@eidentic/server 0.1.0

package/dist/index.cjs

@@ -0,0 +1,2669 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// ../../node_modules/.pnpm/@hono+node-server@2.0.4_hono@4.12.23/node_modules/@hono/node-server/dist/constants-BLSFu_RU.mjs
+var X_ALREADY_SENT;
+var init_constants_BLSFu_RU = __esm({
+  "../../node_modules/.pnpm/@hono+node-server@2.0.4_hono@4.12.23/node_modules/@hono/node-server/dist/constants-BLSFu_RU.mjs"() {
+    "use strict";
+    X_ALREADY_SENT = "x-hono-already-sent";
+  }
+});
+
+// ../../node_modules/.pnpm/@hono+node-server@2.0.4_hono@4.12.23/node_modules/@hono/node-server/dist/index.mjs
+var dist_exports = {};
+__export(dist_exports, {
+  RequestError: () => RequestError,
+  createAdaptorServer: () => createAdaptorServer,
+  getRequestListener: () => getRequestListener,
+  serve: () => serve,
+  upgradeWebSocket: () => upgradeWebSocket
+});
+async function readWithoutBlocking(readPromise) {
+  return Promise.race([readPromise, Promise.resolve().then(() => Promise.resolve(void 0))]);
+}
+function writeFromReadableStreamDefaultReader(reader, writable, currentReadPromise) {
+  const cancel = (error) => {
+    reader.cancel(error).catch(() => {
+    });
+  };
+  writable.on("close", cancel);
+  writable.on("error", cancel);
+  (currentReadPromise ?? reader.read()).then(flow, handleStreamError);
+  return reader.closed.finally(() => {
+    writable.off("close", cancel);
+    writable.off("error", cancel);
+  });
+  function handleStreamError(error) {
+    if (error) writable.destroy(error);
+  }
+  function onDrain() {
+    reader.read().then(flow, handleStreamError);
+  }
+  function flow({ done, value }) {
+    try {
+      if (done) writable.end();
+      else if (!writable.write(value)) writable.once("drain", onDrain);
+      else return reader.read().then(flow, handleStreamError);
+    } catch (e) {
+      handleStreamError(e);
+    }
+  }
+}
+function writeFromReadableStream(stream, writable) {
+  if (stream.locked) throw new TypeError("ReadableStream is locked.");
+  else if (writable.destroyed) return;
+  return writeFromReadableStreamDefaultReader(stream.getReader(), writable);
+}
+var import_node_http, import_node_http2, import_node_stream, import_ws, RequestError, reValidRequestUrl, reDotSegment, reValidHost, buildUrl, toRequestError, GlobalRequest, Request$1, newHeadersFromIncoming, wrapBodyStream, newRequestFromIncoming, getRequestCache, requestCache, incomingKey, urlKey, methodKey, headersKey, abortControllerKey, getAbortController, abortRequest, bodyBufferKey, bodyReadPromiseKey, bodyConsumedDirectlyKey, bodyLockReaderKey, abortReasonKey, newBodyUnusableError, rejectBodyUnusable, textDecoder, consumeBodyDirectOnce, toArrayBuffer, contentType, methodTokenRegExp, normalizeIncomingMethod, validateDirectReadMethod, readBodyWithFastPath, readRawBodyIfAvailable, readBodyDirect, requestPrototype, newRequest, defaultContentType, responseCache, getResponseCache, cacheKey, GlobalResponse, Response$1, validRedirectUrl, parseRedirectUrl, validRedirectStatuses, buildOutgoingHttpHeaders, outgoingEnded, incomingDraining, DRAIN_TIMEOUT_MS, MAX_DRAIN_BYTES, drainIncoming, makeCloseHandler, isImmediateCacheableResponse, handleRequestError, handleFetchError, handleResponseError, flushHeaders, responseViaCache, isPromise, responseViaResponseObject, getRequestListener, CloseEvent, generateConnectionSymbol, CONNECTION_SYMBOL_KEY, WAIT_FOR_WEBSOCKET_SYMBOL, responseHeadersToSkip, appendResponseHeaders, rejectUpgradeRequest, createUpgradeRequest, setupWebSocket, upgradeWebSocket, createAdaptorServer, serve;
+var init_dist = __esm({
+  "../../node_modules/.pnpm/@hono+node-server@2.0.4_hono@4.12.23/node_modules/@hono/node-server/dist/index.mjs"() {
+    "use strict";
+    init_constants_BLSFu_RU();
+    import_node_http = require("node:http");
+    import_node_http2 = require("node:http2");
+    import_node_stream = require("node:stream");
+    import_ws = require("hono/ws");
+    RequestError = class extends Error {
+      constructor(message, options) {
+        super(message, options);
+        this.name = "RequestError";
+      }
+    };
+    reValidRequestUrl = /^\/[!#$&-;=?-\[\]_a-z~]*$/;
+    reDotSegment = /\/\.\.?(?:[/?#]|$)/;
+    reValidHost = /^[a-z0-9._-]+(?::(?:[1-5]\d{3,4}|[6-9]\d{3}))?$/;
+    buildUrl = (scheme, host, incomingUrl) => {
+      const url = `${scheme}://${host}${incomingUrl}`;
+      if (!reValidHost.test(host)) {
+        const urlObj = new URL(url);
+        if (urlObj.hostname.length !== host.length && urlObj.hostname !== (host.includes(":") ? host.replace(/:\d+$/, "") : host).toLowerCase()) throw new RequestError("Invalid host header");
+        return urlObj.href;
+      } else if (incomingUrl.length === 0) return url + "/";
+      else {
+        if (incomingUrl.charCodeAt(0) !== 47) throw new RequestError("Invalid URL");
+        if (!reValidRequestUrl.test(incomingUrl) || reDotSegment.test(incomingUrl)) return new URL(url).href;
+        return url;
+      }
+    };
+    toRequestError = (e) => {
+      if (e instanceof RequestError) return e;
+      return new RequestError(e.message, { cause: e });
+    };
+    GlobalRequest = global.Request;
+    Request$1 = class extends GlobalRequest {
+      constructor(input, options) {
+        if (typeof input === "object" && getRequestCache in input) {
+          const hasReplacementBody = options !== void 0 && "body" in options && options.body != null;
+          if (input[bodyConsumedDirectlyKey] && !hasReplacementBody) throw new TypeError("Cannot construct a Request with a Request object that has already been used.");
+          input = input[getRequestCache]();
+        }
+        if (typeof options?.body?.getReader !== "undefined") options.duplex ??= "half";
+        super(input, options);
+      }
+    };
+    newHeadersFromIncoming = (incoming) => {
+      const headerRecord = [];
+      const rawHeaders = incoming.rawHeaders;
+      for (let i = 0, len = rawHeaders.length; i < len; i += 2) {
+        const key = rawHeaders[i];
+        if (key.charCodeAt(0) !== 58) headerRecord.push([key, rawHeaders[i + 1]]);
+      }
+      return new Headers(headerRecord);
+    };
+    wrapBodyStream = /* @__PURE__ */ Symbol("wrapBodyStream");
+    newRequestFromIncoming = (method, url, headers, incoming, abortController) => {
+      const init = {
+        method,
+        headers,
+        signal: abortController.signal
+      };
+      if (method === "TRACE") {
+        init.method = "GET";
+        const req = new Request$1(url, init);
+        Object.defineProperty(req, "method", { get() {
+          return "TRACE";
+        } });
+        return req;
+      }
+      if (!(method === "GET" || method === "HEAD")) if ("rawBody" in incoming && incoming.rawBody instanceof Buffer) init.body = new ReadableStream({ start(controller) {
+        controller.enqueue(incoming.rawBody);
+        controller.close();
+      } });
+      else if (incoming[wrapBodyStream]) {
+        let reader;
+        init.body = new ReadableStream({ async pull(controller) {
+          try {
+            reader ||= import_node_stream.Readable.toWeb(incoming).getReader();
+            const { done, value } = await reader.read();
+            if (done) controller.close();
+            else controller.enqueue(value);
+          } catch (error) {
+            controller.error(error);
+          }
+        } });
+      } else init.body = import_node_stream.Readable.toWeb(incoming);
+      return new Request$1(url, init);
+    };
+    getRequestCache = /* @__PURE__ */ Symbol("getRequestCache");
+    requestCache = /* @__PURE__ */ Symbol("requestCache");
+    incomingKey = /* @__PURE__ */ Symbol("incomingKey");
+    urlKey = /* @__PURE__ */ Symbol("urlKey");
+    methodKey = /* @__PURE__ */ Symbol("methodKey");
+    headersKey = /* @__PURE__ */ Symbol("headersKey");
+    abortControllerKey = /* @__PURE__ */ Symbol("abortControllerKey");
+    getAbortController = /* @__PURE__ */ Symbol("getAbortController");
+    abortRequest = /* @__PURE__ */ Symbol("abortRequest");
+    bodyBufferKey = /* @__PURE__ */ Symbol("bodyBuffer");
+    bodyReadPromiseKey = /* @__PURE__ */ Symbol("bodyReadPromise");
+    bodyConsumedDirectlyKey = /* @__PURE__ */ Symbol("bodyConsumedDirectly");
+    bodyLockReaderKey = /* @__PURE__ */ Symbol("bodyLockReader");
+    abortReasonKey = /* @__PURE__ */ Symbol("abortReason");
+    newBodyUnusableError = () => {
+      return /* @__PURE__ */ new TypeError("Body is unusable");
+    };
+    rejectBodyUnusable = () => {
+      return Promise.reject(newBodyUnusableError());
+    };
+    textDecoder = new TextDecoder();
+    consumeBodyDirectOnce = (request) => {
+      if (request[bodyConsumedDirectlyKey]) return rejectBodyUnusable();
+      request[bodyConsumedDirectlyKey] = true;
+    };
+    toArrayBuffer = (buf) => {
+      return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
+    };
+    contentType = (request) => {
+      return (request[headersKey] ||= newHeadersFromIncoming(request[incomingKey])).get("content-type") || "";
+    };
+    methodTokenRegExp = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/;
+    normalizeIncomingMethod = (method) => {
+      if (typeof method !== "string" || method.length === 0) return "GET";
+      switch (method) {
+        case "DELETE":
+        case "GET":
+        case "HEAD":
+        case "OPTIONS":
+        case "POST":
+        case "PUT":
+          return method;
+      }
+      const upper = method.toUpperCase();
+      switch (upper) {
+        case "DELETE":
+        case "GET":
+        case "HEAD":
+        case "OPTIONS":
+        case "POST":
+        case "PUT":
+          return upper;
+        default:
+          return method;
+      }
+    };
+    validateDirectReadMethod = (method) => {
+      if (!methodTokenRegExp.test(method)) return /* @__PURE__ */ new TypeError(`'${method}' is not a valid HTTP method.`);
+      const normalized = method.toUpperCase();
+      if (normalized === "CONNECT" || normalized === "TRACK" || normalized === "TRACE" && method !== "TRACE") return /* @__PURE__ */ new TypeError(`'${method}' HTTP method is unsupported.`);
+    };
+    readBodyWithFastPath = (request, method, fromBuffer) => {
+      if (request[bodyConsumedDirectlyKey]) return rejectBodyUnusable();
+      const methodName = request.method;
+      if (methodName === "GET" || methodName === "HEAD") return request[getRequestCache]()[method]();
+      const methodValidationError = validateDirectReadMethod(methodName);
+      if (methodValidationError) return Promise.reject(methodValidationError);
+      if (request[requestCache]) {
+        if (methodName !== "TRACE") return request[requestCache][method]();
+      }
+      const alreadyUsedError = consumeBodyDirectOnce(request);
+      if (alreadyUsedError) return alreadyUsedError;
+      const raw = readRawBodyIfAvailable(request);
+      if (raw) {
+        const result = Promise.resolve(fromBuffer(raw, request));
+        request[bodyBufferKey] = void 0;
+        return result;
+      }
+      return readBodyDirect(request).then((buf) => {
+        const result = fromBuffer(buf, request);
+        request[bodyBufferKey] = void 0;
+        return result;
+      });
+    };
+    readRawBodyIfAvailable = (request) => {
+      const incoming = request[incomingKey];
+      if ("rawBody" in incoming && incoming.rawBody instanceof Buffer) return incoming.rawBody;
+    };
+    readBodyDirect = (request) => {
+      if (request[bodyBufferKey]) return Promise.resolve(request[bodyBufferKey]);
+      if (request[bodyReadPromiseKey]) return request[bodyReadPromiseKey];
+      const incoming = request[incomingKey];
+      if (import_node_stream.Readable.isDisturbed(incoming)) return rejectBodyUnusable();
+      const promise = new Promise((resolve, reject) => {
+        const chunks = [];
+        let settled = false;
+        const finish = (callback) => {
+          if (settled) return;
+          settled = true;
+          cleanup();
+          callback();
+        };
+        const onData = (chunk) => {
+          chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+        };
+        const onEnd = () => {
+          finish(() => {
+            const buffer = chunks.length === 1 ? chunks[0] : Buffer.concat(chunks);
+            request[bodyBufferKey] = buffer;
+            resolve(buffer);
+          });
+        };
+        const onError = (error) => {
+          finish(() => {
+            reject(error);
+          });
+        };
+        const onClose = () => {
+          if (incoming.readableEnded) {
+            onEnd();
+            return;
+          }
+          finish(() => {
+            if (incoming.errored) {
+              reject(incoming.errored);
+              return;
+            }
+            const reason = request[abortReasonKey];
