@mastra/server 1.16.0-alpha.1 → 1.16.0-alpha.3

package/dist/chunk-4Y4RMTIA.cjs

@@ -0,0 +1,387 @@
+'use strict';
+
+var chunkEES2ZZGL_cjs = require('./chunk-EES2ZZGL.cjs');
+var v4 = require('zod/v4');
+
+var threadIdPathParams = v4.z.object({
+  threadId: v4.z.string().describe("Unique identifier for the conversation thread")
+});
+var agentIdQuerySchema = v4.z.object({
+  agentId: v4.z.string()
+});
+var optionalAgentIdQuerySchema = v4.z.object({
+  agentId: v4.z.string().optional()
+});
+var storageOrderBySchema = v4.z.preprocess(
+  (val) => {
+    if (typeof val === "string") {
+      try {
+        return JSON.parse(val);
+      } catch {
+        return void 0;
+      }
+    }
+    return val;
+  },
+  v4.z.object({
+    field: v4.z.enum(["createdAt", "updatedAt"]).optional(),
+    direction: v4.z.enum(["ASC", "DESC"]).optional()
+  }).optional()
+);
+var messageOrderBySchema = v4.z.preprocess(
+  (val) => {
+    if (typeof val === "string") {
+      try {
+        return JSON.parse(val);
+      } catch {
+        return void 0;
+      }
+    }
+    return val;
+  },
+  v4.z.object({
+    field: v4.z.enum(["createdAt"]).optional(),
+    direction: v4.z.enum(["ASC", "DESC"]).optional()
+  }).optional()
+);
+var includeSchema = v4.z.preprocess(
+  (val) => {
+    if (typeof val === "string") {
+      try {
+        return JSON.parse(val);
+      } catch {
+        return val;
+      }
+    }
+    return val;
+  },
+  v4.z.array(
+    v4.z.object({
+      id: v4.z.string(),
+      threadId: v4.z.string().optional(),
+      withPreviousMessages: v4.z.number().optional(),
+      withNextMessages: v4.z.number().optional()
+    })
+  ).optional()
+);
+var filterSchema = v4.z.preprocess(
+  (val) => {
+    if (typeof val === "string") {
+      try {
+        return JSON.parse(val);
+      } catch {
+        return val;
+      }
+    }
+    return val;
+  },
+  v4.z.object({
+    dateRange: v4.z.object({
+      start: v4.z.coerce.date().optional(),
+      end: v4.z.coerce.date().optional()
+    }).optional(),
+    roles: v4.z.array(v4.z.string()).optional()
+  }).optional()
+);
+var memoryConfigSchema = v4.z.preprocess((val) => {
+  if (typeof val === "string") {
+    try {
+      return JSON.parse(val);
+    } catch {
+      return val;
+    }
+  }
+  return val;
+}, v4.z.record(v4.z.string(), v4.z.unknown()).optional());
+var threadSchema = v4.z.object({
+  id: v4.z.string(),
+  title: v4.z.string().optional(),
+  resourceId: v4.z.string(),
+  createdAt: v4.z.date(),
+  updatedAt: v4.z.date(),
+  metadata: v4.z.record(v4.z.string(), v4.z.unknown()).optional()
+});
+var messageSchema = v4.z.any();
+var getMemoryStatusQuerySchema = agentIdQuerySchema.extend({
+  resourceId: v4.z.string().optional(),
+  threadId: v4.z.string().optional()
+});
+var getMemoryConfigQuerySchema = agentIdQuerySchema;
+var listThreadsQuerySchema = chunkEES2ZZGL_cjs.createPagePaginationSchema(100).extend({
+  agentId: v4.z.string().optional(),
+  resourceId: v4.z.string().optional(),
+  metadata: v4.z.preprocess(
+    (val) => {
+      if (typeof val === "string") {
+        try {
+          return JSON.parse(val);
+        } catch {
+          return val;
+        }
+      }
+      return val;
+    },
+    v4.z.optional(v4.z.record(v4.z.string(), v4.z.any()))
+  ),
+  orderBy: storageOrderBySchema
+});
+var getThreadByIdQuerySchema = optionalAgentIdQuerySchema.extend({
+  resourceId: v4.z.string().optional()
+});
+var listMessagesQuerySchema = chunkEES2ZZGL_cjs.createPagePaginationSchema(40).extend({
+  agentId: v4.z.string().optional(),
+  resourceId: v4.z.string().optional(),
+  orderBy: messageOrderBySchema,
+  include: includeSchema,
+  filter: filterSchema
+});
+var getWorkingMemoryQuerySchema = v4.z.object({
+  agentId: v4.z.string(),
+  resourceId: v4.z.string().optional(),
+  memoryConfig: memoryConfigSchema
+});
+var deleteThreadQuerySchema = agentIdQuerySchema.extend({
+  resourceId: v4.z.string().optional()
+});
+var deleteMessagesQuerySchema = agentIdQuerySchema.extend({
+  resourceId: v4.z.string().optional()
+});
+var getMemoryStatusNetworkQuerySchema = agentIdQuerySchema;
+var listThreadsNetworkQuerySchema = chunkEES2ZZGL_cjs.createPagePaginationSchema(100).extend({
+  agentId: v4.z.string().optional(),
+  resourceId: v4.z.string().optional(),
+  metadata: v4.z.preprocess(
+    (val) => {
+      if (typeof val === "string") {
+        try {
+          return JSON.parse(val);
+        } catch {
+          return val;
+        }
+      }
+      return val;
+    },
+    v4.z.optional(v4.z.record(v4.z.string(), v4.z.any()))
+  ),
+  orderBy: storageOrderBySchema
+});
+var getThreadByIdNetworkQuerySchema = optionalAgentIdQuerySchema.extend({
+  resourceId: v4.z.string().optional()
+});
+var listMessagesNetworkQuerySchema = chunkEES2ZZGL_cjs.createPagePaginationSchema(40).extend({
+  agentId: v4.z.string().optional(),
+  resourceId: v4.z.string().optional(),
+  orderBy: messageOrderBySchema,
+  include: includeSchema,
+  filter: filterSchema
+});
+var saveMessagesNetworkQuerySchema = agentIdQuerySchema;
+var createThreadNetworkQuerySchema = agentIdQuerySchema;
+var updateThreadNetworkQuerySchema = agentIdQuerySchema;
+var deleteThreadNetworkQuerySchema = agentIdQuerySchema.extend({
+  resourceId: v4.z.string().optional()
+});
+var deleteMessagesNetworkQuerySchema = agentIdQuerySchema.extend({
+  resourceId: v4.z.string().optional()
+});
+var memoryStatusResponseSchema = v4.z.object({
+  result: v4.z.boolean(),
+  observationalMemory: v4.z.object({
+    enabled: v4.z.boolean(),
+    hasRecord: v4.z.boolean().optional(),
+    originType: v4.z.string().optional(),
+    lastObservedAt: v4.z.date().optional(),
+    tokenCount: v4.z.number().optional(),
+    observationTokenCount: v4.z.number().optional(),
+    isObserving: v4.z.boolean().optional(),
+    isReflecting: v4.z.boolean().optional()
+  }).optional()
+});
+var observationalMemoryConfigSchema = v4.z.object({
+  enabled: v4.z.boolean(),
+  scope: v4.z.enum(["thread", "resource"]).optional(),
+  shareTokenBudget: v4.z.boolean().optional(),
+  messageTokens: v4.z.union([v4.z.number(), v4.z.object({ min: v4.z.number(), max: v4.z.number() })]).optional(),
+  observationTokens: v4.z.union([v4.z.number(), v4.z.object({ min: v4.z.number(), max: v4.z.number() })]).optional(),
+  observationModel: v4.z.string().optional(),
+  reflectionModel: v4.z.string().optional()
+});
+var memoryConfigResponseSchema = v4.z.object({
+  config: v4.z.object({
+    lastMessages: v4.z.union([v4.z.number(), v4.z.literal(false)]).optional(),
+    semanticRecall: v4.z.union([v4.z.boolean(), v4.z.any()]).optional(),
+    workingMemory: v4.z.any().optional(),
+    observationalMemory: observationalMemoryConfigSchema.optional()
+  }).nullable()
+});
+var listThreadsResponseSchema = chunkEES2ZZGL_cjs.paginationInfoSchema.extend({
+  threads: v4.z.array(threadSchema)
+});
+var getThreadByIdResponseSchema = threadSchema;
+var listMessagesResponseSchema = v4.z.object({
+  messages: v4.z.array(messageSchema),
+  uiMessages: v4.z.unknown()
+  // Converted messages in UI format
+});
+var getWorkingMemoryResponseSchema = v4.z.object({
+  workingMemory: v4.z.unknown(),
+  // Can be string or structured object depending on template
+  source: v4.z.enum(["thread", "resource"]),
+  workingMemoryTemplate: v4.z.unknown(),
+  // Template structure varies
+  threadExists: v4.z.boolean()
+});
+var saveMessagesBodySchema = v4.z.object({
+  messages: v4.z.array(messageSchema)
+});
+var createThreadBodySchema = v4.z.object({
+  resourceId: v4.z.string(),
+  title: v4.z.string().optional(),
+  metadata: v4.z.record(v4.z.string(), v4.z.unknown()).optional(),
+  threadId: v4.z.string().optional()
+});
+var updateThreadBodySchema = v4.z.object({
+  title: v4.z.string().optional(),
+  metadata: v4.z.record(v4.z.string(), v4.z.unknown()).optional(),
+  resourceId: v4.z.string().optional()
+});
+var updateWorkingMemoryBodySchema = v4.z.object({
+  workingMemory: v4.z.string(),
+  resourceId: v4.z.string().optional(),
+  memoryConfig: v4.z.record(v4.z.string(), v4.z.unknown()).optional()
+});
+var deleteMessagesBodySchema = v4.z.object({
+  messageIds: v4.z.union([
+    v4.z.string(),
+    v4.z.array(v4.z.string()),
+    v4.z.object({ id: v4.z.string() }),
+    v4.z.array(v4.z.object({ id: v4.z.string() }))
+  ])
+});
+var searchMemoryQuerySchema = v4.z.object({
+  agentId: v4.z.string(),
+  searchQuery: v4.z.string(),
+  resourceId: v4.z.string(),
+  threadId: v4.z.string().optional(),
+  limit: v4.z.coerce.number().optional().default(20),
+  memoryConfig: memoryConfigSchema
+});
+var saveMessagesResponseSchema = v4.z.object({
+  messages: v4.z.array(messageSchema)
+});
+var deleteThreadResponseSchema = v4.z.object({
+  result: v4.z.string()
+});
+var updateWorkingMemoryResponseSchema = chunkEES2ZZGL_cjs.successResponseSchema;
+var deleteMessagesResponseSchema = chunkEES2ZZGL_cjs.successResponseSchema.extend({
+  message: v4.z.string()
+});
+var searchMemoryResponseSchema = v4.z.object({
+  results: v4.z.array(v4.z.unknown()),
+  count: v4.z.number(),
+  query: v4.z.string(),
+  searchScope: v4.z.string().optional(),
+  searchType: v4.z.string().optional()
+});
+var cloneThreadBodySchema = v4.z.object({
+  newThreadId: v4.z.string().optional(),
+  resourceId: v4.z.string().optional(),
+  title: v4.z.string().optional(),
+  metadata: v4.z.record(v4.z.string(), v4.z.unknown()).optional(),
+  options: v4.z.object({
+    messageLimit: v4.z.number().optional(),
+    messageFilter: v4.z.object({
+      startDate: v4.z.coerce.date().optional(),
+      endDate: v4.z.coerce.date().optional(),
+      messageIds: v4.z.array(v4.z.string()).optional()
+    }).optional()
+  }).optional()
+});
+var cloneThreadResponseSchema = v4.z.object({
+  thread: threadSchema,
+  clonedMessages: v4.z.array(messageSchema)
+});
+var getObservationalMemoryQuerySchema = v4.z.object({
+  agentId: v4.z.string(),
+  resourceId: v4.z.string().optional(),
+  threadId: v4.z.string().optional()
+});
+var observationalMemoryRecordSchema = v4.z.object({
+  id: v4.z.string(),
+  scope: v4.z.enum(["thread", "resource"]),
+  resourceId: v4.z.string(),
+  threadId: v4.z.string().nullable(),
+  activeObservations: v4.z.string(),
+  bufferedObservations: v4.z.string().optional(),
+  bufferedReflection: v4.z.string().optional(),
+  originType: v4.z.enum(["initial", "observation", "reflection"]),
+  generationCount: v4.z.number(),
+  lastObservedAt: v4.z.date().optional(),
+  totalTokensObserved: v4.z.number(),
+  observationTokenCount: v4.z.number(),
+  pendingMessageTokens: v4.z.number(),
+  isObserving: v4.z.boolean(),
+  isReflecting: v4.z.boolean(),
+  config: v4.z.record(v4.z.string(), v4.z.unknown()),
+  metadata: v4.z.record(v4.z.string(), v4.z.unknown()).optional(),
+  createdAt: v4.z.date(),
+  updatedAt: v4.z.date()
+});
+var getObservationalMemoryResponseSchema = v4.z.object({
+  record: observationalMemoryRecordSchema.nullable(),
+  history: v4.z.array(observationalMemoryRecordSchema).optional()
+});
+var awaitBufferStatusBodySchema = v4.z.object({
+  agentId: v4.z.string(),
+  resourceId: v4.z.string().optional(),
+  threadId: v4.z.string().optional()
+});
+var awaitBufferStatusResponseSchema = v4.z.object({
+  record: observationalMemoryRecordSchema.nullable()
+});
+
+exports.agentIdQuerySchema = agentIdQuerySchema;
+exports.awaitBufferStatusBodySchema = awaitBufferStatusBodySchema;
+exports.awaitBufferStatusResponseSchema = awaitBufferStatusResponseSchema;
+exports.cloneThreadBodySchema = cloneThreadBodySchema;
+exports.cloneThreadResponseSchema = cloneThreadResponseSchema;
+exports.createThreadBodySchema = createThreadBodySchema;
+exports.createThreadNetworkQuerySchema = createThreadNetworkQuerySchema;
+exports.deleteMessagesBodySchema = deleteMessagesBodySchema;
+exports.deleteMessagesNetworkQuerySchema = deleteMessagesNetworkQuerySchema;
+exports.deleteMessagesQuerySchema = deleteMessagesQuerySchema;
+exports.deleteMessagesResponseSchema = deleteMessagesResponseSchema;
+exports.deleteThreadNetworkQuerySchema = deleteThreadNetworkQuerySchema;
+exports.deleteThreadQuerySchema = deleteThreadQuerySchema;
+exports.deleteThreadResponseSchema = deleteThreadResponseSchema;
+exports.getMemoryConfigQuerySchema = getMemoryConfigQuerySchema;
+exports.getMemoryStatusNetworkQuerySchema = getMemoryStatusNetworkQuerySchema;
+exports.getMemoryStatusQuerySchema = getMemoryStatusQuerySchema;
+exports.getObservationalMemoryQuerySchema = getObservationalMemoryQuerySchema;
+exports.getObservationalMemoryResponseSchema = getObservationalMemoryResponseSchema;
+exports.getThreadByIdNetworkQuerySchema = getThreadByIdNetworkQuerySchema;
+exports.getThreadByIdQuerySchema = getThreadByIdQuerySchema;
+exports.getThreadByIdResponseSchema = getThreadByIdResponseSchema;
