@decocms/mesh 2.80.0 → 2.80.1

package/dist/server/migrate.js

@@ -1192,7 +1192,7 @@ Please refer to the documentation here: https://better-auth.com/docs/plugins/org
     </script>
 	  <script src="https://cdn.jsdelivr.net/npm/@scalar/api-reference" ${J}></script>
   </body>
-</html>`},Zo=(Y)=>{let X=Y?.path??"/reference";return{id:"open-api",endpoints:{generateOpenAPISchema:f0("/open-api/generate-schema",{method:"GET"},async(Q)=>{let J=await YT0(Q.context,Q.context.options);return Q.json(J)}),openAPIReference:f0(X,{method:"GET",metadata:{isAction:!1}},async(Q)=>{if(Y?.disableDefaultReference)throw new i("NOT_FOUND");let J=await YT0(Q.context,Q.context.options);return new Response(Gt6(J,Y?.theme,Y?.nonce),{headers:{"Content-Type":"text/html"}})})}}};TY();ZG();f8();L9();_0();var vE1=i4(async()=>{return{}}),_E1=i4({use:[Y8]},async(Y)=>{return{session:Y.context.session}}),yE1=P1({YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_ORGANIZATION:"You are not allowed to create a new organization",YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS:"You have reached the maximum number of organizations",ORGANIZATION_ALREADY_EXISTS:"Organization already exists",ORGANIZATION_SLUG_ALREADY_TAKEN:"Organization slug already taken",ORGANIZATION_NOT_FOUND:"Organization not found",USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION:"User is not a member of the organization",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_ORGANIZATION:"You are not allowed to update this organization",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_ORGANIZATION:"You are not allowed to delete this organization",NO_ACTIVE_ORGANIZATION:"No active organization",USER_IS_ALREADY_A_MEMBER_OF_THIS_ORGANIZATION:"User is already a member of this organization",MEMBER_NOT_FOUND:"Member not found",ROLE_NOT_FOUND:"Role not found",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM:"You are not allowed to create a new team",TEAM_ALREADY_EXISTS:"Team already exists",TEAM_NOT_FOUND:"Team not found",YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER:"You cannot leave the organization as the only owner",YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER:"You cannot leave the organization without an owner",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_MEMBER:"You are not allowed to delete this member",YOU_ARE_NOT_ALLOWED_TO_INVITE_USERS_TO_THIS_ORGANIZATION:"You are not allowed to invite users to this organization",USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION:"User is already invited to this organization",INVITATION_NOT_FOUND:"Invitation not found",YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION:"You are not the recipient of the invitation",EMAIL_VERIFICATION_REQUIRED_BEFORE_ACCEPTING_OR_REJECTING_INVITATION:"Email verification required before accepting or rejecting invitation",YOU_ARE_NOT_ALLOWED_TO_CANCEL_THIS_INVITATION:"You are not allowed to cancel this invitation",INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION:"Inviter is no longer a member of the organization",YOU_ARE_NOT_ALLOWED_TO_INVITE_USER_WITH_THIS_ROLE:"You are not allowed to invite a user with this role",FAILED_TO_RETRIEVE_INVITATION:"Failed to retrieve invitation",YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS:"You have reached the maximum number of teams",UNABLE_TO_REMOVE_LAST_TEAM:"Unable to remove last team",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER:"You are not allowed to update this member",ORGANIZATION_MEMBERSHIP_LIMIT_REACHED:"Organization membership limit reached",YOU_ARE_NOT_ALLOWED_TO_CREATE_TEAMS_IN_THIS_ORGANIZATION:"You are not allowed to create teams in this organization",YOU_ARE_NOT_ALLOWED_TO_DELETE_TEAMS_IN_THIS_ORGANIZATION:"You are not allowed to delete teams in this organization",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_TEAM:"You are not allowed to update this team",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_TEAM:"You are not allowed to delete this team",INVITATION_LIMIT_REACHED:"Invitation limit reached",TEAM_MEMBER_LIMIT_REACHED:"Team member limit reached",USER_IS_NOT_A_MEMBER_OF_THE_TEAM:"User is not a member of the team",YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM:"You are not allowed to list the members of this team",YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM:"You do not have an active team",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER:"You are not allowed to create a new member",YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER:"You are not allowed to remove a team member",YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION:"You are not allowed to access this organization as an owner",YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION:"You are not a member of this organization",MISSING_AC_INSTANCE:"Dynamic Access Control requires a pre-defined ac instance on the server auth plugin. Read server logs for more information",YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE:"You must be in an organization to create a role",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE:"You are not allowed to create a role",YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE:"You are not allowed to update a role",YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE:"You are not allowed to delete a role",YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE:"You are not allowed to read a role",YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE:"You are not allowed to list a role",YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE:"You are not allowed to get a role",TOO_MANY_ROLES:"This organization has too many roles",INVALID_RESOURCE:"The provided permission includes an invalid resource",ROLE_NAME_IS_ALREADY_TAKEN:"That role name is already taken",CANNOT_DELETE_A_PRE_DEFINED_ROLE:"Cannot delete a pre-defined role"});var fE1=Number.POSITIVE_INFINITY;var QT0=w(),Zt6=$6(["pending","accepted","rejected","canceled"]).default("pending"),hE1=p({id:w().default(o8),name:w(),slug:w(),logo:w().nullish().optional(),metadata:o0(w(),t4()).or(w().transform((Y)=>JSON.parse(Y))).optional(),createdAt:p6()}),bE1=p({id:w().default(o8),organizationId:w(),userId:j6.string(),role:QT0,createdAt:p6().default(()=>new Date)}),xE1=p({id:w().default(o8),organizationId:w(),email:w(),role:QT0,status:Zt6,teamId:w().nullish(),inviterId:w(),expiresAt:p6(),createdAt:p6().default(()=>new Date)}),uE1=p({id:w().default(o8),name:w().min(1),organizationId:w(),createdAt:p6(),updatedAt:p6().optional()}),gE1=p({id:w().default(o8),teamId:w(),userId:w(),createdAt:p6().default(()=>new Date)}),mE1=p({id:w().default(o8),organizationId:w(),role:w(),permission:o0(w(),M0(w())),createdAt:p6().default(()=>new Date),updatedAt:p6().optional()}),XT0=["admin","member","owner"],lE1=i6([$6(XT0),M0($6(XT0))]);G8();f8();L9();var tE1=P1({INVALID_PHONE_NUMBER:"Invalid phone number",PHONE_NUMBER_EXIST:"Phone number already exists",PHONE_NUMBER_NOT_EXIST:"phone number isn't registered",INVALID_PHONE_NUMBER_OR_PASSWORD:"Invalid phone number or password",UNEXPECTED_ERROR:"Unexpected error",OTP_NOT_FOUND:"OTP not found",OTP_EXPIRED:"OTP expired",INVALID_OTP:"Invalid OTP",PHONE_NUMBER_NOT_VERIFIED:"Phone number not verified",PHONE_NUMBER_CANNOT_BE_UPDATED:"Phone number cannot be updated",SEND_OTP_NOT_IMPLEMENTED:"sendOTP not implemented",TOO_MANY_ATTEMPTS:"Too many attempts"});G8();AY();f8();L9();U9();l1();var Kt6=P1({OTP_NOT_ENABLED:"OTP not enabled",OTP_HAS_EXPIRED:"OTP has expired",TOTP_NOT_ENABLED:"TOTP not enabled",TWO_FACTOR_NOT_ENABLED:"Two factor isn't enabled",BACKUP_CODES_NOT_ENABLED:"Backup codes aren't enabled",INVALID_BACKUP_CODE:"Invalid backup code",INVALID_CODE:"Invalid code",TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE:"Too many attempts. Please request a new code.",INVALID_TWO_FACTOR_COOKIE:"Invalid two factor cookie"});f8();L9();var Ht6=P1({INVALID_USERNAME_OR_PASSWORD:"Invalid username or password",EMAIL_NOT_VERIFIED:"Email not verified",UNEXPECTED_ERROR:"Unexpected error",USERNAME_IS_ALREADY_TAKEN:"Username is already taken. Please try another.",USERNAME_TOO_SHORT:"Username is too short",USERNAME_TOO_LONG:"Username is too long",INVALID_USERNAME:"Username is invalid",INVALID_DISPLAY_USERNAME:"Display username is invalid"});var Qz={enabled:!0,batchSize:250,flushIntervalMs:300,maxQueueSize:1e4,redactor:"regex"};import{existsSync as JT0,readFileSync as GT0}from"fs";var qk={emailAndPassword:{enabled:!0}},WT0=process.env.CONFIG_PATH||"./config.json",ZT0=process.env.AUTH_CONFIG_PATH||"./auth-config.json";function Ft6(){if(JT0(WT0))try{let Y=GT0(WT0,"utf-8"),X=JSON.parse(Y);return{auth:qk,monitoring:Qz,...X}}catch{return{auth:qk,monitoring:Qz}}if(JT0(ZT0))try{let Y=GT0(ZT0,"utf-8");return{auth:JSON.parse(Y),monitoring:Qz}}catch{return{auth:qk,monitoring:Qz}}return{auth:qk,monitoring:Qz}}var Ko=Ft6();import{existsSync as nl4,mkdirSync as il4}from"fs";import{Kysely as MZ6,PostgresDialect as wZ6,sql as F90}from"kysely";import{BunWorkerDialect as PZ6}from"kysely-bun-worker";import*as TZ6 from"path";var LJ=y1(go(),1),t21=LJ.default.Client,po=LJ.default.Pool,e21=LJ.default.Connection,YR1=LJ.default.types,XR1=LJ.default.Query,QR1=LJ.default.DatabaseError,JR1=LJ.default.escapeIdentifier,GR1=LJ.default.escapeLiteral,WR1=LJ.default.Result,ZR1=LJ.default.TypeOverrides,KR1=LJ.default.defaults;var JV=y1(l0(),1),SB=y1(_k(),1);var Eg0=y1(Cx0(),1);var It=y1(Ou0(),1);var Mu0=y1(Oz(),1);function Nu0(Y){if(Y>=48&&Y<=57)return Y-48;if(Y>=97&&Y<=102)return Y-87;return Y-55}function ek(Y){let X=new Uint8Array(Y.length/2),Q=0;for(let J=0;J<Y.length;J+=2){let G=Nu0(Y.charCodeAt(J)),K=Nu0(Y.charCodeAt(J+1));X[Q++]=G<<4|K}return X}function wu0(Y){let X=BigInt(1e9);return BigInt(Math.trunc(Y[0]))*X+BigInt(Math.trunc(Y[1]))}function uF4(Y){let X=Number(BigInt.asUintN(32,Y)),Q=Number(BigInt.asUintN(32,Y>>BigInt(32)));return{low:X,high:Q}}function Pu0(Y){let X=wu0(Y);return uF4(X)}function gF4(Y){return wu0(Y).toString()}var mF4=typeof BigInt<"u"?gF4:Mu0.hrTimeToNanoseconds;function Lu0(Y){return Y}function Tu0(Y){if(Y===void 0)return;return ek(Y)}var lF4={encodeHrTime:Pu0,encodeSpanContext:ek,encodeOptionalSpanContext:Tu0};function Au0(Y){if(Y===void 0)return lF4;let X=Y.useLongBits??!0,Q=Y.useHex??!1;return{encodeHrTime:X?Pu0:mF4,encodeSpanContext:Q?Lu0:ek,encodeOptionalSpanContext:Q?Lu0:Tu0}}function Eu0(Y){let X={attributes:dF4(Y.attributes),droppedAttributesCount:0},Q=Y.schemaUrl;if(Q&&Q!=="")X.schemaUrl=Q;return X}function Cu0(Y){return{name:Y.name,version:Y.version}}function dF4(Y){return Object.keys(Y).map((X)=>Yv(X,Y[X]))}function Yv(Y,X){return{key:Y,value:Xv(X)}}function Xv(Y){let X=typeof Y;if(X==="string")return{stringValue:Y};if(X==="number"){if(!Number.isInteger(Y))return{doubleValue:Y};return{intValue:Y}}if(X==="boolean")return{boolValue:Y};if(Y instanceof Uint8Array)return{bytesValue:Y};if(Array.isArray(Y))return{arrayValue:{values:Y.map(Xv)}};if(X==="object"&&Y!=null)return{kvlistValue:{values:Object.entries(Y).map(([Q,J])=>Yv(Q,J))}};return{}}function Iu0(Y,X){let Q=Au0(X);return{resourceLogs:cF4(Y,Q)}}function pF4(Y){let X=new Map;for(let Q of Y){let{resource:J,instrumentationScope:{name:G,version:K="",schemaUrl:W=""}}=Q,Z=X.get(J);if(!Z)Z=new Map,X.set(J,Z);let H=`${G}@${K}:${W}`,F=Z.get(H);if(!F)F=[],Z.set(H,F);F.push(Q)}return X}function cF4(Y,X){let Q=pF4(Y);return Array.from(Q,([J,G])=>{let K=Eu0(J);return{resource:K,scopeLogs:Array.from(G,([,W])=>{return{scope:Cu0(W[0].instrumentationScope),logRecords:W.map((Z)=>nF4(Z,X)),schemaUrl:W[0].instrumentationScope.schemaUrl}}),schemaUrl:K.schemaUrl}})}function nF4(Y,X){return{timeUnixNano:X.encodeHrTime(Y.hrTime),observedTimeUnixNano:X.encodeHrTime(Y.hrTimeObserved),severityNumber:iF4(Y.severityNumber),severityText:Y.severityText,body:Xv(Y.body),eventName:Y.eventName,attributes:aF4(Y.attributes),droppedAttributesCount:Y.droppedAttributesCount,flags:Y.spanContext?.traceFlags,traceId:X.encodeOptionalSpanContext(Y.spanContext?.traceId),spanId:X.encodeOptionalSpanContext(Y.spanContext?.spanId)}}function iF4(Y){return Y}function aF4(Y){return Object.keys(Y).map((X)=>Yv(X,Y[X]))}var rF4=It.opentelemetry.proto.collector.logs.v1.ExportLogsServiceResponse,oF4=It.opentelemetry.proto.collector.logs.v1.ExportLogsServiceRequest,Qv={serializeRequest:(Y)=>{let X=Iu0(Y);return oF4.encode(X).finish()},deserializeResponse:(Y)=>{return rF4.decode(Y)}};var Wv=y1(kt(),1);class Mz extends Eg0.OTLPExporterBase{constructor(Y={}){super(Wv.createOtlpHttpExportDelegate(Wv.convertLegacyHttpOptions(Y,"LOGS","v1/logs",{"Content-Type":"application/x-protobuf"}),Qv))}}var zZ6=y1(si0(),1),BZ6=y1(U00(),1),UZ6=y1(ze0(),1);var cG=y1(l0(),1);var lA4=globalThis.fetch;async function dA4(Y,X){let Q,J;if(Y instanceof Request)Q=new URL(Y.url),J=X?.method??Y.method;else if(Y instanceof URL)Q=Y,J=X?.method??"GET";else Q=new URL(Y),J=X?.method??"GET";let G=`${J} ${Q.host}`;return i00.startActiveSpan(G,{kind:cG.SpanKind.CLIENT,attributes:{"http.request.method":J,"url.full":Q.href,"url.scheme":Q.protocol.replace(":",""),"url.path":Q.pathname,"url.query":Q.search||void 0,"server.address":Q.hostname,"server.port":Q.port?Number(Q.port):void 0}},async(K)=>{try{let W=new Headers(X?.headers??(Y instanceof Request?Y.headers:{}));cG.propagation.inject(cG.context.active(),W,{set:(F,V,q)=>F.set(V,q)});let Z={...X,headers:W},H=await lA4(Y,Z);if(K.setAttribute("http.response.status_code",H.status),H.status>=400)K.setStatus({code:cG.SpanStatusCode.ERROR,message:`HTTP ${H.status}`});else K.setStatus({code:cG.SpanStatusCode.OK});return H}catch(W){throw K.recordException(W),K.setStatus({code:cG.SpanStatusCode.ERROR,message:W instanceof Error?W.message:"Fetch failed"}),W}finally{K.end()}})}function Be0(){globalThis.fetch=dA4}var Ue0=y1(l0(),1),y9=y1(Oz(),1);class a00{_maxExportBatchSize;_maxQueueSize;_scheduledDelayMillis;_exportTimeoutMillis;_exporter;_isExporting=!1;_finishedLogRecords=[];_timer;_shutdownOnce;constructor(Y,X){if(this._exporter=Y,this._maxExportBatchSize=X?.maxExportBatchSize??y9.getNumberFromEnv("OTEL_BLRP_MAX_EXPORT_BATCH_SIZE")??512,this._maxQueueSize=X?.maxQueueSize??y9.getNumberFromEnv("OTEL_BLRP_MAX_QUEUE_SIZE")??2048,this._scheduledDelayMillis=X?.scheduledDelayMillis??y9.getNumberFromEnv("OTEL_BLRP_SCHEDULE_DELAY")??5000,this._exportTimeoutMillis=X?.exportTimeoutMillis??y9.getNumberFromEnv("OTEL_BLRP_EXPORT_TIMEOUT")??30000,this._shutdownOnce=new y9.BindOnceFuture(this._shutdown,this),this._maxExportBatchSize>this._maxQueueSize)Ue0.diag.warn("BatchLogRecordProcessor: maxExportBatchSize must be smaller or equal to maxQueueSize, setting maxExportBatchSize to match maxQueueSize"),this._maxExportBatchSize=this._maxQueueSize}onEmit(Y){if(this._shutdownOnce.isCalled)return;this._addToBuffer(Y)}forceFlush(){if(this._shutdownOnce.isCalled)return this._shutdownOnce.promise;return this._flushAll()}shutdown(){return this._shutdownOnce.call()}async _shutdown(){this.onShutdown(),await this._flushAll(),await this._exporter.shutdown()}_addToBuffer(Y){if(this._finishedLogRecords.length>=this._maxQueueSize)return;this._finishedLogRecords.push(Y),this._maybeStartTimer()}_flushAll(){return new Promise((Y,X)=>{let Q=[],J=Math.ceil(this._finishedLogRecords.length/this._maxExportBatchSize);for(let G=0;G<J;G++)Q.push(this._flushOneBatch());Promise.all(Q).then(()=>{Y()}).catch(X)})}_flushOneBatch(){if(this._clearTimer(),this._finishedLogRecords.length===0)return Promise.resolve();return y9.callWithTimeout(this._export(this._finishedLogRecords.splice(0,this._maxExportBatchSize)),this._exportTimeoutMillis)}_maybeStartTimer(){if(this._isExporting)return;let Y=()=>{this._isExporting=!0,this._flushOneBatch().then(()=>{if(this._isExporting=!1,this._finishedLogRecords.length>0)this._clearTimer(),this._maybeStartTimer()}).catch((X)=>{this._isExporting=!1,y9.globalErrorHandler(X)})};if(this._finishedLogRecords.length>=this._maxExportBatchSize)return Y();if(this._timer!