+            if (reason !== void 0) {
+              reject(reason instanceof Error ? reason : new Error(String(reason)));
+              return;
+            }
+            reject(/* @__PURE__ */ new Error("Client connection prematurely closed."));
+          });
+        };
+        const cleanup = () => {
+          incoming.off("data", onData);
+          incoming.off("end", onEnd);
+          incoming.off("error", onError);
+          incoming.off("close", onClose);
+          request[bodyReadPromiseKey] = void 0;
+        };
+        incoming.on("data", onData);
+        incoming.on("end", onEnd);
+        incoming.on("error", onError);
+        incoming.on("close", onClose);
+        queueMicrotask(() => {
+          if (settled) return;
+          if (incoming.readableEnded) onEnd();
+          else if (incoming.errored) onError(incoming.errored);
+          else if (incoming.destroyed) onClose();
+        });
+      });
+      request[bodyReadPromiseKey] = promise;
+      return promise;
+    };
+    requestPrototype = {
+      get method() {
+        return this[methodKey];
+      },
+      get url() {
+        return this[urlKey];
+      },
+      get headers() {
+        return this[headersKey] ||= newHeadersFromIncoming(this[incomingKey]);
+      },
+      [abortRequest](reason) {
+        if (this[abortReasonKey] === void 0) this[abortReasonKey] = reason;
+        const abortController = this[abortControllerKey];
+        if (abortController && !abortController.signal.aborted) abortController.abort(reason);
+      },
+      [getAbortController]() {
+        this[abortControllerKey] ||= new AbortController();
+        if (this[abortReasonKey] !== void 0 && !this[abortControllerKey].signal.aborted) this[abortControllerKey].abort(this[abortReasonKey]);
+        return this[abortControllerKey];
+      },
+      [getRequestCache]() {
+        const abortController = this[getAbortController]();
+        if (this[requestCache]) return this[requestCache];
+        const method = this.method;
+        if (this[bodyConsumedDirectlyKey] && !(method === "GET" || method === "HEAD")) {
+          this[bodyBufferKey] = void 0;
+          const init = {
+            method: method === "TRACE" ? "GET" : method,
+            headers: this.headers,
+            signal: abortController.signal
+          };
+          if (method !== "TRACE") {
+            init.body = new ReadableStream({ start(c) {
+              c.close();
+            } });
+            init.duplex = "half";
+          }
+          const req = new Request$1(this[urlKey], init);
+          if (method === "TRACE") Object.defineProperty(req, "method", { get() {
+            return "TRACE";
+          } });
+          return this[requestCache] = req;
+        }
+        return this[requestCache] = newRequestFromIncoming(this.method, this[urlKey], this.headers, this[incomingKey], abortController);
+      },
+      get body() {
+        if (!this[bodyConsumedDirectlyKey]) return this[getRequestCache]().body;
+        const request = this[getRequestCache]();
+        if (!this[bodyLockReaderKey] && request.body) this[bodyLockReaderKey] = request.body.getReader();
+        return request.body;
+      },
+      get bodyUsed() {
+        if (this[bodyConsumedDirectlyKey]) return true;
+        if (this[requestCache]) return this[requestCache].bodyUsed;
+        return false;
+      }
+    };
+    Object.defineProperty(requestPrototype, "signal", { get() {
+      return this[getAbortController]().signal;
+    } });
+    [
+      "cache",
+      "credentials",
+      "destination",
+      "integrity",
+      "mode",
+      "redirect",
+      "referrer",
+      "referrerPolicy",
+      "keepalive"
+    ].forEach((k) => {
+      Object.defineProperty(requestPrototype, k, { get() {
+        return this[getRequestCache]()[k];
+      } });
+    });
+    ["clone", "formData"].forEach((k) => {
+      Object.defineProperty(requestPrototype, k, { value: function() {
+        if (this[bodyConsumedDirectlyKey]) {
+          if (k === "clone") throw newBodyUnusableError();
+          return rejectBodyUnusable();
+        }
+        return this[getRequestCache]()[k]();
+      } });
+    });
+    Object.defineProperty(requestPrototype, "text", { value: function() {
+      return readBodyWithFastPath(this, "text", (buf) => textDecoder.decode(buf));
+    } });
+    Object.defineProperty(requestPrototype, "arrayBuffer", { value: function() {
+      return readBodyWithFastPath(this, "arrayBuffer", (buf) => toArrayBuffer(buf));
+    } });
+    Object.defineProperty(requestPrototype, "blob", { value: function() {
+      return readBodyWithFastPath(this, "blob", (buf, request) => {
+        const type = contentType(request);
+        const init = type ? { headers: { "content-type": type } } : void 0;
+        return new Response(buf, init).blob();
+      });
+    } });
+    Object.defineProperty(requestPrototype, "json", { value: function() {
+      if (this[bodyConsumedDirectlyKey]) return rejectBodyUnusable();
+      return this.text().then(JSON.parse);
+    } });
+    Object.defineProperty(requestPrototype, /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom"), { value: function(depth, options, inspectFn) {
+      return `Request (lightweight) ${inspectFn({
+        method: this.method,
+        url: this.url,
+        headers: this.headers,
+        nativeRequest: this[requestCache]
+      }, {
+        ...options,
+        depth: depth == null ? null : depth - 1
+      })}`;
+    } });
+    Object.setPrototypeOf(requestPrototype, Request$1.prototype);
+    newRequest = (incoming, defaultHostname) => {
+      const req = Object.create(requestPrototype);
+      req[incomingKey] = incoming;
+      req[methodKey] = normalizeIncomingMethod(incoming.method);
+      const incomingUrl = incoming.url || "";
+      if (incomingUrl[0] !== "/" && (incomingUrl.startsWith("http://") || incomingUrl.startsWith("https://"))) {
+        if (incoming instanceof import_node_http2.Http2ServerRequest) throw new RequestError("Absolute URL for :path is not allowed in HTTP/2");
+        try {
+          req[urlKey] = new URL(incomingUrl).href;
+        } catch (e) {
+          throw new RequestError("Invalid absolute URL", { cause: e });
+        }
+        return req;
+      }
+      const host = (incoming instanceof import_node_http2.Http2ServerRequest ? incoming.authority : incoming.headers.host) || defaultHostname;
+      if (!host) throw new RequestError("Missing host header");
+      let scheme;
+      if (incoming instanceof import_node_http2.Http2ServerRequest) {
+        scheme = incoming.scheme;
+        if (!(scheme === "http" || scheme === "https")) throw new RequestError("Unsupported scheme");
+      } else scheme = incoming.socket && incoming.socket.encrypted ? "https" : "http";
+      try {
+        req[urlKey] = buildUrl(scheme, host, incomingUrl);
+      } catch (e) {
+        if (e instanceof RequestError) throw e;
+        else throw new RequestError("Invalid URL", { cause: e });
+      }
+      return req;
+    };
+    defaultContentType = "text/plain; charset=UTF-8";
+    responseCache = /* @__PURE__ */ Symbol("responseCache");
+    getResponseCache = /* @__PURE__ */ Symbol("getResponseCache");
+    cacheKey = /* @__PURE__ */ Symbol("cache");
+    GlobalResponse = global.Response;
+    Response$1 = class Response$12 {
+      #body;
+      #init;
+      [getResponseCache]() {
+        const cache = this[cacheKey];
+        const liveHeaders = cache && cache[2] instanceof Headers ? cache[2] : void 0;
+        delete this[cacheKey];
+        return this[responseCache] ||= new GlobalResponse(this.#body, liveHeaders ? {
+          ...this.#init,
+          headers: liveHeaders
+        } : this.#init);
+      }
+      constructor(body, init) {
+        let headers;
+        this.#body = body;
+        if (init instanceof Response$12) {
+          const cachedGlobalResponse = init[responseCache];
+          if (cachedGlobalResponse) {
+            this.#init = cachedGlobalResponse;
+            this[getResponseCache]();
+            return;
+          } else {
+            this.#init = init.#init;
+            headers = new Headers(init.headers);
+          }
+        } else this.#init = init;
+        if (body == null || typeof body === "string" || typeof body?.getReader !== "undefined" || body instanceof Blob || body instanceof Uint8Array) this[cacheKey] = [
+          init?.status || 200,
+          body ?? null,
+          headers || init?.headers
+        ];
+      }
+      get headers() {
+        const cache = this[cacheKey];
+        if (cache) {
+          if (!(cache[2] instanceof Headers)) cache[2] = new Headers(cache[2] || (cache[1] === null ? void 0 : { "content-type": defaultContentType }));
+          return cache[2];
+        }
+        return this[getResponseCache]().headers;
+      }
+      get status() {
+        return this[cacheKey]?.[0] ?? this[getResponseCache]().status;
+      }
+      get ok() {
+        const status = this.status;
+        return status >= 200 && status < 300;
+      }
+    };
+    [
+      "body",
+      "bodyUsed",
+      "redirected",
+      "statusText",
+      "trailers",
+      "type",
+      "url"
+    ].forEach((k) => {
+      Object.defineProperty(Response$1.prototype, k, { get() {
+        return this[getResponseCache]()[k];
+      } });
+    });
+    [
+      "arrayBuffer",
+      "blob",
+      "clone",
+      "formData",
+      "json",
+      "text"
+    ].forEach((k) => {
+      Object.defineProperty(Response$1.prototype, k, { value: function() {
+        return this[getResponseCache]()[k]();
+      } });
+    });
+    Object.defineProperty(Response$1.prototype, /* @__PURE__ */ Symbol.for("nodejs.util.inspect.custom"), { value: function(depth, options, inspectFn) {
+      return `Response (lightweight) ${inspectFn({
+        status: this.status,
+        headers: this.headers,
+        ok: this.ok,
+        nativeResponse: this[responseCache]
+      }, {
+        ...options,
+        depth: depth == null ? null : depth - 1
+      })}`;
+    } });
+    Object.setPrototypeOf(Response$1, GlobalResponse);
+    Object.setPrototypeOf(Response$1.prototype, GlobalResponse.prototype);
+    validRedirectUrl = /^https?:\/\/[!#-;=?-[\]_a-z~A-Z]+$/;
+    parseRedirectUrl = (url) => {
+      if (url instanceof URL) return url.href;
+      if (validRedirectUrl.test(url)) return url;
+      return new URL(url).href;
+    };
+    validRedirectStatuses = /* @__PURE__ */ new Set([
+      301,
+      302,
+      303,
+      307,
+      308
+    ]);
+    Object.defineProperty(Response$1, "redirect", {
+      value: function redirect(url, status = 302) {
+        if (!validRedirectStatuses.has(status)) throw new RangeError("Invalid status code");
+        return new Response$1(null, {
+          status,
+          headers: { location: parseRedirectUrl(url) }
+        });
+      },
+      writable: true,
+      configurable: true
+    });
+    Object.defineProperty(Response$1, "json", {
+      value: function json(data, init) {
+        const body = JSON.stringify(data);
+        if (body === void 0) throw new TypeError("The data is not JSON serializable");
+        const initHeaders = init?.headers;
+        let headers;
+        if (initHeaders) {
+          headers = new Headers(initHeaders);
+          if (!headers.has("content-type")) headers.set("content-type", "application/json");
+        } else headers = { "content-type": "application/json" };
+        return new Response$1(body, {
+          status: init?.status ?? 200,
+          statusText: init?.statusText,
+          headers
+        });
+      },
+      writable: true,
+      configurable: true
+    });
+    buildOutgoingHttpHeaders = (headers, defaultContentType2) => {
+      const res = {};
+      if (!(headers instanceof Headers)) headers = new Headers(headers ?? void 0);
+      if (headers.has("set-cookie")) {
+        const cookies = [];
+        for (const [k, v] of headers) if (k === "set-cookie") cookies.push(v);
+        else res[k] = v;
+        if (cookies.length > 0) res["set-cookie"] = cookies;
+      } else for (const [k, v] of headers) res[k] = v;
+      if (defaultContentType2) res["content-type"] ??= defaultContentType2;
+      return res;
+    };
+    outgoingEnded = /* @__PURE__ */ Symbol("outgoingEnded");
+    incomingDraining = /* @__PURE__ */ Symbol("incomingDraining");
+    DRAIN_TIMEOUT_MS = 500;
+    MAX_DRAIN_BYTES = 64 * 1024 * 1024;
+    drainIncoming = (incoming) => {
+      const incomingWithDrainState = incoming;
+      if (incoming.destroyed || incomingWithDrainState[incomingDraining]) return;
+      incomingWithDrainState[incomingDraining] = true;
+      if (incoming instanceof import_node_http2.Http2ServerRequest) {
+        try {
