npm - reflex-agent - Versions diffs - 0.2.4 → 0.3.1 - Mend

reflex-agent 0.2.4 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (206) hide show

package/.next/server/chunks/1888.js CHANGED Viewed

	@@ -1 +1 @@
1	- "use strict";exports.id=1888,exports.ids=[94,1223,1888],exports.modules={1223:(a,b,c)=>{c.d(b,{De:()=>u,Dt:()=>s,Sh:()=>r,cL:()=>p,getOAuthTokens:()=>t,gi:()=>v,tY:()=>q});var d=c(73024),e=c(76760),f=c.n(e),g=c(10094),h=c(73652);let i=f().join((0,h._)(),"oauth"),j=f().join(i,"clients"),k=f().join(i,"tokens");function l(a){return f().join(j,`${a}.json`)}function m(a){return f().join(k,`${a}.json`)}async function n(a,b){await d.promises.mkdir(f().dirname(a),{recursive:!0}),await d.promises.writeFile(a,JSON.stringify(b,null,2)+"\n",{encoding:"utf8",mode:384});try{await d.promises.chmod(a,384)}catch{}}async function o(a){try{let b=await d.promises.readFile(a,"utf8");return JSON.parse(b)}catch{return null}}async function p(a,b){let{getOAuthProvider:d}=await Promise.resolve().then(c.bind(c,10094));if(!await d(a))throw Error(`unknown provider: ${a}`);await n(l(a),{...b,updatedAt:new Date().toISOString()})}async function q(a){return o(l(a))}async function r(a){try{await d.promises.unlink(l(a))}catch{}}async function s(a,b){await n(m(a),{...b,updatedAt:new Date().toISOString()})}async function t(a){return o(m(a))}async function u(a){try{await d.promises.unlink(m(a))}catch{}}async function v(){let a=[];for(let b of(await (0,g.E4)())){let c=b.def,d=await q(c.id),e=await t(c.id);a.push({id:c.id,label:c.label,hasClient:!!d,hasTokens:!!e,...e?.expiresAt!==void 0?{expiresAt:e.expiresAt}:{},setupHint:c.setupHint,consoleUrl:c.consoleUrl,origin:b.origin,setupSteps:c.setupSteps})}return a}},10094:(a,b,c)=>{c.d(b,{Cs:()=>n,E4:()=>s,H:()=>w,To:()=>v,getOAuthProvider:()=>t,isOAuthProviderId:()=>u,lL:()=>k,uq:()=>x});var d=c(73024),e=c(48161),f=c.n(e),g=c(76760),h=c.n(g),i=c(56149);let j=i.Ik({title:i.Yj().min(1).max(200),body:i.Yj().max(2e3).optional(),field:i.Yj().max(200).optional(),copy:i.Yj().max(2e3).optional(),choice:i.Yj().max(200).optional()}),k=i.Ik({id:i.Yj().min(1).max(64).regex(/^[a-z][a-z0-9-]$/,"provider id must be kebab-case (e.g. google, dropbox)"),label:i.Yj().min(1).max(120),authorizeUrl:i.Yj().url(),tokenUrl:i.Yj().url(),defaultScopes:i.YO(i.Yj()).default([]),supportsPKCE:i.zM().default(!0),refreshTokenSupported:i.zM().default(!0),extraAuthorizeParams:i.g1(i.Yj(),i.Yj()).default({}),needsClientSecret:i.zM().default(!0),setupHint:i.Yj().default(""),consoleUrl:i.Yj().url(),setupSteps:i.YO(j).default([])}),l={google:{id:"google",label:"Google",authorizeUrl:"https://accounts.google.com/o/oauth2/v2/auth",tokenUrl:"https://oauth2.googleapis.com/token",defaultScopes:["openid","email","https://www.googleapis.com/auth/calendar"],supportsPKCE:!0,refreshTokenSupported:!0,extraAuthorizeParams:{access_type:"offline",prompt:"consent"},needsClientSecret:!0,setupHint:"Если ещё не делал — сначала включи нужный API (Calendar/Gmail/Drive) во вкладке APIs & Services → Library.",consoleUrl:"https://console.cloud.google.com/apis/credentials",setupSteps:[{title:"Открой Google Cloud Console → APIs & Services → Credentials."},{title:"Нажми \xab+ CREATE CREDENTIALS\xbb → \xabOAuth client ID\xbb."},{title:"Application type",choice:"Web application",body:"Не \xabDesktop\xbb — Reflex использует фиксированный localhost-redirect."},{title:"Name — любое, например \xabReflex\xbb."},{title:"Authorized redirect URIs → ADD URI",field:"Authorized redirect URIs",copy:"http://localhost:3210/api/oauth/callback",body:"Точно как есть, без слэша в конце, http (не https)."