@openhands/agent-canvas 1.0.0-beta.5 → 1.0.0-beta.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (879) hide show
  1. package/README.md +24 -7
  2. package/README.windows.md +27 -0
  3. package/bin/agent-canvas.mjs +26 -3
  4. package/build/assets/{QueryClientProvider-CkGuhXg-.js → QueryClientProvider-Cnr-Yl3j.js} +1 -1
  5. package/build/assets/{Trans-Cvm_-SMi.js → Trans-4jmk54WC.js} +1 -1
  6. package/build/assets/acp-providers-CPdgcp13.js +1 -0
  7. package/build/assets/{acp-route-guard-B2yoBZ_4.js → acp-route-guard-BoVmCn0e.js} +1 -1
  8. package/build/assets/active-backend-context-Beu-LZL-.js +1 -0
  9. package/build/assets/add-backend-modal-BheqYXHK.js +1 -0
  10. package/build/assets/agent-server-client-options-HEOwGVIU.js +1 -0
  11. package/build/assets/agent-server-compatibility-CdI3N7dr.js +1 -0
  12. package/build/assets/agent-server-conversation-service.api-CORdqJZg.js +5 -0
  13. package/build/assets/{agent-settings-CnGSCmK8.js → agent-settings-UFvcGjoI.js} +1 -1
  14. package/build/assets/{alert-banner-DtzAX654.js → alert-banner-DFnn_lC6.js} +1 -1
  15. package/build/assets/{analytics-consent-form-modal-CHZ3I37v.js → analytics-consent-form-modal-CVNugqzu.js} +1 -1
  16. package/build/assets/api-key-entry-screen-M6su2VSf.js +1 -0
  17. package/build/assets/{app-settings-Db9ITeJH.js → app-settings-BlvBhBdc.js} +1 -1
  18. package/build/assets/automation-detail-BWrQk4Oa.js +1 -0
  19. package/build/assets/automations-list-ux9KvYsU.js +1 -0
  20. package/build/assets/back-nav-button-7dQJ2k3O.js +1 -0
  21. package/build/assets/backend-form-modal-CDnEYjaU.js +1 -0
  22. package/build/assets/{backend-synced-settings-badge-Dc6c7GT4.js → backend-synced-settings-badge-BTIj-Ffq.js} +1 -1
  23. package/build/assets/base-modal-C2oy2EBG.js +1 -0
  24. package/build/assets/brand-button-DJ_S16rO.js +1 -0
  25. package/build/assets/{browser-D810xUYt.js → browser-CGM-k-sH.js} +2 -2
  26. package/build/assets/browser-store-DAsixKdU.js +1 -0
  27. package/build/assets/{browser-tab-B-aIqXRl.js → browser-tab-dvSPdvkm.js} +1 -1
  28. package/build/assets/{checkmark-DL7acQA7.js → checkmark-Dus0b6jt.js} +1 -1
  29. package/build/assets/{chevron-left-small-CVWf8TI6.js → chevron-left-small-_uvG7RVM.js} +1 -1
  30. package/build/assets/{circle-plus-check-toggle-P7ZZToV4.js → circle-plus-check-toggle-DKS8MAVV.js} +1 -1
  31. package/build/assets/{close-B5LROHR3.js → close-BU5iTc66.js} +1 -1
  32. package/build/assets/code-tag-BzyqOtPD.js +1 -0
  33. package/build/assets/combobox-caret-BJC7XJsz.js +1 -0
  34. package/build/assets/{command-store-DFN_17p1.js → command-store-CE1weJy8.js} +1 -1
  35. package/build/assets/{condenser-settings-wnEKhBof.js → condenser-settings-BolbDvm5.js} +1 -1
  36. package/build/assets/{confirmation-modal-Dau3w_sa.js → confirmation-modal-B5Ca6qFE.js} +1 -1
  37. package/build/assets/context-menu-list-item-7tAcm2c3.js +1 -0
  38. package/build/assets/conversation-D0N4dw_p.js +19 -0
  39. package/build/assets/conversation-DhRJuZLG.js +1 -0
  40. package/build/assets/conversation-panel-CNqHbS_Z.js +1 -0
  41. package/build/assets/conversation-service.api-BsJy6uuL.js +1 -0
  42. package/build/assets/conversation-state-store-D-w0uurj.js +1 -0
  43. package/build/assets/conversation-store-CC-isCnP.js +1 -0
  44. package/build/assets/{conversation-tab-empty-state-DyssnnWa.js → conversation-tab-empty-state-CStQLPVW.js} +1 -1
  45. package/build/assets/conversation-websocket-context-DvHgx_FE.js +3 -0
  46. package/build/assets/{copy-DYgmUdIw.js → copy-Chg-sFu3.js} +1 -1
  47. package/build/assets/{custom-toast-handlers-C-SZFmto.js → custom-toast-handlers-ufGJ6_Rc.js} +1 -1
  48. package/build/assets/declaration-CR6HMp29.js +1 -0
  49. package/build/assets/{device-verify-DqDlphsG.js → device-verify-C6mj28zv.js} +1 -1
  50. package/build/assets/dist-DNeWJ2bh.js +1 -0
  51. package/build/assets/dropdown-classes-BsVmxlNG.js +1 -0
  52. package/build/assets/edit-automation-modal-BpX-t-HD.js +1 -0
  53. package/build/assets/ellipsis-button-Vh5MvRZa.js +1 -0
  54. package/build/assets/entry.client-Ck9rQCg-.js +2 -0
  55. package/build/assets/enum-filter-dropdown-5JeF2RLb.js +1 -0
  56. package/build/assets/{environment-switch-overlay-XL8yCGP6.js → environment-switch-overlay-Tf_BIfeR.js} +1 -1
  57. package/build/assets/extensions-hub-CE9QOb5n.js +1 -0
  58. package/build/assets/{extensions-navigation-BYR8Giqq.js → extensions-navigation-DSLGNGbS.js} +1 -1
  59. package/build/assets/file-BTY6Gyy9.js +1 -0
  60. package/build/assets/files-tab-cL668j1I.js +1 -0
  61. package/build/assets/files-tab-store-m0ARqX_E.js +1 -0
  62. package/build/assets/{folder-ZZJVGgd7.js → folder-D1T2W1cj.js} +1 -1
  63. package/build/assets/git-control-bar-branch-button-DtIrOrie.js +27 -0
  64. package/build/assets/git-provider-icon-CHdGBdU2.js +1 -0
  65. package/build/assets/globe-Bzj_0oXT.js +1 -0
  66. package/build/assets/home-Cz2Veg56.js +1 -0
  67. package/build/assets/{i18n-CTohRuoO.js → i18n-DET2iOyh.js} +1 -1
  68. package/build/assets/install-server-modal-B9nXCS3u.js +1 -0
  69. package/build/assets/launch-CWz0dm4o.js +1 -0
  70. package/build/assets/{lesson-plan-dH5Bj0pN.js → lesson-plan-duSsqWVs.js} +1 -1
  71. package/build/assets/link-external-DGxVm4Ps.js +1 -0
  72. package/build/assets/{llm-client-DaH1TuyR.js → llm-client-CYEaUjGx.js} +1 -1
  73. package/build/assets/llm-settings-DFkXHuvT.js +1 -0
  74. package/build/assets/llm-settings-DhrdCXqX.js +1 -0
  75. package/build/assets/{loading-spinner-BPtYORNK.js → loading-spinner-5GT9q1xy.js} +1 -1
  76. package/build/assets/manage-backends-modal-DpBD_vR9.js +1 -0
  77. package/build/assets/manage-workspaces-modal-CtRbxREx.js +1 -0
  78. package/build/assets/manifest-eed90ff5.js +1 -0
  79. package/build/assets/{markdown-renderer-DMzf2i4x.js → markdown-renderer-B3IAVfv4.js} +1 -1
  80. package/build/assets/mcp-BUe7kiYM.js +9 -0
  81. package/build/assets/messages-dqp_KYyl.js +36 -0
  82. package/build/assets/{modal-backdrop-BAbgYsqB.js → modal-backdrop-RfNCrSpK.js} +1 -1
  83. package/build/assets/{modal-body-BI6Ru2Qr.js → modal-body-aoa2fx5W.js} +1 -1
  84. package/build/assets/modal-classes-6YqcqA6y.js +1 -0
  85. package/build/assets/{modal-close-button-t1Gh3qmL.js → modal-close-button-CtWOUMmw.js} +1 -1
  86. package/build/assets/{model-selector-SM9IUz-q.js → model-selector-BvSTrkhT.js} +1 -1
  87. package/build/assets/{navigation-context-D0YWpT8d.js → navigation-context-BdKYH32C.js} +1 -1
  88. package/build/assets/{navigation-link-Cn7KP3c5.js → navigation-link-U4vY9i_C.js} +1 -1
  89. package/build/assets/{openhands-logo-CnrF6LKb.js → openhands-logo-CCo0wJZX.js} +1 -1
  90. package/build/assets/{option-service.api-KvY_mZMY.js → option-service.api-DmNVxAvS.js} +1 -1
  91. package/build/assets/{organization-service.api-DzYTHTYC.js → organization-service.api-DbnougaQ.js} +1 -1
  92. package/build/assets/{path-utils-C3bQf6lJ.js → path-utils-onx24uF5.js} +1 -1
  93. package/build/assets/{plan-components-atxXCF0R.js → plan-components-CRDMQzsS.js} +1 -1
  94. package/build/assets/{planner-tab-BlrCpv-7.js → planner-tab-CmIjLz7q.js} +1 -1
  95. package/build/assets/{profiles-client-D6IkTJof.js → profiles-client-fEmgWkCW.js} +1 -1
  96. package/build/assets/{providers-Bx6EfrzZ.js → providers-CbD7fiic.js} +1 -1
  97. package/build/assets/proxy-BAdHH8QB.js +1 -0
  98. package/build/assets/{query-client-config-B7u9asM0.js → query-client-config-CRnGSujB.js} +1 -1
  99. package/build/assets/{recommended-automations-launcher-BQChv2rc.js → recommended-automations-launcher-uTyODuzB.js} +3 -3
  100. package/build/assets/{root-BgEbw3S0.js → root-DmjpFpTu.js} +2 -2
  101. package/build/assets/root-Z2VHU4R3.css +1 -0
  102. package/build/assets/root-layout-DejMsKhy.js +2 -0
  103. package/build/assets/{sdk-section-page-DOIKvwSL.js → sdk-section-page-BgDlMhcq.js} +1 -1
  104. package/build/assets/{sdk-settings-schema-DsUf9wu1.js → sdk-settings-schema-CLmJ9sho.js} +1 -1
  105. package/build/assets/{search-27Owlc3A.js → search-SuJctqNJ.js} +1 -1
  106. package/build/assets/secrets-service-B7CxNinp.js +1 -0
  107. package/build/assets/secrets-settings-yK7CqIpm.js +1 -0
  108. package/build/assets/{server-client-DyAQ3NZ_.js → server-client-Kh4QSwDJ.js} +1 -1
  109. package/build/assets/{settings-BYkVX7vW.js → settings-DN5PpgRD.js} +1 -1
  110. package/build/assets/{settings-dropdown-input-BJYvGdg-.js → settings-dropdown-input-BtoovFre.js} +1 -1
  111. package/build/assets/{settings-gear-C77PgE_O.js → settings-gear-Dd8K2_8B.js} +1 -1
  112. package/build/assets/settings-index-DKC8IY1P.js +1 -0
  113. package/build/assets/{settings-input-Bn7F5C75.js → settings-input-CehsXnb3.js} +1 -1
  114. package/build/assets/settings-list-classes-E3v_f6QG.js +1 -0
  115. package/build/assets/settings-modal-DJ4kGzUx.js +1 -0
  116. package/build/assets/{settings-section-header-context-BgZe5YkE.js → settings-section-header-context-DewwJ0-F.js} +1 -1
  117. package/build/assets/settings-service.api-C3rxTtPj.js +1 -0
  118. package/build/assets/{settings-switch-BeIKrWms.js → settings-switch-BiBuS3xa.js} +1 -1
  119. package/build/assets/{settings-utils-B6Nl07io.js → settings-utils-DY04tWG1.js} +1 -1
  120. package/build/assets/{shared-conversation-AMyqXvpk.js → shared-conversation-h9YnBtCU.js} +1 -1
  121. package/build/assets/sidebar-mobile-menu-toggle-D0-AvsnT.js +1 -0
  122. package/build/assets/{sidebar-nav-link-BGjiJq-4.js → sidebar-nav-link-OhIeFyna.js} +1 -1
  123. package/build/assets/{sidebar-store-Uy3v0AOV.js → sidebar-store-DnQAJAE5.js} +1 -1
  124. package/build/assets/{skill-card-pill-row-DF1axQCG.js → skill-card-pill-row-BW9qvhoK.js} +1 -1
  125. package/build/assets/{skills-ChIKZPK4.js → skills-0GRKX5Xj.js} +1 -1
  126. package/build/assets/{skills-plugins-CcI_19lM.js → skills-plugins-DNcsNF88.js} +1 -1
  127. package/build/assets/skills-settings-7liFiSY6.js +2 -0
  128. package/build/assets/{styled-tooltip-CBzrri6o.js → styled-tooltip-hdfMXPQC.js} +1 -1
  129. package/build/assets/{switch-skeleton-DnC9wLp7.js → switch-skeleton-DSKqSx2A.js} +1 -1
  130. package/build/assets/{task-list-tab-DUJn1sgz.js → task-list-tab-DT6_zfUs.js} +1 -1
  131. package/build/assets/{terminal-DgQk1Ay6.js → terminal-CDhQGDua.js} +2 -2
  132. package/build/assets/{terminal-RmuaSdhJ.js → terminal-CPYWdo4j.js} +1 -1
  133. package/build/assets/{toggle-switch-Pvyp2RAN.js → toggle-switch-T2v6sJ6l.js} +1 -1
  134. package/build/assets/{typography-gpuWmrQO.js → typography-BDgnT7Yp.js} +1 -1
  135. package/build/assets/{u-check-circle-IUIfACQQ.js → u-check-circle-DOauqQKb.js} +1 -1
  136. package/build/assets/{u-check-circle-half-C1YxB6py.js → u-check-circle-half-steSK_JB.js} +1 -1
  137. package/build/assets/{u-circuit-BmVikJHu.js → u-circuit-x3ExjBbU.js} +1 -1
  138. package/build/assets/{u-edit-CFvXHqZk.js → u-edit-BbrptMCa.js} +1 -1
  139. package/build/assets/{use-active-conversation-BEFNwnFk.js → use-active-conversation-DHGcmjCK.js} +1 -1
  140. package/build/assets/use-agent-settings-schema-CLoTOSJI.js +1 -0
  141. package/build/assets/{use-agent-state-Bkrd1FZq.js → use-agent-state-PKrUPMJ3.js} +1 -1
  142. package/build/assets/{use-cloud-current-user-id-CvkXFnTT.js → use-cloud-current-user-id-Ddr75hEz.js} +1 -1
  143. package/build/assets/{use-config-Co1O8-Ey.js → use-config-OIMQLQ2s.js} +1 -1
  144. package/build/assets/{use-create-conversation-CEgXpkfH.js → use-create-conversation-Bszyp13O.js} +1 -1
  145. package/build/assets/{use-event-store-BT_gV3ut.js → use-event-store-BomO7ywK.js} +1 -1
  146. package/build/assets/{use-get-secrets-DuhdIA59.js → use-get-secrets-8Jby8ele.js} +1 -1
  147. package/build/assets/{use-handle-plan-click-Ckkm5eIY.js → use-handle-plan-click-CohJPvvW.js} +1 -1
  148. package/build/assets/use-is-authed-dw2026rR.js +1 -0
  149. package/build/assets/{use-is-creating-conversation-BZ5hB_Bg.js → use-is-creating-conversation-DX2qSlfL.js} +1 -1
  150. package/build/assets/{use-launch-skill-in-chat-fNN_xGZG.js → use-launch-skill-in-chat-sQNEOLGD.js} +1 -1
  151. package/build/assets/use-llm-profiles-C861aFAq.js +1 -0
  152. package/build/assets/use-runtime-is-ready-Do2h_hRl.js +1 -0
  153. package/build/assets/{use-save-settings-VUrj_QNG.js → use-save-settings-DkAOEfD9.js} +1 -1
  154. package/build/assets/use-settings-D5hbTS9t.js +1 -0
  155. package/build/assets/{use-settings-nav-items-1ZvovKSr.js → use-settings-nav-items-BcSbo02d.js} +1 -1
  156. package/build/assets/{use-skills-DAMLFjKU.js → use-skills-D7PS0fH0.js} +1 -1
  157. package/build/assets/{use-task-list-CLJbuJgM.js → use-task-list-CsT10CBb.js} +1 -1
  158. package/build/assets/{use-unified-vscode-url-DdSRw-6P.js → use-unified-vscode-url-DEoe-NRI.js} +1 -1
  159. package/build/assets/use-user-conversation-Cs5H1pUF.js +1 -0
  160. package/build/assets/{useMutation-DqrumCWD.js → useMutation-GSSKKebK.js} +1 -1
  161. package/build/assets/{useTranslation-DCOdSSMl.js → useTranslation-B6voJV4y.js} +1 -1
  162. package/build/assets/utils-DCVfKFRt.js +1 -0
  163. package/build/assets/{vendor~browser-BNjNhjFU.js → vendor~browser-BrOJLj3y.js} +1 -1
  164. package/build/assets/vendor~conversation-panel~conversation-C9o-K1hW.js +1 -0
  165. package/build/assets/vendor~conversation-panel~conversation~index-RXYdJYxU.js +1 -0
  166. package/build/assets/{vendor~entry.client~root~root-layout~home~conversation-panel~conversation~launch~skills-set~jfc6hidu-VnmIZrq3.js → vendor~entry.client~root~root-layout~home~conversation-panel~conversation~launch~skills-set~jfc6hidu-DJS-rJdI.js} +1 -1
  167. package/build/assets/{vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-DpAdkv8m.js → vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-6ByzelMS.js} +1 -1
  168. package/build/assets/{vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-B92czPCF.js → vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-BED5W_c4.js} +1 -1
  169. package/build/assets/{vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-By5W2oHN.js → vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-CCbqAFiI.js} +1 -1
  170. package/build/assets/{vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-BbFOrAjI.js → vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-CG96FCly.js} +1 -1
  171. package/build/assets/{vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-smY2r837.js → vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-E4d6IEfI.js} +1 -1
  172. package/build/assets/vendor~home~mcp~automations-list-CZSK-lT2.js +1 -0
  173. package/build/assets/{vendor~home~mcp~llm-settings~agent-settings~condenser-settings~verification-settings~app-se~ocm3mykx-Z3nsiNNq.js → vendor~home~mcp~llm-settings~agent-settings~condenser-settings~verification-settings~app-se~ocm3mykx-CjJdFLoM.js} +1 -1
  174. package/build/assets/{vendor~home~mcp~llm-settings~agent-settings~condenser-settings~verification-settings~app-se~ocm3mykx-DbfELDJu.js → vendor~home~mcp~llm-settings~agent-settings~condenser-settings~verification-settings~app-se~ocm3mykx-m8dOii0J.js} +2 -2
  175. package/build/assets/{vendor~root-layout~home~conversation-panel~conversation-DjAjXS5J.js → vendor~root-layout~home~conversation-panel~conversation-B5WNMnt4.js} +1 -1
  176. package/build/assets/vendor~root-layout~home~conversation-panel~conversation~extensions-hub~skills-settings~skil~i4kjfqhl-CbAhtEMv.js +1 -0
  177. package/build/assets/vendor~root-layout~home~conversation-panel~conversation~extensions-hub~skills-settings~skil~iguv7bgw-6Rm8U_Sr.js +9 -0
  178. package/build/assets/{vendor~root-layout~home~conversation-panel~conversation~extensions-hub~skills-settings~skil~iguv7bgw-BkQGKpye.js → vendor~root-layout~home~conversation-panel~conversation~extensions-hub~skills-settings~skil~iguv7bgw-tTR8C6m0.js} +1 -1
  179. package/build/assets/{vendor~root-layout~home~conversation-panel~conversation~extensions-hub~skills-settings~skil~k776hupu-Bbs7UJ5U.js → vendor~root-layout~home~conversation-panel~conversation~extensions-hub~skills-settings~skil~k776hupu-BJbu9kpL.js} +2 -2
  180. package/build/assets/{vendor~root-layout~home~conversation-panel~conversation~launch~extensions-hub~skills-settin~dp08i1qy-DTwbEEcX.js → vendor~root-layout~home~conversation-panel~conversation~launch~extensions-hub~skills-settin~dp08i1qy-hTzSytKK.js} +1 -1
  181. package/build/assets/{vendor~root~root-layout~home~conversation-panel~conversation~launch~extensions-hub~skills-s~f2l2lr17-CDXvdvb2.js → vendor~root~root-layout~home~conversation-panel~conversation~launch~extensions-hub~skills-s~f2l2lr17-DYXOLEck.js} +1 -1
  182. package/build/assets/{verification-settings-CsbvQcYS.js → verification-settings-Dlt8pINd.js} +1 -1
  183. package/build/assets/{vscode-tab-DjNArCgY.js → vscode-tab-DgepcYtF.js} +1 -1
  184. package/build/assets/{waiting-for-runtime-message-CntjExbU.js → waiting-for-runtime-message-CdK3btDZ.js} +1 -1
  185. package/build/assets/{x-mark-CrpjscNc.js → x-mark-BrkSPIiT.js} +1 -1
  186. package/build/index.html +4 -4
  187. package/build/locales/ar/openhands.json +20 -2
  188. package/build/locales/ca/openhands.json +20 -2
  189. package/build/locales/de/openhands.json +20 -2
  190. package/build/locales/en/openhands.json +20 -2
  191. package/build/locales/es/openhands.json +20 -2
  192. package/build/locales/fr/openhands.json +20 -2
  193. package/build/locales/it/openhands.json +20 -2
  194. package/build/locales/ja/openhands.json +20 -2
  195. package/build/locales/ko-KR/openhands.json +20 -2
  196. package/build/locales/no/openhands.json +20 -2
  197. package/build/locales/pt/openhands.json +20 -2
  198. package/build/locales/tr/openhands.json +20 -2
  199. package/build/locales/uk/openhands.json +20 -2
  200. package/build/locales/zh-CN/openhands.json +20 -2
  201. package/build/locales/zh-TW/openhands.json +20 -2
  202. package/dist/api/acp-service/acp-service.api.d.ts +18 -0
  203. package/dist/api/agent-server-adapter.cjs +3 -3
  204. package/dist/api/agent-server-adapter.cjs.map +1 -1
  205. package/dist/api/agent-server-adapter.js +54 -55
  206. package/dist/api/agent-server-adapter.js.map +1 -1
  207. package/dist/api/agent-server-client-options.cjs +1 -1
  208. package/dist/api/agent-server-client-options.cjs.map +1 -1
  209. package/dist/api/agent-server-client-options.d.ts +4 -0
  210. package/dist/api/agent-server-client-options.js +18 -12
  211. package/dist/api/agent-server-client-options.js.map +1 -1
  212. package/dist/api/agent-server-compatibility.cjs +1 -1
  213. package/dist/api/agent-server-compatibility.cjs.map +1 -1
  214. package/dist/api/agent-server-compatibility.d.ts +1 -1
  215. package/dist/api/agent-server-compatibility.js +30 -25
  216. package/dist/api/agent-server-compatibility.js.map +1 -1
  217. package/dist/api/agent-server-config.cjs +1 -1
  218. package/dist/api/agent-server-config.cjs.map +1 -1
  219. package/dist/api/agent-server-config.d.ts +1 -51
  220. package/dist/api/agent-server-config.js +20 -70
  221. package/dist/api/agent-server-config.js.map +1 -1
  222. package/dist/api/backend-registry/active-store.cjs +1 -1
  223. package/dist/api/backend-registry/active-store.cjs.map +1 -1
  224. package/dist/api/backend-registry/active-store.d.ts +11 -5
  225. package/dist/api/backend-registry/active-store.js +36 -27
  226. package/dist/api/backend-registry/active-store.js.map +1 -1
  227. package/dist/api/backend-registry/auth.cjs +1 -1
  228. package/dist/api/backend-registry/auth.cjs.map +1 -1
  229. package/dist/api/backend-registry/auth.js +3 -9
  230. package/dist/api/backend-registry/auth.js.map +1 -1
  231. package/dist/api/backend-registry/default-backend.cjs +1 -1
  232. package/dist/api/backend-registry/default-backend.cjs.map +1 -1
  233. package/dist/api/backend-registry/default-backend.d.ts +9 -16
  234. package/dist/api/backend-registry/default-backend.js +5 -4
  235. package/dist/api/backend-registry/default-backend.js.map +1 -1
  236. package/dist/api/backend-registry/storage.cjs +1 -1
  237. package/dist/api/backend-registry/storage.cjs.map +1 -1
  238. package/dist/api/backend-registry/storage.js +67 -34
  239. package/dist/api/backend-registry/storage.js.map +1 -1
  240. package/dist/api/cloud/conversation-service.api.cjs.map +1 -1
  241. package/dist/api/cloud/conversation-service.api.d.ts +8 -13
  242. package/dist/api/cloud/conversation-service.api.js.map +1 -1
  243. package/dist/api/cloud/organization-service.api.cjs.map +1 -1
  244. package/dist/api/cloud/organization-service.api.d.ts +1 -2
  245. package/dist/api/cloud/organization-service.api.js.map +1 -1
  246. package/dist/api/cloud/proxy.cjs +1 -1
  247. package/dist/api/cloud/proxy.cjs.map +1 -1
  248. package/dist/api/cloud/proxy.d.ts +6 -6
  249. package/dist/api/cloud/proxy.js +33 -24
  250. package/dist/api/cloud/proxy.js.map +1 -1
  251. package/dist/api/cloud/sandbox-service.api.cjs.map +1 -1
  252. package/dist/api/cloud/sandbox-service.api.d.ts +3 -3
  253. package/dist/api/cloud/sandbox-service.api.js.map +1 -1
  254. package/dist/api/cloud/secrets-service.api.cjs.map +1 -1
  255. package/dist/api/cloud/secrets-service.api.d.ts +3 -4
  256. package/dist/api/cloud/secrets-service.api.js.map +1 -1
  257. package/dist/api/cloud/settings-service.api.cjs +1 -1
  258. package/dist/api/cloud/settings-service.api.cjs.map +1 -1
  259. package/dist/api/cloud/settings-service.api.js +5 -1
  260. package/dist/api/cloud/settings-service.api.js.map +1 -1
  261. package/dist/api/cloud/skills-service.api.cjs.map +1 -1
  262. package/dist/api/cloud/skills-service.api.d.ts +5 -5
  263. package/dist/api/cloud/skills-service.api.js.map +1 -1
  264. package/dist/api/conversation-service/agent-server-conversation-service.api.cjs +1 -1
  265. package/dist/api/conversation-service/agent-server-conversation-service.api.cjs.map +1 -1
  266. package/dist/api/conversation-service/agent-server-conversation-service.api.js +115 -108
  267. package/dist/api/conversation-service/agent-server-conversation-service.api.js.map +1 -1
  268. package/dist/api/device-flow-client.cjs +1 -1
  269. package/dist/api/device-flow-client.cjs.map +1 -1
  270. package/dist/api/device-flow-client.d.ts +3 -5
  271. package/dist/api/device-flow-client.js +55 -66
  272. package/dist/api/device-flow-client.js.map +1 -1
  273. package/dist/api/event-service/event-service.api.cjs +1 -1
  274. package/dist/api/event-service/event-service.api.cjs.map +1 -1
  275. package/dist/api/event-service/event-service.api.d.ts +3 -3
  276. package/dist/api/event-service/event-service.api.js +17 -17
  277. package/dist/api/event-service/event-service.api.js.map +1 -1
  278. package/dist/api/git-service/agent-server-git-service.api.cjs +1 -1
  279. package/dist/api/git-service/agent-server-git-service.api.js +11 -11
  280. package/dist/api/runtime-service/agent-server-runtime-service.cjs +1 -1
  281. package/dist/api/runtime-service/agent-server-runtime-service.js +6 -6
  282. package/dist/components/conversation-events/chat/event-content-helpers/get-action-content.cjs +2 -2
  283. package/dist/components/conversation-events/chat/event-content-helpers/get-action-content.js +10 -10
  284. package/dist/components/conversation-events/chat/event-content-helpers/get-observation-result.cjs.map +1 -1
  285. package/dist/components/conversation-events/chat/event-content-helpers/get-observation-result.d.ts +5 -5
  286. package/dist/components/conversation-events/chat/event-content-helpers/get-observation-result.js.map +1 -1
  287. package/dist/components/conversation-events/chat/event-content-helpers/should-render-event.cjs +1 -1
  288. package/dist/components/conversation-events/chat/event-content-helpers/should-render-event.cjs.map +1 -1
  289. package/dist/components/conversation-events/chat/event-content-helpers/should-render-event.js +1 -1
  290. package/dist/components/conversation-events/chat/event-content-helpers/should-render-event.js.map +1 -1
  291. package/dist/components/features/automations/automation-action-button-classes.d.ts +2 -2
  292. package/dist/components/features/backends/backend-form-modal.cjs +1 -1
  293. package/dist/components/features/backends/backend-form-modal.cjs.map +1 -1
  294. package/dist/components/features/backends/backend-form-modal.d.ts +1 -0
  295. package/dist/components/features/backends/backend-form-modal.js +203 -140
  296. package/dist/components/features/backends/backend-form-modal.js.map +1 -1
  297. package/dist/components/features/backends/backend-selector.cjs +1 -1
  298. package/dist/components/features/backends/backend-selector.cjs.map +1 -1
  299. package/dist/components/features/backends/backend-selector.js +117 -105
  300. package/dist/components/features/backends/backend-selector.js.map +1 -1
  301. package/dist/components/features/backends/backend-status-dot.cjs +1 -1
  302. package/dist/components/features/backends/backend-status-dot.cjs.map +1 -1
  303. package/dist/components/features/backends/backend-status-dot.d.ts +1 -1
  304. package/dist/components/features/backends/backend-status-dot.js +1 -1
  305. package/dist/components/features/backends/backend-status-dot.js.map +1 -1
  306. package/dist/components/features/backends/manage-backends-modal.cjs +1 -1
  307. package/dist/components/features/backends/manage-backends-modal.cjs.map +1 -1
  308. package/dist/components/features/backends/manage-backends-modal.js +81 -70
  309. package/dist/components/features/backends/manage-backends-modal.js.map +1 -1
  310. package/dist/components/features/chat/change-agent-button.cjs +1 -1
  311. package/dist/components/features/chat/change-agent-button.cjs.map +1 -1
  312. package/dist/components/features/chat/change-agent-button.js +59 -57
  313. package/dist/components/features/chat/change-agent-button.js.map +1 -1
  314. package/dist/components/features/chat/change-agent-context-menu.cjs +1 -1
  315. package/dist/components/features/chat/change-agent-context-menu.cjs.map +1 -1
  316. package/dist/components/features/chat/change-agent-context-menu.d.ts +3 -1
  317. package/dist/components/features/chat/change-agent-context-menu.js +30 -25
  318. package/dist/components/features/chat/change-agent-context-menu.js.map +1 -1
  319. package/dist/components/features/chat/chat-add-file-button.cjs +1 -1
  320. package/dist/components/features/chat/chat-add-file-button.cjs.map +1 -1
  321. package/dist/components/features/chat/chat-add-file-button.js +39 -38
  322. package/dist/components/features/chat/chat-add-file-button.js.map +1 -1
  323. package/dist/components/features/chat/chat-message.cjs +1 -1
  324. package/dist/components/features/chat/chat-message.cjs.map +1 -1
  325. package/dist/components/features/chat/chat-message.d.ts +2 -1
  326. package/dist/components/features/chat/chat-message.js +185 -57
  327. package/dist/components/features/chat/chat-message.js.map +1 -1
  328. package/dist/components/features/chat/components/chat-input-actions.cjs +1 -1
  329. package/dist/components/features/chat/components/chat-input-actions.cjs.map +1 -1
  330. package/dist/components/features/chat/components/chat-input-actions.js +113 -113
  331. package/dist/components/features/chat/components/chat-input-actions.js.map +1 -1
