@xopcai/xopc 0.0.90 → 0.0.91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (290) hide show
  1. package/README.md +36 -12
  2. package/README.zh-CN.md +36 -12
  3. package/dist/browser-ext/manifest.json +1 -1
  4. package/dist/extensions/feishu/src/outbound/media-load.js +1 -1
  5. package/dist/extensions/feishu/src/workflow-progress.js +1 -1
  6. package/dist/extensions/telegram/src/plugin.js +1 -1
  7. package/dist/extensions/telegram/src/routing-integration.js +2 -2
  8. package/dist/extensions/telegram/src/workflow-progress.js +1 -1
  9. package/dist/extensions/telegram/xopc.extension.json +1 -1
  10. package/dist/extensions/weixin/src/api/api.js +2 -2
  11. package/dist/extensions/weixin/src/auth/accounts.js +1 -1
  12. package/dist/extensions/weixin/src/cdn/upload.js +1 -1
  13. package/dist/extensions/weixin/src/media/data-url.js +1 -1
  14. package/dist/extensions/weixin/src/messaging/debug-mode.js +1 -1
  15. package/dist/extensions/weixin/src/messaging/inbound.js +1 -1
  16. package/dist/extensions/weixin/src/messaging/process-message.js +1 -1
  17. package/dist/extensions/weixin/src/plugin.js +1 -1
  18. package/dist/extensions/weixin/src/storage/sync-buf.js +1 -1
  19. package/dist/extensions/weixin/src/workflow-progress.js +1 -1
  20. package/dist/gateway/static/root/assets/Combination-HAlzriaz.js +41 -0
  21. package/dist/gateway/static/root/assets/agents-bVWUlrlD.js +222 -0
  22. package/dist/gateway/static/root/assets/apps-page-CIC8bmvZ.js +1 -0
  23. package/dist/gateway/static/root/assets/{attachment-preview-renderer-CpyoFbs4.js → attachment-preview-renderer-DBAxQXb-.js} +2 -2
  24. package/dist/gateway/static/root/assets/{attachment-process-heavy-CqVriadb.js → attachment-process-heavy-Csq3TrrP.js} +4 -4
  25. package/dist/gateway/static/root/assets/channels-settings-C8G8RAAP.js +1 -0
  26. package/dist/gateway/static/root/assets/{channels-status-swr-BrtH2VzC.js → channels-status-swr-CYWL5DLD.js} +1 -1
  27. package/dist/gateway/static/root/assets/copy-Dv6d4Dvw.js +1 -0
  28. package/dist/gateway/static/root/assets/{cron-api-CyqbgfHM.js → cron-api-TVqLlGAC.js} +1 -1
  29. package/dist/gateway/static/root/assets/cron-page-BtcFYlvv.js +1 -0
  30. package/dist/gateway/static/root/assets/dist-CUV1uY5f.js +1 -0
  31. package/dist/gateway/static/root/assets/{extension-debug-page-D6Ak0STa.js → extension-debug-page-mTLHRDp1.js} +1 -1
  32. package/dist/gateway/static/root/assets/{extension-page-Q0P3d6DW.js → extension-page-iI8BI7WK.js} +1 -1
  33. package/dist/gateway/static/root/assets/{extension-settings-page-CL55LwU_.js → extension-settings-page-ByXcdubM.js} +1 -1
  34. package/dist/gateway/static/root/assets/{fetch-Dqa9iTWl.js → fetch-BWtQq_Ys.js} +1 -1
  35. package/dist/gateway/static/root/assets/{field-primitives-HUR6JElP.js → field-primitives-BsZ-4VT5.js} +1 -1
  36. package/dist/gateway/static/root/assets/{heartbeat-config-api-DusckjUX.js → heartbeat-config-api-WjTsRLCU.js} +1 -1
  37. package/dist/gateway/static/root/assets/{index-BYcGfwcE.js → index-CKkR-v9U.js} +85 -81
  38. package/dist/gateway/static/root/assets/index-VlELBY99.css +1 -0
  39. package/dist/gateway/static/root/assets/logs-page-ClnIpxfd.js +1 -0
  40. package/dist/gateway/static/root/assets/note-detail-page-B91pLkEI.css +1 -0
  41. package/dist/gateway/static/root/assets/note-detail-page-DJ2Mb4x7.js +179 -0
  42. package/dist/gateway/static/root/assets/note-time-JLBPSLzK.js +1 -0
  43. package/dist/gateway/static/root/assets/notes-page-BE-75qz9.js +1 -0
  44. package/dist/gateway/static/root/assets/{pdf-BnEvgIXZ.js → pdf-epILhEOn.js} +1 -1
  45. package/dist/gateway/static/root/assets/preload-helper-zJ_50EbN.js +1 -0
  46. package/dist/gateway/static/root/assets/sessions-page-bJJkWtTl.js +1 -0
  47. package/dist/gateway/static/root/assets/{settings-form-section-a0qGVOlr.js → settings-form-section-DSYCknxM.js} +1 -1
  48. package/dist/gateway/static/root/assets/settings-page-WcMXLq2U.js +3 -0
  49. package/dist/gateway/static/root/assets/share-preview-page-awRqs4hV.js +2 -0
  50. package/dist/gateway/static/root/assets/skills-page-Lu-i1JG7.js +2 -0
  51. package/dist/gateway/static/root/assets/{theme-store-C0Ehmdo5.js → theme-store-BC-42BoZ.js} +1 -1
  52. package/dist/gateway/static/root/assets/toast-z0toXu32.js +1 -0
  53. package/dist/gateway/static/root/assets/url-CY1RQKTU.js +3 -0
  54. package/dist/gateway/static/root/assets/{utils-DRQryzdn.js → utils-DX3TQuap.js} +1 -1
  55. package/dist/gateway/static/root/assets/vendor-codemirror-DYoKfS8f.js +45 -0
  56. package/dist/gateway/static/root/assets/{voice-api-key-field-D0viACE2.js → voice-api-key-field-B5uKlDqA.js} +1 -1
  57. package/dist/gateway/static/root/assets/{workflow-page.utils-DnG8JBhV.js → workflow-page.utils-ClC37yEp.js} +1 -1
  58. package/dist/gateway/static/root/assets/workflows-page-C7VhIXtR.js +27 -0
  59. package/dist/gateway/static/root/index.html +10 -8
  60. package/dist/package.js +1 -1
  61. package/dist/src/agent/agent-manager.js +7 -7
  62. package/dist/src/agent/agent-scope.js +1 -1
  63. package/dist/src/agent/bootstrap/load-bootstrap-files.js +1 -1
  64. package/dist/src/agent/context/workspace-seed.js +2 -2
  65. package/dist/src/agent/goals/goal-run-store.js +4 -4
  66. package/dist/src/agent/goals/persistent-goal-service.js +1 -1
  67. package/dist/src/agent/goals/post-turn.js +2 -2
  68. package/dist/src/agent/image/load-image-media.js +2 -2
  69. package/dist/src/agent/ipc/bus.js +1 -1
  70. package/dist/src/agent/ipc/inbox.js +2 -2
  71. package/dist/src/agent/ipc/socket.js +1 -1
  72. package/dist/src/agent/mcp/bundle-mcp-materialize.js +1 -1
  73. package/dist/src/agent/mcp/bundle-mcp-runtime.js +1 -1
  74. package/dist/src/agent/mcp/mcp-transport-config.js +1 -1
  75. package/dist/src/agent/mcp/mcp-transport.js +1 -1
  76. package/dist/src/agent/memory/builtin-memory-store.js +1 -1
  77. package/dist/src/agent/memory/dreaming/deep-promotion.js +1 -1
  78. package/dist/src/agent/memory/dreaming/events.js +1 -1
  79. package/dist/src/agent/memory/dreaming/last-run.js +1 -1
  80. package/dist/src/agent/memory/dreaming/light-sweep.js +1 -1
  81. package/dist/src/agent/memory/dreaming/preview.js +1 -1
  82. package/dist/src/agent/memory/dreaming/rem-patterns.js +1 -1
  83. package/dist/src/agent/memory/dreaming/short-term-store.js +1 -1
  84. package/dist/src/agent/memory/dreaming/utils.js +1 -1
  85. package/dist/src/agent/memory/plugin-discovery.js +1 -1
  86. package/dist/src/agent/models/manager.js +1 -1
  87. package/dist/src/agent/prompt/service-prompt-builder.js +2 -2
  88. package/dist/src/agent/reply/post-compaction-context.js +1 -1
  89. package/dist/src/agent/reply/workspace-boundary-read.js +1 -1
  90. package/dist/src/agent/sandbox/path-policy.js +2 -2
  91. package/dist/src/agent/service/build-direct-message-content.js +1 -1
  92. package/dist/src/agent/service.js +4 -4
  93. package/dist/src/agent/session/session-inspector.js +1 -1
  94. package/dist/src/agent/skills/config.js +1 -1
  95. package/dist/src/agent/skills/hub-hash.js +2 -2
  96. package/dist/src/agent/skills/hub-lock.js +1 -1
  97. package/dist/src/agent/skills/hub-pull.js +2 -2
  98. package/dist/src/agent/skills/index.js +1 -1
  99. package/dist/src/agent/skills/managed-store.js +1 -1
  100. package/dist/src/agent/skills/scanner.js +1 -1
  101. package/dist/src/agent/skills/skill-manage-ops.js +1 -1
  102. package/dist/src/agent/skills/skill-manager.js +1 -1
  103. package/dist/src/agent/tools/dreaming-tool.js +1 -1
  104. package/dist/src/agent/tools/factory.js +1 -1
  105. package/dist/src/agent/tools/image-generate-tool.js +1 -1
  106. package/dist/src/agent/tools/send-media.js +1 -1
  107. package/dist/src/agent/tools/skill-manage-tool.js +1 -1
  108. package/dist/src/agent/tools/workflow-tool.js +1 -1
  109. package/dist/src/agent/tools/write.js +1 -1
  110. package/dist/src/agent/workflow/catalog.js +1 -1
  111. package/dist/src/auth/credentials.js +3 -3
  112. package/dist/src/auth/profiles/store.js +1 -1
  113. package/dist/src/auth/sync-provider-auth.js +1 -1
  114. package/dist/src/browser/cache-dir-policy.js +1 -1
  115. package/dist/src/browser/cdp-local-launcher.js +2 -2
  116. package/dist/src/browser/providers/browser-ext-install.js +3 -3
  117. package/dist/src/browser/providers/cloakbrowser.js +4 -4
  118. package/dist/src/browser/providers/playwright-doctor.js +1 -1
  119. package/dist/src/browser/stealth.js +1 -1
  120. package/dist/src/channels/attachments/inbound-persist.js +1 -1
  121. package/dist/src/channels/attachments/outbound-tts-persist.js +1 -1
  122. package/dist/src/channels/outbound/persist-store.js +1 -1
  123. package/dist/src/channels/pairing/allow-from-file.js +1 -1
  124. package/dist/src/channels/pairing/pairing-store.js +2 -2
  125. package/dist/src/chat-commands/agent-edit.js +2 -2
  126. package/dist/src/chat-commands/builtins/config.js +2 -2
  127. package/dist/src/chat-commands/context.js +1 -1
  128. package/dist/src/cli/commands/config.js +1 -1
  129. package/dist/src/cli/commands/doctor/checks/config-health.js +1 -1
  130. package/dist/src/cli/commands/doctor/checks/provider-auth.js +1 -1
  131. package/dist/src/cli/commands/doctor/checks/session-integrity.js +2 -2
  132. package/dist/src/cli/commands/doctor/checks/state-integrity.js +1 -1
  133. package/dist/src/cli/commands/doctor/checks/workspace-status.js +1 -1
  134. package/dist/src/cli/commands/extension-dev.js +1 -1
  135. package/dist/src/cli/commands/extension-marketplace.js +1 -1
  136. package/dist/src/cli/commands/extension-pack.js +1 -1
  137. package/dist/src/cli/commands/gateway/logs.js +1 -1
  138. package/dist/src/cli/commands/image.js +1 -1
  139. package/dist/src/cli/commands/init.js +4 -4
  140. package/dist/src/cli/commands/onboard.js +1 -1
  141. package/dist/src/cli/utils/init-workspace-core.js +2 -2
  142. package/dist/src/commands/agents.config.js +1 -1
  143. package/dist/src/config/agent-profile.js +1 -1
  144. package/dist/src/config/gateway-bind.js +1 -1
  145. package/dist/src/config/index.js +5 -5
  146. package/dist/src/config/loader.js +2 -2
  147. package/dist/src/config/models-json.js +2 -2
  148. package/dist/src/config/paths-state.js +1 -1
  149. package/dist/src/config/profile.js +2 -2
  150. package/dist/src/config/workspace-path.js +1 -1
  151. package/dist/src/cron/executor.js +2 -2
  152. package/dist/src/cron/persistence.js +1 -1
  153. package/dist/src/cron/run-log-store.js +1 -1
  154. package/dist/src/daemon/constants.js +1 -1
  155. package/dist/src/daemon/install-plan.js +2 -2
  156. package/dist/src/daemon/launchd.js +2 -2
  157. package/dist/src/daemon/schtasks.js +2 -2
  158. package/dist/src/daemon/systemd.js +2 -2
  159. package/dist/src/extensions/bundle-mcp.js +1 -1
  160. package/dist/src/extensions/discover-extensions.js +1 -1
  161. package/dist/src/extensions/health.js +1 -1
  162. package/dist/src/extensions/loader.js +1 -1
  163. package/dist/src/extensions/lockfile.js +2 -2
  164. package/dist/src/extensions/update.js +1 -1
  165. package/dist/src/gateway/agents-admin.js +3 -3
  166. package/dist/src/gateway/file-path-classifier.js +2 -2
  167. package/dist/src/gateway/hono/lib/config-payload.d.ts +1 -0
  168. package/dist/src/gateway/hono/lib/config-payload.js +2 -1
  169. package/dist/src/gateway/hono/lib/config-payload.js.map +1 -1
  170. package/dist/src/gateway/hono/lib/extension-store.js +2 -2
  171. package/dist/src/gateway/hono/lib/static-ui.js +2 -2
  172. package/dist/src/gateway/hono/middleware/auth.js +1 -2
  173. package/dist/src/gateway/hono/middleware/auth.js.map +1 -1
  174. package/dist/src/gateway/hono/oauth.js +1 -1
  175. package/dist/src/gateway/hono/routes/agents.js +1 -1
  176. package/dist/src/gateway/hono/routes/auth-registry-extensions.js +1 -1
  177. package/dist/src/gateway/hono/routes/config-patch/gateway.d.ts +2 -2
  178. package/dist/src/gateway/hono/routes/config-patch/gateway.js +12 -0
  179. package/dist/src/gateway/hono/routes/config-patch/gateway.js.map +1 -1
  180. package/dist/src/gateway/hono/routes/config-patch/misc.js +1 -1
  181. package/dist/src/gateway/hono/routes/dreaming.js +1 -1
  182. package/dist/src/gateway/hono/routes/host-fs.js +2 -2
  183. package/dist/src/gateway/hono/routes/lazy-bundles.js +8 -0
  184. package/dist/src/gateway/hono/routes/lazy-bundles.js.map +1 -1
  185. package/dist/src/gateway/hono/routes/models.js +1 -1
  186. package/dist/src/gateway/hono/routes/notes.d.ts +3 -0
  187. package/dist/src/gateway/hono/routes/notes.js +274 -0
  188. package/dist/src/gateway/hono/routes/notes.js.map +1 -0
  189. package/dist/src/gateway/hono/routes/sessions.js.map +1 -1
  190. package/dist/src/gateway/hono/routes/shares.js +1 -1
  191. package/dist/src/gateway/hono/routes/workspace.js +4 -4
  192. package/dist/src/gateway/lock.js +3 -3
  193. package/dist/src/gateway/ports.js +1 -1
  194. package/dist/src/gateway/service/agent-runner.js +2 -2
  195. package/dist/src/gateway/service/marketplace-service.js +2 -2
  196. package/dist/src/gateway/service.d.ts +3 -0
  197. package/dist/src/gateway/service.js +11 -1
  198. package/dist/src/gateway/service.js.map +1 -1
  199. package/dist/src/gateway/workspace-fs-file-list.js +1 -1
  200. package/dist/src/gateway/workspace-ripgrep.d.ts +6 -0
  201. package/dist/src/gateway/workspace-ripgrep.js +62 -11
  202. package/dist/src/gateway/workspace-ripgrep.js.map +1 -1
  203. package/dist/src/infra/brew.js +1 -1
  204. package/dist/src/infra/package-json.js +1 -1
  205. package/dist/src/infra/package-update-steps.js +1 -1
  206. package/dist/src/infra/path-env.js +2 -2
  207. package/dist/src/infra/restart.js +2 -2
  208. package/dist/src/infra/stable-node-path.js +1 -1
  209. package/dist/src/infra/update-check.js +1 -1
  210. package/dist/src/infra/update-global.js +1 -1
  211. package/dist/src/infra/update-lock.js +3 -3
  212. package/dist/src/infra/update-runner.js +1 -1
  213. package/dist/src/infra/update-startup.js +2 -2
  214. package/dist/src/infra/write-file-atomic.js +2 -2
  215. package/dist/src/notes/attachment-ref.d.ts +9 -0
  216. package/dist/src/notes/attachment-ref.js +27 -0
  217. package/dist/src/notes/attachment-ref.js.map +1 -0
  218. package/dist/src/notes/index.d.ts +4 -0
  219. package/dist/src/notes/index.js +4 -0
  220. package/dist/src/notes/note-attachment-sync.d.ts +7 -0
  221. package/dist/src/notes/note-attachment-sync.js +46 -0
  222. package/dist/src/notes/note-attachment-sync.js.map +1 -0
  223. package/dist/src/notes/note-index-meta.d.ts +14 -0
  224. package/dist/src/notes/note-index-meta.js +87 -0
  225. package/dist/src/notes/note-index-meta.js.map +1 -0
  226. package/dist/src/notes/paths.d.ts +5 -0
  227. package/dist/src/notes/paths.js +23 -0
  228. package/dist/src/notes/paths.js.map +1 -0
  229. package/dist/src/notes/service.d.ts +42 -0
  230. package/dist/src/notes/service.js +331 -0
  231. package/dist/src/notes/service.js.map +1 -0
  232. package/dist/src/notes/store.d.ts +33 -0
  233. package/dist/src/notes/store.js +317 -0
  234. package/dist/src/notes/store.js.map +1 -0
  235. package/dist/src/notes/types.d.ts +162 -0
  236. package/dist/src/notes/types.js +1 -0
  237. package/dist/src/providers/auth-runtime/auth-profile-store.js +1 -1
  238. package/dist/src/providers/index.js +2 -2
  239. package/dist/src/providers/model-registry.js +1 -1
  240. package/dist/src/session/config-store.js +2 -2
  241. package/dist/src/session/init-session-turn.js +2 -2
  242. package/dist/src/session/parity/jsonl-transcript-io.js +2 -2
  243. package/dist/src/session/parity/sessions-json-file.js +1 -1
  244. package/dist/src/session/parity/transcript-file-lock.js +2 -2
  245. package/dist/src/session/parity/transcript-paths.js +1 -1
