAC9B,GAAG,EAAE,uEAAuE;YAC5E,IAAI,EAAE,CAAC,2BAA2B,CAAC;SACpC,CAAC,CAAC;QACH,OAAO,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,KAAK,UAAU,4BAA4B,CAAC,EAI3C;IACC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAC9B,GAAG,EAAE,uEAAuE;YAC5E,IAAI,EAAE,CAAC,wBAAwB,CAAC;SACjC,CAAC,CAAC;QACH,OAAO,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,8CAA8C;AAC9C,MAAM,UAAU,UAAU;IACxB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,cAAc;IAC5B,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,KAAkB,EAClB,SAAiB,EACjB,KAAyB;IAEzB,+DAA+D;IAC/D,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAC9C,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC1D,IAAI,KAAK,CAAC,KAAK,IAAI,KAAK,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK;QAAE,OAAO,IAAI,CAAC;IAC/D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,0DAA0D;AAC1D,MAAM,UAAU,YAAY,CAAC,KAK5B;IACC,qEAAqE;IACrE,iEAAiE;IACjE,0DAA0D;IAC1D,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAC9C,MAAM,KAAK,GAAgB,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IAC3D,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACpB,IAAI,OAAO,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QAChC,OAAO,CAAC,MAAM,CAAC,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC;IACjD,CAAC;IACD,YAAY,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,kBAAkB,CAAC,MAA6B;IACvD,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,SAAS,MAAM,CAAC,KAAK,EAAE,CAAC;IACjD,IAAI,MAAM,CAAC,KAAK;QAAE,OAAO,OAAO,MAAM,CAAC,KAAK,EAAE,CAAC;IAC/C,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CACzB,OAA2C,EAC3C,MAA6B;IAE7B,MAAM,GAAG,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACvC,IAAI,GAAG;QAAE,OAAO,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAgC;IAC9D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAiC,CAAC;IAC/D,KAAK,MAAM,MAAM,IAAI,OAAO;QAAE,kBAAkB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;IACxE,KAAK,MAAM,MAAM,IAAI,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;QAC5C,YAAY,CAAC;YACX,MAAM,EAAE,YAAY;YACpB,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,GAAG;YACR,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjD,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAAC,OAA6B;IACxD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,YAAY,CAAC;YACX,MAAM,EAAE,QAAQ;YAChB,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,MAAM,CAAC,UAAU,IAAI,GAAG;YAC7B,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChD,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjD,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,SAAS,sBAAsB,CAC7B,GAA4B,EAC5B,SAAyC;IAEzC,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiC,CAAC;IACzD,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;IACzE,MAAM,KAAK,GAAG,OAAO,GAAG,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;IAC/D,MAAM,UAAU,GACd,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;IAElE,IAAI,KAAK;QAAE,kBAAkB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAClD,IAAI,UAAU,KAAK,KAAK,IAAI,KAAK;QAAE,kBAAkB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;IAE1E,KAAK,MAAM,KAAK,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,aAAa,GACjB,OAAO,KAAK,CAAC,cAAc,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,CAAC;QACvE,MAAM,WAAW,GACf,OAAO,KAAK,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;QACnE,IAAI,aAAa,KAAK,MAAM,IAAI,WAAW,EAAE,CAAC;YAC5C,kBAAkB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACtD,CAAC;aAAM,IAAI,aAAa,KAAK,KAAK,IAAI,WAAW,EAAE,CAAC;YAClD,kBAAkB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,2BAA2B,CACxC,EAIC,EACD,IAAoC;IAEpC,MAAM,GAAG,GAAG,IAAI;SACb,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;SACxD,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAA0C,CAAC;IAE7E,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnD,MAAM,WAAW,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;gBACnC,GAAG,EAAE,2FAA2F,YAAY,GAAG;gBAC/G,IAAI,EAAE,GAAG;aACV,CAAC,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,EAAE,CAAC;gBACrC,MAAM,UAAU,GACd,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjE,IAAI,CAAC,UAAU;oBAAE,SAAS;gBAC1B,MAAM,MAAM,GAAG,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;gBACxD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACnB,kBAAkB,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+DAA+D;QACjE,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CACtB,sBAAsB,CACpB,GAAG,EACH,kBAAkB,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,EAAE,CACvE,CACF,CAAC;AACJ,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,eAAe,CAAC,KAAa;IAI3C,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC3C,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,KAAK,CAAC,CAAC;IACxD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB,CACpC,KAAa,EACb,SAAiB,EACjB,KAAyB;IAEzB,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;QACtB,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC3C,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAC3B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,KAAK,IAAI,mBAAmB,CAAC,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CACrE,CAAC;IACF,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;AACvC,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,iBAAiB;IAC9B,IAAI,cAAc;QAAE,OAAO;IAC3B,cAAc,GAAG,IAAI,CAAC;IAEtB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;QAEvB,MAAM,CACJ,KAAK,EACL,UAAU,EACV,sBAAsB,EACtB,iBAAiB,EACjB,cAAc,EACd,aAAa,EACd,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YACpB,gBAAgB,CAAC,EAAE,EAAE,mBAAmB,CAAC;YACzC,gBAAgB,CAAC,EAAE,EAAE,UAAU,CAAC;YAChC,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC;YAChC,+BAA+B,CAAC,EAAE,CAAC;YACnC,4BAA4B,CAAC,EAAE,CAAC;YAChC,EAAE;iBACC,OAAO,CAAC;gBACP,GAAG,EAAE,oEAAoE;gBACzE,IAAI,EAAE,CAAC,kBAAkB,CAAC;aAC3B,CAAC;iBACD,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,EAA+B,EAAE,CAAC,CAAC;SAC5D,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;QAC5D,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC;YACrC,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC;QAClE,CAAC;QAED,qDAAqD;QACrD,QAAQ,GAAG,IAAI,CAAC,GAAG,CACjB,QAAQ,EACR,KAAK,EACL,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,cAAc,CACf,CAAC;QAEF,gEAAgE;QAChE,eAAe,GAAG,KAAK,CAAC;QACxB,eAAe,GAAG,UAAU,CAAC;QAC7B,iBAAiB,GAAG,YAAY,CAAC;QACjC,wBAAwB,GAAG,iBAAiB,CAAC,sBAAsB,CAAC,CAAC;QACrE,sBAAsB,GAAG,iBAAiB,CAAC;QAC3C,2EAA2E;QAC3E,2EAA2E;QAC3E,yEAAyE;QACzE,mBAAmB,GAAG,CAAC,CAAC;QACxB,oBAAoB,GAAG,SAAS,CAAC;QACjC,6BAA6B,CAAC,KAAK,EAAE,CAAC;QACtC,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC;YACrC,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;gBACvC,6BAA6B,CAAC,GAAG,CAC/B,GAAG,CAAC,UAAU,EACd,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAC/B,CAAC;YACJ,CAAC;QACH,CAAC;QACD,yBAAyB,GAAG,IAAI,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,GAAG,GAAG,YAAY,GAAG,IAAI;QAAE,OAAO;IACtC,YAAY,GAAG,GAAG,CAAC;IAEnB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;QAEvB,2EAA2E;QAC3E,8EAA8E;QAC9E,mEAAmE;QACnE,wDAAwD;QACxD,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YACjC,GAAG,EAAE,wGAAwG;YAC7G,IAAI,EAAE,CAAC,eAAe,CAAC;SACxB,CAAC,CAAC;QACH,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,MAAM,CACjC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAC3D,eAAe,CAChB,CAAC;YACF,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;gBACxB,KAAK,MAAM,GAAG,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;oBACjC,MAAM,GAAG,GAAG,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;oBACxD,IACE,GAAG,KAAK,2BAA2B;wBACnC,GAAG,KAAK,wBAAwB,EAChC,CAAC;wBACD,SAAS;oBACX,CAAC;oBACD,MAAM,KAAK,GACT,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;oBAClE,YAAY,CAAC;wBACX,MAAM,EAAE,WAAW;wBACnB,IAAI,EAAE,QAAQ;wBACd,GAAG;wBACH,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;qBAC5B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,eAAe,GAAG,KAAK,CAAC;QAC1B,CAAC;QAED,wEAAwE;QACxE,kEAAkE;QAClE,yEAAyE;QACzE,0EAA0E;QAC1E,MAAM,cAAc,GAAG,MAAM,4BAA4B,CAAC,EAAE,CAAC,CAAC;QAC9D,IAAI,cAAc,GAAG,mBAAmB,EAAE,CAAC;YACzC,MAAM,kBAAkB,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;gBAC1C,GAAG,EAAE,mGAAmG;gBACxG,IAAI,EAAE,CAAC,wBAAwB,CAAC;aACjC,CAAC,CAAC;YACH,MAAM,oBAAoB,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CACzD,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,mBAAmB,CAC9D,CAAC;YACF,mBAAmB,CACjB,oBAAoB;iBACjB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,uBAAuB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;iBAChE,MAAM,CAAC,CAAC,MAAM,EAAgC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAC9D,CAAC;YACF,mBAAmB,GAAG,cAAc,CAAC;QACvC,CAAC;QAED,yEAAyE;QACzE,oEAAoE;QACpE,oEAAoE;QACpE,wEAAwE;QACxE,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YACrC,GAAG,EAAE,2EAA2E;YAChF,IAAI,EAAE,CAAC,kBAAkB,CAAC;SAC3B,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CACzC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,EAC3D,CAAC,CACF,CAAC;QACF,IAAI,CAAC,yBAAyB,EAAE,CAAC;YAC/B,oBAAoB,GAAG,SAAS,CAAC;YACjC,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC;gBACrC,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,EAAE,CAAC;oBACvC,6BAA6B,CAAC,GAAG,CAC/B,GAAG,CAAC,UAAU,EACd,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAC/B,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,yBAAyB,GAAG,IAAI,CAAC;QACnC,CAAC;aAAM,IAAI,SAAS,GAAG,oBAAoB,EAAE,CAAC;YAC5C,mEAAmE;YACnE,wEAAwE;YACxE,iDAAiD;YACjD,KAAK,MAAM,GAAG,IAAI,aAAa,CAAC,IAAI,EAAE,CAAC;gBACrC,MAAM,KAAK,GACT,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;gBAClE,IAAI,CAAC,KAAK;oBAAE,SAAS;gBACrB,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBAC7C,IAAI,KAAK,IAAI,CAAC,6BAA6B,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;oBAAE,SAAS;gBACvE,IAAI,KAAyB,CAAC;gBAC9B,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC;oBACtB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;wBAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;wBAC/B,IAAI,OAAO,MAAM,EAAE,KAAK,KAAK,QAAQ;4BAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;oBAC9D,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;gBACV,YAAY,CAAC;oBACX,MAAM,EAAE,gBAAgB;oBACxB,IAAI,EAAE,QAAQ;oBACd,GAAG,EAAE,kBAAkB;oBACvB,KAAK;oBACL,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC5B,CAAC,CAAC;gBACH,6BAA6B,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAClD,CAAC;YACD,oBAAoB,GAAG,SAAS,CAAC;QACnC,CAAC;QAED,2EAA2E;QAC3E,wEAAwE;QACxE,oEAAoE;QACpE,gDAAgD;QAChD,MAAM,iBAAiB,GAAG,MAAM,+BAA+B,CAAC,EAAE,CAAC,CAAC;QACpE,IAAI,iBAAiB,GAAG,sBAAsB,EAAE,CAAC;YAC/C,MAAM,qBAAqB,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;gBAC7C,GAAG,EAAE,mGAAmG;gBACxG,IAAI,EAAE,CAAC,2BAA2B,CAAC;aACpC,CAAC,CAAC;YACH,MAAM,uBAAuB,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAC/D,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,sBAAsB,CACjE,CAAC;YACF,IAAI,sBAAsB,GAAG,CAAC,EAAE,CAAC;gBAC/B,sBAAsB,CACpB,uBAAuB;qBACpB,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,0BAA0B,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;qBACnE,MAAM,CAAC,CAAC,MAAM,EAAmC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CACjE,CAAC;YACJ,CAAC;YACD,sBAAsB,GAAG,iBAAiB,CAAC;QAC7C,CAAC;QAED,qCAAqC;QACrC,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QAC1D,IAAI,UAAU,GAAG,eAAe,EAAE,CAAC;YACjC,IAAI,eAAe,GAAG,CAAC,EAAE,CAAC;gBACxB,YAAY,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YACjE,CAAC;YACD,eAAe,GAAG,UAAU,CAAC;QAC/B,CAAC;QAED,2EAA2E;QAC3E,0EAA0E;QAC1E,wEAAwE;QACxE,MAAM,sBAAsB,GAAG,MAAM,mBAAmB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACtE,MAAM,YAAY,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;QAC5D,IAAI,YAAY,GAAG,iBAAiB,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,wBAAwB,CAAC;YACvC,MAAM,eAAe,GACnB,KAAK,KAAK,SAAS;gBACjB,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC;oBACf,GAAG,EAAE,2FAA2F;oBAChG,IAAI,EAAE,EAAE;iBACT,CAAC;gBACJ,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC;oBACf,GAAG,EAAE,gHAAgH;oBACrH,IAAI,EAAE,CAAC,KAAK,CAAC;iBACd,CAAC,CAAC;YACT,MAAM,oBAAoB,GAAG,eAAe,CAAC,IAAI,CAAC,MAAM,CACtD,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,iBAAiB,CAC5D,CAAC;YACF,IAAI,iBAAiB,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,YAAY,GAAG,MAAM,2BAA2B,CACpD,EAAE,EACF,oBAAoB,CACrB,CAAC;gBACF,KAAK,MAAM,OAAO,IAAI,YAAY;oBAAE,sBAAsB,CAAC,OAAO,CAAC,CAAC;YACtE,CAAC;YACD,iBAAiB,GAAG,YAAY,CAAC;YACjC,wBAAwB,GAAG,iBAAiB,CAAC,sBAAsB,CAAC,CAAC;QACvE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;IACtC,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,iBAAiB;IAC/B,iBAAiB,EAAE,CAAC;IACpB,OAAO,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACxC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;YACpB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;QACtC,CAAC;QACD,qEAAqE;QACrE,MAAM,iBAAiB,EAAE,CAAC;QAC1B,mDAAmD;QACnD,MAAM,sBAAsB,EAAE,CAAC;QAE/B,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QAC5D,OAAO,sBAAsB,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["/**\n * Polling-based change notification.\n *\n * Replaces SSE with a simple version counter. Each DB mutation (app-state,\n * settings, resources) increments the version. Clients poll `/_agent-native/poll?since=N`\n * and receive any events that occurred after version N.\n *\n * Works in all deployment environments (serverless, edge, long-lived).\n *\n * Also detects cross-process DB writes by periodically checking the\n * application_state and settings tables' updated_at timestamps. This ensures\n * that changes made by external processes (e.g., CLI actions, cron jobs)\n * are picked up even though they don't call recordChange() in this process.\n */\n\nimport { EventEmitter } from \"node:events\";\nimport { defineEventHandler, getQuery, setResponseStatus } from \"h3\";\nimport {\n ACTION_CHANGE_MARKER_KEY,\n parseActionChangeMarker,\n type ActionChangeTarget,\n} from \"../action-change-marker.js\";\nimport { getAppStateEmitter } from \"../application-state/emitter.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport {\n EXTENSION_CHANGE_MARKER_KEY,\n parseExtensionChangeMarker,\n type ExtensionChangeTarget,\n} from \"../extensions/change-marker.js\";\nimport { getSettingsEmitter } from \"../settings/store.js\";\nimport { getSession } from \"./auth.js\";\n\nexport interface ChangeEvent {\n version: number;\n source: string;\n type: string;\n key?: string;\n /**\n * Owner email for tenant-scoped events. When absent, the event is treated\n * as deployment-global (e.g. table-level \"something changed\" pings) and\n * delivered to every authenticated poller. Specific events that should\n * only fan out to one user MUST set this — otherwise polling clients\n * across tenants see each other's signals.\n */\n owner?: string;\n /** Optional org ID for org-scoped events. */\n orgId?: string;\n [k: string]: unknown;\n}\n\n// In-memory ring buffer of recent changes. Kept small since clients\n// poll frequently (every 2-3s) and only need events since their last poll.\nconst MAX_BUFFER = 200;\nlet _version = 0;\nconst _buffer: ChangeEvent[] = [];\nexport const POLL_CHANGE_EVENT = \"poll-change\";\nconst _pollEmitter = new EventEmitter();\n_pollEmitter.setMaxListeners(0);\n\n/**\n * Whether we've seeded _version from the DB. In serverless (Netlify,\n * Vercel, etc.) each invocation starts fresh — without seeding, _version\n * resets to 0 and polling clients see the version jump backwards, causing\n * duplicate events and stuck UI.\n */\nlet _versionSeeded = false;\n\n/** Tracks the latest updated_at we've seen from the DB, per table. */\nlet _lastDbCheck = 0;\nlet _lastAppStateTs = 0;\nlet _lastSettingsTs = 0;\nlet _lastExtensionsTs = 0;\nlet _lastExtensionsUpdatedAt: string | number | undefined;\nlet _lastExtensionMarkerTs = 0;\nlet _lastActionMarkerTs = 0;\n\n/**\n * Tracks the latest updated_at seen on the `__screen_refresh__` key in\n * application_state. Bumped when the agent calls the `refresh-screen` tool,\n * and surfaced as a distinct `screen-refresh` event so clients can remount\n * the main content subtree via React key.\n *\n * `_screenRefreshInitialized` guards against spurious emits on the first\n * poll after a restart (where an existing row would look like a fresh bump).\n * Once we've taken a baseline reading, any subsequent increase emits.