@mastra/server 1.16.0-alpha.1 → 1.16.0-alpha.2

package/dist/chunk-VTPTMQFA.cjs

@@ -0,0 +1,298 @@
+'use strict';
+
+var chunkPFKYMKIH_cjs = require('./chunk-PFKYMKIH.cjs');
+var chunkEES2ZZGL_cjs = require('./chunk-EES2ZZGL.cjs');
+var v4 = require('zod/v4');
+
+var agentIdPathParams = v4.z.object({
+  agentId: v4.z.string().describe("Unique identifier for the agent")
+});
+var agentVersionQuerySchema = v4.z.object({
+  status: v4.z.enum(["draft", "published"]).optional().describe(
+    "Which stored config version to resolve: draft (latest, default) or published (active version). Mutually exclusive with versionId."
+  ),
+  versionId: v4.z.string().optional().describe(
+    "Specific version ID to resolve. Mutually exclusive with status \u2014 if both are provided, versionId takes precedence."
+  )
+});
+var toolIdPathParams = v4.z.object({
+  toolId: v4.z.string().describe("Unique identifier for the tool")
+});
+var agentToolPathParams = agentIdPathParams.extend({
+  toolId: v4.z.string().describe("Unique identifier for the tool")
+});
+var agentSkillPathParams = agentIdPathParams.extend({
+  skillName: v4.z.string().describe("Name of the skill")
+});
+var modelConfigIdPathParams = agentIdPathParams.extend({
+  modelConfigId: v4.z.string().describe("Unique identifier for the model configuration")
+});
+var serializedProcessorSchema = v4.z.object({
+  id: v4.z.string(),
+  name: v4.z.string().optional()
+});
+var serializedToolSchema = v4.z.object({
+  id: v4.z.string(),
+  description: v4.z.string().optional(),
+  inputSchema: v4.z.string().optional(),
+  outputSchema: v4.z.string().optional(),
+  requireApproval: v4.z.boolean().optional()
+});
+var serializedWorkflowSchema = v4.z.object({
+  name: v4.z.string(),
+  steps: v4.z.record(
+    v4.z.string(),
+    v4.z.object({
+      id: v4.z.string(),
+      description: v4.z.string().optional()
+    })
+  ).optional()
+});
+var serializedAgentDefinitionSchema = v4.z.object({
+  id: v4.z.string(),
+  name: v4.z.string()
+});
+var systemMessageSchema = v4.z.union([
+  v4.z.string(),
+  v4.z.array(v4.z.string()),
+  v4.z.any(),
+  // CoreSystemMessage or SystemModelMessage
+  v4.z.array(v4.z.any())
+]);
+var modelConfigSchema = v4.z.object({
+  model: v4.z.object({
+    modelId: v4.z.string(),
+    provider: v4.z.string(),
+    modelVersion: v4.z.string()
+  })
+  // Additional fields from AgentModelManagerConfig can be added here
+});
+var serializedAgentSchema = v4.z.object({
+  name: v4.z.string(),
+  description: v4.z.string().optional(),
+  instructions: systemMessageSchema.optional(),
+  tools: v4.z.record(v4.z.string(), serializedToolSchema),
+  agents: v4.z.record(v4.z.string(), serializedAgentDefinitionSchema),
+  workflows: v4.z.record(v4.z.string(), serializedWorkflowSchema),
+  inputProcessors: v4.z.array(serializedProcessorSchema),
+  outputProcessors: v4.z.array(serializedProcessorSchema),
+  provider: v4.z.string().optional(),
+  modelId: v4.z.string().optional(),
+  modelVersion: v4.z.string().optional(),
+  modelList: v4.z.array(modelConfigSchema).optional(),
+  defaultOptions: chunkPFKYMKIH_cjs.defaultOptionsSchema.optional(),
+  defaultGenerateOptionsLegacy: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+  defaultStreamOptionsLegacy: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+  status: v4.z.enum(["draft", "published", "archived"]).optional(),
+  activeVersionId: v4.z.string().optional(),
+  hasDraft: v4.z.boolean().optional()
+});
+var serializedAgentWithIdSchema = serializedAgentSchema.extend({
+  id: v4.z.string()
+});
+var providerSchema = v4.z.object({
+  id: v4.z.string(),
+  name: v4.z.string(),
+  label: v4.z.string().optional(),
+  description: v4.z.string().optional()
+});
+var providersResponseSchema = v4.z.object({
+  providers: v4.z.array(providerSchema)
+});
+var listAgentsResponseSchema = v4.z.record(v4.z.string(), serializedAgentSchema);
+var listToolsResponseSchema = v4.z.record(v4.z.string(), serializedToolSchema);
+var agentMemoryOptionSchema = v4.z.object({
+  thread: v4.z.union([v4.z.string(), v4.z.object({ id: v4.z.string() }).passthrough()]),
+  resource: v4.z.string(),
+  options: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+  readOnly: v4.z.boolean().optional()
+});
+var toolChoiceSchema = v4.z.union([
+  v4.z.enum(["auto", "none", "required"]),
+  v4.z.object({ type: v4.z.literal("tool"), toolName: v4.z.string() })
+]);
+var agentExecutionBodySchema = v4.z.object({
+  // REQUIRED
+  messages: v4.z.union([
+    v4.z.array(chunkEES2ZZGL_cjs.coreMessageSchema),
+    // Array of messages
+    v4.z.string()
+    // Single user message shorthand
+  ]),
+  // Message Configuration
+  instructions: systemMessageSchema.optional(),
+  system: systemMessageSchema.optional(),
+  context: v4.z.array(chunkEES2ZZGL_cjs.coreMessageSchema).optional(),
+  // Memory & Persistence
+  memory: agentMemoryOptionSchema.optional(),
+  runId: v4.z.string().optional(),
+  savePerStep: v4.z.boolean().optional(),
+  // Request Context (handler-specific field - merged with server's requestContext)
+  requestContext: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+  // Execution Control
+  maxSteps: v4.z.number().optional(),
+  stopWhen: v4.z.any().optional(),
+  // Model Configuration
+  providerOptions: v4.z.object({
+    anthropic: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+    google: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+    openai: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+    xai: v4.z.record(v4.z.string(), v4.z.any()).optional()
+  }).optional(),
+  modelSettings: v4.z.any().optional(),
+  // Tool Configuration
+  activeTools: v4.z.array(v4.z.string()).optional(),
+  toolsets: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+  clientTools: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+  toolChoice: toolChoiceSchema.optional(),
+  requireToolApproval: v4.z.boolean().optional(),
+  // Evaluation
+  scorers: v4.z.union([
+    v4.z.record(v4.z.string(), v4.z.any()),
+    v4.z.record(
+      v4.z.string(),
+      v4.z.object({
+        scorer: v4.z.string(),
+        sampling: v4.z.any().optional()
+      })
+    )
+  ]).optional(),
+  returnScorerData: v4.z.boolean().optional(),
+  // Observability
+  tracingOptions: chunkEES2ZZGL_cjs.tracingOptionsSchema.optional(),
+  // Structured Output
+  output: v4.z.any().optional(),
+  // Zod schema, JSON schema, or structured output object
+  structuredOutput: v4.z.object({
+    schema: v4.z.object({}).passthrough(),
+    model: v4.z.union([v4.z.string(), v4.z.any()]).optional(),
+    instructions: v4.z.string().optional(),
+    jsonPromptInjection: v4.z.boolean().optional(),
+    errorStrategy: v4.z.enum(["strict", "warn", "fallback"]).optional(),
+    fallbackValue: v4.z.any().optional()
+  }).optional()
+}).passthrough();
+var agentExecutionLegacyBodySchema = agentExecutionBodySchema.extend({
+  resourceId: v4.z.string().optional(),
+  resourceid: v4.z.string().optional(),
+  // lowercase variant
+  threadId: v4.z.string().optional()
+});
+var executeToolDataBodySchema = v4.z.object({
+  data: v4.z.unknown().refine((x) => x !== void 0, { message: "data is required" })
+});
+var executeToolBodySchema = executeToolDataBodySchema.extend({
+  requestContext: v4.z.record(v4.z.string(), v4.z.any()).optional()
+});
+var executeToolContextBodySchema = executeToolDataBodySchema.extend({
+  requestContext: v4.z.record(v4.z.string(), v4.z.any()).optional()
+});
+var voiceSpeakersResponseSchema = v4.z.array(
+  v4.z.object({
+    voiceId: v4.z.string()
+  }).passthrough()
+  // Allow provider-specific fields like name, language, etc.
+);
+var toolCallActionBodySchema = v4.z.object({
+  runId: v4.z.string(),
+  requestContext: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+  toolCallId: v4.z.string(),
+  format: v4.z.string().optional()
+});
+var networkToolCallActionBodySchema = v4.z.object({
+  runId: v4.z.string(),
+  requestContext: v4.z.record(v4.z.string(), v4.z.any()).optional(),
+  format: v4.z.string().optional()
+});
+var approveToolCallBodySchema = toolCallActionBodySchema;
+var declineToolCallBodySchema = toolCallActionBodySchema;
+var approveNetworkToolCallBodySchema = networkToolCallActionBodySchema;
+var declineNetworkToolCallBodySchema = networkToolCallActionBodySchema;
+var toolCallResponseSchema = v4.z.object({
+  fullStream: v4.z.any()
+  // ReadableStream
+});
+var updateAgentModelBodySchema = v4.z.object({
+  modelId: v4.z.string(),
+  provider: v4.z.string()
+});
+var reorderAgentModelListBodySchema = v4.z.object({
+  reorderedModelIds: v4.z.array(v4.z.string())
+});
+var updateAgentModelInModelListBodySchema = v4.z.object({
+  model: v4.z.object({
+    modelId: v4.z.string(),
+    provider: v4.z.string()
+  }).optional(),
+  maxRetries: v4.z.number().optional(),
+  enabled: v4.z.boolean().optional()
+});
+var modelManagementResponseSchema = chunkEES2ZZGL_cjs.messageResponseSchema;
+var generateSpeechBodySchema = v4.z.object({
+  text: v4.z.string(),
+  speakerId: v4.z.string().optional()
+});
+var transcribeSpeechBodySchema = v4.z.object({
+  audio: v4.z.any(),
+  // Buffer
+  options: v4.z.record(v4.z.string(), v4.z.any()).optional()
+});
+var transcribeSpeechResponseSchema = v4.z.object({
+  text: v4.z.string()
+});
+var getListenerResponseSchema = v4.z.any();
+var generateResponseSchema = v4.z.any();
+var streamResponseSchema = v4.z.any();
+var speakResponseSchema = v4.z.any();
+var executeToolResponseSchema = v4.z.any();
+var enhanceInstructionsBodySchema = v4.z.object({
+  instructions: v4.z.string().describe("The current agent instructions to enhance"),
+  comment: v4.z.string().describe("User comment describing how to enhance the instructions")
+});
+var enhanceInstructionsResponseSchema = v4.z.object({
+  explanation: v4.z.string().describe("Explanation of the changes made"),
+  new_prompt: v4.z.string().describe("The enhanced instructions")
+});
+
+exports.agentExecutionBodySchema = agentExecutionBodySchema;
+exports.agentExecutionLegacyBodySchema = agentExecutionLegacyBodySchema;
+exports.agentIdPathParams = agentIdPathParams;
+exports.agentSkillPathParams = agentSkillPathParams;
+exports.agentToolPathParams = agentToolPathParams;
+exports.agentVersionQuerySchema = agentVersionQuerySchema;
+exports.approveNetworkToolCallBodySchema = approveNetworkToolCallBodySchema;
+exports.approveToolCallBodySchema = approveToolCallBodySchema;
+exports.declineNetworkToolCallBodySchema = declineNetworkToolCallBodySchema;
+exports.declineToolCallBodySchema = declineToolCallBodySchema;
+exports.enhanceInstructionsBodySchema = enhanceInstructionsBodySchema;
+exports.enhanceInstructionsResponseSchema = enhanceInstructionsResponseSchema;
+exports.executeToolBodySchema = executeToolBodySchema;
+exports.executeToolContextBodySchema = executeToolContextBodySchema;
+exports.executeToolResponseSchema = executeToolResponseSchema;
+exports.generateResponseSchema = generateResponseSchema;
+exports.generateSpeechBodySchema = generateSpeechBodySchema;
+exports.getListenerResponseSchema = getListenerResponseSchema;
+exports.listAgentsResponseSchema = listAgentsResponseSchema;
+exports.listToolsResponseSchema = listToolsResponseSchema;
+exports.modelConfigIdPathParams = modelConfigIdPathParams;
+exports.modelManagementResponseSchema = modelManagementResponseSchema;
+exports.providerSchema = providerSchema;
+exports.providersResponseSchema = providersResponseSchema;
+exports.reorderAgentModelListBodySchema = reorderAgentModelListBodySchema;
+exports.serializedAgentDefinitionSchema = serializedAgentDefinitionSchema;
+exports.serializedAgentSchema = serializedAgentSchema;
+exports.serializedAgentWithIdSchema = serializedAgentWithIdSchema;
+exports.serializedProcessorSchema = serializedProcessorSchema;
+exports.serializedToolSchema = serializedToolSchema;
+exports.serializedWorkflowSchema = serializedWorkflowSchema;
