@mastra/server 1.48.0 → 1.48.1-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (232) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/dist/{api-schema-manifest-4VQSWI7S.cjs → api-schema-manifest-BWKCYCQ5.cjs} +4 -4
  3. package/dist/{api-schema-manifest-4VQSWI7S.cjs.map → api-schema-manifest-BWKCYCQ5.cjs.map} +1 -1
  4. package/dist/{api-schema-manifest-RP35YQV7.js → api-schema-manifest-GOPIDVBN.js} +3 -3
  5. package/dist/{api-schema-manifest-RP35YQV7.js.map → api-schema-manifest-GOPIDVBN.js.map} +1 -1
  6. package/dist/{chunk-USYLK73B.js → chunk-2QR65733.js} +3 -3
  7. package/dist/{chunk-USYLK73B.js.map → chunk-2QR65733.js.map} +1 -1
  8. package/dist/{chunk-JBSUT5XF.js → chunk-3ENQND57.js} +3 -3
  9. package/dist/{chunk-JBSUT5XF.js.map → chunk-3ENQND57.js.map} +1 -1
  10. package/dist/{chunk-V4X6NCFW.js → chunk-3NXV3W5N.js} +35 -35
  11. package/dist/{chunk-V4X6NCFW.js.map → chunk-3NXV3W5N.js.map} +1 -1
  12. package/dist/{chunk-MDXMBAYV.js → chunk-3X6LP3LD.js} +4 -4
  13. package/dist/{chunk-MDXMBAYV.js.map → chunk-3X6LP3LD.js.map} +1 -1
  14. package/dist/{chunk-I4X4UHQW.cjs → chunk-433NHSTX.cjs} +5 -5
  15. package/dist/{chunk-I4X4UHQW.cjs.map → chunk-433NHSTX.cjs.map} +1 -1
  16. package/dist/{chunk-LAY7G3RT.cjs → chunk-4744QXJ5.cjs} +7 -7
  17. package/dist/{chunk-LAY7G3RT.cjs.map → chunk-4744QXJ5.cjs.map} +1 -1
  18. package/dist/{chunk-FR5QBXVS.cjs → chunk-4AOBPAJQ.cjs} +6 -6
  19. package/dist/{chunk-FR5QBXVS.cjs.map → chunk-4AOBPAJQ.cjs.map} +1 -1
  20. package/dist/{chunk-I4COPLOY.cjs → chunk-4LAKBLXV.cjs} +54 -54
  21. package/dist/{chunk-I4COPLOY.cjs.map → chunk-4LAKBLXV.cjs.map} +1 -1
  22. package/dist/{chunk-ZBOTGUPW.js → chunk-55QAS25J.js} +6 -6
  23. package/dist/{chunk-ZBOTGUPW.js.map → chunk-55QAS25J.js.map} +1 -1
  24. package/dist/{chunk-SXZS6VZ3.js → chunk-56AYHXOU.js} +3 -3
  25. package/dist/{chunk-SXZS6VZ3.js.map → chunk-56AYHXOU.js.map} +1 -1
  26. package/dist/{chunk-ZGAUP346.cjs → chunk-63R2BIAL.cjs} +11 -11
  27. package/dist/{chunk-ZGAUP346.cjs.map → chunk-63R2BIAL.cjs.map} +1 -1
  28. package/dist/{chunk-VWZFDHUG.js → chunk-6BV4FKSM.js} +5 -5
  29. package/dist/{chunk-VWZFDHUG.js.map → chunk-6BV4FKSM.js.map} +1 -1
  30. package/dist/{chunk-LVGS5ADS.cjs → chunk-6EDRDYGN.cjs} +63 -63
  31. package/dist/{chunk-LVGS5ADS.cjs.map → chunk-6EDRDYGN.cjs.map} +1 -1
  32. package/dist/{chunk-RUBHF3J4.js → chunk-6QJBHJVD.js} +4 -4
  33. package/dist/{chunk-RUBHF3J4.js.map → chunk-6QJBHJVD.js.map} +1 -1
  34. package/dist/{chunk-MJH4EEUV.cjs → chunk-6XNMQBYE.cjs} +4 -4
  35. package/dist/{chunk-MJH4EEUV.cjs.map → chunk-6XNMQBYE.cjs.map} +1 -1
  36. package/dist/{chunk-OJB6MLRD.cjs → chunk-755RJ4WD.cjs} +23 -23
  37. package/dist/{chunk-OJB6MLRD.cjs.map → chunk-755RJ4WD.cjs.map} +1 -1
  38. package/dist/{chunk-Q5CGBHAI.cjs → chunk-A6IFHAMY.cjs} +11 -11
  39. package/dist/{chunk-Q5CGBHAI.cjs.map → chunk-A6IFHAMY.cjs.map} +1 -1
  40. package/dist/{chunk-DR2XLMGB.cjs → chunk-ATZSN4MH.cjs} +3 -3
  41. package/dist/{chunk-DR2XLMGB.cjs.map → chunk-ATZSN4MH.cjs.map} +1 -1
  42. package/dist/{chunk-FKM644Z6.cjs → chunk-AXCPENWP.cjs} +290 -290
  43. package/dist/{chunk-FKM644Z6.cjs.map → chunk-AXCPENWP.cjs.map} +1 -1
  44. package/dist/{chunk-OJLVR6RK.js → chunk-CDZIWIME.js} +4 -4
  45. package/dist/{chunk-OJLVR6RK.js.map → chunk-CDZIWIME.js.map} +1 -1
  46. package/dist/{chunk-3MJF6POS.js → chunk-CVIBRSHE.js} +6 -6
  47. package/dist/{chunk-3MJF6POS.js.map → chunk-CVIBRSHE.js.map} +1 -1
  48. package/dist/{chunk-AXS2E3ZS.js → chunk-DECNKSKW.js} +4 -4
  49. package/dist/{chunk-AXS2E3ZS.js.map → chunk-DECNKSKW.js.map} +1 -1
  50. package/dist/{chunk-TWUWF3AU.js → chunk-DWLFAZ6X.js} +3 -3
  51. package/dist/{chunk-TWUWF3AU.js.map → chunk-DWLFAZ6X.js.map} +1 -1
  52. package/dist/{chunk-LQXFAW5L.js → chunk-ERQWC6JO.js} +6 -6
  53. package/dist/{chunk-LQXFAW5L.js.map → chunk-ERQWC6JO.js.map} +1 -1
  54. package/dist/{chunk-6QQ4I6IY.cjs → chunk-EUKL5LNM.cjs} +39 -39
  55. package/dist/{chunk-6QQ4I6IY.cjs.map → chunk-EUKL5LNM.cjs.map} +1 -1
  56. package/dist/{chunk-56RJJ6PJ.js → chunk-FLIAPNUU.js} +4 -4
  57. package/dist/{chunk-56RJJ6PJ.js.map → chunk-FLIAPNUU.js.map} +1 -1
  58. package/dist/{chunk-F3V5T2ON.js → chunk-FZGSWPE7.js} +5 -5
  59. package/dist/{chunk-F3V5T2ON.js.map → chunk-FZGSWPE7.js.map} +1 -1
  60. package/dist/{chunk-L2M2Z5CU.js → chunk-GTMBHJLQ.js} +5 -5
  61. package/dist/{chunk-L2M2Z5CU.js.map → chunk-GTMBHJLQ.js.map} +1 -1
  62. package/dist/{chunk-TGFTKXT4.cjs → chunk-GU6MTXHR.cjs} +10 -10
  63. package/dist/{chunk-TGFTKXT4.cjs.map → chunk-GU6MTXHR.cjs.map} +1 -1
  64. package/dist/{chunk-YWUVDFQZ.cjs → chunk-GZ4HWZWE.cjs} +3 -3
  65. package/dist/{chunk-YWUVDFQZ.cjs.map → chunk-GZ4HWZWE.cjs.map} +1 -1
  66. package/dist/{chunk-ZJM23PJU.js → chunk-HDBVD5FJ.js} +6 -6
  67. package/dist/{chunk-ZJM23PJU.js.map → chunk-HDBVD5FJ.js.map} +1 -1
  68. package/dist/{chunk-EOGTJIPF.js → chunk-IBUJJIRW.js} +3 -3
  69. package/dist/{chunk-EOGTJIPF.js.map → chunk-IBUJJIRW.js.map} +1 -1
  70. package/dist/{chunk-KE32UGIC.cjs → chunk-ILGUY62R.cjs} +14 -14
  71. package/dist/{chunk-KE32UGIC.cjs.map → chunk-ILGUY62R.cjs.map} +1 -1
  72. package/dist/{chunk-SORUUFZK.cjs → chunk-JFKJJR3U.cjs} +34 -34
  73. package/dist/{chunk-SORUUFZK.cjs.map → chunk-JFKJJR3U.cjs.map} +1 -1
  74. package/dist/{chunk-FOANUZQ3.cjs → chunk-JIK3WXOP.cjs} +11 -11
  75. package/dist/{chunk-FOANUZQ3.cjs.map → chunk-JIK3WXOP.cjs.map} +1 -1
  76. package/dist/{chunk-J63TLQKU.js → chunk-JZBZ3HZR.js} +8 -8
  77. package/dist/{chunk-J63TLQKU.js.map → chunk-JZBZ3HZR.js.map} +1 -1
  78. package/dist/{chunk-HDIYJI2Z.cjs → chunk-KGUHJRHZ.cjs} +3 -3
  79. package/dist/{chunk-HDIYJI2Z.cjs.map → chunk-KGUHJRHZ.cjs.map} +1 -1
  80. package/dist/{chunk-V23YWHBT.js → chunk-LH5CRODT.js} +6 -6
  81. package/dist/{chunk-V23YWHBT.js.map → chunk-LH5CRODT.js.map} +1 -1
  82. package/dist/{chunk-SXMPMMTX.cjs → chunk-M6RITLE5.cjs} +8 -8
  83. package/dist/{chunk-SXMPMMTX.cjs.map → chunk-M6RITLE5.cjs.map} +1 -1
  84. package/dist/{chunk-GZUFJQ5I.js → chunk-NF4PSDGQ.js} +3 -3
  85. package/dist/{chunk-GZUFJQ5I.js.map → chunk-NF4PSDGQ.js.map} +1 -1
  86. package/dist/{chunk-LRRO5PBP.cjs → chunk-NUQ5EITO.cjs} +14 -14
  87. package/dist/{chunk-LRRO5PBP.cjs.map → chunk-NUQ5EITO.cjs.map} +1 -1
  88. package/dist/{chunk-YDUA7L5F.cjs → chunk-ODUTR3YG.cjs} +9 -9
  89. package/dist/{chunk-YDUA7L5F.cjs.map → chunk-ODUTR3YG.cjs.map} +1 -1
  90. package/dist/{chunk-PRJENCIC.js → chunk-OR73MMQ3.js} +3 -3
  91. package/dist/{chunk-PRJENCIC.js.map → chunk-OR73MMQ3.js.map} +1 -1
  92. package/dist/{chunk-ICWJHWEM.js → chunk-ORPTO5F2.js} +5 -5
  93. package/dist/{chunk-ICWJHWEM.js.map → chunk-ORPTO5F2.js.map} +1 -1
  94. package/dist/{chunk-5C5P4MZE.js → chunk-OUQGCJQS.js} +5 -5
  95. package/dist/{chunk-5C5P4MZE.js.map → chunk-OUQGCJQS.js.map} +1 -1
  96. package/dist/{chunk-3EZOV6A3.cjs → chunk-OVFFGZLA.cjs} +14 -14
  97. package/dist/{chunk-3EZOV6A3.cjs.map → chunk-OVFFGZLA.cjs.map} +1 -1
  98. package/dist/{chunk-KN22ZEKU.cjs → chunk-QFSMY2ZW.cjs} +16 -16
  99. package/dist/{chunk-KN22ZEKU.cjs.map → chunk-QFSMY2ZW.cjs.map} +1 -1
  100. package/dist/{chunk-WLQ4XLHG.js → chunk-QHP2MCPG.js} +6 -6
  101. package/dist/{chunk-WLQ4XLHG.js.map → chunk-QHP2MCPG.js.map} +1 -1
  102. package/dist/{chunk-H4HJRAHU.js → chunk-R4C4XFA7.js} +3 -3
  103. package/dist/{chunk-H4HJRAHU.js.map → chunk-R4C4XFA7.js.map} +1 -1
  104. package/dist/{chunk-H7NWUAHC.cjs → chunk-R7D7QQC5.cjs} +3 -3
  105. package/dist/{chunk-H7NWUAHC.cjs.map → chunk-R7D7QQC5.cjs.map} +1 -1
  106. package/dist/{chunk-SDSDV6TA.js → chunk-RIPB4QC6.js} +4 -4
  107. package/dist/{chunk-SDSDV6TA.js.map → chunk-RIPB4QC6.js.map} +1 -1
  108. package/dist/{chunk-EG6DDVIJ.cjs → chunk-RS7ZTUH3.cjs} +20 -20
  109. package/dist/{chunk-EG6DDVIJ.cjs.map → chunk-RS7ZTUH3.cjs.map} +1 -1
  110. package/dist/{chunk-42M6Y2OD.cjs → chunk-RVD3DGBZ.cjs} +3 -3
  111. package/dist/{chunk-42M6Y2OD.cjs.map → chunk-RVD3DGBZ.cjs.map} +1 -1
  112. package/dist/{chunk-L4DD3HSB.js → chunk-RY5RETAD.js} +3 -3
  113. package/dist/{chunk-L4DD3HSB.js.map → chunk-RY5RETAD.js.map} +1 -1
  114. package/dist/{chunk-LHEZDXWV.js → chunk-RYU755ZB.js} +5 -5
  115. package/dist/{chunk-LHEZDXWV.js.map → chunk-RYU755ZB.js.map} +1 -1
  116. package/dist/{chunk-5O3XY7Z3.cjs → chunk-SIBBWIG2.cjs} +8 -8
  117. package/dist/{chunk-5O3XY7Z3.cjs.map → chunk-SIBBWIG2.cjs.map} +1 -1
  118. package/dist/{chunk-KR2OUW3N.js → chunk-SKYHKW2B.js} +7 -7
  119. package/dist/{chunk-KR2OUW3N.js.map → chunk-SKYHKW2B.js.map} +1 -1
  120. package/dist/{chunk-YRZYCQGE.cjs → chunk-SQJ7VNB7.cjs} +14 -14
  121. package/dist/{chunk-YRZYCQGE.cjs.map → chunk-SQJ7VNB7.cjs.map} +1 -1
  122. package/dist/{chunk-Y32XM46K.cjs → chunk-SVOOYE4P.cjs} +3 -3
  123. package/dist/{chunk-Y32XM46K.cjs.map → chunk-SVOOYE4P.cjs.map} +1 -1
  124. package/dist/{chunk-EMQZIPXG.cjs → chunk-V224FC6Y.cjs} +14 -14
  125. package/dist/{chunk-EMQZIPXG.cjs.map → chunk-V224FC6Y.cjs.map} +1 -1
  126. package/dist/{chunk-JGHI6QE5.js → chunk-VKCPJYAX.js} +4 -4
  127. package/dist/{chunk-JGHI6QE5.js.map → chunk-VKCPJYAX.js.map} +1 -1
  128. package/dist/{chunk-DPTBGWU7.js → chunk-VUEMRARE.js} +6 -6
  129. package/dist/{chunk-DPTBGWU7.js.map → chunk-VUEMRARE.js.map} +1 -1
  130. package/dist/{chunk-BEPGHVMJ.js → chunk-W4ALUSXG.js} +5 -5
  131. package/dist/{chunk-BEPGHVMJ.js.map → chunk-W4ALUSXG.js.map} +1 -1
  132. package/dist/{chunk-SCY53JIH.cjs → chunk-WBHJJ3UO.cjs} +89 -89
  133. package/dist/{chunk-SCY53JIH.cjs.map → chunk-WBHJJ3UO.cjs.map} +1 -1
  134. package/dist/{chunk-YPYXJKWJ.js → chunk-WRGLWN4J.js} +6 -6
  135. package/dist/{chunk-YPYXJKWJ.js.map → chunk-WRGLWN4J.js.map} +1 -1
  136. package/dist/{chunk-KC52XQSP.js → chunk-WXZBPFQS.js} +4 -4
  137. package/dist/{chunk-KC52XQSP.js.map → chunk-WXZBPFQS.js.map} +1 -1
  138. package/dist/{chunk-IQZE4X6U.cjs → chunk-X5UGPWMB.cjs} +14 -14
  139. package/dist/{chunk-IQZE4X6U.cjs.map → chunk-X5UGPWMB.cjs.map} +1 -1
  140. package/dist/{chunk-DX4ROVTA.js → chunk-XYARXEQO.js} +4 -4
  141. package/dist/{chunk-DX4ROVTA.js.map → chunk-XYARXEQO.js.map} +1 -1
  142. package/dist/{chunk-MTWCBGFH.cjs → chunk-Y24N7BKC.cjs} +3 -3
  143. package/dist/{chunk-MTWCBGFH.cjs.map → chunk-Y24N7BKC.cjs.map} +1 -1
  144. package/dist/{chunk-OE5GVCW4.cjs → chunk-YL22BKI2.cjs} +45 -45
  145. package/dist/{chunk-OE5GVCW4.cjs.map → chunk-YL22BKI2.cjs.map} +1 -1
  146. package/dist/{chunk-KIDHIRVO.cjs → chunk-YLWKZ3VK.cjs} +7 -7
  147. package/dist/{chunk-KIDHIRVO.cjs.map → chunk-YLWKZ3VK.cjs.map} +1 -1
  148. package/dist/{chunk-AR5PBVYY.cjs → chunk-YSIEX3WZ.cjs} +11 -11
  149. package/dist/{chunk-AR5PBVYY.cjs.map → chunk-YSIEX3WZ.cjs.map} +1 -1
  150. package/dist/{chunk-2MEUH7JT.js → chunk-ZO7HYQJT.js} +8 -8
  151. package/dist/{chunk-2MEUH7JT.js.map → chunk-ZO7HYQJT.js.map} +1 -1
  152. package/dist/{chunk-AJ4VAZFT.cjs → chunk-ZVDH3EUZ.cjs} +5 -5
  153. package/dist/{chunk-AJ4VAZFT.cjs.map → chunk-ZVDH3EUZ.cjs.map} +1 -1
  154. package/dist/docs/SKILL.md +1 -1
  155. package/dist/docs/assets/SOURCE_MAP.json +1 -1
  156. package/dist/server/handlers/a2a.cjs +14 -14
  157. package/dist/server/handlers/a2a.js +1 -1
  158. package/dist/server/handlers/agent-builder.cjs +17 -17
  159. package/dist/server/handlers/agent-builder.js +1 -1
  160. package/dist/server/handlers/agent-versions.cjs +8 -8
  161. package/dist/server/handlers/agent-versions.js +1 -1
  162. package/dist/server/handlers/agents.cjs +47 -47
  163. package/dist/server/handlers/agents.js +1 -1
  164. package/dist/server/handlers/auth.cjs +13 -13
  165. package/dist/server/handlers/auth.js +1 -1
  166. package/dist/server/handlers/authorship.cjs +12 -12
  167. package/dist/server/handlers/authorship.js +1 -1
  168. package/dist/server/handlers/builder-registry.cjs +6 -6
  169. package/dist/server/handlers/builder-registry.js +1 -1
  170. package/dist/server/handlers/channels.cjs +5 -5
  171. package/dist/server/handlers/channels.js +1 -1
  172. package/dist/server/handlers/conversations.cjs +5 -5
  173. package/dist/server/handlers/conversations.js +1 -1
  174. package/dist/server/handlers/datasets.cjs +26 -26
  175. package/dist/server/handlers/datasets.js +1 -1
  176. package/dist/server/handlers/editor-builder.cjs +6 -6
  177. package/dist/server/handlers/editor-builder.js +1 -1
  178. package/dist/server/handlers/favorites-enrichment.cjs +4 -4
  179. package/dist/server/handlers/favorites-enrichment.js +1 -1
  180. package/dist/server/handlers/logs.cjs +4 -4
  181. package/dist/server/handlers/logs.js +1 -1
  182. package/dist/server/handlers/mcp-client-versions.cjs +8 -8
  183. package/dist/server/handlers/mcp-client-versions.js +1 -1
  184. package/dist/server/handlers/memory.cjs +27 -27
  185. package/dist/server/handlers/memory.js +1 -1
  186. package/dist/server/handlers/observability.cjs +11 -11
  187. package/dist/server/handlers/observability.js +1 -1
  188. package/dist/server/handlers/prompt-block-versions.cjs +8 -8
  189. package/dist/server/handlers/prompt-block-versions.js +1 -1
  190. package/dist/server/handlers/responses.cjs +4 -4
  191. package/dist/server/handlers/responses.js +1 -1
  192. package/dist/server/handlers/responses.storage.cjs +8 -8
  193. package/dist/server/handlers/responses.storage.js +1 -1
  194. package/dist/server/handlers/scorer-versions.cjs +8 -8
  195. package/dist/server/handlers/scorer-versions.js +1 -1
  196. package/dist/server/handlers/scores.cjs +7 -7
  197. package/dist/server/handlers/scores.js +1 -1
  198. package/dist/server/handlers/stored-agent-favorites.cjs +3 -3
  199. package/dist/server/handlers/stored-agent-favorites.js +1 -1
  200. package/dist/server/handlers/stored-agents.cjs +10 -10
  201. package/dist/server/handlers/stored-agents.js +1 -1
  202. package/dist/server/handlers/stored-mcp-clients.cjs +6 -6
  203. package/dist/server/handlers/stored-mcp-clients.js +1 -1
  204. package/dist/server/handlers/stored-prompt-blocks.cjs +6 -6
  205. package/dist/server/handlers/stored-prompt-blocks.js +1 -1
  206. package/dist/server/handlers/stored-scorers.cjs +6 -6
  207. package/dist/server/handlers/stored-scorers.js +1 -1
  208. package/dist/server/handlers/stored-skill-favorites.cjs +3 -3
  209. package/dist/server/handlers/stored-skill-favorites.js +1 -1
  210. package/dist/server/handlers/stored-skills.cjs +7 -7
  211. package/dist/server/handlers/stored-skills.js +1 -1
  212. package/dist/server/handlers/stored-workspaces.cjs +6 -6
  213. package/dist/server/handlers/stored-workspaces.js +1 -1
  214. package/dist/server/handlers/system.cjs +3 -3
  215. package/dist/server/handlers/system.js +1 -1
  216. package/dist/server/handlers/tool-providers.cjs +14 -14
  217. package/dist/server/handlers/tool-providers.js +1 -1
  218. package/dist/server/handlers/tools.cjs +6 -6
  219. package/dist/server/handlers/tools.js +1 -1
  220. package/dist/server/handlers/utils.cjs +10 -10
  221. package/dist/server/handlers/utils.js +1 -1
  222. package/dist/server/handlers/workflows.cjs +27 -27
  223. package/dist/server/handlers/workflows.js +1 -1
  224. package/dist/server/handlers/workspace.cjs +26 -26
  225. package/dist/server/handlers/workspace.js +1 -1
  226. package/dist/server/handlers.cjs +35 -35
  227. package/dist/server/handlers.js +12 -12
  228. package/dist/server/schemas/index.cjs +605 -605
  229. package/dist/server/schemas/index.js +9 -9
  230. package/dist/server/server-adapter/index.cjs +43 -43
  231. package/dist/server/server-adapter/index.js +7 -7
  232. package/package.json +4 -4
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server/handlers/authorship.ts"],"names":["MASTRA_RESOURCE_ID_KEY","MASTRA_USER_KEY","MASTRA_USER_PERMISSIONS_KEY","required","matchesPermission","HTTPException"],"mappings":";;;;;;AAsBO,SAAS,kBAAkB,cAAA,EAA+C;AAC/E,EAAA,MAAM,UAAA,GAAa,cAAA,CAAe,GAAA,CAAIA,wCAAsB,CAAA;AAC5D,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,IAAY,UAAA,CAAW,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,cAAA,CAAe,GAAA,CAAIC,iCAAe,CAAA;AAC/C,EAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,QAAQ,IAAA,EAAM;AACpD,IAAA,MAAM,KAAM,IAAA,CAAyB,EAAA;AACrC,IAAA,IAAI,OAAO,EAAA,KAAO,QAAA,IAAY,EAAA,CAAG,SAAS,CAAA,EAAG;AAC3C,MAAA,OAAO,EAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAMO,SAAS,qBAAqB,cAAA,EAA0C;AAC7E,EAAA,MAAM,GAAA,GAAM,cAAA,CAAe,GAAA,CAAIC,6CAA2B,CAAA;AAC1D,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,OAAO,IAAI,MAAA,CAAO,CAAC,CAAA,KAAmB,OAAO,MAAM,QAAQ,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,EAAC;AACV;AAQO,SAAS,cAAA,CAAe,gBAAgC,QAAA,EAA2B;AACxF,EAAA,MAAM,WAAA,GAAc,qBAAqB,cAAc,CAAA;AACvD,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AACrC,EAAA,MAAM,WAAA,GAAc,GAAA;AACpB,EAAA,MAAM,gBAAA,GAAmB,GAAG,QAAQ,CAAA,EAAA,CAAA;AACpC,EAAA,MAAM,aAAA,GAAgB,GAAG,QAAQ,CAAA,MAAA,CAAA;AACjC,EAAA,OAAO,WAAA,CAAY,KAAK,CAAA,CAAA,KAAK,CAAA,KAAM,eAAe,CAAA,KAAM,gBAAA,IAAoB,MAAM,aAAa,CAAA;AACjG;AAeO,SAAS,oBAAoB,IAAA,EAKxB;AACV,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,MAAA,EAAQ,YAAW,GAAI,IAAA;AACzD,EAAA,MAAM,WAAA,GAAc,qBAAqB,cAAc,CAAA;AACvD,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAErC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAMC,SAAAA,GAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACtC,IAAA,OAAO,YAAY,IAAA,CAAK,CAAA,CAAA,KAAKC,oBAAA,CAAkB,CAAA,EAAGD,SAAQ,CAAC,CAAA;AAAA,EAC7D;AAEA,EAAA,MAAM,WAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,IAAI,UAAU,CAAA,CAAA;AACpD,EAAA,OAAO,WAAA,CAAY,KAAK,CAAA,CAAA,KAAK;AAI3B,IAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA;AACzB,IAAA,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,OAAO,KAAA;AAC7B,IAAA,OAAOC,oBAAA,CAAkB,GAAG,QAAQ,CAAA;AAAA,EACtC,CAAC,CAAA;AACH;AAqBO,SAAS,oBAAoB,IAAA,EAKnB;AACf,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,aAAA,EAAe,iBAAgB,GAAI,IAAA;AACrE,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA;AAEtD,EAAA,IAAI,eAAA,KAAoB,QAAA,IAAY,CAAC,aAAA,EAAe;AAClD,IAAA,OAAO,EAAE,MAAM,YAAA,EAAa;AAAA,EAC9B;AAEA,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,OAAO,aAAA,GAAgB,EAAE,IAAA,EAAM,OAAA,EAAS,UAAU,aAAA,EAAc,GAAI,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,EAC7F;AAIA,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO,aAAA,GAAgB,EAAE,IAAA,EAAM,OAAA,EAAS,UAAU,aAAA,EAAc,GAAI,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,EAC7F;AAEA,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,IAAI,kBAAkB,cAAA,EAAgB;AACpC,MAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,QAAA,EAAU,cAAA,EAAe;AAAA,IACnD;AAEA,IAAA,OAAO,EAAE,IAAA,EAAM,qBAAA,EAAuB,cAAA,EAAgB,aAAA,EAAc;AAAA,EACtE;AAEA,EAAA,OAAO,EAAE,IAAA,EAAM,eAAA,EAAiB,cAAA,EAAe;AACjD;AAQO,SAAS,mBAAA,CAAoB,QAAqB,MAAA,EAA+B;AACtF,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AACjC,EAAA,MAAM,QAAA,GAAW,OAAO,UAAA,KAAe,QAAA;AAEvC,EAAA,QAAQ,OAAO,IAAA;AAAM,IACnB,KAAK,cAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,OAAA;AACH,MAAA,OAAO,UAAU,MAAA,CAAO,QAAA;AAAA,IAC1B,KAAK,eAAA;AACH,MAAA,OAAO,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,CAAO,cAAA,IAAkB,QAAA;AAAA,IAC9D,KAAK,YAAA;AACH,MAAA,OAAO,UAAU,IAAA,IAAQ,QAAA;AAAA,IAC3B,KAAK,qBAAA;AAIH,MAAA,OAAO,KAAA,KAAU,OAAO,aAAA,IAAiB,QAAA;AAAA;AAE/C;AAYO,SAAS,iBAAiB,IAAA,EAKxB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,MAAA,CAAO,eAAe,QAAA,EAAU;AACpC,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AAKvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIH,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACjF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAII,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAcO,SAAS,oBAAoB,IAAA,EAK3B;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,MAAA,CAAO,eAAe,QAAA,EAAU;AACpC,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIJ,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,SAAA,EAAW,UAAA,EAAY,CAAA,EAAG;AACpF,IAAA;AAAA,EACF;AACA,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACjF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAII,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAcO,SAAS,kBAAkB,IAAA,EAMzB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,MAAA,EAAQ,QAAO,GAAI,IAAA;AACjE,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIJ,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,oBAAoB,EAAE,cAAA,EAAgB,UAAU,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACzE,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAII,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAoBO,SAAS,kBAAkB,IAAA,EAKzB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIJ,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,OAAA,EAAS,UAAA,EAAY,CAAA,EAAG;AAClF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAII,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAMO,SAAS,gBAAgB,IAAA,EAKvB;AACP,EAAA,iBAAA,CAAkB,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,QAAQ,CAAA;AAC/C","file":"chunk-HDIYJI2Z.cjs","sourcesContent":["import { matchesPermission } from '@mastra/core/auth/ee';\nimport type { RequestContext } from '@mastra/core/di';\n\nimport { MASTRA_RESOURCE_ID_KEY, MASTRA_USER_KEY, MASTRA_USER_PERMISSIONS_KEY } from '../constants';\nimport { HTTPException } from '../http-exception';\n\n/**\n * Shape of a stored record that carries ownership + visibility metadata.\n * Used by `matchesAuthorFilter` and the access-assertion helpers.\n */\nexport type OwnedRecord = {\n authorId?: string | null;\n visibility?: 'private' | 'public';\n};\n\n/**\n * Returns the author id associated with the authenticated caller, or `null`\n * if auth is not configured / the caller cannot be resolved.\n *\n * Prefers `MASTRA_RESOURCE_ID_KEY` (set by `authConfig.mapUserToResourceId`)\n * and falls back to `user.id` on the authenticated user object.\n */\nexport function getCallerAuthorId(requestContext: RequestContext): string | null {\n const resourceId = requestContext.get(MASTRA_RESOURCE_ID_KEY);\n if (typeof resourceId === 'string' && resourceId.length > 0) {\n return resourceId;\n }\n\n const user = requestContext.get(MASTRA_USER_KEY);\n if (user && typeof user === 'object' && 'id' in user) {\n const id = (user as { id: unknown }).id;\n if (typeof id === 'string' && id.length > 0) {\n return id;\n }\n }\n\n return null;\n}\n\n/**\n * Returns the list of permission strings currently attached to the caller by\n * the RBAC provider. Returns an empty array when RBAC isn't configured.\n */\nexport function getCallerPermissions(requestContext: RequestContext): string[] {\n const raw = requestContext.get(MASTRA_USER_PERMISSIONS_KEY);\n if (Array.isArray(raw)) {\n return raw.filter((p): p is string => typeof p === 'string');\n }\n return [];\n}\n\n/**\n * True if the caller holds a wildcard permission that lets them manage a\n * resource they don't own (e.g. admins listing agents across tenants).\n *\n * Recognizes `*`, `<resource>:*`, and `<resource>:admin`.\n */\nexport function hasAdminBypass(requestContext: RequestContext, resource: string): boolean {\n const permissions = getCallerPermissions(requestContext);\n if (permissions.length === 0) return false;\n const wildcardAll = '*';\n const resourceWildcard = `${resource}:*`;\n const resourceAdmin = `${resource}:admin`;\n return permissions.some(p => p === wildcardAll || p === resourceWildcard || p === resourceAdmin);\n}\n\n/**\n * True if the caller holds a permission explicitly scoped to a specific\n * resource id — e.g. `agents:read:agent-123` or `agents:*:agent-123`.