@agent-native/core 0.7.49 → 0.7.51

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/dist/a2a/agent-card.d.ts.map +1 -1
  2. package/dist/a2a/agent-card.js +21 -16
  3. package/dist/a2a/agent-card.js.map +1 -1
  4. package/dist/a2a/auth-policy.d.ts +10 -0
  5. package/dist/a2a/auth-policy.d.ts.map +1 -0
  6. package/dist/a2a/auth-policy.js +34 -0
  7. package/dist/a2a/auth-policy.js.map +1 -0
  8. package/dist/a2a/client.d.ts +6 -2
  9. package/dist/a2a/client.d.ts.map +1 -1
  10. package/dist/a2a/client.js +9 -4
  11. package/dist/a2a/client.js.map +1 -1
  12. package/dist/a2a/handlers.d.ts.map +1 -1
  13. package/dist/a2a/handlers.js +5 -4
  14. package/dist/a2a/handlers.js.map +1 -1
  15. package/dist/a2a/index.d.ts +1 -0
  16. package/dist/a2a/index.d.ts.map +1 -1
  17. package/dist/a2a/index.js +1 -0
  18. package/dist/a2a/index.js.map +1 -1
  19. package/dist/a2a/response-text.d.ts +4 -1
  20. package/dist/a2a/response-text.d.ts.map +1 -1
  21. package/dist/a2a/response-text.js +3 -2
  22. package/dist/a2a/response-text.js.map +1 -1
  23. package/dist/a2a/server.d.ts.map +1 -1
  24. package/dist/a2a/server.js +44 -29
  25. package/dist/a2a/server.js.map +1 -1
  26. package/dist/client/resources/ResourceEditor.d.ts.map +1 -1
  27. package/dist/client/resources/ResourceEditor.js +2 -4
  28. package/dist/client/resources/ResourceEditor.js.map +1 -1
  29. package/dist/client/settings/AgentsSection.d.ts.map +1 -1
  30. package/dist/client/settings/AgentsSection.js +4 -6
  31. package/dist/client/settings/AgentsSection.js.map +1 -1
  32. package/dist/deploy/build.d.ts.map +1 -1
  33. package/dist/deploy/build.js +8 -0
  34. package/dist/deploy/build.js.map +1 -1
  35. package/dist/deploy/route-discovery.d.ts.map +1 -1
  36. package/dist/deploy/route-discovery.js +11 -2
  37. package/dist/deploy/route-discovery.js.map +1 -1
  38. package/dist/integrations/a2a-continuation-processor.d.ts.map +1 -1
  39. package/dist/integrations/a2a-continuation-processor.js +39 -13
  40. package/dist/integrations/a2a-continuation-processor.js.map +1 -1
  41. package/dist/integrations/a2a-continuations-store.d.ts +2 -1
  42. package/dist/integrations/a2a-continuations-store.d.ts.map +1 -1
  43. package/dist/integrations/a2a-continuations-store.js +33 -4
  44. package/dist/integrations/a2a-continuations-store.js.map +1 -1
  45. package/dist/integrations/webhook-handler.js +4 -3
  46. package/dist/integrations/webhook-handler.js.map +1 -1
  47. package/dist/resources/handlers.d.ts.map +1 -1
  48. package/dist/resources/handlers.js +2 -3
  49. package/dist/resources/handlers.js.map +1 -1
  50. package/dist/resources/metadata.d.ts +5 -0
  51. package/dist/resources/metadata.d.ts.map +1 -1
  52. package/dist/resources/metadata.js +17 -2
  53. package/dist/resources/metadata.js.map +1 -1
  54. package/dist/resources/store.d.ts.map +1 -1
  55. package/dist/resources/store.js +2 -1
  56. package/dist/resources/store.js.map +1 -1
  57. package/dist/scripts/call-agent.d.ts.map +1 -1
  58. package/dist/scripts/call-agent.js +9 -4
  59. package/dist/scripts/call-agent.js.map +1 -1
  60. package/dist/server/agent-discovery.d.ts.map +1 -1
  61. package/dist/server/agent-discovery.js +7 -4
  62. package/dist/server/agent-discovery.js.map +1 -1
  63. package/dist/server/auth.d.ts.map +1 -1
  64. package/dist/server/auth.js +6 -0
  65. package/dist/server/auth.js.map +1 -1
  66. package/dist/vite/index.d.ts +1 -1
  67. package/dist/vite/index.d.ts.map +1 -1
  68. package/dist/vite/index.js +1 -1
  69. package/dist/vite/index.js.map +1 -1
  70. package/package.json +1 -1
package/dist/a2a/handlers.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/a2a/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAC;AAW1D,OAAO,EACL,UAAU,EACV,OAAO,EACP,YAAY,EACZ,UAAU,EACV,yBAAyB,EACzB,uBAAuB,EACvB,yBAAyB,EACzB,0BAA0B,GAC3B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAEvE,qEAAqE;AACrE,0EAA0E;AAC1E,iEAAiE;AACjE,MAAM,qBAAqB,GAAG,kCAAkC,CAAC;AACjE,MAAM,kCAAkC,GAAG,MAAM,CAAC;AAClD,MAAM,6BAA6B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEpD;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,KAAsB;IAChD,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,OAAO;QACnB,OAAO,CAAC,GAAG,CAAC,GAAG;QACf,OAAO,CAAC,GAAG,CAAC,UAAU;QACtB,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,IAAI,OAAO;QAAE,OAAO,yBAAyB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAE/D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,IAAI,KAAK,EAAE,OAAO,CAAC;QAC5D,MAAM,GAAG,GAAG,CAAC,IAAY,EAAsB,EAAE;YAC/C,IAAI,CAAC,OAAO;gBAAE,OAAO,SAAS,CAAC;YAC/B,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;gBACtC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;YACxC,CAAC;YACD,MAAM,GAAG,GAAG,OAA6C,CAAC;YAC1D,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACtD,CAAC,CAAC;QACF,MAAM,KAAK,GAAG,GAAG,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC;QACjD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,aAAa,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;QACpE,OAAO,yBAAyB,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,yBAAyB,CAC9B,oBAAoB,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,uBAAuB,CACpC,KAAU,EACV,MAAc;IAEd,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,GAAG,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACjD,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IACF,IAAI,CAAC;QACH,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;QACvE,qEAAqE;QACrE,iBAAiB;IACnB,CAAC;IACD,qEAAqE;IACrE,wEAAwE;IACxE,uEAAuE;IACvE,0EAA0E;IAC1E,MAAM,eAAe,GAAG,KAAK,CAAC,GAAG,EAAE;QACjC,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACf,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,IAAI,CAAC;QACjB,eAAe;QACf,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;KACzD,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAiB,EACjB,KAAW;IAEX,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,0DAA0D;QAC1D,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,MAAM,EAAE;YACvB,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,qCAAqC,EAAE,CAAC;aACvE;SACF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAA4B,CAAC;IACjE,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,EAAE,CAA4B,CAAC;IAC9E,MAAM,aAAa,GAAG,aAAa,CAAC,aAAmC,CAAC;IACxE,MAAM,aAAa,GAAG,aAAa,CAAC,aAAmC,CAAC;IACxE,MAAM,SAAS,GACZ,aAAa,CAAC,SAAuC,IAAI,SAAS,CAAC;IACtE,MAAM,cAAc,GACjB,aAAa,CAAC,cAGD,IAAI,SAAS,CAAC;IAE9B,MAAM,aAAa,GAAG,MAAM,uBAAuB,CACjD,aAAa,EACb,aAAa,CACd,CAAC;IAEF,MAAM,EAAE,qBAAqB,EAAE,GAC7B,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,qBAAqB,CACzB,EAAE,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,EAClD,GAAG,EAAE,CACH,oBAAoB,CAClB,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,cAAc,EACd,KAAK,CACN,CACJ,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,MAAM,EAAE;gBACvB,KAAK,EAAE,QAAQ;gBACf,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,IAAI,iBAAiB,EAAE,CAAC;iBACnE;aACF,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,cAAc,GAAe,KAAK,EACtC,OAAgB,EAChB,OAA0B,EACC,EAAE;IAC7B,kCAAkC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK;SACvB,MAAM,CAAC,CAAC,CAAC,EAAuC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;SACrE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAClB,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,EAAE,CAAC;aAC9D;SACF,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,0EAA0E;IAC1E,wDAAwD;IACxD,4EAA4E;IAC5E,oEAAoE;IACpE,yEAAyE;IACzE,8BAA8B;IAC9B,qEAAqE;IACrE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;IAC7D,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,MAAM,aAAa,GAAG,OAAO;QAC3B,CAAC,CAAC,+DAA+D,UAAU,sNAAsN,IAAI,EAAE;QACvS,CAAC,CAAC,IAAI,CAAC;IAET,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAEnD,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,6BAA6B;YAC1C,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,YAAY,EAAE,EAAE,CAAC;SAChE,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,OAAO,EAAE;YACP,IAAI,EAAE,OAAO;YACb,KAAK,EAAE;gBACL,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACvC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM;oBACzB,CAAC,CAAC;wBACE;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,kBAAkB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;yBACrD;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;aACR;SACF;QACD,SAAS,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACxD,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,UAAU,CAAC,MAAiB;IACnC,OAAO,MAAM,CAAC,OAAO,IAAI,cAAc,CAAC;AAC1C,CAAC;AAED,SAAS,YAAY,CACnB,EAA0B,EAC1B,IAAY,EACZ,OAAe;IAEf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,aAAa,CAAC,EAAmB,EAAE,MAAe;IACzD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAc,EACd,SAAkB,EAClB,QAAkC,EAClC,KAAW;IAKX,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,MAAM,OAAO,GAAsB;QACjC,MAAM;QACN,SAAS;QACT,QAAQ;QACR,KAAK;QACL,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ;YACnC,MAAM,QAAQ,GAAa;gBACzB,IAAI;gBACJ,KAAK,EAAE,QAAQ;oBACb,CAAC,CAAC;wBACE;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE;gCACJ,IAAI;gCACJ,QAAQ;gCACR,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;6BAC/C;yBACF;qBACF;oBACH,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;aACtC,CAAC;YACF,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;IACF,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,qBAAqB,CAClC,QAA6C,EAC7C,KAAsB,EACtB,EAAoB;IAEpB,MAAM,EAAE,qBAAqB,EAAE,GAC7B,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAChB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,SAAS,CAAC;IAC1E,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,qCAAqC;IACrC,MAAM,SAAS,GACZ,KAAK,EAAE,OAAO,EAAE,cAAqC,IAAI,SAAS,CAAC;IAEtE,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IAE9E,OAAO,qBAAqB,CAC1B,EAAE,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,EAClD,EAAE,CACW,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,aAAiC,EACjC,iBAAqC;IAErC,IAAI,iBAAiB,EAAE,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACjE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;YACxD,IAAI,GAAG;gBAAE,OAAO,GAAG,CAAC,KAAK,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;QAC5D,CAAC;IACH,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACnE,OAAO,CAAC,MAAM,oBAAoB,CAAC,aAAa,CAAC,CAAC,IAAI,SAAS,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,oBAAoB,CACjC,MAAc,EACd,OAAgB,EAChB,MAAiB,EACjB,SAA6B,EAC7B,QAA6C,EAC7C,KAAW;IAEX,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAC/C,MAAM,EACN,SAAS,EACT,QAAQ,EACR,KAAK,CACN,CAAC;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAEpD,IACE,MAAM;YACN,OAAO,MAAM,KAAK,QAAQ;YAC1B,MAAM,CAAC,aAAa,IAAI,MAAM,EAC9B,CAAC;YACD,IAAI,WAAgC,CAAC;YACrC,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,MAAiC,EAAE,CAAC;gBAC1D,WAAW,GAAG,GAAG,CAAC;YACpB,CAAC;YACD,MAAM,UAAU,CAAC,MAAM,EAAE;gBACvB,KAAK,EAAE,WAAW;gBAClB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;aACxD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAO,MAAoC,CAAC;QAClE,MAAM,YAAY,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,CAAC,aAAa,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,UAAU,CAAC,MAAM,EAAE;YACvB,KAAK,EAAE,WAAW;YAClB,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,SAAS,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;SAC9D,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,UAAU,CAAC,MAAM,EAAE;YACvB,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,IAAI,gBAAgB,EAAE,CAAC;aAClE;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,MAA+B,EAC/B,MAAiB,EACjB,KAAW;IAEX,MAAM,OAAO,GAAG,MAAM,CAAC,OAAkB,CAAC;IAC1C,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,OAAO;YACL,GAAG,YAAY,CACb,CAAC,EACD,CAAC,KAAK,EACN,sDAAsD,CACvD;YACD,GAAG,EAAE,CAAC;SACP,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,SAA+B,CAAC;IACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAA+C,CAAC;IAExE,sEAAsE;IACtE,yEAAyE;IACzE,uEAAuE;IACvE,0EAA0E;IAC1E,6BAA6B;IAC7B,MAAM,iBAAiB,GACpB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,IAAI,CAAC;IAErE,sEAAsE;IACtE,0EAA0E;IAC1E,8EAA8E;IAC9E,yEAAyE;IACzE,kEAAkE;IAClE,sEAAsE;IACtE,wEAAwE;IACxE,yEAAyE;IACzE,8CAA8C;IAC9C,MAAM,SAAS,GACb,MAAM,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,CAAC,CAAC;IAE9E,IAAI,SAAS,EAAE,CAAC;QACd,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,0DAA0D;QAC1D,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QAC9C,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QACxE,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;YACzE,OAAO;gBACL,GAAG,YAAY,CACb,CAAC,EACD,CAAC,KAAK,EACN,+EAA+E,CAChF;gBACD,GAAG,EAAE,CAAC;aACP,CAAC;QACJ,CAAC;QACD,uEAAuE;QACvE,wEAAwE;QACxE,0EAA0E;QAC1E,sEAAsE;QACtE,0EAA0E;QAC1E,0EAA0E;QAC1E,oEAAoE;QACpE,MAAM,aAAa,GAChB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,SAAS,CAAC;QAC1E,2EAA2E;QAC3E,iEAAiE;QACjE,MAAM,aAAa,GAChB,KAAK,EAAE,OAAO,EAAE,cAAqC,IAAI,SAAS,CAAC;QAEtE,MAAM,YAAY,GAA4B;YAC5C,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;YACnB,eAAe,EAAE;gBACf,aAAa;gBACb,aAAa;gBACb,SAAS,EAAE,SAAS,IAAI,IAAI;gBAC5B,cAAc,EAAE,QAAQ,IAAI,IAAI;aACjC;SACF,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,UAAU,CAC3B,OAAO,EACP,SAAS,EACT,YAAY,EACZ,iBAAiB,CAClB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAEhE,uBAAuB,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACpD,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,GAAG,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,aAAa,CAAC,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO,qBAAqB,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,IAAI,GAAG,MAAM,UAAU,CAC3B,OAAO,EACP,SAAS,EACT,SAAS,EACT,iBAAiB,CAClB,CAAC;QACF,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAEhD,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEpE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAExD,IACE,MAAM;gBACN,OAAO,MAAM,KAAK,QAAQ;gBAC1B,MAAM,CAAC,aAAa,IAAI,MAAM,EAC9B,CAAC;gBACD,IAAI,WAAgC,CAAC;gBACrC,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,MAAiC,EAAE,CAAC;oBAC1D,WAAW,GAAG,GAAG,CAAC;gBACpB,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;oBACxC,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,WAAW;oBACpB,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;iBAChE,CAAC,CAAC;