@agent-vm/config-contracts 0.0.79 → 0.0.81
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +66 -21
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +40 -22
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.d.ts
CHANGED
|
@@ -169,6 +169,11 @@ declare const namespaceToolRefSchema: z.ZodObject<{
|
|
|
169
169
|
toolName: z.ZodString;
|
|
170
170
|
}, z.core.$strict>;
|
|
171
171
|
type NamespaceToolRef = z.infer<typeof namespaceToolRefSchema>;
|
|
172
|
+
declare const portalToolSelectorSchema: z.ZodObject<{
|
|
173
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
174
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
175
|
+
}, z.core.$strict>;
|
|
176
|
+
type PortalToolSelector = z.infer<typeof portalToolSelectorSchema>;
|
|
172
177
|
declare const portalApprovalConfigSchema: z.ZodObject<{
|
|
173
178
|
allowWithoutApprovalTools: z.ZodDefault<z.ZodArray<z.ZodObject<{
|
|
174
179
|
namespace: z.ZodString;
|
|
@@ -182,6 +187,16 @@ declare const portalApprovalConfigSchema: z.ZodObject<{
|
|
|
182
187
|
"destructive-requires-approval": "destructive-requires-approval";
|
|
183
188
|
"always-require-approval": "always-require-approval";
|
|
184
189
|
}>>;
|
|
190
|
+
callPoliciesByNamespace: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
191
|
+
requiresApproval: z.ZodObject<{
|
|
192
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
193
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
194
|
+
}, z.core.$strict>;
|
|
195
|
+
withoutApproval: z.ZodObject<{
|
|
196
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
197
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
198
|
+
}, z.core.$strict>;
|
|
199
|
+
}, z.core.$strict>>>;
|
|
185
200
|
trustedAnnotationNamespaces: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
186
201
|
writeTools: z.ZodDefault<z.ZodArray<z.ZodObject<{
|
|
187
202
|
namespace: z.ZodString;
|
|
@@ -197,20 +212,26 @@ declare const mcpPortalProfileDefinitionSchema: z.ZodObject<{
|
|
|
197
212
|
}>>>;
|
|
198
213
|
}, z.core.$strict>>;
|
|
199
214
|
namespaces: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
200
|
-
approval: z.ZodDefault<z.ZodObject<{
|
|
215
|
+
approval: z.ZodOptional<z.ZodDefault<z.ZodObject<{
|
|
201
216
|
allowWithoutApproval: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
202
217
|
alwaysAsk: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
203
218
|
trustedAnnotations: z.ZodDefault<z.ZodBoolean>;
|
|
204
219
|
write: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
205
|
-
}, z.core.$strict
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
220
|
+
}, z.core.$strict>>>;
|
|
221
|
+
calls: z.ZodObject<{
|
|
222
|
+
requiresApproval: z.ZodObject<{
|
|
223
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
224
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
225
|
+
}, z.core.$strict>;
|
|
226
|
+
withoutApproval: z.ZodObject<{
|
|
227
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
228
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
229
|
+
}, z.core.$strict>;
|
|
230
|
+
}, z.core.$strict>;
|
|
231
|
+
tools: z.ZodObject<{
|
|
232
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
233
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
234
|
+
}, z.core.$strict>;
|
|
214
235
|
}, z.core.$strict>>>;
|
|
215
236
|
logging: z.ZodOptional<z.ZodObject<{
|
|
216
237
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
@@ -251,6 +272,16 @@ declare const resolvedMcpPortalProfileSchema: z.ZodObject<{
|
|
|
251
272
|
"destructive-requires-approval": "destructive-requires-approval";
|
|
252
273
|
"always-require-approval": "always-require-approval";
|
|
253
274
|
}>>;
|
|
275
|
+
callPoliciesByNamespace: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
276
|
+
requiresApproval: z.ZodObject<{
|
|
277
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
278
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
279
|
+
}, z.core.$strict>;
|
|
280
|
+
withoutApproval: z.ZodObject<{
|
|
281
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
282
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
283
|
+
}, z.core.$strict>;
|
|
284
|
+
}, z.core.$strict>>>;
|
|
254
285
|
trustedAnnotationNamespaces: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
255
286
|
writeTools: z.ZodDefault<z.ZodArray<z.ZodObject<{
|
|
256
287
|
namespace: z.ZodString;
|
|
@@ -331,20 +362,26 @@ declare const mcpPortalConfigSchema: z.ZodObject<{
|
|
|
331
362
|
}>>>;
|
|
332
363
|
}, z.core.$strict>>;
|
|
333
364
|
namespaces: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
334
|
-
approval: z.ZodDefault<z.ZodObject<{
|
|
365
|
+
approval: z.ZodOptional<z.ZodDefault<z.ZodObject<{
|
|
335
366
|
allowWithoutApproval: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
336
367
|
alwaysAsk: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
337
368
|
trustedAnnotations: z.ZodDefault<z.ZodBoolean>;
|
|
338
369
|
write: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
339
|
-
}, z.core.$strict
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
370
|
+
}, z.core.$strict>>>;
|
|
371
|
+
calls: z.ZodObject<{
|
|
372
|
+
requiresApproval: z.ZodObject<{
|
|
373
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
374
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
375
|
+
}, z.core.$strict>;
|
|
376
|
+
withoutApproval: z.ZodObject<{
|
|
377
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
378
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
379
|
+
}, z.core.$strict>;
|
|
380
|
+
}, z.core.$strict>;
|
|
381
|
+
tools: z.ZodObject<{
|
|
382
|
+
allow: z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>;
|
|
383
|
+
deny: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
384
|
+
}, z.core.$strict>;
|
|
348
385
|
}, z.core.$strict>>>;
|
|
349
386
|
logging: z.ZodOptional<z.ZodObject<{
|
|
350
387
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
@@ -381,6 +418,14 @@ interface McpPortalApprovalToolCall {
|
|
|
381
418
|
readonly namespace: string;
|
|
382
419
|
readonly toolName: string;
|
|
383
420
|
}
|
|
421
|
+
type McpPortalCallPolicyDecision = {
|
|
422
|
+
readonly kind: 'allow_without_approval';
|
|
423
|
+
} | {
|
|
424
|
+
readonly kind: 'blocked';
|
|
425
|
+
} | {
|
|
426
|
+
readonly kind: 'requires_approval';
|
|
427
|
+
};
|
|
428
|
+
declare function mcpPortalCallPolicyDecision(profile: ResolvedMcpPortalProfile, call: McpPortalApprovalToolCall): McpPortalCallPolicyDecision;
|
|
384
429
|
declare function mcpPortalCallRequiresApproval(profile: ResolvedMcpPortalProfile, call: McpPortalApprovalToolCall): boolean;
|
|
385
430
|
//#endregion
|
|
386
431
|
//#region src/schema-artifacts.d.ts
|
|
@@ -402,5 +447,5 @@ interface ConfigContractSchemaArtifacts {
|
|
|
402
447
|
}
|
|
403
448
|
declare function createConfigContractSchemaArtifacts(): ConfigContractSchemaArtifacts;
|
|
404
449
|
//#endregion
|
|
405
|
-
export { ConfigContractSchemaArtifacts, JsonArray, JsonObject, JsonPrimitive, JsonValue, McpConfig, McpPortalAgentConfig, McpPortalApprovalToolAnnotations, McpPortalApprovalToolCall, McpPortalConfig, McpPortalExternalAuthConfig, McpPortalProfileDefinition, McpPortalProxyConfig, McpProvider, NamespaceToolRef, OpenClawMcpPortalPluginConfig, PortalApprovalConfig, ResolvedMcpPortalProfile, ResolvedMcpProvider, SecretValue, assertJsonObject, createConfigContractSchemaArtifacts, isJsonObject, jsonObjectSchema, jsonValueSchema, loadJsonConfigFile, loadMcpConfig, loadMcpPortalConfig, mcpConfigSchema, mcpConfigToResolvedProviders, mcpPortalAgentConfigSchema, mcpPortalCallRequiresApproval, mcpPortalConfigSchema, mcpPortalConfigSchemaIds, mcpPortalConfigSchemaPaths, mcpPortalConfigSchemaVersions, mcpPortalExternalAuthSchema, mcpPortalProfileDefinitionSchema, mcpPortalProxySchema, mcpProviderSchema, mcpSecretPolicySchema, namespaceToolRefSchema, openClawMcpPortalPluginConfigSchema, portalApprovalConfigSchema, resolveMcpPortalProfile, resolvedMcpPortalProfileSchema, secretValueSchema, secretValueToEnvironmentReference };
|
|
450
|
+
export { ConfigContractSchemaArtifacts, JsonArray, JsonObject, JsonPrimitive, JsonValue, McpConfig, McpPortalAgentConfig, McpPortalApprovalToolAnnotations, McpPortalApprovalToolCall, McpPortalCallPolicyDecision, McpPortalConfig, McpPortalExternalAuthConfig, McpPortalProfileDefinition, McpPortalProxyConfig, McpProvider, NamespaceToolRef, OpenClawMcpPortalPluginConfig, PortalApprovalConfig, PortalToolSelector, ResolvedMcpPortalProfile, ResolvedMcpProvider, SecretValue, assertJsonObject, createConfigContractSchemaArtifacts, isJsonObject, jsonObjectSchema, jsonValueSchema, loadJsonConfigFile, loadMcpConfig, loadMcpPortalConfig, mcpConfigSchema, mcpConfigToResolvedProviders, mcpPortalAgentConfigSchema, mcpPortalCallPolicyDecision, mcpPortalCallRequiresApproval, mcpPortalConfigSchema, mcpPortalConfigSchemaIds, mcpPortalConfigSchemaPaths, mcpPortalConfigSchemaVersions, mcpPortalExternalAuthSchema, mcpPortalProfileDefinitionSchema, mcpPortalProxySchema, mcpProviderSchema, mcpSecretPolicySchema, namespaceToolRefSchema, openClawMcpPortalPluginConfigSchema, portalApprovalConfigSchema, portalToolSelectorSchema, resolveMcpPortalProfile, resolvedMcpPortalProfileSchema, secretValueSchema, secretValueToEnvironmentReference };
|
|
406
451
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/json-config-file.ts","../src/json-value.ts","../src/secret-value.ts","../src/mcp-config.ts","../src/mcp-portal-config.ts","../src/mcp-portal-approval-policy.ts","../src/schema-artifacts.ts"],"mappings":";;;iBAsBsB,kBAAA,CAAmB,QAAA,WAAmB,OAAA;;;KCpBhD,aAAA;AAAA,KACA,SAAA,GAAY,SAAA;AAAA,KACZ,UAAA;EAAA,CAAgB,GAAA,WAAc,SAAA;AAAA;AAAA,KAC9B,SAAA,GAAY,SAAA,GAAY,UAAA,GAAa,aAAA;AAAA,cAEpC,eAAA,EAAiB,CAAA,CAAE,OAAA,CAAQ,SAAA;AAAA,cAW3B,gBAAA,EAAkB,CAAA,CAAE,OAAA,CAAQ,UAAA;AAAA,iBAEzB,YAAA,CAAa,KAAA,YAAiB,KAAA,IAAS,UAAA;AAAA,iBAIvC,gBAAA,CAAiB,KAAA,WAAgB,KAAA,WAAgB,UAAA;;;cCtBpD,iBAAA,EAAiB,CAAA,CAAA,qBAAA,EAAA,CAAA,CAAA,SAAA;;;;;;;KAelB,WAAA,GAAc,CAAA,CAAE,KAAA,QAAa,iBAAA;;;cCgC5B,qBAAA,EAAqB,CAAA,CAAA,SAAA;;;;;;;cAuBrB,iBAAA,EAAiB,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAcjB,eAAA,EAAe,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAQhB,SAAA,GAAY,CAAA,CAAE,KAAA,QAAa,eAAA;AAAA,KAC3B,WAAA,GAAc,CAAA,CAAE,KAAA,QAAa,iBAAA;AAAA,KAE7B,mBAAA;EAAA,SAEA,OAAA,EAAS,QAAA,CAAS,MAAA,SAAe,WAAA;EAAA,SACjC,SAAA;EAAA,SACA,SAAA;EAAA,SACA,GAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,GAAA;EAAA,SACA,GAAA,EAAK,QAAA,CAAS,MAAA,SAAe,WAAA;EAAA,SAC7B,SAAA;EAAA,SACA,SAAA;AAAA;AAAA,iBAGU,aAAA,CAAc,UAAA,WAAqB,OAAA,CAAQ,SAAA;AAAA,iBAIjD,4BAAA,CAA6B,MAAA,EAAQ,SAAA,YAAqB,mBAAA;;;cChH7D,sBAAA,EAAsB,CAAA,CAAA,SAAA;;;;KAOvB,gBAAA,GAAmB,CAAA,CAAE,KAAA,QAAa,sBAAA;AAAA,cAEjC,0BAAA,EAA0B,CAAA,CAAA,SAAA
|
|
1
|
+
