studiograph 1.3.48-next.2 → 1.3.48-next.201
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -16
- package/dist/agent/agent-pool.d.ts +117 -0
- package/dist/agent/agent-pool.js +287 -0
- package/dist/agent/agent-pool.js.map +1 -0
- package/dist/agent/followups.d.ts +34 -0
- package/dist/agent/followups.js +52 -0
- package/dist/agent/followups.js.map +1 -0
- package/dist/agent/orchestrator.d.ts +113 -22
- package/dist/agent/orchestrator.js +574 -181
- package/dist/agent/orchestrator.js.map +1 -1
- package/dist/agent/prompts/entity-types-section.d.ts +34 -0
- package/dist/agent/prompts/entity-types-section.js +76 -0
- package/dist/agent/prompts/entity-types-section.js.map +1 -0
- package/dist/agent/prompts/system.md +147 -69
- package/dist/agent/skill-loader.d.ts +30 -17
- package/dist/agent/skill-loader.js +63 -30
- package/dist/agent/skill-loader.js.map +1 -1
- package/dist/agent/skills/entity-schema.md +77 -433
- package/dist/agent/skills/interview/entity-templates.md +193 -0
- package/dist/agent/skills/interview/question-domains.md +391 -0
- package/dist/agent/skills/interview/skill.md +204 -0
- package/dist/agent/skills/schema-rules.md +54 -0
- package/dist/agent/tools/capture-tools.d.ts +31 -0
- package/dist/agent/tools/capture-tools.js +40 -0
- package/dist/agent/tools/capture-tools.js.map +1 -0
- package/dist/agent/tools/folder-tools.d.ts +47 -0
- package/dist/agent/tools/folder-tools.js +249 -0
- package/dist/agent/tools/folder-tools.js.map +1 -0
- package/dist/agent/tools/fs-tools.d.ts +7 -6
- package/dist/agent/tools/fs-tools.js +5 -4
- package/dist/agent/tools/fs-tools.js.map +1 -1
- package/dist/agent/tools/graph-tools.d.ts +21 -58
- package/dist/agent/tools/graph-tools.js +664 -333
- package/dist/agent/tools/graph-tools.js.map +1 -1
- package/dist/agent/tools/history-tools.d.ts +95 -0
- package/dist/agent/tools/history-tools.js +461 -0
- package/dist/agent/tools/history-tools.js.map +1 -0
- package/dist/agent/tools/load-skill.d.ts +6 -5
- package/dist/agent/tools/load-skill.js +3 -3
- package/dist/agent/tools/load-skill.js.map +1 -1
- package/dist/agent/tools/ops-tools.d.ts +5 -4
- package/dist/agent/tools/ops-tools.js +130 -236
- package/dist/agent/tools/ops-tools.js.map +1 -1
- package/dist/agent/tools/permission-tools.d.ts +87 -17
- package/dist/agent/tools/permission-tools.js +233 -38
- package/dist/agent/tools/permission-tools.js.map +1 -1
- package/dist/agent/tools/tool-loader.js +5 -4
- package/dist/agent/tools/tool-loader.js.map +1 -1
- package/dist/agent/tools/web-tools.js +58 -9
- package/dist/agent/tools/web-tools.js.map +1 -1
- package/dist/cli/commands/about.d.ts +1 -0
- package/dist/cli/commands/about.js +55 -3
- package/dist/cli/commands/about.js.map +1 -1
- package/dist/cli/commands/admin/audit-workspace.d.ts +23 -0
- package/dist/cli/commands/admin/audit-workspace.js +133 -0
- package/dist/cli/commands/admin/audit-workspace.js.map +1 -0
- package/dist/cli/commands/admin/audit.d.ts +21 -0
- package/dist/cli/commands/admin/audit.js +174 -0
- package/dist/cli/commands/admin/audit.js.map +1 -0
- package/dist/cli/commands/admin/backup.d.ts +54 -0
- package/dist/cli/commands/admin/backup.js +207 -0
- package/dist/cli/commands/admin/backup.js.map +1 -0
- package/dist/cli/commands/admin/folder.d.ts +11 -0
- package/dist/cli/commands/admin/folder.js +186 -0
- package/dist/cli/commands/admin/folder.js.map +1 -0
- package/dist/cli/commands/admin/index.d.ts +16 -0
- package/dist/cli/commands/admin/index.js +46 -0
- package/dist/cli/commands/admin/index.js.map +1 -0
- package/dist/cli/commands/admin/migrate-assets.d.ts +53 -0
- package/dist/cli/commands/admin/migrate-assets.js +184 -0
- package/dist/cli/commands/admin/migrate-assets.js.map +1 -0
- package/dist/cli/commands/admin/migrate.d.ts +56 -0
- package/dist/cli/commands/admin/migrate.js +263 -0
- package/dist/cli/commands/admin/migrate.js.map +1 -0
- package/dist/cli/commands/admin/restore.d.ts +24 -0
- package/dist/cli/commands/admin/restore.js +228 -0
- package/dist/cli/commands/admin/restore.js.map +1 -0
- package/dist/cli/commands/admin/secrets.d.ts +23 -0
- package/dist/cli/commands/admin/secrets.js +256 -0
- package/dist/cli/commands/admin/secrets.js.map +1 -0
- package/dist/cli/commands/admin/settings.d.ts +28 -0
- package/dist/cli/commands/admin/settings.js +284 -0
- package/dist/cli/commands/admin/settings.js.map +1 -0
- package/dist/cli/commands/admin/token.d.ts +42 -0
- package/dist/cli/commands/admin/token.js +126 -0
- package/dist/cli/commands/admin/token.js.map +1 -0
- package/dist/cli/commands/admin/transfer-ownership.d.ts +15 -0
- package/dist/cli/commands/admin/transfer-ownership.js +106 -0
- package/dist/cli/commands/admin/transfer-ownership.js.map +1 -0
- package/dist/cli/commands/admin/user.d.ts +11 -0
- package/dist/cli/commands/admin/user.js +187 -0
- package/dist/cli/commands/admin/user.js.map +1 -0
- package/dist/cli/commands/clone.d.ts +25 -3
- package/dist/cli/commands/clone.js +142 -36
- package/dist/cli/commands/clone.js.map +1 -1
- package/dist/cli/commands/commit.d.ts +1 -1
- package/dist/cli/commands/commit.js +24 -11
- package/dist/cli/commands/commit.js.map +1 -1
- package/dist/cli/commands/config.d.ts +23 -107
- package/dist/cli/commands/config.js +52 -260
- package/dist/cli/commands/config.js.map +1 -1
- package/dist/cli/commands/connector.d.ts +10 -13
- package/dist/cli/commands/connector.js +16 -58
- package/dist/cli/commands/connector.js.map +1 -1
- package/dist/cli/commands/deploy.js +215 -68
- package/dist/cli/commands/deploy.js.map +1 -1
- package/dist/cli/commands/index.js +2 -2
- package/dist/cli/commands/index.js.map +1 -1
- package/dist/cli/commands/init.js +10 -30
- package/dist/cli/commands/init.js.map +1 -1
- package/dist/cli/commands/mcp.js +12 -4
- package/dist/cli/commands/mcp.js.map +1 -1
- package/dist/cli/commands/orphans.js +14 -30
- package/dist/cli/commands/orphans.js.map +1 -1
- package/dist/cli/commands/r2.d.ts +3 -0
- package/dist/cli/commands/r2.js +223 -204
- package/dist/cli/commands/r2.js.map +1 -1
- package/dist/cli/commands/redeploy.js +65 -12
- package/dist/cli/commands/redeploy.js.map +1 -1
- package/dist/cli/commands/reset.d.ts +22 -6
- package/dist/cli/commands/reset.js +142 -63
- package/dist/cli/commands/reset.js.map +1 -1
- package/dist/cli/commands/serve.js +218 -24
- package/dist/cli/commands/serve.js.map +1 -1
- package/dist/cli/commands/sync.d.ts +1 -1
- package/dist/cli/commands/sync.js +372 -202
- package/dist/cli/commands/sync.js.map +1 -1
- package/dist/cli/crypto-bundle.d.ts +39 -0
- package/dist/cli/crypto-bundle.js +94 -0
- package/dist/cli/crypto-bundle.js.map +1 -0
- package/dist/cli/index.js +24 -35
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/railway-pin.d.ts +68 -0
- package/dist/cli/railway-pin.js +96 -0
- package/dist/cli/railway-pin.js.map +1 -0
- package/dist/cli/railway-provisioning.d.ts +53 -0
- package/dist/cli/railway-provisioning.js +85 -0
- package/dist/cli/railway-provisioning.js.map +1 -0
- package/dist/cli/setup-wizard.d.ts +33 -52
- package/dist/cli/setup-wizard.js +43 -68
- package/dist/cli/setup-wizard.js.map +1 -1
- package/dist/core/accent-palette.d.ts +22 -0
- package/dist/core/accent-palette.js +47 -0
- package/dist/core/accent-palette.js.map +1 -0
- package/dist/core/cell-anchor.d.ts +29 -0
- package/dist/core/cell-anchor.js +53 -0
- package/dist/core/cell-anchor.js.map +1 -0
- package/dist/core/comment-anchor.d.ts +41 -0
- package/dist/core/comment-anchor.js +147 -0
- package/dist/core/comment-anchor.js.map +1 -0
- package/dist/core/commit-messages.d.ts +57 -0
- package/dist/core/commit-messages.js +85 -0
- package/dist/core/commit-messages.js.map +1 -0
- package/dist/core/embeds.d.ts +77 -0
- package/dist/core/embeds.js +147 -0
- package/dist/core/embeds.js.map +1 -0
- package/dist/core/entity-body-templates.d.ts +21 -0
- package/dist/core/entity-body-templates.js +53 -0
- package/dist/core/entity-body-templates.js.map +1 -0
- package/dist/core/entity-types-catalog.d.ts +65 -0
- package/dist/core/entity-types-catalog.js +140 -0
- package/dist/core/entity-types-catalog.js.map +1 -0
- package/dist/core/folder-paths.d.ts +41 -0
- package/dist/core/folder-paths.js +95 -0
- package/dist/core/folder-paths.js.map +1 -0
- package/dist/core/folder-sidecar.d.ts +36 -0
- package/dist/core/folder-sidecar.js +91 -0
- package/dist/core/folder-sidecar.js.map +1 -0
- package/dist/core/format-registry.d.ts +170 -0
- package/dist/core/format-registry.js +404 -0
- package/dist/core/format-registry.js.map +1 -0
- package/dist/core/graph.d.ts +731 -14
- package/dist/core/graph.js +2202 -315
- package/dist/core/graph.js.map +1 -1
- package/dist/core/history-diff.d.ts +35 -0
- package/dist/core/history-diff.js +114 -0
- package/dist/core/history-diff.js.map +1 -0
- package/dist/core/refs.d.ts +41 -0
- package/dist/core/refs.js +80 -0
- package/dist/core/refs.js.map +1 -0
- package/dist/core/schema-registry.d.ts +82 -0
- package/dist/core/schema-registry.js +238 -0
- package/dist/core/schema-registry.js.map +1 -1
- package/dist/core/schemas/connector.d.ts +67 -0
- package/dist/core/schemas/connector.js +100 -0
- package/dist/core/schemas/connector.js.map +1 -0
- package/dist/core/schemas/workspace.d.ts +122 -0
- package/dist/core/schemas/workspace.js +211 -0
- package/dist/core/schemas/workspace.js.map +1 -0
- package/dist/core/secrets/SecretStore.d.ts +77 -0
- package/dist/core/secrets/SecretStore.js +13 -0
- package/dist/core/secrets/SecretStore.js.map +1 -0
- package/dist/core/secrets/SettingsResolver.d.ts +54 -0
- package/dist/core/secrets/SettingsResolver.js +80 -0
- package/dist/core/secrets/SettingsResolver.js.map +1 -0
- package/dist/core/secrets/SettingsStore.d.ts +30 -0
- package/dist/core/secrets/SettingsStore.js +9 -0
- package/dist/core/secrets/SettingsStore.js.map +1 -0
- package/dist/core/secrets/SqliteEncryptedStore.d.ts +90 -0
- package/dist/core/secrets/SqliteEncryptedStore.js +598 -0
- package/dist/core/secrets/SqliteEncryptedStore.js.map +1 -0
- package/dist/core/secrets/audit.d.ts +36 -0
- package/dist/core/secrets/audit.js +60 -0
- package/dist/core/secrets/audit.js.map +1 -0
- package/dist/core/secrets/auth-db-migration.d.ts +129 -0
- package/dist/core/secrets/auth-db-migration.js +653 -0
- package/dist/core/secrets/auth-db-migration.js.map +1 -0
- package/dist/core/secrets/bundle.d.ts +141 -0
- package/dist/core/secrets/bundle.js +435 -0
- package/dist/core/secrets/bundle.js.map +1 -0
- package/dist/core/secrets/dual-write.d.ts +81 -0
- package/dist/core/secrets/dual-write.js +247 -0
- package/dist/core/secrets/dual-write.js.map +1 -0
- package/dist/core/secrets/encryption.d.ts +44 -0
- package/dist/core/secrets/encryption.js +97 -0
- package/dist/core/secrets/encryption.js.map +1 -0
- package/dist/core/secrets/index.d.ts +49 -0
- package/dist/core/secrets/index.js +74 -0
- package/dist/core/secrets/index.js.map +1 -0
- package/dist/core/secrets/master-key.d.ts +38 -0
- package/dist/core/secrets/master-key.js +122 -0
- package/dist/core/secrets/master-key.js.map +1 -0
- package/dist/core/secrets/probes/anthropic.d.ts +98 -0
- package/dist/core/secrets/probes/anthropic.js +300 -0
- package/dist/core/secrets/probes/anthropic.js.map +1 -0
- package/dist/core/secrets/probes/brave.d.ts +9 -0
- package/dist/core/secrets/probes/brave.js +15 -0
- package/dist/core/secrets/probes/brave.js.map +1 -0
- package/dist/core/secrets/probes/r2.d.ts +15 -0
- package/dist/core/secrets/probes/r2.js +14 -0
- package/dist/core/secrets/probes/r2.js.map +1 -0
- package/dist/core/secrets/probes/tavily.d.ts +18 -0
- package/dist/core/secrets/probes/tavily.js +58 -0
- package/dist/core/secrets/probes/tavily.js.map +1 -0
- package/dist/core/secrets/probes/voyage.d.ts +13 -0
- package/dist/core/secrets/probes/voyage.js +52 -0
- package/dist/core/secrets/probes/voyage.js.map +1 -0
- package/dist/core/secrets/r2-structural-migration.d.ts +39 -0
- package/dist/core/secrets/r2-structural-migration.js +109 -0
- package/dist/core/secrets/r2-structural-migration.js.map +1 -0
- package/dist/core/secrets/read-flip.d.ts +59 -0
- package/dist/core/secrets/read-flip.js +87 -0
- package/dist/core/secrets/read-flip.js.map +1 -0
- package/dist/core/secrets/registry.d.ts +188 -0
- package/dist/core/secrets/registry.js +616 -0
- package/dist/core/secrets/registry.js.map +1 -0
- package/dist/core/types.d.ts +80 -475
- package/dist/core/types.js +27 -3
- package/dist/core/types.js.map +1 -1
- package/dist/core/user-config.d.ts +75 -7
- package/dist/core/user-config.js +155 -7
- package/dist/core/user-config.js.map +1 -1
- package/dist/core/validation.d.ts +731 -1790
- package/dist/core/validation.js +442 -228