+exports.speakResponseSchema = speakResponseSchema;
+exports.streamResponseSchema = streamResponseSchema;
+exports.toolCallResponseSchema = toolCallResponseSchema;
+exports.toolIdPathParams = toolIdPathParams;
+exports.transcribeSpeechBodySchema = transcribeSpeechBodySchema;
+exports.transcribeSpeechResponseSchema = transcribeSpeechResponseSchema;
+exports.updateAgentModelBodySchema = updateAgentModelBodySchema;
+exports.updateAgentModelInModelListBodySchema = updateAgentModelInModelListBodySchema;
+exports.voiceSpeakersResponseSchema = voiceSpeakersResponseSchema;
+//# sourceMappingURL=chunk-VTPTMQFA.cjs.map
+//# sourceMappingURL=chunk-VTPTMQFA.cjs.map

package/dist/chunk-VTPTMQFA.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/schemas/agents.ts"],"names":["z","defaultOptionsSchema","coreMessageSchema","tracingOptionsSchema","messageResponseSchema"],"mappings":";;;;;;AAKO,IAAM,iBAAA,GAAoBA,KAAE,MAAA,CAAO;AAAA,EACxC,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,iCAAiC;AAChE,CAAC;AAQM,IAAM,uBAAA,GAA0BA,KAAE,MAAA,CAAO;AAAA,EAC9C,MAAA,EAAQA,KACL,IAAA,CAAK,CAAC,SAAS,WAAW,CAAC,CAAA,CAC3B,QAAA,EAAS,CACT,QAAA;AAAA,IACC;AAAA,GACF;AAAA,EACF,SAAA,EAAWA,IAAA,CACR,MAAA,EAAO,CACP,UAAS,CACT,QAAA;AAAA,IACC;AAAA;AAEN,CAAC;AAEM,IAAM,gBAAA,GAAmBA,KAAE,MAAA,CAAO;AAAA,EACvC,MAAA,EAAQA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,gCAAgC;AAC9D,CAAC;AAEM,IAAM,mBAAA,GAAsB,kBAAkB,MAAA,CAAO;AAAA,EAC1D,MAAA,EAAQA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,gCAAgC;AAC9D,CAAC;AAEM,IAAM,oBAAA,GAAuB,kBAAkB,MAAA,CAAO;AAAA,EAC3D,SAAA,EAAWA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,mBAAmB;AACpD,CAAC;AAEM,IAAM,uBAAA,GAA0B,kBAAkB,MAAA,CAAO;AAAA,EAC9D,aAAA,EAAeA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,+CAA+C;AACpF,CAAC;AAKM,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EAChD,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,EACb,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACnB,CAAC;AAMM,IAAM,oBAAA,GAAuBA,KAAE,MAAA,CAAO;AAAA,EAC3C,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,EACb,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,YAAA,EAAcA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAClC,eAAA,EAAiBA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAC/B,CAAC;AAKM,IAAM,wBAAA,GAA2BA,KAAE,MAAA,CAAO;AAAA,EAC/C,IAAA,EAAMA,KAAE,MAAA,EAAO;AAAA,EACf,OAAOA,IAAA,CACJ,MAAA;AAAA,IACCA,KAAE,MAAA,EAAO;AAAA,IACTA,KAAE,MAAA,CAAO;AAAA,MACP,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,MACb,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,KAClC;AAAA,IAEF,QAAA;AACL,CAAC;AAKM,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EACtD,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,EACb,IAAA,EAAMA,KAAE,MAAA;AACV,CAAC;AAMD,IAAM,mBAAA,GAAsBA,KAAE,KAAA,CAAM;AAAA,EAClCA,KAAE,MAAA,EAAO;AAAA,EACTA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,MAAA,EAAQ,CAAA;AAAA,EAClBA,KAAE,GAAA,EAAI;AAAA;AAAA,EACNA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,GAAA,EAAK;AACjB,CAAC,CAAA;AAKD,IAAM,iBAAA,GAAoBA,KAAE,MAAA,CAAO;AAAA,EACjC,KAAA,EAAOA,KAAE,MAAA,CAAO;AAAA,IACd,OAAA,EAASA,KAAE,MAAA,EAAO;AAAA,IAClB,QAAA,EAAUA,KAAE,MAAA,EAAO;AAAA,IACnB,YAAA,EAAcA,KAAE,MAAA;AAAO,GACxB;AAAA;AAEH,CAAC,CAAA;AAKM,IAAM,qBAAA,GAAwBA,KAAE,MAAA,CAAO;AAAA,EAC5C,IAAA,EAAMA,KAAE,MAAA,EAAO;AAAA,EACf,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,YAAA,EAAc,oBAAoB,QAAA,EAAS;AAAA,EAC3C,OAAOA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAU,oBAAoB,CAAA;AAAA,EAChD,QAAQA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAU,+BAA+B,CAAA;AAAA,EAC5D,WAAWA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAU,wBAAwB,CAAA;AAAA,EACxD,eAAA,EAAiBA,IAAA,CAAE,KAAA,CAAM,yBAAyB,CAAA;AAAA,EAClD,gBAAA,EAAkBA,IAAA,CAAE,KAAA,CAAM,yBAAyB,CAAA;AAAA,EACnD,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC9B,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,YAAA,EAAcA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAClC,SAAA,EAAWA,IAAA,CAAE,KAAA,CAAM,iBAAiB,EAAE,QAAA,EAAS;AAAA,EAC/C,cAAA,EAAgBC,uCAAqB,QAAA,EAAS;AAAA,EAC9C,4BAAA,EAA8BD,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,EACrE,0BAAA,EAA4BA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,EACnE,MAAA,EAAQA,KAAE,IAAA,CAAK,CAAC,SAAS,WAAA,EAAa,UAAU,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC5D,eAAA,EAAiBA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACrC,QAAA,EAAUA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACxB,CAAC;AAKM,IAAM,2BAAA,GAA8B,sBAAsB,MAAA,CAAO;AAAA,EACtE,EAAA,EAAIA,KAAE,MAAA;AACR,CAAC;AAKM,IAAM,cAAA,GAAiBA,KAAE,MAAA,CAAO;AAAA,EACrC,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,EACb,IAAA,EAAMA,KAAE,MAAA,EAAO;AAAA,EACf,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC1B,CAAC;AAKM,IAAM,uBAAA,GAA0BA,KAAE,MAAA,CAAO;AAAA,EAC9C,SAAA,EAAWA,IAAA,CAAE,KAAA,CAAM,cAAc;AACnC,CAAC;AAMM,IAAM,2BAA2BA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAU,qBAAqB;AAM3E,IAAM,0BAA0BA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAU,oBAAoB;AAShF,IAAM,uBAAA,GAA0BA,KAAE,MAAA,CAAO;AAAA,EACvC,QAAQA,IAAA,CAAE,KAAA,CAAM,CAACA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,MAAA,CAAO,EAAE,EAAA,EAAIA,KAAE,MAAA,EAAO,EAAG,CAAA,CAAE,WAAA,EAAa,CAAC,CAAA;AAAA,EACxE,QAAA,EAAUA,KAAE,MAAA,EAAO;AAAA,EACnB,OAAA,EAASA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,EAChD,QAAA,EAAUA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACxB,CAAC,CAAA;AAKD,IAAM,gBAAA,GAAmBA,KAAE,KAAA,CAAM;AAAA,EAC/BA,KAAE,IAAA,CAAK,CAAC,MAAA,EAAQ,MAAA,EAAQ,UAAU,CAAC,CAAA;AAAA,EACnCA,IAAA,CAAE,MAAA,CAAO,EAAE,IAAA,EAAMA,IAAA,CAAE,OAAA,CAAQ,MAAM,CAAA,EAAG,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,EAAG;AAC5D,CAAC,CAAA;AAWM,IAAM,wBAAA,GAA2BA,KACrC,MAAA,CAAO;AAAA;AAAA,EAEN,QAAA,EAAUA,KAAE,KAAA,CAAM;AAAA,IAChBA,IAAA,CAAE,MAAME,mCAAiB,CAAA;AAAA;AAAA,IACzBF,KAAE,MAAA;AAAO;AAAA,GACV,CAAA;AAAA;AAAA,EAGD,YAAA,EAAc,oBAAoB,QAAA,EAAS;AAAA,EAC3C,MAAA,EAAQ,oBAAoB,QAAA,EAAS;AAAA,EACrC,OAAA,EAASA,IAAA,CAAE,KAAA,CAAME,mCAAiB,EAAE,QAAA,EAAS;AAAA;AAAA,EAG7C,MAAA,EAAQ,wBAAwB,QAAA,EAAS;AAAA,EACzC,KAAA,EAAOF,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,WAAA,EAAaA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAGlC,cAAA,EAAgBA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA;AAAA,EAGvD,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC9B,QAAA,EAAUA,IAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA;AAAA,EAG3B,eAAA,EAAiBA,KACd,MAAA,CAAO;AAAA,IACN,SAAA,EAAWA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,IAClD,MAAA,EAAQA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,IAC/C,MAAA,EAAQA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,IAC/C,GAAA,EAAKA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA;AAAS,GAC7C,EACA,QAAA,EAAS;AAAA,EACZ,aAAA,EAAeA,IAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA;AAAA,EAGhC,aAAaA,IAAA,CAAE,KAAA,CAAMA,KAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EAC1C,QAAA,EAAUA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,EACjD,WAAA,EAAaA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,EACpD,UAAA,EAAY,iBAAiB,QAAA,EAAS;AAAA,EACtC,mBAAA,EAAqBA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAG1C,OAAA,EAASA,KACN,KAAA,CAAM;AAAA,IACLA,KAAE,MAAA,CAAOA,IAAA,CAAE,QAAO,EAAGA,IAAA,CAAE,KAAK,CAAA;AAAA,IAC5BA,IAAA,CAAE,MAAA;AAAA,MACAA,KAAE,MAAA,EAAO;AAAA,MACTA,KAAE,MAAA,CAAO;AAAA,QACP,MAAA,EAAQA,KAAE,MAAA,EAAO;AAAA,QACjB,QAAA,EAAUA,IAAA,CAAE,GAAA,EAAI,CAAE,QAAA;AAAS,OAC5B;AAAA;AACH,GACD,EACA,QAAA,EAAS;AAAA,EACZ,gBAAA,EAAkBA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA;AAAA,EAGvC,cAAA,EAAgBG,uCAAqB,QAAA,EAAS;AAAA;AAAA,EAG9C,MAAA,EAAQH,IAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA;AAAA,EACzB,gBAAA,EAAkBA,KACf,MAAA,CAAO;AAAA,IACN,QAAQA,IAAA,CAAE,MAAA,CAAO,EAAE,EAAE,WAAA,EAAY;AAAA,IACjC,KAAA,EAAOA,IAAA,CAAE,KAAA,CAAM,CAACA,IAAA,CAAE,MAAA,EAAO,EAAGA,IAAA,CAAE,GAAA,EAAK,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IAC/C,YAAA,EAAcA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAClC,mBAAA,EAAqBA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,IAC1C,aAAA,EAAeA,KAAE,IAAA,CAAK,CAAC,UAAU,MAAA,EAAQ,UAAU,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IAC/D,aAAA,EAAeA,IAAA,CAAE,GAAA,EAAI,CAAE,QAAA;AAAS,GACjC,EACA,QAAA;AACL,CAAC,EACA,WAAA;AAMI,IAAM,8BAAA,GAAiC,yBAAyB,MAAA,CAAO;AAAA,EAC5E,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA;AAAA,EAChC,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACvB,CAAC;AAQD,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EACzC,IAAA,EAAMA,IAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,CAAO,CAAA,CAAA,KAAK,CAAA,KAAM,MAAA,EAAW,EAAE,OAAA,EAAS,kBAAA,EAAoB;AAChF,CAAC,CAAA;AAEM,IAAM,qBAAA,GAAwB,0BAA0B,MAAA,CAAO;AAAA,EACpE,cAAA,EAAgBA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA;AAChD,CAAC;AAEM,IAAM,4BAAA,GAA+B,0BAA0B,MAAA,CAAO;AAAA,EAC3E,cAAA,EAAgBA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA;AAChD,CAAC;AAMM,IAAM,8BAA8BA,IAAA,CAAE,KAAA;AAAA,EAC3CA,KACG,MAAA,CAAO;AAAA,IACN,OAAA,EAASA,KAAE,MAAA;AAAO,GACnB,EACA,WAAA;AAAY;AACjB;AAUA,IAAM,wBAAA,GAA2BA,KAAE,MAAA,CAAO;AAAA,EACxC,KAAA,EAAOA,KAAE,MAAA,EAAO;AAAA,EAChB,cAAA,EAAgBA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,EACvD,UAAA,EAAYA,KAAE,MAAA,EAAO;AAAA,EACrB,MAAA,EAAQA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACrB,CAAC,CAAA;AACD,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EAC/C,KAAA,EAAOA,KAAE,MAAA,EAAO;AAAA,EAChB,cAAA,EAAgBA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA,EAAS;AAAA,EACvD,MAAA,EAAQA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACrB,CAAC,CAAA;AAKM,IAAM,yBAAA,GAA4B;AAKlC,IAAM,yBAAA,GAA4B;AAKlC,IAAM,gCAAA,GAAmC;AAKzC,IAAM,gCAAA,GAAmC;AAKzC,IAAM,sBAAA,GAAyBA,KAAE,MAAA,CAAO;AAAA,EAC7C,UAAA,EAAYA,KAAE,GAAA;AAAI;AACpB,CAAC;AASM,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,OAAA,EAASA,KAAE,MAAA,EAAO;AAAA,EAClB,QAAA,EAAUA,KAAE,MAAA;AACd,CAAC;AAKM,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EACtD,iBAAA,EAAmBA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,QAAQ;AACvC,CAAC;AAKM,IAAM,qCAAA,GAAwCA,KAAE,MAAA,CAAO;AAAA,EAC5D,KAAA,EAAOA,KACJ,MAAA,CAAO;AAAA,IACN,OAAA,EAASA,KAAE,MAAA,EAAO;AAAA,IAClB,QAAA,EAAUA,KAAE,MAAA;AAAO,GACpB,EACA,QAAA,EAAS;AAAA,EACZ,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,OAAA,EAASA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AACvB,CAAC;AAKM,IAAM,6BAAA,GAAgCI;AAStC,IAAM,wBAAA,GAA2BJ,KAAE,MAAA,CAAO;AAAA,EAC/C,IAAA,EAAMA,KAAE,MAAA,EAAO;AAAA,EACf,SAAA,EAAWA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC;AAKM,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,KAAA,EAAOA,KAAE,GAAA,EAAI;AAAA;AAAA,EACb,OAAA,EAASA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,GAAA,EAAK,CAAA,CAAE,QAAA;AACzC,CAAC;AAKM,IAAM,8BAAA,GAAiCA,KAAE,MAAA,CAAO;AAAA,EACrD,IAAA,EAAMA,KAAE,MAAA;AACV,CAAC;AAKM,IAAM,yBAAA,GAA4BA,KAAE,GAAA;AAMpC,IAAM,sBAAA,GAAyBA,KAAE,GAAA;AACjC,IAAM,oBAAA,GAAuBA,KAAE,GAAA;AAC/B,IAAM,mBAAA,GAAsBA,KAAE,GAAA;AAC9B,IAAM,yBAAA,GAA4BA,KAAE,GAAA;AASpC,IAAM,6BAAA,GAAgCA,KAAE,MAAA,CAAO;AAAA,EACpD,YAAA,EAAcA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,2CAA2C,CAAA;AAAA,EAC7E,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yDAAyD;AACxF,CAAC;AAKM,IAAM,iCAAA,GAAoCA,KAAE,MAAA,CAAO;AAAA,EACxD,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,iCAAiC,CAAA;AAAA,EAClE,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,2BAA2B;AAC7D,CAAC","file":"chunk-VTPTMQFA.cjs","sourcesContent":["import { z } from 'zod/v4';\nimport { tracingOptionsSchema, coreMessageSchema, messageResponseSchema } from './common';\nimport { defaultOptionsSchema } from './default-options';\n\n// Path parameter schemas\nexport const agentIdPathParams = z.object({\n  agentId: z.string().describe('Unique identifier for the agent'),\n});\n\n/**\n * Query params for GET /agents/:agentId — controls which stored config version is used for overrides.\n * Use either `status` or `versionId`, not both.\n * - `status` — 'draft' (latest version, default) or 'published' (active published version).