\n *\n * Broad grants without a resource-id segment (e.g. the role-default\n * `agents:execute`) are intentionally NOT treated as satisfying ownership\n * overrides. Those broad grants already gate route access at the\n * `requiresPermission` layer; giving them a second life as per-record\n * overrides would defeat the owner/visibility model.\n *\n * When called without `resourceId` (the legacy shape), falls back to the\n * original \"any matching permission\" behavior.\n */\nexport function hasScopedPermission(args: {\n requestContext: RequestContext;\n resource: string;\n action: string;\n resourceId?: string;\n}): boolean {\n const { requestContext, resource, action, resourceId } = args;\n const permissions = getCallerPermissions(requestContext);\n if (permissions.length === 0) return false;\n\n if (!resourceId) {\n const required = `${resource}:${action}`;\n return permissions.some(p => matchesPermission(p, required));\n }\n\n const required = `${resource}:${action}:${resourceId}`;\n return permissions.some(p => {\n // Only honor grants that explicitly name a resource id. A granted\n // permission with just `<resource>:<action>` (no id segment) is\n // considered a broad role grant, not a per-record override.\n const parts = p.split(':');\n if (parts.length < 3) return false;\n return matchesPermission(p, required);\n });\n}\n\nexport type AuthorFilter =\n | { kind: 'unrestricted' }\n | { kind: 'exact'; authorId: string }\n | { kind: 'ownedOrPublic'; callerAuthorId: string }\n | { kind: 'publicOnly' }\n | { kind: 'ownedOrPublicOthers'; callerAuthorId: string; queryAuthorId: string };\n\n/**\n * Resolves the filter to apply when listing owner-scoped records.\n *\n * Behavior matrix:\n * - Admin bypass + no query overrides → `unrestricted`.\n * - Admin bypass + `authorId=X` → `exact` (all of X's rows).\n * - `visibility=public` (any caller) → `publicOnly` (aggregate public rows across owners).\n * - `authorId=X`, caller === X → `exact` (all of caller's rows).\n * - `authorId=X`, caller !== X (non-admin) → `ownedOrPublicOthers` (only X's public rows).\n * - No caller (auth off) → `unrestricted` (or `exact` if query supplied).\n * - Default → `ownedOrPublic` (caller's rows + legacy unowned + any public rows).\n */\nexport function resolveAuthorFilter(args: {\n requestContext: RequestContext;\n resource: string;\n queryAuthorId?: string;\n queryVisibility?: 'public';\n}): AuthorFilter {\n const { requestContext, resource, queryAuthorId, queryVisibility } = args;\n const callerAuthorId = getCallerAuthorId(requestContext);\n const bypass = hasAdminBypass(requestContext, resource);\n\n if (queryVisibility === 'public' && !queryAuthorId) {\n return { kind: 'publicOnly' };\n }\n\n if (bypass) {\n return queryAuthorId ? { kind: 'exact', authorId: queryAuthorId } : { kind: 'unrestricted' };\n }\n\n // Auth isn't configured (no caller) → treat as unrestricted. The route's\n // `requiresAuth`/`requiresPermission` is what gates access in that mode.\n if (!callerAuthorId) {\n return queryAuthorId ? { kind: 'exact', authorId: queryAuthorId } : { kind: 'unrestricted' };\n }\n\n if (queryAuthorId) {\n if (queryAuthorId === callerAuthorId) {\n return { kind: 'exact', authorId: callerAuthorId };\n }\n // Non-owner asking about another user: only that user's public rows are visible.\n return { kind: 'ownedOrPublicOthers', callerAuthorId, queryAuthorId };\n }\n\n return { kind: 'ownedOrPublic', callerAuthorId };\n}\n\n/**\n * Returns `true` if the record is visible to the caller given the resolved\n * filter. See `resolveAuthorFilter` for the filter semantics.\n *\n * Legacy rows with `authorId == null` are treated as public (visible to all).\n */\nexport function matchesAuthorFilter(record: OwnedRecord, filter: AuthorFilter): boolean {\n const owner = record.authorId ?? null;\n const isPublic = record.visibility === 'public';\n\n switch (filter.kind) {\n case 'unrestricted':\n return true;\n case 'exact':\n return owner === filter.authorId;\n case 'ownedOrPublic':\n return owner === null || owner === filter.callerAuthorId || isPublic;\n case 'publicOnly':\n return owner === null || isPublic;\n case 'ownedOrPublicOthers':\n // Filtering by another author's rows: only expose their public ones.\n // Legacy unowned rows match if the query is for `null`; here the query\n // is always for a concrete id, so unowned rows don't match.\n return owner === filter.queryAuthorId && isPublic;\n }\n}\n\n/**\n * Asserts the caller has read access to the record. Throws 404 if not.\n *\n * Read access is granted when:\n * - The record has no owner (legacy/public), OR\n * - The record is marked `visibility: 'public'`, OR\n * - The caller owns the record, OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:read` or `<resource>:read:<resourceId>`.\n */\nexport function assertReadAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (record.visibility === 'public') return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n // No authenticated user on the request context means auth is not configured\n // (single-user/dev mode). When auth IS configured, coreAuthMiddleware\n // rejects unauthenticated requests with 401 before they reach handlers,\n // so an absent user here genuinely means no auth provider.\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return;\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'read', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has execute access to the record. Throws 404 if not.\n *\n * Execute access is granted when:\n * - The record has no owner (legacy/public), OR\n * - The record is marked `visibility: 'public'`, OR\n * - The caller owns the record, OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:execute` / `<resource>:execute:<resourceId>`, OR\n * - The caller holds `<resource>:read` / `<resource>:read:<resourceId>`\n * (read implies the ability to consume/chat with the resource).\n */\nexport function assertExecuteAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (record.visibility === 'public') return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'execute', resourceId })) {\n return;\n }\n if (hasScopedPermission({ requestContext, resource, action: 'read', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has write access (edit or delete) to the record.\n * Throws 404 if not.\n *\n * Write access is granted when:\n * - The record has no owner (legacy), OR\n * - The caller owns the record, OR\n * - The caller has admin bypass, OR\n * - The caller holds `<resource>:<action>` or `<resource>:<action>:<resourceId>`.\n *\n * `visibility: 'public'` alone does NOT grant write access.\n */\nexport function assertWriteAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n action: 'edit' | 'delete' | 'write';\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, action, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action, resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has share access to the record. Throws 404 if not.\n *\n * Share access controls who can change a record's audience/visibility\n * (e.g. flipping `private` ↔ `public`). It is intentionally separate from\n * `write`: a caller with only `<resource>:write` MUST NOT be able to flip\n * visibility — that would let any editor expose private records.\n *\n * Share access is granted when:\n * - The record has no owner (legacy), OR\n * - The caller owns the record (creators can share their own records), OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:share` / `<resource>:share:<resourceId>`\n * (or any pattern that matches it, e.g. `*:share`).\n *\n * `visibility: 'public'` does NOT grant share access — being readable doesn't\n * imply the right to change who else can read.\n */\nexport function assertShareAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'share', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Alias for `assertWriteAccess` with `action: 'edit'`. Prefer `assertWriteAccess`\n * in new code so the action is explicit.\n */\nexport function assertOwnership(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n assertWriteAccess({ ...args, action: 'edit' });\n}\n"]}
1
+ {"version":3,"sources":["../src/server/handlers/authorship.ts"],"names":["MASTRA_RESOURCE_ID_KEY","MASTRA_USER_KEY","MASTRA_USER_PERMISSIONS_KEY","required","matchesPermission","HTTPException"],"mappings":";;;;;;AAsBO,SAAS,kBAAkB,cAAA,EAA+C;AAC/E,EAAA,MAAM,UAAA,GAAa,cAAA,CAAe,GAAA,CAAIA,wCAAsB,CAAA;AAC5D,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,IAAY,UAAA,CAAW,SAAS,CAAA,EAAG;AAC3D,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,MAAM,IAAA,GAAO,cAAA,CAAe,GAAA,CAAIC,iCAAe,CAAA;AAC/C,EAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,QAAQ,IAAA,EAAM;AACpD,IAAA,MAAM,KAAM,IAAA,CAAyB,EAAA;AACrC,IAAA,IAAI,OAAO,EAAA,KAAO,QAAA,IAAY,EAAA,CAAG,SAAS,CAAA,EAAG;AAC3C,MAAA,OAAO,EAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAMO,SAAS,qBAAqB,cAAA,EAA0C;AAC7E,EAAA,MAAM,GAAA,GAAM,cAAA,CAAe,GAAA,CAAIC,6CAA2B,CAAA;AAC1D,EAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,GAAG,CAAA,EAAG;AACtB,IAAA,OAAO,IAAI,MAAA,CAAO,CAAC,CAAA,KAAmB,OAAO,MAAM,QAAQ,CAAA;AAAA,EAC7D;AACA,EAAA,OAAO,EAAC;AACV;AAQO,SAAS,cAAA,CAAe,gBAAgC,QAAA,EAA2B;AACxF,EAAA,MAAM,WAAA,GAAc,qBAAqB,cAAc,CAAA;AACvD,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AACrC,EAAA,MAAM,WAAA,GAAc,GAAA;AACpB,EAAA,MAAM,gBAAA,GAAmB,GAAG,QAAQ,CAAA,EAAA,CAAA;AACpC,EAAA,MAAM,aAAA,GAAgB,GAAG,QAAQ,CAAA,MAAA,CAAA;AACjC,EAAA,OAAO,WAAA,CAAY,KAAK,CAAA,CAAA,KAAK,CAAA,KAAM,eAAe,CAAA,KAAM,gBAAA,IAAoB,MAAM,aAAa,CAAA;AACjG;AAeO,SAAS,oBAAoB,IAAA,EAKxB;AACV,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,MAAA,EAAQ,YAAW,GAAI,IAAA;AACzD,EAAA,MAAM,WAAA,GAAc,qBAAqB,cAAc,CAAA;AACvD,EAAA,IAAI,WAAA,CAAY,MAAA,KAAW,CAAA,EAAG,OAAO,KAAA;AAErC,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAMC,SAAAA,GAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AACtC,IAAA,OAAO,YAAY,IAAA,CAAK,CAAA,CAAA,KAAKC,oBAAA,CAAkB,CAAA,EAAGD,SAAQ,CAAC,CAAA;AAAA,EAC7D;AAEA,EAAA,MAAM,WAAW,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,MAAM,IAAI,UAAU,CAAA,CAAA;AACpD,EAAA,OAAO,WAAA,CAAY,KAAK,CAAA,CAAA,KAAK;AAI3B,IAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA;AACzB,IAAA,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,OAAO,KAAA;AAC7B,IAAA,OAAOC,oBAAA,CAAkB,GAAG,QAAQ,CAAA;AAAA,EACtC,CAAC,CAAA;AACH;AAqBO,SAAS,oBAAoB,IAAA,EAKnB;AACf,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,aAAA,EAAe,iBAAgB,GAAI,IAAA;AACrE,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,MAAM,MAAA,GAAS,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA;AAEtD,EAAA,IAAI,eAAA,KAAoB,QAAA,IAAY,CAAC,aAAA,EAAe;AAClD,IAAA,OAAO,EAAE,MAAM,YAAA,EAAa;AAAA,EAC9B;AAEA,EAAA,IAAI,MAAA,EAAQ;AACV,IAAA,OAAO,aAAA,GAAgB,EAAE,IAAA,EAAM,OAAA,EAAS,UAAU,aAAA,EAAc,GAAI,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,EAC7F;AAIA,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,OAAO,aAAA,GAAgB,EAAE,IAAA,EAAM,OAAA,EAAS,UAAU,aAAA,EAAc,GAAI,EAAE,IAAA,EAAM,cAAA,EAAe;AAAA,EAC7F;AAEA,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,IAAI,kBAAkB,cAAA,EAAgB;AACpC,MAAA,OAAO,EAAE,IAAA,EAAM,OAAA,EAAS,QAAA,EAAU,cAAA,EAAe;AAAA,IACnD;AAEA,IAAA,OAAO,EAAE,IAAA,EAAM,qBAAA,EAAuB,cAAA,EAAgB,aAAA,EAAc;AAAA,EACtE;AAEA,EAAA,OAAO,EAAE,IAAA,EAAM,eAAA,EAAiB,cAAA,EAAe;AACjD;AAQO,SAAS,mBAAA,CAAoB,QAAqB,MAAA,EAA+B;AACtF,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AACjC,EAAA,MAAM,QAAA,GAAW,OAAO,UAAA,KAAe,QAAA;AAEvC,EAAA,QAAQ,OAAO,IAAA;AAAM,IACnB,KAAK,cAAA;AACH,MAAA,OAAO,IAAA;AAAA,IACT,KAAK,OAAA;AACH,MAAA,OAAO,UAAU,MAAA,CAAO,QAAA;AAAA,IAC1B,KAAK,eAAA;AACH,MAAA,OAAO,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,CAAO,cAAA,IAAkB,QAAA;AAAA,IAC9D,KAAK,YAAA;AACH,MAAA,OAAO,UAAU,IAAA,IAAQ,QAAA;AAAA,IAC3B,KAAK,qBAAA;AAIH,MAAA,OAAO,KAAA,KAAU,OAAO,aAAA,IAAiB,QAAA;AAAA;AAE/C;AAYO,SAAS,iBAAiB,IAAA,EAKxB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,MAAA,CAAO,eAAe,QAAA,EAAU;AACpC,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AAKvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIH,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACjF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAII,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAcO,SAAS,oBAAoB,IAAA,EAK3B;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,MAAA,CAAO,eAAe,QAAA,EAAU;AACpC,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIJ,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,SAAA,EAAW,UAAA,EAAY,CAAA,EAAG;AACpF,IAAA;AAAA,EACF;AACA,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACjF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAII,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAcO,SAAS,kBAAkB,IAAA,EAMzB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,MAAA,EAAQ,QAAO,GAAI,IAAA;AACjE,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIJ,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,oBAAoB,EAAE,cAAA,EAAgB,UAAU,MAAA,EAAQ,UAAA,EAAY,CAAA,EAAG;AACzE,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAII,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAoBO,SAAS,kBAAkB,IAAA,EAKzB;AACP,EAAA,MAAM,EAAE,cAAA,EAAgB,QAAA,EAAU,UAAA,EAAY,QAAO,GAAI,IAAA;AACzD,EAAA,MAAM,KAAA,GAAQ,OAAO,QAAA,IAAY,IAAA;AAEjC,EAAA,IAAI,UAAU,IAAA,EAAM;AACpB,EAAA,IAAI,cAAA,CAAe,cAAA,EAAgB,QAAQ,CAAA,EAAG;AAE9C,EAAA,MAAM,cAAA,GAAiB,kBAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIJ,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAI,mBAAmB,KAAA,EAAO;AAE9B,EAAA,IAAI,mBAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,QAAQ,OAAA,EAAS,UAAA,EAAY,CAAA,EAAG;AAClF,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,IAAII,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AAMO,SAAS,gBAAgB,IAAA,EAKvB;AACP,EAAA,iBAAA,CAAkB,EAAE,GAAG,IAAA,EAAM,MAAA,EAAQ,QAAQ,CAAA;AAC/C","file":"chunk-KGUHJRHZ.cjs","sourcesContent":["import { matchesPermission } from '@mastra/core/auth/ee';\nimport type { RequestContext } from '@mastra/core/di';\n\nimport { MASTRA_RESOURCE_ID_KEY, MASTRA_USER_KEY, MASTRA_USER_PERMISSIONS_KEY } from '../constants';\nimport { HTTPException } from '../http-exception';\n\n/**\n * Shape of a stored record that carries ownership + visibility metadata.\n * Used by `matchesAuthorFilter` and the access-assertion helpers.\n */\nexport type OwnedRecord = {\n authorId?: string | null;\n visibility?: 'private' | 'public';\n};\n\n/**\n * Returns the author id associated with the authenticated caller, or `null`\n * if auth is not configured / the caller cannot be resolved.\n *\n * Prefers `MASTRA_RESOURCE_ID_KEY` (set by `authConfig.mapUserToResourceId`)\n * and falls back to `user.id` on the authenticated user object.\n */\nexport function getCallerAuthorId(requestContext: RequestContext): string | null {\n const resourceId = requestContext.get(MASTRA_RESOURCE_ID_KEY);\n if (typeof resourceId === 'string' && resourceId.length > 0) {\n return resourceId;\n }\n\n const user = requestContext.get(MASTRA_USER_KEY);\n if (user && typeof user === 'object' && 'id' in user) {\n const id = (user as { id: unknown }).id;\n if (typeof id === 'string' && id.length > 0) {\n return id;\n }\n }\n\n return null;\n}\n\n/**\n * Returns the list of permission strings currently attached to the caller by\n * the RBAC provider. Returns an empty array when RBAC isn't configured.\n */\nexport function getCallerPermissions(requestContext: RequestContext): string[] {\n const raw = requestContext.get(MASTRA_USER_PERMISSIONS_KEY);\n if (Array.isArray(raw)) {\n return raw.filter((p): p is string => typeof p === 'string');\n }\n return [];\n}\n\n/**\n * True if the caller holds a wildcard permission that lets them manage a\n * resource they don't own (e.g. admins listing agents across tenants).\n *\n * Recognizes `*`, `<resource>:*`, and `<resource>:admin`.\n */\nexport function hasAdminBypass(requestContext: RequestContext, resource: string): boolean {\n const permissions = getCallerPermissions(requestContext);\n if (permissions.length === 0) return false;\n const wildcardAll = '*';\n const resourceWildcard = `${resource}:*`;\n const resourceAdmin = `${resource}:admin`;\n return permissions.some(p => p === wildcardAll || p === resourceWildcard || p === resourceAdmin);\n}\n\n/**\n * True if the caller holds a permission explicitly scoped to a specific\n * resource id — e.g. `agents:read:agent-123` or `agents:*:agent-123`.\n *\n * Broad grants without a resource-id segment (e.g. the role-default\n * `agents:execute`) are intentionally NOT treated as satisfying ownership\n * overrides. Those broad grants already gate route access at the\n * `requiresPermission` layer; giving them a second life as per-record\n * overrides would defeat the owner/visibility model.\n *\n * When called without `resourceId` (the legacy shape), falls back to the\n * original \"any matching permission\" behavior.\n */\nexport function hasScopedPermission(args: {\n requestContext: RequestContext;\n resource: string;\n action: string;\n resourceId?: string;\n}): boolean {\n const { requestContext, resource, action, resourceId } = args;\n const permissions = getCallerPermissions(requestContext);\n if (permissions.length === 0) return false;\n\n if (!resourceId) {\n const required = `${resource}:${action}`;\n return permissions.some(p => matchesPermission(p, required));\n }\n\n const required = `${resource}:${action}:${resourceId}`;\n return permissions.some(p => {\n // Only honor grants that explicitly name a resource id. A granted\n // permission with just `<resource>:<action>` (no id segment) is\n // considered a broad role grant, not a per-record override.\n const parts = p.split(':');\n if (parts.length < 3) return false;\n return matchesPermission(p, required);\n });\n}\n\nexport type AuthorFilter =\n | { kind: 'unrestricted' }\n | { kind: 'exact'; authorId: string }\n | { kind: 'ownedOrPublic'; callerAuthorId: string }\n | { kind: 'publicOnly' }\n | { kind: 'ownedOrPublicOthers'; callerAuthorId: string; queryAuthorId: string };\n\n/**\n * Resolves the filter to apply when listing owner-scoped records.\n *\n * Behavior matrix:\n * - Admin bypass + no query overrides → `unrestricted`.\n * - Admin bypass + `authorId=X` → `exact` (all of X's rows).\n * - `visibility=public` (any caller) → `publicOnly` (aggregate public rows across owners).\n * - `authorId=X`, caller === X → `exact` (all of caller's rows).\n * - `authorId=X`, caller !== X (non-admin) → `ownedOrPublicOthers` (only X's public rows).\n * - No caller (auth off) → `unrestricted` (or `exact` if query supplied).\n * - Default → `ownedOrPublic` (caller's rows + legacy unowned + any public rows).\n */\nexport function resolveAuthorFilter(args: {\n requestContext: RequestContext;\n resource: string;\n queryAuthorId?: string;\n queryVisibility?: 'public';\n}): AuthorFilter {\n const { requestContext, resource, queryAuthorId, queryVisibility } = args;\n const callerAuthorId = getCallerAuthorId(requestContext);\n const bypass = hasAdminBypass(requestContext, resource);\n\n if (queryVisibility === 'public' && !queryAuthorId) {\n return { kind: 'publicOnly' };\n }\n\n if (bypass) {\n return queryAuthorId ? { kind: 'exact', authorId: queryAuthorId } : { kind: 'unrestricted' };\n }\n\n // Auth isn't configured (no caller) → treat as unrestricted. The route's\n // `requiresAuth`/`requiresPermission` is what gates access in that mode.\n if (!callerAuthorId) {\n return queryAuthorId ? { kind: 'exact', authorId: queryAuthorId } : { kind: 'unrestricted' };\n }\n\n if (queryAuthorId) {\n if (queryAuthorId === callerAuthorId) {\n return { kind: 'exact', authorId: callerAuthorId };\n }\n // Non-owner asking about another user: only that user's public rows are visible.\n return { kind: 'ownedOrPublicOthers', callerAuthorId, queryAuthorId };\n }\n\n return { kind: 'ownedOrPublic', callerAuthorId };\n}\n\n/**\n * Returns `true` if the record is visible to the caller given the resolved\n * filter. See `resolveAuthorFilter` for the filter semantics.\n *\n * Legacy rows with `authorId == null` are treated as public (visible to all).\n */\nexport function matchesAuthorFilter(record: OwnedRecord, filter: AuthorFilter): boolean {\n const owner = record.authorId ?? null;\n const isPublic = record.visibility === 'public';\n\n switch (filter.kind) {\n case 'unrestricted':\n return true;\n case 'exact':\n return owner === filter.authorId;\n case 'ownedOrPublic':\n return owner === null || owner === filter.callerAuthorId || isPublic;\n case 'publicOnly':\n return owner === null || isPublic;\n case 'ownedOrPublicOthers':\n // Filtering by another author's rows: only expose their public ones.\n // Legacy unowned rows match if the query is for `null`; here the query\n // is always for a concrete id, so unowned rows don't match.\n return owner === filter.queryAuthorId && isPublic;\n }\n}\n\n/**\n * Asserts the caller has read access to the record. Throws 404 if not.\n *\n * Read access is granted when:\n * - The record has no owner (legacy/public), OR\n * - The record is marked `visibility: 'public'`, OR\n * - The caller owns the record, OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:read` or `<resource>:read:<resourceId>`.\n */\nexport function assertReadAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (record.visibility === 'public') return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n // No authenticated user on the request context means auth is not configured\n // (single-user/dev mode). When auth IS configured, coreAuthMiddleware\n // rejects unauthenticated requests with 401 before they reach handlers,\n // so an absent user here genuinely means no auth provider.\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return;\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'read', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has execute access to the record. Throws 404 if not.\n *\n * Execute access is granted when:\n * - The record has no owner (legacy/public), OR\n * - The record is marked `visibility: 'public'`, OR\n * - The caller owns the record, OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:execute` / `<resource>:execute:<resourceId>`, OR\n * - The caller holds `<resource>:read` / `<resource>:read:<resourceId>`\n * (read implies the ability to consume/chat with the resource).\n */\nexport function assertExecuteAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (record.visibility === 'public') return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'execute', resourceId })) {\n return;\n }\n if (hasScopedPermission({ requestContext, resource, action: 'read', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has write access (edit or delete) to the record.\n * Throws 404 if not.\n *\n * Write access is granted when:\n * - The record has no owner (legacy), OR\n * - The caller owns the record, OR\n * - The caller has admin bypass, OR\n * - The caller holds `<resource>:<action>` or `<resource>:<action>:<resourceId>`.\n *\n * `visibility: 'public'` alone does NOT grant write access.\n */\nexport function assertWriteAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n action: 'edit' | 'delete' | 'write';\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, action, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action, resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Asserts the caller has share access to the record. Throws 404 if not.\n *\n * Share access controls who can change a record's audience/visibility\n * (e.g. flipping `private` ↔ `public`). It is intentionally separate from\n * `write`: a caller with only `<resource>:write` MUST NOT be able to flip\n * visibility — that would let any editor expose private records.\n *\n * Share access is granted when:\n * - The record has no owner (legacy), OR\n * - The caller owns the record (creators can share their own records), OR\n * - The caller has admin bypass (`*`, `<resource>:*`, `<resource>:admin`), OR\n * - The caller holds `<resource>:share` / `<resource>:share:<resourceId>`\n * (or any pattern that matches it, e.g. `*:share`).\n *\n * `visibility: 'public'` does NOT grant share access — being readable doesn't\n * imply the right to change who else can read.\n */\nexport function assertShareAccess(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n const { requestContext, resource, resourceId, record } = args;\n const owner = record.authorId ?? null;\n\n if (owner === null) return;\n if (hasAdminBypass(requestContext, resource)) return;\n\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return; // No auth configured (see assertReadAccess)\n if (callerAuthorId === owner) return;\n\n if (hasScopedPermission({ requestContext, resource, action: 'share', resourceId })) {\n return;\n }\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n/**\n * Alias for `assertWriteAccess` with `action: 'edit'`. Prefer `assertWriteAccess`\n * in new code so the action is explicit.\n */\nexport function assertOwnership(args: {\n requestContext: RequestContext;\n resource: string;\n resourceId?: string;\n record: OwnedRecord;\n}): void {\n assertWriteAccess({ ...args, action: 'edit' });\n}\n"]}
