@dollhousemcp/mcp-server 2.0.0-rc.6 → 2.0.0

package/dist/web/routes/metricsRoutes.js

@@ -0,0 +1,90 @@
+/**
+ * Metrics API routes for the unified dev console.
+ *
+ * Mounts on the existing Express app to provide:
+ * - GET /api/metrics        — JSON query (delegates to MemoryMetricsSink)
+ * - GET /api/metrics/stream — SSE endpoint, pushes each new snapshot
+ */
+import { Router } from 'express';
+import { UnicodeValidator } from '../../security/validators/unicodeValidator.js';
+function normalizedStringParam(query, key) {
+    const val = query[key];
+    if (typeof val === 'string' && val) {
+        return UnicodeValidator.normalize(val).normalizedContent;
+    }
+    return undefined;
+}
+function parseMetricsQueryOptions(query) {
+    const options = {};
+    const names = normalizedStringParam(query, 'names');
+    if (names)
+        options['names'] = names.split(',').map(s => s.trim());
+    const source = normalizedStringParam(query, 'source');
+    if (source)
+        options['source'] = source;
+    const type = normalizedStringParam(query, 'type');
+    if (type)
+        options['type'] = type;
+    for (const field of ['since', 'until']) {
+        if (typeof query[field] === 'string' && query[field])
+            options[field] = query[field];
+    }
+    if (typeof query['latest'] === 'string') {
+        options['latest'] = query['latest'] !== 'false';
+    }
+    for (const field of ['limit', 'offset']) {
+        if (typeof query[field] === 'string') {
+            const parsed = Number.parseInt(query[field], 10);
+            if (!Number.isNaN(parsed))
+                options[field] = parsed;
+        }
+    }
+    return options;
+}
+export function createMetricsRoutes(metricsSink) {
+    const router = Router();
+    const clients = new Set();
+    // GET /api/metrics — JSON query
+    router.get('/metrics', (req, res) => {
+        const result = metricsSink.query(parseMetricsQueryOptions(req.query));
+        res.json(result);
+    });
+    // GET /api/metrics/stream — SSE endpoint for real-time metric snapshots.
+    // Currently unused by the built-in web console (which polls /api/metrics).
+    // Retained for third-party consumers (Prometheus, Grafana agent, custom dashboards)
+    // that benefit from push-based metric delivery.
+    router.get('/metrics/stream', (req, res) => {
+        res.writeHead(200, {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            'Connection': 'keep-alive',
+        });
+        res.write(':connected\n\n');
+        const client = { res };
+        clients.add(client);
+        // Keep-alive heartbeat — prevents proxies from closing idle connections
+        const heartbeat = setInterval(() => {
+            res.write(': heartbeat\n\n');
+        }, 30_000);
+        req.on('close', () => {
+            clearInterval(heartbeat);
+            clients.delete(client);
+        });
+    });
+    function onSnapshot(snapshot) {
+        const data = JSON.stringify(snapshot);
+        for (const client of clients) {
+            if (client.res.destroyed) {
+                clients.delete(client);
+                continue;
+            }
+            client.res.write(`data: ${data}\n\n`);
+        }
+    }
+    return {
+        router,
+        onSnapshot,
+        clientCount: () => clients.size,
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWV0cmljc1JvdXRlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy93ZWIvcm91dGVzL21ldHJpY3NSb3V0ZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7OztHQU1HO0FBRUgsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLFNBQVMsQ0FBQztBQUlqQyxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSwrQ0FBK0MsQ0FBQztBQVlqRixTQUFTLHFCQUFxQixDQUFDLEtBQXVCLEVBQUUsR0FBVztJQUNqRSxNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDdkIsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLElBQUksR0FBRyxFQUFFLENBQUM7UUFDbkMsT0FBTyxnQkFBZ0IsQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsaUJBQWlCLENBQUM7SUFDM0QsQ0FBQztJQUNELE9BQU8sU0FBUyxDQUFDO0FBQ25CLENBQUM7QUFFRCxTQUFTLHdCQUF3QixDQUFDLEtBQXVCO0lBQ3ZELE1BQU0sT0FBTyxHQUE0QixFQUFFLENBQUM7SUFFNUMsTUFBTSxLQUFLLEdBQUcscUJBQXFCLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQ3BELElBQUksS0FBSztRQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBRWxFLE1BQU0sTUFBTSxHQUFHLHFCQUFxQixDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsQ0FBQztJQUN0RCxJQUFJLE1BQU07UUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsTUFBTSxDQUFDO0lBRXZDLE1BQU0sSUFBSSxHQUFHLHFCQUFxQixDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsQ0FBQztJQUNsRCxJQUFJLElBQUk7UUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLEdBQUcsSUFBa0IsQ0FBQztJQUUvQyxLQUFLLE1BQU0sS0FBSyxJQUFJLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBVSxFQUFFLENBQUM7UUFDaEQsSUFBSSxPQUFPLEtBQUssQ0FBQyxLQUFLLENBQUMsS0FBSyxRQUFRLElBQUksS0FBSyxDQUFDLEtBQUssQ0FBQztZQUFFLE9BQU8sQ0FBQyxLQUFLLENBQUMsR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDdEYsQ0FBQztJQUNELElBQUksT0FBTyxLQUFLLENBQUMsUUFBUSxDQUFDLEtBQUssUUFBUSxFQUFFLENBQUM7UUFDeEMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUMsS0FBSyxPQUFPLENBQUM7SUFDbEQsQ0FBQztJQUNELEtBQUssTUFBTSxLQUFLLElBQUksQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFVLEVBQUUsQ0FBQztRQUNqRCxJQUFJLE9BQU8sS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ3JDLE1BQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ2pELElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQztnQkFBRSxPQUFPLENBQUMsS0FBSyxDQUFDLEdBQUcsTUFBTSxDQUFDO1FBQ3JELENBQUM7SUFDSCxDQUFDO0lBQ0QsT0FBTyxPQUFPLENBQUM7QUFDakIsQ0FBQztBQUVELE1BQU0sVUFBVSxtQkFBbUIsQ0FBQyxXQUE4QjtJQUNoRSxNQUFNLE1BQU0sR0FBRyxNQUFNLEVBQUUsQ0FBQztJQUN4QixNQUFNLE9BQU8sR0FBRyxJQUFJLEdBQUcsRUFBYSxDQUFDO0lBRXJDLGdDQUFnQztJQUNoQyxNQUFNLENBQUMsR0FBRyxDQUFDLFVBQVUsRUFBRSxDQUFDLEdBQVksRUFBRSxHQUFhLEVBQUUsRUFBRTtRQUNyRCxNQUFNLE1BQU0sR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLHdCQUF3QixDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBQ3RFLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDbkIsQ0FBQyxDQUFDLENBQUM7SUFFSCx5RUFBeUU7SUFDekUsMkVBQTJFO0lBQzNFLG9GQUFvRjtJQUNwRixnREFBZ0Q7SUFDaEQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsRUFBRSxDQUFDLEdBQVksRUFBRSxHQUFhLEVBQUUsRUFBRTtRQUM1RCxHQUFHLENBQUMsU0FBUyxDQUFDLEdBQUcsRUFBRTtZQUNqQixjQUFjLEVBQUUsbUJBQW1CO1lBQ25DLGVBQWUsRUFBRSxVQUFVO1lBQzNCLFlBQVksRUFBRSxZQUFZO1NBQzNCLENBQUMsQ0FBQztRQUNILEdBQUcsQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUU1QixNQUFNLE1BQU0sR0FBYyxFQUFFLEdBQUcsRUFBRSxDQUFDO1FBQ2xDLE9BQU8sQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFcEIsd0VBQXdFO1FBQ3hFLE1BQU0sU0FBUyxHQUFHLFdBQVcsQ0FBQyxHQUFHLEVBQUU7WUFDakMsR0FBRyxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQy9CLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUVYLEdBQUcsQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRTtZQUNuQixhQUFhLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDekIsT0FBTyxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN6QixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0lBRUgsU0FBUyxVQUFVLENBQUMsUUFBd0I7UUFDMUMsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0QyxLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQzdCLElBQUksTUFBTSxDQUFDLEdBQUcsQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFBQyxPQUFPLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2dCQUFDLFNBQVM7WUFBQyxDQUFDO1lBQy9ELE1BQU0sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLFNBQVMsSUFBSSxNQUFNLENBQUMsQ0FBQztRQUN4QyxDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU87UUFDTCxNQUFNO1FBQ04sVUFBVTtRQUNWLFdBQVcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxPQUFPLENBQUMsSUFBSTtLQUNoQyxDQUFDO0FBQ0osQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogTWV0cmljcyBBUEkgcm91dGVzIGZvciB0aGUgdW5pZmllZCBkZXYgY29uc29sZS5cbiAqXG4gKiBNb3VudHMgb24gdGhlIGV4aXN0aW5nIEV4cHJlc3MgYXBwIHRvIHByb3ZpZGU6XG4gKiAtIEdFVCAvYXBpL21ldHJpY3MgICAgICAgIOKAlCBKU09OIHF1ZXJ5IChkZWxlZ2F0ZXMgdG8gTWVtb3J5TWV0cmljc1NpbmspXG4gKiAtIEdFVCAvYXBpL21ldHJpY3Mvc3RyZWFtIOKAlCBTU0UgZW5kcG9pbnQsIHB1c2hlcyBlYWNoIG5ldyBzbmFwc2hvdFxuICovXG5cbmltcG9ydCB7IFJvdXRlciB9IGZyb20gJ2V4cHJlc3MnO1xuaW1wb3J0IHR5cGUgeyBSZXF1ZXN0LCBSZXNwb25zZSB9IGZyb20gJ2V4cHJlc3MnO1xuaW1wb3J0IHR5cGUgeyBNZW1vcnlNZXRyaWNzU2luayB9IGZyb20gJy4uLy4uL21ldHJpY3Mvc2lua3MvTWVtb3J5TWV0cmljc1NpbmsuanMnO1xuaW1wb3J0IHR5cGUgeyBNZXRyaWNTbmFwc2hvdCwgTWV0cmljVHlwZSB9IGZyb20gJy4uLy4uL21ldHJpY3MvdHlwZXMuanMnO1xuaW1wb3J0IHsgVW5pY29kZVZhbGlkYXRvciB9IGZyb20gJy4uLy4uL3NlY3VyaXR5L3ZhbGlkYXRvcnMvdW5pY29kZVZhbGlkYXRvci5qcyc7XG5cbmludGVyZmFjZSBTU0VDbGllbnQge1xuICByZXM6IFJlc3BvbnNlO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIE1ldHJpY3NSb3V0ZXNSZXN1bHQge1xuICByb3V0ZXI6IFJvdXRlcjtcbiAgb25TbmFwc2hvdDogKHNuYXBzaG90OiBNZXRyaWNTbmFwc2hvdCkgPT4gdm9pZDtcbiAgY2xpZW50Q291bnQ6ICgpID0+IG51bWJlcjtcbn1cblxuZnVuY3Rpb24gbm9ybWFsaXplZFN0cmluZ1BhcmFtKHF1ZXJ5OiBSZXF1ZXN0WydxdWVyeSddLCBrZXk6IHN0cmluZyk6IHN0cmluZyB8IHVuZGVmaW5lZCB7XG4gIGNvbnN0IHZhbCA9IHF1ZXJ5W2tleV07XG4gIGlmICh0eXBlb2YgdmFsID09PSAnc3RyaW5nJyAmJiB2YWwpIHtcbiAgICByZXR1cm4gVW5pY29kZVZhbGlkYXRvci5ub3JtYWxpemUodmFsKS5ub3JtYWxpemVkQ29udGVudDtcbiAgfVxuICByZXR1cm4gdW5kZWZpbmVkO1xufVxuXG5mdW5jdGlvbiBwYXJzZU1ldHJpY3NRdWVyeU9wdGlvbnMocXVlcnk6IFJlcXVlc3RbJ3F1ZXJ5J10pOiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPiB7XG4gIGNvbnN0IG9wdGlvbnM6IFJlY29yZDxzdHJpbmcsIHVua25vd24+ID0ge307XG5cbiAgY29uc3QgbmFtZXMgPSBub3JtYWxpemVkU3RyaW5nUGFyYW0ocXVlcnksICduYW1lcycpO1xuICBpZiAobmFtZXMpIG9wdGlvbnNbJ25hbWVzJ10gPSBuYW1lcy5zcGxpdCgnLCcpLm1hcChzID0+IHMudHJpbSgpKTtcblxuICBjb25zdCBzb3VyY2UgPSBub3JtYWxpemVkU3RyaW5nUGFyYW0ocXVlcnksICdzb3VyY2UnKTtcbiAgaWYgKHNvdXJjZSkgb3B0aW9uc1snc291cmNlJ10gPSBzb3VyY2U7XG5cbiAgY29uc3QgdHlwZSA9IG5vcm1hbGl6ZWRTdHJpbmdQYXJhbShxdWVyeSwgJ3R5cGUnKTtcbiAgaWYgKHR5cGUpIG9wdGlvbnNbJ3R5cGUnXSA9IHR5cGUgYXMgTWV0cmljVHlwZTtcblxuICBmb3IgKGNvbnN0IGZpZWxkIG9mIFsnc2luY2UnLCAndW50aWwnXSBhcyBjb25zdCkge1xuICAgIGlmICh0eXBlb2YgcXVlcnlbZmllbGRdID09PSAnc3RyaW5nJyAmJiBxdWVyeVtmaWVsZF0pIG9wdGlvbnNbZmllbGRdID0gcXVlcnlbZmllbGRdO1xuICB9XG4gIGlmICh0eXBlb2YgcXVlcnlbJ2xhdGVzdCddID09PSAnc3RyaW5nJykge1xuICAgIG9wdGlvbnNbJ2xhdGVzdCddID0gcXVlcnlbJ2xhdGVzdCddICE9PSAnZmFsc2UnO1xuICB9XG4gIGZvciAoY29uc3QgZmllbGQgb2YgWydsaW1pdCcsICdvZmZzZXQnXSBhcyBjb25zdCkge1xuICAgIGlmICh0eXBlb2YgcXVlcnlbZmllbGRdID09PSAnc3RyaW5nJykge1xuICAgICAgY29uc3QgcGFyc2VkID0gTnVtYmVyLnBhcnNlSW50KHF1ZXJ5W2ZpZWxkXSwgMTApO1xuICAgICAgaWYgKCFOdW1iZXIuaXNOYU4ocGFyc2VkKSkgb3B0aW9uc1tmaWVsZF0gPSBwYXJzZWQ7XG4gICAgfVxuICB9XG4gIHJldHVybiBvcHRpb25zO1xufVxuXG5leHBvcnQgZnVuY3Rpb24gY3JlYXRlTWV0cmljc1JvdXRlcyhtZXRyaWNzU2luazogTWVtb3J5TWV0cmljc1NpbmspOiBNZXRyaWNzUm91dGVzUmVzdWx0IHtcbiAgY29uc3Qgcm91dGVyID0gUm91dGVyKCk7XG4gIGNvbnN0IGNsaWVudHMgPSBuZXcgU2V0PFNTRUNsaWVudD4oKTtcblxuICAvLyBHRVQgL2FwaS9tZXRyaWNzIOKAlCBKU09OIHF1ZXJ5XG4gIHJvdXRlci5nZXQoJy9tZXRyaWNzJywgKHJlcTogUmVxdWVzdCwgcmVzOiBSZXNwb25zZSkgPT4ge1xuICAgIGNvbnN0IHJlc3VsdCA9IG1ldHJpY3NTaW5rLnF1ZXJ5KHBhcnNlTWV0cmljc1F1ZXJ5T3B0aW9ucyhyZXEucXVlcnkpKTtcbiAgICByZXMuanNvbihyZXN1bHQpO1xuICB9KTtcblxuICAvLyBHRVQgL2FwaS9tZXRyaWNzL3N0cmVhbSDigJQgU1NFIGVuZHBvaW50IGZvciByZWFsLXRpbWUgbWV0cmljIHNuYXBzaG90cy5cbiAgLy8gQ3VycmVudGx5IHVudXNlZCBieSB0aGUgYnVpbHQtaW4gd2ViIGNvbnNvbGUgKHdoaWNoIHBvbGxzIC9hcGkvbWV0cmljcykuXG4gIC8vIFJldGFpbmVkIGZvciB0aGlyZC1wYXJ0eSBjb25zdW1lcnMgKFByb21ldGhldXMsIEdyYWZhbmEgYWdlbnQsIGN1c3RvbSBkYXNoYm9hcmRzKVxuICAvLyB0aGF0IGJlbmVmaXQgZnJvbSBwdXNoLWJhc2VkIG1ldHJpYyBkZWxpdmVyeS5cbiAgcm91dGVyLmdldCgnL21ldHJpY3Mvc3RyZWFtJywgKHJlcTogUmVxdWVzdCwgcmVzOiBSZXNwb25zZSkgPT4ge1xuICAgIHJlcy53cml0ZUhlYWQoMjAwLCB7XG4gICAgICAnQ29udGVudC1UeXBlJzogJ3RleHQvZXZlbnQtc3RyZWFtJyxcbiAgICAgICdDYWNoZS1Db250cm9sJzogJ25vLWNhY2hlJyxcbiAgICAgICdDb25uZWN0aW9uJzogJ2tlZXAtYWxpdmUnLFxuICAgIH0pO1xuICAgIHJlcy53cml0ZSgnOmNvbm5lY3RlZFxcblxcbicpO1xuXG4gICAgY29uc3QgY2xpZW50OiBTU0VDbGllbnQgPSB7IHJlcyB9O1xuICAgIGNsaWVudHMuYWRkKGNsaWVudCk7XG5cbiAgICAvLyBLZWVwLWFsaXZlIGhlYXJ0YmVhdCDigJQgcHJldmVudHMgcHJveGllcyBmcm9tIGNsb3NpbmcgaWRsZSBjb25uZWN0aW9uc1xuICAgIGNvbnN0IGhlYXJ0YmVhdCA9IHNldEludGVydmFsKCgpID0+IHtcbiAgICAgIHJlcy53cml0ZSgnOiBoZWFydGJlYXRcXG5cXG4nKTtcbiAgICB9LCAzMF8wMDApO1xuXG4gICAgcmVxLm9uKCdjbG9zZScsICgpID0+IHtcbiAgICAgIGNsZWFySW50ZXJ2YWwoaGVhcnRiZWF0KTtcbiAgICAgIGNsaWVudHMuZGVsZXRlKGNsaWVudCk7XG4gICAgfSk7XG4gIH0pO1xuXG4gIGZ1bmN0aW9uIG9uU25hcHNob3Qoc25hcHNob3Q6IE1ldHJpY1NuYXBzaG90KTogdm9pZCB7XG4gICAgY29uc3QgZGF0YSA9IEpTT04uc3RyaW5naWZ5KHNuYXBzaG90KTtcbiAgICBmb3IgKGNvbnN0IGNsaWVudCBvZiBjbGllbnRzKSB7XG4gICAgICBpZiAoY2xpZW50LnJlcy5kZXN0cm95ZWQpIHsgY2xpZW50cy5kZWxldGUoY2xpZW50KTsgY29udGludWU7IH1cbiAgICAgIGNsaWVudC5yZXMud3JpdGUoYGRhdGE6ICR7ZGF0YX1cXG5cXG5gKTtcbiAgICB9XG4gIH1cblxuICByZXR1cm4ge1xuICAgIHJvdXRlcixcbiAgICBvblNuYXBzaG90LFxuICAgIGNsaWVudENvdW50OiAoKSA9PiBjbGllbnRzLnNpemUsXG4gIH07XG59XG4iXX0=

package/dist/web/routes/permissionRoutes.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Permission evaluation HTTP routes and decision tracking.