- package/dist/core/validation.js.map +1 -1
- package/dist/core/workspace-manager.d.ts +89 -12
- package/dist/core/workspace-manager.js +225 -73
- package/dist/core/workspace-manager.js.map +1 -1
- package/dist/core/workspace.d.ts +19 -5
- package/dist/core/workspace.js +69 -35
- package/dist/core/workspace.js.map +1 -1
- package/dist/mcp/comment-virtual-entity.d.ts +36 -0
- package/dist/mcp/comment-virtual-entity.js +71 -0
- package/dist/mcp/comment-virtual-entity.js.map +1 -0
- package/dist/mcp/connector-manager.d.ts +94 -13
- package/dist/mcp/connector-manager.js +283 -62
- package/dist/mcp/connector-manager.js.map +1 -1
- package/dist/mcp/oauth-provider.d.ts +27 -33
- package/dist/mcp/oauth-provider.js +65 -134
- package/dist/mcp/oauth-provider.js.map +1 -1
- package/dist/mcp/oauth-registry.d.ts +62 -0
- package/dist/mcp/oauth-registry.js +85 -0
- package/dist/mcp/oauth-registry.js.map +1 -0
- package/dist/mcp/server.d.ts +11 -3
- package/dist/mcp/server.js +30 -5
- package/dist/mcp/server.js.map +1 -1
- package/dist/mcp/state-signer.d.ts +62 -0
- package/dist/mcp/state-signer.js +205 -0
- package/dist/mcp/state-signer.js.map +1 -0
- package/dist/mcp/tools.d.ts +35 -2
- package/dist/mcp/tools.js +1361 -112
- package/dist/mcp/tools.js.map +1 -1
- package/dist/server/__tests__/helpers/graph-api.d.ts +16 -0
- package/dist/server/__tests__/helpers/graph-api.js +16 -0
- package/dist/server/__tests__/helpers/graph-api.js.map +1 -0
- package/dist/server/asset-index-queue.d.ts +96 -0
- package/dist/server/asset-index-queue.js +191 -0
- package/dist/server/asset-index-queue.js.map +1 -0
- package/dist/server/body-write-coordinator.d.ts +151 -0
- package/dist/server/body-write-coordinator.js +161 -0
- package/dist/server/body-write-coordinator.js.map +1 -0
- package/dist/server/cloud-billing-flow.d.ts +32 -0
- package/dist/server/cloud-billing-flow.js +75 -0
- package/dist/server/cloud-billing-flow.js.map +1 -0
- package/dist/server/commit-audit.d.ts +26 -0
- package/dist/server/commit-audit.js +30 -0
- package/dist/server/commit-audit.js.map +1 -0
- package/dist/server/index.d.ts +22 -3
- package/dist/server/index.js +622 -198
- package/dist/server/index.js.map +1 -1
- package/dist/server/middleware/sanitize.d.ts +46 -0
- package/dist/server/middleware/sanitize.js +171 -0
- package/dist/server/middleware/sanitize.js.map +1 -0
- package/dist/server/routes/asset-api.d.ts +31 -0
- package/dist/server/routes/asset-api.js +593 -0
- package/dist/server/routes/asset-api.js.map +1 -0
- package/dist/server/routes/audit-api.d.ts +24 -0
- package/dist/server/routes/audit-api.js +117 -0
- package/dist/server/routes/audit-api.js.map +1 -0
- package/dist/server/routes/auth-api.d.ts +3 -2
- package/dist/server/routes/auth-api.js +573 -39
- package/dist/server/routes/auth-api.js.map +1 -1
- package/dist/server/routes/capture-api.d.ts +18 -0
- package/dist/server/routes/capture-api.js +257 -0
- package/dist/server/routes/capture-api.js.map +1 -0
- package/dist/server/routes/chat-sessions-api.d.ts +9 -0
- package/dist/server/routes/chat-sessions-api.js +121 -0
- package/dist/server/routes/chat-sessions-api.js.map +1 -0
- package/dist/server/routes/chat.d.ts +12 -1
- package/dist/server/routes/chat.js +318 -88
- package/dist/server/routes/chat.js.map +1 -1
- package/dist/server/routes/comments-api.d.ts +15 -0
- package/dist/server/routes/comments-api.js +444 -0
- package/dist/server/routes/comments-api.js.map +1 -0
- package/dist/server/routes/config-api.d.ts +21 -0
- package/dist/server/routes/config-api.js +256 -0
- package/dist/server/routes/config-api.js.map +1 -0
- package/dist/server/routes/connectors-api.d.ts +17 -0
- package/dist/server/routes/connectors-api.js +410 -0
- package/dist/server/routes/connectors-api.js.map +1 -0
- package/dist/server/routes/event-ingest-api.d.ts +15 -0
- package/dist/server/routes/event-ingest-api.js +125 -0
- package/dist/server/routes/event-ingest-api.js.map +1 -0
- package/dist/server/routes/git-http.d.ts +3 -3
- package/dist/server/routes/git-http.js +86 -38
- package/dist/server/routes/git-http.js.map +1 -1
- package/dist/server/routes/graph-api-access.d.ts +57 -0
- package/dist/server/routes/graph-api-access.js +112 -0
- package/dist/server/routes/graph-api-access.js.map +1 -0
- package/dist/server/routes/graph-api.d.ts +1 -1
- package/dist/server/routes/graph-api.js +1529 -263
- package/dist/server/routes/graph-api.js.map +1 -1
- package/dist/server/routes/health.d.ts +18 -0
- package/dist/server/routes/health.js +74 -0
- package/dist/server/routes/health.js.map +1 -0
- package/dist/server/routes/import-batch.d.ts +24 -0
- package/dist/server/routes/import-batch.js +33 -0
- package/dist/server/routes/import-batch.js.map +1 -0
- package/dist/server/routes/insights-api.d.ts +9 -2
- package/dist/server/routes/insights-api.js +384 -38
- package/dist/server/routes/insights-api.js.map +1 -1
- package/dist/server/routes/mcp.d.ts +7 -3
- package/dist/server/routes/mcp.js +22 -6
- package/dist/server/routes/mcp.js.map +1 -1
- package/dist/server/routes/oauth-api.d.ts +67 -0
- package/dist/server/routes/oauth-api.js +421 -0
- package/dist/server/routes/oauth-api.js.map +1 -0
- package/dist/server/routes/permissions-api.d.ts +9 -2
- package/dist/server/routes/permissions-api.js +87 -30
- package/dist/server/routes/permissions-api.js.map +1 -1
- package/dist/server/routes/r2-api.d.ts +25 -0
- package/dist/server/routes/r2-api.js +276 -0
- package/dist/server/routes/r2-api.js.map +1 -0
- package/dist/server/routes/secrets-api.d.ts +36 -0
- package/dist/server/routes/secrets-api.js +308 -0
- package/dist/server/routes/secrets-api.js.map +1 -0
- package/dist/server/routes/settings-api.d.ts +29 -0
- package/dist/server/routes/settings-api.js +180 -0
- package/dist/server/routes/settings-api.js.map +1 -0
- package/dist/server/routes/share-api.d.ts +32 -0
- package/dist/server/routes/share-api.js +234 -0
- package/dist/server/routes/share-api.js.map +1 -0
- package/dist/server/routes/url-api.d.ts +7 -0
- package/dist/server/routes/url-api.js +74 -0
- package/dist/server/routes/url-api.js.map +1 -0
- package/dist/server/routes/views-api.js +75 -7
- package/dist/server/routes/views-api.js.map +1 -1
- package/dist/server/routes/workspace-api.d.ts +2 -1
- package/dist/server/routes/workspace-api.js +129 -35
- package/dist/server/routes/workspace-api.js.map +1 -1
- package/dist/server/routes/ws.d.ts +2 -1
- package/dist/server/routes/ws.js +68 -16
- package/dist/server/routes/ws.js.map +1 -1
- package/dist/server/session-manager.d.ts +48 -5
- package/dist/server/session-manager.js +182 -15
- package/dist/server/session-manager.js.map +1 -1
- package/dist/server/ws-hub.d.ts +138 -14
- package/dist/server/ws-hub.js +0 -0
- package/dist/server/ws-hub.js.map +1 -1
- package/dist/server/yjs-manager.d.ts +285 -7
- package/dist/server/yjs-manager.js +907 -36
- package/dist/server/yjs-manager.js.map +1 -1
- package/dist/server/yjs-persistence.d.ts +165 -0
- package/dist/server/yjs-persistence.js +557 -0
- package/dist/server/yjs-persistence.js.map +1 -0
- package/dist/server/yjs-text-diff.d.ts +32 -0
- package/dist/server/yjs-text-diff.js +61 -0
- package/dist/server/yjs-text-diff.js.map +1 -0
- package/dist/services/access-control.d.ts +73 -0
- package/dist/services/access-control.js +165 -0
- package/dist/services/access-control.js.map +1 -0
- package/dist/services/asset-caption-service.d.ts +102 -0
- package/dist/services/asset-caption-service.js +184 -0
- package/dist/services/asset-caption-service.js.map +1 -0
- package/dist/services/asset-delete-authz.d.ts +31 -0
- package/dist/services/asset-delete-authz.js +61 -0
- package/dist/services/asset-delete-authz.js.map +1 -0
- package/dist/services/asset-finalize-service.d.ts +58 -0
- package/dist/services/asset-finalize-service.js +207 -0
- package/dist/services/asset-finalize-service.js.map +1 -0
- package/dist/services/asset-import-service.d.ts +111 -0
- package/dist/services/asset-import-service.js +394 -0
- package/dist/services/asset-import-service.js.map +1 -0
- package/dist/services/asset-index-sweep.d.ts +92 -0
- package/dist/services/asset-index-sweep.js +258 -0
- package/dist/services/asset-index-sweep.js.map +1 -0
- package/dist/services/asset-lifecycle-check.d.ts +22 -0
- package/dist/services/asset-lifecycle-check.js +80 -0
- package/dist/services/asset-lifecycle-check.js.map +1 -0
- package/dist/services/asset-listing.d.ts +72 -0
- package/dist/services/asset-listing.js +321 -0
- package/dist/services/asset-listing.js.map +1 -0
- package/dist/services/asset-presign-service.d.ts +68 -0
- package/dist/services/asset-presign-service.js +124 -0
- package/dist/services/asset-presign-service.js.map +1 -0
- package/dist/services/asset-sidecar-service.d.ts +30 -0
- package/dist/services/asset-sidecar-service.js +96 -0
- package/dist/services/asset-sidecar-service.js.map +1 -0
- package/dist/services/asset-upload-errors.d.ts +41 -0
- package/dist/services/asset-upload-errors.js +45 -0
- package/dist/services/asset-upload-errors.js.map +1 -0
- package/dist/services/asset-upload-service.d.ts +74 -0
- package/dist/services/asset-upload-service.js +244 -0
- package/dist/services/asset-upload-service.js.map +1 -0
- package/dist/services/asset-upload-token.d.ts +58 -0
- package/dist/services/asset-upload-token.js +75 -0
- package/dist/services/asset-upload-token.js.map +1 -0
- package/dist/services/assets/asset-index-service.d.ts +127 -0
- package/dist/services/assets/asset-index-service.js +227 -0
- package/dist/services/assets/asset-index-service.js.map +1 -0
- package/dist/services/assets/base.d.ts +118 -1
- package/dist/services/assets/base.js +77 -1
- package/dist/services/assets/base.js.map +1 -1
- package/dist/services/assets/index.d.ts +103 -1
- package/dist/services/assets/index.js +192 -0
- package/dist/services/assets/index.js.map +1 -1
- package/dist/services/assets/local.d.ts +16 -1
- package/dist/services/assets/local.js +110 -1
- package/dist/services/assets/local.js.map +1 -1
- package/dist/services/assets/r2-sync.d.ts +88 -0
- package/dist/services/assets/r2-sync.js +412 -0
- package/dist/services/assets/r2-sync.js.map +1 -0
- package/dist/services/assets/r2.d.ts +87 -1
- package/dist/services/assets/r2.js +203 -1
- package/dist/services/assets/r2.js.map +1 -1
- package/dist/services/auth-service.d.ts +350 -36
- package/dist/services/auth-service.js +1179 -140
- package/dist/services/auth-service.js.map +1 -1
- package/dist/services/bookmark-import-service.d.ts +49 -0
- package/dist/services/bookmark-import-service.js +250 -0
- package/dist/services/bookmark-import-service.js.map +1 -0
- package/dist/services/chat-session-service.d.ts +96 -0
- package/dist/services/chat-session-service.js +316 -0
- package/dist/services/chat-session-service.js.map +1 -0
- package/dist/services/cloud-inference-billing.d.ts +64 -0
- package/dist/services/cloud-inference-billing.js +313 -0
- package/dist/services/cloud-inference-billing.js.map +1 -0
- package/dist/services/comment-service.d.ts +97 -0
- package/dist/services/comment-service.js +341 -0
- package/dist/services/comment-service.js.map +1 -0
- package/dist/services/convert-service.d.ts +64 -0
- package/dist/services/convert-service.js +68 -0
- package/dist/services/convert-service.js.map +1 -0
- package/dist/services/csv-service.d.ts +22 -17
- package/dist/services/csv-service.js +55 -92
- package/dist/services/csv-service.js.map +1 -1
- package/dist/services/entity-mutations.d.ts +210 -0
- package/dist/services/entity-mutations.js +377 -0
- package/dist/services/entity-mutations.js.map +1 -0
- package/dist/services/event-processor.d.ts +104 -0
- package/dist/services/event-processor.js +441 -0
- package/dist/services/event-processor.js.map +1 -0
- package/dist/services/extract/docx.d.ts +1 -0
- package/dist/services/extract/docx.js +233 -0
- package/dist/services/extract/docx.js.map +1 -0
- package/dist/services/extract/index.d.ts +9 -0
- package/dist/services/extract/index.js +10 -0
- package/dist/services/extract/index.js.map +1 -0
- package/dist/services/extract/pdf.d.ts +13 -0
- package/dist/services/extract/pdf.js +69 -0
- package/dist/services/extract/pdf.js.map +1 -0
- package/dist/services/folder-creation.d.ts +33 -0
- package/dist/services/folder-creation.js +103 -0
- package/dist/services/folder-creation.js.map +1 -0
- package/dist/services/git.d.ts +54 -0
- package/dist/services/git.js +188 -54
- package/dist/services/git.js.map +1 -1
- package/dist/services/graph-maintenance.d.ts +42 -0
- package/dist/services/graph-maintenance.js +143 -0
- package/dist/services/graph-maintenance.js.map +1 -0
