@mastra/server 1.48.0-alpha.1 → 1.48.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (272) hide show
  1. package/CHANGELOG.md +16 -0
  2. package/dist/_types/@mastra_schema-compat/dist/schema.types.d.ts +11 -1
  3. package/dist/{api-schema-manifest-ELCI56PC.cjs → api-schema-manifest-73TSH5KG.cjs} +6 -6
  4. package/dist/{api-schema-manifest-ELCI56PC.cjs.map → api-schema-manifest-73TSH5KG.cjs.map} +1 -1
  5. package/dist/{api-schema-manifest-54K5ORZR.js → api-schema-manifest-EIFGG6EZ.js} +4 -4
  6. package/dist/{api-schema-manifest-54K5ORZR.js.map → api-schema-manifest-EIFGG6EZ.js.map} +1 -1
  7. package/dist/{chunk-LA4AQGZA.js → chunk-2TBU3CVA.js} +3 -3
  8. package/dist/{chunk-LA4AQGZA.js.map → chunk-2TBU3CVA.js.map} +1 -1
  9. package/dist/{chunk-IY4MNGI3.cjs → chunk-3ETGHYBD.cjs} +28 -28
  10. package/dist/{chunk-IY4MNGI3.cjs.map → chunk-3ETGHYBD.cjs.map} +1 -1
  11. package/dist/{chunk-OU4L45LL.cjs → chunk-3UJJ4CD5.cjs} +16 -16
  12. package/dist/{chunk-OU4L45LL.cjs.map → chunk-3UJJ4CD5.cjs.map} +1 -1
  13. package/dist/{chunk-D7YMTEPI.cjs → chunk-3WR232QH.cjs} +8 -8
  14. package/dist/{chunk-D7YMTEPI.cjs.map → chunk-3WR232QH.cjs.map} +1 -1
  15. package/dist/{chunk-P2WBHT4D.js → chunk-44OQNQID.js} +3 -3
  16. package/dist/{chunk-P2WBHT4D.js.map → chunk-44OQNQID.js.map} +1 -1
  17. package/dist/{chunk-MQMPNMZH.js → chunk-4MLRANM3.js} +3 -3
  18. package/dist/{chunk-MQMPNMZH.js.map → chunk-4MLRANM3.js.map} +1 -1
  19. package/dist/{chunk-4NYA6U6Y.cjs → chunk-5G37ZKCU.cjs} +5 -5
  20. package/dist/{chunk-4NYA6U6Y.cjs.map → chunk-5G37ZKCU.cjs.map} +1 -1
  21. package/dist/{chunk-KA6FUBC5.js → chunk-5NTOT7RS.js} +4 -4
  22. package/dist/{chunk-KA6FUBC5.js.map → chunk-5NTOT7RS.js.map} +1 -1
  23. package/dist/{chunk-GLMV4AZT.js → chunk-5RFSOQX7.js} +3 -3
  24. package/dist/{chunk-GLMV4AZT.js.map → chunk-5RFSOQX7.js.map} +1 -1
  25. package/dist/{chunk-IEONDWGQ.js → chunk-5WSQYMMM.js} +4 -4
  26. package/dist/{chunk-IEONDWGQ.js.map → chunk-5WSQYMMM.js.map} +1 -1
  27. package/dist/{chunk-YTXILVCX.js → chunk-6OUUUQRA.js} +4 -4
  28. package/dist/{chunk-YTXILVCX.js.map → chunk-6OUUUQRA.js.map} +1 -1
  29. package/dist/{chunk-D2XHH2Y3.cjs → chunk-6Z7QUPAF.cjs} +6 -6
  30. package/dist/{chunk-D2XHH2Y3.cjs.map → chunk-6Z7QUPAF.cjs.map} +1 -1
  31. package/dist/{chunk-OZ64QWKA.cjs → chunk-7VVGBO4I.cjs} +8 -8
  32. package/dist/{chunk-OZ64QWKA.cjs.map → chunk-7VVGBO4I.cjs.map} +1 -1
  33. package/dist/{chunk-5FFEBJ3X.js → chunk-A4IMDWJ6.js} +4 -4
  34. package/dist/{chunk-5FFEBJ3X.js.map → chunk-A4IMDWJ6.js.map} +1 -1
  35. package/dist/{chunk-PU4EHEN2.cjs → chunk-AYWUBA6H.cjs} +4 -4
  36. package/dist/{chunk-PU4EHEN2.cjs.map → chunk-AYWUBA6H.cjs.map} +1 -1
  37. package/dist/{chunk-RQGQAYCL.js → chunk-B2W4S5CK.js} +3 -3
  38. package/dist/{chunk-RQGQAYCL.js.map → chunk-B2W4S5CK.js.map} +1 -1
  39. package/dist/{chunk-OE3KATAT.cjs → chunk-B6AK77PU.cjs} +11 -11
  40. package/dist/{chunk-OE3KATAT.cjs.map → chunk-B6AK77PU.cjs.map} +1 -1
  41. package/dist/{chunk-7X243C5K.cjs → chunk-B6N4LO7W.cjs} +71 -71
  42. package/dist/{chunk-7X243C5K.cjs.map → chunk-B6N4LO7W.cjs.map} +1 -1
  43. package/dist/{chunk-GADWAAGI.js → chunk-BHCOXHMA.js} +3 -3
  44. package/dist/{chunk-GADWAAGI.js.map → chunk-BHCOXHMA.js.map} +1 -1
  45. package/dist/{chunk-DVCCSRFP.js → chunk-BJNJXCXR.js} +3 -3
  46. package/dist/{chunk-DVCCSRFP.js.map → chunk-BJNJXCXR.js.map} +1 -1
  47. package/dist/{chunk-YUQSGB5C.js → chunk-BSDZBBWY.js} +3 -3
  48. package/dist/{chunk-YUQSGB5C.js.map → chunk-BSDZBBWY.js.map} +1 -1
  49. package/dist/{chunk-2R52ZPSI.cjs → chunk-C3OH4XSN.cjs} +8 -8
  50. package/dist/{chunk-2R52ZPSI.cjs.map → chunk-C3OH4XSN.cjs.map} +1 -1
  51. package/dist/{chunk-2NGSYVI3.cjs → chunk-C5X6GLX2.cjs} +19 -19
  52. package/dist/{chunk-2NGSYVI3.cjs.map → chunk-C5X6GLX2.cjs.map} +1 -1
  53. package/dist/{chunk-VQQSMW6M.js → chunk-C67MEHCY.js} +5 -5
  54. package/dist/{chunk-VQQSMW6M.js.map → chunk-C67MEHCY.js.map} +1 -1
  55. package/dist/{chunk-34WNPIGV.js → chunk-CFTSZSA6.js} +4 -4
  56. package/dist/{chunk-34WNPIGV.js.map → chunk-CFTSZSA6.js.map} +1 -1
  57. package/dist/{chunk-Z6YXO2T6.cjs → chunk-CIF2CGFI.cjs} +29 -29
  58. package/dist/{chunk-Z6YXO2T6.cjs.map → chunk-CIF2CGFI.cjs.map} +1 -1
  59. package/dist/{chunk-YIBM2OYI.cjs → chunk-CKZFXEIW.cjs} +21 -21
  60. package/dist/{chunk-YIBM2OYI.cjs.map → chunk-CKZFXEIW.cjs.map} +1 -1
  61. package/dist/{chunk-2RD5QPYW.js → chunk-CL2WPXDT.js} +4 -4
  62. package/dist/{chunk-2RD5QPYW.js.map → chunk-CL2WPXDT.js.map} +1 -1
  63. package/dist/{chunk-UACKERCG.js → chunk-CTROJNYB.js} +3 -3
  64. package/dist/{chunk-UACKERCG.js.map → chunk-CTROJNYB.js.map} +1 -1
  65. package/dist/{chunk-5JVILML3.cjs → chunk-CURQLZVZ.cjs} +10 -10
  66. package/dist/{chunk-5JVILML3.cjs.map → chunk-CURQLZVZ.cjs.map} +1 -1
  67. package/dist/{chunk-IDCRGQOI.js → chunk-D45Z77R2.js} +3 -3
  68. package/dist/{chunk-IDCRGQOI.js.map → chunk-D45Z77R2.js.map} +1 -1
  69. package/dist/{chunk-SOQPH6H2.cjs → chunk-D5XCDBZI.cjs} +42 -50
  70. package/dist/chunk-D5XCDBZI.cjs.map +1 -0
  71. package/dist/{chunk-AC4YST2M.cjs → chunk-DD2HU3Y5.cjs} +13 -13
  72. package/dist/{chunk-AC4YST2M.cjs.map → chunk-DD2HU3Y5.cjs.map} +1 -1
  73. package/dist/{chunk-USU23GYD.cjs → chunk-EPJLXE7Z.cjs} +24 -24
  74. package/dist/{chunk-USU23GYD.cjs.map → chunk-EPJLXE7Z.cjs.map} +1 -1
  75. package/dist/{chunk-EBUK5R3S.cjs → chunk-EWIN2VFE.cjs} +8 -8
  76. package/dist/{chunk-EBUK5R3S.cjs.map → chunk-EWIN2VFE.cjs.map} +1 -1
  77. package/dist/{chunk-DSHITLJ4.js → chunk-FFNT7X4Q.js} +3 -3
  78. package/dist/{chunk-DSHITLJ4.js.map → chunk-FFNT7X4Q.js.map} +1 -1
  79. package/dist/{chunk-6CUVVNHE.cjs → chunk-FZUW634N.cjs} +8 -8
  80. package/dist/{chunk-6CUVVNHE.cjs.map → chunk-FZUW634N.cjs.map} +1 -1
  81. package/dist/{chunk-JJDLXVWR.cjs → chunk-H4D4VJVO.cjs} +8 -8
  82. package/dist/{chunk-JJDLXVWR.cjs.map → chunk-H4D4VJVO.cjs.map} +1 -1
  83. package/dist/{chunk-VEKFI5QZ.js → chunk-HCKWHCOO.js} +3 -3
  84. package/dist/{chunk-VEKFI5QZ.js.map → chunk-HCKWHCOO.js.map} +1 -1
  85. package/dist/{chunk-WUT3UHD6.cjs → chunk-HOECIEDX.cjs} +8 -8
  86. package/dist/{chunk-WUT3UHD6.cjs.map → chunk-HOECIEDX.cjs.map} +1 -1
  87. package/dist/{chunk-MMZL6I4C.js → chunk-HY5ZOVQZ.js} +3 -3
  88. package/dist/{chunk-MMZL6I4C.js.map → chunk-HY5ZOVQZ.js.map} +1 -1
  89. package/dist/{chunk-PJLW25AQ.cjs → chunk-IQLKZUWU.cjs} +28 -28
  90. package/dist/{chunk-PJLW25AQ.cjs.map → chunk-IQLKZUWU.cjs.map} +1 -1
  91. package/dist/{chunk-G54X6VE6.cjs → chunk-J63WGHRP.cjs} +2 -2
  92. package/dist/{chunk-G54X6VE6.cjs.map → chunk-J63WGHRP.cjs.map} +1 -1
  93. package/dist/{chunk-ZFRMJ23H.cjs → chunk-LBWW6DIA.cjs} +6 -6
  94. package/dist/{chunk-ZFRMJ23H.cjs.map → chunk-LBWW6DIA.cjs.map} +1 -1
  95. package/dist/{chunk-BRC4XSFG.js → chunk-LG3ZI5LX.js} +2 -2
  96. package/dist/{chunk-BRC4XSFG.js.map → chunk-LG3ZI5LX.js.map} +1 -1
  97. package/dist/{chunk-JGLVYJ3S.cjs → chunk-LGBQCYM5.cjs} +11 -11
  98. package/dist/{chunk-JGLVYJ3S.cjs.map → chunk-LGBQCYM5.cjs.map} +1 -1
  99. package/dist/{chunk-XRE4KFIZ.js → chunk-LQFUXCNW.js} +6 -14
  100. package/dist/chunk-LQFUXCNW.js.map +1 -0
  101. package/dist/{chunk-YOHMEY6Q.cjs → chunk-LXJWPWWT.cjs} +11 -11
  102. package/dist/{chunk-YOHMEY6Q.cjs.map → chunk-LXJWPWWT.cjs.map} +1 -1
  103. package/dist/{chunk-4E7VGBSM.js → chunk-LZGPBHLN.js} +4 -4
  104. package/dist/{chunk-4E7VGBSM.js.map → chunk-LZGPBHLN.js.map} +1 -1
  105. package/dist/{chunk-P6TSZJ4I.js → chunk-M4ICGFM6.js} +3 -3
  106. package/dist/{chunk-P6TSZJ4I.js.map → chunk-M4ICGFM6.js.map} +1 -1
  107. package/dist/{chunk-PH4BEZVA.js → chunk-MKZBXQXT.js} +41 -41
  108. package/dist/{chunk-PH4BEZVA.js.map → chunk-MKZBXQXT.js.map} +1 -1
  109. package/dist/{chunk-D6RO4IFO.js → chunk-N7RBOEOW.js} +3 -3
  110. package/dist/{chunk-D6RO4IFO.js.map → chunk-N7RBOEOW.js.map} +1 -1
  111. package/dist/{chunk-GOD4LLZT.cjs → chunk-NLCAG4EM.cjs} +10 -10
  112. package/dist/{chunk-GOD4LLZT.cjs.map → chunk-NLCAG4EM.cjs.map} +1 -1
  113. package/dist/{chunk-7B36J5MV.cjs → chunk-O5OAYJLB.cjs} +101 -101
  114. package/dist/{chunk-7B36J5MV.cjs.map → chunk-O5OAYJLB.cjs.map} +1 -1
  115. package/dist/{chunk-XILM7MA7.js → chunk-OCLZNGV4.js} +3 -3
  116. package/dist/{chunk-XILM7MA7.js.map → chunk-OCLZNGV4.js.map} +1 -1
  117. package/dist/{chunk-UZINJHAF.cjs → chunk-OHIYNLLQ.cjs} +6 -6
  118. package/dist/{chunk-UZINJHAF.cjs.map → chunk-OHIYNLLQ.cjs.map} +1 -1
  119. package/dist/{chunk-ZVZBZOBY.cjs → chunk-P46EWRE5.cjs} +7 -7
  120. package/dist/{chunk-ZVZBZOBY.cjs.map → chunk-P46EWRE5.cjs.map} +1 -1
  121. package/dist/{chunk-43BKXDJD.cjs → chunk-P5AF734M.cjs} +36 -36
  122. package/dist/{chunk-43BKXDJD.cjs.map → chunk-P5AF734M.cjs.map} +1 -1
  123. package/dist/{chunk-UGI45E76.cjs → chunk-PDIAXKLX.cjs} +37 -37
  124. package/dist/{chunk-UGI45E76.cjs.map → chunk-PDIAXKLX.cjs.map} +1 -1
  125. package/dist/{chunk-UQWJQWSK.cjs → chunk-PHYCJYO3.cjs} +9 -9
  126. package/dist/{chunk-UQWJQWSK.cjs.map → chunk-PHYCJYO3.cjs.map} +1 -1
  127. package/dist/{chunk-KGJGR6GO.js → chunk-PIYG2ZVX.js} +4 -4
  128. package/dist/{chunk-KGJGR6GO.js.map → chunk-PIYG2ZVX.js.map} +1 -1
  129. package/dist/{chunk-IMHKYH3U.cjs → chunk-QKMR5DG7.cjs} +13 -13
  130. package/dist/{chunk-IMHKYH3U.cjs.map → chunk-QKMR5DG7.cjs.map} +1 -1
  131. package/dist/{chunk-SK2BQPVT.js → chunk-QX3AZCW5.js} +3 -3
  132. package/dist/{chunk-SK2BQPVT.js.map → chunk-QX3AZCW5.js.map} +1 -1
  133. package/dist/{chunk-RLAOC73C.js → chunk-QXOX7BJ2.js} +3 -3
  134. package/dist/{chunk-RLAOC73C.js.map → chunk-QXOX7BJ2.js.map} +1 -1
  135. package/dist/{chunk-TIXNAAKQ.js → chunk-R7CRVFGS.js} +5 -5
  136. package/dist/{chunk-TIXNAAKQ.js.map → chunk-R7CRVFGS.js.map} +1 -1
  137. package/dist/{chunk-EYCW4Z4H.cjs → chunk-RCUN5OI6.cjs} +10 -10
  138. package/dist/{chunk-EYCW4Z4H.cjs.map → chunk-RCUN5OI6.cjs.map} +1 -1
  139. package/dist/chunk-RRFFQING.cjs +738 -0
  140. package/dist/{chunk-DYGVGFQU.cjs.map → chunk-RRFFQING.cjs.map} +1 -1
  141. package/dist/{chunk-EKRIVYU4.cjs → chunk-RTFXDI4F.cjs} +8 -8
  142. package/dist/{chunk-EKRIVYU4.cjs.map → chunk-RTFXDI4F.cjs.map} +1 -1
  143. package/dist/{chunk-LUPNAVPL.js → chunk-RXGM2A6M.js} +3 -3
  144. package/dist/{chunk-LUPNAVPL.js.map → chunk-RXGM2A6M.js.map} +1 -1
  145. package/dist/{chunk-4UZTUQYZ.js → chunk-RZI2OEAV.js} +4 -4
  146. package/dist/{chunk-4UZTUQYZ.js.map → chunk-RZI2OEAV.js.map} +1 -1
  147. package/dist/{chunk-AMWGBQZU.js → chunk-SCPI2COK.js} +3 -3
  148. package/dist/{chunk-AMWGBQZU.js.map → chunk-SCPI2COK.js.map} +1 -1
  149. package/dist/{chunk-KR7FUFVK.cjs → chunk-T2VLCDKN.cjs} +10 -10
  150. package/dist/{chunk-KR7FUFVK.cjs.map → chunk-T2VLCDKN.cjs.map} +1 -1
  151. package/dist/{chunk-RETWAY24.js → chunk-U32PSRV5.js} +3 -3
  152. package/dist/{chunk-RETWAY24.js.map → chunk-U32PSRV5.js.map} +1 -1
  153. package/dist/{chunk-S57DVRYK.js → chunk-UEBN7OAE.js} +4 -4
  154. package/dist/{chunk-S57DVRYK.js.map → chunk-UEBN7OAE.js.map} +1 -1
  155. package/dist/{chunk-XLSJQAEP.cjs → chunk-VFFHMLN4.cjs} +4 -4
  156. package/dist/{chunk-XLSJQAEP.cjs.map → chunk-VFFHMLN4.cjs.map} +1 -1
  157. package/dist/{chunk-P7HCBIOK.js → chunk-VHTINGAH.js} +3 -3
  158. package/dist/{chunk-P7HCBIOK.js.map → chunk-VHTINGAH.js.map} +1 -1
  159. package/dist/{chunk-Z7C226TD.js → chunk-VTFGQJWS.js} +5 -5
  160. package/dist/{chunk-Z7C226TD.js.map → chunk-VTFGQJWS.js.map} +1 -1
  161. package/dist/{chunk-AGWL3ZLU.js → chunk-VVB63EWV.js} +3 -3
  162. package/dist/{chunk-AGWL3ZLU.js.map → chunk-VVB63EWV.js.map} +1 -1
  163. package/dist/{chunk-QRTZCP42.cjs → chunk-VWUWC7R6.cjs} +10 -10
  164. package/dist/{chunk-QRTZCP42.cjs.map → chunk-VWUWC7R6.cjs.map} +1 -1
  165. package/dist/{chunk-JUORD32P.js → chunk-WKYACKK5.js} +3 -3
  166. package/dist/{chunk-JUORD32P.js.map → chunk-WKYACKK5.js.map} +1 -1
  167. package/dist/{chunk-GQI4NKKD.js → chunk-X7NVLH7T.js} +5 -5
  168. package/dist/{chunk-GQI4NKKD.js.map → chunk-X7NVLH7T.js.map} +1 -1
  169. package/dist/{chunk-4ZD4KLXD.js → chunk-XQCVPO25.js} +3 -3
  170. package/dist/{chunk-4ZD4KLXD.js.map → chunk-XQCVPO25.js.map} +1 -1
  171. package/dist/{chunk-WF6VLJGR.js → chunk-YPC7O4MV.js} +3 -3
  172. package/dist/{chunk-WF6VLJGR.js.map → chunk-YPC7O4MV.js.map} +1 -1
  173. package/dist/{chunk-3KBURDTO.cjs → chunk-YTC2OYTK.cjs} +8 -8
  174. package/dist/{chunk-3KBURDTO.cjs.map → chunk-YTC2OYTK.cjs.map} +1 -1
  175. package/dist/{chunk-ABKWQKXZ.cjs → chunk-Z4IJWLV4.cjs} +8 -8
  176. package/dist/{chunk-ABKWQKXZ.cjs.map → chunk-Z4IJWLV4.cjs.map} +1 -1
  177. package/dist/{chunk-F6VL25IA.cjs → chunk-ZZWXMXP4.cjs} +6 -6
  178. package/dist/{chunk-F6VL25IA.cjs.map → chunk-ZZWXMXP4.cjs.map} +1 -1
  179. package/dist/docs/SKILL.md +1 -1
  180. package/dist/docs/assets/SOURCE_MAP.json +1 -1
  181. package/dist/server/handlers/a2a.cjs +14 -14
  182. package/dist/server/handlers/a2a.js +1 -1
  183. package/dist/server/handlers/agent-builder.cjs +17 -17
  184. package/dist/server/handlers/agent-builder.js +1 -1
  185. package/dist/server/handlers/agent-controller.cjs +35 -35
  186. package/dist/server/handlers/agent-controller.js +1 -1
  187. package/dist/server/handlers/agent-versions.cjs +8 -8
  188. package/dist/server/handlers/agent-versions.js +1 -1
  189. package/dist/server/handlers/agents.cjs +46 -46
  190. package/dist/server/handlers/agents.d.ts +2 -2
  191. package/dist/server/handlers/agents.d.ts.map +1 -1
  192. package/dist/server/handlers/agents.js +1 -1
  193. package/dist/server/handlers/auth.cjs +13 -13
  194. package/dist/server/handlers/auth.js +1 -1
  195. package/dist/server/handlers/background-tasks.cjs +4 -4
  196. package/dist/server/handlers/background-tasks.js +1 -1
  197. package/dist/server/handlers/builder-registry.cjs +6 -6
  198. package/dist/server/handlers/builder-registry.js +1 -1
  199. package/dist/server/handlers/channels.cjs +5 -5
  200. package/dist/server/handlers/channels.js +1 -1
  201. package/dist/server/handlers/conversations.cjs +5 -5
  202. package/dist/server/handlers/conversations.js +1 -1
  203. package/dist/server/handlers/datasets.cjs +26 -26
  204. package/dist/server/handlers/datasets.js +1 -1
  205. package/dist/server/handlers/editor-builder.cjs +6 -6
  206. package/dist/server/handlers/editor-builder.js +1 -1
  207. package/dist/server/handlers/favorites-enrichment.cjs +4 -4
  208. package/dist/server/handlers/favorites-enrichment.js +1 -1
  209. package/dist/server/handlers/logs.cjs +4 -4
  210. package/dist/server/handlers/logs.js +1 -1
  211. package/dist/server/handlers/mcp-client-versions.cjs +8 -8
  212. package/dist/server/handlers/mcp-client-versions.js +1 -1
  213. package/dist/server/handlers/mcp.cjs +11 -11
  214. package/dist/server/handlers/mcp.js +1 -1
