@agent-native/core 0.7.51 → 0.7.53

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. package/dist/a2a/artifact-response.d.ts.map +1 -1
  2. package/dist/a2a/artifact-response.js +109 -5
  3. package/dist/a2a/artifact-response.js.map +1 -1
  4. package/dist/a2a/server.d.ts.map +1 -1
  5. package/dist/a2a/server.js +11 -0
  6. package/dist/a2a/server.js.map +1 -1
  7. package/dist/cli/templates-meta.d.ts.map +1 -1
  8. package/dist/cli/templates-meta.js +1 -0
  9. package/dist/cli/templates-meta.js.map +1 -1
  10. package/dist/client/settings/VoiceTranscriptionSection.d.ts.map +1 -1
  11. package/dist/client/settings/VoiceTranscriptionSection.js +54 -13
  12. package/dist/client/settings/VoiceTranscriptionSection.js.map +1 -1
  13. package/dist/deploy/workspace-deploy.js +32 -3
  14. package/dist/deploy/workspace-deploy.js.map +1 -1
  15. package/dist/integrations/plugin.d.ts.map +1 -1
  16. package/dist/integrations/plugin.js +2 -1
  17. package/dist/integrations/plugin.js.map +1 -1
  18. package/dist/integrations/webhook-handler.d.ts.map +1 -1
  19. package/dist/integrations/webhook-handler.js +10 -0
  20. package/dist/integrations/webhook-handler.js.map +1 -1
  21. package/dist/onboarding/plugin.d.ts.map +1 -1
  22. package/dist/onboarding/plugin.js +2 -1
  23. package/dist/onboarding/plugin.js.map +1 -1
  24. package/dist/org/plugin.d.ts.map +1 -1
  25. package/dist/org/plugin.js +2 -1
  26. package/dist/org/plugin.js.map +1 -1
  27. package/dist/scripts/call-agent.js +2 -2
  28. package/dist/scripts/call-agent.js.map +1 -1
  29. package/dist/server/action-routes.d.ts.map +1 -1
  30. package/dist/server/action-routes.js +5 -11
  31. package/dist/server/action-routes.js.map +1 -1
  32. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  33. package/dist/server/agent-chat-plugin.js +2 -1
  34. package/dist/server/agent-chat-plugin.js.map +1 -1
  35. package/dist/server/auth-plugin.d.ts.map +1 -1
  36. package/dist/server/auth-plugin.js +2 -1
  37. package/dist/server/auth-plugin.js.map +1 -1
  38. package/dist/server/auth.d.ts.map +1 -1
  39. package/dist/server/auth.js +7 -12
  40. package/dist/server/auth.js.map +1 -1
  41. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  42. package/dist/server/core-routes-plugin.js +9 -29
  43. package/dist/server/core-routes-plugin.js.map +1 -1
  44. package/dist/server/cors-origins.d.ts +10 -0
  45. package/dist/server/cors-origins.d.ts.map +1 -0
  46. package/dist/server/cors-origins.js +34 -0
  47. package/dist/server/cors-origins.js.map +1 -0
  48. package/dist/server/create-server.d.ts.map +1 -1
  49. package/dist/server/create-server.js +10 -29
  50. package/dist/server/create-server.js.map +1 -1
  51. package/dist/server/framework-request-handler.d.ts +11 -0
  52. package/dist/server/framework-request-handler.d.ts.map +1 -1
  53. package/dist/server/framework-request-handler.js +24 -1
  54. package/dist/server/framework-request-handler.js.map +1 -1
  55. package/dist/server/resources-plugin.d.ts.map +1 -1
  56. package/dist/server/resources-plugin.js +2 -1
  57. package/dist/server/resources-plugin.js.map +1 -1
  58. package/dist/terminal/terminal-plugin.d.ts.map +1 -1
  59. package/dist/terminal/terminal-plugin.js +2 -1
  60. package/dist/terminal/terminal-plugin.js.map +1 -1
  61. package/docs/content/a2a-protocol.md +93 -14
  62. package/docs/content/agent-mentions.md +2 -2
  63. package/docs/content/agent-teams.md +2 -2
  64. package/docs/content/client.md +1 -1
  65. package/docs/content/cloneable-saas.md +13 -13
  66. package/docs/content/creating-templates.md +253 -211
  67. package/docs/content/dispatch.md +94 -0
  68. package/docs/content/faq.md +2 -2
  69. package/docs/content/frames.md +1 -1
  70. package/docs/content/getting-started.md +9 -1
  71. package/docs/content/key-concepts.md +17 -1
  72. package/docs/content/messaging.md +56 -19
  73. package/docs/content/multi-app-workspace.md +10 -2
  74. package/docs/content/notifications.md +1 -1
  75. package/docs/content/observability.md +184 -0
  76. package/docs/content/onboarding.md +7 -2
  77. package/docs/content/server.md +117 -133
  78. package/docs/content/skills-guide.md +3 -3
  79. package/docs/content/template-analytics.md +8 -6
  80. package/docs/content/template-design.md +25 -27
  81. package/docs/content/template-dispatch.md +3 -1
  82. package/docs/content/template-forms.md +26 -21
  83. package/docs/content/template-mail.md +4 -0
  84. package/docs/content/template-video.md +4 -4
  85. package/docs/content/tools.md +95 -1
  86. package/docs/content/tracking.md +1 -1
  87. package/docs/content/what-is-agent-native.md +4 -2
  88. package/docs/content/workspace-management.md +5 -5
  89. package/docs/content/workspace.md +39 -30
  90. package/package.json +1 -1
package/dist/onboarding/plugin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../../src/onboarding/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,QAAQ,EACR,iBAAiB,GAElB,MAAM,IAAI,CAAC;AACZ,OAAO,EACL,cAAc,EACd,QAAQ,GACT,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AAQpE,MAAM,iBAAiB,GAAG,2BAA2B,CAAC;AACtD,MAAM,mBAAmB,GAAG,sBAAsB,CAAC;AACnD,MAAM,aAAa,GAAG,sBAAsB,CAAC;AAO7C,oFAAoF;AACpF,KAAK,UAAU,wBAAwB,CACrC,KAAc;IAEd,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;IAC5C,IAAI,OAAO,CAAC,KAAK,KAAK,mBAAmB,EAAE,CAAC;QAC1C,OAAO;YACL,SAAS,EAAE,OAAO;YAClB,SAAS,EAAE,OAAO,CAAC,KAAK;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;SAC7B,CAAC;IACJ,CAAC;IACD,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,KAAK;QACxB,SAAS,EAAE,OAAO,CAAC,KAAK;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;KAC7B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,MAAc;IAEd,2EAA2E;IAC3E,2EAA2E;IAC3E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,mBAAmB,GAAG,MAAM,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,CAAC,CAAC,GAAG,IAAK,GAA8B,CAAC,QAAQ,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAiC,EACjC,UAAiC,EAAE;IAEnC,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,GAAG,KAAK,CAAC;YACnB,CAAC;YACD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,QAAQ,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,KAAK;YAChC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,4BAA4B,CACnC,OAAiC,EACjC,EAAwB;IAExB,OAAO,qBAAqB,CAC1B;QACE,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,SAAS;KAClC,EACD,EAAE,CACH,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgC;IAC3D,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,UAAmC,EAAE;IAErC,OAAO,KAAK,EAAE,QAAa,EAAE,EAAE;QAC7B,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE/B,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC9B,8BAA8B,EAAE,CAAC;QACnC,CAAC;QAED,iEAAiE;QACjE,sEAAsE;QACtE,EAAE;QACF,wEAAwE;QACxE,yEAAyE;QACzE,YAAY;QACZ,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,QAAQ,EAC5B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAEjE,0DAA0D;YAC1D,IAAI,OAAO,KAAK,EAAE,EAAE,CAAC;gBACnB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;oBACrB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;gBACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAA4B,CAAC;gBACzD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,KAAK,CAAC,CAAC;gBAC7D,OAAO,4BAA4B,CAAC,OAAO,EAAE,GAAG,EAAE,CAChD,cAAc,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CACrC,CAAC;YACJ,CAAC;YAED,+CAA+C;YAC/C,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC1B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACR,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;gBAClC,CAAC;gBACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;gBAC5D,MAAM,WAAW,CACf,SAAS,EACT,GAAG,mBAAmB,GAAG,EAAE,EAAE,EAC7B,EAAE,QAAQ,EAAE,IAAI,EAAE,EAClB,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;gBACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YAC1B,CAAC;YAED,uDAAuD;YACvD,OAAO;QACT,CAAC,CAAC,CACH,CAAC;QAEF,yCAAyC;QACzC,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,UAAU,EAC9B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,WAAW,CACf,SAAS,EACT,aAAa,EACb,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EACjD,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;QAEF,+DAA+D;QAC/D,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,SAAS,EAC7B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,WAAW,CACf,SAAS,EACT,aAAa,EACb,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAClD,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;QAEF,0CAA0C;QAC1C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,YAAY,EAChC,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YACtD,kEAAkE;YAClE,mEAAmE;YACnE,0CAA0C;YAC1C,IAAI,CAAC;gBACH,OAAO,MAAM,4BAA4B,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;oBAC5D,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAClE,MAAM,SAAS,GAAG,CAAC,CAAC,CAClB,KAAK,IAAK,KAAiC,CAAC,SAAS,CACtD,CAAC;oBACF,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;oBAC/C,OAAO;wBACL,SAAS;wBACT,WAAW,EAAE,mBAAmB,CAAC,QAAQ,CAAC;qBAC3C,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;YAClD,CAAC;QACH,CAAC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,wFAAwF;AACxF,MAAM,CAAC,MAAM,uBAAuB,GAAmB,sBAAsB,EAAE,CAAC","sourcesContent":["/**\n * Onboarding plugin — auto-mounts the `/_agent-native/onboarding/*` routes.\n *\n * Routes:\n * GET /_agent-native/onboarding/steps — list steps + completion\n * POST /_agent-native/onboarding/steps/:id/complete — manual override (marks complete)\n * POST /_agent-native/onboarding/dismiss — dismiss the banner\n * GET /_agent-native/onboarding/dismissed — dismissed flag + allComplete\n */\n\nimport {\n defineEventHandler,\n getMethod,\n getQuery,\n setResponseStatus,\n type H3Event,\n} from \"h3\";\nimport {\n awaitBootstrap,\n getH3App,\n} from \"../server/framework-request-handler.js\";\nimport { appStateGet, appStatePut } from \"../application-state/store.js\";\nimport { getSession, DEV_MODE_USER_EMAIL } from \"../server/auth.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { listOnboardingSteps } from \"./registry.js\";\nimport { registerDefaultOnboardingSteps } from \"./default-steps.js\";\nimport type {\n OnboardingResolveContext,\n OnboardingStepStatus,\n} from \"./types.js\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nconst ONBOARDING_PREFIX = \"/_agent-native/onboarding\";\nconst OVERRIDE_KEY_PREFIX = \"onboarding:override:\";\nconst DISMISSED_KEY = \"onboarding:dismissed\";\n\nexport interface OnboardingPluginOptions {\n /** Skip registering the built-in default steps (llm, database, auth). */\n skipDefaultSteps?: boolean;\n}\n\n/** Resolve the caller context used for onboarding and application-state scoping. */\nasync function resolveOnboardingContext(\n event: H3Event,\n): Promise<OnboardingResolveContext> {\n const session = await getSession(event);\n if (!session) return { sessionId: \"local\" };\n if (session.email === DEV_MODE_USER_EMAIL) {\n return {\n sessionId: \"local\",\n userEmail: session.email,\n orgId: session.orgId ?? null,\n };\n }\n return {\n sessionId: session.email,\n userEmail: session.email,\n orgId: session.orgId ?? null,\n };\n}\n\nasync function hasOverride(\n sessionId: string,\n stepId: string,\n): Promise<boolean> {\n // appStateGet hits the DB; on transient connection errors (flaky network /\n // Neon timeout) treat as \"no override\" rather than 500ing the whole route.\n try {\n const val = await appStateGet(sessionId, `${OVERRIDE_KEY_PREFIX}${stepId}`);\n return !!(val && (val as { complete?: boolean }).complete);\n } catch {\n return false;\n }\n}\n\n/**\n * Serialise every registered onboarding step (awaiting `isComplete()`).\n * Honours the per-session \"manual override\" flag in application-state.\n *\n * `preview` short-circuits both the resolver and the override lookup so the\n * dev overlay can render the new-user flow without touching real state.\n */\nasync function serializeSteps(\n context: OnboardingResolveContext,\n options: { preview?: boolean } = {},\n): Promise<OnboardingStepStatus[]> {\n const steps = listOnboardingSteps();\n const out: OnboardingStepStatus[] = [];\n for (const step of steps) {\n let complete = false;\n if (!options.preview) {\n try {\n complete = (await step.isComplete(context)) === true;\n } catch {\n complete = false;\n }\n if (!complete) {\n complete = await hasOverride(context.sessionId, step.id);\n }\n }\n out.push({\n id: step.id,\n title: step.title,\n description: step.description,\n order: step.order,\n required: step.required ?? false,\n complete,\n methods: step.methods,\n });\n }\n return out;\n}\n\nfunction withOnboardingRequestContext<T>(\n context: OnboardingResolveContext,\n fn: () => T | Promise<T>,\n): T | Promise<T> {\n return runWithRequestContext(\n {\n userEmail: context.userEmail,\n orgId: context.orgId ?? undefined,\n },\n fn,\n );\n}\n\nfunction allRequiredComplete(statuses: OnboardingStepStatus[]): boolean {\n return statuses.filter((s) => s.required).every((s) => s.complete);\n}\n\nexport function createOnboardingPlugin(\n options: OnboardingPluginOptions = {},\n): NitroPluginDef {\n return async (nitroApp: any) => {\n await awaitBootstrap(nitroApp);\n\n if (!options.skipDefaultSteps) {\n registerDefaultOnboardingSteps();\n }\n\n // GET /_agent-native/onboarding/steps — list steps\n // POST /_agent-native/onboarding/steps/:id/complete — manual override\n //\n // Mounting on `/steps` means the middleware wrapper strips that prefix,\n // so this handler sees `/` for the list and `/<stepId>/complete` for the\n // override.\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/steps`,\n defineEventHandler(async (event: H3Event) => {\n const method = getMethod(event);\n const pathname = event.url?.pathname || \"/\";\n const trimmed = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n\n // List endpoint — GET /steps (pathname becomes \"\" or \"/\")\n if (trimmed === \"\") {\n if (method !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const context = await resolveOnboardingContext(event);\n const query = getQuery(event) as Record<string, unknown>;\n const preview = query.preview === \"1\" || query.preview === 1;\n return withOnboardingRequestContext(context, () =>\n serializeSteps(context, { preview }),\n );\n }\n\n // Override endpoint — POST /steps/:id/complete\n const [id, action] = trimmed.split(\"/\");\n if (action === \"complete\") {\n if (method !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n if (!id) {\n setResponseStatus(event, 400);\n return { error: \"id required\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n `${OVERRIDE_KEY_PREFIX}${id}`,\n { complete: true },\n { requestSource: \"agent\" },\n );\n return { ok: true, id };\n }\n\n // Unknown subroute — fall through to other middleware.\n return;\n }),\n );\n\n // POST /_agent-native/onboarding/dismiss\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/dismiss`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n DISMISSED_KEY,\n { dismissed: true, at: new Date().toISOString() },\n { requestSource: \"agent\" },\n );\n return { ok: true };\n }),\n );\n\n // POST /_agent-native/onboarding/reopen — clear dismissed flag\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/reopen`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n DISMISSED_KEY,\n { dismissed: false, at: new Date().toISOString() },\n { requestSource: \"agent\" },\n );\n return { ok: true };\n }),\n );\n\n // GET /_agent-native/onboarding/dismissed\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/dismissed`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const context = await resolveOnboardingContext(event);\n // On flaky networks (or transient Neon hiccups) the DB call below\n // can throw — return safe defaults so a transient connection error\n // doesn't surface as a 500 to the client.\n try {\n return await withOnboardingRequestContext(context, async () => {\n const value = await appStateGet(context.sessionId, DISMISSED_KEY);\n const dismissed = !!(\n value && (value as { dismissed?: boolean }).dismissed\n );\n const statuses = await serializeSteps(context);\n return {\n dismissed,\n allComplete: allRequiredComplete(statuses),\n };\n });\n } catch {\n return { dismissed: false, allComplete: false };\n }\n }),\n );\n };\n}\n\n/** Default plugin instance — mounted automatically when a template doesn't override. */\nexport const defaultOnboardingPlugin: NitroPluginDef = createOnboardingPlugin();\n"]}
1