},{title:"Жми CREATE → откроется попап с Client ID и Client Secret."},{title:"Скопируй сюда оба значения. (Если потерял — открой клиент в Credentials, \xabDownload JSON\xbb или \xabReset secret\xbb.)"},{title:"Перед первым Authorize убедись, что нужный API включён: APIs & Services → Library → Google Calendar API → Enable (для других сервисов — аналогично)."}]},github:{id:"github",label:"GitHub",authorizeUrl:"https://github.com/login/oauth/authorize",tokenUrl:"https://github.com/login/oauth/access_token",defaultScopes:["repo","read:user"],supportsPKCE:!1,refreshTokenSupported:!1,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Личные OAuth Apps живут в Settings → Developer settings.",consoleUrl:"https://github.com/settings/developers",setupSteps:[{title:"Открой github.com/settings/developers → OAuth Apps."},{title:"Нажми \xabNew OAuth App\xbb."},{title:"Application name — что угодно, например \xabReflex\xbb."},{title:"Homepage URL",field:"Homepage URL",copy:"http://localhost:3210"},{title:"Authorization callback URL",field:"Authorization callback URL",copy:"http://localhost:3210/api/oauth/callback"},{title:"Жми \xabRegister application\xbb."},{title:"Скопируй \xabClient ID\xbb отсюда → в Reflex."},{title:"Нажми \xabGenerate a new client secret\xbb, скопируй значение сразу (показывается один раз) → в Reflex."}]},notion:{id:"notion",label:"Notion",authorizeUrl:"https://api.notion.com/v1/oauth/authorize",tokenUrl:"https://api.notion.com/v1/oauth/token",defaultScopes:[],supportsPKCE:!1,refreshTokenSupported:!1,extraAuthorizeParams:{owner:"user"},needsClientSecret:!0,setupHint:"Reflex использует Public integration (с OAuth flow), не Internal.",consoleUrl:"https://www.notion.so/profile/integrations",setupSteps:[{title:"Открой notion.so/profile/integrations → \xab+ New integration\xbb."},{title:"Name — \xabReflex\xbb."},{title:"Associated workspace — твой workspace."},{title:"Type",choice:"Public",body:"Internal не подходит — для OAuth flow нужна публичная integration."},{title:"Submit → integration создана. Перейди на её страницу."},{title:"В разделе \xabOAuth Domain & URIs\xbb → Redirect URIs → Add URI",field:"Redirect URIs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Save."},{title:"В \xabSecrets\xbb скопируй OAuth client ID и OAuth client secret сюда."}]},slack:{id:"slack",label:"Slack",authorizeUrl:"https://slack.com/oauth/v2/authorize",tokenUrl:"https://slack.com/api/oauth.v2.access",defaultScopes:["chat:write","channels:read"],supportsPKCE:!1,refreshTokenSupported:!0,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Scopes по умолчанию (chat:write, channels:read) можно расширить в OAuth & Permissions.",consoleUrl:"https://api.slack.com/apps",setupSteps:[{title:"Открой api.slack.com/apps → \xabCreate New App\xbb → \xabFrom scratch\xbb."},{title:"App Name — \xabReflex\xbb, выбери свой workspace → Create App."},{title:"В левой панели открой \xabOAuth & Permissions\xbb → Redirect URLs → \xabAdd New Redirect URL\xbb",field:"Redirect URLs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Save URLs."},{title:"Под Scopes → User Token Scopes добавь нужные (chat:write, channels:read и т.д. — из defaults Reflex)."},{title:"Вверху страницы Install App → разреши доступ → получишь Client ID и Client Secret в \xabBasic Information\xbb."