  215. package/dist/server/handlers/memory.cjs +27 -27
  216. package/dist/server/handlers/memory.js +1 -1
  217. package/dist/server/handlers/observability-new-endpoints.cjs +29 -29
  218. package/dist/server/handlers/observability-new-endpoints.js +1 -1
  219. package/dist/server/handlers/observability-shared.cjs +9 -9
  220. package/dist/server/handlers/observability-shared.js +1 -1
  221. package/dist/server/handlers/observability.cjs +40 -40
  222. package/dist/server/handlers/observability.js +2 -2
  223. package/dist/server/handlers/processor-providers.cjs +3 -3
  224. package/dist/server/handlers/processor-providers.js +1 -1
  225. package/dist/server/handlers/processors.cjs +4 -4
  226. package/dist/server/handlers/processors.js +1 -1
  227. package/dist/server/handlers/prompt-block-versions.cjs +8 -8
  228. package/dist/server/handlers/prompt-block-versions.js +1 -1
  229. package/dist/server/handlers/responses.cjs +4 -4
  230. package/dist/server/handlers/responses.js +1 -1
  231. package/dist/server/handlers/schedules.cjs +6 -6
  232. package/dist/server/handlers/schedules.js +1 -1
  233. package/dist/server/handlers/scorer-versions.cjs +8 -8
  234. package/dist/server/handlers/scorer-versions.js +1 -1
  235. package/dist/server/handlers/scores.cjs +7 -7
  236. package/dist/server/handlers/scores.js +1 -1
  237. package/dist/server/handlers/stored-agent-favorites.cjs +3 -3
  238. package/dist/server/handlers/stored-agent-favorites.js +1 -1
  239. package/dist/server/handlers/stored-agents.cjs +10 -10
  240. package/dist/server/handlers/stored-agents.js +1 -1
  241. package/dist/server/handlers/stored-mcp-clients.cjs +6 -6
  242. package/dist/server/handlers/stored-mcp-clients.js +1 -1
  243. package/dist/server/handlers/stored-prompt-blocks.cjs +6 -6
  244. package/dist/server/handlers/stored-prompt-blocks.js +1 -1
  245. package/dist/server/handlers/stored-scorers.cjs +6 -6
  246. package/dist/server/handlers/stored-scorers.js +1 -1
  247. package/dist/server/handlers/stored-skill-favorites.cjs +3 -3
  248. package/dist/server/handlers/stored-skill-favorites.js +1 -1
  249. package/dist/server/handlers/stored-skills.cjs +7 -7
  250. package/dist/server/handlers/stored-skills.js +1 -1
  251. package/dist/server/handlers/stored-workspaces.cjs +6 -6
  252. package/dist/server/handlers/stored-workspaces.js +1 -1
  253. package/dist/server/handlers/system.cjs +3 -3
  254. package/dist/server/handlers/system.js +1 -1
  255. package/dist/server/handlers/tool-providers.cjs +14 -14
  256. package/dist/server/handlers/tool-providers.js +1 -1
  257. package/dist/server/handlers/tools.cjs +6 -6
  258. package/dist/server/handlers/tools.js +1 -1
  259. package/dist/server/handlers/vector.cjs +16 -16
  260. package/dist/server/handlers/vector.js +1 -1
  261. package/dist/server/handlers/workflows.cjs +27 -27
  262. package/dist/server/handlers/workflows.js +1 -1
  263. package/dist/server/handlers/workspace.cjs +26 -26
  264. package/dist/server/handlers/workspace.js +1 -1
  265. package/dist/server/handlers.cjs +28 -28
  266. package/dist/server/handlers.js +14 -14
  267. package/dist/server/server-adapter/index.cjs +21 -21
  268. package/dist/server/server-adapter/index.js +4 -4
  269. package/package.json +6 -6
  270. package/dist/chunk-DYGVGFQU.cjs +0 -738
  271. package/dist/chunk-SOQPH6H2.cjs.map +0 -1
  272. package/dist/chunk-XRE4KFIZ.js.map +0 -1
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server/handlers/auth.ts"],"names":["isStudioClientTypeHeader","MASTRA_CLIENT_TYPE_HEADER","createPublicRoute","capabilitiesResponseSchema","supportsSessionRefresh","handleError","currentUserResponseSchema","ssoLoginQuerySchema","HTTPException","ssoCallbackQuerySchema","refreshResponseSchema","credentialsSignInBodySchema","credentialsSignUpBodySchema","mastra","z","createRoute","MASTRA_USER_PERMISSIONS_KEY","permissionPatternsResponseSchema"],"mappings":";;;;;;;;;;AA0CA,IAAI,yBAAA;AACJ,SAAS,qBAAA,GAAkE;AACzE,EAAA,IAAI,CAAC,yBAAA,EAA2B;AAC9B,IAAA,yBAAA,GAA4B,OAAO,sBAAsB,CAAA,CACtD,IAAA,CAAK,OAAK,CAAA,CAAE,iBAAwC,CAAA,CACpD,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,yBAAA;AACT;AAEA,IAAI,0BAAA;AACJ,SAAS,sBAAA,GAAuE;AAC9E,EAAA,IAAI,CAAC,0BAAA,EAA4B;AAC/B,IAAA,0BAAA,GAA6B,OAAO,sBAAsB,CAAA,CACvD,IAAA,CAAK,OAAK,CAAA,CAAE,mBAA8C,CAAA,CAC1D,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,0BAAA;AACT;AASA,SAAS,eAAA,CAAgB,QAAa,QAAA,EAA+C;AAEnF,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,MAAM,gBAAgB,YAAA,EAAc,IAAA,IAAQ,OAAO,YAAA,CAAa,KAAK,iBAAA,KAAsB,UAAA;AAG3F,EAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAIA,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAM,OAAO,IAAA;AAIhC,EAAA,IAAI,OAAO,YAAA,CAAa,IAAA,CAAK,iBAAA,KAAsB,UAAA,EAAY;AAC7D,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AAKA,SAAS,gBAAgB,OAAA,EAA2B;AAClD,EAAA,OAAOA,2CAAyB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAIC,2CAAyB,KAAK,MAAS,CAAA;AAC7F;AAoBO,SAAS,gBAAgB,OAAA,EAA0B;AACxD,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACnF,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,OAAO,WAAW,aAAa,CAAA,CAAA;AAAA,EACjC;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACvC,EAAA,IAAI,IAAA,EAAM;AACR,IAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACrF,IAAA,MAAM,KAAA,GAAQ,cAAA,IAAkB,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAC7E,IAAA,OAAO,CAAA,EAAG,KAAK,CAAA,GAAA,EAAM,IAAI,CAAA,CAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,MAAA;AAC9B;AAMA,SAAS,eAAA,CAAgB,QAAa,QAAA,EAAuD;AAC3F,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,IAAA,IAAI,cAAc,IAAA,EAAM;AACtB,MAAA,OAAO,YAAA,CAAa,IAAA;AAAA,IACtB;AAAA,EACF;AACA,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,IAAA;AACvB;AAMA,SAAS,cAAA,CAAe,QAAa,QAAA,EAAsD;AACzF,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,IAAA,IAAI,cAAc,GAAA,EAAK;AACrB,MAAA,OAAO,YAAA,CAAa,GAAA;AAAA,IACtB;AAAA,EACF;AACA,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,GAAA;AACvB;AAKA,SAAS,mBAAA,CAAuB,MAAe,MAAA,EAA4B;AACzE,EAAA,OAAO,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,OAAQ,IAAA,CAAa,MAAM,CAAA,KAAM,UAAA;AACvF;AAMO,IAAM,8BAA8BC,mCAAA,CAAkB;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBC,4CAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,GAAA;AAGzC,MAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AAEA,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAC7C,MAAA,MAAM,GAAA,GAAM,cAAA,CAAe,MAAA,EAAQ,QAAQ,CAAA;AAE3C,MAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,EAAsB;AACtD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AACA,MAAA,MAAM,YAAA,GAAe,MAAM,iBAAA,CAAkB,IAAA,EAAM,OAAA,EAAS,EAAE,IAAA,EAAM,GAAA,EAAK,SAAA,EAAW,WAAA,EAAa,CAAA;AAIjG,MAAA,IAAI,EAAE,MAAA,IAAU,YAAA,CAAA,IAAiBC,wCAAA,CAAuB,IAAI,CAAA,EAAG;AAC7D,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AAC5D,UAAA,IAAI,SAAA,EAAW;AACb,YAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AAC5D,YAAA,IAAI,gBAAA,EAAkB;AACpB,cAAA,MAAM,cAAA,GAAiB,MAAM,IAAA,CAAK,iBAAA,CAAkB,gBAAgB,CAAA;AACpE,cAAA,MAAM,WAAA,GAAc,yBAAyB,cAAc,CAAA;AAC3D,cAAA,IAAI,WAAA,EAAa;AAEf,gBAAA,MAAM,gBAAA,GAAmB,IAAI,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK;AAAA,kBAChD,QAAQ,OAAA,CAAQ,MAAA;AAAA,kBAChB,OAAA,EAAS,IAAI,OAAA,CAAQ,OAAA,CAAQ,OAAO;AAAA,iBACrC,CAAA;AACD,gBAAA,gBAAA,CAAiB,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,WAAW,CAAA;AAClD,gBAAA,MAAM,qBAAA,GAAwB,MAAM,iBAAA,CAAkB,IAAA,EAAM,gBAAA,EAAkB;AAAA,kBAC5E,IAAA;AAAA,kBACA,SAAA,EAAW;AAAA,iBACZ,CAAA;AAGD,gBAAA,IAAI,UAAU,qBAAA,EAAuB;AACnC,kBAAC,sBAA8B,gBAAA,GAAmB,cAAA;AAAA,gBACpD;AACA,gBAAA,OAAO,qBAAA;AAAA,cACT;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO,YAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAKD,SAAS,yBAAyB,OAAA,EAAgD;AAChF,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,YAAY,CAAA,IAAK,QAAQ,YAAY,CAAA;AAC/D,EAAA,IAAI,CAAC,WAAW,OAAO,IAAA;AAEvB,EAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,KAAA,CAAM,UAAU,CAAA;AACxC,EAAA,OAAO,KAAA,GAAS,KAAA,CAAM,CAAC,CAAA,IAAK,IAAA,GAAQ,IAAA;AACtC;AAMO,IAAM,yBAAyBH,mCAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,UAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBI,2CAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,MAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AACxC,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAC7C,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAmC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACxE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,cAAA,CAAe,OAAO,CAAA;AAC9C,MAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAGlB,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,WAAA;AAEJ,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAI;AACF,UAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAChC,UAAA,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAAA,QAC9C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,IAAA,CAAK,EAAA;AAAA,QACT,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,WAAW,IAAA,CAAK,SAAA;AAAA,QAChB,KAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOD,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,sBAAsBH,mCAAA,CAAkB;AAAA,EACnD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkBK,qCAAA;AAAA,EAClB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,4DAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,YAAA,EAAc,OAAA,EAAS,aAAY,GAAI,GAAA;AACvD,MAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AACxC,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,aAAa,CAAA,EAAG;AACpE,QAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,MAChE;AAGA,MAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,MAAA,MAAM,GAAA,GAAA,CAAQ,WAAA,IAA0B,MAAA,EAAQ,IAAA,EAAK;AACrD,MAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,GAAI,GAAA,GAAM,IAAI,GAAG,CAAA,CAAA;AACrD,MAAA,MAAM,MAAA,GAAS,UAAU,QAAA,CAAS,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,SAAA;AAClE,MAAA,MAAM,gBAAA,GAAmB,CAAA,EAAG,MAAM,CAAA,EAAG,MAAM,CAAA,kBAAA,CAAA;AAO3C,MAAA,IAAI,iBAAA,GAAoB,GAAA;AACxB,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,YAAA,CAAa,UAAA,CAAW,MAAM,CAAA,EAAG;AAEpC,UAAA,iBAAA,GAAoB,YAAA;AAAA,QACtB,CAAA,MAAO;AACL,UAAA,IAAI;AACF,YAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,YAAY,CAAA;AACxC,YAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,MAAM,CAAA;AACpC,YAAA,MAAM,OAAA,GAAU,WAAA,CAAY,QAAA,KAAa,OAAA,IAAW,YAAY,QAAA,KAAa,QAAA;AAC7E,YAAA,MAAM,YAAA,GAAe,WAAA,CAAY,MAAA,KAAW,aAAA,CAAc,MAAA;AAC1D,YAAA,MAAM,WAAA,GACJ,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,OAAA;AAC3B,YAAA,IAAI,OAAA,KAAY,gBAAgB,WAAA,CAAA,EAAc;AAC5C,cAAA,iBAAA,GAAoB,YAAA;AAAA,YACtB;AAAA,UACF,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AACA,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,kBAAA,CAAmB,iBAAiB,CAAC,CAAA,CAAA;AAEjE,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,OAAA,CAAQ,KAAK,WAAA,CAAY,gBAAA,EAAkB,KAAK,CAAC,CAAA;AAGhF,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,iBAAiB,CAAA,IAAK,KAAK,eAAA,EAAiB;AACtF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,CAAgB,gBAAA,EAAkB,KAAK,CAAA;AAC5D,QAAA,IAAI,SAAS,MAAA,EAAQ;AAEnB,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,UACrC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,GAAA,EAAK,QAAA,EAAU,CAAA,EAAG,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IACjF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOH,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyBH,mCAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkBO,wCAAA;AAAA,EAClB,OAAA,EAAS,qBAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,SAAQ,GAAI,GAAA;AACzC,IAAkB,gBAAgB,OAAO;AAGzC,IAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AAGvC,IAAA,IAAI,UAAA,GAAa,GAAA;AACjB,IAAA,IAAI,UAAU,KAAA,IAAS,EAAA;AACvB,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,MAAA,MAAM,CAAC,EAAA,EAAI,eAAe,IAAI,KAAA,CAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAChD,MAAA,OAAA,GAAU,EAAA;AACV,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,mBAAmB,eAAe,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,UAAA,GAAa,GAAA;AAAA,MACf;AAAA,IACF;AAMA,IAAA,IAAI,gBAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,OAAO,CAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,OAAO,QAAA,KAAa,QAAA;AACnE,QAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,KAAW,UAAA,CAAW,MAAA;AAClD,QAAA,MAAM,WAAA,GACJ,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,OAAA;AAC5F,QAAA,gBAAA,GAAmB,OAAA,KAAY,YAAA,IAAgB,WAAA,CAAA,GAAe,UAAA,GAAa,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MACvF,CAAA,CAAA,MAAQ;AACN,QAAA,gBAAA,GAAmB,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MAC/B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,gBAAA,GAAmB,CAAA,EAAG,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI;AAIF,MAAA,IAAI,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,IAAI,CAAA;AAGvC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,IAAA,GAAO,eAAA,CAAgB,QAAQ,KAAK,CAAA;AAAA,MACtC;AAEA,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,OAAO,QAAA,CAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,6BAA6B,GAAG,CAAA;AAAA,MAC9E;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,OAAQ,IAAA,CAAa,uBAAA,KAA4B,UAAA,EAAY;AAC/D,QAAC,IAAA,CAAa,wBAAwB,eAAe,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAM,OAAO,CAAA;AACvD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAGpB,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,gBAAgB,CAAA;AAGxC,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF,WAAW,mBAAA,CAAsC,IAAA,EAAM,eAAe,CAAA,IAAK,OAAO,MAAA,EAAQ;AAExF,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,KAAK,EAAA,EAAI;AAAA,UAChD,WAAA,EAAa,OAAO,MAAA,CAAO,WAAA;AAAA,UAC3B,YAAA,EAAc,OAAO,MAAA,CAAO,YAAA;AAAA,UAC5B,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,UACzB,gBAAiB,IAAA,CAAa;AAAA,SAC/B,CAAA;AACD,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA;AACrD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AAEd,MAAA,MAAM,eAAe,kBAAA,CAAmB,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,eAAe,CAAA;AAChG,MAAA,OAAO,SAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,CAAA,OAAA,EAAU,YAAY,IAAI,GAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AACF,CAAC;AAMM,IAAM,oBAAoBP,mCAAA,CAAkB;AAAA,EACjD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,cAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,OAAA,EAAS,QAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,IAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,UACrD,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAGA,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EAAG;AAC1E,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,QAAA,IAAI,SAAA,IAAa,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AAC9E,UAAA,MAAM,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,QACrC;AAAA,MACF;AAGA,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