+exports.getWorkingMemoryQuerySchema = getWorkingMemoryQuerySchema;
+exports.getWorkingMemoryResponseSchema = getWorkingMemoryResponseSchema;
+exports.listMessagesNetworkQuerySchema = listMessagesNetworkQuerySchema;
+exports.listMessagesQuerySchema = listMessagesQuerySchema;
+exports.listMessagesResponseSchema = listMessagesResponseSchema;
+exports.listThreadsNetworkQuerySchema = listThreadsNetworkQuerySchema;
+exports.listThreadsQuerySchema = listThreadsQuerySchema;
+exports.listThreadsResponseSchema = listThreadsResponseSchema;
+exports.memoryConfigResponseSchema = memoryConfigResponseSchema;
+exports.memoryStatusResponseSchema = memoryStatusResponseSchema;
+exports.optionalAgentIdQuerySchema = optionalAgentIdQuerySchema;
+exports.saveMessagesBodySchema = saveMessagesBodySchema;
+exports.saveMessagesNetworkQuerySchema = saveMessagesNetworkQuerySchema;
+exports.saveMessagesResponseSchema = saveMessagesResponseSchema;
+exports.searchMemoryQuerySchema = searchMemoryQuerySchema;
+exports.searchMemoryResponseSchema = searchMemoryResponseSchema;
+exports.threadIdPathParams = threadIdPathParams;
+exports.updateThreadBodySchema = updateThreadBodySchema;
+exports.updateThreadNetworkQuerySchema = updateThreadNetworkQuerySchema;
+exports.updateWorkingMemoryBodySchema = updateWorkingMemoryBodySchema;
+exports.updateWorkingMemoryResponseSchema = updateWorkingMemoryResponseSchema;
+//# sourceMappingURL=chunk-4Y4RMTIA.cjs.map
+//# sourceMappingURL=chunk-4Y4RMTIA.cjs.map

package/dist/chunk-4Y4RMTIA.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/schemas/memory.ts"],"names":["z","createPagePaginationSchema","paginationInfoSchema","successResponseSchema"],"mappings":";;;;;AAIO,IAAM,kBAAA,GAAqBA,KAAE,MAAA,CAAO;AAAA,EACzC,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,+CAA+C;AAC/E,CAAC;AAKM,IAAM,kBAAA,GAAqBA,KAAE,MAAA,CAAO;AAAA,EACzC,OAAA,EAASA,KAAE,MAAA;AACb,CAAC;AAMM,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACtB,CAAC;AAMD,IAAM,uBAAuBA,IAAA,CAAE,UAAA;AAAA,EAC7B,CAAA,GAAA,KAAO;AACL,IAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,MAAA,IAAI;AACF,QAAA,OAAO,IAAA,CAAK,MAAM,GAAG,CAAA;AAAA,MACvB,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,MAAA;AAAA,MACT;AAAA,IACF;AACA,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AAAA,EACAA,KACG,MAAA,CAAO;AAAA,IACN,KAAA,EAAOA,KAAE,IAAA,CAAK,CAAC,aAAa,WAAW,CAAC,EAAE,QAAA,EAAS;AAAA,IACnD,SAAA,EAAWA,KAAE,IAAA,CAAK,CAAC,OAAO,MAAM,CAAC,EAAE,QAAA;AAAS,GAC7C,EACA,QAAA;AACL,CAAA;AAMA,IAAM,uBAAuBA,IAAA,CAAE,UAAA;AAAA,EAC7B,CAAA,GAAA,KAAO;AACL,IAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,MAAA,IAAI;AACF,QAAA,OAAO,IAAA,CAAK,MAAM,GAAG,CAAA;AAAA,MACvB,CAAA,CAAA,MAAQ;AACN,QAAA,OAAO,MAAA;AAAA,MACT;AAAA,IACF;AACA,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AAAA,EACAA,KACG,MAAA,CAAO;AAAA,IACN,OAAOA,IAAA,CAAE,IAAA,CAAK,CAAC,WAAW,CAAC,EAAE,QAAA,EAAS;AAAA,IACtC,SAAA,EAAWA,KAAE,IAAA,CAAK,CAAC,OAAO,MAAM,CAAC,EAAE,QAAA;AAAS,GAC7C,EACA,QAAA;AACL,CAAA;AAKA,IAAM,gBAAgBA,IAAA,CAAE,UAAA;AAAA,EACtB,CAAA,GAAA,KAAO;AACL,IAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,MAAA,IAAI;AACF,QAAA,OAAO,IAAA,CAAK,MAAM,GAAG,CAAA;AAAA,MACvB,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,GAAA;AAAA,MACT;AAAA,IACF;AACA,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AAAA,EACAA,IAAA,CACG,KAAA;AAAA,IACCA,KAAE,MAAA,CAAO;AAAA,MACP,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,MACb,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,MAC9B,oBAAA,EAAsBA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,MAC1C,gBAAA,EAAkBA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAAS,KACvC;AAAA,IAEF,QAAA;AACL,CAAA;AAKA,IAAM,eAAeA,IAAA,CAAE,UAAA;AAAA,EACrB,CAAA,GAAA,KAAO;AACL,IAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,MAAA,IAAI;AACF,QAAA,OAAO,IAAA,CAAK,MAAM,GAAG,CAAA;AAAA,MACvB,CAAA,CAAA,MAAQ;AAEN,QAAA,OAAO,GAAA;AAAA,MACT;AAAA,IACF;AACA,IAAA,OAAO,GAAA;AAAA,EACT,CAAA;AAAA,EACAA,KACG,MAAA,CAAO;AAAA,IACN,SAAA,EAAWA,KACR,MAAA,CAAO;AAAA,MACN,KAAA,EAAOA,IAAA,CAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS;AAAA,MAChC,GAAA,EAAKA,IAAA,CAAE,MAAA,CAAO,IAAA,GAAO,QAAA;AAAS,KAC/B,EACA,QAAA,EAAS;AAAA,IACZ,OAAOA,IAAA,CAAE,KAAA,CAAMA,KAAE,MAAA,EAAQ,EAAE,QAAA;AAAS,GACrC,EACA,QAAA;AACL,CAAA;AAKA,IAAM,kBAAA,GAAqBA,IAAA,CAAE,UAAA,CAAW,CAAA,GAAA,KAAO;AAC7C,EAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,IAAA,IAAI;AACF,MAAA,OAAO,IAAA,CAAK,MAAM,GAAG,CAAA;AAAA,IACvB,CAAA,CAAA,MAAQ;AAEN,MAAA,OAAO,GAAA;AAAA,IACT;AAAA,EACF;AACA,EAAA,OAAO,GAAA;AACT,CAAA,EAAGA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,EAAO,EAAGA,KAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAU,CAAA;AAK/C,IAAM,YAAA,GAAeA,KAAE,MAAA,CAAO;AAAA,EAC5B,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,EACb,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,UAAA,EAAYA,KAAE,MAAA,EAAO;AAAA,EACrB,SAAA,EAAWA,KAAE,IAAA,EAAK;AAAA,EAClB,SAAA,EAAWA,KAAE,IAAA,EAAK;AAAA,EAClB,QAAA,EAAUA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAC9C,CAAC,CAAA;AAMD,IAAM,aAAA,GAAgBA,KAAE,GAAA,EAAI;AAgBrB,IAAM,0BAAA,GAA6B,mBAAmB,MAAA,CAAO;AAAA,EAClE,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACvB,CAAC;AAKM,IAAM,0BAAA,GAA6B;AAQnC,IAAM,sBAAA,GAAyBC,4CAAA,CAA2B,GAAG,CAAA,CAAE,MAAA,CAAO;AAAA,EAC3E,OAAA,EAASD,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,UAAUA,IAAA,CAAE,UAAA;AAAA,IACV,CAAA,GAAA,KAAO;AACL,MAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,QAAA,IAAI;AACF,UAAA,OAAO,IAAA,CAAK,MAAM,GAAG,CAAA;AAAA,QACvB,CAAA,CAAA,MAAQ;AAEN,UAAA,OAAO,GAAA;AAAA,QACT;AAAA,MACF;AACA,MAAA,OAAO,GAAA;AAAA,IACT,CAAA;AAAA,IACAA,IAAA,CAAE,QAAA,CAASA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,QAAO,EAAGA,IAAA,CAAE,GAAA,EAAK,CAAC;AAAA,GAC1C;AAAA,EACA,OAAA,EAAS;AACX,CAAC;AAOM,IAAM,wBAAA,GAA2B,2BAA2B,MAAA,CAAO;AAAA,EACxE,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAMM,IAAM,uBAAA,GAA0BC,4CAAA,CAA2B,EAAE,CAAA,CAAE,MAAA,CAAO;AAAA,EAC3E,OAAA,EAASD,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,OAAA,EAAS,oBAAA;AAAA,EACT,OAAA,EAAS,aAAA;AAAA,EACT,MAAA,EAAQ;AACV,CAAC;AAKM,IAAM,2BAAA,GAA8BA,KAAE,MAAA,CAAO;AAAA,EAClD,OAAA,EAASA,KAAE,MAAA,EAAO;AAAA,EAClB,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,YAAA,EAAc;AAChB,CAAC;AAOM,IAAM,uBAAA,GAA0B,mBAAmB,MAAA,CAAO;AAAA,EAC/D,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAOM,IAAM,yBAAA,GAA4B,mBAAmB,MAAA,CAAO;AAAA,EACjE,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AASM,IAAM,iCAAA,GAAoC;AAQ1C,IAAM,6BAAA,GAAgCC,4CAAA,CAA2B,GAAG,CAAA,CAAE,MAAA,CAAO;AAAA,EAClF,OAAA,EAASD,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,UAAUA,IAAA,CAAE,UAAA;AAAA,IACV,CAAA,GAAA,KAAO;AACL,MAAA,IAAI,OAAO,QAAQ,QAAA,EAAU;AAC3B,QAAA,IAAI;AACF,UAAA,OAAO,IAAA,CAAK,MAAM,GAAG,CAAA;AAAA,QACvB,CAAA,CAAA,MAAQ;AAEN,UAAA,OAAO,GAAA;AAAA,QACT;AAAA,MACF;AACA,MAAA,OAAO,GAAA;AAAA,IACT,CAAA;AAAA,IACAA,IAAA,CAAE,QAAA,CAASA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,QAAO,EAAGA,IAAA,CAAE,GAAA,EAAK,CAAC;AAAA,GAC1C;AAAA,EACA,OAAA,EAAS;AACX,CAAC;AAOM,IAAM,+BAAA,GAAkC,2BAA2B,MAAA,CAAO;AAAA,EAC/E,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAMM,IAAM,8BAAA,GAAiCC,4CAAA,CAA2B,EAAE,CAAA,CAAE,MAAA,CAAO;AAAA,EAClF,OAAA,EAASD,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC7B,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,OAAA,EAAS,oBAAA;AAAA,EACT,OAAA,EAAS,aAAA;AAAA,EACT,MAAA,EAAQ;AACV,CAAC;AAKM,IAAM,8BAAA,GAAiC;AAKvC,IAAM,8BAAA,GAAiC;AAKvC,IAAM,8BAAA,GAAiC;AAMvC,IAAM,8BAAA,GAAiC,mBAAmB,MAAA,CAAO;AAAA,EACtE,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAMM,IAAM,gCAAA,GAAmC,mBAAmB,MAAA,CAAO;AAAA,EACxE,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AASM,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,MAAA,EAAQA,KAAE,OAAA,EAAQ;AAAA,EAClB,mBAAA,EAAqBA,KAClB,MAAA,CAAO;AAAA,IACN,OAAA,EAASA,KAAE,OAAA,EAAQ;AAAA,IACnB,SAAA,EAAWA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,IAChC,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAChC,cAAA,EAAgBA,IAAA,CAAE,IAAA,EAAK,CAAE,QAAA,EAAS;AAAA,IAClC,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAChC,qBAAA,EAAuBA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAC3C,WAAA,EAAaA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,IAClC,YAAA,EAAcA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA;AAAS,GACpC,EACA,QAAA;AACL,CAAC;AAKD,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EAC/C,OAAA,EAASA,KAAE,OAAA,EAAQ;AAAA,EACnB,KAAA,EAAOA,KAAE,IAAA,CAAK,CAAC,UAAU,UAAU,CAAC,EAAE,QAAA,EAAS;AAAA,EAC/C,gBAAA,EAAkBA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACvC,aAAA,EAAeA,KAAE,KAAA,CAAM,CAACA,KAAE,MAAA,EAAO,EAAGA,IAAA,CAAE,MAAA,CAAO,EAAE,GAAA,EAAKA,KAAE,MAAA,EAAO,EAAG,KAAKA,IAAA,CAAE,MAAA,IAAU,CAAC,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAC9F,iBAAA,EAAmBA,KAAE,KAAA,CAAM,CAACA,KAAE,MAAA,EAAO,EAAGA,IAAA,CAAE,MAAA,CAAO,EAAE,GAAA,EAAKA,KAAE,MAAA,EAAO,EAAG,KAAKA,IAAA,CAAE,MAAA,IAAU,CAAC,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,EAClG,gBAAA,EAAkBA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACtC,eAAA,EAAiBA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC9B,CAAC,CAAA;AAMM,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,MAAA,EAAQA,KACL,MAAA,CAAO;AAAA,IACN,YAAA,EAAcA,IAAA,CAAE,KAAA,CAAM,CAACA,IAAA,CAAE,MAAA,EAAO,EAAGA,IAAA,CAAE,OAAA,CAAQ,KAAK,CAAC,CAAC,EAAE,QAAA,EAAS;AAAA,IAC/D,cAAA,EAAgBA,IAAA,CAAE,KAAA,CAAM,CAACA,IAAA,CAAE,OAAA,EAAQ,EAAGA,IAAA,CAAE,GAAA,EAAK,CAAC,CAAA,CAAE,QAAA,EAAS;AAAA,IACzD,aAAA,EAAeA,IAAA,CAAE,GAAA,EAAI,CAAE,QAAA,EAAS;AAAA,IAChC,mBAAA,EAAqB,gCAAgC,QAAA;AAAS,GAC/D,EACA,QAAA;AACL,CAAC;AAKM,IAAM,yBAAA,GAA4BE,uCAAqB,MAAA,CAAO;AAAA,EACnE,OAAA,EAASF,IAAA,CAAE,KAAA,CAAM,YAAY;AAC/B,CAAC;AAKM,IAAM,2BAAA,GAA8B;AAKpC,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,QAAA,EAAUA,IAAA,CAAE,KAAA,CAAM,aAAa,CAAA;AAAA,EAC/B,UAAA,EAAYA,KAAE,OAAA;AAAQ;AACxB,CAAC;AAKM,IAAM,8BAAA,GAAiCA,KAAE,MAAA,CAAO;AAAA,EACrD,aAAA,EAAeA,KAAE,OAAA,EAAQ;AAAA;AAAA,EACzB,QAAQA,IAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,UAAU,CAAC,CAAA;AAAA,EACrC,qBAAA,EAAuBA,KAAE,OAAA,EAAQ;AAAA;AAAA,EACjC,YAAA,EAAcA,KAAE,OAAA;AAClB,CAAC;AASM,IAAM,sBAAA,GAAyBA,KAAE,MAAA,CAAO;AAAA,EAC7C,QAAA,EAAUA,IAAA,CAAE,KAAA,CAAM,aAAa;AACjC,CAAC;AAKM,IAAM,sBAAA,GAAyBA,KAAE,MAAA,CAAO;AAAA,EAC7C,UAAA,EAAYA,KAAE,MAAA,EAAO;AAAA,EACrB,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,QAAA,EAAUA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS;AAAA,EACrD,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACvB,CAAC;AAKM,IAAM,sBAAA,GAAyBA,KAAE,MAAA,CAAO;AAAA,EAC7C,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,QAAA,EAAUA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS;AAAA,EACrD,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAKM,IAAM,6BAAA,GAAgCA,KAAE,MAAA,CAAO;AAAA,EACpD,aAAA,EAAeA,KAAE,MAAA,EAAO;AAAA,EACxB,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,YAAA,EAAcA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA;AAClD,CAAC;AAMM,IAAM,wBAAA,GAA2BA,KAAE,MAAA,CAAO;AAAA,EAC/C,UAAA,EAAYA,KAAE,KAAA,CAAM;AAAA,IAClBA,KAAE,MAAA,EAAO;AAAA,IACTA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,MAAA,EAAQ,CAAA;AAAA,IAClBA,KAAE,MAAA,CAAO,EAAE,IAAIA,IAAA,CAAE,MAAA,IAAU,CAAA;AAAA,IAC3BA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,MAAA,CAAO,EAAE,IAAIA,IAAA,CAAE,MAAA,EAAO,EAAG,CAAC;AAAA,GACrC;AACH,CAAC;AAKM,IAAM,uBAAA,GAA0BA,KAAE,MAAA,CAAO;AAAA,EAC9C,OAAA,EAASA,KAAE,MAAA,EAAO;AAAA,EAClB,WAAA,EAAaA,KAAE,MAAA,EAAO;AAAA,EACtB,UAAA,EAAYA,KAAE,MAAA,EAAO;AAAA,EACrB,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC9B,KAAA,EAAOA,KAAE,MAAA,CAAO,MAAA,GAAS,QAAA,EAAS,CAAE,QAAQ,EAAE,CAAA;AAAA,EAC9C,YAAA,EAAc;AAChB,CAAC;AAKM,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,QAAA,EAAUA,IAAA,CAAE,KAAA,CAAM,aAAa;AACjC,CAAC;AAEM,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,MAAA,EAAQA,KAAE,MAAA;AACZ,CAAC;AAEM,IAAM,iCAAA,GAAoCG;AAE1C,IAAM,4BAAA,GAA+BA,wCAAsB,MAAA,CAAO;AAAA,EACvE,OAAA,EAASH,KAAE,MAAA;AACb,CAAC;AAEM,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,OAAA,EAASA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,SAAS,CAAA;AAAA,EAC5B,KAAA,EAAOA,KAAE,MAAA,EAAO;AAAA,EAChB,KAAA,EAAOA,KAAE,MAAA,EAAO;AAAA,EAChB,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAKM,IAAM,qBAAA,GAAwBA,KAAE,MAAA,CAAO;AAAA,EAC5C,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,QAAA,EAAUA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS;AAAA,EACrD,OAAA,EAASA,KACN,MAAA,CAAO;AAAA,IACN,YAAA,EAAcA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,IAClC,aAAA,EAAeA,KACZ,MAAA,CAAO;AAAA,MACN,SAAA,EAAWA,IAAA,CAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS;AAAA,MACpC,OAAA,EAASA,IAAA,CAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS;AAAA,MAClC,YAAYA,IAAA,CAAE,KAAA,CAAMA,KAAE,MAAA,EAAQ,EAAE,QAAA;AAAS,KAC1C,EACA,QAAA;AAAS,GACb,EACA,QAAA;AACL,CAAC;AAKM,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EAChD,MAAA,EAAQ,YAAA;AAAA,EACR,cAAA,EAAgBA,IAAA,CAAE,KAAA,CAAM,aAAa;AACvC,CAAC;AASM,IAAM,iCAAA,GAAoCA,KAAE,MAAA,CAAO;AAAA,EACxD,OAAA,EAASA,KAAE,MAAA,EAAO;AAAA,EAClB,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACvB,CAAC;AAMD,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EAC/C,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,EACb,OAAOA,IAAA,CAAE,IAAA,CAAK,CAAC,QAAA,EAAU,UAAU,CAAC,CAAA;AAAA,EACpC,UAAA,EAAYA,KAAE,MAAA,EAAO;AAAA,EACrB,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC9B,kBAAA,EAAoBA,KAAE,MAAA,EAAO;AAAA,EAC7B,oBAAA,EAAsBA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1C,kBAAA,EAAoBA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACxC,YAAYA,IAAA,CAAE,IAAA,CAAK,CAAC,SAAA,EAAW,aAAA,EAAe,YAAY,CAAC,CAAA;AAAA,EAC3D,eAAA,EAAiBA,KAAE,MAAA,EAAO;AAAA,EAC1B,cAAA,EAAgBA,IAAA,CAAE,IAAA,EAAK,CAAE,QAAA,EAAS;AAAA,EAClC,mBAAA,EAAqBA,KAAE,MAAA,EAAO;AAAA,EAC9B,qBAAA,EAAuBA,KAAE,MAAA,EAAO;AAAA,EAChC,oBAAA,EAAsBA,KAAE,MAAA,EAAO;AAAA,EAC/B,WAAA,EAAaA,KAAE,OAAA,EAAQ;AAAA,EACvB,YAAA,EAAcA,KAAE,OAAA,EAAQ;AAAA,EACxB,MAAA,EAAQA,KAAE,MAAA,CAAOA,IAAA,CAAE,QAAO,EAAGA,IAAA,CAAE,SAAS,CAAA;AAAA,EACxC,QAAA,EAAUA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,IAAUA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS;AAAA,EACrD,SAAA,EAAWA,KAAE,IAAA,EAAK;AAAA,EAClB,SAAA,EAAWA,KAAE,IAAA;AACf,CAAC,CAAA;AAKM,IAAM,oCAAA,GAAuCA,KAAE,MAAA,CAAO;AAAA,EAC3D,MAAA,EAAQ,gCAAgC,QAAA,EAAS;AAAA,EACjD,OAAA,EAASA,IAAA,CAAE,KAAA,CAAM,+BAA+B,EAAE,QAAA;AACpD,CAAC;AAKM,IAAM,2BAAA,GAA8BA,KAAE,MAAA,CAAO;AAAA,EAClD,OAAA,EAASA,KAAE,MAAA,EAAO;AAAA,EAClB,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAChC,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACvB,CAAC;AAKM,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EACtD,MAAA,EAAQ,gCAAgC,QAAA;AAC1C,CAAC","file":"chunk-4Y4RMTIA.cjs","sourcesContent":["import { z } from 'zod/v4';\nimport { paginationInfoSchema, createPagePaginationSchema, successResponseSchema } from './common';\n\n// Path parameter schemas\nexport const threadIdPathParams = z.object({\n  threadId: z.string().describe('Unique identifier for the conversation thread'),\n});\n\n/**\n * Common query parameter: required agent ID\n */\nexport const agentIdQuerySchema = z.object({\n  agentId: z.string(),\n});\n\n/**\n * Common query parameter: optional agent ID\n * Used for read operations that can fall back to storage when agentId is not provided\n */\nexport const optionalAgentIdQuerySchema = z.object({\n  agentId: z.string().optional(),\n});\n\n/**\n * Storage order by configuration for threads and agents (have both createdAt and updatedAt)\n * Handles JSON parsing from query strings\n */\nconst storageOrderBySchema = z.preprocess(\n  val => {\n    if (typeof val === 'string') {\n      try {\n        return JSON.parse(val);\n      } catch {\n        return undefined;\n      }\n    }\n    return val;\n  },\n  z\n    .object({\n      field: z.enum(['createdAt', 'updatedAt']).optional(),\n      direction: z.enum(['ASC', 'DESC']).optional(),\n    })\n    .optional(),\n);\n\n/**\n * Storage order by configuration for messages (only have createdAt)\n * Handles JSON parsing from query strings\n */\nconst messageOrderBySchema = z.preprocess(\n  val => {\n    if (typeof val === 'string') {\n      try {\n        return JSON.parse(val);\n      } catch {\n        return undefined;\n      }\n    }\n    return val;\n  },\n  z\n    .object({\n      field: z.enum(['createdAt']).optional(),\n      direction: z.enum(['ASC', 'DESC']).optional(),\n    })\n    .optional(),\n);\n\n/**\n * Include schema for message listing - handles JSON parsing from query strings\n */\nconst includeSchema = z.preprocess(\n  val => {\n    if (typeof val === 'string') {\n      try {\n        return JSON.parse(val);\n      } catch {\n        // Return invalid string to fail validation (z.array will reject string type)\n        return val;\n      }\n    }\n    return val;\n  },\n  z\n    .array(\n      z.object({\n        id: z.string(),\n        threadId: z.string().optional(),\n        withPreviousMessages: z.number().optional(),\n        withNextMessages: z.number().optional(),\n      }),\n    )\n    .optional(),\n);\n\n/**\n * Filter schema for message listing - handles JSON parsing from query strings\n */\nconst filterSchema = z.preprocess(\n  val => {\n    if (typeof val === 'string') {\n      try {\n        return JSON.parse(val);\n      } catch {\n        // Return invalid string to fail validation (z.object will reject string type)\n        return val;\n      }\n    }\n    return val;\n  },\n  z\n    .object({\n      dateRange: z\n        .object({\n          start: z.coerce.date().optional(),\n          end: z.coerce.date().optional(),\n        })\n        .optional(),\n      roles: z.array(z.string()).optional(),\n    })\n    .optional(),\n);\n\n/**\n * Memory config schema - handles JSON parsing from query strings\n */\nconst memoryConfigSchema = z.preprocess(val => {\n  if (typeof val === 'string') {\n    try {\n      return JSON.parse(val);\n    } catch {\n      // Return invalid string to fail validation (z.record will reject string type)\n      return val;\n    }\n  }\n  return val;\n}, z.record(z.string(), z.unknown()).optional());\n\n/**\n * Thread object structure\n */\nconst threadSchema = z.object({\n  id: z.string(),\n  title: z.string().optional(),\n  resourceId: z.string(),\n  createdAt: z.date(),\n  updatedAt: z.date(),\n  metadata: z.record(z.string(), z.unknown()).optional(),\n});\n\n/**\n * Message structure for storage\n * Extends coreMessageSchema with storage-specific fields\n */\nconst messageSchema = z.any();\n// const messageSchema = coreMessageSchema.extend({\n//   id: z.string(),\n//   createdAt: z.coerce.date(),\n//   threadId: z.string().optional(),\n//   resourceId: z.string().optional(),\n// });\n\n// ============================================================================\n// Query Parameter Schemas\n// ============================================================================\n\n/**\n * GET /api/memory/status\n * Includes optional resourceId and threadId for OM status lookup\n */\nexport const getMemoryStatusQuerySchema = agentIdQuerySchema.extend({\n  resourceId: z.string().optional(),\n  threadId: z.string().optional(),\n});\n\n/**\n * GET /memory/config\n */\nexport const getMemoryConfigQuerySchema = agentIdQuerySchema;\n\n/**\n * GET /memory/threads\n * agentId is optional - can use storage fallback when not provided\n * resourceId is optional - when omitted, returns all threads\n * metadata is optional - filters threads by metadata key-value pairs (AND logic)\n */\nexport const listThreadsQuerySchema = createPagePaginationSchema(100).extend({\n  agentId: z.string().optional(),\n  resourceId: z.string().optional(),\n  metadata: z.preprocess(\n    val => {\n      if (typeof val === 'string') {\n        try {\n          return JSON.parse(val);\n        } catch {\n          // Return invalid string to fail validation (z.record will reject string type)\n          return val;\n        }\n      }\n      return val;\n    },\n    z.optional(z.record(z.string(), z.any())),\n  ),\n  orderBy: storageOrderBySchema,\n});\n\n/**\n * GET /memory/threads/:threadId\n * agentId is optional - can use storage fallback when not provided\n * resourceId is optional - used for ownership validation fallback when not set via middleware\n */\nexport const getThreadByIdQuerySchema = optionalAgentIdQuerySchema.extend({\n  resourceId: z.string().optional(),\n});\n\n/**\n * GET /memory/threads/:threadId/messages\n * agentId is optional - can use storage fallback when not provided\n */\nexport const listMessagesQuerySchema = createPagePaginationSchema(40).extend({\n  agentId: z.string().optional(),\n  resourceId: z.string().optional(),\n  orderBy: messageOrderBySchema,\n  include: includeSchema,\n  filter: filterSchema,\n});\n\n/**\n * GET /memory/threads/:threadId/working-memory\n */\nexport const getWorkingMemoryQuerySchema = z.object({\n  agentId: z.string(),\n  resourceId: z.string().optional(),\n  memoryConfig: memoryConfigSchema,\n});\n\n/**\n * DELETE /memory/threads/:threadId\n * agentId is required\n * resourceId is optional - used for ownership validation fallback when not set via middleware\n */\nexport const deleteThreadQuerySchema = agentIdQuerySchema.extend({\n  resourceId: z.string().optional(),\n});\n\n/**\n * POST /memory/messages/delete\n * agentId is required\n * resourceId is optional - used for ownership validation fallback when not set via middleware\n */\nexport const deleteMessagesQuerySchema = agentIdQuerySchema.extend({\n  resourceId: z.string().optional(),\n});\n\n// ============================================================================\n// Legacy /network Query Parameter Schemas (backward compatibility)\n// ============================================================================\n\n/**\n * GET /memory/network/status\n */\nexport const getMemoryStatusNetworkQuerySchema = agentIdQuerySchema;\n\n/**\n * GET /memory/network/threads\n * agentId is optional - can use storage fallback when not provided\n * resourceId is optional - when omitted, returns all threads\n * metadata is optional - filters threads by metadata key-value pairs (AND logic)\n */\nexport const listThreadsNetworkQuerySchema = createPagePaginationSchema(100).extend({\n  agentId: z.string().optional(),\n  resourceId: z.string().optional(),\n  metadata: z.preprocess(\n    val => {\n      if (typeof val === 'string') {\n        try {\n          return JSON.parse(val);\n        } catch {\n          // Return invalid string to fail validation (z.record will reject string type)\n          return val;\n        }\n      }\n      return val;\n    },\n    z.optional(z.record(z.string(), z.any())),\n  ),\n  orderBy: storageOrderBySchema,\n});\n\n/**\n * GET /memory/network/threads/:threadId\n * agentId is optional - can use storage fallback when not provided\n * resourceId is optional - used for ownership validation fallback when not set via middleware\n */\nexport const getThreadByIdNetworkQuerySchema = optionalAgentIdQuerySchema.extend({\n  resourceId: z.string().optional(),\n});\n\n/**\n * GET /memory/network/threads/:threadId/messages\n * agentId is optional - can use storage fallback when not provided\n */\nexport const listMessagesNetworkQuerySchema = createPagePaginationSchema(40).extend({\n  agentId: z.string().optional(),\n  resourceId: z.string().optional(),\n  orderBy: messageOrderBySchema,\n  include: includeSchema,\n  filter: filterSchema,\n});\n\n/**\n * POST /memory/network/save-messages\n */\nexport const saveMessagesNetworkQuerySchema = agentIdQuerySchema;\n\n/**\n * POST /memory/network/threads\n */\nexport const createThreadNetworkQuerySchema = agentIdQuerySchema;\n\n/**\n * PATCH /memory/network/threads/:threadId\n */\nexport const updateThreadNetworkQuerySchema = agentIdQuerySchema;\n\n/**\n * DELETE /memory/network/threads/:threadId\n * resourceId is optional - used for ownership validation fallback when not set via middleware\n */\nexport const deleteThreadNetworkQuerySchema = agentIdQuerySchema.extend({\n  resourceId: z.string().optional(),\n});\n\n/**\n * POST /memory/network/messages/delete\n * resourceId is optional - used for ownership validation fallback when not set via middleware\n */\nexport const deleteMessagesNetworkQuerySchema = agentIdQuerySchema.extend({\n  resourceId: z.string().optional(),\n});\n\n// ============================================================================\n// Response Schemas\n// ============================================================================\n\n/**\n * Response for GET /memory/status\n */\nexport const memoryStatusResponseSchema = z.object({\n  result: z.boolean(),\n  observationalMemory: z\n    .object({\n      enabled: z.boolean(),\n      hasRecord: z.boolean().optional(),\n      originType: z.string().optional(),\n      lastObservedAt: z.date().optional(),\n      tokenCount: z.number().optional(),\n      observationTokenCount: z.number().optional(),\n      isObserving: z.boolean().optional(),\n      isReflecting: z.boolean().optional(),\n    })\n    .optional(),\n});\n\n/**\n * Observational Memory config schema for API responses\n */\nconst observationalMemoryConfigSchema = z.object({\n  enabled: z.boolean(),\n  scope: z.enum(['thread', 'resource']).optional(),\n  shareTokenBudget: z.boolean().optional(),\n  messageTokens: z.union([z.number(), z.object({ min: z.number(), max: z.number() })]).optional(),\n  observationTokens: z.union([z.number(), z.object({ min: z.number(), max: z.number() })]).optional(),\n  observationModel: z.string().optional(),\n  reflectionModel: z.string().optional(),\n});\n\n/**\n * Response for GET /memory/config\n * MemoryConfig is complex with many optional fields - using passthrough\n */\nexport const memoryConfigResponseSchema = z.object({\n  config: z\n    .object({\n      lastMessages: z.union([z.number(), z.literal(false)]).optional(),\n      semanticRecall: z.union([z.boolean(), z.any()]).optional(),\n      workingMemory: z.any().optional(),\n      observationalMemory: observationalMemoryConfigSchema.optional(),\n    })\n    .nullable(),\n});\n\n/**\n * Response for GET /memory/threads\n */\nexport const listThreadsResponseSchema = paginationInfoSchema.extend({\n  threads: z.array(threadSchema),\n});\n\n/**\n * Response for GET /memory/threads/:threadId\n */\nexport const getThreadByIdResponseSchema = threadSchema;\n\n/**\n * Response for GET /memory/threads/:threadId/messages\n */\nexport const listMessagesResponseSchema = z.object({\n  messages: z.array(messageSchema),\n  uiMessages: z.unknown(), // Converted messages in UI format\n});\n\n/**\n * Response for GET /memory/threads/:threadId/working-memory\n */\nexport const getWorkingMemoryResponseSchema = z.object({\n  workingMemory: z.unknown(), // Can be string or structured object depending on template\n  source: z.enum(['thread', 'resource']),\n  workingMemoryTemplate: z.unknown(), // Template structure varies\n  threadExists: z.boolean(),\n});\n\n// ============================================================================\n// Body Parameter Schemas for POST/PUT/DELETE\n// ============================================================================\n\n/**\n * Body schema for POST /memory/messages\n */\nexport const saveMessagesBodySchema = z.object({\n  messages: z.array(messageSchema),\n});\n\n/**\n * Body schema for POST /memory/threads\n */\nexport const createThreadBodySchema = z.object({\n  resourceId: z.string(),\n  title: z.string().optional(),\n  metadata: z.record(z.string(), z.unknown()).optional(),\n  threadId: z.string().optional(),\n});\n\n/**\n * Body schema for PUT /memory/threads/:threadId\n */\nexport const updateThreadBodySchema = z.object({\n  title: z.string().optional(),\n  metadata: z.record(z.string(), z.unknown()).optional(),\n  resourceId: z.string().optional(),\n});\n\n/**\n * Body schema for PUT /memory/threads/:threadId/working-memory\n */\nexport const updateWorkingMemoryBodySchema = z.object({\n  workingMemory: z.string(),\n  resourceId: z.string().optional(),\n  memoryConfig: z.record(z.string(), z.unknown()).optional(),\n});\n\n/**\n * Body schema for POST /memory/messages/delete\n * Accepts: string | string[] | { id: string } | { id: string }[]\n */\nexport const deleteMessagesBodySchema = z.object({\n  messageIds: z.union([\n    z.string(),\n    z.array(z.string()),\n    z.object({ id: z.string() }),\n    z.array(z.object({ id: z.string() })),\n  ]),\n});\n\n/**\n * Query schema for GET /memory/search\n */\nexport const searchMemoryQuerySchema = z.object({\n  agentId: z.string(),\n  searchQuery: z.string(),\n  resourceId: z.string(),\n  threadId: z.string().optional(),\n  limit: z.coerce.number().optional().default(20),\n  memoryConfig: memoryConfigSchema,\n});\n\n/**\n * Response schemas\n */\nexport const saveMessagesResponseSchema = z.object({\n  messages: z.array(messageSchema),\n});\n\nexport const deleteThreadResponseSchema = z.object({\n  result: z.string(),\n});\n\nexport const updateWorkingMemoryResponseSchema = successResponseSchema;\n\nexport const deleteMessagesResponseSchema = successResponseSchema.extend({\n  message: z.string(),\n});\n\nexport const searchMemoryResponseSchema = z.object({\n  results: z.array(z.unknown()),\n  count: z.number(),\n  query: z.string(),\n  searchScope: z.string().optional(),\n  searchType: z.string().optional(),\n});\n\n/**\n * Body schema for POST /memory/threads/:threadId/clone\n */\nexport const cloneThreadBodySchema = z.object({\n  newThreadId: z.string().optional(),\n  resourceId: z.string().optional(),\n  title: z.string().optional(),\n  metadata: z.record(z.string(), z.unknown()).optional(),\n  options: z\n    .object({\n      messageLimit: z.number().optional(),\n      messageFilter: z\n        .object({\n          startDate: z.coerce.date().optional(),\n          endDate: z.coerce.date().optional(),\n          messageIds: z.array(z.string()).optional(),\n        })\n        .optional(),\n    })\n    .optional(),\n});\n\n/**\n * Response schema for POST /memory/threads/:threadId/clone\n */\nexport const cloneThreadResponseSchema = z.object({\n  thread: threadSchema,\n  clonedMessages: z.array(messageSchema),\n});\n\n// ============================================================================\n// Observational Memory Schemas\n// ============================================================================\n\n/**\n * Query schema for GET /api/memory/observational-memory\n */\nexport const getObservationalMemoryQuerySchema = z.object({\n  agentId: z.string(),\n  resourceId: z.string().optional(),\n  threadId: z.string().optional(),\n});\n\n/**\n * Observational Memory record schema for API responses\n * Matches the ObservationalMemoryRecord type from @mastra/core/storage\n */\nconst observationalMemoryRecordSchema = z.object({\n  id: z.string(),\n  scope: z.enum(['thread', 'resource']),\n  resourceId: z.string(),\n  threadId: z.string().nullable(),\n  activeObservations: z.string(),\n  bufferedObservations: z.string().optional(),\n  bufferedReflection: z.string().optional(),\n  originType: z.enum(['initial', 'observation', 'reflection']),\n  generationCount: z.number(),\n  lastObservedAt: z.date().optional(),\n  totalTokensObserved: z.number(),\n  observationTokenCount: z.number(),\n  pendingMessageTokens: z.number(),\n  isObserving: z.boolean(),\n  isReflecting: z.boolean(),\n  config: z.record(z.string(), z.unknown()),\n  metadata: z.record(z.string(), z.unknown()).optional(),\n  createdAt: z.date(),\n  updatedAt: z.date(),\n});\n\n/**\n * Response schema for GET /api/memory/observational-memory\n */\nexport const getObservationalMemoryResponseSchema = z.object({\n  record: observationalMemoryRecordSchema.nullable(),\n  history: z.array(observationalMemoryRecordSchema).optional(),\n});\n\n/**\n * Body schema for POST /api/memory/observational-memory/buffer-status\n */\nexport const awaitBufferStatusBodySchema = z.object({\n  agentId: z.string(),\n  resourceId: z.string().optional(),\n  threadId: z.string().optional(),\n});\n\n/**\n * Response schema for POST /api/memory/observational-memory/buffer-status\n */\nexport const awaitBufferStatusResponseSchema = z.object({\n  record: observationalMemoryRecordSchema.nullable(),\n});\n"]}

package/dist/{chunk-P63CP2ZR.js → chunk-5GXB4IME.js}

@@ -1,6 +1,6 @@
-import { capabilitiesResponseSchema, currentUserResponseSchema, ssoLoginQuerySchema, ssoCallbackQuerySchema, credentialsSignInBodySchema, credentialsSignUpBodySchema } from './chunk-NLMVQMCR.js';
-import { handleError } from './chunk-NA7LKQPZ.js';
-import { createPublicRoute } from './chunk-5BBO2RHV.js';
+import { capabilitiesResponseSchema, currentUserResponseSchema, ssoLoginQuerySchema, ssoCallbackQuerySchema, credentialsSignInBodySchema, credentialsSignUpBodySchema } from './chunk-HDHGRTUS.js';
+import { handleError } from './chunk-P23KBWKB.js';
+import { createPublicRoute } from './chunk-NMS2SC2B.js';
 import { HTTPException } from './chunk-6QWQZI4Q.js';
 
 // src/server/handlers/auth.ts
@@ -379,5 +379,5 @@ var AUTH_ROUTES = [
 ];
 
 export { AUTH_ROUTES, GET_AUTH_CAPABILITIES_ROUTE, GET_CURRENT_USER_ROUTE, GET_SSO_CALLBACK_ROUTE, GET_SSO_LOGIN_ROUTE, POST_CREDENTIALS_SIGN_IN_ROUTE, POST_CREDENTIALS_SIGN_UP_ROUTE, POST_LOGOUT_ROUTE, getPublicOrigin };
-//# sourceMappingURL=chunk-P63CP2ZR.js.map
-//# sourceMappingURL=chunk-P63CP2ZR.js.map
+//# sourceMappingURL=chunk-5GXB4IME.js.map
+//# sourceMappingURL=chunk-5GXB4IME.js.map

package/dist/{chunk-P63CP2ZR.js.map → chunk-5GXB4IME.js.map}

@@ -1 +1 @@
-{"version":3,"sources":["../src/server/handlers/auth.ts"],"names":["mastra"],"mappings":";;;;;;AAiCA,IAAI,yBAAA;AACJ,SAAS,qBAAA,GAAkE;AACzE,EAAA,IAAI,CAAC,yBAAA,EAA2B;AAC9B,IAAA,yBAAA,GAA4B,OAAO,sBAAsB,CAAA,CACtD,IAAA,CAAK,OAAK,CAAA,CAAE,iBAAwC,CAAA,CACpD,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,yBAAA;AACT;AAKA,SAAS,gBAAgB,MAAA,EAAwC;AAC/D,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAM,OAAO,IAAA;AAIhC,EAAA,IAAI,OAAO,YAAA,CAAa,IAAA,CAAK,iBAAA,KAAsB,UAAA,EAAY;AAC7D,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AASO,SAAS,gBAAgB,OAAA,EAA0B;AACxD,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACnF,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,OAAO,WAAW,aAAa,CAAA,CAAA;AAAA,EACjC;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,MAAA;AAC9B;AAKA,SAAS,gBAAgB,MAAA,EAAgD;AACvE,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,IAAA;AACvB;AAKA,SAAS,mBAAA,CAAuB,MAAe,MAAA,EAA4B;AACzE,EAAA,OAAO,IAAA,KAAS,IAAA,IAAQ,OAAO,IAAA,KAAS,YAAY,MAAA,IAAU,IAAA;AAChE;AAMO,IAAM,8BAA8B,iBAAA,CAAkB;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,0BAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,GAAA;AAEzC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,EAAsB;AACtD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AACA,MAAA,MAAM,YAAA,GAAe,MAAM,iBAAA,CAAkB,IAAA,EAAM,SAAS,EAAE,IAAA,EAAM,SAAA,EAAW,WAAA,EAAa,CAAA;AAE5F,MAAA,OAAO,YAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyB,iBAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,UAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,yBAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAmC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACxE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,cAAA,CAAe,OAAO,CAAA;AAC9C,MAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAGlB,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,WAAA;AAEJ,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAI;AACF,UAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAChC,UAAA,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAAA,QAC9C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,IAAA,CAAK,EAAA;AAAA,QACT,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,WAAW,IAAA,CAAK,SAAA;AAAA,QAChB,KAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,sBAAsB,iBAAA,CAAkB;AAAA,EACnD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkB,mBAAA;AAAA,EAClB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,4DAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,YAAA,EAAc,OAAA,EAAS,aAAY,GAAI,GAAA;AACvD,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,aAAa,CAAA,EAAG;AACpE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,MAChE;AAGA,MAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,MAAA,MAAM,GAAA,GAAA,CAAQ,WAAA,IAA0B,MAAA,EAAQ,IAAA,EAAK;AACrD,MAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,GAAI,GAAA,GAAM,IAAI,GAAG,CAAA,CAAA;AACrD,MAAA,MAAM,MAAA,GAAS,UAAU,QAAA,CAAS,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,SAAA;AAClE,MAAA,MAAM,gBAAA,GAAmB,CAAA,EAAG,MAAM,CAAA,EAAG,MAAM,CAAA,kBAAA,CAAA;AAO3C,MAAA,IAAI,iBAAA,GAAoB,GAAA;AACxB,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,YAAA,CAAa,UAAA,CAAW,MAAM,CAAA,EAAG;AAEpC,UAAA,iBAAA,GAAoB,YAAA;AAAA,QACtB,CAAA,MAAO;AACL,UAAA,IAAI;AACF,YAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,YAAY,CAAA;AACxC,YAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,MAAM,CAAA;AACpC,YAAA,MAAM,OAAA,GAAU,WAAA,CAAY,QAAA,KAAa,OAAA,IAAW,YAAY,QAAA,KAAa,QAAA;AAC7E,YAAA,MAAM,YAAA,GAAe,WAAA,CAAY,MAAA,KAAW,aAAA,CAAc,MAAA;AAC1D,YAAA,MAAM,WAAA,GACJ,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,OAAA;AAC3B,YAAA,IAAI,OAAA,KAAY,gBAAgB,WAAA,CAAA,EAAc;AAC5C,cAAA,iBAAA,GAAoB,YAAA;AAAA,YACtB;AAAA,UACF,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AACA,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,kBAAA,CAAmB,iBAAiB,CAAC,CAAA,CAAA;AAEjE,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,gBAAA,EAAkB,KAAK,CAAA;AAGzD,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,iBAAiB,CAAA,IAAK,KAAK,eAAA,EAAiB;AACtF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,CAAgB,gBAAA,EAAkB,KAAK,CAAA;AAC5D,QAAA,IAAI,SAAS,MAAA,EAAQ;AAEnB,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,UACrC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,GAAA,EAAK,QAAA,EAAU,CAAA,EAAG,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IACjF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyB,iBAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkB,sBAAA;AAAA,EAClB,OAAA,EAAS,qBAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,SAAQ,GAAI,GAAA;AAGzC,IAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AAGvC,IAAA,IAAI,UAAA,GAAa,GAAA;AACjB,IAAA,IAAI,UAAU,KAAA,IAAS,EAAA;AACvB,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,MAAA,MAAM,CAAC,EAAA,EAAI,eAAe,IAAI,KAAA,CAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAChD,MAAA,OAAA,GAAU,EAAA;AACV,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,mBAAmB,eAAe,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,UAAA,GAAa,GAAA;AAAA,MACf;AAAA,IACF;AAMA,IAAA,IAAI,gBAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,OAAO,CAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,OAAO,QAAA,KAAa,QAAA;AACnE,QAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