+ {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../../src/onboarding/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,QAAQ,EACR,iBAAiB,GAElB,MAAM,IAAI,CAAC;AACZ,OAAO,EACL,cAAc,EACd,QAAQ,EACR,yBAAyB,GAC1B,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AAQpE,MAAM,iBAAiB,GAAG,2BAA2B,CAAC;AACtD,MAAM,mBAAmB,GAAG,sBAAsB,CAAC;AACnD,MAAM,aAAa,GAAG,sBAAsB,CAAC;AAO7C,oFAAoF;AACpF,KAAK,UAAU,wBAAwB,CACrC,KAAc;IAEd,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;IAC5C,IAAI,OAAO,CAAC,KAAK,KAAK,mBAAmB,EAAE,CAAC;QAC1C,OAAO;YACL,SAAS,EAAE,OAAO;YAClB,SAAS,EAAE,OAAO,CAAC,KAAK;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;SAC7B,CAAC;IACJ,CAAC;IACD,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,KAAK;QACxB,SAAS,EAAE,OAAO,CAAC,KAAK;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;KAC7B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,MAAc;IAEd,2EAA2E;IAC3E,2EAA2E;IAC3E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,mBAAmB,GAAG,MAAM,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,CAAC,CAAC,GAAG,IAAK,GAA8B,CAAC,QAAQ,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAiC,EACjC,UAAiC,EAAE;IAEnC,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,GAAG,KAAK,CAAC;YACnB,CAAC;YACD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,QAAQ,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,KAAK;YAChC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,4BAA4B,CACnC,OAAiC,EACjC,EAAwB;IAExB,OAAO,qBAAqB,CAC1B;QACE,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,SAAS;KAClC,EACD,EAAE,CACH,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgC;IAC3D,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,UAAmC,EAAE;IAErC,OAAO,KAAK,EAAE,QAAa,EAAE,EAAE;QAC7B,yBAAyB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAClD,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE/B,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC9B,8BAA8B,EAAE,CAAC;QACnC,CAAC;QAED,iEAAiE;QACjE,sEAAsE;QACtE,EAAE;QACF,wEAAwE;QACxE,yEAAyE;QACzE,YAAY;QACZ,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,QAAQ,EAC5B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAEjE,0DAA0D;YAC1D,IAAI,OAAO,KAAK,EAAE,EAAE,CAAC;gBACnB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;oBACrB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;gBACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAA4B,CAAC;gBACzD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,KAAK,CAAC,CAAC;gBAC7D,OAAO,4BAA4B,CAAC,OAAO,EAAE,GAAG,EAAE,CAChD,cAAc,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CACrC,CAAC;YACJ,CAAC;YAED,+CAA+C;YAC/C,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC1B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACR,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;gBAClC,CAAC;gBACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;gBAC5D,MAAM,WAAW,CACf,SAAS,EACT,GAAG,mBAAmB,GAAG,EAAE,EAAE,EAC7B,EAAE,QAAQ,EAAE,IAAI,EAAE,EAClB,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;gBACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YAC1B,CAAC;YAED,uDAAuD;YACvD,OAAO;QACT,CAAC,CAAC,CACH,CAAC;QAEF,yCAAyC;QACzC,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,UAAU,EAC9B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,WAAW,CACf,SAAS,EACT,aAAa,EACb,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EACjD,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;QAEF,+DAA+D;QAC/D,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,SAAS,EAC7B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,WAAW,CACf,SAAS,EACT,aAAa,EACb,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAClD,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;QAEF,0CAA0C;QAC1C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,YAAY,EAChC,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YACtD,kEAAkE;YAClE,mEAAmE;YACnE,0CAA0C;YAC1C,IAAI,CAAC;gBACH,OAAO,MAAM,4BAA4B,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;oBAC5D,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAClE,MAAM,SAAS,GAAG,CAAC,CAAC,CAClB,KAAK,IAAK,KAAiC,CAAC,SAAS,CACtD,CAAC;oBACF,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;oBAC/C,OAAO;wBACL,SAAS;wBACT,WAAW,EAAE,mBAAmB,CAAC,QAAQ,CAAC;qBAC3C,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;YAClD,CAAC;QACH,CAAC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,wFAAwF;AACxF,MAAM,CAAC,MAAM,uBAAuB,GAAmB,sBAAsB,EAAE,CAAC","sourcesContent":["/**\n * Onboarding plugin — auto-mounts the `/_agent-native/onboarding/*` routes.\n *\n * Routes:\n * GET /_agent-native/onboarding/steps — list steps + completion\n * POST /_agent-native/onboarding/steps/:id/complete — manual override (marks complete)\n * POST /_agent-native/onboarding/dismiss — dismiss the banner\n * GET /_agent-native/onboarding/dismissed — dismissed flag + allComplete\n */\n\nimport {\n defineEventHandler,\n getMethod,\n getQuery,\n setResponseStatus,\n type H3Event,\n} from \"h3\";\nimport {\n awaitBootstrap,\n getH3App,\n markDefaultPluginProvided,\n} from \"../server/framework-request-handler.js\";\nimport { appStateGet, appStatePut } from \"../application-state/store.js\";\nimport { getSession, DEV_MODE_USER_EMAIL } from \"../server/auth.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { listOnboardingSteps } from \"./registry.js\";\nimport { registerDefaultOnboardingSteps } from \"./default-steps.js\";\nimport type {\n OnboardingResolveContext,\n OnboardingStepStatus,\n} from \"./types.js\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nconst ONBOARDING_PREFIX = \"/_agent-native/onboarding\";\nconst OVERRIDE_KEY_PREFIX = \"onboarding:override:\";\nconst DISMISSED_KEY = \"onboarding:dismissed\";\n\nexport interface OnboardingPluginOptions {\n /** Skip registering the built-in default steps (llm, database, auth). */\n skipDefaultSteps?: boolean;\n}\n\n/** Resolve the caller context used for onboarding and application-state scoping. */\nasync function resolveOnboardingContext(\n event: H3Event,\n): Promise<OnboardingResolveContext> {\n const session = await getSession(event);\n if (!session) return { sessionId: \"local\" };\n if (session.email === DEV_MODE_USER_EMAIL) {\n return {\n sessionId: \"local\",\n userEmail: session.email,\n orgId: session.orgId ?? null,\n };\n }\n return {\n sessionId: session.email,\n userEmail: session.email,\n orgId: session.orgId ?? null,\n };\n}\n\nasync function hasOverride(\n sessionId: string,\n stepId: string,\n): Promise<boolean> {\n // appStateGet hits the DB; on transient connection errors (flaky network /\n // Neon timeout) treat as \"no override\" rather than 500ing the whole route.\n try {\n const val = await appStateGet(sessionId, `${OVERRIDE_KEY_PREFIX}${stepId}`);\n return !!(val && (val as { complete?: boolean }).complete);\n } catch {\n return false;\n }\n}\n\n/**\n * Serialise every registered onboarding step (awaiting `isComplete()`).\n * Honours the per-session \"manual override\" flag in application-state.\n *\n * `preview` short-circuits both the resolver and the override lookup so the\n * dev overlay can render the new-user flow without touching real state.\n */\nasync function serializeSteps(\n context: OnboardingResolveContext,\n options: { preview?: boolean } = {},\n): Promise<OnboardingStepStatus[]> {\n const steps = listOnboardingSteps();\n const out: OnboardingStepStatus[] = [];\n for (const step of steps) {\n let complete = false;\n if (!options.preview) {\n try {\n complete = (await step.isComplete(context)) === true;\n } catch {\n complete = false;\n }\n if (!complete) {\n complete = await hasOverride(context.sessionId, step.id);\n }\n }\n out.push({\n id: step.id,\n title: step.title,\n description: step.description,\n order: step.order,\n required: step.required ?? false,\n complete,\n methods: step.methods,\n });\n }\n return out;\n}\n\nfunction withOnboardingRequestContext<T>(\n context: OnboardingResolveContext,\n fn: () => T | Promise<T>,\n): T | Promise<T> {\n return runWithRequestContext(\n {\n userEmail: context.userEmail,\n orgId: context.orgId ?? undefined,\n },\n fn,\n );\n}\n\nfunction allRequiredComplete(statuses: OnboardingStepStatus[]): boolean {\n return statuses.filter((s) => s.required).every((s) => s.complete);\n}\n\nexport function createOnboardingPlugin(\n options: OnboardingPluginOptions = {},\n): NitroPluginDef {\n return async (nitroApp: any) => {\n markDefaultPluginProvided(nitroApp, \"onboarding\");\n await awaitBootstrap(nitroApp);\n\n if (!options.skipDefaultSteps) {\n registerDefaultOnboardingSteps();\n }\n\n // GET /_agent-native/onboarding/steps — list steps\n // POST /_agent-native/onboarding/steps/:id/complete — manual override\n //\n // Mounting on `/steps` means the middleware wrapper strips that prefix,\n // so this handler sees `/` for the list and `/<stepId>/complete` for the\n // override.\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/steps`,\n defineEventHandler(async (event: H3Event) => {\n const method = getMethod(event);\n const pathname = event.url?.pathname || \"/\";\n const trimmed = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n\n // List endpoint — GET /steps (pathname becomes \"\" or \"/\")\n if (trimmed === \"\") {\n if (method !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const context = await resolveOnboardingContext(event);\n const query = getQuery(event) as Record<string, unknown>;\n const preview = query.preview === \"1\" || query.preview === 1;\n return withOnboardingRequestContext(context, () =>\n serializeSteps(context, { preview }),\n );\n }\n\n // Override endpoint — POST /steps/:id/complete\n const [id, action] = trimmed.split(\"/\");\n if (action === \"complete\") {\n if (method !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n if (!id) {\n setResponseStatus(event, 400);\n return { error: \"id required\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n `${OVERRIDE_KEY_PREFIX}${id}`,\n { complete: true },\n { requestSource: \"agent\" },\n );\n return { ok: true, id };\n }\n\n // Unknown subroute — fall through to other middleware.\n return;\n }),\n );\n\n // POST /_agent-native/onboarding/dismiss\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/dismiss`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n DISMISSED_KEY,\n { dismissed: true, at: new Date().toISOString() },\n { requestSource: \"agent\" },\n );\n return { ok: true };\n }),\n );\n\n // POST /_agent-native/onboarding/reopen — clear dismissed flag\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/reopen`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n DISMISSED_KEY,\n { dismissed: false, at: new Date().toISOString() },\n { requestSource: \"agent\" },\n );\n return { ok: true };\n }),\n );\n\n // GET /_agent-native/onboarding/dismissed\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/dismissed`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const context = await resolveOnboardingContext(event);\n // On flaky networks (or transient Neon hiccups) the DB call below\n // can throw — return safe defaults so a transient connection error\n // doesn't surface as a 500 to the client.\n try {\n return await withOnboardingRequestContext(context, async () => {\n const value = await appStateGet(context.sessionId, DISMISSED_KEY);\n const dismissed = !!(\n value && (value as { dismissed?: boolean }).dismissed\n );\n const statuses = await serializeSteps(context);\n return {\n dismissed,\n allComplete: allRequiredComplete(statuses),\n };\n });\n } catch {\n return { dismissed: false, allComplete: false };\n }\n }),\n );\n };\n}\n\n/** Default plugin instance — mounted automatically when a template doesn't override. */\nexport const defaultOnboardingPlugin: NitroPluginDef = createOnboardingPlugin();\n"]}
package/dist/org/plugin.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/org/plugin.ts"],"names":[],"mappings":"AA+BA,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAI9D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,eAAe,IAAI,cAAc,CAiLhD;AAED;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,EAAE,cAAkC,CAAC"}
1
+ {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/org/plugin.ts"],"names":[],"mappings":"AAgCA,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAI9D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,eAAe,IAAI,cAAc,CAkLhD;AAED;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,EAAE,cAAkC,CAAC"}
package/dist/org/plugin.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { defineEventHandler, setResponseStatus, getMethod, getRequestURL, } from "h3";
2
- import { awaitBootstrap, getH3App, FRAMEWORK_PREFIX, } from "../server/framework-request-handler.js";
2
+ import { awaitBootstrap, getH3App, FRAMEWORK_PREFIX, markDefaultPluginProvided, } from "../server/framework-request-handler.js";
3
3
  import { runMigrations } from "../db/migrations.js";
4
4
  import { ORG_MIGRATIONS } from "./migrations.js";
5
5
  import { getMyOrgHandler, createOrgHandler, updateOrgHandler, switchOrgHandler, listMembersHandler, removeMemberHandler, listInvitationsHandler, createInvitationHandler, acceptInvitationHandler, joinByDomainHandler, setDomainHandler, setA2ASecretHandler, syncA2ASecretHandler, receiveA2ASecretHandler, } from "./handlers.js";
@@ -27,6 +27,7 @@ const ORG_PREFIX = `${FRAMEWORK_PREFIX}/org`;
27
27
  export function createOrgPlugin() {
28
28
  const migrate = runMigrations(ORG_MIGRATIONS, { table: "_org_migrations" });
29
29
  return async (nitroApp) => {
30
+ markDefaultPluginProvided(nitroApp, "org");
30
31
  await awaitBootstrap(nitroApp);
31
32
  await migrate(nitroApp);
32
33
  const app = getH3App(nitroApp);
package/dist/org/plugin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../../src/org/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,aAAa,GAEd,MAAM,IAAI,CAAC;AACZ,OAAO,EACL,cAAc,EACd,QAAQ,EACR,gBAAgB,GACjB,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,eAAe,CAAC;AAIvB,MAAM,UAAU,GAAG,GAAG,gBAAgB,MAAM,CAAC;AAE7C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,OAAO,GAAG,aAAa,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAE5E,OAAO,KAAK,EAAE,QAAa,EAAE,EAAE;QAC7B,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;QAExB,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE/B,UAAU;QACV,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,KAAK,EAClB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC,CAAC,CACH,CAAC;QAEF,qEAAqE;QACrE,uEAAuE;QACvE,mEAAmE;QACnE,EAAE;QACF,iEAAiE;QACjE,6DAA6D;QAC7D,gEAAgE;QAChE,mEAAmE;QACnE,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,UAAU,EACvB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;YAClD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,IAAI,KAAK,EAAE,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAChC,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;oBACrB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;YACD,kBAAkB;YAClB,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC,CAAC,CACH,CAAC;QAEF,2DAA2D;QAC3D,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,cAAc,EAC3B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;YAClD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,IAAI,KAAK,EAAE,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAChC,IAAI,MAAM,KAAK,KAAK;oBAAE,OAAO,sBAAsB,CAAC,KAAK,CAAC,CAAC;gBAC3D,IAAI,MAAM,KAAK,MAAM;oBAAE,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC;gBAC7D,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,sBAAsB;YACtB,IAAI,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACxC,CAAC;YACD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;QAChC,CAAC,CAAC,CACH,CAAC;QAEF,uBAAuB;QACvB,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,iBAAiB,EAC9B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC,CAAC,CACH,CAAC;QAEF,iEAAiE;QACjE,yEAAyE;QACzE,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,kBAAkB,EAC/B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC,CAAC,CACH,CAAC;QAEF,sEAAsE;QACtE,oEAAoE;QACpE,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,qBAAqB,EAClC,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CACH,CAAC;QAEF,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,wCAAwC;QACxC,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,aAAa,EAC1B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;YAClD,kEAAkE;YAClE,gEAAgE;YAChE,uDAAuD;YACvD,IACE,IAAI,KAAK,OAAO;gBAChB,IAAI,KAAK,QAAQ;gBACjB,IAAI,KAAK,UAAU;gBACnB,IAAI,KAAK,WAAW,EACpB,CAAC;gBACD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC,CAAC,CACH,CAAC;QAEF,cAAc;QACd,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,SAAS,EACtB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC,CAAC,CACH,CAAC;QAEF,cAAc;QACd,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,SAAS,EACtB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC,CAAC,CACH,CAAC;QAEF,4FAA4F;QAC5F,GAAG,CAAC,GAAG,CACL,UAAU,EACV,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,MAAM,KAAK,MAAM;gBAAE,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACtD,IAAI,MAAM,KAAK,OAAO;gBAAE,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACvD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAmB,eAAe,EAAE,CAAC","sourcesContent":["import {\n defineEventHandler,\n setResponseStatus,\n getMethod,\n getRequestURL,\n type H3Event,\n} from \"h3\";\nimport {\n awaitBootstrap,\n getH3App,\n FRAMEWORK_PREFIX,\n} from \"../server/framework-request-handler.js\";\nimport { runMigrations } from \"../db/migrations.js\";\nimport { ORG_MIGRATIONS } from \"./migrations.js\";\nimport {\n getMyOrgHandler,\n createOrgHandler,\n updateOrgHandler,\n switchOrgHandler,\n listMembersHandler,\n removeMemberHandler,\n listInvitationsHandler,\n createInvitationHandler,\n acceptInvitationHandler,\n joinByDomainHandler,\n setDomainHandler,\n setA2ASecretHandler,\n syncA2ASecretHandler,\n receiveA2ASecretHandler,\n} from \"./handlers.js\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nconst ORG_PREFIX = `${FRAMEWORK_PREFIX}/org`;\n\n/**\n * Mounts the org REST routes under `/_agent-native/org/*` and runs the org\n * module's migrations.