veryfront 0.1.131 → 0.1.132

package/esm/_dnt.polyfills.d.ts

@@ -159,6 +159,17 @@ declare global {
     }
 }
 export {};
+declare global {
+    interface Object {
+        /**
+         * Determines whether an object has a property with the specified name.
+         * @param o An object.
+         * @param v A property name.
+         */
+        hasOwn(o: object, v: PropertyKey): boolean;
+    }
+}
+export {};
 declare global {
     interface PromiseConstructor {
         /**

package/esm/_dnt.polyfills.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"_dnt.polyfills.d.ts","sourceRoot":"","sources":["../src/_dnt.polyfills.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,KAAK;QACb,KAAK,CAAC,EAAE,OAAO,CAAC;KACjB;CACF;AAED,OAAO,EAAE,CAAC;AACV;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,OAAO,EAAgC,KAAK,GAAG,EAAE,MAAM,UAAU,CAAC;AAGlE,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,UAAU;QAClB;;;;;;;;;;;;;;WAcG;QACH,GAAG,EAAE,MAAM,CAAC;QACZ;;;;;;;;;;;;WAYG;QACH,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,MAAM,CAAC;QACtE;;;;;;;;WAQG;QACH,IAAI,EAAE,OAAO,CAAC;QAEd;;;;;;;;;;;;WAYG;QACH,QAAQ,EAAE,MAAM,CAAC;QAEjB;;;;;;;;;;;;WAYG;QACH,OAAO,EAAE,MAAM,CAAC;KACjB;CACF;AAED,KAAK,WAAW,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACpD,KAAK,UAAU,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;AACnD,UAAU,0BAA0B;IAClC,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,GAAG,UAAU,CAAC;CACxD;AACD,UAAU,0BAA0B;IAClC,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,CAAC;CACtC;AACD,UAAU,kBACR,SAAQ,0BAA0B,EAAE,0BAA0B;CAC/D;AAiBD,eAAO,IAAI,6BAA6B,EA2BnC,0BAA0B,CAAC;AAMhC,eAAO,IAAI,6BAA6B,EA4DnC,0BAA0B,CAAC;AAMhC,eAAO,IAAI,oBAAoB,EAoB1B,kBAAkB,CAAC;AAExB,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,gBAAgB;QACxB,SAAS,CAAC,CAAC,EACP,mBAAmB,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,GAC7F,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;QAEhB,SAAS,CAAC,CAAC,EAAE,CAAC,EACV,mBAAmB,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,EAClE,KAAK,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,EAC/B,OAAO,CAAC,EAAE,GAAG,GACd,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;KAC1B;CACF;AAoID,OAAO,EAAE,CAAC;AACV,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,KAAK,CAAC,CAAC;QACf;;;;;;;;WAQG;QACH,QAAQ,CAAC,CAAC,SAAS,CAAC,EAClB,SAAS,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC,EACxE,OAAO,CAAC,EAAE,GAAG,GACZ,CAAC,GAAG,SAAS,CAAC;QACjB,QAAQ,CACN,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,OAAO,EACzD,OAAO,CAAC,EAAE,GAAG,GACZ,CAAC,GAAG,SAAS,CAAC;QAEjB;;;;;;;;WAQG;QACH,aAAa,CACX,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,OAAO,EACzD,OAAO,CAAC,EAAE,GAAG,GACZ,MAAM,CAAC;KACX;IACD,UAAU,UAAU;QAClB;;;;;;;;WAQG;QACH,QAAQ,CAAC,CAAC,SAAS,MAAM,EACvB,SAAS,EAAE,CACP,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,UAAU,KAChB,KAAK,IAAI,CAAC,EACf,OAAO,CAAC,EAAE,GAAG,GACZ,CAAC,GAAG,SAAS,CAAC;QACjB,QAAQ,CACJ,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,KAAK,OAAO,EACvE,OAAO,CAAC,EAAE,GAAG,GACd,MAAM,GAAG,SAAS,CAAC;QAEtB;;;;;;;;WAQG;QACH,aAAa,CACT,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,KAAK,OAAO,EACvE,OAAO,CAAC,EAAE,GAAG,GACd,MAAM,CAAC;KACX;CACF;AA4CD,OAAO,EAAE,CAAC;AACV,OAAO,CAAC,MAAM,CAAC;IAEb,UAAU,kBAAkB;QAC1B;;;WAGG;QACH,aAAa,CAAC,CAAC,KAAK;YAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;YAAC,OAAO,EAAE,CAAC,KAAK,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;YAAC,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,IAAI,CAAA;SAAE,CAAC;KAC3H;CACF"}