gBACH,OAAO,EAAE,GAAG,aAAa,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;YAClD,CAAC;YAED,MAAM,aAAa,GAAG,MAAO,MAAoC,CAAC;YAClE,MAAM,YAAY,GAAG;gBACnB,GAAG,GAAG,CAAC,SAAS;gBAChB,GAAG,CAAC,aAAa,CAAC,SAAS,IAAI,EAAE,CAAC;aACnC,CAAC;YACF,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;gBACxC,KAAK,EAAE,WAAW;gBAClB,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,SAAS,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;aAC9D,CAAC,CAAC;YACH,OAAO,EAAE,GAAG,aAAa,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;gBACxB,KAAK,EAAE,QAAQ;gBACf,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;iBACjE;aACF,CAAC,CAAC;YACH,OAAO;gBACL,GAAG,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,gBAAgB,CAAC;gBAC3D,GAAG,EAAE,CAAC;aACP,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,MAA+B,EAC/B,MAAiB,EACjB,GAAwD,EACxD,KAAW;IAEX,MAAM,OAAO,GAAG,MAAM,CAAC,OAAkB,CAAC;IAC1C,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,GAAG,CAAC,KAAK,CACP,SAAS,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC,MAAM,CACzE,CAAC;QACF,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,SAA+B,CAAC;IACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAA+C,CAAC;IACxE,MAAM,iBAAiB,GACpB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,IAAI,CAAC;IAErE,MAAM,qBAAqB,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,IAAI,GAAG,MAAM,UAAU,CAC3B,OAAO,EACP,SAAS,EACT,SAAS,EACT,iBAAiB,CAClB,CAAC;QAEF,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAEhD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAC/C,IAAI,CAAC,EAAE,EACP,SAAS,EACT,QAAQ,EACR,KAAK,CACN,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAEpD,IACE,MAAM;gBACN,OAAO,MAAM,KAAK,QAAQ;gBAC1B,MAAM,CAAC,aAAa,IAAI,MAAM,EAC9B,CAAC;gBACD,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,MAAiC,EAAE,CAAC;oBAC1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;wBAC7C,KAAK,EAAE,SAAS;wBAChB,OAAO,EAAE,GAAG;qBACb,CAAC,CAAC;oBACH,GAAG,CAAC,KAAK,CACP,SAAS,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,MAAM,CAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,aAAa,GAAG,MAAO,MAAoC,CAAC;gBAClE,MAAM,YAAY,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,CAAC,aAAa,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC;gBACxE,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;oBACxC,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,SAAS,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;iBAC9D,CAAC,CAAC;gBACH,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;gBACpE,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,MAAM,YAAY,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;gBACtC,KAAK,EAAE,WAAW;gBAClB,SAAS,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;aAC9D,CAAC,CAAC;YACH,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QACpE,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC/C,GAAG,CAAC,KAAK,CACP,SAAS,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,gBAAgB,CAAC,CAAC,MAAM,CACxF,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC;IACtC,aAAa;IACb,WAAW;IACX,WAAW;IACX,aAAa;IACb,cAAc;IACd,QAAQ;IACR,eAAe;IACf,eAAe;IACf,QAAQ;CACT,CAAC,CAAC;AAEH,SAAS,uBAAuB,CAAC,IAAS;IACxC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAErE,MAAM,IAAI,GAAG,IAAI,CAAC,QAAmC,CAAC;IACtD,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,KAAK,iBAAiB;YAAE,SAAS;QACtC,IAAI,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7C,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAS,mBAAmB,CAC1B,cAA6B,EAC7B,KAAU,EACV,MAAiB;IAEjB,MAAM,aAAa,GAChB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,IAAI,CAAC;IACrE,MAAM,YAAY,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IAC9C,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAE3D,IAAI,YAAY,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;QAChD,mEAAmE;QACnE,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,aAAa,CAAC,WAAW,EAAE,KAAK,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC;YACjE,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IACD,yEAAyE;IACzE,qDAAqD;IACrD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,MAA+B,EAC/B,KAAU,EACV,MAAiB;IAEjB,MAAM,EAAE,GAAG,MAAM,CAAC,EAAY,CAAC;IAC/B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,6BAA6B,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,EAAE,CAAC,CAAC;IAC/B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;IACnD,CAAC;IACD,MAAM,4BAA4B,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC1D,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,GAAG,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,4BAA4B,CACzC,MAAc,EACd,KAAU;IAEV,MAAM,KAAK,GAAG,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,CAAC,KAAK;QAAE,OAAO;IACnB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,eAAe;QAAE,OAAO;IAE7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IACE,CAAC,KAAK,CAAC,WAAW,KAAK,WAAW,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC;QACtE,KAAK,CAAC,SAAS,IAAI,GAAG,GAAG,kCAAkC,EAC3D,CAAC;QACD,IAAI,MAAM,0BAA0B,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,MAAM,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO;IACT,CAAC;IAED,IACE,KAAK,CAAC,WAAW,KAAK,YAAY;QAClC,KAAK,CAAC,SAAS,IAAI,GAAG,GAAG,6BAA6B,EACtD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,yBAAyB,CAC3C,MAAM,EACN,GAAG,GAAG,6BAA6B,CACpC,CAAC;QACF,IAAI,KAAK;YAAE,MAAM,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,MAA+B,EAC/B,KAAU,EACV,MAAiB;IAEjB,MAAM,EAAE,GAAG,MAAM,CAAC,EAAY,CAAC;IAC/B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,6BAA6B,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;IACzD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,aAAa,CAAC,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAS,EACT,KAAU,EACV,MAAiB;IAEjB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACpD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,YAAY,CAAC,IAAI,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,KAAK,EAAE,0BAA0B,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,MAAM,GAAI,IAAI,CAAC,MAAkC,IAAI,EAAE,CAAC;IAC9D,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;IAEnB,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;QACpB,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;YACvD,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,MAAM,CAAC;YACpC,OAAO,EAAE,GAAG,QAAQ,EAAE,EAAE,EAAqB,CAAC;QAChD,CAAC;QACD,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACtB,OAAO,YAAY,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,yBAAyB,CAAC,CAAC;YAC7D,CAAC;YACD,8CAA8C;YAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC;YAC5B,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,OAAO,YAAY,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,yBAAyB,CAAC,CAAC;YAC7D,CAAC;YACD,iBAAiB,CAAC,KAAK,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAC;YAC9D,iBAAiB,CAAC,KAAK,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC;YACtD,iBAAiB,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;YACrD,MAAM,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YAC/C,OAAO,SAAgB,CAAC,CAAC,gCAAgC;QAC3D,CAAC;QACD,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACtD,OAAO,EAAE,GAAG,MAAM,EAAE,EAAE,EAAqB,CAAC;QAC9C,CAAC;QACD,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACzD,OAAO,EAAE,GAAG,MAAM,EAAE,EAAE,EAAqB,CAAC;QAC9C,CAAC;QACD;YACE,OAAO,YAAY,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,qBAAqB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;AACH,CAAC","sourcesContent":["import { setResponseHeader, setResponseStatus } from \"h3\";\nimport type {\n A2AConfig,\n A2AHandler,\n A2AHandlerContext,\n A2AHandlerResult,\n JsonRpcRequest,\n JsonRpcResponse,\n Message,\n Artifact,\n} from \"./types.js\";\nimport {\n createTask,\n getTask,\n getTaskOwner,\n updateTask,\n claimA2ATaskForProcessing,\n getA2ATaskDispatchState,\n resetStuckA2ATaskForRetry,\n touchQueuedA2ATaskDispatch,\n} from \"./task-store.js\";\nimport { agentChat } from \"../shared/agent-chat.js\";\nimport { signInternalToken } from \"../integrations/internal-token.js\";\nimport { withConfiguredAppBasePath } from \"../server/app-base-path.js\";\n\n// Inlined to avoid pulling the entire core-routes-plugin (and its h3\n// transitive deps) into the a2a/handlers test boundary. Must stay in sync\n// with FRAMEWORK_ROUTE_PREFIX in `server/core-routes-plugin.ts`.\nconst A2A_PROCESS_TASK_PATH = \"/_agent-native/a2a/_process-task\";\nconst A2A_QUEUED_DISPATCH_STUCK_AFTER_MS = 10_000;\nconst A2A_PROCESSING_STUCK_AFTER_MS = 5 * 60 * 1000;\n\n/**\n * Resolve the base URL we should fire the A2A processor request to. Mirrors\n * the integration-webhook resolveBaseUrl pattern — prefer explicit env vars\n * (most reliable on serverless), fall back to inbound request headers.\n */\nfunction resolveSelfBaseUrl(event: any | undefined): string {\n const fromEnv =\n process.env.APP_URL ||\n process.env.URL ||\n process.env.DEPLOY_URL ||\n process.env.BETTER_AUTH_URL;\n if (fromEnv) return withConfiguredAppBasePath(String(fromEnv));\n\n try {\n const headers = event?.node?.req?.headers ?? event?.headers;\n const get = (name: string): string | undefined => {\n if (!headers) return undefined;\n if (typeof headers.get === \"function\") {\n return headers.get(name) ?? undefined;\n }\n const map = headers as Record<string, string | undefined>;\n return map[name] ?? map[String(name).toLowerCase()];\n };\n const proto = get(\"x-forwarded-proto\") || \"http\";\n const host = get(\"host\") || `localhost:${process.env.PORT || 3000}`;\n return withConfiguredAppBasePath(`${proto}://${host}`);\n } catch {\n return withConfiguredAppBasePath(\n `http://localhost:${process.env.PORT || 3000}`,\n );\n }\n}\n\n/**\n * Fire-and-forget POST to the A2A processor route on the same deployment.\n * Used when an A2A send is requested in async mode — the processor runs the\n * handler in a fresh function execution so it gets its own full timeout.\n */\nasync function fireProcessTaskDispatch(\n event: any,\n taskId: string,\n): Promise<void> {\n const baseUrl = resolveSelfBaseUrl(event);\n const url = `${baseUrl}${A2A_PROCESS_TASK_PATH}`;\n const headers: Record<string, string> = {\n \"Content-Type\": \"application/json\",\n };\n try {\n headers[\"Authorization\"] = `Bearer ${signInternalToken(taskId)}`;\n } catch {\n // No A2A_SECRET configured — self-fire unsigned. The processor accepts\n // unsigned dispatches when no secret is set (mirrors the integration\n // webhook flow).\n }\n // Race the fetch against a short timer. On Netlify Lambda, returning\n // immediately can freeze the function before the outbound TCP handshake\n // starts, leaving the request stuck. This gives it ~250ms to leave the\n // box at the cost of slightly higher response latency on async A2A sends.\n const dispatchPromise = fetch(url, {\n method: \"POST\",\n headers,\n body: JSON.stringify({ taskId }),\n }).catch((err) => {\n console.error(\"[a2a] Process-task dispatch fetch failed:\", err);\n });\n await Promise.race([\n dispatchPromise,\n new Promise<void>((resolve) => setTimeout(resolve, 250)),\n ]);\n}\n\n/**\n * Process a previously-enqueued A2A task. Called by the `_process-task`\n * route in `server.ts`, in a fresh function execution. Atomically claims the\n * task, reconstructs the caller's request context from the task's metadata,\n * runs the handler, and persists the outcome.\n *\n * Idempotent on duplicate dispatches: the atomic claim returns null if some\n * other invocation already picked the task up, in which case we no-op.\n */\nexport async function processA2ATaskFromQueue(\n taskId: string,\n config: A2AConfig,\n event?: any,\n): Promise<void> {\n const claimed = await claimA2ATaskForProcessing(taskId);\n if (!claimed) {\n // Already in flight, terminal, or missing. Nothing to do.\n return;\n }\n\n const message = claimed.history?.[0];\n if (!message) {\n await updateTask(taskId, {\n state: \"failed\",\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: \"Task is missing its inbound message\" }],\n },\n });\n return;\n }\n\n const meta = (claimed.metadata ?? {}) as Record<string, unknown>;\n const processorMeta = (meta.__a2a_processor ?? {}) as Record<string, unknown>;\n const verifiedEmail = processorMeta.verifiedEmail as string | undefined;\n const orgDomainHint = processorMeta.orgDomainHint as string | undefined;\n const contextId =\n (processorMeta.contextId as string | null | undefined) ?? undefined;\n const callerMetadata =\n (processorMeta.callerMetadata as\n | Record<string, unknown>\n | null\n | undefined) ?? undefined;\n\n const resolvedOrgId = await resolveVerifiedA2AOrgId(\n verifiedEmail,\n orgDomainHint,\n );\n\n const { runWithRequestContext } =\n await import(\"../server/request-context.js\");\n try {\n await runWithRequestContext(\n { userEmail: verifiedEmail, orgId: resolvedOrgId },\n () =>\n runHandlerAndPersist(\n taskId,\n message,\n config,\n contextId,\n callerMetadata,\n event,\n ),\n );\n } catch (err: any) {\n try {\n await updateTask(taskId, {\n state: \"failed\",\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: err?.message ?? \"Handler crashed\" }],\n },\n });\n } catch {}\n }\n}\n\n/**\n * Default A2A handler that delegates to agentChat.call().\n * Used when no custom handler is provided in A2AConfig.\n */\nconst defaultHandler: A2AHandler = async (\n message: Message,\n context: A2AHandlerContext,\n): Promise<A2AHandlerResult> => {\n // Extract text from message parts\n const text = message.parts\n .filter((p): p is { type: \"text\"; text: string } => p.type === \"text\")\n .map((p) => p.text)\n .join(\"\\n\");\n\n if (!text) {\n return {\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: \"No text content in message\" }],\n },\n };\n }\n\n // A2A note: this message arrived from a different app — the caller cannot\n // see this app's local state (open deck, selected slide, etc.). They only\n // see whatever this agent puts into the reply text. So:\n // 1) include any concrete result (deck/document/dashboard URL, ID, value)\n // explicitly in the reply — the caller can't navigate locally.\n // 2) URLs must be fully-qualified — relative paths resolve against the\n // caller's host and 404.\n // We prepend a one-line hint to the user message so the agent knows.