integrate-sdk 0.9.18-dev.0 → 0.9.20-dev.0

package/dist/code-mode/index.js

@@ -275,6 +275,19 @@ if (!MCP_URL) {
   throw new Error('INTEGRATE_MCP_URL is not set — the sandbox cannot reach the MCP route.');
 }
 
+// Diagnostic: log sandbox env summary to stderr so it shows up in the
+// execute_code result's stderr field for debugging auth issues.
+console.error('[sandbox-diag] MCP_URL=' + MCP_URL);
+console.error('[sandbox-diag] HAS_API_KEY=' + !!API_KEY);
+console.error('[sandbox-diag] HAS_SESSION_TOKEN=' + !!SESSION_TOKEN);
+console.error('[sandbox-diag] HAS_PROVIDER_TOKENS=' + !!PROVIDER_TOKENS);
+if (PROVIDER_TOKENS) {
+  try {
+    const _keys = Object.keys(JSON.parse(PROVIDER_TOKENS));
+    console.error('[sandbox-diag] PROVIDER_TOKEN_KEYS=' + _keys.join(','));
+  } catch { console.error('[sandbox-diag] PROVIDER_TOKENS is not valid JSON'); }
+}
+
 function camelToSnake(str) {
   return str.replace(/[A-Z]/g, (letter) => '_' + letter.toLowerCase());
 }
@@ -290,6 +303,14 @@ async function callTool(toolName, args) {
   if (INTEGRATIONS_HEADER) headers['x-integrations'] = INTEGRATIONS_HEADER;
   if (CONTEXT_JSON) headers['x-integrate-context'] = CONTEXT_JSON;
 
+  console.error('[sandbox-diag] callTool: ' + toolName + ' → ' + MCP_URL);
+  console.error('[sandbox-diag] headers: ' + JSON.stringify({
+    hasAuth: !!headers['Authorization'],
+    hasApiKey: !!headers['x-integrate-api-key'],
+    hasTokens: !!headers['x-integrate-tokens'],
+    hasCodeMode: !!headers['x-integrate-code-mode'],
+  }));
+
   const res = await fetch(MCP_URL, {
     method: 'POST',
     headers,
@@ -297,6 +318,8 @@ async function callTool(toolName, args) {
   });
 
   const text = await res.text();
+  console.error('[sandbox-diag] response: HTTP ' + res.status + ' len=' + text.length);
+
   let payload;
   try {
     payload = text ? JSON.parse(text) : null;
@@ -485,6 +508,16 @@ async function executeSandboxCode(options) {
       env.INTEGRATE_INTEGRATIONS = options.integrationsHeader;
     if (options.context)
       env.INTEGRATE_CONTEXT = JSON.stringify(options.context);
+    console.debug("[integrate-sdk] Sandbox env:", JSON.stringify({
+      mcpUrl: options.mcpUrl,
+      hasApiKey: !!options.apiKey,
+      hasSessionToken: !!options.sessionToken,
+      providerTokenKeys: options.providerTokens ? Object.keys(options.providerTokens) : [],
+      hasIntegrations: !!options.integrationsHeader,
+      hasContext: !!options.context,
+      runtime,
+      timeoutMs
+    }));
     const cmd = await sandbox.runCommand({
       cmd: "node",
       args: ["user.mjs"],
@@ -540,6 +573,59 @@ function getEnv(key) {
   return;
 }
 