  332. package/dist/components/features/chat/components/chat-input-model.cjs +1 -1
  333. package/dist/components/features/chat/components/chat-input-model.cjs.map +1 -1
  334. package/dist/components/features/chat/components/chat-input-model.js +52 -51
  335. package/dist/components/features/chat/components/chat-input-model.js.map +1 -1
  336. package/dist/components/features/chat/components/slash-command-menu.cjs +2 -2
  337. package/dist/components/features/chat/components/slash-command-menu.cjs.map +1 -1
  338. package/dist/components/features/chat/components/slash-command-menu.js +38 -34
  339. package/dist/components/features/chat/components/slash-command-menu.js.map +1 -1
  340. package/dist/components/features/chat/git-control-bar-pr-button.cjs +1 -1
  341. package/dist/components/features/chat/git-control-bar-pr-button.cjs.map +1 -1
  342. package/dist/components/features/chat/git-control-bar-pr-button.js +16 -15
  343. package/dist/components/features/chat/git-control-bar-pr-button.js.map +1 -1
  344. package/dist/components/features/chat/git-control-bar-pull-button.cjs +1 -1
  345. package/dist/components/features/chat/git-control-bar-pull-button.cjs.map +1 -1
  346. package/dist/components/features/chat/git-control-bar-pull-button.js +16 -15
  347. package/dist/components/features/chat/git-control-bar-pull-button.js.map +1 -1
  348. package/dist/components/features/chat/git-control-bar-push-button.cjs +1 -1
  349. package/dist/components/features/chat/git-control-bar-push-button.cjs.map +1 -1
  350. package/dist/components/features/chat/git-control-bar-push-button.js +16 -15
  351. package/dist/components/features/chat/git-control-bar-push-button.js.map +1 -1
  352. package/dist/components/features/chat/git-control-bar.cjs +1 -1
  353. package/dist/components/features/chat/git-control-bar.cjs.map +1 -1
  354. package/dist/components/features/chat/git-control-bar.js +63 -62
  355. package/dist/components/features/chat/git-control-bar.js.map +1 -1
  356. package/dist/components/features/chat/pending-user-messages.cjs +1 -1
  357. package/dist/components/features/chat/pending-user-messages.cjs.map +1 -1
  358. package/dist/components/features/chat/pending-user-messages.js +27 -23
  359. package/dist/components/features/chat/pending-user-messages.js.map +1 -1
  360. package/dist/components/features/chat/switch-profile-button.cjs +1 -1
  361. package/dist/components/features/chat/switch-profile-button.cjs.map +1 -1
  362. package/dist/components/features/chat/switch-profile-button.js +26 -25
  363. package/dist/components/features/chat/switch-profile-button.js.map +1 -1
  364. package/dist/components/features/chat/switch-profile-context-menu.cjs +1 -1
  365. package/dist/components/features/chat/switch-profile-context-menu.cjs.map +1 -1
  366. package/dist/components/features/chat/switch-profile-context-menu.js +77 -67
  367. package/dist/components/features/chat/switch-profile-context-menu.js.map +1 -1
  368. package/dist/components/features/context-menu/context-menu-icon-text-with-description.cjs +1 -1
  369. package/dist/components/features/context-menu/context-menu-icon-text-with-description.cjs.map +1 -1
  370. package/dist/components/features/context-menu/context-menu-icon-text-with-description.d.ts +2 -1
  371. package/dist/components/features/context-menu/context-menu-icon-text-with-description.js +3 -2
  372. package/dist/components/features/context-menu/context-menu-icon-text-with-description.js.map +1 -1
  373. package/dist/components/features/context-menu/context-menu-icon-text.cjs +1 -1
  374. package/dist/components/features/context-menu/context-menu-icon-text.cjs.map +1 -1
  375. package/dist/components/features/context-menu/context-menu-icon-text.d.ts +2 -1
  376. package/dist/components/features/context-menu/context-menu-icon-text.js +20 -10
  377. package/dist/components/features/context-menu/context-menu-icon-text.js.map +1 -1
  378. package/dist/components/features/context-menu/context-menu-list-item.cjs +1 -1
  379. package/dist/components/features/context-menu/context-menu-list-item.cjs.map +1 -1
  380. package/dist/components/features/context-menu/context-menu-list-item.js +10 -9
  381. package/dist/components/features/context-menu/context-menu-list-item.js.map +1 -1
  382. package/dist/components/features/controls/agent-status.cjs +1 -1
  383. package/dist/components/features/controls/agent-status.js +12 -12
  384. package/dist/components/features/controls/git-tools-submenu.cjs +1 -1
  385. package/dist/components/features/controls/git-tools-submenu.cjs.map +1 -1
  386. package/dist/components/features/controls/git-tools-submenu.js +1 -1
  387. package/dist/components/features/controls/git-tools-submenu.js.map +1 -1
  388. package/dist/components/features/controls/macros-submenu.cjs +1 -1
  389. package/dist/components/features/controls/macros-submenu.cjs.map +1 -1
  390. package/dist/components/features/controls/macros-submenu.js +1 -1
  391. package/dist/components/features/controls/macros-submenu.js.map +1 -1
  392. package/dist/components/features/controls/server-status-context-menu-icon-text.cjs +1 -1
  393. package/dist/components/features/controls/server-status-context-menu-icon-text.cjs.map +1 -1
  394. package/dist/components/features/controls/server-status-context-menu-icon-text.js +14 -15
  395. package/dist/components/features/controls/server-status-context-menu-icon-text.js.map +1 -1
  396. package/dist/components/features/controls/server-status-context-menu.cjs +1 -1
  397. package/dist/components/features/controls/server-status-context-menu.js +4 -4
  398. package/dist/components/features/controls/server-status.cjs +1 -1
  399. package/dist/components/features/controls/server-status.js +7 -7
  400. package/dist/components/features/controls/tools-context-menu-icon-text.cjs +1 -1
  401. package/dist/components/features/controls/tools-context-menu-icon-text.cjs.map +1 -1
  402. package/dist/components/features/controls/tools-context-menu-icon-text.js +16 -16
  403. package/dist/components/features/controls/tools-context-menu-icon-text.js.map +1 -1
  404. package/dist/components/features/conversation/conversation-name-context-menu-icon-text.cjs +1 -1
  405. package/dist/components/features/conversation/conversation-name-context-menu-icon-text.cjs.map +1 -1
  406. package/dist/components/features/conversation/conversation-name-context-menu-icon-text.js +11 -11
  407. package/dist/components/features/conversation/conversation-name-context-menu-icon-text.js.map +1 -1
  408. package/dist/components/features/conversation/conversation-name-with-status.cjs +1 -1
  409. package/dist/components/features/conversation/conversation-name-with-status.js +11 -11
  410. package/dist/components/features/conversation/conversation-tabs/conversation-tabs-context-menu.cjs +1 -1
  411. package/dist/components/features/conversation/conversation-tabs/conversation-tabs-context-menu.cjs.map +1 -1
  412. package/dist/components/features/conversation/conversation-tabs/conversation-tabs-context-menu.js +60 -47
  413. package/dist/components/features/conversation/conversation-tabs/conversation-tabs-context-menu.js.map +1 -1
  414. package/dist/components/features/conversation-panel/cloud-new-conversation-menu.cjs +1 -1
  415. package/dist/components/features/conversation-panel/cloud-new-conversation-menu.cjs.map +1 -1
  416. package/dist/components/features/conversation-panel/cloud-new-conversation-menu.js +86 -82
  417. package/dist/components/features/conversation-panel/cloud-new-conversation-menu.js.map +1 -1
  418. package/dist/components/features/conversation-panel/conversation-card/conversation-card-actions.cjs +1 -1
  419. package/dist/components/features/conversation-panel/conversation-card/conversation-card-actions.js +4 -4
  420. package/dist/components/features/conversation-panel/conversation-card/conversation-card-footer.cjs +1 -1
  421. package/dist/components/features/conversation-panel/conversation-card/conversation-card-footer.js +9 -9
  422. package/dist/components/features/conversation-panel/conversation-panel-filter-menu.cjs +1 -1
  423. package/dist/components/features/conversation-panel/conversation-panel-filter-menu.cjs.map +1 -1
  424. package/dist/components/features/conversation-panel/conversation-panel-filter-menu.js +93 -93
  425. package/dist/components/features/conversation-panel/conversation-panel-filter-menu.js.map +1 -1
  426. package/dist/components/features/conversation-panel/conversation-panel.cjs +1 -1
  427. package/dist/components/features/conversation-panel/conversation-panel.cjs.map +1 -1
  428. package/dist/components/features/conversation-panel/conversation-panel.js +177 -177
  429. package/dist/components/features/conversation-panel/conversation-panel.js.map +1 -1
  430. package/dist/components/features/conversation-panel/ellipsis-button.cjs +1 -1
  431. package/dist/components/features/conversation-panel/ellipsis-button.cjs.map +1 -1
  432. package/dist/components/features/conversation-panel/ellipsis-button.js +13 -13
  433. package/dist/components/features/conversation-panel/ellipsis-button.js.map +1 -1
  434. package/dist/components/features/conversation-panel/local-new-conversation-menu.cjs +1 -1
  435. package/dist/components/features/conversation-panel/local-new-conversation-menu.cjs.map +1 -1
  436. package/dist/components/features/conversation-panel/local-new-conversation-menu.js +57 -53
  437. package/dist/components/features/conversation-panel/local-new-conversation-menu.js.map +1 -1
  438. package/dist/components/features/conversation-panel/new-conversation-dropdown-styles.cjs +1 -1
  439. package/dist/components/features/conversation-panel/new-conversation-dropdown-styles.cjs.map +1 -1
  440. package/dist/components/features/conversation-panel/new-conversation-dropdown-styles.js +3 -2
  441. package/dist/components/features/conversation-panel/new-conversation-dropdown-styles.js.map +1 -1
  442. package/dist/components/features/conversation-panel/start-task-card/start-task-status-badge.cjs +1 -1
  443. package/dist/components/features/conversation-panel/start-task-card/start-task-status-badge.cjs.map +1 -1
  444. package/dist/components/features/conversation-panel/start-task-card/start-task-status-badge.js +11 -8
  445. package/dist/components/features/conversation-panel/start-task-card/start-task-status-badge.js.map +1 -1
  446. package/dist/components/features/conversation-panel/system-message-modal/tab-content.cjs.map +1 -1
  447. package/dist/components/features/conversation-panel/system-message-modal/tab-content.d.ts +2 -5
  448. package/dist/components/features/conversation-panel/system-message-modal/tab-content.js.map +1 -1
  449. package/dist/components/features/files-tab/file-content-viewer.cjs +1 -1
  450. package/dist/components/features/files-tab/file-content-viewer.cjs.map +1 -1
  451. package/dist/components/features/files-tab/file-content-viewer.js +45 -42
  452. package/dist/components/features/files-tab/file-content-viewer.js.map +1 -1
  453. package/dist/components/features/home/llm-not-configured-banner.d.ts +11 -0
  454. package/dist/components/features/home/shared/dropdown-item.cjs +1 -1
  455. package/dist/components/features/home/shared/dropdown-item.cjs.map +1 -1
  456. package/dist/components/features/home/shared/dropdown-item.js +20 -16
  457. package/dist/components/features/home/shared/dropdown-item.js.map +1 -1
  458. package/dist/components/features/home/shared/generic-dropdown-menu.cjs +1 -1
  459. package/dist/components/features/home/shared/generic-dropdown-menu.cjs.map +1 -1
  460. package/dist/components/features/home/shared/generic-dropdown-menu.js +23 -22
  461. package/dist/components/features/home/shared/generic-dropdown-menu.js.map +1 -1
  462. package/dist/components/features/home/workspace-dropdown/folder-browser-modal.cjs +1 -1
  463. package/dist/components/features/home/workspace-dropdown/folder-browser-modal.cjs.map +1 -1
  464. package/dist/components/features/home/workspace-dropdown/folder-browser-modal.js +103 -102
  465. package/dist/components/features/home/workspace-dropdown/folder-browser-modal.js.map +1 -1
  466. package/dist/components/features/home/workspace-dropdown/manage-workspaces-modal.cjs +1 -1
  467. package/dist/components/features/home/workspace-dropdown/manage-workspaces-modal.cjs.map +1 -1
  468. package/dist/components/features/home/workspace-dropdown/manage-workspaces-modal.js +68 -67
  469. package/dist/components/features/home/workspace-dropdown/manage-workspaces-modal.js.map +1 -1
  470. package/dist/components/features/mcp-page/custom-server-editor.cjs +1 -1
  471. package/dist/components/features/mcp-page/custom-server-editor.cjs.map +1 -1
  472. package/dist/components/features/mcp-page/custom-server-editor.js +62 -60
  473. package/dist/components/features/mcp-page/custom-server-editor.js.map +1 -1
  474. package/dist/components/features/mcp-page/index.cjs +1 -1
  475. package/dist/components/features/mcp-page/index.d.ts +1 -0
  476. package/dist/components/features/mcp-page/index.js +1 -0
  477. package/dist/components/features/mcp-page/install-server-modal.cjs +1 -1
  478. package/dist/components/features/mcp-page/install-server-modal.cjs.map +1 -1
  479. package/dist/components/features/mcp-page/install-server-modal.js +150 -119
  480. package/dist/components/features/mcp-page/install-server-modal.js.map +1 -1
  481. package/dist/components/features/mcp-page/save-as-secret-toggle.cjs +2 -0
  482. package/dist/components/features/mcp-page/save-as-secret-toggle.cjs.map +1 -0
  483. package/dist/components/features/mcp-page/save-as-secret-toggle.d.ts +7 -0
  484. package/dist/components/features/mcp-page/save-as-secret-toggle.js +50 -0
  485. package/dist/components/features/mcp-page/save-as-secret-toggle.js.map +1 -0
  486. package/dist/components/features/onboarding/onboarding-modal.d.ts +2 -2
  487. package/dist/components/features/onboarding/steps/check-backend-step.d.ts +1 -1
  488. package/dist/components/features/onboarding/steps/choose-agent-step.d.ts +2 -1
  489. package/dist/components/features/onboarding/steps/setup-acp-secrets-step.d.ts +19 -10
  490. package/dist/components/features/settings/llm-profiles/llm-settings-local-view.cjs +1 -1
  491. package/dist/components/features/settings/llm-profiles/llm-settings-local-view.d.ts +5 -0
  492. package/dist/components/features/settings/llm-profiles/llm-settings-local-view.js +2 -0
  493. package/dist/components/features/settings/llm-profiles/profile-actions-menu.cjs +1 -1
  494. package/dist/components/features/settings/llm-profiles/profile-actions-menu.js +1 -0
  495. package/dist/components/features/skills/extensions-navigation.cjs +1 -1
  496. package/dist/components/features/skills/extensions-navigation.cjs.map +1 -1
  497. package/dist/components/features/skills/extensions-navigation.js +1 -1
  498. package/dist/components/features/skills/extensions-navigation.js.map +1 -1
  499. package/dist/components/shared/buttons/back-nav-button.cjs +2 -0
  500. package/dist/components/shared/buttons/back-nav-button.cjs.map +1 -0
  501. package/dist/components/shared/buttons/back-nav-button.d.ts +17 -0
  502. package/dist/components/shared/buttons/back-nav-button.js +33 -0
  503. package/dist/components/shared/buttons/back-nav-button.js.map +1 -0
  504. package/dist/components/shared/buttons/conversation-confirmation-buttons.cjs +1 -1
  505. package/dist/components/shared/buttons/conversation-confirmation-buttons.js +5 -5
  506. package/dist/components/shared/filters/enum-filter-dropdown.cjs +1 -1
  507. package/dist/components/shared/filters/enum-filter-dropdown.cjs.map +1 -1
  508. package/dist/components/shared/filters/enum-filter-dropdown.js +32 -31
  509. package/dist/components/shared/filters/enum-filter-dropdown.js.map +1 -1
  510. package/dist/components/shared/modals/confirmation-modals/base-modal.cjs +1 -1
  511. package/dist/components/shared/modals/confirmation-modals/base-modal.cjs.map +1 -1
  512. package/dist/components/shared/modals/confirmation-modals/base-modal.js +14 -13
  513. package/dist/components/shared/modals/confirmation-modals/base-modal.js.map +1 -1
  514. package/dist/components/shared/modals/settings/settings-modal.cjs +1 -1
  515. package/dist/components/shared/modals/settings/settings-modal.cjs.map +1 -1
  516. package/dist/components/shared/modals/settings/settings-modal.js +17 -16
  517. package/dist/components/shared/modals/settings/settings-modal.js.map +1 -1
  518. package/dist/components/shared/text-shimmer.cjs +2 -0
  519. package/dist/components/shared/text-shimmer.cjs.map +1 -0
  520. package/dist/components/shared/text-shimmer.d.ts +11 -0
  521. package/dist/components/shared/text-shimmer.js +43 -0
  522. package/dist/components/shared/text-shimmer.js.map +1 -0
  523. package/dist/constants/acp-providers.cjs +1 -1
  524. package/dist/constants/acp-providers.cjs.map +1 -1
  525. package/dist/constants/acp-providers.d.ts +16 -3
  526. package/dist/constants/acp-providers.js +0 -1
  527. package/dist/constants/acp-providers.js.map +1 -1
  528. package/dist/contexts/active-backend-context.cjs +1 -1
  529. package/dist/contexts/active-backend-context.cjs.map +1 -1
  530. package/dist/contexts/active-backend-context.js +32 -32
  531. package/dist/contexts/active-backend-context.js.map +1 -1
  532. package/dist/hooks/chat/use-chat-input-logic.cjs +1 -1
  533. package/dist/hooks/chat/use-chat-input-logic.cjs.map +1 -1
  534. package/dist/hooks/chat/use-chat-input-logic.js +13 -6
  535. package/dist/hooks/chat/use-chat-input-logic.js.map +1 -1
  536. package/dist/hooks/mutation/use-save-fields-as-secrets.cjs +2 -0
  537. package/dist/hooks/mutation/use-save-fields-as-secrets.cjs.map +1 -0
  538. package/dist/hooks/mutation/use-save-fields-as-secrets.d.ts +9 -0
  539. package/dist/hooks/mutation/use-save-fields-as-secrets.js +24 -0
  540. package/dist/hooks/mutation/use-save-fields-as-secrets.js.map +1 -0
  541. package/dist/hooks/mutation/use-unified-start-conversation.cjs +1 -1
  542. package/dist/hooks/mutation/use-unified-start-conversation.js +8 -8
  543. package/dist/hooks/mutation/use-unified-stop-conversation.cjs +1 -1
  544. package/dist/hooks/mutation/use-unified-stop-conversation.js +15 -15
  545. package/dist/hooks/query/use-acp-auth-status.d.ts +36 -0
  546. package/dist/hooks/query/use-agent-settings-schema.cjs +1 -1
  547. package/dist/hooks/query/use-agent-settings-schema.cjs.map +1 -1
  548. package/dist/hooks/query/use-agent-settings-schema.js +26 -16
  549. package/dist/hooks/query/use-agent-settings-schema.js.map +1 -1
  550. package/dist/hooks/query/use-backends-health.cjs +1 -1
  551. package/dist/hooks/query/use-backends-health.cjs.map +1 -1
  552. package/dist/hooks/query/use-backends-health.d.ts +2 -0
  553. package/dist/hooks/query/use-backends-health.js +31 -21
  554. package/dist/hooks/query/use-backends-health.js.map +1 -1
  555. package/dist/hooks/query/use-paginated-conversations.cjs +1 -1
  556. package/dist/hooks/query/use-paginated-conversations.cjs.map +1 -1
  557. package/dist/hooks/query/use-paginated-conversations.js +15 -14
  558. package/dist/hooks/query/use-paginated-conversations.js.map +1 -1
  559. package/dist/hooks/query/use-settings.cjs +1 -1
  560. package/dist/hooks/query/use-settings.cjs.map +1 -1
  561. package/dist/hooks/query/use-settings.js +65 -52
  562. package/dist/hooks/query/use-settings.js.map +1 -1
  563. package/dist/hooks/query/use-user-conversation.cjs +1 -1
  564. package/dist/hooks/query/use-user-conversation.cjs.map +1 -1
  565. package/dist/hooks/query/use-user-conversation.js +20 -11
  566. package/dist/hooks/query/use-user-conversation.js.map +1 -1
  567. package/dist/hooks/use-agent-state.cjs +1 -1
  568. package/dist/hooks/use-agent-state.js +13 -13
  569. package/dist/hooks/use-conversation-name-context-menu.cjs +1 -1
  570. package/dist/hooks/use-conversation-name-context-menu.js +10 -10
  571. package/dist/hooks/use-conversation-name-context-menu.js.map +1 -1
  572. package/dist/hooks/use-llm-configured.d.ts +25 -0
  573. package/dist/hooks/use-runtime-is-ready.cjs +1 -1
  574. package/dist/hooks/use-runtime-is-ready.js +5 -5
  575. package/dist/i18n/declaration.cjs +1 -1
  576. package/dist/i18n/declaration.cjs.map +1 -1
  577. package/dist/i18n/declaration.d.ts +19 -1
  578. package/dist/i18n/declaration.js +1 -1
  579. package/dist/i18n/declaration.js.map +1 -1
  580. package/dist/i18n/translation.cjs +3 -3
  581. package/dist/i18n/translation.cjs.map +1 -1
  582. package/dist/i18n/translation.js +321 -15
  583. package/dist/i18n/translation.js.map +1 -1
  584. package/dist/icons/stop-circle.cjs +1 -1
  585. package/dist/icons/stop-circle.cjs.map +1 -1
  586. package/dist/icons/stop-circle.js +7 -10
  587. package/dist/icons/stop-circle.js.map +1 -1
  588. package/dist/locales/ar/openhands.json +20 -2
  589. package/dist/locales/ca/openhands.json +20 -2
  590. package/dist/locales/de/openhands.json +20 -2
  591. package/dist/locales/en/openhands.json +20 -2
  592. package/dist/locales/es/openhands.json +20 -2
  593. package/dist/locales/fr/openhands.json +20 -2
  594. package/dist/locales/it/openhands.json +20 -2
  595. package/dist/locales/ja/openhands.json +20 -2
  596. package/dist/locales/ko-KR/openhands.json +20 -2
  597. package/dist/locales/no/openhands.json +20 -2
  598. package/dist/locales/pt/openhands.json +20 -2
  599. package/dist/locales/tr/openhands.json +20 -2
  600. package/dist/locales/uk/openhands.json +20 -2
  601. package/dist/locales/zh-CN/openhands.json +20 -2
  602. package/dist/locales/zh-TW/openhands.json +20 -2
  603. package/dist/node_modules/@openhands/extensions/integrations/catalog/airtable.cjs +1 -1
  604. package/dist/node_modules/@openhands/extensions/integrations/catalog/airtable.cjs.map +1 -1
  605. package/dist/node_modules/@openhands/extensions/integrations/catalog/airtable.js +3 -1
  606. package/dist/node_modules/@openhands/extensions/integrations/catalog/airtable.js.map +1 -1
  607. package/dist/node_modules/@openhands/extensions/integrations/catalog/apify.cjs +1 -1
  608. package/dist/node_modules/@openhands/extensions/integrations/catalog/apify.cjs.map +1 -1
  609. package/dist/node_modules/@openhands/extensions/integrations/catalog/apify.js +3 -1
  610. package/dist/node_modules/@openhands/extensions/integrations/catalog/apify.js.map +1 -1
  611. package/dist/node_modules/@openhands/extensions/integrations/catalog/brave-search.cjs +1 -1
  612. package/dist/node_modules/@openhands/extensions/integrations/catalog/brave-search.cjs.map +1 -1
  613. package/dist/node_modules/@openhands/extensions/integrations/catalog/brave-search.js +3 -1
  614. package/dist/node_modules/@openhands/extensions/integrations/catalog/brave-search.js.map +1 -1
  615. package/dist/node_modules/@openhands/extensions/integrations/catalog/clickhouse.cjs +1 -1
  616. package/dist/node_modules/@openhands/extensions/integrations/catalog/clickhouse.cjs.map +1 -1
  617. package/dist/node_modules/@openhands/extensions/integrations/catalog/clickhouse.js +3 -1
  618. package/dist/node_modules/@openhands/extensions/integrations/catalog/clickhouse.js.map +1 -1
  619. package/dist/node_modules/@openhands/extensions/integrations/catalog/elevenlabs.cjs +1 -1
  620. package/dist/node_modules/@openhands/extensions/integrations/catalog/elevenlabs.cjs.map +1 -1
  621. package/dist/node_modules/@openhands/extensions/integrations/catalog/elevenlabs.js +3 -1
  622. package/dist/node_modules/@openhands/extensions/integrations/catalog/elevenlabs.js.map +1 -1
  623. package/dist/node_modules/@openhands/extensions/integrations/catalog/exa.cjs +1 -1
  624. package/dist/node_modules/@openhands/extensions/integrations/catalog/exa.cjs.map +1 -1
  625. package/dist/node_modules/@openhands/extensions/integrations/catalog/exa.js +3 -1
  626. package/dist/node_modules/@openhands/extensions/integrations/catalog/exa.js.map +1 -1
  627. package/dist/node_modules/@openhands/extensions/integrations/catalog/figma.cjs +1 -1
  628. package/dist/node_modules/@openhands/extensions/integrations/catalog/figma.cjs.map +1 -1
  629. package/dist/node_modules/@openhands/extensions/integrations/catalog/figma.js +3 -1
  630. package/dist/node_modules/@openhands/extensions/integrations/catalog/figma.js.map +1 -1
  631. package/dist/node_modules/@openhands/extensions/integrations/catalog/firecrawl.cjs +1 -1
  632. package/dist/node_modules/@openhands/extensions/integrations/catalog/firecrawl.cjs.map +1 -1
  633. package/dist/node_modules/@openhands/extensions/integrations/catalog/firecrawl.js +3 -1
  634. package/dist/node_modules/@openhands/extensions/integrations/catalog/firecrawl.js.map +1 -1
  635. package/dist/node_modules/@openhands/extensions/integrations/catalog/github.cjs +1 -1
  636. package/dist/node_modules/@openhands/extensions/integrations/catalog/github.cjs.map +1 -1
  637. package/dist/node_modules/@openhands/extensions/integrations/catalog/github.js +3 -1
  638. package/dist/node_modules/@openhands/extensions/integrations/catalog/github.js.map +1 -1
  639. package/dist/node_modules/@openhands/extensions/integrations/catalog/kagi.cjs +1 -1
  640. package/dist/node_modules/@openhands/extensions/integrations/catalog/kagi.cjs.map +1 -1
  641. package/dist/node_modules/@openhands/extensions/integrations/catalog/kagi.js +3 -1
  642. package/dist/node_modules/@openhands/extensions/integrations/catalog/kagi.js.map +1 -1
  643. package/dist/node_modules/@openhands/extensions/integrations/catalog/mongodb.cjs +1 -1
  644. package/dist/node_modules/@openhands/extensions/integrations/catalog/mongodb.cjs.map +1 -1
  645. package/dist/node_modules/@openhands/extensions/integrations/catalog/mongodb.js +3 -1
  646. package/dist/node_modules/@openhands/extensions/integrations/catalog/mongodb.js.map +1 -1
  647. package/dist/node_modules/@openhands/extensions/integrations/catalog/neon.cjs +1 -1
  648. package/dist/node_modules/@openhands/extensions/integrations/catalog/neon.cjs.map +1 -1
  649. package/dist/node_modules/@openhands/extensions/integrations/catalog/neon.js +3 -1
  650. package/dist/node_modules/@openhands/extensions/integrations/catalog/neon.js.map +1 -1
  651. package/dist/node_modules/@openhands/extensions/integrations/catalog/notion.cjs +1 -1
  652. package/dist/node_modules/@openhands/extensions/integrations/catalog/notion.cjs.map +1 -1
  653. package/dist/node_modules/@openhands/extensions/integrations/catalog/notion.js +3 -1
  654. package/dist/node_modules/@openhands/extensions/integrations/catalog/notion.js.map +1 -1
  655. package/dist/node_modules/@openhands/extensions/integrations/catalog/obsidian.cjs +1 -1
  656. package/dist/node_modules/@openhands/extensions/integrations/catalog/obsidian.cjs.map +1 -1
  657. package/dist/node_modules/@openhands/extensions/integrations/catalog/obsidian.js +2 -1
  658. package/dist/node_modules/@openhands/extensions/integrations/catalog/obsidian.js.map +1 -1
  659. package/dist/node_modules/@openhands/extensions/integrations/catalog/redis.cjs +1 -1
