@decocms/mesh 2.44.1 → 2.44.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (133) hide show
  1. package/dist/client/assets/{AlertCircle-DVYU7hSb.js → AlertCircle-C1oaexcn.js} +1 -1
  2. package/dist/client/assets/{ArrowLeft-pqt8tIgE.js → ArrowLeft-B1SBiQVA.js} +1 -1
  3. package/dist/client/assets/{ArrowUp-CmwjRR-u.js → ArrowUp-BvlJhwmz.js} +1 -1
  4. package/dist/client/assets/{Check-CB1I5rj8.js → Check-DImC9hlR.js} +1 -1
  5. package/dist/client/assets/{ChevronDown-DXCXKi5k.js → ChevronDown-CJiuDn-R.js} +1 -1
  6. package/dist/client/assets/{Code01-2XAdyzTe.js → Code01-C3PLJdIe.js} +1 -1
  7. package/dist/client/assets/{Copy01-C6wpb3Pj.js → Copy01-CJVQGg2V.js} +1 -1
  8. package/dist/client/assets/{CpuChip02-57dynjN8.js → CpuChip02-CvTMaFgN.js} +1 -1
  9. package/dist/client/assets/{DotsHorizontal-CoWeChFk.js → DotsHorizontal-BQhkzfkG.js} +1 -1
  10. package/dist/client/assets/{DotsVertical-CN_Y0BtZ.js → DotsVertical-RAbtNrG6.js} +1 -1
  11. package/dist/client/assets/{Download01-Dg93oC1y.js → Download01-DJRyuQwN.js} +1 -1
  12. package/dist/client/assets/{Edit01-CD6iyiCH.js → Edit01-DsrgmMbR.js} +1 -1
  13. package/dist/client/assets/{File06-Bgkw1BXH.js → File06-DdyNkMaH.js} +1 -1
  14. package/dist/client/assets/{FilterLines-BPOg0xv1.js → FilterLines-DudXubI6.js} +1 -1
  15. package/dist/client/assets/{FlipBackward-fyv6Wno4.js → FlipBackward-BT14MhEV.js} +1 -1
  16. package/dist/client/assets/{GitBranch01-CJInIBYh.js → GitBranch01-DMdTTGPv.js} +1 -1
  17. package/dist/client/assets/{Grid01-C4n-Ilzd.js → Grid01-F6FBpTXb.js} +1 -1
  18. package/dist/client/assets/{Home02-B3A27FtU.js → Home02-CXLfj9Lm.js} +1 -1
  19. package/dist/client/assets/{Image01-DeEmbRjC.js → Image01-CGATMxv1.js} +1 -1
  20. package/dist/client/assets/{Inbox01-B4byw_RM.js → Inbox01-BExxQniM.js} +1 -1
  21. package/dist/client/assets/{InfoCircle-DrCKu5n6.js → InfoCircle-BwBXEQXi.js} +1 -1
  22. package/dist/client/assets/{Key01-BYgrwpwQ.js → Key01-BPqaf5vy.js} +1 -1
  23. package/dist/client/assets/{LinkExternal01-X7V7g2Se.js → LinkExternal01-CxomLdJd.js} +1 -1
  24. package/dist/client/assets/{List-C_0Whc0L.js → List-taDOKmLS.js} +1 -1
  25. package/dist/client/assets/{Loading01-Caqlt9Bv.js → Loading01-C5WNj1RN.js} +1 -1
  26. package/dist/client/assets/{Lock01-vG-5yyeh.js → Lock01-Di-2F0aX.js} +1 -1
  27. package/dist/client/assets/{Play-BlzZGPAX.js → Play-CrFW3Xap.js} +1 -1
  28. package/dist/client/assets/{Plus-BQOY8cyC.js → Plus-Rzuz08cb.js} +1 -1
  29. package/dist/client/assets/{SearchMd-HmBiHZ0V.js → SearchMd-CQBqMKg_.js} +1 -1
  30. package/dist/client/assets/{Terminal-D9MddJCS.js → Terminal-kk64xKO9.js} +1 -1
  31. package/dist/client/assets/{Trash01-D1LnL7KU.js → Trash01-NIFttcxe.js} +1 -1
  32. package/dist/client/assets/{Upload01-DeghE3q7.js → Upload01-DN0UV10S.js} +1 -1
  33. package/dist/client/assets/{X-C522Mtuk.js → X-DmFAeozb.js} +1 -1
  34. package/dist/client/assets/{XClose-DkD2thKX.js → XClose-CbwF-zr_.js} +1 -1
  35. package/dist/client/assets/{agent-detail-BGJJ1oAR.js → agent-detail-COGqHNUz.js} +1 -1
  36. package/dist/client/assets/{agents-b3QsXYTZ.js → agents-B3iPqEqm.js} +1 -1
  37. package/dist/client/assets/{alert-dialog-CQYx029c.js → alert-dialog-nojSsjex.js} +1 -1
  38. package/dist/client/assets/{auth-catchall-DxlmB0rJ.js → auth-catchall-C_OoShX7.js} +1 -1
  39. package/dist/client/assets/{avatar-tr42-cze.js → avatar-HSzeBtSD.js} +1 -1
  40. package/dist/client/assets/{badge-DbCGOSK0.js → badge-D7yW7Ams.js} +1 -1
  41. package/dist/client/assets/{binder-DAChRckN.js → binder-BvGWgf0j.js} +1 -1
  42. package/dist/client/assets/{button-bcsQixo9.js → button-B9UDEwx9.js} +1 -1
  43. package/dist/client/assets/{card-CF4NgVqi.js → card-D-ZcDLJM.js} +1 -1
  44. package/dist/client/assets/{checkbox-C_xYXQtT.js → checkbox-DmHZ3Xhg.js} +1 -1
  45. package/dist/client/assets/{circle-alert-CfxPShwI.js → circle-alert-CsGRs6FI.js} +1 -1
  46. package/dist/client/assets/{collection-detail-C44CVvqc.js → collection-detail-Cmda52TC.js} +1 -1
  47. package/dist/client/assets/{collection-display-button-DOJszKWG.js → collection-display-button-BAinwubP.js} +1 -1
  48. package/dist/client/assets/{collection-header-4UZF_Jxo.js → collection-header-d_96L4kd.js} +1 -1
  49. package/dist/client/assets/{collection-page-Ny2_q6Wx.js → collection-page-BuBCnaqK.js} +1 -1
  50. package/dist/client/assets/{collection-search-BoeIrXCF.js → collection-search-Cp9Rg8cG.js} +1 -1
  51. package/dist/client/assets/{collection-tab-CjqmGWa5.js → collection-tab-DGpjXcu1.js} +1 -1
  52. package/dist/client/assets/{collection-table-wrapper-B3S-7_3v.js → collection-table-wrapper-Cfb-5BQo.js} +1 -1
  53. package/dist/client/assets/{connect-B7lnUnFD.js → connect-ChWwgYE3.js} +1 -1
  54. package/dist/client/assets/{connection-card-GJRNjQtQ.js → connection-card-DSC3U6N-.js} +1 -1
  55. package/dist/client/assets/{connection-detail-Cw-1BerK.js → connection-detail-D9V3bixZ.js} +1 -1
  56. package/dist/client/assets/{connections-CrXSHBnU.js → connections-3QeHd0Af.js} +1 -1
  57. package/dist/client/assets/{constants-D1BdbeLl.js → constants-C8DVLjyM.js} +1 -1
  58. package/dist/client/assets/constants-CuO4IXOK.js +1 -0
  59. package/dist/client/assets/{create-organization-dialog-CZgDagJD.js → create-organization-dialog-JxPXU7zP.js} +1 -1
  60. package/dist/client/assets/{dialog-Dk7og_wA.js → dialog-DUXNadw5.js} +1 -1
  61. package/dist/client/assets/{dropdown-menu-BumDQ0aG.js → dropdown-menu-5V-XyUMl.js} +1 -1
  62. package/dist/client/assets/{dynamic-plugin-layout-D5M48ocY.js → dynamic-plugin-layout-Ba9BM3q2.js} +1 -1
  63. package/dist/client/assets/{empty-state-CfPNk03Z.js → empty-state-Ba4zQn5e.js} +1 -1
  64. package/dist/client/assets/{empty-state-T4ckP9YU.js → empty-state-D6Pye5dp.js} +1 -1
  65. package/dist/client/assets/{env-vars-editor-Ct_VKbGZ.js → env-vars-editor-BKG_L2uV.js} +1 -1
  66. package/dist/client/assets/{error-boundary-Bn5POvBP.js → error-boundary-BYKWfLka.js} +1 -1
  67. package/dist/client/assets/{extract-connection-data-Dfm_W_l8.js → extract-connection-data-CDfHtG_N.js} +1 -1
  68. package/dist/client/assets/{file-browser-7oLhMDLX.js → file-browser-D32InLNO.js} +2 -2
  69. package/dist/client/assets/{form-BQ69ZW8c.js → form-DufpJhV9.js} +1 -1
  70. package/dist/client/assets/{grid-view-HmOgvKGp.js → grid-view-CnSMlDZ4.js} +1 -1
  71. package/dist/client/assets/{home-DPn5t91v.js → home-MusYVBVC.js} +1 -1
  72. package/dist/client/assets/{index-Byl8k8ho.js → index-BJd9JH52.js} +1 -1
  73. package/dist/client/assets/{index-Dwv0GtqK.js → index-CNdaxvBl.js} +1 -1
  74. package/dist/client/assets/{index-BUVEyMfm.js → index-CVzDWVip.js} +1 -1
  75. package/dist/client/assets/{index-DLcu3lK_.js → index-fVdZwXbQ.js} +1 -1
  76. package/dist/client/assets/{index-C02qkmNR.js → index-g9oC-3mV.js} +1 -1
  77. package/dist/client/assets/{index-S_U-4ngr.js → index-kxFCfKdx.js} +2 -2
  78. package/dist/client/assets/{infiniteQueryObserver-B6huorg4.js → infiniteQueryObserver-Q9Ch1SlH.js} +1 -1
  79. package/dist/client/assets/{input-BRyvRQQw.js → input-CJuUYj5Y.js} +1 -1
  80. package/dist/client/assets/{layout-zFiV0jYx.js → layout-BdEZp7Lm.js} +1 -1
  81. package/dist/client/assets/{localstorage-keys-DCwiTeDm.js → localstorage-keys-DuVpM8xt.js} +1 -1
  82. package/dist/client/assets/{login-CELjGv3D.js → login-Baj4wuxy.js} +1 -1
  83. package/dist/client/assets/{mcp-oauth-DK5FvXtq.js → mcp-oauth-BCtnFmpv.js} +1 -1
  84. package/dist/client/assets/{mcp-server-card-DOlE-zaG.js → mcp-server-card-DaxbgdWa.js} +1 -1
  85. package/dist/client/assets/{mcp-server-detail-Cq4XEq4Q.js → mcp-server-detail-C4n2ElKE.js} +2 -2
  86. package/dist/client/assets/{members-CBeIrW2A.js → members-C-QMSOdo.js} +1 -1
  87. package/dist/client/assets/{monaco-editor-C8Vxe-d6.js → monaco-editor-1VMfvFaT.js} +1 -1
  88. package/dist/client/assets/{monitoring-CEHE2Gbv.js → monitoring-CyqwraZN.js} +1 -1
  89. package/dist/client/assets/{oauth-callback-4Pi9an0n.js → oauth-callback-UvAveY4Q.js} +1 -1
  90. package/dist/client/assets/{page-BRmfFmds.js → page-IMRDmGp_.js} +1 -1
  91. package/dist/client/assets/{page-CqqTKu8G.js → page-o9rm9dBG.js} +1 -1
  92. package/dist/client/assets/{pin-to-sidebar-button-Bjm4fARH.js → pin-to-sidebar-button-DKtGxFhi.js} +1 -1
  93. package/dist/client/assets/{plugin-empty-state-BAzsNcIy.js → plugin-empty-state-DqfmD7Lv.js} +1 -1
  94. package/dist/client/assets/{plugin-header-BMAgOXGW.js → plugin-header-BfXGZdm2.js} +1 -1
  95. package/dist/client/assets/{plugins-Rqbe1Akk.js → plugins-B-FlFz3o.js} +1 -1
  96. package/dist/client/assets/{popover-B0GDVpf0.js → popover-IWCGO-jB.js} +1 -1
  97. package/dist/client/assets/{registry-utils-BrcGnFri.js → registry-utils-9nMczNLD.js} +1 -1
  98. package/dist/client/assets/{resizable-6q63rtwi.js → resizable-oTpquxsO.js} +1 -1
  99. package/dist/client/assets/{resource-tabs-ObUZZkm0.js → resource-tabs-DNjaGx4N.js} +1 -1
  100. package/dist/client/assets/{select-C1fWFYID.js → select-6QIp3PPA.js} +1 -1
  101. package/dist/client/assets/{settings-D8LMSaYR.js → settings-DmEN7q-R.js} +1 -1
  102. package/dist/client/assets/{shell-layout-B5BfbF-q.js → shell-layout-f9QetI-r.js} +2 -2
  103. package/dist/client/assets/{spinner-Dshb5OlV.js → spinner-CHfAw4LE.js} +1 -1
  104. package/dist/client/assets/{switch-lRWJP9Se.js → switch-B8GiDtx0.js} +1 -1
  105. package/dist/client/assets/{textarea-B6Pek_-m.js → textarea-CO4qLNDj.js} +1 -1
  106. package/dist/client/assets/{tool-set-selector-D9uZ4MeK.js → tool-set-selector-uL1FTDsj.js} +1 -1
  107. package/dist/client/assets/{tools-list-Cz4YDOj-.js → tools-list-BE1mq5Cn.js} +1 -1
  108. package/dist/client/assets/{tooltip-TK6n7D-2.js → tooltip-DPmy6Yc4.js} +1 -1
  109. package/dist/client/assets/{typewriter-title-D7Joa2Yf.js → typewriter-title-D2-DYqDP.js} +1 -1
  110. package/dist/client/assets/{use-binding-BUoRbmR3.js → use-binding-Bpukv3gt.js} +1 -1
  111. package/dist/client/assets/{use-collections-Ch8R0RkJ.js → use-collections-DWOZCISS.js} +1 -1
  112. package/dist/client/assets/{use-connection-C2KSqkb0.js → use-connection-ASBc3U14.js} +1 -1
  113. package/dist/client/assets/{use-create-virtual-mcp-DWuzATJl.js → use-create-virtual-mcp-DlrAoyaQ.js} +1 -1
  114. package/dist/client/assets/{use-list-state-CTnZRql5.js → use-list-state-ZDRP3zFW.js} +1 -1
  115. package/dist/client/assets/{use-mcp-prompts-CO6cjnZW.js → use-mcp-prompts-DXLHacDq.js} +1 -1
  116. package/dist/client/assets/{use-members-INrEag_H.js → use-members-CTEqdwIL.js} +1 -1
  117. package/dist/client/assets/{use-mobile-DDhWd124.js → use-mobile-BuEGyUe0.js} +1 -1
  118. package/dist/client/assets/{use-organization-settings-CIJ0ks68.js → use-organization-settings-hA9VwO-v.js} +1 -1
  119. package/dist/client/assets/{use-virtual-mcp-ClScupMe.js → use-virtual-mcp-BR9Cj6JE.js} +1 -1
  120. package/dist/client/assets/useInfiniteQuery-CnqRaniP.js +1 -0
  121. package/dist/client/assets/{useMutation-Ln0pkj93.js → useMutation-ClL17OKX.js} +1 -1
  122. package/dist/client/assets/useQuery-CVADJf0h.js +1 -0
  123. package/dist/client/assets/{value-f2Q5IsLX.js → value-CzHdinJY.js} +1 -1
  124. package/dist/client/assets/{view-mode-toggle-D8M65IdZ.js → view-mode-toggle-B5HElat6.js} +1 -1
  125. package/dist/client/assets/{workflow-DQESfyss.js → workflow-Lt3GFUiP.js} +1 -1
  126. package/dist/client/index.html +1 -1
  127. package/dist/server/cli.js +1 -1
  128. package/dist/server/migrate.js +1 -1
  129. package/dist/server/server.js +1 -1
  130. package/package.json +1 -1
  131. package/dist/client/assets/constants-lRo2eL0e.js +0 -1
  132. package/dist/client/assets/useInfiniteQuery-CkUGYF8O.js +0 -1
  133. package/dist/client/assets/useQuery-Bzc3BvS1.js +0 -1
package/dist/server/server.js CHANGED
@@ -257,7 +257,7 @@ data:
257
257
  `;if(J)G+=`id: ${J}
258
258
  `;return G+=`data: ${JSON.stringify(Q)}
259
259
 
260
- `,X.enqueue(Y.encode(G)),!0}catch{return!1}}handleUnsupportedRequest(){return new Response(JSON.stringify({jsonrpc:"2.0",error:{code:-32000,message:"Method not allowed."},id:null}),{status:405,headers:{Allow:"GET, POST, DELETE","Content-Type":"application/json"}})}async handlePostRequest(X,Y){try{let Q=X.headers.get("accept");if(!Q?.includes("application/json")||!Q.includes("text/event-stream"))return this.createJsonErrorResponse(406,-32000,"Not Acceptable: Client must accept both application/json and text/event-stream");let J=X.headers.get("content-type");if(!J||!J.includes("application/json"))return this.createJsonErrorResponse(415,-32000,"Unsupported Media Type: Content-Type must be application/json");let G={headers:Object.fromEntries(X.headers.entries())},W;if(Y?.parsedBody!==void 0)W=Y.parsedBody;else try{W=await X.json()}catch{return this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON")}let Z;try{if(Array.isArray(W))Z=W.map((L)=>TQ.parse(L));else Z=[TQ.parse(W)]}catch{return this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON-RPC message")}let $=Z.some(Oa);if($){if(this._initialized&&this.sessionId!==void 0)return this.createJsonErrorResponse(400,-32600,"Invalid Request: Server already initialized");if(Z.length>1)return this.createJsonErrorResponse(400,-32600,"Invalid Request: Only one initialization request is allowed");if(this.sessionId=this.sessionIdGenerator?.(),this._initialized=!0,this.sessionId&&this._onsessioninitialized)await Promise.resolve(this._onsessioninitialized(this.sessionId))}if(!$){let L=this.validateSession(X);if(L)return L;let w=this.validateProtocolVersion(X);if(w)return w}if(!Z.some(AG)){for(let L of Z)this.onmessage?.(L,{authInfo:Y?.authInfo,requestInfo:G});return new Response(null,{status:202})}let H=crypto.randomUUID(),F=Z.find((L)=>Oa(L)),V=F?F.params.protocolVersion:X.headers.get("mcp-protocol-version")??_h0;if(this._enableJsonResponse)return new Promise((L)=>{this._streamMapping.set(H,{resolveJson:L,cleanup:()=>{this._streamMapping.delete(H)}});for(let w of Z)if(AG(w))this._requestToStreamMapping.set(w.id,H);for(let w of Z)this.onmessage?.(w,{authInfo:Y?.authInfo,requestInfo:G})});let q=new TextEncoder,B,D=new ReadableStream({start:(L)=>{B=L},cancel:()=>{this._streamMapping.delete(H)}}),N={"Content-Type":"text/event-stream","Cache-Control":"no-cache",Connection:"keep-alive"};if(this.sessionId!==void 0)N["mcp-session-id"]=this.sessionId;for(let L of Z)if(AG(L))this._streamMapping.set(H,{controller:B,encoder:q,cleanup:()=>{this._streamMapping.delete(H);try{B.close()}catch{}}}),this._requestToStreamMapping.set(L.id,H);await this.writePrimingEvent(B,q,H,V);for(let L of Z){let w,C;if(AG(L)&&this._eventStore&&V>="2025-11-25")w=()=>{this.closeSSEStream(L.id)},C=()=>{this.closeStandaloneSSEStream()};this.onmessage?.(L,{authInfo:Y?.authInfo,requestInfo:G,closeSSEStream:w,closeStandaloneSSEStream:C})}return new Response(D,{status:200,headers:N})}catch(Q){return this.onerror?.(Q),this.createJsonErrorResponse(400,-32700,"Parse error",{data:String(Q)})}}async handleDeleteRequest(X){let Y=this.validateSession(X);if(Y)return Y;let Q=this.validateProtocolVersion(X);if(Q)return Q;return await Promise.resolve(this._onsessionclosed?.(this.sessionId)),await this.close(),new Response(null,{status:200})}validateSession(X){if(this.sessionIdGenerator===void 0)return;if(!this._initialized)return this.createJsonErrorResponse(400,-32000,"Bad Request: Server not initialized");let Y=X.headers.get("mcp-session-id");if(!Y)return this.createJsonErrorResponse(400,-32000,"Bad Request: Mcp-Session-Id header is required");if(Y!==this.sessionId)return this.createJsonErrorResponse(404,-32001,"Session not found");return}validateProtocolVersion(X){let Y=X.headers.get("mcp-protocol-version");if(Y!==null&&!sH.includes(Y))return this.createJsonErrorResponse(400,-32000,`Bad Request: Unsupported protocol version: ${Y} (supported versions: ${sH.join(", ")})`);return}async close(){this._streamMapping.forEach(({cleanup:X})=>{X()}),this._streamMapping.clear(),this._requestResponseMap.clear(),this.onclose?.()}closeSSEStream(X){let Y=this._requestToStreamMapping.get(X);if(!Y)return;let Q=this._streamMapping.get(Y);if(Q)Q.cleanup()}closeStandaloneSSEStream(){let X=this._streamMapping.get(this._standaloneSseStreamId);if(X)X.cleanup()}async send(X,Y){let Q=Y?.relatedRequestId;if(U5(X)||xq(X))Q=X.id;if(Q===void 0){if(U5(X)||xq(X))throw Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");let W;if(this._eventStore)W=await this._eventStore.storeEvent(this._standaloneSseStreamId,X);let Z=this._streamMapping.get(this._standaloneSseStreamId);if(Z===void 0)return;if(Z.controller&&Z.encoder)this.writeSSEEvent(Z.controller,Z.encoder,X,W);return}let J=this._requestToStreamMapping.get(Q);if(!J)throw Error(`No connection established for request ID: ${String(Q)}`);let G=this._streamMapping.get(J);if(!this._enableJsonResponse&&G?.controller&&G?.encoder){let W;if(this._eventStore)W=await this._eventStore.storeEvent(J,X);this.writeSSEEvent(G.controller,G.encoder,X,W)}if(U5(X)||xq(X)){this._requestResponseMap.set(Q,X);let W=Array.from(this._requestToStreamMapping.entries()).filter(([$,K])=>K===J).map(([$])=>$);if(W.every(($)=>this._requestResponseMap.has($))){if(!G)throw Error(`No connection established for request ID: ${String(Q)}`);if(this._enableJsonResponse&&G.resolveJson){let $={"Content-Type":"application/json"};if(this.sessionId!