- package/dist/services/import-service.d.ts +58 -3
- package/dist/services/import-service.js +316 -100
- package/dist/services/import-service.js.map +1 -1
- package/dist/services/lint-service.js +10 -17
- package/dist/services/lint-service.js.map +1 -1
- package/dist/services/markdown.d.ts +12 -1
- package/dist/services/markdown.js +77 -9
- package/dist/services/markdown.js.map +1 -1
- package/dist/services/memory-service.d.ts +22 -14
- package/dist/services/memory-service.js +53 -35
- package/dist/services/memory-service.js.map +1 -1
- package/dist/services/mention-detector.d.ts +23 -0
- package/dist/services/mention-detector.js +47 -0
- package/dist/services/mention-detector.js.map +1 -0
- package/dist/services/model-capabilities.d.ts +41 -0
- package/dist/services/model-capabilities.js +107 -0
- package/dist/services/model-capabilities.js.map +1 -0
- package/dist/services/notification-broadcast.d.ts +32 -0
- package/dist/services/notification-broadcast.js +38 -0
- package/dist/services/notification-broadcast.js.map +1 -0
- package/dist/services/notification-service.d.ts +41 -0
- package/dist/services/notification-service.js +100 -0
- package/dist/services/notification-service.js.map +1 -0
- package/dist/services/oauth-server-store.d.ts +147 -0
- package/dist/services/oauth-server-store.js +319 -0
- package/dist/services/oauth-server-store.js.map +1 -0
- package/dist/services/orphan-service.js +2 -2
- package/dist/services/orphan-service.js.map +1 -1
- package/dist/services/personal-folder.d.ts +40 -0
- package/dist/services/personal-folder.js +101 -0
- package/dist/services/personal-folder.js.map +1 -0
- package/dist/services/share-link-service.d.ts +57 -0
- package/dist/services/share-link-service.js +142 -0
- package/dist/services/share-link-service.js.map +1 -0
- package/dist/services/user-person-bridge.d.ts +136 -0
- package/dist/services/user-person-bridge.js +340 -0
- package/dist/services/user-person-bridge.js.map +1 -0
- package/dist/services/vector-service.d.ts +260 -6
- package/dist/services/vector-service.js +574 -31
- package/dist/services/vector-service.js.map +1 -1
- package/dist/services/workspace-access.d.ts +108 -0
- package/dist/services/workspace-access.js +149 -0
- package/dist/services/workspace-access.js.map +1 -0
- package/dist/services/workspace-assets-folder.d.ts +46 -0
- package/dist/services/workspace-assets-folder.js +75 -0
- package/dist/services/workspace-assets-folder.js.map +1 -0
- package/dist/utils/git.d.ts +17 -2
- package/dist/utils/git.js +23 -7
- package/dist/utils/git.js.map +1 -1
- package/dist/utils/log.d.ts +42 -0
- package/dist/utils/log.js +137 -0
- package/dist/utils/log.js.map +1 -0
- package/dist/utils/preflight.js +2 -2
- package/dist/utils/preflight.js.map +1 -1
- package/dist/utils/version-checker.d.ts +12 -19
- package/dist/utils/version-checker.js +14 -104
- package/dist/utils/version-checker.js.map +1 -1
- package/dist/web/_app/immutable/assets/0.BZHoBJEc.css +2 -0
- package/dist/web/_app/immutable/assets/12.DlIf1mKh.css +1 -0
- package/dist/web/_app/immutable/assets/13.7d-Q37wc.css +1 -0
- package/dist/web/_app/immutable/assets/14.BwBFdc1D.css +1 -0
- package/dist/web/_app/immutable/assets/15.CmLrbzZp.css +1 -0
- package/dist/web/_app/immutable/assets/16.B0GwXar3.css +1 -0
- package/dist/web/_app/immutable/assets/2.C9Vt4JHy.css +1 -0
- package/dist/web/_app/immutable/assets/3.BFvgCYSk.css +1 -0
- package/dist/web/_app/immutable/assets/4.OmdYF47-.css +1 -0
- package/dist/web/_app/immutable/assets/5.C6MySjPq.css +1 -0
- package/dist/web/_app/immutable/assets/BulkActionsBar.Bx7nxMjH.css +1 -0
- package/dist/web/_app/immutable/assets/CalendarView.lBCvS3X5.css +1 -0
- package/dist/web/_app/immutable/assets/CodeMirrorEditor.D6hf2pNJ.css +1 -0
- package/dist/web/_app/immutable/assets/CopyField.DVGZtw4U.css +1 -0
- package/dist/web/_app/immutable/assets/FolderMembersPanel.DX1oBeF_.css +1 -0
- package/dist/web/_app/immutable/assets/FolderMutationDialogs.D2B7KrRn.css +1 -0
- package/dist/web/_app/immutable/assets/FolderPicker.B5KdvRYl.css +1 -0
- package/dist/web/_app/immutable/assets/GalleryView.CF48FWYQ.css +1 -0
- package/dist/web/_app/immutable/assets/GraphView.BJtGL9py.css +1 -0
- package/dist/web/_app/immutable/assets/KanbanView.BOaI5KFL.css +1 -0
- package/dist/web/_app/immutable/assets/Link.vV0ne105.css +1 -0
- package/dist/web/_app/immutable/assets/Markdown.BqgpZCv5.css +1 -0
- package/dist/web/_app/immutable/assets/Rail.f8lsriOT.css +1 -0
- package/dist/web/_app/immutable/assets/SettingsDialog.DwMus2u2.css +1 -0
- package/dist/web/_app/immutable/assets/Spinner.UBfl0pab.css +1 -0
- package/dist/web/_app/immutable/assets/StopFilledAlt.fNlDN65D.css +1 -0
- package/dist/web/_app/immutable/assets/TimelineView.DriOGAKB.css +1 -0
- package/dist/web/_app/immutable/assets/WorkspaceView.u5VdwRR6.css +1 -0
- package/dist/web/_app/immutable/assets/button.BlLm4Dg1.css +1 -0
- package/dist/web/_app/immutable/assets/checkbox.DK0MgYgb.css +1 -0
- package/dist/web/_app/immutable/assets/dist.DDCWxn3B.css +1 -0
- package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-400-normal.CvHOgSBP.woff +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-400-normal.DMJ8VG8y.woff2 +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-500-normal.CB9ihrfo.woff +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-500-normal.DSY6xOcd.woff2 +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-italic.CZTNEAuW.woff2 +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-italic.CsGl1sm0.woff +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-normal.CDDApCn2.woff2 +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-normal.CYLoc0-x.woff +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-italic.BNK2_mGO.woff2 +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-italic.DpEwFAQM.woff +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-normal.6ng42L7E.woff2 +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-normal.BgVn5rGT.woff +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-600-normal.Cu4Hd6ag.woff +0 -0
- package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-600-normal.CuJfVYMP.woff2 +0 -0
- package/dist/web/_app/immutable/assets/inline-list.cqga56xT.css +1 -0
- package/dist/web/_app/immutable/assets/list-columns.DiLB0G5L.css +1 -0
- package/dist/web/_app/immutable/assets/select.BFL238eD.css +1 -0
- package/dist/web/_app/immutable/assets/sheet.4rY4hpfJ.css +1 -0
- package/dist/web/_app/immutable/chunks/2oYV6q4R.js +2 -0
- package/dist/web/_app/immutable/chunks/4XSri7g0.js +1 -0
- package/dist/web/_app/immutable/chunks/4iaT0dG72.js +1 -0
- package/dist/web/_app/immutable/chunks/5_TKU9QS2.js +1 -0
- package/dist/web/_app/immutable/chunks/8Yh26Z9_2.js +1 -0
- package/dist/web/_app/immutable/chunks/Atl8xKOm.js +2 -0
- package/dist/web/_app/immutable/chunks/B-Z_xZy_.js +4 -0
- package/dist/web/_app/immutable/chunks/B0pk0Lyx.js +1 -0
- package/dist/web/_app/immutable/chunks/B1RnjnNt.js +1 -0
- package/dist/web/_app/immutable/chunks/B2n86UNJ.js +1 -0
- package/dist/web/_app/immutable/chunks/B318GEUB2.js +1 -0
- package/dist/web/_app/immutable/chunks/B6Lt-qaJ.js +1 -0
- package/dist/web/_app/immutable/chunks/B8yrQWxT2.js +1 -0
- package/dist/web/_app/immutable/chunks/BADt8daH.js +2 -0
- package/dist/web/_app/immutable/chunks/BBGt-XQo.js +3 -0
- package/dist/web/_app/immutable/chunks/BDIUHcEz.js +1 -0
- package/dist/web/_app/immutable/chunks/BDSuq3KH.js +1 -0
- package/dist/web/_app/immutable/chunks/BGiLU5VN.js +1 -0
- package/dist/web/_app/immutable/chunks/BJgOZTHR.js +1 -0
- package/dist/web/_app/immutable/chunks/BOSiTh-42.js +1 -0
- package/dist/web/_app/immutable/chunks/BPxcCdjn.js +1 -0
- package/dist/web/_app/immutable/chunks/BVPNAzAK.js +1 -0
- package/dist/web/_app/immutable/chunks/BcOvJgjM.js +1 -0
- package/dist/web/_app/immutable/chunks/BdYQewoD.js +1 -0
- package/dist/web/_app/immutable/chunks/BfCWIy8t.js +8 -0
- package/dist/web/_app/immutable/chunks/BgRT-K6w.js +5 -0
- package/dist/web/_app/immutable/chunks/BibveGGd.js +1 -0
- package/dist/web/_app/immutable/chunks/BmM5VZ4W.js +1 -0
- package/dist/web/_app/immutable/chunks/BnIYzuS1.js +66 -0
- package/dist/web/_app/immutable/chunks/BoDmwOTJ.js +1 -0
- package/dist/web/_app/immutable/chunks/BoglwbZW.js +1 -0
- package/dist/web/_app/immutable/chunks/Bqm_YrIg2.js +23 -0
- package/dist/web/_app/immutable/chunks/BtMRrdc4.js +2 -0
- package/dist/web/_app/immutable/chunks/C-AnzvKr.js +7 -0
- package/dist/web/_app/immutable/chunks/C1Y3tUpz.js +1 -0
- package/dist/web/_app/immutable/chunks/C6VZhhwF.js +1 -0
- package/dist/web/_app/immutable/chunks/C8IMrD4G2.js +3 -0
- package/dist/web/_app/immutable/chunks/CAXXrbj52.js +1 -0
- package/dist/web/_app/immutable/chunks/CB-0u-Pc2.js +1 -0
- package/dist/web/_app/immutable/chunks/CEniyZ1Z2.js +6 -0
- package/dist/web/_app/immutable/chunks/CJhElIkU2.js +1 -0
- package/dist/web/_app/immutable/chunks/CK8tIaYT.js +1 -0
- package/dist/web/_app/immutable/chunks/CM8uYli8.js +1 -0
- package/dist/web/_app/immutable/chunks/CTzjJm_m2.js +1 -0
- package/dist/web/_app/immutable/chunks/CUXqa1nn2.js +1 -0
- package/dist/web/_app/immutable/chunks/CY0iY_WO.js +1 -0
- package/dist/web/_app/immutable/chunks/CbCfNNV_2.js +2692 -0
- package/dist/web/_app/immutable/chunks/CbuGIyDu2.js +22 -0
- package/dist/web/_app/immutable/chunks/CcRGXA-t.js +1 -0
- package/dist/web/_app/immutable/chunks/CcXmQaYs2.js +1 -0
- package/dist/web/_app/immutable/chunks/CcaQuaSt2.js +1 -0
- package/dist/web/_app/immutable/chunks/CoHaBDpN2.js +2 -0
- package/dist/web/_app/immutable/chunks/Cvbd3myc2.js +14 -0
- package/dist/web/_app/immutable/chunks/D20C1thX2.js +1 -0
- package/dist/web/_app/immutable/chunks/D3JoMtWC.js +7 -0
- package/dist/web/_app/immutable/chunks/D3ch71s_.js +1 -0
- package/dist/web/_app/immutable/chunks/D4xXlMEU.js +2 -0
- package/dist/web/_app/immutable/chunks/D5GipQqN2.js +1 -0
- package/dist/web/_app/immutable/chunks/D9TyJuu_.js +1 -0
- package/dist/web/_app/immutable/chunks/DBFijAmG.js +1 -0
- package/dist/web/_app/immutable/chunks/DHLjkH7T.js +1 -0
- package/dist/web/_app/immutable/chunks/DIfdPIt_2.js +1 -0
- package/dist/web/_app/immutable/chunks/DO_sw49q2.js +1 -0
- package/dist/web/_app/immutable/chunks/DP69PpIj.js +1 -0
- package/dist/web/_app/immutable/chunks/DQ3HSZMs.js +2 -0
- package/dist/web/_app/immutable/chunks/DQMWa2t7.js +1 -0
- package/dist/web/_app/immutable/chunks/DT0wzK622.js +1 -0
- package/dist/web/_app/immutable/chunks/DTnEJArL.js +1 -0
- package/dist/web/_app/immutable/chunks/DToS-G202.js +1 -0
- package/dist/web/_app/immutable/chunks/DZcU6mGe2.js +1 -0
- package/dist/web/_app/immutable/chunks/DbslMybD.js +1 -0
- package/dist/web/_app/immutable/chunks/DcGThsSF.js +1 -0
- package/dist/web/_app/immutable/chunks/DcPrzUMJ.js +1 -0
- package/dist/web/_app/immutable/chunks/De0g5qop2.js +1 -0
- package/dist/web/_app/immutable/chunks/DimS8dbZ2.js +1 -0
- package/dist/web/_app/immutable/chunks/DjuqhOjF.js +1 -0
- package/dist/web/_app/immutable/chunks/Dk6sAhpo.js +3 -0
- package/dist/web/_app/immutable/chunks/Dl6cnwyk.js +1 -0
- package/dist/web/_app/immutable/chunks/DnIQzIOz.js +1 -0
- package/dist/web/_app/immutable/chunks/DnXYAo60.js +1 -0
- package/dist/web/_app/immutable/chunks/DnrImJan.js +1 -0
- package/dist/web/_app/immutable/chunks/Dpuq25vu2.js +1 -0
- package/dist/web/_app/immutable/chunks/DrMZDWru.js +1 -0
- package/dist/web/_app/immutable/chunks/DsVOtl0N.js +1 -0
- package/dist/web/_app/immutable/chunks/DuTXsWdP.js +2 -0
- package/dist/web/_app/immutable/chunks/Dw-frCfE.js +1 -0
- package/dist/web/_app/immutable/chunks/Dz34u8Ie2.js +185 -0
- package/dist/web/_app/immutable/chunks/DzcFeQZU2.js +2 -0
- package/dist/web/_app/immutable/chunks/DzrRTvug.js +1 -0
- package/dist/web/_app/immutable/chunks/G5oUVQa92.js +1 -0
- package/dist/web/_app/immutable/chunks/HyhOhoeq2.js +2 -0
- package/dist/web/_app/immutable/chunks/J5nb9xxj.js +1 -0
- package/dist/web/_app/immutable/chunks/JCjEwqH9.js +1 -0
- package/dist/web/_app/immutable/chunks/JN_nsXUm2.js +1 -0
- package/dist/web/_app/immutable/chunks/JS2_GaB1.js +1 -0
- package/dist/web/_app/immutable/chunks/MtI6dyxu.js +1 -0
- package/dist/web/_app/immutable/chunks/N6vnY5Si2.js +1 -0
- package/dist/web/_app/immutable/chunks/PcEbaKam.js +2 -0
- package/dist/web/_app/immutable/chunks/VTYhCLh9.js +2 -0
- package/dist/web/_app/immutable/chunks/Wowi_89k.js +5 -0
- package/dist/web/_app/immutable/chunks/Y_asqJqs2.js +83 -0
- package/dist/web/_app/immutable/chunks/Yhg5Q4MT.js +1 -0
- package/dist/web/_app/immutable/chunks/f_eYccPf2.js +1 -0
- package/dist/web/_app/immutable/chunks/hm_8RsuL.js +1 -0
- package/dist/web/_app/immutable/chunks/iPCkjliu.js +3 -0
