@dexto/server 1.2.5

package/dist/hono/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAezD,OAAO,EAAsB,KAAK,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAElF,OAAO,EAAE,sBAAsB,EAAE,MAAM,iCAAiC,CAAC;AACzE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AAKxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AA8B1E,MAAM,MAAM,qBAAqB,GAAG;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,UAAU,CAAC;IAC3B,YAAY,EAAE,MAAM,SAAS,CAAC;IAC9B,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,aAAa,EAAE,qBAAqB,CAAC;IACrC,aAAa,CAAC,EAAE,mBAAmB,CAAC;CACvC,CAAC;AAEF,wBAAgB,cAAc,CAAC,OAAO,EAAE,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kCA+I2t+H,CAAC;yCAA0D,CAAC;mCAAqC,CAAC;0CAA4C,CAAC;2CAA6C,CAAC;uCAAyC,CAAC;6CAA+C,CAAC;;;wCAAgF,CAAC;;;;;uCAAuI,CAAC;;;;;;uCAA2M,CAAC;;;;;;uCAAqK,CAAC;oDAAoC,CAAC;6CAAgD,CAAC;iDAAmD,CAAC;+CAA2D,CAAC;mDAAqD,CAAC;;uCAAqE,CAAC;;;;;uCAA0I,CAAC;qDAAqC,CAAC;+CAAkD,CAAC;yCAA4C,CAAC;8CAAgD,CAAC;;uCAAqE,CAAC;;;;;;uCAA8I,CAAC;8CAA6D,CAAC;iDAAmD,CAAC;uDAAyD,CAAC;;;;uCAA6G,CAAC;8CAA6D,CAAC;iDAAmD,CAAC;uDAAyD,CAAC;;;wCAAsF,CAAC;uCAAyC,CAAC;mCAAkD,CAAC;8CAAgD,CAAC;iDAAmD,CAAC;uDAAyD,CAAC;oCAAsC,CAAC;oCAAsC,CAAC;wCAA0C,CAAC;gDAAkD,CAAC;;;;uCAAoG,CAAC;8CAA6D,CAAC;iDAAmD,CAAC;uDAAyD,CAAC;;;wCAAmF,CAAC;uCAAyC,CAAC;mCAAkD,CAAC;8CAAgD,CAAC;iDAAmD,CAAC;uDAAyD,CAAC;oCAAsC,CAAC;oCAAsC,CAAC;wCAA0C,CAAC;;;;2CAAuG,CAAC;4CAA8C,CAAC;;;;2CAAqH,CAAC;4CAA8C,CAAC;gDAAkD,CAAC;;;;mCAAqF,CAAC;uCAA0C,CAAC;sCAAwC,CAAC;kCAAoC,CAAC;;uCAAiD,CAAC;wCAA0D,CAAC;wCAAmD,CAAC;;;;;;iCAAuI,CAAC;sCAA+E,CAAC;;wCAAsD,CAAC;;;;wCAA6G,CAAC;uCAAyC,CAAC;;;;;wCAAyI,CAAC;6CAA+C,CAAC;yCAA2C,CAAC;;;;mCAAsG,CAAC;mCAAqC,CAAC;;;;;;uCAAkK,CAAC;iCAAmC,CAAC;oCAAsC,CAAC;oCAAsC,CAAC;;;;;;;oCAA8K,CAAC;;;;;;;mDAA6X,CAAC;;+CAAsE,CAAC;mDAAuD,CAAC;;;;;;;;;;;yDAAmmB,CAAC;;;;;yDAA4P,CAAC;;;;;;;;;6CAA0X,CAAC;;;;6CAA8I,CAAC;;;kDAAkH,CAAC;;mDAA0E,CAAC;;8CAA+E,CAAC;;;;yDAAoN,CAAC;;yCAA2E,CAAC;;;6CAAuG,CAAC;;;kDAAoG,CAAC;+CAA+B,CAAC;mDAAuD,CAAC;;8CAA+E,CAAC;;;;yDAAoN,CAAC;;yCAA2E,CAAC;;;6CAAuG,CAAC;;;;wCAA+I,CAAC;yCAAyB,CAAC;iDAAoD,CAAC;sDAAyD,CAAC;;oCAA8D,CAAC;;;;2CAA6G,CAAC;8CAAgD,CAAC;6CAAyE,CAAC;8CAAkD,CAAC;kCAAsC,CAAC;;;;;wCAAuI,CAAC;0CAA8C,CAAC;2CAA+C,CAAC;;mCAAgE,CAAC;4CAA8C,CAAC;gDAAkD,CAAC;;;;2CAAsI,CAAC;;;;2CAA+I,CAAC;;;;2CAAiH,CAAC;4CAA8C,CAAC;;;;4CAA6G,CAAC;;wDAA4F,CAAC;gDAAkD,CAAC;kDAAoD,CAAC;;4CAA6E,CAAC;;wDAA4F,CAAC;gDAAkD,CAAC;kDAAoD,CAAC;;qDAAsF,CAAC;;wDAA4F,CAAC;gDAAkD,CAAC;kDAAoD,CAAC;;qDAAsF,CAAC;;wDAA4F,CAAC;gDAAkD,CAAC;kDAAoD,CAAC;;;2CAA2F,CAAC;;;;2CAAoI,CAAC;;;2CAA0F,CAAC;;oCAA8D,CAAC;6DAAmF,CAAC;sCAAyC,CAAC;;;;;;;;;mCAAkP,CAAC;gCAAkC,CAAC;+BAAmC,CAAC;0CAA4D,CAAC;;;;mCAAuG,CAAC;0CAA4C,CAAC;mCAAmD,CAAC;;;;mCAA0G,CAAC;0CAA4C,CAAC;mCAAmD,CAAC;;;;uCAA+S,CAAC;sCAAwC,CAAC;;;mCAAiF,CAAC;gCAAkC,CAAC;+CAAkF,CAAC;wCAAwD,CAAC;2CAA2B,CAAC;0CAA8C,CAAC;;;;;;oCAAkK,CAAC;oCAAsC,CAAC;yCAA2C,CAAC;6CAAgD,CAAC;;;;mCAAoF,CAAC;qCAAwC,CAAC;;;wCAAsF,CAAC;wCAA0C,CAAC;6CAA+C,CAAC;iDAAoD,CAAC;;;;;;kCAA2I,CAAC;;;;;sCAAyI,CAAC;uCAAsD,CAAC;;yCAAqE,CAAC;;;;;6CAA2O,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oBALn96I;AAID,MAAM,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,cAAc,CAAC,CAAC"}

