@decocms/mesh 2.59.6 → 2.59.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/server/cli.js +1 -1
  2. package/dist/server/migrate.js +1 -1
  3. package/dist/server/server.js +1 -1
  4. package/package.json +1 -1
package/dist/server/server.js CHANGED
@@ -257,7 +257,7 @@ data:
257
257
  `;if(J)G+=`id: ${J}
258
258
  `;return G+=`data: ${JSON.stringify(Q)}
259
259
 
260
- `,Y.enqueue(X.encode(G)),!0}catch{return!1}}handleUnsupportedRequest(){return new Response(JSON.stringify({jsonrpc:"2.0",error:{code:-32000,message:"Method not allowed."},id:null}),{status:405,headers:{Allow:"GET, POST, DELETE","Content-Type":"application/json"}})}async handlePostRequest(Y,X){try{let Q=Y.headers.get("accept");if(!Q?.includes("application/json")||!Q.includes("text/event-stream"))return this.createJsonErrorResponse(406,-32000,"Not Acceptable: Client must accept both application/json and text/event-stream");let J=Y.headers.get("content-type");if(!J||!J.includes("application/json"))return this.createJsonErrorResponse(415,-32000,"Unsupported Media Type: Content-Type must be application/json");let G={headers:Object.fromEntries(Y.headers.entries())},K;if(X?.parsedBody!==void 0)K=X.parsedBody;else try{K=await Y.json()}catch{return this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON")}let W;try{if(Array.isArray(K))W=K.map((L)=>fQ.parse(L));else W=[fQ.parse(K)]}catch{return this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON-RPC message")}let Z=W.some(ps);if(Z){if(this._initialized&&this.sessionId!==void 0)return this.createJsonErrorResponse(400,-32600,"Invalid Request: Server already initialized");if(W.length>1)return this.createJsonErrorResponse(400,-32600,"Invalid Request: Only one initialization request is allowed");if(this.sessionId=this.sessionIdGenerator?.(),this._initialized=!0,this.sessionId&&this._onsessioninitialized)await Promise.resolve(this._onsessioninitialized(this.sessionId))}if(!Z){let L=this.validateSession(Y);if(L)return L;let w=this.validateProtocolVersion(Y);if(w)return w}if(!W.some(tG)){for(let L of W)this.onmessage?.(L,{authInfo:X?.authInfo,requestInfo:G});return new Response(null,{status:202})}let F=crypto.randomUUID(),V=W.find((L)=>ps(L)),$=V?V.params.protocolVersion:Y.headers.get("mcp-protocol-version")??bi0;if(this._enableJsonResponse)return new Promise((L)=>{this._streamMapping.set(F,{resolveJson:L,cleanup:()=>{this._streamMapping.delete(F)}});for(let w of W)if(tG(w))this._requestToStreamMapping.set(w.id,F);for(let w of W)this.onmessage?.(w,{authInfo:X?.authInfo,requestInfo:G})});let q=new TextEncoder,B,D=new ReadableStream({start:(L)=>{B=L},cancel:()=>{this._streamMapping.delete(F)}}),O={"Content-Type":"text/event-stream","Cache-Control":"no-cache",Connection:"keep-alive"};if(this.sessionId!==void 0)O["mcp-session-id"]=this.sessionId;for(let L of W)if(tG(L))this._streamMapping.set(F,{controller:B,encoder:q,cleanup:()=>{this._streamMapping.delete(F);try{B.close()}catch{}}}),this._requestToStreamMapping.set(L.id,F);await this.writePrimingEvent(B,q,F,$);for(let L of W){let w,R;if(tG(L)&&this._eventStore&&$>="2025-11-25")w=()=>{this.closeSSEStream(L.id)},R=()=>{this.closeStandaloneSSEStream()};this.onmessage?.(L,{authInfo:X?.authInfo,requestInfo:G,closeSSEStream:w,closeStandaloneSSEStream:R})}return new Response(D,{status:200,headers:O})}catch(Q){return this.onerror?.(Q),this.createJsonErrorResponse(400,-32700,"Parse error",{data:String(Q)})}}async handleDeleteRequest(Y){let X=this.validateSession(Y);if(X)return X;let Q=this.validateProtocolVersion(Y);if(Q)return Q;return await Promise.resolve(this._onsessionclosed?.(this.sessionId)),await this.close(),new Response(null,{status:200})}validateSession(Y){if(this.sessionIdGenerator===void 0)return;if(!this._initialized)return this.createJsonErrorResponse(400,-32000,"Bad Request: Server not initialized");let X=Y.headers.get("mcp-session-id");if(!X)return this.createJsonErrorResponse(400,-32000,"Bad Request: Mcp-Session-Id header is required");if(X!==this.sessionId)return this.createJsonErrorResponse(404,-32001,"Session not found");return}validateProtocolVersion(Y){let X=Y.headers.get("mcp-protocol-version");if(X!==null&&!lF.includes(X))return this.createJsonErrorResponse(400,-32000,`Bad Request: Unsupported protocol version: ${X} (supported versions: ${lF.join(", ")})`);return}async close(){this._streamMapping.forEach(({cleanup:Y})=>{Y()}),this._streamMapping.clear(),this._requestResponseMap.clear(),this.onclose?.()}closeSSEStream(Y){let X=this._requestToStreamMapping.get(Y);if(!X)return;let Q=this._streamMapping.get(X);if(Q)Q.cleanup()}closeStandaloneSSEStream(){let Y=this._streamMapping.get(this._standaloneSseStreamId);if(Y)Y.cleanup()}async send(Y,X){let Q=X?.relatedRequestId;if(b5(Y)||xz(Y))Q=Y.id;if(Q===void 0){if(b5(Y)||xz(Y))throw Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");let K;if(this._eventStore)K=await this._eventStore.storeEvent(this._standaloneSseStreamId,Y);let W=this._streamMapping.get(this._standaloneSseStreamId);if(W===void 0)return;if(W.controller&&W.encoder)this.writeSSEEvent(W.controller,W.encoder,Y,K);return}let J=this._requestToStreamMapping.get(Q);if(!J)throw Error(`No connection established for request ID: ${String(Q)}`);let G=this._streamMapping.get(J);if(!this._enableJsonResponse&&G?.controller&&G?.encoder){let K;if(this._eventStore)K=await this._eventStore.storeEvent(J,Y);this.writeSSEEvent(G.controller,G.encoder,Y,K)}if(b5(Y)||xz(Y)){this._requestResponseMap.set(Q,Y);let K=Array.from(this._requestToStreamMapping.entries()).filter(([Z,H])=>H===J).map(([Z])=>Z);if(K.every((Z)=>this._requestResponseMap.has(Z))){if(!G)throw Error(`No connection established for request ID: ${String(Q)}`);if(this._enableJsonResponse&&G.resolveJson){let Z={"Content-Type":"application/json"};if(this.sessionId!==void 0)Z["mcp-session-id"]=this.sessionId;let H=K.map((F)=>this._requestResponseMap.get(F));if(H.length===1)G.resolveJson(new Response(JSON.stringify(H[0]),{status:200,headers:Z}));else G.resolveJson(new Response(JSON.stringify(H),{status:200,headers:Z}))}else G.cleanup();for(let Z of K)this._requestResponseMap.delete(Z),this._requestToStreamMapping.delete(Z)}}}}var Rb=l(()=>{gY()});var QP=(...Y)=>{return function(Q,J){let G=(K)=>{let W=Y[K];if(!W)return J();return W(Q,()=>G(K+1))};return G(0)}};class tF6{config;tools=[];callToolMiddlewares=[];jsonSchemaCache=new Map;constructor(Y){this.config={...Y,capabilities:Y.capabilities??{tools:{}}}}getCachedJsonSchema(Y){let X=this.jsonSchemaCache.get(Y);if(!X)X=z.toJSONSchema(Y),this.jsonSchemaCache.set(Y,X);return X}withTool(Y){return this.tools.push(Y),this}withTools(Y){return this.tools.push(...Y),this}callToolMiddleware(...Y){return this.callToolMiddlewares.push(...Y),this}build(){let Y=this.callToolMiddlewares.length>0?QP(...this.callToolMiddlewares):null,X=()=>{let Q=new wM({name:this.config.name,version:this.config.version},{capabilities:this.config.capabilities});for(let J of this.tools){let G=async(H)=>{try{let F=await J.handler(H);return{content:[{type:"text",text:JSON.stringify(F)}],structuredContent:F}}catch(F){return{content:[{type:"text",text:`Error: ${F.message}`}],isError:!0}}},K=Y?async(H)=>{let F={method:"tools/call",params:{name:J.name,arguments:H}};return await Y(F,()=>G(H))}:G,W="shape"in J.inputSchema?J.inputSchema.shape:z.object({}).shape,Z=J.outputSchema&&"shape"in J.outputSchema?J.outputSchema.shape:z.object({}).shape;Q.registerTool(J.name,{annotations:J.annotations,description:J.description??"",inputSchema:W,outputSchema:Z},K)}return Q};return{callStreamableTool:async(Q,J)=>{let G=this.tools.find((W)=>W.name===Q);if(!G)throw Error(`Tool ${Q} not found`);let K=await G.handler(J);if(!(K instanceof Response))throw Error(`Tool ${Q} returned a non-response`);return K},client:{listTools:async()=>{return{tools:this.tools.map((Q)=>({name:Q.name,description:Q.description??"",inputSchema:this.getCachedJsonSchema(Q.inputSchema),outputSchema:Q.outputSchema?this.getCachedJsonSchema(Q.outputSchema):void 0}))}},callTool:async(Q)=>{let J=this.tools.find((G)=>G.name===Q.name);if(!J)return{content:[{type:"text",text:"Tool not found"}]};try{let G=await J?.handler(Q.arguments??{});return{content:[{type:"text",text:JSON.stringify(G)}],structuredContent:G}}catch(G){return{content:[{type:"text",text:`Error: ${G.message}`}]}}}},fetch:async(Q)=>{let J=new V$({enableJsonResponse:Q.headers.get("Accept")?.includes("application/json")??!1});return await X().connect(J),await J.handleRequest(Q)}}}}function eF6(Y){return new tF6(Y)}var YV6=l(()=>{E00();Rb();i0()});var jb="user-sandbox",XV6="Create embeddable integration flows for platform end-users";import{sql as JP}from"kysely";var QV6;var JV6=l(()=>{QV6={name:"001-user-sandbox",async up(Y){await Y.schema.createTable("user_sandbox").addColumn("id","text",(X)=>X.primaryKey()).addColumn("organization_id","text",(X)=>X.notNull().references("organization.id").onDelete("cascade")).addColumn("title","text",(X)=>X.notNull()).addColumn("description","text").addColumn("icon","text").addColumn("required_apps","text",(X)=>X.notNull()).addColumn("redirect_url","text").addColumn("webhook_url","text").addColumn("event_type","text",(X)=>X.notNull().defaultTo("integration.completed")).addColumn("agent_title_template","text",(X)=>X.notNull().defaultTo("Agent for {{externalUserId}}")).addColumn("agent_instructions","text").addColumn("tool_selection_mode","text",(X)=>X.notNull().defaultTo("inclusion")).addColumn("status","text",(X)=>X.notNull().defaultTo("active")).addColumn("created_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).addColumn("updated_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).addColumn("created_by","text",(X)=>X.references("user.id").onDelete("set null")).execute(),await Y.schema.createIndex("idx_user_sandbox_org").on("user_sandbox").column("organization_id").execute(),await Y.schema.createTable("user_sandbox_sessions").addColumn("id","text",(X)=>X.primaryKey()).addColumn("template_id","text",(X)=>X.notNull().references("user_sandbox.id").onDelete("cascade")).addColumn("organization_id","text",(X)=>X.notNull().references("organization.id").onDelete("cascade")).addColumn("external_user_id","text",(X)=>X.notNull()).addColumn("status","text",(X)=>X.notNull().defaultTo("pending")).addColumn("app_statuses","text",(X)=>X.notNull().defaultTo("{}")).addColumn("created_agent_id","text",(X)=>X.references("connections.id").onDelete("set null")).addColumn("redirect_url","text").addColumn("created_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).addColumn("updated_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).addColumn("expires_at","text",(X)=>X.notNull()).execute(),await Y.schema.createIndex("idx_user_sandbox_sessions_template").on("user_sandbox_sessions").column("template_id").execute(),await Y.schema.createIndex("idx_user_sandbox_sessions_external_user").on("user_sandbox_sessions").columns(["template_id","external_user_id"]).execute(),await Y.schema.createIndex("idx_user_sandbox_sessions_org").on("user_sandbox_sessions").column("organization_id").execute(),await Y.schema.createTable("user_sandbox_agents").addColumn("id","text",(X)=>X.primaryKey()).addColumn("user_sandbox_id","text",(X)=>X.notNull().references("user_sandbox.id").onDelete("cascade")).addColumn("external_user_id","text",(X)=>X.notNull()).addColumn("connection_id","text",(X)=>X.notNull().references("connections.id").onDelete("cascade")).addColumn("created_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).execute(),await Y.schema.createIndex("idx_user_sandbox_agents_unique").on("user_sandbox_agents").columns(["user_sandbox_id","external_user_id"]).unique().execute(),await Y.schema.createIndex("idx_user_sandbox_agents_connection").on("user_sandbox_agents").column("connection_id").execute()},async down(Y){await Y.schema.dropIndex("idx_user_sandbox_agents_connection").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_agents_unique").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_sessions_org").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_sessions_external_user").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_sessions_template").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_org").ifExists().execute(),await Y.schema.dropTable("user_sandbox_agents").ifExists().execute(),await Y.schema.dropTable("user_sandbox_sessions").ifExists().execute(),await Y.schema.dropTable("user_sandbox").ifExists().execute()}}});var GV6;var WV6=l(()=>{JV6();GV6=[QV6]});function Sb(Y){let X=Date.now().toString(36),Q=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`${Y}_${X}${Q}`}class GP{db;constructor(Y){this.db=Y}async create(Y){let X=Sb("usb"),Q=new Date().toISOString(),J={id:X,organization_id:Y.organization_id,title:Y.title,description:Y.description??null,icon:Y.icon??null,required_apps:JSON.stringify(Y.required_apps),redirect_url:Y.redirect_url??null,webhook_url:Y.webhook_url??null,event_type:Y.event_type??"integration.completed",agent_title_template:Y.agent_title_template??"{{externalUserId}}'s Agent",agent_instructions:Y.agent_instructions??null,tool_selection_mode:Y.tool_selection_mode??"inclusion",status:"active",created_at:Q,updated_at:Q,created_by:Y.created_by??null};await this.db.insertInto("user_sandbox").values(J).execute();let G=await this.findById(X);if(!G)throw Error(`Failed to create user sandbox with id: ${X}`);return G}async findById(Y){let X=await this.db.selectFrom("user_sandbox").selectAll().where("id","=",Y).executeTakeFirst();if(!X)return null;return this.deserialize(X)}async list(Y){return(await this.db.selectFrom("user_sandbox").selectAll().where("organization_id","=",Y).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async update(Y,X){let J={updated_at:new Date().toISOString()};if(X.title!==void 0)J.title=X.title;if(X.description!==void 0)J.description=X.description;if(X.icon!==void 0)J.icon=X.icon;if(X.required_apps!==void 0)J.required_apps=JSON.stringify(X.required_apps);if(X.redirect_url!==void 0)J.redirect_url=X.redirect_url;if(X.webhook_url!==void 0)J.webhook_url=X.webhook_url;if(X.event_type!==void 0)J.event_type=X.event_type;if(X.agent_title_template!==void 0)J.agent_title_template=X.agent_title_template;if(X.agent_instructions!==void 0)J.agent_instructions=X.agent_instructions;if(X.tool_selection_mode!==void 0)J.tool_selection_mode=X.tool_selection_mode;if(X.status!==void 0)J.status=X.status;await this.db.updateTable("user_sandbox").set(J).where("id","=",Y).execute();let G=await this.findById(Y);if(!G)throw Error(`Template not found after update: ${Y}`);return G}async delete(Y){await this.db.deleteFrom("user_sandbox").where("id","=",Y).execute()}deserialize(Y){let X=[];try{X=JSON.parse(Y.required_apps)}catch{X=[]}return{id:Y.id,organization_id:Y.organization_id,title:Y.title,description:Y.description,icon:Y.icon,required_apps:X,redirect_url:Y.redirect_url,webhook_url:Y.webhook_url,event_type:Y.event_type,agent_title_template:Y.agent_title_template,agent_instructions:Y.agent_instructions,tool_selection_mode:Y.tool_selection_mode,status:Y.status,created_at:Y.created_at,updated_at:Y.updated_at,created_by:Y.created_by}}}var GQ0=()=>{};class WP{db;constructor(Y){this.db=Y}async create(Y){let X=Sb("sandbox_session"),Q=new Date().toISOString(),J={id:X,template_id:Y.template_id,organization_id:Y.organization_id,external_user_id:Y.external_user_id,status:"pending",app_statuses:"{}",created_agent_id:Y.created_agent_id??null,redirect_url:Y.redirect_url??null,created_at:Q,updated_at:Q,expires_at:Y.expires_at};await this.db.insertInto("user_sandbox_sessions").values(J).execute();let G=await this.findById(X);if(!G)throw Error(`Failed to create session with id: ${X}`);return G}async findById(Y){let X=await this.db.selectFrom("user_sandbox_sessions").selectAll().where("id","=",Y).executeTakeFirst();if(!X)return null;return this.deserialize(X)}async findExisting(Y,X){let Q=new Date().toISOString(),J=await this.db.selectFrom("user_sandbox_sessions").selectAll().where("template_id","=",Y).where("external_user_id","=",X).where("expires_at",">",Q).where("status","!=","completed").orderBy("created_at","desc").executeTakeFirst();if(!J)return null;return this.deserialize(J)}async listByTemplate(Y){return(await this.db.selectFrom("user_sandbox_sessions").selectAll().where("template_id","=",Y).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async listByOrganization(Y){return(await this.db.selectFrom("user_sandbox_sessions").selectAll().where("organization_id","=",Y).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async update(Y,X){let J={updated_at:new Date().toISOString()};if(X.status!==void 0)J.status=X.status;if(X.app_statuses!==void 0)J.app_statuses=JSON.stringify(X.app_statuses);if(X.created_agent_id!==void 0)J.created_agent_id=X.created_agent_id;await this.db.updateTable("user_sandbox_sessions").set(J).where("id","=",Y).execute();let G=await this.findById(Y);if(!G)throw Error(`Session not found after update: ${Y}`);return G}async delete(Y){await this.db.deleteFrom("user_sandbox_sessions").where("id","=",Y).execute()}async deleteExpired(){let Y=new Date().toISOString(),X=await this.db.deleteFrom("user_sandbox_sessions").where("expires_at","<",Y).where("status","!=","completed").executeTakeFirst();return Number(X.numDeletedRows??0)}async deleteByExternalUserId(Y,X){let Q=await this.db.deleteFrom("user_sandbox_sessions").where("organization_id","=",Y).where("external_user_id","=",X).executeTakeFirst();return Number(Q.numDeletedRows??0)}deserialize(Y){let X={};try{X=JSON.parse(Y.app_statuses)}catch{X={}}return{id:Y.id,template_id:Y.template_id,organization_id:Y.organization_id,external_user_id:Y.external_user_id,status:Y.status,app_statuses:X,created_agent_id:Y.created_agent_id,redirect_url:Y.redirect_url,created_at:Y.created_at,updated_at:Y.updated_at,expires_at:Y.expires_at}}}var WQ0=()=>{};function ZP(Y){ZQ0=Y}function eY(){if(!ZQ0)throw Error(`Plugin storage not initialized. Make sure the "${jb}" plugin is enabled.`);return ZQ0}function KQ0(){return process.env.BASE_URL||"http://localhost:3000"}var ZQ0=null;var FG=()=>{};function ZV6(Y){let X=Y.db,Q={templates:new GP(X),sessions:new WP(X)};return ZP(Q),Q}var KV6=l(()=>{GQ0();WQ0();FG()});var gs4,ms4,ls4,ds4,ps4,oH,cs4,HV6,FV6,VV6,$V6,qV6,zV6,BV6,UV6,DV6,OV6,NV6,ns4,LV6,wV6,MV6;var l7=l(()=>{i0();gs4=z.object({authorizationEndpoint:z.string().describe("OAuth authorization endpoint URL"),tokenEndpoint:z.string().describe("OAuth token endpoint URL"),clientId:z.string().describe("OAuth client ID"),scopes:z.array(z.string()).describe("OAuth scopes to request"),grantType:z.enum(["authorization_code","client_credentials"]).describe("OAuth grant type")}),ms4=z.object({headers:z.record(z.string(),z.string()).optional().describe("HTTP headers")}),ls4=z.object({command:z.string().describe("Command to run"),args:z.array(z.string()).optional().describe("Command arguments"),cwd:z.string().optional().describe("Working directory"),envVars:z.record(z.string(),z.string()).optional().describe("Environment variables")}),ds4=z.object({app_name:z.string().describe("App name from registry (e.g., '@deco/gmail')"),title:z.string().describe("Display title for the app"),description:z.string().nullable().optional().describe("App description"),icon:z.string().nullable().optional().describe("Icon URL"),connection_type:z.enum(["HTTP","SSE","Websocket","STDIO"]).describe("Connection type"),connection_url:z.string().nullable().optional().describe("MCP server URL"),connection_headers:z.union([ms4,ls4]).nullable().optional().describe("Connection parameters"),oauth_config:gs4.nullable().optional().describe("OAuth configuration if required"),selected_tools:z.array(z.string()).nullable().optional().describe("Selected tools to expose (null = all)"),selected_resources:z.array(z.string()).nullable().optional().describe("Selected resources to expose (null = all)"),selected_prompts:z.array(z.string()).nullable().optional().describe("Selected prompts to expose (null = all)")}),ps4=z.object({configured:z.boolean().describe("Whether the app has been configured"),connection_id:z.string().nullable().describe("Connection ID if created"),error:z.string().nullable().describe("Error message if configuration failed")}),oH=z.object({id:z.string(),organization_id:z.string(),title:z.string(),description:z.string().nullable(),icon:z.string().nullable(),required_apps:z.array(ds4),redirect_url:z.string().nullable(),webhook_url:z.string().nullable(),event_type:z.string(),agent_title_template:z.string(),agent_instructions:z.string().nullable(),tool_selection_mode:z.enum(["inclusion","exclusion"]),status:z.enum(["active","inactive"]),created_at:z.string(),updated_at:z.string(),created_by:z.string().nullable()}),cs4=z.object({id:z.string(),template_id:z.string(),organization_id:z.string(),external_user_id:z.string(),status:z.enum(["pending","in_progress","completed"]),app_statuses:z.record(z.string(),ps4),created_agent_id:z.string().nullable(),redirect_url:z.string().nullable(),created_at:z.string(),updated_at:z.string(),expires_at:z.string()}),HV6=z.object({app_name:z.string().describe("App name from registry (e.g., '@deco/openrouter')"),selected_tools:z.array(z.string()).nullable().optional().describe("Selected tools to expose (null = all)"),selected_resources:z.array(z.string()).nullable().optional().describe("Selected resources to expose (null = all)"),selected_prompts:z.array(z.string()).nullable().optional().describe("Selected prompts to expose (null = all)")}),FV6=z.object({title:z.string().describe("Title for the template"),description:z.string().optional().describe("Optional description"),icon:z.string().optional().describe("Optional icon URL"),registry_id:z.string().describe("Connection ID of the registry to look up apps from"),required_apps:z.array(HV6).describe("Apps to include - only app_name required, details fetched from registry"),redirect_url:z.string().optional().describe("URL to redirect to after completion"),webhook_url:z.string().optional().describe("Webhook URL to call on completion"),event_type:z.string().optional().describe("Event type to emit (default: integration.completed)"),agent_title_template:z.string().optional().describe("Template for agent title (supports {{externalUserId}})"),agent_instructions:z.string().optional().describe("Instructions for the created agent"),tool_selection_mode:z.enum(["inclusion","exclusion"]).optional().describe("Tool selection mode for the agent")}),VV6=z.object({id:z.string().describe("Template ID to update"),title:z.string().optional(),description:z.string().nullable().optional(),icon:z.string().nullable().optional(),registry_id:z.string().optional().describe("Connection ID of the registry (required if updating required_apps)"),required_apps:z.array(HV6).optional().describe("Updated apps (details will be fetched from registry)"),redirect_url:z.string().nullable().optional(),webhook_url:z.string().nullable().optional(),event_type:z.string().optional(),agent_title_template:z.string().optional(),agent_instructions:z.string().nullable().optional(),tool_selection_mode:z.enum(["inclusion","exclusion"]).optional(),status:z.enum(["active","inactive"]).optional()}),$V6=z.object({id:z.string().describe("Template ID")}),qV6=z.object({}),zV6=z.object({id:z.string().describe("Template ID to delete")}),BV6=z.object({templateId:z.string().describe("Template ID"),externalUserId:z.string().describe("External user ID from your platform"),expiresInSeconds:z.number().optional().describe("Session expiration in seconds (default: 7 days)")}),UV6=z.object({sessionId:z.string().describe("Session ID"),url:z.string().describe("URL for the connect flow"),expiresAt:z.string().describe("Session expiration time"),agentId:z.string().nullable().optional().describe("Virtual MCP ID for this user (unique per template + user)"),created:z.boolean().describe("Whether the agent was newly created (true) or already existed (false)")}),DV6=z.object({templateId:z.string().optional().describe("Filter by template ID")}),OV6=z.object({sessions:z.array(cs4)}),NV6=z.object({externalUserId:z.string().describe("External user ID to find agents for")}),ns4=z.object({id:z.string().describe("Agent (Virtual MCP) ID"),title:z.string(),external_user_id:z.string(),template_id:z.string().nullable(),created_at:z.string()}),LV6=z.object({agents:z.array(ns4)}),wV6=z.object({externalUserId:z.string().describe("External user ID whose session data should be cleared")}),MV6=z.object({success:z.boolean(),deletedAgents:z.number().describe("Number of agents (Virtual MCPs) deleted"),deletedConnections:z.number().describe("Number of child connections deleted"),deletedSessions:z.number().describe("Number of sessions deleted")})});function as4(Y){if(!Y?.url)return null;try{let X=new URL(Y.url);if(X.hostname==="github.com"){let Q=X.pathname.split("/").filter(Boolean);if(Q.length>=1)return`https://github.com/${Q[0]}.png`}}catch{}return null}function rs4(Y){return Y.find((Q)=>Q.name.endsWith("_LIST"))?.name??null}function os4(Y){if(!Y)return[];if(Array.isArray(Y))return Y;if(typeof Y==="object"&&Y!==null){let X=Object.keys(Y).find((Q)=>Array.isArray(Y[Q]));if(X)return Y[X]}return[]}function ss4(Y,X,Q,J){let G=Y.server,K=Y._meta?.["mcp.mesh"],W=K?.friendlyName||K?.friendly_name||Y.title||G?.title||G?.name||"Unnamed MCP Server",Z=G?.description||null,H=G?.icons?.[0]?.src||as4(G?.repository)||null,F=K?.oauth_config,V=F&&typeof F.authorizationEndpoint==="string"&&typeof F.tokenEndpoint==="string"&&typeof F.clientId==="string"&&Array.isArray(F.scopes)&&(F.grantType==="authorization_code"||F.grantType==="client_credentials")?{authorizationEndpoint:F.authorizationEndpoint,tokenEndpoint:F.tokenEndpoint,clientId:F.clientId,scopes:F.scopes,grantType:F.grantType}:null,$=G?.packages??[],q=G?.remotes??[],B,D,O=null,L=q[0],w=$[0];if(L){if(B=is4[L.type??""]??L.type?.toUpperCase()??"HTTP",D=L.url??null,L.headers&&L.headers.length>0){let R={};for(let P of L.headers)if(P.name&&P.value)R[P.name]=P.value;if(Object.keys(R).length>0)O={headers:R}}}else if(w){B="STDIO",D=null;let R=w.identifier||w.name,P={};if(w.environmentVariables){for(let T of w.environmentVariables)if(T.name)P[T.name]=""}O={command:"npx",args:R?["-y",R]:[],...Object.keys(P).length>0&&{envVars:P}}}else B="HTTP",D=null;return{title:W,description:Z,icon:H,connection_type:B,connection_url:D,connection_headers:O,oauth_config:V,selected_tools:X,selected_resources:Q,selected_prompts:J}}async function ts4(Y,X,Q,J=null,G=null,K=null){let W=await Y.createMCPProxy(X);try{let Z=await W.listTools(),H=rs4(Z.tools);if(!H)throw Error(`Registry "${X}" does not have a LIST tool`);let F=await W.callTool({name:H,arguments:{where:{appName:Q}}}),V=F.structuredContent??F,q=os4(V)[0];if(!q)throw Error(`App "${Q}" not found in registry "${X}"`);let B=ss4(q,J,G,K);return{app_name:Q,...B}}finally{await W.close().catch(console.error)}}async function kb(Y,X,Q){let J=[];for(let G of Q){let K=await ts4(Y,X,G.app_name,G.selected_tools??null,G.selected_resources??null,G.selected_prompts??null);J.push(K)}return J}var is4;var HQ0=l(()=>{is4={"streamable-http":"HTTP",http:"HTTP",sse:"SSE",stdio:"STDIO",websocket:"Websocket"}});var AV6;var TV6=l(()=>{l7();FG();HQ0();AV6={name:"USER_SANDBOX_CREATE",description:"Create a new user sandbox for platform integration flows. Specify apps by name and the system will automatically fetch connection details from the registry.",inputSchema:FV6,outputSchema:oH,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=await kb(J,Q.registry_id,Q.required_apps.map((Z)=>({app_name:Z.app_name,selected_tools:Z.selected_tools??null,selected_resources:Z.selected_resources??null,selected_prompts:Z.selected_prompts??null})));return await eY().templates.create({organization_id:J.organization.id,title:Q.title,description:Q.description??null,icon:Q.icon??null,required_apps:G,redirect_url:Q.redirect_url??null,webhook_url:Q.webhook_url??null,event_type:Q.event_type,agent_title_template:Q.agent_title_template,agent_instructions:Q.agent_instructions??null,tool_selection_mode:Q.tool_selection_mode,created_by:J.auth.user?.id??null})}}});var PV6;var EV6=l(()=>{l7();FG();HQ0();PV6={name:"USER_SANDBOX_UPDATE",description:"Update an existing user sandbox. If updating required_apps, provide registry_id to auto-fetch details.",inputSchema:VV6,outputSchema:oH,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=eY(),K=await G.templates.findById(Q.id);if(!K)throw Error(`Template not found: ${Q.id}`);if(K.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");let W=void 0;if(Q.required_apps&&Q.required_apps.length>0){if(!Q.registry_id)throw Error("registry_id is required when updating required_apps");W=await kb(J,Q.registry_id,Q.required_apps.map((H)=>({app_name:H.app_name,selected_tools:H.selected_tools??null,selected_resources:H.selected_resources??null,selected_prompts:H.selected_prompts??null})))}return await G.templates.update(Q.id,{title:Q.title,description:Q.description,icon:Q.icon,required_apps:W,redirect_url:Q.redirect_url,webhook_url:Q.webhook_url,event_type:Q.event_type,agent_title_template:Q.agent_title_template,agent_instructions:Q.agent_instructions,tool_selection_mode:Q.tool_selection_mode,status:Q.status})}}});var CV6;var IV6=l(()=>{i0();l7();FG();CV6={name:"USER_SANDBOX_DELETE",description:"Delete a user sandbox",inputSchema:zV6,outputSchema:z.object({success:z.boolean(),id:z.string()}),handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=eY(),K=await G.templates.findById(Q.id);if(!K)throw Error(`Template not found: ${Q.id}`);if(K.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");return await G.templates.delete(Q.id),{success:!0,id:Q.id}}}});var RV6;var jV6=l(()=>{i0();l7();FG();RV6={name:"USER_SANDBOX_LIST",description:"List all user sandbox in the organization",inputSchema:qV6,outputSchema:z.object({templates:z.array(oH)}),handler:async(Y,X)=>{let Q=X;if(!Q.organization)throw Error("Organization context required");return await Q.access.check(),{templates:await eY().templates.list(Q.organization.id)}}}});var SV6;var kV6=l(()=>{l7();FG();SV6={name:"USER_SANDBOX_GET",description:"Get a user sandbox by ID",inputSchema:$V6,outputSchema:oH.nullable(),handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let K=await eY().templates.findById(Q.id);if(K&&K.