==void 0)$["mcp-session-id"]=this.sessionId;let K=W.map((H)=>this._requestResponseMap.get(H));if(K.length===1)G.resolveJson(new Response(JSON.stringify(K[0]),{status:200,headers:$}));else G.resolveJson(new Response(JSON.stringify(K),{status:200,headers:$}))}else G.cleanup();for(let $ of W)this._requestResponseMap.delete($),this._requestToStreamMapping.delete($)}}}}var Ob=u(()=>{qX()});var RP=(...X)=>{return function(Q,J){let G=(W)=>{let Z=X[W];if(!Z)return J();return Z(Q,()=>G(W+1))};return G(0)}};class eQ1{config;tools=[];callToolMiddlewares=[];jsonSchemaCache=new Map;constructor(X){this.config={...X,capabilities:X.capabilities??{tools:{}}}}getCachedJsonSchema(X){let Y=this.jsonSchemaCache.get(X);if(!Y)Y=U.toJSONSchema(X),this.jsonSchemaCache.set(X,Y);return Y}withTool(X){return this.tools.push(X),this}withTools(X){return this.tools.push(...X),this}callToolMiddleware(...X){return this.callToolMiddlewares.push(...X),this}build(){let X=this.callToolMiddlewares.length>0?RP(...this.callToolMiddlewares):null,Y=()=>{let Q=new LF({name:this.config.name,version:this.config.version},{capabilities:this.config.capabilities});for(let J of this.tools){let G=async(K)=>{try{let H=await J.handler(K);return{content:[{type:"text",text:JSON.stringify(H)}],structuredContent:H}}catch(H){return{content:[{type:"text",text:`Error: ${H.message}`}],isError:!0}}},W=X?async(K)=>{let H={method:"tools/call",params:{name:J.name,arguments:K}};return await X(H,()=>G(K))}:G,Z="shape"in J.inputSchema?J.inputSchema.shape:U.object({}).shape,$=J.outputSchema&&"shape"in J.outputSchema?J.outputSchema.shape:U.object({}).shape;Q.registerTool(J.name,{annotations:J.annotations,description:J.description??"",inputSchema:Z,outputSchema:$},W)}return Q};return{callStreamableTool:async(Q,J)=>{let G=this.tools.find((Z)=>Z.name===Q);if(!G)throw Error(`Tool ${Q} not found`);let W=await G.handler(J);if(!(W instanceof Response))throw Error(`Tool ${Q} returned a non-response`);return W},client:{listTools:async()=>{return{tools:this.tools.map((Q)=>({name:Q.name,description:Q.description??"",inputSchema:this.getCachedJsonSchema(Q.inputSchema),outputSchema:Q.outputSchema?this.getCachedJsonSchema(Q.outputSchema):void 0}))}},callTool:async(Q)=>{let J=this.tools.find((G)=>G.name===Q.name);if(!J)return{content:[{type:"text",text:"Tool not found"}]};try{let G=await J?.handler(Q.arguments??{});return{content:[{type:"text",text:JSON.stringify(G)}],structuredContent:G}}catch(G){return{content:[{type:"text",text:`Error: ${G.message}`}]}}}},fetch:async(Q)=>{let J=new wF({enableJsonResponse:Q.headers.get("Accept")?.includes("application/json")??!1});await Y().connect(J);try{return await J.handleRequest(Q)}finally{try{await J.close?.()}catch{}}}}}}function XJ1(X){return new eQ1(X)}var YJ1=u(()=>{Nb();Ob();c0()});var Lb="user-sandbox",QJ1="Create embeddable integration flows for platform end-users";import{sql as SP}from"kysely";var JJ1;var GJ1=u(()=>{JJ1={name:"001-user-sandbox",async up(X){await X.schema.createTable("user_sandbox").addColumn("id","text",(Y)=>Y.primaryKey()).addColumn("organization_id","text",(Y)=>Y.notNull().references("organization.id").onDelete("cascade")).addColumn("title","text",(Y)=>Y.notNull()).addColumn("description","text").addColumn("icon","text").addColumn("required_apps","text",(Y)=>Y.notNull()).addColumn("redirect_url","text").addColumn("webhook_url","text").addColumn("event_type","text",(Y)=>Y.notNull().defaultTo("integration.completed")).addColumn("agent_title_template","text",(Y)=>Y.notNull().defaultTo("Agent for {{externalUserId}}")).addColumn("agent_instructions","text").addColumn("tool_selection_mode","text",(Y)=>Y.notNull().defaultTo("inclusion")).addColumn("status","text",(Y)=>Y.notNull().defaultTo("active")).addColumn("created_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).addColumn("updated_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).addColumn("created_by","text",(Y)=>Y.references("user.id").onDelete("set null")).execute(),await X.schema.createIndex("idx_user_sandbox_org").on("user_sandbox").column("organization_id").execute(),await X.schema.createTable("user_sandbox_sessions").addColumn("id","text",(Y)=>Y.primaryKey()).addColumn("template_id","text",(Y)=>Y.notNull().references("user_sandbox.id").onDelete("cascade")).addColumn("organization_id","text",(Y)=>Y.notNull().references("organization.id").onDelete("cascade")).addColumn("external_user_id","text",(Y)=>Y.notNull()).addColumn("status","text",(Y)=>Y.notNull().defaultTo("pending")).addColumn("app_statuses","text",(Y)=>Y.notNull().defaultTo("{}")).addColumn("created_agent_id","text",(Y)=>Y.references("connections.id").onDelete("set null")).addColumn("redirect_url","text").addColumn("created_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).addColumn("updated_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).addColumn("expires_at","text",(Y)=>Y.notNull()).execute(),await X.schema.createIndex("idx_user_sandbox_sessions_template").on("user_sandbox_sessions").column("template_id").execute(),await X.schema.createIndex("idx_user_sandbox_sessions_external_user").on("user_sandbox_sessions").columns(["template_id","external_user_id"]).execute(),await X.schema.createIndex("idx_user_sandbox_sessions_org").on("user_sandbox_sessions").column("organization_id").execute(),await X.schema.createTable("user_sandbox_agents").addColumn("id","text",(Y)=>Y.primaryKey()).addColumn("user_sandbox_id","text",(Y)=>Y.notNull().references("user_sandbox.id").onDelete("cascade")).addColumn("external_user_id","text",(Y)=>Y.notNull()).addColumn("connection_id","text",(Y)=>Y.notNull().references("connections.id").onDelete("cascade")).addColumn("created_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).execute(),await X.schema.createIndex("idx_user_sandbox_agents_unique").on("user_sandbox_agents").columns(["user_sandbox_id","external_user_id"]).unique().execute(),await X.schema.createIndex("idx_user_sandbox_agents_connection").on("user_sandbox_agents").column("connection_id").execute()},async down(X){await X.schema.dropIndex("idx_user_sandbox_agents_connection").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_agents_unique").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_sessions_org").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_sessions_external_user").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_sessions_template").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_org").ifExists().execute(),await X.schema.dropTable("user_sandbox_agents").ifExists().execute(),await X.schema.dropTable("user_sandbox_sessions").ifExists().execute(),await X.schema.dropTable("user_sandbox").ifExists().execute()}}});var WJ1;var ZJ1=u(()=>{GJ1();WJ1=[JJ1]});function wb(X){let Y=Date.now().toString(36),Q=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`${X}_${Y}${Q}`}class kP{db;constructor(X){this.db=X}async create(X){let Y=wb("usb"),Q=new Date().toISOString(),J={id:Y,organization_id:X.organization_id,title:X.title,description:X.description??null,icon:X.icon??null,required_apps:JSON.stringify(X.required_apps),redirect_url:X.redirect_url??null,webhook_url:X.webhook_url??null,event_type:X.event_type??"integration.completed",agent_title_template:X.agent_title_template??"{{externalUserId}}'s Agent",agent_instructions:X.agent_instructions??null,tool_selection_mode:X.tool_selection_mode??"inclusion",status:"active",created_at:Q,updated_at:Q,created_by:X.created_by??null};await this.db.insertInto("user_sandbox").values(J).execute();let G=await this.findById(Y);if(!G)throw Error(`Failed to create user sandbox with id: ${Y}`);return G}async findById(X){let Y=await this.db.selectFrom("user_sandbox").selectAll().where("id","=",X).executeTakeFirst();if(!Y)return null;return this.deserialize(Y)}async list(X){return(await this.db.selectFrom("user_sandbox").selectAll().where("organization_id","=",X).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async update(X,Y){let J={updated_at:new Date().toISOString()};if(Y.title!==void 0)J.title=Y.title;if(Y.description!==void 0)J.description=Y.description;if(Y.icon!==void 0)J.icon=Y.icon;if(Y.required_apps!==void 0)J.required_apps=JSON.stringify(Y.required_apps);if(Y.redirect_url!==void 0)J.redirect_url=Y.redirect_url;if(Y.webhook_url!==void 0)J.webhook_url=Y.webhook_url;if(Y.event_type!==void 0)J.event_type=Y.event_type;if(Y.agent_title_template!==void 0)J.agent_title_template=Y.agent_title_template;if(Y.agent_instructions!==void 0)J.agent_instructions=Y.agent_instructions;if(Y.tool_selection_mode!==void 0)J.tool_selection_mode=Y.tool_selection_mode;if(Y.status!==void 0)J.status=Y.status;await this.db.updateTable("user_sandbox").set(J).where("id","=",X).execute();let G=await this.findById(X);if(!G)throw Error(`Template not found after update: ${X}`);return G}async delete(X){await this.db.deleteFrom("user_sandbox").where("id","=",X).execute()}deserialize(X){let Y=[];try{Y=JSON.parse(X.required_apps)}catch{Y=[]}return{id:X.id,organization_id:X.organization_id,title:X.title,description:X.description,icon:X.icon,required_apps:Y,redirect_url:X.redirect_url,webhook_url:X.webhook_url,event_type:X.event_type,agent_title_template:X.agent_title_template,agent_instructions:X.agent_instructions,tool_selection_mode:X.tool_selection_mode,status:X.status,created_at:X.created_at,updated_at:X.updated_at,created_by:X.created_by}}}var v80=()=>{};class vP{db;constructor(X){this.db=X}async create(X){let Y=wb("sandbox_session"),Q=new Date().toISOString(),J={id:Y,template_id:X.template_id,organization_id:X.organization_id,external_user_id:X.external_user_id,status:"pending",app_statuses:"{}",created_agent_id:X.created_agent_id??null,redirect_url:X.redirect_url??null,created_at:Q,updated_at:Q,expires_at:X.expires_at};await this.db.insertInto("user_sandbox_sessions").values(J).execute();let G=await this.findById(Y);if(!G)throw Error(`Failed to create session with id: ${Y}`);return G}async findById(X){let Y=await this.db.selectFrom("user_sandbox_sessions").selectAll().where("id","=",X).executeTakeFirst();if(!Y)return null;return this.deserialize(Y)}async findExisting(X,Y){let Q=new Date().toISOString(),J=await this.db.selectFrom("user_sandbox_sessions").selectAll().where("template_id","=",X).where("external_user_id","=",Y).where("expires_at",">",Q).where("status","!=","completed").orderBy("created_at","desc").executeTakeFirst();if(!J)return null;return this.deserialize(J)}async listByTemplate(X){return(await this.db.selectFrom("user_sandbox_sessions").selectAll().where("template_id","=",X).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async listByOrganization(X){return(await this.db.selectFrom("user_sandbox_sessions").selectAll().where("organization_id","=",X).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async update(X,Y){let J={updated_at:new Date().toISOString()};if(Y.status!==void 0)J.status=Y.status;if(Y.app_statuses!==void 0)J.app_statuses=JSON.stringify(Y.app_statuses);if(Y.created_agent_id!==void 0)J.created_agent_id=Y.created_agent_id;await this.db.updateTable("user_sandbox_sessions").set(J).where("id","=",X).execute();let G=await this.findById(X);if(!G)throw Error(`Session not found after update: ${X}`);return G}async delete(X){await this.db.deleteFrom("user_sandbox_sessions").where("id","=",X).execute()}async deleteExpired(){let X=new Date().toISOString(),Y=await this.db.deleteFrom("user_sandbox_sessions").where("expires_at","<",X).where("status","!=","completed").executeTakeFirst();return Number(Y.numDeletedRows??0)}async deleteByExternalUserId(X,Y){let Q=await this.db.deleteFrom("user_sandbox_sessions").where("organization_id","=",X).where("external_user_id","=",Y).executeTakeFirst();return Number(Q.numDeletedRows??0)}deserialize(X){let Y={};try{Y=JSON.parse(X.app_statuses)}catch{Y={}}return{id:X.id,template_id:X.template_id,organization_id:X.organization_id,external_user_id:X.external_user_id,status:X.status,app_statuses:Y,created_agent_id:X.created_agent_id,redirect_url:X.redirect_url,created_at:X.created_at,updated_at:X.updated_at,expires_at:X.expires_at}}}var _80=()=>{};function _P(X){y80=X}function dY(){if(!y80)throw Error(`Plugin storage not initialized. Make sure the "${Lb}" plugin is enabled.`);return y80}function b80(){return process.env.BASE_URL||"http://localhost:3000"}var y80=null;var x5=()=>{};function $J1(X){let Y=X.db,Q={templates:new kP(Y),sessions:new vP(Y)};return _P(Q),Q}var KJ1=u(()=>{v80();_80();x5()});var Mb6,Pb6,Tb6,Ab6,Eb6,UK,jb6,HJ1,FJ1,VJ1,qJ1,UJ1,BJ1,zJ1,DJ1,NJ1,OJ1,LJ1,Cb6,wJ1,MJ1,PJ1;var D7=u(()=>{c0();Mb6=U.object({authorizationEndpoint:U.string().describe("OAuth authorization endpoint URL"),tokenEndpoint:U.string().describe("OAuth token endpoint URL"),clientId:U.string().describe("OAuth client ID"),scopes:U.array(U.string()).describe("OAuth scopes to request"),grantType:U.enum(["authorization_code","client_credentials"]).describe("OAuth grant type")}),Pb6=U.object({headers:U.record(U.string(),U.string()).optional().describe("HTTP headers")}),Tb6=U.object({command:U.string().describe("Command to run"),args:U.array(U.string()).optional().describe("Command arguments"),cwd:U.string().optional().describe("Working directory"),envVars:U.record(U.string(),U.string()).optional().describe("Environment variables")}),Ab6=U.object({app_name:U.string().describe("App name from registry (e.g., '@deco/gmail')"),title:U.string().describe("Display title for the app"),description:U.string().nullable().optional().describe("App description"),icon:U.string().nullable().optional().describe("Icon URL"),connection_type:U.enum(["HTTP","SSE","Websocket","STDIO"]).describe("Connection type"),connection_url:U.string().nullable().optional().describe("MCP server URL"),connection_headers:U.union([Pb6,Tb6]).nullable().optional().describe("Connection parameters"),oauth_config:Mb6.nullable().optional().describe("OAuth configuration if required"),selected_tools:U.array(U.string()).nullable().optional().describe("Selected tools to expose (null = all)"),selected_resources:U.array(U.string()).nullable().optional().describe("Selected resources to expose (null = all)"),selected_prompts:U.array(U.string()).nullable().optional().describe("Selected prompts to expose (null = all)")}),Eb6=U.object({configured:U.boolean().describe("Whether the app has been configured"),connection_id:U.string().nullable().describe("Connection ID if created"),error:U.string().nullable().describe("Error message if configuration failed")}),UK=U.object({id:U.string(),organization_id:U.string(),title:U.string(),description:U.string().nullable(),icon:U.string().nullable(),required_apps:U.array(Ab6),redirect_url:U.string().nullable(),webhook_url:U.string().nullable(),event_type:U.string(),agent_title_template:U.string(),agent_instructions:U.string().nullable(),tool_selection_mode:U.enum(["inclusion","exclusion"]),status:U.enum(["active","inactive"]),created_at:U.string(),updated_at:U.string(),created_by:U.string().nullable()}),jb6=U.object({id:U.string(),template_id:U.string(),organization_id:U.string(),external_user_id:U.string(),status:U.enum(["pending","in_progress","completed"]),app_statuses:U.record(U.string(),Eb6),created_agent_id:U.string().nullable(),redirect_url:U.string().nullable(),created_at:U.string(),updated_at:U.string(),expires_at:U.string()}),HJ1=U.object({app_name:U.string().describe("App name from registry (e.g., '@deco/openrouter')"),selected_tools:U.array(U.string()).nullable().optional().describe("Selected tools to expose (null = all)"),selected_resources:U.array(U.string()).nullable().optional().describe("Selected resources to expose (null = all)"),selected_prompts:U.array(U.string()).nullable().optional().describe("Selected prompts to expose (null = all)")}),FJ1=U.object({title:U.string().describe("Title for the template"),description:U.string().optional().describe("Optional description"),icon:U.string().optional().describe("Optional icon URL"),registry_id:U.string().describe("Connection ID of the registry to look up apps from"),required_apps:U.array(HJ1).describe("Apps to include - only app_name required, details fetched from registry"),redirect_url:U.string().optional().describe("URL to redirect to after completion"),webhook_url:U.string().optional().describe("Webhook URL to call on completion"),event_type:U.string().optional().describe("Event type to emit (default: integration.completed)"),agent_title_template:U.string().optional().describe("Template for agent title (supports {{externalUserId}})"),agent_instructions:U.string().optional().describe("Instructions for the created agent"),tool_selection_mode:U.enum(["inclusion","exclusion"]).optional().describe("Tool selection mode for the agent")}),VJ1=U.object({id:U.string().describe("Template ID to update"),title:U.string().optional(),description:U.string().nullable().optional(),icon:U.string().nullable().optional(),registry_id:U.string().optional().describe("Connection ID of the registry (required if updating required_apps)"),required_apps:U.array(HJ1).optional().describe("Updated apps (details will be fetched from registry)"),redirect_url:U.string().nullable().optional(),webhook_url:U.string().nullable().optional(),event_type:U.string().optional(),agent_title_template:U.string().optional(),agent_instructions:U.string().nullable().optional(),tool_selection_mode:U.enum(["inclusion","exclusion"]).optional(),status:U.enum(["active","inactive"]).optional()}),qJ1=U.object({id:U.string().describe("Template ID")}),UJ1=U.object({}),BJ1=U.object({id:U.string().describe("Template ID to delete")}),zJ1=U.object({templateId:U.string().describe("Template ID"),externalUserId:U.string().describe("External user ID from your platform"),expiresInSeconds:U.number().optional().describe("Session expiration in seconds (default: 7 days)")}),DJ1=U.object({sessionId:U.string().describe("Session ID"),url:U.string().describe("URL for the connect flow"),expiresAt:U.string().describe("Session expiration time"),agentId:U.string().nullable().optional().describe("Virtual MCP ID for this user (unique per template + user)"),created:U.boolean().describe("Whether the agent was newly created (true) or already existed (false)")}),NJ1=U.object({templateId:U.string().optional().describe("Filter by template ID")}),OJ1=U.object({sessions:U.array(jb6)}),LJ1=U.object({externalUserId:U.string().describe("External user ID to find agents for")}),Cb6=U.object({id:U.string().describe("Agent (Virtual MCP) ID"),title:U.string(),external_user_id:U.string(),template_id:U.string().nullable(),created_at:U.string()}),wJ1=U.object({agents:U.array(Cb6)}),MJ1=U.object({externalUserId:U.string().describe("External user ID whose session data should be cleared")}),PJ1=U.object({success:U.boolean(),deletedAgents:U.number().describe("Number of agents (Virtual MCPs) deleted"),deletedConnections:U.number().describe("Number of child connections deleted"),deletedSessions:U.number().describe("Number of sessions deleted")})});function Rb6(X){if(!X?.url)return null;try{let Y=new URL(X.url);if(Y.hostname==="github.com"){let Q=Y.pathname.split("/").filter(Boolean);if(Q.length>=1)return`https://github.com/${Q[0]}.png`}}catch{}return null}function Sb6(X){return X.find((Q)=>Q.name.endsWith("_LIST"))?.name??null}function kb6(X){if(!X)return[];if(Array.isArray(X))return X;if(typeof X==="object"&&X!