@open-mercato/ai-assistant 0.6.1-develop.3291.1.6fad645fd0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +1 -1
- package/AGENTS.md +30 -4
- package/dist/frontend/components/AiChatButton.js +3 -2
- package/dist/frontend/components/AiChatButton.js.map +2 -2
- package/dist/modules/ai_assistant/__integration__/TC-AI-AGENT-LOOP-001-006.spec.js +364 -0
- package/dist/modules/ai_assistant/__integration__/TC-AI-AGENT-LOOP-001-006.spec.js.map +7 -0
- package/dist/modules/ai_assistant/__integration__/TC-AI-RUNTIME-OVERRIDES-006-model-picker.spec.js +7 -7
- package/dist/modules/ai_assistant/__integration__/TC-AI-RUNTIME-OVERRIDES-006-model-picker.spec.js.map +2 -2
- package/dist/modules/ai_assistant/__integration__/TC-AI-TOKEN-USAGE-001-005.spec.js +182 -0
- package/dist/modules/ai_assistant/__integration__/TC-AI-TOKEN-USAGE-001-005.spec.js.map +7 -0
- package/dist/modules/ai_assistant/api/ai/agents/[agentId]/loop-override/route.js +316 -0
- package/dist/modules/ai_assistant/api/ai/agents/[agentId]/loop-override/route.js.map +7 -0
- package/dist/modules/ai_assistant/api/ai/agents/[agentId]/models/route.js +8 -7
- package/dist/modules/ai_assistant/api/ai/agents/[agentId]/models/route.js.map +2 -2
- package/dist/modules/ai_assistant/api/ai/chat/route.js +43 -20
- package/dist/modules/ai_assistant/api/ai/chat/route.js.map +2 -2
- package/dist/modules/ai_assistant/api/settings/route.js +4 -3
- package/dist/modules/ai_assistant/api/settings/route.js.map +2 -2
- package/dist/modules/ai_assistant/api/usage/daily/route.js +111 -0
- package/dist/modules/ai_assistant/api/usage/daily/route.js.map +7 -0
- package/dist/modules/ai_assistant/api/usage/sessions/[sessionId]/route.js +108 -0
- package/dist/modules/ai_assistant/api/usage/sessions/[sessionId]/route.js.map +7 -0
- package/dist/modules/ai_assistant/api/usage/sessions/route.js +153 -0
- package/dist/modules/ai_assistant/api/usage/sessions/route.js.map +7 -0
- package/dist/modules/ai_assistant/backend/config/ai-assistant/agents/AiAgentSettingsPageClient.js +335 -38
- package/dist/modules/ai_assistant/backend/config/ai-assistant/agents/AiAgentSettingsPageClient.js.map +2 -2
- package/dist/modules/ai_assistant/backend/config/ai-assistant/allowlist/AiTenantAllowlistPageClient.js +2 -7
- package/dist/modules/ai_assistant/backend/config/ai-assistant/allowlist/AiTenantAllowlistPageClient.js.map +2 -2
- package/dist/modules/ai_assistant/backend/config/ai-assistant/playground/AiPlaygroundPageClient.js +44 -35
- package/dist/modules/ai_assistant/backend/config/ai-assistant/playground/AiPlaygroundPageClient.js.map +2 -2
- package/dist/modules/ai_assistant/backend/config/ai-assistant/usage/AiUsageStatsPageClient.js +282 -0
- package/dist/modules/ai_assistant/backend/config/ai-assistant/usage/AiUsageStatsPageClient.js.map +7 -0
- package/dist/modules/ai_assistant/backend/config/ai-assistant/usage/page.js +10 -0
- package/dist/modules/ai_assistant/backend/config/ai-assistant/usage/page.js.map +7 -0
- package/dist/modules/ai_assistant/backend/config/ai-assistant/usage/page.meta.js +25 -0
- package/dist/modules/ai_assistant/backend/config/ai-assistant/usage/page.meta.js.map +7 -0
- package/dist/modules/ai_assistant/cli.js +12 -0
- package/dist/modules/ai_assistant/cli.js.map +2 -2
- package/dist/modules/ai_assistant/components/AiAssistantSettingsPageClient.js.map +1 -1
- package/dist/modules/ai_assistant/data/entities.js +177 -1
- package/dist/modules/ai_assistant/data/entities.js.map +2 -2
- package/dist/modules/ai_assistant/data/repositories/AiAgentRuntimeOverrideRepository.js +104 -2
- package/dist/modules/ai_assistant/data/repositories/AiAgentRuntimeOverrideRepository.js.map +2 -2
- package/dist/modules/ai_assistant/data/repositories/AiTokenUsageRepository.js +168 -0
- package/dist/modules/ai_assistant/data/repositories/AiTokenUsageRepository.js.map +7 -0
- package/dist/modules/ai_assistant/events.js +8 -0
- package/dist/modules/ai_assistant/events.js.map +2 -2
- package/dist/modules/ai_assistant/i18n/de.json +74 -1
- package/dist/modules/ai_assistant/i18n/en.json +74 -1
- package/dist/modules/ai_assistant/i18n/es.json +75 -2
- package/dist/modules/ai_assistant/i18n/pl.json +74 -1
- package/dist/modules/ai_assistant/lib/agent-policy.js.map +2 -2
- package/dist/modules/ai_assistant/lib/agent-runtime.js +588 -23
- package/dist/modules/ai_assistant/lib/agent-runtime.js.map +3 -3
- package/dist/modules/ai_assistant/lib/agent-tools.js +6 -1
- package/dist/modules/ai_assistant/lib/agent-tools.js.map +2 -2
- package/dist/modules/ai_assistant/lib/ai-agent-definition.js.map +2 -2
- package/dist/modules/ai_assistant/lib/model-factory.js +63 -22
- package/dist/modules/ai_assistant/lib/model-factory.js.map +2 -2
- package/dist/modules/ai_assistant/lib/token-usage-recorder.js +78 -0
- package/dist/modules/ai_assistant/lib/token-usage-recorder.js.map +7 -0
- package/dist/modules/ai_assistant/lib/usage-serialization.js +33 -0
- package/dist/modules/ai_assistant/lib/usage-serialization.js.map +7 -0
- package/dist/modules/ai_assistant/migrations/Migration20260508160000_ai_agent_loop_overrides.js +25 -0
- package/dist/modules/ai_assistant/migrations/Migration20260508160000_ai_agent_loop_overrides.js.map +7 -0
- package/dist/modules/ai_assistant/migrations/Migration20260508170000_ai_token_usage.js +88 -0
- package/dist/modules/ai_assistant/migrations/Migration20260508170000_ai_token_usage.js.map +7 -0
- package/dist/modules/ai_assistant/setup.js +34 -0
- package/dist/modules/ai_assistant/setup.js.map +2 -2
- package/dist/modules/ai_assistant/workers/ai-token-usage-prune.js +114 -0
- package/dist/modules/ai_assistant/workers/ai-token-usage-prune.js.map +7 -0
- package/generated/entities/ai_agent_runtime_override/index.ts +7 -0
- package/generated/entities/ai_token_usage_daily/index.ts +16 -0
- package/generated/entities/ai_token_usage_event/index.ts +19 -0
- package/generated/entities.ids.generated.ts +2 -0
- package/generated/entity-fields-registry.ts +47 -1
- package/package.json +15 -7
- package/src/frontend/components/AiChatButton.tsx +3 -2
- package/src/modules/ai_assistant/__integration__/TC-AI-AGENT-LOOP-001-006.spec.ts +521 -0
- package/src/modules/ai_assistant/__integration__/TC-AI-RUNTIME-OVERRIDES-006-model-picker.spec.ts +8 -8
- package/src/modules/ai_assistant/__integration__/TC-AI-TOKEN-USAGE-001-005.spec.ts +231 -0
- package/src/modules/ai_assistant/__tests__/events.test.ts +4 -3
- package/src/modules/ai_assistant/__tests__/settings-page-logic.test.ts +5 -5
- package/src/modules/ai_assistant/__tests__/token-usage-recorder.test.ts +109 -0
- package/src/modules/ai_assistant/api/ai/agents/[agentId]/loop-override/route.ts +388 -0
- package/src/modules/ai_assistant/api/ai/agents/[agentId]/models/__tests__/route.test.ts +5 -0
- package/src/modules/ai_assistant/api/ai/agents/[agentId]/models/route.ts +8 -7
- package/src/modules/ai_assistant/api/ai/chat/__tests__/route.test.ts +102 -5
- package/src/modules/ai_assistant/api/ai/chat/route.ts +55 -18
- package/src/modules/ai_assistant/api/settings/route.ts +5 -3
- package/src/modules/ai_assistant/api/usage/daily/__tests__/route.test.ts +159 -0
- package/src/modules/ai_assistant/api/usage/daily/route.ts +126 -0
- package/src/modules/ai_assistant/api/usage/sessions/[sessionId]/__tests__/route.test.ts +143 -0
- package/src/modules/ai_assistant/api/usage/sessions/[sessionId]/route.ts +130 -0
- package/src/modules/ai_assistant/api/usage/sessions/__tests__/route.test.ts +123 -0
- package/src/modules/ai_assistant/api/usage/sessions/route.ts +184 -0
- package/src/modules/ai_assistant/backend/config/ai-assistant/agents/AiAgentSettingsPageClient.tsx +372 -16
- package/src/modules/ai_assistant/backend/config/ai-assistant/allowlist/AiTenantAllowlistPageClient.tsx +1 -4
- package/src/modules/ai_assistant/backend/config/ai-assistant/playground/AiPlaygroundPageClient.tsx +26 -9
- package/src/modules/ai_assistant/backend/config/ai-assistant/usage/AiUsageStatsPageClient.tsx +469 -0
- package/src/modules/ai_assistant/backend/config/ai-assistant/usage/page.meta.ts +23 -0
- package/src/modules/ai_assistant/backend/config/ai-assistant/usage/page.tsx +12 -0
- package/src/modules/ai_assistant/cli.ts +18 -0
- package/src/modules/ai_assistant/components/AiAssistantSettingsPageClient.tsx +1 -1
- package/src/modules/ai_assistant/data/entities.ts +237 -0
- package/src/modules/ai_assistant/data/repositories/AiAgentRuntimeOverrideRepository.ts +135 -3
- package/src/modules/ai_assistant/data/repositories/AiTokenUsageRepository.ts +213 -0
- package/src/modules/ai_assistant/data/repositories/__tests__/AiAgentRuntimeOverrideRepository.test.ts +223 -0
- package/src/modules/ai_assistant/data/repositories/__tests__/AiTokenUsageRepository.test.ts +58 -0
- package/src/modules/ai_assistant/events.ts +8 -0
- package/src/modules/ai_assistant/i18n/de.json +74 -1
- package/src/modules/ai_assistant/i18n/en.json +74 -1
- package/src/modules/ai_assistant/i18n/es.json +75 -2
- package/src/modules/ai_assistant/i18n/pl.json +74 -1
- package/src/modules/ai_assistant/lib/__tests__/agent-runtime-loop-phase0.test.ts +439 -0
- package/src/modules/ai_assistant/lib/__tests__/agent-runtime-loop-phase1.test.ts +243 -0
- package/src/modules/ai_assistant/lib/__tests__/agent-runtime-loop-phase2.test.ts +388 -0
- package/src/modules/ai_assistant/lib/__tests__/agent-runtime-loop-phase3.test.ts +359 -0
- package/src/modules/ai_assistant/lib/__tests__/agent-runtime-phase4a.test.ts +2 -2
- package/src/modules/ai_assistant/lib/__tests__/agent-runtime.test.ts +2 -1
- package/src/modules/ai_assistant/lib/__tests__/max-steps-budget.integration.test.ts +12 -13
- package/src/modules/ai_assistant/lib/__tests__/model-factory.test.ts +77 -14
- package/src/modules/ai_assistant/lib/agent-policy.ts +9 -0
- package/src/modules/ai_assistant/lib/agent-runtime.ts +1148 -43
- package/src/modules/ai_assistant/lib/agent-tools.ts +5 -1
- package/src/modules/ai_assistant/lib/ai-agent-definition.ts +289 -2
- package/src/modules/ai_assistant/lib/model-factory.ts +128 -43
- package/src/modules/ai_assistant/lib/token-usage-recorder.ts +122 -0
- package/src/modules/ai_assistant/lib/usage-serialization.ts +29 -0
- package/src/modules/ai_assistant/migrations/.snapshot-open-mercato.json +791 -0
- package/src/modules/ai_assistant/migrations/Migration20260508160000_ai_agent_loop_overrides.ts +25 -0
- package/src/modules/ai_assistant/migrations/Migration20260508170000_ai_token_usage.ts +89 -0
- package/src/modules/ai_assistant/setup.ts +49 -0
- package/src/modules/ai_assistant/workers/__tests__/ai-token-usage-prune.test.ts +144 -0
- package/src/modules/ai_assistant/workers/ai-token-usage-prune.ts +188 -0
|
@@ -5,7 +5,10 @@ import { createRequestContainer } from "@open-mercato/shared/lib/di/container";
|
|
|
5
5
|
import { llmProviderRegistry } from "@open-mercato/shared/lib/ai/llm-provider-registry";
|
|
6
6
|
import { loadAgentRegistry } from "../../../lib/agent-registry.js";
|
|
7
7
|
import { checkAgentPolicy } from "../../../lib/agent-policy.js";
|
|
8
|
-
import {
|
|
8
|
+
import {
|
|
9
|
+
runAiAgentText,
|
|
10
|
+
resolveLoopBudgetPreset
|
|
11
|
+
} from "../../../lib/agent-runtime.js";
|
|
9
12
|
import { AgentPolicyError } from "../../../lib/agent-tools.js";
|
|
10
13
|
import { readBaseurlAllowlist, isBaseurlAllowlisted } from "../../../lib/baseurl-allowlist.js";
|
|
11
14
|
import {
|
|
@@ -37,10 +40,13 @@ const chatRequestSchema = z.object({
|
|
|
37
40
|
debug: z.boolean().optional(),
|
|
38
41
|
pageContext: pageContextSchema.optional(),
|
|
39
42
|
/**
|
|
40
|
-
*
|
|
41
|
-
*
|
|
42
|
-
*
|
|
43
|
-
|
|
43
|
+
* Stable per-conversation id (Phase 6.2). Wins over `conversationId` when
|
|
44
|
+
* both are provided. The server echoes the resolved id on the SSE
|
|
45
|
+
* `loop-finish` event so clients can persist it for the next turn.
|
|
46
|
+
*/
|
|
47
|
+
sessionId: z.string().uuid().optional(),
|
|
48
|
+
/**
|
|
49
|
+
* @deprecated Use `sessionId` instead.
|
|
44
50
|
*/
|
|
45
51
|
conversationId: z.string().min(1).max(128).optional()
|
|
46
52
|
});
|
|
@@ -49,7 +55,7 @@ const agentQuerySchema = z.object({
|
|
|
49
55
|
/**
|
|
50
56
|
* Per-request provider override. Must match a registered + configured
|
|
51
57
|
* provider id. Validated against `llmProviderRegistry` at dispatch time.
|
|
52
|
-
* Rejected when the agent has `
|
|
58
|
+
* Rejected when the agent has `allowRuntimeOverride: false`.
|
|
53
59
|
*
|
|
54
60
|
* Phase 4a of spec `2026-04-27-ai-agents-provider-model-baseurl-overrides`.
|
|
55
61
|
*/
|
|
@@ -68,7 +74,19 @@ const agentQuerySchema = z.object({
|
|
|
68
74
|
*
|
|
69
75
|
* Phase 4a of spec `2026-04-27-ai-agents-provider-model-baseurl-overrides`.
|
|
70
76
|
*/
|
|
71
|
-
baseUrl: z.string().optional()
|
|
77
|
+
baseUrl: z.string().optional(),
|
|
78
|
+
/**
|
|
79
|
+
* Named loop-budget preset. Maps to a fixed `loop.budget` triple:
|
|
80
|
+
* tight → maxSteps: 3, maxWallClockMs: 10_000, maxTokens: 50_000
|
|
81
|
+
* default → no override (agent default applies)
|
|
82
|
+
* loose → maxSteps: 20, maxWallClockMs: 120_000, maxTokens: 500_000
|
|
83
|
+
*
|
|
84
|
+
* Rejected when the agent has `allowRuntimeOverride: false` or
|
|
85
|
+
* `loop.allowRuntimeOverride: false`.
|
|
86
|
+
*
|
|
87
|
+
* Phase 4 of spec `2026-04-28-ai-agents-agentic-loop-controls`.
|
|
88
|
+
*/
|
|
89
|
+
loopBudget: z.enum(["tight", "default", "loose"]).optional()
|
|
72
90
|
});
|
|
73
91
|
const openApi = {
|
|
74
92
|
tag: "AI Assistant",
|
|
@@ -77,7 +95,7 @@ const openApi = {
|
|
|
77
95
|
POST: {
|
|
78
96
|
operationId: "aiAssistantChatAgent",
|
|
79
97
|
summary: "Stream a chat turn for a registered AI agent",
|
|
80
|
-
description: "Dispatches a chat turn to the focused AI agent identified by `?agent=<module>.<agent>`. Enforces agent-level `requiredFeatures`, tool whitelisting, read-only / mutationPolicy, execution-mode compatibility, and attachment media-type policy. The streaming response body uses an AI SDK-compatible `text/event-stream` transport. Optional `?provider=`, `?model=`, and `?baseUrl=` query params let callers override the resolved provider/model/base-URL for this turn (Phase 4a). Provider must be registered and configured; baseUrl must match `AI_RUNTIME_BASEURL_ALLOWLIST` when set. Both are suppressed when the agent declares `
|
|
98
|
+
description: "Dispatches a chat turn to the focused AI agent identified by `?agent=<module>.<agent>`. Enforces agent-level `requiredFeatures`, tool whitelisting, read-only / mutationPolicy, execution-mode compatibility, and attachment media-type policy. The streaming response body uses an AI SDK-compatible `text/event-stream` transport. Optional `?provider=`, `?model=`, and `?baseUrl=` query params let callers override the resolved provider/model/base-URL for this turn (Phase 4a). Provider must be registered and configured; baseUrl must match `AI_RUNTIME_BASEURL_ALLOWLIST` when set. Both are suppressed when the agent declares `allowRuntimeOverride: false`.",
|
|
81
99
|
query: agentQuerySchema,
|
|
82
100
|
requestBody: {
|
|
83
101
|
contentType: "application/json",
|
|
@@ -90,7 +108,7 @@ const openApi = {
|
|
|
90
108
|
errors: [
|
|
91
109
|
{
|
|
92
110
|
status: 400,
|
|
93
|
-
description: "Invalid query param, malformed payload, or message count above the cap. Typed codes: `runtime_override_disabled` (agent has
|
|
111
|
+
description: "Invalid query param, malformed payload, or message count above the cap. Typed codes: `runtime_override_disabled` (agent has allowRuntimeOverride:false), `provider_unknown` (provider id not registered), `provider_not_configured` (provider registered but no API key in env), `baseurl_not_allowlisted` (baseUrl not in AI_RUNTIME_BASEURL_ALLOWLIST)."