@@ -1,8 +1,8 @@
1
- import { conversationObjectSchema, createConversationBodySchema, conversationIdPathParams, conversationItemsListSchema, conversationDeletedSchema } from './chunk-LEKVIHSE.js';
2
1
  import { mapMastraMessagesToConversationItems } from './chunk-TLLV2JP5.js';
3
- import { getAgentMemoryStore, findConversationThreadAcrossAgents } from './chunk-L4DD3HSB.js';
4
- import { getAgentFromSystem } from './chunk-2MEUH7JT.js';
5
- import { MastraFGAPermissions, getEffectiveResourceId } from './chunk-JBSUT5XF.js';
2
+ import { getAgentMemoryStore, findConversationThreadAcrossAgents } from './chunk-RY5RETAD.js';
3
+ import { conversationObjectSchema, createConversationBodySchema, conversationIdPathParams, conversationItemsListSchema, conversationDeletedSchema } from './chunk-LEKVIHSE.js';
4
+ import { getAgentFromSystem } from './chunk-ZO7HYQJT.js';
5
+ import { MastraFGAPermissions, getEffectiveResourceId } from './chunk-3ENQND57.js';
6
6
  import { handleError } from './chunk-7ZWJX3AN.js';
7
7
  import { createRoute } from './chunk-Z5MTOVTR.js';
8
8
  import { HTTPException } from './chunk-6QWQZI4Q.js';
@@ -155,5 +155,5 @@ var DELETE_CONVERSATION_ROUTE = createRoute({
155
155
  });
156
156
 
157
157
  export { CREATE_CONVERSATION_ROUTE, DELETE_CONVERSATION_ROUTE, GET_CONVERSATION_ITEMS_ROUTE, GET_CONVERSATION_ROUTE, conversations_exports };
158
- //# sourceMappingURL=chunk-V23YWHBT.js.map
159
- //# sourceMappingURL=chunk-V23YWHBT.js.map
158
+ //# sourceMappingURL=chunk-LH5CRODT.js.map
159
+ //# sourceMappingURL=chunk-LH5CRODT.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server/handlers/conversations.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,IAAA,qBAAA,GAAA;AAAA,QAAA,CAAA,qBAAA,EAAA;AAAA,EAAA,yBAAA,EAAA,MAAA,yBAAA;AAAA,EAAA,yBAAA,EAAA,MAAA,yBAAA;AAAA,EAAA,4BAAA,EAAA,MAAA,4BAAA;AAAA,EAAA,sBAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAkBA,SAAS,uBAAA,CAAwB,EAAE,MAAA,EAAO,EAAiE;AACzG,EAAA,OAAO;AAAA,IACL,IAAI,MAAA,CAAO,EAAA;AAAA,IACX,MAAA,EAAQ,cAAA;AAAA,IACR;AAAA,GACF;AACF;AAEA,SAAS,2BAA2B,KAAA,EAA6D;AAC/F,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAA;AAAA,IACN,QAAA,EAAU,KAAA,CAAM,CAAC,CAAA,EAAG,EAAA,IAAM,IAAA;AAAA,IAC1B,OAAA,EAAS,KAAA,CAAM,EAAA,CAAG,EAAE,GAAG,EAAA,IAAM,IAAA;AAAA,IAC7B,QAAA,EAAU;AAAA,GACZ;AACF;AAEA,SAAS,yBAAyB,cAAA,EAA6C;AAC7E,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,cAAA;AAAA,IACJ,MAAA,EAAQ,sBAAA;AAAA,IACR,OAAA,EAAS;AAAA,GACX;AACF;AAEO,IAAM,4BAA4B,WAAA,CAAY;AAAA,EACnD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,mBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,UAAA,EAAY,4BAAA;AAAA,EACZ,cAAA,EAAgB,wBAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EAAa,kFAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoB,oBAAA,CAAqB,aAAA;AAAA,EACzC,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,UAAU,eAAA,EAAiB,WAAA,EAAa,KAAA,EAAO,QAAA,EAAS,KAAM;AACtG,IAAA,IAAI;AACF,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,iDAAiD,CAAA;AAAA,MAC3F;AAEA,MAAA,MAAM,QAAQ,MAAM,kBAAA,CAAmB,EAAE,MAAA,EAAQ,OAAA,EAAS,UAAU,CAAA;AACpE,MAAA,MAAM,SAAS,MAAM,KAAA,CAAM,SAAA,CAAU,EAAE,gBAAgB,CAAA;AACvD,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,OAAA,EAAU,KAAA,CAAM,EAAE,CAAA,iCAAA,CAAA,EAAqC,CAAA;AAAA,MACjG;AACA,MAAA,IAAI,CAAE,MAAM,mBAAA,CAAoB,EAAE,KAAA,EAAO,cAAA,EAAgB,CAAA,EAAI;AAC3D,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,4CAAA,EAA+C,KAAA,CAAM,EAAE,CAAA,CAAA,CAAA,EAAK,CAAA;AAAA,MACtG;AAEA,MAAA,MAAM,QAAA,GAAW,mBAAmB,UAAA,EAAW;AAC/C,MAAA,MAAM,UAAA,GAAa,sBAAA,CAAuB,cAAA,EAAgB,WAAW,CAAA,IAAK,QAAA;AAC1E,MAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,YAAA,CAAa;AAAA,QACvC,QAAA;AAAA,QACA,UAAA;AAAA,QACA,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,OAAO,uBAAA,CAAwB,EAAE,MAAA,EAAQ,CAAA;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,6BAA6B,CAAA;AAAA,IACzD;AAAA,EACF;AACF,CAAC;AAEM,IAAM,yBAAyB,WAAA,CAAY;AAAA,EAChD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,wBAAA;AAAA,EACjB,cAAA,EAAgB,wBAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,gEAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoB,oBAAA,CAAqB,WAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAM,kCAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,OAAO,uBAAA,CAAwB,EAAE,MAAA,EAAQ,KAAA,CAAM,QAAQ,CAAA;AAAA,IACzD,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAEM,IAAM,+BAA+B,WAAA,CAAY;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,yCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,wBAAA;AAAA,EACjB,cAAA,EAAgB,2BAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,iFAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoB,oBAAA,CAAqB,WAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAM,kCAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,KAAA,CAAM,YAAY,YAAA,CAAa;AAAA,QACxD,QAAA,EAAU,cAAA;AAAA,QACV,IAAA,EAAM,CAAA;AAAA,QACN,OAAA,EAAS;AAAA,OACV,CAAA;AAED,MAAA,OAAO,0BAAA,CAA2B,oCAAA,CAAqC,QAAQ,CAAC,CAAA;AAAA,IAClF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAEM,IAAM,4BAA4B,WAAA,CAAY;AAAA,EACnD,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,wBAAA;AAAA,EACjB,cAAA,EAAgB,yBAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EAAa,2DAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoB,oBAAA,CAAqB,aAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAM,kCAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,MAAM,WAAA,CAAY,YAAA,CAAa,EAAE,QAAA,EAAU,gBAAgB,CAAA;AAEjE,MAAA,OAAO,yBAAyB,cAAc,CAAA;AAAA,IAChD,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,6BAA6B,CAAA;AAAA,IACzD;AAAA,EACF;AACF,CAAC","file":"chunk-V23YWHBT.js","sourcesContent":["import { randomUUID } from 'node:crypto';\nimport { MastraFGAPermissions } from '../fga-permissions';\nimport { HTTPException } from '../http-exception';\nimport {\n conversationDeletedSchema,\n conversationIdPathParams,\n conversationItemsListSchema,\n conversationObjectSchema,\n createConversationBodySchema,\n} from '../schemas/conversations';\nimport type { ConversationDeleted, ConversationItemsList, ConversationObject } from '../schemas/conversations';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { getAgentFromSystem } from './agents';\nimport { handleError } from './error';\nimport { mapMastraMessagesToConversationItems } from './responses.adapter';\nimport { findConversationThreadAcrossAgents, getAgentMemoryStore } from './responses.storage';\nimport { getEffectiveResourceId } from './utils';\n\nfunction buildConversationObject({ thread }: { thread: ConversationObject['thread'] }): ConversationObject {\n return {\n id: thread.id,\n object: 'conversation',\n thread,\n };\n}\n\nfunction buildConversationItemsList(items: ConversationItemsList['data']): ConversationItemsList {\n return {\n object: 'list',\n data: items,\n first_id: items[0]?.id ?? null,\n last_id: items.at(-1)?.id ?? null,\n has_more: false,\n };\n}\n\nfunction buildConversationDeleted(conversationId: string): ConversationDeleted {\n return {\n id: conversationId,\n object: 'conversation.deleted',\n deleted: true,\n };\n}\n\nexport const CREATE_CONVERSATION_ROUTE = createRoute({\n method: 'POST',\n path: '/v1/conversations',\n responseType: 'json',\n bodySchema: createConversationBodySchema,\n responseSchema: conversationObjectSchema,\n summary: 'Create a conversation',\n description: 'Creates a new thread-backed conversation for agent-backed Responses API requests',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_CREATE,\n handler: async ({ mastra, requestContext, agent_id, conversation_id, resource_id, title, metadata }) => {\n try {\n if (!mastra) {\n throw new HTTPException(500, { message: 'Mastra instance is required for conversations' });\n }\n\n const agent = await getAgentFromSystem({ mastra, agentId: agent_id });\n const memory = await agent.getMemory({ requestContext });\n if (!memory) {\n throw new HTTPException(400, { message: `Agent \"${agent.id}\" does not have memory configured` });\n }\n if (!(await getAgentMemoryStore({ agent, requestContext }))) {\n throw new HTTPException(400, { message: `Memory storage is not configured for agent \"${agent.id}\"` });\n }\n\n const threadId = conversation_id ?? randomUUID();\n const resourceId = getEffectiveResourceId(requestContext, resource_id) ?? threadId;\n const thread = await memory.createThread({\n threadId,\n resourceId,\n title,\n metadata,\n });\n\n return buildConversationObject({ thread });\n } catch (error) {\n return handleError(error, 'Error creating conversation');\n }\n },\n});\n\nexport const GET_CONVERSATION_ROUTE = createRoute({\n method: 'GET',\n path: '/v1/conversations/:conversationId',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationObjectSchema,\n summary: 'Retrieve a conversation',\n description: 'Returns a conversation object backed by a Mastra memory thread',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_READ,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n return buildConversationObject({ thread: match.thread });\n } catch (error) {\n return handleError(error, 'Error retrieving conversation');\n }\n },\n});\n\nexport const GET_CONVERSATION_ITEMS_ROUTE = createRoute({\n method: 'GET',\n path: '/v1/conversations/:conversationId/items',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationItemsListSchema,\n summary: 'List conversation items',\n description: 'Returns OpenAI-style conversation items derived from the stored thread messages',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_READ,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n const { messages } = await match.memoryStore.listMessages({\n threadId: conversationId,\n page: 0,\n perPage: 1000,\n });\n\n return buildConversationItemsList(mapMastraMessagesToConversationItems(messages));\n } catch (error) {\n return handleError(error, 'Error retrieving conversation');\n }\n },\n});\n\nexport const DELETE_CONVERSATION_ROUTE = createRoute({\n method: 'DELETE',\n path: '/v1/conversations/:conversationId',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationDeletedSchema,\n summary: 'Delete a conversation',\n description: 'Deletes a thread-backed conversation and its stored items',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_DELETE,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n await match.memoryStore.deleteThread({ threadId: conversationId });\n\n return buildConversationDeleted(conversationId);\n } catch (error) {\n return handleError(error, 'Error deleting conversation');\n }\n },\n});\n"]}
1
+ {"version":3,"sources":["../src/server/handlers/conversations.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,IAAA,qBAAA,GAAA;AAAA,QAAA,CAAA,qBAAA,EAAA;AAAA,EAAA,yBAAA,EAAA,MAAA,yBAAA;AAAA,EAAA,yBAAA,EAAA,MAAA,yBAAA;AAAA,EAAA,4BAAA,EAAA,MAAA,4BAAA;AAAA,EAAA,sBAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAkBA,SAAS,uBAAA,CAAwB,EAAE,MAAA,EAAO,EAAiE;AACzG,EAAA,OAAO;AAAA,IACL,IAAI,MAAA,CAAO,EAAA;AAAA,IACX,MAAA,EAAQ,cAAA;AAAA,IACR;AAAA,GACF;AACF;AAEA,SAAS,2BAA2B,KAAA,EAA6D;AAC/F,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,MAAA;AAAA,IACR,IAAA,EAAM,KAAA;AAAA,IACN,QAAA,EAAU,KAAA,CAAM,CAAC,CAAA,EAAG,EAAA,IAAM,IAAA;AAAA,IAC1B,OAAA,EAAS,KAAA,CAAM,EAAA,CAAG,EAAE,GAAG,EAAA,IAAM,IAAA;AAAA,IAC7B,QAAA,EAAU;AAAA,GACZ;AACF;AAEA,SAAS,yBAAyB,cAAA,EAA6C;AAC7E,EAAA,OAAO;AAAA,IACL,EAAA,EAAI,cAAA;AAAA,IACJ,MAAA,EAAQ,sBAAA;AAAA,IACR,OAAA,EAAS;AAAA,GACX;AACF;AAEO,IAAM,4BAA4B,WAAA,CAAY;AAAA,EACnD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,mBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,UAAA,EAAY,4BAAA;AAAA,EACZ,cAAA,EAAgB,wBAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EAAa,kFAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoB,oBAAA,CAAqB,aAAA;AAAA,EACzC,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,UAAU,eAAA,EAAiB,WAAA,EAAa,KAAA,EAAO,QAAA,EAAS,KAAM;AACtG,IAAA,IAAI;AACF,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,iDAAiD,CAAA;AAAA,MAC3F;AAEA,MAAA,MAAM,QAAQ,MAAM,kBAAA,CAAmB,EAAE,MAAA,EAAQ,OAAA,EAAS,UAAU,CAAA;AACpE,MAAA,MAAM,SAAS,MAAM,KAAA,CAAM,SAAA,CAAU,EAAE,gBAAgB,CAAA;AACvD,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,OAAA,EAAU,KAAA,CAAM,EAAE,CAAA,iCAAA,CAAA,EAAqC,CAAA;AAAA,MACjG;AACA,MAAA,IAAI,CAAE,MAAM,mBAAA,CAAoB,EAAE,KAAA,EAAO,cAAA,EAAgB,CAAA,EAAI;AAC3D,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,4CAAA,EAA+C,KAAA,CAAM,EAAE,CAAA,CAAA,CAAA,EAAK,CAAA;AAAA,MACtG;AAEA,MAAA,MAAM,QAAA,GAAW,mBAAmB,UAAA,EAAW;AAC/C,MAAA,MAAM,UAAA,GAAa,sBAAA,CAAuB,cAAA,EAAgB,WAAW,CAAA,IAAK,QAAA;AAC1E,MAAA,MAAM,MAAA,GAAS,MAAM,MAAA,CAAO,YAAA,CAAa;AAAA,QACvC,QAAA;AAAA,QACA,UAAA;AAAA,QACA,KAAA;AAAA,QACA;AAAA,OACD,CAAA;AAED,MAAA,OAAO,uBAAA,CAAwB,EAAE,MAAA,EAAQ,CAAA;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,6BAA6B,CAAA;AAAA,IACzD;AAAA,EACF;AACF,CAAC;AAEM,IAAM,yBAAyB,WAAA,CAAY;AAAA,EAChD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,wBAAA;AAAA,EACjB,cAAA,EAAgB,wBAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,gEAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoB,oBAAA,CAAqB,WAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAM,kCAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,OAAO,uBAAA,CAAwB,EAAE,MAAA,EAAQ,KAAA,CAAM,QAAQ,CAAA;AAAA,IACzD,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAEM,IAAM,+BAA+B,WAAA,CAAY;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,yCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,wBAAA;AAAA,EACjB,cAAA,EAAgB,2BAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,iFAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoB,oBAAA,CAAqB,WAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAM,kCAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,EAAE,QAAA,EAAS,GAAI,MAAM,KAAA,CAAM,YAAY,YAAA,CAAa;AAAA,QACxD,QAAA,EAAU,cAAA;AAAA,QACV,IAAA,EAAM,CAAA;AAAA,QACN,OAAA,EAAS;AAAA,OACV,CAAA;AAED,MAAA,OAAO,0BAAA,CAA2B,oCAAA,CAAqC,QAAQ,CAAC,CAAA;AAAA,IAClF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAEM,IAAM,4BAA4B,WAAA,CAAY;AAAA,EACnD,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,wBAAA;AAAA,EACjB,cAAA,EAAgB,yBAAA;AAAA,EAChB,OAAA,EAAS,uBAAA;AAAA,EACT,WAAA,EAAa,2DAAA;AAAA,EACb,IAAA,EAAM,CAAC,WAAW,CAAA;AAAA,EAClB,YAAA,EAAc,IAAA;AAAA,EACd,oBAAoB,oBAAA,CAAqB,aAAA;AAAA,EACzC,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAe,KAAM;AAC7D,IAAA,IAAI;AACF,MAAA,MAAM,QAAQ,MAAM,kCAAA,CAAmC,EAAE,MAAA,EAAQ,cAAA,EAAgB,gBAAgB,CAAA;AACjG,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAI,cAAc,GAAA,EAAK,EAAE,SAAS,CAAA,aAAA,EAAgB,cAAc,kBAAkB,CAAA;AAAA,MAC1F;AAEA,MAAA,MAAM,MAAM,WAAA,CAAY,YAAA,CAAa,EAAE,QAAA,EAAU,gBAAgB,CAAA;AAEjE,MAAA,OAAO,yBAAyB,cAAc,CAAA;AAAA,IAChD,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,6BAA6B,CAAA;AAAA,IACzD;AAAA,EACF;AACF,CAAC","file":"chunk-LH5CRODT.js","sourcesContent":["import { randomUUID } from 'node:crypto';\nimport { MastraFGAPermissions } from '../fga-permissions';\nimport { HTTPException } from '../http-exception';\nimport {\n conversationDeletedSchema,\n conversationIdPathParams,\n conversationItemsListSchema,\n conversationObjectSchema,\n createConversationBodySchema,\n} from '../schemas/conversations';\nimport type { ConversationDeleted, ConversationItemsList, ConversationObject } from '../schemas/conversations';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { getAgentFromSystem } from './agents';\nimport { handleError } from './error';\nimport { mapMastraMessagesToConversationItems } from './responses.adapter';\nimport { findConversationThreadAcrossAgents, getAgentMemoryStore } from './responses.storage';\nimport { getEffectiveResourceId } from './utils';\n\nfunction buildConversationObject({ thread }: { thread: ConversationObject['thread'] }): ConversationObject {\n return {\n id: thread.id,\n object: 'conversation',\n thread,\n };\n}\n\nfunction buildConversationItemsList(items: ConversationItemsList['data']): ConversationItemsList {\n return {\n object: 'list',\n data: items,\n first_id: items[0]?.id ?? null,\n last_id: items.at(-1)?.id ?? null,\n has_more: false,\n };\n}\n\nfunction buildConversationDeleted(conversationId: string): ConversationDeleted {\n return {\n id: conversationId,\n object: 'conversation.deleted',\n deleted: true,\n };\n}\n\nexport const CREATE_CONVERSATION_ROUTE = createRoute({\n method: 'POST',\n path: '/v1/conversations',\n responseType: 'json',\n bodySchema: createConversationBodySchema,\n responseSchema: conversationObjectSchema,\n summary: 'Create a conversation',\n description: 'Creates a new thread-backed conversation for agent-backed Responses API requests',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_CREATE,\n handler: async ({ mastra, requestContext, agent_id, conversation_id, resource_id, title, metadata }) => {\n try {\n if (!mastra) {\n throw new HTTPException(500, { message: 'Mastra instance is required for conversations' });\n }\n\n const agent = await getAgentFromSystem({ mastra, agentId: agent_id });\n const memory = await agent.getMemory({ requestContext });\n if (!memory) {\n throw new HTTPException(400, { message: `Agent \"${agent.id}\" does not have memory configured` });\n }\n if (!(await getAgentMemoryStore({ agent, requestContext }))) {\n throw new HTTPException(400, { message: `Memory storage is not configured for agent \"${agent.id}\"` });\n }\n\n const threadId = conversation_id ?? randomUUID();\n const resourceId = getEffectiveResourceId(requestContext, resource_id) ?? threadId;\n const thread = await memory.createThread({\n threadId,\n resourceId,\n title,\n metadata,\n });\n\n return buildConversationObject({ thread });\n } catch (error) {\n return handleError(error, 'Error creating conversation');\n }\n },\n});\n\nexport const GET_CONVERSATION_ROUTE = createRoute({\n method: 'GET',\n path: '/v1/conversations/:conversationId',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationObjectSchema,\n summary: 'Retrieve a conversation',\n description: 'Returns a conversation object backed by a Mastra memory thread',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_READ,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n return buildConversationObject({ thread: match.thread });\n } catch (error) {\n return handleError(error, 'Error retrieving conversation');\n }\n },\n});\n\nexport const GET_CONVERSATION_ITEMS_ROUTE = createRoute({\n method: 'GET',\n path: '/v1/conversations/:conversationId/items',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationItemsListSchema,\n summary: 'List conversation items',\n description: 'Returns OpenAI-style conversation items derived from the stored thread messages',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_READ,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n const { messages } = await match.memoryStore.listMessages({\n threadId: conversationId,\n page: 0,\n perPage: 1000,\n });\n\n return buildConversationItemsList(mapMastraMessagesToConversationItems(messages));\n } catch (error) {\n return handleError(error, 'Error retrieving conversation');\n }\n },\n});\n\nexport const DELETE_CONVERSATION_ROUTE = createRoute({\n method: 'DELETE',\n path: '/v1/conversations/:conversationId',\n responseType: 'json',\n pathParamSchema: conversationIdPathParams,\n responseSchema: conversationDeletedSchema,\n summary: 'Delete a conversation',\n description: 'Deletes a thread-backed conversation and its stored items',\n tags: ['Responses'],\n requiresAuth: true,\n requiresPermission: MastraFGAPermissions.AGENTS_DELETE,\n handler: async ({ mastra, requestContext, conversationId }) => {\n try {\n const match = await findConversationThreadAcrossAgents({ mastra, conversationId, requestContext });\n if (!match) {\n throw new HTTPException(404, { message: `Conversation ${conversationId} was not found` });\n }\n\n await match.memoryStore.deleteThread({ threadId: conversationId });\n\n return buildConversationDeleted(conversationId);\n } catch (error) {\n return handleError(error, 'Error deleting conversation');\n }\n },\n});\n"]}
@@ -1,10 +1,10 @@
1
1
  'use strict';
2
2
 
3
- var chunkHDIYJI2Z_cjs = require('./chunk-HDIYJI2Z.cjs');
4
- var chunkSXKQ7CSX_cjs = require('./chunk-SXKQ7CSX.cjs');
3
+ var chunkKGUHJRHZ_cjs = require('./chunk-KGUHJRHZ.cjs');
5
4
  var chunkZ7LCIYK7_cjs = require('./chunk-Z7LCIYK7.cjs');
6
5
  var chunkDN2NUSL2_cjs = require('./chunk-DN2NUSL2.cjs');
7
6
  var chunk64ITUOXI_cjs = require('./chunk-64ITUOXI.cjs');
7
+ var chunkSXKQ7CSX_cjs = require('./chunk-SXKQ7CSX.cjs');
8
8
  var features = require('@mastra/core/features');
9
9
  var v4 = require('zod/v4');
10
10
 
@@ -81,7 +81,7 @@ async function assertChannelAgentWriteAccess(mastra, requestContext, agentId, ac
81
81
  const agentsStore = storage ? await storage.getStore("agents") : null;
82
82
  const stored = agentsStore ? await agentsStore.getById(agentId) : null;
83
83
  if (stored) {
84
- chunkHDIYJI2Z_cjs.assertWriteAccess({
84
+ chunkKGUHJRHZ_cjs.assertWriteAccess({
85
85
  requestContext,
86
86
  resource: "agents",
87
87
  resourceId: agentId,
@@ -97,10 +97,10 @@ async function assertChannelAgentWriteAccess(mastra, requestContext, agentId, ac
97
97
  if (action === "connect") {
98
98
  throw new chunk64ITUOXI_cjs.HTTPException(404, { message: `Agent "${agentId}" not found` });
99
99
  }
100
- const callerAuthorId = chunkHDIYJI2Z_cjs.getCallerAuthorId(requestContext);
100
+ const callerAuthorId = chunkKGUHJRHZ_cjs.getCallerAuthorId(requestContext);
101
101
  if (!callerAuthorId && !requestContext.get(chunkSXKQ7CSX_cjs.MASTRA_USER_KEY)) return;
102
- if (chunkHDIYJI2Z_cjs.hasAdminBypass(requestContext, "channels")) return;
103
- if (chunkHDIYJI2Z_cjs.hasScopedPermission({ requestContext, resource: "channels", action: "write" })) return;
102