\n */\nlet _lastScreenRefreshTs = 0;\nlet _screenRefreshInitialized = false;\n// Per-session high-water marks for `__screen_refresh__`. Each user's row is\n// tracked independently so a refresh triggered by one user only remounts that\n// user's screen (owner-scoped), never every authenticated poller.\nconst _lastScreenRefreshTsBySession = new Map<string, number>();\nconst SCREEN_REFRESH_KEY = \"__screen_refresh__\";\nlet _localEmittersWired = false;\n\nfunction wireLocalEmitters(): void {\n if (_localEmittersWired) return;\n _localEmittersWired = true;\n getAppStateEmitter().on(\"app-state\", (event) => {\n if (\n event.key === EXTENSION_CHANGE_MARKER_KEY ||\n event.key === ACTION_CHANGE_MARKER_KEY\n ) {\n return;\n }\n recordChange(event);\n });\n getSettingsEmitter().on(\"settings\", (event) => {\n recordChange(event);\n });\n}\n\nfunction timestampValue(value: unknown): number {\n if (typeof value === \"number\" && Number.isFinite(value)) return value;\n if (typeof value !== \"string\") return 0;\n const numeric = Number(value);\n if (Number.isFinite(numeric)) return numeric;\n const parsed = Date.parse(value);\n return Number.isFinite(parsed) ? parsed : 0;\n}\n\nfunction sqlWatermarkValue(value: unknown): string | number | undefined {\n if (typeof value === \"string\" && value.length > 0) return value;\n if (typeof value === \"number\" && Number.isFinite(value)) return value;\n return undefined;\n}\n\nasync function readMaxUpdatedAtRaw(\n db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n },\n table: \"application_state\" | \"settings\" | \"tools\",\n): Promise<unknown> {\n try {\n const result = await db.execute(\n `SELECT MAX(updated_at) as max_ts FROM ${table}`,\n );\n return result.rows[0]?.max_ts;\n } catch {\n // Optional framework tables may not exist in every app yet.\n return undefined;\n }\n}\n\nasync function readMaxUpdatedAt(\n db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n },\n table: \"application_state\" | \"settings\" | \"tools\",\n): Promise<number> {\n return timestampValue(await readMaxUpdatedAtRaw(db, table));\n}\n\nasync function readExtensionMarkerMaxUpdatedAt(db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n}): Promise<number> {\n try {\n const result = await db.execute({\n sql: \"SELECT MAX(updated_at) as max_ts FROM application_state WHERE key = ?\",\n args: [EXTENSION_CHANGE_MARKER_KEY],\n });\n return timestampValue(result.rows[0]?.max_ts);\n } catch {\n return 0;\n }\n}\n\nasync function readActionMarkerMaxUpdatedAt(db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n}): Promise<number> {\n try {\n const result = await db.execute({\n sql: \"SELECT MAX(updated_at) as max_ts FROM application_state WHERE key = ?\",\n args: [ACTION_CHANGE_MARKER_KEY],\n });\n return timestampValue(result.rows[0]?.max_ts);\n } catch {\n return 0;\n }\n}\n\n/** Get the current global version counter. */\nexport function getVersion(): number {\n return _version;\n}\n\nexport function getPollEmitter(): EventEmitter {\n return _pollEmitter;\n}\n\nexport function canSeeChangeForUser(\n event: ChangeEvent,\n userEmail: string,\n orgId: string | undefined,\n): boolean {\n // Global / unowned events: every authenticated user gets them.\n if (!event.owner && !event.orgId) return true;\n if (event.owner && event.owner === userEmail) return true;\n if (event.orgId && orgId && event.orgId === orgId) return true;\n return false;\n}\n\n/** Record a change event. Called by emitter listeners. */\nexport function recordChange(event: {\n source: string;\n type: string;\n key?: string;\n [k: string]: unknown;\n}): void {\n // Use timestamp-aligned versions so all serverless instances produce\n // values in the same range (seeded from DB, then incremented via\n // Date.now). Plain ++counter diverges across cold starts.\n _version = Math.max(_version + 1, Date.now());\n const entry: ChangeEvent = { ...event, version: _version };\n _buffer.push(entry);\n if (_buffer.length > MAX_BUFFER) {\n _buffer.splice(0, _buffer.length - MAX_BUFFER);\n }\n _pollEmitter.emit(POLL_CHANGE_EVENT, entry);\n}\n\nfunction extensionTargetKey(target: ExtensionChangeTarget): string | null {\n if (target.owner) return `owner:${target.owner}`;\n if (target.orgId) return `org:${target.orgId}`;\n return null;\n}\n\nfunction addExtensionTarget(\n targets: Map<string, ExtensionChangeTarget>,\n target: ExtensionChangeTarget,\n): void {\n const key = extensionTargetKey(target);\n if (key) targets.set(key, target);\n}\n\nfunction recordExtensionChanges(targets: ExtensionChangeTarget[]): void {\n const uniqueTargets = new Map<string, ExtensionChangeTarget>();\n for (const target of targets) addExtensionTarget(uniqueTargets, target);\n for (const target of uniqueTargets.values()) {\n recordChange({\n source: \"extensions\",\n type: \"change\",\n key: \"*\",\n ...(target.owner ? { owner: target.owner } : {}),\n ...(target.orgId ? { orgId: target.orgId } : {}),\n });\n }\n}\n\nfunction recordActionChanges(targets: ActionChangeTarget[]): void {\n for (const target of targets) {\n recordChange({\n source: \"action\",\n type: \"change\",\n key: target.actionName ?? \"*\",\n ...(target.owner ? { owner: target.owner } : {}),\n ...(target.orgId ? { orgId: target.orgId } : {}),\n });\n }\n}\n\nfunction extensionTargetsForRow(\n row: Record<string, unknown>,\n shareRows: Array<Record<string, unknown>>,\n): ExtensionChangeTarget[] {\n const targets = new Map<string, ExtensionChangeTarget>();\n const owner = typeof row.owner_email === \"string\" ? row.owner_email : \"\";\n const orgId = typeof row.org_id === \"string\" ? row.org_id : \"\";\n const visibility =\n typeof row.visibility === \"string\" ? row.visibility : \"private\";\n\n if (owner) addExtensionTarget(targets, { owner });\n if (visibility === \"org\" && orgId) addExtensionTarget(targets, { orgId });\n\n for (const share of shareRows) {\n const principalType =\n typeof share.principal_type === \"string\" ? share.principal_type : \"\";\n const principalId =\n typeof share.principal_id === \"string\" ? share.principal_id : \"\";\n if (principalType === \"user\" && principalId) {\n addExtensionTarget(targets, { owner: principalId });\n } else if (principalType === \"org\" && principalId) {\n addExtensionTarget(targets, { orgId: principalId });\n }\n }\n\n return Array.from(targets.values());\n}\n\nasync function readExtensionTargetsForRows(\n db: {\n execute: (\n query: string | { sql: string; args?: unknown[] },\n ) => Promise<{ rows: Array<Record<string, unknown>> }>;\n },\n rows: Array<Record<string, unknown>>,\n): Promise<ExtensionChangeTarget[][]> {\n const ids = rows\n .map((row) => (typeof row.id === \"string\" ? row.id : \"\"))\n .filter(Boolean);\n const sharesByResourceId = new Map<string, Array<Record<string, unknown>>>();\n\n if (ids.length > 0) {\n try {\n const placeholders = ids.map(() => \"?\").join(\", \");\n const shareResult = await db.execute({\n sql: `SELECT resource_id, principal_type, principal_id FROM tool_shares WHERE resource_id IN (${placeholders})`,\n args: ids,\n });\n for (const share of shareResult.rows) {\n const resourceId =\n typeof share.resource_id === \"string\" ? share.resource_id : \"\";\n if (!resourceId) continue;\n const bucket = sharesByResourceId.get(resourceId) ?? [];\n bucket.push(share);\n sharesByResourceId.set(resourceId, bucket);\n }\n } catch {\n // Sharing tables are optional during early app initialization.\n }\n }\n\n return rows.map((row) =>\n extensionTargetsForRow(\n row,\n sharesByResourceId.get(typeof row.id === \"string\" ? row.id : \"\") ?? [],\n ),\n );\n}\n\n/** Get all changes after a given version. */\nexport function getChangesSince(since: number): {\n version: number;\n events: ChangeEvent[];\n} {\n if (since >= _version) {\n return { version: _version, events: [] };\n }\n const events = _buffer.filter((e) => e.version > since);\n return { version: _version, events };\n}\n\n/**\n * Get changes after a given version, filtered to events the caller is\n * allowed to see.\n *\n * Filtering rules:\n * - Events without an `owner` are deployment-global (table-level pings,\n * screen-refresh, etc.) and visible to every authenticated user.\n * - Events with `owner === userEmail` go to that user.\n * - Events with `orgId === orgId` go to anyone in that org.\n * - All other owned events are filtered out.\n */\nexport function getChangesSinceForUser(\n since: number,\n userEmail: string,\n orgId: string | undefined,\n): { version: number; events: ChangeEvent[] } {\n if (since >= _version) {\n return { version: _version, events: [] };\n }\n const events = _buffer.filter(\n (e) => e.version > since && canSeeChangeForUser(e, userEmail, orgId),\n );\n return { version: _version, events };\n}\n\n/**\n * Seed _version from DB timestamps on the first call so serverless\n * cold starts don't return version 0 and confuse polling clients.\n */\nasync function seedVersionFromDb(): Promise<void> {\n if (_versionSeeded) return;\n _versionSeeded = true;\n\n try {\n const db = getDbExec();\n\n const [\n appTs,\n settingsTs,\n extensionsMaxUpdatedAt,\n extensionMarkerTs,\n actionMarkerTs,\n refreshResult,\n ] = await Promise.all([\n readMaxUpdatedAt(db, \"application_state\"),\n readMaxUpdatedAt(db, \"settings\"),\n readMaxUpdatedAtRaw(db, \"tools\"),\n readExtensionMarkerMaxUpdatedAt(db),\n readActionMarkerMaxUpdatedAt(db),\n db\n .execute({\n sql: \"SELECT session_id, updated_at FROM application_state WHERE key = ?\",\n args: [SCREEN_REFRESH_KEY],\n })\n .catch(() => ({ rows: [] as Record<string, unknown>[] })),\n ]);\n\n const extensionsTs = timestampValue(extensionsMaxUpdatedAt);\n let refreshTs = 0;\n for (const row of refreshResult.rows) {\n refreshTs = Math.max(refreshTs, timestampValue(row.updated_at));\n }\n\n // Seed version — never decrease an already-set value\n _version = Math.max(\n _version,\n appTs,\n settingsTs,\n extensionsTs,\n extensionMarkerTs,\n actionMarkerTs,\n );\n\n // Set baselines so checkExternalDbChanges detects future writes\n _lastAppStateTs = appTs;\n _lastSettingsTs = settingsTs;\n _lastExtensionsTs = extensionsTs;\n _lastExtensionsUpdatedAt = sqlWatermarkValue(extensionsMaxUpdatedAt);\n _lastExtensionMarkerTs = extensionMarkerTs;\n // Action markers are durable specifically so a web server can observe work\n // performed by a separate action process. Do not baseline past an existing\n // marker on cold start, or the first poll after the action will miss it.\n _lastActionMarkerTs = 0;\n _lastScreenRefreshTs = refreshTs;\n _lastScreenRefreshTsBySession.clear();\n for (const row of refreshResult.rows) {\n if (typeof row.session_id === \"string\") {\n _lastScreenRefreshTsBySession.set(\n row.session_id,\n timestampValue(row.updated_at),\n );\n }\n }\n _screenRefreshInitialized = true;\n } catch {\n // Tables may not exist yet — ignore\n }\n}\n\n/**\n * Check for cross-process DB writes by comparing updated_at timestamps.\n * Runs at most once per second to avoid excessive queries.\n */\nasync function checkExternalDbChanges(): Promise<void> {\n const now = Date.now();\n if (now - _lastDbCheck < 1000) return;\n _lastDbCheck = now;\n\n try {\n const db = getDbExec();\n\n // Check application_state for external writes. Preserve the changed key so\n // clients can invalidate one-shot command queries (`navigate`, `__set_url__`)\n // only when those command rows actually change; noisy keys such as\n // `slide-fit-check` should not wake navigation readers.\n const appResult = await db.execute({\n sql: \"SELECT session_id, key, updated_at FROM application_state WHERE updated_at > ? ORDER BY updated_at ASC\",\n args: [_lastAppStateTs],\n });\n if (appResult.rows.length > 0) {\n const appTs = appResult.rows.reduce(\n (max, row) => Math.max(max, timestampValue(row.updated_at)),\n _lastAppStateTs,\n );\n if (_lastAppStateTs > 0) {\n for (const row of appResult.rows) {\n const key = typeof row.key === \"string\" ? row.key : \"*\";\n if (\n key === EXTENSION_CHANGE_MARKER_KEY ||\n key === ACTION_CHANGE_MARKER_KEY\n ) {\n continue;\n }\n const owner =\n typeof row.session_id === \"string\" ? row.session_id : undefined;\n recordChange({\n source: \"app-state\",\n type: \"change\",\n key,\n ...(owner ? { owner } : {}),\n });\n }\n }\n _lastAppStateTs = appTs;\n }\n\n // Mutating actions write a durable marker in addition to the in-process\n // event. This lets dev-mode `pnpm action ...` child processes and\n // serverless action invocations wake the web server's SSE/poll loop as a\n // first-class source:\"action\" event rather than a generic app-state bump.\n const actionMarkerTs = await readActionMarkerMaxUpdatedAt(db);\n if (actionMarkerTs > _lastActionMarkerTs) {\n const actionMarkerResult = await db.execute({\n sql: \"SELECT session_id, value, updated_at FROM application_state WHERE key = ? ORDER BY updated_at ASC\",\n args: [ACTION_CHANGE_MARKER_KEY],\n });\n const changedActionMarkers = actionMarkerResult.rows.filter(\n (row) => timestampValue(row.updated_at) > _lastActionMarkerTs,\n );\n recordActionChanges(\n changedActionMarkers\n .map((row) => parseActionChangeMarker(row.session_id, row.value))\n .filter((target): target is ActionChangeTarget => !!target),\n );\n _lastActionMarkerTs = actionMarkerTs;\n }\n\n // Check for screen-refresh requests from the agent. The `refresh-screen`\n // tool writes to application_state under a well-known key; when its\n // updated_at bumps, emit a distinct event so the client invalidates\n // all queries (not just the ones matching its default queryKey prefix).\n const refreshResult = await db.execute({\n sql: \"SELECT session_id, updated_at, value FROM application_state WHERE key = ?\",\n args: [SCREEN_REFRESH_KEY],\n });\n const refreshTs = refreshResult.rows.reduce(\n (max, row) => Math.max(max, timestampValue(row.updated_at)),\n 0,\n );\n if (!_screenRefreshInitialized) {\n _lastScreenRefreshTs = refreshTs;\n for (const row of refreshResult.rows) {\n if (typeof row.session_id === \"string\") {\n _lastScreenRefreshTsBySession.set(\n row.session_id,\n timestampValue(row.updated_at),\n );\n }\n }\n _screenRefreshInitialized = true;\n } else if (refreshTs > _lastScreenRefreshTs) {\n // Emit a per-user event only for the session(s) whose row actually\n // advanced, scoped with `owner` so canSeeChangeForUser delivers it only\n // to that user — not every authenticated poller.\n for (const row of refreshResult.rows) {\n const owner =\n typeof row.session_id === \"string\" ? row.session_id : undefined;\n if (!owner) continue;\n const rowTs = timestampValue(row.updated_at);\n if (rowTs <= (_lastScreenRefreshTsBySession.get(owner) ?? 0)) continue;\n let scope: string | undefined;\n try {\n const raw = row.value;\n if (typeof raw === \"string\") {\n const parsed = JSON.parse(raw);\n if (typeof parsed?.scope === \"string\") scope = parsed.scope;\n }\n } catch {}\n recordChange({\n source: \"screen-refresh\",\n type: \"change\",\n key: SCREEN_REFRESH_KEY,\n owner,\n ...(scope ? { scope } : {}),\n });\n _lastScreenRefreshTsBySession.set(owner, rowTs);\n }\n _lastScreenRefreshTs = refreshTs;\n }\n\n // Extension mutations write a durable marker row so delete and hide/unhide\n // operations are visible across serverless invocations. Translate those\n // marker rows back into extension-source events for targeted client\n // invalidation while preserving user/org scope.\n const extensionMarkerTs = await readExtensionMarkerMaxUpdatedAt(db);\n if (extensionMarkerTs > _lastExtensionMarkerTs) {\n const extensionMarkerResult = await db.execute({\n sql: \"SELECT session_id, value, updated_at FROM application_state WHERE key = ? ORDER BY updated_at ASC\",\n args: [EXTENSION_CHANGE_MARKER_KEY],\n });\n const changedExtensionMarkers = extensionMarkerResult.rows.filter(\n (row) => timestampValue(row.updated_at) > _lastExtensionMarkerTs,\n );\n if (_lastExtensionMarkerTs > 0) {\n recordExtensionChanges(\n changedExtensionMarkers\n .map((row) => parseExtensionChangeMarker(row.session_id, row.value))\n .filter((target): target is ExtensionChangeTarget => !!target),\n );\n }\n _lastExtensionMarkerTs = extensionMarkerTs;\n }\n\n // Check settings for external writes\n const settingsTs = await readMaxUpdatedAt(db, \"settings\");\n if (settingsTs > _lastSettingsTs) {\n if (_lastSettingsTs > 0) {\n recordChange({ source: \"settings\", type: \"change\", key: \"*\" });\n }\n _lastSettingsTs = settingsTs;\n }\n\n // Extension rows live in the legacy physical `tools` table. Keep this as a\n // compatibility fallback for direct table writes, but scope events to the\n // resource owner/share targets instead of broadcasting deployment-wide.