@mordn/chat-widget 0.8.1 → 0.10.1

package/dist/server/hosted/index.mjs

@@ -0,0 +1,204 @@
+// src/server/stores/hosted/index.ts
+import "server-only";
+
+// src/server/stores/hosted/store.ts
+import "server-only";
+
+// src/server/chat-store.ts
+var ConversationOwnershipError = class extends Error {
+  constructor(conversationId) {
+    super(`Conversation ${conversationId} is not owned by the current user`);
+    this.conversationId = conversationId;
+    this.name = "ConversationOwnershipError";
+  }
+};
+
+// src/server/stores/hosted/store.ts
+var DEFAULT_BASE_URL = "https://api.mordn.dev";
+function normaliseConversation(raw) {
+  return {
+    id: raw.id,
+    title: raw.title,
+    metadata: raw.metadata ?? null,
+    createdAt: new Date(raw.created_at ?? raw.createdAt),
+    updatedAt: new Date(raw.updated_at ?? raw.updatedAt),
+    messageCount: raw.message_count ?? raw.messageCount
+  };
+}
+function normaliseMessage(raw) {
+  return {
+    id: raw.id,
+    role: raw.role,
+    parts: raw.parts ?? [],
+    text: raw.content ?? raw.text ?? "",
+    model: raw.model ?? void 0,
+    createdAt: new Date(raw.created_at ?? raw.createdAt)
+  };
+}
+var HostedChatStore = class {
+  constructor(userId, apiKey, baseUrl, fetchImpl) {
+    this.userId = userId;
+    this.apiKey = apiKey;
+    this.base = baseUrl.replace(/\/$/, "");
+    this.doFetch = fetchImpl;
+  }
+  headers(json = false) {
+    const h = {
+      Authorization: `Bearer ${this.apiKey}`,
+      "X-Chat-User": this.userId
+    };
+    if (json) h["Content-Type"] = "application/json";
+    return h;
+  }
+  async req(path, init) {
+    return this.doFetch(`${this.base}/v1${path}`, init);
+  }
+  async listConversations() {
+    const res = await this.req("/conversations", { headers: this.headers() });
+    if (!res.ok) return [];
+    const data = await res.json();
+    return (data.conversations ?? []).map(normaliseConversation);
+  }
+  async getConversation(id) {
+    const res = await this.req(`/conversations/${encodeURIComponent(id)}`, { headers: this.headers() });
+    if (res.status === 404) return null;
+    if (!res.ok) return null;
+    const data = await res.json();
+    return data.conversation ? normaliseConversation(data.conversation) : null;
+  }
+  async ensureConversation(id) {
+    const res = await this.req(`/conversations/${encodeURIComponent(id)}/turns`, {
+      method: "POST",
+      headers: this.headers(true),
+      body: JSON.stringify({ messages: [] })
+    });
+    if (res.status === 403) throw new ConversationOwnershipError(id);
+    const conv = await this.getConversation(id);
+    if (conv) return conv;
+    const now = /* @__PURE__ */ new Date();
+    return { id, title: "New Chat", metadata: {}, createdAt: now, updatedAt: now };
+  }
+  async renameConversation(id, title) {
+    await this.req(`/conversations/${encodeURIComponent(id)}`, {
+      method: "PATCH",
+      headers: this.headers(true),
+      body: JSON.stringify({ title })
+    });
+  }
+  async deleteConversation(id) {
+    const res = await this.req(`/conversations/${encodeURIComponent(id)}`, {
+      method: "DELETE",
+      headers: this.headers()
+    });
+    return res.status === 204;
+  }
+  async listMessages(conversationId, _opts) {
+    const res = await this.req(`/conversations/${encodeURIComponent(conversationId)}`, { headers: this.headers() });
+    if (!res.ok) return [];
+    const data = await res.json();
+    return (data.messages ?? []).map(normaliseMessage);
+  }
+  async saveTurn(input) {
+    const res = await this.req(`/conversations/${encodeURIComponent(input.conversationId)}/turns`, {
+      method: "POST",
+      headers: this.headers(true),
+      body: JSON.stringify({ messages: input.messages, model: input.model })
+    });
+    if (res.status === 403) throw new ConversationOwnershipError(input.conversationId);
+    if (!res.ok) {
+      throw new Error(`[chat-widget] hosted saveTurn failed: ${res.status} ${await res.text().catch(() => "")}`);
+    }
+  }
+};
+var HostedStorageAdapter = class {
+  constructor(userId, apiKey, baseUrl, fetchImpl) {
+    this.userId = userId;
+    this.apiKey = apiKey;
+    this.base = baseUrl.replace(/\/$/, "");
+    this.doFetch = fetchImpl;
+  }
+  async upload(input) {
+    const form = new FormData();
+    const buf = input.data instanceof Uint8Array ? input.data.buffer.slice(input.data.byteOffset, input.data.byteOffset + input.data.byteLength) : input.data;
+    form.append("file", new Blob([buf], { type: input.mediaType }), input.filename);
+    if (input.conversationId) form.append("conversationId", input.conversationId);
+    const res = await this.doFetch(`${this.base}/v1/uploads`, {
+      method: "POST",
+      headers: { Authorization: `Bearer ${this.apiKey}`, "X-Chat-User": this.userId },
+      body: form
+    });
+    if (!res.ok) throw new Error(`[chat-widget] hosted upload failed: ${res.status}`);
+    const r = await res.json();
+    return r;
+  }
+  async resign(storagePath) {
+    const res = await this.doFetch(`${this.base}/v1/uploads/resign`, {
+      method: "POST",
+      headers: { Authorization: `Bearer ${this.apiKey}`, "X-Chat-User": this.userId, "Content-Type": "application/json" },
+      body: JSON.stringify({ storagePath })
+    });
+    if (!res.ok) return null;
+    const r = await res.json();
+    return r.url ?? null;
+  }
+  async remove(storagePath) {
+    await this.doFetch(`${this.base}/v1/uploads`, {
+      method: "DELETE",
+      headers: { Authorization: `Bearer ${this.apiKey}`, "X-Chat-User": this.userId, "Content-Type": "application/json" },
+      body: JSON.stringify({ storagePath })
+    }).catch(() => {
+    });
+  }
+};
+function createHostedChatStore(options) {
+  if (!options.apiKey) throw new Error("[chat-widget] createHostedChatStore requires an apiKey");
+  const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;
+  const fetchImpl = options.fetch ?? fetch;
+  return (userId) => new HostedChatStore(userId, options.apiKey, baseUrl, fetchImpl);
+}
+function createHostedStorage(options) {
+  if (!options.apiKey) throw new Error("[chat-widget] createHostedStorage requires an apiKey");
+  const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;
+  const fetchImpl = options.fetch ?? fetch;
