@mastra/server 1.37.2-alpha.1 → 1.38.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (263) hide show
  1. package/CHANGELOG.md +27 -0
  2. package/dist/{api-schema-manifest-T3EB4CNY.cjs → api-schema-manifest-NTI6BMGA.cjs} +4 -4
  3. package/dist/{api-schema-manifest-T3EB4CNY.cjs.map → api-schema-manifest-NTI6BMGA.cjs.map} +1 -1
  4. package/dist/{api-schema-manifest-2HYMISCO.js → api-schema-manifest-SMK2AU2K.js} +3 -3
  5. package/dist/{api-schema-manifest-2HYMISCO.js.map → api-schema-manifest-SMK2AU2K.js.map} +1 -1
  6. package/dist/{chunk-K3A6LAJC.js → chunk-2RPL2SD4.js} +3 -3
  7. package/dist/{chunk-K3A6LAJC.js.map → chunk-2RPL2SD4.js.map} +1 -1
  8. package/dist/{chunk-LOTLWLPW.cjs → chunk-2WUVHTMR.cjs} +8 -8
  9. package/dist/{chunk-LOTLWLPW.cjs.map → chunk-2WUVHTMR.cjs.map} +1 -1
  10. package/dist/{chunk-3NN5XGE3.js → chunk-3BY5DQNJ.js} +3 -3
  11. package/dist/{chunk-3NN5XGE3.js.map → chunk-3BY5DQNJ.js.map} +1 -1
  12. package/dist/{chunk-BKMQJMWE.cjs → chunk-3WDVIQI5.cjs} +8 -8
  13. package/dist/{chunk-BKMQJMWE.cjs.map → chunk-3WDVIQI5.cjs.map} +1 -1
  14. package/dist/{chunk-ZEOCTIOC.cjs → chunk-45FBERPH.cjs} +4 -4
  15. package/dist/{chunk-ZEOCTIOC.cjs.map → chunk-45FBERPH.cjs.map} +1 -1
  16. package/dist/{chunk-U4CV6ZLO.cjs → chunk-47RU2PDP.cjs} +6 -6
  17. package/dist/{chunk-U4CV6ZLO.cjs.map → chunk-47RU2PDP.cjs.map} +1 -1
  18. package/dist/{chunk-EKZHA5NN.cjs → chunk-4XPQN4P7.cjs} +6 -6
  19. package/dist/{chunk-EKZHA5NN.cjs.map → chunk-4XPQN4P7.cjs.map} +1 -1
  20. package/dist/{chunk-SYLOFHAO.js → chunk-67H2ZVCY.js} +3 -3
  21. package/dist/{chunk-SYLOFHAO.js.map → chunk-67H2ZVCY.js.map} +1 -1
  22. package/dist/{chunk-FNWCKWKM.cjs → chunk-6C6357VN.cjs} +28 -28
  23. package/dist/{chunk-FNWCKWKM.cjs.map → chunk-6C6357VN.cjs.map} +1 -1
  24. package/dist/{chunk-XZ2UECF2.cjs → chunk-6TREB46W.cjs} +7 -7
  25. package/dist/{chunk-XZ2UECF2.cjs.map → chunk-6TREB46W.cjs.map} +1 -1
  26. package/dist/{chunk-4RNCG4IX.js → chunk-7BHKKCXR.js} +3 -3
  27. package/dist/{chunk-4RNCG4IX.js.map → chunk-7BHKKCXR.js.map} +1 -1
  28. package/dist/{chunk-GB356XPX.cjs → chunk-7URCFRUA.cjs} +9 -9
  29. package/dist/{chunk-GB356XPX.cjs.map → chunk-7URCFRUA.cjs.map} +1 -1
  30. package/dist/{chunk-5R3TARND.js → chunk-ADHHIBVT.js} +3 -3
  31. package/dist/{chunk-5R3TARND.js.map → chunk-ADHHIBVT.js.map} +1 -1
  32. package/dist/{chunk-M32NLBKC.cjs → chunk-AFIJEXPC.cjs} +8 -8
  33. package/dist/{chunk-M32NLBKC.cjs.map → chunk-AFIJEXPC.cjs.map} +1 -1
  34. package/dist/{chunk-BB3HUXJZ.js → chunk-ASJICIJG.js} +3 -3
  35. package/dist/{chunk-BB3HUXJZ.js.map → chunk-ASJICIJG.js.map} +1 -1
  36. package/dist/{chunk-UC4A4MTE.js → chunk-BPXQ6H4M.js} +5 -5
  37. package/dist/{chunk-UC4A4MTE.js.map → chunk-BPXQ6H4M.js.map} +1 -1
  38. package/dist/{chunk-AYPNWRLX.js → chunk-C63EXUSI.js} +3 -3
  39. package/dist/{chunk-AYPNWRLX.js.map → chunk-C63EXUSI.js.map} +1 -1
  40. package/dist/{chunk-W2LZ3CEY.js → chunk-DIDKRTRL.js} +3 -3
  41. package/dist/{chunk-W2LZ3CEY.js.map → chunk-DIDKRTRL.js.map} +1 -1
  42. package/dist/{chunk-N6DXNOYI.cjs → chunk-DOYJL5FU.cjs} +7 -7
  43. package/dist/{chunk-N6DXNOYI.cjs.map → chunk-DOYJL5FU.cjs.map} +1 -1
  44. package/dist/{chunk-GBVZARVX.cjs → chunk-E2HCNRIW.cjs} +5 -5
  45. package/dist/{chunk-GBVZARVX.cjs.map → chunk-E2HCNRIW.cjs.map} +1 -1
  46. package/dist/{chunk-SG33QRJ5.cjs → chunk-EFRTB4NY.cjs} +7 -7
  47. package/dist/{chunk-SG33QRJ5.cjs.map → chunk-EFRTB4NY.cjs.map} +1 -1
  48. package/dist/{chunk-X3YYLOBX.js → chunk-ENJ5EBYX.js} +3 -3
  49. package/dist/{chunk-X3YYLOBX.js.map → chunk-ENJ5EBYX.js.map} +1 -1
  50. package/dist/{chunk-DNEZDNKB.cjs → chunk-EO76O7VN.cjs} +8 -8
  51. package/dist/{chunk-DNEZDNKB.cjs.map → chunk-EO76O7VN.cjs.map} +1 -1
  52. package/dist/{chunk-V3CFHU42.js → chunk-ERO4DU3A.js} +3 -3
  53. package/dist/{chunk-V3CFHU42.js.map → chunk-ERO4DU3A.js.map} +1 -1
  54. package/dist/{chunk-24Y7CNXL.js → chunk-FE4JF5NQ.js} +3 -3
  55. package/dist/{chunk-24Y7CNXL.js.map → chunk-FE4JF5NQ.js.map} +1 -1
  56. package/dist/{chunk-EIKSVIW3.js → chunk-G3URZMEO.js} +3 -3
  57. package/dist/{chunk-EIKSVIW3.js.map → chunk-G3URZMEO.js.map} +1 -1
  58. package/dist/{chunk-AQIFUFNF.cjs → chunk-G4NJBJR6.cjs} +10 -10
  59. package/dist/{chunk-AQIFUFNF.cjs.map → chunk-G4NJBJR6.cjs.map} +1 -1
  60. package/dist/{chunk-XRQ24547.cjs → chunk-GCNPUEFQ.cjs} +11 -11
  61. package/dist/{chunk-XRQ24547.cjs.map → chunk-GCNPUEFQ.cjs.map} +1 -1
  62. package/dist/{chunk-P2D4FXR3.cjs → chunk-GGVNFPEP.cjs} +35 -35
  63. package/dist/{chunk-P2D4FXR3.cjs.map → chunk-GGVNFPEP.cjs.map} +1 -1
  64. package/dist/{chunk-NWBJNMEH.cjs → chunk-GI452YST.cjs} +10 -10
  65. package/dist/{chunk-NWBJNMEH.cjs.map → chunk-GI452YST.cjs.map} +1 -1
  66. package/dist/{chunk-MSKYP5LL.cjs → chunk-GJOBSWXT.cjs} +8 -8
  67. package/dist/{chunk-MSKYP5LL.cjs.map → chunk-GJOBSWXT.cjs.map} +1 -1
  68. package/dist/{chunk-YVA4JWKW.cjs → chunk-GK5QGY2U.cjs} +9 -9
  69. package/dist/{chunk-YVA4JWKW.cjs.map → chunk-GK5QGY2U.cjs.map} +1 -1
  70. package/dist/{chunk-GXI53DFN.js → chunk-GSDXYEQ2.js} +3 -3
  71. package/dist/{chunk-GXI53DFN.js.map → chunk-GSDXYEQ2.js.map} +1 -1
  72. package/dist/{chunk-CGFMGFKV.js → chunk-HD4L3OTB.js} +3 -3
  73. package/dist/{chunk-CGFMGFKV.js.map → chunk-HD4L3OTB.js.map} +1 -1
  74. package/dist/{chunk-ZAISELX5.cjs → chunk-I3GKDE5U.cjs} +16 -16
  75. package/dist/{chunk-ZAISELX5.cjs.map → chunk-I3GKDE5U.cjs.map} +1 -1
  76. package/dist/{chunk-I6GXKO5J.js → chunk-II252N2R.js} +3 -3
  77. package/dist/{chunk-I6GXKO5J.js.map → chunk-II252N2R.js.map} +1 -1
  78. package/dist/{chunk-MGG34H7P.cjs → chunk-IJTWBES5.cjs} +28 -28
  79. package/dist/{chunk-MGG34H7P.cjs.map → chunk-IJTWBES5.cjs.map} +1 -1
  80. package/dist/{chunk-WII3RU4D.cjs → chunk-IL3PL5CK.cjs} +8 -8
  81. package/dist/{chunk-WII3RU4D.cjs.map → chunk-IL3PL5CK.cjs.map} +1 -1
  82. package/dist/{chunk-75ODZOL7.js → chunk-ILKLHNZ2.js} +4 -4
  83. package/dist/{chunk-75ODZOL7.js.map → chunk-ILKLHNZ2.js.map} +1 -1
  84. package/dist/{chunk-2RLKKAFO.js → chunk-J7IKXSUD.js} +5 -5
  85. package/dist/{chunk-2RLKKAFO.js.map → chunk-J7IKXSUD.js.map} +1 -1
  86. package/dist/{chunk-MN4N5SO4.js → chunk-JDVNE5L6.js} +3 -3
  87. package/dist/{chunk-MN4N5SO4.js.map → chunk-JDVNE5L6.js.map} +1 -1
  88. package/dist/{chunk-EZL3D4PO.js → chunk-JGEAMAAR.js} +3 -3
  89. package/dist/{chunk-EZL3D4PO.js.map → chunk-JGEAMAAR.js.map} +1 -1
  90. package/dist/{chunk-ZHDQZ7TX.js → chunk-JN5MLWWL.js} +4 -4
  91. package/dist/{chunk-ZHDQZ7TX.js.map → chunk-JN5MLWWL.js.map} +1 -1
  92. package/dist/{chunk-22VN45LI.js → chunk-KGI2Z5G6.js} +3 -3
  93. package/dist/{chunk-22VN45LI.js.map → chunk-KGI2Z5G6.js.map} +1 -1
  94. package/dist/{chunk-OJ7J57QX.cjs → chunk-KP544HHJ.cjs} +8 -8
  95. package/dist/{chunk-OJ7J57QX.cjs.map → chunk-KP544HHJ.cjs.map} +1 -1
  96. package/dist/{chunk-PBXPP6LG.js → chunk-KXCQAA6Z.js} +4 -4
  97. package/dist/{chunk-PBXPP6LG.js.map → chunk-KXCQAA6Z.js.map} +1 -1
  98. package/dist/{chunk-O5QFXRHS.cjs → chunk-KZEZESLS.cjs} +32 -32
  99. package/dist/{chunk-O5QFXRHS.cjs.map → chunk-KZEZESLS.cjs.map} +1 -1
  100. package/dist/{chunk-MZRE4VM6.js → chunk-LVRT23UG.js} +3 -3
  101. package/dist/{chunk-MZRE4VM6.js.map → chunk-LVRT23UG.js.map} +1 -1
  102. package/dist/{chunk-X72GZOMH.cjs → chunk-MVSZWYLH.cjs} +8 -8
  103. package/dist/{chunk-X72GZOMH.cjs.map → chunk-MVSZWYLH.cjs.map} +1 -1
  104. package/dist/{chunk-HBOB5WKU.js → chunk-MYZ4OHN5.js} +4 -4
  105. package/dist/{chunk-HBOB5WKU.js.map → chunk-MYZ4OHN5.js.map} +1 -1
  106. package/dist/{chunk-QHZNXZWE.cjs → chunk-P5MREMEQ.cjs} +16 -16
  107. package/dist/{chunk-QHZNXZWE.cjs.map → chunk-P5MREMEQ.cjs.map} +1 -1
  108. package/dist/{chunk-6FHGTYBE.cjs → chunk-PCUFN27M.cjs} +19 -6
  109. package/dist/chunk-PCUFN27M.cjs.map +1 -0
  110. package/dist/{chunk-UNVDPUDB.cjs → chunk-Q4JFPI3A.cjs} +10 -10
  111. package/dist/{chunk-UNVDPUDB.cjs.map → chunk-Q4JFPI3A.cjs.map} +1 -1
  112. package/dist/{chunk-R5LDM3BW.js → chunk-Q6C22MR6.js} +4 -4
  113. package/dist/{chunk-R5LDM3BW.js.map → chunk-Q6C22MR6.js.map} +1 -1
  114. package/dist/{chunk-YEQSLMD7.js → chunk-QAIEHX6F.js} +19 -6
  115. package/dist/chunk-QAIEHX6F.js.map +1 -0
  116. package/dist/{chunk-M3G3V2BR.cjs → chunk-QJWVEYT6.cjs} +5 -5
  117. package/dist/{chunk-M3G3V2BR.cjs.map → chunk-QJWVEYT6.cjs.map} +1 -1
  118. package/dist/{chunk-SGAES7J3.cjs → chunk-QKM4RBJV.cjs} +19 -19
  119. package/dist/{chunk-SGAES7J3.cjs.map → chunk-QKM4RBJV.cjs.map} +1 -1
  120. package/dist/{chunk-FMDGZHMC.cjs → chunk-QPEWKQNM.cjs} +18 -18
  121. package/dist/{chunk-FMDGZHMC.cjs.map → chunk-QPEWKQNM.cjs.map} +1 -1
  122. package/dist/{chunk-GA4BG5JK.js → chunk-RJ5ZIUGX.js} +6 -3
  123. package/dist/chunk-RJ5ZIUGX.js.map +1 -0
  124. package/dist/{chunk-HXIX55Y4.cjs → chunk-S33UKVN3.cjs} +10 -10
  125. package/dist/{chunk-HXIX55Y4.cjs.map → chunk-S33UKVN3.cjs.map} +1 -1
  126. package/dist/{chunk-KOCE23K4.js → chunk-S7IWW3VO.js} +4 -4
  127. package/dist/{chunk-KOCE23K4.js.map → chunk-S7IWW3VO.js.map} +1 -1
  128. package/dist/{chunk-YNSUYESL.cjs → chunk-STZTV4FB.cjs} +6 -2
  129. package/dist/chunk-STZTV4FB.cjs.map +1 -0
  130. package/dist/{chunk-ZBJ23OYY.cjs → chunk-SWSHQBEO.cjs} +10 -10
  131. package/dist/{chunk-ZBJ23OYY.cjs.map → chunk-SWSHQBEO.cjs.map} +1 -1
  132. package/dist/{chunk-WAGWS64X.js → chunk-T2SEXUD2.js} +4 -4
  133. package/dist/{chunk-WAGWS64X.js.map → chunk-T2SEXUD2.js.map} +1 -1
  134. package/dist/{chunk-AGFTSJZC.js → chunk-TRBFFKG2.js} +3 -3
  135. package/dist/{chunk-AGFTSJZC.js.map → chunk-TRBFFKG2.js.map} +1 -1
  136. package/dist/{chunk-CYJSMHDR.js → chunk-UBRFKSS5.js} +3 -3
  137. package/dist/{chunk-CYJSMHDR.js.map → chunk-UBRFKSS5.js.map} +1 -1
  138. package/dist/{chunk-O6TVZ7JM.js → chunk-VDBAUWNQ.js} +4 -4
  139. package/dist/{chunk-O6TVZ7JM.js.map → chunk-VDBAUWNQ.js.map} +1 -1
  140. package/dist/{chunk-4QJDROC2.cjs → chunk-VE5MTFUE.cjs} +4 -4
  141. package/dist/{chunk-4QJDROC2.cjs.map → chunk-VE5MTFUE.cjs.map} +1 -1
  142. package/dist/{chunk-IZZ4ZP3Y.js → chunk-W7FWX7CX.js} +3 -3
  143. package/dist/{chunk-IZZ4ZP3Y.js.map → chunk-W7FWX7CX.js.map} +1 -1
  144. package/dist/{chunk-CKFO7257.js → chunk-WIWN6OMB.js} +4 -4
  145. package/dist/{chunk-CKFO7257.js.map → chunk-WIWN6OMB.js.map} +1 -1
  146. package/dist/{chunk-O7P7DTEU.cjs → chunk-XJ2D3Q5N.cjs} +5 -5
  147. package/dist/{chunk-O7P7DTEU.cjs.map → chunk-XJ2D3Q5N.cjs.map} +1 -1
  148. package/dist/{chunk-PIJ5TCIL.js → chunk-Y34SWG5Z.js} +3 -3
  149. package/dist/{chunk-PIJ5TCIL.js.map → chunk-Y34SWG5Z.js.map} +1 -1
  150. package/dist/chunk-YF6HKXZH.cjs +676 -0
  151. package/dist/{chunk-JEPACCO3.cjs.map → chunk-YF6HKXZH.cjs.map} +1 -1
  152. package/dist/{chunk-YWFPRGMQ.js → chunk-YIVN3ZOC.js} +5 -5
  153. package/dist/{chunk-YWFPRGMQ.js.map → chunk-YIVN3ZOC.js.map} +1 -1
  154. package/dist/{chunk-GBXO223Q.js → chunk-YP5MUBVK.js} +37 -37
  155. package/dist/{chunk-GBXO223Q.js.map → chunk-YP5MUBVK.js.map} +1 -1
  156. package/dist/{chunk-4RR56AIZ.js → chunk-YPX3NQKS.js} +3 -3
  157. package/dist/{chunk-4RR56AIZ.js.map → chunk-YPX3NQKS.js.map} +1 -1
  158. package/dist/{chunk-U4MOTJPV.cjs → chunk-ZDLTWLUP.cjs} +42 -42
  159. package/dist/{chunk-U4MOTJPV.cjs.map → chunk-ZDLTWLUP.cjs.map} +1 -1
  160. package/dist/{chunk-JTMPDRWI.cjs → chunk-ZKYGSYTK.cjs} +9 -9
  161. package/dist/{chunk-JTMPDRWI.cjs.map → chunk-ZKYGSYTK.cjs.map} +1 -1
  162. package/dist/{dist-ATV426A7.cjs → dist-LCJ4JRBS.cjs} +21 -20
  163. package/dist/{dist-ATV426A7.cjs.map → dist-LCJ4JRBS.cjs.map} +1 -1
  164. package/dist/{dist-J3CVGB5Z.js → dist-PAGMKZZS.js} +6 -5
  165. package/dist/{dist-J3CVGB5Z.js.map → dist-PAGMKZZS.js.map} +1 -1
  166. package/dist/docs/SKILL.md +1 -1
  167. package/dist/docs/assets/SOURCE_MAP.json +1 -1
  168. package/dist/{observational-memory-E6F7NKJP-PKPSHYAM.cjs → observational-memory-GE5MP6W7-D7IZHLNF.cjs} +26 -26
  169. package/dist/{observational-memory-E6F7NKJP-PKPSHYAM.cjs.map → observational-memory-GE5MP6W7-D7IZHLNF.cjs.map} +1 -1
  170. package/dist/{observational-memory-E6F7NKJP-3RPCE7MO.js → observational-memory-GE5MP6W7-YNA3UAMY.js} +3 -3
  171. package/dist/{observational-memory-E6F7NKJP-3RPCE7MO.js.map → observational-memory-GE5MP6W7-YNA3UAMY.js.map} +1 -1
  172. package/dist/server/handlers/a2a.cjs +14 -14
  173. package/dist/server/handlers/a2a.js +1 -1
  174. package/dist/server/handlers/agent-builder.cjs +16 -16
  175. package/dist/server/handlers/agent-builder.js +1 -1
  176. package/dist/server/handlers/agent-versions.cjs +8 -8
  177. package/dist/server/handlers/agent-versions.js +1 -1
  178. package/dist/server/handlers/agents.cjs +41 -41
  179. package/dist/server/handlers/agents.js +1 -1
  180. package/dist/server/handlers/auth.cjs +12 -12
  181. package/dist/server/handlers/auth.js +1 -1
  182. package/dist/server/handlers/builder-registry.cjs +6 -6
  183. package/dist/server/handlers/builder-registry.js +1 -1
  184. package/dist/server/handlers/channels.cjs +5 -5
  185. package/dist/server/handlers/channels.js +1 -1
  186. package/dist/server/handlers/conversations.cjs +5 -5
  187. package/dist/server/handlers/conversations.js +1 -1
  188. package/dist/server/handlers/datasets.cjs +26 -26
  189. package/dist/server/handlers/datasets.js +1 -1
  190. package/dist/server/handlers/editor-builder.cjs +5 -5
  191. package/dist/server/handlers/editor-builder.js +1 -1
  192. package/dist/server/handlers/error.cjs +7 -3
  193. package/dist/server/handlers/error.d.ts +13 -2
  194. package/dist/server/handlers/error.d.ts.map +1 -1
  195. package/dist/server/handlers/error.js +1 -1
  196. package/dist/server/handlers/favorites-enrichment.cjs +3 -3
  197. package/dist/server/handlers/favorites-enrichment.js +1 -1
  198. package/dist/server/handlers/logs.cjs +4 -4
  199. package/dist/server/handlers/logs.js +1 -1
  200. package/dist/server/handlers/mcp-client-versions.cjs +8 -8
  201. package/dist/server/handlers/mcp-client-versions.js +1 -1
  202. package/dist/server/handlers/memory.cjs +27 -27
  203. package/dist/server/handlers/memory.js +1 -1
  204. package/dist/server/handlers/observability-new-endpoints.cjs +29 -29
  205. package/dist/server/handlers/observability-new-endpoints.js +1 -1
  206. package/dist/server/handlers/observability.cjs +40 -40
  207. package/dist/server/handlers/observability.js +2 -2
  208. package/dist/server/handlers/processor-providers.cjs +3 -3
  209. package/dist/server/handlers/processor-providers.js +1 -1
  210. package/dist/server/handlers/processors.cjs +4 -4
  211. package/dist/server/handlers/processors.js +1 -1
  212. package/dist/server/handlers/prompt-block-versions.cjs +8 -8
  213. package/dist/server/handlers/prompt-block-versions.js +1 -1
  214. package/dist/server/handlers/responses.cjs +4 -4
  215. package/dist/server/handlers/responses.js +1 -1
  216. package/dist/server/handlers/scorer-versions.cjs +8 -8
  217. package/dist/server/handlers/scorer-versions.js +1 -1
  218. package/dist/server/handlers/scores.cjs +7 -7
  219. package/dist/server/handlers/scores.js +1 -1
  220. package/dist/server/handlers/stored-agent-favorites.cjs +3 -3
  221. package/dist/server/handlers/stored-agent-favorites.js +1 -1
  222. package/dist/server/handlers/stored-agents.cjs +7 -7
  223. package/dist/server/handlers/stored-agents.js +1 -1
  224. package/dist/server/handlers/stored-mcp-clients.cjs +6 -6
  225. package/dist/server/handlers/stored-mcp-clients.js +1 -1
  226. package/dist/server/handlers/stored-prompt-blocks.cjs +6 -6
  227. package/dist/server/handlers/stored-prompt-blocks.js +1 -1
  228. package/dist/server/handlers/stored-scorers.cjs +6 -6
  229. package/dist/server/handlers/stored-scorers.js +1 -1
  230. package/dist/server/handlers/stored-skill-favorites.cjs +3 -3
  231. package/dist/server/handlers/stored-skill-favorites.js +1 -1
  232. package/dist/server/handlers/stored-skills.cjs +7 -7
  233. package/dist/server/handlers/stored-skills.js +1 -1
  234. package/dist/server/handlers/stored-workspaces.cjs +6 -6
  235. package/dist/server/handlers/stored-workspaces.js +1 -1
  236. package/dist/server/handlers/system.cjs +3 -3
  237. package/dist/server/handlers/system.js +1 -1
  238. package/dist/server/handlers/tool-providers.cjs +5 -5
  239. package/dist/server/handlers/tool-providers.js +1 -1
  240. package/dist/server/handlers/tools.cjs +6 -6
  241. package/dist/server/handlers/tools.js +1 -1
  242. package/dist/server/handlers/vector.cjs +16 -16
  243. package/dist/server/handlers/vector.js +1 -1
  244. package/dist/server/handlers/workflows.cjs +26 -26
  245. package/dist/server/handlers/workflows.js +1 -1
  246. package/dist/server/handlers/workspace.cjs +26 -26
  247. package/dist/server/handlers/workspace.js +1 -1
  248. package/dist/server/handlers.cjs +32 -28
  249. package/dist/server/handlers.d.ts +1 -1
  250. package/dist/server/handlers.d.ts.map +1 -1
  251. package/dist/server/handlers.js +14 -14
  252. package/dist/server/server-adapter/index.cjs +19 -15
  253. package/dist/server/server-adapter/index.cjs.map +1 -1
  254. package/dist/server/server-adapter/index.d.ts +1 -0
  255. package/dist/server/server-adapter/index.d.ts.map +1 -1
  256. package/dist/server/server-adapter/index.js +4 -3
  257. package/dist/server/server-adapter/index.js.map +1 -1
  258. package/package.json +6 -6
  259. package/dist/chunk-6FHGTYBE.cjs.map +0 -1
  260. package/dist/chunk-GA4BG5JK.js.map +0 -1
  261. package/dist/chunk-JEPACCO3.cjs +0 -676
  262. package/dist/chunk-YEQSLMD7.js.map +0 -1
  263. package/dist/chunk-YNSUYESL.cjs.map +0 -1