  246. package/dist/src/session/resolve-session.js +4 -4
  247. package/dist/src/session/search-index-cache.js +1 -1
  248. package/dist/src/session/search-index.js +1 -1
  249. package/dist/src/session/session-title.js +2 -2
  250. package/dist/src/session/store.js +6 -6
  251. package/dist/src/share/share-auto.js +2 -2
  252. package/dist/src/share/share-store.js +3 -3
  253. package/dist/src/share/share-thumbnail.js +2 -2
  254. package/dist/src/share/share-zip.js +1 -1
  255. package/dist/src/share/site-share-store.js +3 -3
  256. package/dist/src/share/site-static-serve.js +1 -1
  257. package/dist/src/tui/clipboard-image.js +3 -3
  258. package/dist/src/tui/theme-manager.js +1 -1
  259. package/dist/src/tui/tui-keybindings-file.js +1 -1
  260. package/dist/src/tui/tui-scoped-models.js +2 -2
  261. package/dist/src/tui/tui-settings.js +1 -1
  262. package/dist/src/tui/tui.js +3 -3
  263. package/dist/src/tunnel/frpc-binary.js +3 -3
  264. package/dist/src/tunnel/frpc-config.js +1 -1
  265. package/dist/src/tunnel/frpc-extract.js +1 -1
  266. package/dist/src/tunnel/tunnel-state.js +1 -1
  267. package/dist/src/utils/logger/audit.js +1 -1
  268. package/dist/src/utils/logger/log-store.js +1 -1
  269. package/dist/src/utils/logger/rotation.js +1 -1
  270. package/dist/src/voice/tts/audio.js +1 -1
  271. package/dist/src/voice/tts/providers/edge-speech.js +2 -2
  272. package/dist/src/workflows/store/event-store.js +1 -1
  273. package/dist/src/workflows/store/run-store.js +1 -1
  274. package/package.json +1 -1
  275. package/dist/gateway/static/root/assets/agents-cPvvYLXo.js +0 -222
  276. package/dist/gateway/static/root/assets/apps-page-Bk1_P5FJ.js +0 -1
  277. package/dist/gateway/static/root/assets/channels-settings-CZoeQwHz.js +0 -1
  278. package/dist/gateway/static/root/assets/cron-page-BpLdiQN8.js +0 -1
  279. package/dist/gateway/static/root/assets/dist-BTWC-BTN.js +0 -45
  280. package/dist/gateway/static/root/assets/dist-BpAiK86n.js +0 -1
  281. package/dist/gateway/static/root/assets/eye-DAfL1U7M.js +0 -1
  282. package/dist/gateway/static/root/assets/index-V7MQ7834.css +0 -1
  283. package/dist/gateway/static/root/assets/logs-page-_HcZ2fgK.js +0 -1
  284. package/dist/gateway/static/root/assets/sessions-page-iezSMjho.js +0 -1
  285. package/dist/gateway/static/root/assets/settings-page-C9_nYQwM.js +0 -3
  286. package/dist/gateway/static/root/assets/share-preview-page-DExl7CJy.js +0 -2
  287. package/dist/gateway/static/root/assets/skills-page-BlgGD93t.js +0 -2
  288. package/dist/gateway/static/root/assets/url-fxyYANfA.js +0 -3
  289. package/dist/gateway/static/root/assets/vendor-codemirror-D0yxdRpg.js +0 -58
  290. package/dist/gateway/static/root/assets/workflows-page-BvMobnJP.js +0 -27
package/dist/src/gateway/hono/middleware/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/auth.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport type { GatewayAuthConfig } from '../../../config/schema.js';\nimport type { ResolvedGatewayAuth } from '../../auth.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport {\n authPolicyConfig,\n buckets,\n isAuthRateLimitGloballyDisabled,\n resolveAuthRateLimit,\n resolveAuthTracking,\n type ResolvedAuthRateLimitConfig,\n} from '../../rate-limit/index.js';\nimport { getClientIpFromHeaders } from '../../security/loopback.js';\nimport { safeEqualSecret } from '../../security/secret-equal.js';\nimport { authorizeTrustedProxy } from '../../trusted-proxy.js';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('Hono:Auth');\n\nexport interface AuthConfig {\n token?: string;\n /** Current gateway auth from config (for rate-limit settings); optional. */\n getGatewayAuth?: () => GatewayAuthConfig | undefined;\n getResolvedAuth?: () => ResolvedGatewayAuth;\n getTrustedProxyContext?: () => {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n };\n}\n\nfunction validateToken(providedToken: string | undefined, expectedToken: string): boolean {\n if (!providedToken) return false;\n return safeEqualSecret(providedToken, expectedToken);\n}\n\nfunction extractTokenFromHeader(authHeader: string | null): string | null {\n if (!authHeader) return null;\n const parts = authHeader.split(' ');\n if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') return parts[1];\n return authHeader;\n}\n\n/**\n * SECURITY: query-string tokens leak into server logs, Referer headers, and\n * browser history. We accept them only where the `Authorization` header cannot\n * be set — SSE/WebSocket (`EventSource`) and `<img>` subresource loads for agent\n * avatars. For normal REST requests prefer the `Authorization: Bearer <token>`\n * header.\n */\nfunction extractTokenFromQuery(url: string): string | null {\n return new URL(url).searchParams.get('token');\n}\n\nconst QUERY_TOKEN_ALLOWED_PATHS = new Set(['/api/events', '/api/ws']);\n\nconst AGENT_AVATAR_GET_PATH = /^\\/api\\/agents\\/[^/]+\\/avatar$/;\n\n/** Exported for gateway security tests. */\nexport function isQueryTokenAllowedPath(path: string, method: string): boolean {\n if (QUERY_TOKEN_ALLOWED_PATHS.has(path) || path.startsWith('/api/events')) {\n return true;\n }\n // `<img src>` cannot send Bearer tokens; gateway console loads custom avatars here.\n if (method === 'GET' && AGENT_AVATAR_GET_PATH.test(path)) {\n return true;\n }\n return false;\n}\n\nfunction resolveRemoteAddress(c: Context): string | undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveMiddlewareClientIp(\n c: Context,\n trustedProxies?: string[],\n allowRealIpFallback?: boolean,\n): string {\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name: string) => c.req.header(name) ?? undefined,\n });\n}\n\ntype RateLimitContext = {\n active: boolean;\n cfg: ResolvedAuthRateLimitConfig;\n /** `undefined` when the client is exempted (loopback, disabled, etc.). */\n trackingKey: string | undefined;\n};\n\nfunction buildRateLimitContext(\n getGatewayAuth: AuthConfig['getGatewayAuth'],\n clientIp: string,\n origin: string | undefined,\n): RateLimitContext {\n const cfg = resolveAuthRateLimit(getGatewayAuth?.()?.rateLimit);\n const active = cfg.enabled && !isAuthRateLimitGloballyDisabled();\n if (!active) return { active: false, cfg, trackingKey: undefined };\n const tracking = resolveAuthTracking({ clientIp, origin, cfg: authPolicyConfig(cfg) });\n return {\n active: true,\n cfg,\n trackingKey: tracking.exempt ? undefined : tracking.key,\n };\n}\n\nfunction checkBlocked(rl: RateLimitContext): { blocked: false } | { blocked: true; retryAfterSec: number } {\n if (!rl.active || rl.trackingKey === undefined) return { blocked: false };\n return buckets.authFailure(rl.cfg).check(rl.trackingKey);\n}\n\nfunction recordFailure(rl: RateLimitContext): void {\n if (!rl.active || rl.trackingKey === undefined) return;\n buckets.authFailure(rl.cfg).fail(rl.trackingKey);\n}\n\nfunction recordSuccess(rl: RateLimitContext): void {\n if (!rl.active || rl.trackingKey === undefined) return;\n buckets.authFailure(rl.cfg).succeed(rl.trackingKey);\n}\n\nfunction blockedResponse(c: Context, retryAfterSec: number) {\n c.header('Retry-After', String(retryAfterSec));\n return c.json(\n {\n error: 'Too Many Requests',\n code: 'auth_blocked',\n message: 'Too many authentication attempts',\n retryAfter: retryAfterSec,\n },\n 429,\n );\n}\n\nexport function auth(config?: AuthConfig) {\n const { token, getGatewayAuth, getResolvedAuth, getTrustedProxyContext } = config || {};\n\n return createMiddleware(async (c, next) => {\n const resolvedAuth = getResolvedAuth?.();\n const authMode = resolvedAuth?.mode ?? (token ? 'token' : 'none');\n\n if (authMode === 'trusted-proxy') {\n const proxyContext = getTrustedProxyContext?.();\n const trustedProxies = proxyContext?.trustedProxies;\n const trustedProxyConfig = resolvedAuth?.trustedProxy;\n\n const clientIp = resolveMiddlewareClientIp(c, trustedProxies, proxyContext?.allowRealIpFallback);\n const origin = c.req.header('origin');\n const rl = buildRateLimitContext(getGatewayAuth, clientIp, origin);\n\n // Server misconfiguration — not an attack signal. Don't count.\n if (!trustedProxyConfig) {\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'trusted_proxy_config_missing' },\n 'HTTP auth rejected: trusted-proxy config missing',\n );\n return c.json(\n { error: 'Unauthorized', code: 'auth_unconfigured', message: 'Trusted-proxy auth is not configured' },\n 401,\n );\n }\n\n const blocked = checkBlocked(rl);\n if (blocked.blocked) {\n log.warn(\n { clientIp, origin: origin ?? undefined, path: c.req.path, method: c.req.method, retryAfterSec: blocked.retryAfterSec, reason: 'auth_blocked' },\n 'Auth rate limit blocked',\n );\n return blockedResponse(c, blocked.retryAfterSec);\n }\n\n const result = authorizeTrustedProxy({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n trustedProxyConfig,\n });\n\n if (result.ok === false) {\n recordFailure(rl);\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: result.reason },\n `HTTP auth rejected: trusted-proxy validation failed (${result.reason})`,\n );\n return c.json(\n { error: 'Unauthorized', code: 'invalid_proxy_credentials', message: 'Trusted-proxy authentication failed' },\n 401,\n );\n }\n\n recordSuccess(rl);\n await next();\n return;\n }\n\n if (authMode === 'none' || !token) {\n return next();\n }\n\n const proxyContext = getTrustedProxyContext?.();\n const clientIp = resolveMiddlewareClientIp(c, proxyContext?.trustedProxies, proxyContext?.allowRealIpFallback);\n const origin = c.req.header('origin');\n const rl = buildRateLimitContext(getGatewayAuth, clientIp, origin);\n\n const authHeader = extractTokenFromHeader(c.req.header('authorization'));\n const requestPath = new URL(c.req.url).pathname;\n const queryToken = isQueryTokenAllowedPath(requestPath, c.req.method)\n ? extractTokenFromQuery(c.req.url)\n : null;\n\n if (!authHeader && queryToken === null && new URL(c.req.url).searchParams.has('token')) {\n log.warn(\n { path: requestPath, method: c.req.method, clientIp },\n 'Token in query string rejected: use Authorization header for this endpoint',\n );\n }\n\n const providedToken = authHeader || queryToken;\n\n if (providedToken && validateToken(providedToken, token)) {\n recordSuccess(rl);\n await next();\n return;\n }\n\n const blocked = checkBlocked(rl);\n if (blocked.blocked) {\n log.warn(\n { clientIp, origin: origin ?? undefined, path: requestPath, method: c.req.method, retryAfterSec: blocked.retryAfterSec, reason: 'auth_blocked' },\n 'Auth rate limit blocked',\n );\n return blockedResponse(c, blocked.retryAfterSec);\n }\n\n // Missing token is an unauthenticated request, not a brute-force signal —\n // page reloads / SDK cold starts often hit endpoints before the token is\n // attached. Counting this would lock users out of the token-entry path.\n if (!providedToken) {\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'missing_token' },\n 'HTTP auth rejected: no Bearer or ?token=',\n );\n return c.json(\n { error: 'Unauthorized', code: 'missing_token', message: 'Missing authentication token' },\n 401,\n );\n }\n\n recordFailure(rl);\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'invalid_token' },\n 'HTTP auth rejected: token mismatch',\n );\n return c.json(\n { error: 'Unauthorized', code: 'invalid_token', message: 'Invalid authentication token' },\n 401,\n );\n });\n}\n"],"mappings":";;;;;;;;;;;;;aAkBwD;AAExD,MAAM,MAAM,aAAa,YAAY;AAarC,SAAS,cAAc,eAAmC,eAAgC;AACxF,KAAI,CAAC,cAAe,QAAO;AAC3B,QAAO,gBAAgB,eAAe,cAAc;;AAGtD,SAAS,uBAAuB,YAA0C;AACxE,KAAI,CAAC,WAAY,QAAO;CACxB,MAAM,QAAQ,WAAW,MAAM,IAAI;AACnC,KAAI,MAAM,WAAW,KAAK,MAAM,GAAG,aAAa,KAAK,SAAU,QAAO,MAAM;AAC5E,QAAO;;;;;;;;;AAUT,SAAS,sBAAsB,KAA4B;AACzD,QAAO,IAAI,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ;;AAG/C,MAAM,4BAA4B,IAAI,IAAI,CAAC,eAAe,UAAU,CAAC;AAErE,MAAM,wBAAwB;;AAG9B,SAAgB,wBAAwB,MAAc,QAAyB;AAC7E,KAAI,0BAA0B,IAAI,KAAK,IAAI,KAAK,WAAW,cAAc,CACvE,QAAO;AAGT,KAAI,WAAW,SAAS,sBAAsB,KAAK,KAAK,CACtD,QAAO;AAET,QAAO;;AAGT,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,0BACP,GACA,gBACA,qBACQ;AACR,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA;EACD,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAiB,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GAC9C,CAAC;;AAUJ,SAAS,sBACP,gBACA,UACA,QACkB;CAClB,MAAM,MAAM,qBAAqB,kBAAkB,EAAE,UAAU;AAE/D,KAAI,EADW,IAAI,WAAW,CAAC,iCAAiC,EACnD,QAAO;EAAE,QAAQ;EAAO;EAAK,aAAa,KAAA;EAAW;CAClE,MAAM,WAAW,oBAAoB;EAAE;EAAU;EAAQ,KAAK,iBAAiB,IAAI;EAAE,CAAC;AACtF,QAAO;EACL,QAAQ;EACR;EACA,aAAa,SAAS,SAAS,KAAA,IAAY,SAAS;EACrD;;AAGH,SAAS,aAAa,IAAqF;AACzG,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW,QAAO,EAAE,SAAS,OAAO;AACzE,QAAO,QAAQ,YAAY,GAAG,IAAI,CAAC,MAAM,GAAG,YAAY;;AAG1D,SAAS,cAAc,IAA4B;AACjD,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW;AAChD,SAAQ,YAAY,GAAG,IAAI,CAAC,KAAK,GAAG,YAAY;;AAGlD,SAAS,cAAc,IAA4B;AACjD,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW;AAChD,SAAQ,YAAY,GAAG,IAAI,CAAC,QAAQ,GAAG,YAAY;;AAGrD,SAAS,gBAAgB,GAAY,eAAuB;AAC1D,GAAE,OAAO,eAAe,OAAO,cAAc,CAAC;AAC9C,QAAO,EAAE,KACP;EACE,OAAO;EACP,MAAM;EACN,SAAS;EACT,YAAY;EACb,EACD,IACD;;AAGH,SAAgB,KAAK,QAAqB;CACxC,MAAM,EAAE,OAAO,gBAAgB,iBAAiB,2BAA2B,UAAU,EAAE;AAEvF,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,eAAe,mBAAmB;EACxC,MAAM,WAAW,cAAc,SAAS,QAAQ,UAAU;AAE1D,MAAI,aAAa,iBAAiB;GAChC,MAAM,eAAe,0BAA0B;GAC/C,MAAM,iBAAiB,cAAc;GACrC,MAAM,qBAAqB,cAAc;GAEzC,MAAM,WAAW,0BAA0B,GAAG,gBAAgB,cAAc,oBAAoB;GAChG,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;GACrC,MAAM,KAAK,sBAAsB,gBAAgB,UAAU,OAAO;AAGlE,OAAI,CAAC,oBAAoB;AACvB,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ;KAAgC,EAC5F,mDACD;AACD,WAAO,EAAE,KACP;KAAE,OAAO;KAAgB,MAAM;KAAqB,SAAS;KAAwC,EACrG,IACD;;GAGH,MAAM,UAAU,aAAa,GAAG;AAChC,OAAI,QAAQ,SAAS;AACnB,QAAI,KACF;KAAE;KAAU,QAAQ,UAAU,KAAA;KAAW,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ,eAAe,QAAQ;KAAe,QAAQ;KAAgB,EAC/I,0BACD;AACD,WAAO,gBAAgB,GAAG,QAAQ,cAAc;;GAGlD,MAAM,SAAS,sBAAsB;IACnC,eAAe,qBAAqB,EAAE;IACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;IACvC;IACA;IACD,CAAC;AAEF,OAAI,OAAO,OAAO,OAAO;AACvB,kBAAc,GAAG;AACjB,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ,OAAO;KAAQ,EAC3E,wDAAwD,OAAO,OAAO,GACvE;AACD,WAAO,EAAE,KACP;KAAE,OAAO;KAAgB,MAAM;KAA6B,SAAS;KAAuC,EAC5G,IACD;;AAGH,iBAAc,GAAG;AACjB,SAAM,MAAM;AACZ;;AAGF,MAAI,aAAa,UAAU,CAAC,MAC1B,QAAO,MAAM;EAGf,MAAM,eAAe,0BAA0B;EAC/C,MAAM,WAAW,0BAA0B,GAAG,cAAc,gBAAgB,cAAc,oBAAoB;EAC9G,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;EACrC,MAAM,KAAK,sBAAsB,gBAAgB,UAAU,OAAO;EAElE,MAAM,aAAa,uBAAuB,EAAE,IAAI,OAAO,gBAAgB,CAAC;EACxE,MAAM,cAAc,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC;EACvC,MAAM,aAAa,wBAAwB,aAAa,EAAE,IAAI,OAAO,GACjE,sBAAsB,EAAE,IAAI,IAAI,GAChC;AAEJ,MAAI,CAAC,cAAc,eAAe,QAAQ,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ,CACpF,KAAI,KACF;GAAE,MAAM;GAAa,QAAQ,EAAE,IAAI;GAAQ;GAAU,EACrD,6EACD;EAGH,MAAM,gBAAgB,cAAc;AAEpC,MAAI,iBAAiB,cAAc,eAAe,MAAM,EAAE;AACxD,iBAAc,GAAG;AACjB,SAAM,MAAM;AACZ;;EAGF,MAAM,UAAU,aAAa,GAAG;AAChC,MAAI,QAAQ,SAAS;AACnB,OAAI,KACF;IAAE;IAAU,QAAQ,UAAU,KAAA;IAAW,MAAM;IAAa,QAAQ,EAAE,IAAI;IAAQ,eAAe,QAAQ;IAAe,QAAQ;IAAgB,EAChJ,0BACD;AACD,UAAO,gBAAgB,GAAG,QAAQ,cAAc;;AAMlD,MAAI,CAAC,eAAe;AAClB,OAAI,KACF;IAAE,MAAM,EAAE,IAAI;IAAM,QAAQ,EAAE,IAAI;IAAQ;IAAU,QAAQ;IAAiB,EAC7E,2CACD;AACD,UAAO,EAAE,KACP;IAAE,OAAO;IAAgB,MAAM;IAAiB,SAAS;IAAgC,EACzF,IACD;;AAGH,gBAAc,GAAG;AACjB,MAAI,KACF;GAAE,MAAM,EAAE,IAAI;GAAM,QAAQ,EAAE,IAAI;GAAQ;GAAU,QAAQ;GAAiB,EAC7E,qCACD;AACD,SAAO,EAAE,KACP;GAAE,OAAO;GAAgB,MAAM;GAAiB,SAAS;GAAgC,EACzF,IACD;GACD"}
1