+ if (chunkKGUHJRHZ_cjs.hasAdminBypass(requestContext, "channels")) return;
103
+ if (chunkKGUHJRHZ_cjs.hasScopedPermission({ requestContext, resource: "channels", action: "write" })) return;
104
104
  throw new chunk64ITUOXI_cjs.HTTPException(404, { message: "Not found" });
105
105
  }
106
106
  var LIST_CHANNEL_PLATFORMS_ROUTE = chunkDN2NUSL2_cjs.createRoute({
@@ -213,5 +213,5 @@ exports.CONNECT_CHANNEL_ROUTE = CONNECT_CHANNEL_ROUTE;
213
213
  exports.DISCONNECT_CHANNEL_ROUTE = DISCONNECT_CHANNEL_ROUTE;
214
214
  exports.LIST_CHANNEL_INSTALLATIONS_ROUTE = LIST_CHANNEL_INSTALLATIONS_ROUTE;
215
215
  exports.LIST_CHANNEL_PLATFORMS_ROUTE = LIST_CHANNEL_PLATFORMS_ROUTE;
216
- //# sourceMappingURL=chunk-SXMPMMTX.cjs.map
217
- //# sourceMappingURL=chunk-SXMPMMTX.cjs.map
216
+ //# sourceMappingURL=chunk-M6RITLE5.cjs.map
217
+ //# sourceMappingURL=chunk-M6RITLE5.cjs.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server/schemas/channels.ts","../src/server/handlers/channels.ts"],"names":["z","coreFeatures","HTTPException","assertWriteAccess","getCallerAuthorId","MASTRA_USER_KEY","hasAdminBypass","hasScopedPermission","createRoute","handleError"],"mappings":";;;;;;;;;;AAMO,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EAChD,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,6CAA6C;AAC7E,CAAC,CAAA;AAEM,IAAM,sBAAA,GAAyBA,KAAE,MAAA,CAAO;AAAA,EAC7C,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,6CAA6C,CAAA;AAAA,EAC3E,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,kBAAkB;AACjD,CAAC,CAAA;AAMM,IAAM,wBAAA,GAA2BA,KAAE,MAAA,CAAO;AAAA,EAC/C,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,6BAA6B,CAAA;AAAA,EAC1D,OAAA,EAASA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,EAAO,EAAGA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,sCAAsC;AACvG,CAAC,CAAA;AAMD,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EACzC,EAAA,EAAIA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,qBAAqB,CAAA;AAAA,EAC7C,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8BAA8B,CAAA;AAAA,EACxD,YAAA,EAAcA,IAAA,CAAE,OAAA,EAAQ,CAAE,SAAS,iDAAiD,CAAA;AAAA,EACpF,oBAAA,EAAsBA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,EAAO,EAAGA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,iCAAiC;AAC/G,CAAC,CAAA;AAED,IAAM,6BAAA,GAAgCA,KAAE,MAAA,CAAO;AAAA,EAC7C,EAAA,EAAIA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB,CAAA;AAAA,EACjD,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,qBAAqB,CAAA;AAAA,EACnD,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,4BAA4B,CAAA;AAAA,EACzD,MAAA,EAAQA,KAAE,IAAA,CAAK,CAAC,UAAU,SAAS,CAAC,CAAA,CAAE,QAAA,CAAS,qBAAqB,CAAA;AAAA,EACpE,aAAaA,IAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,gCAAgC,CAAA;AAAA,EAC5E,WAAA,EAAaA,KAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS,CAAE,SAAS,wBAAwB;AAC3E,CAAC,CAAA;AAED,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EACzC,MAAMA,IAAA,CAAE,OAAA,CAAQ,OAAO,CAAA,CAAE,SAAS,mDAAmD,CAAA;AAAA,EACrF,gBAAA,EAAkBA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,2CAA2C,CAAA;AAAA,EACjF,cAAA,EAAgBA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB;AAC/D,CAAC,CAAA;AAED,IAAM,4BAAA,GAA+BA,KAAE,MAAA,CAAO;AAAA,EAC5C,MAAMA,IAAA,CAAE,OAAA,CAAQ,WAAW,CAAA,CAAE,SAAS,uDAAuD,CAAA;AAAA,EAC7F,GAAA,EAAKA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,uCAAuC,CAAA;AAAA,EAChE,cAAA,EAAgBA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB;AAC/D,CAAC,CAAA;AAED,IAAM,6BAAA,GAAgCA,KAAE,MAAA,CAAO;AAAA,EAC7C,MAAMA,IAAA,CAAE,OAAA,CAAQ,WAAW,CAAA,CAAE,SAAS,sDAAsD,CAAA;AAAA,EAC5F,cAAA,EAAgBA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB;AAC/D,CAAC,CAAA;AAED,IAAM,0BAAA,GAA6BA,IAAA,CAAE,kBAAA,CAAmB,MAAA,EAAQ;AAAA,EAC9D,yBAAA;AAAA,EACA,4BAAA;AAAA,EACA;AACF,CAAC,CAAA;AAEM,IAAM,kCAAA,GAAqCA,IAAA,CAAE,KAAA,CAAM,yBAAyB,CAAA;AAE5E,IAAM,sCAAA,GAAyCA,IAAA,CAAE,KAAA,CAAM,6BAA6B,CAAA;AAEpF,IAAM,4BAAA,GAA+B,0BAAA;AAErC,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EACtD,OAAA,EAASA,KAAE,OAAA;AACb,CAAC,CAAA;;;AClDD,SAAS,uBAAA,GAAgC;AACvC,EAAA,IAAI,CAACC,qBAAA,CAAa,GAAA,CAAI,UAAU,CAAA,EAAG;AACjC,IAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,oDAAoD,CAAA;AAAA,EAC9F;AACF;AAEA,SAAS,iBAAA,CAAkB,QAAgB,QAAA,EAAmC;AAC5E,EAAA,MAAM,WAAW,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,QAAA,IAAY,EAAE,CAAA;AACpD,EAAA,MAAM,UAAU,QAAA,CAAS,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,OAAO,QAAQ,CAAA;AACpD,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,SAAA,GAAY,SAAS,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,EAAE,CAAA,CAAE,KAAK,IAAI,CAAA;AACnD,IAAA,MAAM,IAAIA,gCAAc,GAAA,EAAK;AAAA,MAC3B,OAAA,EAAS,CAAA,SAAA,EAAY,QAAQ,CAAA,gCAAA,EAAmC,aAAa,MAAM,CAAA;AAAA,KACpF,CAAA;AAAA,EACH;AACA,EAAA,OAAO,OAAA;AACT;AAWA,eAAe,6BAAA,CACb,MAAA,EACA,cAAA,EACA,OAAA,EACA,MAAA,EACe;AACf,EAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,EAAA,MAAM,cAAc,OAAA,GAAU,MAAM,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA,GAAI,IAAA;AACjE,EAAA,MAAM,SAAS,WAAA,GAAc,MAAM,WAAA,CAAY,OAAA,CAAQ,OAAO,CAAA,GAAI,IAAA;AAElE,EAAA,IAAI,MAAA,EAAQ;AACV,IAAAC,mCAAA,CAAkB;AAAA,MAChB,cAAA;AAAA,MACA,QAAA,EAAU,QAAA;AAAA,MACV,UAAA,EAAY,OAAA;AAAA,MACZ,MAAA,EAAQ,MAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AACD,IAAA;AAAA,EACF;AAIA,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,YAAA,CAAa,OAAO,CAAA;AAC/C,EAAA,IAAI,WAAA,EAAa;AAGf,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,WAAW,SAAA,EAAW;AACxB,IAAA,MAAM,IAAID,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,OAAA,EAAU,OAAO,eAAe,CAAA;AAAA,EAC1E;AAMA,EAAA,MAAM,cAAA,GAAiBE,oCAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIC,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAIC,gCAAA,CAAe,cAAA,EAAgB,UAAU,CAAA,EAAG;AAChD,EAAA,IAAIC,qCAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,YAAY,MAAA,EAAQ,OAAA,EAAS,CAAA,EAAG;AAEpF,EAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AASO,IAAM,+BAA+BM,6BAAA,CAAY;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,qBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,kCAAA;AAAA,EAChB,OAAA,EAAS,wBAAA;AAAA,EACT,WAAA,EAAa,oEAAA;AAAA,EACb,IAAA,EAAM,CAAC,UAAU,CAAA;AAAA,EACjB,YAAA,EAAc,IAAA;AAAA,EACd,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,uBAAA,EAAwB;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,WAAW,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,QAAA,IAAY,EAAE,CAAA;AACpD,MAAA,OAAO,QAAA,CAAS,IAAI,CAAA,OAAA,KAAW;AAC7B,QAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,UAAA,OAAO,QAAQ,OAAA,EAAQ;AAAA,QACzB;AACA,QAAA,OAAO;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,EAAA,CAAG,MAAA,CAAO,CAAC,CAAA,CAAE,WAAA,EAAY,GAAI,OAAA,CAAQ,EAAA,CAAG,KAAA,CAAM,CAAC,CAAA;AAAA,UAC7D,YAAA,EAAc;AAAA,SAChB;AAAA,MACF,CAAC,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAKM,IAAM,mCAAmCD,6BAAA,CAAY;AAAA,EAC1D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,cAAA,EAAgB,sCAAA;AAAA,EAChB,OAAA,EAAS,4BAAA;AAAA,EACT,WAAA,EAAa,qEAAA;AAAA,EACb,IAAA,EAAM,CAAC,UAAU,CAAA;AAAA,EACjB,YAAA,EAAc,IAAA;AAAA,EACd,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,UAAS,KAAM;AACvC,IAAA,uBAAA,EAAwB;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,EAAQ,QAAQ,CAAA;AAElD,MAAA,IAAI,CAAC,QAAQ,iBAAA,EAAmB;AAC9B,QAAA,OAAO,EAAC;AAAA,MACV;AAEA,MAAA,OAAO,MAAM,QAAQ,iBAAA,EAAkB;AAAA,IACzC,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,qCAAqC,CAAA;AAAA,IACjE;AAAA,EACF;AACF,CAAC;AAKM,IAAM,wBAAwBD,6BAAA,CAAY;AAAA,EAC/C,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,6BAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,UAAA,EAAY,wBAAA;AAAA,EACZ,cAAA,EAAgB,4BAAA;AAAA,EAChB,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,6EAAA;AAAA,EACb,IAAA,EAAM,CAAC,UAAU,CAAA;AAAA,EACjB,YAAA,EAAc,IAAA;AAAA,EACd,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,gBAAgB,QAAA,EAAU,OAAA,EAAS,SAAQ,KAAM;AACzE,IAAA,uBAAA,EAAwB;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,EAAQ,QAAQ,CAAA;AAElD,MAAA,IAAI,CAAC,QAAQ,OAAA,EAAS;AACpB,QAAA,MAAM,IAAIN,gCAAc,GAAA,EAAK;AAAA,UAC3B,OAAA,EAAS,YAAY,QAAQ,CAAA,0CAAA;AAAA,SAC9B,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,6BAAA,CAA8B,MAAA,EAAQ,cAAA,EAAgB,OAAA,EAAS,SAAS,CAAA;AAE9E,MAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,OAAA,EAAS,OAAO,CAAA;AAAA,IAC/C,SAAS,KAAA,EAAO;AACd,MAAA,OAAOO,6BAAA,CAAY,OAAO,mCAAmC,CAAA;AAAA,IAC/D;AAAA,EACF;AACF,CAAC;AAKM,IAAM,2BAA2BD,6BAAA,CAAY;AAAA,EAClD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,yCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,sBAAA;AAAA,EACjB,cAAA,EAAgB,+BAAA;AAAA,EAChB,OAAA,EAAS,+BAAA;AAAA,EACT,WAAA,EAAa,yDAAA;AAAA,EACb,IAAA,EAAM,CAAC,UAAU,CAAA;AAAA,EACjB,YAAA,EAAc,IAAA;AAAA,EACd,SAAS,OAAO,EAAE,QAAQ,cAAA,EAAgB,QAAA,EAAU,SAAQ,KAAM;AAChE,IAAA,uBAAA,EAAwB;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,EAAQ,QAAQ,CAAA;AAElD,MAAA,IAAI,CAAC,QAAQ,UAAA,EAAY;AACvB,QAAA,MAAM,IAAIN,gCAAc,GAAA,EAAK;AAAA,UAC3B,OAAA,EAAS,YAAY,QAAQ,CAAA,6CAAA;AAAA,SAC9B,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,6BAAA,CAA8B,MAAA,EAAQ,cAAA,EAAgB,OAAA,EAAS,YAAY,CAAA;AAEjF,MAAA,MAAM,OAAA,CAAQ,WAAW,OAAO,CAAA;AAChC,MAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,IACzB,SAAS,KAAA,EAAO;AACd,MAAA,OAAOO,6BAAA,CAAY,OAAO,wCAAwC,CAAA;AAAA,IACpE;AAAA,EACF;AACF,CAAC","file":"chunk-SXMPMMTX.cjs","sourcesContent":["import { z } from 'zod/v4';\n\n// ============================================================================\n// Path Parameter Schemas\n// ============================================================================\n\nexport const channelPlatformPathParams = z.object({\n platform: z.string().describe('Channel platform identifier (e.g., \"slack\")'),\n});\n\nexport const channelAgentPathParams = z.object({\n platform: z.string().describe('Channel platform identifier (e.g., \"slack\")'),\n agentId: z.string().describe('Agent identifier'),\n});\n\n// ============================================================================\n// Body Parameter Schemas\n// ============================================================================\n\nexport const connectChannelBodySchema = z.object({\n agentId: z.string().describe('Agent identifier to connect'),\n options: z.record(z.string(), z.unknown()).optional().describe('Platform-specific connection options'),\n});\n\n// ============================================================================\n// Response Schemas\n// ============================================================================\n\nconst channelPlatformInfoSchema = z.object({\n id: z.string().describe('Platform identifier'),\n name: z.string().describe('Human-readable platform name'),\n isConfigured: z.boolean().describe('Whether the platform is ready to connect agents'),\n connectOptionsSchema: z.record(z.string(), z.unknown()).optional().describe('JSON Schema for connect options'),\n});\n\nconst channelInstallationInfoSchema = z.object({\n id: z.string().describe('Installation identifier'),\n platform: z.string().describe('Platform identifier'),\n agentId: z.string().describe('Connected agent identifier'),\n status: z.enum(['active', 'pending']).describe('Installation status'),\n displayName: z.string().optional().describe('Platform-specific display name'),\n installedAt: z.coerce.date().optional().describe('Installation timestamp'),\n});\n\nconst channelConnectOAuthSchema = z.object({\n type: z.literal('oauth').describe('OAuth-based connection requiring browser redirect'),\n authorizationUrl: z.string().describe('OAuth authorization URL for user redirect'),\n installationId: z.string().describe('Installation identifier'),\n});\n\nconst channelConnectDeepLinkSchema = z.object({\n type: z.literal('deep_link').describe('Deep-link connection requiring native app interaction'),\n url: z.string().describe('Deep link URL to open in platform app'),\n installationId: z.string().describe('Installation identifier'),\n});\n\nconst channelConnectImmediateSchema = z.object({\n type: z.literal('immediate').describe('Immediate connection with no user interaction needed'),\n installationId: z.string().describe('Installation identifier'),\n});\n\nconst channelConnectResultSchema = z.discriminatedUnion('type', [\n channelConnectOAuthSchema,\n channelConnectDeepLinkSchema,\n channelConnectImmediateSchema,\n]);\n\nexport const listChannelPlatformsResponseSchema = z.array(channelPlatformInfoSchema);\n\nexport const listChannelInstallationsResponseSchema = z.array(channelInstallationInfoSchema);\n\nexport const connectChannelResponseSchema = channelConnectResultSchema;\n\nexport const disconnectChannelResponseSchema = z.object({\n success: z.boolean(),\n});\n","import type { Mastra } from '@mastra/core';\nimport type { ChannelProvider } from '@mastra/core/channels';\nimport type { RequestContext } from '@mastra/core/di';\nimport { coreFeatures } from '@mastra/core/features';\n\nimport { MASTRA_USER_KEY } from '../constants';\nimport { HTTPException } from '../http-exception';\nimport {\n channelPlatformPathParams,\n channelAgentPathParams,\n connectChannelBodySchema,\n listChannelPlatformsResponseSchema,\n listChannelInstallationsResponseSchema,\n connectChannelResponseSchema,\n disconnectChannelResponseSchema,\n} from '../schemas/channels';\nimport { createRoute } from '../server-adapter/routes/route-builder';\n\nimport { assertWriteAccess, getCallerAuthorId, hasAdminBypass, hasScopedPermission } from './authorship';\nimport { handleError } from './error';\n\n// ============================================================================\n// Feature gate + helpers\n// ============================================================================\n\nfunction assertChannelsAvailable(): void {\n if (!coreFeatures.has('channels')) {\n throw new HTTPException(501, { message: 'Channels require a newer version of @mastra/core' });\n }\n}\n\nfunction getChannelOrThrow(mastra: Mastra, platform: string): ChannelProvider {\n const channels = Object.values(mastra.channels ?? {});\n const channel = channels.find(c => c.id === platform);\n if (!channel) {\n const available = channels.map(c => c.id).join(', ');\n throw new HTTPException(404, {\n message: `Channel \"${platform}\" is not registered. Available: ${available || 'none'}`,\n });\n }\n return channel;\n}\n\n/**\n * Unified connect/disconnect authorization.\n *\n * - Stored agent exists → same write access as editing the agent record.\n * - Code-defined agent (no stored record) → route's `requiresAuth` is the gate.\n * - Agent doesn't exist anywhere:\n * - connect → 404 (can't connect a channel to a non-existent agent)\n * - disconnect → orphan cleanup, gated on `channels:write`\n */\nasync function assertChannelAgentWriteAccess(\n mastra: Mastra,\n requestContext: RequestContext,\n agentId: string,\n action: 'connect' | 'disconnect',\n): Promise<void> {\n const storage = mastra.getStorage();\n const agentsStore = storage ? await storage.getStore('agents') : null;\n const stored = agentsStore ? await agentsStore.getById(agentId) : null;\n\n if (stored) {\n assertWriteAccess({\n requestContext,\n resource: 'agents',\n resourceId: agentId,\n action: 'edit',\n record: stored,\n });\n return;\n }\n\n // Not in stored-agents (or storage doesn't support it). Check the runtime\n // registry for a code-defined agent.\n const codeDefined = mastra.getAgentById(agentId);\n if (codeDefined) {\n // Code-defined agents have no owner/ACL — route's requiresAuth /\n // requiresPermission is the gate. Pass-through.\n return;\n }\n\n if (action === 'connect') {\n throw new HTTPException(404, { message: `Agent \"${agentId}\" not found` });\n }\n\n // Disconnect against an unknown agentId = orphan cleanup (stored agent was\n // deleted but the channel installation row is still around). Allow it, but\n // gate on channels:write so this isn't an \"any authenticated user\" backdoor.\n // Follow the same no-auth-configured pass-through as assertWriteAccess.\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return;\n if (hasAdminBypass(requestContext, 'channels')) return;\n if (hasScopedPermission({ requestContext, resource: 'channels', action: 'write' })) return;\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n// ============================================================================\n// Route Definitions\n// ============================================================================\n\n/**\n * GET /channels/platforms - List available channel platforms\n */\nexport const LIST_CHANNEL_PLATFORMS_ROUTE = createRoute({\n method: 'GET',\n path: '/channels/platforms',\n responseType: 'json',\n responseSchema: listChannelPlatformsResponseSchema,\n summary: 'List channel platforms',\n description: 'Returns available channel platforms and their configuration status',\n tags: ['Channels'],\n requiresAuth: true,\n handler: async ({ mastra }) => {\n assertChannelsAvailable();\n try {\n const channels = Object.values(mastra.channels ?? {});\n return channels.map(channel => {\n if (channel.getInfo) {\n return channel.getInfo();\n }\n return {\n id: channel.id,\n name: channel.id.charAt(0).toUpperCase() + channel.id.slice(1),\n isConfigured: true,\n };\n });\n } catch (error) {\n return handleError(error, 'Error listing channel platforms');\n }\n },\n});\n\n/**\n * GET /channels/:platform/installations - List installations for a platform\n */\nexport const LIST_CHANNEL_INSTALLATIONS_ROUTE = createRoute({\n method: 'GET',\n path: '/channels/:platform/installations',\n responseType: 'json',\n pathParamSchema: channelPlatformPathParams,\n responseSchema: listChannelInstallationsResponseSchema,\n summary: 'List channel installations',\n description: 'Returns all active and pending installations for a channel platform',\n tags: ['Channels'],\n requiresAuth: true,\n handler: async ({ mastra, platform }) => {\n assertChannelsAvailable();\n try {\n const channel = getChannelOrThrow(mastra, platform);\n\n if (!channel.listInstallations) {\n return [];\n }\n\n return await channel.listInstallations();\n } catch (error) {\n return handleError(error, 'Error listing channel installations');\n }\n },\n});\n\n/**\n * POST /channels/:platform/connect - Connect an agent to a platform\n */\nexport const CONNECT_CHANNEL_ROUTE = createRoute({\n method: 'POST',\n path: '/channels/:platform/connect',\n responseType: 'json',\n pathParamSchema: channelPlatformPathParams,\n bodySchema: connectChannelBodySchema,\n responseSchema: connectChannelResponseSchema,\n summary: 'Connect agent to channel',\n description: 'Creates a platform app for the agent and returns an OAuth authorization URL',\n tags: ['Channels'],\n requiresAuth: true,\n handler: async ({ mastra, requestContext, platform, agentId, options }) => {\n assertChannelsAvailable();\n try {\n const channel = getChannelOrThrow(mastra, platform);\n\n if (!channel.connect) {\n throw new HTTPException(400, {\n message: `Channel \"${platform}\" does not support programmatic connection`,\n });\n }\n\n await assertChannelAgentWriteAccess(mastra, requestContext, agentId, 'connect');\n\n return await channel.connect(agentId, options);\n } catch (error) {\n return handleError(error, 'Error connecting agent to channel');\n }\n },\n});\n\n/**\n * POST /channels/:platform/:agentId/disconnect - Disconnect an agent from a platform\n */\nexport const DISCONNECT_CHANNEL_ROUTE = createRoute({\n method: 'POST',\n path: '/channels/:platform/:agentId/disconnect',\n responseType: 'json',\n pathParamSchema: channelAgentPathParams,\n responseSchema: disconnectChannelResponseSchema,\n summary: 'Disconnect agent from channel',\n description: 'Deletes the platform app and cleans up the installation',\n tags: ['Channels'],\n requiresAuth: true,\n handler: async ({ mastra, requestContext, platform, agentId }) => {\n assertChannelsAvailable();\n try {\n const channel = getChannelOrThrow(mastra, platform);\n\n if (!channel.disconnect) {\n throw new HTTPException(400, {\n message: `Channel \"${platform}\" does not support programmatic disconnection`,\n });\n }\n\n await assertChannelAgentWriteAccess(mastra, requestContext, agentId, 'disconnect');\n\n await channel.disconnect(agentId);\n return { success: true };\n } catch (error) {\n return handleError(error, 'Error disconnecting agent from channel');\n }\n },\n});\n"]}
1
