@agent-native/core 0.30.6 → 0.31.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (391) hide show
  1. package/dist/a2a/client.d.ts +2 -0
  2. package/dist/a2a/client.d.ts.map +1 -1
  3. package/dist/a2a/client.js +7 -5
  4. package/dist/a2a/client.js.map +1 -1
  5. package/dist/a2a/handlers.d.ts.map +1 -1
  6. package/dist/a2a/handlers.js +3 -0
  7. package/dist/a2a/handlers.js.map +1 -1
  8. package/dist/a2a/server.d.ts.map +1 -1
  9. package/dist/a2a/server.js.map +1 -1
  10. package/dist/a2a/task-store.d.ts.map +1 -1
  11. package/dist/a2a/task-store.js +5 -1
  12. package/dist/a2a/task-store.js.map +1 -1
  13. package/dist/action.js +22 -4
  14. package/dist/action.js.map +1 -1
  15. package/dist/agent/engine/ai-sdk-engine.d.ts.map +1 -1
  16. package/dist/agent/engine/ai-sdk-engine.js +5 -0
  17. package/dist/agent/engine/ai-sdk-engine.js.map +1 -1
  18. package/dist/agent/engine/anthropic-engine.d.ts.map +1 -1
  19. package/dist/agent/engine/anthropic-engine.js +0 -7
  20. package/dist/agent/engine/anthropic-engine.js.map +1 -1
  21. package/dist/agent/engine/builder-engine.d.ts.map +1 -1
  22. package/dist/agent/engine/builder-engine.js +4 -0
  23. package/dist/agent/engine/builder-engine.js.map +1 -1
  24. package/dist/agent/engine/registry.d.ts.map +1 -1
  25. package/dist/agent/engine/registry.js.map +1 -1
  26. package/dist/agent/engine/translate-ai-sdk.d.ts.map +1 -1
  27. package/dist/agent/engine/translate-ai-sdk.js +5 -3
  28. package/dist/agent/engine/translate-ai-sdk.js.map +1 -1
  29. package/dist/agent/production-agent.d.ts.map +1 -1
  30. package/dist/agent/production-agent.js +31 -4
  31. package/dist/agent/production-agent.js.map +1 -1
  32. package/dist/agent/run-manager.d.ts.map +1 -1
  33. package/dist/agent/run-manager.js +21 -8
  34. package/dist/agent/run-manager.js.map +1 -1
  35. package/dist/agent/run-store.d.ts.map +1 -1
  36. package/dist/agent/run-store.js +5 -1
  37. package/dist/agent/run-store.js.map +1 -1
  38. package/dist/agent/tool-search.js.map +1 -1
  39. package/dist/application-state/store.d.ts.map +1 -1
  40. package/dist/application-state/store.js +18 -7
  41. package/dist/application-state/store.js.map +1 -1
  42. package/dist/brand-kit/brand-signals.d.ts +31 -0
  43. package/dist/brand-kit/brand-signals.d.ts.map +1 -0
  44. package/dist/brand-kit/brand-signals.js +101 -0
  45. package/dist/brand-kit/brand-signals.js.map +1 -0
  46. package/dist/brand-kit/index.d.ts +21 -0
  47. package/dist/brand-kit/index.d.ts.map +1 -0
  48. package/dist/brand-kit/index.js +34 -0
  49. package/dist/brand-kit/index.js.map +1 -0
  50. package/dist/brand-kit/types.d.ts +103 -0
  51. package/dist/brand-kit/types.d.ts.map +1 -0
  52. package/dist/brand-kit/types.js +17 -0
  53. package/dist/brand-kit/types.js.map +1 -0
  54. package/dist/browser-sessions/store.d.ts.map +1 -1
  55. package/dist/browser-sessions/store.js +6 -1
  56. package/dist/browser-sessions/store.js.map +1 -1
  57. package/dist/chat-threads/store.d.ts.map +1 -1
  58. package/dist/chat-threads/store.js +6 -2
  59. package/dist/chat-threads/store.js.map +1 -1
  60. package/dist/checkpoints/store.d.ts.map +1 -1
  61. package/dist/checkpoints/store.js +5 -1
  62. package/dist/checkpoints/store.js.map +1 -1
  63. package/dist/cli/code-agent-executor.d.ts.map +1 -1
  64. package/dist/cli/code-agent-executor.js.map +1 -1
  65. package/dist/cli/create.d.ts.map +1 -1
  66. package/dist/cli/create.js +0 -1
  67. package/dist/cli/create.js.map +1 -1
  68. package/dist/client/AgentNative.js.map +1 -1
  69. package/dist/client/AgentPanel.d.ts.map +1 -1
  70. package/dist/client/AgentPanel.js +18 -20
  71. package/dist/client/AgentPanel.js.map +1 -1
  72. package/dist/client/AssistantChat.d.ts.map +1 -1
  73. package/dist/client/AssistantChat.js +69 -17
  74. package/dist/client/AssistantChat.js.map +1 -1
  75. package/dist/client/IframeEmbed.d.ts.map +1 -1
  76. package/dist/client/IframeEmbed.js.map +1 -1
  77. package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
  78. package/dist/client/MultiTabAssistantChat.js +1 -1
  79. package/dist/client/MultiTabAssistantChat.js.map +1 -1
  80. package/dist/client/RunStuckBanner.js.map +1 -1
  81. package/dist/client/agent-chat.d.ts +0 -3
  82. package/dist/client/agent-chat.d.ts.map +1 -1
  83. package/dist/client/agent-chat.js +0 -3
  84. package/dist/client/agent-chat.js.map +1 -1
  85. package/dist/client/builder-mark.d.ts.map +1 -1
  86. package/dist/client/builder-mark.js.map +1 -1
  87. package/dist/client/components/CodeRequiredDialog.js +0 -7
  88. package/dist/client/components/CodeRequiredDialog.js.map +1 -1
  89. package/dist/client/components/MissingKeyCard.d.ts.map +1 -1
  90. package/dist/client/components/MissingKeyCard.js.map +1 -1
  91. package/dist/client/composer/PromptComposer.d.ts.map +1 -1
  92. package/dist/client/composer/PromptComposer.js +6 -3
  93. package/dist/client/composer/PromptComposer.js.map +1 -1
  94. package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
  95. package/dist/client/composer/TiptapComposer.js +5 -0
  96. package/dist/client/composer/TiptapComposer.js.map +1 -1
  97. package/dist/client/composer/VoiceButton.d.ts.map +1 -1
  98. package/dist/client/composer/VoiceButton.js +9 -0
  99. package/dist/client/composer/VoiceButton.js.map +1 -1
  100. package/dist/client/composer/extensions/FileReference.d.ts.map +1 -1
  101. package/dist/client/composer/extensions/FileReference.js.map +1 -1
  102. package/dist/client/composer/extensions/MentionReference.d.ts.map +1 -1
  103. package/dist/client/composer/extensions/MentionReference.js.map +1 -1
  104. package/dist/client/composer/extensions/SkillReference.d.ts.map +1 -1
  105. package/dist/client/composer/extensions/SkillReference.js.map +1 -1
  106. package/dist/client/composer/use-file-search.d.ts.map +1 -1
  107. package/dist/client/composer/use-file-search.js +14 -3
  108. package/dist/client/composer/use-file-search.js.map +1 -1
  109. package/dist/client/conversation/AgentConversation.js +8 -6
  110. package/dist/client/conversation/AgentConversation.js.map +1 -1
  111. package/dist/client/conversation/use-near-bottom-autoscroll.d.ts.map +1 -1
  112. package/dist/client/conversation/use-near-bottom-autoscroll.js +133 -35
  113. package/dist/client/conversation/use-near-bottom-autoscroll.js.map +1 -1
  114. package/dist/client/db-admin/DbAdminPage.js.map +1 -1
  115. package/dist/client/db-admin/EditableCell.js +1 -1
  116. package/dist/client/db-admin/EditableCell.js.map +1 -1
  117. package/dist/client/dev-overlay/DevOverlay.d.ts +0 -2
  118. package/dist/client/dev-overlay/DevOverlay.d.ts.map +1 -1
  119. package/dist/client/dev-overlay/DevOverlay.js +1 -2
  120. package/dist/client/dev-overlay/DevOverlay.js.map +1 -1
  121. package/dist/client/extensions/EmbeddedExtension.d.ts.map +1 -1
  122. package/dist/client/extensions/EmbeddedExtension.js +19 -0
  123. package/dist/client/extensions/EmbeddedExtension.js.map +1 -1
  124. package/dist/client/extensions/ExtensionViewer.d.ts.map +1 -1
  125. package/dist/client/extensions/ExtensionViewer.js +11 -3
  126. package/dist/client/extensions/ExtensionViewer.js.map +1 -1
  127. package/dist/client/integrations/IntegrationsPanel.d.ts.map +1 -1
  128. package/dist/client/integrations/IntegrationsPanel.js.map +1 -1
  129. package/dist/client/mcp-app-host.d.ts.map +1 -1
  130. package/dist/client/mcp-app-host.js +25 -3
  131. package/dist/client/mcp-app-host.js.map +1 -1
  132. package/dist/client/mcp-apps/McpAppRenderer.d.ts.map +1 -1
  133. package/dist/client/mcp-apps/McpAppRenderer.js +1 -1
  134. package/dist/client/mcp-apps/McpAppRenderer.js.map +1 -1
  135. package/dist/client/notifications/NotificationsBell.js.map +1 -1
  136. package/dist/client/onboarding/SetupButton.d.ts.map +1 -1
  137. package/dist/client/onboarding/SetupButton.js +6 -0
  138. package/dist/client/onboarding/SetupButton.js.map +1 -1
  139. package/dist/client/progress/RunsTray.js.map +1 -1
  140. package/dist/client/resources/McpServerDetail.d.ts.map +1 -1
  141. package/dist/client/resources/McpServerDetail.js.map +1 -1
  142. package/dist/client/resources/ResourcesPanel.d.ts.map +1 -1
  143. package/dist/client/resources/ResourcesPanel.js +0 -1
  144. package/dist/client/resources/ResourcesPanel.js.map +1 -1
  145. package/dist/client/settings/AgentsSection.d.ts.map +1 -1
  146. package/dist/client/settings/AgentsSection.js +1 -1
  147. package/dist/client/settings/AgentsSection.js.map +1 -1
  148. package/dist/client/settings/AutomationsSection.js.map +1 -1
  149. package/dist/client/settings/SettingsPanel.js +2 -2
  150. package/dist/client/settings/SettingsPanel.js.map +1 -1
  151. package/dist/client/sharing/ShareButton.d.ts.map +1 -1
  152. package/dist/client/sharing/ShareButton.js +0 -4
  153. package/dist/client/sharing/ShareButton.js.map +1 -1
  154. package/dist/client/sse-event-processor.d.ts.map +1 -1
  155. package/dist/client/sse-event-processor.js +13 -3
  156. package/dist/client/sse-event-processor.js.map +1 -1
  157. package/dist/client/terminal/AgentTerminal.d.ts.map +1 -1
  158. package/dist/client/terminal/AgentTerminal.js +1 -1
  159. package/dist/client/terminal/AgentTerminal.js.map +1 -1
  160. package/dist/client/use-agent-chat.d.ts.map +1 -1
  161. package/dist/client/use-agent-chat.js +20 -4
  162. package/dist/client/use-agent-chat.js.map +1 -1
  163. package/dist/client/use-chat-threads.d.ts.map +1 -1
  164. package/dist/client/use-chat-threads.js +39 -25
  165. package/dist/client/use-chat-threads.js.map +1 -1
  166. package/dist/client/use-db-sync.d.ts.map +1 -1
  167. package/dist/client/use-db-sync.js +24 -0
  168. package/dist/client/use-db-sync.js.map +1 -1
  169. package/dist/client/use-dev-mode.d.ts.map +1 -1
  170. package/dist/client/use-dev-mode.js +25 -9
  171. package/dist/client/use-dev-mode.js.map +1 -1
  172. package/dist/client/use-run-stuck-detection.d.ts.map +1 -1
  173. package/dist/client/use-run-stuck-detection.js +7 -1
  174. package/dist/client/use-run-stuck-detection.js.map +1 -1
  175. package/dist/client/useProductionAgent.d.ts.map +1 -1
  176. package/dist/client/useProductionAgent.js +6 -2
  177. package/dist/client/useProductionAgent.js.map +1 -1
  178. package/dist/collab/agent-presence.d.ts +0 -3
  179. package/dist/collab/agent-presence.d.ts.map +1 -1
  180. package/dist/collab/agent-presence.js +3 -5
  181. package/dist/collab/agent-presence.js.map +1 -1
  182. package/dist/collab/awareness.d.ts.map +1 -1
  183. package/dist/collab/awareness.js +11 -1
  184. package/dist/collab/awareness.js.map +1 -1
  185. package/dist/collab/client-struct.js.map +1 -1
  186. package/dist/collab/storage.d.ts.map +1 -1
  187. package/dist/collab/storage.js +5 -1
  188. package/dist/collab/storage.js.map +1 -1
  189. package/dist/collab/ydoc-manager.d.ts.map +1 -1
  190. package/dist/collab/ydoc-manager.js +35 -8
  191. package/dist/collab/ydoc-manager.js.map +1 -1
  192. package/dist/deploy/build.js +0 -5
  193. package/dist/deploy/build.js.map +1 -1
  194. package/dist/extensions/content-patch.js +1 -1
  195. package/dist/extensions/content-patch.js.map +1 -1
  196. package/dist/extensions/fetch-tool.d.ts.map +1 -1
  197. package/dist/extensions/fetch-tool.js +4 -1
  198. package/dist/extensions/fetch-tool.js.map +1 -1
  199. package/dist/extensions/routes.js +12 -12
  200. package/dist/extensions/routes.js.map +1 -1
  201. package/dist/extensions/slots/store.d.ts.map +1 -1
  202. package/dist/extensions/slots/store.js +5 -1
  203. package/dist/extensions/slots/store.js.map +1 -1
  204. package/dist/file-upload/actions/upload-image.d.ts.map +1 -1
  205. package/dist/file-upload/actions/upload-image.js +39 -4
  206. package/dist/file-upload/actions/upload-image.js.map +1 -1
  207. package/dist/integrations/a2a-continuations-store.d.ts.map +1 -1
  208. package/dist/integrations/a2a-continuations-store.js +5 -1
  209. package/dist/integrations/a2a-continuations-store.js.map +1 -1
  210. package/dist/integrations/adapters/email.d.ts.map +1 -1
  211. package/dist/integrations/adapters/email.js +5 -2
  212. package/dist/integrations/adapters/email.js.map +1 -1
  213. package/dist/integrations/adapters/slack.d.ts.map +1 -1
  214. package/dist/integrations/adapters/slack.js.map +1 -1
  215. package/dist/integrations/google-docs-poller.d.ts.map +1 -1
  216. package/dist/integrations/google-docs-poller.js +16 -5
  217. package/dist/integrations/google-docs-poller.js.map +1 -1
  218. package/dist/integrations/pending-tasks-retry-job.d.ts.map +1 -1
  219. package/dist/integrations/pending-tasks-retry-job.js +6 -2
  220. package/dist/integrations/pending-tasks-retry-job.js.map +1 -1
  221. package/dist/integrations/pending-tasks-store.d.ts.map +1 -1
  222. package/dist/integrations/pending-tasks-store.js +5 -1
  223. package/dist/integrations/pending-tasks-store.js.map +1 -1
  224. package/dist/integrations/plugin.d.ts.map +1 -1
  225. package/dist/integrations/plugin.js +14 -3
  226. package/dist/integrations/plugin.js.map +1 -1
  227. package/dist/integrations/remote-commands-store.d.ts.map +1 -1
  228. package/dist/integrations/remote-commands-store.js +5 -1
  229. package/dist/integrations/remote-commands-store.js.map +1 -1
  230. package/dist/integrations/remote-devices-store.d.ts.map +1 -1
  231. package/dist/integrations/remote-devices-store.js +5 -1
  232. package/dist/integrations/remote-devices-store.js.map +1 -1
  233. package/dist/integrations/remote-push-store.d.ts.map +1 -1
  234. package/dist/integrations/remote-push-store.js +5 -1
  235. package/dist/integrations/remote-push-store.js.map +1 -1
  236. package/dist/integrations/remote-retry-job.js +1 -1
  237. package/dist/integrations/remote-retry-job.js.map +1 -1
  238. package/dist/integrations/remote-run-events-store.d.ts.map +1 -1
  239. package/dist/integrations/remote-run-events-store.js +5 -1
  240. package/dist/integrations/remote-run-events-store.js.map +1 -1
  241. package/dist/integrations/thread-mapping-store.d.ts.map +1 -1
  242. package/dist/integrations/thread-mapping-store.js +5 -1
  243. package/dist/integrations/thread-mapping-store.js.map +1 -1
  244. package/dist/integrations/webhook-handler.d.ts.map +1 -1
  245. package/dist/integrations/webhook-handler.js +10 -1
  246. package/dist/integrations/webhook-handler.js.map +1 -1
  247. package/dist/jobs/scheduler.d.ts.map +1 -1
  248. package/dist/jobs/scheduler.js +31 -15
  249. package/dist/jobs/scheduler.js.map +1 -1
  250. package/dist/jobs/tools.d.ts.map +1 -1
  251. package/dist/jobs/tools.js +4 -1
  252. package/dist/jobs/tools.js.map +1 -1
  253. package/dist/mcp/build-server.d.ts.map +1 -1
  254. package/dist/mcp/build-server.js +24 -9
  255. package/dist/mcp/build-server.js.map +1 -1
  256. package/dist/mcp/connect-store.d.ts +3 -4
  257. package/dist/mcp/connect-store.d.ts.map +1 -1
  258. package/dist/mcp/connect-store.js +5 -5
  259. package/dist/mcp/connect-store.js.map +1 -1
  260. package/dist/mcp-client/routes.js +6 -1
  261. package/dist/mcp-client/routes.js.map +1 -1
  262. package/dist/notifications/channels.d.ts.map +1 -1
  263. package/dist/notifications/channels.js +3 -2
  264. package/dist/notifications/channels.js.map +1 -1
  265. package/dist/oauth-tokens/store.d.ts.map +1 -1
  266. package/dist/oauth-tokens/store.js +5 -1
  267. package/dist/oauth-tokens/store.js.map +1 -1
  268. package/dist/observability/evals.d.ts.map +1 -1
  269. package/dist/observability/evals.js +7 -7
  270. package/dist/observability/evals.js.map +1 -1
  271. package/dist/observability/traces.d.ts.map +1 -1
  272. package/dist/observability/traces.js +15 -5
  273. package/dist/observability/traces.js.map +1 -1
  274. package/dist/org/accept-pending.js +1 -1
  275. package/dist/org/accept-pending.js.map +1 -1
  276. package/dist/org/handlers.d.ts.map +1 -1
  277. package/dist/org/handlers.js +3 -2
  278. package/dist/org/handlers.js.map +1 -1
  279. package/dist/progress/store.d.ts.map +1 -1
  280. package/dist/progress/store.js +11 -1
  281. package/dist/progress/store.js.map +1 -1
  282. package/dist/resources/handlers.d.ts +5 -5
  283. package/dist/resources/handlers.d.ts.map +1 -1
  284. package/dist/resources/handlers.js +0 -2
  285. package/dist/resources/handlers.js.map +1 -1
  286. package/dist/resources/store.d.ts.map +1 -1
  287. package/dist/resources/store.js +23 -13
  288. package/dist/resources/store.js.map +1 -1
  289. package/dist/scripts/db/query.d.ts.map +1 -1
  290. package/dist/scripts/db/query.js +1 -2
  291. package/dist/scripts/db/query.js.map +1 -1
  292. package/dist/scripts/db/schema.js.map +1 -1
  293. package/dist/server/action-discovery.d.ts.map +1 -1
  294. package/dist/server/action-discovery.js +10 -3
  295. package/dist/server/action-discovery.js.map +1 -1
  296. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  297. package/dist/server/agent-chat-plugin.js +3 -6
  298. package/dist/server/agent-chat-plugin.js.map +1 -1
  299. package/dist/server/auth.d.ts.map +1 -1
  300. package/dist/server/auth.js +13 -9
  301. package/dist/server/auth.js.map +1 -1
  302. package/dist/server/better-auth-instance.d.ts.map +1 -1
  303. package/dist/server/better-auth-instance.js +0 -3
  304. package/dist/server/better-auth-instance.js.map +1 -1
  305. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  306. package/dist/server/core-routes-plugin.js +1 -2
  307. package/dist/server/core-routes-plugin.js.map +1 -1
  308. package/dist/server/create-server.d.ts.map +1 -1
  309. package/dist/server/create-server.js +0 -23
  310. package/dist/server/create-server.js.map +1 -1
  311. package/dist/server/google-oauth.d.ts.map +1 -1
  312. package/dist/server/google-oauth.js +0 -3
  313. package/dist/server/google-oauth.js.map +1 -1
  314. package/dist/server/identity-sso-store.d.ts.map +1 -1
  315. package/dist/server/identity-sso-store.js +14 -3
  316. package/dist/server/identity-sso-store.js.map +1 -1
  317. package/dist/server/poll.d.ts.map +1 -1
  318. package/dist/server/poll.js +67 -18
  319. package/dist/server/poll.js.map +1 -1
  320. package/dist/server/schema-prompt.js +1 -1
  321. package/dist/server/schema-prompt.js.map +1 -1
  322. package/dist/server/security-headers.d.ts +5 -4
  323. package/dist/server/security-headers.d.ts.map +1 -1
  324. package/dist/server/security-headers.js +5 -4
  325. package/dist/server/security-headers.js.map +1 -1
  326. package/dist/settings/store.d.ts.map +1 -1
  327. package/dist/settings/store.js +5 -1
  328. package/dist/settings/store.js.map +1 -1
  329. package/dist/sharing/access.d.ts.map +1 -1
  330. package/dist/sharing/access.js +25 -4
  331. package/dist/sharing/access.js.map +1 -1
  332. package/dist/sharing/actions/set-resource-visibility.d.ts.map +1 -1
  333. package/dist/sharing/actions/set-resource-visibility.js +8 -1
  334. package/dist/sharing/actions/set-resource-visibility.js.map +1 -1
  335. package/dist/triggers/actions.d.ts.map +1 -1
  336. package/dist/triggers/actions.js +1 -2
  337. package/dist/triggers/actions.js.map +1 -1
  338. package/dist/triggers/dispatcher.d.ts.map +1 -1
  339. package/dist/triggers/dispatcher.js +36 -8
  340. package/dist/triggers/dispatcher.js.map +1 -1
  341. package/dist/usage/store.d.ts.map +1 -1
  342. package/dist/usage/store.js +5 -1
  343. package/dist/usage/store.js.map +1 -1
  344. package/dist/vite/client.d.ts.map +1 -1
  345. package/dist/vite/client.js +7 -5
  346. package/dist/vite/client.js.map +1 -1
  347. package/package.json +3 -2
  348. package/dist/client/conversation/AgentConversation.spec.d.ts +0 -2
  349. package/dist/client/conversation/AgentConversation.spec.d.ts.map +0 -1
  350. package/dist/client/conversation/AgentConversation.spec.js +0 -69
  351. package/dist/client/conversation/AgentConversation.spec.js.map +0 -1
  352. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.d.ts +0 -2
  353. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.d.ts.map +0 -1
  354. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.js +0 -110
  355. package/dist/client/extensions/AgentNativeExtensionFrame.e2e-host.js.map +0 -1
  356. package/dist/client/extensions/AgentNativeExtensionFrame.spec.d.ts +0 -2
  357. package/dist/client/extensions/AgentNativeExtensionFrame.spec.d.ts.map +0 -1
  358. package/dist/client/extensions/AgentNativeExtensionFrame.spec.js +0 -68
  359. package/dist/client/extensions/AgentNativeExtensionFrame.spec.js.map +0 -1
  360. package/dist/client/extensions/ExtensionViewer.spec.d.ts +0 -2
  361. package/dist/client/extensions/ExtensionViewer.spec.d.ts.map +0 -1
  362. package/dist/client/extensions/ExtensionViewer.spec.js +0 -94
  363. package/dist/client/extensions/ExtensionViewer.spec.js.map +0 -1
  364. package/dist/client/guided-questions.flow.spec.d.ts +0 -2