- package/dist/web/_app/immutable/chunks/j2AvgZGz.js +1 -0
- package/dist/web/_app/immutable/chunks/kNaey6uv.js +1 -0
- package/dist/web/_app/immutable/chunks/l1761xxj.js +1 -0
- package/dist/web/_app/immutable/chunks/liGRFQqV2.js +184 -0
- package/dist/web/_app/immutable/chunks/lq1kR86d.js +1 -0
- package/dist/web/_app/immutable/chunks/mIykYR4F2.js +1 -0
- package/dist/web/_app/immutable/chunks/rbhlO_t8.js +1 -0
- package/dist/web/_app/immutable/chunks/tJpAwaTl.js +1 -0
- package/dist/web/_app/immutable/chunks/tcegdii0.js +2 -0
- package/dist/web/_app/immutable/chunks/u8G2EUvz2.js +224 -0
- package/dist/web/_app/immutable/chunks/vgsM0KTm2.js +1 -0
- package/dist/web/_app/immutable/chunks/xcGI4fuV.js +1 -0
- package/dist/web/_app/immutable/chunks/xihTtKlq.js +1 -0
- package/dist/web/_app/immutable/chunks/yEYlhV9G2.js +1 -0
- package/dist/web/_app/immutable/entry/app.DSf_XGp8.js +2 -0
- package/dist/web/_app/immutable/entry/start.B7ScfxPc.js +1 -0
- package/dist/web/_app/immutable/nodes/0.BMSOOETY.js +2 -0
- package/dist/web/_app/immutable/nodes/1.B0lBUpHt.js +1 -0
- package/dist/web/_app/immutable/nodes/10.DmDbUH1j.js +1 -0
- package/dist/web/_app/immutable/nodes/11.gwY7gZdR.js +1 -0
- package/dist/web/_app/immutable/nodes/12.BpGHSr2y.js +1 -0
- package/dist/web/_app/immutable/nodes/13.Bf178QF_.js +1 -0
- package/dist/web/_app/immutable/nodes/14.D_x8-nk9.js +1 -0
- package/dist/web/_app/immutable/nodes/15.DY4XeagL.js +1 -0
- package/dist/web/_app/immutable/nodes/16.DPqftx8x.js +77 -0
- package/dist/web/_app/immutable/nodes/2.OM2LGRpi.js +109 -0
- package/dist/web/_app/immutable/nodes/3.e8ZoPCmC.js +6 -0
- package/dist/web/_app/immutable/nodes/4.BdYR1hNQ.js +11 -0
- package/dist/web/_app/immutable/nodes/5.B8sOFna9.js +5 -0
- package/dist/web/_app/immutable/nodes/6.L1BbYsmo.js +1 -0
- package/dist/web/_app/immutable/nodes/7.B7zoemJD.js +1 -0
- package/dist/web/_app/immutable/nodes/8.B1VtnfMK.js +1 -0
- package/dist/web/_app/immutable/nodes/9.BE3VCQzk.js +1 -0
- package/dist/web/_app/version.json +1 -1
- package/dist/web/favicon-16.png +0 -0
- package/dist/web/favicon-180.png +0 -0
- package/dist/web/favicon-32.png +0 -0
- package/dist/web/favicon-48.png +0 -0
- package/dist/web/favicon-512.png +0 -0
- package/dist/web/favicon.ico +0 -0
- package/dist/web/favicon.svg +8 -0
- package/dist/web/index.html +58 -19
- package/dist/web/studiograph-logomark.svg +29 -0
- package/package.json +38 -14
- package/dist/agent/skills/enrich-entities.md +0 -136
- package/dist/agent/skills/obsidian-source-setup.md +0 -246
- package/dist/agent/skills/skill-loader.d.ts +0 -48
- package/dist/agent/skills/skill-loader.js +0 -166
- package/dist/agent/skills/skill-loader.js.map +0 -1
- package/dist/agent/skills/sync-configuration.md +0 -119
- package/dist/agent/skills/sync-setup.md +0 -82
- package/dist/agent/tools/sync-tools.d.ts +0 -35
- package/dist/agent/tools/sync-tools.js +0 -992
- package/dist/agent/tools/sync-tools.js.map +0 -1
- package/dist/auth/github.d.ts +0 -56
- package/dist/auth/github.js +0 -169
- package/dist/auth/github.js.map +0 -1
- package/dist/cli/commands/access.d.ts +0 -11
- package/dist/cli/commands/access.js +0 -156
- package/dist/cli/commands/access.js.map +0 -1
- package/dist/cli/commands/app.d.ts +0 -7
- package/dist/cli/commands/app.js +0 -268
- package/dist/cli/commands/app.js.map +0 -1
- package/dist/cli/commands/auth.d.ts +0 -10
- package/dist/cli/commands/auth.js +0 -79
- package/dist/cli/commands/auth.js.map +0 -1
- package/dist/cli/commands/clear.d.ts +0 -5
- package/dist/cli/commands/clear.js +0 -36
- package/dist/cli/commands/clear.js.map +0 -1
- package/dist/cli/commands/collection.d.ts +0 -10
- package/dist/cli/commands/collection.js +0 -187
- package/dist/cli/commands/collection.js.map +0 -1
- package/dist/cli/commands/enrich.d.ts +0 -11
- package/dist/cli/commands/enrich.js +0 -135
- package/dist/cli/commands/enrich.js.map +0 -1
- package/dist/cli/commands/graphrag.d.ts +0 -12
- package/dist/cli/commands/graphrag.js +0 -122
- package/dist/cli/commands/graphrag.js.map +0 -1
- package/dist/cli/commands/join.d.ts +0 -9
- package/dist/cli/commands/join.js +0 -255
- package/dist/cli/commands/join.js.map +0 -1
- package/dist/cli/commands/members.d.ts +0 -11
- package/dist/cli/commands/members.js +0 -230
- package/dist/cli/commands/members.js.map +0 -1
- package/dist/cli/commands/org.d.ts +0 -10
- package/dist/cli/commands/org.js +0 -132
- package/dist/cli/commands/org.js.map +0 -1
- package/dist/cli/commands/provision.d.ts +0 -8
- package/dist/cli/commands/provision.js +0 -116
- package/dist/cli/commands/provision.js.map +0 -1
- package/dist/cli/commands/resolve.d.ts +0 -8
- package/dist/cli/commands/resolve.js +0 -85
- package/dist/cli/commands/resolve.js.map +0 -1
- package/dist/cli/commands/review.d.ts +0 -19
- package/dist/cli/commands/review.js +0 -128
- package/dist/cli/commands/review.js.map +0 -1
- package/dist/cli/commands/source.d.ts +0 -16
- package/dist/cli/commands/source.js +0 -159
- package/dist/cli/commands/source.js.map +0 -1
- package/dist/cli/commands/start.d.ts +0 -7
- package/dist/cli/commands/start.js +0 -589
- package/dist/cli/commands/start.js.map +0 -1
- package/dist/cli/commands/sync-collection.d.ts +0 -14
- package/dist/cli/commands/sync-collection.js +0 -355
- package/dist/cli/commands/sync-collection.js.map +0 -1
- package/dist/cli/commands/sync-entities.d.ts +0 -13
- package/dist/cli/commands/sync-entities.js +0 -242
- package/dist/cli/commands/sync-entities.js.map +0 -1
- package/dist/cli/commands/team.d.ts +0 -12
- package/dist/cli/commands/team.js +0 -185
- package/dist/cli/commands/team.js.map +0 -1
- package/dist/cli/commands/update.d.ts +0 -8
- package/dist/cli/commands/update.js +0 -155
- package/dist/cli/commands/update.js.map +0 -1
- package/dist/cli/commands/user.d.ts +0 -7
- package/dist/cli/commands/user.js +0 -153
- package/dist/cli/commands/user.js.map +0 -1
- package/dist/cli/scaffolding.d.ts +0 -12
- package/dist/cli/scaffolding.js +0 -397
- package/dist/cli/scaffolding.js.map +0 -1
- package/dist/cli/sync-review-interactive.d.ts +0 -31
- package/dist/cli/sync-review-interactive.js +0 -393
- package/dist/cli/sync-review-interactive.js.map +0 -1
- package/dist/core/migration-runner.d.ts +0 -42
- package/dist/core/migration-runner.js +0 -232
- package/dist/core/migration-runner.js.map +0 -1
- package/dist/core/migration-types.d.ts +0 -101
- package/dist/core/migration-types.js +0 -21
- package/dist/core/migration-types.js.map +0 -1
- package/dist/core/migrations/20260219-formalize-memory-location.d.ts +0 -2
- package/dist/core/migrations/20260219-formalize-memory-location.js +0 -35
- package/dist/core/migrations/20260219-formalize-memory-location.js.map +0 -1
- package/dist/core/migrations/20260220-add-workspace-metadata.d.ts +0 -12
- package/dist/core/migrations/20260220-add-workspace-metadata.js +0 -65
- package/dist/core/migrations/20260220-add-workspace-metadata.js.map +0 -1
- package/dist/core/migrations/20260220-add-workspace-readme.d.ts +0 -11
- package/dist/core/migrations/20260220-add-workspace-readme.js +0 -82
- package/dist/core/migrations/20260220-add-workspace-readme.js.map +0 -1
- package/dist/core/migrations/20260220-migrate-yaml-to-json.d.ts +0 -9
- package/dist/core/migrations/20260220-migrate-yaml-to-json.js +0 -64
- package/dist/core/migrations/20260220-migrate-yaml-to-json.js.map +0 -1
- package/dist/core/migrations/index.d.ts +0 -11
- package/dist/core/migrations/index.js +0 -23
- package/dist/core/migrations/index.js.map +0 -1
- package/dist/integrations/asana.d.ts +0 -26
- package/dist/integrations/asana.js +0 -78
- package/dist/integrations/asana.js.map +0 -1
- package/dist/integrations/figma-local.d.ts +0 -16
- package/dist/integrations/figma-local.js +0 -10
- package/dist/integrations/figma-local.js.map +0 -1
- package/dist/integrations/figma.d.ts +0 -17
- package/dist/integrations/figma.js +0 -17
- package/dist/integrations/figma.js.map +0 -1
- package/dist/integrations/granola.d.ts +0 -24
- package/dist/integrations/granola.js +0 -60
- package/dist/integrations/granola.js.map +0 -1
- package/dist/integrations/linear.d.ts +0 -14
- package/dist/integrations/linear.js +0 -80
- package/dist/integrations/linear.js.map +0 -1
- package/dist/integrations/paper-local.d.ts +0 -14
- package/dist/integrations/paper-local.js +0 -10
- package/dist/integrations/paper-local.js.map +0 -1
- package/dist/integrations/paper.d.ts +0 -2
- package/dist/integrations/paper.js +0 -10
- package/dist/integrations/paper.js.map +0 -1
- package/dist/integrations/pipedrive.d.ts +0 -26
- package/dist/integrations/pipedrive.js +0 -97
- package/dist/integrations/pipedrive.js.map +0 -1
- package/dist/integrations/registry.d.ts +0 -15
- package/dist/integrations/registry.js +0 -27
- package/dist/integrations/registry.js.map +0 -1
- package/dist/integrations/types.d.ts +0 -38
- package/dist/integrations/types.js +0 -9
- package/dist/integrations/types.js.map +0 -1
- package/dist/lib/lib/utils.d.ts +0 -2
- package/dist/lib/lib/utils.js +0 -6
- package/dist/lib/lib/utils.js.map +0 -1
- package/dist/mcp/connectors/asana.d.ts +0 -2
- package/dist/mcp/connectors/asana.js +0 -20
- package/dist/mcp/connectors/asana.js.map +0 -1
- package/dist/mcp/connectors/definitions.d.ts +0 -45
- package/dist/mcp/connectors/definitions.js +0 -32
- package/dist/mcp/connectors/definitions.js.map +0 -1
- package/dist/mcp/connectors/figma.d.ts +0 -5
- package/dist/mcp/connectors/figma.js +0 -21
- package/dist/mcp/connectors/figma.js.map +0 -1
- package/dist/mcp/connectors/gdrive.d.ts +0 -2
- package/dist/mcp/connectors/gdrive.js +0 -20
- package/dist/mcp/connectors/gdrive.js.map +0 -1
- package/dist/mcp/connectors/granola.d.ts +0 -2
- package/dist/mcp/connectors/granola.js +0 -12
- package/dist/mcp/connectors/granola.js.map +0 -1
- package/dist/mcp/connectors/linear.d.ts +0 -2
- package/dist/mcp/connectors/linear.js +0 -19
- package/dist/mcp/connectors/linear.js.map +0 -1
- package/dist/mcp/connectors/obsidian.d.ts +0 -2
- package/dist/mcp/connectors/obsidian.js +0 -19
- package/dist/mcp/connectors/obsidian.js.map +0 -1
- package/dist/mcp/connectors/pipedrive.d.ts +0 -2
- package/dist/mcp/connectors/pipedrive.js +0 -20
- package/dist/mcp/connectors/pipedrive.js.map +0 -1
- package/dist/mcp/connectors/slack.d.ts +0 -2
- package/dist/mcp/connectors/slack.js +0 -21
- package/dist/mcp/connectors/slack.js.map +0 -1
- package/dist/mcp/server-oauth-provider.d.ts +0 -56
- package/dist/mcp/server-oauth-provider.js +0 -142
- package/dist/mcp/server-oauth-provider.js.map +0 -1
- package/dist/server/chrome/chrome.css +0 -691
- package/dist/server/chrome/chrome.js +0 -374
- package/dist/server/collab-authority.d.ts +0 -70
- package/dist/server/collab-authority.js +0 -218
- package/dist/server/collab-authority.js.map +0 -1
- package/dist/server/collab.d.ts +0 -29
- package/dist/server/collab.js +0 -195
- package/dist/server/collab.js.map +0 -1
- package/dist/server/commit-scheduler.d.ts +0 -39
- package/dist/server/commit-scheduler.js +0 -113
- package/dist/server/commit-scheduler.js.map +0 -1
- package/dist/server/plugin-loader.d.ts +0 -53
- package/dist/server/plugin-loader.js +0 -155
- package/dist/server/plugin-loader.js.map +0 -1
- package/dist/server/routes/collab.d.ts +0 -6
- package/dist/server/routes/collab.js +0 -10
- package/dist/server/routes/collab.js.map +0 -1
- package/dist/server/routes/git-api.d.ts +0 -9
- package/dist/server/routes/git-api.js +0 -82
- package/dist/server/routes/git-api.js.map +0 -1
- package/dist/server/routes/meeting-ingest-api.d.ts +0 -15
- package/dist/server/routes/meeting-ingest-api.js +0 -323
- package/dist/server/routes/meeting-ingest-api.js.map +0 -1
- package/dist/server/routes/sync-api.d.ts +0 -26
- package/dist/server/routes/sync-api.js +0 -814
- package/dist/server/routes/sync-api.js.map +0 -1
- package/dist/server/routes/webhook.d.ts +0 -14
- package/dist/server/routes/webhook.js +0 -102
- package/dist/server/routes/webhook.js.map +0 -1
- package/dist/services/github-provisioner.d.ts +0 -36
- package/dist/services/github-provisioner.js +0 -126
- package/dist/services/github-provisioner.js.map +0 -1
- package/dist/services/github-service.d.ts +0 -99
- package/dist/services/github-service.js +0 -310
- package/dist/services/github-service.js.map +0 -1
- package/dist/services/insights.d.ts +0 -38
- package/dist/services/insights.js +0 -246
- package/dist/services/insights.js.map +0 -1
- package/dist/services/sync/collection-sync.d.ts +0 -60
- package/dist/services/sync/collection-sync.js +0 -509
- package/dist/services/sync/collection-sync.js.map +0 -1
- package/dist/services/sync/commit.d.ts +0 -60