\n *\n * Routes:\n * GET /_agent-native/org/me — current user's active org + invites\n * POST /_agent-native/org — create organization\n * PATCH /_agent-native/org — rename organization (owner/admin)\n * PUT /_agent-native/org/switch — switch active org\n * GET /_agent-native/org/members — list members of active org\n * DELETE /_agent-native/org/members/:email — remove member (owner/admin only)\n * GET /_agent-native/org/invitations — list pending invites\n * POST /_agent-native/org/invitations — invite by email\n * POST /_agent-native/org/invitations/:id/accept — accept an invitation\n * POST /_agent-native/org/join-by-domain — join org via email domain match\n * PUT /_agent-native/org/domain — set/clear allowed email domain (owner/admin)\n * PUT /_agent-native/org/a2a-secret — regenerate or set A2A secret (owner/admin)\n * POST /_agent-native/org/a2a-secret/sync — push secret to all connected apps (owner/admin)\n * POST /_agent-native/org/a2a-secret/receive — accept a peer's secret push (JWT-auth, no session)\n */\nexport function createOrgPlugin(): NitroPluginDef {\n const migrate = runMigrations(ORG_MIGRATIONS, { table: \"_org_migrations\" });\n\n return async (nitroApp: any) => {\n await awaitBootstrap(nitroApp);\n await migrate(nitroApp);\n\n const app = getH3App(nitroApp);\n\n // GET /me\n app.use(\n `${ORG_PREFIX}/me`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return getMyOrgHandler(event);\n }),\n );\n\n // /members and /members/:email — dispatch by path-tail + method in a\n // single handler so H3's prefix-based `app.use` doesn't route a DELETE\n // for /members/alice@example.com to the GET-only /members handler.\n //\n // NOTE: the framework request handler (packages/core/src/server/\n // framework-request-handler.ts) strips the mount prefix from\n // event.url.pathname before calling the handler, so inside here\n // `url.pathname` is ALREADY the tail relative to this mount point.\n app.use(\n `${ORG_PREFIX}/members`,\n defineEventHandler(async (event: H3Event) => {\n const tail = getRequestURL(event).pathname || \"/\";\n const method = getMethod(event);\n if (tail === \"\" || tail === \"/\") {\n if (method !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return listMembersHandler(event);\n }\n // Tail is /:email\n if (method !== \"DELETE\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return removeMemberHandler(event);\n }),\n );\n\n // /invitations and /invitations/:id/accept — same pattern.\n app.use(\n `${ORG_PREFIX}/invitations`,\n defineEventHandler(async (event: H3Event) => {\n const tail = getRequestURL(event).pathname || \"/\";\n const method = getMethod(event);\n if (tail === \"\" || tail === \"/\") {\n if (method === \"GET\") return listInvitationsHandler(event);\n if (method === \"POST\") return createInvitationHandler(event);\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n // Tail is /:id/accept\n if (/^\\/[^\\/]+\\/accept\\/?$/.test(tail)) {\n if (method !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return acceptInvitationHandler(event);\n }\n setResponseStatus(event, 404);\n return { error: \"Not found\" };\n }),\n );\n\n // POST /join-by-domain\n app.use(\n `${ORG_PREFIX}/join-by-domain`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return joinByDomainHandler(event);\n }),\n );\n\n // POST /a2a-secret/sync — must mount BEFORE /a2a-secret since h3\n // matches by prefix. Pushes the org's A2A secret to every connected app.\n app.use(\n `${ORG_PREFIX}/a2a-secret/sync`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return syncA2ASecretHandler(event);\n }),\n );\n\n // POST /a2a-secret/receive — must mount BEFORE /a2a-secret. Accepts a\n // peer's secret push; auth is JWT-based (see auth guard exemption).\n app.use(\n `${ORG_PREFIX}/a2a-secret/receive`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return receiveA2ASecretHandler(event);\n }),\n );\n\n // PUT /a2a-secret — must mount AFTER /a2a-secret/sync and /receive.\n // Dispatches by tail to keep PUT semantics on the parent path while\n // letting POST /a2a-secret return 405 (rather than silently routing\n // to the more-specific handlers above).\n app.use(\n `${ORG_PREFIX}/a2a-secret`,\n defineEventHandler(async (event: H3Event) => {\n const tail = getRequestURL(event).pathname || \"/\";\n // The sub-route handlers above intercept these tails first; if we\n // see them here it means the method didn't match (e.g. GET) and\n // we should 405 rather than fall into the PUT handler.\n if (\n tail === \"/sync\" ||\n tail === \"/sync/\" ||\n tail === \"/receive\" ||\n tail === \"/receive/\"\n ) {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n if (getMethod(event) !== \"PUT\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return setA2ASecretHandler(event);\n }),\n );\n\n // PUT /domain\n app.use(\n `${ORG_PREFIX}/domain`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"PUT\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return setDomainHandler(event);\n }),\n );\n\n // PUT /switch\n app.use(\n `${ORG_PREFIX}/switch`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"PUT\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return switchOrgHandler(event);\n }),\n );\n\n // POST / (create) + PATCH / (rename) — mounted last so the more specific routes match first\n app.use(\n ORG_PREFIX,\n defineEventHandler(async (event: H3Event) => {\n const method = getMethod(event);\n if (method === \"POST\") return createOrgHandler(event);\n if (method === \"PATCH\") return updateOrgHandler(event);\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }),\n );\n };\n}\n\n/**\n * Default org plugin — mount with no configuration needed.\n *\n * Auto-mounted by the framework when a template doesn't ship `server/plugins/org.ts`.\n * To override, create your own plugin file using `createOrgPlugin()` or a\n * completely custom implementation.\n */\nexport const defaultOrgPlugin: NitroPluginDef = createOrgPlugin();\n"]}
1
+ {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../../src/org/plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,SAAS,EACT,aAAa,GAEd,MAAM,IAAI,CAAC;AACZ,OAAO,EACL,cAAc,EACd,QAAQ,EACR,gBAAgB,EAChB,yBAAyB,GAC1B,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,EACvB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,eAAe,CAAC;AAIvB,MAAM,UAAU,GAAG,GAAG,gBAAgB,MAAM,CAAC;AAE7C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,OAAO,GAAG,aAAa,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAE5E,OAAO,KAAK,EAAE,QAAa,EAAE,EAAE;QAC7B,yBAAyB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAC3C,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC/B,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAC;QAExB,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE/B,UAAU;QACV,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,KAAK,EAClB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,eAAe,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC,CAAC,CACH,CAAC;QAEF,qEAAqE;QACrE,uEAAuE;QACvE,mEAAmE;QACnE,EAAE;QACF,iEAAiE;QACjE,6DAA6D;QAC7D,gEAAgE;QAChE,mEAAmE;QACnE,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,UAAU,EACvB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;YAClD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,IAAI,KAAK,EAAE,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAChC,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;oBACrB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;YACnC,CAAC;YACD,kBAAkB;YAClB,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACxB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC,CAAC,CACH,CAAC;QAEF,2DAA2D;QAC3D,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,cAAc,EAC3B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;YAClD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,IAAI,KAAK,EAAE,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;gBAChC,IAAI,MAAM,KAAK,KAAK;oBAAE,OAAO,sBAAsB,CAAC,KAAK,CAAC,CAAC;gBAC3D,IAAI,MAAM,KAAK,MAAM;oBAAE,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC;gBAC7D,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,sBAAsB;YACtB,IAAI,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC;YACxC,CAAC;YACD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;QAChC,CAAC,CAAC,CACH,CAAC;QAEF,uBAAuB;QACvB,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,iBAAiB,EAC9B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC,CAAC,CACH,CAAC;QAEF,iEAAiE;QACjE,yEAAyE;QACzE,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,kBAAkB,EAC/B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC,CAAC,CACH,CAAC;QAEF,sEAAsE;QACtE,oEAAoE;QACpE,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,qBAAqB,EAClC,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CACH,CAAC;QAEF,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,wCAAwC;QACxC,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,aAAa,EAC1B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,QAAQ,IAAI,GAAG,CAAC;YAClD,kEAAkE;YAClE,gEAAgE;YAChE,uDAAuD;YACvD,IACE,IAAI,KAAK,OAAO;gBAChB,IAAI,KAAK,QAAQ;gBACjB,IAAI,KAAK,UAAU;gBACnB,IAAI,KAAK,WAAW,EACpB,CAAC;gBACD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC;QACpC,CAAC,CAAC,CACH,CAAC;QAEF,cAAc;QACd,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,SAAS,EACtB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC,CAAC,CACH,CAAC;QAEF,cAAc;QACd,GAAG,CAAC,GAAG,CACL,GAAG,UAAU,SAAS,EACtB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACjC,CAAC,CAAC,CACH,CAAC;QAEF,4FAA4F;QAC5F,GAAG,CAAC,GAAG,CACL,UAAU,EACV,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,IAAI,MAAM,KAAK,MAAM;gBAAE,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACtD,IAAI,MAAM,KAAK,OAAO;gBAAE,OAAO,gBAAgB,CAAC,KAAK,CAAC,CAAC;YACvD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;QACzC,CAAC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAmB,eAAe,EAAE,CAAC","sourcesContent":["import {\n defineEventHandler,\n setResponseStatus,\n getMethod,\n getRequestURL,\n type H3Event,\n} from \"h3\";\nimport {\n awaitBootstrap,\n getH3App,\n FRAMEWORK_PREFIX,\n markDefaultPluginProvided,\n} from \"../server/framework-request-handler.js\";\nimport { runMigrations } from \"../db/migrations.js\";\nimport { ORG_MIGRATIONS } from \"./migrations.js\";\nimport {\n getMyOrgHandler,\n createOrgHandler,\n updateOrgHandler,\n switchOrgHandler,\n listMembersHandler,\n removeMemberHandler,\n listInvitationsHandler,\n createInvitationHandler,\n acceptInvitationHandler,\n joinByDomainHandler,\n setDomainHandler,\n setA2ASecretHandler,\n syncA2ASecretHandler,\n receiveA2ASecretHandler,\n} from \"./handlers.js\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nconst ORG_PREFIX = `${FRAMEWORK_PREFIX}/org`;\n\n/**\n * Mounts the org REST routes under `/_agent-native/org/*` and runs the org\n * module's migrations.\n *\n * Routes:\n * GET /_agent-native/org/me — current user's active org + invites\n * POST /_agent-native/org — create organization\n * PATCH /_agent-native/org — rename organization (owner/admin)\n * PUT /_agent-native/org/switch — switch active org\n * GET /_agent-native/org/members — list members of active org\n * DELETE /_agent-native/org/members/:email — remove member (owner/admin only)\n * GET /_agent-native/org/invitations — list pending invites\n * POST /_agent-native/org/invitations — invite by email\n * POST /_agent-native/org/invitations/:id/accept — accept an invitation\n * POST /_agent-native/org/join-by-domain — join org via email domain match\n * PUT /_agent-native/org/domain — set/clear allowed email domain (owner/admin)\n * PUT /_agent-native/org/a2a-secret — regenerate or set A2A secret (owner/admin)\n * POST /_agent-native/org/a2a-secret/sync — push secret to all connected apps (owner/admin)\n * POST /_agent-native/org/a2a-secret/receive — accept a peer's secret push (JWT-auth, no session)\n */\nexport function createOrgPlugin(): NitroPluginDef {\n const migrate = runMigrations(ORG_MIGRATIONS, { table: \"_org_migrations\" });\n\n return async (nitroApp: any) => {\n markDefaultPluginProvided(nitroApp, \"org\");\n await awaitBootstrap(nitroApp);\n await migrate(nitroApp);\n\n const app = getH3App(nitroApp);\n\n // GET /me\n app.use(\n `${ORG_PREFIX}/me`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return getMyOrgHandler(event);\n }),\n );\n\n // /members and /members/:email — dispatch by path-tail + method in a\n // single handler so H3's prefix-based `app.use` doesn't route a DELETE\n // for /members/alice@example.com to the GET-only /members handler.\n //\n // NOTE: the framework request handler (packages/core/src/server/\n // framework-request-handler.ts) strips the mount prefix from\n // event.url.pathname before calling the handler, so inside here\n // `url.pathname` is ALREADY the tail relative to this mount point.\n app.use(\n `${ORG_PREFIX}/members`,\n defineEventHandler(async (event: H3Event) => {\n const tail = getRequestURL(event).pathname || \"/\";\n const method = getMethod(event);\n if (tail === \"\" || tail === \"/\") {\n if (method !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return listMembersHandler(event);\n }\n // Tail is /:email\n if (method !== \"DELETE\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return removeMemberHandler(event);\n }),\n );\n\n // /invitations and /invitations/:id/accept — same pattern.\n app.use(\n `${ORG_PREFIX}/invitations`,\n defineEventHandler(async (event: H3Event) => {\n const tail = getRequestURL(event).pathname || \"/\";\n const method = getMethod(event);\n if (tail === \"\" || tail === \"/\") {\n if (method === \"GET\") return listInvitationsHandler(event);\n if (method === \"POST\") return createInvitationHandler(event);\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n // Tail is /:id/accept\n if (/^\\/[^\\/]+\\/accept\\/?$/.test(tail)) {\n if (method !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return acceptInvitationHandler(event);\n }\n setResponseStatus(event, 404);\n return { error: \"Not found\" };\n }),\n );\n\n // POST /join-by-domain\n app.use(\n `${ORG_PREFIX}/join-by-domain`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return joinByDomainHandler(event);\n }),\n );\n\n // POST /a2a-secret/sync — must mount BEFORE /a2a-secret since h3\n // matches by prefix. Pushes the org's A2A secret to every connected app.\n app.use(\n `${ORG_PREFIX}/a2a-secret/sync`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return syncA2ASecretHandler(event);\n }),\n );\n\n // POST /a2a-secret/receive — must mount BEFORE /a2a-secret. Accepts a\n // peer's secret push; auth is JWT-based (see auth guard exemption).\n app.use(\n `${ORG_PREFIX}/a2a-secret/receive`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return receiveA2ASecretHandler(event);\n }),\n );\n\n // PUT /a2a-secret — must mount AFTER /a2a-secret/sync and /receive.\n // Dispatches by tail to keep PUT semantics on the parent path while\n // letting POST /a2a-secret return 405 (rather than silently routing\n // to the more-specific handlers above).\n app.use(\n `${ORG_PREFIX}/a2a-secret`,\n defineEventHandler(async (event: H3Event) => {\n const tail = getRequestURL(event).pathname || \"/\";\n // The sub-route handlers above intercept these tails first; if we\n // see them here it means the method didn't match (e.g. GET) and\n // we should 405 rather than fall into the PUT handler.\n if (\n tail === \"/sync\" ||\n tail === \"/sync/\" ||\n tail === \"/receive\" ||\n tail === \"/receive/\"\n ) {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n if (getMethod(event) !== \"PUT\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return setA2ASecretHandler(event);\n }),\n );\n\n // PUT /domain\n app.use(\n `${ORG_PREFIX}/domain`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"PUT\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return setDomainHandler(event);\n }),\n );\n\n // PUT /switch\n app.use(\n `${ORG_PREFIX}/switch`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"PUT\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n return switchOrgHandler(event);\n }),\n );\n\n // POST / (create) + PATCH / (rename) — mounted last so the more specific routes match first\n app.use(\n ORG_PREFIX,\n defineEventHandler(async (event: H3Event) => {\n const method = getMethod(event);\n if (method === \"POST\") return createOrgHandler(event);\n if (method === \"PATCH\") return updateOrgHandler(event);\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }),\n );\n };\n}\n\n/**\n * Default org plugin — mount with no configuration needed.\n *\n * Auto-mounted by the framework when a template doesn't ship `server/plugins/org.ts`.\n * To override, create your own plugin file using `createOrgPlugin()` or a\n * completely custom implementation.\n */\nexport const defaultOrgPlugin: NitroPluginDef = createOrgPlugin();\n"]}
package/dist/scripts/call-agent.js CHANGED
@@ -79,8 +79,8 @@ export async function run(args, context, selfAppId) {
79
79
  // deployment, no redeploy required.
