crewly 1.6.0 → 1.6.2

package/dist/backend/backend/src/controllers/credentials/credentials.controller.js

@@ -12,10 +12,22 @@
  */
 import { getCredentialStoreService, } from '../../services/credential/credential-store.service.js';
 import { GeminiCliWorkspaceHelper } from '../../services/credential/helpers/gemini-cli-workspace.helper.js';
-import { CredentialNotFoundError, } from '../../types/credential.types.js';
+import { CredentialNotFoundError } from '../../types/credential.types.js';
 import { LoggerService } from '../../services/core/logger.service.js';
 const logger = LoggerService.getInstance().createComponentLogger('CredentialsController');
 // ============================================================================
+// Module constants
+// ============================================================================
+/** Lifecycle statuses a client may assign via PATCH. */
+const ALLOWED_STATUSES = new Set(['active', 'revoked']);
+// ============================================================================
+// Validation helpers
+// ============================================================================
+/** Type guard for non-empty strings — cheap defensive check on request bodies. */
+function isNonEmptyString(value) {
+    return typeof value === 'string' && value.length > 0;
+}
+// ============================================================================
 // Helper singleton (lazy)
 // ============================================================================
 let geminiHelper = null;
@@ -68,20 +80,22 @@ export async function getCredentialById(req, res, next) {
  */
 export async function addApiKey(req, res, next) {
     try {
-        const { name, provider, value } = (req.body ?? {});
-        if (!name || !provider || !value) {
+        const body = (req.body ?? {});
+        if (!isNonEmptyString(body.name) ||
+            !isNonEmptyString(body.provider) ||
+            !isNonEmptyString(body.value)) {
             res.status(400).json({
                 success: false,
-                error: 'Missing required fields: name, provider, value',
+                error: 'Missing or invalid required fields: name (string), provider (string), value (string)',
             });
             return;
         }
         const cred = await getCredentialStoreService().addApiKey({
-            name,
-            provider,
-            value,
+            name: body.name,
+            provider: body.provider,
+            value: body.value,
         });
-        logger.info('Added api-key credential', { id: cred.id, provider });
+        logger.info('Added api-key credential', { id: cred.id, provider: body.provider });
         res.status(201).json({ success: true, data: cred });
     }
     catch (err) {
@@ -95,12 +109,29 @@ export async function addApiKey(req, res, next) {
  */
 export async function updateCredentialHandler(req, res, next) {
     try {
-        const { name, status } = (req.body ?? {});
+        const body = (req.body ?? {});
         const patch = {};
-        if (name !== undefined)
-            patch.name = name;
-        if (status !== undefined)
-            patch.status = status;
+        if (body.name !== undefined) {
+            if (!isNonEmptyString(body.name)) {
+                res.status(400).json({
+                    success: false,
+                    error: 'name must be a non-empty string',
+                });
+                return;
+            }
+            patch.name = body.name;
+        }
+        if (body.status !== undefined) {
+            if (typeof body.status !== 'string' ||
+                !ALLOWED_STATUSES.has(body.status)) {
+                res.status(400).json({
+                    success: false,
+                    error: `status must be one of: ${[...ALLOWED_STATUSES].join(', ')}`,
+                });
+                return;
+            }
+            patch.status = body.status;
+        }
         if (Object.keys(patch).length === 0) {
             res.status(400).json({
                 success: false,
@@ -191,175 +222,7 @@ export async function clearGeminiCliExtensionFile(_req, res, next) {
         next(err);
     }
 }
-// ============================================================================
-// Headless OAuth flow — for remote users (orchestrator over Slack, etc.)
-// ============================================================================
-/**
- * OAuth client + endpoint details lifted from the Gemini CLI Workspace
- * extension's `workspace-server/src/utils/config.ts`. Using the same
- * client_id + redirect_uri lets us piggyback on their published OAuth app
- * (so grants don't hit the 7-day testing-mode expiry).
- */
-const GOOGLE_OAUTH_CLIENT_ID = '338689075775-o75k922vn5fdl18qergr96rp8g63e4d7.apps.googleusercontent.com';
-const GOOGLE_OAUTH_REDIRECT_URI = 'https://google-workspace-extension.geminicli.com';
-const GOOGLE_OAUTH_AUTH_BASE = 'https://accounts.google.com/o/oauth2/v2/auth';
-/**
- * Default scopes — a broad Workspace set covering common needs. Agents
- * can override at start time via the request body.
- */
-const DEFAULT_GOOGLE_SCOPES = [
-    'openid',
-    'https://www.googleapis.com/auth/userinfo.email',
-    'https://www.googleapis.com/auth/userinfo.profile',
-    'https://www.googleapis.com/auth/gmail.readonly',
-    'https://www.googleapis.com/auth/gmail.send',
-    'https://www.googleapis.com/auth/drive.readonly',
-    'https://www.googleapis.com/auth/drive.file',
-    'https://www.googleapis.com/auth/documents.readonly',
-    'https://www.googleapis.com/auth/calendar.readonly',
-    'https://www.googleapis.com/auth/calendar.events',
-    'https://www.googleapis.com/auth/photoslibrary.readonly',
