npm - reflex-agent - Versions diffs - 0.18.2 → 0.19.0 - Mend

reflex-agent 0.18.2 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (313) hide show

package/.next/server/chunks/1888.js CHANGED Viewed

	@@ -1 +1 @@
1	- "use strict";exports.id=1888,exports.ids=[94,1223,1888],exports.modules={1223:(a,b,c)=>{c.d(b,{De:()=>u,Dt:()=>s,Sh:()=>r,cL:()=>p,getOAuthTokens:()=>t,gi:()=>v,tY:()=>q});var d=c(73024),e=c(76760),f=c.n(e),g=c(10094),h=c(73652);let i=f().join((0,h._)(),"oauth"),j=f().join(i,"clients"),k=f().join(i,"tokens");function l(a){return f().join(j,`${a}.json`)}function m(a){return f().join(k,`${a}.json`)}async function n(a,b){await d.promises.mkdir(f().dirname(a),{recursive:!0}),await d.promises.writeFile(a,JSON.stringify(b,null,2)+"\n",{encoding:"utf8",mode:384});try{await d.promises.chmod(a,384)}catch{}}async function o(a){try{let b=await d.promises.readFile(a,"utf8");return JSON.parse(b)}catch{return null}}async function p(a,b){let{getOAuthProvider:d}=await Promise.resolve().then(c.bind(c,10094));if(!await d(a))throw Error(`unknown provider: ${a}`);await n(l(a),{...b,updatedAt:new Date().toISOString()})}async function q(a){return o(l(a))}async function r(a){try{await d.promises.unlink(l(a))}catch{}}async function s(a,b){await n(m(a),{...b,updatedAt:new Date().toISOString()})}async function t(a){return o(m(a))}async function u(a){try{await d.promises.unlink(m(a))}catch{}}async function v(){let a=[];for(let b of(await (0,g.E4)())){let c=b.def,d=await q(c.id),e=await t(c.id);a.push({id:c.id,label:c.label,hasClient:!!d,hasTokens:!!e,...e?.expiresAt!==void 0?{expiresAt:e.expiresAt}:{},setupHint:c.setupHint,consoleUrl:c.consoleUrl,origin:b.origin,setupSteps:c.setupSteps})}return a}},10094:(a,b,c)=>{c.d(b,{Cs:()=>n,E4:()=>s,H:()=>w,To:()=>v,getOAuthProvider:()=>t,isOAuthProviderId:()=>u,lL:()=>k,uq:()=>x});var d=c(73024),e=c(48161),f=c.n(e),g=c(76760),h=c.n(g),i=c(56149);let j=i.Ik({title:i.Yj().min(1).max(200),body:i.Yj().max(2e3).optional(),field:i.Yj().max(200).optional(),copy:i.Yj().max(2e3).optional(),choice:i.Yj().max(200).optional()}),k=i.Ik({id:i.Yj().min(1).max(64).regex(/^[a-z][a-z0-9-]$/,"provider id must be kebab-case (e.g. google, dropbox)"),label:i.Yj().min(1).max(120),authorizeUrl:i.Yj().url(),tokenUrl:i.Yj().url(),defaultScopes:i.YO(i.Yj()).default([]),supportsPKCE:i.zM().default(!0),refreshTokenSupported:i.zM().default(!0),extraAuthorizeParams:i.g1(i.Yj(),i.Yj()).default({}),needsClientSecret:i.zM().default(!0),setupHint:i.Yj().default(""),consoleUrl:i.Yj().url(),setupSteps:i.YO(j).default([])}),l={google:{id:"google",label:"Google",authorizeUrl:"https://accounts.google.com/o/oauth2/v2/auth",tokenUrl:"https://oauth2.googleapis.com/token",defaultScopes:["openid","email","https://www.googleapis.com/auth/calendar"],supportsPKCE:!0,refreshTokenSupported:!0,extraAuthorizeParams:{access_type:"offline",prompt:"consent"},needsClientSecret:!0,setupHint:"If you haven't already — first enable the required API (Calendar/Gmail/Drive) under APIs & Services → Library.",consoleUrl:"https://console.cloud.google.com/apis/credentials",setupSteps:[{title:"Open Google Cloud Console → APIs & Services → Credentials."},{title:'Click "+ CREATE CREDENTIALS" → "OAuth client ID".'},{title:"Application type",choice:"Web application",body:'Not "Desktop" — Reflex uses a fixed localhost redirect.'},{title:'Name — anything, e.g. "Reflex".'},{title:"Authorized redirect URIs → ADD URI",field:"Authorized redirect URIs",copy:"http://localhost:3210/api/oauth/callback",body:"Exactly as shown, no trailing slash, http (not https)."