package/dist/{chunk-MSKYP5LL.cjs.map → chunk-GJOBSWXT.cjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server/schemas/builder-registry.ts","../src/server/handlers/builder-registry.ts"],"names":["z","HTTPException","assertSafeFilePath","createRoute","handleError","skillsShSearchResponseSchema","searchSkillsSh","skillsShListResponseSchema","getPopularSkillsSh","skillsShPreviewResponseSchema","previewSkillsSh","fetchSkillFiles","assertSafeSkillName","toSlug","getCallerAuthorId"],"mappings":";;;;;;;;;;;AAuBO,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,IAAIA,IAAA,CAAE,OAAA,CAAQ,WAAW,CAAA,CAAE,SAAS,4BAA4B,CAAA;AAAA,EAChE,OAAA,EAASA,IAAA,CAAE,OAAA,EAAQ,CAAE,SAAS,4DAA4D,CAAA;AAAA,EAC1F,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8BAA8B;AAC3D,CAAC,CAAA;AAGM,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EACtD,UAAA,EAAYA,IAAA,CAAE,KAAA,CAAM,0BAA0B;AAChD,CAAC,CAAA;AAOM,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EAChD,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wCAAwC;AAC1E,CAAC,CAAA;AAEM,IAAM,gCAAA,GAAmCA,KAAE,MAAA,CAAO;AAAA,EACvD,CAAA,EAAGA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,cAAc,CAAA;AAAA,EACrC,OAAOA,IAAA,CAAE,MAAA,CAAO,QAAO,CAAE,GAAA,GAAM,GAAA,CAAI,CAAC,EAAE,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS,CAAE,QAAQ,EAAE,CAAA,CAAE,SAAS,mCAAmC;AACpH,CAAC,CAAA;AAEM,IAAM,iCAAA,GAAoCA,KAC9C,MAAA,CAAO;AAAA,EACN,OAAOA,IAAA,CAAE,MAAA,CAAO,QAAO,CAAE,GAAA,GAAM,GAAA,CAAI,CAAC,EAAE,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS,CAAE,QAAQ,EAAE,CAAA,CAAE,SAAS,mCAAmC,CAAA;AAAA,EAClH,QAAQA,IAAA,CAAE,MAAA,CACP,MAAA,EAAO,CACP,KAAI,CACJ,GAAA,CAAI,CAAC,CAAA,CACL,UAAS,CACT,OAAA,CAAQ,CAAC,CAAA,CACT,SAAS,uDAAuD;AACrE,CAAC,EACA,MAAA,CAAO,CAAA,IAAA,KAAQ,KAAK,MAAA,GAAS,IAAA,CAAK,UAAU,CAAA,EAAG;AAAA,EAC9C,OAAA,EAAS,6EAAA;AAAA,EACT,IAAA,EAAM,CAAC,QAAQ;AACjB,CAAC,CAAA;AAEI,IAAM,iCAAA,GAAoCA,KAAE,MAAA,CAAO;AAAA,EACxD,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB,CAAA;AAAA,EACpD,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wBAAwB,CAAA;AAAA,EAClD,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wBAAwB;AACpD,CAAC,CAAA;AAYM,IAAM,gCAAA,GAAmCA,KAAE,MAAA,CAAO;AAAA,EACvD,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB,CAAA;AAAA,EACpD,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wBAAwB,CAAA;AAAA,EAClD,SAAA,EAAWA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8BAA8B,CAAA;AAAA,EAC7D,UAAA,EAAYA,IAAA,CAAE,IAAA,CAAK,CAAC,SAAA,EAAW,QAAQ,CAAC,CAAA,CAAE,QAAA,EAAS,CAAE,QAAA,CAAS,qCAAqC;AACrG,CAAC,CAAA;AAGM,IAAM,oCAAA,GAAuCA,KAAE,MAAA,CAAO;AAAA,EAC3D,aAAA,EAAeA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,sCAAsC,CAAA;AAAA,EACzE,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,qBAAqB,CAAA;AAAA,EAC/C,YAAA,EAAcA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8DAA8D;AAClG,CAAC,CAAA;;;AC3CD,IAAM,eAAA,GAA0C;AAAA,EAC9C,WAAA,EAAa;AACf,CAAA;AAcA,eAAe,kBAAkB,MAAA,EAA2C;AAC1E,EAAA,MAAM,MAAA,GAAS,OAAO,SAAA,EAAU;AAChC,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,CAAO,mBAAmB,UAAA,EAAY;AAC1D,IAAA,OAAO,CAAC,EAAE,EAAA,EAAI,WAAA,EAAa,OAAA,EAAS,OAAO,KAAA,EAAO,eAAA,CAAgB,WAAW,CAAA,EAAI,CAAA;AAAA,EACnF;AACA,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,EAAA,MAAM,UAAA,GAAa,SAAS,aAAA,IAAgB;AAC5C,EAAA,OAAO;AAAA,IACL;AAAA,MACE,EAAA,EAAI,WAAA;AAAA,MACJ,OAAA,EAAS,UAAA,EAAY,QAAA,EAAU,OAAA,KAAY,IAAA;AAAA,MAC3C,KAAA,EAAO,gBAAgB,WAAW;AAAA;AACpC,GACF;AACF;AAMA,eAAe,sBAAA,CAAuB,QAAgB,UAAA,EAAmC;AACvF,EAAA,MAAM,IAAA,GAAO,MAAM,iBAAA,CAAkB,MAAM,CAAA;AAC3C,EAAA,MAAM,QAAQ,IAAA,CAAK,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,OAAO,UAAU,CAAA;AAChD,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,KAAA,CAAM,OAAA,EAAS;AAC5B,IAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,EAChE;AACF;AAaA,SAAS,cACP,KAAA,EACwB;AACxB,EAAA,MAAM,OAA+B,EAAC;AAEtC,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,QAAA,GAAWC,oCAAA,CAAmB,IAAA,CAAK,IAAI,CAAA;AAC7C,IAAA,MAAM,WAAW,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,OAAO,CAAA;AACnD,IAAA,IAAI,QAAA,CAAS,WAAW,CAAA,EAAG;AAE3B,IAAA,IAAI,MAAA,GAAS,IAAA;AACb,IAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,MAAA,GAAS,GAAG,CAAA,EAAA,EAAK;AAC5C,MAAA,MAAM,OAAA,GAAU,SAAS,CAAC,CAAA;AAC1B,MAAA,IAAI,MAAA,GAAS,OAAO,IAAA,CAAK,CAAA,IAAA,KAAQ,KAAK,IAAA,KAAS,QAAA,IAAY,IAAA,CAAK,IAAA,KAAS,OAAO,CAAA;AAChF,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAA,GAAS,EAAE,IAAA,EAAM,OAAA,EAAS,MAAM,QAAA,EAAU,QAAA,EAAU,EAAC,EAAE;AACvD,QAAA,MAAA,CAAO,KAAK,MAAM,CAAA;AAAA,MACpB;AACA,MAAA,IAAI,CAAC,MAAA,CAAO,QAAA,EAAU,MAAA,CAAO,WAAW,EAAC;AACzC,MAAA,MAAA,GAAS,MAAA,CAAO,QAAA;AAAA,IAClB;AAEA,IAAA,MAAM,QAAA,GAAW,QAAA,CAAS,QAAA,CAAS,MAAA,GAAS,CAAC,CAAA;AAC7C,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,QAAA,KAAa,QAAA,GAAW,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,OAAA,EAAS,QAAQ,CAAA,CAAE,QAAA,CAAS,OAAO,IAAI,IAAA,CAAK,OAAA;AAC1G,IAAA,MAAA,CAAO,KAAK,EAAE,IAAA,EAAM,UAAU,IAAA,EAAM,MAAA,EAAQ,SAAS,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,IAAA;AACT;AAqBA,SAAS,mBACP,KAAA,EAC4B;AAC5B,EAAA,MAAM,UAAU,KAAA,CAAM,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,UAAU,CAAA;AACrD,EAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AAErB,EAAA,MAAM,GAAA,GACJ,OAAA,CAAQ,QAAA,KAAa,QAAA,GAAW,MAAA,CAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,EAAS,QAAQ,CAAA,CAAE,QAAA,CAAS,OAAO,IAAI,OAAA,CAAQ,OAAA;AAErG,EAAA,MAAM,OAAA,GAAU,GAAA,CAAI,KAAA,CAAM,6CAA6C,CAAA;AACvE,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,EAAE,YAAA,EAAc,GAAA,CAAI,IAAA,EAAK,EAAE;AAAA,EACpC;AAEA,EAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,CAAC,CAAA,IAAK,EAAA;AAC9B,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,CAAC,CAAA,IAAK,EAAA;AAC3B,EAAA,MAAM,cAAsC,EAAC;AAC7C,EAAA,KAAA,MAAW,IAAA,IAAQ,OAAA,CAAQ,KAAA,CAAM,OAAO,CAAA,EAAG;AACzC,IAAA,MAAM,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,+BAA+B,CAAA;AACpD,IAAA,IAAI,CAAC,CAAA,EAAG;AACR,IAAA,MAAM,GAAA,GAAM,EAAE,CAAC,CAAA;AACf,IAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,CAAC,CAAA,IAAK,EAAA;AACtB,IAAA,IAAI,CAAC,GAAA,EAAK;AAGV,IAAA,WAAA,CAAY,GAAG,CAAA,GAAI,KAAA,CAAM,MAAK,CAAE,OAAA,CAAQ,kBAAkB,IAAI,CAAA;AAAA,EAChE;AAEA,EAAA,OAAO;AAAA,IACL,MAAM,WAAA,CAAY,IAAA;AAAA,IAClB,aAAa,WAAA,CAAY,WAAA;AAAA,IACzB,YAAA,EAAc,KAAK,IAAA;AAAK,GAC1B;AACF;AAaO,IAAM,gCAAgCC,6BAAA,CAAY;AAAA,EACvD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,4BAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,+BAAA;AAAA,EAChB,OAAA,EAAS,iCAAA;AAAA,EACT,WAAA,EAAa,2EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAQ,CAAA;AAAA,EACf,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,iBAAA,CAAkB,MAAM,CAAA;AACjD,MAAA,OAAO,EAAE,UAAA,EAAW;AAAA,IACtB,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,kCAAkC,CAAA;AAAA,IAC9D;AAAA,EACF;AACF,CAAC;AAQM,IAAM,gCAAgCD,6BAAA,CAAY;AAAA,EACvD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,+CAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,gBAAA,EAAkB,gCAAA;AAAA,EAClB,cAAA,EAAgBE,8CAAA;AAAA,EAChB,OAAA,EAAS,6BAAA;AAAA,EACT,WAAA,EAAa,2EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,QAAQ,CAAA;AAAA,EACzB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,SAAS,OAAO,EAAE,QAAQ,UAAA,EAAY,CAAA,EAAG,OAAM,KAAM;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,sBAAA,CAAuB,QAAQ,UAAU,CAAA;AAC/C,MAAA,OAAO,MAAMC,gCAAA,CAAe,EAAE,CAAA,EAAG,OAAO,CAAA;AAAA,IAC1C,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBL,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOG,6BAAA,CAAY,OAAO,0BAA0B,CAAA;AAAA,IACtD;AAAA,EACF;AACF,CAAC;AAOM,IAAM,iCAAiCD,6BAAA,CAAY;AAAA,EACxD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,gDAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,gBAAA,EAAkB,iCAAA;AAAA,EAClB,cAAA,EAAgBI,4CAAA;AAAA,EAChB,OAAA,EAAS,oCAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,QAAQ,CAAA;AAAA,EACzB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,SAAS,OAAO,EAAE,QAAQ,UAAA,EAAY,KAAA,EAAO,QAAO,KAAM;AACxD,IAAA,IAAI;AACF,MAAA,MAAM,sBAAA,CAAuB,QAAQ,UAAU,CAAA;AAC/C,MAAA,OAAO,MAAMC,oCAAA,CAAmB,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,IACnD,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBP,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOG,6BAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAOM,IAAM,iCAAiCD,6BAAA,CAAY;AAAA,EACxD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,gDAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,gBAAA,EAAkB,iCAAA;AAAA,EAClB,cAAA,EAAgBM,+CAAA;AAAA,EAChB,OAAA,EAAS,iCAAA;AAAA,EACT,WAAA,EAAa,6EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,QAAQ,CAAA;AAAA,EACzB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,YAAY,KAAA,EAAO,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU,KAAM;AACvE,IAAA,IAAI;AACF,MAAA,MAAM,sBAAA,CAAuB,QAAQ,UAAU,CAAA;AAC/C,MAAA,OAAO,MAAMC,iCAAA,CAAgB,EAAE,KAAA,EAAO,IAAA,EAAM,WAAW,CAAA;AAAA,IACzD,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBT,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOG,6BAAA,CAAY,OAAO,8BAA8B,CAAA;AAAA,IAC1D;AAAA,EACF;AACF,CAAC;AAeM,IAAM,iCAAiCD,6BAAA,CAAY;AAAA,EACxD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,gDAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,UAAA,EAAY,gCAAA;AAAA,EACZ,cAAA,EAAgB,oCAAA;AAAA,EAChB,OAAA,EAAS,6CAAA;AAAA,EACT,WAAA,EAAa,qFAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,QAAQ,CAAA;AAAA,EACzB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,qBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,UAAA,EAAY,KAAA,EAAO,IAAA,EAAM,SAAA,EAAW,UAAA,EAAY,cAAA,EAAe,KAAM;AAC7G,IAAA,IAAI;AACF,MAAA,MAAM,sBAAA,CAAuB,QAAQ,UAAU,CAAA;AAE/C,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,MAAM,IAAIF,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,MACvE;AACA,MAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAClD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,0CAA0C,CAAA;AAAA,MACpF;AAGA,MAAA,MAAM,MAAA,GAAS,MAAMU,iCAAA,CAAgB,KAAA,EAAO,MAAM,SAAS,CAAA;AAC3D,MAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,KAAA,CAAM,WAAW,CAAA,EAAG;AACxC,QAAA,MAAM,IAAIV,gCAAc,GAAA,EAAK;AAAA,UAC3B,SAAS,CAAA,sBAAA,EAAyB,SAAS,CAAA,KAAA,EAAQ,KAAK,IAAI,IAAI,CAAA,CAAA;AAAA,SACjE,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,WAAA,GAAcW,qCAAA,CAAoB,MAAA,CAAO,OAAO,CAAA;AACtD,MAAA,MAAM,KAAA,GAAQ,aAAA,CAAc,MAAA,CAAO,KAAK,CAAA;AAOxC,MAAA,MAAM,QAAA,GAAW,kBAAA,CAAmB,MAAA,CAAO,KAAK,CAAA;AAEhD,MAAA,MAAM,YAAA,GAAe,UAAU,IAAA,IAAQ,WAAA;AACvC,MAAA,MAAM,cAAc,QAAA,EAAU,WAAA,IAAe,CAAA,cAAA,EAAiB,KAAK,IAAI,IAAI,CAAA,CAAA;AAC3E,MAAA,MAAM,EAAA,GAAKC,wBAAA,CAAO,YAAY,CAAA,IAAK,WAAA;AAEnC,MAAA,IAAI,CAAC,EAAA,EAAI;AACP,QAAA,MAAM,IAAIZ,gCAAc,GAAA,EAAK;AAAA,UAC3B,OAAA,EAAS;AAAA,SACV,CAAA;AAAA,MACH;AAGA,MAAA,MAAM,QAAA,GAAW,MAAM,UAAA,CAAW,OAAA,CAAQ,EAAE,CAAA;AAC5C,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,MAAM,IAAIA,gCAAc,GAAA,EAAK;AAAA,UAC3B,OAAA,EAAS,kBAAkB,EAAE,CAAA,iBAAA,CAAA;AAAA;AAAA,UAE7B,KAAA,EAAO,EAAE,aAAA,EAAe,EAAA;AAAG,SAC5B,CAAA;AAAA,MACH;AAGA,MAAA,MAAM,QAAA,GAAWa,mCAAA,CAAkB,cAAc,CAAA,IAAK,MAAA;AACtD,MAAA,MAAM,UAAA,GAAmC,QAAA,GAAY,cAAA,IAAkB,SAAA,GAAa,QAAA;AAOpF,MAAA,MAAM,eAAe,QAAA,EAAU,YAAA,EAAc,IAAA,EAAK,GAAI,SAAS,YAAA,GAAe,WAAA;AAE9E,MAAA,MAAM,WAAW,MAAA,CAAO;AAAA,QACtB,KAAA,EAAO;AAAA,UACL,EAAA;AAAA,UACA,QAAA;AAAA,UACA,UAAA;AAAA,UACA,IAAA,EAAM,YAAA;AAAA,UACN,WAAA;AAAA,UACA,YAAA;AAAA,UACA,KAAA;AAAA,UACA,QAAA,EAAU;AAAA,YACR,MAAA,EAAQ;AAAA,cACN,IAAA,EAAM,WAAA;AAAA,cACN,KAAA;AAAA,cACA,IAAA;AAAA,cACA;AAAA;AACF;AACF;AACF,OACD,CAAA;AAED,MAAA,OAAO;AAAA,QACL,aAAA,EAAe,EAAA;AAAA,QACf,IAAA,EAAM,YAAA;AAAA,QACN,YAAA,EAAc,OAAO,KAAA,CAAM;AAAA,OAC7B;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBb,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOG,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC","file":"chunk-MSKYP5LL.cjs","sourcesContent":["/**\n * Builder Registry Schemas\n *\n * Schemas for the Agent Builder skill registry routes. These are distinct from\n * the workspace skills.sh proxy schemas because:\n * - Builder routes are not scoped to a workspace.\n * - Builder install does not accept a `mount` field.\n * - Builder install body carries visibility + the resolved registry id.\n * - Builder install response returns the created stored skill id.\n *\n * The upstream skills.sh proxy response shapes are reused via the shared\n * `skillsShSearchResponseSchema`, `skillsShListResponseSchema`, and\n * `skillsShPreviewResponseSchema` since the wire shape from skills.sh is\n * registry-independent.\n */\n\nimport { z } from 'zod/v4';\n\n// =============================================================================\n// Registry list\n// =============================================================================\n\n/** Single entry in the registries list. */\nexport const builderRegistryEntrySchema = z.object({\n id: z.literal('skills-sh').describe('Stable registry identifier'),\n enabled: z.boolean().describe('Whether this registry is enabled in the running deployment'),\n label: z.string().describe('Human-readable registry name'),\n});\n\n/** Response for `GET /editor/builder/registries`. */\nexport const builderRegistriesResponseSchema = z.object({\n registries: z.array(builderRegistryEntrySchema),\n});\n\n// =============================================================================\n// Search / popular / preview\n// =============================================================================\n\n/** Path params used by every per-registry route. */\nexport const builderRegistryPathParams = z.object({\n registryId: z.string().describe('Registry identifier (e.g. \"skills-sh\")'),\n});\n\nexport const builderRegistrySearchQuerySchema = z.object({\n q: z.string().describe('Search query'),\n limit: z.coerce.number().int().min(1).max(100).optional().default(10).describe('Maximum number of results (1-100)'),\n});\n\nexport const builderRegistryPopularQuerySchema = z\n .object({\n limit: z.coerce.number().int().min(1).max(100).optional().default(10).describe('Maximum number of results (1-100)'),\n offset: z.coerce\n .number()\n .int()\n .min(0)\n .optional()\n .default(0)\n .describe('Offset for pagination (must be a multiple of `limit`)'),\n })\n .refine(args => args.offset % args.limit === 0, {\n message: 'offset must be a multiple of limit (the upstream registry pages by `limit`)',\n path: ['offset'],\n });\n\nexport const builderRegistryPreviewQuerySchema = z.object({\n owner: z.string().describe('GitHub repository owner'),\n repo: z.string().describe('GitHub repository name'),\n path: z.string().describe('Skill name within repo'),\n});\n\n// =============================================================================\n// Install\n// =============================================================================\n\n/**\n * Body for `POST /editor/builder/registries/:registryId/install`.\n *\n * Visibility behaves like the standard stored-skill create flow: optional,\n * defaults to private when the caller is authenticated.\n */\nexport const builderRegistryInstallBodySchema = z.object({\n owner: z.string().describe('GitHub repository owner'),\n repo: z.string().describe('GitHub repository name'),\n skillName: z.string().describe('Skill name from the registry'),\n visibility: z.enum(['private', 'public']).optional().describe('Visibility for the new stored skill'),\n});\n\n/** Response for the install route. Mirrors stored-skill identity fields. */\nexport const builderRegistryInstallResponseSchema = z.object({\n storedSkillId: z.string().describe('Id of the newly created stored skill'),\n name: z.string().describe('Resolved skill name'),\n filesWritten: z.number().describe('Number of files materialized into the skill version snapshot'),\n});\n\nexport type BuilderRegistryEntry = z.infer<typeof builderRegistryEntrySchema>;\nexport type BuilderRegistriesResponse = z.infer<typeof builderRegistriesResponseSchema>;\nexport type BuilderRegistryInstallBody = z.infer<typeof builderRegistryInstallBodySchema>;\nexport type BuilderRegistryInstallResponse = z.infer<typeof builderRegistryInstallResponseSchema>;\n","/**\n * Builder Registry Handlers\n *\n * Routes that let admins browse and install skills from configured external\n * registries (currently just skills.sh) directly into the Builder's stored\n * skills DB. Distinct from the workspace skills.sh routes, which write to a\n * workspace filesystem and never touch storage.\n *\n * Registry availability is driven by `AgentBuilderOptions.registries`. When\n * the requested registry is disabled (or the builder is missing entirely),\n * the routes 404 instead of leaking the surface.\n */\n\nimport type { Mastra } from '@mastra/core';\nimport type { StorageSkillFileNode } from '@mastra/core/storage';\n\nimport { HTTPException } from '../http-exception';\nimport {\n builderRegistriesResponseSchema,\n builderRegistryInstallBodySchema,\n builderRegistryInstallResponseSchema,\n builderRegistryPathParams,\n builderRegistryPopularQuerySchema,\n builderRegistryPreviewQuerySchema,\n builderRegistrySearchQuerySchema,\n} from '../schemas/builder-registry';\nimport {\n skillsShListResponseSchema,\n skillsShPreviewResponseSchema,\n skillsShSearchResponseSchema,\n} from '../schemas/workspace';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { toSlug } from '../utils';\nimport { getCallerAuthorId } from './authorship';\nimport { handleError } from './error';\nimport {\n assertSafeFilePath,\n assertSafeSkillName,\n fetchSkillFiles,\n getPopularSkillsSh,\n previewSkillsSh,\n searchSkillsSh,\n} from './skills-sh-shared';\n\n// =============================================================================\n// Registry resolution\n// =============================================================================\n\n/** Stable identifiers + display labels for every supported registry. */\nconst REGISTRY_LABELS: Record<string, string> = {\n 'skills-sh': 'skills.sh',\n};\n\ninterface RegistryStatus {\n id: 'skills-sh';\n enabled: boolean;\n label: string;\n}\n\n/**\n * Resolve which registries are enabled for the running deployment by reading\n * the builder's `registries` config. Returns a list with all known registries\n * (so the frontend can render an empty/disabled state) plus their enabled\n * flag.\n */\nasync function resolveRegistries(mastra: Mastra): Promise<RegistryStatus[]> {\n const editor = mastra.getEditor();\n if (!editor || typeof editor.resolveBuilder !== 'function') {\n return [{ id: 'skills-sh', enabled: false, label: REGISTRY_LABELS['skills-sh']! }];\n }\n const builder = await editor.resolveBuilder();\n const registries = builder?.getRegistries?.();\n return [\n {\n id: 'skills-sh',\n enabled: registries?.skillsSh?.enabled === true,\n label: REGISTRY_LABELS['skills-sh']!,\n },\n ];\n}\n\n/**\n * Hard-gate: throws 404 when the requested registry is unknown or disabled.\n * Mirrors `requireBuilderFeature` semantics — no surface leak for OFF registries.\n */\nasync function requireEnabledRegistry(mastra: Mastra, registryId: string): Promise<void> {\n const list = await resolveRegistries(mastra);\n const match = list.find(r => r.id === registryId);\n if (!match || !match.enabled) {\n throw new HTTPException(404, { message: 'Registry not found' });\n }\n}\n\n// =============================================================================\n// File-tree helpers\n// =============================================================================\n\n/**\n * Convert a flat list of `{ path, content, encoding }` entries into the\n * `StorageSkillFileNode` tree shape expected by the stored-skills create path.\n *\n * Each path is validated via `assertSafeFilePath` to prevent traversal from\n * upstream-controlled responses. Folder nodes are created on demand.\n */\nfunction buildFileTree(\n files: Array<{ path: string; content: string; encoding: 'utf-8' | 'base64' }>,\n): StorageSkillFileNode[] {\n const root: StorageSkillFileNode[] = [];\n\n for (const file of files) {\n const safePath = assertSafeFilePath(file.path);\n const segments = safePath.split('/').filter(Boolean);\n if (segments.length === 0) continue;\n\n let cursor = root;\n for (let i = 0; i < segments.length - 1; i++) {\n const segment = segments[i]!;\n let folder = cursor.find(node => node.type === 'folder' && node.name === segment);\n if (!folder) {\n folder = { name: segment, type: 'folder', children: [] };\n cursor.push(folder);\n }\n if (!folder.children) folder.children = [];\n cursor = folder.children;\n }\n\n const fileName = segments[segments.length - 1]!;\n const content = file.encoding === 'base64' ? Buffer.from(file.content, 'base64').toString('utf-8') : file.content;\n cursor.push({ name: fileName, type: 'file', content });\n }\n\n return root;\n}\n\n/**\n * Locally-bound SKILL.md frontmatter parser.\n *\n * Mirrors `parseSkillSnapshotFromFiles` from `@mastra/core/workspace`, but\n * inlined here because the server package's `@mastra/core` peer floor\n * (>=1.32.0) predates that helper. Once the floor is bumped to a release\n * containing the helper, this can be replaced by the shared core import.\n *\n * Only SKILL.md is consulted — frontmatter is split from the body using a\n * minimal YAML key:value reader sufficient for the fields registries\n * actually use (name, description). The body is everything after the\n * second `---` line, trimmed.\n */\ntype ParsedSkillSnapshot = {\n name?: string;\n description?: string;\n instructions: string;\n};\n\nfunction parseSkillSnapshot(\n files: Array<{ path: string; content: string; encoding: 'utf-8' | 'base64' }>,\n): ParsedSkillSnapshot | null {\n const skillMd = files.find(f => f.path === 'SKILL.md');\n if (!skillMd) return null;\n\n const raw =\n skillMd.encoding === 'base64' ? Buffer.from(skillMd.content, 'base64').toString('utf-8') : skillMd.content;\n\n const fmMatch = raw.match(/^---\\r?\\n([\\s\\S]*?)\\r?\\n---\\r?\\n?([\\s\\S]*)$/);\n if (!fmMatch) {\n return { instructions: raw.trim() };\n }\n\n const fmBlock = fmMatch[1] ?? '';\n const body = fmMatch[2] ?? '';\n const frontmatter: Record<string, string> = {};\n for (const line of fmBlock.split(/\\r?\\n/)) {\n const m = line.match(/^([A-Za-z0-9_-]+)\\s*:\\s*(.*)$/);\n if (!m) continue;\n const key = m[1];\n const value = m[2] ?? '';\n if (!key) continue;\n // Strip surrounding quotes, leave the rest as-is. Registry SKILL.md\n // frontmatter is consistently flat string fields in practice.