\n const baseUrl = process.env.APP_URL || process.env.URL || \"\";\n const appBaseUrl = baseUrl ? withConfiguredAppBasePath(baseUrl) : \"\";\n const augmentedText = baseUrl\n ? `[Cross-app A2A request — the caller is on a different host (${appBaseUrl} is yours, theirs is different). Include the concrete result (URL, ID, value) explicitly in your reply text; the caller can't see your local UI state. Any URL MUST be fully-qualified, never a relative path.]\\n\\n${text}`\n : text;\n\n const result = await agentChat.call(augmentedText);\n\n const artifacts: Artifact[] = [];\n if (result.filesChanged.length > 0) {\n artifacts.push({\n name: \"files-changed\",\n description: \"Files modified by the agent\",\n parts: [{ type: \"data\", data: { files: result.filesChanged } }],\n });\n }\n\n return {\n message: {\n role: \"agent\",\n parts: [\n { type: \"text\", text: result.response },\n ...(result.warnings?.length\n ? [\n {\n type: \"text\" as const,\n text: `\\n\\nWarnings:\\n${result.warnings.join(\"\\n\")}`,\n },\n ]\n : []),\n ],\n },\n artifacts: artifacts.length > 0 ? artifacts : undefined,\n };\n};\n\nfunction getHandler(config: A2AConfig): A2AHandler {\n return config.handler ?? defaultHandler;\n}\n\nfunction jsonRpcError(\n id: string | number | null,\n code: number,\n message: string,\n): JsonRpcResponse {\n return { jsonrpc: \"2.0\", id, error: { code, message } };\n}\n\nfunction jsonRpcResult(id: string | number, result: unknown): JsonRpcResponse {\n return { jsonrpc: \"2.0\", id, result };\n}\n\nfunction makeHandlerContext(\n taskId: string,\n contextId?: string,\n metadata?: Record<string, unknown>,\n event?: any,\n): {\n context: A2AHandlerContext;\n artifacts: Artifact[];\n} {\n const artifacts: Artifact[] = [];\n const context: A2AHandlerContext = {\n taskId,\n contextId,\n metadata,\n event,\n writeArtifact(name, content, mimeType) {\n const artifact: Artifact = {\n name,\n parts: mimeType\n ? [\n {\n type: \"file\",\n file: {\n name,\n mimeType,\n bytes: Buffer.from(content).toString(\"base64\"),\n },\n },\n ]\n : [{ type: \"text\", text: content }],\n };\n artifacts.push(artifact);\n return name;\n },\n };\n return { context, artifacts };\n}\n\n/**\n * Resolve org context from A2A metadata / event context and wrap `fn`\n * inside `runWithRequestContext` so downstream actions see the org.\n */\nasync function withA2ARequestContext<T>(\n metadata: Record<string, unknown> | undefined,\n event: any | undefined,\n fn: () => Promise<T>,\n): Promise<T> {\n const { runWithRequestContext } =\n await import(\"../server/request-context.js\");\n\n const verifiedEmail =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? undefined;\n // Only trust the org domain from the cryptographically verified JWT claim on\n // the event context. metadata.orgDomain is caller-supplied and must not be\n // used for org resolution — an unauthenticated caller could forge it and\n // gain access to another org's data.\n const orgDomain =\n (event?.context?.__a2aOrgDomain as string | undefined) ?? undefined;\n\n const resolvedOrgId = await resolveVerifiedA2AOrgId(verifiedEmail, orgDomain);\n\n return runWithRequestContext(\n { userEmail: verifiedEmail, orgId: resolvedOrgId },\n fn,\n ) as Promise<T>;\n}\n\nasync function resolveVerifiedA2AOrgId(\n verifiedEmail: string | undefined,\n verifiedOrgDomain: string | undefined,\n): Promise<string | undefined> {\n if (verifiedOrgDomain) {\n try {\n const { resolveOrgByDomain } = await import(\"../org/context.js\");\n const org = await resolveOrgByDomain(verifiedOrgDomain);\n if (org) return org.orgId;\n } catch {\n // Org tables may not exist — continue without org context\n }\n }\n\n if (verifiedEmail) {\n try {\n const { resolveOrgIdForEmail } = await import(\"../org/context.js\");\n return (await resolveOrgIdForEmail(verifiedEmail)) ?? undefined;\n } catch {\n // Org tables may not exist — continue without org context\n }\n }\n\n return undefined;\n}\n\n/**\n * Run the handler against the message and persist the outcome to the task store.\n * Used in sync mode (awaited inline) and in async mode (called by the\n * `_process-task` processor route in a fresh function execution).\n */\nasync function runHandlerAndPersist(\n taskId: string,\n message: Message,\n config: A2AConfig,\n contextId: string | undefined,\n metadata: Record<string, unknown> | undefined,\n event?: any,\n): Promise<void> {\n const { context, artifacts } = makeHandlerContext(\n taskId,\n contextId,\n metadata,\n event,\n );\n try {\n const result = getHandler(config)(message, context);\n\n if (\n result &&\n typeof result === \"object\" &&\n Symbol.asyncIterator in result\n ) {\n let lastMessage: Message | undefined;\n for await (const msg of result as AsyncGenerator<Message>) {\n lastMessage = msg;\n }\n await updateTask(taskId, {\n state: \"completed\",\n message: lastMessage,\n artifacts: artifacts.length > 0 ? artifacts : undefined,\n });\n return;\n }\n\n const handlerResult = await (result as Promise<A2AHandlerResult>);\n const allArtifacts = [...artifacts, ...(handlerResult.artifacts ?? [])];\n await updateTask(taskId, {\n state: \"completed\",\n message: handlerResult.message,\n artifacts: allArtifacts.length > 0 ? allArtifacts : undefined,\n });\n } catch (err: any) {\n await updateTask(taskId, {\n state: \"failed\",\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: err?.message ?? \"Handler failed\" }],\n },\n });\n }\n}\n\nasync function handleSend(\n params: Record<string, unknown>,\n config: A2AConfig,\n event?: any,\n): Promise<JsonRpcResponse & { _id: string | number }> {\n const message = params.message as Message;\n if (!message || !message.role || !Array.isArray(message.parts)) {\n return {\n ...jsonRpcError(\n 0,\n -32602,\n \"Invalid params: message with role and parts required\",\n ),\n _id: 0,\n };\n }\n\n const contextId = params.contextId as string | undefined;\n const metadata = params.metadata as Record<string, unknown> | undefined;\n\n // The JWT-verified caller email (set by mountA2A in server.ts) is the\n // single source of truth for task ownership — bound at creation, checked\n // on every subsequent tasks/get and tasks/cancel call. Caller-supplied\n // metadata.userEmail is NEVER used for ownership; that would re-introduce\n // the IDOR class fixed here.\n const ownerEmailForTask =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? null;\n\n // Async mode: return the task immediately in `working` state, run the\n // handler in the background, and let the caller poll `tasks/get`. This is\n // the workaround for synchronous serverless request timeouts when the handler\n // runs LLM + tool loops that can exceed a single HTTP invocation budget.\n // SECURITY: only honor the explicit top-level `params.async`. The\n // metadata.async fallback was caller-controlled and could force async\n // dispatch (which has weaker auth than the sync path) on otherwise sync\n // requests. Async is also refused entirely when no auth is configured in\n // production — see the additional gate below.\n const asyncMode =\n params.async === true || (event && event.context?.__a2aForceAsync === true);\n\n if (asyncMode) {\n // Refuse async mode entirely when no auth is configured in production.\n // The async dispatch path self-fires the `_process-task` route, which\n // accepts unsigned dispatches when A2A_SECRET is unset — that combined\n // with the lack of caller identity here would let any unauthenticated\n // attacker queue and trigger handler runs. In production, require some\n // form of auth so the verifiedEmail is bound to the task.\n const hasA2ASecret = !!process.env.A2A_SECRET;\n const hasApiKey = !!(config.apiKeyEnv && process.env[config.apiKeyEnv]);\n if (process.env.NODE_ENV === \"production\" && !hasA2ASecret && !hasApiKey) {\n return {\n ...jsonRpcError(\n 0,\n -32001,\n \"A2A async mode is not available — A2A_SECRET or apiKeyEnv must be configured.\",\n ),\n _id: 0,\n };\n }\n // Resolve identity up front (cheap), bake it into the task's metadata,\n // and dispatch the actual handler run to a SEPARATE function execution.\n // On serverless hosts (Netlify, Vercel, Cloudflare) detached promises get\n // killed when the response is flushed, so we self-fire a webhook to a\n // dedicated processor route — same cross-platform pattern the integration\n // webhook queue uses. The processor reconstructs the request context from\n // the task metadata and runs the handler with its own full timeout.\n const verifiedEmail =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? undefined;\n // Only trust the verified org domain from the JWT claim — do not fall back\n // to metadata.orgDomain which is caller-supplied and unverified.\n const orgDomainHint =\n (event?.context?.__a2aOrgDomain as string | undefined) ?? undefined;\n\n const taskMetadata: Record<string, unknown> = {\n ...(metadata ?? {}),\n __a2a_processor: {\n verifiedEmail,\n orgDomainHint,\n contextId: contextId ?? null,\n callerMetadata: metadata ?? null,\n },\n };\n const task = await createTask(\n message,\n contextId,\n taskMetadata,\n ownerEmailForTask,\n );\n const working = await updateTask(task.id, { state: \"working\" });\n\n fireProcessTaskDispatch(event, task.id).catch((err) => {\n console.error(\"[a2a] Failed to dispatch process-task:\", err);\n });\n\n return { ...jsonRpcResult(0, working ?? task), _id: 0 };\n }\n\n return withA2ARequestContext(metadata, event, async () => {\n const task = await createTask(\n message,\n contextId,\n undefined,\n ownerEmailForTask,\n );\n await updateTask(task.id, { state: \"working\" });\n\n const ctx = makeHandlerContext(task.id, contextId, metadata, event);\n\n try {\n const result = getHandler(config)(message, ctx.context);\n\n if (\n result &&\n typeof result === \"object\" &&\n Symbol.asyncIterator in result\n ) {\n let lastMessage: Message | undefined;\n for await (const msg of result as AsyncGenerator<Message>) {\n lastMessage = msg;\n }\n const updated = await updateTask(task.id, {\n state: \"completed\",\n message: lastMessage,\n artifacts: ctx.artifacts.length > 0 ? ctx.artifacts : undefined,\n });\n return { ...jsonRpcResult(0, updated), _id: 0 };\n }\n\n const handlerResult = await (result as Promise<A2AHandlerResult>);\n const allArtifacts = [\n ...ctx.artifacts,\n ...(handlerResult.artifacts ?? []),\n ];\n const updated = await updateTask(task.id, {\n state: \"completed\",\n message: handlerResult.message,\n artifacts: allArtifacts.length > 0 ? allArtifacts : undefined,\n });\n return { ...jsonRpcResult(0, updated), _id: 0 };\n } catch (err: any) {\n await updateTask(task.id, {\n state: \"failed\",\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: err.message ?? \"Handler failed\" }],\n },\n });\n return {\n ...jsonRpcError(0, -32000, err.message ?? \"Handler failed\"),\n _id: 0,\n };\n }\n });\n}\n\nasync function handleStream(\n params: Record<string, unknown>,\n config: A2AConfig,\n res: { write: (chunk: string) => void; end: () => void },\n event?: any,\n): Promise<void> {\n const message = params.message as Message;\n if (!message || !message.role || !Array.isArray(message.parts)) {\n res.write(\n `data: ${JSON.stringify(jsonRpcError(0, -32602, \"Invalid params\"))}\\n\\n`,\n );\n res.end();\n return;\n }\n\n const contextId = params.contextId as string | undefined;\n const metadata = params.metadata as Record<string, unknown> | undefined;\n const ownerEmailForTask =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? null;\n\n await withA2ARequestContext(metadata, event, async () => {\n const task = await createTask(\n message,\n contextId,\n undefined,\n ownerEmailForTask,\n );\n\n await updateTask(task.id, { state: \"working\" });\n\n const { context, artifacts } = makeHandlerContext(\n task.id,\n contextId,\n metadata,\n event,\n );\n\n try {\n const result = getHandler(config)(message, context);\n\n if (\n result &&\n typeof result === \"object\" &&\n Symbol.asyncIterator in result\n ) {\n for await (const msg of result as AsyncGenerator<Message>) {\n const intermediate = await updateTask(task.id, {\n state: \"working\",\n message: msg,\n });\n res.write(\n `data: ${JSON.stringify(jsonRpcResult(0, intermediate))}\\n\\n`,\n );\n }\n } else {\n const handlerResult = await (result as Promise<A2AHandlerResult>);\n const allArtifacts = [...artifacts, ...(handlerResult.artifacts ?? [])];\n const updated = await updateTask(task.id, {\n state: \"completed\",\n message: handlerResult.message,\n artifacts: allArtifacts.length > 0 ? allArtifacts : undefined,\n });\n res.write(`data: ${JSON.stringify(jsonRpcResult(0, updated))}\\n\\n`);\n res.end();\n return;\n }\n\n const allArtifacts = [...artifacts];\n const final = await updateTask(task.id, {\n state: \"completed\",\n artifacts: allArtifacts.length > 0 ? allArtifacts : undefined,\n });\n res.write(`data: ${JSON.stringify(jsonRpcResult(0, final))}\\n\\n`);\n } catch (err: any) {\n await updateTask(task.id, { state: \"failed\" });\n res.write(\n `data: ${JSON.stringify(jsonRpcError(0, -32000, err.message ?? \"Handler failed\"))}\\n\\n`,\n );\n }\n\n res.end();\n });\n}\n\n/**\n * Caller-supplied metadata keys that may contain sensitive bearer / OAuth\n * material. Always stripped from `tasks/get` responses so a leaked task id\n * never discloses an OAuth token even when the original sender carelessly\n * stuffed one into `metadata` (see `production-agent.ts:1144-1156` for the\n * historical googleToken propagation pattern).\n */\nconst SENSITIVE_METADATA_KEYS = new Set([\n \"googleToken\",\n \"userEmail\",\n \"orgDomain\",\n \"accessToken\",\n \"refreshToken\",\n \"apiKey\",\n \"Authorization\",\n \"authorization\",\n \"bearer\",\n]);\n\nfunction sanitizeTaskForResponse(task: any): any {\n if (!task || typeof task !== \"object\") return task;\n if (!task.metadata || typeof task.metadata !