+ {"version":3,"file":"auth.js","names":[],"sources":["../../../../../src/gateway/hono/middleware/auth.ts"],"sourcesContent":["import { createMiddleware } from 'hono/factory';\nimport type { Context } from 'hono';\nimport { getConnInfo } from '@hono/node-server/conninfo';\n\nimport type { GatewayAuthConfig } from '../../../config/schema.js';\nimport type { ResolvedGatewayAuth } from '../../auth.js';\nimport { resolveClientIpFromRequest } from '../../client-ip.js';\nimport {\n authPolicyConfig,\n buckets,\n isAuthRateLimitGloballyDisabled,\n resolveAuthRateLimit,\n resolveAuthTracking,\n type ResolvedAuthRateLimitConfig,\n} from '../../rate-limit/index.js';\nimport { getClientIpFromHeaders } from '../../security/loopback.js';\nimport { safeEqualSecret } from '../../security/secret-equal.js';\nimport { authorizeTrustedProxy } from '../../trusted-proxy.js';\nimport { createLogger } from '../../../utils/logger.js';\n\nconst log = createLogger('Hono:Auth');\n\nexport interface AuthConfig {\n token?: string;\n /** Current gateway auth from config (for rate-limit settings); optional. */\n getGatewayAuth?: () => GatewayAuthConfig | undefined;\n getResolvedAuth?: () => ResolvedGatewayAuth;\n getTrustedProxyContext?: () => {\n trustedProxies?: string[];\n allowRealIpFallback?: boolean;\n };\n}\n\nfunction validateToken(providedToken: string | undefined, expectedToken: string): boolean {\n if (!providedToken) return false;\n return safeEqualSecret(providedToken, expectedToken);\n}\n\nfunction extractTokenFromHeader(authHeader: string | null): string | null {\n if (!authHeader) return null;\n const parts = authHeader.split(' ');\n if (parts.length === 2 && parts[0].toLowerCase() === 'bearer') return parts[1];\n return authHeader;\n}\n\n/**\n * SECURITY: query-string tokens leak into server logs, Referer headers, and\n * browser history. We accept them only where the `Authorization` header cannot\n * be set — SSE/WebSocket (`EventSource`) and `<img>` subresource loads for agent\n * avatars. Note media uses Bearer-authenticated blob fetch in the gateway console.\n */\nfunction extractTokenFromQuery(url: string): string | null {\n return new URL(url).searchParams.get('token');\n}\n\nconst QUERY_TOKEN_ALLOWED_PATHS = new Set(['/api/events', '/api/ws']);\n\nconst AGENT_AVATAR_GET_PATH = /^\\/api\\/agents\\/[^/]+\\/avatar$/;\n\n/** Exported for gateway security tests. */\nexport function isQueryTokenAllowedPath(path: string, method: string): boolean {\n if (QUERY_TOKEN_ALLOWED_PATHS.has(path) || path.startsWith('/api/events')) {\n return true;\n }\n if (method === 'GET' && AGENT_AVATAR_GET_PATH.test(path)) {\n return true;\n }\n return false;\n}\n\nfunction resolveRemoteAddress(c: Context): string | undefined {\n try {\n return getConnInfo(c).remote.address;\n } catch {\n return undefined;\n }\n}\n\nfunction resolveMiddlewareClientIp(\n c: Context,\n trustedProxies?: string[],\n allowRealIpFallback?: boolean,\n): string {\n if (trustedProxies?.length) {\n return resolveClientIpFromRequest({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n allowRealIpFallback,\n });\n }\n return getClientIpFromHeaders({\n get: (name: string) => c.req.header(name) ?? undefined,\n });\n}\n\ntype RateLimitContext = {\n active: boolean;\n cfg: ResolvedAuthRateLimitConfig;\n /** `undefined` when the client is exempted (loopback, disabled, etc.). */\n trackingKey: string | undefined;\n};\n\nfunction buildRateLimitContext(\n getGatewayAuth: AuthConfig['getGatewayAuth'],\n clientIp: string,\n origin: string | undefined,\n): RateLimitContext {\n const cfg = resolveAuthRateLimit(getGatewayAuth?.()?.rateLimit);\n const active = cfg.enabled && !isAuthRateLimitGloballyDisabled();\n if (!active) return { active: false, cfg, trackingKey: undefined };\n const tracking = resolveAuthTracking({ clientIp, origin, cfg: authPolicyConfig(cfg) });\n return {\n active: true,\n cfg,\n trackingKey: tracking.exempt ? undefined : tracking.key,\n };\n}\n\nfunction checkBlocked(rl: RateLimitContext): { blocked: false } | { blocked: true; retryAfterSec: number } {\n if (!rl.active || rl.trackingKey === undefined) return { blocked: false };\n return buckets.authFailure(rl.cfg).check(rl.trackingKey);\n}\n\nfunction recordFailure(rl: RateLimitContext): void {\n if (!rl.active || rl.trackingKey === undefined) return;\n buckets.authFailure(rl.cfg).fail(rl.trackingKey);\n}\n\nfunction recordSuccess(rl: RateLimitContext): void {\n if (!rl.active || rl.trackingKey === undefined) return;\n buckets.authFailure(rl.cfg).succeed(rl.trackingKey);\n}\n\nfunction blockedResponse(c: Context, retryAfterSec: number) {\n c.header('Retry-After', String(retryAfterSec));\n return c.json(\n {\n error: 'Too Many Requests',\n code: 'auth_blocked',\n message: 'Too many authentication attempts',\n retryAfter: retryAfterSec,\n },\n 429,\n );\n}\n\nexport function auth(config?: AuthConfig) {\n const { token, getGatewayAuth, getResolvedAuth, getTrustedProxyContext } = config || {};\n\n return createMiddleware(async (c, next) => {\n const resolvedAuth = getResolvedAuth?.();\n const authMode = resolvedAuth?.mode ?? (token ? 'token' : 'none');\n\n if (authMode === 'trusted-proxy') {\n const proxyContext = getTrustedProxyContext?.();\n const trustedProxies = proxyContext?.trustedProxies;\n const trustedProxyConfig = resolvedAuth?.trustedProxy;\n\n const clientIp = resolveMiddlewareClientIp(c, trustedProxies, proxyContext?.allowRealIpFallback);\n const origin = c.req.header('origin');\n const rl = buildRateLimitContext(getGatewayAuth, clientIp, origin);\n\n // Server misconfiguration — not an attack signal. Don't count.\n if (!trustedProxyConfig) {\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'trusted_proxy_config_missing' },\n 'HTTP auth rejected: trusted-proxy config missing',\n );\n return c.json(\n { error: 'Unauthorized', code: 'auth_unconfigured', message: 'Trusted-proxy auth is not configured' },\n 401,\n );\n }\n\n const blocked = checkBlocked(rl);\n if (blocked.blocked) {\n log.warn(\n { clientIp, origin: origin ?? undefined, path: c.req.path, method: c.req.method, retryAfterSec: blocked.retryAfterSec, reason: 'auth_blocked' },\n 'Auth rate limit blocked',\n );\n return blockedResponse(c, blocked.retryAfterSec);\n }\n\n const result = authorizeTrustedProxy({\n remoteAddress: resolveRemoteAddress(c),\n getHeader: (name) => c.req.header(name),\n trustedProxies,\n trustedProxyConfig,\n });\n\n if (result.ok === false) {\n recordFailure(rl);\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: result.reason },\n `HTTP auth rejected: trusted-proxy validation failed (${result.reason})`,\n );\n return c.json(\n { error: 'Unauthorized', code: 'invalid_proxy_credentials', message: 'Trusted-proxy authentication failed' },\n 401,\n );\n }\n\n recordSuccess(rl);\n await next();\n return;\n }\n\n if (authMode === 'none' || !token) {\n return next();\n }\n\n const proxyContext = getTrustedProxyContext?.();\n const clientIp = resolveMiddlewareClientIp(c, proxyContext?.trustedProxies, proxyContext?.allowRealIpFallback);\n const origin = c.req.header('origin');\n const rl = buildRateLimitContext(getGatewayAuth, clientIp, origin);\n\n const authHeader = extractTokenFromHeader(c.req.header('authorization'));\n const requestPath = new URL(c.req.url).pathname;\n const queryToken = isQueryTokenAllowedPath(requestPath, c.req.method)\n ? extractTokenFromQuery(c.req.url)\n : null;\n\n if (!authHeader && queryToken === null && new URL(c.req.url).searchParams.has('token')) {\n log.warn(\n { path: requestPath, method: c.req.method, clientIp },\n 'Token in query string rejected: use Authorization header for this endpoint',\n );\n }\n\n const providedToken = authHeader || queryToken;\n\n if (providedToken && validateToken(providedToken, token)) {\n recordSuccess(rl);\n await next();\n return;\n }\n\n const blocked = checkBlocked(rl);\n if (blocked.blocked) {\n log.warn(\n { clientIp, origin: origin ?? undefined, path: requestPath, method: c.req.method, retryAfterSec: blocked.retryAfterSec, reason: 'auth_blocked' },\n 'Auth rate limit blocked',\n );\n return blockedResponse(c, blocked.retryAfterSec);\n }\n\n // Missing token is an unauthenticated request, not a brute-force signal —\n // page reloads / SDK cold starts often hit endpoints before the token is\n // attached. Counting this would lock users out of the token-entry path.\n if (!providedToken) {\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'missing_token' },\n 'HTTP auth rejected: no Bearer or ?token=',\n );\n return c.json(\n { error: 'Unauthorized', code: 'missing_token', message: 'Missing authentication token' },\n 401,\n );\n }\n\n recordFailure(rl);\n log.warn(\n { path: c.req.path, method: c.req.method, clientIp, reason: 'invalid_token' },\n 'HTTP auth rejected: token mismatch',\n );\n return c.json(\n { error: 'Unauthorized', code: 'invalid_token', message: 'Invalid authentication token' },\n 401,\n );\n });\n}\n"],"mappings":";;;;;;;;;;;;;aAkBwD;AAExD,MAAM,MAAM,aAAa,YAAY;AAarC,SAAS,cAAc,eAAmC,eAAgC;AACxF,KAAI,CAAC,cAAe,QAAO;AAC3B,QAAO,gBAAgB,eAAe,cAAc;;AAGtD,SAAS,uBAAuB,YAA0C;AACxE,KAAI,CAAC,WAAY,QAAO;CACxB,MAAM,QAAQ,WAAW,MAAM,IAAI;AACnC,KAAI,MAAM,WAAW,KAAK,MAAM,GAAG,aAAa,KAAK,SAAU,QAAO,MAAM;AAC5E,QAAO;;;;;;;;AAST,SAAS,sBAAsB,KAA4B;AACzD,QAAO,IAAI,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ;;AAG/C,MAAM,4BAA4B,IAAI,IAAI,CAAC,eAAe,UAAU,CAAC;AAErE,MAAM,wBAAwB;;AAG9B,SAAgB,wBAAwB,MAAc,QAAyB;AAC7E,KAAI,0BAA0B,IAAI,KAAK,IAAI,KAAK,WAAW,cAAc,CACvE,QAAO;AAET,KAAI,WAAW,SAAS,sBAAsB,KAAK,KAAK,CACtD,QAAO;AAET,QAAO;;AAGT,SAAS,qBAAqB,GAAgC;AAC5D,KAAI;AACF,SAAO,YAAY,EAAE,CAAC,OAAO;SACvB;AACN;;;AAIJ,SAAS,0BACP,GACA,gBACA,qBACQ;AACR,KAAI,gBAAgB,OAClB,QAAO,2BAA2B;EAChC,eAAe,qBAAqB,EAAE;EACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;EACvC;EACA;EACD,CAAC;AAEJ,QAAO,uBAAuB,EAC5B,MAAM,SAAiB,EAAE,IAAI,OAAO,KAAK,IAAI,KAAA,GAC9C,CAAC;;AAUJ,SAAS,sBACP,gBACA,UACA,QACkB;CAClB,MAAM,MAAM,qBAAqB,kBAAkB,EAAE,UAAU;AAE/D,KAAI,EADW,IAAI,WAAW,CAAC,iCAAiC,EACnD,QAAO;EAAE,QAAQ;EAAO;EAAK,aAAa,KAAA;EAAW;CAClE,MAAM,WAAW,oBAAoB;EAAE;EAAU;EAAQ,KAAK,iBAAiB,IAAI;EAAE,CAAC;AACtF,QAAO;EACL,QAAQ;EACR;EACA,aAAa,SAAS,SAAS,KAAA,IAAY,SAAS;EACrD;;AAGH,SAAS,aAAa,IAAqF;AACzG,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW,QAAO,EAAE,SAAS,OAAO;AACzE,QAAO,QAAQ,YAAY,GAAG,IAAI,CAAC,MAAM,GAAG,YAAY;;AAG1D,SAAS,cAAc,IAA4B;AACjD,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW;AAChD,SAAQ,YAAY,GAAG,IAAI,CAAC,KAAK,GAAG,YAAY;;AAGlD,SAAS,cAAc,IAA4B;AACjD,KAAI,CAAC,GAAG,UAAU,GAAG,gBAAgB,KAAA,EAAW;AAChD,SAAQ,YAAY,GAAG,IAAI,CAAC,QAAQ,GAAG,YAAY;;AAGrD,SAAS,gBAAgB,GAAY,eAAuB;AAC1D,GAAE,OAAO,eAAe,OAAO,cAAc,CAAC;AAC9C,QAAO,EAAE,KACP;EACE,OAAO;EACP,MAAM;EACN,SAAS;EACT,YAAY;EACb,EACD,IACD;;AAGH,SAAgB,KAAK,QAAqB;CACxC,MAAM,EAAE,OAAO,gBAAgB,iBAAiB,2BAA2B,UAAU,EAAE;AAEvF,QAAO,iBAAiB,OAAO,GAAG,SAAS;EACzC,MAAM,eAAe,mBAAmB;EACxC,MAAM,WAAW,cAAc,SAAS,QAAQ,UAAU;AAE1D,MAAI,aAAa,iBAAiB;GAChC,MAAM,eAAe,0BAA0B;GAC/C,MAAM,iBAAiB,cAAc;GACrC,MAAM,qBAAqB,cAAc;GAEzC,MAAM,WAAW,0BAA0B,GAAG,gBAAgB,cAAc,oBAAoB;GAChG,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;GACrC,MAAM,KAAK,sBAAsB,gBAAgB,UAAU,OAAO;AAGlE,OAAI,CAAC,oBAAoB;AACvB,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ;KAAgC,EAC5F,mDACD;AACD,WAAO,EAAE,KACP;KAAE,OAAO;KAAgB,MAAM;KAAqB,SAAS;KAAwC,EACrG,IACD;;GAGH,MAAM,UAAU,aAAa,GAAG;AAChC,OAAI,QAAQ,SAAS;AACnB,QAAI,KACF;KAAE;KAAU,QAAQ,UAAU,KAAA;KAAW,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ,eAAe,QAAQ;KAAe,QAAQ;KAAgB,EAC/I,0BACD;AACD,WAAO,gBAAgB,GAAG,QAAQ,cAAc;;GAGlD,MAAM,SAAS,sBAAsB;IACnC,eAAe,qBAAqB,EAAE;IACtC,YAAY,SAAS,EAAE,IAAI,OAAO,KAAK;IACvC;IACA;IACD,CAAC;AAEF,OAAI,OAAO,OAAO,OAAO;AACvB,kBAAc,GAAG;AACjB,QAAI,KACF;KAAE,MAAM,EAAE,IAAI;KAAM,QAAQ,EAAE,IAAI;KAAQ;KAAU,QAAQ,OAAO;KAAQ,EAC3E,wDAAwD,OAAO,OAAO,GACvE;AACD,WAAO,EAAE,KACP;KAAE,OAAO;KAAgB,MAAM;KAA6B,SAAS;KAAuC,EAC5G,IACD;;AAGH,iBAAc,GAAG;AACjB,SAAM,MAAM;AACZ;;AAGF,MAAI,aAAa,UAAU,CAAC,MAC1B,QAAO,MAAM;EAGf,MAAM,eAAe,0BAA0B;EAC/C,MAAM,WAAW,0BAA0B,GAAG,cAAc,gBAAgB,cAAc,oBAAoB;EAC9G,MAAM,SAAS,EAAE,IAAI,OAAO,SAAS;EACrC,MAAM,KAAK,sBAAsB,gBAAgB,UAAU,OAAO;EAElE,MAAM,aAAa,uBAAuB,EAAE,IAAI,OAAO,gBAAgB,CAAC;EACxE,MAAM,cAAc,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC;EACvC,MAAM,aAAa,wBAAwB,aAAa,EAAE,IAAI,OAAO,GACjE,sBAAsB,EAAE,IAAI,IAAI,GAChC;AAEJ,MAAI,CAAC,cAAc,eAAe,QAAQ,IAAI,IAAI,EAAE,IAAI,IAAI,CAAC,aAAa,IAAI,QAAQ,CACpF,KAAI,KACF;GAAE,MAAM;GAAa,QAAQ,EAAE,IAAI;GAAQ;GAAU,EACrD,6EACD;EAGH,MAAM,gBAAgB,cAAc;AAEpC,MAAI,iBAAiB,cAAc,eAAe,MAAM,EAAE;AACxD,iBAAc,GAAG;AACjB,SAAM,MAAM;AACZ;;EAGF,MAAM,UAAU,aAAa,GAAG;AAChC,MAAI,QAAQ,SAAS;AACnB,OAAI,KACF;IAAE;IAAU,QAAQ,UAAU,KAAA;IAAW,MAAM;IAAa,QAAQ,EAAE,IAAI;IAAQ,eAAe,QAAQ;IAAe,QAAQ;IAAgB,EAChJ,0BACD;AACD,UAAO,gBAAgB,GAAG,QAAQ,cAAc;;AAMlD,MAAI,CAAC,eAAe;AAClB,OAAI,KACF;IAAE,MAAM,EAAE,IAAI;IAAM,QAAQ,EAAE,IAAI;IAAQ;IAAU,QAAQ;IAAiB,EAC7E,2CACD;AACD,UAAO,EAAE,KACP;IAAE,OAAO;IAAgB,MAAM;IAAiB,SAAS;IAAgC,EACzF,IACD;;AAGH,gBAAc,GAAG;AACjB,MAAI,KACF;GAAE,MAAM,EAAE,IAAI;GAAM,QAAQ,EAAE,IAAI;GAAQ;GAAU,QAAQ;GAAiB,EAC7E,qCACD;AACD,SAAO,EAAE,KACP;GAAE,OAAO;GAAgB,MAAM;GAAiB,SAAS;GAAgC,EACzF,IACD;GACD"}
package/dist/src/gateway/hono/oauth.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { CredentialResolver, init_credentials } from "../../auth/credentials.js";
2
- import { anthropicOAuthProvider } from "../../auth/oauth/anthropic.js";
3
2
  import { getProviderAuthState, init_providers, isProviderConfigured } from "../../providers/index.js";
3
+ import { anthropicOAuthProvider } from "../../auth/oauth/anthropic.js";
4
4
  import { minimaxOAuthProvider } from "../../auth/oauth/minimax.js";
5
5
  import { minimaxCnOAuthProvider } from "../../auth/oauth/minimax-cn.js";
6
6
  import { kimiCodingOAuthProvider } from "../../auth/oauth/kimi-coding.js";
package/dist/src/gateway/hono/routes/agents.js CHANGED
@@ -1,6 +1,6 @@
1
- import { init_agent_scope, normalizeAgentId } from "../../../agent/agent-scope.js";
2
1
  import { init_localized_text, normalizeLocalizedText } from "../../../config/localized-text.js";
3
2
  import { init_schema, parseModelRef } from "../../../config/schema.js";
3
+ import { init_agent_scope, normalizeAgentId } from "../../../agent/agent-scope.js";
4
4
  import { init_providers, isProviderConfigured, resolveModel } from "../../../providers/index.js";
5
5
  import { getVoiceModelsConfig } from "../../../config/voice.js";
6
6
  import { deleteAgentAvatarFile, finalizeCreateAgentDirs, listAgentProfileFiles, listGatewayAgents, prepareCreateAgent, prepareCreateAgentsBatch, prepareDeleteAgent, prepareUpdateAgent, readAgentAvatarFile, readAgentProfileFile, runAfterDeletePurge, writeAgentAvatarFromBase64, writeAgentProfileFile } from "../../agents-admin.js";
package/dist/src/gateway/hono/routes/auth-registry-extensions.js CHANGED
@@ -7,8 +7,8 @@ import { createOAuthHandler } from "../oauth.js";
7
7
  import { createOAuthAsyncHandler } from "../oauth-async.js";
8
8
  import { extensionAssetMimeType } from "../lib/extension-assets.js";
9
9
  import { loadExtensionStore, saveExtensionStore } from "../lib/extension-store.js";
10
- import { existsSync, readFileSync, statSync } from "node:fs";
11
10
  import { relative, resolve } from "node:path";
11
+ import { existsSync, readFileSync, statSync } from "node:fs";
12
12
  //#region src/gateway/hono/routes/auth-registry-extensions.ts
13
13
  init_providers();
14
14
  const EXTENSION_ASSET_CSP = "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; connect-src 'none'; frame-ancestors 'self'; frame-src 'none'; base-uri 'none'; object-src 'none'; form-action 'none'";
package/dist/src/gateway/hono/routes/config-patch/gateway.d.ts CHANGED
@@ -3,8 +3,8 @@
3
3
  *
4
4
  * Covers heartbeat, bind/customBindHost/port, tailscale, auth (mode + token +
5
5
  * password + rateLimit + trustedProxy), trustedProxies, allowRealIpFallback,
6
- * dangerouslyAllowHostHeaderOriginFallback, security, share, corsOrigins,
7
- * maxSseConnections, and channelConnectDefer{Mode,Ids,SkipIds}.
6
+ * dangerouslyAllowHostHeaderOriginFallback, security, share, publicUrl,
7
+ * corsOrigins, maxSseConnections, and channelConnectDefer{Mode,Ids,SkipIds}.