+// ../utils/request-tokens.ts
+async function getProviderTokens(manualTokens) {
+  if (manualTokens) {
+    return manualTokens;
+  }
+  let tokensString = null;
+  if (!tokensString) {
+    try {
+      const getNextHeadersPath = () => {
+        const parts = ["next", "/headers"];
+        return parts.join("");
+      };
+      const nextHeaders = await import(getNextHeadersPath()).catch(() => null);
+      if (nextHeaders && typeof nextHeaders.headers === "function") {
+        const headersList = await Promise.resolve(nextHeaders.headers());
+        tokensString = headersList.get("x-integrate-tokens");
+      }
+    } catch {}
+  }
+  if (!tokensString) {
+    try {
+      const getNuxtHeaders = new Function(`
+        try {
+          if (typeof useRequestHeaders === 'function') {
+            return useRequestHeaders();
+          }
+        } catch {}
+        return null;
+      `);
+      const headers = getNuxtHeaders();
+      if (headers && typeof headers === "object") {
+        tokensString = headers["x-integrate-tokens"];
+      }
+    } catch {}
+  }
+  if (!tokensString) {
+    if (typeof process !== "undefined" && process.env) {
+      tokensString = process.env.PROVIDER_TOKENS;
+    }
+  }
+  if (tokensString) {
+    try {
+      const parsed = JSON.parse(tokensString);
+      if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+        return parsed;
+      }
+    } catch (error) {
+      throw new Error(`Failed to parse provider tokens: ${error instanceof Error ? error.message : "Invalid JSON"}`);
+    }
+  }
+  throw new Error("Provider tokens not found. Please pass tokens manually via options.providerTokens or set the x-integrate-tokens header in your request.");
+}
+
 // tool-builder.ts
 var CODE_MODE_TOOL_NAME = "execute_code";
 var TYPES_TOOL_NAME = "get_integration_types";
@@ -616,11 +702,50 @@ ${generated.compact}`;
       };
     }
     const mcpUrl = publicUrl.replace(/\/$/, "") + "/api/integrate/mcp";
+    let resolvedTokens = providerTokens;
+    let tokenSource = resolvedTokens && Object.keys(resolvedTokens).length > 0 ? "build-time" : "none";
+    if (!resolvedTokens || Object.keys(resolvedTokens).length === 0) {
+      try {
+        resolvedTokens = await getProviderTokens();
+        if (resolvedTokens && Object.keys(resolvedTokens).length > 0) {
+          tokenSource = "request-header";
+        }
+      } catch {}
+    }
+    if (!resolvedTokens || Object.keys(resolvedTokens).length === 0) {
+      const oauthManager = client.oauthManager;
+      if (oauthManager) {
+        resolvedTokens = {};
+        const clientIntegrations = client.integrations || [];
+        for (const integration of clientIntegrations) {
+          if (integration.oauth) {
+            const provider = integration.oauth.provider;
+            try {
+              const tokenData = await oauthManager.getProviderToken(provider, undefined, context);
+              if (tokenData?.accessToken) {
+                resolvedTokens[provider] = tokenData.accessToken;
+              }
+            } catch {}
+          }
+        }
+        if (Object.keys(resolvedTokens).length === 0) {
+          resolvedTokens = undefined;
+        } else {
+          tokenSource = "oauthManager";
+        }
+      }
+    }
+    console.debug("[integrate-sdk] execute_code token resolution:", JSON.stringify({
+      source: tokenSource,
+      keys: resolvedTokens ? Object.keys(resolvedTokens) : [],
+      hasApiKey: !!apiKey,
+      mcpUrl
+    }));
     return executeSandboxCode({
       code,
       mcpUrl,
       apiKey,
-      providerTokens,
+      providerTokens: resolvedTokens,
       context,
       integrationsHeader: integrationIds && integrationIds.length > 0 ? integrationIds.join(",") : undefined,
       runtime: sandboxOverrides.runtime ?? serverCodeModeConfig.runtime,