\n const extensionsMaxUpdatedAt = await readMaxUpdatedAtRaw(db, \"tools\");\n const extensionsTs = timestampValue(extensionsMaxUpdatedAt);\n if (extensionsTs > _lastExtensionsTs) {\n const since = _lastExtensionsUpdatedAt;\n const extensionResult =\n since === undefined\n ? await db.execute({\n sql: \"SELECT id, owner_email, org_id, visibility, updated_at FROM tools ORDER BY updated_at ASC\",\n args: [],\n })\n : await db.execute({\n sql: \"SELECT id, owner_email, org_id, visibility, updated_at FROM tools WHERE updated_at > ? ORDER BY updated_at ASC\",\n args: [since],\n });\n const changedExtensionRows = extensionResult.rows.filter(\n (row) => timestampValue(row.updated_at) > _lastExtensionsTs,\n );\n if (_lastExtensionsTs > 0) {\n const targetsByRow = await readExtensionTargetsForRows(\n db,\n changedExtensionRows,\n );\n for (const targets of targetsByRow) recordExtensionChanges(targets);\n }\n _lastExtensionsTs = extensionsTs;\n _lastExtensionsUpdatedAt = sqlWatermarkValue(extensionsMaxUpdatedAt);\n }\n } catch {\n // Tables may not exist yet — ignore\n }\n}\n\n/**\n * Create an H3 handler for the poll endpoint.\n *\n * GET /_agent-native/poll?since=N → { version, events[] }\n *\n * Requires an authenticated session. Events are filtered to the caller's\n * tenant — global events (owner-less, table-level pings) reach every\n * authenticated caller; owned events reach only the matching user/org.\n * Without auth + filtering, an anonymous attacker could poll the deployment\n * and infer cross-tenant activity from the global event stream.\n */\nexport function createPollHandler() {\n wireLocalEmitters();\n return defineEventHandler(async (event) => {\n const session = await getSession(event).catch(() => null);\n if (!session?.email) {\n setResponseStatus(event, 401);\n return { error: \"Unauthenticated\" };\n }\n // On cold start, seed _version from DB so we don't return version: 0\n await seedVersionFromDb();\n // Check for cross-process writes before responding\n await checkExternalDbChanges();\n\n const query = getQuery(event);\n const since = parseInt(String(query.since ?? \"0\"), 10) || 0;\n return getChangesSinceForUser(since, session.email, session.orgId);\n });\n}\n"]}
package/dist/settings/store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/settings/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAe,MAAM,iBAAiB,CAAC;AAE9E,IAAI,YAAuC,CAAC;AAE5C,MAAM,QAAQ,GAAG,IAAI,YAAY,EAAE,CAAC;AAEpC,MAAM,UAAU,kBAAkB;IAChC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,UAAU,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU,CAAC;AACvD,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;YAC9B,MAAM,MAAM,CAAC,OAAO,CAAC;qCACU,KAAK;;;uBAGnB,OAAO,EAAE;;OAEzB,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAW;IAEX,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,qBAAqB,KAAK,gBAAgB;QAC/C,IAAI,EAAE,CAAC,GAAG,CAAC;KACZ,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC,CAAC;AAC7C,CAAC;AAOD,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,KAA8B,EAC9B,OAA2B;IAE3B,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,UAAU,EAAE;YACf,CAAC,CAAC,eAAe,KAAK,iIAAiI;YACvJ,CAAC,CAAC,0BAA0B,KAAK,4CAA4C;QAC/E,IAAI,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC/C,CAAC,CAAC;IACH,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE;QACxB,MAAM,EAAE,UAAU;QAClB,IAAI,EAAE,QAAQ;QACd,GAAG;QACH,GAAG,CAAC,OAAO,EAAE,aAAa,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,CAAC;KACxE,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAW,EACX,OAA2B;IAE3B,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE,eAAe,KAAK,gBAAgB;QACzC,IAAI,EAAE,CAAC,GAAG,CAAC;KACZ,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE;YACxB,MAAM,EAAE,UAAU;YAClB,IAAI,EAAE,QAAQ;YACd,GAAG;YACH,GAAG,CAAC,OAAO,EAAE,aAAa,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,CAAC;SACxE,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAGlC,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;IACzE,MAAM,MAAM,GAA4C,EAAE,CAAC;IAC3D,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,CAAC,GAAa,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAe,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["import { EventEmitter } from \"events\";\nimport { getDbExec, isPostgres, intType, type DbExec } from \"../db/client.js\";\n\nlet _initPromise: Promise<void> | undefined;\n\nconst _emitter = new EventEmitter();\n\nexport function getSettingsEmitter(): EventEmitter {\n return _emitter;\n}\n\nfunction settingsTable(): string {\n return isPostgres() ? \"public.settings\" : \"settings\";\n}\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n const table = settingsTable();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS ${table} (\n key TEXT PRIMARY KEY,\n value TEXT NOT NULL,\n updated_at ${intType()} NOT NULL\n )\n `);\n })();\n }\n return _initPromise;\n}\n\nexport async function getSetting(\n key: string,\n): Promise<Record<string, unknown> | null> {\n await ensureTable();\n const client = getDbExec();\n const table = settingsTable();\n const { rows } = await client.execute({\n sql: `SELECT value FROM ${table} WHERE key = ?`,\n args: [key],\n });\n if (rows.length === 0) return null;\n return JSON.parse(rows[0].value as string);\n}\n\nexport interface StoreWriteOptions {\n /** Tag identifying who initiated this write (e.g. a tab ID). */\n requestSource?: string;\n}\n\nexport async function putSetting(\n key: string,\n value: Record<string, unknown>,\n options?: StoreWriteOptions,\n): Promise<void> {\n await ensureTable();\n const client = getDbExec();\n const table = settingsTable();\n await client.execute({\n sql: isPostgres()\n ? `INSERT INTO ${table} (key, value, updated_at) VALUES (?, ?, ?) ON CONFLICT (key) DO UPDATE SET value=EXCLUDED.value, updated_at=EXCLUDED.updated_at`\n : `INSERT OR REPLACE INTO ${table} (key, value, updated_at) VALUES (?, ?, ?)`,\n args: [key, JSON.stringify(value), Date.now()],\n });\n _emitter.emit(\"settings\", {\n source: \"settings\",\n type: \"change\",\n key,\n ...(options?.requestSource && { requestSource: options.requestSource }),\n });\n}\n\nexport async function deleteSetting(\n key: string,\n options?: StoreWriteOptions,\n): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const table = settingsTable();\n const result = await client.execute({\n sql: `DELETE FROM ${table} WHERE key = ?`,\n args: [key],\n });\n if (result.rowsAffected > 0) {\n _emitter.emit(\"settings\", {\n source: \"settings\",\n type: \"delete\",\n key,\n ...(options?.requestSource && { requestSource: options.requestSource }),\n });\n return true;\n }\n return false;\n}\n\nexport async function getAllSettings(): Promise<\n Record<string, Record<string, unknown>>\n> {\n await ensureTable();\n const client = getDbExec();\n const table = settingsTable();\n const { rows } = await client.execute(`SELECT key, value FROM ${table}`);\n const result: Record<string, Record<string, unknown>> = {};\n for (const row of rows) {\n result[row.key as string] = JSON.parse(row.value as string);\n }\n return result;\n}\n"]}
1
+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/settings/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAEjE,IAAI,YAAuC,CAAC;AAE5C,MAAM,QAAQ,GAAG,IAAI,YAAY,EAAE,CAAC;AAEpC,MAAM,UAAU,kBAAkB;IAChC,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,aAAa;IACpB,OAAO,UAAU,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU,CAAC;AACvD,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;YAC9B,MAAM,MAAM,CAAC,OAAO,CAAC;qCACU,KAAK;;;uBAGnB,OAAO,EAAE;;OAEzB,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAW;IAEX,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,qBAAqB,KAAK,gBAAgB;QAC/C,IAAI,EAAE,CAAC,GAAG,CAAC;KACZ,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC,CAAC;AAC7C,CAAC;AAOD,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAW,EACX,KAA8B,EAC9B,OAA2B;IAE3B,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,UAAU,EAAE;YACf,CAAC,CAAC,eAAe,KAAK,iIAAiI;YACvJ,CAAC,CAAC,0BAA0B,KAAK,4CAA4C;QAC/E,IAAI,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;KAC/C,CAAC,CAAC;IACH,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE;QACxB,MAAM,EAAE,UAAU;QAClB,IAAI,EAAE,QAAQ;QACd,GAAG;QACH,GAAG,CAAC,OAAO,EAAE,aAAa,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,CAAC;KACxE,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,GAAW,EACX,OAA2B;IAE3B,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE,eAAe,KAAK,gBAAgB;QACzC,IAAI,EAAE,CAAC,GAAG,CAAC;KACZ,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,GAAG,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC,UAAU,EAAE;YACxB,MAAM,EAAE,UAAU;YAClB,IAAI,EAAE,QAAQ;YACd,GAAG;YACH,GAAG,CAAC,OAAO,EAAE,aAAa,IAAI,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,EAAE,CAAC;SACxE,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc;IAGlC,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC;IACzE,MAAM,MAAM,GAA4C,EAAE,CAAC;IAC3D,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,CAAC,GAAa,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAe,CAAC,CAAC;IAC9D,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["import { EventEmitter } from \"events\";\nimport { getDbExec, isPostgres, intType } from \"../db/client.js\";\n\nlet _initPromise: Promise<void> | undefined;\n\nconst _emitter = new EventEmitter();\n\nexport function getSettingsEmitter(): EventEmitter {\n return _emitter;\n}\n\nfunction settingsTable(): string {\n return isPostgres() ? \"public.settings\" : \"settings\";\n}\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n const table = settingsTable();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS ${table} (\n key TEXT PRIMARY KEY,\n value TEXT NOT NULL,\n updated_at ${intType()} NOT NULL\n )\n `);\n })();\n }\n return _initPromise;\n}\n\nexport async function getSetting(\n key: string,\n): Promise<Record<string, unknown> | null> {\n await ensureTable();\n const client = getDbExec();\n const table = settingsTable();\n const { rows } = await client.execute({\n sql: `SELECT value FROM ${table} WHERE key = ?`,\n args: [key],\n });\n if (rows.length === 0) return null;\n return JSON.parse(rows[0].value as string);\n}\n\nexport interface StoreWriteOptions {\n /** Tag identifying who initiated this write (e.g. a tab ID). */\n requestSource?: string;\n}\n\nexport async function putSetting(\n key: string,\n value: Record<string, unknown>,\n options?: StoreWriteOptions,\n): Promise<void> {\n await ensureTable();\n const client = getDbExec();\n const table = settingsTable();\n await client.execute({\n sql: isPostgres()\n ? `INSERT INTO ${table} (key, value, updated_at) VALUES (?, ?, ?) ON CONFLICT (key) DO UPDATE SET value=EXCLUDED.value, updated_at=EXCLUDED.updated_at`\n : `INSERT OR REPLACE INTO ${table} (key, value, updated_at) VALUES (?, ?, ?)`,\n args: [key, JSON.stringify(value), Date.now()],\n });\n _emitter.emit(\"settings\", {\n source: \"settings\",\n type: \"change\",\n key,\n ...(options?.requestSource && { requestSource: options.requestSource }),\n });\n}\n\nexport async function deleteSetting(\n key: string,\n options?: StoreWriteOptions,\n): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const table = settingsTable();\n const result = await client.execute({\n sql: `DELETE FROM ${table} WHERE key = ?`,\n args: [key],\n });\n if (result.rowsAffected > 0) {\n _emitter.emit(\"settings\", {\n source: \"settings\",\n type: \"delete\",\n key,\n ...(options?.requestSource && { requestSource: options.requestSource }),\n });\n return true;\n }\n return false;\n}\n\nexport async function getAllSettings(): Promise<\n Record<string, Record<string, unknown>>\n> {\n await ensureTable();\n const client = getDbExec();\n const table = settingsTable();\n const { rows } = await client.execute(`SELECT key, value FROM ${table}`);\n const result: Record<string, Record<string, unknown>> = {};\n for (const row of rows) {\n result[row.key as string] = JSON.parse(row.value as string);\n }\n return result;\n}\n"]}
package/dist/sharing/access.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/sharing/access.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,aAAa,CAAC;AAUzD,OAAO,EAAa,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAmBxD,qBAAa,cAAe,SAAQ,KAAK;IACvC,UAAU,SAAO;gBACL,OAAO,SAAc;CAIlC;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wEAAwE;AACxE,wBAAgB,aAAa,IAAI,aAAa,CAK7C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,YAAY,CAC1B,aAAa,EAAE,GAAG,EAClB,WAAW,EAAE,GAAG,EAChB,GAAG,GAAE,aAA+B,EACpC,OAAO,GAAE,SAAoB,EAC7B,OAAO,GAAE;IAAE,aAAa,CAAC,EAAE,OAAO,CAAA;CAAO,GACxC,GAAG,CAoDL;AAgCD,MAAM,WAAW,cAAc;IAC7B,yEAAyE;IACzE,IAAI,EAAE,OAAO,GAAG,SAAS,CAAC;IAC1B,yCAAyC;IACzC,QAAQ,EAAE,GAAG,CAAC;CACf;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,GAAG,GAAE,aAA+B,GACnC,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAkChC;AA4CD;;;GAGG;AACH,wBAAsB,YAAY,CAChC,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,SAAS,GAAG,OAAkB,EACvC,GAAG,GAAE,aAA+B,GACnC,OAAO,CAAC,cAAc,CAAC,CAWzB"}
1
+ {"version":3,"file":"access.d.ts","sourceRoot":"","sources":["../../src/sharing/access.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAoB,KAAK,GAAG,EAAE,MAAM,aAAa,CAAC;AAUzD,OAAO,EAAa,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAmBxD,qBAAa,cAAe,SAAQ,KAAK;IACvC,UAAU,SAAO;gBACL,OAAO,SAAc;CAIlC;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wEAAwE;AACxE,wBAAgB,aAAa,IAAI,aAAa,CAK7C;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,YAAY,CAC1B,aAAa,EAAE,GAAG,EAClB,WAAW,EAAE,GAAG,EAChB,GAAG,GAAE,aAA+B,EACpC,OAAO,GAAE,SAAoB,EAC7B,OAAO,GAAE;IAAE,aAAa,CAAC,EAAE,OAAO,CAAA;CAAO,GACxC,GAAG,CAwDL;AAsDD,MAAM,WAAW,cAAc;IAC7B,yEAAyE;IACzE,IAAI,EAAE,OAAO,GAAG,SAAS,CAAC;IAC1B,yCAAyC;IACzC,QAAQ,EAAE,GAAG,CAAC;CACf;AAED;;;GAGG;AACH,wBAAsB,aAAa,CACjC,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,GAAG,GAAE,aAA+B,GACnC,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAkChC;AA8CD;;;GAGG;AACH,wBAAsB,YAAY,CAChC,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,OAAO,GAAE,SAAS,GAAG,OAAkB,EACvC,GAAG,GAAE,aAA+B,GACnC,OAAO,CAAC,cAAc,CAAC,CAWzB"}
package/dist/sharing/access.js CHANGED
@@ -85,17 +85,21 @@ export function accessFilter(resourceTable, sharesTable, ctx = currentAccess(),
85
85
  }
86
86
  }
87
87
  if (userEmail) {
88
+ const shareScope = restrictedShareScopeSql(reg, resourceTable, ctx);
88
89
  clauses.push(sql `exists (select 1 from ${sharesTable}
89
90
  where ${sharesTable.resourceId} = ${resourceTable.id}
90
91
  and ${sharesTable.principalType} = 'user'
91
92
  and ${sharesTable.principalId} = ${userEmail}
93
+ and ${shareScope}
92
94
  and ${minRoleSql(minRole)})`);
93
95
  }
94
96
  if (orgId) {
97
+ const shareScope = restrictedShareScopeSql(reg, resourceTable, ctx);
95
98
  clauses.push(sql `exists (select 1 from ${sharesTable}
96
99
  where ${sharesTable.resourceId} = ${resourceTable.id}
97
100
  and ${sharesTable.principalType} = 'org'
98
101
  and ${sharesTable.principalId} = ${orgId}
102
+ and ${shareScope}
99
103
  and ${minRoleSql(minRole)})`);
100
104
  }
101
105
  return or(...clauses) ?? sql `1=0`;
@@ -125,6 +129,21 @@ function minRoleSql(minRole) {
125
129
  }
126
130
  return sql `role = 'admin'`;
127
131
  }
132
+ function restrictedShareScopeSql(reg, resourceTable, ctx) {
133
+ // Restricted resources (extensions) must stay inside their resource org even
134
+ // if stale cross-org share rows already exist from older code or bad data.
135
+ if (reg?.requireOrgMemberForUserShares !== true)
136
+ return sql `1=1`;
137
+ if (!ctx.orgId)
138
+ return sql `1=0`;
139
+ return eq(resourceTable.orgId, ctx.orgId);
140
+ }
141
+ function explicitSharesAllowedForResource(reg, resource, ctx) {
142
+ if (reg.requireOrgMemberForUserShares !== true)
143
+ return true;
144
+ const resourceOrgId = resource?.orgId ?? null;
145
+ return !!resourceOrgId && !!ctx.orgId && resourceOrgId === ctx.orgId;
146
+ }
128
147
  /**
129
148
  * Return the effective role the current user has on a specific resource, or
130
149
  * null if they have no access. Loads the resource and relevant share rows.