+{"version":3,"file":"_dnt.polyfills.d.ts","sourceRoot":"","sources":["../src/_dnt.polyfills.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,KAAK;QACb,KAAK,CAAC,EAAE,OAAO,CAAC;KACjB;CACF;AAED,OAAO,EAAE,CAAC;AACV;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,OAAO,EAAgC,KAAK,GAAG,EAAE,MAAM,UAAU,CAAC;AAGlE,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,UAAU;QAClB;;;;;;;;;;;;;;WAcG;QACH,GAAG,EAAE,MAAM,CAAC;QACZ;;;;;;;;;;;;WAYG;QACH,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,MAAM,CAAC;QACtE;;;;;;;;WAQG;QACH,IAAI,EAAE,OAAO,CAAC;QAEd;;;;;;;;;;;;WAYG;QACH,QAAQ,EAAE,MAAM,CAAC;QAEjB;;;;;;;;;;;;WAYG;QACH,OAAO,EAAE,MAAM,CAAC;KACjB;CACF;AAED,KAAK,WAAW,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACpD,KAAK,UAAU,GAAG,WAAW,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;AACnD,UAAU,0BAA0B;IAClC,CAAC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,UAAU,GAAG,UAAU,CAAC;CACxD;AACD,UAAU,0BAA0B;IAClC,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,CAAC;CACtC;AACD,UAAU,kBACR,SAAQ,0BAA0B,EAAE,0BAA0B;CAC/D;AAiBD,eAAO,IAAI,6BAA6B,EA2BnC,0BAA0B,CAAC;AAMhC,eAAO,IAAI,6BAA6B,EA4DnC,0BAA0B,CAAC;AAMhC,eAAO,IAAI,oBAAoB,EAoB1B,kBAAkB,CAAC;AAExB,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,gBAAgB;QACxB,SAAS,CAAC,CAAC,EACP,mBAAmB,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,GAC7F,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;QAEhB,SAAS,CAAC,CAAC,EAAE,CAAC,EACV,mBAAmB,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,EAClE,KAAK,EAAE,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,EAC/B,OAAO,CAAC,EAAE,GAAG,GACd,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;KAC1B;CACF;AAoID,OAAO,EAAE,CAAC;AACV,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,KAAK,CAAC,CAAC;QACf;;;;;;;;WAQG;QACH,QAAQ,CAAC,CAAC,SAAS,CAAC,EAClB,SAAS,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,KAAK,IAAI,CAAC,EACxE,OAAO,CAAC,EAAE,GAAG,GACZ,CAAC,GAAG,SAAS,CAAC;QACjB,QAAQ,CACN,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,OAAO,EACzD,OAAO,CAAC,EAAE,GAAG,GACZ,CAAC,GAAG,SAAS,CAAC;QAEjB;;;;;;;;WAQG;QACH,aAAa,CACX,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,KAAK,OAAO,EACzD,OAAO,CAAC,EAAE,GAAG,GACZ,MAAM,CAAC;KACX;IACD,UAAU,UAAU;QAClB;;;;;;;;WAQG;QACH,QAAQ,CAAC,CAAC,SAAS,MAAM,EACvB,SAAS,EAAE,CACP,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,UAAU,KAChB,KAAK,IAAI,CAAC,EACf,OAAO,CAAC,EAAE,GAAG,GACZ,CAAC,GAAG,SAAS,CAAC;QACjB,QAAQ,CACJ,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,KAAK,OAAO,EACvE,OAAO,CAAC,EAAE,GAAG,GACd,MAAM,GAAG,SAAS,CAAC;QAEtB;;;;;;;;WAQG;QACH,aAAa,CACT,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,KAAK,OAAO,EACvE,OAAO,CAAC,EAAE,GAAG,GACd,MAAM,CAAC;KACX;CACF;AA4CD,OAAO,EAAE,CAAC;AAgBV,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd;;;;WAIG;QACH,MAAM,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC;KAC5C;CACF;AAED,OAAO,EAAE,CAAC;AACV,OAAO,CAAC,MAAM,CAAC;IAEb,UAAU,kBAAkB;QAC1B;;;WAGG;QACH,aAAa,CAAC,CAAC,KAAK;YAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;YAAC,OAAO,EAAE,CAAC,KAAK,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;YAAC,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,IAAI,CAAA;SAAE,CAAC;KAC3H;CACF"}