\n * - `versionId` — Resolve with a specific version ID.\n */\nexport const agentVersionQuerySchema = z.object({\n  status: z\n    .enum(['draft', 'published'])\n    .optional()\n    .describe(\n      'Which stored config version to resolve: draft (latest, default) or published (active version). Mutually exclusive with versionId.',\n    ),\n  versionId: z\n    .string()\n    .optional()\n    .describe(\n      'Specific version ID to resolve. Mutually exclusive with status — if both are provided, versionId takes precedence.',\n    ),\n});\n\nexport const toolIdPathParams = z.object({\n  toolId: z.string().describe('Unique identifier for the tool'),\n});\n\nexport const agentToolPathParams = agentIdPathParams.extend({\n  toolId: z.string().describe('Unique identifier for the tool'),\n});\n\nexport const agentSkillPathParams = agentIdPathParams.extend({\n  skillName: z.string().describe('Name of the skill'),\n});\n\nexport const modelConfigIdPathParams = agentIdPathParams.extend({\n  modelConfigId: z.string().describe('Unique identifier for the model configuration'),\n});\n\n/**\n * Schema for serialized processor metadata\n */\nexport const serializedProcessorSchema = z.object({\n  id: z.string(),\n  name: z.string().optional(),\n});\n\n/**\n * Schema for serialized tool with JSON schemas\n * Uses passthrough() to allow additional tool properties beyond core fields\n */\nexport const serializedToolSchema = z.object({\n  id: z.string(),\n  description: z.string().optional(),\n  inputSchema: z.string().optional(),\n  outputSchema: z.string().optional(),\n  requireApproval: z.boolean().optional(),\n});\n\n/**\n * Schema for serialized workflow with steps\n */\nexport const serializedWorkflowSchema = z.object({\n  name: z.string(),\n  steps: z\n    .record(\n      z.string(),\n      z.object({\n        id: z.string(),\n        description: z.string().optional(),\n      }),\n    )\n    .optional(),\n});\n\n/**\n * Schema for serialized agent definition (referenced by other agents)\n */\nexport const serializedAgentDefinitionSchema = z.object({\n  id: z.string(),\n  name: z.string(),\n});\n\n/**\n * Schema for SystemMessage type\n * Can be string, string[], or various message objects\n */\nconst systemMessageSchema = z.union([\n  z.string(),\n  z.array(z.string()),\n  z.any(), // CoreSystemMessage or SystemModelMessage\n  z.array(z.any()),\n]);\n\n/**\n * Schema for model configuration in model list\n */\nconst modelConfigSchema = z.object({\n  model: z.object({\n    modelId: z.string(),\n    provider: z.string(),\n    modelVersion: z.string(),\n  }),\n  // Additional fields from AgentModelManagerConfig can be added here\n});\n\n/**\n * Main schema for serialized agent representation\n */\nexport const serializedAgentSchema = z.object({\n  name: z.string(),\n  description: z.string().optional(),\n  instructions: systemMessageSchema.optional(),\n  tools: z.record(z.string(), serializedToolSchema),\n  agents: z.record(z.string(), serializedAgentDefinitionSchema),\n  workflows: z.record(z.string(), serializedWorkflowSchema),\n  inputProcessors: z.array(serializedProcessorSchema),\n  outputProcessors: z.array(serializedProcessorSchema),\n  provider: z.string().optional(),\n  modelId: z.string().optional(),\n  modelVersion: z.string().optional(),\n  modelList: z.array(modelConfigSchema).optional(),\n  defaultOptions: defaultOptionsSchema.optional(),\n  defaultGenerateOptionsLegacy: z.record(z.string(), z.any()).optional(),\n  defaultStreamOptionsLegacy: z.record(z.string(), z.any()).optional(),\n  status: z.enum(['draft', 'published', 'archived']).optional(),\n  activeVersionId: z.string().optional(),\n  hasDraft: z.boolean().optional(),\n});\n\n/**\n * Schema for agent with ID\n */\nexport const serializedAgentWithIdSchema = serializedAgentSchema.extend({\n  id: z.string(),\n});\n\n/**\n * Schema for individual provider information\n */\nexport const providerSchema = z.object({\n  id: z.string(),\n  name: z.string(),\n  label: z.string().optional(),\n  description: z.string().optional(),\n});\n\n/**\n * Schema for providers endpoint response\n */\nexport const providersResponseSchema = z.object({\n  providers: z.array(providerSchema),\n});\n\n/**\n * Schema for list agents endpoint response\n * Returns a record of agent ID to serialized agent\n */\nexport const listAgentsResponseSchema = z.record(z.string(), serializedAgentSchema);\n\n/**\n * Schema for list tools endpoint response\n * Returns a record of tool ID to serialized tool\n */\nexport const listToolsResponseSchema = z.record(z.string(), serializedToolSchema);\n\n// ============================================================================\n// Agent Execution Body Schemas\n// ============================================================================\n\n/**\n * Schema for agent memory option\n */\nconst agentMemoryOptionSchema = z.object({\n  thread: z.union([z.string(), z.object({ id: z.string() }).passthrough()]),\n  resource: z.string(),\n  options: z.record(z.string(), z.any()).optional(),\n  readOnly: z.boolean().optional(),\n});\n\n/**\n * Schema for tool choice configuration\n */\nconst toolChoiceSchema = z.union([\n  z.enum(['auto', 'none', 'required']),\n  z.object({ type: z.literal('tool'), toolName: z.string() }),\n]);\n\n/**\n * Comprehensive body schema for agent generate and stream endpoints\n * Validates common fields while using passthrough for complex nested objects\n *\n * EXCLUDED FIELDS (not serializable):\n * - Callbacks: onStepFinish, onFinish, onChunk, onError, onAbort, prepareStep\n * - Class instances: inputProcessors, outputProcessors\n * - Non-serializable: abortSignal, tracingContext\n */\nexport const agentExecutionBodySchema = z\n  .object({\n    // REQUIRED\n    messages: z.union([\n      z.array(coreMessageSchema), // Array of messages\n      z.string(), // Single user message shorthand\n    ]),\n\n    // Message Configuration\n    instructions: systemMessageSchema.optional(),\n    system: systemMessageSchema.optional(),\n    context: z.array(coreMessageSchema).optional(),\n\n    // Memory & Persistence\n    memory: agentMemoryOptionSchema.optional(),\n    runId: z.string().optional(),\n    savePerStep: z.boolean().optional(),\n\n    // Request Context (handler-specific field - merged with server's requestContext)\n    requestContext: z.record(z.string(), z.any()).optional(),\n\n    // Execution Control\n    maxSteps: z.number().optional(),\n    stopWhen: z.any().optional(),\n\n    // Model Configuration\n    providerOptions: z\n      .object({\n        anthropic: z.record(z.string(), z.any()).optional(),\n        google: z.record(z.string(), z.any()).optional(),\n        openai: z.record(z.string(), z.any()).optional(),\n        xai: z.record(z.string(), z.any()).optional(),\n      })\n      .optional(),\n    modelSettings: z.any().optional(),\n\n    // Tool Configuration\n    activeTools: z.array(z.string()).optional(),\n    toolsets: z.record(z.string(), z.any()).optional(),\n    clientTools: z.record(z.string(), z.any()).optional(),\n    toolChoice: toolChoiceSchema.optional(),\n    requireToolApproval: z.boolean().optional(),\n\n    // Evaluation\n    scorers: z\n      .union([\n        z.record(z.string(), z.any()),\n        z.record(\n          z.string(),\n          z.object({\n            scorer: z.string(),\n            sampling: z.any().optional(),\n          }),\n        ),\n      ])\n      .optional(),\n    returnScorerData: z.boolean().optional(),\n\n    // Observability\n    tracingOptions: tracingOptionsSchema.optional(),\n\n    // Structured Output\n    output: z.any().optional(), // Zod schema, JSON schema, or structured output object\n    structuredOutput: z\n      .object({\n        schema: z.object({}).passthrough(),\n        model: z.union([z.string(), z.any()]).optional(),\n        instructions: z.string().optional(),\n        jsonPromptInjection: z.boolean().optional(),\n        errorStrategy: z.enum(['strict', 'warn', 'fallback']).optional(),\n        fallbackValue: z.any().optional(),\n      })\n      .optional(),\n  })\n  .passthrough(); // Allow additional fields for forward compatibility\n\n/**\n * Legacy body schema for deprecated endpoints that still use threadId/resourceId\n * Used by /agents/:agentId/generate-legacy and /agents/:agentId/stream-legacy\n */\nexport const agentExecutionLegacyBodySchema = agentExecutionBodySchema.extend({\n  resourceId: z.string().optional(),\n  resourceid: z.string().optional(), // lowercase variant\n  threadId: z.string().optional(),\n});\n\n/**\n * Body schema for tool execute endpoint\n * Simple schema - tool validates its own input data\n * Note: Using z.unknown().refine() instead of z.any() to ensure data is required\n * (z.any() is treated as optional by Zod)\n */\nconst executeToolDataBodySchema = z.object({\n  data: z.unknown().refine(x => x !== undefined, { message: 'data is required' }),\n});\n\nexport const executeToolBodySchema = executeToolDataBodySchema.extend({\n  requestContext: z.record(z.string(), z.any()).optional(),\n});\n\nexport const executeToolContextBodySchema = executeToolDataBodySchema.extend({\n  requestContext: z.record(z.string(), z.any()).optional(),\n});\n\n/**\n * Response schema for voice speakers endpoint\n * Flexible to accommodate provider-specific metadata\n */\nexport const voiceSpeakersResponseSchema = z.array(\n  z\n    .object({\n      voiceId: z.string(),\n    })\n    .passthrough(), // Allow provider-specific fields like name, language, etc.\n);\n\n// ============================================================================\n// Tool Approval Schemas\n// ============================================================================\n\n/**\n * Base schema for tool approval/decline operations\n * Both approve and decline use the same parameters\n */\nconst toolCallActionBodySchema = z.object({\n  runId: z.string(),\n  requestContext: z.record(z.string(), z.any()).optional(),\n  toolCallId: z.string(),\n  format: z.string().optional(),\n});\nconst networkToolCallActionBodySchema = z.object({\n  runId: z.string(),\n  requestContext: z.record(z.string(), z.any()).optional(),\n  format: z.string().optional(),\n});\n\n/**\n * Body schema for approving tool call\n */\nexport const approveToolCallBodySchema = toolCallActionBodySchema;\n\n/**\n * Body schema for declining tool call\n */\nexport const declineToolCallBodySchema = toolCallActionBodySchema;\n\n/**\n * Body schema for approving network tool call\n */\nexport const approveNetworkToolCallBodySchema = networkToolCallActionBodySchema;\n\n/**\n * Body schema for declining network tool call\n */\nexport const declineNetworkToolCallBodySchema = networkToolCallActionBodySchema;\n\n/**\n * Response schema for tool approval/decline\n */\nexport const toolCallResponseSchema = z.object({\n  fullStream: z.any(), // ReadableStream\n});\n\n// ============================================================================\n// Model Management Schemas\n// ============================================================================\n\n/**\n * Body schema for updating agent model\n */\nexport const updateAgentModelBodySchema = z.object({\n  modelId: z.string(),\n  provider: z.string(),\n});\n\n/**\n * Body schema for reordering agent model list\n */\nexport const reorderAgentModelListBodySchema = z.object({\n  reorderedModelIds: z.array(z.string()),\n});\n\n/**\n * Body schema for updating model in model list\n */\nexport const updateAgentModelInModelListBodySchema = z.object({\n  model: z\n    .object({\n      modelId: z.string(),\n      provider: z.string(),\n    })\n    .optional(),\n  maxRetries: z.number().optional(),\n  enabled: z.boolean().optional(),\n});\n\n/**\n * Response schema for model management operations\n */\nexport const modelManagementResponseSchema = messageResponseSchema;\n\n// ============================================================================\n// Voice