\n frontmatter[key] = value.trim().replace(/^[\"'](.*)[\"']$/, '$1');\n }\n\n return {\n name: frontmatter.name,\n description: frontmatter.description,\n instructions: body.trim(),\n };\n}\n\n// =============================================================================\n// Routes\n// =============================================================================\n\n/**\n * GET /editor/builder/registries\n *\n * Lists every known registry and whether it's enabled in this deployment.\n * Used by the Builder UI to decide whether to show the \"Browse registry\"\n * entry point at all.\n */\nexport const LIST_BUILDER_REGISTRIES_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/registries',\n responseType: 'json',\n responseSchema: builderRegistriesResponseSchema,\n summary: 'List available skill registries',\n description: 'Returns the configured external skill registries and their enabled state.',\n tags: ['Editor'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:read',\n handler: async ({ mastra }) => {\n try {\n const registries = await resolveRegistries(mastra);\n return { registries };\n } catch (error) {\n return handleError(error, 'Error listing builder registries');\n }\n },\n});\n\n/**\n * GET /editor/builder/registries/:registryId/search\n *\n * Proxies a search query to the underlying registry. Currently only\n * registryId=\"skills-sh\" is supported.\n */\nexport const BUILDER_REGISTRY_SEARCH_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/registries/:registryId/search',\n responseType: 'json',\n pathParamSchema: builderRegistryPathParams,\n queryParamSchema: builderRegistrySearchQuerySchema,\n responseSchema: skillsShSearchResponseSchema,\n summary: 'Search skills in a registry',\n description: 'Proxies a search request to the configured registry to avoid CORS issues.',\n tags: ['Editor', 'Skills'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:read',\n handler: async ({ mastra, registryId, q, limit }) => {\n try {\n await requireEnabledRegistry(mastra, registryId);\n return await searchSkillsSh({ q, limit });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error searching registry');\n }\n },\n});\n\n/**\n * GET /editor/builder/registries/:registryId/popular\n *\n * Returns the most popular skills in a registry.\n */\nexport const BUILDER_REGISTRY_POPULAR_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/registries/:registryId/popular',\n responseType: 'json',\n pathParamSchema: builderRegistryPathParams,\n queryParamSchema: builderRegistryPopularQuerySchema,\n responseSchema: skillsShListResponseSchema,\n summary: 'Get popular skills from a registry',\n description: 'Proxies a popular-skills request to the configured registry to avoid CORS issues.',\n tags: ['Editor', 'Skills'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:read',\n handler: async ({ mastra, registryId, limit, offset }) => {\n try {\n await requireEnabledRegistry(mastra, registryId);\n return await getPopularSkillsSh({ limit, offset });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error fetching popular skills');\n }\n },\n});\n\n/**\n * GET /editor/builder/registries/:registryId/preview\n *\n * Returns the rendered SKILL.md content for a single skill in the registry.\n */\nexport const BUILDER_REGISTRY_PREVIEW_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/registries/:registryId/preview',\n responseType: 'json',\n pathParamSchema: builderRegistryPathParams,\n queryParamSchema: builderRegistryPreviewQuerySchema,\n responseSchema: skillsShPreviewResponseSchema,\n summary: 'Preview a skill from a registry',\n description: 'Fetches the SKILL.md content for a single skill in the configured registry.',\n tags: ['Editor', 'Skills'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:read',\n handler: async ({ mastra, registryId, owner, repo, path: skillName }) => {\n try {\n await requireEnabledRegistry(mastra, registryId);\n return await previewSkillsSh({ owner, repo, skillName });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error fetching skill preview');\n }\n },\n});\n\n/**\n * POST /editor/builder/registries/:registryId/install\n *\n * Fetches the full file tree for a skill from the registry, parses the\n * SKILL.md frontmatter for name/description, and persists everything as a\n * new stored skill. The registry origin is recorded under `metadata.origin`\n * so the UI can surface \"imported from skills.sh\" badges and re-resolve the\n * source later.\n *\n * Collisions (a stored skill with the derived id already exists) return 409\n * so the UI can offer an \"Open existing\" link instead of silently\n * overwriting.\n */\nexport const BUILDER_REGISTRY_INSTALL_ROUTE = createRoute({\n method: 'POST',\n path: '/editor/builder/registries/:registryId/install',\n responseType: 'json',\n pathParamSchema: builderRegistryPathParams,\n bodySchema: builderRegistryInstallBodySchema,\n responseSchema: builderRegistryInstallResponseSchema,\n summary: 'Install a registry skill into stored skills',\n description: 'Fetches a skill from the configured registry and persists it as a new stored skill.',\n tags: ['Editor', 'Skills'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:write',\n handler: async ({ mastra, requestContext, registryId, owner, repo, skillName, visibility: bodyVisibility }) => {\n try {\n await requireEnabledRegistry(mastra, registryId);\n\n const storage = mastra.getStorage();\n if (!storage) {\n throw new HTTPException(500, { message: 'Storage is not configured' });\n }\n const skillStore = await storage.getStore('skills');\n if (!skillStore) {\n throw new HTTPException(500, { message: 'Skills storage domain is not available' });\n }\n\n // Pull files from the registry\n const result = await fetchSkillFiles(owner, repo, skillName);\n if (!result || result.files.length === 0) {\n throw new HTTPException(404, {\n message: `Could not find skill \"${skillName}\" in ${owner}/${repo}.`,\n });\n }\n\n const safeSkillId = assertSafeSkillName(result.skillId);\n const files = buildFileTree(result.files);\n\n // Parse SKILL.md frontmatter into structured fields. Splitting\n // frontmatter (name/description) from the markdown body keeps the\n // body as the agent-facing `instructions` instead of polluting it\n // with raw YAML metadata. SKILL.md missing or unparseable simply\n // yields a null snapshot — registry-provided values then fill in.\n const snapshot = parseSkillSnapshot(result.files);\n\n const resolvedName = snapshot?.name ?? safeSkillId;\n const description = snapshot?.description ?? `Imported from ${owner}/${repo}`;\n const id = toSlug(resolvedName) || safeSkillId;\n\n if (!id) {\n throw new HTTPException(400, {\n message: 'Could not derive skill ID from registry skill metadata.',\n });\n }\n\n // Reject collisions instead of silently overwriting; UI offers \"Open existing\".\n const existing = await skillStore.getById(id);\n if (existing) {\n throw new HTTPException(409, {\n message: `Skill with id \"${id}\" already exists.`,\n // Surface the existing id so the client can deep-link.\n cause: { storedSkillId: id },\n });\n }\n\n // Match the standard create flow: no caller = always public, otherwise default private.\n const authorId = getCallerAuthorId(requestContext) ?? undefined;\n const visibility: 'private' | 'public' = authorId ? (bodyVisibility ?? 'private') : 'public';\n\n // Use the SKILL.md body (post-frontmatter) as instructions. Frontmatter\n // values are already lifted into structured columns above, so re-storing\n // them in `instructions` would both duplicate metadata and feed YAML\n // into the agent's prompt. Fall back to description when no usable body\n // exists so `resolved.snapshot.instructions` stays non-empty.\n const instructions = snapshot?.instructions?.trim() ? snapshot.instructions : description;\n\n await skillStore.create({\n skill: {\n id,\n authorId,\n visibility,\n name: resolvedName,\n description,\n instructions,\n files,\n metadata: {\n origin: {\n type: 'skills-sh',\n owner,\n repo,\n skillName,\n },\n },\n },\n });\n\n return {\n storedSkillId: id,\n name: resolvedName,\n filesWritten: result.files.length,\n };\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error installing registry skill');\n }\n },\n});\n"]}
1
+ {"version":3,"sources":["../src/server/schemas/builder-registry.ts","../src/server/handlers/builder-registry.ts"],"names":["z","HTTPException","assertSafeFilePath","createRoute","handleError","skillsShSearchResponseSchema","searchSkillsSh","skillsShListResponseSchema","getPopularSkillsSh","skillsShPreviewResponseSchema","previewSkillsSh","fetchSkillFiles","assertSafeSkillName","toSlug","getCallerAuthorId"],"mappings":";;;;;;;;;;;AAuBO,IAAM,0BAAA,GAA6BA,KAAE,MAAA,CAAO;AAAA,EACjD,IAAIA,IAAA,CAAE,OAAA,CAAQ,WAAW,CAAA,CAAE,SAAS,4BAA4B,CAAA;AAAA,EAChE,OAAA,EAASA,IAAA,CAAE,OAAA,EAAQ,CAAE,SAAS,4DAA4D,CAAA;AAAA,EAC1F,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8BAA8B;AAC3D,CAAC,CAAA;AAGM,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EACtD,UAAA,EAAYA,IAAA,CAAE,KAAA,CAAM,0BAA0B;AAChD,CAAC,CAAA;AAOM,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EAChD,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wCAAwC;AAC1E,CAAC,CAAA;AAEM,IAAM,gCAAA,GAAmCA,KAAE,MAAA,CAAO;AAAA,EACvD,CAAA,EAAGA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,cAAc,CAAA;AAAA,EACrC,OAAOA,IAAA,CAAE,MAAA,CAAO,QAAO,CAAE,GAAA,GAAM,GAAA,CAAI,CAAC,EAAE,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS,CAAE,QAAQ,EAAE,CAAA,CAAE,SAAS,mCAAmC;AACpH,CAAC,CAAA;AAEM,IAAM,iCAAA,GAAoCA,KAC9C,MAAA,CAAO;AAAA,EACN,OAAOA,IAAA,CAAE,MAAA,CAAO,QAAO,CAAE,GAAA,GAAM,GAAA,CAAI,CAAC,EAAE,GAAA,CAAI,GAAG,EAAE,QAAA,EAAS,CAAE,QAAQ,EAAE,CAAA,CAAE,SAAS,mCAAmC,CAAA;AAAA,EAClH,QAAQA,IAAA,CAAE,MAAA,CACP,MAAA,EAAO,CACP,KAAI,CACJ,GAAA,CAAI,CAAC,CAAA,CACL,UAAS,CACT,OAAA,CAAQ,CAAC,CAAA,CACT,SAAS,uDAAuD;AACrE,CAAC,EACA,MAAA,CAAO,CAAA,IAAA,KAAQ,KAAK,MAAA,GAAS,IAAA,CAAK,UAAU,CAAA,EAAG;AAAA,EAC9C,OAAA,EAAS,6EAAA;AAAA,EACT,IAAA,EAAM,CAAC,QAAQ;AACjB,CAAC,CAAA;AAEI,IAAM,iCAAA,GAAoCA,KAAE,MAAA,CAAO;AAAA,EACxD,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB,CAAA;AAAA,EACpD,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wBAAwB,CAAA;AAAA,EAClD,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wBAAwB;AACpD,CAAC,CAAA;AAYM,IAAM,gCAAA,GAAmCA,KAAE,MAAA,CAAO;AAAA,EACvD,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB,CAAA;AAAA,EACpD,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,wBAAwB,CAAA;AAAA,EAClD,SAAA,EAAWA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8BAA8B,CAAA;AAAA,EAC7D,UAAA,EAAYA,IAAA,CAAE,IAAA,CAAK,CAAC,SAAA,EAAW,QAAQ,CAAC,CAAA,CAAE,QAAA,EAAS,CAAE,QAAA,CAAS,qCAAqC;AACrG,CAAC,CAAA;AAGM,IAAM,oCAAA,GAAuCA,KAAE,MAAA,CAAO;AAAA,EAC3D,aAAA,EAAeA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,sCAAsC,CAAA;AAAA,EACzE,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,qBAAqB,CAAA;AAAA,EAC/C,YAAA,EAAcA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8DAA8D;AAClG,CAAC,CAAA;;;AC3CD,IAAM,eAAA,GAA0C;AAAA,EAC9C,WAAA,EAAa;AACf,CAAA;AAcA,eAAe,kBAAkB,MAAA,EAA2C;AAC1E,EAAA,MAAM,MAAA,GAAS,OAAO,SAAA,EAAU;AAChC,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,CAAO,mBAAmB,UAAA,EAAY;AAC1D,IAAA,OAAO,CAAC,EAAE,EAAA,EAAI,WAAA,EAAa,OAAA,EAAS,OAAO,KAAA,EAAO,eAAA,CAAgB,WAAW,CAAA,EAAI,CAAA;AAAA,EACnF;AACA,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,EAAA,MAAM,UAAA,GAAa,SAAS,aAAA,IAAgB;AAC5C,EAAA,OAAO;AAAA,IACL;AAAA,MACE,EAAA,EAAI,WAAA;AAAA,MACJ,OAAA,EAAS,UAAA,EAAY,QAAA,EAAU,OAAA,KAAY,IAAA;AAAA,MAC3C,KAAA,EAAO,gBAAgB,WAAW;AAAA;AACpC,GACF;AACF;AAMA,eAAe,sBAAA,CAAuB,QAAgB,UAAA,EAAmC;AACvF,EAAA,MAAM,IAAA,GAAO,MAAM,iBAAA,CAAkB,MAAM,CAAA;AAC3C,EAAA,MAAM,QAAQ,IAAA,CAAK,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,OAAO,UAAU,CAAA;AAChD,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,KAAA,CAAM,OAAA,EAAS;AAC5B,IAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,EAChE;AACF;AAaA,SAAS,cACP,KAAA,EACwB;AACxB,EAAA,MAAM,OAA+B,EAAC;AAEtC,EAAA,KAAA,MAAW,QAAQ,KAAA,EAAO;AACxB,IAAA,MAAM,QAAA,GAAWC,oCAAA,CAAmB,IAAA,CAAK,IAAI,CAAA;AAC7C,IAAA,MAAM,WAAW,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA,CAAE,OAAO,OAAO,CAAA;AACnD,IAAA,IAAI,QAAA,CAAS,WAAW,CAAA,EAAG;AAE3B,IAAA,IAAI,MAAA,GAAS,IAAA;AACb,IAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,MAAA,GAAS,GAAG,CAAA,EAAA,EAAK;AAC5C,MAAA,MAAM,OAAA,GAAU,SAAS,CAAC,CAAA;AAC1B,MAAA,IAAI,MAAA,GAAS,OAAO,IAAA,CAAK,CAAA,IAAA,KAAQ,KAAK,IAAA,KAAS,QAAA,IAAY,IAAA,CAAK,IAAA,KAAS,OAAO,CAAA;AAChF,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAA,GAAS,EAAE,IAAA,EAAM,OAAA,EAAS,MAAM,QAAA,EAAU,QAAA,EAAU,EAAC,EAAE;AACvD,QAAA,MAAA,CAAO,KAAK,MAAM,CAAA;AAAA,MACpB;AACA,MAAA,IAAI,CAAC,MAAA,CAAO,QAAA,EAAU,MAAA,CAAO,WAAW,EAAC;AACzC,MAAA,MAAA,GAAS,MAAA,CAAO,QAAA;AAAA,IAClB;AAEA,IAAA,MAAM,QAAA,GAAW,QAAA,CAAS,QAAA,CAAS,MAAA,GAAS,CAAC,CAAA;AAC7C,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,QAAA,KAAa,QAAA,GAAW,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,OAAA,EAAS,QAAQ,CAAA,CAAE,QAAA,CAAS,OAAO,IAAI,IAAA,CAAK,OAAA;AAC1G,IAAA,MAAA,CAAO,KAAK,EAAE,IAAA,EAAM,UAAU,IAAA,EAAM,MAAA,EAAQ,SAAS,CAAA;AAAA,EACvD;AAEA,EAAA,OAAO,IAAA;AACT;AAqBA,SAAS,mBACP,KAAA,EAC4B;AAC5B,EAAA,MAAM,UAAU,KAAA,CAAM,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,UAAU,CAAA;AACrD,EAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AAErB,EAAA,MAAM,GAAA,GACJ,OAAA,CAAQ,QAAA,KAAa,QAAA,GAAW,MAAA,CAAO,IAAA,CAAK,OAAA,CAAQ,OAAA,EAAS,QAAQ,CAAA,CAAE,QAAA,CAAS,OAAO,IAAI,OAAA,CAAQ,OAAA;AAErG,EAAA,MAAM,OAAA,GAAU,GAAA,CAAI,KAAA,CAAM,6CAA6C,CAAA;AACvE,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,OAAO,EAAE,YAAA,EAAc,GAAA,CAAI,IAAA,EAAK,EAAE;AAAA,EACpC;AAEA,EAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,CAAC,CAAA,IAAK,EAAA;AAC9B,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,CAAC,CAAA,IAAK,EAAA;AAC3B,EAAA,MAAM,cAAsC,EAAC;AAC7C,EAAA,KAAA,MAAW,IAAA,IAAQ,OAAA,CAAQ,KAAA,CAAM,OAAO,CAAA,EAAG;AACzC,IAAA,MAAM,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,+BAA+B,CAAA;AACpD,IAAA,IAAI,CAAC,CAAA,EAAG;AACR,IAAA,MAAM,GAAA,GAAM,EAAE,CAAC,CAAA;AACf,IAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,CAAC,CAAA,IAAK,EAAA;AACtB,IAAA,IAAI,CAAC,GAAA,EAAK;AAGV,IAAA,WAAA,CAAY,GAAG,CAAA,GAAI,KAAA,CAAM,MAAK,CAAE,OAAA,CAAQ,kBAAkB,IAAI,CAAA;AAAA,EAChE;AAEA,EAAA,OAAO;AAAA,IACL,MAAM,WAAA,CAAY,IAAA;AAAA,IAClB,aAAa,WAAA,CAAY,WAAA;AAAA,IACzB,YAAA,EAAc,KAAK,IAAA;AAAK,GAC1B;AACF;AAaO,IAAM,gCAAgCC,6BAAA,CAAY;AAAA,EACvD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,4BAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,+BAAA;AAAA,EAChB,OAAA,EAAS,iCAAA;AAAA,EACT,WAAA,EAAa,2EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAQ,CAAA;AAAA,EACf,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,iBAAA,CAAkB,MAAM,CAAA;AACjD,MAAA,OAAO,EAAE,UAAA,EAAW;AAAA,IACtB,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,kCAAkC,CAAA;AAAA,IAC9D;AAAA,EACF;AACF,CAAC;AAQM,IAAM,gCAAgCD,6BAAA,CAAY;AAAA,EACvD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,+CAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,gBAAA,EAAkB,gCAAA;AAAA,EAClB,cAAA,EAAgBE,8CAAA;AAAA,EAChB,OAAA,EAAS,6BAAA;AAAA,EACT,WAAA,EAAa,2EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,QAAQ,CAAA;AAAA,EACzB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,SAAS,OAAO,EAAE,QAAQ,UAAA,EAAY,CAAA,EAAG,OAAM,KAAM;AACnD,IAAA,IAAI;AACF,MAAA,MAAM,sBAAA,CAAuB,QAAQ,UAAU,CAAA;AAC/C,MAAA,OAAO,MAAMC,gCAAA,CAAe,EAAE,CAAA,EAAG,OAAO,CAAA;AAAA,IAC1C,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBL,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOG,6BAAA,CAAY,OAAO,0BAA0B,CAAA;AAAA,IACtD;AAAA,EACF;AACF,CAAC;AAOM,IAAM,iCAAiCD,6BAAA,CAAY;AAAA,EACxD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,gDAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,gBAAA,EAAkB,iCAAA;AAAA,EAClB,cAAA,EAAgBI,4CAAA;AAAA,EAChB,OAAA,EAAS,oCAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,QAAQ,CAAA;AAAA,EACzB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,SAAS,OAAO,EAAE,QAAQ,UAAA,EAAY,KAAA,EAAO,QAAO,KAAM;AACxD,IAAA,IAAI;AACF,MAAA,MAAM,sBAAA,CAAuB,QAAQ,UAAU,CAAA;AAC/C,MAAA,OAAO,MAAMC,oCAAA,CAAmB,EAAE,KAAA,EAAO,QAAQ,CAAA;AAAA,IACnD,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBP,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOG,6BAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAOM,IAAM,iCAAiCD,6BAAA,CAAY;AAAA,EACxD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,gDAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,gBAAA,EAAkB,iCAAA;AAAA,EAClB,cAAA,EAAgBM,+CAAA;AAAA,EAChB,OAAA,EAAS,iCAAA;AAAA,EACT,WAAA,EAAa,6EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,QAAQ,CAAA;AAAA,EACzB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,YAAY,KAAA,EAAO,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU,KAAM;AACvE,IAAA,IAAI;AACF,MAAA,MAAM,sBAAA,CAAuB,QAAQ,UAAU,CAAA;AAC/C,MAAA,OAAO,MAAMC,iCAAA,CAAgB,EAAE,KAAA,EAAO,IAAA,EAAM,WAAW,CAAA;AAAA,IACzD,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBT,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOG,6BAAA,CAAY,OAAO,8BAA8B,CAAA;AAAA,IAC1D;AAAA,EACF;AACF,CAAC;AAeM,IAAM,iCAAiCD,6BAAA,CAAY;AAAA,EACxD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,gDAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,UAAA,EAAY,gCAAA;AAAA,EACZ,cAAA,EAAgB,oCAAA;AAAA,EAChB,OAAA,EAAS,6CAAA;AAAA,EACT,WAAA,EAAa,qFAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAA,EAAU,QAAQ,CAAA;AAAA,EACzB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,qBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,UAAA,EAAY,KAAA,EAAO,IAAA,EAAM,SAAA,EAAW,UAAA,EAAY,cAAA,EAAe,KAAM;AAC7G,IAAA,IAAI;AACF,MAAA,MAAM,sBAAA,CAAuB,QAAQ,UAAU,CAAA;AAE/C,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,MAAM,IAAIF,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,MACvE;AACA,MAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAClD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,0CAA0C,CAAA;AAAA,MACpF;AAGA,MAAA,MAAM,MAAA,GAAS,MAAMU,iCAAA,CAAgB,KAAA,EAAO,MAAM,SAAS,CAAA;AAC3D,MAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,KAAA,CAAM,WAAW,CAAA,EAAG;AACxC,QAAA,MAAM,IAAIV,gCAAc,GAAA,EAAK;AAAA,UAC3B,SAAS,CAAA,sBAAA,EAAyB,SAAS,CAAA,KAAA,EAAQ,KAAK,IAAI,IAAI,CAAA,CAAA;AAAA,SACjE,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,WAAA,GAAcW,qCAAA,CAAoB,MAAA,CAAO,OAAO,CAAA;AACtD,MAAA,MAAM,KAAA,GAAQ,aAAA,CAAc,MAAA,CAAO,KAAK,CAAA;AAOxC,MAAA,MAAM,QAAA,GAAW,kBAAA,CAAmB,MAAA,CAAO,KAAK,CAAA;AAEhD,MAAA,MAAM,YAAA,GAAe,UAAU,IAAA,IAAQ,WAAA;AACvC,MAAA,MAAM,cAAc,QAAA,EAAU,WAAA,IAAe,CAAA,cAAA,EAAiB,KAAK,IAAI,IAAI,CAAA,CAAA;AAC3E,MAAA,MAAM,EAAA,GAAKC,wBAAA,CAAO,YAAY,CAAA,IAAK,WAAA;AAEnC,MAAA,IAAI,CAAC,EAAA,EAAI;AACP,QAAA,MAAM,IAAIZ,gCAAc,GAAA,EAAK;AAAA,UAC3B,OAAA,EAAS;AAAA,SACV,CAAA;AAAA,MACH;AAGA,MAAA,MAAM,QAAA,GAAW,MAAM,UAAA,CAAW,OAAA,CAAQ,EAAE,CAAA;AAC5C,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,MAAM,IAAIA,gCAAc,GAAA,EAAK;AAAA,UAC3B,OAAA,EAAS,kBAAkB,EAAE,CAAA,iBAAA,CAAA;AAAA;AAAA,UAE7B,KAAA,EAAO,EAAE,aAAA,EAAe,EAAA;AAAG,SAC5B,CAAA;AAAA,MACH;AAGA,MAAA,MAAM,QAAA,GAAWa,mCAAA,CAAkB,cAAc,CAAA,IAAK,MAAA;AACtD,MAAA,MAAM,UAAA,GAAmC,QAAA,GAAY,cAAA,IAAkB,SAAA,GAAa,QAAA;AAOpF,MAAA,MAAM,eAAe,QAAA,EAAU,YAAA,EAAc,IAAA,EAAK,GAAI,SAAS,YAAA,GAAe,WAAA;AAE9E,MAAA,MAAM,WAAW,MAAA,CAAO;AAAA,QACtB,KAAA,EAAO;AAAA,UACL,EAAA;AAAA,UACA,QAAA;AAAA,UACA,UAAA;AAAA,UACA,IAAA,EAAM,YAAA;AAAA,UACN,WAAA;AAAA,UACA,YAAA;AAAA,UACA,KAAA;AAAA,UACA,QAAA,EAAU;AAAA,YACR,MAAA,EAAQ;AAAA,cACN,IAAA,EAAM,WAAA;AAAA,cACN,KAAA;AAAA,cACA,IAAA;AAAA,cACA;AAAA;AACF;AACF;AACF,OACD,CAAA;AAED,MAAA,OAAO;AAAA,QACL,aAAA,EAAe,EAAA;AAAA,QACf,IAAA,EAAM,YAAA;AAAA,QACN,YAAA,EAAc,OAAO,KAAA,CAAM;AAAA,OAC7B;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBb,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOG,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC","file":"chunk-GJOBSWXT.cjs","sourcesContent":["/**\n * Builder Registry Schemas\n *\n * Schemas for the Agent Builder skill registry routes. These are distinct from\n * the workspace skills.sh proxy schemas because:\n * - Builder routes are not scoped to a workspace.