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");return K}}});async function vV6(Y,X){let Q=await X.sessions.findById(Y);if(!Q)throw new EZ("Session not found","SESSION_NOT_FOUND");if(new Date(Q.expires_at)<new Date)throw new EZ("Session has expired","SESSION_EXPIRED");return Q}async function es4(Y,X){let Q=await vV6(Y,X);if(Q.status==="completed")throw new EZ("Session is already completed. Create a new session to reconfigure.","SESSION_COMPLETED");return Q}function Yt4(Y,X){let Q=Y.metadata;if(!Q)throw new EZ("Connection has no metadata","CONNECTION_ACCESS_DENIED");let J=Q[sH.SESSION_ID]===X.id,G=Q[sH.EXTERNAL_USER_ID]===X.external_user_id&&Q[sH.TEMPLATE_ID]===X.template_id;if(!J&&!G)throw new EZ("Access denied: connection does not belong to this session","CONNECTION_ACCESS_DENIED")}function FQ0(Y,X,Q){return{[sH.SESSION_ID]:Y,[sH.EXTERNAL_USER_ID]:X,[sH.TEMPLATE_ID]:Q,source:"user-sandbox"}}function VQ0(Y,X){return{[sH.EXTERNAL_USER_ID]:Y,[sH.TEMPLATE_ID]:X,source:"user-sandbox"}}async function $$(Y,X,Q){let J=Q?.allowCompleted?await vV6(Y,X):await es4(Y,X);if(Q?.connection)Yt4(Q.connection,J);return J}var sH,EZ;var _V6=l(()=>{sH={SESSION_ID:"user_sandbox_session_id",EXTERNAL_USER_ID:"user_sandbox_external_user_id",TEMPLATE_ID:"user_sandbox_id"};EZ=class EZ extends Error{code;constructor(Y,X){super(Y);this.code=X;this.name="SessionAccessError"}}});var $Q0=l(()=>{_V6()});async function Qt4(Y,X,Q,J,G,K,W,Z){let H=Y,F=await H.selectFrom("user_sandbox_agents").select("connection_id").where("user_sandbox_id","=",J).where("external_user_id","=",G).executeTakeFirst();if(F)return{connectionId:F.connection_id,created:!1};let V=new Date().toISOString(),$=`usa_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`,q=`vir_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`;try{return await H.transaction().execute(async(B)=>{await B.insertInto("connections").values({id:q,organization_id:X,created_by:Q,title:K,description:W,icon:null,app_name:null,app_id:null,connection_type:"VIRTUAL",connection_url:`virtual://${q}`,connection_token:null,connection_headers:JSON.stringify({tool_selection_mode:Z}),oauth_config:null,configuration_state:null,configuration_scopes:null,metadata:JSON.stringify(VQ0(G,J)),tools:null,bindings:null,status:"active",created_at:V,updated_at:V}).execute(),await B.insertInto("user_sandbox_agents").values({id:$,user_sandbox_id:J,external_user_id:G,connection_id:q,created_at:V}).execute()}),{connectionId:q,created:!0}}catch(B){let D=String(B);if(D.includes("UNIQUE constraint")||D.includes("duplicate key")){let O=await H.selectFrom("user_sandbox_agents").select("connection_id").where("user_sandbox_id","=",J).where("external_user_id","=",G).executeTakeFirst();if(O)return{connectionId:O.connection_id,created:!1}}throw B}}var Xt4=604800,yV6;var fV6=l(()=>{l7();FG();$Q0();yV6={name:"USER_SANDBOX_CREATE_SESSION",description:"Create a connect session URL for an external user. Returns a URL that the user can visit to configure their integrations. Also creates a unique Virtual MCP (agent) for this user if one doesn't exist.",inputSchema:BV6,outputSchema:UV6,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=eY(),K=await G.templates.findById(Q.templateId);if(!K)throw Error(`Template not found: ${Q.templateId}`);if(K.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");if(K.status!=="active")throw Error("Template is not active");let W=K.agent_title_template.replace("{{externalUserId}}",Q.externalUserId),Z=K.created_by??J.auth.user?.id??"system",{connectionId:H,created:F}=await Qt4(J.db,J.organization.id,Z,K.id,Q.externalUserId,W,K.agent_instructions,K.tool_selection_mode),V=await G.sessions.findExisting(Q.templateId,Q.externalUserId);if(V){if(!V.created_agent_id)await G.sessions.update(V.id,{created_agent_id:H});let O=KQ0();return{sessionId:V.id,url:`${O}/connect/${V.id}`,expiresAt:V.expires_at,agentId:V.created_agent_id??H,created:F}}let $=Q.expiresInSeconds??Xt4,q=new Date(Date.now()+$*1000).toISOString(),B=await G.sessions.create({template_id:Q.templateId,organization_id:J.organization.id,external_user_id:Q.externalUserId,redirect_url:K.redirect_url,expires_at:q,created_agent_id:H}),D=KQ0();return{sessionId:B.id,url:`${D}/connect/${B.id}`,expiresAt:B.expires_at,agentId:H,created:F}}}});var hV6;var bV6=l(()=>{l7();FG();hV6={name:"USER_SANDBOX_LIST_SESSIONS",description:"List connect sessions for monitoring and management",inputSchema:DV6,outputSchema:OV6,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=eY(),K;if(Q.templateId){let W=await G.templates.findById(Q.templateId);if(!W)throw Error(`Template not found: ${Q.templateId}`);if(W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");K=await G.sessions.listByTemplate(Q.templateId)}else K=await G.sessions.listByOrganization(J.organization.id);return{sessions:K}}}});var Jt4="user_sandbox_external_user_id",Gt4="user_sandbox_id",xV6;var uV6=l(()=>{l7();xV6={name:"USER_SANDBOX_LIST_USER_AGENTS",description:"List all agents (Virtual MCPs) created for an external user. Use this to find agents created via user sandbox for a specific user in your platform.",inputSchema:NV6,outputSchema:LV6,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");return await J.access.check(),{agents:(await J.storage.connections.list(J.organization.id)).filter((W)=>{if(W.connection_type!=="VIRTUAL")return!1;let Z=W.metadata;if(!Z)return!1;return Z[Jt4]===Q.externalUserId}).map((W)=>{let Z=W.metadata;return{id:W.id,title:W.title,external_user_id:Q.externalUserId,template_id:Z[Gt4]??null,created_at:W.created_at}})}}}});var Wt4="user_sandbox_external_user_id",gV6;var mV6=l(()=>{l7();FG();gV6={name:"USER_SANDBOX_CLEAR_USER_SESSION",description:"Clear all session data for an external user, revoking all access they've granted. This deletes their agents (Virtual MCPs), child connections, OAuth tokens, and sessions. Use this when a user wants to disconnect all their integrations.",inputSchema:wV6,outputSchema:MV6,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=J.db,K=eY(),Z=(await G.selectFrom("connections").select(["id","metadata"]).where("organization_id","=",J.organization.id).where("connection_type","=","VIRTUAL").execute()).filter((V)=>{if(!V.metadata)return!1;try{return JSON.parse(V.metadata)[Wt4]===Q.externalUserId}catch{return!1}}).map((V)=>V.id),H=0;if(Z.length>0){let $=(await G.selectFrom("connection_aggregations").select("child_connection_id").where("parent_connection_id","in",Z).execute()).map((q)=>q.child_connection_id);if(await G.deleteFrom("connection_aggregations").where("parent_connection_id","in",Z).execute(),$.length>0)await G.deleteFrom("downstream_tokens").where("connectionId","in",$).execute(),await G.deleteFrom("connections").where("id","in",$).execute(),H=$.length;await G.deleteFrom("connections").where("id","in",Z).execute(),await G.deleteFrom("user_sandbox_agents").where("external_user_id","=",Q.externalUserId).execute()}let F=await K.sessions.deleteByExternalUserId(J.organization.id,Q.externalUserId);return{success:!0,deletedAgents:Z.length,deletedConnections:H,deletedSessions:F}}}});var lV6;var dV6=l(()=>{TV6();EV6();IV6();jV6();kV6();fV6();bV6();uV6();mV6();FG();lV6=[AV6,PV6,CV6,RV6,SV6,yV6,hV6,xV6,gV6]});function Zt4(Y){let X=Date.now().toString(36),Q=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`${Y}_${X}${Q}`}async function qQ0(Y,X,Q,J){let G={success:!1,agentId:Y.created_agent_id,connectionIds:[],redirectUrl:null,eventEmitted:!1,webhookCalled:!1};try{let K=J.db,W=new Date().toISOString(),Z=Y.created_agent_id;if(!Z)throw Error("Session has no agent - this should not happen");let H=[],F=[];for(let[q,B]of Object.entries(Y.app_statuses))if(B.configured&&B.connection_id){H.push(B.connection_id);let D=X.required_apps.find((O)=>O.app_name===q);F.push({appName:q,connectionId:B.connection_id,selectedTools:D?.selected_tools??null,selectedResources:D?.selected_resources??null,selectedPrompts:D?.selected_prompts??null})}if(G.connectionIds=H,await K.deleteFrom("connection_aggregations").where("parent_connection_id","=",Z).execute(),F.length>0)await K.insertInto("connection_aggregations").values(F.map((q)=>({id:Zt4("agg"),parent_connection_id:Z,child_connection_id:q.connectionId,selected_tools:q.selectedTools?JSON.stringify(q.selectedTools):null,selected_resources:q.selectedResources?JSON.stringify(q.selectedResources):null,selected_prompts:q.selectedPrompts?JSON.stringify(q.selectedPrompts):null,created_at:W}))).execute();await Q.sessions.update(Y.id,{status:"completed"});let V={type:X.event_type,data:{externalUserId:Y.external_user_id,agentId:Z,templateId:X.id,sessionId:Y.id,connections:H.map((q)=>{let B=Object.entries(Y.app_statuses).find(([D,O])=>O.connection_id===q)?.[0];return{id:q,appName:B??"unknown"}})}};if(J.eventBus)try{await J.eventBus.publish(J.organizationId,"user-sandbox",V),G.eventEmitted=!0}catch(q){console.error("[UserSandbox] Failed to emit completion event:",q)}if(X.webhook_url)try{let q=await fetch(X.webhook_url,{method:"POST",headers:{"Content-Type":"application/json","X-User-Sandbox-Event":X.event_type},body:JSON.stringify(V.data)});if(!q.ok)console.error("[UserSandbox] Webhook returned error:",q.status);else G.webhookCalled=!0}catch(q){console.error("[UserSandbox] Failed to call webhook:",q)}let $=Y.redirect_url??X.redirect_url;if($){let q=new URL($);q.searchParams.set("sessionId",Y.id),q.searchParams.set("externalUserId",Y.external_user_id),q.searchParams.set("agentId",Z),G.redirectUrl=q.toString()}return G.success=!0,G}catch(K){throw console.error("[UserSandbox] Completion failed:",K),K}}var pV6=()=>{};function Kt4(){let Y=Date.now().toString(36),X=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`conn_${Y}${X}`}async function Ht4(Y,X,Q,J,G,K,W){let Z=Kt4(),H=new Date().toISOString();if(!W.title)throw Error(`App "${W.app_name}" is missing required field: title`);if(!W.connection_type)throw Error(`App "${W.app_name}" is missing required field: connection_type`);if(!W.connection_url&&W.connection_type!=="STDIO")throw Error(`App "${W.app_name}" is missing required field: connection_url`);let F={id:Z,organization_id:X,created_by:Q,title:W.title,description:W.description??null,icon:W.icon??null,app_name:W.app_name,app_id:null,connection_type:W.connection_type,connection_url:W.connection_url??"",connection_token:null,connection_headers:W.connection_headers?JSON.stringify(W.connection_headers):null,oauth_config:W.oauth_config?JSON.stringify(W.oauth_config):null,configuration_state:null,configuration_scopes:null,metadata:JSON.stringify(FQ0(J,G,K)),tools:null,bindings:null,status:"active",created_at:H,updated_at:H};return await Y.insertInto("connections").values(F).execute(),Z}function KP(Y,X){if(X instanceof EZ){let Q={SESSION_NOT_FOUND:404,SESSION_EXPIRED:410,SESSION_COMPLETED:409,ACCESS_DENIED:403,CONNECTION_ACCESS_DENIED:403};return Y.json({error:X.message,code:X.code},Q[X.code]??400)}return console.error("[UserSandbox] Connect API error:",X),Y.json({error:X instanceof Error?X.message:"Internal error"},500)}function zQ0(Y,X){let Q=X.db,J=new GP(Q),G=new WP(Q),K={templates:J,sessions:G};Y.get("/api/user-sandbox/sessions/:sessionId",async(W)=>{try{let Z=W.req.param("sessionId"),H=await $$(Z,K,{allowCompleted:!0}),F=await J.findById(H.template_id);if(!F)return W.json({error:"Template not found"},404);return W.json({session:{id:H.id,status:H.status,external_user_id:H.external_user_id,expires_at:H.expires_at,redirect_url:H.redirect_url,created_agent_id:H.created_agent_id},template:{id:F.id,title:F.title,description:F.description,icon:F.icon},apps:F.required_apps.map((V)=>({app_name:V.app_name,title:V.title,description:V.description,icon:V.icon,connection_type:V.connection_type,requires_oauth:!!V.oauth_config,selected_tools:V.selected_tools,selected_resources:V.selected_resources,selected_prompts:V.selected_prompts,status:H.app_statuses[V.app_name]??{configured:!1,connection_id:null,error:null}}))})}catch(Z){return KP(W,Z)}}),Y.post("/api/user-sandbox/sessions/:sessionId/provision",async(W)=>{try{let Z=W.req.param("sessionId"),H=await W.req.json();if(!H.app_name)return W.json({error:"app_name is required"},400);let F=await $$(Z,K,{allowCompleted:!0}),V=await J.findById(F.template_id);if(!V)return W.json({error:"Template not found"},404);let $=V.required_apps.find((O)=>O.app_name===H.app_name);if(!$)return W.json({error:`App "${H.app_name}" is not required by this template`},400);let q=F.app_statuses[H.app_name];if(q?.connection_id)return W.json({success:!0,connection_id:q.connection_id,already_provisioned:!0,requires_oauth:!!$.oauth_config});if(!V.created_by)return W.json({error:"Template is missing created_by - cannot create connections"},500);let B=await Ht4(Q,F.organization_id,V.created_by,Z,F.external_user_id,F.template_id,$),D={...F.app_statuses,[H.app_name]:{configured:!1,connection_id:B,error:null}};return await G.update(Z,{status:"in_progress",app_statuses:D}),W.json({success:!0,connection_id:B,already_provisioned:!1,requires_oauth:!!$.oauth_config})}catch(Z){return KP(W,Z)}}),Y.post("/api/user-sandbox/sessions/:sessionId/configure",async(W)=>{try{let Z=W.req.param("sessionId"),H=await W.req.json();if(!H.app_name)return W.json({error:"app_name is required"},400);let F=await $$(Z,K,{allowCompleted:!0}),V=await J.findById(F.template_id);if(!V)return W.json({error:"Template not found"},404);if(!V.required_apps.find((L)=>L.app_name===H.app_name))return W.json({error:`App "${H.app_name}" is not required by this template`},400);let q=F.app_statuses[H.app_name],D={configured:!0,connection_id:H.connection_id??q?.connection_id??null,error:null},O={...F.app_statuses,[H.app_name]:D};return await G.update(Z,{status:"in_progress",app_statuses:O}),W.json({success:!0,app_name:H.app_name,status:D})}catch(Z){return KP(W,Z)}}),Y.post("/api/user-sandbox/sessions/:sessionId/oauth-token",async(W)=>{try{let Z=W.req.param("sessionId"),H=await W.req.json();if(!H.connection_id)return W.json({error:"connection_id is required"},400);if(!H.access_token)return W.json({error:"access_token is required"},400);let F=await $$(Z,K,{allowCompleted:!0});if(!Object.values(F.app_statuses).some((R)=>R.connection_id===H.connection_id))return W.json({error:"Connection does not belong to this session"},403);let $=H.expires_in?new Date(Date.now()+H.expires_in*1000):null,q=new Date().toISOString(),B=await X.vault.encrypt(H.access_token),D=H.refresh_token?await X.vault.encrypt(H.refresh_token):null,O=H.client_secret?await X.vault.encrypt(H.client_secret):null,L=Q,w=await L.selectFrom("downstream_tokens").select(["id"]).where("connectionId","=",H.connection_id).executeTakeFirst();if(w)await L.updateTable("downstream_tokens").set({accessToken:B,refreshToken:D,scope:H.scope??null,expiresAt:$?.toISOString()??null,clientId:H.client_id??null,clientSecret:O,tokenEndpoint:H.token_endpoint??null,updatedAt:q}).where("id","=",w.id).execute();else{let R=`dtok_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`;await L.insertInto("downstream_tokens").values({id:R,connectionId:H.connection_id,accessToken:B,refreshToken:D,scope:H.scope??null,expiresAt:$?.toISOString()??null,clientId:H.client_id??null,clientSecret:O,tokenEndpoint:H.token_endpoint??null,createdAt:q,updatedAt:q}).execute()}return W.json({success:!0,expiresAt:$})}catch(Z){return KP(W,Z)}}),Y.post("/api/user-sandbox/sessions/:sessionId/complete",async(W)=>{try{let Z=W.req.param("sessionId"),H=await $$(Z,K,{allowCompleted:!0}),F=await J.findById(H.template_id);if(!F)return W.json({error:"Template not found"},404);if(F.required_apps.filter((q)=>{return H.app_statuses[q.app_name]?.configured}).length===0)return W.json({error:"At least one app must be configured"},400);let $=await qQ0(H,F,K,{organizationId:H.organization_id,db:Q});return W.json({success:$.success,completed:!0,agentId:$.agentId,redirectUrl:$.redirectUrl,eventEmitted:$.eventEmitted,webhookCalled:$.webhookCalled})}catch(Z){return KP(W,Z)}})}var cV6=l(()=>{GQ0();WQ0();$Q0();pV6()});var nV6=l(()=>{cV6()});var iV6;var aV6=l(()=>{WV6();KV6();dV6();nV6();iV6={id:jb,description:XV6,tools:lV6,publicRoutes:(Y,X)=>{zQ0(Y,X)},migrations:GV6,createStorage:(Y)=>{let X=ZV6(Y);return ZP(X),X}}});var vb;var rV6=l(()=>{aV6();vb=[iV6]});function Ft4(Y,X){return oV6.set(X.name,Y),{...X,handler:async(Q,J)=>{let G=J.organization;if(!G)throw Error(`Organization context required for plugin tool "${X.name}"`);if(!(await J.storage.organizationSettings.get(G.id))?.enabled_plugins?.includes(Y))throw Error(`Plugin "${Y}" is not enabled for this organization. Enable it in Settings > Plugins.`);return X.handler(Q,J)},execute:async(Q,J)=>{let G=J.organization;if(!G)throw Error(`Organization context required for plugin tool "${X.name}"`);if(!(await J.storage.organizationSettings.get(G.id))?.enabled_plugins?.includes(Y))throw Error(`Plugin "${Y}" is not enabled for this organization. Enable it in Settings > Plugins.