8
8
  *
9
9
  * Validation policy: each subsection that can reject rejects with a 400 and a
10
10
  * specific `message`. The dispatcher converts these into `c.json(...)`.
package/dist/src/gateway/hono/routes/config-patch/gateway.js CHANGED
@@ -1,8 +1,10 @@
1
+ import { init_public_url, validatePublicUrl } from "../../../../config/public-url.js";
1
2
  import { isValidIPv4 } from "../../../../config/gateway-bind.js";
2
3
  import { mergeShareConfigPatch } from "../../../../share/share-config.js";
3
4
  import { isMaskedSecretPatchValue } from "../../lib/mask-secret-length.js";
4
5
  import { PATCH_OK, patchError } from "./result.js";
5
6
  //#region src/gateway/hono/routes/config-patch/gateway.ts
7
+ init_public_url();
6
8
  /**
7
9
  * Shared default for "user PATCH'd a gateway subsection but `config.gateway`
8
10
  * was never initialised". Identical to the inline literal repeated in the
@@ -219,6 +221,16 @@ function applyGatewayPatch(config, body) {
219
221
  const shareResult = mergeShareConfigPatch(config, body.gateway.share);
220
222
  if (shareResult.ok === false) return patchError(shareResult.message);
221
223
  }
224
+ if (body.gateway?.publicUrl !== void 0) {
225
+ const gw = ensureGateway(config);
226
+ if (body.gateway.publicUrl === null || body.gateway.publicUrl === "") delete gw.publicUrl;
227
+ else if (typeof body.gateway.publicUrl !== "string") return patchError("gateway.publicUrl must be a string or null");
228
+ else {
229
+ const validation = validatePublicUrl(body.gateway.publicUrl);
230
+ if (validation.ok === false) return patchError(`gateway.publicUrl: ${validation.message}`);
231
+ gw.publicUrl = validation.url;
232
+ }
233
+ }
222
234
  if (body.gateway?.corsOrigins !== void 0) {
223
235
  if (!Array.isArray(body.gateway.corsOrigins)) return patchError("gateway.corsOrigins must be an array");
224
236
  const gw = ensureGateway(config);
package/dist/src/gateway/hono/routes/config-patch/gateway.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"gateway.js","names":[],"sources":["../../../../../../src/gateway/hono/routes/config-patch/gateway.ts"],"sourcesContent":["/**\n * `PATCH /api/config` — `body.gateway.*` section.\n *\n * Covers heartbeat, bind/customBindHost/port, tailscale, auth (mode + token +\n * password + rateLimit + trustedProxy), trustedProxies, allowRealIpFallback,\n * dangerouslyAllowHostHeaderOriginFallback, security, share, corsOrigins,\n * maxSseConnections, and channelConnectDefer{Mode,Ids,SkipIds}.\n *\n * Validation policy: each subsection that can reject rejects with a 400 and a\n * specific `message`. The dispatcher converts these into `c.json(...)`.\n *\n * Initial-state branches use the same literal defaults the inline code did\n * (loopback + port 18790 + 1800s heartbeat + 100 SSE conn + empty CORS) so\n * a brand-new install gets a working gateway after the first PATCH.\n */\nimport type { Config, GatewayBindMode } from '../../../../config/schema.js';\nimport { isValidIPv4 } from '../../../../config/gateway-bind.js';\nimport { mergeShareConfigPatch } from '../../../../share/share-config.js';\nimport { isMaskedSecretPatchValue } from '../../lib/mask-secret-length.js';\nimport { type PatchResult, PATCH_OK, patchError } from './result.js';\n\n/**\n * Shared default for \"user PATCH'd a gateway subsection but `config.gateway`\n * was never initialised\". Identical to the inline literal repeated in the\n * pre-extraction handler so this is behavior-preserving.\n */\nfunction ensureGateway(config: Config): NonNullable<Config['gateway']> {\n if (!config.gateway) {\n config.gateway = {\n bind: 'loopback',\n port: 18790,\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: 100,\n corsOrigins: [],\n };\n }\n return config.gateway;\n}\n\nfunction parseDeferIdList(raw: unknown): string[] | null {\n if (!Array.isArray(raw)) return null;\n const ids = raw\n .filter((x): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x) => x.trim());\n if (ids.length > 24) return null;\n return ids;\n}\n\nexport function applyGatewayPatch(config: Config, body: any): PatchResult {\n if (body.gateway?.heartbeat !== undefined && typeof body.gateway.heartbeat === 'object') {\n const gw = ensureGateway(config);\n if (!gw.heartbeat) {\n gw.heartbeat = { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false };\n }\n const h = gw.heartbeat;\n const p = body.gateway.heartbeat as Record<string, unknown>;\n if (p.enabled !== undefined) h.enabled = Boolean(p.enabled);\n if (p.intervalMs !== undefined && typeof p.intervalMs === 'number' && Number.isFinite(p.intervalMs)) {\n h.intervalMs = p.intervalMs;\n }\n if (p.includeSystemPromptSection !== undefined) {\n h.includeSystemPromptSection = Boolean(p.includeSystemPromptSection);\n }\n if (p.target !== undefined) {\n if (p.target === null || p.target === '') delete (h as { target?: string }).target;\n else (h as { target?: string }).target = String(p.target);\n }\n if (p.targetChatId !== undefined) {\n if (p.targetChatId === null || p.targetChatId === '') delete (h as { targetChatId?: string }).targetChatId;\n else (h as { targetChatId?: string }).targetChatId = String(p.targetChatId);\n }\n if (p.prompt !== undefined) {\n if (p.prompt === null || p.prompt === '') delete (h as { prompt?: string }).prompt;\n else (h as { prompt?: string }).prompt = String(p.prompt);\n }\n if (p.ackMaxChars !== undefined) {\n if (p.ackMaxChars === null || p.ackMaxChars === '') delete (h as { ackMaxChars?: number }).ackMaxChars;\n else if (typeof p.ackMaxChars === 'number' && Number.isFinite(p.ackMaxChars)) {\n (h as { ackMaxChars?: number }).ackMaxChars = p.ackMaxChars;\n }\n }\n if (p.isolatedSession !== undefined) {\n if (p.isolatedSession === null || p.isolatedSession === false) {\n delete (h as { isolatedSession?: boolean }).isolatedSession;\n } else {\n (h as { isolatedSession?: boolean }).isolatedSession = Boolean(p.isolatedSession);\n }\n }\n if (p.activeHours !== undefined) {\n if (p.activeHours === null) {\n delete (h as { activeHours?: unknown }).activeHours;\n } else if (typeof p.activeHours === 'object' && p.activeHours !== null) {\n const ah = p.activeHours as Record<string, unknown>;\n const start = typeof ah.start === 'string' ? ah.start : '';\n const end = typeof ah.end === 'string' ? ah.end : '';\n if (start && end) {\n (h as { activeHours?: { start: string; end: string; timezone?: string } }).activeHours = {\n start,\n end,\n ...(typeof ah.timezone === 'string' && ah.timezone.trim() ? { timezone: ah.timezone } : {}),\n };\n } else {\n delete (h as { activeHours?: unknown }).activeHours;\n }\n }\n }\n }\n\n if (body.gateway?.bind !== undefined) {\n const bindModes = new Set(['auto', 'loopback', 'lan', 'tailnet', 'custom']);\n const bind = body.gateway.bind;\n if (typeof bind !== 'string' || !bindModes.has(bind)) {\n return patchError('gateway.bind must be one of: auto, loopback, lan, tailnet, custom');\n }\n if (!config.gateway) {\n config.gateway = {\n bind: bind as GatewayBindMode,\n port: 18790,\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: 100,\n corsOrigins: [],\n };\n } else {\n config.gateway.bind = bind as GatewayBindMode;\n }\n if (bind !== 'custom') {\n delete config.gateway.customBindHost;\n }\n }\n\n if (body.gateway?.customBindHost !== undefined) {\n if (body.gateway.customBindHost === null || body.gateway.customBindHost === '') {\n if (config.gateway) {\n delete config.gateway.customBindHost;\n }\n } else if (typeof body.gateway.customBindHost !== 'string' || !isValidIPv4(body.gateway.customBindHost.trim())) {\n return patchError('gateway.customBindHost must be a valid IPv4 address');\n } else if (config.gateway) {\n config.gateway.customBindHost = body.gateway.customBindHost.trim();\n config.gateway.bind = 'custom';\n }\n }\n\n if (body.gateway?.port !== undefined) {\n if (\n typeof body.gateway.port !== 'number' ||\n !Number.isFinite(body.gateway.port) ||\n body.gateway.port < 1 ||\n body.gateway.port > 65535\n ) {\n return patchError('gateway.port must be an integer from 1 to 65535');\n }\n if (!config.gateway) {\n config.gateway = {\n bind: 'loopback',\n port: Math.floor(body.gateway.port),\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: 100,\n corsOrigins: [],\n };\n } else {\n config.gateway.port = Math.floor(body.gateway.port);\n }\n }\n\n if (body.gateway?.tailscale !== undefined && typeof body.gateway.tailscale === 'object') {\n const ts = body.gateway.tailscale as Record<string, unknown>;\n if (!config.gateway) {\n config.gateway = {\n bind: 'loopback',\n port: 18790,\n auth: { mode: 'token' },\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: 100,\n corsOrigins: [],\n };\n }\n config.gateway.tailscale = {\n ...(config.gateway.tailscale ?? { mode: 'off', resetOnExit: true }),\n };\n if (ts.mode !== undefined) {\n if (ts.mode !== 'off' && ts.mode !== 'serve' && ts.mode !== 'funnel') {\n return patchError('gateway.tailscale.mode must be off, serve, or funnel');\n }\n config.gateway.tailscale.mode = ts.mode as 'off' | 'serve' | 'funnel';\n }\n if (ts.resetOnExit !== undefined) {\n config.gateway.tailscale.resetOnExit = ts.resetOnExit === true;\n }\n }\n\n if (body.gateway?.auth !== undefined) {\n const gw = ensureGateway(config);\n if (!gw.auth) gw.auth = { mode: 'token' };\n const a = body.gateway.auth;\n if (a.mode !== undefined) {\n if (\n a.mode !== 'none' &&\n a.mode !== 'token' &&\n a.mode !== 'password' &&\n a.mode !== 'trusted-proxy'\n ) {\n return patchError('gateway.auth.mode must be none, token, password, or trusted-proxy');\n }\n gw.auth.mode = a.mode;\n }\n if (a.token !== undefined) {\n if (a.token === null || (typeof a.token === 'string' && !a.token.trim())) {\n delete gw.auth.token;\n } else if (typeof a.token === 'string' && !isMaskedSecretPatchValue(a.token)) {\n gw.auth.token = a.token;\n }\n }\n if (a.password !== undefined) {\n if (a.password === null || (typeof a.password === 'string' && !a.password.trim())) {\n delete gw.auth.password;\n } else if (typeof a.password === 'string' && !isMaskedSecretPatchValue(a.password)) {\n gw.auth.password = a.password;\n }\n }\n if (a.rateLimit !== undefined && typeof a.rateLimit === 'object' && a.rateLimit !== null) {\n const rlIn = a.rateLimit as Record<string, unknown>;\n if (!gw.auth.rateLimit) {\n gw.auth.rateLimit = {\n enabled: true,\n maxAttempts: 5,\n windowMs: 900_000,\n blockDurationMs: 300_000,\n burstCoalesceMs: 1000,\n exemptLoopback: true,\n };\n }\n const rl = gw.auth.rateLimit!;\n if (rlIn.enabled !== undefined) rl.enabled = Boolean(rlIn.enabled);\n if (typeof rlIn.maxAttempts === 'number' && Number.isFinite(rlIn.maxAttempts)) {\n rl.maxAttempts = Math.max(1, Math.floor(rlIn.maxAttempts));\n }\n if (typeof rlIn.windowMs === 'number' && Number.isFinite(rlIn.windowMs) && rlIn.windowMs > 0) {\n rl.windowMs = Math.floor(rlIn.windowMs);\n }\n if (\n typeof rlIn.blockDurationMs === 'number' &&\n Number.isFinite(rlIn.blockDurationMs) &&\n rlIn.blockDurationMs > 0\n ) {\n rl.blockDurationMs = Math.floor(rlIn.blockDurationMs);\n }\n if (\n typeof rlIn.lockoutMs === 'number' &&\n Number.isFinite(rlIn.lockoutMs) &&\n rlIn.lockoutMs > 0\n ) {\n rl.blockDurationMs = Math.floor(rlIn.lockoutMs);\n }\n if (rlIn.exemptLoopback !== undefined) {\n rl.exemptLoopback = Boolean(rlIn.exemptLoopback);\n }\n }\n if (a.trustedProxy !== undefined) {\n if (a.trustedProxy === null) {\n delete gw.auth.trustedProxy;\n } else if (typeof a.trustedProxy === 'object' && a.trustedProxy !== null) {\n const tpIn = a.trustedProxy as Record<string, unknown>;\n const userHeader =\n typeof tpIn.userHeader === 'string' ? tpIn.userHeader.trim() : '';\n if (!userHeader) {\n return patchError('gateway.auth.trustedProxy.userHeader is required');\n }\n const trustedProxy: NonNullable<(typeof gw.auth)['trustedProxy']> = {\n userHeader,\n };\n if (tpIn.requiredHeaders !== undefined) {\n if (!Array.isArray(tpIn.requiredHeaders)) {\n return patchError('gateway.auth.trustedProxy.requiredHeaders must be an array');\n }\n trustedProxy.requiredHeaders = tpIn.requiredHeaders\n .filter((x): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x) => x.trim());\n }\n if (tpIn.allowUsers !== undefined) {\n if (!Array.isArray(tpIn.allowUsers)) {\n return patchError('gateway.auth.trustedProxy.allowUsers must be an array');\n }\n trustedProxy.allowUsers = tpIn.allowUsers\n .filter((x): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x) => x.trim());\n }\n if (tpIn.allowLoopback !== undefined) {\n trustedProxy.allowLoopback = Boolean(tpIn.allowLoopback);\n }\n gw.auth.trustedProxy = trustedProxy;\n }\n }\n }\n\n if (body.gateway?.trustedProxies !== undefined) {\n if (!Array.isArray(body.gateway.trustedProxies)) {\n return patchError('gateway.trustedProxies must be an array');\n }\n const gw = ensureGateway(config);\n gw.trustedProxies = body.gateway.trustedProxies\n .filter((x: unknown): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x: string) => x.trim());\n }\n\n if (body.gateway?.allowRealIpFallback !== undefined) {\n const gw = ensureGateway(config);\n gw.allowRealIpFallback = Boolean(body.gateway.allowRealIpFallback);\n }\n\n if (body.gateway?.dangerouslyAllowHostHeaderOriginFallback !== undefined) {\n const gw = ensureGateway(config);\n gw.dangerouslyAllowHostHeaderOriginFallback = Boolean(\n body.gateway.dangerouslyAllowHostHeaderOriginFallback,\n );\n }\n\n if (body.gateway?.security !== undefined) {\n if (typeof body.gateway.security !== 'object' || body.gateway.security === null) {\n return patchError('gateway.security must be an object');\n }\n const gw = ensureGateway(config);\n const secIn = body.gateway.security as Record<string, unknown>;\n if (!gw.security) {\n gw.security = {};\n }\n if (secIn.strict !== undefined) {\n gw.security.strict = Boolean(secIn.strict);\n }\n }\n\n if (body.gateway?.share !== undefined) {\n if (typeof body.gateway.share !== 'object' || body.gateway.share === null || Array.isArray(body.gateway.share)) {\n return patchError('gateway.share must be an object');\n }\n const shareResult = mergeShareConfigPatch(config, body.gateway.share as Record<string, unknown>);\n if (shareResult.ok === false) {\n return patchError(shareResult.message);\n }\n }\n\n if (body.gateway?.corsOrigins !== undefined) {\n if (!Array.isArray(body.gateway.corsOrigins)) {\n return patchError('gateway.corsOrigins must be an array');\n }\n const gw = ensureGateway(config);\n gw.corsOrigins = body.gateway.corsOrigins\n .filter((x: unknown): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x: string) => x.trim());\n }\n\n if (body.gateway?.maxSseConnections !== undefined) {\n if (\n typeof body.gateway.maxSseConnections !