  365. package/dist/client/guided-questions.flow.spec.d.ts.map +0 -1
  366. package/dist/client/guided-questions.flow.spec.js +0 -147
  367. package/dist/client/guided-questions.flow.spec.js.map +0 -1
  368. package/dist/client/settings/useBuilderStatus.spec.d.ts +0 -2
  369. package/dist/client/settings/useBuilderStatus.spec.d.ts.map +0 -1
  370. package/dist/client/settings/useBuilderStatus.spec.js +0 -487
  371. package/dist/client/settings/useBuilderStatus.spec.js.map +0 -1
  372. package/dist/client/sharing/ShareButton.spec.d.ts +0 -2
  373. package/dist/client/sharing/ShareButton.spec.d.ts.map +0 -1
  374. package/dist/client/sharing/ShareButton.spec.js +0 -196
  375. package/dist/client/sharing/ShareButton.spec.js.map +0 -1
  376. package/dist/client/use-chat-models.spec.d.ts +0 -2
  377. package/dist/client/use-chat-models.spec.d.ts.map +0 -1
  378. package/dist/client/use-chat-models.spec.js +0 -39
  379. package/dist/client/use-chat-models.spec.js.map +0 -1
  380. package/dist/client/use-chat-threads.spec.d.ts +0 -2
  381. package/dist/client/use-chat-threads.spec.d.ts.map +0 -1
  382. package/dist/client/use-chat-threads.spec.js +0 -760
  383. package/dist/client/use-chat-threads.spec.js.map +0 -1
  384. package/dist/client/use-db-sync.spec.d.ts +0 -2
  385. package/dist/client/use-db-sync.spec.d.ts.map +0 -1
  386. package/dist/client/use-db-sync.spec.js +0 -107
  387. package/dist/client/use-db-sync.spec.js.map +0 -1
  388. package/dist/server/script-discovery.d.ts +0 -6
  389. package/dist/server/script-discovery.d.ts.map +0 -1
  390. package/dist/server/script-discovery.js +0 -6
  391. package/dist/server/script-discovery.js.map +0 -1
package/dist/a2a/server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/a2a/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,wCAAwC,CAAC;AAClE,OAAO,EACL,kBAAkB,EAElB,iBAAiB,EACjB,SAAS,EACT,gBAAgB,GACjB,MAAM,IAAI,CAAC;AAEZ,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACzE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B;;;;;GAKG;AACH,IAAI,gBAAgB,GAAG,KAAK,CAAC;AAC7B,SAAS,iBAAiB;IACxB,IAAI,gBAAgB;QAAE,OAAO;IAC7B,gBAAgB,GAAG,IAAI,CAAC;IACxB,sCAAsC;IACtC,OAAO,CAAC,IAAI,CACV,mFAAmF;QACjF,4FAA4F,CAC/F,CAAC;AACJ,CAAC;AAWD,SAAS,kBAAkB,CACzB,UAAoB,EACpB,MAA0B;IAE1B,MAAM,OAAO,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO;IACrD,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,KAAsB;IACjD,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,OAAO;QACnB,OAAO,CAAC,GAAG,CAAC,GAAG;QACf,OAAO,CAAC,GAAG,CAAC,UAAU;QACtB,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,IAAI,OAAO;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,uEAAuE;IACvE,uEAAuE;IACvE,oEAAoE;IACpE,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,IAAI,OAAO,CAAC;QACtE,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,IAAI;YAAE,OAAO,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,KAAa,EACb,KAAsB;IAEtB,qEAAqE;IACrE,qEAAqE;IACrE,qEAAqE;IACrE,oEAAoE;IACpE,wBAAwB;IACxB,IAAI,aAAiC,CAAC;IACtC,IAAI,iBAA8C,CAAC;IACnD,IAAI,CAAC;QACH,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1C,aAAa,GAAG,iBAAiB,CAAC,UAAgC,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;IAC5D,CAAC;IAED,4EAA4E;IAC5E,4EAA4E;IAC5E,8EAA8E;IAC9E,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,kBAAkB,CAAC,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7D,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC,aAAa,CAAC,CAAC;YAC5D,kBAAkB,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;QAC5D,CAAC;IACH,CAAC;IACD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAE3E,iDAAiD;IACjD,EAAE;IACF,kEAAkE;IAClE,qEAAqE;IACrE,wBAAwB;IACxB,kEAAkE;IAClE,wEAAwE;IACxE,oEAAoE;IACpE,uEAAuE;IACvE,oEAAoE;IACpE,kEAAkE;IAClE,oEAAoE;IACpE,uEAAuE;IACvE,sEAAsE;IACtE,qCAAqC;IACrC,IAAI,CAAC;QACH,MAAM,aAAa,GAA0B,EAAE,CAAC;QAChD,IAAI,iBAAiB,IAAI,OAAO,iBAAiB,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;YACtE,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACvC,IAAI,GAAG;gBAAE,aAAa,CAAC,QAAQ,GAAG,GAAG,CAAC;QACxC,CAAC;QACD,IACE,iBAAiB;YACjB,OAAO,iBAAiB,CAAC,GAAG,KAAK,QAAQ;YACzC,iBAAiB,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAChC,CAAC;YACD,aAAa,CAAC,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC;QAC/C,CAAC;QACD,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,aAAa,CACd,CAAC;gBACF,OAAO;oBACL,KAAK,EAAG,OAAO,CAAC,GAAc,IAAI,IAAI;oBACtC,SAAS,EAAG,OAAO,CAAC,UAAqB,IAAI,IAAI;iBAClD,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,8DAA8D;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;IAC5E,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAa,EACb,MAAiB,EACjB,WAAW,GAAG,gBAAgB;IAE9B,iDAAiD;IACjD,EAAE;IACF,wEAAwE;IACxE,qEAAqE;IACrE,oEAAoE;IACpE,qEAAqE;IACrE,wEAAwE;IACxE,wDAAwD;IACxD,2CAA2C;IAC3C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,8BAA8B,EAC9B,kBAAkB,CAAC,CAAC,KAAK,EAAE,EAAE;QAC3B,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;YAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC;QACD,MAAM,QAAQ,GACZ,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC;YAC5C,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,WAAW,CAAC;QAC5D,MAAM,OAAO,GAAG,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;QAExC,MAAM,cAAc,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAE3D,OAAO,iBAAiB,CACtB,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,EACrC,OAAO,EACP,GAAG,WAAW,MAAM,CACrB,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;IAEF,0EAA0E;IAC1E,0EAA0E;IAC1E,2EAA2E;IAC3E,gEAAgE;IAChE,EAAE;IACF,yEAAyE;IACzE,oEAAoE;IACpE,2EAA2E;IAC3E,2EAA2E;IAC3E,kEAAkE;IAClE,8BAA8B;IAC9B,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,oBAAoB,EAClC,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;YAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAgC,CAAC;QACpE,MAAM,MAAM,GAAG,IAAI,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;QACtC,CAAC;QAED,mEAAmE;QACnE,qEAAqE;QACrE,qEAAqE;QACrE,8DAA8D;QAC9D,qEAAqE;QACrE,qEAAqE;QACrE,IAAI,sBAAsB,EAAE,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YACrC,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;gBACtC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;YACzD,CAAC;QACH,CAAC;aAAM,IAAI,sBAAsB,EAAE,EAAE,CAAC;YACpC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO;gBACL,KAAK,EACH,uFAAuF;aAC1F,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,iBAAiB,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;YACrD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;YACjD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,IAAI,qBAAqB,EAAE,CAAC;QAC1D,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,6CAA6C;IAC7C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,MAAM,EACpB,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;YAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC;QAED,iEAAiE;QACjE,qEAAqE;QACrE,iEAAiE;QACjE,mEAAmE;QACnE,oDAAoD;QACpD,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACjE,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC;YAAE,OAAO;QAE5C,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;QAC5D,MAAM,WAAW,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,mBAAmB,GAAkB,IAAI,CAAC;QAC9C,IAAI,iBAAiB,GAAkB,IAAI,CAAC;QAC5C,IAAI,yBAAyB,GAAG,KAAK,CAAC;QACtC,IAAI,wBAAwB,GAAG,KAAK,CAAC;QAErC,oEAAoE;QACpE,wEAAwE;QACxE,qEAAqE;QACrE,iEAAiE;QACjE,4DAA4D;QAC5D,MAAM,YAAY,GAAG,sBAAsB,EAAE,CAAC;QAC9C,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAExE,6EAA6E;QAC7E,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC9D,mBAAmB,GAAG,YAAY,CAAC,KAAK,CAAC;YACzC,iBAAiB,GAAG,YAAY,CAAC,SAAS,CAAC;YAC3C,wBAAwB,GAAG,CAAC,mBAAmB,CAAC;QAClD,CAAC;QAED,yDAAyD;QACzD,IAAI,CAAC,mBAAmB,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YAC7C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClD,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,EAAE,EAAE,IAAI;wBACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,yBAAyB,EAAE;qBAC5D,CAAC;gBACJ,CAAC;gBACD,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;oBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,EAAE,EAAE,IAAI;wBACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE;qBACpD,CAAC;gBACJ,CAAC;gBACD,yBAAyB,GAAG,IAAI,CAAC;YACnC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,mBAAmB,IAAI,CAAC,yBAAyB,EAAE,CAAC;YACvD,oEAAoE;YACpE,gEAAgE;YAChE,qEAAqE;YACrE,qCAAqC;YACrC,IAAI,wBAAwB,EAAE,CAAC;gBAC7B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,EAAE,EAAE,IAAI;oBACR,KAAK,EAAE;wBACL,IAAI,EAAE,CAAC,KAAK;wBACZ,OAAO,EAAE,8BAA8B;qBACxC;iBACF,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChC,IAAI,sBAAsB,EAAE,EAAE,CAAC;oBAC7B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,EAAE,EAAE,IAAI;wBACR,KAAK,EAAE;4BACL,IAAI,EAAE,CAAC,KAAK;4BACZ,OAAO,EACL,qHAAqH;yBACxH;qBACF,CAAC;gBACJ,CAAC;gBACD,iBAAiB,EAAE,CAAC;YACtB,CAAC;iBAAM,IAAI,sBAAsB,EAAE,EAAE,CAAC;gBACpC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,EAAE,EAAE,IAAI;oBACR,KAAK,EAAE;wBACL,IAAI,EAAE,CAAC,KAAK;wBACZ,OAAO,EAAE,yBAAyB;qBACnC;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,qEAAqE;QACrE,oEAAoE;QACpE,IAAI,mBAAmB,EAAE,CAAC;YACxB,KAAK,CAAC,OAAO,CAAC,kBAAkB,GAAG,mBAAmB,CAAC;QACzD,CAAC;QACD,IAAI,iBAAiB,EAAE,CAAC;YACtB,KAAK,CAAC,OAAO,CAAC,cAAc,GAAG,iBAAiB,CAAC;QACnD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;QACnC,OAAO,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,MAAiB;IAC3D,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAE,GACL,KAAwC,CAAC,EAAE;YAC3C,KAA2B,CAAC,IAAI;YACjC,EAAE,CAAC;QACL,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC3B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;YAC1E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC;QAE1C,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,CACL,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,IAAI;gBACjC,KAAK,CAAC,WAAW,CAAC,QAAQ,KAAK,IAAI;gBACnC,KAAK,CAAC,WAAW,CAAC,YAAY,KAAK,IAAI;gBACvC,KAAK,CAAC,WAAW,CAAC,eAAe,KAAK,IAAI,CAC3C,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC;IAC3D,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import * as jose from \"jose\";\nimport { getH3App } from \"../server/framework-request-handler.js\";\nimport {\n defineEventHandler,\n setResponseHeader,\n setResponseStatus,\n getMethod,\n getRequestHeader,\n} from \"h3\";\nimport type { A2AConfig } from \"./types.js\";\nimport { generateAgentCard } from \"./agent-card.js\";\nimport { handleJsonRpcH3, processA2ATaskFromQueue } from \"./handlers.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport {\n extractBearerToken,\n verifyInternalToken,\n} from \"../integrations/internal-token.js\";\nimport {\n hasConfiguredA2ASecret,\n isA2AProductionRuntime,\n} from \"./auth-policy.js\";\n\n/**\n * One-time warning when A2A is running unauthenticated in development. We\n * don't refuse the request (local templates need to work out of the box),\n * but we log a single noisy line so operators notice if they accidentally\n * deploy with no auth configured.\n */\nlet _warnedUnauthA2A = false;\nfunction warnA2AUnauthOnce(): void {\n if (_warnedUnauthA2A) return;\n _warnedUnauthA2A = true;\n // eslint-disable-next-line no-console\n console.warn(\n \"[a2a] No A2A_SECRET or apiKeyEnv configured — A2A endpoint runs unauthenticated. \" +\n \"This is allowed in development but blocked in production. Set A2A_SECRET before deploying.\",\n );\n}\n\n/**\n * Verify an inbound A2A JWT signed with the shared A2A_SECRET.\n * Returns the caller's email (from `sub` claim) if valid, null otherwise.\n */\ninterface A2ATokenPayload {\n email: string | null;\n orgDomain: string | null;\n}\n\nfunction addSecretCandidate(\n candidates: string[],\n secret: string | undefined,\n): void {\n const trimmed = secret?.trim();\n if (!trimmed || candidates.includes(trimmed)) return;\n candidates.push(trimmed);\n}\n\n/**\n * Resolve the audience (`aud`) value to expect in an inbound JWT. We use the\n * receiver's app URL — it's the natural identifier of \"who this token was\n * minted for\". Falls back to undefined when no app URL is configured, in\n * which case the audience check is skipped (backward-compat with tokens\n * minted before the audience claim shipped).\n */\nfunction expectedJwtAudience(event: any | undefined): string | undefined {\n const fromEnv =\n process.env.APP_URL ||\n process.env.URL ||\n process.env.DEPLOY_URL ||\n process.env.BETTER_AUTH_URL;\n if (fromEnv) return String(fromEnv);\n // Best-effort: derive from the inbound request host. This is forgeable\n // (Host-header attack), but only useful as a hint when env-derived URL\n // is unset; the rest of the JWT verification still uses the secret.\n try {\n const proto = getRequestHeader(event, \"x-forwarded-proto\") || \"https\";\n const host = getRequestHeader(event, \"host\");\n if (host) return `${proto}://${host}`;\n } catch {}\n return undefined;\n}\n\nasync function verifyA2AToken(\n token: string,\n event: any | undefined,\n): Promise<A2ATokenPayload> {\n // Step 1: Peek at JWT claims WITHOUT verification to get org_domain.\n // This is safe because we only use org_domain to look up the secret,\n // then verify the full JWT with that secret. If someone forges a JWT\n // with a fake org_domain, verification will fail because they don't\n // have the real secret.\n let orgDomainHint: string | undefined;\n let unverifiedPayload: jose.JWTPayload | undefined;\n try {\n unverifiedPayload = jose.decodeJwt(token);\n orgDomainHint = unverifiedPayload.org_domain as string | undefined;\n } catch {\n // Malformed token — fall through to global secret attempt\n }\n\n // Step 2: Build a small, ordered set of candidate secrets. Tokens minted by\n // current callers prefer the shared A2A_SECRET; older callers may still use\n // an org-level secret. Try both without logging or reflecting secret details.\n const candidateSecrets: string[] = [];\n addSecretCandidate(candidateSecrets, process.env.A2A_SECRET);\n if (orgDomainHint) {\n try {\n const { getA2ASecretByDomain } = await import(\"../org/context.js\");\n const orgSecret = await getA2ASecretByDomain(orgDomainHint);\n addSecretCandidate(candidateSecrets, orgSecret);\n } catch {\n // DB not ready or column doesn't exist yet — fall through\n }\n }\n if (candidateSecrets.length === 0) return { email: null, orgDomain: null };\n\n // Step 3: Verify JWT with the candidate secrets.\n //\n // - `audience`: passed only when the token carries an `aud` claim\n // (backward-compat: tokens minted by older `signA2AToken` versions\n // don't include one).\n // - `issuer`: enforced when the token carries an `iss` claim. The\n // sender's `signA2AToken` (`a2a/client.ts:42`) sets the issuer to its\n // own app URL, so a verified token must self-identify a non-empty\n // string issuer. We accept any string the token claims (we don't pin\n // a specific expected issuer because dispatchers may legitimately\n // mint tokens from many sender URLs — dev tunnels, multi-deploy\n // setups). The pin is \"issuer must match the value the token says\n // it was minted from\", which `jose.jwtVerify` validates exactly when\n // `issuer` is supplied as a string. Backward-compat: when the token\n // has no `iss`, we skip the check.\n try {\n const verifyOptions: jose.JWTVerifyOptions = {};\n if (unverifiedPayload && typeof unverifiedPayload.aud !== \"undefined\") {\n const aud = expectedJwtAudience(event);\n if (aud) verifyOptions.audience = aud;\n }\n if (\n unverifiedPayload &&\n typeof unverifiedPayload.iss === \"string\" &&\n unverifiedPayload.iss.length > 0\n ) {\n verifyOptions.issuer = unverifiedPayload.iss;\n }\n for (const secret of candidateSecrets) {\n try {\n const { payload } = await jose.jwtVerify(\n token,\n new TextEncoder().encode(secret),\n verifyOptions,\n );\n return {\n email: (payload.sub as string) ?? null,\n orgDomain: (payload.org_domain as string) ?? null,\n };\n } catch {\n // Try the next candidate without leaking which secret failed.\n }\n }\n } catch {\n // Keep malformed option construction indistinguishable from auth failure.\n }\n return { email: null, orgDomain: null };\n}\n\n/**\n * Mount A2A protocol endpoints on an H3/Nitro app.\n *\n * - GET /.well-known/agent-card.json — public agent card (no auth)\n * - POST /_agent-native/a2a — JSON-RPC endpoint (with optional auth)\n *\n * When A2A_SECRET is set, inbound Bearer tokens are verified as JWTs\n * and the caller's email is extracted from the `sub` claim. This provides\n * cryptographic identity verification for cross-app A2A calls.\n */\nexport function mountA2A(\n nitroApp: any,\n config: A2AConfig,\n routePrefix = \"/_agent-native\",\n): void {\n // Public agent card endpoint (no auth required).\n //\n // SECURITY: per-user / per-org MCP tools are filtered out of the public\n // skills list. Their merged-key prefix (`mcp__user_<emailhash>_…` or\n // `mcp__org_<orgid>_…`) discloses (a) which users have integrations\n // attached, and (b) what those integrations are — fingerprinting the\n // tenant. Template- and framework-defined skills stay; only the dynamic\n // per-tenant MCP entries are dropped. See finding #7 in\n // /tmp/security-audit/12-mcp-a2a-agent.md.\n getH3App(nitroApp).use(\n \"/.well-known/agent-card.json\",\n defineEventHandler((event) => {\n if (getMethod(event) !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const protocol =\n getRequestHeader(event, \"x-forwarded-proto\") ||\n (event.url?.protocol?.replace(\":\", \"\") ?? \"http\");\n const host = getRequestHeader(event, \"host\") ?? \"localhost\";\n const baseUrl = `${protocol}://${host}`;\n\n const filteredSkills = filterPublicAgentCardSkills(config);\n\n return generateAgentCard(\n { ...config, skills: filteredSkills },\n baseUrl,\n `${routePrefix}/a2a`,\n );\n }),\n );\n\n // Async-mode processor route. MUST be mounted BEFORE the `/a2a` catch-all\n // below, since h3's `.use()` matches by prefix and `/a2a` would otherwise\n // swallow `/a2a/_process-task` and return a JSON-RPC \"Invalid token\" error\n // (the JSON-RPC handler doesn't know about taskId-only bodies).\n //\n // When `message/send` is called with `async: true`, the JSON-RPC handler\n // enqueues the task and self-fires a POST to this route on the same\n // deployment so the actual handler runs in a fresh function execution (its\n // own full timeout). Authenticated with an HMAC token bound to the task id\n // (5-minute lifetime, signed with A2A_SECRET — same scheme as the\n // integration webhook queue).\n getH3App(nitroApp).use(\n `${routePrefix}/a2a/_process-task`,\n defineEventHandler(async (event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n\n const body = (await readBody(event)) as { taskId?: unknown } | null;\n const taskId = body && typeof body.taskId === \"string\" ? body.taskId : \"\";\n if (!taskId) {\n setResponseStatus(event, 400);\n return { error: \"taskId required\" };\n }\n\n // When A2A_SECRET is set, require a valid HMAC token bound to this\n // taskId. In production, we REQUIRE A2A_SECRET to be set so unsigned\n // dispatches are never accepted (an attacker who fishes a taskId out\n // of logs / a share link could otherwise force-replay it). In\n // development, a missing secret is permitted so local templates work\n // out of the box, but we log a one-time warning so operators notice.\n if (hasConfiguredA2ASecret()) {\n const auth = getRequestHeader(event, \"authorization\");\n const tok = extractBearerToken(auth);\n if (!verifyInternalToken(taskId, tok)) {\n setResponseStatus(event, 401);\n return { error: \"Invalid or expired processor token\" };\n }\n } else if (isA2AProductionRuntime()) {\n setResponseStatus(event, 503);\n return {\n error:\n \"A2A processor not configured — set A2A_SECRET on this deployment to enable async A2A.\",\n };\n } else {\n warnA2AUnauthOnce();\n }\n\n try {\n await processA2ATaskFromQueue(taskId, config, event);\n return { ok: true };\n } catch (err: any) {\n console.error(\"[a2a] process-task failed:\", err);\n setResponseStatus(event, 500);\n return { error: err?.message ?? \"process-task failed\" };\n }\n }),\n );\n\n // JSON-RPC A2A endpoint (with optional auth)\n getH3App(nitroApp).use(\n `${routePrefix}/a2a`,\n defineEventHandler(async (event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n\n // h3 prefix-matches mounts, so a request to `/a2a/_process-task`\n // reaches this handler too. The dedicated mount above runs first and\n // takes the request, but if that returns `undefined` (or h3 ever\n // changes ordering semantics) defensively bail here. event.path is\n // stripped to the remainder after the mount prefix.\n const sub = (event.path || \"/\").split(\"?\")[0].replace(/^\\//, \"\");\n if (sub.startsWith(\"_process-task\")) return;\n\n const authHeader = getRequestHeader(event, \"authorization\");\n const bearerToken = extractBearerToken(authHeader);\n let verifiedCallerEmail: string | null = null;\n let verifiedOrgDomain: string | null = null;\n let legacyApiKeyAuthenticated = false;\n let bearerTokenRejectedByJwt = false;\n\n // SECURITY: when neither A2A_SECRET nor an apiKeyEnv is configured,\n // there's no way to authenticate the caller. Default to \"auth required\"\n // in production — return 503 with a clear message instead of running\n // the agent loop unauthenticated. In development, log a one-time\n // warning but allow so local templates work out of the box.