@gnomondigital/nebulas-kit-core 0.2.1 → 0.3.1

package/dist/a2a-client.d.ts

@@ -7,6 +7,5 @@
  */
 export declare function sendMessageStream(message: string, onDelta: (chunk: string) => void, signal?: AbortSignal, files?: File[], stream?: boolean, sessionId?: string, options?: {
     endpoint?: string;
-    getHeaders?: () => Promise<Record<string, string>>;
 }): Promise<string>;
 //# sourceMappingURL=a2a-client.d.ts.map

package/dist/a2a-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"a2a-client.d.ts","sourceRoot":"","sources":["../src/a2a-client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAYH;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,EAChC,MAAM,CAAC,EAAE,WAAW,EACpB,KAAK,CAAC,EAAE,IAAI,EAAE,EACd,MAAM,UAAO,EACb,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;CAAE,GAClF,OAAO,CAAC,MAAM,CAAC,CAgIjB"}
+{"version":3,"file":"a2a-client.d.ts","sourceRoot":"","sources":["../src/a2a-client.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAYH;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,EAChC,MAAM,CAAC,EAAE,WAAW,EACpB,KAAK,CAAC,EAAE,IAAI,EAAE,EACd,MAAM,UAAO,EACb,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC7B,GACA,OAAO,CAAC,MAAM,CAAC,CA4HjB"}

package/dist/a2a-client.js

@@ -33,10 +33,6 @@ export async function sendMessageStream(message, onDelta, signal, files, stream
     const method = stream ? "message/stream" : "message/send";
     const messageId = crypto.randomUUID();
     const headers = { "Content-Type": "application/json" };
-    if (options?.getHeaders) {
-        const extra = await options.getHeaders();
-        Object.assign(headers, extra);
-    }
     const res = await fetch(endpoint, {
         method: "POST",
         headers,

package/dist/index.d.ts

@@ -11,6 +11,6 @@ export { getAuthStrategy, getAuthHeaders, type AuthStrategy, } from "./server/au
 export { exchangePasswordForToken, type ROPAuthRequest, type ROPAuthResponse, } from "./server/auth-handler.js";
 export { createConfigResponse, type ConfigResponse, type AgentCard, type AgentCardCapabilities, } from "./server/config-handler.js";
 export { createA2AExpressRouter, type A2AExpressRouterOptions, } from "./server/express.js";
-export { handleA2ANextJsPOST, handleA2AAuthNextJsPOST, handleA2AConfigNextJsGET, createConfigGetHeadersForAuth0, createNebulasProxyHandler, type HandleA2AConfigOptions, type Auth0ClientForConfig, type CreateNebulasProxyHandlerOptions, } from "./server/nextjs.js";
+export { handleA2ANextJsPOST, handleA2AAuthNextJsPOST, handleA2AConfigNextJsGET, createGetHeadersForAuth0, createA2AProxyHandler, createNebulasProxyHandler, type HandleA2AConfigOptions, type Auth0ClientInterface, type CreateA2AProxyHandlerOptions, type CreateNebulasProxyHandlerOptions, } from "./server/nextjs.js";
 export { handleNebulasProxy, isRefreshTokenInvalid, type NebulasProxyRequest, type NebulasProxyResponse, type NebulasProxyHandlerOptions, } from "./server/nebulas-proxy-handler.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,wBAAwB,GACzB,MAAM,0BAA0B,CAAC;AAElC,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAE5F,OAAO,EACL,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,mBAAmB,GACzB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,eAAe,EACf,cAAc,EACd,KAAK,YAAY,GAClB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,wBAAwB,EACxB,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,qBAAqB,GAC3B,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,wBAAwB,EACxB,8BAA8B,EAC9B,yBAAyB,EACzB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,gCAAgC,GACtC,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EACL,iBAAiB,GAClB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EACL,mBAAmB,EACnB,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,uBAAuB,EAC5B,KAAK,oBAAoB,GAC1B,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,wBAAwB,GACzB,MAAM,0BAA0B,CAAC;AAElC,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAC;AAE5F,OAAO,EACL,cAAc,EACd,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,mBAAmB,GACzB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EACL,eAAe,EACf,cAAc,EACd,KAAK,YAAY,GAClB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EACL,wBAAwB,EACxB,KAAK,cAAc,EACnB,KAAK,eAAe,GACrB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EACL,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,qBAAqB,GAC3B,MAAM,4BAA4B,CAAC;AAEpC,OAAO,EACL,sBAAsB,EACtB,KAAK,uBAAuB,GAC7B,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,wBAAwB,EACxB,wBAAwB,EACxB,qBAAqB,EACrB,yBAAyB,EACzB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,4BAA4B,EACjC,KAAK,gCAAgC,GACtC,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EACL,kBAAkB,EAClB,qBAAqB,EACrB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,GAChC,MAAM,mCAAmC,CAAC"}