== 'number' ||\n !Number.isFinite(body.gateway.maxSseConnections) ||\n body.gateway.maxSseConnections < 1\n ) {\n return patchError('gateway.maxSseConnections must be a positive integer');\n }\n if (!config.gateway) {\n config.gateway = {\n bind: 'loopback',\n port: 18790,\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: Math.floor(body.gateway.maxSseConnections),\n corsOrigins: [],\n };\n } else {\n config.gateway.maxSseConnections = Math.floor(body.gateway.maxSseConnections);\n }\n }\n\n if (body.gateway?.channelConnectDeferMode !== undefined) {\n const mode = body.gateway.channelConnectDeferMode;\n if (mode !== 'auto' && mode !== 'off' && mode !== 'explicit') {\n return patchError('gateway.channelConnectDeferMode must be auto, off, or explicit');\n }\n const gw = ensureGateway(config);\n gw.channelConnectDeferMode = mode;\n }\n\n if (body.gateway?.channelConnectDeferIds !== undefined) {\n const ids = parseDeferIdList(body.gateway.channelConnectDeferIds);\n if (ids === null) {\n return patchError('gateway.channelConnectDeferIds must be an array of up to 24 strings');\n }\n const gw = ensureGateway(config);\n gw.channelConnectDeferIds = ids;\n }\n\n if (body.gateway?.channelConnectDeferSkipIds !== undefined) {\n const ids = parseDeferIdList(body.gateway.channelConnectDeferSkipIds);\n if (ids === null) {\n return patchError('gateway.channelConnectDeferSkipIds must be an array of up to 24 strings');\n }\n const gw = ensureGateway(config);\n gw.channelConnectDeferSkipIds = ids;\n }\n\n return PATCH_OK;\n}\n"],"mappings":";;;;;;;;;;AA0BA,SAAS,cAAc,QAAgD;AACrE,KAAI,CAAC,OAAO,QACV,QAAO,UAAU;EACf,MAAM;EACN,MAAM;EACN,WAAW;GAAE,SAAS;GAAM,YAAY;GAAW,4BAA4B;GAAO;EACtF,mBAAmB;EACnB,aAAa,EAAE;EAChB;AAEH,QAAO,OAAO;;AAGhB,SAAS,iBAAiB,KAA+B;AACvD,KAAI,CAAC,MAAM,QAAQ,IAAI,CAAE,QAAO;CAChC,MAAM,MAAM,IACT,QAAQ,MAAmB,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACxE,KAAK,MAAM,EAAE,MAAM,CAAC;AACvB,KAAI,IAAI,SAAS,GAAI,QAAO;AAC5B,QAAO;;AAGT,SAAgB,kBAAkB,QAAgB,MAAwB;AACxE,KAAI,KAAK,SAAS,cAAc,KAAA,KAAa,OAAO,KAAK,QAAQ,cAAc,UAAU;EACvF,MAAM,KAAK,cAAc,OAAO;AAChC,MAAI,CAAC,GAAG,UACN,IAAG,YAAY;GAAE,SAAS;GAAM,YAAY;GAAW,4BAA4B;GAAO;EAE5F,MAAM,IAAI,GAAG;EACb,MAAM,IAAI,KAAK,QAAQ;AACvB,MAAI,EAAE,YAAY,KAAA,EAAW,GAAE,UAAU,QAAQ,EAAE,QAAQ;AAC3D,MAAI,EAAE,eAAe,KAAA,KAAa,OAAO,EAAE,eAAe,YAAY,OAAO,SAAS,EAAE,WAAW,CACjG,GAAE,aAAa,EAAE;AAEnB,MAAI,EAAE,+BAA+B,KAAA,EACnC,GAAE,6BAA6B,QAAQ,EAAE,2BAA2B;AAEtE,MAAI,EAAE,WAAW,KAAA,EACf,KAAI,EAAE,WAAW,QAAQ,EAAE,WAAW,GAAI,QAAQ,EAA0B;MACtE,GAA0B,SAAS,OAAO,EAAE,OAAO;AAE3D,MAAI,EAAE,iBAAiB,KAAA,EACrB,KAAI,EAAE,iBAAiB,QAAQ,EAAE,iBAAiB,GAAI,QAAQ,EAAgC;MACxF,GAAgC,eAAe,OAAO,EAAE,aAAa;AAE7E,MAAI,EAAE,WAAW,KAAA,EACf,KAAI,EAAE,WAAW,QAAQ,EAAE,WAAW,GAAI,QAAQ,EAA0B;MACtE,GAA0B,SAAS,OAAO,EAAE,OAAO;AAE3D,MAAI,EAAE,gBAAgB,KAAA;OAChB,EAAE,gBAAgB,QAAQ,EAAE,gBAAgB,GAAI,QAAQ,EAA+B;YAClF,OAAO,EAAE,gBAAgB,YAAY,OAAO,SAAS,EAAE,YAAY,CACzE,GAA+B,cAAc,EAAE;;AAGpD,MAAI,EAAE,oBAAoB,KAAA,EACxB,KAAI,EAAE,oBAAoB,QAAQ,EAAE,oBAAoB,MACtD,QAAQ,EAAoC;MAE3C,GAAoC,kBAAkB,QAAQ,EAAE,gBAAgB;AAGrF,MAAI,EAAE,gBAAgB,KAAA;OAChB,EAAE,gBAAgB,KACpB,QAAQ,EAAgC;YAC/B,OAAO,EAAE,gBAAgB,YAAY,EAAE,gBAAgB,MAAM;IACtE,MAAM,KAAK,EAAE;IACb,MAAM,QAAQ,OAAO,GAAG,UAAU,WAAW,GAAG,QAAQ;IACxD,MAAM,MAAM,OAAO,GAAG,QAAQ,WAAW,GAAG,MAAM;AAClD,QAAI,SAAS,IACV,GAA0E,cAAc;KACvF;KACA;KACA,GAAI,OAAO,GAAG,aAAa,YAAY,GAAG,SAAS,MAAM,GAAG,EAAE,UAAU,GAAG,UAAU,GAAG,EAAE;KAC3F;QAED,QAAQ,EAAgC;;;;AAMhD,KAAI,KAAK,SAAS,SAAS,KAAA,GAAW;EACpC,MAAM,YAAY,IAAI,IAAI;GAAC;GAAQ;GAAY;GAAO;GAAW;GAAS,CAAC;EAC3E,MAAM,OAAO,KAAK,QAAQ;AAC1B,MAAI,OAAO,SAAS,YAAY,CAAC,UAAU,IAAI,KAAK,CAClD,QAAO,WAAW,oEAAoE;AAExF,MAAI,CAAC,OAAO,QACV,QAAO,UAAU;GACT;GACN,MAAM;GACN,WAAW;IAAE,SAAS;IAAM,YAAY;IAAW,4BAA4B;IAAO;GACtF,mBAAmB;GACnB,aAAa,EAAE;GAChB;MAED,QAAO,QAAQ,OAAO;AAExB,MAAI,SAAS,SACX,QAAO,OAAO,QAAQ;;AAI1B,KAAI,KAAK,SAAS,mBAAmB,KAAA;MAC/B,KAAK,QAAQ,mBAAmB,QAAQ,KAAK,QAAQ,mBAAmB;OACtE,OAAO,QACT,QAAO,OAAO,QAAQ;aAEf,OAAO,KAAK,QAAQ,mBAAmB,YAAY,CAAC,YAAY,KAAK,QAAQ,eAAe,MAAM,CAAC,CAC5G,QAAO,WAAW,sDAAsD;WAC/D,OAAO,SAAS;AACzB,UAAO,QAAQ,iBAAiB,KAAK,QAAQ,eAAe,MAAM;AAClE,UAAO,QAAQ,OAAO;;;AAI1B,KAAI,KAAK,SAAS,SAAS,KAAA,GAAW;AACpC,MACE,OAAO,KAAK,QAAQ,SAAS,YAC7B,CAAC,OAAO,SAAS,KAAK,QAAQ,KAAK,IACnC,KAAK,QAAQ,OAAO,KACpB,KAAK,QAAQ,OAAO,MAEpB,QAAO,WAAW,kDAAkD;AAEtE,MAAI,CAAC,OAAO,QACV,QAAO,UAAU;GACf,MAAM;GACN,MAAM,KAAK,MAAM,KAAK,QAAQ,KAAK;GACnC,WAAW;IAAE,SAAS;IAAM,YAAY;IAAW,4BAA4B;IAAO;GACtF,mBAAmB;GACnB,aAAa,EAAE;GAChB;MAED,QAAO,QAAQ,OAAO,KAAK,MAAM,KAAK,QAAQ,KAAK;;AAIvD,KAAI,KAAK,SAAS,cAAc,KAAA,KAAa,OAAO,KAAK,QAAQ,cAAc,UAAU;EACvF,MAAM,KAAK,KAAK,QAAQ;AACxB,MAAI,CAAC,OAAO,QACV,QAAO,UAAU;GACf,MAAM;GACN,MAAM;GACN,MAAM,EAAE,MAAM,SAAS;GACvB,WAAW;IAAE,SAAS;IAAM,YAAY;IAAW,4BAA4B;IAAO;GACtF,mBAAmB;GACnB,aAAa,EAAE;GAChB;AAEH,SAAO,QAAQ,YAAY,EACzB,GAAI,OAAO,QAAQ,aAAa;GAAE,MAAM;GAAO,aAAa;GAAM,EACnE;AACD,MAAI,GAAG,SAAS,KAAA,GAAW;AACzB,OAAI,GAAG,SAAS,SAAS,GAAG,SAAS,WAAW,GAAG,SAAS,SAC1D,QAAO,WAAW,uDAAuD;AAE3E,UAAO,QAAQ,UAAU,OAAO,GAAG;;AAErC,MAAI,GAAG,gBAAgB,KAAA,EACrB,QAAO,QAAQ,UAAU,cAAc,GAAG,gBAAgB;;AAI9D,KAAI,KAAK,SAAS,SAAS,KAAA,GAAW;EACpC,MAAM,KAAK,cAAc,OAAO;AAChC,MAAI,CAAC,GAAG,KAAM,IAAG,OAAO,EAAE,MAAM,SAAS;EACzC,MAAM,IAAI,KAAK,QAAQ;AACvB,MAAI,EAAE,SAAS,KAAA,GAAW;AACxB,OACE,EAAE,SAAS,UACX,EAAE,SAAS,WACX,EAAE,SAAS,cACX,EAAE,SAAS,gBAEX,QAAO,WAAW,oEAAoE;AAExF,MAAG,KAAK,OAAO,EAAE;;AAEnB,MAAI,EAAE,UAAU,KAAA;OACV,EAAE,UAAU,QAAS,OAAO,EAAE,UAAU,YAAY,CAAC,EAAE,MAAM,MAAM,CACrE,QAAO,GAAG,KAAK;YACN,OAAO,EAAE,UAAU,YAAY,CAAC,yBAAyB,EAAE,MAAM,CAC1E,IAAG,KAAK,QAAQ,EAAE;;AAGtB,MAAI,EAAE,aAAa,KAAA;OACb,EAAE,aAAa,QAAS,OAAO,EAAE,aAAa,YAAY,CAAC,EAAE,SAAS,MAAM,CAC9E,QAAO,GAAG,KAAK;YACN,OAAO,EAAE,aAAa,YAAY,CAAC,yBAAyB,EAAE,SAAS,CAChF,IAAG,KAAK,WAAW,EAAE;;AAGzB,MAAI,EAAE,cAAc,KAAA,KAAa,OAAO,EAAE,cAAc,YAAY,EAAE,cAAc,MAAM;GACxF,MAAM,OAAO,EAAE;AACf,OAAI,CAAC,GAAG,KAAK,UACX,IAAG,KAAK,YAAY;IAClB,SAAS;IACT,aAAa;IACb,UAAU;IACV,iBAAiB;IACjB,iBAAiB;IACjB,gBAAgB;IACjB;GAEH,MAAM,KAAK,GAAG,KAAK;AACnB,OAAI,KAAK,YAAY,KAAA,EAAW,IAAG,UAAU,QAAQ,KAAK,QAAQ;AAClE,OAAI,OAAO,KAAK,gBAAgB,YAAY,OAAO,SAAS,KAAK,YAAY,CAC3E,IAAG,cAAc,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,YAAY,CAAC;AAE5D,OAAI,OAAO,KAAK,aAAa,YAAY,OAAO,SAAS,KAAK,SAAS,IAAI,KAAK,WAAW,EACzF,IAAG,WAAW,KAAK,MAAM,KAAK,SAAS;AAEzC,OACE,OAAO,KAAK,oBAAoB,YAChC,OAAO,SAAS,KAAK,gBAAgB,IACrC,KAAK,kBAAkB,EAEvB,IAAG,kBAAkB,KAAK,MAAM,KAAK,gBAAgB;AAEvD,OACE,OAAO,KAAK,cAAc,YAC1B,OAAO,SAAS,KAAK,UAAU,IAC/B,KAAK,YAAY,EAEjB,IAAG,kBAAkB,KAAK,MAAM,KAAK,UAAU;AAEjD,OAAI,KAAK,mBAAmB,KAAA,EAC1B,IAAG,iBAAiB,QAAQ,KAAK,eAAe;;AAGpD,MAAI,EAAE,iBAAiB,KAAA;OACjB,EAAE,iBAAiB,KACrB,QAAO,GAAG,KAAK;YACN,OAAO,EAAE,iBAAiB,YAAY,EAAE,iBAAiB,MAAM;IACxE,MAAM,OAAO,EAAE;IACf,MAAM,aACJ,OAAO,KAAK,eAAe,WAAW,KAAK,WAAW,MAAM,GAAG;AACjE,QAAI,CAAC,WACH,QAAO,WAAW,mDAAmD;IAEvE,MAAM,eAA8D,EAClE,YACD;AACD,QAAI,KAAK,oBAAoB,KAAA,GAAW;AACtC,SAAI,CAAC,MAAM,QAAQ,KAAK,gBAAgB,CACtC,QAAO,WAAW,6DAA6D;AAEjF,kBAAa,kBAAkB,KAAK,gBACjC,QAAQ,MAAmB,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACxE,KAAK,MAAM,EAAE,MAAM,CAAC;;AAEzB,QAAI,KAAK,eAAe,KAAA,GAAW;AACjC,SAAI,CAAC,MAAM,QAAQ,KAAK,WAAW,CACjC,QAAO,WAAW,wDAAwD;AAE5E,kBAAa,aAAa,KAAK,WAC5B,QAAQ,MAAmB,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACxE,KAAK,MAAM,EAAE,MAAM,CAAC;;AAEzB,QAAI,KAAK,kBAAkB,KAAA,EACzB,cAAa,gBAAgB,QAAQ,KAAK,cAAc;AAE1D,OAAG,KAAK,eAAe;;;;AAK7B,KAAI,KAAK,SAAS,mBAAmB,KAAA,GAAW;AAC9C,MAAI,CAAC,MAAM,QAAQ,KAAK,QAAQ,eAAe,CAC7C,QAAO,WAAW,0CAA0C;EAE9D,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,iBAAiB,KAAK,QAAQ,eAC9B,QAAQ,MAA4B,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACjF,KAAK,MAAc,EAAE,MAAM,CAAC;;AAGjC,KAAI,KAAK,SAAS,wBAAwB,KAAA,GAAW;EACnD,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,sBAAsB,QAAQ,KAAK,QAAQ,oBAAoB;;AAGpE,KAAI,KAAK,SAAS,6CAA6C,KAAA,GAAW;EACxE,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,2CAA2C,QAC5C,KAAK,QAAQ,yCACd;;AAGH,KAAI,KAAK,SAAS,aAAa,KAAA,GAAW;AACxC,MAAI,OAAO,KAAK,QAAQ,aAAa,YAAY,KAAK,QAAQ,aAAa,KACzE,QAAO,WAAW,qCAAqC;EAEzD,MAAM,KAAK,cAAc,OAAO;EAChC,MAAM,QAAQ,KAAK,QAAQ;AAC3B,MAAI,CAAC,GAAG,SACN,IAAG,WAAW,EAAE;AAElB,MAAI,MAAM,WAAW,KAAA,EACnB,IAAG,SAAS,SAAS,QAAQ,MAAM,OAAO;;AAI9C,KAAI,KAAK,SAAS,UAAU,KAAA,GAAW;AACrC,MAAI,OAAO,KAAK,QAAQ,UAAU,YAAY,KAAK,QAAQ,UAAU,QAAQ,MAAM,QAAQ,KAAK,QAAQ,MAAM,CAC5G,QAAO,WAAW,kCAAkC;EAEtD,MAAM,cAAc,sBAAsB,QAAQ,KAAK,QAAQ,MAAiC;AAChG,MAAI,YAAY,OAAO,MACrB,QAAO,WAAW,YAAY,QAAQ;;AAI1C,KAAI,KAAK,SAAS,gBAAgB,KAAA,GAAW;AAC3C,MAAI,CAAC,MAAM,QAAQ,KAAK,QAAQ,YAAY,CAC1C,QAAO,WAAW,uCAAuC;EAE3D,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,cAAc,KAAK,QAAQ,YAC3B,QAAQ,MAA4B,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACjF,KAAK,MAAc,EAAE,MAAM,CAAC;;AAGjC,KAAI,KAAK,SAAS,sBAAsB,KAAA,GAAW;AACjD,MACE,OAAO,KAAK,QAAQ,sBAAsB,YAC1C,CAAC,OAAO,SAAS,KAAK,QAAQ,kBAAkB,IAChD,KAAK,QAAQ,oBAAoB,EAEjC,QAAO,WAAW,uDAAuD;AAE3E,MAAI,CAAC,OAAO,QACV,QAAO,UAAU;GACf,MAAM;GACN,MAAM;GACN,WAAW;IAAE,SAAS;IAAM,YAAY;IAAW,4BAA4B;IAAO;GACtF,mBAAmB,KAAK,MAAM,KAAK,QAAQ,kBAAkB;GAC7D,aAAa,EAAE;GAChB;MAED,QAAO,QAAQ,oBAAoB,KAAK,MAAM,KAAK,QAAQ,kBAAkB;;AAIjF,KAAI,KAAK,SAAS,4BAA4B,KAAA,GAAW;EACvD,MAAM,OAAO,KAAK,QAAQ;AAC1B,MAAI,SAAS,UAAU,SAAS,SAAS,SAAS,WAChD,QAAO,WAAW,iEAAiE;EAErF,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,0BAA0B;;AAG/B,KAAI,KAAK,SAAS,2BAA2B,KAAA,GAAW;EACtD,MAAM,MAAM,iBAAiB,KAAK,QAAQ,uBAAuB;AACjE,MAAI,QAAQ,KACV,QAAO,WAAW,sEAAsE;EAE1F,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,yBAAyB;;AAG9B,KAAI,KAAK,SAAS,+BAA+B,KAAA,GAAW;EAC1D,MAAM,MAAM,iBAAiB,KAAK,QAAQ,2BAA2B;AACrE,MAAI,QAAQ,KACV,QAAO,WAAW,0EAA0E;EAE9F,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,6BAA6B;;AAGlC,QAAO"}
1
+ {"version":3,"file":"gateway.js","names":[],"sources":["../../../../../../src/gateway/hono/routes/config-patch/gateway.ts"],"sourcesContent":["/**\n * `PATCH /api/config` — `body.gateway.*` section.\n *\n * Covers heartbeat, bind/customBindHost/port, tailscale, auth (mode + token +\n * password + rateLimit + trustedProxy), trustedProxies, allowRealIpFallback,\n * dangerouslyAllowHostHeaderOriginFallback, security, share, publicUrl,\n * corsOrigins, maxSseConnections, and channelConnectDefer{Mode,Ids,SkipIds}.\n *\n * Validation policy: each subsection that can reject rejects with a 400 and a\n * specific `message`. The dispatcher converts these into `c.json(...)`.\n *\n * Initial-state branches use the same literal defaults the inline code did\n * (loopback + port 18790 + 1800s heartbeat + 100 SSE conn + empty CORS) so\n * a brand-new install gets a working gateway after the first PATCH.\n */\nimport type { Config, GatewayBindMode } from '../../../../config/schema.js';\nimport { isValidIPv4 } from '../../../../config/gateway-bind.js';\nimport { validatePublicUrl } from '../../../../config/public-url.js';\nimport { mergeShareConfigPatch } from '../../../../share/share-config.js';\nimport { isMaskedSecretPatchValue } from '../../lib/mask-secret-length.js';\nimport { type PatchResult, PATCH_OK, patchError } from './result.js';\n\n/**\n * Shared default for \"user PATCH'd a gateway subsection but `config.gateway`\n * was never initialised\". Identical to the inline literal repeated in the\n * pre-extraction handler so this is behavior-preserving.\n */\nfunction ensureGateway(config: Config): NonNullable<Config['gateway']> {\n if (!config.gateway) {\n config.gateway = {\n bind: 'loopback',\n port: 18790,\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: 100,\n corsOrigins: [],\n };\n }\n return config.gateway;\n}\n\nfunction parseDeferIdList(raw: unknown): string[] | null {\n if (!Array.isArray(raw)) return null;\n const ids = raw\n .filter((x): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x) => x.trim());\n if (ids.length > 24) return null;\n return ids;\n}\n\nexport function applyGatewayPatch(config: Config, body: any): PatchResult {\n if (body.gateway?.heartbeat !== undefined && typeof body.gateway.heartbeat === 'object') {\n const gw = ensureGateway(config);\n if (!gw.heartbeat) {\n gw.heartbeat = { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false };\n }\n const h = gw.heartbeat;\n const p = body.gateway.heartbeat as Record<string, unknown>;\n if (p.enabled !== undefined) h.enabled = Boolean(p.enabled);\n if (p.intervalMs !== undefined && typeof p.intervalMs === 'number' && Number.isFinite(p.intervalMs)) {\n h.intervalMs = p.intervalMs;\n }\n if (p.includeSystemPromptSection !== undefined) {\n h.includeSystemPromptSection = Boolean(p.includeSystemPromptSection);\n }\n if (p.target !== undefined) {\n if (p.target === null || p.target === '') delete (h as { target?: string }).target;\n else (h as { target?: string }).target = String(p.target);\n }\n if (p.targetChatId !== undefined) {\n if (p.targetChatId === null || p.targetChatId === '') delete (h as { targetChatId?: string }).targetChatId;\n else (h as { targetChatId?: string }).targetChatId = String(p.targetChatId);\n }\n if (p.prompt !== undefined) {\n if (p.prompt === null || p.prompt === '') delete (h as { prompt?: string }).prompt;\n else (h as { prompt?: string }).prompt = String(p.prompt);\n }\n if (p.ackMaxChars !== undefined) {\n if (p.ackMaxChars === null || p.ackMaxChars === '') delete (h as { ackMaxChars?: number }).ackMaxChars;\n else if (typeof p.ackMaxChars === 'number' && Number.isFinite(p.ackMaxChars)) {\n (h as { ackMaxChars?: number }).ackMaxChars = p.ackMaxChars;\n }\n }\n if (p.isolatedSession !== undefined) {\n if (p.isolatedSession === null || p.isolatedSession === false) {\n delete (h as { isolatedSession?: boolean }).isolatedSession;\n } else {\n (h as { isolatedSession?: boolean }).isolatedSession = Boolean(p.isolatedSession);\n }\n }\n if (p.activeHours !== undefined) {\n if (p.activeHours === null) {\n delete (h as { activeHours?: unknown }).activeHours;\n } else if (typeof p.activeHours === 'object' && p.activeHours !== null) {\n const ah = p.activeHours as Record<string, unknown>;\n const start = typeof ah.start === 'string' ? ah.start : '';\n const end = typeof ah.end === 'string' ? ah.end : '';\n if (start && end) {\n (h as { activeHours?: { start: string; end: string; timezone?: string } }).activeHours = {\n start,\n end,\n ...(typeof ah.timezone === 'string' && ah.timezone.trim() ? { timezone: ah.timezone } : {}),\n };\n } else {\n delete (h as { activeHours?: unknown }).activeHours;\n }\n }\n }\n }\n\n if (body.gateway?.bind !== undefined) {\n const bindModes = new Set(['auto', 'loopback', 'lan', 'tailnet', 'custom']);\n const bind = body.gateway.bind;\n if (typeof bind !== 'string' || !bindModes.has(bind)) {\n return patchError('gateway.bind must be one of: auto, loopback, lan, tailnet, custom');\n }\n if (!config.gateway) {\n config.gateway = {\n bind: bind as GatewayBindMode,\n port: 18790,\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: 100,\n corsOrigins: [],\n };\n } else {\n config.gateway.bind = bind as GatewayBindMode;\n }\n if (bind !== 'custom') {\n delete config.gateway.customBindHost;\n }\n }\n\n if (body.gateway?.customBindHost !== undefined) {\n if (body.gateway.customBindHost === null || body.gateway.customBindHost === '') {\n if (config.gateway) {\n delete config.gateway.customBindHost;\n }\n } else if (typeof body.gateway.customBindHost !== 'string' || !isValidIPv4(body.gateway.customBindHost.trim())) {\n return patchError('gateway.customBindHost must be a valid IPv4 address');\n } else if (config.gateway) {\n config.gateway.customBindHost = body.gateway.customBindHost.trim();\n config.gateway.bind = 'custom';\n }\n }\n\n if (body.gateway?.port !