\n const hasA2ASecret = hasConfiguredA2ASecret();\n const hasApiKey = !!(config.apiKeyEnv && process.env[config.apiKeyEnv]);\n\n // Try JWT verification first (org-level or global A2A_SECRET-based identity)\n if (bearerToken) {\n const tokenPayload = await verifyA2AToken(bearerToken, event);\n verifiedCallerEmail = tokenPayload.email;\n verifiedOrgDomain = tokenPayload.orgDomain;\n bearerTokenRejectedByJwt = !verifiedCallerEmail;\n }\n\n // Fall back to legacy API key check (exact string match)\n if (!verifiedCallerEmail && config.apiKeyEnv) {\n const expectedKey = process.env[config.apiKeyEnv];\n if (expectedKey) {\n if (!bearerToken) {\n setResponseStatus(event, 401);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: { code: -32001, message: \"Authentication required\" },\n };\n }\n if (bearerToken !== expectedKey) {\n setResponseStatus(event, 401);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: { code: -32001, message: \"Invalid API key\" },\n };\n }\n legacyApiKeyAuthenticated = true;\n }\n }\n\n if (!verifiedCallerEmail && !legacyApiKeyAuthenticated) {\n // Any supplied bearer token that failed JWT verification is an auth\n // failure after the legacy exact-match apiKeyEnv path has had a\n // chance to succeed. Do not let bad tokens fall through to tasks/get\n // and get reported as lookup misses.\n if (bearerTokenRejectedByJwt) {\n setResponseStatus(event, 401);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: {\n code: -32001,\n message: \"Invalid or expired A2A token\",\n },\n };\n }\n\n if (!hasA2ASecret && !hasApiKey) {\n if (isA2AProductionRuntime()) {\n setResponseStatus(event, 503);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: {\n code: -32001,\n message:\n \"A2A authentication not configured. Set A2A_SECRET (preferred) or configure apiKeyEnv to accept inbound A2A traffic.\",\n },\n };\n }\n warnA2AUnauthOnce();\n } else if (isA2AProductionRuntime()) {\n setResponseStatus(event, 401);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: {\n code: -32001,\n message: \"Authentication required\",\n },\n };\n }\n }\n\n // Store verified caller identity on the event context so the handler\n // can set request context from a trusted source instead of metadata\n if (verifiedCallerEmail) {\n event.context.__a2aVerifiedEmail = verifiedCallerEmail;\n }\n if (verifiedOrgDomain) {\n event.context.__a2aOrgDomain = verifiedOrgDomain;\n }\n\n const body = await readBody(event);\n return handleJsonRpcH3(body, event, config);\n }),\n );\n}\n\nexport function filterPublicAgentCardSkills(config: A2AConfig) {\n return (config.skills ?? []).filter((skill) => {\n const id =\n (skill as { id?: string; name?: string }).id ??\n (skill as { name?: string }).name ??\n \"\";\n if (typeof id === \"string\") {\n if (id.startsWith(\"mcp__user_\") || id.startsWith(\"mcp__org_\")) {\n return false;\n }\n }\n\n if (skill.public === false || skill.requiresAuth || skill.isConsequential) {\n return false;\n }\n\n if (!config.publicSkillsOnly) return true;\n\n if (skill.publicAgent) {\n return (\n skill.publicAgent.expose === true &&\n skill.publicAgent.readOnly === true &&\n skill.publicAgent.requiresAuth !== true &&\n skill.publicAgent.isConsequential !== true\n );\n }\n\n return skill.public === true && skill.readOnly !== false;\n });\n}\n"]}
1
+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/a2a/server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,wCAAwC,CAAC;AAClE,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,gBAAgB,GACjB,MAAM,IAAI,CAAC;AAEZ,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACzE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EACL,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B;;;;;GAKG;AACH,IAAI,gBAAgB,GAAG,KAAK,CAAC;AAC7B,SAAS,iBAAiB;IACxB,IAAI,gBAAgB;QAAE,OAAO;IAC7B,gBAAgB,GAAG,IAAI,CAAC;IACxB,sCAAsC;IACtC,OAAO,CAAC,IAAI,CACV,mFAAmF;QACjF,4FAA4F,CAC/F,CAAC;AACJ,CAAC;AAWD,SAAS,kBAAkB,CACzB,UAAoB,EACpB,MAA0B;IAE1B,MAAM,OAAO,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC;IAC/B,IAAI,CAAC,OAAO,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO;IACrD,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,KAAsB;IACjD,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,OAAO;QACnB,OAAO,CAAC,GAAG,CAAC,GAAG;QACf,OAAO,CAAC,GAAG,CAAC,UAAU;QACtB,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,IAAI,OAAO;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,uEAAuE;IACvE,uEAAuE;IACvE,oEAAoE;IACpE,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC,IAAI,OAAO,CAAC;QACtE,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,IAAI;YAAE,OAAO,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IACV,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,KAAa,EACb,KAAsB;IAEtB,qEAAqE;IACrE,qEAAqE;IACrE,qEAAqE;IACrE,oEAAoE;IACpE,wBAAwB;IACxB,IAAI,aAAiC,CAAC;IACtC,IAAI,iBAA8C,CAAC;IACnD,IAAI,CAAC;QACH,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC1C,aAAa,GAAG,iBAAiB,CAAC,UAAgC,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,0DAA0D;IAC5D,CAAC;IAED,4EAA4E;IAC5E,4EAA4E;IAC5E,8EAA8E;IAC9E,MAAM,gBAAgB,GAAa,EAAE,CAAC;IACtC,kBAAkB,CAAC,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7D,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAAC,aAAa,CAAC,CAAC;YAC5D,kBAAkB,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;QAC5D,CAAC;IACH,CAAC;IACD,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAE3E,iDAAiD;IACjD,EAAE;IACF,kEAAkE;IAClE,qEAAqE;IACrE,wBAAwB;IACxB,kEAAkE;IAClE,wEAAwE;IACxE,oEAAoE;IACpE,uEAAuE;IACvE,oEAAoE;IACpE,kEAAkE;IAClE,oEAAoE;IACpE,uEAAuE;IACvE,sEAAsE;IACtE,qCAAqC;IACrC,IAAI,CAAC;QACH,MAAM,aAAa,GAA0B,EAAE,CAAC;QAChD,IAAI,iBAAiB,IAAI,OAAO,iBAAiB,CAAC,GAAG,KAAK,WAAW,EAAE,CAAC;YACtE,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,CAAC;YACvC,IAAI,GAAG;gBAAE,aAAa,CAAC,QAAQ,GAAG,GAAG,CAAC;QACxC,CAAC;QACD,IACE,iBAAiB;YACjB,OAAO,iBAAiB,CAAC,GAAG,KAAK,QAAQ;YACzC,iBAAiB,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAChC,CAAC;YACD,aAAa,CAAC,MAAM,GAAG,iBAAiB,CAAC,GAAG,CAAC;QAC/C,CAAC;QACD,KAAK,MAAM,MAAM,IAAI,gBAAgB,EAAE,CAAC;YACtC,IAAI,CAAC;gBACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CACtC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,aAAa,CACd,CAAC;gBACF,OAAO;oBACL,KAAK,EAAG,OAAO,CAAC,GAAc,IAAI,IAAI;oBACtC,SAAS,EAAG,OAAO,CAAC,UAAqB,IAAI,IAAI;iBAClD,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,8DAA8D;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;IAC5E,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,QAAQ,CACtB,QAAa,EACb,MAAiB,EACjB,WAAW,GAAG,gBAAgB;IAE9B,iDAAiD;IACjD,EAAE;IACF,wEAAwE;IACxE,qEAAqE;IACrE,oEAAoE;IACpE,qEAAqE;IACrE,wEAAwE;IACxE,wDAAwD;IACxD,2CAA2C;IAC3C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,8BAA8B,EAC9B,kBAAkB,CAAC,CAAC,KAAK,EAAE,EAAE;QAC3B,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;YAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC;QACD,MAAM,QAAQ,GACZ,gBAAgB,CAAC,KAAK,EAAE,mBAAmB,CAAC;YAC5C,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,WAAW,CAAC;QAC5D,MAAM,OAAO,GAAG,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAC;QAExC,MAAM,cAAc,GAAG,2BAA2B,CAAC,MAAM,CAAC,CAAC;QAE3D,OAAO,iBAAiB,CACtB,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,EACrC,OAAO,EACP,GAAG,WAAW,MAAM,CACrB,CAAC;IACJ,CAAC,CAAC,CACH,CAAC;IAEF,0EAA0E;IAC1E,0EAA0E;IAC1E,2EAA2E;IAC3E,gEAAgE;IAChE,EAAE;IACF,yEAAyE;IACzE,oEAAoE;IACpE,2EAA2E;IAC3E,2EAA2E;IAC3E,kEAAkE;IAClE,8BAA8B;IAC9B,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,oBAAoB,EAClC,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;YAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAgC,CAAC;QACpE,MAAM,MAAM,GAAG,IAAI,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;QACtC,CAAC;QAED,mEAAmE;QACnE,qEAAqE;QACrE,qEAAqE;QACrE,8DAA8D;QAC9D,qEAAqE;QACrE,qEAAqE;QACrE,IAAI,sBAAsB,EAAE,EAAE,CAAC;YAC7B,MAAM,IAAI,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YACtD,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YACrC,IAAI,CAAC,mBAAmB,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;gBACtC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC;YACzD,CAAC;QACH,CAAC;aAAM,IAAI,sBAAsB,EAAE,EAAE,CAAC;YACpC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO;gBACL,KAAK,EACH,uFAAuF;aAC1F,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,iBAAiB,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;YACrD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC;YACjD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,IAAI,qBAAqB,EAAE,CAAC;QAC1D,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IAEF,6CAA6C;IAC7C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,WAAW,MAAM,EACpB,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;QACjC,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;YAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC;QAED,iEAAiE;QACjE,qEAAqE;QACrE,iEAAiE;QACjE,mEAAmE;QACnE,oDAAoD;QACpD,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACjE,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC;YAAE,OAAO;QAE5C,MAAM,UAAU,GAAG,gBAAgB,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;QAC5D,MAAM,WAAW,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACnD,IAAI,mBAAmB,GAAkB,IAAI,CAAC;QAC9C,IAAI,iBAAiB,GAAkB,IAAI,CAAC;QAC5C,IAAI,yBAAyB,GAAG,KAAK,CAAC;QACtC,IAAI,wBAAwB,GAAG,KAAK,CAAC;QAErC,oEAAoE;QACpE,wEAAwE;QACxE,qEAAqE;QACrE,iEAAiE;QACjE,4DAA4D;QAC5D,MAAM,YAAY,GAAG,sBAAsB,EAAE,CAAC;QAC9C,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAExE,6EAA6E;QAC7E,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAC9D,mBAAmB,GAAG,YAAY,CAAC,KAAK,CAAC;YACzC,iBAAiB,GAAG,YAAY,CAAC,SAAS,CAAC;YAC3C,wBAAwB,GAAG,CAAC,mBAAmB,CAAC;QAClD,CAAC;QAED,yDAAyD;QACzD,IAAI,CAAC,mBAAmB,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YAC7C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAClD,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,EAAE,EAAE,IAAI;wBACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,yBAAyB,EAAE;qBAC5D,CAAC;gBACJ,CAAC;gBACD,IAAI,WAAW,KAAK,WAAW,EAAE,CAAC;oBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,EAAE,EAAE,IAAI;wBACR,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE;qBACpD,CAAC;gBACJ,CAAC;gBACD,yBAAyB,GAAG,IAAI,CAAC;YACnC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,mBAAmB,IAAI,CAAC,yBAAyB,EAAE,CAAC;YACvD,oEAAoE;YACpE,gEAAgE;YAChE,qEAAqE;YACrE,qCAAqC;YACrC,IAAI,wBAAwB,EAAE,CAAC;gBAC7B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,EAAE,EAAE,IAAI;oBACR,KAAK,EAAE;wBACL,IAAI,EAAE,CAAC,KAAK;wBACZ,OAAO,EAAE,8BAA8B;qBACxC;iBACF,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChC,IAAI,sBAAsB,EAAE,EAAE,CAAC;oBAC7B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,EAAE,EAAE,IAAI;wBACR,KAAK,EAAE;4BACL,IAAI,EAAE,CAAC,KAAK;4BACZ,OAAO,EACL,qHAAqH;yBACxH;qBACF,CAAC;gBACJ,CAAC;gBACD,iBAAiB,EAAE,CAAC;YACtB,CAAC;iBAAM,IAAI,sBAAsB,EAAE,EAAE,CAAC;gBACpC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,EAAE,EAAE,IAAI;oBACR,KAAK,EAAE;wBACL,IAAI,EAAE,CAAC,KAAK;wBACZ,OAAO,EAAE,yBAAyB;qBACnC;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,qEAAqE;QACrE,oEAAoE;QACpE,IAAI,mBAAmB,EAAE,CAAC;YACxB,KAAK,CAAC,OAAO,CAAC,kBAAkB,GAAG,mBAAmB,CAAC;QACzD,CAAC;QACD,IAAI,iBAAiB,EAAE,CAAC;YACtB,KAAK,CAAC,OAAO,CAAC,cAAc,GAAG,iBAAiB,CAAC;QACnD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;QACnC,OAAO,eAAe,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,MAAiB;IAC3D,OAAO,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QAC5C,MAAM,EAAE,GACL,KAAwC,CAAC,EAAE;YAC3C,KAA2B,CAAC,IAAI;YACjC,EAAE,CAAC;QACL,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC3B,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC9D,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;YAC1E,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,gBAAgB;YAAE,OAAO,IAAI,CAAC;QAE1C,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,CACL,KAAK,CAAC,WAAW,CAAC,MAAM,KAAK,IAAI;gBACjC,KAAK,CAAC,WAAW,CAAC,QAAQ,KAAK,IAAI;gBACnC,KAAK,CAAC,WAAW,CAAC,YAAY,KAAK,IAAI;gBACvC,KAAK,CAAC,WAAW,CAAC,eAAe,KAAK,IAAI,CAC3C,CAAC;QACJ,CAAC;QAED,OAAO,KAAK,CAAC,MAAM,KAAK,IAAI,IAAI,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC;IAC3D,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["import * as jose from \"jose\";\nimport { getH3App } from \"../server/framework-request-handler.js\";\nimport {\n defineEventHandler,\n setResponseStatus,\n getMethod,\n getRequestHeader,\n} from \"h3\";\nimport type { A2AConfig } from \"./types.js\";\nimport { generateAgentCard } from \"./agent-card.js\";\nimport { handleJsonRpcH3, processA2ATaskFromQueue } from \"./handlers.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport {\n extractBearerToken,\n verifyInternalToken,\n} from \"../integrations/internal-token.js\";\nimport {\n hasConfiguredA2ASecret,\n isA2AProductionRuntime,\n} from \"./auth-policy.js\";\n\n/**\n * One-time warning when A2A is running unauthenticated in development. We\n * don't refuse the request (local templates need to work out of the box),\n * but we log a single noisy line so operators notice if they accidentally\n * deploy with no auth configured.\n */\nlet _warnedUnauthA2A = false;\nfunction warnA2AUnauthOnce(): void {\n if (_warnedUnauthA2A) return;\n _warnedUnauthA2A = true;\n // eslint-disable-next-line no-console\n console.warn(\n \"[a2a] No A2A_SECRET or apiKeyEnv configured — A2A endpoint runs unauthenticated. \" +\n \"This is allowed in development but blocked in production. Set A2A_SECRET before deploying.\",\n );\n}\n\n/**\n * Verify an inbound A2A JWT signed with the shared A2A_SECRET.\n * Returns the caller's email (from `sub` claim) if valid, null otherwise.\n */\ninterface A2ATokenPayload {\n email: string | null;\n orgDomain: string | null;\n}\n\nfunction addSecretCandidate(\n candidates: string[],\n secret: string | undefined,\n): void {\n const trimmed = secret?.trim();\n if (!trimmed || candidates.includes(trimmed)) return;\n candidates.push(trimmed);\n}\n\n/**\n * Resolve the audience (`aud`) value to expect in an inbound JWT. We use the\n * receiver's app URL — it's the natural identifier of \"who this token was\n * minted for\". Falls back to undefined when no app URL is configured, in\n * which case the audience check is skipped (backward-compat with tokens\n * minted before the audience claim shipped).\n */\nfunction expectedJwtAudience(event: any | undefined): string | undefined {\n const fromEnv =\n process.env.APP_URL ||\n process.env.URL ||\n process.env.DEPLOY_URL ||\n process.env.BETTER_AUTH_URL;\n if (fromEnv) return String(fromEnv);\n // Best-effort: derive from the inbound request host. This is forgeable\n // (Host-header attack), but only useful as a hint when env-derived URL\n // is unset; the rest of the JWT verification still uses the secret.\n try {\n const proto = getRequestHeader(event, \"x-forwarded-proto\") || \"https\";\n const host = getRequestHeader(event, \"host\");\n if (host) return `${proto}://${host}`;\n } catch {}\n return undefined;\n}\n\nasync function verifyA2AToken(\n token: string,\n event: any | undefined,\n): Promise<A2ATokenPayload> {\n // Step 1: Peek at JWT claims WITHOUT verification to get org_domain.\n // This is safe because we only use org_domain to look up the secret,\n // then verify the full JWT with that secret. If someone forges a JWT\n // with a fake org_domain, verification will fail because they don't\n // have the real secret.\n let orgDomainHint: string | undefined;\n let unverifiedPayload: jose.JWTPayload | undefined;\n try {\n unverifiedPayload = jose.decodeJwt(token);\n orgDomainHint = unverifiedPayload.org_domain as string | undefined;\n } catch {\n // Malformed token — fall through to global secret attempt\n }\n\n // Step 2: Build a small, ordered set of candidate secrets. Tokens minted by\n // current callers prefer the shared A2A_SECRET; older callers may still use\n // an org-level secret. Try both without logging or reflecting secret details.\n const candidateSecrets: string[] = [];\n addSecretCandidate(candidateSecrets, process.env.A2A_SECRET);\n if (orgDomainHint) {\n try {\n const { getA2ASecretByDomain } = await import(\"../org/context.js\");\n const orgSecret = await getA2ASecretByDomain(orgDomainHint);\n addSecretCandidate(candidateSecrets, orgSecret);\n } catch {\n // DB not ready or column doesn't exist yet — fall through\n }\n }\n if (candidateSecrets.length === 0) return { email: null, orgDomain: null };\n\n // Step 3: Verify JWT with the candidate secrets.\n //\n // - `audience`: passed only when the token carries an `aud` claim\n // (backward-compat: tokens minted by older `signA2AToken` versions\n // don't include one).\n // - `issuer`: enforced when the token carries an `iss` claim. The\n // sender's `signA2AToken` (`a2a/client.ts:42`) sets the issuer to its\n // own app URL, so a verified token must self-identify a non-empty\n // string issuer. We accept any string the token claims (we don't pin\n // a specific expected issuer because dispatchers may legitimately\n // mint tokens from many sender URLs — dev tunnels, multi-deploy\n // setups). The pin is \"issuer must match the value the token says\n // it was minted from\", which `jose.jwtVerify` validates exactly when\n // `issuer` is supplied as a string. Backward-compat: when the token\n // has no `iss`, we skip the check.\n try {\n const verifyOptions: jose.JWTVerifyOptions = {};\n if (unverifiedPayload && typeof unverifiedPayload.aud !== \"undefined\") {\n const aud = expectedJwtAudience(event);\n if (aud) verifyOptions.audience = aud;\n }\n if (\n unverifiedPayload &&\n typeof unverifiedPayload.iss === \"string\" &&\n unverifiedPayload.iss.length > 0\n ) {\n verifyOptions.issuer = unverifiedPayload.iss;\n }\n for (const secret of candidateSecrets) {\n try {\n const { payload } = await jose.jwtVerify(\n token,\n new TextEncoder().encode(secret),\n verifyOptions,\n );\n return {\n email: (payload.sub as string) ?? null,\n orgDomain: (payload.org_domain as string) ?? null,\n };\n } catch {\n // Try the next candidate without leaking which secret failed.\n }\n }\n } catch {\n // Keep malformed option construction indistinguishable from auth failure.\n }\n return { email: null, orgDomain: null };\n}\n\n/**\n * Mount A2A protocol endpoints on an H3/Nitro app.\n *\n * - GET /.well-known/agent-card.json — public agent card (no auth)\n * - POST /_agent-native/a2a — JSON-RPC endpoint (with optional auth)\n *\n * When A2A_SECRET is set, inbound Bearer tokens are verified as JWTs\n * and the caller's email is extracted from the `sub` claim. This provides\n * cryptographic identity verification for cross-app A2A calls.\n */\nexport function mountA2A(\n nitroApp: any,\n config: A2AConfig,\n routePrefix = \"/_agent-native\",\n): void {\n // Public agent card endpoint (no auth required).\n //\n // SECURITY: per-user / per-org MCP tools are filtered out of the public\n // skills list. Their merged-key prefix (`mcp__user_<emailhash>_…` or\n // `mcp__org_<orgid>_…`) discloses (a) which users have integrations\n // attached, and (b) what those integrations are — fingerprinting the\n // tenant. Template- and framework-defined skills stay; only the dynamic\n // per-tenant MCP entries are dropped. See finding #7 in\n // /tmp/security-audit/12-mcp-a2a-agent.md.\n getH3App(nitroApp).use(\n \"/.well-known/agent-card.json\",\n defineEventHandler((event) => {\n if (getMethod(event) !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const protocol =\n getRequestHeader(event, \"x-forwarded-proto\") ||\n (event.url?.protocol?.replace(\":\", \"\") ?? \"http\");\n const host = getRequestHeader(event, \"host\") ?? \"localhost\";\n const baseUrl = `${protocol}://${host}`;\n\n const filteredSkills = filterPublicAgentCardSkills(config);\n\n return generateAgentCard(\n { ...config, skills: filteredSkills },\n baseUrl,\n `${routePrefix}/a2a`,\n );\n }),\n );\n\n // Async-mode processor route. MUST be mounted BEFORE the `/a2a` catch-all\n // below, since h3's `.use()` matches by prefix and `/a2a` would otherwise\n // swallow `/a2a/_process-task` and return a JSON-RPC \"Invalid token\" error\n // (the JSON-RPC handler doesn't know about taskId-only bodies).\n //\n // When `message/send` is called with `async: true`, the JSON-RPC handler\n // enqueues the task and self-fires a POST to this route on the same\n // deployment so the actual handler runs in a fresh function execution (its\n // own full timeout). Authenticated with an HMAC token bound to the task id\n // (5-minute lifetime, signed with A2A_SECRET — same scheme as the\n // integration webhook queue).