==void 0)return;if(this._timer=setTimeout(()=>Y(),this._scheduledDelayMillis),typeof this._timer!=="number")this._timer.unref()}_clearTimer(){if(this._timer!==void 0)clearTimeout(this._timer),this._timer=void 0}_export(Y){let X=()=>y9.internal._export(this._exporter,Y).then((J)=>{if(J.code!==y9.ExportResultCode.SUCCESS)y9.globalErrorHandler(J.error??Error(`BatchLogRecordProcessor: log record export failed (status ${J})`))}).catch(y9.globalErrorHandler),Q=[];for(let J=0;J<Y.length;J++){let G=Y[J].resource;if(G.asyncAttributesPending&&typeof G.waitForAsyncAttributes==="function")Q.push(G.waitForAsyncAttributes())}if(Q.length===0)return X();else return Promise.all(Q).then(X,y9.globalErrorHandler)}}class lz extends a00{onShutdown(){}}var DZ6=y1(qZ6(),1);var K7;(function(Y){Y[Y.NOT_RECORD=0]="NOT_RECORD",Y[Y.RECORD=1]="RECORD",Y[Y.RECORD_AND_SAMPLED=2]="RECORD_AND_SAMPLED"})(K7||(K7={}));var ul4="__d",gl4=JV.createContextKey("Current request"),ml4=0.1,$Z6=(Y)=>{let Q=new URL(Y.url).searchParams.get(ul4);if(Q==="")return crypto.randomUUID();if(!Q)Q=Y.headers.get("x-trace-debug-id");return Q};class OZ6{inner;constructor(Y){this.inner=Y}shouldSample(Y,X,Q,J,G,K){let W=Y.getValue(gl4);if(!W){if(this.inner)return this.inner.shouldSample(Y,X,Q,J,G,K);return{decision:K7.RECORD_AND_SAMPLED}}let Z=$Z6(W);if(Z)return{decision:K7.RECORD_AND_SAMPLED,attributes:{"trace.debug.id":Z}};if(this.inner){let H=this.inner.shouldSample(Y,X,Q,J,G,K);if(H.decision===K7.RECORD_AND_SAMPLED){let F=crypto.randomUUID();H.attributes={...H.attributes??{},"trace.debug.id":F}}return H}return{decision:K7.NOT_RECORD}}toString(){return"DebugSampler"}}class NZ6{ratio;constructor(Y){this.ratio=Y}shouldSample(){if(Math.random()<this.ratio)return{decision:K7.RECORD_AND_SAMPLED};return{decision:K7.NOT_RECORD}}toString(){return`RatioSampler(${this.ratio})`}}var ll4=new zZ6.PrometheusExporter({preventServerStart:!0}),dl4=new OZ6(new NZ6(ml4)),pl4=new DZ6.NodeSDK({serviceName:process.env.OTEL_SERVICE_NAME??"mesh",traceExporter:new BZ6.OTLPTraceExporter,metricReader:ll4,sampler:dl4,logRecordProcessors:[new lz(new Mz)],instrumentations:[new UZ6.RuntimeNodeInstrumentation]});pl4.start();Be0();var i00=JV.trace.getTracer("mesh","1.0.0"),LZ6=JV.metrics.getMeter("mesh","1.0.0"),cl4=SB.logs.getLogger("mesh","1.0.0"),K90=(Y,X,Q)=>{let J={},G=Q,K=Q[Q.length-1];if(K!==null&&typeof K==="object"&&!Array.isArray(K)&&!(K instanceof Error)&&Object.getPrototypeOf(K)===Object.prototype)J=K,G=Q.slice(0,-1);let W=G.map((Z)=>{if(Z instanceof Error)return`${Z.name}: ${Z.message}`;if(typeof Z==="object")try{return JSON.stringify(Z)}catch{return"[Object]"}return String(Z)}).join(" ");cl4.emit({severityNumber:Y,severityText:X,body:W,attributes:{"log.source":"console",...J}})},H90={error:console.error.bind(console),warn:console.warn.bind(console),debug:console.debug.bind(console)};console.error=(...Y)=>{K90(SB.SeverityNumber.ERROR,"ERROR",Y),H90.error(...Y)};console.warn=(...Y)=>{K90(SB.SeverityNumber.WARN,"WARN",Y),H90.warn(...Y)};console.debug=(...Y)=>{K90(SB.SeverityNumber.DEBUG,"DEBUG",Y),H90.debug(...Y)};var al4=LZ6.createHistogram("db.query.duration",{description:"Database query execution duration in milliseconds",unit:"ms"}),rl4=["PRAGMA busy_timeout = ?;"],ol4=400,AZ6=(Y)=>{let X={"db.statement":Y.query.sql,"db.status":Y.level==="error"?"error":"success"};if(Y.queryDurationMillis>ol4)console.error("Slow query detected:",{durationMs:Y.queryDurationMillis,sql:Y.query.sql,params:Y.query.parameters});if(al4.record(Y.queryDurationMillis,X),Y.level==="error"&&!rl4.includes(Y.query.sql))console.error("Query failed:",{durationMs:Y.queryDurationMillis,error:Y.error,sql:Y.query.sql})},EZ6={keepAlive:!0,keepAliveInitialDelayMillis:1e4,idleTimeoutMillis:300000,connectionTimeoutMillis:30000,allowExitOnIdle:!0};function sl4(Y){let X=new po({connectionString:Y.connectionString,max:Y.options?.maxConnections||10,ssl:process.env.DATABASE_PG_SSL==="true"?!0:!1,...EZ6}),Q=new wZ6({pool:X});return{type:"postgres",db:new MZ6({dialect:Q,log:AZ6}),pool:X}}function CZ6(Y){if(Y===":memory:")return":memory:";if(Y.includes("://"))return new URL(Y).pathname;return Y}function IZ6(Y){if(Y!==":memory:"&&Y!=="/"&&Y){let X=Y.substring(0,Y.lastIndexOf("/"));if(X&&X!=="/"&&!nl4(X))try{il4(X,{recursive:!0})}catch{return console.warn(`Failed to create directory ${X}, using in-memory database`),":memory:"}}return Y}function tl4(Y){let X=CZ6(Y.connectionString);X=IZ6(X);let Q=new PZ6({url:X||":memory:"}),J=new MZ6({dialect:Q,log:AZ6});if(!0)F90`PRAGMA foreign_keys = ON;`.execute(J).catch(()=>{});if(X!==":memory:"&&Y.options?.enableWAL!==!1)F90`PRAGMA journal_mode = WAL;`.execute(J).catch(()=>{});if(X!==":memory:"){let K=Y.options?.busyTimeout||5000;F90`PRAGMA busy_timeout = ${K};`.execute(J).catch(()=>{})}return{type:"sqlite",db:J}}function RZ6(Y){let X=Y||"file:./data/mesh.db";if(X===":memory:")return{type:"sqlite",connectionString:":memory:"};X=X.startsWith("/")?`file://${X}`:X;let Q=URL.canParse(X)?new URL(X):null,J=Q?.protocol.replace(":","")??X.split("://")[0];switch(J){case"postgres":case"postgresql":return{type:"postgres",connectionString:X};case"sqlite":case"file":if(!Q?.pathname)throw Error("Invalid database URL: "+X);return{type:"sqlite",connectionString:Q.pathname};default:throw Error(`Unsupported database protocol: ${J}. Supported protocols: postgres://, postgresql://, sqlite://, file://`)}}function q90(){return process.env.DATABASE_URL||`file:${TZ6.join(process.cwd(),"data/mesh.db")}`}function SZ6(Y){let X=RZ6(Y);if(X.type==="postgres")return new wZ6({pool:new po({connectionString:X.connectionString,max:X.options?.maxConnections||10,ssl:process.env.DATABASE_PG_SSL==="true"?!0:!1,...EZ6})});let Q=CZ6(X.connectionString);return Q=IZ6(Q),new PZ6({url:Q||":memory:"})}function el4(Y){let X=RZ6(Y);if(X.type==="postgres")return sl4(X);return tl4(X)}async function jZ6(Y){if(await Y.db.destroy(),Y.type==="postgres"&&!Y.pool.ended)await Y.pool.end()}var V90=null;function zP(){if(!V90)V90=el4(q90());return V90}class $90{apiKey;constructor(Y){this.apiKey=Y}async sendEmail({to:Y,from:X,subject:Q,html:J}){let G=await fetch("https://api.resend.com/emails",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.apiKey}`},body:JSON.stringify({to:Y,from:X,subject:Q,html:J})});if(!G.ok)throw Error(`Failed to send email: ${G.statusText}`)}}class z90{apiKey;constructor(Y){this.apiKey=Y}async sendEmail({to:Y,from:X,subject:Q,html:J}){let G=await fetch("https://api.sendgrid.com/v3/mail/send",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.apiKey}`},body:JSON.stringify({personalizations:[{to:[{email:Y}]}],from:{email:X},subject:Q,content:[{type:"text/html",value:J}]})});if(!G.ok){let K=await G.text();throw Error(`Failed to send email via SendGrid: ${G.statusText} - ${K}`)}}}var Yd4=(Y)=>{let X=new $90(Y.config.apiKey);return async({to:Q,subject:J,html:G})=>{await X.sendEmail({to:Q,from:Y.config.fromEmail,subject:J,html:G})}},Xd4=(Y)=>{let X=new z90(Y.config.apiKey);return async({to:Q,subject:J,html:G})=>{await X.sendEmail({to:Q,from:Y.config.fromEmail,subject:J,html:G})}},Qd4={resend:Yd4,sendgrid:Xd4};function Vf(Y){let X=Qd4[Y.provider];if(!X)throw Error(`Unknown email provider: ${Y.provider}`);return X(Y)}function qf(Y,X){return Y.find((Q)=>Q.id===X)}var kZ6=(Y,X)=>{let Q=qf(X,Y.emailProviderId);if(!Q)throw Error(`Email provider with id '${Y.emailProviderId}' not found`);let J=Vf(Q);return{sendMagicLink:async({email:G,url:K})=>{await J({to:G,subject:"Magic Link",html:`<p>Click <a href="${K}">here</a> to login</p>`})}}};I7();import{createCipheriv as Jd4,createDecipheriv as Gd4,randomBytes as vZ6}from"crypto";var _Z6="aes-256-gcm",BP=16,yZ6=16,fZ6=32;class B90{key;constructor(Y){if(Buffer.from(Y,"base64").length===fZ6)this.key=Buffer.from(Y,"base64");else{let X=q0("crypto");this.key=X.createHash("sha256").update(Y).digest()}}async encrypt(Y){let X=vZ6(BP),Q=Jd4(_Z6,this.key,X),J=Q.update(Y,"utf8");J=Buffer.concat([J,Q.final()]);let G=Q.getAuthTag();return Buffer.concat([X,G,J]).toString("base64")}async decrypt(Y){let X=Buffer.from(Y,"base64"),Q=X.subarray(0,BP),J=X.subarray(BP,BP+yZ6),G=X.subarray(BP+yZ6),K=Gd4(_Z6,this.key,Q);K.setAuthTag(J);let W=K.update(G);return W=Buffer.concat([W,K.final()]),W.toString("utf8")}static generateKey(){return vZ6(fZ6).toString("base64")}}eK();UP();I7();var Wd4=["connection_headers","oauth_config","configuration_scopes","metadata","tools","bindings"];class U90{db;vault;constructor(Y,X){this.db=Y;this.vault=X}async create(Y){let X=Y.id??Y3("conn"),Q=new Date().toISOString(),J=await this.findById(X);if(J){if(J.organization_id!==Y.organization_id)throw Error("Connection ID already exists");return this.update(X,Y)}let G=await this.serializeConnection({...Y,id:Y.id??X,status:"active",created_at:Q,updated_at:Q});await this.db.insertInto("connections").values(G).execute();let K=await this.findById(X);if(!K)throw Error(`Failed to create connection with id: ${X}`);return K}async findById(Y,X){let Q=jd(Y);if(Q)return kd(X??Q);let J=this.db.selectFrom("connections").selectAll().where("id","=",Y);if(X)J=J.where("organization_id","=",X);let G=await J.executeTakeFirst();return G?this.deserializeConnection(G):null}async list(Y,X){let Q=this.db.selectFrom("connections").selectAll().where("organization_id","=",Y);if(!X?.includeVirtual)Q=Q.where("connection_type","!=","VIRTUAL");let J=await Q.execute();return Promise.all(J.map((G)=>this.deserializeConnection(G)))}async update(Y,X){if(Object.keys(X).length===0){let G=await this.findById(Y);if(!G)throw Error("Connection not found");return G}let Q=await this.serializeConnection({...X,updated_at:new Date().toISOString()});await this.db.updateTable("connections").set(Q).where("id","=",Y).execute();let J=await this.findById(Y);if(!J)throw Error("Connection not found after update");return J}async delete(Y){await this.db.deleteFrom("connections").where("id","=",Y).execute()}async testConnection(Y,X){let Q=await this.findById(Y);if(!Q)throw Error("Connection not found");let J=Date.now();if(Q.connection_type==="STDIO")return{healthy:!0,latencyMs:Date.now()-J};if(!Q.connection_url)return{healthy:!1,latencyMs:Date.now()-J};try{let G=Q.connection_headers,K=await fetch(Q.connection_url,{method:"POST",headers:{"Content-Type":"application/json",...Q.connection_token&&{Authorization:`Bearer ${Q.connection_token}`},...G?.headers,...X},body:JSON.stringify({jsonrpc:"2.0",method:"ping",id:1})});return{healthy:K.ok||K.status===404,latencyMs:Date.now()-J}}catch{return{healthy:!1,latencyMs:Date.now()-J}}}async serializeConnection(Y){let X={};for(let[Q,J]of Object.entries(Y)){if(J===void 0)continue;if(Q==="connection_token"&&J)X[Q]=await this.vault.encrypt(J);else if(Q==="configuration_state"&&J){let G=JSON.stringify(J);X[Q]=await this.vault.encrypt(G)}else if(Q==="connection_headers"&&J){let G=J;if(wZ(G)&&G.envVars){let K={};for(let[W,Z]of Object.entries(G.envVars))K[W]=await this.vault.encrypt(Z);X[Q]=JSON.stringify({...G,envVars:K})}else X[Q]=JSON.stringify(G)}else if(Wd4.includes(Q))X[Q]=J?JSON.stringify(J):null;else X[Q]=J}return X}async deserializeConnection(Y){let X=null;if(Y.connection_token)try{X=await this.vault.decrypt(Y.connection_token)}catch(K){console.error("Failed to decrypt connection token:",K)}let Q=null;if(Y.configuration_state)try{let K=await this.vault.decrypt(Y.configuration_state);Q=JSON.parse(K)}catch(K){console.error("Failed to decrypt configuration state:",K)}let J=null;if(Y.connection_headers)try{let K=JSON.parse(Y.connection_headers);if(wZ(K)&&K.envVars){let W={};for(let[Z,H]of Object.entries(K.envVars))try{W[Z]=await this.vault.decrypt(H)}catch{W[Z]=H}J={...K,envVars:W}}else J=K}catch(K){console.error("Failed to parse connection_headers:",K)}let G=(K)=>{if(K===null)return null;if(typeof K==="string")try{return JSON.parse(K)}catch{return null}return K};return{id:Y.id,organization_id:Y.organization_id,created_by:Y.created_by,updated_by:Y.updated_by??void 0,title:Y.title,description:Y.description,icon:Y.icon,app_name:Y.app_name,app_id:Y.app_id,connection_type:Y.connection_type,connection_url:Y.connection_url,connection_token:X,connection_headers:J,oauth_config:G(Y.oauth_config),configuration_state:Q,configuration_scopes:G(Y.configuration_scopes),metadata:G(Y.metadata),tools:G(Y.tools),bindings:G(Y.bindings),status:Y.status,created_at:Y.created_at,updated_at:Y.updated_at}}}UP();class D90{db;constructor(Y){this.db=Y}parseRow(Y){return{id:Y.id,organizationId:Y.organization_id,slug:Y.slug,name:Y.name,description:Y.description,enabledPlugins:Y.enabled_plugins?typeof Y.enabled_plugins==="string"?JSON.parse(Y.enabled_plugins):Y.enabled_plugins:null,ui:Y.ui?typeof Y.ui==="string"?JSON.parse(Y.ui):Y.ui:null,createdAt:Y.created_at,updatedAt:Y.updated_at}}async list(Y){return(await this.db.selectFrom("projects").selectAll().where("organization_id","=",Y).orderBy("created_at","asc").execute()).map((Q)=>this.parseRow(Q))}async get(Y){let X=await this.db.selectFrom("projects").selectAll().where("id","=",Y).executeTakeFirst();return X?this.parseRow(X):null}async getBySlug(Y,X){let Q=await this.db.selectFrom("projects").selectAll().where("organization_id","=",Y).where("slug","=",X).executeTakeFirst();return Q?this.parseRow(Q):null}async create(Y){let X=new Date().toISOString(),Q=Y3("proj");await this.db.insertInto("projects").values({id:Q,organization_id:Y.organizationId,slug:Y.slug,name:Y.name,description:Y.description??null,enabled_plugins:Y.enabledPlugins?JSON.stringify(Y.enabledPlugins):null,ui:Y.ui?JSON.stringify(Y.ui):null,created_at:X,updated_at:X}).execute();let J=await this.get(Q);if(!J)throw Error("Failed to create project");return J}async update(Y,X){let Q={updated_at:new Date().toISOString()};if(X.name!