package/esm/_dnt.polyfills.js

@@ -270,6 +270,20 @@ if (!Uint8Array.prototype.findLast) {
         return findLast(this, callbackfn, that);
     };
 }
+// https://github.com/tc39/proposal-accessible-object-hasownproperty/blob/main/polyfill.js
+if (!Object.hasOwn) {
+    Object.defineProperty(Object, "hasOwn", {
+        value: function (object, property) {
+            if (object == null) {
+                throw new TypeError("Cannot convert undefined or null to object");
+            }
+            return Object.prototype.hasOwnProperty.call(Object(object), property);
+        },
+        configurable: true,
+        enumerable: false,
+        writable: true,
+    });
+}
 // https://github.com/tc39/proposal-promise-with-resolvers/blob/3a78801e073e99217dbeb2c43ba7212f3bdc8b83/polyfills.js#L1C1-L9C2
 if (Promise.withResolvers === undefined) {
     Promise.withResolvers = () => {

package/esm/deno.js

@@ -1,6 +1,6 @@
 export default {
     "name": "veryfront",
-    "version": "0.1.131",
+    "version": "0.1.132",
     "license": "Apache-2.0",
     "nodeModulesDir": "auto",
     "exclude": [

package/esm/src/agent/runtime/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/runtime/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,KAAK,WAAW,EAEhB,KAAK,aAAa,EAGlB,KAAK,OAAO,EAEZ,KAAK,QAAQ,EACd,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAgB/D,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAC1E,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAClG,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAmDxB;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,GAAG,SAAS,CA6BxE;AAED,gEAAgE;AAChE,KAAK,iBAAiB,GAClB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GACjB;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtC;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EAAE,GAAG,SAAS,EACvC,kBAAkB,EAAE,OAAO,GAC1B,iBAAiB,CAiBnB;AAcD,qBAAa,YAAY;IACvB,OAAO,CAAC,EAAE,CAAS;IACnB,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,MAAM,CAAuB;gBAEzB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;IAS3C;;OAEG;IACG,QAAQ,CACZ,KAAK,EAAE,MAAM,GAAG,OAAO,EAAE,EACzB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,aAAa,CAAC,EAAE,MAAM,EACtB,uBAAuB,CAAC,EAAE,MAAM,GAC/B,OAAO,CAAC,aAAa,CAAC;IA2CzB;;;OAGG;IACG,MAAM,CACV,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,SAAS,CAAC,EAAE;QACV,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,KAAK,IAAI,CAAC;QAC1C,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;QAClC,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;KAC9C,EACD,aAAa,CAAC,EAAE,MAAM,EACtB,uBAAuB,CAAC,EAAE,MAAM,EAChC,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAsHtC;;OAEG;YACW,gBAAgB;IAoO9B;;;;OAIG;YACW,yBAAyB;IA2OvC;;OAEG;YACW,eAAe;IAqC7B;;OAEG;YACW,mBAAmB;IAOjC;;OAEG;IACH,OAAO,CAAC,eAAe;IAKvB,OAAO,CAAC,sBAAsB;IAY9B;;OAEG;IACH,SAAS,IAAI,MAAM,CAAC,OAAO,CAAC;IAI5B;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAC9B,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;QACxB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAIF;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;CAGnC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/runtime/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,KAAK,WAAW,EAEhB,KAAK,aAAa,EAGlB,KAAK,OAAO,EAEZ,KAAK,QAAQ,EACd,MAAM,aAAa,CAAC;AAIrB,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAgB/D,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC5E,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,aAAa,GACd,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAChF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAC1E,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAClG,OAAO,EACL,iBAAiB,EACjB,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,gBAAgB,CAAC;AAuDxB;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,OAAO,GAAG,MAAM,EAAE,GAAG,SAAS,CA6BxE;AAED,gEAAgE;AAChE,KAAK,iBAAiB,GAClB;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GACjB;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtC;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,EAAE,GAAG,SAAS,EACvC,kBAAkB,EAAE,OAAO,GAC1B,iBAAiB,CAiBnB;AA0BD,qBAAa,YAAY;IACvB,OAAO,CAAC,EAAE,CAAS;IACnB,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,MAAM,CAAkB;IAChC,OAAO,CAAC,MAAM,CAAuB;gBAEzB,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW;IAS3C;;OAEG;IACG,QAAQ,CACZ,KAAK,EAAE,MAAM,GAAG,OAAO,EAAE,EACzB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,aAAa,CAAC,EAAE,MAAM,EACtB,uBAAuB,CAAC,EAAE,MAAM,GAC/B,OAAO,CAAC,aAAa,CAAC;IA2CzB;;;OAGG;IACG,MAAM,CACV,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,SAAS,CAAC,EAAE;QACV,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,KAAK,IAAI,CAAC;QAC1C,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;QAClC,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;KAC9C,EACD,aAAa,CAAC,EAAE,MAAM,EACtB,uBAAuB,CAAC,EAAE,MAAM,EAChC,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IAsHtC;;OAEG;YACW,gBAAgB;IAuO9B;;;;OAIG;YACW,yBAAyB;IA8OvC;;OAEG;YACW,eAAe;IAqC7B;;OAEG;YACW,mBAAmB;IAOjC;;OAEG;IACH,OAAO,CAAC,eAAe;IAKvB,OAAO,CAAC,sBAAsB;IAY9B;;OAEG;IACH,SAAS,IAAI,MAAM,CAAC,OAAO,CAAC;IAI5B;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC;QAC9B,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;QACxB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IAIF;;OAEG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;CAGnC"}