== \"object\") return task;\n\n const meta = task.metadata as Record<string, unknown>;\n const publicMeta: Record<string, unknown> = {};\n for (const [k, v] of Object.entries(meta)) {\n if (k === \"__a2a_processor\") continue;\n if (SENSITIVE_METADATA_KEYS.has(k)) continue;\n publicMeta[k] = v;\n }\n return { ...task, metadata: publicMeta };\n}\n\n/**\n * Reject access when the task has a recorded owner that doesn't match the\n * verified caller. Returns a 404-shaped JSON-RPC error to avoid disclosing\n * task existence to the wrong caller (enumeration via UUID lookup).\n *\n * - When the task has no recorded owner (legacy row from before the\n * owner_email migration) we allow access if some verifiable bearer token\n * was presented; otherwise we still reject so an unsigned caller can never\n * read or cancel arbitrary task ids.\n * - When neither A2A_SECRET nor apiKeyEnv is configured AND we're in\n * production, we refuse `tasks/get` and `tasks/cancel` outright — there's\n * no way to authenticate the caller, so the only safe response is \"not\n * found\".\n */\nfunction authorizeTaskAccess(\n taskOwnerEmail: string | null,\n event: any,\n config: A2AConfig,\n): JsonRpcResponse | null {\n const verifiedEmail =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? null;\n const hasA2ASecret = !!process.env.A2A_SECRET;\n const hasApiKey = !!(config.apiKeyEnv && process.env[config.apiKeyEnv]);\n const inProduction = process.env.NODE_ENV === \"production\";\n\n if (inProduction && !hasA2ASecret && !hasApiKey) {\n // No way to authenticate the caller in production — refuse access.\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n\n if (taskOwnerEmail) {\n if (!verifiedEmail) {\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n if (verifiedEmail.toLowerCase() !== taskOwnerEmail.toLowerCase()) {\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n }\n // Legacy row (no owner_email recorded). The route-level auth gate is the\n // only thing protecting it — fall through and serve.\n return null;\n}\n\nasync function handleGet(\n params: Record<string, unknown>,\n event: any,\n config: A2AConfig,\n): Promise<JsonRpcResponse> {\n const id = params.id as string;\n if (!id) {\n return jsonRpcError(0, -32602, \"Invalid params: id required\");\n }\n const ownerEmail = await getTaskOwner(id);\n const denied = authorizeTaskAccess(ownerEmail, event, config);\n if (denied) return denied;\n\n const task = await getTask(id);\n if (!task) {\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n await refireStuckAsyncTaskIfNeeded(id, event).catch((err) => {\n console.error(\"[a2a] Failed to refire stuck async task:\", err);\n });\n return jsonRpcResult(0, sanitizeTaskForResponse(task));\n}\n\nasync function refireStuckAsyncTaskIfNeeded(\n taskId: string,\n event: any,\n): Promise<void> {\n const state = await getA2ATaskDispatchState(taskId);\n if (!state) return;\n if (!state.metadata?.__a2a_processor) return;\n\n const now = Date.now();\n if (\n (state.statusState === \"submitted\" || state.statusState === \"working\") &&\n state.updatedAt <= now - A2A_QUEUED_DISPATCH_STUCK_AFTER_MS\n ) {\n if (await touchQueuedA2ATaskDispatch(taskId)) {\n await fireProcessTaskDispatch(event, taskId);\n }\n return;\n }\n\n if (\n state.statusState === \"processing\" &&\n state.updatedAt <= now - A2A_PROCESSING_STUCK_AFTER_MS\n ) {\n const reset = await resetStuckA2ATaskForRetry(\n taskId,\n now - A2A_PROCESSING_STUCK_AFTER_MS,\n );\n if (reset) await fireProcessTaskDispatch(event, taskId);\n }\n}\n\nasync function handleCancel(\n params: Record<string, unknown>,\n event: any,\n config: A2AConfig,\n): Promise<JsonRpcResponse> {\n const id = params.id as string;\n if (!id) {\n return jsonRpcError(0, -32602, \"Invalid params: id required\");\n }\n const ownerEmail = await getTaskOwner(id);\n const denied = authorizeTaskAccess(ownerEmail, event, config);\n if (denied) return denied;\n\n const task = await updateTask(id, { state: \"canceled\" });\n if (!task) {\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n return jsonRpcResult(0, sanitizeTaskForResponse(task));\n}\n\n/**\n * H3-compatible JSON-RPC handler. Returns JSON directly (H3 serializes it).\n * Streaming is handled via H3's node response when needed.\n */\nexport async function handleJsonRpcH3(\n body: any,\n event: any,\n config: A2AConfig,\n): Promise<JsonRpcResponse> {\n if (!body || body.jsonrpc !== \"2.0\" || !body.method) {\n setResponseStatus(event, 400);\n return jsonRpcError(body?.id ?? null, -32600, \"Invalid JSON-RPC request\");\n }\n\n const params = (body.params as Record<string, unknown>) ?? {};\n const id = body.id;\n\n switch (body.method) {\n case \"message/send\": {\n const result = await handleSend(params, config, event);\n const { _id, ...response } = result;\n return { ...response, id } as JsonRpcResponse;\n }\n case \"message/stream\": {\n if (!config.streaming) {\n return jsonRpcError(id, -32601, \"Streaming not supported\");\n }\n // Use the raw node response for SSE streaming\n const res = event.node?.res;\n if (!res) {\n return jsonRpcError(id, -32000, \"Streaming not available\");\n }\n setResponseHeader(event, \"Content-Type\", \"text/event-stream\");\n setResponseHeader(event, \"Cache-Control\", \"no-cache\");\n setResponseHeader(event, \"Connection\", \"keep-alive\");\n await handleStream(params, config, res, event);\n return undefined as any; // Response already sent via SSE\n }\n case \"tasks/get\": {\n const result = await handleGet(params, event, config);\n return { ...result, id } as JsonRpcResponse;\n }\n case \"tasks/cancel\": {\n const result = await handleCancel(params, event, config);\n return { ...result, id } as JsonRpcResponse;\n }\n default:\n return jsonRpcError(id, -32601, `Method not found: ${body.method}`);\n }\n}\n"]}
1
+ {"version":3,"file":"handlers.js","sourceRoot":"","sources":["../../src/a2a/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,IAAI,CAAC;AAW1D,OAAO,EACL,UAAU,EACV,OAAO,EACP,YAAY,EACZ,UAAU,EACV,yBAAyB,EACzB,uBAAuB,EACvB,yBAAyB,EACzB,0BAA0B,GAC3B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AACtE,OAAO,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EACL,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAE1B,qEAAqE;AACrE,0EAA0E;AAC1E,iEAAiE;AACjE,MAAM,qBAAqB,GAAG,kCAAkC,CAAC;AACjE,MAAM,kCAAkC,GAAG,MAAM,CAAC;AAClD,MAAM,6BAA6B,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEpD;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,KAAsB;IAChD,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,OAAO;QACnB,OAAO,CAAC,GAAG,CAAC,GAAG;QACf,OAAO,CAAC,GAAG,CAAC,UAAU;QACtB,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC9B,IAAI,OAAO;QAAE,OAAO,yBAAyB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAE/D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,IAAI,KAAK,EAAE,OAAO,CAAC;QAC5D,MAAM,GAAG,GAAG,CAAC,IAAY,EAAsB,EAAE;YAC/C,IAAI,CAAC,OAAO;gBAAE,OAAO,SAAS,CAAC;YAC/B,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;gBACtC,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,SAAS,CAAC;YACxC,CAAC;YACD,MAAM,GAAG,GAAG,OAA6C,CAAC;YAC1D,OAAO,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;QACtD,CAAC,CAAC;QACF,MAAM,KAAK,GAAG,GAAG,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC;QACjD,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,aAAa,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;QACpE,OAAO,yBAAyB,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,yBAAyB,CAC9B,oBAAoB,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAC/C,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,uBAAuB,CACpC,KAAU,EACV,MAAc;IAEd,MAAM,OAAO,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,GAAG,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACjD,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,kBAAkB;KACnC,CAAC;IACF,IAAI,CAAC;QACH,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC;IACnE,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;QACvE,qEAAqE;QACrE,iBAAiB;IACnB,CAAC;IACD,qEAAqE;IACrE,wEAAwE;IACxE,uEAAuE;IACvE,0EAA0E;IAC1E,MAAM,eAAe,GAAG,KAAK,CAAC,GAAG,EAAE;QACjC,MAAM,EAAE,MAAM;QACd,OAAO;QACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACf,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,GAAG,CAAC,CAAC;IAClE,CAAC,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,IAAI,CAAC;QACjB,eAAe;QACf,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;KACzD,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,MAAc,EACd,MAAiB,EACjB,KAAW;IAEX,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,0DAA0D;QAC1D,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC;IACrC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,UAAU,CAAC,MAAM,EAAE;YACvB,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,qCAAqC,EAAE,CAAC;aACvE;SACF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAA4B,CAAC;IACjE,MAAM,aAAa,GAAG,CAAC,IAAI,CAAC,eAAe,IAAI,EAAE,CAA4B,CAAC;IAC9E,MAAM,aAAa,GAAG,aAAa,CAAC,aAAmC,CAAC;IACxE,MAAM,aAAa,GAAG,aAAa,CAAC,aAAmC,CAAC;IACxE,MAAM,SAAS,GACZ,aAAa,CAAC,SAAuC,IAAI,SAAS,CAAC;IACtE,MAAM,cAAc,GACjB,aAAa,CAAC,cAGD,IAAI,SAAS,CAAC;IAE9B,MAAM,aAAa,GAAG,MAAM,uBAAuB,CACjD,aAAa,EACb,aAAa,CACd,CAAC;IAEF,MAAM,EAAE,qBAAqB,EAAE,GAC7B,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IAC/C,IAAI,CAAC;QACH,MAAM,qBAAqB,CACzB,EAAE,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,EAClD,GAAG,EAAE,CACH,oBAAoB,CAClB,MAAM,EACN,OAAO,EACP,MAAM,EACN,SAAS,EACT,cAAc,EACd,KAAK,CACN,CACJ,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,MAAM,EAAE;gBACvB,KAAK,EAAE,QAAQ;gBACf,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,IAAI,iBAAiB,EAAE,CAAC;iBACnE;aACF,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,cAAc,GAAe,KAAK,EACtC,OAAgB,EAChB,OAA0B,EACC,EAAE;IAC7B,kCAAkC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK;SACvB,MAAM,CAAC,CAAC,CAAC,EAAuC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC;SACrE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAClB,IAAI,CAAC,IAAI,CAAC,CAAC;IAEd,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,4BAA4B,EAAE,CAAC;aAC9D;SACF,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,0EAA0E;IAC1E,wDAAwD;IACxD,4EAA4E;IAC5E,oEAAoE;IACpE,yEAAyE;IACzE,8BAA8B;IAC9B,qEAAqE;IACrE,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;IAC7D,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,yBAAyB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACrE,MAAM,aAAa,GAAG,OAAO;QAC3B,CAAC,CAAC,+DAA+D,UAAU,sNAAsN,IAAI,EAAE;QACvS,CAAC,CAAC,IAAI,CAAC;IAET,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAEnD,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,IAAI,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,eAAe;YACrB,WAAW,EAAE,6BAA6B;YAC1C,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,YAAY,EAAE,EAAE,CAAC;SAChE,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,OAAO,EAAE;YACP,IAAI,EAAE,OAAO;YACb,KAAK,EAAE;gBACL,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;gBACvC,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM;oBACzB,CAAC,CAAC;wBACE;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,kBAAkB,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;yBACrD;qBACF;oBACH,CAAC,CAAC,EAAE,CAAC;aACR;SACF;QACD,SAAS,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;KACxD,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,UAAU,CAAC,MAAiB;IACnC,OAAO,MAAM,CAAC,OAAO,IAAI,cAAc,CAAC;AAC1C,CAAC;AAED,SAAS,YAAY,CACnB,EAA0B,EAC1B,IAAY,EACZ,OAAe;IAEf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC;AAC1D,CAAC;AAED,SAAS,aAAa,CAAC,EAAmB,EAAE,MAAe;IACzD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC;AACxC,CAAC;AAED,SAAS,kBAAkB,CACzB,MAAc,EACd,SAAkB,EAClB,QAAkC,EAClC,KAAW;IAKX,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,MAAM,OAAO,GAAsB;QACjC,MAAM;QACN,SAAS;QACT,QAAQ;QACR,KAAK;QACL,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ;YACnC,MAAM,QAAQ,GAAa;gBACzB,IAAI;gBACJ,KAAK,EAAE,QAAQ;oBACb,CAAC,CAAC;wBACE;4BACE,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE;gCACJ,IAAI;gCACJ,QAAQ;gCACR,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC;6BAC/C;yBACF;qBACF;oBACH,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;aACtC,CAAC;YACF,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;IACF,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,qBAAqB,CAClC,QAA6C,EAC7C,KAAsB,EACtB,EAAoB;IAEpB,MAAM,EAAE,qBAAqB,EAAE,GAC7B,MAAM,MAAM,CAAC,8BAA8B,CAAC,CAAC;IAE/C,MAAM,aAAa,GAChB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,SAAS,CAAC;IAC1E,6EAA6E;IAC7E,2EAA2E;IAC3E,yEAAyE;IACzE,qCAAqC;IACrC,MAAM,SAAS,GACZ,KAAK,EAAE,OAAO,EAAE,cAAqC,IAAI,SAAS,CAAC;IAEtE,MAAM,aAAa,GAAG,MAAM,uBAAuB,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IAE9E,OAAO,qBAAqB,CAC1B,EAAE,SAAS,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,EAClD,EAAE,CACW,CAAC;AAClB,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,aAAiC,EACjC,iBAAqC;IAErC,IAAI,iBAAiB,EAAE,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACjE,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,iBAAiB,CAAC,CAAC;YACxD,IAAI,GAAG;gBAAE,OAAO,GAAG,CAAC,KAAK,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;QAC5D,CAAC;IACH,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC;YACH,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;YACnE,OAAO,CAAC,MAAM,oBAAoB,CAAC,aAAa,CAAC,CAAC,IAAI,SAAS,CAAC;QAClE,CAAC;QAAC,MAAM,CAAC;YACP,0DAA0D;QAC5D,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,oBAAoB,CACjC,MAAc,EACd,OAAgB,EAChB,MAAiB,EACjB,SAA6B,EAC7B,QAA6C,EAC7C,KAAW;IAEX,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAC/C,MAAM,EACN,SAAS,EACT,QAAQ,EACR,KAAK,CACN,CAAC;IACF,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAEpD,IACE,MAAM;YACN,OAAO,MAAM,KAAK,QAAQ;YAC1B,MAAM,CAAC,aAAa,IAAI,MAAM,EAC9B,CAAC;YACD,IAAI,WAAgC,CAAC;YACrC,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,MAAiC,EAAE,CAAC;gBAC1D,WAAW,GAAG,GAAG,CAAC;YACpB,CAAC;YACD,MAAM,UAAU,CAAC,MAAM,EAAE;gBACvB,KAAK,EAAE,WAAW;gBAClB,OAAO,EAAE,WAAW;gBACpB,SAAS,EAAE,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;aACxD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,MAAO,MAAoC,CAAC;QAClE,MAAM,YAAY,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,CAAC,aAAa,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC;QACxE,MAAM,UAAU,CAAC,MAAM,EAAE;YACvB,KAAK,EAAE,WAAW;YAClB,OAAO,EAAE,aAAa,CAAC,OAAO;YAC9B,SAAS,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;SAC