+  return (userId) => new HostedStorageAdapter(userId, options.apiKey, baseUrl, fetchImpl);
+}
+function createHostedConfig(options) {
+  if (!options.apiKey) throw new Error("[chat-widget] createHostedConfig requires an apiKey");
+  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
+  const fetchImpl = options.fetch ?? fetch;
+  const apiKey = options.apiKey;
+  const CONFIG_TTL_MS = 6e4;
+  let cached = null;
+  return async (ctx) => {
+    const now = Date.now();
+    if (cached && now - cached.at < CONFIG_TTL_MS) return cached.value;
+    try {
+      const res = await fetchImpl(`${baseUrl}/v1/config`, {
+        method: "GET",
+        headers: { Authorization: `Bearer ${apiKey}`, "X-Chat-User": ctx.userId }
+      });
+      if (!res.ok) {
+        cached = { value: null, at: now };
+        return null;
+      }
+      const raw = await res.json();
+      const value = {
+        model: raw.model ?? null,
+        systemPrompt: raw.systemPrompt ?? null,
+        greeting: raw.greeting ?? null,
+        appearance: raw.appearance ?? null
+      };
+      cached = { value, at: now };
+      return value;
+    } catch {
+      cached = { value: null, at: now };
+      return null;
+    }
+  };
+}
+export {
+  createHostedChatStore,
+  createHostedConfig,
+  createHostedStorage
+};
+//# sourceMappingURL=index.mjs.map

package/dist/server/hosted/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/server/stores/hosted/index.ts","../../../src/server/stores/hosted/store.ts","../../../src/server/chat-store.ts"],"sourcesContent":["/**\n * Hosted store/storage clients — public entry.\n *\n *   import { createHostedChatStore, createHostedStorage } from '@mordn/chat-widget/server/hosted';\n *   createChatHandler({\n *     getUserId,\n *     model,\n *     store:   createHostedChatStore({ apiKey: process.env.MORDN_CHAT_KEY }),\n *     storage: createHostedStorage({ apiKey: process.env.MORDN_CHAT_KEY }),\n *   });\n *\n * No DATABASE_URL, no bucket, no migrations — the hosted @mordn/chat-api service\n * owns all of that. The only secret you hold is the tenant API key.\n */\nimport 'server-only';\n\nexport { createHostedChatStore, createHostedStorage, createHostedConfig, type HostedOptions } from './store';\n","/**\n * Hosted ChatStore + StorageAdapter — thin HTTP clients over the @mordn/chat-api\n * service. Same interfaces as the Drizzle/Supabase defaults, so switching a\n * consumer from BYO to hosted is a one-line change:\n *\n *   store:   createHostedChatStore({ apiKey: process.env.MORDN_CHAT_KEY })\n *   storage: createHostedStorage({ apiKey: process.env.MORDN_CHAT_KEY })\n *\n * Identity: the `apiKey` authenticates the TENANT (the customer/app). The\n * per-request `userId` the handler binds is sent as `X-Chat-User` — the end\n * user, derived from the consumer's verified session (same trust model as\n * getUserId). The hosted service enforces both axes; this client never decides\n * authorization, it only carries identity.\n */\n\nimport 'server-only';\nimport {\n  ConversationOwnershipError,\n  type ChatStore,\n} from '../../chat-store';\nimport type { StorageAdapter, UploadInput, UploadResult } from '../../storage-adapter';\nimport type { ChatRequestContext, HostedAgentConfig } from '../../handler-types';\nimport type {\n  ListMessagesOptions,\n  SaveTurnInput,\n  StoredConversation,\n  StoredMessage,\n} from '../../types';\n\nconst DEFAULT_BASE_URL = 'https://api.mordn.dev';\n\nexport interface HostedOptions {\n  /** Tenant API key (mck_live_… / mck_test_…). Required. Never sent to the client. */\n  apiKey: string;\n  /** API base URL. Defaults to the hosted service; override for self-host/local. */\n  baseUrl?: string;\n  /** Optional fetch override (testing). */\n  fetch?: typeof fetch;\n}\n\nfunction normaliseConversation(raw: any): StoredConversation {\n  return {\n    id: raw.id,\n    title: raw.title,\n    metadata: raw.metadata ?? null,\n    createdAt: new Date(raw.created_at ?? raw.createdAt),\n    updatedAt: new Date(raw.updated_at ?? raw.updatedAt),\n    messageCount: raw.message_count ?? raw.messageCount,\n  };\n}\n\nfunction normaliseMessage(raw: any): StoredMessage {\n  return {\n    id: raw.id,\n    role: raw.role,\n    parts: raw.parts ?? [],\n    text: raw.content ?? raw.text ?? '',\n    model: raw.model ?? undefined,\n    createdAt: new Date(raw.created_at ?? raw.createdAt),\n  };\n}\n\nclass HostedChatStore implements ChatStore {\n  private readonly base: string;\n  private readonly doFetch: typeof fetch;\n\n  constructor(\n    public readonly userId: string,\n    private readonly apiKey: string,\n    baseUrl: string,\n    fetchImpl: typeof fetch,\n  ) {\n    this.base = baseUrl.replace(/\\/$/, '');\n    this.doFetch = fetchImpl;\n  }\n\n  private headers(json = false): Record<string, string> {\n    const h: Record<string, string> = {\n      Authorization: `Bearer ${this.apiKey}`,\n      'X-Chat-User': this.userId,\n    };\n    if (json) h['Content-Type'] = 'application/json';\n    return h;\n  }\n\n  private async req(path: string, init?: RequestInit): Promise<Response> {\n    return this.doFetch(`${this.base}/v1${path}`, init);\n  }\n\n  async listConversations(): Promise<StoredConversation[]> {\n    const res = await this.req('/conversations', { headers: this.headers() });\n    if (!res.ok) return [];\n    const data = (await res.json()) as { conversations?: any[] };\n    return (data.conversations ?? []).map(normaliseConversation);\n  }\n\n  async getConversation(id: string): Promise<StoredConversation | null> {\n    const res = await this.req(`/conversations/${encodeURIComponent(id)}`, { headers: this.headers() });\n    if (res.status === 404) return null;\n    if (!res.ok) return null;\n    const data = (await res.json()) as { conversation?: any };\n    return data.conversation ? normaliseConversation(data.conversation) : null;\n  }\n\n  async ensureConversation(id: string): Promise<StoredConversation> {\n    // The hosted API creates-or-rejects inside POST /turns (it calls\n    // ensureConversation server-side). With no messages this is a cheap upsert;\n    // a 403 means the conversation belongs to another user → ownership error.