@@ -146,25 +165,27 @@ export async function resolveAccess(resourceType, resourceId, ctx = currentAcces
146
165
  }
147
166
  if (resource.visibility === "public" && reg.allowPublic !== false) {
148
167
  // No share row needed; default viewer unless upgraded below.
149
- const role = await highestShareRole(reg, resourceId, ctx);
168
+ const role = await highestShareRole(reg, resourceId, ctx, resource);
150
169
  return { role: role ?? "viewer", resource };
151
170
  }
152
171
  // `visibility === "public"` on an `allowPublic: false` resource is treated
153
172
  // as private: only owner + explicit shares grant access. Falls through to
154
173
  // the explicit-share lookup below.
155
174
  if (resource.visibility === "org" && orgId && resource.orgId === orgId) {
156
- const role = await highestShareRole(reg, resourceId, ctx);
175
+ const role = await highestShareRole(reg, resourceId, ctx, resource);
157
176
  return { role: role ?? "viewer", resource };
158
177
  }
159
- const role = await highestShareRole(reg, resourceId, ctx);
178
+ const role = await highestShareRole(reg, resourceId, ctx, resource);
160
179
  if (role)
161
180
  return { role, resource };
162
181
  return null;
163
182
  }
164
- async function highestShareRole(reg, resourceId, ctx) {
183
+ async function highestShareRole(reg, resourceId, ctx, resource) {
165
184
  const { userEmail, orgId } = ctx;
166
185
  if (!userEmail && !orgId)
167
186
  return null;
187
+ if (!explicitSharesAllowedForResource(reg, resource, ctx))
188
+ return null;
168
189
  const db = reg.getDb();
169
190
  const principalClauses = [];
170
191
  if (userEmail) {
package/dist/sharing/access.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"access.js","sourceRoot":"","sources":["../../src/sharing/access.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAY,MAAM,aAAa,CAAC;AACzD,OAAO,EACL,mBAAmB,EACnB,eAAe,GAChB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,sBAAsB,EACtB,wBAAwB,GAEzB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAkB,MAAM,aAAa,CAAC;AAExD;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAC9B,aAAkB;IAElB,KAAK,MAAM,GAAG,IAAI,sBAAsB,EAAE,EAAE,CAAC;QAC3C,IAAI,GAAG,CAAC,aAAa,KAAK,aAAa;YAAE,OAAO,GAAG,CAAC;IACtD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,OAAO,cAAe,SAAQ,KAAK;IACvC,UAAU,GAAG,GAAG,CAAC;IACjB,YAAY,OAAO,GAAG,WAAW;QAC/B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAOD,wEAAwE;AACxE,MAAM,UAAU,aAAa;IAC3B,OAAO;QACL,SAAS,EAAE,mBAAmB,EAAE;QAChC,KAAK,EAAE,eAAe,EAAE;KACzB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,YAAY,CAC1B,aAAkB,EAClB,WAAgB,EAChB,MAAqB,aAAa,EAAE,EACpC,UAAqB,QAAQ,EAC7B,UAAuC,EAAE;IAEzC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IACjC,yEAAyE;IACzE,uEAAuE;IACvE,0EAA0E;IAC1E,aAAa;IACb,MAAM,GAAG,GAAG,uBAAuB,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,aAAa,GAAG,GAAG,EAAE,WAAW,KAAK,KAAK,CAAC;IACjD,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,KAAK,CAAC,IAAI,aAAa,CAAC;IACxE,MAAM,OAAO,GAAU,EAAE,CAAC;IAE1B,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,IAAI,CACV,GAAG,CACD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,SAAS,CAAC,EACvC,gBAAgB,CAAC,aAAa,EAAE,GAAG,CAAC,CACpC,CACH,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CACV,GAAG,CACD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,EACnC,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAC9B,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,IAAI,CACV,GAAG,CAAA,yBAAyB,WAAW;0BACnB,WAAW,CAAC,UAAU,MAAM,aAAa,CAAC,EAAE;0BAC5C,WAAW,CAAC,aAAa;0BACzB,WAAW,CAAC,WAAW,MAAM,SAAS;0BACtC,UAAU,CAAC,OAAO,CAAC,GAAG,CAC3C,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,IAAI,CACV,GAAG,CAAA,yBAAyB,WAAW;0BACnB,WAAW,CAAC,UAAU,MAAM,aAAa,CAAC,EAAE;0BAC5C,WAAW,CAAC,aAAa;0BACzB,WAAW,CAAC,WAAW,MAAM,KAAK;0BAClC,UAAU,CAAC,OAAO,CAAC,GAAG,CAC3C,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,GAAG,CAAA,KAAK,CAAC;AACpC,CAAC;AAED,SAAS,gBAAgB,CAAC,aAAkB,EAAE,GAAkB;IAC9D,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,yEAAyE;QACzE,2EAA2E;QAC3E,uEAAuE;QACvE,OAAO,EAAE,CACP,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,EAClC,GAAG,CAAA,GAAG,aAAa,CAAC,KAAK,UAAU,CACnC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAA,GAAG,aAAa,CAAC,KAAK,UAAU,CAAC;AAC7C,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAa,EAAE,GAAkB;IAChE,MAAM,aAAa,GAAG,QAAQ,EAAE,KAAK,IAAI,IAAI,CAAC;IAC9C,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,GAAG,CAAC,KAAK,KAAK,aAAa,CAAC;AACrC,CAAC;AAED,SAAS,UAAU,CAAC,OAAkB;IACpC,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,4BAA4B;QAC5B,OAAO,GAAG,CAAA,KAAK,CAAC;IAClB,CAAC;IACD,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,OAAO,GAAG,CAAA,4BAA4B,CAAC;IACzC,CAAC;IACD,OAAO,GAAG,CAAA,gBAAgB,CAAC;AAC7B,CAAC;AASD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,YAAoB,EACpB,UAAkB,EAClB,MAAqB,aAAa,EAAE;IAEpC,MAAM,GAAG,GAAG,wBAAwB,CAAC,YAAY,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;IAE9B,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;SACxB,MAAM,EAAE;SACR,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC;SACvB,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC;IAC/C,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAEjC,IACE,SAAS;QACT,QAAQ,CAAC,UAAU,KAAK,SAAS;QACjC,uBAAuB,CAAC,QAAQ,EAAE,GAAG,CAAC,EACtC,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IACrC,CAAC;IACD,IAAI,QAAQ,CAAC,UAAU,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;QAClE,6DAA6D;QAC7D,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;QAC1D,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAC9C,CAAC;IACD,2EAA2E;IAC3E,0EAA0E;IAC1E,mCAAmC;IACnC,IAAI,QAAQ,CAAC,UAAU,KAAK,KAAK,IAAI,KAAK,IAAI,QAAQ,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;QACvE,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;QAC1D,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAC9C,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAC1D,IAAI,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,GAAkC,EAClC,UAAkB,EAClB,GAAkB;IAElB,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IACjC,IAAI,CAAC,SAAS,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACtC,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;IAE9B,MAAM,gBAAgB,GAA6B,EAAE,CAAC;IACtD,IAAI,SAAS,EAAE,CAAC;QACd,gBAAgB,CAAC,IAAI,CACnB,GAAG,CACD,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,EACzC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,CAAC,CAC3C,CACF,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,gBAAgB,CAAC,IAAI,CACnB,GAAG,CACD,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,EAAE,KAAK,CAAC,EACxC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,KAAK,CAAC,CACvC,CACF,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,EAAE;SAClB,MAAM,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;SACtC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;SACrB,KAAK,CACJ,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,GAAG,gBAAgB,CAAC,CAAC,CACzE;SACA,KAAK,CAAC,EAAE,CAAC,CAAC;IAEb,IAAI,IAAI,GAAqB,IAAI,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,IAAkC,EAAE,CAAC;QACnD,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC;YAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;IAClE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,YAAoB,EACpB,UAAkB,EAClB,UAA+B,QAAQ,EACvC,MAAqB,aAAa,EAAE;IAEpC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,cAAc,CAAC,gBAAgB,YAAY,IAAI,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,cAAc,CACtB,YAAY,OAAO,YAAY,YAAY,IAAI,UAAU,UAAU,MAAM,CAAC,IAAI,GAAG,CAClF,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["/**\n * Access-control helpers for shareable resources.\n *\n * The access model combines:\n * 1. Direct ownership — `owner_email = currentUser`.\n * 2. Visibility — `'private' | 'org' | 'public'`. `org` grants read to anyone\n * in the same org; `public` grants read to any authenticated user.\n * 3. Share rows — per-user or per-org grants in the `{type}_shares` table\n * with a role (`viewer | editor | admin`).\n *\n * Use `applyAccessFilter()` on list/read queries to filter rows the current\n * user can see. Use `assertAccess()` at the top of write actions to reject\n * callers who lack the required role.\n */\n\nimport { and, eq, or, sql, type SQL } from \"drizzle-orm\";\nimport {\n getRequestUserEmail,\n getRequestOrgId,\n} from \"../server/request-context.js\";\nimport {\n listShareableResources,\n requireShareableResource,\n type ShareableResourceRegistration,\n} from \"./registry.js\";\nimport { ROLE_RANK, type ShareRole } from \"./schema.js\";\n\n/**\n * Find a registration by its drizzle table identity. Used to look up\n * per-resource policy flags (e.g. `allowPublic`) inside `accessFilter`,\n * which receives only the table — not the resource-type name.\n *\n * Identity is stable within a single bundle (Vite dedupes module instances);\n * the SSR/server side is the only caller, so per-bundle identity is fine.\n */\nfunction findRegistrationByTable(\n resourceTable: any,\n): ShareableResourceRegistration | undefined {\n for (const reg of listShareableResources()) {\n if (reg.resourceTable === resourceTable) return reg;\n }\n return undefined;\n}\n\nexport class ForbiddenError extends Error {\n statusCode = 403;\n constructor(message = \"Forbidden\") {\n super(message);\n this.name = \"ForbiddenError\";\n }\n}\n\nexport interface AccessContext {\n userEmail?: string;\n orgId?: string;\n}\n\n/** Current request's access context. Pulls from request-context ALS. */\nexport function currentAccess(): AccessContext {\n return {\n userEmail: getRequestUserEmail(),\n orgId: getRequestOrgId(),\n };\n}\n\n/**\n * Build a Drizzle `WHERE` clause that admits rows the current user can see.\n * Pass the ownable resource table and its shares table; optional min role\n * (defaults to 'viewer') gates which share rows count.\n *\n * `visibility = 'public'` is intentionally NOT admitted by default. Public\n * means \"anyone with the link can view\" (still honoured by `resolveAccess`\n * for read-by-id), not \"appears in every signed-in user's list/sidebar.\"\n * Pass `{ includePublic: true }` for the rare list endpoint that wants\n * cross-user public discovery (a public template gallery, for example).\n *\n * Example:\n *\n * const rows = await db\n * .select()\n * .from(schema.documents)\n * .where(accessFilter(schema.documents, schema.documentShares));\n */\nexport function accessFilter(\n resourceTable: any,\n sharesTable: any,\n ctx: AccessContext = currentAccess(),\n minRole: ShareRole = \"viewer\",\n options: { includePublic?: boolean } = {},\n): SQL {\n const { userEmail, orgId } = ctx;\n // Defense in depth — resources registered with `allowPublic: false` must\n // never participate in cross-user \"public\" discovery, even if a caller\n // accidentally passes `includePublic: true` or if a stale public row sits\n // in the DB.\n const reg = findRegistrationByTable(resourceTable);\n const publicAllowed = reg?.allowPublic !== false;\n const includePublic = (options.includePublic ?? false) && publicAllowed;\n const clauses: SQL[] = [];\n\n if (userEmail) {\n clauses.push(\n and(\n eq(resourceTable.ownerEmail, userEmail),\n ownerScopeFilter(resourceTable, ctx),\n )!,\n );\n }\n if (minRole === \"viewer\") {\n if (includePublic) {\n clauses.push(eq(resourceTable.visibility, \"public\"));\n }\n if (orgId) {\n clauses.push(\n and(\n eq(resourceTable.visibility, \"org\"),\n eq(resourceTable.orgId, orgId),\n )!,\n );\n }\n }\n if (userEmail) {\n clauses.push(\n sql`exists (select 1 from ${sharesTable}\n where ${sharesTable.resourceId} = ${resourceTable.id}\n and ${sharesTable.principalType} = 'user'\n and ${sharesTable.principalId} = ${userEmail}\n and ${minRoleSql(minRole)})`,\n );\n }\n if (orgId) {\n clauses.push(\n sql`exists (select 1 from ${sharesTable}\n where ${sharesTable.resourceId} = ${resourceTable.id}\n and ${sharesTable.principalType} = 'org'\n and ${sharesTable.principalId} = ${orgId}\n and ${minRoleSql(minRole)})`,\n );\n }\n\n return or(...clauses) ?? sql`1=0`;\n}\n\nfunction ownerScopeFilter(resourceTable: any, ctx: AccessContext): SQL {\n if (ctx.orgId) {\n // Rows created before org-scoping, or in solo mode, have no org_id. Keep\n // them manageable by their owner after the owner joins or switches into an\n // organization, while still keeping rows from other orgs out of scope.\n return or(\n eq(resourceTable.orgId, ctx.orgId),\n sql`${resourceTable.orgId} IS NULL`,\n )!;\n }\n return sql`${resourceTable.orgId} IS NULL`;\n}\n\nfunction ownerMatchesActiveScope(resource: any, ctx: AccessContext): boolean {\n const resourceOrgId = resource?.orgId ?? null;\n if (!resourceOrgId) return true;\n return ctx.orgId === resourceOrgId;\n}\n\nfunction minRoleSql(minRole: ShareRole): SQL {\n if (minRole === \"viewer\") {\n // any role satisfies viewer\n return sql`1=1`;\n }\n if (minRole === \"editor\") {\n return sql`role in ('editor','admin')`;\n }\n return sql`role = 'admin'`;\n}\n\nexport interface ResolvedAccess {\n /** Effective role: 'owner' for the resource owner, or the share role. */\n role: \"owner\" | ShareRole;\n /** The resource row (already loaded). */\n resource: any;\n}\n\n/**\n * Return the effective role the current user has on a specific resource, or\n * null if they have no access. Loads the resource and relevant share rows.\n */\nexport async function resolveAccess(\n resourceType: string,\n resourceId: string,\n ctx: AccessContext = currentAccess(),\n): Promise<ResolvedAccess | null> {\n const reg = requireShareableResource(resourceType);\n const db = reg.getDb() as any;\n\n const [resource] = await db\n .select()\n .from(reg.resourceTable)\n .where(eq(reg.resourceTable.id, resourceId));\n if (!resource) return null;\n\n const { userEmail, orgId } = ctx;\n\n if (\n userEmail &&\n resource.ownerEmail === userEmail &&\n ownerMatchesActiveScope(resource, ctx)\n ) {\n return { role: \"owner\", resource };\n }\n if (resource.visibility === \"public\" && reg.allowPublic !== false) {\n // No share row needed; default viewer unless upgraded below.\n const role = await highestShareRole(reg, resourceId, ctx);\n return { role: role ?? \"viewer\", resource };\n }\n // `visibility === \"public\"` on an `allowPublic: false` resource is treated\n // as private: only owner + explicit shares grant access. Falls through to\n // the explicit-share lookup below.\n if (resource.visibility === \"org\" && orgId && resource.orgId === orgId) {\n const role = await highestShareRole(reg, resourceId, ctx);\n return { role: role ?? \"viewer\", resource };\n }\n const role = await highestShareRole(reg, resourceId, ctx);\n if (role) return { role, resource };\n return null;\n}\n\nasync function highestShareRole(\n reg: ShareableResourceRegistration,\n resourceId: string,\n ctx: AccessContext,\n): Promise<ShareRole | null> {\n const { userEmail, orgId } = ctx;\n if (!userEmail && !orgId) return null;\n const db = reg.getDb() as any;\n\n const principalClauses: ReturnType<typeof and>[] = [];\n if (userEmail) {\n principalClauses.push(\n and(\n eq(reg.sharesTable.principalType, \"user\"),\n eq(reg.sharesTable.principalId, userEmail),\n ),\n );\n }\n if (orgId) {\n principalClauses.push(\n and(\n eq(reg.sharesTable.principalType, \"org\"),\n eq(reg.sharesTable.principalId, orgId),\n ),\n );\n }\n\n const rows = await db\n .select({ role: reg.sharesTable.role })\n .from(reg.sharesTable)\n .where(\n and(eq(reg.sharesTable.resourceId, resourceId), or(...principalClauses)),\n )\n .limit(10);\n\n let best: ShareRole | null = null;\n for (const r of rows as Array<{ role: ShareRole }>) {\n if (!best || ROLE_RANK[r.role] > ROLE_RANK[best]) best = r.role;\n }\n return best;\n}\n\n/**\n * Throw ForbiddenError if the current user can't act on this resource with at\n * least the given role. Used at the top of update/delete actions.\n */\nexport async function assertAccess(\n resourceType: string,\n resourceId: string,\n minRole: ShareRole | \"owner\" = \"viewer\",\n ctx: AccessContext = currentAccess(),\n): Promise<ResolvedAccess> {\n const access = await resolveAccess(resourceType, resourceId, ctx);\n if (!access) {\n throw new ForbiddenError(`No access to ${resourceType} ${resourceId}`);\n }\n if (ROLE_RANK[access.role] < ROLE_RANK[minRole]) {\n throw new ForbiddenError(\n `Requires ${minRole} role on ${resourceType} ${resourceId} (have ${access.role})`,\n );\n }\n return access;\n}\n"]}
1