,cAAc,CAAA,IAAK,KAAK,YAAA,EAAc;AAEhF,QAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,CAAa,QAAQ,OAAO,CAAA;AACzD,QAAA,UAAA,GAAa,SAAA,IAAa,MAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,wBAAwB,CAAA,EAAG;AACzE,QAAA,MAAM,YAAA,GAAe,KAAK,sBAAA,EAAuB;AACjD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AACvD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,CAAA,EAAG;AAAA,QACjE,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAOG,6BAAA,CAAY,OAAO,mBAAmB,CAAA;AAAA,IAC/C;AAAA,EACF;AACF,CAAC;AAMM,IAAM,qBAAqBH,mCAAA,CAAkB;AAAA,EAClD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,eAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,cAAA,EAAgBQ,uCAAA;AAAA,EAChB,OAAA,EAAS,iBAAA;AAAA,EACT,WAAA,EAAa,4FAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,IAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IACE,CAAC,IAAA,IACD,CAAC,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,IAC7D,CAAC,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EACtE;AACA,QAAA,MAAM,IAAIF,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kCAAkC,CAAA;AAAA,MAC5E;AAGA,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,cAAc,CAAA;AAAA,MACxD;AAGA,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AACtD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,mBAAmB,CAAA;AAAA,MAC7D;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAClE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,mBAAmB,CAAA,EAAG;AACpE,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,UAAU,CAAA;AACxD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,QACrD,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOH,6BAAA,CAAY,OAAO,0BAA0B,CAAA;AAAA,IACtD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiCH,mCAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAYS,6CAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,+CAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,UAAS,GAAI,GAAA;AAC7C,IAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAIH,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,UAAU,OAAO,CAAA;AACzD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAE1C,MAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,IACvE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiCN,mCAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAYU,6CAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,MAAK,GAAI,GAAA;AACnD,IAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAIJ,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,OAAO,KAAA,EAAO,QAAA,EAAU,MAAM,OAAO,CAAA;AAC/D,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,MAAMK,UAAU,GAAA,CAAY,MAAA;AAC5B,MAAAA,OAAAA,EAAQ,SAAA,IAAY,EAAG,KAAA,CAAM,eAAA,EAAiB;AAAA,QAC5C,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,EAAE,OAAA,EAAS,MAAM,OAAA,EAAS,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI;AAAA,OAClF,CAAA;AACD,MAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,4BAA4B,CAAA;AAAA,IACtE;AAAA,EACF;AACF,CAAC;AAMD,IAAM,yBAAA,GAA4BM,KAAE,MAAA,CAAO,EAAE,QAAQA,IAAA,CAAE,MAAA,IAAU,CAAA;AACjE,IAAM,6BAAA,GAAgCA,IAAA,CAAE,MAAA,CAAO,EAAE,QAAQA,IAAA,CAAE,MAAA,EAAO,EAAG,WAAA,EAAaA,KAAE,KAAA,CAAMA,IAAA,CAAE,MAAA,EAAQ,GAAG,CAAA;AAEhG,IAAM,6BAA6BC,6BAAA,CAAY;AAAA,EACpD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iCAAA;AAAA,EACN,YAAA,EAAc,IAAA;AAAA,EACd,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,cAAA,EAAgB,6BAAA;AAAA,EAChB,OAAA,EAAS,4BAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,cAAA,EAAgB,MAAA,EAAO,GAAI,GAAA;AAG3C,MAAA,MAAM,iBAAA,GAA8B,cAAA,EAAgB,GAAA,CAAIC,6CAA2B,KAAK,EAAC;AACzF,MAAA,MAAM,OAAA,GAAU,kBAAkB,IAAA,CAAK,CAAC,MAAc,CAAA,KAAM,GAAA,IAAO,MAAM,KAAK,CAAA;AAC9E,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,MAAM,IAAIR,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,yBAAyB,CAAA;AAAA,MACnE;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,IAAI,CAAC,MAAM,qBAAA,EAAuB;AAChC,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6DAA6D,CAAA;AAAA,MACvG;AAEA,MAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,qBAAA,CAAsB,MAAM,CAAA;AAC3D,MAAA,OAAO,EAAE,QAAQ,WAAA,EAAY;AAAA,IAC/B,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOH,6BAAA,CAAY,OAAO,gCAAgC,CAAA;AAAA,IAC5D;AAAA,EACF;AACF,CAAC;AAMM,IAAM,gCAAgCU,6BAAA,CAAY;AAAA,EACvD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,IAAA;AAAA,EACd,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBE,kDAAA;AAAA,EAChB,OAAA,EAAS,gCAAA;AAAA,EACT,WAAA,EACE,qKAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,SAAS,YAAY;AACnB,IAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,EAAuB;AAC9C,IAAA,OAAO,EAAE,QAAA,EAAU,MAAA,CAAO,KAAK,QAAA,IAAY,EAAE,CAAA,EAAE;AAAA,EACjD;AACF,CAAC;AAMM,IAAM,WAAA,GAAc;AAAA,EACzB,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,iBAAA;AAAA,EACA,kBAAA;AAAA,EACA,8BAAA;AAAA,EACA,8BAAA;AAAA,EACA,0BAAA;AAAA,EACA;AACF","file":"chunk-AC4YST2M.cjs","sourcesContent":["/**\n * Auth handlers for EE authentication capabilities.\n *\n * These routes enable Studio to:\n * - Detect available auth capabilities\n * - Initiate SSO login flows\n * - Handle OAuth callbacks\n * - Logout users\n */\n\nimport type {\n IUserProvider,\n ISessionProvider,\n ISSOProvider,\n ICredentialsProvider,\n SSOCallbackResult,\n} from '@mastra/core/auth';\nimport type { IRBACProvider, IFGAProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { MastraAuthProvider } from '@mastra/core/server';\n\nimport { z } from 'zod/v4';\nimport { supportsSessionRefresh } from '../auth/helpers';\nimport { MASTRA_USER_PERMISSIONS_KEY, MASTRA_CLIENT_TYPE_HEADER, isStudioClientTypeHeader } from '../constants';\nimport { HTTPException } from '../http-exception';\nimport {\n capabilitiesResponseSchema,\n ssoLoginQuerySchema,\n ssoCallbackQuerySchema,\n currentUserResponseSchema,\n credentialsSignInBodySchema,\n credentialsSignUpBodySchema,\n refreshResponseSchema,\n permissionPatternsResponseSchema,\n} from '../schemas/auth';\nimport { createPublicRoute, createRoute } from '../server-adapter/routes/route-builder';\nimport { handleError } from './error';\n\ntype BuildCapabilitiesFn = (\n auth: any,\n request: Request,\n options?: { rbac?: any; fga?: any; apiPrefix?: string },\n) => Promise<any>;\nlet _buildCapabilitiesPromise: Promise<BuildCapabilitiesFn | undefined> | undefined;\nfunction loadBuildCapabilities(): Promise<BuildCapabilitiesFn | undefined> {\n if (!_buildCapabilitiesPromise) {\n _buildCapabilitiesPromise = import('@mastra/core/auth/ee')\n .then(m => m.buildCapabilities as BuildCapabilitiesFn)\n .catch(() => {\n console.error(\n '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n );\n return undefined;\n });\n }\n return _buildCapabilitiesPromise;\n}\n\nlet _permissionPatternsPromise: Promise<Record<string, unknown> | undefined> | undefined;\nfunction loadPermissionPatterns(): Promise<Record<string, unknown> | undefined> {\n if (!_permissionPatternsPromise) {\n _permissionPatternsPromise = import('@mastra/core/auth/ee')\n .then(m => m.PERMISSION_PATTERNS as Record<string, unknown>)\n .catch(() => {\n console.error(\n '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n );\n return undefined;\n });\n }\n return _permissionPatternsPromise;\n}\n\n/**\n * Helper to get auth provider from Mastra instance.\n *\n * Dual auth is OPT-IN: if studio.auth is explicitly configured, Studio requests\n * use it exclusively. Otherwise, Studio requests fall back to server.auth for\n * backward compatibility.\n */\nfunction getAuthProvider(mastra: any, isStudio?: boolean): MastraAuthProvider | null {\n // Check if studio.auth is explicitly configured\n const studioConfig = mastra.getStudio?.();\n const hasStudioAuth = studioConfig?.auth && typeof studioConfig.auth.authenticateToken === 'function';\n\n // If this is a Studio request AND studio.auth is configured, use it exclusively\n if (isStudio && hasStudioAuth) {\n return studioConfig.auth as MastraAuthProvider;\n }\n\n // Otherwise (non-studio request, OR studio request without studio.auth configured),\n // fall back to server.auth for backward compatibility\n const serverConfig = mastra.getServer?.();\n if (!serverConfig?.auth) return null;\n\n // Auth can be either MastraAuthConfig or MastraAuthProvider\n // If it has authenticateToken method, it's a provider\n if (typeof serverConfig.auth.authenticateToken === 'function') {\n return serverConfig.auth as MastraAuthProvider;\n }\n\n return null;\n}\n\n/**\n * Check if the request is from Studio (via x-mastra-client-type header).\n */\nfunction isStudioRequest(request: Request): boolean {\n return isStudioClientTypeHeader(request.headers.get(MASTRA_CLIENT_TYPE_HEADER) ?? undefined);\n}\n\n/**\n * Get the public-facing origin from a request, respecting reverse proxy headers.\n * Behind a proxy (e.g. edge router), request.url contains the internal hostname,\n * so we rely on forwarded headers to reconstruct the real public origin.\n *\n * Assumes the server is behind a trusted proxy (or running locally). When\n * exposed directly to untrusted clients, the Host header is attacker-controlled\n * and must be validated upstream.\n *\n * Priority:\n * 1. X-Forwarded-Host (traditional reverse proxy) → always HTTPS. Knative's\n * queue-proxy overwrites X-Forwarded-Proto based on the internal HTTP\n * connection, so X-Forwarded-Proto is ignored here.\n * 2. Host header with X-Forwarded-Proto (AWS ALB, some proxies) → respect proto.\n * 3. Host header alone → use the scheme from request.url (covers both direct\n * HTTP access and proxies that preserve Host but don't set a proto header).\n * 4. No Host header → fall back to request.url.origin (local dev / direct access).\n */\nexport function getPublicOrigin(request: Request): string {\n const forwardedHost = request.headers.get('x-forwarded-host')?.split(',')[0]?.trim();\n if (forwardedHost) {\n return `https://${forwardedHost}`;\n }\n\n const host = request.headers.get('host');\n if (host) {\n const forwardedProto = request.headers.get('x-forwarded-proto')?.split(',')[0]?.trim();\n const proto = forwardedProto || new URL(request.url).protocol.replace(':', '');\n return `${proto}://${host}`;\n }\n\n return new URL(request.url).origin;\n}\n\n/**\n * Helper to get RBAC provider from Mastra config.\n * Checks studio config first when isStudio is true.\n */\nfunction getRBACProvider(mastra: any, isStudio?: boolean): IRBACProvider<EEUser> | undefined {\n if (isStudio) {\n const studioConfig = mastra.getStudio?.();\n if (studioConfig?.rbac) {\n return studioConfig.rbac as IRBACProvider<EEUser>;\n }\n }\n const serverConfig = mastra.getServer?.();\n return serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n}\n\n/**\n * Helper to get FGA provider from Mastra config.\n * Checks studio config first when isStudio is true.\n */\nfunction getFGAProvider(mastra: any, isStudio?: boolean): IFGAProvider<EEUser> | undefined {\n if (isStudio) {\n const studioConfig = mastra.getStudio?.();\n if (studioConfig?.fga) {\n return studioConfig.fga as IFGAProvider<EEUser>;\n }\n }\n const serverConfig = mastra.getServer?.();\n return serverConfig?.fga as IFGAProvider<EEUser> | undefined;\n}\n\n/**\n * Type guard to check if auth provider implements an interface.\n */\nfunction implementsInterface<T>(auth: unknown, method: keyof T): auth is T {\n return auth !== null && typeof auth === 'object' && typeof (auth as any)[method] === 'function';\n}\n\n// ============================================================================\n// GET /auth/capabilities\n// ============================================================================\n\nexport const GET_AUTH_CAPABILITIES_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/capabilities',\n responseType: 'json',\n responseSchema: capabilitiesResponseSchema,\n summary: 'Get auth capabilities',\n description:\n 'Returns authentication capabilities and current user info. Used by Studio to determine available features and user state.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, request, routePrefix } = ctx as any;\n\n // Check if this is a Studio request (via x-mastra-client-type header)\n const isStudio = isStudioRequest(request);\n\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth) {\n return { enabled: false, login: null };\n }\n\n const rbac = getRBACProvider(mastra, isStudio);\n const fga = getFGAProvider(mastra, isStudio);\n\n const buildCapabilities = await loadBuildCapabilities();\n if (!buildCapabilities) {\n return { enabled: false, login: null };\n }\n const capabilities = await buildCapabilities(auth, request, { rbac, fga, apiPrefix: routePrefix });\n\n // If capabilities came back without a user, the session may have expired.\n // Attempt a transparent refresh (same logic as coreAuthMiddleware) and retry.\n if (!('user' in capabilities) && supportsSessionRefresh(auth)) {\n try {\n const sessionId = await auth.getSessionIdFromRequest(request);\n if (sessionId) {\n const refreshedSession = await auth.refreshSession(sessionId);\n if (refreshedSession) {\n const sessionHeaders = await auth.getSessionHeaders(refreshedSession);\n const cookieValue = extractCookieFromHeaders(sessionHeaders);\n if (cookieValue) {\n // Rebuild capabilities with the refreshed cookie\n const refreshedRequest = new Request(request.url, {\n method: request.method,\n headers: new Headers(request.headers),\n });\n refreshedRequest.headers.set('Cookie', cookieValue);\n const refreshedCapabilities = await buildCapabilities(auth, refreshedRequest, {\n rbac,\n apiPrefix: routePrefix,\n });\n\n // Attach refresh headers so the adapter can set the new cookie\n if ('user' in refreshedCapabilities) {\n (refreshedCapabilities as any).__refreshHeaders = sessionHeaders;\n }\n return refreshedCapabilities;\n }\n }\n }\n } catch {\n // Refresh failed — return original unauthenticated capabilities\n }\n }\n\n return capabilities;\n } catch (error) {\n return handleError(error, 'Error getting auth capabilities');\n }\n },\n});\n\n/**\n * Extract a full cookie string from session headers (e.g. Set-Cookie → Cookie).\n */\nfunction extractCookieFromHeaders(headers: Record<string, string>): string | null {\n const setCookie = headers['Set-Cookie'] || headers['set-cookie'];\n if (!setCookie) return null;\n // Set-Cookie value is \"name=value; Path=/; ...\" — extract \"name=value\"\n const match = setCookie.match(/^([^;]+)/);\n return match ? (match[1] ?? null) : null;\n}\n\n// ============================================================================\n// GET /auth/me\n// ============================================================================\n\nexport const GET_CURRENT_USER_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/me',\n responseType: 'json',\n responseSchema: currentUserResponseSchema,\n summary: 'Get current user',\n description: 'Returns the currently authenticated user, or null if not authenticated.