80
80
  const messageWithHint = `${message}\n\n` +
81
81
  `[Note: this request comes from another app via A2A. The caller cannot see your local UI, deck list, or navigation — only the literal text you put in your reply. ` +
82
- `If you create or reference a deck/document/dashboard, include its FULLY-QUALIFIED URL (e.g. ${agent.url}/deck/<id>) in your reply, not a relative path. ` +
83
- `Use only IDs returned by your own actions — never invent slugs or hosts.]`;
82
+ `If you create or reference a deck/document/design/dashboard, include its FULLY-QUALIFIED URL (e.g. ${agent.url}/deck/<id>) in your reply, not a relative path. ` +
83
+ `Use only artifact IDs and URL paths returned by successful actions — never invent slugs, IDs, or hosts.]`;
84
84
  try {
85
85
  // If we have a send context, use streaming so the UI shows progressive text
86
86
  if (context?.send) {
package/dist/scripts/call-agent.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"call-agent.js","sourceRoot":"","sources":["../../src/scripts/call-agent.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EACL,SAAS,EACT,mBAAmB,EACnB,SAAS,EACT,YAAY,GACb,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,8BAA8B,EAAE,MAAM,4CAA4C,CAAC;AAC5F,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,0BAA0B,EAC1B,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAElE,MAAM,6CAA6C,GAAG,MAAM,CAAC;AAC7D,MAAM,kCAAkC,GAAG,MAAM,CAAC;AAClD,MAAM,yBAAyB,GAAG,KAAK,CAAC;AAExC,SAAS,cAAc,CAAC,KAAyB;IAC/C,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9D,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,gBAAgB;IACvB,2EAA2E;IAC3E,8EAA8E;IAC9E,qEAAqE;IACrE,OAAO,CACL,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO;QACrB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACtC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM;QACpB,UAAU,IAAI,UAAU,CACzB,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B;IAClC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,0BAA0B,EAAE;QAAE,OAAO,SAAS,CAAC;IAE3E,MAAM,UAAU,GAAG,cAAc,CAC/B,OAAO,CAAC,GAAG,CAAC,uCAAuC,CACpD,CAAC;IACF,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,UAAU,CAAC;IAEhD,2EAA2E;IAC3E,0EAA0E;IAC1E,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO;QAAE,OAAO,kCAAkC,CAAC;IAEnE,OAAO,6CAA6C,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,MAAM,IAAI,GAAe;IAC9B,WAAW,EACT,+WAA+W;QAC/W,qCAAqC;QACrC,qMAAqM;QACrM,wQAAwQ;IAC1Q,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EACT,+HAA+H;aAClI;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,iDAAiD;aAC/D;SACF;QACD,QAAQ,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC;KAC/B;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,IAA4B,EAC5B,OAA0B,EAC1B,SAAkB;IAElB,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAE/C,IAAI,CAAC,aAAa;QAAE,OAAO,4BAA4B,CAAC;IACxD,IAAI,CAAC,OAAO;QAAE,OAAO,8BAA8B,CAAC;IAEpD,2EAA2E;IAC3E,IAAI,SAAS,IAAI,aAAa,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC;QACzE,OAAO,sDAAsD,SAAS,6HAA6H,CAAC;IACtM,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,SAAS,GAAG,CAAC,MAAM,cAAc,CAAC,SAAS,CAAC,CAAC;aAChD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;aAClB,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,iBAAiB,aAAa,kCAAkC,SAAS,IAAI,QAAQ,EAAE,CAAC;IACjG,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,sEAAsE;IACtE,uEAAuE;IACvE,oCAAoC;IACpC,MAAM,eAAe,GACnB,GAAG,OAAO,MAAM;QAChB,mKAAmK;QACnK,+FAA+F,KAAK,CAAC,GAAG,kDAAkD;QAC1J,2EAA2E,CAAC;IAE9E,IAAI,CAAC;QACH,4EAA4E;QAC5E,IAAI,OAAO,EAAE,IAAI,EAAE,CAAC;YAClB,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC;YAE1C,+BAA+B;YAC/B,MAAM,WAAW,GAA4B,EAAE,CAAC;YAChD,IAAI,WAAW;gBAAE,WAAW,CAAC,SAAS,GAAG,WAAW,CAAC;YAErD,kDAAkD;YAClD,IAAI,eAAmC,CAAC;YACxC,IAAI,eAAmC,CAAC;YACxC,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;YAChC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC;oBACzC,IAAI,MAAM,EAAE,CAAC;wBACX,eAAe,GAAG,MAAM,CAAC;wBACzB,WAAW,CAAC,SAAS,GAAG,MAAM,CAAC;oBACjC,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;gBACV,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,CAAC;oBAC5C,IAAI,MAAM;wBAAE,eAAe,GAAG,MAAM,CAAC;gBACvC,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YAED,+DAA+D;YAC/D,IAAI,MAA0B,CAAC;YAC/B,IAAI,WAAW,IAAI,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/D,IAAI,CAAC;oBACH,MAAM,GAAG,MAAM,YAAY,CACzB,WAAW,EACX,eAAe,EACf,eAAe,EACf;wBACE,SAAS,EAAE,yBAAyB;wBACpC,kBAAkB,EAAE,IAAI;qBACzB,CACF,CAAC;gBACJ,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAEhD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,WAAW,EAAE,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,EAAE,wBAAwB,EAAE,GAChC,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;oBAC3C,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAC7C,QAAQ,EACR,WAAW,CACZ,CAAC;oBACF,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC;oBACnC,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;wBACzB,WAAW,CAAC,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;oBAChD,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YAED,IAAI,YAAY,GAAG,EAAE,CAAC;YACtB,IAAI,cAAc,GAAG,CAAC,CAAC;YAEvB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,MAAM,EAAE,OAAO;aAChB,CAAC,CAAC;YAEH,MAAM,WAAW,GAAG,CAAC,OAAe,EAAE,EAAE;gBACtC,IAAI,OAAO,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;oBACpC,OAAO,CAAC,IAAK,CAAC;wBACZ,IAAI,EAAE,iBAAiB;wBACvB,KAAK,EAAE,KAAK,CAAC,IAAI;wBACjB,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC;qBACpC,CAAC,CAAC;oBACH,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;gBAClC,CAAC;gBACD,YAAY,GAAG,OAAO,CAAC;YACzB,CAAC,CAAC;YAEF,kEAAkE;YAClE,kEAAkE;YAClE,sEAAsE;YACtE,qEAAqE;YACrE,sEAAsE;YACtE,qEAAqE;YACrE,wEAAwE;YACxE,qEAAqE;YACrE,iEAAiE;YACjE,sEAAsE;YACtE,wEAAwE;YACxE,+BAA+B;YAC/B,IAAI,CAAC;gBACH,+DAA+D;gBAC/D,mEAAmE;gBACnE,qEAAqE;gBACrE,qEAAqE;gBACrE,MAAM,aAAa,GAAG,2BAA2B,EAAE,CAAC;gBACpD,YAAY,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,eAAe,EAAE;oBACzD,MAAM;oBACN,SAAS,EAAE,WAAW;oBACtB,SAAS,EAAE,eAAe;oBAC1B,SAAS,EAAE,eAAe;oBAC1B,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACvD,CAAC,CAAC;gBACH,2DAA2D;gBAC3D,iEAAiE;gBACjE,uEAAuE;gBACvE,uEAAuE;gBACvE,YAAY,GAAG,kBAAkB,CAAC,YAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3D,iEAAiE;gBACjE,IAAI,YAAY;oBAAE,WAAW,CAAC,YAAY,CAAC,CAAC;YAC9C,CAAC;YAAC,OAAO,OAAY,EAAE,CAAC;gBACtB,IAAI,OAAO,YAAY,mBAAmB,EAAE,CAAC;oBAC3C,MAAM,MAAM,GAAG,MAAM,wCAAwC,CAC3D,OAAO,EACP,KAAK,EACL,WAAW,CACZ,CAAC;oBACF,IAAI,MAAM,EAAE,CAAC;wBACX,YAAY,GAAG,GAAG,8BAA8B,SAAS,KAAK,CAAC,IAAI,yJAAyJ,CAAC;oBAC/N,CAAC;yBAAM,CAAC;wBACN,MAAM,MAAM,GAAG,OAAO,EAAE,OAAO,IAAI,eAAe,CAAC;wBACnD,YAAY,GAAG,OAAO,KAAK,CAAC,IAAI,oEAAoE,MAAM,GAAG,CAAC;oBAChH,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,MAAM,GAAG,OAAO,EAAE,OAAO,IAAI,eAAe,CAAC;oBACnD,YAAY,GAAG,OAAO,KAAK,CAAC,IAAI,oEAAoE,MAAM,GAAG,CAAC;gBAChH,CAAC;YACH,CAAC;YAED,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,OAAO,YAAY,IAAI,kBAAkB,CAAC;QAC5C,CAAC;QAED,wEAAwE;QACxE,uEAAuE;QACvE,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;QACpC,IAAI,MAA0B,CAAC;QAC/B,IAAI,SAA6B,CAAC;QAClC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;YACV,IAAI,CAAC;gBACH,SAAS,GAAG,CAAC,MAAM,eAAe,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC;YACjE,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACZ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,eAAe,EAAE;YAC3D,SAAS,EAAE,KAAK;YAChB,SAAS,EAAE,MAAM;YACjB,SAAS;SACV,CAAC,CAAC;QACH,OAAO,kBAAkB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC;IACvE,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;QACxC,0EAA0E;QAC1E,sCAAsC;QACtC,IAAI,0CAA0C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACzD,OAAO,OAAO,KAAK,CAAC,IAAI,gGAAgG,KAAK,CAAC,IAAI,gBAAgB,CAAC;QACrJ,CAAC;QACD,OAAO,iBAAiB,KAAK,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;IAC/C,CAAC;AACH,CAAC;AAED,KAAK,UAAU,wCAAwC,CACrD,KAA0B,EAC1B,KAAoC,EACpC,UAA8B;IAE9B,MAAM,WAAW,GAAG,4BAA4B,EAAE,CAAC;IACnD,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,CAAC,EAAE,qBAAqB,EAAE,EAAE,EAAE,uBAAuB,EAAE,CAAC,GAC5D,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,MAAM,CAAC,4CAA4C,CAAC;YACpD,MAAM,CAAC,+CAA+C,CAAC;SACxD,CAAC,CAAC;QACL,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAAC;YAC/C,iBAAiB,EAAE,WAAW,CAAC,MAAM;YACrC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,QAAQ;YACvC,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,gBAAgB;YACvD,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,cAAc,EAAE,WAAW,CAAC,cAAc;YAC1C,UAAU;YACV,KAAK,EAAE,eAAe,EAAE,IAAI,IAAI;YAChC,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,QAAQ,EAAE,KAAK,CAAC,GAAG;YACnB,SAAS,EAAE,KAAK,CAAC,MAAM;YACvB,oEAAoE;YACpE,+DAA+D;YAC/D,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QACH,MAAM,uBAAuB,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YAC3D,OAAO,CAAC,KAAK,CACX,oDAAoD,YAAY,CAAC,EAAE,GAAG,EACtE,GAAG,CACJ,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,kDAAkD,EAAE,GAAG,CAAC,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,8EAA8E;AAC9E,6EAA6E;AAC7E,2EAA2E;AAC3E,4EAA4E;AAC5E,4CAA4C;AAC5C,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,QAAgB;IAC/D,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACzC,4EAA4E;IAC5E,8EAA8E;IAC9E,OAAO,IAAI,CAAC,OAAO,CACjB,qDAAqD,EACrD,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,CAChD,CAAC;AACJ,CAAC","sourcesContent":["import type { ActionTool } from \"../agent/types.js\";\nimport type { ActionRunContext } from \"../agent/production-agent.js\";\nimport { findAgent, discoverAgents } from \"../server/agent-discovery.js\";\nimport {\n A2AClient,\n A2ATaskTimeoutError,\n callAgent,\n signA2AToken,\n} from \"../a2a/client.js\";\nimport { A2A_CONTINUATION_QUEUED_MARKER } from \"../integrations/a2a-continuation-marker.js\";\nimport {\n getRequestUserEmail,\n getRequestOrgId,\n isIntegrationCallerRequest,\n getIntegrationRequestContext,\n} from \"../server/request-context.js\";\nimport { getOrgDomain, getOrgA2ASecret } from \"../org/context.js\";\n\nconst DEFAULT_SERVERLESS_INTEGRATION_A2A_TIMEOUT_MS = 18_000;\nconst NETLIFY_INTEGRATION_A2A_TIMEOUT_MS = 50_000;\nconst INTEGRATION_A2A_TOKEN_TTL = \"30m\";\n\nfunction parseTimeoutMs(value: string | undefined): number | undefined {\n if (!value) return undefined;\n const parsed = Number(value);\n if (!Number.isFinite(parsed) || parsed <= 0) return undefined;\n return Math.floor(parsed);\n}\n\nfunction isServerlessHost(): boolean {\n // Detection mirrors db/migrations.ts:297-301. On Cloudflare Workers/Pages,\n // `process.env` is shimmed and CF_PAGES isn't reliably populated at runtime —\n // the canonical signal is the `__cf_env` global injected by workerd.\n return (\n !!process.env.NETLIFY ||\n !!process.env.AWS_LAMBDA_FUNCTION_NAME ||\n !!process.env.VERCEL ||\n \"__cf_env\" in globalThis\n );\n}\n\nfunction getIntegrationCallTimeoutMs(): number | undefined {\n if (!isServerlessHost() || !isIntegrationCallerRequest()) return undefined;\n\n const configured = parseTimeoutMs(\n process.env.AGENT_NATIVE_INTEGRATION_A2A_TIMEOUT_MS,\n );\n if (configured !== undefined) return configured;\n\n // Netlify's current synchronous function budget is 60s, but leave room for\n // cold start, polling overhead, and the caller's final platform response.\n if (process.env.NETLIFY) return NETLIFY_INTEGRATION_A2A_TIMEOUT_MS;\n\n return DEFAULT_SERVERLESS_INTEGRATION_A2A_TIMEOUT_MS;\n}\n\nexport const tool: ActionTool = {\n description:\n \"Call a DIFFERENT, separately-deployed agent app to ask a question or delegate a task. This is strictly for cross-app A2A communication — for example, asking the mail agent to send an email while you are the calendar agent. NEVER use this to call your own app or perform actions you can do with your own tools. Using call-agent on yourself will fail and waste time. \" +\n \"IMPORTANT — handling the response: \" +\n \"(a) If it contains a URL or ID, copy it VERBATIM into your reply. Do not 'correct' or pluralize the path (e.g. /deck/ → /decks/), normalize casing, or change the slug — any edit breaks the link. \" +\n '(b) If it does NOT contain a URL/ID and the user asked for one, say so explicitly (e.g. \"the agent created the deck but didn\\'t return a link — open the app directly to view it\"). NEVER invent a URL, slug, or path — guessing produces broken links that look real.',\n parameters: {\n type: \"object\",\n properties: {\n agent: {\n type: \"string\",\n description:\n \"Name or URL of a DIFFERENT deployed agent app (e.g. 'mail', 'calendar', 'analytics'). Must not be the current app's own name.\",\n },\n message: {\n type: \"string\",\n description: \"The message/question to send to the other agent\",\n },\n },\n required: [\"agent\", \"message\"],\n },\n};\n\nexport async function run(\n args: Record<string, string>,\n context?: ActionRunContext,\n selfAppId?: string,\n): Promise<string> {\n const { agent: agentIdOrName, message } = args;\n\n if (!agentIdOrName) return \"Error: --agent is required\";\n if (!message) return \"Error: --message is required\";\n\n // Prevent self-calls — the agent must use its own registered tools instead\n if (selfAppId && agentIdOrName.toLowerCase() === selfAppId.toLowerCase()) {\n return `Error: You cannot use call-agent to call yourself (${selfAppId}). Use your own registered actions/tools instead. call-agent is only for communicating with OTHER separately-deployed apps.`;\n }\n\n const agent = await findAgent(agentIdOrName, selfAppId);\n if (!agent) {\n const available = (await discoverAgents(selfAppId))\n .map((a) => a.name)\n .join(\", \");\n return `Error: Agent \"${agentIdOrName}\" not found. Available agents: ${available || \"(none)\"}`;\n }\n\n // Append a small cross-app hint to the outgoing message so the receiving\n // agent (which may be on an older deploy without the receiver-side hint\n // in handlers.ts) still emits fully-qualified URLs. This is belt-and-\n // suspenders with the receiver hint — but it works against any current\n // deployment, no redeploy required.\n const messageWithHint =\n `${message}\\n\\n` +\n `[Note: this request comes from another app via A2A. The caller cannot see your local UI, deck list, or navigation — only the literal text you put in your reply. ` +\n `If you create or reference a deck/document/dashboard, include its FULLY-QUALIFIED URL (e.g. ${agent.url}/deck/<id>) in your reply, not a relative path. ` +\n `Use only IDs returned by your own actions — never invent slugs or hosts.]`;\n\n try {\n // If we have a send context, use streaming so the UI shows progressive text\n if (context?.send) {\n const callerEmail = getRequestUserEmail();\n\n // Build metadata with identity\n const a2aMetadata: Record<string, unknown> = {};\n if (callerEmail) a2aMetadata.userEmail = callerEmail;\n\n // Include org domain for cross-app org resolution\n let callerOrgDomain: string | undefined;\n let callerOrgSecret: string | undefined;\n const orgId = getRequestOrgId();\n if (orgId) {\n try {\n const domain = await getOrgDomain(orgId);\n if (domain) {\n callerOrgDomain = domain;\n a2aMetadata.orgDomain = domain;\n }\n } catch {}\n try {\n const secret = await getOrgA2ASecret(orgId);\n if (secret) callerOrgSecret = secret;\n } catch {}\n }\n\n // Sign JWT with identity + org domain for the streaming client\n let apiKey: string | undefined;\n if (callerEmail && (callerOrgSecret || process.env.A2A_SECRET)) {\n try {\n apiKey = await signA2AToken(\n callerEmail,\n callerOrgDomain,\n callerOrgSecret,\n {\n expiresIn: INTEGRATION_A2A_TOKEN_TTL,\n preferGlobalSecret: true,\n },\n );\n } catch {}\n }\n\n const client = new A2AClient(agent.url, apiKey);\n\n if (process.env.NODE_ENV === \"production\" && callerEmail) {\n try {\n const { listOAuthAccountsByOwner } =\n await import(\"../oauth-tokens/store.js\");\n const accounts = await listOAuthAccountsByOwner(\n \"google\",\n callerEmail,\n );\n const tokens = accounts[0]?.tokens;\n if (tokens?.access_token) {\n a2aMetadata.googleToken = tokens.access_token;\n }\n } catch {}\n }\n\n let responseText = \"\";\n let lastSentLength = 0;\n\n context.send({\n type: \"agent_call\",\n agent: agent.name,\n status: \"start\",\n });\n\n const emitNewText = (newText: string) => {\n if (newText.length > lastSentLength) {\n context.send!