+ *
+ * Provides:
+ * - POST /evaluate_permission — evaluates tool permissions via MCP-AQL
+ * - GET /permissions/status — returns current policies and recent decisions
+ * - Decision tracking ring buffer for the live dashboard feed
+ */
+import { Router } from 'express';
+import type { MCPAQLHandler } from '../../handlers/mcp-aql/MCPAQLHandler.js';
+/**
+ * Register permission-related routes on a gateway router.
+ * Must be called with the MCP-AQL handler for policy evaluation.
+ */
+export declare function registerPermissionRoutes(router: Router, handler: MCPAQLHandler): void;
+//# sourceMappingURL=permissionRoutes.d.ts.map

package/dist/web/routes/permissionRoutes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissionRoutes.d.ts","sourceRoot":"","sources":["../../../src/web/routes/permissionRoutes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAgB,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAE1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,yCAAyC,CAAC;AAkD7E;;;GAGG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,IAAI,CAiGrF"}

package/dist/web/routes/permissionRoutes.js

@@ -0,0 +1,133 @@
+/**
+ * Permission evaluation HTTP routes and decision tracking.
+ *
+ * Provides:
+ * - POST /evaluate_permission — evaluates tool permissions via MCP-AQL
+ * - GET /permissions/status — returns current policies and recent decisions
+ * - Decision tracking ring buffer for the live dashboard feed
+ */
+import express from 'express';
+import { logger } from '../../utils/logger.js';
+import { SlidingWindowRateLimiter } from '../../utils/SlidingWindowRateLimiter.js';
+const DECISION_BUFFER_SIZE = 200;
+const recentDecisions = [];
+let decisionCounter = 0;
+/** Extract a string field from a record, trying multiple keys in order */
+function extractString(obj, keys, fallback) {
+    for (const key of keys) {
+        const val = obj?.[key];
+        if (typeof val === 'string')
+            return val;
+    }
+    return fallback;
+}
+function trackDecision(toolName, input, result) {
+    const entry = {
+        id: `d-${++decisionCounter}`,
+        timestamp: new Date().toISOString(),
+        tool_name: toolName,
+        command: toolName === 'Bash' && typeof input?.command === 'string' ? input.command : undefined,
+        decision: extractString(result, ['decision', 'behavior'], 'unknown'),
+        reason: extractString(result, ['reason', 'message'], ''),
+    };
+    recentDecisions.unshift(entry);
+    if (recentDecisions.length > DECISION_BUFFER_SIZE) {
+        recentDecisions.length = DECISION_BUFFER_SIZE;
+    }
+}
+/** Helper to extract single result from MCP-AQL batch response */
+function asSingleResult(results) {
+    if (Array.isArray(results))
+        return results[0] || { success: false, error: 'Empty result' };
+    return results;
+}
+/**
+ * Register permission-related routes on a gateway router.
+ * Must be called with the MCP-AQL handler for policy evaluation.
+ */
+export function registerPermissionRoutes(router, handler) {
+    /**
+     * POST /api/evaluate_permission
+     * Permission evaluation endpoint for PreToolUse hooks.
+     * Routes through evaluate_permission MCP-AQL READ operation.
+     * Fail-open: returns allow on any error to avoid blocking the user.
+     */
+    const permissionLimiter = new SlidingWindowRateLimiter(120, 60_000);
+    router.post('/evaluate_permission', express.json(), async (req, res) => {
+        if (!permissionLimiter.tryAcquire()) {
+            res.json({ decision: 'allow' }); // fail open on rate limit
+            return;
+        }
+        const body = req.body;
+        // Unicode normalization (NFC) on string inputs to prevent homograph attacks
+        const tool_name = typeof body.tool_name === 'string' ? body.tool_name.normalize('NFC') : undefined;
+        const platform = typeof body.platform === 'string' ? body.platform.normalize('NFC') : undefined;
+        const input = body.input;
+        if (!tool_name) {
+            res.json({ decision: 'allow' }); // fail open on bad input
+            return;
+        }
+        try {
+            const opResult = asSingleResult(await handler.handleRead({
+                operation: 'evaluate_permission',
+                params: {
+                    tool_name,
+                    input: input || {},
+                    platform: platform || 'claude_code',
+                },
+            }));
+            if (!opResult.success) {
+                logger.warn(`[WebUI/Gateway] evaluate_permission failed: ${opResult.error}`);
+                res.json({ decision: 'allow' }); // fail open
+                return;
+            }
+            // Track decision for live dashboard feed
+            trackDecision(tool_name, input || {}, opResult.data);
+            res.json(opResult.data);
+        }
+        catch (err) {
+            logger.error('[WebUI/Gateway] evaluate_permission error:', err);
+            res.json({ decision: 'allow' }); // fail open
+        }
+    });
+    /**
+     * GET /api/permissions/status
+     * Returns current permission policies and recent decisions
+     * for the live permissions dashboard.