-];
-/**
- * POST /api/credentials/oauth/google/start
- *
- * Build a Google OAuth URL that the caller can send to a remote user (via
- * Slack, email, etc.). The URL opens on the user's device, they sign in,
- * and the gemini-cli cloud function returns a page showing the credentials
- * JSON for the user to copy back.
- *
- * Body: { scopes?: string[] }    (optional override)
- * Returns: { success, data: { authUrl } }
- */
-export async function startGoogleOAuth(req, res, _next) {
-    try {
-        const scopesOverride = req.body?.scopes ?? undefined;
-        const scopes = scopesOverride && scopesOverride.length > 0
-            ? scopesOverride
-            : DEFAULT_GOOGLE_SCOPES;
-        // State payload tells the cloud function to render the manual/copy-paste page
-        // (instead of redirecting to a localhost URI, which this flow doesn't use).
-        const statePayload = { manual: true };
-        const state = Buffer.from(JSON.stringify(statePayload)).toString('base64');
-        const params = new URLSearchParams({
-            client_id: GOOGLE_OAUTH_CLIENT_ID,
-            redirect_uri: GOOGLE_OAUTH_REDIRECT_URI,
-            response_type: 'code',
-            scope: scopes.join(' '),
-            state,
-            access_type: 'offline',
-            prompt: 'consent',
-        });
-        const authUrl = `${GOOGLE_OAUTH_AUTH_BASE}?${params.toString()}`;
-        res.json({ success: true, data: { authUrl } });
-    }
-    catch (err) {
-        logger.error('startGoogleOAuth failed', { err });
-        res.status(500).json({
-            success: false,
-            error: err instanceof Error ? err.message : 'Failed to build OAuth URL',
-        });
-    }
-}
-/**
- * POST /api/credentials/oauth/google/complete
- *
- * Accept the credentials JSON that the user copied from the OAuth success
- * page, verify it, fetch the account email, and save as a new Crewly
- * credential.
- *
- * Body: {
- *   name: string,
- *   credentialsJson: string | object    (the JSON blob the user pasted)
- * }
- * Returns: { success, data: CredentialRegistryEntry }
- */
-export async function completeGoogleOAuth(req, res, _next) {
-    try {
-        const { name, credentialsJson } = (req.body ?? {});
-        if (!name || !credentialsJson) {
-            res.status(400).json({
-                success: false,
-                error: 'Missing required fields: name, credentialsJson',
-            });
-            return;
-        }
-        // Accept either a parsed object or a raw JSON string
-        let parsed;
-        if (typeof credentialsJson === 'string') {
-            try {
-                parsed = JSON.parse(credentialsJson);
-            }
-            catch {
-                res.status(400).json({
-                    success: false,
-                    error: 'credentialsJson is not valid JSON. Paste the JSON block from the "Success! Credentials Ready" page exactly as shown.',
-                });
-                return;
-            }
-        }
-        else if (typeof credentialsJson === 'object' && credentialsJson !== null) {
-            parsed = credentialsJson;
-        }
-        else {
-            res.status(400).json({
-                success: false,
-                error: 'credentialsJson must be a JSON string or object',
-            });
-            return;
-        }
-        const accessToken = parsed.access_token;
-        const refreshToken = parsed.refresh_token;
-        const scope = parsed.scope;
-        const tokenType = parsed.token_type ?? 'Bearer';
-        const expiryDate = parsed.expiry_date;
-        if (!accessToken || !refreshToken) {
-            res.status(400).json({
-                success: false,
-                error: 'credentialsJson is missing access_token or refresh_token. Make sure you copied the entire JSON block.',
-            });
-            return;
-        }
-        // Fetch account email from Google userinfo (best-effort)
-        let accountEmail;
-        try {
-            const response = await fetch('https://www.googleapis.com/oauth2/v3/userinfo', { headers: { Authorization: `Bearer ${accessToken}` } });
-            if (response.ok) {
-                const info = (await response.json());
-                accountEmail = info.email;
-            }
-        }
-        catch {
-            // best-effort only — credential is still valid without accountEmail
-        }
-        const scopes = typeof scope === 'string' ? scope.split(' ').filter(Boolean) : [];
-        const cred = await getCredentialStoreService().addOAuth({
-            name,
-            provider: 'google',
-            helper: 'gemini-cli-workspace',
-            payload: {
-                type: 'google-oauth',
-                accessToken,
-                refreshToken,
-                tokenType: tokenType,
-                expiresAt: expiryDate ?? Date.now() + 3600_000,
-                scopes,
-                accountEmail,
-                clientId: GOOGLE_OAUTH_CLIENT_ID,
-            },
-        });
-        logger.info('Completed headless Google OAuth', {
-            id: cred.id,
-            accountEmail,
-        });
-        res.status(201).json({ success: true, data: cred });
-    }
-    catch (err) {
-        logger.error('completeGoogleOAuth failed', { err });
-        res.status(500).json({
-            success: false,
-            error: err instanceof Error ? err.message : 'Failed to save credential',
-        });
-    }
-}
+// Headless Google OAuth endpoints (startGoogleOAuth, completeGoogleOAuth)
+// live in `./google-oauth.controller.ts` and are composed into the router in
+// `./credentials.routes.ts`.
 //# sourceMappingURL=credentials.controller.js.map