{"version":3,"file":"index.d.ts","names":[],"sources":["../src/json-config-file.ts","../src/json-value.ts","../src/secret-value.ts","../src/mcp-config.ts","../src/mcp-portal-config.ts","../src/mcp-portal-approval-policy.ts","../src/schema-artifacts.ts"],"mappings":";;;iBAsBsB,kBAAA,CAAmB,QAAA,WAAmB,OAAA;;;KCpBhD,aAAA;AAAA,KACA,SAAA,GAAY,SAAA;AAAA,KACZ,UAAA;EAAA,CAAgB,GAAA,WAAc,SAAA;AAAA;AAAA,KAC9B,SAAA,GAAY,SAAA,GAAY,UAAA,GAAa,aAAA;AAAA,cAEpC,eAAA,EAAiB,CAAA,CAAE,OAAA,CAAQ,SAAA;AAAA,cAW3B,gBAAA,EAAkB,CAAA,CAAE,OAAA,CAAQ,UAAA;AAAA,iBAEzB,YAAA,CAAa,KAAA,YAAiB,KAAA,IAAS,UAAA;AAAA,iBAIvC,gBAAA,CAAiB,KAAA,WAAgB,KAAA,WAAgB,UAAA;;;cCtBpD,iBAAA,EAAiB,CAAA,CAAA,qBAAA,EAAA,CAAA,CAAA,SAAA;;;;;;;KAelB,WAAA,GAAc,CAAA,CAAE,KAAA,QAAa,iBAAA;;;cCgC5B,qBAAA,EAAqB,CAAA,CAAA,SAAA;;;;;;;cAuBrB,iBAAA,EAAiB,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAcjB,eAAA,EAAe,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAQhB,SAAA,GAAY,CAAA,CAAE,KAAA,QAAa,eAAA;AAAA,KAC3B,WAAA,GAAc,CAAA,CAAE,KAAA,QAAa,iBAAA;AAAA,KAE7B,mBAAA;EAAA,SAEA,OAAA,EAAS,QAAA,CAAS,MAAA,SAAe,WAAA;EAAA,SACjC,SAAA;EAAA,SACA,SAAA;EAAA,SACA,GAAA;AAAA;EAAA,SAGA,IAAA;EAAA,SACA,OAAA;EAAA,SACA,GAAA;EAAA,SACA,GAAA,EAAK,QAAA,CAAS,MAAA,SAAe,WAAA;EAAA,SAC7B,SAAA;EAAA,SACA,SAAA;AAAA;AAAA,iBAGU,aAAA,CAAc,UAAA,WAAqB,OAAA,CAAQ,SAAA;AAAA,iBAIjD,4BAAA,CAA6B,MAAA,EAAQ,SAAA,YAAqB,mBAAA;;;cChH7D,sBAAA,EAAsB,CAAA,CAAA,SAAA;;;;KAOvB,gBAAA,GAAmB,CAAA,CAAE,KAAA,QAAa,sBAAA;AAAA,cAEjC,wBAAA,EAAwB,CAAA,CAAA,SAAA;;;;KAOzB,kBAAA,GAAqB,CAAA,CAAE,KAAA,QAAa,wBAAA;AAAA,cAEnC,0BAAA,EAA0B,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAuB3B,oBAAA,GAAuB,CAAA,CAAE,KAAA,QAAa,0BAAA;AAAA,cAmCrC,gCAAA,EAAgC,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KA6BjC,0BAAA,GAA6B,CAAA,CAAE,KAAA,QAAa,gCAAA;AAAA,cAE3C,8BAAA,EAA8B,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAiB/B,wBAAA,GAA2B,CAAA,CAAE,KAAA,QAAa,8BAAA;AAAA,cAEzC,2BAAA,EAA2B,CAAA,CAAA,SAAA;;;;;;;;;KAM5B,2BAAA,GAA8B,CAAA,CAAE,KAAA,QAAa,2BAAA;AAAA,cAS5C,oBAAA,EAAoB,CAAA,CAAA,SAAA;;;;;;;;;KAwBrB,oBAAA,GAAuB,CAAA,CAAE,KAAA,QAAa,oBAAA;AAAA,cAErC,0BAAA,EAA0B,CAAA,CAAA,SAAA;;;;;;;;;;;KAQ3B,oBAAA,GAAuB,CAAA,CAAE,KAAA,QAAa,0BAAA;AAAA,cAErC,qBAAA,EAAqB,CAAA,CAAA,SAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAoB7B,qBAAA,GAAwB,CAAA,CAAE,KAAA,QAAa,qBAAA;AAAA,KAChC,eAAA,GAAkB,IAAA,CAAK,qBAAA;EAAA,SACzB,MAAA,EAAQ,QAAA,CAAS,MAAA,SAAe,oBAAA;AAAA;AAAA,cAG7B,mCAAA,EAAmC,CAAA,CAAA,SAAA;;;;KAOpC,6BAAA,GAAgC,CAAA,CAAE,KAAA,QAAa,mCAAA;AAAA,iBAcrC,mBAAA,CAAoB,UAAA,WAAqB,OAAA,CAAQ,eAAA;AAAA,iBA2FvD,uBAAA,CACf,MAAA,EAAQ,eAAA,EACR,WAAA,WACE,wBAAA;AAAA,iBAQa,iCAAA,CAAkC,MAAA,EAAQ,WAAA;;;UCxUzC,gCAAA;EAAA,SACP,eAAA;EAAA,SACA,YAAA;AAAA;AAAA,UAGO,yBAAA;EAAA,SACP,WAAA,GAAc,gCAAA;EAAA,SACd,SAAA;EAAA,SACA,QAAA;AAAA;AAAA,KAyCE,2BAAA;EAAA,SACE,IAAA;AAAA;EAAA,SACA,IAAA;AAAA;EAAA,SACA,IAAA;AAAA;AAAA,iBAEE,2BAAA,CACf,OAAA,EAAS,wBAAA,EACT,IAAA,EAAM,yBAAA,GACJ,2BAAA;AAAA,iBAqBa,6BAAA,CACf,OAAA,EAAS,wBAAA,EACT,IAAA,EAAM,yBAAA;;;cC7EM,6BAAA;EAAA,SAGH,GAAA;EAAA,SAAA,SAAA;AAAA;AAAA,cAEG,wBAAA;EAAA,SAGH,GAAA;EAAA,SAAA,SAAA;AAAA;AAAA,cAEG,0BAAA;EAAA,SAGH,oBAAA;EAAA,SAAA,0BAAA;AAAA;AAAA,UAEO,6BAAA;EAAA,SACP,GAAA,EAAK,MAAA;EAAA,SACL,SAAA,EAAW,MAAA;AAAA;AAAA,iBAUL,mCAAA,CAAA,GAAuC,6BAAA"}
|
package/dist/index.js
CHANGED
|
@@ -140,14 +140,23 @@ function mcpConfigToResolvedProviders(config) {
|
|
|
140
140
|
function selectorMatches(selectors, namespace, toolName) {
|
|
141
141
|
return selectors.some((selector) => selector.namespace === namespace && selector.toolName === toolName);
|
|
142
142
|
}
|
|
143
|
+
function namespaceSelectorMatches(profile, selectorKind, namespace, toolName) {
|
|
144
|
+
const selector = (profile.approval.callPoliciesByNamespace ?? {})[namespace]?.[selectorKind];
|
|
145
|
+
if (selector === void 0) return false;
|
|
146
|
+
if ((selector.deny ?? []).includes(toolName)) return false;
|
|
147
|
+
return selector.allow === "*" || selector.allow.includes(toolName);
|
|
148
|
+
}
|
|
143
149
|
function hasTrustedReadOnlyAnnotation(profile, call) {
|
|
144
150
|
return profile.approval.annotationPolicy === "destructive-requires-approval" && profile.approval.trustedAnnotationNamespaces.includes(call.namespace) && call.annotations?.readOnlyHint === true && call.annotations.destructiveHint !== true;
|
|
145
151
|
}
|
|
152
|
+
function mcpPortalCallPolicyDecision(profile, call) {
|
|
153
|
+
if (selectorMatches(profile.approval.allowWithoutApprovalTools, call.namespace, call.toolName) || namespaceSelectorMatches(profile, "withoutApproval", call.namespace, call.toolName) || hasTrustedReadOnlyAnnotation(profile, call)) return { kind: "allow_without_approval" };
|
|
154
|
+
if (profile.approval.annotationPolicy === "always-require-approval") return { kind: "requires_approval" };
|
|
155
|
+
if (selectorMatches(profile.approval.alwaysAskTools, call.namespace, call.toolName) || selectorMatches(profile.approval.writeTools, call.namespace, call.toolName) || namespaceSelectorMatches(profile, "requiresApproval", call.namespace, call.toolName)) return { kind: "requires_approval" };
|
|
156
|
+
return { kind: "blocked" };
|
|
157
|
+
}
|
|
146
158
|
function mcpPortalCallRequiresApproval(profile, call) {
|
|
147
|
-
|
|
148
|
-
if (profile.approval.annotationPolicy === "always-require-approval") return true;
|
|
149
|
-
if (selectorMatches(profile.approval.alwaysAskTools, call.namespace, call.toolName) || selectorMatches(profile.approval.writeTools, call.namespace, call.toolName)) return true;
|
|
150
|
-
return !hasTrustedReadOnlyAnnotation(profile, call);
|
|
159
|
+
return mcpPortalCallPolicyDecision(profile, call).kind === "requires_approval";
|
|
151
160
|
}
|
|
152
161
|
//#endregion
|
|
153
162
|
//#region src/mcp-portal-config.ts
|
|
@@ -155,24 +164,25 @@ const namespaceToolRefSchema = z.object({
|
|
|
155
164
|
namespace: z.string().min(1),
|
|
156
165
|
toolName: z.string().min(1)
|
|
157
166
|
}).strict();
|
|
167
|
+
const portalToolSelectorSchema = z.object({
|
|
168
|
+
allow: z.union([z.literal("*"), z.array(z.string().min(1))]),
|
|
169
|
+
deny: z.array(z.string().min(1)).default([])
|
|
170
|
+
}).strict();
|
|
158
171
|
const portalApprovalConfigSchema = z.object({
|
|
159
172
|
allowWithoutApprovalTools: z.array(namespaceToolRefSchema).default([]),
|
|
160
173
|
alwaysAskTools: z.array(namespaceToolRefSchema).default([]),
|
|
161
174
|
annotationPolicy: z.enum(["destructive-requires-approval", "always-require-approval"]).default("destructive-requires-approval"),
|
|
175
|
+
callPoliciesByNamespace: z.record(z.string().min(1), z.object({
|
|
176
|
+
requiresApproval: portalToolSelectorSchema,
|
|
177
|
+
withoutApproval: portalToolSelectorSchema
|
|
178
|
+
}).strict()).default({}),
|
|
162
179
|
trustedAnnotationNamespaces: z.array(z.string().min(1)).default([]),
|
|
163
180
|
writeTools: z.array(namespaceToolRefSchema).default([])
|
|
164
181
|
}).strict();
|
|
165
|
-
const
|
|
166
|
-
|
|
167
|
-
|
|
182
|
+
const portalNamespaceCallPolicySchema = z.object({
|
|
183
|
+
requiresApproval: portalToolSelectorSchema,
|
|
184
|
+
withoutApproval: portalToolSelectorSchema
|
|
168
185
|
}).strict();
|
|
169
|
-
const portalNamespaceEnabledToolsSchema = z.object({ enabled: z.array(z.string().min(1)).min(1) }).strict();
|
|
170
|
-
const portalNamespaceDisabledToolsSchema = z.object({ disabled: z.literal(true) }).strict();
|
|
171
|
-
const portalNamespaceToolsSchema = z.union([
|
|
172
|
-
portalNamespaceEnableAllToolsSchema,
|
|
173
|
-
portalNamespaceEnabledToolsSchema,
|
|
174
|
-
portalNamespaceDisabledToolsSchema
|
|
175
|
-
]);
|
|
176
186
|
const portalNamespaceApprovalSchema = z.object({
|
|
177
187
|
allowWithoutApproval: z.array(z.string().min(1)).default([]),
|
|
178
188
|
alwaysAsk: z.array(z.string().min(1)).default([]),
|
|
@@ -185,8 +195,9 @@ const portalNamespacePolicySchema = z.object({
|
|
|
185
195
|
alwaysAsk: [],
|
|
186
196
|
trustedAnnotations: false,
|
|
187
197
|
write: []
|
|
188
|
-
}),
|
|
189
|
-
|
|
198
|
+
}).optional(),
|
|
199
|
+
calls: portalNamespaceCallPolicySchema,
|
|
200
|
+
tools: portalToolSelectorSchema
|
|
190
201
|
}).strict();
|
|
191
202
|
const mcpPortalProfileDefinitionSchema = z.object({
|
|
192
203
|
approval: z.object({ annotationPolicy: portalApprovalConfigSchema.shape.annotationPolicy.optional() }).strict().optional(),
|
|
@@ -269,23 +280,30 @@ function namespaceToolRefs(namespaces, selector) {
|
|
|
269
280
|
toolName
|
|
270
281
|
})));
|
|
271
282
|
}
|
|
283
|
+
function selectorAllowList(selector) {
|
|
284
|
+
return selector.allow === "*" ? [] : selector.allow;
|
|
285
|
+
}
|
|
286
|
+
function selectorHasVisibleTools(selector) {
|
|
287
|
+
return selector.allow === "*" || selector.allow.length > 0;
|
|
288
|
+
}
|
|
272
289
|
function activeNamespaces(namespaces) {
|
|
273
|
-
return Object.fromEntries(Object.entries(namespaces).filter(([, policy]) =>
|
|
290
|
+
return Object.fromEntries(Object.entries(namespaces).filter(([, policy]) => selectorHasVisibleTools(policy.tools)));
|
|
274
291
|
}
|
|
275
292
|
function compileNamespaceApproval(namespaces, annotationPolicy) {
|
|
276
293
|
return portalApprovalConfigSchema.parse({
|
|
277
|
-
allowWithoutApprovalTools: namespaceToolRefs(namespaces, (policy) => policy.approval?.allowWithoutApproval ?? []),
|
|
294
|
+
allowWithoutApprovalTools: namespaceToolRefs(namespaces, (policy) => [...selectorAllowList(policy.calls.withoutApproval), ...policy.approval?.allowWithoutApproval ?? []]),
|
|
278
295
|
annotationPolicy,
|
|
279
|
-
alwaysAskTools: namespaceToolRefs(namespaces, (policy) => policy.approval?.alwaysAsk ?? []),
|
|
296
|
+
alwaysAskTools: namespaceToolRefs(namespaces, (policy) => [...selectorAllowList(policy.calls.requiresApproval), ...policy.approval?.alwaysAsk ?? []]),
|
|
297
|
+
callPoliciesByNamespace: Object.fromEntries(Object.entries(namespaces).map(([namespace, policy]) => [namespace, policy.calls])),
|
|
280
298
|
trustedAnnotationNamespaces: Object.entries(namespaces).filter(([, policy]) => policy.approval?.trustedAnnotations).map(([namespace]) => namespace),
|
|
281
299
|
writeTools: namespaceToolRefs(namespaces, (policy) => policy.approval?.write ?? [])
|
|
282
300
|
});
|
|
283
301
|
}
|
|
284
302
|
function compileEnabledToolsByNamespace(namespaces) {
|
|
285
|
-
return Object.fromEntries(Object.entries(namespaces).filter(([, policy]) =>
|
|
303
|
+
return Object.fromEntries(Object.entries(namespaces).filter(([, policy]) => policy.tools.allow !== "*").map(([namespace, policy]) => [namespace, selectorAllowList(policy.tools)]));
|
|
286
304
|
}
|
|
287
305
|
function compileHiddenToolsByNamespace(namespaces) {
|
|
288
|
-
return Object.fromEntries(Object.entries(namespaces).filter(([, policy]) =>
|
|
306
|
+
return Object.fromEntries(Object.entries(namespaces).filter(([, policy]) => (policy.tools.deny ?? []).length > 0).map(([namespace, policy]) => [namespace, policy.tools.deny ?? []]));
|
|
289
307
|
}
|
|
290
308
|
function compileProfileFromNamespaces(namespaces, profile) {
|
|
291
309
|
const annotationPolicy = profile.approval?.annotationPolicy ?? defaultProfile.approval.annotationPolicy;
|
|
@@ -336,6 +354,6 @@ function createConfigContractSchemaArtifacts() {
|
|
|
336
354
|
};
|
|
337
355
|
}
|
|
338
356
|
//#endregion
|
|
339
|
-