}]},linear:{id:"linear",label:"Linear",authorizeUrl:"https://linear.app/oauth/authorize",tokenUrl:"https://api.linear.app/oauth/token",defaultScopes:["read","write"],supportsPKCE:!1,refreshTokenSupported:!0,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Личная OAuth-aplication привязывается к твоему workspace.",consoleUrl:"https://linear.app/settings/api/applications/new",setupSteps:[{title:"Открой linear.app/settings/api/applications/new (Settings → API → OAuth applications → Create new)."},{title:"Name — \xabReflex\xbb, описание любое."},{title:"Developer URL",field:"Developer URL",copy:"http://localhost:3210"},{title:"Callback URLs",field:"Callback URLs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Scopes — отметь read + write (или те, что нужны: issues:create и т.п.)."},{title:"Submit → копируй Client ID + Client Secret сюда."}]}},m=Object.keys(l),n="http://localhost:3210/api/oauth/callback",o=h().join(f().homedir(),".reflex","oauth","providers.json"),p=i.Ik({version:i.eu(1),providers:i.YO(k)});async function q(){try{let a=await d.promises.readFile(o,"utf8"),b=p.safeParse(JSON.parse(a));if(!b.success)return{version:1,providers:[]};return b.data}catch{return{version:1,providers:[]}}}async function r(a){await d.promises.mkdir(h().dirname(o),{recursive:!0}),await d.promises.writeFile(o,JSON.stringify(a,null,2)+"\n",{encoding:"utf8",mode:384});try{await d.promises.chmod(o,384)}catch{}}async function s(){let a=await q(),b=new Set(a.providers.map(a=>a.id)),c=[];for(let a of m)b.has(a)\|\|c.push({def:l[a],origin:"builtin"});for(let b of a.providers)c.push({def:b,origin:"user"});return c}async function t(a){let b=await s();return b.find(b=>b.def.id===a)?.def??null}async function u(a){return await t(a)!==null}async function v(a){let b=k.parse(a);if(void 0!==l[b.id])throw Error(`"${b.id}" is a built-in provider id — pick a different slug`);let c=await q();if(c.providers.some(a=>a.id===b.id))throw Error(`provider "${b.id}" already exists`);c.providers.push(b),await r(c)}async function w(a,b){if(void 0!==l[a])throw Error(`cannot edit built-in provider "${a}"`);let c=await q(),d=c.providers.findIndex(b=>b.id===a);if(d<0)throw Error(`provider "${a}" not found`);let e=k.parse({...c.providers[d],...b,id:a});c.providers[d]=e,await r(c)}async function x(a){if(void 0!==l[a])throw Error(`cannot remove built-in provider "${a}"`);let b=await q(),c=b.providers.filter(b=>b.id!==a);c.length!==b.providers.length&&(b.providers=c,await r(b))}},61888:(a,b,c)=>{c.d(b,{b:()=>i,getAccessToken:()=>j});var d=c(77598),e=c(10094),f=c(1223);let g=globalThis.__reflexOAuthPending??new Map;function h(a){return a.toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function i(a,b){let c,i=Date.now()-9e5;for(let[a,b]of g)b.createdAt<i&&g.delete(a);let j=await (0,e.getOAuthProvider)(a);if(!j)throw Error(`unknown provider: ${a}`);let k=await (0,f.tY)(a);if(!k)throw Error(`OAuth client for "${a}" is not configured — set client_id/secret in Settings → OAuth first`);let l=h((0,d.randomBytes)(24)),m=b&&b.length>0?b:k.scopes&&k.scopes.length>0?k.scopes:j.defaultScopes,n=new URLSearchParams({client_id:k.clientId,redirect_uri:e.Cs,response_type:"code",state:l,...m.length>0?{scope:m.join(" ")}:{},...j.extraAuthorizeParams??{}});if(j.supportsPKCE){let{verifier:a,challenge:b}=function(){let a=h((0,d.randomBytes)(32)),b=h((0,d.createHash)("sha256").update(a).digest());return{verifier:a,challenge:b}}();c=a,n.set("code_challenge",b),n.set("code_challenge_method","S256")}g.set(l,{provider:a,...void 0!==c?{codeVerifier:c}:{},scopes:m,createdAt:Date.now()});let o=k.authorizeUrl??j.authorizeUrl;return{authorizeUrl:`${o}?