`);return X.execute(Q,J)}}}function sV6(Y,X){return Y.filter((Q)=>{let J=oV6.get(Q.name);if(!J)return!0;return X?.includes(J)??!1})}function tV6(){let Y=[];for(let X of vb){if(!X.tools)continue;for(let Q of X.tools){let J={name:Q.name,description:Q.description??"",inputSchema:Q.inputSchema,outputSchema:Q.outputSchema,handler:Q.handler,execute:Q.handler},G=Ft4(X.id,J);Y.push(G)}}return Y}function eV6(Y,X){for(let Q of vb){if(Q.routes){let J=new Y.constructor;Q.routes(J,X),Y.route(`/api/plugins/${Q.id}`,J)}if(Q.publicRoutes)Q.publicRoutes(Y,X)}}function Y$6(Y,X){let Q={db:Y,vault:{encrypt:(J)=>X.encrypt(J),decrypt:(J)=>X.decrypt(J)}};for(let J of vb)if(J.createStorage){let G=J.createStorage(Q);Vt4.set(J.id,G)}}var oV6,Vt4;var BQ0=l(()=>{rV6();oV6=new Map;Vt4=new Map});function W6(Y){return{...Y,execute:async(X,Q)=>{let J=Date.now();return await Q.timings.measure(`tool.${Y.name}`,async()=>Q.tracer.startActiveSpan(`tool.${Y.name}`,{attributes:{"tool.name":Y.name,"organization.id":Q.organization?.id??"system","user.id":Q.auth.user?.id??Q.auth.apiKey?.userId??"anonymous"}},async(G)=>{try{Q.toolName=Y.name,Q.access.setToolName?.(Y.name);let K=await Y.handler(X,Q),W=Date.now()-J;return Q.meter.createHistogram("tool.execution.duration",{description:"Duration of tool executions in milliseconds",unit:"ms"}).record(W,{"tool.name":Y.name,"organization.id":Q.organization?.id??"system",status:"success"}),Q.meter.createCounter("tool.execution.count",{description:"Number of tool executions"}).add(1,{"tool.name":Y.name,status:"success"}),G.setStatus({code:UQ0.SpanStatusCode.OK}),K}catch(K){throw Q.meter.createCounter("tool.execution.errors",{description:"Number of tool execution errors"}).add(1,{"tool.name":Y.name,"error.type":K.constructor.name}),G.setStatus({code:UQ0.SpanStatusCode.ERROR,message:K.message}),G.recordException(K),K}finally{G.end()}}))}}}var UQ0;var z4=l(()=>{UQ0=l4(u0(),1)});function f6(Y){if(!Y.organization)throw Error("This operation requires organization scope");return Y.organization}function n8(Y){return Y.auth.user?.id??Y.auth.apiKey?.userId}function $t4(Y){return!!(Y.auth.user||Y.auth.apiKey)}function z6(Y){if(!$t4(Y))throw Error("Authentication required")}var _b,X$6,Q$6,J$6,G$6,W$6,Z$6,K$6,H$6,F$6;var VD=l(()=>{i0();_b=z.record(z.string(),z.array(z.string())),X$6=z.object({id:z.string().describe("Unique identifier for the API key"),name:z.string().describe("Human-readable name for the API key"),userId:z.string().describe("ID of the user who owns this API key"),permissions:_b.describe('Permissions granted to this API key. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Example: { "self": ["API_KEY_CREATE"], "conn_abc123": ["SEND_MESSAGE"] }'),expiresAt:z.string().datetime().nullable().optional().describe("Expiration date of the API key (ISO 8601)"),createdAt:z.string().datetime().describe("When the API key was created (ISO 8601)")}),Q$6=z.object({name:z.string().min(1).max(64).describe("Human-readable name for the API key"),permissions:_b.optional().describe('Permissions to grant. Format: { resource: [actions] }. Resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Actions are tool names (e.g., ["API_KEY_CREATE"]) or ["*"] for all. Example: { "self": ["API_KEY_CREATE", "COLLECTION_CONNECTIONS_LIST"] }. Defaults to read-only permissions.'),expiresIn:z.number().positive().optional().describe("Expiration time in seconds. If not provided, key never expires."),metadata:z.record(z.string(),z.unknown()).optional().describe("Additional metadata to store with the API key")}),J$6=z.object({id:z.string().describe("Unique identifier for the API key"),name:z.string().describe("Human-readable name for the API key"),key:z.string().describe("The actual API key value. STORE THIS SECURELY - it will not be shown again!"),permissions:_b.describe('Permissions granted to this API key. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools'),expiresAt:z.string().datetime().nullable().optional().describe("Expiration date of the API key (ISO 8601)"),createdAt:z.string().datetime().describe("When the API key was created (ISO 8601)")}),G$6=z.object({}),W$6=z.object({items:z.array(X$6).describe("List of API keys (without key values)")}),Z$6=z.object({keyId:z.string().describe("ID of the API key to update"),name:z.string().min(1).max(64).optional().describe("New name for the API key"),permissions:_b.optional().describe('New permissions. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Actions are tool names or "*" for all. Example: { "self": ["API_KEY_CREATE"] }. Replaces existing permissions.'),metadata:z.record(z.string(),z.unknown()).optional().describe("New metadata. Replaces existing metadata.")}),K$6=z.object({item:X$6.describe("The updated API key (without key value)")}),H$6=z.object({keyId:z.string().describe("ID of the API key to delete")}),F$6=z.object({success:z.boolean().describe("Whether the deletion was successful"),keyId:z.string().describe("ID of the deleted API key")})});var DQ0;var V$6=l(()=>{z4();VD();DQ0=W6({name:"API_KEY_CREATE",description:"Create a new API key with specified permissions. The key value is only returned once - store it securely!",inputSchema:Q$6,outputSchema:J$6,handler:async(Y,X)=>{z6(X),await X.access.check();let Q=await X.boundAuth.apiKey.create({name:Y.name,permissions:Y.permissions,expiresIn:Y.expiresIn,metadata:{...Y.metadata,organization:X.organization}}),J=Q.expiresAt?Q.expiresAt instanceof Date?Q.expiresAt.toISOString():Q.expiresAt:null,G=Q.createdAt instanceof Date?Q.createdAt.toISOString():Q.createdAt;return{id:Q.id,name:Q.name??Y.name,key:Q.key,permissions:Q.permissions??{},expiresAt:J,createdAt:G}}})});var OQ0;var $$6=l(()=>{z4();VD();OQ0=W6({name:"API_KEY_DELETE",description:"Delete an API key. This instantly revokes the key - it can no longer be used for authentication.",inputSchema:H$6,outputSchema:F$6,handler:async(Y,X)=>{if(z6(X),await X.access.check(),!n8(X))throw Error("User ID required to delete API key");let G=(await X.boundAuth.apiKey.list())?.find((H)=>H.id===Y.keyId);if(!G)throw Error("API key not found");let W=G.metadata?.organization?.id,Z=X.organization?.id;if(W!==Z)throw Error("Cannot delete API key from another organization");return await X.boundAuth.apiKey.delete(Y.keyId),{success:!0,keyId:Y.keyId}}})});var NQ0;var q$6=l(()=>{z4();VD();NQ0=W6({name:"API_KEY_LIST",description:"List all API keys for the current user in the current organization. Returns metadata only - key values are never shown after creation.",inputSchema:G$6,outputSchema:W$6,handler:async(Y,X)=>{z6(X),await X.access.check();let Q=await X.boundAuth.apiKey.list(),J=X.organization?.id;return{items:(Q??[]).filter((K)=>{return K.metadata?.organization?.id===J}).map((K)=>({id:K.id,name:K.name??"Unnamed Key",userId:K.userId,permissions:K.permissions??{},expiresAt:K.expiresAt?K.expiresAt instanceof Date?K.expiresAt.toISOString():K.expiresAt:null,createdAt:K.createdAt instanceof Date?K.createdAt.toISOString():K.createdAt}))}}})});var LQ0;var z$6=l(()=>{z4();VD();LQ0=W6({name:"API_KEY_UPDATE",description:"Update an existing API key's name, permissions, or metadata. Note: Key value cannot be changed or retrieved.",inputSchema:Z$6,outputSchema:K$6,handler:async(Y,X)=>{if(z6(X),await X.access.check(),!n8(X))throw Error("User ID required to update API key");let G=(await X.boundAuth.apiKey.list())?.find((F)=>F.id===Y.keyId);if(!G)throw Error(`API key not found: ${Y.keyId}`);let W=G.metadata?.organization?.id,Z=X.organization?.id;if(W!==Z)throw Error("Cannot update API key from another organization");let H=await X.boundAuth.apiKey.update({keyId:Y.keyId,name:Y.name,permissions:Y.permissions,metadata:{...Y.metadata,organization:X.organization}});if(!H)throw Error(`Failed to update API key: ${Y.keyId}`);return{item:{id:H.id,name:H.name??Y.name??"Unnamed Key",userId:H.userId,permissions:H.permissions??{},expiresAt:H.expiresAt?H.expiresAt instanceof Date?H.expiresAt.toISOString():H.expiresAt:null,createdAt:H.createdAt instanceof Date?H.createdAt.toISOString():H.createdAt}}}})});var B$6=l(()=>{V$6();$$6();q$6();z$6();VD()});var U$6,D$6,O$6,N$6,L$6,w$6;var HP=l(()=>{i0();U$6=z.object({query:z.string().describe("Natural language search query (e.g., 'send email', 'create order')"),limit:z.number().default(10).describe("Maximum results to return (default: 10)")}),D$6=z.object({query:z.string(),results:z.array(z.object({name:z.string(),description:z.string().optional(),connection:z.string()})),totalAvailable:z.number()}),O$6=z.object({tools:z.array(z.string()).min(1).describe("Array of tool names to get detailed schemas for")}),N$6=z.object({tools:z.array(z.object({name:z.string(),description:z.string().optional(),connection:z.string(),inputSchema:z.unknown(),outputSchema:z.unknown().optional()})),notFound:z.array(z.string())}),L$6=z.object({code:z.string().min(1).describe("JavaScript code to execute. It runs as an async function body; you can use top-level `return` and `await`."),timeoutMs:z.number().default(3000).describe("Max execution time in milliseconds (default: 3000).")}),w$6=z.object({returnValue:z.unknown().optional(),error:z.string().optional(),consoleLogs:z.array(z.object({type:z.enum(["log","warn","error"]),content:z.string()}))})});function M$6(Y){let X=[],Q=[],J=(H)=>{let F=Y.newFunction(H,(...V)=>{try{let $=V.map((q)=>Y.dump(q));X.push({type:H??"log",content:$.map(String).join(" ")})}finally{V.forEach(($)=>$.dispose())}return Y.undefined});return Q.push(F),F},G=Y.newObject();Q.push(G);let K=J("log"),W=J("warn"),Z=J("error");return Y.setProp(G,"log",K),Y.setProp(G,"warn",W),Y.setProp(G,"error",Z),Y.setProp(Y.global,"console",G),{logs:X,[Symbol.dispose](){Q.forEach((H)=>H.dispose())}}}var q$,wQ0,yb,z$,FP;var fb=l(()=>{q$={JS_EVAL_TYPE_GLOBAL:0,JS_EVAL_TYPE_MODULE:1,JS_EVAL_TYPE_DIRECT:2,JS_EVAL_TYPE_INDIRECT:3,JS_EVAL_TYPE_MASK:3,JS_EVAL_FLAG_STRICT:8,JS_EVAL_FLAG_STRIP:16,JS_EVAL_FLAG_COMPILE_ONLY:32,JS_EVAL_FLAG_BACKTRACE_BARRIER:64},wQ0={BaseObjects:1,Date:2,Eval:4,StringNormalize:8,RegExp:16,RegExpCompiler:32,JSON:64,Proxy:128,MapSet:256,TypedArrays:512,Promise:1024,BigInt:2048,BigFloat:4096,BigDecimal:8192,OperatorOverloading:16384,BignumExt:32768},yb={Pending:0,Fulfilled:1,Rejected:2},z$={JS_GPN_STRING_MASK:1,JS_GPN_SYMBOL_MASK:2,JS_GPN_PRIVATE_MASK:4,JS_GPN_ENUM_ONLY:16,JS_GPN_SET_ENUM:32,QTS_GPN_NUMBER_MASK:64,QTS_STANDARD_COMPLIANT_NUMBER:128},FP={IsStrictlyEqual:0,IsSameValue:1,IsSameValueZero:2}});function $D(...Y){CQ0&&console.log("quickjs-emscripten:",...Y)}function*y$6(Y){return yield Y}function Ut4(Y){return y$6(RQ0(Y))}function A$6(Y,X){return(...Q)=>{let J=X.call(Y,IQ0,...Q);return RQ0(J)}}function Dt4(Y,X){let Q=X.call(Y,IQ0);return RQ0(Q)}function RQ0(Y){function X(Q){return Q.done?Q.value:Q.value instanceof Promise?Q.value.then((J)=>X(Y.next(J)),(J)=>X(Y.throw(J))):X(Y.next(Q.value))}return X(Y.next())}function MQ0(Y,X){let Q;try{Y.dispose()}catch(J){Q=J}if(X&&Q)throw Object.assign(X,{message:`${X.message}
260
+ `,Y.enqueue(X.encode(G)),!0}catch{return!1}}handleUnsupportedRequest(){return new Response(JSON.stringify({jsonrpc:"2.0",error:{code:-32000,message:"Method not allowed."},id:null}),{status:405,headers:{Allow:"GET, POST, DELETE","Content-Type":"application/json"}})}async handlePostRequest(Y,X){try{let Q=Y.headers.get("accept");if(!Q?.includes("application/json")||!Q.includes("text/event-stream"))return this.createJsonErrorResponse(406,-32000,"Not Acceptable: Client must accept both application/json and text/event-stream");let J=Y.headers.get("content-type");if(!J||!J.includes("application/json"))return this.createJsonErrorResponse(415,-32000,"Unsupported Media Type: Content-Type must be application/json");let G={headers:Object.fromEntries(Y.headers.entries())},K;if(X?.parsedBody!==void 0)K=X.parsedBody;else try{K=await Y.json()}catch{return this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON")}let W;try{if(Array.isArray(K))W=K.map((L)=>fQ.parse(L));else W=[fQ.parse(K)]}catch{return this.createJsonErrorResponse(400,-32700,"Parse error: Invalid JSON-RPC message")}let Z=W.some(ps);if(Z){if(this._initialized&&this.sessionId!==void 0)return this.createJsonErrorResponse(400,-32600,"Invalid Request: Server already initialized");if(W.length>1)return this.createJsonErrorResponse(400,-32600,"Invalid Request: Only one initialization request is allowed");if(this.sessionId=this.sessionIdGenerator?.(),this._initialized=!0,this.sessionId&&this._onsessioninitialized)await Promise.resolve(this._onsessioninitialized(this.sessionId))}if(!Z){let L=this.validateSession(Y);if(L)return L;let w=this.validateProtocolVersion(Y);if(w)return w}if(!W.some(tG)){for(let L of W)this.onmessage?.(L,{authInfo:X?.authInfo,requestInfo:G});return new Response(null,{status:202})}let F=crypto.randomUUID(),V=W.find((L)=>ps(L)),$=V?V.params.protocolVersion:Y.headers.get("mcp-protocol-version")??bi0;if(this._enableJsonResponse)return new Promise((L)=>{this._streamMapping.set(F,{resolveJson:L,cleanup:()=>{this._streamMapping.delete(F)}});for(let w of W)if(tG(w))this._requestToStreamMapping.set(w.id,F);for(let w of W)this.onmessage?.(w,{authInfo:X?.authInfo,requestInfo:G})});let q=new TextEncoder,B,D=new ReadableStream({start:(L)=>{B=L},cancel:()=>{this._streamMapping.delete(F)}}),O={"Content-Type":"text/event-stream","Cache-Control":"no-cache",Connection:"keep-alive"};if(this.sessionId!==void 0)O["mcp-session-id"]=this.sessionId;for(let L of W)if(tG(L))this._streamMapping.set(F,{controller:B,encoder:q,cleanup:()=>{this._streamMapping.delete(F);try{B.close()}catch{}}}),this._requestToStreamMapping.set(L.id,F);await this.writePrimingEvent(B,q,F,$);for(let L of W){let w,R;if(tG(L)&&this._eventStore&&$>="2025-11-25")w=()=>{this.closeSSEStream(L.id)},R=()=>{this.closeStandaloneSSEStream()};this.onmessage?.(L,{authInfo:X?.authInfo,requestInfo:G,closeSSEStream:w,closeStandaloneSSEStream:R})}return new Response(D,{status:200,headers:O})}catch(Q){return this.onerror?.(Q),this.createJsonErrorResponse(400,-32700,"Parse error",{data:String(Q)})}}async handleDeleteRequest(Y){let X=this.validateSession(Y);if(X)return X;let Q=this.validateProtocolVersion(Y);if(Q)return Q;return await Promise.resolve(this._onsessionclosed?.(this.sessionId)),await this.close(),new Response(null,{status:200})}validateSession(Y){if(this.sessionIdGenerator===void 0)return;if(!this._initialized)return this.createJsonErrorResponse(400,-32000,"Bad Request: Server not initialized");let X=Y.headers.get("mcp-session-id");if(!X)return this.createJsonErrorResponse(400,-32000,"Bad Request: Mcp-Session-Id header is required");if(X!==this.sessionId)return this.createJsonErrorResponse(404,-32001,"Session not found");return}validateProtocolVersion(Y){let X=Y.headers.get("mcp-protocol-version");if(X!==null&&!lF.includes(X))return this.createJsonErrorResponse(400,-32000,`Bad Request: Unsupported protocol version: ${X} (supported versions: ${lF.join(", ")})`);return}async close(){this._streamMapping.forEach(({cleanup:Y})=>{Y()}),this._streamMapping.clear(),this._requestResponseMap.clear(),this.onclose?.()}closeSSEStream(Y){let X=this._requestToStreamMapping.get(Y);if(!X)return;let Q=this._streamMapping.get(X);if(Q)Q.cleanup()}closeStandaloneSSEStream(){let Y=this._streamMapping.get(this._standaloneSseStreamId);if(Y)Y.cleanup()}async send(Y,X){let Q=X?.relatedRequestId;if(b5(Y)||xz(Y))Q=Y.id;if(Q===void 0){if(b5(Y)||xz(Y))throw Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");let K;if(this._eventStore)K=await this._eventStore.storeEvent(this._standaloneSseStreamId,Y);let W=this._streamMapping.get(this._standaloneSseStreamId);if(W===void 0)return;if(W.controller&&W.encoder)this.writeSSEEvent(W.controller,W.encoder,Y,K);return}let J=this._requestToStreamMapping.get(Q);if(!J)throw Error(`No connection established for request ID: ${String(Q)}`);let G=this._streamMapping.get(J);if(!this._enableJsonResponse&&G?.controller&&G?.encoder){let K;if(this._eventStore)K=await this._eventStore.storeEvent(J,Y);this.writeSSEEvent(G.controller,G.encoder,Y,K)}if(b5(Y)||xz(Y)){this._requestResponseMap.set(Q,Y);let K=Array.from(this._requestToStreamMapping.entries()).filter(([Z,H])=>H===J).map(([Z])=>Z);if(K.every((Z)=>this._requestResponseMap.has(Z))){if(!G)throw Error(`No connection established for request ID: ${String(Q)}`);if(this._enableJsonResponse&&G.resolveJson){let Z={"Content-Type":"application/json"};if(this.sessionId!