export { assertJsonObject, createConfigContractSchemaArtifacts, isJsonObject, jsonObjectSchema, jsonValueSchema, loadJsonConfigFile, loadMcpConfig, loadMcpPortalConfig, mcpConfigSchema, mcpConfigToResolvedProviders, mcpPortalAgentConfigSchema, mcpPortalCallRequiresApproval, mcpPortalConfigSchema, mcpPortalConfigSchemaIds, mcpPortalConfigSchemaPaths, mcpPortalConfigSchemaVersions, mcpPortalExternalAuthSchema, mcpPortalProfileDefinitionSchema, mcpPortalProxySchema, mcpProviderSchema, mcpSecretPolicySchema, namespaceToolRefSchema, openClawMcpPortalPluginConfigSchema, portalApprovalConfigSchema, resolveMcpPortalProfile, resolvedMcpPortalProfileSchema, secretValueSchema, secretValueToEnvironmentReference };
|
|
357
|
+
export { assertJsonObject, createConfigContractSchemaArtifacts, isJsonObject, jsonObjectSchema, jsonValueSchema, loadJsonConfigFile, loadMcpConfig, loadMcpPortalConfig, mcpConfigSchema, mcpConfigToResolvedProviders, mcpPortalAgentConfigSchema, mcpPortalCallPolicyDecision, mcpPortalCallRequiresApproval, mcpPortalConfigSchema, mcpPortalConfigSchemaIds, mcpPortalConfigSchemaPaths, mcpPortalConfigSchemaVersions, mcpPortalExternalAuthSchema, mcpPortalProfileDefinitionSchema, mcpPortalProxySchema, mcpProviderSchema, mcpSecretPolicySchema, namespaceToolRefSchema, openClawMcpPortalPluginConfigSchema, portalApprovalConfigSchema, portalToolSelectorSchema, resolveMcpPortalProfile, resolvedMcpPortalProfileSchema, secretValueSchema, secretValueToEnvironmentReference };
|
|
340
358
|
|
|
341
359
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":[],"sources":["../src/json-config-file.ts","../src/json-value.ts","../src/secret-value.ts","../src/mcp-config.ts","../src/mcp-portal-approval-policy.ts","../src/mcp-portal-config.ts","../src/schema-artifacts.ts"],"sourcesContent":["import { readFile } from 'node:fs/promises';\n\nimport { parse, type ParseError, type ParseOptions, printParseErrorCode } from 'jsonc-parser';\n\nconst parseJsoncToUnknown: (text: string, errors: ParseError[], options: ParseOptions) => unknown =\n\tparse;\n\nfunction formatLineColumn(text: string, offset: number): string {\n\tconst prefix = text.slice(0, offset);\n\tconst line = prefix.split('\\n').length;\n\tconst lastLineBreakIndex = prefix.lastIndexOf('\\n');\n\tconst column = offset - lastLineBreakIndex;\n\treturn `line ${line}, column ${column}`;\n}\n\nfunction formatParseError(filePath: string, text: string, error: ParseError): string {\n\treturn [\n\t\t`Invalid JSONC in ${filePath}: ${formatLineColumn(text, error.offset)}:`,\n\t\tprintParseErrorCode(error.error),\n\t].join(' ');\n}\n\nexport async function loadJsonConfigFile(filePath: string): Promise<unknown> {\n\tconst rawConfig = await readFile(filePath, 'utf8');\n\tconst parseErrors: ParseError[] = [];\n\tconst parsedConfig = parseJsoncToUnknown(rawConfig, parseErrors, {\n\t\tallowTrailingComma: true,\n\t\tdisallowComments: false,\n\t});\n\n\tif (parseErrors.length > 0) {\n\t\tconst firstParseError = parseErrors[0];\n\t\tif (firstParseError !== undefined) {\n\t\t\tthrow new Error(formatParseError(filePath, rawConfig, firstParseError));\n\t\t}\n\t}\n\n\treturn parsedConfig;\n}\n","import { z } from 'zod';\n\nexport type JsonPrimitive = boolean | null | number | string;\nexport type JsonArray = JsonValue[];\nexport type JsonObject = { [key: string]: JsonValue };\nexport type JsonValue = JsonArray | JsonObject | JsonPrimitive;\n\nexport const jsonValueSchema: z.ZodType<JsonValue> = z.lazy(() =>\n\tz.union([\n\t\tz.string(),\n\t\tz.number().finite(),\n\t\tz.boolean(),\n\t\tz.null(),\n\t\tz.array(jsonValueSchema),\n\t\tjsonObjectSchema,\n\t]),\n);\n\nexport const jsonObjectSchema: z.ZodType<JsonObject> = z.record(z.string(), jsonValueSchema);\n\nexport function isJsonObject(value: unknown): value is JsonObject {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nexport function assertJsonObject(value: unknown, label: string): JsonObject {\n\tif (!isJsonObject(value)) {\n\t\tthrow new Error(`${label} must be a JSON object.`);\n\t}\n\n\treturn jsonObjectSchema.parse(value);\n}\n","import { z } from 'zod';\n\nexport const secretValueSchema = z.discriminatedUnion('source', [\n\tz\n\t\t.object({\n\t\t\tsource: z.literal('environment'),\n\t\t\tname: z.string().min(1),\n\t\t})\n\t\t.strict(),\n\tz\n\t\t.object({\n\t\t\tsource: z.literal('1password'),\n\t\t\tref: z.string().regex(/^op:\\/\\//u, '1Password refs must start with op://'),\n\t\t})\n\t\t.strict(),\n]);\n\nexport type SecretValue = z.infer<typeof secretValueSchema>;\n","import { z } from 'zod';\n\nimport { loadJsonConfigFile } from './json-config-file.js';\nimport { secretValueSchema, type SecretValue } from './secret-value.js';\n\nconst mcpProviderDiscoverySchema = z\n\t.object({\n\t\tsummary: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nconst remoteTransportUrlSchema = z.url().refine(\n\t(value) => {\n\t\tconst protocol = new URL(value).protocol;\n\t\treturn protocol === 'http:' || protocol === 'https:';\n\t},\n\t{ message: 'Remote MCP transport URLs must use http or https.' },\n);\n\nconst streamableHttpTransportSchema = z\n\t.object({\n\t\tkind: z.literal('streamable-http'),\n\t\turl: remoteTransportUrlSchema,\n\t\theaders: z.record(z.string(), secretValueSchema).default({}),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst sseTransportSchema = z\n\t.object({\n\t\tkind: z.literal('sse'),\n\t\turl: remoteTransportUrlSchema,\n\t\theaders: z.record(z.string(), secretValueSchema).default({}),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst stdioTransportSchema = z\n\t.object({\n\t\tkind: z.literal('stdio'),\n\t\tcommand: z.string().min(1),\n\t\targs: z.array(z.string()).default([]),\n\t\tcwd: z.string().min(1).optional(),\n\t\tenv: z.record(z.string(), secretValueSchema).default({}),\n\t\tnetworkAccess: z.enum(['declared', 'none']).optional(),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nexport const mcpSecretPolicySchema = z\n\t.object({\n\t\thosts: z.array(z.string()).default([]),\n\t\tinjection: z.enum(['env', 'http-mediation']),\n\t})\n\t.strict()\n\t.superRefine((policy, context) => {\n\t\tif (policy.injection === 'http-mediation' && policy.hosts.length === 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'http-mediation secret policies must declare at least one host.',\n\t\t\t\tpath: ['hosts'],\n\t\t\t});\n\t\t}\n\t\tif (policy.injection === 'env' && policy.hosts.length > 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'env secret policies must not declare hosts.',\n\t\t\t\tpath: ['hosts'],\n\t\t\t});\n\t\t}\n\t});\n\nexport const mcpProviderSchema = z\n\t.object({\n\t\tkind: z.literal('mcp'),\n\t\tnamespace: z.string().min(1),\n\t\tdiscovery: mcpProviderDiscoverySchema.default({}),\n\t\tsecretPolicies: z.record(z.string().min(1), mcpSecretPolicySchema).default({}),\n\t\ttransport: z.discriminatedUnion('kind', [\n\t\t\tstreamableHttpTransportSchema,\n\t\t\tsseTransportSchema,\n\t\t\tstdioTransportSchema,\n\t\t]),\n\t})\n\t.strict();\n\nexport const mcpConfigSchema = z\n\t.object({\n\t\t$schema: z.string().min(1).optional(),\n\t\tschemaVersion: z.literal(1),\n\t\tproviders: z.record(z.string().min(1), mcpProviderSchema).default({}),\n\t})\n\t.strict();\n\nexport type McpConfig = z.infer<typeof mcpConfigSchema>;\nexport type McpProvider = z.infer<typeof mcpProviderSchema>;\n\nexport type ResolvedMcpProvider =\n\t| {\n\t\t\treadonly headers: Readonly<Record<string, SecretValue>>;\n\t\t\treadonly namespace: string;\n\t\t\treadonly transport: 'streamable-http' | 'sse';\n\t\t\treadonly url: string;\n\t }\n\t| {\n\t\t\treadonly args: readonly string[];\n\t\t\treadonly command: string;\n\t\t\treadonly cwd?: string;\n\t\t\treadonly env: Readonly<Record<string, SecretValue>>;\n\t\t\treadonly namespace: string;\n\t\t\treadonly transport: 'stdio';\n\t };\n\nexport async function loadMcpConfig(configPath: string): Promise<McpConfig> {\n\treturn mcpConfigSchema.parse(await loadJsonConfigFile(configPath));\n}\n\nexport function mcpConfigToResolvedProviders(config: McpConfig): readonly ResolvedMcpProvider[] {\n\treturn Object.values(config.providers).map((provider) => {\n\t\tconst transport = provider.transport;\n\t\tif (transport.kind === 'stdio') {\n\t\t\tconst resolvedProvider: {\n\t\t\t\targs: readonly string[];\n\t\t\t\tcommand: string;\n\t\t\t\tcwd?: string;\n\t\t\t\tenv: Readonly<Record<string, SecretValue>>;\n\t\t\t\tnamespace: string;\n\t\t\t\ttransport: 'stdio';\n\t\t\t} = {\n\t\t\t\targs: transport.args,\n\t\t\t\tcommand: transport.command,\n\t\t\t\tenv: transport.env,\n\t\t\t\tnamespace: provider.namespace,\n\t\t\t\ttransport: transport.kind,\n\t\t\t};\n\t\t\tif (transport.cwd !== undefined) {\n\t\t\t\tresolvedProvider.cwd = transport.cwd;\n\t\t\t}\n\t\t\treturn resolvedProvider;\n\t\t}\n\n\t\treturn {\n\t\t\theaders: transport.headers,\n\t\t\tnamespace: provider.namespace,\n\t\t\ttransport: transport.kind,\n\t\t\turl: transport.url,\n\t\t};\n\t});\n}\n","import type { NamespaceToolRef, ResolvedMcpPortalProfile } from './mcp-portal-config.js';\n\nexport interface McpPortalApprovalToolAnnotations {\n\treadonly destructiveHint?: boolean | undefined;\n\treadonly readOnlyHint?: boolean | undefined;\n}\n\nexport interface McpPortalApprovalToolCall {\n\treadonly annotations?: McpPortalApprovalToolAnnotations;\n\treadonly namespace: string;\n\treadonly toolName: string;\n}\n\nfunction selectorMatches(\n\tselectors: readonly NamespaceToolRef[],\n\tnamespace: string,\n\ttoolName: string,\n): boolean {\n\treturn selectors.some(\n\t\t(selector) => selector.namespace === namespace && selector.toolName === toolName,\n\t);\n}\n\nfunction hasTrustedReadOnlyAnnotation(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): boolean {\n\treturn (\n\t\tprofile.approval.annotationPolicy === 'destructive-requires-approval' &&\n\t\tprofile.approval.trustedAnnotationNamespaces.includes(call.namespace) &&\n\t\tcall.annotations?.readOnlyHint === true &&\n\t\tcall.annotations.destructiveHint !