- package/dist/services/sync/commit.js +0 -354
- package/dist/services/sync/commit.js.map +0 -1
- package/dist/services/sync/context-index.d.ts +0 -69
- package/dist/services/sync/context-index.js +0 -280
- package/dist/services/sync/context-index.js.map +0 -1
- package/dist/services/sync/data-fetcher.d.ts +0 -31
- package/dist/services/sync/data-fetcher.js +0 -12
- package/dist/services/sync/data-fetcher.js.map +0 -1
- package/dist/services/sync/derive.d.ts +0 -34
- package/dist/services/sync/derive.js +0 -164
- package/dist/services/sync/derive.js.map +0 -1
- package/dist/services/sync/enrichment-state.d.ts +0 -31
- package/dist/services/sync/enrichment-state.js +0 -63
- package/dist/services/sync/enrichment-state.js.map +0 -1
- package/dist/services/sync/enrichment.d.ts +0 -25
- package/dist/services/sync/enrichment.js +0 -121
- package/dist/services/sync/enrichment.js.map +0 -1
- package/dist/services/sync/entity-refresh.d.ts +0 -30
- package/dist/services/sync/entity-refresh.js +0 -275
- package/dist/services/sync/entity-refresh.js.map +0 -1
- package/dist/services/sync/frontmatter-extractor.d.ts +0 -40
- package/dist/services/sync/frontmatter-extractor.js +0 -279
- package/dist/services/sync/frontmatter-extractor.js.map +0 -1
- package/dist/services/sync/graph-match-state.d.ts +0 -33
- package/dist/services/sync/graph-match-state.js +0 -61
- package/dist/services/sync/graph-match-state.js.map +0 -1
- package/dist/services/sync/graph-match.d.ts +0 -53
- package/dist/services/sync/graph-match.js +0 -316
- package/dist/services/sync/graph-match.js.map +0 -1
- package/dist/services/sync/graphrag-client.d.ts +0 -43
- package/dist/services/sync/graphrag-client.js +0 -94
- package/dist/services/sync/graphrag-client.js.map +0 -1
- package/dist/services/sync/graphrag-config.d.ts +0 -16
- package/dist/services/sync/graphrag-config.js +0 -39
- package/dist/services/sync/graphrag-config.js.map +0 -1
- package/dist/services/sync/graphrag-context.d.ts +0 -14
- package/dist/services/sync/graphrag-context.js +0 -109
- package/dist/services/sync/graphrag-context.js.map +0 -1
- package/dist/services/sync/graphrag-indexer.d.ts +0 -30
- package/dist/services/sync/graphrag-indexer.js +0 -358
- package/dist/services/sync/graphrag-indexer.js.map +0 -1
- package/dist/services/sync/llm.d.ts +0 -32
- package/dist/services/sync/llm.js +0 -115
- package/dist/services/sync/llm.js.map +0 -1
- package/dist/services/sync/mcp-client.d.ts +0 -71
- package/dist/services/sync/mcp-client.js +0 -299
- package/dist/services/sync/mcp-client.js.map +0 -1
- package/dist/services/sync/model-factory.d.ts +0 -13
- package/dist/services/sync/model-factory.js +0 -38
- package/dist/services/sync/model-factory.js.map +0 -1
- package/dist/services/sync/name-quality.d.ts +0 -31
- package/dist/services/sync/name-quality.js +0 -60
- package/dist/services/sync/name-quality.js.map +0 -1
- package/dist/services/sync/output-schemas.d.ts +0 -92
- package/dist/services/sync/output-schemas.js +0 -43
- package/dist/services/sync/output-schemas.js.map +0 -1
- package/dist/services/sync/prompts.d.ts +0 -19
- package/dist/services/sync/prompts.js +0 -128
- package/dist/services/sync/prompts.js.map +0 -1
- package/dist/services/sync/reconciler.d.ts +0 -48
- package/dist/services/sync/reconciler.js +0 -294
- package/dist/services/sync/reconciler.js.map +0 -1
- package/dist/services/sync/rest-client.d.ts +0 -40
- package/dist/services/sync/rest-client.js +0 -100
- package/dist/services/sync/rest-client.js.map +0 -1
- package/dist/services/sync/source-config.d.ts +0 -67
- package/dist/services/sync/source-config.js +0 -304
- package/dist/services/sync/source-config.js.map +0 -1
- package/dist/services/sync/source-definitions/asana.d.ts +0 -14
- package/dist/services/sync/source-definitions/asana.js +0 -42
- package/dist/services/sync/source-definitions/asana.js.map +0 -1
- package/dist/services/sync/source-definitions/definitions.d.ts +0 -8
- package/dist/services/sync/source-definitions/definitions.js +0 -8
- package/dist/services/sync/source-definitions/definitions.js.map +0 -1
- package/dist/services/sync/source-definitions/gdrive.d.ts +0 -16
- package/dist/services/sync/source-definitions/gdrive.js +0 -68
- package/dist/services/sync/source-definitions/gdrive.js.map +0 -1
- package/dist/services/sync/source-definitions/granola.d.ts +0 -2
- package/dist/services/sync/source-definitions/granola.js +0 -21
- package/dist/services/sync/source-definitions/granola.js.map +0 -1
- package/dist/services/sync/source-definitions/linear.d.ts +0 -2
- package/dist/services/sync/source-definitions/linear.js +0 -62
- package/dist/services/sync/source-definitions/linear.js.map +0 -1
- package/dist/services/sync/source-definitions/obsidian.d.ts +0 -2
- package/dist/services/sync/source-definitions/obsidian.js +0 -55
- package/dist/services/sync/source-definitions/obsidian.js.map +0 -1
- package/dist/services/sync/source-definitions/pipedrive.d.ts +0 -2
- package/dist/services/sync/source-definitions/pipedrive.js +0 -43
- package/dist/services/sync/source-definitions/pipedrive.js.map +0 -1
- package/dist/services/sync/staging.d.ts +0 -53
- package/dist/services/sync/staging.js +0 -130
- package/dist/services/sync/staging.js.map +0 -1
- package/dist/services/sync/structured-extractor.d.ts +0 -57
- package/dist/services/sync/structured-extractor.js +0 -584
- package/dist/services/sync/structured-extractor.js.map +0 -1
- package/dist/services/sync/sync-runner.d.ts +0 -32
- package/dist/services/sync/sync-runner.js +0 -195
- package/dist/services/sync/sync-runner.js.map +0 -1
- package/dist/services/sync/sync-state.d.ts +0 -43
- package/dist/services/sync/sync-state.js +0 -154
- package/dist/services/sync/sync-state.js.map +0 -1
- package/dist/services/sync/types.d.ts +0 -381
- package/dist/services/sync/types.js +0 -8
- package/dist/services/sync/types.js.map +0 -1
- package/dist/services/sync/unstructured-extractor.d.ts +0 -27
- package/dist/services/sync/unstructured-extractor.js +0 -185
- package/dist/services/sync/unstructured-extractor.js.map +0 -1
- package/dist/utils/merge-resolver.d.ts +0 -59
- package/dist/utils/merge-resolver.js +0 -303
- package/dist/utils/merge-resolver.js.map +0 -1
- package/dist/utils/workspace-config.d.ts +0 -8
- package/dist/utils/workspace-config.js +0 -22
- package/dist/utils/workspace-config.js.map +0 -1
- package/dist/web/_app/immutable/assets/0.DdizXOKi.css +0 -1
- package/dist/web/_app/immutable/assets/10.BUrHkYry.css +0 -1
- package/dist/web/_app/immutable/assets/2.n7-yW_Fs.css +0 -1
- package/dist/web/_app/immutable/assets/3.BtaZagnv.css +0 -1
- package/dist/web/_app/immutable/assets/4.DT7X0x5S.css +0 -1
- package/dist/web/_app/immutable/assets/5.DFeGxLYf.css +0 -1
- package/dist/web/_app/immutable/assets/6.CquhUpOu.css +0 -1
- package/dist/web/_app/immutable/assets/7.CjbDRbuG.css +0 -1
- package/dist/web/_app/immutable/assets/8.S1QdUGNM.css +0 -1
- package/dist/web/_app/immutable/assets/9.CT4xL4K3.css +0 -1
- package/dist/web/_app/immutable/assets/Copy.FS8bdfxr.css +0 -1
- package/dist/web/_app/immutable/assets/Toaster.rN8r_Hzv.css +0 -1
- package/dist/web/_app/immutable/assets/ViewToolbar.D-QW2oKe.css +0 -1
- package/dist/web/_app/immutable/assets/index.D6tMDJWk.css +0 -1
- package/dist/web/_app/immutable/chunks/-iaeBIWN.js +0 -1
- package/dist/web/_app/immutable/chunks/37NdyH6G.js +0 -32
- package/dist/web/_app/immutable/chunks/4Hhzb6pv.js +0 -1
- package/dist/web/_app/immutable/chunks/72bZS3G9.js +0 -1
- package/dist/web/_app/immutable/chunks/7S2LGqoP.js +0 -2
- package/dist/web/_app/immutable/chunks/B340SUKR.js +0 -1
- package/dist/web/_app/immutable/chunks/B3Z4_Sps.js +0 -1
- package/dist/web/_app/immutable/chunks/BB_5th5W.js +0 -3383
- package/dist/web/_app/immutable/chunks/BPWYOQXG.js +0 -1
- package/dist/web/_app/immutable/chunks/BR77jbfR.js +0 -1
- package/dist/web/_app/immutable/chunks/BS2rFAVq.js +0 -1
- package/dist/web/_app/immutable/chunks/BSsDC_p4.js +0 -1
- package/dist/web/_app/immutable/chunks/BTX2Jr8_.js +0 -1
- package/dist/web/_app/immutable/chunks/Bq_KShUL.js +0 -4
- package/dist/web/_app/immutable/chunks/Bsacq2UX.js +0 -1
- package/dist/web/_app/immutable/chunks/ByunV8un.js +0 -1
- package/dist/web/_app/immutable/chunks/BzPu-Eht.js +0 -1
- package/dist/web/_app/immutable/chunks/C7VoTosa.js +0 -2
- package/dist/web/_app/immutable/chunks/CDV5Q7RN.js +0 -1
- package/dist/web/_app/immutable/chunks/CGc1sIb_.js +0 -1
- package/dist/web/_app/immutable/chunks/CJ8__CWt.js +0 -1
- package/dist/web/_app/immutable/chunks/CJUKmosC.js +0 -5
- package/dist/web/_app/immutable/chunks/CSVbGg_b.js +0 -5
- package/dist/web/_app/immutable/chunks/CT6oIU-C.js +0 -1
- package/dist/web/_app/immutable/chunks/CTRxNfZk.js +0 -1
- package/dist/web/_app/immutable/chunks/CWQRQXxy.js +0 -1
- package/dist/web/_app/immutable/chunks/CX87mIM8.js +0 -1
- package/dist/web/_app/immutable/chunks/CXH6iFbA.js +0 -1
- package/dist/web/_app/immutable/chunks/CX_61fY8.js +0 -5
- package/dist/web/_app/immutable/chunks/CYrVHOHA.js +0 -1
- package/dist/web/_app/immutable/chunks/CdeYcEuU.js +0 -1
- package/dist/web/_app/immutable/chunks/CmCtpZ1Y.js +0 -1
- package/dist/web/_app/immutable/chunks/Cpsr8-Xy.js +0 -1
- package/dist/web/_app/immutable/chunks/CqkleIqs.js +0 -1
- package/dist/web/_app/immutable/chunks/CrdV0ttd.js +0 -1
- package/dist/web/_app/immutable/chunks/CscoF-YL.js +0 -18
- package/dist/web/_app/immutable/chunks/Cx4YdFMk.js +0 -1
- package/dist/web/_app/immutable/chunks/D7ZqAKi9.js +0 -3
- package/dist/web/_app/immutable/chunks/DGbA7IXh.js +0 -2
- package/dist/web/_app/immutable/chunks/DTZE-yoq.js +0 -2
- package/dist/web/_app/immutable/chunks/DbbB6Up5.js +0 -1
- package/dist/web/_app/immutable/chunks/DnL9f0lc.js +0 -7
- package/dist/web/_app/immutable/chunks/DtM5cEDu.js +0 -1
- package/dist/web/_app/immutable/chunks/Eqahi7_S.js +0 -2
- package/dist/web/_app/immutable/chunks/O9Eb9k00.js +0 -1
- package/dist/web/_app/immutable/chunks/PPVm8Dsz.js +0 -1
- package/dist/web/_app/immutable/chunks/QF8MAmnc.js +0 -1
- package/dist/web/_app/immutable/chunks/UjzxCpxn.js +0 -1
- package/dist/web/_app/immutable/chunks/WSUKABI_.js +0 -1
- package/dist/web/_app/immutable/chunks/Y90OgS-9.js +0 -1
- package/dist/web/_app/immutable/chunks/cLyZlkXv.js +0 -1
- package/dist/web/_app/immutable/chunks/iDtAARVW.js +0 -2
- package/dist/web/_app/immutable/chunks/oC_W7W7p.js +0 -1
- package/dist/web/_app/immutable/chunks/rJdWIgh-.js +0 -1
- package/dist/web/_app/immutable/chunks/tvOsokaa.js +0 -1
- package/dist/web/_app/immutable/chunks/uLEXaPwE.js +0 -1
- package/dist/web/_app/immutable/chunks/vSaooFHB.js +0 -1
- package/dist/web/_app/immutable/entry/app.BeUKh4sD.js +0 -2
- package/dist/web/_app/immutable/entry/start.CZJnFuQn.js +0 -1
- package/dist/web/_app/immutable/nodes/0.DyF_RsLg.js +0 -2
- package/dist/web/_app/immutable/nodes/1.7iDQmMPh.js +0 -1
- package/dist/web/_app/immutable/nodes/10.Btl8d8HT.js +0 -1
- package/dist/web/_app/immutable/nodes/2.LDRE62jN.js +0 -168
- package/dist/web/_app/immutable/nodes/3.BaW1XB1x.js +0 -1
- package/dist/web/_app/immutable/nodes/4.D0Q8kpkI.js +0 -12
- package/dist/web/_app/immutable/nodes/5.n7j2UG9h.js +0 -4
- package/dist/web/_app/immutable/nodes/6.DQYxR0iy.js +0 -2
- package/dist/web/_app/immutable/nodes/7.BsURvFAp.js +0 -2
- package/dist/web/_app/immutable/nodes/8.CsiErG0p.js +0 -1
- package/dist/web/_app/immutable/nodes/9.CnN6OZgC.js +0 -1
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OAuth 2.0 Authorization Server routes
|
|
3
|
+
*
|
|
4
|
+
* Makes Studiograph's `/mcp` server connectable by Claude Desktop's Chat/Cowork
|
|
5
|
+
* connector pipeline (OAuth-only). Implements the minimal authorization-server
|
|
6
|
+
* surface an MCP client drives:
|
|
7
|
+
*
|
|
8
|
+
* GET /.well-known/oauth-protected-resource[/mcp] — resource metadata
|
|
9
|
+
* GET /.well-known/oauth-authorization-server — AS metadata
|
|
10
|
+
* POST /oauth/register — Dynamic Client Registration
|
|
11
|
+
* GET /oauth/authorize — consent screen
|
|
12
|
+
* POST /oauth/authorize — consent submit → code
|
|
13
|
+
* POST /oauth/token — code + refresh grants
|
|
14
|
+
* POST /oauth/revoke — revoke a refresh token
|
|
15
|
+
*
|
|
16
|
+
* Security posture (see plan reflective-sprouting-turtle):
|
|
17
|
+
* - Issuer + endpoint URLs are PINNED to a configured canonical base URL,
|
|
18
|
+
* never the inbound Host header (metadata-spoofing defense).
|
|
19
|
+
* - DCR is unauthenticated (the client has no user yet) but rate-limited,
|
|
20
|
+
* and redirect URIs are validated (https-only, no fragments/wildcards).
|
|
21
|
+
* - PKCE S256 is mandatory; authorization codes are single-use, ≤60s.