  660. package/dist/node_modules/@openhands/extensions/integrations/catalog/redis.cjs.map +1 -1
  661. package/dist/node_modules/@openhands/extensions/integrations/catalog/redis.js +2 -1
  662. package/dist/node_modules/@openhands/extensions/integrations/catalog/redis.js.map +1 -1
  663. package/dist/node_modules/@openhands/extensions/integrations/catalog/resend.cjs +1 -1
  664. package/dist/node_modules/@openhands/extensions/integrations/catalog/resend.cjs.map +1 -1
  665. package/dist/node_modules/@openhands/extensions/integrations/catalog/resend.js +3 -1
  666. package/dist/node_modules/@openhands/extensions/integrations/catalog/resend.js.map +1 -1
  667. package/dist/node_modules/@openhands/extensions/integrations/catalog/slack.cjs +1 -1
  668. package/dist/node_modules/@openhands/extensions/integrations/catalog/slack.cjs.map +1 -1
  669. package/dist/node_modules/@openhands/extensions/integrations/catalog/slack.js +8 -7
  670. package/dist/node_modules/@openhands/extensions/integrations/catalog/slack.js.map +1 -1
  671. package/dist/node_modules/@openhands/extensions/integrations/catalog/supabase.cjs +1 -1
  672. package/dist/node_modules/@openhands/extensions/integrations/catalog/supabase.cjs.map +1 -1
  673. package/dist/node_modules/@openhands/extensions/integrations/catalog/supabase.js +2 -1
  674. package/dist/node_modules/@openhands/extensions/integrations/catalog/supabase.js.map +1 -1
  675. package/dist/node_modules/@openhands/extensions/integrations/catalog/tavily.cjs +1 -1
  676. package/dist/node_modules/@openhands/extensions/integrations/catalog/tavily.cjs.map +1 -1
  677. package/dist/node_modules/@openhands/extensions/integrations/catalog/tavily.js +4 -2
  678. package/dist/node_modules/@openhands/extensions/integrations/catalog/tavily.js.map +1 -1
  679. package/dist/node_modules/framer-motion/dist/es/utils/reduced-motion/use-reduced-motion.cjs +2 -0
  680. package/dist/node_modules/framer-motion/dist/es/utils/reduced-motion/use-reduced-motion.cjs.map +1 -0
  681. package/dist/node_modules/framer-motion/dist/es/utils/reduced-motion/use-reduced-motion.js +15 -0
  682. package/dist/node_modules/framer-motion/dist/es/utils/reduced-motion/use-reduced-motion.js.map +1 -0
  683. package/dist/package.cjs +1 -1
  684. package/dist/package.cjs.map +1 -1
  685. package/dist/package.js +2 -2
  686. package/dist/package.js.map +1 -1
  687. package/dist/routes/conversation.cjs +1 -1
  688. package/dist/routes/conversation.cjs.map +1 -1
  689. package/dist/routes/conversation.js +1 -1
  690. package/dist/routes/conversation.js.map +1 -1
  691. package/dist/routes/llm-settings.cjs +1 -1
  692. package/dist/routes/llm-settings.cjs.map +1 -1
  693. package/dist/routes/llm-settings.js +55 -54
  694. package/dist/routes/llm-settings.js.map +1 -1
  695. package/dist/routes/secrets-settings.cjs +1 -1
  696. package/dist/routes/secrets-settings.cjs.map +1 -1
  697. package/dist/routes/secrets-settings.js +19 -27
  698. package/dist/routes/secrets-settings.js.map +1 -1
  699. package/dist/stores/conversation-store.cjs +1 -1
  700. package/dist/stores/conversation-store.cjs.map +1 -1
  701. package/dist/stores/conversation-store.d.ts +4 -0
  702. package/dist/stores/conversation-store.js +6 -0
  703. package/dist/stores/conversation-store.js.map +1 -1
  704. package/dist/types/agent-server/core/events/acp-tool-call-event.d.ts +6 -4
  705. package/dist/types/agent-server/core/events/system-event.d.ts +5 -0
  706. package/dist/types/automation.d.ts +15 -0
  707. package/dist/types/settings.d.ts +3 -1
  708. package/dist/ui/combobox-caret.cjs +1 -1
  709. package/dist/ui/combobox-caret.cjs.map +1 -1
  710. package/dist/ui/combobox-caret.d.ts +1 -1
  711. package/dist/ui/combobox-caret.js +9 -8
  712. package/dist/ui/combobox-caret.js.map +1 -1
  713. package/dist/ui/context-menu.cjs +1 -1
  714. package/dist/ui/context-menu.cjs.map +1 -1
  715. package/dist/ui/context-menu.js +9 -8
  716. package/dist/ui/context-menu.js.map +1 -1
  717. package/dist/ui/dropdown/dropdown-menu.cjs +1 -1
  718. package/dist/ui/dropdown/dropdown-menu.cjs.map +1 -1
  719. package/dist/ui/dropdown/dropdown-menu.js +21 -17
  720. package/dist/ui/dropdown/dropdown-menu.js.map +1 -1
  721. package/dist/ui/dropdown/dropdown.cjs +1 -1
  722. package/dist/ui/dropdown/dropdown.cjs.map +1 -1
  723. package/dist/ui/dropdown/dropdown.js +2 -2
  724. package/dist/ui/dropdown/dropdown.js.map +1 -1
  725. package/dist/utils/automation-schedule.d.ts +1 -0
  726. package/dist/utils/dropdown-classes.cjs +2 -0
  727. package/dist/utils/dropdown-classes.cjs.map +1 -0
  728. package/dist/utils/dropdown-classes.d.ts +32 -0
  729. package/dist/utils/dropdown-classes.js +8 -0
  730. package/dist/utils/dropdown-classes.js.map +1 -0
  731. package/dist/utils/form-control-classes.cjs +1 -1
  732. package/dist/utils/form-control-classes.cjs.map +1 -1
  733. package/dist/utils/form-control-classes.d.ts +18 -2
  734. package/dist/utils/form-control-classes.js +4 -3
  735. package/dist/utils/form-control-classes.js.map +1 -1
  736. package/dist/utils/git-control-bar-classes.cjs +2 -0
  737. package/dist/utils/git-control-bar-classes.cjs.map +1 -0
  738. package/dist/utils/git-control-bar-classes.d.ts +4 -0
  739. package/dist/utils/git-control-bar-classes.js +14 -0
  740. package/dist/utils/git-control-bar-classes.js.map +1 -0
  741. package/dist/utils/handle-event-for-ui.cjs.map +1 -1
  742. package/dist/utils/handle-event-for-ui.d.ts +6 -3
  743. package/dist/utils/handle-event-for-ui.js.map +1 -1
  744. package/dist/utils/mobile-top-bar-icon-button-classes.cjs +1 -1
  745. package/dist/utils/mobile-top-bar-icon-button-classes.cjs.map +1 -1
  746. package/dist/utils/mobile-top-bar-icon-button-classes.js +3 -3
  747. package/dist/utils/mobile-top-bar-icon-button-classes.js.map +1 -1
  748. package/dist/utils/modal-classes.cjs +2 -0
  749. package/dist/utils/modal-classes.cjs.map +1 -0
  750. package/dist/utils/modal-classes.d.ts +8 -0
  751. package/dist/utils/modal-classes.js +7 -0
  752. package/dist/utils/modal-classes.js.map +1 -0
  753. package/dist/utils/openhands-llm.cjs +2 -0
  754. package/dist/utils/openhands-llm.cjs.map +1 -0
  755. package/dist/utils/openhands-llm.d.ts +2 -0
  756. package/dist/utils/openhands-llm.js +9 -0
  757. package/dist/utils/openhands-llm.js.map +1 -0
  758. package/dist/utils/redact-custom-secrets.cjs +2 -0
  759. package/dist/utils/redact-custom-secrets.cjs.map +1 -0
  760. package/dist/utils/redact-custom-secrets.d.ts +6 -0
  761. package/dist/utils/redact-custom-secrets.js +10 -0
  762. package/dist/utils/redact-custom-secrets.js.map +1 -0
  763. package/dist/utils/status.cjs +1 -1
  764. package/dist/utils/status.cjs.map +1 -1
  765. package/dist/utils/status.d.ts +2 -1
  766. package/dist/utils/status.js +9 -8
  767. package/dist/utils/status.js.map +1 -1
  768. package/dist/utils/system-message-adapter.cjs +1 -1
  769. package/dist/utils/system-message-adapter.cjs.map +1 -1
  770. package/dist/utils/system-message-adapter.js +10 -7
  771. package/dist/utils/system-message-adapter.js.map +1 -1
  772. package/dist/utils/utils.cjs +1 -1
  773. package/dist/utils/utils.cjs.map +1 -1
  774. package/dist/utils/utils.d.ts +2 -1
  775. package/dist/utils/utils.js +21 -20
  776. package/dist/utils/utils.js.map +1 -1
  777. package/package.json +2 -2
  778. package/scripts/dev-safe.mjs +3 -1
  779. package/scripts/dev-static.mjs +2 -2
  780. package/scripts/dev-with-automation.mjs +283 -108
  781. package/scripts/static-build.mjs +20 -19
  782. package/scripts/static-server.mjs +50 -3
  783. package/build/assets/acp-providers-CbiRekh9.js +0 -1
  784. package/build/assets/active-backend-context-cCM1vYYZ.js +0 -1
  785. package/build/assets/add-backend-modal-DIUQzMPa.js +0 -1
  786. package/build/assets/agent-server-client-options-Bc5ZorQZ.js +0 -1
  787. package/build/assets/agent-server-compatibility-BlkUsrX2.js +0 -1
  788. package/build/assets/agent-server-conversation-service.api-C2V5SlHu.js +0 -5
  789. package/build/assets/api-key-entry-screen-B2gynaCp.js +0 -1
  790. package/build/assets/automation-detail-DJvbVSYK.js +0 -1
  791. package/build/assets/automations-list-rMki-8au.js +0 -1
  792. package/build/assets/backend-form-modal-Dnk33xA_.js +0 -1
  793. package/build/assets/base-modal-_dYTw1ri.js +0 -1
  794. package/build/assets/brand-button-Br7f0kZJ.js +0 -1
  795. package/build/assets/browser-store-Couc4S5D.js +0 -1
  796. package/build/assets/clock-BRjCgHTc.js +0 -1
  797. package/build/assets/combobox-caret-to1O8irE.js +0 -1
  798. package/build/assets/context-menu-list-item-CWNFpuiC.js +0 -1
  799. package/build/assets/conversation-DVrKU0oz.js +0 -19
  800. package/build/assets/conversation-Dlys-D5A.js +0 -1
  801. package/build/assets/conversation-panel-iF09WjZ4.js +0 -1
  802. package/build/assets/conversation-service.api-CCfztilW.js +0 -1
  803. package/build/assets/conversation-state-store-u5jepov0.js +0 -1
  804. package/build/assets/conversation-store-Z5iMCRpc.js +0 -1
  805. package/build/assets/conversation-websocket-context-DhJhqUna.js +0 -3
  806. package/build/assets/declaration-BNMqORFE.js +0 -1
  807. package/build/assets/dist-BxBP7tFD.js +0 -1
  808. package/build/assets/edit-automation-modal-BGzR3nfZ.js +0 -1
  809. package/build/assets/ellipsis-button-ZyLMPURn.js +0 -1
  810. package/build/assets/entry.client-1VMHpktY.js +0 -2
  811. package/build/assets/enum-filter-dropdown-CEgCdu4A.js +0 -1
  812. package/build/assets/extensions-hub-C651jsVh.js +0 -1
  813. package/build/assets/files-tab-R5z0lLdY.js +0 -1
  814. package/build/assets/files-tab-store-CDyVTXNT.js +0 -1
  815. package/build/assets/git-control-bar-branch-button-COdRAYHb.js +0 -27
  816. package/build/assets/git-provider-icon-BzLbc0yC.js +0 -1
  817. package/build/assets/home-XxBpNOVq.js +0 -1
  818. package/build/assets/install-server-modal-f31_CLrW.js +0 -1
  819. package/build/assets/launch-CshDse3e.js +0 -1
  820. package/build/assets/link-external-D2POYx4c.js +0 -1
  821. package/build/assets/llm-settings-Bql-vydt.js +0 -1
  822. package/build/assets/llm-settings-C_tal6Ds.js +0 -1
  823. package/build/assets/manage-backends-modal-l7RkKfwX.js +0 -1
  824. package/build/assets/manage-workspaces-modal-DhKF_8z3.js +0 -1
  825. package/build/assets/manifest-d9077852.js +0 -1
  826. package/build/assets/mcp-D2onbwVk.js +0 -9
  827. package/build/assets/messages-D0rWot7s.js +0 -36
  828. package/build/assets/proxy-CxydCnis.js +0 -1
  829. package/build/assets/root-DHeCXo9N.css +0 -1
  830. package/build/assets/root-layout-Czo9Ma6Q.js +0 -2
  831. package/build/assets/secrets-service-BsnKFc2x.js +0 -1
  832. package/build/assets/secrets-settings-Bz_UohPJ.js +0 -1
  833. package/build/assets/settings-client-C73C7IgV.js +0 -1
  834. package/build/assets/settings-index-Dz0BmdJD.js +0 -1
  835. package/build/assets/settings-list-classes-Bf80tWtc.js +0 -1
  836. package/build/assets/settings-modal-Brzgh5Yw.js +0 -1
  837. package/build/assets/settings-service.api-CZ3uWx4v.js +0 -1
  838. package/build/assets/sidebar-mobile-menu-toggle-Do_aA9Zm.js +0 -1
  839. package/build/assets/skills-settings-DlA5hlXw.js +0 -2
  840. package/build/assets/status-hp6M6E7E.js +0 -1
  841. package/build/assets/use-agent-settings-schema-33Un7UF2.js +0 -1
  842. package/build/assets/use-is-authed-BggE5wPj.js +0 -1
  843. package/build/assets/use-llm-profiles-DDOol3gK.js +0 -1
  844. package/build/assets/use-runtime-is-ready-B7EF4BKU.js +0 -1
  845. package/build/assets/use-settings-DQIZmIov.js +0 -1
  846. package/build/assets/use-user-conversation-C6hrMMtn.js +0 -1
  847. package/build/assets/utils-i18rdUj2.js +0 -1
  848. package/build/assets/vendor~conversation-panel~conversation-a9SyrrhV.js +0 -1
  849. package/build/assets/vendor~conversation-panel~conversation~index-C23ZXO4R.js +0 -1
  850. package/build/assets/vendor~home~mcp~automations-list-Ccy2I0KU.js +0 -1
  851. package/build/assets/vendor~root-layout~home~conversation-panel~conversation~extensions-hub~skills-settings~skil~i4kjfqhl-BebWhFNT.js +0 -1
  852. package/build/assets/vendor~root-layout~home~conversation-panel~conversation~extensions-hub~skills-settings~skil~iguv7bgw-DzIXV3Ui.js +0 -9
  853. /package/build/assets/{automation-IdgZq6ZK.js → automation-XDPAjiZi.js} +0 -0
  854. /package/build/assets/{color-themes-DSaoIL6A.js → color-themes-B9pm9c-R.js} +0 -0
  855. /package/build/assets/{common-DR1t-EeP.js → common-DqjLSBOt.js} +0 -0
  856. /package/build/assets/{conversation-local-storage-UYl-SX-r.js → conversation-local-storage-YmOVXxxW.js} +0 -0
  857. /package/build/assets/{dist-C6t0EXL7.js → dist-C3NfioQC.js} +0 -0
  858. /package/build/assets/{environment-switch-store-C4ulFJKp.js → environment-switch-store-CiurvTtK.js} +0 -0
  859. /package/build/assets/{health-store-BDC2rM-X.js → health-store-B5f0S2FY.js} +0 -0
  860. /package/build/assets/{map-provider-COBVzZYo.js → map-provider-BJ_8KZKU.js} +0 -0
  861. /package/build/assets/{middleware-BC9EwbB9.js → middleware-CfatjPYZ.js} +0 -0
  862. /package/build/assets/{objectWithoutPropertiesLoose-Du6eBn-V.js → objectWithoutPropertiesLoose-DSQKyRhw.js} +0 -0
  863. /package/build/assets/{react-Do0CT17Y.js → react-Dy05vyj5.js} +0 -0
  864. /package/build/assets/{sdk-settings-field-metadata-CBPmeqYa.js → sdk-settings-field-metadata-DQiaIBie.js} +0 -0
  865. /package/build/assets/{settings-D_H-qsRm.js → settings-DGY6n4J2.js} +0 -0
  866. /package/build/assets/{settings-like-page-layout-classes-I0BDBEoq.js → settings-like-page-layout-classes-D7YjdTd0.js} +0 -0
  867. /package/build/assets/{use-breakpoint-DbJ6FkQ-.js → use-breakpoint-DF_RiQ6s.js} +0 -0
  868. /package/build/assets/{use-click-outside-element-DffgWWoZ.js → use-click-outside-element-DhxCUyWl.js} +0 -0
  869. /package/build/assets/{v4-CNn21NXa.js → v4-khGvL7i2.js} +0 -0
  870. /package/build/assets/{vendor~browser-DDiZgqD3.js → vendor~browser-DisFGEp9.js} +0 -0
  871. /package/build/assets/{vendor~browser-tab-BgwV1mxF.js → vendor~browser-tab-BxhTtM9_.js} +0 -0
  872. /package/build/assets/{vendor~conversation-panel~conversation~alert-banner-DbvX3OcM.js → vendor~conversation-panel~conversation~alert-banner-w-I2sY6c.js} +0 -0
  873. /package/build/assets/{vendor~entry.client~root~root-layout~home~conversation-panel~conversation~launch~skills-set~zm51vy4j-iOsylxCS.js → vendor~entry.client~root~root-layout~home~conversation-panel~conversation~launch~skills-set~zm51vy4j-BClAMeFe.js} +0 -0
  874. /package/build/assets/{vendor~files-tab-BGKayPiK.js → vendor~files-tab-BtkpAiMX.js} +0 -0
  875. /package/build/assets/{vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-BW6261Sb.js → vendor~home~conversation-panel~conversation~shared-conversation~planner-tab~files-tab-CyZ-3lDQ.js} +0 -0
  876. /package/build/assets/{vendor~home~mcp~automations-list-DoPfwaXj.js → vendor~home~mcp~automations-list-BgV86Sti.js} +0 -0
  877. /package/build/assets/{vendor~launch-vdeRTWFu.js → vendor~launch-BXgl67Re.js} +0 -0
  878. /package/build/assets/{vendor~root-layout~home~conversation-panel~conversation~launch~extensions-hub~skills-settin~ninslayh-D9P8e98a.js → vendor~root-layout~home~conversation-panel~conversation~launch~extensions-hub~skills-settin~ninslayh-CLlsvdNP.js} +0 -0
  879. /package/build/assets/{vendor~terminal-DUrOWGFE.js → vendor~terminal-DZaJIY8A.js} +0 -0
package/dist/api/conversation-service/agent-server-conversation-service.api.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"agent-server-conversation-service.api.js","names":[],"sources":["../../../src/api/conversation-service/agent-server-conversation-service.api.ts"],"sourcesContent":["import { ConversationSortOrder } from \"@openhands/typescript-client\";\nimport {\n ConversationClient,\n FileClient,\n ProfilesClient,\n VSCodeClient,\n} from \"@openhands/typescript-client/clients\";\nimport { v4 as uuidv4 } from \"uuid\";\nimport { Provider } from \"#/types/settings\";\nimport type { ConversationRuntimeContext } from \"#/api/conversation-file-upload.api\";\nimport { buildHttpBaseUrl } from \"#/utils/websocket-url\";\nimport {\n buildConversationWorkingDir,\n getAgentServerWorkingDir,\n} from \"../agent-server-config\";\nimport {\n getActiveBackend,\n getEffectiveLocalBackend,\n} from \"../backend-registry/active-store\";\nimport { callCloudProxy } from \"../cloud/proxy\";\nimport {\n batchGetCloudConversations,\n createCloudAppConversation,\n deleteCloudConversation,\n downloadCloudConversation,\n getCloudAppConversationStartTask,\n readCloudConversationFile,\n searchCloudConversations,\n updateCloudConversationPublicFlag,\n} from \"../cloud/conversation-service.api\";\nimport {\n DirectConversationInfo,\n buildStartConversationRequestWithEncryptedSettings,\n emptyHooksResponse,\n getDefaultConversationTitle,\n toAppConversation,\n toConversationPage,\n} from \"../agent-server-adapter\";\nimport { GetVSCodeUrlResponse } from \"../open-hands.types\";\nimport { getAgentServerClientOptions } from \"../agent-server-client-options\";\nimport SettingsService from \"../settings-service/settings-service.api\";\nimport {\n ConversationMetadata,\n getStoredConversationMetadata,\n removeStoredConversationMetadata,\n setStoredConversationMetadata,\n} from \"../conversation-metadata-store\";\nimport type {\n GetHooksResponse,\n PluginSpec,\n AppConversation,\n AppConversationPage,\n AppConversationStartRequest,\n AppConversationStartTask,\n MetricsSnapshot,\n RuntimeConversationInfo,\n SendMessageRequest,\n SendMessageResponse,\n} from \"./agent-server-conversation-service.types\";\n\nconst DEFAULT_CONVERSATION_TIMESTAMP = \"1970-01-01T00:00:00.000Z\";\nconst INVALID_CONVERSATION_RESPONSE_MESSAGE =\n \"Unable to load conversations because the selected agent server returned \" +\n \"data this UI does not understand. Check the backend URL/session key and \" +\n \"update the agent server if needed.\";\nfunction invalidConversationResponse(): Error {\n return new Error(INVALID_CONVERSATION_RESPONSE_MESSAGE);\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\n}\n\nfunction numberOrNull(value: unknown): number | null {\n return typeof value === \"number\" ? value : null;\n}\n\nfunction numberOrZero(value: unknown): number {\n return typeof value === \"number\" ? value : 0;\n}\n\nfunction stringOrNull(value: unknown): string | null {\n return typeof value === \"string\" ? value : null;\n}\n\nfunction readTimestamp(\n item: Record<string, unknown>,\n snakeKey: \"created_at\" | \"updated_at\",\n camelKey: \"createdAt\" | \"updatedAt\",\n): string {\n const value = item[snakeKey] ?? item[camelKey];\n return typeof value === \"string\" && value.trim()\n ? value\n : DEFAULT_CONVERSATION_TIMESTAMP;\n}\n\nfunction normalizeTokenUsage(\n value: unknown,\n): NonNullable<MetricsSnapshot[\"accumulated_token_usage\"]> | null {\n if (!isRecord(value)) return null;\n\n return {\n prompt_tokens: numberOrZero(value.prompt_tokens),\n completion_tokens: numberOrZero(value.completion_tokens),\n cache_read_tokens: numberOrZero(value.cache_read_tokens),\n cache_write_tokens: numberOrZero(value.cache_write_tokens),\n context_window: numberOrZero(value.context_window),\n per_turn_token: numberOrZero(value.per_turn_token),\n };\n}\n\nfunction normalizeMetrics(value: unknown): MetricsSnapshot | null {\n if (!isRecord(value)) return null;\n\n return {\n accumulated_cost: numberOrNull(value.accumulated_cost),\n max_budget_per_task: numberOrNull(value.max_budget_per_task),\n accumulated_token_usage: normalizeTokenUsage(value.accumulated_token_usage),\n };\n}\n\nfunction normalizeAgent(value: unknown): DirectConversationInfo[\"agent\"] {\n if (!isRecord(value)) return null;\n const llm = isRecord(value.llm)\n ? { model: stringOrNull(value.llm.model) }\n : null;\n // ``kind`` is the SDK's pydantic discriminator (``\"Agent\"`` vs ``\"ACPAgent\"``);\n // ``toAppConversation`` reads it to derive ``agent_kind``. ``acp_model`` is\n // the Canvas-configured model on the ACPAgent — preserved so the conversation\n // adapter and the conversation chip can fall back to it when the SDK runtime\n // model fields aren't populated. Preserving these here makes the wire path\n // agree with the unit-test path that builds ``DirectConversationInfo``\n // directly (e.g. ``__tests__/api/agent-server-adapter.test.ts``).\n return {\n kind: stringOrNull(value.kind),\n acp_model: stringOrNull(value.acp_model),\n llm,\n };\n}\n\nfunction normalizeWorkspace(\n value: unknown,\n): DirectConversationInfo[\"workspace\"] {\n if (!isRecord(value)) return null;\n return { working_dir: stringOrNull(value.working_dir) };\n}\n\n/**\n * Accept the agent-server's ``tags: Record[str, str]`` payload defensively:\n * the wire shape is guaranteed by the server-side validator (keys\n * ``^[a-z0-9]+$``, string values), but a non-conforming response (older\n * server, raw API write, future schema drift) must never crash the parser\n * — Canvas only consumes ``acpserver`` and falls back to a generic chip\n * for anything it doesn't recognize. Drop entries whose value isn't a\n * plain string; return ``null`` when the wire field is absent or not an\n * object so consumers can use ``info.tags?.[KEY] ?? null`` uniformly.\n */\nfunction normalizeTags(value: unknown): Record<string, string> | null {\n if (!isRecord(value)) return null;\n const tags: Record<string, string> = {};\n for (const [key, entry] of Object.entries(value)) {\n if (typeof entry === \"string\") {\n tags[key] = entry;\n }\n }\n return tags;\n}\n\nfunction normalizeAbsolutePath(path: string): string | null {\n if (!path.startsWith(\"/\")) return null;\n\n const segments: string[] = [];\n for (const segment of path.split(\"/\")) {\n if (segment && segment !== \".\") {\n if (segment === \"..\") {\n if (!segments.length) return null;\n segments.pop();\n } else {\n segments.push(segment);\n }\n }\n }\n\n return `/${segments.join(\"/\")}`;\n}\n\nfunction requirePathInsideDirectory(path: string, directory: string): string {\n const normalizedPath = normalizeAbsolutePath(path);\n const normalizedDirectory = normalizeAbsolutePath(directory);\n\n if (\n !normalizedPath ||\n !normalizedDirectory ||\n (normalizedPath !== normalizedDirectory &&\n !normalizedPath.startsWith(`${normalizedDirectory}/`))\n ) {\n throw new Error(\"Conversation file path must stay inside the workspace\");\n }\n\n return normalizedPath;\n}\n\nfunction requireDirectConversationInfo(item: unknown): DirectConversationInfo {\n if (!isRecord(item) || typeof item.id !== \"string\" || !item.id.trim()) {\n throw invalidConversationResponse();\n }\n\n return {\n id: item.id.trim(),\n title: stringOrNull(item.title),\n created_at: readTimestamp(item, \"created_at\", \"createdAt\"),\n updated_at: readTimestamp(item, \"updated_at\", \"updatedAt\"),\n execution_status: stringOrNull(item.execution_status),\n sandbox_status: stringOrNull(item.sandbox_status),\n metrics: normalizeMetrics(item.metrics),\n agent: normalizeAgent(item.agent),\n workspace: normalizeWorkspace(item.workspace),\n tags: normalizeTags(item.tags),\n // SDK-runtime ACP model fields (populated when the agent-server supports\n // ``ConversationInfo.current_model_*``). Consumed by the conversation\n // adapter to drive the per-card chip's model text. Older agent-servers\n // omit these — adapter handles ``undefined`` / ``null`` gracefully.\n current_model_id: stringOrNull(item.current_model_id),\n current_model_name: stringOrNull(item.current_model_name),\n };\n}\n\nfunction requireDirectConversationItems(\n items: unknown,\n): DirectConversationInfo[] {\n if (!Array.isArray(items)) {\n throw invalidConversationResponse();\n }\n return items.map(requireDirectConversationInfo);\n}\n\nfunction requireConversationSearchPage(page: unknown): {\n items: DirectConversationInfo[];\n next_page_id: string | null;\n} {\n if (Array.isArray(page)) {\n return {\n items: requireDirectConversationItems(page),\n next_page_id: null,\n };\n }\n\n if (!isRecord(page)) {\n throw invalidConversationResponse();\n }\n\n return {\n items: requireDirectConversationItems(page.items),\n next_page_id:\n typeof page.next_page_id === \"string\" ? page.next_page_id : null,\n };\n}\n\nconst RUNTIME_STATUSES = new Set<string>([\n \"idle\",\n \"running\",\n \"paused\",\n \"waiting_for_confirmation\",\n \"finished\",\n \"error\",\n \"stuck\",\n]);\n\nfunction toRuntimeStatus(\n status: DirectConversationInfo[\"execution_status\"],\n): RuntimeConversationInfo[\"status\"] {\n const nextStatus = status ?? \"idle\";\n return (\n RUNTIME_STATUSES.has(nextStatus) ? nextStatus : \"idle\"\n ) as RuntimeConversationInfo[\"status\"];\n}\n\nfunction requireAppConversation(\n conversation: AppConversation | null | undefined,\n conversationId: string,\n): AppConversation {\n if (!conversation) {\n throw new Error(`Conversation ${conversationId} was not found`);\n }\n return conversation;\n}\n\nclass AgentServerConversationService {\n static async sendMessage(\n conversationId: string,\n message: SendMessageRequest,\n runtime?: ConversationRuntimeContext | null,\n ): Promise<SendMessageResponse> {\n const active = getActiveBackend().backend;\n let conversationUrl = runtime?.conversationUrl ?? null;\n let sessionApiKey = runtime?.sessionApiKey ?? null;\n\n if (active.kind === \"cloud\") {\n if (!conversationUrl || !sessionApiKey) {\n const [conversation] = await batchGetCloudConversations([\n conversationId,\n ]);\n conversationUrl = conversation?.conversation_url?.trim() ?? null;\n sessionApiKey = conversation?.session_api_key?.trim() ?? null;\n }\n\n if (!conversationUrl || !sessionApiKey) {\n throw new Error(\n \"Conversation sandbox is still starting. Wait for it to finish, then try again.\",\n );\n }\n\n await callCloudProxy({\n backend: active,\n method: \"POST\",\n hostOverride: buildHttpBaseUrl(conversationUrl),\n path: `/api/conversations/${conversationId}/events`,\n body: { ...message, run: true },\n authMode: \"session-api-key\",\n sessionApiKey,\n });\n\n return message;\n }\n\n await new ConversationClient(\n getAgentServerClientOptions({ conversationUrl, sessionApiKey }),\n ).sendEvent(conversationId, message, {\n run: true,\n });\n\n return message;\n }\n\n static async createConversation(\n initialUserMsg?: string,\n conversationInstructions?: string,\n plugins?: PluginSpec[],\n metadata?: ConversationMetadata | null,\n workingDirOverride?: string,\n parentConversationId?: string,\n agentType?: \"default\" | \"plan\",\n sandboxId?: string,\n ): Promise<AppConversationStartTask> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n // Cloud path mirrors OpenHands' frontend: build a flat\n // AppConversationStartRequest, POST /api/v1/app-conversations\n // (returns a WORKING task), and let the conversation route's\n // useTaskPolling drive it to READY. NO encrypted-settings\n // round-trip — the cloud backend holds secrets server-side.