\n    const res = await this.req(`/conversations/${encodeURIComponent(id)}/turns`, {\n      method: 'POST',\n      headers: this.headers(true),\n      body: JSON.stringify({ messages: [] }),\n    });\n    if (res.status === 403) throw new ConversationOwnershipError(id);\n    // Read it back so the contract (returns the row) holds.\n    const conv = await this.getConversation(id);\n    if (conv) return conv;\n    // Brand-new conversation with no messages yet: synthesise the row shape.\n    const now = new Date();\n    return { id, title: 'New Chat', metadata: {}, createdAt: now, updatedAt: now };\n  }\n\n  async renameConversation(id: string, title: string): Promise<void> {\n    await this.req(`/conversations/${encodeURIComponent(id)}`, {\n      method: 'PATCH',\n      headers: this.headers(true),\n      body: JSON.stringify({ title }),\n    });\n  }\n\n  async deleteConversation(id: string): Promise<boolean> {\n    const res = await this.req(`/conversations/${encodeURIComponent(id)}`, {\n      method: 'DELETE',\n      headers: this.headers(),\n    });\n    return res.status === 204;\n  }\n\n  async listMessages(conversationId: string, _opts?: ListMessagesOptions): Promise<StoredMessage[]> {\n    const res = await this.req(`/conversations/${encodeURIComponent(conversationId)}`, { headers: this.headers() });\n    if (!res.ok) return [];\n    const data = (await res.json()) as { messages?: any[] };\n    return (data.messages ?? []).map(normaliseMessage);\n  }\n\n  async saveTurn(input: SaveTurnInput): Promise<void> {\n    const res = await this.req(`/conversations/${encodeURIComponent(input.conversationId)}/turns`, {\n      method: 'POST',\n      headers: this.headers(true),\n      body: JSON.stringify({ messages: input.messages, model: input.model }),\n    });\n    if (res.status === 403) throw new ConversationOwnershipError(input.conversationId);\n    if (!res.ok) {\n      throw new Error(`[chat-widget] hosted saveTurn failed: ${res.status} ${await res.text().catch(() => '')}`);\n    }\n  }\n}\n\nclass HostedStorageAdapter implements StorageAdapter {\n  private readonly base: string;\n  private readonly doFetch: typeof fetch;\n\n  constructor(\n    public readonly userId: string,\n    private readonly apiKey: string,\n    baseUrl: string,\n    fetchImpl: typeof fetch,\n  ) {\n    this.base = baseUrl.replace(/\\/$/, '');\n    this.doFetch = fetchImpl;\n  }\n\n  async upload(input: UploadInput): Promise<UploadResult> {\n    const form = new FormData();\n    // Normalise to an ArrayBuffer for Blob (TS's BlobPart doesn't accept a\n    // Uint8Array<ArrayBufferLike> directly under all lib configs).\n    const buf: ArrayBuffer =\n      input.data instanceof Uint8Array\n        ? (input.data.buffer.slice(input.data.byteOffset, input.data.byteOffset + input.data.byteLength) as ArrayBuffer)\n        : input.data;\n    form.append('file', new Blob([buf], { type: input.mediaType }), input.filename);\n    if (input.conversationId) form.append('conversationId', input.conversationId);\n    const res = await this.doFetch(`${this.base}/v1/uploads`, {\n      method: 'POST',\n      headers: { Authorization: `Bearer ${this.apiKey}`, 'X-Chat-User': this.userId },\n      body: form,\n    });\n    if (!res.ok) throw new Error(`[chat-widget] hosted upload failed: ${res.status}`);\n    const r = (await res.json()) as UploadResult;\n    return r;\n  }\n\n  async resign(storagePath: string): Promise<string | null> {\n    // The hosted history read re-signs server-side, so a separate resign call\n    // is rarely needed; expose it for parity. Returns null on any failure.\n    const res = await this.doFetch(`${this.base}/v1/uploads/resign`, {\n      method: 'POST',\n      headers: { Authorization: `Bearer ${this.apiKey}`, 'X-Chat-User': this.userId, 'Content-Type': 'application/json' },\n      body: JSON.stringify({ storagePath }),\n    });\n    if (!res.ok) return null;\n    const r = (await res.json()) as { url?: string };\n    return r.url ?? null;\n  }\n\n  async remove(storagePath: string): Promise<void> {\n    await this.doFetch(`${this.base}/v1/uploads`, {\n      method: 'DELETE',\n      headers: { Authorization: `Bearer ${this.apiKey}`, 'X-Chat-User': this.userId, 'Content-Type': 'application/json' },\n      body: JSON.stringify({ storagePath }),\n    }).catch(() => {});\n  }\n}\n\n/**\n * Create a `ChatStoreFactory` backed by the hosted @mordn/chat-api service.\n * Pass to `createChatHandler({ store: createHostedChatStore({ apiKey }) })`.\n */\nexport function createHostedChatStore(options: HostedOptions) {\n  if (!options.apiKey) throw new Error('[chat-widget] createHostedChatStore requires an apiKey');\n  const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;\n  const fetchImpl = options.fetch ?? fetch;\n  return (userId: string): ChatStore => new HostedChatStore(userId, options.apiKey, baseUrl, fetchImpl);\n}\n\n/**\n * Create a `StorageAdapterFactory` backed by the hosted service.\n */\nexport function createHostedStorage(options: HostedOptions) {\n  if (!options.apiKey) throw new Error('[chat-widget] createHostedStorage requires an apiKey');\n  const baseUrl = options.baseUrl ?? DEFAULT_BASE_URL;\n  const fetchImpl = options.fetch ?? fetch;\n  return (userId: string): StorageAdapter => new HostedStorageAdapter(userId, options.apiKey, baseUrl, fetchImpl);\n}\n\n/**\n * Create a `getHostedConfig` fetcher backed by the hosted service's\n * `GET /v1/config`. Pass to\n * `createChatHandler({ getHostedConfig: createHostedConfig({ apiKey }) })`.\n *\n * The agent is resolved server-side from the apiKey, so this returns THIS key's\n * agent config. Results are cached in-process per apiKey for a short TTL so it\n * isn't refetched every turn. Returns null on any failure → the handler falls\n * through to code/defaults (a control-plane hiccup never breaks a turn).