package/esm/src/agent/runtime/index.js

@@ -117,6 +117,17 @@ function isLocalModel(model) {
         m.provider === "local" ||
         (typeof m.modelId === "string" && m.modelId.startsWith("local/"));
 }
+function getRuntimeAllowedRemoteTools(config) {
+    const configWithRuntimeFilters = config;
+    if (!Object.hasOwn(configWithRuntimeFilters, "__vfAllowedRemoteTools")) {
+        return undefined;
+    }
+    const raw = configWithRuntimeFilters.__vfAllowedRemoteTools;
+    if (!Array.isArray(raw)) {
+        return [];
+    }
+    return raw.every((toolName) => typeof toolName === "string") ? raw : [];
+}
 export class AgentRuntime {
     id;
     config;
@@ -281,11 +292,13 @@ export class AgentRuntime {
             }
             // Request-scoped skill policy (not class-level mutable state)
             let activeSkillPolicy;
+            const allowedRemoteToolNames = getRuntimeAllowedRemoteTools(this.config);
             for (let step = 0; step < maxSteps; step++) {
                 this.status = "thinking";
                 addSpanEvent(loopSpan, "step_start", { step });
                 let tools = isLocal ? [] : await getAvailableTools(this.config.tools, {
                     includeSkillTools: Boolean(this.config.skills),
+                    allowedRemoteToolNames,
                 });
                 // Layer 1: Filter tools based on active skill policy (planning-time)
                 if (activeSkillPolicy) {
@@ -387,7 +400,7 @@ export class AgentRuntime {
                                 agentId: this.id,
                                 toolCallId: tc.toolCallId,
                                 projectId: cacheCtx?.projectId,
-                            });
+                            }, allowedRemoteToolNames);
                             toolCall.status = "completed";
                             toolCall.result = result;
                             toolCall.executionTime = Date.now() - startTime;
@@ -473,11 +486,13 @@ export class AgentRuntime {
         // Request-scoped skill policy (not class-level mutable state)
         let activeSkillPolicy;
         let finalFinishReason;
+        const allowedRemoteToolNames = getRuntimeAllowedRemoteTools(this.config);
         for (let step = 0; step < maxSteps; step++) {
             throwIfAborted(abortSignal);
             sendSSE(controller, encoder, { type: "step-start" });
             let tools = isLocalStreaming ? [] : await getAvailableTools(this.config.tools, {
                 includeSkillTools: Boolean(this.config.skills),
+                allowedRemoteToolNames,
             });
             // Layer 1: Filter tools based on active skill policy (planning-time)
             if (activeSkillPolicy) {
@@ -566,7 +581,7 @@ export class AgentRuntime {
                         agentId: this.id,
                         toolCallId: tc.id,
                         ...toolContext,
-                    });
+                    }, allowedRemoteToolNames);
                     throwIfAborted(abortSignal);
                     toolCall.status = "completed";
                     toolCall.result = result;

package/esm/src/agent/runtime/tool-helpers.d.ts

@@ -28,7 +28,7 @@ export declare function isDynamicTool(name: string): boolean;
  */
 export type ToolConfigEntry = Tool<any, any> | boolean;
 export declare function resolveConfiguredTool(toolsConfig: true | Record<string, ToolConfigEntry> | undefined, toolName: string): Tool | null;
-export declare function executeConfiguredTool(toolName: string, input: Record<string, unknown>, toolsConfig: true | Record<string, ToolConfigEntry> | undefined, context?: ToolExecutionContext): Promise<unknown>;
+export declare function executeConfiguredTool(toolName: string, input: Record<string, unknown>, toolsConfig: true | Record<string, ToolConfigEntry> | undefined, context?: ToolExecutionContext, allowedRemoteToolNames?: string[]): Promise<unknown>;
 /**
  * Get available tools based on agent configuration.
  * When tools === true, loads all tools from registry.
@@ -40,5 +40,6 @@ export declare function executeConfiguredTool(toolName: string, input: Record<st
 export declare function getAvailableTools(toolsConfig: true | Record<string, ToolConfigEntry> | undefined, options?: {
     includeSkillTools?: boolean;
     includeIntegrationTools?: boolean;
+    allowedRemoteToolNames?: string[];
 }): Promise<ToolDefinition[]>;
 //# sourceMappingURL=tool-helpers.d.ts.map