+ {"version":3,"sources":["../src/server/schemas/channels.ts","../src/server/handlers/channels.ts"],"names":["z","coreFeatures","HTTPException","assertWriteAccess","getCallerAuthorId","MASTRA_USER_KEY","hasAdminBypass","hasScopedPermission","createRoute","handleError"],"mappings":";;;;;;;;;;AAMO,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EAChD,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,6CAA6C;AAC7E,CAAC,CAAA;AAEM,IAAM,sBAAA,GAAyBA,KAAE,MAAA,CAAO;AAAA,EAC7C,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,6CAA6C,CAAA;AAAA,EAC3E,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,kBAAkB;AACjD,CAAC,CAAA;AAMM,IAAM,wBAAA,GAA2BA,KAAE,MAAA,CAAO;AAAA,EAC/C,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,6BAA6B,CAAA;AAAA,EAC1D,OAAA,EAASA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,EAAO,EAAGA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,sCAAsC;AACvG,CAAC,CAAA;AAMD,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EACzC,EAAA,EAAIA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,qBAAqB,CAAA;AAAA,EAC7C,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,8BAA8B,CAAA;AAAA,EACxD,YAAA,EAAcA,IAAA,CAAE,OAAA,EAAQ,CAAE,SAAS,iDAAiD,CAAA;AAAA,EACpF,oBAAA,EAAsBA,IAAA,CAAE,MAAA,CAAOA,IAAA,CAAE,MAAA,EAAO,EAAGA,IAAA,CAAE,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,CAAE,SAAS,iCAAiC;AAC/G,CAAC,CAAA;AAED,IAAM,6BAAA,GAAgCA,KAAE,MAAA,CAAO;AAAA,EAC7C,EAAA,EAAIA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB,CAAA;AAAA,EACjD,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,qBAAqB,CAAA;AAAA,EACnD,OAAA,EAASA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,4BAA4B,CAAA;AAAA,EACzD,MAAA,EAAQA,KAAE,IAAA,CAAK,CAAC,UAAU,SAAS,CAAC,CAAA,CAAE,QAAA,CAAS,qBAAqB,CAAA;AAAA,EACpE,aAAaA,IAAA,CAAE,MAAA,GAAS,QAAA,EAAS,CAAE,SAAS,gCAAgC,CAAA;AAAA,EAC5E,WAAA,EAAaA,KAAE,MAAA,CAAO,IAAA,GAAO,QAAA,EAAS,CAAE,SAAS,wBAAwB;AAC3E,CAAC,CAAA;AAED,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EACzC,MAAMA,IAAA,CAAE,OAAA,CAAQ,OAAO,CAAA,CAAE,SAAS,mDAAmD,CAAA;AAAA,EACrF,gBAAA,EAAkBA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,2CAA2C,CAAA;AAAA,EACjF,cAAA,EAAgBA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB;AAC/D,CAAC,CAAA;AAED,IAAM,4BAAA,GAA+BA,KAAE,MAAA,CAAO;AAAA,EAC5C,MAAMA,IAAA,CAAE,OAAA,CAAQ,WAAW,CAAA,CAAE,SAAS,uDAAuD,CAAA;AAAA,EAC7F,GAAA,EAAKA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,uCAAuC,CAAA;AAAA,EAChE,cAAA,EAAgBA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB;AAC/D,CAAC,CAAA;AAED,IAAM,6BAAA,GAAgCA,KAAE,MAAA,CAAO;AAAA,EAC7C,MAAMA,IAAA,CAAE,OAAA,CAAQ,WAAW,CAAA,CAAE,SAAS,sDAAsD,CAAA;AAAA,EAC5F,cAAA,EAAgBA,IAAA,CAAE,MAAA,EAAO,CAAE,SAAS,yBAAyB;AAC/D,CAAC,CAAA;AAED,IAAM,0BAAA,GAA6BA,IAAA,CAAE,kBAAA,CAAmB,MAAA,EAAQ;AAAA,EAC9D,yBAAA;AAAA,EACA,4BAAA;AAAA,EACA;AACF,CAAC,CAAA;AAEM,IAAM,kCAAA,GAAqCA,IAAA,CAAE,KAAA,CAAM,yBAAyB,CAAA;AAE5E,IAAM,sCAAA,GAAyCA,IAAA,CAAE,KAAA,CAAM,6BAA6B,CAAA;AAEpF,IAAM,4BAAA,GAA+B,0BAAA;AAErC,IAAM,+BAAA,GAAkCA,KAAE,MAAA,CAAO;AAAA,EACtD,OAAA,EAASA,KAAE,OAAA;AACb,CAAC,CAAA;;;AClDD,SAAS,uBAAA,GAAgC;AACvC,EAAA,IAAI,CAACC,qBAAA,CAAa,GAAA,CAAI,UAAU,CAAA,EAAG;AACjC,IAAA,MAAM,IAAIC,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,oDAAoD,CAAA;AAAA,EAC9F;AACF;AAEA,SAAS,iBAAA,CAAkB,QAAgB,QAAA,EAAmC;AAC5E,EAAA,MAAM,WAAW,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,QAAA,IAAY,EAAE,CAAA;AACpD,EAAA,MAAM,UAAU,QAAA,CAAS,IAAA,CAAK,CAAA,CAAA,KAAK,CAAA,CAAE,OAAO,QAAQ,CAAA;AACpD,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,SAAA,GAAY,SAAS,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,EAAE,CAAA,CAAE,KAAK,IAAI,CAAA;AACnD,IAAA,MAAM,IAAIA,gCAAc,GAAA,EAAK;AAAA,MAC3B,OAAA,EAAS,CAAA,SAAA,EAAY,QAAQ,CAAA,gCAAA,EAAmC,aAAa,MAAM,CAAA;AAAA,KACpF,CAAA;AAAA,EACH;AACA,EAAA,OAAO,OAAA;AACT;AAWA,eAAe,6BAAA,CACb,MAAA,EACA,cAAA,EACA,OAAA,EACA,MAAA,EACe;AACf,EAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,EAAA,MAAM,cAAc,OAAA,GAAU,MAAM,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA,GAAI,IAAA;AACjE,EAAA,MAAM,SAAS,WAAA,GAAc,MAAM,WAAA,CAAY,OAAA,CAAQ,OAAO,CAAA,GAAI,IAAA;AAElE,EAAA,IAAI,MAAA,EAAQ;AACV,IAAAC,mCAAA,CAAkB;AAAA,MAChB,cAAA;AAAA,MACA,QAAA,EAAU,QAAA;AAAA,MACV,UAAA,EAAY,OAAA;AAAA,MACZ,MAAA,EAAQ,MAAA;AAAA,MACR,MAAA,EAAQ;AAAA,KACT,CAAA;AACD,IAAA;AAAA,EACF;AAIA,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,YAAA,CAAa,OAAO,CAAA;AAC/C,EAAA,IAAI,WAAA,EAAa;AAGf,IAAA;AAAA,EACF;AAEA,EAAA,IAAI,WAAW,SAAA,EAAW;AACxB,IAAA,MAAM,IAAID,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,OAAA,EAAU,OAAO,eAAe,CAAA;AAAA,EAC1E;AAMA,EAAA,MAAM,cAAA,GAAiBE,oCAAkB,cAAc,CAAA;AACvD,EAAA,IAAI,CAAC,cAAA,IAAkB,CAAC,cAAA,CAAe,GAAA,CAAIC,iCAAe,CAAA,EAAG;AAC7D,EAAA,IAAIC,gCAAA,CAAe,cAAA,EAAgB,UAAU,CAAA,EAAG;AAChD,EAAA,IAAIC,qCAAA,CAAoB,EAAE,cAAA,EAAgB,QAAA,EAAU,YAAY,MAAA,EAAQ,OAAA,EAAS,CAAA,EAAG;AAEpF,EAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AACvD;AASO,IAAM,+BAA+BM,6BAAA,CAAY;AAAA,EACtD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,qBAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,kCAAA;AAAA,EAChB,OAAA,EAAS,wBAAA;AAAA,EACT,WAAA,EAAa,oEAAA;AAAA,EACb,IAAA,EAAM,CAAC,UAAU,CAAA;AAAA,EACjB,YAAA,EAAc,IAAA;AAAA,EACd,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,uBAAA,EAAwB;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,WAAW,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,QAAA,IAAY,EAAE,CAAA;AACpD,MAAA,OAAO,QAAA,CAAS,IAAI,CAAA,OAAA,KAAW;AAC7B,QAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,UAAA,OAAO,QAAQ,OAAA,EAAQ;AAAA,QACzB;AACA,QAAA,OAAO;AAAA,UACL,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,IAAA,EAAM,OAAA,CAAQ,EAAA,CAAG,MAAA,CAAO,CAAC,CAAA,CAAE,WAAA,EAAY,GAAI,OAAA,CAAQ,EAAA,CAAG,KAAA,CAAM,CAAC,CAAA;AAAA,UAC7D,YAAA,EAAc;AAAA,SAChB;AAAA,MACF,CAAC,CAAA;AAAA,IACH,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AAKM,IAAM,mCAAmCD,6BAAA,CAAY;AAAA,EAC1D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,mCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,cAAA,EAAgB,sCAAA;AAAA,EAChB,OAAA,EAAS,4BAAA;AAAA,EACT,WAAA,EAAa,qEAAA;AAAA,EACb,IAAA,EAAM,CAAC,UAAU,CAAA;AAAA,EACjB,YAAA,EAAc,IAAA;AAAA,EACd,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,UAAS,KAAM;AACvC,IAAA,uBAAA,EAAwB;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,EAAQ,QAAQ,CAAA;AAElD,MAAA,IAAI,CAAC,QAAQ,iBAAA,EAAmB;AAC9B,QAAA,OAAO,EAAC;AAAA,MACV;AAEA,MAAA,OAAO,MAAM,QAAQ,iBAAA,EAAkB;AAAA,IACzC,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,qCAAqC,CAAA;AAAA,IACjE;AAAA,EACF;AACF,CAAC;AAKM,IAAM,wBAAwBD,6BAAA,CAAY;AAAA,EAC/C,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,6BAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,yBAAA;AAAA,EACjB,UAAA,EAAY,wBAAA;AAAA,EACZ,cAAA,EAAgB,4BAAA;AAAA,EAChB,OAAA,EAAS,0BAAA;AAAA,EACT,WAAA,EAAa,6EAAA;AAAA,EACb,IAAA,EAAM,CAAC,UAAU,CAAA;AAAA,EACjB,YAAA,EAAc,IAAA;AAAA,EACd,OAAA,EAAS,OAAO,EAAE,MAAA,EAAQ,gBAAgB,QAAA,EAAU,OAAA,EAAS,SAAQ,KAAM;AACzE,IAAA,uBAAA,EAAwB;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,EAAQ,QAAQ,CAAA;AAElD,MAAA,IAAI,CAAC,QAAQ,OAAA,EAAS;AACpB,QAAA,MAAM,IAAIN,gCAAc,GAAA,EAAK;AAAA,UAC3B,OAAA,EAAS,YAAY,QAAQ,CAAA,0CAAA;AAAA,SAC9B,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,6BAAA,CAA8B,MAAA,EAAQ,cAAA,EAAgB,OAAA,EAAS,SAAS,CAAA;AAE9E,MAAA,OAAO,MAAM,OAAA,CAAQ,OAAA,CAAQ,OAAA,EAAS,OAAO,CAAA;AAAA,IAC/C,SAAS,KAAA,EAAO;AACd,MAAA,OAAOO,6BAAA,CAAY,OAAO,mCAAmC,CAAA;AAAA,IAC/D;AAAA,EACF;AACF,CAAC;AAKM,IAAM,2BAA2BD,6BAAA,CAAY;AAAA,EAClD,MAAA,EAAQ,MAAA;AAAA,EACR,IAAA,EAAM,yCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiB,sBAAA;AAAA,EACjB,cAAA,EAAgB,+BAAA;AAAA,EAChB,OAAA,EAAS,+BAAA;AAAA,EACT,WAAA,EAAa,yDAAA;AAAA,EACb,IAAA,EAAM,CAAC,UAAU,CAAA;AAAA,EACjB,YAAA,EAAc,IAAA;AAAA,EACd,SAAS,OAAO,EAAE,QAAQ,cAAA,EAAgB,QAAA,EAAU,SAAQ,KAAM;AAChE,IAAA,uBAAA,EAAwB;AACxB,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAU,iBAAA,CAAkB,MAAA,EAAQ,QAAQ,CAAA;AAElD,MAAA,IAAI,CAAC,QAAQ,UAAA,EAAY;AACvB,QAAA,MAAM,IAAIN,gCAAc,GAAA,EAAK;AAAA,UAC3B,OAAA,EAAS,YAAY,QAAQ,CAAA,6CAAA;AAAA,SAC9B,CAAA;AAAA,MACH;AAEA,MAAA,MAAM,6BAAA,CAA8B,MAAA,EAAQ,cAAA,EAAgB,OAAA,EAAS,YAAY,CAAA;AAEjF,MAAA,MAAM,OAAA,CAAQ,WAAW,OAAO,CAAA;AAChC,MAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,IACzB,SAAS,KAAA,EAAO;AACd,MAAA,OAAOO,6BAAA,CAAY,OAAO,wCAAwC,CAAA;AAAA,IACpE;AAAA,EACF;AACF,CAAC","file":"chunk-M6RITLE5.cjs","sourcesContent":["import { z } from 'zod/v4';\n\n// ============================================================================\n// Path Parameter Schemas\n// ============================================================================\n\nexport const channelPlatformPathParams = z.object({\n platform: z.string().describe('Channel platform identifier (e.g., \"slack\")'),\n});\n\nexport const channelAgentPathParams = z.object({\n platform: z.string().describe('Channel platform identifier (e.g., \"slack\")'),\n agentId: z.string().describe('Agent identifier'),\n});\n\n// ============================================================================\n// Body Parameter Schemas\n// ============================================================================\n\nexport const connectChannelBodySchema = z.object({\n agentId: z.string().describe('Agent identifier to connect'),\n options: z.record(z.string(), z.unknown()).optional().describe('Platform-specific connection options'),\n});\n\n// ============================================================================\n// Response Schemas\n// ============================================================================\n\nconst channelPlatformInfoSchema = z.object({\n id: z.string().describe('Platform identifier'),\n name: z.string().describe('Human-readable platform name'),\n isConfigured: z.boolean().describe('Whether the platform is ready to connect agents'),\n connectOptionsSchema: z.record(z.string(), z.unknown()).optional().describe('JSON Schema for connect options'),\n});\n\nconst channelInstallationInfoSchema = z.object({\n id: z.string().describe('Installation identifier'),\n platform: z.string().describe('Platform identifier'),\n agentId: z.string().describe('Connected agent identifier'),\n status: z.enum(['active', 'pending']).describe('Installation status'),\n displayName: z.string().optional().describe('Platform-specific display name'),\n installedAt: z.coerce.date().optional().describe('Installation timestamp'),\n});\n\nconst channelConnectOAuthSchema = z.object({\n type: z.literal('oauth').describe('OAuth-based connection requiring browser redirect'),\n authorizationUrl: z.string().describe('OAuth authorization URL for user redirect'),\n installationId: z.string().describe('Installation identifier'),\n});\n\nconst channelConnectDeepLinkSchema = z.object({\n type: z.literal('deep_link').describe('Deep-link connection requiring native app interaction'),\n url: z.string().describe('Deep link URL to open in platform app'),\n installationId: z.string().describe('Installation identifier'),\n});\n\nconst channelConnectImmediateSchema = z.object({\n type: z.literal('immediate').describe('Immediate connection with no user interaction needed'),\n installationId: z.string().describe('Installation identifier'),\n});\n\nconst channelConnectResultSchema = z.discriminatedUnion('type', [\n channelConnectOAuthSchema,\n channelConnectDeepLinkSchema,\n channelConnectImmediateSchema,\n]);\n\nexport const listChannelPlatformsResponseSchema = z.array(channelPlatformInfoSchema);\n\nexport const listChannelInstallationsResponseSchema = z.array(channelInstallationInfoSchema);\n\nexport const connectChannelResponseSchema = channelConnectResultSchema;\n\nexport const disconnectChannelResponseSchema = z.object({\n success: z.boolean(),\n});\n","import type { Mastra } from '@mastra/core';\nimport type { ChannelProvider } from '@mastra/core/channels';\nimport type { RequestContext } from '@mastra/core/di';\nimport { coreFeatures } from '@mastra/core/features';\n\nimport { MASTRA_USER_KEY } from '../constants';\nimport { HTTPException } from '../http-exception';\nimport {\n channelPlatformPathParams,\n channelAgentPathParams,\n connectChannelBodySchema,\n listChannelPlatformsResponseSchema,\n listChannelInstallationsResponseSchema,\n connectChannelResponseSchema,\n disconnectChannelResponseSchema,\n} from '../schemas/channels';\nimport { createRoute } from '../server-adapter/routes/route-builder';\n\nimport { assertWriteAccess, getCallerAuthorId, hasAdminBypass, hasScopedPermission } from './authorship';\nimport { handleError } from './error';\n\n// ============================================================================\n// Feature gate + helpers\n// ============================================================================\n\nfunction assertChannelsAvailable(): void {\n if (!coreFeatures.has('channels')) {\n throw new HTTPException(501, { message: 'Channels require a newer version of @mastra/core' });\n }\n}\n\nfunction getChannelOrThrow(mastra: Mastra, platform: string): ChannelProvider {\n const channels = Object.values(mastra.channels ?? {});\n const channel = channels.find(c => c.id === platform);\n if (!channel) {\n const available = channels.map(c => c.id).join(', ');\n throw new HTTPException(404, {\n message: `Channel \"${platform}\" is not registered. Available: ${available || 'none'}`,\n });\n }\n return channel;\n}\n\n/**\n * Unified connect/disconnect authorization.\n *\n * - Stored agent exists → same write access as editing the agent record.\n * - Code-defined agent (no stored record) → route's `requiresAuth` is the gate.\n * - Agent doesn't exist anywhere:\n * - connect → 404 (can't connect a channel to a non-existent agent)\n * - disconnect → orphan cleanup, gated on `channels:write`\n */\nasync function assertChannelAgentWriteAccess(\n mastra: Mastra,\n requestContext: RequestContext,\n agentId: string,\n action: 'connect' | 'disconnect',\n): Promise<void> {\n const storage = mastra.getStorage();\n const agentsStore = storage ? await storage.getStore('agents') : null;\n const stored = agentsStore ? await agentsStore.getById(agentId) : null;\n\n if (stored) {\n assertWriteAccess({\n requestContext,\n resource: 'agents',\n resourceId: agentId,\n action: 'edit',\n record: stored,\n });\n return;\n }\n\n // Not in stored-agents (or storage doesn't support it). Check the runtime\n // registry for a code-defined agent.\n const codeDefined = mastra.getAgentById(agentId);\n if (codeDefined) {\n // Code-defined agents have no owner/ACL — route's requiresAuth /\n // requiresPermission is the gate. Pass-through.\n return;\n }\n\n if (action === 'connect') {\n throw new HTTPException(404, { message: `Agent \"${agentId}\" not found` });\n }\n\n // Disconnect against an unknown agentId = orphan cleanup (stored agent was\n // deleted but the channel installation row is still around). Allow it, but\n // gate on channels:write so this isn't an \"any authenticated user\" backdoor.\n // Follow the same no-auth-configured pass-through as assertWriteAccess.\n const callerAuthorId = getCallerAuthorId(requestContext);\n if (!callerAuthorId && !requestContext.get(MASTRA_USER_KEY)) return;\n if (hasAdminBypass(requestContext, 'channels')) return;\n if (hasScopedPermission({ requestContext, resource: 'channels', action: 'write' })) return;\n\n throw new HTTPException(404, { message: 'Not found' });\n}\n\n// ============================================================================\n// Route Definitions\n// ============================================================================\n\n/**\n * GET /channels/platforms - List available channel platforms\n */\nexport const LIST_CHANNEL_PLATFORMS_ROUTE = createRoute({\n method: 'GET',\n path: '/channels/platforms',\n responseType: 'json',\n responseSchema: listChannelPlatformsResponseSchema,\n summary: 'List channel platforms',\n description: 'Returns available channel platforms and their configuration status',\n tags: ['Channels'],\n requiresAuth: true,\n handler: async ({ mastra }) => {\n assertChannelsAvailable();\n try {\n const channels = Object.values(mastra.channels ?? {});\n return channels.map(channel => {\n if (channel.getInfo) {\n return channel.getInfo();\n }\n return {\n id: channel.id,\n name: channel.id.charAt(0).toUpperCase() + channel.id.slice(1),\n isConfigured: true,\n };\n });\n } catch (error) {\n return handleError(error, 'Error listing channel platforms');\n }\n },\n});\n\n/**\n * GET /channels/:platform/installations - List installations for a platform\n */\nexport const LIST_CHANNEL_INSTALLATIONS_ROUTE = createRoute({\n method: 'GET',\n path: '/channels/:platform/installations',\n responseType: 'json',\n pathParamSchema: channelPlatformPathParams,\n responseSchema: listChannelInstallationsResponseSchema,\n summary: 'List channel installations',\n description: 'Returns all active and pending installations for a channel platform',\n tags: ['Channels'],\n requiresAuth: true,\n handler: async ({ mastra, platform }) => {\n assertChannelsAvailable();\n try {\n const channel = getChannelOrThrow(mastra, platform);\n\n if (!channel.listInstallations) {\n return [];\n }\n\n return await channel.listInstallations();\n } catch (error) {\n return handleError(error, 'Error listing channel installations');\n }\n },\n});\n\n/**\n * POST /channels/:platform/connect - Connect an agent to a platform\n */\nexport const CONNECT_CHANNEL_ROUTE = createRoute({\n method: 'POST',\n path: '/channels/:platform/connect',\n responseType: 'json',\n pathParamSchema: channelPlatformPathParams,\n bodySchema: connectChannelBodySchema,\n responseSchema: connectChannelResponseSchema,\n summary: 'Connect agent to channel',\n description: 'Creates a platform app for the agent and returns an OAuth authorization URL',\n tags: ['Channels'],\n requiresAuth: true,\n handler: async ({ mastra, requestContext, platform, agentId, options }) => {\n assertChannelsAvailable();\n try {\n const channel = getChannelOrThrow(mastra, platform);\n\n if (!channel.connect) {\n throw new HTTPException(400, {\n message: `Channel \"${platform}\" does not support programmatic connection`,\n });\n }\n\n await assertChannelAgentWriteAccess(mastra, requestContext, agentId, 'connect');\n\n return await channel.connect(agentId, options);\n } catch (error) {\n return handleError(error, 'Error connecting agent to channel');\n }\n },\n});\n\n/**\n * POST /channels/:platform/:agentId/disconnect - Disconnect an agent from a platform\n */\nexport const DISCONNECT_CHANNEL_ROUTE = createRoute({\n method: 'POST',\n path: '/channels/:platform/:agentId/disconnect',\n responseType: 'json',\n pathParamSchema: channelAgentPathParams,\n responseSchema: disconnectChannelResponseSchema,\n summary: 'Disconnect agent from channel',\n description: 'Deletes the platform app and cleans up the installation',\n tags: ['Channels'],\n requiresAuth: true,\n handler: async ({ mastra, requestContext, platform, agentId }) => {\n assertChannelsAvailable();\n try {\n const channel = getChannelOrThrow(mastra, platform);\n\n if (!channel.disconnect) {\n throw new HTTPException(400, {\n message: `Channel \"${platform}\" does not support programmatic disconnection`,\n });\n }\n\n await assertChannelAgentWriteAccess(mastra, requestContext, agentId, 'disconnect');\n\n await channel.disconnect(agentId);\n return { success: true };\n } catch (error) {\n return handleError(error, 'Error disconnecting agent from channel');\n }\n },\n});\n"]}
@@ -1,5 +1,5 @@
1
1
  import { builderSettingsResponseSchema, builderAvailableModelsResponseSchema, infrastructureStatusResponseSchema, agentFeaturesSchema } from './chunk-PBNENTGS.js';
2
- import { buildProvidersList } from './chunk-2MEUH7JT.js';
2
+ import { buildProvidersList } from './chunk-ZO7HYQJT.js';
3
3
  import { handleError } from './chunk-7ZWJX3AN.js';
4
4
  import { createRoute } from './chunk-Z5MTOVTR.js';
5
5
  import { HTTPException } from './chunk-6QWQZI4Q.js';
@@ -270,5 +270,5 @@ var GET_INFRASTRUCTURE_STATUS_ROUTE = createRoute({
270
270
  });
271
271
 
272
272
  export { GET_EDITOR_BUILDER_AVAILABLE_MODELS_ROUTE, GET_EDITOR_BUILDER_SETTINGS_ROUTE, GET_INFRASTRUCTURE_STATUS_ROUTE, isBuilderFeatureEnabled, requireBuilderFeature };
273
- //# sourceMappingURL=chunk-GZUFJQ5I.js.map
274
- //# sourceMappingURL=chunk-GZUFJQ5I.js.map
273
+ //# sourceMappingURL=chunk-NF4PSDGQ.js.map
274
+ //# sourceMappingURL=chunk-NF4PSDGQ.js.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server/utils/resolve-builder-model-policy.ts","../src/server/handlers/editor-builder.ts"],"names":[],"mappings":";;;;;;;AAsBA,eAAsB,0BAA0B,MAAA,EAAgE;AAC9G,EAAA,IAAI,CAAC,MAAA,EAAQ,OAAO,EAAE,QAAQ,KAAA,EAAM;AACpC,EAAA,IAAI,OAAO,MAAA,CAAO,cAAA,KAAmB,YAAY,OAAO,EAAE,QAAQ,KAAA,EAAM;AACxE,EAAA,IAAI,OAAO,MAAA,CAAO,uBAAA,KAA4B,cAAc,CAAC,MAAA,CAAO,yBAAwB,EAAG;AAC7F,IAAA,OAAO,EAAE,QAAQ,KAAA,EAAM;AAAA,EACzB;AAKA,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,IAAA,MAAM,EAAE,oBAAA,EAAqB,GAAI,MAAM,OAAO,+BAA+B,CAAA;AAC7E,IAAA,OAAO,qBAAqB,OAAO,CAAA;AAAA,EACrC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,QAAQ,KAAA,EAAM;AAAA,EACzB;AACF;;;ACpBA,eAAe,uBAAuB,MAAA,EAA+C;AACnF,EAAA,MAAM,MAAA,GAAS,OAAO,SAAA,EAAU;AAChC,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,CAAO,cAAA,KAAmB,YAAY,OAAO,IAAA;AACnE,EAAA,IAAI,CAAC,MAAA,CAAO,uBAAA,IAA0B,EAAG,OAAO,IAAA;AAChD,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,EAAA,IAAI,CAAC,OAAA,IAAW,CAAC,OAAA,CAAQ,SAAS,OAAO,IAAA;AACzC,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,WAAA,IAAc,EAAG,KAAA;AAC1C,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,MAAM,MAAA,GAAS,mBAAA,CAAoB,SAAA,CAAU,QAAQ,CAAA;AACrD,EAAA,OAAO,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,IAAA,GAAO,IAAA;AACxC;AAOA,eAAsB,uBAAA,CAAwB,QAAgB,OAAA,EAAgD;AAC5G,EAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,MAAM,CAAA;AACpD,EAAA,OAAO,QAAA,GAAW,OAAO,CAAA,KAAM,IAAA;AACjC;AAOA,eAAsB,qBAAA,CAAsB,QAAgB,OAAA,EAA6C;AACvG,EAAA,IAAI,CAAE,MAAM,uBAAA,CAAwB,MAAA,EAAQ,OAAO,CAAA,EAAI;AACrD,IAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AAAA,EACvD;AACF;AAQO,IAAM,oCAAoC,WAAA,CAAY;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,0BAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,6BAAA;AAAA,EAChB,OAAA,EAAS,4BAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAQ,CAAA;AAAA,EACf,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,OAAO,SAAA,EAAU;AAGhC,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAa,EAAE,MAAA,EAAQ,OAAM,EAAE;AAAA,MAC1D;AAGA,MAAA,IAAI,OAAO,MAAA,CAAO,cAAA,KAAmB,UAAA,EAAY;AAC/C,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAa,EAAE,MAAA,EAAQ,OAAM,EAAE;AAAA,MAC1D;AAGA,MAAA,IAAI,CAAC,MAAA,CAAO,uBAAA,IAA0B,EAAG;AACvC,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAa,EAAE,MAAA,EAAQ,OAAM,EAAE;AAAA,MAC1D;AAGA,MAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,OAAA,CAAQ,OAAA,EAAS;AAChC,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAa,EAAE,MAAA,EAAQ,OAAM,EAAE;AAAA,MAC1D;AAEA,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,sBAAA,IAAyB,IAAK,EAAC;AAC5D,MAAA,MAAM,aAAA,GAAgB,QAAQ,gBAAA,EAAiB;AAY/C,MAAA,MAAM,cAAA,GAAiB,CAAC,QAAA,KACtB,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,CAAE,GAAA,CAAI,CAAC,CAAC,GAAA,EAAK,MAAM,CAAA,MAAO;AAAA,QAC/C,EAAA,EAAK,OAA2B,EAAA,IAAM,GAAA;AAAA,QACtC;AAAA,OACF,CAAE,CAAA;AAEJ,MAAA,MAAM,cAAc,cAAA,CAAe,MAAA,CAAO,SAAA,EAAU,IAAK,EAAE,CAAA;AAC3D,MAAA,MAAM,eAAe,cAAA,CAAe,MAAA,CAAO,UAAA,EAAW,IAAK,EAAE,CAAA;AAC7D,MAAA,MAAM,kBAAkB,cAAA,CAAe,MAAA,CAAO,aAAA,EAAc,IAAK,EAAE,CAAA;AAInE,MAAA,MAAM,aAAA,GAAgB,CAAC,OAAA,EAAsB,IAAA,KAAuB;AAClE,QAAA,MAAM,GAAA,uBAAU,GAAA,EAAoB;AACpC,QAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,UAAA,GAAA,CAAI,GAAA,CAAI,EAAE,EAAA,EAAI,IAAA,KAAS,OAAO,CAAA,CAAE,EAAA,GAAK,EAAE,GAAG,CAAA;AAC1C,UAAA,GAAA,CAAI,GAAA,CAAI,EAAE,GAAA,EAAK,IAAA,KAAS,OAAO,CAAA,CAAE,EAAA,GAAK,EAAE,GAAG,CAAA;AAAA,QAC7C;AACA,QAAA,OAAO,GAAA;AAAA,MACT,CAAA;AACA,MAAA,MAAM,UAAA,GAAa,aAAA,CAAc,WAAA,EAAa,KAAK,CAAA;AACnD,MAAA,MAAM,WAAA,GAAc,aAAA,CAAc,YAAA,EAAc,IAAI,CAAA;AACpD,MAAA,MAAM,cAAA,GAAiB,aAAA,CAAc,eAAA,EAAiB,KAAK,CAAA;AAM3D,MAAA,MAAM,EAAE,oBAAA,EAAsB,uBAAA,EAAwB,GAAI,MAAM,OAAO,+BAA+B,CAAA;AAEtG,MAAA,MAAM,SAAS,uBAAA,CAAwB;AAAA,QACrC,QAAQ,aAAA,EAAe,KAAA;AAAA,QACvB,iBAAA,EAAmB,YAAY,OAAA,CAAQ,CAAA,CAAA,KAAK,CAAC,CAAA,CAAE,EAAA,EAAI,CAAA,CAAE,GAAG,CAAC,CAAA;AAAA,QACzD,kBAAA,EAAoB,aAAa,OAAA,CAAQ,CAAA,CAAA,KAAK,CAAC,CAAA,CAAE,EAAA,EAAI,CAAA,CAAE,GAAG,CAAC,CAAA;AAAA,QAC3D,qBAAA,EAAuB,gBAAgB,OAAA,CAAQ,CAAA,CAAA,KAAK,CAAC,CAAA,CAAE,EAAA,EAAI,CAAA,CAAE,GAAG,CAAC;AAAA,OAClE,CAAA;AAED,MAAA,MAAM,SAAA,GAAY,CAAC,OAAA,EAA0B,GAAA,KAA8C;AACzF,QAAA,IAAI,OAAA,KAAY,MAAM,OAAO,IAAA;AAC7B,QAAA,MAAM,MAAgB,EAAC;AACvB,QAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,QAAA,KAAA,MAAW,MAAM,OAAA,EAAS;AACxB,UAAA,MAAM,MAAA,GAAS,GAAA,CAAI,GAAA,CAAI,EAAE,CAAA;AACzB,UAAA,IAAI,MAAA,IAAU,CAAC,IAAA,CAAK,GAAA,CAAI,MAAM,CAAA,EAAG;AAC/B,YAAA,IAAA,CAAK,IAAI,MAAM,CAAA;AACf,YAAA,GAAA,CAAI,KAAK,MAAM,CAAA;AAAA,UACjB;AAAA,QACF;AACA,QAAA,OAAO,GAAA;AAAA,MACT,CAAA;AAEA,MAAA,MAAM,sBAAsB,CAAC,GAAG,YAAA,EAAc,GAAG,OAAO,QAAQ,CAAA;AAEhE,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,QAAA,EAAU,QAAQ,WAAA,EAAY;AAAA,QAC9B,aAAA;AAAA,QACA,WAAA,EAAa,qBAAqB,OAAO,CAAA;AAAA,QACzC,MAAA,EAAQ;AAAA,UACN,YAAA,EAAc,SAAA,CAAU,MAAA,CAAO,YAAA,EAAc,UAAU,CAAA;AAAA,UACvD,aAAA,EAAe,SAAA,CAAU,MAAA,CAAO,aAAA,EAAe,WAAW,CAAA;AAAA,UAC1D,gBAAA,EAAkB,SAAA,CAAU,MAAA,CAAO,gBAAA,EAAkB,cAAc;AAAA,SACrE;AAAA,QACA,GAAI,mBAAA,CAAoB,MAAA,GAAS,IAAI,EAAE,mBAAA,KAAwB;AAAC,OAClE;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,gCAAgC,CAAA;AAAA,IAC5D;AAAA,EACF;AACF,CAAC;AAkBM,IAAM,4CAA4C,WAAA,CAAY;AAAA,EACnE,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,kCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,oCAAA;AAAA,EAChB,OAAA,EAAS,kCAAA;AAAA,EACT,WAAA,EAAa,gFAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAQ,CAAA;AAAA,EACf,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,IAAI;AAKF,MAAA,MAAM,SAAA,GAAA,CAAa,MAAM,kBAAA,CAAmB,MAAM,GAAG,MAAA,CAAO,CAAA,QAAA,KAAY,SAAS,SAAS,CAAA;AAC1F,MAAA,MAAM,MAAA,GAAS,MAAM,yBAAA,CAA0B,MAAA,CAAO,WAAW,CAAA;AAGjE,MAAA,IAAI,CAAC,OAAO,MAAA,IAAU,CAAC,OAAO,OAAA,IAAW,MAAA,CAAO,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG;AACpE,QAAA,OAAO,EAAE,SAAA,EAAU;AAAA,MACrB;AAIA,MAAA,MAAM,EAAE,cAAA,EAAe,GAAI,MAAM,OAAO,+BAA+B,CAAA;AAEvE,MAAA,MAAM,QAAA,GAAW,SAAA,CACd,GAAA,CAAI,CAAA,QAAA,MAAa;AAAA,QAChB,GAAG,QAAA;AAAA,QACH,MAAA,EAAQ,QAAA,CAAS,MAAA,CAAO,MAAA,CAAO,aAAW,cAAA,CAAe,MAAA,CAAO,OAAA,EAAS,EAAE,QAAA,EAAU,QAAA,CAAS,EAAA,EAAI,OAAA,EAAS,CAAC;AAAA,QAC5G,CAAA,CACD,MAAA,CAAO,cAAY,QAAA,CAAS,MAAA,CAAO,SAAS,CAAC,CAAA;AAEhD,MAAA,OAAO,EAAE,WAAW,QAAA,EAAS;AAAA,IAC/B,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AASM,IAAM,kCAAkC,WAAA,CAAY;AAAA,EACzD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,gCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,kCAAA;AAAA,EAChB,OAAA,EAAS,2BAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAQ,CAAA;AAAA,EACf,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,qBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,IAAI;AACF,MAAA,MAAM,iBAAA,GAAoB,CAAC,KAAA,KAA2B;AACpD,QAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,EAAW,OAAO,SAAA;AAClD,QAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,OAAO,KAAA,KAAU,QAAA,IAAY,OAAO,KAAA,KAAU,SAAA,EAAW,OAAO,MAAA,CAAO,KAAK,CAAA;AAC7G,QAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG,OAAO,CAAA,EAAG,KAAA,CAAM,MAAM,CAAA,KAAA,EAAQ,KAAA,CAAM,MAAA,KAAW,CAAA,GAAI,KAAK,GAAG,CAAA,CAAA;AACrF,QAAA,OAAO,KAAA,CAAM,aAAa,IAAA,IAAQ,KAAA,CAAM,YAAY,IAAA,KAAS,QAAA,GAAW,KAAA,CAAM,WAAA,CAAY,IAAA,GAAO,YAAA;AAAA,MACnG,CAAA;AAEA,MAAA,MAAM,eAAA,GAAkB,CAAC,KAAA,KAAkC;AACzD,QAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,QAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,cAAc,KAAA,IAAS,OAAO,MAAM,QAAA,KAAa,QAAA;AAChF,UAAA,OAAO,KAAA,CAAM,QAAA;AACf,QAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,aAAA,IAAiB,KAAA,EAAO;AACvD,UAAA,MAAM,IAAA,GAAQ,MAA8C,WAAA,EAAa,IAAA;AACzE,UAAA,OAAO,IAAA,IAAQ,IAAA,KAAS,QAAA,GAAW,IAAA,GAAO,YAAA;AAAA,QAC5C;AACA,QAAA,OAAO,IAAA;AAAA,MACT,CAAA;AAEA,MAAA,MAAM,mBAAmB,CAAC,MAAA,EAAiC,WAAA,GAAwB,OACjF,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAClB,OAAO,CAAC,CAAC,KAAK,KAAK,CAAA,KAAM,CAAC,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA,IAAK,UAAU,MAAA,IAAa,KAAA,KAAU,IAAI,CAAA,CAC5F,IAAI,CAAC,CAAC,GAAA,EAAK,KAAK,OAAO,EAAE,GAAA,EAAK,OAAO,iBAAA,CAAkB,KAAK,GAAE,CAAE,CAAA;AAErE,MAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,mBAAA,EAAoB,IAAK,EAAC;AAC1D,MAAA,MAAM,QAAA,GAA6C;AAAA,QACjD,SAAA,EAAW,MAAA,CAAO,OAAA,CAAQ,gBAAgB,CAAA,CACvC,IAAI,CAAC,CAAC,EAAA,EAAI,QAAQ,CAAA,KAAM;AACvB,UAAA,MAAM,IAAA,GAAO,SAAS,OAAA,IAAU;AAChC,UAAA,MAAM,MAAA,GAAS,QAAA,CAAS,SAAA,IAAY,IAAK,EAAC;AAC1C,UAAA,OAAO;AAAA,YACL,EAAA,EAAI,MAAM,EAAA,IAAM,EAAA;AAAA,YAChB,IAAA,EAAM,MAAM,IAAA,IAAQ,EAAA;AAAA,YACpB,YAAA,EAAc,MAAM,YAAA,IAAgB,KAAA;AAAA,YACpC,YAAY,MAAA,CAAO;AAAA,WACrB;AAAA,QACF,CAAC,CAAA,CACA,MAAA,CAAO,CAAA,QAAA,KAAY,SAAS,YAAY;AAAA,OAC7C;AAEA,MAAA,MAAM,MAAA,GAAS,OAAO,SAAA,EAAU;AAChC,MAAA,IAAI,OAAA,GAA2C;AAAA,QAC7C,IAAA,EAAM,IAAA;AAAA,QACN,QAAA,EAAU,IAAA;AAAA,QACV,GAAA,EAAK,IAAA;AAAA,QACL,UAAA,EAAY,KAAA;AAAA,QACZ,oBAAoB,EAAC;AAAA,QACrB,QAAQ;AAAC,OACX;AACA,MAAA,IAAI,SAAA,GAA+C;AAAA,QACjD,IAAA,EAAM,IAAA;AAAA,QACN,WAAA,EAAa,IAAA;AAAA,QACb,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,UAAA,EAAY,KAAA;AAAA,QACZ,aAAA,EAAe,KAAA;AAAA,QACf,UAAA,EAAY,KAAA;AAAA,QACZ,kBAAA,EAAoB,IAAA;AAAA,QACpB,eAAA,EAAiB,IAAA;AAAA,QACjB,QAAQ;AAAC,OACX;AACA,MAAA,IAAI,UAAA,GAAiD;AAAA,QACnD,QAAA,EAAU,EAAE,OAAA,EAAS,KAAA;AAAM,OAC7B;AAEA,MAAA,IAAI,QAAQ,cAAA,EAAgB;AAC1B,QAAA,MAAM,WAAY,MAAA,CAA4D,UAAA;AAC9E,QAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,QAAA,MAAM,iBAAA,GAAoB,SAAS,aAAA,IAAgB;AACnD,QAAA,UAAA,GAAa;AAAA,UACX,UAAU,EAAE,OAAA,EAAS,iBAAA,EAAmB,QAAA,EAAU,YAAY,IAAA;AAAK,SACrE;AACA,QAAA,MAAM,aAAA,GAAgB,OAAA,EAAS,gBAAA,IAAmB,EAAG,KAAA;AAWrD,QAAA,MAAM,aAAa,aAAA,EAAe,OAAA;AAClC,QAAA,MAAM,aAAA,GAAgB,UAAA,EAAY,MAAA,IAAU,EAAC;AAC7C,QAAA,MAAM,UAAA,GAAa,cAAc,QAAA,IAAY,IAAA;AAC7C,QAAA,OAAA,GAAU;AAAA,UACR,IAAA,EAAM,YAAY,IAAA,IAAQ,IAAA;AAAA,UAC1B,QAAA,EAAU,UAAA;AAAA,UACV,GAAA,EAAK,cAAc,GAAA,IAAO,IAAA;AAAA,UAC1B,YAAY,UAAA,GAAa,CAAC,CAAC,QAAA,EAAU,GAAA,CAAI,UAAU,CAAA,GAAI,KAAA;AAAA,UACvD,kBAAA,EAAoB,WAAW,KAAA,CAAM,IAAA,CAAK,SAAS,IAAA,EAAM,IAAI,EAAC;AAAA,UAC9D,QAAQ,gBAAA,CAAiB,aAAA,EAAe,CAAC,UAAA,EAAY,KAAK,CAAC;AAAA,SAC7D;AAEA,QAAA,MAAM,eAAe,aAAA,EAAe,SAAA;AACpC,QAAA,MAAM,eAAA,GAAkB,YAAA,EAAc,MAAA,IAAU,EAAC;AACjD,QAAA,MAAM,oBAAA,GAAuB,OAAO,cAAA,EAAe;AACnD,QAAA,MAAM,sBAAsB,YAAA,EAAc,WAAA,GACtC,oBAAA,CAAqB,YAAA,CAAa,WAAW,CAAA,GAC7C,MAAA;AACJ,QAAA,MAAM,UAAA,GAAa,mBAAA,EAAqB,SAAA,CAAU,UAAA,IAAc,eAAA,CAAgB,UAAA;AAChF,QAAA,MAAM,OAAA,GAAU,mBAAA,EAAqB,SAAA,CAAU,OAAA,IAAW,eAAA,CAAgB,OAAA;AAC1E,QAAA,MAAM,gBAAA,GACJ,OAAO,eAAA,CAAgB,UAAA,KAAe,QAAA,IACtC,eAAA,CAAgB,UAAA,IAChB,QAAA,IAAY,eAAA,CAAgB,UAAA,GACvB,eAAA,CAAgB,UAAA,CAAW,SAC5B,EAAC;AACP,QAAA,MAAM,aAAA,GACJ,OAAO,eAAA,CAAgB,OAAA,KAAY,QAAA,IAAY,eAAA,CAAgB,OAAA,IAAW,QAAA,IAAY,eAAA,CAAgB,OAAA,GACjG,eAAA,CAAgB,OAAA,CAAQ,SACzB,EAAC;AACP,QAAA,SAAA,GAAY;AAAA,UACV,IAAA,EAAM,cAAc,IAAA,IAAQ,IAAA;AAAA,UAC5B,WAAA,EAAa,cAAc,WAAA,IAAe,IAAA;AAAA,UAC1C,IAAA,EAAM,eAAA,CAAgB,IAAA,IAAQ,mBAAA,EAAqB,UAAU,IAAA,IAAQ,IAAA;AAAA,UACrE,MAAA,EAAQ,qBAAqB,MAAA,IAAU,IAAA;AAAA,UACvC,UAAA,EAAY,CAAC,CAAC,mBAAA;AAAA,UACd,aAAA,EAAe,CAAC,CAAC,UAAA;AAAA,UACjB,UAAA,EAAY,CAAC,CAAC,OAAA;AAAA,UACd,kBAAA,EAAoB,gBAAgB,UAAU,CAAA;AAAA,UAC9C,eAAA,EAAiB,gBAAgB,OAAO,CAAA;AAAA,UACxC,MAAA,EAAQ;AAAA,YACN,GAAG,gBAAA,CAAiB,gBAAgB,CAAA,CAAE,IAAI,CAAA,KAAA,MAAU,EAAE,GAAG,KAAA,EAAO,GAAA,EAAK,CAAA,WAAA,EAAc,KAAA,CAAM,GAAG,IAAG,CAAE,CAAA;AAAA,YACjG,GAAG,gBAAA,CAAiB,aAAa,CAAA,CAAE,IAAI,CAAA,KAAA,MAAU,EAAE,GAAG,KAAA,EAAO,GAAA,EAAK,CAAA,QAAA,EAAW,KAAA,CAAM,GAAG,IAAG,CAAE;AAAA;AAC7F,SACF;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,QAAA,EAAU,OAAA,EAAS,SAAA,EAAW,UAAA,EAAW;AAAA,IACpD,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,qCAAqC,CAAA;AAAA,IACjE;AAAA,EACF;AACF,CAAC","file":"chunk-GZUFJQ5I.js","sourcesContent":["import type { BuilderModelPolicy } from '@mastra/core/agent-builder/ee';\nimport type { IMastraEditor } from '@mastra/core/editor';\n\n/**\n * Server-side wrapper around `builderToModelPolicy`.\n *\n * Handles the optional `IMastraEditor` builder API surface (older / OSS editors\n * may not implement `hasEnabledBuilderConfig` / `resolveBuilder`) and returns\n * a uniform `BuilderModelPolicy` to every call site.\n *\n * Returns `{ active: false }` whenever:\n * - no editor is configured,\n * - the editor doesn't expose builder methods,\n * - the builder config is disabled, or\n * - resolving the builder fails / yields nothing.\n *\n * The `@mastra/core/agent-builder/ee` subpath is loaded lazily so this module\n * remains importable on `@mastra/core` versions that pre-date the subpath\n * (the subpath was added in core 1.34.0). The dynamic import is only reached\n * once an editor is actually configured, by which point a compatible core is\n * guaranteed.\n */\nexport async function resolveBuilderModelPolicy(editor: IMastraEditor | undefined): Promise<BuilderModelPolicy> {\n if (!editor) return { active: false };\n if (typeof editor.resolveBuilder !== 'function') return { active: false };\n if (typeof editor.hasEnabledBuilderConfig === 'function' && !editor.hasEnabledBuilderConfig()) {\n return { active: false };\n }\n\n // Degrade to inactive on builder-resolution failure rather than letting the\n // rejection escape: agent execution routes seed this on every request, so a\n // transient failure must not 500 the entire route.\n try {\n const builder = await editor.resolveBuilder();\n const { builderToModelPolicy } = await import('@mastra/core/agent-builder/ee');\n return builderToModelPolicy(builder);\n } catch {\n return { active: false };\n }\n}\n","import type { Mastra } from '@mastra/core';\n\nimport { HTTPException } from '../http-exception';\nimport {\n agentFeaturesSchema,\n builderAvailableModelsResponseSchema,\n builderSettingsResponseSchema,\n infrastructureStatusResponseSchema,\n} from '../schemas/editor-builder';\nimport type { AgentFeatures, InfrastructureStatus } from '../schemas/editor-builder';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { resolveBuilderModelPolicy } from '../utils/resolve-builder-model-policy';\nimport { buildProvidersList } from './agents';\nimport { handleError } from './error';\n\n/**\n * Resolve the active builder feature flags. Returns `null` when the editor is\n * absent, the builder is disabled, or no features are configured.\n */\nasync function resolveBuilderFeatures(mastra: Mastra): Promise<AgentFeatures | null> {\n const editor = mastra.getEditor();\n if (!editor || typeof editor.resolveBuilder !== 'function') return null;\n if (!editor.hasEnabledBuilderConfig?.()) return null;\n const builder = await editor.resolveBuilder();\n if (!builder || !builder.enabled) return null;\n const features = builder.getFeatures?.()?.agent;\n if (!features) return null;\n // Validate the shape so unknown keys cannot smuggle through.\n const parsed = agentFeaturesSchema.safeParse(features);\n return parsed.success ? parsed.data : null;\n}\n\n/**\n * Returns whether a given agent-builder feature is enabled. Used by list /\n * get-by-id handlers to soft-gate response enrichment (omit fields, ignore\n * favoritedOnly / pinFavoritedFor params) when the feature is off.\n */\nexport async function isBuilderFeatureEnabled(mastra: Mastra, feature: keyof AgentFeatures): Promise<boolean> {\n const features = await resolveBuilderFeatures(mastra);\n return features?.[feature] === true;\n}\n\n/**\n * Hard-gate helper for mutation routes that must not exist when the feature\n * is off. Throws `HTTPException(404)` so we don't leak the existence of the\n * feature surface (matches behavior of unregistered routes).\n */\nexport async function requireBuilderFeature(mastra: Mastra, feature: keyof AgentFeatures): Promise<void> {\n if (!(await isBuilderFeatureEnabled(mastra, feature))) {\n throw new HTTPException(404, { message: 'Not Found' });\n }\n}\n\n/**\n * GET /editor/builder/settings\n *\n * Returns the agent builder settings configured by the admin.\n * Used by frontend to determine which features to display.\n */\nexport const GET_EDITOR_BUILDER_SETTINGS_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/settings',\n responseType: 'json',\n responseSchema: builderSettingsResponseSchema,\n summary: 'Get agent builder settings',\n description: 'Returns the agent builder feature flags and configuration for UI gating',\n tags: ['Editor'],\n requiresAuth: true,\n requiresPermission: 'stored-agents:read',\n handler: async ({ mastra }) => {\n try {\n const editor = mastra.getEditor();\n\n // No editor configured\n if (!editor) {\n return { enabled: false, modelPolicy: { active: false } };\n }\n\n // Editor doesn't support builder (older version or OSS)\n if (typeof editor.resolveBuilder !== 'function') {\n return { enabled: false, modelPolicy: { active: false } };\n }\n\n // Check if builder is enabled in config\n if (!editor.hasEnabledBuilderConfig?.()) {\n return { enabled: false, modelPolicy: { active: false } };\n }\n\n // Resolve the builder instance\n const builder = await editor.resolveBuilder();\n if (!builder || !builder.enabled) {\n return { enabled: false, modelPolicy: { active: false } };\n }\n\n const baseWarnings = builder.getModelPolicyWarnings?.() ?? [];\n const configuration = builder.getConfiguration();\n\n // Picker allowlists are written against entity `.id` (what users see in\n // the UI, URLs, traces). The client filters list responses by their\n // response keys, which are not always `.id`:\n // - GET /agents keys by `agent.id`\n // - GET /tools keys by registration key (values include `id`)\n // - GET /workflows keys by registration key (values omit `id`)\n // To keep the client filter simple, we accept `.id` (fallback to\n // registration key) for matching, but emit visible IDs as response keys\n // so `Object.keys(data)` lines up.\n type AliasPair = { id: string; key: string };\n const collectAliases = (registry: Record<string, unknown>): AliasPair[] =>\n Object.entries(registry).map(([key, entity]) => ({\n id: (entity as { id?: string }).id || key,\n key,\n }));\n\n const toolAliases = collectAliases(mastra.listTools() ?? {});\n const agentAliases = collectAliases(mastra.listAgents() ?? {});\n const workflowAliases = collectAliases(mastra.listWorkflows() ?? {});\n\n // Tools/workflows responses are keyed by registration key. Agents\n // response is keyed by `.id`.\n const toResponseKey = (aliases: AliasPair[], byId: 'id' | 'key') => {\n const map = new Map<string, string>();\n for (const a of aliases) {\n map.set(a.id, byId === 'id' ? a.id : a.key);\n map.set(a.key, byId === 'id' ? a.id : a.key);\n }\n return map;\n };\n const toolKeyMap = toResponseKey(toolAliases, 'key');\n const agentKeyMap = toResponseKey(agentAliases, 'id');\n const workflowKeyMap = toResponseKey(workflowAliases, 'key');\n\n // Lazy-load the EE subpath so this module remains importable on\n // `@mastra/core` versions that pre-date it (added in core 1.34.0).\n // We only reach here after `builder.enabled` is true, which guarantees\n // a compatible core.\n const { builderToModelPolicy, resolvePickerVisibility } = await import('@mastra/core/agent-builder/ee');\n\n const picker = resolvePickerVisibility({\n config: configuration?.agent,\n registeredToolIds: toolAliases.flatMap(a => [a.id, a.key]),\n registeredAgentIds: agentAliases.flatMap(a => [a.id, a.key]),\n registeredWorkflowIds: workflowAliases.flatMap(a => [a.id, a.key]),\n });\n\n const normalize = (visible: string[] | null, map: Map<string, string>): string[] | null => {\n if (visible === null) return null;\n const out: string[] = [];\n const seen = new Set<string>();\n for (const id of visible) {\n const mapped = map.get(id);\n if (mapped && !seen.has(mapped)) {\n seen.add(mapped);\n out.push(mapped);\n }\n }\n return out;\n };\n\n const modelPolicyWarnings = [...baseWarnings, ...picker.warnings];\n\n return {\n enabled: true,\n features: builder.getFeatures(),\n configuration,\n modelPolicy: builderToModelPolicy(builder),\n picker: {\n visibleTools: normalize(picker.visibleTools, toolKeyMap),\n visibleAgents: normalize(picker.visibleAgents, agentKeyMap),\n visibleWorkflows: normalize(picker.visibleWorkflows, workflowKeyMap),\n },\n ...(modelPolicyWarnings.length > 0 ? { modelPolicyWarnings } : {}),\n };\n } catch (error) {\n return handleError(error, 'Error getting builder settings');\n }\n },\n});\n\n/**\n * GET /editor/builder/models/available\n *\n * Returns the configured AI providers/models the agent builder may use. The\n * server is the single authority: it scopes the list to providers with a\n * configured API key (`connected`) and applies the active builder model\n * policy via `isModelAllowed`, so the Studio surfaces can render the response\n * verbatim without importing any EE matcher into the browser.\n *\n * - Providers without a configured API key are always omitted — the builder\n * decides the agent's model from this list, so an unconnected provider would\n * produce an agent that can never run.\n * - Policy inactive (or no allowlist) ⇒ all connected providers are returned.\n * - Policy active with an allowlist ⇒ each connected provider's models are\n * filtered, and providers left with no allowed models are omitted entirely.\n */\nexport const GET_EDITOR_BUILDER_AVAILABLE_MODELS_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/models/available',\n responseType: 'json',\n responseSchema: builderAvailableModelsResponseSchema,\n summary: 'List builder-available AI models',\n description: 'Returns AI providers/models filtered by the active agent-builder model policy.',\n tags: ['Editor'],\n requiresAuth: true,\n requiresPermission: 'stored-agents:read',\n handler: async ({ mastra }) => {\n try {\n // Only surface providers whose API key is configured (`connected`). The\n // agent builder decides the agent's model from this list, so including\n // providers without a key lets it pick a model that can never run. We\n // scope to connected providers so every choice is actually usable.\n const providers = (await buildProvidersList(mastra)).filter(provider => provider.connected);\n const policy = await resolveBuilderModelPolicy(mastra.getEditor());\n\n // Inactive policy (or no allowlist) ⇒ no allowlist filtering to apply.\n if (!policy.active || !policy.allowed || policy.allowed.length === 0) {\n return { providers };\n }\n\n // Lazy-load the EE matcher (server-only); mirrors the convention used by\n // resolve-builder-model-policy and the settings handler.\n const { isModelAllowed } = await import('@mastra/core/agent-builder/ee');\n\n const filtered = providers\n .map(provider => ({\n ...provider,\n models: provider.models.filter(modelId => isModelAllowed(policy.allowed, { provider: provider.id, modelId })),\n }))\n .filter(provider => provider.models.length > 0);\n\n return { providers: filtered };\n } catch (error) {\n return handleError(error, 'Error fetching available models');\n }\n },\n});\n\n/**\n * GET /editor/builder/infrastructure\n *\n * Returns the runtime status of Mastra-opinionated primitives (channels,\n * browser providers, workspaces). Admin-only; surfaced in Studio Settings so\n * admins can sanity-check what's wired up to the running server.\n */\nexport const GET_INFRASTRUCTURE_STATUS_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/infrastructure',\n responseType: 'json',\n responseSchema: infrastructureStatusResponseSchema,\n summary: 'Get infrastructure status',\n description: 'Agent Builder infrastructure configuration and lightweight runtime status.',\n tags: ['Editor'],\n requiresAuth: true,\n requiresPermission: 'infrastructure:read',\n handler: async ({ mastra }) => {\n try {\n const formatConfigValue = (value: unknown): string => {\n if (value === null || value === undefined) return 'not set';\n if (typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') return String(value);\n if (Array.isArray(value)) return `${value.length} item${value.length === 1 ? '' : 's'}`;\n return value.constructor?.name && value.constructor.name !== 'Object' ? value.constructor.name : 'configured';\n };\n\n const getProviderName = (value: unknown): string | null => {\n if (!value) return null;\n if (typeof value === 'object' && 'provider' in value && typeof value.provider === 'string')\n return value.provider;\n if (typeof value === 'object' && 'constructor' in value) {\n const name = (value as { constructor?: { name?: string } }).constructor?.name;\n return name && name !== 'Object' ? name : 'configured';\n }\n return null;\n };\n\n const getConfigEntries = (config: Record<string, unknown>, omittedKeys: string[] = []) =>\n Object.entries(config)\n .filter(([key, value]) => !omittedKeys.includes(key) && value !== undefined && value !== null)\n .map(([key, value]) => ({ key, value: formatConfigValue(value) }));\n\n const channelProviders = mastra.getChannelProviders() ?? {};\n const channels: InfrastructureStatus['channels'] = {\n providers: Object.entries(channelProviders)\n .map(([id, provider]) => {\n const info = provider.getInfo?.();\n const routes = provider.getRoutes?.() ?? [];\n return {\n id: info?.id ?? id,\n name: info?.name ?? id,\n isConfigured: info?.isConfigured ?? false,\n routeCount: routes.length,\n };\n })\n .filter(provider => provider.isConfigured),\n };\n\n const editor = mastra.getEditor();\n let browser: InfrastructureStatus['browser'] = {\n type: null,\n provider: null,\n env: null,\n registered: false,\n availableProviders: [],\n config: [],\n };\n let workspace: InfrastructureStatus['workspace'] = {\n type: null,\n workspaceId: null,\n name: null,\n source: null,\n registered: false,\n hasFilesystem: false,\n hasSandbox: false,\n filesystemProvider: null,\n sandboxProvider: null,\n config: [],\n };\n let registries: InfrastructureStatus['registries'] = {\n skillsSh: { enabled: false },\n };\n\n if (editor?.resolveBuilder) {\n const browsers = (editor as unknown as { __browsers?: Map<string, unknown> }).__browsers;\n const builder = await editor.resolveBuilder();\n const builderRegistries = builder?.getRegistries?.();\n registries = {\n skillsSh: { enabled: builderRegistries?.skillsSh?.enabled === true },\n };\n const configuration = builder?.getConfiguration?.()?.agent as\n | {\n browser?: { type?: string; config?: { provider?: string; env?: string } };\n workspace?: {\n type?: string;\n workspaceId?: string;\n config?: { name?: string; filesystem?: unknown; sandbox?: unknown };\n };\n }\n | undefined;\n\n const browserRef = configuration?.browser;\n const browserConfig = browserRef?.config ?? {};\n const providerId = browserConfig.provider ?? null;\n browser = {\n type: browserRef?.type ?? null,\n provider: providerId,\n env: browserConfig.env ?? null,\n registered: providerId ? !!browsers?.has(providerId) : false,\n availableProviders: browsers ? Array.from(browsers.keys()) : [],\n config: getConfigEntries(browserConfig, ['provider', 'env']),\n };\n\n const workspaceRef = configuration?.workspace;\n const workspaceConfig = workspaceRef?.config ?? {};\n const registeredWorkspaces = mastra.listWorkspaces();\n const registeredWorkspace = workspaceRef?.workspaceId\n ? registeredWorkspaces[workspaceRef.workspaceId]\n : undefined;\n const filesystem = registeredWorkspace?.workspace.filesystem ?? workspaceConfig.filesystem;\n const sandbox = registeredWorkspace?.workspace.sandbox ?? workspaceConfig.sandbox;\n const filesystemConfig =\n typeof workspaceConfig.filesystem === 'object' &&\n workspaceConfig.filesystem &&\n 'config' in workspaceConfig.filesystem\n ? (workspaceConfig.filesystem.config as Record<string, unknown>)\n : {};\n const sandboxConfig =\n typeof workspaceConfig.sandbox === 'object' && workspaceConfig.sandbox && 'config' in workspaceConfig.sandbox\n ? (workspaceConfig.sandbox.config as Record<string, unknown>)\n : {};\n workspace = {\n type: workspaceRef?.type ?? null,\n workspaceId: workspaceRef?.workspaceId ?? null,\n name: workspaceConfig.name ?? registeredWorkspace?.workspace.name ?? null,\n source: registeredWorkspace?.source ?? null,\n registered: !!registeredWorkspace,\n hasFilesystem: !!filesystem,\n hasSandbox: !!sandbox,\n filesystemProvider: getProviderName(filesystem),\n sandboxProvider: getProviderName(sandbox),\n config: [\n ...getConfigEntries(filesystemConfig).map(entry => ({ ...entry, key: `filesystem.${entry.key}` })),\n ...getConfigEntries(sandboxConfig).map(entry => ({ ...entry, key: `sandbox.${entry.key}` })),\n ],\n };\n }\n\n return { channels, browser, workspace, registries };\n } catch (error) {\n return handleError(error, 'Error getting infrastructure status');\n }\n },\n});\n"]}
1