\n const request: AppConversationStartRequest = {\n initial_message: initialUserMsg\n ? {\n role: \"user\",\n content: [{ type: \"text\", text: initialUserMsg }],\n }\n : null,\n title: conversationInstructions ?? null,\n selected_repository: metadata?.selected_repository ?? null,\n selected_branch: metadata?.selected_branch ?? null,\n git_provider: metadata?.git_provider ?? null,\n plugins: plugins ?? null,\n parent_conversation_id: parentConversationId ?? null,\n agent_type: agentType,\n sandbox_id: sandboxId ?? null,\n };\n return createCloudAppConversation(request);\n }\n\n const settings = await SettingsService.getSettings();\n const conversationId = uuidv4();\n const workingDir =\n workingDirOverride ?? buildConversationWorkingDir(conversationId);\n\n // Use encrypted settings to avoid exposing secrets in the browser\n const payload = await buildStartConversationRequestWithEncryptedSettings({\n settings,\n query: initialUserMsg,\n conversationInstructions,\n plugins,\n conversationId,\n workingDir,\n });\n\n const data = await new ConversationClient(\n getAgentServerClientOptions(),\n ).createConversation<DirectConversationInfo>(payload);\n\n if (metadata?.selected_repository || workingDirOverride) {\n // The agent-server runtime has no concept of selected repo/branch/\n // workspace, so persist the home-page selection client-side.\n // `toAppConversation` reads the repo/branch fields back to hydrate\n // the chat-page badges; `useHasAttachedSource` reads\n // `selected_workspace` to default the Files tab to Diff mode when\n // the user explicitly attached a local workspace.\n setStoredConversationMetadata(data.id, {\n selected_repository: metadata?.selected_repository ?? null,\n selected_branch: metadata?.selected_branch ?? null,\n git_provider: metadata?.git_provider ?? null,\n selected_workspace: workingDirOverride ?? null,\n });\n }\n\n return {\n id: data.id,\n created_by_user_id: null,\n status: \"READY\",\n detail: null,\n app_conversation_id: data.id,\n agent_server_url: getEffectiveLocalBackend().host,\n request: {\n initial_message: payload.initial_message as\n | AppConversationStartRequest[\"initial_message\"]\n | undefined,\n plugins: plugins ?? null,\n },\n created_at: data.created_at,\n updated_at: data.updated_at,\n };\n }\n\n static async getStartTask(\n taskId: string,\n ): Promise<AppConversationStartTask | null> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n return getCloudAppConversationStartTask(taskId);\n }\n // Local agent-server creates conversations synchronously — every\n // local \"task\" is already READY when createConversation returns, so\n // there's nothing to poll for.\n return null;\n }\n\n static async getVSCodeUrl(\n conversationId: string,\n conversationUrl: string | null | undefined,\n sessionApiKey?: string | null,\n ): Promise<GetVSCodeUrlResponse> {\n // Local-only path. Cloud conversations read the VSCode URL straight\n // from the cloud-computed `sandbox.exposed_urls` (see\n // `useUnifiedVSCodeUrl` + `useCloudSandbox`); the runtime's own\n // `/api/vscode/url` only knows its internal `localhost:8001`, which\n // the user's browser can't reach.\n const workspaceDir =\n await this.resolveConversationWorkingDir(conversationId);\n // Local mode: the typescript-client targets the local agent-server\n // directly via the conversationUrl override.\n const vscodeUrl = await new VSCodeClient(\n getAgentServerClientOptions({\n conversationUrl,\n sessionApiKey,\n }),\n ).getUrl({\n baseUrl:\n typeof window !== \"undefined\" ? window.location.origin : undefined,\n workspaceDir,\n });\n\n return { vscode_url: vscodeUrl };\n }\n\n static async resolveConversationWorkingDir(\n conversationId: string,\n ): Promise<string> {\n const [conversation] = await this.batchGetAppConversations([\n conversationId,\n ]);\n return conversation?.workspace?.working_dir ?? getAgentServerWorkingDir();\n }\n\n static async batchGetAppConversations(\n ids: string[],\n ): Promise<(AppConversation | null)[]> {\n if (ids.length === 0) return [];\n\n if (getActiveBackend().backend.kind === \"cloud\") {\n return batchGetCloudConversations(ids);\n }\n\n const data = await new ConversationClient(\n getAgentServerClientOptions(),\n ).getConversations<DirectConversationInfo>(ids);\n\n return requireDirectConversationItems(data).map((item) =>\n toAppConversation(item),\n );\n }\n\n static async updateConversationPublicFlag(\n conversationId: string,\n isPublic: boolean,\n ): Promise<AppConversation> {\n if (getActiveBackend().backend.kind !== \"cloud\") {\n throw new Error(\"Public sharing requires a cloud backend.\");\n }\n return updateCloudConversationPublicFlag(conversationId, isPublic);\n }\n\n static async updateConversationRepository(\n conversationId: string,\n repository: string | null,\n branch?: string | null,\n gitProvider?: string | null,\n ): Promise<AppConversation> {\n if (repository) {\n const existing = getStoredConversationMetadata(conversationId);\n setStoredConversationMetadata(conversationId, {\n ...(existing ?? {}),\n selected_repository: repository,\n selected_branch: branch ?? null,\n git_provider: (gitProvider as Provider | null | undefined) ?? null,\n });\n } else {\n removeStoredConversationMetadata(conversationId);\n }\n const [conversation] = await this.batchGetAppConversations([\n conversationId,\n ]);\n return requireAppConversation(conversation, conversationId);\n }\n\n static async readConversationFile(\n conversationId: string,\n filePath?: string,\n ): Promise<string> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n // Cloud exposes a per-conversation file endpoint; the sandbox\n // working dir is fixed (`/workspace/project`), so PLAN.md lives at\n // a known absolute path. Mirrors OpenHands' readConversationFile.\n const path = requirePathInsideDirectory(\n filePath ?? \"/workspace/project/.agents_tmp/PLAN.md\",\n \"/workspace/project\",\n );\n return readCloudConversationFile(conversationId, path);\n }\n\n const workingDir = await this.resolveConversationWorkingDir(conversationId);\n const path = requirePathInsideDirectory(\n filePath ?? `${workingDir}/.agents_tmp/PLAN.md`,\n workingDir,\n );\n return new FileClient(getAgentServerClientOptions()).downloadTextFile(path);\n }\n\n static async downloadConversation(conversationId: string): Promise<Blob> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n return downloadCloudConversation(conversationId);\n }\n\n return new FileClient(getAgentServerClientOptions()).downloadTrajectory(\n conversationId,\n );\n }\n\n static async getHooks(conversationId: string): Promise<GetHooksResponse> {\n if (!conversationId) {\n return emptyHooksResponse();\n }\n return emptyHooksResponse();\n }\n\n static async getRuntimeConversation(\n conversationId: string,\n conversationUrl: string | null | undefined,\n sessionApiKey?: string | null,\n ): Promise<RuntimeConversationInfo> {\n const active = getActiveBackend().backend;\n\n type RawRuntime = DirectConversationInfo & {\n stats?: RuntimeConversationInfo[\"stats\"];\n };\n\n // Cloud mode: route through the cloud-proxy to the runtime sandbox at\n // the conversation's runtime URL — same pattern as getVSCodeUrl. Local\n // mode forwards conversationUrl so the host explicitly resolves to the\n // conversation's runtime instead of falling back to the active backend.\n const response =\n active.kind === \"cloud\" && conversationUrl\n ? await callCloudProxy<RawRuntime>({\n backend: active,\n method: \"GET\",\n hostOverride: buildHttpBaseUrl(conversationUrl),\n path: `/api/conversations/${conversationId}`,\n authMode: \"session-api-key\",\n sessionApiKey,\n })\n : await new ConversationClient(\n getAgentServerClientOptions({\n conversationUrl,\n sessionApiKey,\n }),\n ).getConversation<RawRuntime>(conversationId);\n const data = requireDirectConversationInfo(response);\n const stats = isRecord(response) ? response.stats : null;\n\n return {\n id: data.id,\n title: data.title?.trim()\n ? data.title\n : getDefaultConversationTitle(data.id),\n metrics: normalizeMetrics(data.metrics),\n created_at: data.created_at,\n updated_at: data.updated_at,\n status: toRuntimeStatus(data.execution_status),\n stats: isRecord(stats) ? stats : { usage_to_metrics: {} },\n };\n }\n\n static async searchConversations(\n limit: number = 20,\n pageId?: string,\n ): Promise<AppConversationPage> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n return searchCloudConversations(limit, pageId);\n }\n\n const data = await new ConversationClient(\n getAgentServerClientOptions(),\n ).searchConversations({\n limit,\n page_id: pageId,\n sort_order: ConversationSortOrder.UPDATED_AT_DESC,\n });\n\n return toConversationPage(requireConversationSearchPage(data));\n }\n\n static async deleteConversation(conversationId: string): Promise<void> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n await deleteCloudConversation(conversationId);\n } else {\n await new ConversationClient(\n getAgentServerClientOptions(),\n ).deleteConversation(conversationId);\n }\n removeStoredConversationMetadata(conversationId);\n }\n\n static async updateConversationTitle(\n conversationId: string,\n title: string,\n ): Promise<AppConversation> {\n await new ConversationClient(\n getAgentServerClientOptions(),\n ).updateConversation(conversationId, {\n title,\n });\n const [conversation] = await this.batchGetAppConversations([\n conversationId,\n ]);\n return requireAppConversation(conversation, conversationId);\n }\n\n /**\n * Switches the LLM profile for the running conversation when one is open\n * (POST /switch_profile — per-conversation swap, doesn't change the user's\n * default profile). When called without a conversationId (home page),\n * falls back to POST /activate so the next conversation created picks up\n * the chosen profile.\n *\n * The per-conversation endpoint accepts only the profile name, so the UI does\n * not need to fetch or forward profile secrets. That keeps switching working\n * even when the agent server has no OH_SECRET_KEY for encrypted secret export.\n */\n static async switchProfile(\n conversationId: string | null,\n profileName: string,\n ): Promise<void> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n throw new Error(\n \"LLM profile switching is only supported for local agent-server backends.\",\n );\n }\n\n if (!conversationId) {\n await new ProfilesClient(getAgentServerClientOptions()).activateProfile(\n profileName,\n );\n return;\n }\n\n await new ConversationClient(getAgentServerClientOptions()).switchProfile(\n conversationId,\n profileName,\n );\n }\n\n /**\n * Switches the model of a running ACP conversation in place (POST\n * /switch_acp_model — the ACP analog of {@link switchProfile}'s /switch_profile).\n * The agent-server calls the ACP wrapper's ``session/set_model`` on the live\n * session, preserving context. Mirrors {@link switchProfile}'s\n * local-backend-only guard and per-conversation ConversationClient call.\n *\n * Only valid once an ACP session exists (after the first message); the\n * agent-server returns 409 before then — the home/no-session default is\n * persisted via Settings instead (see ``use-switch-acp-model``).\n */\n static async switchAcpModel(\n conversationId: string,\n model: string,\n ): Promise<void> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n throw new Error(\n \"ACP model switching is only supported for local agent-server backends.\",\n );\n }\n\n await new ConversationClient(getAgentServerClientOptions()).switchAcpModel(\n conversationId,\n model,\n );\n }\n}\n\nexport default AgentServerConversationService;\n"],"mappings":";;;;;;;;;;;;;;;;;AA4DA,IAAM,IAAiC,4BACjC,IACJ;AAGF,SAAS,IAAqC;AAC5C,QAAW,MAAM,EAAsC;;AAGzD,SAAS,EAAS,GAAkD;AAClE,QAAO,OAAO,KAAU,cAAY,KAAkB,CAAC,MAAM,QAAQ,EAAM;;AAG7E,SAAS,EAAa,GAA+B;AACnD,QAAO,OAAO,KAAU,WAAW,IAAQ;;AAG7C,SAAS,EAAa,GAAwB;AAC5C,QAAO,OAAO,KAAU,WAAW,IAAQ;;AAG7C,SAAS,EAAa,GAA+B;AACnD,QAAO,OAAO,KAAU,WAAW,IAAQ;;AAG7C,SAAS,EACP,GACA,GACA,GACQ;CACR,IAAM,IAAQ,EAAK,MAAa,EAAK;AACrC,QAAO,OAAO,KAAU,YAAY,EAAM,MAAM,GAC5C,IACA;;AAGN,SAAS,EACP,GACgE;AAGhE,QAFK,EAAS,EAAM,GAEb;EACL,eAAe,EAAa,EAAM,cAAc;EAChD,mBAAmB,EAAa,EAAM,kBAAkB;EACxD,mBAAmB,EAAa,EAAM,kBAAkB;EACxD,oBAAoB,EAAa,EAAM,mBAAmB;EAC1D,gBAAgB,EAAa,EAAM,eAAe;EAClD,gBAAgB,EAAa,EAAM,eAAe;EACnD,GAT4B;;AAY/B,SAAS,EAAiB,GAAwC;AAGhE,QAFK,EAAS,EAAM,GAEb;EACL,kBAAkB,EAAa,EAAM,iBAAiB;EACtD,qBAAqB,EAAa,EAAM,oBAAoB;EAC5D,yBAAyB,EAAoB,EAAM,wBAAwB;EAC5E,GAN4B;;AAS/B,SAAS,EAAe,GAAiD;AACvE,KAAI,CAAC,EAAS,EAAM,CAAE,QAAO;CAC7B,IAAM,IAAM,EAAS,EAAM,IAAI,GAC3B,EAAE,OAAO,EAAa,EAAM,IAAI,MAAM,EAAE,GACxC;AAQJ,QAAO;EACL,MAAM,EAAa,EAAM,KAAK;EAC9B,WAAW,EAAa,EAAM,UAAU;EACxC;EACD;;AAGH,SAAS,EACP,GACqC;AAErC,QADK,EAAS,EAAM,GACb,EAAE,aAAa,EAAa,EAAM,YAAY,EAAE,GAD1B;;AAc/B,SAAS,EAAc,GAA+C;AACpE,KAAI,CAAC,EAAS,EAAM,CAAE,QAAO;CAC7B,IAAM,IAA+B,EAAE;AACvC,MAAK,IAAM,CAAC,GAAK,MAAU,OAAO,QAAQ,EAAM,CAC9C,CAAI,OAAO,KAAU,aACnB,EAAK,KAAO;AAGhB,QAAO;;AAGT,SAAS,EAAsB,GAA6B;AAC1D,KAAI,CAAC,EAAK,WAAW,IAAI,CAAE,QAAO;CAElC,IAAM,IAAqB,EAAE;AAC7B,MAAK,IAAM,KAAW,EAAK,MAAM,IAAI,CACnC,KAAI,KAAW,MAAY,IACzB,KAAI,MAAY,MAAM;AACpB,MAAI,CAAC,EAAS,OAAQ,QAAO;AAC7B,IAAS,KAAK;OAEd,GAAS,KAAK,EAAQ;AAK5B,QAAO,IAAI,EAAS,KAAK,IAAI;;AAG/B,SAAS,EAA2B,GAAc,GAA2B;CAC3E,IAAM,IAAiB,EAAsB,EAAK,EAC5C,IAAsB,EAAsB,EAAU;AAE5D,KACE,CAAC,KACD,CAAC,KACA,MAAmB,KAClB,CAAC,EAAe,WAAW,GAAG,EAAoB,GAAG,CAEvD,OAAU,MAAM,wDAAwD;AAG1E,QAAO;;AAGT,SAAS,EAA8B,GAAuC;AAC5E,KAAI,CAAC,EAAS,EAAK,IAAI,OAAO,EAAK,MAAO,YAAY,CAAC,EAAK,GAAG,MAAM,CACnE,OAAM,GAA6B;AAGrC,QAAO;EACL,IAAI,EAAK,GAAG,MAAM;EAClB,OAAO,EAAa,EAAK,MAAM;EAC/B,YAAY,EAAc,GAAM,cAAc,YAAY;EAC1D,YAAY,EAAc,GAAM,cAAc,YAAY;EAC1D,kBAAkB,EAAa,EAAK,iBAAiB;EACrD,gBAAgB,EAAa,EAAK,eAAe;EACjD,SAAS,EAAiB,EAAK,QAAQ;EACvC,OAAO,EAAe,EAAK,MAAM;EACjC,WAAW,EAAmB,EAAK,UAAU;EAC7C,MAAM,EAAc,EAAK,KAAK;EAK9B,kBAAkB,EAAa,EAAK,iBAAiB;EACrD,oBAAoB,EAAa,EAAK,mBAAmB;EAC1D;;AAGH,SAAS,EACP,GAC0B;AAC1B,KAAI,CAAC,MAAM,QAAQ,EAAM,CACvB,OAAM,GAA6B;AAErC,QAAO,EAAM,IAAI,EAA8B;;AAGjD,SAAS,EAA8B,GAGrC;AACA,KAAI,MAAM,QAAQ,EAAK,CACrB,QAAO;EACL,OAAO,EAA+B,EAAK;EAC3C,cAAc;EACf;AAGH,KAAI,CAAC,EAAS,EAAK,CACjB,OAAM,GAA6B;AAGrC,QAAO;EACL,OAAO,EAA+B,EAAK,MAAM;EACjD,cACE,OAAO,EAAK,gBAAiB,WAAW,EAAK,eAAe;EAC/D;;AAGH,IAAM,IAAmB,IAAI,IAAY;CACvC;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAEF,SAAS,EACP,GACmC;CACnC,IAAM,IAAa,KAAU;AAC7B,QACE,EAAiB,IAAI,EAAW,GAAG,IAAa;;AAIpD,SAAS,EACP,GACA,GACiB;AACjB,KAAI,CAAC,EACH,OAAU,MAAM,gBAAgB,EAAe,gBAAgB;AAEjE,QAAO;;AAGT,IAAM,IAAN,MAAqC;CACnC,aAAa,YACX,GACA,GACA,GAC8B;EAC9B,IAAM,IAAS,GAAkB,CAAC,SAC9B,IAAkB,GAAS,mBAAmB,MAC9C,IAAgB,GAAS,iBAAiB;AAE9C,MAAI,EAAO,SAAS,SAAS;AAC3B,OAAI,CAAC,KAAmB,CAAC,GAAe;IACtC,IAAM,CAAC,KAAgB,MAAM,EAA2B,CACtD,EACD,CAAC;AAEF,IADA,IAAkB,GAAc,kBAAkB,MAAM,IAAI,MAC5D,IAAgB,GAAc,iBAAiB,MAAM,IAAI;;AAG3D,OAAI,CAAC,KAAmB,CAAC,EACvB,OAAU,MACR,iFACD;AAaH,UAVA,MAAM,EAAe;IACnB,SAAS;IACT,QAAQ;IACR,cAAc,EAAiB,EAAgB;IAC/C,MAAM,sBAAsB,EAAe;IAC3C,MAAM;KAAE,GAAG;KAAS,KAAK;KAAM;IAC/B,UAAU;IACV;IACD,CAAC,EAEK;;AAST,SANA,MAAM,IAAI,EACR,EAA4B;GAAE;GAAiB;GAAe,CAAC,CAChE,CAAC,UAAU,GAAgB,GAAS,EACnC,KAAK,IACN,CAAC,EAEK;;CAGT,aAAa,mBACX,GACA,GACA,GACA,GACA,GACA,GACA,GACA,GACmC;AACnC,MAAI,GAAkB,CAAC,QAAQ,SAAS,QAsBtC,QAAO,EAA2B;GAfhC,iBAAiB,IACb;IACE,MAAM;IACN,SAAS,CAAC;KAAE,MAAM;KAAQ,MAAM;KAAgB,CAAC;IAClD,GACD;GACJ,OAAO,KAA4B;GACnC,qBAAqB,GAAU,uBAAuB;GACtD,iBAAiB,GAAU,mBAAmB;GAC9C,cAAc,GAAU,gBAAgB;GACxC,SAAS,KAAW;GACpB,wBAAwB,KAAwB;GAChD,YAAY;GACZ,YAAY,KAAa;GAEO,CAAQ;EAG5C,IAAM,IAAW,MAAM,EAAgB,aAAa,EAC9C,IAAiB,GAAQ,EAKzB,IAAU,MAAM,EAAmD;GACvE;GACA,OAAO;GACP;GACA;GACA;GACA,YATA,KAAsB,EAA4B,EAAe;GAUlE,CAAC,EAEI,IAAO,MAAM,IAAI,EACrB,GAA6B,CAC9B,CAAC,mBAA2C,EAAQ;AAiBrD,UAfI,GAAU,uBAAuB,MAOnC,EAA8B,EAAK,IAAI;GACrC,qBAAqB,GAAU,uBAAuB;GACtD,iBAAiB,GAAU,mBAAmB;GAC9C,cAAc,GAAU,gBAAgB;GACxC,oBAAoB,KAAsB;GAC3C,CAAC,EAGG;GACL,IAAI,EAAK;GACT,oBAAoB;GACpB,QAAQ;GACR,QAAQ;GACR,qBAAqB,EAAK;GAC1B,kBAAkB,GAA0B,CAAC;GAC7C,SAAS;IACP,iBAAiB,EAAQ;IAGzB,SAAS,KAAW;IACrB;GACD,YAAY,EAAK;GACjB,YAAY,EAAK;GAClB;;CAGH,aAAa,aACX,GAC0C;AAO1C,SANI,GAAkB,CAAC,QAAQ,SAAS,UAC/B,EAAiC,EAAO,GAK1C;;CAGT,aAAa,aACX,GACA,GACA,GAC+B;EAM/B,IAAM,IACJ,MAAM,KAAK,8BAA8B,EAAe;AAc1D,SAAO,EAAE,YAAY,MAXG,IAAI,EAC1B,EAA4B;GAC1B;GACA;GACD,CAAC,CACH,CAAC,OAAO;GACP,SACE,OAAO,SAAW,MAAc,OAAO,SAAS,SAAS,KAAA;GAC3D;GACD,CAAC,EAE8B;;CAGlC,aAAa,8BACX,GACiB;EACjB,IAAM,CAAC,KAAgB,MAAM,KAAK,yBAAyB,CACzD,EACD,CAAC;AACF,SAAO,GAAc,WAAW,eAAe,GAA0B;;CAG3E,aAAa,yBACX,GACqC;AAWrC,SAVI,EAAI,WAAW,IAAU,EAAE,GAE3B,GAAkB,CAAC,QAAQ,SAAS,UAC/B,EAA2B,EAAI,GAOjC,EAA+B,MAJnB,IAAI,EACrB,GAA6B,CAC9B,CAAC,iBAAyC,EAAI,CAEJ,CAAC,KAAK,MAC/C,EAAkB,EAAK,CACxB;;CAGH,aAAa,6BACX,GACA,GAC0B;AAC1B,MAAI,GAAkB,CAAC,QAAQ,SAAS,QACtC,OAAU,MAAM,2CAA2C;AAE7D,SAAO,EAAkC,GAAgB,EAAS;;CAGpE,aAAa,6BACX,GACA,GACA,GACA,GAC0B;AAC1B,EAAI,IAEF,EAA8B,GAAgB;GAC5C,GAFe,EAA8B,EAEzC,IAAY,EAAE;GAClB,qBAAqB;GACrB,iBAAiB,KAAU;GAC3B,cAAe,KAA+C;GAC/D,CAAC,GAEF,EAAiC,EAAe;EAElD,IAAM,CAAC,KAAgB,MAAM,KAAK,yBAAyB,CACzD,EACD,CAAC;AACF,SAAO,EAAuB,GAAc,EAAe;;CAG7D,aAAa,qBACX,GACA,GACiB;AACjB,MAAI,GAAkB,CAAC,QAAQ,SAAS,QAQtC,QAAO,EAA0B,GAJpB,EACX,KAAY,0CACZ,qBAE+C,CAAK;EAGxD,IAAM,IAAa,MAAM,KAAK,8BAA8B,EAAe,EACrE,IAAO,EACX,KAAY,GAAG,EAAW,uBAC1B,EACD;AACD,SAAO,IAAI,EAAW,GAA6B,CAAC,CAAC,iBAAiB,EAAK;;CAG7E,aAAa,qBAAqB,GAAuC;AAKvE,SAJI,GAAkB,CAAC,QAAQ,SAAS,UAC/B,EAA0B,EAAe,GAG3C,IAAI,EAAW,GAA6B,CAAC,CAAC,mBACnD,EACD;;CAGH,aAAa,SAAS,GAAmD;AAIvE,SAAO,GAAoB;;CAG7B,aAAa,uBACX,GACA,GACA,GACkC;EAClC,IAAM,IAAS,GAAkB,CAAC,SAU5B,IACJ,EAAO,SAAS,WAAW,IACvB,MAAM,EAA2B;GAC/B,SAAS;GACT,QAAQ;GACR,cAAc,EAAiB,EAAgB;GAC/C,MAAM,sBAAsB;GAC5B,UAAU;GACV;GACD,CAAC,GACF,MAAM,IAAI,EACR,EAA4B;GAC1B;GACA;GACD,CAAC,CACH,CAAC,gBAA4B,EAAe,EAC7C,IAAO,EAA8B,EAAS,EAC9C,IAAQ,EAAS,EAAS,GAAG,EAAS,QAAQ;AAEpD,SAAO;GACL,IAAI,EAAK;GACT,OAAO,EAAK,OAAO,MAAM,GACrB,EAAK,QACL,EAA4B,EAAK,GAAG;GACxC,SAAS,EAAiB,EAAK,QAAQ;GACvC,YAAY,EAAK;GACjB,YAAY,EAAK;GACjB,QAAQ,EAAgB,EAAK,iBAAiB;GAC9C,OAAO,EAAS,EAAM,GAAG,IAAQ,EAAE,kBAAkB,EAAE,EAAE;GAC1D;;CAGH,aAAa,oBACX,IAAgB,IAChB,GAC8B;AAa9B,SAZI,GAAkB,CAAC,QAAQ,SAAS,UAC/B,EAAyB,GAAO,EAAO,GAWzC,EAAmB,EAA8B,MARrC,IAAI,EACrB,GAA6B,CAC9B,CAAC,oBAAoB;GACpB;GACA,SAAS;GACT,YAAY,EAAsB;GACnC,CAAC,CAE2D,CAAC;;CAGhE,aAAa,mBAAmB,GAAuC;AAQrE,EAPI,GAAkB,CAAC,QAAQ,SAAS,UACtC,MAAM,EAAwB,EAAe,GAE7C,MAAM,IAAI,EACR,GAA6B,CAC9B,CAAC,mBAAmB,EAAe,EAEtC,EAAiC,EAAe;;CAGlD,aAAa,wBACX,GACA,GAC0B;AAC1B,QAAM,IAAI,EACR,GAA6B,CAC9B,CAAC,mBAAmB,GAAgB,EACnC,UACD,CAAC;EACF,IAAM,CAAC,KAAgB,MAAM,KAAK,yBAAyB,CACzD,EACD,CAAC;AACF,SAAO,EAAuB,GAAc,EAAe;;CAc7D,aAAa,cACX,GACA,GACe;AACf,MAAI,GAAkB,CAAC,QAAQ,SAAS,QACtC,OAAU,MACR,2EACD;AAGH,MAAI,CAAC,GAAgB;AACnB,SAAM,IAAI,EAAe,GAA6B,CAAC,CAAC,gBACtD,EACD;AACD;;AAGF,QAAM,IAAI,EAAmB,GAA6B,CAAC,CAAC,cAC1D,GACA,EACD;;CAcH,aAAa,eACX,GACA,GACe;AACf,MAAI,GAAkB,CAAC,QAAQ,SAAS,QACtC,OAAU,MACR,yEACD;AAGH,QAAM,IAAI,EAAmB,GAA6B,CAAC,CAAC,eAC1D,GACA,EACD"}
1
+ {"version":3,"file":"agent-server-conversation-service.api.js","names":[],"sources":["../../../src/api/conversation-service/agent-server-conversation-service.api.ts"],"sourcesContent":["import {\n ConversationSortOrder,\n type LLMConfig,\n} from \"@openhands/typescript-client\";\nimport {\n ConversationClient,\n FileClient,\n ProfilesClient,\n VSCodeClient,\n} from \"@openhands/typescript-client/clients\";\nimport { v4 as uuidv4 } from \"uuid\";\nimport { Provider } from \"#/types/settings\";\nimport type { ConversationRuntimeContext } from \"#/api/conversation-file-upload.api\";\nimport { buildHttpBaseUrl } from \"#/utils/websocket-url\";\nimport {\n buildConversationWorkingDir,\n getAgentServerWorkingDir,\n} from \"../agent-server-config\";\nimport {\n getActiveBackend,\n getEffectiveLocalBackend,\n} from \"../backend-registry/active-store\";\nimport { callCloudProxy } from \"../cloud/proxy\";\nimport {\n batchGetCloudConversations,\n createCloudAppConversation,\n deleteCloudConversation,\n downloadCloudConversation,\n getCloudAppConversationStartTask,\n readCloudConversationFile,\n searchCloudConversations,\n updateCloudConversationPublicFlag,\n} from \"../cloud/conversation-service.api\";\nimport {\n DirectConversationInfo,\n buildStartConversationRequestWithEncryptedSettings,\n emptyHooksResponse,\n getDefaultConversationTitle,\n toAppConversation,\n toConversationPage,\n} from \"../agent-server-adapter\";\nimport { GetVSCodeUrlResponse } from \"../open-hands.types\";\nimport {\n getAgentServerClientOptions,\n NoBackendAvailableError,\n} from \"../agent-server-client-options\";\nimport SettingsService from \"../settings-service/settings-service.api\";\nimport {\n ConversationMetadata,\n getStoredConversationMetadata,\n removeStoredConversationMetadata,\n setStoredConversationMetadata,\n} from \"../conversation-metadata-store\";\nimport type {\n GetHooksResponse,\n PluginSpec,\n AppConversation,\n AppConversationPage,\n AppConversationStartRequest,\n AppConversationStartTask,\n MetricsSnapshot,\n RuntimeConversationInfo,\n SendMessageRequest,\n SendMessageResponse,\n} from \"./agent-server-conversation-service.types\";\n\nconst DEFAULT_CONVERSATION_TIMESTAMP = \"1970-01-01T00:00:00.000Z\";\nconst INVALID_CONVERSATION_RESPONSE_MESSAGE =\n \"Unable to load conversations because the selected agent server returned \" +\n \"data this UI does not understand. Check the backend URL/session key and \" +\n \"update the agent server if needed.\";\nfunction invalidConversationResponse(): Error {\n return new Error(INVALID_CONVERSATION_RESPONSE_MESSAGE);\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\n}\n\nfunction numberOrNull(value: unknown): number | null {\n return typeof value === \"number\" ? value : null;\n}\n\nfunction numberOrZero(value: unknown): number {\n return typeof value === \"number\" ? value : 0;\n}\n\nfunction stringOrNull(value: unknown): string | null {\n return typeof value === \"string\" ? value : null;\n}\n\nfunction readTimestamp(\n item: Record<string, unknown>,\n snakeKey: \"created_at\" | \"updated_at\",\n camelKey: \"createdAt\" | \"updatedAt\",\n): string {\n const value = item[snakeKey] ?? item[camelKey];\n return typeof value === \"string\" && value.trim()\n ? value\n : DEFAULT_CONVERSATION_TIMESTAMP;\n}\n\nfunction normalizeTokenUsage(\n value: unknown,\n): NonNullable<MetricsSnapshot[\"accumulated_token_usage\"]> | null {\n if (!isRecord(value)) return null;\n\n return {\n prompt_tokens: numberOrZero(value.prompt_tokens),\n completion_tokens: numberOrZero(value.completion_tokens),\n cache_read_tokens: numberOrZero(value.cache_read_tokens),\n cache_write_tokens: numberOrZero(value.cache_write_tokens),\n context_window: numberOrZero(value.context_window),\n per_turn_token: numberOrZero(value.per_turn_token),\n };\n}\n\nfunction normalizeMetrics(value: unknown): MetricsSnapshot | null {\n if (!isRecord(value)) return null;\n\n return {\n accumulated_cost: numberOrNull(value.accumulated_cost),\n max_budget_per_task: numberOrNull(value.max_budget_per_task),\n accumulated_token_usage: normalizeTokenUsage(value.accumulated_token_usage),\n };\n}\n\nfunction normalizeAgent(value: unknown): DirectConversationInfo[\"agent\"] {\n if (!isRecord(value)) return null;\n const llm = isRecord(value.llm)\n ? { model: stringOrNull(value.llm.model) }\n : null;\n // ``kind`` is the SDK's pydantic discriminator (``\"Agent\"`` vs ``\"ACPAgent\"``);\n // ``toAppConversation`` reads it to derive ``agent_kind``. ``acp_model`` is\n // the Canvas-configured model on the ACPAgent — preserved so the conversation\n // adapter and the conversation chip can fall back to it when the SDK runtime\n // model fields aren't populated. Preserving these here makes the wire path\n // agree with the unit-test path that builds ``DirectConversationInfo``\n // directly (e.g. ``__tests__/api/agent-server-adapter.test.ts``).\n return {\n kind: stringOrNull(value.kind),\n acp_model: stringOrNull(value.acp_model),\n llm,\n };\n}\n\nfunction normalizeWorkspace(\n value: unknown,\n): DirectConversationInfo[\"workspace\"] {\n if (!isRecord(value)) return null;\n return { working_dir: stringOrNull(value.working_dir) };\n}\n\n/**\n * Accept the agent-server's ``tags: Record[str, str]`` payload defensively:\n * the wire shape is guaranteed by the server-side validator (keys\n * ``^[a-z0-9]+$``, string values), but a non-conforming response (older\n * server, raw API write, future schema drift) must never crash the parser\n * — Canvas only consumes ``acpserver`` and falls back to a generic chip\n * for anything it doesn't recognize. Drop entries whose value isn't a\n * plain string; return ``null`` when the wire field is absent or not an\n * object so consumers can use ``info.tags?.[KEY] ?? null`` uniformly.\n */\nfunction normalizeTags(value: unknown): Record<string, string> | null {\n if (!isRecord(value)) return null;\n const tags: Record<string, string> = {};\n for (const [key, entry] of Object.entries(value)) {\n if (typeof entry === \"string\") {\n tags[key] = entry;\n }\n }\n return tags;\n}\n\nfunction normalizeAbsolutePath(path: string): string | null {\n if (!path.startsWith(\"/\")) return null;\n\n const segments: string[] = [];\n for (const segment of path.split(\"/\")) {\n if (segment && segment !== \".\") {\n if (segment === \"..\") {\n if (!segments.length) return null;\n segments.pop();\n } else {\n segments.push(segment);\n }\n }\n }\n\n return `/${segments.join(\"/\")}`;\n}\n\nfunction requirePathInsideDirectory(path: string, directory: string): string {\n const normalizedPath = normalizeAbsolutePath(path);\n const normalizedDirectory = normalizeAbsolutePath(directory);\n\n if (\n !normalizedPath ||\n !normalizedDirectory ||\n (normalizedPath !== normalizedDirectory &&\n !normalizedPath.startsWith(`${normalizedDirectory}/`))\n ) {\n throw new Error(\"Conversation file path must stay inside the workspace\");\n }\n\n return normalizedPath;\n}\n\nfunction requireDirectConversationInfo(item: unknown): DirectConversationInfo {\n if (!isRecord(item) || typeof item.id !== \"string\" || !item.id.trim()) {\n throw invalidConversationResponse();\n }\n\n return {\n id: item.id.trim(),\n title: stringOrNull(item.title),\n created_at: readTimestamp(item, \"created_at\", \"createdAt\"),\n updated_at: readTimestamp(item, \"updated_at\", \"updatedAt\"),\n execution_status: stringOrNull(item.execution_status),\n sandbox_status: stringOrNull(item.sandbox_status),\n metrics: normalizeMetrics(item.metrics),\n agent: normalizeAgent(item.agent),\n workspace: normalizeWorkspace(item.workspace),\n tags: normalizeTags(item.tags),\n // SDK-runtime ACP model fields (populated when the agent-server supports\n // ``ConversationInfo.current_model_*``). Consumed by the conversation\n // adapter to drive the per-card chip's model text. Older agent-servers\n // omit these — adapter handles ``undefined`` / ``null`` gracefully.