({\n type: \"agent_call_text\",\n agent: agent.name,\n text: newText.slice(lastSentLength),\n });\n lastSentLength = newText.length;\n }\n responseText = newText;\n };\n\n // Skip the SSE streaming attempt and go straight to async + poll.\n // Why: on Netlify (Lambda), the receiving server has no streaming\n // response support, so message/stream returns a single JSON-RPC error\n // body in a 200 response that our SSE parser silently consumes — the\n // `for await` loop yields nothing AND keeps the connection open until\n // the function timeout, eating the current serverless budget. By the\n // time we get to the sync fallback, Lambda is dead and the second fetch\n // errors out as \"fetch failed\". Async+poll has its own short fetches\n // with their own budgets, so it works reliably across hosts. The\n // trade-off is we lose progressive in-UI text streaming for cross-app\n // A2A calls, but the receiving agent's full response still surfaces via\n // the tool_result event below.\n try {\n // Apply a polling cap ONLY for integration-platform callers on\n // serverless hosts. Normal chat, local Node, self-hosted Node, and\n // Docker can wait for slow-but-valid answers; integration processors\n // still need to finish before their current function execution dies.\n const callTimeoutMs = getIntegrationCallTimeoutMs();\n responseText = await callAgent(agent.url, messageWithHint, {\n apiKey,\n userEmail: callerEmail,\n orgDomain: callerOrgDomain,\n orgSecret: callerOrgSecret,\n ...(callTimeoutMs ? { timeoutMs: callTimeoutMs } : {}),\n });\n // Some agents reply with relative paths (e.g. slides emits\n // \"/deck/abc\"). Those resolve against the caller's host, not the\n // receiver's, so they're broken for the user. Expand any leading-slash\n // URL into a fully-qualified one rooted at the receiving agent's host.\n responseText = expandRelativeUrls(responseText, agent.url);\n // Mirror the response into the streaming UI so the user sees it.\n if (responseText) emitNewText(responseText);\n } catch (pollErr: any) {\n if (pollErr instanceof A2ATaskTimeoutError) {\n const queued = await enqueueIntegrationContinuationIfPossible(\n pollErr,\n agent,\n callerEmail,\n );\n if (queued) {\n responseText = `${A2A_CONTINUATION_QUEUED_MARKER}\\nThe ${agent.name} agent is still working. Do not send an interim reply to the user; the final result will be posted to the originating integration thread automatically.`;\n } else {\n const reason = pollErr?.message ?? \"unknown error\";\n responseText = `The ${agent.name} agent is taking longer than expected and didn't reply in time. (${reason})`;\n }\n } else {\n const reason = pollErr?.message ?? \"unknown error\";\n responseText = `The ${agent.name} agent is taking longer than expected and didn't reply in time. (${reason})`;\n }\n }\n\n context.send({\n type: \"agent_call\",\n agent: agent.name,\n status: \"done\",\n });\n\n return responseText || \"(empty response)\";\n }\n\n // No context — use the async + poll call so we don't get cut off at the\n // serverless gateway's ~30s timeout. callAgent defaults to async:true.\n const email = getRequestUserEmail();\n let domain: string | undefined;\n let orgSecret: string | undefined;\n const currentOrgId = getRequestOrgId();\n if (currentOrgId) {\n try {\n domain = (await getOrgDomain(currentOrgId)) ?? undefined;\n } catch {}\n try {\n orgSecret = (await getOrgA2ASecret(currentOrgId)) ?? undefined;\n } catch {}\n }\n const response = await callAgent(agent.url, messageWithHint, {\n userEmail: email,\n orgDomain: domain,\n orgSecret,\n });\n return expandRelativeUrls(response, agent.url) || \"(empty response)\";\n } catch (err: any) {\n const msg = err?.message ?? String(err);\n // Friendlier message for the common timeout case so the calling agent can\n // decide whether to give up or retry.\n if (/timeout|did not complete|Inactivity|504/i.test(msg)) {\n return `The ${agent.name} agent is taking longer than expected. Please try again, ask a simpler question, or open the ${agent.name} app directly.`;\n }\n return `Error calling ${agent.name}: ${msg}`;\n }\n}\n\nasync function enqueueIntegrationContinuationIfPossible(\n error: A2ATaskTimeoutError,\n agent: { name: string; url: string },\n ownerEmail: string | undefined,\n): Promise<boolean> {\n const integration = getIntegrationRequestContext();\n if (!integration || !ownerEmail) return false;\n\n try {\n const [{ insertA2AContinuation }, { dispatchA2AContinuation }] =\n await Promise.all([\n import(\"../integrations/a2a-continuations-store.js\"),\n import(\"../integrations/a2a-continuation-processor.js\"),\n ]);\n const continuation = await insertA2AContinuation({\n integrationTaskId: integration.taskId,\n platform: integration.incoming.platform,\n externalThreadId: integration.incoming.externalThreadId,\n incoming: integration.incoming,\n placeholderRef: integration.placeholderRef,\n ownerEmail,\n orgId: getRequestOrgId() ?? null,\n agentName: agent.name,\n agentUrl: agent.url,\n a2aTaskId: error.taskId,\n // Do not persist the short-lived JWT used for the initial send. The\n // continuation processor can mint a fresh token for each poll.\n a2aAuthToken: null,\n });\n await dispatchA2AContinuation(continuation.id).catch((err) => {\n console.error(\n `[call-agent] Failed to dispatch A2A continuation ${continuation.id}:`,\n err,\n );\n });\n return true;\n } catch (err) {\n console.error(\"[call-agent] Failed to enqueue A2A continuation:\", err);\n return false;\n }\n}\n\n// Expand bare leading-slash paths (e.g. \"/deck/abc\") into fully-qualified URLs\n// rooted at the receiving agent's host. The receiver doesn't always know it's\n// being called cross-app, so it may emit relative paths that resolve against\n// the caller's host (broken). Match a path that starts at a word boundary,\n// begins with `/`, and has at least one path segment after that. Skip if it\n// already looks like a fully-qualified URL.\nexport function expandRelativeUrls(text: string, agentUrl: string): string {\n if (!text || !agentUrl) return text;\n const base = agentUrl.replace(/\\/$/, \"\");\n // Path must start at boundary (start, whitespace, or punctuation that isn't\n // ':' — to avoid mangling `https://example.com/foo` or markdown link bodies).\n return text.replace(\n /(^|[\\s(\\[<\"'`])(\\/[a-z0-9_-][a-z0-9_/?&=%#.,:-]*)/gi,\n (_match, lead, path) => `${lead}${base}${path}`,\n );\n}\n"]}
1
+ {"version":3,"file":"call-agent.js","sourceRoot":"","sources":["../../src/scripts/call-agent.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AACzE,OAAO,EACL,SAAS,EACT,mBAAmB,EACnB,SAAS,EACT,YAAY,GACb,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,8BAA8B,EAAE,MAAM,4CAA4C,CAAC;AAC5F,OAAO,EACL,mBAAmB,EACnB,eAAe,EACf,0BAA0B,EAC1B,4BAA4B,GAC7B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAElE,MAAM,6CAA6C,GAAG,MAAM,CAAC;AAC7D,MAAM,kCAAkC,GAAG,MAAM,CAAC;AAClD,MAAM,yBAAyB,GAAG,KAAK,CAAC;AAExC,SAAS,cAAc,CAAC,KAAyB;IAC/C,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9D,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,gBAAgB;IACvB,2EAA2E;IAC3E,8EAA8E;IAC9E,qEAAqE;IACrE,OAAO,CACL,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO;QACrB,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACtC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM;QACpB,UAAU,IAAI,UAAU,CACzB,CAAC;AACJ,CAAC;AAED,SAAS,2BAA2B;IAClC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,0BAA0B,EAAE;QAAE,OAAO,SAAS,CAAC;IAE3E,MAAM,UAAU,GAAG,cAAc,CAC/B,OAAO,CAAC,GAAG,CAAC,uCAAuC,CACpD,CAAC;IACF,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,UAAU,CAAC;IAEhD,2EAA2E;IAC3E,0EAA0E;IAC1E,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO;QAAE,OAAO,kCAAkC,CAAC;IAEnE,OAAO,6CAA6C,CAAC;AACvD,CAAC;AAED,MAAM,CAAC,MAAM,IAAI,GAAe;IAC9B,WAAW,EACT,+WAA+W;QAC/W,qCAAqC;QACrC,qMAAqM;QACrM,wQAAwQ;IAC1Q,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ;QACd,UAAU,EAAE;YACV,KAAK,EAAE;gBACL,IAAI,EAAE,QAAQ;gBACd,WAAW,EACT,+HAA+H;aAClI;YACD,OAAO,EAAE;gBACP,IAAI,EAAE,QAAQ;gBACd,WAAW,EAAE,iDAAiD;aAC/D;SACF;QACD,QAAQ,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC;KAC/B;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,IAA4B,EAC5B,OAA0B,EAC1B,SAAkB;IAElB,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IAE/C,IAAI,CAAC,aAAa;QAAE,OAAO,4BAA4B,CAAC;IACxD,IAAI,CAAC,OAAO;QAAE,OAAO,8BAA8B,CAAC;IAEpD,2EAA2E;IAC3E,IAAI,SAAS,IAAI,aAAa,CAAC,WAAW,EAAE,KAAK,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC;QACzE,OAAO,sDAAsD,SAAS,6HAA6H,CAAC;IACtM,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IACxD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,SAAS,GAAG,CAAC,MAAM,cAAc,CAAC,SAAS,CAAC,CAAC;aAChD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;aAClB,IAAI,CAAC,IAAI,CAAC,CAAC;QACd,OAAO,iBAAiB,aAAa,kCAAkC,SAAS,IAAI,QAAQ,EAAE,CAAC;IACjG,CAAC;IAED,yEAAyE;IACzE,wEAAwE;IACxE,sEAAsE;IACtE,uEAAuE;IACvE,oCAAoC;IACpC,MAAM,eAAe,GACnB,GAAG,OAAO,MAAM;QAChB,mKAAmK;QACnK,sGAAsG,KAAK,CAAC,GAAG,kDAAkD;QACjK,0GAA0G,CAAC;IAE7G,IAAI,CAAC;QACH,4EAA4E;QAC5E,IAAI,OAAO,EAAE,IAAI,EAAE,CAAC;YAClB,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC;YAE1C,+BAA+B;YAC/B,MAAM,WAAW,GAA4B,EAAE,CAAC;YAChD,IAAI,WAAW;gBAAE,WAAW,CAAC,SAAS,GAAG,WAAW,CAAC;YAErD,kDAAkD;YAClD,IAAI,eAAmC,CAAC;YACxC,IAAI,eAAmC,CAAC;YACxC,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;YAChC,IAAI,KAAK,EAAE,CAAC;gBACV,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC;oBACzC,IAAI,MAAM,EAAE,CAAC;wBACX,eAAe,GAAG,MAAM,CAAC;wBACzB,WAAW,CAAC,SAAS,GAAG,MAAM,CAAC;oBACjC,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;gBACV,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,CAAC;oBAC5C,IAAI,MAAM;wBAAE,eAAe,GAAG,MAAM,CAAC;gBACvC,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YAED,+DAA+D;YAC/D,IAAI,MAA0B,CAAC;YAC/B,IAAI,WAAW,IAAI,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC/D,IAAI,CAAC;oBACH,MAAM,GAAG,MAAM,YAAY,CACzB,WAAW,EACX,eAAe,EACf,eAAe,EACf;wBACE,SAAS,EAAE,yBAAyB;wBACpC,kBAAkB,EAAE,IAAI;qBACzB,CACF,CAAC;gBACJ,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YAEhD,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,WAAW,EAAE,CAAC;gBACzD,IAAI,CAAC;oBACH,MAAM,EAAE,wBAAwB,EAAE,GAChC,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;oBAC3C,MAAM,QAAQ,GAAG,MAAM,wBAAwB,CAC7C,QAAQ,EACR,WAAW,CACZ,CAAC;oBACF,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC;oBACnC,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;wBACzB,WAAW,CAAC,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC;oBAChD,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YAED,IAAI,YAAY,GAAG,EAAE,CAAC;YACtB,IAAI,cAAc,GAAG,CAAC,CAAC;YAEvB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,MAAM,EAAE,OAAO;aAChB,CAAC,CAAC;YAEH,MAAM,WAAW,GAAG,CAAC,OAAe,EAAE,EAAE;gBACtC,IAAI,OAAO,CAAC,MAAM,GAAG,cAAc,EAAE,CAAC;oBACpC,OAAO,CAAC,IAAK,CAAC;wBACZ,IAAI,EAAE,iBAAiB;wBACvB,KAAK,EAAE,KAAK,CAAC,IAAI;wBACjB,IAAI,EAAE,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC;qBACpC,CAAC,CAAC;oBACH,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;gBAClC,CAAC;gBACD,YAAY,GAAG,OAAO,CAAC;YACzB,CAAC,CAAC;YAEF,kEAAkE;YAClE,kEAAkE;YAClE,sEAAsE;YACtE,qEAAqE;YACrE,sEAAsE;YACtE,qEAAqE;YACrE,wEAAwE;YACxE,qEAAqE;YACrE,iEAAiE;YACjE,sEAAsE;YACtE,wEAAwE;YACxE,+BAA+B;YAC/B,IAAI,CAAC;gBACH,+DAA+D;gBAC/D,mEAAmE;gBACnE,qEAAqE;gBACrE,qEAAqE;gBACrE,MAAM,aAAa,GAAG,2BAA2B,EAAE,CAAC;gBACpD,YAAY,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,eAAe,EAAE;oBACzD,MAAM;oBACN,SAAS,EAAE,WAAW;oBACtB,SAAS,EAAE,eAAe;oBAC1B,SAAS,EAAE,eAAe;oBAC1B,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACvD,CAAC,CAAC;gBACH,2DAA2D;gBAC3D,iEAAiE;gBACjE,uEAAuE;gBACvE,uEAAuE;gBACvE,YAAY,GAAG,kBAAkB,CAAC,YAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC3D,iEAAiE;gBACjE,IAAI,YAAY;oBAAE,WAAW,CAAC,YAAY,CAAC,CAAC;YAC9C,CAAC;YAAC,OAAO,OAAY,EAAE,CAAC;gBACtB,IAAI,OAAO,YAAY,mBAAmB,EAAE,CAAC;oBAC3C,MAAM,MAAM,GAAG,MAAM,wCAAwC,CAC3D,OAAO,EACP,KAAK,EACL,WAAW,CACZ,CAAC;oBACF,IAAI,MAAM,EAAE,CAAC;wBACX,YAAY,GAAG,GAAG,8BAA8B,SAAS,KAAK,CAAC,IAAI,yJAAyJ,CAAC;oBAC/N,CAAC;yBAAM,CAAC;wBACN,MAAM,MAAM,GAAG,OAAO,EAAE,OAAO,IAAI,eAAe,CAAC;wBACnD,YAAY,GAAG,OAAO,KAAK,CAAC,IAAI,oEAAoE,MAAM,GAAG,CAAC;oBAChH,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,MAAM,GAAG,OAAO,EAAE,OAAO,IAAI,eAAe,CAAC;oBACnD,YAAY,GAAG,OAAO,KAAK,CAAC,IAAI,oEAAoE,MAAM,GAAG,CAAC;gBAChH,CAAC;YACH,CAAC;YAED,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,KAAK,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YAEH,OAAO,YAAY,IAAI,kBAAkB,CAAC;QAC5C,CAAC;QAED,wEAAwE;QACxE,uEAAuE;QACvE,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;QACpC,IAAI,MAA0B,CAAC;QAC/B,IAAI,SAA6B,CAAC;QAClC,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,GAAG,CAAC,MAAM,YAAY,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;YACV,IAAI,CAAC;gBACH,SAAS,GAAG,CAAC,MAAM,eAAe,CAAC,YAAY,CAAC,CAAC,IAAI,SAAS,CAAC;YACjE,CAAC;YAAC,MAAM,CAAC,CAAA,CAAC;QACZ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,eAAe,EAAE;YAC3D,SAAS,EAAE,KAAK;YAChB,SAAS,EAAE,MAAM;YACjB,SAAS;SACV,CAAC,CAAC;QACH,OAAO,kBAAkB,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,IAAI,kBAAkB,CAAC;IACvE,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;QACxC,0EAA0E;QAC1E,sCAAsC;QACtC,IAAI,0CAA0C,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACzD,OAAO,OAAO,KAAK,CAAC,IAAI,gGAAgG,KAAK,CAAC,IAAI,gBAAgB,CAAC;QACrJ,CAAC;QACD,OAAO,iBAAiB,KAAK,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;IAC/C,CAAC;AACH,CAAC;AAED,KAAK,UAAU,wCAAwC,CACrD,KAA0B,EAC1B,KAAoC,EACpC,UAA8B;IAE9B,MAAM,WAAW,GAAG,4BAA4B,EAAE,CAAC;IACnD,IAAI,CAAC,WAAW,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,CAAC,EAAE,qBAAqB,EAAE,EAAE,EAAE,uBAAuB,EAAE,CAAC,GAC5D,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,MAAM,CAAC,4CAA4C,CAAC;YACpD,MAAM,CAAC,+CAA+C,CAAC;SACxD,CAAC,CAAC;QACL,MAAM,YAAY,GAAG,MAAM,qBAAqB,CAAC;YAC/C,iBAAiB,EAAE,WAAW,CAAC,MAAM;YACrC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,QAAQ;YACvC,gBAAgB,EAAE,WAAW,CAAC,QAAQ,CAAC,gBAAgB;YACvD,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,cAAc,EAAE,WAAW,CAAC,cAAc;YAC1C,UAAU;YACV,KAAK,EAAE,eAAe,EAAE,IAAI,IAAI;YAChC,SAAS,EAAE,KAAK,CAAC,IAAI;YACrB,QAAQ,EAAE,KAAK,CAAC,GAAG;YACnB,SAAS,EAAE,KAAK,CAAC,MAAM;YACvB,oEAAoE;YACpE,+DAA+D;YAC/D,YAAY,EAAE,IAAI;SACnB,CAAC,CAAC;QACH,MAAM,uBAAuB,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YAC3D,OAAO,CAAC,KAAK,CACX,oDAAoD,YAAY,CAAC,EAAE,GAAG,EACtE,GAAG,CACJ,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,kDAAkD,EAAE,GAAG,CAAC,CAAC;QACvE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,8EAA8E;AAC9E,6EAA6E;AAC7E,2EAA2E;AAC3E,4EAA4E;AAC5E,4CAA4C;AAC5C,MAAM,UAAU,kBAAkB,CAAC,IAAY,EAAE,QAAgB;IAC/D,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,IAAI,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACzC,4EAA4E;IAC5E,8EAA8E;IAC9E,OAAO,IAAI,CAAC,OAAO,CACjB,qDAAqD,EACrD,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,CAChD,CAAC;AACJ,CAAC","sourcesContent":["import type { ActionTool } from \"../agent/types.js\";\nimport type { ActionRunContext } from \"../agent/production-agent.js\";\nimport { findAgent, discoverAgents } from \"../server/agent-discovery.js\";\nimport {\n A2AClient,\n A2ATaskTimeoutError,\n callAgent,\n signA2AToken,\n} from \"../a2a/client.js\";\nimport { A2A_CONTINUATION_QUEUED_MARKER } from \"../integrations/a2a-continuation-marker.js\";\nimport {\n getRequestUserEmail,\n getRequestOrgId,\n isIntegrationCallerRequest,\n getIntegrationRequestContext,\n} from \"../server/request-context.js\";\nimport { getOrgDomain, getOrgA2ASecret } from \"../org/context.js\";\n\nconst DEFAULT_SERVERLESS_INTEGRATION_A2A_TIMEOUT_MS = 18_000;\nconst NETLIFY_INTEGRATION_A2A_TIMEOUT_MS = 50_000;\nconst INTEGRATION_A2A_TOKEN_TTL = \"30m\";\n\nfunction parseTimeoutMs(value: string | undefined): number | undefined {\n if (!value) return undefined;\n const parsed = Number(value);\n if (!Number.isFinite(parsed) || parsed <= 0) return undefined;\n return Math.floor(parsed);\n}\n\nfunction isServerlessHost(): boolean {\n // Detection mirrors db/migrations.ts:297-301. On Cloudflare Workers/Pages,\n // `process.env` is shimmed and CF_PAGES isn't reliably populated at runtime —\n // the canonical signal is the `__cf_env` global injected by workerd.