},{title:"Hit CREATE → a popup will show the Client ID and Client Secret."},{title:'Copy both values here. (If lost — open the client in Credentials, use "Download JSON" or "Reset secret".)'},{title:"Before the first Authorize, make sure the required API is enabled: APIs & Services → Library → Google Calendar API → Enable (similarly for other services)."}]},github:{id:"github",label:"GitHub",authorizeUrl:"https://github.com/login/oauth/authorize",tokenUrl:"https://github.com/login/oauth/access_token",defaultScopes:["repo","read:user"],supportsPKCE:!1,refreshTokenSupported:!1,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Personal OAuth Apps live in Settings → Developer settings.",consoleUrl:"https://github.com/settings/developers",setupSteps:[{title:"Open github.com/settings/developers → OAuth Apps."},{title:'Click "New OAuth App".'},{title:'Application name — anything, e.g. "Reflex".'},{title:"Homepage URL",field:"Homepage URL",copy:"http://localhost:3210"},{title:"Authorization callback URL",field:"Authorization callback URL",copy:"http://localhost:3210/api/oauth/callback"},{title:'Click "Register application".'},{title:'Copy "Client ID" from here → into Reflex.'},{title:'Click "Generate a new client secret", copy the value immediately (shown only once) → into Reflex.'}]},notion:{id:"notion",label:"Notion",authorizeUrl:"https://api.notion.com/v1/oauth/authorize",tokenUrl:"https://api.notion.com/v1/oauth/token",defaultScopes:[],supportsPKCE:!1,refreshTokenSupported:!1,extraAuthorizeParams:{owner:"user"},needsClientSecret:!0,setupHint:"Reflex uses a Public integration (with OAuth flow), not Internal.",consoleUrl:"https://www.notion.so/profile/integrations",setupSteps:[{title:'Open notion.so/profile/integrations → "+ New integration".'},{title:'Name — "Reflex".'},{title:"Associated workspace — your workspace."},{title:"Type",choice:"Public",body:"Internal doesn't fit — the OAuth flow needs a public integration."},{title:"Submit → integration is created. Go to its page."},{title:'Under "OAuth Domain & URIs" → Redirect URIs → Add URI',field:"Redirect URIs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Save."},{title:'Under "Secrets", copy the OAuth client ID and OAuth client secret here.'}]},slack:{id:"slack",label:"Slack",authorizeUrl:"https://slack.com/oauth/v2/authorize",tokenUrl:"https://slack.com/api/oauth.v2.access",defaultScopes:["chat:write","channels:read"],supportsPKCE:!1,refreshTokenSupported:!0,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Default scopes (chat:write, channels:read) can be extended in OAuth & Permissions.",consoleUrl:"https://api.slack.com/apps",setupSteps:[{title:'Open api.slack.com/apps → "Create New App" → "From scratch".'},{title:'App Name — "Reflex", pick your workspace → Create App.'},{title:'In the left panel open "OAuth & Permissions" → Redirect URLs → "Add New Redirect URL"',field:"Redirect URLs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Save URLs."},{title:"Under Scopes → User Token Scopes add the required ones (chat:write, channels:read, etc. — from Reflex defaults)."},{title:'At the top of the page click Install App → grant access → you\'ll get Client ID and Client Secret under "Basic Information".'