\n current_model_id: stringOrNull(item.current_model_id),\n current_model_name: stringOrNull(item.current_model_name),\n };\n}\n\nfunction requireDirectConversationItems(\n items: unknown,\n): DirectConversationInfo[] {\n if (!Array.isArray(items)) {\n throw invalidConversationResponse();\n }\n return items.map(requireDirectConversationInfo);\n}\n\nfunction requireConversationSearchPage(page: unknown): {\n items: DirectConversationInfo[];\n next_page_id: string | null;\n} {\n if (Array.isArray(page)) {\n return {\n items: requireDirectConversationItems(page),\n next_page_id: null,\n };\n }\n\n if (!isRecord(page)) {\n throw invalidConversationResponse();\n }\n\n return {\n items: requireDirectConversationItems(page.items),\n next_page_id:\n typeof page.next_page_id === \"string\" ? page.next_page_id : null,\n };\n}\n\nconst RUNTIME_STATUSES = new Set<string>([\n \"idle\",\n \"running\",\n \"paused\",\n \"waiting_for_confirmation\",\n \"finished\",\n \"error\",\n \"stuck\",\n]);\n\nfunction toRuntimeStatus(\n status: DirectConversationInfo[\"execution_status\"],\n): RuntimeConversationInfo[\"status\"] {\n const nextStatus = status ?? \"idle\";\n return (\n RUNTIME_STATUSES.has(nextStatus) ? nextStatus : \"idle\"\n ) as RuntimeConversationInfo[\"status\"];\n}\n\nfunction requireAppConversation(\n conversation: AppConversation | null | undefined,\n conversationId: string,\n): AppConversation {\n if (!conversation) {\n throw new Error(`Conversation ${conversationId} was not found`);\n }\n return conversation;\n}\n\nclass AgentServerConversationService {\n static async sendMessage(\n conversationId: string,\n message: SendMessageRequest,\n runtime?: ConversationRuntimeContext | null,\n ): Promise<SendMessageResponse> {\n const active = getActiveBackend().backend;\n let conversationUrl = runtime?.conversationUrl ?? null;\n let sessionApiKey = runtime?.sessionApiKey ?? null;\n\n if (active.kind === \"cloud\") {\n if (!conversationUrl || !sessionApiKey) {\n const [conversation] = await batchGetCloudConversations([\n conversationId,\n ]);\n conversationUrl = conversation?.conversation_url?.trim() ?? null;\n sessionApiKey = conversation?.session_api_key?.trim() ?? null;\n }\n\n if (!conversationUrl || !sessionApiKey) {\n throw new Error(\n \"Conversation sandbox is still starting. Wait for it to finish, then try again.\",\n );\n }\n\n await callCloudProxy({\n backend: active,\n method: \"POST\",\n hostOverride: buildHttpBaseUrl(conversationUrl),\n path: `/api/conversations/${conversationId}/events`,\n body: { ...message, run: true },\n authMode: \"session-api-key\",\n sessionApiKey,\n });\n\n return message;\n }\n\n await new ConversationClient(\n getAgentServerClientOptions({ conversationUrl, sessionApiKey }),\n ).sendEvent(conversationId, message, {\n run: true,\n });\n\n return message;\n }\n\n static async createConversation(\n initialUserMsg?: string,\n conversationInstructions?: string,\n plugins?: PluginSpec[],\n metadata?: ConversationMetadata | null,\n workingDirOverride?: string,\n parentConversationId?: string,\n agentType?: \"default\" | \"plan\",\n sandboxId?: string,\n ): Promise<AppConversationStartTask> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n // Cloud path mirrors OpenHands' frontend: build a flat\n // AppConversationStartRequest, POST /api/v1/app-conversations\n // (returns a WORKING task), and let the conversation route's\n // useTaskPolling drive it to READY. NO encrypted-settings\n // round-trip — the cloud backend holds secrets server-side.\n const request: AppConversationStartRequest = {\n initial_message: initialUserMsg\n ? {\n role: \"user\",\n content: [{ type: \"text\", text: initialUserMsg }],\n }\n : null,\n title: conversationInstructions ?? null,\n selected_repository: metadata?.selected_repository ?? null,\n selected_branch: metadata?.selected_branch ?? null,\n git_provider: metadata?.git_provider ?? null,\n plugins: plugins ?? null,\n parent_conversation_id: parentConversationId ?? null,\n agent_type: agentType,\n sandbox_id: sandboxId ?? null,\n };\n return createCloudAppConversation(request);\n }\n\n const settings = await SettingsService.getSettings();\n const conversationId = uuidv4();\n const workingDir =\n workingDirOverride ?? buildConversationWorkingDir(conversationId);\n\n // Use encrypted settings to avoid exposing secrets in the browser\n const payload = await buildStartConversationRequestWithEncryptedSettings({\n settings,\n query: initialUserMsg,\n conversationInstructions,\n plugins,\n conversationId,\n workingDir,\n });\n\n const data = await new ConversationClient(\n getAgentServerClientOptions(),\n ).createConversation<DirectConversationInfo>(payload);\n const localBackend = getEffectiveLocalBackend();\n if (!localBackend) throw new NoBackendAvailableError();\n\n if (metadata?.selected_repository || workingDirOverride) {\n // The agent-server runtime has no concept of selected repo/branch/\n // workspace, so persist the home-page selection client-side.\n // `toAppConversation` reads the repo/branch fields back to hydrate\n // the chat-page badges; `useHasAttachedSource` reads\n // `selected_workspace` to default the Files tab to Diff mode when\n // the user explicitly attached a local workspace.\n setStoredConversationMetadata(data.id, {\n selected_repository: metadata?.selected_repository ?? null,\n selected_branch: metadata?.selected_branch ?? null,\n git_provider: metadata?.git_provider ?? null,\n selected_workspace: workingDirOverride ?? null,\n });\n }\n\n return {\n id: data.id,\n created_by_user_id: null,\n status: \"READY\",\n detail: null,\n app_conversation_id: data.id,\n agent_server_url: localBackend.host,\n request: {\n initial_message: payload.initial_message as\n | AppConversationStartRequest[\"initial_message\"]\n | undefined,\n plugins: plugins ?? null,\n },\n created_at: data.created_at,\n updated_at: data.updated_at,\n };\n }\n\n static async getStartTask(\n taskId: string,\n ): Promise<AppConversationStartTask | null> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n return getCloudAppConversationStartTask(taskId);\n }\n // Local agent-server creates conversations synchronously — every\n // local \"task\" is already READY when createConversation returns, so\n // there's nothing to poll for.\n return null;\n }\n\n static async getVSCodeUrl(\n conversationId: string,\n conversationUrl: string | null | undefined,\n sessionApiKey?: string | null,\n ): Promise<GetVSCodeUrlResponse> {\n // Local-only path. Cloud conversations read the VSCode URL straight\n // from the cloud-computed `sandbox.exposed_urls` (see\n // `useUnifiedVSCodeUrl` + `useCloudSandbox`); the runtime's own\n // `/api/vscode/url` only knows its internal `localhost:8001`, which\n // the user's browser can't reach.\n const workspaceDir =\n await this.resolveConversationWorkingDir(conversationId);\n // Local mode: the typescript-client targets the local agent-server\n // directly via the conversationUrl override.\n const vscodeUrl = await new VSCodeClient(\n getAgentServerClientOptions({\n conversationUrl,\n sessionApiKey,\n }),\n ).getUrl({\n baseUrl:\n typeof window !== \"undefined\" ? window.location.origin : undefined,\n workspaceDir,\n });\n\n return { vscode_url: vscodeUrl };\n }\n\n static async resolveConversationWorkingDir(\n conversationId: string,\n ): Promise<string> {\n const [conversation] = await this.batchGetAppConversations([\n conversationId,\n ]);\n return conversation?.workspace?.working_dir ?? getAgentServerWorkingDir();\n }\n\n static async batchGetAppConversations(\n ids: string[],\n ): Promise<(AppConversation | null)[]> {\n if (ids.length === 0) return [];\n\n if (getActiveBackend().backend.kind === \"cloud\") {\n return batchGetCloudConversations(ids);\n }\n\n const data = await new ConversationClient(\n getAgentServerClientOptions(),\n ).getConversations<DirectConversationInfo>(ids);\n\n return requireDirectConversationItems(data).map((item) =>\n toAppConversation(item),\n );\n }\n\n static async updateConversationPublicFlag(\n conversationId: string,\n isPublic: boolean,\n ): Promise<AppConversation> {\n if (getActiveBackend().backend.kind !== \"cloud\") {\n throw new Error(\"Public sharing requires a cloud backend.\");\n }\n return updateCloudConversationPublicFlag(conversationId, isPublic);\n }\n\n static async updateConversationRepository(\n conversationId: string,\n repository: string | null,\n branch?: string | null,\n gitProvider?: string | null,\n ): Promise<AppConversation> {\n if (repository) {\n const existing = getStoredConversationMetadata(conversationId);\n setStoredConversationMetadata(conversationId, {\n ...(existing ?? {}),\n selected_repository: repository,\n selected_branch: branch ?? null,\n git_provider: (gitProvider as Provider | null | undefined) ?? null,\n });\n } else {\n removeStoredConversationMetadata(conversationId);\n }\n const [conversation] = await this.batchGetAppConversations([\n conversationId,\n ]);\n return requireAppConversation(conversation, conversationId);\n }\n\n static async readConversationFile(\n conversationId: string,\n filePath?: string,\n ): Promise<string> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n // Cloud exposes a per-conversation file endpoint; the sandbox\n // working dir is fixed (`/workspace/project`), so PLAN.md lives at\n // a known absolute path. Mirrors OpenHands' readConversationFile.\n const path = requirePathInsideDirectory(\n filePath ?? \"/workspace/project/.agents_tmp/PLAN.md\",\n \"/workspace/project\",\n );\n return readCloudConversationFile(conversationId, path);\n }\n\n const workingDir = await this.resolveConversationWorkingDir(conversationId);\n const path = requirePathInsideDirectory(\n filePath ?? `${workingDir}/.agents_tmp/PLAN.md`,\n workingDir,\n );\n return new FileClient(getAgentServerClientOptions()).downloadTextFile(path);\n }\n\n static async downloadConversation(conversationId: string): Promise<Blob> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n return downloadCloudConversation(conversationId);\n }\n\n return new FileClient(getAgentServerClientOptions()).downloadTrajectory(\n conversationId,\n );\n }\n\n static async getHooks(conversationId: string): Promise<GetHooksResponse> {\n if (!conversationId) {\n return emptyHooksResponse();\n }\n return emptyHooksResponse();\n }\n\n static async getRuntimeConversation(\n conversationId: string,\n conversationUrl: string | null | undefined,\n sessionApiKey?: string | null,\n ): Promise<RuntimeConversationInfo> {\n const active = getActiveBackend().backend;\n\n type RawRuntime = DirectConversationInfo & {\n stats?: RuntimeConversationInfo[\"stats\"];\n };\n\n // Cloud mode: route through the cloud-proxy to the runtime sandbox at\n // the conversation's runtime URL — same pattern as getVSCodeUrl. Local\n // mode forwards conversationUrl so the host explicitly resolves to the\n // conversation's runtime instead of falling back to the active backend.\n const response =\n active.kind === \"cloud\" && conversationUrl\n ? await callCloudProxy<RawRuntime>({\n backend: active,\n method: \"GET\",\n hostOverride: buildHttpBaseUrl(conversationUrl),\n path: `/api/conversations/${conversationId}`,\n authMode: \"session-api-key\",\n sessionApiKey,\n })\n : await new ConversationClient(\n getAgentServerClientOptions({\n conversationUrl,\n sessionApiKey,\n }),\n ).getConversation<RawRuntime>(conversationId);\n const data = requireDirectConversationInfo(response);\n const stats = isRecord(response) ? response.stats : null;\n\n return {\n id: data.id,\n title: data.title?.trim()\n ? data.title\n : getDefaultConversationTitle(data.id),\n metrics: normalizeMetrics(data.metrics),\n created_at: data.created_at,\n updated_at: data.updated_at,\n status: toRuntimeStatus(data.execution_status),\n stats: isRecord(stats) ? stats : { usage_to_metrics: {} },\n };\n }\n\n static async searchConversations(\n limit: number = 20,\n pageId?: string,\n ): Promise<AppConversationPage> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n return searchCloudConversations(limit, pageId);\n }\n\n const data = await new ConversationClient(\n getAgentServerClientOptions(),\n ).searchConversations({\n limit,\n page_id: pageId,\n sort_order: ConversationSortOrder.UPDATED_AT_DESC,\n });\n\n return toConversationPage(requireConversationSearchPage(data));\n }\n\n static async deleteConversation(conversationId: string): Promise<void> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n await deleteCloudConversation(conversationId);\n } else {\n await new ConversationClient(\n getAgentServerClientOptions(),\n ).deleteConversation(conversationId);\n }\n removeStoredConversationMetadata(conversationId);\n }\n\n static async updateConversationTitle(\n conversationId: string,\n title: string,\n ): Promise<AppConversation> {\n await new ConversationClient(\n getAgentServerClientOptions(),\n ).updateConversation(conversationId, {\n title,\n });\n const [conversation] = await this.batchGetAppConversations([\n conversationId,\n ]);\n return requireAppConversation(conversation, conversationId);\n }\n\n /**\n * Switches the LLM profile for the running conversation when one is open\n * (POST /switch_profile — per-conversation swap, doesn't change the user's\n * default profile). When called without a conversationId (home page),\n * falls back to POST /activate so the next conversation created picks up\n * the chosen profile.\n *\n * The per-conversation endpoint accepts only the profile name, so the UI does\n * not need to fetch or forward profile secrets. That keeps switching working\n * even when the agent server has no OH_SECRET_KEY for encrypted secret export.\n */\n static async switchProfile(\n conversationId: string | null,\n profileName: string,\n ): Promise<void> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n throw new Error(\n \"LLM profile switching is only supported for local agent-server backends.\",\n );\n }\n\n if (!conversationId) {\n await new ProfilesClient(getAgentServerClientOptions()).activateProfile(\n profileName,\n );\n return;\n }\n\n const clientOptions = getAgentServerClientOptions();\n const conversationClient = new ConversationClient(clientOptions);\n const profile = await new ProfilesClient(clientOptions).getProfile(\n profileName,\n { exposeSecrets: \"encrypted\" },\n );\n const model =\n typeof profile.config.model === \"string\" ? profile.config.model : \"\";\n if (!model) throw new Error(`Profile '${profileName}' has no model.`);\n await conversationClient.switchLLM(conversationId, {\n ...profile.config,\n model,\n // Avoid stale first-write-wins entries in the backend LLM registry.\n usage_id: `profile:${profileName}:${uuidv4()}`,\n } as LLMConfig);\n }\n\n /**\n * Switches the model of a running ACP conversation in place (POST\n * /switch_acp_model — the ACP analog of {@link switchProfile}'s /switch_profile).\n * The agent-server calls the ACP wrapper's ``session/set_model`` on the live\n * session, preserving context. Mirrors {@link switchProfile}'s\n * local-backend-only guard and per-conversation ConversationClient call.\n *\n * Only valid once an ACP session exists (after the first message); the\n * agent-server returns 409 before then — the home/no-session default is\n * persisted via Settings instead (see ``use-switch-acp-model``).\n */\n static async switchAcpModel(\n conversationId: string,\n model: string,\n ): Promise<void> {\n if (getActiveBackend().backend.kind === \"cloud\") {\n throw new Error(\n \"ACP model switching is only supported for local agent-server backends.\",\n );\n }\n\n await new ConversationClient(getAgentServerClientOptions()).switchAcpModel(\n conversationId,\n model,\n );\n }\n}\n\nexport default AgentServerConversationService;\n"],"mappings":";;;;;;;;;;;;;;;;;AAkEA,IAAM,IAAiC,4BACjC,IACJ;AAGF,SAAS,IAAqC;AAC5C,QAAW,MAAM,EAAsC;;AAGzD,SAAS,EAAS,GAAkD;AAClE,QAAO,OAAO,KAAU,cAAY,KAAkB,CAAC,MAAM,QAAQ,EAAM;;AAG7E,SAAS,EAAa,GAA+B;AACnD,QAAO,OAAO,KAAU,WAAW,IAAQ;;AAG7C,SAAS,EAAa,GAAwB;AAC5C,QAAO,OAAO,KAAU,WAAW,IAAQ;;AAG7C,SAAS,EAAa,GAA+B;AACnD,QAAO,OAAO,KAAU,WAAW,IAAQ;;AAG7C,SAAS,EACP,GACA,GACA,GACQ;CACR,IAAM,IAAQ,EAAK,MAAa,EAAK;AACrC,QAAO,OAAO,KAAU,YAAY,EAAM,MAAM,GAC5C,IACA;;AAGN,SAAS,EACP,GACgE;AAGhE,QAFK,EAAS,EAAM,GAEb;EACL,eAAe,EAAa,EAAM,cAAc;EAChD,mBAAmB,EAAa,EAAM,kBAAkB;EACxD,mBAAmB,EAAa,EAAM,kBAAkB;EACxD,oBAAoB,EAAa,EAAM,mBAAmB;EAC1D,gBAAgB,EAAa,EAAM,eAAe;EAClD,gBAAgB,EAAa,EAAM,eAAe;EACnD,GAT4B;;AAY/B,SAAS,EAAiB,GAAwC;AAGhE,QAFK,EAAS,EAAM,GAEb;EACL,kBAAkB,EAAa,EAAM,iBAAiB;EACtD,qBAAqB,EAAa,EAAM,oBAAoB;EAC5D,yBAAyB,EAAoB,EAAM,wBAAwB;EAC5E,GAN4B;;AAS/B,SAAS,EAAe,GAAiD;AACvE,KAAI,CAAC,EAAS,EAAM,CAAE,QAAO;CAC7B,IAAM,IAAM,EAAS,EAAM,IAAI,GAC3B,EAAE,OAAO,EAAa,EAAM,IAAI,MAAM,EAAE,GACxC;AAQJ,QAAO;EACL,MAAM,EAAa,EAAM,KAAK;EAC9B,WAAW,EAAa,EAAM,UAAU;EACxC;EACD;;AAGH,SAAS,EACP,GACqC;AAErC,QADK,EAAS,EAAM,GACb,EAAE,aAAa,EAAa,EAAM,YAAY,EAAE,GAD1B;;AAc/B,SAAS,EAAc,GAA+C;AACpE,KAAI,CAAC,EAAS,EAAM,CAAE,QAAO;CAC7B,IAAM,IAA+B,EAAE;AACvC,MAAK,IAAM,CAAC,GAAK,MAAU,OAAO,QAAQ,EAAM,CAC9C,CAAI,OAAO,KAAU,aACnB,EAAK,KAAO;AAGhB,QAAO;;AAGT,SAAS,EAAsB,GAA6B;AAC1D,KAAI,CAAC,EAAK,WAAW,IAAI,CAAE,QAAO;CAElC,IAAM,IAAqB,EAAE;AAC7B,MAAK,IAAM,KAAW,EAAK,MAAM,IAAI,CACnC,KAAI,KAAW,MAAY,IACzB,KAAI,MAAY,MAAM;AACpB,MAAI,CAAC,EAAS,OAAQ,QAAO;AAC7B,IAAS,KAAK;OAEd,GAAS,KAAK,EAAQ;AAK5B,QAAO,IAAI,EAAS,KAAK,IAAI;;AAG/B,SAAS,EAA2B,GAAc,GAA2B;CAC3E,IAAM,IAAiB,EAAsB,EAAK,EAC5C,IAAsB,EAAsB,EAAU;AAE5D,KACE,CAAC,KACD,CAAC,KACA,MAAmB,KAClB,CAAC,EAAe,WAAW,GAAG,EAAoB,GAAG,CAEvD,OAAU,MAAM,wDAAwD;AAG1E,QAAO;;AAGT,SAAS,EAA8B,GAAuC;AAC5E,KAAI,CAAC,EAAS,EAAK,IAAI,OAAO,EAAK,MAAO,YAAY,CAAC,EAAK,GAAG,MAAM,CACnE,OAAM,GAA6B;AAGrC,QAAO;EACL,IAAI,EAAK,GAAG,MAAM;EAClB,OAAO,EAAa,EAAK,MAAM;EAC/B,YAAY,EAAc,GAAM,cAAc,YAAY;EAC1D,YAAY,EAAc,GAAM,cAAc,YAAY;EAC1D,kBAAkB,EAAa,EAAK,iBAAiB;EACrD,gBAAgB,EAAa,EAAK,eAAe;EACjD,SAAS,EAAiB,EAAK,QAAQ;EACvC,OAAO,EAAe,EAAK,MAAM;EACjC,WAAW,EAAmB,EAAK,UAAU;EAC7C,MAAM,EAAc,EAAK,KAAK;EAK9B,kBAAkB,EAAa,EAAK,iBAAiB;EACrD,oBAAoB,EAAa,EAAK,mBAAmB;EAC1D;;AAGH,SAAS,EACP,GAC0B;AAC1B,KAAI,CAAC,MAAM,QAAQ,EAAM,CACvB,OAAM,GAA6B;AAErC,QAAO,EAAM,IAAI,EAA8B;;AAGjD,SAAS,EAA8B,GAGrC;AACA,KAAI,MAAM,QAAQ,EAAK,CACrB,QAAO;EACL,OAAO,EAA+B,EAAK;EAC3C,cAAc;EACf;AAGH,KAAI,CAAC,EAAS,EAAK,CACjB,OAAM,GAA6B;AAGrC,QAAO;EACL,OAAO,EAA+B,EAAK,MAAM;EACjD,cACE,OAAO,EAAK,gBAAiB,WAAW,EAAK,eAAe;EAC/D;;AAGH,IAAM,IAAmB,IAAI,IAAY;CACvC;CACA;CACA;CACA;CACA;CACA;CACA;CACD,CAAC;AAEF,SAAS,EACP,GACmC;CACnC,IAAM,IAAa,KAAU;AAC7B,QACE,EAAiB,IAAI,EAAW,GAAG,IAAa;;AAIpD,SAAS,EACP,GACA,GACiB;AACjB,KAAI,CAAC,EACH,OAAU,MAAM,gBAAgB,EAAe,gBAAgB;AAEjE,QAAO;;AAGT,IAAM,IAAN,MAAqC;CACnC,aAAa,YACX,GACA,GACA,GAC8B;EAC9B,IAAM,IAAS,GAAkB,CAAC,SAC9B,IAAkB,GAAS,mBAAmB,MAC9C,IAAgB,GAAS,iBAAiB;AAE9C,MAAI,EAAO,SAAS,SAAS;AAC3B,OAAI,CAAC,KAAmB,CAAC,GAAe;IACtC,IAAM,CAAC,KAAgB,MAAM,EAA2B,CACtD,EACD,CAAC;AAEF,IADA,IAAkB,GAAc,kBAAkB,MAAM,IAAI,MAC5D,IAAgB,GAAc,iBAAiB,MAAM,IAAI;;AAG3D,OAAI,CAAC,KAAmB,CAAC,EACvB,OAAU,MACR,iFACD;AAaH,UAVA,MAAM,EAAe;IACnB,SAAS;IACT,QAAQ;IACR,cAAc,EAAiB,EAAgB;IAC/C,MAAM,sBAAsB,EAAe;IAC3C,MAAM;KAAE,GAAG;KAAS,KAAK;KAAM;IAC/B,UAAU;IACV;IACD,CAAC,EAEK;;AAST,SANA,MAAM,IAAI,EACR,EAA4B;GAAE;GAAiB;GAAe,CAAC,CAChE,CAAC,UAAU,GAAgB,GAAS,EACnC,KAAK,IACN,CAAC,EAEK;;CAGT,aAAa,mBACX,GACA,GACA,GACA,GACA,GACA,GACA,GACA,GACmC;AACnC,MAAI,GAAkB,CAAC,QAAQ,SAAS,QAsBtC,QAAO,EAA2B;GAfhC,iBAAiB,IACb;IACE,MAAM;IACN,SAAS,CAAC;KAAE,MAAM;KAAQ,MAAM;KAAgB,CAAC;IAClD,GACD;GACJ,OAAO,KAA4B;GACnC,qBAAqB,GAAU,uBAAuB;GACtD,iBAAiB,GAAU,mBAAmB;GAC9C,cAAc,GAAU,gBAAgB;GACxC,SAAS,KAAW;GACpB,wBAAwB,KAAwB;GAChD,YAAY;GACZ,YAAY,KAAa;GAEO,CAAQ;EAG5C,IAAM,IAAW,MAAM,EAAgB,aAAa,EAC9C,IAAiB,GAAQ,EAKzB,IAAU,MAAM,EAAmD;GACvE;GACA,OAAO;GACP;GACA;GACA;GACA,YATA,KAAsB,EAA4B,EAAe;GAUlE,CAAC,EAEI,IAAO,MAAM,IAAI,EACrB,GAA6B,CAC9B,CAAC,mBAA2C,EAAQ,EAC/C,IAAe,GAA0B;AAC/C,MAAI,CAAC,EAAc,OAAM,IAAI,GAAyB;AAiBtD,UAfI,GAAU,uBAAuB,MAOnC,EAA8B,EAAK,IAAI;GACrC,qBAAqB,GAAU,uBAAuB;GACtD,iBAAiB,GAAU,mBAAmB;GAC9C,cAAc,GAAU,gBAAgB;GACxC,oBAAoB,KAAsB;GAC3C,CAAC,EAGG;GACL,IAAI,EAAK;GACT,oBAAoB;GACpB,QAAQ;GACR,QAAQ;GACR,qBAAqB,EAAK;GAC1B,kBAAkB,EAAa;GAC/B,SAAS;IACP,iBAAiB,EAAQ;IAGzB,SAAS,KAAW;IACrB;GACD,YAAY,EAAK;GACjB,YAAY,EAAK;GAClB;;CAGH,aAAa,aACX,GAC0C;AAO1C,SANI,GAAkB,CAAC,QAAQ,SAAS,UAC/B,EAAiC,EAAO,GAK1C;;CAGT,aAAa,aACX,GACA,GACA,GAC+B;EAM/B,IAAM,IACJ,MAAM,KAAK,8BAA8B,EAAe;AAc1D,SAAO,EAAE,YAAY,MAXG,IAAI,EAC1B,EAA4B;GAC1B;GACA;GACD,CAAC,CACH,CAAC,OAAO;GACP,SACE,OAAO,SAAW,MAAc,OAAO,SAAS,SAAS,KAAA;GAC3D;GACD,CAAC,EAE8B;;CAGlC,aAAa,8BACX,GACiB;EACjB,IAAM,CAAC,KAAgB,MAAM,KAAK,yBAAyB,CACzD,EACD,CAAC;AACF,SAAO,GAAc,WAAW,eAAe,GAA0B;;CAG3E,aAAa,yBACX,GACqC;AAWrC,SAVI,EAAI,WAAW,IAAU,EAAE,GAE3B,GAAkB,CAAC,QAAQ,SAAS,UAC/B,EAA2B,EAAI,GAOjC,EAA+B,MAJnB,IAAI,EACrB,GAA6B,CAC9B,CAAC,iBAAyC,EAAI,CAEJ,CAAC,KAAK,MAC/C,EAAkB,EAAK,CACxB;;CAGH,aAAa,6BACX,GACA,GAC0B;AAC1B,MAAI,GAAkB,CAAC,QAAQ,SAAS,QACtC,OAAU,MAAM,2CAA2C;AAE7D,SAAO,EAAkC,GAAgB,EAAS;;CAGpE,aAAa,6BACX,GACA,GACA,GACA,GAC0B;AAC1B,EAAI,IAEF,EAA8B,GAAgB;GAC5C,GAFe,EAA8B,EAEzC,IAAY,EAAE;GAClB,qBAAqB;GACrB,iBAAiB,KAAU;GAC3B,cAAe,KAA+C;GAC/D,CAAC,GAEF,EAAiC,EAAe;EAElD,IAAM,CAAC,KAAgB,MAAM,KAAK,yBAAyB,CACzD,EACD,CAAC;AACF,SAAO,EAAuB,GAAc,EAAe;;CAG7D,aAAa,qBACX,GACA,GACiB;AACjB,MAAI,GAAkB,CAAC,QAAQ,SAAS,QAQtC,QAAO,EAA0B,GAJpB,EACX,KAAY,0CACZ,qBAE+C,CAAK;EAGxD,IAAM,IAAa,MAAM,KAAK,8BAA8B,EAAe,EACrE,IAAO,EACX,KAAY,GAAG,EAAW,uBAC1B,EACD;AACD,SAAO,IAAI,EAAW,GAA6B,CAAC,CAAC,iBAAiB,EAAK;;CAG7E,aAAa,qBAAqB,GAAuC;AAKvE,SAJI,GAAkB,CAAC,QAAQ,SAAS,UAC/B,EAA0B,EAAe,GAG3C,IAAI,EAAW,GAA6B,CAAC,CAAC,mBACnD,EACD;;CAGH,aAAa,SAAS,GAAmD;AAIvE,SAAO,GAAoB;;CAG7B,aAAa,uBACX,GACA,GACA,GACkC;EAClC,IAAM,IAAS,GAAkB,CAAC,SAU5B,IACJ,EAAO,SAAS,WAAW,IACvB,MAAM,EAA2B;GAC/B,SAAS;GACT,QAAQ;GACR,cAAc,EAAiB,EAAgB;GAC/C,MAAM,sBAAsB;GAC5B,UAAU;GACV;GACD,CAAC,GACF,MAAM,IAAI,EACR,EAA4B;GAC1B;GACA;GACD,CAAC,CACH,CAAC,gBAA4B,EAAe,EAC7C,IAAO,EAA8B,EAAS,EAC9C,IAAQ,EAAS,EAAS,GAAG,EAAS,QAAQ;AAEpD,SAAO;GACL,IAAI,EAAK;GACT,OAAO,EAAK,OAAO,MAAM,GACrB,EAAK,QACL,EAA4B,EAAK,GAAG;GACxC,SAAS,EAAiB,EAAK,QAAQ;GACvC,YAAY,EAAK;GACjB,YAAY,EAAK;GACjB,QAAQ,EAAgB,EAAK,iBAAiB;GAC9C,OAAO,EAAS,EAAM,GAAG,IAAQ,EAAE,kBAAkB,EAAE,EAAE;GAC1D;;CAGH,aAAa,oBACX,IAAgB,IAChB,GAC8B;AAa9B,SAZI,GAAkB,CAAC,QAAQ,SAAS,UAC/B,EAAyB,GAAO,EAAO,GAWzC,EAAmB,EAA8B,MARrC,IAAI,EACrB,GAA6B,CAC9B,CAAC,oBAAoB;GACpB;GACA,SAAS;GACT,YAAY,EAAsB;GACnC,CAAC,CAE2D,CAAC;;CAGhE,aAAa,mBAAmB,GAAuC;AAQrE,EAPI,GAAkB,CAAC,QAAQ,SAAS,UACtC,MAAM,EAAwB,EAAe,GAE7C,MAAM,IAAI,EACR,GAA6B,CAC9B,CAAC,mBAAmB,EAAe,EAEtC,EAAiC,EAAe;;CAGlD,aAAa,wBACX,GACA,GAC0B;AAC1B,QAAM,IAAI,EACR,GAA6B,CAC9B,CAAC,mBAAmB,GAAgB,EACnC,UACD,CAAC;EACF,IAAM,CAAC,KAAgB,MAAM,KAAK,yBAAyB,CACzD,EACD,CAAC;AACF,SAAO,EAAuB,GAAc,EAAe;;CAc7D,aAAa,cACX,GACA,GACe;AACf,MAAI,GAAkB,CAAC,QAAQ,SAAS,QACtC,OAAU,MACR,2EACD;AAGH,MAAI,CAAC,GAAgB;AACnB,SAAM,IAAI,EAAe,GAA6B,CAAC,CAAC,gBACtD,EACD;AACD;;EAGF,IAAM,IAAgB,GAA6B,EAC7C,IAAqB,IAAI,EAAmB,EAAc,EAC1D,IAAU,MAAM,IAAI,EAAe,EAAc,CAAC,WACtD,GACA,EAAE,eAAe,aAAa,CAC/B,EACK,IACJ,OAAO,EAAQ,OAAO,SAAU,WAAW,EAAQ,OAAO,QAAQ;AACpE,MAAI,CAAC,EAAO,OAAU,MAAM,YAAY,EAAY,iBAAiB;AACrE,QAAM,EAAmB,UAAU,GAAgB;GACjD,GAAG,EAAQ;GACX;GAEA,UAAU,WAAW,EAAY,GAAG,GAAQ;GAC7C,CAAc;;CAcjB,aAAa,eACX,GACA,GACe;AACf,MAAI,GAAkB,CAAC,QAAQ,SAAS,QACtC,OAAU,MACR,yEACD;AAGH,QAAM,IAAI,EAAmB,GAA6B,CAAC,CAAC,eAC1D,GACA,EACD"}
package/dist/api/device-flow-client.cjs CHANGED
@@ -1,2 +1,2 @@
1
- require(`../_virtual/_rolldown/runtime.cjs`);const e=require(`./backend-registry/active-store.cjs`),t=require(`./backend-registry/auth.cjs`);var n=class extends Error{constructor(e,t){super(e),this.code=t,this.name=`DeviceFlowError`}},r=6e5,i=3e4;async function a(n,r,i,a,o,s){let c=e.getEffectiveLocalBackend(),l=`${c.host.replace(/\/+$/,``)}/api/cloud-proxy`;return await fetch(l,{method:`POST`,headers:{"Content-Type":`application/json`,...t.buildAuthHeaders(c)},body:JSON.stringify({host:n,method:r,path:i,headers:o?{"Content-Type":o}:{},body:a??null}),signal:s})}async function o(e){let t=e.replace(/\/+$/,``);try{let e=await a(t,`POST`,`/oauth/device/authorize`,{},`application/json`);if(!e.ok)throw new n(`Failed to start device flow: Server returned ${e.status}`);let r=await e.json();if(!r.device_code||!r.user_code||!r.verification_uri)throw new n(`Invalid response from device authorization endpoint: missing required fields`);let i=r.verification_uri_complete??`${r.verification_uri}?user_code=${encodeURIComponent(r.user_code)}`;return{device_code:r.device_code,user_code:r.user_code,verification_uri:r.verification_uri,verification_uri_complete:i,expires_in:r.expires_in??600,interval:r.interval??5}}catch(e){throw e instanceof n?e:new n(`Failed to start device flow: ${e instanceof Error?e.message:String(e)}`)}}async function s(e,t,o){let s=e.replace(/\/+$/,``),l=o.timeout??r,u=Math.max(1,o.interval)*1e3,d=Date.now();for(;Date.now()-d<l;){if(o.signal?.aborted)throw new n(`Authorization cancelled`,`cancelled`);try{let e=await a(s,`POST`,`/oauth/device/token`,new URLSearchParams({grant_type:`urn:ietf:params:oauth:grant-type:device_code`,device_code:t}).toString(),`application/x-www-form-urlencoded`,o.signal);if(e.ok){let t=await e.json();if(!t.access_token)throw new n(`Invalid token response: missing access_token`);return{access_token:t.access_token,token_type:t.token_type??`Bearer`,expires_in:t.expires_in}}let r;try{r=await e.json()}catch{throw new n(`Unexpected response from server: ${e.status}`)}let{error:c,error_description:l}=r;switch(c){case`authorization_pending`:break;case`slow_down`:u=typeof r.interval==`number`&&isFinite(r.interval)&&r.interval>0?Math.max(1,Math.min(r.interval,30))*1e3:Math.min(u+5e3,i);break;case`expired_token`:throw new n(`Device code has expired. Please try again.`,`expired_token`);case`access_denied`:throw new n(`Authorization request was denied.`,`access_denied`);default:throw new n(`Authorization error: ${c}${l?` - ${l}`:``}`,c)}}catch(e){if(e instanceof n)throw e;if(e instanceof DOMException&&e.name===`AbortError`)throw new n(`Authorization cancelled`,`cancelled`);console.warn(`Network error during polling, retrying:`,e)}try{await c(u,o.signal)}catch(e){throw e instanceof DOMException&&e.name===`AbortError`?new n(`Authorization cancelled`,`cancelled`):e}}throw new n(`Timeout waiting for authorization. Please try again.`,`timeout`)}function c(e,t){return new Promise((n,r)=>{if(t?.aborted){r(new DOMException(`Aborted`,`AbortError`));return}let i=setTimeout(n,e);t?.addEventListener(`abort`,()=>{clearTimeout(i),r(new DOMException(`Aborted`,`AbortError`))},{once:!0})})}exports.DeviceFlowError=n,exports.pollForToken=s,exports.startDeviceFlow=o;
1