package/dist/index.js

@@ -11,5 +11,5 @@ export { exchangePasswordForToken, } from "./server/auth-handler.js";
 export { createConfigResponse, } from "./server/config-handler.js";
 export { createA2AExpressRouter, } from "./server/express.js";
 // Usage: import express from "express"; app.use("/api/a2a", createA2AExpressRouter(express));
-export { handleA2ANextJsPOST, handleA2AAuthNextJsPOST, handleA2AConfigNextJsGET, createConfigGetHeadersForAuth0, createNebulasProxyHandler, } from "./server/nextjs.js";
+export { handleA2ANextJsPOST, handleA2AAuthNextJsPOST, handleA2AConfigNextJsGET, createGetHeadersForAuth0, createA2AProxyHandler, createNebulasProxyHandler, } from "./server/nextjs.js";
 export { handleNebulasProxy, isRefreshTokenInvalid, } from "./server/nebulas-proxy-handler.js";

package/dist/server/config-handler.js

@@ -3,7 +3,7 @@
  * Fetches agent card from A2A_URL/.well-known/agent-card.json when A2A_URL is set.
  * Framework-agnostic; returns JSON response body.
  */
-const A2A_URL = process.env.NEXT_PUBLIC_A2A_URL || process.env.A2A_URL || "";
+const A2A_URL = process.env.A2A_URL || process.env.NEXT_PUBLIC_A2A_URL || "";
 async function fetchAgentCard(headers) {
     const base = A2A_URL.replace(/\/$/, "");
     if (!base)

package/dist/server/nextjs.d.ts

@@ -19,7 +19,7 @@ export declare function handleA2AAuthNextJsPOST(request: NextRequest): Promise<R
 export interface HandleA2AConfigOptions {
     /**
      * When provided, fetches the agent card with these headers (Authorization, x-api-key).
-     * Use createConfigGetHeadersForAuth0 for Auth0 session strategy.
+     * Use createGetHeadersForAuth0 for Auth0 session strategy.
      */
     getHeaders?: (request: NextRequest) => Promise<Record<string, string>>;
 }
@@ -32,7 +32,7 @@ export declare function handleA2AConfigNextJsGET(request: NextRequest, options?:
  * Auth0 client interface for config headers.
  * Compatible with Auth0Client from @auth0/nextjs-auth0/server.
  */
-export interface Auth0ClientForConfig {
+export interface Auth0ClientInterface {
     getSession(req: unknown): Promise<{
         user?: unknown;
     } | null>;
@@ -43,20 +43,40 @@ export interface Auth0ClientForConfig {
     }>;
 }
 /**
- * Creates getHeaders for handleA2AConfigNextJsGET using Auth0 session.
- * Uses same auth as A2A proxy: session, access token for A2A audience, x-api-key fallback.
+ * Creates getHeaders for handleA2AConfigNextJsGET and createA2AProxyHandler using Auth0 session.
+ * Uses same auth: session, access token for A2A audience, x-api-key fallback.
  * Throws NextResponse (401) when unauthorized.
+ *
+ * @param authResponse - When provided (e.g. by A2A proxy), getAccessToken uses it so caller can propagate Set-Cookie from token refresh.
+ */
+export declare function createGetHeadersForAuth0(options: {
+    auth0: Auth0ClientInterface;
+    audience?: string;
+    apiKey?: string;
+}): (request: NextRequest, authResponse?: NextResponse) => Promise<Record<string, string>>;
+/**
+ * Options for the A2A proxy handler with Auth0 session.
  */
-export declare function createConfigGetHeadersForAuth0(options: {
-    auth0: Auth0ClientForConfig;
+export interface CreateA2AProxyHandlerOptions {
+    auth0: Auth0ClientInterface;
     audience?: string;
     apiKey?: string;
-}): (request: NextRequest) => Promise<Record<string, string>>;
+}
+/**
+ * Creates a Next.js App Router POST handler for the A2A proxy.
+ * Proxies requests to A2A_URL with Auth0 session token or API key.
+ * Propagates Set-Cookie from Auth0 token refresh.
+ *
+ * Use in app/api/a2a/route.ts:
+ *   const handler = createA2AProxyHandler({ auth0, audience: process.env.AUTH0_A2A_AUDIENCE, apiKey: process.env.A2A_API_KEY });
+ *   export const POST = handler;
+ */
+export declare function createA2AProxyHandler(options: CreateA2AProxyHandlerOptions): (request: NextRequest) => Promise<Response>;
 /**
  * Options for the Nebulas API proxy handler.
  */
 export interface CreateNebulasProxyHandlerOptions {
-    auth0: Auth0ClientForConfig;
+    auth0: Auth0ClientInterface;
     audience?: string;
     apiKey?: string;
 }