package/dist/hono/index.js

@@ -0,0 +1,141 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { createHealthRouter } from "./routes/health.js";
+import { createGreetingRouter } from "./routes/greeting.js";
+import { createMessagesRouter } from "./routes/messages.js";
+import { createLlmRouter } from "./routes/llm.js";
+import { createSessionsRouter } from "./routes/sessions.js";
+import { createSearchRouter } from "./routes/search.js";
+import { createMcpRouter } from "./routes/mcp.js";
+import { createA2aRouter } from "./routes/a2a.js";
+import { createA2AJsonRpcRouter } from "./routes/a2a-jsonrpc.js";
+import { createA2ATasksRouter } from "./routes/a2a-tasks.js";
+import { createWebhooksRouter } from "./routes/webhooks.js";
+import { createPromptsRouter } from "./routes/prompts.js";
+import { createResourcesRouter } from "./routes/resources.js";
+import { createMemoryRouter } from "./routes/memory.js";
+import { createAgentsRouter } from "./routes/agents.js";
+import { createApprovalsRouter } from "./routes/approvals.js";
+import { handleHonoError } from "./middleware/error.js";
+import { prettyJsonMiddleware, redactionMiddleware } from "./middleware/redaction.js";
+import { createCorsMiddleware } from "./middleware/cors.js";
+import { createAuthMiddleware } from "./middleware/auth.js";
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const packageJson = JSON.parse(readFileSync(join(__dirname, "../../package.json"), "utf-8"));
+const dummyAgentsContext = {
+  switchAgentById: async () => {
+    throw new Error("Multi-agent features not available in single-agent mode");
+  },
+  switchAgentByPath: async () => {
+    throw new Error("Multi-agent features not available in single-agent mode");
+  },
+  resolveAgentInfo: async () => {
+    throw new Error("Multi-agent features not available in single-agent mode");
+  },
+  ensureAgentAvailable: () => {
+  },
+  getActiveAgentId: () => void 0
+};
+function createDextoApp(options) {
+  const {
+    getAgent,
+    getAgentCard,
+    approvalCoordinator,
+    webhookSubscriber,
+    sseSubscriber,
+    agentsContext
+  } = options;
+  const app = new OpenAPIHono({ strict: false });
+  app.use("*", createCorsMiddleware());
+  app.use("*", createAuthMiddleware());
+  app.onError((err, ctx) => handleHonoError(ctx, err));
+  app.use("/api/*", prettyJsonMiddleware);
+  app.use("/api/*", redactionMiddleware);
+  const fullApp = app.route("/health", createHealthRouter(getAgent)).route("/", createA2aRouter(getAgentCard)).route("/", createA2AJsonRpcRouter(getAgent, sseSubscriber)).route("/", createA2ATasksRouter(getAgent, sseSubscriber)).route("/api", createGreetingRouter(getAgent)).route("/api", createMessagesRouter(getAgent, approvalCoordinator)).route("/api", createLlmRouter(getAgent)).route("/api", createSessionsRouter(getAgent)).route("/api", createSearchRouter(getAgent)).route("/api", createMcpRouter(getAgent)).route("/api", createWebhooksRouter(getAgent, webhookSubscriber)).route("/api", createPromptsRouter(getAgent)).route("/api", createResourcesRouter(getAgent)).route("/api", createMemoryRouter(getAgent)).route("/api", createApprovalsRouter(getAgent, approvalCoordinator)).route("/api", createAgentsRouter(getAgent, agentsContext || dummyAgentsContext));
+  fullApp.doc("/openapi.json", {
+    openapi: "3.0.0",
+    info: {
+      title: "Dexto API",
+      version: packageJson.version,
+      description: "OpenAPI spec for the Dexto REST API server"
+    },
+    servers: [
+      {
+        url: "http://localhost:3001",
+        description: "Local development server (default port)"
+      },
+      {
+        url: "http://localhost:{port}",
+        description: "Local development server (custom port)",
+        variables: {
+          port: {
+            default: "3001",
+            description: "API server port"
+          }
+        }
+      }
+    ],
+    tags: [
+      {
+        name: "system",
+        description: "System health and status endpoints"
+      },
+      {
+        name: "config",
+        description: "Agent configuration and greeting management"
+      },
+      {
+        name: "messages",
+        description: "Send messages to the agent and manage conversations"
+      },
+      {
+        name: "sessions",
+        description: "Create and manage conversation sessions"
+      },
+      {
+        name: "llm",
+        description: "Configure and switch between LLM providers and models"
+      },
+      {
+        name: "mcp",
+        description: "Manage Model Context Protocol (MCP) servers and tools"
+      },
+      {
+        name: "webhooks",
+        description: "Register and manage webhook endpoints for agent events"
+      },
+      {
+        name: "search",
+        description: "Search through messages and sessions"
+      },
+      {
+        name: "memory",
+        description: "Store and retrieve agent memories for context"
+      },
+      {
+        name: "prompts",
+        description: "Manage custom prompts and templates"
+      },
+      {
+        name: "resources",
+        description: "Access and manage resources from MCP servers and internal providers"
+      },
+      {
+        name: "agent",
+        description: "Current agent configuration and file operations"
+      },
+      {
+        name: "agents",
+        description: "Install, switch, and manage agent configurations"
+      }
+    ]
+  });
+  Object.assign(fullApp, { webhookSubscriber });
+  return fullApp;
+}
+export {
+  createDextoApp
+};