+          incoming.stream?.close?.(import_node_http2.constants.NGHTTP2_NO_ERROR);
+        } catch {
+        }
+        return;
+      }
+      let bytesRead = 0;
+      const cleanup = () => {
+        clearTimeout(timer);
+        incoming.off("data", onData);
+        incoming.off("end", cleanup);
+        incoming.off("error", cleanup);
+      };
+      const forceClose = () => {
+        cleanup();
+        const socket = incoming.socket;
+        if (socket && !socket.destroyed) socket.destroySoon();
+      };
+      const timer = setTimeout(forceClose, DRAIN_TIMEOUT_MS);
+      timer.unref?.();
+      const onData = (chunk) => {
+        bytesRead += chunk.length;
+        if (bytesRead > MAX_DRAIN_BYTES) forceClose();
+      };
+      incoming.on("data", onData);
+      incoming.on("end", cleanup);
+      incoming.on("error", cleanup);
+      incoming.resume();
+    };
+    makeCloseHandler = (req, incoming, outgoing, needsBodyCleanup) => () => {
+      if (incoming.errored) req[abortRequest](incoming.errored.toString());
+      else if (!outgoing.writableFinished) req[abortRequest]("Client connection prematurely closed.");
+      if (needsBodyCleanup && !incoming.readableEnded) setTimeout(() => {
+        if (!incoming.readableEnded) setTimeout(() => {
+          drainIncoming(incoming);
+        });
+      });
+    };
+    isImmediateCacheableResponse = (res) => {
+      if (!(cacheKey in res)) return false;
+      const body = res[cacheKey][1];
+      return body === null || typeof body === "string" || body instanceof Uint8Array;
+    };
+    handleRequestError = () => new Response(null, { status: 400 });
+    handleFetchError = (e) => new Response(null, { status: e instanceof Error && (e.name === "TimeoutError" || e.constructor.name === "TimeoutError") ? 504 : 500 });
+    handleResponseError = (e, outgoing) => {
+      const err = e instanceof Error ? e : new Error("unknown error", { cause: e });
+      if (err.code === "ERR_STREAM_PREMATURE_CLOSE") console.info("The user aborted a request.");
+      else {
+        console.error(e);
+        if (!outgoing.headersSent) outgoing.writeHead(500, { "Content-Type": "text/plain" });
+        outgoing.end(`Error: ${err.message}`);
+        outgoing.destroy(err);
+      }
+    };
+    flushHeaders = (outgoing) => {
+      if ("flushHeaders" in outgoing && outgoing.writable) outgoing.flushHeaders();
+    };
+    responseViaCache = async (res, outgoing) => {
+      let [status, body, header] = res[cacheKey];
+      if (!header) {
+        if (body === null) {
+          outgoing.writeHead(status);
+          outgoing.end();
+        } else if (typeof body === "string") {
+          outgoing.writeHead(status, {
+            "Content-Type": defaultContentType,
+            "Content-Length": Buffer.byteLength(body)
+          });
+          outgoing.end(body);
+        } else if (body instanceof Uint8Array) {
+          outgoing.writeHead(status, {
+            "Content-Type": defaultContentType,
+            "Content-Length": body.byteLength
+          });
+          outgoing.end(body);
+        } else if (body instanceof Blob) {
+          outgoing.writeHead(status, {
+            "Content-Type": defaultContentType,
+            "Content-Length": body.size
+          });
+          outgoing.end(new Uint8Array(await body.arrayBuffer()));
+        } else {
+          outgoing.writeHead(status, { "Content-Type": defaultContentType });
+          flushHeaders(outgoing);
+          await writeFromReadableStream(body, outgoing)?.catch((e) => handleResponseError(e, outgoing));
+        }
+        outgoing[outgoingEnded]?.();
+        return;
+      }
+      let hasContentLength = false;
+      if (header instanceof Headers) {
+        hasContentLength = header.has("content-length");
+        header = buildOutgoingHttpHeaders(header, body === null ? void 0 : defaultContentType);
+      } else if (Array.isArray(header)) {
+        const headerObj = new Headers(header);
+        hasContentLength = headerObj.has("content-length");
+        header = buildOutgoingHttpHeaders(headerObj, body === null ? void 0 : defaultContentType);
+      } else for (const key in header) if (key.length === 14 && key.toLowerCase() === "content-length") {
+        hasContentLength = true;
+        break;
+      }
+      if (!hasContentLength) {
+        if (typeof body === "string") header["Content-Length"] = Buffer.byteLength(body);
+        else if (body instanceof Uint8Array) header["Content-Length"] = body.byteLength;
+        else if (body instanceof Blob) header["Content-Length"] = body.size;
+      }
+      outgoing.writeHead(status, header);
+      if (body == null) outgoing.end();
+      else if (typeof body === "string" || body instanceof Uint8Array) outgoing.end(body);
+      else if (body instanceof Blob) outgoing.end(new Uint8Array(await body.arrayBuffer()));
+      else {
+        flushHeaders(outgoing);
+        await writeFromReadableStream(body, outgoing)?.catch((e) => handleResponseError(e, outgoing));
+      }
+      outgoing[outgoingEnded]?.();
+    };
+    isPromise = (res) => typeof res.then === "function";
+    responseViaResponseObject = async (res, outgoing, options = {}) => {
+      if (isPromise(res)) if (options.errorHandler) try {
+        res = await res;
+      } catch (err) {
+        const errRes = await options.errorHandler(err);
+        if (!errRes) return;
+        res = errRes;
+      }
+      else res = await res.catch(handleFetchError);
+      if (cacheKey in res) return responseViaCache(res, outgoing);
+      const resHeaderRecord = buildOutgoingHttpHeaders(res.headers, res.body === null ? void 0 : defaultContentType);
+      if (res.body) {
+        const reader = res.body.getReader();
+        const values = [];
+        let done = false;
+        let currentReadPromise = void 0;
+        if (resHeaderRecord["transfer-encoding"] !== "chunked") {
+          let maxReadCount = 2;
+          for (let i = 0; i < maxReadCount; i++) {
+            currentReadPromise ||= reader.read();
+            const chunk = await readWithoutBlocking(currentReadPromise).catch((e) => {
+              console.error(e);
+              done = true;
+            });
+            if (!chunk) {
+              if (i === 1) {
+                await new Promise((resolve) => setTimeout(resolve));
+                maxReadCount = 3;
+                continue;
+              }
+              break;
+            }
+            currentReadPromise = void 0;
+            if (chunk.value) values.push(chunk.value);
+            if (chunk.done) {
+              done = true;
+              break;
+            }
+          }
+          if (done && !("content-length" in resHeaderRecord)) resHeaderRecord["content-length"] = values.reduce((acc, value) => acc + value.length, 0);
+        }
+        outgoing.writeHead(res.status, resHeaderRecord);
+        values.forEach((value) => {
+          outgoing.write(value);
+        });
+        if (done) outgoing.end();
+        else {
+          if (values.length === 0) flushHeaders(outgoing);
+          await writeFromReadableStreamDefaultReader(reader, outgoing, currentReadPromise);
+        }
+      } else if (resHeaderRecord[X_ALREADY_SENT]) {
+      } else {
+        outgoing.writeHead(res.status, resHeaderRecord);
+        outgoing.end();
+      }
+      outgoing[outgoingEnded]?.();
+    };
+    getRequestListener = (fetchCallback, options = {}) => {
+      const autoCleanupIncoming = options.autoCleanupIncoming ?? true;
+      if (options.overrideGlobalObjects !== false && global.Request !== Request$1) {
+        Object.defineProperty(global, "Request", { value: Request$1 });
+        Object.defineProperty(global, "Response", { value: Response$1 });
+      }
+      return async (incoming, outgoing) => {
+        let res, req;
+        let needsBodyCleanup = false;
+        let closeHandlerAttached = false;
+        const ensureCloseHandler = () => {
+          if (!req || closeHandlerAttached) return;
+          closeHandlerAttached = true;
+          outgoing.on("close", makeCloseHandler(req, incoming, outgoing, needsBodyCleanup));
+        };
+        try {
+          req = newRequest(incoming, options.hostname);
+          needsBodyCleanup = autoCleanupIncoming && !(incoming.method === "GET" || incoming.method === "HEAD");
+          if (needsBodyCleanup) {
+            incoming[wrapBodyStream] = true;
+            if (incoming instanceof import_node_http2.Http2ServerRequest) outgoing[outgoingEnded] = () => {
+              if (!incoming.readableEnded) setTimeout(() => {
+                if (!incoming.readableEnded) setTimeout(() => {
+                  incoming.destroy();
+                  outgoing.destroy();
+                });
+              });
+            };
+          }
+          res = fetchCallback(req, {
+            incoming,
+            outgoing
+          });
+          if (!isPromise(res) && isImmediateCacheableResponse(res)) {
+            if (needsBodyCleanup && !incoming.readableEnded) outgoing.once("finish", () => {
+              if (!incoming.readableEnded) drainIncoming(incoming);
+            });
+            return responseViaCache(res, outgoing);
+          }
+          ensureCloseHandler();
+        } catch (e) {
+          if (!res) if (options.errorHandler) {
+            ensureCloseHandler();
+            res = await options.errorHandler(req ? e : toRequestError(e));
+            if (!res) return;
+          } else if (!req) res = handleRequestError();
+          else res = handleFetchError(e);
+          else return handleResponseError(e, outgoing);
+        }
+        try {
+          return await responseViaResponseObject(res, outgoing, options);
+        } catch (e) {
+          return handleResponseError(e, outgoing);
+        }
+      };
+    };
+    CloseEvent = globalThis.CloseEvent ?? class extends Event {
+      #eventInitDict;
+      constructor(type, eventInitDict = {}) {
+        super(type, eventInitDict);
+        this.#eventInitDict = eventInitDict;
+      }
+      get wasClean() {
+        return this.#eventInitDict.wasClean ?? false;
+      }
+      get code() {
+        return this.#eventInitDict.code ?? 0;
+      }
+      get reason() {
+        return this.#eventInitDict.reason ?? "";
+      }
+    };
+    generateConnectionSymbol = () => /* @__PURE__ */ Symbol("connection");
+    CONNECTION_SYMBOL_KEY = /* @__PURE__ */ Symbol("CONNECTION_SYMBOL_KEY");
+    WAIT_FOR_WEBSOCKET_SYMBOL = /* @__PURE__ */ Symbol("WAIT_FOR_WEBSOCKET_SYMBOL");
+    responseHeadersToSkip = /* @__PURE__ */ new Set([
+      "connection",
+      "content-length",
+      "keep-alive",
+      "proxy-authenticate",
+      "proxy-authorization",
+      "te",
+      "trailer",
+      "transfer-encoding",
+      "upgrade",
+      "sec-websocket-accept",
+      "sec-websocket-extensions",
+      "sec-websocket-protocol"
+    ]);
+    appendResponseHeaders = (headers, responseHeaders) => {
+      if (!responseHeaders) return;
+      responseHeaders.forEach((value, key) => {
+        if (responseHeadersToSkip.has(key.toLowerCase())) return;
+        headers.push(`${key}: ${value}`);
+      });
+    };
+    rejectUpgradeRequest = (socket, status, responseHeaders) => {
+      const responseLines = ["Connection: close", "Content-Length: 0"];
+      appendResponseHeaders(responseLines, responseHeaders);
+      socket.end(`HTTP/1.1 ${status.toString()} ${import_node_http.STATUS_CODES[status] ?? ""}\r
+${responseLines.join("\r\n")}\r
+\r
+`);
+    };
+    createUpgradeRequest = (request) => {
+      const protocol = request.socket.encrypted ? "https" : "http";
+      const url = new URL(request.url ?? "/", `${protocol}://${request.headers.host ?? "localhost"}`);
+      const headers = new Headers();
+      for (const key in request.headers) {
+        const value = request.headers[key];
+        if (!value) continue;
+        headers.append(key, Array.isArray(value) ? value[0] : value);
+      }
+      return new Request(url, { headers });
+    };
+    setupWebSocket = (options) => {
+      const { server, fetchCallback, wss } = options;
+      const waiterMap = /* @__PURE__ */ new Map();
+      wss.on("connection", (ws, request) => {
+        const waiter = waiterMap.get(request);
+        if (waiter) {
+          waiter.resolve(ws);
+          waiterMap.delete(request);
+        }
+      });
+      const waitForWebSocket = (request, connectionSymbol) => {
+        return new Promise((resolve) => {
+          waiterMap.set(request, {
+            resolve,
+            connectionSymbol
+          });
+        });
+      };
+      server.on("upgrade", async (request, socket, head) => {
+        if (request.headers.upgrade?.toLowerCase() !== "websocket") return;
+        const env = {
+          incoming: request,
+          outgoing: void 0,