Schemas\n// ============================================================================\n\n/**\n * Body schema for generating speech\n */\nexport const generateSpeechBodySchema = z.object({\n  text: z.string(),\n  speakerId: z.string().optional(),\n});\n\n/**\n * Body schema for transcribing speech\n */\nexport const transcribeSpeechBodySchema = z.object({\n  audio: z.any(), // Buffer\n  options: z.record(z.string(), z.any()).optional(),\n});\n\n/**\n * Response schema for transcribe speech\n */\nexport const transcribeSpeechResponseSchema = z.object({\n  text: z.string(),\n});\n\n/**\n * Response schema for get listener\n */\nexport const getListenerResponseSchema = z.any(); // Listener info structure varies\n\n/**\n * Response schema for agent generation endpoints\n * These return AI SDK types which have complex structures\n */\nexport const generateResponseSchema = z.any(); // AI SDK GenerateResult type\nexport const streamResponseSchema = z.any(); // AI SDK StreamResult type\nexport const speakResponseSchema = z.any(); // Voice synthesis result\nexport const executeToolResponseSchema = z.any(); // Tool execution result varies by tool\n\n// ============================================================================\n// Instruction Enhancement Schemas\n// ============================================================================\n\n/**\n * Body schema for enhancing agent instructions\n */\nexport const enhanceInstructionsBodySchema = z.object({\n  instructions: z.string().describe('The current agent instructions to enhance'),\n  comment: z.string().describe('User comment describing how to enhance the instructions'),\n});\n\n/**\n * Response schema for enhanced instructions\n */\nexport const enhanceInstructionsResponseSchema = z.object({\n  explanation: z.string().describe('Explanation of the changes made'),\n  new_prompt: z.string().describe('The enhanced instructions'),\n});\n"]}

package/dist/{chunk-P63CP2ZR.js → chunk-WOU6ROOP.js}

@@ -1,6 +1,6 @@
-import { capabilitiesResponseSchema, currentUserResponseSchema, ssoLoginQuerySchema, ssoCallbackQuerySchema, credentialsSignInBodySchema, credentialsSignUpBodySchema } from './chunk-NLMVQMCR.js';
-import { handleError } from './chunk-NA7LKQPZ.js';
-import { createPublicRoute } from './chunk-5BBO2RHV.js';
+import { capabilitiesResponseSchema, currentUserResponseSchema, ssoLoginQuerySchema, ssoCallbackQuerySchema, credentialsSignInBodySchema, credentialsSignUpBodySchema } from './chunk-HDHGRTUS.js';
+import { handleError } from './chunk-P23KBWKB.js';
+import { createPublicRoute } from './chunk-5LHQGPOK.js';
 import { HTTPException } from './chunk-6QWQZI4Q.js';
 
 // src/server/handlers/auth.ts
@@ -379,5 +379,5 @@ var AUTH_ROUTES = [
 ];
 
 export { AUTH_ROUTES, GET_AUTH_CAPABILITIES_ROUTE, GET_CURRENT_USER_ROUTE, GET_SSO_CALLBACK_ROUTE, GET_SSO_LOGIN_ROUTE, POST_CREDENTIALS_SIGN_IN_ROUTE, POST_CREDENTIALS_SIGN_UP_ROUTE, POST_LOGOUT_ROUTE, getPublicOrigin };
-//# sourceMappingURL=chunk-P63CP2ZR.js.map
-//# sourceMappingURL=chunk-P63CP2ZR.js.map
+//# sourceMappingURL=chunk-WOU6ROOP.js.map
+//# sourceMappingURL=chunk-WOU6ROOP.js.map

package/dist/{chunk-P63CP2ZR.js.map → chunk-WOU6ROOP.js.map}

@@ -1 +1 @@
-{"version":3,"sources":["../src/server/handlers/auth.ts"],"names":["mastra"],"mappings":";;;;;;AAiCA,IAAI,yBAAA;AACJ,SAAS,qBAAA,GAAkE;AACzE,EAAA,IAAI,CAAC,yBAAA,EAA2B;AAC9B,IAAA,yBAAA,GAA4B,OAAO,sBAAsB,CAAA,CACtD,IAAA,CAAK,OAAK,CAAA,CAAE,iBAAwC,CAAA,CACpD,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,yBAAA;AACT;AAKA,SAAS,gBAAgB,MAAA,EAAwC;AAC/D,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAM,OAAO,IAAA;AAIhC,EAAA,IAAI,OAAO,YAAA,CAAa,IAAA,CAAK,iBAAA,KAAsB,UAAA,EAAY;AAC7D,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AASO,SAAS,gBAAgB,OAAA,EAA0B;AACxD,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACnF,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,OAAO,WAAW,aAAa,CAAA,CAAA;AAAA,EACjC;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,MAAA;AAC9B;AAKA,SAAS,gBAAgB,MAAA,EAAgD;AACvE,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,IAAA;AACvB;AAKA,SAAS,mBAAA,CAAuB,MAAe,MAAA,EAA4B;AACzE,EAAA,OAAO,IAAA,KAAS,IAAA,IAAQ,OAAO,IAAA,KAAS,YAAY,MAAA,IAAU,IAAA;AAChE;AAMO,IAAM,8BAA8B,iBAAA,CAAkB;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,0BAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,GAAA;AAEzC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,EAAsB;AACtD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AACA,MAAA,MAAM,YAAA,GAAe,MAAM,iBAAA,CAAkB,IAAA,EAAM,SAAS,EAAE,IAAA,EAAM,SAAA,EAAW,WAAA,EAAa,CAAA;AAE5F,MAAA,OAAO,YAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyB,iBAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,UAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,yBAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAmC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACxE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,cAAA,CAAe,OAAO,CAAA;AAC9C,MAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAGlB,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,WAAA;AAEJ,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAI;AACF,UAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAChC,UAAA,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAAA,QAC9C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,IAAA,CAAK,EAAA;AAAA,QACT,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,WAAW,IAAA,CAAK,SAAA;AAAA,QAChB,KAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,sBAAsB,iBAAA,CAAkB;AAAA,EACnD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkB,mBAAA;AAAA,EAClB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,4DAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,YAAA,EAAc,OAAA,EAAS,aAAY,GAAI,GAAA;AACvD,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,aAAa,CAAA,EAAG;AACpE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,MAChE;AAGA,MAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,MAAA,MAAM,GAAA,GAAA,CAAQ,WAAA,IAA0B,MAAA,EAAQ,IAAA,EAAK;AACrD,MAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,GAAI,GAAA,GAAM,IAAI,GAAG,CAAA,CAAA;AACrD,MAAA,MAAM,MAAA,GAAS,UAAU,QAAA,CAAS,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,SAAA;AAClE,MAAA,MAAM,gBAAA,GAAmB,CAAA,EAAG,MAAM,CAAA,EAAG,MAAM,CAAA,kBAAA,CAAA;AAO3C,MAAA,IAAI,iBAAA,GAAoB,GAAA;AACxB,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,YAAA,CAAa,UAAA,CAAW,MAAM,CAAA,EAAG;AAEpC,UAAA,iBAAA,GAAoB,YAAA;AAAA,QACtB,CAAA,MAAO;AACL,UAAA,IAAI;AACF,YAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,YAAY,CAAA;AACxC,YAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,MAAM,CAAA;AACpC,YAAA,MAAM,OAAA,GAAU,WAAA,CAAY,QAAA,KAAa,OAAA,IAAW,YAAY,QAAA,KAAa,QAAA;AAC7E,YAAA,MAAM,YAAA,GAAe,WAAA,CAAY,MAAA,KAAW,aAAA,CAAc,MAAA;AAC1D,YAAA,MAAM,WAAA,GACJ,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,OAAA;AAC3B,YAAA,IAAI,OAAA,KAAY,gBAAgB,WAAA,CAAA,EAAc;AAC5C,cAAA,iBAAA,GAAoB,YAAA;AAAA,YACtB;AAAA,UACF,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AACA,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,kBAAA,CAAmB,iBAAiB,CAAC,CAAA,CAAA;AAEjE,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,gBAAA,EAAkB,KAAK,CAAA;AAGzD,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,iBAAiB,CAAA,IAAK,KAAK,eAAA,EAAiB;AACtF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,CAAgB,gBAAA,EAAkB,KAAK,CAAA;AAC5D,QAAA,IAAI,SAAS,MAAA,EAAQ;AAEnB,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,UACrC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,GAAA,EAAK,QAAA,EAAU,CAAA,EAAG,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IACjF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyB,iBAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkB,sBAAA;AAAA,EAClB,OAAA,EAAS,qBAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,SAAQ,GAAI,GAAA;AAGzC,IAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AAGvC,IAAA,IAAI,UAAA,GAAa,GAAA;AACjB,IAAA,IAAI,UAAU,KAAA,IAAS,EAAA;AACvB,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,MAAA,MAAM,CAAC,EAAA,EAAI,eAAe,IAAI,KAAA,CAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAChD,MAAA,OAAA,GAAU,EAAA;AACV,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,mBAAmB,eAAe,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,UAAA,GAAa,GAAA;AAAA,MACf;AAAA,IACF;AAMA,IAAA,IAAI,gBAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,OAAO,CAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,OAAO,QAAA,KAAa,QAAA;AACnE,QAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,KAAW,UAAA,CAAW,MAAA;AAClD,QAAA,MAAM,WAAA,GACJ,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,OAAA;AAC5F,QAAA,gBAAA,GAAmB,OAAA,KAAY,YAAA,IAAgB,WAAA,CAAA,GAAe,UAAA,GAAa,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MACvF,CAAA,CAAA,MAAQ;AACN,QAAA,gBAAA,GAAmB,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MAC/B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,gBAAA,GAAmB,CAAA,EAAG,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,OAAO,QAAA,CAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,6BAA6B,GAAG,CAAA;AAAA,MAC9E;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,OAAQ,IAAA,CAAa,uBAAA,KAA4B,UAAA,EAAY;AAC/D,QAAC,IAAA,CAAa,wBAAwB,eAAe,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAM,OAAO,CAAA;AACvD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAGpB,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,gBAAgB,CAAA;AAGxC,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF,WAAW,mBAAA,CAAsC,IAAA,EAAM,eAAe,CAAA,IAAK,OAAO,MAAA,EAAQ;AAExF,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,KAAK,EAAA,EAAI;AAAA,UAChD,WAAA,EAAa,OAAO,MAAA,CAAO,WAAA;AAAA,UAC3B,YAAA,EAAc,OAAO,MAAA,CAAO,YAAA;AAAA,UAC5B,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,UACzB,gBAAiB,IAAA,CAAa;AAAA,SAC/B,CAAA;AACD,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA;AACrD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AAEd,MAAA,MAAM,eAAe,kBAAA,CAAmB,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,eAAe,CAAA;AAChG,MAAA,OAAO,SAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,CAAA,OAAA,EAAU,YAAY,IAAI,GAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AACF,CAAC;AAMM,IAAM,oBAAoB,iBAAA,CAAkB;AAAA,EACjD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,cAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,OAAA,EAAS,QAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAE5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,UACrD,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAGA,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EAAG;AAC1E,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,QAAA,IAAI,SAAA,IAAa,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AAC9E,UAAA,MAAM,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,QACrC;AAAA,MACF;AAGA,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,cAAc,CAAA,IAAK,KAAK,YAAA,EAAc;AAEhF,QAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,CAAa,QAAQ,OAAO,CAAA;AACzD,QAAA,UAAA,GAAa,SAAA,IAAa,MAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,wBAAwB,CAAA,EAAG;AACzE,QAAA,MAAM,YAAA,GAAe,KAAK,sBAAA,EAAuB;AACjD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AACvD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,CAAA,EAAG;AAAA,QACjE,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,mBAAmB,CAAA;AAAA,IAC/C;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiC,iBAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAY,2BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,+CAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,UAAS,GAAI,GAAA;AAE7C,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,UAAU,OAAO,CAAA;AACzD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiB,eAAe,MAAM,KAAA;AAE1C,MAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,IACvE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiC,iBAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAY,2BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,MAAK,GAAI,GAAA;AAEnD,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,OAAO,KAAA,EAAO,QAAA,EAAU,MAAM,OAAO,CAAA;AAC/D,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiB,eAAe,MAAM,KAAA;AAC1C,MAAA,MAAMA,UAAU,GAAA,CAAY,MAAA;AAC5B,MAAAA,OAAAA,EAAQ,SAAA,IAAY,EAAG,KAAA,CAAM,eAAA,EAAiB;AAAA,QAC5C,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,EAAE,OAAA,EAAS,MAAM,OAAA,EAAS,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI;AAAA,OAClF,CAAA;AACD,MAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,4BAA4B,CAAA;AAAA,IACtE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,WAAA,GAAc;AAAA,EACzB,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,iBAAA;AAAA,EACA,8BAAA;AAAA,EACA;AACF","file":"chunk-P63CP2ZR.js","sourcesContent":["/**\n * Auth handlers for EE authentication capabilities.