\n return (\n !!process.env.NETLIFY ||\n !!process.env.AWS_LAMBDA_FUNCTION_NAME ||\n !!process.env.VERCEL ||\n \"__cf_env\" in globalThis\n );\n}\n\nfunction getIntegrationCallTimeoutMs(): number | undefined {\n if (!isServerlessHost() || !isIntegrationCallerRequest()) return undefined;\n\n const configured = parseTimeoutMs(\n process.env.AGENT_NATIVE_INTEGRATION_A2A_TIMEOUT_MS,\n );\n if (configured !== undefined) return configured;\n\n // Netlify's current synchronous function budget is 60s, but leave room for\n // cold start, polling overhead, and the caller's final platform response.\n if (process.env.NETLIFY) return NETLIFY_INTEGRATION_A2A_TIMEOUT_MS;\n\n return DEFAULT_SERVERLESS_INTEGRATION_A2A_TIMEOUT_MS;\n}\n\nexport const tool: ActionTool = {\n description:\n \"Call a DIFFERENT, separately-deployed agent app to ask a question or delegate a task. This is strictly for cross-app A2A communication — for example, asking the mail agent to send an email while you are the calendar agent. NEVER use this to call your own app or perform actions you can do with your own tools. Using call-agent on yourself will fail and waste time. \" +\n \"IMPORTANT — handling the response: \" +\n \"(a) If it contains a URL or ID, copy it VERBATIM into your reply. Do not 'correct' or pluralize the path (e.g. /deck/ → /decks/), normalize casing, or change the slug — any edit breaks the link. \" +\n '(b) If it does NOT contain a URL/ID and the user asked for one, say so explicitly (e.g. \"the agent created the deck but didn\\'t return a link — open the app directly to view it\"). NEVER invent a URL, slug, or path — guessing produces broken links that look real.',\n parameters: {\n type: \"object\",\n properties: {\n agent: {\n type: \"string\",\n description:\n \"Name or URL of a DIFFERENT deployed agent app (e.g. 'mail', 'calendar', 'analytics'). Must not be the current app's own name.\",\n },\n message: {\n type: \"string\",\n description: \"The message/question to send to the other agent\",\n },\n },\n required: [\"agent\", \"message\"],\n },\n};\n\nexport async function run(\n args: Record<string, string>,\n context?: ActionRunContext,\n selfAppId?: string,\n): Promise<string> {\n const { agent: agentIdOrName, message } = args;\n\n if (!agentIdOrName) return \"Error: --agent is required\";\n if (!message) return \"Error: --message is required\";\n\n // Prevent self-calls — the agent must use its own registered tools instead\n if (selfAppId && agentIdOrName.toLowerCase() === selfAppId.toLowerCase()) {\n return `Error: You cannot use call-agent to call yourself (${selfAppId}). Use your own registered actions/tools instead. call-agent is only for communicating with OTHER separately-deployed apps.`;\n }\n\n const agent = await findAgent(agentIdOrName, selfAppId);\n if (!agent) {\n const available = (await discoverAgents(selfAppId))\n .map((a) => a.name)\n .join(\", \");\n return `Error: Agent \"${agentIdOrName}\" not found. Available agents: ${available || \"(none)\"}`;\n }\n\n // Append a small cross-app hint to the outgoing message so the receiving\n // agent (which may be on an older deploy without the receiver-side hint\n // in handlers.ts) still emits fully-qualified URLs. This is belt-and-\n // suspenders with the receiver hint — but it works against any current\n // deployment, no redeploy required.\n const messageWithHint =\n `${message}\\n\\n` +\n `[Note: this request comes from another app via A2A. The caller cannot see your local UI, deck list, or navigation — only the literal text you put in your reply. ` +\n `If you create or reference a deck/document/design/dashboard, include its FULLY-QUALIFIED URL (e.g. ${agent.url}/deck/<id>) in your reply, not a relative path. ` +\n `Use only artifact IDs and URL paths returned by successful actions — never invent slugs, IDs, or hosts.]`;\n\n try {\n // If we have a send context, use streaming so the UI shows progressive text\n if (context?.send) {\n const callerEmail = getRequestUserEmail();\n\n // Build metadata with identity\n const a2aMetadata: Record<string, unknown> = {};\n if (callerEmail) a2aMetadata.userEmail = callerEmail;\n\n // Include org domain for cross-app org resolution\n let callerOrgDomain: string | undefined;\n let callerOrgSecret: string | undefined;\n const orgId = getRequestOrgId();\n if (orgId) {\n try {\n const domain = await getOrgDomain(orgId);\n if (domain) {\n callerOrgDomain = domain;\n a2aMetadata.orgDomain = domain;\n }\n } catch {}\n try {\n const secret = await getOrgA2ASecret(orgId);\n if (secret) callerOrgSecret = secret;\n } catch {}\n }\n\n // Sign JWT with identity + org domain for the streaming client\n let apiKey: string | undefined;\n if (callerEmail && (callerOrgSecret || process.env.A2A_SECRET)) {\n try {\n apiKey = await signA2AToken(\n callerEmail,\n callerOrgDomain,\n callerOrgSecret,\n {\n expiresIn: INTEGRATION_A2A_TOKEN_TTL,\n preferGlobalSecret: true,\n },\n );\n } catch {}\n }\n\n const client = new A2AClient(agent.url, apiKey);\n\n if (process.env.NODE_ENV === \"production\" && callerEmail) {\n try {\n const { listOAuthAccountsByOwner } =\n await import(\"../oauth-tokens/store.js\");\n const accounts = await listOAuthAccountsByOwner(\n \"google\",\n callerEmail,\n );\n const tokens = accounts[0]?.tokens;\n if (tokens?.access_token) {\n a2aMetadata.googleToken = tokens.access_token;\n }\n } catch {}\n }\n\n let responseText = \"\";\n let lastSentLength = 0;\n\n context.send({\n type: \"agent_call\",\n agent: agent.name,\n status: \"start\",\n });\n\n const emitNewText = (newText: string) => {\n if (newText.length > lastSentLength) {\n context.send!({\n type: \"agent_call_text\",\n agent: agent.name,\n text: newText.slice(lastSentLength),\n });\n lastSentLength = newText.length;\n }\n responseText = newText;\n };\n\n // Skip the SSE streaming attempt and go straight to async + poll.\n // Why: on Netlify (Lambda), the receiving server has no streaming\n // response support, so message/stream returns a single JSON-RPC error\n // body in a 200 response that our SSE parser silently consumes — the\n // `for await` loop yields nothing AND keeps the connection open until\n // the function timeout, eating the current serverless budget. By the\n // time we get to the sync fallback, Lambda is dead and the second fetch\n // errors out as \"fetch failed\". Async+poll has its own short fetches\n // with their own budgets, so it works reliably across hosts. The\n // trade-off is we lose progressive in-UI text streaming for cross-app\n // A2A calls, but the receiving agent's full response still surfaces via\n // the tool_result event below.\n try {\n // Apply a polling cap ONLY for integration-platform callers on\n // serverless hosts. Normal chat, local Node, self-hosted Node, and\n // Docker can wait for slow-but-valid answers; integration processors\n // still need to finish before their current function execution dies.\n const callTimeoutMs = getIntegrationCallTimeoutMs();\n responseText = await callAgent(agent.url, messageWithHint, {\n apiKey,\n userEmail: callerEmail,\n orgDomain: callerOrgDomain,\n orgSecret: callerOrgSecret,\n ...(callTimeoutMs ? { timeoutMs: callTimeoutMs } : {}),\n });\n // Some agents reply with relative paths (e.g. slides emits\n // \"/deck/abc\"). Those resolve against the caller's host, not the\n // receiver's, so they're broken for the user. Expand any leading-slash\n // URL into a fully-qualified one rooted at the receiving agent's host.\n responseText = expandRelativeUrls(responseText, agent.url);\n // Mirror the response into the streaming UI so the user sees it.\n if (responseText) emitNewText(responseText);\n } catch (pollErr: any) {\n if (pollErr instanceof A2ATaskTimeoutError) {\n const queued = await enqueueIntegrationContinuationIfPossible(\n pollErr,\n agent,\n callerEmail,\n );\n if (queued) {\n responseText = `${A2A_CONTINUATION_QUEUED_MARKER}\\nThe ${agent.name} agent is still working. Do not send an interim reply to the user; the final result will be posted to the originating integration thread automatically.`;\n } else {\n const reason = pollErr?.message ?? \"unknown error\";\n responseText = `The ${agent.name} agent is taking longer than expected and didn't reply in time. (${reason})`;\n }\n } else {\n const reason = pollErr?.message ?? \"unknown error\";\n responseText = `The ${agent.name} agent is taking longer than expected and didn't reply in time. (${reason})`;\n }\n }\n\n context.send({\n type: \"agent_call\",\n agent: agent.name,\n status: \"done\",\n });\n\n return responseText || \"(empty response)\";\n }\n\n // No context — use the async + poll call so we don't get cut off at the\n // serverless gateway's ~30s timeout. callAgent defaults to async:true.\n const email = getRequestUserEmail();\n let domain: string | undefined;\n let orgSecret: string | undefined;\n const currentOrgId = getRequestOrgId();\n if (currentOrgId) {\n try {\n domain = (await getOrgDomain(currentOrgId)) ?? undefined;\n } catch {}\n try {\n orgSecret = (await getOrgA2ASecret(currentOrgId)) ?? undefined;\n } catch {}\n }\n const response = await callAgent(agent.url, messageWithHint, {\n userEmail: email,\n orgDomain: domain,\n orgSecret,\n });\n return expandRelativeUrls(response, agent.url) || \"(empty response)\";\n } catch (err: any) {\n const msg = err?.message ?? String(err);\n // Friendlier message for the common timeout case so the calling agent can\n // decide whether to give up or retry.\n if (/timeout|did not complete|Inactivity|504/i.test(msg)) {\n return `The ${agent.name} agent is taking longer than expected. Please try again, ask a simpler question, or open the ${agent.name} app directly.`;\n }\n return `Error calling ${agent.name}: ${msg}`;\n }\n}\n\nasync function enqueueIntegrationContinuationIfPossible(\n error: A2ATaskTimeoutError,\n agent: { name: string; url: string },\n ownerEmail: string | undefined,\n): Promise<boolean> {\n const integration = getIntegrationRequestContext();\n if (!integration || !ownerEmail) return false;\n\n try {\n const [{ insertA2AContinuation }, { dispatchA2AContinuation }] =\n await Promise.all([\n import(\"../integrations/a2a-continuations-store.js\"),\n import(\"../integrations/a2a-continuation-processor.js\"),\n ]);\n const continuation = await insertA2AContinuation({\n integrationTaskId: integration.taskId,\n platform: integration.incoming.platform,\n externalThreadId: integration.incoming.externalThreadId,\n incoming: integration.incoming,\n placeholderRef: integration.placeholderRef,\n ownerEmail,\n orgId: getRequestOrgId() ?? null,\n agentName: agent.name,\n agentUrl: agent.url,\n a2aTaskId: error.taskId,\n // Do not persist the short-lived JWT used for the initial send. The\n // continuation processor can mint a fresh token for each poll.\n a2aAuthToken: null,\n });\n await dispatchA2AContinuation(continuation.id).catch((err) => {\n console.error(\n `[call-agent] Failed to dispatch A2A continuation ${continuation.id}:`,\n err,\n );\n });\n return true;\n } catch (err) {\n console.error(\"[call-agent] Failed to enqueue A2A continuation:\", err);\n return false;\n }\n}\n\n// Expand bare leading-slash paths (e.g. \"/deck/abc\") into fully-qualified URLs\n// rooted at the receiving agent's host. The receiver doesn't always know it's\n// being called cross-app, so it may emit relative paths that resolve against\n// the caller's host (broken). Match a path that starts at a word boundary,\n// begins with `/`, and has at least one path segment after that. Skip if it\n// already looks like a fully-qualified URL.\nexport function expandRelativeUrls(text: string, agentUrl: string): string {\n if (!text || !agentUrl) return text;\n const base = agentUrl.replace(/\\/$/, \"\");\n // Path must start at boundary (start, whitespace, or punctuation that isn't\n // ':' — to avoid mangling `https://example.com/foo` or markdown link bodies).\n return text.replace(\n /(^|[\\s(\\[<\"'`])(\\/[a-z0-9_-][a-z0-9_/?&=%#.,:-]*)/gi,\n (_match, lead, path) => `${lead}${base}${path}`,\n );\n}\n"]}
package/dist/server/action-routes.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"action-routes.d.ts","sourceRoot":"","sources":["../../src/server/action-routes.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAqEhE,MAAM,WAAW,wBAAwB;IACvC,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,0DAA0D;IAC1D,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACvE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,GAAG,EACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,EACpC,OAAO,CAAC,EAAE,wBAAwB,QA6JnC"}
1
+ {"version":3,"file":"action-routes.d.ts","sourceRoot":"","sources":["../../src/server/action-routes.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAiEhE,MAAM,WAAW,wBAAwB;IACvC,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,0DAA0D;IAC1D,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACvE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,GAAG,EACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,EACpC,OAAO,CAAC,EAAE,wBAAwB,QA6JnC"}
package/dist/server/action-routes.js CHANGED
@@ -9,6 +9,7 @@ import { defineEventHandler, setResponseStatus, setResponseHeader, getMethod, ge
9
9
  import { readBody } from "../server/h3-helpers.js";
10
10
  import { runWithRequestContext } from "./request-context.js";
11
11
  import { recordChange } from "./poll.js";
12
+ import { getAllowedCorsOrigin as resolveAllowedCorsOrigin, readCorsAllowedOrigins, } from "./cors-origins.js";
12
13
  const ROUTE_PREFIX = "/_agent-native/actions";
13
14
  /**
14
15
  * Read the caller's IANA timezone from the `x-user-timezone` header. The core
@@ -27,18 +28,11 @@ function readTimezoneHeader(event) {
27
28
  return undefined;
28
29
  }
29
30
  }
30
- const LOCALHOST_ORIGIN_RE = /^https?:\/\/(localhost|127\.0\.0\.1|tauri\.localhost)(:\d+)?$/;
31
31
  function getAllowedCorsOrigin(origin) {
32
- if (!origin)
33
- return null;
34
- const allowlist = (process.env.CORS_ALLOWED_ORIGINS ?? "")
35
- .split(",")
36
- .map((s) => s.trim())
37
- .filter(Boolean);
38
- if (allowlist.length > 0) {
39
- return allowlist.includes(origin) ? origin : null;
40
- }
41
- return LOCALHOST_ORIGIN_RE.test(origin) ? origin : null;
32
+ return resolveAllowedCorsOrigin(origin, {
33
+ allowedOrigins: readCorsAllowedOrigins(),
34
+ allowLocalhostWhenNoAllowlist: true,
35
+ });
42
36
  }
43
37
  function handleOptionsRequest(event) {
44
38
  const origin = getHeader(event, "origin");