\n */\nexport function createHostedConfig(options: HostedOptions) {\n  if (!options.apiKey) throw new Error('[chat-widget] createHostedConfig requires an apiKey');\n  const baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\\/$/, '');\n  const fetchImpl = options.fetch ?? fetch;\n  const apiKey = options.apiKey;\n  const CONFIG_TTL_MS = 60_000;\n\n  let cached: { value: HostedAgentConfig | null; at: number } | null = null;\n\n  return async (ctx: ChatRequestContext): Promise<HostedAgentConfig | null> => {\n    const now = Date.now();\n    if (cached && now - cached.at < CONFIG_TTL_MS) return cached.value;\n\n    try {\n      const res = await fetchImpl(`${baseUrl}/v1/config`, {\n        method: 'GET',\n        headers: { Authorization: `Bearer ${apiKey}`, 'X-Chat-User': ctx.userId },\n      });\n      if (!res.ok) {\n        cached = { value: null, at: now };\n        return null;\n      }\n      const raw = (await res.json()) as HostedAgentConfig;\n      const value: HostedAgentConfig = {\n        model: raw.model ?? null,\n        systemPrompt: raw.systemPrompt ?? null,\n        greeting: raw.greeting ?? null,\n        appearance: raw.appearance ?? null,\n      };\n      cached = { value, at: now };\n      return value;\n    } catch {\n      cached = { value: null, at: now };\n      return null;\n    }\n  };\n}\n","/**\n * ChatStore — the persistence contract for chat conversations and messages.\n *\n * This is one of the two pluggable backends of the widget (the other is\n * `StorageAdapter` for attachments). The package ships a Drizzle/Postgres\n * implementation as the default; a hosted backend or a BYO store (Prisma,\n * raw SQL, DynamoDB, a test double) is simply another implementation of this\n * same interface.\n *\n * ──────────────────────────────────────────────────────────────────────────\n * The security model is in the shape of this API, not in its callers.\n * ──────────────────────────────────────────────────────────────────────────\n *\n * A `ChatStore` is *bound to one verified user* at construction time (see\n * `ChatStoreFactory`). None of its methods accept a `userId`. This is\n * deliberate and it is the core defence against the IDOR class of bug:\n *\n *   - You cannot ask the store for \"conversation X belonging to user Y\",\n *     because there is no parameter through which a foreign `userId` could\n *     enter. The only user the store will ever read or write is the one it\n *     was constructed with.\n *\n *   - Every method is therefore *implicitly scoped*. `listConversations()`\n *     returns only the bound user's conversations. `getConversation(id)`\n *     returns `null` — not someone else's row — when `id` exists but belongs\n *     to a different user. `saveTurn(...)` refuses (throws\n *     `ConversationOwnershipError`) if `conversationId` exists under another\n *     user.\n *\n * The route layer's job shrinks to: authenticate the request, derive the\n * real `userId` from the *server* session, construct a store bound to it,\n * and call methods. There is no per-route ownership check to forget, because\n * the store cannot be made to cross users.\n *\n * Implementations MUST uphold the contract documented on each method. The\n * Drizzle default does; if you write your own, these invariants are the\n * security boundary — treat them as load-bearing, not advisory.\n */\n\nimport type {\n  ListMessagesOptions,\n  SaveTurnInput,\n  StoredConversation,\n  StoredMessage,\n} from './types';\n\n/**\n * Thrown by mutating methods when the target conversation exists but is owned\n * by a different user than the one this store is bound to. Callers should map\n * this to an HTTP 403. (Read methods don't throw — they return `null`/`[]` —\n * so that probing for existence can't distinguish \"not found\" from\n * \"forbidden\", which would itself leak information.)\n */\nexport class ConversationOwnershipError extends Error {\n  constructor(public readonly conversationId: string) {\n    super(`Conversation ${conversationId} is not owned by the current user`);\n    this.name = 'ConversationOwnershipError';\n  }\n}\n\nexport interface ChatStore {\n  /**\n   * The user this store instance is bound to. Read-only; set at construction.\n   * Exposed so the router can stamp it onto storage paths, logs, etc. — never\n   * as something a caller can change.\n   */\n  readonly userId: string;\n\n  // ── Conversations ──────────────────────────────────────────────────────\n\n  /**\n   * List the bound user's conversations, most-recently-updated first.\n   * Returns `messageCount` on each row for the history list. Returns `[]`\n   * (never throws) when the user has none.\n   */\n  listConversations(): Promise<StoredConversation[]>;\n\n  /**\n   * Fetch a single conversation by id, scoped to the bound user.\n   *\n   * Returns `null` when the conversation does not exist OR exists but belongs\n   * to another user — the two cases are intentionally indistinguishable to\n   * the caller (and thus to an attacker). Never returns another user's row.\n   */\n  getConversation(id: string): Promise<StoredConversation | null>;\n\n  /**\n   * Ensure a conversation row exists for `id`, owned by the bound user.\n   *\n   * - If no row exists for `id`: creates it, owned by the bound user, and\n   *   returns it.\n   * - If a row exists and is owned by the bound user: returns it unchanged\n   *   (idempotent — safe to call at the top of every request).\n   * - If a row exists but is owned by a *different* user: throws\n   *   `ConversationOwnershipError` and writes nothing.\n   *\n   * This is the single chokepoint that makes \"write into someone else's\n   * conversation\" impossible: the router calls it before persisting any\n   * message, so a forged conversation id is rejected before any data lands.\n   */\n  ensureConversation(id: string, init?: { title?: string }): Promise<StoredConversation>;\n\n  /**\n   * Rename a conversation owned by the bound user. No-op (does not throw) if\n   * the conversation doesn't exist or isn't owned by the user — renaming is\n   * not security-sensitive and silent failure is friendlier here.\n   */\n  renameConversation(id: string, title: string): Promise<void>;\n\n  /**\n   * Delete a conversation (and cascade its messages + attachment rows) owned\n   * by the bound user. No-op if it doesn't exist or isn't owned by the user.\n   * Returns `true` if a row was actually deleted, `false` otherwise — lets\n   * the route return 404 vs 200 honestly without a separate existence check.\n   *\n   * Note: this deletes message *rows*. Purging the underlying attachment\n   * blobs from storage is the router's job (it has the `StorageAdapter`),\n   * driven off the attachments this method returns having referenced.