+          wss,
+          [WAIT_FOR_WEBSOCKET_SYMBOL]: waitForWebSocket
+        };
+        let status = 400;
+        let responseHeaders;
+        try {
+          const response = await fetchCallback(createUpgradeRequest(request), env);
+          if (response instanceof Response) {
+            status = response.status;
+            responseHeaders = response.headers;
+          }
+        } catch {
+          if (server.listenerCount("upgrade") === 1) rejectUpgradeRequest(socket, 500);
+          return;
+        }
+        const waiter = waiterMap.get(request);
+        if (!waiter || waiter.connectionSymbol !== env[CONNECTION_SYMBOL_KEY]) {
+          waiterMap.delete(request);
+          if (server.listenerCount("upgrade") === 1) rejectUpgradeRequest(socket, status, responseHeaders);
+          return;
+        }
+        const addResponseHeaders = (headers) => {
+          appendResponseHeaders(headers, responseHeaders);
+        };
+        wss.on("headers", addResponseHeaders);
+        try {
+          wss.handleUpgrade(request, socket, head, (ws) => {
+            wss.emit("connection", ws, request);
+          });
+        } finally {
+          wss.off("headers", addResponseHeaders);
+        }
+      });
+      server.on("close", () => {
+        wss.close();
+      });
+    };
+    upgradeWebSocket = (0, import_ws.defineWebSocketHelper)(async (c, events, options) => {
+      if (c.req.header("upgrade")?.toLowerCase() !== "websocket") return;
+      const env = c.env;
+      const waitForWebSocket = env[WAIT_FOR_WEBSOCKET_SYMBOL];
+      if (!waitForWebSocket || !env.incoming) return new Response(null, { status: 500 });
+      const connectionSymbol = generateConnectionSymbol();
+      env[CONNECTION_SYMBOL_KEY] = connectionSymbol;
+      (async () => {
+        const ws = await waitForWebSocket(env.incoming, connectionSymbol);
+        const messagesReceivedInStarting = [];
+        const bufferMessage = (data, isBinary) => {
+          messagesReceivedInStarting.push([data, isBinary]);
+        };
+        ws.on("message", bufferMessage);
+        const ctx = {
+          binaryType: "arraybuffer",
+          close(code, reason) {
+            ws.close(code, reason);
+          },
+          protocol: ws.protocol,
+          raw: ws,
+          get readyState() {
+            return ws.readyState;
+          },
+          send(source, opts) {
+            ws.send(source, { compress: opts?.compress });
+          },
+          url: new URL(c.req.url)
+        };
+        try {
+          events?.onOpen?.(new Event("open"), ctx);
+        } catch (e) {
+          (options?.onError ?? console.error)(e);
+        }
+        const handleMessage = (data, isBinary) => {
+          const datas = Array.isArray(data) ? data : [data];
+          for (const data2 of datas) try {
+            events?.onMessage?.(new MessageEvent("message", { data: isBinary ? data2 instanceof ArrayBuffer ? data2 : data2.buffer.slice(data2.byteOffset, data2.byteOffset + data2.byteLength) : typeof data2 === "string" ? data2 : Buffer.from(data2).toString("utf-8") }), ctx);
+          } catch (e) {
+            (options?.onError ?? console.error)(e);
+          }
+        };
+        ws.off("message", bufferMessage);
+        for (const message of messagesReceivedInStarting) handleMessage(...message);
+        ws.on("message", (data, isBinary) => {
+          handleMessage(data, isBinary);
+        });
+        ws.on("close", (code, reason) => {
+          try {
+            events?.onClose?.(new CloseEvent("close", {
+              code,
+              reason: reason.toString()
+            }), ctx);
+          } catch (e) {
+            (options?.onError ?? console.error)(e);
+          }
+        });
+        ws.on("error", (error) => {
+          try {
+            events?.onError?.(new ErrorEvent("error", { error }), ctx);
+          } catch (e) {
+            (options?.onError ?? console.error)(e);
+          }
+        });
+      })();
+      return new Response();
+    });
+    createAdaptorServer = (options) => {
+      const fetchCallback = options.fetch;
+      const requestListener = getRequestListener(fetchCallback, {
+        hostname: options.hostname,
+        overrideGlobalObjects: options.overrideGlobalObjects,
+        autoCleanupIncoming: options.autoCleanupIncoming
+      });
+      const server = (options.createServer || import_node_http.createServer)(options.serverOptions || {}, requestListener);
+      if (options.websocket && options.websocket.server) {
+        if (options.websocket.server.options.noServer !== true) throw new Error("WebSocket server must be created with { noServer: true } option");
+        setupWebSocket({
+          server,
+          fetchCallback,
+          wss: options.websocket.server
+        });
+      }
+      return server;
+    };
+    serve = (options, listeningListener) => {
+      const server = createAdaptorServer(options);
+      server.listen(options?.port ?? 3e3, options.hostname, () => {
+        const serverInfo = server.address();
+        listeningListener && listeningListener(serverInfo);
+      });
+      return server;
+    };
+  }
+});
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ApiKeyAuth: () => ApiKeyAuth,
+  AsyncRunRegistry: () => AsyncRunRegistry,
+  BatchRunner: () => BatchRunner,
+  InMemoryQuota: () => InMemoryQuota,
+  InMemoryTokenBucketLimiter: () => InMemoryTokenBucketLimiter,
+  NoAuth: () => NoAuth,
+  Scheduler: () => Scheduler,
+  WorkflowRunError: () => import_workflow2.WorkflowRunError,
+  createServer: () => createServer2,
+  serveNode: () => serveNode,
+  toUIMessageStream: () => toUIMessageStream,
+  toUIMessageStreamResponse: () => toUIMessageStreamResponse
+});
+module.exports = __toCommonJS(index_exports);
+var import_hono = require("hono");
+var import_streaming = require("hono/streaming");
+var import_body_limit = require("hono/body-limit");
+var import_cors = require("hono/cors");
+var import_workflow = require("@eidentic/workflow");
+
+// src/rate-limit.ts
+var InMemoryTokenBucketLimiter = class {
+  capacity;
+  refillPerSec;
+  now;
+  buckets = /* @__PURE__ */ new Map();
+  /**
+   * The eviction threshold in ms: entries older than this are guaranteed to be
+   * at full capacity, so removing them is lossless.
+   * = (capacity / refillPerSec) * 1000 * 2
+   * For zero-refill configs a fixed 24-hour window bounds growth.
+   */
+  evictThresholdMs;
+  /**
+   * Sweep runs at most once per this interval. Set to half the eviction
+   * threshold so that stale entries are caught within at most one extra window.
+   */
+  sweepIntervalMs;
+  lastSweepMs = 0;
+  constructor(opts) {
+    this.capacity = opts.capacity;
+    this.refillPerSec = opts.refillPerSec;
+    this.now = opts.now ?? (() => Date.now());
+    if (opts.refillPerSec > 0) {
+      const fullRefillMs = opts.capacity / opts.refillPerSec * 1e3;
+      this.evictThresholdMs = fullRefillMs * 2;
+      this.sweepIntervalMs = fullRefillMs;
+    } else {
+      this.evictThresholdMs = 864e5;
+      this.sweepIntervalMs = 36e5;
+    }
+  }
+  /**
+   * Test-only accessor: number of entries currently held in the buckets map.
+   * Not part of the `RateLimiterPort` contract.
+   */
+  get bucketCount() {
+    return this.buckets.size;
+  }
+  acquire(key, cost = 1) {
+    const nowMs = this.now();
+    if (nowMs - this.lastSweepMs >= this.sweepIntervalMs) {
+      this._sweep(nowMs);
+      this.lastSweepMs = nowMs;
+    }
+    let bucket = this.buckets.get(key);
+    if (!bucket) {
+      bucket = { tokens: this.capacity, lastRefillMs: nowMs };
+      this.buckets.set(key, bucket);
+    }
+    const elapsedSec = (nowMs - bucket.lastRefillMs) / 1e3;
+    bucket.tokens = Math.min(this.capacity, bucket.tokens + elapsedSec * this.refillPerSec);
+    bucket.lastRefillMs = nowMs;
+    if (bucket.tokens >= cost) {
+      bucket.tokens -= cost;
+      return { ok: true, remaining: Math.floor(bucket.tokens) };
+    }
+    const retryAfterMs = this.refillPerSec > 0 ? Math.ceil((cost - bucket.tokens) / this.refillPerSec * 1e3) : void 0;
+    return { ok: false, retryAfterMs, remaining: Math.floor(bucket.tokens) };
+  }
+  /**
+   * Evict bucket entries older than `evictThresholdMs`. Called opportunistically
+   * from `acquire` — no timer involved.
+   */
+  _sweep(nowMs) {
+    for (const [k, state] of this.buckets) {
+      if (nowMs - state.lastRefillMs > this.evictThresholdMs) {
+        this.buckets.delete(k);
+      }
+    }
+  }
+};
+
+// src/quota.ts
+var InMemoryQuota = class {
+  resolve;
+  ledger = /* @__PURE__ */ new Map();
+  /** In-flight run count per key: incremented on check, decremented on record/release. */
+  reserved = /* @__PURE__ */ new Map();
+  /** Per-key monotonic generation counter, bumped on reset() to invalidate outstanding tokens. */
+  generations = /* @__PURE__ */ new Map();
+  /** All live reservation tokens, used by the max-age sweep. */
+  activeReservations = /* @__PURE__ */ new Set();
+  /** Max-age sweep interval handle — cleared on destroy(). */
+  sweepInterval;
+  /** How old a reservation must be (ms) before the sweep discards it. Default 5 minutes. */
+  reservationMaxAgeMs;
+  constructor(limits, options) {
+    this.resolve = typeof limits === "function" ? limits : () => limits;
+    this.reservationMaxAgeMs = options?.reservationMaxAgeMs ?? 3e5;
+    if (this.reservationMaxAgeMs > 0 && isFinite(this.reservationMaxAgeMs)) {
+      this.sweepInterval = setInterval(() => {
+        this.sweepStaleReservations();
+      }, this.reservationMaxAgeMs);
+      if (typeof this.sweepInterval === "object" && this.sweepInterval !== null && typeof this.sweepInterval.unref === "function") {
+        this.sweepInterval.unref();
+      }
+    }
+  }
+  /**
+   * Release all stale reservations (older than `reservationMaxAgeMs`).
+   * Called automatically by the background sweep, but also available for testing.
+   */
+  sweepStaleReservations() {
+    const now = Date.now();
+    for (const reservation of this.activeReservations) {
+      if (now - reservation.createdAt >= this.reservationMaxAgeMs) {
+        this.activeReservations.delete(reservation);
+        if (reservation.generation === this.getGeneration(reservation.key)) {
+          const cur = this.getReserved(reservation.key);
+          if (cur > 0) this.reserved.set(reservation.key, cur - 1);
+        }
+      }
+    }
+  }
+  /**
+   * Stop the background sweep interval. Call this when shutting down to prevent
+   * open handle warnings in tests and to release resources cleanly.
+   */
+  destroy() {
+    if (this.sweepInterval !== void 0) {
+      clearInterval(this.sweepInterval);
+    }
+  }
+  getUsage(key) {
+    let u = this.ledger.get(key);
+    if (!u) {
+      u = { usd: 0, tokens: 0, runs: 0 };
+      this.ledger.set(key, u);
+    }
+    return u;
+  }
+  getGeneration(key) {
+    return this.generations.get(key) ?? 0;
+  }
+  getReserved(key) {
+    return this.reserved.get(key) ?? 0;
+  }
+  /**
+   * Check whether `key` may start another run. On success, reserves 1 run in the in-flight
+   * counter and returns a `reservation` token. Hard ceilings are checked against
+   * `committed + reserved` so concurrent callers see each other's pending runs.
+   *
+   * Always call `record(key, spend, reservation)` or `release(reservation)` after `check`
+   * to free the reservation and prevent in-flight count leakage.
+   */
+  check(key) {
+    const limits = this.resolve(key);
+    const usage = this.getUsage(key);
+    const inFlight = this.getReserved(key);
+    if (limits.hardUsd !== void 0 && usage.usd >= limits.hardUsd) {
+      return { ok: false, reason: `hard USD ceiling reached (${usage.usd} >= ${limits.hardUsd})`, usage };
+    }
+    if (limits.hardTokens !== void 0 && usage.tokens >= limits.hardTokens) {
+      return { ok: false, reason: `hard token ceiling reached (${usage.tokens} >= ${limits.hardTokens})`, usage };
+    }
+    if (limits.hardRuns !== void 0 && usage.runs + inFlight >= limits.hardRuns) {
+      return { ok: false, reason: `hard run ceiling reached (${usage.runs + inFlight} >= ${limits.hardRuns})`, usage };
+    }
+    this.reserved.set(key, inFlight + 1);
+    const generation = this.getGeneration(key);
+    const reservation = { key, generation, createdAt: Date.now() };
+    this.activeReservations.add(reservation);
+    const warn = limits.softUsd !== void 0 && usage.usd >= limits.softUsd;
+    return { ok: true, warn: warn || void 0, usage, reservation };
+  }
+  /**
+   * Settle a reservation by recording actual spend. The 1-run reservation is consumed and the
+   * committed counter is updated with the real spend. If `reservation` is provided and stale
+   * (reset() was called between check and record), the settle is a no-op — no double-counting.