package/dist/code-mode/runtime-stub.d.ts

@@ -12,5 +12,5 @@
  * dependencies. It is NOT imported by the host SDK — it only ships as a
  * literal payload to the sandbox.
  */
-export declare const RUNTIME_STUB_SOURCE = "// runtime.mjs \u2014 generated by integrate-sdk code mode\nconst MCP_URL = process.env.INTEGRATE_MCP_URL;\nconst SESSION_TOKEN = process.env.INTEGRATE_SESSION_TOKEN;\nconst API_KEY = process.env.INTEGRATE_API_KEY || '';\nconst PROVIDER_TOKENS = process.env.INTEGRATE_PROVIDER_TOKENS || '';\nconst INTEGRATIONS_HEADER = process.env.INTEGRATE_INTEGRATIONS || '';\nconst CONTEXT_JSON = process.env.INTEGRATE_CONTEXT || '';\n\nif (!MCP_URL) {\n  throw new Error('INTEGRATE_MCP_URL is not set \u2014 the sandbox cannot reach the MCP route.');\n}\n\nfunction camelToSnake(str) {\n  return str.replace(/[A-Z]/g, (letter) => '_' + letter.toLowerCase());\n}\n\nasync function callTool(toolName, args) {\n  const headers = {\n    'Content-Type': 'application/json',\n    'x-integrate-code-mode': '1',\n  };\n  if (SESSION_TOKEN) headers['Authorization'] = 'Bearer ' + SESSION_TOKEN;\n  if (API_KEY) headers['x-integrate-api-key'] = API_KEY;\n  if (PROVIDER_TOKENS) headers['x-integrate-tokens'] = PROVIDER_TOKENS;\n  if (INTEGRATIONS_HEADER) headers['x-integrations'] = INTEGRATIONS_HEADER;\n  if (CONTEXT_JSON) headers['x-integrate-context'] = CONTEXT_JSON;\n\n  const res = await fetch(MCP_URL, {\n    method: 'POST',\n    headers,\n    body: JSON.stringify({ name: toolName, arguments: args || {} }),\n  });\n\n  const text = await res.text();\n  let payload;\n  try {\n    payload = text ? JSON.parse(text) : null;\n  } catch {\n    payload = { content: [{ type: 'text', text }] };\n  }\n\n  if (!res.ok) {\n    let message = (payload && (payload.error || payload.message)) || 'Tool call failed: HTTP ' + res.status;\n    if ((res.status === 401 || res.status === 403) && typeof text === 'string' && text.indexOf('Authorization header') !== -1) {\n      message =\n        'Code Mode callback was rejected by the MCP server (HTTP ' + res.status + '). ' +\n        'The SDK route could not synthesize an Authorization header. Check the host-side ' +\n        'createMCPServer config (apiKey, getProviderToken) or pass providerTokens to the ' +\n        'AI helper. Original upstream message: ' + text;\n    }\n    const err = new Error(message);\n    err.status = res.status;\n    err.toolName = toolName;\n    throw err;\n  }\n\n  return payload;\n}\n\nfunction createIntegrationProxy(integrationId) {\n  return new Proxy({}, {\n    get(_target, methodName) {\n      if (typeof methodName !== 'string') return undefined;\n      return (args) => callTool(integrationId + '_' + camelToSnake(methodName), args);\n    },\n  });\n}\n\nexport const client = new Proxy({}, {\n  get(_target, integrationId) {\n    if (typeof integrationId !== 'string') return undefined;\n    return createIntegrationProxy(integrationId);\n  },\n});\n\nexport { callTool };\n";
+export declare const RUNTIME_STUB_SOURCE = "// runtime.mjs \u2014 generated by integrate-sdk code mode\nconst MCP_URL = process.env.INTEGRATE_MCP_URL;\nconst SESSION_TOKEN = process.env.INTEGRATE_SESSION_TOKEN;\nconst API_KEY = process.env.INTEGRATE_API_KEY || '';\nconst PROVIDER_TOKENS = process.env.INTEGRATE_PROVIDER_TOKENS || '';\nconst INTEGRATIONS_HEADER = process.env.INTEGRATE_INTEGRATIONS || '';\nconst CONTEXT_JSON = process.env.INTEGRATE_CONTEXT || '';\n\nif (!MCP_URL) {\n  throw new Error('INTEGRATE_MCP_URL is not set \u2014 the sandbox cannot reach the MCP route.');\n}\n\n// Diagnostic: log sandbox env summary to stderr so it shows up in the\n// execute_code result's stderr field for debugging auth issues.\nconsole.error('[sandbox-diag] MCP_URL=' + MCP_URL);\nconsole.error('[sandbox-diag] HAS_API_KEY=' + !!API_KEY);\nconsole.error('[sandbox-diag] HAS_SESSION_TOKEN=' + !!SESSION_TOKEN);\nconsole.error('[sandbox-diag] HAS_PROVIDER_TOKENS=' + !!PROVIDER_TOKENS);\nif (PROVIDER_TOKENS) {\n  try {\n    const _keys = Object.keys(JSON.parse(PROVIDER_TOKENS));\n    console.error('[sandbox-diag] PROVIDER_TOKEN_KEYS=' + _keys.join(','));\n  } catch { console.error('[sandbox-diag] PROVIDER_TOKENS is not valid JSON'); }\n}\n\nfunction camelToSnake(str) {\n  return str.replace(/[A-Z]/g, (letter) => '_' + letter.toLowerCase());\n}\n\nasync function callTool(toolName, args) {\n  const headers = {\n    'Content-Type': 'application/json',\n    'x-integrate-code-mode': '1',\n  };\n  if (SESSION_TOKEN) headers['Authorization'] = 'Bearer ' + SESSION_TOKEN;\n  if (API_KEY) headers['x-integrate-api-key'] = API_KEY;\n  if (PROVIDER_TOKENS) headers['x-integrate-tokens'] = PROVIDER_TOKENS;\n  if (INTEGRATIONS_HEADER) headers['x-integrations'] = INTEGRATIONS_HEADER;\n  if (CONTEXT_JSON) headers['x-integrate-context'] = CONTEXT_JSON;\n\n  console.error('[sandbox-diag] callTool: ' + toolName + ' \u2192 ' + MCP_URL);\n  console.error('[sandbox-diag] headers: ' + JSON.stringify({\n    hasAuth: !!headers['Authorization'],\n    hasApiKey: !!headers['x-integrate-api-key'],\n    hasTokens: !!headers['x-integrate-tokens'],\n    hasCodeMode: !!headers['x-integrate-code-mode'],\n  }));\n\n  const res = await fetch(MCP_URL, {\n    method: 'POST',\n    headers,\n    body: JSON.stringify({ name: toolName, arguments: args || {} }),\n  });\n\n  const text = await res.text();\n  console.error('[sandbox-diag] response: HTTP ' + res.status + ' len=' + text.length);\n\n  let payload;\n  try {\n    payload = text ? JSON.parse(text) : null;\n  } catch {\n    payload = { content: [{ type: 'text', text }] };\n  }\n\n  if (!res.ok) {\n    let message = (payload && (payload.error || payload.message)) || 'Tool call failed: HTTP ' + res.status;\n    if ((res.status === 401 || res.status === 403) && typeof text === 'string' && text.indexOf('Authorization header') !== -1) {\n      message =\n        'Code Mode callback was rejected by the MCP server (HTTP ' + res.status + '). ' +\n        'The SDK route could not synthesize an Authorization header. Check the host-side ' +\n        'createMCPServer config (apiKey, getProviderToken) or pass providerTokens to the ' +\n        'AI helper. Original upstream message: ' + text;\n    }\n    const err = new Error(message);\n    err.status = res.status;\n    err.toolName = toolName;\n    throw err;\n  }\n\n  return payload;\n}\n\nfunction createIntegrationProxy(integrationId) {\n  return new Proxy({}, {\n    get(_target, methodName) {\n      if (typeof methodName !== 'string') return undefined;\n      return (args) => callTool(integrationId + '_' + camelToSnake(methodName), args);\n    },\n  });\n}\n\nexport const client = new Proxy({}, {\n  get(_target, integrationId) {\n    if (typeof integrationId !== 'string') return undefined;\n    return createIntegrationProxy(integrationId);\n  },\n});\n\nexport { callTool };\n";
 //# sourceMappingURL=runtime-stub.d.ts.map

package/dist/code-mode/runtime-stub.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"runtime-stub.d.ts","sourceRoot":"","sources":["../../../src/code-mode/runtime-stub.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,eAAO,MAAM,mBAAmB,8rFA4E/B,CAAC"}
+{"version":3,"file":"runtime-stub.d.ts","sourceRoot":"","sources":["../../../src/code-mode/runtime-stub.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,eAAO,MAAM,mBAAmB,owHAmG/B,CAAC"}

package/dist/code-mode/runtime-stub.js

@@ -30,6 +30,19 @@ if (!MCP_URL) {
   throw new Error('INTEGRATE_MCP_URL is not set — the sandbox cannot reach the MCP route.');
 }
 