package/dist/hono/middleware/auth.cjs

@@ -0,0 +1,75 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var auth_exports = {};
+__export(auth_exports, {
+  createAuthMiddleware: () => createAuthMiddleware
+});
+module.exports = __toCommonJS(auth_exports);
+var import_core = require("@dexto/core");
+const PUBLIC_ROUTES = ["/health", "/.well-known/agent-card.json", "/openapi.json"];
+function createAuthMiddleware() {
+  const apiKey = process.env.DEXTO_SERVER_API_KEY;
+  const isProduction = process.env.NODE_ENV === "production";
+  const requireAuth = process.env.DEXTO_SERVER_REQUIRE_AUTH === "true";
+  if (isProduction && !apiKey) {
+    import_core.logger.warn(
+      `\u26A0\uFE0F  SECURITY WARNING: Running in production mode (NODE_ENV=production) without DEXTO_SERVER_API_KEY. Dexto Server API is UNPROTECTED. Set DEXTO_SERVER_API_KEY environment variable to secure your API.`
+    );
+  }
+  return async (ctx, next) => {
+    const path = ctx.req.path;
+    if (PUBLIC_ROUTES.some((route) => path === route || path.startsWith(route))) {
+      return next();
+    }
+    if (!isProduction && !requireAuth) {
+      return next();
+    }
+    if (!apiKey) {
+      return ctx.json(
+        {
+          error: "Configuration Error",
+          message: requireAuth ? "DEXTO_SERVER_REQUIRE_AUTH=true but DEXTO_SERVER_API_KEY not set. Set DEXTO_SERVER_API_KEY environment variable." : "NODE_ENV=production requires DEXTO_SERVER_API_KEY. Set DEXTO_SERVER_API_KEY environment variable to secure your API."
+        },
+        500
+      );
+    }
+    const authHeader = ctx.req.header("Authorization");
+    const providedKey = authHeader?.replace(/^Bearer\s+/i, "");
+    if (!providedKey || providedKey !== apiKey) {
+      import_core.logger.warn("Unauthorized API access attempt", {
+        path,
+        hasKey: !!providedKey,
+        origin: ctx.req.header("origin"),
+        userAgent: ctx.req.header("user-agent")
+      });
+      return ctx.json(
+        {
+          error: "Unauthorized",
+          message: "Invalid or missing API key. Provide Authorization: Bearer <api-key> header."
+        },
+        401
+      );
+    }
+    await next();
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createAuthMiddleware
+});

package/dist/hono/middleware/auth.d.ts

@@ -0,0 +1,3 @@
+import type { MiddlewareHandler } from 'hono';
+export declare function createAuthMiddleware(): MiddlewareHandler;
+//# sourceMappingURL=auth.d.ts.map

package/dist/hono/middleware/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/hono/middleware/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAuB9C,wBAAgB,oBAAoB,IAAI,iBAAiB,CAiExD"}