\n *\n * These routes enable Studio to:\n * - Detect available auth capabilities\n * - Initiate SSO login flows\n * - Handle OAuth callbacks\n * - Logout users\n */\n\nimport type {\n  IUserProvider,\n  ISessionProvider,\n  ISSOProvider,\n  ICredentialsProvider,\n  SSOCallbackResult,\n} from '@mastra/core/auth';\nimport type { IRBACProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { MastraAuthProvider } from '@mastra/core/server';\n\nimport { HTTPException } from '../http-exception';\nimport {\n  capabilitiesResponseSchema,\n  ssoLoginQuerySchema,\n  ssoCallbackQuerySchema,\n  currentUserResponseSchema,\n  credentialsSignInBodySchema,\n  credentialsSignUpBodySchema,\n} from '../schemas/auth';\nimport { createPublicRoute } from '../server-adapter/routes/route-builder';\nimport { handleError } from './error';\n\ntype BuildCapabilitiesFn = (auth: any, request: Request, options?: { rbac?: any; apiPrefix?: string }) => Promise<any>;\nlet _buildCapabilitiesPromise: Promise<BuildCapabilitiesFn | undefined> | undefined;\nfunction loadBuildCapabilities(): Promise<BuildCapabilitiesFn | undefined> {\n  if (!_buildCapabilitiesPromise) {\n    _buildCapabilitiesPromise = import('@mastra/core/auth/ee')\n      .then(m => m.buildCapabilities as BuildCapabilitiesFn)\n      .catch(() => {\n        console.error(\n          '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n        );\n        return undefined;\n      });\n  }\n  return _buildCapabilitiesPromise;\n}\n\n/**\n * Helper to get auth provider from Mastra instance.\n */\nfunction getAuthProvider(mastra: any): MastraAuthProvider | null {\n  const serverConfig = mastra.getServer?.();\n  if (!serverConfig?.auth) return null;\n\n  // Auth can be either MastraAuthConfig or MastraAuthProvider\n  // If it has authenticateToken method, it's a provider\n  if (typeof serverConfig.auth.authenticateToken === 'function') {\n    return serverConfig.auth as MastraAuthProvider;\n  }\n\n  return null;\n}\n\n/**\n * Get the public-facing origin from a request, respecting reverse proxy headers.\n * Behind a proxy (e.g. edge router), request.url contains the internal hostname.\n * X-Forwarded-Host tells us the real public hostname.\n * Always uses https when behind a proxy — Knative's queue-proxy overwrites\n * X-Forwarded-Proto based on the internal HTTP connection, so it's unreliable.\n */\nexport function getPublicOrigin(request: Request): string {\n  const forwardedHost = request.headers.get('x-forwarded-host')?.split(',')[0]?.trim();\n  if (forwardedHost) {\n    return `https://${forwardedHost}`;\n  }\n  return new URL(request.url).origin;\n}\n\n/**\n * Helper to get RBAC provider from Mastra server config.\n */\nfunction getRBACProvider(mastra: any): IRBACProvider<EEUser> | undefined {\n  const serverConfig = mastra.getServer?.();\n  return serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n}\n\n/**\n * Type guard to check if auth provider implements an interface.\n */\nfunction implementsInterface<T>(auth: unknown, method: keyof T): auth is T {\n  return auth !== null && typeof auth === 'object' && method in auth;\n}\n\n// ============================================================================\n// GET /auth/capabilities\n// ============================================================================\n\nexport const GET_AUTH_CAPABILITIES_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/capabilities',\n  responseType: 'json',\n  responseSchema: capabilitiesResponseSchema,\n  summary: 'Get auth capabilities',\n  description:\n    'Returns authentication capabilities and current user info. Used by Studio to determine available features and user state.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, request, routePrefix } = ctx as any;\n\n      const auth = getAuthProvider(mastra);\n\n      if (!auth) {\n        return { enabled: false, login: null };\n      }\n\n      const rbac = getRBACProvider(mastra);\n\n      const buildCapabilities = await loadBuildCapabilities();\n      if (!buildCapabilities) {\n        return { enabled: false, login: null };\n      }\n      const capabilities = await buildCapabilities(auth, request, { rbac, apiPrefix: routePrefix });\n\n      return capabilities;\n    } catch (error) {\n      return handleError(error, 'Error getting auth capabilities');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/me\n// ============================================================================\n\nexport const GET_CURRENT_USER_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/me',\n  responseType: 'json',\n  responseSchema: currentUserResponseSchema,\n  summary: 'Get current user',\n  description: 'Returns the currently authenticated user, or null if not authenticated.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, request } = ctx as any;\n      const auth = getAuthProvider(mastra);\n      const rbac = getRBACProvider(mastra);\n\n      if (!auth || !implementsInterface<IUserProvider>(auth, 'getCurrentUser')) {\n        return null;\n      }\n\n      const user = await auth.getCurrentUser(request);\n      if (!user) return null;\n\n      // Get roles/permissions from RBAC provider if available\n      let roles: string[] | undefined;\n      let permissions: string[] | undefined;\n\n      if (rbac) {\n        try {\n          roles = await rbac.getRoles(user);\n          permissions = await rbac.getPermissions(user);\n        } catch {\n          // RBAC not available or failed\n        }\n      }\n\n      return {\n        id: user.id,\n        email: user.email,\n        name: user.name,\n        avatarUrl: user.avatarUrl,\n        roles,\n        permissions,\n      };\n    } catch (error) {\n      return handleError(error, 'Error getting current user');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/sso/login\n// ============================================================================\n\nexport const GET_SSO_LOGIN_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/sso/login',\n  responseType: 'datastream-response',\n  queryParamSchema: ssoLoginQuerySchema,\n  summary: 'Initiate SSO login',\n  description: 'Returns the SSO login URL and sets PKCE cookies if needed.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, redirect_uri, request, routePrefix } = ctx as any;\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ISSOProvider>(auth, 'getLoginUrl')) {\n        throw new HTTPException(404, { message: 'SSO not configured' });\n      }\n\n      // Build OAuth callback URI using the configured route prefix\n      const origin = getPublicOrigin(request);\n      const raw = ((routePrefix as string) || '/api').trim();\n      const withSlash = raw.startsWith('/') ? raw : `/${raw}`;\n      const prefix = withSlash.endsWith('/') ? withSlash.slice(0, -1) : withSlash;\n      const oauthCallbackUri = `${origin}${prefix}/auth/sso/callback`;\n\n      // Encode the post-login redirect in state (where user goes after auth completes)\n      // State format: uuid|postLoginRedirect\n      // Validate redirect_uri to prevent open-redirect attacks: allow relative paths,\n      // same-origin URLs, and localhost URLs (for dev setups where Studio runs on a\n      // different port).\n      let postLoginRedirect = '/';\n      if (redirect_uri) {\n        if (!redirect_uri.startsWith('http')) {\n          // Relative path — always safe\n          postLoginRedirect = redirect_uri;\n        } else {\n          try {\n            const redirectUrl = new URL(redirect_uri);\n            const requestOrigin = new URL(origin);\n            const isHttps = redirectUrl.protocol === 'http:' || redirectUrl.protocol === 'https:';\n            const isSameOrigin = redirectUrl.origin === requestOrigin.origin;\n            const isLocalhost =\n              redirectUrl.hostname === 'localhost' ||\n              redirectUrl.hostname === '127.0.0.1' ||\n              redirectUrl.hostname === '[::1]';\n            if (isHttps && (isSameOrigin || isLocalhost)) {\n              postLoginRedirect = redirect_uri;\n            }\n          } catch {\n            // Malformed URL — fall back to /\n          }\n        }\n      }\n      const stateId = crypto.randomUUID();\n      const state = `${stateId}|${encodeURIComponent(postLoginRedirect)}`;\n\n      const loginUrl = auth.getLoginUrl(oauthCallbackUri, state);\n\n      // Build response with optional PKCE cookies\n      const headers = new Headers({ 'Content-Type': 'application/json' });\n\n      // Check for PKCE cookies (e.g., MastraCloudAuthProvider)\n      if (implementsInterface<ISSOProvider>(auth, 'getLoginCookies') && auth.getLoginCookies) {\n        const cookies = auth.getLoginCookies(oauthCallbackUri, state);\n        if (cookies?.length) {\n          // PKCE cookies set for SSO state management\n          for (const cookie of cookies) {\n            headers.append('Set-Cookie', cookie);\n          }\n        }\n      }\n\n      return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });\n    } catch (error) {\n      return handleError(error, 'Error initiating SSO login');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/sso/callback\n// ============================================================================\n\nexport const GET_SSO_CALLBACK_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/sso/callback',\n  responseType: 'datastream-response',\n  queryParamSchema: ssoCallbackQuerySchema,\n  summary: 'Handle SSO callback',\n  description: 'Handles the OAuth callback, exchanges code for session, and redirects to the app.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, code, state, request } = ctx as any;\n\n    // Build base URL for redirects (Response.redirect requires absolute URL)\n    const baseUrl = getPublicOrigin(request);\n\n    // Extract post-login redirect from state (format: uuid|encodedRedirect)\n    let redirectTo = '/';\n    let stateId = state || '';\n    if (state && state.includes('|')) {\n      const [id, encodedRedirect] = state.split('|', 2);\n      stateId = id;\n      try {\n        redirectTo = decodeURIComponent(encodedRedirect);\n      } catch {\n        redirectTo = '/';\n      }\n    }\n\n    // Build absolute redirect URL.\n    // The redirect_uri was validated at the login endpoint (same-origin or localhost\n    // only), so the state should only contain safe URLs. We still apply defense-in-depth\n    // checks here: allow http(s) same-origin or localhost, reject everything else.\n    let absoluteRedirect: string;\n    if (redirectTo.startsWith('http')) {\n      try {\n        const parsed = new URL(redirectTo);\n        const baseOrigin = new URL(baseUrl);\n        const isHttps = parsed.protocol === 'http:' || parsed.protocol === 'https:';\n        const isSameOrigin = parsed.origin === baseOrigin.origin;\n        const isLocalhost =\n          parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1' || parsed.hostname === '[::1]';\n        absoluteRedirect = isHttps && (isSameOrigin || isLocalhost) ? redirectTo : `${baseUrl}/`;\n      } catch {\n        absoluteRedirect = `${baseUrl}/`;\n      }\n    } else {\n      absoluteRedirect = `${baseUrl}${redirectTo}`;\n    }\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n        return Response.redirect(`${absoluteRedirect}?error=sso_not_configured`, 302);\n      }\n\n      // Pass cookie header to provider for PKCE validation (if supported)\n      const reqCookieHeader = request.headers.get('cookie');\n      if (typeof (auth as any).setCallbackCookieHeader === 'function') {\n        (auth as any).setCallbackCookieHeader(reqCookieHeader);\n      }\n\n      const result = (await auth.handleCallback(code, stateId)) as SSOCallbackResult<EEUser>;\n      const user = result.user as EEUser;\n\n      // Build response headers (session cookies, etc.)