==null){let Y=Object.keys(X).find((Q)=>Array.isArray(X[Q]));if(Y)return X[Y]}return[]}function vb6(X,Y,Q,J){let G=X.server,W=X._meta?.["mcp.mesh"],Z=W?.friendlyName||W?.friendly_name||X.title||G?.title||G?.name||"Unnamed MCP Server",$=G?.description||null,K=G?.icons?.[0]?.src||Rb6(G?.repository)||null,H=W?.oauth_config,F=H&&typeof H.authorizationEndpoint==="string"&&typeof H.tokenEndpoint==="string"&&typeof H.clientId==="string"&&Array.isArray(H.scopes)&&(H.grantType==="authorization_code"||H.grantType==="client_credentials")?{authorizationEndpoint:H.authorizationEndpoint,tokenEndpoint:H.tokenEndpoint,clientId:H.clientId,scopes:H.scopes,grantType:H.grantType}:null,V=G?.packages??[],q=G?.remotes??[],B,D,N=null,L=q[0],w=V[0];if(L){if(B=Ib6[L.type??""]??L.type?.toUpperCase()??"HTTP",D=L.url??null,L.headers&&L.headers.length>0){let C={};for(let T of L.headers)if(T.name&&T.value)C[T.name]=T.value;if(Object.keys(C).length>0)N={headers:C}}}else if(w){B="STDIO",D=null;let C=w.identifier||w.name,T={};if(w.environmentVariables){for(let A of w.environmentVariables)if(A.name)T[A.name]=""}N={command:"npx",args:C?["-y",C]:[],...Object.keys(T).length>0&&{envVars:T}}}else B="HTTP",D=null;return{title:Z,description:$,icon:K,connection_type:B,connection_url:D,connection_headers:N,oauth_config:F,selected_tools:Y,selected_resources:Q,selected_prompts:J}}async function _b6(X,Y,Q,J=null,G=null,W=null){let Z=await X.createMCPProxy(Y),$=await Z.client.listTools(),K=Sb6($.tools);if(!K)throw Error(`Registry "${Y}" does not have a LIST tool`);let H=await Z.client.callTool({name:K,arguments:{where:{appName:Q}}}),F=H.structuredContent??H,q=kb6(F)[0];if(!q)throw Error(`App "${Q}" not found in registry "${Y}"`);let B=vb6(q,J,G,W);return{app_name:Q,...B}}async function Mb(X,Y,Q){let J=[];for(let G of Q){let W=await _b6(X,Y,G.app_name,G.selected_tools??null,G.selected_resources??null,G.selected_prompts??null);J.push(W)}return J}var Ib6;var f80=u(()=>{Ib6={"streamable-http":"HTTP",http:"HTTP",sse:"SSE",stdio:"STDIO",websocket:"Websocket"}});var TJ1;var AJ1=u(()=>{D7();x5();f80();TJ1={name:"USER_SANDBOX_CREATE",description:"Create a new user sandbox for platform integration flows. Specify apps by name and the system will automatically fetch connection details from the registry.",inputSchema:FJ1,outputSchema:UK,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=await Mb(J,Q.registry_id,Q.required_apps.map(($)=>({app_name:$.app_name,selected_tools:$.selected_tools??null,selected_resources:$.selected_resources??null,selected_prompts:$.selected_prompts??null})));return await dY().templates.create({organization_id:J.organization.id,title:Q.title,description:Q.description??null,icon:Q.icon??null,required_apps:G,redirect_url:Q.redirect_url??null,webhook_url:Q.webhook_url??null,event_type:Q.event_type,agent_title_template:Q.agent_title_template,agent_instructions:Q.agent_instructions??null,tool_selection_mode:Q.tool_selection_mode,created_by:J.auth.user?.id??null})}}});var EJ1;var jJ1=u(()=>{D7();x5();f80();EJ1={name:"USER_SANDBOX_UPDATE",description:"Update an existing user sandbox. If updating required_apps, provide registry_id to auto-fetch details.",inputSchema:VJ1,outputSchema:UK,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=dY(),W=await G.templates.findById(Q.id);if(!W)throw Error(`Template not found: ${Q.id}`);if(W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");let Z=void 0;if(Q.required_apps&&Q.required_apps.length>0){if(!Q.registry_id)throw Error("registry_id is required when updating required_apps");Z=await Mb(J,Q.registry_id,Q.required_apps.map((K)=>({app_name:K.app_name,selected_tools:K.selected_tools??null,selected_resources:K.selected_resources??null,selected_prompts:K.selected_prompts??null})))}return await G.templates.update(Q.id,{title:Q.title,description:Q.description,icon:Q.icon,required_apps:Z,redirect_url:Q.redirect_url,webhook_url:Q.webhook_url,event_type:Q.event_type,agent_title_template:Q.agent_title_template,agent_instructions:Q.agent_instructions,tool_selection_mode:Q.tool_selection_mode,status:Q.status})}}});var CJ1;var IJ1=u(()=>{c0();D7();x5();CJ1={name:"USER_SANDBOX_DELETE",description:"Delete a user sandbox",inputSchema:BJ1,outputSchema:U.object({success:U.boolean(),id:U.string()}),handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=dY(),W=await G.templates.findById(Q.id);if(!W)throw Error(`Template not found: ${Q.id}`);if(W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");return await G.templates.delete(Q.id),{success:!0,id:Q.id}}}});var RJ1;var SJ1=u(()=>{c0();D7();x5();RJ1={name:"USER_SANDBOX_LIST",description:"List all user sandbox in the organization",inputSchema:UJ1,outputSchema:U.object({templates:U.array(UK)}),handler:async(X,Y)=>{let Q=Y;if(!Q.organization)throw Error("Organization context required");return await Q.access.check(),{templates:await dY().templates.list(Q.organization.id)}}}});var kJ1;var vJ1=u(()=>{D7();x5();kJ1={name:"USER_SANDBOX_GET",description:"Get a user sandbox by ID",inputSchema:qJ1,outputSchema:UK.nullable(),handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let W=await dY().templates.findById(Q.id);if(W&&W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");return W}}});async function _J1(X,Y){let Q=await Y.sessions.findById(X);if(!Q)throw new rW("Session not found","SESSION_NOT_FOUND");if(new Date(Q.expires_at)<new Date)throw new rW("Session has expired","SESSION_EXPIRED");return Q}async function yb6(X,Y){let Q=await _J1(X,Y);if(Q.status==="completed")throw new rW("Session is already completed. Create a new session to reconfigure.","SESSION_COMPLETED");return Q}function bb6(X,Y){let Q=X.metadata;if(!Q)throw new rW("Connection has no metadata","CONNECTION_ACCESS_DENIED");let J=Q[BK.SESSION_ID]===Y.id,G=Q[BK.EXTERNAL_USER_ID]===Y.external_user_id&&Q[BK.TEMPLATE_ID]===Y.template_id;if(!J&&!G)throw new rW("Access denied: connection does not belong to this session","CONNECTION_ACCESS_DENIED")}function h80(X,Y,Q){return{[BK.SESSION_ID]:X,[BK.EXTERNAL_USER_ID]:Y,[BK.TEMPLATE_ID]:Q,source:"user-sandbox"}}function x80(X,Y){return{[BK.EXTERNAL_USER_ID]:X,[BK.TEMPLATE_ID]:Y,source:"user-sandbox"}}async function MF(X,Y,Q){let J=Q?.allowCompleted?await _J1(X,Y):await yb6(X,Y);if(Q?.connection)bb6(Q.connection,J);return J}var BK,rW;var yJ1=u(()=>{BK={SESSION_ID:"user_sandbox_session_id",EXTERNAL_USER_ID:"user_sandbox_external_user_id",TEMPLATE_ID:"user_sandbox_id"};rW=class rW extends Error{code;constructor(X,Y){super(X);this.code=Y;this.name="SessionAccessError"}}});var g80=u(()=>{yJ1()});async function hb6(X,Y,Q,J,G,W,Z,$){let K=X,H=await K.selectFrom("user_sandbox_agents").select("connection_id").where("user_sandbox_id","=",J).where("external_user_id","=",G).executeTakeFirst();if(H)return{connectionId:H.connection_id,created:!1};let F=new Date().toISOString(),V=`usa_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`,q=`vir_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`;try{return await K.transaction().execute(async(B)=>{await B.insertInto("connections").values({id:q,organization_id:Y,created_by:Q,title:W,description:Z,icon:null,app_name:null,app_id:null,connection_type:"VIRTUAL",connection_url:`virtual://${q}`,connection_token:null,connection_headers:JSON.stringify({tool_selection_mode:$}),oauth_config:null,configuration_state:null,configuration_scopes:null,metadata:JSON.stringify(x80(G,J)),tools:null,bindings:null,status:"active",created_at:F,updated_at:F}).execute(),await B.insertInto("user_sandbox_agents").values({id:V,user_sandbox_id:J,external_user_id:G,connection_id:q,created_at:F}).execute()}),{connectionId:q,created:!0}}catch(B){let D=String(B);if(D.includes("UNIQUE constraint")||D.includes("duplicate key")){let N=await K.selectFrom("user_sandbox_agents").select("connection_id").where("user_sandbox_id","=",J).where("external_user_id","=",G).executeTakeFirst();if(N)return{connectionId:N.connection_id,created:!1}}throw B}}var fb6=604800,bJ1;var fJ1=u(()=>{D7();x5();g80();bJ1={name:"USER_SANDBOX_CREATE_SESSION",description:"Create a connect session URL for an external user. Returns a URL that the user can visit to configure their integrations. Also creates a unique Virtual MCP (agent) for this user if one doesn't exist.",inputSchema:zJ1,outputSchema:DJ1,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=dY(),W=await G.templates.findById(Q.templateId);if(!W)throw Error(`Template not found: ${Q.templateId}`);if(W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");if(W.status!=="active")throw Error("Template is not active");let Z=W.agent_title_template.replace("{{externalUserId}}",Q.externalUserId),$=W.created_by??J.auth.user?.id??"system",{connectionId:K,created:H}=await hb6(J.db,J.organization.id,$,W.id,Q.externalUserId,Z,W.agent_instructions,W.tool_selection_mode),F=await G.sessions.findExisting(Q.templateId,Q.externalUserId);if(F){if(!F.created_agent_id)await G.sessions.update(F.id,{created_agent_id:K});let N=b80();return{sessionId:F.id,url:`${N}/connect/${F.id}`,expiresAt:F.expires_at,agentId:F.created_agent_id??K,created:H}}let V=Q.expiresInSeconds??fb6,q=new Date(Date.now()+V*1000).toISOString(),B=await G.sessions.create({template_id:Q.templateId,organization_id:J.organization.id,external_user_id:Q.externalUserId,redirect_url:W.redirect_url,expires_at:q,created_agent_id:K}),D=b80();return{sessionId:B.id,url:`${D}/connect/${B.id}`,expiresAt:B.expires_at,agentId:K,created:H}}}});var hJ1;var xJ1=u(()=>{D7();x5();hJ1={name:"USER_SANDBOX_LIST_SESSIONS",description:"List connect sessions for monitoring and management",inputSchema:NJ1,outputSchema:OJ1,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=dY(),W;if(Q.templateId){let Z=await G.templates.findById(Q.templateId);if(!Z)throw Error(`Template not found: ${Q.templateId}`);if(Z.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");W=await G.sessions.listByTemplate(Q.templateId)}else W=await G.sessions.listByOrganization(J.organization.id);return{sessions:W}}}});var xb6="user_sandbox_external_user_id",gb6="user_sandbox_id",gJ1;var uJ1=u(()=>{D7();gJ1={name:"USER_SANDBOX_LIST_USER_AGENTS",description:"List all agents (Virtual MCPs) created for an external user. Use this to find agents created via user sandbox for a specific user in your platform.",inputSchema:LJ1,outputSchema:wJ1,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");return await J.access.check(),{agents:(await J.storage.connections.list(J.organization.id)).filter((Z)=>{if(Z.connection_type!=="VIRTUAL")return!1;let $=Z.metadata;if(!$)return!1;return $[xb6]===Q.externalUserId}).map((Z)=>{let $=Z.metadata;return{id:Z.id,title:Z.title,external_user_id:Q.externalUserId,template_id:$[gb6]??null,created_at:Z.created_at}})}}}});var ub6="user_sandbox_external_user_id",mJ1;var lJ1=u(()=>{D7();x5();mJ1={name:"USER_SANDBOX_CLEAR_USER_SESSION",description:"Clear all session data for an external user, revoking all access they've granted. This deletes their agents (Virtual MCPs), child connections, OAuth tokens, and sessions. Use this when a user wants to disconnect all their integrations.",inputSchema:MJ1,outputSchema:PJ1,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=J.db,W=dY(),$=(await G.selectFrom("connections").select(["id","metadata"]).where("organization_id","=",J.organization.id).where("connection_type","=","VIRTUAL").execute()).filter((F)=>{if(!F.metadata)return!1;try{return JSON.parse(F.metadata)[ub6]===Q.externalUserId}catch{return!1}}).map((F)=>F.id),K=0;if($.length>0){let V=(await G.selectFrom("connection_aggregations").select("child_connection_id").where("parent_connection_id","in",$).execute()).map((q)=>q.child_connection_id);if(await G.deleteFrom("connection_aggregations").where("parent_connection_id","in",$).execute(),V.length>0)await G.deleteFrom("downstream_tokens").where("connectionId","in",V).execute(),await G.deleteFrom("connections").where("id","in",V).execute(),K=V.length;await G.deleteFrom("connections").where("id","in",$).execute(),await G.deleteFrom("user_sandbox_agents").where("external_user_id","=",Q.externalUserId).execute()}let H=await W.sessions.deleteByExternalUserId(J.organization.id,Q.externalUserId);return{success:!0,deletedAgents:$.length,deletedConnections:K,deletedSessions:H}}}});var dJ1;var pJ1=u(()=>{AJ1();jJ1();IJ1();SJ1();vJ1();fJ1();xJ1();uJ1();lJ1();x5();dJ1=[TJ1,EJ1,CJ1,RJ1,kJ1,bJ1,hJ1,gJ1,mJ1]});function mb6(X){let Y=Date.now().toString(36),Q=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`${X}_${Y}${Q}`}async function u80(X,Y,Q,J){let G={success:!1,agentId:X.created_agent_id,connectionIds:[],redirectUrl:null,eventEmitted:!1,webhookCalled:!1};try{let W=J.db,Z=new Date().toISOString(),$=X.created_agent_id;if(!$)throw Error("Session has no agent - this should not happen");let K=[],H=[];for(let[q,B]of Object.entries(X.app_statuses))if(B.configured&&B.connection_id){K.push(B.connection_id);let D=Y.required_apps.find((N)=>N.app_name===q);H.push({appName:q,connectionId:B.connection_id,selectedTools:D?.selected_tools??null,selectedResources:D?.selected_resources??null,selectedPrompts:D?.selected_prompts??null})}if(G.connectionIds=K,await W.deleteFrom("connection_aggregations").where("parent_connection_id","=",$).execute(),H.length>0)await W.insertInto("connection_aggregations").values(H.map((q)=>({id:mb6("agg"),parent_connection_id:$,child_connection_id:q.connectionId,selected_tools:q.selectedTools?JSON.stringify(q.selectedTools):null,selected_resources:q.selectedResources?JSON.stringify(q.selectedResources):null,selected_prompts:q.selectedPrompts?JSON.stringify(q.selectedPrompts):null,created_at:Z}))).execute();await Q.sessions.update(X.id,{status:"completed"});let F={type:Y.event_type,data:{externalUserId:X.external_user_id,agentId:$,templateId:Y.id,sessionId:X.id,connections:K.map((q)=>{let B=Object.entries(X.app_statuses).find(([D,N])=>N.connection_id===q)?.[0];return{id:q,appName:B??"unknown"}})}};if(J.eventBus)try{await J.eventBus.publish(J.organizationId,"user-sandbox",F),G.eventEmitted=!0}catch(q){console.error("[UserSandbox] Failed to emit completion event:",q)}if(Y.webhook_url)try{let q=await fetch(Y.webhook_url,{method:"POST",headers:{"Content-Type":"application/json","X-User-Sandbox-Event":Y.event_type},body:JSON.stringify(F.data)});if(!q.ok)console.error("[UserSandbox] Webhook returned error:",q.status);else G.webhookCalled=!0}catch(q){console.error("[UserSandbox] Failed to call webhook:",q)}let V=X.redirect_url??Y.redirect_url;if(V){let q=new URL(V);q.searchParams.set("sessionId",X.id),q.searchParams.set("externalUserId",X.external_user_id),q.searchParams.set("agentId",$),G.redirectUrl=q.toString()}return G.success=!0,G}catch(W){throw console.error("[UserSandbox] Completion failed:",W),W}}var cJ1=()=>{};function lb6(){let X=Date.now().toString(36),Y=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`conn_${X}${Y}`}async function db6(X,Y,Q,J,G,W,Z){let $=lb6(),K=new Date().toISOString();if(!Z.title)throw Error(`App "${Z.app_name}" is missing required field: title`);if(!Z.connection_type)throw Error(`App "${Z.app_name}" is missing required field: connection_type`);if(!Z.connection_url&&Z.connection_type!