\n * - Builder install does not accept a `mount` field.\n * - Builder install body carries visibility + the resolved registry id.\n * - Builder install response returns the created stored skill id.\n *\n * The upstream skills.sh proxy response shapes are reused via the shared\n * `skillsShSearchResponseSchema`, `skillsShListResponseSchema`, and\n * `skillsShPreviewResponseSchema` since the wire shape from skills.sh is\n * registry-independent.\n */\n\nimport { z } from 'zod/v4';\n\n// =============================================================================\n// Registry list\n// =============================================================================\n\n/** Single entry in the registries list. */\nexport const builderRegistryEntrySchema = z.object({\n id: z.literal('skills-sh').describe('Stable registry identifier'),\n enabled: z.boolean().describe('Whether this registry is enabled in the running deployment'),\n label: z.string().describe('Human-readable registry name'),\n});\n\n/** Response for `GET /editor/builder/registries`. */\nexport const builderRegistriesResponseSchema = z.object({\n registries: z.array(builderRegistryEntrySchema),\n});\n\n// =============================================================================\n// Search / popular / preview\n// =============================================================================\n\n/** Path params used by every per-registry route. */\nexport const builderRegistryPathParams = z.object({\n registryId: z.string().describe('Registry identifier (e.g. \"skills-sh\")'),\n});\n\nexport const builderRegistrySearchQuerySchema = z.object({\n q: z.string().describe('Search query'),\n limit: z.coerce.number().int().min(1).max(100).optional().default(10).describe('Maximum number of results (1-100)'),\n});\n\nexport const builderRegistryPopularQuerySchema = z\n .object({\n limit: z.coerce.number().int().min(1).max(100).optional().default(10).describe('Maximum number of results (1-100)'),\n offset: z.coerce\n .number()\n .int()\n .min(0)\n .optional()\n .default(0)\n .describe('Offset for pagination (must be a multiple of `limit`)'),\n })\n .refine(args => args.offset % args.limit === 0, {\n message: 'offset must be a multiple of limit (the upstream registry pages by `limit`)',\n path: ['offset'],\n });\n\nexport const builderRegistryPreviewQuerySchema = z.object({\n owner: z.string().describe('GitHub repository owner'),\n repo: z.string().describe('GitHub repository name'),\n path: z.string().describe('Skill name within repo'),\n});\n\n// =============================================================================\n// Install\n// =============================================================================\n\n/**\n * Body for `POST /editor/builder/registries/:registryId/install`.\n *\n * Visibility behaves like the standard stored-skill create flow: optional,\n * defaults to private when the caller is authenticated.\n */\nexport const builderRegistryInstallBodySchema = z.object({\n owner: z.string().describe('GitHub repository owner'),\n repo: z.string().describe('GitHub repository name'),\n skillName: z.string().describe('Skill name from the registry'),\n visibility: z.enum(['private', 'public']).optional().describe('Visibility for the new stored skill'),\n});\n\n/** Response for the install route. Mirrors stored-skill identity fields. */\nexport const builderRegistryInstallResponseSchema = z.object({\n storedSkillId: z.string().describe('Id of the newly created stored skill'),\n name: z.string().describe('Resolved skill name'),\n filesWritten: z.number().describe('Number of files materialized into the skill version snapshot'),\n});\n\nexport type BuilderRegistryEntry = z.infer<typeof builderRegistryEntrySchema>;\nexport type BuilderRegistriesResponse = z.infer<typeof builderRegistriesResponseSchema>;\nexport type BuilderRegistryInstallBody = z.infer<typeof builderRegistryInstallBodySchema>;\nexport type BuilderRegistryInstallResponse = z.infer<typeof builderRegistryInstallResponseSchema>;\n","/**\n * Builder Registry Handlers\n *\n * Routes that let admins browse and install skills from configured external\n * registries (currently just skills.sh) directly into the Builder's stored\n * skills DB. Distinct from the workspace skills.sh routes, which write to a\n * workspace filesystem and never touch storage.\n *\n * Registry availability is driven by `AgentBuilderOptions.registries`. When\n * the requested registry is disabled (or the builder is missing entirely),\n * the routes 404 instead of leaking the surface.\n */\n\nimport type { Mastra } from '@mastra/core';\nimport type { StorageSkillFileNode } from '@mastra/core/storage';\n\nimport { HTTPException } from '../http-exception';\nimport {\n builderRegistriesResponseSchema,\n builderRegistryInstallBodySchema,\n builderRegistryInstallResponseSchema,\n builderRegistryPathParams,\n builderRegistryPopularQuerySchema,\n builderRegistryPreviewQuerySchema,\n builderRegistrySearchQuerySchema,\n} from '../schemas/builder-registry';\nimport {\n skillsShListResponseSchema,\n skillsShPreviewResponseSchema,\n skillsShSearchResponseSchema,\n} from '../schemas/workspace';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { toSlug } from '../utils';\nimport { getCallerAuthorId } from './authorship';\nimport { handleError } from './error';\nimport {\n assertSafeFilePath,\n assertSafeSkillName,\n fetchSkillFiles,\n getPopularSkillsSh,\n previewSkillsSh,\n searchSkillsSh,\n} from './skills-sh-shared';\n\n// =============================================================================\n// Registry resolution\n// =============================================================================\n\n/** Stable identifiers + display labels for every supported registry. */\nconst REGISTRY_LABELS: Record<string, string> = {\n 'skills-sh': 'skills.sh',\n};\n\ninterface RegistryStatus {\n id: 'skills-sh';\n enabled: boolean;\n label: string;\n}\n\n/**\n * Resolve which registries are enabled for the running deployment by reading\n * the builder's `registries` config. Returns a list with all known registries\n * (so the frontend can render an empty/disabled state) plus their enabled\n * flag.\n */\nasync function resolveRegistries(mastra: Mastra): Promise<RegistryStatus[]> {\n const editor = mastra.getEditor();\n if (!editor || typeof editor.resolveBuilder !== 'function') {\n return [{ id: 'skills-sh', enabled: false, label: REGISTRY_LABELS['skills-sh']! }];\n }\n const builder = await editor.resolveBuilder();\n const registries = builder?.getRegistries?.();\n return [\n {\n id: 'skills-sh',\n enabled: registries?.skillsSh?.enabled === true,\n label: REGISTRY_LABELS['skills-sh']!,\n },\n ];\n}\n\n/**\n * Hard-gate: throws 404 when the requested registry is unknown or disabled.\n * Mirrors `requireBuilderFeature` semantics — no surface leak for OFF registries.\n */\nasync function requireEnabledRegistry(mastra: Mastra, registryId: string): Promise<void> {\n const list = await resolveRegistries(mastra);\n const match = list.find(r => r.id === registryId);\n if (!match || !match.enabled) {\n throw new HTTPException(404, { message: 'Registry not found' });\n }\n}\n\n// =============================================================================\n// File-tree helpers\n// =============================================================================\n\n/**\n * Convert a flat list of `{ path, content, encoding }` entries into the\n * `StorageSkillFileNode` tree shape expected by the stored-skills create path.\n *\n * Each path is validated via `assertSafeFilePath` to prevent traversal from\n * upstream-controlled responses. Folder nodes are created on demand.\n */\nfunction buildFileTree(\n files: Array<{ path: string; content: string; encoding: 'utf-8' | 'base64' }>,\n): StorageSkillFileNode[] {\n const root: StorageSkillFileNode[] = [];\n\n for (const file of files) {\n const safePath = assertSafeFilePath(file.path);\n const segments = safePath.split('/').filter(Boolean);\n if (segments.length === 0) continue;\n\n let cursor = root;\n for (let i = 0; i < segments.length - 1; i++) {\n const segment = segments[i]!;\n let folder = cursor.find(node => node.type === 'folder' && node.name === segment);\n if (!folder) {\n folder = { name: segment, type: 'folder', children: [] };\n cursor.push(folder);\n }\n if (!folder.children) folder.children = [];\n cursor = folder.children;\n }\n\n const fileName = segments[segments.length - 1]!;\n const content = file.encoding === 'base64' ? Buffer.from(file.content, 'base64').toString('utf-8') : file.content;\n cursor.push({ name: fileName, type: 'file', content });\n }\n\n return root;\n}\n\n/**\n * Locally-bound SKILL.md frontmatter parser.\n *\n * Mirrors `parseSkillSnapshotFromFiles` from `@mastra/core/workspace`, but\n * inlined here because the server package's `@mastra/core` peer floor\n * (>=1.32.0) predates that helper. Once the floor is bumped to a release\n * containing the helper, this can be replaced by the shared core import.\n *\n * Only SKILL.md is consulted — frontmatter is split from the body using a\n * minimal YAML key:value reader sufficient for the fields registries\n * actually use (name, description). The body is everything after the\n * second `---` line, trimmed.\n */\ntype ParsedSkillSnapshot = {\n name?: string;\n description?: string;\n instructions: string;\n};\n\nfunction parseSkillSnapshot(\n files: Array<{ path: string; content: string; encoding: 'utf-8' | 'base64' }>,\n): ParsedSkillSnapshot | null {\n const skillMd = files.find(f => f.path === 'SKILL.md');\n if (!skillMd) return null;\n\n const raw =\n skillMd.encoding === 'base64' ? Buffer.from(skillMd.content, 'base64').toString('utf-8') : skillMd.content;\n\n const fmMatch = raw.match(/^---\\r?\\n([\\s\\S]*?)\\r?\\n---\\r?\\n?([\\s\\S]*)$/);\n if (!fmMatch) {\n return { instructions: raw.trim() };\n }\n\n const fmBlock = fmMatch[1] ?? '';\n const body = fmMatch[2] ?? '';\n const frontmatter: Record<string, string> = {};\n for (const line of fmBlock.split(/\\r?\\n/)) {\n const m = line.match(/^([A-Za-z0-9_-]+)\\s*:\\s*(.*)$/);\n if (!m) continue;\n const key = m[1];\n const value = m[2] ?? '';\n if (!key) continue;\n // Strip surrounding quotes, leave the rest as-is. Registry SKILL.md\n // frontmatter is consistently flat string fields in practice.\n frontmatter[key] = value.trim().replace(/^[\"'](.*)[\"']$/, '$1');\n }\n\n return {\n name: frontmatter.name,\n description: frontmatter.description,\n instructions: body.trim(),\n };\n}\n\n// =============================================================================\n// Routes\n// =============================================================================\n\n/**\n * GET /editor/builder/registries\n *\n * Lists every known registry and whether it's enabled in this deployment.\n * Used by the Builder UI to decide whether to show the \"Browse registry\"\n * entry point at all.\n */\nexport const LIST_BUILDER_REGISTRIES_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/registries',\n responseType: 'json',\n responseSchema: builderRegistriesResponseSchema,\n summary: 'List available skill registries',\n description: 'Returns the configured external skill registries and their enabled state.',\n tags: ['Editor'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:read',\n handler: async ({ mastra }) => {\n try {\n const registries = await resolveRegistries(mastra);\n return { registries };\n } catch (error) {\n return handleError(error, 'Error listing builder registries');\n }\n },\n});\n\n/**\n * GET /editor/builder/registries/:registryId/search\n *\n * Proxies a search query to the underlying registry. Currently only\n * registryId=\"skills-sh\" is supported.\n */\nexport const BUILDER_REGISTRY_SEARCH_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/registries/:registryId/search',\n responseType: 'json',\n pathParamSchema: builderRegistryPathParams,\n queryParamSchema: builderRegistrySearchQuerySchema,\n responseSchema: skillsShSearchResponseSchema,\n summary: 'Search skills in a registry',\n description: 'Proxies a search request to the configured registry to avoid CORS issues.',\n tags: ['Editor', 'Skills'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:read',\n handler: async ({ mastra, registryId, q, limit }) => {\n try {\n await requireEnabledRegistry(mastra, registryId);\n return await searchSkillsSh({ q, limit });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error searching registry');\n }\n },\n});\n\n/**\n * GET /editor/builder/registries/:registryId/popular\n *\n * Returns the most popular skills in a registry.\n */\nexport const BUILDER_REGISTRY_POPULAR_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/registries/:registryId/popular',\n responseType: 'json',\n pathParamSchema: builderRegistryPathParams,\n queryParamSchema: builderRegistryPopularQuerySchema,\n responseSchema: skillsShListResponseSchema,\n summary: 'Get popular skills from a registry',\n description: 'Proxies a popular-skills request to the configured registry to avoid CORS issues.',\n tags: ['Editor', 'Skills'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:read',\n handler: async ({ mastra, registryId, limit, offset }) => {\n try {\n await requireEnabledRegistry(mastra, registryId);\n return await getPopularSkillsSh({ limit, offset });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error fetching popular skills');\n }\n },\n});\n\n/**\n * GET /editor/builder/registries/:registryId/preview\n *\n * Returns the rendered SKILL.md content for a single skill in the registry.\n */\nexport const BUILDER_REGISTRY_PREVIEW_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/registries/:registryId/preview',\n responseType: 'json',\n pathParamSchema: builderRegistryPathParams,\n queryParamSchema: builderRegistryPreviewQuerySchema,\n responseSchema: skillsShPreviewResponseSchema,\n summary: 'Preview a skill from a registry',\n description: 'Fetches the SKILL.md content for a single skill in the configured registry.',\n tags: ['Editor', 'Skills'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:read',\n handler: async ({ mastra, registryId, owner, repo, path: skillName }) => {\n try {\n await requireEnabledRegistry(mastra, registryId);\n return await previewSkillsSh({ owner, repo, skillName });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error fetching skill preview');\n }\n },\n});\n\n/**\n * POST /editor/builder/registries/:registryId/install\n *\n * Fetches the full file tree for a skill from the registry, parses the\n * SKILL.md frontmatter for name/description, and persists everything as a\n * new stored skill. The registry origin is recorded under `metadata.origin`\n * so the UI can surface \"imported from skills.sh\" badges and re-resolve the\n * source later.\n *\n * Collisions (a stored skill with the derived id already exists) return 409\n * so the UI can offer an \"Open existing\" link instead of silently\n * overwriting.\n */\nexport const BUILDER_REGISTRY_INSTALL_ROUTE = createRoute({\n method: 'POST',\n path: '/editor/builder/registries/:registryId/install',\n responseType: 'json',\n pathParamSchema: builderRegistryPathParams,\n bodySchema: builderRegistryInstallBodySchema,\n responseSchema: builderRegistryInstallResponseSchema,\n summary: 'Install a registry skill into stored skills',\n description: 'Fetches a skill from the configured registry and persists it as a new stored skill.',\n tags: ['Editor', 'Skills'],\n requiresAuth: true,\n requiresPermission: 'stored-skills:write',\n handler: async ({ mastra, requestContext, registryId, owner, repo, skillName, visibility: bodyVisibility }) => {\n try {\n await requireEnabledRegistry(mastra, registryId);\n\n const storage = mastra.getStorage();\n if (!storage) {\n throw new HTTPException(500, { message: 'Storage is not configured' });\n }\n const skillStore = await storage.getStore('skills');\n if (!skillStore) {\n throw new HTTPException(500, { message: 'Skills storage domain is not available' });\n }\n\n // Pull files from the registry\n const result = await fetchSkillFiles(owner, repo, skillName);\n if (!result || result.files.length === 0) {\n throw new HTTPException(404, {\n message: `Could not find skill \"${skillName}\" in ${owner}/${repo}.`,\n });\n }\n\n const safeSkillId = assertSafeSkillName(result.skillId);\n const files = buildFileTree(result.files);\n\n // Parse SKILL.md frontmatter into structured fields. Splitting\n // frontmatter (name/description) from the markdown body keeps the\n // body as the agent-facing `instructions` instead of polluting it\n // with raw YAML metadata. SKILL.md missing or unparseable simply\n // yields a null snapshot — registry-provided values then fill in.\n const snapshot = parseSkillSnapshot(result.files);\n\n const resolvedName = snapshot?.name ?? safeSkillId;\n const description = snapshot?.description ?? `Imported from ${owner}/${repo}`;\n const id = toSlug(resolvedName) || safeSkillId;\n\n if (!id) {\n throw new HTTPException(400, {\n message: 'Could not derive skill ID from registry skill metadata.',\n });\n }\n\n // Reject collisions instead of silently overwriting; UI offers \"Open existing\".\n const existing = await skillStore.getById(id);\n if (existing) {\n throw new HTTPException(409, {\n message: `Skill with id \"${id}\" already exists.`,\n // Surface the existing id so the client can deep-link.\n cause: { storedSkillId: id },\n });\n }\n\n // Match the standard create flow: no caller = always public, otherwise default private.\n const authorId = getCallerAuthorId(requestContext) ?? undefined;\n const visibility: 'private' | 'public' = authorId ? (bodyVisibility ?? 'private') : 'public';\n\n // Use the SKILL.md body (post-frontmatter) as instructions. Frontmatter\n // values are already lifted into structured columns above, so re-storing\n // them in `instructions` would both duplicate metadata and feed YAML\n // into the agent's prompt. Fall back to description when no usable body\n // exists so `resolved.snapshot.instructions` stays non-empty.\n const instructions = snapshot?.instructions?.trim() ? snapshot.instructions : description;\n\n await skillStore.create({\n skill: {\n id,\n authorId,\n visibility,\n name: resolvedName,\n description,\n instructions,\n files,\n metadata: {\n origin: {\n type: 'skills-sh',\n owner,\n repo,\n skillName,\n },\n },\n },\n });\n\n return {\n storedSkillId: id,\n name: resolvedName,\n filesWritten: result.files.length,\n };\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error installing registry skill');\n }\n },\n});\n"]}
package/dist/{chunk-YVA4JWKW.cjs → chunk-GK5QGY2U.cjs} RENAMED
@@ -2,7 +2,7 @@
2
2
 
3
3
  var chunkXCZ44WKI_cjs = require('./chunk-XCZ44WKI.cjs');
4
4
  var chunk43KD3CRE_cjs = require('./chunk-43KD3CRE.cjs');
5
- var chunkYNSUYESL_cjs = require('./chunk-YNSUYESL.cjs');
5
+ var chunkSTZTV4FB_cjs = require('./chunk-STZTV4FB.cjs');
6
6
  var chunkSCZF5DQB_cjs = require('./chunk-SCZF5DQB.cjs');
7
7
  var chunk64ITUOXI_cjs = require('./chunk-64ITUOXI.cjs');
8
8
  var chunk65T6KVYX_cjs = require('./chunk-65T6KVYX.cjs');
@@ -104,7 +104,7 @@ var GET_AUTH_CAPABILITIES_ROUTE = chunkSCZF5DQB_cjs.createPublicRoute({
104
104
  }
105
105
  return capabilities;
106
106
  } catch (error) {
107
- return chunkYNSUYESL_cjs.handleError(error, "Error getting auth capabilities");
107
+ return chunkSTZTV4FB_cjs.handleError(error, "Error getting auth capabilities");
108
108
  }
109
109
  }
110
110
  });
@@ -150,7 +150,7 @@ var GET_CURRENT_USER_ROUTE = chunkSCZF5DQB_cjs.createPublicRoute({
150
150
  permissions
151
151
  };
152
152
  } catch (error) {