==void 0)Q.name=X.name;if(X.description!==void 0)Q.description=X.description;if(X.enabledPlugins!==void 0)Q.enabled_plugins=X.enabledPlugins?JSON.stringify(X.enabledPlugins):null;if(X.ui!==void 0)Q.ui=X.ui?JSON.stringify(X.ui):null;return await this.db.updateTable("projects").set(Q).where("id","=",Y).execute(),this.get(Y)}async delete(Y){return((await this.db.deleteFrom("projects").where("id","=",Y).executeTakeFirst()).numDeletedRows??0n)>0n}}Df();_0();function vi4(Y){return[{permissions:{self:["*"]},getTools:async()=>{let{ALL_TOOLS:X}=await Promise.resolve().then(() => (tV6(),sV6));return X.map((Q)=>{return{name:Q.name,inputSchema:N.toJSONSchema(Q.inputSchema,{unrepresentable:"any"}),outputSchema:Q.outputSchema?N.toJSONSchema(Q.outputSchema,{unrepresentable:"any"}):void 0,description:Q.description}})},data:Rd(B5(),Y)},{data:Id()},{data:Cd(Y)}]}async function eV6(Y,X){try{let Q=zP(),J=new B90(process.env.ENCRYPTION_KEY||""),G=new U90(Q.db,J),K=new D90(Q.db),W=vi4(Y);try{await K.create({organizationId:Y,slug:xJ,name:OV,description:"Organization administration and settings",enabledPlugins:null,ui:null})}catch(Z){console.warn("Could not create org-admin project (may already exist):",Z)}await Promise.all(W.map(async(Z)=>{let H=null;if(Z.permissions)H=(await oB.api.createApiKey({body:{name:`${Z.data.app_name??crypto.randomUUID()}-mcp`,userId:X,permissions:Z.permissions,rateLimitEnabled:!1,metadata:{organization:{id:Y},purpose:"default-org-connections"}}}))?.key;let F=await Z.getTools?.()??await xB({id:"pending",title:Z.data.title,connection_type:Z.data.connection_type,connection_url:Z.data.connection_url,connection_token:Z.data.connection_token,connection_headers:Z.data.connection_headers}).catch(()=>null),V=Z.data.id?Z.data.id.startsWith(`${Y}_`)?Z.data.id:`${Y}_${Z.data.id}`:void 0;await G.create({...Z.data,id:V,tools:F,organization_id:Y,created_by:X,connection_token:Z.data.connection_token??H})}))}catch(Q){console.error("Error creating default MCP connections:",Q)}}var Yq6=["owner","admin"];var _i4=(Y)=>{return{defaultSSO:[{domain:Y.domain,providerId:Y.providerId,oidcConfig:{issuer:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/v2.0`,pkce:!0,clientId:Y.MS_CLIENT_ID,clientSecret:Y.MS_CLIENT_SECRET,discoveryEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/v2.0/.well-known/openid-configuration`,authorizationEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/oauth2/v2.0/authorize`,tokenEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/oauth2/v2.0/token`,jwksEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/discovery/v2.0/keys`,userInfoEndpoint:"https://graph.microsoft.com/oidc/userinfo",tokenEndpointAuthentication:"client_secret_post",scopes:Y.scopes,mapping:{id:"sub",email:"email",emailVerified:"email_verified",name:"name",image:"picture",extraFields:{emailVerified:"email_verified"}}}}]}},Xq6=(Y)=>{if(Y.providerId==="microsoft")return _i4(Y);throw Error(`Unsupported provider: ${Y.providerId}`)};function yi4(Y){return Y.toLowerCase().trim().replace(/[^a-z0-9\s_-]+/g,"").replace(/[\s_-]+/g,"-").replace(/^-+|-+$/g,"")}var Qq6=["labs","agent","studio","workspace","systems","core","cloud","works"],Jq6=["capybara","guarana","deco","samba","feijoada","capoeira","carnival"];function fi4(){let Y=Math.floor(Math.random()*Jq6.length),X=Math.floor(Math.random()*Qq6.length),Q=Jq6[Y]??"deco",J=Qq6[X]??"studio";return`${Q}-${J}`}var hi4=Object.values(Dc()).map((Y)=>Y.map((X)=>X.name)).flat(),bi4={...sj,self:["*",...hi4]},bf=hG(bi4),xi4=bf.newRole({self:["*"],...dL.statements}),ui4=bf.newRole({self:["*"],...dL.statements}),gi4=bf.newRole({self:["*"],...dL.statements}),Gq6=Object.values(Dc()).map((Y)=>Y.map((X)=>`self:${X.name}`)).flat(),vQ=Ko.auth,Wq6=void 0;if(vQ.inviteEmailProviderId&&vQ.emailProviders&&vQ.emailProviders.length>0){let Y=qf(vQ.emailProviders,vQ.inviteEmailProviderId);if(Y){let X=Vf(Y);Wq6=async(Q)=>{let J=Q.inviter.user?.name||Q.inviter.user?.email,G=`${B5()}/auth/accept-invitation?invitationId=${Q.invitation.id}`;await X({to:Q.email,subject:`Invitation to join ${Q.organization.name}`,html:`
+</html>`},Zo=(Y)=>{let X=Y?.path??"/reference";return{id:"open-api",endpoints:{generateOpenAPISchema:f0("/open-api/generate-schema",{method:"GET"},async(Q)=>{let J=await YT0(Q.context,Q.context.options);return Q.json(J)}),openAPIReference:f0(X,{method:"GET",metadata:{isAction:!1}},async(Q)=>{if(Y?.disableDefaultReference)throw new i("NOT_FOUND");let J=await YT0(Q.context,Q.context.options);return new Response(Gt6(J,Y?.theme,Y?.nonce),{headers:{"Content-Type":"text/html"}})})}}};TY();ZG();f8();L9();_0();var vE1=i4(async()=>{return{}}),_E1=i4({use:[Y8]},async(Y)=>{return{session:Y.context.session}}),yE1=P1({YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_ORGANIZATION:"You are not allowed to create a new organization",YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS:"You have reached the maximum number of organizations",ORGANIZATION_ALREADY_EXISTS:"Organization already exists",ORGANIZATION_SLUG_ALREADY_TAKEN:"Organization slug already taken",ORGANIZATION_NOT_FOUND:"Organization not found",USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION:"User is not a member of the organization",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_ORGANIZATION:"You are not allowed to update this organization",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_ORGANIZATION:"You are not allowed to delete this organization",NO_ACTIVE_ORGANIZATION:"No active organization",USER_IS_ALREADY_A_MEMBER_OF_THIS_ORGANIZATION:"User is already a member of this organization",MEMBER_NOT_FOUND:"Member not found",ROLE_NOT_FOUND:"Role not found",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM:"You are not allowed to create a new team",TEAM_ALREADY_EXISTS:"Team already exists",TEAM_NOT_FOUND:"Team not found",YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER:"You cannot leave the organization as the only owner",YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER:"You cannot leave the organization without an owner",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_MEMBER:"You are not allowed to delete this member",YOU_ARE_NOT_ALLOWED_TO_INVITE_USERS_TO_THIS_ORGANIZATION:"You are not allowed to invite users to this organization",USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION:"User is already invited to this organization",INVITATION_NOT_FOUND:"Invitation not found",YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION:"You are not the recipient of the invitation",EMAIL_VERIFICATION_REQUIRED_BEFORE_ACCEPTING_OR_REJECTING_INVITATION:"Email verification required before accepting or rejecting invitation",YOU_ARE_NOT_ALLOWED_TO_CANCEL_THIS_INVITATION:"You are not allowed to cancel this invitation",INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION:"Inviter is no longer a member of the organization",YOU_ARE_NOT_ALLOWED_TO_INVITE_USER_WITH_THIS_ROLE:"You are not allowed to invite a user with this role",FAILED_TO_RETRIEVE_INVITATION:"Failed to retrieve invitation",YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS:"You have reached the maximum number of teams",UNABLE_TO_REMOVE_LAST_TEAM:"Unable to remove last team",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER:"You are not allowed to update this member",ORGANIZATION_MEMBERSHIP_LIMIT_REACHED:"Organization membership limit reached",YOU_ARE_NOT_ALLOWED_TO_CREATE_TEAMS_IN_THIS_ORGANIZATION:"You are not allowed to create teams in this organization",YOU_ARE_NOT_ALLOWED_TO_DELETE_TEAMS_IN_THIS_ORGANIZATION:"You are not allowed to delete teams in this organization",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_TEAM:"You are not allowed to update this team",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_TEAM:"You are not allowed to delete this team",INVITATION_LIMIT_REACHED:"Invitation limit reached",TEAM_MEMBER_LIMIT_REACHED:"Team member limit reached",USER_IS_NOT_A_MEMBER_OF_THE_TEAM:"User is not a member of the team",YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM:"You are not allowed to list the members of this team",YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM:"You do not have an active team",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER:"You are not allowed to create a new member",YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER:"You are not allowed to remove a team member",YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION:"You are not allowed to access this organization as an owner",YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION:"You are not a member of this organization",MISSING_AC_INSTANCE:"Dynamic Access Control requires a pre-defined ac instance on the server auth plugin. Read server logs for more information",YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE:"You must be in an organization to create a role",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE:"You are not allowed to create a role",YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE:"You are not allowed to update a role",YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE:"You are not allowed to delete a role",YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE:"You are not allowed to read a role",YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE:"You are not allowed to list a role",YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE:"You are not allowed to get a role",TOO_MANY_ROLES:"This organization has too many roles",INVALID_RESOURCE:"The provided permission includes an invalid resource",ROLE_NAME_IS_ALREADY_TAKEN:"That role name is already taken",CANNOT_DELETE_A_PRE_DEFINED_ROLE:"Cannot delete a pre-defined role"});var fE1=Number.POSITIVE_INFINITY;var QT0=w(),Zt6=$6(["pending","accepted","rejected","canceled"]).default("pending"),hE1=p({id:w().default(o8),name:w(),slug:w(),logo:w().nullish().optional(),metadata:o0(w(),t4()).or(w().transform((Y)=>JSON.parse(Y))).optional(),createdAt:p6()}),bE1=p({id:w().default(o8),organizationId:w(),userId:j6.string(),role:QT0,createdAt:p6().default(()=>new Date)}),xE1=p({id:w().default(o8),organizationId:w(),email:w(),role:QT0,status:Zt6,teamId:w().nullish(),inviterId:w(),expiresAt:p6(),createdAt:p6().default(()=>new Date)}),uE1=p({id:w().default(o8),name:w().min(1),organizationId:w(),createdAt:p6(),updatedAt:p6().optional()}),gE1=p({id:w().default(o8),teamId:w(),userId:w(),createdAt:p6().default(()=>new Date)}),mE1=p({id:w().default(o8),organizationId:w(),role:w(),permission:o0(w(),M0(w())),createdAt:p6().default(()=>new Date),updatedAt:p6().optional()}),XT0=["admin","member","owner"],lE1=i6([$6(XT0),M0($6(XT0))]);G8();f8();L9();var tE1=P1({INVALID_PHONE_NUMBER:"Invalid phone number",PHONE_NUMBER_EXIST:"Phone number already exists",PHONE_NUMBER_NOT_EXIST:"phone number isn't registered",INVALID_PHONE_NUMBER_OR_PASSWORD:"Invalid phone number or password",UNEXPECTED_ERROR:"Unexpected error",OTP_NOT_FOUND:"OTP not found",OTP_EXPIRED:"OTP expired",INVALID_OTP:"Invalid OTP",PHONE_NUMBER_NOT_VERIFIED:"Phone number not verified",PHONE_NUMBER_CANNOT_BE_UPDATED:"Phone number cannot be updated",SEND_OTP_NOT_IMPLEMENTED:"sendOTP not implemented",TOO_MANY_ATTEMPTS:"Too many attempts"});G8();AY();f8();L9();U9();l1();var Kt6=P1({OTP_NOT_ENABLED:"OTP not enabled",OTP_HAS_EXPIRED:"OTP has expired",TOTP_NOT_ENABLED:"TOTP not enabled",TWO_FACTOR_NOT_ENABLED:"Two factor isn't enabled",BACKUP_CODES_NOT_ENABLED:"Backup codes aren't enabled",INVALID_BACKUP_CODE:"Invalid backup code",INVALID_CODE:"Invalid code",TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE:"Too many attempts. Please request a new code.",INVALID_TWO_FACTOR_COOKIE:"Invalid two factor cookie"});f8();L9();var Ht6=P1({INVALID_USERNAME_OR_PASSWORD:"Invalid username or password",EMAIL_NOT_VERIFIED:"Email not verified",UNEXPECTED_ERROR:"Unexpected error",USERNAME_IS_ALREADY_TAKEN:"Username is already taken. Please try another.",USERNAME_TOO_SHORT:"Username is too short",USERNAME_TOO_LONG:"Username is too long",INVALID_USERNAME:"Username is invalid",INVALID_DISPLAY_USERNAME:"Display username is invalid"});var Qz={enabled:!0,batchSize:250,flushIntervalMs:300,maxQueueSize:1e4,redactor:"regex"};import{existsSync as JT0,readFileSync as GT0}from"fs";var qk={emailAndPassword:{enabled:!0}},WT0=process.env.CONFIG_PATH||"./config.json",ZT0=process.env.AUTH_CONFIG_PATH||"./auth-config.json";function Ft6(){if(JT0(WT0))try{let Y=GT0(WT0,"utf-8"),X=JSON.parse(Y);return{auth:qk,monitoring:Qz,...X}}catch{return{auth:qk,monitoring:Qz}}if(JT0(ZT0))try{let Y=GT0(ZT0,"utf-8");return{auth:JSON.parse(Y),monitoring:Qz}}catch{return{auth:qk,monitoring:Qz}}return{auth:qk,monitoring:Qz}}var Ko=Ft6();import{existsSync as nl4,mkdirSync as il4}from"fs";import{Kysely as MZ6,PostgresDialect as wZ6,sql as F90}from"kysely";import{BunWorkerDialect as PZ6}from"kysely-bun-worker";import*as TZ6 from"path";var LJ=y1(go(),1),t21=LJ.default.Client,po=LJ.default.Pool,e21=LJ.default.Connection,YR1=LJ.default.types,XR1=LJ.default.Query,QR1=LJ.default.DatabaseError,JR1=LJ.default.escapeIdentifier,GR1=LJ.default.escapeLiteral,WR1=LJ.default.Result,ZR1=LJ.default.TypeOverrides,KR1=LJ.default.defaults;var JV=y1(l0(),1),SB=y1(_k(),1);var Eg0=y1(Cx0(),1);var It=y1(Ou0(),1);var Mu0=y1(Oz(),1);function Nu0(Y){if(Y>=48&&Y<=57)return Y-48;if(Y>=97&&Y<=102)return Y-87;return Y-55}function ek(Y){let X=new Uint8Array(Y.length/2),Q=0;for(let J=0;J<Y.length;J+=2){let G=Nu0(Y.charCodeAt(J)),K=Nu0(Y.charCodeAt(J+1));X[Q++]=G<<4|K}return X}function wu0(Y){let X=BigInt(1e9);return BigInt(Math.trunc(Y[0]))*X+BigInt(Math.trunc(Y[1]))}function uF4(Y){let X=Number(BigInt.asUintN(32,Y)),Q=Number(BigInt.asUintN(32,Y>>BigInt(32)));return{low:X,high:Q}}function Pu0(Y){let X=wu0(Y);return uF4(X)}function gF4(Y){return wu0(Y).toString()}var mF4=typeof BigInt<"u"?gF4:Mu0.hrTimeToNanoseconds;function Lu0(Y){return Y}function Tu0(Y){if(Y===void 0)return;return ek(Y)}var lF4={encodeHrTime:Pu0,encodeSpanContext:ek,encodeOptionalSpanContext:Tu0};function Au0(Y){if(Y===void 0)return lF4;let X=Y.useLongBits??!0,Q=Y.useHex??!1;return{encodeHrTime:X?Pu0:mF4,encodeSpanContext:Q?Lu0:ek,encodeOptionalSpanContext:Q?Lu0:Tu0}}function Eu0(Y){let X={attributes:dF4(Y.attributes),droppedAttributesCount:0},Q=Y.schemaUrl;if(Q&&Q!