}]},linear:{id:"linear",label:"Linear",authorizeUrl:"https://linear.app/oauth/authorize",tokenUrl:"https://api.linear.app/oauth/token",defaultScopes:["read","write"],supportsPKCE:!1,refreshTokenSupported:!0,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"A personal OAuth application is tied to your workspace.",consoleUrl:"https://linear.app/settings/api/applications/new",setupSteps:[{title:"Open linear.app/settings/api/applications/new (Settings → API → OAuth applications → Create new)."},{title:'Name — "Reflex", description anything.'},{title:"Developer URL",field:"Developer URL",copy:"http://localhost:3210"},{title:"Callback URLs",field:"Callback URLs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Scopes — check read + write (or whichever you need: issues:create, etc.)."},{title:"Submit → copy Client ID + Client Secret here."}]}},m=Object.keys(l),n="http://localhost:3210/api/oauth/callback",o=h().join(f().homedir(),".reflex","oauth","providers.json"),p=i.Ik({version:i.eu(1),providers:i.YO(k)});async function q(){try{let a=await d.promises.readFile(o,"utf8"),b=p.safeParse(JSON.parse(a));if(!b.success)return{version:1,providers:[]};return b.data}catch{return{version:1,providers:[]}}}async function r(a){await d.promises.mkdir(h().dirname(o),{recursive:!0}),await d.promises.writeFile(o,JSON.stringify(a,null,2)+"\n",{encoding:"utf8",mode:384});try{await d.promises.chmod(o,384)}catch{}}async function s(){let a=await q(),b=new Set(a.providers.map(a=>a.id)),c=[];for(let a of m)b.has(a)\|\|c.push({def:l[a],origin:"builtin"});for(let b of a.providers)c.push({def:b,origin:"user"});return c}async function t(a){let b=await s();return b.find(b=>b.def.id===a)?.def??null}async function u(a){return await t(a)!==null}async function v(a){let b=k.parse(a);if(void 0!==l[b.id])throw Error(`"${b.id}" is a built-in provider id — pick a different slug`);let c=await q();if(c.providers.some(a=>a.id===b.id))throw Error(`provider "${b.id}" already exists`);c.providers.push(b),await r(c)}async function w(a,b){if(void 0!==l[a])throw Error(`cannot edit built-in provider "${a}"`);let c=await q(),d=c.providers.findIndex(b=>b.id===a);if(d<0)throw Error(`provider "${a}" not found`);let e=k.parse({...c.providers[d],...b,id:a});c.providers[d]=e,await r(c)}async function x(a){if(void 0!==l[a])throw Error(`cannot remove built-in provider "${a}"`);let b=await q(),c=b.providers.filter(b=>b.id!==a);c.length!==b.providers.length&&(b.providers=c,await r(b))}},61888:(a,b,c)=>{c.d(b,{b:()=>i,getAccessToken:()=>j});var d=c(77598),e=c(10094),f=c(1223);let g=globalThis.__reflexOAuthPending??new Map;function h(a){return a.toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function i(a,b){let c,i=Date.now()-9e5;for(let[a,b]of g)b.createdAt<i&&g.delete(a);let j=await (0,e.getOAuthProvider)(a);if(!j)throw Error(`unknown provider: ${a}`);let k=await (0,f.tY)(a);if(!k)throw Error(`OAuth client for "${a}" is not configured — set client_id/secret in Settings → OAuth first`);let l=h((0,d.randomBytes)(24)),m=b&&b.length>0?b:k.scopes&&k.scopes.length>0?k.scopes:j.defaultScopes,n=new URLSearchParams({client_id:k.clientId,redirect_uri:e.Cs,response_type:"code",state:l,...m.length>0?{scope:m.join(" ")}:{},...j.extraAuthorizeParams??{}});if(j.supportsPKCE){let{verifier:a,challenge:b}=function(){let a=h((0,d.randomBytes)(32)),b=h((0,d.createHash)("sha256").update(a).digest());return{verifier:a,challenge:b}}();c=a,n.set("code_challenge",b),n.set("code_challenge_method","S256")}g.set(l,{provider:a,...void 0!==c?{codeVerifier:c}:{},scopes:m,createdAt:Date.now()});let o=k.authorizeUrl??j.authorizeUrl;return{authorizeUrl:`${o}?