+// Diagnostic: log sandbox env summary to stderr so it shows up in the
+// execute_code result's stderr field for debugging auth issues.
+console.error('[sandbox-diag] MCP_URL=' + MCP_URL);
+console.error('[sandbox-diag] HAS_API_KEY=' + !!API_KEY);
+console.error('[sandbox-diag] HAS_SESSION_TOKEN=' + !!SESSION_TOKEN);
+console.error('[sandbox-diag] HAS_PROVIDER_TOKENS=' + !!PROVIDER_TOKENS);
+if (PROVIDER_TOKENS) {
+  try {
+    const _keys = Object.keys(JSON.parse(PROVIDER_TOKENS));
+    console.error('[sandbox-diag] PROVIDER_TOKEN_KEYS=' + _keys.join(','));
+  } catch { console.error('[sandbox-diag] PROVIDER_TOKENS is not valid JSON'); }
+}
+
 function camelToSnake(str) {
   return str.replace(/[A-Z]/g, (letter) => '_' + letter.toLowerCase());
 }
@@ -45,6 +58,14 @@ async function callTool(toolName, args) {
   if (INTEGRATIONS_HEADER) headers['x-integrations'] = INTEGRATIONS_HEADER;
   if (CONTEXT_JSON) headers['x-integrate-context'] = CONTEXT_JSON;
 
+  console.error('[sandbox-diag] callTool: ' + toolName + ' → ' + MCP_URL);
+  console.error('[sandbox-diag] headers: ' + JSON.stringify({
+    hasAuth: !!headers['Authorization'],
+    hasApiKey: !!headers['x-integrate-api-key'],
+    hasTokens: !!headers['x-integrate-tokens'],
+    hasCodeMode: !!headers['x-integrate-code-mode'],
+  }));
+
   const res = await fetch(MCP_URL, {
     method: 'POST',
     headers,
@@ -52,6 +73,8 @@ async function callTool(toolName, args) {
   });
 
   const text = await res.text();
+  console.error('[sandbox-diag] response: HTTP ' + res.status + ' len=' + text.length);
+
   let payload;
   try {
     payload = text ? JSON.parse(text) : null;