|
|
22
|
+
* - The consent form carries an HMAC-signed blob of the authorize params
|
|
23
|
+
* (incl. `state` + the logged-in userId) so the POST can't be forged.
|
|
24
|
+
* - All values rendered into the consent HTML are escaped (DCR is attacker-
|
|
25
|
+
* controlled). Token responses are `Cache-Control: no-store`.
|
|
26
|
+
* - Access tokens are minted with `aud = <canonical>/mcp`; the global auth
|
|
27
|
+
* hook scopes them to `/mcp` + `/oauth/*`.
|
|
28
|
+
*/
|
|
29
|
+
import type { FastifyInstance, FastifyRequest } from 'fastify';
|
|
30
|
+
import type { AuthService } from '../../services/auth-service.js';
|
|
31
|
+
interface WorkspaceConfigLike {
|
|
32
|
+
server_url?: unknown;
|
|
33
|
+
[k: string]: unknown;
|
|
34
|
+
}
|
|
35
|
+
/** Thrown when no canonical URL is pinned in a proxied/production-like deployment. */
|
|
36
|
+
export declare class CanonicalUrlError extends Error {
|
|
37
|
+
constructor();
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Resolve the canonical public base URL for this tenant, in priority order:
|
|
41
|
+
* 1. STUDIOGRAPH_PUBLIC_URL env (explicit operator override)
|
|
42
|
+
* 2. workspace config `server_url`
|
|
43
|
+
* 3. RAILWAY_PUBLIC_DOMAIN env → https://<domain>
|
|
44
|
+
* 4. request origin (LOCAL DEV ONLY fallback)
|
|
45
|
+
* Trailing slash stripped. Pinning to a configured value (not the inbound
|
|
46
|
+
* Host header) is what prevents discovery-metadata spoofing behind a proxy.
|
|
47
|
+
*
|
|
48
|
+
* **Fails closed:** in a proxied/production-like deployment (`mustPinIssuer`)
|
|
49
|
+
* with no pinned value, throws `CanonicalUrlError` rather than trusting the
|
|
50
|
+
* (spoofable) forwarded Host. The dev fallback to request origin only applies
|
|
51
|
+
* locally, where there is no untrusted proxy in front.
|
|
52
|
+
*/
|
|
53
|
+
export declare function resolveCanonicalBaseUrl(workspaceConfig: WorkspaceConfigLike, req: FastifyRequest): string;
|
|
54
|
+
/** True if a stable canonical URL is configured (not relying on the dev fallback). */
|
|
55
|
+
export declare function hasCanonicalUrl(workspaceConfig: WorkspaceConfigLike): boolean;
|
|
56
|
+
/**
|
|
57
|
+
* Same-origin guard for post-login `returnTo` paths. Returns the path only if
|
|
58
|
+
* it is a safe root-relative path on this origin, else `/`.
|
|
59
|
+
*
|
|
60
|
+
* Must reject: absolute/protocol-relative URLs (`//evil`, `https://evil`) AND
|
|
61
|
+
* backslash variants (`/\evil`, `/\/evil`) — browsers normalize `\` to `/` in a
|
|
62
|
+
* `Location` header, so `/\evil.com` becomes `//evil.com` → an off-origin
|
|
63
|
+
* redirect. Also reject control characters.
|
|
64
|
+
*/
|
|
65
|
+
export declare function safeReturnTo(raw: string | undefined | null): string;
|
|
66
|
+
export declare function registerOAuthApiRoutes(fastify: FastifyInstance, authService: AuthService, workspaceConfig: WorkspaceConfigLike): Promise<void>;
|
|
67
|
+
export {};
|
|
@@ -0,0 +1,421 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OAuth 2.0 Authorization Server routes
|
|
3
|
+
*
|
|
4
|
+
* Makes Studiograph's `/mcp` server connectable by Claude Desktop's Chat/Cowork
|
|
5
|
+
* connector pipeline (OAuth-only). Implements the minimal authorization-server
|
|
6
|
+
* surface an MCP client drives:
|
|
7
|
+
*
|
|
8
|
+
* GET /.well-known/oauth-protected-resource[/mcp] — resource metadata
|
|
9
|
+
* GET /.well-known/oauth-authorization-server — AS metadata
|
|
10
|
+
* POST /oauth/register — Dynamic Client Registration
|
|
11
|
+
* GET /oauth/authorize — consent screen
|
|
12
|
+
* POST /oauth/authorize — consent submit → code
|
|
13
|
+
* POST /oauth/token — code + refresh grants
|
|
14
|
+
* POST /oauth/revoke — revoke a refresh token
|
|
15
|
+
*
|
|
16
|
+
* Security posture (see plan reflective-sprouting-turtle):
|
|
17
|
+
* - Issuer + endpoint URLs are PINNED to a configured canonical base URL,
|
|
18
|
+
* never the inbound Host header (metadata-spoofing defense).
|
|
19
|
+
* - DCR is unauthenticated (the client has no user yet) but rate-limited,
|
|
20
|
+
* and redirect URIs are validated (https-only, no fragments/wildcards).
|
|
21
|
+
* - PKCE S256 is mandatory; authorization codes are single-use, ≤60s.
|
|
22
|
+
* - The consent form carries an HMAC-signed blob of the authorize params
|
|
23
|
+
* (incl. `state` + the logged-in userId) so the POST can't be forged.
|
|
24
|
+
* - All values rendered into the consent HTML are escaped (DCR is attacker-
|
|
25
|
+
* controlled). Token responses are `Cache-Control: no-store`.
|
|
26
|
+
* - Access tokens are minted with `aud = <canonical>/mcp`; the global auth
|
|
27
|
+
* hook scopes them to `/mcp` + `/oauth/*`.
|
|
28
|
+
*/
|
|
29
|
+
import { OAuthServerStore, OAuthRegistrationError } from '../../services/oauth-server-store.js';
|
|
30
|
+
import { log } from '../../utils/log.js';
|
|
31
|
+
/** v1 ships a single full-access scope (granular scopes deferred — TODOS.md). */
|
|
32
|
+
const OAUTH_SCOPE = 'mcp:full';
|
|
33
|
+
const CONSENT_TTL_MS = 10 * 60 * 1000;
|
|
34
|
+
/** httpOnly cookie carrying the signed consent blob between authorize GET, the
|
|
35
|
+
* consent screen's context fetch, and the Allow POST. Never exposed to JS. */
|
|
36
|
+
const CONSENT_COOKIE = '__sg_oauth_consent';
|
|
37
|
+
/** Thrown when no canonical URL is pinned in a proxied/production-like deployment. */
|
|
38
|
+
export class CanonicalUrlError extends Error {
|
|
39
|
+
constructor() {
|
|
40
|
+
super('OAuth issuer URL is not configured (set STUDIOGRAPH_PUBLIC_URL / server_url)');
|
|
41
|
+
this.name = 'CanonicalUrlError';
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* True in a deployment where the server sits behind a proxy and the inbound
|
|
46
|
+
* Host header cannot be trusted. In these modes the issuer MUST be pinned to a
|
|
47
|
+
* configured value, or the OAuth-AS fails closed (no spoofable metadata).
|
|
48
|
+
*/
|
|
49
|
+
function mustPinIssuer() {
|
|
50
|
+
if (process.env.NODE_ENV === 'production')
|
|
51
|
+
return true;
|
|
52
|
+
if (process.env.RAILWAY_ENVIRONMENT)
|
|
53
|
+
return true;
|
|
54
|
+
const managed = (process.env.STUDIOGRAPH_MANAGED_AUTH || '').toLowerCase();
|
|
55
|
+
return managed === '1' || managed === 'true' || managed === 'yes';
|
|
56
|
+
}
|
|
57
|
+
/**
|
|
58
|
+
* Resolve the canonical public base URL for this tenant, in priority order:
|
|
59
|
+
* 1. STUDIOGRAPH_PUBLIC_URL env (explicit operator override)
|
|
60
|
+
* 2. workspace config `server_url`
|
|
61
|
+
* 3. RAILWAY_PUBLIC_DOMAIN env → https://<domain>
|
|
62
|
+
* 4. request origin (LOCAL DEV ONLY fallback)
|
|
63
|
+
* Trailing slash stripped. Pinning to a configured value (not the inbound
|
|
64
|
+
* Host header) is what prevents discovery-metadata spoofing behind a proxy.
|
|
65
|
+
*
|
|
66
|
+
* **Fails closed:** in a proxied/production-like deployment (`mustPinIssuer`)
|
|
67
|
+
* with no pinned value, throws `CanonicalUrlError` rather than trusting the
|
|
68
|
+
* (spoofable) forwarded Host. The dev fallback to request origin only applies
|
|
69
|
+
* locally, where there is no untrusted proxy in front.
|
|
70
|
+
*/
|
|
71
|
+
export function resolveCanonicalBaseUrl(workspaceConfig, req) {
|
|
72
|
+
const fromEnv = process.env.STUDIOGRAPH_PUBLIC_URL?.trim();
|
|
73
|
+
if (fromEnv)
|
|
74
|
+
return stripSlash(fromEnv);
|
|
75
|
+
const fromConfig = typeof workspaceConfig.server_url === 'string' ? workspaceConfig.server_url.trim() : '';
|
|
76
|
+
if (fromConfig)
|
|
77
|
+
return stripSlash(fromConfig);
|
|
78
|
+
const railway = process.env.RAILWAY_PUBLIC_DOMAIN?.trim();
|
|
79
|
+
if (railway)
|
|
80
|
+
return `https://${stripSlash(railway)}`;
|
|
81
|
+
// No pinned value. Behind a proxy this is unsafe (Host is attacker-influenced)
|
|
82
|
+
// — fail closed. Locally, fall back to the request origin.
|
|
83
|
+
if (mustPinIssuer())
|
|
84
|
+
throw new CanonicalUrlError();
|
|
85
|
+
const proto = req.headers['x-forwarded-proto'] || req.protocol || 'http';
|
|
86
|
+
const host = req.headers['x-forwarded-host'] || req.headers.host || req.hostname;
|
|
87
|
+
return stripSlash(`${proto}://${host}`);
|
|
88
|
+
}
|
|
89
|
+
/** True if a stable canonical URL is configured (not relying on the dev fallback). */
|
|
90
|
+
export function hasCanonicalUrl(workspaceConfig) {
|
|
91
|
+
return Boolean(process.env.STUDIOGRAPH_PUBLIC_URL?.trim() ||
|
|
92
|
+
(typeof workspaceConfig.server_url === 'string' && workspaceConfig.server_url.trim()) ||
|
|
93
|
+
process.env.RAILWAY_PUBLIC_DOMAIN?.trim());
|
|
94
|
+
}
|
|
95
|
+
function stripSlash(s) {
|
|
96
|
+
return s.replace(/\/+$/, '');
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Same-origin guard for post-login `returnTo` paths. Returns the path only if
|
|
100
|
+
* it is a safe root-relative path on this origin, else `/`.
|
|
101
|
+
*
|
|
102
|
+
* Must reject: absolute/protocol-relative URLs (`//evil`, `https://evil`) AND
|
|
103
|
+
* backslash variants (`/\evil`, `/\/evil`) — browsers normalize `\` to `/` in a
|
|
104
|
+
* `Location` header, so `/\evil.com` becomes `//evil.com` → an off-origin
|
|
105
|
+
* redirect. Also reject control characters.
|
|
106
|
+
*/
|
|
107
|
+
export function safeReturnTo(raw) {
|
|
108
|
+
if (!raw || typeof raw !== 'string')
|
|
109
|
+
return '/';
|
|
110
|
+
if (!raw.startsWith('/'))
|
|
111
|
+
return '/'; // must be root-relative
|
|
112
|
+
if (raw.startsWith('//'))
|
|
113
|
+
return '/'; // protocol-relative -> off-origin
|
|
114
|
+
if (raw.includes('\\'))
|
|
115
|
+
return '/'; // backslash -> browser-normalized off-origin
|
|
116
|
+
// eslint-disable-next-line no-control-regex
|
|
117
|
+
if (/[\x00-\x1f\x7f]/.test(raw))
|
|
118
|
+
return '/'; // control chars
|
|
119
|
+
return raw;
|
|
120
|
+
}
|
|
121
|
+
function redirectError(reply, redirectUri, error, state, description) {
|
|
122
|
+
const url = new URL(redirectUri);
|
|
123
|
+
url.searchParams.set('error', error);
|
|
124
|
+
if (description)
|
|
125
|
+
url.searchParams.set('error_description', description);
|
|
126
|
+
if (state)
|
|
127
|
+
url.searchParams.set('state', state);
|
|
128
|
+
reply.redirect(url.toString());
|
|
129
|
+
}
|
|
130
|
+
function noStore(reply) {
|
|
131
|
+
reply.header('Cache-Control', 'no-store');
|
|
132
|
+
reply.header('Pragma', 'no-cache');
|
|
133
|
+
}
|
|
134
|
+
export async function registerOAuthApiRoutes(fastify, authService, workspaceConfig) {
|
|
135
|
+
const store = authService.oauthServer;
|
|
136
|
+
const allowLoopback = process.env.NODE_ENV !== 'production';
|
|
137
|
+
// Boot-time check: managed tenants must have a pinned canonical URL, else
|
|
138
|
+
// discovery metadata would fall back to the spoofable request origin.
|
|
139
|
+
if (!hasCanonicalUrl(workspaceConfig)) {
|
|
140
|
+
const managed = (process.env.STUDIOGRAPH_MANAGED_AUTH || '').toLowerCase();
|
|
141
|
+
const isManaged = managed === '1' || managed === 'true' || managed === 'yes';
|
|
142
|
+
const msg = '[oauth-as] No canonical public URL configured (STUDIOGRAPH_PUBLIC_URL / server_url / RAILWAY_PUBLIC_DOMAIN). OAuth discovery metadata will use the request origin.';
|
|
143
|
+
if (isManaged)
|
|
144
|
+
log.warn(`${msg} This is unsafe on a managed/proxied tenant.`);
|
|
145
|
+
else
|
|
146
|
+
log.info(`${msg} OK for local dev.`);
|
|
147
|
+
}
|
|
148
|
+
const resourceUrl = (base) => `${base}/mcp`;
|
|
149
|
+
// Resolve the pinned canonical base URL, or fail closed: in a proxied/
|
|
150
|
+
// production-like deployment with no pinned URL we return null + send 503
|
|
151
|
+
// rather than emit spoofable metadata built from the inbound Host header.
|
|
152
|
+
const requireCanonical = (req, reply) => {
|
|
153
|
+
try {
|
|
154
|
+
return resolveCanonicalBaseUrl(workspaceConfig, req);
|
|
155
|
+
}
|
|
156
|
+
catch (err) {
|
|
157
|
+
if (err instanceof CanonicalUrlError) {
|
|
158
|
+
log.error('[oauth-as] refusing OAuth request: no canonical issuer URL configured');
|
|
159
|
+
reply.status(503).send({ error: 'server_error', error_description: 'issuer not configured' });
|
|
160
|
+
return null;
|
|
161
|
+
}
|
|
162
|
+
throw err;
|
|
163
|
+
}
|
|
164
|
+
};
|
|
165
|
+
// ── Discovery: protected-resource metadata (RFC 9728) ──
|
|
166
|
+
// Serve both the root and the `/mcp`-suffixed form — MCP clients differ on
|
|
167
|
+
// which they fetch (the SDK's helper suffixes the resource path).