\n getH3App(nitroApp).use(\n `${routePrefix}/a2a/_process-task`,\n defineEventHandler(async (event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n\n const body = (await readBody(event)) as { taskId?: unknown } | null;\n const taskId = body && typeof body.taskId === \"string\" ? body.taskId : \"\";\n if (!taskId) {\n setResponseStatus(event, 400);\n return { error: \"taskId required\" };\n }\n\n // When A2A_SECRET is set, require a valid HMAC token bound to this\n // taskId. In production, we REQUIRE A2A_SECRET to be set so unsigned\n // dispatches are never accepted (an attacker who fishes a taskId out\n // of logs / a share link could otherwise force-replay it). In\n // development, a missing secret is permitted so local templates work\n // out of the box, but we log a one-time warning so operators notice.\n if (hasConfiguredA2ASecret()) {\n const auth = getRequestHeader(event, \"authorization\");\n const tok = extractBearerToken(auth);\n if (!verifyInternalToken(taskId, tok)) {\n setResponseStatus(event, 401);\n return { error: \"Invalid or expired processor token\" };\n }\n } else if (isA2AProductionRuntime()) {\n setResponseStatus(event, 503);\n return {\n error:\n \"A2A processor not configured — set A2A_SECRET on this deployment to enable async A2A.\",\n };\n } else {\n warnA2AUnauthOnce();\n }\n\n try {\n await processA2ATaskFromQueue(taskId, config, event);\n return { ok: true };\n } catch (err: any) {\n console.error(\"[a2a] process-task failed:\", err);\n setResponseStatus(event, 500);\n return { error: err?.message ?? \"process-task failed\" };\n }\n }),\n );\n\n // JSON-RPC A2A endpoint (with optional auth)\n getH3App(nitroApp).use(\n `${routePrefix}/a2a`,\n defineEventHandler(async (event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n\n // h3 prefix-matches mounts, so a request to `/a2a/_process-task`\n // reaches this handler too. The dedicated mount above runs first and\n // takes the request, but if that returns `undefined` (or h3 ever\n // changes ordering semantics) defensively bail here. event.path is\n // stripped to the remainder after the mount prefix.\n const sub = (event.path || \"/\").split(\"?\")[0].replace(/^\\//, \"\");\n if (sub.startsWith(\"_process-task\")) return;\n\n const authHeader = getRequestHeader(event, \"authorization\");\n const bearerToken = extractBearerToken(authHeader);\n let verifiedCallerEmail: string | null = null;\n let verifiedOrgDomain: string | null = null;\n let legacyApiKeyAuthenticated = false;\n let bearerTokenRejectedByJwt = false;\n\n // SECURITY: when neither A2A_SECRET nor an apiKeyEnv is configured,\n // there's no way to authenticate the caller. Default to \"auth required\"\n // in production — return 503 with a clear message instead of running\n // the agent loop unauthenticated. In development, log a one-time\n // warning but allow so local templates work out of the box.\n const hasA2ASecret = hasConfiguredA2ASecret();\n const hasApiKey = !!(config.apiKeyEnv && process.env[config.apiKeyEnv]);\n\n // Try JWT verification first (org-level or global A2A_SECRET-based identity)\n if (bearerToken) {\n const tokenPayload = await verifyA2AToken(bearerToken, event);\n verifiedCallerEmail = tokenPayload.email;\n verifiedOrgDomain = tokenPayload.orgDomain;\n bearerTokenRejectedByJwt = !verifiedCallerEmail;\n }\n\n // Fall back to legacy API key check (exact string match)\n if (!verifiedCallerEmail && config.apiKeyEnv) {\n const expectedKey = process.env[config.apiKeyEnv];\n if (expectedKey) {\n if (!bearerToken) {\n setResponseStatus(event, 401);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: { code: -32001, message: \"Authentication required\" },\n };\n }\n if (bearerToken !== expectedKey) {\n setResponseStatus(event, 401);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: { code: -32001, message: \"Invalid API key\" },\n };\n }\n legacyApiKeyAuthenticated = true;\n }\n }\n\n if (!verifiedCallerEmail && !legacyApiKeyAuthenticated) {\n // Any supplied bearer token that failed JWT verification is an auth\n // failure after the legacy exact-match apiKeyEnv path has had a\n // chance to succeed. Do not let bad tokens fall through to tasks/get\n // and get reported as lookup misses.\n if (bearerTokenRejectedByJwt) {\n setResponseStatus(event, 401);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: {\n code: -32001,\n message: \"Invalid or expired A2A token\",\n },\n };\n }\n\n if (!hasA2ASecret && !hasApiKey) {\n if (isA2AProductionRuntime()) {\n setResponseStatus(event, 503);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: {\n code: -32001,\n message:\n \"A2A authentication not configured. Set A2A_SECRET (preferred) or configure apiKeyEnv to accept inbound A2A traffic.\",\n },\n };\n }\n warnA2AUnauthOnce();\n } else if (isA2AProductionRuntime()) {\n setResponseStatus(event, 401);\n return {\n jsonrpc: \"2.0\",\n id: null,\n error: {\n code: -32001,\n message: \"Authentication required\",\n },\n };\n }\n }\n\n // Store verified caller identity on the event context so the handler\n // can set request context from a trusted source instead of metadata\n if (verifiedCallerEmail) {\n event.context.__a2aVerifiedEmail = verifiedCallerEmail;\n }\n if (verifiedOrgDomain) {\n event.context.__a2aOrgDomain = verifiedOrgDomain;\n }\n\n const body = await readBody(event);\n return handleJsonRpcH3(body, event, config);\n }),\n );\n}\n\nexport function filterPublicAgentCardSkills(config: A2AConfig) {\n return (config.skills ?? []).filter((skill) => {\n const id =\n (skill as { id?: string; name?: string }).id ??\n (skill as { name?: string }).name ??\n \"\";\n if (typeof id === \"string\") {\n if (id.startsWith(\"mcp__user_\") || id.startsWith(\"mcp__org_\")) {\n return false;\n }\n }\n\n if (skill.public === false || skill.requiresAuth || skill.isConsequential) {\n return false;\n }\n\n if (!config.publicSkillsOnly) return true;\n\n if (skill.publicAgent) {\n return (\n skill.publicAgent.expose === true &&\n skill.publicAgent.readOnly === true &&\n skill.publicAgent.requiresAuth !== true &&\n skill.publicAgent.isConsequential !== true\n );\n }\n\n return skill.public === true && skill.readOnly !== false;\n });\n}\n"]}
package/dist/a2a/task-store.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"task-store.d.ts","sourceRoot":"","sources":["../../src/a2a/task-store.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAuErE,wBAAsB,UAAU,CAC9B,OAAO,EAAE,OAAO,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,GACzB,OAAO,CAAC,IAAI,CAAC,CAiCf;AAED;;;;;;;GAOG;AACH,wBAAsB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAUrE;AAED;;;;;;;;GAQG;AACH,wBAAsB,yBAAyB,CAC7C,EAAE,EAAE,MAAM,GACT,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAwBtB;AAED,wBAAsB,uBAAuB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;IACjE,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,CAAC;IAC9C,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,IAAI,CAAC,CAeR;AAED,wBAAsB,0BAA0B,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAa7E;AAED,wBAAsB,sBAAsB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAazE;AAED,wBAAsB,yBAAyB,CAC7C,EAAE,EAAE,MAAM,EACV,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,OAAO,CAAC,CAiBlB;AAED,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,MAAM,EACV,gBAAgB,EAAE,MAAM,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,OAAO,CAAC,CAsBlB;AAED,wBAAsB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAS9D;AAED,wBAAsB,UAAU,CAC9B,EAAE,EAAE,MAAM,EACV,MAAM,EAAE;IACN,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;CACxB,GACA,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CA4CtB;AAED,wBAAsB,uBAAuB,CAC3C,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,IAAI,CAAC,CAcf;AAED,wBAAsB,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAgBnE"}
1
+ {"version":3,"file":"task-store.d.ts","sourceRoot":"","sources":["../../src/a2a/task-store.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AA2ErE,wBAAsB,UAAU,CAC9B,OAAO,EAAE,OAAO,EAChB,SAAS,CAAC,EAAE,MAAM,EAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,GACzB,OAAO,CAAC,IAAI,CAAC,CAiCf;AAED;;;;;;;GAOG;AACH,wBAAsB,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAUrE;AAED;;;;;;;;GAQG;AACH,wBAAsB,yBAAyB,CAC7C,EAAE,EAAE,MAAM,GACT,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAwBtB;AAED,wBAAsB,uBAAuB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;IACjE,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,CAAC;IAC9C,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,IAAI,CAAC,CAeR;AAED,wBAAsB,0BAA0B,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAa7E;AAED,wBAAsB,sBAAsB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAazE;AAED,wBAAsB,yBAAyB,CAC7C,EAAE,EAAE,MAAM,EACV,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,OAAO,CAAC,CAiBlB;AAED,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,MAAM,EACV,gBAAgB,EAAE,MAAM,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,OAAO,CAAC,CAsBlB;AAED,wBAAsB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAS9D;AAED,wBAAsB,UAAU,CAC9B,EAAE,EAAE,MAAM,EACV,MAAM,EAAE;IACN,KAAK,CAAC,EAAE,SAAS,CAAC;IAClB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC;CACxB,GACA,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CA4CtB;AAED,wBAAsB,uBAAuB,CAC3C,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,OAAO,GACf,OAAO,CAAC,IAAI,CAAC,CAcf;AAED,wBAAsB,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,CAgBnE"}
package/dist/a2a/task-store.js CHANGED
@@ -31,7 +31,11 @@ async function ensureTable() {
31
31
  catch {
32
32
  // Column already exists — expected on every restart after first run.
33
33
  }
34
- })();
34
+ })().catch((err) => {
35
+ // Retry init on the next call after a failed startup.
36
+ _initPromise = undefined;
37
+ throw err;
38
+ });
35
39
  }
36
40
  return _initPromise;
37
41
  }
package/dist/a2a/task-store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"task-store.js","sourceRoot":"","sources":["../../src/a2a/task-store.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAc,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAGjE,IAAI,YAAuC,CAAC;AAE5C,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;;;;uBAUJ,OAAO,EAAE;uBACT,OAAO,EAAE;;OAEzB,CAAC,CAAC;YACH,oEAAoE;YACpE,sEAAsE;YACtE,sEAAsE;YACtE,oEAAoE;YACpE,uEAAuE;YACvE,WAAW;YACX,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,mDAAmD,CACpD,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,qEAAqE;YACvE,CAAC;QACH,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,WAAW,CAAC,GAAQ;IAC3B,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAY;QACpB,SAAS,EAAG,GAAG,CAAC,UAAqB,IAAI,SAAS;QAClD,MAAM,EAAE;YACN,KAAK,EAAE,GAAG,CAAC,YAAyB;YACpC,OAAO,EAAE,GAAG,CAAC,cAAc;gBACzB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,cAAwB,CAAC;gBAC1C,CAAC,CAAC,SAAS;YACb,SAAS,EAAE,GAAG,CAAC,gBAA0B;SAC1C;QACD,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAiB,CAAC;QAC1C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAmB,CAAC;QAC9C,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAkB,CAAC,CAAC,CAAC,CAAC,SAAS;QACvE,UAAU,EAAG,GAAG,CAAC,WAA6B,IAAI,IAAI;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAe;IAC1C,MAAM,YAAY,GAAG,MAMR,CAAC;IACd,OAAO,CACL,YAAY,EAAE,YAAY,IAAI,YAAY,EAAE,QAAQ,IAAI,YAAY,EAAE,KAAK,CAC5E,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAAgB,EAChB,SAAkB,EAClB,QAAkC,EAClC,UAA0B;IAE1B,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,MAAM,IAAI,GAAS;QACjB,EAAE;QACF,SAAS;QACT,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE;QACzC,OAAO,EAAE,CAAC,OAAO,CAAC;QAClB,SAAS,EAAE,EAAE;QACb,QAAQ;KACT,CAAC;IAEF,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,iLAAiL;QACtL,IAAI,EAAE;YACJ,EAAE;YACF,SAAS,IAAI,IAAI;YACjB,WAAW;YACX,SAAS;YACT,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC;YACzB,IAAI;YACJ,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;YAC1C,UAAU,IAAI,IAAI;YAClB,GAAG;YACH,GAAG;SACJ;KACF,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAU;IAC3C,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,gDAAgD;QACrD,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,UAAU,GAAI,IAAI,CAAC,CAAC,CAAS,CAAC,WAAW,CAAC;IAChD,OAAO,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1E,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,EAAU;IAEV,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;;;yDAKgD;QACrD,IAAI,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KAC3B,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,sCAAsC;QAC3C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,EAAU;IAMtD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,2EAA2E;QAChF,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAQ,CAAC;IAC3B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAY;QACpB,WAAW,EAAE,GAAG,CAAC,YAAsB;QACvC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAkB,CAAC,CAAC,CAAC,CAAC,SAAS;QACvE,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC;KACvC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,EAAU;IACzD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;yDAGgD;QACrD,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC;KAChB,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,EAAU;IACrD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;4CAGmC;QACxC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC;KAChB,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,EAAU,EACV,gBAAwB;IAExB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;;;;gCAMuB;QAC5B,IAAI,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,gBAAgB,CAAC;KAC7C,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAU,EACV,gBAAwB,EACxB,MAAc;IAEd,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAY;QACvB,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;KACxC,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;;;;;gCAOuB;QAC5B,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,gBAAgB,CAAC;KACtE,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAU;IACtC,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,sCAAsC;QAC3C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,EAAU,EACV,MAIC;IAED,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,oBAAoB;IACpB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,sCAAsC;QAC3C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG;YACZ,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO;YAC9C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,0IAA0I;QAC/I,IAAI,EAAE;YACJ,IAAI,CAAC,MAAM,CAAC,KAAK;YACjB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;YAChE,IAAI,CAAC,MAAM,CAAC,SAAS;YACrB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;YAC5B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;YAC9B,GAAG;YACH,EAAE;SACH;KACF,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,EAAU,EACV,OAAgB;IAEhB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE;;;;;uEAK8D;QACnE,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KACpD,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,SAAkB;IAChD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YACpC,GAAG,EAAE,uEAAuE;YAC5E,IAAI,EAAE,CAAC,SAAS,CAAC;SAClB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CACnC,kDAAkD,CACnD,CAAC;IACF,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AAC/B,CAAC","sourcesContent":["import crypto from \"crypto\";\nimport { getDbExec, isPostgres, intType } from \"../db/client.js\";\nimport type { Task, Message, TaskState, Artifact } from \"./types.js\";\n\nlet _initPromise: Promise<void> | undefined;\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS a2a_tasks (\n id TEXT PRIMARY KEY,\n context_id TEXT,\n status_state TEXT NOT NULL DEFAULT 'submitted',\n status_message TEXT,\n status_timestamp TEXT NOT NULL,\n history TEXT NOT NULL DEFAULT '[]',\n artifacts TEXT NOT NULL DEFAULT '[]',\n metadata TEXT,\n created_at ${intType()} NOT NULL,\n updated_at ${intType()} NOT NULL\n )\n `);\n // Additive migration: owner_email column. Bound to the JWT-verified\n // caller at task-creation time so handleGet / handleCancel can reject\n // mismatched callers (the IDOR class fixed in PR #369). Existing rows\n // have NULL owner_email and remain accessible to legacy callers via\n // the legacy-token apiKeyEnv path; new rows are scoped from this point\n // forward.\n try {\n await client.execute(\n `ALTER TABLE a2a_tasks ADD COLUMN owner_email TEXT`,\n );\n } catch {\n // Column already exists — expected on every restart after first run.\n }\n })();\n }\n return _initPromise;\n}\n\nfunction taskFromRow(row: any): Task & { ownerEmail?: string | null } {\n return {\n id: row.id as string,\n contextId: (row.context_id as string) || undefined,\n status: {\n state: row.status_state as TaskState,\n message: row.status_message\n ? JSON.parse(row.status_message as string)\n : undefined,\n timestamp: row.status_timestamp as string,\n },\n history: JSON.parse(row.history as string),\n artifacts: JSON.parse(row.artifacts as string),\n metadata: row.metadata ? JSON.parse(row.metadata as string) : undefined,\n ownerEmail: (row.owner_email as string | null) ?? null,\n };\n}\n\nfunction getAffectedRowCount(result: unknown): number | undefined {\n const resultRecord = result as\n | {\n rowsAffected?: number;\n rowCount?: number;\n count?: number;\n }\n | undefined;\n return (\n resultRecord?.rowsAffected ?? resultRecord?.rowCount ?? resultRecord?.count\n );\n}\n\nexport async function createTask(\n message: Message,\n contextId?: string,\n metadata?: Record<string, unknown>,\n ownerEmail?: string | null,\n): Promise<Task> {\n await ensureTable();\n const client = getDbExec();\n const id = crypto.randomUUID();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n\n const task: Task = {\n id,\n contextId,\n status: { state: \"submitted\", timestamp },\n history: [message],\n artifacts: [],\n metadata,\n };\n\n await client.execute({\n sql: `INSERT INTO a2a_tasks (id, context_id, status_state, status_timestamp, history, artifacts, metadata, owner_email, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,\n args: [\n id,\n contextId ?? null,\n \"submitted\",\n timestamp,\n JSON.stringify([message]),\n \"[]\",\n metadata ? JSON.stringify(metadata) : null,\n ownerEmail ?? null,\n now,\n now,\n ],\n });\n\n return task;\n}\n\n/**\n * Fetch the verified owner email recorded against a task at creation time.\n * Returns null when the task has no owner (legacy rows or unauthenticated\n * deployments) or when the task is missing.\n *\n * Used by `handleGet` / `handleCancel` to reject IDOR access — the JWT-\n * verified caller's email must match `owner_email` to read or cancel.\n */\nexport async function getTaskOwner(id: string): Promise<string | null> {\n await ensureTable();\n const client = getDbExec();\n const { rows } = await client.execute({\n sql: `SELECT owner_email FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n if (rows.length === 0) return null;\n const ownerEmail = (rows[0] as any).owner_email;\n return typeof ownerEmail === \"string\" && ownerEmail ? ownerEmail : null;\n}\n\n/**\n * Atomically claim a task for processing. Only succeeds when the task is in\n * state 'submitted' or 'working' — flipping it to 'processing' so concurrent\n * processors can't pick it up twice. Returns the task if claimed, null if it\n * was already claimed/completed/missing.\n *\n * Used by the cross-platform async processor (`_process-task` route) to avoid\n * duplicate handler runs when retries fire.\n */\nexport async function claimA2ATaskForProcessing(\n id: string,\n): Promise<Task | null> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET status_state = 'processing',\n status_timestamp = ?,\n updated_at = ?\n WHERE id = ?\n AND status_state IN ('submitted', 'working')`,\n args: [timestamp, now, id],\n });\n const affected = getAffectedRowCount(result);\n if (affected === 0) return null;\n\n const { rows } = await client.execute({\n sql: `SELECT * FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n if (rows.length === 0) return null;\n return taskFromRow(rows[0]);\n}\n\nexport async function getA2ATaskDispatchState(id: string): Promise<{\n id: string;\n statusState: string;\n metadata: Record<string, unknown> | undefined;\n updatedAt: number;\n} | null> {\n await ensureTable();\n const client = getDbExec();\n const { rows } = await client.execute({\n sql: `SELECT id, status_state, metadata, updated_at FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n const row = rows[0] as any;\n if (!row) return null;\n return {\n id: row.id as string,\n statusState: row.status_state as string,\n metadata: row.metadata ? JSON.parse(row.metadata as string) : undefined,\n updatedAt: Number(row.updated_at ?? 0),\n };\n}\n\nexport async function touchQueuedA2ATaskDispatch(id: string): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET updated_at = ?\n WHERE id = ?\n AND status_state IN ('submitted', 'working')`,\n args: [now, id],\n });\n const affected = getAffectedRowCount(result);\n return affected !