package/dist/server/action-routes.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"action-routes.js","sourceRoot":"","sources":["../../src/server/action-routes.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,QAAQ,EACR,SAAS,GACV,MAAM,IAAI,CAAC;AAEZ,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEzC,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAE9C;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,KAAU;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACtD,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,MAAM,mBAAmB,GACvB,+DAA+D,CAAC;AAElE,SAAS,oBAAoB,CAAC,MAA0B;IACtD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,SAAS,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,IAAI,EAAE,CAAC;SACvD,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;IACnB,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACzB,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;IACpD,CAAC;IACD,OAAO,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1D,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAU;IACtC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,oBAAoB,CACxC,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAChD,CAAC;IAEF,IAAI,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC7B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,iBAAiB,CAAC,KAAK,EAAE,6BAA6B,EAAE,aAAa,CAAC,CAAC;QACvE,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3C,iBAAiB,CAAC,KAAK,EAAE,kCAAkC,EAAE,MAAM,CAAC,CAAC;QACrE,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,wCAAwC,CACzC,CAAC;QACF,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,oIAAoI,CACrI,CAAC;IACJ,CAAC;IAED,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9B,OAAO,EAAE,CAAC;AACZ,CAAC;AASD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAa,EACb,OAAoC,EACpC,OAAkC;IAElC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,0BAA0B;QAC1B,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;YAAE,SAAS;QAEnC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,MAAM,IAAI,MAAM,CAAC;QAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QACtC,MAAM,SAAS,GAAG,GAAG,YAAY,IAAI,IAAI,EAAE,CAAC;QAE5C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,SAAS,EACT,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,eAAe,GACnB,SAAS,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAE/D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACrC,CAAC;YAED,4BAA4B;YAC5B,IAAI,eAAe,KAAK,MAAM,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,2BAA2B,MAAM,GAAG,EAAE,CAAC;YACzD,CAAC;YAED,oEAAoE;YACpE,0DAA0D;YAC1D,qEAAqE;YACrE,8DAA8D;YAC9D,kDAAkD;YAClD,gEAAgE;YAChE,mEAAmE;YACnE,gEAAgE;YAChE,uCAAuC;YACvC,+DAA+D;YAC/D,oEAAoE;YACpE,+BAA+B;YAC/B,MAAM,cAAc,GAClB,SAAS,CAAC,KAAK,EAAE,4BAA4B,CAAC,KAAK,GAAG,CAAC;YACzD,IAAI,cAAc,IAAI,KAAK,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;gBACnD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,WAAW,IAAI,+BAA+B;iBACtD,CAAC;YACJ,CAAC;YAED,+CAA+C;YAC/C,MAAM,SAAS,GAAG,OAAO,EAAE,iBAAiB;gBAC1C,CAAC,CAAC,MAAM,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;gBACxC,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,KAAK,GAAG,OAAO,EAAE,YAAY;gBACjC,CAAC,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,SAAS,CAAC;gBACpD,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAE3C,OAAO,qBAAqB,CAC1B,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,EAC9B,KAAK,IAAI,EAAE;gBACT,kEAAkE;gBAClE,qEAAqE;gBACrE,qEAAqE;gBACrE,sCAAsC;gBACtC,IAAI,MAA2B,CAAC;gBAChC,IAAI,CAAC;oBACH,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;wBACrB,sDAAsD;wBACtD,MAAM,MAAM,GAAI,KAAa,CAAC,GAAG,CAAC;wBAClC,IAAI,MAAM,EAAE,GAAG,EAAE,CAAC;4BAChB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;4BAChC,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBAChD,CAAC;6BAAM,CAAC;4BACN,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAwB,CAAC;wBAClD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,MAAM,GAAI,KAAa,CAAC,GAAG,CAAC;wBAClC,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;4BAChD,6DAA6D;4BAC7D,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;wBACzD,CAAC;6BAAM,CAAC;4BACN,wCAAwC;4BACxC,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;wBACzC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,GAAG,EAAE,CAAC;gBACd,CAAC;gBAED,iBAAiB;gBACjB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAEvC,8DAA8D;oBAC9D,+DAA+D;oBAC/D,gEAAgE;oBAChE,8DAA8D;oBAC9D,6DAA6D;oBAC7D,qDAAqD;oBACrD,+DAA+D;oBAC/D,mEAAmE;oBACnE,gEAAgE;oBAChE,6DAA6D;oBAC7D,MAAM,UAAU,GACd,OAAO,KAAK,CAAC,QAAQ,KAAK,SAAS;wBACjC,CAAC,CAAC,KAAK,CAAC,QAAQ;wBAChB,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC;oBACvB,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,IAAI,CAAC;4BACH,YAAY,CAAC;gCACX,MAAM,EAAE,QAAQ;gCAChB,IAAI,EAAE,QAAQ;gCACd,GAAG,EAAE,IAAI;gCACT,KAAK,EAAE,SAAS;6BACjB,CAAC,CAAC;wBACL,CAAC;wBAAC,MAAM,CAAC;4BACP,SAAS;wBACX,CAAC;oBACH,CAAC;oBAED,6EAA6E;oBAC7E,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;wBAC/B,IAAI,CAAC;4BACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;wBAC5B,CAAC;wBAAC,MAAM,CAAC;4BACP,OAAO,MAAM,CAAC;wBAChB,CAAC;oBACH,CAAC;oBAED,OAAO,MAAM,CAAC;gBAChB,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,MAAM,GAAG,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;oBACxC,4DAA4D;oBAC5D,iBAAiB,CACf,KAAK,EACL,GAAG,CAAC,UAAU,CAAC,2BAA2B,CAAC;wBACzC,CAAC,CAAC,GAAG;wBACL,CAAC,CAAC,OAAO,GAAG,EAAE,UAAU,KAAK,QAAQ;4BACnC,CAAC,CAAC,GAAG,CAAC,UAAU;4BAChB,CAAC,CAAC,GAAG,CACV,CAAC;oBACF,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;gBACxB,CAAC;YACH,CAAC,CACF,CAAC,CAAC,4BAA4B;QACjC,CAAC,CAAC,CACH,CAAC;QAEF,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACzC,OAAO,CAAC,GAAG,CACT,2BAA2B,OAAO,CAAC,MAAM,qBAAqB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnF,CAAC;AACN,CAAC","sourcesContent":["/**\n * Auto-mount actions as HTTP endpoints under /_agent-native/actions/:name.\n *\n * Actions are exposed as POST by default. Use `http: { method: \"GET\" }` in\n * defineAction to expose as GET. Use `http: false` to mark as agent-only.\n */\nimport { getH3App } from \"./framework-request-handler.js\";\nimport {\n defineEventHandler,\n setResponseStatus,\n setResponseHeader,\n getMethod,\n getQuery,\n getHeader,\n} from \"h3\";\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { runWithRequestContext } from \"./request-context.js\";\nimport { recordChange } from \"./poll.js\";\n\nconst ROUTE_PREFIX = \"/_agent-native/actions\";\n\n/**\n * Read the caller's IANA timezone from the `x-user-timezone` header. The core\n * client sends this on every action request so server-side \"today\" fallbacks\n * can honor the user's local day.\n */\nfunction readTimezoneHeader(event: any): string | undefined {\n try {\n const raw = getHeader(event, \"x-user-timezone\");\n if (!raw || typeof raw !== \"string\") return undefined;\n const trimmed = raw.trim();\n return trimmed.length > 0 && trimmed.length < 64 ? trimmed : undefined;\n } catch {\n return undefined;\n }\n}\n\nconst LOCALHOST_ORIGIN_RE =\n /^https?:\\/\\/(localhost|127\\.0\\.0\\.1|tauri\\.localhost)(:\\d+)?$/;\n\nfunction getAllowedCorsOrigin(origin: string | undefined): string | null {\n if (!origin) return null;\n const allowlist = (process.env.CORS_ALLOWED_ORIGINS ?? \"\")\n .split(\",\")\n .map((s) => s.trim())\n .filter(Boolean);\n if (allowlist.length > 0) {\n return allowlist.includes(origin) ? origin : null;\n }\n return LOCALHOST_ORIGIN_RE.test(origin) ? origin : null;\n}\n\nfunction handleOptionsRequest(event: any): string {\n const origin = getHeader(event, \"origin\");\n const allowedOrigin = getAllowedCorsOrigin(\n typeof origin === \"string\" ? origin : undefined,\n );\n\n if (origin && !allowedOrigin) {\n setResponseStatus(event, 403);\n return \"\";\n }\n\n if (allowedOrigin) {\n setResponseHeader(event, \"Access-Control-Allow-Origin\", allowedOrigin);\n setResponseHeader(event, \"Vary\", \"Origin\");\n setResponseHeader(event, \"Access-Control-Allow-Credentials\", \"true\");\n setResponseHeader(\n event,\n \"Access-Control-Allow-Methods\",\n \"GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS\",\n );\n setResponseHeader(\n event,\n \"Access-Control-Allow-Headers\",\n \"Content-Type,Authorization,X-Requested-With,X-Request-Source,X-Agent-Native-CSRF,X-Agent-Native-Tool-Bridge,X-Agent-Native-Tool-Id\",\n );\n }\n\n setResponseStatus(event, 204);\n return \"\";\n}\n\nexport interface MountActionRoutesOptions {\n /** Resolve owner email from the H3 event (for data scoping). */\n getOwnerFromEvent?: (event: any) => string | Promise<string>;\n /** Resolve org ID from the H3 event (for org scoping). */\n resolveOrgId?: (event: any) => string | null | Promise<string | null>;\n}\n\n/**\n * Mount discovered actions as HTTP endpoints.\n *\n * Only actions from `autoDiscoverActions` (template actions) are mounted.\n * Built-in actions (resource-*, chat-*, shell, etc.) are NOT passed here.\n */\nexport function mountActionRoutes(\n nitroApp: any,\n actions: Record<string, ActionEntry>,\n options?: MountActionRoutesOptions,\n) {\n const mounted: string[] = [];\n\n for (const [name, entry] of Object.entries(actions)) {\n // Skip agent-only actions\n if (entry.http === false) continue;\n\n const method = entry.http?.method ?? \"POST\";\n const path = entry.http?.path ?? name;\n const routePath = `${ROUTE_PREFIX}/${path}`;\n\n getH3App(nitroApp).use(\n routePath,\n defineEventHandler(async (event) => {\n const reqMethod = getMethod(event);\n const effectiveMethod =\n reqMethod === \"HEAD\" && method === \"GET\" ? \"GET\" : reqMethod;\n\n if (reqMethod === \"OPTIONS\") {\n return handleOptionsRequest(event);\n }\n\n // Allow the declared method\n if (effectiveMethod !== method) {\n setResponseStatus(event, 405);\n return { error: `Method not allowed. Use ${method}.` };\n }\n\n // (audit H5) Per-action `toolCallable` opt-out for the tools-iframe\n // bridge. The bridge tags every outbound action call with\n // X-Agent-Native-Tool-Bridge: 1. When that header is present and the\n // action declares `toolCallable: false`, we 403 — used by the\n // framework's share-resource / unshare-resource /\n // set-resource-visibility for defense-in-depth on auth-adjacent\n // operations. Undefined defaults to allow: tools are intra-org and\n // typically authored by trusted teammates, so the default is to\n // trust the org-level access controls.\n // The header is set by the parent (the React host), not by the\n // iframe's user-authored content; sanitizeToolRequestOptions strips\n // iframe attempts to spoof it.\n const fromToolBridge =\n getHeader(event, \"x-agent-native-tool-bridge\") === \"1\";\n if (fromToolBridge && entry.toolCallable === false) {\n setResponseStatus(event, 403);\n return {\n error: `Action '${name}' is not callable from tools.`,\n };\n }\n\n // Resolve auth context for per-request scoping\n const userEmail = options?.getOwnerFromEvent\n ? await options.getOwnerFromEvent(event)\n : undefined;\n const orgId = options?.resolveOrgId\n ? ((await options.resolveOrgId(event)) ?? undefined)\n : undefined;\n const timezone = readTimezoneHeader(event);\n\n return runWithRequestContext(\n { userEmail, orgId, timezone },\n async () => {\n // Parse params based on method. On web-standard runtimes (Netlify\n // Functions, CF Workers), event.req IS the web Request — use .json()\n // directly. H3's readBody fails on those runtimes because it expects\n // a Node.js stream on event.node.req.\n let params: Record<string, any>;\n try {\n if (method === \"GET\") {\n // H3 v2: prefer web Request URL, fallback to getQuery\n const webReq = (event as any).req;\n if (webReq?.url) {\n const url = new URL(webReq.url);\n params = Object.fromEntries(url.searchParams);\n } else {\n params = getQuery(event) as Record<string, any>;\n }\n } else {\n const webReq = (event as any).req;\n if (webReq && typeof webReq.json === \"function\") {\n // H3 v2: event.req is the web Request — use .json() directly\n params = (await webReq.json().catch(() => null)) ?? {};\n } else {\n // Fallback: H3's readBody (Node.js dev)\n params = (await readBody(event)) ?? {};\n }\n }\n } catch {\n params = {};\n }\n\n // Run the action\n try {\n const result = await entry.run(params);\n\n // Auto-refresh the UI after a successful mutating action. GET\n // actions and actions explicitly flagged readOnly are skipped.\n // Other tabs' useDbSync will see source:\"action\" and invalidate\n // their action queries. The calling tab already refetches via\n // useActionMutation's onSuccess, so this is mainly cross-tab\n // sync (and parity with the agent's tool-call path).\n // Explicit entry.readOnly (true OR false) wins over the method\n // heuristic. defineAction already auto-infers GET → readOnly=true,\n // so for actions registered through that path entry.readOnly is\n // always set and the fallback just guards legacy wrap paths.\n const isReadOnly =\n typeof entry.readOnly === \"boolean\"\n ? entry.readOnly\n : method === \"GET\";\n if (!isReadOnly) {\n try {\n recordChange({\n source: \"action\",\n type: \"change\",\n key: name,\n owner: userEmail,\n });\n } catch {\n // ignore\n }\n }\n\n // If the action returned a string, try to parse as JSON for a clean response\n if (typeof result === \"string\") {\n try {\n return JSON.parse(result);\n } catch {\n return result;\n }\n }\n\n return result;\n } catch (err: any) {\n const msg = err?.message ?? String(err);\n // Return 400 for validation errors, 500 for everything else\n setResponseStatus(\n event,\n msg.startsWith(\"Invalid action parameters\")\n ? 400\n : typeof err?.statusCode === \"number\"\n ? err.statusCode\n : 500,\n );\n return { error: msg };\n }\n },\n ); // end runWithRequestContext\n }),\n );\n\n mounted.push(`${method} ${routePath}`);\n }\n\n if (mounted.length > 0 && process.env.DEBUG)\n console.log(\n `[action-routes] Mounted ${mounted.length} action route(s): ${mounted.join(\", \")}`,\n );\n}\n"]}
1