=="STDIO")throw Error(`App "${Z.app_name}" is missing required field: connection_url`);let H={id:$,organization_id:Y,created_by:Q,title:Z.title,description:Z.description??null,icon:Z.icon??null,app_name:Z.app_name,app_id:null,connection_type:Z.connection_type,connection_url:Z.connection_url??"",connection_token:null,connection_headers:Z.connection_headers?JSON.stringify(Z.connection_headers):null,oauth_config:Z.oauth_config?JSON.stringify(Z.oauth_config):null,configuration_state:null,configuration_scopes:null,metadata:JSON.stringify(h80(J,G,W)),tools:null,bindings:null,status:"active",created_at:K,updated_at:K};return await X.insertInto("connections").values(H).execute(),$}function yP(X,Y){if(Y instanceof rW){let Q={SESSION_NOT_FOUND:404,SESSION_EXPIRED:410,SESSION_COMPLETED:409,ACCESS_DENIED:403,CONNECTION_ACCESS_DENIED:403};return X.json({error:Y.message,code:Y.code},Q[Y.code]??400)}return console.error("[UserSandbox] Connect API error:",Y),X.json({error:Y instanceof Error?Y.message:"Internal error"},500)}function m80(X,Y){let Q=Y.db,J=new kP(Q),G=new vP(Q),W={templates:J,sessions:G};X.get("/api/user-sandbox/sessions/:sessionId",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await MF($,W,{allowCompleted:!0}),H=await J.findById(K.template_id);if(!H)return Z.json({error:"Template not found"},404);return Z.json({session:{id:K.id,status:K.status,external_user_id:K.external_user_id,expires_at:K.expires_at,redirect_url:K.redirect_url,created_agent_id:K.created_agent_id},template:{id:H.id,title:H.title,description:H.description,icon:H.icon},apps:H.required_apps.map((F)=>({app_name:F.app_name,title:F.title,description:F.description,icon:F.icon,connection_type:F.connection_type,requires_oauth:!!F.oauth_config,selected_tools:F.selected_tools,selected_resources:F.selected_resources,selected_prompts:F.selected_prompts,status:K.app_statuses[F.app_name]??{configured:!1,connection_id:null,error:null}}))})}catch($){return yP(Z,$)}}),X.post("/api/user-sandbox/sessions/:sessionId/provision",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await Z.req.json();if(!K.app_name)return Z.json({error:"app_name is required"},400);let H=await MF($,W),F=await J.findById(H.template_id);if(!F)return Z.json({error:"Template not found"},404);let V=F.required_apps.find((N)=>N.app_name===K.app_name);if(!V)return Z.json({error:`App "${K.app_name}" is not required by this template`},400);let q=H.app_statuses[K.app_name];if(q?.connection_id)return Z.json({success:!0,connection_id:q.connection_id,already_provisioned:!0,requires_oauth:!!V.oauth_config});if(!F.created_by)return Z.json({error:"Template is missing created_by - cannot create connections"},500);let B=await db6(Q,H.organization_id,F.created_by,$,H.external_user_id,H.template_id,V),D={...H.app_statuses,[K.app_name]:{configured:!1,connection_id:B,error:null}};return await G.update($,{status:"in_progress",app_statuses:D}),Z.json({success:!0,connection_id:B,already_provisioned:!1,requires_oauth:!!V.oauth_config})}catch($){return yP(Z,$)}}),X.post("/api/user-sandbox/sessions/:sessionId/configure",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await Z.req.json();if(!K.app_name)return Z.json({error:"app_name is required"},400);let H=await MF($,W),F=await J.findById(H.template_id);if(!F)return Z.json({error:"Template not found"},404);if(!F.required_apps.find((L)=>L.app_name===K.app_name))return Z.json({error:`App "${K.app_name}" is not required by this template`},400);let q=H.app_statuses[K.app_name],D={configured:!0,connection_id:K.connection_id??q?.connection_id??null,error:null},N={...H.app_statuses,[K.app_name]:D};return await G.update($,{status:"in_progress",app_statuses:N}),Z.json({success:!0,app_name:K.app_name,status:D})}catch($){return yP(Z,$)}}),X.post("/api/user-sandbox/sessions/:sessionId/oauth-token",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await Z.req.json();if(!K.connection_id)return Z.json({error:"connection_id is required"},400);if(!K.access_token)return Z.json({error:"access_token is required"},400);let H=await MF($,W);if(!Object.values(H.app_statuses).some((C)=>C.connection_id===K.connection_id))return Z.json({error:"Connection does not belong to this session"},403);let V=K.expires_in?new Date(Date.now()+K.expires_in*1000):null,q=new Date().toISOString(),B=await Y.vault.encrypt(K.access_token),D=K.refresh_token?await Y.vault.encrypt(K.refresh_token):null,N=K.client_secret?await Y.vault.encrypt(K.client_secret):null,L=Q,w=await L.selectFrom("downstream_tokens").select(["id"]).where("connectionId","=",K.connection_id).executeTakeFirst();if(w)await L.updateTable("downstream_tokens").set({accessToken:B,refreshToken:D,scope:K.scope??null,expiresAt:V?.toISOString()??null,clientId:K.client_id??null,clientSecret:N,tokenEndpoint:K.token_endpoint??null,updatedAt:q}).where("id","=",w.id).execute();else{let C=`dtok_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`;await L.insertInto("downstream_tokens").values({id:C,connectionId:K.connection_id,accessToken:B,refreshToken:D,scope:K.scope??null,expiresAt:V?.toISOString()??null,clientId:K.client_id??null,clientSecret:N,tokenEndpoint:K.token_endpoint??null,createdAt:q,updatedAt:q}).execute()}return Z.json({success:!0,expiresAt:V})}catch($){return yP(Z,$)}}),X.post("/api/user-sandbox/sessions/:sessionId/complete",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await MF($,W),H=await J.findById(K.template_id);if(!H)return Z.json({error:"Template not found"},404);if(H.required_apps.filter((q)=>{return K.app_statuses[q.app_name]?.configured}).length===0)return Z.json({error:"At least one app must be configured"},400);let V=await u80(K,H,W,{organizationId:K.organization_id,db:Q});return Z.json({success:V.success,completed:!0,agentId:V.agentId,redirectUrl:V.redirectUrl,eventEmitted:V.eventEmitted,webhookCalled:V.webhookCalled})}catch($){return yP(Z,$)}})}var nJ1=u(()=>{v80();_80();g80();cJ1()});var iJ1=u(()=>{nJ1()});var aJ1;var rJ1=u(()=>{ZJ1();KJ1();pJ1();iJ1();aJ1={id:Lb,description:QJ1,tools:dJ1,publicRoutes:(X,Y)=>{m80(X,Y)},migrations:WJ1,createStorage:(X)=>{let Y=$J1(X);return _P(Y),Y}}});var Pb;var oJ1=u(()=>{rJ1();Pb=[aJ1]});function pb6(X,Y){return sJ1.set(Y.name,X),{...Y,handler:async(Q,J)=>{let G=J.organization;if(!G)throw Error(`Organization context required for plugin tool "${Y.name}"`);if(!(await J.storage.organizationSettings.get(G.id))?.enabled_plugins?.includes(X))throw Error(`Plugin "${X}" is not enabled for this organization. Enable it in Settings > Plugins.`);return Y.handler(Q,J)},execute:async(Q,J)=>{let G=J.organization;if(!G)throw Error(`Organization context required for plugin tool "${Y.name}"`);if(!(await J.storage.organizationSettings.get(G.id))?.enabled_plugins?.includes(X))throw Error(`Plugin "${X}" is not enabled for this organization. Enable it in Settings > Plugins.`);return Y.execute(Q,J)}}}function tJ1(X,Y){return X.filter((Q)=>{let J=sJ1.get(Q.name);if(!J)return!0;return Y?.includes(J)??!1})}function eJ1(){let X=[];for(let Y of Pb){if(!Y.tools)continue;for(let Q of Y.tools){let J={name:Q.name,description:Q.description??"",inputSchema:Q.inputSchema,outputSchema:Q.outputSchema,handler:Q.handler,execute:Q.handler},G=pb6(Y.id,J);X.push(G)}}return X}function X51(X,Y){for(let Q of Pb){if(Q.routes){let J=new X.constructor;Q.routes(J,Y),X.route(`/api/plugins/${Q.id}`,J)}if(Q.publicRoutes)Q.publicRoutes(X,Y)}}function Y51(X,Y){let Q={db:X,vault:{encrypt:(J)=>Y.encrypt(J),decrypt:(J)=>Y.decrypt(J)}};for(let J of Pb)if(J.createStorage){let G=J.createStorage(Q);cb6.set(J.id,G)}}var sJ1,cb6;var l80=u(()=>{oJ1();sJ1=new Map;cb6=new Map});function t0(X){return{...X,execute:async(Y,Q)=>{let J=Date.now();return await Q.timings.measure(`tool.${X.name}`,async()=>Q.tracer.startActiveSpan(`tool.${X.name}`,{attributes:{"tool.name":X.name,"organization.id":Q.organization?.id??"system","user.id":Q.auth.user?.id??Q.auth.apiKey?.userId??"anonymous"}},async(G)=>{try{Q.toolName=X.name,Q.access.setToolName?.(X.name);let W=await X.handler(Y,Q),Z=Date.now()-J;return Q.meter.createHistogram("tool.execution.duration",{description:"Duration of tool executions in milliseconds",unit:"ms"}).record(Z,{"tool.name":X.name,"organization.id":Q.organization?.id??"system",status:"success"}),Q.meter.createCounter("tool.execution.count",{description:"Number of tool executions"}).add(1,{"tool.name":X.name,status:"success"}),G.setStatus({code:d80.SpanStatusCode.OK}),W}catch(W){throw Q.meter.createCounter("tool.execution.errors",{description:"Number of tool execution errors"}).add(1,{"tool.name":X.name,"error.type":W.constructor.name}),G.setStatus({code:d80.SpanStatusCode.ERROR,message:W.message}),G.recordException(W),W}finally{G.end()}}))}}}var d80;var Z6=u(()=>{d80=E6(K1(),1)});function _1(X){if(!X.organization)throw Error("This operation requires organization scope");return X.organization}function f8(X){return X.auth.user?.id??X.auth.apiKey?.userId}function nb6(X){return!!(X.auth.user||X.auth.apiKey)}function U1(X){if(!nb6(X))throw Error("Authentication required")}var Tb,Q51,J51,G51,W51,Z51,$51,K51,H51,F51;var Gz=u(()=>{c0();Tb=U.record(U.string(),U.array(U.string())),Q51=U.object({id:U.string().describe("Unique identifier for the API key"),name:U.string().describe("Human-readable name for the API key"),userId:U.string().describe("ID of the user who owns this API key"),permissions:Tb.describe('Permissions granted to this API key. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Example: { "self": ["API_KEY_CREATE"], "conn_abc123": ["SEND_MESSAGE"] }'),expiresAt:U.string().datetime().nullable().optional().describe("Expiration date of the API key (ISO 8601)"),createdAt:U.string().datetime().describe("When the API key was created (ISO 8601)")}),J51=U.object({name:U.string().min(1).max(64).describe("Human-readable name for the API key"),permissions:Tb.optional().describe('Permissions to grant. Format: { resource: [actions] }. Resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Actions are tool names (e.g., ["API_KEY_CREATE"]) or ["*"] for all. Example: { "self": ["API_KEY_CREATE", "COLLECTION_CONNECTIONS_LIST"] }. Defaults to read-only permissions.'),expiresIn:U.number().positive().optional().describe("Expiration time in seconds. If not provided, key never expires."),metadata:U.record(U.string(),U.unknown()).optional().describe("Additional metadata to store with the API key")}),G51=U.object({id:U.string().describe("Unique identifier for the API key"),name:U.string().describe("Human-readable name for the API key"),key:U.string().describe("The actual API key value. STORE THIS SECURELY - it will not be shown again!"),permissions:Tb.describe('Permissions granted to this API key. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools'),expiresAt:U.string().datetime().nullable().optional().describe("Expiration date of the API key (ISO 8601)"),createdAt:U.string().datetime().describe("When the API key was created (ISO 8601)")}),W51=U.object({}),Z51=U.object({items:U.array(Q51).describe("List of API keys (without key values)")}),$51=U.object({keyId:U.string().describe("ID of the API key to update"),name:U.string().min(1).max(64).optional().describe("New name for the API key"),permissions:Tb.optional().describe('New permissions. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Actions are tool names or "*" for all. Example: { "self": ["API_KEY_CREATE"] }. Replaces existing permissions.'),metadata:U.record(U.string(),U.unknown()).optional().describe("New metadata. Replaces existing metadata.")}),K51=U.object({item:Q51.describe("The updated API key (without key value)")}),H51=U.object({keyId:U.string().describe("ID of the API key to delete")}),F51=U.object({success:U.boolean().describe("Whether the deletion was successful"),keyId:U.string().describe("ID of the deleted API key")})});var p80;var V51=u(()=>{Z6();Gz();p80=t0({name:"API_KEY_CREATE",description:"Create a new API key with specified permissions. The key value is only returned once - store it securely!",inputSchema:J51,outputSchema:G51,handler:async(X,Y)=>{U1(Y),await Y.access.check();let Q=await Y.boundAuth.apiKey.create({name:X.name,permissions:X.permissions,expiresIn:X.expiresIn,metadata:{...X.metadata,organization:Y.organization}}),J=Q.expiresAt?Q.expiresAt instanceof Date?Q.expiresAt.toISOString():Q.expiresAt:null,G=Q.createdAt instanceof Date?Q.createdAt.toISOString():Q.createdAt;return{id:Q.id,name:Q.name??X.name,key:Q.key,permissions:Q.permissions??{},expiresAt:J,createdAt:G}}})});var c80;var q51=u(()=>{Z6();Gz();c80=t0({name:"API_KEY_DELETE",description:"Delete an API key. This instantly revokes the key - it can no longer be used for authentication.",inputSchema:H51,outputSchema:F51,handler:async(X,Y)=>{if(U1(Y),await Y.access.check(),!f8(Y))throw Error("User ID required to delete API key");let G=(await Y.boundAuth.apiKey.list())?.find((K)=>K.id===X.keyId);if(!G)throw Error("API key not found");let Z=G.metadata?.organization?.id,$=Y.organization?.id;if(Z!==$)throw Error("Cannot delete API key from another organization");return await Y.boundAuth.apiKey.delete(X.keyId),{success:!0,keyId:X.keyId}}})});var n80;var U51=u(()=>{Z6();Gz();n80=t0({name:"API_KEY_LIST",description:"List all API keys for the current user in the current organization. Returns metadata only - key values are never shown after creation.",inputSchema:W51,outputSchema:Z51,handler:async(X,Y)=>{U1(Y),await Y.access.check();let Q=await Y.boundAuth.apiKey.list(),J=Y.organization?.id;return{items:(Q??[]).filter((W)=>{return W.metadata?.organization?.id===J}).map((W)=>({id:W.id,name:W.name??"Unnamed Key",userId:W.userId,permissions:W.permissions??{},expiresAt:W.expiresAt?W.expiresAt instanceof Date?W.expiresAt.toISOString():W.expiresAt:null,createdAt:W.createdAt instanceof Date?W.createdAt.toISOString():W.createdAt}))}}})});var i80;var B51=u(()=>{Z6();Gz();i80=t0({name:"API_KEY_UPDATE",description:"Update an existing API key's name, permissions, or metadata. Note: Key value cannot be changed or retrieved.",inputSchema:$51,outputSchema:K51,handler:async(X,Y)=>{if(U1(Y),await Y.access.check(),!f8(Y))throw Error("User ID required to update API key");let G=(await Y.boundAuth.apiKey.list())?.find((H)=>H.id===X.keyId);if(!G)throw Error(`API key not found: ${X.keyId}`);let Z=G.metadata?.organization?.id,$=Y.organization?.id;if(Z!==$)throw Error("Cannot update API key from another organization");let K=await Y.boundAuth.apiKey.update({keyId:X.keyId,name:X.name,permissions:X.permissions,metadata:{...X.metadata,organization:Y.organization}});if(!K)throw Error(`Failed to update API key: ${X.keyId}`);return{item:{id:K.id,name:K.name??X.name??"Unnamed Key",userId:K.userId,permissions:K.permissions??{},expiresAt:K.expiresAt?K.expiresAt instanceof Date?K.expiresAt.toISOString():K.expiresAt:null,createdAt:K.createdAt instanceof Date?K.createdAt.toISOString():K.createdAt}}}})});var z51=u(()=>{V51();q51();U51();B51();Gz()});var D51,N51,O51,L51,w51,M51;var bP=u(()=>{c0();D51=U.object({query:U.string().describe("Natural language search query (e.g., 'send email', 'create order')"),limit:U.number().default(10).describe("Maximum results to return (default: 10)")}),N51=U.object({query:U.string(),results:U.array(U.object({name:U.string(),description:U.string().optional(),connection:U.string()})),totalAvailable:U.number()}),O51=U.object({tools:U.array(U.string()).min(1).describe("Array of tool names to get detailed schemas for")}),L51=U.object({tools:U.array(U.object({name:U.string(),description:U.string().optional(),connection:U.string(),inputSchema:U.unknown(),outputSchema:U.unknown().optional()})),notFound:U.array(U.string())}),w51=U.object({code:U.string().min(1).describe("JavaScript code to execute. It runs as an async function body; you can use top-level `return` and `await`."),timeoutMs:U.number().default(3000).describe("Max execution time in milliseconds (default: 3000).")}),M51=U.object({returnValue:U.unknown().optional(),error:U.string().optional(),consoleLogs:U.array(U.object({type:U.enum(["log","warn","error"]),content:U.string()}))})});class Wz{proxies=new Map;constructor(){}static async create(X,Y){let Q=new Wz,J=await Promise.allSettled(X.map(async({connection:G,selectedTools:W,selectedResources:Z,selectedPrompts:$})=>{try{let K=await Y.createMCPProxy(G);return{connection:G,proxy:K,selectedTools:W,selectedResources:Z,selectedPrompts:$}}catch(K){return console.error(`[aggregator] Failed to create proxy for connection ${G.id}:`,K),null}}));for(let G of J)if(G.status==="fulfilled"&&G.value)Q.proxies.set(G.value.connection.id,G.value);return Q}get(X){return this.proxies.get(X)}entries(){return this.proxies.entries()}forEach(X){this.proxies.forEach((Y,Q)=>X(Y,Q))}async mapAsync(X){let Y=[];for(let[Q,J]of this.proxies.entries())Y.push(X(J,Q));return await Promise.all(Y)}async mapSettled(X){return Promise.allSettled(Array.from(this.proxies.entries()).map(([Y,Q])=>X(Q,Y)))}get size(){return this.proxies.size}}function P51(X){let Y=[],Q=[],J=(K)=>{let H=X.newFunction(K,(...F)=>{try{let V=F.map((q)=>X.dump(q));Y.push({type:K??"log",content:V.map(String).join(" ")})}finally{F.forEach((V)=>V.dispose())}return X.undefined});return Q.push(H),H},G=X.newObject();Q.push(G);let W=J("log"),Z=J("warn"),$=J("error");return X.setProp(G,"log",W),X.setProp(G,"warn",Z),X.setProp(G,"error",$),X.setProp(X.global,"console",G),{logs:Y,[Symbol.dispose](){Q.forEach((K)=>K.dispose())}}}var PF,a80,Ab,TF,fP;var Eb=u(()=>{PF={JS_EVAL_TYPE_GLOBAL:0,JS_EVAL_TYPE_MODULE:1,JS_EVAL_TYPE_DIRECT:2,JS_EVAL_TYPE_INDIRECT:3,JS_EVAL_TYPE_MASK:3,JS_EVAL_FLAG_STRICT:8,JS_EVAL_FLAG_STRIP:16,JS_EVAL_FLAG_COMPILE_ONLY:32,JS_EVAL_FLAG_BACKTRACE_BARRIER:64},a80={BaseObjects:1,Date:2,Eval:4,StringNormalize:8,RegExp:16,RegExpCompiler:32,JSON:64,Proxy:128,MapSet:256,TypedArrays:512,Promise:1024,BigInt:2048,BigFloat:4096,BigDecimal:8192,OperatorOverloading:16384,BignumExt:32768},Ab={Pending:0,Fulfilled:1,Rejected:2},TF={JS_GPN_STRING_MASK:1,JS_GPN_SYMBOL_MASK:2,JS_GPN_PRIVATE_MASK:4,JS_GPN_ENUM_ONLY:16,JS_GPN_SET_ENUM:32,QTS_GPN_NUMBER_MASK:64,QTS_STANDARD_COMPLIANT_NUMBER:128},fP={IsStrictlyEqual:0,IsSameValue:1,IsSameValueZero:2}});function Zz(...X){XX0&&console.log("quickjs-emscripten:",...X)}function*b51(X){return yield X}function ob6(X){return b51(QX0(X))}function T51(X,Y){return(...Q)=>{let J=Y.call(X,YX0,...Q);return QX0(J)}}function sb6(X,Y){let Q=Y.call(X,YX0);return QX0(Q)}function QX0(X){function Y(Q){return Q.done?Q.value:Q.value instanceof Promise?Q.value.then((J)=>Y(X.next(J)),(J)=>Y(X.throw(J))):Y(X.next(Q.value))}return Y(X.next())}function r80(X,Y){let Q;try{X.dispose()}catch(J){Q=J}if(Y&&Q)throw Object.assign(Y,{message:`${Y.message}