+ require(`../_virtual/_rolldown/runtime.cjs`);var e=class extends Error{constructor(e,t){super(e),this.code=t,this.name=`DeviceFlowError`}},t=6e5,n=3e4;async function r(e,t,n,r,i,a){let o=r===void 0?void 0:typeof r==`string`||r instanceof Blob||r instanceof FormData||r instanceof URLSearchParams?r:JSON.stringify(r);return await fetch(`${e.replace(/\/+$/,``)}${n}`,{method:t,headers:{...i?{"Content-Type":i}:{}},body:o,signal:a})}async function i(t){let n=t.replace(/\/+$/,``);try{let t=await r(n,`POST`,`/oauth/device/authorize`,{},`application/json`);if(!t.ok)throw new e(`Failed to start device flow: Server returned ${t.status}`);let i=await t.json();if(!i.device_code||!i.user_code||!i.verification_uri)throw new e(`Invalid response from device authorization endpoint: missing required fields`);let a=i.verification_uri_complete??`${i.verification_uri}?user_code=${encodeURIComponent(i.user_code)}`;return{device_code:i.device_code,user_code:i.user_code,verification_uri:i.verification_uri,verification_uri_complete:a,expires_in:i.expires_in??600,interval:i.interval??5}}catch(t){throw t instanceof e?t:new e(`Failed to start device flow: ${t instanceof Error?t.message:String(t)}`)}}async function a(i,a,s){let c=i.replace(/\/+$/,``),l=s.timeout??t,u=Math.max(1,s.interval)*1e3,d=Date.now();for(;Date.now()-d<l;){if(s.signal?.aborted)throw new e(`Authorization cancelled`,`cancelled`);try{let t=await r(c,`POST`,`/oauth/device/token`,new URLSearchParams({grant_type:`urn:ietf:params:oauth:grant-type:device_code`,device_code:a}).toString(),`application/x-www-form-urlencoded`,s.signal);if(t.ok){let n=await t.json();if(!n.access_token)throw new e(`Invalid token response: missing access_token`);return{access_token:n.access_token,token_type:n.token_type??`Bearer`,expires_in:n.expires_in}}let i;try{i=await t.json()}catch{throw new e(`Unexpected response from server: ${t.status}`)}let{error:o,error_description:l}=i;switch(o){case`authorization_pending`:break;case`slow_down`:u=typeof i.interval==`number`&&isFinite(i.interval)&&i.interval>0?Math.max(1,Math.min(i.interval,30))*1e3:Math.min(u+5e3,n);break;case`expired_token`:throw new e(`Device code has expired. Please try again.`,`expired_token`);case`access_denied`:throw new e(`Authorization request was denied.`,`access_denied`);default:throw new e(`Authorization error: ${o}${l?` - ${l}`:``}`,o)}}catch(t){if(t instanceof e)throw t;if(t instanceof DOMException&&t.name===`AbortError`)throw new e(`Authorization cancelled`,`cancelled`);console.warn(`Network error during polling, retrying:`,t)}try{await o(u,s.signal)}catch(t){throw t instanceof DOMException&&t.name===`AbortError`?new e(`Authorization cancelled`,`cancelled`):t}}throw new e(`Timeout waiting for authorization. Please try again.`,`timeout`)}function o(e,t){return new Promise((n,r)=>{if(t?.aborted){r(new DOMException(`Aborted`,`AbortError`));return}let i=setTimeout(n,e);t?.addEventListener(`abort`,()=>{clearTimeout(i),r(new DOMException(`Aborted`,`AbortError`))},{once:!0})})}exports.DeviceFlowError=e,exports.pollForToken=a,exports.startDeviceFlow=i;
2
2
  //# sourceMappingURL=device-flow-client.cjs.map
package/dist/api/device-flow-client.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"device-flow-client.cjs","names":[],"sources":["../../src/api/device-flow-client.ts"],"sourcesContent":["/**\n * OAuth 2.0 Device Flow client implementation (RFC 8628).\n *\n * Used for one-click authentication with cloud backends.\n * The flow allows users to authenticate in their browser while the\n * application polls for the resulting API key.\n *\n * All device flow requests are proxied through the local agent-server's\n * cloud-proxy endpoint to avoid CORS issues. Since a local agent-server\n * is required to use the frontend, the proxy is always available.\n */\n\nimport { getEffectiveLocalBackend } from \"./backend-registry/active-store\";\nimport { buildAuthHeaders } from \"./backend-registry/auth\";\n\nexport class DeviceFlowError extends Error {\n constructor(\n message: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"DeviceFlowError\";\n }\n}\n\nexport interface DeviceAuthorizationResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\nexport interface DeviceTokenResponse {\n access_token: string;\n token_type: string;\n expires_in?: number;\n}\n\ninterface DeviceTokenErrorResponse {\n error: string;\n error_description?: string;\n interval?: number;\n}\n\nconst DEFAULT_TIMEOUT_MS = 600_000; // 10 minutes\nconst MAX_INTERVAL_MS = 30_000; // 30 seconds max polling interval\n\n/**\n * Check if a host is a known OpenHands Cloud domain.\n * Uses hostname extraction to prevent substring matching attacks.\n */\nexport function isOpenHandsCloudHost(host: string): boolean {\n try {\n // Extract hostname from URL or treat as hostname if no protocol\n const trimmed = host.trim().toLowerCase();\n const withProtocol = /^https?:\\/\\//i.test(trimmed)\n ? trimmed\n : `https://${trimmed}`;\n const url = new URL(withProtocol);\n const hostname = url.hostname;\n\n // Check if hostname ends with known domains (exact suffix match)\n return (\n hostname.endsWith(\".all-hands.dev\") ||\n hostname === \"all-hands.dev\" ||\n hostname.endsWith(\".openhands.dev\") ||\n hostname === \"openhands.dev\"\n );\n } catch {\n return false;\n }\n}\n\n/**\n * Make a proxied request through the local agent-server's cloud-proxy endpoint.\n * This avoids CORS issues when calling OpenHands Cloud endpoints.\n */\nasync function makeProxiedRequest(\n upstreamHost: string,\n method: \"GET\" | \"POST\",\n path: string,\n body?: unknown,\n contentType?: string,\n signal?: AbortSignal,\n): Promise<Response> {\n const local = getEffectiveLocalBackend();\n const proxyUrl = `${local.host.replace(/\\/+$/, \"\")}/api/cloud-proxy`;\n\n const response = await fetch(proxyUrl, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n ...buildAuthHeaders(local),\n },\n body: JSON.stringify({\n host: upstreamHost,\n method,\n path,\n headers: contentType ? { \"Content-Type\": contentType } : {},\n body: body ?? null,\n }),\n signal,\n });\n\n return response;\n}\n\n/**\n * Start the OAuth 2.0 Device Flow by requesting a device code.\n * All requests are proxied through the local agent-server to avoid CORS issues.\n *\n * @param host - The cloud backend host URL (e.g., \"https://app.all-hands.dev\")\n * @returns DeviceAuthorizationResponse with device_code, user_code, verification URLs, etc.\n * @throws DeviceFlowError if the request fails\n */\nexport async function startDeviceFlow(\n host: string,\n): Promise<DeviceAuthorizationResponse> {\n const normalizedHost = host.replace(/\\/+$/, \"\");\n\n try {\n const response = await makeProxiedRequest(\n normalizedHost,\n \"POST\",\n \"/oauth/device/authorize\",\n {},\n \"application/json\",\n );\n\n if (!response.ok) {\n // Avoid exposing sensitive server error details\n throw new DeviceFlowError(\n `Failed to start device flow: Server returned ${response.status}`,\n );\n }\n\n const data = await response.json();\n\n // Validate required fields per RFC 8628 Section 3.2\n // verification_uri_complete is OPTIONAL per RFC\n if (!data.device_code || !data.user_code || !data.verification_uri) {\n throw new DeviceFlowError(\n \"Invalid response from device authorization endpoint: missing required fields\",\n );\n }\n\n // Build verification_uri_complete if not provided (optional per RFC)\n const verificationUriComplete =\n data.verification_uri_complete ??\n `${data.verification_uri}?user_code=${encodeURIComponent(data.user_code)}`;\n\n return {\n device_code: data.device_code,\n user_code: data.user_code,\n verification_uri: data.verification_uri,\n verification_uri_complete: verificationUriComplete,\n expires_in: data.expires_in ?? 600,\n interval: data.interval ?? 5,\n };\n } catch (error) {\n if (error instanceof DeviceFlowError) {\n throw error;\n }\n throw new DeviceFlowError(\n `Failed to start device flow: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n\nexport interface PollOptions {\n /** Polling interval in seconds (from device authorization response) */\n interval: number;\n /** Maximum time to wait for authorization in milliseconds */\n timeout?: number;\n /** Abort signal to cancel polling */\n signal?: AbortSignal;\n}\n\n/**\n * Poll for the API key after user authorization.\n * All requests are proxied through the local agent-server to avoid CORS issues.\n *\n * @param host - The cloud backend host URL\n * @param deviceCode - The device code from startDeviceFlow\n * @param options - Polling options including interval, timeout, and abort signal\n * @returns DeviceTokenResponse containing the access_token (API key)\n * @throws DeviceFlowError if polling fails, user denies access, or timeout expires\n */\nexport async function pollForToken(\n host: string,\n deviceCode: string,\n options: PollOptions,\n): Promise<DeviceTokenResponse> {\n const normalizedHost = host.replace(/\\/+$/, \"\");\n const timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;\n let interval = Math.max(1, options.interval) * 1000; // At least 1 second\n const startTime = Date.now();\n\n while (Date.now() - startTime < timeout) {\n // Check if cancelled\n if (options.signal?.aborted) {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n\n try {\n // RFC 8628 Section 3.4 requires grant_type parameter\n const tokenRequestBody = new URLSearchParams({\n grant_type: \"urn:ietf:params:oauth:grant-type:device_code\",\n device_code: deviceCode,\n }).toString();\n\n const response = await makeProxiedRequest(\n normalizedHost,\n \"POST\",\n \"/oauth/device/token\",\n tokenRequestBody,\n \"application/x-www-form-urlencoded\",\n options.signal,\n );\n\n if (response.ok) {\n const data = await response.json();\n if (!data.access_token) {\n throw new DeviceFlowError(\n \"Invalid token response: missing access_token\",\n );\n }\n return {\n access_token: data.access_token,\n token_type: data.token_type ?? \"Bearer\",\n expires_in: data.expires_in,\n };\n }\n\n // Handle error responses\n let errorData: DeviceTokenErrorResponse;\n try {\n errorData = await response.json();\n } catch {\n throw new DeviceFlowError(\n `Unexpected response from server: ${response.status}`,\n );\n }\n\n const { error, error_description } = errorData;\n\n switch (error) {\n case \"authorization_pending\":\n // User hasn't finished yet; continue polling\n break;\n\n case \"slow_down\":\n // Server asks us to poll less frequently\n // RFC 8628 Section 3.5: \"the client MUST increase its polling interval by 5 seconds\"\n // Validate server-provided interval to prevent DoS (must be number, finite, positive)\n if (\n typeof errorData.interval === \"number\" &&\n isFinite(errorData.interval) &&\n errorData.interval > 0\n ) {\n interval = Math.max(1, Math.min(errorData.interval, 30)) * 1000;\n } else {\n // RFC 8628 mandates incrementing by 5 seconds\n interval = Math.min(interval + 5000, MAX_INTERVAL_MS);\n }\n break;\n\n case \"expired_token\":\n throw new DeviceFlowError(\n \"Device code has expired. Please try again.\",\n \"expired_token\",\n );\n\n case \"access_denied\":\n throw new DeviceFlowError(\n \"Authorization request was denied.\",\n \"access_denied\",\n );\n\n default:\n throw new DeviceFlowError(\n `Authorization error: ${error}${error_description ? ` - ${error_description}` : \"\"}`,\n error,\n );\n }\n } catch (error) {\n // DeviceFlowError means a definitive error (denied, expired, etc.) - rethrow\n if (error instanceof DeviceFlowError) {\n throw error;\n }\n // User cancelled - rethrow\n if (error instanceof DOMException && error.name === \"AbortError\") {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n // Network errors during polling should continue until timeout, not fail immediately\n // Brief network hiccups shouldn't abort 10-minute flows\n console.warn(\"Network error during polling, retrying:\", error);\n }\n\n // Wait before next poll (wrap in try-catch for consistent abort handling)\n try {\n await sleep(interval, options.signal);\n } catch (error) {\n if (error instanceof DOMException && error.name === \"AbortError\") {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n throw error;\n }\n }\n\n throw new DeviceFlowError(\n \"Timeout waiting for authorization. Please try again.\",\n \"timeout\",\n );\n}\n\n/**\n * Sleep for a given duration, respecting an optional abort signal.\n */\nfunction sleep(ms: number, signal?: AbortSignal): Promise<void> {\n return new Promise((resolve, reject) => {\n if (signal?.aborted) {\n reject(new DOMException(\"Aborted\", \"AbortError\"));\n return;\n }\n\n const timeoutId = setTimeout(resolve, ms);\n\n signal?.addEventListener(\n \"abort\",\n () => {\n clearTimeout(timeoutId);\n reject(new DOMException(\"Aborted\", \"AbortError\"));\n },\n { once: true },\n );\n });\n}\n"],"mappings":"6IAeA,IAAa,EAAb,cAAqC,KAAM,CACzC,YACE,EACA,EACA,CACA,MAAM,EAAQ,CAFE,KAAA,KAAA,EAGhB,KAAK,KAAO,oBAyBV,EAAqB,IACrB,EAAkB,IAgCxB,eAAe,EACb,EACA,EACA,EACA,EACA,EACA,EACmB,CACnB,IAAM,EAAQ,EAAA,0BAA0B,CAClC,EAAW,GAAG,EAAM,KAAK,QAAQ,OAAQ,GAAG,CAAC,kBAkBnD,OAAO,MAhBgB,MAAM,EAAU,CACrC,OAAQ,OACR,QAAS,CACP,eAAgB,mBAChB,GAAG,EAAA,iBAAiB,EAAM,CAC3B,CACD,KAAM,KAAK,UAAU,CACnB,KAAM,EACN,SACA,OACA,QAAS,EAAc,CAAE,eAAgB,EAAa,CAAG,EAAE,CAC3D,KAAM,GAAQ,KACf,CAAC,CACF,SACD,CAAC,CAaJ,eAAsB,EACpB,EACsC,CACtC,IAAM,EAAiB,EAAK,QAAQ,OAAQ,GAAG,CAE/C,GAAI,CACF,IAAM,EAAW,MAAM,EACrB,EACA,OACA,0BACA,EAAE,CACF,mBACD,CAED,GAAI,CAAC,EAAS,GAEZ,MAAM,IAAI,EACR,gDAAgD,EAAS,SAC1D,CAGH,IAAM,EAAO,MAAM,EAAS,MAAM,CAIlC,GAAI,CAAC,EAAK,aAAe,CAAC,EAAK,WAAa,CAAC,EAAK,iBAChD,MAAM,IAAI,EACR,+EACD,CAIH,IAAM,EACJ,EAAK,2BACL,GAAG,EAAK,iBAAiB,aAAa,mBAAmB,EAAK,UAAU,GAE1E,MAAO,CACL,YAAa,EAAK,YAClB,UAAW,EAAK,UAChB,iBAAkB,EAAK,iBACvB,0BAA2B,EAC3B,WAAY,EAAK,YAAc,IAC/B,SAAU,EAAK,UAAY,EAC5B,OACM,EAAO,CAId,MAHI,aAAiB,EACb,EAEF,IAAI,EACR,gCAAgC,aAAiB,MAAQ,EAAM,QAAU,OAAO,EAAM,GACvF,EAuBL,eAAsB,EACpB,EACA,EACA,EAC8B,CAC9B,IAAM,EAAiB,EAAK,QAAQ,OAAQ,GAAG,CACzC,EAAU,EAAQ,SAAW,EAC/B,EAAW,KAAK,IAAI,EAAG,EAAQ,SAAS,CAAG,IACzC,EAAY,KAAK,KAAK,CAE5B,KAAO,KAAK,KAAK,CAAG,EAAY,GAAS,CAEvC,GAAI,EAAQ,QAAQ,QAClB,MAAM,IAAI,EAAgB,0BAA2B,YAAY,CAGnE,GAAI,CAOF,IAAM,EAAW,MAAM,EACrB,EACA,OACA,sBARuB,IAAI,gBAAgB,CAC3C,WAAY,+CACZ,YAAa,EACd,CAAC,CAAC,UAMD,CACA,oCACA,EAAQ,OACT,CAED,GAAI,EAAS,GAAI,CACf,IAAM,EAAO,MAAM,EAAS,MAAM,CAClC,GAAI,CAAC,EAAK,aACR,MAAM,IAAI,EACR,+CACD,CAEH,MAAO,CACL,aAAc,EAAK,aACnB,WAAY,EAAK,YAAc,SAC/B,WAAY,EAAK,WAClB,CAIH,IAAI,EACJ,GAAI,CACF,EAAY,MAAM,EAAS,MAAM,MAC3B,CACN,MAAM,IAAI,EACR,oCAAoC,EAAS,SAC9C,CAGH,GAAM,CAAE,QAAO,qBAAsB,EAErC,OAAQ,EAAR,CACE,IAAK,wBAEH,MAEF,IAAK,YAIH,AAQE,EAPA,OAAO,EAAU,UAAa,UAC9B,SAAS,EAAU,SAAS,EAC5B,EAAU,SAAW,EAEV,KAAK,IAAI,EAAG,KAAK,IAAI,EAAU,SAAU,GAAG,CAAC,CAAG,IAGhD,KAAK,IAAI,EAAW,IAAM,EAAgB,CAEvD,MAEF,IAAK,gBACH,MAAM,IAAI,EACR,6CACA,gBACD,CAEH,IAAK,gBACH,MAAM,IAAI,EACR,oCACA,gBACD,CAEH,QACE,MAAM,IAAI,EACR,wBAAwB,IAAQ,EAAoB,MAAM,IAAsB,KAChF,EACD,QAEE,EAAO,CAEd,GAAI,aAAiB,EACnB,MAAM,EAGR,GAAI,aAAiB,cAAgB,EAAM,OAAS,aAClD,MAAM,IAAI,EAAgB,0BAA2B,YAAY,CAInE,QAAQ,KAAK,0CAA2C,EAAM,CAIhE,GAAI,CACF,MAAM,EAAM,EAAU,EAAQ,OAAO,OAC9B,EAAO,CAId,MAHI,aAAiB,cAAgB,EAAM,OAAS,aAC5C,IAAI,EAAgB,0BAA2B,YAAY,CAE7D,GAIV,MAAM,IAAI,EACR,uDACA,UACD,CAMH,SAAS,EAAM,EAAY,EAAqC,CAC9D,OAAO,IAAI,SAAS,EAAS,IAAW,CACtC,GAAI,GAAQ,QAAS,CACnB,EAAO,IAAI,aAAa,UAAW,aAAa,CAAC,CACjD,OAGF,IAAM,EAAY,WAAW,EAAS,EAAG,CAEzC,GAAQ,iBACN,YACM,CACJ,aAAa,EAAU,CACvB,EAAO,IAAI,aAAa,UAAW,aAAa,CAAC,EAEnD,CAAE,KAAM,GAAM,CACf,EACD"}
1
+ {"version":3,"file":"device-flow-client.cjs","names":[],"sources":["../../src/api/device-flow-client.ts"],"sourcesContent":["/**\n * OAuth 2.0 Device Flow client implementation (RFC 8628).\n *\n * Used for one-click authentication with cloud backends.\n * The flow allows users to authenticate in their browser while the\n * application polls for the resulting API key.\n *\n * Device flow requests go directly to the configured OpenHands Cloud host.\n */\n\nexport class DeviceFlowError extends Error {\n constructor(\n message: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"DeviceFlowError\";\n }\n}\n\nexport interface DeviceAuthorizationResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\nexport interface DeviceTokenResponse {\n access_token: string;\n token_type: string;\n expires_in?: number;\n}\n\ninterface DeviceTokenErrorResponse {\n error: string;\n error_description?: string;\n interval?: number;\n}\n\nconst DEFAULT_TIMEOUT_MS = 600_000; // 10 minutes\nconst MAX_INTERVAL_MS = 30_000; // 30 seconds max polling interval\n\n/**\n * Check if a host is a known OpenHands Cloud domain.\n * Uses hostname extraction to prevent substring matching attacks.\n */\nexport function isOpenHandsCloudHost(host: string): boolean {\n try {\n // Extract hostname from URL or treat as hostname if no protocol\n const trimmed = host.trim().toLowerCase();\n const withProtocol = /^https?:\\/\\//i.test(trimmed)\n ? trimmed\n : `https://${trimmed}`;\n const url = new URL(withProtocol);\n const hostname = url.hostname;\n\n // Check if hostname ends with known domains (exact suffix match)\n return (\n hostname.endsWith(\".all-hands.dev\") ||\n hostname === \"all-hands.dev\" ||\n hostname.endsWith(\".openhands.dev\") ||\n hostname === \"openhands.dev\"\n );\n } catch {\n return false;\n }\n}\n\n/**\n * Make a direct request to the OpenHands Cloud device-flow endpoint.\n */\nasync function makeCloudRequest(\n upstreamHost: string,\n method: \"GET\" | \"POST\",\n path: string,\n body?: unknown,\n contentType?: string,\n signal?: AbortSignal,\n): Promise<Response> {\n const requestBody =\n body === undefined\n ? undefined\n : typeof body === \"string\" ||\n body instanceof Blob ||\n body instanceof FormData ||\n body instanceof URLSearchParams\n ? body\n : JSON.stringify(body);\n\n const response = await fetch(`${upstreamHost.replace(/\\/+$/, \"\")}${path}`, {\n method,\n headers: {\n ...(contentType ? { \"Content-Type\": contentType } : {}),\n },\n body: requestBody,\n signal,\n });\n\n return response;\n}\n\n/**\n * Start the OAuth 2.0 Device Flow by requesting a device code.\n * Requests are sent directly to the cloud host.\n *\n * @param host - The cloud backend host URL (e.g., \"https://app.all-hands.dev\")\n * @returns DeviceAuthorizationResponse with device_code, user_code, verification URLs, etc.\n * @throws DeviceFlowError if the request fails\n */\nexport async function startDeviceFlow(\n host: string,\n): Promise<DeviceAuthorizationResponse> {\n const normalizedHost = host.replace(/\\/+$/, \"\");\n\n try {\n const response = await makeCloudRequest(\n normalizedHost,\n \"POST\",\n \"/oauth/device/authorize\",\n {},\n \"application/json\",\n );\n\n if (!response.ok) {\n // Avoid exposing sensitive server error details\n throw new DeviceFlowError(\n `Failed to start device flow: Server returned ${response.status}`,\n );\n }\n\n const data = await response.json();\n\n // Validate required fields per RFC 8628 Section 3.2\n // verification_uri_complete is OPTIONAL per RFC\n if (!data.device_code || !data.user_code || !data.verification_uri) {\n throw new DeviceFlowError(\n \"Invalid response from device authorization endpoint: missing required fields\",\n );\n }\n\n // Build verification_uri_complete if not provided (optional per RFC)\n const verificationUriComplete =\n data.verification_uri_complete ??\n `${data.verification_uri}?user_code=${encodeURIComponent(data.user_code)}`;\n\n return {\n device_code: data.device_code,\n user_code: data.user_code,\n verification_uri: data.verification_uri,\n verification_uri_complete: verificationUriComplete,\n expires_in: data.expires_in ?? 600,\n interval: data.interval ?? 5,\n };\n } catch (error) {\n if (error instanceof DeviceFlowError) {\n throw error;\n }\n throw new DeviceFlowError(\n `Failed to start device flow: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n\nexport interface PollOptions {\n /** Polling interval in seconds (from device authorization response) */\n interval: number;\n /** Maximum time to wait for authorization in milliseconds */\n timeout?: number;\n /** Abort signal to cancel polling */\n signal?: AbortSignal;\n}\n\n/**\n * Poll for the API key after user authorization.\n * Requests are sent directly to the cloud host.\n *\n * @param host - The cloud backend host URL\n * @param deviceCode - The device code from startDeviceFlow\n * @param options - Polling options including interval, timeout, and abort signal\n * @returns DeviceTokenResponse containing the access_token (API key)\n * @throws DeviceFlowError if polling fails, user denies access, or timeout expires\n */\nexport async function pollForToken(\n host: string,\n deviceCode: string,\n options: PollOptions,\n): Promise<DeviceTokenResponse> {\n const normalizedHost = host.replace(/\\/+$/, \"\");\n const timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;\n let interval = Math.max(1, options.interval) * 1000; // At least 1 second\n const startTime = Date.now();\n\n while (Date.now() - startTime < timeout) {\n // Check if cancelled\n if (options.signal?.aborted) {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n\n try {\n // RFC 8628 Section 3.4 requires grant_type parameter\n const tokenRequestBody = new URLSearchParams({\n grant_type: \"urn:ietf:params:oauth:grant-type:device_code\",\n device_code: deviceCode,\n }).toString();\n\n const response = await makeCloudRequest(\n normalizedHost,\n \"POST\",\n \"/oauth/device/token\",\n tokenRequestBody,\n \"application/x-www-form-urlencoded\",\n options.signal,\n );\n\n if (response.ok) {\n const data = await response.json();\n if (!data.access_token) {\n throw new DeviceFlowError(\n \"Invalid token response: missing access_token\",\n );\n }\n return {\n access_token: data.access_token,\n token_type: data.token_type ?? \"Bearer\",\n expires_in: data.expires_in,\n };\n }\n\n // Handle error responses\n let errorData: DeviceTokenErrorResponse;\n try {\n errorData = await response.json();\n } catch {\n throw new DeviceFlowError(\n `Unexpected response from server: ${response.status}`,\n );\n }\n\n const { error, error_description } = errorData;\n\n switch (error) {\n case \"authorization_pending\":\n // User hasn't finished yet; continue polling\n break;\n\n case \"slow_down\":\n // Server asks us to poll less frequently\n // RFC 8628 Section 3.5: \"the client MUST increase its polling interval by 5 seconds\"\n // Validate server-provided interval to prevent DoS (must be number, finite, positive)\n if (\n typeof errorData.interval === \"number\" &&\n isFinite(errorData.interval) &&\n errorData.interval > 0\n ) {\n interval = Math.max(1, Math.min(errorData.interval, 30)) * 1000;\n } else {\n // RFC 8628 mandates incrementing by 5 seconds\n interval = Math.min(interval + 5000, MAX_INTERVAL_MS);\n }\n break;\n\n case \"expired_token\":\n throw new DeviceFlowError(\n \"Device code has expired. Please try again.\",\n \"expired_token\",\n );\n\n case \"access_denied\":\n throw new DeviceFlowError(\n \"Authorization request was denied.\",\n \"access_denied\",\n );\n\n default:\n throw new DeviceFlowError(\n `Authorization error: ${error}${error_description ? ` - ${error_description}` : \"\"}`,\n error,\n );\n }\n } catch (error) {\n // DeviceFlowError means a definitive error (denied, expired, etc.) - rethrow\n if (error instanceof DeviceFlowError) {\n throw error;\n }\n // User cancelled - rethrow\n if (error instanceof DOMException && error.name === \"AbortError\") {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n // Network errors during polling should continue until timeout, not fail immediately\n // Brief network hiccups shouldn't abort 10-minute flows\n console.warn(\"Network error during polling, retrying:\", error);\n }\n\n // Wait before next poll (wrap in try-catch for consistent abort handling)\n try {\n await sleep(interval, options.signal);\n } catch (error) {\n if (error instanceof DOMException && error.name === \"AbortError\") {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n throw error;\n }\n }\n\n throw new DeviceFlowError(\n \"Timeout waiting for authorization. Please try again.\",\n \"timeout\",\n );\n}\n\n/**\n * Sleep for a given duration, respecting an optional abort signal.\n */\nfunction sleep(ms: number, signal?: AbortSignal): Promise<void> {\n return new Promise((resolve, reject) => {\n if (signal?.aborted) {\n reject(new DOMException(\"Aborted\", \"AbortError\"));\n return;\n }\n\n const timeoutId = setTimeout(resolve, ms);\n\n signal?.addEventListener(\n \"abort\",\n () => {\n clearTimeout(timeoutId);\n reject(new DOMException(\"Aborted\", \"AbortError\"));\n },\n { once: true },\n );\n });\n}\n"],"mappings":"6CAUA,IAAa,EAAb,cAAqC,KAAM,CACzC,YACE,EACA,EACA,CACA,MAAM,EAAQ,CAFE,KAAA,KAAA,EAGhB,KAAK,KAAO,oBAyBV,EAAqB,IACrB,EAAkB,IA+BxB,eAAe,EACb,EACA,EACA,EACA,EACA,EACA,EACmB,CACnB,IAAM,EACJ,IAAS,IAAA,GACL,IAAA,GACA,OAAO,GAAS,UACd,aAAgB,MAChB,aAAgB,UAChB,aAAgB,gBAChB,EACA,KAAK,UAAU,EAAK,CAW5B,OAAO,MATgB,MAAM,GAAG,EAAa,QAAQ,OAAQ,GAAG,GAAG,IAAQ,CACzE,SACA,QAAS,CACP,GAAI,EAAc,CAAE,eAAgB,EAAa,CAAG,EAAE,CACvD,CACD,KAAM,EACN,SACD,CAAC,CAaJ,eAAsB,EACpB,EACsC,CACtC,IAAM,EAAiB,EAAK,QAAQ,OAAQ,GAAG,CAE/C,GAAI,CACF,IAAM,EAAW,MAAM,EACrB,EACA,OACA,0BACA,EAAE,CACF,mBACD,CAED,GAAI,CAAC,EAAS,GAEZ,MAAM,IAAI,EACR,gDAAgD,EAAS,SAC1D,CAGH,IAAM,EAAO,MAAM,EAAS,MAAM,CAIlC,GAAI,CAAC,EAAK,aAAe,CAAC,EAAK,WAAa,CAAC,EAAK,iBAChD,MAAM,IAAI,EACR,+EACD,CAIH,IAAM,EACJ,EAAK,2BACL,GAAG,EAAK,iBAAiB,aAAa,mBAAmB,EAAK,UAAU,GAE1E,MAAO,CACL,YAAa,EAAK,YAClB,UAAW,EAAK,UAChB,iBAAkB,EAAK,iBACvB,0BAA2B,EAC3B,WAAY,EAAK,YAAc,IAC/B,SAAU,EAAK,UAAY,EAC5B,OACM,EAAO,CAId,MAHI,aAAiB,EACb,EAEF,IAAI,EACR,gCAAgC,aAAiB,MAAQ,EAAM,QAAU,OAAO,EAAM,GACvF,EAuBL,eAAsB,EACpB,EACA,EACA,EAC8B,CAC9B,IAAM,EAAiB,EAAK,QAAQ,OAAQ,GAAG,CACzC,EAAU,EAAQ,SAAW,EAC/B,EAAW,KAAK,IAAI,EAAG,EAAQ,SAAS,CAAG,IACzC,EAAY,KAAK,KAAK,CAE5B,KAAO,KAAK,KAAK,CAAG,EAAY,GAAS,CAEvC,GAAI,EAAQ,QAAQ,QAClB,MAAM,IAAI,EAAgB,0BAA2B,YAAY,CAGnE,GAAI,CAOF,IAAM,EAAW,MAAM,EACrB,EACA,OACA,sBARuB,IAAI,gBAAgB,CAC3C,WAAY,+CACZ,YAAa,EACd,CAAC,CAAC,UAMD,CACA,oCACA,EAAQ,OACT,CAED,GAAI,EAAS,GAAI,CACf,IAAM,EAAO,MAAM,EAAS,MAAM,CAClC,GAAI,CAAC,EAAK,aACR,MAAM,IAAI,EACR,+CACD,CAEH,MAAO,CACL,aAAc,EAAK,aACnB,WAAY,EAAK,YAAc,SAC/B,WAAY,EAAK,WAClB,CAIH,IAAI,EACJ,GAAI,CACF,EAAY,MAAM,EAAS,MAAM,MAC3B,CACN,MAAM,IAAI,EACR,oCAAoC,EAAS,SAC9C,CAGH,GAAM,CAAE,QAAO,qBAAsB,EAErC,OAAQ,EAAR,CACE,IAAK,wBAEH,MAEF,IAAK,YAIH,AAQE,EAPA,OAAO,EAAU,UAAa,UAC9B,SAAS,EAAU,SAAS,EAC5B,EAAU,SAAW,EAEV,KAAK,IAAI,EAAG,KAAK,IAAI,EAAU,SAAU,GAAG,CAAC,CAAG,IAGhD,KAAK,IAAI,EAAW,IAAM,EAAgB,CAEvD,MAEF,IAAK,gBACH,MAAM,IAAI,EACR,6CACA,gBACD,CAEH,IAAK,gBACH,MAAM,IAAI,EACR,oCACA,gBACD,CAEH,QACE,MAAM,IAAI,EACR,wBAAwB,IAAQ,EAAoB,MAAM,IAAsB,KAChF,EACD,QAEE,EAAO,CAEd,GAAI,aAAiB,EACnB,MAAM,EAGR,GAAI,aAAiB,cAAgB,EAAM,OAAS,aAClD,MAAM,IAAI,EAAgB,0BAA2B,YAAY,CAInE,QAAQ,KAAK,0CAA2C,EAAM,CAIhE,GAAI,CACF,MAAM,EAAM,EAAU,EAAQ,OAAO,OAC9B,EAAO,CAId,MAHI,aAAiB,cAAgB,EAAM,OAAS,aAC5C,IAAI,EAAgB,0BAA2B,YAAY,CAE7D,GAIV,MAAM,IAAI,EACR,uDACA,UACD,CAMH,SAAS,EAAM,EAAY,EAAqC,CAC9D,OAAO,IAAI,SAAS,EAAS,IAAW,CACtC,GAAI,GAAQ,QAAS,CACnB,EAAO,IAAI,aAAa,UAAW,aAAa,CAAC,CACjD,OAGF,IAAM,EAAY,WAAW,EAAS,EAAG,CAEzC,GAAQ,iBACN,YACM,CACJ,aAAa,EAAU,CACvB,EAAO,IAAI,aAAa,UAAW,aAAa,CAAC,EAEnD,CAAE,KAAM,GAAM,CACf,EACD"}
package/dist/api/device-flow-client.d.ts CHANGED
@@ -5,9 +5,7 @@
5
5
  * The flow allows users to authenticate in their browser while the
6
6
  * application polls for the resulting API key.
7
7
  *
8
- * All device flow requests are proxied through the local agent-server's
9
- * cloud-proxy endpoint to avoid CORS issues. Since a local agent-server
10
- * is required to use the frontend, the proxy is always available.
8
+ * Device flow requests go directly to the configured OpenHands Cloud host.
11
9
  */
12
10
  export declare class DeviceFlowError extends Error {
13
11
  readonly code?: string | undefined;
@@ -33,7 +31,7 @@ export interface DeviceTokenResponse {
33
31
  export declare function isOpenHandsCloudHost(host: string): boolean;
34
32
  /**
35
33
  * Start the OAuth 2.0 Device Flow by requesting a device code.
36
- * All requests are proxied through the local agent-server to avoid CORS issues.
34
+ * Requests are sent directly to the cloud host.
37
35
  *
38
36
  * @param host - The cloud backend host URL (e.g., "https://app.all-hands.dev")
39
37
  * @returns DeviceAuthorizationResponse with device_code, user_code, verification URLs, etc.
@@ -50,7 +48,7 @@ export interface PollOptions {
50
48
  }
51
49
  /**
52
50
  * Poll for the API key after user authorization.
53
- * All requests are proxied through the local agent-server to avoid CORS issues.
51
+ * Requests are sent directly to the cloud host.