,KAAW,UAAA,CAAW,MAAA;AAClD,QAAA,MAAM,WAAA,GACJ,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,OAAA;AAC5F,QAAA,gBAAA,GAAmB,OAAA,KAAY,YAAA,IAAgB,WAAA,CAAA,GAAe,UAAA,GAAa,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MACvF,CAAA,CAAA,MAAQ;AACN,QAAA,gBAAA,GAAmB,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MAC/B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,gBAAA,GAAmB,CAAA,EAAG,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,OAAO,QAAA,CAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,6BAA6B,GAAG,CAAA;AAAA,MAC9E;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,OAAQ,IAAA,CAAa,uBAAA,KAA4B,UAAA,EAAY;AAC/D,QAAC,IAAA,CAAa,wBAAwB,eAAe,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAM,OAAO,CAAA;AACvD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAGpB,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,gBAAgB,CAAA;AAGxC,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF,WAAW,mBAAA,CAAsC,IAAA,EAAM,eAAe,CAAA,IAAK,OAAO,MAAA,EAAQ;AAExF,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,KAAK,EAAA,EAAI;AAAA,UAChD,WAAA,EAAa,OAAO,MAAA,CAAO,WAAA;AAAA,UAC3B,YAAA,EAAc,OAAO,MAAA,CAAO,YAAA;AAAA,UAC5B,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,UACzB,gBAAiB,IAAA,CAAa;AAAA,SAC/B,CAAA;AACD,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA;AACrD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AAEd,MAAA,MAAM,eAAe,kBAAA,CAAmB,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,eAAe,CAAA;AAChG,MAAA,OAAO,SAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,CAAA,OAAA,EAAU,YAAY,IAAI,GAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AACF,CAAC;AAMM,IAAM,oBAAoB,iBAAA,CAAkB;AAAA,EACjD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,cAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,OAAA,EAAS,QAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAE5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,UACrD,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAGA,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EAAG;AAC1E,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,QAAA,IAAI,SAAA,IAAa,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AAC9E,UAAA,MAAM,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,QACrC;AAAA,MACF;AAGA,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,cAAc,CAAA,IAAK,KAAK,YAAA,EAAc;AAEhF,QAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,CAAa,QAAQ,OAAO,CAAA;AACzD,QAAA,UAAA,GAAa,SAAA,IAAa,MAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,wBAAwB,CAAA,EAAG;AACzE,QAAA,MAAM,YAAA,GAAe,KAAK,sBAAA,EAAuB;AACjD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AACvD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,CAAA,EAAG;AAAA,QACjE,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,mBAAmB,CAAA;AAAA,IAC/C;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiC,iBAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAY,2BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,+CAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,UAAS,GAAI,GAAA;AAE7C,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,UAAU,OAAO,CAAA;AACzD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiB,eAAe,MAAM,KAAA;AAE1C,MAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,IACvE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiC,iBAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAY,2BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,MAAK,GAAI,GAAA;AAEnD,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,OAAO,KAAA,EAAO,QAAA,EAAU,MAAM,OAAO,CAAA;AAC/D,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiB,eAAe,MAAM,KAAA;AAC1C,MAAA,MAAMA,UAAU,GAAA,CAAY,MAAA;AAC5B,MAAAA,OAAAA,EAAQ,SAAA,IAAY,EAAG,KAAA,CAAM,eAAA,EAAiB;AAAA,QAC5C,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,EAAE,OAAA,EAAS,MAAM,OAAA,EAAS,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI;AAAA,OAClF,CAAA;AACD,MAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,4BAA4B,CAAA;AAAA,IACtE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,WAAA,GAAc;AAAA,EACzB,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,iBAAA;AAAA,EACA,8BAAA;AAAA,EACA;AACF","file":"chunk-P63CP2ZR.js","sourcesContent":["/**\n * Auth handlers for EE authentication capabilities.\n *\n * These routes enable Studio to:\n * - Detect available auth capabilities\n * - Initiate SSO login flows\n * - Handle OAuth callbacks\n * - Logout users\n */\n\nimport type {\n  IUserProvider,\n  ISessionProvider,\n  ISSOProvider,\n  ICredentialsProvider,\n  SSOCallbackResult,\n} from '@mastra/core/auth';\nimport type { IRBACProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { MastraAuthProvider } from '@mastra/core/server';\n\nimport { HTTPException } from '../http-exception';\nimport {\n  capabilitiesResponseSchema,\n  ssoLoginQuerySchema,\n  ssoCallbackQuerySchema,\n  currentUserResponseSchema,\n  credentialsSignInBodySchema,\n  credentialsSignUpBodySchema,\n} from '../schemas/auth';\nimport { createPublicRoute } from '../server-adapter/routes/route-builder';\nimport { handleError } from './error';\n\ntype BuildCapabilitiesFn = (auth: any, request: Request, options?: { rbac?: any; apiPrefix?: string }) => Promise<any>;\nlet _buildCapabilitiesPromise: Promise<BuildCapabilitiesFn | undefined> | undefined;\nfunction loadBuildCapabilities(): Promise<BuildCapabilitiesFn | undefined> {\n  if (!_buildCapabilitiesPromise) {\n    _buildCapabilitiesPromise = import('@mastra/core/auth/ee')\n      .then(m => m.buildCapabilities as BuildCapabilitiesFn)\n      .catch(() => {\n        console.error(\n          '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n        );\n        return undefined;\n      });\n  }\n  return _buildCapabilitiesPromise;\n}\n\n/**\n * Helper to get auth provider from Mastra instance.\n */\nfunction getAuthProvider(mastra: any): MastraAuthProvider | null {\n  const serverConfig = mastra.getServer?.();\n  if (!serverConfig?.auth) return null;\n\n  // Auth can be either MastraAuthConfig or MastraAuthProvider\n  // If it has authenticateToken method, it's a provider\n  if (typeof serverConfig.auth.authenticateToken === 'function') {\n    return serverConfig.auth as MastraAuthProvider;\n  }\n\n  return null;\n}\n\n/**\n * Get the public-facing origin from a request, respecting reverse proxy headers.\n * Behind a proxy (e.g. edge router), request.url contains the internal hostname.\n * X-Forwarded-Host tells us the real public hostname.\n * Always uses https when behind a proxy — Knative's queue-proxy overwrites\n * X-Forwarded-Proto based on the internal HTTP connection, so it's unreliable.\n */\nexport function getPublicOrigin(request: Request): string {\n  const forwardedHost = request.headers.get('x-forwarded-host')?.split(',')[0]?.trim();\n  if (forwardedHost) {\n    return `https://${forwardedHost}`;\n  }\n  return new URL(request.url).origin;\n}\n\n/**\n * Helper to get RBAC provider from Mastra server config.\n */\nfunction getRBACProvider(mastra: any): IRBACProvider<EEUser> | undefined {\n  const serverConfig = mastra.getServer?.();\n  return serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n}\n\n/**\n * Type guard to check if auth provider implements an interface.\n */\nfunction implementsInterface<T>(auth: unknown, method: keyof T): auth is T {\n  return auth !== null && typeof auth === 'object' && method in auth;\n}\n\n// ============================================================================\n// GET /auth/capabilities\n// ============================================================================\n\nexport const GET_AUTH_CAPABILITIES_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/capabilities',\n  responseType: 'json',\n  responseSchema: capabilitiesResponseSchema,\n  summary: 'Get auth capabilities',\n  description:\n    'Returns authentication capabilities and current user info. Used by Studio to determine available features and user state.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, request, routePrefix } = ctx as any;\n\n      const auth = getAuthProvider(mastra);\n\n      if (!auth) {\n        return { enabled: false, login: null };\n      }\n\n      const rbac = getRBACProvider(mastra);\n\n      const buildCapabilities = await loadBuildCapabilities();\n      if (!buildCapabilities) {\n        return { enabled: false, login: null };\n      }\n      const capabilities = await buildCapabilities(auth, request, { rbac, apiPrefix: routePrefix });\n\n      return capabilities;\n    } catch (error) {\n      return handleError(error, 'Error getting auth capabilities');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/me\n// ============================================================================\n\nexport const GET_CURRENT_USER_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/me',\n  responseType: 'json',\n  responseSchema: currentUserResponseSchema,\n  summary: 'Get current user',\n  description: 'Returns the currently authenticated user, or null if not authenticated.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, request } = ctx as any;\n      const auth = getAuthProvider(mastra);\n      const rbac = getRBACProvider(mastra);\n\n      if (!auth || !implementsInterface<IUserProvider>(auth, 'getCurrentUser')) {\n        return null;\n      }\n\n      const user = await auth.getCurrentUser(request);\n      if (!user) return null;\n\n      // Get roles/permissions from RBAC provider if available\n      let roles: string[] | undefined;\n      let permissions: string[] | undefined;\n\n      if (rbac) {\n        try {\n          roles = await rbac.getRoles(user);\n          permissions = await rbac.getPermissions(user);\n        } catch {\n          // RBAC not available or failed\n        }\n      }\n\n      return {\n        id: user.id,\n        email: user.email,\n        name: user.name,\n        avatarUrl: user.avatarUrl,\n        roles,\n        permissions,\n      };\n    } catch (error) {\n      return handleError(error, 'Error getting current user');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/sso/login\n// ============================================================================\n\nexport const GET_SSO_LOGIN_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/sso/login',\n  responseType: 'datastream-response',\n  queryParamSchema: ssoLoginQuerySchema,\n  summary: 'Initiate SSO login',\n  description: 'Returns the SSO login URL and sets PKCE cookies if needed.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, redirect_uri, request, routePrefix } = ctx as any;\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ISSOProvider>(auth, 'getLoginUrl')) {\n        throw new HTTPException(404, { message: 'SSO not configured' });\n      }\n\n      // Build OAuth callback URI using the configured route prefix\n      const origin = getPublicOrigin(request);\n      const raw = ((routePrefix as string) || '/api').trim();\n      const withSlash = raw.startsWith('/') ? raw : `/${raw}`;\n      const prefix = withSlash.endsWith('/') ? withSlash.slice(0, -1) : withSlash;\n      const oauthCallbackUri = `${origin}${prefix}/auth/sso/callback`;\n\n      // Encode the post-login redirect in state (where user goes after auth completes)\n      // State format: uuid|postLoginRedirect\n      // Validate redirect_uri to prevent open-redirect attacks: allow relative paths,\n      // same-origin URLs, and localhost URLs (for dev setups where Studio runs on a\n      // different port).\n      let postLoginRedirect = '/';\n      if (redirect_uri) {\n        if (!redirect_uri.startsWith('http')) {\n          // Relative path — always safe\n          postLoginRedirect = redirect_uri;\n        } else {\n          try {\n            const redirectUrl = new URL(redirect_uri);\n            const requestOrigin = new URL(origin);\n            const isHttps = redirectUrl.protocol === 'http:' || redirectUrl.protocol === 'https:';\n            const isSameOrigin = redirectUrl.origin === requestOrigin.origin;\n            const isLocalhost =\n              redirectUrl.hostname === 'localhost' ||\n              redirectUrl.hostname === '127.0.0.1' ||\n              redirectUrl.hostname === '[::1]';\n            if (isHttps && (isSameOrigin || isLocalhost)) {\n              postLoginRedirect = redirect_uri;\n            }\n          } catch {\n            // Malformed URL — fall back to /\n          }\n        }\n      }\n      const stateId = crypto.randomUUID();\n      const state = `${stateId}|${encodeURIComponent(postLoginRedirect)}`;\n\n      const loginUrl = auth.getLoginUrl(oauthCallbackUri, state);\n\n      // Build response with optional PKCE cookies\n      const headers = new Headers({ 'Content-Type': 'application/json' });\n\n      // Check for PKCE cookies (e.g., MastraCloudAuthProvider)\n      if (implementsInterface<ISSOProvider>(auth, 'getLoginCookies') && auth.getLoginCookies) {\n        const cookies = auth.getLoginCookies(oauthCallbackUri, state);\n        if (cookies?.length) {\n          // PKCE cookies set for SSO state management\n          for (const cookie of cookies) {\n            headers.append('Set-Cookie', cookie);\n          }\n        }\n      }\n\n      return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });\n    } catch (error) {\n      return handleError(error, 'Error initiating SSO login');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/sso/callback\n// ============================================================================\n\nexport const GET_SSO_CALLBACK_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/sso/callback',\n  responseType: 'datastream-response',\n  queryParamSchema: ssoCallbackQuerySchema,\n  summary: 'Handle SSO callback',\n  description: 'Handles the OAuth callback, exchanges code for session, and redirects to the app.