\n      const headers = new Headers();\n      headers.set('Location', absoluteRedirect);\n\n      // Set session cookies from the SSO result\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      } else if (implementsInterface<ISessionProvider>(auth, 'createSession') && result.tokens) {\n        // Fallback: Create session manually for providers without cookie support\n        const session = await auth.createSession(user.id, {\n          accessToken: result.tokens.accessToken,\n          refreshToken: result.tokens.refreshToken,\n          expiresAt: result.tokens.expiresAt,\n          organizationId: (user as any).organizationId,\n        });\n        const sessionHeaders = auth.getSessionHeaders(session);\n        for (const [key, value] of Object.entries(sessionHeaders)) {\n          headers.append(key, value);\n        }\n      }\n\n      return new Response(null, {\n        status: 302,\n        headers,\n      });\n    } catch (error) {\n      // Redirect with error (use absolute URL)\n      const errorMessage = encodeURIComponent(error instanceof Error ? error.message : 'Unknown error');\n      return Response.redirect(`${absoluteRedirect}?error=${errorMessage}`, 302);\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/logout\n// ============================================================================\n\nexport const POST_LOGOUT_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/logout',\n  responseType: 'datastream-response',\n  summary: 'Logout',\n  description: 'Destroys the current session and returns logout redirect URL if available.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth) {\n        return new Response(JSON.stringify({ success: true }), {\n          status: 200,\n          headers: { 'Content-Type': 'application/json' },\n        });\n      }\n\n      // Get session ID and destroy it\n      if (implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')) {\n        const sessionId = auth.getSessionIdFromRequest(request);\n        if (sessionId && implementsInterface<ISessionProvider>(auth, 'destroySession')) {\n          await auth.destroySession(sessionId);\n        }\n      }\n\n      // Get logout URL if available\n      let redirectTo: string | undefined;\n      if (implementsInterface<ISSOProvider>(auth, 'getLogoutUrl') && auth.getLogoutUrl) {\n        // Use public origin (respects X-Forwarded-Host behind reverse proxy)\n        const origin = getPublicOrigin(request);\n        const logoutUrl = await auth.getLogoutUrl(origin, request);\n        redirectTo = logoutUrl ?? undefined;\n      }\n\n      // Build response with session clearing headers\n      const headers = new Headers({ 'Content-Type': 'application/json' });\n\n      // Clear session cookie\n      if (implementsInterface<ISessionProvider>(auth, 'getClearSessionHeaders')) {\n        const clearHeaders = auth.getClearSessionHeaders();\n        for (const [key, value] of Object.entries(clearHeaders)) {\n          headers.append(key, value);\n        }\n      }\n\n      return new Response(JSON.stringify({ success: true, redirectTo }), {\n        status: 200,\n        headers,\n      });\n    } catch (error) {\n      return handleError(error, 'Error logging out');\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-in\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_IN_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/credentials/sign-in',\n  responseType: 'datastream-response',\n  bodySchema: credentialsSignInBodySchema,\n  summary: 'Sign in with credentials',\n  description: 'Authenticates a user with email and password.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request, email, password } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signIn')) {\n        throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n      }\n\n      const result = await auth.signIn(email, password, request);\n      const user = result.user as EEUser;\n\n      const responseBody = JSON.stringify({\n        user: {\n          id: user.id,\n          email: user.email,\n          name: user.name,\n          avatarUrl: user.avatarUrl,\n        },\n        token: result.token,\n      });\n\n      // Build response headers, including cookies from the auth provider\n      const headers = new Headers({\n        'Content-Type': 'application/json',\n      });\n\n      // Forward session cookies from the auth provider\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      }\n\n      return new Response(responseBody, { status: 200, headers });\n    } catch (error) {\n      if (error instanceof HTTPException) throw error;\n      // Return a generic error for auth failures to avoid leaking info\n      throw new HTTPException(401, { message: 'Invalid email or password' });\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-up\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_UP_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/credentials/sign-up',\n  responseType: 'datastream-response',\n  bodySchema: credentialsSignUpBodySchema,\n  summary: 'Sign up with credentials',\n  description: 'Creates a new user account with email and password.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request, email, password, name } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signUp')) {\n        throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n      }\n\n      const result = await auth.signUp(email, password, name, request);\n      const user = result.user as EEUser;\n\n      const responseBody = JSON.stringify({\n        user: {\n          id: user.id,\n          email: user.email,\n          name: user.name,\n          avatarUrl: user.avatarUrl,\n        },\n        token: result.token,\n      });\n\n      // Build response headers, including cookies from the auth provider\n      const headers = new Headers({\n        'Content-Type': 'application/json',\n      });\n\n      // Forward session cookies from the auth provider\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      }\n\n      return new Response(responseBody, { status: 200, headers });\n    } catch (error) {\n      if (error instanceof HTTPException) throw error;\n      const mastra = (ctx as any).mastra;\n      mastra?.getLogger?.()?.error('Sign-up error', {\n        error: error instanceof Error ? { message: error.message, stack: error.stack } : error,\n      });\n      throw new HTTPException(400, { message: 'Failed to create account' });\n    }\n  },\n});\n\n// ============================================================================\n// Export all auth routes\n// ============================================================================\n\nexport const AUTH_ROUTES = [\n  GET_AUTH_CAPABILITIES_ROUTE,\n  GET_CURRENT_USER_ROUTE,\n  GET_SSO_LOGIN_ROUTE,\n  GET_SSO_CALLBACK_ROUTE,\n  POST_LOGOUT_ROUTE,\n  POST_CREDENTIALS_SIGN_IN_ROUTE,\n  POST_CREDENTIALS_SIGN_UP_ROUTE,\n] as const;\n"]}
+{"version":3,"sources":["../src/server/handlers/auth.ts"],"names":["mastra"],"mappings":";;;;;;AAiCA,IAAI,yBAAA;AACJ,SAAS,qBAAA,GAAkE;AACzE,EAAA,IAAI,CAAC,yBAAA,EAA2B;AAC9B,IAAA,yBAAA,GAA4B,OAAO,sBAAsB,CAAA,CACtD,IAAA,CAAK,OAAK,CAAA,CAAE,iBAAwC,CAAA,CACpD,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,yBAAA;AACT;AAKA,SAAS,gBAAgB,MAAA,EAAwC;AAC/D,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAM,OAAO,IAAA;AAIhC,EAAA,IAAI,OAAO,YAAA,CAAa,IAAA,CAAK,iBAAA,KAAsB,UAAA,EAAY;AAC7D,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AASO,SAAS,gBAAgB,OAAA,EAA0B;AACxD,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACnF,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,OAAO,WAAW,aAAa,CAAA,CAAA;AAAA,EACjC;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,MAAA;AAC9B;AAKA,SAAS,gBAAgB,MAAA,EAAgD;AACvE,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,IAAA;AACvB;AAKA,SAAS,mBAAA,CAAuB,MAAe,MAAA,EAA4B;AACzE,EAAA,OAAO,IAAA,KAAS,IAAA,IAAQ,OAAO,IAAA,KAAS,YAAY,MAAA,IAAU,IAAA;AAChE;AAMO,IAAM,8BAA8B,iBAAA,CAAkB;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,0BAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,GAAA;AAEzC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,EAAsB;AACtD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AACA,MAAA,MAAM,YAAA,GAAe,MAAM,iBAAA,CAAkB,IAAA,EAAM,SAAS,EAAE,IAAA,EAAM,SAAA,EAAW,WAAA,EAAa,CAAA;AAE5F,MAAA,OAAO,YAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyB,iBAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,UAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,yBAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAmC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACxE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,cAAA,CAAe,OAAO,CAAA;AAC9C,MAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAGlB,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,WAAA;AAEJ,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAI;AACF,UAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAChC,UAAA,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAAA,QAC9C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,IAAA,CAAK,EAAA;AAAA,QACT,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,WAAW,IAAA,CAAK,SAAA;AAAA,QAChB,KAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,sBAAsB,iBAAA,CAAkB;AAAA,EACnD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkB,mBAAA;AAAA,EAClB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,4DAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,YAAA,EAAc,OAAA,EAAS,aAAY,GAAI,GAAA;AACvD,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,aAAa,CAAA,EAAG;AACpE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,MAChE;AAGA,MAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,MAAA,MAAM,GAAA,GAAA,CAAQ,WAAA,IAA0B,MAAA,EAAQ,IAAA,EAAK;AACrD,MAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,GAAI,GAAA,GAAM,IAAI,GAAG,CAAA,CAAA;AACrD,MAAA,MAAM,MAAA,GAAS,UAAU,QAAA,CAAS,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,SAAA;AAClE,MAAA,MAAM,gBAAA,GAAmB,CAAA,EAAG,MAAM,CAAA,EAAG,MAAM,CAAA,kBAAA,CAAA;AAO3C,MAAA,IAAI,iBAAA,GAAoB,GAAA;AACxB,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,YAAA,CAAa,UAAA,CAAW,MAAM,CAAA,EAAG;AAEpC,UAAA,iBAAA,GAAoB,YAAA;AAAA,QACtB,CAAA,MAAO;AACL,UAAA,IAAI;AACF,YAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,YAAY,CAAA;AACxC,YAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,MAAM,CAAA;AACpC,YAAA,MAAM,OAAA,GAAU,WAAA,CAAY,QAAA,KAAa,OAAA,IAAW,YAAY,QAAA,KAAa,QAAA;AAC7E,YAAA,MAAM,YAAA,GAAe,WAAA,CAAY,MAAA,KAAW,aAAA,CAAc,MAAA;AAC1D,YAAA,MAAM,WAAA,GACJ,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,OAAA;AAC3B,YAAA,IAAI,OAAA,KAAY,gBAAgB,WAAA,CAAA,EAAc;AAC5C,cAAA,iBAAA,GAAoB,YAAA;AAAA,YACtB;AAAA,UACF,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AACA,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,kBAAA,CAAmB,iBAAiB,CAAC,CAAA,CAAA;AAEjE,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,gBAAA,EAAkB,KAAK,CAAA;AAGzD,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,iBAAiB,CAAA,IAAK,KAAK,eAAA,EAAiB;AACtF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,CAAgB,gBAAA,EAAkB,KAAK,CAAA;AAC5D,QAAA,IAAI,SAAS,MAAA,EAAQ;AAEnB,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,UACrC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,GAAA,EAAK,QAAA,EAAU,CAAA,EAAG,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