package/esm/src/agent/runtime/tool-helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tool-helpers.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/runtime/tool-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAYtF;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACxC,cAAc,CAuBhB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED;;;GAGG;AAEH,MAAM,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC;AAEvD,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,EAC/D,QAAQ,EAAE,MAAM,GACf,IAAI,GAAG,IAAI,CAmBb;AAED,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC9B,WAAW,EAAE,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,EAC/D,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CAAC,OAAO,CAAC,CAsBlB;AAoBD;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,EAC/D,OAAO,CAAC,EAAE;IAAE,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAAC,uBAAuB,CAAC,EAAE,OAAO,CAAA;CAAE,GAC3E,OAAO,CAAC,cAAc,EAAE,CAAC,CAwE3B"}
+{"version":3,"file":"tool-helpers.d.ts","sourceRoot":"","sources":["../../../../src/src/agent/runtime/tool-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAYtF;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACxC,cAAc,CAuBhB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED;;;GAGG;AAEH,MAAM,MAAM,eAAe,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC;AAEvD,wBAAgB,qBAAqB,CACnC,WAAW,EAAE,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,EAC/D,QAAQ,EAAE,MAAM,GACf,IAAI,GAAG,IAAI,CAmBb;AAED,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC9B,WAAW,EAAE,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,EAC/D,OAAO,CAAC,EAAE,oBAAoB,EAC9B,sBAAsB,CAAC,EAAE,MAAM,EAAE,GAChC,OAAO,CAAC,OAAO,CAAC,CAyBlB;AAoBD;;;;;;;GAOG;AACH,wBAAsB,iBAAiB,CACrC,WAAW,EAAE,IAAI,GAAG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,SAAS,EAC/D,OAAO,CAAC,EAAE;IACR,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;CACnC,GACA,OAAO,CAAC,cAAc,EAAE,CAAC,CA4E3B"}

package/esm/src/agent/runtime/tool-helpers.js

@@ -59,7 +59,7 @@ export function resolveConfiguredTool(toolsConfig, toolName) {
     }
     return null;
 }
-export async function executeConfiguredTool(toolName, input, toolsConfig, context) {
+export async function executeConfiguredTool(toolName, input, toolsConfig, context, allowedRemoteToolNames) {
     const configuredTool = resolveConfiguredTool(toolsConfig, toolName);
     if (configuredTool) {
         return await configuredTool.execute(input, context);
@@ -71,6 +71,9 @@ export async function executeConfiguredTool(toolName, input, toolsConfig, contex
     }
     // Fall back to remote execution for integration tools (e.g., github:list-repos)
     if (isRemoteIntegrationTool(toolName)) {
+        if (allowedRemoteToolNames && !allowedRemoteToolNames.includes(toolName)) {
+            throw new Error(`Tool "${toolName}" is not allowed for this run`);
+        }
         return await executeRemoteIntegrationTool(toolName, input, context?.endUserId);
     }
     return await executeTool(toolName, input, context);
@@ -113,7 +116,7 @@ export async function getAvailableTools(toolsConfig, options) {
         if (options?.includeIntegrationTools !== false) {
             try {
                 const { getRemoteIntegrationToolDefinitions } = await import("../../integrations/remote-tools.js");
-                const remoteDefs = await getRemoteIntegrationToolDefinitions();
+                const remoteDefs = (await getRemoteIntegrationToolDefinitions()).filter((def) => !options?.allowedRemoteToolNames || options.allowedRemoteToolNames.includes(def.name));
                 for (const def of remoteDefs) {
                     logToolDefinition(def.name, def);
                 }
@@ -143,7 +146,7 @@ export async function getAvailableTools(toolsConfig, options) {
     if (options?.includeIntegrationTools !== false) {
         try {
             const { getRemoteIntegrationToolDefinitions } = await import("../../integrations/remote-tools.js");
-            const remoteDefs = await getRemoteIntegrationToolDefinitions();
+            const remoteDefs = (await getRemoteIntegrationToolDefinitions()).filter((def) => !options?.allowedRemoteToolNames || options.allowedRemoteToolNames.includes(def.name));
             for (const def of remoteDefs) {
                 // Skip if already present (e.g., explicitly configured by name)
                 if (!tools.some((t) => t.name === def.name)) {

package/esm/src/html/html-injection.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"html-injection.d.ts","sourceRoot":"","sources":["../../../src/src/html/html-injection.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAkB/D,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2EAA2E;IAC3E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,gDAAgD;IAChD,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,0CAA0C;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,WAAW,CAAC,EAAE,SAAS,GAAG,YAAY,CAAC;IACvC,+DAA+D;IAC/D,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iFAAiF;IACjF,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAgBD,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,wBAAwB,GAChC,MAAM,CA+FR"}
+{"version":3,"file":"html-injection.d.ts","sourceRoot":"","sources":["../../../src/src/html/html-injection.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAkB/D,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,2EAA2E;IAC3E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,kDAAkD;IAClD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,gDAAgD;IAChD,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,0CAA0C;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gBAAgB;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,WAAW,CAAC,EAAE,SAAS,GAAG,YAAY,CAAC;IACvC,+DAA+D;IAC/D,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,8DAA8D;IAC9D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iFAAiF;IACjF,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAgBD,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,wBAAwB,GAChC,MAAM,CAmGR"}