==void 0)Z["mcp-session-id"]=this.sessionId;let H=K.map((F)=>this._requestResponseMap.get(F));if(H.length===1)G.resolveJson(new Response(JSON.stringify(H[0]),{status:200,headers:Z}));else G.resolveJson(new Response(JSON.stringify(H),{status:200,headers:Z}))}else G.cleanup();for(let Z of K)this._requestResponseMap.delete(Z),this._requestToStreamMapping.delete(Z)}}}}var Rb=l(()=>{gY()});var QP=(...Y)=>{return function(Q,J){let G=(K)=>{let W=Y[K];if(!W)return J();return W(Q,()=>G(K+1))};return G(0)}};class tF6{config;tools=[];callToolMiddlewares=[];jsonSchemaCache=new Map;constructor(Y){this.config={...Y,capabilities:Y.capabilities??{tools:{}}}}getCachedJsonSchema(Y){let X=this.jsonSchemaCache.get(Y);if(!X)X=z.toJSONSchema(Y),this.jsonSchemaCache.set(Y,X);return X}withTool(Y){return this.tools.push(Y),this}withTools(Y){return this.tools.push(...Y),this}callToolMiddleware(...Y){return this.callToolMiddlewares.push(...Y),this}build(){let Y=this.callToolMiddlewares.length>0?QP(...this.callToolMiddlewares):null,X=()=>{let Q=new wM({name:this.config.name,version:this.config.version},{capabilities:this.config.capabilities});for(let J of this.tools){let G=async(H)=>{try{let F=await J.handler(H);return{content:[{type:"text",text:JSON.stringify(F)}],structuredContent:F}}catch(F){return{content:[{type:"text",text:`Error: ${F.message}`}],isError:!0}}},K=Y?async(H)=>{let F={method:"tools/call",params:{name:J.name,arguments:H}};return await Y(F,()=>G(H))}:G,W="shape"in J.inputSchema?J.inputSchema.shape:z.object({}).shape,Z=J.outputSchema&&"shape"in J.outputSchema?J.outputSchema.shape:z.object({}).shape;Q.registerTool(J.name,{annotations:J.annotations,description:J.description??"",inputSchema:W,outputSchema:Z},K)}return Q};return{callStreamableTool:async(Q,J)=>{let G=this.tools.find((W)=>W.name===Q);if(!G)throw Error(`Tool ${Q} not found`);let K=await G.handler(J);if(!(K instanceof Response))throw Error(`Tool ${Q} returned a non-response`);return K},client:{listTools:async()=>{return{tools:this.tools.map((Q)=>({name:Q.name,description:Q.description??"",inputSchema:this.getCachedJsonSchema(Q.inputSchema),outputSchema:Q.outputSchema?this.getCachedJsonSchema(Q.outputSchema):void 0}))}},callTool:async(Q)=>{let J=this.tools.find((G)=>G.name===Q.name);if(!J)return{content:[{type:"text",text:"Tool not found"}]};try{let G=await J?.handler(Q.arguments??{});return{content:[{type:"text",text:JSON.stringify(G)}],structuredContent:G}}catch(G){return{content:[{type:"text",text:`Error: ${G.message}`}]}}}},fetch:async(Q)=>{let J=new V$({enableJsonResponse:Q.headers.get("Accept")?.includes("application/json")??!1});return await X().connect(J),await J.handleRequest(Q)}}}}function eF6(Y){return new tF6(Y)}var YV6=l(()=>{E00();Rb();i0()});var jb="user-sandbox",XV6="Create embeddable integration flows for platform end-users";import{sql as JP}from"kysely";var QV6;var JV6=l(()=>{QV6={name:"001-user-sandbox",async up(Y){await Y.schema.createTable("user_sandbox").addColumn("id","text",(X)=>X.primaryKey()).addColumn("organization_id","text",(X)=>X.notNull().references("organization.id").onDelete("cascade")).addColumn("title","text",(X)=>X.notNull()).addColumn("description","text").addColumn("icon","text").addColumn("required_apps","text",(X)=>X.notNull()).addColumn("redirect_url","text").addColumn("webhook_url","text").addColumn("event_type","text",(X)=>X.notNull().defaultTo("integration.completed")).addColumn("agent_title_template","text",(X)=>X.notNull().defaultTo("Agent for {{externalUserId}}")).addColumn("agent_instructions","text").addColumn("tool_selection_mode","text",(X)=>X.notNull().defaultTo("inclusion")).addColumn("status","text",(X)=>X.notNull().defaultTo("active")).addColumn("created_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).addColumn("updated_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).addColumn("created_by","text",(X)=>X.references("user.id").onDelete("set null")).execute(),await Y.schema.createIndex("idx_user_sandbox_org").on("user_sandbox").column("organization_id").execute(),await Y.schema.createTable("user_sandbox_sessions").addColumn("id","text",(X)=>X.primaryKey()).addColumn("template_id","text",(X)=>X.notNull().references("user_sandbox.id").onDelete("cascade")).addColumn("organization_id","text",(X)=>X.notNull().references("organization.id").onDelete("cascade")).addColumn("external_user_id","text",(X)=>X.notNull()).addColumn("status","text",(X)=>X.notNull().defaultTo("pending")).addColumn("app_statuses","text",(X)=>X.notNull().defaultTo("{}")).addColumn("created_agent_id","text",(X)=>X.references("connections.id").onDelete("set null")).addColumn("redirect_url","text").addColumn("created_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).addColumn("updated_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).addColumn("expires_at","text",(X)=>X.notNull()).execute(),await Y.schema.createIndex("idx_user_sandbox_sessions_template").on("user_sandbox_sessions").column("template_id").execute(),await Y.schema.createIndex("idx_user_sandbox_sessions_external_user").on("user_sandbox_sessions").columns(["template_id","external_user_id"]).execute(),await Y.schema.createIndex("idx_user_sandbox_sessions_org").on("user_sandbox_sessions").column("organization_id").execute(),await Y.schema.createTable("user_sandbox_agents").addColumn("id","text",(X)=>X.primaryKey()).addColumn("user_sandbox_id","text",(X)=>X.notNull().references("user_sandbox.id").onDelete("cascade")).addColumn("external_user_id","text",(X)=>X.notNull()).addColumn("connection_id","text",(X)=>X.notNull().references("connections.id").onDelete("cascade")).addColumn("created_at","text",(X)=>X.notNull().defaultTo(JP`CURRENT_TIMESTAMP`)).execute(),await Y.schema.createIndex("idx_user_sandbox_agents_unique").on("user_sandbox_agents").columns(["user_sandbox_id","external_user_id"]).unique().execute(),await Y.schema.createIndex("idx_user_sandbox_agents_connection").on("user_sandbox_agents").column("connection_id").execute()},async down(Y){await Y.schema.dropIndex("idx_user_sandbox_agents_connection").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_agents_unique").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_sessions_org").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_sessions_external_user").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_sessions_template").ifExists().execute(),await Y.schema.dropIndex("idx_user_sandbox_org").ifExists().execute(),await Y.schema.dropTable("user_sandbox_agents").ifExists().execute(),await Y.schema.dropTable("user_sandbox_sessions").ifExists().execute(),await Y.schema.dropTable("user_sandbox").ifExists().execute()}}});var GV6;var WV6=l(()=>{JV6();GV6=[QV6]});function Sb(Y){let X=Date.now().toString(36),Q=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`${Y}_${X}${Q}`}class GP{db;constructor(Y){this.db=Y}async create(Y){let X=Sb("usb"),Q=new Date().toISOString(),J={id:X,organization_id:Y.organization_id,title:Y.title,description:Y.description??null,icon:Y.icon??null,required_apps:JSON.stringify(Y.required_apps),redirect_url:Y.redirect_url??null,webhook_url:Y.webhook_url??null,event_type:Y.event_type??"integration.completed",agent_title_template:Y.agent_title_template??"{{externalUserId}}'s Agent",agent_instructions:Y.agent_instructions??null,tool_selection_mode:Y.tool_selection_mode??"inclusion",status:"active",created_at:Q,updated_at:Q,created_by:Y.created_by??null};await this.db.insertInto("user_sandbox").values(J).execute();let G=await this.findById(X);if(!G)throw Error(`Failed to create user sandbox with id: ${X}`);return G}async findById(Y){let X=await this.db.selectFrom("user_sandbox").selectAll().where("id","=",Y).executeTakeFirst();if(!X)return null;return this.deserialize(X)}async list(Y){return(await this.db.selectFrom("user_sandbox").selectAll().where("organization_id","=",Y).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async update(Y,X){let J={updated_at:new Date().toISOString()};if(X.title!==void 0)J.title=X.title;if(X.description!==void 0)J.description=X.description;if(X.icon!==void 0)J.icon=X.icon;if(X.required_apps!==void 0)J.required_apps=JSON.stringify(X.required_apps);if(X.redirect_url!==void 0)J.redirect_url=X.redirect_url;if(X.webhook_url!==void 0)J.webhook_url=X.webhook_url;if(X.event_type!==void 0)J.event_type=X.event_type;if(X.agent_title_template!==void 0)J.agent_title_template=X.agent_title_template;if(X.agent_instructions!==void 0)J.agent_instructions=X.agent_instructions;if(X.tool_selection_mode!==void 0)J.tool_selection_mode=X.tool_selection_mode;if(X.status!==void 0)J.status=X.status;await this.db.updateTable("user_sandbox").set(J).where("id","=",Y).execute();let G=await this.findById(Y);if(!G)throw Error(`Template not found after update: ${Y}`);return G}async delete(Y){await this.db.deleteFrom("user_sandbox").where("id","=",Y).execute()}deserialize(Y){let X=[];try{X=JSON.parse(Y.required_apps)}catch{X=[]}return{id:Y.id,organization_id:Y.organization_id,title:Y.title,description:Y.description,icon:Y.icon,required_apps:X,redirect_url:Y.redirect_url,webhook_url:Y.webhook_url,event_type:Y.event_type,agent_title_template:Y.agent_title_template,agent_instructions:Y.agent_instructions,tool_selection_mode:Y.tool_selection_mode,status:Y.status,created_at:Y.created_at,updated_at:Y.updated_at,created_by:Y.created_by}}}var GQ0=()=>{};class WP{db;constructor(Y){this.db=Y}async create(Y){let X=Sb("sandbox_session"),Q=new Date().toISOString(),J={id:X,template_id:Y.template_id,organization_id:Y.organization_id,external_user_id:Y.external_user_id,status:"pending",app_statuses:"{}",created_agent_id:Y.created_agent_id??null,redirect_url:Y.redirect_url??null,created_at:Q,updated_at:Q,expires_at:Y.expires_at};await this.db.insertInto("user_sandbox_sessions").values(J).execute();let G=await this.findById(X);if(!G)throw Error(`Failed to create session with id: ${X}`);return G}async findById(Y){let X=await this.db.selectFrom("user_sandbox_sessions").selectAll().where("id","=",Y).executeTakeFirst();if(!X)return null;return this.deserialize(X)}async findExisting(Y,X){let Q=new Date().toISOString(),J=await this.db.selectFrom("user_sandbox_sessions").selectAll().where("template_id","=",Y).where("external_user_id","=",X).where("expires_at",">",Q).where("status","!=","completed").orderBy("created_at","desc").executeTakeFirst();if(!J)return null;return this.deserialize(J)}async listByTemplate(Y){return(await this.db.selectFrom("user_sandbox_sessions").selectAll().where("template_id","=",Y).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async listByOrganization(Y){return(await this.db.selectFrom("user_sandbox_sessions").selectAll().where("organization_id","=",Y).orderBy("created_at","desc").execute()).map((Q)=>this.deserialize(Q))}async update(Y,X){let J={updated_at:new Date().toISOString()};if(X.status!==void 0)J.status=X.status;if(X.app_statuses!==void 0)J.app_statuses=JSON.stringify(X.app_statuses);if(X.created_agent_id!==void 0)J.created_agent_id=X.created_agent_id;await this.db.updateTable("user_sandbox_sessions").set(J).where("id","=",Y).execute();let G=await this.findById(Y);if(!G)throw Error(`Session not found after update: ${Y}`);return G}async delete(Y){await this.db.deleteFrom("user_sandbox_sessions").where("id","=",Y).execute()}async deleteExpired(){let Y=new Date().toISOString(),X=await this.db.deleteFrom("user_sandbox_sessions").where("expires_at","<",Y).where("status","!=","completed").executeTakeFirst();return Number(X.numDeletedRows??0)}async deleteByExternalUserId(Y,X){let Q=await this.db.deleteFrom("user_sandbox_sessions").where("organization_id","=",Y).where("external_user_id","=",X).executeTakeFirst();return Number(Q.numDeletedRows??0)}deserialize(Y){let X={};try{X=JSON.parse(Y.app_statuses)}catch{X={}}return{id:Y.id,template_id:Y.template_id,organization_id:Y.organization_id,external_user_id:Y.external_user_id,status:Y.status,app_statuses:X,created_agent_id:Y.created_agent_id,redirect_url:Y.redirect_url,created_at:Y.created_at,updated_at:Y.updated_at,expires_at:Y.expires_at}}}var WQ0=()=>{};function ZP(Y){ZQ0=Y}function eY(){if(!ZQ0)throw Error(`Plugin storage not initialized. Make sure the "${jb}" plugin is enabled.`);return ZQ0}function KQ0(){return process.env.BASE_URL||"http://localhost:3000"}var ZQ0=null;var FG=()=>{};function ZV6(Y){let X=Y.db,Q={templates:new GP(X),sessions:new WP(X)};return ZP(Q),Q}var KV6=l(()=>{GQ0();WQ0();FG()});var gs4,ms4,ls4,ds4,ps4,oH,cs4,HV6,FV6,VV6,$V6,qV6,zV6,BV6,UV6,DV6,OV6,NV6,ns4,LV6,wV6,MV6;var l7=l(()=>{i0();gs4=z.object({authorizationEndpoint:z.string().describe("OAuth authorization endpoint URL"),tokenEndpoint:z.string().describe("OAuth token endpoint URL"),clientId:z.string().describe("OAuth client ID"),scopes:z.array(z.string()).describe("OAuth scopes to request"),grantType:z.enum(["authorization_code","client_credentials"]).describe("OAuth grant type")}),ms4=z.object({headers:z.record(z.string(),z.string()).optional().describe("HTTP headers")}),ls4=z.object({command:z.string().describe("Command to run"),args:z.array(z.string()).optional().describe("Command arguments"),cwd:z.string().optional().describe("Working directory"),envVars:z.record(z.string(),z.string()).optional().describe("Environment variables")}),ds4=z.object({app_name:z.string().describe("App name from registry (e.g., '@deco/gmail')"),title:z.string().describe("Display title for the app"),description:z.string().nullable().optional().describe("App description"),icon:z.string().nullable().optional().describe("Icon URL"),connection_type:z.enum(["HTTP","SSE","Websocket","STDIO"]).describe("Connection type"),connection_url:z.string().nullable().optional().describe("MCP server URL"),connection_headers:z.union([ms4,ls4]).nullable().optional().describe("Connection parameters"),oauth_config:gs4.nullable().optional().describe("OAuth configuration if required"),selected_tools:z.array(z.string()).nullable().optional().describe("Selected tools to expose (null = all)"),selected_resources:z.array(z.string()).nullable().optional().describe("Selected resources to expose (null = all)"),selected_prompts:z.array(z.string()).nullable().optional().describe("Selected prompts to expose (null = all)")}),ps4=z.object({configured:z.boolean().describe("Whether the app has been configured"),connection_id:z.string().nullable().describe("Connection ID if created"),error:z.string().nullable().describe("Error message if configuration failed")}),oH=z.object({id:z.string(),organization_id:z.string(),title:z.string(),description:z.string().nullable(),icon:z.string().nullable(),required_apps:z.array(ds4),redirect_url:z.string().nullable(),webhook_url:z.string().nullable(),event_type:z.string(),agent_title_template:z.string(),agent_instructions:z.string().nullable(),tool_selection_mode:z.enum(["inclusion","exclusion"]),status:z.enum(["active","inactive"]),created_at:z.string(),updated_at:z.string(),created_by:z.string().nullable()}),cs4=z.object({id:z.string(),template_id:z.string(),organization_id:z.string(),external_user_id:z.string(),status:z.enum(["pending","in_progress","completed"]),app_statuses:z.record(z.string(),ps4),created_agent_id:z.string().nullable(),redirect_url:z.string().nullable(),created_at:z.string(),updated_at:z.string(),expires_at:z.string()}),HV6=z.object({app_name:z.string().describe("App