9D,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,UAAU,CAAC,MAAM,EAAE;YACvB,KAAK,EAAE,QAAQ;YACf,OAAO,EAAE;gBACP,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,IAAI,gBAAgB,EAAE,CAAC;aAClE;SACF,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,MAA+B,EAC/B,MAAiB,EACjB,KAAW;IAEX,MAAM,OAAO,GAAG,MAAM,CAAC,OAAkB,CAAC;IAC1C,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,OAAO;YACL,GAAG,YAAY,CACb,CAAC,EACD,CAAC,KAAK,EACN,sDAAsD,CACvD;YACD,GAAG,EAAE,CAAC;SACP,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,SAA+B,CAAC;IACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAA+C,CAAC;IAExE,sEAAsE;IACtE,yEAAyE;IACzE,uEAAuE;IACvE,0EAA0E;IAC1E,6BAA6B;IAC7B,MAAM,iBAAiB,GACpB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,IAAI,CAAC;IAErE,sEAAsE;IACtE,0EAA0E;IAC1E,8EAA8E;IAC9E,yEAAyE;IACzE,kEAAkE;IAClE,sEAAsE;IACtE,wEAAwE;IACxE,yEAAyE;IACzE,8CAA8C;IAC9C,MAAM,SAAS,GACb,MAAM,CAAC,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,CAAC,CAAC;IAE9E,IAAI,SAAS,EAAE,CAAC;QACd,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,sEAAsE;QACtE,uEAAuE;QACvE,0DAA0D;QAC1D,MAAM,YAAY,GAAG,sBAAsB,EAAE,CAAC;QAC9C,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QACxE,IAAI,sBAAsB,EAAE,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5D,OAAO;gBACL,GAAG,YAAY,CACb,CAAC,EACD,CAAC,KAAK,EACN,+EAA+E,CAChF;gBACD,GAAG,EAAE,CAAC;aACP,CAAC;QACJ,CAAC;QACD,uEAAuE;QACvE,wEAAwE;QACxE,0EAA0E;QAC1E,sEAAsE;QACtE,0EAA0E;QAC1E,0EAA0E;QAC1E,oEAAoE;QACpE,MAAM,aAAa,GAChB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,SAAS,CAAC;QAC1E,2EAA2E;QAC3E,iEAAiE;QACjE,MAAM,aAAa,GAChB,KAAK,EAAE,OAAO,EAAE,cAAqC,IAAI,SAAS,CAAC;QAEtE,MAAM,YAAY,GAA4B;YAC5C,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;YACnB,eAAe,EAAE;gBACf,aAAa;gBACb,aAAa;gBACb,SAAS,EAAE,SAAS,IAAI,IAAI;gBAC5B,cAAc,EAAE,QAAQ,IAAI,IAAI;aACjC;SACF,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,UAAU,CAC3B,OAAO,EACP,SAAS,EACT,YAAY,EACZ,iBAAiB,CAClB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAEhE,uBAAuB,CAAC,KAAK,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACpD,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,GAAG,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,OAAO,EAAE,GAAG,aAAa,CAAC,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;IAC1D,CAAC;IAED,OAAO,qBAAqB,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,IAAI,GAAG,MAAM,UAAU,CAC3B,OAAO,EACP,SAAS,EACT,SAAS,EACT,iBAAiB,CAClB,CAAC;QACF,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAEhD,MAAM,GAAG,GAAG,kBAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QAEpE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAExD,IACE,MAAM;gBACN,OAAO,MAAM,KAAK,QAAQ;gBAC1B,MAAM,CAAC,aAAa,IAAI,MAAM,EAC9B,CAAC;gBACD,IAAI,WAAgC,CAAC;gBACrC,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,MAAiC,EAAE,CAAC;oBAC1D,WAAW,GAAG,GAAG,CAAC;gBACpB,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;oBACxC,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,WAAW;oBACpB,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS;iBAChE,CAAC,CAAC;gBACH,OAAO,EAAE,GAAG,aAAa,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;YAClD,CAAC;YAED,MAAM,aAAa,GAAG,MAAO,MAAoC,CAAC;YAClE,MAAM,YAAY,GAAG;gBACnB,GAAG,GAAG,CAAC,SAAS;gBAChB,GAAG,CAAC,aAAa,CAAC,SAAS,IAAI,EAAE,CAAC;aACnC,CAAC;YACF,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;gBACxC,KAAK,EAAE,WAAW;gBAClB,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,SAAS,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;aAC9D,CAAC,CAAC;YACH,OAAO,EAAE,GAAG,aAAa,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QAClD,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;gBACxB,KAAK,EAAE,QAAQ;gBACf,OAAO,EAAE;oBACP,IAAI,EAAE,OAAO;oBACb,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,IAAI,gBAAgB,EAAE,CAAC;iBACjE;aACF,CAAC,CAAC;YACH,OAAO;gBACL,GAAG,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,gBAAgB,CAAC;gBAC3D,GAAG,EAAE,CAAC;aACP,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,MAA+B,EAC/B,MAAiB,EACjB,GAAwD,EACxD,KAAW;IAEX,MAAM,OAAO,GAAG,MAAM,CAAC,OAAkB,CAAC;IAC1C,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,GAAG,CAAC,KAAK,CACP,SAAS,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC,MAAM,CACzE,CAAC;QACF,GAAG,CAAC,GAAG,EAAE,CAAC;QACV,OAAO;IACT,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,SAA+B,CAAC;IACzD,MAAM,QAAQ,GAAG,MAAM,CAAC,QAA+C,CAAC;IACxE,MAAM,iBAAiB,GACpB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,IAAI,CAAC;IAErE,MAAM,qBAAqB,CAAC,QAAQ,EAAE,KAAK,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,IAAI,GAAG,MAAM,UAAU,CAC3B,OAAO,EACP,SAAS,EACT,SAAS,EACT,iBAAiB,CAClB,CAAC;QAEF,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAEhD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,kBAAkB,CAC/C,IAAI,CAAC,EAAE,EACP,SAAS,EACT,QAAQ,EACR,KAAK,CACN,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAEpD,IACE,MAAM;gBACN,OAAO,MAAM,KAAK,QAAQ;gBAC1B,MAAM,CAAC,aAAa,IAAI,MAAM,EAC9B,CAAC;gBACD,IAAI,KAAK,EAAE,MAAM,GAAG,IAAI,MAAiC,EAAE,CAAC;oBAC1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;wBAC7C,KAAK,EAAE,SAAS;wBAChB,OAAO,EAAE,GAAG;qBACb,CAAC,CAAC;oBACH,GAAG,CAAC,KAAK,CACP,SAAS,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,MAAM,CAC9D,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,aAAa,GAAG,MAAO,MAAoC,CAAC;gBAClE,MAAM,YAAY,GAAG,CAAC,GAAG,SAAS,EAAE,GAAG,CAAC,aAAa,CAAC,SAAS,IAAI,EAAE,CAAC,CAAC,CAAC;gBACxE,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;oBACxC,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,aAAa,CAAC,OAAO;oBAC9B,SAAS,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;iBAC9D,CAAC,CAAC;gBACH,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;gBACpE,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,MAAM,YAAY,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE;gBACtC,KAAK,EAAE,WAAW;gBAClB,SAAS,EAAE,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS;aAC9D,CAAC,CAAC;YACH,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QACpE,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC/C,GAAG,CAAC,KAAK,CACP,SAAS,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,CAAC,OAAO,IAAI,gBAAgB,CAAC,CAAC,MAAM,CACxF,CAAC;QACJ,CAAC;QAED,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC;IACtC,aAAa;IACb,WAAW;IACX,WAAW;IACX,aAAa;IACb,cAAc;IACd,QAAQ;IACR,eAAe;IACf,eAAe;IACf,QAAQ;CACT,CAAC,CAAC;AAEH,SAAS,uBAAuB,CAAC,IAAS;IACxC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAErE,MAAM,IAAI,GAAG,IAAI,CAAC,QAAmC,CAAC;IACtD,MAAM,UAAU,GAA4B,EAAE,CAAC;IAC/C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,KAAK,iBAAiB;YAAE,SAAS;QACtC,IAAI,uBAAuB,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,SAAS;QAC7C,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAS,mBAAmB,CAC1B,cAA6B,EAC7B,KAAU,EACV,MAAiB;IAEjB,MAAM,aAAa,GAChB,KAAK,EAAE,OAAO,EAAE,kBAAyC,IAAI,IAAI,CAAC;IACrE,MAAM,YAAY,GAAG,sBAAsB,EAAE,CAAC;IAC9C,MAAM,SAAS,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,sBAAsB,EAAE,CAAC;IAE9C,IAAI,YAAY,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;QAChD,mEAAmE;QACnE,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QACnD,CAAC;QACD,IAAI,aAAa,CAAC,WAAW,EAAE,KAAK,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC;YACjE,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IACD,yEAAyE;IACzE,qDAAqD;IACrD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,SAAS,CACtB,MAA+B,EAC/B,KAAU,EACV,MAAiB;IAEjB,MAAM,EAAE,GAAG,MAAM,CAAC,EAAY,CAAC;IAC/B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,6BAA6B,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,EAAE,CAAC,CAAC;IAC/B,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;IACnD,CAAC;IACD,MAAM,4BAA4B,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QAC1D,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,GAAG,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,KAAK,UAAU,4BAA4B,CACzC,MAAc,EACd,KAAU;IAEV,MAAM,KAAK,GAAG,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;IACpD,IAAI,CAAC,KAAK;QAAE,OAAO;IACnB,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,eAAe;QAAE,OAAO;IAE7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IACE,CAAC,KAAK,CAAC,WAAW,KAAK,WAAW,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS,CAAC;QACtE,KAAK,CAAC,SAAS,IAAI,GAAG,GAAG,kCAAkC,EAC3D,CAAC;QACD,IAAI,MAAM,0BAA0B,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,MAAM,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO;IACT,CAAC;IAED,IACE,KAAK,CAAC,WAAW,KAAK,YAAY;QAClC,KAAK,CAAC,SAAS,IAAI,GAAG,GAAG,6BAA6B,EACtD,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,yBAAyB,CAC3C,MAAM,EACN,GAAG,GAAG,6BAA6B,CACpC,CAAC;QACF,IAAI,KAAK;YAAE,MAAM,uBAAuB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,MAA+B,EAC/B,KAAU,EACV,MAAiB;IAEjB,MAAM,EAAE,GAAG,MAAM,CAAC,EAAY,CAAC;IAC/B,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,6BAA6B,CAAC,CAAC;IAChE,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,EAAE,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC9D,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;IACzD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,YAAY,CAAC,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;IACnD,CAAC;IACD,OAAO,aAAa,CAAC,CAAC,EAAE,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAS,EACT,KAAU,EACV,MAAiB;IAEjB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,KAAK,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACpD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,YAAY,CAAC,IAAI,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,KAAK,EAAE,0BAA0B,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,MAAM,GAAI,IAAI,CAAC,MAAkC,IAAI,EAAE,CAAC;IAC9D,MAAM,EAAE,GAAG,IAAI,CAAC,EAAE,CAAC;IAEnB,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;QACpB,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;YACvD,MAAM,EAAE,GAAG,EAAE,GAAG,QAAQ,EAAE,GAAG,MAAM,CAAC;YACpC,OAAO,EAAE,GAAG,QAAQ,EAAE,EAAE,EAAqB,CAAC;QAChD,CAAC;QACD,KAAK,gBAAgB,CAAC,CAAC,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACtB,OAAO,YAAY,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,yBAAyB,CAAC,CAAC;YAC7D,CAAC;YACD,8CAA8C;YAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,CAAC;YAC5B,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,OAAO,YAAY,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,yBAAyB,CAAC,CAAC;YAC7D,CAAC;YACD,iBAAiB,CAAC,KAAK,EAAE,cAAc,EAAE,mBAAmB,CAAC,CAAC;YAC9D,iBAAiB,CAAC,KAAK,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC;YACtD,iBAAiB,CAAC,KAAK,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC;YACrD,MAAM,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YAC/C,OAAO,SAAgB,CAAC,CAAC,gCAAgC;QAC3D,CAAC;QACD,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACtD,OAAO,EAAE,GAAG,MAAM,EAAE,EAAE,EAAqB,CAAC;QAC9C,CAAC;QACD,KAAK,cAAc,CAAC,CAAC,CAAC;YACpB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACzD,OAAO,EAAE,GAAG,MAAM,EAAE,EAAE,EAAqB,CAAC;QAC9C,CAAC;QACD;YACE,OAAO,YAAY,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,qBAAqB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACxE,CAAC;AACH,CAAC","sourcesContent":["import { setResponseHeader, setResponseStatus } from \"h3\";\nimport type {\n A2AConfig,\n A2AHandler,\n A2AHandlerContext,\n A2AHandlerResult,\n JsonRpcRequest,\n JsonRpcResponse,\n Message,\n Artifact,\n} from \"./types.js\";\nimport {\n createTask,\n getTask,\n getTaskOwner,\n updateTask,\n claimA2ATaskForProcessing,\n getA2ATaskDispatchState,\n resetStuckA2ATaskForRetry,\n touchQueuedA2ATaskDispatch,\n} from \"./task-store.js\";\nimport { agentChat } from \"../shared/agent-chat.js\";\nimport { signInternalToken } from \"../integrations/internal-token.js\";\nimport { withConfiguredAppBasePath } from \"../server/app-base-path.js\";\nimport {\n hasConfiguredA2ASecret,\n isA2AProductionRuntime,\n} from \"./auth-policy.js\";\n\n// Inlined to avoid pulling the entire core-routes-plugin (and its h3\n// transitive deps) into the a2a/handlers test boundary. Must stay in sync\n// with FRAMEWORK_ROUTE_PREFIX in `server/core-routes-plugin.ts`.\nconst A2A_PROCESS_TASK_PATH = \"/_agent-native/a2a/_process-task\";\nconst A2A_QUEUED_DISPATCH_STUCK_AFTER_MS = 10_000;\nconst A2A_PROCESSING_STUCK_AFTER_MS = 5 * 60 * 1000;\n\n/**\n * Resolve the base URL we should fire the A2A processor request to. Mirrors\n * the integration-webhook resolveBaseUrl pattern — prefer explicit env vars\n * (most reliable on serverless), fall back to inbound request headers.\n */\nfunction resolveSelfBaseUrl(event: any | undefined): string {\n const fromEnv =\n process.env.APP_URL ||\n process.env.URL ||\n process.env.DEPLOY_URL ||\n process.env.BETTER_AUTH_URL;\n if (fromEnv) return withConfiguredAppBasePath(String(fromEnv));\n\n try {\n const headers = event?.node?.req?.headers ?? event?.headers;\n const get = (name: string): string | undefined => {\n if (!headers) return undefined;\n if (typeof headers.get === \"function\") {\n return headers.get(name) ?? undefined;\n }\n const map = headers as Record<string, string | undefined>;\n return map[name] ?? map[String(name).toLowerCase()];\n };\n const proto = get(\"x-forwarded-proto\") || \"http\";\n const host = get(\"host\") || `localhost:${process.env.PORT || 3000}`;\n return withConfiguredAppBasePath(`${proto}://${host}`);\n } catch {\n return withConfiguredAppBasePath(\n `http://localhost:${process.env.PORT || 3000}`,\n );\n }\n}\n\n/**\n * Fire-and-forget POST to the A2A processor route on the same deployment.\n * Used when an A2A send is requested in async mode — the processor runs the\n * handler in a fresh function execution so it gets its own full timeout.\n */\nasync function fireProcessTaskDispatch(\n event: any,\n taskId: string,\n): Promise<void> {\n const baseUrl = resolveSelfBaseUrl(event);\n const url = `${baseUrl}${A2A_PROCESS_TASK_PATH}`;\n const headers: Record<string, string> = {\n \"Content-Type\": \"application/json\",\n };\n try {\n headers[\"Authorization\"] = `Bearer ${signInternalToken(taskId)}`;\n } catch {\n // No A2A_SECRET configured — self-fire unsigned. The processor accepts\n // unsigned dispatches when no secret is set (mirrors the integration\n // webhook flow).