153
- return chunkYNSUYESL_cjs.handleError(error, "Error getting current user");
153
+ return chunkSTZTV4FB_cjs.handleError(error, "Error getting current user");
154
154
  }
155
155
  }
156
156
  });
@@ -206,7 +206,7 @@ var GET_SSO_LOGIN_ROUTE = chunkSCZF5DQB_cjs.createPublicRoute({
206
206
  }
207
207
  return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });
208
208
  } catch (error) {
209
- return chunkYNSUYESL_cjs.handleError(error, "Error initiating SSO login");
209
+ return chunkSTZTV4FB_cjs.handleError(error, "Error initiating SSO login");
210
210
  }
211
211
  }
212
212
  });
@@ -327,7 +327,7 @@ var POST_LOGOUT_ROUTE = chunkSCZF5DQB_cjs.createPublicRoute({
327
327
  headers
328
328
  });
329
329
  } catch (error) {
330
- return chunkYNSUYESL_cjs.handleError(error, "Error logging out");
330
+ return chunkSTZTV4FB_cjs.handleError(error, "Error logging out");
331
331
  }
332
332
  }
333
333
  });
@@ -367,7 +367,7 @@ var POST_REFRESH_ROUTE = chunkSCZF5DQB_cjs.createPublicRoute({
367
367
  });
368
368
  } catch (error) {
369
369
  if (error instanceof chunk64ITUOXI_cjs.HTTPException) throw error;
370
- return chunkYNSUYESL_cjs.handleError(error, "Error refreshing session");
370
+ return chunkSTZTV4FB_cjs.handleError(error, "Error refreshing session");
371
371
  }
372
372
  }
373
373
  });
@@ -485,7 +485,7 @@ var GET_ROLE_PERMISSIONS_ROUTE = chunkSCZF5DQB_cjs.createRoute({
485
485
  return { roleId, permissions };
486
486
  } catch (error) {
487
487
  if (error instanceof chunk64ITUOXI_cjs.HTTPException) throw error;
488
- return chunkYNSUYESL_cjs.handleError(error, "Error getting role permissions");
488
+ return chunkSTZTV4FB_cjs.handleError(error, "Error getting role permissions");
489
489
  }
490
490
  }
491
491
  });
@@ -512,5 +512,5 @@ exports.POST_CREDENTIALS_SIGN_UP_ROUTE = POST_CREDENTIALS_SIGN_UP_ROUTE;
512
512
  exports.POST_LOGOUT_ROUTE = POST_LOGOUT_ROUTE;
513
513
  exports.POST_REFRESH_ROUTE = POST_REFRESH_ROUTE;
514
514
  exports.getPublicOrigin = getPublicOrigin;
515
- //# sourceMappingURL=chunk-YVA4JWKW.cjs.map
516
- //# sourceMappingURL=chunk-YVA4JWKW.cjs.map
515
+ //# sourceMappingURL=chunk-GK5QGY2U.cjs.map
516
+ //# sourceMappingURL=chunk-GK5QGY2U.cjs.map
package/dist/{chunk-YVA4JWKW.cjs.map → chunk-GK5QGY2U.cjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server/handlers/auth.ts"],"names":["createPublicRoute","capabilitiesResponseSchema","supportsSessionRefresh","handleError","currentUserResponseSchema","ssoLoginQuerySchema","HTTPException","ssoCallbackQuerySchema","refreshResponseSchema","credentialsSignInBodySchema","credentialsSignUpBodySchema","mastra","z","createRoute","MASTRA_USER_PERMISSIONS_KEY"],"mappings":";;;;;;;;;;AAyCA,IAAI,yBAAA;AACJ,SAAS,qBAAA,GAAkE;AACzE,EAAA,IAAI,CAAC,yBAAA,EAA2B;AAC9B,IAAA,yBAAA,GAA4B,OAAO,sBAAsB,CAAA,CACtD,IAAA,CAAK,OAAK,CAAA,CAAE,iBAAwC,CAAA,CACpD,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,yBAAA;AACT;AAKA,SAAS,gBAAgB,MAAA,EAAwC;AAC/D,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAM,OAAO,IAAA;AAIhC,EAAA,IAAI,OAAO,YAAA,CAAa,IAAA,CAAK,iBAAA,KAAsB,UAAA,EAAY;AAC7D,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AAoBO,SAAS,gBAAgB,OAAA,EAA0B;AACxD,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACnF,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,OAAO,WAAW,aAAa,CAAA,CAAA;AAAA,EACjC;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACvC,EAAA,IAAI,IAAA,EAAM;AACR,IAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACrF,IAAA,MAAM,KAAA,GAAQ,cAAA,IAAkB,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAC7E,IAAA,OAAO,CAAA,EAAG,KAAK,CAAA,GAAA,EAAM,IAAI,CAAA,CAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,MAAA;AAC9B;AAKA,SAAS,gBAAgB,MAAA,EAAgD;AACvE,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,IAAA;AACvB;AAKA,SAAS,eAAe,MAAA,EAA+C;AACrE,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,GAAA;AACvB;AAKA,SAAS,mBAAA,CAAuB,MAAe,MAAA,EAA4B;AACzE,EAAA,OAAO,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,OAAQ,IAAA,CAAa,MAAM,CAAA,KAAM,UAAA;AACvF;AAMO,IAAM,8BAA8BA,mCAAA,CAAkB;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBC,4CAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,GAAA;AAEzC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,MAAM,GAAA,GAAM,eAAe,MAAM,CAAA;AAEjC,MAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,EAAsB;AACtD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AACA,MAAA,MAAM,YAAA,GAAe,MAAM,iBAAA,CAAkB,IAAA,EAAM,OAAA,EAAS,EAAE,IAAA,EAAM,GAAA,EAAK,SAAA,EAAW,WAAA,EAAa,CAAA;AAIjG,MAAA,IAAI,EAAE,MAAA,IAAU,YAAA,CAAA,IAAiBC,wCAAA,CAAuB,IAAI,CAAA,EAAG;AAC7D,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AAC5D,UAAA,IAAI,SAAA,EAAW;AACb,YAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AAC5D,YAAA,IAAI,gBAAA,EAAkB;AACpB,cAAA,MAAM,cAAA,GAAiB,MAAM,IAAA,CAAK,iBAAA,CAAkB,gBAAgB,CAAA;AACpE,cAAA,MAAM,WAAA,GAAc,yBAAyB,cAAc,CAAA;AAC3D,cAAA,IAAI,WAAA,EAAa;AAEf,gBAAA,MAAM,gBAAA,GAAmB,IAAI,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK;AAAA,kBAChD,QAAQ,OAAA,CAAQ,MAAA;AAAA,kBAChB,OAAA,EAAS,IAAI,OAAA,CAAQ,OAAA,CAAQ,OAAO;AAAA,iBACrC,CAAA;AACD,gBAAA,gBAAA,CAAiB,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,WAAW,CAAA;AAClD,gBAAA,MAAM,qBAAA,GAAwB,MAAM,iBAAA,CAAkB,IAAA,EAAM,gBAAA,EAAkB;AAAA,kBAC5E,IAAA;AAAA,kBACA,SAAA,EAAW;AAAA,iBACZ,CAAA;AAGD,gBAAA,IAAI,UAAU,qBAAA,EAAuB;AACnC,kBAAC,sBAA8B,gBAAA,GAAmB,cAAA;AAAA,gBACpD;AACA,gBAAA,OAAO,qBAAA;AAAA,cACT;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO,YAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAKD,SAAS,yBAAyB,OAAA,EAAgD;AAChF,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,YAAY,CAAA,IAAK,QAAQ,YAAY,CAAA;AAC/D,EAAA,IAAI,CAAC,WAAW,OAAO,IAAA;AAEvB,EAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,KAAA,CAAM,UAAU,CAAA;AACxC,EAAA,OAAO,KAAA,GAAS,KAAA,CAAM,CAAC,CAAA,IAAK,IAAA,GAAQ,IAAA;AACtC;AAMO,IAAM,yBAAyBH,mCAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,UAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBI,2CAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAmC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACxE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,cAAA,CAAe,OAAO,CAAA;AAC9C,MAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAGlB,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,WAAA;AAEJ,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAI;AACF,UAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAChC,UAAA,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAAA,QAC9C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,IAAA,CAAK,EAAA;AAAA,QACT,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,WAAW,IAAA,CAAK,SAAA;AAAA,QAChB,KAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOD,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,sBAAsBH,mCAAA,CAAkB;AAAA,EACnD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkBK,qCAAA;AAAA,EAClB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,4DAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,YAAA,EAAc,OAAA,EAAS,aAAY,GAAI,GAAA;AACvD,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,aAAa,CAAA,EAAG;AACpE,QAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,MAChE;AAGA,MAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,MAAA,MAAM,GAAA,GAAA,CAAQ,WAAA,IAA0B,MAAA,EAAQ,IAAA,EAAK;AACrD,MAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,GAAI,GAAA,GAAM,IAAI,GAAG,CAAA,CAAA;AACrD,MAAA,MAAM,MAAA,GAAS,UAAU,QAAA,CAAS,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,SAAA;AAClE,MAAA,MAAM,gBAAA,GAAmB,CAAA,EAAG,MAAM,CAAA,EAAG,MAAM,CAAA,kBAAA,CAAA;AAO3C,MAAA,IAAI,iBAAA,GAAoB,GAAA;AACxB,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,YAAA,CAAa,UAAA,CAAW,MAAM,CAAA,EAAG;AAEpC,UAAA,iBAAA,GAAoB,YAAA;AAAA,QACtB,CAAA,MAAO;AACL,UAAA,IAAI;AACF,YAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,YAAY,CAAA;AACxC,YAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,MAAM,CAAA;AACpC,YAAA,MAAM,OAAA,GAAU,WAAA,CAAY,QAAA,KAAa,OAAA,IAAW,YAAY,QAAA,KAAa,QAAA;AAC7E,YAAA,MAAM,YAAA,GAAe,WAAA,CAAY,MAAA,KAAW,aAAA,CAAc,MAAA;AAC1D,YAAA,MAAM,WAAA,GACJ,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,OAAA;AAC3B,YAAA,IAAI,OAAA,KAAY,gBAAgB,WAAA,CAAA,EAAc;AAC5C,cAAA,iBAAA,GAAoB,YAAA;AAAA,YACtB;AAAA,UACF,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AACA,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,kBAAA,CAAmB,iBAAiB,CAAC,CAAA,CAAA;AAEjE,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,gBAAA,EAAkB,KAAK,CAAA;AAGzD,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,iBAAiB,CAAA,IAAK,KAAK,eAAA,EAAiB;AACtF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,CAAgB,gBAAA,EAAkB,KAAK,CAAA;AAC5D,QAAA,IAAI,SAAS,MAAA,EAAQ;AAEnB,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,UACrC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,GAAA,EAAK,QAAA,EAAU,CAAA,EAAG,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IACjF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOH,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyBH,mCAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkBO,wCAAA;AAAA,EAClB,OAAA,EAAS,qBAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,SAAQ,GAAI,GAAA;AAGzC,IAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AAGvC,IAAA,IAAI,UAAA,GAAa,GAAA;AACjB,IAAA,IAAI,UAAU,KAAA,IAAS,EAAA;AACvB,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,MAAA,MAAM,CAAC,EAAA,EAAI,eAAe,IAAI,KAAA,CAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAChD,MAAA,OAAA,GAAU,EAAA;AACV,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,mBAAmB,eAAe,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,UAAA,GAAa,GAAA;AAAA,MACf;AAAA,IACF;AAMA,IAAA,IAAI,gBAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,OAAO,CAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,OAAO,QAAA,KAAa,QAAA;AACnE,QAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,KAAW,UAAA,CAAW,MAAA;AAClD,QAAA,MAAM,WAAA,GACJ,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,OAAA;AAC5F,QAAA,gBAAA,GAAmB,OAAA,KAAY,YAAA,IAAgB,WAAA,CAAA,GAAe,UAAA,GAAa,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MACvF,CAAA,CAAA,MAAQ;AACN,QAAA,gBAAA,GAAmB,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MAC/B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,gBAAA,GAAmB,CAAA,EAAG,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,OAAO,QAAA,CAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,6BAA6B,GAAG,CAAA;AAAA,MAC9E;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,OAAQ,IAAA,CAAa,uBAAA,KAA4B,UAAA,EAAY;AAC/D,QAAC,IAAA,CAAa,wBAAwB,eAAe,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAM,OAAO,CAAA;AACvD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAGpB,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,gBAAgB,CAAA;AAGxC,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF,WAAW,mBAAA,CAAsC,IAAA,EAAM,eAAe,CAAA,IAAK,OAAO,MAAA,EAAQ;AAExF,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,KAAK,EAAA,EAAI;AAAA,UAChD,WAAA,EAAa,OAAO,MAAA,CAAO,WAAA;AAAA,UAC3B,YAAA,EAAc,OAAO,MAAA,CAAO,YAAA;AAAA,UAC5B,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,UACzB,gBAAiB,IAAA,CAAa;AAAA,SAC/B,CAAA;AACD,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA;AACrD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AAEd,MAAA,MAAM,eAAe,kBAAA,CAAmB,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,eAAe,CAAA;AAChG,MAAA,OAAO,SAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,CAAA,OAAA,EAAU,YAAY,IAAI,GAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AACF,CAAC;AAMM,IAAM,oBAAoBP,mCAAA,CAAkB;AAAA,EACjD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,cAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,OAAA,EAAS,QAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAE5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,UACrD,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAGA,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EAAG;AAC1E,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,QAAA,IAAI,SAAA,IAAa,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AAC9E,UAAA,MAAM,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,QACrC;AAAA,MACF;AAGA,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,cAAc,CAAA,IAAK,KAAK,YAAA,EAAc;AAEhF,QAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,CAAa,QAAQ,OAAO,CAAA;AACzD,QAAA,UAAA,GAAa,SAAA,IAAa,MAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,wBAAwB,CAAA,EAAG;AACzE,QAAA,MAAM,YAAA,GAAe,KAAK,sBAAA,EAAuB;AACjD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AACvD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,CAAA,EAAG;AAAA,QACjE,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAOG,6BAAA,CAAY,OAAO,mBAAmB,CAAA;AAAA,IAC/C;AAAA,EACF;AACF,CAAC;AAMM,IAAM,qBAAqBH,mCAAA,CAAkB;AAAA,EAClD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,eAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,cAAA,EAAgBQ,uCAAA;AAAA,EAChB,OAAA,EAAS,iBAAA;AAAA,EACT,WAAA,EAAa,4FAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAE5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IACE,CAAC,IAAA,IACD,CAAC,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,IAC7D,CAAC,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EACtE;AACA,QAAA,MAAM,IAAIF,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kCAAkC,CAAA;AAAA,MAC5E;AAGA,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,cAAc,CAAA;AAAA,MACxD;AAGA,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AACtD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,mBAAmB,CAAA;AAAA,MAC7D;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAClE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,mBAAmB,CAAA,EAAG;AACpE,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,UAAU,CAAA;AACxD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,QACrD,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOH,6BAAA,CAAY,OAAO,0BAA0B,CAAA;AAAA,IACtD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiCH,mCAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAYS,6CAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,+CAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,UAAS,GAAI,GAAA;AAE7C,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAIH,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,UAAU,OAAO,CAAA;AACzD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAE1C,MAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,IACvE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiCN,mCAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAYU,6CAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,MAAK,GAAI,GAAA;AAEnD,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAIJ,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,OAAO,KAAA,EAAO,QAAA,EAAU,MAAM,OAAO,CAAA;AAC/D,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,MAAMK,UAAU,GAAA,CAAY,MAAA;AAC5B,MAAAA,OAAAA,EAAQ,SAAA,IAAY,EAAG,KAAA,CAAM,eAAA,EAAiB;AAAA,QAC5C,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,EAAE,OAAA,EAAS,MAAM,OAAA,EAAS,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI;AAAA,OAClF,CAAA;AACD,MAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,4BAA4B,CAAA;AAAA,IACtE;AAAA,EACF;AACF,CAAC;AAMD,IAAM,yBAAA,GAA4BM,KAAE,MAAA,CAAO,EAAE,QAAQA,IAAA,CAAE,MAAA,IAAU,CAAA;AACjE,IAAM,6BAAA,GAAgCA,IAAA,CAAE,MAAA,CAAO,EAAE,QAAQA,IAAA,CAAE,MAAA,EAAO,EAAG,WAAA,EAAaA,KAAE,KAAA,CAAMA,IAAA,CAAE,MAAA,EAAQ,GAAG,CAAA;AAEhG,IAAM,6BAA6BC,6BAAA,CAAY;AAAA,EACpD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iCAAA;AAAA,EACN,YAAA,EAAc,IAAA;AAAA,EACd,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,cAAA,EAAgB,6BAAA;AAAA,EAChB,OAAA,EAAS,4BAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,cAAA,EAAgB,MAAA,EAAO,GAAI,GAAA;AAG3C,MAAA,MAAM,iBAAA,GAA8B,cAAA,EAAgB,GAAA,CAAIC,6CAA2B,KAAK,EAAC;AACzF,MAAA,MAAM,OAAA,GAAU,kBAAkB,IAAA,CAAK,CAAC,MAAc,CAAA,KAAM,GAAA,IAAO,MAAM,KAAK,CAAA;AAC9E,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,MAAM,IAAIR,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,yBAAyB,CAAA;AAAA,MACnE;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,IAAI,CAAC,MAAM,qBAAA,EAAuB;AAChC,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6DAA6D,CAAA;AAAA,MACvG;AAEA,MAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,qBAAA,CAAsB,MAAM,CAAA;AAC3D,MAAA,OAAO,EAAE,QAAQ,WAAA,EAAY;AAAA,IAC/B,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOH,6BAAA,CAAY,OAAO,gCAAgC,CAAA;AAAA,IAC5D;AAAA,EACF;AACF,CAAC;AAMM,IAAM,WAAA,GAAc;AAAA,EACzB,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,iBAAA;AAAA,EACA,kBAAA;AAAA,EACA,8BAAA;AAAA,EACA,8BAAA;AAAA,EACA;AACF","file":"chunk-YVA4JWKW.cjs","sourcesContent":["/**\n * Auth handlers for EE authentication capabilities.\n *\n * These routes enable Studio to:\n * - Detect available auth capabilities\n * - Initiate SSO login flows\n * - Handle OAuth callbacks\n * - Logout users\n */\n\nimport type {\n IUserProvider,\n ISessionProvider,\n ISSOProvider,\n ICredentialsProvider,\n SSOCallbackResult,\n} from '@mastra/core/auth';\nimport type { IRBACProvider, IFGAProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { MastraAuthProvider } from '@mastra/core/server';\n\nimport { z } from 'zod/v4';\nimport { supportsSessionRefresh } from '../auth/helpers';\nimport { MASTRA_USER_PERMISSIONS_KEY } from '../constants';\nimport { HTTPException } from '../http-exception';\nimport {\n capabilitiesResponseSchema,\n ssoLoginQuerySchema,\n ssoCallbackQuerySchema,\n currentUserResponseSchema,\n credentialsSignInBodySchema,\n credentialsSignUpBodySchema,\n refreshResponseSchema,\n} from '../schemas/auth';\nimport { createPublicRoute, createRoute } from '../server-adapter/routes/route-builder';\nimport { handleError } from './error';\n\ntype BuildCapabilitiesFn = (\n auth: any,\n request: Request,\n options?: { rbac?: any; fga?: any; apiPrefix?: string },\n) => Promise<any>;\nlet _buildCapabilitiesPromise: Promise<BuildCapabilitiesFn | undefined> | undefined;\nfunction loadBuildCapabilities(): Promise<BuildCapabilitiesFn | undefined> {\n if (!_buildCapabilitiesPromise) {\n _buildCapabilitiesPromise = import('@mastra/core/auth/ee')\n .then(m => m.buildCapabilities as BuildCapabilitiesFn)\n .catch(() => {\n console.error(\n '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n );\n return undefined;\n });\n }\n return _buildCapabilitiesPromise;\n}\n\n/**\n * Helper to get auth provider from Mastra instance.\n */\nfunction getAuthProvider(mastra: any): MastraAuthProvider | null {\n const serverConfig = mastra.getServer?.();\n if (!serverConfig?.auth) return null;\n\n // Auth can be either MastraAuthConfig or MastraAuthProvider\n // If it has authenticateToken method, it's a provider\n if (typeof serverConfig.auth.authenticateToken === 'function') {\n return serverConfig.auth as MastraAuthProvider;\n }\n\n return null;\n}\n\n/**\n * Get the public-facing origin from a request, respecting reverse proxy headers.\n * Behind a proxy (e.g. edge router), request.url contains the internal hostname,\n * so we rely on forwarded headers to reconstruct the real public origin.\n *\n * Assumes the server is behind a trusted proxy (or running locally). When\n * exposed directly to untrusted clients, the Host header is attacker-controlled\n * and must be validated upstream.\n *\n * Priority:\n * 1. X-Forwarded-Host (traditional reverse proxy) → always HTTPS. Knative's\n * queue-proxy overwrites X-Forwarded-Proto based on the internal HTTP\n * connection, so X-Forwarded-Proto is ignored here.\n * 2. Host header with X-Forwarded-Proto (AWS ALB, some proxies) → respect proto.\n * 3. Host header alone → use the scheme from request.url (covers both direct\n * HTTP access and proxies that preserve Host but don't set a proto header).\n * 4. No Host header → fall back to request.url.origin (local dev / direct access).