package/dist/backend/backend/src/controllers/credentials/credentials.controller.js.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.controller.js","sourceRoot":"","sources":["../../../../../../backend/src/controllers/credentials/credentials.controller.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EACL,yBAAyB,GAE1B,MAAM,uDAAuD,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kEAAkE,CAAC;AAC5G,OAAO,EACL,uBAAuB,GAExB,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAEtE,MAAM,MAAM,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC,qBAAqB,CAC9D,uBAAuB,CACxB,CAAC;AAEF,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E,IAAI,YAAY,GAAoC,IAAI,CAAC;AAEzD,SAAS,eAAe;IACtB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,IAAI,wBAAwB,CAAC,yBAAyB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,4BAA4B;IAC1C,YAAY,GAAG,IAAI,CAAC;AACtB,CAAC;AAED,+EAA+E;AAC/E,WAAW;AACX,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAa,EACb,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,yBAAyB,EAAE,CAAC,eAAe,EAAE,CAAC;QAClE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5E,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAIhD,CAAC;QACF,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,EAAE,CAAC;YACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,gDAAgD;aACxD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,SAAS,CAAC;YACvD,IAAI;YACJ,QAAQ;YACR,KAAK;SACN,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAGvC,CAAC;QACF,MAAM,KAAK,GAA6B,EAAE,CAAC;QAC3C,IAAI,IAAI,KAAK,SAAS;YAAE,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC;QAC1C,IAAI,MAAM,KAAK,SAAS;YAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;QAChD,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,oDAAoD;aAC5D,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,gBAAgB,CAC7D,GAAG,CAAC,MAAM,CAAC,EAAE,EACb,KAAK,CACN,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,yBAAyB,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAClE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAsB,CAAC;QACvD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,8BAA8B;aACtC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,eAAe,EAAE,CAAC,eAAe,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,QAAQ,CAAC;YACtD,IAAI;YACJ,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,sBAAsB;YAC9B,OAAO;SACR,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,uEAAuE;QACvE,MAAM,OAAO,GACX,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,6BAA6B,CAAC;QACrE,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,IAAa,EACb,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,eAAe,EAAE,CAAC,kBAAkB,EAAE,CAAC;QAC7C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,yEAAyE;AACzE,+EAA+E;AAE/E;;;;;GAKG;AACH,MAAM,sBAAsB,GAC1B,0EAA0E,CAAC;AAC7E,MAAM,yBAAyB,GAC7B,kDAAkD,CAAC;AACrD,MAAM,sBAAsB,GAAG,8CAA8C,CAAC;AAE9E;;;GAGG;AACH,MAAM,qBAAqB,GAAG;IAC5B,QAAQ;IACR,gDAAgD;IAChD,kDAAkD;IAClD,gDAAgD;IAChD,4CAA4C;IAC5C,gDAAgD;IAChD,4CAA4C;IAC5C,oDAAoD;IACpD,mDAAmD;IACnD,iDAAiD;IACjD,wDAAwD;CACzD,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,GAAY,EACZ,GAAa,EACb,KAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,cAAc,GAAI,GAAG,CAAC,IAAI,EAAE,MAA+B,IAAI,SAAS,CAAC;QAC/E,MAAM,MAAM,GAAG,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC;YACxD,CAAC,CAAC,cAAc;YAChB,CAAC,CAAC,qBAAqB,CAAC;QAE1B,8EAA8E;QAC9E,4EAA4E;QAC5E,MAAM,YAAY,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE3E,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,sBAAsB;YACjC,YAAY,EAAE,yBAAyB;YACvC,aAAa,EAAE,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACvB,KAAK;YACL,WAAW,EAAE,SAAS;YACtB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,GAAG,sBAAsB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACjE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B;SACxE,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAY,EACZ,GAAa,EACb,KAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAGhD,CAAC;QAEF,IAAI,CAAC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,gDAAgD;aACxD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,qDAAqD;QACrD,IAAI,MAA+B,CAAC;QACpC,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;YACxC,IAAI,CAAC;gBACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EACH,sHAAsH;iBACzH,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;QACH,CAAC;aAAM,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;YAC3E,MAAM,GAAG,eAA0C,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,iDAAiD;aACzD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,YAAkC,CAAC;QAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,aAAmC,CAAC;QAChE,MAAM,KAAK,GAAG,MAAM,CAAC,KAA2B,CAAC;QACjD,MAAM,SAAS,GAAI,MAAM,CAAC,UAAiC,IAAI,QAAQ,CAAC;QACxE,MAAM,UAAU,GAAG,MAAM,CAAC,WAAiC,CAAC;QAE5D,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EACH,uGAAuG;aAC1G,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,yDAAyD;QACzD,IAAI,YAAgC,CAAC;QACrC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,+CAA+C,EAC/C,