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, request } = ctx as any;\n const isStudio = isStudioRequest(request);\n const auth = getAuthProvider(mastra, isStudio);\n const rbac = getRBACProvider(mastra, isStudio);\n\n if (!auth || !implementsInterface<IUserProvider>(auth, 'getCurrentUser')) {\n return null;\n }\n\n const user = await auth.getCurrentUser(request);\n if (!user) return null;\n\n // Get roles/permissions from RBAC provider if available\n let roles: string[] | undefined;\n let permissions: string[] | undefined;\n\n if (rbac) {\n try {\n roles = await rbac.getRoles(user);\n permissions = await rbac.getPermissions(user);\n } catch {\n // RBAC not available or failed\n }\n }\n\n return {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n roles,\n permissions,\n };\n } catch (error) {\n return handleError(error, 'Error getting current user');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/sso/login\n// ============================================================================\n\nexport const GET_SSO_LOGIN_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/sso/login',\n responseType: 'datastream-response',\n queryParamSchema: ssoLoginQuerySchema,\n summary: 'Initiate SSO login',\n description: 'Returns the SSO login URL and sets PKCE cookies if needed.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, redirect_uri, request, routePrefix } = ctx as any;\n const isStudio = isStudioRequest(request);\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'getLoginUrl')) {\n throw new HTTPException(404, { message: 'SSO not configured' });\n }\n\n // Build OAuth callback URI using the configured route prefix\n const origin = getPublicOrigin(request);\n const raw = ((routePrefix as string) || '/api').trim();\n const withSlash = raw.startsWith('/') ? raw : `/${raw}`;\n const prefix = withSlash.endsWith('/') ? withSlash.slice(0, -1) : withSlash;\n const oauthCallbackUri = `${origin}${prefix}/auth/sso/callback`;\n\n // Encode the post-login redirect in state (where user goes after auth completes)\n // State format: uuid|postLoginRedirect\n // Validate redirect_uri to prevent open-redirect attacks: allow relative paths,\n // same-origin URLs, and localhost URLs (for dev setups where Studio runs on a\n // different port).\n let postLoginRedirect = '/';\n if (redirect_uri) {\n if (!redirect_uri.startsWith('http')) {\n // Relative path — always safe\n postLoginRedirect = redirect_uri;\n } else {\n try {\n const redirectUrl = new URL(redirect_uri);\n const requestOrigin = new URL(origin);\n const isHttps = redirectUrl.protocol === 'http:' || redirectUrl.protocol === 'https:';\n const isSameOrigin = redirectUrl.origin === requestOrigin.origin;\n const isLocalhost =\n redirectUrl.hostname === 'localhost' ||\n redirectUrl.hostname === '127.0.0.1' ||\n redirectUrl.hostname === '[::1]';\n if (isHttps && (isSameOrigin || isLocalhost)) {\n postLoginRedirect = redirect_uri;\n }\n } catch {\n // Malformed URL — fall back to /\n }\n }\n }\n const stateId = crypto.randomUUID();\n const state = `${stateId}|${encodeURIComponent(postLoginRedirect)}`;\n\n const loginUrl = await Promise.resolve(auth.getLoginUrl(oauthCallbackUri, state));\n\n // Build response with optional PKCE cookies\n const headers = new Headers({ 'Content-Type': 'application/json' });\n\n // Check for PKCE cookies (e.g., MastraCloudAuthProvider)\n if (implementsInterface<ISSOProvider>(auth, 'getLoginCookies') && auth.getLoginCookies) {\n const cookies = auth.getLoginCookies(oauthCallbackUri, state);\n if (cookies?.length) {\n // PKCE cookies set for SSO state management\n for (const cookie of cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n }\n\n return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });\n } catch (error) {\n return handleError(error, 'Error initiating SSO login');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/sso/callback\n// ============================================================================\n\nexport const GET_SSO_CALLBACK_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/sso/callback',\n responseType: 'datastream-response',\n queryParamSchema: ssoCallbackQuerySchema,\n summary: 'Handle SSO callback',\n description: 'Handles the OAuth callback, exchanges code for session, and redirects to the app.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, code, state, request } = ctx as any;\n const _isStudio = isStudioRequest(request); // Kept for potential future use; currently we prefer studio auth for SSO\n\n // Build base URL for redirects (Response.redirect requires absolute URL)\n const baseUrl = getPublicOrigin(request);\n\n // Extract post-login redirect from state (format: uuid|encodedRedirect)\n let redirectTo = '/';\n let stateId = state || '';\n if (state && state.includes('|')) {\n const [id, encodedRedirect] = state.split('|', 2);\n stateId = id;\n try {\n redirectTo = decodeURIComponent(encodedRedirect);\n } catch {\n redirectTo = '/';\n }\n }\n\n // Build absolute redirect URL.\n // The redirect_uri was validated at the login endpoint (same-origin or localhost\n // only), so the state should only contain safe URLs. We still apply defense-in-depth\n // checks here: allow http(s) same-origin or localhost, reject everything else.\n let absoluteRedirect: string;\n if (redirectTo.startsWith('http')) {\n try {\n const parsed = new URL(redirectTo);\n const baseOrigin = new URL(baseUrl);\n const isHttps = parsed.protocol === 'http:' || parsed.protocol === 'https:';\n const isSameOrigin = parsed.origin === baseOrigin.origin;\n const isLocalhost =\n parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1' || parsed.hostname === '[::1]';\n absoluteRedirect = isHttps && (isSameOrigin || isLocalhost) ? redirectTo : `${baseUrl}/`;\n } catch {\n absoluteRedirect = `${baseUrl}/`;\n }\n } else {\n absoluteRedirect = `${baseUrl}${redirectTo}`;\n }\n\n try {\n // For SSO callback, the redirect from the identity provider won't include\n // the x-mastra-client-type header. Prefer studio auth for SSO (it's the\n // typical SSO use case), fall back to server auth only if studio doesn't exist.\n let auth = getAuthProvider(mastra, true); // Try studio first\n\n // If studio doesn't have SSO, fall back to server\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n auth = getAuthProvider(mastra, false);\n }\n\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n return Response.redirect(`${absoluteRedirect}?error=sso_not_configured`, 302);\n }\n\n // Pass cookie header to provider for PKCE validation (if supported)\n const reqCookieHeader = request.headers.get('cookie');\n if (typeof (auth as any).setCallbackCookieHeader === 'function') {\n (auth as any).setCallbackCookieHeader(reqCookieHeader);\n }\n\n const result = (await auth.handleCallback(code, stateId)) as SSOCallbackResult<EEUser>;\n const user = result.user as EEUser;\n\n // Build response headers (session cookies, etc.)\n const headers = new Headers();\n headers.set('Location', absoluteRedirect);\n\n // Set session cookies from the SSO result\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n } else if (implementsInterface<ISessionProvider>(auth, 'createSession') && result.tokens) {\n // Fallback: Create session manually for providers without cookie support\n const session = await auth.createSession(user.id, {\n accessToken: result.tokens.accessToken,\n refreshToken: result.tokens.refreshToken,\n expiresAt: result.tokens.expiresAt,\n organizationId: (user as any).organizationId,\n });\n const sessionHeaders = auth.getSessionHeaders(session);\n for (const [key, value] of Object.entries(sessionHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(null, {\n status: 302,\n headers,\n });\n } catch (error) {\n // Redirect with error (use absolute URL)\n const errorMessage = encodeURIComponent(error instanceof Error ? error.message : 'Unknown error');\n return Response.redirect(`${absoluteRedirect}?error=${errorMessage}`, 302);\n }\n },\n});\n\n// ============================================================================\n// POST /auth/logout\n// ============================================================================\n\nexport const POST_LOGOUT_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/logout',\n responseType: 'datastream-response',\n summary: 'Logout',\n description: 'Destroys the current session and returns logout redirect URL if available.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request } = ctx as any;\n const isStudio = isStudioRequest(request);\n\n try {\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth) {\n return new Response(JSON.stringify({ success: true }), {\n status: 200,\n headers: { 'Content-Type': 'application/json' },\n });\n }\n\n // Get session ID and destroy it\n if (implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')) {\n const sessionId = auth.getSessionIdFromRequest(request);\n if (sessionId && implementsInterface<ISessionProvider>(auth, 'destroySession')) {\n await auth.destroySession(sessionId);\n }\n }\n\n // Get logout URL if available\n let redirectTo: string | undefined;\n if (implementsInterface<ISSOProvider>(auth, 'getLogoutUrl') && auth.getLogoutUrl) {\n // Use public origin (respects X-Forwarded-Host behind reverse proxy)\n const origin = getPublicOrigin(request);\n const logoutUrl = await auth.getLogoutUrl(origin, request);\n redirectTo = logoutUrl ?? undefined;\n }\n\n // Build response with session clearing headers\n const headers = new Headers({ 'Content-Type': 'application/json' });\n\n // Clear session cookie\n if (implementsInterface<ISessionProvider>(auth, 'getClearSessionHeaders')) {\n const clearHeaders = auth.getClearSessionHeaders();\n for (const [key, value] of Object.entries(clearHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(JSON.stringify({ success: true, redirectTo }), {\n status: 200,\n headers,\n });\n } catch (error) {\n return handleError(error, 'Error logging out');\n }\n },\n});\n\n// ============================================================================\n// POST /auth/refresh\n// ============================================================================\n\nexport const POST_REFRESH_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/refresh',\n responseType: 'datastream-response',\n responseSchema: refreshResponseSchema,\n summary: 'Refresh session',\n description: 'Refreshes the current session, extending its expiry. Sets a new session cookie on success.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request } = ctx as any;\n const isStudio = isStudioRequest(request);\n\n try {\n const auth = getAuthProvider(mastra, isStudio);\n\n if (\n !auth ||\n !implementsInterface<ISessionProvider>(auth, 'refreshSession') ||\n !implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')\n ) {\n throw new HTTPException(404, { message: 'Session refresh not configured' });\n }\n\n // Get session ID from request\n const sessionId = auth.getSessionIdFromRequest(request);\n if (!sessionId) {\n throw new HTTPException(401, { message: 'No session' });\n }\n\n // Refresh the session\n const newSession = await auth.refreshSession(sessionId);\n if (!newSession) {\n throw new HTTPException(401, { message: 'Session expired' });\n }\n\n // Build response with new session headers\n const headers = new Headers({ 'Content-Type': 'application/json' });\n if (implementsInterface<ISessionProvider>(auth, 'getSessionHeaders')) {\n const sessionHeaders = auth.getSessionHeaders(newSession);\n for (const [key, value] of Object.entries(sessionHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(JSON.stringify({ success: true }), {\n status: 200,\n headers,\n });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error refreshing session');\n }\n },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-in\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_IN_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/credentials/sign-in',\n responseType: 'datastream-response',\n bodySchema: credentialsSignInBodySchema,\n summary: 'Sign in with credentials',\n description: 'Authenticates a user with email and password.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request, email, password } = ctx as any;\n const isStudio = isStudioRequest(request);\n\n try {\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signIn')) {\n throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n }\n\n const result = await auth.signIn(email, password, request);\n const user = result.user as EEUser;\n\n const responseBody = JSON.stringify({\n user: {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n },\n token: result.token,\n });\n\n // Build response headers, including cookies from the auth provider\n const headers = new Headers({\n 'Content-Type': 'application/json',\n });\n\n // Forward session cookies from the auth provider\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n\n return new Response(responseBody, { status: 200, headers });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n // Return a generic error for auth failures to avoid leaking info\n throw new HTTPException(401, { message: 'Invalid email or password' });\n }\n },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-up\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_UP_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/credentials/sign-up',\n responseType: 'datastream-response',\n bodySchema: credentialsSignUpBodySchema,\n summary: 'Sign up with credentials',\n description: 'Creates a new user account with email and password.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request, email, password, name } = ctx as any;\n const isStudio = isStudioRequest(request);\n\n try {\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signUp')) {\n throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n }\n\n const result = await auth.signUp(email, password, name, request);\n const user = result.user as EEUser;\n\n const responseBody = JSON.stringify({\n user: {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n },\n token: result.token,\n });\n\n // Build response headers, including cookies from the auth provider\n const headers = new Headers({\n 'Content-Type': 'application/json',\n });\n\n // Forward session cookies from the auth provider\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n\n return new Response(responseBody, { status: 200, headers });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n const mastra = (ctx as any).mastra;\n mastra?.getLogger?.