|
|
94
112
|
},
|
|
95
113
|
{ status: 401, description: "Unauthenticated caller." },
|
|
96
114
|
{ status: 403, description: "Caller lacks agent-level or tool-level required features." },
|
|
@@ -136,7 +154,8 @@ async function POST(req) {
|
|
|
136
154
|
agent: requestUrl.searchParams.get("agent") ?? void 0,
|
|
137
155
|
provider: requestUrl.searchParams.get("provider") ?? void 0,
|
|
138
156
|
model: requestUrl.searchParams.get("model") ?? void 0,
|
|
139
|
-
baseUrl: requestUrl.searchParams.get("baseUrl") ?? void 0
|
|
157
|
+
baseUrl: requestUrl.searchParams.get("baseUrl") ?? void 0,
|
|
158
|
+
loopBudget: requestUrl.searchParams.get("loopBudget") ?? void 0
|
|
140
159
|
});
|
|
141
160
|
if (!queryResult.success) {
|
|
142
161
|
return jsonError(400, 'Invalid or missing "agent" query parameter.', "validation_error", {
|
|
@@ -147,6 +166,7 @@ async function POST(req) {
|
|
|
147
166
|
const rawProvider = queryResult.data.provider;
|
|
148
167
|
const rawModel = queryResult.data.model;
|
|
149
168
|
const rawBaseUrl = queryResult.data.baseUrl;
|
|
169
|
+
const rawLoopBudget = queryResult.data.loopBudget;
|
|
150
170
|
let parsedBody;
|
|
151
171
|
try {
|
|
152
172
|
parsedBody = await req.json();
|
|
@@ -184,15 +204,14 @@ async function POST(req) {
|
|
|
184
204
|
return jsonError(statusForDenyCode(decision.code), decision.message, decision.code);
|
|
185
205
|
}
|
|
186
206
|
const agentDef = decision.agent;
|
|
187
|
-
const hasRuntimeOverride = rawProvider && rawProvider.trim().length > 0 || rawModel && rawModel.trim().length > 0 || rawBaseUrl && rawBaseUrl.trim().length > 0;
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
}
|
|
207
|
+
const hasRuntimeOverride = rawProvider && rawProvider.trim().length > 0 || rawModel && rawModel.trim().length > 0 || rawBaseUrl && rawBaseUrl.trim().length > 0 || rawLoopBudget !== void 0 && rawLoopBudget !== "default";
|
|
208
|
+
const runtimeOverrideAllowed = agentDef.allowRuntimeOverride !== false && agentDef.allowRuntimeModelOverride !== false;
|
|
209
|
+
if (hasRuntimeOverride && !runtimeOverrideAllowed) {
|
|
210
|
+
return jsonError(
|
|
211
|
+
400,
|
|
212
|
+
`Agent "${agentId}" has runtime override disabled (allowRuntimeOverride: false).`,
|
|
213
|
+
"runtime_override_disabled"
|
|
214
|
+
);
|
|
196
215
|
}
|
|
197
216
|
let tenantAllowlistSnapshot = null;
|
|
198
217
|
let agentRuntimeOverrideAllowlist = null;
|
|
@@ -300,12 +319,14 @@ async function POST(req) {
|
|
|
300
319
|
modelId: rawModel && rawModel.trim().length > 0 ? rawModel.trim() : null,
|
|
301
320
|
baseURL: rawBaseUrl && rawBaseUrl.trim().length > 0 ? rawBaseUrl.trim() : null
|
|
302
321
|
} : void 0;
|
|
322
|
+
const loopFromPreset = rawLoopBudget !== void 0 && rawLoopBudget !== "default" ? resolveLoopBudgetPreset(rawLoopBudget) : void 0;
|
|
303
323
|
return await runAiAgentText({
|
|
304
324
|
agentId,
|
|
305
325
|
messages: bodyResult.data.messages,
|
|
306
326
|
attachmentIds: bodyResult.data.attachmentIds,
|
|
307
327
|
pageContext: bodyResult.data.pageContext,
|
|
308
328
|
debug: bodyResult.data.debug,
|
|
329
|
+
sessionId: bodyResult.data.sessionId ?? null,
|
|
309
330
|
conversationId: bodyResult.data.conversationId ?? null,
|
|
310
331
|
authContext: {
|
|
311
332
|
tenantId: auth.tenantId ?? null,
|
|
@@ -315,7 +336,9 @@ async function POST(req) {
|
|
|
315
336
|
isSuperAdmin: acl.isSuperAdmin
|
|
316
337
|
},
|
|
317
338
|
container,
|
|
318
|
-
requestOverride
|
|
339
|
+
requestOverride,
|
|
340
|
+
loop: loopFromPreset,
|
|
341
|
+
emitLoopTrace: true
|
|
319
342
|
});
|
|
320
343
|
} catch (error) {
|
|
321
344
|
if (error instanceof AgentPolicyError) {
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../../src/modules/ai_assistant/api/ai/chat/route.ts"],
|
|
4
|
-
"sourcesContent": ["import { NextResponse, type NextRequest } from 'next/server'\nimport type { UIMessage } from 'ai'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { llmProviderRegistry } from '@open-mercato/shared/lib/ai/llm-provider-registry'\nimport { loadAgentRegistry } from '../../../lib/agent-registry'\nimport { checkAgentPolicy, type AgentPolicyDenyCode } from '../../../lib/agent-policy'\nimport { runAiAgentText } from '../../../lib/agent-runtime'\nimport { AgentPolicyError } from '../../../lib/agent-tools'\nimport { readBaseurlAllowlist, isBaseurlAllowlisted } from '../../../lib/baseurl-allowlist'\nimport {\n canonicalProviderId,\n hasAllowlistSnapshotRestrictions,\n intersectEffectiveAllowlistWithSnapshot,\n intersectAllowlists,\n isModelAllowedForProviderInEffective,\n isProviderAllowedInEffective,\n modelAllowlistEnvVarName,\n readAgentRuntimeOverrideAllowlist,\n type TenantAllowlistSnapshot,\n} from '../../../lib/model-allowlist'\nimport { AiTenantModelAllowlistRepository } from '../../../data/repositories/AiTenantModelAllowlistRepository'\nimport { AiAgentRuntimeOverrideRepository } from '../../../data/repositories/AiAgentRuntimeOverrideRepository'\nimport type { EntityManager } from '@mikro-orm/postgresql'\n\nconst MAX_MESSAGES = 100\n\nconst agentIdPattern = /^[a-z0-9_]+\\.[a-z0-9_]+$/\n\nconst chatMessageSchema = z.object({\n role: z.enum(['user', 'assistant', 'system']),\n content: z.string(),\n})\n\nconst pageContextSchema = z\n .object({\n pageId: z.string().nullable().optional(),\n entityType: z.string().nullable().optional(),\n recordId: z.string().nullable().optional(),\n })\n .passthrough()\n\nconst chatRequestSchema = z.object({\n messages: z\n .array(chatMessageSchema)\n .min(1, 'messages must contain at least one message')\n .max(MAX_MESSAGES, `messages must contain at most ${MAX_MESSAGES} entries`),\n attachmentIds: z.array(z.string()).optional(),\n debug: z.boolean().optional(),\n pageContext: pageContextSchema.optional(),\n /**\n * Optional stable conversation id forwarded from `<AiChat>`. Bridged into\n * the Step 5.6 `prepareMutation` idempotency hash so repeated turns within\n * the same chat collapse onto the same pending action. Additive; omitted\n * bodies continue to work as before.\n */\n conversationId: z.string().min(1).max(128).optional(),\n})\n\nexport type AiChatRequest = z.infer<typeof chatRequestSchema>\n\nconst agentQuerySchema = z.object({\n agent: z\n .string()\n .regex(agentIdPattern, 'agent must match \"<module>.<agent>\" (lowercase, digits, underscores only)'),\n /**\n * Per-request provider override. Must match a registered + configured\n * provider id. Validated against `llmProviderRegistry` at dispatch time.\n * Rejected when the agent has `allowRuntimeModelOverride: false`.\n *\n * Phase 4a of spec `2026-04-27-ai-agents-provider-model-baseurl-overrides`.\n */\n provider: z.string().optional(),\n /**\n * Per-request model id override. Free-form string. Logged (not rejected)\n * when not in the provider's curated `defaultModels` catalog.\n *\n * Phase 4a of spec `2026-04-27-ai-agents-provider-model-baseurl-overrides`.\n */\n model: z.string().optional(),\n /**\n * Per-request base URL override. Must parse as a URL and match\n * `AI_RUNTIME_BASEURL_ALLOWLIST` (comma-separated host patterns). When the\n * env var is unset or empty, any non-empty value is rejected.\n *\n * Phase 4a of spec `2026-04-27-ai-agents-provider-model-baseurl-overrides`.\n */\n baseUrl: z.string().optional(),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'AI Assistant',\n summary: 'AI agent dispatcher',\n methods: {\n POST: {\n operationId: 'aiAssistantChatAgent',\n summary: 'Stream a chat turn for a registered AI agent',\n description:\n 'Dispatches a chat turn to the focused AI agent identified by `?agent=<module>.<agent>`. ' +\n 'Enforces agent-level `requiredFeatures`, tool whitelisting, read-only / mutationPolicy, ' +\n 'execution-mode compatibility, and attachment media-type policy. The streaming response ' +\n 'body uses an AI SDK-compatible `text/event-stream` transport. ' +\n 'Optional `?provider=`, `?model=`, and `?baseUrl=` query params let callers ' +\n 'override the resolved provider/model/base-URL for this turn (Phase 4a). ' +\n 'Provider must be registered and configured; baseUrl must match ' +\n '`AI_RUNTIME_BASEURL_ALLOWLIST` when set. Both are suppressed when the ' +\n 'agent declares `allowRuntimeModelOverride: false`.',\n query: agentQuerySchema,\n requestBody: {\n contentType: 'application/json',\n description: 'Chat turn payload. `messages` is required; `attachmentIds`, `debug`, and `pageContext` are optional.',\n schema: chatRequestSchema,\n },\n responses: [\n { status: 200, description: 'Streaming text/event-stream response compatible with AI SDK chat transports.', mediaType: 'text/event-stream' },\n ],\n errors: [\n {\n status: 400,\n description:\n 'Invalid query param, malformed payload, or message count above the cap. ' +\n 'Typed codes: `runtime_override_disabled` (agent has allowRuntimeModelOverride:false), ' +\n '`provider_unknown` (provider id not registered), ' +\n '`provider_not_configured` (provider registered but no API key in env), ' +\n '`baseurl_not_allowlisted` (baseUrl not in AI_RUNTIME_BASEURL_ALLOWLIST).',\n },\n { status: 401, description: 'Unauthenticated caller.' },\n { status: 403, description: 'Caller lacks agent-level or tool-level required features.' },\n { status: 404, description: 'Unknown agent id.' },\n { status: 409, description: 'Agent/tool/execution-mode policy violation.' },\n { status: 500, description: 'Internal runtime failure.' },\n ],\n },\n },\n}\n\nexport const metadata = {\n POST: { requireAuth: true, requireFeatures: ['ai_assistant.view'] },\n}\n\nfunction jsonError(\n status: number,\n message: string,\n code: string,\n extra?: Record<string, unknown>,\n): NextResponse {\n return NextResponse.json({ error: message, code, ...(extra ?? {}) }, { status })\n}\n\nfunction statusForDenyCode(code: AgentPolicyDenyCode): number {\n switch (code) {\n case 'agent_unknown':\n return 404\n case 'agent_features_denied':\n case 'tool_features_denied':\n return 403\n case 'tool_not_whitelisted':\n case 'tool_unknown':\n case 'mutation_blocked_by_readonly':\n case 'mutation_blocked_by_policy':\n case 'execution_mode_not_supported':\n return 409\n case 'attachment_type_not_accepted':\n return 400\n default:\n return 409\n }\n}\n\nexport async function POST(req: NextRequest): Promise<Response> {\n const auth = await getAuthFromRequest(req)\n if (!auth) {\n return jsonError(401, 'Unauthorized', 'unauthenticated')\n }\n\n const requestUrl = new URL(req.url)\n const queryResult = agentQuerySchema.safeParse({\n agent: requestUrl.searchParams.get('agent') ?? undefined,\n provider: requestUrl.searchParams.get('provider') ?? undefined,\n model: requestUrl.searchParams.get('model') ?? undefined,\n baseUrl: requestUrl.searchParams.get('baseUrl') ?? undefined,\n })\n if (!queryResult.success) {\n return jsonError(400, 'Invalid or missing \"agent\" query parameter.', 'validation_error', {\n issues: queryResult.error.issues,\n })\n }\n const agentId = queryResult.data.agent\n const rawProvider = queryResult.data.provider\n const rawModel = queryResult.data.model\n const rawBaseUrl = queryResult.data.baseUrl\n\n let parsedBody: unknown\n try {\n parsedBody = await req.json()\n } catch {\n return jsonError(400, 'Request body must be valid JSON.', 'validation_error')\n }\n\n const bodyResult = chatRequestSchema.safeParse(parsedBody)\n if (!bodyResult.success) {\n return jsonError(400, 'Invalid request body.', 'validation_error', {\n issues: bodyResult.error.issues,\n })\n }\n\n try {\n await loadAgentRegistry()\n\n const container = await createRequestContainer()\n const rbacService = container.resolve<RbacService>('rbacService')\n const acl = await rbacService.loadAcl(auth.sub, {\n tenantId: auth.tenantId,\n organizationId: auth.orgId,\n })\n\n const decision = checkAgentPolicy({\n agentId,\n authContext: {\n userFeatures: acl.features,\n isSuperAdmin: acl.isSuperAdmin,\n },\n requestedExecutionMode: 'chat',\n // TODO(step-3.7): resolve attachmentIds -> media types via attachment-bridge\n // once the attachment-to-model conversion bridge lands. Until then the\n // policy gate skips attachment-type validation because media types are\n // not known at dispatch time.\n attachmentMediaTypes: undefined,\n })\n\n if (!decision.ok) {\n return jsonError(statusForDenyCode(decision.code), decision.message, decision.code)\n }\n\n const agentDef = decision.agent\n\n // --- Phase 4a: validate runtime override query params ---\n const hasRuntimeOverride =\n (rawProvider && rawProvider.trim().length > 0) ||\n (rawModel && rawModel.trim().length > 0) ||\n (rawBaseUrl && rawBaseUrl.trim().length > 0)\n\n if (hasRuntimeOverride) {\n if (agentDef.allowRuntimeModelOverride === false) {\n return jsonError(\n 400,\n `Agent \"${agentId}\" has runtime model override disabled (allowRuntimeModelOverride: false).`,\n 'runtime_override_disabled',\n )\n }\n }\n\n let tenantAllowlistSnapshot: TenantAllowlistSnapshot | null = null\n let agentRuntimeOverrideAllowlist: TenantAllowlistSnapshot | null = null\n if (auth.tenantId) {\n try {\n const em = container.resolve<EntityManager>('em')\n const allowlistRepo = new AiTenantModelAllowlistRepository(em)\n tenantAllowlistSnapshot = await allowlistRepo.getSnapshot({\n tenantId: auth.tenantId,\n organizationId: auth.orgId ?? null,\n })\n const runtimeOverrideRepo = new AiAgentRuntimeOverrideRepository(em)\n const agentRuntimeOverrideRow = await runtimeOverrideRepo.getExact({\n tenantId: auth.tenantId,\n organizationId: auth.orgId ?? null,\n agentId,\n })\n const tenantAgentAllowlist = agentRuntimeOverrideRow\n ? {\n allowedProviders: agentRuntimeOverrideRow.allowedOverrideProviders ?? null,\n allowedModelsByProvider: agentRuntimeOverrideRow.allowedOverrideModelsByProvider ?? {},\n }\n : null\n agentRuntimeOverrideAllowlist = hasAllowlistSnapshotRestrictions(tenantAgentAllowlist)\n ? tenantAgentAllowlist\n : null\n } catch (snapshotError) {\n // Fail closed: refuse to dispatch if we cannot confirm the tenant allowlist.\n // Silently falling back to env-only would widen the effective allowlist when\n // the DB is unavailable, which is the opposite of what an admin intends.\n console.error(\n '[AI Chat Agent] Tenant allowlist lookup failed; refusing to dispatch:',\n snapshotError,\n )\n return jsonError(\n 503,\n 'Tenant allowlist is temporarily unavailable. Try again shortly.',\n 'tenant_allowlist_unavailable',\n )\n }\n }\n const knownProviderIds = llmProviderRegistry.list().map((p) => p.id)\n const baseEffectiveAllowlist = intersectAllowlists(\n process.env as Record<string, string | undefined>,\n knownProviderIds,\n tenantAllowlistSnapshot,\n )\n const envAgentAllowlist = readAgentRuntimeOverrideAllowlist(\n process.env as Record<string, string | undefined>,\n agentId,\n knownProviderIds,\n )\n const effectiveAllowlist = intersectEffectiveAllowlistWithSnapshot(\n intersectEffectiveAllowlistWithSnapshot(\n baseEffectiveAllowlist,\n knownProviderIds,\n envAgentAllowlist,\n ),\n knownProviderIds,\n agentRuntimeOverrideAllowlist,\n )\n\n const normalizedProvider = rawProvider && rawProvider.trim().length > 0\n ? canonicalProviderId(rawProvider.trim(), llmProviderRegistry.list().map((p) => p.id))\n : null\n\n if (rawProvider && rawProvider.trim().length > 0) {\n const providerEntry = normalizedProvider ? llmProviderRegistry.get(normalizedProvider) : null\n if (!providerEntry) {\n return jsonError(\n 400,\n `Provider \"${rawProvider}\" is not registered. Registered provider ids: ${llmProviderRegistry.list().map((p) => p.id).join(', ')}.`,\n 'provider_unknown',\n )\n }\n if (!providerEntry.isConfigured()) {\n return jsonError(\n 400,\n `Provider \"${rawProvider}\" is registered but not configured in this environment (missing API key).`,\n 'provider_not_configured',\n )\n }\n if (!isProviderAllowedInEffective(effectiveAllowlist, normalizedProvider!)) {\n const source = effectiveAllowlist.tenantOverridesActive\n ? 'the effective allowlist (env \u2229 tenant)'\n : 'OM_AI_AVAILABLE_PROVIDERS'\n return jsonError(\n 400,\n `Provider \"${rawProvider}\" is not in ${source}.`,\n 'provider_not_allowlisted',\n )\n }\n if (\n rawModel\n && rawModel.trim().length > 0\n && !isModelAllowedForProviderInEffective(\n effectiveAllowlist,\n normalizedProvider!,\n rawModel.trim(),\n )\n ) {\n const source = effectiveAllowlist.tenantOverridesActive\n ? `the effective allowlist (env \u2229 tenant) for \"${normalizedProvider}\"`\n : modelAllowlistEnvVarName(normalizedProvider!)\n return jsonError(\n 400,\n `Model \"${rawModel}\" is not in ${source}.`,\n 'model_not_allowlisted',\n )\n }\n }\n\n if (rawBaseUrl && rawBaseUrl.trim().length > 0) {\n const allowlist = readBaseurlAllowlist()\n if (!isBaseurlAllowlisted(rawBaseUrl.trim(), allowlist)) {\n return jsonError(\n 400,\n `baseUrl \"${rawBaseUrl}\" is not in the AI_RUNTIME_BASEURL_ALLOWLIST. Set that env var to a comma-separated list of allowed host patterns to enable per-request baseUrl overrides.`,\n 'baseurl_not_allowlisted',\n )\n }\n }\n // --- end Phase 4a validation ---\n\n const requestOverride =\n hasRuntimeOverride\n ? {\n providerId: normalizedProvider,\n modelId: rawModel && rawModel.trim().length > 0 ? rawModel.trim() : null,\n baseURL: rawBaseUrl && rawBaseUrl.trim().length > 0 ? rawBaseUrl.trim() : null,\n }\n : undefined\n\n return await runAiAgentText({\n agentId,\n messages: bodyResult.data.messages as unknown as UIMessage[],\n attachmentIds: bodyResult.data.attachmentIds,\n pageContext: bodyResult.data.pageContext,\n debug: bodyResult.data.debug,\n conversationId: bodyResult.data.conversationId ?? null,\n authContext: {\n tenantId: auth.tenantId ?? null,\n organizationId: auth.orgId ?? null,\n userId: auth.sub,\n features: acl.features,\n isSuperAdmin: acl.isSuperAdmin,\n },\n container,\n requestOverride,\n })\n } catch (error) {\n if (error instanceof AgentPolicyError) {\n return jsonError(statusForDenyCode(error.code), error.message, error.code)\n }\n console.error('[AI Chat Agent] Dispatch failure:', error)\n return jsonError(\n 500,\n error instanceof Error ? error.message : 'Agent dispatch failed.',\n 'internal_error',\n )\n }\n}\n"],