package/esm/src/html/html-injection.js

@@ -54,23 +54,24 @@ export function injectHTMLContent(template, content, metadata, options) {
                 environment: options.environment,
             }),
         });
-        const hydrationScript = `<script id="veryfront-hydration-data" type="application/json">${hydrationData}</script>`;
+        const nonceAttr = buildNonceAttribute(options.nonce);
+        const hydrationScript = `<script id="veryfront-hydration-data" type="application/json"${nonceAttr}>${hydrationData}</script>`;
         html = html.replace(/<\/body>/i, `${hydrationScript}</body>`);
     }
     if (options.mode === "development") {
         const hasDevScriptsPlaceholder = /{{\s*devScripts\s*}}/i.test(html);
         if (hasDevScriptsPlaceholder) {
-            html = html.replace(/{{\s*devScripts\s*}}/gi, getDevScripts());
+            html = html.replace(/{{\s*devScripts\s*}}/gi, getDevScripts(options.devPort, options.nonce));
         }
-        html = html.replace(/{{\s*devStyles\s*}}/gi, getDevStyles());
+        html = html.replace(/{{\s*devStyles\s*}}/gi, getDevStyles(options.nonce));
         if (!hasDevScriptsPlaceholder && hasBodyClose) {
-            html = html.replace(/<\/body>/i, `${getDevStyles()}${getDevScripts()}</body>`);
+            html = html.replace(/<\/body>/i, `${getDevStyles(options.nonce)}${getDevScripts(options.devPort, options.nonce)}</body>`);
         }
     }
     else {
         html = html.replace(/{{\s*devScripts\s*}}/gi, "");
         html = html.replace(/{{\s*devStyles\s*}}/gi, "");
-        const prodScripts = getProdScripts(options.slug);
+        const prodScripts = getProdScripts(options.slug, options.nonce);
         const hasProdScriptsPlaceholder = /{{\s*prodScripts\s*}}/i.test(html);
         if (hasProdScriptsPlaceholder) {
             html = html.replace(/{{\s*prodScripts\s*}}/gi, prodScripts);

package/esm/src/html/nonce-injection.d.ts

@@ -0,0 +1,2 @@
+export declare function addNonceToHtmlTags(html: string, nonce?: string): string;
+//# sourceMappingURL=nonce-injection.d.ts.map

package/esm/src/html/nonce-injection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"nonce-injection.d.ts","sourceRoot":"","sources":["../../../src/src/html/nonce-injection.ts"],"names":[],"mappings":"AAmEA,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,CA6DvE"}

package/esm/src/html/nonce-injection.js

@@ -0,0 +1,104 @@
+import { escapeHtml } from "../utils/html-escape.js";
+function findTagEnd(html, start) {
+    let activeQuote = null;
+    for (let index = start + 1; index < html.length; index++) {
+        const char = html[index];
+        if (activeQuote) {
+            if (char === activeQuote)
+                activeQuote = null;
+            continue;
+        }
+        if (char === '"' || char === "'") {
+            activeQuote = char;
+            continue;
+        }
+        if (char === ">")
+            return index;
+    }
+    return -1;
+}
+function getOpeningTagName(tag) {
+    const match = /^<\s*([a-zA-Z][\w:-]*)/u.exec(tag);
+    const tagName = match?.[1]?.toLowerCase();
+    if (tagName === "script" || tagName === "style")
+        return tagName;
+    return undefined;
+}
+function isTagBoundary(char) {
+    return char === undefined || /\s|\/|>/u.test(char);
+}
+function findRawTextClosingTagStart(lowerHtml, tagName, fromIndex) {
+    const needle = `</${tagName}`;
+    let searchIndex = fromIndex;
+    while (searchIndex < lowerHtml.length) {
+        const closingIndex = lowerHtml.indexOf(needle, searchIndex);
+        if (closingIndex === -1)
+            return -1;
+        if (isTagBoundary(lowerHtml[closingIndex + needle.length])) {
+            return closingIndex;
+        }
+        searchIndex = closingIndex + needle.length;
+    }
+    return -1;
+}
+function injectNonceIntoOpeningTag(tag, escapedNonce) {
+    if (/(?:\s|<)nonce\s*=/iu.test(tag))
+        return tag;
+    const closeIndex = tag.lastIndexOf(">");
+    if (closeIndex === -1)
+        return tag;
+    const insertAt = /\/\s*>$/u.test(tag) ? closeIndex - 1 : closeIndex;
+    return `${tag.slice(0, insertAt)} nonce="${escapedNonce}"${tag.slice(insertAt)}`;
+}
+export function addNonceToHtmlTags(html, nonce) {
+    if (!nonce)
+        return html;
+    const escapedNonce = escapeHtml(nonce);
+    const lowerHtml = html.toLowerCase();
+    let result = "";
+    let index = 0;
+    let rawTextTag = null;
+    while (index < html.length) {
+        if (rawTextTag) {
+            const closingIndex = findRawTextClosingTagStart(lowerHtml, rawTextTag, index);
+            if (closingIndex === -1) {
+                result += html.slice(index);
+                break;
+            }
+            result += html.slice(index, closingIndex);
+            index = closingIndex;
+            rawTextTag = null;
+            continue;
+        }
+        if (html.startsWith("<!--", index)) {
+            const commentEnd = html.indexOf("-->", index + 4);
+            const endIndex = commentEnd === -1 ? html.length : commentEnd + 3;
+            result += html.slice(index, endIndex);
+            index = endIndex;
+            continue;
+        }
+        if (html[index] !== "<") {
+            result += html[index];
+            index++;
+            continue;
+        }
+        const tagEnd = findTagEnd(html, index);
+        if (tagEnd === -1) {
+            result += html.slice(index);
+            break;
+        }
+        const tag = html.slice(index, tagEnd + 1);
+        const tagName = getOpeningTagName(tag);
+        if (!tagName) {
+            result += tag;
+            index = tagEnd + 1;
+            continue;
+        }
+        result += injectNonceIntoOpeningTag(tag, escapedNonce);
+        index = tagEnd + 1;
+        if (!/\/\s*>$/u.test(tag)) {
+            rawTextTag = tagName;
+        }
+    }
+    return result;
+}