package/dist/code-mode/tool-builder.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tool-builder.d.ts","sourceRoot":"","sources":["../../../src/code-mode/tool-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAEvD,OAAO,EAIL,KAAK,wBAAwB,EAC9B,MAAM,eAAe,CAAC;AAGvB,eAAO,MAAM,mBAAmB,iBAAiB,CAAC;AAClD,eAAO,MAAM,eAAe,0BAA0B,CAAC;AAEvD,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,KAAK,EAAE,OAAO,EAAE,CAAC;IACjB,iDAAiD;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,iCAAiC;IACjC,OAAO,CAAC,EAAE,UAAU,CAAC;IACrB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;;;OAIG;IACH,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;QAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,aAAa,CAAC,EAAE,WAAW,GAAG,UAAU,GAAG;YAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;YAAC,OAAO,CAAC,EAAE;gBAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;aAAE,CAAA;SAAE,CAAC;KAClH,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ,CAAC;QACf,UAAU,EAAE;YACV,IAAI,EAAE;gBAAE,IAAI,EAAE,QAAQ,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAE,CAAC;SAC/C,CAAC;QACF,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC;QACnB,oBAAoB,EAAE,KAAK,CAAC;KAC7B,CAAC;IACF,OAAO,EAAE,CAAC,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,wBAAwB,CAAC,CAAC;CACzE;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ,CAAC;QACf,UAAU,EAAE;YACV,WAAW,EAAE;gBAAE,IAAI,EAAE,QAAQ,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAE,CAAC;SACtD,CAAC;QACF,QAAQ,EAAE,CAAC,aAAa,CAAC,CAAC;QAC1B,oBAAoB,EAAE,KAAK,CAAC;KAC7B,CAAC;IACF,OAAO,EAAE,CAAC,KAAK,EAAE;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,KAAK;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CACzG;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,sBAAsB,CAAC;IACjC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAaD,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,GAAG;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,WAAW,GAAG,UAAU,GAAG;QAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,CAAC,EAAE;YAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;SAAE,CAAA;KAAE,CAAC;CAClH,CAGA;AAED,MAAM,MAAM,yBAAyB,GAAG,iBAAiB,GAAG,eAAe,CAAC;AAE5E,MAAM,MAAM,iBAAiB,GACzB;IAAE,SAAS,EAAE,IAAI,CAAA;CAAE,GACnB;IAAE,SAAS,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,yBAAyB,CAAA;CAAE,CAAC;AAE5D;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,YAAY,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GACxC,MAAM,GAAG,SAAS,CAEpB;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAUzF;AAED,wBAAsB,cAAc,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAE7E;AAwBD,sEAAsE;AACtE,wBAAgB,+BAA+B,IAAI,IAAI,CAEtD;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,yBAAyB,GAAG,IAAI,CAI5E;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,EACtB,OAAO,EAAE,mBAAmB,GAC3B,aAAa,CA2Ff"}
+{"version":3,"file":"tool-builder.d.ts","sourceRoot":"","sources":["../../../src/code-mode/tool-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAEvD,OAAO,EAIL,KAAK,wBAAwB,EAC9B,MAAM,eAAe,CAAC;AAIvB,eAAO,MAAM,mBAAmB,iBAAiB,CAAC;AAClD,eAAO,MAAM,eAAe,0BAA0B,CAAC;AAEvD,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,KAAK,EAAE,OAAO,EAAE,CAAC;IACjB,iDAAiD;IACjD,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,iCAAiC;IACjC,OAAO,CAAC,EAAE,UAAU,CAAC;IACrB;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;;;OAIG;IACH,OAAO,CAAC,EAAE;QACR,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;QAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,aAAa,CAAC,EAAE,WAAW,GAAG,UAAU,GAAG;YAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;YAAC,OAAO,CAAC,EAAE;gBAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;aAAE,CAAA;SAAE,CAAC;KAClH,CAAC;CACH;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ,CAAC;QACf,UAAU,EAAE;YACV,IAAI,EAAE;gBAAE,IAAI,EAAE,QAAQ,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAE,CAAC;SAC/C,CAAC;QACF,QAAQ,EAAE,CAAC,MAAM,CAAC,CAAC;QACnB,oBAAoB,EAAE,KAAK,CAAC;KAC7B,CAAC;IACF,OAAO,EAAE,CAAC,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,wBAAwB,CAAC,CAAC;CACzE;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE;QACV,IAAI,EAAE,QAAQ,CAAC;QACf,UAAU,EAAE;YACV,WAAW,EAAE;gBAAE,IAAI,EAAE,QAAQ,CAAC;gBAAC,WAAW,EAAE,MAAM,CAAA;aAAE,CAAC;SACtD,CAAC;QACF,QAAQ,EAAE,CAAC,aAAa,CAAC,CAAC;QAC1B,oBAAoB,EAAE,KAAK,CAAC;KAC7B,CAAC;IACF,OAAO,EAAE,CAAC,KAAK,EAAE;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,KAAK;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CACzG;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,sBAAsB,CAAC;IACjC,SAAS,EAAE,mBAAmB,CAAC;CAChC;AAaD,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,GAAG;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,WAAW,GAAG,UAAU,GAAG;QAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,CAAC,EAAE;YAAE,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;SAAE,CAAA;KAAE,CAAC;CAClH,CAGA;AAED,MAAM,MAAM,yBAAyB,GAAG,iBAAiB,GAAG,eAAe,CAAC;AAE5E,MAAM,MAAM,iBAAiB,GACzB;IAAE,SAAS,EAAE,IAAI,CAAA;CAAE,GACnB;IAAE,SAAS,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,yBAAyB,CAAA;CAAE,CAAC;AAE5D;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,YAAY,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAA;CAAO,GACxC,MAAM,GAAG,SAAS,CAEpB;AAED,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAUzF;AAED,wBAAsB,cAAc,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAE7E;AAwBD,sEAAsE;AACtE,wBAAgB,+BAA+B,IAAI,IAAI,CAEtD;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,yBAAyB,GAAG,IAAI,CAI5E;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,EACtB,OAAO,EAAE,mBAAmB,GAC3B,aAAa,CAuJf"}

package/dist/code-mode/tool-builder.js

@@ -275,6 +275,19 @@ if (!MCP_URL) {
   throw new Error('INTEGRATE_MCP_URL is not set — the sandbox cannot reach the MCP route.');
 }
 
+// Diagnostic: log sandbox env summary to stderr so it shows up in the
+// execute_code result's stderr field for debugging auth issues.
+console.error('[sandbox-diag] MCP_URL=' + MCP_URL);
+console.error('[sandbox-diag] HAS_API_KEY=' + !!API_KEY);
+console.error('[sandbox-diag] HAS_SESSION_TOKEN=' + !!SESSION_TOKEN);
+console.error('[sandbox-diag] HAS_PROVIDER_TOKENS=' + !!PROVIDER_TOKENS);
+if (PROVIDER_TOKENS) {
+  try {
+    const _keys = Object.keys(JSON.parse(PROVIDER_TOKENS));
+    console.error('[sandbox-diag] PROVIDER_TOKEN_KEYS=' + _keys.join(','));
+  } catch { console.error('[sandbox-diag] PROVIDER_TOKENS is not valid JSON'); }
+}
+
 function camelToSnake(str) {
   return str.replace(/[A-Z]/g, (letter) => '_' + letter.toLowerCase());
 }
@@ -290,6 +303,14 @@ async function callTool(toolName, args) {
   if (INTEGRATIONS_HEADER) headers['x-integrations'] = INTEGRATIONS_HEADER;
   if (CONTEXT_JSON) headers['x-integrate-context'] = CONTEXT_JSON;
 