()?.error('Sign-up error', {\n error: error instanceof Error ? { message: error.message, stack: error.stack } : error,\n });\n throw new HTTPException(400, { message: 'Failed to create account' });\n }\n },\n});\n\n// ============================================================================\n// GET /auth/roles/:roleId/permissions\n// ============================================================================\n\nconst rolePermissionsPathSchema = z.object({ roleId: z.string() });\nconst rolePermissionsResponseSchema = z.object({ roleId: z.string(), permissions: z.array(z.string()) });\n\nexport const GET_ROLE_PERMISSIONS_ROUTE = createRoute({\n method: 'GET',\n path: '/auth/roles/:roleId/permissions',\n requiresAuth: true,\n responseType: 'json',\n pathParamSchema: rolePermissionsPathSchema,\n responseSchema: rolePermissionsResponseSchema,\n summary: 'Get permissions for a role',\n description:\n 'Returns the resolved permissions for a specific role. Only accessible by admin users. Used by the \"View as role\" feature.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, requestContext, roleId } = ctx as any;\n\n // Check that the caller is an admin\n const callerPermissions: string[] = requestContext?.get(MASTRA_USER_PERMISSIONS_KEY) ?? [];\n const isAdmin = callerPermissions.some((p: string) => p === '*' || p === '*:*');\n if (!isAdmin) {\n throw new HTTPException(403, { message: 'Admin access required' });\n }\n\n const rbac = getRBACProvider(mastra);\n if (!rbac?.getPermissionsForRole) {\n throw new HTTPException(404, { message: 'RBAC provider does not support role permission resolution' });\n }\n\n const permissions = await rbac.getPermissionsForRole(roleId);\n return { roleId, permissions };\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error getting role permissions');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/permission-patterns\n// ============================================================================\n\nexport const GET_PERMISSION_PATTERNS_ROUTE = createRoute({\n method: 'GET',\n path: '/auth/permission-patterns',\n requiresAuth: true,\n responseType: 'json',\n responseSchema: permissionPatternsResponseSchema,\n summary: 'List valid permission patterns',\n description:\n 'Returns the authoritative list of valid permission-pattern strings. Used by Studio to validate the route→permission literals it ships and to gate the sidebar.',\n tags: ['Auth'],\n handler: async () => {\n const patterns = await loadPermissionPatterns();\n return { patterns: Object.keys(patterns ?? {}) };\n },\n});\n\n// ============================================================================\n// Export all auth routes\n// ============================================================================\n\nexport const AUTH_ROUTES = [\n GET_AUTH_CAPABILITIES_ROUTE,\n GET_CURRENT_USER_ROUTE,\n GET_SSO_LOGIN_ROUTE,\n GET_SSO_CALLBACK_ROUTE,\n POST_LOGOUT_ROUTE,\n POST_REFRESH_ROUTE,\n POST_CREDENTIALS_SIGN_IN_ROUTE,\n POST_CREDENTIALS_SIGN_UP_ROUTE,\n GET_ROLE_PERMISSIONS_ROUTE,\n GET_PERMISSION_PATTERNS_ROUTE,\n] as const;\n"]}
1
+ {"version":3,"sources":["../src/server/handlers/auth.ts"],"names":["isStudioClientTypeHeader","MASTRA_CLIENT_TYPE_HEADER","createPublicRoute","capabilitiesResponseSchema","supportsSessionRefresh","handleError","currentUserResponseSchema","ssoLoginQuerySchema","HTTPException","ssoCallbackQuerySchema","refreshResponseSchema","credentialsSignInBodySchema","credentialsSignUpBodySchema","mastra","z","createRoute","MASTRA_USER_PERMISSIONS_KEY","permissionPatternsResponseSchema"],"mappings":";;;;;;;;;;AA0CA,IAAI,yBAAA;AACJ,SAAS,qBAAA,GAAkE;AACzE,EAAA,IAAI,CAAC,yBAAA,EAA2B;AAC9B,IAAA,yBAAA,GAA4B,OAAO,sBAAsB,CAAA,CACtD,IAAA,CAAK,OAAK,CAAA,CAAE,iBAAwC,CAAA,CACpD,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,yBAAA;AACT;AAEA,IAAI,0BAAA;AACJ,SAAS,sBAAA,GAAuE;AAC9E,EAAA,IAAI,CAAC,0BAAA,EAA4B;AAC/B,IAAA,0BAAA,GAA6B,OAAO,sBAAsB,CAAA,CACvD,IAAA,CAAK,OAAK,CAAA,CAAE,mBAA8C,CAAA,CAC1D,KAAA,CAAM,MAAM;AACX,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,OACF;AACA,MAAA,OAAO,MAAA;AAAA,IACT,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,0BAAA;AACT;AASA,SAAS,eAAA,CAAgB,QAAa,QAAA,EAA+C;AAEnF,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,MAAM,gBAAgB,YAAA,EAAc,IAAA,IAAQ,OAAO,YAAA,CAAa,KAAK,iBAAA,KAAsB,UAAA;AAG3F,EAAA,IAAI,YAAY,aAAA,EAAe;AAC7B,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAIA,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,IAAI,CAAC,YAAA,EAAc,IAAA,EAAM,OAAO,IAAA;AAIhC,EAAA,IAAI,OAAO,YAAA,CAAa,IAAA,CAAK,iBAAA,KAAsB,UAAA,EAAY;AAC7D,IAAA,OAAO,YAAA,CAAa,IAAA;AAAA,EACtB;AAEA,EAAA,OAAO,IAAA;AACT;AAKA,SAAS,gBAAgB,OAAA,EAA2B;AAClD,EAAA,OAAOA,2CAAyB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAIC,2CAAyB,KAAK,MAAS,CAAA;AAC7F;AAoBO,SAAS,gBAAgB,OAAA,EAA0B;AACxD,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACnF,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,OAAO,WAAW,aAAa,CAAA,CAAA;AAAA,EACjC;AAEA,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACvC,EAAA,IAAI,IAAA,EAAM;AACR,IAAA,MAAM,cAAA,GAAiB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,mBAAmB,CAAA,EAAG,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,EAAG,IAAA,EAAK;AACrF,IAAA,MAAM,KAAA,GAAQ,cAAA,IAAkB,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,QAAA,CAAS,OAAA,CAAQ,GAAA,EAAK,EAAE,CAAA;AAC7E,IAAA,OAAO,CAAA,EAAG,KAAK,CAAA,GAAA,EAAM,IAAI,CAAA,CAAA;AAAA,EAC3B;AAEA,EAAA,OAAO,IAAI,GAAA,CAAI,OAAA,CAAQ,GAAG,CAAA,CAAE,MAAA;AAC9B;AAMA,SAAS,eAAA,CAAgB,QAAa,QAAA,EAAuD;AAC3F,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,IAAA,IAAI,cAAc,IAAA,EAAM;AACtB,MAAA,OAAO,YAAA,CAAa,IAAA;AAAA,IACtB;AAAA,EACF;AACA,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,IAAA;AACvB;AAMA,SAAS,cAAA,CAAe,QAAa,QAAA,EAAsD;AACzF,EAAA,IAAI,QAAA,EAAU;AACZ,IAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,IAAA,IAAI,cAAc,GAAA,EAAK;AACrB,MAAA,OAAO,YAAA,CAAa,GAAA;AAAA,IACtB;AAAA,EACF;AACA,EAAA,MAAM,YAAA,GAAe,OAAO,SAAA,IAAY;AACxC,EAAA,OAAO,YAAA,EAAc,GAAA;AACvB;AAKA,SAAS,mBAAA,CAAuB,MAAe,MAAA,EAA4B;AACzE,EAAA,OAAO,IAAA,KAAS,QAAQ,OAAO,IAAA,KAAS,YAAY,OAAQ,IAAA,CAAa,MAAM,CAAA,KAAM,UAAA;AACvF;AAMO,IAAM,8BAA8BC,mCAAA,CAAkB;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBC,4CAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAA,EAAY,GAAI,GAAA;AAGzC,MAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AAEA,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAC7C,MAAA,MAAM,GAAA,GAAM,cAAA,CAAe,MAAA,EAAQ,QAAQ,CAAA;AAE3C,MAAA,MAAM,iBAAA,GAAoB,MAAM,qBAAA,EAAsB;AACtD,MAAA,IAAI,CAAC,iBAAA,EAAmB;AACtB,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,IAAA,EAAK;AAAA,MACvC;AACA,MAAA,MAAM,YAAA,GAAe,MAAM,iBAAA,CAAkB,IAAA,EAAM,OAAA,EAAS,EAAE,IAAA,EAAM,GAAA,EAAK,SAAA,EAAW,WAAA,EAAa,CAAA;AAIjG,MAAA,IAAI,EAAE,MAAA,IAAU,YAAA,CAAA,IAAiBC,wCAAA,CAAuB,IAAI,CAAA,EAAG;AAC7D,QAAA,IAAI;AACF,UAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AAC5D,UAAA,IAAI,SAAA,EAAW;AACb,YAAA,MAAM,gBAAA,GAAmB,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AAC5D,YAAA,IAAI,gBAAA,EAAkB;AACpB,cAAA,MAAM,cAAA,GAAiB,MAAM,IAAA,CAAK,iBAAA,CAAkB,gBAAgB,CAAA;AACpE,cAAA,MAAM,WAAA,GAAc,yBAAyB,cAAc,CAAA;AAC3D,cAAA,IAAI,WAAA,EAAa;AAEf,gBAAA,MAAM,gBAAA,GAAmB,IAAI,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK;AAAA,kBAChD,QAAQ,OAAA,CAAQ,MAAA;AAAA,kBAChB,OAAA,EAAS,IAAI,OAAA,CAAQ,OAAA,CAAQ,OAAO;AAAA,iBACrC,CAAA;AACD,gBAAA,gBAAA,CAAiB,OAAA,CAAQ,GAAA,CAAI,QAAA,EAAU,WAAW,CAAA;AAClD,gBAAA,MAAM,qBAAA,GAAwB,MAAM,iBAAA,CAAkB,IAAA,EAAM,gBAAA,EAAkB;AAAA,kBAC5E,IAAA;AAAA,kBACA,SAAA,EAAW;AAAA,iBACZ,CAAA;AAGD,gBAAA,IAAI,UAAU,qBAAA,EAAuB;AACnC,kBAAC,sBAA8B,gBAAA,GAAmB,cAAA;AAAA,gBACpD;AACA,gBAAA,OAAO,qBAAA;AAAA,cACT;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO,YAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAKD,SAAS,yBAAyB,OAAA,EAAgD;AAChF,EAAA,MAAM,SAAA,GAAY,OAAA,CAAQ,YAAY,CAAA,IAAK,QAAQ,YAAY,CAAA;AAC/D,EAAA,IAAI,CAAC,WAAW,OAAO,IAAA;AAEvB,EAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,KAAA,CAAM,UAAU,CAAA;AACxC,EAAA,OAAO,KAAA,GAAS,KAAA,CAAM,CAAC,CAAA,IAAK,IAAA,GAAQ,IAAA;AACtC;AAMO,IAAM,yBAAyBH,mCAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,UAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBI,2CAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,MAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AACxC,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAC7C,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAmC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACxE,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,cAAA,CAAe,OAAO,CAAA;AAC9C,MAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAGlB,MAAA,IAAI,KAAA;AACJ,MAAA,IAAI,WAAA;AAEJ,MAAA,IAAI,IAAA,EAAM;AACR,QAAA,IAAI;AACF,UAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,QAAA,CAAS,IAAI,CAAA;AAChC,UAAA,WAAA,GAAc,MAAM,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA;AAAA,QAC9C,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,IAAA,CAAK,EAAA;AAAA,QACT,OAAO,IAAA,CAAK,KAAA;AAAA,QACZ,MAAM,IAAA,CAAK,IAAA;AAAA,QACX,WAAW,IAAA,CAAK,SAAA;AAAA,QAChB,KAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOD,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,sBAAsBH,mCAAA,CAAkB;AAAA,EACnD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkBK,qCAAA;AAAA,EAClB,OAAA,EAAS,oBAAA;AAAA,EACT,WAAA,EAAa,4DAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,YAAA,EAAc,OAAA,EAAS,aAAY,GAAI,GAAA;AACvD,MAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AACxC,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,aAAa,CAAA,EAAG;AACpE,QAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,sBAAsB,CAAA;AAAA,MAChE;AAGA,MAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,MAAA,MAAM,GAAA,GAAA,CAAQ,WAAA,IAA0B,MAAA,EAAQ,IAAA,EAAK;AACrD,MAAA,MAAM,YAAY,GAAA,CAAI,UAAA,CAAW,GAAG,CAAA,GAAI,GAAA,GAAM,IAAI,GAAG,CAAA,CAAA;AACrD,MAAA,MAAM,MAAA,GAAS,UAAU,QAAA,CAAS,GAAG,IAAI,SAAA,CAAU,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,SAAA;AAClE,MAAA,MAAM,gBAAA,GAAmB,CAAA,EAAG,MAAM,CAAA,EAAG,MAAM,CAAA,kBAAA,CAAA;AAO3C,MAAA,IAAI,iBAAA,GAAoB,GAAA;AACxB,MAAA,IAAI,YAAA,EAAc;AAChB,QAAA,IAAI,CAAC,YAAA,CAAa,UAAA,CAAW,MAAM,CAAA,EAAG;AAEpC,UAAA,iBAAA,GAAoB,YAAA;AAAA,QACtB,CAAA,MAAO;AACL,UAAA,IAAI;AACF,YAAA,MAAM,WAAA,GAAc,IAAI,GAAA,CAAI,YAAY,CAAA;AACxC,YAAA,MAAM,aAAA,GAAgB,IAAI,GAAA,CAAI,MAAM,CAAA;AACpC,YAAA,MAAM,OAAA,GAAU,WAAA,CAAY,QAAA,KAAa,OAAA,IAAW,YAAY,QAAA,KAAa,QAAA;AAC7E,YAAA,MAAM,YAAA,GAAe,WAAA,CAAY,MAAA,KAAW,aAAA,CAAc,MAAA;AAC1D,YAAA,MAAM,WAAA,GACJ,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,WAAA,IACzB,YAAY,QAAA,KAAa,OAAA;AAC3B,YAAA,IAAI,OAAA,KAAY,gBAAgB,WAAA,CAAA,EAAc;AAC5C,cAAA,iBAAA,GAAoB,YAAA;AAAA,YACtB;AAAA,UACF,CAAA,CAAA,MAAQ;AAAA,UAER;AAAA,QACF;AAAA,MACF;AACA,MAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,MAAA,MAAM,QAAQ,CAAA,EAAG,OAAO,CAAA,CAAA,EAAI,kBAAA,CAAmB,iBAAiB,CAAC,CAAA,CAAA;AAEjE,MAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,OAAA,CAAQ,KAAK,WAAA,CAAY,gBAAA,EAAkB,KAAK,CAAC,CAAA;AAGhF,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,iBAAiB,CAAA,IAAK,KAAK,eAAA,EAAiB;AACtF,QAAA,MAAM,OAAA,GAAU,IAAA,CAAK,eAAA,CAAgB,gBAAA,EAAkB,KAAK,CAAA;AAC5D,QAAA,IAAI,SAAS,MAAA,EAAQ;AAEnB,UAAA,KAAA,MAAW,UAAU,OAAA,EAAS;AAC5B,YAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,UACrC;AAAA,QACF;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,IAAA,CAAK,SAAA,CAAU,EAAE,GAAA,EAAK,QAAA,EAAU,CAAA,EAAG,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IACjF,SAAS,KAAA,EAAO;AACd,MAAA,OAAOH,6BAAA,CAAY,OAAO,4BAA4B,CAAA;AAAA,IACxD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,yBAAyBH,mCAAA,CAAkB;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,oBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,gBAAA,EAAkBO,wCAAA;AAAA,EAClB,OAAA,EAAS,qBAAA;AAAA,EACT,WAAA,EAAa,mFAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,SAAQ,GAAI,GAAA;AACzC,IAAkB,gBAAgB,OAAO;AAGzC,IAAA,MAAM,OAAA,GAAU,gBAAgB,OAAO,CAAA;AAGvC,IAAA,IAAI,UAAA,GAAa,GAAA;AACjB,IAAA,IAAI,UAAU,KAAA,IAAS,EAAA;AACvB,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,QAAA,CAAS,GAAG,CAAA,EAAG;AAChC,MAAA,MAAM,CAAC,EAAA,EAAI,eAAe,IAAI,KAAA,CAAM,KAAA,CAAM,KAAK,CAAC,CAAA;AAChD,MAAA,OAAA,GAAU,EAAA;AACV,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,mBAAmB,eAAe,CAAA;AAAA,MACjD,CAAA,CAAA,MAAQ;AACN,QAAA,UAAA,GAAa,GAAA;AAAA,MACf;AAAA,IACF;AAMA,IAAA,IAAI,gBAAA;AACJ,IAAA,IAAI,UAAA,CAAW,UAAA,CAAW,MAAM,CAAA,EAAG;AACjC,MAAA,IAAI;AACF,QAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,UAAU,CAAA;AACjC,QAAA,MAAM,UAAA,GAAa,IAAI,GAAA,CAAI,OAAO,CAAA;AAClC,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,QAAA,KAAa,OAAA,IAAW,OAAO,QAAA,KAAa,QAAA;AACnE,QAAA,MAAM,YAAA,GAAe,MAAA,CAAO,MAAA,KAAW,UAAA,CAAW,MAAA;AAClD,QAAA,MAAM,WAAA,GACJ,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,WAAA,IAAe,OAAO,QAAA,KAAa,OAAA;AAC5F,QAAA,gBAAA,GAAmB,OAAA,KAAY,YAAA,IAAgB,WAAA,CAAA,GAAe,UAAA,GAAa,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MACvF,CAAA,CAAA,MAAQ;AACN,QAAA,gBAAA,GAAmB,GAAG,OAAO,CAAA,CAAA,CAAA;AAAA,MAC/B;AAAA,IACF,CAAA,MAAO;AACL,MAAA,gBAAA,GAAmB,CAAA,EAAG,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAAA,IAC5C;AAEA,IAAA,IAAI;AAIF,MAAA,IAAI,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,IAAI,CAAA;AAGvC,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,IAAA,GAAO,eAAA,CAAgB,QAAQ,KAAK,CAAA;AAAA,MACtC;AAEA,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAAkC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AACvE,QAAA,OAAO,QAAA,CAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,6BAA6B,GAAG,CAAA;AAAA,MAC9E;AAGA,MAAA,MAAM,eAAA,GAAkB,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACpD,MAAA,IAAI,OAAQ,IAAA,CAAa,uBAAA,KAA4B,UAAA,EAAY;AAC/D,QAAC,IAAA,CAAa,wBAAwB,eAAe,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,MAAA,GAAU,MAAM,IAAA,CAAK,cAAA,CAAe,MAAM,OAAO,CAAA;AACvD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAGpB,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,EAAQ;AAC5B,MAAA,OAAA,CAAQ,GAAA,CAAI,YAAY,gBAAgB,CAAA;AAGxC,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF,WAAW,mBAAA,CAAsC,IAAA,EAAM,eAAe,CAAA,IAAK,OAAO,MAAA,EAAQ;AAExF,QAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,aAAA,CAAc,KAAK,EAAA,EAAI;AAAA,UAChD,WAAA,EAAa,OAAO,MAAA,CAAO,WAAA;AAAA,UAC3B,YAAA,EAAc,OAAO,MAAA,CAAO,YAAA;AAAA,UAC5B,SAAA,EAAW,OAAO,MAAA,CAAO,SAAA;AAAA,UACzB,gBAAiB,IAAA,CAAa;AAAA,SAC/B,CAAA;AACD,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,OAAO,CAAA;AACrD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AAEd,MAAA,MAAM,eAAe,kBAAA,CAAmB,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,UAAU,eAAe,CAAA;AAChG,MAAA,OAAO,SAAS,QAAA,CAAS,CAAA,EAAG,gBAAgB,CAAA,OAAA,EAAU,YAAY,IAAI,GAAG,CAAA;AAAA,IAC3E;AAAA,EACF;AACF,CAAC;AAMM,IAAM,oBAAoBP,mCAAA,CAAkB;AAAA,EACjD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,cAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,OAAA,EAAS,QAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,IAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,EAAM;AACT,QAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,UACrD,MAAA,EAAQ,GAAA;AAAA,UACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,SAC/C,CAAA;AAAA,MACH;AAGA,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EAAG;AAC1E,QAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,QAAA,IAAI,SAAA,IAAa,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,EAAG;AAC9E,UAAA,MAAM,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,QACrC;AAAA,MACF;AAGA,MAAA,IAAI,UAAA;AACJ,MAAA,IAAI,mBAAA,CAAkC,IAAA,EAAM,cAAc,CAAA,IAAK,KAAK,YAAA,EAAc;AAEhF,QAAA,MAAM,MAAA,GAAS,gBAAgB,OAAO,CAAA;AACtC,QAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,YAAA,CAAa,QAAQ,OAAO,CAAA;AACzD,QAAA,UAAA,GAAa,SAAA,IAAa,MAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAGlE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,wBAAwB,CAAA,EAAG;AACzE,QAAA,MAAM,YAAA,GAAe,KAAK,sBAAA,EAAuB;AACjD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,YAAY,CAAA,EAAG;AACvD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,UAAA,EAAY,CAAA,EAAG;AAAA,QACjE,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAOG,6BAAA,CAAY,OAAO,mBAAmB,CAAA;AAAA,IAC/C;AAAA,EACF;AACF,CAAC;AAMM,IAAM,qBAAqBH,mCAAA,CAAkB;AAAA,EAClD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,eAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,cAAA,EAAgBQ,uCAAA;AAAA,EAChB,OAAA,EAAS,iBAAA;AAAA,EACT,WAAA,EAAa,4FAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,GAAA;AAC5B,IAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IACE,CAAC,IAAA,IACD,CAAC,mBAAA,CAAsC,IAAA,EAAM,gBAAgB,CAAA,IAC7D,CAAC,mBAAA,CAAsC,IAAA,EAAM,yBAAyB,CAAA,EACtE;AACA,QAAA,MAAM,IAAIF,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,kCAAkC,CAAA;AAAA,MAC5E;AAGA,MAAA,MAAM,SAAA,GAAY,IAAA,CAAK,uBAAA,CAAwB,OAAO,CAAA;AACtD,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,cAAc,CAAA;AAAA,MACxD;AAGA,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,cAAA,CAAe,SAAS,CAAA;AACtD,MAAA,IAAI,CAAC,UAAA,EAAY;AACf,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,mBAAmB,CAAA;AAAA,MAC7D;AAGA,MAAA,MAAM,UAAU,IAAI,OAAA,CAAQ,EAAE,cAAA,EAAgB,oBAAoB,CAAA;AAClE,MAAA,IAAI,mBAAA,CAAsC,IAAA,EAAM,mBAAmB,CAAA,EAAG;AACpE,QAAA,MAAM,cAAA,GAAiB,IAAA,CAAK,iBAAA,CAAkB,UAAU,CAAA;AACxD,QAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,cAAc,CAAA,EAAG;AACzD,UAAA,OAAA,CAAQ,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,QAC3B;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,SAAS,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA,EAAG;AAAA,QACrD,MAAA,EAAQ,GAAA;AAAA,QACR;AAAA,OACD,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOH,6BAAA,CAAY,OAAO,0BAA0B,CAAA;AAAA,IACtD;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiCH,mCAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAYS,6CAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,+CAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,UAAS,GAAI,GAAA;AAC7C,IAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAIH,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,MAAA,CAAO,KAAA,EAAO,UAAU,OAAO,CAAA;AACzD,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAE1C,MAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,IACvE;AAAA,EACF;AACF,CAAC;AAMM,IAAM,iCAAiCN,mCAAA,CAAkB;AAAA,EAC9D,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,UAAA,EAAYU,6CAAA;AAAA,EACZ,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,qDAAA;AAAA,EACb,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,KAAA,EAAO,QAAA,EAAU,MAAK,GAAI,GAAA;AACnD,IAAA,MAAM,QAAA,GAAW,gBAAgB,OAAO,CAAA;AAExC,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,GAAO,eAAA,CAAgB,MAAA,EAAQ,QAAQ,CAAA;AAE7C,MAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,mBAAA,CAA0C,IAAA,EAAM,QAAQ,CAAA,EAAG;AACvE,QAAA,MAAM,IAAIJ,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,MACvF;AAEA,MAAA,MAAM,SAAS,MAAM,IAAA,CAAK,OAAO,KAAA,EAAO,QAAA,EAAU,MAAM,OAAO,CAAA;AAC/D,MAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,MAAA,MAAM,YAAA,GAAe,KAAK,SAAA,CAAU;AAAA,QAClC,IAAA,EAAM;AAAA,UACJ,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,OAAO,IAAA,CAAK,KAAA;AAAA,UACZ,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,WAAW,IAAA,CAAK;AAAA,SAClB;AAAA,QACA,OAAO,MAAA,CAAO;AAAA,OACf,CAAA;AAGD,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ;AAAA,QAC1B,cAAA,EAAgB;AAAA,OACjB,CAAA;AAGD,MAAA,IAAI,MAAA,CAAO,SAAS,MAAA,EAAQ;AAC1B,QAAA,KAAA,MAAW,MAAA,IAAU,OAAO,OAAA,EAAS;AACnC,UAAA,OAAA,CAAQ,MAAA,CAAO,cAAc,MAAM,CAAA;AAAA,QACrC;AAAA,MACF;AAEA,MAAA,OAAO,IAAI,QAAA,CAAS,YAAA,EAAc,EAAE,MAAA,EAAQ,GAAA,EAAK,SAAS,CAAA;AAAA,IAC5D,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,MAAMK,UAAU,GAAA,CAAY,MAAA;AAC5B,MAAAA,OAAAA,EAAQ,SAAA,IAAY,EAAG,KAAA,CAAM,eAAA,EAAiB;AAAA,QAC5C,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,EAAE,OAAA,EAAS,MAAM,OAAA,EAAS,KAAA,EAAO,KAAA,CAAM,KAAA,EAAM,GAAI;AAAA,OAClF,CAAA;AACD,MAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,4BAA4B,CAAA;AAAA,IACtE;AAAA,EACF;AACF,CAAC;AAMD,IAAM,yBAAA,GAA4BM,KAAE,MAAA,CAAO,EAAE,QAAQA,IAAA,CAAE,MAAA,IAAU,CAAA;AACjE,IAAM,6BAAA,GAAgCA,IAAA,CAAE,MAAA,CAAO,EAAE,QAAQA,IAAA,CAAE,MAAA,EAAO,EAAG,WAAA,EAAaA,KAAE,KAAA,CAAMA,IAAA,CAAE,MAAA,EAAQ,GAAG,CAAA;AAEhG,IAAM,6BAA6BC,6BAAA,CAAY;AAAA,EACpD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,iCAAA;AAAA,EACN,YAAA,EAAc,IAAA;AAAA,EACd,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,cAAA,EAAgB,6BAAA;AAAA,EAChB,OAAA,EAAS,4BAAA;AAAA,EACT,WAAA,EACE,2HAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,OAAA,EAAS,OAAM,GAAA,KAAO;AACpB,IAAA,IAAI;AACF,MAAA,MAAM,EAAE,MAAA,EAAQ,cAAA,EAAgB,MAAA,EAAO,GAAI,GAAA;AAG3C,MAAA,MAAM,iBAAA,GAA8B,cAAA,EAAgB,GAAA,CAAIC,6CAA2B,KAAK,EAAC;AACzF,MAAA,MAAM,OAAA,GAAU,kBAAkB,IAAA,CAAK,CAAC,MAAc,CAAA,KAAM,GAAA,IAAO,MAAM,KAAK,CAAA;AAC9E,MAAA,IAAI,CAAC,OAAA,EAAS;AACZ,QAAA,MAAM,IAAIR,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,yBAAyB,CAAA;AAAA,MACnE;AAEA,MAAA,MAAM,IAAA,GAAO,gBAAgB,MAAM,CAAA;AACnC,MAAA,IAAI,CAAC,MAAM,qBAAA,EAAuB;AAChC,QAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6DAA6D,CAAA;AAAA,MACvG;AAEA,MAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,qBAAA,CAAsB,MAAM,CAAA;AAC3D,MAAA,OAAO,EAAE,QAAQ,WAAA,EAAY;AAAA,IAC/B,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,KAAA,YAAiBA,iCAAe,MAAM,KAAA;AAC1C,MAAA,OAAOH,6BAAA,CAAY,OAAO,gCAAgC,CAAA;AAAA,IAC5D;AAAA,EACF;AACF,CAAC;AAMM,IAAM,gCAAgCU,6BAAA,CAAY;AAAA,EACvD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,2BAAA;AAAA,EACN,YAAA,EAAc,IAAA;AAAA,EACd,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgBE,kDAAA;AAAA,EAChB,OAAA,EAAS,gCAAA;AAAA,EACT,WAAA,EACE,qKAAA;AAAA,EACF,IAAA,EAAM,CAAC,MAAM,CAAA;AAAA,EACb,SAAS,YAAY;AACnB,IAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,EAAuB;AAC9C,IAAA,OAAO,EAAE,QAAA,EAAU,MAAA,CAAO,KAAK,QAAA,IAAY,EAAE,CAAA,EAAE;AAAA,EACjD;AACF,CAAC;AAMM,IAAM,WAAA,GAAc;AAAA,EACzB,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,sBAAA;AAAA,EACA,iBAAA;AAAA,EACA,kBAAA;AAAA,EACA,8BAAA;AAAA,EACA,8BAAA;AAAA,EACA,0BAAA;AAAA,EACA;AACF","file":"chunk-DD2HU3Y5.cjs","sourcesContent":["/**\n * Auth handlers for EE authentication capabilities.\n *\n * These routes enable Studio to:\n * - Detect available auth capabilities\n * - Initiate SSO login flows\n * - Handle OAuth callbacks\n * - Logout users\n */\n\nimport type {\n IUserProvider,\n ISessionProvider,\n ISSOProvider,\n ICredentialsProvider,\n SSOCallbackResult,\n} from '@mastra/core/auth';\nimport type { IRBACProvider, IFGAProvider, EEUser } from '@mastra/core/auth/ee';\nimport type { MastraAuthProvider } from '@mastra/core/server';\n\nimport { z } from 'zod/v4';\nimport { supportsSessionRefresh } from '../auth/helpers';\nimport { MASTRA_USER_PERMISSIONS_KEY, MASTRA_CLIENT_TYPE_HEADER, isStudioClientTypeHeader } from '../constants';\nimport { HTTPException } from '../http-exception';\nimport {\n capabilitiesResponseSchema,\n ssoLoginQuerySchema,\n ssoCallbackQuerySchema,\n currentUserResponseSchema,\n credentialsSignInBodySchema,\n credentialsSignUpBodySchema,\n refreshResponseSchema,\n permissionPatternsResponseSchema,\n} from '../schemas/auth';\nimport { createPublicRoute, createRoute } from '../server-adapter/routes/route-builder';\nimport { handleError } from './error';\n\ntype BuildCapabilitiesFn = (\n auth: any,\n request: Request,\n options?: { rbac?: any; fga?: any; apiPrefix?: string },\n) => Promise<any>;\nlet _buildCapabilitiesPromise: Promise<BuildCapabilitiesFn | undefined> | undefined;\nfunction loadBuildCapabilities(): Promise<BuildCapabilitiesFn | undefined> {\n if (!_buildCapabilitiesPromise) {\n _buildCapabilitiesPromise = import('@mastra/core/auth/ee')\n .then(m => m.buildCapabilities as BuildCapabilitiesFn)\n .catch(() => {\n console.error(\n '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n );\n return undefined;\n });\n }\n return _buildCapabilitiesPromise;\n}\n\nlet _permissionPatternsPromise: Promise<Record<string, unknown> | undefined> | undefined;\nfunction loadPermissionPatterns(): Promise<Record<string, unknown> | undefined> {\n if (!_permissionPatternsPromise) {\n _permissionPatternsPromise = import('@mastra/core/auth/ee')\n .then(m => m.PERMISSION_PATTERNS as Record<string, unknown>)\n .catch(() => {\n console.error(\n '[@mastra/server] EE auth features require @mastra/core >= 1.6.0. Please upgrade: npm install @mastra/core@latest',\n );\n return undefined;\n });\n }\n return _permissionPatternsPromise;\n}\n\n/**\n * Helper to get auth provider from Mastra instance.\n *\n * Dual auth is OPT-IN: if studio.auth is explicitly configured, Studio requests\n * use it exclusively. Otherwise, Studio requests fall back to server.auth for\n * backward compatibility.\n */\nfunction getAuthProvider(mastra: any, isStudio?: boolean): MastraAuthProvider | null {\n // Check if studio.auth is explicitly configured\n const studioConfig = mastra.getStudio?.();\n const hasStudioAuth = studioConfig?.auth && typeof studioConfig.auth.authenticateToken === 'function';\n\n // If this is a Studio request AND studio.auth is configured, use it exclusively\n if (isStudio && hasStudioAuth) {\n return studioConfig.auth as MastraAuthProvider;\n }\n\n // Otherwise (non-studio request, OR studio request without studio.auth configured),\n // fall back to server.auth for backward compatibility\n const serverConfig = mastra.getServer?.();\n if (!serverConfig?.auth) return null;\n\n // Auth can be either MastraAuthConfig or MastraAuthProvider\n // If it has authenticateToken method, it's a provider\n if (typeof serverConfig.auth.authenticateToken === 'function') {\n return serverConfig.auth as MastraAuthProvider;\n }\n\n return null;\n}\n\n/**\n * Check if the request is from Studio (via x-mastra-client-type header).\n */\nfunction isStudioRequest(request: Request): boolean {\n return isStudioClientTypeHeader(request.headers.get(MASTRA_CLIENT_TYPE_HEADER) ?? undefined);\n}\n\n/**\n * Get the public-facing origin from a request, respecting reverse proxy headers.\n * Behind a proxy (e.g. edge router), request.url contains the internal hostname,\n * so we rely on forwarded headers to reconstruct the real public origin.\n *\n * Assumes the server is behind a trusted proxy (or running locally). When\n * exposed directly to untrusted clients, the Host header is attacker-controlled\n * and must be validated upstream.\n *\n * Priority:\n * 1. X-Forwarded-Host (traditional reverse proxy) → always HTTPS. Knative's\n * queue-proxy overwrites X-Forwarded-Proto based on the internal HTTP\n * connection, so X-Forwarded-Proto is ignored here.\n * 2. Host header with X-Forwarded-Proto (AWS ALB, some proxies) → respect proto.\n * 3. Host header alone → use the scheme from request.url (covers both direct\n * HTTP access and proxies that preserve Host but don't set a proto header).\n * 4. No Host header → fall back to request.url.origin (local dev / direct access).\n */\nexport function getPublicOrigin(request: Request): string {\n const forwardedHost = request.headers.get('x-forwarded-host')?.split(',')[0]?.trim();\n if (forwardedHost) {\n return `https://${forwardedHost}`;\n }\n\n const host = request.headers.get('host');\n if (host) {\n const forwardedProto = request.headers.get('x-forwarded-proto')?.split(',')[0]?.trim();\n const proto = forwardedProto || new URL(request.url).protocol.replace(':', '');\n return `${proto}://${host}`;\n }\n\n return new URL(request.url).origin;\n}\n\n/**\n * Helper to get RBAC provider from Mastra config.\n * Checks studio config first when isStudio is true.\n */\nfunction getRBACProvider(mastra: any, isStudio?: boolean): IRBACProvider<EEUser> | undefined {\n if (isStudio) {\n const studioConfig = mastra.getStudio?.();\n if (studioConfig?.rbac) {\n return studioConfig.rbac as IRBACProvider<EEUser>;\n }\n }\n const serverConfig = mastra.getServer?.();\n return serverConfig?.rbac as IRBACProvider<EEUser> | undefined;\n}\n\n/**\n * Helper to get FGA provider from Mastra config.\n * Checks studio config first when isStudio is true.\n */\nfunction getFGAProvider(mastra: any, isStudio?: boolean): IFGAProvider<EEUser> | undefined {\n if (isStudio) {\n const studioConfig = mastra.getStudio?.();\n if (studioConfig?.fga) {\n return studioConfig.fga as IFGAProvider<EEUser>;\n }\n }\n const serverConfig = mastra.getServer?.();\n return serverConfig?.fga as IFGAProvider<EEUser> | undefined;\n}\n\n/**\n * Type guard to check if auth provider implements an interface.\n */\nfunction implementsInterface<T>(auth: unknown, method: keyof T): auth is T {\n return auth !== null && typeof auth === 'object' && typeof (auth as any)[method] === 'function';\n}\n\n// ============================================================================\n// GET /auth/capabilities\n// ============================================================================\n\nexport const GET_AUTH_CAPABILITIES_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/capabilities',\n responseType: 'json',\n responseSchema: capabilitiesResponseSchema,\n summary: 'Get auth capabilities',\n description:\n 'Returns authentication capabilities and current user info. Used by Studio to determine available features and user state.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, request, routePrefix } = ctx as any;\n\n // Check if this is a Studio request (via x-mastra-client-type header)\n const isStudio = isStudioRequest(request);\n\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth) {\n return { enabled: false, login: null };\n }\n\n const rbac = getRBACProvider(mastra, isStudio);\n const fga = getFGAProvider(mastra, isStudio);\n\n const buildCapabilities = await loadBuildCapabilities();\n if (!buildCapabilities) {\n return { enabled: false, login: null };\n }\n const capabilities = await buildCapabilities(auth, request, { rbac, fga, apiPrefix: routePrefix });\n\n // If capabilities came back without a user, the session may have expired.\n // Attempt a transparent refresh (same logic as coreAuthMiddleware) and retry.