=="")X.schemaUrl=Q;return X}function Cu0(Y){return{name:Y.name,version:Y.version}}function dF4(Y){return Object.keys(Y).map((X)=>Yv(X,Y[X]))}function Yv(Y,X){return{key:Y,value:Xv(X)}}function Xv(Y){let X=typeof Y;if(X==="string")return{stringValue:Y};if(X==="number"){if(!Number.isInteger(Y))return{doubleValue:Y};return{intValue:Y}}if(X==="boolean")return{boolValue:Y};if(Y instanceof Uint8Array)return{bytesValue:Y};if(Array.isArray(Y))return{arrayValue:{values:Y.map(Xv)}};if(X==="object"&&Y!=null)return{kvlistValue:{values:Object.entries(Y).map(([Q,J])=>Yv(Q,J))}};return{}}function Iu0(Y,X){let Q=Au0(X);return{resourceLogs:cF4(Y,Q)}}function pF4(Y){let X=new Map;for(let Q of Y){let{resource:J,instrumentationScope:{name:G,version:K="",schemaUrl:W=""}}=Q,Z=X.get(J);if(!Z)Z=new Map,X.set(J,Z);let H=`${G}@${K}:${W}`,F=Z.get(H);if(!F)F=[],Z.set(H,F);F.push(Q)}return X}function cF4(Y,X){let Q=pF4(Y);return Array.from(Q,([J,G])=>{let K=Eu0(J);return{resource:K,scopeLogs:Array.from(G,([,W])=>{return{scope:Cu0(W[0].instrumentationScope),logRecords:W.map((Z)=>nF4(Z,X)),schemaUrl:W[0].instrumentationScope.schemaUrl}}),schemaUrl:K.schemaUrl}})}function nF4(Y,X){return{timeUnixNano:X.encodeHrTime(Y.hrTime),observedTimeUnixNano:X.encodeHrTime(Y.hrTimeObserved),severityNumber:iF4(Y.severityNumber),severityText:Y.severityText,body:Xv(Y.body),eventName:Y.eventName,attributes:aF4(Y.attributes),droppedAttributesCount:Y.droppedAttributesCount,flags:Y.spanContext?.traceFlags,traceId:X.encodeOptionalSpanContext(Y.spanContext?.traceId),spanId:X.encodeOptionalSpanContext(Y.spanContext?.spanId)}}function iF4(Y){return Y}function aF4(Y){return Object.keys(Y).map((X)=>Yv(X,Y[X]))}var rF4=It.opentelemetry.proto.collector.logs.v1.ExportLogsServiceResponse,oF4=It.opentelemetry.proto.collector.logs.v1.ExportLogsServiceRequest,Qv={serializeRequest:(Y)=>{let X=Iu0(Y);return oF4.encode(X).finish()},deserializeResponse:(Y)=>{return rF4.decode(Y)}};var Wv=y1(kt(),1);class Mz extends Eg0.OTLPExporterBase{constructor(Y={}){super(Wv.createOtlpHttpExportDelegate(Wv.convertLegacyHttpOptions(Y,"LOGS","v1/logs",{"Content-Type":"application/x-protobuf"}),Qv))}}var zZ6=y1(si0(),1),BZ6=y1(U00(),1),UZ6=y1(ze0(),1);var cG=y1(l0(),1);var lA4=globalThis.fetch;async function dA4(Y,X){let Q,J;if(Y instanceof Request)Q=new URL(Y.url),J=X?.method??Y.method;else if(Y instanceof URL)Q=Y,J=X?.method??"GET";else Q=new URL(Y),J=X?.method??"GET";let G=`${J} ${Q.host}`;return i00.startActiveSpan(G,{kind:cG.SpanKind.CLIENT,attributes:{"http.request.method":J,"url.full":Q.href,"url.scheme":Q.protocol.replace(":",""),"url.path":Q.pathname,"url.query":Q.search||void 0,"server.address":Q.hostname,"server.port":Q.port?Number(Q.port):void 0}},async(K)=>{try{let W=new Headers(X?.headers??(Y instanceof Request?Y.headers:{}));cG.propagation.inject(cG.context.active(),W,{set:(F,V,q)=>F.set(V,q)});let Z={...X,headers:W},H=await lA4(Y,Z);if(K.setAttribute("http.response.status_code",H.status),H.status>=400)K.setStatus({code:cG.SpanStatusCode.ERROR,message:`HTTP ${H.status}`});else K.setStatus({code:cG.SpanStatusCode.OK});return H}catch(W){throw K.recordException(W),K.setStatus({code:cG.SpanStatusCode.ERROR,message:W instanceof Error?W.message:"Fetch failed"}),W}finally{K.end()}})}function Be0(){globalThis.fetch=dA4}var Ue0=y1(l0(),1),y9=y1(Oz(),1);class a00{_maxExportBatchSize;_maxQueueSize;_scheduledDelayMillis;_exportTimeoutMillis;_exporter;_isExporting=!1;_finishedLogRecords=[];_timer;_shutdownOnce;constructor(Y,X){if(this._exporter=Y,this._maxExportBatchSize=X?.maxExportBatchSize??y9.getNumberFromEnv("OTEL_BLRP_MAX_EXPORT_BATCH_SIZE")??512,this._maxQueueSize=X?.maxQueueSize??y9.getNumberFromEnv("OTEL_BLRP_MAX_QUEUE_SIZE")??2048,this._scheduledDelayMillis=X?.scheduledDelayMillis??y9.getNumberFromEnv("OTEL_BLRP_SCHEDULE_DELAY")??5000,this._exportTimeoutMillis=X?.exportTimeoutMillis??y9.getNumberFromEnv("OTEL_BLRP_EXPORT_TIMEOUT")??30000,this._shutdownOnce=new y9.BindOnceFuture(this._shutdown,this),this._maxExportBatchSize>this._maxQueueSize)Ue0.diag.warn("BatchLogRecordProcessor: maxExportBatchSize must be smaller or equal to maxQueueSize, setting maxExportBatchSize to match maxQueueSize"),this._maxExportBatchSize=this._maxQueueSize}onEmit(Y){if(this._shutdownOnce.isCalled)return;this._addToBuffer(Y)}forceFlush(){if(this._shutdownOnce.isCalled)return this._shutdownOnce.promise;return this._flushAll()}shutdown(){return this._shutdownOnce.call()}async _shutdown(){this.onShutdown(),await this._flushAll(),await this._exporter.shutdown()}_addToBuffer(Y){if(this._finishedLogRecords.length>=this._maxQueueSize)return;this._finishedLogRecords.push(Y),this._maybeStartTimer()}_flushAll(){return new Promise((Y,X)=>{let Q=[],J=Math.ceil(this._finishedLogRecords.length/this._maxExportBatchSize);for(let G=0;G<J;G++)Q.push(this._flushOneBatch());Promise.all(Q).then(()=>{Y()}).catch(X)})}_flushOneBatch(){if(this._clearTimer(),this._finishedLogRecords.length===0)return Promise.resolve();return y9.callWithTimeout(this._export(this._finishedLogRecords.splice(0,this._maxExportBatchSize)),this._exportTimeoutMillis)}_maybeStartTimer(){if(this._isExporting)return;let Y=()=>{this._isExporting=!0,this._flushOneBatch().then(()=>{if(this._isExporting=!1,this._finishedLogRecords.length>0)this._clearTimer(),this._maybeStartTimer()}).catch((X)=>{this._isExporting=!1,y9.globalErrorHandler(X)})};if(this._finishedLogRecords.length>=this._maxExportBatchSize)return Y();if(this._timer!==void 0)return;if(this._timer=setTimeout(()=>Y(),this._scheduledDelayMillis),typeof this._timer!=="number")this._timer.unref()}_clearTimer(){if(this._timer!==void 0)clearTimeout(this._timer),this._timer=void 0}_export(Y){let X=()=>y9.internal._export(this._exporter,Y).then((J)=>{if(J.code!==y9.ExportResultCode.SUCCESS)y9.globalErrorHandler(J.error??Error(`BatchLogRecordProcessor: log record export failed (status ${J})`))}).catch(y9.globalErrorHandler),Q=[];for(let J=0;J<Y.length;J++){let G=Y[J].resource;if(G.asyncAttributesPending&&typeof G.waitForAsyncAttributes==="function")Q.push(G.waitForAsyncAttributes())}if(Q.length===0)return X();else return Promise.all(Q).then(X,y9.globalErrorHandler)}}class lz extends a00{onShutdown(){}}var DZ6=y1(qZ6(),1);var K7;(function(Y){Y[Y.NOT_RECORD=0]="NOT_RECORD",Y[Y.RECORD=1]="RECORD",Y[Y.RECORD_AND_SAMPLED=2]="RECORD_AND_SAMPLED"})(K7||(K7={}));var ul4="__d",gl4=JV.createContextKey("Current request"),ml4=0.1,$Z6=(Y)=>{let Q=new URL(Y.url).searchParams.get(ul4);if(Q==="")return crypto.randomUUID();if(!Q)Q=Y.headers.get("x-trace-debug-id");return Q};class OZ6{inner;constructor(Y){this.inner=Y}shouldSample(Y,X,Q,J,G,K){let W=Y.getValue(gl4);if(!W){if(this.inner)return this.inner.shouldSample(Y,X,Q,J,G,K);return{decision:K7.RECORD_AND_SAMPLED}}let Z=$Z6(W);if(Z)return{decision:K7.RECORD_AND_SAMPLED,attributes:{"trace.debug.id":Z}};if(this.inner){let H=this.inner.shouldSample(Y,X,Q,J,G,K);if(H.decision===K7.RECORD_AND_SAMPLED){let F=crypto.randomUUID();H.attributes={...H.attributes??{},"trace.debug.id":F}}return H}return{decision:K7.NOT_RECORD}}toString(){return"DebugSampler"}}class NZ6{ratio;constructor(Y){this.ratio=Y}shouldSample(){if(Math.random()<this.ratio)return{decision:K7.RECORD_AND_SAMPLED};return{decision:K7.NOT_RECORD}}toString(){return`RatioSampler(${this.ratio})`}}var ll4=new zZ6.PrometheusExporter({preventServerStart:!0}),dl4=new OZ6(new NZ6(ml4)),pl4=new DZ6.NodeSDK({serviceName:process.env.OTEL_SERVICE_NAME??"mesh",traceExporter:new BZ6.OTLPTraceExporter,metricReader:ll4,sampler:dl4,logRecordProcessors:[new lz(new Mz)],instrumentations:[new UZ6.RuntimeNodeInstrumentation]});pl4.start();Be0();var i00=JV.trace.getTracer("mesh","1.0.0"),LZ6=JV.metrics.getMeter("mesh","1.0.0"),cl4=SB.logs.getLogger("mesh","1.0.0"),K90=(Y,X,Q)=>{let J={},G=Q,K=Q[Q.length-1];if(K!==null&&typeof K==="object"&&!Array.isArray(K)&&!(K instanceof Error)&&Object.getPrototypeOf(K)===Object.prototype)J=K,G=Q.slice(0,-1);let W=G.map((Z)=>{if(Z instanceof Error)return`${Z.name}: ${Z.message}`;if(typeof Z==="object")try{return JSON.stringify(Z)}catch{return"[Object]"}return String(Z)}).join(" ");cl4.emit({severityNumber:Y,severityText:X,body:W,attributes:{"log.source":"console",...J}})},H90={error:console.error.bind(console),warn:console.warn.bind(console),debug:console.debug.bind(console)};console.error=(...Y)=>{K90(SB.SeverityNumber.ERROR,"ERROR",Y),H90.error(...Y)};console.warn=(...Y)=>{K90(SB.SeverityNumber.WARN,"WARN",Y),H90.warn(...Y)};console.debug=(...Y)=>{K90(SB.SeverityNumber.DEBUG,"DEBUG",Y),H90.debug(...Y)};var al4=LZ6.createHistogram("db.query.duration",{description:"Database query execution duration in milliseconds",unit:"ms"}),rl4=["PRAGMA busy_timeout = ?;"],ol4=400,AZ6=(Y)=>{let X={"db.statement":Y.query.sql,"db.status":Y.level==="error"?"error":"success"};if(Y.queryDurationMillis>ol4)console.error("Slow query detected:",{durationMs:Y.queryDurationMillis,sql:Y.query.sql,params:Y.query.parameters});if(al4.record(Y.queryDurationMillis,X),Y.level==="error"&&!rl4.includes(Y.query.sql))console.error("Query failed:",{durationMs:Y.queryDurationMillis,error:Y.error,sql:Y.query.sql})},EZ6={keepAlive:!0,keepAliveInitialDelayMillis:1e4,idleTimeoutMillis:300000,connectionTimeoutMillis:30000,allowExitOnIdle:!0};function sl4(Y){let X=new po({connectionString:Y.connectionString,max:Y.options?.maxConnections||10,ssl:process.env.DATABASE_PG_SSL==="true"?!0:!1,...EZ6}),Q=new wZ6({pool:X});return{type:"postgres",db:new MZ6({dialect:Q,log:AZ6}),pool:X}}function CZ6(Y){if(Y===":memory:")return":memory:";if(Y.includes("://"))return new URL(Y).pathname;return Y}function IZ6(Y){if(Y!==":memory:"&&Y!=="/"&&Y){let X=Y.substring(0,Y.lastIndexOf("/"));if(X&&X!=="/"&&!nl4(X))try{il4(X,{recursive:!0})}catch{return console.warn(`Failed to create directory ${X}, using in-memory database`),":memory:"}}return Y}function tl4(Y){let X=CZ6(Y.connectionString);X=IZ6(X);let Q=new PZ6({url:X||":memory:"}),J=new MZ6({dialect:Q,log:AZ6});if(!0)F90`PRAGMA foreign_keys = ON;`.execute(J).catch(()=>{});if(X!==":memory:"&&Y.options?.enableWAL!==!1)F90`PRAGMA journal_mode = WAL;`.execute(J).catch(()=>{});if(X!==":memory:"){let K=Y.options?.busyTimeout||5000;F90`PRAGMA busy_timeout = ${K};`.execute(J).catch(()=>{})}return{type:"sqlite",db:J}}function RZ6(Y){let X=Y||"file:./data/mesh.db";if(X===":memory:")return{type:"sqlite",connectionString:":memory:"};X=X.startsWith("/")?`file://${X}`:X;let Q=URL.canParse(X)?new URL(X):null,J=Q?.protocol.replace(":","")??X.split("://")[0];switch(J){case"postgres":case"postgresql":return{type:"postgres",connectionString:X};case"sqlite":case"file":if(!Q?.pathname)throw Error("Invalid database URL: "+X);return{type:"sqlite",connectionString:Q.pathname};default:throw Error(`Unsupported database protocol: ${J}. Supported protocols: postgres://, postgresql://, sqlite://, file://`)}}function q90(){return process.env.DATABASE_URL||`file:${TZ6.join(process.cwd(),"data/mesh.db")}`}function SZ6(Y){let X=RZ6(Y);if(X.type==="postgres")return new wZ6({pool:new po({connectionString:X.connectionString,max:X.options?.maxConnections||10,ssl:process.env.DATABASE_PG_SSL==="true"?!0:!1,...EZ6})});let Q=CZ6(X.connectionString);return Q=IZ6(Q),new PZ6({url:Q||":memory:"})}function el4(Y){let X=RZ6(Y);if(X.type==="postgres")return sl4(X);return tl4(X)}async function jZ6(Y){if(await Y.db.destroy(),Y.type==="postgres"&&!Y.pool.ended)await Y.pool.end()}var V90=null;function zP(){if(!V90)V90=el4(q90());return V90}class $90{apiKey;constructor(Y){this.apiKey=Y}async sendEmail({to:Y,from:X,subject:Q,html:J}){let G=await fetch("https://api.resend.com/emails",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.apiKey}`},body:JSON.stringify({to:Y,from:X,subject:Q,html:J})});if(!G.ok)throw Error(`Failed to send email: ${G.statusText}`)}}class z90{apiKey;constructor(Y){this.apiKey=Y}async sendEmail({to:Y,from:X,subject:Q,html:J}){let G=await fetch("https://api.sendgrid.com/v3/mail/send",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.apiKey}`},body:JSON.stringify({personalizations:[{to:[{email:Y}]}],from:{email:X},subject:Q,content:[{type:"text/html",value:J}]})});if(!G.ok){let K=await G.text();throw Error(`Failed to send email via SendGrid: ${G.statusText} - ${K}`)}}}var Yd4=(Y)=>{let X=new $90(Y.config.apiKey);return async({to:Q,subject:J,html:G})=>{await X.sendEmail({to:Q,from:Y.config.fromEmail,subject:J,html:G})}},Xd4=(Y)=>{let X=new z90(Y.config.apiKey);return async({to:Q,subject:J,html:G})=>{await X.sendEmail({to:Q,from:Y.config.fromEmail,subject:J,html:G})}},Qd4={resend:Yd4,sendgrid:Xd4};function Vf(Y){let X=Qd4[Y.provider];if(!X)throw Error(`Unknown email provider: ${Y.provider}`);return X(Y)}function qf(Y,X){return Y.find((Q)=>Q.id===X)}var kZ6=(Y,X)=>{let Q=qf(X,Y.emailProviderId);if(!Q)throw Error(`Email provider with id '${Y.emailProviderId}' not found`);let J=Vf(Q);return{sendMagicLink:async({email:G,url:K})=>{await J({to:G,subject:"Magic Link",html:`<p>Click <a href="${K}">here</a> to login</p>`})}}};I7();import{createCipheriv as Jd4,createDecipheriv as Gd4,randomBytes as vZ6}from"crypto";var _Z6="aes-256-gcm",BP=16,yZ6=16,fZ6=32;class B90{key;constructor(Y){if(Buffer.from(Y,"base64").length===fZ6)this.key=Buffer.from(Y,"base64");else{let X=q0("crypto");this.key=X.createHash("sha256").update(Y).digest()}}async encrypt(Y){let X=vZ6(BP),Q=Jd4(_Z6,this.key,X),J=Q.update(Y,"utf8");J=Buffer.concat([J,Q.final()]);let G=Q.getAuthTag();return Buffer.concat([X,G,J]).toString("base64")}async decrypt(Y){let X=Buffer.from(Y,"base64"),Q=X.subarray(0,BP),J=X.subarray(BP,BP+yZ6),G=X.subarray(BP+yZ6),K=Gd4(_Z6,this.key,Q);K.setAuthTag(J);let W=K.update(G);return W=Buffer.concat([W,K.final()]),W.toString("utf8")}static generateKey(){return vZ6(fZ6).toString("base64")}}eK();UP();I7();var Wd4=["connection_headers","oauth_config","configuration_scopes","metadata","tools","bindings"];class U90{db;vault;constructor(Y,X){this.db=Y;this.vault=X}async create(Y){let X=Y.id??Y3("conn"),Q=new Date().toISOString(),J=await this.findById(X);if(J){if(J.organization_id!==Y.organization_id)throw Error("Connection ID already exists");return this.update(X,Y)}let G=await this.serializeConnection({...Y,id:Y.id??X,status:"active",created_at:Q,updated_at:Q});await this.db.insertInto("connections").values(G).execute();let K=await this.findById(X);if(!K)throw Error(`Failed to create connection with id: ${X}`);return K}async findById(Y,X){let Q=jd(Y);if(Q)return kd(X??Q);let J=this.db.selectFrom("connections").selectAll().where("id","=",Y);if(X)J=J.where("organization_id","=",X);let G=await J.executeTakeFirst();return G?this.deserializeConnection(G):null}async list(Y,X){let Q=this.db.selectFrom("connections").selectAll().where("organization_id","=",Y);if(!X?.includeVirtual)Q=Q.where("connection_type","!