package/esm/src/internal-agents/run-stream.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"run-stream.d.ts","sourceRoot":"","sources":["../../../src/src/internal-agents/run-stream.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EACL,KAAK,KAAK,EACV,KAAK,YAAY,IAAI,OAAO,EAC5B,KAAK,aAAa,EAEnB,MAAM,mBAAmB,CAAC;AAW3B,OAAO,EAA0B,KAAK,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC3F,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAIxD,MAAM,WAAW,+BAA+B;IAC9C,cAAc,EAAE,sBAAsB,CAAC;IACvC,aAAa,CAAC,EAAE,CACd,KAAK,EAAE,KAAK,EACZ,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAClC;QACH,MAAM,EAAE,CACN,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,SAAS,CAAC,EAAE;YACV,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;SAC9C,EACD,aAAa,CAAC,EAAE,MAAM,EACtB,uBAAuB,CAAC,EAAE,MAAM,EAChC,WAAW,CAAC,EAAE,WAAW,KACtB,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC;KAC1C,CAAC;CACH;AAsKD,wBAAsB,gCAAgC,CACpD,KAAK,EAAE,oBAAoB,EAC3B,KAAK,EAAE,KAAK,EACZ,IAAI,EAAE,+BAA+B,GACpC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAsJ3B"}
+{"version":3,"file":"run-stream.d.ts","sourceRoot":"","sources":["../../../src/src/internal-agents/run-stream.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EACL,KAAK,KAAK,EACV,KAAK,YAAY,IAAI,OAAO,EAC5B,KAAK,aAAa,EAEnB,MAAM,mBAAmB,CAAC;AAW3B,OAAO,EAA0B,KAAK,sBAAsB,EAAE,MAAM,sBAAsB,CAAC;AAC3F,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAUxD,MAAM,WAAW,+BAA+B;IAC9C,cAAc,EAAE,sBAAsB,CAAC;IACvC,aAAa,CAAC,EAAE,CACd,KAAK,EAAE,KAAK,EACZ,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAClC;QACH,MAAM,EAAE,CACN,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,SAAS,CAAC,EAAE;YACV,QAAQ,CAAC,EAAE,CAAC,QAAQ,EAAE,aAAa,KAAK,IAAI,CAAC;SAC9C,EACD,aAAa,CAAC,EAAE,MAAM,EACtB,uBAAuB,CAAC,EAAE,MAAM,EAChC,WAAW,CAAC,EAAE,WAAW,KACtB,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC;KAC1C,CAAC;CACH;AAsLD,wBAAsB,gCAAgC,CACpD,KAAK,EAAE,oBAAoB,EAC3B,KAAK,EAAE,KAAK,EACZ,IAAI,EAAE,+BAA+B,GACpC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CA+J3B"}