+ {"version":3,"file":"access.js","sourceRoot":"","sources":["../../src/sharing/access.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAY,MAAM,aAAa,CAAC;AACzD,OAAO,EACL,mBAAmB,EACnB,eAAe,GAChB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,sBAAsB,EACtB,wBAAwB,GAEzB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,SAAS,EAAkB,MAAM,aAAa,CAAC;AAExD;;;;;;;GAOG;AACH,SAAS,uBAAuB,CAC9B,aAAkB;IAElB,KAAK,MAAM,GAAG,IAAI,sBAAsB,EAAE,EAAE,CAAC;QAC3C,IAAI,GAAG,CAAC,aAAa,KAAK,aAAa;YAAE,OAAO,GAAG,CAAC;IACtD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,OAAO,cAAe,SAAQ,KAAK;IACvC,UAAU,GAAG,GAAG,CAAC;IACjB,YAAY,OAAO,GAAG,WAAW;QAC/B,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAOD,wEAAwE;AACxE,MAAM,UAAU,aAAa;IAC3B,OAAO;QACL,SAAS,EAAE,mBAAmB,EAAE;QAChC,KAAK,EAAE,eAAe,EAAE;KACzB,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,YAAY,CAC1B,aAAkB,EAClB,WAAgB,EAChB,MAAqB,aAAa,EAAE,EACpC,UAAqB,QAAQ,EAC7B,UAAuC,EAAE;IAEzC,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IACjC,yEAAyE;IACzE,uEAAuE;IACvE,0EAA0E;IAC1E,aAAa;IACb,MAAM,GAAG,GAAG,uBAAuB,CAAC,aAAa,CAAC,CAAC;IACnD,MAAM,aAAa,GAAG,GAAG,EAAE,WAAW,KAAK,KAAK,CAAC;IACjD,MAAM,aAAa,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,KAAK,CAAC,IAAI,aAAa,CAAC;IACxE,MAAM,OAAO,GAAU,EAAE,CAAC;IAE1B,IAAI,SAAS,EAAE,CAAC;QACd,OAAO,CAAC,IAAI,CACV,GAAG,CACD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,SAAS,CAAC,EACvC,gBAAgB,CAAC,aAAa,EAAE,GAAG,CAAC,CACpC,CACH,CAAC;IACJ,CAAC;IACD,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,IAAI,CACV,GAAG,CACD,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,EACnC,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,CAAC,CAC9B,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,UAAU,GAAG,uBAAuB,CAAC,GAAG,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;QACpE,OAAO,CAAC,IAAI,CACV,GAAG,CAAA,yBAAyB,WAAW;0BACnB,WAAW,CAAC,UAAU,MAAM,aAAa,CAAC,EAAE;0BAC5C,WAAW,CAAC,aAAa;0BACzB,WAAW,CAAC,WAAW,MAAM,SAAS;0BACtC,UAAU;0BACV,UAAU,CAAC,OAAO,CAAC,GAAG,CAC3C,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,UAAU,GAAG,uBAAuB,CAAC,GAAG,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;QACpE,OAAO,CAAC,IAAI,CACV,GAAG,CAAA,yBAAyB,WAAW;0BACnB,WAAW,CAAC,UAAU,MAAM,aAAa,CAAC,EAAE;0BAC5C,WAAW,CAAC,aAAa;0BACzB,WAAW,CAAC,WAAW,MAAM,KAAK;0BAClC,UAAU;0BACV,UAAU,CAAC,OAAO,CAAC,GAAG,CAC3C,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,CAAC,GAAG,OAAO,CAAC,IAAI,GAAG,CAAA,KAAK,CAAC;AACpC,CAAC;AAED,SAAS,gBAAgB,CAAC,aAAkB,EAAE,GAAkB;IAC9D,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,yEAAyE;QACzE,2EAA2E;QAC3E,uEAAuE;QACvE,OAAO,EAAE,CACP,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,EAClC,GAAG,CAAA,GAAG,aAAa,CAAC,KAAK,UAAU,CACnC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAA,GAAG,aAAa,CAAC,KAAK,UAAU,CAAC;AAC7C,CAAC;AAED,SAAS,uBAAuB,CAAC,QAAa,EAAE,GAAkB;IAChE,MAAM,aAAa,GAAG,QAAQ,EAAE,KAAK,IAAI,IAAI,CAAC;IAC9C,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,GAAG,CAAC,KAAK,KAAK,aAAa,CAAC;AACrC,CAAC;AAED,SAAS,UAAU,CAAC,OAAkB;IACpC,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,4BAA4B;QAC5B,OAAO,GAAG,CAAA,KAAK,CAAC;IAClB,CAAC;IACD,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,OAAO,GAAG,CAAA,4BAA4B,CAAC;IACzC,CAAC;IACD,OAAO,GAAG,CAAA,gBAAgB,CAAC;AAC7B,CAAC;AAED,SAAS,uBAAuB,CAC9B,GAA8C,EAC9C,aAAkB,EAClB,GAAkB;IAElB,6EAA6E;IAC7E,2EAA2E;IAC3E,IAAI,GAAG,EAAE,6BAA6B,KAAK,IAAI;QAAE,OAAO,GAAG,CAAA,KAAK,CAAC;IACjE,IAAI,CAAC,GAAG,CAAC,KAAK;QAAE,OAAO,GAAG,CAAA,KAAK,CAAC;IAChC,OAAO,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,gCAAgC,CACvC,GAAkC,EAClC,QAAa,EACb,GAAkB;IAElB,IAAI,GAAG,CAAC,6BAA6B,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAC5D,MAAM,aAAa,GAAG,QAAQ,EAAE,KAAK,IAAI,IAAI,CAAC;IAC9C,OAAO,CAAC,CAAC,aAAa,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,IAAI,aAAa,KAAK,GAAG,CAAC,KAAK,CAAC;AACvE,CAAC;AASD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,YAAoB,EACpB,UAAkB,EAClB,MAAqB,aAAa,EAAE;IAEpC,MAAM,GAAG,GAAG,wBAAwB,CAAC,YAAY,CAAC,CAAC;IACnD,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;IAE9B,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;SACxB,MAAM,EAAE;SACR,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC;SACvB,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC;IAC/C,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE3B,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAEjC,IACE,SAAS;QACT,QAAQ,CAAC,UAAU,KAAK,SAAS;QACjC,uBAAuB,CAAC,QAAQ,EAAE,GAAG,CAAC,EACtC,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;IACrC,CAAC;IACD,IAAI,QAAQ,CAAC,UAAU,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;QAClE,6DAA6D;QAC7D,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QACpE,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAC9C,CAAC;IACD,2EAA2E;IAC3E,0EAA0E;IAC1E,mCAAmC;IACnC,IAAI,QAAQ,CAAC,UAAU,KAAK,KAAK,IAAI,KAAK,IAAI,QAAQ,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;QACvE,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QACpE,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,QAAQ,EAAE,QAAQ,EAAE,CAAC;IAC9C,CAAC;IACD,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IACpE,IAAI,IAAI;QAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,GAAkC,EAClC,UAAkB,EAClB,GAAkB,EAClB,QAAa;IAEb,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IACjC,IAAI,CAAC,SAAS,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACtC,IAAI,CAAC,gCAAgC,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvE,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;IAE9B,MAAM,gBAAgB,GAA6B,EAAE,CAAC;IACtD,IAAI,SAAS,EAAE,CAAC;QACd,gBAAgB,CAAC,IAAI,CACnB,GAAG,CACD,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,EACzC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,SAAS,CAAC,CAC3C,CACF,CAAC;IACJ,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,gBAAgB,CAAC,IAAI,CACnB,GAAG,CACD,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,EAAE,KAAK,CAAC,EACxC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,KAAK,CAAC,CACvC,CACF,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,EAAE;SAClB,MAAM,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;SACtC,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;SACrB,KAAK,CACJ,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,GAAG,gBAAgB,CAAC,CAAC,CACzE;SACA,KAAK,CAAC,EAAE,CAAC,CAAC;IAEb,IAAI,IAAI,GAAqB,IAAI,CAAC;IAClC,KAAK,MAAM,CAAC,IAAI,IAAkC,EAAE,CAAC;QACnD,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC;YAAE,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC;IAClE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,YAAoB,EACpB,UAAkB,EAClB,UAA+B,QAAQ,EACvC,MAAqB,aAAa,EAAE;IAEpC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,YAAY,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAClE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,cAAc,CAAC,gBAAgB,YAAY,IAAI,UAAU,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,cAAc,CACtB,YAAY,OAAO,YAAY,YAAY,IAAI,UAAU,UAAU,MAAM,CAAC,IAAI,GAAG,CAClF,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC","sourcesContent":["/**\n * Access-control helpers for shareable resources.\n *\n * The access model combines:\n * 1. Direct ownership — `owner_email = currentUser`.\n * 2. Visibility — `'private' | 'org' | 'public'`. `org` grants read to anyone\n * in the same org; `public` grants read to any authenticated user.\n * 3. Share rows — per-user or per-org grants in the `{type}_shares` table\n * with a role (`viewer | editor | admin`).\n *\n * Use `applyAccessFilter()` on list/read queries to filter rows the current\n * user can see. Use `assertAccess()` at the top of write actions to reject\n * callers who lack the required role.\n */\n\nimport { and, eq, or, sql, type SQL } from \"drizzle-orm\";\nimport {\n getRequestUserEmail,\n getRequestOrgId,\n} from \"../server/request-context.js\";\nimport {\n listShareableResources,\n requireShareableResource,\n type ShareableResourceRegistration,\n} from \"./registry.js\";\nimport { ROLE_RANK, type ShareRole } from \"./schema.js\";\n\n/**\n * Find a registration by its drizzle table identity. Used to look up\n * per-resource policy flags (e.g. `allowPublic`) inside `accessFilter`,\n * which receives only the table — not the resource-type name.\n *\n * Identity is stable within a single bundle (Vite dedupes module instances);\n * the SSR/server side is the only caller, so per-bundle identity is fine.\n */\nfunction findRegistrationByTable(\n resourceTable: any,\n): ShareableResourceRegistration | undefined {\n for (const reg of listShareableResources()) {\n if (reg.resourceTable === resourceTable) return reg;\n }\n return undefined;\n}\n\nexport class ForbiddenError extends Error {\n statusCode = 403;\n constructor(message = \"Forbidden\") {\n super(message);\n this.name = \"ForbiddenError\";\n }\n}\n\nexport interface AccessContext {\n userEmail?: string;\n orgId?: string;\n}\n\n/** Current request's access context. Pulls from request-context ALS. */\nexport function currentAccess(): AccessContext {\n return {\n userEmail: getRequestUserEmail(),\n orgId: getRequestOrgId(),\n };\n}\n\n/**\n * Build a Drizzle `WHERE` clause that admits rows the current user can see.\n * Pass the ownable resource table and its shares table; optional min role\n * (defaults to 'viewer') gates which share rows count.\n *\n * `visibility = 'public'` is intentionally NOT admitted by default. Public\n * means \"anyone with the link can view\" (still honoured by `resolveAccess`\n * for read-by-id), not \"appears in every signed-in user's list/sidebar.\"\n * Pass `{ includePublic: true }` for the rare list endpoint that wants\n * cross-user public discovery (a public template gallery, for example).\n *\n * Example:\n *\n * const rows = await db\n * .select()\n * .from(schema.documents)\n * .where(accessFilter(schema.documents, schema.documentShares));\n */\nexport function accessFilter(\n resourceTable: any,\n sharesTable: any,\n ctx: AccessContext = currentAccess(),\n minRole: ShareRole = \"viewer\",\n options: { includePublic?: boolean } = {},\n): SQL {\n const { userEmail, orgId } = ctx;\n // Defense in depth — resources registered with `allowPublic: false` must\n // never participate in cross-user \"public\" discovery, even if a caller\n // accidentally passes `includePublic: true` or if a stale public row sits\n // in the DB.\n const reg = findRegistrationByTable(resourceTable);\n const publicAllowed = reg?.allowPublic !== false;\n const includePublic = (options.includePublic ?? false) && publicAllowed;\n const clauses: SQL[] = [];\n\n if (userEmail) {\n clauses.push(\n and(\n eq(resourceTable.ownerEmail, userEmail),\n ownerScopeFilter(resourceTable, ctx),\n )!,\n );\n }\n if (minRole === \"viewer\") {\n if (includePublic) {\n clauses.push(eq(resourceTable.visibility, \"public\"));\n }\n if (orgId) {\n clauses.push(\n and(\n eq(resourceTable.visibility, \"org\"),\n eq(resourceTable.orgId, orgId),\n )!,\n );\n }\n }\n if (userEmail) {\n const shareScope = restrictedShareScopeSql(reg, resourceTable, ctx);\n clauses.push(\n sql`exists (select 1 from ${sharesTable}\n where ${sharesTable.resourceId} = ${resourceTable.id}\n and ${sharesTable.principalType} = 'user'\n and ${sharesTable.principalId} = ${userEmail}\n and ${shareScope}\n and ${minRoleSql(minRole)})`,\n );\n }\n if (orgId) {\n const shareScope = restrictedShareScopeSql(reg, resourceTable, ctx);\n clauses.push(\n sql`exists (select 1 from ${sharesTable}\n where ${sharesTable.resourceId} = ${resourceTable.id}\n and ${sharesTable.principalType} = 'org'\n and ${sharesTable.principalId} = ${orgId}\n and ${shareScope}\n and ${minRoleSql(minRole)})`,\n );\n }\n\n return or(...clauses) ?? sql`1=0`;\n}\n\nfunction ownerScopeFilter(resourceTable: any, ctx: AccessContext): SQL {\n if (ctx.orgId) {\n // Rows created before org-scoping, or in solo mode, have no org_id. Keep\n // them manageable by their owner after the owner joins or switches into an\n // organization, while still keeping rows from other orgs out of scope.\n return or(\n eq(resourceTable.orgId, ctx.orgId),\n sql`${resourceTable.orgId} IS NULL`,\n )!;\n }\n return sql`${resourceTable.orgId} IS NULL`;\n}\n\nfunction ownerMatchesActiveScope(resource: any, ctx: AccessContext): boolean {\n const resourceOrgId = resource?.orgId ?? null;\n if (!resourceOrgId) return true;\n return ctx.orgId === resourceOrgId;\n}\n\nfunction minRoleSql(minRole: ShareRole): SQL {\n if (minRole === \"viewer\") {\n // any role satisfies viewer\n return sql`1=1`;\n }\n if (minRole === \"editor\") {\n return sql`role in ('editor','admin')`;\n }\n return sql`role = 'admin'`;\n}\n\nfunction restrictedShareScopeSql(\n reg: ShareableResourceRegistration | undefined,\n resourceTable: any,\n ctx: AccessContext,\n): SQL {\n // Restricted resources (extensions) must stay inside their resource org even\n // if stale cross-org share rows already exist from older code or bad data.\n if (reg?.requireOrgMemberForUserShares !== true) return sql`1=1`;\n if (!ctx.orgId) return sql`1=0`;\n return eq(resourceTable.orgId, ctx.orgId);\n}\n\nfunction explicitSharesAllowedForResource(\n reg: ShareableResourceRegistration,\n resource: any,\n ctx: AccessContext,\n): boolean {\n if (reg.requireOrgMemberForUserShares !== true) return true;\n const resourceOrgId = resource?.orgId ?? null;\n return !!resourceOrgId && !!ctx.orgId && resourceOrgId === ctx.orgId;\n}\n\nexport interface ResolvedAccess {\n /** Effective role: 'owner' for the resource owner, or the share role. */\n role: \"owner\" | ShareRole;\n /** The resource row (already loaded). */\n resource: any;\n}\n\n/**\n * Return the effective role the current user has on a specific resource, or\n * null if they have no access. Loads the resource and relevant share rows.\n */\nexport async function resolveAccess(\n resourceType: string,\n resourceId: string,\n ctx: AccessContext = currentAccess(),\n): Promise<ResolvedAccess | null> {\n const reg = requireShareableResource(resourceType);\n const db = reg.getDb() as any;\n\n const [resource] = await db\n .select()\n .from(reg.resourceTable)\n .where(eq(reg.resourceTable.id, resourceId));\n if (!resource) return null;\n\n const { userEmail, orgId } = ctx;\n\n if (\n userEmail &&\n resource.ownerEmail === userEmail &&\n ownerMatchesActiveScope(resource, ctx)\n ) {\n return { role: \"owner\", resource };\n }\n if (resource.visibility === \"public\" && reg.allowPublic !== false) {\n // No share row needed; default viewer unless upgraded below.\n const role = await highestShareRole(reg, resourceId, ctx, resource);\n return { role: role ?? \"viewer\", resource };\n }\n // `visibility === \"public\"` on an `allowPublic: false` resource is treated\n // as private: only owner + explicit shares grant access. Falls through to\n // the explicit-share lookup below.\n if (resource.visibility === \"org\" && orgId && resource.orgId === orgId) {\n const role = await highestShareRole(reg, resourceId, ctx, resource);\n return { role: role ?? \"viewer\", resource };\n }\n const role = await highestShareRole(reg, resourceId, ctx, resource);\n if (role) return { role, resource };\n return null;\n}\n\nasync function highestShareRole(\n reg: ShareableResourceRegistration,\n resourceId: string,\n ctx: AccessContext,\n resource: any,\n): Promise<ShareRole | null> {\n const { userEmail, orgId } = ctx;\n if (!userEmail && !orgId) return null;\n if (!explicitSharesAllowedForResource(reg, resource, ctx)) return null;\n const db = reg.getDb() as any;\n\n const principalClauses: ReturnType<typeof and>[] = [];\n if (userEmail) {\n principalClauses.push(\n and(\n eq(reg.sharesTable.principalType, \"user\"),\n eq(reg.sharesTable.principalId, userEmail),\n ),\n );\n }\n if (orgId) {\n principalClauses.push(\n and(\n eq(reg.sharesTable.principalType, \"org\"),\n eq(reg.sharesTable.principalId, orgId),\n ),\n );\n }\n\n const rows = await db\n .select({ role: reg.sharesTable.role })\n .from(reg.sharesTable)\n .where(\n and(eq(reg.sharesTable.resourceId, resourceId), or(...principalClauses)),\n )\n .limit(10);\n\n let best: ShareRole | null = null;\n for (const r of rows as Array<{ role: ShareRole }>) {\n if (!best || ROLE_RANK[r.role] > ROLE_RANK[best]) best = r.role;\n }\n return best;\n}\n\n/**\n * Throw ForbiddenError if the current user can't act on this resource with at\n * least the given role. Used at the top of update/delete actions.\n */\nexport async function assertAccess(\n resourceType: string,\n resourceId: string,\n minRole: ShareRole | \"owner\" = \"viewer\",\n ctx: AccessContext = currentAccess(),\n): Promise<ResolvedAccess> {\n const access = await resolveAccess(resourceType, resourceId, ctx);\n if (!access) {\n throw new ForbiddenError(`No access to ${resourceType} ${resourceId}`);\n }\n if (ROLE_RANK[access.role] < ROLE_RANK[minRole]) {\n throw new ForbiddenError(\n `Requires ${minRole} role on ${resourceType} ${resourceId} (have ${access.role})`,\n );\n }\n return access;\n}\n"]}