name from registry (e.g., '@deco/openrouter')"),selected_tools:z.array(z.string()).nullable().optional().describe("Selected tools to expose (null = all)"),selected_resources:z.array(z.string()).nullable().optional().describe("Selected resources to expose (null = all)"),selected_prompts:z.array(z.string()).nullable().optional().describe("Selected prompts to expose (null = all)")}),FV6=z.object({title:z.string().describe("Title for the template"),description:z.string().optional().describe("Optional description"),icon:z.string().optional().describe("Optional icon URL"),registry_id:z.string().describe("Connection ID of the registry to look up apps from"),required_apps:z.array(HV6).describe("Apps to include - only app_name required, details fetched from registry"),redirect_url:z.string().optional().describe("URL to redirect to after completion"),webhook_url:z.string().optional().describe("Webhook URL to call on completion"),event_type:z.string().optional().describe("Event type to emit (default: integration.completed)"),agent_title_template:z.string().optional().describe("Template for agent title (supports {{externalUserId}})"),agent_instructions:z.string().optional().describe("Instructions for the created agent"),tool_selection_mode:z.enum(["inclusion","exclusion"]).optional().describe("Tool selection mode for the agent")}),VV6=z.object({id:z.string().describe("Template ID to update"),title:z.string().optional(),description:z.string().nullable().optional(),icon:z.string().nullable().optional(),registry_id:z.string().optional().describe("Connection ID of the registry (required if updating required_apps)"),required_apps:z.array(HV6).optional().describe("Updated apps (details will be fetched from registry)"),redirect_url:z.string().nullable().optional(),webhook_url:z.string().nullable().optional(),event_type:z.string().optional(),agent_title_template:z.string().optional(),agent_instructions:z.string().nullable().optional(),tool_selection_mode:z.enum(["inclusion","exclusion"]).optional(),status:z.enum(["active","inactive"]).optional()}),$V6=z.object({id:z.string().describe("Template ID")}),qV6=z.object({}),zV6=z.object({id:z.string().describe("Template ID to delete")}),BV6=z.object({templateId:z.string().describe("Template ID"),externalUserId:z.string().describe("External user ID from your platform"),expiresInSeconds:z.number().optional().describe("Session expiration in seconds (default: 7 days)")}),UV6=z.object({sessionId:z.string().describe("Session ID"),url:z.string().describe("URL for the connect flow"),expiresAt:z.string().describe("Session expiration time"),agentId:z.string().nullable().optional().describe("Virtual MCP ID for this user (unique per template + user)"),created:z.boolean().describe("Whether the agent was newly created (true) or already existed (false)")}),DV6=z.object({templateId:z.string().optional().describe("Filter by template ID")}),OV6=z.object({sessions:z.array(cs4)}),NV6=z.object({externalUserId:z.string().describe("External user ID to find agents for")}),ns4=z.object({id:z.string().describe("Agent (Virtual MCP) ID"),title:z.string(),external_user_id:z.string(),template_id:z.string().nullable(),created_at:z.string()}),LV6=z.object({agents:z.array(ns4)}),wV6=z.object({externalUserId:z.string().describe("External user ID whose session data should be cleared")}),MV6=z.object({success:z.boolean(),deletedAgents:z.number().describe("Number of agents (Virtual MCPs) deleted"),deletedConnections:z.number().describe("Number of child connections deleted"),deletedSessions:z.number().describe("Number of sessions deleted")})});function as4(Y){if(!Y?.url)return null;try{let X=new URL(Y.url);if(X.hostname==="github.com"){let Q=X.pathname.split("/").filter(Boolean);if(Q.length>=1)return`https://github.com/${Q[0]}.png`}}catch{}return null}function rs4(Y){return Y.find((Q)=>Q.name.endsWith("_LIST"))?.name??null}function os4(Y){if(!Y)return[];if(Array.isArray(Y))return Y;if(typeof Y==="object"&&Y!==null){let X=Object.keys(Y).find((Q)=>Array.isArray(Y[Q]));if(X)return Y[X]}return[]}function ss4(Y,X,Q,J){let G=Y.server,K=Y._meta?.["mcp.mesh"],W=K?.friendlyName||K?.friendly_name||Y.title||G?.title||G?.name||"Unnamed MCP Server",Z=G?.description||null,H=G?.icons?.[0]?.src||as4(G?.repository)||null,F=K?.oauth_config,V=F&&typeof F.authorizationEndpoint==="string"&&typeof F.tokenEndpoint==="string"&&typeof F.clientId==="string"&&Array.isArray(F.scopes)&&(F.grantType==="authorization_code"||F.grantType==="client_credentials")?{authorizationEndpoint:F.authorizationEndpoint,tokenEndpoint:F.tokenEndpoint,clientId:F.clientId,scopes:F.scopes,grantType:F.grantType}:null,$=G?.packages??[],q=G?.remotes??[],B,D,O=null,L=q[0],w=$[0];if(L){if(B=is4[L.type??""]??L.type?.toUpperCase()??"HTTP",D=L.url??null,L.headers&&L.headers.length>0){let R={};for(let P of L.headers)if(P.name&&P.value)R[P.name]=P.value;if(Object.keys(R).length>0)O={headers:R}}}else if(w){B="STDIO",D=null;let R=w.identifier||w.name,P={};if(w.environmentVariables){for(let T of w.environmentVariables)if(T.name)P[T.name]=""}O={command:"npx",args:R?["-y",R]:[],...Object.keys(P).length>0&&{envVars:P}}}else B="HTTP",D=null;return{title:W,description:Z,icon:H,connection_type:B,connection_url:D,connection_headers:O,oauth_config:V,selected_tools:X,selected_resources:Q,selected_prompts:J}}async function ts4(Y,X,Q,J=null,G=null,K=null){let W=await Y.createMCPProxy(X);try{let Z=await W.listTools(),H=rs4(Z.tools);if(!H)throw Error(`Registry "${X}" does not have a LIST tool`);let F=await W.callTool({name:H,arguments:{where:{appName:Q}}}),V=F.structuredContent??F,q=os4(V)[0];if(!q)throw Error(`App "${Q}" not found in registry "${X}"`);let B=ss4(q,J,G,K);return{app_name:Q,...B}}finally{await W.close().catch(console.error)}}async function kb(Y,X,Q){let J=[];for(let G of Q){let K=await ts4(Y,X,G.app_name,G.selected_tools??null,G.selected_resources??null,G.selected_prompts??null);J.push(K)}return J}var is4;var HQ0=l(()=>{is4={"streamable-http":"HTTP",http:"HTTP",sse:"SSE",stdio:"STDIO",websocket:"Websocket"}});var AV6;var TV6=l(()=>{l7();FG();HQ0();AV6={name:"USER_SANDBOX_CREATE",description:"Create a new user sandbox for platform integration flows. Specify apps by name and the system will automatically fetch connection details from the registry.",inputSchema:FV6,outputSchema:oH,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=await kb(J,Q.registry_id,Q.required_apps.map((Z)=>({app_name:Z.app_name,selected_tools:Z.selected_tools??null,selected_resources:Z.selected_resources??null,selected_prompts:Z.selected_prompts??null})));return await eY().templates.create({organization_id:J.organization.id,title:Q.title,description:Q.description??null,icon:Q.icon??null,required_apps:G,redirect_url:Q.redirect_url??null,webhook_url:Q.webhook_url??null,event_type:Q.event_type,agent_title_template:Q.agent_title_template,agent_instructions:Q.agent_instructions??null,tool_selection_mode:Q.tool_selection_mode,created_by:J.auth.user?.id??null})}}});var PV6;var EV6=l(()=>{l7();FG();HQ0();PV6={name:"USER_SANDBOX_UPDATE",description:"Update an existing user sandbox. If updating required_apps, provide registry_id to auto-fetch details.",inputSchema:VV6,outputSchema:oH,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=eY(),K=await G.templates.findById(Q.id);if(!K)throw Error(`Template not found: ${Q.id}`);if(K.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");let W=void 0;if(Q.required_apps&&Q.required_apps.length>0){if(!Q.registry_id)throw Error("registry_id is required when updating required_apps");W=await kb(J,Q.registry_id,Q.required_apps.map((H)=>({app_name:H.app_name,selected_tools:H.selected_tools??null,selected_resources:H.selected_resources??null,selected_prompts:H.selected_prompts??null})))}return await G.templates.update(Q.id,{title:Q.title,description:Q.description,icon:Q.icon,required_apps:W,redirect_url:Q.redirect_url,webhook_url:Q.webhook_url,event_type:Q.event_type,agent_title_template:Q.agent_title_template,agent_instructions:Q.agent_instructions,tool_selection_mode:Q.tool_selection_mode,status:Q.status})}}});var CV6;var IV6=l(()=>{i0();l7();FG();CV6={name:"USER_SANDBOX_DELETE",description:"Delete a user sandbox",inputSchema:zV6,outputSchema:z.object({success:z.boolean(),id:z.string()}),handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=eY(),K=await G.templates.findById(Q.id);if(!K)throw Error(`Template not found: ${Q.id}`);if(K.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");return await G.templates.delete(Q.id),{success:!0,id:Q.id}}}});var RV6;var jV6=l(()=>{i0();l7();FG();RV6={name:"USER_SANDBOX_LIST",description:"List all user sandbox in the organization",inputSchema:qV6,outputSchema:z.object({templates:z.array(oH)}),handler:async(Y,X)=>{let Q=X;if(!Q.organization)throw Error("Organization context required");return await Q.access.check(),{templates:await eY().templates.list(Q.organization.id)}}}});var SV6;var kV6=l(()=>{l7();FG();SV6={name:"USER_SANDBOX_GET",description:"Get a user sandbox by ID",inputSchema:$V6,outputSchema:oH,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let K=await eY().templates.findById(Q.id);if(K&&K.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");return K}}});async function vV6(Y,X){let Q=await X.sessions.findById(Y);if(!Q)throw new EZ("Session not found","SESSION_NOT_FOUND");if(new Date(Q.expires_at)<new Date)throw new EZ("Session has expired","SESSION_EXPIRED");return Q}async function es4(Y,X){let Q=await vV6(Y,X);if(Q.status==="completed")throw new EZ("Session is already completed. Create a new session to reconfigure.","SESSION_COMPLETED");return Q}function Yt4(Y,X){let Q=Y.metadata;if(!Q)throw new EZ("Connection has no metadata","CONNECTION_ACCESS_DENIED");let J=Q[sH.SESSION_ID]===X.id,G=Q[sH.EXTERNAL_USER_ID]===X.external_user_id&&Q[sH.TEMPLATE_ID]===X.template_id;if(!J&&!G)throw new EZ("Access denied: connection does not belong to this session","CONNECTION_ACCESS_DENIED")}function FQ0(Y,X,Q){return{[sH.SESSION_ID]:Y,[sH.EXTERNAL_USER_ID]:X,[sH.TEMPLATE_ID]:Q,source:"user-sandbox"}}function VQ0(Y,X){return{[sH.EXTERNAL_USER_ID]:Y,[sH.TEMPLATE_ID]:X,source:"user-sandbox"}}async function $$(Y,X,Q){let J=Q?.allowCompleted?await vV6(Y,X):await es4(Y,X);if(Q?.connection)Yt4(Q.connection,J);return J}var sH,EZ;var _V6=l(()=>{sH={SESSION_ID:"user_sandbox_session_id",EXTERNAL_USER_ID:"user_sandbox_external_user_id",TEMPLATE_ID:"user_sandbox_id"};EZ=class EZ extends Error{code;constructor(Y,X){super(Y);this.code=X;this.name="SessionAccessError"}}});var $Q0=l(()=>{_V6()});async function Qt4(Y,X,Q,J,G,K,W,Z){let H=Y,F=await H.selectFrom("user_sandbox_agents").select("connection_id").where("user_sandbox_id","=",J).where("external_user_id","=",G).executeTakeFirst();if(F)return{connectionId:F.connection_id,created:!1};let V=new Date().toISOString(),$=`usa_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`,q=`vir_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`;try{return await H.transaction().execute(async(B)=>{await B.insertInto("connections").values({id:q,organization_id:X,created_by:Q,title:K,description:W,icon:null,app_name:null,app_id:null,connection_type:"VIRTUAL",connection_url:`virtual://${q}`,connection_token:null,connection_headers:JSON.stringify({tool_selection_mode:Z}),oauth_config:null,configuration_state:null,configuration_scopes:null,metadata:JSON.stringify(VQ0(G,J)),tools:null,bindings:null,status:"active",created_at:V,updated_at:V}).execute(),await B.insertInto("user_sandbox_agents").values({id:$,user_sandbox_id:J,external_user_id:G,connection_id:q,created_at:V}).execute()}),{connectionId:q,created:!0}}catch(B){let D=String(B);if(D.includes("UNIQUE constraint")||D.includes("duplicate key")){let O=await H.selectFrom("user_sandbox_agents").select("connection_id").where("user_sandbox_id","=",J).where("external_user_id","=",G).executeTakeFirst();if(O)return{connectionId:O.connection_id,created:!1}}throw B}}var Xt4=604800,yV6;var fV6=l(()=>{l7();FG();$Q0();yV6={name:"USER_SANDBOX_CREATE_SESSION",description:"Create a connect session URL for an external user. Returns a URL that the user can visit to configure their integrations. Also creates a unique Virtual MCP (agent) for this user if one doesn't exist.",inputSchema:BV6,outputSchema:UV6,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=eY(),K=await G.templates.findById(Q.templateId);if(!K)throw Error(`Template not found: ${Q.templateId}`);if(K.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");if(K.status!=="active")throw Error("Template is not active");let W=K.agent_title_template.replace("{{externalUserId}}",Q.externalUserId),Z=K.created_by??J.auth.user?.id??"system",{connectionId:H,created:F}=await Qt4(J.db,J.organization.id,Z,K.id,Q.externalUserId,W,K.agent_instructions,K.tool_selection_mode),V=await G.sessions.findExisting(Q.templateId,Q.externalUserId);if(V){if(!V.created_agent_id)await G.sessions.update(V.id,{created_agent_id:H});let O=KQ0();return{sessionId:V.id,url:`${O}/connect/${V.id}`,expiresAt:V.expires_at,agentId:V.created_agent_id??H,created:F}}let $=Q.expiresInSeconds??Xt4,q=new Date(Date.now()+$*1000).toISOString(),B=await G.sessions.create({template_id:Q.templateId,organization_id:J.organization.id,external_user_id:Q.externalUserId,redirect_url:K.redirect_url,expires_at:q,created_agent_id:H}),D=KQ0();return{sessionId:B.id,url:`${D}/connect/${B.id}`,expiresAt:B.expires_at,agentId:H,created:F}}}});var hV6;var bV6=l(()=>{l7();FG();hV6={name:"USER_SANDBOX_LIST_SESSIONS",description:"List connect sessions for monitoring and management",inputSchema:DV6,outputSchema:OV6,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=eY(),K;if(Q.templateId){let W=await G.templates.findById(Q.templateId);if(!W)throw Error(`Template not found: ${Q.templateId}`);if(W.organization_id!==J.organization.id)throw Error("Access denied: template belongs to another organization");K=await G.sessions.listByTemplate(Q.templateId)}else K=await G.sessions.listByOrganization(J.organization.id);return{sessions:K}}}});var Jt4="user_sandbox_external_user_id",Gt4="user_sandbox_id",xV6;var uV6=l(()=>{l7();xV6={name:"USER_SANDBOX_LIST_USER_AGENTS",description:"List all agents (Virtual MCPs) created for an external user. Use this to find agents created via user sandbox for a specific user in your platform.",inputSchema:NV6,outputSchema:LV6,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");return await J.access.check(),{agents:(await J.storage.connections.list(J.organization.id)).filter((W)=>{if(W.connection_type!