\n   */\n  deleteConversation(id: string): Promise<boolean>;\n\n  // ── Messages ───────────────────────────────────────────────────────────\n\n  /**\n   * Load messages for a conversation, scoped to the bound user, newest-first\n   * internally but returned in chronological order (oldest → newest) ready to\n   * render. Returns `[]` if the conversation doesn't exist or isn't owned by\n   * the user — same non-distinguishing contract as `getConversation`.\n   *\n   * Honours `ListMessagesOptions` for pagination. Implementations MUST clamp\n   * `limit` to a ceiling (default ceiling: 100) so a hostile client can't\n   * request an unbounded page.\n   */\n  listMessages(conversationId: string, opts?: ListMessagesOptions): Promise<StoredMessage[]>;\n\n  /**\n   * Persist the final messages of a completed turn.\n   *\n   * Contract:\n   *  - MUST verify the conversation is owned by the bound user first; throws\n   *    `ConversationOwnershipError` otherwise (defence in depth — the router\n   *    already called `ensureConversation`, but `saveTurn` must not trust\n   *    that).\n   *  - MUST be idempotent on message id: a message whose id already exists is\n   *    skipped, not duplicated. (The AI SDK delivers stable ids; replays and\n   *    retries re-deliver them.)\n   *  - MUST persist each message's full `parts` array as the source of truth,\n   *    plus a denormalised text projection for previews.\n   *  - MUST bump the conversation's `updatedAt`.\n   *\n   * Errors other than ownership (e.g. a transient DB failure) propagate so\n   * the router can log them loudly — a silently-dropped assistant turn is\n   * exactly the bug we're trying to design out.\n   */\n  saveTurn(input: SaveTurnInput): Promise<void>;\n}\n\n/**\n * Constructs a `ChatStore` bound to a specific, already-verified user.\n *\n * The router calls this *after* it has authenticated the request and derived\n * `userId` from the server session — never from anything client-supplied.\n * Passing a client-controlled value here would reintroduce the very IDOR the\n * bound-store design exists to prevent, so implementations should treat\n * `userId` as a trusted server secret, not as request input.\n *\n * Construction is intended to be cheap (the underlying DB pool/connection is\n * shared across instances) so a fresh store per request is the norm.\n */\nexport type ChatStoreFactory = (userId: string) => ChatStore;\n"],"mappings":";AAcA,OAAO;;;ACCP,OAAO;;;ACsCA,IAAM,6BAAN,cAAyC,MAAM;AAAA,EACpD,YAA4B,gBAAwB;AAClD,UAAM,gBAAgB,cAAc,mCAAmC;AAD7C;AAE1B,SAAK,OAAO;AAAA,EACd;AACF;;;AD7BA,IAAM,mBAAmB;AAWzB,SAAS,sBAAsB,KAA8B;AAC3D,SAAO;AAAA,IACL,IAAI,IAAI;AAAA,IACR,OAAO,IAAI;AAAA,IACX,UAAU,IAAI,YAAY;AAAA,IAC1B,WAAW,IAAI,KAAK,IAAI,cAAc,IAAI,SAAS;AAAA,IACnD,WAAW,IAAI,KAAK,IAAI,cAAc,IAAI,SAAS;AAAA,IACnD,cAAc,IAAI,iBAAiB,IAAI;AAAA,EACzC;AACF;AAEA,SAAS,iBAAiB,KAAyB;AACjD,SAAO;AAAA,IACL,IAAI,IAAI;AAAA,IACR,MAAM,IAAI;AAAA,IACV,OAAO,IAAI,SAAS,CAAC;AAAA,IACrB,MAAM,IAAI,WAAW,IAAI,QAAQ;AAAA,IACjC,OAAO,IAAI,SAAS;AAAA,IACpB,WAAW,IAAI,KAAK,IAAI,cAAc,IAAI,SAAS;AAAA,EACrD;AACF;AAEA,IAAM,kBAAN,MAA2C;AAAA,EAIzC,YACkB,QACC,QACjB,SACA,WACA;AAJgB;AACC;AAIjB,SAAK,OAAO,QAAQ,QAAQ,OAAO,EAAE;AACrC,SAAK,UAAU;AAAA,EACjB;AAAA,EAEQ,QAAQ,OAAO,OAA+B;AACpD,UAAM,IAA4B;AAAA,MAChC,eAAe,UAAU,KAAK,MAAM;AAAA,MACpC,eAAe,KAAK;AAAA,IACtB;AACA,QAAI,KAAM,GAAE,cAAc,IAAI;AAC9B,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,IAAI,MAAc,MAAuC;AACrE,WAAO,KAAK,QAAQ,GAAG,KAAK,IAAI,MAAM,IAAI,IAAI,IAAI;AAAA,EACpD;AAAA,EAEA,MAAM,oBAAmD;AACvD,UAAM,MAAM,MAAM,KAAK,IAAI,kBAAkB,EAAE,SAAS,KAAK,QAAQ,EAAE,CAAC;AACxE,QAAI,CAAC,IAAI,GAAI,QAAO,CAAC;AACrB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAQ,KAAK,iBAAiB,CAAC,GAAG,IAAI,qBAAqB;AAAA,EAC7D;AAAA,EAEA,MAAM,gBAAgB,IAAgD;AACpE,UAAM,MAAM,MAAM,KAAK,IAAI,kBAAkB,mBAAmB,EAAE,CAAC,IAAI,EAAE,SAAS,KAAK,QAAQ,EAAE,CAAC;AAClG,QAAI,IAAI,WAAW,IAAK,QAAO;AAC/B,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,WAAO,KAAK,eAAe,sBAAsB,KAAK,YAAY,IAAI;AAAA,EACxE;AAAA,EAEA,MAAM,mBAAmB,IAAyC;AAIhE,UAAM,MAAM,MAAM,KAAK,IAAI,kBAAkB,mBAAmB,EAAE,CAAC,UAAU;AAAA,MAC3E,QAAQ;AAAA,MACR,SAAS,KAAK,QAAQ,IAAI;AAAA,MAC1B,MAAM,KAAK,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC;AAAA,IACvC,CAAC;AACD,QAAI,IAAI,WAAW,IAAK,OAAM,IAAI,2BAA2B,EAAE;AAE/D,UAAM,OAAO,MAAM,KAAK,gBAAgB,EAAE;AAC1C,QAAI,KAAM,QAAO;AAEjB,UAAM,MAAM,oBAAI,KAAK;AACrB,WAAO,EAAE,IAAI,OAAO,YAAY,UAAU,CAAC,GAAG,WAAW,KAAK,WAAW,IAAI;AAAA,EAC/E;AAAA,EAEA,MAAM,mBAAmB,IAAY,OAA8B;AACjE,UAAM,KAAK,IAAI,kBAAkB,mBAAmB,EAAE,CAAC,IAAI;AAAA,MACzD,QAAQ;AAAA,MACR,SAAS,KAAK,QAAQ,IAAI;AAAA,MAC1B,MAAM,KAAK,UAAU,EAAE,MAAM,CAAC;AAAA,IAChC,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,mBAAmB,IAA8B;AACrD,UAAM,MAAM,MAAM,KAAK,IAAI,kBAAkB,mBAAmB,EAAE,CAAC,IAAI;AAAA,MACrE,QAAQ;AAAA,MACR,SAAS,KAAK,QAAQ;AAAA,IACxB,CAAC;AACD,WAAO,IAAI,WAAW;AAAA,EACxB;AAAA,EAEA,MAAM,aAAa,gBAAwB,OAAuD;AAChG,UAAM,MAAM,MAAM,KAAK,IAAI,kBAAkB,mBAAmB,cAAc,CAAC,IAAI,EAAE,SAAS,KAAK,QAAQ,EAAE,CAAC;AAC9G,QAAI,CAAC,IAAI,GAAI,QAAO,CAAC;AACrB,UAAM,OAAQ,MAAM,IAAI,KAAK;AAC7B,YAAQ,KAAK,YAAY,CAAC,GAAG,IAAI,gBAAgB;AAAA,EACnD;AAAA,EAEA,MAAM,SAAS,OAAqC;AAClD,UAAM,MAAM,MAAM,KAAK,IAAI,kBAAkB,mBAAmB,MAAM,cAAc,CAAC,UAAU;AAAA,MAC7F,QAAQ;AAAA,MACR,SAAS,KAAK,QAAQ,IAAI;AAAA,MAC1B,MAAM,KAAK,UAAU,EAAE,UAAU,MAAM,UAAU,OAAO,MAAM,MAAM,CAAC;AAAA,IACvE,CAAC;AACD,QAAI,IAAI,WAAW,IAAK,OAAM,IAAI,2BAA2B,MAAM,cAAc;AACjF,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,MAAM,yCAAyC,IAAI,MAAM,IAAI,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,EAAE,CAAC,EAAE;AAAA,IAC3G;AAAA,EACF;AACF;AAEA,IAAM,uBAAN,MAAqD;AAAA,EAInD,YACkB,QACC,QACjB,SACA,WACA;AAJgB;AACC;AAIjB,SAAK,OAAO,QAAQ,QAAQ,OAAO,EAAE;AACrC,SAAK,UAAU;AAAA,EACjB;AAAA,EAEA,MAAM,OAAO,OAA2C;AACtD,UAAM,OAAO,IAAI,SAAS;AAG1B,UAAM,MACJ,MAAM,gBAAgB,aACjB,MAAM,KAAK,OAAO,MAAM,MAAM,KAAK,YAAY,MAAM,KAAK,aAAa,MAAM,KAAK,UAAU,IAC7F,MAAM;AACZ,SAAK,OAAO,QAAQ,IAAI,KAAK,CAAC,GAAG,GAAG,EAAE,MAAM,MAAM,UAAU,CAAC,GAAG,MAAM,QAAQ;AAC9E,QAAI,MAAM,eAAgB,MAAK,OAAO,kBAAkB,MAAM,cAAc;AAC5E,UAAM,MAAM,MAAM,KAAK,QAAQ,GAAG,KAAK,IAAI,eAAe;AAAA,MACxD,QAAQ;AAAA,MACR,SAAS,EAAE,eAAe,UAAU,KAAK,MAAM,IAAI,eAAe,KAAK,OAAO;AAAA,MAC9E,MAAM;AAAA,IACR,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,uCAAuC,IAAI,MAAM,EAAE;AAChF,UAAM,IAAK,MAAM,IAAI,KAAK;AAC1B,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,OAAO,aAA6C;AAGxD,UAAM,MAAM,MAAM,KAAK,QAAQ,GAAG,KAAK,IAAI,sBAAsB;AAAA,MAC/D,QAAQ;AAAA,MACR,SAAS,EAAE,eAAe,UAAU,KAAK,MAAM,IAAI,eAAe,KAAK,QAAQ,gBAAgB,mBAAmB;AAAA,MAClH,MAAM,KAAK,UAAU,EAAE,YAAY,CAAC;AAAA,IACtC,CAAC;AACD,QAAI,CAAC,IAAI,GAAI,QAAO;AACpB,UAAM,IAAK,MAAM,IAAI,KAAK;AAC1B,WAAO,EAAE,OAAO;AAAA,EAClB;AAAA,EAEA,MAAM,OAAO,aAAoC;AAC/C,UAAM,KAAK,QAAQ,GAAG,KAAK,IAAI,eAAe;AAAA,MAC5C,QAAQ;AAAA,MACR,SAAS,EAAE,eAAe,UAAU,KAAK,MAAM,IAAI,eAAe,KAAK,QAAQ,gBAAgB,mBAAmB;AAAA,MAClH,MAAM,KAAK,UAAU,EAAE,YAAY,CAAC;AAAA,IACtC,CAAC,EAAE,MAAM,MAAM;AAAA,IAAC,CAAC;AAAA,EACnB;AACF;AAMO,SAAS,sBAAsB,SAAwB;AAC5D,MAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,wDAAwD;AAC7F,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,YAAY,QAAQ,SAAS;AACnC,SAAO,CAAC,WAA8B,IAAI,gBAAgB,QAAQ,QAAQ,QAAQ,SAAS,SAAS;AACtG;AAKO,SAAS,oBAAoB,SAAwB;AAC1D,MAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,sDAAsD;AAC3F,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,YAAY,QAAQ,SAAS;AACnC,SAAO,CAAC,WAAmC,IAAI,qBAAqB,QAAQ,QAAQ,QAAQ,SAAS,SAAS;AAChH;AAYO,SAAS,mBAAmB,SAAwB;AACzD,MAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,qDAAqD;AAC1F,QAAM,WAAW,QAAQ,WAAW,kBAAkB,QAAQ,OAAO,EAAE;AACvE,QAAM,YAAY,QAAQ,SAAS;AACnC,QAAM,SAAS,QAAQ;AACvB,QAAM,gBAAgB;AAEtB,MAAI,SAAiE;AAErE,SAAO,OAAO,QAA+D;AAC3E,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,UAAU,MAAM,OAAO,KAAK,cAAe,QAAO,OAAO;AAE7D,QAAI;AACF,YAAM,MAAM,MAAM,UAAU,GAAG,OAAO,cAAc;AAAA,QAClD,QAAQ;AAAA,QACR,SAAS,EAAE,eAAe,UAAU,MAAM,IAAI,eAAe,IAAI,OAAO;AAAA,MAC1E,CAAC;AACD,UAAI,CAAC,IAAI,IAAI;AACX,iBAAS,EAAE,OAAO,MAAM,IAAI,IAAI;AAChC,eAAO;AAAA,MACT;AACA,YAAM,MAAO,MAAM,IAAI,KAAK;AAC5B,YAAM,QAA2B;AAAA,QAC/B,OAAO,IAAI,SAAS;AAAA,QACpB,cAAc,IAAI,gBAAgB;AAAA,QAClC,UAAU,IAAI,YAAY;AAAA,QAC1B,YAAY,IAAI,cAAc;AAAA,MAChC;AACA,eAAS,EAAE,OAAO,IAAI,IAAI;AAC1B,aAAO;AAAA,IACT,QAAQ;AACN,eAAS,EAAE,OAAO,MAAM,IAAI,IAAI;AAChC,aAAO;AAAA,IACT;AAAA,EACF;AACF;","names":[]}

package/dist/server/index.d.mts

@@ -1,182 +1,8 @@
-import { C as ChatStoreFactory } from '../chat-store-DERCPwhl.mjs';
-export { d as ChatStore, e as ConversationOwnershipError, L as ListMessagesOptions, c as SaveTurnInput, S as StoredAttachment, a as StoredConversation, b as StoredMessage } from '../chat-store-DERCPwhl.mjs';
-import { a as StorageAdapterFactory } from '../storage-adapter-DD8uqiAP.mjs';
-export { S as StorageAdapter, U as UploadInput, b as UploadResult } from '../storage-adapter-DD8uqiAP.mjs';
-import { LanguageModel, ToolSet, ModelMessage, UIMessage, StopCondition } from 'ai';
-
-/**
- * Public configuration surface for `createChatHandler`.
- *
- * This is the API a host app touches to mount the chat backend. The design
- * follows one rule, derived from auditing a real power-user integration
- * (Jarvis): take away the shared, dangerous-to-get-wrong plumbing; keep every
- * point of genuine per-app variation as an injection point or a hook.
- *
- * Three tiers of override, from "you must" to "you rarely will":
- *
- *   REQUIRED injections — no safe default exists:
- *     • getUserId          (identity; the security boundary)
- *
- *   OPTIONAL injections — a default exists, swap to take control:
- *     • model              (which LLM)
- *     • buildTools         (your tools, incl. per-request resources)
- *     • store              (persistence; hosted default)
- *     • storage            (attachments; hosted default)
- *
- *   HOOKS — the loop runs fine without them; override one seam at a time:
- *     • buildSystemPrompt, transformMessages, onChatFinish, onError,
- *       stopWhen, upload
- *
- * Everything NOT in this file — ownership checks, idempotency, pagination,
- * re-signing, socket teardown, save-on-finish — is owned by the handler and
- * is intentionally not configurable, because getting it wrong is a security
- * or correctness bug, not a preference.
- */
-
-/**
- * Everything a per-request hook/injection needs to know about the current
- * request, assembled by the handler AFTER authentication. Passed to
- * `buildTools`, `model` (when a function), `buildSystemPrompt`, and
- * `transformMessages`.
- *
- * Note `userId` is the server-verified identity — the same value the store
- * and storage are bound to. Hooks can trust it.
- */
-interface ChatRequestContext {
-    /** Server-verified user id. Never client-supplied. */
-    userId: string;
-    /** The conversation this request targets. */
-    conversationId: string;
-    /** The raw request, for hooks that need headers/cookies (e.g. an org id). */
-    request: Request;
-}
-/**
- * What `buildTools` returns. The `cleanup` callback is the critical piece the
- * naive "just return a ToolSet" design misses: tools backed by a per-request
- * resource (an MCP client holding a socket, a DB transaction, a temp scope)
- * MUST be torn down after the stream finishes — exactly once, whether the
- * stream completed, errored, or the client aborted. The handler guarantees
- * that single, correctly-timed call so the host app never leaks sockets.
- */
-interface BuiltTools {
-    tools: ToolSet;
-    /**
-     * Called exactly once when the request is fully done (success, error, or
-     * abort), after the response stream has settled. Optional — omit when your
-     * tools hold no per-request resource.
-     */
-    cleanup?: () => void | Promise<void>;
-}
-/**
- * Server-side upload policy. Enforced by the handler's upload route BEFORE
- * any bytes touch storage, so an oversized or disallowed file is rejected
- * with a clean 4xx instead of a framework body-parse failure. The widget's
- * client-side `accept`/`maxBytes` should mirror these, but the SERVER is the
- * source of truth — the client checks are UX, these checks are the boundary.
- */
-interface UploadPolicy {
-    /**
-     * Allowed MIME types. An exact-match allow-list (not a prefix match) so
-     * `image/svg+xml` can be excluded while `image/png` is allowed. Defaults to
-     * a conservative image+pdf set that current vision models accept natively.
-     */
-    allowedMediaTypes?: string[];
-    /** Per-file size cap in bytes. Defaults to 5 MB. */
-    maxBytes?: number;
-}
-interface CreateChatHandlerOptions {
-    /**
-     * Derive the authenticated user's id from the SERVER session — a verified
-     * cookie/JWT, Clerk `auth()`, NextAuth `getServerSession()`,
-     * `supabase.auth.getUser()`, etc. Return `null` for an unauthenticated
-     * request; the handler responds 401.