|
|
5
|
-
"mappings": "AAAA,SAAS,oBAAsC;AAE/C,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,2BAA2B;AACpC,SAAS,yBAAyB;AAClC,SAAS,wBAAkD;AAC3D,
|
|
4
|
+
"sourcesContent": ["import { NextResponse, type NextRequest } from 'next/server'\nimport type { UIMessage } from 'ai'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { llmProviderRegistry } from '@open-mercato/shared/lib/ai/llm-provider-registry'\nimport { loadAgentRegistry } from '../../../lib/agent-registry'\nimport { checkAgentPolicy, type AgentPolicyDenyCode } from '../../../lib/agent-policy'\nimport {\n runAiAgentText,\n resolveLoopBudgetPreset,\n type AiAgentLoopBudgetPreset,\n} from '../../../lib/agent-runtime'\nimport { AgentPolicyError } from '../../../lib/agent-tools'\nimport { readBaseurlAllowlist, isBaseurlAllowlisted } from '../../../lib/baseurl-allowlist'\nimport {\n canonicalProviderId,\n hasAllowlistSnapshotRestrictions,\n intersectEffectiveAllowlistWithSnapshot,\n intersectAllowlists,\n isModelAllowedForProviderInEffective,\n isProviderAllowedInEffective,\n modelAllowlistEnvVarName,\n readAgentRuntimeOverrideAllowlist,\n type TenantAllowlistSnapshot,\n} from '../../../lib/model-allowlist'\nimport { AiTenantModelAllowlistRepository } from '../../../data/repositories/AiTenantModelAllowlistRepository'\nimport { AiAgentRuntimeOverrideRepository } from '../../../data/repositories/AiAgentRuntimeOverrideRepository'\nimport type { EntityManager } from '@mikro-orm/postgresql'\n\nconst MAX_MESSAGES = 100\n\nconst agentIdPattern = /^[a-z0-9_]+\\.[a-z0-9_]+$/\n\nconst chatMessageSchema = z.object({\n role: z.enum(['user', 'assistant', 'system']),\n content: z.string(),\n})\n\nconst pageContextSchema = z\n .object({\n pageId: z.string().nullable().optional(),\n entityType: z.string().nullable().optional(),\n recordId: z.string().nullable().optional(),\n })\n .passthrough()\n\nconst chatRequestSchema = z.object({\n messages: z\n .array(chatMessageSchema)\n .min(1, 'messages must contain at least one message')\n .max(MAX_MESSAGES, `messages must contain at most ${MAX_MESSAGES} entries`),\n attachmentIds: z.array(z.string()).optional(),\n debug: z.boolean().optional(),\n pageContext: pageContextSchema.optional(),\n /**\n * Stable per-conversation id (Phase 6.2). Wins over `conversationId` when\n * both are provided. The server echoes the resolved id on the SSE\n * `loop-finish` event so clients can persist it for the next turn.\n */\n sessionId: z.string().uuid().optional(),\n /**\n * @deprecated Use `sessionId` instead.\n */\n conversationId: z.string().min(1).max(128).optional(),\n})\n\nexport type AiChatRequest = z.infer<typeof chatRequestSchema>\n\nconst agentQuerySchema = z.object({\n agent: z\n .string()\n .regex(agentIdPattern, 'agent must match \"<module>.<agent>\" (lowercase, digits, underscores only)'),\n /**\n * Per-request provider override. Must match a registered + configured\n * provider id. Validated against `llmProviderRegistry` at dispatch time.\n * Rejected when the agent has `allowRuntimeOverride: false`.\n *\n * Phase 4a of spec `2026-04-27-ai-agents-provider-model-baseurl-overrides`.\n */\n provider: z.string().optional(),\n /**\n * Per-request model id override. Free-form string. Logged (not rejected)\n * when not in the provider's curated `defaultModels` catalog.\n *\n * Phase 4a of spec `2026-04-27-ai-agents-provider-model-baseurl-overrides`.\n */\n model: z.string().optional(),\n /**\n * Per-request base URL override. Must parse as a URL and match\n * `AI_RUNTIME_BASEURL_ALLOWLIST` (comma-separated host patterns). When the\n * env var is unset or empty, any non-empty value is rejected.\n *\n * Phase 4a of spec `2026-04-27-ai-agents-provider-model-baseurl-overrides`.\n */\n baseUrl: z.string().optional(),\n /**\n * Named loop-budget preset. Maps to a fixed `loop.budget` triple:\n * tight \u2192 maxSteps: 3, maxWallClockMs: 10_000, maxTokens: 50_000\n * default \u2192 no override (agent default applies)\n * loose \u2192 maxSteps: 20, maxWallClockMs: 120_000, maxTokens: 500_000\n *\n * Rejected when the agent has `allowRuntimeOverride: false` or\n * `loop.allowRuntimeOverride: false`.\n *\n * Phase 4 of spec `2026-04-28-ai-agents-agentic-loop-controls`.\n */\n loopBudget: z.enum(['tight', 'default', 'loose']).optional(),\n})\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'AI Assistant',\n summary: 'AI agent dispatcher',\n methods: {\n POST: {\n operationId: 'aiAssistantChatAgent',\n summary: 'Stream a chat turn for a registered AI agent',\n description:\n 'Dispatches a chat turn to the focused AI agent identified by `?agent=<module>.<agent>`. ' +\n 'Enforces agent-level `requiredFeatures`, tool whitelisting, read-only / mutationPolicy, ' +\n 'execution-mode compatibility, and attachment media-type policy. The streaming response ' +\n 'body uses an AI SDK-compatible `text/event-stream` transport. ' +\n 'Optional `?provider=`, `?model=`, and `?baseUrl=` query params let callers ' +\n 'override the resolved provider/model/base-URL for this turn (Phase 4a). ' +\n 'Provider must be registered and configured; baseUrl must match ' +\n '`AI_RUNTIME_BASEURL_ALLOWLIST` when set. Both are suppressed when the ' +\n 'agent declares `allowRuntimeOverride: false`.',\n query: agentQuerySchema,\n requestBody: {\n contentType: 'application/json',\n description: 'Chat turn payload. `messages` is required; `attachmentIds`, `debug`, and `pageContext` are optional.',\n schema: chatRequestSchema,\n },\n responses: [\n { status: 200, description: 'Streaming text/event-stream response compatible with AI SDK chat transports.', mediaType: 'text/event-stream' },\n ],\n errors: [\n {\n status: 400,\n description:\n 'Invalid query param, malformed payload, or message count above the cap. ' +\n 'Typed codes: `runtime_override_disabled` (agent has allowRuntimeOverride:false), ' +\n '`provider_unknown` (provider id not registered), ' +\n '`provider_not_configured` (provider registered but no API key in env), ' +\n '`baseurl_not_allowlisted` (baseUrl not in AI_RUNTIME_BASEURL_ALLOWLIST).',\n },\n { status: 401, description: 'Unauthenticated caller.' },\n { status: 403, description: 'Caller lacks agent-level or tool-level required features.' },\n { status: 404, description: 'Unknown agent id.' },\n { status: 409, description: 'Agent/tool/execution-mode policy violation.' },\n { status: 500, description: 'Internal runtime failure.' },\n ],\n },\n },\n}\n\nexport const metadata = {\n POST: { requireAuth: true, requireFeatures: ['ai_assistant.view'] },\n}\n\nfunction jsonError(\n status: number,\n message: string,\n code: string,\n extra?: Record<string, unknown>,\n): NextResponse {\n return NextResponse.json({ error: message, code, ...(extra ?? {}) }, { status })\n}\n\nfunction statusForDenyCode(code: AgentPolicyDenyCode): number {\n switch (code) {\n case 'agent_unknown':\n return 404\n case 'agent_features_denied':\n case 'tool_features_denied':\n return 403\n case 'tool_not_whitelisted':\n case 'tool_unknown':\n case 'mutation_blocked_by_readonly':\n case 'mutation_blocked_by_policy':\n case 'execution_mode_not_supported':\n return 409\n case 'attachment_type_not_accepted':\n return 400\n default:\n return 409\n }\n}\n\nexport async function POST(req: NextRequest): Promise<Response> {\n const auth = await getAuthFromRequest(req)\n if (!auth) {\n return jsonError(401, 'Unauthorized', 'unauthenticated')\n }\n\n const requestUrl = new URL(req.url)\n const queryResult = agentQuerySchema.safeParse({\n agent: requestUrl.searchParams.get('agent') ?? undefined,\n provider: requestUrl.searchParams.get('provider') ?? undefined,\n model: requestUrl.searchParams.get('model') ?? undefined,\n baseUrl: requestUrl.searchParams.get('baseUrl') ?? undefined,\n loopBudget: requestUrl.searchParams.get('loopBudget') ?? undefined,\n })\n if (!queryResult.success) {\n return jsonError(400, 'Invalid or missing \"agent\" query parameter.', 'validation_error', {\n issues: queryResult.error.issues,\n })\n }\n const agentId = queryResult.data.agent\n const rawProvider = queryResult.data.provider\n const rawModel = queryResult.data.model\n const rawBaseUrl = queryResult.data.baseUrl\n const rawLoopBudget = queryResult.data.loopBudget as AiAgentLoopBudgetPreset | undefined\n\n let parsedBody: unknown\n try {\n parsedBody = await req.json()\n } catch {\n return jsonError(400, 'Request body must be valid JSON.', 'validation_error')\n }\n\n const bodyResult = chatRequestSchema.safeParse(parsedBody)\n if (!bodyResult.success) {\n return jsonError(400, 'Invalid request body.', 'validation_error', {\n issues: bodyResult.error.issues,\n })\n }\n\n try {\n await loadAgentRegistry()\n\n const container = await createRequestContainer()\n const rbacService = container.resolve<RbacService>('rbacService')\n const acl = await rbacService.loadAcl(auth.sub, {\n tenantId: auth.tenantId,\n organizationId: auth.orgId,\n })\n\n const decision = checkAgentPolicy({\n agentId,\n authContext: {\n userFeatures: acl.features,\n isSuperAdmin: acl.isSuperAdmin,\n },\n requestedExecutionMode: 'chat',\n // TODO(step-3.7): resolve attachmentIds -> media types via attachment-bridge\n // once the attachment-to-model conversion bridge lands. Until then the\n // policy gate skips attachment-type validation because media types are\n // not known at dispatch time.\n attachmentMediaTypes: undefined,\n })\n\n if (!decision.ok) {\n return jsonError(statusForDenyCode(decision.code), decision.message, decision.code)\n }\n\n const agentDef = decision.agent\n\n // --- Phase 4a: validate runtime override query params ---\n const hasRuntimeOverride =\n (rawProvider && rawProvider.trim().length > 0) ||\n (rawModel && rawModel.trim().length > 0) ||\n (rawBaseUrl && rawBaseUrl.trim().length > 0) ||\n (rawLoopBudget !== undefined && rawLoopBudget !== 'default')\n\n // `allowRuntimeOverride` is the canonical flag (renamed from\n // `allowRuntimeModelOverride` in Phase 4 of this spec). Both are checked\n // here to cover agents declared before the rename lands; the deprecated\n // alias has lower priority.\n const runtimeOverrideAllowed =\n agentDef.allowRuntimeOverride !== false &&\n agentDef.allowRuntimeModelOverride !== false\n\n if (hasRuntimeOverride && !runtimeOverrideAllowed) {\n return jsonError(\n 400,\n `Agent \"${agentId}\" has runtime override disabled (allowRuntimeOverride: false).`,\n 'runtime_override_disabled',\n )\n }\n\n let tenantAllowlistSnapshot: TenantAllowlistSnapshot | null = null\n let agentRuntimeOverrideAllowlist: TenantAllowlistSnapshot | null = null\n if (auth.tenantId) {\n try {\n const em = container.resolve<EntityManager>('em')\n const allowlistRepo = new AiTenantModelAllowlistRepository(em)\n tenantAllowlistSnapshot = await allowlistRepo.getSnapshot({\n tenantId: auth.tenantId,\n organizationId: auth.orgId ?? null,\n })\n const runtimeOverrideRepo = new AiAgentRuntimeOverrideRepository(em)\n const agentRuntimeOverrideRow = await runtimeOverrideRepo.getExact({\n tenantId: auth.tenantId,\n organizationId: auth.orgId ?? null,\n agentId,\n })\n const tenantAgentAllowlist = agentRuntimeOverrideRow\n ? {\n allowedProviders: agentRuntimeOverrideRow.allowedOverrideProviders ?? null,\n allowedModelsByProvider: agentRuntimeOverrideRow.allowedOverrideModelsByProvider ?? {},\n }\n : null\n agentRuntimeOverrideAllowlist = hasAllowlistSnapshotRestrictions(tenantAgentAllowlist)\n ? tenantAgentAllowlist\n : null\n } catch (snapshotError) {\n // Fail closed: refuse to dispatch if we cannot confirm the tenant allowlist.\n // Silently falling back to env-only would widen the effective allowlist when\n // the DB is unavailable, which is the opposite of what an admin intends.\n console.error(\n '[AI Chat Agent] Tenant allowlist lookup failed; refusing to dispatch:',\n snapshotError,\n )\n return jsonError(\n 503,\n 'Tenant allowlist is temporarily unavailable. Try again shortly.',\n 'tenant_allowlist_unavailable',\n )\n }\n }\n const knownProviderIds = llmProviderRegistry.list().map((p) => p.id)\n const baseEffectiveAllowlist = intersectAllowlists(\n process.env as Record<string, string | undefined>,\n knownProviderIds,\n tenantAllowlistSnapshot,\n )\n const envAgentAllowlist = readAgentRuntimeOverrideAllowlist(\n process.env as Record<string, string | undefined>,\n agentId,\n knownProviderIds,\n )\n const effectiveAllowlist = intersectEffectiveAllowlistWithSnapshot(\n intersectEffectiveAllowlistWithSnapshot(\n baseEffectiveAllowlist,\n knownProviderIds,\n envAgentAllowlist,\n ),\n knownProviderIds,\n agentRuntimeOverrideAllowlist,\n )\n\n const normalizedProvider = rawProvider && rawProvider.trim().length > 0\n ? canonicalProviderId(rawProvider.trim(), llmProviderRegistry.list().map((p) => p.id))\n : null\n\n if (rawProvider && rawProvider.trim().length > 0) {\n const providerEntry = normalizedProvider ? llmProviderRegistry.get(normalizedProvider) : null\n if (!providerEntry) {\n return jsonError(\n 400,\n `Provider \"${rawProvider}\" is not registered. Registered provider ids: ${llmProviderRegistry.list().map((p) => p.id).join(', ')}.`,\n 'provider_unknown',\n )\n }\n if (!providerEntry.isConfigured()) {\n return jsonError(\n 400,\n `Provider \"${rawProvider}\" is registered but not configured in this environment (missing API key).`,\n 'provider_not_configured',\n )\n }\n if (!isProviderAllowedInEffective(effectiveAllowlist, normalizedProvider!)) {\n const source = effectiveAllowlist.tenantOverridesActive\n ? 'the effective allowlist (env \u2229 tenant)'\n : 'OM_AI_AVAILABLE_PROVIDERS'\n return jsonError(\n 400,\n `Provider \"${rawProvider}\" is not in ${source}.`,\n 'provider_not_allowlisted',\n )\n }\n if (\n rawModel\n && rawModel.trim().length > 0\n && !isModelAllowedForProviderInEffective(\n effectiveAllowlist,\n normalizedProvider!,\n rawModel.trim(),\n )\n ) {\n const source = effectiveAllowlist.tenantOverridesActive\n ? `the effective allowlist (env \u2229 tenant) for \"${normalizedProvider}\"`\n : modelAllowlistEnvVarName(normalizedProvider!)\n return jsonError(\n 400,\n `Model \"${rawModel}\" is not in ${source}.`,\n 'model_not_allowlisted',\n )\n }\n }\n\n if (rawBaseUrl && rawBaseUrl.trim().length > 0) {\n const allowlist = readBaseurlAllowlist()\n if (!isBaseurlAllowlisted(rawBaseUrl.trim(), allowlist)) {\n return jsonError(\n 400,\n `baseUrl \"${rawBaseUrl}\" is not in the AI_RUNTIME_BASEURL_ALLOWLIST. Set that env var to a comma-separated list of allowed host patterns to enable per-request baseUrl overrides.`,\n 'baseurl_not_allowlisted',\n )\n }\n }\n // --- end Phase 4a + Phase 4 validation ---\n\n const requestOverride =\n hasRuntimeOverride\n ? {\n providerId: normalizedProvider,\n modelId: rawModel && rawModel.trim().length > 0 ? rawModel.trim() : null,\n baseURL: rawBaseUrl && rawBaseUrl.trim().length > 0 ? rawBaseUrl.trim() : null,\n }\n : undefined\n\n // Resolve the loopBudget preset to a loop config override (Phase 4).\n const loopFromPreset =\n rawLoopBudget !== undefined && rawLoopBudget !== 'default'\n ? resolveLoopBudgetPreset(rawLoopBudget)\n : undefined\n\n return await runAiAgentText({\n agentId,\n messages: bodyResult.data.messages as unknown as UIMessage[],\n attachmentIds: bodyResult.data.attachmentIds,\n pageContext: bodyResult.data.pageContext,\n debug: bodyResult.data.debug,\n sessionId: bodyResult.data.sessionId ?? null,\n conversationId: bodyResult.data.conversationId ?? null,\n authContext: {\n tenantId: auth.tenantId ?? null,\n organizationId: auth.orgId ?? null,\n userId: auth.sub,\n features: acl.features,\n isSuperAdmin: acl.isSuperAdmin,\n },\n container,\n requestOverride,\n loop: loopFromPreset,\n emitLoopTrace: true,\n })\n } catch (error) {\n if (error instanceof AgentPolicyError) {\n return jsonError(statusForDenyCode(error.code), error.message, error.code)\n }\n console.error('[AI Chat Agent] Dispatch failure:', error)\n return jsonError(\n 500,\n error instanceof Error ? error.message : 'Agent dispatch failed.',\n 'internal_error',\n )\n }\n}\n"],
|
|
5
|
+