${n.toString()}`,state:l}}async function j(a){let b=await (0,e.getOAuthProvider)(a);if(!b)throw Error(`unknown provider: ${a}`);let c=await (0,f.getOAuthTokens)(a);if(!c)throw Error(`provider "${a}" not authorized — open Settings → OAuth and click Authorize`);if(!(void 0!==c.expiresAt&&c.expiresAt-6e4<Date.now()))return c.accessToken;if(!c.refreshToken)throw Error(`access token for "${a}" expired and no refresh_token — re-authorize`);let d=await (0,f.tY)(a);if(!d)throw Error(`OAuth client for "${a}" is not configured`);let g=new URLSearchParams({grant_type:"refresh_token",refresh_token:c.refreshToken,client_id:d.clientId});b.needsClientSecret&&d.clientSecret&&g.set("client_secret",d.clientSecret);let h=await k(b,d,g),i={accessToken:h.accessToken,refreshToken:h.refreshToken??c.refreshToken,...void 0!==h.expiresAt?{expiresAt:h.expiresAt}:{},...h.scope?{scope:h.scope}:c.scope?{scope:c.scope}:{},...h.tokenType?{tokenType:h.tokenType}:c.tokenType?{tokenType:c.tokenType}:{}};return await (0,f.Dt)(a,i),i.accessToken}async function k(a,b,c){let d,e=b.tokenUrl??a.tokenUrl,f=await fetch(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:c.toString()}),g=await f.text();if(!f.ok)throw Error(`token endpoint HTTP ${f.status}: ${g.slice(0,500)}`);if(g.trim().startsWith("{"))d=JSON.parse(g);else for(let[a,b]of(d={},new URLSearchParams(g)))d[a]=b;if(d.error)throw Error(`OAuth error: ${d.error}${d.error_description?` — ${d.error_description}`:""}`);let h="string"==typeof d.access_token?d.access_token:null;if(!h)throw Error(`token endpoint returned no access_token (${g.slice(0,200)})`);let i="number"==typeof d.expires_in?d.expires_in:"string"==typeof d.expires_in?Number(d.expires_in):void 0;return{accessToken:h,..."string"==typeof d.refresh_token?{refreshToken:d.refresh_token}:{},...void 0!==i&&!Number.isNaN(i)?{expiresAt:Date.now()+1e3i}:{},..."string"==typeof d.scope?{scope:d.scope}:{},..."string"==typeof d.token_type?{tokenType:d.token_type}:{}}}globalThis.__reflexOAuthPending=g}};
1	+ "use strict";exports.id=1888,exports.ids=[94,1223,1888],exports.modules={1223:(a,b,c)=>{c.d(b,{De:()=>u,Dt:()=>s,Sh:()=>r,cL:()=>p,getOAuthTokens:()=>t,gi:()=>v,tY:()=>q});var d=c(73024),e=c(76760),f=c.n(e),g=c(10094),h=c(73652);let i=f().join((0,h._)(),"oauth"),j=f().join(i,"clients"),k=f().join(i,"tokens");function l(a){return f().join(j,`${a}.json`)}function m(a){return f().join(k,`${a}.json`)}async function n(a,b){await d.promises.mkdir(f().dirname(a),{recursive:!0}),await d.promises.writeFile(a,JSON.stringify(b,null,2)+"\n",{encoding:"utf8",mode:384});try{await d.promises.chmod(a,384)}catch{}}async function o(a){try{let b=await d.promises.readFile(a,"utf8");return JSON.parse(b)}catch{return null}}async function p(a,b){let{getOAuthProvider:d}=await Promise.resolve().then(c.bind(c,10094));if(!await d(a))throw Error(`unknown provider: ${a}`);await n(l(a),{...b,updatedAt:new Date().toISOString()})}async function q(a){return o(l(a))}async function r(a){try{await d.promises.unlink(l(a))}catch{}}async function s(a,b){await n(m(a),{...b,updatedAt:new Date().toISOString()})}async function t(a){return o(m(a))}async function u(a){try{await d.promises.unlink(m(a))}catch{}}async function v(){let a=[];for(let b of(await (0,g.E4)())){let c=b.def,d=await q(c.id),e=await t(c.id);a.push({id:c.id,label:c.label,hasClient:!!d,hasTokens:!!e,...e?.expiresAt!==void 0?