260
+ `,X.enqueue(Y.encode(G)),!0}catch{return!1}}handleUnsupportedRequest(){return new Response(JSON.stringify({jsonrpc:"2.0",error:{code:-32000,message:"Method not allowed."},id:null}),{status:405,headers:{Allow:"GET, POST, DELETE","Content-Type":"application/json"}})}async handlePostRequest(X,Y){try{let Q=X.headers.get("accept");if(!Q?.includes("application/json")||!Q.includes("text/event-stream"))return this.createJsonErrorResponse(406,-32000,"Not Acceptable: Client must accept both application/json and text/event-stream");let J=X.headers.get("content-type");if(!J||!J.includes("application/json"))return this.createJsonErrorResponse(415,-32000,"Unsupported Media Type: Content-Type must be application/json");let G={headers:Object.fromEntries(X.headers.entries())},W;if(Y?.parsedBody!==void 0)W=Y.parsedBody;else try{W=await X.json()}catch{return this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON")}let Z;try{if(Array.isArray(W))Z=W.map((L)=>TQ.parse(L));else Z=[TQ.parse(W)]}catch{return this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON-RPC message")}let $=Z.some(Oa);if($){if(this._initialized&&this.sessionId!==void 0)return this.createJsonErrorResponse(400,-32600,"Invalid Request: Server already initialized");if(Z.length>1)return this.createJsonErrorResponse(400,-32600,"Invalid Request: Only one initialization request is allowed");if(this.sessionId=this.sessionIdGenerator?.(),this._initialized=!0,this.sessionId&&this._onsessioninitialized)await Promise.resolve(this._onsessioninitialized(this.sessionId))}if(!$){let L=this.validateSession(X);if(L)return L;let w=this.validateProtocolVersion(X);if(w)return w}if(!Z.some(AG)){for(let L of Z)this.onmessage?.(L,{authInfo:Y?.authInfo,requestInfo:G});return new Response(null,{status:202})}let H=crypto.randomUUID(),F=Z.find((L)=>Oa(L)),V=F?F.params.protocolVersion:X.headers.get("mcp-protocol-version")??_h0;if(this._enableJsonResponse)return new Promise((L)=>{this._streamMapping.set(H,{resolveJson:L,cleanup:()=>{this._streamMapping.delete(H)}});for(let w of Z)if(AG(w))this._requestToStreamMapping.set(w.id,H);for(let w of Z)this.onmessage?.(w,{authInfo:Y?.authInfo,requestInfo:G})});let q=new TextEncoder,B,D=new ReadableStream({start:(L)=>{B=L},cancel:()=>{this._streamMapping.delete(H)}}),N={"Content-Type":"text/event-stream","Cache-Control":"no-cache",Connection:"keep-alive"};if(this.sessionId!==void 0)N["mcp-session-id"]=this.sessionId;for(let L of Z)if(AG(L))this._streamMapping.set(H,{controller:B,encoder:q,cleanup:()=>{this._streamMapping.delete(H);try{B.close()}catch{}}}),this._requestToStreamMapping.set(L.id,H);await this.writePrimingEvent(B,q,H,V);for(let L of Z){let w,C;if(AG(L)&&this._eventStore&&V>="2025-11-25")w=()=>{this.closeSSEStream(L.id)},C=()=>{this.closeStandaloneSSEStream()};this.onmessage?.(L,{authInfo:Y?.authInfo,requestInfo:G,closeSSEStream:w,closeStandaloneSSEStream:C})}return new Response(D,{status:200,headers:N})}catch(Q){return this.onerror?.(Q),this.createJsonErrorResponse(400,-32700,"Parse error",{data:String(Q)})}}async handleDeleteRequest(X){let Y=this.validateSession(X);if(Y)return Y;let Q=this.validateProtocolVersion(X);if(Q)return Q;return await Promise.resolve(this._onsessionclosed?.(this.sessionId)),await this.close(),new Response(null,{status:200})}validateSession(X){if(this.sessionIdGenerator===void 0)return;if(!this._initialized)return this.createJsonErrorResponse(400,-32000,"Bad Request: Server not initialized");let Y=X.headers.get("mcp-session-id");if(!Y)return this.createJsonErrorResponse(400,-32000,"Bad Request: Mcp-Session-Id header is required");if(Y!==this.sessionId)return this.createJsonErrorResponse(404,-32001,"Session not found");return}validateProtocolVersion(X){let Y=X.headers.get("mcp-protocol-version");if(Y!==null&&!sH.includes(Y))return this.createJsonErrorResponse(400,-32000,`Bad Request: Unsupported protocol version: ${Y} (supported versions: ${sH.join(", ")})`);return}async close(){this._streamMapping.forEach(({cleanup:X})=>{X()}),this._streamMapping.clear(),this._requestResponseMap.clear(),this.onclose?.()}closeSSEStream(X){let Y=this._requestToStreamMapping.get(X);if(!Y)return;let Q=this._streamMapping.get(Y);if(Q)Q.cleanup()}closeStandaloneSSEStream(){let X=this._streamMapping.get(this._standaloneSseStreamId);if(X)X.cleanup()}async send(X,Y){let Q=Y?.relatedRequestId;if(U5(X)||xq(X))Q=X.id;if(Q===void 0){if(U5(X)||xq(X))throw Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");let W;if(this._eventStore)W=await this._eventStore.storeEvent(this._standaloneSseStreamId,X);let Z=this._streamMapping.get(this._standaloneSseStreamId);if(Z===void 0)return;if(Z.controller&&Z.encoder)this.writeSSEEvent(Z.controller,Z.encoder,X,W);return}let J=this._requestToStreamMapping.get(Q);if(!J)throw Error(`No connection established for request ID: ${String(Q)}`);let G=this._streamMapping.get(J);if(!this._enableJsonResponse&&G?.controller&&G?.encoder){let W;if(this._eventStore)W=await this._eventStore.storeEvent(J,X);this.writeSSEEvent(G.controller,G.encoder,X,W)}if(U5(X)||xq(X)){this._requestResponseMap.set(Q,X);let W=Array.from(this._requestToStreamMapping.entries()).filter(([$,K])=>K===J).map(([$])=>$);if(W.every(($)=>this._requestResponseMap.has($))){if(!G)throw Error(`No connection established for request ID: ${String(Q)}`);if(this._enableJsonResponse&&G.resolveJson){let $={"Content-Type":"application/json"};if(this.sessionId!==void 0)$["mcp-session-id"]=this.sessionId;let K=W.map((H)=>this._requestResponseMap.get(H));if(K.length===1)G.resolveJson(new Response(JSON.stringify(K[0]),{status:200,headers:$}));else G.resolveJson(new Response(JSON.stringify(K),{status:200,headers:$}))}else G.cleanup();for(let $ of W)this._requestResponseMap.delete($),this._requestToStreamMapping.delete($)}}}}var Ob=u(()=>{qX()});var RP=(...X)=>{return function(Q,J){let G=(W)=>{let Z=X[W];if(!Z)return J();return Z(Q,()=>G(W+1))};return G(0)}};class eQ1{config;tools=[];callToolMiddlewares=[];jsonSchemaCache=new Map;constructor(X){this.config={...X,capabilities:X.capabilities??{tools:{}}}}getCachedJsonSchema(X){let Y=this.jsonSchemaCache.get(X);if(!Y)Y=U.toJSONSchema(X),this.jsonSchemaCache.set(X,Y);return Y}withTool(X){return this.tools.push(X),this}withTools(X){return this.tools.push(...X),this}callToolMiddleware(...X){return this.callToolMiddlewares.push(...X),this}build(){let X=this.callToolMiddlewares.length>0?RP(...this.callToolMiddlewares):null,Y=()=>{let Q=new LF({name:this.config.name,version:this.config.version},{capabilities:this.config.capabilities});for(let J of this.tools){let G=async(K)=>{try{let H=await J.handler(K);return{content:[{type:"text",text:JSON.stringify(H)}],structuredContent:H}}catch(H){return{content:[{type:"text",text:`Error: ${H.message}`}],isError:!0}}},W=X?async(K)=>{let H={method:"tools/call",params:{name:J.name,arguments:K}};return await X(H,()=>G(K))}:G,Z="shape"in J.inputSchema?J.inputSchema.shape:U.object({}).shape,$=J.outputSchema&&"shape"in J.outputSchema?J.outputSchema.shape:U.object({}).shape;Q.registerTool(J.name,{annotations:J.annotations,description:J.description??"",inputSchema:Z,outputSchema:$},W)}return Q};return{callStreamableTool:async(Q,J)=>{let G=this.tools.find((Z)=>Z.name===Q);if(!G)throw Error(`Tool ${Q} not found`);let W=await G.handler(J);if(!(W instanceof Response))throw Error(`Tool ${Q} returned a non-response`);return W},client:{listTools:async()=>{return{tools:this.tools.map((Q)=>({name:Q.name,description:Q.description??"",inputSchema:this.getCachedJsonSchema(Q.inputSchema),outputSchema:Q.outputSchema?this.getCachedJsonSchema(Q.outputSchema):void 0}))}},callTool:async(Q)=>{let J=this.tools.find((G)=>G.name===Q.name);if(!J)return{content:[{type:"text",text:"Tool not found"}]};try{let G=await J?.handler(Q.arguments??{});return{content:[{type:"text",text:JSON.stringify(G)}],structuredContent:G}}catch(G){return{content:[{type:"text",text:`Error: ${G.message}`}]}}}},fetch:async(Q)=>{let J=new wF({enableJsonResponse:Q.headers.get("Accept")?.includes("application/json")??!1});await Y().connect(J);try{return await J.handleRequest(Q)}finally{try{await J.close?.()}catch{}}}}}}function XJ1(X){return new eQ1(X)}var YJ1=u(()=>{Nb();Ob();c0()});var Lb="user-sandbox",QJ1="Create embeddable integration flows for platform end-users";import{sql as SP}from"kysely";var JJ1;var GJ1=u(()=>{JJ1={name:"001-user-sandbox",async up(X){await X.schema.createTable("user_sandbox").addColumn("id","text",(Y)=>Y.primaryKey()).addColumn("organization_id","text",(Y)=>Y.notNull().references("organization.id").onDelete("cascade")).addColumn("title","text",(Y)=>Y.notNull()).addColumn("description","text").addColumn("icon","text").addColumn("required_apps","text",(Y)=>Y.notNull()).addColumn("redirect_url","text").addColumn("webhook_url","text").addColumn("event_type","text",(Y)=>Y.notNull().defaultTo("integration.completed")).addColumn("agent_title_template","text",(Y)=>Y.notNull().defaultTo("Agent for {{externalUserId}}")).addColumn("agent_instructions","text").addColumn("tool_selection_mode","text",(Y)=>Y.notNull().defaultTo("inclusion")).addColumn("status","text",(Y)=>Y.notNull().defaultTo("active")).addColumn("created_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).addColumn("updated_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).addColumn("created_by","text",(Y)=>Y.references("user.id").onDelete("set null")).execute(),await X.schema.createIndex("idx_user_sandbox_org").on("user_sandbox").column("organization_id").execute(),await X.schema.createTable("user_sandbox_sessions").addColumn("id","text",(Y)=>Y.primaryKey()).addColumn("template_id","text",(Y)=>Y.notNull().references("user_sandbox.id").onDelete("cascade")).addColumn("organization_id","text",(Y)=>Y.notNull().references("organization.id").onDelete("cascade")).addColumn("external_user_id","text",(Y)=>Y.notNull()).addColumn("status","text",(Y)=>Y.notNull().defaultTo("pending")).addColumn("app_statuses","text",(Y)=>Y.notNull().defaultTo("{}")).addColumn("created_agent_id","text",(Y)=>Y.references("connections.id").onDelete("set null")).addColumn("redirect_url","text").addColumn("created_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).addColumn("updated_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).addColumn("expires_at","text",(Y)=>Y.notNull()).execute(),await X.schema.createIndex("idx_user_sandbox_sessions_template").on("user_sandbox_sessions").column("template_id").execute(),await X.schema.createIndex("idx_user_sandbox_sessions_external_user").on("user_sandbox_sessions").columns(["template_id","external_user_id"]).execute(),await X.schema.createIndex("idx_user_sandbox_sessions_org").on("user_sandbox_sessions").column("organization_id").execute(),await X.schema.createTable("user_sandbox_agents").addColumn("id","text",(Y)=>Y.primaryKey()).addColumn("user_sandbox_id","text",(Y)=>Y.notNull().references("user_sandbox.id").onDelete("cascade")).addColumn("external_user_id","text",(Y)=>Y.notNull()).addColumn("connection_id","text",(Y)=>Y.notNull().references("connections.id").onDelete("cascade")).addColumn("created_at","text",(Y)=>Y.notNull().defaultTo(SP`CURRENT_TIMESTAMP`)).execute(),await X.schema.createIndex("idx_user_sandbox_agents_unique").on("user_sandbox_agents").columns(["user_sandbox_id","external_user_id"]).unique().execute(),await X.schema.createIndex("idx_user_sandbox_agents_connection").on("user_sandbox_agents").column("connection_id").execute()},async down(X){await X.schema.dropIndex("idx_user_sandbox_agents_connection").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_agents_unique").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_sessions_org").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_sessions_external_user").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_sessions_template").ifExists().execute(),await X.schema.dropIndex("idx_user_sandbox_org").ifExists().execute(),await X.schema.dropTable("user_sandbox_agents").ifExists().execute(),await X.schema.dropTable("user_sandbox_sessions").ifExists().execute(),await X.schema.dropTable("user_sandbox").ifExists().execute()}}});var WJ1;var ZJ1=u(()=>{GJ1();WJ1=[JJ1]});function wb(X){let Y=Date.now().toString(36),Q=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`${X}_${Y}${Q}`}class kP{db;constructor(X){this.db=X}async create(X){let Y=wb("usb"),Q=new Date().toISOString(),J={id:Y,organization_id:X.organization_id,title:X.title,description:X.description??null,icon:X.icon??null,required_apps:JSON.stringify(X.required_apps),redirect_url:X.redirect_url??null,webhook_url:X.webhook_url??null,event_type:X.event_type??"integration.completed",agent_title_template:X.agent_title_template??"{{externalUserId}}'s Agent",agent_instructions:X.agent_instructions??null,tool_selection_mode:X.tool_selection_mode??"inclusion",status:"active",created_at:Q,updated_at:Q,created_by:X.created_by??null};await this.db.insertInto("user_sandbox").values(J).execute();let G=await this.findById(Y);if(!G)throw Error(`Failed to create user sandbox with id: ${Y}`);return G}async findById(X){let Y=await this.db.selectFrom("user_sandbox").selectAll().where("id","=",X).executeTakeFirst();if(!Y)return null;return this.deserialize(Y)}async list(X){return(await this.db.selectFrom("user_sandbox").selectAll().where("organization_id","=",X).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async update(X,Y){let J={updated_at:new Date().toISOString()};if(Y.title!==void 0)J.title=Y.title;if(Y.description!==void 0)J.description=Y.description;if(Y.icon!==void 0)J.icon=Y.icon;if(Y.required_apps!==void 0)J.required_apps=JSON.stringify(Y.required_apps);if(Y.redirect_url!==void 0)J.redirect_url=Y.redirect_url;if(Y.webhook_url!==void 0)J.webhook_url=Y.webhook_url;if(Y.event_type!==void 0)J.event_type=Y.event_type;if(Y.agent_title_template!==void 0)J.agent_title_template=Y.agent_title_template;if(Y.agent_instructions!==void 0)J.agent_instructions=Y.agent_instructions;if(Y.tool_selection_mode!==void 0)J.tool_selection_mode=Y.tool_selection_mode;if(Y.status!==void 0)J.status=Y.status;await this.db.updateTable("user_sandbox").set(J).where("id","=",X).execute();let G=await this.findById(X);if(!G)throw Error(`Template not found after update: ${X}`);return G}async delete(X){await this.db.deleteFrom("user_sandbox").where("id","=",X).execute()}deserialize(X){let Y=[];try{Y=JSON.parse(X.required_apps)}catch{Y=[]}return{id:X.id,organization_id:X.organization_id,title:X.title,description:X.description,icon:X.icon,required_apps:Y,redirect_url:X.redirect_url,webhook_url:X.webhook_url,event_type:X.event_type,agent_title_template:X.agent_title_template,agent_instructions:X.agent_instructions,tool_selection_mode:X.tool_selection_mode,status:X.status,created_at:X.created_at,updated_at:X.updated_at,created_by:X.created_by}}}var v80=()=>{};class vP{db;constructor(X){this.db=X}async create(X){let Y=wb("sandbox_session"),Q=new Date().toISOString(),J={id:Y,template_id:X.template_id,organization_id:X.organization_id,external_user_id:X.external_user_id,status:"pending",app_statuses:"{}",created_agent_id:X.created_agent_id??null,redirect_url:X.redirect_url??null,created_at:Q,updated_at:Q,expires_at:X.expires_at};await this.db.insertInto("user_sandbox_sessions").values(J).execute();let G=await this.findById(Y);if(!G)throw Error(`Failed to create session with id: ${Y}`);return G}async findById(X){let Y=await this.db.selectFrom("user_sandbox_sessions").selectAll().where("id","=",X).executeTakeFirst();if(!Y)return null;return this.deserialize(Y)}async findExisting(X,Y){let Q=new Date().toISOString(),J=await this.db.selectFrom("user_sandbox_sessions").selectAll().where("template_id","=",X).where("external_user_id","=",Y).where("expires_at",">",Q).where("status","!=","completed").orderBy("created_at","desc").executeTakeFirst();if(!J)return null;return this.deserialize(J)}async listByTemplate(X){return(await this.db.selectFrom("user_sandbox_sessions").selectAll().where("template_id","=",X).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async listByOrganization(X){return(await this.db.selectFrom("user_sandbox_sessions").selectAll().where("organization_id","=",X).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async update(X,Y){let J={updated_at:new Date().toISOString()};if(Y.status!==void 0)J.status=Y.status;if(Y.app_statuses!==void 0)J.app_statuses=JSON.stringify(Y.app_statuses);if(Y.created_agent_id!==void 0)J.created_agent_id=Y.created_agent_id;await this.db.updateTable("user_sandbox_sessions").set(J).where("id","=",X).execute();let G=await this.findById(X);if(!G)throw Error(`Session not found after update: ${X}`);return G}async delete(X){await this.db.deleteFrom("user_sandbox_sessions").where("id","=",X).execute()}async deleteExpired(){let X=new Date().toISOString(),Y=await this.db.deleteFrom("user_sandbox_sessions").where("expires_at","<",X).where("status","!