== undefined) {\n if (\n typeof body.gateway.port !== 'number' ||\n !Number.isFinite(body.gateway.port) ||\n body.gateway.port < 1 ||\n body.gateway.port > 65535\n ) {\n return patchError('gateway.port must be an integer from 1 to 65535');\n }\n if (!config.gateway) {\n config.gateway = {\n bind: 'loopback',\n port: Math.floor(body.gateway.port),\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: 100,\n corsOrigins: [],\n };\n } else {\n config.gateway.port = Math.floor(body.gateway.port);\n }\n }\n\n if (body.gateway?.tailscale !== undefined && typeof body.gateway.tailscale === 'object') {\n const ts = body.gateway.tailscale as Record<string, unknown>;\n if (!config.gateway) {\n config.gateway = {\n bind: 'loopback',\n port: 18790,\n auth: { mode: 'token' },\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: 100,\n corsOrigins: [],\n };\n }\n config.gateway.tailscale = {\n ...(config.gateway.tailscale ?? { mode: 'off', resetOnExit: true }),\n };\n if (ts.mode !== undefined) {\n if (ts.mode !== 'off' && ts.mode !== 'serve' && ts.mode !== 'funnel') {\n return patchError('gateway.tailscale.mode must be off, serve, or funnel');\n }\n config.gateway.tailscale.mode = ts.mode as 'off' | 'serve' | 'funnel';\n }\n if (ts.resetOnExit !== undefined) {\n config.gateway.tailscale.resetOnExit = ts.resetOnExit === true;\n }\n }\n\n if (body.gateway?.auth !== undefined) {\n const gw = ensureGateway(config);\n if (!gw.auth) gw.auth = { mode: 'token' };\n const a = body.gateway.auth;\n if (a.mode !== undefined) {\n if (\n a.mode !== 'none' &&\n a.mode !== 'token' &&\n a.mode !== 'password' &&\n a.mode !== 'trusted-proxy'\n ) {\n return patchError('gateway.auth.mode must be none, token, password, or trusted-proxy');\n }\n gw.auth.mode = a.mode;\n }\n if (a.token !== undefined) {\n if (a.token === null || (typeof a.token === 'string' && !a.token.trim())) {\n delete gw.auth.token;\n } else if (typeof a.token === 'string' && !isMaskedSecretPatchValue(a.token)) {\n gw.auth.token = a.token;\n }\n }\n if (a.password !== undefined) {\n if (a.password === null || (typeof a.password === 'string' && !a.password.trim())) {\n delete gw.auth.password;\n } else if (typeof a.password === 'string' && !isMaskedSecretPatchValue(a.password)) {\n gw.auth.password = a.password;\n }\n }\n if (a.rateLimit !== undefined && typeof a.rateLimit === 'object' && a.rateLimit !== null) {\n const rlIn = a.rateLimit as Record<string, unknown>;\n if (!gw.auth.rateLimit) {\n gw.auth.rateLimit = {\n enabled: true,\n maxAttempts: 5,\n windowMs: 900_000,\n blockDurationMs: 300_000,\n burstCoalesceMs: 1000,\n exemptLoopback: true,\n };\n }\n const rl = gw.auth.rateLimit!;\n if (rlIn.enabled !== undefined) rl.enabled = Boolean(rlIn.enabled);\n if (typeof rlIn.maxAttempts === 'number' && Number.isFinite(rlIn.maxAttempts)) {\n rl.maxAttempts = Math.max(1, Math.floor(rlIn.maxAttempts));\n }\n if (typeof rlIn.windowMs === 'number' && Number.isFinite(rlIn.windowMs) && rlIn.windowMs > 0) {\n rl.windowMs = Math.floor(rlIn.windowMs);\n }\n if (\n typeof rlIn.blockDurationMs === 'number' &&\n Number.isFinite(rlIn.blockDurationMs) &&\n rlIn.blockDurationMs > 0\n ) {\n rl.blockDurationMs = Math.floor(rlIn.blockDurationMs);\n }\n if (\n typeof rlIn.lockoutMs === 'number' &&\n Number.isFinite(rlIn.lockoutMs) &&\n rlIn.lockoutMs > 0\n ) {\n rl.blockDurationMs = Math.floor(rlIn.lockoutMs);\n }\n if (rlIn.exemptLoopback !== undefined) {\n rl.exemptLoopback = Boolean(rlIn.exemptLoopback);\n }\n }\n if (a.trustedProxy !== undefined) {\n if (a.trustedProxy === null) {\n delete gw.auth.trustedProxy;\n } else if (typeof a.trustedProxy === 'object' && a.trustedProxy !== null) {\n const tpIn = a.trustedProxy as Record<string, unknown>;\n const userHeader =\n typeof tpIn.userHeader === 'string' ? tpIn.userHeader.trim() : '';\n if (!userHeader) {\n return patchError('gateway.auth.trustedProxy.userHeader is required');\n }\n const trustedProxy: NonNullable<(typeof gw.auth)['trustedProxy']> = {\n userHeader,\n };\n if (tpIn.requiredHeaders !== undefined) {\n if (!Array.isArray(tpIn.requiredHeaders)) {\n return patchError('gateway.auth.trustedProxy.requiredHeaders must be an array');\n }\n trustedProxy.requiredHeaders = tpIn.requiredHeaders\n .filter((x): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x) => x.trim());\n }\n if (tpIn.allowUsers !== undefined) {\n if (!Array.isArray(tpIn.allowUsers)) {\n return patchError('gateway.auth.trustedProxy.allowUsers must be an array');\n }\n trustedProxy.allowUsers = tpIn.allowUsers\n .filter((x): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x) => x.trim());\n }\n if (tpIn.allowLoopback !== undefined) {\n trustedProxy.allowLoopback = Boolean(tpIn.allowLoopback);\n }\n gw.auth.trustedProxy = trustedProxy;\n }\n }\n }\n\n if (body.gateway?.trustedProxies !== undefined) {\n if (!Array.isArray(body.gateway.trustedProxies)) {\n return patchError('gateway.trustedProxies must be an array');\n }\n const gw = ensureGateway(config);\n gw.trustedProxies = body.gateway.trustedProxies\n .filter((x: unknown): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x: string) => x.trim());\n }\n\n if (body.gateway?.allowRealIpFallback !== undefined) {\n const gw = ensureGateway(config);\n gw.allowRealIpFallback = Boolean(body.gateway.allowRealIpFallback);\n }\n\n if (body.gateway?.dangerouslyAllowHostHeaderOriginFallback !== undefined) {\n const gw = ensureGateway(config);\n gw.dangerouslyAllowHostHeaderOriginFallback = Boolean(\n body.gateway.dangerouslyAllowHostHeaderOriginFallback,\n );\n }\n\n if (body.gateway?.security !== undefined) {\n if (typeof body.gateway.security !== 'object' || body.gateway.security === null) {\n return patchError('gateway.security must be an object');\n }\n const gw = ensureGateway(config);\n const secIn = body.gateway.security as Record<string, unknown>;\n if (!gw.security) {\n gw.security = {};\n }\n if (secIn.strict !== undefined) {\n gw.security.strict = Boolean(secIn.strict);\n }\n }\n\n if (body.gateway?.share !== undefined) {\n if (typeof body.gateway.share !== 'object' || body.gateway.share === null || Array.isArray(body.gateway.share)) {\n return patchError('gateway.share must be an object');\n }\n const shareResult = mergeShareConfigPatch(config, body.gateway.share as Record<string, unknown>);\n if (shareResult.ok === false) {\n return patchError(shareResult.message);\n }\n }\n\n if (body.gateway?.publicUrl !== undefined) {\n const gw = ensureGateway(config);\n if (body.gateway.publicUrl === null || body.gateway.publicUrl === '') {\n delete gw.publicUrl;\n } else if (typeof body.gateway.publicUrl !== 'string') {\n return patchError('gateway.publicUrl must be a string or null');\n } else {\n const validation = validatePublicUrl(body.gateway.publicUrl);\n if (validation.ok === false) {\n return patchError(`gateway.publicUrl: ${validation.message}`);\n }\n gw.publicUrl = validation.url;\n }\n }\n\n if (body.gateway?.corsOrigins !== undefined) {\n if (!Array.isArray(body.gateway.corsOrigins)) {\n return patchError('gateway.corsOrigins must be an array');\n }\n const gw = ensureGateway(config);\n gw.corsOrigins = body.gateway.corsOrigins\n .filter((x: unknown): x is string => typeof x === 'string' && x.trim().length > 0)\n .map((x: string) => x.trim());\n }\n\n if (body.gateway?.maxSseConnections !== undefined) {\n if (\n typeof body.gateway.maxSseConnections !== 'number' ||\n !Number.isFinite(body.gateway.maxSseConnections) ||\n body.gateway.maxSseConnections < 1\n ) {\n return patchError('gateway.maxSseConnections must be a positive integer');\n }\n if (!config.gateway) {\n config.gateway = {\n bind: 'loopback',\n port: 18790,\n heartbeat: { enabled: true, intervalMs: 1_800_000, includeSystemPromptSection: false },\n maxSseConnections: Math.floor(body.gateway.maxSseConnections),\n corsOrigins: [],\n };\n } else {\n config.gateway.maxSseConnections = Math.floor(body.gateway.maxSseConnections);\n }\n }\n\n if (body.gateway?.channelConnectDeferMode !== undefined) {\n const mode = body.gateway.channelConnectDeferMode;\n if (mode !== 'auto' && mode !== 'off' && mode !== 'explicit') {\n return patchError('gateway.channelConnectDeferMode must be auto, off, or explicit');\n }\n const gw = ensureGateway(config);\n gw.channelConnectDeferMode = mode;\n }\n\n if (body.gateway?.channelConnectDeferIds !== undefined) {\n const ids = parseDeferIdList(body.gateway.channelConnectDeferIds);\n if (ids === null) {\n return patchError('gateway.channelConnectDeferIds must be an array of up to 24 strings');\n }\n const gw = ensureGateway(config);\n gw.channelConnectDeferIds = ids;\n }\n\n if (body.gateway?.channelConnectDeferSkipIds !== undefined) {\n const ids = parseDeferIdList(body.gateway.channelConnectDeferSkipIds);\n if (ids === null) {\n return patchError('gateway.channelConnectDeferSkipIds must be an array of up to 24 strings');\n }\n const gw = ensureGateway(config);\n gw.channelConnectDeferSkipIds = ids;\n }\n\n return PATCH_OK;\n}\n"],"mappings":";;;;;;iBAiBqE;;;;;;AAUrE,SAAS,cAAc,QAAgD;AACrE,KAAI,CAAC,OAAO,QACV,QAAO,UAAU;EACf,MAAM;EACN,MAAM;EACN,WAAW;GAAE,SAAS;GAAM,YAAY;GAAW,4BAA4B;GAAO;EACtF,mBAAmB;EACnB,aAAa,EAAE;EAChB;AAEH,QAAO,OAAO;;AAGhB,SAAS,iBAAiB,KAA+B;AACvD,KAAI,CAAC,MAAM,QAAQ,IAAI,CAAE,QAAO;CAChC,MAAM,MAAM,IACT,QAAQ,MAAmB,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACxE,KAAK,MAAM,EAAE,MAAM,CAAC;AACvB,KAAI,IAAI,SAAS,GAAI,QAAO;AAC5B,QAAO;;AAGT,SAAgB,kBAAkB,QAAgB,MAAwB;AACxE,KAAI,KAAK,SAAS,cAAc,KAAA,KAAa,OAAO,KAAK,QAAQ,cAAc,UAAU;EACvF,MAAM,KAAK,cAAc,OAAO;AAChC,MAAI,CAAC,GAAG,UACN,IAAG,YAAY;GAAE,SAAS;GAAM,YAAY;GAAW,4BAA4B;GAAO;EAE5F,MAAM,IAAI,GAAG;EACb,MAAM,IAAI,KAAK,QAAQ;AACvB,MAAI,EAAE,YAAY,KAAA,EAAW,GAAE,UAAU,QAAQ,EAAE,QAAQ;AAC3D,MAAI,EAAE,eAAe,KAAA,KAAa,OAAO,EAAE,eAAe,YAAY,OAAO,SAAS,EAAE,WAAW,CACjG,GAAE,aAAa,EAAE;AAEnB,MAAI,EAAE,+BAA+B,KAAA,EACnC,GAAE,6BAA6B,QAAQ,EAAE,2BAA2B;AAEtE,MAAI,EAAE,WAAW,KAAA,EACf,KAAI,EAAE,WAAW,QAAQ,EAAE,WAAW,GAAI,QAAQ,EAA0B;MACtE,GAA0B,SAAS,OAAO,EAAE,OAAO;AAE3D,MAAI,EAAE,iBAAiB,KAAA,EACrB,KAAI,EAAE,iBAAiB,QAAQ,EAAE,iBAAiB,GAAI,QAAQ,EAAgC;MACxF,GAAgC,eAAe,OAAO,EAAE,aAAa;AAE7E,MAAI,EAAE,WAAW,KAAA,EACf,KAAI,EAAE,WAAW,QAAQ,EAAE,WAAW,GAAI,QAAQ,EAA0B;MACtE,GAA0B,SAAS,OAAO,EAAE,OAAO;AAE3D,MAAI,EAAE,gBAAgB,KAAA;OAChB,EAAE,gBAAgB,QAAQ,EAAE,gBAAgB,GAAI,QAAQ,EAA+B;YAClF,OAAO,EAAE,gBAAgB,YAAY,OAAO,SAAS,EAAE,YAAY,CACzE,GAA+B,cAAc,EAAE;;AAGpD,MAAI,EAAE,oBAAoB,KAAA,EACxB,KAAI,EAAE,oBAAoB,QAAQ,EAAE,oBAAoB,MACtD,QAAQ,EAAoC;MAE3C,GAAoC,kBAAkB,QAAQ,EAAE,gBAAgB;AAGrF,MAAI,EAAE,gBAAgB,KAAA;OAChB,EAAE,gBAAgB,KACpB,QAAQ,EAAgC;YAC/B,OAAO,EAAE,gBAAgB,YAAY,EAAE,gBAAgB,MAAM;IACtE,MAAM,KAAK,EAAE;IACb,MAAM,QAAQ,OAAO,GAAG,UAAU,WAAW,GAAG,QAAQ;IACxD,MAAM,MAAM,OAAO,GAAG,QAAQ,WAAW,GAAG,MAAM;AAClD,QAAI,SAAS,IACV,GAA0E,cAAc;KACvF;KACA;KACA,GAAI,OAAO,GAAG,aAAa,YAAY,GAAG,SAAS,MAAM,GAAG,EAAE,UAAU,GAAG,UAAU,GAAG,EAAE;KAC3F;QAED,QAAQ,EAAgC;;;;AAMhD,KAAI,KAAK,SAAS,SAAS,KAAA,GAAW;EACpC,MAAM,YAAY,IAAI,IAAI;GAAC;GAAQ;GAAY;GAAO;GAAW;GAAS,CAAC;EAC3E,MAAM,OAAO,KAAK,QAAQ;AAC1B,MAAI,OAAO,SAAS,YAAY,CAAC,UAAU,IAAI,KAAK,CAClD,QAAO,WAAW,oEAAoE;AAExF,MAAI,CAAC,OAAO,QACV,QAAO,UAAU;GACT;GACN,MAAM;GACN,WAAW;IAAE,SAAS;IAAM,YAAY;IAAW,4BAA4B;IAAO;GACtF,mBAAmB;GACnB,aAAa,EAAE;GAChB;MAED,QAAO,QAAQ,OAAO;AAExB,MAAI,SAAS,SACX,QAAO,OAAO,QAAQ;;AAI1B,KAAI,KAAK,SAAS,mBAAmB,KAAA;MAC/B,KAAK,QAAQ,mBAAmB,QAAQ,KAAK,QAAQ,mBAAmB;OACtE,OAAO,QACT,QAAO,OAAO,QAAQ;aAEf,OAAO,KAAK,QAAQ,mBAAmB,YAAY,CAAC,YAAY,KAAK,QAAQ,eAAe,MAAM,CAAC,CAC5G,QAAO,WAAW,sDAAsD;WAC/D,OAAO,SAAS;AACzB,UAAO,QAAQ,iBAAiB,KAAK,QAAQ,eAAe,MAAM;AAClE,UAAO,QAAQ,OAAO;;;AAI1B,KAAI,KAAK,SAAS,SAAS,KAAA,GAAW;AACpC,MACE,OAAO,KAAK,QAAQ,SAAS,YAC7B,CAAC,OAAO,SAAS,KAAK,QAAQ,KAAK,IACnC,KAAK,QAAQ,OAAO,KACpB,KAAK,QAAQ,OAAO,MAEpB,QAAO,WAAW,kDAAkD;AAEtE,MAAI,CAAC,OAAO,QACV,QAAO,UAAU;GACf,MAAM;GACN,MAAM,KAAK,MAAM,KAAK,QAAQ,KAAK;GACnC,WAAW;IAAE,SAAS;IAAM,YAAY;IAAW,4BAA4B;IAAO;GACtF,mBAAmB;GACnB,aAAa,EAAE;GAChB;MAED,QAAO,QAAQ,OAAO,KAAK,MAAM,KAAK,QAAQ,KAAK;;AAIvD,KAAI,KAAK,SAAS,cAAc,KAAA,KAAa,OAAO,KAAK,QAAQ,cAAc,UAAU;EACvF,MAAM,KAAK,KAAK,QAAQ;AACxB,MAAI,CAAC,OAAO,QACV,QAAO,UAAU;GACf,MAAM;GACN,MAAM;GACN,MAAM,EAAE,MAAM,SAAS;GACvB,WAAW;IAAE,SAAS;IAAM,YAAY;IAAW,4BAA4B;IAAO;GACtF,mBAAmB;GACnB,aAAa,EAAE;GAChB;AAEH,SAAO,QAAQ,YAAY,EACzB,GAAI,OAAO,QAAQ,aAAa;GAAE,MAAM;GAAO,aAAa;GAAM,EACnE;AACD,MAAI,GAAG,SAAS,KAAA,GAAW;AACzB,OAAI,GAAG,SAAS,SAAS,GAAG,SAAS,WAAW,GAAG,SAAS,SAC1D,QAAO,WAAW,uDAAuD;AAE3E,UAAO,QAAQ,UAAU,OAAO,GAAG;;AAErC,MAAI,GAAG,gBAAgB,KAAA,EACrB,QAAO,QAAQ,UAAU,cAAc,GAAG,gBAAgB;;AAI9D,KAAI,KAAK,SAAS,SAAS,KAAA,GAAW;EACpC,MAAM,KAAK,cAAc,OAAO;AAChC,MAAI,CAAC,GAAG,KAAM,IAAG,OAAO,EAAE,MAAM,SAAS;EACzC,MAAM,IAAI,KAAK,QAAQ;AACvB,MAAI,EAAE,SAAS,KAAA,GAAW;AACxB,OACE,EAAE,SAAS,UACX,EAAE,SAAS,WACX,EAAE,SAAS,cACX,EAAE,SAAS,gBAEX,QAAO,WAAW,oEAAoE;AAExF,MAAG,KAAK,OAAO,EAAE;;AAEnB,MAAI,EAAE,UAAU,KAAA;OACV,EAAE,UAAU,QAAS,OAAO,EAAE,UAAU,YAAY,CAAC,EAAE,MAAM,MAAM,CACrE,QAAO,GAAG,KAAK;YACN,OAAO,EAAE,UAAU,YAAY,CAAC,yBAAyB,EAAE,MAAM,CAC1E,IAAG,KAAK,QAAQ,EAAE;;AAGtB,MAAI,EAAE,aAAa,KAAA;OACb,EAAE,aAAa,QAAS,OAAO,EAAE,aAAa,YAAY,CAAC,EAAE,SAAS,MAAM,CAC9E,QAAO,GAAG,KAAK;YACN,OAAO,EAAE,aAAa,YAAY,CAAC,yBAAyB,EAAE,SAAS,CAChF,IAAG,KAAK,WAAW,EAAE;;AAGzB,MAAI,EAAE,cAAc,KAAA,KAAa,OAAO,EAAE,cAAc,YAAY,EAAE,cAAc,MAAM;GACxF,MAAM,OAAO,EAAE;AACf,OAAI,CAAC,GAAG,KAAK,UACX,IAAG,KAAK,YAAY;IAClB,SAAS;IACT,aAAa;IACb,UAAU;IACV,iBAAiB;IACjB,iBAAiB;IACjB,gBAAgB;IACjB;GAEH,MAAM,KAAK,GAAG,KAAK;AACnB,OAAI,KAAK,YAAY,KAAA,EAAW,IAAG,UAAU,QAAQ,KAAK,QAAQ;AAClE,OAAI,OAAO,KAAK,gBAAgB,YAAY,OAAO,SAAS,KAAK,YAAY,CAC3E,IAAG,cAAc,KAAK,IAAI,GAAG,KAAK,MAAM,KAAK,YAAY,CAAC;AAE5D,OAAI,OAAO,KAAK,aAAa,YAAY,OAAO,SAAS,KAAK,SAAS,IAAI,KAAK,WAAW,EACzF,IAAG,WAAW,KAAK,MAAM,KAAK,SAAS;AAEzC,OACE,OAAO,KAAK,oBAAoB,YAChC,OAAO,SAAS,KAAK,gBAAgB,IACrC,KAAK,kBAAkB,EAEvB,IAAG,kBAAkB,KAAK,MAAM,KAAK,gBAAgB;AAEvD,OACE,OAAO,KAAK,cAAc,YAC1B,OAAO,SAAS,KAAK,UAAU,IAC/B,KAAK,YAAY,EAEjB,IAAG,kBAAkB,KAAK,MAAM,KAAK,UAAU;AAEjD,OAAI,KAAK,mBAAmB,KAAA,EAC1B,IAAG,iBAAiB,QAAQ,KAAK,eAAe;;AAGpD,MAAI,EAAE,iBAAiB,KAAA;OACjB,EAAE,iBAAiB,KACrB,QAAO,GAAG,KAAK;YACN,OAAO,EAAE,iBAAiB,YAAY,EAAE,iBAAiB,MAAM;IACxE,MAAM,OAAO,EAAE;IACf,MAAM,aACJ,OAAO,KAAK,eAAe,WAAW,KAAK,WAAW,MAAM,GAAG;AACjE,QAAI,CAAC,WACH,QAAO,WAAW,mDAAmD;IAEvE,MAAM,eAA8D,EAClE,YACD;AACD,QAAI,KAAK,oBAAoB,KAAA,GAAW;AACtC,SAAI,CAAC,MAAM,QAAQ,KAAK,gBAAgB,CACtC,QAAO,WAAW,6DAA6D;AAEjF,kBAAa,kBAAkB,KAAK,gBACjC,QAAQ,MAAmB,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACxE,KAAK,MAAM,EAAE,MAAM,CAAC;;AAEzB,QAAI,KAAK,eAAe,KAAA,GAAW;AACjC,SAAI,CAAC,MAAM,QAAQ,KAAK,WAAW,CACjC,QAAO,WAAW,wDAAwD;AAE5E,kBAAa,aAAa,KAAK,WAC5B,QAAQ,MAAmB,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACxE,KAAK,MAAM,EAAE,MAAM,CAAC;;AAEzB,QAAI,KAAK,kBAAkB,KAAA,EACzB,cAAa,gBAAgB,QAAQ,KAAK,cAAc;AAE1D,OAAG,KAAK,eAAe;;;;AAK7B,KAAI,KAAK,SAAS,mBAAmB,KAAA,GAAW;AAC9C,MAAI,CAAC,MAAM,QAAQ,KAAK,QAAQ,eAAe,CAC7C,QAAO,WAAW,0CAA0C;EAE9D,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