${n.toString()}`,state:l}}async function j(a){let b=await (0,e.getOAuthProvider)(a);if(!b)throw Error(`unknown provider: ${a}`);let c=await (0,f.getOAuthTokens)(a);if(!c)throw Error(`provider "${a}" not authorized — open Settings → OAuth and click Authorize`);if(!(void 0!==c.expiresAt&&c.expiresAt-6e4<Date.now()))return c.accessToken;if(!c.refreshToken)throw Error(`access token for "${a}" expired and no refresh_token — re-authorize`);let d=await (0,f.tY)(a);if(!d)throw Error(`OAuth client for "${a}" is not configured`);let g=new URLSearchParams({grant_type:"refresh_token",refresh_token:c.refreshToken,client_id:d.clientId});b.needsClientSecret&&d.clientSecret&&g.set("client_secret",d.clientSecret);let h=await k(b,d,g),i={accessToken:h.accessToken,refreshToken:h.refreshToken??c.refreshToken,...void 0!==h.expiresAt?{expiresAt:h.expiresAt}:{},...h.scope?{scope:h.scope}:c.scope?{scope:c.scope}:{},...h.tokenType?{tokenType:h.tokenType}:c.tokenType?{tokenType:c.tokenType}:{}};return await (0,f.Dt)(a,i),i.accessToken}async function k(a,b,c){let d,e=b.tokenUrl??a.tokenUrl,f=await fetch(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:c.toString()}),g=await f.text();if(!f.ok)throw Error(`token endpoint HTTP ${f.status}: ${g.slice(0,500)}`);if(g.trim().startsWith("{"))d=JSON.parse(g);else for(let[a,b]of(d={},new URLSearchParams(g)))d[a]=b;if(d.error)throw Error(`OAuth error: ${d.error}${d.error_description?` — ${d.error_description}`:""}`);let h="string"==typeof d.access_token?d.access_token:null;if(!h)throw Error(`token endpoint returned no access_token (${g.slice(0,200)})`);let i="number"==typeof d.expires_in?d.expires_in:"string"==typeof d.expires_in?Number(d.expires_in):void 0;return{accessToken:h,..."string"==typeof d.refresh_token?{refreshToken:d.refresh_token}:{},...void 0!==i&&!Number.isNaN(i)?{expiresAt:Date.now()+1e3i}:{},..."string"==typeof d.scope?{scope:d.scope}:{},..."string"==typeof d.token_type?{tokenType:d.token_type}:{}}}globalThis.__reflexOAuthPending=g}};
1	+ "use strict";exports.id=1888,exports.ids=[94,1223,1888],exports.modules={1223:(a,b,c)=>{c.d(b,{De:()=>v,Dt:()=>t,Sh:()=>s,cL:()=>q,getOAuthTokens:()=>u,gi:()=>w,tY:()=>r});var d=c(73024),e=c(76760),f=c.n(e),g=c(10094),h=c(73652),i=c(40917);let j=f().join((0,h._)(),"oauth"),k=f().join(j,"clients"),l=f().join(j,"tokens");function m(a){return f().join(k,`${a}.json`)}function n(a){return f().join(l,`${a}.json`)}async function o(a,b){await (0,i.An)(a,b,{mode:384})}async function p(a){try{let b=await d.promises.readFile(a,"utf8");return JSON.parse(b)}catch{return null}}async function q(a,b){let{getOAuthProvider:d}=await Promise.resolve().then(c.bind(c,10094));if(!await d(a))throw Error(`unknown provider: ${a}`);await o(m(a),{...b,updatedAt:new Date().toISOString()})}async function r(a){return p(m(a))}async function s(a){try{await d.promises.unlink(m(a))}catch{}}async function t(a,b){await o(n(a),{...b,updatedAt:new Date().toISOString()})}async function u(a){return p(n(a))}async function v(a){try{await d.promises.unlink(n(a))}catch{}}async function w(){let a=[];for(let b of(await (0,g.E4)())){let c=b.def,d=await r(c.id),e=await u(c.id);a.push({id:c.id,label:c.label,hasClient:!!d,hasTokens:!!e,...e?.expiresAt!==void 0?