== 0;\n}\n\nexport async function touchProcessingA2ATask(id: string): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET updated_at = ?\n WHERE id = ?\n AND status_state = 'processing'`,\n args: [now, id],\n });\n const affected = getAffectedRowCount(result);\n return affected !== 0;\n}\n\nexport async function resetStuckA2ATaskForRetry(\n id: string,\n processingCutoff: number,\n): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET status_state = 'working',\n status_timestamp = ?,\n updated_at = ?\n WHERE id = ?\n AND status_state = 'processing'\n AND updated_at <= ?`,\n args: [timestamp, now, id, processingCutoff],\n });\n const affected = getAffectedRowCount(result);\n return affected !== 0;\n}\n\nexport async function failStuckA2ATask(\n id: string,\n processingCutoff: number,\n reason: string,\n): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n const message: Message = {\n role: \"agent\",\n parts: [{ type: \"text\", text: reason }],\n };\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET status_state = 'failed',\n status_message = ?,\n status_timestamp = ?,\n updated_at = ?\n WHERE id = ?\n AND status_state = 'processing'\n AND updated_at <= ?`,\n args: [JSON.stringify(message), timestamp, now, id, processingCutoff],\n });\n const affected = getAffectedRowCount(result);\n return affected !== 0;\n}\n\nexport async function getTask(id: string): Promise<Task | null> {\n await ensureTable();\n const client = getDbExec();\n const { rows } = await client.execute({\n sql: `SELECT * FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n if (rows.length === 0) return null;\n return taskFromRow(rows[0]);\n}\n\nexport async function updateTask(\n id: string,\n update: {\n state?: TaskState;\n message?: Message;\n artifacts?: Artifact[];\n },\n): Promise<Task | null> {\n await ensureTable();\n const client = getDbExec();\n\n // Read current task\n const { rows } = await client.execute({\n sql: `SELECT * FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n if (rows.length === 0) return null;\n\n const task = taskFromRow(rows[0]);\n const now = Date.now();\n\n if (update.state) {\n task.status = {\n state: update.state,\n message: update.message ?? task.status.message,\n timestamp: new Date().toISOString(),\n };\n }\n\n if (update.message && task.history) {\n task.history.push(update.message);\n }\n\n if (update.artifacts) {\n task.artifacts = [...(task.artifacts ?? []), ...update.artifacts];\n }\n\n await client.execute({\n sql: `UPDATE a2a_tasks SET status_state = ?, status_message = ?, status_timestamp = ?, history = ?, artifacts = ?, updated_at = ? WHERE id = ?`,\n args: [\n task.status.state,\n task.status.message ? JSON.stringify(task.status.message) : null,\n task.status.timestamp,\n JSON.stringify(task.history),\n JSON.stringify(task.artifacts),\n now,\n id,\n ],\n });\n\n return task;\n}\n\nexport async function updateTaskStatusMessage(\n id: string,\n message: Message,\n): Promise<void> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n await client.execute({\n sql: `UPDATE a2a_tasks\n SET status_message = ?,\n status_timestamp = ?,\n updated_at = ?\n WHERE id = ?\n AND status_state IN ('submitted', 'working', 'processing')`,\n args: [JSON.stringify(message), timestamp, now, id],\n });\n}\n\nexport async function listTasks(contextId?: string): Promise<Task[]> {\n await ensureTable();\n const client = getDbExec();\n\n if (contextId) {\n const { rows } = await client.execute({\n sql: `SELECT * FROM a2a_tasks WHERE context_id = ? ORDER BY created_at DESC`,\n args: [contextId],\n });\n return rows.map(taskFromRow);\n }\n\n const { rows } = await client.execute(\n `SELECT * FROM a2a_tasks ORDER BY created_at DESC`,\n );\n return rows.map(taskFromRow);\n}\n"]}
1
+ {"version":3,"file":"task-store.js","sourceRoot":"","sources":["../../src/a2a/task-store.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAGrD,IAAI,YAAuC,CAAC;AAE5C,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,MAAM,CAAC,OAAO,CAAC;;;;;;;;;;uBAUJ,OAAO,EAAE;uBACT,OAAO,EAAE;;OAEzB,CAAC,CAAC;YACH,oEAAoE;YACpE,sEAAsE;YACtE,sEAAsE;YACtE,oEAAoE;YACpE,uEAAuE;YACvE,WAAW;YACX,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,mDAAmD,CACpD,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,qEAAqE;YACvE,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,sDAAsD;YACtD,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,WAAW,CAAC,GAAQ;IAC3B,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAY;QACpB,SAAS,EAAG,GAAG,CAAC,UAAqB,IAAI,SAAS;QAClD,MAAM,EAAE;YACN,KAAK,EAAE,GAAG,CAAC,YAAyB;YACpC,OAAO,EAAE,GAAG,CAAC,cAAc;gBACzB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,cAAwB,CAAC;gBAC1C,CAAC,CAAC,SAAS;YACb,SAAS,EAAE,GAAG,CAAC,gBAA0B;SAC1C;QACD,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAiB,CAAC;QAC1C,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAmB,CAAC;QAC9C,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAkB,CAAC,CAAC,CAAC,CAAC,SAAS;QACvE,UAAU,EAAG,GAAG,CAAC,WAA6B,IAAI,IAAI;KACvD,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAe;IAC1C,MAAM,YAAY,GAAG,MAMR,CAAC;IACd,OAAO,CACL,YAAY,EAAE,YAAY,IAAI,YAAY,EAAE,QAAQ,IAAI,YAAY,EAAE,KAAK,CAC5E,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,OAAgB,EAChB,SAAkB,EAClB,QAAkC,EAClC,UAA0B;IAE1B,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,MAAM,IAAI,GAAS;QACjB,EAAE;QACF,SAAS;QACT,MAAM,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE;QACzC,OAAO,EAAE,CAAC,OAAO,CAAC;QAClB,SAAS,EAAE,EAAE;QACb,QAAQ;KACT,CAAC;IAEF,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,iLAAiL;QACtL,IAAI,EAAE;YACJ,EAAE;YACF,SAAS,IAAI,IAAI;YACjB,WAAW;YACX,SAAS;YACT,IAAI,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC;YACzB,IAAI;YACJ,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;YAC1C,UAAU,IAAI,IAAI;YAClB,GAAG;YACH,GAAG;SACJ;KACF,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAU;IAC3C,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,gDAAgD;QACrD,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,MAAM,UAAU,GAAI,IAAI,CAAC,CAAC,CAAS,CAAC,WAAW,CAAC;IAChD,OAAO,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1E,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,EAAU;IAEV,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;;;yDAKgD;QACrD,IAAI,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KAC3B,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,IAAI,QAAQ,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,sCAAsC;QAC3C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,EAAU;IAMtD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,2EAA2E;QAChF,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAQ,CAAC;IAC3B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,OAAO;QACL,EAAE,EAAE,GAAG,CAAC,EAAY;QACpB,WAAW,EAAE,GAAG,CAAC,YAAsB;QACvC,QAAQ,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAkB,CAAC,CAAC,CAAC,CAAC,SAAS;QACvE,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC;KACvC,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAAC,EAAU;IACzD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;yDAGgD;QACrD,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC;KAChB,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,EAAU;IACrD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;4CAGmC;QACxC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC;KAChB,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,EAAU,EACV,gBAAwB;IAExB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;;;;gCAMuB;QAC5B,IAAI,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,gBAAgB,CAAC;KAC7C,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,EAAU,EACV,gBAAwB,EACxB,MAAc;IAEd,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,OAAO,GAAY;QACvB,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;KACxC,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE;;;;;;;gCAOuB;QAC5B,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,EAAE,gBAAgB,CAAC;KACtE,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC7C,OAAO,QAAQ,KAAK,CAAC,CAAC;AACxB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,EAAU;IACtC,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,sCAAsC;QAC3C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,EAAU,EACV,MAIC;IAED,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,oBAAoB;IACpB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,sCAAsC;QAC3C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG;YACZ,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO;YAC9C,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,0IAA0I;QAC/I,IAAI,EAAE;YACJ,IAAI,CAAC,MAAM,CAAC,KAAK;YACjB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;YAChE,IAAI,CAAC,MAAM,CAAC,SAAS;YACrB,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;YAC5B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC;YAC9B,GAAG;YACH,EAAE;SACH;KACF,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,EAAU,EACV,OAAgB;IAEhB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE;;;;;uEAK8D;QACnE,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC;KACpD,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,SAAkB;IAChD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAE3B,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YACpC,GAAG,EAAE,uEAAuE;YAC5E,IAAI,EAAE,CAAC,SAAS,CAAC;SAClB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CACnC,kDAAkD,CACnD,CAAC;IACF,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AAC/B,CAAC","sourcesContent":["import crypto from \"crypto\";\nimport { getDbExec, intType } from \"../db/client.js\";\nimport type { Task, Message, TaskState, Artifact } from \"./types.js\";\n\nlet _initPromise: Promise<void> | undefined;\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS a2a_tasks (\n id TEXT PRIMARY KEY,\n context_id TEXT,\n status_state TEXT NOT NULL DEFAULT 'submitted',\n status_message TEXT,\n status_timestamp TEXT NOT NULL,\n history TEXT NOT NULL DEFAULT '[]',\n artifacts TEXT NOT NULL DEFAULT '[]',\n metadata TEXT,\n created_at ${intType()} NOT NULL,\n updated_at ${intType()} NOT NULL\n )\n `);\n // Additive migration: owner_email column. Bound to the JWT-verified\n // caller at task-creation time so handleGet / handleCancel can reject\n // mismatched callers (the IDOR class fixed in PR #369). Existing rows\n // have NULL owner_email and remain accessible to legacy callers via\n // the legacy-token apiKeyEnv path; new rows are scoped from this point\n // forward.\n try {\n await client.execute(\n `ALTER TABLE a2a_tasks ADD COLUMN owner_email TEXT`,\n );\n } catch {\n // Column already exists — expected on every restart after first run.\n }\n })().catch((err) => {\n // Retry init on the next call after a failed startup.\n _initPromise = undefined;\n throw err;\n });\n }\n return _initPromise;\n}\n\nfunction taskFromRow(row: any): Task & { ownerEmail?: string | null } {\n return {\n id: row.id as string,\n contextId: (row.context_id as string) || undefined,\n status: {\n state: row.status_state as TaskState,\n message: row.status_message\n ? JSON.parse(row.status_message as string)\n : undefined,\n timestamp: row.status_timestamp as string,\n },\n history: JSON.parse(row.history as string),\n artifacts: JSON.parse(row.artifacts as string),\n metadata: row.metadata ? JSON.parse(row.metadata as string) : undefined,\n ownerEmail: (row.owner_email as string | null) ?? null,\n };\n}\n\nfunction getAffectedRowCount(result: unknown): number | undefined {\n const resultRecord = result as\n | {\n rowsAffected?: number;\n rowCount?: number;\n count?: number;\n }\n | undefined;\n return (\n resultRecord?.rowsAffected ?? resultRecord?.rowCount ?? resultRecord?.count\n );\n}\n\nexport async function createTask(\n message: Message,\n contextId?: string,\n metadata?: Record<string, unknown>,\n ownerEmail?: string | null,\n): Promise<Task> {\n await ensureTable();\n const client = getDbExec();\n const id = crypto.randomUUID();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n\n const task: Task = {\n id,\n contextId,\n status: { state: \"submitted\", timestamp },\n history: [message],\n artifacts: [],\n metadata,\n };\n\n await client.execute({\n sql: `INSERT INTO a2a_tasks (id, context_id, status_state, status_timestamp, history, artifacts, metadata, owner_email, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,\n args: [\n id,\n contextId ?? null,\n \"submitted\",\n timestamp,\n JSON.stringify([message]),\n \"[]\",\n metadata ? JSON.stringify(metadata) : null,\n ownerEmail ?? null,\n now,\n now,\n ],\n });\n\n return task;\n}\n\n/**\n * Fetch the verified owner email recorded against a task at creation time.\n * Returns null when the task has no owner (legacy rows or unauthenticated\n * deployments) or when the task is missing.\n *\n * Used by `handleGet` / `handleCancel` to reject IDOR access — the JWT-\n * verified caller's email must match `owner_email` to read or cancel.\n */\nexport async function getTaskOwner(id: string): Promise<string | null> {\n await ensureTable();\n const client = getDbExec();\n const { rows } = await client.execute({\n sql: `SELECT owner_email FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n if (rows.length === 0) return null;\n const ownerEmail = (rows[0] as any).owner_email;\n return typeof ownerEmail === \"string\" && ownerEmail ? ownerEmail : null;\n}\n\n/**\n * Atomically claim a task for processing. Only succeeds when the task is in\n * state 'submitted' or 'working' — flipping it to 'processing' so concurrent\n * processors can't pick it up twice. Returns the task if claimed, null if it\n * was already claimed/completed/missing.\n *\n * Used by the cross-platform async processor (`_process-task` route) to avoid\n * duplicate handler runs when retries fire.\n */\nexport async function claimA2ATaskForProcessing(\n id: string,\n): Promise<Task | null> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET status_state = 'processing',\n status_timestamp = ?,\n updated_at = ?\n WHERE id = ?\n AND status_state IN ('submitted', 'working')`,\n args: [timestamp, now, id],\n });\n const affected = getAffectedRowCount(result);\n if (affected === 0) return null;\n\n const { rows } = await client.execute({\n sql: `SELECT * FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n if (rows.length === 0) return null;\n return taskFromRow(rows[0]);\n}\n\nexport async function getA2ATaskDispatchState(id: string): Promise<{\n id: string;\n statusState: string;\n metadata: Record<string, unknown> | undefined;\n updatedAt: number;\n} | null> {\n await ensureTable();\n const client = getDbExec();\n const { rows } = await client.execute({\n sql: `SELECT id, status_state, metadata, updated_at FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n const row = rows[0] as any;\n if (!row) return null;\n return {\n id: row.id as string,\n statusState: row.status_state as string,\n metadata: row.metadata ? JSON.parse(row.metadata as string) : undefined,\n updatedAt: Number(row.updated_at ?? 0),\n };\n}\n\nexport async function touchQueuedA2ATaskDispatch(id: string): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET updated_at = ?\n WHERE id = ?\n AND status_state IN ('submitted', 'working')`,\n args: [now, id],\n });\n const affected = getAffectedRowCount(result);\n return affected !== 0;\n}\n\nexport async function touchProcessingA2ATask(id: string): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET updated_at = ?\n WHERE id = ?\n AND status_state = 'processing'`,\n args: [now, id],\n });\n const affected = getAffectedRowCount(result);\n return affected !== 0;\n}\n\nexport async function resetStuckA2ATaskForRetry(\n id: string,\n processingCutoff: number,\n): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET status_state = 'working',\n status_timestamp = ?,\n updated_at = ?\n WHERE id = ?\n AND status_state = 'processing'\n AND updated_at <= ?`,\n args: [timestamp, now, id, processingCutoff],\n });\n const affected = getAffectedRowCount(result);\n return affected !== 0;\n}\n\nexport async function failStuckA2ATask(\n id: string,\n processingCutoff: number,\n reason: string,\n): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n const message: Message = {\n role: \"agent\",\n parts: [{ type: \"text\", text: reason }],\n };\n const result = await client.execute({\n sql: `UPDATE a2a_tasks\n SET status_state = 'failed',\n status_message = ?,\n status_timestamp = ?,\n updated_at = ?\n WHERE id = ?\n AND status_state = 'processing'\n AND updated_at <= ?`,\n args: [JSON.stringify(message), timestamp, now, id, processingCutoff],\n });\n const affected = getAffectedRowCount(result);\n return affected !== 0;\n}\n\nexport async function getTask(id: string): Promise<Task | null> {\n await ensureTable();\n const client = getDbExec();\n const { rows } = await client.execute({\n sql: `SELECT * FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n if (rows.length === 0) return null;\n return taskFromRow(rows[0]);\n}\n\nexport async function updateTask(\n id: string,\n update: {\n state?: TaskState;\n message?: Message;\n artifacts?: Artifact[];\n },\n): Promise<Task | null> {\n await ensureTable();\n const client = getDbExec();\n\n // Read current task\n const { rows } = await client.execute({\n sql: `SELECT * FROM a2a_tasks WHERE id = ?`,\n args: [id],\n });\n if (rows.length === 0) return null;\n\n const task = taskFromRow(rows[0]);\n const now = Date.now();\n\n if (update.state) {\n task.status = {\n state: update.state,\n message: update.message ?? task.status.message,\n timestamp: new Date().toISOString(),\n };\n }\n\n if (update.message && task.history) {\n task.history.push(update.message);\n }\n\n if (update.artifacts) {\n task.artifacts = [...(task.artifacts ?? []), ...update.artifacts];\n }\n\n await client.execute({\n sql: `UPDATE a2a_tasks SET status_state = ?, status_message = ?, status_timestamp = ?, history = ?, artifacts = ?, updated_at = ? WHERE id = ?`,\n args: [\n task.status.state,\n task.status.message ? JSON.stringify(task.status.message) : null,\n task.status.timestamp,\n JSON.stringify(task.history),\n JSON.stringify(task.artifacts),\n now,\n id,\n ],\n });\n\n return task;\n}\n\nexport async function updateTaskStatusMessage(\n id: string,\n message: Message,\n): Promise<void> {\n await ensureTable();\n const client = getDbExec();\n const now = Date.now();\n const timestamp = new Date().toISOString();\n await client.execute({\n sql: `UPDATE a2a_tasks\n SET status_message = ?,\n status_timestamp = ?,\n updated_at = ?\n WHERE id = ?\n AND status_state IN ('submitted', 'working', 'processing')`,\n args: [JSON.stringify(message), timestamp, now, id],\n });\n}\n\nexport async function listTasks(contextId?: string): Promise<Task[]> {\n await ensureTable();\n const client = getDbExec();\n\n if (contextId) {\n const { rows } = await client.execute({\n sql: `SELECT * FROM a2a_tasks WHERE context_id = ? ORDER BY created_at DESC`,\n args: [contextId],\n });\n return rows.map(taskFromRow);\n }\n\n const { rows } = await client.execute(\n `SELECT * FROM a2a_tasks ORDER BY created_at DESC`,\n );\n return rows.map(taskFromRow);\n}\n"]}
package/dist/action.js CHANGED
@@ -160,7 +160,9 @@ function zodDefToJsonSchema(def) {
160
160
  if (desc && !prop.description)
161
161
  prop.description = desc;
162
162
  properties[key] = prop;
163
- if (fieldDef.type !== "optional" && fieldDef.type !== "default") {
163
+ if (fieldDef.type !== "optional" &&
164
+ fieldDef.type !== "default" &&
165
+ fieldDef.type !== "nullable") {
164
166
  required.push(key);
165
167
  }
166
168
  }
@@ -232,7 +234,10 @@ function zodDefToJsonSchema(def) {
232
234
  }
233
235
  if (type === "nullable") {
234
236
  if (def.innerType?._zod?.def) {
235
- return zodDefToJsonSchema(def.innerType._zod.def);
237
+ const inner = zodDefToJsonSchema(def.innerType._zod.def);
238
+ // Surface null as a valid value so the model knows it may pass null
239
+ // (and doesn't treat the field as a non-nullable required string).
240
+ return { anyOf: [inner, { type: "null" }] };
236
241
  }
237
242
  }
238
243
  if (type === "union") {
@@ -240,9 +245,22 @@ function zodDefToJsonSchema(def) {
240
245
  // Check if it's a simple enum-like union of literals
241
246
  const allLiterals = def.options.every((o) => o?._zod?.def?.type === "literal");
242
247
  if (allLiterals) {
248
+ const values = def.options.map((o) => o._zod.def.value);
249
+ const jsonTypeOf = (v) => typeof v === "number"
250
+ ? "number"
251
+ : typeof v === "boolean"
252
+ ? "boolean"
253
+ : "string";
254
+ const uniqueTypes = [...new Set(values.map(jsonTypeOf))];
255
+ if (uniqueTypes.length === 1) {
256
+ // Homogeneous literal union (e.g. all numbers) — derive the JSON
257
+ // type instead of hardcoding "string", which would contradict the
258
+ // enum values and make the model coerce/round-trip them wrongly.
259
+ return { type: uniqueTypes[0], enum: values };
260
+ }
261
+ // Mixed literal types: emit anyOf so each branch stays self-consistent.