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, code, state, request } = ctx as any;\n\n    // Build base URL for redirects (Response.redirect requires absolute URL)\n    const baseUrl = getPublicOrigin(request);\n\n    // Extract post-login redirect from state (format: uuid|encodedRedirect)\n    let redirectTo = '/';\n    let stateId = state || '';\n    if (state && state.includes('|')) {\n      const [id, encodedRedirect] = state.split('|', 2);\n      stateId = id;\n      try {\n        redirectTo = decodeURIComponent(encodedRedirect);\n      } catch {\n        redirectTo = '/';\n      }\n    }\n\n    // Build absolute redirect URL.\n    // The redirect_uri was validated at the login endpoint (same-origin or localhost\n    // only), so the state should only contain safe URLs. We still apply defense-in-depth\n    // checks here: allow http(s) same-origin or localhost, reject everything else.\n    let absoluteRedirect: string;\n    if (redirectTo.startsWith('http')) {\n      try {\n        const parsed = new URL(redirectTo);\n        const baseOrigin = new URL(baseUrl);\n        const isHttps = parsed.protocol === 'http:' || parsed.protocol === 'https:';\n        const isSameOrigin = parsed.origin === baseOrigin.origin;\n        const isLocalhost =\n          parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1' || parsed.hostname === '[::1]';\n        absoluteRedirect = isHttps && (isSameOrigin || isLocalhost) ? redirectTo : `${baseUrl}/`;\n      } catch {\n        absoluteRedirect = `${baseUrl}/`;\n      }\n    } else {\n      absoluteRedirect = `${baseUrl}${redirectTo}`;\n    }\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n        return Response.redirect(`${absoluteRedirect}?error=sso_not_configured`, 302);\n      }\n\n      // Pass cookie header to provider for PKCE validation (if supported)\n      const reqCookieHeader = request.headers.get('cookie');\n      if (typeof (auth as any).setCallbackCookieHeader === 'function') {\n        (auth as any).setCallbackCookieHeader(reqCookieHeader);\n      }\n\n      const result = (await auth.handleCallback(code, stateId)) as SSOCallbackResult<EEUser>;\n      const user = result.user as EEUser;\n\n      // Build response headers (session cookies, etc.)\n      const headers = new Headers();\n      headers.set('Location', absoluteRedirect);\n\n      // Set session cookies from the SSO result\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      } else if (implementsInterface<ISessionProvider>(auth, 'createSession') && result.tokens) {\n        // Fallback: Create session manually for providers without cookie support\n        const session = await auth.createSession(user.id, {\n          accessToken: result.tokens.accessToken,\n          refreshToken: result.tokens.refreshToken,\n          expiresAt: result.tokens.expiresAt,\n          organizationId: (user as any).organizationId,\n        });\n        const sessionHeaders = auth.getSessionHeaders(session);\n        for (const [key, value] of Object.entries(sessionHeaders)) {\n          headers.append(key, value);\n        }\n      }\n\n      return new Response(null, {\n        status: 302,\n        headers,\n      });\n    } catch (error) {\n      // Redirect with error (use absolute URL)\n      const errorMessage = encodeURIComponent(error instanceof Error ? error.message : 'Unknown error');\n      return Response.redirect(`${absoluteRedirect}?error=${errorMessage}`, 302);\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/logout\n// ============================================================================\n\nexport const POST_LOGOUT_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/logout',\n  responseType: 'datastream-response',\n  summary: 'Logout',\n  description: 'Destroys the current session and returns logout redirect URL if available.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth) {\n        return new Response(JSON.stringify({ success: true }), {\n          status: 200,\n          headers: { 'Content-Type': 'application/json' },\n        });\n      }\n\n      // Get session ID and destroy it\n      if (implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')) {\n        const sessionId = auth.getSessionIdFromRequest(request);\n        if (sessionId && implementsInterface<ISessionProvider>(auth, 'destroySession')) {\n          await auth.destroySession(sessionId);\n        }\n      }\n\n      // Get logout URL if available\n      let redirectTo: string | undefined;\n      if (implementsInterface<ISSOProvider>(auth, 'getLogoutUrl') && auth.getLogoutUrl) {\n        // Use public origin (respects X-Forwarded-Host behind reverse proxy)\n        const origin = getPublicOrigin(request);\n        const logoutUrl = await auth.getLogoutUrl(origin, request);\n        redirectTo = logoutUrl ?? undefined;\n      }\n\n      // Build response with session clearing headers\n      const headers = new Headers({ 'Content-Type': 'application/json' });\n\n      // Clear session cookie\n      if (implementsInterface<ISessionProvider>(auth, 'getClearSessionHeaders')) {\n        const clearHeaders = auth.getClearSessionHeaders();\n        for (const [key, value] of Object.entries(clearHeaders)) {\n          headers.append(key, value);\n        }\n      }\n\n      return new Response(JSON.stringify({ success: true, redirectTo }), {\n        status: 200,\n        headers,\n      });\n    } catch (error) {\n      return handleError(error, 'Error logging out');\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-in\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_IN_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/credentials/sign-in',\n  responseType: 'datastream-response',\n  bodySchema: credentialsSignInBodySchema,\n  summary: 'Sign in with credentials',\n  description: 'Authenticates a user with email and password.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request, email, password } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signIn')) {\n        throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n      }\n\n      const result = await auth.signIn(email, password, request);\n      const user = result.user as EEUser;\n\n      const responseBody = JSON.stringify({\n        user: {\n          id: user.id,\n          email: user.email,\n          name: user.name,\n          avatarUrl: user.avatarUrl,\n        },\n        token: result.token,\n      });\n\n      // Build response headers, including cookies from the auth provider\n      const headers = new Headers({\n        'Content-Type': 'application/json',\n      });\n\n      // Forward session cookies from the auth provider\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      }\n\n      return new Response(responseBody, { status: 200, headers });\n    } catch (error) {\n      if (error instanceof HTTPException) throw error;\n      // Return a generic error for auth failures to avoid leaking info\n      throw new HTTPException(401, { message: 'Invalid email or password' });\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-up\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_UP_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/credentials/sign-up',\n  responseType: 'datastream-response',\n  bodySchema: credentialsSignUpBodySchema,\n  summary: 'Sign up with credentials',\n  description: 'Creates a new user account with email and password.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request, email, password, name } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signUp')) {\n        throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n      }\n\n      const result = await auth.signUp(email, password, name, request);\n      const user = result.user as EEUser;\n\n      const responseBody = JSON.stringify({\n        user: {\n          id: user.id,\n          email: user.email,\n          name: user.name,\n          avatarUrl: user.avatarUrl,\n        },\n        token: result.token,\n      });\n\n      // Build response headers, including cookies from the auth provider\n      const headers = new Headers({\n        'Content-Type': 'application/json',\n      });\n\n      // Forward session cookies from the auth provider\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      }\n\n      return new Response(responseBody, { status: 200, headers });\n    } catch (error) {\n      if (error instanceof HTTPException) throw error;\n      const mastra = (ctx as any).mastra;\n      mastra?.getLogger?.()?.error('Sign-up error', {\n        error: error instanceof Error ? { message: error.message, stack: error.stack } : error,\n      });\n      throw new HTTPException(400, { message: 'Failed to create account' });\n    }\n  },\n});\n\n// ============================================================================\n// Export all auth routes\n// ============================================================================\n\nexport const AUTH_ROUTES = [\n  GET_AUTH_CAPABILITIES_ROUTE,\n  GET_CURRENT_USER_ROUTE,\n  GET_SSO_LOGIN_ROUTE,\n  GET_SSO_CALLBACK_ROUTE,\n  POST_LOGOUT_ROUTE,\n  POST_CREDENTIALS_SIGN_IN_ROUTE,\n  POST_CREDENTIALS_SIGN_UP_ROUTE,\n] as const;\n"]}
+{"version":3,"sources":["../src/server/handlers/auth.ts"],"names":["mastra"],"mappings":";;;;;;AAiCA,IAAI,yBAAA;AACJ,SAAS,qBAAA,GAAkE;AACzE,EAAA,IAAI,CAAC,yBAAA,EAA2B;AAC9B,IAAA,yBAAA,GAA4B,OAAO,sBAAsB,CAAA,CACtD,IAAA,CAAK,OAAK,CAAA,CAAE,iBAAwC,CAAA,CACpD,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,yBAAA;AACT;AAKA,SAAS,gBAAgB,MAAA,EAAwC;AAC/D,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAM,OAAO,IAAA;AAIhC,EAAA,IAAI,OAAO,YAAA,CAAa,IAAA,CAAK,iBAAA,KAAsB,UAAA,EAAY;AAC7D,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AASO,SAAS,gBAAgB,OAAA,EAA0B;AACxD,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACnF,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,OAAO,WAAW,aAAa,CAAA,CAAA;AAAA,EACjC;AACA,EAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,MAAA;AAC9B;AAKA,SAAS,gBAAgB,MAAA,EAAgD;AACvE,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,IAAA;AACvB;AAKA,SAAS,mBAAA,CAAuB,MAAe,MAAA,EAA4B;AACzE,EAAA,OAAO,IAAA,KAAS,IAAA,IAAQ,OAAO,IAAA,KAAS,YAAY,MAAA,IAAU,IAAA;AAChE;AAMO,IAAM,8BAA8B,iBAAA,CAAkB;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,0BAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,GAAA;AAEzC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,EAAsB;AACtD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AACA,MAAA,MAAM,YAAA,GAAe,MAAM,iBAAA,CAAkB,IAAA,EAAM,SAAS,EAAE,IAAA,EAAM,SAAA,EAAW,WAAA,EAAa,CAAA;AAE5F,MAAA,OAAO,YAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyB,iBAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,UAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,yBAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAmC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACxE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,cAAA,CAAe,OAAO,CAAA;AAC9C,MAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAGlB,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,WAAA;AAEJ,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAI;AACF,UAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAChC,UAAA,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAAA,QAC9C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,IAAA,CAAK,EAAA;AAAA,QACT,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,WAAW,IAAA,CAAK,SAAA;AAAA,QAChB,KAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,sBAAsB,iBAAA,CAAkB;AAAA,EACnD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkB,mBAAA;AAAA,EAClB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,4DAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,YAAA,EAAc,OAAA,EAAS,aAAY,GAAI,GAAA;AACvD,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,aAAa,CAAA,EAAG;AACpE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,MAChE;AAGA,MAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,MAAA,MAAM,GAAA,GAAA,CAAQ,WAAA,IAA0B,MAAA,EAAQ,IAAA,EAAK;AACrD,MAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,GAAI,GAAA,GAAM,IAAI,GAAG,CAAA,CAAA;AACrD,MAAA,MAAM,MAAA,GAAS,UAAU,QAAA,CAAS,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,SAAA;AAClE,MAAA,MAAM,gBAAA,GAAmB,CAAA,EAAG,MAAM,CAAA,EAAG,MAAM,CAAA,kBAAA,CAAA;AAO3C,MAAA,IAAI,iBAAA,GAAoB,GAAA;AACxB,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,YAAA,CAAa,UAAA,CAAW,MAAM,CAAA,EAAG;AAEpC,UAAA,iBAAA,GAAoB,YAAA;AAAA,QACtB,CAAA,MAAO;AACL,UAAA,IAAI;AACF,YAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,YAAY,CAAA;AACxC,YAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,MAAM,CAAA;AACpC,YAAA,MAAM,OAAA,GAAU,WAAA,CAAY,QAAA,KAAa,OAAA,IAAW,YAAY,QAAA,KAAa,QAAA;AAC7E,YAAA,MAAM,YAAA,GAAe,WAAA,CAAY,MAAA,KAAW,aAAA,CAAc,MAAA;AAC1D,YAAA,MAAM,WAAA,GACJ,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,OAAA;AAC3B,YAAA,IAAI,OAAA,KAAY,gBAAgB,WAAA,CAAA,EAAc;AAC5C,cAAA,iBAAA,GAAoB,YAAA;AAAA,YACtB;AAAA,UACF,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AACA,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,kBAAA,CAAmB,iBAAiB,CAAC,CAAA,CAAA;AAEjE,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,gBAAA,EAAkB,KAAK,CAAA;AAGzD,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,iBAAiB,CAAA,IAAK,KAAK,eAAA,EAAiB;AACtF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,CAAgB,gBAAA,EAAkB,KAAK,CAAA;AAC5D,QAAA,IAAI,SAAS,MAAA,EAAQ;AAEnB,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,UACrC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,GAAA,EAAK,QAAA,EAAU,CAAA,EAAG,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IACjF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyB,iBAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkB,sBAAA;AAAA,EAClB,OAAA,EAAS,qBAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,SAAQ,GAAI,GAAA;AAGzC,IAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AAGvC,IAAA,IAAI,UAAA,GAAa,GAAA;AACjB,IAAA,IAAI,UAAU,KAAA,IAAS,EAAA;AACvB,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,MAAA,MAAM,CAAC,EAAA,EAAI,eAAe,IAAI,KAAA,CAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAChD,MAAA,OAAA,GAAU,EAAA;AACV,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,mBAAmB,eAAe,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,UAAA,GAAa,GAAA;AAAA,MACf;AAAA,IACF;AAMA,IAAA,IAAI,gBAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,OAAO,CAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,OAAO,QAAA,KAAa,QAAA;AACnE,QAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,KAAW,UAAA,CAAW,MAAA;AAClD,QAAA,MAAM,WAAA,GACJ,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,OAAA;AAC5F,QAAA,gBAAA,GAAmB,OAAA,KAAY,YAAA,IAAgB,WAAA,CAAA,GAAe,UAAA,GAAa,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MACvF,CAAA,CAAA,MAAQ;AACN,QAAA,gBAAA,GAAmB,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MAC/B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,gBAAA,GAAmB,CAAA,EAAG,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,OAAO,QAAA,CAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,6BAA6B,GAAG,CAAA;AAAA,MAC9E;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,OAAQ,IAAA,CAAa,uBAAA,KAA4B,UAAA,EAAY;AAC/D,QAAC,IAAA,CAAa,wBAAwB,eAAe,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAM,OAAO,CAAA;AACvD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAGpB,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,gBAAgB,CAAA;AAGxC,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF,WAAW,mBAAA,CAAsC,IAAA,EAAM,eAAe,CAAA,IAAK,OAAO,MAAA,EAAQ;AAExF,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,KAAK,EAAA,EAAI;AAAA,UAChD,WAAA,EAAa,OAAO,MAAA,CAAO,WAAA;AAAA,UAC3B,YAAA,EAAc,OAAO,MAAA,CAAO,YAAA;AAAA,UAC5B,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,UACzB,gBAAiB,IAAA,CAAa;AAAA,SAC/B,CAAA;AACD,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA;AACrD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AAEd,MAAA,MAAM,eAAe,kBAAA,CAAmB,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,eAAe,CAAA;AAChG,MAAA,OAAO,SAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,CAAA,OAAA,EAAU,YAAY,IAAI,GAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AACF,CAAC;AAMM,IAAM,oBAAoB,iBAAA,CAAkB;AAAA,EACjD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,cAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,OAAA,EAAS,QAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAE5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,UACrD,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAGA,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EAAG;AAC1E,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,QAAA,IAAI,SAAA,IAAa,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AAC9E,UAAA,MAAM,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,QACrC;AAAA,MACF;AAGA,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,cAAc,CAAA,IAAK,KAAK,YAAA,EAAc;AAEhF,QAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,CAAa,QAAQ,OAAO,CAAA;AACzD,QAAA,UAAA,GAAa,SAAA,IAAa,MAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,wBAAwB,CAAA,EAAG;AACzE,QAAA,MAAM,YAAA,GAAe,KAAK,sBAAA,EAAuB;AACjD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AACvD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,CAAA,EAAG;AAAA,QACjE,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,mBAAmB,CAAA;AAAA,IAC/C;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiC,iBAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAY,2BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,+CAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,UAAS,GAAI,GAAA;AAE7C,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,UAAU,OAAO,CAAA;AACzD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiB,eAAe,MAAM,KAAA;AAE1C,MAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,IACvE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiC,iBAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAY,2BAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,MAAK,GAAI,GAAA;AAEnD,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,OAAO,KAAA,EAAO,QAAA,EAAU,MAAM,OAAO,CAAA;AAC/D,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiB,eAAe,MAAM,KAAA;AAC1C,MAAA,MAAMA,UAAU,GAAA,CAAY,MAAA;AAC5B,MAAAA,OAAAA,EAAQ,SAAA,IAAY,EAAG,KAAA,CAAM,eAAA,EAAiB;AAAA,QAC5C,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,EAAE,OAAA,EAAS,MAAM,OAAA,EAAS,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI;AAAA,OAClF,CAAA;AACD,MAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,4BAA4B,CAAA;AAAA,IACtE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,WAAA,GAAc;AAAA,EACzB,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,iBAAA;AAAA,EACA,8BAAA;AAAA,EACA;AACF","file":"chunk-5GXB4IME.js","sourcesContent":["/**\n * Auth handlers for EE authentication capabilities.\n *\n * These routes enable Studio to:\n * - Detect available auth capabilities\n * - Initiate SSO login flows\n * - Handle OAuth callbacks\n * - Logout users\n */\n\nimport type {\n  IUserProvider,\n  ISessionProvider,\n  ISSOProvider,\n  ICredentialsProvider,\n  SSOCallbackResult,\n} from '@mastra/core/auth';\nimport type { IRBACProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { MastraAuthProvider } from '@mastra/core/server';\n\nimport { HTTPException } from '../http-exception';\nimport {\n  capabilitiesResponseSchema,\n  ssoLoginQuerySchema,\n  ssoCallbackQuerySchema,\n  currentUserResponseSchema,\n  credentialsSignInBodySchema,\n  credentialsSignUpBodySchema,\n} from '../schemas/auth';\nimport { createPublicRoute } from '../server-adapter/routes/route-builder';\nimport { handleError } from './error';\n\ntype BuildCapabilitiesFn = (auth: any, request: Request, options?: { rbac?: any; apiPrefix?: string }) => Promise<any>;\nlet _buildCapabilitiesPromise: Promise<BuildCapabilitiesFn | undefined> | undefined;\nfunction loadBuildCapabilities(): Promise<BuildCapabilitiesFn | undefined> {\n  if (!_buildCapabilitiesPromise) {\n    _buildCapabilitiesPromise = import('@mastra/core/auth/ee')\n      .then(m => m.buildCapabilities as BuildCapabilitiesFn)\n      .catch(() => {\n        console.error(\n          '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n        );\n        return undefined;\n      });\n  }\n  return _buildCapabilitiesPromise;\n}\n\n/**\n * Helper to get auth provider from Mastra instance.\n */\nfunction getAuthProvider(mastra: any): MastraAuthProvider | null {\n  const serverConfig = mastra.getServer?.();\n  if (!serverConfig?.auth) return null;\n\n  // Auth can be either MastraAuthConfig or MastraAuthProvider\n  // If it has authenticateToken method, it's a provider\n  if (typeof serverConfig.auth.authenticateToken === 'function') {\n    return serverConfig.auth as MastraAuthProvider;\n  }\n\n  return null;\n}\n\n/**\n * Get the public-facing origin from a request, respecting reverse proxy headers.\n * Behind a proxy (e.g. edge router), request.url contains the internal hostname.\n * X-Forwarded-Host tells us the real public hostname.\n * Always uses https when behind a proxy — Knative's queue-proxy overwrites\n * X-Forwarded-Proto based on the internal HTTP connection, so it's unreliable.\n */\nexport function getPublicOrigin(request: Request): string {\n  const forwardedHost = request.headers.get('x-forwarded-host')?.split(',')[0]?.trim();\n  if (forwardedHost) {\n    return `https://${forwardedHost}`;\n  }\n  return new URL(request.url).origin;\n}\n\n/**\n * Helper to get RBAC provider from Mastra server config.\n */\nfunction getRBACProvider(mastra: any): IRBACProvider<EEUser> | undefined {\n  const serverConfig = mastra.getServer?.();\n  return serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n}\n\n/**\n * Type guard to check if auth provider implements an interface.\n */\nfunction implementsInterface<T>(auth: unknown, method: keyof T): auth is T {\n  return auth !== null && typeof auth === 'object' && method in auth;\n}\n\n// ============================================================================\n// GET /auth/capabilities\n// ============================================================================\n\nexport const GET_AUTH_CAPABILITIES_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/capabilities',\n  responseType: 'json',\n  responseSchema: capabilitiesResponseSchema,\n  summary: 'Get auth capabilities',\n  description:\n    'Returns authentication capabilities and current user info. Used by Studio to determine available features and user state.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, request, routePrefix } = ctx as any;\n\n      const auth = getAuthProvider(mastra);\n\n      if (!auth) {\n        return { enabled: false, login: null };\n      }\n\n      const rbac = getRBACProvider(mastra);\n\n      const buildCapabilities = await loadBuildCapabilities();\n      if (!buildCapabilities) {\n        return { enabled: false, login: null };\n      }\n      const capabilities = await buildCapabilities(auth, request, { rbac, apiPrefix: routePrefix });\n\n      return capabilities;\n    } catch (error) {\n      return handleError(error, 'Error getting auth capabilities');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/me\n// ============================================================================\n\nexport const GET_CURRENT_USER_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/me',\n  responseType: 'json',\n  responseSchema: currentUserResponseSchema,\n  summary: 'Get current user',\n  description: 'Returns the currently authenticated user, or null if not authenticated.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, request } = ctx as any;\n      const auth = getAuthProvider(mastra);\n      const rbac = getRBACProvider(mastra);\n\n      if (!auth || !implementsInterface<IUserProvider>(auth, 'getCurrentUser')) {\n        return null;\n      }\n\n      const user = await auth.getCurrentUser(request);\n      if (!user) return null;\n\n      // Get roles/permissions from RBAC provider if available\n      let roles: string[] | undefined;\n      let permissions: string[] | undefined;\n\n      if (rbac) {\n        try {\n          roles = await rbac.getRoles(user);\n          permissions = await rbac.getPermissions(user);\n        } catch {\n          // RBAC not available or failed\n        }\n      }\n\n      return {\n        id: user.id,\n        email: user.email,\n        name: user.name,\n        avatarUrl: user.avatarUrl,\n        roles,\n        permissions,\n      };\n    } catch (error) {\n      return handleError(error, 'Error getting current user');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/sso/login\n// ============================================================================\n\nexport const GET_SSO_LOGIN_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/sso/login',\n  responseType: 'datastream-response',\n  queryParamSchema: ssoLoginQuerySchema,\n  summary: 'Initiate SSO login',\n  description: 'Returns the SSO login URL and sets PKCE cookies if needed.