{expiresAt:e.expiresAt}:{},setupHint:c.setupHint,consoleUrl:c.consoleUrl,origin:b.origin,setupSteps:c.setupSteps})}return a}},10094:(a,b,c)=>{c.d(b,{Cs:()=>n,E4:()=>s,H:()=>w,To:()=>v,getOAuthProvider:()=>t,isOAuthProviderId:()=>u,lL:()=>k,uq:()=>x});var d=c(73024),e=c(48161),f=c.n(e),g=c(76760),h=c.n(g),i=c(56149);let j=i.Ik({title:i.Yj().min(1).max(200),body:i.Yj().max(2e3).optional(),field:i.Yj().max(200).optional(),copy:i.Yj().max(2e3).optional(),choice:i.Yj().max(200).optional()}),k=i.Ik({id:i.Yj().min(1).max(64).regex(/^[a-z][a-z0-9-]$/,"provider id must be kebab-case (e.g. google, dropbox)"),label:i.Yj().min(1).max(120),authorizeUrl:i.Yj().url(),tokenUrl:i.Yj().url(),defaultScopes:i.YO(i.Yj()).default([]),supportsPKCE:i.zM().default(!0),refreshTokenSupported:i.zM().default(!0),extraAuthorizeParams:i.g1(i.Yj(),i.Yj()).default({}),needsClientSecret:i.zM().default(!0),setupHint:i.Yj().default(""),consoleUrl:i.Yj().url(),setupSteps:i.YO(j).default([])}),l={google:{id:"google",label:"Google",authorizeUrl:"https://accounts.google.com/o/oauth2/v2/auth",tokenUrl:"https://oauth2.googleapis.com/token",defaultScopes:["openid","email","https://www.googleapis.com/auth/calendar"],supportsPKCE:!0,refreshTokenSupported:!0,extraAuthorizeParams:{access_type:"offline",prompt:"consent"},needsClientSecret:!0,setupHint:"If you haven't already — first enable the required API (Calendar/Gmail/Drive) under APIs & Services → Library.",consoleUrl:"https://console.cloud.google.com/apis/credentials",setupSteps:[{title:"Open Google Cloud Console → APIs & Services → Credentials."},{title:'Click "+ CREATE CREDENTIALS" → "OAuth client ID".'},{title:"Application type",choice:"Web application",body:'Not "Desktop" — Reflex uses a fixed localhost redirect.'},{title:'Name — anything, e.g. "Reflex".'},{title:"Authorized redirect URIs → ADD URI",field:"Authorized redirect URIs",copy:"http://localhost:3210/api/oauth/callback",body:"Exactly as shown, no trailing slash, http (not https)."},{title:"Hit CREATE → a popup will show the Client ID and Client Secret."},{title:'Copy both values here. (If lost — open the client in Credentials, use "Download JSON" or "Reset secret".)'},{title:"Before the first Authorize, make sure the required API is enabled: APIs & Services → Library → Google Calendar API → Enable (similarly for other services)."}]},github:{id:"github",label:"GitHub",authorizeUrl:"https://github.com/login/oauth/authorize",tokenUrl:"https://github.com/login/oauth/access_token",defaultScopes:["repo","read:user"],supportsPKCE:!1,refreshTokenSupported:!1,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Personal OAuth Apps live in Settings → Developer settings.",consoleUrl:"https://github.com/settings/developers",setupSteps:[{title:"Open github.com/settings/developers → OAuth Apps."},{title:'Click "New OAuth App".'},{title:'Application name — anything, e.g. "Reflex".'},{title:"Homepage URL",field:"Homepage URL",copy:"http://localhost:3210"},{title:"Authorization callback URL",field:"Authorization callback URL",copy:"http://localhost:3210/api/oauth/callback"},{title:'Click "Register application".'},{title:'Copy "Client ID" from here → into Reflex.'},{title:'Click "Generate a new client secret", copy the value immediately (shown only once) → into Reflex.'}]},notion:{id:"notion",label:"Notion",authorizeUrl:"https://api.notion.com/v1/oauth/authorize",tokenUrl:"https://api.notion.com/v1/oauth/token",defaultScopes:[],supportsPKCE:!1,refreshTokenSupported:!1,extraAuthorizeParams:{owner:"user"},needsClientSecret:!0,setupHint:"Reflex uses a Public integration (with OAuth flow), not Internal.",consoleUrl:"https://www.notion.so/profile/integrations",setupSteps:[{title:'Open notion.so/profile/integrations → "+ New integration".'},{title:'Name — "Reflex".'},{title:"Associated workspace — your workspace."