\n */\nexport function getPublicOrigin(request: Request): string {\n const forwardedHost = request.headers.get('x-forwarded-host')?.split(',')[0]?.trim();\n if (forwardedHost) {\n return `https://${forwardedHost}`;\n }\n\n const host = request.headers.get('host');\n if (host) {\n const forwardedProto = request.headers.get('x-forwarded-proto')?.split(',')[0]?.trim();\n const proto = forwardedProto || new URL(request.url).protocol.replace(':', '');\n return `${proto}://${host}`;\n }\n\n return new URL(request.url).origin;\n}\n\n/**\n * Helper to get RBAC provider from Mastra server config.\n */\nfunction getRBACProvider(mastra: any): IRBACProvider<EEUser> | undefined {\n const serverConfig = mastra.getServer?.();\n return serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n}\n\n/**\n * Helper to get FGA provider from Mastra server config.\n */\nfunction getFGAProvider(mastra: any): IFGAProvider<EEUser> | undefined {\n const serverConfig = mastra.getServer?.();\n return serverConfig?.fga as IFGAProvider<EEUser> | undefined;\n}\n\n/**\n * Type guard to check if auth provider implements an interface.\n */\nfunction implementsInterface<T>(auth: unknown, method: keyof T): auth is T {\n return auth !== null && typeof auth === 'object' && typeof (auth as any)[method] === 'function';\n}\n\n// ============================================================================\n// GET /auth/capabilities\n// ============================================================================\n\nexport const GET_AUTH_CAPABILITIES_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/capabilities',\n responseType: 'json',\n responseSchema: capabilitiesResponseSchema,\n summary: 'Get auth capabilities',\n description:\n 'Returns authentication capabilities and current user info. Used by Studio to determine available features and user state.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, request, routePrefix } = ctx as any;\n\n const auth = getAuthProvider(mastra);\n\n if (!auth) {\n return { enabled: false, login: null };\n }\n\n const rbac = getRBACProvider(mastra);\n const fga = getFGAProvider(mastra);\n\n const buildCapabilities = await loadBuildCapabilities();\n if (!buildCapabilities) {\n return { enabled: false, login: null };\n }\n const capabilities = await buildCapabilities(auth, request, { rbac, fga, apiPrefix: routePrefix });\n\n // If capabilities came back without a user, the session may have expired.\n // Attempt a transparent refresh (same logic as coreAuthMiddleware) and retry.\n if (!('user' in capabilities) && supportsSessionRefresh(auth)) {\n try {\n const sessionId = await auth.getSessionIdFromRequest(request);\n if (sessionId) {\n const refreshedSession = await auth.refreshSession(sessionId);\n if (refreshedSession) {\n const sessionHeaders = await auth.getSessionHeaders(refreshedSession);\n const cookieValue = extractCookieFromHeaders(sessionHeaders);\n if (cookieValue) {\n // Rebuild capabilities with the refreshed cookie\n const refreshedRequest = new Request(request.url, {\n method: request.method,\n headers: new Headers(request.headers),\n });\n refreshedRequest.headers.set('Cookie', cookieValue);\n const refreshedCapabilities = await buildCapabilities(auth, refreshedRequest, {\n rbac,\n apiPrefix: routePrefix,\n });\n\n // Attach refresh headers so the adapter can set the new cookie\n if ('user' in refreshedCapabilities) {\n (refreshedCapabilities as any).__refreshHeaders = sessionHeaders;\n }\n return refreshedCapabilities;\n }\n }\n }\n } catch {\n // Refresh failed — return original unauthenticated capabilities\n }\n }\n\n return capabilities;\n } catch (error) {\n return handleError(error, 'Error getting auth capabilities');\n }\n },\n});\n\n/**\n * Extract a full cookie string from session headers (e.g. Set-Cookie → Cookie).\n */\nfunction extractCookieFromHeaders(headers: Record<string, string>): string | null {\n const setCookie = headers['Set-Cookie'] || headers['set-cookie'];\n if (!setCookie) return null;\n // Set-Cookie value is \"name=value; Path=/; ...\" — extract \"name=value\"\n const match = setCookie.match(/^([^;]+)/);\n return match ? (match[1] ?? null) : null;\n}\n\n// ============================================================================\n// GET /auth/me\n// ============================================================================\n\nexport const GET_CURRENT_USER_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/me',\n responseType: 'json',\n responseSchema: currentUserResponseSchema,\n summary: 'Get current user',\n description: 'Returns the currently authenticated user, or null if not authenticated.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, request } = ctx as any;\n const auth = getAuthProvider(mastra);\n const rbac = getRBACProvider(mastra);\n\n if (!auth || !implementsInterface<IUserProvider>(auth, 'getCurrentUser')) {\n return null;\n }\n\n const user = await auth.getCurrentUser(request);\n if (!user) return null;\n\n // Get roles/permissions from RBAC provider if available\n let roles: string[] | undefined;\n let permissions: string[] | undefined;\n\n if (rbac) {\n try {\n roles = await rbac.getRoles(user);\n permissions = await rbac.getPermissions(user);\n } catch {\n // RBAC not available or failed\n }\n }\n\n return {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n roles,\n permissions,\n };\n } catch (error) {\n return handleError(error, 'Error getting current user');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/sso/login\n// ============================================================================\n\nexport const GET_SSO_LOGIN_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/sso/login',\n responseType: 'datastream-response',\n queryParamSchema: ssoLoginQuerySchema,\n summary: 'Initiate SSO login',\n description: 'Returns the SSO login URL and sets PKCE cookies if needed.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, redirect_uri, request, routePrefix } = ctx as any;\n const auth = getAuthProvider(mastra);\n\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'getLoginUrl')) {\n throw new HTTPException(404, { message: 'SSO not configured' });\n }\n\n // Build OAuth callback URI using the configured route prefix\n const origin = getPublicOrigin(request);\n const raw = ((routePrefix as string) || '/api').trim();\n const withSlash = raw.startsWith('/') ? raw : `/${raw}`;\n const prefix = withSlash.endsWith('/') ? withSlash.slice(0, -1) : withSlash;\n const oauthCallbackUri = `${origin}${prefix}/auth/sso/callback`;\n\n // Encode the post-login redirect in state (where user goes after auth completes)\n // State format: uuid|postLoginRedirect\n // Validate redirect_uri to prevent open-redirect attacks: allow relative paths,\n // same-origin URLs, and localhost URLs (for dev setups where Studio runs on a\n // different port).\n let postLoginRedirect = '/';\n if (redirect_uri) {\n if (!redirect_uri.startsWith('http')) {\n // Relative path — always safe\n postLoginRedirect = redirect_uri;\n } else {\n try {\n const redirectUrl = new URL(redirect_uri);\n const requestOrigin = new URL(origin);\n const isHttps = redirectUrl.protocol === 'http:' || redirectUrl.protocol === 'https:';\n const isSameOrigin = redirectUrl.origin === requestOrigin.origin;\n const isLocalhost =\n redirectUrl.hostname === 'localhost' ||\n redirectUrl.hostname === '127.0.0.1' ||\n redirectUrl.hostname === '[::1]';\n if (isHttps && (isSameOrigin || isLocalhost)) {\n postLoginRedirect = redirect_uri;\n }\n } catch {\n // Malformed URL — fall back to /\n }\n }\n }\n const stateId = crypto.randomUUID();\n const state = `${stateId}|${encodeURIComponent(postLoginRedirect)}`;\n\n const loginUrl = auth.getLoginUrl(oauthCallbackUri, state);\n\n // Build response with optional PKCE cookies\n const headers = new Headers({ 'Content-Type': 'application/json' });\n\n // Check for PKCE cookies (e.g., MastraCloudAuthProvider)\n if (implementsInterface<ISSOProvider>(auth, 'getLoginCookies') && auth.getLoginCookies) {\n const cookies = auth.getLoginCookies(oauthCallbackUri, state);\n if (cookies?.length) {\n // PKCE cookies set for SSO state management\n for (const cookie of cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n }\n\n return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });\n } catch (error) {\n return handleError(error, 'Error initiating SSO login');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/sso/callback\n// ============================================================================\n\nexport const GET_SSO_CALLBACK_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/sso/callback',\n responseType: 'datastream-response',\n queryParamSchema: ssoCallbackQuerySchema,\n summary: 'Handle SSO callback',\n description: 'Handles the OAuth callback, exchanges code for session, and redirects to the app.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, code, state, request } = ctx as any;\n\n // Build base URL for redirects (Response.redirect requires absolute URL)\n const baseUrl = getPublicOrigin(request);\n\n // Extract post-login redirect from state (format: uuid|encodedRedirect)\n let redirectTo = '/';\n let stateId = state || '';\n if (state && state.includes('|')) {\n const [id, encodedRedirect] = state.split('|', 2);\n stateId = id;\n try {\n redirectTo = decodeURIComponent(encodedRedirect);\n } catch {\n redirectTo = '/';\n }\n }\n\n // Build absolute redirect URL.\n // The redirect_uri was validated at the login endpoint (same-origin or localhost\n // only), so the state should only contain safe URLs. We still apply defense-in-depth\n // checks here: allow http(s) same-origin or localhost, reject everything else.\n let absoluteRedirect: string;\n if (redirectTo.startsWith('http')) {\n try {\n const parsed = new URL(redirectTo);\n const baseOrigin = new URL(baseUrl);\n const isHttps = parsed.protocol === 'http:' || parsed.protocol === 'https:';\n const isSameOrigin = parsed.origin === baseOrigin.origin;\n const isLocalhost =\n parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1' || parsed.hostname === '[::1]';\n absoluteRedirect = isHttps && (isSameOrigin || isLocalhost) ? redirectTo : `${baseUrl}/`;\n } catch {\n absoluteRedirect = `${baseUrl}/`;\n }\n } else {\n absoluteRedirect = `${baseUrl}${redirectTo}`;\n }\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n return Response.redirect(`${absoluteRedirect}?error=sso_not_configured`, 302);\n }\n\n // Pass cookie header to provider for PKCE validation (if supported)\n const reqCookieHeader = request.headers.get('cookie');\n if (typeof (auth as any).setCallbackCookieHeader === 'function') {\n (auth as any).setCallbackCookieHeader(reqCookieHeader);\n }\n\n const result = (await auth.handleCallback(code, stateId)) as SSOCallbackResult<EEUser>;\n const user = result.user as EEUser;\n\n // Build response headers (session cookies, etc.)\n const headers = new Headers();\n headers.set('Location', absoluteRedirect);\n\n // Set session cookies from the SSO result\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n } else if (implementsInterface<ISessionProvider>(auth, 'createSession') && result.tokens) {\n // Fallback: Create session manually for providers without cookie support\n const session = await auth.createSession(user.id, {\n accessToken: result.tokens.accessToken,\n refreshToken: result.tokens.refreshToken,\n expiresAt: result.tokens.expiresAt,\n organizationId: (user as any).organizationId,\n });\n const sessionHeaders = auth.getSessionHeaders(session);\n for (const [key, value] of Object.entries(sessionHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(null, {\n status: 302,\n headers,\n });\n } catch (error) {\n // Redirect with error (use absolute URL)\n const errorMessage = encodeURIComponent(error instanceof Error ? error.message : 'Unknown error');\n return Response.redirect(`${absoluteRedirect}?error=${errorMessage}`, 302);\n }\n },\n});\n\n// ============================================================================\n// POST /auth/logout\n// ============================================================================\n\nexport const POST_LOGOUT_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/logout',\n responseType: 'datastream-response',\n summary: 'Logout',\n description: 'Destroys the current session and returns logout redirect URL if available.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request } = ctx as any;\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (!auth) {\n return new Response(JSON.stringify({ success: true }), {\n status: 200,\n headers: { 'Content-Type': 'application/json' },\n });\n }\n\n // Get session ID and destroy it\n if (implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')) {\n const sessionId = auth.getSessionIdFromRequest(request);\n if (sessionId && implementsInterface<ISessionProvider>(auth, 'destroySession')) {\n await auth.destroySession(sessionId);\n }\n }\n\n // Get logout URL if available\n let redirectTo: string | undefined;\n if (implementsInterface<ISSOProvider>(auth, 'getLogoutUrl') && auth.getLogoutUrl) {\n // Use public origin (respects X-Forwarded-Host behind reverse proxy)\n const origin = getPublicOrigin(request);\n const logoutUrl = await auth.getLogoutUrl(origin, request);\n redirectTo = logoutUrl ?? undefined;\n }\n\n // Build response with session clearing headers\n const headers = new Headers({ 'Content-Type': 'application/json' });\n\n // Clear session cookie\n if (implementsInterface<ISessionProvider>(auth, 'getClearSessionHeaders')) {\n const clearHeaders = auth.getClearSessionHeaders();\n for (const [key, value] of Object.entries(clearHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(JSON.stringify({ success: true, redirectTo }), {\n status: 200,\n headers,\n });\n } catch (error) {\n return handleError(error, 'Error logging out');\n }\n },\n});\n\n// ============================================================================\n// POST /auth/refresh\n// ============================================================================\n\nexport const POST_REFRESH_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/refresh',\n responseType: 'datastream-response',\n responseSchema: refreshResponseSchema,\n summary: 'Refresh session',\n description: 'Refreshes the current session, extending its expiry. Sets a new session cookie on success.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request } = ctx as any;\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (\n !auth ||\n !implementsInterface<ISessionProvider>(auth, 'refreshSession') ||\n !implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')\n ) {\n throw new HTTPException(404, { message: 'Session refresh not configured' });\n }\n\n // Get session ID from request\n const sessionId = auth.getSessionIdFromRequest(request);\n if (!sessionId) {\n throw new HTTPException(401, { message: 'No session' });\n }\n\n // Refresh the session\n const newSession = await auth.refreshSession(sessionId);\n if (!newSession) {\n throw new HTTPException(401, { message: 'Session expired' });\n }\n\n // Build response with new session headers\n const headers = new Headers({ 'Content-Type': 'application/json' });\n if (implementsInterface<ISessionProvider>(auth, 'getSessionHeaders')) {\n const sessionHeaders = auth.getSessionHeaders(newSession);\n for (const [key, value] of Object.entries(sessionHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(JSON.stringify({ success: true }), {\n status: 200,\n headers,\n });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error refreshing session');\n }\n },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-in\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_IN_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/credentials/sign-in',\n responseType: 'datastream-response',\n bodySchema: credentialsSignInBodySchema,\n summary: 'Sign in with credentials',\n description: 'Authenticates a user with email and password.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request, email, password } = ctx as any;\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signIn')) {\n throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n }\n\n const result = await auth.signIn(email, password, request);\n const user = result.user as EEUser;\n\n const responseBody = JSON.stringify({\n user: {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n },\n token: result.token,\n });\n\n // Build response headers, including cookies from the auth provider\n const headers = new Headers({\n 'Content-Type': 'application/json',\n });\n\n // Forward session cookies from the auth provider\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n\n return new Response(responseBody, { status: 200, headers });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n // Return a generic error for auth failures to avoid leaking info\n throw new HTTPException(401, { message: 'Invalid email or password' });\n }\n },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-up\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_UP_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/credentials/sign-up',\n responseType: 'datastream-response',\n bodySchema: credentialsSignUpBodySchema,\n summary: 'Sign up with credentials',\n description: 'Creates a new user account with email and password.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request, email, password, name } = ctx as any;\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signUp')) {\n throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n }\n\n const result = await auth.signUp(email, password, name, request);\n const user = result.user as EEUser;\n\n const responseBody = JSON.stringify({\n user: {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n },\n token: result.token,\n });\n\n // Build response headers, including cookies from the auth provider\n const headers = new Headers({\n 'Content-Type': 'application/json',\n });\n\n // Forward session cookies from the auth provider\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n\n return new Response(responseBody, { status: 200, headers });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n const mastra = (ctx as any).mastra;\n mastra?.getLogger?.()?.error('Sign-up error', {\n error: error instanceof Error ? { message: error.message, stack: error.stack } : error,\n });\n throw new HTTPException(400, { message: 'Failed to create account' });\n }\n },\n});\n\n// ============================================================================\n// GET /auth/roles/:roleId/permissions\n// ============================================================================\n\nconst rolePermissionsPathSchema = z.object({ roleId: z.string() });\nconst rolePermissionsResponseSchema = z.object({ roleId: z.string(), permissions: z.array(z.string()) });\n\nexport const GET_ROLE_PERMISSIONS_ROUTE = createRoute({\n method: 'GET',\n path: '/auth/roles/:roleId/permissions',\n requiresAuth: true,\n responseType: 'json',\n pathParamSchema: rolePermissionsPathSchema,\n responseSchema: rolePermissionsResponseSchema,\n summary: 'Get permissions for a role',\n description:\n 'Returns the resolved permissions for a specific role. Only accessible by admin users. Used by the \"View as role\" feature.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, requestContext, roleId } = ctx as any;\n\n // Check that the caller is an admin\n const callerPermissions: string[] = requestContext?.get(MASTRA_USER_PERMISSIONS_KEY) ?? [];\n const isAdmin = callerPermissions.some((p: string) => p === '*' || p === '*:*');\n if (!isAdmin) {\n throw new HTTPException(403, { message: 'Admin access required' });\n }\n\n const rbac = getRBACProvider(mastra);\n if (!rbac?.getPermissionsForRole) {\n throw new HTTPException(404, { message: 'RBAC provider does not support role permission resolution' });\n }\n\n const permissions = await rbac.getPermissionsForRole(roleId);\n return { roleId, permissions };\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error getting role permissions');\n }\n },\n});\n\n// ============================================================================\n// Export all auth routes\n// ============================================================================\n\nexport const AUTH_ROUTES = [\n GET_AUTH_CAPABILITIES_ROUTE,\n GET_CURRENT_USER_ROUTE,\n GET_SSO_LOGIN_ROUTE,\n GET_SSO_CALLBACK_ROUTE,\n POST_LOGOUT_ROUTE,\n POST_REFRESH_ROUTE,\n POST_CREDENTIALS_SIGN_IN_ROUTE,\n POST_CREDENTIALS_SIGN_UP_ROUTE,\n GET_ROLE_PERMISSIONS_ROUTE,\n] as const;\n"]}