+ {"version":3,"file":"action-routes.js","sourceRoot":"","sources":["../../src/server/action-routes.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,QAAQ,EACR,SAAS,GACV,MAAM,IAAI,CAAC;AAEZ,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EACL,oBAAoB,IAAI,wBAAwB,EAChD,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAE3B,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAE9C;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,KAAU;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACtD,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,MAA0B;IACtD,OAAO,wBAAwB,CAAC,MAAM,EAAE;QACtC,cAAc,EAAE,sBAAsB,EAAE;QACxC,6BAA6B,EAAE,IAAI;KACpC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAU;IACtC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,aAAa,GAAG,oBAAoB,CACxC,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAChD,CAAC;IAEF,IAAI,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;QAC7B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,aAAa,EAAE,CAAC;QAClB,iBAAiB,CAAC,KAAK,EAAE,6BAA6B,EAAE,aAAa,CAAC,CAAC;QACvE,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3C,iBAAiB,CAAC,KAAK,EAAE,kCAAkC,EAAE,MAAM,CAAC,CAAC;QACrE,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,wCAAwC,CACzC,CAAC;QACF,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,oIAAoI,CACrI,CAAC;IACJ,CAAC;IAED,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9B,OAAO,EAAE,CAAC;AACZ,CAAC;AASD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAa,EACb,OAAoC,EACpC,OAAkC;IAElC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,0BAA0B;QAC1B,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;YAAE,SAAS;QAEnC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,MAAM,IAAI,MAAM,CAAC;QAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QACtC,MAAM,SAAS,GAAG,GAAG,YAAY,IAAI,IAAI,EAAE,CAAC;QAE5C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,SAAS,EACT,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,eAAe,GACnB,SAAS,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAE/D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACrC,CAAC;YAED,4BAA4B;YAC5B,IAAI,eAAe,KAAK,MAAM,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,2BAA2B,MAAM,GAAG,EAAE,CAAC;YACzD,CAAC;YAED,oEAAoE;YACpE,0DAA0D;YAC1D,qEAAqE;YACrE,8DAA8D;YAC9D,kDAAkD;YAClD,gEAAgE;YAChE,mEAAmE;YACnE,gEAAgE;YAChE,uCAAuC;YACvC,+DAA+D;YAC/D,oEAAoE;YACpE,+BAA+B;YAC/B,MAAM,cAAc,GAClB,SAAS,CAAC,KAAK,EAAE,4BAA4B,CAAC,KAAK,GAAG,CAAC;YACzD,IAAI,cAAc,IAAI,KAAK,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;gBACnD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,WAAW,IAAI,+BAA+B;iBACtD,CAAC;YACJ,CAAC;YAED,+CAA+C;YAC/C,MAAM,SAAS,GAAG,OAAO,EAAE,iBAAiB;gBAC1C,CAAC,CAAC,MAAM,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;gBACxC,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,KAAK,GAAG,OAAO,EAAE,YAAY;gBACjC,CAAC,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,SAAS,CAAC;gBACpD,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAE3C,OAAO,qBAAqB,CAC1B,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,EAC9B,KAAK,IAAI,EAAE;gBACT,kEAAkE;gBAClE,qEAAqE;gBACrE,qEAAqE;gBACrE,sCAAsC;gBACtC,IAAI,MAA2B,CAAC;gBAChC,IAAI,CAAC;oBACH,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;wBACrB,sDAAsD;wBACtD,MAAM,MAAM,GAAI,KAAa,CAAC,GAAG,CAAC;wBAClC,IAAI,MAAM,EAAE,GAAG,EAAE,CAAC;4BAChB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;4BAChC,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBAChD,CAAC;6BAAM,CAAC;4BACN,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAwB,CAAC;wBAClD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,MAAM,GAAI,KAAa,CAAC,GAAG,CAAC;wBAClC,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;4BAChD,6DAA6D;4BAC7D,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;wBACzD,CAAC;6BAAM,CAAC;4BACN,wCAAwC;4BACxC,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;wBACzC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,GAAG,EAAE,CAAC;gBACd,CAAC;gBAED,iBAAiB;gBACjB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAEvC,8DAA8D;oBAC9D,+DAA+D;oBAC/D,gEAAgE;oBAChE,8DAA8D;oBAC9D,6DAA6D;oBAC7D,qDAAqD;oBACrD,+DAA+D;oBAC/D,mEAAmE;oBACnE,gEAAgE;oBAChE,6DAA6D;oBAC7D,MAAM,UAAU,GACd,OAAO,KAAK,CAAC,QAAQ,KAAK,SAAS;wBACjC,CAAC,CAAC,KAAK,CAAC,QAAQ;wBAChB,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC;oBACvB,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,IAAI,CAAC;4BACH,YAAY,CAAC;gCACX,MAAM,EAAE,QAAQ;gCAChB,IAAI,EAAE,QAAQ;gCACd,GAAG,EAAE,IAAI;gCACT,KAAK,EAAE,SAAS;6BACjB,CAAC,CAAC;wBACL,CAAC;wBAAC,MAAM,CAAC;4BACP,SAAS;wBACX,CAAC;oBACH,CAAC;oBAED,6EAA6E;oBAC7E,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;wBAC/B,IAAI,CAAC;4BACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;wBAC5B,CAAC;wBAAC,MAAM,CAAC;4BACP,OAAO,MAAM,CAAC;wBAChB,CAAC;oBACH,CAAC;oBAED,OAAO,MAAM,CAAC;gBAChB,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,MAAM,GAAG,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;oBACxC,4DAA4D;oBAC5D,iBAAiB,CACf,KAAK,EACL,GAAG,CAAC,UAAU,CAAC,2BAA2B,CAAC;wBACzC,CAAC,CAAC,GAAG;wBACL,CAAC,CAAC,OAAO,GAAG,EAAE,UAAU,KAAK,QAAQ;4BACnC,CAAC,CAAC,GAAG,CAAC,UAAU;4BAChB,CAAC,CAAC,GAAG,CACV,CAAC;oBACF,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;gBACxB,CAAC;YACH,CAAC,CACF,CAAC,CAAC,4BAA4B;QACjC,CAAC,CAAC,CACH,CAAC;QAEF,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACzC,OAAO,CAAC,GAAG,CACT,2BAA2B,OAAO,CAAC,MAAM,qBAAqB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnF,CAAC;AACN,CAAC","sourcesContent":["/**\n * Auto-mount actions as HTTP endpoints under /_agent-native/actions/:name.\n *\n * Actions are exposed as POST by default. Use `http: { method: \"GET\" }` in\n * defineAction to expose as GET. Use `http: false` to mark as agent-only.\n */\nimport { getH3App } from \"./framework-request-handler.js\";\nimport {\n defineEventHandler,\n setResponseStatus,\n setResponseHeader,\n getMethod,\n getQuery,\n getHeader,\n} from \"h3\";\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { runWithRequestContext } from \"./request-context.js\";\nimport { recordChange } from \"./poll.js\";\nimport {\n getAllowedCorsOrigin as resolveAllowedCorsOrigin,\n readCorsAllowedOrigins,\n} from \"./cors-origins.js\";\n\nconst ROUTE_PREFIX = \"/_agent-native/actions\";\n\n/**\n * Read the caller's IANA timezone from the `x-user-timezone` header. The core\n * client sends this on every action request so server-side \"today\" fallbacks\n * can honor the user's local day.\n */\nfunction readTimezoneHeader(event: any): string | undefined {\n try {\n const raw = getHeader(event, \"x-user-timezone\");\n if (!raw || typeof raw !== \"string\") return undefined;\n const trimmed = raw.trim();\n return trimmed.length > 0 && trimmed.length < 64 ? trimmed : undefined;\n } catch {\n return undefined;\n }\n}\n\nfunction getAllowedCorsOrigin(origin: string | undefined): string | null {\n return resolveAllowedCorsOrigin(origin, {\n allowedOrigins: readCorsAllowedOrigins(),\n allowLocalhostWhenNoAllowlist: true,\n });\n}\n\nfunction handleOptionsRequest(event: any): string {\n const origin = getHeader(event, \"origin\");\n const allowedOrigin = getAllowedCorsOrigin(\n typeof origin === \"string\" ? origin : undefined,\n );\n\n if (origin && !allowedOrigin) {\n setResponseStatus(event, 403);\n return \"\";\n }\n\n if (allowedOrigin) {\n setResponseHeader(event, \"Access-Control-Allow-Origin\", allowedOrigin);\n setResponseHeader(event, \"Vary\", \"Origin\");\n setResponseHeader(event, \"Access-Control-Allow-Credentials\", \"true\");\n setResponseHeader(\n event,\n \"Access-Control-Allow-Methods\",\n \"GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS\",\n );\n setResponseHeader(\n event,\n \"Access-Control-Allow-Headers\",\n \"Content-Type,Authorization,X-Requested-With,X-Request-Source,X-Agent-Native-CSRF,X-Agent-Native-Tool-Bridge,X-Agent-Native-Tool-Id\",\n );\n }\n\n setResponseStatus(event, 204);\n return \"\";\n}\n\nexport interface MountActionRoutesOptions {\n /** Resolve owner email from the H3 event (for data scoping). */\n getOwnerFromEvent?: (event: any) => string | Promise<string>;\n /** Resolve org ID from the H3 event (for org scoping). */\n resolveOrgId?: (event: any) => string | null | Promise<string | null>;\n}\n\n/**\n * Mount discovered actions as HTTP endpoints.\n *\n * Only actions from `autoDiscoverActions` (template actions) are mounted.\n * Built-in actions (resource-*, chat-*, shell, etc.) are NOT passed here.\n */\nexport function mountActionRoutes(\n nitroApp: any,\n actions: Record<string, ActionEntry>,\n options?: MountActionRoutesOptions,\n) {\n const mounted: string[] = [];\n\n for (const [name, entry] of Object.entries(actions)) {\n // Skip agent-only actions\n if (entry.http === false) continue;\n\n const method = entry.http?.method ?? \"POST\";\n const path = entry.http?.path ?? name;\n const routePath = `${ROUTE_PREFIX}/${path}`;\n\n getH3App(nitroApp).use(\n routePath,\n defineEventHandler(async (event) => {\n const reqMethod = getMethod(event);\n const effectiveMethod =\n reqMethod === \"HEAD\" && method === \"GET\" ? \"GET\" : reqMethod;\n\n if (reqMethod === \"OPTIONS\") {\n return handleOptionsRequest(event);\n }\n\n // Allow the declared method\n if (effectiveMethod !== method) {\n setResponseStatus(event, 405);\n return { error: `Method not allowed. Use ${method}.` };\n }\n\n // (audit H5) Per-action `toolCallable` opt-out for the tools-iframe\n // bridge. The bridge tags every outbound action call with\n // X-Agent-Native-Tool-Bridge: 1. When that header is present and the\n // action declares `toolCallable: false`, we 403 — used by the\n // framework's share-resource / unshare-resource /\n // set-resource-visibility for defense-in-depth on auth-adjacent\n // operations. Undefined defaults to allow: tools are intra-org and\n // typically authored by trusted teammates, so the default is to\n // trust the org-level access controls.\n // The header is set by the parent (the React host), not by the\n // iframe's user-authored content; sanitizeToolRequestOptions strips\n // iframe attempts to spoof it.\n const fromToolBridge =\n getHeader(event, \"x-agent-native-tool-bridge\") === \"1\";\n if (fromToolBridge && entry.toolCallable === false) {\n setResponseStatus(event, 403);\n return {\n error: `Action '${name}' is not callable from tools.`,\n };\n }\n\n // Resolve auth context for per-request scoping\n const userEmail = options?.getOwnerFromEvent\n ? await options.getOwnerFromEvent(event)\n : undefined;\n const orgId = options?.resolveOrgId\n ? ((await options.resolveOrgId(event)) ?? undefined)\n : undefined;\n const timezone = readTimezoneHeader(event);\n\n return runWithRequestContext(\n { userEmail, orgId, timezone },\n async () => {\n // Parse params based on method. On web-standard runtimes (Netlify\n // Functions, CF Workers), event.req IS the web Request — use .json()\n // directly. H3's readBody fails on those runtimes because it expects\n // a Node.js stream on event.node.req.\n let params: Record<string, any>;\n try {\n if (method === \"GET\") {\n // H3 v2: prefer web Request URL, fallback to getQuery\n const webReq = (event as any).req;\n if (webReq?.url) {\n const url = new URL(webReq.url);\n params = Object.fromEntries(url.searchParams);\n } else {\n params = getQuery(event) as Record<string, any>;\n }\n } else {\n const webReq = (event as any).req;\n if (webReq && typeof webReq.json === \"function\") {\n // H3 v2: event.req is the web Request — use .json() directly\n params = (await webReq.json().catch(() => null)) ?? {};\n } else {\n // Fallback: H3's readBody (Node.js dev)\n params = (await readBody(event)) ?? {};\n }\n }\n } catch {\n params = {};\n }\n\n // Run the action\n try {\n const result = await entry.run(params);\n\n // Auto-refresh the UI after a successful mutating action. GET\n // actions and actions explicitly flagged readOnly are skipped.\n // Other tabs' useDbSync will see source:\"action\" and invalidate\n // their action queries. The calling tab already refetches via\n // useActionMutation's onSuccess, so this is mainly cross-tab\n // sync (and parity with the agent's tool-call path).\n // Explicit entry.readOnly (true OR false) wins over the method\n // heuristic. defineAction already auto-infers GET → readOnly=true,\n // so for actions registered through that path entry.readOnly is\n // always set and the fallback just guards legacy wrap paths.\n const isReadOnly =\n typeof entry.readOnly === \"boolean\"\n ? entry.readOnly\n : method === \"GET\";\n if (!isReadOnly) {\n try {\n recordChange({\n source: \"action\",\n type: \"change\",\n key: name,\n owner: userEmail,\n });\n } catch {\n // ignore\n }\n }\n\n // If the action returned a string, try to parse as JSON for a clean response\n if (typeof result === \"string\") {\n try {\n return JSON.parse(result);\n } catch {\n return result;\n }\n }\n\n return result;\n } catch (err: any) {\n const msg = err?.message ?? String(err);\n // Return 400 for validation errors, 500 for everything else\n setResponseStatus(\n event,\n msg.startsWith(\"Invalid action parameters\")\n ? 400\n : typeof err?.statusCode === \"number\"\n ? err.statusCode\n : 500,\n );\n return { error: msg };\n }\n },\n ); // end runWithRequestContext\n }),\n );\n\n mounted.push(`${method} ${routePath}`);\n }\n\n if (mounted.length > 0 && process.env.DEBUG)\n console.log(\n `[action-routes] Mounted ${mounted.length} action route(s): ${mounted.join(\", \")}`,\n );\n}\n"]}
package/dist/server/agent-chat-plugin.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"agent-chat-plugin.d.ts","sourceRoot":"","sources":["../../src/server/agent-chat-plugin.ts"],"names":[],"mappings":"AASA,OAAO,EASL,KAAK,WAAW,EACjB,MAAM,8BAA8B,CAAC;AAItC,OAAO,KAAK,EACV,cAAc,EAEd,eAAe,EAEhB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAUjB,MAAM,wBAAwB,CAAC;AA0ChC,OAAO,EAEL,KAAK,0BAA0B,EAC/B,KAAK,oBAAoB,EAC1B,MAAM,6BAA6B,CAAC;AA4DrC,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,SAAS,cAAc,EAAE,EACjC,WAAW,EAAE,SAAS,oBAAoB,EAAE,EAC5C,OAAO,GAAE,0BAA0B,GAAG;IAAE,KAAK,CAAC,EAAE,GAAG,CAAA;CAAO,GACzD;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAM7C;AAkiCD,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,sBAAsB;IACrC,+DAA+D;IAC/D,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,wCAAwC;IACxC,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,MAAM,CAAC,EACH,OAAO,0BAA0B,EAAE,WAAW,GAC9C,MAAM,GACN;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;IACtD,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,gBAAgB,CAAC,EACb,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClD,kFAAkF;IAClF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACtE;;;;;;;;;;;;;;OAcG;IACH,YAAY,CAAC,EAAE,CACb,KAAK,EAAE,GAAG,EACV,KAAK,EAAE,MAAM,KACV,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5C;;;;;;;;;;;;;;OAcG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AA6vBD,wBAAgB,qBAAqB,CACnC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,cAAc,CA48EhB;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,EAAE,cAAwC,CAAC;AAa9E,yEAAyE;AACzE,wBAAgB,mBAAmB,IAAI,gBAAgB,GAAG,IAAI,CAE7D"}
1
+ {"version":3,"file":"agent-chat-plugin.d.ts","sourceRoot":"","sources":["../../src/server/agent-chat-plugin.ts"],"names":[],"mappings":"AAaA,OAAO,EASL,KAAK,WAAW,EACjB,MAAM,8BAA8B,CAAC;AAItC,OAAO,KAAK,EACV,cAAc,EAEd,eAAe,EAEhB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAUjB,MAAM,wBAAwB,CAAC;AA0ChC,OAAO,EAEL,KAAK,0BAA0B,EAC/B,KAAK,oBAAoB,EAC1B,MAAM,6BAA6B,CAAC;AA4DrC,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,SAAS,cAAc,EAAE,EACjC,WAAW,EAAE,SAAS,oBAAoB,EAAE,EAC5C,OAAO,GAAE,0BAA0B,GAAG;IAAE,KAAK,CAAC,EAAE,GAAG,CAAA;CAAO,GACzD;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAM7C;AAkiCD,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,sBAAsB;IACrC,+DAA+D;IAC/D,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,wCAAwC;IACxC,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,MAAM,CAAC,EACH,OAAO,0BAA0B,EAAE,WAAW,GAC9C,MAAM,GACN;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;IACtD,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,gBAAgB,CAAC,EACb,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClD,kFAAkF;IAClF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACtE;;;;;;;;;;;;;;OAcG;IACH,YAAY,CAAC,EAAE,CACb,KAAK,EAAE,GAAG,EACV,KAAK,EAAE,MAAM,KACV,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5C;;;;;;;;;;;;;;OAcG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AA6vBD,wBAAgB,qBAAqB,CACnC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,cAAc,CA68EhB;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,EAAE,cAAwC,CAAC;AAa9E,yEAAyE;AACzE,wBAAgB,mBAAmB,IAAI,gBAAgB,GAAG,IAAI,CAE7D"}
package/dist/server/agent-chat-plugin.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { runWithRequestContext, getRequestOrgId, getRequestUserEmail, getRequestRunContext, ensureRequestRunContext, } from "./request-context.js";
2
2
  import { getSetting, putSetting } from "../settings/store.js";
3
- import { getH3App, trackPluginInit } from "./framework-request-handler.js";
3
+ import { getH3App, markDefaultPluginProvided, trackPluginInit, } from "./framework-request-handler.js";
4
4
  import { createProductionAgentHandler, runAgentLoop, actionsToEngineTools, getActiveRunForThreadAsync, abortRun, subscribeToRun, } from "../agent/production-agent.js";
5
5
  import { resolveEngine, createAnthropicEngine } from "../agent/engine/index.js";
6
6
  import { DEFAULT_MODEL } from "../agent/default-model.js";
@@ -1676,6 +1676,7 @@ function isLocalhost(event) {
1676
1676
  }
1677
1677
  export function createAgentChatPlugin(options) {
1678
1678
  return (nitroApp) => {
1679
+ markDefaultPluginProvided(nitroApp, "agent-chat");
1679
1680
  // Nitro v3 calls plugins synchronously and doesn't await async return
1680
1681
  // values. We track the async init so the framework's readiness gate
1681
1682
  // holds /_agent-native requests until routes are registered.