+   *
+   * Legacy callers that omit `reservation` still have their spend committed (backward-compatible),
+   * but the in-flight counter is not decremented (they weren't reserving).
+   */
+  record(key, spend, reservation) {
+    if (reservation !== void 0) {
+      this.activeReservations.delete(reservation);
+      if (reservation.generation === this.getGeneration(key)) {
+        const cur = this.getReserved(key);
+        if (cur > 0) this.reserved.set(key, cur - 1);
+      }
+    }
+    const usage = this.getUsage(key);
+    usage.usd += spend.usd;
+    usage.tokens += spend.tokens;
+    usage.runs += 1;
+  }
+  /**
+   * Release a reservation WITHOUT recording spend (error / abort path).
+   * If the token is stale (reset() was called), this is a no-op.
+   */
+  release(reservation) {
+    this.activeReservations.delete(reservation);
+    if (reservation.generation !== this.getGeneration(reservation.key)) return;
+    const cur = this.getReserved(reservation.key);
+    if (cur > 0) this.reserved.set(reservation.key, cur - 1);
+  }
+  /**
+   * Reset usage counters for a specific key, or ALL keys when called with no argument.
+   * Increments the generation counter for affected keys so outstanding reservation tokens
+   * become stale and cannot settle against the fresh state.
+   * Useful for tests and dev tooling.
+   */
+  reset(key) {
+    if (key !== void 0) {
+      this.ledger.delete(key);
+      this.reserved.delete(key);
+      this.generations.set(key, (this.generations.get(key) ?? 0) + 1);
+      for (const r of this.activeReservations) {
+        if (r.key === key) this.activeReservations.delete(r);
+      }
+    } else {
+      this.ledger.clear();
+      this.reserved.clear();
+      for (const k of [...this.generations.keys()]) {
+        this.generations.set(k, (this.generations.get(k) ?? 0) + 1);
+      }
+      this.activeReservations.clear();
+    }
+  }
+};
+
+// src/ui-message-stream.ts
+var import_ai = require("ai");
+function toUIMessageStream(events) {
+  return (0, import_ai.createUIMessageStream)({
+    execute: async ({ writer }) => {
+      writer.write({ type: "start" });
+      writer.write({ type: "start-step" });
+      let textBlockOpen = false;
+      let textBlockId = "text-0";
+      function openTextBlock(id) {
+        if (!textBlockOpen) {
+          textBlockId = id;
+          writer.write({ type: "text-start", id: textBlockId });
+          textBlockOpen = true;
+        }
+      }
+      function closeTextBlock() {
+        if (textBlockOpen) {
+          writer.write({ type: "text-end", id: textBlockId });
+          textBlockOpen = false;
+        }
+      }
+      for await (const ev of events) {
+        switch (ev.type) {
+          // ------------------------------------------------------------------
+          // Streaming token delta — primary hot path for live text streaming
+          // ------------------------------------------------------------------
+          case "stream.delta": {
+            openTextBlock("streaming-text");
+            writer.write({ type: "text-delta", delta: ev.delta.text, id: textBlockId });
+            break;
+          }
+          // ------------------------------------------------------------------
+          // Assistant turn — complete content blocks (text + tool_use)
+          // ------------------------------------------------------------------
+          case "assistant": {
+            closeTextBlock();
+            for (const block of ev.content) {
+              if (block.type === "text") {
+                const id = `text-${crypto.randomUUID()}`;
+                writer.write({ type: "text-start", id });
+                writer.write({ type: "text-delta", delta: block.text, id });
+                writer.write({ type: "text-end", id });
+              } else if (block.type === "tool_use") {
+                writer.write({
+                  type: "tool-input-available",
+                  toolCallId: block.callId,
+                  toolName: block.name,
+                  input: block.input
+                });
+              }
+            }
+            break;
+          }
+          // ------------------------------------------------------------------
+          // Tool result
+          // ------------------------------------------------------------------
+          case "tool.result": {
+            if (ev.isError) {
+              writer.write({
+                type: "tool-output-error",
+                toolCallId: ev.callId,
+                errorText: typeof ev.output === "string" ? ev.output : JSON.stringify(ev.output)
+              });
+            } else {
+              writer.write({
+                type: "tool-output-available",
+                toolCallId: ev.callId,
+                output: ev.output
+              });
+            }
+            break;
+          }
+          // ------------------------------------------------------------------
+          // Terminal result — stream is done
+          // ------------------------------------------------------------------
+          case "result": {
+            closeTextBlock();
+            const finishReason = (() => {
+              switch (ev.subtype) {
+                case "success":
+                  return "stop";
+                case "max_tokens":
+                  return "length";
+                case "error":
+                  return "error";
+                case "max_turns":
+                case "max_cost":
+                case "max_wall_clock":
+                case "aborted":
+                case "suspended":
+                default:
+                  return "other";
+              }
+            })();
+            writer.write({ type: "finish-step" });
+            writer.write({ type: "finish", finishReason });
+            break;
+          }
+          // ------------------------------------------------------------------
+          // Ignored events — metadata / audit signals not meaningful to UI
+          // ------------------------------------------------------------------
+          case "session.init":
+          case "compaction":
+            break;
+        }
+      }
+    },
+    onError: (err) => {
+      const msg = err instanceof Error ? err.message : String(err);
+      return `Stream error: ${msg}`;
+    }
+  });
+}
+function toUIMessageStreamResponse(events, opts = {}) {
+  return (0, import_ai.createUIMessageStreamResponse)({
+    stream: toUIMessageStream(events),
+    status: opts.status,
+    headers: opts.headers
+  });
+}
+
+// src/scheduler.ts
+var import_cron_parser = require("cron-parser");
+var realClock = {
+  now: () => Date.now()
+};
+var realTimer = {
+  setInterval: (fn, ms) => globalThis.setInterval(fn, ms),
+  clearInterval: (handle) => globalThis.clearInterval(handle)
+};
+function defaultLogger() {
+  return {
+    log(level, namespace, message, fields) {
+      if (level === "error" || level === "warn") {
+        console.error(`[${level.toUpperCase()}] ${namespace}: ${message}`, fields ?? "");
+      }
+    }
+  };
+}
+var Scheduler = class {
+  tickIntervalMs;
+  clock;
+  timer;
+  logger;
+  tasks = /* @__PURE__ */ new Map();
+  timerHandle = null;
+  running = false;
+  constructor(opts = {}) {
+    this.tickIntervalMs = opts.tickIntervalMs ?? 1e3;
+    this.clock = opts.clock ?? realClock;
+    this.timer = opts.timer ?? realTimer;
+    this.logger = opts.logger ?? defaultLogger();
+  }
+  // ---------------------------------------------------------------------------
+  // Lifecycle
+  // ---------------------------------------------------------------------------
+  /**
+   * Start the scheduler's internal tick loop.
+   * Calling `start()` while already running is a no-op.
+   */
+  start() {
+    if (this.running) return;
+    this.running = true;
+    this.timerHandle = this.timer.setInterval(() => {
+      this.tick(this.clock.now());
+    }, this.tickIntervalMs);
+  }
+  /**
+   * Stop the scheduler. All in-flight callbacks are allowed to complete
+   * (they are not aborted), but no new runs will be triggered.
+   * Calling `stop()` while not running is a no-op.
+   */
+  stop() {
+    if (!this.running) return;
+    this.running = false;
+    if (this.timerHandle !== null) {
+      this.timer.clearInterval(this.timerHandle);
+      this.timerHandle = null;
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // Task management
+  // ---------------------------------------------------------------------------
+  /**
+   * Register a scheduled task. If a task with the same `id` already exists,
+   * it is replaced (the old state is discarded).
+   *
+   * For cron tasks, the first next-fire time is computed immediately from the
+   * current clock value.
+   */
+  add(task) {
+    const now = this.clock.now();
+    let nextFireAt = null;
+    if (task.schedule.kind === "cron") {
+      validateCronExpression(task.schedule.expression);
+      nextFireAt = computeNextCron(task.schedule, now, this.logger);
+    }
+    this.tasks.set(task.id, {
+      task,
+      lastFiredAt: now,
+      nextFireAt,
+      inFlight: false
+    });
+  }
+  /**
+   * Remove a registered task by id.
+   * Any in-flight callback for this task will be allowed to complete, but no
+   * further fires will occur.
+   * Returns `true` if the task was found and removed, `false` otherwise.
+   */
+  remove(id) {
+    return this.tasks.delete(id);
+  }
+  /** Returns the ids of all currently registered tasks. */
+  taskIds() {
+    return [...this.tasks.keys()];
+  }
+  // ---------------------------------------------------------------------------
+  // Tick — can be called manually in tests
+  // ---------------------------------------------------------------------------
+  /**
+   * Evaluate all registered tasks against the given timestamp and fire any
+   * that are due.
+   *
+   * This is the core scheduling method. The `start()` loop calls it
+   * automatically at `tickIntervalMs` granularity, but tests can call it
+   * directly to drive time without real timers.
+   */
+  tick(now) {
+    for (const state of this.tasks.values()) {
+      if (isDue(state, now)) {
+        this._fire(state, now);
+      }
+    }
+  }
+  // ---------------------------------------------------------------------------
+  // Internal fire
+  // ---------------------------------------------------------------------------
+  _fire(state, now) {
+    if (state.inFlight) {
+      this.logger.log("debug", "scheduler", "task skipped (overlap)", {
+        taskId: state.task.id,
+        now
+      });
+      return;
+    }
+    state.inFlight = true;
+    state.lastFiredAt = now;
+    if (state.task.schedule.kind === "cron") {
+      state.nextFireAt = computeNextCron(state.task.schedule, now, this.logger);
+    }
+    const ctx = { taskId: state.task.id, triggeredAt: now };
+    Promise.resolve().then(() => state.task.run(ctx)).catch((err) => {
+      const msg = err instanceof Error ? err.message : String(err);
+      this.logger.log("error", "scheduler", "task run failed", {
+        taskId: state.task.id,
+        error: msg,
+        stack: err instanceof Error ? err.stack : void 0
+      });
+    }).finally(() => {
+      state.inFlight = false;
+    });
+  }
+};
+function isDue(state, now) {
+  const { task } = state;
+  if (task.schedule.kind === "interval") {
+    return now >= state.lastFiredAt + task.schedule.everyMs;
+  }
+  if (state.nextFireAt === null) return false;
+  return now >= state.nextFireAt;
+}
+function validateCronExpression(expression) {
+  try {
+    import_cron_parser.CronExpressionParser.parse(expression, { tz: "UTC" });
+  } catch (err) {
+    const detail = err instanceof Error ? err.message : String(err);
+    throw new Error(
+      `Invalid cron expression "${expression}": ${detail}`
+    );
+  }
+}
+function computeNextCron(schedule, afterMs, logger) {
+  try {
+    const expr = import_cron_parser.CronExpressionParser.parse(schedule.expression, {
+      currentDate: new Date(afterMs),
+      tz: schedule.tz ?? "UTC"
+    });
+    return expr.next().getTime();
+  } catch (err) {
+    logger.log("error", "scheduler", "failed to compute next cron time", {
+      expression: schedule.expression,
+      error: err instanceof Error ? err.message : String(err)
+    });
+    return null;
+  }
+}
+
+// src/batch-runner.ts
+var ConcurrentAgentBackend = class {
+  constructor(agent) {
+    this.agent = agent;
+  }
+  agent;
+  async run(item, signal) {
+    try {
+      let finalOutput = "";
+      let finalUsage = { inputTokens: 0, outputTokens: 0 };
+      let finalCost;
+      for await (const ev of this.agent.query(item.input, {
+        sessionId: item.sessionId,
+        ...item.userId ? { userId: item.userId } : {},
+        ...item.orgId ? { orgId: item.orgId } : {},
+        signal
+      })) {
+        if (ev.type === "result") {
+          finalOutput = typeof ev.output === "string" ? ev.output : ev.output == null ? "" : String(ev.output);
+          finalUsage = ev.usage;
+          finalCost = ev.cost;
+        }
+      }
+      return {
+        status: "success",
+        id: item.id,
+        output: finalOutput,
+        usage: finalUsage,
+        cost: finalCost,
+        sessionId: item.sessionId
+      };
+    } catch (err) {
+      return {
+        status: "error",
+        id: item.id,
+        error: err instanceof Error ? err.message : String(err),
+        sessionId: item.sessionId
+      };
+    }
+  }
+};
+var BatchRunner = class {
+  concurrency;
+  backend;
+  constructor(agent, options = {}) {
+    this.concurrency = Math.max(1, options.concurrency ?? 4);
+    this.backend = options.backend ?? new ConcurrentAgentBackend(agent);
+  }
+  /**
+   * Process a list of inputs with bounded concurrency.
+   *
+   * @param items - Items to process. Each must have at least `input` set.
+   * @param opts - Run-level options (signal, progress callback, collectResults).