1
+ {"version":3,"sources":["../src/server/handlers/auth.ts"],"names":["createPublicRoute","capabilitiesResponseSchema","supportsSessionRefresh","handleError","currentUserResponseSchema","ssoLoginQuerySchema","HTTPException","ssoCallbackQuerySchema","refreshResponseSchema","credentialsSignInBodySchema","credentialsSignUpBodySchema","mastra","z","createRoute","MASTRA_USER_PERMISSIONS_KEY"],"mappings":";;;;;;;;;;AAyCA,IAAI,yBAAA;AACJ,SAAS,qBAAA,GAAkE;AACzE,EAAA,IAAI,CAAC,yBAAA,EAA2B;AAC9B,IAAA,yBAAA,GAA4B,OAAO,sBAAsB,CAAA,CACtD,IAAA,CAAK,OAAK,CAAA,CAAE,iBAAwC,CAAA,CACpD,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,yBAAA;AACT;AAKA,SAAS,gBAAgB,MAAA,EAAwC;AAC/D,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAM,OAAO,IAAA;AAIhC,EAAA,IAAI,OAAO,YAAA,CAAa,IAAA,CAAK,iBAAA,KAAsB,UAAA,EAAY;AAC7D,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AAoBO,SAAS,gBAAgB,OAAA,EAA0B;AACxD,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACnF,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,OAAO,WAAW,aAAa,CAAA,CAAA;AAAA,EACjC;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACvC,EAAA,IAAI,IAAA,EAAM;AACR,IAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACrF,IAAA,MAAM,KAAA,GAAQ,cAAA,IAAkB,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAC7E,IAAA,OAAO,CAAA,EAAG,KAAK,CAAA,GAAA,EAAM,IAAI,CAAA,CAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,MAAA;AAC9B;AAKA,SAAS,gBAAgB,MAAA,EAAgD;AACvE,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,IAAA;AACvB;AAKA,SAAS,eAAe,MAAA,EAA+C;AACrE,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,GAAA;AACvB;AAKA,SAAS,mBAAA,CAAuB,MAAe,MAAA,EAA4B;AACzE,EAAA,OAAO,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,OAAQ,IAAA,CAAa,MAAM,CAAA,KAAM,UAAA;AACvF;AAMO,IAAM,8BAA8BA,mCAAA,CAAkB;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBC,4CAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,GAAA;AAEzC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,MAAM,GAAA,GAAM,eAAe,MAAM,CAAA;AAEjC,MAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,EAAsB;AACtD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AACA,MAAA,MAAM,YAAA,GAAe,MAAM,iBAAA,CAAkB,IAAA,EAAM,OAAA,EAAS,EAAE,IAAA,EAAM,GAAA,EAAK,SAAA,EAAW,WAAA,EAAa,CAAA;AAIjG,MAAA,IAAI,EAAE,MAAA,IAAU,YAAA,CAAA,IAAiBC,wCAAA,CAAuB,IAAI,CAAA,EAAG;AAC7D,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AAC5D,UAAA,IAAI,SAAA,EAAW;AACb,YAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AAC5D,YAAA,IAAI,gBAAA,EAAkB;AACpB,cAAA,MAAM,cAAA,GAAiB,MAAM,IAAA,CAAK,iBAAA,CAAkB,gBAAgB,CAAA;AACpE,cAAA,MAAM,WAAA,GAAc,yBAAyB,cAAc,CAAA;AAC3D,cAAA,IAAI,WAAA,EAAa;AAEf,gBAAA,MAAM,gBAAA,GAAmB,IAAI,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK;AAAA,kBAChD,QAAQ,OAAA,CAAQ,MAAA;AAAA,kBAChB,OAAA,EAAS,IAAI,OAAA,CAAQ,OAAA,CAAQ,OAAO;AAAA,iBACrC,CAAA;AACD,gBAAA,gBAAA,CAAiB,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,WAAW,CAAA;AAClD,gBAAA,MAAM,qBAAA,GAAwB,MAAM,iBAAA,CAAkB,IAAA,EAAM,gBAAA,EAAkB;AAAA,kBAC5E,IAAA;AAAA,kBACA,SAAA,EAAW;AAAA,iBACZ,CAAA;AAGD,gBAAA,IAAI,UAAU,qBAAA,EAAuB;AACnC,kBAAC,sBAA8B,gBAAA,GAAmB,cAAA;AAAA,gBACpD;AACA,gBAAA,OAAO,qBAAA;AAAA,cACT;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO,YAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAKD,SAAS,yBAAyB,OAAA,EAAgD;AAChF,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,YAAY,CAAA,IAAK,QAAQ,YAAY,CAAA;AAC/D,EAAA,IAAI,CAAC,WAAW,OAAO,IAAA;AAEvB,EAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,KAAA,CAAM,UAAU,CAAA;AACxC,EAAA,OAAO,KAAA,GAAS,KAAA,CAAM,CAAC,CAAA,IAAK,IAAA,GAAQ,IAAA;AACtC;AAMO,IAAM,yBAAyBH,mCAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,UAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBI,2CAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAmC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACxE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,cAAA,CAAe,OAAO,CAAA;AAC9C,MAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAGlB,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,WAAA;AAEJ,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAI;AACF,UAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAChC,UAAA,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAAA,QAC9C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,IAAA,CAAK,EAAA;AAAA,QACT,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,WAAW,IAAA,CAAK,SAAA;AAAA,QAChB,KAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOD,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,sBAAsBH,mCAAA,CAAkB;AAAA,EACnD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkBK,qCAAA;AAAA,EAClB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,4DAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,YAAA,EAAc,OAAA,EAAS,aAAY,GAAI,GAAA;AACvD,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,aAAa,CAAA,EAAG;AACpE,QAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,MAChE;AAGA,MAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,MAAA,MAAM,GAAA,GAAA,CAAQ,WAAA,IAA0B,MAAA,EAAQ,IAAA,EAAK;AACrD,MAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,GAAI,GAAA,GAAM,IAAI,GAAG,CAAA,CAAA;AACrD,MAAA,MAAM,MAAA,GAAS,UAAU,QAAA,CAAS,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,SAAA;AAClE,MAAA,MAAM,gBAAA,GAAmB,CAAA,EAAG,MAAM,CAAA,EAAG,MAAM,CAAA,kBAAA,CAAA;AAO3C,MAAA,IAAI,iBAAA,GAAoB,GAAA;AACxB,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,YAAA,CAAa,UAAA,CAAW,MAAM,CAAA,EAAG;AAEpC,UAAA,iBAAA,GAAoB,YAAA;AAAA,QACtB,CAAA,MAAO;AACL,UAAA,IAAI;AACF,YAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,YAAY,CAAA;AACxC,YAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,MAAM,CAAA;AACpC,YAAA,MAAM,OAAA,GAAU,WAAA,CAAY,QAAA,KAAa,OAAA,IAAW,YAAY,QAAA,KAAa,QAAA;AAC7E,YAAA,MAAM,YAAA,GAAe,WAAA,CAAY,MAAA,KAAW,aAAA,CAAc,MAAA;AAC1D,YAAA,MAAM,WAAA,GACJ,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,OAAA;AAC3B,YAAA,IAAI,OAAA,KAAY,gBAAgB,WAAA,CAAA,EAAc;AAC5C,cAAA,iBAAA,GAAoB,YAAA;AAAA,YACtB;AAAA,UACF,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AACA,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,kBAAA,CAAmB,iBAAiB,CAAC,CAAA,CAAA;AAEjE,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,WAAA,CAAY,gBAAA,EAAkB,KAAK,CAAA;AAGzD,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,iBAAiB,CAAA,IAAK,KAAK,eAAA,EAAiB;AACtF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,CAAgB,gBAAA,EAAkB,KAAK,CAAA;AAC5D,QAAA,IAAI,SAAS,MAAA,EAAQ;AAEnB,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,UACrC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,GAAA,EAAK,QAAA,EAAU,CAAA,EAAG,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IACjF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOH,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyBH,mCAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkBO,wCAAA;AAAA,EAClB,OAAA,EAAS,qBAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,SAAQ,GAAI,GAAA;AAGzC,IAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AAGvC,IAAA,IAAI,UAAA,GAAa,GAAA;AACjB,IAAA,IAAI,UAAU,KAAA,IAAS,EAAA;AACvB,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,MAAA,MAAM,CAAC,EAAA,EAAI,eAAe,IAAI,KAAA,CAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAChD,MAAA,OAAA,GAAU,EAAA;AACV,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,mBAAmB,eAAe,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,UAAA,GAAa,GAAA;AAAA,MACf;AAAA,IACF;AAMA,IAAA,IAAI,gBAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,OAAO,CAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,OAAO,QAAA,KAAa,QAAA;AACnE,QAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,KAAW,UAAA,CAAW,MAAA;AAClD,QAAA,MAAM,WAAA,GACJ,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,OAAA;AAC5F,QAAA,gBAAA,GAAmB,OAAA,KAAY,YAAA,IAAgB,WAAA,CAAA,GAAe,UAAA,GAAa,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MACvF,CAAA,CAAA,MAAQ;AACN,QAAA,gBAAA,GAAmB,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MAC/B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,gBAAA,GAAmB,CAAA,EAAG,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,OAAO,QAAA,CAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,6BAA6B,GAAG,CAAA;AAAA,MAC9E;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,OAAQ,IAAA,CAAa,uBAAA,KAA4B,UAAA,EAAY;AAC/D,QAAC,IAAA,CAAa,wBAAwB,eAAe,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAM,OAAO,CAAA;AACvD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAGpB,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,gBAAgB,CAAA;AAGxC,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF,WAAW,mBAAA,CAAsC,IAAA,EAAM,eAAe,CAAA,IAAK,OAAO,MAAA,EAAQ;AAExF,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,KAAK,EAAA,EAAI;AAAA,UAChD,WAAA,EAAa,OAAO,MAAA,CAAO,WAAA;AAAA,UAC3B,YAAA,EAAc,OAAO,MAAA,CAAO,YAAA;AAAA,UAC5B,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,UACzB,gBAAiB,IAAA,CAAa;AAAA,SAC/B,CAAA;AACD,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA;AACrD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AAEd,MAAA,MAAM,eAAe,kBAAA,CAAmB,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,eAAe,CAAA;AAChG,MAAA,OAAO,SAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,CAAA,OAAA,EAAU,YAAY,IAAI,GAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AACF,CAAC;AAMM,IAAM,oBAAoBP,mCAAA,CAAkB;AAAA,EACjD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,cAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,OAAA,EAAS,QAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAE5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,UACrD,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAGA,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EAAG;AAC1E,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,QAAA,IAAI,SAAA,IAAa,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AAC9E,UAAA,MAAM,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,QACrC;AAAA,MACF;AAGA,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,cAAc,CAAA,IAAK,KAAK,YAAA,EAAc;AAEhF,QAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,CAAa,QAAQ,OAAO,CAAA;AACzD,QAAA,UAAA,GAAa,SAAA,IAAa,MAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,wBAAwB,CAAA,EAAG;AACzE,QAAA,MAAM,YAAA,GAAe,KAAK,sBAAA,EAAuB;AACjD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AACvD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,CAAA,EAAG;AAAA,QACjE,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAOG,6BAAA,CAAY,OAAO,mBAAmB,CAAA;AAAA,IAC/C;AAAA,EACF;AACF,CAAC;AAMM,IAAM,qBAAqBH,mCAAA,CAAkB;AAAA,EAClD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,eAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,cAAA,EAAgBQ,uCAAA;AAAA,EAChB,OAAA,EAAS,iBAAA;AAAA,EACT,WAAA,EAAa,4FAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAE5B,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IACE,CAAC,IAAA,IACD,CAAC,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,IAC7D,CAAC,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EACtE;AACA,QAAA,MAAM,IAAIF,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kCAAkC,CAAA;AAAA,MAC5E;AAGA,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,cAAc,CAAA;AAAA,MACxD;AAGA,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AACtD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,mBAAmB,CAAA;AAAA,MAC7D;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAClE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,mBAAmB,CAAA,EAAG;AACpE,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,UAAU,CAAA;AACxD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,QACrD,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOH,6BAAA,CAAY,OAAO,0BAA0B,CAAA;AAAA,IACtD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiCH,mCAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAYS,6CAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,+CAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,UAAS,GAAI,GAAA;AAE7C,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAIH,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,UAAU,OAAO,CAAA;AACzD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAE1C,MAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,IACvE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiCN,mCAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAYU,6CAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,MAAK,GAAI,GAAA;AAEnD,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AAEnC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAIJ,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,OAAO,KAAA,EAAO,QAAA,EAAU,MAAM,OAAO,CAAA;AAC/D,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,MAAMK,UAAU,GAAA,CAAY,MAAA;AAC5B,MAAAA,OAAAA,EAAQ,SAAA,IAAY,EAAG,KAAA,CAAM,eAAA,EAAiB;AAAA,QAC5C,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,EAAE,OAAA,EAAS,MAAM,OAAA,EAAS,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI;AAAA,OAClF,CAAA;AACD,MAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,4BAA4B,CAAA;AAAA,IACtE;AAAA,EACF;AACF,CAAC;AAMD,IAAM,yBAAA,GAA4BM,KAAE,MAAA,CAAO,EAAE,QAAQA,IAAA,CAAE,MAAA,IAAU,CAAA;AACjE,IAAM,6BAAA,GAAgCA,IAAA,CAAE,MAAA,CAAO,EAAE,QAAQA,IAAA,CAAE,MAAA,EAAO,EAAG,WAAA,EAAaA,KAAE,KAAA,CAAMA,IAAA,CAAE,MAAA,EAAQ,GAAG,CAAA;AAEhG,IAAM,6BAA6BC,6BAAA,CAAY;AAAA,EACpD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iCAAA;AAAA,EACN,YAAA,EAAc,IAAA;AAAA,EACd,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,cAAA,EAAgB,6BAAA;AAAA,EAChB,OAAA,EAAS,4BAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,cAAA,EAAgB,MAAA,EAAO,GAAI,GAAA;AAG3C,MAAA,MAAM,iBAAA,GAA8B,cAAA,EAAgB,GAAA,CAAIC,6CAA2B,KAAK,EAAC;AACzF,MAAA,MAAM,OAAA,GAAU,kBAAkB,IAAA,CAAK,CAAC,MAAc,CAAA,KAAM,GAAA,IAAO,MAAM,KAAK,CAAA;AAC9E,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,MAAM,IAAIR,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,yBAAyB,CAAA;AAAA,MACnE;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,IAAI,CAAC,MAAM,qBAAA,EAAuB;AAChC,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6DAA6D,CAAA;AAAA,MACvG;AAEA,MAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,qBAAA,CAAsB,MAAM,CAAA;AAC3D,MAAA,OAAO,EAAE,QAAQ,WAAA,EAAY;AAAA,IAC/B,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOH,6BAAA,CAAY,OAAO,gCAAgC,CAAA;AAAA,IAC5D;AAAA,EACF;AACF,CAAC;AAMM,IAAM,WAAA,GAAc;AAAA,EACzB,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,iBAAA;AAAA,EACA,kBAAA;AAAA,EACA,8BAAA;AAAA,EACA,8BAAA;AAAA,EACA;AACF","file":"chunk-GK5QGY2U.cjs","sourcesContent":["/**\n * Auth handlers for EE authentication capabilities.\n *\n * These routes enable Studio to:\n * - Detect available auth capabilities\n * - Initiate SSO login flows\n * - Handle OAuth callbacks\n * - Logout users\n */\n\nimport type {\n IUserProvider,\n ISessionProvider,\n ISSOProvider,\n ICredentialsProvider,\n SSOCallbackResult,\n} from '@mastra/core/auth';\nimport type { IRBACProvider, IFGAProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { MastraAuthProvider } from '@mastra/core/server';\n\nimport { z } from 'zod/v4';\nimport { supportsSessionRefresh } from '../auth/helpers';\nimport { MASTRA_USER_PERMISSIONS_KEY } from '../constants';\nimport { HTTPException } from '../http-exception';\nimport {\n capabilitiesResponseSchema,\n ssoLoginQuerySchema,\n ssoCallbackQuerySchema,\n currentUserResponseSchema,\n credentialsSignInBodySchema,\n credentialsSignUpBodySchema,\n refreshResponseSchema,\n} from '../schemas/auth';\nimport { createPublicRoute, createRoute } from '../server-adapter/routes/route-builder';\nimport { handleError } from './error';\n\ntype BuildCapabilitiesFn = (\n auth: any,\n request: Request,\n options?: { rbac?: any; fga?: any; apiPrefix?: string },\n) => Promise<any>;\nlet _buildCapabilitiesPromise: Promise<BuildCapabilitiesFn | undefined> | undefined;\nfunction loadBuildCapabilities(): Promise<BuildCapabilitiesFn | undefined> {\n if (!_buildCapabilitiesPromise) {\n _buildCapabilitiesPromise = import('@mastra/core/auth/ee')\n .then(m => m.buildCapabilities as BuildCapabilitiesFn)\n .catch(() => {\n console.error(\n '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n );\n return undefined;\n });\n }\n return _buildCapabilitiesPromise;\n}\n\n/**\n * Helper to get auth provider from Mastra instance.\n */\nfunction getAuthProvider(mastra: any): MastraAuthProvider | null {\n const serverConfig = mastra.getServer?.();\n if (!serverConfig?.auth) return null;\n\n // Auth can be either MastraAuthConfig or MastraAuthProvider\n // If it has authenticateToken method, it's a provider\n if (typeof serverConfig.auth.authenticateToken === 'function') {\n return serverConfig.auth as MastraAuthProvider;\n }\n\n return null;\n}\n\n/**\n * Get the public-facing origin from a request, respecting reverse proxy headers.\n * Behind a proxy (e.g. edge router), request.url contains the internal hostname,\n * so we rely on forwarded headers to reconstruct the real public origin.\n *\n * Assumes the server is behind a trusted proxy (or running locally). When\n * exposed directly to untrusted clients, the Host header is attacker-controlled\n * and must be validated upstream.\n *\n * Priority:\n * 1. X-Forwarded-Host (traditional reverse proxy) → always HTTPS. Knative's\n * queue-proxy overwrites X-Forwarded-Proto based on the internal HTTP\n * connection, so X-Forwarded-Proto is ignored here.\n * 2. Host header with X-Forwarded-Proto (AWS ALB, some proxies) → respect proto.\n * 3. Host header alone → use the scheme from request.url (covers both direct\n * HTTP access and proxies that preserve Host but don't set a proto header).\n * 4. No Host header → fall back to request.url.origin (local dev / direct access).\n */\nexport function getPublicOrigin(request: Request): string {\n const forwardedHost = request.headers.get('x-forwarded-host')?.split(',')[0]?.trim();\n if (forwardedHost) {\n return `https://${forwardedHost}`;\n }\n\n const host = request.headers.get('host');\n if (host) {\n const forwardedProto = request.headers.get('x-forwarded-proto')?.split(',')[0]?.trim();\n const proto = forwardedProto || new URL(request.url).protocol.replace(':', '');\n return `${proto}://${host}`;\n }\n\n return new URL(request.url).origin;\n}\n\n/**\n * Helper to get RBAC provider from Mastra server config.\n */\nfunction getRBACProvider(mastra: any): IRBACProvider<EEUser> | undefined {\n const serverConfig = mastra.getServer?.();\n return serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n}\n\n/**\n * Helper to get FGA provider from Mastra server config.\n */\nfunction getFGAProvider(mastra: any): IFGAProvider<EEUser> | undefined {\n const serverConfig = mastra.getServer?.();\n return serverConfig?.fga as IFGAProvider<EEUser> | undefined;\n}\n\n/**\n * Type guard to check if auth provider implements an interface.\n */\nfunction implementsInterface<T>(auth: unknown, method: keyof T): auth is T {\n return auth !== null && typeof auth === 'object' && typeof (auth as any)[method] === 'function';\n}\n\n// ============================================================================\n// GET /auth/capabilities\n// ============================================================================\n\nexport const GET_AUTH_CAPABILITIES_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/capabilities',\n responseType: 'json',\n responseSchema: capabilitiesResponseSchema,\n summary: 'Get auth capabilities',\n description:\n 'Returns authentication capabilities and current user info. Used by Studio to determine available features and user state.