package/dist/server/nextjs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nextjs.d.ts","sourceRoot":"","sources":["../../src/server/nextjs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAkB,KAAK,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAiB9E;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,mBAAmB,qBA6B9B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,WAAW,qBAyBjE;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACxE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,sBAAsB,qBAcjC;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,IAAI,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAC7D,cAAc,CACZ,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GACzB,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC/B;AAED;;;;GAIG;AACH,wBAAgB,8BAA8B,CAAC,OAAO,EAAE;IACtD,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAyC5D;AAED;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAC/C,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,gCAAgC,IAE/E,SAAS,WAAW,EACpB,KAAK;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAA;CAAE,oCAkH/C"}
+{"version":3,"file":"nextjs.d.ts","sourceRoot":"","sources":["../../src/server/nextjs.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAkB,KAAK,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAiB9E;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,mBAAmB,qBA6B9B;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,OAAO,EAAE,WAAW,qBAyBjE;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACxE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,WAAW,EACpB,OAAO,CAAC,EAAE,sBAAsB,qBAcjC;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,UAAU,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;QAAE,IAAI,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAC7D,cAAc,CACZ,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,OAAO,EACZ,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GACzB,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC/B;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE;IAChD,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,GAAG,CACF,OAAO,EAAE,WAAW,EACpB,YAAY,CAAC,EAAE,YAAY,KACxB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAoDnC;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,4BAA4B,IAO3C,SAAS,WAAW,uBAuDnD;AAED;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAC/C,KAAK,EAAE,oBAAoB,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,gCAAgC,IAE/E,SAAS,WAAW,EACpB,KAAK;IAAE,MAAM,EAAE,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC,CAAA;CAAE,oCAkH/C"}