== true\n\t);\n}\n\nexport function mcpPortalCallRequiresApproval(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): boolean {\n\tif (selectorMatches(profile.approval.allowWithoutApprovalTools, call.namespace, call.toolName)) {\n\t\treturn false;\n\t}\n\tif (profile.approval.annotationPolicy === 'always-require-approval') {\n\t\treturn true;\n\t}\n\tif (\n\t\tselectorMatches(profile.approval.alwaysAskTools, call.namespace, call.toolName) ||\n\t\tselectorMatches(profile.approval.writeTools, call.namespace, call.toolName)\n\t) {\n\t\treturn true;\n\t}\n\treturn !hasTrustedReadOnlyAnnotation(profile, call);\n}\n","import { z } from 'zod';\n\nimport { loadJsonConfigFile } from './json-config-file.js';\nimport { secretValueSchema, type SecretValue } from './secret-value.js';\n\nexport const namespaceToolRefSchema = z\n\t.object({\n\t\tnamespace: z.string().min(1),\n\t\ttoolName: z.string().min(1),\n\t})\n\t.strict();\n\nexport type NamespaceToolRef = z.infer<typeof namespaceToolRefSchema>;\n\nexport const portalApprovalConfigSchema = z\n\t.object({\n\t\tallowWithoutApprovalTools: z.array(namespaceToolRefSchema).default([]),\n\t\talwaysAskTools: z.array(namespaceToolRefSchema).default([]),\n\t\tannotationPolicy: z\n\t\t\t.enum(['destructive-requires-approval', 'always-require-approval'])\n\t\t\t.default('destructive-requires-approval'),\n\t\ttrustedAnnotationNamespaces: z.array(z.string().min(1)).default([]),\n\t\twriteTools: z.array(namespaceToolRefSchema).default([]),\n\t})\n\t.strict();\n\nexport type PortalApprovalConfig = z.infer<typeof portalApprovalConfigSchema>;\n\nconst portalNamespaceEnableAllToolsSchema = z\n\t.object({\n\t\tenableAll: z.literal(true),\n\t\thidden: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst portalNamespaceEnabledToolsSchema = z\n\t.object({\n\t\tenabled: z.array(z.string().min(1)).min(1),\n\t})\n\t.strict();\n\nconst portalNamespaceDisabledToolsSchema = z\n\t.object({\n\t\tdisabled: z.literal(true),\n\t})\n\t.strict();\n\nconst portalNamespaceToolsSchema = z.union([\n\tportalNamespaceEnableAllToolsSchema,\n\tportalNamespaceEnabledToolsSchema,\n\tportalNamespaceDisabledToolsSchema,\n]);\n\nconst portalNamespaceApprovalSchema = z\n\t.object({\n\t\tallowWithoutApproval: z.array(z.string().min(1)).default([]),\n\t\talwaysAsk: z.array(z.string().min(1)).default([]),\n\t\ttrustedAnnotations: z.boolean().default(false),\n\t\twrite: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst defaultPortalNamespaceApproval = {\n\tallowWithoutApproval: [],\n\talwaysAsk: [],\n\ttrustedAnnotations: false,\n\twrite: [],\n} satisfies z.infer<typeof portalNamespaceApprovalSchema>;\n\nconst portalNamespacePolicySchema = z\n\t.object({\n\t\tapproval: portalNamespaceApprovalSchema.default(defaultPortalNamespaceApproval),\n\t\ttools: portalNamespaceToolsSchema,\n\t})\n\t.strict();\n\ntype PortalNamespacePolicy = z.infer<typeof portalNamespacePolicySchema>;\n\nexport const mcpPortalProfileDefinitionSchema = z\n\t.object({\n\t\tapproval: z\n\t\t\t.object({\n\t\t\t\tannotationPolicy: portalApprovalConfigSchema.shape.annotationPolicy.optional(),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tnamespaces: z.record(z.string().min(1), portalNamespacePolicySchema).default({}),\n\t\tlogging: z\n\t\t\t.object({ enabled: z.boolean().default(false) })\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tpromptContext: z\n\t\t\t.object({\n\t\t\t\tenabled: z.boolean().default(true),\n\t\t\t\tmaxNamespaces: z.number().int().positive().default(12),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tcache: z\n\t\t\t.object({\n\t\t\t\tcatalogTtlMs: z.number().int().positive().default(60_000),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t})\n\t.strict();\n\nexport type McpPortalProfileDefinition = z.infer<typeof mcpPortalProfileDefinitionSchema>;\n\nexport const resolvedMcpPortalProfileSchema = z\n\t.object({\n\t\tenabledNamespaces: z.array(z.string().min(1)),\n\t\tenabledToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))),\n\t\thiddenToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))),\n\t\tlogging: z.object({ enabled: z.boolean() }).strict(),\n\t\tpromptContext: z\n\t\t\t.object({\n\t\t\t\tenabled: z.boolean(),\n\t\t\t\tmaxNamespaces: z.number().int().positive(),\n\t\t\t})\n\t\t\t.strict(),\n\t\tcache: z.object({ catalogTtlMs: z.number().int().positive() }).strict(),\n\t\tapproval: portalApprovalConfigSchema,\n\t})\n\t.strict();\n\nexport type ResolvedMcpPortalProfile = z.infer<typeof resolvedMcpPortalProfileSchema>;\n\nexport const mcpPortalExternalAuthSchema = z\n\t.object({\n\t\tmasterKey: secretValueSchema,\n\t})\n\t.strict();\n\nexport type McpPortalExternalAuthConfig = z.infer<typeof mcpPortalExternalAuthSchema>;\n\nfunction isLoopbackProxyHost(host: string): boolean {\n\tconst normalizedHost = host.toLowerCase();\n\treturn (\n\t\tnormalizedHost === 'localhost' || normalizedHost === '127.0.0.1' || normalizedHost === '::1'\n\t);\n}\n\nexport const mcpPortalProxySchema = z\n\t.object({\n\t\tserver: z\n\t\t\t.object({\n\t\t\t\thost: z\n\t\t\t\t\t.string()\n\t\t\t\t\t.min(1)\n\t\t\t\t\t.refine(isLoopbackProxyHost, {\n\t\t\t\t\t\tmessage: 'mcpProxy.server.host must be loopback-only for HTTP bearer auth.',\n\t\t\t\t\t})\n\t\t\t\t\t.default('127.0.0.1'),\n\t\t\t\tport: z.number().int().min(1).max(65_535).default(18_791),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.default({ host: '127.0.0.1', port: 18_791 }),\n\t\tauth: z\n\t\t\t.object({\n\t\t\t\theaderName: z.string().min(1).default('authorization'),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.default({ headerName: 'authorization' }),\n\t})\n\t.strict();\n\nexport type McpPortalProxyConfig = z.infer<typeof mcpPortalProxySchema>;\n\nexport const mcpPortalAgentConfigSchema = z\n\t.object({\n\t\tcredentialVersion: z.number().int().positive().default(1),\n\t\tprofile: z.string().min(1),\n\t\thmacKey: secretValueSchema.optional(),\n\t})\n\t.strict();\n\nexport type McpPortalAgentConfig = z.infer<typeof mcpPortalAgentConfigSchema>;\n\nexport const mcpPortalConfigSchema = z\n\t.object({\n\t\t$schema: z.string().min(1).optional(),\n\t\tschemaVersion: z.literal(1),\n\t\texternalAuth: mcpPortalExternalAuthSchema.optional(),\n\t\tmcpProxy: mcpPortalProxySchema.optional(),\n\t\tagents: z.record(z.string().min(1), mcpPortalAgentConfigSchema).default({}),\n\t\tprofiles: z.record(z.string().min(1), mcpPortalProfileDefinitionSchema),\n\t})\n\t.strict()\n\t.superRefine((config, context) => {\n\t\tif (Object.keys(config.profiles).length === 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'mcp-portal.config.jsonc must define at least one profile.',\n\t\t\t\tpath: ['profiles'],\n\t\t\t});\n\t\t}\n\t});\n\ntype ParsedMcpPortalConfig = z.infer<typeof mcpPortalConfigSchema>;\nexport type McpPortalConfig = Omit<ParsedMcpPortalConfig, 'agents'> & {\n\treadonly agents: Readonly<Record<string, McpPortalAgentConfig>>;\n};\n\nexport const openClawMcpPortalPluginConfigSchema = z\n\t.object({\n\t\tconfigDir: z.string().min(1),\n\t\tbinPath: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nexport type OpenClawMcpPortalPluginConfig = z.infer<typeof openClawMcpPortalPluginConfigSchema>;\n\nconst defaultProfile: ResolvedMcpPortalProfile = {\n\tapproval: portalApprovalConfigSchema.parse({}),\n\tcache: { catalogTtlMs: 60_000 },\n\tenabledNamespaces: [],\n\tenabledToolsByNamespace: {},\n\thiddenToolsByNamespace: {},\n\tlogging: { enabled: false },\n\tpromptContext: { enabled: true, maxNamespaces: 12 },\n};\n\ntype AuthoredPortalNamespaces = McpPortalProfileDefinition['namespaces'];\n\nexport async function loadMcpPortalConfig(configPath: string): Promise<McpPortalConfig> {\n\treturn mcpPortalConfigSchema.parse(await loadJsonConfigFile(configPath));\n}\n\nfunction namespaceToolRefs(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n\tselector: (policy: PortalNamespacePolicy) => readonly string[],\n): readonly NamespaceToolRef[] {\n\treturn Object.entries(namespaces).flatMap(([namespace, policy]) =>\n\t\tselector(policy).map((toolName) => ({ namespace, toolName })),\n\t);\n}\n\nfunction activeNamespaces(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n): Readonly<Record<string, PortalNamespacePolicy>> {\n\treturn Object.fromEntries(\n\t\tObject.entries(namespaces).filter(([, policy]) => !('disabled' in policy.tools)),\n\t);\n}\n\nfunction compileNamespaceApproval(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n\tannotationPolicy: PortalApprovalConfig['annotationPolicy'],\n): PortalApprovalConfig {\n\treturn portalApprovalConfigSchema.parse({\n\t\tallowWithoutApprovalTools: namespaceToolRefs(\n\t\t\tnamespaces,\n\t\t\t(policy) => policy.approval?.allowWithoutApproval ?? [],\n\t\t),\n\t\tannotationPolicy,\n\t\talwaysAskTools: namespaceToolRefs(namespaces, (policy) => policy.approval?.alwaysAsk ?? []),\n\t\ttrustedAnnotationNamespaces: Object.entries(namespaces)\n\t\t\t.filter(([, policy]) => policy.approval?.trustedAnnotations)\n\t\t\t.map(([namespace]) => namespace),\n\t\twriteTools: namespaceToolRefs(namespaces, (policy) => policy.approval?.write ?? []),\n\t});\n}\n\nfunction compileEnabledToolsByNamespace(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n): Record<string, readonly string[]> {\n\treturn Object.fromEntries(\n\t\tObject.entries(namespaces)\n\t\t\t.filter(([, policy]) => 'enabled' in policy.tools)\n\t\t\t.map(([namespace, policy]) => [\n\t\t\t\tnamespace,\n\t\t\t\t'enabled' in policy.tools ? policy.tools.enabled : [],\n\t\t\t]),\n\t);\n}\n\nfunction compileHiddenToolsByNamespace(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n): Record<string, readonly string[]> {\n\treturn Object.fromEntries(\n\t\tObject.entries(namespaces)\n\t\t\t.filter(([, policy]) => 'hidden' in policy.tools && policy.tools.hidden.length > 0)\n\t\t\t.map(([namespace, policy]) => [\n\t\t\t\tnamespace,\n\t\t\t\t'hidden' in policy.tools ? policy.tools.hidden : [],\n\t\t\t]),\n\t);\n}\n\nfunction compileProfileFromNamespaces(\n\tnamespaces: AuthoredPortalNamespaces,\n\tprofile: McpPortalProfileDefinition,\n): ResolvedMcpPortalProfile {\n\tconst annotationPolicy =\n\t\tprofile.approval?.annotationPolicy ?? defaultProfile.approval.annotationPolicy;\n\tconst activeNamespacePolicies = activeNamespaces(namespaces);\n\treturn resolvedMcpPortalProfileSchema.parse({\n\t\tapproval: compileNamespaceApproval(activeNamespacePolicies, annotationPolicy),\n\t\tcache: profile.cache ?? defaultProfile.cache,\n\t\tenabledNamespaces: Object.keys(activeNamespacePolicies),\n\t\tenabledToolsByNamespace: compileEnabledToolsByNamespace(activeNamespacePolicies),\n\t\thiddenToolsByNamespace: compileHiddenToolsByNamespace(activeNamespacePolicies),\n\t\tlogging: profile.logging ?? defaultProfile.logging,\n\t\tpromptContext: profile.promptContext ?? defaultProfile.promptContext,\n\t});\n}\n\nexport function resolveMcpPortalProfile(\n\tconfig: McpPortalConfig,\n\tprofileName: string,\n): ResolvedMcpPortalProfile {\n\tconst profile = config.profiles[profileName];\n\tif (profile === undefined) {\n\t\tthrow new Error(`unknown MCP profile '${profileName}'`);\n\t}\n\treturn compileProfileFromNamespaces(profile.namespaces, profile);\n}\n\nexport function secretValueToEnvironmentReference(secret: SecretValue): string {\n\tif (secret.source === 'environment') {\n\t\treturn `\\${${secret.name}}`;\n\t}\n\treturn secret.ref;\n}\n","import * as zod from 'zod';\n\nimport { mcpConfigSchema } from './mcp-config.js';\nimport { mcpPortalConfigSchema } from './mcp-portal-config.js';\n\nexport const mcpPortalConfigSchemaVersions = {\n\tmcp: 1,\n\tmcpPortal: 1,\n} as const;\n\nexport const mcpPortalConfigSchemaIds = {\n\tmcp: 'agent-vm:mcp:1',\n\tmcpPortal: 'agent-vm:mcp-portal:1',\n} as const;\n\nexport const mcpPortalConfigSchemaPaths = {\n\tmcpFromGatewayConfig: '../../schemas/mcp.schema.json',\n\tmcpPortalFromGatewayConfig: '../../schemas/mcp-portal.schema.json',\n} as const;\n\nexport interface ConfigContractSchemaArtifacts {\n\treadonly mcp: Record<string, unknown>;\n\treadonly mcpPortal: Record<string, unknown>;\n}\n\nfunction withSchemaId(schema: Record<string, unknown>, schemaId: string): Record<string, unknown> {\n\treturn {\n\t\t$id: schemaId,\n\t\t...schema,\n\t};\n}\n\nexport function createConfigContractSchemaArtifacts(): ConfigContractSchemaArtifacts {\n\treturn {\n\t\tmcp: withSchemaId(\n\t\t\tzod.toJSONSchema(mcpConfigSchema, { target: 