=="VIRTUAL")return!1;let Z=W.metadata;if(!Z)return!1;return Z[Jt4]===Q.externalUserId}).map((W)=>{let Z=W.metadata;return{id:W.id,title:W.title,external_user_id:Q.externalUserId,template_id:Z[Gt4]??null,created_at:W.created_at}})}}}});var Wt4="user_sandbox_external_user_id",gV6;var mV6=l(()=>{l7();FG();gV6={name:"USER_SANDBOX_CLEAR_USER_SESSION",description:"Clear all session data for an external user, revoking all access they've granted. This deletes their agents (Virtual MCPs), child connections, OAuth tokens, and sessions. Use this when a user wants to disconnect all their integrations.",inputSchema:wV6,outputSchema:MV6,handler:async(Y,X)=>{let Q=Y,J=X;if(!J.organization)throw Error("Organization context required");await J.access.check();let G=J.db,K=eY(),Z=(await G.selectFrom("connections").select(["id","metadata"]).where("organization_id","=",J.organization.id).where("connection_type","=","VIRTUAL").execute()).filter((V)=>{if(!V.metadata)return!1;try{return JSON.parse(V.metadata)[Wt4]===Q.externalUserId}catch{return!1}}).map((V)=>V.id),H=0;if(Z.length>0){let $=(await G.selectFrom("connection_aggregations").select("child_connection_id").where("parent_connection_id","in",Z).execute()).map((q)=>q.child_connection_id);if(await G.deleteFrom("connection_aggregations").where("parent_connection_id","in",Z).execute(),$.length>0)await G.deleteFrom("downstream_tokens").where("connectionId","in",$).execute(),await G.deleteFrom("connections").where("id","in",$).execute(),H=$.length;await G.deleteFrom("connections").where("id","in",Z).execute(),await G.deleteFrom("user_sandbox_agents").where("external_user_id","=",Q.externalUserId).execute()}let F=await K.sessions.deleteByExternalUserId(J.organization.id,Q.externalUserId);return{success:!0,deletedAgents:Z.length,deletedConnections:H,deletedSessions:F}}}});var lV6;var dV6=l(()=>{TV6();EV6();IV6();jV6();kV6();fV6();bV6();uV6();mV6();FG();lV6=[AV6,PV6,CV6,RV6,SV6,yV6,hV6,xV6,gV6]});function Zt4(Y){let X=Date.now().toString(36),Q=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`${Y}_${X}${Q}`}async function qQ0(Y,X,Q,J){let G={success:!1,agentId:Y.created_agent_id,connectionIds:[],redirectUrl:null,eventEmitted:!1,webhookCalled:!1};try{let K=J.db,W=new Date().toISOString(),Z=Y.created_agent_id;if(!Z)throw Error("Session has no agent - this should not happen");let H=[],F=[];for(let[q,B]of Object.entries(Y.app_statuses))if(B.configured&&B.connection_id){H.push(B.connection_id);let D=X.required_apps.find((O)=>O.app_name===q);F.push({appName:q,connectionId:B.connection_id,selectedTools:D?.selected_tools??null,selectedResources:D?.selected_resources??null,selectedPrompts:D?.selected_prompts??null})}if(G.connectionIds=H,await K.deleteFrom("connection_aggregations").where("parent_connection_id","=",Z).execute(),F.length>0)await K.insertInto("connection_aggregations").values(F.map((q)=>({id:Zt4("agg"),parent_connection_id:Z,child_connection_id:q.connectionId,selected_tools:q.selectedTools?JSON.stringify(q.selectedTools):null,selected_resources:q.selectedResources?JSON.stringify(q.selectedResources):null,selected_prompts:q.selectedPrompts?JSON.stringify(q.selectedPrompts):null,created_at:W}))).execute();await Q.sessions.update(Y.id,{status:"completed"});let V={type:X.event_type,data:{externalUserId:Y.external_user_id,agentId:Z,templateId:X.id,sessionId:Y.id,connections:H.map((q)=>{let B=Object.entries(Y.app_statuses).find(([D,O])=>O.connection_id===q)?.[0];return{id:q,appName:B??"unknown"}})}};if(J.eventBus)try{await J.eventBus.publish(J.organizationId,"user-sandbox",V),G.eventEmitted=!0}catch(q){console.error("[UserSandbox] Failed to emit completion event:",q)}if(X.webhook_url)try{let q=await fetch(X.webhook_url,{method:"POST",headers:{"Content-Type":"application/json","X-User-Sandbox-Event":X.event_type},body:JSON.stringify(V.data)});if(!q.ok)console.error("[UserSandbox] Webhook returned error:",q.status);else G.webhookCalled=!0}catch(q){console.error("[UserSandbox] Failed to call webhook:",q)}let $=Y.redirect_url??X.redirect_url;if($){let q=new URL($);q.searchParams.set("sessionId",Y.id),q.searchParams.set("externalUserId",Y.external_user_id),q.searchParams.set("agentId",Z),G.redirectUrl=q.toString()}return G.success=!0,G}catch(K){throw console.error("[UserSandbox] Completion failed:",K),K}}var pV6=()=>{};function Kt4(){let Y=Date.now().toString(36),X=crypto.randomUUID().replace(/-/g,"").substring(0,8);return`conn_${Y}${X}`}async function Ht4(Y,X,Q,J,G,K,W){let Z=Kt4(),H=new Date().toISOString();if(!W.title)throw Error(`App "${W.app_name}" is missing required field: title`);if(!W.connection_type)throw Error(`App "${W.app_name}" is missing required field: connection_type`);if(!W.connection_url&&W.connection_type!=="STDIO")throw Error(`App "${W.app_name}" is missing required field: connection_url`);let F={id:Z,organization_id:X,created_by:Q,title:W.title,description:W.description??null,icon:W.icon??null,app_name:W.app_name,app_id:null,connection_type:W.connection_type,connection_url:W.connection_url??"",connection_token:null,connection_headers:W.connection_headers?JSON.stringify(W.connection_headers):null,oauth_config:W.oauth_config?JSON.stringify(W.oauth_config):null,configuration_state:null,configuration_scopes:null,metadata:JSON.stringify(FQ0(J,G,K)),tools:null,bindings:null,status:"active",created_at:H,updated_at:H};return await Y.insertInto("connections").values(F).execute(),Z}function KP(Y,X){if(X instanceof EZ){let Q={SESSION_NOT_FOUND:404,SESSION_EXPIRED:410,SESSION_COMPLETED:409,ACCESS_DENIED:403,CONNECTION_ACCESS_DENIED:403};return Y.json({error:X.message,code:X.code},Q[X.code]??400)}return console.error("[UserSandbox] Connect API error:",X),Y.json({error:X instanceof Error?X.message:"Internal error"},500)}function zQ0(Y,X){let Q=X.db,J=new GP(Q),G=new WP(Q),K={templates:J,sessions:G};Y.get("/api/user-sandbox/sessions/:sessionId",async(W)=>{try{let Z=W.req.param("sessionId"),H=await $$(Z,K,{allowCompleted:!0}),F=await J.findById(H.template_id);if(!F)return W.json({error:"Template not found"},404);return W.json({session:{id:H.id,status:H.status,external_user_id:H.external_user_id,expires_at:H.expires_at,redirect_url:H.redirect_url,created_agent_id:H.created_agent_id},template:{id:F.id,title:F.title,description:F.description,icon:F.icon},apps:F.required_apps.map((V)=>({app_name:V.app_name,title:V.title,description:V.description,icon:V.icon,connection_type:V.connection_type,requires_oauth:!!V.oauth_config,selected_tools:V.selected_tools,selected_resources:V.selected_resources,selected_prompts:V.selected_prompts,status:H.app_statuses[V.app_name]??{configured:!1,connection_id:null,error:null}}))})}catch(Z){return KP(W,Z)}}),Y.post("/api/user-sandbox/sessions/:sessionId/provision",async(W)=>{try{let Z=W.req.param("sessionId"),H=await W.req.json();if(!H.app_name)return W.json({error:"app_name is required"},400);let F=await $$(Z,K,{allowCompleted:!0}),V=await J.findById(F.template_id);if(!V)return W.json({error:"Template not found"},404);let $=V.required_apps.find((O)=>O.app_name===H.app_name);if(!$)return W.json({error:`App "${H.app_name}" is not required by this template`},400);let q=F.app_statuses[H.app_name];if(q?.connection_id)return W.json({success:!0,connection_id:q.connection_id,already_provisioned:!0,requires_oauth:!!$.oauth_config});if(!V.created_by)return W.json({error:"Template is missing created_by - cannot create connections"},500);let B=await Ht4(Q,F.organization_id,V.created_by,Z,F.external_user_id,F.template_id,$),D={...F.app_statuses,[H.app_name]:{configured:!1,connection_id:B,error:null}};return await G.update(Z,{status:"in_progress",app_statuses:D}),W.json({success:!0,connection_id:B,already_provisioned:!1,requires_oauth:!!$.oauth_config})}catch(Z){return KP(W,Z)}}),Y.post("/api/user-sandbox/sessions/:sessionId/configure",async(W)=>{try{let Z=W.req.param("sessionId"),H=await W.req.json();if(!H.app_name)return W.json({error:"app_name is required"},400);let F=await $$(Z,K,{allowCompleted:!0}),V=await J.findById(F.template_id);if(!V)return W.json({error:"Template not found"},404);if(!V.required_apps.find((L)=>L.app_name===H.app_name))return W.json({error:`App "${H.app_name}" is not required by this template`},400);let q=F.app_statuses[H.app_name],D={configured:!0,connection_id:H.connection_id??q?.connection_id??null,error:null},O={...F.app_statuses,[H.app_name]:D};return await G.update(Z,{status:"in_progress",app_statuses:O}),W.json({success:!0,app_name:H.app_name,status:D})}catch(Z){return KP(W,Z)}}),Y.post("/api/user-sandbox/sessions/:sessionId/oauth-token",async(W)=>{try{let Z=W.req.param("sessionId"),H=await W.req.json();if(!H.connection_id)return W.json({error:"connection_id is required"},400);if(!H.access_token)return W.json({error:"access_token is required"},400);let F=await $$(Z,K,{allowCompleted:!0});if(!Object.values(F.app_statuses).some((R)=>R.connection_id===H.connection_id))return W.json({error:"Connection does not belong to this session"},403);let $=H.expires_in?new Date(Date.now()+H.expires_in*1000):null,q=new Date().toISOString(),B=await X.vault.encrypt(H.access_token),D=H.refresh_token?await X.vault.encrypt(H.refresh_token):null,O=H.client_secret?await X.vault.encrypt(H.client_secret):null,L=Q,w=await L.selectFrom("downstream_tokens").select(["id"]).where("connectionId","=",H.connection_id).executeTakeFirst();if(w)await L.updateTable("downstream_tokens").set({accessToken:B,refreshToken:D,scope:H.scope??null,expiresAt:$?.toISOString()??null,clientId:H.client_id??null,clientSecret:O,tokenEndpoint:H.token_endpoint??null,updatedAt:q}).where("id","=",w.id).execute();else{let R=`dtok_${Date.now().toString(36)}${crypto.randomUUID().replace(/-/g,"").substring(0,8)}`;await L.insertInto("downstream_tokens").values({id:R,connectionId:H.connection_id,accessToken:B,refreshToken:D,scope:H.scope??null,expiresAt:$?.toISOString()??null,clientId:H.client_id??null,clientSecret:O,tokenEndpoint:H.token_endpoint??null,createdAt:q,updatedAt:q}).execute()}return W.json({success:!0,expiresAt:$})}catch(Z){return KP(W,Z)}}),Y.post("/api/user-sandbox/sessions/:sessionId/complete",async(W)=>{try{let Z=W.req.param("sessionId"),H=await $$(Z,K,{allowCompleted:!0}),F=await J.findById(H.template_id);if(!F)return W.json({error:"Template not found"},404);if(F.required_apps.filter((q)=>{return H.app_statuses[q.app_name]?.configured}).length===0)return W.json({error:"At least one app must be configured"},400);let $=await qQ0(H,F,K,{organizationId:H.organization_id,db:Q});return W.json({success:$.success,completed:!0,agentId:$.agentId,redirectUrl:$.redirectUrl,eventEmitted:$.eventEmitted,webhookCalled:$.webhookCalled})}catch(Z){return KP(W,Z)}})}var cV6=l(()=>{GQ0();WQ0();$Q0();pV6()});var nV6=l(()=>{cV6()});var iV6;var aV6=l(()=>{WV6();KV6();dV6();nV6();iV6={id:jb,description:XV6,tools:lV6,publicRoutes:(Y,X)=>{zQ0(Y,X)},migrations:GV6,createStorage:(Y)=>{let X=ZV6(Y);return ZP(X),X}}});var vb;var rV6=l(()=>{aV6();vb=[iV6]});function Ft4(Y,X){return oV6.set(X.name,Y),{...X,handler:async(Q,J)=>{let G=J.organization;if(!G)throw Error(`Organization context required for plugin tool "${X.name}"`);if(!(await J.storage.organizationSettings.get(G.id))?.enabled_plugins?.includes(Y))throw Error(`Plugin "${Y}" is not enabled for this organization. Enable it in Settings > Plugins.`);return X.handler(Q,J)},execute:async(Q,J)=>{let G=J.organization;if(!G)throw Error(`Organization context required for plugin tool "${X.name}"`);if(!(await J.storage.organizationSettings.get(G.id))?.enabled_plugins?.includes(Y))throw Error(`Plugin "${Y}" is not enabled for this organization. Enable it in Settings > Plugins.`);return X.execute(Q,J)}}}function sV6(Y,X){return Y.filter((Q)=>{let J=oV6.get(Q.name);if(!J)return!0;return X?.includes(J)??!1})}function tV6(){let Y=[];for(let X of vb){if(!X.tools)continue;for(let Q of X.tools){let J={name:Q.name,description:Q.description??"",inputSchema:Q.inputSchema,outputSchema:Q.outputSchema,handler:Q.handler,execute:Q.handler},G=Ft4(X.id,J);Y.push(G)}}return Y}function eV6(Y,X){for(let Q of vb){if(Q.routes){let J=new Y.constructor;Q.routes(J,X),Y.route(`/api/plugins/${Q.id}`,J)}if(Q.publicRoutes)Q.publicRoutes(Y,X)}}function Y$6(Y,X){let Q={db:Y,vault:{encrypt:(J)=>X.encrypt(J),decrypt:(J)=>X.decrypt(J)}};for(let J of vb)if(J.createStorage){let G=J.createStorage(Q);Vt4.set(J.id,G)}}var oV6,Vt4;var BQ0=l(()=>{rV6();oV6=new Map;Vt4=new Map});function W6(Y){return{...Y,execute:async(X,Q)=>{let J=Date.now();return await Q.timings.measure(`tool.${Y.name}`,async()=>Q.tracer.startActiveSpan(`tool.${Y.name}`,{attributes:{"tool.name":Y.name,"organization.id":Q.organization?.id??"system","user.id":Q.auth.user?.id??Q.auth.apiKey?.userId??"anonymous"}},async(G)=>{try{Q.toolName=Y.name,Q.access.setToolName?.(Y.name);let K=await Y.handler(X,Q),W=Date.now()-J;return Q.meter.createHistogram("tool.execution.duration",{description:"Duration of tool executions in milliseconds",unit:"ms"}).record(W,{"tool.name":Y.name,"organization.id":Q.organization?.id??"system",status:"success"}),Q.meter.createCounter("tool.execution.count",{description:"Number of tool executions"}).add(1,{"tool.name":Y.name,status:"success"}),G.setStatus({code:UQ0.SpanStatusCode.OK}),K}catch(K){throw Q.meter.createCounter("tool.execution.errors",{description:"Number of tool execution errors"}).add(1,{"tool.name":Y.name,"error.type":K.constructor.name}),G.setStatus({code:UQ0.SpanStatusCode.ERROR,message:K.message}),G.recordException(K),K}finally{G.end()}}))}}}var UQ0;var z4=l(()=>{UQ0=l4(u0(),1)});function f6(Y){if(!Y.organization)throw Error("This operation requires organization scope");return Y.organization}function n8(Y){return Y.auth.user?.id??Y.auth.apiKey?.userId}function $t4(Y){return!!(Y.auth.user||Y.auth.apiKey)}function z6(Y){if(!$t4(Y))throw Error("Authentication required")}var _b,X$6,Q$6,J$6,G$6,W$6,Z$6,K$6,H$6,F$6;var VD=l(()=>{i0();_b=z.record(z.string(),z.array(z.string())),X$6=z.object({id:z.string().describe("Unique identifier for the API key"),name:z.string().describe("Human-readable name for the API key"),userId:z.string().describe("ID of the user who owns this API key"),permissions:_b.describe('Permissions granted to this API key. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Example: { "self": ["API_KEY_CREATE"], "conn_abc123": ["SEND_MESSAGE"] }'),expiresAt:z.string().datetime().nullable().optional().describe("Expiration date of the API key (ISO 8601)"),createdAt:z.string().datetime().describe("When the API key was created (ISO 8601)")}),Q$6=z.object({name:z.string().min(1).max(64).describe("Human-readable name for the API key"),permissions:_b.optional().describe('Permissions to grant. Format: { resource: [actions] }. Resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Actions are tool names (e.g., ["API_KEY_CREATE"]) or ["*"] for all. Example: { "self": ["API_KEY_CREATE", "COLLECTION_CONNECTIONS_LIST"] }. Defaults to read-only permissions.'),expiresIn:z.number().positive().optional().describe("Expiration time in seconds. If not provided, key never expires."),metadata:z.record(z.string(),z.unknown()).optional().describe("Additional metadata to store with the API key")}),J$6=z.object({id:z.string().describe("Unique identifier for the API key"),name:z.string().describe("Human-readable name for the API key"),key:z.string().describe("The actual API key value. STORE THIS SECURELY - it will not be shown again!"),permissions:_b.describe('Permissions granted to this API key. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools'),expiresAt:z.string().datetime().nullable().optional().describe("Expiration date of the API key (ISO 8601)"),createdAt:z.string().datetime().describe("When the API key was created (ISO 8601)")}),G$6=z.object({}),W$6=z.object({items:z.array(X$6).describe("List of API keys (without key values)")}),Z$6=z.object({keyId:z.string().describe("ID of the API key to update"),name:z.string().min(1).max(64).optional().describe("New name for the API key"),permissions:_b.optional().describe('New permissions. Format: { resource: [actions] } where resource is "self" for management tools or "conn_<UUID>" for connection-specific tools. Actions are tool names or "*" for all. Example: { "self": ["API_KEY_CREATE"] }. Replaces existing permissions.'),metadata:z.record(z.string(),z.unknown()).optional().describe("New metadata. Replaces existing metadata.")