|
|
168
|
+
const protectedResource = (req, reply) => {
|
|
169
|
+
const base = requireCanonical(req, reply);
|
|
170
|
+
if (!base)
|
|
171
|
+
return;
|
|
172
|
+
reply.send({
|
|
173
|
+
resource: resourceUrl(base),
|
|
174
|
+
authorization_servers: [base],
|
|
175
|
+
});
|
|
176
|
+
};
|
|
177
|
+
fastify.get('/.well-known/oauth-protected-resource', protectedResource);
|
|
178
|
+
fastify.get('/.well-known/oauth-protected-resource/mcp', protectedResource);
|
|
179
|
+
// ── Discovery: authorization-server metadata (RFC 8414) ──
|
|
180
|
+
fastify.get('/.well-known/oauth-authorization-server', (req, reply) => {
|
|
181
|
+
const base = requireCanonical(req, reply);
|
|
182
|
+
if (!base)
|
|
183
|
+
return;
|
|
184
|
+
reply.send({
|
|
185
|
+
issuer: base,
|
|
186
|
+
authorization_endpoint: `${base}/oauth/authorize`,
|
|
187
|
+
token_endpoint: `${base}/oauth/token`,
|
|
188
|
+
registration_endpoint: `${base}/oauth/register`,
|
|
189
|
+
revocation_endpoint: `${base}/oauth/revoke`,
|
|
190
|
+
response_types_supported: ['code'],
|
|
191
|
+
grant_types_supported: ['authorization_code', 'refresh_token'],
|
|
192
|
+
code_challenge_methods_supported: ['S256'],
|
|
193
|
+
token_endpoint_auth_methods_supported: ['none'],
|
|
194
|
+
scopes_supported: [OAUTH_SCOPE],
|
|
195
|
+
});
|
|
196
|
+
});
|
|
197
|
+
// ── Dynamic Client Registration (RFC 7591) ──
|
|
198
|
+
fastify.post('/oauth/register', { config: { rateLimit: { max: 10, timeWindow: '1 hour' } } }, (req, reply) => {
|
|
199
|
+
const body = (req.body ?? {});
|
|
200
|
+
try {
|
|
201
|
+
const client = store.registerClient({ client_name: body.client_name ?? '', redirect_uris: body.redirect_uris ?? [] }, { allowLoopback });
|
|
202
|
+
noStore(reply);
|
|
203
|
+
reply.status(201).send({
|
|
204
|
+
client_id: client.client_id,
|
|
205
|
+
client_name: client.client_name,
|
|
206
|
+
redirect_uris: client.redirect_uris,
|
|
207
|
+
token_endpoint_auth_method: 'none',
|
|
208
|
+
grant_types: ['authorization_code', 'refresh_token'],
|
|
209
|
+
response_types: ['code'],
|
|
210
|
+
});
|
|
211
|
+
}
|
|
212
|
+
catch (err) {
|
|
213
|
+
if (err instanceof OAuthRegistrationError) {
|
|
214
|
+
log.warn(`[oauth-as] registration rejected: ${err.code} ${err.message}`);
|
|
215
|
+
return reply.status(400).send({ error: err.code, error_description: err.message });
|
|
216
|
+
}
|
|
217
|
+
throw err;
|
|
218
|
+
}
|
|
219
|
+
});
|
|
220
|
+
// ── Authorization endpoint — consent screen (GET) ──
|
|
221
|
+
// The global auth hook resolves the logged-in user (cookie) BEFORE this runs,
|
|
222
|
+
// and bounces to /login?returnTo= when there's none. We re-assert that here
|
|
223
|
+
// as defense-in-depth.
|
|
224
|
+
fastify.get('/oauth/authorize', { config: { rateLimit: { max: 60, timeWindow: '1 minute' } } }, (req, reply) => {
|
|
225
|
+
const user = req.user;
|
|
226
|
+
const q = req.query;
|
|
227
|
+
const base = requireCanonical(req, reply);
|
|
228
|
+
if (!base)
|
|
229
|
+
return;
|
|
230
|
+
if (!user) {
|
|
231
|
+
const returnTo = `/oauth/authorize${req.raw.url?.includes('?') ? req.raw.url.slice(req.raw.url.indexOf('?')) : ''}`;
|
|
232
|
+
return reply.redirect(`/login?returnTo=${encodeURIComponent(safeReturnTo(returnTo))}`);
|
|
233
|
+
}
|
|
234
|
+
const clientId = q.client_id ?? '';
|
|
235
|
+
const redirectUri = q.redirect_uri ?? '';
|
|
236
|
+
const client = store.getClient(clientId);
|
|
237
|
+
// Client / redirect_uri problems must NOT redirect to the (untrusted)
|
|
238
|
+
// client redirect_uri (open-redirect risk, RFC 6749 §4.1.2.1). Bounce to
|
|
239
|
+
// our OWN branded consent page in its error state instead — same-origin,
|
|
240
|
+
// so no open-redirect concern.
|
|
241
|
+
if (!client || !redirectUri || !store.clientAllowsRedirect(clientId, redirectUri)) {
|
|
242
|
+
log.warn(`[oauth-as] authorize rejected: bad client_id/redirect_uri (client=${clientId})`);
|
|
243
|
+
return reply.redirect('/oauth/consent?error=invalid_request');
|
|
244
|
+
}
|
|
245
|
+
const state = q.state;
|
|
246
|
+
// From here, errors can be safely redirected back to the (validated) URI.
|
|
247
|
+
if (q.response_type !== 'code') {
|
|
248
|
+
return redirectError(reply, redirectUri, 'unsupported_response_type', state);
|
|
249
|
+
}
|
|
250
|
+
if (q.code_challenge_method && q.code_challenge_method !== 'S256') {
|
|
251
|
+
return redirectError(reply, redirectUri, 'invalid_request', state, 'code_challenge_method must be S256');
|
|
252
|
+
}
|
|
253
|
+
if (!q.code_challenge) {
|
|
254
|
+
return redirectError(reply, redirectUri, 'invalid_request', state, 'code_challenge (PKCE) required');
|
|
255
|
+
}
|
|
256
|
+
if (q.resource && q.resource !== resourceUrl(base)) {
|
|
257
|
+
return redirectError(reply, redirectUri, 'invalid_target', state, 'unknown resource');
|
|
258
|
+
}
|
|
259
|
+
// Bind the authorize params + the logged-in user into a signed blob the
|
|
260
|
+
// POST handler will verify. Includes `state` so it can't be substituted.
|
|
261
|
+
const consent = store.signConsent({
|
|
262
|
+
client_id: clientId,
|
|
263
|
+
redirect_uri: redirectUri,
|
|
264
|
+
code_challenge: q.code_challenge,
|
|
265
|
+
scope: OAUTH_SCOPE,
|
|
266
|
+
resource: resourceUrl(base),
|
|
267
|
+
userId: user.id,
|
|
268
|
+
state: state ?? '',
|
|
269
|
+
});
|
|
270
|
+
// Hand off to the branded SvelteKit consent screen. The signed blob rides
|
|
271
|
+
// in an httpOnly cookie (never the DOM): the consent page only fetches
|
|
272
|
+
// display fields from /api/oauth/consent-context, and the Allow POST reads
|
|
273
|
+
// the blob back from this cookie. Short TTL matches the signer's window.
|
|
274
|
+
reply.setCookie(CONSENT_COOKIE, consent, {
|
|
275
|
+
path: '/',
|
|
276
|
+
httpOnly: true,
|
|
277
|
+
sameSite: 'lax',
|
|
278
|
+
secure: req.headers['x-forwarded-proto'] === 'https',
|
|
279
|
+
maxAge: CONSENT_TTL_MS / 1000,
|
|
280
|
+
});
|
|
281
|
+
return reply.redirect('/oauth/consent');
|
|
282
|
+
});
|
|
283
|
+
// ── Consent display context (for the SvelteKit consent screen) ──
|
|
284
|
+
// Session-authed (global hook sets req.user). Returns ONLY display fields
|
|
285
|
+
// resolved from the httpOnly consent cookie — never the signed blob itself.
|
|
286
|
+
fastify.get('/api/oauth/consent-context', (req, reply) => {
|
|
287
|
+
noStore(reply);
|
|
288
|
+
const user = req.user;
|
|
289
|
+
if (!user)
|
|
290
|
+
return reply.status(401).send({ error: 'login_required' });
|
|
291
|
+
const raw = req.cookies?.[CONSENT_COOKIE];
|
|
292
|
+
const payload = raw ? store.verifyConsent(raw) : null;
|
|
293
|
+
if (!payload || payload.userId !== user.id) {
|
|
294
|
+
return reply.status(410).send({ error: 'consent_expired' });
|
|
295
|
+
}
|
|
296
|
+
const client = store.getClient(String(payload.client_id));
|
|
297
|
+
if (!client || !store.clientAllowsRedirect(client.client_id, String(payload.redirect_uri))) {
|
|
298
|
+
return reply.status(410).send({ error: 'invalid_client' });
|
|
299
|
+
}
|
|
300
|
+
let redirectHost = String(payload.redirect_uri);
|
|
301
|
+
try {
|
|
302
|
+
redirectHost = new URL(String(payload.redirect_uri)).host;
|
|
303
|
+
}
|
|
304
|
+
catch { /* keep raw */ }
|
|
305
|
+
return reply.send({
|
|
306
|
+
client_name: client.client_name,
|
|
307
|
+
redirect_host: redirectHost,
|
|
308
|
+
scope: String(payload.scope ?? OAUTH_SCOPE),
|
|
309
|
+
user_label: user.displayName || user.email,
|
|
310
|
+
});
|
|
311
|
+
});
|
|
312
|
+
// ── Authorization endpoint — consent submit (POST) ──
|
|
313
|
+
// The signed blob comes from the httpOnly consent cookie (set by the GET
|
|
314
|
+
// handler), NOT a form field — the browser only submits `decision`. A
|
|
315
|
+
// cross-site POST can't carry the Lax cookie, so this is CSRF-safe.
|
|
316
|
+
fastify.post('/oauth/authorize', { config: { rateLimit: { max: 60, timeWindow: '1 minute' } } }, (req, reply) => {
|
|
317
|
+
const user = req.user;
|
|
318
|
+
const body = (req.body ?? {});
|
|
319
|
+
if (!user)
|
|
320
|
+
return reply.status(401).send({ error: 'login_required' });
|
|
321
|
+
const rawConsent = req.cookies?.[CONSENT_COOKIE];
|
|
322
|
+
const payload = rawConsent ? store.verifyConsent(rawConsent) : null;
|
|
323
|
+
// Consume the cookie regardless of outcome (single-use).
|
|
324
|
+
reply.clearCookie(CONSENT_COOKIE, { path: '/' });
|
|
325
|
+
// Pre-consent failures bounce to the branded consent page's error state
|
|
326
|
+
// (same-origin redirect — see the GET handler).
|
|
327
|
+
if (!payload) {
|
|
328
|
+
return reply.redirect('/oauth/consent?error=expired');
|
|
329
|
+
}
|
|
330
|
+
// The signed blob must belong to THIS logged-in user.
|
|
331
|
+
if (payload.userId !== user.id) {
|
|
332
|
+
log.warn('[oauth-as] consent userId mismatch — rejecting');
|
|
333
|
+
return reply.redirect('/oauth/consent?error=expired');
|
|
334
|
+
}
|
|
335
|
+
const clientId = String(payload.client_id);
|
|
336
|
+
const redirectUri = String(payload.redirect_uri);
|
|
337
|
+
const state = String(payload.state ?? '');
|
|
338
|
+
// Re-check the client + redirect_uri still valid (could have changed/been
|
|
339
|
+
// deleted between the GET render and this POST).
|
|
340
|
+
if (!store.clientAllowsRedirect(clientId, redirectUri)) {
|
|
341
|
+
return reply.redirect('/oauth/consent?error=invalid_request');
|
|
342
|
+
}
|
|
343
|
+
if (body.decision !== 'allow') {
|
|
344
|
+
return redirectError(reply, redirectUri, 'access_denied', state || undefined);
|
|
345
|
+
}
|
|
346
|
+
const code = store.saveCode({
|
|
347
|
+
client_id: clientId,
|
|
348
|
+
user_id: user.id,
|
|
349
|
+
redirect_uri: redirectUri,
|
|
350
|
+
code_challenge: String(payload.code_challenge),
|
|
351
|
+
scope: String(payload.scope ?? OAUTH_SCOPE),
|
|
352
|
+
resource: String(payload.resource),
|
|
353
|
+
});
|
|
354
|
+
const url = new URL(redirectUri);
|
|
355
|
+
url.searchParams.set('code', code);
|
|
356
|
+
if (state)
|
|
357
|
+
url.searchParams.set('state', state);
|
|
358
|
+
reply.redirect(url.toString());
|
|
359
|
+
});
|
|
360
|
+
// ── Token endpoint ──
|
|
361
|
+
fastify.post('/oauth/token', { config: { rateLimit: { max: 30, timeWindow: '1 minute' } } }, (req, reply) => {
|
|
362
|
+
noStore(reply);
|
|
363
|
+
const body = (req.body ?? {});
|
|
364
|
+
const base = requireCanonical(req, reply);
|
|
365
|
+
if (!base)
|
|
366
|
+
return;
|
|
367
|
+
// Opportunistic GC on this low-frequency endpoint (never per-request).
|
|
368
|
+
store.gcStale();
|
|
369
|
+
const grant = body.grant_type;
|
|
370
|
+
if (grant === 'authorization_code') {
|
|
371
|
+
const { code, code_verifier, redirect_uri, client_id } = body;
|
|
372
|
+
if (!code || !code_verifier || !redirect_uri || !client_id) {
|
|
373
|
+
return reply.status(400).send({ error: 'invalid_request' });
|
|
374
|
+
}
|
|
375
|
+
const consumed = store.consumeCode(code);
|
|
376
|
+
if (!consumed)
|
|
377
|
+
return reply.status(400).send({ error: 'invalid_grant' });
|
|
378
|
+
if (consumed.client_id !== client_id || consumed.redirect_uri !== redirect_uri) {
|
|
379
|
+
return reply.status(400).send({ error: 'invalid_grant' });
|
|
380
|
+
}
|
|
381
|
+
if (!OAuthServerStore.verifyPkce(consumed.code_challenge, code_verifier)) {
|
|
382
|
+
return reply.status(400).send({ error: 'invalid_grant', error_description: 'PKCE verification failed' });
|
|
383
|
+
}
|
|
384
|
+
const user = authService.findUserById(consumed.user_id);
|
|
385
|
+
if (!user)
|
|
386
|
+
return reply.status(400).send({ error: 'invalid_grant' });
|
|
387
|
+
const tokens = store.issueTokens(user, consumed.client_id, consumed.scope, consumed.resource);
|
|
388
|
+
return reply.send(tokens);
|
|
389
|
+
}
|
|
390
|
+
if (grant === 'refresh_token') {
|
|
391
|
+
const { refresh_token, client_id } = body;
|
|
392
|
+
// Public clients MUST identify themselves (RFC 6749 §3.2.1). Require
|
|
393
|
+
// client_id and validate it BEFORE the token is consumed, so a stolen
|
|
394
|
+
// refresh token presented with the wrong client_id can't grief the
|
|
395
|
+
// victim's grant into invalidation (rotation deletes the old token).