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE,EAAE,CACxD,CAAC;YACF,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAuB,CAAC;gBAC3D,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC;YAC5B,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,oEAAoE;QACtE,CAAC;QAED,MAAM,MAAM,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAEjF,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,QAAQ,CAAC;YACtD,IAAI;YACJ,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,sBAAsB;YAC9B,OAAO,EAAE;gBACP,IAAI,EAAE,cAAc;gBACpB,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,SAAqB;gBAChC,SAAS,EAAE,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ;gBAC9C,MAAM;gBACN,YAAY;gBACZ,QAAQ,EAAE,sBAAsB;aACjC;SACF,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;YAC7C,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,YAAY;SACb,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B;SACxE,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
+{"version":3,"file":"credentials.controller.js","sourceRoot":"","sources":["../../../../../../backend/src/controllers/credentials/credentials.controller.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAGH,OAAO,EACL,yBAAyB,GAE1B,MAAM,uDAAuD,CAAC;AAC/D,OAAO,EAAE,wBAAwB,EAAE,MAAM,kEAAkE,CAAC;AAC5G,OAAO,EAAE,uBAAuB,EAAE,MAAM,iCAAiC,CAAC;AAC1E,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AAEtE,MAAM,MAAM,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC,qBAAqB,CAC9D,uBAAuB,CACxB,CAAC;AAEF,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,wDAAwD;AACxD,MAAM,gBAAgB,GAAwB,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC;AAE7E,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAE/E,kFAAkF;AAClF,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;AACvD,CAAC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E,IAAI,YAAY,GAAoC,IAAI,CAAC;AAEzD,SAAS,eAAe;IACtB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,IAAI,wBAAwB,CAAC,yBAAyB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,4BAA4B;IAC1C,YAAY,GAAG,IAAI,CAAC;AACtB,CAAC;AAED,+EAA+E;AAC/E,WAAW;AACX,+EAA+E;AAE/E;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAa,EACb,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,yBAAyB,EAAE,CAAC,eAAe,EAAE,CAAC;QAClE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,wBAAwB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5E,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAClD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAI3B,CAAC;QACF,IACE,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;YAC5B,CAAC,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC;YAChC,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAC7B,CAAC;YACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EACH,sFAAsF;aACzF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,SAAS,CAAC;YACvD,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QAClF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAyC,CAAC;QACtE,MAAM,KAAK,GAA6B,EAAE,CAAC;QAE3C,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,iCAAiC;iBACzC,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QACzB,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC9B,IACE,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ;gBAC/B,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAClC,CAAC;gBACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,0BAA0B,CAAC,GAAG,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;iBACpE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YACD,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAA8B,CAAC;QACrD,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,oDAAoD;aAC5D,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,gBAAgB,CAC7D,GAAG,CAAC,MAAM,CAAC,EAAE,EACb,KAAK,CACN,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,yBAAyB,EAAE,CAAC,gBAAgB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAClE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,uBAAuB,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAsB,CAAC;QACvD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,8BAA8B;aACtC,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,eAAe,EAAE,CAAC,eAAe,EAAE,CAAC;QAC1D,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,QAAQ,CAAC;YACtD,IAAI;YACJ,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,sBAAsB;YAC9B,OAAO;SACR,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE;YACvD,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,YAAY,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,uEAAuE;QACvE,MAAM,OAAO,GACX,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,6BAA6B,CAAC;QACrE,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;QAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B,CAC/C,IAAa,EACb,GAAa,EACb,IAAkB;IAElB,IAAI,CAAC;QACH,MAAM,eAAe,EAAE,CAAC,kBAAkB,EAAE,CAAC;QAC7C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,oCAAoC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5D,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,CAAC;AACH,CAAC;AAED,0EAA0E;AAC1E,6EAA6E;AAC7E,6BAA6B"}