package/dist/server/nextjs.js

@@ -85,12 +85,14 @@ export async function handleA2AConfigNextJsGET(request, options) {
     });
 }
 /**
- * Creates getHeaders for handleA2AConfigNextJsGET using Auth0 session.
- * Uses same auth as A2A proxy: session, access token for A2A audience, x-api-key fallback.
+ * Creates getHeaders for handleA2AConfigNextJsGET and createA2AProxyHandler using Auth0 session.
+ * Uses same auth: session, access token for A2A audience, x-api-key fallback.
  * Throws NextResponse (401) when unauthorized.
+ *
+ * @param authResponse - When provided (e.g. by A2A proxy), getAccessToken uses it so caller can propagate Set-Cookie from token refresh.
  */
-export function createConfigGetHeadersForAuth0(options) {
-    return async (request) => {
+export function createGetHeadersForAuth0(options) {
+    return async (request, authResponse) => {
         const session = await options.auth0.getSession(request);
         if (!session) {
             throw new NextResponse(JSON.stringify({ error: "Unauthorized" }), {
@@ -104,8 +106,8 @@ export function createConfigGetHeadersForAuth0(options) {
         }
         if (options.audience) {
             try {
-                const authResponse = new NextResponse();
-                const { token } = await options.auth0.getAccessToken(request, authResponse, {
+                const res = authResponse ?? new NextResponse();
+                const { token } = await options.auth0.getAccessToken(request, res, {
                     audience: options.audience,
                 });
                 if (token) {
@@ -114,6 +116,13 @@ export function createConfigGetHeadersForAuth0(options) {
             }
             catch (err) {
                 console.error("[Config] Failed to get access token:", err);
+                if (isRefreshTokenInvalid(err)) {
+                    throw new NextResponse(JSON.stringify({
+                        error: "Your session has expired. Please log out and log back in.",
+                        code: "refresh_token_invalid",
+                        requireReauth: true,
+                    }), { status: 401, headers: { "Content-Type": "application/json" } });
+                }
                 if (!options.apiKey) {
                     throw new NextResponse(JSON.stringify({
                         error: "Unauthorized",
@@ -125,6 +134,71 @@ export function createConfigGetHeadersForAuth0(options) {
         return headers;
     };
 }
+/**
+ * Creates a Next.js App Router POST handler for the A2A proxy.
+ * Proxies requests to A2A_URL with Auth0 session token or API key.
+ * Propagates Set-Cookie from Auth0 token refresh.
+ *
+ * Use in app/api/a2a/route.ts:
+ *   const handler = createA2AProxyHandler({ auth0, audience: process.env.AUTH0_A2A_AUDIENCE, apiKey: process.env.A2A_API_KEY });
+ *   export const POST = handler;
+ */
+export function createA2AProxyHandler(options) {
+    const getHeaders = createGetHeadersForAuth0({
+        auth0: options.auth0,
+        audience: options.audience,
+        apiKey: options.apiKey,
+    });
+    return async function handler(request) {
+        let authHeaders;
+        const authResponse = new NextResponse();
+        try {
+            authHeaders = await getHeaders(request, authResponse);
+        }
+        catch (err) {
+            if (err instanceof NextResponse) {
+                return err;
+            }
+            throw err;
+        }
+        let body;
+        try {
+            const text = await request.text();
+            body = text.length > 0 ? text : undefined;
+        }
+        catch {
+            return NextResponse.json({ error: "Invalid request body" }, { status: 400 });
+        }
+        const proxyReq = {
+            method: request.method,
+            headers: headersFromRequest(request),
+            body,
+        };
+        const result = await handleA2AProxy(proxyReq, { headers: authHeaders });
+        const responseHeaders = new Headers();
+        for (const [k, v] of Object.entries(result.headers)) {
+            responseHeaders.set(k, v);
+        }
+        authResponse.headers.forEach((value, key) => {
+            if (key.toLowerCase() === "set-cookie") {
+                responseHeaders.append(key, value);
+            }
+        });
+        if (typeof result.body === "string") {
+            return new Response(result.body, {
+                status: result.status,
+                headers: responseHeaders,
+            });
+        }
+        if (result.body instanceof ReadableStream) {
+            return new Response(result.body, {
+                status: result.status,
+                headers: responseHeaders,
+            });
+        }
+        return new Response(null, { status: result.status, headers: responseHeaders });
+    };
+}
 /**
  * Creates a Next.js App Router handler for the Nebulas API proxy (catch-all [...path]).
  * Proxies requests to NEBULAS_API_URL with Auth0 session token or API key.

package/dist/server/proxy-handler.d.ts

@@ -14,6 +14,11 @@ export interface ProxyResponse {
 }
 export interface ProxyHandlerOptions {
     getSessionToken?: (req: ProxyRequest) => Promise<string | undefined>;
+    /**
+     * When provided, used as auth headers instead of getAuthHeaders.
+     * Caller is responsible for auth (e.g. Auth0 session). Used by createA2AProxyHandler.
+     */
+    headers?: Record<string, string>;
 }
 /**
  * Handle A2A proxy request. Returns response to send.