+ {"version":3,"sources":["../src/server/utils/resolve-builder-model-policy.ts","../src/server/handlers/editor-builder.ts"],"names":[],"mappings":";;;;;;;AAsBA,eAAsB,0BAA0B,MAAA,EAAgE;AAC9G,EAAA,IAAI,CAAC,MAAA,EAAQ,OAAO,EAAE,QAAQ,KAAA,EAAM;AACpC,EAAA,IAAI,OAAO,MAAA,CAAO,cAAA,KAAmB,YAAY,OAAO,EAAE,QAAQ,KAAA,EAAM;AACxE,EAAA,IAAI,OAAO,MAAA,CAAO,uBAAA,KAA4B,cAAc,CAAC,MAAA,CAAO,yBAAwB,EAAG;AAC7F,IAAA,OAAO,EAAE,QAAQ,KAAA,EAAM;AAAA,EACzB;AAKA,EAAA,IAAI;AACF,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,IAAA,MAAM,EAAE,oBAAA,EAAqB,GAAI,MAAM,OAAO,+BAA+B,CAAA;AAC7E,IAAA,OAAO,qBAAqB,OAAO,CAAA;AAAA,EACrC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,EAAE,QAAQ,KAAA,EAAM;AAAA,EACzB;AACF;;;ACpBA,eAAe,uBAAuB,MAAA,EAA+C;AACnF,EAAA,MAAM,MAAA,GAAS,OAAO,SAAA,EAAU;AAChC,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,CAAO,cAAA,KAAmB,YAAY,OAAO,IAAA;AACnE,EAAA,IAAI,CAAC,MAAA,CAAO,uBAAA,IAA0B,EAAG,OAAO,IAAA;AAChD,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,EAAA,IAAI,CAAC,OAAA,IAAW,CAAC,OAAA,CAAQ,SAAS,OAAO,IAAA;AACzC,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,WAAA,IAAc,EAAG,KAAA;AAC1C,EAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,EAAA,MAAM,MAAA,GAAS,mBAAA,CAAoB,SAAA,CAAU,QAAQ,CAAA;AACrD,EAAA,OAAO,MAAA,CAAO,OAAA,GAAU,MAAA,CAAO,IAAA,GAAO,IAAA;AACxC;AAOA,eAAsB,uBAAA,CAAwB,QAAgB,OAAA,EAAgD;AAC5G,EAAA,MAAM,QAAA,GAAW,MAAM,sBAAA,CAAuB,MAAM,CAAA;AACpD,EAAA,OAAO,QAAA,GAAW,OAAO,CAAA,KAAM,IAAA;AACjC;AAOA,eAAsB,qBAAA,CAAsB,QAAgB,OAAA,EAA6C;AACvG,EAAA,IAAI,CAAE,MAAM,uBAAA,CAAwB,MAAA,EAAQ,OAAO,CAAA,EAAI;AACrD,IAAA,MAAM,IAAI,aAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,aAAa,CAAA;AAAA,EACvD;AACF;AAQO,IAAM,oCAAoC,WAAA,CAAY;AAAA,EAC3D,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,0BAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,6BAAA;AAAA,EAChB,OAAA,EAAS,4BAAA;AAAA,EACT,WAAA,EAAa,yEAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAQ,CAAA;AAAA,EACf,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,OAAO,SAAA,EAAU;AAGhC,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAa,EAAE,MAAA,EAAQ,OAAM,EAAE;AAAA,MAC1D;AAGA,MAAA,IAAI,OAAO,MAAA,CAAO,cAAA,KAAmB,UAAA,EAAY;AAC/C,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAa,EAAE,MAAA,EAAQ,OAAM,EAAE;AAAA,MAC1D;AAGA,MAAA,IAAI,CAAC,MAAA,CAAO,uBAAA,IAA0B,EAAG;AACvC,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAa,EAAE,MAAA,EAAQ,OAAM,EAAE;AAAA,MAC1D;AAGA,MAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,OAAA,CAAQ,OAAA,EAAS;AAChC,QAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAa,EAAE,MAAA,EAAQ,OAAM,EAAE;AAAA,MAC1D;AAEA,MAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,sBAAA,IAAyB,IAAK,EAAC;AAC5D,MAAA,MAAM,aAAA,GAAgB,QAAQ,gBAAA,EAAiB;AAY/C,MAAA,MAAM,cAAA,GAAiB,CAAC,QAAA,KACtB,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA,CAAE,GAAA,CAAI,CAAC,CAAC,GAAA,EAAK,MAAM,CAAA,MAAO;AAAA,QAC/C,EAAA,EAAK,OAA2B,EAAA,IAAM,GAAA;AAAA,QACtC;AAAA,OACF,CAAE,CAAA;AAEJ,MAAA,MAAM,cAAc,cAAA,CAAe,MAAA,CAAO,SAAA,EAAU,IAAK,EAAE,CAAA;AAC3D,MAAA,MAAM,eAAe,cAAA,CAAe,MAAA,CAAO,UAAA,EAAW,IAAK,EAAE,CAAA;AAC7D,MAAA,MAAM,kBAAkB,cAAA,CAAe,MAAA,CAAO,aAAA,EAAc,IAAK,EAAE,CAAA;AAInE,MAAA,MAAM,aAAA,GAAgB,CAAC,OAAA,EAAsB,IAAA,KAAuB;AAClE,QAAA,MAAM,GAAA,uBAAU,GAAA,EAAoB;AACpC,QAAA,KAAA,MAAW,KAAK,OAAA,EAAS;AACvB,UAAA,GAAA,CAAI,GAAA,CAAI,EAAE,EAAA,EAAI,IAAA,KAAS,OAAO,CAAA,CAAE,EAAA,GAAK,EAAE,GAAG,CAAA;AAC1C,UAAA,GAAA,CAAI,GAAA,CAAI,EAAE,GAAA,EAAK,IAAA,KAAS,OAAO,CAAA,CAAE,EAAA,GAAK,EAAE,GAAG,CAAA;AAAA,QAC7C;AACA,QAAA,OAAO,GAAA;AAAA,MACT,CAAA;AACA,MAAA,MAAM,UAAA,GAAa,aAAA,CAAc,WAAA,EAAa,KAAK,CAAA;AACnD,MAAA,MAAM,WAAA,GAAc,aAAA,CAAc,YAAA,EAAc,IAAI,CAAA;AACpD,MAAA,MAAM,cAAA,GAAiB,aAAA,CAAc,eAAA,EAAiB,KAAK,CAAA;AAM3D,MAAA,MAAM,EAAE,oBAAA,EAAsB,uBAAA,EAAwB,GAAI,MAAM,OAAO,+BAA+B,CAAA;AAEtG,MAAA,MAAM,SAAS,uBAAA,CAAwB;AAAA,QACrC,QAAQ,aAAA,EAAe,KAAA;AAAA,QACvB,iBAAA,EAAmB,YAAY,OAAA,CAAQ,CAAA,CAAA,KAAK,CAAC,CAAA,CAAE,EAAA,EAAI,CAAA,CAAE,GAAG,CAAC,CAAA;AAAA,QACzD,kBAAA,EAAoB,aAAa,OAAA,CAAQ,CAAA,CAAA,KAAK,CAAC,CAAA,CAAE,EAAA,EAAI,CAAA,CAAE,GAAG,CAAC,CAAA;AAAA,QAC3D,qBAAA,EAAuB,gBAAgB,OAAA,CAAQ,CAAA,CAAA,KAAK,CAAC,CAAA,CAAE,EAAA,EAAI,CAAA,CAAE,GAAG,CAAC;AAAA,OAClE,CAAA;AAED,MAAA,MAAM,SAAA,GAAY,CAAC,OAAA,EAA0B,GAAA,KAA8C;AACzF,QAAA,IAAI,OAAA,KAAY,MAAM,OAAO,IAAA;AAC7B,QAAA,MAAM,MAAgB,EAAC;AACvB,QAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,QAAA,KAAA,MAAW,MAAM,OAAA,EAAS;AACxB,UAAA,MAAM,MAAA,GAAS,GAAA,CAAI,GAAA,CAAI,EAAE,CAAA;AACzB,UAAA,IAAI,MAAA,IAAU,CAAC,IAAA,CAAK,GAAA,CAAI,MAAM,CAAA,EAAG;AAC/B,YAAA,IAAA,CAAK,IAAI,MAAM,CAAA;AACf,YAAA,GAAA,CAAI,KAAK,MAAM,CAAA;AAAA,UACjB;AAAA,QACF;AACA,QAAA,OAAO,GAAA;AAAA,MACT,CAAA;AAEA,MAAA,MAAM,sBAAsB,CAAC,GAAG,YAAA,EAAc,GAAG,OAAO,QAAQ,CAAA;AAEhE,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,IAAA;AAAA,QACT,QAAA,EAAU,QAAQ,WAAA,EAAY;AAAA,QAC9B,aAAA;AAAA,QACA,WAAA,EAAa,qBAAqB,OAAO,CAAA;AAAA,QACzC,MAAA,EAAQ;AAAA,UACN,YAAA,EAAc,SAAA,CAAU,MAAA,CAAO,YAAA,EAAc,UAAU,CAAA;AAAA,UACvD,aAAA,EAAe,SAAA,CAAU,MAAA,CAAO,aAAA,EAAe,WAAW,CAAA;AAAA,UAC1D,gBAAA,EAAkB,SAAA,CAAU,MAAA,CAAO,gBAAA,EAAkB,cAAc;AAAA,SACrE;AAAA,QACA,GAAI,mBAAA,CAAoB,MAAA,GAAS,IAAI,EAAE,mBAAA,KAAwB;AAAC,OAClE;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,gCAAgC,CAAA;AAAA,IAC5D;AAAA,EACF;AACF,CAAC;AAkBM,IAAM,4CAA4C,WAAA,CAAY;AAAA,EACnE,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,kCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,oCAAA;AAAA,EAChB,OAAA,EAAS,kCAAA;AAAA,EACT,WAAA,EAAa,gFAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAQ,CAAA;AAAA,EACf,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,IAAI;AAKF,MAAA,MAAM,SAAA,GAAA,CAAa,MAAM,kBAAA,CAAmB,MAAM,GAAG,MAAA,CAAO,CAAA,QAAA,KAAY,SAAS,SAAS,CAAA;AAC1F,MAAA,MAAM,MAAA,GAAS,MAAM,yBAAA,CAA0B,MAAA,CAAO,WAAW,CAAA;AAGjE,MAAA,IAAI,CAAC,OAAO,MAAA,IAAU,CAAC,OAAO,OAAA,IAAW,MAAA,CAAO,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG;AACpE,QAAA,OAAO,EAAE,SAAA,EAAU;AAAA,MACrB;AAIA,MAAA,MAAM,EAAE,cAAA,EAAe,GAAI,MAAM,OAAO,+BAA+B,CAAA;AAEvE,MAAA,MAAM,QAAA,GAAW,SAAA,CACd,GAAA,CAAI,CAAA,QAAA,MAAa;AAAA,QAChB,GAAG,QAAA;AAAA,QACH,MAAA,EAAQ,QAAA,CAAS,MAAA,CAAO,MAAA,CAAO,aAAW,cAAA,CAAe,MAAA,CAAO,OAAA,EAAS,EAAE,QAAA,EAAU,QAAA,CAAS,EAAA,EAAI,OAAA,EAAS,CAAC;AAAA,QAC5G,CAAA,CACD,MAAA,CAAO,cAAY,QAAA,CAAS,MAAA,CAAO,SAAS,CAAC,CAAA;AAEhD,MAAA,OAAO,EAAE,WAAW,QAAA,EAAS;AAAA,IAC/B,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC;AASM,IAAM,kCAAkC,WAAA,CAAY;AAAA,EACzD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,gCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,cAAA,EAAgB,kCAAA;AAAA,EAChB,OAAA,EAAS,2BAAA;AAAA,EACT,WAAA,EAAa,4EAAA;AAAA,EACb,IAAA,EAAM,CAAC,QAAQ,CAAA;AAAA,EACf,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,qBAAA;AAAA,EACpB,OAAA,EAAS,OAAO,EAAE,MAAA,EAAO,KAAM;AAC7B,IAAA,IAAI;AACF,MAAA,MAAM,iBAAA,GAAoB,CAAC,KAAA,KAA2B;AACpD,QAAA,IAAI,KAAA,KAAU,IAAA,IAAQ,KAAA,KAAU,MAAA,EAAW,OAAO,SAAA;AAClD,QAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,OAAO,KAAA,KAAU,QAAA,IAAY,OAAO,KAAA,KAAU,SAAA,EAAW,OAAO,MAAA,CAAO,KAAK,CAAA;AAC7G,QAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,KAAK,CAAA,EAAG,OAAO,CAAA,EAAG,KAAA,CAAM,MAAM,CAAA,KAAA,EAAQ,KAAA,CAAM,MAAA,KAAW,CAAA,GAAI,KAAK,GAAG,CAAA,CAAA;AACrF,QAAA,OAAO,KAAA,CAAM,aAAa,IAAA,IAAQ,KAAA,CAAM,YAAY,IAAA,KAAS,QAAA,GAAW,KAAA,CAAM,WAAA,CAAY,IAAA,GAAO,YAAA;AAAA,MACnG,CAAA;AAEA,MAAA,MAAM,eAAA,GAAkB,CAAC,KAAA,KAAkC;AACzD,QAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,QAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,cAAc,KAAA,IAAS,OAAO,MAAM,QAAA,KAAa,QAAA;AAChF,UAAA,OAAO,KAAA,CAAM,QAAA;AACf,QAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,aAAA,IAAiB,KAAA,EAAO;AACvD,UAAA,MAAM,IAAA,GAAQ,MAA8C,WAAA,EAAa,IAAA;AACzE,UAAA,OAAO,IAAA,IAAQ,IAAA,KAAS,QAAA,GAAW,IAAA,GAAO,YAAA;AAAA,QAC5C;AACA,QAAA,OAAO,IAAA;AAAA,MACT,CAAA;AAEA,MAAA,MAAM,mBAAmB,CAAC,MAAA,EAAiC,WAAA,GAAwB,OACjF,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,CAClB,OAAO,CAAC,CAAC,KAAK,KAAK,CAAA,KAAM,CAAC,WAAA,CAAY,QAAA,CAAS,GAAG,CAAA,IAAK,UAAU,MAAA,IAAa,KAAA,KAAU,IAAI,CAAA,CAC5F,IAAI,CAAC,CAAC,GAAA,EAAK,KAAK,OAAO,EAAE,GAAA,EAAK,OAAO,iBAAA,CAAkB,KAAK,GAAE,CAAE,CAAA;AAErE,MAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,mBAAA,EAAoB,IAAK,EAAC;AAC1D,MAAA,MAAM,QAAA,GAA6C;AAAA,QACjD,SAAA,EAAW,MAAA,CAAO,OAAA,CAAQ,gBAAgB,CAAA,CACvC,IAAI,CAAC,CAAC,EAAA,EAAI,QAAQ,CAAA,KAAM;AACvB,UAAA,MAAM,IAAA,GAAO,SAAS,OAAA,IAAU;AAChC,UAAA,MAAM,MAAA,GAAS,QAAA,CAAS,SAAA,IAAY,IAAK,EAAC;AAC1C,UAAA,OAAO;AAAA,YACL,EAAA,EAAI,MAAM,EAAA,IAAM,EAAA;AAAA,YAChB,IAAA,EAAM,MAAM,IAAA,IAAQ,EAAA;AAAA,YACpB,YAAA,EAAc,MAAM,YAAA,IAAgB,KAAA;AAAA,YACpC,YAAY,MAAA,CAAO;AAAA,WACrB;AAAA,QACF,CAAC,CAAA,CACA,MAAA,CAAO,CAAA,QAAA,KAAY,SAAS,YAAY;AAAA,OAC7C;AAEA,MAAA,MAAM,MAAA,GAAS,OAAO,SAAA,EAAU;AAChC,MAAA,IAAI,OAAA,GAA2C;AAAA,QAC7C,IAAA,EAAM,IAAA;AAAA,QACN,QAAA,EAAU,IAAA;AAAA,QACV,GAAA,EAAK,IAAA;AAAA,QACL,UAAA,EAAY,KAAA;AAAA,QACZ,oBAAoB,EAAC;AAAA,QACrB,QAAQ;AAAC,OACX;AACA,MAAA,IAAI,SAAA,GAA+C;AAAA,QACjD,IAAA,EAAM,IAAA;AAAA,QACN,WAAA,EAAa,IAAA;AAAA,QACb,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,UAAA,EAAY,KAAA;AAAA,QACZ,aAAA,EAAe,KAAA;AAAA,QACf,UAAA,EAAY,KAAA;AAAA,QACZ,kBAAA,EAAoB,IAAA;AAAA,QACpB,eAAA,EAAiB,IAAA;AAAA,QACjB,QAAQ;AAAC,OACX;AACA,MAAA,IAAI,UAAA,GAAiD;AAAA,QACnD,QAAA,EAAU,EAAE,OAAA,EAAS,KAAA;AAAM,OAC7B;AAEA,MAAA,IAAI,QAAQ,cAAA,EAAgB;AAC1B,QAAA,MAAM,WAAY,MAAA,CAA4D,UAAA;AAC9E,QAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,cAAA,EAAe;AAC5C,QAAA,MAAM,iBAAA,GAAoB,SAAS,aAAA,IAAgB;AACnD,QAAA,UAAA,GAAa;AAAA,UACX,UAAU,EAAE,OAAA,EAAS,iBAAA,EAAmB,QAAA,EAAU,YAAY,IAAA;AAAK,SACrE;AACA,QAAA,MAAM,aAAA,GAAgB,OAAA,EAAS,gBAAA,IAAmB,EAAG,KAAA;AAWrD,QAAA,MAAM,aAAa,aAAA,EAAe,OAAA;AAClC,QAAA,MAAM,aAAA,GAAgB,UAAA,EAAY,MAAA,IAAU,EAAC;AAC7C,QAAA,MAAM,UAAA,GAAa,cAAc,QAAA,IAAY,IAAA;AAC7C,QAAA,OAAA,GAAU;AAAA,UACR,IAAA,EAAM,YAAY,IAAA,IAAQ,IAAA;AAAA,UAC1B,QAAA,EAAU,UAAA;AAAA,UACV,GAAA,EAAK,cAAc,GAAA,IAAO,IAAA;AAAA,UAC1B,YAAY,UAAA,GAAa,CAAC,CAAC,QAAA,EAAU,GAAA,CAAI,UAAU,CAAA,GAAI,KAAA;AAAA,UACvD,kBAAA,EAAoB,WAAW,KAAA,CAAM,IAAA,CAAK,SAAS,IAAA,EAAM,IAAI,EAAC;AAAA,UAC9D,QAAQ,gBAAA,CAAiB,aAAA,EAAe,CAAC,UAAA,EAAY,KAAK,CAAC;AAAA,SAC7D;AAEA,QAAA,MAAM,eAAe,aAAA,EAAe,SAAA;AACpC,QAAA,MAAM,eAAA,GAAkB,YAAA,EAAc,MAAA,IAAU,EAAC;AACjD,QAAA,MAAM,oBAAA,GAAuB,OAAO,cAAA,EAAe;AACnD,QAAA,MAAM,sBAAsB,YAAA,EAAc,WAAA,GACtC,oBAAA,CAAqB,YAAA,CAAa,WAAW,CAAA,GAC7C,MAAA;AACJ,QAAA,MAAM,UAAA,GAAa,mBAAA,EAAqB,SAAA,CAAU,UAAA,IAAc,eAAA,CAAgB,UAAA;AAChF,QAAA,MAAM,OAAA,GAAU,mBAAA,EAAqB,SAAA,CAAU,OAAA,IAAW,eAAA,CAAgB,OAAA;AAC1E,QAAA,MAAM,gBAAA,GACJ,OAAO,eAAA,CAAgB,UAAA,KAAe,QAAA,IACtC,eAAA,CAAgB,UAAA,IAChB,QAAA,IAAY,eAAA,CAAgB,UAAA,GACvB,eAAA,CAAgB,UAAA,CAAW,SAC5B,EAAC;AACP,QAAA,MAAM,aAAA,GACJ,OAAO,eAAA,CAAgB,OAAA,KAAY,QAAA,IAAY,eAAA,CAAgB,OAAA,IAAW,QAAA,IAAY,eAAA,CAAgB,OAAA,GACjG,eAAA,CAAgB,OAAA,CAAQ,SACzB,EAAC;AACP,QAAA,SAAA,GAAY;AAAA,UACV,IAAA,EAAM,cAAc,IAAA,IAAQ,IAAA;AAAA,UAC5B,WAAA,EAAa,cAAc,WAAA,IAAe,IAAA;AAAA,UAC1C,IAAA,EAAM,eAAA,CAAgB,IAAA,IAAQ,mBAAA,EAAqB,UAAU,IAAA,IAAQ,IAAA;AAAA,UACrE,MAAA,EAAQ,qBAAqB,MAAA,IAAU,IAAA;AAAA,UACvC,UAAA,EAAY,CAAC,CAAC,mBAAA;AAAA,UACd,aAAA,EAAe,CAAC,CAAC,UAAA;AAAA,UACjB,UAAA,EAAY,CAAC,CAAC,OAAA;AAAA,UACd,kBAAA,EAAoB,gBAAgB,UAAU,CAAA;AAAA,UAC9C,eAAA,EAAiB,gBAAgB,OAAO,CAAA;AAAA,UACxC,MAAA,EAAQ;AAAA,YACN,GAAG,gBAAA,CAAiB,gBAAgB,CAAA,CAAE,IAAI,CAAA,KAAA,MAAU,EAAE,GAAG,KAAA,EAAO,GAAA,EAAK,CAAA,WAAA,EAAc,KAAA,CAAM,GAAG,IAAG,CAAE,CAAA;AAAA,YACjG,GAAG,gBAAA,CAAiB,aAAa,CAAA,CAAE,IAAI,CAAA,KAAA,MAAU,EAAE,GAAG,KAAA,EAAO,GAAA,EAAK,CAAA,QAAA,EAAW,KAAA,CAAM,GAAG,IAAG,CAAE;AAAA;AAC7F,SACF;AAAA,MACF;AAEA,MAAA,OAAO,EAAE,QAAA,EAAU,OAAA,EAAS,SAAA,EAAW,UAAA,EAAW;AAAA,IACpD,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,WAAA,CAAY,OAAO,qCAAqC,CAAA;AAAA,IACjE;AAAA,EACF;AACF,CAAC","file":"chunk-NF4PSDGQ.js","sourcesContent":["import type { BuilderModelPolicy } from '@mastra/core/agent-builder/ee';\nimport type { IMastraEditor } from '@mastra/core/editor';\n\n/**\n * Server-side wrapper around `builderToModelPolicy`.\n *\n * Handles the optional `IMastraEditor` builder API surface (older / OSS editors\n * may not implement `hasEnabledBuilderConfig` / `resolveBuilder`) and returns\n * a uniform `BuilderModelPolicy` to every call site.\n *\n * Returns `{ active: false }` whenever:\n * - no editor is configured,\n * - the editor doesn't expose builder methods,\n * - the builder config is disabled, or\n * - resolving the builder fails / yields nothing.\n *\n * The `@mastra/core/agent-builder/ee` subpath is loaded lazily so this module\n * remains importable on `@mastra/core` versions that pre-date the subpath\n * (the subpath was added in core 1.34.0). The dynamic import is only reached\n * once an editor is actually configured, by which point a compatible core is\n * guaranteed.\n */\nexport async function resolveBuilderModelPolicy(editor: IMastraEditor | undefined): Promise<BuilderModelPolicy> {\n if (!editor) return { active: false };\n if (typeof editor.resolveBuilder !== 'function') return { active: false };\n if (typeof editor.hasEnabledBuilderConfig === 'function' && !editor.hasEnabledBuilderConfig()) {\n return { active: false };\n }\n\n // Degrade to inactive on builder-resolution failure rather than letting the\n // rejection escape: agent execution routes seed this on every request, so a\n // transient failure must not 500 the entire route.\n try {\n const builder = await editor.resolveBuilder();\n const { builderToModelPolicy } = await import('@mastra/core/agent-builder/ee');\n return builderToModelPolicy(builder);\n } catch {\n return { active: false };\n }\n}\n","import type { Mastra } from '@mastra/core';\n\nimport { HTTPException } from '../http-exception';\nimport {\n agentFeaturesSchema,\n builderAvailableModelsResponseSchema,\n builderSettingsResponseSchema,\n infrastructureStatusResponseSchema,\n} from '../schemas/editor-builder';\nimport type { AgentFeatures, InfrastructureStatus } from '../schemas/editor-builder';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { resolveBuilderModelPolicy } from '../utils/resolve-builder-model-policy';\nimport { buildProvidersList } from './agents';\nimport { handleError } from './error';\n\n/**\n * Resolve the active builder feature flags. Returns `null` when the editor is\n * absent, the builder is disabled, or no features are configured.\n */\nasync function resolveBuilderFeatures(mastra: Mastra): Promise<AgentFeatures | null> {\n const editor = mastra.getEditor();\n if (!editor || typeof editor.resolveBuilder !== 'function') return null;\n if (!editor.hasEnabledBuilderConfig?.()) return null;\n const builder = await editor.resolveBuilder();\n if (!builder || !builder.enabled) return null;\n const features = builder.getFeatures?.()?.agent;\n if (!features) return null;\n // Validate the shape so unknown keys cannot smuggle through.\n const parsed = agentFeaturesSchema.safeParse(features);\n return parsed.success ? parsed.data : null;\n}\n\n/**\n * Returns whether a given agent-builder feature is enabled. Used by list /\n * get-by-id handlers to soft-gate response enrichment (omit fields, ignore\n * favoritedOnly / pinFavoritedFor params) when the feature is off.\n */\nexport async function isBuilderFeatureEnabled(mastra: Mastra, feature: keyof AgentFeatures): Promise<boolean> {\n const features = await resolveBuilderFeatures(mastra);\n return features?.[feature] === true;\n}\n\n/**\n * Hard-gate helper for mutation routes that must not exist when the feature\n * is off. Throws `HTTPException(404)` so we don't leak the existence of the\n * feature surface (matches behavior of unregistered routes).\n */\nexport async function requireBuilderFeature(mastra: Mastra, feature: keyof AgentFeatures): Promise<void> {\n if (!(await isBuilderFeatureEnabled(mastra, feature))) {\n throw new HTTPException(404, { message: 'Not Found' });\n }\n}\n\n/**\n * GET /editor/builder/settings\n *\n * Returns the agent builder settings configured by the admin.\n * Used by frontend to determine which features to display.\n */\nexport const GET_EDITOR_BUILDER_SETTINGS_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/settings',\n responseType: 'json',\n responseSchema: builderSettingsResponseSchema,\n summary: 'Get agent builder settings',\n description: 'Returns the agent builder feature flags and configuration for UI gating',\n tags: ['Editor'],\n requiresAuth: true,\n requiresPermission: 'stored-agents:read',\n handler: async ({ mastra }) => {\n try {\n const editor = mastra.getEditor();\n\n // No editor configured\n if (!editor) {\n return { enabled: false, modelPolicy: { active: false } };\n }\n\n // Editor doesn't support builder (older version or OSS)\n if (typeof editor.resolveBuilder !== 'function') {\n return { enabled: false, modelPolicy: { active: false } };\n }\n\n // Check if builder is enabled in config\n if (!editor.hasEnabledBuilderConfig?.()) {\n return { enabled: false, modelPolicy: { active: false } };\n }\n\n // Resolve the builder instance\n const builder = await editor.resolveBuilder();\n if (!builder || !builder.enabled) {\n return { enabled: false, modelPolicy: { active: false } };\n }\n\n const baseWarnings = builder.getModelPolicyWarnings?.() ?? [];\n const configuration = builder.getConfiguration();\n\n // Picker allowlists are written against entity `.id` (what users see in\n // the UI, URLs, traces). The client filters list responses by their\n // response keys, which are not always `.id`:\n // - GET /agents keys by `agent.id`\n // - GET /tools keys by registration key (values include `id`)\n // - GET /workflows keys by registration key (values omit `id`)\n // To keep the client filter simple, we accept `.id` (fallback to\n // registration key) for matching, but emit visible IDs as response keys\n // so `Object.keys(data)` lines up.\n type AliasPair = { id: string; key: string };\n const collectAliases = (registry: Record<string, unknown>): AliasPair[] =>\n Object.entries(registry).map(([key, entity]) => ({\n id: (entity as { id?: string }).id || key,\n key,\n }));\n\n const toolAliases = collectAliases(mastra.listTools() ?? {});\n const agentAliases = collectAliases(mastra.listAgents() ?? {});\n const workflowAliases = collectAliases(mastra.listWorkflows() ?? {});\n\n // Tools/workflows responses are keyed by registration key. Agents\n // response is keyed by `.id`.\n const toResponseKey = (aliases: AliasPair[], byId: 'id' | 'key') => {\n const map = new Map<string, string>();\n for (const a of aliases) {\n map.set(a.id, byId === 'id' ? a.id : a.key);\n map.set(a.key, byId === 'id' ? a.id : a.key);\n }\n return map;\n };\n const toolKeyMap = toResponseKey(toolAliases, 'key');\n const agentKeyMap = toResponseKey(agentAliases, 'id');\n const workflowKeyMap = toResponseKey(workflowAliases, 'key');\n\n // Lazy-load the EE subpath so this module remains importable on\n // `@mastra/core` versions that pre-date it (added in core 1.34.0).\n // We only reach here after `builder.enabled` is true, which guarantees\n // a compatible core.\n const { builderToModelPolicy, resolvePickerVisibility } = await import('@mastra/core/agent-builder/ee');\n\n const picker = resolvePickerVisibility({\n config: configuration?.agent,\n registeredToolIds: toolAliases.flatMap(a => [a.id, a.key]),\n registeredAgentIds: agentAliases.flatMap(a => [a.id, a.key]),\n registeredWorkflowIds: workflowAliases.flatMap(a => [a.id, a.key]),\n });\n\n const normalize = (visible: string[] | null, map: Map<string, string>): string[] | null => {\n if (visible === null) return null;\n const out: string[] = [];\n const seen = new Set<string>();\n for (const id of visible) {\n const mapped = map.get(id);\n if (mapped && !seen.has(mapped)) {\n seen.add(mapped);\n out.push(mapped);\n }\n }\n return out;\n };\n\n const modelPolicyWarnings = [...baseWarnings, ...picker.warnings];\n\n return {\n enabled: true,\n features: builder.getFeatures(),\n configuration,\n modelPolicy: builderToModelPolicy(builder),\n picker: {\n visibleTools: normalize(picker.visibleTools, toolKeyMap),\n visibleAgents: normalize(picker.visibleAgents, agentKeyMap),\n visibleWorkflows: normalize(picker.visibleWorkflows, workflowKeyMap),\n },\n ...(modelPolicyWarnings.length > 0 ? { modelPolicyWarnings } : {}),\n };\n } catch (error) {\n return handleError(error, 'Error getting builder settings');\n }\n },\n});\n\n/**\n * GET /editor/builder/models/available\n *\n * Returns the configured AI providers/models the agent builder may use. The\n * server is the single authority: it scopes the list to providers with a\n * configured API key (`connected`) and applies the active builder model\n * policy via `isModelAllowed`, so the Studio surfaces can render the response\n * verbatim without importing any EE matcher into the browser.\n *\n * - Providers without a configured API key are always omitted — the builder\n * decides the agent's model from this list, so an unconnected provider would\n * produce an agent that can never run.\n * - Policy inactive (or no allowlist) ⇒ all connected providers are returned.\n * - Policy active with an allowlist ⇒ each connected provider's models are\n * filtered, and providers left with no allowed models are omitted entirely.\n */\nexport const GET_EDITOR_BUILDER_AVAILABLE_MODELS_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/models/available',\n responseType: 'json',\n responseSchema: builderAvailableModelsResponseSchema,\n summary: 'List builder-available AI models',\n description: 'Returns AI providers/models filtered by the active agent-builder model policy.',\n tags: ['Editor'],\n requiresAuth: true,\n requiresPermission: 'stored-agents:read',\n handler: async ({ mastra }) => {\n try {\n // Only surface providers whose API key is configured (`connected`). The\n // agent builder decides the agent's model from this list, so including\n // providers without a key lets it pick a model that can never run. We\n // scope to connected providers so every choice is actually usable.\n const providers = (await buildProvidersList(mastra)).filter(provider => provider.connected);\n const policy = await resolveBuilderModelPolicy(mastra.getEditor());\n\n // Inactive policy (or no allowlist) ⇒ no allowlist filtering to apply.\n if (!policy.active || !policy.allowed || policy.allowed.length === 0) {\n return { providers };\n }\n\n // Lazy-load the EE matcher (server-only); mirrors the convention used by\n // resolve-builder-model-policy and the settings handler.\n const { isModelAllowed } = await import('@mastra/core/agent-builder/ee');\n\n const filtered = providers\n .map(provider => ({\n ...provider,\n models: provider.models.filter(modelId => isModelAllowed(policy.allowed, { provider: provider.id, modelId })),\n }))\n .filter(provider => provider.models.length > 0);\n\n return { providers: filtered };\n } catch (error) {\n return handleError(error, 'Error fetching available models');\n }\n },\n});\n\n/**\n * GET /editor/builder/infrastructure\n *\n * Returns the runtime status of Mastra-opinionated primitives (channels,\n * browser providers, workspaces). Admin-only; surfaced in Studio Settings so\n * admins can sanity-check what's wired up to the running server.\n */\nexport const GET_INFRASTRUCTURE_STATUS_ROUTE = createRoute({\n method: 'GET',\n path: '/editor/builder/infrastructure',\n responseType: 'json',\n responseSchema: infrastructureStatusResponseSchema,\n summary: 'Get infrastructure status',\n description: 'Agent Builder infrastructure configuration and lightweight runtime status.',\n tags: ['Editor'],\n requiresAuth: true,\n requiresPermission: 'infrastructure:read',\n handler: async ({ mastra }) => {\n try {\n const formatConfigValue = (value: unknown): string => {\n if (value === null || value === undefined) return 'not set';\n if (typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') return String(value);\n if (Array.isArray(value)) return `${value.length} item${value.length === 1 ? '' : 's'}`;\n return value.constructor?.name && value.constructor.name !== 'Object' ? value.constructor.name : 'configured';\n };\n\n const getProviderName = (value: unknown): string | null => {\n if (!value) return null;\n if (typeof value === 'object' && 'provider' in value && typeof value.provider === 'string')\n return value.provider;\n if (typeof value === 'object' && 'constructor' in value) {\n const name = (value as { constructor?: { name?: string } }).constructor?.name;\n return name && name !== 'Object' ? name : 'configured';\n }\n return null;\n };\n\n const getConfigEntries = (config: Record<string, unknown>, omittedKeys: string[] = []) =>\n Object.entries(config)\n .filter(([key, value]) => !omittedKeys.includes(key) && value !== undefined && value !== null)\n .map(([key, value]) => ({ key, value: formatConfigValue(value) }));\n\n const channelProviders = mastra.getChannelProviders() ?? {};\n const channels: InfrastructureStatus['channels'] = {\n providers: Object.entries(channelProviders)\n .map(([id, provider]) => {\n const info = provider.getInfo?.();\n const routes = provider.getRoutes?.