package/dist/backend/backend/src/controllers/credentials/credentials.routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.routes.d.ts","sourceRoot":"","sources":["../../../../../../backend/src/controllers/credentials/credentials.routes.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAajC;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAiBhD"}
+{"version":3,"file":"credentials.routes.d.ts","sourceRoot":"","sources":["../../../../../../backend/src/controllers/credentials/credentials.routes.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAejC;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,CAiBhD"}

package/dist/backend/backend/src/controllers/credentials/credentials.routes.js

@@ -6,7 +6,8 @@
  * @module controllers/credentials/credentials.routes
  */
 import { Router } from 'express';
-import { listCredentials, getCredentialById, addApiKey, updateCredentialHandler, deleteCredentialHandler, importOAuthFromGeminiCli, clearGeminiCliExtensionFile, startGoogleOAuth, completeGoogleOAuth, } from './credentials.controller.js';
+import { listCredentials, getCredentialById, addApiKey, updateCredentialHandler, deleteCredentialHandler, importOAuthFromGeminiCli, clearGeminiCliExtensionFile, } from './credentials.controller.js';
+import { startGoogleOAuth, completeGoogleOAuth, } from './google-oauth.controller.js';
 /**
  * Create the credentials router.
  *

package/dist/backend/backend/src/controllers/credentials/credentials.routes.js.map

@@ -1 +1 @@
-{"version":3,"file":"credentials.routes.js","sourceRoot":"","sources":["../../../../../../backend/src/controllers/credentials/credentials.routes.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,SAAS,EACT,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,2BAA2B,EAC3B,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,6BAA6B,CAAC;AAErC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAEjC,yDAAyD;IACzD,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACnC,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,wBAAwB,CAAC,CAAC;IAClE,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,2BAA2B,CAAC,CAAC;IACnF,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,gBAAgB,CAAC,CAAC;IACrD,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,mBAAmB,CAAC,CAAC;IAE3D,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;IAC9C,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;IAE/C,OAAO,MAAM,CAAC;AAChB,CAAC"}
+{"version":3,"file":"credentials.routes.js","sourceRoot":"","sources":["../../../../../../backend/src/controllers/credentials/credentials.routes.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,SAAS,EACT,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,2BAA2B,GAC5B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,gBAAgB,EAChB,mBAAmB,GACpB,MAAM,8BAA8B,CAAC;AAEtC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAEjC,yDAAyD;IACzD,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACnC,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,wBAAwB,CAAC,CAAC;IAClE,MAAM,CAAC,IAAI,CAAC,wCAAwC,EAAE,2BAA2B,CAAC,CAAC;IACnF,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,gBAAgB,CAAC,CAAC;IACrD,MAAM,CAAC,IAAI,CAAC,wBAAwB,EAAE,mBAAmB,CAAC,CAAC;IAE3D,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;IAC9C,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;IAE/C,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/backend/backend/src/controllers/credentials/google-oauth.controller.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Headless Google OAuth Controller
+ *
+ * Implements the "remote user" Google OAuth flow for callers without a
+ * terminal (e.g., Slack agents, email). The agent posts to `/oauth/google/start`
+ * to get an `authUrl` that the user clicks on any device; the Gemini CLI
+ * Workspace cloud function renders the credentials JSON; the agent posts
+ * the pasted JSON back to `/oauth/google/complete` to save it as a Crewly
+ * credential.
+ *
+ * This flow is separate from `/oauth/import-gemini-cli` (which reads from
+ * the on-box extension's token file) and lives in its own module so the
+ * credentials CRUD controller stays focused.
+ *
+ * @module controllers/credentials/google-oauth.controller
+ */
+import type { Request, Response, NextFunction } from 'express';
+/**
+ * POST /api/credentials/oauth/google/start
+ *
+ * Build a Google OAuth URL that the caller can send to a remote user (via
+ * Slack, email, etc.). The URL opens on the user's device, they sign in,
+ * and the cloud function returns a page showing the credentials JSON for
+ * the user to copy back.
+ *
+ * Body: `{ scopes?: string[] }` — optional scope override
+ * Returns: `{ success, data: { authUrl } }`
+ */
+export declare function startGoogleOAuth(req: Request, res: Response, _next: NextFunction): Promise<void>;
+/**
+ * POST /api/credentials/oauth/google/complete
+ *
+ * Accept the credentials JSON the user copied from the OAuth success page,
+ * verify it, fetch the account email, and save as a new Crewly credential.
+ *
+ * Body: `{ name: string, credentialsJson: string | object }`
+ * Returns: `{ success, data: CredentialRegistryEntry }`
+ */
+export declare function completeGoogleOAuth(req: Request, res: Response, _next: NextFunction): Promise<void>;
+//# sourceMappingURL=google-oauth.controller.d.ts.map