+     */
+    router.get('/permissions/status', async (_req, res) => {
+        try {
+            const opResult = asSingleResult(await handler.handleRead({
+                operation: 'get_effective_cli_policies',
+            }));
+            if (!opResult.success) {
+                res.status(500).json({ error: opResult.error || 'Failed to get policies' });
+                return;
+            }
+            const data = opResult.data;
+            // Extract confirm patterns from elements
+            const elements = (data.elements || []);
+            const confirmPatterns = [];
+            for (const el of elements) {
+                const confirm = el.confirmPatterns;
+                if (confirm?.length)
+                    confirmPatterns.push(...confirm);
+            }
+            res.json({
+                activeElementCount: data.activeElementCount,
+                hasAllowlist: data.hasAllowlist,
+                denyPatterns: data.combinedDenyPatterns,
+                allowPatterns: data.combinedAllowPatterns,
+                confirmPatterns,
+                elements,
+                permissionPromptActive: data.permissionPromptActive,
+                recentDecisions,
+            });
+        }
+        catch (err) {
+            logger.error('[WebUI/Gateway] permissions/status error:', err);
+            res.status(500).json({ error: 'Failed to get permission status' });
+        }
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVybWlzc2lvblJvdXRlcy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy93ZWIvcm91dGVzL3Blcm1pc3Npb25Sb3V0ZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUE7Ozs7Ozs7R0FPRztBQUVILE9BQU8sT0FBbUIsTUFBTSxTQUFTLENBQUM7QUFDMUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBRy9DLE9BQU8sRUFBRSx3QkFBd0IsRUFBRSxNQUFNLHlDQUF5QyxDQUFDO0FBY25GLE1BQU0sb0JBQW9CLEdBQUcsR0FBRyxDQUFDO0FBQ2pDLE1BQU0sZUFBZSxHQUF5QixFQUFFLENBQUM7QUFDakQsSUFBSSxlQUFlLEdBQUcsQ0FBQyxDQUFDO0FBRXhCLDBFQUEwRTtBQUMxRSxTQUFTLGFBQWEsQ0FBQyxHQUE0QixFQUFFLElBQWMsRUFBRSxRQUFnQjtJQUNuRixLQUFLLE1BQU0sR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sR0FBRyxHQUFHLEdBQUcsRUFBRSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3ZCLElBQUksT0FBTyxHQUFHLEtBQUssUUFBUTtZQUFFLE9BQU8sR0FBRyxDQUFDO0lBQzFDLENBQUM7SUFDRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQsU0FBUyxhQUFhLENBQUMsUUFBZ0IsRUFBRSxLQUE4QixFQUFFLE1BQStCO0lBQ3RHLE1BQU0sS0FBSyxHQUF1QjtRQUNoQyxFQUFFLEVBQUUsS0FBSyxFQUFFLGVBQWUsRUFBRTtRQUM1QixTQUFTLEVBQUUsSUFBSSxJQUFJLEVBQUUsQ0FBQyxXQUFXLEVBQUU7UUFDbkMsU0FBUyxFQUFFLFFBQVE7UUFDbkIsT0FBTyxFQUFFLFFBQVEsS0FBSyxNQUFNLElBQUksT0FBTyxLQUFLLEVBQUUsT0FBTyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsU0FBUztRQUM5RixRQUFRLEVBQUUsYUFBYSxDQUFDLE1BQU0sRUFBRSxDQUFDLFVBQVUsRUFBRSxVQUFVLENBQUMsRUFBRSxTQUFTLENBQUM7UUFDcEUsTUFBTSxFQUFFLGFBQWEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEVBQUUsRUFBRSxDQUFDO0tBQ3pELENBQUM7SUFDRixlQUFlLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQy9CLElBQUksZUFBZSxDQUFDLE1BQU0sR0FBRyxvQkFBb0IsRUFBRSxDQUFDO1FBQ2xELGVBQWUsQ0FBQyxNQUFNLEdBQUcsb0JBQW9CLENBQUM7SUFDaEQsQ0FBQztBQUNILENBQUM7QUFFRCxrRUFBa0U7QUFDbEUsU0FBUyxjQUFjLENBQUMsT0FBZ0I7SUFDdEMsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQztRQUFFLE9BQU8sT0FBTyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxLQUFLLEVBQUUsY0FBYyxFQUFFLENBQUM7SUFDM0YsT0FBTyxPQUErRCxDQUFDO0FBQ3pFLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxNQUFNLFVBQVUsd0JBQXdCLENBQUMsTUFBYyxFQUFFLE9BQXNCO0lBQzdFOzs7OztPQUtHO0lBQ0gsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLHdCQUF3QixDQUFDLEdBQUcsRUFBRSxNQUFNLENBQUMsQ0FBQztJQUNwRSxNQUFNLENBQUMsSUFBSSxDQUFDLHNCQUFzQixFQUFFLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxLQUFLLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFO1FBQ3JFLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxVQUFVLEVBQUUsRUFBRSxDQUFDO1lBQ3BDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDLDBCQUEwQjtZQUMzRCxPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sSUFBSSxHQUFHLEdBQUcsQ0FBQyxJQUloQixDQUFDO1FBRUYsNEVBQTRFO1FBQzVFLE1BQU0sU0FBUyxHQUFHLE9BQU8sSUFBSSxDQUFDLFNBQVMsS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFDbkcsTUFBTSxRQUFRLEdBQUcsT0FBTyxJQUFJLENBQUMsUUFBUSxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUNoRyxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDO1FBRXpCLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNmLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDLHlCQUF5QjtZQUMxRCxPQUFPO1FBQ1QsQ0FBQztRQUVELElBQUksQ0FBQztZQUNILE1BQU0sUUFBUSxHQUFHLGNBQWMsQ0FBQyxNQUFNLE9BQU8sQ0FBQyxVQUFVLENBQUM7Z0JBQ3ZELFNBQVMsRUFBRSxxQkFBcUI7Z0JBQ2hDLE1BQU0sRUFBRTtvQkFDTixTQUFTO29CQUNULEtBQUssRUFBRSxLQUFLLElBQUksRUFBRTtvQkFDbEIsUUFBUSxFQUFFLFFBQVEsSUFBSSxhQUFhO2lCQUNwQzthQUNGLENBQUMsQ0FBQyxDQUFDO1lBRUosSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDdEIsTUFBTSxDQUFDLElBQUksQ0FBQywrQ0FBK0MsUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUM7Z0JBQzdFLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDLFlBQVk7Z0JBQzdDLE9BQU87WUFDVCxDQUFDO1lBRUQseUNBQXlDO1lBQ3pDLGFBQWEsQ0FBQyxTQUFTLEVBQUUsS0FBSyxJQUFJLEVBQUUsRUFBRSxRQUFRLENBQUMsSUFBK0IsQ0FBQyxDQUFDO1lBRWhGLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzFCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsTUFBTSxDQUFDLEtBQUssQ0FBQyw0Q0FBNEMsRUFBRSxHQUFHLENBQUMsQ0FBQztZQUNoRSxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsUUFBUSxFQUFFLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQyxZQUFZO1FBQy9DLENBQUM7SUFDSCxDQUFDLENBQUMsQ0FBQztJQUVIOzs7O09BSUc7SUFDSCxNQUFNLENBQUMsR0FBRyxDQUFDLHFCQUFxQixFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLEVBQUU7UUFDcEQsSUFBSSxDQUFDO1lBQ0gsTUFBTSxRQUFRLEdBQUcsY0FBYyxDQUFDLE1BQU0sT0FBTyxDQUFDLFVBQVUsQ0FBQztnQkFDdkQsU0FBUyxFQUFFLDRCQUE0QjthQUN4QyxDQUFDLENBQUMsQ0FBQztZQUVKLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ3RCLEdBQUcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsS0FBSyxFQUFFLFFBQVEsQ0FBQyxLQUFLLElBQUksd0JBQXdCLEVBQUUsQ0FBQyxDQUFDO2dCQUM1RSxPQUFPO1lBQ1QsQ0FBQztZQUVELE1BQU0sSUFBSSxHQUFHLFFBQVEsQ0FBQyxJQUErQixDQUFDO1lBRXRELHlDQUF5QztZQUN6QyxNQUFNLFFBQVEsR0FBRyxDQUFDLElBQUksQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFtQyxDQUFDO1lBQ3pFLE1BQU0sZUFBZSxHQUFhLEVBQUUsQ0FBQztZQUNyQyxLQUFLLE1BQU0sRUFBRSxJQUFJLFFBQVEsRUFBRSxDQUFDO2dCQUMxQixNQUFNLE9BQU8sR0FBRyxFQUFFLENBQUMsZUFBdUMsQ0FBQztnQkFDM0QsSUFBSSxPQUFPLEVBQUUsTUFBTTtvQkFBRSxlQUFlLENBQUMsSUFBSSxDQUFDLEdBQUcsT0FBTyxDQUFDLENBQUM7WUFDeEQsQ0FBQztZQUVELEdBQUcsQ0FBQyxJQUFJLENBQUM7Z0JBQ1Asa0JBQWtCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQjtnQkFDM0MsWUFBWSxFQUFFLElBQUksQ0FBQyxZQUFZO2dCQUMvQixZQUFZLEVBQUUsSUFBSSxDQUFDLG9CQUFvQjtnQkFDdkMsYUFBYSxFQUFFLElBQUksQ0FBQyxxQkFBcUI7Z0JBQ3pDLGVBQWU7Z0JBQ2YsUUFBUTtnQkFDUixzQkFBc0IsRUFBRSxJQUFJLENBQUMsc0JBQXNCO2dCQUNuRCxlQUFlO2FBQ2hCLENBQUMsQ0FBQztRQUNMLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ2IsTUFBTSxDQUFDLEtBQUssQ0FBQywyQ0FBMkMsRUFBRSxHQUFHLENBQUMsQ0FBQztZQUMvRCxHQUFHLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLEtBQUssRUFBRSxpQ0FBaUMsRUFBRSxDQUFDLENBQUM7UUFDckUsQ0FBQztJQUNILENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogUGVybWlzc2lvbiBldmFsdWF0aW9uIEhUVFAgcm91dGVzIGFuZCBkZWNpc2lvbiB0cmFja2luZy5cbiAqXG4gKiBQcm92aWRlczpcbiAqIC0gUE9TVCAvZXZhbHVhdGVfcGVybWlzc2lvbiDigJQgZXZhbHVhdGVzIHRvb2wgcGVybWlzc2lvbnMgdmlhIE1DUC1BUUxcbiAqIC0gR0VUIC9wZXJtaXNzaW9ucy9zdGF0dXMg4oCUIHJldHVybnMgY3VycmVudCBwb2xpY2llcyBhbmQgcmVjZW50IGRlY2lzaW9uc1xuICogLSBEZWNpc2lvbiB0cmFja2luZyByaW5nIGJ1ZmZlciBmb3IgdGhlIGxpdmUgZGFzaGJvYXJkIGZlZWRcbiAqL1xuXG5pbXBvcnQgZXhwcmVzcywgeyBSb3V0ZXIgfSBmcm9tICdleHByZXNzJztcbmltcG9ydCB7IGxvZ2dlciB9IGZyb20gJy4uLy4uL3V0aWxzL2xvZ2dlci5qcyc7XG5pbXBvcnQgdHlwZSB7IE1DUEFRTEhhbmRsZXIgfSBmcm9tICcuLi8uLi9oYW5kbGVycy9tY3AtYXFsL01DUEFRTEhhbmRsZXIuanMnO1xuXG5pbXBvcnQgeyBTbGlkaW5nV2luZG93UmF0ZUxpbWl0ZXIgfSBmcm9tICcuLi8uLi91dGlscy9TbGlkaW5nV2luZG93UmF0ZUxpbWl0ZXIuanMnO1xuXG4vLyDilIDilIAgUGVybWlzc2lvbiBEZWNpc2