-     *
-     * SECURITY: never read the id from the request body, query string, or a
-     * header the browser controls (e.g. `X-User-Id`). Those are forgeable and
-     * doing so reintroduces the IDOR this whole design exists to prevent. The
-     * handler passes you the `Request` so you can read *verified* cookies — not
-     * so you can read a client-asserted id.
-     */
-    getUserId: (request: Request) => Promise<string | null> | string | null;
-    /**
-     * The model to stream from. Either a fixed `LanguageModel` or a function of
-     * the request context (for per-user/per-org model selection). Defaults to a
-     * sensible current model when omitted.
-     */
-    model?: LanguageModel | ((ctx: ChatRequestContext) => LanguageModel | Promise<LanguageModel>);
-    /**
-     * Build the tool set for this request. Async and context-aware so tools can
-     * close over the user and open per-request resources (e.g. an MCP client).
-     * Return `{ tools, cleanup }`; the handler calls `cleanup` exactly once when
-     * the request settles. Omit for a chat with no tools.
-     */
-    buildTools?: (ctx: ChatRequestContext) => Promise<BuiltTools> | BuiltTools;
-    /**
-     * Persistence backend. Omit to use the hosted/default store. Provide a
-     * factory to bring your own DB. The factory is called per request with the
-     * server-verified `userId`; the handler never constructs a store with a
-     * client-supplied id.
-     */
-    store?: ChatStoreFactory;
-    /**
-     * Attachment storage backend. Omit to use the hosted/default adapter.
-     * Provide a factory for BYO storage (S3/R2/own bucket). Same per-request,
-     * verified-userId construction as `store`.
-     */
-    storage?: StorageAdapterFactory;
-    /**
-     * Produce the system prompt for this request. Receives the context so it
-     * can personalise (e.g. bake in the user's name). Defaults to a generic
-     * assistant prompt.
-     */
-    buildSystemPrompt?: (ctx: ChatRequestContext) => string | Promise<string>;
-    /**
-     * Last-chance transform of the model-ready messages before they're sent to
-     * the model — after the handler has applied its own sliding-window prune.
-     * Use for provider-specific rewrites (e.g. image file-parts → image-parts)
-     * or extra capping. Defaults to identity.
-     */
-    transformMessages?: (messages: ModelMessage[], ctx: ChatRequestContext) => ModelMessage[] | Promise<ModelMessage[]>;
-    /**
-     * Called after the assistant turn has been persisted. For telemetry/usage
-     * logging. NOT where you save messages — the handler already did that. Any
-     * error thrown here is logged and swallowed; it never fails the response
-     * (the user already has their answer).
-     */
-    onChatFinish?: (info: {
-        ctx: ChatRequestContext;
-        messages: UIMessage[];
-        usage?: unknown;
-        providerMetadata?: unknown;
-    }) => void | Promise<void>;
-    /**
-     * Map a stream error to the user-facing string the widget shows. Lets you
-     * downgrade benign post-finish teardown noise and localise messages.
-     * Defaults to a generic message + server-side error log.
-     */
-    onError?: (error: unknown) => string;
-    /**
-     * When the model may chain tool calls, how long to let it run before it
-     * must answer. Defaults to a bounded step count so a misbehaving tool loop
-     * can't run forever. Pass any AI SDK `StopCondition`.
-     */
-    stopWhen?: StopCondition<ToolSet>;
-    /** Server-side upload policy (types + size). See `UploadPolicy`. */
-    upload?: UploadPolicy;
-    /**
-     * How many of the most-recent messages to send to the model (sliding
-     * window). Defaults to 30. The handler always prunes; this tunes the
-     * window. Older messages stay in the store and in the UI — only the model
-     * payload is windowed.
-     */
-    maxHistoryMessages?: number;
-    /**
-     * Defensive per-message character cap applied during pruning so a single
-     * giant pasted blob can't dominate the context window. Defaults to 4000.
-     * Set to `0` to disable.
-     */
-    maxMessageChars?: number;
-}
+export { C as ChatStore, d as ChatStoreFactory, e as ConversationOwnershipError, L as ListMessagesOptions, c as SaveTurnInput, S as StoredAttachment, a as StoredConversation, b as StoredMessage } from '../chat-store-Dq1Zy_qV.mjs';
+export { S as StorageAdapter, a as StorageAdapterFactory, U as UploadInput, b as UploadResult } from '../storage-adapter-DD8uqiAP.mjs';
+import { C as CreateChatHandlerOptions } from '../handler-types-CCSjDZZ9.mjs';
+export { B as BuiltTools, a as ChatRequestContext, H as HostedAgentConfig, U as UploadPolicy } from '../handler-types-CCSjDZZ9.mjs';
+import 'ai';
 
 /**
  * createChatHandler — the request router and the "OWN loop".
@@ -214,4 +40,4 @@ declare function createChatHandler(options: CreateChatHandlerOptions): {
     DELETE: (request: Request) => Promise<Response>;
 };
 
-export { type BuiltTools, type ChatRequestContext, ChatStoreFactory, type CreateChatHandlerOptions, StorageAdapterFactory, type UploadPolicy, createChatHandler };
+export { CreateChatHandlerOptions, createChatHandler };

package/dist/server/index.d.ts

@@ -1,182 +1,8 @@
-import { C as ChatStoreFactory } from '../chat-store-DERCPwhl.js';
-export { d as ChatStore, e as ConversationOwnershipError, L as ListMessagesOptions, c as SaveTurnInput, S as StoredAttachment, a as StoredConversation, b as StoredMessage } from '../chat-store-DERCPwhl.js';
-import { a as StorageAdapterFactory } from '../storage-adapter-DD8uqiAP.js';
-export { S as StorageAdapter, U as UploadInput, b as UploadResult } from '../storage-adapter-DD8uqiAP.js';
-import { LanguageModel, ToolSet, ModelMessage, UIMessage, StopCondition } from 'ai';
-
-/**
- * Public configuration surface for `createChatHandler`.
- *
- * This is the API a host app touches to mount the chat backend. The design
- * follows one rule, derived from auditing a real power-user integration
- * (Jarvis): take away the shared, dangerous-to-get-wrong plumbing; keep every
- * point of genuine per-app variation as an injection point or a hook.
- *
- * Three tiers of override, from "you must" to "you rarely will":
- *
- *   REQUIRED injections — no safe default exists:
- *     • getUserId          (identity; the security boundary)
- *
- *   OPTIONAL injections — a default exists, swap to take control:
- *     • model              (which LLM)
- *     • buildTools         (your tools, incl. per-request resources)
- *     • store              (persistence; hosted default)
- *     • storage            (attachments; hosted default)
- *
- *   HOOKS — the loop runs fine without them; override one seam at a time:
- *     • buildSystemPrompt, transformMessages, onChatFinish, onError,
- *       stopWhen, upload
- *
- * Everything NOT in this file — ownership checks, idempotency, pagination,
- * re-signing, socket teardown, save-on-finish — is owned by the handler and
- * is intentionally not configurable, because getting it wrong is a security
- * or correctness bug, not a preference.
- */
-
-/**
- * Everything a per-request hook/injection needs to know about the current
- * request, assembled by the handler AFTER authentication. Passed to
- * `buildTools`, `model` (when a function), `buildSystemPrompt`, and
- * `transformMessages`.