+  console.error('[sandbox-diag] callTool: ' + toolName + ' → ' + MCP_URL);
+  console.error('[sandbox-diag] headers: ' + JSON.stringify({
+    hasAuth: !!headers['Authorization'],
+    hasApiKey: !!headers['x-integrate-api-key'],
+    hasTokens: !!headers['x-integrate-tokens'],
+    hasCodeMode: !!headers['x-integrate-code-mode'],
+  }));
+
   const res = await fetch(MCP_URL, {
     method: 'POST',
     headers,
@@ -297,6 +318,8 @@ async function callTool(toolName, args) {
   });
 
   const text = await res.text();
+  console.error('[sandbox-diag] response: HTTP ' + res.status + ' len=' + text.length);
+
   let payload;
   try {
     payload = text ? JSON.parse(text) : null;
@@ -485,6 +508,16 @@ async function executeSandboxCode(options) {
       env.INTEGRATE_INTEGRATIONS = options.integrationsHeader;
     if (options.context)
       env.INTEGRATE_CONTEXT = JSON.stringify(options.context);
+    console.debug("[integrate-sdk] Sandbox env:", JSON.stringify({
+      mcpUrl: options.mcpUrl,
+      hasApiKey: !!options.apiKey,
+      hasSessionToken: !!options.sessionToken,
+      providerTokenKeys: options.providerTokens ? Object.keys(options.providerTokens) : [],
+      hasIntegrations: !!options.integrationsHeader,
+      hasContext: !!options.context,
+      runtime,
+      timeoutMs
+    }));
     const cmd = await sandbox.runCommand({
       cmd: "node",
       args: ["user.mjs"],
@@ -540,6 +573,59 @@ function getEnv(key) {
   return;
 }
 
+// ../utils/request-tokens.ts
+async function getProviderTokens(manualTokens) {
+  if (manualTokens) {
+    return manualTokens;
+  }
+  let tokensString = null;
+  if (!tokensString) {
+    try {
+      const getNextHeadersPath = () => {
+        const parts = ["next", "/headers"];
+        return parts.join("");
+      };
+      const nextHeaders = await import(getNextHeadersPath()).catch(() => null);
+      if (nextHeaders && typeof nextHeaders.headers === "function") {
+        const headersList = await Promise.resolve(nextHeaders.headers());
+        tokensString = headersList.get("x-integrate-tokens");
+      }
+    } catch {}
+  }
+  if (!tokensString) {
+    try {
+      const getNuxtHeaders = new Function(`
+        try {
+          if (typeof useRequestHeaders === 'function') {
+            return useRequestHeaders();
+          }
+        } catch {}
+        return null;
+      `);
+      const headers = getNuxtHeaders();
+      if (headers && typeof headers === "object") {
+        tokensString = headers["x-integrate-tokens"];
+      }
+    } catch {}
+  }
+  if (!tokensString) {
+    if (typeof process !== "undefined" && process.env) {
+      tokensString = process.env.PROVIDER_TOKENS;
+    }
+  }
+  if (tokensString) {
+    try {
+      const parsed = JSON.parse(tokensString);
+      if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+        return parsed;
+      }
+    } catch (error) {
+      throw new Error(`Failed to parse provider tokens: ${error instanceof Error ? error.message : "Invalid JSON"}`);
+    }
+  }
+  throw new Error("Provider tokens not found. Please pass tokens manually via options.providerTokens or set the x-integrate-tokens header in your request.");
+}
+
 // tool-builder.ts
 var CODE_MODE_TOOL_NAME = "execute_code";
 var TYPES_TOOL_NAME = "get_integration_types";
@@ -616,11 +702,50 @@ ${generated.compact}`;
       };
     }
     const mcpUrl = publicUrl.replace(/\/$/, "") + "/api/integrate/mcp";
+    let resolvedTokens = providerTokens;
+    let tokenSource = resolvedTokens && Object.keys(resolvedTokens).length > 0 ? "build-time" : "none";
+    if (!resolvedTokens || Object.keys(resolvedTokens).length === 0) {
+      try {
+        resolvedTokens = await getProviderTokens();
+        if (resolvedTokens && Object.keys(resolvedTokens).length > 0) {
+          tokenSource = "request-header";
+        }
+      } catch {}
+    }
+    if (!resolvedTokens || Object.keys(resolvedTokens).length === 0) {
+      const oauthManager = client.oauthManager;
+      if (oauthManager) {
+        resolvedTokens = {};
+        const clientIntegrations = client.integrations || [];
+        for (const integration of clientIntegrations) {
+          if (integration.oauth) {
+            const provider = integration.oauth.provider;
+            try {
+              const tokenData = await oauthManager.getProviderToken(provider, undefined, context);
+              if (tokenData?.accessToken) {
+                resolvedTokens[provider] = tokenData.accessToken;
+              }
+            } catch {}
+          }
+        }
+        if (Object.keys(resolvedTokens).length === 0) {
+          resolvedTokens = undefined;
+        } else {
+          tokenSource = "oauthManager";
+        }
+      }
+    }
+    console.debug("[integrate-sdk] execute_code token resolution:", JSON.stringify({
+      source: tokenSource,
+      keys: resolvedTokens ? Object.keys(resolvedTokens) : [],
+      hasApiKey: !!apiKey,
+      mcpUrl
+    }));
     return executeSandboxCode({
       code,
       mcpUrl,
       apiKey,
-      providerTokens,
+      providerTokens: resolvedTokens,
       context,
       integrationsHeader: integrationIds && integrationIds.length > 0 ? integrationIds.join(",") : undefined,
       runtime: sandboxOverrides.runtime ?? serverCodeModeConfig.runtime,