\n }\n // Race the fetch against a short timer. On Netlify Lambda, returning\n // immediately can freeze the function before the outbound TCP handshake\n // starts, leaving the request stuck. This gives it ~250ms to leave the\n // box at the cost of slightly higher response latency on async A2A sends.\n const dispatchPromise = fetch(url, {\n method: \"POST\",\n headers,\n body: JSON.stringify({ taskId }),\n }).catch((err) => {\n console.error(\"[a2a] Process-task dispatch fetch failed:\", err);\n });\n await Promise.race([\n dispatchPromise,\n new Promise<void>((resolve) => setTimeout(resolve, 250)),\n ]);\n}\n\n/**\n * Process a previously-enqueued A2A task. Called by the `_process-task`\n * route in `server.ts`, in a fresh function execution. Atomically claims the\n * task, reconstructs the caller's request context from the task's metadata,\n * runs the handler, and persists the outcome.\n *\n * Idempotent on duplicate dispatches: the atomic claim returns null if some\n * other invocation already picked the task up, in which case we no-op.\n */\nexport async function processA2ATaskFromQueue(\n taskId: string,\n config: A2AConfig,\n event?: any,\n): Promise<void> {\n const claimed = await claimA2ATaskForProcessing(taskId);\n if (!claimed) {\n // Already in flight, terminal, or missing. Nothing to do.\n return;\n }\n\n const message = claimed.history?.[0];\n if (!message) {\n await updateTask(taskId, {\n state: \"failed\",\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: \"Task is missing its inbound message\" }],\n },\n });\n return;\n }\n\n const meta = (claimed.metadata ?? {}) as Record<string, unknown>;\n const processorMeta = (meta.__a2a_processor ?? {}) as Record<string, unknown>;\n const verifiedEmail = processorMeta.verifiedEmail as string | undefined;\n const orgDomainHint = processorMeta.orgDomainHint as string | undefined;\n const contextId =\n (processorMeta.contextId as string | null | undefined) ?? undefined;\n const callerMetadata =\n (processorMeta.callerMetadata as\n | Record<string, unknown>\n | null\n | undefined) ?? undefined;\n\n const resolvedOrgId = await resolveVerifiedA2AOrgId(\n verifiedEmail,\n orgDomainHint,\n );\n\n const { runWithRequestContext } =\n await import(\"../server/request-context.js\");\n try {\n await runWithRequestContext(\n { userEmail: verifiedEmail, orgId: resolvedOrgId },\n () =>\n runHandlerAndPersist(\n taskId,\n message,\n config,\n contextId,\n callerMetadata,\n event,\n ),\n );\n } catch (err: any) {\n try {\n await updateTask(taskId, {\n state: \"failed\",\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: err?.message ?? \"Handler crashed\" }],\n },\n });\n } catch {}\n }\n}\n\n/**\n * Default A2A handler that delegates to agentChat.call().\n * Used when no custom handler is provided in A2AConfig.\n */\nconst defaultHandler: A2AHandler = async (\n message: Message,\n context: A2AHandlerContext,\n): Promise<A2AHandlerResult> => {\n // Extract text from message parts\n const text = message.parts\n .filter((p): p is { type: \"text\"; text: string } => p.type === \"text\")\n .map((p) => p.text)\n .join(\"\\n\");\n\n if (!text) {\n return {\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: \"No text content in message\" }],\n },\n };\n }\n\n // A2A note: this message arrived from a different app — the caller cannot\n // see this app's local state (open deck, selected slide, etc.). They only\n // see whatever this agent puts into the reply text. So:\n // 1) include any concrete result (deck/document/dashboard URL, ID, value)\n // explicitly in the reply — the caller can't navigate locally.\n // 2) URLs must be fully-qualified — relative paths resolve against the\n // caller's host and 404.\n // We prepend a one-line hint to the user message so the agent knows.\n const baseUrl = process.env.APP_URL || process.env.URL || \"\";\n const appBaseUrl = baseUrl ? withConfiguredAppBasePath(baseUrl) : \"\";\n const augmentedText = baseUrl\n ? `[Cross-app A2A request — the caller is on a different host (${appBaseUrl} is yours, theirs is different). Include the concrete result (URL, ID, value) explicitly in your reply text; the caller can't see your local UI state. Any URL MUST be fully-qualified, never a relative path.]\\n\\n${text}`\n : text;\n\n const result = await agentChat.call(augmentedText);\n\n const artifacts: Artifact[] = [];\n if (result.filesChanged.length > 0) {\n artifacts.push({\n name: \"files-changed\",\n description: \"Files modified by the agent\",\n parts: [{ type: \"data\", data: { files: result.filesChanged } }],\n });\n }\n\n return {\n message: {\n role: \"agent\",\n parts: [\n { type: \"text\", text: result.response },\n ...(result.warnings?.length\n ? [\n {\n type: \"text\" as const,\n text: `\\n\\nWarnings:\\n${result.warnings.join(\"\\n\")}`,\n },\n ]\n : []),\n ],\n },\n artifacts: artifacts.length > 0 ? artifacts : undefined,\n };\n};\n\nfunction getHandler(config: A2AConfig): A2AHandler {\n return config.handler ?? defaultHandler;\n}\n\nfunction jsonRpcError(\n id: string | number | null,\n code: number,\n message: string,\n): JsonRpcResponse {\n return { jsonrpc: \"2.0\", id, error: { code, message } };\n}\n\nfunction jsonRpcResult(id: string | number, result: unknown): JsonRpcResponse {\n return { jsonrpc: \"2.0\", id, result };\n}\n\nfunction makeHandlerContext(\n taskId: string,\n contextId?: string,\n metadata?: Record<string, unknown>,\n event?: any,\n): {\n context: A2AHandlerContext;\n artifacts: Artifact[];\n} {\n const artifacts: Artifact[] = [];\n const context: A2AHandlerContext = {\n taskId,\n contextId,\n metadata,\n event,\n writeArtifact(name, content, mimeType) {\n const artifact: Artifact = {\n name,\n parts: mimeType\n ? [\n {\n type: \"file\",\n file: {\n name,\n mimeType,\n bytes: Buffer.from(content).toString(\"base64\"),\n },\n },\n ]\n : [{ type: \"text\", text: content }],\n };\n artifacts.push(artifact);\n return name;\n },\n };\n return { context, artifacts };\n}\n\n/**\n * Resolve org context from A2A metadata / event context and wrap `fn`\n * inside `runWithRequestContext` so downstream actions see the org.\n */\nasync function withA2ARequestContext<T>(\n metadata: Record<string, unknown> | undefined,\n event: any | undefined,\n fn: () => Promise<T>,\n): Promise<T> {\n const { runWithRequestContext } =\n await import(\"../server/request-context.js\");\n\n const verifiedEmail =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? undefined;\n // Only trust the org domain from the cryptographically verified JWT claim on\n // the event context. metadata.orgDomain is caller-supplied and must not be\n // used for org resolution — an unauthenticated caller could forge it and\n // gain access to another org's data.\n const orgDomain =\n (event?.context?.__a2aOrgDomain as string | undefined) ?? undefined;\n\n const resolvedOrgId = await resolveVerifiedA2AOrgId(verifiedEmail, orgDomain);\n\n return runWithRequestContext(\n { userEmail: verifiedEmail, orgId: resolvedOrgId },\n fn,\n ) as Promise<T>;\n}\n\nasync function resolveVerifiedA2AOrgId(\n verifiedEmail: string | undefined,\n verifiedOrgDomain: string | undefined,\n): Promise<string | undefined> {\n if (verifiedOrgDomain) {\n try {\n const { resolveOrgByDomain } = await import(\"../org/context.js\");\n const org = await resolveOrgByDomain(verifiedOrgDomain);\n if (org) return org.orgId;\n } catch {\n // Org tables may not exist — continue without org context\n }\n }\n\n if (verifiedEmail) {\n try {\n const { resolveOrgIdForEmail } = await import(\"../org/context.js\");\n return (await resolveOrgIdForEmail(verifiedEmail)) ?? undefined;\n } catch {\n // Org tables may not exist — continue without org context\n }\n }\n\n return undefined;\n}\n\n/**\n * Run the handler against the message and persist the outcome to the task store.\n * Used in sync mode (awaited inline) and in async mode (called by the\n * `_process-task` processor route in a fresh function execution).\n */\nasync function runHandlerAndPersist(\n taskId: string,\n message: Message,\n config: A2AConfig,\n contextId: string | undefined,\n metadata: Record<string, unknown> | undefined,\n event?: any,\n): Promise<void> {\n const { context, artifacts } = makeHandlerContext(\n taskId,\n contextId,\n metadata,\n event,\n );\n try {\n const result = getHandler(config)(message, context);\n\n if (\n result &&\n typeof result === \"object\" &&\n Symbol.asyncIterator in result\n ) {\n let lastMessage: Message | undefined;\n for await (const msg of result as AsyncGenerator<Message>) {\n lastMessage = msg;\n }\n await updateTask(taskId, {\n state: \"completed\",\n message: lastMessage,\n artifacts: artifacts.length > 0 ? artifacts : undefined,\n });\n return;\n }\n\n const handlerResult = await (result as Promise<A2AHandlerResult>);\n const allArtifacts = [...artifacts, ...(handlerResult.artifacts ?? [])];\n await updateTask(taskId, {\n state: \"completed\",\n message: handlerResult.message,\n artifacts: allArtifacts.length > 0 ? allArtifacts : undefined,\n });\n } catch (err: any) {\n await updateTask(taskId, {\n state: \"failed\",\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: err?.message ?? \"Handler failed\" }],\n },\n });\n }\n}\n\nasync function handleSend(\n params: Record<string, unknown>,\n config: A2AConfig,\n event?: any,\n): Promise<JsonRpcResponse & { _id: string | number }> {\n const message = params.message as Message;\n if (!message || !message.role || !Array.isArray(message.parts)) {\n return {\n ...jsonRpcError(\n 0,\n -32602,\n \"Invalid params: message with role and parts required\",\n ),\n _id: 0,\n };\n }\n\n const contextId = params.contextId as string | undefined;\n const metadata = params.metadata as Record<string, unknown> | undefined;\n\n // The JWT-verified caller email (set by mountA2A in server.ts) is the\n // single source of truth for task ownership — bound at creation, checked\n // on every subsequent tasks/get and tasks/cancel call. Caller-supplied\n // metadata.userEmail is NEVER used for ownership; that would re-introduce\n // the IDOR class fixed here.\n const ownerEmailForTask =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? null;\n\n // Async mode: return the task immediately in `working` state, run the\n // handler in the background, and let the caller poll `tasks/get`. This is\n // the workaround for synchronous serverless request timeouts when the handler\n // runs LLM + tool loops that can exceed a single HTTP invocation budget.\n // SECURITY: only honor the explicit top-level `params.async`. The\n // metadata.async fallback was caller-controlled and could force async\n // dispatch (which has weaker auth than the sync path) on otherwise sync\n // requests. Async is also refused entirely when no auth is configured in\n // production — see the additional gate below.\n const asyncMode =\n params.async === true || (event && event.context?.__a2aForceAsync === true);\n\n if (asyncMode) {\n // Refuse async mode entirely when no auth is configured in production.\n // The async dispatch path self-fires the `_process-task` route, which\n // accepts unsigned dispatches when A2A_SECRET is unset — that combined\n // with the lack of caller identity here would let any unauthenticated\n // attacker queue and trigger handler runs. In production, require some\n // form of auth so the verifiedEmail is bound to the task.\n const hasA2ASecret = hasConfiguredA2ASecret();\n const hasApiKey = !!(config.apiKeyEnv && process.env[config.apiKeyEnv]);\n if (isA2AProductionRuntime() && !hasA2ASecret && !hasApiKey) {\n return {\n ...jsonRpcError(\n 0,\n -32001,\n \"A2A async mode is not available — A2A_SECRET or apiKeyEnv must be configured.\",\n ),\n _id: 0,\n };\n }\n // Resolve identity up front (cheap), bake it into the task's metadata,\n // and dispatch the actual handler run to a SEPARATE function execution.\n // On serverless hosts (Netlify, Vercel, Cloudflare) detached promises get\n // killed when the response is flushed, so we self-fire a webhook to a\n // dedicated processor route — same cross-platform pattern the integration\n // webhook queue uses. The processor reconstructs the request context from\n // the task metadata and runs the handler with its own full timeout.\n const verifiedEmail =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? undefined;\n // Only trust the verified org domain from the JWT claim — do not fall back\n // to metadata.orgDomain which is caller-supplied and unverified.\n const orgDomainHint =\n (event?.context?.__a2aOrgDomain as string | undefined) ?? undefined;\n\n const taskMetadata: Record<string, unknown> = {\n ...(metadata ?? {}),\n __a2a_processor: {\n verifiedEmail,\n orgDomainHint,\n contextId: contextId ?? null,\n callerMetadata: metadata ?? null,\n },\n };\n const task = await createTask(\n message,\n contextId,\n taskMetadata,\n ownerEmailForTask,\n );\n const working = await updateTask(task.id, { state: \"working\" });\n\n fireProcessTaskDispatch(event, task.id).catch((err) => {\n console.error(\"[a2a] Failed to dispatch process-task:\", err);\n });\n\n return { ...jsonRpcResult(0, working ?? task), _id: 0 };\n }\n\n return withA2ARequestContext(metadata, event, async () => {\n const task = await createTask(\n message,\n contextId,\n undefined,\n ownerEmailForTask,\n );\n await updateTask(task.id, { state: \"working\" });\n\n const ctx = makeHandlerContext(task.id, contextId, metadata, event);\n\n try {\n const result = getHandler(config)(message, ctx.context);\n\n if (\n result &&\n typeof result === \"object\" &&\n Symbol.asyncIterator in result\n ) {\n let lastMessage: Message | undefined;\n for await (const msg of result as AsyncGenerator<Message>) {\n lastMessage = msg;\n }\n const updated = await updateTask(task.id, {\n state: \"completed\",\n message: lastMessage,\n artifacts: ctx.artifacts.length > 0 ? ctx.artifacts : undefined,\n });\n return { ...jsonRpcResult(0, updated), _id: 0 };\n }\n\n const handlerResult = await (result as Promise<A2AHandlerResult>);\n const allArtifacts = [\n ...ctx.artifacts,\n ...