+   * @returns `BatchResult` containing per-item outcomes and aggregate totals.
+   *
+   * ### Large-batch tip
+   * For very large batches (thousands of items), holding all results in memory may
+   * be impractical. Pass `collectResults: false` to skip in-memory accumulation:
+   * `BatchResult.results` will be empty while `aggregate` totals remain accurate.
+   * Drain results incrementally via `onProgress` instead.
+   */
+  async run(items, opts = {}) {
+    const { signal, onProgress, collectResults = true } = opts;
+    const resolved = items.map((item, idx) => ({
+      id: item.id ?? String(idx),
+      input: item.input,
+      userId: item.userId ?? "",
+      orgId: item.orgId ?? "",
+      sessionId: item.sessionId ?? crypto.randomUUID()
+    }));
+    const results = [];
+    let cancelled = false;
+    let inlineTotalInputTokens = 0;
+    let inlineTotalOutputTokens = 0;
+    let inlineTotalUsd;
+    let inlineSuccessCount = 0;
+    let inlineErrorCount = 0;
+    if (resolved.length === 0) {
+      return { results, aggregate: computeAggregate(results, cancelled) };
+    }
+    let nextIndex = 0;
+    const processOne = async () => {
+      while (true) {
+        if (signal?.aborted) {
+          cancelled = true;
+          return;
+        }
+        const idx = nextIndex;
+        if (idx >= resolved.length) return;
+        nextIndex++;
+        const item = resolved[idx];
+        const itemSignal = signal ?? new AbortController().signal;
+        let result;
+        try {
+          result = await this.backend.run(item, itemSignal);
+        } catch (err) {
+          result = {
+            status: "error",
+            id: item.id,
+            error: err instanceof Error ? err.message : String(err),
+            sessionId: item.sessionId
+          };
+        }
+        if (collectResults) {
+          results.push(result);
+        } else {
+          if (result.status === "success") {
+            inlineSuccessCount++;
+            inlineTotalInputTokens += result.usage.inputTokens;
+            inlineTotalOutputTokens += result.usage.outputTokens;
+            if (result.cost?.usd !== void 0) {
+              inlineTotalUsd = (inlineTotalUsd ?? 0) + result.cost.usd;
+            }
+          } else {
+            inlineErrorCount++;
+          }
+        }
+        onProgress?.(result);
+      }
+    };
+    const lanes = Array.from(
+      { length: Math.min(this.concurrency, resolved.length) },
+      () => processOne()
+    );
+    await Promise.all(lanes);
+    if (signal?.aborted) cancelled = true;
+    if (collectResults) {
+      return { results, aggregate: computeAggregate(results, cancelled) };
+    }
+    return {
+      results,
+      aggregate: {
+        totalUsage: { inputTokens: inlineTotalInputTokens, outputTokens: inlineTotalOutputTokens },
+        ...inlineTotalUsd !== void 0 ? { totalUsd: inlineTotalUsd } : {},
+        successCount: inlineSuccessCount,
+        errorCount: inlineErrorCount,
+        cancelled
+      }
+    };
+  }
+};
+function computeAggregate(results, cancelled) {
+  let totalInputTokens = 0;
+  let totalOutputTokens = 0;
+  let totalUsd;
+  let successCount = 0;
+  let errorCount = 0;
+  for (const r of results) {
+    if (r.status === "success") {
+      successCount++;
+      totalInputTokens += r.usage.inputTokens;
+      totalOutputTokens += r.usage.outputTokens;
+      if (r.cost?.usd !== void 0) {
+        totalUsd = (totalUsd ?? 0) + r.cost.usd;
+      }
+    } else {
+      errorCount++;
+    }
+  }
+  return {
+    totalUsage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens },
+    ...totalUsd !== void 0 ? { totalUsd } : {},
+    successCount,
+    errorCount,
+    cancelled
+  };
+}
+
+// src/index.ts
+var import_workflow2 = require("@eidentic/workflow");
+var AsyncRunRegistry = class {
+  runs = /* @__PURE__ */ new Map();
+  maxRuns;
+  constructor(options) {
+    this.maxRuns = options?.maxRuns ?? 1e3;
+  }
+  set(entry) {
+    if (this.runs.size >= this.maxRuns) {
+      this._evictOldestSettled();
+    }
+    this.runs.set(entry.runId, entry);
+  }
+  get(runId) {
+    return this.runs.get(runId);
+  }
+  settle(runId, patch) {
+    const entry = this.runs.get(runId);
+    if (entry) {
+      Object.assign(entry, patch, { settledAt: Date.now() });
+    }
+  }
+  /** Evict the single oldest settled (non-in-flight) entry to make room. */
+  _evictOldestSettled() {
+    let oldestId;
+    let oldestAt = Infinity;
+    for (const [id, e] of this.runs) {
+      if (e.status !== "running" && e.createdAt < oldestAt) {
+        oldestAt = e.createdAt;
+        oldestId = id;
+      }
+    }
+    if (oldestId !== void 0) {
+      this.runs.delete(oldestId);
+    }
+  }
+  /** Return all entries (copy of values). Used by graceful drain to check in-flight count. */
+  values() {
+    return [...this.runs.values()];
+  }
+};
+var NoAuth = {
+  authenticate(_req) {
+    return {};
+  }
+};
+function ApiKeyAuth(keys) {
+  return {
+    authenticate(req) {
+      const authHeader = req.headers["authorization"];
+      const xApiKey = req.headers["x-api-key"];
+      let key;
+      if (authHeader?.startsWith("Bearer ")) {
+        key = authHeader.slice(7);
+      } else if (xApiKey) {
+        key = xApiKey;
+      }
+      if (!key) return null;
+      if (!Object.hasOwn(keys, key)) return null;
+      return keys[key] ?? null;
+    }
+  };
+}
+function makeResolver(agents) {
+  if (typeof agents === "function") return agents;
+  return (id) => agents[id];
+}
+async function runAuth(auth, req) {
+  const headers = {};
+  req.headers.forEach((value, key) => {
+    headers[key.toLowerCase()] = value;
+  });
+  const url = new URL(req.url);
+  const authReq = {
+    method: req.method,
+    path: url.pathname,
+    headers
+  };
+  return auth.authenticate(authReq);
+}
+var BODY_LIMIT = 512 * 1024;
+var STREAM_EVENT_TYPES_THAT_PERSIST = /* @__PURE__ */ new Set([
+  "assistant",
+  "tool.result",
+  "compaction"
+]);
+function makeSseIdTracker(baseSeq) {
+  let next = baseSeq;
+  return {
+    idForSessionInit() {
+      return String(next);
+    },
+    idForPersistedEvent() {
+      next += 1;
+      return String(next);
+    },
+    currentId() {
+      return String(next);
+    }
+  };
+}
+function synthesizeResultFromStore(storedEvents, sessionId) {
+  for (let i = storedEvents.length - 1; i >= 0; i--) {
+    const ev = storedEvents[i];
+    if (ev.kind === "assistant") {
+      const payload = ev.payload;
+      const content = payload.content ?? [];
+      const hasToolUse = content.some((b) => b.type === "tool_use");
+      if (hasToolUse) {
+        return null;
+      }
+      const text = content.filter((b) => b.type === "text").map((b) => b.text).join("");
+      const usage = ev.meta?.usage ?? {
+        inputTokens: 0,
+        outputTokens: 0
+      };
+      return {
+        type: "result",
+        subtype: "success",
+        output: text,
+        usage,
+        numTurns: storedEvents.filter((e) => e.kind === "assistant").length,
+        sessionId
+      };
+    }
+    if (ev.kind === "suspension") {
+      return null;
+    }
+  }
+  return null;
+}
+function storedEventToStreamPayload(ev) {
+  switch (ev.kind) {
+    case "assistant": {
+      const payload = ev.payload;
+      return { type: "assistant", content: payload.content ?? [] };
+    }
+    case "tool_result": {
+      const payload = ev.payload;
+      return {
+        type: "tool.result",
+        callId: payload.callId,
+        toolName: payload.toolName,
+        output: payload.output,
+        isError: false
+      };
+    }
+    case "compaction": {
+      const payload = ev.payload;
+      return {
+        type: "compaction",
+        sessionId: ev.sessionId,
+        before: payload.before,
+        after: payload.after,
+        stages: payload.stages
+      };
+    }
+    // "user", "checkpoint", "tool_call", "suspension" — not replayed
+    default:
+      return null;
+  }
+}
+function assertCallbackUrl(rawUrl, allowPrivateHosts) {
+  let parsed;
+  try {
+    parsed = new URL(rawUrl);
+  } catch {
+    throw new Error("Invalid callbackUrl");
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("callbackUrl must use http or https");
+  }
+  if (!allowPrivateHosts && isCallbackHostBlocked(parsed.hostname)) {
+    throw new Error("callbackUrl resolves to a blocked private/loopback/metadata host");
+  }
+  return parsed;
+}
+function isCallbackHostBlocked(host) {
+  const h = host.startsWith("[") && host.endsWith("]") ? host.slice(1, -1) : host;
+  if (h.toLowerCase() === "localhost") return true;
+  const v4 = /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(h);
+  if (v4) {
+    const a = Number(v4[1]), b = Number(v4[2]);
+    if (a === 0 || a === 127 || a === 10) return true;
+    if (a === 172 && b >= 16 && b <= 31) return true;
+    if (a === 192 && b === 168) return true;
+    if (a === 169 && b === 254) return true;
+    return false;
+  }
+  let ndInt;
+  if (/^0x[0-9a-fA-F]+$/.test(h)) ndInt = parseInt(h, 16) >>> 0;
+  else if (/^\d+$/.test(h)) {
+    const n = Number(h);
+    if (!isNaN(n) && n >= 0 && n <= 4294967295) ndInt = n >>> 0;
+  } else if (/^0[0-7]+$/.test(h)) ndInt = parseInt(h, 8) >>> 0;
+  if (ndInt !== void 0) {
+    const a = ndInt >>> 24 & 255, b = ndInt >>> 16 & 255;
+    if (a === 0 || a === 127 || a === 10) return true;
+    if (a === 172 && b >= 16 && b <= 31) return true;
+    if (a === 192 && b === 168) return true;
+    if (a === 169 && b === 254) return true;
+    return false;
+  }
+  let v6 = h.toLowerCase();
+  const pct = v6.indexOf("%");
+  if (pct !== -1) v6 = v6.slice(0, pct);
+  const mapD = /^::(?:ffff:)?(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/.exec(v6);
+  if (mapD) {
+    const a = Number(mapD[1]), b = Number(mapD[2]);
+    const n = (Number(mapD[1]) << 24 | Number(mapD[2]) << 16 | Number(mapD[3]) << 8 | Number(mapD[4])) >>> 0;
+    const aa = n >>> 24 & 255, bb = n >>> 16 & 255;
+    if (aa === 0 || aa === 127 || aa === 10) return true;
+    if (aa === 172 && bb >= 16 && bb <= 31) return true;
+    if (aa === 192 && bb === 168) return true;
+    if (aa === 169 && bb === 254) return true;
+    void a;
+    void b;
+    return false;
+  }
+  const mapH = /^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/.exec(v6);
+  if (mapH) {
+    const n = (parseInt(mapH[1] ?? "0", 16) << 16 | parseInt(mapH[2] ?? "0", 16)) >>> 0;
+    const a = n >>> 24 & 255, b = n >>> 16 & 255;
+    if (a === 0 || a === 127 || a === 10) return true;
+    if (a === 172 && b >= 16 && b <= 31) return true;
+    if (a === 192 && b === 168) return true;
+    if (a === 169 && b === 254) return true;
+    return false;
+  }
+  if (v6 === "::" || v6 === "::1") return true;
+  if (/^f[cd][0-9a-f]{0,2}(:|$)/.test(v6)) return true;
+  if (/^fe[89ab][0-9a-f]?(:|$)/.test(v6)) return true;
+  return false;
+}
+async function deliverWebhook(callbackUrl, payload, signingSecret, logger) {
+  const body = JSON.stringify(payload);
+  const timestamp = String(Date.now());
+  const message = timestamp + "." + body;
+  const enc = new TextEncoder();
+  const key = await crypto.subtle.importKey(
+    "raw",
+    enc.encode(signingSecret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const sig = await crypto.subtle.sign("HMAC", key, enc.encode(message));
+  const hexSig = Array.from(new Uint8Array(sig)).map((b) => b.toString(16).padStart(2, "0")).join("");
+  const signature = `sha256=${hexSig}`;
+  const delays = [0, 1e3, 2e3];