\n if (!('user' in capabilities) && supportsSessionRefresh(auth)) {\n try {\n const sessionId = await auth.getSessionIdFromRequest(request);\n if (sessionId) {\n const refreshedSession = await auth.refreshSession(sessionId);\n if (refreshedSession) {\n const sessionHeaders = await auth.getSessionHeaders(refreshedSession);\n const cookieValue = extractCookieFromHeaders(sessionHeaders);\n if (cookieValue) {\n // Rebuild capabilities with the refreshed cookie\n const refreshedRequest = new Request(request.url, {\n method: request.method,\n headers: new Headers(request.headers),\n });\n refreshedRequest.headers.set('Cookie', cookieValue);\n const refreshedCapabilities = await buildCapabilities(auth, refreshedRequest, {\n rbac,\n apiPrefix: routePrefix,\n });\n\n // Attach refresh headers so the adapter can set the new cookie\n if ('user' in refreshedCapabilities) {\n (refreshedCapabilities as any).__refreshHeaders = sessionHeaders;\n }\n return refreshedCapabilities;\n }\n }\n }\n } catch {\n // Refresh failed — return original unauthenticated capabilities\n }\n }\n\n return capabilities;\n } catch (error) {\n return handleError(error, 'Error getting auth capabilities');\n }\n },\n});\n\n/**\n * Extract a full cookie string from session headers (e.g. Set-Cookie → Cookie).\n */\nfunction extractCookieFromHeaders(headers: Record<string, string>): string | null {\n const setCookie = headers['Set-Cookie'] || headers['set-cookie'];\n if (!setCookie) return null;\n // Set-Cookie value is \"name=value; Path=/; ...\" — extract \"name=value\"\n const match = setCookie.match(/^([^;]+)/);\n return match ? (match[1] ?? null) : null;\n}\n\n// ============================================================================\n// GET /auth/me\n// ============================================================================\n\nexport const GET_CURRENT_USER_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/me',\n responseType: 'json',\n responseSchema: currentUserResponseSchema,\n summary: 'Get current user',\n description: 'Returns the currently authenticated user, or null if not authenticated.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, request } = ctx as any;\n const isStudio = isStudioRequest(request);\n const auth = getAuthProvider(mastra, isStudio);\n const rbac = getRBACProvider(mastra, isStudio);\n\n if (!auth || !implementsInterface<IUserProvider>(auth, 'getCurrentUser')) {\n return null;\n }\n\n const user = await auth.getCurrentUser(request);\n if (!user) return null;\n\n // Get roles/permissions from RBAC provider if available\n let roles: string[] | undefined;\n let permissions: string[] | undefined;\n\n if (rbac) {\n try {\n roles = await rbac.getRoles(user);\n permissions = await rbac.getPermissions(user);\n } catch {\n // RBAC not available or failed\n }\n }\n\n return {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n roles,\n permissions,\n };\n } catch (error) {\n return handleError(error, 'Error getting current user');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/sso/login\n// ============================================================================\n\nexport const GET_SSO_LOGIN_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/sso/login',\n responseType: 'datastream-response',\n queryParamSchema: ssoLoginQuerySchema,\n summary: 'Initiate SSO login',\n description: 'Returns the SSO login URL and sets PKCE cookies if needed.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, redirect_uri, request, routePrefix } = ctx as any;\n const isStudio = isStudioRequest(request);\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'getLoginUrl')) {\n throw new HTTPException(404, { message: 'SSO not configured' });\n }\n\n // Build OAuth callback URI using the configured route prefix\n const origin = getPublicOrigin(request);\n const raw = ((routePrefix as string) || '/api').trim();\n const withSlash = raw.startsWith('/') ? raw : `/${raw}`;\n const prefix = withSlash.endsWith('/') ? withSlash.slice(0, -1) : withSlash;\n const oauthCallbackUri = `${origin}${prefix}/auth/sso/callback`;\n\n // Encode the post-login redirect in state (where user goes after auth completes)\n // State format: uuid|postLoginRedirect\n // Validate redirect_uri to prevent open-redirect attacks: allow relative paths,\n // same-origin URLs, and localhost URLs (for dev setups where Studio runs on a\n // different port).\n let postLoginRedirect = '/';\n if (redirect_uri) {\n if (!redirect_uri.startsWith('http')) {\n // Relative path — always safe\n postLoginRedirect = redirect_uri;\n } else {\n try {\n const redirectUrl = new URL(redirect_uri);\n const requestOrigin = new URL(origin);\n const isHttps = redirectUrl.protocol === 'http:' || redirectUrl.protocol === 'https:';\n const isSameOrigin = redirectUrl.origin === requestOrigin.origin;\n const isLocalhost =\n redirectUrl.hostname === 'localhost' ||\n redirectUrl.hostname === '127.0.0.1' ||\n redirectUrl.hostname === '[::1]';\n if (isHttps && (isSameOrigin || isLocalhost)) {\n postLoginRedirect = redirect_uri;\n }\n } catch {\n // Malformed URL — fall back to /\n }\n }\n }\n const stateId = crypto.randomUUID();\n const state = `${stateId}|${encodeURIComponent(postLoginRedirect)}`;\n\n const loginUrl = await Promise.resolve(auth.getLoginUrl(oauthCallbackUri, state));\n\n // Build response with optional PKCE cookies\n const headers = new Headers({ 'Content-Type': 'application/json' });\n\n // Check for PKCE cookies (e.g., MastraCloudAuthProvider)\n if (implementsInterface<ISSOProvider>(auth, 'getLoginCookies') && auth.getLoginCookies) {\n const cookies = auth.getLoginCookies(oauthCallbackUri, state);\n if (cookies?.length) {\n // PKCE cookies set for SSO state management\n for (const cookie of cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n }\n\n return new Response(JSON.stringify({ url: loginUrl }), { status: 200, headers });\n } catch (error) {\n return handleError(error, 'Error initiating SSO login');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/sso/callback\n// ============================================================================\n\nexport const GET_SSO_CALLBACK_ROUTE = createPublicRoute({\n method: 'GET',\n path: '/auth/sso/callback',\n responseType: 'datastream-response',\n queryParamSchema: ssoCallbackQuerySchema,\n summary: 'Handle SSO callback',\n description: 'Handles the OAuth callback, exchanges code for session, and redirects to the app.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, code, state, request } = ctx as any;\n const _isStudio = isStudioRequest(request); // Kept for potential future use; currently we prefer studio auth for SSO\n\n // Build base URL for redirects (Response.redirect requires absolute URL)\n const baseUrl = getPublicOrigin(request);\n\n // Extract post-login redirect from state (format: uuid|encodedRedirect)\n let redirectTo = '/';\n let stateId = state || '';\n if (state && state.includes('|')) {\n const [id, encodedRedirect] = state.split('|', 2);\n stateId = id;\n try {\n redirectTo = decodeURIComponent(encodedRedirect);\n } catch {\n redirectTo = '/';\n }\n }\n\n // Build absolute redirect URL.\n // The redirect_uri was validated at the login endpoint (same-origin or localhost\n // only), so the state should only contain safe URLs. We still apply defense-in-depth\n // checks here: allow http(s) same-origin or localhost, reject everything else.\n let absoluteRedirect: string;\n if (redirectTo.startsWith('http')) {\n try {\n const parsed = new URL(redirectTo);\n const baseOrigin = new URL(baseUrl);\n const isHttps = parsed.protocol === 'http:' || parsed.protocol === 'https:';\n const isSameOrigin = parsed.origin === baseOrigin.origin;\n const isLocalhost =\n parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1' || parsed.hostname === '[::1]';\n absoluteRedirect = isHttps && (isSameOrigin || isLocalhost) ? redirectTo : `${baseUrl}/`;\n } catch {\n absoluteRedirect = `${baseUrl}/`;\n }\n } else {\n absoluteRedirect = `${baseUrl}${redirectTo}`;\n }\n\n try {\n // For SSO callback, the redirect from the identity provider won't include\n // the x-mastra-client-type header. Prefer studio auth for SSO (it's the\n // typical SSO use case), fall back to server auth only if studio doesn't exist.\n let auth = getAuthProvider(mastra, true); // Try studio first\n\n // If studio doesn't have SSO, fall back to server\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n auth = getAuthProvider(mastra, false);\n }\n\n if (!auth || !implementsInterface<ISSOProvider>(auth, 'handleCallback')) {\n return Response.redirect(`${absoluteRedirect}?error=sso_not_configured`, 302);\n }\n\n // Pass cookie header to provider for PKCE validation (if supported)\n const reqCookieHeader = request.headers.get('cookie');\n if (typeof (auth as any).setCallbackCookieHeader === 'function') {\n (auth as any).setCallbackCookieHeader(reqCookieHeader);\n }\n\n const result = (await auth.handleCallback(code, stateId)) as SSOCallbackResult<EEUser>;\n const user = result.user as EEUser;\n\n // Build response headers (session cookies, etc.)\n const headers = new Headers();\n headers.set('Location', absoluteRedirect);\n\n // Set session cookies from the SSO result\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n } else if (implementsInterface<ISessionProvider>(auth, 'createSession') && result.tokens) {\n // Fallback: Create session manually for providers without cookie support\n const session = await auth.createSession(user.id, {\n accessToken: result.tokens.accessToken,\n refreshToken: result.tokens.refreshToken,\n expiresAt: result.tokens.expiresAt,\n organizationId: (user as any).organizationId,\n });\n const sessionHeaders = auth.getSessionHeaders(session);\n for (const [key, value] of Object.entries(sessionHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(null, {\n status: 302,\n headers,\n });\n } catch (error) {\n // Redirect with error (use absolute URL)\n const errorMessage = encodeURIComponent(error instanceof Error ? error.message : 'Unknown error');\n return Response.redirect(`${absoluteRedirect}?error=${errorMessage}`, 302);\n }\n },\n});\n\n// ============================================================================\n// POST /auth/logout\n// ============================================================================\n\nexport const POST_LOGOUT_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/logout',\n responseType: 'datastream-response',\n summary: 'Logout',\n description: 'Destroys the current session and returns logout redirect URL if available.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request } = ctx as any;\n const isStudio = isStudioRequest(request);\n\n try {\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth) {\n return new Response(JSON.stringify({ success: true }), {\n status: 200,\n headers: { 'Content-Type': 'application/json' },\n });\n }\n\n // Get session ID and destroy it\n if (implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')) {\n const sessionId = auth.getSessionIdFromRequest(request);\n if (sessionId && implementsInterface<ISessionProvider>(auth, 'destroySession')) {\n await auth.destroySession(sessionId);\n }\n }\n\n // Get logout URL if available\n let redirectTo: string | undefined;\n if (implementsInterface<ISSOProvider>(auth, 'getLogoutUrl') && auth.getLogoutUrl) {\n // Use public origin (respects X-Forwarded-Host behind reverse proxy)\n const origin = getPublicOrigin(request);\n const logoutUrl = await auth.getLogoutUrl(origin, request);\n redirectTo = logoutUrl ?? undefined;\n }\n\n // Build response with session clearing headers\n const headers = new Headers({ 'Content-Type': 'application/json' });\n\n // Clear session cookie\n if (implementsInterface<ISessionProvider>(auth, 'getClearSessionHeaders')) {\n const clearHeaders = auth.getClearSessionHeaders();\n for (const [key, value] of Object.entries(clearHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(JSON.stringify({ success: true, redirectTo }), {\n status: 200,\n headers,\n });\n } catch (error) {\n return handleError(error, 'Error logging out');\n }\n },\n});\n\n// ============================================================================\n// POST /auth/refresh\n// ============================================================================\n\nexport const POST_REFRESH_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/refresh',\n responseType: 'datastream-response',\n responseSchema: refreshResponseSchema,\n summary: 'Refresh session',\n description: 'Refreshes the current session, extending its expiry. Sets a new session cookie on success.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request } = ctx as any;\n const isStudio = isStudioRequest(request);\n\n try {\n const auth = getAuthProvider(mastra, isStudio);\n\n if (\n !auth ||\n !implementsInterface<ISessionProvider>(auth, 'refreshSession') ||\n !implementsInterface<ISessionProvider>(auth, 'getSessionIdFromRequest')\n ) {\n throw new HTTPException(404, { message: 'Session refresh not configured' });\n }\n\n // Get session ID from request\n const sessionId = auth.getSessionIdFromRequest(request);\n if (!sessionId) {\n throw new HTTPException(401, { message: 'No session' });\n }\n\n // Refresh the session\n const newSession = await auth.refreshSession(sessionId);\n if (!newSession) {\n throw new HTTPException(401, { message: 'Session expired' });\n }\n\n // Build response with new session headers\n const headers = new Headers({ 'Content-Type': 'application/json' });\n if (implementsInterface<ISessionProvider>(auth, 'getSessionHeaders')) {\n const sessionHeaders = auth.getSessionHeaders(newSession);\n for (const [key, value] of Object.entries(sessionHeaders)) {\n headers.append(key, value);\n }\n }\n\n return new Response(JSON.stringify({ success: true }), {\n status: 200,\n headers,\n });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error refreshing session');\n }\n },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-in\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_IN_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/credentials/sign-in',\n responseType: 'datastream-response',\n bodySchema: credentialsSignInBodySchema,\n summary: 'Sign in with credentials',\n description: 'Authenticates a user with email and password.