"mappings": "AAAA,SAAS,oBAAsC;AAE/C,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAEvC,SAAS,2BAA2B;AACpC,SAAS,yBAAyB;AAClC,SAAS,wBAAkD;AAC3D;AAAA,EACE;AAAA,EACA;AAAA,OAEK;AACP,SAAS,wBAAwB;AACjC,SAAS,sBAAsB,4BAA4B;AAC3D;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AACP,SAAS,wCAAwC;AACjD,SAAS,wCAAwC;AAGjD,MAAM,eAAe;AAErB,MAAM,iBAAiB;AAEvB,MAAM,oBAAoB,EAAE,OAAO;AAAA,EACjC,MAAM,EAAE,KAAK,CAAC,QAAQ,aAAa,QAAQ,CAAC;AAAA,EAC5C,SAAS,EAAE,OAAO;AACpB,CAAC;AAED,MAAM,oBAAoB,EACvB,OAAO;AAAA,EACN,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACvC,YAAY,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC3C,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAC3C,CAAC,EACA,YAAY;AAEf,MAAM,oBAAoB,EAAE,OAAO;AAAA,EACjC,UAAU,EACP,MAAM,iBAAiB,EACvB,IAAI,GAAG,4CAA4C,EACnD,IAAI,cAAc,iCAAiC,YAAY,UAAU;AAAA,EAC5E,eAAe,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AAAA,EAC5C,OAAO,EAAE,QAAQ,EAAE,SAAS;AAAA,EAC5B,aAAa,kBAAkB,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxC,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA,EAItC,gBAAgB,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS;AACtD,CAAC;AAID,MAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,OAAO,EACJ,OAAO,EACP,MAAM,gBAAgB,2EAA2E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQpG,UAAU,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO9B,OAAO,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ3B,SAAS,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAY7B,YAAY,EAAE,KAAK,CAAC,SAAS,WAAW,OAAO,CAAC,EAAE,SAAS;AAC7D,CAAC;AAEM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,MAAM;AAAA,MACJ,aAAa;AAAA,MACb,SAAS;AAAA,MACT,aACE;AAAA,MASF,OAAO;AAAA,MACP,aAAa;AAAA,QACX,aAAa;AAAA,QACb,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,gFAAgF,WAAW,oBAAoB;AAAA,MAC7I;AAAA,MACA,QAAQ;AAAA,QACN;AAAA,UACE,QAAQ;AAAA,UACR,aACE;AAAA,QAKJ;AAAA,QACA,EAAE,QAAQ,KAAK,aAAa,0BAA0B;AAAA,QACtD,EAAE,QAAQ,KAAK,aAAa,4DAA4D;AAAA,QACxF,EAAE,QAAQ,KAAK,aAAa,oBAAoB;AAAA,QAChD,EAAE,QAAQ,KAAK,aAAa,8CAA8C;AAAA,QAC1E,EAAE,QAAQ,KAAK,aAAa,4BAA4B;AAAA,MAC1D;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,WAAW;AAAA,EACtB,MAAM,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AACpE;AAEA,SAAS,UACP,QACA,SACA,MACA,OACc;AACd,SAAO,aAAa,KAAK,EAAE,OAAO,SAAS,MAAM,GAAI,SAAS,CAAC,EAAG,GAAG,EAAE,OAAO,CAAC;AACjF;AAEA,SAAS,kBAAkB,MAAmC;AAC5D,UAAQ,MAAM;AAAA,IACZ,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT;AACE,aAAO;AAAA,EACX;AACF;AAEA,eAAsB,KAAK,KAAqC;AAC9D,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM;AACT,WAAO,UAAU,KAAK,gBAAgB,iBAAiB;AAAA,EACzD;AAEA,QAAM,aAAa,IAAI,IAAI,IAAI,GAAG;AAClC,QAAM,cAAc,iBAAiB,UAAU;AAAA,IAC7C,OAAO,WAAW,aAAa,IAAI,OAAO,KAAK;AAAA,IAC/C,UAAU,WAAW,aAAa,IAAI,UAAU,KAAK;AAAA,IACrD,OAAO,WAAW,aAAa,IAAI,OAAO,KAAK;AAAA,IAC/C,SAAS,WAAW,aAAa,IAAI,SAAS,KAAK;AAAA,IACnD,YAAY,WAAW,aAAa,IAAI,YAAY,KAAK;AAAA,EAC3D,CAAC;AACD,MAAI,CAAC,YAAY,SAAS;AACxB,WAAO,UAAU,KAAK,+CAA+C,oBAAoB;AAAA,MACvF,QAAQ,YAAY,MAAM;AAAA,IAC5B,CAAC;AAAA,EACH;AACA,QAAM,UAAU,YAAY,KAAK;AACjC,QAAM,cAAc,YAAY,KAAK;AACrC,QAAM,WAAW,YAAY,KAAK;AAClC,QAAM,aAAa,YAAY,KAAK;AACpC,QAAM,gBAAgB,YAAY,KAAK;AAEvC,MAAI;AACJ,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,UAAU,KAAK,oCAAoC,kBAAkB;AAAA,EAC9E;AAEA,QAAM,aAAa,kBAAkB,UAAU,UAAU;AACzD,MAAI,CAAC,WAAW,SAAS;AACvB,WAAO,UAAU,KAAK,yBAAyB,oBAAoB;AAAA,MACjE,QAAQ,WAAW,MAAM;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,MAAI;AACF,UAAM,kBAAkB;AAExB,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,cAAc,UAAU,QAAqB,aAAa;AAChE,UAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK;AAAA,MAC9C,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AAED,UAAM,WAAW,iBAAiB;AAAA,MAChC;AAAA,MACA,aAAa;AAAA,QACX,cAAc,IAAI;AAAA,QAClB,cAAc,IAAI;AAAA,MACpB;AAAA,MACA,wBAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,MAKxB,sBAAsB;AAAA,IACxB,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,aAAO,UAAU,kBAAkB,SAAS,IAAI,GAAG,SAAS,SAAS,SAAS,IAAI;AAAA,IACpF;AAEA,UAAM,WAAW,SAAS;AAG1B,UAAM,qBACH,eAAe,YAAY,KAAK,EAAE,SAAS,KAC3C,YAAY,SAAS,KAAK,EAAE,SAAS,KACrC,cAAc,WAAW,KAAK,EAAE,SAAS,KACzC,kBAAkB,UAAa,kBAAkB;AAMpD,UAAM,yBACJ,SAAS,yBAAyB,SAClC,SAAS,8BAA8B;AAEzC,QAAI,sBAAsB,CAAC,wBAAwB;AACjD,aAAO;AAAA,QACL;AAAA,QACA,UAAU,OAAO;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAEA,QAAI,0BAA0D;AAC9D,QAAI,gCAAgE;AACpE,QAAI,KAAK,UAAU;AACjB,UAAI;AACF,cAAM,KAAK,UAAU,QAAuB,IAAI;AAChD,cAAM,gBAAgB,IAAI,iCAAiC,EAAE;AAC7D,kCAA0B,MAAM,cAAc,YAAY;AAAA,UACxD,UAAU,KAAK;AAAA,UACf,gBAAgB,KAAK,SAAS;AAAA,QAChC,CAAC;AACD,cAAM,sBAAsB,IAAI,iCAAiC,EAAE;AACnE,cAAM,0BAA0B,MAAM,oBAAoB,SAAS;AAAA,UACjE,UAAU,KAAK;AAAA,UACf,gBAAgB,KAAK,SAAS;AAAA,UAC9B;AAAA,QACF,CAAC;AACD,cAAM,uBAAuB,0BACzB;AAAA,UACE,kBAAkB,wBAAwB,4BAA4B;AAAA,UACtE,yBAAyB,wBAAwB,mCAAmC,CAAC;AAAA,QACvF,IACA;AACJ,wCAAgC,iCAAiC,oBAAoB,IACjF,uBACA;AAAA,MACN,SAAS,eAAe;AAItB,gBAAQ;AAAA,UACN;AAAA,UACA;AAAA,QACF;AACA,eAAO;AAAA,UACL;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,MACF;AAAA,IACF;AACA,UAAM,mBAAmB,oBAAoB,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE;AACnE,UAAM,yBAAyB;AAAA,MAC7B,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACF;AACA,UAAM,oBAAoB;AAAA,MACxB,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,IACF;AACA,UAAM,qBAAqB;AAAA,MACzB;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,UAAM,qBAAqB,eAAe,YAAY,KAAK,EAAE,SAAS,IAClE,oBAAoB,YAAY,KAAK,GAAG,oBAAoB,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,IACnF;AAEJ,QAAI,eAAe,YAAY,KAAK,EAAE,SAAS,GAAG;AAChD,YAAM,gBAAgB,qBAAqB,oBAAoB,IAAI,kBAAkB,IAAI;AACzF,UAAI,CAAC,eAAe;AAClB,eAAO;AAAA,UACL;AAAA,UACA,aAAa,WAAW,iDAAiD,oBAAoB,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE,EAAE,KAAK,IAAI,CAAC;AAAA,UAC/H;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,cAAc,aAAa,GAAG;AACjC,eAAO;AAAA,UACL;AAAA,UACA,aAAa,WAAW;AAAA,UACxB;AAAA,QACF;AAAA,MACF;AACA,UAAI,CAAC,6BAA6B,oBAAoB,kBAAmB,GAAG;AAC1E,cAAM,SAAS,mBAAmB,wBAC9B,gDACA;AACJ,eAAO;AAAA,UACL;AAAA,UACA,aAAa,WAAW,eAAe,MAAM;AAAA,UAC7C;AAAA,QACF;AAAA,MACF;AACA,UACE,YACG,SAAS,KAAK,EAAE,SAAS,KACzB,CAAC;AAAA,QACF;AAAA,QACA;AAAA,QACA,SAAS,KAAK;AAAA,MAChB,GACA;AACA,cAAM,SAAS,mBAAmB,wBAC9B,oDAA+C,kBAAkB,MACjE,yBAAyB,kBAAmB;AAChD,eAAO;AAAA,UACL;AAAA,UACA,UAAU,QAAQ,eAAe,MAAM;AAAA,UACvC;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,cAAc,WAAW,KAAK,EAAE,SAAS,GAAG;AAC9C,YAAM,YAAY,qBAAqB;AACvC,UAAI,CAAC,qBAAqB,WAAW,KAAK,GAAG,SAAS,GAAG;AACvD,eAAO;AAAA,UACL;AAAA,UACA,YAAY,UAAU;AAAA,UACtB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,UAAM,kBACJ,qBACI;AAAA,MACE,YAAY;AAAA,MACZ,SAAS,YAAY,SAAS,KAAK,EAAE,SAAS,IAAI,SAAS,KAAK,IAAI;AAAA,MACpE,SAAS,cAAc,WAAW,KAAK,EAAE,SAAS,IAAI,WAAW,KAAK,IAAI;AAAA,IAC5E,IACA;AAGN,UAAM,iBACJ,kBAAkB,UAAa,kBAAkB,YAC7C,wBAAwB,aAAa,IACrC;AAEN,WAAO,MAAM,eAAe;AAAA,MAC1B;AAAA,MACA,UAAU,WAAW,KAAK;AAAA,MAC1B,eAAe,WAAW,KAAK;AAAA,MAC/B,aAAa,WAAW,KAAK;AAAA,MAC7B,OAAO,WAAW,KAAK;AAAA,MACvB,WAAW,WAAW,KAAK,aAAa;AAAA,MACxC,gBAAgB,WAAW,KAAK,kBAAkB;AAAA,MAClD,aAAa;AAAA,QACX,UAAU,KAAK,YAAY;AAAA,QAC3B,gBAAgB,KAAK,SAAS;AAAA,QAC9B,QAAQ,KAAK;AAAA,QACb,UAAU,IAAI;AAAA,QACd,cAAc,IAAI;AAAA,MACpB;AAAA,MACA;AAAA,MACA;AAAA,MACA,MAAM;AAAA,MACN,eAAe;AAAA,IACjB,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,iBAAiB,kBAAkB;AACrC,aAAO,UAAU,kBAAkB,MAAM,IAAI,GAAG,MAAM,SAAS,MAAM,IAAI;AAAA,IAC3E;AACA,YAAQ,MAAM,qCAAqC,KAAK;AACxD,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;",
|
|
6
6
|
"names": []
|
|
7
7
|
}
|
|
@@ -13,7 +13,7 @@ import { AiAgentRuntimeOverrideRepository, AiAgentRuntimeOverrideValidationError
|
|
|
13
13
|
import { AiTenantModelAllowlistRepository } from "../../data/repositories/AiTenantModelAllowlistRepository.js";
|
|
14
14
|
import { isBaseurlAllowlisted, readBaseurlAllowlist } from "../../lib/baseurl-allowlist.js";
|
|
15
15
|
import { loadAgentRegistry, listAgents } from "../../lib/agent-registry.js";
|
|
16
|
-
import { createModelFactory } from "../../lib/model-factory.js";
|
|
16
|
+
import { createModelFactory, resolveAllowRuntimeOverride } from "../../lib/model-factory.js";
|
|
17
17
|
import {
|
|
18
18
|
agentOverrideModelAllowlistEnvVarName,
|
|
19
19
|
agentOverrideProviderAllowlistEnvVarName,
|
|
@@ -169,7 +169,7 @@ async function GET(req) {
|
|
|
169
169
|
agentDefaultModel: agent.defaultModel,
|
|
170
170
|
agentDefaultProvider: agent.defaultProvider,
|
|
171
171
|
agentDefaultBaseUrl: agent.defaultBaseUrl,
|
|
172
|
-
|
|
172
|
+
allowRuntimeOverride: resolveAllowRuntimeOverride(agent),
|
|
173
173
|
tenantOverride: agentTenantOverride,
|
|
174
174
|
tenantAllowlist: tenantAllowlistSnapshot
|
|
175
175
|
});
|
|
@@ -205,7 +205,8 @@ async function GET(req) {
|
|
|
205
205
|
return {
|
|
206
206
|
agentId: agent.id,
|
|
207
207
|
moduleId: agent.moduleId,
|
|
208
|
-
|
|
208
|
+
allowRuntimeOverride: resolveAllowRuntimeOverride(agent),
|
|
209
|
+
allowRuntimeModelOverride: resolveAllowRuntimeOverride(agent),
|
|
209
210
|
codeDefaultProviderId: agent.defaultProvider ?? null,
|
|
210
211
|
codeDefaultModelId: agent.defaultModel ?? null,
|
|
211
212
|
override: agentOverrideRow ? {
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"version": 3,
|
|
3
3
|
"sources": ["../../../../../src/modules/ai_assistant/api/settings/route.ts"],
|
|
4
|
-
"sourcesContent": ["import { NextResponse, type NextRequest } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { llmProviderRegistry } from '@open-mercato/shared/lib/ai/llm-provider-registry'\nimport {\n OPEN_CODE_PROVIDER_IDS,\n OPEN_CODE_PROVIDERS,\n getOpenCodeProviderConfiguredEnvKey,\n isOpenCodeProviderConfigured,\n} from '@open-mercato/shared/lib/ai/opencode-provider'\nimport { AiAgentRuntimeOverrideRepository, AiAgentRuntimeOverrideValidationError } from '../../data/repositories/AiAgentRuntimeOverrideRepository'\nimport { AiTenantModelAllowlistRepository } from '../../data/repositories/AiTenantModelAllowlistRepository'\nimport { isBaseurlAllowlisted, readBaseurlAllowlist } from '../../lib/baseurl-allowlist'\nimport { loadAgentRegistry, listAgents } from '../../lib/agent-registry'\nimport { createModelFactory } from '../../lib/model-factory'\nimport {\n agentOverrideModelAllowlistEnvVarName,\n agentOverrideProviderAllowlistEnvVarName,\n canonicalProviderId,\n hasAllowlistSnapshotRestrictions,\n intersectEffectiveAllowlistWithSnapshot,\n intersectAllowlists,\n isProviderAllowed,\n isProviderAllowedInEffective,\n isProviderModelAllowed,\n isProviderModelAllowedInEffective,\n modelAllowlistEnvVarName,\n readAgentRuntimeOverrideAllowlist,\n readAllowedModels,\n readAllowedProviders,\n readAllowlistConfig,\n type TenantAllowlistSnapshot,\n} from '../../lib/model-allowlist'\n\nfunction modelCatalogWithAllowlistFallback(\n models: ReadonlyArray<{ id: string; name: string; contextWindow?: number | null; tags?: readonly string[] }>,\n allowlistModelIds: string[] | undefined,\n): ReadonlyArray<{ id: string; name: string; contextWindow?: number | null; tags?: readonly string[] }> {\n if (models.length > 0) return models\n return (allowlistModelIds ?? []).map((id) => ({ id, name: id }))\n}\n\nconst runtimeOverrideUpsertSchema = z.object({\n providerId: z.string().min(1).max(64).nullable().optional(),\n modelId: z.string().min(1).max(256).nullable().optional(),\n baseURL: z.string().url().max(2048).nullable().optional(),\n agentId: z.string().min(1).max(128).nullable().optional(),\n allowedOverrideProviders: z.array(z.string().min(1).max(64)).nullable().optional(),\n allowedOverrideModelsByProvider: z\n .record(z.string().min(1).max(64), z.array(z.string().min(1).max(256)))\n .optional(),\n})\n\nconst runtimeOverrideClearSchema = z.object({\n agentId: z.string().min(1).max(128).nullable().optional(),\n})\n\nexport type RuntimeOverrideUpsertBody = z.infer<typeof runtimeOverrideUpsertSchema>\nexport type RuntimeOverrideClearBody = z.infer<typeof runtimeOverrideClearSchema>\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'AI Assistant',\n summary: 'AI assistant settings',\n methods: {\n GET: { summary: 'Get AI provider configuration' },\n PUT: {\n summary: 'Upsert per-tenant AI runtime override',\n description:\n 'Creates or updates the per-tenant AI runtime override (provider, model, baseURL). ' +\n 'Optionally scoped to a specific agent via `agentId`. ' +\n 'Gated by `ai_assistant.settings.manage`. ' +\n 'baseURL must match AI_RUNTIME_BASEURL_ALLOWLIST when set.',\n requestBody: {\n contentType: 'application/json',\n description: 'Override payload. All fields nullable/optional; null explicitly clears the axis.',\n schema: runtimeOverrideUpsertSchema,\n },\n responses: [\n { status: 200, description: 'Override saved. Returns the saved row.' },\n ],\n errors: [\n { status: 400, description: 'Validation error: unknown provider, invalid URL, or baseURL not allowlisted.' },\n { status: 401, description: 'Unauthenticated.' },\n { status: 403, description: 'Caller lacks ai_assistant.settings.manage.' },\n ],\n },\n DELETE: {\n summary: 'Clear per-tenant AI runtime override',\n description:\n 'Soft-deletes the active per-tenant runtime override. ' +\n 'Pass `agentId` to clear only the agent-specific row; omit to clear the tenant-wide default. ' +\n 'Gated by `ai_assistant.settings.manage`. Idempotent \u2014 returns 200 with `cleared: false` when no active row existed.',\n requestBody: {\n contentType: 'application/json',\n description: 'Optional agentId to scope the delete.',\n schema: runtimeOverrideClearSchema,\n },\n responses: [\n { status: 200, description: 'Returns `{ cleared: boolean }` indicating whether a row was found and removed.' },\n ],\n errors: [\n { status: 401, description: 'Unauthenticated.' },\n { status: 403, description: 'Caller lacks ai_assistant.settings.manage.' },\n ],\n },\n },\n}\n\nexport const metadata = {\n GET: { requireAuth: true, requireFeatures: ['ai_assistant.view'] },\n PUT: { requireAuth: true, requireFeatures: ['ai_assistant.settings.manage'] },\n DELETE: { requireAuth: true, requireFeatures: ['ai_assistant.settings.manage'] },\n}\n\n/**\n * GET /api/ai_assistant/settings\n *\n * Returns the current OpenCode provider configuration from environment variables\n * plus the Phase 4a additive fields: resolvedDefault, tenantOverride, agents[],\n * and availableProviders[].defaultModels.\n */\nexport async function GET(req: NextRequest) {\n const auth = await getAuthFromRequest(req)\n if (!auth?.sub) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n }\n\n try {\n const env = process.env as Record<string, string | undefined>\n const configuredProviderHint = env.OM_AI_PROVIDER?.trim() || env.OPENCODE_PROVIDER?.trim() || null\n const registryProviders = llmProviderRegistry.list()\n const knownProviderIdsForAllowlist: string[] = [\n ...OPEN_CODE_PROVIDER_IDS,\n ...registryProviders\n .map((p) => p.id)\n .filter((id) => !(OPEN_CODE_PROVIDER_IDS as readonly string[]).includes(id)),\n ]\n const registryProviderId = configuredProviderHint\n ? canonicalProviderId(configuredProviderHint, registryProviders.map((provider) => provider.id))\n : null\n const registryProvider = registryProviderId ? llmProviderRegistry.get(registryProviderId) : null\n const fallbackOpenCodeProviderId = (\n (configuredProviderHint\n ? canonicalProviderId(configuredProviderHint, OPEN_CODE_PROVIDER_IDS as readonly string[])\n : null) ?? 'openai'\n ) as keyof typeof OPEN_CODE_PROVIDERS\n const fallbackOpenCodeProvider = OPEN_CODE_PROVIDERS[fallbackOpenCodeProviderId]\n\n const providerId = registryProvider?.id ?? fallbackOpenCodeProviderId\n const providerName = registryProvider?.name ?? fallbackOpenCodeProvider?.name ?? providerId\n const defaultProviderModel = registryProvider?.defaultModel ?? fallbackOpenCodeProvider?.defaultModel ?? ''\n const configuredModelHint = env.OM_AI_MODEL?.trim() || env.OPENCODE_MODEL?.trim() || defaultProviderModel\n const fallbackModelWithProvider = `${providerId}/${configuredModelHint}`\n const apiKeyConfigured = registryProvider\n ? registryProvider.isConfigured(env)\n : fallbackOpenCodeProvider\n ? isOpenCodeProviderConfigured(fallbackOpenCodeProviderId)\n : false\n const displayEnvKey = registryProvider\n ? registryProvider.getConfiguredEnvKey(env)\n : fallbackOpenCodeProvider\n ? getOpenCodeProviderConfiguredEnvKey(fallbackOpenCodeProviderId)\n : null\n\n // Check if MCP_SERVER_API_KEY is configured (required for MCP authentication)\n const mcpKeyConfigured = !!process.env.MCP_SERVER_API_KEY?.trim()\n\n // Phase 4a: resolve tenant override row and per-agent resolution matrix\n let tenantOverride: {\n providerId: string | null\n modelId: string | null\n baseURL: string | null\n agentId: string | null\n updatedAt: string\n } | null = null\n\n let agentResolutions: Array<{\n agentId: string\n moduleId: string\n allowRuntimeModelOverride: boolean\n codeDefaultProviderId: string | null\n codeDefaultModelId: string | null\n override: {\n providerId: string | null\n modelId: string | null\n baseURL: string | null\n updatedAt: string\n } | null\n runtimeOverrideAllowlist: {\n env: TenantAllowlistSnapshot | null\n tenant: TenantAllowlistSnapshot | null\n effective: ReturnType<typeof intersectAllowlists>\n envVarNames: {\n providers: string\n modelsByProvider: Record<string, string>\n }\n }\n providerId: string\n modelId: string\n baseURL: string | null\n source: string\n }> = []\n\n let resolvedDefault: {\n providerId: string\n modelId: string\n baseURL: string | null\n source: string\n } | null = null\n\n let tenantAllowlistSnapshot: TenantAllowlistSnapshot | null = null\n\n try {\n const container = await createRequestContainer()\n const tenantId = auth.tenantId ?? null\n const organizationId = auth.orgId ?? null\n\n if (tenantId) {\n const em = container.resolve<EntityManager>('em')\n const repo = new AiAgentRuntimeOverrideRepository(em)\n const overrideRow = await repo.getDefault({ tenantId, organizationId, agentId: null })\n if (overrideRow) {\n tenantOverride = {\n providerId: overrideRow.providerId ?? null,\n modelId: overrideRow.modelId ?? null,\n baseURL: overrideRow.baseUrl ?? null,\n agentId: overrideRow.agentId ?? null,\n updatedAt: overrideRow.updatedAt.toISOString(),\n }\n }\n\n const allowlistRepo = new AiTenantModelAllowlistRepository(em)\n tenantAllowlistSnapshot = await allowlistRepo.getSnapshot({\n tenantId,\n organizationId,\n })\n\n const factory = createModelFactory(container)\n const defaultResolution = factory.resolveModel({\n tenantAllowlist: tenantAllowlistSnapshot,\n tenantOverride: tenantOverride\n ? { providerId: tenantOverride.providerId, modelId: tenantOverride.modelId, baseURL: tenantOverride.baseURL }\n : undefined,\n })\n resolvedDefault = {\n providerId: defaultResolution.providerId,\n modelId: defaultResolution.modelId,\n baseURL: defaultResolution.baseURL ?? null,\n source: defaultResolution.source,\n }\n\n await loadAgentRegistry()\n const agents = listAgents()\n const agentResolutionPromises = agents.map(async (agent) => {\n const agentOverrideRow = await repo.getExact({\n tenantId,\n organizationId,\n agentId: agent.id,\n })\n const agentTenantOverride = agentOverrideRow\n ? {\n providerId: agentOverrideRow.providerId ?? null,\n modelId: agentOverrideRow.modelId ?? null,\n baseURL: agentOverrideRow.baseUrl ?? null,\n }\n : (tenantOverride ?? undefined)\n const agentResolution = factory.resolveModel({\n moduleId: agent.moduleId,\n agentDefaultModel: agent.defaultModel,\n agentDefaultProvider: agent.defaultProvider,\n agentDefaultBaseUrl: agent.defaultBaseUrl,\n allowRuntimeModelOverride: agent.allowRuntimeModelOverride,\n tenantOverride: agentTenantOverride,\n tenantAllowlist: tenantAllowlistSnapshot,\n })\n const agentEnvAllowlist = readAgentRuntimeOverrideAllowlist(\n env,\n agent.id,\n knownProviderIdsForAllowlist,\n )\n const agentTenantAllowlist = agentOverrideRow\n ? {\n allowedProviders: agentOverrideRow.allowedOverrideProviders ?? null,\n allowedModelsByProvider: agentOverrideRow.allowedOverrideModelsByProvider ?? {},\n }\n : null\n const baseEffectiveAllowlist = intersectAllowlists(\n env,\n knownProviderIdsForAllowlist,\n tenantAllowlistSnapshot,\n )\n const agentEffectiveAllowlist = intersectEffectiveAllowlistWithSnapshot(\n intersectEffectiveAllowlistWithSnapshot(\n baseEffectiveAllowlist,\n knownProviderIdsForAllowlist,\n agentEnvAllowlist,\n ),\n knownProviderIdsForAllowlist,\n agentTenantAllowlist,\n )\n const agentModelEnvVars = Object.fromEntries(\n knownProviderIdsForAllowlist.map((providerId) => [\n providerId,\n agentOverrideModelAllowlistEnvVarName(agent.id, providerId),\n ]),\n )\n return {\n agentId: agent.id,\n moduleId: agent.moduleId,\n allowRuntimeModelOverride: agent.allowRuntimeModelOverride !