},{title:"Type",choice:"Public",body:"Internal doesn't fit — the OAuth flow needs a public integration."},{title:"Submit → integration is created. Go to its page."},{title:'Under "OAuth Domain & URIs" → Redirect URIs → Add URI',field:"Redirect URIs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Save."},{title:'Under "Secrets", copy the OAuth client ID and OAuth client secret here.'}]},slack:{id:"slack",label:"Slack",authorizeUrl:"https://slack.com/oauth/v2/authorize",tokenUrl:"https://slack.com/api/oauth.v2.access",defaultScopes:["chat:write","channels:read"],supportsPKCE:!1,refreshTokenSupported:!0,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"Default scopes (chat:write, channels:read) can be extended in OAuth & Permissions.",consoleUrl:"https://api.slack.com/apps",setupSteps:[{title:'Open api.slack.com/apps → "Create New App" → "From scratch".'},{title:'App Name — "Reflex", pick your workspace → Create App.'},{title:'In the left panel open "OAuth & Permissions" → Redirect URLs → "Add New Redirect URL"',field:"Redirect URLs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Save URLs."},{title:"Under Scopes → User Token Scopes add the required ones (chat:write, channels:read, etc. — from Reflex defaults)."},{title:'At the top of the page click Install App → grant access → you\'ll get Client ID and Client Secret under "Basic Information".'}]},linear:{id:"linear",label:"Linear",authorizeUrl:"https://linear.app/oauth/authorize",tokenUrl:"https://api.linear.app/oauth/token",defaultScopes:["read","write"],supportsPKCE:!1,refreshTokenSupported:!0,extraAuthorizeParams:{},needsClientSecret:!0,setupHint:"A personal OAuth application is tied to your workspace.",consoleUrl:"https://linear.app/settings/api/applications/new",setupSteps:[{title:"Open linear.app/settings/api/applications/new (Settings → API → OAuth applications → Create new)."},{title:'Name — "Reflex", description anything.'},{title:"Developer URL",field:"Developer URL",copy:"http://localhost:3210"},{title:"Callback URLs",field:"Callback URLs",copy:"http://localhost:3210/api/oauth/callback"},{title:"Scopes — check read + write (or whichever you need: issues:create, etc.)."},{title:"Submit → copy Client ID + Client Secret here."}]}},m=Object.keys(l),n="http://localhost:3210/api/oauth/callback",o=h().join(f().homedir(),".reflex","oauth","providers.json"),p=i.Ik({version:i.eu(1),providers:i.YO(k)});async function q(){try{let a=await d.promises.readFile(o,"utf8"),b=p.safeParse(JSON.parse(a));if(!b.success)return{version:1,providers:[]};return b.data}catch{return{version:1,providers:[]}}}async function r(a){await d.promises.mkdir(h().dirname(o),{recursive:!0}),await d.promises.writeFile(o,JSON.stringify(a,null,2)+"\n",{encoding:"utf8",mode:384});try{await d.promises.chmod(o,384)}catch{}}async function s(){let a=await q(),b=new Set(a.providers.map(a=>a.id)),c=[];for(let a of m)b.has(a)\|\|c.push({def:l[a],origin:"builtin"});for(let b of a.providers)c.push({def:b,origin:"user"});return c}async function t(a){let b=await s();return b.find(b=>b.def.id===a)?.def??null}async function u(a){return await t(a)!==null}async function v(a){let b=k.parse(a);if(void 0!==l[b.id])throw Error(`"${b.id}" is a built-in provider id — pick a different slug`);let c=await q();if(c.providers.some(a=>a.id===b.id))throw Error(`provider "${b.id}" already exists`);c.providers.push(b),await r(c)}async function w(a,b){if(void 0!