|
|
396
|
+
if (!refresh_token || !client_id)
|
|
397
|
+
return reply.status(400).send({ error: 'invalid_request' });
|
|
398
|
+
const rotated = store.rotateRefreshToken(refresh_token, client_id);
|
|
399
|
+
if (!rotated)
|
|
400
|
+
return reply.status(400).send({ error: 'invalid_grant' });
|
|
401
|
+
const access_token = store.createAccessToken(rotated.user, rotated.clientId, resourceUrl(base));
|
|
402
|
+
return reply.send({
|
|
403
|
+
access_token,
|
|
404
|
+
refresh_token: rotated.refreshToken,
|
|
405
|
+
token_type: 'Bearer',
|
|
406
|
+
expires_in: 3600,
|
|
407
|
+
scope: rotated.scope,
|
|
408
|
+
});
|
|
409
|
+
}
|
|
410
|
+
return reply.status(400).send({ error: 'unsupported_grant_type' });
|
|
411
|
+
});
|
|
412
|
+
// ── Revocation (RFC 7009) — always 200, no token-scanning oracle ──
|
|
413
|
+
fastify.post('/oauth/revoke', { config: { rateLimit: { max: 30, timeWindow: '1 minute' } } }, (req, reply) => {
|
|
414
|
+
noStore(reply);
|
|
415
|
+
const body = (req.body ?? {});
|
|
416
|
+
if (body.token)
|
|
417
|
+
store.revokeRefreshToken(body.token);
|
|
418
|
+
reply.status(200).send({});
|
|
419
|
+
});
|
|
420
|
+
}
|
|
421
|
+
//# sourceMappingURL=oauth-api.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-api.js","sourceRoot":"","sources":["../../../src/server/routes/oauth-api.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAIH,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAEzC,iFAAiF;AACjF,MAAM,WAAW,GAAG,UAAU,CAAC;AAC/B,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACtC;+EAC+E;AAC/E,MAAM,cAAc,GAAG,oBAAoB,CAAC;AAO5C,sFAAsF;AACtF,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IAC1C;QACE,KAAK,CAAC,8EAA8E,CAAC,CAAC;QACtF,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED;;;;GAIG;AACH,SAAS,aAAa;IACpB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QAAE,OAAO,IAAI,CAAC;IACvD,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAAE,OAAO,IAAI,CAAC;IACjD,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAC3E,OAAO,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,KAAK,CAAC;AACpE,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,uBAAuB,CAAC,eAAoC,EAAE,GAAmB;IAC/F,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,IAAI,EAAE,CAAC;IAC3D,IAAI,OAAO;QAAE,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,OAAO,eAAe,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3G,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC;IAE9C,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,IAAI,EAAE,CAAC;IAC1D,IAAI,OAAO;QAAE,OAAO,WAAW,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IAErD,+EAA+E;IAC/E,2DAA2D;IAC3D,IAAI,aAAa,EAAE;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IACnD,MAAM,KAAK,GAAI,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAY,IAAI,GAAG,CAAC,QAAQ,IAAI,MAAM,CAAC;IACrF,MAAM,IAAI,GAAI,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAY,IAAK,GAAG,CAAC,OAAO,CAAC,IAAe,IAAI,GAAG,CAAC,QAAQ,CAAC;IACzG,OAAO,UAAU,CAAC,GAAG,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC;AAC1C,CAAC;AAED,sFAAsF;AACtF,MAAM,UAAU,eAAe,CAAC,eAAoC;IAClE,OAAO,OAAO,CACZ,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,IAAI,EAAE;QAC1C,CAAC,OAAO,eAAe,CAAC,UAAU,KAAK,QAAQ,IAAI,eAAe,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrF,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,IAAI,EAAE,CAC1C,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,GAA8B;IACzD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAChD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,CAAK,wBAAwB;IAClE,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,GAAG,CAAC,CAAK,kCAAkC;IAC5E,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,GAAG,CAAC,CAAO,6CAA6C;IACvF,4CAA4C;IAC5C,IAAI,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,CAAC,gBAAgB;IAC7D,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,KAAmB,EAAE,WAAmB,EAAE,KAAa,EAAE,KAAyB,EAAE,WAAoB;IAC7H,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IACjC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,IAAI,WAAW;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,WAAW,CAAC,CAAC;IACxE,IAAI,KAAK;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAChD,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;AACjC,CAAC;AAED,SAAS,OAAO,CAAC,KAAmB;IAClC,KAAK,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IAC1C,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAwB,EACxB,WAAwB,EACxB,eAAoC;IAEpC,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC;IACtC,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAE5D,0EAA0E;IAC1E,sEAAsE;IACtE,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,EAAE,CAAC;QACtC,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3E,MAAM,SAAS,GAAG,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,MAAM,IAAI,OAAO,KAAK,KAAK,CAAC;QAC7E,MAAM,GAAG,GAAG,oKAAoK,CAAC;QACjL,IAAI,SAAS;YAAE,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,8CAA8C,CAAC,CAAC;;YACzE,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,oBAAoB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,WAAW,GAAG,CAAC,IAAY,EAAE,EAAE,CAAC,GAAG,IAAI,MAAM,CAAC;IACpD,uEAAuE;IACvE,0EAA0E;IAC1E,0EAA0E;IAC1E,MAAM,gBAAgB,GAAG,CAAC,GAAmB,EAAE,KAAmB,EAAiB,EAAE;QACnF,IAAI,CAAC;YACH,OAAO,uBAAuB,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBACrC,GAAG,CAAC,KAAK,CAAC,uEAAuE,CAAC,CAAC;gBACnF,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,CAAC,CAAC;gBAC9F,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;IAEF,0DAA0D;IAC1D,2EAA2E;IAC3E,kEAAkE;IAClE,MAAM,iBAAiB,GAAG,CAAC,GAAmB,EAAE,KAAmB,EAAE,EAAE;QACrE,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,WAAW,CAAC,IAAI,CAAC;YAC3B,qBAAqB,EAAE,CAAC,IAAI,CAAC;SAC9B,CAAC,CAAC;IACL,CAAC,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,uCAAuC,EAAE,iBAAiB,CAAC,CAAC;IACxE,OAAO,CAAC,GAAG,CAAC,2CAA2C,EAAE,iBAAiB,CAAC,CAAC;IAE5E,4DAA4D;IAC5D,OAAO,CAAC,GAAG,CAAC,yCAAyC,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACpE,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,KAAK,CAAC,IAAI,CAAC;YACT,MAAM,EAAE,IAAI;YACZ,sBAAsB,EAAE,GAAG,IAAI,kBAAkB;YACjD,cAAc,EAAE,GAAG,IAAI,cAAc;YACrC,qBAAqB,EAAE,GAAG,IAAI,iBAAiB;YAC/C,mBAAmB,EAAE,GAAG,IAAI,eAAe;YAC3C,wBAAwB,EAAE,CAAC,MAAM,CAAC;YAClC,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YAC9D,gCAAgC,EAAE,CAAC,MAAM,CAAC;YAC1C,qCAAqC,EAAE,CAAC,MAAM,CAAC;YAC/C,gBAAgB,EAAE,CAAC,WAAW,CAAC;SAChC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,+CAA+C;IAC/C,OAAO,CAAC,IAAI,CACV,iBAAiB,EACjB,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,EAAE,EAAE,EAC5D,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACb,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAuD,CAAC;QACpF,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,KAAK,CAAC,cAAc,CACjC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,EAAE,EAAE,EAChF,EAAE,aAAa,EAAE,CAClB,CAAC;YACF,OAAO,CAAC,KAAK,CAAC,CAAC;YACf,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACrB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,0BAA0B,EAAE,MAAM;gBAClC,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;gBACpD,cAAc,EAAE,CAAC,MAAM,CAAC;aACzB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,sBAAsB,EAAE,CAAC;gBAC1C,GAAG,CAAC,IAAI,CAAC,qCAAqC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBACzE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,IAAI,EAAE,iBAAiB,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACrF,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CACF,CAAC;IAEF,sDAAsD;IACtD,8EAA8E;IAC9E,4EAA4E;IAC5E,uBAAuB;IACvB,OAAO,CAAC,GAAG,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QAC7G,MAAM,IAAI,GAAI,GAAW,CAAC,IAA4B,CAAC;QACvD,MAAM,CAAC,GAAG,GAAG,CAAC,KAA2C,CAAC;QAC1D,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI;YAAE,OAAO;QAElB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,QAAQ,GAAG,mBAAmB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;YACpH,OAAO,KAAK,CAAC,QAAQ,CAAC,mBAAmB,kBAAkB,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,QAAQ,GAAG,CAAC,CAAC,SAAS,IAAI,EAAE,CAAC;QACnC,MAAM,WAAW,GAAG,CAAC,CAAC,YAAY,IAAI,EAAE,CAAC;QACzC,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEzC,sEAAsE;QACtE,yEAAyE;QACzE,yEAAyE;QACzE,+BAA+B;QAC/B,IAAI,CAAC,MAAM,IAAI,CAAC,WAAW,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;YAClF,GAAG,CAAC,IAAI,CAAC,qEAAqE,QAAQ,GAAG,CAAC,CAAC;YAC3F,OAAO,KAAK,CAAC,QAAQ,CAAC,sCAAsC,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;QACtB,0EAA0E;QAC1E,IAAI,CAAC,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YAC/B,OAAO,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,2BAA2B,EAAE,KAAK,CAAC,CAAC;QAC/E,CAAC;QACD,IAAI,CAAC,CAAC,qBAAqB,IAAI,CAAC,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YAClE,OAAO,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,KAAK,EAAE,oCAAoC,CAAC,CAAC;QAC3G,CAAC;QACD,IAAI,CAAC,CAAC,CAAC,cAAc,EAAE,CAAC;YACtB,OAAO,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,KAAK,EAAE,gCAAgC,CAAC,CAAC;QACvG,CAAC;QACD,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,OAAO,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,KAAK,EAAE,kBAAkB,CAAC,CAAC;QACxF,CAAC;QAED,wEAAwE;QACxE,yEAAyE;QACzE,MAAM,OAAO,GAAG,KAAK,CAAC,WAAW,CAAC;YAChC,SAAS,EAAE,QAAQ;YACnB,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,CAAC,CAAC,cAAc;YAChC,KAAK,EAAE,WAAW;YAClB,QAAQ,EAAE,WAAW,CAAC,IAAI,CAAC;YAC3B,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,KAAK,EAAE,KAAK,IAAI,EAAE;SACnB,CAAC,CAAC;QAEH,0EAA0E;QAC1E,uEAAuE;QACvE,2EAA2E;QAC3E,yEAAyE;QACzE,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,OAAO,EAAE;YACvC,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,KAAK,OAAO;YACpD,MAAM,EAAE,cAAc,GAAG,IAAI;SAC9B,CAAC,CAAC;QACH,OAAO,KAAK,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,mEAAmE;IACnE,0EAA0E;IAC1E,4EAA4E;IAC5E,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QACvD,OAAO,CAAC,KAAK,CAAC,CAAC;QACf,MAAM,IAAI,GAAI,GAAW,CAAC,IAA4B,CAAC;QACvD,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACtE,MAAM,GAAG,GAAI,GAAG,CAAC,OAA8C,EAAE,CAAC,cAAc,CAAC,CAAC;QAClF,MAAM,OAAO,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACtD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;YAC3C,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1D,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;YAC3F,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAChD,IAAI,CAAC;YAAC,YAAY,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;QAC3F,OAAO,KAAK,CAAC,IAAI,CAAC;YAChB,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,WAAW,CAAC;YAC3C,UAAU,EAAE,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK;SAC3C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,uDAAuD;IACvD,yEAAyE;IACzE,sEAAsE;IACtE,oEAAoE;IACpE,OAAO,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QAC9G,MAAM,IAAI,GAAI,GAAW,CAAC,IAA4B,CAAC;QACvD,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAA0B,CAAC;QACvD,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAEtE,MAAM,UAAU,GAAI,GAAG,CAAC,OAA8C,EAAE,CAAC,cAAc,CAAC,CAAC;QACzF,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACpE,yDAAyD;QACzD,KAAK,CAAC,WAAW,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACjD,wEAAwE;QACxE,gDAAgD;QAChD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAC;QACxD,CAAC;QACD,sDAAsD;QACtD,IAAI,OAAO,CAAC,MAAM,KAAK,IAAI,CAAC,EAAE,EAAE,CAAC;YAC/B,GAAG,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAC3D,OAAO,KAAK,CAAC,QAAQ,CAAC,8BAA8B,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;QAE1C,0EAA0E;QAC1E,iDAAiD;QACjD,IAAI,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC,QAAQ,CAAC,sCAAsC,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,IAAI,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YAC9B,OAAO,aAAa,CAAC,KAAK,EAAE,WAAW,EAAE,eAAe,EAAE,KAAK,IAAI,SAAS,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,QAAQ,CAAC;YAC1B,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE,IAAI,CAAC,EAAE;YAChB,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC;YAC9C,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,WAAW,CAAC;YAC3C,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC;SACnC,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACjC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACnC,IAAI,KAAK;YAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAChD,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,uBAAuB;IACvB,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QAC1G,OAAO,CAAC,KAAK,CAAC,CAAC;QACf,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAuC,CAAC;QACpE,MAAM,IAAI,GAAG,gBAAgB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,uEAAuE;QACvE,KAAK,CAAC,OAAO,EAAE,CAAC;QAEhB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC;QAC9B,IAAI,KAAK,KAAK,oBAAoB,EAAE,CAAC;YACnC,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;YAC9D,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC3D,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ;gBAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;YACzE,IAAI,QAAQ,CAAC,SAAS,KAAK,SAAS,IAAI,QAAQ,CAAC,YAAY,KAAK,YAAY,EAAE,CAAC;gBAC/E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;YAC5D,CAAC;YACD,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,EAAE,aAAa,CAAC,EAAE,CAAC;gBACzE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC3G,CAAC;YACD,MAAM,IAAI,GAAG,WAAW,CAAC,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACxD,IAAI,CAAC,IAAI;gBAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;YACrE,MAAM,MAAM,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,EAAE,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC9F,OAAO,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QAED,IAAI,KAAK,KAAK,eAAe,EAAE,CAAC;YAC9B,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;YAC1C,qEAAqE;YACrE,sEAAsE;YACtE,mEAAmE;YACnE,qEAAqE;YACrE,IAAI,CAAC,aAAa,IAAI,CAAC,SAAS;gBAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YAC9F,MAAM,OAAO,GAAG,KAAK,CAAC,kBAAkB,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;YACnE,IAAI,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC,CAAC;YACxE,MAAM,YAAY,GAAG,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;YAChG,OAAO,KAAK,CAAC,IAAI,CAAC;gBAChB,YAAY;gBACZ,aAAa,EAAE,OAAO,CAAC,YAAY;gBACnC,UAAU,EAAE,QAAQ;gBACpB,UAAU,EAAE,IAAI;gBAChB,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB,CAAC,CAAC;QACL,CAAC;QAED,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,qEAAqE;IACrE,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,UAAU,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;QAC3G,OAAO,CAAC,KAAK,CAAC,CAAC;QACf,MAAM,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAuB,CAAC;QACpD,IAAI,IAAI,CAAC,KAAK;YAAE,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrD,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -1,8 +1,15 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Permissions API routes
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
4
|
+
* Per-folder membership management. Only folder admins (member with
|
|
5
|
+
* role='admin') can grant/revoke access to their folder; workspace
|
|
6
|
+
* ownership alone does NOT confer folder-admin rights, so owners can't
|
|
7
|
+
* push users into private folders they aren't members of. The list of
|
|
8
|
+
* folders returned by GET /api/permissions/folders is scoped by
|
|
9
|
+
* `isFolderAdminOrOwner` so workspace owners see shared folders they
|
|
10
|
+
* can oversee, but solo/private folders of other users stay hidden
|
|
11
|
+
* (matching the AGENTS.md rule that privacy holds even against the
|
|
12
|
+
* workspace owner).
|
|
6
13
|
*/
|
|
7
14
|
import type { FastifyInstance } from 'fastify';
|
|
8
15
|
import { AuthService } from '../../services/auth-service.js';
|