+  for (let attempt = 0; attempt < delays.length; attempt++) {
+    if (attempt > 0) {
+      await new Promise((r) => setTimeout(r, delays[attempt]));
+    }
+    try {
+      const controller = new AbortController();
+      const timer = setTimeout(() => controller.abort(), 1e4);
+      try {
+        const res = await fetch(callbackUrl, {
+          method: "POST",
+          headers: {
+            "content-type": "application/json",
+            "X-Eidentic-Signature": signature,
+            "X-Eidentic-Timestamp": timestamp
+          },
+          body,
+          signal: controller.signal,
+          // Never follow redirects
+          redirect: "manual"
+        });
+        clearTimeout(timer);
+        if (res.status >= 200 && res.status < 300) return;
+        logger.error(`[eidentic/server] webhook delivery attempt ${attempt + 1} failed: HTTP ${res.status} for ${callbackUrl}`);
+      } finally {
+        clearTimeout(timer);
+      }
+    } catch (err) {
+      logger.error(`[eidentic/server] webhook delivery attempt ${attempt + 1} error:`, err);
+    }
+  }
+  logger.error(`[eidentic/server] webhook delivery exhausted retries for ${callbackUrl}`);
+}
+var DEFAULT_PRE_AUTH_CAPACITY = 60;
+var DEFAULT_PRE_AUTH_REFILL_PER_SEC = 1;
+function defaultGetClientKey(c, trustProxy) {
+  if (trustProxy) {
+    const xff = c.req.header("x-forwarded-for");
+    if (xff) {
+      const first = xff.split(",")[0]?.trim();
+      if (first) return first;
+    }
+  }
+  const incoming = c.env?.["incoming"];
+  return incoming?.socket?.remoteAddress ?? "unknown";
+}
+function createServer2(opts) {
+  const resolve = makeResolver(opts.agents);
+  const auth = opts.auth ?? NoAuth;
+  const defaultKey = (p, _agentId) => p.apiKey ?? p.userId ?? p.orgId ?? "anonymous";
+  const getRateLimitKey = opts.rateLimitKey ?? defaultKey;
+  const getQuotaKey = opts.quotaKey ?? defaultKey;
+  const maxInputChars = opts.maxInputChars ?? 32e3;
+  const quota = opts.quota;
+  const preAuthLimiter = opts.preAuthRateLimiter === null ? null : opts.preAuthRateLimiter ?? new InMemoryTokenBucketLimiter({
+    capacity: DEFAULT_PRE_AUTH_CAPACITY,
+    refillPerSec: DEFAULT_PRE_AUTH_REFILL_PER_SEC
+  });
+  const trustProxy = opts.trustProxy ?? false;
+  const getClientKey = opts.getClientKey ? opts.getClientKey : (c) => defaultGetClientKey(c, trustProxy);
+  let _draining = false;
+  const app = new import_hono.Hono({ strict: true });
+  const base = opts.basePath ?? "";
+  const r = base ? app.basePath(base) : app;
+  if (opts.cors !== void 0) {
+    r.use("*", (0, import_cors.cors)(opts.cors));
+  }
+  r.use("*", async (c, next) => {
+    await next();
+    c.header("X-Content-Type-Options", "nosniff");
+  });
+  r.use("/v1/*", async (c, next) => {
+    if (_draining) {
+      c.header("Retry-After", "5");
+      return c.json({ error: "service_draining" }, 503);
+    }
+    await next();
+  });
+  if (preAuthLimiter !== null) {
+    r.use("/v1/*", async (c, next) => {
+      const clientKey = getClientKey(c);
+      const rl = await preAuthLimiter.acquire(clientKey);
+      if (!rl.ok) {
+        c.header("X-Content-Type-Options", "nosniff");
+        const retryAfterSec = rl.retryAfterMs !== void 0 ? Math.ceil(rl.retryAfterMs / 1e3) : void 0;
+        if (retryAfterSec !== void 0) {
+          c.header("Retry-After", String(retryAfterSec));
+        }
+        return c.json({ error: "rate_limited", retryAfterMs: rl.retryAfterMs }, 429);
+      }
+      await next();
+    });
+  }
+  const asyncRuns = new AsyncRunRegistry({ maxRuns: opts.maxAsyncRuns });
+  const workflowRuns = opts.workflowRuns ?? (0, import_workflow.createWorkflowRunRegistry)();
+  const _setDraining = (v) => {
+    _draining = v;
+  };
+  const _getAsyncRuns = () => asyncRuns;
+  r.get("/health", (c) => c.json({ ok: true }));
+  function checkOwnership(session, principal) {
+    const sessionOwned = session.userId !== void 0 || session.orgId !== void 0 || session.apiKey !== void 0;
+    if (!sessionOwned) return true;
+    if (session.userId !== void 0 && principal.userId === session.userId) return true;
+    if (session.orgId !== void 0 && principal.orgId === session.orgId) return true;
+    if (session.apiKey !== void 0 && principal.apiKey === session.apiKey) return true;
+    return false;
+  }
+  async function runAgentStream(c, agent, agentId, principal, sessionId, getIterable, logTag, emitSessionComment) {
+    const rawLastEventId = c.req.header("last-event-id");
+    let lastEventId;
+    if (rawLastEventId !== void 0) {
+      const parsed = parseInt(rawLastEventId, 10);
+      if (isNaN(parsed) || parsed < 0 || !Number.isSafeInteger(parsed)) {
+        return c.json({ error: "Invalid Last-Event-ID: must be a non-negative integer" }, 400);
+      }
+      lastEventId = parsed;
+    }
+    const hasLastEventId = lastEventId !== void 0;
+    let streamQuotaKey;
+    let streamQuotaReservation;
+    if (quota) {
+      streamQuotaKey = getQuotaKey(principal, agentId);
+      const qc = await quota.check(streamQuotaKey);
+      if (!qc.ok) {
+        return c.json({ error: "quota_exceeded", reason: qc.reason, usage: qc.usage }, 402);
+      }
+      if (qc.warn) c.header("X-Eidentic-Quota-Warning", "soft-limit");
+      streamQuotaReservation = qc.reservation;
+    }
+    const signal = c.req.raw.signal ?? new AbortController().signal;
+    return (0, import_streaming.streamSSE)(c, async (stream) => {
+      if (emitSessionComment) {
+        await stream.writeln(`: session=${sessionId.replace(/[\r\n]/g, "")}`);
+      }
+      let storedEventsCache = null;
+      if (hasLastEventId) {
+        const storedEvents = await agent.store.readEvents(sessionId);
+        storedEventsCache = storedEvents;
+        const toReplay = storedEvents.filter((e) => e.seq > lastEventId);
+        for (const ev of toReplay) {
+          if (signal.aborted) break;
+          const payload = storedEventToStreamPayload(ev);
+          if (payload !== null) {
+            await stream.writeSSE({
+              event: payload["type"],
+              data: JSON.stringify(payload),
+              id: String(ev.seq)
+            });
+          }
+        }
+        const syntheticResult = synthesizeResultFromStore(storedEvents, sessionId);
+        if (syntheticResult !== null) {
+          await stream.writeSSE({
+            event: "result",
+            data: JSON.stringify(syntheticResult)
+          });
+          if (quota && streamQuotaReservation !== void 0) {
+            quota.release?.(streamQuotaReservation);
+          }
+          return;
+        }
+      }
+      const existingEvents = storedEventsCache ?? await agent.store.readEvents(sessionId);
+      const baseSeq = existingEvents.length === 0 ? 0 : existingEvents[existingEvents.length - 1].seq + 1;
+      const idTracker = makeSseIdTracker(baseSeq);
+      let terminalResult;
+      try {
+        for await (const ev of getIterable()) {
+          if (signal.aborted) break;
+          if (ev.type === "session.init") {
+            await stream.writeSSE({
+              event: ev.type,
+              data: JSON.stringify(ev),
+              id: idTracker.idForSessionInit()
+            });
+          } else if (STREAM_EVENT_TYPES_THAT_PERSIST.has(ev.type)) {
+            await stream.writeSSE({
+              event: ev.type,
+              data: JSON.stringify(ev),
+              id: idTracker.idForPersistedEvent()
+            });
+          } else {
+            let payload = ev;
+            if (ev.type === "result" && ev.subtype === "error") {
+              console.error(`[eidentic/server] ${logTag} run error:`, ev.output);
+              payload = { ...ev, output: "Agent run failed" };
+            }
+            await stream.writeSSE({ event: ev.type, data: JSON.stringify(payload) });
+          }
+          if (ev.type === "result") {
+            terminalResult = { usage: ev.usage, cost: ev.cost };
+          }
+        }
+      } catch (err) {
+        if (quota && streamQuotaReservation !== void 0) {
+          quota.release?.(streamQuotaReservation);
+          streamQuotaReservation = void 0;
+        }
+        if (!signal.aborted) {
+          console.error(`[eidentic/server] ${logTag} error:`, err);
+          await stream.writeSSE({
+            event: "result",
+            data: JSON.stringify({
+              type: "result",
+              subtype: "error",
+              output: "Agent run failed",
+              usage: { inputTokens: 0, outputTokens: 0 },
+              numTurns: 0,
+              sessionId
+            })
+          });
+        }
+      }
+      if (quota && streamQuotaKey !== void 0 && terminalResult) {
+        const tokens = terminalResult.usage.inputTokens + terminalResult.usage.outputTokens;
+        const usd = terminalResult.cost?.usd ?? 0;
+        await quota.record(streamQuotaKey, { usd, tokens }, streamQuotaReservation);
+      } else if (quota && streamQuotaReservation !== void 0 && !terminalResult) {
+        quota.release?.(streamQuotaReservation);
+      }
+    });
+  }
+  async function checkPostAuthRateLimit(c, principal, agentId) {
+    if (!opts.rateLimiter) return null;
+    const baseKey = getRateLimitKey(principal, agentId);
+    const rlKey = baseKey === "anonymous" ? `anon:${getClientKey(c)}` : baseKey;
+    const rl = await opts.rateLimiter.acquire(rlKey);
+    if (!rl.ok) {
+      const retryAfterSec = rl.retryAfterMs !== void 0 ? Math.ceil(rl.retryAfterMs / 1e3) : void 0;
+      if (retryAfterSec !== void 0) c.header("Retry-After", String(retryAfterSec));
+      return c.json({ error: "rate_limited", retryAfterMs: rl.retryAfterMs }, 429);
+    }
+    return null;
+  }
+  r.post(
+    "/v1/agents/:agentId/query",
+    (0, import_body_limit.bodyLimit)({ maxSize: BODY_LIMIT }),
+    async (c) => {
+      const principal = await runAuth(auth, c.req.raw);
+      if (principal === null) return c.json({ error: "Unauthorized" }, 401);
+      const agentId = c.req.param("agentId");
+      const rlErr = await checkPostAuthRateLimit(c, principal, agentId);
+      if (rlErr) return rlErr;
+      let body;
+      try {
+        body = await c.req.json();
+      } catch {
+        return c.json({ error: "Invalid JSON body" }, 400);
+      }
+      if (typeof body !== "object" || body === null || typeof body["input"] !== "string" || body["input"] === "") {
+        return c.json({ error: "Missing or invalid 'input' field" }, 400);
+      }
+      const { input, sessionId: bodySessionId } = body;
+      if (input.length > maxInputChars) {
+        return c.json({ error: `Input exceeds maximum length of ${maxInputChars} characters` }, 400);
+      }
+      const agent = resolve(agentId);
+      if (!agent) {
+        return c.json({ error: "Not found" }, 404);
+      }
+      const sessionId = typeof bodySessionId === "string" && bodySessionId.length > 0 ? bodySessionId : crypto.randomUUID();
+      if (typeof bodySessionId === "string" && bodySessionId.length > 0) {
+        const sessionRecord = await agent.store.getSession(bodySessionId);
+        if (sessionRecord && !checkOwnership(sessionRecord, principal)) {
+          return c.json({ error: "Forbidden" }, 403);
+        }
+      }
+      return runAgentStream(
+        c,
+        agent,
+        agentId,
+        principal,
+        sessionId,
+        () => agent.query(input, {
+          sessionId,
+          userId: principal.userId,
+          orgId: principal.orgId,
+          // H1 fix: pass apiKey so apiKey-only principals own their sessions.