==l[a])throw Error(`cannot edit built-in provider "${a}"`);let c=await q(),d=c.providers.findIndex(b=>b.id===a);if(d<0)throw Error(`provider "${a}" not found`);let e=k.parse({...c.providers[d],...b,id:a});c.providers[d]=e,await r(c)}async function x(a){if(void 0!==l[a])throw Error(`cannot remove built-in provider "${a}"`);let b=await q(),c=b.providers.filter(b=>b.id!==a);c.length!==b.providers.length&&(b.providers=c,await r(b))}},61888:(a,b,c)=>{c.d(b,{b:()=>i,getAccessToken:()=>j});var d=c(77598),e=c(10094),f=c(1223);let g=globalThis.__reflexOAuthPending??new Map;function h(a){return a.toString("base64").replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function i(a,b){let c,i=Date.now()-9e5;for(let[a,b]of g)b.createdAt<i&&g.delete(a);let j=await (0,e.getOAuthProvider)(a);if(!j)throw Error(`unknown provider: ${a}`);let k=await (0,f.tY)(a);if(!k)throw Error(`OAuth client for "${a}" is not configured — set client_id/secret in Settings → OAuth first`);let l=h((0,d.randomBytes)(24)),m=b&&b.length>0?b:k.scopes&&k.scopes.length>0?k.scopes:j.defaultScopes,n=new URLSearchParams({client_id:k.clientId,redirect_uri:e.Cs,response_type:"code",state:l,...m.length>0?{scope:m.join(" ")}:{},...j.extraAuthorizeParams??{}});if(j.supportsPKCE){let{verifier:a,challenge:b}=function(){let a=h((0,d.randomBytes)(32)),b=h((0,d.createHash)("sha256").update(a).digest());return{verifier:a,challenge:b}}();c=a,n.set("code_challenge",b),n.set("code_challenge_method","S256")}g.set(l,{provider:a,...void 0!==c?{codeVerifier:c}:{},scopes:m,createdAt:Date.now()});let o=k.authorizeUrl??j.authorizeUrl;return{authorizeUrl:`${o}?${n.toString()}`,state:l}}async function j(a){let b=await (0,e.getOAuthProvider)(a);if(!b)throw Error(`unknown provider: ${a}`);let c=await (0,f.getOAuthTokens)(a);if(!c)throw Error(`provider "${a}" not authorized — open Settings → OAuth and click Authorize`);if(!(void 0!==c.expiresAt&&c.expiresAt-6e4<Date.now()))return c.accessToken;if(!c.refreshToken)throw Error(`access token for "${a}" expired and no refresh_token — re-authorize`);let d=await (0,f.tY)(a);if(!d)throw Error(`OAuth client for "${a}" is not configured`);let g=new URLSearchParams({grant_type:"refresh_token",refresh_token:c.refreshToken,client_id:d.clientId});b.needsClientSecret&&d.clientSecret&&g.set("client_secret",d.clientSecret);let h=await k(b,d,g),i={accessToken:h.accessToken,refreshToken:h.refreshToken??c.refreshToken,...void 0!==h.expiresAt?{expiresAt:h.expiresAt}:{},...h.scope?{scope:h.scope}:c.scope?{scope:c.scope}:{},...h.tokenType?{tokenType:h.tokenType}:c.tokenType?{tokenType:c.tokenType}:{}};return await (0,f.Dt)(a,i),i.accessToken}async function k(a,b,c){let d,e=b.tokenUrl??a.tokenUrl,f=await fetch(e,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded",Accept:"application/json"},body:c.toString()}),g=await f.text();if(!f.ok)throw Error(`token endpoint HTTP ${f.status}: ${g.slice(0,500)}`);if(g.trim().startsWith("{"))d=JSON.parse(g);else for(let[a,b]of(d={},new URLSearchParams(g)))d[a]=b;if(d.error)throw Error(`OAuth error: ${d.error}${d.error_description?` — ${d.error_description}`:""}`);let h="string"==typeof d.access_token?d.access_token:null;if(!h)throw Error(`token endpoint returned no access_token (${g.slice(0,200)})`);let i="number"==typeof d.expires_in?d.expires_in:"string"==typeof d.expires_in?Number(d.expires_in):void 0;return{accessToken:h,..."string"==typeof d.refresh_token?{refreshToken:d.refresh_token}:{},...void 0!==i&&!Number.isNaN(i)?{expiresAt:Date.now()+1e3i}:{},..."string"==typeof d.scope?{scope:d.scope}:{},..."string"==typeof d.token_type?{tokenType:d.token_type}:{}}}globalThis.__reflexOAuthPending=g}};