package/dist/triggers/dispatcher.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"dispatcher.d.ts","sourceRoot":"","sources":["../../src/triggers/dispatcher.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAOH,OAAO,EAIL,KAAK,WAAW,EACjB,MAAM,8BAA8B,CAAC;AAQtC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAKrD,iBAAS,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG;IACjD,IAAI,EAAE,kBAAkB,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAsFA;AAED,iBAAS,mBAAmB,CAAC,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAsB3E;AAID,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9C,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD;;;GAGG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAGf;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,IAAI,CAAC,CAwB/D;AA2PD,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,CAAC"}
1
+ {"version":3,"file":"dispatcher.d.ts","sourceRoot":"","sources":["../../src/triggers/dispatcher.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,EAIL,KAAK,WAAW,EACjB,MAAM,8BAA8B,CAAC;AAQtC,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAKrD,iBAAS,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG;IACjD,IAAI,EAAE,kBAAkB,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;CACd,CAsFA;AAED,iBAAS,mBAAmB,CAAC,IAAI,EAAE,kBAAkB,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAsB3E;AAID,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,MAAM,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IAC9C,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACpD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAMD;;;GAGG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAGf;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC,IAAI,CAAC,CAwB/D;AA2PD,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,CAAC"}
package/dist/triggers/dispatcher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"dispatcher.js","sourceRoot":"","sources":["../../src/triggers/dispatcher.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,OAAO,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,GAErB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAG7D,uEAAuE;AACvE,MAAM,cAAc,GAAG,oCAAoC,CAAC;AAE5D,SAAS,uBAAuB,CAAC,OAAe;IAI9C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ,EAAE,EAAE;gBACZ,OAAO,EAAE,KAAK;gBACd,WAAW,EAAE,UAAU;gBACvB,IAAI,EAAE,SAAS;aAChB;YACD,IAAI,EAAE,OAAO;SACd,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAE7B,MAAM,IAAI,GAAuB;QAC/B,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,SAAS;KAChB,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,SAAS;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,UAAU;gBACb,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;gBACtB,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,OAAO,GAAG,KAAK,KAAK,OAAO,CAAC;gBACjC,MAAM;YACR,KAAK,aAAa;gBAChB,IAAI,CAAC,WAAW;oBACd,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC;gBACjE,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;gBACnB,MAAM;YACR,KAAK,WAAW;gBACd,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;gBACvB,MAAM;YACR,KAAK,MAAM;gBACT,IAAI,CAAC,IAAI;oBACP,KAAK,KAAK,eAAe,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;gBACvE,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;gBACpB,MAAM;YACR,KAAK,WAAW;gBACd,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;gBACvB,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;gBACnB,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,KAAK;oBACR,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;gBAChE,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;gBACrB,MAAM;YACR,KAAK,YAAY;gBACf,IAAI,CAAC,UAAU,GAAG,KAAyC,CAAC;gBAC5D,MAAM;YACR,KAAK,WAAW;gBACd,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;gBACvB,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;gBACrB,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAwB,EAAE,IAAY;IACjE,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC;IACtB,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACvC,KAAK,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAC/C,IAAI,IAAI,CAAC,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACnD,IAAI,IAAI,CAAC,SAAS;QAChB,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACpE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,IAAI,IAAI,CAAC,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC/D,IAAI,IAAI,CAAC,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACnD,IAAI,IAAI,CAAC,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACnD,IAAI,IAAI,CAAC,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACzD,IAAI,IAAI,CAAC,UAAU;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAClE,IAAI,IAAI,CAAC,SAAS;QAChB,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACpE,IAAI,IAAI,CAAC,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACzD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAaD,yDAAyD;AACzD,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;AAC5C,IAAI,KAAK,GAAiC,IAAI,CAAC;AAE/C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAA2B;IAE3B,KAAK,GAAG,IAAI,CAAC;IACb,MAAM,yBAAyB,EAAE,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QAErC,KAAK,MAAM,QAAQ,IAAI,YAAY,EAAE,CAAC;YACpC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,SAAS;YAC7C,MAAM,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC3D,IAAI,IAAI,CAAC,WAAW,KAAK,OAAO,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC/D,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACtC,SAAS,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CAC1C,WAAW,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAC3C,CAAC;gBACF,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,GAAG,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,OAAgB,EAChB,SAAoB;IAEpB,IAAI,CAAC,KAAK;QAAE,OAAO;IAEnB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,gBAAgB,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACjD,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC1C,MAAM,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACpD,4DAA4D;YAC5D,+DAA+D;YAC/D,IACE,SAAS,CAAC,KAAK;gBACf,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,KAAK;gBAC3B,CAAC,CAAC,KAAK,KAAK,YAAY,EACxB,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,CACL,IAAI,CAAC,WAAW,KAAK,OAAO;gBAC5B,IAAI,CAAC,KAAK,KAAK,SAAS;gBACxB,IAAI,CAAC,OAAO;gBACZ,IAAI,CAAC,UAAU,KAAK,SAAS,CAC9B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACjE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAE3B,2CAA2C;YAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC;YAC/C,MAAM,UAAU,GAAG,MAAM,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACrD,MAAM,MAAM,GACV,UAAU,IAAI,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;YAC9D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CACV,sCAAsC,QAAQ,CAAC,IAAI,cAAc,CAClE,CAAC;gBACF,SAAS;YACX,CAAC;YAED,qBAAqB;YACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YACzE,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,WAAW;YACX,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC5B,MAAM,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;YAC1E,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CACV,0DAA0D,QAAQ,CAAC,IAAI,cAAc,CACtF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,SAAS,IAAI,EAAE,GAAG,CAAC,CAAC;IACxE,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,wBAAwB,CACrC,YAAoB,EACpB,QAA4B;IAE5B,IAAI,YAAY,KAAK,YAAY;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;QACtD,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,8CAA8C;YACnD,IAAI,EAAE,CAAC,YAAY,CAAC;SACrB,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,YAAY,oBAAoB,EAAE,CAAC;QAC1E,CAAC;QACD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;gBACpC,GAAG,EAAE,gFAAgF;gBACrF,IAAI,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC;aAC/B,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzD,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,SAAS,YAAY,mCAAmC,QAAQ,GAAG;iBAC5E,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAC9C,IACE,GAAG,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAC9B,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC7B,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAC/B,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,CAAC,IAAI,CACV,qDAAqD,YAAY,IAAI,EACrE,GAAG,EAAE,OAAO,CACb,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,QAA0D,EAC1D,IAAwB,EACxB,IAAY,EACZ,OAAgB,EAChB,SAAoB,EACpB,MAAc;IAEd,IAAI,CAAC,KAAK;QAAE,OAAO;IAEnB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC9E,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC;IAEzC,qEAAqE;IACrE,oEAAoE;IACpE,oEAAoE;IACpE,uEAAuE;IACvE,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IACxE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CACV,gCAAgC,WAAW,MAAM,QAAQ,CAAC,MAAM,IAAI;YAClE,mEAAmE,CACtE,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC;QACjC,MAAM,WAAW,CACf,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,IAAI,EACb,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAChC,CAAC;QACF,OAAO;IACT,CAAC;IAED,kBAAkB;IAClB,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC5B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC3B,MAAM,WAAW,CACf,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,IAAI,EACb,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAChC,CAAC;IAEF,MAAM,qBAAqB,CACzB,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,EAC5C,KAAK,IAAI,EAAE;QACT,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,KAAM,CAAC,UAAU,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,MAAM,KAAM,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;YAChE,MAAM,KAAK,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;YAE5C,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC;gBACjC,MAAM;gBACN,KAAK,EAAE,KAAM,CAAC,KAAK;aACpB,CAAC,CAAC;YACH,MAAM,KAAK,GACT,KAAM,CAAC,KAAK;gBACZ,CAAC,MAAM,uBAAuB,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAM,CAAC,KAAK,EAAE,CAAC,CAAC;gBAChE,MAAM,CAAC,YAAY,CAAC;YACtB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,EAAE;gBAC9C,KAAK,EAAE,YAAY,WAAW,MAAM,GAAG,CAAC,kBAAkB,EAAE,EAAE;aAC/D,CAAC,CAAC;YAEH,IAAI,UAAkB,CAAC;YACvB,IAAI,CAAC;gBACH,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;YAED,MAAM,WAAW,GAAG,wBAAwB,WAAW;SACtD,IAAI,CAAC,KAAK;YACP,SAAS,CAAC,OAAO;YACjB,SAAS,CAAC,SAAS;;;EAG7B,UAAU;;;;EAIV,IAAI,EAAE,CAAC;YAED,MAAM,QAAQ,GAAG;gBACf;oBACE,IAAI,EAAE,MAAe;oBACrB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;iBACxD;aACF,CAAC;YAEF,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAEpE,MAAM,MAAM,GAAqB,EAAE,CAAC;YAEpC,IAAI,CAAC;gBACH,MAAM,YAAY,CAAC;oBACjB,MAAM;oBACN,KAAK;oBACL,YAAY;oBACZ,KAAK;oBACL,QAAQ;oBACR,OAAO;oBACP,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;oBACnC,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;YAED,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;YAC5B,MAAM,WAAW,CACf,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,IAAI,EACb,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAChC,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,eAAe,WAAW,0BAA0B,CAAC,CAAC;QACpE,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC;YAC1B,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,eAAe,CAAC;YAChE,MAAM,WAAW,CACf,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,IAAI,EACb,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAChC,CAAC;YACF,OAAO,CAAC,KAAK,CAAC,eAAe,WAAW,WAAW,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QACrE,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,CAAC","sourcesContent":["/**\n * Trigger dispatcher — bridges the event bus to the automation system.\n *\n * On startup, loads all event-triggered jobs from the resources store,\n * subscribes to their events, and dispatches them (condition eval → agent\n * loop) when matching events fire.\n */\n\nimport { randomUUID } from \"node:crypto\";\nimport { subscribe } from \"../event-bus/index.js\";\nimport type { EventMeta } from \"../event-bus/types.js\";\nimport { resourceListAllOwners, resourcePut } from \"../resources/store.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport {\n runAgentLoop,\n actionsToEngineTools,\n getOwnerActiveApiKey,\n type ActionEntry,\n} from \"../agent/production-agent.js\";\nimport {\n getStoredModelForEngine,\n resolveEngine,\n} from \"../agent/engine/index.js\";\nimport { createThread } from \"../chat-threads/store.js\";\nimport type { AgentChatEvent } from \"../agent/types.js\";\nimport { evaluateCondition } from \"./condition-evaluator.js\";\nimport type { TriggerFrontmatter } from \"./types.js\";\n\n// Re-use the job frontmatter parser — triggers extend the same format.\nconst FRONTMATTER_RE = /^---\\n([\\s\\S]*?)\\n---\\n?([\\s\\S]*)$/;\n\nfunction parseTriggerFrontmatter(content: string): {\n meta: TriggerFrontmatter;\n body: string;\n} {\n const match = content.match(FRONTMATTER_RE);\n if (!match) {\n return {\n meta: {\n schedule: \"\",\n enabled: false,\n triggerType: \"schedule\",\n mode: \"agentic\",\n },\n body: content,\n };\n }\n\n const yamlBlock = match[1];\n const body = match[2].trim();\n\n const meta: TriggerFrontmatter = {\n schedule: \"\",\n enabled: true,\n triggerType: \"schedule\",\n mode: \"agentic\",\n };\n\n for (const line of yamlBlock.split(\"\\n\")) {\n const colonIdx = line.indexOf(\":\");\n if (colonIdx === -1) continue;\n const key = line.slice(0, colonIdx).trim();\n let value = line.slice(colonIdx + 1).trim();\n if (\n (value.startsWith('\"') && value.endsWith('\"')) ||\n (value.startsWith(\"'\") && value.endsWith(\"'\"))\n ) {\n value = value.slice(1, -1);\n }\n\n switch (key) {\n case \"schedule\":\n meta.schedule = value;\n break;\n case \"enabled\":\n meta.enabled = value !== \"false\";\n break;\n case \"triggerType\":\n meta.triggerType =\n value === \"event\" || value === \"schedule\" ? value : \"schedule\";\n break;\n case \"event\":\n meta.event = value;\n break;\n case \"condition\":\n meta.condition = value;\n break;\n case \"mode\":\n meta.mode =\n value === \"deterministic\" || value === \"agentic\" ? value : \"agentic\";\n break;\n case \"domain\":\n meta.domain = value;\n break;\n case \"createdBy\":\n meta.createdBy = value;\n break;\n case \"orgId\":\n meta.orgId = value;\n break;\n case \"runAs\":\n meta.runAs =\n value === \"shared\" || value === \"creator\" ? value : undefined;\n break;\n case \"lastRun\":\n meta.lastRun = value;\n break;\n case \"lastStatus\":\n meta.lastStatus = value as TriggerFrontmatter[\"lastStatus\"];\n break;\n case \"lastError\":\n meta.lastError = value;\n break;\n case \"nextRun\":\n meta.nextRun = value;\n break;\n }\n }\n\n return { meta, body };\n}\n\nfunction buildTriggerContent(meta: TriggerFrontmatter, body: string): string {\n const lines = [\"---\"];\n lines.push(`schedule: \"${meta.schedule}\"`);\n lines.push(`enabled: ${meta.enabled}`);\n lines.push(`triggerType: ${meta.triggerType}`);\n if (meta.event) lines.push(`event: ${meta.event}`);\n if (meta.condition)\n lines.push(`condition: \"${meta.condition.replace(/\"/g, '\\\\\"')}\"`);\n lines.push(`mode: ${meta.mode}`);\n if (meta.domain) lines.push(`domain: ${meta.domain}`);\n if (meta.createdBy) lines.push(`createdBy: ${meta.createdBy}`);\n if (meta.orgId) lines.push(`orgId: ${meta.orgId}`);\n if (meta.runAs) lines.push(`runAs: ${meta.runAs}`);\n if (meta.lastRun) lines.push(`lastRun: ${meta.lastRun}`);\n if (meta.lastStatus) lines.push(`lastStatus: ${meta.lastStatus}`);\n if (meta.lastError)\n lines.push(`lastError: \"${meta.lastError.replace(/\"/g, '\\\\\"')}\"`);\n if (meta.nextRun) lines.push(`nextRun: ${meta.nextRun}`);\n lines.push(\"---\");\n lines.push(\"\");\n lines.push(body);\n return lines.join(\"\\n\");\n}\n\n// ─── Dispatcher deps (same pattern as SchedulerDeps) ────────────────────────\n\nexport interface TriggerDispatcherDeps {\n getActions: () => Record<string, ActionEntry>;\n getSystemPrompt: (owner: string) => Promise<string>;\n apiKey?: string;\n model?: string;\n /** App/template id used for org-scoped per-app model defaults. */\n appId?: string;\n}\n\n// Track active subscriptions to avoid double-subscribing\nconst _subscribedEvents = new Set<string>();\nlet _deps: TriggerDispatcherDeps | null = null;\n\n/**\n * Initialize the trigger dispatcher. Call once at server startup.\n * Loads all event-triggered jobs and subscribes to their events.\n */\nexport async function initTriggerDispatcher(\n deps: TriggerDispatcherDeps,\n): Promise<void> {\n _deps = deps;\n await refreshEventSubscriptions();\n}\n\n/**\n * Refresh event subscriptions from the resource store.\n * Call after creating/updating triggers.\n */\nexport async function refreshEventSubscriptions(): Promise<void> {\n try {\n const jobResources = await resourceListAllOwners(\"jobs/\");\n const eventNames = new Set<string>();\n\n for (const resource of jobResources) {\n if (!resource.path.endsWith(\".md\")) continue;\n const { meta } = parseTriggerFrontmatter(resource.content);\n if (meta.triggerType === \"event\" && meta.event && meta.enabled) {\n eventNames.add(meta.event);\n }\n }\n\n for (const eventName of eventNames) {\n if (!