{expiresAt:e.expiresAt}:{},setupHint:c.setupHint,consoleUrl:c.consoleUrl,origin:b.origin,setupSteps:c.setupSteps})}return a}},10094:(a,b,c)=>{c.d(b,{Cs:()=>n,E4:()=>s,H:()=>w,To:()=>v,getOAuthProvider:()=>t,isOAuthProviderId:()=>u,lL:()=>k,uq:()=>x});var d=c(73024),e=c(48161),f=c.n(e),g=c(76760),h=c.n(g),i=c(56149);let j=i.Ik({title:i.Yj().min(1).max(200),body:i.Yj().max(2e3).optional(),field:i.Yj().max(200).optional(),copy:i.Yj().max(2e3).optional(),choice:i.Yj().max(200).optional()}),k=i.Ik({id:i.Yj().min(1).max(64).regex(/^[a-z][a-z0-9-]$/,"provider id must be kebab-case (e.g. google, dropbox)"),label:i.Yj().min(1).max(120),authorizeUrl:i.Yj().url(),tokenUrl:i.Yj().url(),defaultScopes:i.YO(i.Yj()).default([]),supportsPKCE:i.zM().default(!0),refreshTokenSupported:i.zM().default(!0),extraAuthorizeParams:i.g1(i.Yj(),i.Yj()).default({}),needsClientSecret:i.zM().default(!0),setupHint:i.Yj().default(""),consoleUrl:i.Yj().url(),setupSteps:i.YO(j).default([])}),l={google:{id:"google",label:"Google",authorizeUrl:"https://accounts.google.com/o/oauth2/v2/auth",tokenUrl:"https://oauth2.googleapis.com/token",defaultScopes:["openid","email","https://www.googleapis.com/auth/calendar"],supportsPKCE:!0,refreshTokenSupported:!0,extraAuthorizeParams:{access_type:"offline",prompt:"consent"},needsClientSecret:!0,setupHint:"If you haven't already — first enable the required API (Calendar/Gmail/Drive) under APIs & Services → Library.",consoleUrl:"https://console.cloud.google.com/apis/credentials",setupSteps:[{title:"Open Google Cloud Console → APIs & Services → Credentials."},{title:'Click "+ CREATE CREDENTIALS" → "OAuth client ID".'},{title:"Application type",choice:"Web application",body:'Not "Desktop" — Reflex uses a fixed localhost redirect.'},{title:'Name — anything, e.g. "Reflex".'},{title:"Authorized redirect URIs → ADD URI",field:"Authorized redirect URIs",copy:"http://localhost:3210/api/oauth/callback",body:"Exactly as shown, no trailing slash, http (not https)."},{title:"Hit CREATE → a popup will show the Client ID and Client Secret."},{title:'Copy both values here. (If lost — open the client in Credentials, use "Download JSON" or "Reset secret".)'},{title:"Before the first Authorize, make sure the required API is enabled: APIs & Services → Library → Google Calendar API → Enable (similarly for other services)."}]},github:{id:"github",label:"GitHub",authorizeUrl:"https://github.com/login/oauth/authorize",tokenUrl:"https://github.com/login/oauth/access_token",defaultScopes:["repo","read:user"],supportsPKCE:!1,refreshTokenSupported:!1,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Personal OAuth Apps live in Settings → Developer settings.",consoleUrl:"https://github.com/settings/developers",setupSteps:[{title:"Open github.com/settings/developers → OAuth Apps."},{title:'Click "New OAuth App".'},{title:'Application name — anything, e.g. "Reflex".'},{title:"Homepage URL",field:"Homepage URL",copy:"http://localhost:3210"},{title:"Authorization callback URL",field:"Authorization callback URL",copy:"http://localhost:3210/api/oauth/callback"},{title:'Click "Register application".'},{title:'Copy "Client ID" from here → into Reflex.'},{title:'Click "Generate a new client secret", copy the value immediately (shown only once) → into Reflex.'}]},notion:{id:"notion",label:"Notion",authorizeUrl:"https://api.notion.com/v1/oauth/authorize",tokenUrl:"https://api.notion.com/v1/oauth/token",defaultScopes:[],supportsPKCE:!1,refreshTokenSupported:!1,extraAuthorizeParams:{owner:"user"},needsClientSecret:!0,setupHint:"Reflex uses a Public integration (with OAuth flow), not Internal.",consoleUrl:"https://www.notion.so/profile/integrations",setupSteps:[{title:'Open notion.so/profile/integrations → "+ New integration".'},{title:'Name — "Reflex".'},{title:"Associated workspace — your workspace."