== false,\n codeDefaultProviderId: agent.defaultProvider ?? null,\n codeDefaultModelId: agent.defaultModel ?? null,\n override: agentOverrideRow\n ? {\n providerId: agentOverrideRow.providerId ?? null,\n modelId: agentOverrideRow.modelId ?? null,\n baseURL: agentOverrideRow.baseUrl ?? null,\n updatedAt: agentOverrideRow.updatedAt.toISOString(),\n }\n : null,\n runtimeOverrideAllowlist: {\n env: agentEnvAllowlist,\n tenant: hasAllowlistSnapshotRestrictions(agentTenantAllowlist)\n ? agentTenantAllowlist\n : null,\n effective: agentEffectiveAllowlist,\n envVarNames: {\n providers: agentOverrideProviderAllowlistEnvVarName(agent.id),\n modelsByProvider: agentModelEnvVars,\n },\n },\n providerId: agentResolution.providerId,\n modelId: agentResolution.modelId,\n baseURL: agentResolution.baseURL ?? null,\n source: agentResolution.source,\n }\n })\n agentResolutions = await Promise.all(agentResolutionPromises)\n }\n } catch (overrideError) {\n // Phase 4a fields are best-effort \u2014 log and continue returning the base response\n console.warn('[AI Settings] Failed to compute Phase 4a override fields:', overrideError)\n }\n\n // Build availableProviders with Phase 4a defaultModels, then clip to the\n // EFFECTIVE allowlist \u2014 env intersected with the per-tenant snapshot.\n // The env allowlist is the OUTER constraint; the tenant allowlist (Phase\n // 1780-6) narrows it further. The settings UI must never offer a value\n // the runtime would refuse to honor.\n const allowlistConfig = readAllowlistConfig(env, knownProviderIdsForAllowlist)\n const effectiveAllowlist = intersectAllowlists(\n env,\n knownProviderIdsForAllowlist,\n tenantAllowlistSnapshot,\n )\n\n const allRawProviders = [\n ...OPEN_CODE_PROVIDER_IDS.map((id) => {\n const info = OPEN_CODE_PROVIDERS[id]\n const registryProvider = llmProviderRegistry.get(id)\n return {\n id,\n name: info.name,\n defaultModel: info.defaultModel,\n envKey: getOpenCodeProviderConfiguredEnvKey(id),\n configured: isOpenCodeProviderConfigured(id),\n defaultModels: registryProvider?.defaultModels ?? [],\n }\n }),\n // Also surface any llmProviderRegistry providers not in OPEN_CODE_PROVIDER_IDS\n ...llmProviderRegistry.list()\n .filter((p) => !(OPEN_CODE_PROVIDER_IDS as readonly string[]).includes(p.id))\n .map((p) => ({\n id: p.id,\n name: p.name,\n defaultModel: p.defaultModels[0]?.id ?? '',\n envKey: null,\n configured: p.isConfigured(),\n defaultModels: p.defaultModels,\n })),\n ]\n\n const availableProviders = allRawProviders\n .filter((p) => isProviderAllowedInEffective(effectiveAllowlist, p.id))\n .map((p) => {\n const effectiveModelsList = effectiveAllowlist.modelsByProvider[p.id]\n const catalogModels = modelCatalogWithAllowlistFallback(\n p.defaultModels,\n effectiveModelsList,\n )\n const clippedDefaults = effectiveModelsList !== undefined\n ? catalogModels.filter((m) => effectiveModelsList.includes(m.id))\n : catalogModels\n return {\n ...p,\n defaultModel: effectiveModelsList && !effectiveModelsList.includes(p.defaultModel)\n ? (effectiveModelsList[0] ?? p.defaultModel)\n : p.defaultModel || clippedDefaults[0]?.id || '',\n defaultModels: clippedDefaults,\n }\n })\n\n const allowlistProviders = allRawProviders\n .filter((p) => isProviderAllowed(env, p.id))\n .map((p) => {\n const envModelsList = allowlistConfig.modelsByProvider[p.id]\n const catalogModels = modelCatalogWithAllowlistFallback(\n p.defaultModels,\n envModelsList,\n )\n const envClippedDefaults = envModelsList !== undefined\n ? catalogModels.filter((m) => envModelsList.includes(m.id))\n : catalogModels\n return {\n ...p,\n defaultModel: envModelsList && !envModelsList.includes(p.defaultModel)\n ? (envModelsList[0] ?? p.defaultModel)\n : p.defaultModel || envClippedDefaults[0]?.id || '',\n defaultModels: envClippedDefaults,\n }\n })\n\n return NextResponse.json({\n provider: {\n id: providerId,\n name: providerName,\n model: resolvedDefault\n ? `${resolvedDefault.providerId}/${resolvedDefault.modelId}`\n : fallbackModelWithProvider,\n defaultModel: defaultProviderModel,\n envKey: displayEnvKey,\n configured: apiKeyConfigured,\n },\n availableProviders,\n // Editable universe for the tenant allowlist page. This is clipped only\n // by env so tenant-hidden models remain visible and can be re-enabled.\n allowlistProviders,\n // Snapshot of the env-driven allowlist so the UI can render hints like\n // \"limited to: openai, anthropic\" without re-implementing the parser.\n allowlist: allowlistConfig,\n // Per-tenant allowlist snapshot (Phase 1780-6). `null` when no row has\n // been persisted yet \u2014 the runtime then falls back to env-only\n // enforcement. The UI uses this to drive the editable MultiSelect.\n tenantAllowlist: tenantAllowlistSnapshot,\n // Effective allowlist after intersecting env with tenant. The UI uses\n // this to render the \"what the runtime will actually accept\" summary\n // and to clip pickers without re-implementing the intersection.\n effectiveAllowlist,\n mcpKeyConfigured,\n resolvedDefault,\n tenantOverride,\n agents: agentResolutions,\n })\n } catch (error) {\n console.error('[AI Settings] GET error:', error)\n return NextResponse.json({ error: 'Failed to fetch settings' }, { status: 500 })\n }\n}\n\n/**\n * PUT /api/ai_assistant/settings\n *\n * Upserts the per-tenant AI runtime override (Phase 4a). Requires\n * `ai_assistant.settings.manage`. The body is Zod-validated; a `baseURL`\n * must match `AI_RUNTIME_BASEURL_ALLOWLIST` when that env var is set.\n */\nexport async function PUT(req: NextRequest) {\n const auth = await getAuthFromRequest(req)\n if (!auth?.sub) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n }\n\n let parsedBody: unknown\n try {\n parsedBody = await req.json()\n } catch {\n return NextResponse.json({ error: 'Request body must be valid JSON.', code: 'validation_error' }, { status: 400 })\n }\n\n const bodyResult = runtimeOverrideUpsertSchema.safeParse(parsedBody)\n if (!bodyResult.success) {\n return NextResponse.json(\n { error: 'Invalid request body.', code: 'validation_error', issues: bodyResult.error.issues },\n { status: 400 },\n )\n }\n\n const { providerId: requestedProviderId, modelId, baseURL, agentId } = bodyResult.data\n const knownProviderIdsForRequest = llmProviderRegistry.list().map((p) => p.id)\n const providerId = requestedProviderId\n ? canonicalProviderId(requestedProviderId, knownProviderIdsForRequest) ?? requestedProviderId\n : requestedProviderId\n\n if (baseURL && baseURL.trim().length > 0) {\n const allowlist = readBaseurlAllowlist()\n if (!isBaseurlAllowlisted(baseURL.trim(), allowlist)) {\n return NextResponse.json(\n {\n error: `baseURL \"${baseURL}\" is not in AI_RUNTIME_BASEURL_ALLOWLIST.`,\n code: 'baseurl_not_allowlisted',\n },\n { status: 400 },\n )\n }\n }\n\n const allowedOverrideProviders = bodyResult.data.allowedOverrideProviders === undefined\n ? undefined\n : bodyResult.data.allowedOverrideProviders?.map((id) =>\n canonicalProviderId(id, knownProviderIdsForRequest) ?? id,\n ) ?? null\n const allowedOverrideModelsByProvider = bodyResult.data.allowedOverrideModelsByProvider === undefined\n ? undefined\n : Object.fromEntries(\n Object.entries(bodyResult.data.allowedOverrideModelsByProvider ?? {}).map(([id, models]) => [\n canonicalProviderId(id, knownProviderIdsForRequest) ?? id,\n models,\n ]),\n )\n const hasRuntimeOverrideAllowlistWrite =\n allowedOverrideProviders !== undefined || allowedOverrideModelsByProvider !== undefined\n\n // Env-driven provider/model allowlist (Phase 1780-5) intersected with the\n // per-tenant allowlist (Phase 1780-6): the EFFECTIVE allowlist clips which\n // (provider, model) pairs the runtime accepts. Reject settings PUT requests\n // for pairs outside that effective set so the settings UI never persists a\n // value the runtime would later refuse. Tenant-allowlist enforcement is\n // best-effort here: if the snapshot lookup fails we fall back to env-only\n // checks (the runtime still re-clips at resolution time).\n let putEffectiveAllowlist: ReturnType<typeof intersectAllowlists> | null = null\n if (providerId || hasRuntimeOverrideAllowlistWrite) {\n try {\n const previewContainer = await createRequestContainer()\n const knownIdsForCheck = [\n ...OPEN_CODE_PROVIDER_IDS,\n ...llmProviderRegistry\n .list()\n .map((p) => p.id)\n .filter((id) => !(OPEN_CODE_PROVIDER_IDS as readonly string[]).includes(id)),\n ]\n let snapshot: TenantAllowlistSnapshot | null = null\n if (auth.tenantId) {\n try {\n const em = previewContainer.resolve<EntityManager>('em')\n const allowlistRepo = new AiTenantModelAllowlistRepository(em)\n snapshot = await allowlistRepo.getSnapshot({\n tenantId: auth.tenantId,\n organizationId: auth.orgId ?? null,\n })\n } catch {\n snapshot = null\n }\n }\n putEffectiveAllowlist = intersectAllowlists(\n process.env as Record<string, string | undefined>,\n knownIdsForCheck,\n snapshot,\n )\n } catch {\n putEffectiveAllowlist = null\n }\n\n if (providerId && putEffectiveAllowlist) {\n if (!isProviderAllowedInEffective(putEffectiveAllowlist, providerId)) {\n const source = putEffectiveAllowlist.tenantOverridesActive\n ? 'the effective allowlist (env \u2229 tenant)'\n : 'OM_AI_AVAILABLE_PROVIDERS'\n return NextResponse.json(\n {\n error: `Provider \"${providerId}\" is not in ${source}.`,\n code: 'provider_not_allowlisted',\n },\n { status: 400 },\n )\n }\n if (modelId && !isProviderModelAllowedInEffective(putEffectiveAllowlist, providerId, modelId)) {\n const source = putEffectiveAllowlist.tenantOverridesActive\n ? `the effective allowlist (env \u2229 tenant) for \"${providerId}\"`\n : modelAllowlistEnvVarName(providerId)\n return NextResponse.json(\n {\n error: `Model \"${modelId}\" is not in ${source}.`,\n code: 'model_not_allowlisted',\n },\n { status: 400 },\n )\n }\n } else if (providerId) {\n if (!isProviderAllowed(process.env, providerId)) {\n return NextResponse.json(\n {\n error: `Provider \"${requestedProviderId}\" is not in OM_AI_AVAILABLE_PROVIDERS.`,\n code: 'provider_not_allowlisted',\n },\n { status: 400 },\n )\n }\n if (modelId && !isProviderModelAllowed(process.env, providerId, modelId)) {\n return NextResponse.json(\n {\n error: `Model \"${modelId}\" is not in ${modelAllowlistEnvVarName(providerId)}.`,\n code: 'model_not_allowlisted',\n },\n { status: 400 },\n )\n }\n }\n }\n\n if (hasRuntimeOverrideAllowlistWrite && !agentId) {\n return NextResponse.json(\n {\n error: 'agentId is required when saving chat override allowlist settings.',\n code: 'agent_required',\n },\n { status: 400 },\n )\n }\n\n if (Array.isArray(allowedOverrideProviders)) {\n for (const id of allowedOverrideProviders) {\n if (putEffectiveAllowlist && !isProviderAllowedInEffective(putEffectiveAllowlist, id)) {\n return NextResponse.json(\n {\n error: `Provider \"${id}\" is not in the effective tenant allowlist; per-agent chat override choices may not widen it.`,\n code: 'provider_not_allowlisted',\n },\n { status: 400 },\n )\n }\n }\n }\n if (allowedOverrideModelsByProvider) {\n for (const [id, models] of Object.entries(allowedOverrideModelsByProvider)) {\n if (putEffectiveAllowlist && !isProviderAllowedInEffective(putEffectiveAllowlist, id)) {\n return NextResponse.json(\n {\n error: `Provider \"${id}\" is not in the effective tenant allowlist; cannot save per-agent model choices for it.`,\n code: 'provider_not_allowlisted',\n },\n { status: 400 },\n )\n }\n for (const allowedModelId of models) {\n if (\n putEffectiveAllowlist &&\n !isProviderModelAllowedInEffective(putEffectiveAllowlist, id, allowedModelId)\n ) {\n return NextResponse.json(\n {\n error: `Model \"${allowedModelId}\" is not in the effective tenant allowlist for \"${id}\".`,\n code: 'model_not_allowlisted',\n },\n { status: 400 },\n )\n }\n }\n }\n }\n\n try {\n const container = await createRequestContainer()\n const rbacService = container.resolve<RbacService>('rbacService')\n const acl = await rbacService.loadAcl(auth.sub, {\n tenantId: auth.tenantId,\n organizationId: auth.orgId,\n })\n const canManage = acl.isSuperAdmin || acl.features.includes('ai_assistant.settings.manage')\n if (!canManage) {\n return NextResponse.json({ error: 'Forbidden', code: 'forbidden' }, { status: 403 })\n }\n\n const em = container.resolve<EntityManager>('em')\n const repo = new AiAgentRuntimeOverrideRepository(em)\n const upsertInput = {\n agentId: agentId ?? null,\n ...(Object.prototype.hasOwnProperty.call(bodyResult.data, 'providerId')\n ? { providerId: providerId ?? null }\n : {}),\n ...(Object.prototype.hasOwnProperty.call(bodyResult.data, 'modelId')\n ? { modelId: modelId ?? null }\n : {}),\n ...(Object.prototype.hasOwnProperty.call(bodyResult.data, 'baseURL')\n ? { baseURL: baseURL ?? null }\n : {}),\n ...(allowedOverrideProviders !== undefined\n ? { allowedOverrideProviders }\n : {}),\n ...(allowedOverrideModelsByProvider !== undefined\n ? { allowedOverrideModelsByProvider }\n : {}),\n }\n const row = await repo.upsertDefault(\n upsertInput,\n { tenantId: auth.tenantId ?? '', organizationId: auth.orgId ?? null, userId: auth.sub },\n )\n return NextResponse.json({\n id: row.id,\n tenantId: row.tenantId,\n organizationId: row.organizationId,\n agentId: row.agentId,\n providerId: row.providerId,\n modelId: row.modelId,\n baseURL: row.baseUrl,\n allowedOverrideProviders: row.allowedOverrideProviders ?? null,\n allowedOverrideModelsByProvider: row.allowedOverrideModelsByProvider ?? {},\n updatedAt: row.updatedAt,\n })\n } catch (error) {\n if (error instanceof AiAgentRuntimeOverrideValidationError) {\n return NextResponse.json({ error: error.message, code: 'provider_unknown' }, { status: 400 })\n }\n console.error('[AI Settings] PUT error:', error)\n return NextResponse.json({ error: 'Failed to save runtime override.' }, { status: 500 })\n }\n}\n\n/**\n * DELETE /api/ai_assistant/settings\n *\n * Soft-deletes the active per-tenant AI runtime override (Phase 4a). Requires\n * `ai_assistant.settings.manage`. Pass `agentId` in the body to clear only\n * the agent-specific row; omit (or null) to clear the tenant-wide default.\n * Idempotent \u2014 returns `{ cleared: false }` when no active row was found.\n */\nexport async function DELETE(req: NextRequest) {\n const auth = await getAuthFromRequest(req)\n if (!auth?.sub) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n }\n\n let parsedBody: unknown = {}\n try {\n parsedBody = await req.json()\n } catch {\n // Body is optional for DELETE \u2014 empty body is fine\n }\n\n const bodyResult = runtimeOverrideClearSchema.safeParse(parsedBody)\n if (!bodyResult.success) {\n return NextResponse.json(\n { error: 'Invalid request body.', code: 'validation_error', issues: bodyResult.error.issues },\n { status: 400 },\n )\n }\n\n try {\n const container = await createRequestContainer()\n const rbacService = container.resolve<RbacService>('rbacService')\n const acl = await rbacService.loadAcl(auth.sub, {\n tenantId: auth.tenantId,\n organizationId: auth.orgId,\n })\n const canManage = acl.isSuperAdmin || acl.features.includes('ai_assistant.settings.manage')\n if (!canManage) {\n return NextResponse.json({ error: 'Forbidden', code: 'forbidden' }, { status: 403 })\n }\n\n const em = container.resolve<EntityManager>('em')\n const repo = new AiAgentRuntimeOverrideRepository(em)\n const cleared = await repo.clearDefault({\n tenantId: auth.tenantId ?? '',\n organizationId: auth.orgId ?? null,\n agentId: bodyResult.data.agentId ?? null,\n })\n return NextResponse.json({ cleared })\n } catch (error) {\n console.error('[AI Settings] DELETE error:', error)\n return NextResponse.json({ error: 'Failed to clear runtime override.' }, { status: 500 })\n }\n}\n"],
|
|
5
|
-