'draft-07' }),\n\t\t\tmcpPortalConfigSchemaIds.mcp,\n\t\t),\n\t\tmcpPortal: withSchemaId(\n\t\t\tzod.toJSONSchema(mcpPortalConfigSchema, { target: 'draft-07' }),\n\t\t\tmcpPortalConfigSchemaIds.mcpPortal,\n\t\t),\n\t};\n}\n"],"mappings":";;;;;AAIA,MAAM,sBACL;AAED,SAAS,iBAAiB,MAAc,QAAwB;CAC/D,MAAM,SAAS,KAAK,MAAM,GAAG,OAAO;CAIpC,OAAO,QAHM,OAAO,MAAM,KAAK,CAAC,OAGZ,WADL,SADY,OAAO,YAAY,KACJ;;AAI3C,SAAS,iBAAiB,UAAkB,MAAc,OAA2B;CACpF,OAAO,CACN,oBAAoB,SAAS,IAAI,iBAAiB,MAAM,MAAM,OAAO,CAAC,IACtE,oBAAoB,MAAM,MAAM,CAChC,CAAC,KAAK,IAAI;;AAGZ,eAAsB,mBAAmB,UAAoC;CAC5E,MAAM,YAAY,MAAM,SAAS,UAAU,OAAO;CAClD,MAAM,cAA4B,EAAE;CACpC,MAAM,eAAe,oBAAoB,WAAW,aAAa;EAChE,oBAAoB;EACpB,kBAAkB;EAClB,CAAC;CAEF,IAAI,YAAY,SAAS,GAAG;EAC3B,MAAM,kBAAkB,YAAY;EACpC,IAAI,oBAAoB,KAAA,GACvB,MAAM,IAAI,MAAM,iBAAiB,UAAU,WAAW,gBAAgB,CAAC;;CAIzE,OAAO;;;;AC9BR,MAAa,kBAAwC,EAAE,WACtD,EAAE,MAAM;CACP,EAAE,QAAQ;CACV,EAAE,QAAQ,CAAC,QAAQ;CACnB,EAAE,SAAS;CACX,EAAE,MAAM;CACR,EAAE,MAAM,gBAAgB;CACxB;CACA,CAAC,CACF;AAED,MAAa,mBAA0C,EAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB;AAE5F,SAAgB,aAAa,OAAqC;CACjE,OAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAgB,iBAAiB,OAAgB,OAA2B;CAC3E,IAAI,CAAC,aAAa,MAAM,EACvB,MAAM,IAAI,MAAM,GAAG,MAAM,yBAAyB;CAGnD,OAAO,iBAAiB,MAAM,MAAM;;;;AC3BrC,MAAa,oBAAoB,EAAE,mBAAmB,UAAU,CAC/D,EACE,OAAO;CACP,QAAQ,EAAE,QAAQ,cAAc;CAChC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE;CACvB,CAAC,CACD,QAAQ,EACV,EACE,OAAO;CACP,QAAQ,EAAE,QAAQ,YAAY;CAC9B,KAAK,EAAE,QAAQ,CAAC,MAAM,aAAa,uCAAuC;CAC1E,CAAC,CACD,QAAQ,CACV,CAAC;;;ACVF,MAAM,6BAA6B,EACjC,OAAO,EACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,EACrC,CAAC,CACD,QAAQ;AAEV,MAAM,2BAA2B,EAAE,KAAK,CAAC,QACvC,UAAU;CACV,MAAM,WAAW,IAAI,IAAI,MAAM,CAAC;CAChC,OAAO,aAAa,WAAW,aAAa;GAE7C,EAAE,SAAS,qDAAqD,CAChE;AAED,MAAM,gCAAgC,EACpC,OAAO;CACP,MAAM,EAAE,QAAQ,kBAAkB;CAClC,KAAK;CACL,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CAC5D,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAM,qBAAqB,EACzB,OAAO;CACP,MAAM,EAAE,QAAQ,MAAM;CACtB,KAAK;CACL,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CAC5D,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAM,uBAAuB,EAC3B,OAAO;CACP,MAAM,EAAE,QAAQ,QAAQ;CACxB,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;CACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACjC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CACxD,eAAe,EAAE,KAAK,CAAC,YAAY,OAAO,CAAC,CAAC,UAAU;CACtD,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAa,wBAAwB,EACnC,OAAO;CACP,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;CACtC,WAAW,EAAE,KAAK,CAAC,OAAO,iBAAiB,CAAC;CAC5C,CAAC,CACD,QAAQ,CACR,aAAa,QAAQ,YAAY;CACjC,IAAI,OAAO,cAAc,oBAAoB,OAAO,MAAM,WAAW,GACpE,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,QAAQ;EACf,CAAC;CAEH,IAAI,OAAO,cAAc,SAAS,OAAO,MAAM,SAAS,GACvD,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,QAAQ;EACf,CAAC;EAEF;AAEH,MAAa,oBAAoB,EAC/B,OAAO;CACP,MAAM,EAAE,QAAQ,MAAM;CACtB,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,WAAW,2BAA2B,QAAQ,EAAE,CAAC;CACjD,gBAAgB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,sBAAsB,CAAC,QAAQ,EAAE,CAAC;CAC9E,WAAW,EAAE,mBAAmB,QAAQ;EACvC;EACA;EACA;EACA,CAAC;CACF,CAAC,CACD,QAAQ;AAEV,MAAa,kBAAkB,EAC7B,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,eAAe,EAAE,QAAQ,EAAE;CAC3B,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CACrE,CAAC,CACD,QAAQ;AAqBV,eAAsB,cAAc,YAAwC;CAC3E,OAAO,gBAAgB,MAAM,MAAM,mBAAmB,WAAW,CAAC;;AAGnE,SAAgB,6BAA6B,QAAmD;CAC/F,OAAO,OAAO,OAAO,OAAO,UAAU,CAAC,KAAK,aAAa;EACxD,MAAM,YAAY,SAAS;EAC3B,IAAI,UAAU,SAAS,SAAS;GAC/B,MAAM,mBAOF;IACH,MAAM,UAAU;IAChB,SAAS,UAAU;IACnB,KAAK,UAAU;IACf,WAAW,SAAS;IACpB,WAAW,UAAU;IACrB;GACD,IAAI,UAAU,QAAQ,KAAA,GACrB,iBAAiB,MAAM,UAAU;GAElC,OAAO;;EAGR,OAAO;GACN,SAAS,UAAU;GACnB,WAAW,SAAS;GACpB,WAAW,UAAU;GACrB,KAAK,UAAU;GACf;GACA;;;;ACtIH,SAAS,gBACR,WACA,WACA,UACU;CACV,OAAO,UAAU,MACf,aAAa,SAAS,cAAc,aAAa,SAAS,aAAa,SACxE;;AAGF,SAAS,6BACR,SACA,MACU;CACV,OACC,QAAQ,SAAS,qBAAqB,mCACtC,QAAQ,SAAS,4BAA4B,SAAS,KAAK,UAAU,IACrE,KAAK,aAAa,iBAAiB,QACnC,KAAK,YAAY,oBAAoB;;AAIvC,SAAgB,8BACf,SACA,MACU;CACV,IAAI,gBAAgB,QAAQ,SAAS,2BAA2B,KAAK,WAAW,KAAK,SAAS,EAC7F,OAAO;CAER,IAAI,QAAQ,SAAS,qBAAqB,2BACzC,OAAO;CAER,IACC,gBAAgB,QAAQ,SAAS,gBAAgB,KAAK,WAAW,KAAK,SAAS,IAC/E,gBAAgB,QAAQ,SAAS,YAAY,KAAK,WAAW,KAAK,SAAS,EAE3E,OAAO;CAER,OAAO,CAAC,6BAA6B,SAAS,KAAK;;;;AC9CpD,MAAa,yBAAyB,EACpC,OAAO;CACP,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,CAAC,CACD,QAAQ;AAIV,MAAa,6BAA6B,EACxC,OAAO;CACP,2BAA2B,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CACtE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CAC3D,kBAAkB,EAChB,KAAK,CAAC,iCAAiC,0BAA0B,CAAC,CAClE,QAAQ,gCAAgC;CAC1C,6BAA6B,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CACnE,YAAY,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CACvD,CAAC,CACD,QAAQ;AAIV,MAAM,sCAAsC,EAC1C,OAAO;CACP,WAAW,EAAE,QAAQ,KAAK;CAC1B,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC9C,CAAC,CACD,QAAQ;AAEV,MAAM,oCAAoC,EACxC,OAAO,EACP,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAC1C,CAAC,CACD,QAAQ;AAEV,MAAM,qCAAqC,EACzC,OAAO,EACP,UAAU,EAAE,QAAQ,KAAK,EACzB,CAAC,CACD,QAAQ;AAEV,MAAM,6BAA6B,EAAE,MAAM;CAC1C;CACA;CACA;CACA,CAAC;AAEF,MAAM,gCAAgC,EACpC,OAAO;CACP,sBAAsB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC5D,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CACjD,oBAAoB,EAAE,SAAS,CAAC,QAAQ,MAAM;CAC9C,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC7C,CAAC,CACD,QAAQ;AASV,MAAM,8BAA8B,EAClC,OAAO;CACP,UAAU,8BAA8B,QAAQ;EARjD,sBAAsB,EAAE;EACxB,WAAW,EAAE;EACb,oBAAoB;EACpB,OAAO,EAAE;EAKsE,CAAC;CAC/E,OAAO;CACP,CAAC,CACD,QAAQ;AAIV,MAAa,mCAAmC,EAC9C,OAAO;CACP,UAAU,EACR,OAAO,EACP,kBAAkB,2BAA2B,MAAM,iBAAiB,UAAU,EAC9E,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,YAAY,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,4BAA4B,CAAC,QAAQ,EAAE,CAAC;CAChF,SAAS,EACP,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,MAAM,EAAE,CAAC,CAC/C,QAAQ,CACR,UAAU;CACZ,eAAe,EACb,OAAO;EACP,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;EAClC,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,GAAG;EACtD,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,OAAO,EACL,OAAO,EACP,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAO,EACzD,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,CAAC,CACD,QAAQ;AAIV,MAAa,iCAAiC,EAC5C,OAAO;CACP,mBAAmB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;CAC7C,yBAAyB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CAChF,wBAAwB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CAC/E,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,QAAQ;CACpD,eAAe,EACb,OAAO;EACP,SAAS,EAAE,SAAS;EACpB,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;EAC1C,CAAC,CACD,QAAQ;CACV,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ;CACvE,UAAU;CACV,CAAC,CACD,QAAQ;AAIV,MAAa,8BAA8B,EACzC,OAAO,EACP,WAAW,mBACX,CAAC,CACD,QAAQ;AAIV,SAAS,oBAAoB,MAAuB;CACnD,MAAM,iBAAiB,KAAK,aAAa;CACzC,OACC,mBAAmB,eAAe,mBAAmB,eAAe,mBAAmB;;AAIzF,MAAa,uBAAuB,EAClC,OAAO;CACP,QAAQ,EACN,OAAO;EACP,MAAM,EACJ,QAAQ,CACR,IAAI,EAAE,CACN,OAAO,qBAAqB,EAC5B,SAAS,oEACT,CAAC,CACD,QAAQ,YAAY;EACtB,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,MAAO,CAAC,QAAQ,MAAO;EACzD,CAAC,CACD,QAAQ,CACR,QAAQ;EAAE,MAAM;EAAa,MAAM;EAAQ,CAAC;CAC9C,MAAM,EACJ,OAAO,EACP,YAAY,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,gBAAgB,EACtD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,YAAY,iBAAiB,CAAC;CAC1C,CAAC,CACD,QAAQ;AAIV,MAAa,6BAA6B,EACxC,OAAO;CACP,mBAAmB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE;CACzD,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,SAAS,kBAAkB,UAAU;CACrC,CAAC,CACD,QAAQ;AAIV,MAAa,wBAAwB,EACnC,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,eAAe,EAAE,QAAQ,EAAE;CAC3B,cAAc,4BAA4B,UAAU;CACpD,UAAU,qBAAqB,UAAU;CACzC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,2BAA2B,CAAC,QAAQ,EAAE,CAAC;CAC3E,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,iCAAiC;CACvE,CAAC,CACD,QAAQ,CACR,aAAa,QAAQ,YAAY;CACjC,IAAI,OAAO,KAAK,OAAO,SAAS,CAAC,WAAW,GAC3C,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,WAAW;EAClB,CAAC;EAEF;AAOH,MAAa,sCAAsC,EACjD,OAAO;CACP,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,CAAC,CACD,QAAQ;AAIV,MAAM,iBAA2C;CAChD,UAAU,2BAA2B,MAAM,EAAE,CAAC;CAC9C,OAAO,EAAE,cAAc,KAAQ;CAC/B,mBAAmB,EAAE;CACrB,yBAAyB,EAAE;CAC3B,wBAAwB,EAAE;CAC1B,SAAS,EAAE,SAAS,OAAO;CAC3B,eAAe;EAAE,SAAS;EAAM,eAAe;EAAI;CACnD;AAID,eAAsB,oBAAoB,YAA8C;CACvF,OAAO,sBAAsB,MAAM,MAAM,mBAAmB,WAAW,CAAC;;AAGzE,SAAS,kBACR,YACA,UAC8B;CAC9B,OAAO,OAAO,QAAQ,WAAW,CAAC,SAAS,CAAC,WAAW,YACtD,SAAS,OAAO,CAAC,KAAK,cAAc;EAAE;EAAW;EAAU,EAAE,CAC7D;;AAGF,SAAS,iBACR,YACkD;CAClD,OAAO,OAAO,YACb,OAAO,QAAQ,WAAW,CAAC,QAAQ,GAAG,YAAY,EAAE,cAAc,OAAO,OAAO,CAChF;;AAGF,SAAS,yBACR,YACA,kBACuB;CACvB,OAAO,2BAA2B,MAAM;EACvC,2BAA2B,kBAC1B,aACC,WAAW,OAAO,UAAU,wBAAwB,EAAE,CACvD;EACD;EACA,gBAAgB,kBAAkB,aAAa,WAAW,OAAO,UAAU,aAAa,EAAE,CAAC;EAC3F,6BAA6B,OAAO,QAAQ,WAAW,CACrD,QAAQ,GAAG,YAAY,OAAO,UAAU,mBAAmB,CAC3D,KAAK,CAAC,eAAe,UAAU;EACjC,YAAY,kBAAkB,aAAa,WAAW,OAAO,UAAU,SAAS,EAAE,CAAC;EACnF,CAAC;;AAGH,SAAS,+BACR,YACoC;CACpC,OAAO,OAAO,YACb,OAAO,QAAQ,WAAW,CACxB,QAAQ,GAAG,YAAY,aAAa,OAAO,MAAM,CACjD,KAAK,CAAC,WAAW,YAAY,CAC7B,WACA,aAAa,OAAO,QAAQ,OAAO,MAAM,UAAU,EAAE,CACrD,CAAC,CACH;;AAGF,SAAS,8BACR,YACoC;CACpC,OAAO,OAAO,YACb,OAAO,QAAQ,WAAW,CACxB,QAAQ,GAAG,YAAY,YAAY,OAAO,SAAS,OAAO,MAAM,OAAO,SAAS,EAAE,CAClF,KAAK,CAAC,WAAW,YAAY,CAC7B,WACA,YAAY,OAAO,QAAQ,OAAO,MAAM,SAAS,EAAE,CACnD,CAAC,CACH;;AAGF,SAAS,6BACR,YACA,SAC2B;CAC3B,MAAM,mBACL,QAAQ,UAAU,oBAAoB,eAAe,SAAS;CAC/D,MAAM,0BAA0B,iBAAiB,WAAW;CAC5D,OAAO,+BAA+B,MAAM;EAC3C,UAAU,yBAAyB,yBAAyB,iBAAiB;EAC7E,OAAO,QAAQ,SAAS,eAAe;EACvC,mBAAmB,OAAO,KAAK,wBAAwB;EACvD,yBAAyB,+BAA+B,wBAAwB;EAChF,wBAAwB,8BAA8B,wBAAwB;EAC9E,SAAS,QAAQ,WAAW,eAAe;EAC3C,eAAe,QAAQ,iBAAiB,eAAe;EACvD,CAAC;;AAGH,SAAgB,wBACf,QACA,aAC2B;CAC3B,MAAM,UAAU,OAAO,SAAS;CAChC,IAAI,YAAY,KAAA,GACf,MAAM,IAAI,MAAM,wBAAwB,YAAY,GAAG;CAExD,OAAO,6BAA6B,QAAQ,YAAY,QAAQ;;AAGjE,SAAgB,kCAAkC,QAA6B;CAC9E,IAAI,OAAO,WAAW,eACrB,OAAO,MAAM,OAAO,KAAK;CAE1B,OAAO,OAAO;;;;AC9Tf,MAAa,gCAAgC;CAC5C,KAAK;CACL,WAAW;CACX;AAED,MAAa,2BAA2B;CACvC,KAAK;CACL,WAAW;CACX;AAED,MAAa,6BAA6B;CACzC,sBAAsB;CACtB,4BAA4B;CAC5B;AAOD,SAAS,aAAa,QAAiC,UAA2C;CACjG,OAAO;EACN,KAAK;EACL,GAAG;EACH;;AAGF,SAAgB,sCAAqE;CACpF,OAAO;EACN,KAAK,aACJ,IAAI,aAAa,iBAAiB,EAAE,QAAQ,YAAY,CAAC,EACzD,yBAAyB,IACzB;EACD,WAAW,aACV,IAAI,aAAa,uBAAuB,EAAE,QAAQ,YAAY,CAAC,EAC/D,yBAAyB,UACzB;EACD"}