package/dist/backend/backend/src/controllers/credentials/google-oauth.controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-oauth.controller.d.ts","sourceRoot":"","sources":["../../../../../../backend/src/controllers/credentials/google-oauth.controller.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAuB/D;;;;;;;;;;GAUG;AACH,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,IAAI,CAAC,CAiCf;AAED;;;;;;;;GAQG;AACH,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,IAAI,CAAC,CAqEf"}

package/dist/backend/backend/src/controllers/credentials/google-oauth.controller.js

@@ -0,0 +1,162 @@
+/**
+ * Headless Google OAuth Controller
+ *
+ * Implements the "remote user" Google OAuth flow for callers without a
+ * terminal (e.g., Slack agents, email). The agent posts to `/oauth/google/start`
+ * to get an `authUrl` that the user clicks on any device; the Gemini CLI
+ * Workspace cloud function renders the credentials JSON; the agent posts
+ * the pasted JSON back to `/oauth/google/complete` to save it as a Crewly
+ * credential.
+ *
+ * This flow is separate from `/oauth/import-gemini-cli` (which reads from
+ * the on-box extension's token file) and lives in its own module so the
+ * credentials CRUD controller stays focused.
+ *
+ * @module controllers/credentials/google-oauth.controller
+ */
+import { getCredentialStoreService } from '../../services/credential/credential-store.service.js';
+import { LoggerService } from '../../services/core/logger.service.js';
+import { GOOGLE_OAUTH_CLIENT_ID, GOOGLE_OAUTH_REDIRECT_URI, GOOGLE_OAUTH_AUTH_BASE, DEFAULT_GOOGLE_SCOPES, } from '../../config/oauth.config.js';
+import { fetchGoogleAccountEmail } from '../../utils/google-userinfo.utils.js';
+const logger = LoggerService.getInstance().createComponentLogger('GoogleOAuthController');
+/**
+ * Default access-token lifetime to assume when Google does not return
+ * `expiry_date` on the credentials JSON (1h matches Google's typical
+ * access-token TTL).
+ */
+const DEFAULT_ACCESS_TOKEN_TTL_MS = 3600_000;
+/**
+ * POST /api/credentials/oauth/google/start
+ *
+ * Build a Google OAuth URL that the caller can send to a remote user (via
+ * Slack, email, etc.). The URL opens on the user's device, they sign in,
+ * and the cloud function returns a page showing the credentials JSON for
+ * the user to copy back.
+ *
+ * Body: `{ scopes?: string[] }` — optional scope override
+ * Returns: `{ success, data: { authUrl } }`
+ */
+export async function startGoogleOAuth(req, res, _next) {
+    try {
+        const scopesOverride = req.body?.scopes ?? undefined;
+        const scopes = scopesOverride && scopesOverride.length > 0
+            ? scopesOverride
+            : DEFAULT_GOOGLE_SCOPES;
+        // state payload tells the cloud function to render the manual/copy-paste
+        // page (instead of redirecting to a localhost URI, which this flow doesn't
+        // use).
+        const statePayload = { manual: true };
+        const state = Buffer.from(JSON.stringify(statePayload)).toString('base64');
+        const params = new URLSearchParams({
+            client_id: GOOGLE_OAUTH_CLIENT_ID,
+            redirect_uri: GOOGLE_OAUTH_REDIRECT_URI,
+            response_type: 'code',
+            scope: scopes.join(' '),
+            state,
+            access_type: 'offline',
+            prompt: 'consent',
+        });
+        const authUrl = `${GOOGLE_OAUTH_AUTH_BASE}?${params.toString()}`;
+        res.json({ success: true, data: { authUrl } });
+    }
+    catch (err) {
+        logger.error('startGoogleOAuth failed', { err });
+        res.status(500).json({
+            success: false,
+            error: err instanceof Error ? err.message : 'Failed to build OAuth URL',
+        });
+    }
+}
+/**
+ * POST /api/credentials/oauth/google/complete
+ *
+ * Accept the credentials JSON the user copied from the OAuth success page,
+ * verify it, fetch the account email, and save as a new Crewly credential.
+ *
+ * Body: `{ name: string, credentialsJson: string | object }`
+ * Returns: `{ success, data: CredentialRegistryEntry }`
+ */
+export async function completeGoogleOAuth(req, res, _next) {
+    try {
+        const { name, credentialsJson } = (req.body ?? {});
+        if (!name || !credentialsJson) {
+            res.status(400).json({
+                success: false,
+                error: 'Missing required fields: name, credentialsJson',
+            });
+            return;
+        }
+        const parsed = parseCredentialsJson(credentialsJson);
+        if (!parsed.ok) {
+            res.status(400).json({ success: false, error: parsed.error });
+            return;
+        }
+        const accessToken = parsed.value.access_token;
+        const refreshToken = parsed.value.refresh_token;
+        const scope = parsed.value.scope;
+        const tokenType = parsed.value.token_type ?? 'Bearer';
+        const expiryDate = parsed.value.expiry_date;
+        if (!accessToken || !refreshToken) {
+            res.status(400).json({
+                success: false,
+                error: 'credentialsJson is missing access_token or refresh_token. Make sure you copied the entire JSON block.',
+            });
+            return;
+        }
+        const accountEmail = await fetchGoogleAccountEmail(accessToken);
+        const scopes = typeof scope === 'string' ? scope.split(' ').filter(Boolean) : [];
+        const cred = await getCredentialStoreService().addOAuth({
+            name,
+            provider: 'google',
+            helper: 'gemini-cli-workspace',
+            payload: {
+                type: 'google-oauth',
+                accessToken,
+                refreshToken,
+                tokenType: tokenType,
+                expiresAt: expiryDate ?? Date.now() + DEFAULT_ACCESS_TOKEN_TTL_MS,
+                scopes,
+                accountEmail,
+                clientId: GOOGLE_OAUTH_CLIENT_ID,
+            },
+        });
+        logger.info('Completed headless Google OAuth', {
+            id: cred.id,
+            accountEmail,
+        });
+        res.status(201).json({ success: true, data: cred });
+    }
+    catch (err) {
+        logger.error('completeGoogleOAuth failed', { err });
+        res.status(500).json({
+            success: false,
+            error: err instanceof Error ? err.message : 'Failed to save credential',
+        });
+    }
+}
+/**
+ * Normalize `credentialsJson` to a parsed object. Accepts either a JSON
+ * string or an already-parsed object. Returns a discriminated result so
+ * callers can surface precise 400 messages to the user.
+ */
+function parseCredentialsJson(input) {
+    if (typeof input === 'string') {
+        try {
+            return { ok: true, value: JSON.parse(input) };
+        }
+        catch {
+            return {
+                ok: false,
+                error: 'credentialsJson is not valid JSON. Paste the JSON block from the "Success! Credentials Ready" page exactly as shown.',
+            };
+        }
+    }
+    if (typeof input === 'object' && input !== null) {
+        return { ok: true, value: input };
+    }
+    return {
+        ok: false,
+        error: 'credentialsJson must be a JSON string or object',
+    };
+}
+//# sourceMappingURL=google-oauth.controller.js.map