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    try {\n      const { mastra, redirect_uri, request, routePrefix } = ctx as any;\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ISSOProvider>(auth, 'getLoginUrl')) {\n        throw new HTTPException(404, { message: 'SSO not configured' });\n      }\n\n      // Build OAuth callback URI using the configured route prefix\n      const origin = getPublicOrigin(request);\n      const raw = ((routePrefix as string) || '/api').trim();\n      const withSlash = raw.startsWith('/') ? raw : `/${raw}`;\n      const prefix = withSlash.endsWith('/') ? withSlash.slice(0, -1) : withSlash;\n      const oauthCallbackUri = `${origin}${prefix}/auth/sso/callback`;\n\n      // Encode the post-login redirect in state (where user goes after auth completes)\n      // State format: uuid|postLoginRedirect\n      // Validate redirect_uri to prevent open-redirect attacks: allow relative paths,\n      // same-origin URLs, and localhost URLs (for dev setups where Studio runs on a\n      // different port).\n      let postLoginRedirect = '/';\n      if (redirect_uri) {\n        if (!redirect_uri.startsWith('http')) {\n          // Relative path — always safe\n          postLoginRedirect = redirect_uri;\n        } else {\n          try {\n            const redirectUrl = new URL(redirect_uri);\n            const requestOrigin = new URL(origin);\n            const isHttps = redirectUrl.protocol === 'http:' || redirectUrl.protocol === 'https:';\n            const isSameOrigin = redirectUrl.origin === requestOrigin.origin;\n            const isLocalhost =\n              redirectUrl.hostname === 'localhost' ||\n              redirectUrl.hostname === '127.0.0.1' ||\n              redirectUrl.hostname === '[::1]';\n            if (isHttps && (isSameOrigin || isLocalhost)) {\n              postLoginRedirect = redirect_uri;\n            }\n          } catch {\n            // Malformed URL — fall back to /\n          }\n        }\n      }\n      const stateId = crypto.randomUUID();\n      const state = `${stateId}|${encodeURIComponent(postLoginRedirect)}`;\n\n      const loginUrl = auth.getLoginUrl(oauthCallbackUri, state);\n\n      // Build response with optional PKCE cookies\n      const headers = new Headers({ 'Content-Type': 'application/json' });\n\n      // Check for PKCE cookies (e.g., MastraCloudAuthProvider)\n      if (implementsInterface<ISSOProvider>(auth, 'getLoginCookies') && auth.getLoginCookies) {\n        const cookies = auth.getLoginCookies(oauthCallbackUri, state);\n        if (cookies?.length) {\n          // PKCE cookies set for SSO state management\n          for (const cookie of cookies) {\n            headers.append('Set-Cookie', cookie);\n          }\n        }\n      }\n\n      return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });\n    } catch (error) {\n      return handleError(error, 'Error initiating SSO login');\n    }\n  },\n});\n\n// ============================================================================\n// GET /auth/sso/callback\n// ============================================================================\n\nexport const GET_SSO_CALLBACK_ROUTE = createPublicRoute({\n  method: 'GET',\n  path: '/auth/sso/callback',\n  responseType: 'datastream-response',\n  queryParamSchema: ssoCallbackQuerySchema,\n  summary: 'Handle SSO callback',\n  description: 'Handles the OAuth callback, exchanges code for session, and redirects to the app.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, code, state, request } = ctx as any;\n\n    // Build base URL for redirects (Response.redirect requires absolute URL)\n    const baseUrl = getPublicOrigin(request);\n\n    // Extract post-login redirect from state (format: uuid|encodedRedirect)\n    let redirectTo = '/';\n    let stateId = state || '';\n    if (state && state.includes('|')) {\n      const [id, encodedRedirect] = state.split('|', 2);\n      stateId = id;\n      try {\n        redirectTo = decodeURIComponent(encodedRedirect);\n      } catch {\n        redirectTo = '/';\n      }\n    }\n\n    // Build absolute redirect URL.\n    // The redirect_uri was validated at the login endpoint (same-origin or localhost\n    // only), so the state should only contain safe URLs. We still apply defense-in-depth\n    // checks here: allow http(s) same-origin or localhost, reject everything else.\n    let absoluteRedirect: string;\n    if (redirectTo.startsWith('http')) {\n      try {\n        const parsed = new URL(redirectTo);\n        const baseOrigin = new URL(baseUrl);\n        const isHttps = parsed.protocol === 'http:' || parsed.protocol === 'https:';\n        const isSameOrigin = parsed.origin === baseOrigin.origin;\n        const isLocalhost =\n          parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1' || parsed.hostname === '[::1]';\n        absoluteRedirect = isHttps && (isSameOrigin || isLocalhost) ? redirectTo : `${baseUrl}/`;\n      } catch {\n        absoluteRedirect = `${baseUrl}/`;\n      }\n    } else {\n      absoluteRedirect = `${baseUrl}${redirectTo}`;\n    }\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n        return Response.redirect(`${absoluteRedirect}?error=sso_not_configured`, 302);\n      }\n\n      // Pass cookie header to provider for PKCE validation (if supported)\n      const reqCookieHeader = request.headers.get('cookie');\n      if (typeof (auth as any).setCallbackCookieHeader === 'function') {\n        (auth as any).setCallbackCookieHeader(reqCookieHeader);\n      }\n\n      const result = (await auth.handleCallback(code, stateId)) as SSOCallbackResult<EEUser>;\n      const user = result.user as EEUser;\n\n      // Build response headers (session cookies, etc.)\n      const headers = new Headers();\n      headers.set('Location', absoluteRedirect);\n\n      // Set session cookies from the SSO result\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      } else if (implementsInterface<ISessionProvider>(auth, 'createSession') && result.tokens) {\n        // Fallback: Create session manually for providers without cookie support\n        const session = await auth.createSession(user.id, {\n          accessToken: result.tokens.accessToken,\n          refreshToken: result.tokens.refreshToken,\n          expiresAt: result.tokens.expiresAt,\n          organizationId: (user as any).organizationId,\n        });\n        const sessionHeaders = auth.getSessionHeaders(session);\n        for (const [key, value] of Object.entries(sessionHeaders)) {\n          headers.append(key, value);\n        }\n      }\n\n      return new Response(null, {\n        status: 302,\n        headers,\n      });\n    } catch (error) {\n      // Redirect with error (use absolute URL)\n      const errorMessage = encodeURIComponent(error instanceof Error ? error.message : 'Unknown error');\n      return Response.redirect(`${absoluteRedirect}?error=${errorMessage}`, 302);\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/logout\n// ============================================================================\n\nexport const POST_LOGOUT_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/logout',\n  responseType: 'datastream-response',\n  summary: 'Logout',\n  description: 'Destroys the current session and returns logout redirect URL if available.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth) {\n        return new Response(JSON.stringify({ success: true }), {\n          status: 200,\n          headers: { 'Content-Type': 'application/json' },\n        });\n      }\n\n      // Get session ID and destroy it\n      if (implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')) {\n        const sessionId = auth.getSessionIdFromRequest(request);\n        if (sessionId && implementsInterface<ISessionProvider>(auth, 'destroySession')) {\n          await auth.destroySession(sessionId);\n        }\n      }\n\n      // Get logout URL if available\n      let redirectTo: string | undefined;\n      if (implementsInterface<ISSOProvider>(auth, 'getLogoutUrl') && auth.getLogoutUrl) {\n        // Use public origin (respects X-Forwarded-Host behind reverse proxy)\n        const origin = getPublicOrigin(request);\n        const logoutUrl = await auth.getLogoutUrl(origin, request);\n        redirectTo = logoutUrl ?? undefined;\n      }\n\n      // Build response with session clearing headers\n      const headers = new Headers({ 'Content-Type': 'application/json' });\n\n      // Clear session cookie\n      if (implementsInterface<ISessionProvider>(auth, 'getClearSessionHeaders')) {\n        const clearHeaders = auth.getClearSessionHeaders();\n        for (const [key, value] of Object.entries(clearHeaders)) {\n          headers.append(key, value);\n        }\n      }\n\n      return new Response(JSON.stringify({ success: true, redirectTo }), {\n        status: 200,\n        headers,\n      });\n    } catch (error) {\n      return handleError(error, 'Error logging out');\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-in\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_IN_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/credentials/sign-in',\n  responseType: 'datastream-response',\n  bodySchema: credentialsSignInBodySchema,\n  summary: 'Sign in with credentials',\n  description: 'Authenticates a user with email and password.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request, email, password } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signIn')) {\n        throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n      }\n\n      const result = await auth.signIn(email, password, request);\n      const user = result.user as EEUser;\n\n      const responseBody = JSON.stringify({\n        user: {\n          id: user.id,\n          email: user.email,\n          name: user.name,\n          avatarUrl: user.avatarUrl,\n        },\n        token: result.token,\n      });\n\n      // Build response headers, including cookies from the auth provider\n      const headers = new Headers({\n        'Content-Type': 'application/json',\n      });\n\n      // Forward session cookies from the auth provider\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      }\n\n      return new Response(responseBody, { status: 200, headers });\n    } catch (error) {\n      if (error instanceof HTTPException) throw error;\n      // Return a generic error for auth failures to avoid leaking info\n      throw new HTTPException(401, { message: 'Invalid email or password' });\n    }\n  },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-up\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_UP_ROUTE = createPublicRoute({\n  method: 'POST',\n  path: '/auth/credentials/sign-up',\n  responseType: 'datastream-response',\n  bodySchema: credentialsSignUpBodySchema,\n  summary: 'Sign up with credentials',\n  description: 'Creates a new user account with email and password.',\n  tags: ['Auth'],\n  handler: async ctx => {\n    const { mastra, request, email, password, name } = ctx as any;\n\n    try {\n      const auth = getAuthProvider(mastra);\n\n      if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signUp')) {\n        throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n      }\n\n      const result = await auth.signUp(email, password, name, request);\n      const user = result.user as EEUser;\n\n      const responseBody = JSON.stringify({\n        user: {\n          id: user.id,\n          email: user.email,\n          name: user.name,\n          avatarUrl: user.avatarUrl,\n        },\n        token: result.token,\n      });\n\n      // Build response headers, including cookies from the auth provider\n      const headers = new Headers({\n        'Content-Type': 'application/json',\n      });\n\n      // Forward session cookies from the auth provider\n      if (result.cookies?.length) {\n        for (const cookie of result.cookies) {\n          headers.append('Set-Cookie', cookie);\n        }\n      }\n\n      return new Response(responseBody, { status: 200, headers });\n    } catch (error) {\n      if (error instanceof HTTPException) throw error;\n      const mastra = (ctx as any).mastra;\n      mastra?.getLogger?.()?.error('Sign-up error', {\n        error: error instanceof Error ? { message: error.message, stack: error.stack } : error,\n      });\n      throw new HTTPException(400, { message: 'Failed to create account' });\n    }\n  },\n});\n\n// ============================================================================\n// Export all auth routes\n// ============================================================================\n\nexport const AUTH_ROUTES = [\n  GET_AUTH_CAPABILITIES_ROUTE,\n  GET_CURRENT_USER_ROUTE,\n  GET_SSO_LOGIN_ROUTE,\n  GET_SSO_CALLBACK_ROUTE,\n  POST_LOGOUT_ROUTE,\n  POST_CREDENTIALS_SIGN_IN_ROUTE,\n  POST_CREDENTIALS_SIGN_UP_ROUTE,\n] as const;\n"]}