=","VIRTUAL");let J=await Q.execute();return Promise.all(J.map((G)=>this.deserializeConnection(G)))}async update(Y,X){if(Object.keys(X).length===0){let G=await this.findById(Y);if(!G)throw Error("Connection not found");return G}let Q=await this.serializeConnection({...X,updated_at:new Date().toISOString()});await this.db.updateTable("connections").set(Q).where("id","=",Y).execute();let J=await this.findById(Y);if(!J)throw Error("Connection not found after update");return J}async delete(Y){await this.db.deleteFrom("connections").where("id","=",Y).execute()}async testConnection(Y,X){let Q=await this.findById(Y);if(!Q)throw Error("Connection not found");let J=Date.now();if(Q.connection_type==="STDIO")return{healthy:!0,latencyMs:Date.now()-J};if(!Q.connection_url)return{healthy:!1,latencyMs:Date.now()-J};try{let G=Q.connection_headers,K=await fetch(Q.connection_url,{method:"POST",headers:{"Content-Type":"application/json",...Q.connection_token&&{Authorization:`Bearer ${Q.connection_token}`},...G?.headers,...X},body:JSON.stringify({jsonrpc:"2.0",method:"ping",id:1})});return{healthy:K.ok||K.status===404,latencyMs:Date.now()-J}}catch{return{healthy:!1,latencyMs:Date.now()-J}}}async serializeConnection(Y){let X={};for(let[Q,J]of Object.entries(Y)){if(J===void 0)continue;if(Q==="connection_token"&&J)X[Q]=await this.vault.encrypt(J);else if(Q==="configuration_state"&&J){let G=JSON.stringify(J);X[Q]=await this.vault.encrypt(G)}else if(Q==="connection_headers"&&J){let G=J;if(wZ(G)&&G.envVars){let K={};for(let[W,Z]of Object.entries(G.envVars))K[W]=await this.vault.encrypt(Z);X[Q]=JSON.stringify({...G,envVars:K})}else X[Q]=JSON.stringify(G)}else if(Wd4.includes(Q))X[Q]=J?JSON.stringify(J):null;else X[Q]=J}return X}async deserializeConnection(Y){let X=null;if(Y.connection_token)try{X=await this.vault.decrypt(Y.connection_token)}catch(K){console.error("Failed to decrypt connection token:",K)}let Q=null;if(Y.configuration_state)try{let K=await this.vault.decrypt(Y.configuration_state);Q=JSON.parse(K)}catch(K){console.error("Failed to decrypt configuration state:",K)}let J=null;if(Y.connection_headers)try{let K=JSON.parse(Y.connection_headers);if(wZ(K)&&K.envVars){let W={};for(let[Z,H]of Object.entries(K.envVars))try{W[Z]=await this.vault.decrypt(H)}catch{W[Z]=H}J={...K,envVars:W}}else J=K}catch(K){console.error("Failed to parse connection_headers:",K)}let G=(K)=>{if(K===null)return null;if(typeof K==="string")try{return JSON.parse(K)}catch{return null}return K};return{id:Y.id,organization_id:Y.organization_id,created_by:Y.created_by,updated_by:Y.updated_by??void 0,title:Y.title,description:Y.description,icon:Y.icon,app_name:Y.app_name,app_id:Y.app_id,connection_type:Y.connection_type,connection_url:Y.connection_url,connection_token:X,connection_headers:J,oauth_config:G(Y.oauth_config),configuration_state:Q,configuration_scopes:G(Y.configuration_scopes),metadata:G(Y.metadata),tools:G(Y.tools),bindings:G(Y.bindings),status:Y.status,created_at:Y.created_at,updated_at:Y.updated_at}}}UP();class D90{db;constructor(Y){this.db=Y}parseRow(Y){return{id:Y.id,organizationId:Y.organization_id,slug:Y.slug,name:Y.name,description:Y.description,enabledPlugins:Y.enabled_plugins?typeof Y.enabled_plugins==="string"?JSON.parse(Y.enabled_plugins):Y.enabled_plugins:null,ui:Y.ui?typeof Y.ui==="string"?JSON.parse(Y.ui):Y.ui:null,createdAt:Y.created_at,updatedAt:Y.updated_at}}async list(Y){return(await this.db.selectFrom("projects").selectAll().where("organization_id","=",Y).orderBy("created_at","asc").execute()).map((Q)=>this.parseRow(Q))}async get(Y){let X=await this.db.selectFrom("projects").selectAll().where("id","=",Y).executeTakeFirst();return X?this.parseRow(X):null}async getBySlug(Y,X){let Q=await this.db.selectFrom("projects").selectAll().where("organization_id","=",Y).where("slug","=",X).executeTakeFirst();return Q?this.parseRow(Q):null}async create(Y){let X=new Date().toISOString(),Q=Y3("proj");await this.db.insertInto("projects").values({id:Q,organization_id:Y.organizationId,slug:Y.slug,name:Y.name,description:Y.description??null,enabled_plugins:Y.enabledPlugins?JSON.stringify(Y.enabledPlugins):null,ui:Y.ui?JSON.stringify(Y.ui):null,created_at:X,updated_at:X}).execute();let J=await this.get(Q);if(!J)throw Error("Failed to create project");return J}async update(Y,X){let Q={updated_at:new Date().toISOString()};if(X.name!==void 0)Q.name=X.name;if(X.description!==void 0)Q.description=X.description;if(X.enabledPlugins!==void 0)Q.enabled_plugins=X.enabledPlugins?JSON.stringify(X.enabledPlugins):null;if(X.ui!==void 0)Q.ui=X.ui?JSON.stringify(X.ui):null;return await this.db.updateTable("projects").set(Q).where("id","=",Y).execute(),this.get(Y)}async delete(Y){return((await this.db.deleteFrom("projects").where("id","=",Y).executeTakeFirst()).numDeletedRows??0n)>0n}}Df();_0();function vi4(Y){return[{permissions:{self:["*"]},getTools:async()=>{let{ALL_TOOLS:X}=await Promise.resolve().then(() => (tV6(),sV6));return X.map((Q)=>{return{name:Q.name,inputSchema:N.toJSONSchema(Q.inputSchema,{unrepresentable:"any"}),outputSchema:Q.outputSchema?N.toJSONSchema(Q.outputSchema,{unrepresentable:"any"}):void 0,description:Q.description}})},data:Rd(B5(),Y)},{data:Id()},{data:Cd(Y)}]}async function eV6(Y,X){try{let Q=zP(),J=new B90(process.env.ENCRYPTION_KEY||""),G=new U90(Q.db,J),K=new D90(Q.db),W=vi4(Y);try{await K.create({organizationId:Y,slug:xJ,name:OV,description:"Organization administration and settings",enabledPlugins:null,ui:null})}catch(Z){console.warn("Could not create org-admin project (may already exist):",Z)}await Promise.all(W.map(async(Z)=>{let H=null;if(Z.permissions)H=(await oB.api.createApiKey({body:{name:`${Z.data.app_name??crypto.randomUUID()}-mcp`,userId:X,permissions:Z.permissions,rateLimitEnabled:!1,metadata:{organization:{id:Y},purpose:"default-org-connections"}}}))?.key;let F=await Z.getTools?.()??await xB({id:"pending",title:Z.data.title,connection_type:Z.data.connection_type,connection_url:Z.data.connection_url,connection_token:Z.data.connection_token,connection_headers:Z.data.connection_headers}).catch(()=>null),V=Z.data.id?Z.data.id.startsWith(`${Y}_`)?Z.data.id:`${Y}_${Z.data.id}`:void 0;await G.create({...Z.data,id:V,tools:F,organization_id:Y,created_by:X,connection_token:Z.data.connection_token??H})}))}catch(Q){console.error("Error creating default MCP connections:",Q)}}var Yq6=["owner","admin"];var _i4=(Y)=>{return{defaultSSO:[{domain:Y.domain,providerId:Y.providerId,oidcConfig:{issuer:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/v2.0`,pkce:!0,clientId:Y.MS_CLIENT_ID,clientSecret:Y.MS_CLIENT_SECRET,discoveryEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/v2.0/.well-known/openid-configuration`,authorizationEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/oauth2/v2.0/authorize`,tokenEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/oauth2/v2.0/token`,jwksEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/discovery/v2.0/keys`,userInfoEndpoint:"https://graph.microsoft.com/oidc/userinfo",tokenEndpointAuthentication:"client_secret_post",scopes:Y.scopes,mapping:{id:"sub",email:"email",emailVerified:"email_verified",name:"name",image:"picture",extraFields:{emailVerified:"email_verified"}}}}]}},Xq6=(Y)=>{if(Y.providerId==="microsoft")return _i4(Y);throw Error(`Unsupported provider: ${Y.providerId}`)};function yi4(Y){return Y.toLowerCase().trim().replace(/[^a-z0-9\s_-]+/g,"").replace(/[\s_-]+/g,"-").replace(/^-+|-+$/g,"")}var Qq6=["labs","agent","studio","workspace","systems","core","cloud","works"],Jq6=["capybara","guarana","deco","samba","feijoada","capoeira","carnival"];function fi4(){let Y=Math.floor(Math.random()*Jq6.length),X=Math.floor(Math.random()*Qq6.length),Q=Jq6[Y]??"deco",J=Qq6[X]??"studio";return`${Q}-${J}`}var hi4=Object.values(Dc()).map((Y)=>Y.map((X)=>X.name)).flat(),bi4={...sj,self:["*",...hi4]},bf=hG(bi4),xi4=bf.newRole({self:["*"],...dL.statements}),ui4=bf.newRole({self:["*"],...dL.statements}),gi4=bf.newRole({self:["*"],...dL.statements}),Gq6=Object.values(Dc()).map((Y)=>Y.map((X)=>`self:${X.name}`)).flat(),vQ=Ko.auth,Wq6=void 0;if(vQ.inviteEmailProviderId&&vQ.emailProviders&&vQ.emailProviders.length>0){let Y=qf(vQ.emailProviders,vQ.inviteEmailProviderId);if(Y){let X=Vf(Y);Wq6=async(Q)=>{let J=Q.inviter.user?.name||Q.inviter.user?.email,G=`${B5()}/auth/accept-invitation?invitationId=${Q.invitation.id}&redirectTo=/`;await X({to:Q.email,subject:`Invitation to join ${Q.organization.name}`,html:`
           <h2>You've been invited!</h2>
           <p>${J} has invited you to join <strong>${Q.organization.name}</strong>.</p>
           <p><a href="${G}">Click here to accept the invitation</a></p>

package/dist/server/server.js

@@ -1044,7 +1044,7 @@ Please refer to the documentation here: https://better-auth.com/docs/plugins/org
     </script>
 	  <script src="https://cdn.jsdelivr.net/npm/@scalar/api-reference" ${J}></script>
   </body>
-</html>`},qX0=(Y)=>{let X=Y?.path??"/reference";return{id:"open-api",endpoints:{generateOpenAPISchema:g0("/open-api/generate-schema",{method:"GET"},async(Q)=>{let J=await pK1(Q.context,Q.context.options);return Q.json(J)}),openAPIReference:g0(X,{method:"GET",metadata:{isAction:!1}},async(Q)=>{if(Y?.disableDefaultReference)throw new i("NOT_FOUND");let J=await pK1(Q.context,Q.context.options);return new Response(pi6(J,Y?.theme,Y?.nonce),{headers:{"Content-Type":"text/html"}})})}}};hX();y7();K9();XY();h0();var A98=Z4(async()=>{return{}}),P98=Z4({use:[q8]},async(Y)=>{return{session:Y.context.session}}),T98=y4({YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_ORGANIZATION:"You are not allowed to create a new organization",YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS:"You have reached the maximum number of organizations",ORGANIZATION_ALREADY_EXISTS:"Organization already exists",ORGANIZATION_SLUG_ALREADY_TAKEN:"Organization slug already taken",ORGANIZATION_NOT_FOUND:"Organization not found",USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION:"User is not a member of the organization",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_ORGANIZATION:"You are not allowed to update this organization",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_ORGANIZATION:"You are not allowed to delete this organization",NO_ACTIVE_ORGANIZATION:"No active organization",USER_IS_ALREADY_A_MEMBER_OF_THIS_ORGANIZATION:"User is already a member of this organization",MEMBER_NOT_FOUND:"Member not found",ROLE_NOT_FOUND:"Role not found",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM:"You are not allowed to create a new team",TEAM_ALREADY_EXISTS:"Team already exists",TEAM_NOT_FOUND:"Team not found",YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER:"You cannot leave the organization as the only owner",YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER:"You cannot leave the organization without an owner",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_MEMBER:"You are not allowed to delete this member",YOU_ARE_NOT_ALLOWED_TO_INVITE_USERS_TO_THIS_ORGANIZATION:"You are not allowed to invite users to this organization",USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION:"User is already invited to this organization",INVITATION_NOT_FOUND:"Invitation not found",YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION:"You are not the recipient of the invitation",EMAIL_VERIFICATION_REQUIRED_BEFORE_ACCEPTING_OR_REJECTING_INVITATION:"Email verification required before accepting or rejecting invitation",YOU_ARE_NOT_ALLOWED_TO_CANCEL_THIS_INVITATION:"You are not allowed to cancel this invitation",INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION:"Inviter is no longer a member of the organization",YOU_ARE_NOT_ALLOWED_TO_INVITE_USER_WITH_THIS_ROLE:"You are not allowed to invite a user with this role",FAILED_TO_RETRIEVE_INVITATION:"Failed to retrieve invitation",YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS:"You have reached the maximum number of teams",UNABLE_TO_REMOVE_LAST_TEAM:"Unable to remove last team",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER:"You are not allowed to update this member",ORGANIZATION_MEMBERSHIP_LIMIT_REACHED:"Organization membership limit reached",YOU_ARE_NOT_ALLOWED_TO_CREATE_TEAMS_IN_THIS_ORGANIZATION:"You are not allowed to create teams in this organization",YOU_ARE_NOT_ALLOWED_TO_DELETE_TEAMS_IN_THIS_ORGANIZATION:"You are not allowed to delete teams in this organization",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_TEAM:"You are not allowed to update this team",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_TEAM:"You are not allowed to delete this team",INVITATION_LIMIT_REACHED:"Invitation limit reached",TEAM_MEMBER_LIMIT_REACHED:"Team member limit reached",USER_IS_NOT_A_MEMBER_OF_THE_TEAM:"User is not a member of the team",YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM:"You are not allowed to list the members of this team",YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM:"You do not have an active team",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER:"You are not allowed to create a new member",YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER:"You are not allowed to remove a team member",YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION:"You are not allowed to access this organization as an owner",YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION:"You are not a member of this organization",MISSING_AC_INSTANCE:"Dynamic Access Control requires a pre-defined ac instance on the server auth plugin. Read server logs for more information",YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE:"You must be in an organization to create a role",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE:"You are not allowed to create a role",YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE:"You are not allowed to update a role",YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE:"You are not allowed to delete a role",YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE:"You are not allowed to read a role",YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE:"You are not allowed to list a role",YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE:"You are not allowed to get a role",TOO_MANY_ROLES:"This organization has too many