(handlerResult.artifacts ?? []),\n ];\n const updated = await updateTask(task.id, {\n state: \"completed\",\n message: handlerResult.message,\n artifacts: allArtifacts.length > 0 ? allArtifacts : undefined,\n });\n return { ...jsonRpcResult(0, updated), _id: 0 };\n } catch (err: any) {\n await updateTask(task.id, {\n state: \"failed\",\n message: {\n role: \"agent\",\n parts: [{ type: \"text\", text: err.message ?? \"Handler failed\" }],\n },\n });\n return {\n ...jsonRpcError(0, -32000, err.message ?? \"Handler failed\"),\n _id: 0,\n };\n }\n });\n}\n\nasync function handleStream(\n params: Record<string, unknown>,\n config: A2AConfig,\n res: { write: (chunk: string) => void; end: () => void },\n event?: any,\n): Promise<void> {\n const message = params.message as Message;\n if (!message || !message.role || !Array.isArray(message.parts)) {\n res.write(\n `data: ${JSON.stringify(jsonRpcError(0, -32602, \"Invalid params\"))}\\n\\n`,\n );\n res.end();\n return;\n }\n\n const contextId = params.contextId as string | undefined;\n const metadata = params.metadata as Record<string, unknown> | undefined;\n const ownerEmailForTask =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? null;\n\n await withA2ARequestContext(metadata, event, async () => {\n const task = await createTask(\n message,\n contextId,\n undefined,\n ownerEmailForTask,\n );\n\n await updateTask(task.id, { state: \"working\" });\n\n const { context, artifacts } = makeHandlerContext(\n task.id,\n contextId,\n metadata,\n event,\n );\n\n try {\n const result = getHandler(config)(message, context);\n\n if (\n result &&\n typeof result === \"object\" &&\n Symbol.asyncIterator in result\n ) {\n for await (const msg of result as AsyncGenerator<Message>) {\n const intermediate = await updateTask(task.id, {\n state: \"working\",\n message: msg,\n });\n res.write(\n `data: ${JSON.stringify(jsonRpcResult(0, intermediate))}\\n\\n`,\n );\n }\n } else {\n const handlerResult = await (result as Promise<A2AHandlerResult>);\n const allArtifacts = [...artifacts, ...(handlerResult.artifacts ?? [])];\n const updated = await updateTask(task.id, {\n state: \"completed\",\n message: handlerResult.message,\n artifacts: allArtifacts.length > 0 ? allArtifacts : undefined,\n });\n res.write(`data: ${JSON.stringify(jsonRpcResult(0, updated))}\\n\\n`);\n res.end();\n return;\n }\n\n const allArtifacts = [...artifacts];\n const final = await updateTask(task.id, {\n state: \"completed\",\n artifacts: allArtifacts.length > 0 ? allArtifacts : undefined,\n });\n res.write(`data: ${JSON.stringify(jsonRpcResult(0, final))}\\n\\n`);\n } catch (err: any) {\n await updateTask(task.id, { state: \"failed\" });\n res.write(\n `data: ${JSON.stringify(jsonRpcError(0, -32000, err.message ?? \"Handler failed\"))}\\n\\n`,\n );\n }\n\n res.end();\n });\n}\n\n/**\n * Caller-supplied metadata keys that may contain sensitive bearer / OAuth\n * material. Always stripped from `tasks/get` responses so a leaked task id\n * never discloses an OAuth token even when the original sender carelessly\n * stuffed one into `metadata` (see `production-agent.ts:1144-1156` for the\n * historical googleToken propagation pattern).\n */\nconst SENSITIVE_METADATA_KEYS = new Set([\n \"googleToken\",\n \"userEmail\",\n \"orgDomain\",\n \"accessToken\",\n \"refreshToken\",\n \"apiKey\",\n \"Authorization\",\n \"authorization\",\n \"bearer\",\n]);\n\nfunction sanitizeTaskForResponse(task: any): any {\n if (!task || typeof task !== \"object\") return task;\n if (!task.metadata || typeof task.metadata !== \"object\") return task;\n\n const meta = task.metadata as Record<string, unknown>;\n const publicMeta: Record<string, unknown> = {};\n for (const [k, v] of Object.entries(meta)) {\n if (k === \"__a2a_processor\") continue;\n if (SENSITIVE_METADATA_KEYS.has(k)) continue;\n publicMeta[k] = v;\n }\n return { ...task, metadata: publicMeta };\n}\n\n/**\n * Reject access when the task has a recorded owner that doesn't match the\n * verified caller. Returns a 404-shaped JSON-RPC error to avoid disclosing\n * task existence to the wrong caller (enumeration via UUID lookup).\n *\n * - When the task has no recorded owner (legacy row from before the\n * owner_email migration) we allow access if some verifiable bearer token\n * was presented; otherwise we still reject so an unsigned caller can never\n * read or cancel arbitrary task ids.\n * - When neither A2A_SECRET nor apiKeyEnv is configured AND we're in\n * production, we refuse `tasks/get` and `tasks/cancel` outright — there's\n * no way to authenticate the caller, so the only safe response is \"not\n * found\".\n */\nfunction authorizeTaskAccess(\n taskOwnerEmail: string | null,\n event: any,\n config: A2AConfig,\n): JsonRpcResponse | null {\n const verifiedEmail =\n (event?.context?.__a2aVerifiedEmail as string | undefined) ?? null;\n const hasA2ASecret = hasConfiguredA2ASecret();\n const hasApiKey = !!(config.apiKeyEnv && process.env[config.apiKeyEnv]);\n const inProduction = isA2AProductionRuntime();\n\n if (inProduction && !hasA2ASecret && !hasApiKey) {\n // No way to authenticate the caller in production — refuse access.\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n\n if (taskOwnerEmail) {\n if (!verifiedEmail) {\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n if (verifiedEmail.toLowerCase() !== taskOwnerEmail.toLowerCase()) {\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n }\n // Legacy row (no owner_email recorded). The route-level auth gate is the\n // only thing protecting it — fall through and serve.\n return null;\n}\n\nasync function handleGet(\n params: Record<string, unknown>,\n event: any,\n config: A2AConfig,\n): Promise<JsonRpcResponse> {\n const id = params.id as string;\n if (!id) {\n return jsonRpcError(0, -32602, \"Invalid params: id required\");\n }\n const ownerEmail = await getTaskOwner(id);\n const denied = authorizeTaskAccess(ownerEmail, event, config);\n if (denied) return denied;\n\n const task = await getTask(id);\n if (!task) {\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n await refireStuckAsyncTaskIfNeeded(id, event).catch((err) => {\n console.error(\"[a2a] Failed to refire stuck async task:\", err);\n });\n return jsonRpcResult(0, sanitizeTaskForResponse(task));\n}\n\nasync function refireStuckAsyncTaskIfNeeded(\n taskId: string,\n event: any,\n): Promise<void> {\n const state = await getA2ATaskDispatchState(taskId);\n if (!state) return;\n if (!state.metadata?.__a2a_processor) return;\n\n const now = Date.now();\n if (\n (state.statusState === \"submitted\" || state.statusState === \"working\") &&\n state.updatedAt <= now - A2A_QUEUED_DISPATCH_STUCK_AFTER_MS\n ) {\n if (await touchQueuedA2ATaskDispatch(taskId)) {\n await fireProcessTaskDispatch(event, taskId);\n }\n return;\n }\n\n if (\n state.statusState === \"processing\" &&\n state.updatedAt <= now - A2A_PROCESSING_STUCK_AFTER_MS\n ) {\n const reset = await resetStuckA2ATaskForRetry(\n taskId,\n now - A2A_PROCESSING_STUCK_AFTER_MS,\n );\n if (reset) await fireProcessTaskDispatch(event, taskId);\n }\n}\n\nasync function handleCancel(\n params: Record<string, unknown>,\n event: any,\n config: A2AConfig,\n): Promise<JsonRpcResponse> {\n const id = params.id as string;\n if (!id) {\n return jsonRpcError(0, -32602, \"Invalid params: id required\");\n }\n const ownerEmail = await getTaskOwner(id);\n const denied = authorizeTaskAccess(ownerEmail, event, config);\n if (denied) return denied;\n\n const task = await updateTask(id, { state: \"canceled\" });\n if (!task) {\n return jsonRpcError(0, -32001, \"Task not found\");\n }\n return jsonRpcResult(0, sanitizeTaskForResponse(task));\n}\n\n/**\n * H3-compatible JSON-RPC handler. Returns JSON directly (H3 serializes it).\n * Streaming is handled via H3's node response when needed.\n */\nexport async function handleJsonRpcH3(\n body: any,\n event: any,\n config: A2AConfig,\n): Promise<JsonRpcResponse> {\n if (!body || body.jsonrpc !== \"2.0\" || !body.method) {\n setResponseStatus(event, 400);\n return jsonRpcError(body?.id ?? null, -32600, \"Invalid JSON-RPC request\");\n }\n\n const params = (body.params as Record<string, unknown>) ?? {};\n const id = body.id;\n\n switch (body.method) {\n case \"message/send\": {\n const result = await handleSend(params, config, event);\n const { _id, ...response } = result;\n return { ...response, id } as JsonRpcResponse;\n }\n case \"message/stream\": {\n if (!config.streaming) {\n return jsonRpcError(id, -32601, \"Streaming not supported\");\n }\n // Use the raw node response for SSE streaming\n const res = event.node?.res;\n if (!res) {\n return jsonRpcError(id, -32000, \"Streaming not available\");\n }\n setResponseHeader(event, \"Content-Type\", \"text/event-stream\");\n setResponseHeader(event, \"Cache-Control\", \"no-cache\");\n setResponseHeader(event, \"Connection\", \"keep-alive\");\n await handleStream(params, config, res, event);\n return undefined as any; // Response already sent via SSE\n }\n case \"tasks/get\": {\n const result = await handleGet(params, event, config);\n return { ...result, id } as JsonRpcResponse;\n }\n case \"tasks/cancel\": {\n const result = await handleCancel(params, event, config);\n return { ...result, id } as JsonRpcResponse;\n }\n default:\n return jsonRpcError(id, -32601, `Method not found: ${body.method}`);\n }\n}\n"]}
package/dist/a2a/index.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  export { mountA2A } from "./server.js";
2
+ export { generateAgentCard } from "./agent-card.js";
2
3
  export { A2AClient, callAgent, signA2AToken } from "./client.js";
3
4
  export type { A2AConfig, A2AHandler, A2AHandlerContext, A2AHandlerResult, AgentCard, AgentSkill, AgentCapabilities, Task, TaskState, TaskStatus, Message, Part, TextPart, FilePart, DataPart, Artifact, JsonRpcRequest, JsonRpcResponse, } from "./types.js";
4
5
  //# sourceMappingURL=index.d.ts.map
package/dist/a2a/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/a2a/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGjE,YAAY,EACV,SAAS,EACT,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,SAAS,EACT,UAAU,EACV,iBAAiB,EACjB,IAAI,EACJ,SAAS,EACT,UAAU,EACV,OAAO,EACP,IAAI,EACJ,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/a2a/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGpD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAGjE,YAAY,EACV,SAAS,EACT,UAAU,EACV,iBAAiB,EACjB,gBAAgB,EAChB,SAAS,EACT,UAAU,EACV,iBAAiB,EACjB,IAAI,EACJ,SAAS,EACT,UAAU,EACV,OAAO,EACP,IAAI,EACJ,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,QAAQ,EACR,cAAc,EACd,eAAe,GAChB,MAAM,YAAY,CAAC"}
package/dist/a2a/index.js CHANGED
@@ -1,5 +1,6 @@
1
1
  // Server (H3/Nitro)
2
2
  export { mountA2A } from "./server.js";
3
+ export { generateAgentCard } from "./agent-card.js";
3
4
  // Client
4
5
  export { A2AClient, callAgent, signA2AToken } from "./client.js";
5
6
  //# sourceMappingURL=index.js.map
package/dist/a2a/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/a2a/index.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,SAAS;AACT,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC","sourcesContent":["// Server (H3/Nitro)\nexport { mountA2A } from \"./server.js\";\n\n// Client\nexport { A2AClient, callAgent, signA2AToken } from \"./client.js\";\n\n// Types\nexport type {\n A2AConfig,\n A2AHandler,\n A2AHandlerContext,\n A2AHandlerResult,\n AgentCard,\n AgentSkill,\n AgentCapabilities,\n Task,\n TaskState,\n TaskStatus,\n Message,\n Part,\n TextPart,\n FilePart,\n DataPart,\n Artifact,\n JsonRpcRequest,\n JsonRpcResponse,\n} from \"./types.js\";\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/a2a/index.ts"],"names":[],"mappings":"AAAA,oBAAoB;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAEpD,SAAS;AACT,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC","sourcesContent":["// Server (H3/Nitro)\nexport { mountA2A } from \"./server.js\";\nexport { generateAgentCard } from \"./agent-card.js\";\n\n// Client\nexport { A2AClient, callAgent, signA2AToken } from \"./client.js\";\n\n// Types\nexport type {\n A2AConfig,\n A2AHandler,\n A2AHandlerContext,\n A2AHandlerResult,\n AgentCard,\n AgentSkill,\n AgentCapabilities,\n Task,\n TaskState,\n TaskStatus,\n Message,\n Part,\n TextPart,\n FilePart,\n DataPart,\n Artifact,\n JsonRpcRequest,\n JsonRpcResponse,\n} from \"./types.js\";\n"]}
package/dist/a2a/response-text.d.ts CHANGED
@@ -1,3 +1,6 @@
1
1
  import type { AgentChatEvent } from "../agent/types.js";
2
- export declare function collectFinalResponseTextFromAgentEvents(events: readonly AgentChatEvent[]): string;
2
+ export interface CollectFinalResponseTextOptions {
3
+ fallbackToPreToolText?: boolean;
4
+ }
5
+ export declare function collectFinalResponseTextFromAgentEvents(events: readonly AgentChatEvent[], options?: CollectFinalResponseTextOptions): string;
3
6
  //# sourceMappingURL=response-text.d.ts.map
package/dist/a2a/response-text.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"response-text.d.ts","sourceRoot":"","sources":["../../src/a2a/response-text.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAExD,wBAAgB,uCAAuC,CACrD,MAAM,EAAE,SAAS,cAAc,EAAE,GAChC,MAAM,CAqBR"}
1
+ {"version":3,"file":"response-text.d.ts","sourceRoot":"","sources":["../../src/a2a/response-text.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAExD,MAAM,WAAW,+BAA+B;IAC9C,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AAED,wBAAgB,uCAAuC,CACrD,MAAM,EAAE,SAAS,cAAc,EAAE,EACjC,OAAO,GAAE,+BAAoC,GAC5C,MAAM,CAsBR"}
package/dist/a2a/response-text.js CHANGED
@@ -1,4 +1,5 @@
1
- export function collectFinalResponseTextFromAgentEvents(events) {
1
+ export function collectFinalResponseTextFromAgentEvents(events, options = {}) {
2
+ const fallbackToPreToolText = options.fallbackToPreToolText ?? true;
2
3
  let lastToolIdx = -1;
3
4
  for (let i = events.length - 1; i >= 0; i--) {
4
5
  const type = events[i].type;
@@ -12,7 +13,7 @@ export function collectFinalResponseTextFromAgentEvents(events) {
12
13
  // Some agents let the final tool output speak for itself. Fall back to all
13
14
  // text so callers do not get an empty reply just because no post-tool text
14
15
  // was emitted.