package/dist/backend/backend/src/controllers/credentials/google-oauth.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-oauth.controller.js","sourceRoot":"","sources":["../../../../../../backend/src/controllers/credentials/google-oauth.controller.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH,OAAO,EAAE,yBAAyB,EAAE,MAAM,uDAAuD,CAAC;AAClG,OAAO,EAAE,aAAa,EAAE,MAAM,uCAAuC,CAAC;AACtE,OAAO,EACL,sBAAsB,EACtB,yBAAyB,EACzB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,uBAAuB,EAAE,MAAM,sCAAsC,CAAC;AAE/E,MAAM,MAAM,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC,qBAAqB,CAC9D,uBAAuB,CACxB,CAAC;AAEF;;;;GAIG;AACH,MAAM,2BAA2B,GAAG,QAAQ,CAAC;AAE7C;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,GAAY,EACZ,GAAa,EACb,KAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,cAAc,GAAI,GAAG,CAAC,IAAI,EAAE,MAA+B,IAAI,SAAS,CAAC;QAC/E,MAAM,MAAM,GACV,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC;YACzC,CAAC,CAAC,cAAc;YAChB,CAAC,CAAC,qBAAqB,CAAC;QAE5B,yEAAyE;QACzE,2EAA2E;QAC3E,QAAQ;QACR,MAAM,YAAY,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;QACtC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE3E,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,sBAAsB;YACjC,YAAY,EAAE,yBAAyB;YACvC,aAAa,EAAE,MAAM;YACrB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;YACvB,KAAK;YACL,WAAW,EAAE,SAAS;YACtB,MAAM,EAAE,SAAS;SAClB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,GAAG,sBAAsB,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;QACjE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B;SACxE,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAY,EACZ,GAAa,EACb,KAAmB;IAEnB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAGhD,CAAC;QAEF,IAAI,CAAC,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,gDAAgD;aACxD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,oBAAoB,CAAC,eAAe,CAAC,CAAC;QACrD,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,CAAC,YAAkC,CAAC;QACpE,MAAM,YAAY,GAAG,MAAM,CAAC,KAAK,CAAC,aAAmC,CAAC;QACtE,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,KAA2B,CAAC;QACvD,MAAM,SAAS,GAAI,MAAM,CAAC,KAAK,CAAC,UAAiC,IAAI,QAAQ,CAAC;QAC9E,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,WAAiC,CAAC;QAElE,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;YAClC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,KAAK,EACH,uGAAuG;aAC1G,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,CAAC,WAAW,CAAC,CAAC;QAChE,MAAM,MAAM,GACV,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAEpE,MAAM,IAAI,GAAG,MAAM,yBAAyB,EAAE,CAAC,QAAQ,CAAC;YACtD,IAAI;YACJ,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,sBAAsB;YAC9B,OAAO,EAAE;gBACP,IAAI,EAAE,cAAc;gBACpB,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,SAAqB;gBAChC,SAAS,EAAE,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,2BAA2B;gBACjE,MAAM;gBACN,YAAY;gBACZ,QAAQ,EAAE,sBAAsB;aACjC;SACF,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,iCAAiC,EAAE;YAC7C,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,YAAY;SACb,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B;SACxE,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAOD;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAc;IAC1C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAA4B,EAAE,CAAC;QAC3E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EACH,sHAAsH;aACzH,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QAChD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAgC,EAAE,CAAC;IAC/D,CAAC;IACD,OAAO;QACL,EAAE,EAAE,KAAK;QACT,KAAK,EAAE,iDAAiD;KACzD,CAAC;AACJ,CAAC"}