roles",INVALID_RESOURCE:"The provided permission includes an invalid resource",ROLE_NAME_IS_ALREADY_TAKEN:"That role name is already taken",CANNOT_DELETE_A_PRE_DEFINED_ROLE:"Cannot delete a pre-defined role"});var E98=Number.POSITIVE_INFINITY;var nK1=M(),ni6=z1(["pending","accepted","rejected","canceled"]).default("pending"),C98=p({id:M().default(M9),name:M(),slug:M(),logo:M().nullish().optional(),metadata:Y1(M(),V4()).or(M().transform((Y)=>JSON.parse(Y))).optional(),createdAt:X6()}),I98=p({id:M().default(M9),organizationId:M(),userId:h1.string(),role:nK1,createdAt:X6().default(()=>new Date)}),R98=p({id:M().default(M9),organizationId:M(),email:M(),role:nK1,status:ni6,teamId:M().nullish(),inviterId:M(),expiresAt:X6(),createdAt:X6().default(()=>new Date)}),S98=p({id:M().default(M9),name:M().min(1),organizationId:M(),createdAt:X6(),updatedAt:X6().optional()}),j98=p({id:M().default(M9),teamId:M(),userId:M(),createdAt:X6().default(()=>new Date)}),k98=p({id:M().default(M9),organizationId:M(),role:M(),permission:Y1(M(),P0(M())),createdAt:X6().default(()=>new Date),updatedAt:X6().optional()}),cK1=["admin","member","owner"],v98=Q6([z1(cK1),P0(z1(cK1))]);E8();K9();XY();var l98=y4({INVALID_PHONE_NUMBER:"Invalid phone number",PHONE_NUMBER_EXIST:"Phone number already exists",PHONE_NUMBER_NOT_EXIST:"phone number isn't registered",INVALID_PHONE_NUMBER_OR_PASSWORD:"Invalid phone number or password",UNEXPECTED_ERROR:"Unexpected error",OTP_NOT_FOUND:"OTP not found",OTP_EXPIRED:"OTP expired",INVALID_OTP:"Invalid OTP",PHONE_NUMBER_NOT_VERIFIED:"Phone number not verified",PHONE_NUMBER_CANNOT_BE_UPDATED:"Phone number cannot be updated",SEND_OTP_NOT_IMPLEMENTED:"sendOTP not implemented",TOO_MANY_ATTEMPTS:"Too many attempts"});E8();bX();K9();XY();s9();G8();var ii6=y4({OTP_NOT_ENABLED:"OTP not enabled",OTP_HAS_EXPIRED:"OTP has expired",TOTP_NOT_ENABLED:"TOTP not enabled",TWO_FACTOR_NOT_ENABLED:"Two factor isn't enabled",BACKUP_CODES_NOT_ENABLED:"Backup codes aren't enabled",INVALID_BACKUP_CODE:"Invalid backup code",INVALID_CODE:"Invalid code",TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE:"Too many attempts. Please request a new code.",INVALID_TWO_FACTOR_COOKIE:"Invalid two factor cookie"});K9();XY();var ai6=y4({INVALID_USERNAME_OR_PASSWORD:"Invalid username or password",EMAIL_NOT_VERIFIED:"Email not verified",UNEXPECTED_ERROR:"Unexpected error",USERNAME_IS_ALREADY_TAKEN:"Username is already taken. Please try another.",USERNAME_TOO_SHORT:"Username is too short",USERNAME_TOO_LONG:"Username is too long",INVALID_USERNAME:"Username is invalid",INVALID_DISPLAY_USERNAME:"Display username is invalid"});var VV={enabled:!0,batchSize:250,flushIntervalMs:300,maxQueueSize:1e4,redactor:"regex"};import{existsSync as iK1,readFileSync as aK1}from"fs";var Nb={emailAndPassword:{enabled:!0}},rK1=process.env.CONFIG_PATH||"./config.json",oK1=process.env.AUTH_CONFIG_PATH||"./auth-config.json";function ri6(){if(iK1(rK1))try{let Y=aK1(rK1,"utf-8"),X=JSON.parse(Y);return{auth:Nb,monitoring:VV,...X}}catch{return{auth:Nb,monitoring:VV}}if(iK1(oK1))try{let Y=aK1(oK1,"utf-8");return{auth:JSON.parse(Y),monitoring:VV}}catch{return{auth:Nb,monitoring:VV}}return{auth:Nb,monitoring:VV}}var aP=ri6();function sK1(){return{...VV,...aP.monitoring}}function tK1(){return aP.theme}import{existsSync as Qt6,mkdirSync as Jt6}from"fs";import{Kysely as TF1,PostgresDialect as EF1,sql as rX0}from"kysely";import{BunWorkerDialect as CF1}from"kysely-bun-worker";import*as IF1 from"path";var F5=l6(cX0(),1),gQ8=F5.default.Client,aX0=F5.default.Pool,mQ8=F5.default.Connection,lQ8=F5.default.types,dQ8=F5.default.Query,pQ8=F5.default.DatabaseError,cQ8=F5.default.escapeIdentifier,nQ8=F5.default.escapeLiteral,iQ8=F5.default.Result,aQ8=F5.default.TypeOverrides,rQ8=F5.default.defaults;var Gt6=XR.createHistogram("db.query.duration",{description:"Database query execution duration in milliseconds",unit:"ms"}),Wt6=["PRAGMA busy_timeout = ?;"],Zt6=400,RF1=(Y)=>{let X={"db.statement":Y.query.sql,"db.status":Y.level==="error"?"error":"success"};if(Y.queryDurationMillis>Zt6)console.error("Slow query detected:",{durationMs:Y.queryDurationMillis,sql:Y.query.sql,params:Y.query.parameters});if(Gt6.record(Y.queryDurationMillis,X),Y.level==="error"&&!Wt6.includes(Y.query.sql))console.error("Query failed:",{durationMs:Y.queryDurationMillis,error:Y.error,sql:Y.query.sql})},SF1={keepAlive:!0,keepAliveInitialDelayMillis:1e4,idleTimeoutMillis:300000,connectionTimeoutMillis:30000,allowExitOnIdle:!0};function Kt6(Y){let X=new aX0({connectionString:Y.connectionString,max:Y.options?.maxConnections||10,ssl:process.env.DATABASE_PG_SSL==="true"?!0:!1,...SF1}),Q=new EF1({pool:X});return{type:"postgres",db:new TF1({dialect:Q,log:RF1}),pool:X}}function jF1(Y){if(Y===":memory:")return":memory:";if(Y.includes("://"))return new URL(Y).pathname;return Y}function kF1(Y){if(Y!==":memory:"&&Y!=="/"&&Y){let X=Y.substring(0,Y.lastIndexOf("/"));if(X&&X!=="/"&&!Qt6(X))try{Jt6(X,{recursive:!0})}catch{return console.warn(`Failed to create directory ${X}, using in-memory database`),":memory:"}}return Y}function Ht6(Y){let X=jF1(Y.connectionString);X=kF1(X);let Q=new CF1({url:X||":memory:"}),J=new TF1({dialect:Q,log:RF1});if(!0)rX0`PRAGMA foreign_keys = ON;`.execute(J).catch(()=>{});if(X!==":memory:"&&Y.options?.enableWAL!==!1)rX0`PRAGMA journal_mode = WAL;`.execute(J).catch(()=>{});if(X!==":memory:"){let K=Y.options?.busyTimeout||5000;rX0`PRAGMA busy_timeout = ${K};`.execute(J).catch(()=>{})}return{type:"sqlite",db:J}}function vF1(Y){let X=Y||"file:./data/mesh.db";if(X===":memory:")return{type:"sqlite",connectionString:":memory:"};X=X.startsWith("/")?`file://${X}`:X;let Q=URL.canParse(X)?new URL(X):null,J=Q?.protocol.replace(":","")??X.split("://")[0];switch(J){case"postgres":case"postgresql":return{type:"postgres",connectionString:X};case"sqlite":case"file":if(!Q?.pathname)throw Error("Invalid database URL: "+X);return{type:"sqlite",connectionString:Q.pathname};default:throw Error(`Unsupported database protocol: ${J}. Supported protocols: postgres://, postgresql://, sqlite://, file://`)}}function sX0(){return process.env.DATABASE_URL||`file:${IF1.join(process.cwd(),"data/mesh.db")}`}function _F1(Y){let X=vF1(Y);if(X.type==="postgres")return new EF1({pool:new aX0({connectionString:X.connectionString,max:X.options?.maxConnections||10,ssl:process.env.DATABASE_PG_SSL==="true"?!0:!1,...SF1})});let Q=jF1(X.connectionString);return Q=kF1(Q),new CF1({url:Q||":memory:"})}function Ft6(Y){let X=vF1(Y);if(X.type==="postgres")return Kt6(X);return Ht6(X)}var oX0=null;function vb(){if(!oX0)oX0=Ft6(sX0());return oX0}class tX0{apiKey;constructor(Y){this.apiKey=Y}async sendEmail({to:Y,from:X,subject:Q,html:J}){let G=await fetch("https://api.resend.com/emails",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.apiKey}`},body:JSON.stringify({to:Y,from:X,subject:Q,html:J})});if(!G.ok)throw Error(`Failed to send email: ${G.statusText}`)}}class eX0{apiKey;constructor(Y){this.apiKey=Y}async sendEmail({to:Y,from:X,subject:Q,html:J}){let G=await fetch("https://api.sendgrid.com/v3/mail/send",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.apiKey}`},body:JSON.stringify({personalizations:[{to:[{email:Y}]}],from:{email:X},subject:Q,content:[{type:"text/html",value:J}]})});if(!G.ok){let K=await G.text();throw Error(`Failed to send email via SendGrid: ${G.statusText} - ${K}`)}}}var $t6=(Y)=>{let X=new tX0(Y.config.apiKey);return async({to:Q,subject:J,html:G})=>{await X.sendEmail({to:Q,from:Y.config.fromEmail,subject:J,html:G})}},Vt6=(Y)=>{let X=new eX0(Y.config.apiKey);return async({to:Q,subject:J,html:G})=>{await X.sendEmail({to:Q,from:Y.config.fromEmail,subject:J,html:G})}},qt6={resend:$t6,sendgrid:Vt6};function _b(Y){let X=qt6[Y.provider];if(!X)throw Error(`Unknown email provider: ${Y.provider}`);return X(Y)}function yb(Y,X){return Y.find((Q)=>Q.id===X)}var yF1=(Y,X)=>{let Q=yb(X,Y.emailProviderId);if(!Q)throw Error(`Email provider with id '${Y.emailProviderId}' not found`);let J=_b(Q);return{sendMagicLink:async({email:G,url:K})=>{await J({to:G,subject:"Magic Link",html:`<p>Click <a href="${K}">here</a> to login</p>`})}}};wX();import{createCipheriv as Bt6,createDecipheriv as zt6,randomBytes as fF1}from"crypto";var hF1="aes-256-gcm",GT=16,bF1=16,xF1=32;class zV{key;constructor(Y){if(Buffer.from(Y,"base64").length===xF1)this.key=Buffer.from(Y,"base64");else{let X=F0("crypto");this.key=X.createHash("sha256").update(Y).digest()}}async encrypt(Y){let X=fF1(GT),Q=Bt6(hF1,this.key,X),J=Q.update(Y,"utf8");J=Buffer.concat([J,Q.final()]);let G=Q.getAuthTag();return Buffer.concat([X,G,J]).toString("base64")}async decrypt(Y){let X=Buffer.from(Y,"base64"),Q=X.subarray(0,GT),J=X.subarray(GT,GT+bF1),G=X.subarray(GT+bF1),K=zt6(hF1,this.key,Q);K.setAuthTag(J);let W=K.update(G);return W=Buffer.concat([W,K.final()]),W.toString("utf8")}static generateKey(){return fF1(xF1).toString("base64")}}CZ();$5();wX();var Ot6=["connection_headers","oauth_config","configuration_scopes","metadata","tools","bindings"];class WT{db;vault;constructor(Y,X){this.db=Y;this.vault=X}async create(Y){let X=Y.id??k4("conn"),Q=new Date().toISOString(),J=await this.findById(X);if(J){if(J.organization_id!==Y.organization_id)throw Error("Connection ID already exists");return this.update(X,Y)}let G=await this.serializeConnection({...Y,id:Y.id??X,status:"active",created_at:Q,updated_at:Q});await this.db.insertInto("connections").values(G).execute();let K=await this.findById(X);if(!K)throw Error(`Failed to create connection with id: ${X}`);return K}async findById(Y,X){let Q=mW(Y);if(Q)return S00(X??Q);let J=this.db.selectFrom("connections").selectAll().where("id","=",Y);if(X)J=J.where("organization_id","=",X);let G=await J.executeTakeFirst();return G?this.deserializeConnection(G):null}async list(Y,X){let Q=this.db.selectFrom("connections").selectAll().where("organization_id","=",Y);if(!X?.includeVirtual)Q=Q.where("connection_type","!=","VIRTUAL");let J=await Q.execute();return Promise.all(J.map((G)=>this.deserializeConnection(G)))}async update(Y,X){if(Object.keys(X).length===0){let G=await this.findById(Y);if(!G)throw Error("Connection not found");return G}let Q=await this.serializeConnection({...X,updated_at:new Date().toISOString()});await this.db.updateTable("connections").set(Q).where("id","=",Y).execute();let J=await this.findById(Y);if(!J)throw Error("Connection not found after update");return J}async delete(Y){await this.db.deleteFrom("connections").where("id","=",Y).execute()}async testConnection(Y,X){let Q=await this.findById(Y);if(!Q)throw Error("Connection not found");let J=Date.now();if(Q.connection_type==="STDIO")return{healthy:!0,latencyMs:Date.now()-J};if(!Q.connection_url)return{healthy:!1,latencyMs:Date.now()-J};try{let G=Q.connection_headers,K=await fetch(Q.connection_url,{method:"POST",headers:{"Content-Type":"application/json",...Q.connection_token&&{Authorization:`Bearer ${Q.connection_token}`},...G?.headers,...X},body:JSON.stringify({jsonrpc:"2.0",method:"ping",id:1})});return{healthy:K.ok||K.status===404,latencyMs:Date.now()-J}}catch{return{healthy:!1,latencyMs:Date.now()-J}}}async serializeConnection(Y){let X={};for(let[Q,J]of Object.entries(Y)){if(J===void 0)continue;if(Q==="connection_token"&&J)X[Q]=await this.vault.encrypt(J);else if(Q==="configuration_state"&&J){let G=JSON.stringify(J);X[Q]=await this.vault.encrypt(G)}else if(Q==="connection_headers"&&J){let G=J;if(H7(G)&&G.envVars){let K={};for(let[W,Z]of Object.entries(G.envVars))K[W]=await this.vault.encrypt(Z);X[Q]=JSON.stringify({...G,envVars:K})}else X[Q]=JSON.stringify(G)}else if(Ot6.includes(Q))X[Q]=J?JSON.stringify(J):null;else X[Q]=J}return X}async deserializeConnection(Y){let X=null;if(Y.connection_token)try{X=await this.vault.decrypt(Y.connection_token)}catch(K){console.error("Failed to decrypt connection token:",K)}let Q=null;if(Y.configuration_state)try{let K=await this.vault.decrypt(Y.configuration_state);Q=JSON.parse(K)}catch(K){console.error("Failed to decrypt configuration state:",K)}let J=null;if(Y.connection_headers)try{let K=JSON.parse(Y.connection_headers);if(H7(K)&&K.envVars){let W={};for(let[Z,H]of Object.entries(K.envVars))try{W[Z]=await this.vault.decrypt(H)}catch{W[Z]=H}J={...K,envVars:W}}else J=K}catch(K){console.error("Failed to parse connection_headers:",K)}let G=(K)=>{if(K===null)return null;if(typeof K==="string")try{return JSON.parse(K)}catch{return null}return K};return{id:Y.id,organization_id:Y.organization_id,created_by:Y.created_by,updated_by:Y.updated_by??void 0,title:Y.title,description:Y.description,icon:Y.icon,app_name:Y.app_name,app_id:Y.app_id,connection_type:Y.connection_type,connection_url:Y.connection_url,connection_token:X,connection_headers:J,oauth_config:G(Y.oauth_config),configuration_state:Q,configuration_scopes:G(Y.configuration_scopes),metadata:G(Y.metadata),tools:G(Y.tools),bindings:G(Y.bindings),status:Y.status,created_at:Y.created_at,updated_at:Y.updated_at}}}$5();class ZT{db;constructor(Y){this.db=Y}parseRow(Y){return{id:Y.id,organizationId:Y.organization_id,slug:Y.slug,name:Y.name,description:Y.description,enabledPlugins:Y.enabled_plugins?typeof Y.enabled_plugins==="string"?JSON.parse(Y.enabled_plugins):Y.enabled_plugins:null,ui:Y.ui?typeof Y.ui==="string"?JSON.parse(Y.ui):Y.ui:null,createdAt:Y.created_at,updatedAt:Y.updated_at}}async list(Y){return(await this.db.selectFrom("projects").selectAll().where("organization_id","=",Y).orderBy("created_at","asc").execute()).map((Q)=>this.parseRow(Q))}async get(Y){let X=await this.db.selectFrom("projects").selectAll().where("id","=",Y).executeTakeFirst();return X?this.parseRow(X):null}async getBySlug(Y,X){let Q=await this.db.selectFrom("projects").selectAll().where("organization_id","=",Y).where("slug","=",X).executeTakeFirst();return Q?this.parseRow(Q):null}async create(Y){let X=new Date().toISOString(),Q=k4("proj");await this.db.insertInto("projects").values({id:Q,organization_id:Y.organizationId,slug:Y.slug,name:Y.name,description:Y.description??null,enabled_plugins:Y.enabledPlugins?JSON.stringify(Y.enabledPlugins):null,ui:Y.ui?JSON.stringify(Y.ui):null,created_at:X,updated_at:X}).execute();let J=await this.get(Q);if(!J)throw Error("Failed to create project");return J}async update(Y,X){let Q={updated_at:new Date().toISOString()};if(X.name!==void 0)Q.name=X.name;if(X.description!==void 0)Q.description=X.description;if(X.enabledPlugins!==void 0)Q.enabled_plugins=X.enabledPlugins?JSON.stringify(X.enabledPlugins):null;if(X.ui!