}),K$6=z.object({item:X$6.describe("The updated API key (without key value)")}),H$6=z.object({keyId:z.string().describe("ID of the API key to delete")}),F$6=z.object({success:z.boolean().describe("Whether the deletion was successful"),keyId:z.string().describe("ID of the deleted API key")})});var DQ0;var V$6=l(()=>{z4();VD();DQ0=W6({name:"API_KEY_CREATE",description:"Create a new API key with specified permissions. The key value is only returned once - store it securely!",inputSchema:Q$6,outputSchema:J$6,handler:async(Y,X)=>{z6(X),await X.access.check();let Q=await X.boundAuth.apiKey.create({name:Y.name,permissions:Y.permissions,expiresIn:Y.expiresIn,metadata:{...Y.metadata,organization:X.organization}}),J=Q.expiresAt?Q.expiresAt instanceof Date?Q.expiresAt.toISOString():Q.expiresAt:null,G=Q.createdAt instanceof Date?Q.createdAt.toISOString():Q.createdAt;return{id:Q.id,name:Q.name??Y.name,key:Q.key,permissions:Q.permissions??{},expiresAt:J,createdAt:G}}})});var OQ0;var $$6=l(()=>{z4();VD();OQ0=W6({name:"API_KEY_DELETE",description:"Delete an API key. This instantly revokes the key - it can no longer be used for authentication.",inputSchema:H$6,outputSchema:F$6,handler:async(Y,X)=>{if(z6(X),await X.access.check(),!n8(X))throw Error("User ID required to delete API key");let G=(await X.boundAuth.apiKey.list())?.find((H)=>H.id===Y.keyId);if(!G)throw Error("API key not found");let W=G.metadata?.organization?.id,Z=X.organization?.id;if(W!==Z)throw Error("Cannot delete API key from another organization");return await X.boundAuth.apiKey.delete(Y.keyId),{success:!0,keyId:Y.keyId}}})});var NQ0;var q$6=l(()=>{z4();VD();NQ0=W6({name:"API_KEY_LIST",description:"List all API keys for the current user in the current organization. Returns metadata only - key values are never shown after creation.",inputSchema:G$6,outputSchema:W$6,handler:async(Y,X)=>{z6(X),await X.access.check();let Q=await X.boundAuth.apiKey.list(),J=X.organization?.id;return{items:(Q??[]).filter((K)=>{return K.metadata?.organization?.id===J}).map((K)=>({id:K.id,name:K.name??"Unnamed Key",userId:K.userId,permissions:K.permissions??{},expiresAt:K.expiresAt?K.expiresAt instanceof Date?K.expiresAt.toISOString():K.expiresAt:null,createdAt:K.createdAt instanceof Date?K.createdAt.toISOString():K.createdAt}))}}})});var LQ0;var z$6=l(()=>{z4();VD();LQ0=W6({name:"API_KEY_UPDATE",description:"Update an existing API key's name, permissions, or metadata. Note: Key value cannot be changed or retrieved.",inputSchema:Z$6,outputSchema:K$6,handler:async(Y,X)=>{if(z6(X),await X.access.check(),!n8(X))throw Error("User ID required to update API key");let G=(await X.boundAuth.apiKey.list())?.find((F)=>F.id===Y.keyId);if(!G)throw Error(`API key not found: ${Y.keyId}`);let W=G.metadata?.organization?.id,Z=X.organization?.id;if(W!==Z)throw Error("Cannot update API key from another organization");let H=await X.boundAuth.apiKey.update({keyId:Y.keyId,name:Y.name,permissions:Y.permissions,metadata:{...Y.metadata,organization:X.organization}});if(!H)throw Error(`Failed to update API key: ${Y.keyId}`);return{item:{id:H.id,name:H.name??Y.name??"Unnamed Key",userId:H.userId,permissions:H.permissions??{},expiresAt:H.expiresAt?H.expiresAt instanceof Date?H.expiresAt.toISOString():H.expiresAt:null,createdAt:H.createdAt instanceof Date?H.createdAt.toISOString():H.createdAt}}}})});var B$6=l(()=>{V$6();$$6();q$6();z$6();VD()});var U$6,D$6,O$6,N$6,L$6,w$6;var HP=l(()=>{i0();U$6=z.object({query:z.string().describe("Natural language search query (e.g., 'send email', 'create order')"),limit:z.number().default(10).describe("Maximum results to return (default: 10)")}),D$6=z.object({query:z.string(),results:z.array(z.object({name:z.string(),description:z.string().optional(),connection:z.string()})),totalAvailable:z.number()}),O$6=z.object({tools:z.array(z.string()).min(1).describe("Array of tool names to get detailed schemas for")}),N$6=z.object({tools:z.array(z.object({name:z.string(),description:z.string().optional(),connection:z.string(),inputSchema:z.unknown(),outputSchema:z.unknown().optional()})),notFound:z.array(z.string())}),L$6=z.object({code:z.string().min(1).describe("JavaScript code to execute. It runs as an async function body; you can use top-level `return` and `await`."),timeoutMs:z.number().default(3000).describe("Max execution time in milliseconds (default: 3000).")}),w$6=z.object({returnValue:z.unknown().optional(),error:z.string().optional(),consoleLogs:z.array(z.object({type:z.enum(["log","warn","error"]),content:z.string()}))})});function M$6(Y){let X=[],Q=[],J=(H)=>{let F=Y.newFunction(H,(...V)=>{try{let $=V.map((q)=>Y.dump(q));X.push({type:H??"log",content:$.map(String).join(" ")})}finally{V.forEach(($)=>$.dispose())}return Y.undefined});return Q.push(F),F},G=Y.newObject();Q.push(G);let K=J("log"),W=J("warn"),Z=J("error");return Y.setProp(G,"log",K),Y.setProp(G,"warn",W),Y.setProp(G,"error",Z),Y.setProp(Y.global,"console",G),{logs:X,[Symbol.dispose](){Q.forEach((H)=>H.dispose())}}}var q$,wQ0,yb,z$,FP;var fb=l(()=>{q$={JS_EVAL_TYPE_GLOBAL:0,JS_EVAL_TYPE_MODULE:1,JS_EVAL_TYPE_DIRECT:2,JS_EVAL_TYPE_INDIRECT:3,JS_EVAL_TYPE_MASK:3,JS_EVAL_FLAG_STRICT:8,JS_EVAL_FLAG_STRIP:16,JS_EVAL_FLAG_COMPILE_ONLY:32,JS_EVAL_FLAG_BACKTRACE_BARRIER:64},wQ0={BaseObjects:1,Date:2,Eval:4,StringNormalize:8,RegExp:16,RegExpCompiler:32,JSON:64,Proxy:128,MapSet:256,TypedArrays:512,Promise:1024,BigInt:2048,BigFloat:4096,BigDecimal:8192,OperatorOverloading:16384,BignumExt:32768},yb={Pending:0,Fulfilled:1,Rejected:2},z$={JS_GPN_STRING_MASK:1,JS_GPN_SYMBOL_MASK:2,JS_GPN_PRIVATE_MASK:4,JS_GPN_ENUM_ONLY:16,JS_GPN_SET_ENUM:32,QTS_GPN_NUMBER_MASK:64,QTS_STANDARD_COMPLIANT_NUMBER:128},FP={IsStrictlyEqual:0,IsSameValue:1,IsSameValueZero:2}});function $D(...Y){CQ0&&console.log("quickjs-emscripten:",...Y)}function*y$6(Y){return yield Y}function Ut4(Y){return y$6(RQ0(Y))}function A$6(Y,X){return(...Q)=>{let J=X.call(Y,IQ0,...Q);return RQ0(J)}}function Dt4(Y,X){let Q=X.call(Y,IQ0);return RQ0(Q)}function RQ0(Y){function X(Q){return Q.done?Q.value:Q.value instanceof Promise?Q.value.then((J)=>X(Y.next(J)),(J)=>X(Y.throw(J))):X(Y.next(Q.value))}return X(Y.next())}function MQ0(Y,X){let Q;try{Y.dispose()}catch(J){Q=J}if(X&&Q)throw Object.assign(X,{message:`${X.message}
261
261
  Then, failed to dispose scope: ${Q.message}`,disposeError:Q}),X;if(X||Q)throw X||Q}function f$6(Y){let X=Y?Array.from(Y):[];function Q(){return X.forEach((G)=>G.alive?G.dispose():void 0)}function J(){return X.some((G)=>G.alive)}return Object.defineProperty(X,PQ0,{configurable:!0,enumerable:!1,value:Q}),Object.defineProperty(X,"dispose",{configurable:!0,enumerable:!1,value:Q}),Object.defineProperty(X,"alive",{configurable:!0,enumerable:!1,get:J}),X}function hb(Y){return!!(Y&&(typeof Y=="object"||typeof Y=="function")&&("alive"in Y)&&typeof Y.alive=="boolean"&&("dispose"in Y)&&typeof Y.dispose=="function")}function Ot4(Y){if(!Y)return 0;let X=0;for(let[Q,J]of Object.entries(Y)){if(!(Q in wQ0))throw new k$6(Q);J&&(X|=wQ0[Q])}return X}function Nt4(Y){if(typeof Y=="number")return Y;if(Y===void 0)return 0;let{type:X,strict:Q,strip:J,compileOnly:G,backtraceBarrier:K}=Y,W=0;return X==="global"&&(W|=q$.JS_EVAL_TYPE_GLOBAL),X==="module"&&(W|=q$.JS_EVAL_TYPE_MODULE),Q&&(W|=q$.JS_EVAL_FLAG_STRICT),J&&(W|=q$.JS_EVAL_FLAG_STRIP),G&&(W|=q$.JS_EVAL_FLAG_COMPILE_ONLY),K&&(W|=q$.JS_EVAL_FLAG_BACKTRACE_BARRIER),W}function Lt4(Y){if(typeof Y=="number")return Y;if(Y===void 0)return 0;let{strings:X,symbols:Q,quickjsPrivate:J,onlyEnumerable:G,numbers:K,numbersAsStrings:W}=Y,Z=0;return X&&(Z|=z$.JS_GPN_STRING_MASK),Q&&(Z|=z$.JS_GPN_SYMBOL_MASK),J&&(Z|=z$.JS_GPN_PRIVATE_MASK),G&&(Z|=z$.JS_GPN_ENUM_ONLY),K&&(Z|=z$.QTS_GPN_NUMBER_MASK),W&&(Z|=z$.QTS_STANDARD_COMPLIANT_NUMBER),Z}function wt4(...Y){let X=[];for(let Q of Y)Q!==void 0&&(X=X.concat(Q));return X}function vQ0(Y,X){X.interruptHandler&&Y.setInterruptHandler(X.interruptHandler),X.maxStackSizeBytes!==void 0&&Y.setMaxStackSize(X.maxStackSizeBytes),X.memoryLimitBytes!==void 0&&Y.setMemoryLimit(X.memoryLimitBytes)}function _Q0(Y,X){X.moduleLoader&&Y.setModuleLoader(X.moduleLoader),X.shouldInterrupt&&Y.setInterruptHandler(X.shouldInterrupt),X.memoryLimitBytes!==void 0&&Y.setMemoryLimit(X.memoryLimitBytes),X.maxStackSizeBytes!==void 0&&Y.setMaxStackSize(X.maxStackSizeBytes)}var zt4,Bt4=(Y,X)=>{for(var Q in X)zt4(Y,Q,{get:X[Q],enumerable:!0})},CQ0=!1,P$6,AQ0,E$6,TQ0,C$6,I$6,R$6,j$6,S$6,k$6,v$6,_$6,IQ0,CZ,PQ0,T$6,YX,tH,EQ0,VG,jQ0,h$6,b$6,B$,x$6,u$6=class{constructor(Y){this.module=Y}toPointerArray(Y){let X=new Int32Array(Y.map((G)=>G.value)),Q=X.length*X.BYTES_PER_ELEMENT,J=this.module._malloc(Q);return new Uint8Array(this.module.HEAPU8.buffer,J,Q).set(new Uint8Array(X.buffer)),new YX(J,void 0,(G)=>this.module._free(G))}newTypedArray(Y,X){let Q=new Y(Array(X).fill(0)),J=Q.length*Q.BYTES_PER_ELEMENT,G=this.module._malloc(J),K=new Y(this.module.HEAPU8.buffer,G,X);return K.set(Q),new YX({typedArray:K,ptr:G},void 0,(W)=>this.module._free(W.ptr))}newMutablePointerArray(Y){return this.newTypedArray(Int32Array,Y)}newHeapCharPointer(Y){let X=this.module.lengthBytesUTF8(Y),Q=X+1,J=this.module._malloc(Q);return this.module.stringToUTF8(Y,J,Q),new YX({ptr:J,strlen:X},void 0,(G)=>this.module._free(G.ptr))}newHeapBufferPointer(Y){let X=Y.byteLength,Q=this.module._malloc(X);return this.module.HEAPU8.set(Y,Q),new YX({pointer:Q,numBytes:X},void 0,(J)=>this.module._free(J.pointer))}consumeHeapCharPointer(Y){let X=this.module.UTF8ToString(Y);return this.module._free(Y),X}},I58,SQ0,Mt4,At4,g$6,m$6,Tt4=class{constructor(Y){this.callFunction=Y.callFunction,this.shouldInterrupt=Y.shouldInterrupt,this.loadModuleSource=Y.loadModuleSource,this.normalizeModule=Y.normalizeModule}},kQ0=class{constructor(Y){this.contextCallbacks=new Map,this.runtimeCallbacks=new Map,this.suspendedCount=0,this.cToHostCallbacks=new Tt4({callFunction:(X,Q,J,G,K,W)=>this.handleAsyncify(X,()=>{try{let Z=this.contextCallbacks.get(Q);if(!Z)throw Error(`QuickJSContext(ctx = ${Q}) not found for C function call "${W}"`);return Z.callFunction(Q,J,G,K,W)}catch(Z){return console.error("[C to host error: returning null]",Z),0}}),shouldInterrupt:(X,Q)=>this.handleAsyncify(X,()=>{try{let J=this.runtimeCallbacks.get(Q);if(!J)throw Error(`QuickJSRuntime(rt = ${Q}) not found for C interrupt`);return J.shouldInterrupt(Q)}catch(J){return console.error("[C to host interrupt: returning error]",J),1}}),loadModuleSource:(X,Q,J,G)=>this.handleAsyncify(X,()=>{try{let K=this.runtimeCallbacks.get(Q);if(!K)throw Error(`QuickJSRuntime(rt = ${Q}) not found for C module loader`);let W=K.loadModuleSource;if(!W)throw Error(`QuickJSRuntime(rt = ${Q}) does not support module loading`);return W(Q,J,G)}catch(K){return console.error("[C to host module loader error: returning null]",K),0}}),normalizeModule:(X,Q,J,G,K)=>this.handleAsyncify(X,()=>{try{let W=this.runtimeCallbacks.get(Q);if(!W)throw Error(`QuickJSRuntime(rt = ${Q}) not found for C module loader`);let Z=W.normalizeModule;if(!Z)throw Error(`QuickJSRuntime(rt = ${Q}) does not support module loading`);return Z(Q,J,G,K)}catch(W){return console.error("[C to host module loader error: returning null]",W),0}})}),this.module=Y,this.module.callbacks=this.cToHostCallbacks}setRuntimeCallbacks(Y,X){this.runtimeCallbacks.set(Y,X)}deleteRuntime(Y){this.runtimeCallbacks.delete(Y)}setContextCallbacks(Y,X){this.contextCallbacks.set(Y,X)}deleteContext(Y){this.contextCallbacks.delete(Y)}handleAsyncify(Y,X){if(Y)return Y.handleSleep((J)=>{try{let G=X();if(!(G instanceof Promise)){$D("asyncify.handleSleep: not suspending:",G),J(G);return}if(this.suspended)throw new I$6(`Already suspended at: ${this.suspended.stack}
262
262
  Attempted to suspend at:`);this.suspended=new R$6(`(${this.suspendedCount++})`),$D("asyncify.handleSleep: suspending:",this.suspended),G.then((K)=>{this.suspended=void 0,$D("asyncify.handleSleep: resolved:",K),J(K)},(K)=>{$D("asyncify.handleSleep: rejected:",K),console.error("QuickJS: cannot handle error in suspended function",K),this.suspended=void 0})}catch(G){throw $D("asyncify.handleSleep: error:",G),this.suspended=void 0,G}});let Q=X();if(Q instanceof Promise)throw Error("Promise return value not supported in non-asyncify context.");return Q}},yQ0=class{constructor(Y,X){this.module=Y,this.ffi=X,this.callbacks=new kQ0(Y)}newRuntime(Y={}){let X=new YX(this.ffi.QTS_NewRuntime(),void 0,(J)=>{this.callbacks.deleteRuntime(J),this.ffi.QTS_FreeRuntime(J)}),Q=new m$6({module:this.module,callbacks:this.callbacks,ffi:this.ffi,rt:X});return vQ0(Q,Y),Y.moduleLoader&&Q.setModuleLoader(Y.moduleLoader),Q}newContext(Y={}){let X=this.newRuntime(),Q=X.newContext({...Y,ownedLifetimes:wt4(X,Y.ownedLifetimes)});return X.context=Q,Q}evalCode(Y,X={}){return VG.withScope((Q)=>{let J=Q.manage(this.newContext());_Q0(J.runtime,X);let G=J.evalCode(Y,"eval.js");if(X.memoryLimitBytes!==void 0&&J.runtime.setMemoryLimit(-1),G.error)throw J.dump(Q.manage(G.error));return J.dump(Q.manage(G.value))})}getWasmMemory(){let Y=this.module.quickjsEmscriptenInit?.(()=>{})?.getWasmMemory?.();if(!Y)throw Error("Variant does not support getting WebAssembly.Memory");return Y}getFFI(){return this.ffi}};var fQ0=l(()=>{fb();fb();zt4=Object.defineProperty;P$6={};Bt4(P$6,{QuickJSAsyncifyError:()=>I$6,QuickJSAsyncifySuspended:()=>R$6,QuickJSEmptyGetOwnPropertyNames:()=>_$6,QuickJSEmscriptenModuleError:()=>S$6,QuickJSMemoryLeakDetected:()=>j$6,QuickJSNotImplemented:()=>C$6,QuickJSPromisePending:()=>v$6,QuickJSUnknownIntrinsic:()=>k$6,QuickJSUnwrapError:()=>AQ0,QuickJSUseAfterFree:()=>TQ0,QuickJSWrongOwner:()=>E$6});AQ0=class extends Error{constructor(Y,X){let Q=typeof Y=="object"&&Y&&"message"in Y?String(Y.message):String(Y);super(Q);this.cause=Y,this.context=X,this.name="QuickJSUnwrapError"}},E$6=class extends Error{constructor(){super(...arguments);this.name="QuickJSWrongOwner"}},TQ0=class extends Error{constructor(){super(...arguments);this.name="QuickJSUseAfterFree"}},C$6=class extends Error{constructor(){super(...arguments);this.name="QuickJSNotImplemented"}},I$6=class extends Error{constructor(){super(...arguments);this.name="QuickJSAsyncifyError"}},R$6=class extends Error{constructor(){super(...arguments);this.name="QuickJSAsyncifySuspended"}},j$6=class extends Error{constructor(){super(...arguments);this.name="QuickJSMemoryLeakDetected"}},S$6=class extends Error{constructor(){super(...arguments);this.name="QuickJSEmscriptenModuleError"}},k$6=class extends TypeError{constructor(){super(...arguments);this.name="QuickJSUnknownIntrinsic"}},v$6=class extends Error{constructor(){super(...arguments);this.name="QuickJSPromisePending"}},_$6=class extends Error{constructor(){super(...arguments);this.name="QuickJSEmptyGetOwnPropertyNames"}};IQ0=y$6;IQ0.of=Ut4;CZ=class{[Symbol.dispose](){return this.dispose()}},PQ0=Symbol.dispose??Symbol.for("Symbol.dispose"),T$6=CZ.prototype;T$6[PQ0]||(T$6[PQ0]=function(){return this.dispose()});YX=class Y extends CZ{constructor(X,Q,J,G){super();this._value=X,this.copier=Q,this.disposer=J,this._owner=G,this._alive=!0,this._constructorStack=CQ0?Error("Lifetime constructed").stack:void 0}get alive(){return this._alive}get value(){return this.assertAlive(),this._value}get owner(){return this._owner}get dupable(){return!!this.copier}dup(){if(this.assertAlive(),!this.copier)throw Error("Non-dupable lifetime");return new Y(this.copier(this._value),this.copier,this.disposer,this._owner)}consume(X){this.assertAlive();let Q=X(this);return this.dispose(),Q}map(X){return this.assertAlive(),X(this)}tap(X){return X(this),this}dispose(){this.assertAlive(),this.disposer&&this.disposer(this._value),this._alive=!1}assertAlive(){if(!this.alive)throw this._constructorStack?new TQ0(`Lifetime not alive
263
263
  ${this._constructorStack}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@decocms/mesh",
3
- "version": "2.59.6",
3
+ "version": "2.59.7",
4
4
  "description": "MCP Mesh - Self-hostable MCP Gateway for managing AI connections and tools",
5
5
  "author": "Deco team",
6
6
  "license": "MIT",