package/dist/backend/backend/src/controllers/onboarding/onboarding.routes.d.ts

@@ -3,22 +3,22 @@
  *
  * Provides session lifecycle management for KR3 sub-5-minute onboarding:
  *   POST   /api/onboarding/sessions         — Create a new session
- *   GET    /api/onboarding/sessions          — List all sessions
- *   GET    /api/onboarding/sessions/:id      — Get session by ID
- *   PUT    /api/onboarding/sessions/:id      — Update session (website URL, answers)
- *   POST   /api/onboarding/sessions/:id/prefill   — Store AI-extracted prefill data
- *   POST   /api/onboarding/sessions/:id/approve   — Approve reviewed profile
- *   POST   /api/onboarding/sessions/:id/complete  — Complete onboarding (generate guide)
- *   GET    /api/onboarding/questions          — Get all questionnaire questions
- *   POST   /api/onboarding/provision          — Provision a team from onboarding discovery
+ *   GET    /api/onboarding/sessions          — List the caller's sessions
+ *   GET    /api/onboarding/sessions/:id      — Get session by ID (owner-scoped)
+ *   PUT    /api/onboarding/sessions/:id      — Update session (owner-scoped)
+ *   POST   /api/onboarding/sessions/:id/prefill   — Store prefill data (owner-scoped)
+ *   POST   /api/onboarding/sessions/:id/approve   — Approve profile (owner-scoped)
+ *   POST   /api/onboarding/provision         — Provision final team (owner-scoped)
+ *
+ * Every endpoint runs behind `requireAuth` so each request carries
+ * `req.user.userId` (the authenticated principal). The principal is
+ * forwarded to {@link OnboardingService} as the owner scope for every
+ * read and mutation, which closes the cross-tenant leak originally
+ * introduced in `b29de620` and surfaced by Arch's review of PR #347
+ * (item N1, Phase E pre-beta).
  *
  * @module controllers/onboarding/onboarding.routes
  */
 import { Router } from 'express';
-/**
- * Create the onboarding router with all session management endpoints.
- *
- * @returns Express Router for /api/onboarding
- */
 export declare function createOnboardingRouter(): Router;
 //# sourceMappingURL=onboarding.routes.d.ts.map

package/dist/backend/backend/src/controllers/onboarding/onboarding.routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"onboarding.routes.d.ts","sourceRoot":"","sources":["../../../../../../backend/src/controllers/onboarding/onboarding.routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,MAAM,EAA+B,MAAM,SAAS,CAAC;AAM9D;;;;GAIG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAuW/C"}
+{"version":3,"file":"onboarding.routes.d.ts","sourceRoot":"","sources":["../../../../../../backend/src/controllers/onboarding/onboarding.routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,MAAM,EAA+B,MAAM,SAAS,CAAC;AAoB9D,wBAAgB,sBAAsB,IAAI,MAAM,CA+J/C"}