},{title:"Type",choice:"Public",body:"Internal doesn't fit — the OAuth flow needs a public integration."},{title:"Submit → integration is created. Go to its page."},{title:'Under "OAuth Domain & URIs" → Redirect URIs → Add URI',field:"Redirect URIs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Save."},{title:'Under "Secrets", copy the OAuth client ID and OAuth client secret here.'}]},slack:{id:"slack",label:"Slack",authorizeUrl:"https://slack.com/oauth/v2/authorize",tokenUrl:"https://slack.com/api/oauth.v2.access",defaultScopes:["chat:write","channels:read"],supportsPKCE:!1,refreshTokenSupported:!0,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Default scopes (chat:write, channels:read) can be extended in OAuth & Permissions.",consoleUrl:"https://api.slack.com/apps",setupSteps:[{title:'Open api.slack.com/apps → "Create New App" → "From scratch".'},{title:'App Name — "Reflex", pick your workspace → Create App.'},{title:'In the left panel open "OAuth & Permissions" → Redirect URLs → "Add New Redirect URL"',field:"Redirect URLs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Save URLs."},{title:"Under Scopes → User Token Scopes add the required ones (chat:write, channels:read, etc. — from Reflex defaults)."},{title:'At the top of the page click Install App → grant access → you\'ll get Client ID and Client Secret under "Basic Information".'}]},linear:{id:"linear",label:"Linear",authorizeUrl:"https://linear.app/oauth/authorize",tokenUrl:"https://api.linear.app/oauth/token",defaultScopes:["read","write"],supportsPKCE:!1,refreshTokenSupported:!0,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"A personal OAuth application is tied to your workspace.",consoleUrl:"https://linear.app/settings/api/applications/new",setupSteps:[{title:"Open linear.app/settings/api/applications/new (Settings → API → OAuth applications → Create new)."},{title:'Name — "Reflex", description anything.'},{title:"Developer URL",field:"Developer URL",copy:"http://localhost:3210"},{title:"Callback URLs",field:"Callback URLs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Scopes — check read + write (or whichever you need: issues:create, etc.)."},{title:"Submit → copy Client ID + Client Secret here."}]}},m=Object.keys(l),n="http://localhost:3210/api/oauth/callback",o=h().join(f().homedir(),".reflex","oauth","providers.json"),p=i.Ik({version:i.eu(1),providers:i.YO(k)});async function q(){try{let a=await d.promises.readFile(o,"utf8"),b=p.safeParse(JSON.parse(a));if(!b.success)return{version:1,providers:[]};return b.data}catch{return{version:1,providers:[]}}}async function r(a){await d.promises.mkdir(h().dirname(o),{recursive:!0}),await d.promises.writeFile(o,JSON.stringify(a,null,2)+"\n",{encoding:"utf8",mode:384});try{await d.promises.chmod(o,384)}catch{}}async function s(){let a=await q(),b=new Set(a.providers.map(a=>a.id)),c=[];for(let a of m)b.has(a)\|\|c.push({def:l[a],origin:"builtin"});for(let b of a.providers)c.push({def:b,origin:"user"});return c}async function t(a){let b=await s();return b.find(b=>b.def.id===a)?.def??null}async function u(a){return await t(a)!==null}async function v(a){let b=k.parse(a);if(void 0!==l[b.id])throw Error(`"${b.id}" is a built-in provider id — pick a different slug`);let c=await q();if(c.providers.some(a=>a.id===b.id))throw Error(`provider "${b.id}" already exists`);c.providers.push(b),await r(c)}async function w(a,b){if(void 0!