IACjF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyB,iBAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkB,sBAAA;AAAA,EAClB,OAAA,EAAS,qBAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,SAAQ,GAAI,GAAA;AAGzC,IAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AAGvC,IAAA,IAAI,UAAA,GAAa,GAAA;AACjB,IAAA,IAAI,UAAU,KAAA,IAAS,EAAA;AACvB,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,MAAA,MAAM,CAAC,EAAA,EAAI,eAAe,IAAI,KAAA,CAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAChD,MAAA,OAAA,GAAU,EAAA;AACV,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,mBAAmB,eAAe,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,UAAA,GAAa,GAAA;AAAA,MACf;AAAA,IACF;AAMA,IAAA,IAAI,gBAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,OAAO,CAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,OAAO,QAAA,KAAa,QAAA;AACnE,QAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,KAAW,UAAA,CAAW,MAAA;AAClD,QAAA,MAAM,WAAA,GACJ,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,OAAA;AAC5F,QAAA,gBAAA,GAAmB,OAAA,KAAY,YAAA,IAAgB,WAAA,CAAA,GAAe,UAAA,GAAa,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MACvF,CAAA,CAAA,MAAQ;AACN,QAAA,gBAAA,GAAmB,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MAC/B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,gBAAA,GAAmB,CAAA,EAAG,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,OAAO,QAAA,CAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,6BAA6B,GAAG,CAAA;AAAA,MAC9E;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,OAAQ,IAAA,CAAa,uBAAA,KAA4B,UAAA,EAAY;AAC/D,QAAC,IAAA,CAAa,wBAAwB,eAAe,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAM,OAAO,CAAA;AACvD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAGpB,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,gBAAgB,CAAA;AAGxC,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF,WAAW,mBAAA,CAAsC,IAAA,EAAM,eAAe,CAAA,IAAK,OAAO,MAAA,EAAQ;AAExF,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,KAAK,EAAA,EAAI;AAAA,UAChD,WAAA,EAAa,OAAO,MAAA,CAAO,WAAA;AAAA,UAC3B,YAAA,EAAc,OAAO,MAAA,CAAO,YAAA;AAAA,UAC5B,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,UACzB,gBAAiB,IAAA,CAAa;AAAA,SAC/B,CAAA;AACD,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA;AACrD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AAEd,MAAA,MAAM,eAAe,kBAAA,CAAmB,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,eAAe,CAAA;AAChG,MAAA,OAAO,SAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,CAAA,OAAA,EAAU,YAAY,IAAI,GAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AACF,CAAC;AAMM,IAAM,oBAAoB,iBAAA,CAAkB;AAAA,EACjD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,cAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,OAAA,EAAS,QAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAE5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,UACrD,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAGA,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EAAG;AAC1E,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,QAAA,IAAI,SAAA,IAAa,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AAC9E,UAAA,MAAM,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,QACrC;AAAA,MACF;AAGA,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,cAAc,CAAA,IAAK,KAAK,YAAA,EAAc;AAEhF,QAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,CAAa,QAAQ,OAAO,CAAA;AACzD,QAAA,UAAA,GAAa,SAAA,IAAa,MAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,wBAAwB,CAAA,EAAG;AACzE,QAAA,MAAM,YAAA,GAAe,KAAK,sBAAA,EAAuB;AACjD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AACvD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,CAAA,EAAG;AAAA,QACjE,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,mBAAmB,CAAA;AAAA,IAC/C;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiC,iBAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAY,2BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,+CAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,UAAS,GAAI,GAAA;AAE7C,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,UAAU,OAAO,CAAA;AACzD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiB,eAAe,MAAM,KAAA;AAE1C,MAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,IACvE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiC,iBAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAY,2BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,MAAK,GAAI,GAAA;AAEnD,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,OAAO,KAAA,EAAO,QAAA,EAAU,MAAM,OAAO,CAAA;AAC/D,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiB,eAAe,MAAM,KAAA;AAC1C,MAAA,MAAMA,UAAU,GAAA,CAAY,MAAA;AAC5B,MAAAA,OAAAA,EAAQ,SAAA,IAAY,EAAG,KAAA,CAAM,eAAA,EAAiB;AAAA,QAC5C,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,EAAE,OAAA,EAAS,MAAM,OAAA,EAAS,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI;AAAA,OAClF,CAAA;AACD,MAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,4BAA4B,CAAA;AAAA,IACtE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,WAAA,GAAc;AAAA,EACzB,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,iBAAA;AAAA,EACA,8BAAA;AAAA,EACA;AACF","file":"chunk-WOU6ROOP.js","sourcesContent":["/**\n * Auth handlers for EE authentication capabilities.\n *\n * These routes enable Studio to:\n * - Detect available auth capabilities\n * - Initiate SSO login flows\n * - Handle OAuth callbacks\n * - Logout users\n */\n\nimport type {\n  IUserProvider,\n  ISessionProvider,\n  ISSOProvider,\n  ICredentialsProvider,\n  SSOCallbackResult,\n} from '@mastra/core/auth';\nimport type { IRBACProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { MastraAuthProvider } from '@mastra/core/server';\n\nimport { HTTPException } from '../http-exception';\nimport {\n  capabilitiesResponseSchema,\n  ssoLoginQuerySchema,\n  ssoCallbackQuerySchema,\n  currentUserResponseSchema,\n  credentialsSignInBodySchema,\n  credentialsSignUpBodySchema,\n} from '../schemas/auth';\nimport { createPublicRoute } from '../server-adapter/routes/route-builder';\nimport { handleError } from './error';\n\ntype BuildCapabilitiesFn = (auth: any, request: Request, options?: { rbac?: any; apiPrefix?: string }) => Promise<any>;\nlet _buildCapabilitiesPromise: Promise<BuildCapabilitiesFn | undefined> | undefined;\nfunction loadBuildCapabilities(): Promise<BuildCapabilitiesFn | undefined> {\n  if (!_buildCapabilitiesPromise) {\n    _buildCapabilitiesPromise = import('@mastra/core/auth/ee')\n      .then(m => m.buildCapabilities as BuildCapabilitiesFn)\n      .catch(() => {\n        console.error(\n          '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n        );\n        return undefined;\n      });\n  }\n  return _buildCapabilitiesPromise;\n}\n\n/**\n * Helper to get auth provider from Mastra instance.\n */\nfunction getAuthProvider(mastra: any): MastraAuthProvider | null {\n  const serverConfig = mastra.getServer?.();\n  if (!serverConfig?.auth) return null;\n\n  // Auth can be either MastraAuthConfig or MastraAuthProvider\n  // If it has authenticateToken method, it's a provider\n  if (typeof serverConfig.auth.authenticateToken === 'function') {\n    return serverConfig.auth as MastraAuthProvider;\n  }\n\n  return null;\n}\n\n/**\n * Get the public-facing origin from a request, respecting reverse proxy headers.\n * Behind a proxy (e.g. edge router), request.url contains the internal hostname.\n * X-Forwarded-Host tells us the real public hostname.\n * Always uses https when behind a proxy — Knative's queue-proxy overwrites\n * X-Forwarded-Proto based on the internal HTTP connection, so it's unreliable.\n */\nexport function getPublicOrigin(request: Request): string {\n  const forwardedHost = request.headers.get('x-forwarded-host')?.split(',')[0]?.trim();\n  if (forwardedHost) {\n    return `https://${forwardedHost}`;\n  }\n  return new URL(request.url).origin;\n}\n\n/**\n * Helper to get RBAC provider from Mastra server config.\n */\nfunction getRBACProvider(mastra: any): IRBACProvider<EEUser> | undefined {\n  const serverConfig = mastra.getServer?.();\n  return serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n}\n\n/**\n * Type guard to check if auth provider implements an interface.\n */\nfunction implementsInterface<T>(auth: unknown, method: keyof T): auth is T {\n  return auth !== null && typeof auth === 'object' && method in auth;\n}\n\n// ============================================================================\n// GET /auth/capabilities\n// ============================================================================\n\nexport const GET_AUTH_CAPABILITIES_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/capabilities',\n  responseType: 'json',\n  responseSchema: capabilitiesResponseSchema,\n  summary: 'Get auth capabilities',\n  description:\n    'Returns authentication capabilities and current user info. Used by Studio to determine available features and user state.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, request, routePrefix } = ctx as any;\n\n      const auth = getAuthProvider(mastra);\n\n      if (!auth) {\n        return { enabled: false, login: null };\n      }\n\n      const rbac = getRBACProvider(mastra);\n\n      const buildCapabilities = await loadBuildCapabilities();\n      if (!buildCapabilities) {\n        return { enabled: false, login: null };\n      }\n      const capabilities = await buildCapabilities(auth, request, { rbac, apiPrefix: routePrefix });\n\n      return capabilities;\n    } catch (error) {\n      return handleError(error, 'Error getting auth capabilities');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/me\n// ============================================================================\n\nexport const GET_CURRENT_USER_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/me',\n  responseType: 'json',\n  responseSchema: currentUserResponseSchema,\n  summary: 'Get current user',\n  description: 'Returns the currently authenticated user, or null if not authenticated.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, request } = ctx as any;\n      const auth = getAuthProvider(mastra);\n      const rbac = getRBACProvider(mastra);\n\n      if (!auth || !implementsInterface<IUserProvider>(auth, 'getCurrentUser')) {\n        return null;\n      }\n\n      const user = await auth.getCurrentUser(request);\n      if (!user) return null;\n\n      // Get roles/permissions from RBAC provider if available\n      let roles: string[] | undefined;\n      let permissions: string[] | undefined;\n\n      if (rbac) {\n        try {\n          roles = await rbac.getRoles(user);\n          permissions = await rbac.getPermissions(user);\n        } catch {\n          // RBAC not available or failed\n        }\n      }\n\n      return {\n        id: user.id,\n        email: user.email,\n        name: user.name,\n        avatarUrl: user.avatarUrl,\n        roles,\n        permissions,\n      };\n    } catch (error) {\n      return handleError(error, 'Error getting current user');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/sso/login\n// ============================================================================\n\nexport const GET_SSO_LOGIN_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/sso/login',\n  responseType: 'datastream-response',\n  queryParamSchema: ssoLoginQuerySchema,\n  summary: 'Initiate SSO login',\n  description: 'Returns the SSO login URL and sets PKCE cookies if needed.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, redirect_uri, request, routePrefix } = ctx as any;\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ISSOProvider>(auth, 'getLoginUrl')) {\n        throw new HTTPException(404, { message: 'SSO not configured' });\n      }\n\n      // Build OAuth callback URI using the configured route prefix\n      const origin = getPublicOrigin(request);\n      const raw = ((routePrefix as string) || '/api').trim();\n      const withSlash = raw.startsWith('/') ? raw : `/${raw}`;\n      const prefix = withSlash.endsWith('/') ? withSlash.slice(0, -1) : withSlash;\n      const oauthCallbackUri = `${origin}${prefix}/auth/sso/callback`;\n\n      // Encode the post-login redirect in state (where user goes after auth completes)\n      // State format: uuid|postLoginRedirect\n      // Validate redirect_uri to prevent open-redirect attacks: allow relative paths,\n      // same-origin URLs, and localhost URLs (for dev setups where Studio runs on a\n      // different port).