_subscribedEvents.has(eventName)) {\n subscribe(eventName, (payload, eventMeta) =>\n handleEvent(eventName, payload, eventMeta),\n );\n _subscribedEvents.add(eventName);\n }\n }\n } catch (err) {\n console.error(\"[triggers] Failed to refresh event subscriptions:\", err);\n }\n}\n\nasync function handleEvent(\n eventName: string,\n payload: unknown,\n eventMeta: EventMeta,\n): Promise<void> {\n if (!_deps) return;\n\n try {\n const jobResources = await resourceListAllOwners(\"jobs/\");\n const matchingTriggers = jobResources.filter((r) => {\n if (!r.path.endsWith(\".md\")) return false;\n const { meta } = parseTriggerFrontmatter(r.content);\n // Scope: only dispatch triggers owned by the event's owner,\n // or shared triggers. Prevents cross-tenant trigger execution.\n if (\n eventMeta.owner &&\n r.owner !== eventMeta.owner &&\n r.owner !== \"__shared__\"\n ) {\n return false;\n }\n return (\n meta.triggerType === \"event\" &&\n meta.event === eventName &&\n meta.enabled &&\n meta.lastStatus !== \"running\"\n );\n });\n\n for (const resource of matchingTriggers) {\n const { meta, body } = parseTriggerFrontmatter(resource.content);\n if (!body.trim()) continue;\n\n // Resolve API key for condition evaluation\n const owner = meta.createdBy || resource.owner;\n const userApiKey = await getOwnerActiveApiKey(owner);\n const apiKey =\n userApiKey || _deps.apiKey || process.env.ANTHROPIC_API_KEY;\n if (!apiKey) {\n console.warn(\n `[triggers] No API key for trigger \"${resource.path}\" — skipping`,\n );\n continue;\n }\n\n // Evaluate condition\n const matches = await evaluateCondition(meta.condition, payload, apiKey);\n if (!matches) continue;\n\n // Dispatch\n if (meta.mode === \"agentic\") {\n await dispatchAgentic(resource, meta, body, payload, eventMeta, apiKey);\n } else {\n console.warn(\n `[triggers] Deterministic mode not yet implemented for \"${resource.path}\" — skipping`,\n );\n }\n }\n } catch (err) {\n console.error(`[triggers] Error handling event \"${eventName}\":`, err);\n }\n}\n\n/**\n * Validate that the run-as user still exists and (if scoped to an org) is\n * still a member of that org. Mirrors the recurring-jobs scheduler check\n * (audit 12 #10): event-triggered automations must stop firing when the\n * creator is removed/demoted.\n */\nasync function isTriggerRunAsStillValid(\n jobUserEmail: string,\n jobOrgId: string | undefined,\n): Promise<{ ok: boolean; reason?: string }> {\n if (jobUserEmail === \"__shared__\") return { ok: true };\n try {\n const { getDbExec } = await import(\"../db/client.js\");\n const db = getDbExec();\n const userResult = await db.execute({\n sql: `SELECT 1 FROM \"user\" WHERE email = ? LIMIT 1`,\n args: [jobUserEmail],\n });\n if (!userResult.rows || userResult.rows.length === 0) {\n return { ok: false, reason: `user \"${jobUserEmail}\" no longer exists` };\n }\n if (jobOrgId) {\n const memberResult = await db.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = LOWER(?) LIMIT 1`,\n args: [jobOrgId, jobUserEmail],\n });\n if (!memberResult.rows || memberResult.rows.length === 0) {\n return {\n ok: false,\n reason: `user \"${jobUserEmail}\" is no longer a member of org \"${jobOrgId}\"`,\n };\n }\n }\n return { ok: true };\n } catch (err: any) {\n const msg = err?.message?.toLowerCase() ?? \"\";\n if (\n msg.includes(\"does not exist\") ||\n msg.includes(\"no such table\") ||\n msg.includes(\"undefined table\")\n ) {\n return { ok: true };\n }\n console.warn(\n `[triggers] User/membership validation failed for \"${jobUserEmail}\":`,\n err?.message,\n );\n return { ok: true };\n }\n}\n\nasync function dispatchAgentic(\n resource: { path: string; owner: string; content: string },\n meta: TriggerFrontmatter,\n body: string,\n payload: unknown,\n eventMeta: EventMeta,\n apiKey: string,\n): Promise<void> {\n if (!_deps) return;\n\n const triggerName = resource.path.replace(/^jobs\\//, \"\").replace(/\\.md$/, \"\");\n const now = new Date();\n\n const jobUserEmail = meta.createdBy || resource.owner;\n const jobOrgId = meta.orgId ?? undefined;\n\n // SECURITY (audit 12 #10): re-validate the run-as user/membership on\n // every dispatch. Sharing revocation, user deletion, and org-member\n // removal must take effect for already-scheduled triggers. Skip the\n // dispatch on failure; leave the trigger entry alone for admin review.\n const validity = await isTriggerRunAsStillValid(jobUserEmail, jobOrgId);\n if (!validity.ok) {\n console.warn(\n `[triggers] Skipping trigger \"${triggerName}\": ${validity.reason}. ` +\n `User/membership no longer valid — leaving entry for admin review.`,\n );\n meta.lastRun = now.toISOString();\n meta.lastStatus = \"skipped\";\n meta.lastError = validity.reason;\n await resourcePut(\n resource.owner,\n resource.path,\n buildTriggerContent(meta, body),\n );\n return;\n }\n\n // Mark as running\n meta.lastRun = now.toISOString();\n meta.lastStatus = \"running\";\n meta.lastError = undefined;\n await resourcePut(\n resource.owner,\n resource.path,\n buildTriggerContent(meta, body),\n );\n\n await runWithRequestContext(\n { userEmail: jobUserEmail, orgId: jobOrgId },\n async () => {\n try {\n const actions = _deps!.getActions();\n const systemPrompt = await _deps!.getSystemPrompt(jobUserEmail);\n const tools = actionsToEngineTools(actions);\n\n const engine = await resolveEngine({\n apiKey,\n appId: _deps!.appId,\n });\n const model =\n _deps!.model ??\n (await getStoredModelForEngine(engine, { appId: _deps!.appId })) ??\n engine.defaultModel;\n const thread = await createThread(jobUserEmail, {\n title: `Trigger: ${triggerName} — ${now.toLocaleDateString()}`,\n });\n\n let payloadStr: string;\n try {\n payloadStr = JSON.stringify(payload, null, 2);\n } catch {\n payloadStr = String(payload);\n }\n\n const triggerText = `[Automation Trigger: ${triggerName}]\nEvent: ${meta.event}\nEvent ID: ${eventMeta.eventId}\nFired at: ${eventMeta.emittedAt}\n\nEvent payload:\n${payloadStr}\n\nExecute the following automation instructions:\n\n${body}`;\n\n const messages = [\n {\n role: \"user\" as const,\n content: [{ type: \"text\" as const, text: triggerText }],\n },\n ];\n\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), 5 * 60 * 1000);\n\n const events: AgentChatEvent[] = [];\n\n try {\n await runAgentLoop({\n engine,\n model,\n systemPrompt,\n tools,\n messages,\n actions,\n send: (event) => events.push(event),\n signal: controller.signal,\n });\n } finally {\n clearTimeout(timeout);\n }\n\n meta.lastStatus = \"success\";\n await resourcePut(\n resource.owner,\n resource.path,\n buildTriggerContent(meta, body),\n );\n\n console.log(`[triggers] \"${triggerName}\" completed successfully`);\n } catch (err: any) {\n meta.lastStatus = \"error\";\n meta.lastError = err?.message?.slice(0, 200) || \"Unknown error\";\n await resourcePut(\n resource.owner,\n resource.path,\n buildTriggerContent(meta, body),\n );\n console.error(`[triggers] \"${triggerName}\" failed:`, err?.message);\n }\n },\n );\n}\n\nexport { parseTriggerFrontmatter, buildTriggerContent };\n"]}
1
+ {"version":3,"file":"dispatcher.js","sourceRoot":"","sources":["../../src/triggers/dispatcher.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD,OAAO,EAAE,qBAAqB,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAC3E,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,oBAAoB,GAErB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,uBAAuB,EACvB,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAExD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAG7D,uEAAuE;AACvE,MAAM,cAAc,GAAG,oCAAoC,CAAC;AAE5D,SAAS,uBAAuB,CAAC,OAAe;IAI9C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO;YACL,IAAI,EAAE;gBACJ,QAAQ,EAAE,EAAE;gBACZ,OAAO,EAAE,KAAK;gBACd,WAAW,EAAE,UAAU;gBACvB,IAAI,EAAE,SAAS;aAChB;YACD,IAAI,EAAE,OAAO;SACd,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3B,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAE7B,MAAM,IAAI,GAAuB;QAC/B,QAAQ,EAAE,EAAE;QACZ,OAAO,EAAE,IAAI;QACb,WAAW,EAAE,UAAU;QACvB,IAAI,EAAE,SAAS;KAChB,CAAC;IAEF,KAAK,MAAM,IAAI,IAAI,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,QAAQ,KAAK,CAAC,CAAC;YAAE,SAAS;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;QAC3C,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5C,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QAED,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,UAAU;gBACb,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;gBACtB,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,OAAO,GAAG,KAAK,KAAK,OAAO,CAAC;gBACjC,MAAM;YACR,KAAK,aAAa;gBAChB,IAAI,CAAC,WAAW;oBACd,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC;gBACjE,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;gBACnB,MAAM;YACR,KAAK,WAAW;gBACd,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;gBACvB,MAAM;YACR,KAAK,MAAM;gBACT,IAAI,CAAC,IAAI;oBACP,KAAK,KAAK,eAAe,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;gBACvE,MAAM;YACR,KAAK,QAAQ;gBACX,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;gBACpB,MAAM;YACR,KAAK,WAAW;gBACd,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;gBACvB,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;gBACnB,MAAM;YACR,KAAK,OAAO;gBACV,IAAI,CAAC,KAAK;oBACR,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;gBAChE,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;gBACrB,MAAM;YACR,KAAK,YAAY;gBACf,IAAI,CAAC,UAAU,GAAG,KAAyC,CAAC;gBAC5D,MAAM;YACR,KAAK,WAAW;gBACd,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;gBACvB,MAAM;YACR,KAAK,SAAS;gBACZ,IAAI,CAAC,OAAO,GAAG,KAAK,CAAC;gBACrB,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,mBAAmB,CAAC,IAAwB,EAAE,IAAY;IACjE,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC;IACtB,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAC;IAC3C,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACvC,KAAK,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IAC/C,IAAI,IAAI,CAAC,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACnD,IAAI,IAAI,CAAC,SAAS;QAChB,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACpE,KAAK,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACtD,IAAI,IAAI,CAAC,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,cAAc,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;IAC/D,IAAI,IAAI,CAAC,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACnD,IAAI,IAAI,CAAC,KAAK;QAAE,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACnD,IAAI,IAAI,CAAC,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACzD,IAAI,IAAI,CAAC,UAAU;QAAE,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAClE,IAAI,IAAI,CAAC,SAAS;QAChB,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IACpE,IAAI,IAAI,CAAC,OAAO;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACzD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACf,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACjB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAaD,yDAAyD;AACzD,MAAM,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;AAC5C,IAAI,KAAK,GAAiC,IAAI,CAAC;AAE/C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,IAA2B;IAE3B,KAAK,GAAG,IAAI,CAAC;IACb,MAAM,yBAAyB,EAAE,CAAC;AACpC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAC7C,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;QAErC,KAAK,MAAM,QAAQ,IAAI,YAAY,EAAE,CAAC;YACpC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,SAAS;YAC7C,MAAM,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC3D,IAAI,IAAI,CAAC,WAAW,KAAK,OAAO,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC/D,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;YACnC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;gBACtC,SAAS,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CAC1C,WAAW,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC,CAC3C,CAAC;gBACF,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,GAAG,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,OAAgB,EAChB,SAAoB;IAEpB,IAAI,CAAC,KAAK;QAAE,OAAO;IAEnB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,gBAAgB,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACjD,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC1C,MAAM,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACpD,4DAA4D;YAC5D,+DAA+D;YAC/D,IACE,SAAS,CAAC,KAAK;gBACf,CAAC,CAAC,KAAK,KAAK,SAAS,CAAC,KAAK;gBAC3B,CAAC,CAAC,KAAK,KAAK,YAAY,EACxB,CAAC;gBACD,OAAO,KAAK,CAAC;YACf,CAAC;YACD,OAAO,CACL,IAAI,CAAC,WAAW,KAAK,OAAO;gBAC5B,IAAI,CAAC,KAAK,KAAK,SAAS;gBACxB,IAAI,CAAC,OAAO;gBACZ,IAAI,CAAC,UAAU,KAAK,SAAS,CAC9B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE,CAAC;YACxC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,uBAAuB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACjE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;gBAAE,SAAS;YAE3B,2CAA2C;YAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC;YAC/C,MAAM,UAAU,GAAG,MAAM,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACrD,MAAM,MAAM,GACV,UAAU,IAAI,KAAK,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;YAC9D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,IAAI,CACV,sCAAsC,QAAQ,CAAC,IAAI,cAAc,CAClE,CAAC;gBACF,SAAS;YACX,CAAC;YAED,qBAAqB;YACrB,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;YACzE,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,WAAW;YACX,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC5B,MAAM,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;YAC1E,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,IAAI,CACV,0DAA0D,QAAQ,CAAC,IAAI,cAAc,CACtF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,oCAAoC,SAAS,IAAI,EAAE,GAAG,CAAC,CAAC;IACxE,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,wBAAwB,CACrC,YAAoB,EACpB,QAA4B;IAE5B,IAAI,YAAY,KAAK,YAAY;QAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,CAAC;QACtD,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;QACvB,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,8CAA8C;YACnD,IAAI,EAAE,CAAC,YAAY,CAAC;SACrB,CAAC,CAAC;QACH,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,YAAY,oBAAoB,EAAE,CAAC;QAC1E,CAAC;QACD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;gBACpC,GAAG,EAAE,gFAAgF;gBACrF,IAAI,EAAE,CAAC,QAAQ,EAAE,YAAY,CAAC;aAC/B,CAAC,CAAC;YACH,IAAI,CAAC,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzD,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,SAAS,YAAY,mCAAmC,QAAQ,GAAG;iBAC5E,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;QAC9C,IACE,GAAG,CAAC,QAAQ,CAAC,gBAAgB,CAAC;YAC9B,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC;YAC7B,GAAG,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAC/B,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,CAAC,IAAI,CACV,qDAAqD,YAAY,IAAI,EACrE,GAAG,EAAE,OAAO,CACb,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,QAA0D,EAC1D,IAAwB,EACxB,IAAY,EACZ,OAAgB,EAChB,SAAoB,EACpB,MAAc;IAEd,IAAI,CAAC,KAAK;QAAE,OAAO;IAEnB,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC9E,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC;IAEzC,qEAAqE;IACrE,oEAAoE;IACpE,oEAAoE;IACpE,uEAAuE;IACvE,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IACxE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CACV,gCAAgC,WAAW,MAAM,QAAQ,CAAC,MAAM,IAAI;YAClE,mEAAmE,CACtE,CAAC;QACF,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACjC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC;QACjC,MAAM,WAAW,CACf,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,IAAI,EACb,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAChC,CAAC;QACF,OAAO;IACT,CAAC;IAED,kBAAkB;IAClB,IAAI,CAAC,OAAO,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;IAC5B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;IAC3B,MAAM,WAAW,CACf,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,IAAI,EACb,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAChC,CAAC;IAEF,MAAM,qBAAqB,CACzB,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,QAAQ,EAAE,EAC5C,KAAK,IAAI,EAAE;QACT,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,KAAM,CAAC,UAAU,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,MAAM,KAAM,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;YAChE,MAAM,KAAK,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;YAE5C,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC;gBACjC,MAAM;gBACN,KAAK,EAAE,KAAM,CAAC,KAAK;aACpB,CAAC,CAAC;YACH,MAAM,KAAK,GACT,KAAM,CAAC,KAAK;gBACZ,CAAC,MAAM,uBAAuB,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAM,CAAC,KAAK,EAAE,CAAC,CAAC;gBAChE,MAAM,CAAC,YAAY,CAAC;YACtB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,YAAY,EAAE;gBAC9C,KAAK,EAAE,YAAY,WAAW,MAAM,GAAG,CAAC,kBAAkB,EAAE,EAAE;aAC/D,CAAC,CAAC;YAEH,IAAI,UAAkB,CAAC;YACvB,IAAI,CAAC;gBACH,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;YAChD,CAAC;YAAC,MAAM,CAAC;gBACP,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;YAED,MAAM,WAAW,GAAG,wBAAwB,WAAW;SACtD,IAAI,CAAC,KAAK;YACP,SAAS,CAAC,OAAO;YACjB,SAAS,CAAC,SAAS;;;EAG7B,UAAU;;;;EAIV,IAAI,EAAE,CAAC;YAED,MAAM,QAAQ,GAAG;gBACf;oBACE,IAAI,EAAE,MAAe;oBACrB,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;iBACxD;aACF,CAAC;YAEF,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAEpE,MAAM,MAAM,GAAqB,EAAE,CAAC;YAEpC,IAAI,CAAC;gBACH,MAAM,YAAY,CAAC;oBACjB,MAAM;oBACN,KAAK;oBACL,YAAY;oBACZ,KAAK;oBACL,QAAQ;oBACR,OAAO;oBACP,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;oBACnC,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;YAED,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;YAC5B,MAAM,WAAW,CACf,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,IAAI,EACb,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAChC,CAAC;YAEF,OAAO,CAAC,GAAG,CAAC,eAAe,WAAW,0BAA0B,CAAC,CAAC;QACpE,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC;YAC1B,IAAI,CAAC,SAAS,GAAG,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,eAAe,CAAC;YAChE,MAAM,WAAW,CACf,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,IAAI,EACb,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAChC,CAAC;YACF,OAAO,CAAC,KAAK,CAAC,eAAe,WAAW,WAAW,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;QACrE,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,CAAC","sourcesContent":["/**\n * Trigger dispatcher — bridges the event bus to the automation system.