=","completed").executeTakeFirst();return Number(Y.numDeletedRows??0)}async deleteByExternalUserId(X,Y){let Q=await this.db.deleteFrom("user_sandbox_sessions").where("organization_id","=",X).where("external_user_id","=",Y).executeTakeFirst();return Number(Q.numDeletedRows??0)}deserialize(X){let Y={};try{Y=JSON.parse(X.app_statuses)}catch{Y={}}return{id:X.id,template_id:X.template_id,organization_id:X.organization_id,external_user_id:X.external_user_id,status:X.status,app_statuses:Y,created_agent_id:X.created_agent_id,redirect_url:X.redirect_url,created_at:X.created_at,updated_at:X.updated_at,expires_at:X.expires_at}}}var _80=()=>{};function _P(X){y80=X}function dY(){if(!y80)throw Error(`Plugin storage not initialized. Make sure the "${Lb}" plugin is enabled.`);return y80}function b80(){return process.env.BASE_URL||"http://localhost:3000"}var y80=null;var x5=()=>{};function $J1(X){let Y=X.db,Q={templates:new kP(Y),sessions:new vP(Y)};return _P(Q),Q}var KJ1=u(()=>{v80();_80();x5()});var Mb6,Pb6,Tb6,Ab6,Eb6,UK,jb6,HJ1,FJ1,VJ1,qJ1,UJ1,BJ1,zJ1,DJ1,NJ1,OJ1,LJ1,Cb6,wJ1,MJ1,PJ1;var D7=u(()=>{c0();Mb6=U.object({authorizationEndpoint:U.string().describe("OAuth authorization endpoint URL"),tokenEndpoint:U.string().describe("OAuth token endpoint URL"),clientId:U.string().describe("OAuth client ID"),scopes:U.array(U.string()).describe("OAuth scopes to request"),grantType:U.enum(["authorization_code","client_credentials"]).describe("OAuth grant type")}),Pb6=U.object({headers:U.record(U.string(),U.string()).optional().describe("HTTP headers")}),Tb6=U.object({command:U.string().describe("Command to run"),args:U.array(U.string()).optional().describe("Command arguments"),cwd:U.string().optional().describe("Working directory"),envVars:U.record(U.string(),U.string()).optional().describe("Environment variables")}),Ab6=U.object({app_name:U.string().describe("App name from registry (e.g., '@deco/gmail')"),title:U.string().describe("Display title for the app"),description:U.string().nullable().optional().describe("App description"),icon:U.string().nullable().optional().describe("Icon URL"),connection_type:U.enum(["HTTP","SSE","Websocket","STDIO"]).describe("Connection type"),connection_url:U.string().nullable().optional().describe("MCP server URL"),connection_headers:U.union([Pb6,Tb6]).nullable().optional().describe("Connection parameters"),oauth_config:Mb6.nullable().optional().describe("OAuth configuration if required"),selected_tools:U.array(U.string()).nullable().optional().describe("Selected tools to expose (null = all)"),selected_resources:U.array(U.string()).nullable().optional().describe("Selected resources to expose (null = all)"),selected_prompts:U.array(U.string()).nullable().optional().describe("Selected prompts to expose (null = all)")}),Eb6=U.object({configured:U.boolean().describe("Whether the app has been configured"),connection_id:U.string().nullable().describe("Connection ID if created"),error:U.string().nullable().describe("Error message if configuration failed")}),UK=U.object({id:U.string(),organization_id:U.string(),title:U.string(),description:U.string().nullable(),icon:U.string().nullable(),required_apps:U.array(Ab6),redirect_url:U.string().nullable(),webhook_url:U.string().nullable(),event_type:U.string(),agent_title_template:U.string(),agent_instructions:U.string().nullable(),tool_selection_mode:U.enum(["inclusion","exclusion"]),status:U.enum(["active","inactive"]),created_at:U.string(),updated_at:U.string(),created_by:U.string().nullable()}),jb6=U.object({id:U.string(),template_id:U.string(),organization_id:U.string(),external_user_id:U.string(),status:U.enum(["pending","in_progress","completed"]),app_statuses:U.record(U.string(),Eb6),created_agent_id:U.string().nullable(),redirect_url:U.string().nullable(),created_at:U.string(),updated_at:U.string(),expires_at:U.string()}),HJ1=U.object({app_name:U.string().describe("App name from registry (e.g., '@deco/openrouter')"),selected_tools:U.array(U.string()).nullable().optional().describe("Selected tools to expose (null = all)"),selected_resources:U.array(U.string()).nullable().optional().describe("Selected resources to expose (null = all)"),selected_prompts:U.array(U.string()).nullable().optional().describe("Selected prompts to expose (null = all)")}),FJ1=U.object({title:U.string().describe("Title for the template"),description:U.string().optional().describe("Optional description"),icon:U.string().optional().describe("Optional icon URL"),registry_id:U.string().describe("Connection ID of the registry to look up apps from"),required_apps:U.array(HJ1).describe("Apps to include - only app_name required, details fetched from registry"),redirect_url:U.string().optional().describe("URL to redirect to after completion"),webhook_url:U.string().optional().describe("Webhook URL to call on completion"),event_type:U.string().optional().describe("Event type to emit (default: integration.completed)"),agent_title_template:U.string().optional().describe("Template for agent title (supports {{externalUserId}})"),agent_instructions:U.string().optional().describe("Instructions for the created agent"),tool_selection_mode:U.enum(["inclusion","exclusion"]).optional().describe("Tool selection mode for the agent")}),VJ1=U.object({id:U.string().describe("Template ID to update"),title:U.string().optional(),description:U.string().nullable().optional(),icon:U.string().nullable().optional(),registry_id:U.string().optional().describe("Connection ID of the registry (required if updating required_apps)"),required_apps:U.array(HJ1).optional().describe("Updated apps (details will be fetched from registry)"),redirect_url:U.string().nullable().optional(),webhook_url:U.string().nullable().optional(),event_type:U.string().optional(),agent_title_template:U.string().optional(),agent_instructions:U.string().nullable().optional(),tool_selection_mode:U.enum(["inclusion","exclusion"]).optional(),status:U.enum(["active","inactive"]).optional()}),qJ1=U.object({id:U.string().describe("Template ID")}),UJ1=U.object({}),BJ1=U.object({id:U.string().describe("Template ID to delete")}),zJ1=U.object({templateId:U.string().describe("Template ID"),externalUserId:U.string().describe("External user ID from your platform"),expiresInSeconds:U.number().optional().describe("Session expiration in seconds (default: 7 days)")}),DJ1=U.object({sessionId:U.string().describe("Session ID"),url:U.string().describe("URL for the connect flow"),expiresAt:U.string().describe("Session expiration time"),agentId:U.string().nullable().optional().describe("Virtual MCP ID for this user (unique per template + user)"),created:U.boolean().describe("Whether the agent was newly created (true) or already existed (false)")}),NJ1=U.object({templateId:U.string().optional().describe("Filter by template ID")}),OJ1=U.object({sessions:U.array(jb6)}),LJ1=U.object({externalUserId:U.string().describe("External user ID to find agents for")}),Cb6=U.object({id:U.string().describe("Agent (Virtual MCP) ID"),title:U.string(),external_user_id:U.string(),template_id:U.string().nullable(),created_at:U.string()}),wJ1=U.object({agents:U.array(Cb6)}),MJ1=U.object({externalUserId:U.string().describe("External user ID whose session data should be cleared")}),PJ1=U.object({success:U.boolean(),deletedAgents:U.number().describe("Number of agents (Virtual MCPs) deleted"),deletedConnections:U.number().describe("Number of child connections deleted"),deletedSessions:U.number().describe("Number of sessions deleted")})});function Rb6(X){if(!X?.url)return null;try{let Y=new URL(X.url);if(Y.hostname==="github.com"){let Q=Y.pathname.split("/").filter(Boolean);if(Q.length>=1)return`https://github.com/${Q[0]}.png`}}catch{}return null}function Sb6(X){return X.find((Q)=>Q.name.endsWith("_LIST"))?.name??null}function kb6(X){if(!X)return[];if(Array.isArray(X))return X;if(typeof X==="object"&&X!==null){let Y=Object.keys(X).find((Q)=>Array.isArray(X[Q]));if(Y)return X[Y]}return[]}function vb6(X,Y,Q,J){let G=X.server,W=X._meta?.["mcp.mesh"],Z=W?.friendlyName||W?.friendly_name||X.title||G?.title||G?.name||"Unnamed MCP Server",$=G?.description||null,K=G?.icons?.[0]?.src||Rb6(G?.repository)||null,H=W?.oauth_config,F=H&&typeof H.authorizationEndpoint==="string"&&typeof H.tokenEndpoint==="string"&&typeof H.clientId==="string"&&Array.isArray(H.scopes)&&(H.grantType==="authorization_code"||H.grantType==="client_credentials")?{authorizationEndpoint:H.authorizationEndpoint,tokenEndpoint:H.tokenEndpoint,clientId:H.clientId,scopes:H.scopes,grantType:H.grantType}:null,V=G?.packages??[],q=G?.remotes??[],B,D,N=null,L=q[0],w=V[0];if(L){if(B=Ib6[L.type??""]??L.type?.toUpperCase()??"HTTP",D=L.url??null,L.headers&&L.headers.length>0){let C={};for(let T of L.headers)if(T.name&&T.value)C[T.name]=T.value;if(Object.keys(C).length>0)N={headers:C}}}else if(w){B="STDIO",D=null;let C=w.identifier||w.name,T={};if(w.environmentVariables){for(let A of w.environmentVariables)if(A.name)T[A.name]=""}N={command:"npx",args:C?["-y",C]:[],...Object.keys(T).length>0&&{envVars:T}}}else B="HTTP",D=null;return{title:Z,description:$,icon:K,connection_type:B,connection_url:D,connection_headers:N,oauth_config:F,selected_tools:Y,selected_resources:Q,selected_prompts:J}}async function _b6(X,Y,Q,J=null,G=null,W=null){let Z=await X.createMCPProxy(Y),$=await Z.client.listTools(),K=Sb6($.tools);if(!K)throw Error(`Registry "${Y}" does not have a LIST tool`);let H=await Z.client.callTool({name:K,arguments:{where:{appName:Q}}}),F=H.structuredContent??H,q=kb6(F)[0];if(!q)throw Error(`App "${Q}" not found in registry "${Y}"`);let B=vb6(q,J,G,W);return{app_name:Q,...B}}async function Mb(X,Y,Q){let J=[];for(let G of Q){let W=await _b6(X,Y,G.app_name,G.selected_tools??null,G.selected_resources??null,G.selected_prompts??null);J.push(W)}return J}var Ib6;var f80=u(()=>{Ib6={"streamable-http":"HTTP",http:"HTTP",sse:"SSE",stdio:"STDIO",websocket:"Websocket"}});var TJ1;var AJ1=u(()=>{D7();x5();f80();TJ1={name:"USER_SANDBOX_CREATE",description:"Create a new user sandbox for platform integration flows. Specify apps by name and the system will automatically fetch connection details from the registry.",inputSchema:FJ1,outputSchema:UK,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=await Mb(J,Q.registry_id,Q.required_apps.map(($)=>({app_name:$.app_name,selected_tools:$.selected_tools??null,selected_resources:$.selected_resources??null,selected_prompts:$.selected_prompts??null})));return await dY().templates.create({organization_id:J.organization.id,title:Q.title,description:Q.description??null,icon:Q.icon??null,required_apps:G,redirect_url:Q.redirect_url??null,webhook_url:Q.webhook_url??null,event_type:Q.event_type,agent_title_template:Q.agent_title_template,agent_instructions:Q.agent_instructions??null,tool_selection_mode:Q.tool_selection_mode,created_by:J.auth.user?.id??null})}}});var EJ1;var jJ1=u(()=>{D7();x5();f80();EJ1={name:"USER_SANDBOX_UPDATE",description:"Update an existing user sandbox. If updating required_apps, provide registry_id to auto-fetch details.",inputSchema:VJ1,outputSchema:UK,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=dY(),W=await G.templates.findById(Q.id);if(!W)throw Error(`Template not found: ${Q.id}`);if(W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");let Z=void 0;if(Q.required_apps&&Q.required_apps.length>0){if(!Q.registry_id)throw Error("registry_id is required when updating required_apps");Z=await Mb(J,Q.registry_id,Q.required_apps.map((K)=>({app_name:K.app_name,selected_tools:K.selected_tools??null,selected_resources:K.selected_resources??null,selected_prompts:K.selected_prompts??null})))}return await G.templates.update(Q.id,{title:Q.title,description:Q.description,icon:Q.icon,required_apps:Z,redirect_url:Q.redirect_url,webhook_url:Q.webhook_url,event_type:Q.event_type,agent_title_template:Q.agent_title_template,agent_instructions:Q.agent_instructions,tool_selection_mode:Q.tool_selection_mode,status:Q.status})}}});var CJ1;var IJ1=u(()=>{c0();D7();x5();CJ1={name:"USER_SANDBOX_DELETE",description:"Delete a user sandbox",inputSchema:BJ1,outputSchema:U.object({success:U.boolean(),id:U.string()}),handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=dY(),W=await G.templates.findById(Q.id);if(!W)throw Error(`Template not found: ${Q.id}`);if(W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");return await G.templates.delete(Q.id),{success:!0,id:Q.id}}}});var RJ1;var SJ1=u(()=>{c0();D7();x5();RJ1={name:"USER_SANDBOX_LIST",description:"List all user sandbox in the organization",inputSchema:UJ1,outputSchema:U.object({templates:U.array(UK)}),handler:async(X,Y)=>{let Q=Y;if(!Q.organization)throw Error("Organization context required");return await Q.access.check(),{templates:await dY().templates.list(Q.organization.id)}}}});var kJ1;var vJ1=u(()=>{D7();x5();kJ1={name:"USER_SANDBOX_GET",description:"Get a user sandbox by ID",inputSchema:qJ1,outputSchema:UK.nullable(),handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let W=await dY().templates.findById(Q.id);if(W&&W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");return W}}});async function _J1(X,Y){let Q=await Y.sessions.findById(X);if(!Q)throw new rW("Session not found","SESSION_NOT_FOUND");if(new Date(Q.expires_at)<new Date)throw new rW("Session has expired","SESSION_EXPIRED");return Q}async function yb6(X,Y){let Q=await _J1(X,Y);if(Q.status==="completed")throw new rW("Session is already completed. Create a new session to reconfigure.","SESSION_COMPLETED");return Q}function bb6(X,Y){let Q=X.metadata;if(!Q)throw new rW("Connection has no metadata","CONNECTION_ACCESS_DENIED");let J=Q[BK.SESSION_ID]===Y.id,G=Q[BK.EXTERNAL_USER_ID]===Y.external_user_id&&Q[BK.TEMPLATE_ID]===Y.template_id;if(!J&&!G)throw new rW("Access denied: connection does not belong to this session","CONNECTION_ACCESS_DENIED")}function h80(X,Y,Q){return{[BK.SESSION_ID]:X,[BK.EXTERNAL_USER_ID]:Y,[BK.TEMPLATE_ID]:Q,source:"user-sandbox"}}function x80(X,Y){return{[BK.EXTERNAL_USER_ID]:X,[BK.TEMPLATE_ID]:Y,source:"user-sandbox"}}async function MF(X,Y,Q){let J=Q?.allowCompleted?await _J1(X,Y):await yb6(X,Y);if(Q?.connection)bb6(Q.connection,J);return J}var BK,rW;var yJ1=u(()=>{BK={SESSION_ID:"user_sandbox_session_id",EXTERNAL_USER_ID:"user_sandbox_external_user_id",TEMPLATE_ID:"user_sandbox_id"};rW=class rW extends Error{code;constructor(X,Y){super(X);this.code=Y;this.name="SessionAccessError"}}});var g80=u(()=>{yJ1()});async function hb6(X,Y,Q,J,G,W,Z,$){let K=X,H=await K.selectFrom("user_sandbox_agents").select("connection_id").where("user_sandbox_id","=",J).where("external_user_id","=",G).executeTakeFirst();if(H)return{connectionId:H.connection_id,created:!1};let F=new Date().toISOString(),V=`usa_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`,q=`vir_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`;try{return await K.transaction().execute(async(B)=>{await B.insertInto("connections").values({id:q,organization_id:Y,created_by:Q,title:W,description:Z,icon:null,app_name:null,app_id:null,connection_type:"VIRTUAL",connection_url:`virtual://${q}`,connection_token:null,connection_headers:JSON.stringify({tool_selection_mode:$}),oauth_config:null,configuration_state:null,configuration_scopes:null,metadata:JSON.stringify(x80(G,J)),tools:null,bindings:null,status:"active",created_at:F,updated_at:F}).execute(),await B.insertInto("user_sandbox_agents").values({id:V,user_sandbox_id:J,external_user_id:G,connection_id:q,created_at:F}).execute()}),{connectionId:q,created:!0}}catch(B){let D=String(B);if(D.includes("UNIQUE constraint")||D.includes("duplicate key")){let N=await K.selectFrom("user_sandbox_agents").select("connection_id").where("user_sandbox_id","=",J).where("external_user_id","=",G).executeTakeFirst();if(N)return{connectionId:N.connection_id,created:!1}}throw B}}var fb6=604800,bJ1;var fJ1=u(()=>{D7();x5();g80();bJ1={name:"USER_SANDBOX_CREATE_SESSION",description:"Create a connect session URL for an external user. Returns a URL that the user can visit to configure their integrations. Also creates a unique Virtual MCP (agent) for this user if one doesn't exist.",inputSchema:zJ1,outputSchema:DJ1,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=dY(),W=await G.templates.findById(Q.templateId);if(!W)throw Error(`Template not found: ${Q.templateId}`);if(W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");if(W.status!=="active")throw Error("Template is not active");let Z=W.agent_title_template.replace("{{externalUserId}}",Q.externalUserId),$=W.created_by??J.auth.user?.id??"system",{connectionId:K,created:H}=await hb6(J.db,J.organization.id,$,W.id,Q.externalUserId,Z,W.agent_instructions,W.tool_selection_mode),F=await G.sessions.findExisting(Q.templateId,Q.externalUserId);if(F){if(!F.created_agent_id)await G.sessions.update(F.id,{created_agent_id:K});let N=b80();return{sessionId:F.id,url:`${N}/connect/${F.id}`,expiresAt:F.expires_at,agentId:F.created_agent_id??K,created:H}}let V=Q.expiresInSeconds??fb6,q=new Date(Date.now()+V*1000).toISOString(),B=await G.sessions.create({template_id:Q.templateId,organization_id:J.organization.id,external_user_id:Q.externalUserId,redirect_url:W.redirect_url,expires_at:q,created_agent_id:K}),D=b80();return{sessionId:B.id,url:`${D}/connect/${B.id}`,expiresAt:B.expires_at,agentId:K,created:H}}}});var hJ1;var xJ1=u(()=>{D7();x5();hJ1={name:"USER_SANDBOX_LIST_SESSIONS",description:"List connect sessions for monitoring and management",inputSchema:NJ1,outputSchema:OJ1,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=dY(),W;if(Q.templateId){let Z=await G.templates.findById(Q.templateId);if(!Z)throw Error(`Template not found: ${Q.templateId}`);if(Z.