243
262
  return {
244
- type: "string",
245
- enum: def.options.map((o) => o._zod.def.value),
263
+ anyOf: values.map((v) => ({ type: jsonTypeOf(v), enum: [v] })),
246
264
  };
247
265
  }
248
266
  return {
package/dist/action.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"action.js","sourceRoot":"","sources":["../src/action.ts"],"names":[],"mappings":"AAUA;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,eAAe,GAAG,IAAI,CAAC;IACvB,SAAS,CAAU;IACnB,UAAU,CAAU;IAE7B,YAAY,OAAe,EAAE,UAAkC,EAAE;QAC/D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACvC,CAAC;CACF;AAED,MAAM,UAAU,sBAAsB,CACpC,GAAY;IAEZ,OAAO,CACL,GAAG,YAAY,oBAAoB;QACnC,OAAO,CACL,GAAG;YACH,OAAO,GAAG,KAAK,QAAQ;YACvB,iBAAiB,IAAI,GAAG;YACvB,GAAqC,CAAC,eAAe,KAAK,IAAI,CAChE,CACF,CAAC;AACJ,CAAC;AA0CD,MAAM,CAAC,MAAM,oBAAoB,GAAG,4BAAqC,CAAC;AAC1E,MAAM,CAAC,MAAM,iBAAiB,GAAG,2BAAoC,CAAC;AACtE,MAAM,CAAC,MAAM,6BAA6B,GAAG,gBAAyB,CAAC;AA4OvE,MAAM,UAAU,YAAY,CAAC,OAAY;IACvC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,IAAI,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;IAElE,2CAA2C;IAC3C,IAAI,cAAwC,CAAC;IAC7C,IAAI,SAAS,EAAE,CAAC;QACd,oDAAoD;QACpD,cAAc,GAAG,kBAAkB,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3E,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QAC9B,cAAc,GAAG;YACf,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC;IACJ,CAAC;IAED,sDAAsD;IACtD,8EAA8E;IAC9E,kEAAkE;IAClE,MAAM,GAAG,GAAG,SAAS;QACnB,CAAC,CAAC,kBAAkB,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC;QACjE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAEhB,wEAAwE;IACxE,0EAA0E;IAC1E,wEAAwE;IACxE,wEAAwE;IACxE,MAAM,UAAU,GAAG,OAAO,CAAC,IAA4C,CAAC;IACxE,MAAM,gBAAgB,GACpB,UAAU,KAAK,KAAK;QACpB,UAAU,KAAK,SAAS;QACxB,UAAU,CAAC,MAAM,KAAK,KAAK,CAAC;IAC9B,8EAA8E;IAC9E,8EAA8E;IAC9E,2EAA2E;IAC3E,4DAA4D;IAC5D,MAAM,QAAQ,GACZ,OAAO,OAAO,CAAC,QAAQ,KAAK,SAAS;QACnC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,gBAAgB;YAChB,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,SAAS,CAAC;IAElB,uEAAuE;IACvE,0EAA0E;IAC1E,yEAAyE;IACzE,wEAAwE;IACxE,oEAAoE;IACpE,wEAAwE;IACxE,6DAA6D;IAC7D,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,YAAY,KAAK,SAAS;QACvC,CAAC,CAAC,OAAO,CAAC,YAAY;QACtB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,YAAY,KAAK,SAAS;QACvC,CAAC,CAAC,OAAO,CAAC,YAAY;QACtB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,WAAW,GACf,OAAO,CAAC,WAAW;QACnB,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ;QACvC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;QACjC,CAAC,CAAC,OAAO,CAAC,WAAW;QACrB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,IAAI,GACR,OAAO,OAAO,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAChE,MAAM,MAAM,GACV,OAAO,CAAC,MAAM;QACd,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ;QAClC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ;QAC3C,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;QACvC,CAAC,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ;YAC/C,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,UAAU,CAAC;QACnD,CAAC,CAAC,OAAO,CAAC,MAAM;QAChB,CAAC,CAAC,SAAS,CAAC;IAEhB,OAAO;QACL,IAAI,EAAE;YACJ,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,UAAU,EAAE,cAAc;SAC3B;QACD,GAAG;QACH,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChD,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,GAAG,CAAC,OAAO,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtD,GAAG,CAAC,OAAO,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,OAAO,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,MAAwB,EACxB,YAAqB;IAErB,MAAM,CAAC,GAAG,MAAa,CAAC;IAExB,iEAAiE;IACjE,kDAAkD;IAClD,IAAI,CAAC,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC;gBAC7C,MAAM,EAAE,UAAU;aACnB,CAAQ,CAAC;YACV,iEAAiE;YACjE,6DAA6D;YAC7D,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACzC,OAAO,MAAM,CAAC,OAAO,CAAC;YACxB,CAAC;YACD,OAAO,MAAkC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;QACrC,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,IAAI,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC;QAChB,OAAO,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;IAED,mCAAmC;IACnC,OAAO,EAAE,IAAI,EAAE,QAAiB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CAAC,GAAQ;IAClC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IAEtB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,UAAU,GAAwB,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxB,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAU,EAAE,CAAC;gBAChE,MAAM,QAAQ,GAAG,WAAW,EAAE,IAAI,EAAE,GAAG,CAAC;gBACxC,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBAC1C,iEAAiE;oBACjE,MAAM,IAAI,GAAG,WAAW,EAAE,WAAW,CAAC;oBACtC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW;wBAAE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;oBACvD,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;oBACvB,IAAI,QAAQ,CAAC,IAAI,KAAK,UAAU,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;wBAChE,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACrB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;QACnD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACvC,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QAC5D,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACpE,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACxC,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,4DAA4D;QAC5D,iCAAiC;QACjC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAC5B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YACvC,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;gBAC/C,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;gBACxB,CAAC,CAAC,OAAO,CAAC;QACd,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;QACzD,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YAC3B,MAAM,CAAC,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YAC7B,OAAO,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzD,KAAK,CAAC,OAAO;gBACX,OAAO,GAAG,CAAC,YAAY,KAAK,UAAU;oBACpC,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE;oBACpB,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YAC7B,OAAO,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,IAAI,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;YACxB,qDAAqD;YACrD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CACnC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,KAAK,SAAS,CAC7C,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO;oBACL,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;iBACpD,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAChC,kBAAkB,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC,CACtC;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,WAAW;IACX,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,MAAwB,EACxB,GAAa,EACb,cAAyC;IAEzC,OAAO,KAAK,EAAE,IAAS,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,wEAAwE;YACxE,6EAA6E;YAC7E,MAAM,OAAO,GAAa,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI;oBACxB,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;oBACtE,CAAC,CAAC,EAAE,CAAC;gBACP,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;gBACxC,mEAAmE;gBACnE,mDAAmD;gBACnD,IACE,OAAO;oBACP,CAAC,GAAG,KAAK,UAAU;wBACjB,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC;wBAC/B,+BAA+B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC5C,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACxB,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,KAAK,CAAC,IAAI,CACR,6BAA6B,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;YACJ,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAC/B,CAAC;YAED,oEAAoE;YACpE,6DAA6D;YAC7D,IAAI,QAAgB,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBAChC,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG;oBAAE,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC;YACrE,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;YAED,uEAAuE;YACvE,yEAAyE;YACzE,wCAAwC;YACxC,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,IAAI,cAAc,EAAE,UAAU,EAAE,CAAC;gBAC/B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;gBACxD,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC;qBAClD,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;oBACd,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;oBACzC,MAAM,IAAI,GAAI,CAAuB,CAAC,IAAI,IAAI,KAAK,CAAC;oBACpD,OAAO,GAAG,CAAC,GAAG,IAAI,KAAK,IAAI,EAAE,CAAC;gBAChC,CAAC,CAAC;qBACD,IAAI,CAAC,IAAI,CAAC,CAAC;gBACd,IAAI,GAAG;oBACL,QAAQ,GAAG,gBAAgB,GAAG,wCAAwC,CAAC;YAC3E,CAAC;YAED,MAAM,IAAI,KAAK,CACb,+BAA+B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,QAAQ,IAAI,QAAQ,EAAE,CACrF,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAE,MAA8C,CAAC,KAAK,CAAC,CAAC;IACpE,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import type { ActionTool } from \"./agent/types.js\";\nimport type { StandardSchemaV1 } from \"@standard-schema/spec\";\n\nexport interface AgentActionStopOptions {\n /** Optional stable code surfaced in run metadata and tests. */\n errorCode?: string;\n /** Optional short tool-result text. Defaults to the user-facing message. */\n toolResult?: string;\n}\n\n/**\n * Throw from an action when the agent should stop the current turn instead of\n * feeding the failure back to the model for another retry.\n */\nexport class AgentActionStopError extends Error {\n readonly agentNativeStop = true;\n readonly errorCode?: string;\n readonly toolResult?: string;\n\n constructor(message: string, options: AgentActionStopOptions = {}) {\n super(message);\n this.name = \"AgentActionStopError\";\n this.errorCode = options.errorCode;\n this.toolResult = options.toolResult;\n }\n}\n\nexport function isAgentActionStopError(\n err: unknown,\n): err is AgentActionStopError {\n return (\n err instanceof AgentActionStopError ||\n Boolean(\n err &&\n typeof err === \"object\" &&\n \"agentNativeStop\" in err &&\n (err as { agentNativeStop?: unknown }).agentNativeStop === true,\n )\n );\n}\n\n/** HTTP exposure config for an action. */\nexport interface ActionHttpConfig {\n /** HTTP method. Default: \"POST\". Use \"GET\" for read-only actions. */\n method?: \"GET\" | \"POST\" | \"PUT\" | \"DELETE\";\n /** Override route path under /_agent-native/actions/. Default: action filename. */\n path?: string;\n}\n\n/** Explicit opt-in metadata for public agent protocols such as MCP or A2A. */\nexport interface PublicAgentActionConfig {\n expose: boolean;\n readOnly: boolean;\n requiresAuth?: boolean;\n isConsequential?: boolean;\n title?: string;\n description?: string;\n}\n\n/** A deep link an external agent (MCP / A2A) can surface to the user so they\n * can open the produced/listed resource in the running app UI. */\nexport interface ActionDeepLink {\n /** App-relative path (e.g. `/_agent-native/open?app=mail&view=inbox&...`)\n * or an absolute URL. The MCP layer prefixes the request origin when this\n * is relative, and may rewrite it to the `agentnative://` desktop scheme. */\n url: string;\n /** Human-readable label, e.g. \"Open draft in Mail\". */\n label: string;\n /** Optional view hint (matches the `navigate` command `view`). */\n view?: string;\n}\n\n/** Builds a deep link from an action's args + result so external agents can\n * surface an \"Open in <app> →\" link. MUST be pure and synchronous — no I/O,\n * no awaits. Best-effort: a throw or null is swallowed and never fails the\n * tool call. See the `external-agents` skill. */\nexport type ActionLinkBuilder = (ctx: {\n args: Record<string, any>;\n result: any;\n}) => ActionDeepLink | null | undefined;\n\nexport const MCP_APP_EXTENSION_ID = \"io.modelcontextprotocol/ui\" as const;\nexport const MCP_APP_MIME_TYPE = \"text/html;profile=mcp-app\" as const;\nexport const MCP_APP_RESOURCE_URI_META_KEY = \"ui/resourceUri\" as const;\n\nexport interface ActionMcpAppCsp {\n connectDomains?: string[];\n resourceDomains?: string[];\n frameDomains?: string[];\n baseUriDomains?: string[];\n}\n\nexport type ActionMcpAppCspBuilder = (ctx: {\n actionName: string;\n appId?: string;\n requestOrigin?: string;\n}) => ActionMcpAppCsp | Promise<ActionMcpAppCsp>;\n\nexport interface ActionMcpAppPermissions {\n camera?: Record<string, never>;\n microphone?: Record<string, never>;\n geolocation?: Record<string, never>;\n clipboardWrite?: Record<string, never>;\n}\n\nexport interface ActionMcpAppResourceMeta {\n csp?: ActionMcpAppCsp | ActionMcpAppCspBuilder;\n permissions?: ActionMcpAppPermissions;\n /**\n * Host-specific sandbox domain hint. Do not set this to the app's normal\n * production URL; app origins belong in CSP/open-link metadata. ChatGPT uses\n * the separate `openai/widgetDomain` compatibility field.\n */\n domain?: string;\n prefersBorder?: boolean;\n}\n\nexport type ActionMcpAppHtmlBuilder = (ctx: {\n actionName: string;\n appId?: string;\n requestOrigin?: string;\n}) => string;\n\nexport interface ActionMcpAppResourceConfig {\n /** `ui://` URI. Defaults to `ui://<app>/<action-name>`. */\n uri?: string;\n /** MCP resource name. Defaults to the action name. */\n name?: string;\n title?: string;\n description?: string;\n /**\n * HTML5 document content for the MCP App resource. Keep this self-contained\n * or declare any external origins in `csp`.\n */\n html: string | ActionMcpAppHtmlBuilder;\n /** Defaults to the MCP Apps HTML MIME type. */\n mimeType?: typeof MCP_APP_MIME_TYPE;\n /** Extra resource/content metadata. `ui` is merged with the fields below. */\n _meta?: Record<string, unknown>;\n csp?: ActionMcpAppCsp | ActionMcpAppCspBuilder;\n permissions?: ActionMcpAppPermissions;\n /**\n * Host-specific sandbox domain hint. Do not set this to the app's normal\n * production URL; app origins belong in CSP/open-link metadata. ChatGPT uses\n * the separate `openai/widgetDomain` compatibility field.\n */\n domain?: string;\n prefersBorder?: boolean;\n}\n\nexport interface ActionMcpAppConfig {\n resource: ActionMcpAppResourceConfig;\n /**\n * MCP Apps tool visibility. Defaults to model + app so the LLM can call the\n * action and the app iframe can call it back through the host bridge.\n */\n visibility?: Array<\"model\" | \"app\">;\n /**\n * Rare escape hatch for MCP Apps chat hosts. By default OAuth callers with\n * `mcp:apps` see the generic app tools (`open_app`, `list_apps`, etc.) so\n * hosts do not ingest every action-specific UI resource. Set this only when\n * this specific action must stay visible in that compact catalog.\n */\n compactCatalog?: boolean;\n}\n\n/** Schema definition for a single action parameter (legacy JSON schema style). */\nexport interface ParameterSchema {\n type: string;\n description?: string;\n enum?: string[];\n}\n\n/** Infer runtime parameter types from a legacy parameter schema map. */\ntype InferParams<T extends Record<string, ParameterSchema> | undefined> =\n T extends Record<string, ParameterSchema>\n ? { [K in keyof T]?: string }\n : Record<string, string>;\n\n// ---------------------------------------------------------------------------\n// Schema-based action options (new: Zod / Valibot / ArkType via Standard Schema)\n// ---------------------------------------------------------------------------\n\ninterface DefineActionWithSchema<\n TSchema extends StandardSchemaV1,\n TReturn = any,\n> {\n description: string;\n /** Standard Schema-compatible schema (Zod, Valibot, ArkType). Provides runtime\n * validation and full TypeScript type inference for `run()` args. The schema is\n * also converted to JSON Schema for the Claude API tool definition. */\n schema: TSchema;\n /** Legacy parameters — ignored when `schema` is provided. */\n parameters?: never;\n run: (\n args: StandardSchemaV1.InferOutput<TSchema>,\n ) => Promise<TReturn> | TReturn;\n http?: ActionHttpConfig | false;\n /** If true, the framework will NOT emit a screen-refresh change event after a\n * successful call. Auto-inferred as `true` when `http.method === \"GET\"`.\n * Only set this manually when you need to override the inference — e.g. a\n * POST action that only reads data but can't use GET for a protocol reason. */\n readOnly?: boolean;\n /** If true, the agent may execute this action concurrently with other\n * read-only or parallel-safe tool calls emitted in the same model turn.\n * Only set this for mutating actions that are internally concurrency-safe\n * and order-independent for same-turn execution. */\n parallelSafe?: boolean;\n /** Whether this action may be invoked from the tools (Alpine iframe) bridge\n * via `appAction(name, params)` — see `packages/core/docs/content/actions.md`\n * (\"Tools Callability\"). **Default-allow opt-out**: undefined / `true` both\n * allow tool-iframe calls; only an explicit `false` returns 403. Set to\n * `false` for high-blast-radius admin operations (account deletion, org\n * membership changes, anything that modifies auth state) — used by the\n * framework's `share-resource`, `unshare-resource`, and\n * `set-resource-visibility` for defense-in-depth. Regular UI/agent/CLI/MCP/A2A\n * calls are unaffected. Enforced by the action HTTP route layer — see\n * `packages/core/src/server/action-routes.ts`. Audit reference: H5 in\n * `security-audit/05-tools-sandbox.md`. */\n toolCallable?: boolean;\n /** Explicit public-agent exposure metadata. Public web routes never imply\n * public MCP/A2A/OpenAPI tool exposure. Actions must opt in here and public\n * protocol mounts must still filter for safe, route-appropriate tools. */\n publicAgent?: PublicAgentActionConfig;\n /** Optional deep-link builder. When set, MCP/A2A surfaces append an\n * \"Open in <app> →\" link built from the call's args + result so the\n * external agent can drop the user into the running app at the right\n * view/record. Pure + sync + best-effort. See the `external-agents` skill. */\n link?: ActionLinkBuilder;\n /** Optional MCP Apps UI resource for hosts that can render inline\n * interactive app iframes. Text/deep-link tool results remain the fallback\n * for CLI and non-UI hosts. */\n mcpApp?: ActionMcpAppConfig;\n}\n\n// ---------------------------------------------------------------------------\n// Legacy parameter-based action options\n// ---------------------------------------------------------------------------\n\ninterface DefineActionWithParams<\n TParams extends Record<string, ParameterSchema> | undefined =\n | Record<string, ParameterSchema>\n | undefined,\n TReturn = any,\n> {\n description: string;\n /** Flat map of parameter names to their schema. Automatically wrapped in\n * `{ type: \"object\", properties: ... }` for the Claude API. */\n parameters?: TParams;\n /** Standard Schema — not used in this overload. */\n schema?: never;\n run: (args: InferParams<TParams>) => Promise<TReturn> | TReturn;\n http?: ActionHttpConfig | false;\n /** If true, the framework will NOT emit a screen-refresh change event after a\n * successful call. Auto-inferred as `true` when `http.method === \"GET\"`. */\n readOnly?: boolean;\n /** If true, the agent may execute this action concurrently with other\n * read-only or parallel-safe tool calls emitted in the same model turn. */\n parallelSafe?: boolean;\n /** Whether this action may be invoked from the tools (Alpine iframe) bridge\n * via `appAction(name, params)`. See the schema overload above for details\n * and the `toolCallable` section in actions.md. */\n toolCallable?: boolean;\n /** Explicit public-agent exposure metadata. See schema overload above. */\n publicAgent?: PublicAgentActionConfig;\n /** Optional deep-link builder. See schema overload above. */\n link?: ActionLinkBuilder;\n /** Optional MCP Apps UI resource. See schema overload above. */\n mcpApp?: ActionMcpAppConfig;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Define an agent action. Place in `actions/` directory — auto-discovered by the framework.\n *\n * Supports two modes:\n *\n * **Schema mode (recommended)** — pass a Standard Schema-compatible schema (Zod, Valibot,\n * ArkType) for runtime validation and full type inference:\n *\n * ```ts\n * import { defineAction } from \"@agent-native/core\";\n * import { z } from \"zod\";\n *\n * export default defineAction({\n * description: \"Create a form\",\n * schema: z.object({\n * title: z.string().describe(\"Form title\"),\n * status: z.enum([\"draft\", \"published\", \"closed\"]).default(\"draft\"),\n * }),\n * run: async (args) => {\n * // args is { title: string; status: \"draft\" | \"published\" | \"closed\" }\n * // Already validated — invalid inputs never reach here\n * },\n * });\n * ```\n *\n * **Parameters mode (legacy)** — pass raw JSON schema-like parameter definitions:\n *\n * ```ts\n * export default defineAction({\n * description: \"List events\",\n * parameters: {\n * from: { type: \"string\", description: \"Start date\" },\n * },\n * run: async (args) => { ... },\n * });\n * ```\n */\nexport function defineAction<TSchema extends StandardSchemaV1, TReturn>(\n options: DefineActionWithSchema<TSchema, TReturn>,\n): any;\nexport function defineAction<\n TParams extends Record<string, ParameterSchema> | undefined,\n TReturn,\n>(options: DefineActionWithParams<TParams, TReturn>): any;\nexport function defineAction(options: any) {\n const hasSchema = options.schema && \"~standard\" in options.schema;\n\n // Build tool definition for the Claude API\n let toolParameters: ActionTool[\"parameters\"];\n if (hasSchema) {\n // Convert Standard Schema to JSON Schema for Claude\n toolParameters = schemaToJsonSchema(options.schema, options.description);\n } else if (options.parameters) {\n toolParameters = {\n type: \"object\" as const,\n properties: options.parameters,\n };\n }\n\n // Wrap run() with validation when schema is provided.\n // Pass toolParameters so the validation error can echo the expected signature\n // (required vs optional fields) and help the caller self-correct.\n const run = hasSchema\n ? wrapWithValidation(options.schema, options.run, toolParameters)\n : options.run;\n\n // Auto-infer readOnly from http.method === \"GET\" unless explicitly set.\n // GET actions are idempotent reads; their completion should NOT trigger a\n // screen refresh. Everything else is assumed to mutate — the dispatcher\n // emits a change event on success so the UI auto-refetches its queries.\n const httpConfig = options.http as ActionHttpConfig | false | undefined;\n const inferredReadOnly =\n httpConfig !== false &&\n httpConfig !== undefined &&\n httpConfig.method === \"GET\";\n // Explicit `readOnly` (true OR false) wins. Otherwise infer from http.method.\n // We store the resolved boolean so downstream checks can trust entry.readOnly\n // without re-running method inference — including when a caller explicitly\n // passes readOnly:false to override a GET (rare but valid).\n const readOnly: boolean | undefined =\n typeof options.readOnly === \"boolean\"\n ? options.readOnly\n : inferredReadOnly\n ? true\n : undefined;\n\n // toolCallable: thread through whatever the caller declared. We DO NOT\n // default to `true` here — the absence of an explicit field is meaningful\n // to the tools bridge: it lets us emit a one-shot warning when an action\n // without a declared `toolCallable` flag is invoked from a tool, so the\n // ecosystem can migrate over time. The bridge treats `undefined` as\n // \"implicit allow with a deprecation warning\"; only an explicit `false`\n // refuses the call. See `extensions/routes.ts` and audit H5.