\n *\n * On startup, loads all event-triggered jobs from the resources store,\n * subscribes to their events, and dispatches them (condition eval → agent\n * loop) when matching events fire.\n */\n\nimport { subscribe } from \"../event-bus/index.js\";\nimport type { EventMeta } from \"../event-bus/types.js\";\nimport { resourceListAllOwners, resourcePut } from \"../resources/store.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport {\n runAgentLoop,\n actionsToEngineTools,\n getOwnerActiveApiKey,\n type ActionEntry,\n} from \"../agent/production-agent.js\";\nimport {\n getStoredModelForEngine,\n resolveEngine,\n} from \"../agent/engine/index.js\";\nimport { createThread } from \"../chat-threads/store.js\";\nimport type { AgentChatEvent } from \"../agent/types.js\";\nimport { evaluateCondition } from \"./condition-evaluator.js\";\nimport type { TriggerFrontmatter } from \"./types.js\";\n\n// Re-use the job frontmatter parser — triggers extend the same format.\nconst FRONTMATTER_RE = /^---\\n([\\s\\S]*?)\\n---\\n?([\\s\\S]*)$/;\n\nfunction parseTriggerFrontmatter(content: string): {\n meta: TriggerFrontmatter;\n body: string;\n} {\n const match = content.match(FRONTMATTER_RE);\n if (!match) {\n return {\n meta: {\n schedule: \"\",\n enabled: false,\n triggerType: \"schedule\",\n mode: \"agentic\",\n },\n body: content,\n };\n }\n\n const yamlBlock = match[1];\n const body = match[2].trim();\n\n const meta: TriggerFrontmatter = {\n schedule: \"\",\n enabled: true,\n triggerType: \"schedule\",\n mode: \"agentic\",\n };\n\n for (const line of yamlBlock.split(\"\\n\")) {\n const colonIdx = line.indexOf(\":\");\n if (colonIdx === -1) continue;\n const key = line.slice(0, colonIdx).trim();\n let value = line.slice(colonIdx + 1).trim();\n if (\n (value.startsWith('\"') && value.endsWith('\"')) ||\n (value.startsWith(\"'\") && value.endsWith(\"'\"))\n ) {\n value = value.slice(1, -1);\n }\n\n switch (key) {\n case \"schedule\":\n meta.schedule = value;\n break;\n case \"enabled\":\n meta.enabled = value !== \"false\";\n break;\n case \"triggerType\":\n meta.triggerType =\n value === \"event\" || value === \"schedule\" ? value : \"schedule\";\n break;\n case \"event\":\n meta.event = value;\n break;\n case \"condition\":\n meta.condition = value;\n break;\n case \"mode\":\n meta.mode =\n value === \"deterministic\" || value === \"agentic\" ? value : \"agentic\";\n break;\n case \"domain\":\n meta.domain = value;\n break;\n case \"createdBy\":\n meta.createdBy = value;\n break;\n case \"orgId\":\n meta.orgId = value;\n break;\n case \"runAs\":\n meta.runAs =\n value === \"shared\" || value === \"creator\" ? value : undefined;\n break;\n case \"lastRun\":\n meta.lastRun = value;\n break;\n case \"lastStatus\":\n meta.lastStatus = value as TriggerFrontmatter[\"lastStatus\"];\n break;\n case \"lastError\":\n meta.lastError = value;\n break;\n case \"nextRun\":\n meta.nextRun = value;\n break;\n }\n }\n\n return { meta, body };\n}\n\nfunction buildTriggerContent(meta: TriggerFrontmatter, body: string): string {\n const lines = [\"---\"];\n lines.push(`schedule: \"${meta.schedule}\"`);\n lines.push(`enabled: ${meta.enabled}`);\n lines.push(`triggerType: ${meta.triggerType}`);\n if (meta.event) lines.push(`event: ${meta.event}`);\n if (meta.condition)\n lines.push(`condition: \"${meta.condition.replace(/\"/g, '\\\\\"')}\"`);\n lines.push(`mode: ${meta.mode}`);\n if (meta.domain) lines.push(`domain: ${meta.domain}`);\n if (meta.createdBy) lines.push(`createdBy: ${meta.createdBy}`);\n if (meta.orgId) lines.push(`orgId: ${meta.orgId}`);\n if (meta.runAs) lines.push(`runAs: ${meta.runAs}`);\n if (meta.lastRun) lines.push(`lastRun: ${meta.lastRun}`);\n if (meta.lastStatus) lines.push(`lastStatus: ${meta.lastStatus}`);\n if (meta.lastError)\n lines.push(`lastError: \"${meta.lastError.replace(/\"/g, '\\\\\"')}\"`);\n if (meta.nextRun) lines.push(`nextRun: ${meta.nextRun}`);\n lines.push(\"---\");\n lines.push(\"\");\n lines.push(body);\n return lines.join(\"\\n\");\n}\n\n// ─── Dispatcher deps (same pattern as SchedulerDeps) ────────────────────────\n\nexport interface TriggerDispatcherDeps {\n getActions: () => Record<string, ActionEntry>;\n getSystemPrompt: (owner: string) => Promise<string>;\n apiKey?: string;\n model?: string;\n /** App/template id used for org-scoped per-app model defaults. */\n appId?: string;\n}\n\n// Track active subscriptions to avoid double-subscribing\nconst _subscribedEvents = new Set<string>();\nlet _deps: TriggerDispatcherDeps | null = null;\n\n/**\n * Initialize the trigger dispatcher. Call once at server startup.\n * Loads all event-triggered jobs and subscribes to their events.\n */\nexport async function initTriggerDispatcher(\n deps: TriggerDispatcherDeps,\n): Promise<void> {\n _deps = deps;\n await refreshEventSubscriptions();\n}\n\n/**\n * Refresh event subscriptions from the resource store.\n * Call after creating/updating triggers.\n */\nexport async function refreshEventSubscriptions(): Promise<void> {\n try {\n const jobResources = await resourceListAllOwners(\"jobs/\");\n const eventNames = new Set<string>();\n\n for (const resource of jobResources) {\n if (!resource.path.endsWith(\".md\")) continue;\n const { meta } = parseTriggerFrontmatter(resource.content);\n if (meta.triggerType === \"event\" && meta.event && meta.enabled) {\n eventNames.add(meta.event);\n }\n }\n\n for (const eventName of eventNames) {\n if (!_subscribedEvents.has(eventName)) {\n subscribe(eventName, (payload, eventMeta) =>\n handleEvent(eventName, payload, eventMeta),\n );\n _subscribedEvents.add(eventName);\n }\n }\n } catch (err) {\n console.error(\"[triggers] Failed to refresh event subscriptions:\", err);\n }\n}\n\nasync function handleEvent(\n eventName: string,\n payload: unknown,\n eventMeta: EventMeta,\n): Promise<void> {\n if (!_deps) return;\n\n try {\n const jobResources = await resourceListAllOwners(\"jobs/\");\n const matchingTriggers = jobResources.filter((r) => {\n if (!r.path.endsWith(\".md\")) return false;\n const { meta } = parseTriggerFrontmatter(r.content);\n // Scope: only dispatch triggers owned by the event's owner,\n // or shared triggers. Prevents cross-tenant trigger execution.\n if (\n eventMeta.owner &&\n r.owner !== eventMeta.owner &&\n r.owner !== \"__shared__\"\n ) {\n return false;\n }\n return (\n meta.triggerType === \"event\" &&\n meta.event === eventName &&\n meta.enabled &&\n meta.lastStatus !== \"running\"\n );\n });\n\n for (const resource of matchingTriggers) {\n const { meta, body } = parseTriggerFrontmatter(resource.content);\n if (!body.trim()) continue;\n\n // Resolve API key for condition evaluation\n const owner = meta.createdBy || resource.owner;\n const userApiKey = await getOwnerActiveApiKey(owner);\n const apiKey =\n userApiKey || _deps.apiKey || process.env.ANTHROPIC_API_KEY;\n if (!apiKey) {\n console.warn(\n `[triggers] No API key for trigger \"${resource.path}\" — skipping`,\n );\n continue;\n }\n\n // Evaluate condition\n const matches = await evaluateCondition(meta.condition, payload, apiKey);\n if (!matches) continue;\n\n // Dispatch\n if (meta.mode === \"agentic\") {\n await dispatchAgentic(resource, meta, body, payload, eventMeta, apiKey);\n } else {\n console.warn(\n `[triggers] Deterministic mode not yet implemented for \"${resource.path}\" — skipping`,\n );\n }\n }\n } catch (err) {\n console.error(`[triggers] Error handling event \"${eventName}\":`, err);\n }\n}\n\n/**\n * Validate that the run-as user still exists and (if scoped to an org) is\n * still a member of that org. Mirrors the recurring-jobs scheduler check\n * (audit 12 #10): event-triggered automations must stop firing when the\n * creator is removed/demoted.\n */\nasync function isTriggerRunAsStillValid(\n jobUserEmail: string,\n jobOrgId: string | undefined,\n): Promise<{ ok: boolean; reason?: string }> {\n if (jobUserEmail === \"__shared__\") return { ok: true };\n try {\n const { getDbExec } = await import(\"../db/client.js\");\n const db = getDbExec();\n const userResult = await db.execute({\n sql: `SELECT 1 FROM \"user\" WHERE email = ? LIMIT 1`,\n args: [jobUserEmail],\n });\n if (!userResult.rows || userResult.rows.length === 0) {\n return { ok: false, reason: `user \"${jobUserEmail}\" no longer exists` };\n }\n if (jobOrgId) {\n const memberResult = await db.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = LOWER(?) LIMIT 1`,\n args: [jobOrgId, jobUserEmail],\n });\n if (!memberResult.rows || memberResult.rows.length === 0) {\n return {\n ok: false,\n reason: `user \"${jobUserEmail}\" is no longer a member of org \"${jobOrgId}\"`,\n };\n }\n }\n return { ok: true };\n } catch (err: any) {\n const msg = err?.message?.toLowerCase() ?? \"\";\n if (\n msg.includes(\"does not exist\") ||\n msg.includes(\"no such table\") ||\n msg.includes(\"undefined table\")\n ) {\n return { ok: true };\n }\n console.warn(\n `[triggers] User/membership validation failed for \"${jobUserEmail}\":`,\n err?.message,\n );\n return { ok: true };\n }\n}\n\nasync function dispatchAgentic(\n resource: { path: string; owner: string; content: string },\n meta: TriggerFrontmatter,\n body: string,\n payload: unknown,\n eventMeta: EventMeta,\n apiKey: string,\n): Promise<void> {\n if (!_deps) return;\n\n const triggerName = resource.path.replace(/^jobs\\//, \"\").replace(/\\.md$/, \"\");\n const now = new Date();\n\n const jobUserEmail = meta.createdBy || resource.owner;\n const jobOrgId = meta.orgId ?? undefined;\n\n // SECURITY (audit 12 #10): re-validate the run-as user/membership on\n // every dispatch. Sharing revocation, user deletion, and org-member\n // removal must take effect for already-scheduled triggers. Skip the\n // dispatch on failure; leave the trigger entry alone for admin review.\n const validity = await isTriggerRunAsStillValid(jobUserEmail, jobOrgId);\n if (!validity.ok) {\n console.warn(\n `[triggers] Skipping trigger \"${triggerName}\": ${validity.reason}. ` +\n `User/membership no longer valid — leaving entry for admin review.`,\n );\n meta.lastRun = now.toISOString();\n meta.lastStatus = \"skipped\";\n meta.lastError = validity.reason;\n await resourcePut(\n resource.owner,\n resource.path,\n buildTriggerContent(meta, body),\n );\n return;\n }\n\n // Mark as running\n meta.lastRun = now.toISOString();\n meta.lastStatus = \"running\";\n meta.lastError = undefined;\n await resourcePut(\n resource.owner,\n resource.path,\n buildTriggerContent(meta, body),\n );\n\n await runWithRequestContext(\n { userEmail: jobUserEmail, orgId: jobOrgId },\n async () => {\n try {\n const actions = _deps!.getActions();\n const systemPrompt = await _deps!.getSystemPrompt(jobUserEmail);\n const tools = actionsToEngineTools(actions);\n\n const engine = await resolveEngine({\n apiKey,\n appId: _deps!.appId,\n });\n const model =\n _deps!.model ??\n (await getStoredModelForEngine(engine, { appId: _deps!.appId })) ??\n engine.defaultModel;\n const thread = await createThread(jobUserEmail, {\n title: `Trigger: ${triggerName} — ${now.toLocaleDateString()}`,\n });\n\n let payloadStr: string;\n try {\n payloadStr = JSON.stringify(payload, null, 2);\n } catch {\n payloadStr = String(payload);\n }\n\n const triggerText = `[Automation Trigger: ${triggerName}]\nEvent: ${meta.event}\nEvent ID: ${eventMeta.eventId}\nFired at: ${eventMeta.emittedAt}\n\nEvent payload:\n${payloadStr}\n\nExecute the following automation instructions:\n\n${body}`;\n\n const messages = [\n {\n role: \"user\" as const,\n content: [{ type: \"text\" as const, text: triggerText }],\n },\n ];\n\n const controller = new AbortController();\n const timeout = setTimeout(() => controller.abort(), 5 * 60 * 1000);\n\n const events: AgentChatEvent[] = [];\n\n try {\n await runAgentLoop({\n engine,\n model,\n systemPrompt,\n tools,\n messages,\n actions,\n send: (event) => events.push(event),\n signal: controller.signal,\n });\n } finally {\n clearTimeout(timeout);\n }\n\n meta.lastStatus = \"success\";\n await resourcePut(\n resource.owner,\n resource.path,\n buildTriggerContent(meta, body),\n );\n\n console.log(`[triggers] \"${triggerName}\" completed successfully`);\n } catch (err: any) {\n meta.lastStatus = \"error\";\n meta.lastError = err?.message?.slice(0, 200) || \"Unknown error\";\n await resourcePut(\n resource.owner,\n resource.path,\n buildTriggerContent(meta, body),\n );\n console.error(`[triggers] \"${triggerName}\" failed:`, err?.message);\n }\n },\n );\n}\n\nexport { parseTriggerFrontmatter, buildTriggerContent };\n"]}
package/dist/vite/client.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/vite/client.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAU,UAAU,EAAE,MAAM,MAAM,CAAC;AAma/C,MAAM,WAAW,YAAY;IAC3B,sGAAsG;IACtG,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4CAA4C;IAC5C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6DAA6D;IAC7D,YAAY,CAAC,EAAE,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,oGAAoG;IACpG,QAAQ,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;IAClC,8BAA8B;IAC9B,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;IAChB,iDAAiD;IACjD,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,iDAAiD;IACjD,YAAY,CAAC,EAAE,WAAW,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;IACvD;;;;OAIG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjD;AAsdD,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,MAAM,GAAG,SAAS,CAMpB;AAED,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,OAAO,CAWT;AA6KD;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,OAAO,GAAE,mBAAwB,GAAG,UAAU,CAkQ1E"}
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/vite/client.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAU,UAAU,EAAE,MAAM,MAAM,CAAC;AAwa/C,MAAM,WAAW,YAAY;IAC3B,sGAAsG;IACtG,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,6DAA6D;IAC7D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,4CAA4C;IAC5C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,yCAAyC;IACzC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,6DAA6D;IAC7D,YAAY,CAAC,EAAE,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;IAC9E,oGAAoG;IACpG,QAAQ,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;IAClC,8BAA8B;IAC9B,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;IAChB,iDAAiD;IACjD,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,+BAA+B;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,kCAAkC;IAClC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,iDAAiD;IACjD,YAAY,CAAC,EAAE,WAAW,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;IACvD;;;;OAIG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjD;AAsdD,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,MAAM,GAAG,SAAS,CAMpB;AAED,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GAAG,SAAS,GACvB,OAAO,CAWT;AA6KD;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,OAAO,GAAE,mBAAwB,GAAG,UAAU,CAkQ1E"}
package/dist/vite/client.js CHANGED
@@ -321,6 +321,8 @@ function getCoreSourceAliases(cwd) {
321
321
  "@agent-native/core/terminal/server": path.join(coreSrc, "terminal/index.ts"),
322
322
  "@agent-native/core/adapters/cli": path.join(coreSrc, "adapters/cli/index.ts"),
323
323
  "@agent-native/core/usage": path.join(coreSrc, "usage/store.ts"),
324
+ "@agent-native/core/brand-kit": path.join(coreSrc, "brand-kit/index.ts"),
325
+ "@agent-native/core/server/design-token-utils": path.join(coreSrc, "server/design-token-utils.ts"),
324
326
  // Shared stylesheet — alias to src so CSS edits (composer/theme rules)
325
327
  // take effect live in dev instead of silently loading the stale built
326
328
  // copy at dist/styles/. From src/styles/ the `@source "../client/**"`