package/dist/server.js

@@ -1154,6 +1154,59 @@ function getEnv(key) {
   return;
 }
 
+// src/utils/request-tokens.ts
+async function getProviderTokens(manualTokens) {
+  if (manualTokens) {
+    return manualTokens;
+  }
+  let tokensString = null;
+  if (!tokensString) {
+    try {
+      const getNextHeadersPath = () => {
+        const parts = ["next", "/headers"];
+        return parts.join("");
+      };
+      const nextHeaders = await import(getNextHeadersPath()).catch(() => null);
+      if (nextHeaders && typeof nextHeaders.headers === "function") {
+        const headersList = await Promise.resolve(nextHeaders.headers());
+        tokensString = headersList.get("x-integrate-tokens");
+      }
+    } catch {}
+  }
+  if (!tokensString) {
+    try {
+      const getNuxtHeaders = new Function(`
+        try {
+          if (typeof useRequestHeaders === 'function') {
+            return useRequestHeaders();
+          }
+        } catch {}
+        return null;
+      `);
+      const headers = getNuxtHeaders();
+      if (headers && typeof headers === "object") {
+        tokensString = headers["x-integrate-tokens"];
+      }
+    } catch {}
+  }
+  if (!tokensString) {
+    if (typeof process !== "undefined" && process.env) {
+      tokensString = process.env.PROVIDER_TOKENS;
+    }
+  }
+  if (tokensString) {
+    try {
+      const parsed = JSON.parse(tokensString);
+      if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+        return parsed;
+      }
+    } catch (error) {
+      throw new Error(`Failed to parse provider tokens: ${error instanceof Error ? error.message : "Invalid JSON"}`);
+    }
+  }
+  throw new Error("Provider tokens not found. Please pass tokens manually via options.providerTokens or set the x-integrate-tokens header in your request.");
+}
+
 // node_modules/nanoid/url-alphabet/index.js
 var urlAlphabet = "useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";
 var init_url_alphabet = () => {};
@@ -1481,6 +1534,19 @@ if (!MCP_URL) {
   throw new Error('INTEGRATE_MCP_URL is not set — the sandbox cannot reach the MCP route.');
 }
 
+// Diagnostic: log sandbox env summary to stderr so it shows up in the
+// execute_code result's stderr field for debugging auth issues.
+console.error('[sandbox-diag] MCP_URL=' + MCP_URL);
+console.error('[sandbox-diag] HAS_API_KEY=' + !!API_KEY);
+console.error('[sandbox-diag] HAS_SESSION_TOKEN=' + !!SESSION_TOKEN);
+console.error('[sandbox-diag] HAS_PROVIDER_TOKENS=' + !!PROVIDER_TOKENS);
+if (PROVIDER_TOKENS) {
+  try {
+    const _keys = Object.keys(JSON.parse(PROVIDER_TOKENS));
+    console.error('[sandbox-diag] PROVIDER_TOKEN_KEYS=' + _keys.join(','));
+  } catch { console.error('[sandbox-diag] PROVIDER_TOKENS is not valid JSON'); }
+}
+
 function camelToSnake(str) {
   return str.replace(/[A-Z]/g, (letter) => '_' + letter.toLowerCase());
 }
@@ -1496,6 +1562,14 @@ async function callTool(toolName, args) {
   if (INTEGRATIONS_HEADER) headers['x-integrations'] = INTEGRATIONS_HEADER;
   if (CONTEXT_JSON) headers['x-integrate-context'] = CONTEXT_JSON;
 
+  console.error('[sandbox-diag] callTool: ' + toolName + ' → ' + MCP_URL);
+  console.error('[sandbox-diag] headers: ' + JSON.stringify({
+    hasAuth: !!headers['Authorization'],
+    hasApiKey: !!headers['x-integrate-api-key'],
+    hasTokens: !!headers['x-integrate-tokens'],
+    hasCodeMode: !!headers['x-integrate-code-mode'],
+  }));
+
   const res = await fetch(MCP_URL, {
     method: 'POST',
     headers,
@@ -1503,6 +1577,8 @@ async function callTool(toolName, args) {
   });
 