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, request, routePrefix } = ctx as any;\n\n const auth = getAuthProvider(mastra);\n\n if (!auth) {\n return { enabled: false, login: null };\n }\n\n const rbac = getRBACProvider(mastra);\n const fga = getFGAProvider(mastra);\n\n const buildCapabilities = await loadBuildCapabilities();\n if (!buildCapabilities) {\n return { enabled: false, login: null };\n }\n const capabilities = await buildCapabilities(auth, request, { rbac, fga, apiPrefix: routePrefix });\n\n // If capabilities came back without a user, the session may have expired.\n // Attempt a transparent refresh (same logic as coreAuthMiddleware) and retry.\n if (!('user' in capabilities) && supportsSessionRefresh(auth)) {\n try {\n const sessionId = await auth.getSessionIdFromRequest(request);\n if (sessionId) {\n const refreshedSession = await auth.refreshSession(sessionId);\n if (refreshedSession) {\n const sessionHeaders = await auth.getSessionHeaders(refreshedSession);\n const cookieValue = extractCookieFromHeaders(sessionHeaders);\n if (cookieValue) {\n // Rebuild capabilities with the refreshed cookie\n const refreshedRequest = new Request(request.url, {\n method: request.method,\n headers: new Headers(request.headers),\n });\n refreshedRequest.headers.set('Cookie', cookieValue);\n const refreshedCapabilities = await buildCapabilities(auth, refreshedRequest, {\n rbac,\n apiPrefix: routePrefix,\n });\n\n // Attach refresh headers so the adapter can set the new cookie\n if ('user' in refreshedCapabilities) {\n (refreshedCapabilities as any).__refreshHeaders = sessionHeaders;\n }\n return refreshedCapabilities;\n }\n }\n }\n } catch {\n // Refresh failed — return original unauthenticated capabilities\n }\n }\n\n return capabilities;\n } catch (error) {\n return handleError(error, 'Error getting auth capabilities');\n }\n },\n});\n\n/**\n * Extract a full cookie string from session headers (e.g. Set-Cookie → Cookie).\n */\nfunction extractCookieFromHeaders(headers: Record<string, string>): string | null {\n const setCookie = headers['Set-Cookie'] || headers['set-cookie'];\n if (!setCookie) return null;\n // Set-Cookie value is \"name=value; Path=/; ...\" — extract \"name=value\"\n const match = setCookie.match(/^([^;]+)/);\n return match ? (match[1] ?? null) : null;\n}\n\n// ============================================================================\n// GET /auth/me\n// ============================================================================\n\nexport const GET_CURRENT_USER_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/me',\n responseType: 'json',\n responseSchema: currentUserResponseSchema,\n summary: 'Get current user',\n description: 'Returns the currently authenticated user, or null if not authenticated.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, request } = ctx as any;\n const auth = getAuthProvider(mastra);\n const rbac = getRBACProvider(mastra);\n\n if (!auth || !implementsInterface<IUserProvider>(auth, 'getCurrentUser')) {\n return null;\n }\n\n const user = await auth.getCurrentUser(request);\n if (!user) return null;\n\n // Get roles/permissions from RBAC provider if available\n let roles: string[] | undefined;\n let permissions: string[] | undefined;\n\n if (rbac) {\n try {\n roles = await rbac.getRoles(user);\n permissions = await rbac.getPermissions(user);\n } catch {\n // RBAC not available or failed\n }\n }\n\n return {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n roles,\n permissions,\n };\n } catch (error) {\n return handleError(error, 'Error getting current user');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/sso/login\n// ============================================================================\n\nexport const GET_SSO_LOGIN_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/sso/login',\n responseType: 'datastream-response',\n queryParamSchema: ssoLoginQuerySchema,\n summary: 'Initiate SSO login',\n description: 'Returns the SSO login URL and sets PKCE cookies if needed.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, redirect_uri, request, routePrefix } = ctx as any;\n const auth = getAuthProvider(mastra);\n\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'getLoginUrl')) {\n throw new HTTPException(404, { message: 'SSO not configured' });\n }\n\n // Build OAuth callback URI using the configured route prefix\n const origin = getPublicOrigin(request);\n const raw = ((routePrefix as string) || '/api').trim();\n const withSlash = raw.startsWith('/') ? raw : `/${raw}`;\n const prefix = withSlash.endsWith('/') ? withSlash.slice(0, -1) : withSlash;\n const oauthCallbackUri = `${origin}${prefix}/auth/sso/callback`;\n\n // Encode the post-login redirect in state (where user goes after auth completes)\n // State format: uuid|postLoginRedirect\n // Validate redirect_uri to prevent open-redirect attacks: allow relative paths,\n // same-origin URLs, and localhost URLs (for dev setups where Studio runs on a\n // different port).\n let postLoginRedirect = '/';\n if (redirect_uri) {\n if (!redirect_uri.startsWith('http')) {\n // Relative path — always safe\n postLoginRedirect = redirect_uri;\n } else {\n try {\n const redirectUrl = new URL(redirect_uri);\n const requestOrigin = new URL(origin);\n const isHttps = redirectUrl.protocol === 'http:' || redirectUrl.protocol === 'https:';\n const isSameOrigin = redirectUrl.origin === requestOrigin.origin;\n const isLocalhost =\n redirectUrl.hostname === 'localhost' ||\n redirectUrl.hostname === '127.0.0.1' ||\n redirectUrl.hostname === '[::1]';\n if (isHttps && (isSameOrigin || isLocalhost)) {\n postLoginRedirect = redirect_uri;\n }\n } catch {\n // Malformed URL — fall back to /\n }\n }\n }\n const stateId = crypto.randomUUID();\n const state = `${stateId}|${encodeURIComponent(postLoginRedirect)}`;\n\n const loginUrl = auth.getLoginUrl(oauthCallbackUri, state);\n\n // Build response with optional PKCE cookies\n const headers = new Headers({ 'Content-Type': 'application/json' });\n\n // Check for PKCE cookies (e.g., MastraCloudAuthProvider)\n if (implementsInterface<ISSOProvider>(auth, 'getLoginCookies') && auth.getLoginCookies) {\n const cookies = auth.getLoginCookies(oauthCallbackUri, state);\n if (cookies?.length) {\n // PKCE cookies set for SSO state management\n for (const cookie of cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n }\n\n return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });\n } catch (error) {\n return handleError(error, 'Error initiating SSO login');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/sso/callback\n// ============================================================================\n\nexport const GET_SSO_CALLBACK_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/sso/callback',\n responseType: 'datastream-response',\n queryParamSchema: ssoCallbackQuerySchema,\n summary: 'Handle SSO callback',\n description: 'Handles the OAuth callback, exchanges code for session, and redirects to the app.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, code, state, request } = ctx as any;\n\n // Build base URL for redirects (Response.redirect requires absolute URL)\n const baseUrl = getPublicOrigin(request);\n\n // Extract post-login redirect from state (format: uuid|encodedRedirect)\n let redirectTo = '/';\n let stateId = state || '';\n if (state && state.includes('|')) {\n const [id, encodedRedirect] = state.split('|', 2);\n stateId = id;\n try {\n redirectTo = decodeURIComponent(encodedRedirect);\n } catch {\n redirectTo = '/';\n }\n }\n\n // Build absolute redirect URL.\n // The redirect_uri was validated at the login endpoint (same-origin or localhost\n // only), so the state should only contain safe URLs. We still apply defense-in-depth\n // checks here: allow http(s) same-origin or localhost, reject everything else.\n let absoluteRedirect: string;\n if (redirectTo.startsWith('http')) {\n try {\n const parsed = new URL(redirectTo);\n const baseOrigin = new URL(baseUrl);\n const isHttps = parsed.protocol === 'http:' || parsed.protocol === 'https:';\n const isSameOrigin = parsed.origin === baseOrigin.origin;\n const isLocalhost =\n parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1' || parsed.hostname === '[::1]';\n absoluteRedirect = isHttps && (isSameOrigin || isLocalhost) ? redirectTo : `${baseUrl}/`;\n } catch {\n absoluteRedirect = `${baseUrl}/`;\n }\n } else {\n absoluteRedirect = `${baseUrl}${redirectTo}`;\n }\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n return Response.redirect(`${absoluteRedirect}?error=sso_not_configured`, 302);\n }\n\n // Pass cookie header to provider for PKCE validation (if supported)\n const reqCookieHeader = request.headers.get('cookie');\n if (typeof (auth as any).setCallbackCookieHeader === 'function') {\n (auth as any).setCallbackCookieHeader(reqCookieHeader);\n }\n\n const result = (await auth.handleCallback(code, stateId)) as SSOCallbackResult<EEUser>;\n const user = result.user as EEUser;\n\n // Build response headers (session cookies, etc.)\n const headers = new Headers();\n headers.set('Location', absoluteRedirect);\n\n // Set session cookies from the SSO result\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n } else if (implementsInterface<ISessionProvider>(auth, 'createSession') && result.tokens) {\n // Fallback: Create session manually for providers without cookie support\n const session = await auth.createSession(user.id, {\n accessToken: result.tokens.accessToken,\n refreshToken: result.tokens.refreshToken,\n expiresAt: result.tokens.expiresAt,\n organizationId: (user as any).organizationId,\n });\n const sessionHeaders = auth.getSessionHeaders(session);\n for (const [key, value] of Object.entries(sessionHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(null, {\n status: 302,\n headers,\n });\n } catch (error) {\n // Redirect with error (use absolute URL)\n const errorMessage = encodeURIComponent(error instanceof Error ? error.message : 'Unknown error');\n return Response.redirect(`${absoluteRedirect}?error=${errorMessage}`, 302);\n }\n },\n});\n\n// ============================================================================\n// POST /auth/logout\n// ============================================================================\n\nexport const POST_LOGOUT_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/logout',\n responseType: 'datastream-response',\n summary: 'Logout',\n description: 'Destroys the current session and returns logout redirect URL if available.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request } = ctx as any;\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (!auth) {\n return new Response(JSON.stringify({ success: true }), {\n status: 200,\n headers: { 'Content-Type': 'application/json' },\n });\n }\n\n // Get session ID and destroy it\n if (implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')) {\n const sessionId = auth.getSessionIdFromRequest(request);\n if (sessionId && implementsInterface<ISessionProvider>(auth, 'destroySession')) {\n await auth.destroySession(sessionId);\n }\n }\n\n // Get logout URL if available\n let redirectTo: string | undefined;\n if (implementsInterface<ISSOProvider>(auth, 'getLogoutUrl') && auth.getLogoutUrl) {\n // Use public origin (respects X-Forwarded-Host behind reverse proxy)\n const origin = getPublicOrigin(request);\n const logoutUrl = await auth.getLogoutUrl(origin, request);\n redirectTo = logoutUrl ?? undefined;\n }\n\n // Build response with session clearing headers\n const headers = new Headers({ 'Content-Type': 'application/json' });\n\n // Clear session cookie\n if (implementsInterface<ISessionProvider>(auth, 'getClearSessionHeaders')) {\n const clearHeaders = auth.getClearSessionHeaders();\n for (const [key, value] of Object.entries(clearHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(JSON.stringify({ success: true, redirectTo }), {\n status: 200,\n headers,\n });\n } catch (error) {\n return handleError(error, 'Error logging out');\n }\n },\n});\n\n// ============================================================================\n// POST /auth/refresh\n// ============================================================================\n\nexport const POST_REFRESH_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/refresh',\n responseType: 'datastream-response',\n responseSchema: refreshResponseSchema,\n summary: 'Refresh session',\n description: 'Refreshes the current session, extending its expiry. Sets a new session cookie on success.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request } = ctx as any;\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (\n !auth ||\n !implementsInterface<ISessionProvider>(auth, 'refreshSession') ||\n !implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')\n ) {\n throw new HTTPException(404, { message: 'Session refresh not configured' });\n }\n\n // Get session ID from request\n const sessionId = auth.getSessionIdFromRequest(request);\n if (!sessionId) {\n throw new HTTPException(401, { message: 'No session' });\n }\n\n // Refresh the session\n const newSession = await auth.refreshSession(sessionId);\n if (!newSession) {\n throw new HTTPException(401, { message: 'Session expired' });\n }\n\n // Build response with new session headers\n const headers = new Headers({ 'Content-Type': 'application/json' });\n if (implementsInterface<ISessionProvider>(auth, 'getSessionHeaders')) {\n const sessionHeaders = auth.getSessionHeaders(newSession);\n for (const [key, value] of Object.entries(sessionHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(JSON.stringify({ success: true }), {\n status: 200,\n headers,\n });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error refreshing session');\n }\n },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-in\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_IN_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/credentials/sign-in',\n responseType: 'datastream-response',\n bodySchema: credentialsSignInBodySchema,\n summary: 'Sign in with credentials',\n description: 'Authenticates a user with email and password.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request, email, password } = ctx as any;\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signIn')) {\n throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n }\n\n const result = await auth.signIn(email, password, request);\n const user = result.user as EEUser;\n\n const responseBody = JSON.stringify({\n user: {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n },\n token: result.token,\n });\n\n // Build response headers, including cookies from the auth provider\n const headers = new Headers({\n 'Content-Type': 'application/json',\n });\n\n // Forward session cookies from the auth provider\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n\n return new Response(responseBody, { status: 200, headers });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n // Return a generic error for auth failures to avoid leaking info\n throw new HTTPException(401, { message: 'Invalid email or password' });\n }\n },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-up\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_UP_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/credentials/sign-up',\n responseType: 'datastream-response',\n bodySchema: credentialsSignUpBodySchema,\n summary: 'Sign up with credentials',\n description: 'Creates a new user account with email and password.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request, email, password, name } = ctx as any;\n\n try {\n const auth = getAuthProvider(mastra);\n\n if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signUp')) {\n throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n }\n\n const result = await auth.signUp(email, password, name, request);\n const user = result.user as EEUser;\n\n const responseBody = JSON.stringify({\n user: {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n },\n token: result.token,\n });\n\n // Build response headers, including cookies from the auth provider\n const headers = new Headers({\n 'Content-Type': 'application/json',\n });\n\n // Forward session cookies from the auth provider\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n\n return new Response(responseBody, { status: 200, headers });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n const mastra = (ctx as any).mastra;\n mastra?.getLogger?.()?.error('Sign-up error', {\n error: error instanceof Error ? { message: error.message, stack: error.stack } : error,\n });\n throw new HTTPException(400, { message: 'Failed to create account' });\n }\n },\n});\n\n// ============================================================================\n// GET /auth/roles/:roleId/permissions\n// ============================================================================\n\nconst rolePermissionsPathSchema = z.object({ roleId: z.string() });\nconst rolePermissionsResponseSchema = z.object({ roleId: z.string(), permissions: z.array(z.string()) });\n\nexport const GET_ROLE_PERMISSIONS_ROUTE = createRoute({\n method: 'GET',\n path: '/auth/roles/:roleId/permissions',\n requiresAuth: true,\n responseType: 'json',\n pathParamSchema: rolePermissionsPathSchema,\n responseSchema: rolePermissionsResponseSchema,\n summary: 'Get permissions for a role',\n description:\n 'Returns the resolved permissions for a specific role. Only accessible by admin users. Used by the \"View as role\" feature.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, requestContext, roleId } = ctx as any;\n\n // Check that the caller is an admin\n const callerPermissions: string[] = requestContext?.get(MASTRA_USER_PERMISSIONS_KEY) ?? [];\n const isAdmin = callerPermissions.some((p: string) => p === '*' || p === '*:*');\n if (!isAdmin) {\n throw new HTTPException(403, { message: 'Admin access required' });\n }\n\n const rbac = getRBACProvider(mastra);\n if (!rbac?.getPermissionsForRole) {\n throw new HTTPException(404, { message: 'RBAC provider does not support role permission resolution' });\n }\n\n const permissions = await rbac.getPermissionsForRole(roleId);\n return { roleId, permissions };\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error getting role permissions');\n }\n },\n});\n\n// ============================================================================\n// Export all auth routes\n// ============================================================================\n\nexport const AUTH_ROUTES = [\n GET_AUTH_CAPABILITIES_ROUTE,\n GET_CURRENT_USER_ROUTE,\n GET_SSO_LOGIN_ROUTE,\n GET_SSO_CALLBACK_ROUTE,\n POST_LOGOUT_ROUTE,\n POST_REFRESH_ROUTE,\n POST_CREDENTIALS_SIGN_IN_ROUTE,\n POST_CREDENTIALS_SIGN_UP_ROUTE,\n GET_ROLE_PERMISSIONS_ROUTE,\n] as const;\n"]}
package/dist/{chunk-GXI53DFN.js → chunk-GSDXYEQ2.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { capabilitiesResponseSchema, currentUserResponseSchema, ssoLoginQuerySchema, ssoCallbackQuerySchema, refreshResponseSchema, credentialsSignInBodySchema, credentialsSignUpBodySchema } from './chunk-EPCOAEFM.js';
2
2
  import { supportsSessionRefresh } from './chunk-OJNVSXOF.js';
3
- import { handleError } from './chunk-GA4BG5JK.js';
3
+ import { handleError } from './chunk-RJ5ZIUGX.js';
4
4
  import { createPublicRoute, createRoute } from './chunk-DWVJSWSE.js';
5
5
  import { HTTPException } from './chunk-6QWQZI4Q.js';
6
6
  import { MASTRA_USER_PERMISSIONS_KEY } from './chunk-23S37FLK.js';
@@ -500,5 +500,5 @@ var AUTH_ROUTES = [
500
500
  ];
501
501
 
502
502
  export { AUTH_ROUTES, GET_AUTH_CAPABILITIES_ROUTE, GET_CURRENT_USER_ROUTE, GET_ROLE_PERMISSIONS_ROUTE, GET_SSO_CALLBACK_ROUTE, GET_SSO_LOGIN_ROUTE, POST_CREDENTIALS_SIGN_IN_ROUTE, POST_CREDENTIALS_SIGN_UP_ROUTE, POST_LOGOUT_ROUTE, POST_REFRESH_ROUTE, getPublicOrigin };
503
- //# sourceMappingURL=chunk-GXI53DFN.js.map
504
- //# sourceMappingURL=chunk-GXI53DFN.js.map
503
+ //# sourceMappingURL=chunk-GSDXYEQ2.js.map
504
+ //# sourceMappingURL=chunk-GSDXYEQ2.js.map