package/dist/hono/middleware/auth.js

@@ -0,0 +1,51 @@
+import { logger } from "@dexto/core";
+const PUBLIC_ROUTES = ["/health", "/.well-known/agent-card.json", "/openapi.json"];
+function createAuthMiddleware() {
+  const apiKey = process.env.DEXTO_SERVER_API_KEY;
+  const isProduction = process.env.NODE_ENV === "production";
+  const requireAuth = process.env.DEXTO_SERVER_REQUIRE_AUTH === "true";
+  if (isProduction && !apiKey) {
+    logger.warn(
+      `\u26A0\uFE0F  SECURITY WARNING: Running in production mode (NODE_ENV=production) without DEXTO_SERVER_API_KEY. Dexto Server API is UNPROTECTED. Set DEXTO_SERVER_API_KEY environment variable to secure your API.`
+    );
+  }
+  return async (ctx, next) => {
+    const path = ctx.req.path;
+    if (PUBLIC_ROUTES.some((route) => path === route || path.startsWith(route))) {
+      return next();
+    }
+    if (!isProduction && !requireAuth) {
+      return next();
+    }
+    if (!apiKey) {
+      return ctx.json(
+        {
+          error: "Configuration Error",
+          message: requireAuth ? "DEXTO_SERVER_REQUIRE_AUTH=true but DEXTO_SERVER_API_KEY not set. Set DEXTO_SERVER_API_KEY environment variable." : "NODE_ENV=production requires DEXTO_SERVER_API_KEY. Set DEXTO_SERVER_API_KEY environment variable to secure your API."
+        },
+        500
+      );
+    }
+    const authHeader = ctx.req.header("Authorization");
+    const providedKey = authHeader?.replace(/^Bearer\s+/i, "");
+    if (!providedKey || providedKey !== apiKey) {
+      logger.warn("Unauthorized API access attempt", {
+        path,
+        hasKey: !!providedKey,
+        origin: ctx.req.header("origin"),
+        userAgent: ctx.req.header("user-agent")
+      });
+      return ctx.json(
+        {
+          error: "Unauthorized",
+          message: "Invalid or missing API key. Provide Authorization: Bearer <api-key> header."
+        },
+        401
+      );
+    }
+    await next();
+  };
+}
+export {
+  createAuthMiddleware
+};

package/dist/hono/middleware/cors.cjs

@@ -0,0 +1,57 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var cors_exports = {};
+__export(cors_exports, {
+  createCorsMiddleware: () => createCorsMiddleware
+});
+module.exports = __toCommonJS(cors_exports);
+var import_cors = require("hono/cors");
+function createCorsMiddleware() {
+  return (0, import_cors.cors)({
+    origin: (origin) => {
+      if (!origin) {
+        return null;
+      }
+      try {
+        const originUrl = new URL(origin);
+        const hostname = originUrl.hostname;
+        if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1") {
+          return origin;
+        }
+        const customOrigins = process.env.DEXTO_ALLOWED_ORIGINS;
+        if (customOrigins) {
+          const allowedList = customOrigins.split(",").map((o) => o.trim());
+          if (allowedList.includes(origin)) {
+            return origin;
+          }
+        }
+        return null;
+      } catch {
+        return null;
+      }
+    },
+    allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"],
+    allowHeaders: ["Content-Type", "Authorization"],
+    credentials: true
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createCorsMiddleware
+});

package/dist/hono/middleware/cors.d.ts

@@ -0,0 +1,9 @@
+import type { MiddlewareHandler } from 'hono';
+/**
+ * CORS middleware that allows:
+ * 1. All localhost/127.0.0.1 origins on any port (for local development)
+ * 2. Custom origins specified in DEXTO_ALLOWED_ORIGINS environment variable
+ * 3. Server-to-server requests with no origin header
+ */
+export declare function createCorsMiddleware(): MiddlewareHandler;
+//# sourceMappingURL=cors.d.ts.map

package/dist/hono/middleware/cors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../src/hono/middleware/cors.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAE9C;;;;;GAKG;AACH,wBAAgB,oBAAoB,IAAI,iBAAiB,CAuCxD"}

package/dist/hono/middleware/cors.js

@@ -0,0 +1,33 @@
+import { cors } from "hono/cors";
+function createCorsMiddleware() {
+  return cors({
+    origin: (origin) => {
+      if (!origin) {
+        return null;
+      }
+      try {
+        const originUrl = new URL(origin);
+        const hostname = originUrl.hostname;
+        if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1") {
+          return origin;
+        }
+        const customOrigins = process.env.DEXTO_ALLOWED_ORIGINS;
+        if (customOrigins) {
+          const allowedList = customOrigins.split(",").map((o) => o.trim());
+          if (allowedList.includes(origin)) {
+            return origin;
+          }
+        }
+        return null;
+      } catch {
+        return null;
+      }
+    },
+    allowMethods: ["GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "HEAD"],
+    allowHeaders: ["Content-Type", "Authorization"],
+    credentials: true
+  });
+}
+export {
+  createCorsMiddleware
+};