   const text = await res.text();
+  console.error('[sandbox-diag] response: HTTP ' + res.status + ' len=' + text.length);
+
   let payload;
   try {
     payload = text ? JSON.parse(text) : null;
@@ -1694,6 +1770,16 @@ async function executeSandboxCode(options) {
       env.INTEGRATE_INTEGRATIONS = options.integrationsHeader;
     if (options.context)
       env.INTEGRATE_CONTEXT = JSON.stringify(options.context);
+    console.debug("[integrate-sdk] Sandbox env:", JSON.stringify({
+      mcpUrl: options.mcpUrl,
+      hasApiKey: !!options.apiKey,
+      hasSessionToken: !!options.sessionToken,
+      providerTokenKeys: options.providerTokens ? Object.keys(options.providerTokens) : [],
+      hasIntegrations: !!options.integrationsHeader,
+      hasContext: !!options.context,
+      runtime,
+      timeoutMs
+    }));
     const cmd = await sandbox.runCommand({
       cmd: "node",
       args: ["user.mjs"],
@@ -1804,11 +1890,50 @@ ${generated.compact}`;
       };
     }
     const mcpUrl = publicUrl.replace(/\/$/, "") + "/api/integrate/mcp";
+    let resolvedTokens = providerTokens;
+    let tokenSource = resolvedTokens && Object.keys(resolvedTokens).length > 0 ? "build-time" : "none";
+    if (!resolvedTokens || Object.keys(resolvedTokens).length === 0) {
+      try {
+        resolvedTokens = await getProviderTokens();
+        if (resolvedTokens && Object.keys(resolvedTokens).length > 0) {
+          tokenSource = "request-header";
+        }
+      } catch {}
+    }
+    if (!resolvedTokens || Object.keys(resolvedTokens).length === 0) {
+      const oauthManager = client.oauthManager;
+      if (oauthManager) {
+        resolvedTokens = {};
+        const clientIntegrations = client.integrations || [];
+        for (const integration of clientIntegrations) {
+          if (integration.oauth) {
+            const provider = integration.oauth.provider;
+            try {
+              const tokenData = await oauthManager.getProviderToken(provider, undefined, context);
+              if (tokenData?.accessToken) {
+                resolvedTokens[provider] = tokenData.accessToken;
+              }
+            } catch {}
+          }
+        }
+        if (Object.keys(resolvedTokens).length === 0) {
+          resolvedTokens = undefined;
+        } else {
+          tokenSource = "oauthManager";
+        }
+      }
+    }
+    console.debug("[integrate-sdk] execute_code token resolution:", JSON.stringify({
+      source: tokenSource,
+      keys: resolvedTokens ? Object.keys(resolvedTokens) : [],
+      hasApiKey: !!apiKey,
+      mcpUrl
+    }));
     return executeSandboxCode({
       code,
       mcpUrl,
       apiKey,
-      providerTokens,
+      providerTokens: resolvedTokens,
       context,
       integrationsHeader: integrationIds && integrationIds.length > 0 ? integrationIds.join(",") : undefined,
       runtime: sandboxOverrides.runtime ?? serverCodeModeConfig.runtime,
@@ -9683,59 +9808,6 @@ var coerce = {
   date: (arg) => ZodDate.create({ ...arg, coerce: true })
 };
 var NEVER = INVALID;
-// src/utils/request-tokens.ts
-async function getProviderTokens(manualTokens) {
-  if (manualTokens) {
-    return manualTokens;
-  }
-  let tokensString = null;
-  if (!tokensString) {
-    try {
-      const getNextHeadersPath = () => {
-        const parts = ["next", "/headers"];
-        return parts.join("");
-      };
-      const nextHeaders = await import(getNextHeadersPath()).catch(() => null);
-      if (nextHeaders && typeof nextHeaders.headers === "function") {
-        const headersList = await Promise.resolve(nextHeaders.headers());
-        tokensString = headersList.get("x-integrate-tokens");
-      }
-    } catch {}
-  }
-  if (!tokensString) {
-    try {
-      const getNuxtHeaders = new Function(`
-        try {
-          if (typeof useRequestHeaders === 'function') {
-            return useRequestHeaders();
-          }
-        } catch {}
-        return null;
-      `);
-      const headers = getNuxtHeaders();
-      if (headers && typeof headers === "object") {
-        tokensString = headers["x-integrate-tokens"];
-      }
-    } catch {}
-  }
-  if (!tokensString) {
-    if (typeof process !== "undefined" && process.env) {
-      tokensString = process.env.PROVIDER_TOKENS;
-    }
-  }
-  if (tokensString) {
-    try {
-      const parsed = JSON.parse(tokensString);
-      if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
-        return parsed;
-      }
-    } catch (error) {
-      throw new Error(`Failed to parse provider tokens: ${error instanceof Error ? error.message : "Invalid JSON"}`);
-    }
-  }
-  throw new Error("Provider tokens not found. Please pass tokens manually via options.providerTokens or set the x-integrate-tokens header in your request.");
-}
-
 // src/ai/utils.ts
 function getProviderForTool(client, toolName) {
   return client.getProviderForTool?.(toolName);
@@ -12102,6 +12174,23 @@ function createMCPServer(config) {
         const tokensHeader = webRequest.headers.get("x-integrate-tokens");
         const toolName = typeof body?.name === "string" ? body.name : "";
         let tokensResolvedProvider = null;
+        if (codeModeHeader === "1") {
+          logger33.debug("[MCP Code Mode Callback]", JSON.stringify({
+            toolName,
+            hasAuthHeader: !!authHeader,
+            hasTokensHeader: !!tokensHeader,
+            tokenKeys: tokensHeader ? (() => {
+              try {
+                return Object.keys(JSON.parse(tokensHeader));
+              } catch {
+                return "PARSE_ERROR";
+              }
+            })() : [],
+            hasApiKey: !!callbackApiKey,
+            hasContext: !!contextHeader,
+            hasIntegrations: !!integrationsHeader
+          }));
+        }
         if (codeModeHeader === "1" && tokensHeader && toolName) {
           try {
             const tokens = JSON.parse(tokensHeader);