"mappings": "AAAA,SAAS,oBAAsC;AAC/C,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,2BAA2B;AACpC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,kCAAkC,6CAA6C;AACxF,SAAS,wCAAwC;AACjD,SAAS,sBAAsB,4BAA4B;AAC3D,SAAS,mBAAmB,kBAAkB;AAC9C,SAAS,0BAA0B;AACnC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAGA;AAAA,OAEK;AAEP,SAAS,kCACP,QACA,mBACsG;AACtG,MAAI,OAAO,SAAS,EAAG,QAAO;AAC9B,UAAQ,qBAAqB,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,MAAM,GAAG,EAAE;AACjE;AAEA,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1D,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EACxD,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACxD,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EACxD,0BAA0B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACjF,iCAAiC,EAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,EACrE,SAAS;AACd,CAAC;AAED,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAC1D,CAAC;AAKM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK,EAAE,SAAS,gCAAgC;AAAA,IAChD,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MAIF,aAAa;AAAA,QACX,aAAa;AAAA,QACb,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,yCAAyC;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,+EAA+E;AAAA,QAC3G,EAAE,QAAQ,KAAK,aAAa,mBAAmB;AAAA,QAC/C,EAAE,QAAQ,KAAK,aAAa,6CAA6C;AAAA,MAC3E;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aACE;AAAA,MAGF,aAAa;AAAA,QACX,aAAa;AAAA,QACb,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,iFAAiF;AAAA,MAC/G;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB;AAAA,QAC/C,EAAE,QAAQ,KAAK,aAAa,6CAA6C;AAAA,MAC3E;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AAAA,EACjE,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,8BAA8B,EAAE;AAAA,EAC5E,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,8BAA8B,EAAE;AACjF;AASA,eAAsB,IAAI,KAAkB;AAC1C,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,KAAK;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI;AACF,UAAM,MAAM,QAAQ;AACpB,UAAM,yBAAyB,IAAI,gBAAgB,KAAK,KAAK,IAAI,mBAAmB,KAAK,KAAK;AAC9F,UAAM,oBAAoB,oBAAoB,KAAK;AACnD,UAAM,+BAAyC;AAAA,MAC7C,GAAG;AAAA,MACH,GAAG,kBACA,IAAI,CAAC,MAAM,EAAE,EAAE,EACf,OAAO,CAAC,OAAO,CAAE,uBAA6C,SAAS,EAAE,CAAC;AAAA,IAC/E;AACA,UAAM,qBAAqB,yBACvB,oBAAoB,wBAAwB,kBAAkB,IAAI,CAAC,aAAa,SAAS,EAAE,CAAC,IAC5F;AACJ,UAAM,mBAAmB,qBAAqB,oBAAoB,IAAI,kBAAkB,IAAI;AAC5F,UAAM,8BACH,yBACG,oBAAoB,wBAAwB,sBAA2C,IACvF,SAAS;AAEf,UAAM,2BAA2B,oBAAoB,0BAA0B;AAE/E,UAAM,aAAa,kBAAkB,MAAM;AAC3C,UAAM,eAAe,kBAAkB,QAAQ,0BAA0B,QAAQ;AACjF,UAAM,uBAAuB,kBAAkB,gBAAgB,0BAA0B,gBAAgB;AACzG,UAAM,sBAAsB,IAAI,aAAa,KAAK,KAAK,IAAI,gBAAgB,KAAK,KAAK;AACrF,UAAM,4BAA4B,GAAG,UAAU,IAAI,mBAAmB;AACtE,UAAM,mBAAmB,mBACrB,iBAAiB,aAAa,GAAG,IACjC,2BACE,6BAA6B,0BAA0B,IACvD;AACN,UAAM,gBAAgB,mBAClB,iBAAiB,oBAAoB,GAAG,IACxC,2BACE,oCAAoC,0BAA0B,IAC9D;AAGN,UAAM,mBAAmB,CAAC,CAAC,QAAQ,IAAI,oBAAoB,KAAK;AAGhE,QAAI,iBAMO;AAEX,QAAI,mBAyBC,CAAC;AAEN,QAAI,kBAKO;AAEX,QAAI,0BAA0D;AAE9D,QAAI;AACF,YAAM,YAAY,MAAM,uBAAuB;AAC/C,YAAM,WAAW,KAAK,YAAY;AAClC,YAAM,iBAAiB,KAAK,SAAS;AAErC,UAAI,UAAU;AACZ,cAAM,KAAK,UAAU,QAAuB,IAAI;AAChD,cAAM,OAAO,IAAI,iCAAiC,EAAE;AACpD,cAAM,cAAc,MAAM,KAAK,WAAW,EAAE,UAAU,gBAAgB,SAAS,KAAK,CAAC;AACrF,YAAI,aAAa;AACf,2BAAiB;AAAA,YACf,YAAY,YAAY,cAAc;AAAA,YACtC,SAAS,YAAY,WAAW;AAAA,YAChC,SAAS,YAAY,WAAW;AAAA,YAChC,SAAS,YAAY,WAAW;AAAA,YAChC,WAAW,YAAY,UAAU,YAAY;AAAA,UAC/C;AAAA,QACF;AAEA,cAAM,gBAAgB,IAAI,iCAAiC,EAAE;AAC7D,kCAA0B,MAAM,cAAc,YAAY;AAAA,UACxD;AAAA,UACA;AAAA,QACF,CAAC;AAED,cAAM,UAAU,mBAAmB,SAAS;AAC5C,cAAM,oBAAoB,QAAQ,aAAa;AAAA,UAC7C,iBAAiB;AAAA,UACjB,gBAAgB,iBACZ,EAAE,YAAY,eAAe,YAAY,SAAS,eAAe,SAAS,SAAS,eAAe,QAAQ,IAC1G;AAAA,QACN,CAAC;AACD,0BAAkB;AAAA,UAChB,YAAY,kBAAkB;AAAA,UAC9B,SAAS,kBAAkB;AAAA,UAC3B,SAAS,kBAAkB,WAAW;AAAA,UACtC,QAAQ,kBAAkB;AAAA,QAC5B;AAEA,cAAM,kBAAkB;AACxB,cAAM,SAAS,WAAW;AAC1B,cAAM,0BAA0B,OAAO,IAAI,OAAO,UAAU;AAC1D,gBAAM,mBAAmB,MAAM,KAAK,SAAS;AAAA,YAC3C;AAAA,YACA;AAAA,YACA,SAAS,MAAM;AAAA,UACjB,CAAC;AACD,gBAAM,sBAAsB,mBACxB;AAAA,YACE,YAAY,iBAAiB,cAAc;AAAA,YAC3C,SAAS,iBAAiB,WAAW;AAAA,YACrC,SAAS,iBAAiB,WAAW;AAAA,UACvC,IACC,kBAAkB;AACvB,gBAAM,kBAAkB,QAAQ,aAAa;AAAA,YAC3C,UAAU,MAAM;AAAA,YAChB,mBAAmB,MAAM;AAAA,YACzB,sBAAsB,MAAM;AAAA,YAC5B,qBAAqB,MAAM;AAAA,YAC3B,2BAA2B,MAAM;AAAA,YACjC,gBAAgB;AAAA,YAChB,iBAAiB;AAAA,UACnB,CAAC;AACD,gBAAM,oBAAoB;AAAA,YACxB;AAAA,YACA,MAAM;AAAA,YACN;AAAA,UACF;AACA,gBAAM,uBAAuB,mBACzB;AAAA,YACE,kBAAkB,iBAAiB,4BAA4B;AAAA,YAC/D,yBAAyB,iBAAiB,mCAAmC,CAAC;AAAA,UAChF,IACA;AACJ,gBAAM,yBAAyB;AAAA,YAC7B;AAAA,YACA;AAAA,YACA;AAAA,UACF;AACA,gBAAM,0BAA0B;AAAA,YAC9B;AAAA,cACE;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAAA,YACA;AAAA,YACA;AAAA,UACF;AACA,gBAAM,oBAAoB,OAAO;AAAA,YAC/B,6BAA6B,IAAI,CAACA,gBAAe;AAAA,cAC/CA;AAAA,cACA,sCAAsC,MAAM,IAAIA,WAAU;AAAA,YAC5D,CAAC;AAAA,UACH;AACA,iBAAO;AAAA,YACL,SAAS,MAAM;AAAA,YACf,UAAU,MAAM;AAAA,YAChB,2BAA2B,MAAM,8BAA8B;AAAA,YAC/D,uBAAuB,MAAM,mBAAmB;AAAA,YAChD,oBAAoB,MAAM,gBAAgB;AAAA,YAC1C,UAAU,mBACN;AAAA,cACE,YAAY,iBAAiB,cAAc;AAAA,cAC3C,SAAS,iBAAiB,WAAW;AAAA,cACrC,SAAS,iBAAiB,WAAW;AAAA,cACrC,WAAW,iBAAiB,UAAU,YAAY;AAAA,YACpD,IACA;AAAA,YACJ,0BAA0B;AAAA,cACxB,KAAK;AAAA,cACL,QAAQ,iCAAiC,oBAAoB,IACzD,uBACA;AAAA,cACJ,WAAW;AAAA,cACX,aAAa;AAAA,gBACX,WAAW,yCAAyC,MAAM,EAAE;AAAA,gBAC5D,kBAAkB;AAAA,cACpB;AAAA,YACF;AAAA,YACA,YAAY,gBAAgB;AAAA,YAC5B,SAAS,gBAAgB;AAAA,YACzB,SAAS,gBAAgB,WAAW;AAAA,YACpC,QAAQ,gBAAgB;AAAA,UAC1B;AAAA,QACF,CAAC;AACD,2BAAmB,MAAM,QAAQ,IAAI,uBAAuB;AAAA,MAC9D;AAAA,IACF,SAAS,eAAe;AAEtB,cAAQ,KAAK,6DAA6D,aAAa;AAAA,IACzF;AAOA,UAAM,kBAAkB,oBAAoB,KAAK,4BAA4B;AAC7E,UAAM,qBAAqB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,UAAM,kBAAkB;AAAA,MACtB,GAAG,uBAAuB,IAAI,CAAC,OAAO;AACpC,cAAM,OAAO,oBAAoB,EAAE;AACnC,cAAMC,oBAAmB,oBAAoB,IAAI,EAAE;AACnD,eAAO;AAAA,UACL;AAAA,UACA,MAAM,KAAK;AAAA,UACX,cAAc,KAAK;AAAA,UACnB,QAAQ,oCAAoC,EAAE;AAAA,UAC9C,YAAY,6BAA6B,EAAE;AAAA,UAC3C,eAAeA,mBAAkB,iBAAiB,CAAC;AAAA,QACrD;AAAA,MACF,CAAC;AAAA;AAAA,MAED,GAAG,oBAAoB,KAAK,EACzB,OAAO,CAAC,MAAM,CAAE,uBAA6C,SAAS,EAAE,EAAE,CAAC,EAC3E,IAAI,CAAC,OAAO;AAAA,QACX,IAAI,EAAE;AAAA,QACN,MAAM,EAAE;AAAA,QACR,cAAc,EAAE,cAAc,CAAC,GAAG,MAAM;AAAA,QACxC,QAAQ;AAAA,QACR,YAAY,EAAE,aAAa;AAAA,QAC3B,eAAe,EAAE;AAAA,MACnB,EAAE;AAAA,IACN;AAEA,UAAM,qBAAqB,gBACxB,OAAO,CAAC,MAAM,6BAA6B,oBAAoB,EAAE,EAAE,CAAC,EACpE,IAAI,CAAC,MAAM;AACV,YAAM,sBAAsB,mBAAmB,iBAAiB,EAAE,EAAE;AACpE,YAAM,gBAAgB;AAAA,QACpB,EAAE;AAAA,QACF;AAAA,MACF;AACA,YAAM,kBAAkB,wBAAwB,SAC5C,cAAc,OAAO,CAAC,MAAM,oBAAoB,SAAS,EAAE,EAAE,CAAC,IAC9D;AACJ,aAAO;AAAA,QACL,GAAG;AAAA,QACH,cAAc,uBAAuB,CAAC,oBAAoB,SAAS,EAAE,YAAY,IAC5E,oBAAoB,CAAC,KAAK,EAAE,eAC7B,EAAE,gBAAgB,gBAAgB,CAAC,GAAG,MAAM;AAAA,QAChD,eAAe;AAAA,MACjB;AAAA,IACF,CAAC;AAEH,UAAM,qBAAqB,gBACxB,OAAO,CAAC,MAAM,kBAAkB,KAAK,EAAE,EAAE,CAAC,EAC1C,IAAI,CAAC,MAAM;AACV,YAAM,gBAAgB,gBAAgB,iBAAiB,EAAE,EAAE;AAC3D,YAAM,gBAAgB;AAAA,QACpB,EAAE;AAAA,QACF;AAAA,MACF;AACA,YAAM,qBAAqB,kBAAkB,SACzC,cAAc,OAAO,CAAC,MAAM,cAAc,SAAS,EAAE,EAAE,CAAC,IACxD;AACJ,aAAO;AAAA,QACL,GAAG;AAAA,QACH,cAAc,iBAAiB,CAAC,cAAc,SAAS,EAAE,YAAY,IAChE,cAAc,CAAC,KAAK,EAAE,eACvB,EAAE,gBAAgB,mBAAmB,CAAC,GAAG,MAAM;AAAA,QACnD,eAAe;AAAA,MACjB;AAAA,IACF,CAAC;AAEH,WAAO,aAAa,KAAK;AAAA,MACvB,UAAU;AAAA,QACR,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,OAAO,kBACH,GAAG,gBAAgB,UAAU,IAAI,gBAAgB,OAAO,KACxD;AAAA,QACJ,cAAc;AAAA,QACd,QAAQ;AAAA,QACR,YAAY;AAAA,MACd;AAAA,MACA;AAAA;AAAA;AAAA,MAGA;AAAA;AAAA;AAAA,MAGA,WAAW;AAAA;AAAA;AAAA;AAAA,MAIX,iBAAiB;AAAA;AAAA;AAAA;AAAA,MAIjB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,WAAO,aAAa,KAAK,EAAE,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjF;AACF;AASA,eAAsB,IAAI,KAAkB;AAC1C,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,KAAK;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI;AACJ,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,oCAAoC,MAAM,mBAAmB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACnH;AAEA,QAAM,aAAa,4BAA4B,UAAU,UAAU;AACnE,MAAI,CAAC,WAAW,SAAS;AACvB,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,yBAAyB,MAAM,oBAAoB,QAAQ,WAAW,MAAM,OAAO;AAAA,MAC5F,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,QAAM,EAAE,YAAY,qBAAqB,SAAS,SAAS,QAAQ,IAAI,WAAW;AAClF,QAAM,6BAA6B,oBAAoB,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE;AAC7E,QAAM,aAAa,sBACf,oBAAoB,qBAAqB,0BAA0B,KAAK,sBACxE;AAEJ,MAAI,WAAW,QAAQ,KAAK,EAAE,SAAS,GAAG;AACxC,UAAM,YAAY,qBAAqB;AACvC,QAAI,CAAC,qBAAqB,QAAQ,KAAK,GAAG,SAAS,GAAG;AACpD,aAAO,aAAa;AAAA,QAClB;AAAA,UACE,OAAO,YAAY,OAAO;AAAA,UAC1B,MAAM;AAAA,QACR;AAAA,QACA,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,2BAA2B,WAAW,KAAK,6BAA6B,SAC1E,SACA,WAAW,KAAK,0BAA0B;AAAA,IAAI,CAAC,OAC7C,oBAAoB,IAAI,0BAA0B,KAAK;AAAA,EACzD,KAAK;AACT,QAAM,kCAAkC,WAAW,KAAK,oCAAoC,SACxF,SACA,OAAO;AAAA,IACL,OAAO,QAAQ,WAAW,KAAK,mCAAmC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,MAAM,MAAM;AAAA,MAC1F,oBAAoB,IAAI,0BAA0B,KAAK;AAAA,MACvD;AAAA,IACF,CAAC;AAAA,EACH;AACJ,QAAM,mCACJ,6BAA6B,UAAa,oCAAoC;AAShF,MAAI,wBAAuE;AAC3E,MAAI,cAAc,kCAAkC;AAClD,QAAI;AACF,YAAM,mBAAmB,MAAM,uBAAuB;AACtD,YAAM,mBAAmB;AAAA,QACvB,GAAG;AAAA,QACH,GAAG,oBACA,KAAK,EACL,IAAI,CAAC,MAAM,EAAE,EAAE,EACf,OAAO,CAAC,OAAO,CAAE,uBAA6C,SAAS,EAAE,CAAC;AAAA,MAC/E;AACA,UAAI,WAA2C;AAC/C,UAAI,KAAK,UAAU;AACjB,YAAI;AACF,gBAAM,KAAK,iBAAiB,QAAuB,IAAI;AACvD,gBAAM,gBAAgB,IAAI,iCAAiC,EAAE;AAC7D,qBAAW,MAAM,cAAc,YAAY;AAAA,YACzC,UAAU,KAAK;AAAA,YACf,gBAAgB,KAAK,SAAS;AAAA,UAChC,CAAC;AAAA,QACH,QAAQ;AACN,qBAAW;AAAA,QACb;AAAA,MACF;AACA,8BAAwB;AAAA,QACtB,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACF;AAAA,IACF,QAAQ;AACN,8BAAwB;AAAA,IAC1B;AAEA,QAAI,cAAc,uBAAuB;AACvC,UAAI,CAAC,6BAA6B,uBAAuB,UAAU,GAAG;AACpE,cAAM,SAAS,sBAAsB,wBACjC,gDACA;AACJ,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,aAAa,UAAU,eAAe,MAAM;AAAA,YACnD,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AACA,UAAI,WAAW,CAAC,kCAAkC,uBAAuB,YAAY,OAAO,GAAG;AAC7F,cAAM,SAAS,sBAAsB,wBACjC,oDAA+C,UAAU,MACzD,yBAAyB,UAAU;AACvC,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,UAAU,OAAO,eAAe,MAAM;AAAA,YAC7C,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF,WAAW,YAAY;AACrB,UAAI,CAAC,kBAAkB,QAAQ,KAAK,UAAU,GAAG;AAC/C,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,aAAa,mBAAmB;AAAA,YACvC,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AACA,UAAI,WAAW,CAAC,uBAAuB,QAAQ,KAAK,YAAY,OAAO,GAAG;AACxE,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,UAAU,OAAO,eAAe,yBAAyB,UAAU,CAAC;AAAA,YAC3E,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,oCAAoC,CAAC,SAAS;AAChD,WAAO,aAAa;AAAA,MAClB;AAAA,QACE,OAAO;AAAA,QACP,MAAM;AAAA,MACR;AAAA,MACA,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,MAAI,MAAM,QAAQ,wBAAwB,GAAG;AAC3C,eAAW,MAAM,0BAA0B;AACzC,UAAI,yBAAyB,CAAC,6BAA6B,uBAAuB,EAAE,GAAG;AACrF,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,aAAa,EAAE;AAAA,YACtB,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,MAAI,iCAAiC;AACnC,eAAW,CAAC,IAAI,MAAM,KAAK,OAAO,QAAQ,+BAA+B,GAAG;AAC1E,UAAI,yBAAyB,CAAC,6BAA6B,uBAAuB,EAAE,GAAG;AACrF,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,aAAa,EAAE;AAAA,YACtB,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AACA,iBAAW,kBAAkB,QAAQ;AACnC,YACE,yBACA,CAAC,kCAAkC,uBAAuB,IAAI,cAAc,GAC5E;AACA,iBAAO,aAAa;AAAA,YAClB;AAAA,cACE,OAAO,UAAU,cAAc,mDAAmD,EAAE;AAAA,cACpF,MAAM;AAAA,YACR;AAAA,YACA,EAAE,QAAQ,IAAI;AAAA,UAChB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,cAAc,UAAU,QAAqB,aAAa;AAChE,UAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK;AAAA,MAC9C,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AACD,UAAM,YAAY,IAAI,gBAAgB,IAAI,SAAS,SAAS,8BAA8B;AAC1F,QAAI,CAAC,WAAW;AACd,aAAO,aAAa,KAAK,EAAE,OAAO,aAAa,MAAM,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACrF;AAEA,UAAM,KAAK,UAAU,QAAuB,IAAI;AAChD,UAAM,OAAO,IAAI,iCAAiC,EAAE;AACpD,UAAM,cAAc;AAAA,MAClB,SAAS,WAAW;AAAA,MACpB,GAAI,OAAO,UAAU,eAAe,KAAK,WAAW,MAAM,YAAY,IAClE,EAAE,YAAY,cAAc,KAAK,IACjC,CAAC;AAAA,MACL,GAAI,OAAO,UAAU,eAAe,KAAK,WAAW,MAAM,SAAS,IAC/D,EAAE,SAAS,WAAW,KAAK,IAC3B,CAAC;AAAA,MACL,GAAI,OAAO,UAAU,eAAe,KAAK,WAAW,MAAM,SAAS,IAC/D,EAAE,SAAS,WAAW,KAAK,IAC3B,CAAC;AAAA,MACL,GAAI,6BAA6B,SAC7B,EAAE,yBAAyB,IAC3B,CAAC;AAAA,MACL,GAAI,oCAAoC,SACpC,EAAE,gCAAgC,IAClC,CAAC;AAAA,IACP;AACA,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB;AAAA,MACA,EAAE,UAAU,KAAK,YAAY,IAAI,gBAAgB,KAAK,SAAS,MAAM,QAAQ,KAAK,IAAI;AAAA,IACxF;AACA,WAAO,aAAa,KAAK;AAAA,MACvB,IAAI,IAAI;AAAA,MACR,UAAU,IAAI;AAAA,MACd,gBAAgB,IAAI;AAAA,MACpB,SAAS,IAAI;AAAA,MACb,YAAY,IAAI;AAAA,MAChB,SAAS,IAAI;AAAA,MACb,SAAS,IAAI;AAAA,MACb,0BAA0B,IAAI,4BAA4B;AAAA,MAC1D,iCAAiC,IAAI,mCAAmC,CAAC;AAAA,MACzE,WAAW,IAAI;AAAA,IACjB,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,iBAAiB,uCAAuC;AAC1D,aAAO,aAAa,KAAK,EAAE,OAAO,MAAM,SAAS,MAAM,mBAAmB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9F;AACA,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,WAAO,aAAa,KAAK,EAAE,OAAO,mCAAmC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzF;AACF;AAUA,eAAsB,OAAO,KAAkB;AAC7C,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,KAAK;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI,aAAsB,CAAC;AAC3B,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AAAA,EAER;AAEA,QAAM,aAAa,2BAA2B,UAAU,UAAU;AAClE,MAAI,CAAC,WAAW,SAAS;AACvB,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,yBAAyB,MAAM,oBAAoB,QAAQ,WAAW,MAAM,OAAO;AAAA,MAC5F,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,cAAc,UAAU,QAAqB,aAAa;AAChE,UAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK;AAAA,MAC9C,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AACD,UAAM,YAAY,IAAI,gBAAgB,IAAI,SAAS,SAAS,8BAA8B;AAC1F,QAAI,CAAC,WAAW;AACd,aAAO,aAAa,KAAK,EAAE,OAAO,aAAa,MAAM,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACrF;AAEA,UAAM,KAAK,UAAU,QAAuB,IAAI;AAChD,UAAM,OAAO,IAAI,iCAAiC,EAAE;AACpD,UAAM,UAAU,MAAM,KAAK,aAAa;AAAA,MACtC,UAAU,KAAK,YAAY;AAAA,MAC3B,gBAAgB,KAAK,SAAS;AAAA,MAC9B,SAAS,WAAW,KAAK,WAAW;AAAA,IACtC,CAAC;AACD,WAAO,aAAa,KAAK,EAAE,QAAQ,CAAC;AAAA,EACtC,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO,aAAa,KAAK,EAAE,OAAO,oCAAoC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1F;AACF;",
|
|
4
|
+
"sourcesContent": ["import { NextResponse, type NextRequest } from 'next/server'\nimport { z } from 'zod'\nimport type { OpenApiRouteDoc } from '@open-mercato/shared/lib/openapi'\nimport { getAuthFromRequest } from '@open-mercato/shared/lib/auth/server'\nimport { createRequestContainer } from '@open-mercato/shared/lib/di/container'\nimport type { EntityManager } from '@mikro-orm/postgresql'\nimport type { RbacService } from '@open-mercato/core/modules/auth/services/rbacService'\nimport { llmProviderRegistry } from '@open-mercato/shared/lib/ai/llm-provider-registry'\nimport {\n OPEN_CODE_PROVIDER_IDS,\n OPEN_CODE_PROVIDERS,\n getOpenCodeProviderConfiguredEnvKey,\n isOpenCodeProviderConfigured,\n} from '@open-mercato/shared/lib/ai/opencode-provider'\nimport { AiAgentRuntimeOverrideRepository, AiAgentRuntimeOverrideValidationError } from '../../data/repositories/AiAgentRuntimeOverrideRepository'\nimport { AiTenantModelAllowlistRepository } from '../../data/repositories/AiTenantModelAllowlistRepository'\nimport { isBaseurlAllowlisted, readBaseurlAllowlist } from '../../lib/baseurl-allowlist'\nimport { loadAgentRegistry, listAgents } from '../../lib/agent-registry'\nimport { createModelFactory, resolveAllowRuntimeOverride } from '../../lib/model-factory'\nimport {\n agentOverrideModelAllowlistEnvVarName,\n agentOverrideProviderAllowlistEnvVarName,\n canonicalProviderId,\n hasAllowlistSnapshotRestrictions,\n intersectEffectiveAllowlistWithSnapshot,\n intersectAllowlists,\n isProviderAllowed,\n isProviderAllowedInEffective,\n isProviderModelAllowed,\n isProviderModelAllowedInEffective,\n modelAllowlistEnvVarName,\n readAgentRuntimeOverrideAllowlist,\n readAllowedModels,\n readAllowedProviders,\n readAllowlistConfig,\n type TenantAllowlistSnapshot,\n} from '../../lib/model-allowlist'\n\nfunction modelCatalogWithAllowlistFallback(\n models: ReadonlyArray<{ id: string; name: string; contextWindow?: number | null; tags?: readonly string[] }>,\n allowlistModelIds: string[] | undefined,\n): ReadonlyArray<{ id: string; name: string; contextWindow?: number | null; tags?: readonly string[] }> {\n if (models.length > 0) return models\n return (allowlistModelIds ?? []).map((id) => ({ id, name: id }))\n}\n\nconst runtimeOverrideUpsertSchema = z.object({\n providerId: z.string().min(1).max(64).nullable().optional(),\n modelId: z.string().min(1).max(256).nullable().optional(),\n baseURL: z.string().url().max(2048).nullable().optional(),\n agentId: z.string().min(1).max(128).nullable().optional(),\n allowedOverrideProviders: z.array(z.string().min(1).max(64)).nullable().optional(),\n allowedOverrideModelsByProvider: z\n .record(z.string().min(1).max(64), z.array(z.string().min(1).max(256)))\n .optional(),\n})\n\nconst runtimeOverrideClearSchema = z.object({\n agentId: z.string().min(1).max(128).nullable().optional(),\n})\n\nexport type RuntimeOverrideUpsertBody = z.infer<typeof runtimeOverrideUpsertSchema>\nexport type RuntimeOverrideClearBody = z.infer<typeof runtimeOverrideClearSchema>\n\nexport const openApi: OpenApiRouteDoc = {\n tag: 'AI Assistant',\n summary: 'AI assistant settings',\n methods: {\n GET: { summary: 'Get AI provider configuration' },\n PUT: {\n summary: 'Upsert per-tenant AI runtime override',\n description:\n 'Creates or updates the per-tenant AI runtime override (provider, model, baseURL). ' +\n 'Optionally scoped to a specific agent via `agentId`. ' +\n 'Gated by `ai_assistant.settings.manage`. ' +\n 'baseURL must match AI_RUNTIME_BASEURL_ALLOWLIST when set.',\n requestBody: {\n contentType: 'application/json',\n description: 'Override payload. All fields nullable/optional; null explicitly clears the axis.',\n schema: runtimeOverrideUpsertSchema,\n },\n responses: [\n { status: 200, description: 'Override saved. Returns the saved row.' },\n ],\n errors: [\n { status: 400, description: 'Validation error: unknown provider, invalid URL, or baseURL not allowlisted.' },\n { status: 401, description: 'Unauthenticated.' },\n { status: 403, description: 'Caller lacks ai_assistant.settings.manage.' },\n ],\n },\n DELETE: {\n summary: 'Clear per-tenant AI runtime override',\n description:\n 'Soft-deletes the active per-tenant runtime override. ' +\n 'Pass `agentId` to clear only the agent-specific row; omit to clear the tenant-wide default. ' +\n 'Gated by `ai_assistant.settings.manage`. Idempotent \u2014 returns 200 with `cleared: false` when no active row existed.',\n requestBody: {\n contentType: 'application/json',\n description: 'Optional agentId to scope the delete.',\n schema: runtimeOverrideClearSchema,\n },\n responses: [\n { status: 200, description: 'Returns `{ cleared: boolean }` indicating whether a row was found and removed.' },\n ],\n errors: [\n { status: 401, description: 'Unauthenticated.' },\n { status: 403, description: 'Caller lacks ai_assistant.settings.manage.' },\n ],\n },\n },\n}\n\nexport const metadata = {\n GET: { requireAuth: true, requireFeatures: ['ai_assistant.view'] },\n PUT: { requireAuth: true, requireFeatures: ['ai_assistant.settings.manage'] },\n DELETE: { requireAuth: true, requireFeatures: ['ai_assistant.settings.manage'] },\n}\n\n/**\n * GET /api/ai_assistant/settings\n *\n * Returns the current OpenCode provider configuration from environment variables\n * plus the Phase 4a additive fields: resolvedDefault, tenantOverride, agents[],\n * and availableProviders[].defaultModels.\n */\nexport async function GET(req: NextRequest) {\n const auth = await getAuthFromRequest(req)\n if (!auth?.sub) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n }\n\n try {\n const env = process.env as Record<string, string | undefined>\n const configuredProviderHint = env.OM_AI_PROVIDER?.trim() || env.OPENCODE_PROVIDER?.trim() || null\n const registryProviders = llmProviderRegistry.list()\n const knownProviderIdsForAllowlist: string[] = [\n ...OPEN_CODE_PROVIDER_IDS,\n ...registryProviders\n .map((p) => p.id)\n .filter((id) => !