,iBAAiB,KAAK,QAAQ,eAC9B,QAAQ,MAA4B,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACjF,KAAK,MAAc,EAAE,MAAM,CAAC;;AAGjC,KAAI,KAAK,SAAS,wBAAwB,KAAA,GAAW;EACnD,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,sBAAsB,QAAQ,KAAK,QAAQ,oBAAoB;;AAGpE,KAAI,KAAK,SAAS,6CAA6C,KAAA,GAAW;EACxE,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,2CAA2C,QAC5C,KAAK,QAAQ,yCACd;;AAGH,KAAI,KAAK,SAAS,aAAa,KAAA,GAAW;AACxC,MAAI,OAAO,KAAK,QAAQ,aAAa,YAAY,KAAK,QAAQ,aAAa,KACzE,QAAO,WAAW,qCAAqC;EAEzD,MAAM,KAAK,cAAc,OAAO;EAChC,MAAM,QAAQ,KAAK,QAAQ;AAC3B,MAAI,CAAC,GAAG,SACN,IAAG,WAAW,EAAE;AAElB,MAAI,MAAM,WAAW,KAAA,EACnB,IAAG,SAAS,SAAS,QAAQ,MAAM,OAAO;;AAI9C,KAAI,KAAK,SAAS,UAAU,KAAA,GAAW;AACrC,MAAI,OAAO,KAAK,QAAQ,UAAU,YAAY,KAAK,QAAQ,UAAU,QAAQ,MAAM,QAAQ,KAAK,QAAQ,MAAM,CAC5G,QAAO,WAAW,kCAAkC;EAEtD,MAAM,cAAc,sBAAsB,QAAQ,KAAK,QAAQ,MAAiC;AAChG,MAAI,YAAY,OAAO,MACrB,QAAO,WAAW,YAAY,QAAQ;;AAI1C,KAAI,KAAK,SAAS,cAAc,KAAA,GAAW;EACzC,MAAM,KAAK,cAAc,OAAO;AAChC,MAAI,KAAK,QAAQ,cAAc,QAAQ,KAAK,QAAQ,cAAc,GAChE,QAAO,GAAG;WACD,OAAO,KAAK,QAAQ,cAAc,SAC3C,QAAO,WAAW,6CAA6C;OAC1D;GACL,MAAM,aAAa,kBAAkB,KAAK,QAAQ,UAAU;AAC5D,OAAI,WAAW,OAAO,MACpB,QAAO,WAAW,sBAAsB,WAAW,UAAU;AAE/D,MAAG,YAAY,WAAW;;;AAI9B,KAAI,KAAK,SAAS,gBAAgB,KAAA,GAAW;AAC3C,MAAI,CAAC,MAAM,QAAQ,KAAK,QAAQ,YAAY,CAC1C,QAAO,WAAW,uCAAuC;EAE3D,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,cAAc,KAAK,QAAQ,YAC3B,QAAQ,MAA4B,OAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,CACjF,KAAK,MAAc,EAAE,MAAM,CAAC;;AAGjC,KAAI,KAAK,SAAS,sBAAsB,KAAA,GAAW;AACjD,MACE,OAAO,KAAK,QAAQ,sBAAsB,YAC1C,CAAC,OAAO,SAAS,KAAK,QAAQ,kBAAkB,IAChD,KAAK,QAAQ,oBAAoB,EAEjC,QAAO,WAAW,uDAAuD;AAE3E,MAAI,CAAC,OAAO,QACV,QAAO,UAAU;GACf,MAAM;GACN,MAAM;GACN,WAAW;IAAE,SAAS;IAAM,YAAY;IAAW,4BAA4B;IAAO;GACtF,mBAAmB,KAAK,MAAM,KAAK,QAAQ,kBAAkB;GAC7D,aAAa,EAAE;GAChB;MAED,QAAO,QAAQ,oBAAoB,KAAK,MAAM,KAAK,QAAQ,kBAAkB;;AAIjF,KAAI,KAAK,SAAS,4BAA4B,KAAA,GAAW;EACvD,MAAM,OAAO,KAAK,QAAQ;AAC1B,MAAI,SAAS,UAAU,SAAS,SAAS,SAAS,WAChD,QAAO,WAAW,iEAAiE;EAErF,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,0BAA0B;;AAG/B,KAAI,KAAK,SAAS,2BAA2B,KAAA,GAAW;EACtD,MAAM,MAAM,iBAAiB,KAAK,QAAQ,uBAAuB;AACjE,MAAI,QAAQ,KACV,QAAO,WAAW,sEAAsE;EAE1F,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,yBAAyB;;AAG9B,KAAI,KAAK,SAAS,+BAA+B,KAAA,GAAW;EAC1D,MAAM,MAAM,iBAAiB,KAAK,QAAQ,2BAA2B;AACrE,MAAI,QAAQ,KACV,QAAO,WAAW,0EAA0E;EAE9F,MAAM,KAAK,cAAc,OAAO;AAChC,KAAG,6BAA6B;;AAGlC,QAAO"}
package/dist/src/gateway/hono/routes/config-patch/misc.js CHANGED
@@ -1,5 +1,5 @@
1
- import { CredentialResolver, init_credentials } from "../../../../auth/credentials.js";
2
1
  import { BindingsConfigSchema, McpConfigSchema, init_schema } from "../../../../config/schema.js";
2
+ import { CredentialResolver, init_credentials } from "../../../../auth/credentials.js";
3
3
  import { canonicalizeConfiguredMcpServer } from "../../../../config/mcp-config-normalize.js";
4
4
  import { mergeCronConfigPatch, mergeGatewaySkillsMarketplacePatch, mergeGoalsConfigPatch, mergeSessionConfigPatch, mergeUpdateConfigPatch } from "../../../../config/web-patch.js";
5
5
  import { assertGatewayAuthConfigured, resolveGatewayAuth } from "../../../auth.js";
package/dist/src/gateway/hono/routes/dreaming.js CHANGED
@@ -5,8 +5,8 @@ import { getWorkspacePath } from "../../../config/workspace-path-helpers.js";
5
5
  import { parseDreamingLastRunFile } from "../../../agent/memory/dreaming/last-run.js";
6
6
  import { readDreamingEvents } from "../../../agent/memory/dreaming/events.js";
7
7
  import { previewDreamingDeepPromotion } from "../../../agent/memory/dreaming/preview.js";
8
- import fs from "node:fs/promises";
9
8
  import path from "node:path";
9
+ import fs from "node:fs/promises";
10
10
  //#region src/gateway/hono/routes/dreaming.ts
11
11
  function isRecord(v) {
12
12
  return v !== null && typeof v === "object" && !Array.isArray(v);
package/dist/src/gateway/hono/routes/host-fs.js CHANGED
@@ -1,8 +1,8 @@
1
1
  import { createLogger } from "../../../utils/logger/index.js";
2
2
  import { init_logger } from "../../../utils/logger.js";
3
- import { readdir, realpath, stat } from "node:fs/promises";
4
- import * as path$1 from "node:path";
5
3
  import * as os$1 from "node:os";
4
+ import * as path$1 from "node:path";
5
+ import { readdir, realpath, stat } from "node:fs/promises";
6
6
  //#region src/gateway/hono/routes/host-fs.ts
7
7
  init_logger();
8
8
  const log = createLogger("HostFs");
package/dist/src/gateway/hono/routes/lazy-bundles.js CHANGED
@@ -126,6 +126,14 @@ const AUTHENTICATED_LAZY_ROUTE_BUNDLES = [
126
126
  return { register: registerGoalsRoutes };
127
127
  }
128
128
  },
129
+ {
130
+ id: "notes",
131
+ match: (path) => startsWithAny(path, ["/api/notes"]),
132
+ load: async () => {
133
+ const { registerNotesRoutes } = await import("./notes.js");
134
+ return { register: registerNotesRoutes };
135
+ }
136
+ },
129
137
  {
130
138
  id: "workflows",
131
139
  match: (path) => startsWithAny(path, ["/api/workflows"]),
package/dist/src/gateway/hono/routes/lazy-bundles.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"lazy-bundles.js","names":[],"sources":["../../../../../src/gateway/hono/routes/lazy-bundles.ts"],"sourcesContent":["import type { Hono } from 'hono';\n\nimport type { GatewayService } from '../../service.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\n\nexport type AuthenticatedLazyRouteBundle = {\n id: string;\n match: (path: string) => boolean;\n load: () => Promise<{ register: (authenticated: Hono, deps: AuthenticatedRouteDeps) => void }>;\n};\n\nexport type AppLazyRouteBundle = {\n id: string;\n prefixes: readonly string[];\n match: (path: string) => boolean;\n load: () => Promise<{\n registerOnApp: (app: Hono, service: GatewayService) => void;\n }>;\n};\n\nfunction startsWithAny(path: string, prefixes: readonly string[]): boolean {\n return prefixes.some((prefix) => path === prefix || path.startsWith(`${prefix}/`));\n}\n\nexport const AUTHENTICATED_LAZY_ROUTE_BUNDLES: readonly AuthenticatedLazyRouteBundle[] = [\n {\n id: 'workspace',\n match: (path) => startsWithAny(path, ['/api/workspace']),\n load: async () => {\n const { registerWorkspaceRoutes } = await import('./workspace.js');\n return { register: registerWorkspaceRoutes };\n },\n },\n {\n id: 'host-fs',\n match: (path) => startsWithAny(path, ['/api/host/fs']),\n load: async () => {\n const { registerHostFsRoutes } = await import('./host-fs.js');\n return { register: registerHostFsRoutes };\n },\n },\n {\n id: 'channels',\n match: (path) => startsWithAny(path, ['/api/channels']),\n load: async () => {\n const { registerChannelRoutes } = await import('./channels.js');\n return { register: registerChannelRoutes };\n },\n },\n {\n id: 'browser-install',\n match: (path) =>\n path === '/api/browser/playwright/install/stream' ||\n path === '/api/browser/cloakbrowser/install/stream',\n load: async () => {\n const { registerBrowserInstallRoutes } = await import('./browser-install.js');\n return { register: registerBrowserInstallRoutes };\n },\n },\n {\n id: 'browser',\n // `browser-install` above already matched the SSE install streams; this\n // catches the remaining /api/browser/* handlers (extension, cdp,\n // cloakbrowser doctor/launch/install, playwright doctor/install, cloud).\n match: (path) => startsWithAny(path, ['/api/browser']),\n load: async () => {\n const { registerBrowserRoutes } = await import('./browser.js');\n return { register: registerBrowserRoutes };\n },\n },\n {\n id: 'config',\n match: (path) =>\n startsWithAny(path, ['/api/config', '/api/heartbeat/trigger']),\n load: async () => {\n const { registerConfigRoutes } = await import('./config.js');\n return { register: registerConfigRoutes };\n },\n },\n {\n id: 'doctor',\n match: (path) => startsWithAny(path, ['/api/doctor']),\n load: async () => {\n const { registerDoctorRoutes } = await import('./doctor.js');\n return { register: registerDoctorRoutes };\n },\n },\n {\n id: 'dreaming',\n match: (path) => startsWithAny(path, ['/api/dreaming']),\n load: async () => {\n const { registerDreamingRoutes } = await import('./dreaming.js');\n return { register: registerDreamingRoutes };\n },\n },\n {\n id: 'agents',\n match: (path) => startsWithAny(path, ['/api/agents', '/api/voice/models']),\n load: async () => {\n const { registerAgentsRoutes } = await import('./agents.js');\n return { register: registerAgentsRoutes };\n },\n },\n {\n id: 'auth-registry-extensions',\n match: (path) =>\n startsWithAny(path, [\n '/api/auth',\n '/api/registry',\n '/api/extensions',\n '/api/context',\n '/api/marketplace',\n ]),\n load: async () => {\n const { registerAuthRegistryExtensionsRoutes } = await import('./auth-registry-extensions.js');\n return { register: registerAuthRegistryExtensionsRoutes };\n },\n },\n {\n id: 'models',\n match: (path) =>\n startsWithAny(path, ['/api/models', '/api/models-json', '/api/providers', '/api/image']),\n load: async () => {\n const { registerModelsRoutes } = await import('./models.js');\n return { register: registerModelsRoutes };\n },\n },\n {\n id: 'commands-skills',\n match: (path) => startsWithAny(path, ['/api/commands', '/api/skills']),\n load: async () => {\n const { registerCommandsSkillsRoutes } = await import('./commands-skills.js');\n return { register: registerCommandsSkillsRoutes };\n },\n },\n {\n id: 'cron',\n match: (path) => startsWithAny(path, ['/api/cron']),\n load: async () => {\n const { registerCronRoutes } = await import('./cron.js');\n return { register: registerCronRoutes };\n },\n },\n {\n id: 'goals',\n match: (path) => startsWithAny(path, ['/api/goals']),\n load: async () => {\n const { registerGoalsRoutes } = await import('./goals.js');\n return { register: registerGoalsRoutes };\n },\n },\n {\n id: 'workflows',\n match: (path) => startsWithAny(path, ['/api/workflows']),\n load: async () => {\n const { registerWorkflowRoutes } = await import('./workflows.js');\n return { register: registerWorkflowRoutes };\n },\n },\n {\n id: 'logs',\n match: (path) => startsWithAny(path, ['/api/logs']),\n load: async () => {\n const { registerLogsRoutes } = await import('./logs.js');\n return { register: registerLogsRoutes };\n },\n },\n {\n id: 'shares',\n match: (path) => startsWithAny(path, ['/api/shares']),\n load: async () => {\n const { registerShareRoutes } = await import('./shares.js');\n return { register: registerShareRoutes };\n },\n },\n {\n id: 'site-shares',\n match: (path) => startsWithAny(path, ['/api/site-shares']),\n load: async () => {\n const { registerSiteShareRoutes } = await import('./site-shares.js');\n return { register: registerSiteShareRoutes };\n },\n },\n {\n id: 'tunnel',\n match: (path) => startsWithAny(path, ['/api/tunnel']),\n load: async () => {\n const { registerTunnelRoutes } = await import('./tunnel.js');\n return { register: registerTunnelRoutes };\n },\n },\n {\n id: 'exposure',\n match: (path) => startsWithAny(path, ['/api/exposure']),\n load: async () => {\n const { registerExposureRoutes } = await import('./exposure.js');\n return { register: registerExposureRoutes };\n },\n },\n {\n id: 'extension-gateway',\n match: (path) => startsWithAny(path, ['/api/gateway']),\n load: async () => {\n const { registerExtensionGatewayRoutes } = await import('./extension-gateway.js');\n return { register: registerExtensionGatewayRoutes };\n },\n },\n {\n id: 'update',\n match: (path) => startsWithAny(path, ['/api/update']),\n load: async () => {\n const { registerUpdateRoutes } = await import('./update.js');\n return { register: registerUpdateRoutes };\n },\n },\n {\n id: 'voice',\n match: (path) => startsWithAny(path, ['/api/voice']) && path !== '/api/voice/models',\n load: async () => {\n const { registerVoiceRoutes } = await import('./voice.js');\n return { register: registerVoiceRoutes };\n },\n },\n {\n id: 'mcp',\n match: (path) => startsWithAny(path, ['/api/mcp']),\n load: async () => {\n const { registerMcpRoutes } = await import('./mcp.js');\n return { register: registerMcpRoutes };\n },\n },\n];\n\nexport const APP_LAZY_ROUTE_BUNDLES: readonly AppLazyRouteBundle[] = [\n {\n id: 'shares-public',\n prefixes: ['/s'],\n match: (path) => startsWithAny(path, ['/s']),\n load: async () => {\n const { registerSharePublicRoutes } = await import('./shares.js');\n return { registerOnApp: registerSharePublicRoutes };\n },\n },\n {\n id: 'tunnel-public',\n prefixes: [\n '/api/tunnel/pair/ping',\n '/api/tunnel/pair/validate-url',\n '/api/tunnel/exchange-token',\n ],\n match: (path) =>\n path === '/api/tunnel/exchange-token' ||\n path === '/api/tunnel/pair/ping' ||\n path === '/api/tunnel/pair/validate-url',\n load: async () => {\n const { registerTunnelPublicRoutes } = await import('./tunnel.js');\n return { registerOnApp: registerTunnelPublicRoutes };\n },\n },\n];\n\nexport function findAuthenticatedLazyRouteBundle(path: string): AuthenticatedLazyRouteBundle | undefined {\n return AUTHENTICATED_LAZY_ROUTE_BUNDLES.find((bundle) => bundle.match(path));\n}\n"],"mappings":";AAoBA,SAAS,cAAc,MAAc,UAAsC;AACzE,QAAO,SAAS,MAAM,WAAW,SAAS,UAAU,KAAK,WAAW,GAAG,OAAO,GAAG,CAAC;;AAGpF,MAAa,mCAA4E;CACvF;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,iBAAiB,CAAC;EACxD,MAAM,YAAY;GAChB,MAAM,EAAE,4BAA4B,MAAM,OAAO;AACjD,UAAO,EAAE,UAAU,yBAAyB;;EAE/C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,eAAe,CAAC;EACtD,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,gBAAgB,CAAC;EACvD,MAAM,YAAY;GAChB,MAAM,EAAE,0BAA0B,MAAM,OAAO;AAC/C,UAAO,EAAE,UAAU,uBAAuB;;EAE7C;CACD;EACE,IAAI;EACJ,QAAQ,SACN,SAAS,4CACT,SAAS;EACX,MAAM,YAAY;GAChB,MAAM,EAAE,iCAAiC,MAAM,OAAO;AACtD,UAAO,EAAE,UAAU,8BAA8B;;EAEpD;CACD;EACE,IAAI;EAIJ,QAAQ,SAAS,cAAc,MAAM,CAAC,eAAe,CAAC;EACtD,MAAM,YAAY;GAChB,MAAM,EAAE,0BAA0B,MAAM,OAAO;AAC/C,UAAO,EAAE,UAAU,uBAAuB;;EAE7C;CACD;EACE,IAAI;EACJ,QAAQ,SACN,cAAc,MAAM,CAAC,eAAe,yBAAyB,CAAC;EAChE,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,cAAc,CAAC;EACrD,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,gBAAgB,CAAC;EACvD,MAAM,YAAY;GAChB,MAAM,EAAE,2BAA2B,MAAM,OAAO;AAChD,UAAO,EAAE,UAAU,wBAAwB;;EAE9C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,eAAe,oBAAoB,CAAC;EAC1E,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SACN,cAAc,MAAM;GAClB;GACA;GACA;GACA;GACA;GACD,CAAC;EACJ,MAAM,YAAY;GAChB,MAAM,EAAE,yCAAyC,MAAM,OAAO;AAC9D,UAAO,EAAE,UAAU,sCAAsC;;EAE5D;CACD;EACE,IAAI;EACJ,QAAQ,SACN,cAAc,MAAM;GAAC;GAAe;GAAoB;GAAkB;GAAa,CAAC;EAC1F,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,iBAAiB,cAAc,CAAC;EACtE,MAAM,YAAY;GAChB,MAAM,EAAE,iCAAiC,MAAM,OAAO;AACtD,UAAO,EAAE,UAAU,8BAA8B;;EAEpD;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,YAAY,CAAC;EACnD,MAAM,YAAY;GAChB,MAAM,EAAE,uBAAuB,MAAM,OAAO;AAC5C,UAAO,EAAE,UAAU,oBAAoB;;EAE1C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,aAAa,CAAC;EACpD,MAAM,YAAY;GAChB,MAAM,EAAE,wBAAwB,MAAM,OAAO;AAC7C,UAAO,EAAE,UAAU,qBAAqB;;EAE3C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,iBAAiB,CAAC;EACxD,MAAM,YAAY;GAChB,MAAM,EAAE,2BAA2B,MAAM,OAAO;AAChD,UAAO,EAAE,UAAU,wBAAwB;;EAE9C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,YAAY,CAAC;EACnD,MAAM,YAAY;GAChB,MAAM,EAAE,uBAAuB,MAAM,OAAO;AAC5C,UAAO,EAAE,UAAU,oBAAoB;;EAE1C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,cAAc,CAAC;EACrD,MAAM,YAAY;GAChB,MAAM,EAAE,wBAAwB,MAAM,OAAO;AAC7C,UAAO,EAAE,UAAU,qBAAqB;;EAE3C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,mBAAmB,CAAC;EAC1D,MAAM,YAAY;GAChB,MAAM,EAAE,4BAA4B,MAAM,OAAO;AACjD,UAAO,EAAE,UAAU,yBAAyB;;EAE/C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,cAAc,CAAC;EACrD,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,gBAAgB,CAAC;EACvD,MAAM,YAAY;GAChB,MAAM,EAAE,2BAA2B,MAAM,OAAO;AAChD,UAAO,EAAE,UAAU,wBAAwB;;EAE9C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,eAAe,CAAC;EACtD,MAAM,YAAY;GAChB,MAAM,EAAE,mCAAmC,MAAM,OAAO;AACxD,UAAO,EAAE,UAAU,gCAAgC;;EAEtD;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,cAAc,CAAC;EACrD,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,aAAa,CAAC,IAAI,SAAS;EACjE,MAAM,YAAY;GAChB,MAAM,EAAE,wBAAwB,MAAM,OAAO;AAC7C,UAAO,EAAE,UAAU,qBAAqB;;EAE3C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,WAAW,CAAC;EAClD,MAAM,YAAY;GAChB,MAAM,EAAE,sBAAsB,MAAM,OAAO;AAC3C,UAAO,EAAE,UAAU,mBAAmB;;EAEzC;CACF;AAED,MAAa,yBAAwD,CACnE;CACE,IAAI;CACJ,UAAU,CAAC,KAAK;CAChB,QAAQ,SAAS,cAAc,MAAM,CAAC,KAAK,CAAC;CAC5C,MAAM,YAAY;EAChB,MAAM,EAAE,8BAA8B,MAAM,OAAO;AACnD,SAAO,EAAE,eAAe,2BAA2B;;CAEtD,EACD;CACE,IAAI;CACJ,UAAU;EACR;EACA;EACA;EACD;CACD,QAAQ,SACN,SAAS,gCACT,SAAS,2BACT,SAAS;CACX,MAAM,YAAY;EAChB,MAAM,EAAE,+BAA+B,MAAM,OAAO;AACpD,SAAO,EAAE,eAAe,4BAA4B;;CAEvD,CACF;AAED,SAAgB,iCAAiC,MAAwD;AACvG,QAAO,iCAAiC,MAAM,WAAW,OAAO,MAAM,KAAK,CAAC"}