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");W=await G.sessions.listByTemplate(Q.templateId)}else W=await G.sessions.listByOrganization(J.organization.id);return{sessions:W}}}});var xb6="user_sandbox_external_user_id",gb6="user_sandbox_id",gJ1;var uJ1=u(()=>{D7();gJ1={name:"USER_SANDBOX_LIST_USER_AGENTS",description:"List all agents (Virtual MCPs) created for an external user. Use this to find agents created via user sandbox for a specific user in your platform.",inputSchema:LJ1,outputSchema:wJ1,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");return await J.access.check(),{agents:(await J.storage.connections.list(J.organization.id)).filter((Z)=>{if(Z.connection_type!=="VIRTUAL")return!1;let $=Z.metadata;if(!$)return!1;return $[xb6]===Q.externalUserId}).map((Z)=>{let $=Z.metadata;return{id:Z.id,title:Z.title,external_user_id:Q.externalUserId,template_id:$[gb6]??null,created_at:Z.created_at}})}}}});var ub6="user_sandbox_external_user_id",mJ1;var lJ1=u(()=>{D7();x5();mJ1={name:"USER_SANDBOX_CLEAR_USER_SESSION",description:"Clear all session data for an external user, revoking all access they've granted. This deletes their agents (Virtual MCPs), child connections, OAuth tokens, and sessions. Use this when a user wants to disconnect all their integrations.",inputSchema:MJ1,outputSchema:PJ1,handler:async(X,Y)=>{let Q=X,J=Y;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=J.db,W=dY(),$=(await G.selectFrom("connections").select(["id","metadata"]).where("organization_id","=",J.organization.id).where("connection_type","=","VIRTUAL").execute()).filter((F)=>{if(!F.metadata)return!1;try{return JSON.parse(F.metadata)[ub6]===Q.externalUserId}catch{return!1}}).map((F)=>F.id),K=0;if($.length>0){let V=(await G.selectFrom("connection_aggregations").select("child_connection_id").where("parent_connection_id","in",$).execute()).map((q)=>q.child_connection_id);if(await G.deleteFrom("connection_aggregations").where("parent_connection_id","in",$).execute(),V.length>0)await G.deleteFrom("downstream_tokens").where("connectionId","in",V).execute(),await G.deleteFrom("connections").where("id","in",V).execute(),K=V.length;await G.deleteFrom("connections").where("id","in",$).execute(),await G.deleteFrom("user_sandbox_agents").where("external_user_id","=",Q.externalUserId).execute()}let H=await W.sessions.deleteByExternalUserId(J.organization.id,Q.externalUserId);return{success:!0,deletedAgents:$.length,deletedConnections:K,deletedSessions:H}}}});var dJ1;var pJ1=u(()=>{AJ1();jJ1();IJ1();SJ1();vJ1();fJ1();xJ1();uJ1();lJ1();x5();dJ1=[TJ1,EJ1,CJ1,RJ1,kJ1,bJ1,hJ1,gJ1,mJ1]});function mb6(X){let Y=Date.now().toString(36),Q=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`${X}_${Y}${Q}`}async function u80(X,Y,Q,J){let G={success:!1,agentId:X.created_agent_id,connectionIds:[],redirectUrl:null,eventEmitted:!1,webhookCalled:!1};try{let W=J.db,Z=new Date().toISOString(),$=X.created_agent_id;if(!$)throw Error("Session has no agent - this should not happen");let K=[],H=[];for(let[q,B]of Object.entries(X.app_statuses))if(B.configured&&B.connection_id){K.push(B.connection_id);let D=Y.required_apps.find((N)=>N.app_name===q);H.push({appName:q,connectionId:B.connection_id,selectedTools:D?.selected_tools??null,selectedResources:D?.selected_resources??null,selectedPrompts:D?.selected_prompts??null})}if(G.connectionIds=K,await W.deleteFrom("connection_aggregations").where("parent_connection_id","=",$).execute(),H.length>0)await W.insertInto("connection_aggregations").values(H.map((q)=>({id:mb6("agg"),parent_connection_id:$,child_connection_id:q.connectionId,selected_tools:q.selectedTools?JSON.stringify(q.selectedTools):null,selected_resources:q.selectedResources?JSON.stringify(q.selectedResources):null,selected_prompts:q.selectedPrompts?JSON.stringify(q.selectedPrompts):null,created_at:Z}))).execute();await Q.sessions.update(X.id,{status:"completed"});let F={type:Y.event_type,data:{externalUserId:X.external_user_id,agentId:$,templateId:Y.id,sessionId:X.id,connections:K.map((q)=>{let B=Object.entries(X.app_statuses).find(([D,N])=>N.connection_id===q)?.[0];return{id:q,appName:B??"unknown"}})}};if(J.eventBus)try{await J.eventBus.publish(J.organizationId,"user-sandbox",F),G.eventEmitted=!0}catch(q){console.error("[UserSandbox] Failed to emit completion event:",q)}if(Y.webhook_url)try{let q=await fetch(Y.webhook_url,{method:"POST",headers:{"Content-Type":"application/json","X-User-Sandbox-Event":Y.event_type},body:JSON.stringify(F.data)});if(!q.ok)console.error("[UserSandbox] Webhook returned error:",q.status);else G.webhookCalled=!0}catch(q){console.error("[UserSandbox] Failed to call webhook:",q)}let V=X.redirect_url??Y.redirect_url;if(V){let q=new URL(V);q.searchParams.set("sessionId",X.id),q.searchParams.set("externalUserId",X.external_user_id),q.searchParams.set("agentId",$),G.redirectUrl=q.toString()}return G.success=!0,G}catch(W){throw console.error("[UserSandbox] Completion failed:",W),W}}var cJ1=()=>{};function lb6(){let X=Date.now().toString(36),Y=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`conn_${X}${Y}`}async function db6(X,Y,Q,J,G,W,Z){let $=lb6(),K=new Date().toISOString();if(!Z.title)throw Error(`App "${Z.app_name}" is missing required field: title`);if(!Z.connection_type)throw Error(`App "${Z.app_name}" is missing required field: connection_type`);if(!Z.connection_url&&Z.connection_type!=="STDIO")throw Error(`App "${Z.app_name}" is missing required field: connection_url`);let H={id:$,organization_id:Y,created_by:Q,title:Z.title,description:Z.description??null,icon:Z.icon??null,app_name:Z.app_name,app_id:null,connection_type:Z.connection_type,connection_url:Z.connection_url??"",connection_token:null,connection_headers:Z.connection_headers?JSON.stringify(Z.connection_headers):null,oauth_config:Z.oauth_config?JSON.stringify(Z.oauth_config):null,configuration_state:null,configuration_scopes:null,metadata:JSON.stringify(h80(J,G,W)),tools:null,bindings:null,status:"active",created_at:K,updated_at:K};return await X.insertInto("connections").values(H).execute(),$}function yP(X,Y){if(Y instanceof rW){let Q={SESSION_NOT_FOUND:404,SESSION_EXPIRED:410,SESSION_COMPLETED:409,ACCESS_DENIED:403,CONNECTION_ACCESS_DENIED:403};return X.json({error:Y.message,code:Y.code},Q[Y.code]??400)}return console.error("[UserSandbox] Connect API error:",Y),X.json({error:Y instanceof Error?Y.message:"Internal error"},500)}function m80(X,Y){let Q=Y.db,J=new kP(Q),G=new vP(Q),W={templates:J,sessions:G};X.get("/api/user-sandbox/sessions/:sessionId",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await MF($,W,{allowCompleted:!0}),H=await J.findById(K.template_id);if(!H)return Z.json({error:"Template not found"},404);return Z.json({session:{id:K.id,status:K.status,external_user_id:K.external_user_id,expires_at:K.expires_at,redirect_url:K.redirect_url,created_agent_id:K.created_agent_id},template:{id:H.id,title:H.title,description:H.description,icon:H.icon},apps:H.required_apps.map((F)=>({app_name:F.app_name,title:F.title,description:F.description,icon:F.icon,connection_type:F.connection_type,requires_oauth:!!F.oauth_config,selected_tools:F.selected_tools,selected_resources:F.selected_resources,selected_prompts:F.selected_prompts,status:K.app_statuses[F.app_name]??{configured:!1,connection_id:null,error:null}}))})}catch($){return yP(Z,$)}}),X.post("/api/user-sandbox/sessions/:sessionId/provision",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await Z.req.json();if(!K.app_name)return Z.json({error:"app_name is required"},400);let H=await MF($,W,{allowCompleted:!0}),F=await J.findById(H.template_id);if(!F)return Z.json({error:"Template not found"},404);let V=F.required_apps.find((N)=>N.app_name===K.app_name);if(!V)return Z.json({error:`App "${K.app_name}" is not required by this template`},400);let q=H.app_statuses[K.app_name];if(q?.connection_id)return Z.json({success:!0,connection_id:q.connection_id,already_provisioned:!0,requires_oauth:!!V.oauth_config});if(!F.created_by)return Z.json({error:"Template is missing created_by - cannot create connections"},500);let B=await db6(Q,H.organization_id,F.created_by,$,H.external_user_id,H.template_id,V),D={...H.app_statuses,[K.app_name]:{configured:!1,connection_id:B,error:null}};return await G.update($,{status:"in_progress",app_statuses:D}),Z.json({success:!0,connection_id:B,already_provisioned:!1,requires_oauth:!!V.oauth_config})}catch($){return yP(Z,$)}}),X.post("/api/user-sandbox/sessions/:sessionId/configure",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await Z.req.json();if(!K.app_name)return Z.json({error:"app_name is required"},400);let H=await MF($,W,{allowCompleted:!0}),F=await J.findById(H.template_id);if(!F)return Z.json({error:"Template not found"},404);if(!F.required_apps.find((L)=>L.app_name===K.app_name))return Z.json({error:`App "${K.app_name}" is not required by this template`},400);let q=H.app_statuses[K.app_name],D={configured:!0,connection_id:K.connection_id??q?.connection_id??null,error:null},N={...H.app_statuses,[K.app_name]:D};return await G.update($,{status:"in_progress",app_statuses:N}),Z.json({success:!0,app_name:K.app_name,status:D})}catch($){return yP(Z,$)}}),X.post("/api/user-sandbox/sessions/:sessionId/oauth-token",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await Z.req.json();if(!K.connection_id)return Z.json({error:"connection_id is required"},400);if(!K.access_token)return Z.json({error:"access_token is required"},400);let H=await MF($,W,{allowCompleted:!0});if(!Object.values(H.app_statuses).some((C)=>C.connection_id===K.connection_id))return Z.json({error:"Connection does not belong to this session"},403);let V=K.expires_in?new Date(Date.now()+K.expires_in*1000):null,q=new Date().toISOString(),B=await Y.vault.encrypt(K.access_token),D=K.refresh_token?await Y.vault.encrypt(K.refresh_token):null,N=K.client_secret?await Y.vault.encrypt(K.client_secret):null,L=Q,w=await L.selectFrom("downstream_tokens").select(["id"]).where("connectionId","=",K.connection_id).executeTakeFirst();if(w)await L.updateTable("downstream_tokens").set({accessToken:B,refreshToken:D,scope:K.scope??null,expiresAt:V?.toISOString()??null,clientId:K.client_id??null,clientSecret:N,tokenEndpoint:K.token_endpoint??null,updatedAt:q}).where("id","=",w.id).execute();else{let C=`dtok_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`;await L.insertInto("downstream_tokens").values({id:C,connectionId:K.connection_id,accessToken:B,refreshToken:D,scope:K.scope??null,expiresAt:V?.toISOString()??null,clientId:K.client_id??null,clientSecret:N,tokenEndpoint:K.token_endpoint??null,createdAt:q,updatedAt:q}).execute()}return Z.json({success:!0,expiresAt:V})}catch($){return yP(Z,$)}}),X.post("/api/user-sandbox/sessions/:sessionId/complete",async(Z)=>{try{let $=Z.req.param("sessionId"),K=await MF($,W,{allowCompleted:!0}),H=await J.findById(K.template_id);if(!H)return Z.json({error:"Template not found"},404);if(H.required_apps.filter((q)=>{return K.app_statuses[q.app_name]?.configured}).length===0)return Z.json({error:"At least one app must be configured"},400);let V=await u80(K,H,W,{organizationId:K.organization_id,db:Q});return Z.json({success:V.success,completed:!0,agentId:V.agentId,redirectUrl:V.redirectUrl,eventEmitted:V.eventEmitted,webhookCalled:V.webhookCalled})}catch($){return yP(Z,$)}})}var nJ1=u(()=>{v80();_80();g80();cJ1()});var iJ1=u(()=>{nJ1()});var aJ1;var rJ1=u(()=>{ZJ1();KJ1();pJ1();iJ1();aJ1={id:Lb,description:QJ1,tools:dJ1,publicRoutes:(X,Y)=>{m80(X,Y)},migrations:WJ1,createStorage:(X)=>{let Y=$J1(X);return _P(Y),Y}}});var Pb;var oJ1=u(()=>{rJ1();Pb=[aJ1]});function pb6(X,Y){return sJ1.set(Y.name,X),{...Y,handler:async(Q,J)=>{let G=J.organization;if(!G)throw Error(`Organization context required for plugin tool "${Y.name}"`);if(!(await J.storage.organizationSettings.get(G.id))?.enabled_plugins?.includes(X))throw Error(`Plugin "${X}" is not enabled for this organization. Enable it in Settings > Plugins.`);return Y.handler(Q,J)},execute:async(Q,J)=>{let G=J.organization;if(!G)throw Error(`Organization context required for plugin tool "${Y.name}"`);if(!(await J.storage.organizationSettings.get(G.id))?.enabled_plugins?.includes(X))throw Error(`Plugin "${X}" is not enabled for this organization. Enable it in Settings > Plugins.`);return Y.execute(Q,J)}}}function tJ1(X,Y){return X.filter((Q)=>{let J=sJ1.get(Q.name);if(!J)return!0;return Y?.includes(J)??!1})}function eJ1(){let X=[];for(let Y of Pb){if(!Y.tools)continue;for(let Q of Y.tools){let J={name:Q.name,description:Q.description??"",inputSchema:Q.inputSchema,outputSchema:Q.outputSchema,handler:Q.handler,execute:Q.handler},G=pb6(Y.id,J);X.push(G)}}return X}function X51(X,Y){for(let Q of Pb){if(Q.routes){let J=new X.constructor;Q.routes(J,Y),X.route(`/api/plugins/${Q.id}`,J)}if(Q.publicRoutes)Q.publicRoutes(X,Y)}}function Y51(X,Y){let Q={db:X,vault:{encrypt:(J)=>Y.encrypt(J),decrypt:(J)=>Y.decrypt(J)}};for(let J of Pb)if(J.createStorage){let G=J.createStorage(Q);cb6.set(J.id,G)}}var sJ1,cb6;var l80=u(()=>{oJ1();sJ1=new Map;cb6=new Map});function t0(X){return{...X,execute:async(Y,Q)=>{let J=Date.now();return await Q.timings.measure(`tool.${X.name}`,async()=>Q.tracer.startActiveSpan(`tool.${X.name}`,{attributes:{"tool.name":X.name,"organization.id":Q.organization?.id??"system","user.id":Q.auth.user?.id??Q.auth.apiKey?.userId??"anonymous"}},async(G)=>{try{Q.toolName=X.name,Q.access.setToolName?.(X.name);let W=await X.handler(Y,Q),Z=Date.now()-J;return Q.meter.createHistogram("tool.execution.duration",{description:"Duration of tool executions in milliseconds",unit:"ms"}).record(Z,{"tool.name":X.name,"organization.id":Q.organization?.id??"system",status:"success"}),Q.meter.createCounter("tool.execution.count",{description:"Number of tool executions"}).add(1,{"tool.name":X.name,status:"success"}),G.setStatus({code:d80.SpanStatusCode.OK}),W}catch(W){throw Q.meter.createCounter("tool.execution.errors",{description:"Number of tool execution errors"}).add(1,{"tool.name":X.name,"error.type":W.constructor.name}),G.setStatus({code:d80.SpanStatusCode.ERROR,message:W.message}),G.recordException(W),W}finally{G.end()}}))}}}var d80;var Z6=u(()=>{d80=E6(K1(),1)});function _1(X){if(!X.organization)throw Error("This operation requires organization scope");return X.organization}function f8(X){return X.auth.user?.id??X.auth.apiKey?.userId}function nb6(X){return!!(X.auth.user||X.auth.apiKey)}function U1(X){if(!nb6(X))throw Error("Authentication required")}var Tb,Q51,J51,G51,W51,Z51,$51,K51,H51,F51;var Gz=u(()=>{c0();Tb=U.record(U.string(),U.array(U.string())),Q51=U.object({id:U.string().describe("Unique identifier for the API key"),name:U.string().describe("Human-readable name for the API key"),userId:U.string().describe("ID of the user who owns this API key"),permissions:Tb.describe('Permissions granted to this API key. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Example: { "self": ["API_KEY_CREATE"], "conn_abc123": ["SEND_MESSAGE"] }'),expiresAt:U.string().datetime().nullable().optional().describe("Expiration date of the API key (ISO 8601)"),createdAt:U.string().datetime().describe("When the API key was created (ISO 8601)")}),J51=U.object({name:U.string().min(1).max(64).describe("Human-readable name for the API key"),permissions:Tb.optional().describe('Permissions to grant. Format: { resource: [actions] }. Resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Actions are tool names (e.g., ["API_KEY_CREATE"]) or ["*"] for all. Example: { "self": ["API_KEY_CREATE", "COLLECTION_CONNECTIONS_LIST"] }. Defaults to read-only permissions.'),expiresIn:U.number().positive().optional().describe("Expiration time in seconds. If not provided, key never expires."),metadata:U.record(U.string(),U.unknown()).optional().describe("Additional metadata to store with the API key")}),G51=U.object({id:U.string().describe("Unique identifier for the API key"),name:U.string().describe("Human-readable name for the API key"),key:U.string().describe("The actual API key value. STORE THIS SECURELY - it will not be shown again!"),permissions:Tb.describe('Permissions granted to this API key. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools'),expiresAt:U.string().datetime().nullable().optional().describe("Expiration date of the API key (ISO 8601)"),createdAt:U.string().datetime().describe("When the API key was created (ISO 8601)")}),W51=U.object({}),Z51=U.object({items:U.array(Q51).describe("List of API keys (without key values)")}),$51=U.object({keyId:U.string().describe("ID of the API key to update"),name:U.string().min(1).max(64).optional().describe("New name for the API key"),permissions:Tb.optional().describe('New permissions. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Actions are tool names or "*" for all. Example: { "self": ["API_KEY_CREATE"] }. Replaces existing permissions.'),metadata:U.record(U.string(),U.unknown()).optional().describe("New metadata. Replaces existing metadata.")