==void 0)Q.ui=X.ui?JSON.stringify(X.ui):null;return await this.db.updateTable("projects").set(Q).where("id","=",Y).execute(),this.get(Y)}async delete(Y){return((await this.db.deleteFrom("projects").where("id","=",Y).executeTakeFirst()).numDeletedRows??0n)>0n}}gb();h0();function d64(Y){return[{permissions:{self:["*"]},getTools:async()=>{let{ALL_TOOLS:X}=await Promise.resolve().then(() => (O50(),oz1));return X.map((Q)=>{return{name:Q.name,inputSchema:B.toJSONSchema(Q.inputSchema,{unrepresentable:"any"}),outputSchema:Q.outputSchema?B.toJSONSchema(Q.outputSchema,{unrepresentable:"any"}):void 0,description:Q.description}})},data:I00(JJ(),Y)},{data:C00()},{data:E00(Y)}]}async function sz1(Y,X){try{let Q=vb(),J=new zV(process.env.ENCRYPTION_KEY||""),G=new WT(Q.db,J),K=new ZT(Q.db),W=d64(Y);try{await K.create({organizationId:Y,slug:TW,name:GR,description:"Organization administration and settings",enabledPlugins:null,ui:null})}catch(Z){console.warn("Could not create org-admin project (may already exist):",Z)}await Promise.all(W.map(async(Z)=>{let H=null;if(Z.permissions)H=(await bZ.api.createApiKey({body:{name:`${Z.data.app_name??crypto.randomUUID()}-mcp`,userId:X,permissions:Z.permissions,rateLimitEnabled:!1,metadata:{organization:{id:Y},purpose:"default-org-connections"}}}))?.key;let F=await Z.getTools?.()??await OD({id:"pending",title:Z.data.title,connection_type:Z.data.connection_type,connection_url:Z.data.connection_url,connection_token:Z.data.connection_token,connection_headers:Z.data.connection_headers}).catch(()=>null),$=Z.data.id?Z.data.id.startsWith(`${Y}_`)?Z.data.id:`${Y}_${Z.data.id}`:void 0;await G.create({...Z.data,id:$,tools:F,organization_id:Y,created_by:X,connection_token:Z.data.connection_token??H})}))}catch(Q){console.error("Error creating default MCP connections:",Q)}}var N50=["owner","admin","user"],zx=["owner","admin"];var p64=(Y)=>{return{defaultSSO:[{domain:Y.domain,providerId:Y.providerId,oidcConfig:{issuer:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/v2.0`,pkce:!0,clientId:Y.MS_CLIENT_ID,clientSecret:Y.MS_CLIENT_SECRET,discoveryEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/v2.0/.well-known/openid-configuration`,authorizationEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/oauth2/v2.0/authorize`,tokenEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/oauth2/v2.0/token`,jwksEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/discovery/v2.0/keys`,userInfoEndpoint:"https://graph.microsoft.com/oidc/userinfo",tokenEndpointAuthentication:"client_secret_post",scopes:Y.scopes,mapping:{id:"sub",email:"email",emailVerified:"email_verified",name:"name",image:"picture",extraFields:{emailVerified:"email_verified"}}}}]}},tz1=(Y)=>{if(Y.providerId==="microsoft")return p64(Y);throw Error(`Unsupported provider: ${Y.providerId}`)};function c64(Y){return Y.toLowerCase().trim().replace(/[^a-z0-9\s_-]+/g,"").replace(/[\s_-]+/g,"-").replace(/^-+|-+$/g,"")}var ez1=["labs","agent","studio","workspace","systems","core","cloud","works"],YU1=["capybara","guarana","deco","samba","feijoada","capoeira","carnival"];function n64(){let Y=Math.floor(Math.random()*YU1.length),X=Math.floor(Math.random()*ez1.length),Q=YU1[Y]??"deco",J=ez1[X]??"studio";return`${Q}-${J}`}var i64=Object.values(bM()).map((Y)=>Y.map((X)=>X.name)).flat(),a64={...Gb,self:["*",...i64]},Ux=c7(a64),r64=Ux.newRole({self:["*"],...gP.statements}),o64=Ux.newRole({self:["*"],...gP.statements}),s64=Ux.newRole({self:["*"],...gP.statements}),XU1=Object.values(bM()).map((Y)=>Y.map((X)=>`self:${X.name}`)).flat(),V9=aP.auth,QU1=void 0;if(V9.inviteEmailProviderId&&V9.emailProviders&&V9.emailProviders.length>0){let Y=yb(V9.emailProviders,V9.inviteEmailProviderId);if(Y){let X=_b(Y);QU1=async(Q)=>{let J=Q.inviter.user?.name||Q.inviter.user?.email,G=`${JJ()}/auth/accept-invitation?invitationId=${Q.invitation.id}`;await X({to:Q.email,subject:`Invitation to join ${Q.organization.name}`,html:`
+</html>`},qX0=(Y)=>{let X=Y?.path??"/reference";return{id:"open-api",endpoints:{generateOpenAPISchema:g0("/open-api/generate-schema",{method:"GET"},async(Q)=>{let J=await pK1(Q.context,Q.context.options);return Q.json(J)}),openAPIReference:g0(X,{method:"GET",metadata:{isAction:!1}},async(Q)=>{if(Y?.disableDefaultReference)throw new i("NOT_FOUND");let J=await pK1(Q.context,Q.context.options);return new Response(pi6(J,Y?.theme,Y?.nonce),{headers:{"Content-Type":"text/html"}})})}}};hX();y7();K9();XY();h0();var A98=Z4(async()=>{return{}}),P98=Z4({use:[q8]},async(Y)=>{return{session:Y.context.session}}),T98=y4({YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_ORGANIZATION:"You are not allowed to create a new organization",YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS:"You have reached the maximum number of organizations",ORGANIZATION_ALREADY_EXISTS:"Organization already exists",ORGANIZATION_SLUG_ALREADY_TAKEN:"Organization slug already taken",ORGANIZATION_NOT_FOUND:"Organization not found",USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION:"User is not a member of the organization",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_ORGANIZATION:"You are not allowed to update this organization",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_ORGANIZATION:"You are not allowed to delete this organization",NO_ACTIVE_ORGANIZATION:"No active organization",USER_IS_ALREADY_A_MEMBER_OF_THIS_ORGANIZATION:"User is already a member of this organization",MEMBER_NOT_FOUND:"Member not found",ROLE_NOT_FOUND:"Role not found",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM:"You are not allowed to create a new team",TEAM_ALREADY_EXISTS:"Team already exists",TEAM_NOT_FOUND:"Team not found",YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER:"You cannot leave the organization as the only owner",YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER:"You cannot leave the organization without an owner",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_MEMBER:"You are not allowed to delete this member",YOU_ARE_NOT_ALLOWED_TO_INVITE_USERS_TO_THIS_ORGANIZATION:"You are not allowed to invite users to this organization",USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION:"User is already invited to this organization",INVITATION_NOT_FOUND:"Invitation not found",YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION:"You are not the recipient of the invitation",EMAIL_VERIFICATION_REQUIRED_BEFORE_ACCEPTING_OR_REJECTING_INVITATION:"Email verification required before accepting or rejecting invitation",YOU_ARE_NOT_ALLOWED_TO_CANCEL_THIS_INVITATION:"You are not allowed to cancel this invitation",INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION:"Inviter is no longer a member of the organization",YOU_ARE_NOT_ALLOWED_TO_INVITE_USER_WITH_THIS_ROLE:"You are not allowed to invite a user with this role",FAILED_TO_RETRIEVE_INVITATION:"Failed to retrieve invitation",YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS:"You have reached the maximum number of teams",UNABLE_TO_REMOVE_LAST_TEAM:"Unable to remove last team",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_MEMBER:"You are not allowed to update this member",ORGANIZATION_MEMBERSHIP_LIMIT_REACHED:"Organization membership limit reached",YOU_ARE_NOT_ALLOWED_TO_CREATE_TEAMS_IN_THIS_ORGANIZATION:"You are not allowed to create teams in this organization",YOU_ARE_NOT_ALLOWED_TO_DELETE_TEAMS_IN_THIS_ORGANIZATION:"You are not allowed to delete teams in this organization",YOU_ARE_NOT_ALLOWED_TO_UPDATE_THIS_TEAM:"You are not allowed to update this team",YOU_ARE_NOT_ALLOWED_TO_DELETE_THIS_TEAM:"You are not allowed to delete this team",INVITATION_LIMIT_REACHED:"Invitation limit reached",TEAM_MEMBER_LIMIT_REACHED:"Team member limit reached",USER_IS_NOT_A_MEMBER_OF_THE_TEAM:"User is not a member of the team",YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM:"You are not allowed to list the members of this team",YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM:"You do not have an active team",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_NEW_TEAM_MEMBER:"You are not allowed to create a new member",YOU_ARE_NOT_ALLOWED_TO_REMOVE_A_TEAM_MEMBER:"You are not allowed to remove a team member",YOU_ARE_NOT_ALLOWED_TO_ACCESS_THIS_ORGANIZATION:"You are not allowed to access this organization as an owner",YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION:"You are not a member of this organization",MISSING_AC_INSTANCE:"Dynamic Access Control requires a pre-defined ac instance on the server auth plugin. Read server logs for more information",YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE:"You must be in an organization to create a role",YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE:"You are not allowed to create a role",YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE:"You are not allowed to update a role",YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE:"You are not allowed to delete a role",YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE:"You are not allowed to read a role",YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE:"You are not allowed to list a role",YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE:"You are not allowed to get a role",TOO_MANY_ROLES:"This organization has too many roles",INVALID_RESOURCE:"The provided permission includes an invalid resource",ROLE_NAME_IS_ALREADY_TAKEN:"That role name is already taken",CANNOT_DELETE_A_PRE_DEFINED_ROLE:"Cannot delete a pre-defined role"});var E98=Number.POSITIVE_INFINITY;var nK1=M(),ni6=z1(["pending","accepted","rejected","canceled"]).default("pending"),C98=p({id:M().default(M9),name:M(),slug:M(),logo:M().nullish().optional(),metadata:Y1(M(),V4()).or(M().transform((Y)=>JSON.parse(Y))).optional(),createdAt:X6()}),I98=p({id:M().default(M9),organizationId:M(),userId:h1.string(),role:nK1,createdAt:X6().default(()=>new Date)}),R98=p({id:M().default(M9),organizationId:M(),email:M(),role:nK1,status:ni6,teamId:M().nullish(),inviterId:M(),expiresAt:X6(),createdAt:X6().default(()=>new Date)}),S98=p({id:M().default(M9),name:M().min(1),organizationId:M(),createdAt:X6(),updatedAt:X6().optional()}),j98=p({id:M().default(M9),teamId:M(),userId:M(),createdAt:X6().default(()=>new Date)}),k98=p({id:M().default(M9),organizationId:M(),role:M(),permission:Y1(M(),P0(M())),createdAt:X6().default(()=>new Date),updatedAt:X6().optional()}),cK1=["admin","member","owner"],v98=Q6([z1(cK1),P0(z1(cK1))]);E8();K9();XY();var l98=y4({INVALID_PHONE_NUMBER:"Invalid phone number",PHONE_NUMBER_EXIST:"Phone number already exists",PHONE_NUMBER_NOT_EXIST:"phone number isn't registered",INVALID_PHONE_NUMBER_OR_PASSWORD:"Invalid phone number or password",UNEXPECTED_ERROR:"Unexpected error",OTP_NOT_FOUND:"OTP not found",OTP_EXPIRED:"OTP expired",INVALID_OTP:"Invalid OTP",PHONE_NUMBER_NOT_VERIFIED:"Phone number not verified",PHONE_NUMBER_CANNOT_BE_UPDATED:"Phone number cannot be updated",SEND_OTP_NOT_IMPLEMENTED:"sendOTP not implemented",TOO_MANY_ATTEMPTS:"Too many attempts"});E8();bX();K9();XY();s9();G8();var ii6=y4({OTP_NOT_ENABLED:"OTP not enabled",OTP_HAS_EXPIRED:"OTP has expired",TOTP_NOT_ENABLED:"TOTP not enabled",TWO_FACTOR_NOT_ENABLED:"Two factor isn't enabled",BACKUP_CODES_NOT_ENABLED:"Backup codes aren't enabled",INVALID_BACKUP_CODE:"Invalid backup code",INVALID_CODE:"Invalid code",TOO_MANY_ATTEMPTS_REQUEST_NEW_CODE:"Too many attempts. Please request a new code.",INVALID_TWO_FACTOR_COOKIE:"Invalid two factor cookie"});K9();XY();var ai6=y4({INVALID_USERNAME_OR_PASSWORD:"Invalid username or password",EMAIL_NOT_VERIFIED:"Email not verified",UNEXPECTED_ERROR:"Unexpected error",USERNAME_IS_ALREADY_TAKEN:"Username is already taken. Please try another.",USERNAME_TOO_SHORT:"Username is too short",USERNAME_TOO_LONG:"Username is too long",INVALID_USERNAME:"Username is invalid",INVALID_DISPLAY_USERNAME:"Display username is invalid"});var VV={enabled:!0,batchSize:250,flushIntervalMs:300,maxQueueSize:1e4,redactor:"regex"};import{existsSync as iK1,readFileSync as aK1}from"fs";var Nb={emailAndPassword:{enabled:!0}},rK1=process.env.CONFIG_PATH||"./config.json",oK1=process.env.AUTH_CONFIG_PATH||"./auth-config.json";function ri6(){if(iK1(rK1))try{let Y=aK1(rK1,"utf-8"),X=JSON.parse(Y);return{auth:Nb,monitoring:VV,...X}}catch{return{auth:Nb,monitoring:VV}}if(iK1(oK1))try{let Y=aK1(oK1,"utf-8");return{auth:JSON.parse(Y),monitoring:VV}}catch{return{auth:Nb,monitoring:VV}}return{auth:Nb,monitoring:VV}}var aP=ri6();function sK1(){return{...VV,...aP.monitoring}}function tK1(){return aP.theme}import{existsSync as Qt6,mkdirSync as Jt6}from"fs";import{Kysely as TF1,PostgresDialect as EF1,sql as rX0}from"kysely";import{BunWorkerDialect as CF1}from"kysely-bun-worker";import*as IF1 from"path";var F5=l6(cX0(),1),gQ8=F5.default.Client,aX0=F5.default.Pool,mQ8=F5.default.Connection,lQ8=F5.default.types,dQ8=F5.default.Query,pQ8=F5.default.DatabaseError,cQ8=F5.default.escapeIdentifier,nQ8=F5.default.escapeLiteral,iQ8=F5.default.Result,aQ8=F5.default.TypeOverrides,rQ8=F5.default.defaults;var Gt6=XR.createHistogram("db.query.duration",{description:"Database query execution duration in milliseconds",unit:"ms"}),Wt6=["PRAGMA busy_timeout = ?;"],Zt6=400,RF1=(Y)=>{let X={"db.statement":Y.query.sql,"db.status":Y.level==="error"?"error":"success"};if(Y.queryDurationMillis>Zt6)console.error("Slow query detected:",{durationMs:Y.queryDurationMillis,sql:Y.query.sql,params:Y.query.parameters});if(Gt6.record(Y.queryDurationMillis,X),Y.level==="error"&&!Wt6.includes(Y.query.sql))console.error("Query failed:",{durationMs:Y.queryDurationMillis,error:Y.error,sql:Y.query.sql})},SF1={keepAlive:!0,keepAliveInitialDelayMillis:1e4,idleTimeoutMillis:300000,connectionTimeoutMillis:30000,allowExitOnIdle:!0};function Kt6(Y){let X=new aX0({connectionString:Y.connectionString,max:Y.options?.maxConnections||10,ssl:process.env.DATABASE_PG_SSL==="true"?!0:!1,...SF1}),Q=new EF1({pool:X});return{type:"postgres",db:new TF1({dialect:Q,log:RF1}),pool:X}}function jF1(Y){if(Y===":memory:")return":memory:";if(Y.includes("://"))return new URL(Y).pathname;return Y}function kF1(Y){if(Y!==":memory:"&&Y!=="/"&&Y){let X=Y.substring(0,Y.lastIndexOf("/"));if(X&&X!=="/"&&!Qt6(X))try{Jt6(X,{recursive:!0})}catch{return console.warn(`Failed to create directory ${X}, using in-memory database`),":memory:"}}return Y}function Ht6(Y){let X=jF1(Y.connectionString);X=kF1(X);let Q=new CF1({url:X||":memory:"}),J=new TF1({dialect:Q,log:RF1});if(!0)rX0`PRAGMA foreign_keys = ON;`.execute(J).catch(()=>{});if(X!==":memory:"&&Y.options?.enableWAL!==!1)rX0`PRAGMA journal_mode = WAL;`.execute(J).catch(()=>{});if(X!