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../src/json-config-file.ts","../src/json-value.ts","../src/secret-value.ts","../src/mcp-config.ts","../src/mcp-portal-approval-policy.ts","../src/mcp-portal-config.ts","../src/schema-artifacts.ts"],"sourcesContent":["import { readFile } from 'node:fs/promises';\n\nimport { parse, type ParseError, type ParseOptions, printParseErrorCode } from 'jsonc-parser';\n\nconst parseJsoncToUnknown: (text: string, errors: ParseError[], options: ParseOptions) => unknown =\n\tparse;\n\nfunction formatLineColumn(text: string, offset: number): string {\n\tconst prefix = text.slice(0, offset);\n\tconst line = prefix.split('\\n').length;\n\tconst lastLineBreakIndex = prefix.lastIndexOf('\\n');\n\tconst column = offset - lastLineBreakIndex;\n\treturn `line ${line}, column ${column}`;\n}\n\nfunction formatParseError(filePath: string, text: string, error: ParseError): string {\n\treturn [\n\t\t`Invalid JSONC in ${filePath}: ${formatLineColumn(text, error.offset)}:`,\n\t\tprintParseErrorCode(error.error),\n\t].join(' ');\n}\n\nexport async function loadJsonConfigFile(filePath: string): Promise<unknown> {\n\tconst rawConfig = await readFile(filePath, 'utf8');\n\tconst parseErrors: ParseError[] = [];\n\tconst parsedConfig = parseJsoncToUnknown(rawConfig, parseErrors, {\n\t\tallowTrailingComma: true,\n\t\tdisallowComments: false,\n\t});\n\n\tif (parseErrors.length > 0) {\n\t\tconst firstParseError = parseErrors[0];\n\t\tif (firstParseError !== undefined) {\n\t\t\tthrow new Error(formatParseError(filePath, rawConfig, firstParseError));\n\t\t}\n\t}\n\n\treturn parsedConfig;\n}\n","import { z } from 'zod';\n\nexport type JsonPrimitive = boolean | null | number | string;\nexport type JsonArray = JsonValue[];\nexport type JsonObject = { [key: string]: JsonValue };\nexport type JsonValue = JsonArray | JsonObject | JsonPrimitive;\n\nexport const jsonValueSchema: z.ZodType<JsonValue> = z.lazy(() =>\n\tz.union([\n\t\tz.string(),\n\t\tz.number().finite(),\n\t\tz.boolean(),\n\t\tz.null(),\n\t\tz.array(jsonValueSchema),\n\t\tjsonObjectSchema,\n\t]),\n);\n\nexport const jsonObjectSchema: z.ZodType<JsonObject> = z.record(z.string(), jsonValueSchema);\n\nexport function isJsonObject(value: unknown): value is JsonObject {\n\treturn typeof value === 'object' && value !== null && !Array.isArray(value);\n}\n\nexport function assertJsonObject(value: unknown, label: string): JsonObject {\n\tif (!isJsonObject(value)) {\n\t\tthrow new Error(`${label} must be a JSON object.`);\n\t}\n\n\treturn jsonObjectSchema.parse(value);\n}\n","import { z } from 'zod';\n\nexport const secretValueSchema = z.discriminatedUnion('source', [\n\tz\n\t\t.object({\n\t\t\tsource: z.literal('environment'),\n\t\t\tname: z.string().min(1),\n\t\t})\n\t\t.strict(),\n\tz\n\t\t.object({\n\t\t\tsource: z.literal('1password'),\n\t\t\tref: z.string().regex(/^op:\\/\\//u, '1Password refs must start with op://'),\n\t\t})\n\t\t.strict(),\n]);\n\nexport type SecretValue = z.infer<typeof secretValueSchema>;\n","import { z } from 'zod';\n\nimport { loadJsonConfigFile } from './json-config-file.js';\nimport { secretValueSchema, type SecretValue } from './secret-value.js';\n\nconst mcpProviderDiscoverySchema = z\n\t.object({\n\t\tsummary: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nconst remoteTransportUrlSchema = z.url().refine(\n\t(value) => {\n\t\tconst protocol = new URL(value).protocol;\n\t\treturn protocol === 'http:' || protocol === 'https:';\n\t},\n\t{ message: 'Remote MCP transport URLs must use http or https.' },\n);\n\nconst streamableHttpTransportSchema = z\n\t.object({\n\t\tkind: z.literal('streamable-http'),\n\t\turl: remoteTransportUrlSchema,\n\t\theaders: z.record(z.string(), secretValueSchema).default({}),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst sseTransportSchema = z\n\t.object({\n\t\tkind: z.literal('sse'),\n\t\turl: remoteTransportUrlSchema,\n\t\theaders: z.record(z.string(), secretValueSchema).default({}),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst stdioTransportSchema = z\n\t.object({\n\t\tkind: z.literal('stdio'),\n\t\tcommand: z.string().min(1),\n\t\targs: z.array(z.string()).default([]),\n\t\tcwd: z.string().min(1).optional(),\n\t\tenv: z.record(z.string(), secretValueSchema).default({}),\n\t\tnetworkAccess: z.enum(['declared', 'none']).optional(),\n\t\trequiredEgressHosts: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nexport const mcpSecretPolicySchema = z\n\t.object({\n\t\thosts: z.array(z.string()).default([]),\n\t\tinjection: z.enum(['env', 'http-mediation']),\n\t})\n\t.strict()\n\t.superRefine((policy, context) => {\n\t\tif (policy.injection === 'http-mediation' && policy.hosts.length === 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'http-mediation secret policies must declare at least one host.',\n\t\t\t\tpath: ['hosts'],\n\t\t\t});\n\t\t}\n\t\tif (policy.injection === 'env' && policy.hosts.length > 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'env secret policies must not declare hosts.',\n\t\t\t\tpath: ['hosts'],\n\t\t\t});\n\t\t}\n\t});\n\nexport const mcpProviderSchema = z\n\t.object({\n\t\tkind: z.literal('mcp'),\n\t\tnamespace: z.string().min(1),\n\t\tdiscovery: mcpProviderDiscoverySchema.default({}),\n\t\tsecretPolicies: z.record(z.string().min(1), mcpSecretPolicySchema).default({}),\n\t\ttransport: z.discriminatedUnion('kind', [\n\t\t\tstreamableHttpTransportSchema,\n\t\t\tsseTransportSchema,\n\t\t\tstdioTransportSchema,\n\t\t]),\n\t})\n\t.strict();\n\nexport const mcpConfigSchema = z\n\t.object({\n\t\t$schema: z.string().min(1).optional(),\n\t\tschemaVersion: z.literal(1),\n\t\tproviders: z.record(z.string().min(1), mcpProviderSchema).default({}),\n\t})\n\t.strict();\n\nexport type McpConfig = z.infer<typeof mcpConfigSchema>;\nexport type McpProvider = z.infer<typeof mcpProviderSchema>;\n\nexport type ResolvedMcpProvider =\n\t| {\n\t\t\treadonly headers: Readonly<Record<string, SecretValue>>;\n\t\t\treadonly namespace: string;\n\t\t\treadonly transport: 'streamable-http' | 'sse';\n\t\t\treadonly url: string;\n\t }\n\t| {\n\t\t\treadonly args: readonly string[];\n\t\t\treadonly command: string;\n\t\t\treadonly cwd?: string;\n\t\t\treadonly env: Readonly<Record<string, SecretValue>>;\n\t\t\treadonly namespace: string;\n\t\t\treadonly transport: 'stdio';\n\t };\n\nexport async function loadMcpConfig(configPath: string): Promise<McpConfig> {\n\treturn mcpConfigSchema.parse(await loadJsonConfigFile(configPath));\n}\n\nexport function mcpConfigToResolvedProviders(config: McpConfig): readonly ResolvedMcpProvider[] {\n\treturn Object.values(config.providers).map((provider) => {\n\t\tconst transport = provider.transport;\n\t\tif (transport.kind === 'stdio') {\n\t\t\tconst resolvedProvider: {\n\t\t\t\targs: readonly string[];\n\t\t\t\tcommand: string;\n\t\t\t\tcwd?: string;\n\t\t\t\tenv: Readonly<Record<string, SecretValue>>;\n\t\t\t\tnamespace: string;\n\t\t\t\ttransport: 'stdio';\n\t\t\t} = {\n\t\t\t\targs: transport.args,\n\t\t\t\tcommand: transport.command,\n\t\t\t\tenv: transport.env,\n\t\t\t\tnamespace: provider.namespace,\n\t\t\t\ttransport: transport.kind,\n\t\t\t};\n\t\t\tif (transport.cwd !== undefined) {\n\t\t\t\tresolvedProvider.cwd = transport.cwd;\n\t\t\t}\n\t\t\treturn resolvedProvider;\n\t\t}\n\n\t\treturn {\n\t\t\theaders: transport.headers,\n\t\t\tnamespace: provider.namespace,\n\t\t\ttransport: transport.kind,\n\t\t\turl: transport.url,\n\t\t};\n\t});\n}\n","import type { NamespaceToolRef, ResolvedMcpPortalProfile } from './mcp-portal-config.js';\n\nexport interface McpPortalApprovalToolAnnotations {\n\treadonly destructiveHint?: boolean | undefined;\n\treadonly readOnlyHint?: boolean | undefined;\n}\n\nexport interface McpPortalApprovalToolCall {\n\treadonly annotations?: McpPortalApprovalToolAnnotations;\n\treadonly namespace: string;\n\treadonly toolName: string;\n}\n\nfunction selectorMatches(\n\tselectors: readonly NamespaceToolRef[],\n\tnamespace: string,\n\ttoolName: string,\n): boolean {\n\treturn selectors.some(\n\t\t(selector) => selector.namespace === namespace && selector.toolName === toolName,\n\t);\n}\n\nfunction namespaceSelectorMatches(\n\tprofile: ResolvedMcpPortalProfile,\n\tselectorKind: 'requiresApproval' | 'withoutApproval',\n\tnamespace: string,\n\ttoolName: string,\n): boolean {\n\tconst selector = (profile.approval.callPoliciesByNamespace ?? {})[namespace]?.[selectorKind];\n\tif (selector === undefined) {\n\t\treturn false;\n\t}\n\tif ((selector.deny ?? []).includes(toolName)) {\n\t\treturn false;\n\t}\n\treturn selector.allow === '*' || selector.allow.includes(toolName);\n}\n\nfunction hasTrustedReadOnlyAnnotation(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): boolean {\n\treturn (\n\t\tprofile.approval.annotationPolicy === 'destructive-requires-approval' &&\n\t\tprofile.approval.trustedAnnotationNamespaces.includes(call.namespace) &&\n\t\tcall.annotations?.readOnlyHint === true &&\n\t\tcall.annotations.destructiveHint !== true\n\t);\n}\n\nexport type McpPortalCallPolicyDecision =\n\t| { readonly kind: 'allow_without_approval' }\n\t| { readonly kind: 'blocked' }\n\t| { readonly kind: 'requires_approval' };\n\nexport function mcpPortalCallPolicyDecision(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): McpPortalCallPolicyDecision {\n\tif (\n\t\tselectorMatches(profile.approval.allowWithoutApprovalTools, call.namespace, call.toolName) ||\n\t\tnamespaceSelectorMatches(profile, 'withoutApproval', call.namespace, call.toolName) ||\n\t\thasTrustedReadOnlyAnnotation(profile, call)\n\t) {\n\t\treturn { kind: 'allow_without_approval' };\n\t}\n\tif (profile.approval.annotationPolicy === 'always-require-approval') {\n\t\treturn { kind: 'requires_approval' };\n\t}\n\tif (\n\t\tselectorMatches(profile.approval.alwaysAskTools, call.namespace, call.toolName) ||\n\t\tselectorMatches(profile.approval.writeTools, call.namespace, call.toolName) ||\n\t\tnamespaceSelectorMatches(profile, 'requiresApproval', call.namespace, call.toolName)\n\t) {\n\t\treturn { kind: 'requires_approval' };\n\t}\n\treturn { kind: 'blocked' };\n}\n\nexport function mcpPortalCallRequiresApproval(\n\tprofile: ResolvedMcpPortalProfile,\n\tcall: McpPortalApprovalToolCall,\n): boolean {\n\treturn mcpPortalCallPolicyDecision(profile, call).kind === 'requires_approval';\n}\n","import { z } from 'zod';\n\nimport { loadJsonConfigFile } from './json-config-file.js';\nimport { secretValueSchema, type SecretValue } from './secret-value.js';\n\nexport const namespaceToolRefSchema = z\n\t.object({\n\t\tnamespace: z.string().min(1),\n\t\ttoolName: z.string().min(1),\n\t})\n\t.strict();\n\nexport type NamespaceToolRef = z.infer<typeof namespaceToolRefSchema>;\n\nexport const portalToolSelectorSchema = z\n\t.object({\n\t\tallow: z.union([z.literal('*'), z.array(z.string().min(1))]),\n\t\tdeny: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nexport type PortalToolSelector = z.infer<typeof portalToolSelectorSchema>;\n\nexport const portalApprovalConfigSchema = z\n\t.object({\n\t\tallowWithoutApprovalTools: z.array(namespaceToolRefSchema).default([]),\n\t\talwaysAskTools: z.array(namespaceToolRefSchema).default([]),\n\t\tannotationPolicy: z\n\t\t\t.enum(['destructive-requires-approval', 'always-require-approval'])\n\t\t\t.default('destructive-requires-approval'),\n\t\tcallPoliciesByNamespace: z\n\t\t\t.record(\n\t\t\t\tz.string().min(1),\n\t\t\t\tz\n\t\t\t\t\t.object({\n\t\t\t\t\t\trequiresApproval: portalToolSelectorSchema,\n\t\t\t\t\t\twithoutApproval: portalToolSelectorSchema,\n\t\t\t\t\t})\n\t\t\t\t\t.strict(),\n\t\t\t)\n\t\t\t.default({}),\n\t\ttrustedAnnotationNamespaces: z.array(z.string().min(1)).default([]),\n\t\twriteTools: z.array(namespaceToolRefSchema).default([]),\n\t})\n\t.strict();\n\nexport type PortalApprovalConfig = z.infer<typeof portalApprovalConfigSchema>;\n\nconst portalNamespaceCallPolicySchema = z\n\t.object({\n\t\trequiresApproval: portalToolSelectorSchema,\n\t\twithoutApproval: portalToolSelectorSchema,\n\t})\n\t.strict();\n\nconst portalNamespaceApprovalSchema = z\n\t.object({\n\t\tallowWithoutApproval: z.array(z.string().min(1)).default([]),\n\t\talwaysAsk: z.array(z.string().min(1)).default([]),\n\t\ttrustedAnnotations: z.boolean().default(false),\n\t\twrite: z.array(z.string().min(1)).default([]),\n\t})\n\t.strict();\n\nconst defaultPortalNamespaceApproval = {\n\tallowWithoutApproval: [],\n\talwaysAsk: [],\n\ttrustedAnnotations: false,\n\twrite: [],\n} satisfies z.infer<typeof portalNamespaceApprovalSchema>;\n\nconst portalNamespacePolicySchema = z\n\t.object({\n\t\tapproval: portalNamespaceApprovalSchema.default(defaultPortalNamespaceApproval).optional(),\n\t\tcalls: portalNamespaceCallPolicySchema,\n\t\ttools: portalToolSelectorSchema,\n\t})\n\t.strict();\n\ntype PortalNamespacePolicy = z.infer<typeof portalNamespacePolicySchema>;\n\nexport const mcpPortalProfileDefinitionSchema = z\n\t.object({\n\t\tapproval: z\n\t\t\t.object({\n\t\t\t\tannotationPolicy: portalApprovalConfigSchema.shape.annotationPolicy.optional(),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tnamespaces: z.record(z.string().min(1), portalNamespacePolicySchema).default({}),\n\t\tlogging: z\n\t\t\t.object({ enabled: z.boolean().default(false) })\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tpromptContext: z\n\t\t\t.object({\n\t\t\t\tenabled: z.boolean().default(true),\n\t\t\t\tmaxNamespaces: z.number().int().positive().default(12),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t\tcache: z\n\t\t\t.object({\n\t\t\t\tcatalogTtlMs: z.number().int().positive().default(60_000),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.optional(),\n\t})\n\t.strict();\n\nexport type McpPortalProfileDefinition = z.infer<typeof mcpPortalProfileDefinitionSchema>;\n\nexport const resolvedMcpPortalProfileSchema = z\n\t.object({\n\t\tenabledNamespaces: z.array(z.string().min(1)),\n\t\tenabledToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))),\n\t\thiddenToolsByNamespace: z.record(z.string().min(1), z.array(z.string().min(1))),\n\t\tlogging: z.object({ enabled: z.boolean() }).strict(),\n\t\tpromptContext: z\n\t\t\t.object({\n\t\t\t\tenabled: z.boolean(),\n\t\t\t\tmaxNamespaces: z.number().int().positive(),\n\t\t\t})\n\t\t\t.strict(),\n\t\tcache: z.object({ catalogTtlMs: z.number().int().positive() }).strict(),\n\t\tapproval: portalApprovalConfigSchema,\n\t})\n\t.strict();\n\nexport type ResolvedMcpPortalProfile = z.infer<typeof resolvedMcpPortalProfileSchema>;\n\nexport const mcpPortalExternalAuthSchema = z\n\t.object({\n\t\tmasterKey: secretValueSchema,\n\t})\n\t.strict();\n\nexport type McpPortalExternalAuthConfig = z.infer<typeof mcpPortalExternalAuthSchema>;\n\nfunction isLoopbackProxyHost(host: string): boolean {\n\tconst normalizedHost = host.toLowerCase();\n\treturn (\n\t\tnormalizedHost === 'localhost' || normalizedHost === '127.0.0.1' || normalizedHost === '::1'\n\t);\n}\n\nexport const mcpPortalProxySchema = z\n\t.object({\n\t\tserver: z\n\t\t\t.object({\n\t\t\t\thost: z\n\t\t\t\t\t.string()\n\t\t\t\t\t.min(1)\n\t\t\t\t\t.refine(isLoopbackProxyHost, {\n\t\t\t\t\t\tmessage: 'mcpProxy.server.host must be loopback-only for HTTP bearer auth.',\n\t\t\t\t\t})\n\t\t\t\t\t.default('127.0.0.1'),\n\t\t\t\tport: z.number().int().min(1).max(65_535).default(18_791),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.default({ host: '127.0.0.1', port: 18_791 }),\n\t\tauth: z\n\t\t\t.object({\n\t\t\t\theaderName: z.string().min(1).default('authorization'),\n\t\t\t})\n\t\t\t.strict()\n\t\t\t.default({ headerName: 'authorization' }),\n\t})\n\t.strict();\n\nexport type McpPortalProxyConfig = z.infer<typeof mcpPortalProxySchema>;\n\nexport const mcpPortalAgentConfigSchema = z\n\t.object({\n\t\tcredentialVersion: z.number().int().positive().default(1),\n\t\tprofile: z.string().min(1),\n\t\thmacKey: secretValueSchema.optional(),\n\t})\n\t.strict();\n\nexport type McpPortalAgentConfig = z.infer<typeof mcpPortalAgentConfigSchema>;\n\nexport const mcpPortalConfigSchema = z\n\t.object({\n\t\t$schema: z.string().min(1).optional(),\n\t\tschemaVersion: z.literal(1),\n\t\texternalAuth: mcpPortalExternalAuthSchema.optional(),\n\t\tmcpProxy: mcpPortalProxySchema.optional(),\n\t\tagents: z.record(z.string().min(1), mcpPortalAgentConfigSchema).default({}),\n\t\tprofiles: z.record(z.string().min(1), mcpPortalProfileDefinitionSchema),\n\t})\n\t.strict()\n\t.superRefine((config, context) => {\n\t\tif (Object.keys(config.profiles).length === 0) {\n\t\t\tcontext.addIssue({\n\t\t\t\tcode: z.ZodIssueCode.custom,\n\t\t\t\tmessage: 'mcp-portal.config.jsonc must define at least one profile.',\n\t\t\t\tpath: ['profiles'],\n\t\t\t});\n\t\t}\n\t});\n\ntype ParsedMcpPortalConfig = z.infer<typeof mcpPortalConfigSchema>;\nexport type McpPortalConfig = Omit<ParsedMcpPortalConfig, 'agents'> & {\n\treadonly agents: Readonly<Record<string, McpPortalAgentConfig>>;\n};\n\nexport const openClawMcpPortalPluginConfigSchema = z\n\t.object({\n\t\tconfigDir: z.string().min(1),\n\t\tbinPath: z.string().min(1).optional(),\n\t})\n\t.strict();\n\nexport type OpenClawMcpPortalPluginConfig = z.infer<typeof openClawMcpPortalPluginConfigSchema>;\n\nconst defaultProfile: ResolvedMcpPortalProfile = {\n\tapproval: portalApprovalConfigSchema.parse({}),\n\tcache: { catalogTtlMs: 60_000 },\n\tenabledNamespaces: [],\n\tenabledToolsByNamespace: {},\n\thiddenToolsByNamespace: {},\n\tlogging: { enabled: false },\n\tpromptContext: { enabled: true, maxNamespaces: 12 },\n};\n\ntype AuthoredPortalNamespaces = McpPortalProfileDefinition['namespaces'];\n\nexport async function loadMcpPortalConfig(configPath: string): Promise<McpPortalConfig> {\n\treturn mcpPortalConfigSchema.parse(await loadJsonConfigFile(configPath));\n}\n\nfunction namespaceToolRefs(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n\tselector: (policy: PortalNamespacePolicy) => readonly string[],\n): readonly NamespaceToolRef[] {\n\treturn Object.entries(namespaces).flatMap(([namespace, policy]) =>\n\t\tselector(policy).map((toolName) => ({ namespace, toolName })),\n\t);\n}\n\nfunction selectorAllowList(selector: PortalToolSelector): readonly string[] {\n\treturn selector.allow === '*' ? [] : selector.allow;\n}\n\nfunction selectorHasVisibleTools(selector: PortalToolSelector): boolean {\n\treturn selector.allow === '*' || selector.allow.length > 0;\n}\n\nfunction activeNamespaces(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n): Readonly<Record<string, PortalNamespacePolicy>> {\n\treturn Object.fromEntries(\n\t\tObject.entries(namespaces).filter(([, policy]) => selectorHasVisibleTools(policy.tools)),\n\t);\n}\n\nfunction compileNamespaceApproval(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n\tannotationPolicy: PortalApprovalConfig['annotationPolicy'],\n): PortalApprovalConfig {\n\treturn portalApprovalConfigSchema.parse({\n\t\tallowWithoutApprovalTools: namespaceToolRefs(namespaces, (policy) => [\n\t\t\t...selectorAllowList(policy.calls.withoutApproval),\n\t\t\t...(policy.approval?.allowWithoutApproval ?? []),\n\t\t]),\n\t\tannotationPolicy,\n\t\talwaysAskTools: namespaceToolRefs(namespaces, (policy) => [\n\t\t\t...selectorAllowList(policy.calls.requiresApproval),\n\t\t\t...(policy.approval?.alwaysAsk ?? []),\n\t\t]),\n\t\tcallPoliciesByNamespace: Object.fromEntries(\n\t\t\tObject.entries(namespaces).map(([namespace, policy]) => [namespace, policy.calls]),\n\t\t),\n\t\ttrustedAnnotationNamespaces: Object.entries(namespaces)\n\t\t\t.filter(([, policy]) => policy.approval?.trustedAnnotations)\n\t\t\t.map(([namespace]) => namespace),\n\t\twriteTools: namespaceToolRefs(namespaces, (policy) => policy.approval?.write ?? []),\n\t});\n}\n\nfunction compileEnabledToolsByNamespace(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n): Record<string, readonly string[]> {\n\treturn Object.fromEntries(\n\t\tObject.entries(namespaces)\n\t\t\t.filter(([, policy]) => policy.tools.allow !== '*')\n\t\t\t.map(([namespace, policy]) => [namespace, selectorAllowList(policy.tools)]),\n\t);\n}\n\nfunction compileHiddenToolsByNamespace(\n\tnamespaces: Readonly<Record<string, PortalNamespacePolicy>>,\n): Record<string, readonly string[]> {\n\treturn Object.fromEntries(\n\t\tObject.entries(namespaces)\n\t\t\t.filter(([, policy]) => (policy.tools.deny ?? []).length > 0)\n\t\t\t.map(([namespace, policy]) => [namespace, policy.tools.deny ?? []]),\n\t);\n}\n\nfunction compileProfileFromNamespaces(\n\tnamespaces: AuthoredPortalNamespaces,\n\tprofile: McpPortalProfileDefinition,\n): ResolvedMcpPortalProfile {\n\tconst annotationPolicy =\n\t\tprofile.approval?.annotationPolicy ?? defaultProfile.approval.annotationPolicy;\n\tconst activeNamespacePolicies = activeNamespaces(namespaces);\n\treturn resolvedMcpPortalProfileSchema.parse({\n\t\tapproval: compileNamespaceApproval(activeNamespacePolicies, annotationPolicy),\n\t\tcache: profile.cache ?? defaultProfile.cache,\n\t\tenabledNamespaces: Object.keys(activeNamespacePolicies),\n\t\tenabledToolsByNamespace: compileEnabledToolsByNamespace(activeNamespacePolicies),\n\t\thiddenToolsByNamespace: compileHiddenToolsByNamespace(activeNamespacePolicies),\n\t\tlogging: profile.logging ?? defaultProfile.logging,\n\t\tpromptContext: profile.promptContext ?? defaultProfile.promptContext,\n\t});\n}\n\nexport function resolveMcpPortalProfile(\n\tconfig: McpPortalConfig,\n\tprofileName: string,\n): ResolvedMcpPortalProfile {\n\tconst profile = config.profiles[profileName];\n\tif (profile === undefined) {\n\t\tthrow new Error(`unknown MCP profile '${profileName}'`);\n\t}\n\treturn compileProfileFromNamespaces(profile.namespaces, profile);\n}\n\nexport function secretValueToEnvironmentReference(secret: SecretValue): string {\n\tif (secret.source === 'environment') {\n\t\treturn `\\${${secret.name}}`;\n\t}\n\treturn secret.ref;\n}\n","import * as zod from 'zod';\n\nimport { mcpConfigSchema } from './mcp-config.js';\nimport { mcpPortalConfigSchema } from './mcp-portal-config.js';\n\nexport const mcpPortalConfigSchemaVersions = {\n\tmcp: 1,\n\tmcpPortal: 1,\n} as const;\n\nexport const mcpPortalConfigSchemaIds = {\n\tmcp: 'agent-vm:mcp:1',\n\tmcpPortal: 'agent-vm:mcp-portal:1',\n} as const;\n\nexport const mcpPortalConfigSchemaPaths = {\n\tmcpFromGatewayConfig: '../../schemas/mcp.schema.json',\n\tmcpPortalFromGatewayConfig: '../../schemas/mcp-portal.schema.json',\n} as const;\n\nexport interface ConfigContractSchemaArtifacts {\n\treadonly mcp: Record<string, unknown>;\n\treadonly mcpPortal: Record<string, unknown>;\n}\n\nfunction withSchemaId(schema: Record<string, unknown>, schemaId: string): Record<string, unknown> {\n\treturn {\n\t\t$id: schemaId,\n\t\t...schema,\n\t};\n}\n\nexport function createConfigContractSchemaArtifacts(): ConfigContractSchemaArtifacts {\n\treturn {\n\t\tmcp: withSchemaId(\n\t\t\tzod.toJSONSchema(mcpConfigSchema, { target: 'draft-07' }),\n\t\t\tmcpPortalConfigSchemaIds.mcp,\n\t\t),\n\t\tmcpPortal: withSchemaId(\n\t\t\tzod.toJSONSchema(mcpPortalConfigSchema, { target: 