==l[a])throw Error(`cannot edit built-in provider "${a}"`);let c=await q(),d=c.providers.findIndex(b=>b.id===a);if(d<0)throw Error(`provider "${a}" not found`);let e=k.parse({...c.providers[d],...b,id:a});c.providers[d]=e,await r(c)}async function x(a){if(void 0!==l[a])throw Error(`cannot remove built-in provider "${a}"`);let b=await q(),c=b.providers.filter(b=>b.id!==a);c.length!==b.providers.length&&(b.providers=c,await r(b))}},61888:(a,b,c)=>{c.d(b,{b:()=>i,getAccessToken:()=>j});var d=c(77598),e=c(10094),f=c(1223);let g=globalThis.__reflexOAuthPending??new Map;function h(a){return a.toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function i(a,b){let c,i=Date.now()-9e5;for(let[a,b]of g)b.createdAt<i&&g.delete(a);let j=await (0,e.getOAuthProvider)(a);if(!j)throw Error(`unknown provider: ${a}`);let k=await (0,f.tY)(a);if(!k)throw Error(`OAuth client for "${a}" is not configured — set client_id/secret in Settings → OAuth first`);let l=h((0,d.randomBytes)(24)),m=b&&b.length>0?b:k.scopes&&k.scopes.length>0?k.scopes:j.defaultScopes,n=new URLSearchParams({client_id:k.clientId,redirect_uri:e.Cs,response_type:"code",state:l,...m.length>0?{scope:m.join(" ")}:{},...j.extraAuthorizeParams??{}});if(j.supportsPKCE){let{verifier:a,challenge:b}=function(){let a=h((0,d.randomBytes)(32)),b=h((0,d.createHash)("sha256").update(a).digest());return{verifier:a,challenge:b}}();c=a,n.set("code_challenge",b),n.set("code_challenge_method","S256")}g.set(l,{provider:a,...void 0!==c?{codeVerifier:c}:{},scopes:m,createdAt:Date.now()});let o=k.authorizeUrl??j.authorizeUrl;return{authorizeUrl:`${o}?${n.toString()}`,state:l}}async function j(a){let b=await (0,e.getOAuthProvider)(a);if(!b)throw Error(`unknown provider: ${a}`);let c=await (0,f.getOAuthTokens)(a);if(!c)throw Error(`provider "${a}" not authorized — open Settings → OAuth and click Authorize`);if(!(void 0!==c.expiresAt&&c.expiresAt-6e4<Date.now()))return c.accessToken;if(!c.refreshToken)throw Error(`access token for "${a}" expired and no refresh_token — re-authorize`);let d=await (0,f.tY)(a);if(!d)throw Error(`OAuth client for "${a}" is not configured`);let g=new URLSearchParams({grant_type:"refresh_token",refresh_token:c.refreshToken,client_id:d.clientId});b.needsClientSecret&&d.clientSecret&&g.set("client_secret",d.clientSecret);let h=await k(b,d,g),i={accessToken:h.accessToken,refreshToken:h.refreshToken??c.refreshToken,...void 0!==h.expiresAt?{expiresAt:h.expiresAt}:{},...h.scope?{scope:h.scope}:c.scope?{scope:c.scope}:{},...h.tokenType?{tokenType:h.tokenType}:c.tokenType?{tokenType:c.tokenType}:{}};return await (0,f.Dt)(a,i),i.accessToken}async function k(a,b,c){let d,e=b.tokenUrl??a.tokenUrl,f=await fetch(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:c.toString()}),g=await f.text();if(!f.ok)throw Error(`token endpoint HTTP ${f.status}: ${g.slice(0,500)}`);if(g.trim().startsWith("{"))d=JSON.parse(g);else for(let[a,b]of(d={},new URLSearchParams(g)))d[a]=b;if(d.error)throw Error(`OAuth error: ${d.error}${d.error_description?` — ${d.error_description}`:""}`);let h="string"==typeof d.access_token?d.access_token:null;if(!h)throw Error(`token endpoint returned no access_token (${g.slice(0,200)})`);let i="number"==typeof d.expires_in?d.expires_in:"string"==typeof d.expires_in?Number(d.expires_in):void 0;return{accessToken:h,..."string"==typeof d.refresh_token?{refreshToken:d.refresh_token}:{},...void 0!==i&&!Number.isNaN(i)?{expiresAt:Date.now()+1e3i}:{},..."string"==typeof d.scope?{scope:d.scope}:{},..."string"==typeof d.token_type?{tokenType:d.token_type}:{}}}globalThis.__reflexOAuthPending=g}};