\n const toolCallable: boolean | undefined =\n typeof options.toolCallable === \"boolean\"\n ? options.toolCallable\n : undefined;\n const parallelSafe: boolean | undefined =\n typeof options.parallelSafe === \"boolean\"\n ? options.parallelSafe\n : undefined;\n const publicAgent: PublicAgentActionConfig | undefined =\n options.publicAgent &&\n typeof options.publicAgent === \"object\" &&\n !Array.isArray(options.publicAgent)\n ? options.publicAgent\n : undefined;\n const link: ActionLinkBuilder | undefined =\n typeof options.link === \"function\" ? options.link : undefined;\n const mcpApp: ActionMcpAppConfig | undefined =\n options.mcpApp &&\n typeof options.mcpApp === \"object\" &&\n !Array.isArray(options.mcpApp) &&\n options.mcpApp.resource &&\n typeof options.mcpApp.resource === \"object\" &&\n !Array.isArray(options.mcpApp.resource) &&\n (typeof options.mcpApp.resource.html === \"string\" ||\n typeof options.mcpApp.resource.html === \"function\")\n ? options.mcpApp\n : undefined;\n\n return {\n tool: {\n description: options.description,\n parameters: toolParameters,\n },\n run,\n ...(hasSchema ? { schema: options.schema } : {}),\n ...(options.http !== undefined ? { http: options.http } : {}),\n ...(typeof readOnly === \"boolean\" ? { readOnly } : {}),\n ...(typeof parallelSafe === \"boolean\" ? { parallelSafe } : {}),\n ...(typeof toolCallable === \"boolean\" ? { toolCallable } : {}),\n ...(publicAgent ? { publicAgent } : {}),\n ...(link ? { link } : {}),\n ...(mcpApp ? { mcpApp } : {}),\n };\n}\n\n// ---------------------------------------------------------------------------\n// Schema → JSON Schema conversion\n// ---------------------------------------------------------------------------\n\n/**\n * Convert a Standard Schema to JSON Schema for the Claude API.\n * Tries vendor-specific toJSONSchema first (Zod v4), then falls back\n * to a basic introspection of the schema shape.\n */\nfunction schemaToJsonSchema(\n schema: StandardSchemaV1,\n _description?: string,\n): ActionTool[\"parameters\"] {\n const s = schema as any;\n\n // Prefer Zod's own JSON Schema output — it handles descriptions,\n // enums, coerce, and all type wrappers correctly.\n if (s[\"~standard\"]?.jsonSchema?.input) {\n try {\n const result = s[\"~standard\"].jsonSchema.input({\n target: \"draft-07\",\n }) as any;\n // Strip $schema — the Claude API validates against draft 2020-12\n // and a mismatched $schema declaration can cause rejections.\n if (result && typeof result === \"object\") {\n delete result.$schema;\n }\n return result as ActionTool[\"parameters\"];\n } catch {\n // Fall through to manual converter\n }\n }\n\n // Fallback: manual conversion from Zod v4 internal defs\n if (s._zod?.def) {\n return zodDefToJsonSchema(s._zod.def);\n }\n\n // Last resort: empty object schema\n return { type: \"object\" as const, properties: {} };\n}\n\n/**\n * Convert a Zod v4 internal def to JSON Schema.\n * Handles the common types used in action parameters.\n */\nfunction zodDefToJsonSchema(def: any): any {\n const type = def.type;\n\n if (type === \"object\") {\n const properties: Record<string, any> = {};\n const required: string[] = [];\n const shape = def.shape;\n if (shape) {\n for (const [key, fieldSchema] of Object.entries(shape) as any[]) {\n const fieldDef = fieldSchema?._zod?.def;\n if (fieldDef) {\n const prop = zodDefToJsonSchema(fieldDef);\n // Zod v4 stores .describe() on the schema object, not in the def\n const desc = fieldSchema?.description;\n if (desc && !prop.description) prop.description = desc;\n properties[key] = prop;\n if (fieldDef.type !== \"optional\" && fieldDef.type !== \"default\") {\n required.push(key);\n }\n }\n }\n }\n const result: any = { type: \"object\", properties };\n if (required.length > 0) result.required = required;\n return result;\n }\n\n if (type === \"string\") {\n const result: any = { type: \"string\" };\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"number\" || type === \"float\" || type === \"int\") {\n const result: any = { type: type === \"int\" ? \"integer\" : \"number\" };\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"boolean\") {\n const result: any = { type: \"boolean\" };\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"enum\") {\n // Zod v4 stores enum entries as an object {a: \"a\", b: \"b\"};\n // JSON Schema requires an array.\n const entries = def.entries;\n const enumValues = Array.isArray(entries)\n ? entries\n : typeof entries === \"object\" && entries !== null\n ? Object.values(entries)\n : entries;\n const result: any = { type: \"string\", enum: enumValues };\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"literal\") {\n return { type: typeof def.value, enum: [def.value] };\n }\n\n if (type === \"array\") {\n const result: any = { type: \"array\" };\n if (def.element?._zod?.def) {\n result.items = zodDefToJsonSchema(def.element._zod.def);\n }\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"optional\") {\n if (def.innerType?._zod?.def) {\n return zodDefToJsonSchema(def.innerType._zod.def);\n }\n }\n\n if (type === \"default\") {\n if (def.innerType?._zod?.def) {\n const inner = zodDefToJsonSchema(def.innerType._zod.def);\n inner.default =\n typeof def.defaultValue === \"function\"\n ? def.defaultValue()\n : def.defaultValue;\n return inner;\n }\n }\n\n if (type === \"nullable\") {\n if (def.innerType?._zod?.def) {\n return zodDefToJsonSchema(def.innerType._zod.def);\n }\n }\n\n if (type === \"union\") {\n if (def.options?.length) {\n // Check if it's a simple enum-like union of literals\n const allLiterals = def.options.every(\n (o: any) => o?._zod?.def?.type === \"literal\",\n );\n if (allLiterals) {\n return {\n type: \"string\",\n enum: def.options.map((o: any) => o._zod.def.value),\n };\n }\n return {\n anyOf: def.options.map((o: any) =>\n zodDefToJsonSchema(o._zod?.def ?? {}),\n ),\n };\n }\n }\n\n // Fallback\n return { type: \"string\" };\n}\n\n// ---------------------------------------------------------------------------\n// Runtime validation wrapper\n// ---------------------------------------------------------------------------\n\n/**\n * Wrap an action's run function with schema validation.\n * Invalid inputs get a clear error message (including what was actually passed)\n * so the agent can see its own mistake and correct it on the next turn.\n */\nfunction wrapWithValidation(\n schema: StandardSchemaV1,\n run: Function,\n toolParameters?: ActionTool[\"parameters\"],\n): (args: any) => any {\n return async (args: any) => {\n const result = await schema[\"~standard\"].validate(args);\n if (result.issues) {\n // Split issues into \"missing required field\" vs other validation errors\n // so the error message reads naturally rather than as \"fieldName: Required\".\n const missing: string[] = [];\n const other: string[] = [];\n for (const issue of result.issues) {\n const pathStr = issue.path\n ? issue.path.map((p) => (typeof p === \"object\" ? p.key : p)).join(\".\")\n : \"\";\n const msg = String(issue.message ?? \"\");\n // Zod emits \"Required\" for missing fields; other libraries may use\n // similar wording. Treat any variant as \"missing\".\n if (\n pathStr &&\n (msg === \"Required\" ||\n /invalid.*undefined/i.test(msg) ||\n /expected.*received undefined/i.test(msg))\n ) {\n missing.push(pathStr);\n } else {\n other.push(pathStr ? `${pathStr}: ${msg}` : msg);\n }\n }\n\n const parts: string[] = [];\n if (missing.length > 0) {\n parts.push(\n `Missing required parameter${missing.length === 1 ? \"\" : \"s\"}: ${missing.join(\", \")}`,\n );\n }\n if (other.length > 0) {\n parts.push(other.join(\"; \"));\n }\n\n // Echo the args that were actually passed so the caller (usually an\n // agent) can see exactly what it sent and fix its next call.\n let received: string;\n try {\n received = JSON.stringify(args);\n if (received.length > 500) received = received.slice(0, 500) + \"…\";\n } catch {\n received = String(args);\n }\n\n // Also show the EXPECTED signature so the agent doesn't have to guess.\n // Format: `{ deckId*: string, content*: string, slideId?: string, ... }`\n // where `*` = required, `?` = optional.\n let expected = \"\";\n if (toolParameters?.properties) {\n const required = new Set(toolParameters.required ?? []);\n const sig = Object.entries(toolParameters.properties)\n .map(([k, v]) => {\n const mark = required.has(k) ? \"*\" : \"?\";\n const type = (v as { type?: string }).type ?? \"any\";\n return `${k}${mark}: ${type}`;\n })\n .join(\", \");\n if (sig)\n expected = ` Expected: { ${sig} } (where * = required, ? = optional).`;\n }\n\n throw new Error(\n `Invalid action parameters — ${parts.join(\". \")}. Received: ${received}.${expected}`,\n );\n }\n return run((result as StandardSchemaV1.SuccessResult<any>).value);\n };\n}\n"]}
1
+ {"version":3,"file":"action.js","sourceRoot":"","sources":["../src/action.ts"],"names":[],"mappings":"AAUA;;;GAGG;AACH,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IACpC,eAAe,GAAG,IAAI,CAAC;IACvB,SAAS,CAAU;IACnB,UAAU,CAAU;IAE7B,YAAY,OAAe,EAAE,UAAkC,EAAE;QAC/D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;QACnC,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACvC,CAAC;CACF;AAED,MAAM,UAAU,sBAAsB,CACpC,GAAY;IAEZ,OAAO,CACL,GAAG,YAAY,oBAAoB;QACnC,OAAO,CACL,GAAG;YACH,OAAO,GAAG,KAAK,QAAQ;YACvB,iBAAiB,IAAI,GAAG;YACvB,GAAqC,CAAC,eAAe,KAAK,IAAI,CAChE,CACF,CAAC;AACJ,CAAC;AA0CD,MAAM,CAAC,MAAM,oBAAoB,GAAG,4BAAqC,CAAC;AAC1E,MAAM,CAAC,MAAM,iBAAiB,GAAG,2BAAoC,CAAC;AACtE,MAAM,CAAC,MAAM,6BAA6B,GAAG,gBAAyB,CAAC;AA4OvE,MAAM,UAAU,YAAY,CAAC,OAAY;IACvC,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,IAAI,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC;IAElE,2CAA2C;IAC3C,IAAI,cAAwC,CAAC;IAC7C,IAAI,SAAS,EAAE,CAAC;QACd,oDAAoD;QACpD,cAAc,GAAG,kBAAkB,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3E,CAAC;SAAM,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QAC9B,cAAc,GAAG;YACf,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC;IACJ,CAAC;IAED,sDAAsD;IACtD,8EAA8E;IAC9E,kEAAkE;IAClE,MAAM,GAAG,GAAG,SAAS;QACnB,CAAC,CAAC,kBAAkB,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,EAAE,cAAc,CAAC;QACjE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAEhB,wEAAwE;IACxE,0EAA0E;IAC1E,wEAAwE;IACxE,wEAAwE;IACxE,MAAM,UAAU,GAAG,OAAO,CAAC,IAA4C,CAAC;IACxE,MAAM,gBAAgB,GACpB,UAAU,KAAK,KAAK;QACpB,UAAU,KAAK,SAAS;QACxB,UAAU,CAAC,MAAM,KAAK,KAAK,CAAC;IAC9B,8EAA8E;IAC9E,8EAA8E;IAC9E,2EAA2E;IAC3E,4DAA4D;IAC5D,MAAM,QAAQ,GACZ,OAAO,OAAO,CAAC,QAAQ,KAAK,SAAS;QACnC,CAAC,CAAC,OAAO,CAAC,QAAQ;QAClB,CAAC,CAAC,gBAAgB;YAChB,CAAC,CAAC,IAAI;YACN,CAAC,CAAC,SAAS,CAAC;IAElB,uEAAuE;IACvE,0EAA0E;IAC1E,yEAAyE;IACzE,wEAAwE;IACxE,oEAAoE;IACpE,wEAAwE;IACxE,6DAA6D;IAC7D,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,YAAY,KAAK,SAAS;QACvC,CAAC,CAAC,OAAO,CAAC,YAAY;QACtB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,YAAY,KAAK,SAAS;QACvC,CAAC,CAAC,OAAO,CAAC,YAAY;QACtB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,WAAW,GACf,OAAO,CAAC,WAAW;QACnB,OAAO,OAAO,CAAC,WAAW,KAAK,QAAQ;QACvC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;QACjC,CAAC,CAAC,OAAO,CAAC,WAAW;QACrB,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,IAAI,GACR,OAAO,OAAO,CAAC,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAChE,MAAM,MAAM,GACV,OAAO,CAAC,MAAM;QACd,OAAO,OAAO,CAAC,MAAM,KAAK,QAAQ;QAClC,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ;QACvB,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,KAAK,QAAQ;QAC3C,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;QACvC,CAAC,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ;YAC/C,OAAO,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,KAAK,UAAU,CAAC;QACnD,CAAC,CAAC,OAAO,CAAC,MAAM;QAChB,CAAC,CAAC,SAAS,CAAC;IAEhB,OAAO;QACL,IAAI,EAAE;YACJ,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,UAAU,EAAE,cAAc;SAC3B;QACD,GAAG;QACH,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChD,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,GAAG,CAAC,OAAO,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtD,GAAG,CAAC,OAAO,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,OAAO,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzB,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,kCAAkC;AAClC,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,MAAwB,EACxB,YAAqB;IAErB,MAAM,CAAC,GAAG,MAAa,CAAC;IAExB,iEAAiE;IACjE,kDAAkD;IAClD,IAAI,CAAC,CAAC,WAAW,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC;gBAC7C,MAAM,EAAE,UAAU;aACnB,CAAQ,CAAC;YACV,iEAAiE;YACjE,6DAA6D;YAC7D,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACzC,OAAO,MAAM,CAAC,OAAO,CAAC;YACxB,CAAC;YACD,OAAO,MAAkC,CAAC;QAC5C,CAAC;QAAC,MAAM,CAAC;YACP,mCAAmC;QACrC,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,IAAI,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC;QAChB,OAAO,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;IAED,mCAAmC;IACnC,OAAO,EAAE,IAAI,EAAE,QAAiB,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;AACrD,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CAAC,GAAQ;IAClC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;IAEtB,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,UAAU,GAAwB,EAAE,CAAC;QAC3C,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACxB,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,MAAM,CAAC,GAAG,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAU,EAAE,CAAC;gBAChE,MAAM,QAAQ,GAAG,WAAW,EAAE,IAAI,EAAE,GAAG,CAAC;gBACxC,IAAI,QAAQ,EAAE,CAAC;oBACb,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBAC1C,iEAAiE;oBACjE,MAAM,IAAI,GAAG,WAAW,EAAE,WAAW,CAAC;oBACtC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW;wBAAE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;oBACvD,UAAU,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;oBACvB,IACE,QAAQ,CAAC,IAAI,KAAK,UAAU;wBAC5B,QAAQ,CAAC,IAAI,KAAK,SAAS;wBAC3B,QAAQ,CAAC,IAAI,KAAK,UAAU,EAC5B,CAAC;wBACD,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;oBACrB,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;QACnD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;YAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QACvC,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QAC5D,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACpE,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACxC,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,MAAM,EAAE,CAAC;QACpB,4DAA4D;QAC5D,iCAAiC;QACjC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAC5B,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YACvC,CAAC,CAAC,OAAO;YACT,CAAC,CAAC,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;gBAC/C,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC;gBACxB,CAAC,CAAC,OAAO,CAAC;QACd,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;QACzD,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,IAAI,EAAE,OAAO,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;IACvD,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,MAAM,GAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QACtC,IAAI,GAAG,CAAC,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YAC3B,MAAM,CAAC,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,GAAG,CAAC,WAAW;YAAE,MAAM,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QAC1D,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YAC7B,OAAO,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,IAAI,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzD,KAAK,CAAC,OAAO;gBACX,OAAO,GAAG,CAAC,YAAY,KAAK,UAAU;oBACpC,CAAC,CAAC,GAAG,CAAC,YAAY,EAAE;oBACpB,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,kBAAkB,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzD,oEAAoE;YACpE,mEAAmE;YACnE,OAAO,EAAE,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;QACrB,IAAI,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;YACxB,qDAAqD;YACrD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CACnC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,KAAK,SAAS,CAC7C,CAAC;YACF,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBAC7D,MAAM,UAAU,GAAG,CAAC,CAAM,EAAE,EAAE,CAC5B,OAAO,CAAC,KAAK,QAAQ;oBACnB,CAAC,CAAC,QAAQ;oBACV,CAAC,CAAC,OAAO,CAAC,KAAK,SAAS;wBACtB,CAAC,CAAC,SAAS;wBACX,CAAC,CAAC,QAAQ,CAAC;gBACjB,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;gBACzD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBAC7B,iEAAiE;oBACjE,kEAAkE;oBAClE,iEAAiE;oBACjE,OAAO,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;gBAChD,CAAC;gBACD,wEAAwE;gBACxE,OAAO;oBACL,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;iBACpE,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAChC,kBAAkB,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC,CACtC;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,WAAW;IACX,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,6BAA6B;AAC7B,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,kBAAkB,CACzB,MAAwB,EACxB,GAAa,EACb,cAAyC;IAEzC,OAAO,KAAK,EAAE,IAAS,EAAE,EAAE;QACzB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,wEAAwE;YACxE,6EAA6E;YAC7E,MAAM,OAAO,GAAa,EAAE,CAAC;YAC7B,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI;oBACxB,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;oBACtE,CAAC,CAAC,EAAE,CAAC;gBACP,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC;gBACxC,mEAAmE;gBACnE,mDAAmD;gBACnD,IACE,OAAO;oBACP,CAAC,GAAG,KAAK,UAAU;wBACjB,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC;wBAC/B,+BAA+B,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAC5C,CAAC;oBACD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACxB,CAAC;qBAAM,CAAC;oBACN,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,KAAK,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAa,EAAE,CAAC;YAC3B,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACvB,KAAK,CAAC,IAAI,CACR,6BAA6B,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACtF,CAAC;YACJ,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrB,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAC/B,CAAC;YAED,oEAAoE;YACpE,6DAA6D;YAC7D,IAAI,QAAgB,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBAChC,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG;oBAAE,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,GAAG,CAAC;YACrE,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;YAED,uEAAuE;YACvE,yEAAyE;YACzE,wCAAwC;YACxC,IAAI,QAAQ,GAAG,EAAE,CAAC;YAClB,IAAI,cAAc,EAAE,UAAU,EAAE,CAAC;gBAC/B,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC;gBACxD,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC;qBAClD,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE;oBACd,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;oBACzC,MAAM,IAAI,GAAI,CAAuB,CAAC,IAAI,IAAI,KAAK,CAAC;oBACpD,OAAO,GAAG,CAAC,GAAG,IAAI,KAAK,IAAI,EAAE,CAAC;gBAChC,CAAC,CAAC;qBACD,IAAI,CAAC,IAAI,CAAC,CAAC;gBACd,IAAI,GAAG;oBACL,QAAQ,GAAG,gBAAgB,GAAG,wCAAwC,CAAC;YAC3E,CAAC;YAED,MAAM,IAAI,KAAK,CACb,+BAA+B,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,QAAQ,IAAI,QAAQ,EAAE,CACrF,CAAC;QACJ,CAAC;QACD,OAAO,GAAG,CAAE,MAA8C,CAAC,KAAK,CAAC,CAAC;IACpE,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import type { ActionTool } from \"./agent/types.js\";\nimport type { StandardSchemaV1 } from \"@standard-schema/spec\";\n\nexport interface AgentActionStopOptions {\n /** Optional stable code surfaced in run metadata and tests. */\n errorCode?: string;\n /** Optional short tool-result text. Defaults to the user-facing message. */\n toolResult?: string;\n}\n\n/**\n * Throw from an action when the agent should stop the current turn instead of\n * feeding the failure back to the model for another retry.\n */\nexport class AgentActionStopError extends Error {\n readonly agentNativeStop = true;\n readonly errorCode?: string;\n readonly toolResult?: string;\n\n constructor(message: string, options: AgentActionStopOptions = {}) {\n super(message);\n this.name = \"AgentActionStopError\";\n this.errorCode = options.errorCode;\n this.toolResult = options.toolResult;\n }\n}\n\nexport function isAgentActionStopError(\n err: unknown,\n): err is AgentActionStopError {\n return (\n err instanceof AgentActionStopError ||\n Boolean(\n err &&\n typeof err === \"object\" &&\n \"agentNativeStop\" in err &&\n (err as { agentNativeStop?: unknown }).agentNativeStop === true,\n )\n );\n}\n\n/** HTTP exposure config for an action. */\nexport interface ActionHttpConfig {\n /** HTTP method. Default: \"POST\". Use \"GET\" for read-only actions. */\n method?: \"GET\" | \"POST\" | \"PUT\" | \"DELETE\";\n /** Override route path under /_agent-native/actions/. Default: action filename. */\n path?: string;\n}\n\n/** Explicit opt-in metadata for public agent protocols such as MCP or A2A. */\nexport interface PublicAgentActionConfig {\n expose: boolean;\n readOnly: boolean;\n requiresAuth?: boolean;\n isConsequential?: boolean;\n title?: string;\n description?: string;\n}\n\n/** A deep link an external agent (MCP / A2A) can surface to the user so they\n * can open the produced/listed resource in the running app UI. */\nexport interface ActionDeepLink {\n /** App-relative path (e.g. `/_agent-native/open?app=mail&view=inbox&...`)\n * or an absolute URL. The MCP layer prefixes the request origin when this\n * is relative, and may rewrite it to the `agentnative://` desktop scheme. */\n url: string;\n /** Human-readable label, e.g. \"Open draft in Mail\". */\n label: string;\n /** Optional view hint (matches the `navigate` command `view`). */\n view?: string;\n}\n\n/** Builds a deep link from an action's args + result so external agents can\n * surface an \"Open in <app> →\" link. MUST be pure and synchronous — no I/O,\n * no awaits. Best-effort: a throw or null is swallowed and never fails the\n * tool call. See the `external-agents` skill. */\nexport type ActionLinkBuilder = (ctx: {\n args: Record<string, any>;\n result: any;\n}) => ActionDeepLink | null | undefined;\n\nexport const MCP_APP_EXTENSION_ID = \"io.modelcontextprotocol/ui\" as const;\nexport const MCP_APP_MIME_TYPE = \"text/html;profile=mcp-app\" as const;\nexport const MCP_APP_RESOURCE_URI_META_KEY = \"ui/resourceUri\" as const;\n\nexport interface ActionMcpAppCsp {\n connectDomains?: string[];\n resourceDomains?: string[];\n frameDomains?: string[];\n baseUriDomains?: string[];\n}\n\nexport type ActionMcpAppCspBuilder = (ctx: {\n actionName: string;\n appId?: string;\n requestOrigin?: string;\n}) => ActionMcpAppCsp | Promise<ActionMcpAppCsp>;\n\nexport interface ActionMcpAppPermissions {\n camera?: Record<string, never>;\n microphone?: Record<string, never>;\n geolocation?: Record<string, never>;\n clipboardWrite?: Record<string, never>;\n}\n\nexport interface ActionMcpAppResourceMeta {\n csp?: ActionMcpAppCsp | ActionMcpAppCspBuilder;\n permissions?: ActionMcpAppPermissions;\n /**\n * Host-specific sandbox domain hint. Do not set this to the app's normal\n * production URL; app origins belong in CSP/open-link metadata. ChatGPT uses\n * the separate `openai/widgetDomain` compatibility field.\n */\n domain?: string;\n prefersBorder?: boolean;\n}\n\nexport type ActionMcpAppHtmlBuilder = (ctx: {\n actionName: string;\n appId?: string;\n requestOrigin?: string;\n}) => string;\n\nexport interface ActionMcpAppResourceConfig {\n /** `ui://` URI. Defaults to `ui://<app>/<action-name>`. */\n uri?: string;\n /** MCP resource name. Defaults to the action name. */\n name?: string;\n title?: string;\n description?: string;\n /**\n * HTML5 document content for the MCP App resource. Keep this self-contained\n * or declare any external origins in `csp`.