15
- if (!responseText.trim() && lastToolIdx >= 0) {
16
+ if (!responseText.trim() && lastToolIdx >= 0 && fallbackToPreToolText) {
16
17
  responseText = collectTextEvents(events, 0);
17
18
  }
18
19
  return responseText;
package/dist/a2a/response-text.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"response-text.js","sourceRoot":"","sources":["../../src/a2a/response-text.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,uCAAuC,CACrD,MAAiC;IAEjC,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC;IACrB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5B,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;YAClD,WAAW,GAAG,CAAC,CAAC;YAChB,MAAM;QACR,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxD,IAAI,YAAY,GAAG,iBAAiB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAEvD,2EAA2E;IAC3E,2EAA2E;IAC3E,eAAe;IACf,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,WAAW,IAAI,CAAC,EAAE,CAAC;QAC7C,YAAY,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,iBAAiB,CACxB,MAAiC,EACjC,QAAgB;IAEhB,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,QAAQ,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;YAAE,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC;IAChD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import type { AgentChatEvent } from \"../agent/types.js\";\n\nexport function collectFinalResponseTextFromAgentEvents(\n events: readonly AgentChatEvent[],\n): string {\n let lastToolIdx = -1;\n for (let i = events.length - 1; i >= 0; i--) {\n const type = events[i].type;\n if (type === \"tool_start\" || type === \"tool_done\") {\n lastToolIdx = i;\n break;\n }\n }\n\n const startIdx = lastToolIdx >= 0 ? lastToolIdx + 1 : 0;\n let responseText = collectTextEvents(events, startIdx);\n\n // Some agents let the final tool output speak for itself. Fall back to all\n // text so callers do not get an empty reply just because no post-tool text\n // was emitted.\n if (!responseText.trim() && lastToolIdx >= 0) {\n responseText = collectTextEvents(events, 0);\n }\n\n return responseText;\n}\n\nfunction collectTextEvents(\n events: readonly AgentChatEvent[],\n startIdx: number,\n): string {\n let text = \"\";\n for (let i = startIdx; i < events.length; i++) {\n const event = events[i];\n if (event.type === \"text\") text += event.text;\n }\n return text;\n}\n"]}
1
+ {"version":3,"file":"response-text.js","sourceRoot":"","sources":["../../src/a2a/response-text.ts"],"names":[],"mappings":"AAMA,MAAM,UAAU,uCAAuC,CACrD,MAAiC,EACjC,UAA2C,EAAE;IAE7C,MAAM,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,IAAI,IAAI,CAAC;IACpE,IAAI,WAAW,GAAG,CAAC,CAAC,CAAC;IACrB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5B,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;YAClD,WAAW,GAAG,CAAC,CAAC;YAChB,MAAM;QACR,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACxD,IAAI,YAAY,GAAG,iBAAiB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAEvD,2EAA2E;IAC3E,2EAA2E;IAC3E,eAAe;IACf,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,IAAI,WAAW,IAAI,CAAC,IAAI,qBAAqB,EAAE,CAAC;QACtE,YAAY,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,iBAAiB,CACxB,MAAiC,EACjC,QAAgB;IAEhB,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,KAAK,IAAI,CAAC,GAAG,QAAQ,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;YAAE,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC;IAChD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import type { AgentChatEvent } from \"../agent/types.js\";\n\nexport interface CollectFinalResponseTextOptions {\n fallbackToPreToolText?: boolean;\n}\n\nexport function collectFinalResponseTextFromAgentEvents(\n events: readonly AgentChatEvent[],\n options: CollectFinalResponseTextOptions = {},\n): string {\n const fallbackToPreToolText = options.fallbackToPreToolText ?? true;\n let lastToolIdx = -1;\n for (let i = events.length - 1; i >= 0; i--) {\n const type = events[i].type;\n if (type === \"tool_start\" || type === \"tool_done\") {\n lastToolIdx = i;\n break;\n }\n }\n\n const startIdx = lastToolIdx >= 0 ? lastToolIdx + 1 : 0;\n let responseText = collectTextEvents(events, startIdx);\n\n // Some agents let the final tool output speak for itself. Fall back to all\n // text so callers do not get an empty reply just because no post-tool text\n // was emitted.\n if (!responseText.trim() && lastToolIdx >= 0 && fallbackToPreToolText) {\n responseText = collectTextEvents(events, 0);\n }\n\n return responseText;\n}\n\nfunction collectTextEvents(\n events: readonly AgentChatEvent[],\n startIdx: number,\n): string {\n let text = \"\";\n for (let i = startIdx; i < events.length; i++) {\n const event = events[i];\n if (event.type === \"text\") text += event.text;\n }\n return text;\n}\n"]}
package/dist/a2a/server.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/a2a/server.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA0I5C;;;;;;;;;GASG;AACH,wBAAgB,QAAQ,CACtB,QAAQ,EAAE,GAAG,EACb,MAAM,EAAE,SAAS,EACjB,WAAW,SAAmB,GAC7B,IAAI,CAkNN"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/a2a/server.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA4J5C;;;;;;;;;GASG;AACH,wBAAgB,QAAQ,CACtB,QAAQ,EAAE,GAAG,EACb,MAAM,EAAE,SAAS,EACjB,WAAW,SAAmB,GAC7B,IAAI,CAoNN"}
package/dist/a2a/server.js CHANGED
@@ -5,6 +5,7 @@ import { generateAgentCard } from "./agent-card.js";
5
5
  import { handleJsonRpcH3, processA2ATaskFromQueue } from "./handlers.js";
6
6
  import { readBody } from "../server/h3-helpers.js";
7
7
  import { extractBearerToken, verifyInternalToken, } from "../integrations/internal-token.js";
8
+ import { hasConfiguredA2ASecret, isA2AProductionRuntime, } from "./auth-policy.js";
8
9
  /**
9
10
  * One-time warning when A2A is running unauthenticated in development. We
10
11
  * don't refuse the request (local templates need to work out of the box),
@@ -20,6 +21,12 @@ function warnA2AUnauthOnce() {
20
21
  console.warn("[a2a] No A2A_SECRET or apiKeyEnv configured — A2A endpoint runs unauthenticated. " +
21
22
  "This is allowed in development but blocked in production. Set A2A_SECRET before deploying.");
22
23
  }
24
+ function addSecretCandidate(candidates, secret) {
25
+ const trimmed = secret?.trim();
26
+ if (!trimmed || candidates.includes(trimmed))
27
+ return;
28
+ candidates.push(trimmed);
29
+ }
23
30
  /**
24
31
  * Resolve the audience (`aud`) value to expect in an inbound JWT. We use the
25
32
  * receiver's app URL — it's the natural identifier of "who this token was
@@ -46,8 +53,7 @@ function expectedJwtAudience(event) {
46
53
  catch { }
47
54
  return undefined;
48
55
  }
49
- async function verifyA2AToken(authHeader, event) {
50
- const token = authHeader.replace("Bearer ", "");
56
+ async function verifyA2AToken(token, event) {
51
57
  // Step 1: Peek at JWT claims WITHOUT verification to get org_domain.
52
58
  // This is safe because we only use org_domain to look up the secret,
53
59
  // then verify the full JWT with that secret. If someone forges a JWT
@@ -62,25 +68,24 @@ async function verifyA2AToken(authHeader, event) {
62
68
  catch {
63
69
  // Malformed token — fall through to global secret attempt
64
70
  }
65
- // Step 2: Look up the org's A2A secret by domain
66
- let secret;
71
+ // Step 2: Build a small, ordered set of candidate secrets. Tokens minted by
72
+ // current callers prefer the shared A2A_SECRET; older callers may still use
73
+ // an org-level secret. Try both without logging or reflecting secret details.
74
+ const candidateSecrets = [];
75
+ addSecretCandidate(candidateSecrets, process.env.A2A_SECRET);
67
76
  if (orgDomainHint) {
68
77
  try {
69
78
  const { getA2ASecretByDomain } = await import("../org/context.js");
70
79
  const orgSecret = await getA2ASecretByDomain(orgDomainHint);
71
- if (orgSecret)
72
- secret = orgSecret;
80
+ addSecretCandidate(candidateSecrets, orgSecret);
73
81
  }
74
82
  catch {
75
83
  // DB not ready or column doesn't exist yet — fall through
76
84
  }
77
85
  }
78
- // Step 3: Fall back to global A2A_SECRET
79
- if (!secret)
80
- secret = process.env.A2A_SECRET;
81
- if (!secret)
86
+ if (candidateSecrets.length === 0)
82
87
  return { email: null, orgDomain: null };
83
- // Step 4: Verify JWT with the resolved secret.
88
+ // Step 3: Verify JWT with the candidate secrets.
84
89
  //
85
90
  // - `audience`: passed only when the token carries an `aud` claim
86
91
  // (backward-compat: tokens minted by older `signA2AToken` versions
@@ -107,15 +112,23 @@ async function verifyA2AToken(authHeader, event) {
107
112
  unverifiedPayload.iss.length > 0) {
108
113
  verifyOptions.issuer = unverifiedPayload.iss;
109
114
  }
110
- const { payload } = await jose.jwtVerify(token, new TextEncoder().encode(secret), verifyOptions);
111
- return {
112
- email: payload.sub ?? null,
113
- orgDomain: payload.org_domain ?? null,
114
- };
115
+ for (const secret of candidateSecrets) {
116
+ try {
117
+ const { payload } = await jose.jwtVerify(token, new TextEncoder().encode(secret), verifyOptions);
118
+ return {
119
+ email: payload.sub ?? null,
120
+ orgDomain: payload.org_domain ?? null,
121
+ };
122
+ }
123
+ catch {
124
+ // Try the next candidate without leaking which secret failed.
125
+ }
126
+ }
115
127
  }
116
128
  catch {
117
- return { email: null, orgDomain: null };
129
+ // Keep malformed option construction indistinguishable from auth failure.
118
130
  }
131
+ return { email: null, orgDomain: null };
119
132
  }
120
133
  /**
121
134
  * Mount A2A protocol endpoints on an H3/Nitro app.
@@ -189,7 +202,7 @@ export function mountA2A(nitroApp, config, routePrefix = "/_agent-native") {
189
202
  // of logs / a share link could otherwise force-replay it). In
190
203
  // development, a missing secret is permitted so local templates work
191
204
  // out of the box, but we log a one-time warning so operators notice.
192
- if (process.env.A2A_SECRET) {
205
+ if (hasConfiguredA2ASecret()) {
193
206
  const auth = getRequestHeader(event, "authorization");
194
207
  const tok = extractBearerToken(auth);
195
208
  if (!verifyInternalToken(taskId, tok)) {
@@ -197,7 +210,7 @@ export function mountA2A(nitroApp, config, routePrefix = "/_agent-native") {
197
210
  return { error: "Invalid or expired processor token" };
198
211
  }
199
212
  }
200
- else if (process.env.NODE_ENV === "production") {
213
+ else if (isA2AProductionRuntime()) {
201
214
  setResponseStatus(event, 503);
202
215
  return {
203
216
  error: "A2A processor not configured — set A2A_SECRET on this deployment to enable async A2A.",
@@ -231,6 +244,7 @@ export function mountA2A(nitroApp, config, routePrefix = "/_agent-native") {
231
244
  if (sub.startsWith("_process-task"))
232
245
  return;
233
246
  const authHeader = getRequestHeader(event, "authorization");
247
+ const bearerToken = extractBearerToken(authHeader);
234
248
  let verifiedCallerEmail = null;
235
249
  let verifiedOrgDomain = null;
236
250
  let legacyApiKeyAuthenticated = false;
@@ -240,11 +254,11 @@ export function mountA2A(nitroApp, config, routePrefix = "/_agent-native") {
240
254
  // in production — return 503 with a clear message instead of running
241
255
  // the agent loop unauthenticated. In development, log a one-time
242
256
  // warning but allow so local templates work out of the box.
243
- const hasA2ASecret = !!process.env.A2A_SECRET;
257
+ const hasA2ASecret = hasConfiguredA2ASecret();
244
258
  const hasApiKey = !!(config.apiKeyEnv && process.env[config.apiKeyEnv]);
245
259
  // Try JWT verification first (org-level or global A2A_SECRET-based identity)
246
- if (authHeader?.startsWith("Bearer ")) {
247
- const tokenPayload = await verifyA2AToken(authHeader, event);
260
+ if (bearerToken) {
261
+ const tokenPayload = await verifyA2AToken(bearerToken, event);
248
262
  verifiedCallerEmail = tokenPayload.email;
249
263
  verifiedOrgDomain = tokenPayload.orgDomain;
250
264
  bearerTokenRejectedByJwt = !verifiedCallerEmail;
@@ -253,7 +267,7 @@ export function mountA2A(nitroApp, config, routePrefix = "/_agent-native") {
253
267
  if (!verifiedCallerEmail && config.apiKeyEnv) {
254
268
  const expectedKey = process.env[config.apiKeyEnv];
255
269
  if (expectedKey) {
256
- if (!authHeader || !authHeader.startsWith("Bearer ")) {
270
+ if (!bearerToken) {
257
271
  setResponseStatus(event, 401);
258
272
  return {
259
273
  jsonrpc: "2.0",
@@ -261,8 +275,7 @@ export function mountA2A(nitroApp, config, routePrefix = "/_agent-native") {
261
275
  error: { code: -32001, message: "Authentication required" },
262
276
  };
263
277
  }
264
- const token = authHeader.slice(7);
265
- if (token !== expectedKey) {
278
+ if (bearerToken !== expectedKey) {
266
279
  setResponseStatus(event, 401);
267
280
  return {
268
281
  jsonrpc: "2.0",
@@ -274,9 +287,11 @@ export function mountA2A(nitroApp, config, routePrefix = "/_agent-native") {
274
287
  }
275
288
  }
276
289
  if (!verifiedCallerEmail && !legacyApiKeyAuthenticated) {
277
- // If a global secret exists and JWT verification failed, reject after
278
- // giving the legacy exact-match apiKeyEnv path a chance to succeed.
279
- if (bearerTokenRejectedByJwt && process.env.A2A_SECRET) {
290
+ // Any supplied bearer token that failed JWT verification is an auth
291
+ // failure after the legacy exact-match apiKeyEnv path has had a
292
+ // chance to succeed. Do not let bad tokens fall through to tasks/get
293
+ // and get reported as lookup misses.
294
+ if (bearerTokenRejectedByJwt) {
280
295
  setResponseStatus(event, 401);
281
296
  return {
282
297
  jsonrpc: "2.0",
@@ -288,7 +303,7 @@ export function mountA2A(nitroApp, config, routePrefix = "/_agent-native") {
288
303
  };
289
304
  }
290
305
  if (!hasA2ASecret && !hasApiKey) {
291
- if (process.env.NODE_ENV === "production") {
306
+ if (isA2AProductionRuntime()) {
292
307
  setResponseStatus(event, 503);
293
308
  return {
294
309
  jsonrpc: "2.0",