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request, email, password } = ctx as any;\n const isStudio = isStudioRequest(request);\n\n try {\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signIn')) {\n throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n }\n\n const result = await auth.signIn(email, password, request);\n const user = result.user as EEUser;\n\n const responseBody = JSON.stringify({\n user: {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n },\n token: result.token,\n });\n\n // Build response headers, including cookies from the auth provider\n const headers = new Headers({\n 'Content-Type': 'application/json',\n });\n\n // Forward session cookies from the auth provider\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n\n return new Response(responseBody, { status: 200, headers });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n // Return a generic error for auth failures to avoid leaking info\n throw new HTTPException(401, { message: 'Invalid email or password' });\n }\n },\n});\n\n// ============================================================================\n// POST /auth/credentials/sign-up\n// ============================================================================\n\nexport const POST_CREDENTIALS_SIGN_UP_ROUTE = createPublicRoute({\n method: 'POST',\n path: '/auth/credentials/sign-up',\n responseType: 'datastream-response',\n bodySchema: credentialsSignUpBodySchema,\n summary: 'Sign up with credentials',\n description: 'Creates a new user account with email and password.',\n tags: ['Auth'],\n handler: async ctx => {\n const { mastra, request, email, password, name } = ctx as any;\n const isStudio = isStudioRequest(request);\n\n try {\n const auth = getAuthProvider(mastra, isStudio);\n\n if (!auth || !implementsInterface<ICredentialsProvider>(auth, 'signUp')) {\n throw new HTTPException(404, { message: 'Credentials authentication not configured' });\n }\n\n const result = await auth.signUp(email, password, name, request);\n const user = result.user as EEUser;\n\n const responseBody = JSON.stringify({\n user: {\n id: user.id,\n email: user.email,\n name: user.name,\n avatarUrl: user.avatarUrl,\n },\n token: result.token,\n });\n\n // Build response headers, including cookies from the auth provider\n const headers = new Headers({\n 'Content-Type': 'application/json',\n });\n\n // Forward session cookies from the auth provider\n if (result.cookies?.length) {\n for (const cookie of result.cookies) {\n headers.append('Set-Cookie', cookie);\n }\n }\n\n return new Response(responseBody, { status: 200, headers });\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n const mastra = (ctx as any).mastra;\n mastra?.getLogger?.()?.error('Sign-up error', {\n error: error instanceof Error ? { message: error.message, stack: error.stack } : error,\n });\n throw new HTTPException(400, { message: 'Failed to create account' });\n }\n },\n});\n\n// ============================================================================\n// GET /auth/roles/:roleId/permissions\n// ============================================================================\n\nconst rolePermissionsPathSchema = z.object({ roleId: z.string() });\nconst rolePermissionsResponseSchema = z.object({ roleId: z.string(), permissions: z.array(z.string()) });\n\nexport const GET_ROLE_PERMISSIONS_ROUTE = createRoute({\n method: 'GET',\n path: '/auth/roles/:roleId/permissions',\n requiresAuth: true,\n responseType: 'json',\n pathParamSchema: rolePermissionsPathSchema,\n responseSchema: rolePermissionsResponseSchema,\n summary: 'Get permissions for a role',\n description:\n 'Returns the resolved permissions for a specific role. Only accessible by admin users. Used by the \"View as role\" feature.',\n tags: ['Auth'],\n handler: async ctx => {\n try {\n const { mastra, requestContext, roleId } = ctx as any;\n\n // Check that the caller is an admin\n const callerPermissions: string[] = requestContext?.get(MASTRA_USER_PERMISSIONS_KEY) ?? [];\n const isAdmin = callerPermissions.some((p: string) => p === '*' || p === '*:*');\n if (!isAdmin) {\n throw new HTTPException(403, { message: 'Admin access required' });\n }\n\n const rbac = getRBACProvider(mastra);\n if (!rbac?.getPermissionsForRole) {\n throw new HTTPException(404, { message: 'RBAC provider does not support role permission resolution' });\n }\n\n const permissions = await rbac.getPermissionsForRole(roleId);\n return { roleId, permissions };\n } catch (error) {\n if (error instanceof HTTPException) throw error;\n return handleError(error, 'Error getting role permissions');\n }\n },\n});\n\n// ============================================================================\n// GET /auth/permission-patterns\n// ============================================================================\n\nexport const GET_PERMISSION_PATTERNS_ROUTE = createRoute({\n method: 'GET',\n path: '/auth/permission-patterns',\n requiresAuth: true,\n responseType: 'json',\n responseSchema: permissionPatternsResponseSchema,\n summary: 'List valid permission patterns',\n description:\n 'Returns the authoritative list of valid permission-pattern strings. Used by Studio to validate the route→permission literals it ships and to gate the sidebar.',\n tags: ['Auth'],\n handler: async () => {\n const patterns = await loadPermissionPatterns();\n return { patterns: Object.keys(patterns ?? {}) };\n },\n});\n\n// ============================================================================\n// Export all auth routes\n// ============================================================================\n\nexport const AUTH_ROUTES = [\n GET_AUTH_CAPABILITIES_ROUTE,\n GET_CURRENT_USER_ROUTE,\n GET_SSO_LOGIN_ROUTE,\n GET_SSO_CALLBACK_ROUTE,\n POST_LOGOUT_ROUTE,\n POST_REFRESH_ROUTE,\n POST_CREDENTIALS_SIGN_IN_ROUTE,\n POST_CREDENTIALS_SIGN_UP_ROUTE,\n GET_ROLE_PERMISSIONS_ROUTE,\n GET_PERMISSION_PATTERNS_ROUTE,\n] as const;\n"]}
@@ -2,7 +2,7 @@
2
2
 
3
3
  var chunkHXICAUTW_cjs = require('./chunk-HXICAUTW.cjs');
4
4
  var chunkZ7LCIYK7_cjs = require('./chunk-Z7LCIYK7.cjs');
5
- var chunkG54X6VE6_cjs = require('./chunk-G54X6VE6.cjs');
5
+ var chunkJ63WGHRP_cjs = require('./chunk-J63WGHRP.cjs');
6
6
  var chunk64ITUOXI_cjs = require('./chunk-64ITUOXI.cjs');
7
7
  var chunkO7I5CWRX_cjs = require('./chunk-O7I5CWRX.cjs');
8
8
  var features = require('@mastra/core/features');
@@ -127,7 +127,7 @@ function buildSkillInstallPath(filesystem, safeSkillId, requestedMount) {
127
127
  }
128
128
  return `${SKILLS_SH_DIR}/${safeSkillId}`;
129
129
  }
130
- var LIST_WORKSPACES_ROUTE = chunkG54X6VE6_cjs.createRoute({
130
+ var LIST_WORKSPACES_ROUTE = chunkJ63WGHRP_cjs.createRoute({
131
131
  method: "GET",
132
132
  path: "/workspaces",
133
133
  responseType: "json",
@@ -227,7 +227,7 @@ var LIST_WORKSPACES_ROUTE = chunkG54X6VE6_cjs.createRoute({
227
227
  }
228
228
  }
229
229
  });
230
- var GET_WORKSPACE_ROUTE = chunkG54X6VE6_cjs.createRoute({
230
+ var GET_WORKSPACE_ROUTE = chunkJ63WGHRP_cjs.createRoute({
231
231
  method: "GET",
232
232
  path: "/workspaces/:workspaceId",
233
233
  responseType: "json",
@@ -302,7 +302,7 @@ var GET_WORKSPACE_ROUTE = chunkG54X6VE6_cjs.createRoute({
302
302
  }
303
303
  }
304
304
  });
305
- var WORKSPACE_FS_READ_ROUTE = chunkG54X6VE6_cjs.createRoute({
305
+ var WORKSPACE_FS_READ_ROUTE = chunkJ63WGHRP_cjs.createRoute({
306
306
  method: "GET",
307
307
  path: "/workspaces/:workspaceId/fs/read",
308
308
  responseType: "json",
@@ -339,7 +339,7 @@ var WORKSPACE_FS_READ_ROUTE = chunkG54X6VE6_cjs.createRoute({
339
339
  }
340
340
  }
341
341
  });
342
- var WORKSPACE_FS_WRITE_ROUTE = chunkG54X6VE6_cjs.createRoute({
342
+ var WORKSPACE_FS_WRITE_ROUTE = chunkJ63WGHRP_cjs.createRoute({
343
343
  method: "POST",
344
344
  path: "/workspaces/:workspaceId/fs/write",
345
345
  responseType: "json",
@@ -377,7 +377,7 @@ var WORKSPACE_FS_WRITE_ROUTE = chunkG54X6VE6_cjs.createRoute({
377
377
  }
378
378
  }
379
379
  });
380
- var WORKSPACE_FS_LIST_ROUTE = chunkG54X6VE6_cjs.createRoute({
380
+ var WORKSPACE_FS_LIST_ROUTE = chunkJ63WGHRP_cjs.createRoute({
381
381
  method: "GET",
382
382
  path: "/workspaces/:workspaceId/fs/list",
383
383
  responseType: "json",
@@ -415,7 +415,7 @@ var WORKSPACE_FS_LIST_ROUTE = chunkG54X6VE6_cjs.createRoute({
415
415
  }
416
416
  }
417
417
  });
418
- var WORKSPACE_FS_DELETE_ROUTE = chunkG54X6VE6_cjs.createRoute({
418
+ var WORKSPACE_FS_DELETE_ROUTE = chunkJ63WGHRP_cjs.createRoute({
419
419
  method: "DELETE",
420
420
  path: "/workspaces/:workspaceId/fs/delete",
421
421
  responseType: "json",
@@ -459,7 +459,7 @@ var WORKSPACE_FS_DELETE_ROUTE = chunkG54X6VE6_cjs.createRoute({
459
459
  }
460
460
  }
461
461
  });
462
- var WORKSPACE_FS_MKDIR_ROUTE = chunkG54X6VE6_cjs.createRoute({
462
+ var WORKSPACE_FS_MKDIR_ROUTE = chunkJ63WGHRP_cjs.createRoute({
463
463
  method: "POST",
464
464
  path: "/workspaces/:workspaceId/fs/mkdir",
465
465
  responseType: "json",
@@ -493,7 +493,7 @@ var WORKSPACE_FS_MKDIR_ROUTE = chunkG54X6VE6_cjs.createRoute({
493
493
  }
494
494
  }
495
495
  });
496
- var WORKSPACE_FS_STAT_ROUTE = chunkG54X6VE6_cjs.createRoute({
496
+ var WORKSPACE_FS_STAT_ROUTE = chunkJ63WGHRP_cjs.createRoute({
497
497
  method: "GET",
498
498
  path: "/workspaces/:workspaceId/fs/stat",
499
499
  responseType: "json",
@@ -531,7 +531,7 @@ var WORKSPACE_FS_STAT_ROUTE = chunkG54X6VE6_cjs.createRoute({
531
531
  }
532
532
  }
533
533
  });
534
- var WORKSPACE_SEARCH_ROUTE = chunkG54X6VE6_cjs.createRoute({
534
+ var WORKSPACE_SEARCH_ROUTE = chunkJ63WGHRP_cjs.createRoute({
535
535
  method: "GET",
536
536
  path: "/workspaces/:workspaceId/search",
537
537
  responseType: "json",
@@ -594,7 +594,7 @@ var WORKSPACE_SEARCH_ROUTE = chunkG54X6VE6_cjs.createRoute({
594
594
  }
595
595
  }
596
596
  });
597
- var WORKSPACE_INDEX_ROUTE = chunkG54X6VE6_cjs.createRoute({
597
+ var WORKSPACE_INDEX_ROUTE = chunkJ63WGHRP_cjs.createRoute({
598
598
  method: "POST",
599
599
  path: "/workspaces/:workspaceId/index",
600
600
  responseType: "json",
@@ -629,7 +629,7 @@ var WORKSPACE_INDEX_ROUTE = chunkG54X6VE6_cjs.createRoute({
629
629
  }
630
630
  });
631
631
  var SKILLS_SH_PATH_PREFIX = `${SKILLS_SH_DIR}/`;
632
- var WORKSPACE_LIST_SKILLS_ROUTE = chunkG54X6VE6_cjs.createRoute({
632
+ var WORKSPACE_LIST_SKILLS_ROUTE = chunkJ63WGHRP_cjs.createRoute({
633
633
  method: "GET",
634
634
  path: "/workspaces/:workspaceId/skills",
635
635
  responseType: "json",
@@ -683,7 +683,7 @@ var WORKSPACE_LIST_SKILLS_ROUTE = chunkG54X6VE6_cjs.createRoute({
683
683
  }
684
684
  }
685
685
  });
686
- var WORKSPACE_GET_SKILL_ROUTE = chunkG54X6VE6_cjs.createRoute({
686
+ var WORKSPACE_GET_SKILL_ROUTE = chunkJ63WGHRP_cjs.createRoute({
687
687
  method: "GET",
688
688
  path: "/workspaces/:workspaceId/skills/:skillName",
689
689
  responseType: "json",
@@ -727,7 +727,7 @@ var WORKSPACE_GET_SKILL_ROUTE = chunkG54X6VE6_cjs.createRoute({
727
727
  }
728
728
  }
729
729
  });
730
- var WORKSPACE_LIST_SKILL_REFERENCES_ROUTE = chunkG54X6VE6_cjs.createRoute({
730
+ var WORKSPACE_LIST_SKILL_REFERENCES_ROUTE = chunkJ63WGHRP_cjs.createRoute({
731
731
  method: "GET",
732
732
  path: "/workspaces/:workspaceId/skills/:skillName/references",
733
733
  responseType: "json",
@@ -763,7 +763,7 @@ var WORKSPACE_LIST_SKILL_REFERENCES_ROUTE = chunkG54X6VE6_cjs.createRoute({
763
763
  }
764
764
  }
765
765
  });
766
- var WORKSPACE_GET_SKILL_REFERENCE_ROUTE = chunkG54X6VE6_cjs.createRoute({
766
+ var WORKSPACE_GET_SKILL_REFERENCE_ROUTE = chunkJ63WGHRP_cjs.createRoute({
767
767
  method: "GET",
768
768
  path: "/workspaces/:workspaceId/skills/:skillName/references/:referencePath",
769
769
  responseType: "json",
@@ -812,7 +812,7 @@ var WORKSPACE_GET_SKILL_REFERENCE_ROUTE = chunkG54X6VE6_cjs.createRoute({
812
812
  }
813
813
  }
814
814
  });
815
- var WORKSPACE_SEARCH_SKILLS_ROUTE = chunkG54X6VE6_cjs.createRoute({
815
+ var WORKSPACE_SEARCH_SKILLS_ROUTE = chunkJ63WGHRP_cjs.createRoute({
816
816
  method: "GET",
817
817
  path: "/workspaces/:workspaceId/skills/search",
818
818
  responseType: "json",
@@ -861,7 +861,7 @@ var WORKSPACE_SEARCH_SKILLS_ROUTE = chunkG54X6VE6_cjs.createRoute({
861
861
  }
862
862
  });
863
863
  var SKILLS_SH_API_URL = "https://skills-api-production.up.railway.app";
864
- var WORKSPACE_SKILLS_SH_SEARCH_ROUTE = chunkG54X6VE6_cjs.createRoute({
864
+ var WORKSPACE_SKILLS_SH_SEARCH_ROUTE = chunkJ63WGHRP_cjs.createRoute({
865
865
  method: "GET",
866
866
  path: "/workspaces/:workspaceId/skills-sh/search",
867
867
  responseType: "json",
@@ -898,7 +898,7 @@ var WORKSPACE_SKILLS_SH_SEARCH_ROUTE = chunkG54X6VE6_cjs.createRoute({
898
898
  }
899
899
  }
900
900
  });
901
- var WORKSPACE_SKILLS_SH_POPULAR_ROUTE = chunkG54X6VE6_cjs.createRoute({
901
+ var WORKSPACE_SKILLS_SH_POPULAR_ROUTE = chunkJ63WGHRP_cjs.createRoute({
902
902
  method: "GET",
903
903
  path: "/workspaces/:workspaceId/skills-sh/popular",
904
904
  responseType: "json",
@@ -975,7 +975,7 @@ async function fetchSkillFiles(owner, repo, skillName) {
975
975
  }
976
976
  return await response.json();
977
977
  }
978
- var WORKSPACE_SKILLS_SH_PREVIEW_ROUTE = chunkG54X6VE6_cjs.createRoute({
978
+ var WORKSPACE_SKILLS_SH_PREVIEW_ROUTE = chunkJ63WGHRP_cjs.createRoute({
979
979
  method: "GET",
980
980
  path: "/workspaces/:workspaceId/skills-sh/preview",
981
981
  responseType: "json",
@@ -1013,7 +1013,7 @@ var WORKSPACE_SKILLS_SH_PREVIEW_ROUTE = chunkG54X6VE6_cjs.createRoute({
1013
1013
  }
1014
1014
  }
1015
1015
  });
1016
- var WORKSPACE_SKILLS_SH_INSTALL_ROUTE = chunkG54X6VE6_cjs.createRoute({
1016
+ var WORKSPACE_SKILLS_SH_INSTALL_ROUTE = chunkJ63WGHRP_cjs.createRoute({
1017
1017
  method: "POST",
1018
1018
  path: "/workspaces/:workspaceId/skills-sh/install",
1019
1019
  responseType: "json",
@@ -1095,7 +1095,7 @@ var WORKSPACE_SKILLS_SH_INSTALL_ROUTE = chunkG54X6VE6_cjs.createRoute({
1095
1095
  }
1096
1096
  }
1097
1097
  });
1098
- var WORKSPACE_SKILLS_SH_REMOVE_ROUTE = chunkG54X6VE6_cjs.createRoute({
1098
+ var WORKSPACE_SKILLS_SH_REMOVE_ROUTE = chunkJ63WGHRP_cjs.createRoute({
1099
1099
  method: "POST",
1100
1100
  path: "/workspaces/:workspaceId/skills-sh/remove",
1101
1101
  responseType: "json",
@@ -1150,7 +1150,7 @@ var WORKSPACE_SKILLS_SH_REMOVE_ROUTE = chunkG54X6VE6_cjs.createRoute({
1150
1150
  }
1151
1151
  }
1152
1152
  });
1153
- var WORKSPACE_SKILLS_SH_UPDATE_ROUTE = chunkG54X6VE6_cjs.createRoute({
1153
+ var WORKSPACE_SKILLS_SH_UPDATE_ROUTE = chunkJ63WGHRP_cjs.createRoute({
1154
1154
  method: "POST",
1155
1155
  path: "/workspaces/:workspaceId/skills-sh/update",
1156
1156
  responseType: "json",
@@ -1342,5 +1342,5 @@ exports.WORKSPACE_SKILLS_SH_ROUTES = WORKSPACE_SKILLS_SH_ROUTES;
1342
1342
  exports.WORKSPACE_SKILLS_SH_SEARCH_ROUTE = WORKSPACE_SKILLS_SH_SEARCH_ROUTE;
1343
1343
  exports.WORKSPACE_SKILLS_SH_UPDATE_ROUTE = WORKSPACE_SKILLS_SH_UPDATE_ROUTE;
1344
1344
  exports.workspace_exports = workspace_exports;
1345
- //# sourceMappingURL=chunk-USU23GYD.cjs.map
1346
- //# sourceMappingURL=chunk-USU23GYD.cjs.map
1345
+ //# sourceMappingURL=chunk-EPJLXE7Z.cjs.map
1346
+ //# sourceMappingURL=chunk-EPJLXE7Z.cjs.map