lvbiBUcmFja2luZyDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIDilIBcbi8vIFJpbmcgYnVmZmVyIG9mIHJlY2VudCBwZXJtaXNzaW9uIGRlY2lzaW9ucyBmb3IgdGhlIGxpdmUgZGFzaGJvYXJkIGZlZWQuXG5cbmludGVyZmFjZSBQZXJtaXNzaW9uRGVjaXNpb24ge1xuICBpZDogc3RyaW5nO1xuICB0aW1lc3RhbXA6IHN0cmluZztcbiAgdG9vbF9uYW1lOiBzdHJpbmc7XG4gIGNvbW1hbmQ/OiBzdHJpbmc7XG4gIGRlY2lzaW9uOiBzdHJpbmc7XG4gIHJlYXNvbj86IHN0cmluZztcbn1cblxuY29uc3QgREVDSVNJT05fQlVGRkVSX1NJWkUgPSAyMDA7XG5jb25zdCByZWNlbnREZWNpc2lvbnM6IFBlcm1pc3Npb25EZWNpc2lvbltdID0gW107XG5sZXQgZGVjaXNpb25Db3VudGVyID0gMDtcblxuLyoqIEV4dHJhY3QgYSBzdHJpbmcgZmllbGQgZnJvbSBhIHJlY29yZCwgdHJ5aW5nIG11bHRpcGxlIGtleXMgaW4gb3JkZXIgKi9cbmZ1bmN0aW9uIGV4dHJhY3RTdHJpbmcob2JqOiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPiwga2V5czogc3RyaW5nW10sIGZhbGxiYWNrOiBzdHJpbmcpOiBzdHJpbmcge1xuICBmb3IgKGNvbnN0IGtleSBvZiBrZXlzKSB7XG4gICAgY29uc3QgdmFsID0gb2JqPy5ba2V5XTtcbiAgICBpZiAodHlwZW9mIHZhbCA9PT0gJ3N0cmluZycpIHJldHVybiB2YWw7XG4gIH1cbiAgcmV0dXJuIGZhbGxiYWNrO1xufVxuXG5mdW5jdGlvbiB0cmFja0RlY2lzaW9uKHRvb2xOYW1lOiBzdHJpbmcsIGlucHV0OiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPiwgcmVzdWx0OiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPik6IHZvaWQge1xuICBjb25zdCBlbnRyeTogUGVybWlzc2lvbkRlY2lzaW9uID0ge1xuICAgIGlkOiBgZC0keysrZGVjaXNpb25Db3VudGVyfWAsXG4gICAgdGltZXN0YW1wOiBuZXcgRGF0ZSgpLnRvSVNPU3RyaW5nKCksXG4gICAgdG9vbF9uYW1lOiB0b29sTmFtZSxcbiAgICBjb21tYW5kOiB0b29sTmFtZSA9PT0gJ0Jhc2gnICYmIHR5cGVvZiBpbnB1dD8uY29tbWFuZCA9PT0gJ3N0cmluZycgPyBpbnB1dC5jb21tYW5kIDogdW5kZWZpbmVkLFxuICAgIGRlY2lzaW9uOiBleHRyYWN0U3RyaW5nKHJlc3VsdCwgWydkZWNpc2lvbicsICdiZWhhdmlvciddLCAndW5rbm93bicpLFxuICAgIHJlYXNvbjogZXh0cmFjdFN0cmluZyhyZXN1bHQsIFsncmVhc29uJywgJ21lc3NhZ2UnXSwgJycpLFxuICB9O1xuICByZWNlbnREZWNpc2lvbnMudW5zaGlmdChlbnRyeSk7XG4gIGlmIChyZWNlbnREZWNpc2lvbnMubGVuZ3RoID4gREVDSVNJT05fQlVGRkVSX1NJWkUpIHtcbiAgICByZWNlbnREZWNpc2lvbnMubGVuZ3RoID0gREVDSVNJT05fQlVGRkVSX1NJWkU7XG4gIH1cbn1cblxuLyoqIEhlbHBlciB0byBleHRyYWN0IHNpbmdsZSByZXN1bHQgZnJvbSBNQ1AtQVFMIGJhdGNoIHJlc3BvbnNlICovXG5mdW5jdGlvbiBhc1NpbmdsZVJlc3VsdChyZXN1bHRzOiB1bmtub3duKTogeyBzdWNjZXNzOiBib29sZWFuOyBkYXRhPzogdW5rbm93bjsgZXJyb3I/OiBzdHJpbmcgfSB7XG4gIGlmIChBcnJheS5pc0FycmF5KHJlc3VsdHMpKSByZXR1cm4gcmVzdWx0c1swXSB8fCB7IHN1Y2Nlc3M6IGZhbHNlLCBlcnJvcjogJ0VtcHR5IHJlc3VsdCcgfTtcbiAgcmV0dXJuIHJlc3VsdHMgYXMgeyBzdWNjZXNzOiBib29sZWFuOyBkYXRhPzogdW5rbm93bjsgZXJyb3I/OiBzdHJpbmcgfTtcbn1cblxuLyoqXG4gKiBSZWdpc3RlciBwZXJtaXNzaW9uLXJlbGF0ZWQgcm91dGVzIG9uIGEgZ2F0ZXdheSByb3V0ZXIuXG4gKiBNdXN0IGJlIGNhbGxlZCB3aXRoIHRoZSBNQ1AtQVFMIGhhbmRsZXIgZm9yIHBvbGljeSBldmFsdWF0aW9uLlxuICovXG5leHBvcnQgZnVuY3Rpb24gcmVnaXN0ZXJQZXJtaXNzaW9uUm91dGVzKHJvdXRlcjogUm91dGVyLCBoYW5kbGVyOiBNQ1BBUUxIYW5kbGVyKTogdm9pZCB7XG4gIC8qKlxuICAgKiBQT1NUIC9hcGkvZXZhbHVhdGVfcGVybWlzc2lvblxuICAgKiBQZXJtaXNzaW9uIGV2YWx1YXRpb24gZW5kcG9pbnQgZm9yIFByZVRvb2xVc2UgaG9va3MuXG4gICAqIFJvdXRlcyB0aHJvdWdoIGV2YWx1YXRlX3Blcm1pc3Npb24gTUNQLUFRTCBSRUFEIG9wZXJhdGlvbi5cbiAgICogRmFpbC1vcGVuOiByZXR1cm5zIGFsbG93IG9uIGFueSBlcnJvciB0byBhdm9pZCBibG9ja2luZyB0aGUgdXNlci5cbiAgICovXG4gIGNvbnN0IHBlcm1pc3Npb25MaW1pdGVyID0gbmV3IFNsaWRpbmdXaW5kb3dSYXRlTGltaXRlcigxMjAsIDYwXzAwMCk7XG4gIHJvdXRlci5wb3N0KCcvZXZhbHVhdGVfcGVybWlzc2lvbicsIGV4cHJlc3MuanNvbigpLCBhc3luYyAocmVxLCByZXMpID0+IHtcbiAgICBpZiAoIXBlcm1pc3Npb25MaW1pdGVyLnRyeUFjcXVpcmUoKSkge1xuICAgICAgcmVzLmpzb24oeyBkZWNpc2lvbjogJ2FsbG93JyB9KTsgLy8gZmFpbCBvcGVuIG9uIHJhdGUgbGltaXRcbiAgICAgIHJldHVybjtcbiAgICB9XG5cbiAgICBjb25zdCBib2R5ID0gcmVxLmJvZHkgYXMge1xuICAgICAgdG9vbF9uYW1lPzogc3RyaW5nO1xuICAgICAgaW5wdXQ/OiBSZWNvcmQ8c3RyaW5nLCB1bmtub3duPjtcbiAgICAgIHBsYXRmb3JtPzogc3RyaW5nO1xuICAgIH07XG5cbiAgICAvLyBVbmljb2RlIG5vcm1hbGl6YXRpb24gKE5GQykgb24gc3RyaW5nIGlucHV0cyB0byBwcmV2ZW50IGhvbW9ncmFwaCBhdHRhY2tzXG4gICAgY29uc3QgdG9vbF9uYW1lID0gdHlwZW9mIGJvZHkudG9vbF9uYW1lID09PSAnc3RyaW5nJyA/IGJvZHkudG9vbF9uYW1lLm5vcm1hbGl6ZSgnTkZDJykgOiB1bmRlZmluZWQ7XG4gICAgY29uc3QgcGxhdGZvcm0gPSB0eXBlb2YgYm9keS5wbGF0Zm9ybSA9PT0gJ3N0cmluZycgPyBib2R5LnBsYXRmb3JtLm5vcm1hbGl6ZSgnTkZDJykgOiB1bmRlZmluZWQ7XG4gICAgY29uc3QgaW5wdXQgPSBib2R5LmlucHV0O1xuXG4gICAgaWYgKCF0b29sX25hbWUpIHtcbiAgICAgIHJlcy5qc29uKHsgZGVjaXNpb246ICdhbGxvdycgfSk7IC8vIGZhaWwgb3BlbiBvbiBiYWQgaW5wdXRcbiAgICAgIHJldHVybjtcbiAgICB9XG5cbiAgICB0cnkge1xuICAgICAgY29uc3Qgb3BSZXN1bHQgPSBhc1NpbmdsZVJlc3VsdChhd2FpdCBoYW5kbGVyLmhhbmRsZVJlYWQoe1xuICAgICAgICBvcGVyYXRpb246ICdldmFsdWF0ZV9wZXJtaXNzaW9uJyxcbiAgICAgICAgcGFyYW1zOiB7XG4gICAgICAgICAgdG9vbF9uYW1lLFxuICAgICAgICAgIGlucHV0OiBpbnB1dCB8fCB7fSxcbiAgICAgICAgICBwbGF0Zm9ybTogcGxhdGZvcm0gfHwgJ2NsYXVkZV9jb2RlJyxcbiAgICAgICAgfSxcbiAgICAgIH0pKTtcblxuICAgICAgaWYgKCFvcFJlc3VsdC5zdWNjZXNzKSB7XG4gICAgICAgIGxvZ2dlci53YXJuKGBbV2ViVUkvR2F0ZXdheV0gZXZhbHVhdGVfcGVybWlzc2lvbiBmYWlsZWQ6ICR7b3BSZXN1bHQuZXJyb3J9YCk7XG4gICAgICAgIHJlcy5qc29uKHsgZGVjaXNpb246ICdhbGxvdycgfSk7IC8vIGZhaWwgb3BlblxuICAgICAgICByZXR1cm47XG4gICAgICB9XG5cbiAgICAgIC8vIFRyYWNrIGRlY2lzaW9uIGZvciBsaXZlIGRhc2hib2FyZCBmZWVkXG4gICAgICB0cmFja0RlY2lzaW9uKHRvb2xfbmFtZSwgaW5wdXQgfHwge30sIG9wUmVzdWx0LmRhdGEgYXMgUmVjb3JkPHN0cmluZywgdW5rbm93bj4pO1xuXG4gICAgICByZXMuanNvbihvcFJlc3VsdC5kYXRhKTtcbiAgICB9IGNhdGNoIChlcnIpIHtcbiAgICAgIGxvZ2dlci5lcnJvcignW1dlYlVJL0dhdGV3YXldIGV2YWx1YXRlX3Blcm1pc3Npb24gZXJyb3I6JywgZXJyKTtcbiAgICAgIHJlcy5qc29uKHsgZGVjaXNpb246ICdhbGxvdycgfSk7IC8vIGZhaWwgb3BlblxuICAgIH1cbiAgfSk7XG5cbiAgLyoqXG4gICAqIEdFVCAvYXBpL3Blcm1pc3Npb25zL3N0YXR1c1xuICAgKiBSZXR1cm5zIGN1cnJlbnQgcGVybWlzc2lvbiBwb2xpY2llcyBhbmQgcmVjZW50IGRlY2lzaW9uc1xuICAgKiBmb3IgdGhlIGxpdmUgcGVybWlzc2lvbnMgZGFzaGJvYXJkLlxuICAgKi9cbiAgcm91dGVyLmdldCgnL3Blcm1pc3Npb25zL3N0YXR1cycsIGFzeW5jIChfcmVxLCByZXMpID0+IHtcbiAgICB0cnkge1xuICAgICAgY29uc3Qgb3BSZXN1bHQgPSBhc1NpbmdsZVJlc3VsdChhd2FpdCBoYW5kbGVyLmhhbmRsZVJlYWQoe1xuICAgICAgICBvcGVyYXRpb246ICdnZXRfZWZmZWN0aXZlX2NsaV9wb2xpY2llcycsXG4gICAgICB9KSk7XG5cbiAgICAgIGlmICghb3BSZXN1bHQuc3VjY2Vzcykge1xuICAgICAgICByZXMuc3RhdHVzKDUwMCkuanNvbih7IGVycm9yOiBvcFJlc3VsdC5lcnJvciB8fCAnRmFpbGVkIHRvIGdldCBwb2xpY2llcycgfSk7XG4gICAgICAgIHJldHVybjtcbiAgICAgIH1cblxuICAgICAgY29uc3QgZGF0YSA9IG9wUmVzdWx0LmRhdGEgYXMgUmVjb3JkPHN0cmluZywgdW5rbm93bj47XG5cbiAgICAgIC8vIEV4dHJhY3QgY29uZmlybSBwYXR0ZXJucyBmcm9tIGVsZW1lbnRzXG4gICAgICBjb25zdCBlbGVtZW50cyA9IChkYXRhLmVsZW1lbnRzIHx8IFtdKSBhcyBBcnJheTxSZWNvcmQ8c3RyaW5nLCB1bmtub3duPj47XG4gICAgICBjb25zdCBjb25maXJtUGF0dGVybnM6IHN0cmluZ1tdID0gW107XG4gICAgICBmb3IgKGNvbnN0IGVsIG9mIGVsZW1lbnRzKSB7XG4gICAgICAgIGNvbnN0IGNvbmZpcm0gPSBlbC5jb25maXJtUGF0dGVybnMgYXMgc3RyaW5nW10gfCB1bmRlZmluZWQ7XG4gICAgICAgIGlmIChjb25maXJtPy5sZW5ndGgpIGNvbmZpcm1QYXR0ZXJucy5wdXNoKC4uLmNvbmZpcm0pO1xuICAgICAgfVxuXG4gICAgICByZXMuanNvbih7XG4gICAgICAgIGFjdGl2ZUVsZW1lbnRDb3VudDogZGF0YS5hY3RpdmVFbGVtZW50Q291bnQsXG4gICAgICAgIGhhc0FsbG93bGlzdDogZGF0YS5oYXNBbGxvd2xpc3QsXG4gICAgICAgIGRlbnlQYXR0ZXJuczogZGF0YS5jb21iaW5lZERlbnlQYXR0ZXJucyxcbiAgICAgICAgYWxsb3dQYXR0ZXJuczogZGF0YS5jb21iaW5lZEFsbG93UGF0dGVybnMsXG4gICAgICAgIGNvbmZpcm1QYXR0ZXJucyxcbiAgICAgICAgZWxlbWVudHMsXG4gICAgICAgIHBlcm1pc3Npb25Qcm9tcHRBY3RpdmU6IGRhdGEucGVybWlzc2lvblByb21wdEFjdGl2ZSxcbiAgICAgICAgcmVjZW50RGVjaXNpb25zLFxuICAgICAgfSk7XG4gICAgfSBjYXRjaCAoZXJyKSB7XG4gICAgICBsb2dnZXIuZXJyb3IoJ1tXZWJVSS9HYXRld2F5XSBwZXJtaXNzaW9ucy9zdGF0dXMgZXJyb3I6JywgZXJyKTtcbiAgICAgIHJlcy5zdGF0dXMoNTAwKS5qc29uKHsgZXJyb3I6ICdGYWlsZWQgdG8gZ2V0IHBlcm1pc3Npb24gc3RhdHVzJyB9KTtcbiAgICB9XG4gIH0pO1xufVxuIl19

package/dist/web/routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/web/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAgB,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAK1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AA6E1E,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAsa5D;AA0BD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CA2P3F"}
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/web/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAgB,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAM1C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAgd1E,wBAAgB,eAAe,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAiJ5D;AAqBD;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CA0H3F"}