package/dist/hono/middleware/error.cjs

@@ -0,0 +1,131 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var error_exports = {};
+__export(error_exports, {
+  handleHonoError: () => handleHonoError,
+  mapErrorTypeToStatus: () => mapErrorTypeToStatus,
+  statusForValidation: () => statusForValidation
+});
+module.exports = __toCommonJS(error_exports);
+var import_core = require("@dexto/core");
+var import_core2 = require("@dexto/core");
+var import_zod = require("zod");
+const mapErrorTypeToStatus = (type) => {
+  switch (type) {
+    case import_core.ErrorType.USER:
+      return 400;
+    case import_core.ErrorType.NOT_FOUND:
+      return 404;
+    case import_core.ErrorType.FORBIDDEN:
+      return 403;
+    case import_core.ErrorType.TIMEOUT:
+      return 408;
+    case import_core.ErrorType.RATE_LIMIT:
+      return 429;
+    case import_core.ErrorType.SYSTEM:
+      return 500;
+    case import_core.ErrorType.THIRD_PARTY:
+      return 502;
+    case import_core.ErrorType.UNKNOWN:
+    default:
+      return 500;
+  }
+};
+const statusForValidation = (issues) => {
+  const firstError = issues.find((i) => i.severity === "error");
+  const type = firstError?.type ?? import_core.ErrorType.USER;
+  return mapErrorTypeToStatus(type);
+};
+function handleHonoError(ctx, err) {
+  const endpoint = ctx.req.path || "unknown";
+  const method = ctx.req.method || "unknown";
+  if (err instanceof import_core.DextoRuntimeError) {
+    return ctx.json(
+      {
+        ...err.toJSON(),
+        endpoint,
+        method
+      },
+      mapErrorTypeToStatus(err.type)
+    );
+  }
+  if (err instanceof import_core.DextoValidationError) {
+    return ctx.json(
+      {
+        ...err.toJSON(),
+        endpoint,
+        method
+      },
+      statusForValidation(err.issues)
+    );
+  }
+  if (err instanceof import_zod.ZodError) {
+    const issues = (0, import_core.zodToIssues)(err);
+    const dexErr = new import_core.DextoValidationError(issues);
+    return ctx.json(
+      {
+        ...dexErr.toJSON(),
+        endpoint,
+        method
+      },
+      statusForValidation(issues)
+    );
+  }
+  if (err instanceof SyntaxError) {
+    return ctx.json(
+      {
+        code: "invalid_json",
+        message: err.message || "Invalid JSON body",
+        scope: "agent",
+        type: "user",
+        severity: "error",
+        endpoint,
+        method
+      },
+      400
+    );
+  }
+  const errorMessage = err instanceof Error ? err.message : String(err);
+  const errorStack = err instanceof Error ? err.stack : void 0;
+  import_core2.logger.error(
+    `Unhandled error in API middleware: ${errorMessage}, endpoint: ${method} ${endpoint}, stack: ${errorStack}, type: ${typeof err}`
+  );
+  const isDevelopment = process.env.NODE_ENV === "development";
+  const userMessage = isDevelopment ? `An unexpected error occurred: ${errorMessage}` : "An unexpected error occurred. Please try again later.";
+  return ctx.json(
+    {
+      code: "internal_error",
+      message: userMessage,
+      scope: "system",
+      type: "system",
+      severity: "error",
+      endpoint,
+      method,
+      // Only include stack traces in development to avoid exposing internals
+      ...isDevelopment && errorStack ? { stack: errorStack } : {}
+    },
+    500
+  );
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  handleHonoError,
+  mapErrorTypeToStatus,
+  statusForValidation
+});

package/dist/hono/middleware/error.d.ts

@@ -0,0 +1,5 @@
+import { ErrorType, zodToIssues } from '@dexto/core';
+export declare const mapErrorTypeToStatus: (type: ErrorType) => number;
+export declare const statusForValidation: (issues: ReturnType<typeof zodToIssues>) => number;
+export declare function handleHonoError(ctx: any, err: unknown): any;
+//# sourceMappingURL=error.d.ts.map