54
52
  *
55
53
  * @param host - The cloud backend host URL
56
54
  * @param deviceCode - The device code from startDeviceFlow
package/dist/api/device-flow-client.js CHANGED
@@ -1,97 +1,86 @@
1
- import { getEffectiveLocalBackend as e } from "./backend-registry/active-store.js";
2
- import { buildAuthHeaders as t } from "./backend-registry/auth.js";
3
1
  //#region src/api/device-flow-client.ts
4
- var n = class extends Error {
2
+ var e = class extends Error {
5
3
  constructor(e, t) {
6
4
  super(e), this.code = t, this.name = "DeviceFlowError";
7
5
  }
8
- }, r = 6e5, i = 3e4;
9
- async function a(n, r, i, a, o, s) {
10
- let c = e(), l = `${c.host.replace(/\/+$/, "")}/api/cloud-proxy`;
11
- return await fetch(l, {
12
- method: "POST",
13
- headers: {
14
- "Content-Type": "application/json",
15
- ...t(c)
16
- },
17
- body: JSON.stringify({
18
- host: n,
19
- method: r,
20
- path: i,
21
- headers: o ? { "Content-Type": o } : {},
22
- body: a ?? null
23
- }),
24
- signal: s
6
+ }, t = 6e5, n = 3e4;
7
+ async function r(e, t, n, r, i, a) {
8
+ let o = r === void 0 ? void 0 : typeof r == "string" || r instanceof Blob || r instanceof FormData || r instanceof URLSearchParams ? r : JSON.stringify(r);
9
+ return await fetch(`${e.replace(/\/+$/, "")}${n}`, {
10
+ method: t,
11
+ headers: { ...i ? { "Content-Type": i } : {} },
12
+ body: o,
13
+ signal: a
25
14
  });
26
15
  }
27
- async function o(e) {
28
- let t = e.replace(/\/+$/, "");
16
+ async function i(t) {
17
+ let n = t.replace(/\/+$/, "");
29
18
  try {
30
- let e = await a(t, "POST", "/oauth/device/authorize", {}, "application/json");
31
- if (!e.ok) throw new n(`Failed to start device flow: Server returned ${e.status}`);
32
- let r = await e.json();
33
- if (!r.device_code || !r.user_code || !r.verification_uri) throw new n("Invalid response from device authorization endpoint: missing required fields");
34
- let i = r.verification_uri_complete ?? `${r.verification_uri}?user_code=${encodeURIComponent(r.user_code)}`;
19
+ let t = await r(n, "POST", "/oauth/device/authorize", {}, "application/json");
20
+ if (!t.ok) throw new e(`Failed to start device flow: Server returned ${t.status}`);
21
+ let i = await t.json();
22
+ if (!i.device_code || !i.user_code || !i.verification_uri) throw new e("Invalid response from device authorization endpoint: missing required fields");
23
+ let a = i.verification_uri_complete ?? `${i.verification_uri}?user_code=${encodeURIComponent(i.user_code)}`;
35
24
  return {
36
- device_code: r.device_code,
37
- user_code: r.user_code,
38
- verification_uri: r.verification_uri,
39
- verification_uri_complete: i,
40
- expires_in: r.expires_in ?? 600,
41
- interval: r.interval ?? 5
25
+ device_code: i.device_code,
26
+ user_code: i.user_code,
27
+ verification_uri: i.verification_uri,
28
+ verification_uri_complete: a,
29
+ expires_in: i.expires_in ?? 600,
30
+ interval: i.interval ?? 5
42
31
  };
43
- } catch (e) {
44
- throw e instanceof n ? e : new n(`Failed to start device flow: ${e instanceof Error ? e.message : String(e)}`);
32
+ } catch (t) {
33
+ throw t instanceof e ? t : new e(`Failed to start device flow: ${t instanceof Error ? t.message : String(t)}`);
45
34
  }
46
35
  }
47
- async function s(e, t, o) {
48
- let s = e.replace(/\/+$/, ""), l = o.timeout ?? r, u = Math.max(1, o.interval) * 1e3, d = Date.now();
36
+ async function a(i, a, s) {
37
+ let c = i.replace(/\/+$/, ""), l = s.timeout ?? t, u = Math.max(1, s.interval) * 1e3, d = Date.now();
49
38
  for (; Date.now() - d < l;) {
50
- if (o.signal?.aborted) throw new n("Authorization cancelled", "cancelled");
39
+ if (s.signal?.aborted) throw new e("Authorization cancelled", "cancelled");
51
40
  try {
52
- let e = await a(s, "POST", "/oauth/device/token", new URLSearchParams({
41
+ let t = await r(c, "POST", "/oauth/device/token", new URLSearchParams({
53
42
  grant_type: "urn:ietf:params:oauth:grant-type:device_code",
54
- device_code: t
55
- }).toString(), "application/x-www-form-urlencoded", o.signal);
56
- if (e.ok) {
57
- let t = await e.json();
58
- if (!t.access_token) throw new n("Invalid token response: missing access_token");
43
+ device_code: a
44
+ }).toString(), "application/x-www-form-urlencoded", s.signal);
45
+ if (t.ok) {
46
+ let n = await t.json();
47
+ if (!n.access_token) throw new e("Invalid token response: missing access_token");
59
48
  return {
60
- access_token: t.access_token,
61
- token_type: t.token_type ?? "Bearer",
62
- expires_in: t.expires_in
49
+ access_token: n.access_token,
50
+ token_type: n.token_type ?? "Bearer",
51
+ expires_in: n.expires_in
63
52
  };
64
53
  }
65
- let r;
54
+ let i;
66
55
  try {
67
- r = await e.json();
56
+ i = await t.json();
68
57
  } catch {
69
- throw new n(`Unexpected response from server: ${e.status}`);
58
+ throw new e(`Unexpected response from server: ${t.status}`);
70
59
  }
71
- let { error: c, error_description: l } = r;
72
- switch (c) {
60
+ let { error: o, error_description: l } = i;
61
+ switch (o) {
73
62
  case "authorization_pending": break;
74
63
  case "slow_down":
75
- u = typeof r.interval == "number" && isFinite(r.interval) && r.interval > 0 ? Math.max(1, Math.min(r.interval, 30)) * 1e3 : Math.min(u + 5e3, i);
64
+ u = typeof i.interval == "number" && isFinite(i.interval) && i.interval > 0 ? Math.max(1, Math.min(i.interval, 30)) * 1e3 : Math.min(u + 5e3, n);
76
65
  break;
77
- case "expired_token": throw new n("Device code has expired. Please try again.", "expired_token");
78
- case "access_denied": throw new n("Authorization request was denied.", "access_denied");
79
- default: throw new n(`Authorization error: ${c}${l ? ` - ${l}` : ""}`, c);
66
+ case "expired_token": throw new e("Device code has expired. Please try again.", "expired_token");
67
+ case "access_denied": throw new e("Authorization request was denied.", "access_denied");
68
+ default: throw new e(`Authorization error: ${o}${l ? ` - ${l}` : ""}`, o);
80
69
  }
81
- } catch (e) {
82
- if (e instanceof n) throw e;
83
- if (e instanceof DOMException && e.name === "AbortError") throw new n("Authorization cancelled", "cancelled");
84
- console.warn("Network error during polling, retrying:", e);
70
+ } catch (t) {
71
+ if (t instanceof e) throw t;
72
+ if (t instanceof DOMException && t.name === "AbortError") throw new e("Authorization cancelled", "cancelled");
73
+ console.warn("Network error during polling, retrying:", t);
85
74
  }
86
75
  try {
87
- await c(u, o.signal);
88
- } catch (e) {
89
- throw e instanceof DOMException && e.name === "AbortError" ? new n("Authorization cancelled", "cancelled") : e;
76
+ await o(u, s.signal);
77
+ } catch (t) {
78
+ throw t instanceof DOMException && t.name === "AbortError" ? new e("Authorization cancelled", "cancelled") : t;
90
79
  }
91
80
  }
92
- throw new n("Timeout waiting for authorization. Please try again.", "timeout");
81
+ throw new e("Timeout waiting for authorization. Please try again.", "timeout");
93
82
  }
94
- function c(e, t) {
83
+ function o(e, t) {
95
84
  return new Promise((n, r) => {
96
85
  if (t?.aborted) {
97
86
  r(new DOMException("Aborted", "AbortError"));
@@ -104,6 +93,6 @@ function c(e, t) {
104
93
  });
105
94
  }
106
95
  //#endregion
107
- export { n as DeviceFlowError, s as pollForToken, o as startDeviceFlow };
96
+ export { e as DeviceFlowError, a as pollForToken, i as startDeviceFlow };
108
97
 
109
98
  //# sourceMappingURL=device-flow-client.js.map
package/dist/api/device-flow-client.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"device-flow-client.js","names":[],"sources":["../../src/api/device-flow-client.ts"],"sourcesContent":["/**\n * OAuth 2.0 Device Flow client implementation (RFC 8628).\n *\n * Used for one-click authentication with cloud backends.\n * The flow allows users to authenticate in their browser while the\n * application polls for the resulting API key.\n *\n * All device flow requests are proxied through the local agent-server's\n * cloud-proxy endpoint to avoid CORS issues. Since a local agent-server\n * is required to use the frontend, the proxy is always available.\n */\n\nimport { getEffectiveLocalBackend } from \"./backend-registry/active-store\";\nimport { buildAuthHeaders } from \"./backend-registry/auth\";\n\nexport class DeviceFlowError extends Error {\n constructor(\n message: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"DeviceFlowError\";\n }\n}\n\nexport interface DeviceAuthorizationResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\nexport interface DeviceTokenResponse {\n access_token: string;\n token_type: string;\n expires_in?: number;\n}\n\ninterface DeviceTokenErrorResponse {\n error: string;\n error_description?: string;\n interval?: number;\n}\n\nconst DEFAULT_TIMEOUT_MS = 600_000; // 10 minutes\nconst MAX_INTERVAL_MS = 30_000; // 30 seconds max polling interval\n\n/**\n * Check if a host is a known OpenHands Cloud domain.\n * Uses hostname extraction to prevent substring matching attacks.\n */\nexport function isOpenHandsCloudHost(host: string): boolean {\n try {\n // Extract hostname from URL or treat as hostname if no protocol\n const trimmed = host.trim().toLowerCase();\n const withProtocol = /^https?:\\/\\//i.test(trimmed)\n ? trimmed\n : `https://${trimmed}`;\n const url = new URL(withProtocol);\n const hostname = url.hostname;\n\n // Check if hostname ends with known domains (exact suffix match)\n return (\n hostname.endsWith(\".all-hands.dev\") ||\n hostname === \"all-hands.dev\" ||\n hostname.endsWith(\".openhands.dev\") ||\n hostname === \"openhands.dev\"\n );\n } catch {\n return false;\n }\n}\n\n/**\n * Make a proxied request through the local agent-server's cloud-proxy endpoint.\n * This avoids CORS issues when calling OpenHands Cloud endpoints.\n */\nasync function makeProxiedRequest(\n upstreamHost: string,\n method: \"GET\" | \"POST\",\n path: string,\n body?: unknown,\n contentType?: string,\n signal?: AbortSignal,\n): Promise<Response> {\n const local = getEffectiveLocalBackend();\n const proxyUrl = `${local.host.replace(/\\/+$/, \"\")}/api/cloud-proxy`;\n\n const response = await fetch(proxyUrl, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n ...buildAuthHeaders(local),\n },\n body: JSON.stringify({\n host: upstreamHost,\n method,\n path,\n headers: contentType ? { \"Content-Type\": contentType } : {},\n body: body ?? null,\n }),\n signal,\n });\n\n return response;\n}\n\n/**\n * Start the OAuth 2.0 Device Flow by requesting a device code.\n * All requests are proxied through the local agent-server to avoid CORS issues.\n *\n * @param host - The cloud backend host URL (e.g., \"https://app.all-hands.dev\")\n * @returns DeviceAuthorizationResponse with device_code, user_code, verification URLs, etc.\n * @throws DeviceFlowError if the request fails\n */\nexport async function startDeviceFlow(\n host: string,\n): Promise<DeviceAuthorizationResponse> {\n const normalizedHost = host.replace(/\\/+$/, \"\");\n\n try {\n const response = await makeProxiedRequest(\n normalizedHost,\n \"POST\",\n \"/oauth/device/authorize\",\n {},\n \"application/json\",\n );\n\n if (!response.ok) {\n // Avoid exposing sensitive server error details\n throw new DeviceFlowError(\n `Failed to start device flow: Server returned ${response.status}`,\n );\n }\n\n const data = await response.json();\n\n // Validate required fields per RFC 8628 Section 3.2\n // verification_uri_complete is OPTIONAL per RFC\n if (!data.device_code || !data.user_code || !data.verification_uri) {\n throw new DeviceFlowError(\n \"Invalid response from device authorization endpoint: missing required fields\",\n );\n }\n\n // Build verification_uri_complete if not provided (optional per RFC)\n const verificationUriComplete =\n data.verification_uri_complete ??\n `${data.verification_uri}?user_code=${encodeURIComponent(data.user_code)}`;\n\n return {\n device_code: data.device_code,\n user_code: data.user_code,\n verification_uri: data.verification_uri,\n verification_uri_complete: verificationUriComplete,\n expires_in: data.expires_in ?? 600,\n interval: data.interval ?? 5,\n };\n } catch (error) {\n if (error instanceof DeviceFlowError) {\n throw error;\n }\n throw new DeviceFlowError(\n `Failed to start device flow: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n\nexport interface PollOptions {\n /** Polling interval in seconds (from device authorization response) */\n interval: number;\n /** Maximum time to wait for authorization in milliseconds */\n timeout?: number;\n /** Abort signal to cancel polling */\n signal?: AbortSignal;\n}\n\n/**\n * Poll for the API key after user authorization.\n * All requests are proxied through the local agent-server to avoid CORS issues.\n *\n * @param host - The cloud backend host URL\n * @param deviceCode - The device code from startDeviceFlow\n * @param options - Polling options including interval, timeout, and abort signal\n * @returns DeviceTokenResponse containing the access_token (API key)\n * @throws DeviceFlowError if polling fails, user denies access, or timeout expires\n */\nexport async function pollForToken(\n host: string,\n deviceCode: string,\n options: PollOptions,\n): Promise<DeviceTokenResponse> {\n const normalizedHost = host.replace(/\\/+$/, \"\");\n const timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;\n let interval = Math.max(1, options.interval) * 1000; // At least 1 second\n const startTime = Date.now();\n\n while (Date.now() - startTime < timeout) {\n // Check if cancelled\n if (options.signal?.aborted) {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n\n try {\n // RFC 8628 Section 3.4 requires grant_type parameter\n const tokenRequestBody = new URLSearchParams({\n grant_type: \"urn:ietf:params:oauth:grant-type:device_code\",\n device_code: deviceCode,\n }).toString();\n\n const response = await makeProxiedRequest(\n normalizedHost,\n \"POST\",\n \"/oauth/device/token\",\n tokenRequestBody,\n \"application/x-www-form-urlencoded\",\n options.signal,\n );\n\n if (response.ok) {\n const data = await response.json();\n if (!data.access_token) {\n throw new DeviceFlowError(\n \"Invalid token response: missing access_token\",\n );\n }\n return {\n access_token: data.access_token,\n token_type: data.token_type ?? \"Bearer\",\n expires_in: data.expires_in,\n };\n }\n\n // Handle error responses\n let errorData: DeviceTokenErrorResponse;\n try {\n errorData = await response.json();\n } catch {\n throw new DeviceFlowError(\n `Unexpected response from server: ${response.status}`,\n );\n }\n\n const { error, error_description } = errorData;\n\n switch (error) {\n case \"authorization_pending\":\n // User hasn't finished yet; continue polling\n break;\n\n case \"slow_down\":\n // Server asks us to poll less frequently\n // RFC 8628 Section 3.5: \"the client MUST increase its polling interval by 5 seconds\"\n // Validate server-provided interval to prevent DoS (must be number, finite, positive)\n if (\n typeof errorData.interval === \"number\" &&\n isFinite(errorData.interval) &&\n errorData.interval > 0\n ) {\n interval = Math.max(1, Math.min(errorData.interval, 30)) * 1000;\n } else {\n // RFC 8628 mandates incrementing by 5 seconds\n interval = Math.min(interval + 5000, MAX_INTERVAL_MS);\n }\n break;\n\n case \"expired_token\":\n throw new DeviceFlowError(\n \"Device code has expired. Please try again.\",\n \"expired_token\",\n );\n\n case \"access_denied\":\n throw new DeviceFlowError(\n \"Authorization request was denied.\",\n \"access_denied\",\n );\n\n default:\n throw new DeviceFlowError(\n `Authorization error: ${error}${error_description ? ` - ${error_description}` : \"\"}`,\n error,\n );\n }\n } catch (error) {\n // DeviceFlowError means a definitive error (denied, expired, etc.) - rethrow\n if (error instanceof DeviceFlowError) {\n throw error;\n }\n // User cancelled - rethrow\n if (error instanceof DOMException && error.name === \"AbortError\") {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n // Network errors during polling should continue until timeout, not fail immediately\n // Brief network hiccups shouldn't abort 10-minute flows\n console.warn(\"Network error during polling, retrying:\", error);\n }\n\n // Wait before next poll (wrap in try-catch for consistent abort handling)\n try {\n await sleep(interval, options.signal);\n } catch (error) {\n if (error instanceof DOMException && error.name === \"AbortError\") {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n throw error;\n }\n }\n\n throw new DeviceFlowError(\n \"Timeout waiting for authorization. Please try again.\",\n \"timeout\",\n );\n}\n\n/**\n * Sleep for a given duration, respecting an optional abort signal.\n */\nfunction sleep(ms: number, signal?: AbortSignal): Promise<void> {\n return new Promise((resolve, reject) => {\n if (signal?.aborted) {\n reject(new DOMException(\"Aborted\", \"AbortError\"));\n return;\n }\n\n const timeoutId = setTimeout(resolve, ms);\n\n signal?.addEventListener(\n \"abort\",\n () => {\n clearTimeout(timeoutId);\n reject(new DOMException(\"Aborted\", \"AbortError\"));\n },\n { once: true },\n );\n });\n}\n"],"mappings":";;;AAeA,IAAa,IAAb,cAAqC,MAAM;CACzC,YACE,GACA,GACA;AAEA,EADA,MAAM,EAAQ,EAFE,KAAA,OAAA,GAGhB,KAAK,OAAO;;GAyBV,IAAqB,KACrB,IAAkB;AAgCxB,eAAe,EACb,GACA,GACA,GACA,GACA,GACA,GACmB;CACnB,IAAM,IAAQ,GAA0B,EAClC,IAAW,GAAG,EAAM,KAAK,QAAQ,QAAQ,GAAG,CAAC;AAkBnD,QAAO,MAhBgB,MAAM,GAAU;EACrC,QAAQ;EACR,SAAS;GACP,gBAAgB;GAChB,GAAG,EAAiB,EAAM;GAC3B;EACD,MAAM,KAAK,UAAU;GACnB,MAAM;GACN;GACA;GACA,SAAS,IAAc,EAAE,gBAAgB,GAAa,GAAG,EAAE;GAC3D,MAAM,KAAQ;GACf,CAAC;EACF;EACD,CAAC;;AAaJ,eAAsB,EACpB,GACsC;CACtC,IAAM,IAAiB,EAAK,QAAQ,QAAQ,GAAG;AAE/C,KAAI;EACF,IAAM,IAAW,MAAM,EACrB,GACA,QACA,2BACA,EAAE,EACF,mBACD;AAED,MAAI,CAAC,EAAS,GAEZ,OAAM,IAAI,EACR,gDAAgD,EAAS,SAC1D;EAGH,IAAM,IAAO,MAAM,EAAS,MAAM;AAIlC,MAAI,CAAC,EAAK,eAAe,CAAC,EAAK,aAAa,CAAC,EAAK,iBAChD,OAAM,IAAI,EACR,+EACD;EAIH,IAAM,IACJ,EAAK,6BACL,GAAG,EAAK,iBAAiB,aAAa,mBAAmB,EAAK,UAAU;AAE1E,SAAO;GACL,aAAa,EAAK;GAClB,WAAW,EAAK;GAChB,kBAAkB,EAAK;GACvB,2BAA2B;GAC3B,YAAY,EAAK,cAAc;GAC/B,UAAU,EAAK,YAAY;GAC5B;UACM,GAAO;AAId,QAHI,aAAiB,IACb,IAEF,IAAI,EACR,gCAAgC,aAAiB,QAAQ,EAAM,UAAU,OAAO,EAAM,GACvF;;;AAuBL,eAAsB,EACpB,GACA,GACA,GAC8B;CAC9B,IAAM,IAAiB,EAAK,QAAQ,QAAQ,GAAG,EACzC,IAAU,EAAQ,WAAW,GAC/B,IAAW,KAAK,IAAI,GAAG,EAAQ,SAAS,GAAG,KACzC,IAAY,KAAK,KAAK;AAE5B,QAAO,KAAK,KAAK,GAAG,IAAY,IAAS;AAEvC,MAAI,EAAQ,QAAQ,QAClB,OAAM,IAAI,EAAgB,2BAA2B,YAAY;AAGnE,MAAI;GAOF,IAAM,IAAW,MAAM,EACrB,GACA,QACA,uBARuB,IAAI,gBAAgB;IAC3C,YAAY;IACZ,aAAa;IACd,CAAC,CAAC,UAMD,EACA,qCACA,EAAQ,OACT;AAED,OAAI,EAAS,IAAI;IACf,IAAM,IAAO,MAAM,EAAS,MAAM;AAClC,QAAI,CAAC,EAAK,aACR,OAAM,IAAI,EACR,+CACD;AAEH,WAAO;KACL,cAAc,EAAK;KACnB,YAAY,EAAK,cAAc;KAC/B,YAAY,EAAK;KAClB;;GAIH,IAAI;AACJ,OAAI;AACF,QAAY,MAAM,EAAS,MAAM;WAC3B;AACN,UAAM,IAAI,EACR,oCAAoC,EAAS,SAC9C;;GAGH,IAAM,EAAE,UAAO,yBAAsB;AAErC,WAAQ,GAAR;IACE,KAAK,wBAEH;IAEF,KAAK;AAIH,KAQE,IAPA,OAAO,EAAU,YAAa,YAC9B,SAAS,EAAU,SAAS,IAC5B,EAAU,WAAW,IAEV,KAAK,IAAI,GAAG,KAAK,IAAI,EAAU,UAAU,GAAG,CAAC,GAAG,MAGhD,KAAK,IAAI,IAAW,KAAM,EAAgB;AAEvD;IAEF,KAAK,gBACH,OAAM,IAAI,EACR,8CACA,gBACD;IAEH,KAAK,gBACH,OAAM,IAAI,EACR,qCACA,gBACD;IAEH,QACE,OAAM,IAAI,EACR,wBAAwB,IAAQ,IAAoB,MAAM,MAAsB,MAChF,EACD;;WAEE,GAAO;AAEd,OAAI,aAAiB,EACnB,OAAM;AAGR,OAAI,aAAiB,gBAAgB,EAAM,SAAS,aAClD,OAAM,IAAI,EAAgB,2BAA2B,YAAY;AAInE,WAAQ,KAAK,2CAA2C,EAAM;;AAIhE,MAAI;AACF,SAAM,EAAM,GAAU,EAAQ,OAAO;WAC9B,GAAO;AAId,SAHI,aAAiB,gBAAgB,EAAM,SAAS,eAC5C,IAAI,EAAgB,2BAA2B,YAAY,GAE7D;;;AAIV,OAAM,IAAI,EACR,wDACA,UACD;;AAMH,SAAS,EAAM,GAAY,GAAqC;AAC9D,QAAO,IAAI,SAAS,GAAS,MAAW;AACtC,MAAI,GAAQ,SAAS;AACnB,KAAO,IAAI,aAAa,WAAW,aAAa,CAAC;AACjD;;EAGF,IAAM,IAAY,WAAW,GAAS,EAAG;AAEzC,KAAQ,iBACN,eACM;AAEJ,GADA,aAAa,EAAU,EACvB,EAAO,IAAI,aAAa,WAAW,aAAa,CAAC;KAEnD,EAAE,MAAM,IAAM,CACf;GACD"}
1
+ {"version":3,"file":"device-flow-client.js","names":[],"sources":["../../src/api/device-flow-client.ts"],"sourcesContent":["/**\n * OAuth 2.0 Device Flow client implementation (RFC 8628).\n *\n * Used for one-click authentication with cloud backends.\n * The flow allows users to authenticate in their browser while the\n * application polls for the resulting API key.\n *\n * Device flow requests go directly to the configured OpenHands Cloud host.\n */\n\nexport class DeviceFlowError extends Error {\n constructor(\n message: string,\n public readonly code?: string,\n ) {\n super(message);\n this.name = \"DeviceFlowError\";\n }\n}\n\nexport interface DeviceAuthorizationResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n verification_uri_complete: string;\n expires_in: number;\n interval: number;\n}\n\nexport interface DeviceTokenResponse {\n access_token: string;\n token_type: string;\n expires_in?: number;\n}\n\ninterface DeviceTokenErrorResponse {\n error: string;\n error_description?: string;\n interval?: number;\n}\n\nconst DEFAULT_TIMEOUT_MS = 600_000; // 10 minutes\nconst MAX_INTERVAL_MS = 30_000; // 30 seconds max polling interval\n\n/**\n * Check if a host is a known OpenHands Cloud domain.\n * Uses hostname extraction to prevent substring matching attacks.\n */\nexport function isOpenHandsCloudHost(host: string): boolean {\n try {\n // Extract hostname from URL or treat as hostname if no protocol\n const trimmed = host.trim().toLowerCase();\n const withProtocol = /^https?:\\/\\//i.test(trimmed)\n ? trimmed\n : `https://${trimmed}`;\n const url = new URL(withProtocol);\n const hostname = url.hostname;\n\n // Check if hostname ends with known domains (exact suffix match)\n return (\n hostname.endsWith(\".all-hands.dev\") ||\n hostname === \"all-hands.dev\" ||\n hostname.endsWith(\".openhands.dev\") ||\n hostname === \"openhands.dev\"\n );\n } catch {\n return false;\n }\n}\n\n/**\n * Make a direct request to the OpenHands Cloud device-flow endpoint.\n */\nasync function makeCloudRequest(\n upstreamHost: string,\n method: \"GET\" | \"POST\",\n path: string,\n body?: unknown,\n contentType?: string,\n signal?: AbortSignal,\n): Promise<Response> {\n const requestBody =\n body === undefined\n ? undefined\n : typeof body === \"string\" ||\n body instanceof Blob ||\n body instanceof FormData ||\n body instanceof URLSearchParams\n ? body\n : JSON.stringify(body);\n\n const response = await fetch(`${upstreamHost.replace(/\\/+$/, \"\")}${path}`, {\n method,\n headers: {\n ...(contentType ? { \"Content-Type\": contentType } : {}),\n },\n body: requestBody,\n signal,\n });\n\n return response;\n}\n\n/**\n * Start the OAuth 2.0 Device Flow by requesting a device code.\n * Requests are sent directly to the cloud host.\n *\n * @param host - The cloud backend host URL (e.g., \"https://app.all-hands.dev\")\n * @returns DeviceAuthorizationResponse with device_code, user_code, verification URLs, etc.\n * @throws DeviceFlowError if the request fails\n */\nexport async function startDeviceFlow(\n host: string,\n): Promise<DeviceAuthorizationResponse> {\n const normalizedHost = host.replace(/\\/+$/, \"\");\n\n try {\n const response = await makeCloudRequest(\n normalizedHost,\n \"POST\",\n \"/oauth/device/authorize\",\n {},\n \"application/json\",\n );\n\n if (!response.ok) {\n // Avoid exposing sensitive server error details\n throw new DeviceFlowError(\n `Failed to start device flow: Server returned ${response.status}`,\n );\n }\n\n const data = await response.json();\n\n // Validate required fields per RFC 8628 Section 3.2\n // verification_uri_complete is OPTIONAL per RFC\n if (!data.device_code || !data.user_code || !data.verification_uri) {\n throw new DeviceFlowError(\n \"Invalid response from device authorization endpoint: missing required fields\",\n );\n }\n\n // Build verification_uri_complete if not provided (optional per RFC)\n const verificationUriComplete =\n data.verification_uri_complete ??\n `${data.verification_uri}?user_code=${encodeURIComponent(data.user_code)}`;\n\n return {\n device_code: data.device_code,\n user_code: data.user_code,\n verification_uri: data.verification_uri,\n verification_uri_complete: verificationUriComplete,\n expires_in: data.expires_in ?? 600,\n interval: data.interval ?? 5,\n };\n } catch (error) {\n if (error instanceof DeviceFlowError) {\n throw error;\n }\n throw new DeviceFlowError(\n `Failed to start device flow: ${error instanceof Error ? error.message : String(error)}`,\n );\n }\n}\n\nexport interface PollOptions {\n /** Polling interval in seconds (from device authorization response) */\n interval: number;\n /** Maximum time to wait for authorization in milliseconds */\n timeout?: number;\n /** Abort signal to cancel polling */\n signal?: AbortSignal;\n}\n\n/**\n * Poll for the API key after user authorization.\n * Requests are sent directly to the cloud host.\n *\n * @param host - The cloud backend host URL\n * @param deviceCode - The device code from startDeviceFlow\n * @param options - Polling options including interval, timeout, and abort signal\n * @returns DeviceTokenResponse containing the access_token (API key)\n * @throws DeviceFlowError if polling fails, user denies access, or timeout expires\n */\nexport async function pollForToken(\n host: string,\n deviceCode: string,\n options: PollOptions,\n): Promise<DeviceTokenResponse> {\n const normalizedHost = host.replace(/\\/+$/, \"\");\n const timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;\n let interval = Math.max(1, options.interval) * 1000; // At least 1 second\n const startTime = Date.now();\n\n while (Date.now() - startTime < timeout) {\n // Check if cancelled\n if (options.signal?.aborted) {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n\n try {\n // RFC 8628 Section 3.4 requires grant_type parameter\n const tokenRequestBody = new URLSearchParams({\n grant_type: \"urn:ietf:params:oauth:grant-type:device_code\",\n device_code: deviceCode,\n }).toString();\n\n const response = await makeCloudRequest(\n normalizedHost,\n \"POST\",\n \"/oauth/device/token\",\n tokenRequestBody,\n \"application/x-www-form-urlencoded\",\n options.signal,\n );\n\n if (response.ok) {\n const data = await response.json();\n if (!data.access_token) {\n throw new DeviceFlowError(\n \"Invalid token response: missing access_token\",\n );\n }\n return {\n access_token: data.access_token,\n token_type: data.token_type ?? \"Bearer\",\n expires_in: data.expires_in,\n };\n }\n\n // Handle error responses\n let errorData: DeviceTokenErrorResponse;\n try {\n errorData = await response.json();\n } catch {\n throw new DeviceFlowError(\n `Unexpected response from server: ${response.status}`,\n );\n }\n\n const { error, error_description } = errorData;\n\n switch (error) {\n case \"authorization_pending\":\n // User hasn't finished yet; continue polling\n break;\n\n case \"slow_down\":\n // Server asks us to poll less frequently\n // RFC 8628 Section 3.5: \"the client MUST increase its polling interval by 5 seconds\"\n // Validate server-provided interval to prevent DoS (must be number, finite, positive)\n if (\n typeof errorData.interval === \"number\" &&\n isFinite(errorData.interval) &&\n errorData.interval > 0\n ) {\n interval = Math.max(1, Math.min(errorData.interval, 30)) * 1000;\n } else {\n // RFC 8628 mandates incrementing by 5 seconds\n interval = Math.min(interval + 5000, MAX_INTERVAL_MS);\n }\n break;\n\n case \"expired_token\":\n throw new DeviceFlowError(\n \"Device code has expired. Please try again.