- *
- * Note `userId` is the server-verified identity — the same value the store
- * and storage are bound to. Hooks can trust it.
- */
-interface ChatRequestContext {
-    /** Server-verified user id. Never client-supplied. */
-    userId: string;
-    /** The conversation this request targets. */
-    conversationId: string;
-    /** The raw request, for hooks that need headers/cookies (e.g. an org id). */
-    request: Request;
-}
-/**
- * What `buildTools` returns. The `cleanup` callback is the critical piece the
- * naive "just return a ToolSet" design misses: tools backed by a per-request
- * resource (an MCP client holding a socket, a DB transaction, a temp scope)
- * MUST be torn down after the stream finishes — exactly once, whether the
- * stream completed, errored, or the client aborted. The handler guarantees
- * that single, correctly-timed call so the host app never leaks sockets.
- */
-interface BuiltTools {
-    tools: ToolSet;
-    /**
-     * Called exactly once when the request is fully done (success, error, or
-     * abort), after the response stream has settled. Optional — omit when your
-     * tools hold no per-request resource.
-     */
-    cleanup?: () => void | Promise<void>;
-}
-/**
- * Server-side upload policy. Enforced by the handler's upload route BEFORE
- * any bytes touch storage, so an oversized or disallowed file is rejected
- * with a clean 4xx instead of a framework body-parse failure. The widget's
- * client-side `accept`/`maxBytes` should mirror these, but the SERVER is the
- * source of truth — the client checks are UX, these checks are the boundary.
- */
-interface UploadPolicy {
-    /**
-     * Allowed MIME types. An exact-match allow-list (not a prefix match) so
-     * `image/svg+xml` can be excluded while `image/png` is allowed. Defaults to
-     * a conservative image+pdf set that current vision models accept natively.
-     */
-    allowedMediaTypes?: string[];
-    /** Per-file size cap in bytes. Defaults to 5 MB. */
-    maxBytes?: number;
-}
-interface CreateChatHandlerOptions {
-    /**
-     * Derive the authenticated user's id from the SERVER session — a verified
-     * cookie/JWT, Clerk `auth()`, NextAuth `getServerSession()`,
-     * `supabase.auth.getUser()`, etc. Return `null` for an unauthenticated
-     * request; the handler responds 401.
-     *
-     * SECURITY: never read the id from the request body, query string, or a
-     * header the browser controls (e.g. `X-User-Id`). Those are forgeable and
-     * doing so reintroduces the IDOR this whole design exists to prevent. The
-     * handler passes you the `Request` so you can read *verified* cookies — not
-     * so you can read a client-asserted id.
-     */
-    getUserId: (request: Request) => Promise<string | null> | string | null;
-    /**
-     * The model to stream from. Either a fixed `LanguageModel` or a function of
-     * the request context (for per-user/per-org model selection). Defaults to a
-     * sensible current model when omitted.
-     */
-    model?: LanguageModel | ((ctx: ChatRequestContext) => LanguageModel | Promise<LanguageModel>);
-    /**
-     * Build the tool set for this request. Async and context-aware so tools can
-     * close over the user and open per-request resources (e.g. an MCP client).
-     * Return `{ tools, cleanup }`; the handler calls `cleanup` exactly once when
-     * the request settles. Omit for a chat with no tools.
-     */
-    buildTools?: (ctx: ChatRequestContext) => Promise<BuiltTools> | BuiltTools;
-    /**
-     * Persistence backend. Omit to use the hosted/default store. Provide a
-     * factory to bring your own DB. The factory is called per request with the
-     * server-verified `userId`; the handler never constructs a store with a
-     * client-supplied id.
-     */
-    store?: ChatStoreFactory;
-    /**
-     * Attachment storage backend. Omit to use the hosted/default adapter.
-     * Provide a factory for BYO storage (S3/R2/own bucket). Same per-request,
-     * verified-userId construction as `store`.
-     */
-    storage?: StorageAdapterFactory;
-    /**
-     * Produce the system prompt for this request. Receives the context so it
-     * can personalise (e.g. bake in the user's name). Defaults to a generic
-     * assistant prompt.
-     */
-    buildSystemPrompt?: (ctx: ChatRequestContext) => string | Promise<string>;
-    /**
-     * Last-chance transform of the model-ready messages before they're sent to
-     * the model — after the handler has applied its own sliding-window prune.
-     * Use for provider-specific rewrites (e.g. image file-parts → image-parts)
-     * or extra capping. Defaults to identity.
-     */
-    transformMessages?: (messages: ModelMessage[], ctx: ChatRequestContext) => ModelMessage[] | Promise<ModelMessage[]>;
-    /**
-     * Called after the assistant turn has been persisted. For telemetry/usage
-     * logging. NOT where you save messages — the handler already did that. Any
-     * error thrown here is logged and swallowed; it never fails the response
-     * (the user already has their answer).
-     */
-    onChatFinish?: (info: {
-        ctx: ChatRequestContext;
-        messages: UIMessage[];
-        usage?: unknown;
-        providerMetadata?: unknown;
-    }) => void | Promise<void>;
-    /**
-     * Map a stream error to the user-facing string the widget shows. Lets you
-     * downgrade benign post-finish teardown noise and localise messages.
-     * Defaults to a generic message + server-side error log.
-     */
-    onError?: (error: unknown) => string;
-    /**
-     * When the model may chain tool calls, how long to let it run before it
-     * must answer. Defaults to a bounded step count so a misbehaving tool loop
-     * can't run forever. Pass any AI SDK `StopCondition`.
-     */
-    stopWhen?: StopCondition<ToolSet>;
-    /** Server-side upload policy (types + size). See `UploadPolicy`. */
-    upload?: UploadPolicy;
-    /**
-     * How many of the most-recent messages to send to the model (sliding
-     * window). Defaults to 30. The handler always prunes; this tunes the
-     * window. Older messages stay in the store and in the UI — only the model
-     * payload is windowed.
-     */
-    maxHistoryMessages?: number;
-    /**
-     * Defensive per-message character cap applied during pruning so a single
-     * giant pasted blob can't dominate the context window. Defaults to 4000.
-     * Set to `0` to disable.
-     */
-    maxMessageChars?: number;
-}
+export { C as ChatStore, d as ChatStoreFactory, e as ConversationOwnershipError, L as ListMessagesOptions, c as SaveTurnInput, S as StoredAttachment, a as StoredConversation, b as StoredMessage } from '../chat-store-Dq1Zy_qV.js';
+export { S as StorageAdapter, a as StorageAdapterFactory, U as UploadInput, b as UploadResult } from '../storage-adapter-DD8uqiAP.js';
+import { C as CreateChatHandlerOptions } from '../handler-types-Bil94kTX.js';
+export { B as BuiltTools, a as ChatRequestContext, H as HostedAgentConfig, U as UploadPolicy } from '../handler-types-Bil94kTX.js';
+import 'ai';
 
 /**
  * createChatHandler — the request router and the "OWN loop".
@@ -214,4 +40,4 @@ declare function createChatHandler(options: CreateChatHandlerOptions): {
     DELETE: (request: Request) => Promise<Response>;
 };
 
-export { type BuiltTools, type ChatRequestContext, ChatStoreFactory, type CreateChatHandlerOptions, StorageAdapterFactory, type UploadPolicy, createChatHandler };
+export { CreateChatHandlerOptions, createChatHandler };