'draft-07' }),\n\t\t\tmcpPortalConfigSchemaIds.mcpPortal,\n\t\t),\n\t};\n}\n"],"mappings":";;;;;AAIA,MAAM,sBACL;AAED,SAAS,iBAAiB,MAAc,QAAwB;CAC/D,MAAM,SAAS,KAAK,MAAM,GAAG,OAAO;CAIpC,OAAO,QAHM,OAAO,MAAM,KAAK,CAAC,OAGZ,WADL,SADY,OAAO,YAAY,KACJ;;AAI3C,SAAS,iBAAiB,UAAkB,MAAc,OAA2B;CACpF,OAAO,CACN,oBAAoB,SAAS,IAAI,iBAAiB,MAAM,MAAM,OAAO,CAAC,IACtE,oBAAoB,MAAM,MAAM,CAChC,CAAC,KAAK,IAAI;;AAGZ,eAAsB,mBAAmB,UAAoC;CAC5E,MAAM,YAAY,MAAM,SAAS,UAAU,OAAO;CAClD,MAAM,cAA4B,EAAE;CACpC,MAAM,eAAe,oBAAoB,WAAW,aAAa;EAChE,oBAAoB;EACpB,kBAAkB;EAClB,CAAC;CAEF,IAAI,YAAY,SAAS,GAAG;EAC3B,MAAM,kBAAkB,YAAY;EACpC,IAAI,oBAAoB,KAAA,GACvB,MAAM,IAAI,MAAM,iBAAiB,UAAU,WAAW,gBAAgB,CAAC;;CAIzE,OAAO;;;;AC9BR,MAAa,kBAAwC,EAAE,WACtD,EAAE,MAAM;CACP,EAAE,QAAQ;CACV,EAAE,QAAQ,CAAC,QAAQ;CACnB,EAAE,SAAS;CACX,EAAE,MAAM;CACR,EAAE,MAAM,gBAAgB;CACxB;CACA,CAAC,CACF;AAED,MAAa,mBAA0C,EAAE,OAAO,EAAE,QAAQ,EAAE,gBAAgB;AAE5F,SAAgB,aAAa,OAAqC;CACjE,OAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,MAAM;;AAG5E,SAAgB,iBAAiB,OAAgB,OAA2B;CAC3E,IAAI,CAAC,aAAa,MAAM,EACvB,MAAM,IAAI,MAAM,GAAG,MAAM,yBAAyB;CAGnD,OAAO,iBAAiB,MAAM,MAAM;;;;AC3BrC,MAAa,oBAAoB,EAAE,mBAAmB,UAAU,CAC/D,EACE,OAAO;CACP,QAAQ,EAAE,QAAQ,cAAc;CAChC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE;CACvB,CAAC,CACD,QAAQ,EACV,EACE,OAAO;CACP,QAAQ,EAAE,QAAQ,YAAY;CAC9B,KAAK,EAAE,QAAQ,CAAC,MAAM,aAAa,uCAAuC;CAC1E,CAAC,CACD,QAAQ,CACV,CAAC;;;ACVF,MAAM,6BAA6B,EACjC,OAAO,EACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU,EACrC,CAAC,CACD,QAAQ;AAEV,MAAM,2BAA2B,EAAE,KAAK,CAAC,QACvC,UAAU;CACV,MAAM,WAAW,IAAI,IAAI,MAAM,CAAC;CAChC,OAAO,aAAa,WAAW,aAAa;GAE7C,EAAE,SAAS,qDAAqD,CAChE;AAED,MAAM,gCAAgC,EACpC,OAAO;CACP,MAAM,EAAE,QAAQ,kBAAkB;CAClC,KAAK;CACL,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CAC5D,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAM,qBAAqB,EACzB,OAAO;CACP,MAAM,EAAE,QAAQ,MAAM;CACtB,KAAK;CACL,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CAC5D,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAM,uBAAuB,EAC3B,OAAO;CACP,MAAM,EAAE,QAAQ,QAAQ;CACxB,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;CACrC,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACjC,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CACxD,eAAe,EAAE,KAAK,CAAC,YAAY,OAAO,CAAC,CAAC,UAAU;CACtD,qBAAqB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC3D,CAAC,CACD,QAAQ;AAEV,MAAa,wBAAwB,EACnC,OAAO;CACP,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC;CACtC,WAAW,EAAE,KAAK,CAAC,OAAO,iBAAiB,CAAC;CAC5C,CAAC,CACD,QAAQ,CACR,aAAa,QAAQ,YAAY;CACjC,IAAI,OAAO,cAAc,oBAAoB,OAAO,MAAM,WAAW,GACpE,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,QAAQ;EACf,CAAC;CAEH,IAAI,OAAO,cAAc,SAAS,OAAO,MAAM,SAAS,GACvD,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,QAAQ;EACf,CAAC;EAEF;AAEH,MAAa,oBAAoB,EAC/B,OAAO;CACP,MAAM,EAAE,QAAQ,MAAM;CACtB,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,WAAW,2BAA2B,QAAQ,EAAE,CAAC;CACjD,gBAAgB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,sBAAsB,CAAC,QAAQ,EAAE,CAAC;CAC9E,WAAW,EAAE,mBAAmB,QAAQ;EACvC;EACA;EACA;EACA,CAAC;CACF,CAAC,CACD,QAAQ;AAEV,MAAa,kBAAkB,EAC7B,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,eAAe,EAAE,QAAQ,EAAE;CAC3B,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,kBAAkB,CAAC,QAAQ,EAAE,CAAC;CACrE,CAAC,CACD,QAAQ;AAqBV,eAAsB,cAAc,YAAwC;CAC3E,OAAO,gBAAgB,MAAM,MAAM,mBAAmB,WAAW,CAAC;;AAGnE,SAAgB,6BAA6B,QAAmD;CAC/F,OAAO,OAAO,OAAO,OAAO,UAAU,CAAC,KAAK,aAAa;EACxD,MAAM,YAAY,SAAS;EAC3B,IAAI,UAAU,SAAS,SAAS;GAC/B,MAAM,mBAOF;IACH,MAAM,UAAU;IAChB,SAAS,UAAU;IACnB,KAAK,UAAU;IACf,WAAW,SAAS;IACpB,WAAW,UAAU;IACrB;GACD,IAAI,UAAU,QAAQ,KAAA,GACrB,iBAAiB,MAAM,UAAU;GAElC,OAAO;;EAGR,OAAO;GACN,SAAS,UAAU;GACnB,WAAW,SAAS;GACpB,WAAW,UAAU;GACrB,KAAK,UAAU;GACf;GACA;;;;ACtIH,SAAS,gBACR,WACA,WACA,UACU;CACV,OAAO,UAAU,MACf,aAAa,SAAS,cAAc,aAAa,SAAS,aAAa,SACxE;;AAGF,SAAS,yBACR,SACA,cACA,WACA,UACU;CACV,MAAM,YAAY,QAAQ,SAAS,2BAA2B,EAAE,EAAE,aAAa;CAC/E,IAAI,aAAa,KAAA,GAChB,OAAO;CAER,KAAK,SAAS,QAAQ,EAAE,EAAE,SAAS,SAAS,EAC3C,OAAO;CAER,OAAO,SAAS,UAAU,OAAO,SAAS,MAAM,SAAS,SAAS;;AAGnE,SAAS,6BACR,SACA,MACU;CACV,OACC,QAAQ,SAAS,qBAAqB,mCACtC,QAAQ,SAAS,4BAA4B,SAAS,KAAK,UAAU,IACrE,KAAK,aAAa,iBAAiB,QACnC,KAAK,YAAY,oBAAoB;;AASvC,SAAgB,4BACf,SACA,MAC8B;CAC9B,IACC,gBAAgB,QAAQ,SAAS,2BAA2B,KAAK,WAAW,KAAK,SAAS,IAC1F,yBAAyB,SAAS,mBAAmB,KAAK,WAAW,KAAK,SAAS,IACnF,6BAA6B,SAAS,KAAK,EAE3C,OAAO,EAAE,MAAM,0BAA0B;CAE1C,IAAI,QAAQ,SAAS,qBAAqB,2BACzC,OAAO,EAAE,MAAM,qBAAqB;CAErC,IACC,gBAAgB,QAAQ,SAAS,gBAAgB,KAAK,WAAW,KAAK,SAAS,IAC/E,gBAAgB,QAAQ,SAAS,YAAY,KAAK,WAAW,KAAK,SAAS,IAC3E,yBAAyB,SAAS,oBAAoB,KAAK,WAAW,KAAK,SAAS,EAEpF,OAAO,EAAE,MAAM,qBAAqB;CAErC,OAAO,EAAE,MAAM,WAAW;;AAG3B,SAAgB,8BACf,SACA,MACU;CACV,OAAO,4BAA4B,SAAS,KAAK,CAAC,SAAS;;;;AC/E5D,MAAa,yBAAyB,EACpC,OAAO;CACP,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,CAAC,CACD,QAAQ;AAIV,MAAa,2BAA2B,EACtC,OAAO;CACP,OAAO,EAAE,MAAM,CAAC,EAAE,QAAQ,IAAI,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;CAC5D,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC5C,CAAC,CACD,QAAQ;AAIV,MAAa,6BAA6B,EACxC,OAAO;CACP,2BAA2B,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CACtE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CAC3D,kBAAkB,EAChB,KAAK,CAAC,iCAAiC,0BAA0B,CAAC,CAClE,QAAQ,gCAAgC;CAC1C,yBAAyB,EACvB,OACA,EAAE,QAAQ,CAAC,IAAI,EAAE,EACjB,EACE,OAAO;EACP,kBAAkB;EAClB,iBAAiB;EACjB,CAAC,CACD,QAAQ,CACV,CACA,QAAQ,EAAE,CAAC;CACb,6BAA6B,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CACnE,YAAY,EAAE,MAAM,uBAAuB,CAAC,QAAQ,EAAE,CAAC;CACvD,CAAC,CACD,QAAQ;AAIV,MAAM,kCAAkC,EACtC,OAAO;CACP,kBAAkB;CAClB,iBAAiB;CACjB,CAAC,CACD,QAAQ;AAEV,MAAM,gCAAgC,EACpC,OAAO;CACP,sBAAsB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC5D,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CACjD,oBAAoB,EAAE,SAAS,CAAC,QAAQ,MAAM;CAC9C,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC;CAC7C,CAAC,CACD,QAAQ;AASV,MAAM,8BAA8B,EAClC,OAAO;CACP,UAAU,8BAA8B,QAAQ;EARjD,sBAAsB,EAAE;EACxB,WAAW,EAAE;EACb,oBAAoB;EACpB,OAAO,EAAE;EAKsE,CAAC,CAAC,UAAU;CAC1F,OAAO;CACP,OAAO;CACP,CAAC,CACD,QAAQ;AAIV,MAAa,mCAAmC,EAC9C,OAAO;CACP,UAAU,EACR,OAAO,EACP,kBAAkB,2BAA2B,MAAM,iBAAiB,UAAU,EAC9E,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,YAAY,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,4BAA4B,CAAC,QAAQ,EAAE,CAAC;CAChF,SAAS,EACP,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,QAAQ,MAAM,EAAE,CAAC,CAC/C,QAAQ,CACR,UAAU;CACZ,eAAe,EACb,OAAO;EACP,SAAS,EAAE,SAAS,CAAC,QAAQ,KAAK;EAClC,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,GAAG;EACtD,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,OAAO,EACL,OAAO,EACP,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,IAAO,EACzD,CAAC,CACD,QAAQ,CACR,UAAU;CACZ,CAAC,CACD,QAAQ;AAIV,MAAa,iCAAiC,EAC5C,OAAO;CACP,mBAAmB,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;CAC7C,yBAAyB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CAChF,wBAAwB,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;CAC/E,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,QAAQ;CACpD,eAAe,EACb,OAAO;EACP,SAAS,EAAE,SAAS;EACpB,eAAe,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU;EAC1C,CAAC,CACD,QAAQ;CACV,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,QAAQ;CACvE,UAAU;CACV,CAAC,CACD,QAAQ;AAIV,MAAa,8BAA8B,EACzC,OAAO,EACP,WAAW,mBACX,CAAC,CACD,QAAQ;AAIV,SAAS,oBAAoB,MAAuB;CACnD,MAAM,iBAAiB,KAAK,aAAa;CACzC,OACC,mBAAmB,eAAe,mBAAmB,eAAe,mBAAmB;;AAIzF,MAAa,uBAAuB,EAClC,OAAO;CACP,QAAQ,EACN,OAAO;EACP,MAAM,EACJ,QAAQ,CACR,IAAI,EAAE,CACN,OAAO,qBAAqB,EAC5B,SAAS,oEACT,CAAC,CACD,QAAQ,YAAY;EACtB,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,IAAI,MAAO,CAAC,QAAQ,MAAO;EACzD,CAAC,CACD,QAAQ,CACR,QAAQ;EAAE,MAAM;EAAa,MAAM;EAAQ,CAAC;CAC9C,MAAM,EACJ,OAAO,EACP,YAAY,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,gBAAgB,EACtD,CAAC,CACD,QAAQ,CACR,QAAQ,EAAE,YAAY,iBAAiB,CAAC;CAC1C,CAAC,CACD,QAAQ;AAIV,MAAa,6BAA6B,EACxC,OAAO;CACP,mBAAmB,EAAE,QAAQ,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,EAAE;CACzD,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC1B,SAAS,kBAAkB,UAAU;CACrC,CAAC,CACD,QAAQ;AAIV,MAAa,wBAAwB,EACnC,OAAO;CACP,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,eAAe,EAAE,QAAQ,EAAE;CAC3B,cAAc,4BAA4B,UAAU;CACpD,UAAU,qBAAqB,UAAU;CACzC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,2BAA2B,CAAC,QAAQ,EAAE,CAAC;CAC3E,UAAU,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,iCAAiC;CACvE,CAAC,CACD,QAAQ,CACR,aAAa,QAAQ,YAAY;CACjC,IAAI,OAAO,KAAK,OAAO,SAAS,CAAC,WAAW,GAC3C,QAAQ,SAAS;EAChB,MAAM,EAAE,aAAa;EACrB,SAAS;EACT,MAAM,CAAC,WAAW;EAClB,CAAC;EAEF;AAOH,MAAa,sCAAsC,EACjD,OAAO;CACP,WAAW,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC5B,SAAS,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,UAAU;CACrC,CAAC,CACD,QAAQ;AAIV,MAAM,iBAA2C;CAChD,UAAU,2BAA2B,MAAM,EAAE,CAAC;CAC9C,OAAO,EAAE,cAAc,KAAQ;CAC/B,mBAAmB,EAAE;CACrB,yBAAyB,EAAE;CAC3B,wBAAwB,EAAE;CAC1B,SAAS,EAAE,SAAS,OAAO;CAC3B,eAAe;EAAE,SAAS;EAAM,eAAe;EAAI;CACnD;AAID,eAAsB,oBAAoB,YAA8C;CACvF,OAAO,sBAAsB,MAAM,MAAM,mBAAmB,WAAW,CAAC;;AAGzE,SAAS,kBACR,YACA,UAC8B;CAC9B,OAAO,OAAO,QAAQ,WAAW,CAAC,SAAS,CAAC,WAAW,YACtD,SAAS,OAAO,CAAC,KAAK,cAAc;EAAE;EAAW;EAAU,EAAE,CAC7D;;AAGF,SAAS,kBAAkB,UAAiD;CAC3E,OAAO,SAAS,UAAU,MAAM,EAAE,GAAG,SAAS;;AAG/C,SAAS,wBAAwB,UAAuC;CACvE,OAAO,SAAS,UAAU,OAAO,SAAS,MAAM,SAAS;;AAG1D,SAAS,iBACR,YACkD;CAClD,OAAO,OAAO,YACb,OAAO,QAAQ,WAAW,CAAC,QAAQ,GAAG,YAAY,wBAAwB,OAAO,MAAM,CAAC,CACxF;;AAGF,SAAS,yBACR,YACA,kBACuB;CACvB,OAAO,2BAA2B,MAAM;EACvC,2BAA2B,kBAAkB,aAAa,WAAW,CACpE,GAAG,kBAAkB,OAAO,MAAM,gBAAgB,EAClD,GAAI,OAAO,UAAU,wBAAwB,EAAE,CAC/C,CAAC;EACF;EACA,gBAAgB,kBAAkB,aAAa,WAAW,CACzD,GAAG,kBAAkB,OAAO,MAAM,iBAAiB,EACnD,GAAI,OAAO,UAAU,aAAa,EAAE,CACpC,CAAC;EACF,yBAAyB,OAAO,YAC/B,OAAO,QAAQ,WAAW,CAAC,KAAK,CAAC,WAAW,YAAY,CAAC,WAAW,OAAO,MAAM,CAAC,CAClF;EACD,6BAA6B,OAAO,QAAQ,WAAW,CACrD,QAAQ,GAAG,YAAY,OAAO,UAAU,mBAAmB,CAC3D,KAAK,CAAC,eAAe,UAAU;EACjC,YAAY,kBAAkB,aAAa,WAAW,OAAO,UAAU,SAAS,EAAE,CAAC;EACnF,CAAC;;AAGH,SAAS,+BACR,YACoC;CACpC,OAAO,OAAO,YACb,OAAO,QAAQ,WAAW,CACxB,QAAQ,GAAG,YAAY,OAAO,MAAM,UAAU,IAAI,CAClD,KAAK,CAAC,WAAW,YAAY,CAAC,WAAW,kBAAkB,OAAO,MAAM,CAAC,CAAC,CAC5E;;AAGF,SAAS,8BACR,YACoC;CACpC,OAAO,OAAO,YACb,OAAO,QAAQ,WAAW,CACxB,QAAQ,GAAG,aAAa,OAAO,MAAM,QAAQ,EAAE,EAAE,SAAS,EAAE,CAC5D,KAAK,CAAC,WAAW,YAAY,CAAC,WAAW,OAAO,MAAM,QAAQ,EAAE,CAAC,CAAC,CACpE;;AAGF,SAAS,6BACR,YACA,SAC2B;CAC3B,MAAM,mBACL,QAAQ,UAAU,oBAAoB,eAAe,SAAS;CAC/D,MAAM,0BAA0B,iBAAiB,WAAW;CAC5D,OAAO,+BAA+B,MAAM;EAC3C,UAAU,yBAAyB,yBAAyB,iBAAiB;EAC7E,OAAO,QAAQ,SAAS,eAAe;EACvC,mBAAmB,OAAO,KAAK,wBAAwB;EACvD,yBAAyB,+BAA+B,wBAAwB;EAChF,wBAAwB,8BAA8B,wBAAwB;EAC9E,SAAS,QAAQ,WAAW,eAAe;EAC3C,eAAe,QAAQ,iBAAiB,eAAe;EACvD,CAAC;;AAGH,SAAgB,wBACf,QACA,aAC2B;CAC3B,MAAM,UAAU,OAAO,SAAS;CAChC,IAAI,YAAY,KAAA,GACf,MAAM,IAAI,MAAM,wBAAwB,YAAY,GAAG;CAExD,OAAO,6BAA6B,QAAQ,YAAY,QAAQ;;AAGjE,SAAgB,kCAAkC,QAA6B;CAC9E,IAAI,OAAO,WAAW,eACrB,OAAO,MAAM,OAAO,KAAK;CAE1B,OAAO,OAAO;;;;ACzUf,MAAa,gCAAgC;CAC5C,KAAK;CACL,WAAW;CACX;AAED,MAAa,2BAA2B;CACvC,KAAK;CACL,WAAW;CACX;AAED,MAAa,6BAA6B;CACzC,sBAAsB;CACtB,4BAA4B;CAC5B;AAOD,SAAS,aAAa,QAAiC,UAA2C;CACjG,OAAO;EACN,KAAK;EACL,GAAG;EACH;;AAGF,SAAgB,sCAAqE;CACpF,OAAO;EACN,KAAK,aACJ,IAAI,aAAa,iBAAiB,EAAE,QAAQ,YAAY,CAAC,EACzD,yBAAyB,IACzB;EACD,WAAW,aACV,IAAI,aAAa,uBAAuB,EAAE,QAAQ,YAAY,CAAC,EAC/D,yBAAyB,UACzB;EACD"}
|
package/package.json
CHANGED