\n */\n html: string | ActionMcpAppHtmlBuilder;\n /** Defaults to the MCP Apps HTML MIME type. */\n mimeType?: typeof MCP_APP_MIME_TYPE;\n /** Extra resource/content metadata. `ui` is merged with the fields below. */\n _meta?: Record<string, unknown>;\n csp?: ActionMcpAppCsp | ActionMcpAppCspBuilder;\n permissions?: ActionMcpAppPermissions;\n /**\n * Host-specific sandbox domain hint. Do not set this to the app's normal\n * production URL; app origins belong in CSP/open-link metadata. ChatGPT uses\n * the separate `openai/widgetDomain` compatibility field.\n */\n domain?: string;\n prefersBorder?: boolean;\n}\n\nexport interface ActionMcpAppConfig {\n resource: ActionMcpAppResourceConfig;\n /**\n * MCP Apps tool visibility. Defaults to model + app so the LLM can call the\n * action and the app iframe can call it back through the host bridge.\n */\n visibility?: Array<\"model\" | \"app\">;\n /**\n * Rare escape hatch for MCP Apps chat hosts. By default OAuth callers with\n * `mcp:apps` see the generic app tools (`open_app`, `list_apps`, etc.) so\n * hosts do not ingest every action-specific UI resource. Set this only when\n * this specific action must stay visible in that compact catalog.\n */\n compactCatalog?: boolean;\n}\n\n/** Schema definition for a single action parameter (legacy JSON schema style). */\nexport interface ParameterSchema {\n type: string;\n description?: string;\n enum?: string[];\n}\n\n/** Infer runtime parameter types from a legacy parameter schema map. */\ntype InferParams<T extends Record<string, ParameterSchema> | undefined> =\n T extends Record<string, ParameterSchema>\n ? { [K in keyof T]?: string }\n : Record<string, string>;\n\n// ---------------------------------------------------------------------------\n// Schema-based action options (new: Zod / Valibot / ArkType via Standard Schema)\n// ---------------------------------------------------------------------------\n\ninterface DefineActionWithSchema<\n TSchema extends StandardSchemaV1,\n TReturn = any,\n> {\n description: string;\n /** Standard Schema-compatible schema (Zod, Valibot, ArkType). Provides runtime\n * validation and full TypeScript type inference for `run()` args. The schema is\n * also converted to JSON Schema for the Claude API tool definition. */\n schema: TSchema;\n /** Legacy parameters — ignored when `schema` is provided. */\n parameters?: never;\n run: (\n args: StandardSchemaV1.InferOutput<TSchema>,\n ) => Promise<TReturn> | TReturn;\n http?: ActionHttpConfig | false;\n /** If true, the framework will NOT emit a screen-refresh change event after a\n * successful call. Auto-inferred as `true` when `http.method === \"GET\"`.\n * Only set this manually when you need to override the inference — e.g. a\n * POST action that only reads data but can't use GET for a protocol reason. */\n readOnly?: boolean;\n /** If true, the agent may execute this action concurrently with other\n * read-only or parallel-safe tool calls emitted in the same model turn.\n * Only set this for mutating actions that are internally concurrency-safe\n * and order-independent for same-turn execution. */\n parallelSafe?: boolean;\n /** Whether this action may be invoked from the tools (Alpine iframe) bridge\n * via `appAction(name, params)` — see `packages/core/docs/content/actions.md`\n * (\"Tools Callability\"). **Default-allow opt-out**: undefined / `true` both\n * allow tool-iframe calls; only an explicit `false` returns 403. Set to\n * `false` for high-blast-radius admin operations (account deletion, org\n * membership changes, anything that modifies auth state) — used by the\n * framework's `share-resource`, `unshare-resource`, and\n * `set-resource-visibility` for defense-in-depth. Regular UI/agent/CLI/MCP/A2A\n * calls are unaffected. Enforced by the action HTTP route layer — see\n * `packages/core/src/server/action-routes.ts`. Audit reference: H5 in\n * `security-audit/05-tools-sandbox.md`. */\n toolCallable?: boolean;\n /** Explicit public-agent exposure metadata. Public web routes never imply\n * public MCP/A2A/OpenAPI tool exposure. Actions must opt in here and public\n * protocol mounts must still filter for safe, route-appropriate tools. */\n publicAgent?: PublicAgentActionConfig;\n /** Optional deep-link builder. When set, MCP/A2A surfaces append an\n * \"Open in <app> →\" link built from the call's args + result so the\n * external agent can drop the user into the running app at the right\n * view/record. Pure + sync + best-effort. See the `external-agents` skill. */\n link?: ActionLinkBuilder;\n /** Optional MCP Apps UI resource for hosts that can render inline\n * interactive app iframes. Text/deep-link tool results remain the fallback\n * for CLI and non-UI hosts. */\n mcpApp?: ActionMcpAppConfig;\n}\n\n// ---------------------------------------------------------------------------\n// Legacy parameter-based action options\n// ---------------------------------------------------------------------------\n\ninterface DefineActionWithParams<\n TParams extends Record<string, ParameterSchema> | undefined =\n | Record<string, ParameterSchema>\n | undefined,\n TReturn = any,\n> {\n description: string;\n /** Flat map of parameter names to their schema. Automatically wrapped in\n * `{ type: \"object\", properties: ... }` for the Claude API. */\n parameters?: TParams;\n /** Standard Schema — not used in this overload. */\n schema?: never;\n run: (args: InferParams<TParams>) => Promise<TReturn> | TReturn;\n http?: ActionHttpConfig | false;\n /** If true, the framework will NOT emit a screen-refresh change event after a\n * successful call. Auto-inferred as `true` when `http.method === \"GET\"`. */\n readOnly?: boolean;\n /** If true, the agent may execute this action concurrently with other\n * read-only or parallel-safe tool calls emitted in the same model turn. */\n parallelSafe?: boolean;\n /** Whether this action may be invoked from the tools (Alpine iframe) bridge\n * via `appAction(name, params)`. See the schema overload above for details\n * and the `toolCallable` section in actions.md. */\n toolCallable?: boolean;\n /** Explicit public-agent exposure metadata. See schema overload above. */\n publicAgent?: PublicAgentActionConfig;\n /** Optional deep-link builder. See schema overload above. */\n link?: ActionLinkBuilder;\n /** Optional MCP Apps UI resource. See schema overload above. */\n mcpApp?: ActionMcpAppConfig;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Define an agent action. Place in `actions/` directory — auto-discovered by the framework.\n *\n * Supports two modes:\n *\n * **Schema mode (recommended)** — pass a Standard Schema-compatible schema (Zod, Valibot,\n * ArkType) for runtime validation and full type inference:\n *\n * ```ts\n * import { defineAction } from \"@agent-native/core\";\n * import { z } from \"zod\";\n *\n * export default defineAction({\n * description: \"Create a form\",\n * schema: z.object({\n * title: z.string().describe(\"Form title\"),\n * status: z.enum([\"draft\", \"published\", \"closed\"]).default(\"draft\"),\n * }),\n * run: async (args) => {\n * // args is { title: string; status: \"draft\" | \"published\" | \"closed\" }\n * // Already validated — invalid inputs never reach here\n * },\n * });\n * ```\n *\n * **Parameters mode (legacy)** — pass raw JSON schema-like parameter definitions:\n *\n * ```ts\n * export default defineAction({\n * description: \"List events\",\n * parameters: {\n * from: { type: \"string\", description: \"Start date\" },\n * },\n * run: async (args) => { ... },\n * });\n * ```\n */\nexport function defineAction<TSchema extends StandardSchemaV1, TReturn>(\n options: DefineActionWithSchema<TSchema, TReturn>,\n): any;\nexport function defineAction<\n TParams extends Record<string, ParameterSchema> | undefined,\n TReturn,\n>(options: DefineActionWithParams<TParams, TReturn>): any;\nexport function defineAction(options: any) {\n const hasSchema = options.schema && \"~standard\" in options.schema;\n\n // Build tool definition for the Claude API\n let toolParameters: ActionTool[\"parameters\"];\n if (hasSchema) {\n // Convert Standard Schema to JSON Schema for Claude\n toolParameters = schemaToJsonSchema(options.schema, options.description);\n } else if (options.parameters) {\n toolParameters = {\n type: \"object\" as const,\n properties: options.parameters,\n };\n }\n\n // Wrap run() with validation when schema is provided.\n // Pass toolParameters so the validation error can echo the expected signature\n // (required vs optional fields) and help the caller self-correct.\n const run = hasSchema\n ? wrapWithValidation(options.schema, options.run, toolParameters)\n : options.run;\n\n // Auto-infer readOnly from http.method === \"GET\" unless explicitly set.\n // GET actions are idempotent reads; their completion should NOT trigger a\n // screen refresh. Everything else is assumed to mutate — the dispatcher\n // emits a change event on success so the UI auto-refetches its queries.\n const httpConfig = options.http as ActionHttpConfig | false | undefined;\n const inferredReadOnly =\n httpConfig !== false &&\n httpConfig !== undefined &&\n httpConfig.method === \"GET\";\n // Explicit `readOnly` (true OR false) wins. Otherwise infer from http.method.\n // We store the resolved boolean so downstream checks can trust entry.readOnly\n // without re-running method inference — including when a caller explicitly\n // passes readOnly:false to override a GET (rare but valid).\n const readOnly: boolean | undefined =\n typeof options.readOnly === \"boolean\"\n ? options.readOnly\n : inferredReadOnly\n ? true\n : undefined;\n\n // toolCallable: thread through whatever the caller declared. We DO NOT\n // default to `true` here — the absence of an explicit field is meaningful\n // to the tools bridge: it lets us emit a one-shot warning when an action\n // without a declared `toolCallable` flag is invoked from a tool, so the\n // ecosystem can migrate over time. The bridge treats `undefined` as\n // \"implicit allow with a deprecation warning\"; only an explicit `false`\n // refuses the call. See `extensions/routes.ts` and audit H5.\n const toolCallable: boolean | undefined =\n typeof options.toolCallable === \"boolean\"\n ? options.toolCallable\n : undefined;\n const parallelSafe: boolean | undefined =\n typeof options.parallelSafe === \"boolean\"\n ? options.parallelSafe\n : undefined;\n const publicAgent: PublicAgentActionConfig | undefined =\n options.publicAgent &&\n typeof options.publicAgent === \"object\" &&\n !Array.isArray(options.publicAgent)\n ? options.publicAgent\n : undefined;\n const link: ActionLinkBuilder | undefined =\n typeof options.link === \"function\" ? options.link : undefined;\n const mcpApp: ActionMcpAppConfig | undefined =\n options.mcpApp &&\n typeof options.mcpApp === \"object\" &&\n !Array.isArray(options.mcpApp) &&\n options.mcpApp.resource &&\n typeof options.mcpApp.resource === \"object\" &&\n !Array.isArray(options.mcpApp.resource) &&\n (typeof options.mcpApp.resource.html === \"string\" ||\n typeof options.mcpApp.resource.html === \"function\")\n ? options.mcpApp\n : undefined;\n\n return {\n tool: {\n description: options.description,\n parameters: toolParameters,\n },\n run,\n ...(hasSchema ? { schema: options.schema } : {}),\n ...(options.http !== undefined ? { http: options.http } : {}),\n ...(typeof readOnly === \"boolean\" ? { readOnly } : {}),\n ...(typeof parallelSafe === \"boolean\" ? { parallelSafe } : {}),\n ...(typeof toolCallable === \"boolean\" ? { toolCallable } : {}),\n ...(publicAgent ? { publicAgent } : {}),\n ...(link ? { link } : {}),\n ...(mcpApp ? { mcpApp } : {}),\n };\n}\n\n// ---------------------------------------------------------------------------\n// Schema → JSON Schema conversion\n// ---------------------------------------------------------------------------\n\n/**\n * Convert a Standard Schema to JSON Schema for the Claude API.\n * Tries vendor-specific toJSONSchema first (Zod v4), then falls back\n * to a basic introspection of the schema shape.\n */\nfunction schemaToJsonSchema(\n schema: StandardSchemaV1,\n _description?: string,\n): ActionTool[\"parameters\"] {\n const s = schema as any;\n\n // Prefer Zod's own JSON Schema output — it handles descriptions,\n // enums, coerce, and all type wrappers correctly.\n if (s[\"~standard\"]?.jsonSchema?.input) {\n try {\n const result = s[\"~standard\"].jsonSchema.input({\n target: \"draft-07\",\n }) as any;\n // Strip $schema — the Claude API validates against draft 2020-12\n // and a mismatched $schema declaration can cause rejections.\n if (result && typeof result === \"object\") {\n delete result.$schema;\n }\n return result as ActionTool[\"parameters\"];\n } catch {\n // Fall through to manual converter\n }\n }\n\n // Fallback: manual conversion from Zod v4 internal defs\n if (s._zod?.def) {\n return zodDefToJsonSchema(s._zod.def);\n }\n\n // Last resort: empty object schema\n return { type: \"object\" as const, properties: {} };\n}\n\n/**\n * Convert a Zod v4 internal def to JSON Schema.\n * Handles the common types used in action parameters.\n */\nfunction zodDefToJsonSchema(def: any): any {\n const type = def.type;\n\n if (type === \"object\") {\n const properties: Record<string, any> = {};\n const required: string[] = [];\n const shape = def.shape;\n if (shape) {\n for (const [key, fieldSchema] of Object.entries(shape) as any[]) {\n const fieldDef = fieldSchema?._zod?.def;\n if (fieldDef) {\n const prop = zodDefToJsonSchema(fieldDef);\n // Zod v4 stores .describe() on the schema object, not in the def\n const desc = fieldSchema?.description;\n if (desc && !prop.description) prop.description = desc;\n properties[key] = prop;\n if (\n fieldDef.type !== \"optional\" &&\n fieldDef.type !== \"default\" &&\n fieldDef.type !== \"nullable\"\n ) {\n required.push(key);\n }\n }\n }\n }\n const result: any = { type: \"object\", properties };\n if (required.length > 0) result.required = required;\n return result;\n }\n\n if (type === \"string\") {\n const result: any = { type: \"string\" };\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"number\" || type === \"float\" || type === \"int\") {\n const result: any = { type: type === \"int\" ? \"integer\" : \"number\" };\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"boolean\") {\n const result: any = { type: \"boolean\" };\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"enum\") {\n // Zod v4 stores enum entries as an object {a: \"a\", b: \"b\"};\n // JSON Schema requires an array.\n const entries = def.entries;\n const enumValues = Array.isArray(entries)\n ? entries\n : typeof entries === \"object\" && entries !== null\n ? Object.values(entries)\n : entries;\n const result: any = { type: \"string\", enum: enumValues };\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"literal\") {\n return { type: typeof def.value, enum: [def.value] };\n }\n\n if (type === \"array\") {\n const result: any = { type: \"array\" };\n if (def.element?._zod?.def) {\n result.items = zodDefToJsonSchema(def.element._zod.def);\n }\n if (def.description) result.description = def.description;\n return result;\n }\n\n if (type === \"optional\") {\n if (def.innerType?._zod?.def) {\n return zodDefToJsonSchema(def.innerType._zod.def);\n }\n }\n\n if (type === \"default\") {\n if (def.innerType?._zod?.def) {\n const inner = zodDefToJsonSchema(def.innerType._zod.def);\n inner.default =\n typeof def.defaultValue === \"function\"\n ? def.defaultValue()\n : def.defaultValue;\n return inner;\n }\n }\n\n if (type === \"nullable\") {\n if (def.innerType?._zod?.def) {\n const inner = zodDefToJsonSchema(def.innerType._zod.def);\n // Surface null as a valid value so the model knows it may pass null\n // (and doesn't treat the field as a non-nullable required string).\n return { anyOf: [inner, { type: \"null\" }] };\n }\n }\n\n if (type === \"union\") {\n if (def.options?.length) {\n // Check if it's a simple enum-like union of literals\n const allLiterals = def.options.every(\n (o: any) => o?._zod?.def?.type === \"literal\",\n );\n if (allLiterals) {\n const values = def.options.map((o: any) => o._zod.def.value);\n const jsonTypeOf = (v: any) =>\n typeof v === \"number\"\n ? \"number\"\n : typeof v === \"boolean\"\n ? \"boolean\"\n : \"string\";\n const uniqueTypes = [...new Set(values.map(jsonTypeOf))];\n if (uniqueTypes.length === 1) {\n // Homogeneous literal union (e.g. all numbers) — derive the JSON\n // type instead of hardcoding \"string\", which would contradict the\n // enum values and make the model coerce/round-trip them wrongly.\n return { type: uniqueTypes[0], enum: values };\n }\n // Mixed literal types: emit anyOf so each branch stays self-consistent.\n return {\n anyOf: values.map((v: any) => ({ type: jsonTypeOf(v), enum: [v] })),\n };\n }\n return {\n anyOf: def.options.map((o: any) =>\n zodDefToJsonSchema(o._zod?.def ?? {}),\n ),\n };\n }\n }\n\n // Fallback\n return { type: \"string\" };\n}\n\n// ---------------------------------------------------------------------------\n// Runtime validation wrapper\n// ---------------------------------------------------------------------------\n\n/**\n * Wrap an action's run function with schema validation.\n * Invalid inputs get a clear error message (including what was actually passed)\n * so the agent can see its own mistake and correct it on the next turn.\n */\nfunction wrapWithValidation(\n schema: StandardSchemaV1,\n run: Function,\n toolParameters?: ActionTool[\"parameters\"],\n): (args: any) => any {\n return async (args: any) => {\n const result = await schema[\"~standard\"].validate(args);\n if (result.issues) {\n // Split issues into \"missing required field\" vs other validation errors\n // so the error message reads naturally rather than as \"fieldName: Required\".\n const missing: string[] = [];\n const other: string[] = [];\n for (const issue of result.issues) {\n const pathStr = issue.path\n ? issue.path.map((p) => (typeof p === \"object\" ? p.key : p)).join(\".\")\n : \"\";\n const msg = String(issue.message ?? \"\");\n // Zod emits \"Required\" for missing fields; other libraries may use\n // similar wording. Treat any variant as \"missing\".\n if (\n pathStr &&\n (msg === \"Required\" ||\n /invalid.*undefined/i.test(msg) ||\n /expected.*received undefined/i.test(msg))\n ) {\n missing.push(pathStr);\n } else {\n other.push(pathStr ? `${pathStr}: ${msg}` : msg);\n }\n }\n\n const parts: string[] = [];\n if (missing.length > 0) {\n parts.push(\n `Missing required parameter${missing.length === 1 ? \"\" : \"s\"}: ${missing.join(\", \")}`,\n );\n }\n if (other.length > 0) {\n parts.push(other.join(\"; \"));\n }\n\n // Echo the args that were actually passed so the caller (usually an\n // agent) can see exactly what it sent and fix its next call.\n let received: string;\n try {\n received = JSON.stringify(args);\n if (received.length > 500) received = received.slice(0, 500) + \"…\";\n } catch {\n received = String(args);\n }\n\n // Also show the EXPECTED signature so the agent doesn't have to guess.\n // Format: `{ deckId*: string, content*: string, slideId?: string, ... }`\n // where `*` = required, `?` = optional.\n let expected = \"\";\n if (toolParameters?.properties) {\n const required = new Set(toolParameters.required ?? []);\n const sig = Object.entries(toolParameters.properties)\n .map(([k, v]) => {\n const mark = required.has(k) ? \"*\" : \"?\";\n const type = (v as { type?: string }).type ?? \"any\";\n return `${k}${mark}: ${type}`;\n })\n .join(\", \");\n if (sig)\n expected = ` Expected: { ${sig} } (where * = required, ? = optional).`;\n }\n\n throw new Error(\n `Invalid action parameters — ${parts.join(\". \")}. Received: ${received}.${expected}`,\n );\n }\n return run((result as StandardSchemaV1.SuccessResult<any>).value);\n };\n}\n"]}
package/dist/agent/engine/ai-sdk-engine.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ai-sdk-engine.d.ts","sourceRoot":"","sources":["../../../src/agent/engine/ai-sdk-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAInB,MAAM,YAAY,CAAC;AAOpB,OAAO,EAAuB,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAK7E,YAAY,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAMxD,QAAA,MAAM,qBAAqB,EAAE,MAAM,CAAC,aAAa,EAAE,kBAAkB,CAyDpE,CAAC;AAMF,QAAA,MAAM,uBAAuB,EAKxB,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;AAEnC,QAAA,MAAM,yBAAyB,EAKf,MAAM,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC;AAEzD,QAAA,MAAM,iBAAiB,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,CAStD,CAAC;AAEF,QAAA,MAAM,iBAAiB,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CASpD,CAAC;AA0BF,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC,sFAAsF;IACtF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wEAAwE;IACxE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,0GAA0G;IAC1G,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,yFAAyF;IACzF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AA+MD,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,aAAa,EACvB,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GACnC,WAAW,CAEb;AA8CD,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,iBAAiB,EACjB,iBAAiB,GAClB,CAAC"}
1
+ {"version":3,"file":"ai-sdk-engine.d.ts","sourceRoot":"","sources":["../../../src/agent/engine/ai-sdk-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EACV,WAAW,EACX,kBAAkB,EAInB,MAAM,YAAY,CAAC;AAOpB,OAAO,EAAuB,KAAK,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAK7E,YAAY,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAMxD,QAAA,MAAM,qBAAqB,EAAE,MAAM,CAAC,aAAa,EAAE,kBAAkB,CAyDpE,CAAC;AAMF,QAAA,MAAM,uBAAuB,EAKxB,MAAM,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;AAEnC,QAAA,MAAM,yBAAyB,EAKf,MAAM,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,CAAC,CAAC;AAEzD,QAAA,MAAM,iBAAiB,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,EAAE,CAStD,CAAC;AAEF,QAAA,MAAM,iBAAiB,EAAE,MAAM,CAAC,aAAa,EAAE,MAAM,CASpD,CAAC;AA8BF,kDAAkD;AAClD,MAAM,WAAW,iBAAiB;IAChC,sFAAsF;IACtF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wEAAwE;IACxE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,0GAA0G;IAC1G,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,yFAAyF;IACzF,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yEAAyE;IACzE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AA+MD,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,aAAa,EACvB,MAAM,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GACnC,WAAW,CAEb;AA8CD,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,iBAAiB,EACjB,iBAAiB,GAClB,CAAC"}
package/dist/agent/engine/ai-sdk-engine.js CHANGED
@@ -120,6 +120,11 @@ const PROVIDER_FACTORIES = {
120
120
  function googleThinkingBudget(effort) {
121
121
  if (effort === "low")
122
122
  return 1024;
123
+ // "medium" is a normalized effort for Gemini models; without this case it
124
+ // fell through to the -1 ("dynamic/unlimited") fallback, so selecting
125
+ // medium effort silently uncapped the thinking budget.
126
+ if (effort === "medium")
127
+ return 4096;
123
128
  if (effort === "high")
124
129
  return 8000;
125
130
  if (effort === "xhigh")