+          apiKey: principal.apiKey,
+          signal: c.req.raw.signal ?? new AbortController().signal
+        }),
+        "agent.query",
+        /* emitSessionComment */
+        true
+      );
+    }
+  );
+  r.post(
+    "/v1/agents/:agentId/resume",
+    (0, import_body_limit.bodyLimit)({ maxSize: BODY_LIMIT }),
+    async (c) => {
+      const principal = await runAuth(auth, c.req.raw);
+      if (principal === null) return c.json({ error: "Unauthorized" }, 401);
+      const agentId = c.req.param("agentId");
+      const rlErr = await checkPostAuthRateLimit(c, principal, agentId);
+      if (rlErr) return rlErr;
+      let body;
+      try {
+        body = await c.req.json();
+      } catch {
+        return c.json({ error: "Invalid JSON body" }, 400);
+      }
+      if (typeof body !== "object" || body === null || typeof body["sessionId"] !== "string" || body["sessionId"] === "") {
+        return c.json({ error: "Missing or invalid 'sessionId' field" }, 400);
+      }
+      const rawDecision = body["decision"];
+      if (typeof rawDecision === "string" && rawDecision.length > maxInputChars) {
+        return c.json({ error: `Decision input exceeds maximum length of ${maxInputChars} characters` }, 400);
+      }
+      const { sessionId, decision } = body;
+      const agent = resolve(agentId);
+      if (!agent) {
+        return c.json({ error: "Not found" }, 404);
+      }
+      const sessionRecord = await agent.store.getSession(sessionId);
+      if (sessionRecord && !checkOwnership(sessionRecord, principal)) {
+        return c.json({ error: "Forbidden" }, 403);
+      }
+      return runAgentStream(
+        c,
+        agent,
+        agentId,
+        principal,
+        sessionId,
+        () => agent.resume(sessionId, {
+          userId: principal.userId,
+          orgId: principal.orgId,
+          decision,
+          signal: c.req.raw.signal ?? new AbortController().signal
+        }),
+        "agent.resume",
+        /* emitSessionComment */
+        false
+      );
+    }
+  );
+  r.post(
+    "/v1/agents/:agentId/runs",
+    (0, import_body_limit.bodyLimit)({ maxSize: BODY_LIMIT }),
+    async (c) => {
+      const principal = await runAuth(auth, c.req.raw);
+      if (principal === null) return c.json({ error: "Unauthorized" }, 401);
+      const agentId = c.req.param("agentId");
+      const rlErr = await checkPostAuthRateLimit(c, principal, agentId);
+      if (rlErr) return rlErr;
+      let body;
+      try {
+        body = await c.req.json();
+      } catch {
+        return c.json({ error: "Invalid JSON body" }, 400);
+      }
+      if (typeof body !== "object" || body === null || typeof body["input"] !== "string" || body["input"] === "") {
+        return c.json({ error: "Missing or invalid 'input' field" }, 400);
+      }
+      const { input, sessionId: bodySessionId, callbackUrl: rawCallbackUrl } = body;
+      if (input.length > maxInputChars) {
+        return c.json({ error: `Input exceeds maximum length of ${maxInputChars} characters` }, 400);
+      }
+      let validatedCallbackUrl;
+      if (rawCallbackUrl !== void 0) {
+        if (!opts.webhooks) {
+          return c.json({ error: "Webhook callbacks are not configured on this server" }, 400);
+        }
+        if (typeof rawCallbackUrl !== "string" || rawCallbackUrl.length === 0) {
+          return c.json({ error: "callbackUrl must be a non-empty string" }, 400);
+        }
+        try {
+          const u = assertCallbackUrl(rawCallbackUrl, opts.webhooks.allowPrivateHosts ?? false);
+          validatedCallbackUrl = u.href;
+        } catch (err) {
+          return c.json({ error: err instanceof Error ? err.message : "Invalid callbackUrl" }, 400);
+        }
+      }
+      const agent = resolve(agentId);
+      if (!agent) {
+        return c.json({ error: "Not found" }, 404);
+      }
+      const sessionId = typeof bodySessionId === "string" && bodySessionId.length > 0 ? bodySessionId : crypto.randomUUID();
+      if (typeof bodySessionId === "string" && bodySessionId.length > 0) {
+        const sessionRecord = await agent.store.getSession(bodySessionId);
+        if (sessionRecord && !checkOwnership(sessionRecord, principal)) {
+          return c.json({ error: "Forbidden" }, 403);
+        }
+      }
+      let asyncQuotaKey;
+      let asyncQuotaReservation;
+      if (quota) {
+        asyncQuotaKey = getQuotaKey(principal, agentId);
+        const qc = await quota.check(asyncQuotaKey);
+        if (!qc.ok) {
+          return c.json({ error: "quota_exceeded", reason: qc.reason, usage: qc.usage }, 402);
+        }
+        asyncQuotaReservation = qc.reservation;
+      }
+      const runId = crypto.randomUUID();
+      asyncRuns.set({
+        runId,
+        sessionId,
+        agentId,
+        status: "running",
+        owner: {
+          userId: principal.userId,
+          orgId: principal.orgId,
+          apiKey: principal.apiKey
+        },
+        createdAt: Date.now()
+      });
+      (async () => {
+        let terminalOutput;
+        let terminalError;
+        let terminalUsage;
+        let terminalResult;
+        let localReservation = asyncQuotaReservation;
+        try {
+          for await (const ev of agent.query(input, {
+            sessionId,
+            userId: principal.userId,
+            orgId: principal.orgId
+          })) {
+            if (ev.type === "result") {
+              terminalResult = { usage: ev.usage, cost: ev.cost };
+              terminalUsage = ev.usage;
+              if (ev.subtype === "success") {
+                terminalOutput = typeof ev.output === "string" ? ev.output : ev.output !== void 0 ? String(ev.output) : void 0;
+              } else if (ev.subtype === "error") {
+                terminalError = typeof ev.output === "string" ? ev.output : ev.output !== void 0 ? String(ev.output) : void 0;
+              }
+            }
+          }
+          if (quota && asyncQuotaKey !== void 0 && terminalResult) {
+            const tokens = terminalResult.usage.inputTokens + terminalResult.usage.outputTokens;
+            const usd = terminalResult.cost?.usd ?? 0;
+            await quota.record(asyncQuotaKey, { usd, tokens }, localReservation);
+            localReservation = void 0;
+          }
+          const finalStatus = terminalError ? "failed" : "completed";
+          asyncRuns.settle(runId, {
+            status: finalStatus,
+            output: terminalOutput,
+            error: terminalError
+          });
+          if (validatedCallbackUrl && opts.webhooks) {
+            const webhookPayload = {
+              runId,
+              agentId,
+              status: finalStatus,
+              ...terminalOutput !== void 0 ? { output: terminalOutput } : {},
+              ...terminalError !== void 0 ? { error: terminalError } : {},
+              ...terminalUsage !== void 0 ? { usage: terminalUsage } : {}
+            };
+            void deliverWebhook(validatedCallbackUrl, webhookPayload, opts.webhooks.signingSecret, console);
+          }
+        } catch (err) {
+          if (quota && localReservation !== void 0) {
+            quota.release?.(localReservation);
+            localReservation = void 0;
+          }
+          const msg = err instanceof Error ? err.message : String(err);
+          asyncRuns.settle(runId, { status: "failed", error: msg });
+          if (validatedCallbackUrl && opts.webhooks) {
+            const webhookPayload = {
+              runId,
+              agentId,
+              status: "failed",
+              error: msg,
+              ...terminalUsage !== void 0 ? { usage: terminalUsage } : {}
+            };
+            void deliverWebhook(validatedCallbackUrl, webhookPayload, opts.webhooks.signingSecret, console);
+          }
+        } finally {
+          if (quota && localReservation !== void 0 && !terminalResult) {
+            quota.release?.(localReservation);
+          }
+        }
+      })();
+      return c.json({ runId, sessionId, status: "running" }, 202);
+    }
+  );
+  r.get("/v1/agents/:agentId/runs/:runId/status", async (c) => {
+    const principal = await runAuth(auth, c.req.raw);
+    if (principal === null) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+    const agentId = c.req.param("agentId");
+    const agent = resolve(agentId);
+    if (!agent) {
+      return c.json({ error: "Not found" }, 404);
+    }
+    const runId = c.req.param("runId");
+    const entry = asyncRuns.get(runId);
+    if (!entry) {
+      return c.json({ error: "Not found" }, 404);
+    }
+    const ownerMatches = entry.owner.userId !== void 0 && entry.owner.userId === principal.userId || entry.owner.orgId !== void 0 && entry.owner.orgId === principal.orgId || entry.owner.apiKey !== void 0 && entry.owner.apiKey === principal.apiKey || // NoAuth / anonymous: allow if owner has no identifying fields set
+    entry.owner.userId === void 0 && entry.owner.orgId === void 0 && entry.owner.apiKey === void 0;
+    if (!ownerMatches) {
+      return c.json({ error: "Forbidden" }, 403);
+    }
+    const response = {
+      runId: entry.runId,
+      sessionId: entry.sessionId,
+      status: entry.status
+    };
+    if (entry.output !== void 0) response["output"] = entry.output;
+    if (entry.error !== void 0) response["error"] = entry.error;
+    if (entry.settledAt !== void 0) response["settledAt"] = entry.settledAt;
+    return c.json(response, 200);
+  });
+  if (opts.exposeEvents === true) {
+    r.get("/v1/agents/:agentId/sessions/:sessionId/events", async (c) => {
+      const principal = await runAuth(auth, c.req.raw);
+      if (principal === null) {
+        return c.json({ error: "Unauthorized" }, 401);
+      }
+      const agentId = c.req.param("agentId");
+      const agent = resolve(agentId);
+      if (!agent) {
+        return c.json({ error: "Not found" }, 404);
+      }
+      const sessionId = c.req.param("sessionId");
+      const sessionRecord = await agent.store.getSession(sessionId);
+      if (sessionRecord && !checkOwnership(sessionRecord, principal)) {
+        return c.json({ error: "Forbidden" }, 403);
+      }
+      const events = await agent.store.readEvents(sessionId);
+      return c.json({ events });
+    });
+  }
+  function checkWorkflowOwnership(rec, principal) {
+    const owner = rec.owner;
+    if (owner === void 0) return true;
+    const hasAnyOwner = owner.userId !== void 0 || owner.orgId !== void 0 || owner.apiKey !== void 0;
+    if (!hasAnyOwner) return true;
+    if (owner.userId !== void 0 && principal.userId === owner.userId) return true;
+    if (owner.orgId !== void 0 && principal.orgId === owner.orgId) return true;
+    if (owner.apiKey !== void 0 && principal.apiKey === owner.apiKey) return true;
+    return false;
+  }
+  r.get("/v1/workflows", async (c) => {
+    const principal = await runAuth(auth, c.req.raw);
+    if (principal === null) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+    const summaries = workflowRuns.list().filter((rec) => checkWorkflowOwnership(rec, principal)).map((rec) => ({
+      id: rec.id,
+      name: rec.name,
+      status: rec.status,
+      startedAt: rec.startedAt,
+      durationMs: rec.durationMs,
+      stepCount: rec.stepCount
+    }));
+    return c.json(summaries, 200);
+  });
+  r.get("/v1/workflows/:id", async (c) => {
+    const principal = await runAuth(auth, c.req.raw);
+    if (principal === null) {
+      return c.json({ error: "Unauthorized" }, 401);
+    }
+    const id = c.req.param("id");
+    const rec = workflowRuns.get(id);
+    if (!rec || !checkWorkflowOwnership(rec, principal)) {
+      return c.json({ error: "Not found" }, 404);
+    }
+    const detail = {
+      id: rec.id,
+      name: rec.name,
+      status: rec.status,
+      startedAt: rec.startedAt,
+      durationMs: rec.durationMs,
+      stepCount: rec.stepCount,
+      trace: rec.trace,
+      ...rec.output !== void 0 ? { output: rec.output } : {},
+      ...rec.error !== void 0 ? { error: rec.error } : {}
+    };
+    return c.json(detail, 200);
+  });
+  const handle = {
+    recordWorkflow(name, result, owner, opts2) {
+      const rec = workflowRuns.record(name, result, owner, opts2);
+      return rec.id;
+    },
+    recordWorkflowError(err, owner, opts2) {
+      const msg = err.cause instanceof Error ? err.cause.message : String(err.cause ?? err.message);
+      const rec = workflowRuns.recordError(err.workflowName, err.trace, msg, owner, opts2);
+      return rec.id;
+    }
+  };
+  Object.defineProperties(app, {
+    _setDraining: { value: _setDraining, enumerable: false, writable: false },
+    _getAsyncRuns: { value: _getAsyncRuns, enumerable: false, writable: false }
+  });
+  return Object.assign(app, { handle });
+}
+async function serveNode(app, opts) {
+  let nodeServer;
+  try {
+    nodeServer = await Promise.resolve().then(() => (init_dist(), dist_exports));
+  } catch {
+    throw new Error(
+      "@hono/node-server is not installed. Run `pnpm add @hono/node-server` (or npm/yarn) in your project to use serveNode()."
+    );
+  }
+  const port = opts?.port ?? 3e3;
+  const server = nodeServer.serve({ fetch: app.fetch, port });
+  const _setDraining = app._setDraining;
+  const _getAsyncRuns = app._getAsyncRuns;
+  return {
+    close() {
+      server.close();
+    },
+    async drain(timeoutMs = 3e4) {
+      if (_setDraining) _setDraining(true);
+      await new Promise((resolve) => server.close(() => resolve()));
+      const deadline = Date.now() + timeoutMs;
+      while (Date.now() < deadline) {
+        if (_getAsyncRuns) {
+          const running = _getAsyncRuns().values().filter((e) => e.status === "running");
+          if (running.length === 0) break;
+        } else {
+          break;
+        }
+        await new Promise((r) => setTimeout(r, 100));
+      }
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ApiKeyAuth,
+  AsyncRunRegistry,
+  BatchRunner,
+  InMemoryQuota,
+  InMemoryTokenBucketLimiter,
+  NoAuth,
+  Scheduler,
+  WorkflowRunError,
+  createServer,
+  serveNode,
+  toUIMessageStream,
+  toUIMessageStreamResponse
+});