package/dist/server/proxy-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"proxy-handler.d.ts","sourceRoot":"","sources":["../../src/server/proxy-handler.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,mBAAmB;IAClC,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;CACtE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,YAAY,EACjB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,aAAa,CAAC,CA0ExB"}
+{"version":3,"file":"proxy-handler.d.ts","sourceRoot":"","sources":["../../src/server/proxy-handler.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,IAAI,CAAC,EAAE,MAAM,GAAG,cAAc,CAAC,UAAU,CAAC,CAAC;CAC5C;AAED,MAAM,WAAW,mBAAmB;IAClC,eAAe,CAAC,EAAE,CAAC,GAAG,EAAE,YAAY,KAAK,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IACrE;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,GAAG,EAAE,YAAY,EACjB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,aAAa,CAAC,CAkFxB"}

package/dist/server/proxy-handler.js

@@ -3,42 +3,51 @@
  * Accepts a minimal request/response interface.
  */
 import { getAuthStrategy, getAuthHeaders, } from "./auth-strategies.js";
-const A2A_URL = process.env.NEXT_PUBLIC_A2A_URL || process.env.A2A_URL || "http://localhost:9999";
+const A2A_URL = process.env.A2A_URL || process.env.NEXT_PUBLIC_A2A_URL || "http://localhost:9999";
 /**
  * Handle A2A proxy request. Returns response to send.
  */
 export async function handleA2AProxy(req, options = {}) {
     const url = A2A_URL.replace(/\/$/, "");
-    const strategy = getAuthStrategy();
-    let bearerToken;
-    const authHeader = req.headers["authorization"] || req.headers["Authorization"];
-    if (authHeader?.startsWith("Bearer ")) {
-        bearerToken = authHeader.slice(7);
-    }
-    else if (strategy === "session" && options.getSessionToken) {
-        bearerToken = await options.getSessionToken(req);
+    let headers;
+    if (options.headers) {
+        headers = {
+            "Content-Type": req.headers["content-type"] || "application/json",
+            ...options.headers,
+        };
     }
-    if (strategy === "session" && !bearerToken && !process.env.A2A_API_KEY) {
-        return {
-            status: 401,
-            headers: { "Content-Type": "application/json" },
-            body: JSON.stringify({
-                error: "Unauthorized",
-                hint: "Session required or A2A_API_KEY for fallback.",
-            }),
+    else {
+        const strategy = getAuthStrategy();
+        let bearerToken;
+        const authHeader = req.headers["authorization"] || req.headers["Authorization"];
+        if (authHeader?.startsWith("Bearer ")) {
+            bearerToken = authHeader.slice(7);
+        }
+        else if (strategy === "session" && options.getSessionToken) {
+            bearerToken = await options.getSessionToken(req);
+        }
+        if (strategy === "session" && !bearerToken && !process.env.A2A_API_KEY) {
+            return {
+                status: 401,
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({
+                    error: "Unauthorized",
+                    hint: "Session required or A2A_API_KEY for fallback.",
+                }),
+            };
+        }
+        const authHeaders = await getAuthHeaders({
+            strategy,
+            bearerToken,
+            getSessionToken: options.getSessionToken
+                ? () => options.getSessionToken(req)
+                : undefined,
+        });
+        headers = {
+            "Content-Type": req.headers["content-type"] || "application/json",
+            ...authHeaders,
         };
     }
-    const authHeaders = await getAuthHeaders({
-        strategy,
-        bearerToken,
-        getSessionToken: options.getSessionToken
-            ? () => options.getSessionToken(req)
-            : undefined,
-    });
-    const headers = {
-        "Content-Type": req.headers["content-type"] || "application/json",
-        ...authHeaders,
-    };
     try {
         const res = await fetch(url, {
             method: req.method,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gnomondigital/nebulas-kit-core",
-  "version": "0.2.1",
+  "version": "0.3.1",
   "type": "module",
   "main": "./dist/index.js",
   "module": "./dist/index.js",