\",\n \"expired_token\",\n );\n\n case \"access_denied\":\n throw new DeviceFlowError(\n \"Authorization request was denied.\",\n \"access_denied\",\n );\n\n default:\n throw new DeviceFlowError(\n `Authorization error: ${error}${error_description ? ` - ${error_description}` : \"\"}`,\n error,\n );\n }\n } catch (error) {\n // DeviceFlowError means a definitive error (denied, expired, etc.) - rethrow\n if (error instanceof DeviceFlowError) {\n throw error;\n }\n // User cancelled - rethrow\n if (error instanceof DOMException && error.name === \"AbortError\") {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n // Network errors during polling should continue until timeout, not fail immediately\n // Brief network hiccups shouldn't abort 10-minute flows\n console.warn(\"Network error during polling, retrying:\", error);\n }\n\n // Wait before next poll (wrap in try-catch for consistent abort handling)\n try {\n await sleep(interval, options.signal);\n } catch (error) {\n if (error instanceof DOMException && error.name === \"AbortError\") {\n throw new DeviceFlowError(\"Authorization cancelled\", \"cancelled\");\n }\n throw error;\n }\n }\n\n throw new DeviceFlowError(\n \"Timeout waiting for authorization. Please try again.\",\n \"timeout\",\n );\n}\n\n/**\n * Sleep for a given duration, respecting an optional abort signal.\n */\nfunction sleep(ms: number, signal?: AbortSignal): Promise<void> {\n return new Promise((resolve, reject) => {\n if (signal?.aborted) {\n reject(new DOMException(\"Aborted\", \"AbortError\"));\n return;\n }\n\n const timeoutId = setTimeout(resolve, ms);\n\n signal?.addEventListener(\n \"abort\",\n () => {\n clearTimeout(timeoutId);\n reject(new DOMException(\"Aborted\", \"AbortError\"));\n },\n { once: true },\n );\n });\n}\n"],"mappings":";AAUA,IAAa,IAAb,cAAqC,MAAM;CACzC,YACE,GACA,GACA;AAEA,EADA,MAAM,EAAQ,EAFE,KAAA,OAAA,GAGhB,KAAK,OAAO;;GAyBV,IAAqB,KACrB,IAAkB;AA+BxB,eAAe,EACb,GACA,GACA,GACA,GACA,GACA,GACmB;CACnB,IAAM,IACJ,MAAS,KAAA,IACL,KAAA,IACA,OAAO,KAAS,YACd,aAAgB,QAChB,aAAgB,YAChB,aAAgB,kBAChB,IACA,KAAK,UAAU,EAAK;AAW5B,QAAO,MATgB,MAAM,GAAG,EAAa,QAAQ,QAAQ,GAAG,GAAG,KAAQ;EACzE;EACA,SAAS,EACP,GAAI,IAAc,EAAE,gBAAgB,GAAa,GAAG,EAAE,EACvD;EACD,MAAM;EACN;EACD,CAAC;;AAaJ,eAAsB,EACpB,GACsC;CACtC,IAAM,IAAiB,EAAK,QAAQ,QAAQ,GAAG;AAE/C,KAAI;EACF,IAAM,IAAW,MAAM,EACrB,GACA,QACA,2BACA,EAAE,EACF,mBACD;AAED,MAAI,CAAC,EAAS,GAEZ,OAAM,IAAI,EACR,gDAAgD,EAAS,SAC1D;EAGH,IAAM,IAAO,MAAM,EAAS,MAAM;AAIlC,MAAI,CAAC,EAAK,eAAe,CAAC,EAAK,aAAa,CAAC,EAAK,iBAChD,OAAM,IAAI,EACR,+EACD;EAIH,IAAM,IACJ,EAAK,6BACL,GAAG,EAAK,iBAAiB,aAAa,mBAAmB,EAAK,UAAU;AAE1E,SAAO;GACL,aAAa,EAAK;GAClB,WAAW,EAAK;GAChB,kBAAkB,EAAK;GACvB,2BAA2B;GAC3B,YAAY,EAAK,cAAc;GAC/B,UAAU,EAAK,YAAY;GAC5B;UACM,GAAO;AAId,QAHI,aAAiB,IACb,IAEF,IAAI,EACR,gCAAgC,aAAiB,QAAQ,EAAM,UAAU,OAAO,EAAM,GACvF;;;AAuBL,eAAsB,EACpB,GACA,GACA,GAC8B;CAC9B,IAAM,IAAiB,EAAK,QAAQ,QAAQ,GAAG,EACzC,IAAU,EAAQ,WAAW,GAC/B,IAAW,KAAK,IAAI,GAAG,EAAQ,SAAS,GAAG,KACzC,IAAY,KAAK,KAAK;AAE5B,QAAO,KAAK,KAAK,GAAG,IAAY,IAAS;AAEvC,MAAI,EAAQ,QAAQ,QAClB,OAAM,IAAI,EAAgB,2BAA2B,YAAY;AAGnE,MAAI;GAOF,IAAM,IAAW,MAAM,EACrB,GACA,QACA,uBARuB,IAAI,gBAAgB;IAC3C,YAAY;IACZ,aAAa;IACd,CAAC,CAAC,UAMD,EACA,qCACA,EAAQ,OACT;AAED,OAAI,EAAS,IAAI;IACf,IAAM,IAAO,MAAM,EAAS,MAAM;AAClC,QAAI,CAAC,EAAK,aACR,OAAM,IAAI,EACR,+CACD;AAEH,WAAO;KACL,cAAc,EAAK;KACnB,YAAY,EAAK,cAAc;KAC/B,YAAY,EAAK;KAClB;;GAIH,IAAI;AACJ,OAAI;AACF,QAAY,MAAM,EAAS,MAAM;WAC3B;AACN,UAAM,IAAI,EACR,oCAAoC,EAAS,SAC9C;;GAGH,IAAM,EAAE,UAAO,yBAAsB;AAErC,WAAQ,GAAR;IACE,KAAK,wBAEH;IAEF,KAAK;AAIH,KAQE,IAPA,OAAO,EAAU,YAAa,YAC9B,SAAS,EAAU,SAAS,IAC5B,EAAU,WAAW,IAEV,KAAK,IAAI,GAAG,KAAK,IAAI,EAAU,UAAU,GAAG,CAAC,GAAG,MAGhD,KAAK,IAAI,IAAW,KAAM,EAAgB;AAEvD;IAEF,KAAK,gBACH,OAAM,IAAI,EACR,8CACA,gBACD;IAEH,KAAK,gBACH,OAAM,IAAI,EACR,qCACA,gBACD;IAEH,QACE,OAAM,IAAI,EACR,wBAAwB,IAAQ,IAAoB,MAAM,MAAsB,MAChF,EACD;;WAEE,GAAO;AAEd,OAAI,aAAiB,EACnB,OAAM;AAGR,OAAI,aAAiB,gBAAgB,EAAM,SAAS,aAClD,OAAM,IAAI,EAAgB,2BAA2B,YAAY;AAInE,WAAQ,KAAK,2CAA2C,EAAM;;AAIhE,MAAI;AACF,SAAM,EAAM,GAAU,EAAQ,OAAO;WAC9B,GAAO;AAId,SAHI,aAAiB,gBAAgB,EAAM,SAAS,eAC5C,IAAI,EAAgB,2BAA2B,YAAY,GAE7D;;;AAIV,OAAM,IAAI,EACR,wDACA,UACD;;AAMH,SAAS,EAAM,GAAY,GAAqC;AAC9D,QAAO,IAAI,SAAS,GAAS,MAAW;AACtC,MAAI,GAAQ,SAAS;AACnB,KAAO,IAAI,aAAa,WAAW,aAAa,CAAC;AACjD;;EAGF,IAAM,IAAY,WAAW,GAAS,EAAG;AAEzC,KAAQ,iBACN,eACM;AAEJ,GADA,aAAa,EAAU,EACvB,EAAO,IAAI,aAAa,WAAW,aAAa,CAAC;KAEnD,EAAE,MAAM,IAAM,CACf;GACD"}
package/dist/api/event-service/event-service.api.cjs CHANGED
@@ -1,2 +1,2 @@
1
- require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../backend-registry/active-store.cjs`),t=require(`../../node_modules/@openhands/typescript-client/dist/client/conversation-client.cjs`),n=require(`../../utils/websocket-url.cjs`),r=require(`../../node_modules/@openhands/typescript-client/dist/events/remote-events-list.cjs`),i=require(`../cloud/proxy.cjs`),a=require(`../agent-server-client-options.cjs`);var o=class{static async respondToConfirmation(r,o,s,c){let l=e.getActiveBackend().backend;return l.kind===`cloud`?i.callCloudProxy({backend:l,method:`POST`,hostOverride:n.buildHttpBaseUrl(o),path:`/api/conversations/${r}/events/respond_to_confirmation`,body:s,authMode:`session-api-key`,sessionApiKey:c}):new t.ConversationClient(a.getAgentServerClientOptions({conversationUrl:o,sessionApiKey:c})).respondToConfirmation(r,s)}static async getEventCount(r,o,s){let c=e.getActiveBackend().backend;return c.kind===`cloud`?i.callCloudProxy({backend:c,method:`GET`,hostOverride:n.buildHttpBaseUrl(o),path:`/api/conversations/${r}/events/count`,authMode:`session-api-key`,sessionApiKey:s}):new t.ConversationClient(a.getAgentServerClientOptions({conversationUrl:o,sessionApiKey:s})).getEventCount(r)}static async searchEvents(t,n,o,s={}){let c=e.getActiveBackend().backend,l=s.limit??100;if(c.kind===`cloud`){let e=Math.min(l,100),n=!!(s.sortOrder||s.pageId||s.timestampGte||s.timestampLt),r=new URLSearchParams;r.set(`limit`,String(e)),s.sortOrder&&r.set(`sort_order`,s.sortOrder),s.pageId&&r.set(`page_id`,s.pageId),s.timestampGte&&r.set(`timestamp__gte`,s.timestampGte),s.timestampLt&&r.set(`timestamp__lt`,s.timestampLt);let a=e=>i.callCloudProxy({backend:c,method:`GET`,path:`/api/v1/conversation/${t}/events/search?${e.toString()}`});try{let e=await a(r);return{items:e?.items??[],next_page_id:e?.next_page_id??null}}catch(e){if(!n)throw e;return console.warn(`[EventService] Cloud backend doesn't support pagination filters. Falling back to initial load only. Server needs OpenHands/OpenHands#14399.`),{items:[],next_page_id:null}}}let u=await new r.RemoteEventsList(a.getAgentServerHttpClientOptions({conversationUrl:n,sessionApiKey:o}),t).search({limit:l,...s.pageId?{page_id:s.pageId}:{},...s.sortOrder?{sort_order:s.sortOrder}:{},...s.timestampGte?{timestamp__gte:s.timestampGte}:{},...s.timestampLt?{timestamp__lt:s.timestampLt}:{}});return{items:u?.items??[],next_page_id:u?.next_page_id??null}}};exports.default=o;
1
+ require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../backend-registry/active-store.cjs`),t=require(`../../node_modules/@openhands/typescript-client/dist/client/conversation-client.cjs`),n=require(`../../utils/websocket-url.cjs`),r=require(`../../node_modules/@openhands/typescript-client/dist/events/remote-events-list.cjs`),i=require(`../agent-server-client-options.cjs`),a=require(`../cloud/proxy.cjs`);var o=class{static async respondToConfirmation(r,o,s,c){let l=e.getActiveBackend().backend;return l.kind===`cloud`?a.callCloudProxy({backend:l,method:`POST`,hostOverride:n.buildHttpBaseUrl(o),path:`/api/conversations/${r}/events/respond_to_confirmation`,body:s,authMode:`session-api-key`,sessionApiKey:c}):new t.ConversationClient(i.getAgentServerClientOptions({conversationUrl:o,sessionApiKey:c})).respondToConfirmation(r,s)}static async getEventCount(r,o,s){let c=e.getActiveBackend().backend;return c.kind===`cloud`?a.callCloudProxy({backend:c,method:`GET`,hostOverride:n.buildHttpBaseUrl(o),path:`/api/conversations/${r}/events/count`,authMode:`session-api-key`,sessionApiKey:s}):new t.ConversationClient(i.getAgentServerClientOptions({conversationUrl:o,sessionApiKey:s})).getEventCount(r)}static async searchEvents(t,n,o,s={}){let c=e.getActiveBackend().backend,l=s.limit??100;if(c.kind===`cloud`){let e=Math.min(l,100),n=!!(s.sortOrder||s.pageId||s.timestampGte||s.timestampLt),r=new URLSearchParams;r.set(`limit`,String(e)),s.sortOrder&&r.set(`sort_order`,s.sortOrder),s.pageId&&r.set(`page_id`,s.pageId),s.timestampGte&&r.set(`timestamp__gte`,s.timestampGte),s.timestampLt&&r.set(`timestamp__lt`,s.timestampLt);let i=e=>a.callCloudProxy({backend:c,method:`GET`,path:`/api/v1/conversation/${t}/events/search?${e.toString()}`});try{let e=await i(r);return{items:e?.items??[],next_page_id:e?.next_page_id??null}}catch(e){if(!n)throw e;return console.warn(`[EventService] Cloud backend doesn't support pagination filters. Falling back to initial load only. Server needs OpenHands/OpenHands#14399.`),{items:[],next_page_id:null}}}let u=await new r.RemoteEventsList(i.getAgentServerHttpClientOptions({conversationUrl:n,sessionApiKey:o}),t).search({limit:l,...s.pageId?{page_id:s.pageId}:{},...s.sortOrder?{sort_order:s.sortOrder}:{},...s.timestampGte?{timestamp__gte:s.timestampGte}:{},...s.timestampLt?{timestamp__lt:s.timestampLt}:{}});return{items:u?.items??[],next_page_id:u?.next_page_id??null}}};exports.default=o;
2
2
  //# sourceMappingURL=event-service.api.cjs.map
package/dist/api/event-service/event-service.api.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"event-service.api.cjs","names":[],"sources":["../../../src/api/event-service/event-service.api.ts"],"sourcesContent":["import { ConversationClient } from \"@openhands/typescript-client/clients\";\nimport { RemoteEventsList } from \"@openhands/typescript-client/events/remote-events-list\";\nimport { OpenHandsEvent } from \"#/types/agent-server/core\";\nimport { buildHttpBaseUrl } from \"#/utils/websocket-url\";\nimport { getActiveBackend } from \"../backend-registry/active-store\";\nimport { callCloudProxy } from \"../cloud/proxy\";\nimport {\n getAgentServerClientOptions,\n getAgentServerHttpClientOptions,\n} from \"../agent-server-client-options\";\nimport type {\n ConfirmationResponseRequest,\n ConfirmationResponseResponse,\n EventSearchOptions,\n EventSearchPage,\n} from \"./event-service.types\";\n\n/**\n * Cloud-mode REST calls are split between two upstream hosts (matching\n * OpenHands' cloud frontend):\n *\n * - **App API** (`backend.host`, default in `callCloudProxy`):\n * event *history* (`/api/v1/conversation/{id}/events/search`).\n * Persisted by the cloud backend — survives the runtime sandbox.\n *\n * - **Runtime sandbox** (extracted from `conversation.conversation_url`\n * and passed as `hostOverride`): live runtime endpoints like\n * `/api/conversations/{id}/events/count` and\n * `/api/conversations/{id}/events/respond_to_confirmation`. Auth on\n * these endpoints is `X-Session-API-Key`, not `Authorization: Bearer`.\n *\n * Both go through the bundled local agent-server's `/api/cloud-proxy`,\n * which sidesteps the cross-origin restrictions that block the GUI at\n * `localhost` from talking directly to either the cloud backend or the runtime.\n *\n * Local mode keeps the existing typescript-client path: it targets the\n * conversation's host directly via typed client classes.\n */\nclass EventService {\n static async respondToConfirmation(\n conversationId: string,\n conversationUrl: string,\n request: ConfirmationResponseRequest,\n sessionApiKey?: string | null,\n ): Promise<ConfirmationResponseResponse> {\n const active = getActiveBackend().backend;\n\n if (active.kind === \"cloud\") {\n return callCloudProxy<ConfirmationResponseResponse>({\n backend: active,\n method: \"POST\",\n hostOverride: buildHttpBaseUrl(conversationUrl),\n path: `/api/conversations/${conversationId}/events/respond_to_confirmation`,\n body: request,\n authMode: \"session-api-key\",\n sessionApiKey,\n });\n }\n\n return new ConversationClient(\n getAgentServerClientOptions({\n conversationUrl,\n sessionApiKey,\n }),\n ).respondToConfirmation<ConfirmationResponseResponse>(\n conversationId,\n request,\n );\n }\n\n static async getEventCount(\n conversationId: string,\n conversationUrl: string,\n sessionApiKey?: string | null,\n ): Promise<number> {\n const active = getActiveBackend().backend;\n\n if (active.kind === \"cloud\") {\n return callCloudProxy<number>({\n backend: active,\n method: \"GET\",\n hostOverride: buildHttpBaseUrl(conversationUrl),\n path: `/api/conversations/${conversationId}/events/count`,\n authMode: \"session-api-key\",\n sessionApiKey,\n });\n }\n\n return new ConversationClient(\n getAgentServerClientOptions({\n conversationUrl,\n sessionApiKey,\n }),\n ).getEventCount(conversationId);\n }\n\n /**\n * Search events for a conversation. Returns the raw page so callers can\n * paginate (via `next_page_id`) and so REST-driven history loading can\n * tell when there are no more older events to load.\n */\n static async searchEvents(\n conversationId: string,\n conversationUrl?: string | null,\n sessionApiKey?: string | null,\n options: EventSearchOptions = {},\n ): Promise<EventSearchPage<OpenHandsEvent>> {\n const active = getActiveBackend().backend;\n const limit = options.limit ?? 100;\n\n if (active.kind === \"cloud\") {\n // Event *history* lives on the cloud App API, not the runtime\n // sandbox. Path is singular `conversation` and v1-prefixed.\n //\n // Full pagination params (sort_order, page_id, timestamp filters)\n // require the server-side fix from OpenHands/OpenHands#14399. If\n // the cloud backend hasn't been updated yet, the timestamp filters\n // trigger a 500 (str-vs-datetime comparison). We attempt the full\n // request first and fall back to a limit-only request on failure.\n const cloudLimit = Math.min(limit, 100);\n const hasFilterParams = !!(\n options.sortOrder ||\n options.pageId ||\n options.timestampGte ||\n options.timestampLt\n );\n\n const params = new URLSearchParams();\n params.set(\"limit\", String(cloudLimit));\n if (options.sortOrder) params.set(\"sort_order\", options.sortOrder);\n if (options.pageId) params.set(\"page_id\", options.pageId);\n if (options.timestampGte)\n params.set(\"timestamp__gte\", options.timestampGte);\n if (options.timestampLt) params.set(\"timestamp__lt\", options.timestampLt);\n\n const doCloudSearch = (searchParams: URLSearchParams) =>\n callCloudProxy<EventSearchPage<OpenHandsEvent>>({\n backend: active,\n method: \"GET\",\n path: `/api/v1/conversation/${conversationId}/events/search?${searchParams.toString()}`,\n });\n\n try {\n const data = await doCloudSearch(params);\n return {\n items: data?.items ?? [],\n next_page_id: data?.next_page_id ?? null,\n };\n } catch (err) {\n if (!hasFilterParams) throw err;\n\n // Server doesn't support timestamp filters yet — stop pagination\n // by returning an empty page so the UI doesn't retry indefinitely.\n // A limit-only fallback would return the same most-recent events\n // already in the store, which get deduped but keep hasMore=true.\n console.warn(\n \"[EventService] Cloud backend doesn't support pagination filters. \" +\n \"Falling back to initial load only. \" +\n \"Server needs OpenHands/OpenHands#14399.\",\n );\n return { items: [], next_page_id: null };\n }\n }\n\n const page = await new RemoteEventsList(\n getAgentServerHttpClientOptions({ conversationUrl, sessionApiKey }),\n conversationId,\n ).search({\n limit,\n ...(options.pageId ? { page_id: options.pageId } : {}),\n ...(options.sortOrder ? { sort_order: options.sortOrder } : {}),\n ...(options.timestampGte ? { timestamp__gte: options.timestampGte } : {}),\n ...(options.timestampLt ? { timestamp__lt: options.timestampLt } : {}),\n });\n\n return {\n items: (page?.items ?? []) as OpenHandsEvent[],\n next_page_id: page?.next_page_id ?? null,\n };\n }\n}\n\nexport default EventService;\n"],"mappings":"oaAsCA,IAAM,EAAN,KAAmB,CACjB,aAAa,sBACX,EACA,EACA,EACA,EACuC,CACvC,IAAM,EAAS,EAAA,kBAAkB,CAAC,QAclC,OAZI,EAAO,OAAS,QACX,EAAA,eAA6C,CAClD,QAAS,EACT,OAAQ,OACR,aAAc,EAAA,iBAAiB,EAAgB,CAC/C,KAAM,sBAAsB,EAAe,iCAC3C,KAAM,EACN,SAAU,kBACV,gBACD,CAAC,CAGG,IAAI,EAAA,mBACT,EAAA,4BAA4B,CAC1B,kBACA,gBACD,CAAC,CACH,CAAC,sBACA,EACA,EACD,CAGH,aAAa,cACX,EACA,EACA,EACiB,CACjB,IAAM,EAAS,EAAA,kBAAkB,CAAC,QAalC,OAXI,EAAO,OAAS,QACX,EAAA,eAAuB,CAC5B,QAAS,EACT,OAAQ,MACR,aAAc,EAAA,iBAAiB,EAAgB,CAC/C,KAAM,sBAAsB,EAAe,eAC3C,SAAU,kBACV,gBACD,CAAC,CAGG,IAAI,EAAA,mBACT,EAAA,4BAA4B,CAC1B,kBACA,gBACD,CAAC,CACH,CAAC,cAAc,EAAe,CAQjC,aAAa,aACX,EACA,EACA,EACA,EAA8B,EAAE,CACU,CAC1C,IAAM,EAAS,EAAA,kBAAkB,CAAC,QAC5B,EAAQ,EAAQ,OAAS,IAE/B,GAAI,EAAO,OAAS,QAAS,CAS3B,IAAM,EAAa,KAAK,IAAI,EAAO,IAAI,CACjC,EAAkB,CAAC,EACvB,EAAQ,WACR,EAAQ,QACR,EAAQ,cACR,EAAQ,aAGJ,EAAS,IAAI,gBACnB,EAAO,IAAI,QAAS,OAAO,EAAW,CAAC,CACnC,EAAQ,WAAW,EAAO,IAAI,aAAc,EAAQ,UAAU,CAC9D,EAAQ,QAAQ,EAAO,IAAI,UAAW,EAAQ,OAAO,CACrD,EAAQ,cACV,EAAO,IAAI,iBAAkB,EAAQ,aAAa,CAChD,EAAQ,aAAa,EAAO,IAAI,gBAAiB,EAAQ,YAAY,CAEzE,IAAM,EAAiB,GACrB,EAAA,eAAgD,CAC9C,QAAS,EACT,OAAQ,MACR,KAAM,wBAAwB,EAAe,iBAAiB,EAAa,UAAU,GACtF,CAAC,CAEJ,GAAI,CACF,IAAM,EAAO,MAAM,EAAc,EAAO,CACxC,MAAO,CACL,MAAO,GAAM,OAAS,EAAE,CACxB,aAAc,GAAM,cAAgB,KACrC,OACM,EAAK,CACZ,GAAI,CAAC,EAAiB,MAAM,EAW5B,OALA,QAAQ,KACN,8IAGD,CACM,CAAE,MAAO,EAAE,CAAE,aAAc,KAAM,EAI5C,IAAM,EAAO,MAAM,IAAI,EAAA,iBACrB,EAAA,gCAAgC,CAAE,kBAAiB,gBAAe,CAAC,CACnE,EACD,CAAC,OAAO,CACP,QACA,GAAI,EAAQ,OAAS,CAAE,QAAS,EAAQ,OAAQ,CAAG,EAAE,CACrD,GAAI,EAAQ,UAAY,CAAE,WAAY,EAAQ,UAAW,CAAG,EAAE,CAC9D,GAAI,EAAQ,aAAe,CAAE,eAAgB,EAAQ,aAAc,CAAG,EAAE,CACxE,GAAI,EAAQ,YAAc,CAAE,cAAe,EAAQ,YAAa,CAAG,EAAE,CACtE,CAAC,CAEF,MAAO,CACL,MAAQ,GAAM,OAAS,EAAE,CACzB,aAAc,GAAM,cAAgB,KACrC"}
1
+ {"version":3,"file":"event-service.api.cjs","names":[],"sources":["../../../src/api/event-service/event-service.api.ts"],"sourcesContent":["import { ConversationClient } from \"@openhands/typescript-client/clients\";\nimport { RemoteEventsList } from \"@openhands/typescript-client/events/remote-events-list\";\nimport { OpenHandsEvent } from \"#/types/agent-server/core\";\nimport { buildHttpBaseUrl } from \"#/utils/websocket-url\";\nimport { getActiveBackend } from \"../backend-registry/active-store\";\nimport { callCloudProxy } from \"../cloud/proxy\";\nimport {\n getAgentServerClientOptions,\n getAgentServerHttpClientOptions,\n} from \"../agent-server-client-options\";\nimport type {\n ConfirmationResponseRequest,\n ConfirmationResponseResponse,\n EventSearchOptions,\n EventSearchPage,\n} from \"./event-service.types\";\n\n/**\n * Cloud-mode REST calls are split between two upstream hosts (matching\n * OpenHands' cloud frontend):\n *\n * - **App API** (`backend.host`, default in `callCloudProxy`):\n * event *history* (`/api/v1/conversation/{id}/events/search`).\n * Persisted by the cloud backend — survives the runtime sandbox.\n *\n * - **Runtime sandbox** (extracted from `conversation.conversation_url`\n * and passed as `hostOverride`): live runtime endpoints like\n * `/api/conversations/{id}/events/count` and\n * `/api/conversations/{id}/events/respond_to_confirmation`. Auth on\n * these endpoints is `X-Session-API-Key`, not `Authorization: Bearer`.\n *\n * App API calls go directly to the cloud backend with bearer auth. Runtime\n * sandbox calls go through `/api/cloud-proxy`, which avoids depending on CORS\n * for per-conversation runtime hosts.\n *\n * Local mode keeps the existing typescript-client path: it targets the\n * conversation's host directly via typed client classes.\n */\nclass EventService {\n static async respondToConfirmation(\n conversationId: string,\n conversationUrl: string,\n request: ConfirmationResponseRequest,\n sessionApiKey?: string | null,\n ): Promise<ConfirmationResponseResponse> {\n const active = getActiveBackend().backend;\n\n if (active.kind === \"cloud\") {\n return callCloudProxy<ConfirmationResponseResponse>({\n backend: active,\n method: \"POST\",\n hostOverride: buildHttpBaseUrl(conversationUrl),\n path: `/api/conversations/${conversationId}/events/respond_to_confirmation`,\n body: request,\n authMode: \"session-api-key\",\n sessionApiKey,\n });\n }\n\n return new ConversationClient(\n getAgentServerClientOptions({\n conversationUrl,\n sessionApiKey,\n }),\n ).respondToConfirmation<ConfirmationResponseResponse>(\n conversationId,\n request,\n );\n }\n\n static async getEventCount(\n conversationId: string,\n conversationUrl: string,\n sessionApiKey?: string | null,\n ): Promise<number> {\n const active = getActiveBackend().backend;\n\n if (active.kind === \"cloud\") {\n return callCloudProxy<number>({\n backend: active,\n method: \"GET\",\n hostOverride: buildHttpBaseUrl(conversationUrl),\n path: `/api/conversations/${conversationId}/events/count`,\n authMode: \"session-api-key\",\n sessionApiKey,\n });\n }\n\n return new ConversationClient(\n getAgentServerClientOptions({\n conversationUrl,\n sessionApiKey,\n }),\n ).getEventCount(conversationId);\n }\n\n /**\n * Search events for a conversation. Returns the raw page so callers can\n * paginate (via `next_page_id`) and so REST-driven history loading can\n * tell when there are no more older events to load.\n */\n static async searchEvents(\n conversationId: string,\n conversationUrl?: string | null,\n sessionApiKey?: string | null,\n options: EventSearchOptions = {},\n ): Promise<EventSearchPage<OpenHandsEvent>> {\n const active = getActiveBackend().backend;\n const limit = options.limit ?? 100;\n\n if (active.kind === \"cloud\") {\n // Event *history* lives on the cloud App API, not the runtime\n // sandbox. Path is singular `conversation` and v1-prefixed.\n //\n // Full pagination params (sort_order, page_id, timestamp filters)\n // require the server-side fix from OpenHands/OpenHands#14399. If\n // the cloud backend hasn't been updated yet, the timestamp filters\n // trigger a 500 (str-vs-datetime comparison). We attempt the full\n // request first and fall back to a limit-only request on failure.\n const cloudLimit = Math.min(limit, 100);\n const hasFilterParams = !!(\n options.sortOrder ||\n options.pageId ||\n options.timestampGte ||\n options.timestampLt\n );\n\n const params = new URLSearchParams();\n params.set(\"limit\", String(cloudLimit));\n if (options.sortOrder) params.set(\"sort_order\", options.sortOrder);\n if (options.pageId) params.set(\"page_id\", options.pageId);\n if (options.timestampGte)\n params.set(\"timestamp__gte\", options.timestampGte);\n if (options.timestampLt) params.set(\"timestamp__lt\", options.timestampLt);\n\n const doCloudSearch = (searchParams: URLSearchParams) =>\n callCloudProxy<EventSearchPage<OpenHandsEvent>>({\n backend: active,\n method: \"GET\",\n path: `/api/v1/conversation/${conversationId}/events/search?${searchParams.toString()}`,\n });\n\n try {\n const data = await doCloudSearch(params);\n return {\n items: data?.items ?? [],\n next_page_id: data?.next_page_id ?? null,\n };\n } catch (err) {\n if (!hasFilterParams) throw err;\n\n // Server doesn't support timestamp filters yet — stop pagination\n // by returning an empty page so the UI doesn't retry indefinitely.\n // A limit-only fallback would return the same most-recent events\n // already in the store, which get deduped but keep hasMore=true.\n console.warn(\n \"[EventService] Cloud backend doesn't support pagination filters. \" +\n \"Falling back to initial load only. \" +\n \"Server needs OpenHands/OpenHands#14399.\",\n );\n return { items: [], next_page_id: null };\n }\n }\n\n const page = await new RemoteEventsList(\n getAgentServerHttpClientOptions({ conversationUrl, sessionApiKey }),\n conversationId,\n ).search({\n limit,\n ...(options.pageId ? { page_id: options.pageId } : {}),\n ...(options.sortOrder ? { sort_order: options.sortOrder } : {}),\n ...(options.timestampGte ? { timestamp__gte: options.timestampGte } : {}),\n ...(options.timestampLt ? { timestamp__lt: options.timestampLt } : {}),\n });\n\n return {\n items: (page?.items ?? []) as OpenHandsEvent[],\n next_page_id: page?.next_page_id ?? null,\n };\n }\n}\n\nexport default EventService;\n"],"mappings":"oaAsCA,IAAM,EAAN,KAAmB,CACjB,aAAa,sBACX,EACA,EACA,EACA,EACuC,CACvC,IAAM,EAAS,EAAA,kBAAkB,CAAC,QAclC,OAZI,EAAO,OAAS,QACX,EAAA,eAA6C,CAClD,QAAS,EACT,OAAQ,OACR,aAAc,EAAA,iBAAiB,EAAgB,CAC/C,KAAM,sBAAsB,EAAe,iCAC3C,KAAM,EACN,SAAU,kBACV,gBACD,CAAC,CAGG,IAAI,EAAA,mBACT,EAAA,4BAA4B,CAC1B,kBACA,gBACD,CAAC,CACH,CAAC,sBACA,EACA,EACD,CAGH,aAAa,cACX,EACA,EACA,EACiB,CACjB,IAAM,EAAS,EAAA,kBAAkB,CAAC,QAalC,OAXI,EAAO,OAAS,QACX,EAAA,eAAuB,CAC5B,QAAS,EACT,OAAQ,MACR,aAAc,EAAA,iBAAiB,EAAgB,CAC/C,KAAM,sBAAsB,EAAe,eAC3C,SAAU,kBACV,gBACD,CAAC,CAGG,IAAI,EAAA,mBACT,EAAA,4BAA4B,CAC1B,kBACA,gBACD,CAAC,CACH,CAAC,cAAc,EAAe,CAQjC,aAAa,aACX,EACA,EACA,EACA,EAA8B,EAAE,CACU,CAC1C,IAAM,EAAS,EAAA,kBAAkB,CAAC,QAC5B,EAAQ,EAAQ,OAAS,IAE/B,GAAI,EAAO,OAAS,QAAS,CAS3B,IAAM,EAAa,KAAK,IAAI,EAAO,IAAI,CACjC,EAAkB,CAAC,EACvB,EAAQ,WACR,EAAQ,QACR,EAAQ,cACR,EAAQ,aAGJ,EAAS,IAAI,gBACnB,EAAO,IAAI,QAAS,OAAO,EAAW,CAAC,CACnC,EAAQ,WAAW,EAAO,IAAI,aAAc,EAAQ,UAAU,CAC9D,EAAQ,QAAQ,EAAO,IAAI,UAAW,EAAQ,OAAO,CACrD,EAAQ,cACV,EAAO,IAAI,iBAAkB,EAAQ,aAAa,CAChD,EAAQ,aAAa,EAAO,IAAI,gBAAiB,EAAQ,YAAY,CAEzE,IAAM,EAAiB,GACrB,EAAA,eAAgD,CAC9C,QAAS,EACT,OAAQ,MACR,KAAM,wBAAwB,EAAe,iBAAiB,EAAa,UAAU,GACtF,CAAC,CAEJ,GAAI,CACF,IAAM,EAAO,MAAM,EAAc,EAAO,CACxC,MAAO,CACL,MAAO,GAAM,OAAS,EAAE,CACxB,aAAc,GAAM,cAAgB,KACrC,OACM,EAAK,CACZ,GAAI,CAAC,EAAiB,MAAM,EAW5B,OALA,QAAQ,KACN,8IAGD,CACM,CAAE,MAAO,EAAE,CAAE,aAAc,KAAM,EAI5C,IAAM,EAAO,MAAM,IAAI,EAAA,iBACrB,EAAA,gCAAgC,CAAE,kBAAiB,gBAAe,CAAC,CACnE,EACD,CAAC,OAAO,CACP,QACA,GAAI,EAAQ,OAAS,CAAE,QAAS,EAAQ,OAAQ,CAAG,EAAE,CACrD,GAAI,EAAQ,UAAY,CAAE,WAAY,EAAQ,UAAW,CAAG,EAAE,CAC9D,GAAI,EAAQ,aAAe,CAAE,eAAgB,EAAQ,aAAc,CAAG,EAAE,CACxE,GAAI,EAAQ,YAAc,CAAE,cAAe,EAAQ,YAAa,CAAG,EAAE,CACtE,CAAC,CAEF,MAAO,CACL,MAAQ,GAAM,OAAS,EAAE,CACzB,aAAc,GAAM,cAAgB,KACrC"}
package/dist/api/event-service/event-service.api.d.ts CHANGED
@@ -14,9 +14,9 @@ import type { ConfirmationResponseRequest, ConfirmationResponseResponse, EventSe
14
14
  * `/api/conversations/{id}/events/respond_to_confirmation`. Auth on
15
15
  * these endpoints is `X-Session-API-Key`, not `Authorization: Bearer`.
16
16
  *
17
- * Both go through the bundled local agent-server's `/api/cloud-proxy`,
18
- * which sidesteps the cross-origin restrictions that block the GUI at
19
- * `localhost` from talking directly to either the cloud backend or the runtime.
17
+ * App API calls go directly to the cloud backend with bearer auth. Runtime
18
+ * sandbox calls go through `/api/cloud-proxy`, which avoids depending on CORS
19
+ * for per-conversation runtime hosts.
20
20
  *
21
21
  * Local mode keeps the existing typescript-client path: it targets the
22
22
  * conversation's host directly via typed client classes.