}),K51=U.object({item:Q51.describe("The updated API key (without key value)")}),H51=U.object({keyId:U.string().describe("ID of the API key to delete")}),F51=U.object({success:U.boolean().describe("Whether the deletion was successful"),keyId:U.string().describe("ID of the deleted API key")})});var p80;var V51=u(()=>{Z6();Gz();p80=t0({name:"API_KEY_CREATE",description:"Create a new API key with specified permissions. The key value is only returned once - store it securely!",inputSchema:J51,outputSchema:G51,handler:async(X,Y)=>{U1(Y),await Y.access.check();let Q=await Y.boundAuth.apiKey.create({name:X.name,permissions:X.permissions,expiresIn:X.expiresIn,metadata:{...X.metadata,organization:Y.organization}}),J=Q.expiresAt?Q.expiresAt instanceof Date?Q.expiresAt.toISOString():Q.expiresAt:null,G=Q.createdAt instanceof Date?Q.createdAt.toISOString():Q.createdAt;return{id:Q.id,name:Q.name??X.name,key:Q.key,permissions:Q.permissions??{},expiresAt:J,createdAt:G}}})});var c80;var q51=u(()=>{Z6();Gz();c80=t0({name:"API_KEY_DELETE",description:"Delete an API key. This instantly revokes the key - it can no longer be used for authentication.",inputSchema:H51,outputSchema:F51,handler:async(X,Y)=>{if(U1(Y),await Y.access.check(),!f8(Y))throw Error("User ID required to delete API key");let G=(await Y.boundAuth.apiKey.list())?.find((K)=>K.id===X.keyId);if(!G)throw Error("API key not found");let Z=G.metadata?.organization?.id,$=Y.organization?.id;if(Z!==$)throw Error("Cannot delete API key from another organization");return await Y.boundAuth.apiKey.delete(X.keyId),{success:!0,keyId:X.keyId}}})});var n80;var U51=u(()=>{Z6();Gz();n80=t0({name:"API_KEY_LIST",description:"List all API keys for the current user in the current organization. Returns metadata only - key values are never shown after creation.",inputSchema:W51,outputSchema:Z51,handler:async(X,Y)=>{U1(Y),await Y.access.check();let Q=await Y.boundAuth.apiKey.list(),J=Y.organization?.id;return{items:(Q??[]).filter((W)=>{return W.metadata?.organization?.id===J}).map((W)=>({id:W.id,name:W.name??"Unnamed Key",userId:W.userId,permissions:W.permissions??{},expiresAt:W.expiresAt?W.expiresAt instanceof Date?W.expiresAt.toISOString():W.expiresAt:null,createdAt:W.createdAt instanceof Date?W.createdAt.toISOString():W.createdAt}))}}})});var i80;var B51=u(()=>{Z6();Gz();i80=t0({name:"API_KEY_UPDATE",description:"Update an existing API key's name, permissions, or metadata. Note: Key value cannot be changed or retrieved.",inputSchema:$51,outputSchema:K51,handler:async(X,Y)=>{if(U1(Y),await Y.access.check(),!f8(Y))throw Error("User ID required to update API key");let G=(await Y.boundAuth.apiKey.list())?.find((H)=>H.id===X.keyId);if(!G)throw Error(`API key not found: ${X.keyId}`);let Z=G.metadata?.organization?.id,$=Y.organization?.id;if(Z!==$)throw Error("Cannot update API key from another organization");let K=await Y.boundAuth.apiKey.update({keyId:X.keyId,name:X.name,permissions:X.permissions,metadata:{...X.metadata,organization:Y.organization}});if(!K)throw Error(`Failed to update API key: ${X.keyId}`);return{item:{id:K.id,name:K.name??X.name??"Unnamed Key",userId:K.userId,permissions:K.permissions??{},expiresAt:K.expiresAt?K.expiresAt instanceof Date?K.expiresAt.toISOString():K.expiresAt:null,createdAt:K.createdAt instanceof Date?K.createdAt.toISOString():K.createdAt}}}})});var z51=u(()=>{V51();q51();U51();B51();Gz()});var D51,N51,O51,L51,w51,M51;var bP=u(()=>{c0();D51=U.object({query:U.string().describe("Natural language search query (e.g., 'send email', 'create order')"),limit:U.number().default(10).describe("Maximum results to return (default: 10)")}),N51=U.object({query:U.string(),results:U.array(U.object({name:U.string(),description:U.string().optional(),connection:U.string()})),totalAvailable:U.number()}),O51=U.object({tools:U.array(U.string()).min(1).describe("Array of tool names to get detailed schemas for")}),L51=U.object({tools:U.array(U.object({name:U.string(),description:U.string().optional(),connection:U.string(),inputSchema:U.unknown(),outputSchema:U.unknown().optional()})),notFound:U.array(U.string())}),w51=U.object({code:U.string().min(1).describe("JavaScript code to execute. It runs as an async function body; you can use top-level `return` and `await`."),timeoutMs:U.number().default(3000).describe("Max execution time in milliseconds (default: 3000).")}),M51=U.object({returnValue:U.unknown().optional(),error:U.string().optional(),consoleLogs:U.array(U.object({type:U.enum(["log","warn","error"]),content:U.string()}))})});class Wz{proxies=new Map;constructor(){}static async create(X,Y){let Q=new Wz,J=await Promise.allSettled(X.map(async({connection:G,selectedTools:W,selectedResources:Z,selectedPrompts:$})=>{try{let K=await Y.createMCPProxy(G);return{connection:G,proxy:K,selectedTools:W,selectedResources:Z,selectedPrompts:$}}catch(K){return console.error(`[aggregator] Failed to create proxy for connection ${G.id}:`,K),null}}));for(let G of J)if(G.status==="fulfilled"&&G.value)Q.proxies.set(G.value.connection.id,G.value);return Q}get(X){return this.proxies.get(X)}entries(){return this.proxies.entries()}forEach(X){this.proxies.forEach((Y,Q)=>X(Y,Q))}async mapAsync(X){let Y=[];for(let[Q,J]of this.proxies.entries())Y.push(X(J,Q));return await Promise.all(Y)}async mapSettled(X){return Promise.allSettled(Array.from(this.proxies.entries()).map(([Y,Q])=>X(Q,Y)))}get size(){return this.proxies.size}}function P51(X){let Y=[],Q=[],J=(K)=>{let H=X.newFunction(K,(...F)=>{try{let V=F.map((q)=>X.dump(q));Y.push({type:K??"log",content:V.map(String).join(" ")})}finally{F.forEach((V)=>V.dispose())}return X.undefined});return Q.push(H),H},G=X.newObject();Q.push(G);let W=J("log"),Z=J("warn"),$=J("error");return X.setProp(G,"log",W),X.setProp(G,"warn",Z),X.setProp(G,"error",$),X.setProp(X.global,"console",G),{logs:Y,[Symbol.dispose](){Q.forEach((K)=>K.dispose())}}}var PF,a80,Ab,TF,fP;var Eb=u(()=>{PF={JS_EVAL_TYPE_GLOBAL:0,JS_EVAL_TYPE_MODULE:1,JS_EVAL_TYPE_DIRECT:2,JS_EVAL_TYPE_INDIRECT:3,JS_EVAL_TYPE_MASK:3,JS_EVAL_FLAG_STRICT:8,JS_EVAL_FLAG_STRIP:16,JS_EVAL_FLAG_COMPILE_ONLY:32,JS_EVAL_FLAG_BACKTRACE_BARRIER:64},a80={BaseObjects:1,Date:2,Eval:4,StringNormalize:8,RegExp:16,RegExpCompiler:32,JSON:64,Proxy:128,MapSet:256,TypedArrays:512,Promise:1024,BigInt:2048,BigFloat:4096,BigDecimal:8192,OperatorOverloading:16384,BignumExt:32768},Ab={Pending:0,Fulfilled:1,Rejected:2},TF={JS_GPN_STRING_MASK:1,JS_GPN_SYMBOL_MASK:2,JS_GPN_PRIVATE_MASK:4,JS_GPN_ENUM_ONLY:16,JS_GPN_SET_ENUM:32,QTS_GPN_NUMBER_MASK:64,QTS_STANDARD_COMPLIANT_NUMBER:128},fP={IsStrictlyEqual:0,IsSameValue:1,IsSameValueZero:2}});function Zz(...X){XX0&&console.log("quickjs-emscripten:",...X)}function*b51(X){return yield X}function ob6(X){return b51(QX0(X))}function T51(X,Y){return(...Q)=>{let J=Y.call(X,YX0,...Q);return QX0(J)}}function sb6(X,Y){let Q=Y.call(X,YX0);return QX0(Q)}function QX0(X){function Y(Q){return Q.done?Q.value:Q.value instanceof Promise?Q.value.then((J)=>Y(X.next(J)),(J)=>Y(X.throw(J))):Y(X.next(Q.value))}return Y(X.next())}function r80(X,Y){let Q;try{X.dispose()}catch(J){Q=J}if(Y&&Q)throw Object.assign(Y,{message:`${Y.message}
261
261
  Then, failed to dispose scope: ${Q.message}`,disposeError:Q}),Y;if(Y||Q)throw Y||Q}function f51(X){let Y=X?Array.from(X):[];function Q(){return Y.forEach((G)=>G.alive?G.dispose():void 0)}function J(){return Y.some((G)=>G.alive)}return Object.defineProperty(Y,t80,{configurable:!0,enumerable:!1,value:Q}),Object.defineProperty(Y,"dispose",{configurable:!0,enumerable:!1,value:Q}),Object.defineProperty(Y,"alive",{configurable:!0,enumerable:!1,get:J}),Y}function jb(X){return!!(X&&(typeof X=="object"||typeof X=="function")&&("alive"in X)&&typeof X.alive=="boolean"&&("dispose"in X)&&typeof X.dispose=="function")}function tb6(X){if(!X)return 0;let Y=0;for(let[Q,J]of Object.entries(X)){if(!(Q in a80))throw new v51(Q);J&&(Y|=a80[Q])}return Y}function eb6(X){if(typeof X=="number")return X;if(X===void 0)return 0;let{type:Y,strict:Q,strip:J,compileOnly:G,backtraceBarrier:W}=X,Z=0;return Y==="global"&&(Z|=PF.JS_EVAL_TYPE_GLOBAL),Y==="module"&&(Z|=PF.JS_EVAL_TYPE_MODULE),Q&&(Z|=PF.JS_EVAL_FLAG_STRICT),J&&(Z|=PF.JS_EVAL_FLAG_STRIP),G&&(Z|=PF.JS_EVAL_FLAG_COMPILE_ONLY),W&&(Z|=PF.JS_EVAL_FLAG_BACKTRACE_BARRIER),Z}function Xf6(X){if(typeof X=="number")return X;if(X===void 0)return 0;let{strings:Y,symbols:Q,quickjsPrivate:J,onlyEnumerable:G,numbers:W,numbersAsStrings:Z}=X,$=0;return Y&&($|=TF.JS_GPN_STRING_MASK),Q&&($|=TF.JS_GPN_SYMBOL_MASK),J&&($|=TF.JS_GPN_PRIVATE_MASK),G&&($|=TF.JS_GPN_ENUM_ONLY),W&&($|=TF.QTS_GPN_NUMBER_MASK),Z&&($|=TF.QTS_STANDARD_COMPLIANT_NUMBER),$}function Yf6(...X){let Y=[];for(let Q of X)Q!==void 0&&(Y=Y.concat(Q));return Y}function ZX0(X,Y){Y.interruptHandler&&X.setInterruptHandler(Y.interruptHandler),Y.maxStackSizeBytes!==void 0&&X.setMaxStackSize(Y.maxStackSizeBytes),Y.memoryLimitBytes!==void 0&&X.setMemoryLimit(Y.memoryLimitBytes)}function $X0(X,Y){Y.moduleLoader&&X.setModuleLoader(Y.moduleLoader),Y.shouldInterrupt&&X.setInterruptHandler(Y.shouldInterrupt),Y.memoryLimitBytes!==void 0&&X.setMemoryLimit(Y.memoryLimitBytes),Y.maxStackSizeBytes!==void 0&&X.setMaxStackSize(Y.maxStackSizeBytes)}var ab6,rb6=(X,Y)=>{for(var Q in Y)ab6(X,Q,{get:Y[Q],enumerable:!0})},XX0=!1,E51,o80,j51,s80,C51,I51,R51,S51,k51,v51,_51,y51,YX0,oW,t80,A51,pY,zK,e80,g5,JX0,h51,x51,AF,g51,u51=class{constructor(X){this.module=X}toPointerArray(X){let Y=new Int32Array(X.map((G)=>G.value)),Q=Y.length*Y.BYTES_PER_ELEMENT,J=this.module._malloc(Q);return new Uint8Array(this.module.HEAPU8.buffer,J,Q).set(new Uint8Array(Y.buffer)),new pY(J,void 0,(G)=>this.module._free(G))}newTypedArray(X,Y){let Q=new X(Array(Y).fill(0)),J=Q.length*Q.BYTES_PER_ELEMENT,G=this.module._malloc(J),W=new X(this.module.HEAPU8.buffer,G,Y);return W.set(Q),new pY({typedArray:W,ptr:G},void 0,(Z)=>this.module._free(Z.ptr))}newMutablePointerArray(X){return this.newTypedArray(Int32Array,X)}newHeapCharPointer(X){let Y=this.module.lengthBytesUTF8(X),Q=Y+1,J=this.module._malloc(Q);return this.module.stringToUTF8(X,J,Q),new pY({ptr:J,strlen:Y},void 0,(G)=>this.module._free(G.ptr))}newHeapBufferPointer(X){let Y=X.byteLength,Q=this.module._malloc(Y);return this.module.HEAPU8.set(X,Q),new pY({pointer:Q,numBytes:Y},void 0,(J)=>this.module._free(J.pointer))}consumeHeapCharPointer(X){let Y=this.module.UTF8ToString(X);return this.module._free(X),Y}},Td4,GX0,Qf6,Jf6,m51,l51,Gf6=class{constructor(X){this.callFunction=X.callFunction,this.shouldInterrupt=X.shouldInterrupt,this.loadModuleSource=X.loadModuleSource,this.normalizeModule=X.normalizeModule}},WX0=class{constructor(X){this.contextCallbacks=new Map,this.runtimeCallbacks=new Map,this.suspendedCount=0,this.cToHostCallbacks=new Gf6({callFunction:(Y,Q,J,G,W,Z)=>this.handleAsyncify(Y,()=>{try{let $=this.contextCallbacks.get(Q);if(!$)throw Error(`QuickJSContext(ctx = ${Q}) not found for C function call "${Z}"`);return $.callFunction(Q,J,G,W,Z)}catch($){return console.error("[C to host error: returning null]",$),0}}),shouldInterrupt:(Y,Q)=>this.handleAsyncify(Y,()=>{try{let J=this.runtimeCallbacks.get(Q);if(!J)throw Error(`QuickJSRuntime(rt = ${Q}) not found for C interrupt`);return J.shouldInterrupt(Q)}catch(J){return console.error("[C to host interrupt: returning error]",J),1}}),loadModuleSource:(Y,Q,J,G)=>this.handleAsyncify(Y,()=>{try{let W=this.runtimeCallbacks.get(Q);if(!W)throw Error(`QuickJSRuntime(rt = ${Q}) not found for C module loader`);let Z=W.loadModuleSource;if(!Z)throw Error(`QuickJSRuntime(rt = ${Q}) does not support module loading`);return Z(Q,J,G)}catch(W){return console.error("[C to host module loader error: returning null]",W),0}}),normalizeModule:(Y,Q,J,G,W)=>this.handleAsyncify(Y,()=>{try{let Z=this.runtimeCallbacks.get(Q);if(!Z)throw Error(`QuickJSRuntime(rt = ${Q}) not found for C module loader`);let $=Z.normalizeModule;if(!$)throw Error(`QuickJSRuntime(rt = ${Q}) does not support module loading`);return $(Q,J,G,W)}catch(Z){return console.error("[C to host module loader error: returning null]",Z),0}})}),this.module=X,this.module.callbacks=this.cToHostCallbacks}setRuntimeCallbacks(X,Y){this.runtimeCallbacks.set(X,Y)}deleteRuntime(X){this.runtimeCallbacks.delete(X)}setContextCallbacks(X,Y){this.contextCallbacks.set(X,Y)}deleteContext(X){this.contextCallbacks.delete(X)}handleAsyncify(X,Y){if(X)return X.handleSleep((J)=>{try{let G=Y();if(!(G instanceof Promise)){Zz("asyncify.handleSleep: not suspending:",G),J(G);return}if(this.suspended)throw new I51(`Already suspended at: ${this.suspended.stack}
262
262
  Attempted to suspend at:`);this.suspended=new R51(`(${this.suspendedCount++})`),Zz("asyncify.handleSleep: suspending:",this.suspended),G.then((W)=>{this.suspended=void 0,Zz("asyncify.handleSleep: resolved:",W),J(W)},(W)=>{Zz("asyncify.handleSleep: rejected:",W),console.error("QuickJS: cannot handle error in suspended function",W),this.suspended=void 0})}catch(G){throw Zz("asyncify.handleSleep: error:",G),this.suspended=void 0,G}});let Q=Y();if(Q instanceof Promise)throw Error("Promise return value not supported in non-asyncify context.");return Q}},KX0=class{constructor(X,Y){this.module=X,this.ffi=Y,this.callbacks=new WX0(X)}newRuntime(X={}){let Y=new pY(this.ffi.QTS_NewRuntime(),void 0,(J)=>{this.callbacks.deleteRuntime(J),this.ffi.QTS_FreeRuntime(J)}),Q=new l51({module:this.module,callbacks:this.callbacks,ffi:this.ffi,rt:Y});return ZX0(Q,X),X.moduleLoader&&Q.setModuleLoader(X.moduleLoader),Q}newContext(X={}){let Y=this.newRuntime(),Q=Y.newContext({...X,ownedLifetimes:Yf6(Y,X.ownedLifetimes)});return Y.context=Q,Q}evalCode(X,Y={}){return g5.withScope((Q)=>{let J=Q.manage(this.newContext());$X0(J.runtime,Y);let G=J.evalCode(X,"eval.js");if(Y.memoryLimitBytes!==void 0&&J.runtime.setMemoryLimit(-1),G.error)throw J.dump(Q.manage(G.error));return J.dump(Q.manage(G.value))})}getWasmMemory(){let X=this.module.quickjsEmscriptenInit?.(()=>{})?.getWasmMemory?.();if(!X)throw Error("Variant does not support getting WebAssembly.Memory");return X}getFFI(){return this.ffi}};var HX0=u(()=>{Eb();Eb();ab6=Object.defineProperty;E51={};rb6(E51,{QuickJSAsyncifyError:()=>I51,QuickJSAsyncifySuspended:()=>R51,QuickJSEmptyGetOwnPropertyNames:()=>y51,QuickJSEmscriptenModuleError:()=>k51,QuickJSMemoryLeakDetected:()=>S51,QuickJSNotImplemented:()=>C51,QuickJSPromisePending:()=>_51,QuickJSUnknownIntrinsic:()=>v51,QuickJSUnwrapError:()=>o80,QuickJSUseAfterFree:()=>s80,QuickJSWrongOwner:()=>j51});o80=class extends Error{constructor(X,Y){let Q=typeof X=="object"&&X&&"message"in X?String(X.message):String(X);super(Q);this.cause=X,this.context=Y,this.name="QuickJSUnwrapError"}},j51=class extends Error{constructor(){super(...arguments);this.name="QuickJSWrongOwner"}},s80=class extends Error{constructor(){super(...arguments);this.name="QuickJSUseAfterFree"}},C51=class extends Error{constructor(){super(...arguments);this.name="QuickJSNotImplemented"}},I51=class extends Error{constructor(){super(...arguments);this.name="QuickJSAsyncifyError"}},R51=class extends Error{constructor(){super(...arguments);this.name="QuickJSAsyncifySuspended"}},S51=class extends Error{constructor(){super(...arguments);this.name="QuickJSMemoryLeakDetected"}},k51=class extends Error{constructor(){super(...arguments);this.name="QuickJSEmscriptenModuleError"}},v51=class extends TypeError{constructor(){super(...arguments);this.name="QuickJSUnknownIntrinsic"}},_51=class extends Error{constructor(){super(...arguments);this.name="QuickJSPromisePending"}},y51=class extends Error{constructor(){super(...arguments);this.name="QuickJSEmptyGetOwnPropertyNames"}};YX0=b51;YX0.of=ob6;oW=class{[Symbol.dispose](){return this.dispose()}},t80=Symbol.dispose??Symbol.for("Symbol.dispose"),A51=oW.prototype;A51[t80]||(A51[t80]=function(){return this.dispose()});pY=class X extends oW{constructor(Y,Q,J,G){super();this._value=Y,this.copier=Q,this.disposer=J,this._owner=G,this._alive=!0,this._constructorStack=XX0?Error("Lifetime constructed").stack:void 0}get alive(){return this._alive}get value(){return this.assertAlive(),this._value}get owner(){return this._owner}get dupable(){return!!this.copier}dup(){if(this.assertAlive(),!this.copier)throw Error("Non-dupable lifetime");return new X(this.copier(this._value),this.copier,this.disposer,this._owner)}consume(Y){this.assertAlive();let Q=Y(this);return this.dispose(),Q}map(Y){return this.assertAlive(),Y(this)}tap(Y){return Y(this),this}dispose(){this.assertAlive(),this.disposer&&this.disposer(this._value),this._alive=!1}assertAlive(){if(!this.alive)throw this._constructorStack?new s80(`Lifetime not alive
263
263
  ${this._constructorStack}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@decocms/mesh",
3
- "version": "2.44.1",
3
+ "version": "2.44.2",
4
4
  "description": "MCP Mesh - Self-hostable MCP Gateway for managing AI connections and tools",
5
5
  "author": "Deco team",
6
6
  "license": "MIT",
package/dist/client/assets/constants-lRo2eL0e.js DELETED
@@ -1 +0,0 @@
1
- import{x as t,B as a}from"./index-S_U-4ngr.js";const e=t(a,{target:"draft-7"});export{e as B};
package/dist/client/assets/useInfiniteQuery-CkUGYF8O.js DELETED
@@ -1 +0,0 @@
1
- import{I as u}from"./infiniteQueryObserver-B6huorg4.js";import{W as i}from"./index-S_U-4ngr.js";function t(e,r){return i(e,u,r)}export{t as u};
package/dist/client/assets/useQuery-Bzc3BvS1.js DELETED
@@ -1 +0,0 @@
1
- import{W as u,X as s}from"./index-S_U-4ngr.js";function o(e,r){return u(e,s,r)}export{o as u};