(OPEN_CODE_PROVIDER_IDS as readonly string[]).includes(id)),\n ]\n const registryProviderId = configuredProviderHint\n ? canonicalProviderId(configuredProviderHint, registryProviders.map((provider) => provider.id))\n : null\n const registryProvider = registryProviderId ? llmProviderRegistry.get(registryProviderId) : null\n const fallbackOpenCodeProviderId = (\n (configuredProviderHint\n ? canonicalProviderId(configuredProviderHint, OPEN_CODE_PROVIDER_IDS as readonly string[])\n : null) ?? 'openai'\n ) as keyof typeof OPEN_CODE_PROVIDERS\n const fallbackOpenCodeProvider = OPEN_CODE_PROVIDERS[fallbackOpenCodeProviderId]\n\n const providerId = registryProvider?.id ?? fallbackOpenCodeProviderId\n const providerName = registryProvider?.name ?? fallbackOpenCodeProvider?.name ?? providerId\n const defaultProviderModel = registryProvider?.defaultModel ?? fallbackOpenCodeProvider?.defaultModel ?? ''\n const configuredModelHint = env.OM_AI_MODEL?.trim() || env.OPENCODE_MODEL?.trim() || defaultProviderModel\n const fallbackModelWithProvider = `${providerId}/${configuredModelHint}`\n const apiKeyConfigured = registryProvider\n ? registryProvider.isConfigured(env)\n : fallbackOpenCodeProvider\n ? isOpenCodeProviderConfigured(fallbackOpenCodeProviderId)\n : false\n const displayEnvKey = registryProvider\n ? registryProvider.getConfiguredEnvKey(env)\n : fallbackOpenCodeProvider\n ? getOpenCodeProviderConfiguredEnvKey(fallbackOpenCodeProviderId)\n : null\n\n // Check if MCP_SERVER_API_KEY is configured (required for MCP authentication)\n const mcpKeyConfigured = !!process.env.MCP_SERVER_API_KEY?.trim()\n\n // Phase 4a: resolve tenant override row and per-agent resolution matrix\n let tenantOverride: {\n providerId: string | null\n modelId: string | null\n baseURL: string | null\n agentId: string | null\n updatedAt: string\n } | null = null\n\n let agentResolutions: Array<{\n agentId: string\n moduleId: string\n allowRuntimeOverride: boolean\n allowRuntimeModelOverride: boolean\n codeDefaultProviderId: string | null\n codeDefaultModelId: string | null\n override: {\n providerId: string | null\n modelId: string | null\n baseURL: string | null\n updatedAt: string\n } | null\n runtimeOverrideAllowlist: {\n env: TenantAllowlistSnapshot | null\n tenant: TenantAllowlistSnapshot | null\n effective: ReturnType<typeof intersectAllowlists>\n envVarNames: {\n providers: string\n modelsByProvider: Record<string, string>\n }\n }\n providerId: string\n modelId: string\n baseURL: string | null\n source: string\n }> = []\n\n let resolvedDefault: {\n providerId: string\n modelId: string\n baseURL: string | null\n source: string\n } | null = null\n\n let tenantAllowlistSnapshot: TenantAllowlistSnapshot | null = null\n\n try {\n const container = await createRequestContainer()\n const tenantId = auth.tenantId ?? null\n const organizationId = auth.orgId ?? null\n\n if (tenantId) {\n const em = container.resolve<EntityManager>('em')\n const repo = new AiAgentRuntimeOverrideRepository(em)\n const overrideRow = await repo.getDefault({ tenantId, organizationId, agentId: null })\n if (overrideRow) {\n tenantOverride = {\n providerId: overrideRow.providerId ?? null,\n modelId: overrideRow.modelId ?? null,\n baseURL: overrideRow.baseUrl ?? null,\n agentId: overrideRow.agentId ?? null,\n updatedAt: overrideRow.updatedAt.toISOString(),\n }\n }\n\n const allowlistRepo = new AiTenantModelAllowlistRepository(em)\n tenantAllowlistSnapshot = await allowlistRepo.getSnapshot({\n tenantId,\n organizationId,\n })\n\n const factory = createModelFactory(container)\n const defaultResolution = factory.resolveModel({\n tenantAllowlist: tenantAllowlistSnapshot,\n tenantOverride: tenantOverride\n ? { providerId: tenantOverride.providerId, modelId: tenantOverride.modelId, baseURL: tenantOverride.baseURL }\n : undefined,\n })\n resolvedDefault = {\n providerId: defaultResolution.providerId,\n modelId: defaultResolution.modelId,\n baseURL: defaultResolution.baseURL ?? null,\n source: defaultResolution.source,\n }\n\n await loadAgentRegistry()\n const agents = listAgents()\n const agentResolutionPromises = agents.map(async (agent) => {\n const agentOverrideRow = await repo.getExact({\n tenantId,\n organizationId,\n agentId: agent.id,\n })\n const agentTenantOverride = agentOverrideRow\n ? {\n providerId: agentOverrideRow.providerId ?? null,\n modelId: agentOverrideRow.modelId ?? null,\n baseURL: agentOverrideRow.baseUrl ?? null,\n }\n : (tenantOverride ?? undefined)\n const agentResolution = factory.resolveModel({\n moduleId: agent.moduleId,\n agentDefaultModel: agent.defaultModel,\n agentDefaultProvider: agent.defaultProvider,\n agentDefaultBaseUrl: agent.defaultBaseUrl,\n allowRuntimeOverride: resolveAllowRuntimeOverride(agent),\n tenantOverride: agentTenantOverride,\n tenantAllowlist: tenantAllowlistSnapshot,\n })\n const agentEnvAllowlist = readAgentRuntimeOverrideAllowlist(\n env,\n agent.id,\n knownProviderIdsForAllowlist,\n )\n const agentTenantAllowlist = agentOverrideRow\n ? {\n allowedProviders: agentOverrideRow.allowedOverrideProviders ?? null,\n allowedModelsByProvider: agentOverrideRow.allowedOverrideModelsByProvider ?? {},\n }\n : null\n const baseEffectiveAllowlist = intersectAllowlists(\n env,\n knownProviderIdsForAllowlist,\n tenantAllowlistSnapshot,\n )\n const agentEffectiveAllowlist = intersectEffectiveAllowlistWithSnapshot(\n intersectEffectiveAllowlistWithSnapshot(\n baseEffectiveAllowlist,\n knownProviderIdsForAllowlist,\n agentEnvAllowlist,\n ),\n knownProviderIdsForAllowlist,\n agentTenantAllowlist,\n )\n const agentModelEnvVars = Object.fromEntries(\n knownProviderIdsForAllowlist.map((providerId) => [\n providerId,\n agentOverrideModelAllowlistEnvVarName(agent.id, providerId),\n ]),\n )\n return {\n agentId: agent.id,\n moduleId: agent.moduleId,\n allowRuntimeOverride: resolveAllowRuntimeOverride(agent),\n allowRuntimeModelOverride: resolveAllowRuntimeOverride(agent),\n codeDefaultProviderId: agent.defaultProvider ?? null,\n codeDefaultModelId: agent.defaultModel ?? null,\n override: agentOverrideRow\n ? {\n providerId: agentOverrideRow.providerId ?? null,\n modelId: agentOverrideRow.modelId ?? null,\n baseURL: agentOverrideRow.baseUrl ?? null,\n updatedAt: agentOverrideRow.updatedAt.toISOString(),\n }\n : null,\n runtimeOverrideAllowlist: {\n env: agentEnvAllowlist,\n tenant: hasAllowlistSnapshotRestrictions(agentTenantAllowlist)\n ? agentTenantAllowlist\n : null,\n effective: agentEffectiveAllowlist,\n envVarNames: {\n providers: agentOverrideProviderAllowlistEnvVarName(agent.id),\n modelsByProvider: agentModelEnvVars,\n },\n },\n providerId: agentResolution.providerId,\n modelId: agentResolution.modelId,\n baseURL: agentResolution.baseURL ?? null,\n source: agentResolution.source,\n }\n })\n agentResolutions = await Promise.all(agentResolutionPromises)\n }\n } catch (overrideError) {\n // Phase 4a fields are best-effort \u2014 log and continue returning the base response\n console.warn('[AI Settings] Failed to compute Phase 4a override fields:', overrideError)\n }\n\n // Build availableProviders with Phase 4a defaultModels, then clip to the\n // EFFECTIVE allowlist \u2014 env intersected with the per-tenant snapshot.\n // The env allowlist is the OUTER constraint; the tenant allowlist (Phase\n // 1780-6) narrows it further. The settings UI must never offer a value\n // the runtime would refuse to honor.\n const allowlistConfig = readAllowlistConfig(env, knownProviderIdsForAllowlist)\n const effectiveAllowlist = intersectAllowlists(\n env,\n knownProviderIdsForAllowlist,\n tenantAllowlistSnapshot,\n )\n\n const allRawProviders = [\n ...OPEN_CODE_PROVIDER_IDS.map((id) => {\n const info = OPEN_CODE_PROVIDERS[id]\n const registryProvider = llmProviderRegistry.get(id)\n return {\n id,\n name: info.name,\n defaultModel: info.defaultModel,\n envKey: getOpenCodeProviderConfiguredEnvKey(id),\n configured: isOpenCodeProviderConfigured(id),\n defaultModels: registryProvider?.defaultModels ?? [],\n }\n }),\n // Also surface any llmProviderRegistry providers not in OPEN_CODE_PROVIDER_IDS\n ...llmProviderRegistry.list()\n .filter((p) => !(OPEN_CODE_PROVIDER_IDS as readonly string[]).includes(p.id))\n .map((p) => ({\n id: p.id,\n name: p.name,\n defaultModel: p.defaultModels[0]?.id ?? '',\n envKey: null,\n configured: p.isConfigured(),\n defaultModels: p.defaultModels,\n })),\n ]\n\n const availableProviders = allRawProviders\n .filter((p) => isProviderAllowedInEffective(effectiveAllowlist, p.id))\n .map((p) => {\n const effectiveModelsList = effectiveAllowlist.modelsByProvider[p.id]\n const catalogModels = modelCatalogWithAllowlistFallback(\n p.defaultModels,\n effectiveModelsList,\n )\n const clippedDefaults = effectiveModelsList !== undefined\n ? catalogModels.filter((m) => effectiveModelsList.includes(m.id))\n : catalogModels\n return {\n ...p,\n defaultModel: effectiveModelsList && !effectiveModelsList.includes(p.defaultModel)\n ? (effectiveModelsList[0] ?? p.defaultModel)\n : p.defaultModel || clippedDefaults[0]?.id || '',\n defaultModels: clippedDefaults,\n }\n })\n\n const allowlistProviders = allRawProviders\n .filter((p) => isProviderAllowed(env, p.id))\n .map((p) => {\n const envModelsList = allowlistConfig.modelsByProvider[p.id]\n const catalogModels = modelCatalogWithAllowlistFallback(\n p.defaultModels,\n envModelsList,\n )\n const envClippedDefaults = envModelsList !== undefined\n ? catalogModels.filter((m) => envModelsList.includes(m.id))\n : catalogModels\n return {\n ...p,\n defaultModel: envModelsList && !envModelsList.includes(p.defaultModel)\n ? (envModelsList[0] ?? p.defaultModel)\n : p.defaultModel || envClippedDefaults[0]?.id || '',\n defaultModels: envClippedDefaults,\n }\n })\n\n return NextResponse.json({\n provider: {\n id: providerId,\n name: providerName,\n model: resolvedDefault\n ? `${resolvedDefault.providerId}/${resolvedDefault.modelId}`\n : fallbackModelWithProvider,\n defaultModel: defaultProviderModel,\n envKey: displayEnvKey,\n configured: apiKeyConfigured,\n },\n availableProviders,\n // Editable universe for the tenant allowlist page. This is clipped only\n // by env so tenant-hidden models remain visible and can be re-enabled.\n allowlistProviders,\n // Snapshot of the env-driven allowlist so the UI can render hints like\n // \"limited to: openai, anthropic\" without re-implementing the parser.\n allowlist: allowlistConfig,\n // Per-tenant allowlist snapshot (Phase 1780-6). `null` when no row has\n // been persisted yet \u2014 the runtime then falls back to env-only\n // enforcement. The UI uses this to drive the editable MultiSelect.\n tenantAllowlist: tenantAllowlistSnapshot,\n // Effective allowlist after intersecting env with tenant. The UI uses\n // this to render the \"what the runtime will actually accept\" summary\n // and to clip pickers without re-implementing the intersection.\n effectiveAllowlist,\n mcpKeyConfigured,\n resolvedDefault,\n tenantOverride,\n agents: agentResolutions,\n })\n } catch (error) {\n console.error('[AI Settings] GET error:', error)\n return NextResponse.json({ error: 'Failed to fetch settings' }, { status: 500 })\n }\n}\n\n/**\n * PUT /api/ai_assistant/settings\n *\n * Upserts the per-tenant AI runtime override (Phase 4a). Requires\n * `ai_assistant.settings.manage`. The body is Zod-validated; a `baseURL`\n * must match `AI_RUNTIME_BASEURL_ALLOWLIST` when that env var is set.\n */\nexport async function PUT(req: NextRequest) {\n const auth = await getAuthFromRequest(req)\n if (!auth?.sub) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n }\n\n let parsedBody: unknown\n try {\n parsedBody = await req.json()\n } catch {\n return NextResponse.json({ error: 'Request body must be valid JSON.', code: 'validation_error' }, { status: 400 })\n }\n\n const bodyResult = runtimeOverrideUpsertSchema.safeParse(parsedBody)\n if (!bodyResult.success) {\n return NextResponse.json(\n { error: 'Invalid request body.', code: 'validation_error', issues: bodyResult.error.issues },\n { status: 400 },\n )\n }\n\n const { providerId: requestedProviderId, modelId, baseURL, agentId } = bodyResult.data\n const knownProviderIdsForRequest = llmProviderRegistry.list().map((p) => p.id)\n const providerId = requestedProviderId\n ? canonicalProviderId(requestedProviderId, knownProviderIdsForRequest) ?? requestedProviderId\n : requestedProviderId\n\n if (baseURL && baseURL.trim().length > 0) {\n const allowlist = readBaseurlAllowlist()\n if (!isBaseurlAllowlisted(baseURL.trim(), allowlist)) {\n return NextResponse.json(\n {\n error: `baseURL \"${baseURL}\" is not in AI_RUNTIME_BASEURL_ALLOWLIST.`,\n code: 'baseurl_not_allowlisted',\n },\n { status: 400 },\n )\n }\n }\n\n const allowedOverrideProviders = bodyResult.data.allowedOverrideProviders === undefined\n ? undefined\n : bodyResult.data.allowedOverrideProviders?.map((id) =>\n canonicalProviderId(id, knownProviderIdsForRequest) ?? id,\n ) ?? null\n const allowedOverrideModelsByProvider = bodyResult.data.allowedOverrideModelsByProvider === undefined\n ? undefined\n : Object.fromEntries(\n Object.entries(bodyResult.data.allowedOverrideModelsByProvider ?? {}).map(([id, models]) => [\n canonicalProviderId(id, knownProviderIdsForRequest) ?? id,\n models,\n ]),\n )\n const hasRuntimeOverrideAllowlistWrite =\n allowedOverrideProviders !== undefined || allowedOverrideModelsByProvider !== undefined\n\n // Env-driven provider/model allowlist (Phase 1780-5) intersected with the\n // per-tenant allowlist (Phase 1780-6): the EFFECTIVE allowlist clips which\n // (provider, model) pairs the runtime accepts. Reject settings PUT requests\n // for pairs outside that effective set so the settings UI never persists a\n // value the runtime would later refuse. Tenant-allowlist enforcement is\n // best-effort here: if the snapshot lookup fails we fall back to env-only\n // checks (the runtime still re-clips at resolution time).\n let putEffectiveAllowlist: ReturnType<typeof intersectAllowlists> | null = null\n if (providerId || hasRuntimeOverrideAllowlistWrite) {\n try {\n const previewContainer = await createRequestContainer()\n const knownIdsForCheck = [\n ...OPEN_CODE_PROVIDER_IDS,\n ...llmProviderRegistry\n .list()\n .map((p) => p.id)\n .filter((id) => !(OPEN_CODE_PROVIDER_IDS as readonly string[]).includes(id)),\n ]\n let snapshot: TenantAllowlistSnapshot | null = null\n if (auth.tenantId) {\n try {\n const em = previewContainer.resolve<EntityManager>('em')\n const allowlistRepo = new AiTenantModelAllowlistRepository(em)\n snapshot = await allowlistRepo.getSnapshot({\n tenantId: auth.tenantId,\n organizationId: auth.orgId ?? null,\n })\n } catch {\n snapshot = null\n }\n }\n putEffectiveAllowlist = intersectAllowlists(\n process.env as Record<string, string | undefined>,\n knownIdsForCheck,\n snapshot,\n )\n } catch {\n putEffectiveAllowlist = null\n }\n\n if (providerId && putEffectiveAllowlist) {\n if (!isProviderAllowedInEffective(putEffectiveAllowlist, providerId)) {\n const source = putEffectiveAllowlist.tenantOverridesActive\n ? 'the effective allowlist (env \u2229 tenant)'\n : 'OM_AI_AVAILABLE_PROVIDERS'\n return NextResponse.json(\n {\n error: `Provider \"${providerId}\" is not in ${source}.`,\n code: 'provider_not_allowlisted',\n },\n { status: 400 },\n )\n }\n if (modelId && !isProviderModelAllowedInEffective(putEffectiveAllowlist, providerId, modelId)) {\n const source = putEffectiveAllowlist.tenantOverridesActive\n ? `the effective allowlist (env \u2229 tenant) for \"${providerId}\"`\n : modelAllowlistEnvVarName(providerId)\n return NextResponse.json(\n {\n error: `Model \"${modelId}\" is not in ${source}.`,\n code: 'model_not_allowlisted',\n },\n { status: 400 },\n )\n }\n } else if (providerId) {\n if (!isProviderAllowed(process.env, providerId)) {\n return NextResponse.json(\n {\n error: `Provider \"${requestedProviderId}\" is not in OM_AI_AVAILABLE_PROVIDERS.`,\n code: 'provider_not_allowlisted',\n },\n { status: 400 },\n )\n }\n if (modelId && !isProviderModelAllowed(process.env, providerId, modelId)) {\n return NextResponse.json(\n {\n error: `Model \"${modelId}\" is not in ${modelAllowlistEnvVarName(providerId)}.`,\n code: 'model_not_allowlisted',\n },\n { status: 400 },\n )\n }\n }\n }\n\n if (hasRuntimeOverrideAllowlistWrite && !agentId) {\n return NextResponse.json(\n {\n error: 'agentId is required when saving chat override allowlist settings.',\n code: 'agent_required',\n },\n { status: 400 },\n )\n }\n\n if (Array.isArray(allowedOverrideProviders)) {\n for (const id of allowedOverrideProviders) {\n if (putEffectiveAllowlist && !isProviderAllowedInEffective(putEffectiveAllowlist, id)) {\n return NextResponse.json(\n {\n error: `Provider \"${id}\" is not in the effective tenant allowlist; per-agent chat override choices may not widen it.`,\n code: 'provider_not_allowlisted',\n },\n { status: 400 },\n )\n }\n }\n }\n if (allowedOverrideModelsByProvider) {\n for (const [id, models] of Object.entries(allowedOverrideModelsByProvider)) {\n if (putEffectiveAllowlist && !isProviderAllowedInEffective(putEffectiveAllowlist, id)) {\n return NextResponse.json(\n {\n error: `Provider \"${id}\" is not in the effective tenant allowlist; cannot save per-agent model choices for it.`,\n code: 'provider_not_allowlisted',\n },\n { status: 400 },\n )\n }\n for (const allowedModelId of models) {\n if (\n putEffectiveAllowlist &&\n !isProviderModelAllowedInEffective(putEffectiveAllowlist, id, allowedModelId)\n ) {\n return NextResponse.json(\n {\n error: `Model \"${allowedModelId}\" is not in the effective tenant allowlist for \"${id}\".