==":memory:"){let K=Y.options?.busyTimeout||5000;rX0`PRAGMA busy_timeout = ${K};`.execute(J).catch(()=>{})}return{type:"sqlite",db:J}}function vF1(Y){let X=Y||"file:./data/mesh.db";if(X===":memory:")return{type:"sqlite",connectionString:":memory:"};X=X.startsWith("/")?`file://${X}`:X;let Q=URL.canParse(X)?new URL(X):null,J=Q?.protocol.replace(":","")??X.split("://")[0];switch(J){case"postgres":case"postgresql":return{type:"postgres",connectionString:X};case"sqlite":case"file":if(!Q?.pathname)throw Error("Invalid database URL: "+X);return{type:"sqlite",connectionString:Q.pathname};default:throw Error(`Unsupported database protocol: ${J}. Supported protocols: postgres://, postgresql://, sqlite://, file://`)}}function sX0(){return process.env.DATABASE_URL||`file:${IF1.join(process.cwd(),"data/mesh.db")}`}function _F1(Y){let X=vF1(Y);if(X.type==="postgres")return new EF1({pool:new aX0({connectionString:X.connectionString,max:X.options?.maxConnections||10,ssl:process.env.DATABASE_PG_SSL==="true"?!0:!1,...SF1})});let Q=jF1(X.connectionString);return Q=kF1(Q),new CF1({url:Q||":memory:"})}function Ft6(Y){let X=vF1(Y);if(X.type==="postgres")return Kt6(X);return Ht6(X)}var oX0=null;function vb(){if(!oX0)oX0=Ft6(sX0());return oX0}class tX0{apiKey;constructor(Y){this.apiKey=Y}async sendEmail({to:Y,from:X,subject:Q,html:J}){let G=await fetch("https://api.resend.com/emails",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.apiKey}`},body:JSON.stringify({to:Y,from:X,subject:Q,html:J})});if(!G.ok)throw Error(`Failed to send email: ${G.statusText}`)}}class eX0{apiKey;constructor(Y){this.apiKey=Y}async sendEmail({to:Y,from:X,subject:Q,html:J}){let G=await fetch("https://api.sendgrid.com/v3/mail/send",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.apiKey}`},body:JSON.stringify({personalizations:[{to:[{email:Y}]}],from:{email:X},subject:Q,content:[{type:"text/html",value:J}]})});if(!G.ok){let K=await G.text();throw Error(`Failed to send email via SendGrid: ${G.statusText} - ${K}`)}}}var $t6=(Y)=>{let X=new tX0(Y.config.apiKey);return async({to:Q,subject:J,html:G})=>{await X.sendEmail({to:Q,from:Y.config.fromEmail,subject:J,html:G})}},Vt6=(Y)=>{let X=new eX0(Y.config.apiKey);return async({to:Q,subject:J,html:G})=>{await X.sendEmail({to:Q,from:Y.config.fromEmail,subject:J,html:G})}},qt6={resend:$t6,sendgrid:Vt6};function _b(Y){let X=qt6[Y.provider];if(!X)throw Error(`Unknown email provider: ${Y.provider}`);return X(Y)}function yb(Y,X){return Y.find((Q)=>Q.id===X)}var yF1=(Y,X)=>{let Q=yb(X,Y.emailProviderId);if(!Q)throw Error(`Email provider with id '${Y.emailProviderId}' not found`);let J=_b(Q);return{sendMagicLink:async({email:G,url:K})=>{await J({to:G,subject:"Magic Link",html:`<p>Click <a href="${K}">here</a> to login</p>`})}}};wX();import{createCipheriv as Bt6,createDecipheriv as zt6,randomBytes as fF1}from"crypto";var hF1="aes-256-gcm",GT=16,bF1=16,xF1=32;class zV{key;constructor(Y){if(Buffer.from(Y,"base64").length===xF1)this.key=Buffer.from(Y,"base64");else{let X=F0("crypto");this.key=X.createHash("sha256").update(Y).digest()}}async encrypt(Y){let X=fF1(GT),Q=Bt6(hF1,this.key,X),J=Q.update(Y,"utf8");J=Buffer.concat([J,Q.final()]);let G=Q.getAuthTag();return Buffer.concat([X,G,J]).toString("base64")}async decrypt(Y){let X=Buffer.from(Y,"base64"),Q=X.subarray(0,GT),J=X.subarray(GT,GT+bF1),G=X.subarray(GT+bF1),K=zt6(hF1,this.key,Q);K.setAuthTag(J);let W=K.update(G);return W=Buffer.concat([W,K.final()]),W.toString("utf8")}static generateKey(){return fF1(xF1).toString("base64")}}CZ();$5();wX();var Ot6=["connection_headers","oauth_config","configuration_scopes","metadata","tools","bindings"];class WT{db;vault;constructor(Y,X){this.db=Y;this.vault=X}async create(Y){let X=Y.id??k4("conn"),Q=new Date().toISOString(),J=await this.findById(X);if(J){if(J.organization_id!==Y.organization_id)throw Error("Connection ID already exists");return this.update(X,Y)}let G=await this.serializeConnection({...Y,id:Y.id??X,status:"active",created_at:Q,updated_at:Q});await this.db.insertInto("connections").values(G).execute();let K=await this.findById(X);if(!K)throw Error(`Failed to create connection with id: ${X}`);return K}async findById(Y,X){let Q=mW(Y);if(Q)return S00(X??Q);let J=this.db.selectFrom("connections").selectAll().where("id","=",Y);if(X)J=J.where("organization_id","=",X);let G=await J.executeTakeFirst();return G?this.deserializeConnection(G):null}async list(Y,X){let Q=this.db.selectFrom("connections").selectAll().where("organization_id","=",Y);if(!X?.includeVirtual)Q=Q.where("connection_type","!=","VIRTUAL");let J=await Q.execute();return Promise.all(J.map((G)=>this.deserializeConnection(G)))}async update(Y,X){if(Object.keys(X).length===0){let G=await this.findById(Y);if(!G)throw Error("Connection not found");return G}let Q=await this.serializeConnection({...X,updated_at:new Date().toISOString()});await this.db.updateTable("connections").set(Q).where("id","=",Y).execute();let J=await this.findById(Y);if(!J)throw Error("Connection not found after update");return J}async delete(Y){await this.db.deleteFrom("connections").where("id","=",Y).execute()}async testConnection(Y,X){let Q=await this.findById(Y);if(!Q)throw Error("Connection not found");let J=Date.now();if(Q.connection_type==="STDIO")return{healthy:!0,latencyMs:Date.now()-J};if(!Q.connection_url)return{healthy:!1,latencyMs:Date.now()-J};try{let G=Q.connection_headers,K=await fetch(Q.connection_url,{method:"POST",headers:{"Content-Type":"application/json",...Q.connection_token&&{Authorization:`Bearer ${Q.connection_token}`},...G?.headers,...X},body:JSON.stringify({jsonrpc:"2.0",method:"ping",id:1})});return{healthy:K.ok||K.status===404,latencyMs:Date.now()-J}}catch{return{healthy:!1,latencyMs:Date.now()-J}}}async serializeConnection(Y){let X={};for(let[Q,J]of Object.entries(Y)){if(J===void 0)continue;if(Q==="connection_token"&&J)X[Q]=await this.vault.encrypt(J);else if(Q==="configuration_state"&&J){let G=JSON.stringify(J);X[Q]=await this.vault.encrypt(G)}else if(Q==="connection_headers"&&J){let G=J;if(H7(G)&&G.envVars){let K={};for(let[W,Z]of Object.entries(G.envVars))K[W]=await this.vault.encrypt(Z);X[Q]=JSON.stringify({...G,envVars:K})}else X[Q]=JSON.stringify(G)}else if(Ot6.includes(Q))X[Q]=J?JSON.stringify(J):null;else X[Q]=J}return X}async deserializeConnection(Y){let X=null;if(Y.connection_token)try{X=await this.vault.decrypt(Y.connection_token)}catch(K){console.error("Failed to decrypt connection token:",K)}let Q=null;if(Y.configuration_state)try{let K=await this.vault.decrypt(Y.configuration_state);Q=JSON.parse(K)}catch(K){console.error("Failed to decrypt configuration state:",K)}let J=null;if(Y.connection_headers)try{let K=JSON.parse(Y.connection_headers);if(H7(K)&&K.envVars){let W={};for(let[Z,H]of Object.entries(K.envVars))try{W[Z]=await this.vault.decrypt(H)}catch{W[Z]=H}J={...K,envVars:W}}else J=K}catch(K){console.error("Failed to parse connection_headers:",K)}let G=(K)=>{if(K===null)return null;if(typeof K==="string")try{return JSON.parse(K)}catch{return null}return K};return{id:Y.id,organization_id:Y.organization_id,created_by:Y.created_by,updated_by:Y.updated_by??void 0,title:Y.title,description:Y.description,icon:Y.icon,app_name:Y.app_name,app_id:Y.app_id,connection_type:Y.connection_type,connection_url:Y.connection_url,connection_token:X,connection_headers:J,oauth_config:G(Y.oauth_config),configuration_state:Q,configuration_scopes:G(Y.configuration_scopes),metadata:G(Y.metadata),tools:G(Y.tools),bindings:G(Y.bindings),status:Y.status,created_at:Y.created_at,updated_at:Y.updated_at}}}$5();class ZT{db;constructor(Y){this.db=Y}parseRow(Y){return{id:Y.id,organizationId:Y.organization_id,slug:Y.slug,name:Y.name,description:Y.description,enabledPlugins:Y.enabled_plugins?typeof Y.enabled_plugins==="string"?JSON.parse(Y.enabled_plugins):Y.enabled_plugins:null,ui:Y.ui?typeof Y.ui==="string"?JSON.parse(Y.ui):Y.ui:null,createdAt:Y.created_at,updatedAt:Y.updated_at}}async list(Y){return(await this.db.selectFrom("projects").selectAll().where("organization_id","=",Y).orderBy("created_at","asc").execute()).map((Q)=>this.parseRow(Q))}async get(Y){let X=await this.db.selectFrom("projects").selectAll().where("id","=",Y).executeTakeFirst();return X?this.parseRow(X):null}async getBySlug(Y,X){let Q=await this.db.selectFrom("projects").selectAll().where("organization_id","=",Y).where("slug","=",X).executeTakeFirst();return Q?this.parseRow(Q):null}async create(Y){let X=new Date().toISOString(),Q=k4("proj");await this.db.insertInto("projects").values({id:Q,organization_id:Y.organizationId,slug:Y.slug,name:Y.name,description:Y.description??null,enabled_plugins:Y.enabledPlugins?JSON.stringify(Y.enabledPlugins):null,ui:Y.ui?JSON.stringify(Y.ui):null,created_at:X,updated_at:X}).execute();let J=await this.get(Q);if(!J)throw Error("Failed to create project");return J}async update(Y,X){let Q={updated_at:new Date().toISOString()};if(X.name!==void 0)Q.name=X.name;if(X.description!==void 0)Q.description=X.description;if(X.enabledPlugins!==void 0)Q.enabled_plugins=X.enabledPlugins?JSON.stringify(X.enabledPlugins):null;if(X.ui!==void 0)Q.ui=X.ui?JSON.stringify(X.ui):null;return await this.db.updateTable("projects").set(Q).where("id","=",Y).execute(),this.get(Y)}async delete(Y){return((await this.db.deleteFrom("projects").where("id","=",Y).executeTakeFirst()).numDeletedRows??0n)>0n}}gb();h0();function d64(Y){return[{permissions:{self:["*"]},getTools:async()=>{let{ALL_TOOLS:X}=await Promise.resolve().then(() => (O50(),oz1));return X.map((Q)=>{return{name:Q.name,inputSchema:B.toJSONSchema(Q.inputSchema,{unrepresentable:"any"}),outputSchema:Q.outputSchema?B.toJSONSchema(Q.outputSchema,{unrepresentable:"any"}):void 0,description:Q.description}})},data:I00(JJ(),Y)},{data:C00()},{data:E00(Y)}]}async function sz1(Y,X){try{let Q=vb(),J=new zV(process.env.ENCRYPTION_KEY||""),G=new WT(Q.db,J),K=new ZT(Q.db),W=d64(Y);try{await K.create({organizationId:Y,slug:TW,name:GR,description:"Organization administration and settings",enabledPlugins:null,ui:null})}catch(Z){console.warn("Could not create org-admin project (may already exist):",Z)}await Promise.all(W.map(async(Z)=>{let H=null;if(Z.permissions)H=(await bZ.api.createApiKey({body:{name:`${Z.data.app_name??crypto.randomUUID()}-mcp`,userId:X,permissions:Z.permissions,rateLimitEnabled:!1,metadata:{organization:{id:Y},purpose:"default-org-connections"}}}))?.key;let F=await Z.getTools?.()??await OD({id:"pending",title:Z.data.title,connection_type:Z.data.connection_type,connection_url:Z.data.connection_url,connection_token:Z.data.connection_token,connection_headers:Z.data.connection_headers}).catch(()=>null),$=Z.data.id?Z.data.id.startsWith(`${Y}_`)?Z.data.id:`${Y}_${Z.data.id}`:void 0;await G.create({...Z.data,id:$,tools:F,organization_id:Y,created_by:X,connection_token:Z.data.connection_token??H})}))}catch(Q){console.error("Error creating default MCP connections:",Q)}}var N50=["owner","admin","user"],zx=["owner","admin"];var p64=(Y)=>{return{defaultSSO:[{domain:Y.domain,providerId:Y.providerId,oidcConfig:{issuer:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/v2.0`,pkce:!0,clientId:Y.MS_CLIENT_ID,clientSecret:Y.MS_CLIENT_SECRET,discoveryEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/v2.0/.well-known/openid-configuration`,authorizationEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/oauth2/v2.0/authorize`,tokenEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/oauth2/v2.0/token`,jwksEndpoint:`https://login.microsoftonline.com/${Y.MS_TENANT_ID}/discovery/v2.0/keys`,userInfoEndpoint:"https://graph.microsoft.com/oidc/userinfo",tokenEndpointAuthentication:"client_secret_post",scopes:Y.scopes,mapping:{id:"sub",email:"email",emailVerified:"email_verified",name:"name",image:"picture",extraFields:{emailVerified:"email_verified"}}}}]}},tz1=(Y)=>{if(Y.providerId==="microsoft")return p64(Y);throw Error(`Unsupported provider: ${Y.providerId}`)};function c64(Y){return Y.toLowerCase().trim().replace(/[^a-z0-9\s_-]+/g,"").replace(/[\s_-]+/g,"-").replace(/^-+|-+$/g,"")}var ez1=["labs","agent","studio","workspace","systems","core","cloud","works"],YU1=["capybara","guarana","deco","samba","feijoada","capoeira","carnival"];function n64(){let Y=Math.floor(Math.random()*YU1.length),X=Math.floor(Math.random()*ez1.length),Q=YU1[Y]??"deco",J=ez1[X]??"studio";return`${Q}-${J}`}var i64=Object.values(bM()).map((Y)=>Y.map((X)=>X.name)).flat(),a64={...Gb,self:["*",...i64]},Ux=c7(a64),r64=Ux.newRole({self:["*"],...gP.statements}),o64=Ux.newRole({self:["*"],...gP.statements}),s64=Ux.newRole({self:["*"],...gP.statements}),XU1=Object.values(bM()).map((Y)=>Y.map((X)=>`self:${X.name}`)).flat(),V9=aP.auth,QU1=void 0;if(V9.inviteEmailProviderId&&V9.emailProviders&&V9.emailProviders.length>0){let Y=yb(V9.emailProviders,V9.inviteEmailProviderId);if(Y){let X=_b(Y);QU1=async(Q)=>{let J=Q.inviter.user?.name||Q.inviter.user?.email,G=`${JJ()}/auth/accept-invitation?invitationId=${Q.invitation.id}&redirectTo=/`;await X({to:Q.email,subject:`Invitation to join ${Q.organization.name}`,html:`
           <h2>You've been invited!</h2>
           <p>${J} has invited you to join <strong>${Q.organization.name}</strong>.</p>
           <p><a href="${G}">Click here to accept the invitation</a></p>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@decocms/mesh",
-  "version": "2.80.0",
+  "version": "2.80.1",
   "description": "MCP Mesh - Self-hostable MCP Gateway for managing AI connections and tools",
   "author": "Deco team",
   "license": "MIT",

package/dist/client/assets/auth-catchall-CY-zCZfz.js

@@ -1 +0,0 @@
-import{c as r,a as m,j as n,A as o}from"./index-ZnlwECtw.js";function i(){const e=r.c(3);let t;e[0]===Symbol.for("react.memo_cache_sentinel")?(t={from:"/auth/$pathname"},e[0]=t):t=e[0];const{pathname:s}=m(t);let a;return e[1]!==s?(a=n.jsx("main",{className:"container mx-auto flex grow flex-col items-center justify-center gap-3 self-center p-4 md:p-6",children:n.jsx(o,{pathname:s})}),e[1]=s,e[2]=a):a=e[2],a}export{i as default};

package/dist/client/assets/constants-DSPJyAep.js

@@ -1 +0,0 @@
-import{M as t,Q as a}from"./index-ZnlwECtw.js";const e=t(a,{target:"draft-7"});export{e as B};

package/dist/client/assets/useInfiniteQuery-DpFCGFTj.js

@@ -1 +0,0 @@
-import{I as u}from"./infiniteQueryObserver-DYYmB22D.js";import{a5 as i}from"./index-ZnlwECtw.js";function t(e,r){return i(e,u,r)}export{t as u};

package/dist/client/assets/useQuery-CWQsCMUA.js

@@ -1 +0,0 @@
-import{a5 as u,a8 as s}from"./index-ZnlwECtw.js";function o(e,r){return u(e,s,r)}export{o as u};

package/dist/client/assets/utils-DVZmolTw.js

@@ -1 +0,0 @@
-import{ac as a,ad as c}from"./index-ZnlwECtw.js";function e(...r){return a(c(r))}export{e as c};