() ?? [];\n return {\n id: info?.id ?? id,\n name: info?.name ?? id,\n isConfigured: info?.isConfigured ?? false,\n routeCount: routes.length,\n };\n })\n .filter(provider => provider.isConfigured),\n };\n\n const editor = mastra.getEditor();\n let browser: InfrastructureStatus['browser'] = {\n type: null,\n provider: null,\n env: null,\n registered: false,\n availableProviders: [],\n config: [],\n };\n let workspace: InfrastructureStatus['workspace'] = {\n type: null,\n workspaceId: null,\n name: null,\n source: null,\n registered: false,\n hasFilesystem: false,\n hasSandbox: false,\n filesystemProvider: null,\n sandboxProvider: null,\n config: [],\n };\n let registries: InfrastructureStatus['registries'] = {\n skillsSh: { enabled: false },\n };\n\n if (editor?.resolveBuilder) {\n const browsers = (editor as unknown as { __browsers?: Map<string, unknown> }).__browsers;\n const builder = await editor.resolveBuilder();\n const builderRegistries = builder?.getRegistries?.();\n registries = {\n skillsSh: { enabled: builderRegistries?.skillsSh?.enabled === true },\n };\n const configuration = builder?.getConfiguration?.()?.agent as\n | {\n browser?: { type?: string; config?: { provider?: string; env?: string } };\n workspace?: {\n type?: string;\n workspaceId?: string;\n config?: { name?: string; filesystem?: unknown; sandbox?: unknown };\n };\n }\n | undefined;\n\n const browserRef = configuration?.browser;\n const browserConfig = browserRef?.config ?? {};\n const providerId = browserConfig.provider ?? null;\n browser = {\n type: browserRef?.type ?? null,\n provider: providerId,\n env: browserConfig.env ?? null,\n registered: providerId ? !!browsers?.has(providerId) : false,\n availableProviders: browsers ? Array.from(browsers.keys()) : [],\n config: getConfigEntries(browserConfig, ['provider', 'env']),\n };\n\n const workspaceRef = configuration?.workspace;\n const workspaceConfig = workspaceRef?.config ?? {};\n const registeredWorkspaces = mastra.listWorkspaces();\n const registeredWorkspace = workspaceRef?.workspaceId\n ? registeredWorkspaces[workspaceRef.workspaceId]\n : undefined;\n const filesystem = registeredWorkspace?.workspace.filesystem ?? workspaceConfig.filesystem;\n const sandbox = registeredWorkspace?.workspace.sandbox ?? workspaceConfig.sandbox;\n const filesystemConfig =\n typeof workspaceConfig.filesystem === 'object' &&\n workspaceConfig.filesystem &&\n 'config' in workspaceConfig.filesystem\n ? (workspaceConfig.filesystem.config as Record<string, unknown>)\n : {};\n const sandboxConfig =\n typeof workspaceConfig.sandbox === 'object' && workspaceConfig.sandbox && 'config' in workspaceConfig.sandbox\n ? (workspaceConfig.sandbox.config as Record<string, unknown>)\n : {};\n workspace = {\n type: workspaceRef?.type ?? null,\n workspaceId: workspaceRef?.workspaceId ?? null,\n name: workspaceConfig.name ?? registeredWorkspace?.workspace.name ?? null,\n source: registeredWorkspace?.source ?? null,\n registered: !!registeredWorkspace,\n hasFilesystem: !!filesystem,\n hasSandbox: !!sandbox,\n filesystemProvider: getProviderName(filesystem),\n sandboxProvider: getProviderName(sandbox),\n config: [\n ...getConfigEntries(filesystemConfig).map(entry => ({ ...entry, key: `filesystem.${entry.key}` })),\n ...getConfigEntries(sandboxConfig).map(entry => ({ ...entry, key: `sandbox.${entry.key}` })),\n ],\n };\n }\n\n return { channels, browser, workspace, registries };\n } catch (error) {\n return handleError(error, 'Error getting infrastructure status');\n }\n },\n});\n"]}
@@ -1,13 +1,13 @@
1
1
  'use strict';
2
2
 
3
3
  var chunkO4O2EJF7_cjs = require('./chunk-O4O2EJF7.cjs');
4
- var chunkMJH4EEUV_cjs = require('./chunk-MJH4EEUV.cjs');
5
- var chunkHDIYJI2Z_cjs = require('./chunk-HDIYJI2Z.cjs');
6
- var chunkTIWGWGIO_cjs = require('./chunk-TIWGWGIO.cjs');
7
- var chunkYWUVDFQZ_cjs = require('./chunk-YWUVDFQZ.cjs');
4
+ var chunk6XNMQBYE_cjs = require('./chunk-6XNMQBYE.cjs');
5
+ var chunkKGUHJRHZ_cjs = require('./chunk-KGUHJRHZ.cjs');
6
+ var chunkGZ4HWZWE_cjs = require('./chunk-GZ4HWZWE.cjs');
8
7
  var chunkZ7LCIYK7_cjs = require('./chunk-Z7LCIYK7.cjs');
9
8
  var chunkDN2NUSL2_cjs = require('./chunk-DN2NUSL2.cjs');
10
9
  var chunk64ITUOXI_cjs = require('./chunk-64ITUOXI.cjs');
10
+ var chunkTIWGWGIO_cjs = require('./chunk-TIWGWGIO.cjs');
11
11
 
12
12
  // src/server/handlers/stored-agent-favorites.ts
13
13
  async function getFavoritesContext(mastra) {
@@ -38,8 +38,8 @@ var FAVORITE_STORED_AGENT_ROUTE = chunkDN2NUSL2_cjs.createRoute({
38
38
  requiresPermission: "stored-agents:read",
39
39
  handler: async ({ mastra, requestContext, storedAgentId }) => {
40
40
  try {
41
- await chunkMJH4EEUV_cjs.requireBuilderFeature(mastra, "favorites");
42
- const callerId = chunkHDIYJI2Z_cjs.getCallerAuthorId(requestContext);
41
+ await chunk6XNMQBYE_cjs.requireBuilderFeature(mastra, "favorites");
42
+ const callerId = chunkKGUHJRHZ_cjs.getCallerAuthorId(requestContext);
43
43
  if (!callerId) {
44
44
  throw new chunk64ITUOXI_cjs.HTTPException(401, { message: "Authentication required" });
45
45
  }
@@ -48,8 +48,8 @@ var FAVORITE_STORED_AGENT_ROUTE = chunkDN2NUSL2_cjs.createRoute({
48
48
  if (!agent) {
49
49
  throw new chunk64ITUOXI_cjs.HTTPException(404, { message: `Stored agent with id ${storedAgentId} not found` });
50
50
  }
51
- chunkYWUVDFQZ_cjs.assertStoredResourceScope(agent, await chunkYWUVDFQZ_cjs.getStoredResourceScope(mastra, requestContext));
52
- chunkHDIYJI2Z_cjs.assertReadAccess({ requestContext, resource: "stored-agents", resourceId: storedAgentId, record: agent });
51
+ chunkGZ4HWZWE_cjs.assertStoredResourceScope(agent, await chunkGZ4HWZWE_cjs.getStoredResourceScope(mastra, requestContext));
52
+ chunkKGUHJRHZ_cjs.assertReadAccess({ requestContext, resource: "stored-agents", resourceId: storedAgentId, record: agent });
53
53
  const result = await favoritesStore.favorite({
54
54
  userId: callerId,
55
55
  entityType: "agent",
@@ -74,8 +74,8 @@ var UNFAVORITE_STORED_AGENT_ROUTE = chunkDN2NUSL2_cjs.createRoute({
74
74
  requiresPermission: "stored-agents:read",
75
75
  handler: async ({ mastra, requestContext, storedAgentId }) => {
76
76
  try {
77
- await chunkMJH4EEUV_cjs.requireBuilderFeature(mastra, "favorites");
78
- const callerId = chunkHDIYJI2Z_cjs.getCallerAuthorId(requestContext);
77
+ await chunk6XNMQBYE_cjs.requireBuilderFeature(mastra, "favorites");
78
+ const callerId = chunkKGUHJRHZ_cjs.getCallerAuthorId(requestContext);
79
79
  if (!callerId) {
80
80
  throw new chunk64ITUOXI_cjs.HTTPException(401, { message: "Authentication required" });
81
81
  }
@@ -84,8 +84,8 @@ var UNFAVORITE_STORED_AGENT_ROUTE = chunkDN2NUSL2_cjs.createRoute({
84
84
  if (!agent) {
85
85
  throw new chunk64ITUOXI_cjs.HTTPException(404, { message: `Stored agent with id ${storedAgentId} not found` });
86
86
  }
87
- chunkYWUVDFQZ_cjs.assertStoredResourceScope(agent, await chunkYWUVDFQZ_cjs.getStoredResourceScope(mastra, requestContext));
88
- chunkHDIYJI2Z_cjs.assertReadAccess({ requestContext, resource: "stored-agents", resourceId: storedAgentId, record: agent });
87
+ chunkGZ4HWZWE_cjs.assertStoredResourceScope(agent, await chunkGZ4HWZWE_cjs.getStoredResourceScope(mastra, requestContext));
88
+ chunkKGUHJRHZ_cjs.assertReadAccess({ requestContext, resource: "stored-agents", resourceId: storedAgentId, record: agent });
89
89
  const result = await favoritesStore.unfavorite({
90
90
  userId: callerId,
91
91
  entityType: "agent",
@@ -100,5 +100,5 @@ var UNFAVORITE_STORED_AGENT_ROUTE = chunkDN2NUSL2_cjs.createRoute({
100
100
 
101
101
  exports.FAVORITE_STORED_AGENT_ROUTE = FAVORITE_STORED_AGENT_ROUTE;
102
102
  exports.UNFAVORITE_STORED_AGENT_ROUTE = UNFAVORITE_STORED_AGENT_ROUTE;
103
- //# sourceMappingURL=chunk-LRRO5PBP.cjs.map
104
- //# sourceMappingURL=chunk-LRRO5PBP.cjs.map
103
+ //# sourceMappingURL=chunk-NUQ5EITO.cjs.map
104
+ //# sourceMappingURL=chunk-NUQ5EITO.cjs.map
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/server/handlers/stored-agent-favorites.ts"],"names":["HTTPException","createRoute","storedAgentIdPathParams","favoriteToggleResponseSchema","requireBuilderFeature","getCallerAuthorId","assertStoredResourceScope","getStoredResourceScope","assertReadAccess","handleError"],"mappings":";;;;;;;;;;;;AAaA,eAAe,oBAAoB,MAAA,EAAqD;AACtF,EAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,EACvE;AACA,EAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAClD,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,0CAA0C,CAAA;AAAA,EACpF;AACA,EAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,QAAA,CAAS,WAAW,CAAA;AACzD,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,EACvF;AACA,EAAA,OAAO,EAAE,YAAY,cAAA,EAAe;AACtC;AAKO,IAAM,8BAA8BC,6BAAA,CAAY;AAAA,EACrD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,wCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBC,yCAAA;AAAA,EACjB,cAAA,EAAgBC,8CAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,sEAAA;AAAA,EACb,IAAA,EAAM,CAAC,eAAe,CAAA;AAAA,EACtB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,eAAc,KAAM;AAC5D,IAAA,IAAI;AACF,MAAA,MAAMC,uCAAA,CAAsB,QAAQ,WAAW,CAAA;AAE/C,MAAA,MAAM,QAAA,GAAWC,oCAAkB,cAAc,CAAA;AACjD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,2BAA2B,CAAA;AAAA,MACrE;AAEA,MAAA,MAAM,EAAE,UAAA,EAAY,cAAA,EAAe,GAAI,MAAM,oBAAoB,MAAM,CAAA;AAEvE,MAAA,MAAM,KAAA,GAAQ,MAAM,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA;AACpD,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIA,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,qBAAA,EAAwB,aAAa,cAAc,CAAA;AAAA,MAC7F;AACA,MAAAM,2CAAA,CAA0B,KAAA,EAAO,MAAMC,wCAAA,CAAuB,MAAA,EAAQ,cAAc,CAAC,CAAA;AAGrF,MAAAC,kCAAA,CAAiB,EAAE,gBAAgB,QAAA,EAAU,eAAA,EAAiB,YAAY,aAAA,EAAe,MAAA,EAAQ,OAAO,CAAA;AAExG,MAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,QAAA,CAAS;AAAA,QAC3C,MAAA,EAAQ,QAAA;AAAA,QACR,UAAA,EAAY,OAAA;AAAA,QACZ,QAAA,EAAU;AAAA,OACX,CAAA;AACD,MAAA,OAAO,MAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAKM,IAAM,gCAAgCR,6BAAA,CAAY;AAAA,EACvD,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,wCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBC,yCAAA;AAAA,EACjB,cAAA,EAAgBC,8CAAA;AAAA,EAChB,OAAA,EAAS,2BAAA;AAAA,EACT,WAAA,EAAa,uEAAA;AAAA,EACb,IAAA,EAAM,CAAC,eAAe,CAAA;AAAA,EACtB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,eAAc,KAAM;AAC5D,IAAA,IAAI;AACF,MAAA,MAAMC,uCAAA,CAAsB,QAAQ,WAAW,CAAA;AAE/C,MAAA,MAAM,QAAA,GAAWC,oCAAkB,cAAc,CAAA;AACjD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,2BAA2B,CAAA;AAAA,MACrE;AAEA,MAAA,MAAM,EAAE,UAAA,EAAY,cAAA,EAAe,GAAI,MAAM,oBAAoB,MAAM,CAAA;AAEvE,MAAA,MAAM,KAAA,GAAQ,MAAM,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA;AACpD,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIA,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,qBAAA,EAAwB,aAAa,cAAc,CAAA;AAAA,MAC7F;AACA,MAAAM,2CAAA,CAA0B,KAAA,EAAO,MAAMC,wCAAA,CAAuB,MAAA,EAAQ,cAAc,CAAC,CAAA;AAErF,MAAAC,kCAAA,CAAiB,EAAE,gBAAgB,QAAA,EAAU,eAAA,EAAiB,YAAY,aAAA,EAAe,MAAA,EAAQ,OAAO,CAAA;AAExG,MAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,UAAA,CAAW;AAAA,QAC7C,MAAA,EAAQ,QAAA;AAAA,QACR,UAAA,EAAY,OAAA;AAAA,QACZ,QAAA,EAAU;AAAA,OACX,CAAA;AACD,MAAA,OAAO,MAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC","file":"chunk-LRRO5PBP.cjs","sourcesContent":["import { HTTPException } from '../http-exception';\nimport { favoriteToggleResponseSchema } from '../schemas/favorites';\nimport { storedAgentIdPathParams } from '../schemas/stored-agents';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { assertStoredResourceScope, getStoredResourceScope } from '../utils';\n\nimport { assertReadAccess, getCallerAuthorId } from './authorship';\nimport { requireBuilderFeature } from './editor-builder';\nimport { handleError } from './error';\n\n/**\n * Resolves the storage and favorites domains, throwing 500 if unavailable.\n */\nasync function getFavoritesContext(mastra: Parameters<typeof requireBuilderFeature>[0]) {\n const storage = mastra.getStorage();\n if (!storage) {\n throw new HTTPException(500, { message: 'Storage is not configured' });\n }\n const agentStore = await storage.getStore('agents');\n if (!agentStore) {\n throw new HTTPException(500, { message: 'Agents storage domain is not available' });\n }\n const favoritesStore = await storage.getStore('favorites');\n if (!favoritesStore) {\n throw new HTTPException(500, { message: 'Favorites storage domain is not available' });\n }\n return { agentStore, favoritesStore };\n}\n\n/**\n * PUT /stored/agents/:storedAgentId/favorite\n */\nexport const FAVORITE_STORED_AGENT_ROUTE = createRoute({\n method: 'PUT',\n path: '/stored/agents/:storedAgentId/favorite',\n responseType: 'json',\n pathParamSchema: storedAgentIdPathParams,\n responseSchema: favoriteToggleResponseSchema,\n summary: 'Favorite a stored agent',\n description: 'Marks the stored agent as favorited by the calling user. Idempotent.',\n tags: ['Stored Agents'],\n requiresAuth: true,\n requiresPermission: 'stored-agents:read',\n handler: async ({ mastra, requestContext, storedAgentId }) => {\n try {\n await requireBuilderFeature(mastra, 'favorites');\n\n const callerId = getCallerAuthorId(requestContext);\n if (!callerId) {\n throw new HTTPException(401, { message: 'Authentication required' });\n }\n\n const { agentStore, favoritesStore } = await getFavoritesContext(mastra);\n\n const agent = await agentStore.getById(storedAgentId);\n if (!agent) {\n throw new HTTPException(404, { message: `Stored agent with id ${storedAgentId} not found` });\n }\n assertStoredResourceScope(agent, await getStoredResourceScope(mastra, requestContext));\n\n // Throws 404 if the caller cannot read the agent (private + not owner/admin).\n assertReadAccess({ requestContext, resource: 'stored-agents', resourceId: storedAgentId, record: agent });\n\n const result = await favoritesStore.favorite({\n userId: callerId,\n entityType: 'agent',\n entityId: storedAgentId,\n });\n return result;\n } catch (error) {\n return handleError(error, 'Error favoriting stored agent');\n }\n },\n});\n\n/**\n * DELETE /stored/agents/:storedAgentId/favorite\n */\nexport const UNFAVORITE_STORED_AGENT_ROUTE = createRoute({\n method: 'DELETE',\n path: '/stored/agents/:storedAgentId/favorite',\n responseType: 'json',\n pathParamSchema: storedAgentIdPathParams,\n responseSchema: favoriteToggleResponseSchema,\n summary: 'Unfavorite a stored agent',\n description: 'Removes the caller’s favorite from the stored agent. Idempotent.',\n tags: ['Stored Agents'],\n requiresAuth: true,\n requiresPermission: 'stored-agents:read',\n handler: async ({ mastra, requestContext, storedAgentId }) => {\n try {\n await requireBuilderFeature(mastra, 'favorites');\n\n const callerId = getCallerAuthorId(requestContext);\n if (!callerId) {\n throw new HTTPException(401, { message: 'Authentication required' });\n }\n\n const { agentStore, favoritesStore } = await getFavoritesContext(mastra);\n\n const agent = await agentStore.getById(storedAgentId);\n if (!agent) {\n throw new HTTPException(404, { message: `Stored agent with id ${storedAgentId} not found` });\n }\n assertStoredResourceScope(agent, await getStoredResourceScope(mastra, requestContext));\n\n assertReadAccess({ requestContext, resource: 'stored-agents', resourceId: storedAgentId, record: agent });\n\n const result = await favoritesStore.unfavorite({\n userId: callerId,\n entityType: 'agent',\n entityId: storedAgentId,\n });\n return result;\n } catch (error) {\n return handleError(error, 'Error unfavoriting stored agent');\n }\n },\n});\n"]}
1
+ {"version":3,"sources":["../src/server/handlers/stored-agent-favorites.ts"],"names":["HTTPException","createRoute","storedAgentIdPathParams","favoriteToggleResponseSchema","requireBuilderFeature","getCallerAuthorId","assertStoredResourceScope","getStoredResourceScope","assertReadAccess","handleError"],"mappings":";;;;;;;;;;;;AAaA,eAAe,oBAAoB,MAAA,EAAqD;AACtF,EAAA,MAAM,OAAA,GAAU,OAAO,UAAA,EAAW;AAClC,EAAA,IAAI,CAAC,OAAA,EAAS;AACZ,IAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6BAA6B,CAAA;AAAA,EACvE;AACA,EAAA,MAAM,UAAA,GAAa,MAAM,OAAA,CAAQ,QAAA,CAAS,QAAQ,CAAA;AAClD,EAAA,IAAI,CAAC,UAAA,EAAY;AACf,IAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,0CAA0C,CAAA;AAAA,EACpF;AACA,EAAA,MAAM,cAAA,GAAiB,MAAM,OAAA,CAAQ,QAAA,CAAS,WAAW,CAAA;AACzD,EAAA,IAAI,CAAC,cAAA,EAAgB;AACnB,IAAA,MAAM,IAAIA,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,6CAA6C,CAAA;AAAA,EACvF;AACA,EAAA,OAAO,EAAE,YAAY,cAAA,EAAe;AACtC;AAKO,IAAM,8BAA8BC,6BAAA,CAAY;AAAA,EACrD,MAAA,EAAQ,KAAA;AAAA,EACR,IAAA,EAAM,wCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBC,yCAAA;AAAA,EACjB,cAAA,EAAgBC,8CAAA;AAAA,EAChB,OAAA,EAAS,yBAAA;AAAA,EACT,WAAA,EAAa,sEAAA;AAAA,EACb,IAAA,EAAM,CAAC,eAAe,CAAA;AAAA,EACtB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,eAAc,KAAM;AAC5D,IAAA,IAAI;AACF,MAAA,MAAMC,uCAAA,CAAsB,QAAQ,WAAW,CAAA;AAE/C,MAAA,MAAM,QAAA,GAAWC,oCAAkB,cAAc,CAAA;AACjD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,2BAA2B,CAAA;AAAA,MACrE;AAEA,MAAA,MAAM,EAAE,UAAA,EAAY,cAAA,EAAe,GAAI,MAAM,oBAAoB,MAAM,CAAA;AAEvE,MAAA,MAAM,KAAA,GAAQ,MAAM,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA;AACpD,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIA,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,qBAAA,EAAwB,aAAa,cAAc,CAAA;AAAA,MAC7F;AACA,MAAAM,2CAAA,CAA0B,KAAA,EAAO,MAAMC,wCAAA,CAAuB,MAAA,EAAQ,cAAc,CAAC,CAAA;AAGrF,MAAAC,kCAAA,CAAiB,EAAE,gBAAgB,QAAA,EAAU,eAAA,EAAiB,YAAY,aAAA,EAAe,MAAA,EAAQ,OAAO,CAAA;AAExG,MAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,QAAA,CAAS;AAAA,QAC3C,MAAA,EAAQ,QAAA;AAAA,QACR,UAAA,EAAY,OAAA;AAAA,QACZ,QAAA,EAAU;AAAA,OACX,CAAA;AACD,MAAA,OAAO,MAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,+BAA+B,CAAA;AAAA,IAC3D;AAAA,EACF;AACF,CAAC;AAKM,IAAM,gCAAgCR,6BAAA,CAAY;AAAA,EACvD,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,wCAAA;AAAA,EACN,YAAA,EAAc,MAAA;AAAA,EACd,eAAA,EAAiBC,yCAAA;AAAA,EACjB,cAAA,EAAgBC,8CAAA;AAAA,EAChB,OAAA,EAAS,2BAAA;AAAA,EACT,WAAA,EAAa,uEAAA;AAAA,EACb,IAAA,EAAM,CAAC,eAAe,CAAA;AAAA,EACtB,YAAA,EAAc,IAAA;AAAA,EACd,kBAAA,EAAoB,oBAAA;AAAA,EACpB,SAAS,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,eAAc,KAAM;AAC5D,IAAA,IAAI;AACF,MAAA,MAAMC,uCAAA,CAAsB,QAAQ,WAAW,CAAA;AAE/C,MAAA,MAAM,QAAA,GAAWC,oCAAkB,cAAc,CAAA;AACjD,MAAA,IAAI,CAAC,QAAA,EAAU;AACb,QAAA,MAAM,IAAIL,+BAAA,CAAc,GAAA,EAAK,EAAE,OAAA,EAAS,2BAA2B,CAAA;AAAA,MACrE;AAEA,MAAA,MAAM,EAAE,UAAA,EAAY,cAAA,EAAe,GAAI,MAAM,oBAAoB,MAAM,CAAA;AAEvE,MAAA,MAAM,KAAA,GAAQ,MAAM,UAAA,CAAW,OAAA,CAAQ,aAAa,CAAA;AACpD,MAAA,IAAI,CAAC,KAAA,EAAO;AACV,QAAA,MAAM,IAAIA,gCAAc,GAAA,EAAK,EAAE,SAAS,CAAA,qBAAA,EAAwB,aAAa,cAAc,CAAA;AAAA,MAC7F;AACA,MAAAM,2CAAA,CAA0B,KAAA,EAAO,MAAMC,wCAAA,CAAuB,MAAA,EAAQ,cAAc,CAAC,CAAA;AAErF,MAAAC,kCAAA,CAAiB,EAAE,gBAAgB,QAAA,EAAU,eAAA,EAAiB,YAAY,aAAA,EAAe,MAAA,EAAQ,OAAO,CAAA;AAExG,MAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,UAAA,CAAW;AAAA,QAC7C,MAAA,EAAQ,QAAA;AAAA,QACR,UAAA,EAAY,OAAA;AAAA,QACZ,QAAA,EAAU;AAAA,OACX,CAAA;AACD,MAAA,OAAO,MAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAOC,6BAAA,CAAY,OAAO,iCAAiC,CAAA;AAAA,IAC7D;AAAA,EACF;AACF,CAAC","file":"chunk-NUQ5EITO.cjs","sourcesContent":["import { HTTPException } from '../http-exception';\nimport { favoriteToggleResponseSchema } from '../schemas/favorites';\nimport { storedAgentIdPathParams } from '../schemas/stored-agents';\nimport { createRoute } from '../server-adapter/routes/route-builder';\nimport { assertStoredResourceScope, getStoredResourceScope } from '../utils';\n\nimport { assertReadAccess, getCallerAuthorId } from './authorship';\nimport { requireBuilderFeature } from './editor-builder';\nimport { handleError } from './error';\n\n/**\n * Resolves the storage and favorites domains, throwing 500 if unavailable.\n */\nasync function getFavoritesContext(mastra: Parameters<typeof requireBuilderFeature>[0]) {\n const storage = mastra.getStorage();\n if (!storage) {\n throw new HTTPException(500, { message: 'Storage is not configured' });\n }\n const agentStore = await storage.getStore('agents');\n if (!agentStore) {\n throw new HTTPException(500, { message: 'Agents storage domain is not available' });\n }\n const favoritesStore = await storage.getStore('favorites');\n if (!favoritesStore) {\n throw new HTTPException(500, { message: 'Favorites storage domain is not available' });\n }\n return { agentStore, favoritesStore };\n}\n\n/**\n * PUT /stored/agents/:storedAgentId/favorite\n */\nexport const FAVORITE_STORED_AGENT_ROUTE = createRoute({\n method: 'PUT',\n path: '/stored/agents/:storedAgentId/favorite',\n responseType: 'json',\n pathParamSchema: storedAgentIdPathParams,\n responseSchema: favoriteToggleResponseSchema,\n summary: 'Favorite a stored agent',\n description: 'Marks the stored agent as favorited by the calling user. Idempotent.',\n tags: ['Stored Agents'],\n requiresAuth: true,\n requiresPermission: 'stored-agents:read',\n handler: async ({ mastra, requestContext, storedAgentId }) => {\n try {\n await requireBuilderFeature(mastra, 'favorites');\n\n const callerId = getCallerAuthorId(requestContext);\n if (!callerId) {\n throw new HTTPException(401, { message: 'Authentication required' });\n }\n\n const { agentStore, favoritesStore } = await getFavoritesContext(mastra);\n\n const agent = await agentStore.getById(storedAgentId);\n if (!agent) {\n throw new HTTPException(404, { message: `Stored agent with id ${storedAgentId} not found` });\n }\n assertStoredResourceScope(agent, await getStoredResourceScope(mastra, requestContext));\n\n // Throws 404 if the caller cannot read the agent (private + not owner/admin).\n assertReadAccess({ requestContext, resource: 'stored-agents', resourceId: storedAgentId, record: agent });\n\n const result = await favoritesStore.favorite({\n userId: callerId,\n entityType: 'agent',\n entityId: storedAgentId,\n });\n return result;\n } catch (error) {\n return handleError(error, 'Error favoriting stored agent');\n }\n },\n});\n\n/**\n * DELETE /stored/agents/:storedAgentId/favorite\n */\nexport const UNFAVORITE_STORED_AGENT_ROUTE = createRoute({\n method: 'DELETE',\n path: '/stored/agents/:storedAgentId/favorite',\n responseType: 'json',\n pathParamSchema: storedAgentIdPathParams,\n responseSchema: favoriteToggleResponseSchema,\n summary: 'Unfavorite a stored agent',\n description: 'Removes the caller’s favorite from the stored agent. Idempotent.',\n tags: ['Stored Agents'],\n requiresAuth: true,\n requiresPermission: 'stored-agents:read',\n handler: async ({ mastra, requestContext, storedAgentId }) => {\n try {\n await requireBuilderFeature(mastra, 'favorites');\n\n const callerId = getCallerAuthorId(requestContext);\n if (!callerId) {\n throw new HTTPException(401, { message: 'Authentication required' });\n }\n\n const { agentStore, favoritesStore } = await getFavoritesContext(mastra);\n\n const agent = await agentStore.getById(storedAgentId);\n if (!agent) {\n throw new HTTPException(404, { message: `Stored agent with id ${storedAgentId} not found` });\n }\n assertStoredResourceScope(agent, await getStoredResourceScope(mastra, requestContext));\n\n assertReadAccess({ requestContext, resource: 'stored-agents', resourceId: storedAgentId, record: agent });\n\n const result = await favoritesStore.unfavorite({\n userId: callerId,\n entityType: 'agent',\n entityId: storedAgentId,\n });\n return result;\n } catch (error) {\n return handleError(error, 'Error unfavoriting stored agent');\n }\n },\n});\n"]}