`,\n code: 'model_not_allowlisted',\n },\n { status: 400 },\n )\n }\n }\n }\n }\n\n try {\n const container = await createRequestContainer()\n const rbacService = container.resolve<RbacService>('rbacService')\n const acl = await rbacService.loadAcl(auth.sub, {\n tenantId: auth.tenantId,\n organizationId: auth.orgId,\n })\n const canManage = acl.isSuperAdmin || acl.features.includes('ai_assistant.settings.manage')\n if (!canManage) {\n return NextResponse.json({ error: 'Forbidden', code: 'forbidden' }, { status: 403 })\n }\n\n const em = container.resolve<EntityManager>('em')\n const repo = new AiAgentRuntimeOverrideRepository(em)\n const upsertInput = {\n agentId: agentId ?? null,\n ...(Object.prototype.hasOwnProperty.call(bodyResult.data, 'providerId')\n ? { providerId: providerId ?? null }\n : {}),\n ...(Object.prototype.hasOwnProperty.call(bodyResult.data, 'modelId')\n ? { modelId: modelId ?? null }\n : {}),\n ...(Object.prototype.hasOwnProperty.call(bodyResult.data, 'baseURL')\n ? { baseURL: baseURL ?? null }\n : {}),\n ...(allowedOverrideProviders !== undefined\n ? { allowedOverrideProviders }\n : {}),\n ...(allowedOverrideModelsByProvider !== undefined\n ? { allowedOverrideModelsByProvider }\n : {}),\n }\n const row = await repo.upsertDefault(\n upsertInput,\n { tenantId: auth.tenantId ?? '', organizationId: auth.orgId ?? null, userId: auth.sub },\n )\n return NextResponse.json({\n id: row.id,\n tenantId: row.tenantId,\n organizationId: row.organizationId,\n agentId: row.agentId,\n providerId: row.providerId,\n modelId: row.modelId,\n baseURL: row.baseUrl,\n allowedOverrideProviders: row.allowedOverrideProviders ?? null,\n allowedOverrideModelsByProvider: row.allowedOverrideModelsByProvider ?? {},\n updatedAt: row.updatedAt,\n })\n } catch (error) {\n if (error instanceof AiAgentRuntimeOverrideValidationError) {\n return NextResponse.json({ error: error.message, code: 'provider_unknown' }, { status: 400 })\n }\n console.error('[AI Settings] PUT error:', error)\n return NextResponse.json({ error: 'Failed to save runtime override.' }, { status: 500 })\n }\n}\n\n/**\n * DELETE /api/ai_assistant/settings\n *\n * Soft-deletes the active per-tenant AI runtime override (Phase 4a). Requires\n * `ai_assistant.settings.manage`. Pass `agentId` in the body to clear only\n * the agent-specific row; omit (or null) to clear the tenant-wide default.\n * Idempotent \u2014 returns `{ cleared: false }` when no active row was found.\n */\nexport async function DELETE(req: NextRequest) {\n const auth = await getAuthFromRequest(req)\n if (!auth?.sub) {\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })\n }\n\n let parsedBody: unknown = {}\n try {\n parsedBody = await req.json()\n } catch {\n // Body is optional for DELETE \u2014 empty body is fine\n }\n\n const bodyResult = runtimeOverrideClearSchema.safeParse(parsedBody)\n if (!bodyResult.success) {\n return NextResponse.json(\n { error: 'Invalid request body.', code: 'validation_error', issues: bodyResult.error.issues },\n { status: 400 },\n )\n }\n\n try {\n const container = await createRequestContainer()\n const rbacService = container.resolve<RbacService>('rbacService')\n const acl = await rbacService.loadAcl(auth.sub, {\n tenantId: auth.tenantId,\n organizationId: auth.orgId,\n })\n const canManage = acl.isSuperAdmin || acl.features.includes('ai_assistant.settings.manage')\n if (!canManage) {\n return NextResponse.json({ error: 'Forbidden', code: 'forbidden' }, { status: 403 })\n }\n\n const em = container.resolve<EntityManager>('em')\n const repo = new AiAgentRuntimeOverrideRepository(em)\n const cleared = await repo.clearDefault({\n tenantId: auth.tenantId ?? '',\n organizationId: auth.orgId ?? null,\n agentId: bodyResult.data.agentId ?? null,\n })\n return NextResponse.json({ cleared })\n } catch (error) {\n console.error('[AI Settings] DELETE error:', error)\n return NextResponse.json({ error: 'Failed to clear runtime override.' }, { status: 500 })\n }\n}\n"],
|
|
5
|
+
"mappings": "AAAA,SAAS,oBAAsC;AAC/C,SAAS,SAAS;AAElB,SAAS,0BAA0B;AACnC,SAAS,8BAA8B;AAGvC,SAAS,2BAA2B;AACpC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,kCAAkC,6CAA6C;AACxF,SAAS,wCAAwC;AACjD,SAAS,sBAAsB,4BAA4B;AAC3D,SAAS,mBAAmB,kBAAkB;AAC9C,SAAS,oBAAoB,mCAAmC;AAChE;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAGA;AAAA,OAEK;AAEP,SAAS,kCACP,QACA,mBACsG;AACtG,MAAI,OAAO,SAAS,EAAG,QAAO;AAC9B,UAAQ,qBAAqB,CAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,MAAM,GAAG,EAAE;AACjE;AAEA,MAAM,8BAA8B,EAAE,OAAO;AAAA,EAC3C,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,SAAS;AAAA,EAC1D,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EACxD,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,IAAI,EAAE,SAAS,EAAE,SAAS;AAAA,EACxD,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAAA,EACxD,0BAA0B,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,SAAS,EAAE,SAAS;AAAA,EACjF,iCAAiC,EAC9B,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,CAAC,CAAC,EACrE,SAAS;AACd,CAAC;AAED,MAAM,6BAA6B,EAAE,OAAO;AAAA,EAC1C,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,SAAS,EAAE,SAAS;AAC1D,CAAC;AAKM,MAAM,UAA2B;AAAA,EACtC,KAAK;AAAA,EACL,SAAS;AAAA,EACT,SAAS;AAAA,IACP,KAAK,EAAE,SAAS,gCAAgC;AAAA,IAChD,KAAK;AAAA,MACH,SAAS;AAAA,MACT,aACE;AAAA,MAIF,aAAa;AAAA,QACX,aAAa;AAAA,QACb,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,yCAAyC;AAAA,MACvE;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,+EAA+E;AAAA,QAC3G,EAAE,QAAQ,KAAK,aAAa,mBAAmB;AAAA,QAC/C,EAAE,QAAQ,KAAK,aAAa,6CAA6C;AAAA,MAC3E;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,aACE;AAAA,MAGF,aAAa;AAAA,QACX,aAAa;AAAA,QACb,aAAa;AAAA,QACb,QAAQ;AAAA,MACV;AAAA,MACA,WAAW;AAAA,QACT,EAAE,QAAQ,KAAK,aAAa,iFAAiF;AAAA,MAC/G;AAAA,MACA,QAAQ;AAAA,QACN,EAAE,QAAQ,KAAK,aAAa,mBAAmB;AAAA,QAC/C,EAAE,QAAQ,KAAK,aAAa,6CAA6C;AAAA,MAC3E;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,WAAW;AAAA,EACtB,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,mBAAmB,EAAE;AAAA,EACjE,KAAK,EAAE,aAAa,MAAM,iBAAiB,CAAC,8BAA8B,EAAE;AAAA,EAC5E,QAAQ,EAAE,aAAa,MAAM,iBAAiB,CAAC,8BAA8B,EAAE;AACjF;AASA,eAAsB,IAAI,KAAkB;AAC1C,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,KAAK;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI;AACF,UAAM,MAAM,QAAQ;AACpB,UAAM,yBAAyB,IAAI,gBAAgB,KAAK,KAAK,IAAI,mBAAmB,KAAK,KAAK;AAC9F,UAAM,oBAAoB,oBAAoB,KAAK;AACnD,UAAM,+BAAyC;AAAA,MAC7C,GAAG;AAAA,MACH,GAAG,kBACA,IAAI,CAAC,MAAM,EAAE,EAAE,EACf,OAAO,CAAC,OAAO,CAAE,uBAA6C,SAAS,EAAE,CAAC;AAAA,IAC/E;AACA,UAAM,qBAAqB,yBACvB,oBAAoB,wBAAwB,kBAAkB,IAAI,CAAC,aAAa,SAAS,EAAE,CAAC,IAC5F;AACJ,UAAM,mBAAmB,qBAAqB,oBAAoB,IAAI,kBAAkB,IAAI;AAC5F,UAAM,8BACH,yBACG,oBAAoB,wBAAwB,sBAA2C,IACvF,SAAS;AAEf,UAAM,2BAA2B,oBAAoB,0BAA0B;AAE/E,UAAM,aAAa,kBAAkB,MAAM;AAC3C,UAAM,eAAe,kBAAkB,QAAQ,0BAA0B,QAAQ;AACjF,UAAM,uBAAuB,kBAAkB,gBAAgB,0BAA0B,gBAAgB;AACzG,UAAM,sBAAsB,IAAI,aAAa,KAAK,KAAK,IAAI,gBAAgB,KAAK,KAAK;AACrF,UAAM,4BAA4B,GAAG,UAAU,IAAI,mBAAmB;AACtE,UAAM,mBAAmB,mBACrB,iBAAiB,aAAa,GAAG,IACjC,2BACE,6BAA6B,0BAA0B,IACvD;AACN,UAAM,gBAAgB,mBAClB,iBAAiB,oBAAoB,GAAG,IACxC,2BACE,oCAAoC,0BAA0B,IAC9D;AAGN,UAAM,mBAAmB,CAAC,CAAC,QAAQ,IAAI,oBAAoB,KAAK;AAGhE,QAAI,iBAMO;AAEX,QAAI,mBA0BC,CAAC;AAEN,QAAI,kBAKO;AAEX,QAAI,0BAA0D;AAE9D,QAAI;AACF,YAAM,YAAY,MAAM,uBAAuB;AAC/C,YAAM,WAAW,KAAK,YAAY;AAClC,YAAM,iBAAiB,KAAK,SAAS;AAErC,UAAI,UAAU;AACZ,cAAM,KAAK,UAAU,QAAuB,IAAI;AAChD,cAAM,OAAO,IAAI,iCAAiC,EAAE;AACpD,cAAM,cAAc,MAAM,KAAK,WAAW,EAAE,UAAU,gBAAgB,SAAS,KAAK,CAAC;AACrF,YAAI,aAAa;AACf,2BAAiB;AAAA,YACf,YAAY,YAAY,cAAc;AAAA,YACtC,SAAS,YAAY,WAAW;AAAA,YAChC,SAAS,YAAY,WAAW;AAAA,YAChC,SAAS,YAAY,WAAW;AAAA,YAChC,WAAW,YAAY,UAAU,YAAY;AAAA,UAC/C;AAAA,QACF;AAEA,cAAM,gBAAgB,IAAI,iCAAiC,EAAE;AAC7D,kCAA0B,MAAM,cAAc,YAAY;AAAA,UACxD;AAAA,UACA;AAAA,QACF,CAAC;AAED,cAAM,UAAU,mBAAmB,SAAS;AAC5C,cAAM,oBAAoB,QAAQ,aAAa;AAAA,UAC7C,iBAAiB;AAAA,UACjB,gBAAgB,iBACZ,EAAE,YAAY,eAAe,YAAY,SAAS,eAAe,SAAS,SAAS,eAAe,QAAQ,IAC1G;AAAA,QACN,CAAC;AACD,0BAAkB;AAAA,UAChB,YAAY,kBAAkB;AAAA,UAC9B,SAAS,kBAAkB;AAAA,UAC3B,SAAS,kBAAkB,WAAW;AAAA,UACtC,QAAQ,kBAAkB;AAAA,QAC5B;AAEA,cAAM,kBAAkB;AACxB,cAAM,SAAS,WAAW;AAC1B,cAAM,0BAA0B,OAAO,IAAI,OAAO,UAAU;AAC1D,gBAAM,mBAAmB,MAAM,KAAK,SAAS;AAAA,YAC3C;AAAA,YACA;AAAA,YACA,SAAS,MAAM;AAAA,UACjB,CAAC;AACD,gBAAM,sBAAsB,mBACxB;AAAA,YACE,YAAY,iBAAiB,cAAc;AAAA,YAC3C,SAAS,iBAAiB,WAAW;AAAA,YACrC,SAAS,iBAAiB,WAAW;AAAA,UACvC,IACC,kBAAkB;AACvB,gBAAM,kBAAkB,QAAQ,aAAa;AAAA,YAC3C,UAAU,MAAM;AAAA,YAChB,mBAAmB,MAAM;AAAA,YACzB,sBAAsB,MAAM;AAAA,YAC5B,qBAAqB,MAAM;AAAA,YAC3B,sBAAsB,4BAA4B,KAAK;AAAA,YACvD,gBAAgB;AAAA,YAChB,iBAAiB;AAAA,UACnB,CAAC;AACD,gBAAM,oBAAoB;AAAA,YACxB;AAAA,YACA,MAAM;AAAA,YACN;AAAA,UACF;AACA,gBAAM,uBAAuB,mBACzB;AAAA,YACE,kBAAkB,iBAAiB,4BAA4B;AAAA,YAC/D,yBAAyB,iBAAiB,mCAAmC,CAAC;AAAA,UAChF,IACA;AACJ,gBAAM,yBAAyB;AAAA,YAC7B;AAAA,YACA;AAAA,YACA;AAAA,UACF;AACA,gBAAM,0BAA0B;AAAA,YAC9B;AAAA,cACE;AAAA,cACA;AAAA,cACA;AAAA,YACF;AAAA,YACA;AAAA,YACA;AAAA,UACF;AACA,gBAAM,oBAAoB,OAAO;AAAA,YAC/B,6BAA6B,IAAI,CAACA,gBAAe;AAAA,cAC/CA;AAAA,cACA,sCAAsC,MAAM,IAAIA,WAAU;AAAA,YAC5D,CAAC;AAAA,UACH;AACA,iBAAO;AAAA,YACL,SAAS,MAAM;AAAA,YACf,UAAU,MAAM;AAAA,YAChB,sBAAsB,4BAA4B,KAAK;AAAA,YACvD,2BAA2B,4BAA4B,KAAK;AAAA,YAC5D,uBAAuB,MAAM,mBAAmB;AAAA,YAChD,oBAAoB,MAAM,gBAAgB;AAAA,YAC1C,UAAU,mBACN;AAAA,cACE,YAAY,iBAAiB,cAAc;AAAA,cAC3C,SAAS,iBAAiB,WAAW;AAAA,cACrC,SAAS,iBAAiB,WAAW;AAAA,cACrC,WAAW,iBAAiB,UAAU,YAAY;AAAA,YACpD,IACA;AAAA,YACJ,0BAA0B;AAAA,cACxB,KAAK;AAAA,cACL,QAAQ,iCAAiC,oBAAoB,IACzD,uBACA;AAAA,cACJ,WAAW;AAAA,cACX,aAAa;AAAA,gBACX,WAAW,yCAAyC,MAAM,EAAE;AAAA,gBAC5D,kBAAkB;AAAA,cACpB;AAAA,YACF;AAAA,YACA,YAAY,gBAAgB;AAAA,YAC5B,SAAS,gBAAgB;AAAA,YACzB,SAAS,gBAAgB,WAAW;AAAA,YACpC,QAAQ,gBAAgB;AAAA,UAC1B;AAAA,QACF,CAAC;AACD,2BAAmB,MAAM,QAAQ,IAAI,uBAAuB;AAAA,MAC9D;AAAA,IACF,SAAS,eAAe;AAEtB,cAAQ,KAAK,6DAA6D,aAAa;AAAA,IACzF;AAOA,UAAM,kBAAkB,oBAAoB,KAAK,4BAA4B;AAC7E,UAAM,qBAAqB;AAAA,MACzB;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,UAAM,kBAAkB;AAAA,MACtB,GAAG,uBAAuB,IAAI,CAAC,OAAO;AACpC,cAAM,OAAO,oBAAoB,EAAE;AACnC,cAAMC,oBAAmB,oBAAoB,IAAI,EAAE;AACnD,eAAO;AAAA,UACL;AAAA,UACA,MAAM,KAAK;AAAA,UACX,cAAc,KAAK;AAAA,UACnB,QAAQ,oCAAoC,EAAE;AAAA,UAC9C,YAAY,6BAA6B,EAAE;AAAA,UAC3C,eAAeA,mBAAkB,iBAAiB,CAAC;AAAA,QACrD;AAAA,MACF,CAAC;AAAA;AAAA,MAED,GAAG,oBAAoB,KAAK,EACzB,OAAO,CAAC,MAAM,CAAE,uBAA6C,SAAS,EAAE,EAAE,CAAC,EAC3E,IAAI,CAAC,OAAO;AAAA,QACX,IAAI,EAAE;AAAA,QACN,MAAM,EAAE;AAAA,QACR,cAAc,EAAE,cAAc,CAAC,GAAG,MAAM;AAAA,QACxC,QAAQ;AAAA,QACR,YAAY,EAAE,aAAa;AAAA,QAC3B,eAAe,EAAE;AAAA,MACnB,EAAE;AAAA,IACN;AAEA,UAAM,qBAAqB,gBACxB,OAAO,CAAC,MAAM,6BAA6B,oBAAoB,EAAE,EAAE,CAAC,EACpE,IAAI,CAAC,MAAM;AACV,YAAM,sBAAsB,mBAAmB,iBAAiB,EAAE,EAAE;AACpE,YAAM,gBAAgB;AAAA,QACpB,EAAE;AAAA,QACF;AAAA,MACF;AACA,YAAM,kBAAkB,wBAAwB,SAC5C,cAAc,OAAO,CAAC,MAAM,oBAAoB,SAAS,EAAE,EAAE,CAAC,IAC9D;AACJ,aAAO;AAAA,QACL,GAAG;AAAA,QACH,cAAc,uBAAuB,CAAC,oBAAoB,SAAS,EAAE,YAAY,IAC5E,oBAAoB,CAAC,KAAK,EAAE,eAC7B,EAAE,gBAAgB,gBAAgB,CAAC,GAAG,MAAM;AAAA,QAChD,eAAe;AAAA,MACjB;AAAA,IACF,CAAC;AAEH,UAAM,qBAAqB,gBACxB,OAAO,CAAC,MAAM,kBAAkB,KAAK,EAAE,EAAE,CAAC,EAC1C,IAAI,CAAC,MAAM;AACV,YAAM,gBAAgB,gBAAgB,iBAAiB,EAAE,EAAE;AAC3D,YAAM,gBAAgB;AAAA,QACpB,EAAE;AAAA,QACF;AAAA,MACF;AACA,YAAM,qBAAqB,kBAAkB,SACzC,cAAc,OAAO,CAAC,MAAM,cAAc,SAAS,EAAE,EAAE,CAAC,IACxD;AACJ,aAAO;AAAA,QACL,GAAG;AAAA,QACH,cAAc,iBAAiB,CAAC,cAAc,SAAS,EAAE,YAAY,IAChE,cAAc,CAAC,KAAK,EAAE,eACvB,EAAE,gBAAgB,mBAAmB,CAAC,GAAG,MAAM;AAAA,QACnD,eAAe;AAAA,MACjB;AAAA,IACF,CAAC;AAEH,WAAO,aAAa,KAAK;AAAA,MACvB,UAAU;AAAA,QACR,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,OAAO,kBACH,GAAG,gBAAgB,UAAU,IAAI,gBAAgB,OAAO,KACxD;AAAA,QACJ,cAAc;AAAA,QACd,QAAQ;AAAA,QACR,YAAY;AAAA,MACd;AAAA,MACA;AAAA;AAAA;AAAA,MAGA;AAAA;AAAA;AAAA,MAGA,WAAW;AAAA;AAAA;AAAA;AAAA,MAIX,iBAAiB;AAAA;AAAA;AAAA;AAAA,MAIjB;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IACV,CAAC;AAAA,EACH,SAAS,OAAO;AACd,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,WAAO,aAAa,KAAK,EAAE,OAAO,2BAA2B,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACjF;AACF;AASA,eAAsB,IAAI,KAAkB;AAC1C,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,KAAK;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI;AACJ,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AACN,WAAO,aAAa,KAAK,EAAE,OAAO,oCAAoC,MAAM,mBAAmB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACnH;AAEA,QAAM,aAAa,4BAA4B,UAAU,UAAU;AACnE,MAAI,CAAC,WAAW,SAAS;AACvB,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,yBAAyB,MAAM,oBAAoB,QAAQ,WAAW,MAAM,OAAO;AAAA,MAC5F,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,QAAM,EAAE,YAAY,qBAAqB,SAAS,SAAS,QAAQ,IAAI,WAAW;AAClF,QAAM,6BAA6B,oBAAoB,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,EAAE;AAC7E,QAAM,aAAa,sBACf,oBAAoB,qBAAqB,0BAA0B,KAAK,sBACxE;AAEJ,MAAI,WAAW,QAAQ,KAAK,EAAE,SAAS,GAAG;AACxC,UAAM,YAAY,qBAAqB;AACvC,QAAI,CAAC,qBAAqB,QAAQ,KAAK,GAAG,SAAS,GAAG;AACpD,aAAO,aAAa;AAAA,QAClB;AAAA,UACE,OAAO,YAAY,OAAO;AAAA,UAC1B,MAAM;AAAA,QACR;AAAA,QACA,EAAE,QAAQ,IAAI;AAAA,MAChB;AAAA,IACF;AAAA,EACF;AAEA,QAAM,2BAA2B,WAAW,KAAK,6BAA6B,SAC1E,SACA,WAAW,KAAK,0BAA0B;AAAA,IAAI,CAAC,OAC7C,oBAAoB,IAAI,0BAA0B,KAAK;AAAA,EACzD,KAAK;AACT,QAAM,kCAAkC,WAAW,KAAK,oCAAoC,SACxF,SACA,OAAO;AAAA,IACL,OAAO,QAAQ,WAAW,KAAK,mCAAmC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,IAAI,MAAM,MAAM;AAAA,MAC1F,oBAAoB,IAAI,0BAA0B,KAAK;AAAA,MACvD;AAAA,IACF,CAAC;AAAA,EACH;AACJ,QAAM,mCACJ,6BAA6B,UAAa,oCAAoC;AAShF,MAAI,wBAAuE;AAC3E,MAAI,cAAc,kCAAkC;AAClD,QAAI;AACF,YAAM,mBAAmB,MAAM,uBAAuB;AACtD,YAAM,mBAAmB;AAAA,QACvB,GAAG;AAAA,QACH,GAAG,oBACA,KAAK,EACL,IAAI,CAAC,MAAM,EAAE,EAAE,EACf,OAAO,CAAC,OAAO,CAAE,uBAA6C,SAAS,EAAE,CAAC;AAAA,MAC/E;AACA,UAAI,WAA2C;AAC/C,UAAI,KAAK,UAAU;AACjB,YAAI;AACF,gBAAM,KAAK,iBAAiB,QAAuB,IAAI;AACvD,gBAAM,gBAAgB,IAAI,iCAAiC,EAAE;AAC7D,qBAAW,MAAM,cAAc,YAAY;AAAA,YACzC,UAAU,KAAK;AAAA,YACf,gBAAgB,KAAK,SAAS;AAAA,UAChC,CAAC;AAAA,QACH,QAAQ;AACN,qBAAW;AAAA,QACb;AAAA,MACF;AACA,8BAAwB;AAAA,QACtB,QAAQ;AAAA,QACR;AAAA,QACA;AAAA,MACF;AAAA,IACF,QAAQ;AACN,8BAAwB;AAAA,IAC1B;AAEA,QAAI,cAAc,uBAAuB;AACvC,UAAI,CAAC,6BAA6B,uBAAuB,UAAU,GAAG;AACpE,cAAM,SAAS,sBAAsB,wBACjC,gDACA;AACJ,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,aAAa,UAAU,eAAe,MAAM;AAAA,YACnD,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AACA,UAAI,WAAW,CAAC,kCAAkC,uBAAuB,YAAY,OAAO,GAAG;AAC7F,cAAM,SAAS,sBAAsB,wBACjC,oDAA+C,UAAU,MACzD,yBAAyB,UAAU;AACvC,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,UAAU,OAAO,eAAe,MAAM;AAAA,YAC7C,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF,WAAW,YAAY;AACrB,UAAI,CAAC,kBAAkB,QAAQ,KAAK,UAAU,GAAG;AAC/C,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,aAAa,mBAAmB;AAAA,YACvC,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AACA,UAAI,WAAW,CAAC,uBAAuB,QAAQ,KAAK,YAAY,OAAO,GAAG;AACxE,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,UAAU,OAAO,eAAe,yBAAyB,UAAU,CAAC;AAAA,YAC3E,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI,oCAAoC,CAAC,SAAS;AAChD,WAAO,aAAa;AAAA,MAClB;AAAA,QACE,OAAO;AAAA,QACP,MAAM;AAAA,MACR;AAAA,MACA,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,MAAI,MAAM,QAAQ,wBAAwB,GAAG;AAC3C,eAAW,MAAM,0BAA0B;AACzC,UAAI,yBAAyB,CAAC,6BAA6B,uBAAuB,EAAE,GAAG;AACrF,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,aAAa,EAAE;AAAA,YACtB,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACA,MAAI,iCAAiC;AACnC,eAAW,CAAC,IAAI,MAAM,KAAK,OAAO,QAAQ,+BAA+B,GAAG;AAC1E,UAAI,yBAAyB,CAAC,6BAA6B,uBAAuB,EAAE,GAAG;AACrF,eAAO,aAAa;AAAA,UAClB;AAAA,YACE,OAAO,aAAa,EAAE;AAAA,YACtB,MAAM;AAAA,UACR;AAAA,UACA,EAAE,QAAQ,IAAI;AAAA,QAChB;AAAA,MACF;AACA,iBAAW,kBAAkB,QAAQ;AACnC,YACE,yBACA,CAAC,kCAAkC,uBAAuB,IAAI,cAAc,GAC5E;AACA,iBAAO,aAAa;AAAA,YAClB;AAAA,cACE,OAAO,UAAU,cAAc,mDAAmD,EAAE;AAAA,cACpF,MAAM;AAAA,YACR;AAAA,YACA,EAAE,QAAQ,IAAI;AAAA,UAChB;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,cAAc,UAAU,QAAqB,aAAa;AAChE,UAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK;AAAA,MAC9C,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AACD,UAAM,YAAY,IAAI,gBAAgB,IAAI,SAAS,SAAS,8BAA8B;AAC1F,QAAI,CAAC,WAAW;AACd,aAAO,aAAa,KAAK,EAAE,OAAO,aAAa,MAAM,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACrF;AAEA,UAAM,KAAK,UAAU,QAAuB,IAAI;AAChD,UAAM,OAAO,IAAI,iCAAiC,EAAE;AACpD,UAAM,cAAc;AAAA,MAClB,SAAS,WAAW;AAAA,MACpB,GAAI,OAAO,UAAU,eAAe,KAAK,WAAW,MAAM,YAAY,IAClE,EAAE,YAAY,cAAc,KAAK,IACjC,CAAC;AAAA,MACL,GAAI,OAAO,UAAU,eAAe,KAAK,WAAW,MAAM,SAAS,IAC/D,EAAE,SAAS,WAAW,KAAK,IAC3B,CAAC;AAAA,MACL,GAAI,OAAO,UAAU,eAAe,KAAK,WAAW,MAAM,SAAS,IAC/D,EAAE,SAAS,WAAW,KAAK,IAC3B,CAAC;AAAA,MACL,GAAI,6BAA6B,SAC7B,EAAE,yBAAyB,IAC3B,CAAC;AAAA,MACL,GAAI,oCAAoC,SACpC,EAAE,gCAAgC,IAClC,CAAC;AAAA,IACP;AACA,UAAM,MAAM,MAAM,KAAK;AAAA,MACrB;AAAA,MACA,EAAE,UAAU,KAAK,YAAY,IAAI,gBAAgB,KAAK,SAAS,MAAM,QAAQ,KAAK,IAAI;AAAA,IACxF;AACA,WAAO,aAAa,KAAK;AAAA,MACvB,IAAI,IAAI;AAAA,MACR,UAAU,IAAI;AAAA,MACd,gBAAgB,IAAI;AAAA,MACpB,SAAS,IAAI;AAAA,MACb,YAAY,IAAI;AAAA,MAChB,SAAS,IAAI;AAAA,MACb,SAAS,IAAI;AAAA,MACb,0BAA0B,IAAI,4BAA4B;AAAA,MAC1D,iCAAiC,IAAI,mCAAmC,CAAC;AAAA,MACzE,WAAW,IAAI;AAAA,IACjB,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,iBAAiB,uCAAuC;AAC1D,aAAO,aAAa,KAAK,EAAE,OAAO,MAAM,SAAS,MAAM,mBAAmB,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC9F;AACA,YAAQ,MAAM,4BAA4B,KAAK;AAC/C,WAAO,aAAa,KAAK,EAAE,OAAO,mCAAmC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACzF;AACF;AAUA,eAAsB,OAAO,KAAkB;AAC7C,QAAM,OAAO,MAAM,mBAAmB,GAAG;AACzC,MAAI,CAAC,MAAM,KAAK;AACd,WAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EACrE;AAEA,MAAI,aAAsB,CAAC;AAC3B,MAAI;AACF,iBAAa,MAAM,IAAI,KAAK;AAAA,EAC9B,QAAQ;AAAA,EAER;AAEA,QAAM,aAAa,2BAA2B,UAAU,UAAU;AAClE,MAAI,CAAC,WAAW,SAAS;AACvB,WAAO,aAAa;AAAA,MAClB,EAAE,OAAO,yBAAyB,MAAM,oBAAoB,QAAQ,WAAW,MAAM,OAAO;AAAA,MAC5F,EAAE,QAAQ,IAAI;AAAA,IAChB;AAAA,EACF;AAEA,MAAI;AACF,UAAM,YAAY,MAAM,uBAAuB;AAC/C,UAAM,cAAc,UAAU,QAAqB,aAAa;AAChE,UAAM,MAAM,MAAM,YAAY,QAAQ,KAAK,KAAK;AAAA,MAC9C,UAAU,KAAK;AAAA,MACf,gBAAgB,KAAK;AAAA,IACvB,CAAC;AACD,UAAM,YAAY,IAAI,gBAAgB,IAAI,SAAS,SAAS,8BAA8B;AAC1F,QAAI,CAAC,WAAW;AACd,aAAO,aAAa,KAAK,EAAE,OAAO,aAAa,MAAM,YAAY,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IACrF;AAEA,UAAM,KAAK,UAAU,QAAuB,IAAI;AAChD,UAAM,OAAO,IAAI,iCAAiC,EAAE;AACpD,UAAM,UAAU,MAAM,KAAK,aAAa;AAAA,MACtC,UAAU,KAAK,YAAY;AAAA,MAC3B,gBAAgB,KAAK,SAAS;AAAA,MAC9B,SAAS,WAAW,KAAK,WAAW;AAAA,IACtC,CAAC;AACD,WAAO,aAAa,KAAK,EAAE,QAAQ,CAAC;AAAA,EACtC,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,KAAK;AAClD,WAAO,aAAa,KAAK,EAAE,OAAO,oCAAoC,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,EAC1F;AACF;",
|
|
6
6
|
"names": ["providerId", "registryProvider"]
|
|
7
7
|
}
|