package/dist/hono/middleware/error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.d.ts","sourceRoot":"","sources":["../../../src/hono/middleware/error.ts"],"names":[],"mappings":"AAAA,OAAO,EAA2C,SAAS,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAI9F,eAAO,MAAM,oBAAoB,GAAI,MAAM,SAAS,KAAG,MAoBtD,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAAI,QAAQ,UAAU,CAAC,OAAO,WAAW,CAAC,KAAG,MAI5E,CAAC;AAEF,wBAAgB,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,OAkFrD"}

package/dist/hono/middleware/error.js

@@ -0,0 +1,105 @@
+import { DextoRuntimeError, DextoValidationError, ErrorType, zodToIssues } from "@dexto/core";
+import { logger } from "@dexto/core";
+import { ZodError } from "zod";
+const mapErrorTypeToStatus = (type) => {
+  switch (type) {
+    case ErrorType.USER:
+      return 400;
+    case ErrorType.NOT_FOUND:
+      return 404;
+    case ErrorType.FORBIDDEN:
+      return 403;
+    case ErrorType.TIMEOUT:
+      return 408;
+    case ErrorType.RATE_LIMIT:
+      return 429;
+    case ErrorType.SYSTEM:
+      return 500;
+    case ErrorType.THIRD_PARTY:
+      return 502;
+    case ErrorType.UNKNOWN:
+    default:
+      return 500;
+  }
+};
+const statusForValidation = (issues) => {
+  const firstError = issues.find((i) => i.severity === "error");
+  const type = firstError?.type ?? ErrorType.USER;
+  return mapErrorTypeToStatus(type);
+};
+function handleHonoError(ctx, err) {
+  const endpoint = ctx.req.path || "unknown";
+  const method = ctx.req.method || "unknown";
+  if (err instanceof DextoRuntimeError) {
+    return ctx.json(
+      {
+        ...err.toJSON(),
+        endpoint,
+        method
+      },
+      mapErrorTypeToStatus(err.type)
+    );
+  }
+  if (err instanceof DextoValidationError) {
+    return ctx.json(
+      {
+        ...err.toJSON(),
+        endpoint,
+        method
+      },
+      statusForValidation(err.issues)
+    );
+  }
+  if (err instanceof ZodError) {
+    const issues = zodToIssues(err);
+    const dexErr = new DextoValidationError(issues);
+    return ctx.json(
+      {
+        ...dexErr.toJSON(),
+        endpoint,
+        method
+      },
+      statusForValidation(issues)
+    );
+  }
+  if (err instanceof SyntaxError) {
+    return ctx.json(
+      {
+        code: "invalid_json",
+        message: err.message || "Invalid JSON body",
+        scope: "agent",
+        type: "user",
+        severity: "error",
+        endpoint,
+        method
+      },
+      400
+    );
+  }
+  const errorMessage = err instanceof Error ? err.message : String(err);
+  const errorStack = err instanceof Error ? err.stack : void 0;
+  logger.error(
+    `Unhandled error in API middleware: ${errorMessage}, endpoint: ${method} ${endpoint}, stack: ${errorStack}, type: ${typeof err}`
+  );
+  const isDevelopment = process.env.NODE_ENV === "development";
+  const userMessage = isDevelopment ? `An unexpected error occurred: ${errorMessage}` : "An unexpected error occurred. Please try again later.";
+  return ctx.json(
+    {
+      code: "internal_error",
+      message: userMessage,
+      scope: "system",
+      type: "system",
+      severity: "error",
+      endpoint,
+      method,
+      // Only include stack traces in development to avoid exposing internals
+      ...isDevelopment && errorStack ? { stack: errorStack } : {}
+    },
+    500
+  );
+}
+export {
+  handleHonoError,
+  mapErrorTypeToStatus,
+  statusForValidation
+};