1
+ {"version":3,"file":"lazy-bundles.js","names":[],"sources":["../../../../../src/gateway/hono/routes/lazy-bundles.ts"],"sourcesContent":["import type { Hono } from 'hono';\n\nimport type { GatewayService } from '../../service.js';\nimport type { AuthenticatedRouteDeps } from './deps.js';\n\nexport type AuthenticatedLazyRouteBundle = {\n id: string;\n match: (path: string) => boolean;\n load: () => Promise<{ register: (authenticated: Hono, deps: AuthenticatedRouteDeps) => void }>;\n};\n\nexport type AppLazyRouteBundle = {\n id: string;\n prefixes: readonly string[];\n match: (path: string) => boolean;\n load: () => Promise<{\n registerOnApp: (app: Hono, service: GatewayService) => void;\n }>;\n};\n\nfunction startsWithAny(path: string, prefixes: readonly string[]): boolean {\n return prefixes.some((prefix) => path === prefix || path.startsWith(`${prefix}/`));\n}\n\nexport const AUTHENTICATED_LAZY_ROUTE_BUNDLES: readonly AuthenticatedLazyRouteBundle[] = [\n {\n id: 'workspace',\n match: (path) => startsWithAny(path, ['/api/workspace']),\n load: async () => {\n const { registerWorkspaceRoutes } = await import('./workspace.js');\n return { register: registerWorkspaceRoutes };\n },\n },\n {\n id: 'host-fs',\n match: (path) => startsWithAny(path, ['/api/host/fs']),\n load: async () => {\n const { registerHostFsRoutes } = await import('./host-fs.js');\n return { register: registerHostFsRoutes };\n },\n },\n {\n id: 'channels',\n match: (path) => startsWithAny(path, ['/api/channels']),\n load: async () => {\n const { registerChannelRoutes } = await import('./channels.js');\n return { register: registerChannelRoutes };\n },\n },\n {\n id: 'browser-install',\n match: (path) =>\n path === '/api/browser/playwright/install/stream' ||\n path === '/api/browser/cloakbrowser/install/stream',\n load: async () => {\n const { registerBrowserInstallRoutes } = await import('./browser-install.js');\n return { register: registerBrowserInstallRoutes };\n },\n },\n {\n id: 'browser',\n // `browser-install` above already matched the SSE install streams; this\n // catches the remaining /api/browser/* handlers (extension, cdp,\n // cloakbrowser doctor/launch/install, playwright doctor/install, cloud).\n match: (path) => startsWithAny(path, ['/api/browser']),\n load: async () => {\n const { registerBrowserRoutes } = await import('./browser.js');\n return { register: registerBrowserRoutes };\n },\n },\n {\n id: 'config',\n match: (path) =>\n startsWithAny(path, ['/api/config', '/api/heartbeat/trigger']),\n load: async () => {\n const { registerConfigRoutes } = await import('./config.js');\n return { register: registerConfigRoutes };\n },\n },\n {\n id: 'doctor',\n match: (path) => startsWithAny(path, ['/api/doctor']),\n load: async () => {\n const { registerDoctorRoutes } = await import('./doctor.js');\n return { register: registerDoctorRoutes };\n },\n },\n {\n id: 'dreaming',\n match: (path) => startsWithAny(path, ['/api/dreaming']),\n load: async () => {\n const { registerDreamingRoutes } = await import('./dreaming.js');\n return { register: registerDreamingRoutes };\n },\n },\n {\n id: 'agents',\n match: (path) => startsWithAny(path, ['/api/agents', '/api/voice/models']),\n load: async () => {\n const { registerAgentsRoutes } = await import('./agents.js');\n return { register: registerAgentsRoutes };\n },\n },\n {\n id: 'auth-registry-extensions',\n match: (path) =>\n startsWithAny(path, [\n '/api/auth',\n '/api/registry',\n '/api/extensions',\n '/api/context',\n '/api/marketplace',\n ]),\n load: async () => {\n const { registerAuthRegistryExtensionsRoutes } = await import('./auth-registry-extensions.js');\n return { register: registerAuthRegistryExtensionsRoutes };\n },\n },\n {\n id: 'models',\n match: (path) =>\n startsWithAny(path, ['/api/models', '/api/models-json', '/api/providers', '/api/image']),\n load: async () => {\n const { registerModelsRoutes } = await import('./models.js');\n return { register: registerModelsRoutes };\n },\n },\n {\n id: 'commands-skills',\n match: (path) => startsWithAny(path, ['/api/commands', '/api/skills']),\n load: async () => {\n const { registerCommandsSkillsRoutes } = await import('./commands-skills.js');\n return { register: registerCommandsSkillsRoutes };\n },\n },\n {\n id: 'cron',\n match: (path) => startsWithAny(path, ['/api/cron']),\n load: async () => {\n const { registerCronRoutes } = await import('./cron.js');\n return { register: registerCronRoutes };\n },\n },\n {\n id: 'goals',\n match: (path) => startsWithAny(path, ['/api/goals']),\n load: async () => {\n const { registerGoalsRoutes } = await import('./goals.js');\n return { register: registerGoalsRoutes };\n },\n },\n {\n id: 'notes',\n match: (path) => startsWithAny(path, ['/api/notes']),\n load: async () => {\n const { registerNotesRoutes } = await import('./notes.js');\n return { register: registerNotesRoutes };\n },\n },\n {\n id: 'workflows',\n match: (path) => startsWithAny(path, ['/api/workflows']),\n load: async () => {\n const { registerWorkflowRoutes } = await import('./workflows.js');\n return { register: registerWorkflowRoutes };\n },\n },\n {\n id: 'logs',\n match: (path) => startsWithAny(path, ['/api/logs']),\n load: async () => {\n const { registerLogsRoutes } = await import('./logs.js');\n return { register: registerLogsRoutes };\n },\n },\n {\n id: 'shares',\n match: (path) => startsWithAny(path, ['/api/shares']),\n load: async () => {\n const { registerShareRoutes } = await import('./shares.js');\n return { register: registerShareRoutes };\n },\n },\n {\n id: 'site-shares',\n match: (path) => startsWithAny(path, ['/api/site-shares']),\n load: async () => {\n const { registerSiteShareRoutes } = await import('./site-shares.js');\n return { register: registerSiteShareRoutes };\n },\n },\n {\n id: 'tunnel',\n match: (path) => startsWithAny(path, ['/api/tunnel']),\n load: async () => {\n const { registerTunnelRoutes } = await import('./tunnel.js');\n return { register: registerTunnelRoutes };\n },\n },\n {\n id: 'exposure',\n match: (path) => startsWithAny(path, ['/api/exposure']),\n load: async () => {\n const { registerExposureRoutes } = await import('./exposure.js');\n return { register: registerExposureRoutes };\n },\n },\n {\n id: 'extension-gateway',\n match: (path) => startsWithAny(path, ['/api/gateway']),\n load: async () => {\n const { registerExtensionGatewayRoutes } = await import('./extension-gateway.js');\n return { register: registerExtensionGatewayRoutes };\n },\n },\n {\n id: 'update',\n match: (path) => startsWithAny(path, ['/api/update']),\n load: async () => {\n const { registerUpdateRoutes } = await import('./update.js');\n return { register: registerUpdateRoutes };\n },\n },\n {\n id: 'voice',\n match: (path) => startsWithAny(path, ['/api/voice']) && path !== '/api/voice/models',\n load: async () => {\n const { registerVoiceRoutes } = await import('./voice.js');\n return { register: registerVoiceRoutes };\n },\n },\n {\n id: 'mcp',\n match: (path) => startsWithAny(path, ['/api/mcp']),\n load: async () => {\n const { registerMcpRoutes } = await import('./mcp.js');\n return { register: registerMcpRoutes };\n },\n },\n];\n\nexport const APP_LAZY_ROUTE_BUNDLES: readonly AppLazyRouteBundle[] = [\n {\n id: 'shares-public',\n prefixes: ['/s'],\n match: (path) => startsWithAny(path, ['/s']),\n load: async () => {\n const { registerSharePublicRoutes } = await import('./shares.js');\n return { registerOnApp: registerSharePublicRoutes };\n },\n },\n {\n id: 'tunnel-public',\n prefixes: [\n '/api/tunnel/pair/ping',\n '/api/tunnel/pair/validate-url',\n '/api/tunnel/exchange-token',\n ],\n match: (path) =>\n path === '/api/tunnel/exchange-token' ||\n path === '/api/tunnel/pair/ping' ||\n path === '/api/tunnel/pair/validate-url',\n load: async () => {\n const { registerTunnelPublicRoutes } = await import('./tunnel.js');\n return { registerOnApp: registerTunnelPublicRoutes };\n },\n },\n];\n\nexport function findAuthenticatedLazyRouteBundle(path: string): AuthenticatedLazyRouteBundle | undefined {\n return AUTHENTICATED_LAZY_ROUTE_BUNDLES.find((bundle) => bundle.match(path));\n}\n"],"mappings":";AAoBA,SAAS,cAAc,MAAc,UAAsC;AACzE,QAAO,SAAS,MAAM,WAAW,SAAS,UAAU,KAAK,WAAW,GAAG,OAAO,GAAG,CAAC;;AAGpF,MAAa,mCAA4E;CACvF;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,iBAAiB,CAAC;EACxD,MAAM,YAAY;GAChB,MAAM,EAAE,4BAA4B,MAAM,OAAO;AACjD,UAAO,EAAE,UAAU,yBAAyB;;EAE/C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,eAAe,CAAC;EACtD,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,gBAAgB,CAAC;EACvD,MAAM,YAAY;GAChB,MAAM,EAAE,0BAA0B,MAAM,OAAO;AAC/C,UAAO,EAAE,UAAU,uBAAuB;;EAE7C;CACD;EACE,IAAI;EACJ,QAAQ,SACN,SAAS,4CACT,SAAS;EACX,MAAM,YAAY;GAChB,MAAM,EAAE,iCAAiC,MAAM,OAAO;AACtD,UAAO,EAAE,UAAU,8BAA8B;;EAEpD;CACD;EACE,IAAI;EAIJ,QAAQ,SAAS,cAAc,MAAM,CAAC,eAAe,CAAC;EACtD,MAAM,YAAY;GAChB,MAAM,EAAE,0BAA0B,MAAM,OAAO;AAC/C,UAAO,EAAE,UAAU,uBAAuB;;EAE7C;CACD;EACE,IAAI;EACJ,QAAQ,SACN,cAAc,MAAM,CAAC,eAAe,yBAAyB,CAAC;EAChE,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,cAAc,CAAC;EACrD,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,gBAAgB,CAAC;EACvD,MAAM,YAAY;GAChB,MAAM,EAAE,2BAA2B,MAAM,OAAO;AAChD,UAAO,EAAE,UAAU,wBAAwB;;EAE9C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,eAAe,oBAAoB,CAAC;EAC1E,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SACN,cAAc,MAAM;GAClB;GACA;GACA;GACA;GACA;GACD,CAAC;EACJ,MAAM,YAAY;GAChB,MAAM,EAAE,yCAAyC,MAAM,OAAO;AAC9D,UAAO,EAAE,UAAU,sCAAsC;;EAE5D;CACD;EACE,IAAI;EACJ,QAAQ,SACN,cAAc,MAAM;GAAC;GAAe;GAAoB;GAAkB;GAAa,CAAC;EAC1F,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,iBAAiB,cAAc,CAAC;EACtE,MAAM,YAAY;GAChB,MAAM,EAAE,iCAAiC,MAAM,OAAO;AACtD,UAAO,EAAE,UAAU,8BAA8B;;EAEpD;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,YAAY,CAAC;EACnD,MAAM,YAAY;GAChB,MAAM,EAAE,uBAAuB,MAAM,OAAO;AAC5C,UAAO,EAAE,UAAU,oBAAoB;;EAE1C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,aAAa,CAAC;EACpD,MAAM,YAAY;GAChB,MAAM,EAAE,wBAAwB,MAAM,OAAO;AAC7C,UAAO,EAAE,UAAU,qBAAqB;;EAE3C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,aAAa,CAAC;EACpD,MAAM,YAAY;GAChB,MAAM,EAAE,wBAAwB,MAAM,OAAO;AAC7C,UAAO,EAAE,UAAU,qBAAqB;;EAE3C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,iBAAiB,CAAC;EACxD,MAAM,YAAY;GAChB,MAAM,EAAE,2BAA2B,MAAM,OAAO;AAChD,UAAO,EAAE,UAAU,wBAAwB;;EAE9C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,YAAY,CAAC;EACnD,MAAM,YAAY;GAChB,MAAM,EAAE,uBAAuB,MAAM,OAAO;AAC5C,UAAO,EAAE,UAAU,oBAAoB;;EAE1C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,cAAc,CAAC;EACrD,MAAM,YAAY;GAChB,MAAM,EAAE,wBAAwB,MAAM,OAAO;AAC7C,UAAO,EAAE,UAAU,qBAAqB;;EAE3C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,mBAAmB,CAAC;EAC1D,MAAM,YAAY;GAChB,MAAM,EAAE,4BAA4B,MAAM,OAAO;AACjD,UAAO,EAAE,UAAU,yBAAyB;;EAE/C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,cAAc,CAAC;EACrD,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,gBAAgB,CAAC;EACvD,MAAM,YAAY;GAChB,MAAM,EAAE,2BAA2B,MAAM,OAAO;AAChD,UAAO,EAAE,UAAU,wBAAwB;;EAE9C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,eAAe,CAAC;EACtD,MAAM,YAAY;GAChB,MAAM,EAAE,mCAAmC,MAAM,OAAO;AACxD,UAAO,EAAE,UAAU,gCAAgC;;EAEtD;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,cAAc,CAAC;EACrD,MAAM,YAAY;GAChB,MAAM,EAAE,yBAAyB,MAAM,OAAO;AAC9C,UAAO,EAAE,UAAU,sBAAsB;;EAE5C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,aAAa,CAAC,IAAI,SAAS;EACjE,MAAM,YAAY;GAChB,MAAM,EAAE,wBAAwB,MAAM,OAAO;AAC7C,UAAO,EAAE,UAAU,qBAAqB;;EAE3C;CACD;EACE,IAAI;EACJ,QAAQ,SAAS,cAAc,MAAM,CAAC,WAAW,CAAC;EAClD,MAAM,YAAY;GAChB,MAAM,EAAE,sBAAsB,MAAM,OAAO;AAC3C,UAAO,EAAE,UAAU,mBAAmB;;EAEzC;CACF;AAED,MAAa,yBAAwD,CACnE;CACE,IAAI;CACJ,UAAU,CAAC,KAAK;CAChB,QAAQ,SAAS,cAAc,MAAM,CAAC,KAAK,CAAC;CAC5C,MAAM,YAAY;EAChB,MAAM,EAAE,8BAA8B,MAAM,OAAO;AACnD,SAAO,EAAE,eAAe,2BAA2B;;CAEtD,EACD;CACE,IAAI;CACJ,UAAU;EACR;EACA;EACA;EACD;CACD,QAAQ,SACN,SAAS,gCACT,SAAS,2BACT,SAAS;CACX,MAAM,YAAY;EAChB,MAAM,EAAE,+BAA+B,MAAM,OAAO;AACpD,SAAO,EAAE,eAAe,4BAA4B;;CAEvD,CACF;AAED,SAAgB,iCAAiC,MAAwD;AACvG,QAAO,iCAAiC,MAAM,WAAW,OAAO,MAAM,KAAK,CAAC"}
package/dist/src/gateway/hono/routes/models.js CHANGED
@@ -1,8 +1,8 @@
1
1
  import { resolveModelsJsonPath } from "../../../config/paths.js";
2
- import { CredentialResolver, init_credentials } from "../../../auth/credentials.js";
3
2
  import { init_resolve_config_value, testApiKeyResolution } from "../../../config/resolve-config-value.js";
4
3
  import { init_models_json, loadModelsJson, saveModelsJson, validateModelsConfig } from "../../../config/models-json.js";
5
4
  import { getModelRegistry } from "../../../providers/model-registry.js";
5
+ import { CredentialResolver, init_credentials } from "../../../auth/credentials.js";
6
6
  import { getProviderRegistry, init_plugin_registry } from "../../../providers/plugin-registry.js";
7
7
  import { PROVIDER_META, getAllModels, getAllProviders, getAvailableModels, getProviderAuthState, init_providers, isProviderConfigured } from "../../../providers/index.js";
8
8
  import { getImageGenerationProvider } from "../../../agent/image/generation/provider-registry.js";
package/dist/src/gateway/hono/routes/notes.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ import type { Hono } from 'hono';
2
+ import type { AuthenticatedRouteDeps } from './deps.js';
3
+ export declare function registerNotesRoutes(authenticated: Hono, deps: AuthenticatedRouteDeps): void;