\n      let postLoginRedirect = '/';\n      if (redirect_uri) {\n        if (!redirect_uri.startsWith('http')) {\n          // Relative path — always safe\n          postLoginRedirect = redirect_uri;\n        } else {\n          try {\n            const redirectUrl = new URL(redirect_uri);\n            const requestOrigin = new URL(origin);\n            const isHttps = redirectUrl.protocol === 'http:' || redirectUrl.protocol === 'https:';\n            const isSameOrigin = redirectUrl.origin === requestOrigin.origin;\n            const isLocalhost =\n              redirectUrl.hostname === 'localhost' ||\n              redirectUrl.hostname === '127.0.0.1' ||\n              redirectUrl.hostname === '[::1]';\n            if (isHttps && (isSameOrigin || isLocalhost)) {\n              postLoginRedirect = redirect_uri;\n            }\n          } catch {\n            // Malformed URL — fall back to /\n          }\n        }\n      }\n      const stateId = crypto.randomUUID();\n      const state = `${stateId}|${encodeURIComponent(postLoginRedirect)}`;\n\n      const loginUrl = auth.getLoginUrl(oauthCallbackUri, state);\n\n      // Build response with optional PKCE cookies\n      const headers = new Headers({ 'Content-Type': 'application/json' });\n\n      // Check for PKCE cookies (e.g., MastraCloudAuthProvider)\n      if (implementsInterface<ISSOProvider>(auth, 'getLoginCookies') && auth.getLoginCookies) {\n        const cookies = auth.getLoginCookies(oauthCallbackUri, state);\n        if (cookies?.length) {\n          // PKCE cookies set for SSO state management\n          for (const cookie of cookies) {\n            headers.append('Set-Cookie', cookie);\n          }\n        }\n      }\n\n      return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });\n    } catch (error) {\n      return handleError(error, 'Error initiating SSO login');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/sso/callback\n// ============================================================================\n\nexport const GET_SSO_CALLBACK_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/sso/callback',\n  responseType: 'datastream-response',\n  queryParamSchema: ssoCallbackQuerySchema,\n  summary: 'Handle SSO callback',\n  description: 'Handles the OAuth callback, exchanges code for session, and redirects to the app.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, code, state, request } = ctx as any;\n\n    // Build base URL for redirects (Response.redirect requires absolute URL)\n    const baseUrl = getPublicOrigin(request);\n\n    // Extract post-login redirect from state (format: uuid|encodedRedirect)\n    let redirectTo = '/';\n    let stateId = state || '';\n    if (state && state.includes('|')) {\n      const [id, encodedRedirect] = state.split('|', 2);\n      stateId = id;\n      try {\n        redirectTo = decodeURIComponent(encodedRedirect);\n      } catch {\n        redirectTo = '/';\n      }\n    }\n\n    // Build absolute redirect URL.\n    // The redirect_uri was validated at the login endpoint (same-origin or localhost\n    // only), so the state should only contain safe URLs. We still apply defense-in-depth\n    // checks here: allow http(s) same-origin or localhost, reject everything else.\n    let absoluteRedirect: string;\n    if (redirectTo.startsWith('http')) {\n      try {\n        const parsed = new URL(redirectTo);\n        const baseOrigin = new URL(baseUrl);\n        const isHttps = parsed.protocol === 'http:' || parsed.protocol === 'https:';\n        const isSameOrigin = parsed.origin === baseOrigin.origin;\n        const isLocalhost =\n          parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1' || parsed.hostname === '[::1]';\n        absoluteRedirect = isHttps && (isSameOrigin || isLocalhost) ? redirectTo : `${baseUrl}/`;\n      } catch {\n        absoluteRedirect = `${baseUrl}/`;\n      }\n    } else {\n      absoluteRedirect = `${baseUrl}${redirectTo}`;\n    }\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n        return Response.redirect(`${absoluteRedirect}?error=sso_not_configured`, 302);\n      }\n\n      // Pass cookie header to provider for PKCE validation (if supported)\n      const reqCookieHeader = request.headers.get('cookie');\n      if (typeof (auth as any).setCallbackCookieHeader === 'function') {\n        (auth as any).setCallbackCookieHeader(reqCookieHeader);\n      }\n\n      const result = (await auth.handleCallback(code, stateId)) as SSOCallbackResult<EEUser>;\n      const user = result.user as EEUser;\n\n      // Build response headers (session cookies, etc.)\n      const headers = new Headers();\n      headers.set('Location', absoluteRedirect);\n\n      // Set session cookies from the SSO result\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      } else if (implementsInterface<ISessionProvider>(auth, 'createSession') && result.tokens) {\n        // Fallback: Create session manually for providers without cookie support\n        const session = await auth.createSession(user.id, {\n          accessToken: result.tokens.accessToken,\n          refreshToken: result.tokens.refreshToken,\n          expiresAt: result.tokens.expiresAt,\n          organizationId: (user as any).organizationId,\n        });\n        const sessionHeaders = auth.getSessionHeaders(session);\n        for (const [key, value] of Object.entries(sessionHeaders)) {\n          headers.append(key, value);\n        }\n      }\n\n      return new Response(null, {\n        status: 302,\n        headers,\n      });\n    } catch (error) {\n      // Redirect with error (use absolute URL)\n      const errorMessage = encodeURIComponent(error instanceof Error ? error.message : 'Unknown error');\n      return Response.redirect(`${absoluteRedirect}?error=${errorMessage}`, 302);\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/logout\n// ============================================================================\n\nexport const POST_LOGOUT_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/logout',\n  responseType: 'datastream-response',\n  summary: 'Logout',\n  description: 'Destroys the current session and returns logout redirect URL if available.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth) {\n        return new Response(JSON.stringify({ success: true }), {\n          status: 200,\n          headers: { 'Content-Type': 'application/json' },\n        });\n      }\n\n      // Get session ID and destroy it\n      if (implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')) {\n        const sessionId = auth.getSessionIdFromRequest(request);\n        if (sessionId && implementsInterface<ISessionProvider>(auth, 'destroySession')) {\n          await auth.destroySession(sessionId);\n        }\n      }\n\n      // Get logout URL if available\n      let redirectTo: string | undefined;\n      if (implementsInterface<ISSOProvider>(auth, 'getLogoutUrl') && auth.getLogoutUrl) {\n        // Use public origin (respects X-Forwarded-Host behind reverse proxy)\n        const origin = getPublicOrigin(request);\n        const logoutUrl = await auth.getLogoutUrl(origin, request);\n        redirectTo = logoutUrl ?? undefined;\n      }\n\n      // Build response with session clearing headers\n      const headers = new Headers({ 'Content-Type': 'application/json' });\n\n      // Clear session cookie\n      if (implementsInterface<ISessionProvider>(auth, 'getClearSessionHeaders')) {\n        const clearHeaders = auth.getClearSessionHeaders();\n        for (const [key, value] of Object.entries(clearHeaders)) {\n          headers.append(key, value);\n        }\n      }\n\n      return new Response(JSON.stringify({ success: true, redirectTo }), {\n        status: 200,\n        headers,\n      });\n    } catch (error) {\n      return handleError(error, 'Error logging out');\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-in\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_IN_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/credentials/sign-in',\n  responseType: 'datastream-response',\n  bodySchema: credentialsSignInBodySchema,\n  summary: 'Sign in with credentials',\n  description: 'Authenticates a user with email and password.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request, email, password } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signIn')) {\n        throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n      }\n\n      const result = await auth.signIn(email, password, request);\n      const user = result.user as EEUser;\n\n      const responseBody = JSON.stringify({\n        user: {\n          id: user.id,\n          email: user.email,\n          name: user.name,\n          avatarUrl: user.avatarUrl,\n        },\n        token: result.token,\n      });\n\n      // Build response headers, including cookies from the auth provider\n      const headers = new Headers({\n        'Content-Type': 'application/json',\n      });\n\n      // Forward session cookies from the auth provider\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      }\n\n      return new Response(responseBody, { status: 200, headers });\n    } catch (error) {\n      if (error instanceof HTTPException) throw error;\n      // Return a generic error for auth failures to avoid leaking info\n      throw new HTTPException(401, { message: 'Invalid email or password' });\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-up\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_UP_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/credentials/sign-up',\n  responseType: 'datastream-response',\n  bodySchema: credentialsSignUpBodySchema,\n  summary: 'Sign up with credentials',\n  description: 'Creates a new user account with email and password.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request, email, password, name } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signUp')) {\n        throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n      }\n\n      const result = await auth.signUp(email, password, name, request);\n      const user = result.user as EEUser;\n\n      const responseBody = JSON.stringify({\n        user: {\n          id: user.id,\n          email: user.email,\n          name: user.name,\n          avatarUrl: user.avatarUrl,\n        },\n        token: result.token,\n      });\n\n      // Build response headers, including cookies from the auth provider\n      const headers = new Headers({\n        'Content-Type': 'application/json',\n      });\n\n      // Forward session cookies from the auth provider\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      }\n\n      return new Response(responseBody, { status: 200, headers });\n    } catch (error) {\n      if (error instanceof HTTPException) throw error;\n      const mastra = (ctx as any).mastra;\n      mastra?.getLogger?.()?.error('Sign-up error', {\n        error: error instanceof Error ? { message: error.message, stack: error.stack } : error,\n      });\n      throw new HTTPException(400, { message: 'Failed to create account' });\n    }\n  },\n});\n\n// ============================================================================\n// Export all auth routes\n// ============================================================================\n\nexport const AUTH_ROUTES = [\n  GET_AUTH_CAPABILITIES_ROUTE,\n  GET_CURRENT_USER_ROUTE,\n  GET_SSO_LOGIN_ROUTE,\n  GET_SSO_CALLBACK_ROUTE,\n  POST_LOGOUT_ROUTE,\n  POST_CREDENTIALS_SIGN_IN_ROUTE,\n  POST_CREDENTIALS_SIGN_UP_ROUTE,\n] as const;\n"]}