package/esm/src/internal-agents/run-stream.js

@@ -126,16 +126,38 @@ function normalizeRuntimeMessages(messages) {
         ...(message.metadata ? { metadata: message.metadata } : {}),
     }));
 }
+function getAllowedRemoteToolNames(forwardedProps) {
+    const runtimeOverrides = isRecord(forwardedProps?.runtimeOverrides)
+        ? forwardedProps.runtimeOverrides
+        : null;
+    if (!runtimeOverrides || !Object.hasOwn(runtimeOverrides, "allowedTools")) {
+        return undefined;
+    }
+    const allowedTools = runtimeOverrides.allowedTools;
+    if (!Array.isArray(allowedTools)) {
+        return [];
+    }
+    return allowedTools.every((toolName) => typeof toolName === "string") ? allowedTools : [];
+}
 export async function createRuntimeAgentStreamResponse(input, agent, deps) {
     const abortSignal = deps.sessionManager.startRun({
         runId: input.runId,
         threadId: input.threadId,
     });
     const mergedTools = buildMergedTools(agent, input, deps.sessionManager);
-    const runtime = deps.createRuntime?.(agent, mergedTools) ?? new AgentRuntime(agent.id, {
-        ...agent.config,
-        tools: mergedTools,
-    });
+    const allowedRemoteToolNames = getAllowedRemoteToolNames(input.forwardedProps);
+    const runtimeAgent = {
+        ...agent,
+        config: {
+            ...agent.config,
+            tools: mergedTools,
+            ...(allowedRemoteToolNames !== undefined
+                ? { __vfAllowedRemoteTools: allowedRemoteToolNames }
+                : {}),
+        },
+    };
+    const runtime = deps.createRuntime?.(runtimeAgent, mergedTools) ??
+        new AgentRuntime(runtimeAgent.id, runtimeAgent.config);
     let completedResponse = null;
     const runtimeMessages = normalizeRuntimeMessages(input.messages);
     let runtimeStream;

package/esm/src/rendering/orchestrator/html.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"html.d.ts","sourceRoot":"","sources":["../../../../src/src/rendering/orchestrator/html.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAS7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,KAAK,EACV,UAAU,EACV,UAAU,EACV,SAAS,EAET,UAAU,EACX,MAAM,sBAAsB,CAAC;AAG9B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AA2HhD,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,cAAc,CAAC;IACxB,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,aAAa,GAAG,YAAY,CAAC;CACpC;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,UAAU,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,SAAS,GAAG,SAAS,CAAC;IACpC,aAAa,EAAE,UAAU,EAAE,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,2FAA2F;IAC3F,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIjC,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC;IAajE,kBAAkB,CACtB,WAAW,EAAE,cAAc,EAC3B,OAAO,EAAE,IAAI,CAAC,qBAAqB,EAAE,MAAM,CAAC,GAC3C,OAAO,CAAC,cAAc,CAAC;YAgDZ,sBAAsB;YAiCtB,wBAAwB;YAmBxB,gBAAgB;YAyBhB,kBAAkB;IAwDhC,OAAO,CAAC,0BAA0B;IAsBlC,OAAO,CAAC,sBAAsB;IAgD9B,OAAO,CAAC,iBAAiB;IA4DzB,OAAO,CAAC,gBAAgB;IAQxB,OAAO,CAAC,cAAc;YAQR,eAAe;YAaf,gBAAgB;IAgF9B;;;;OAIG;YACW,gBAAgB;IA2D9B,OAAO,CAAC,wBAAwB;IAqBhC,OAAO,CAAC,qBAAqB;YAOf,6BAA6B;CAyD5C"}
+{"version":3,"file":"html.d.ts","sourceRoot":"","sources":["../../../../src/src/rendering/orchestrator/html.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAS7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,KAAK,EACV,UAAU,EACV,UAAU,EACV,SAAS,EAET,UAAU,EACX,MAAM,sBAAsB,CAAC;AAG9B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAqBhD,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,cAAc,CAAC;IACxB,MAAM,EAAE,eAAe,CAAC;IACxB,IAAI,EAAE,aAAa,GAAG,YAAY,CAAC;CACpC;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,UAAU,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,SAAS,GAAG,SAAS,CAAC;IACpC,aAAa,EAAE,UAAU,EAAE,CAAC;IAC5B,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,2FAA2F;IAC3F,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAsB;gBAExB,MAAM,EAAE,mBAAmB;IAIjC,gBAAgB,CAAC,OAAO,EAAE,qBAAqB,GAAG,OAAO,CAAC,MAAM,CAAC;IAajE,kBAAkB,CACtB,WAAW,EAAE,cAAc,EAC3B,OAAO,EAAE,IAAI,CAAC,qBAAqB,EAAE,MAAM,CAAC,GAC3C,OAAO,CAAC,cAAc,CAAC;YAgDZ,sBAAsB;YAiCtB,wBAAwB;YAmBxB,gBAAgB;YAyBhB,kBAAkB;IAwDhC,OAAO,CAAC,0BAA0B;IAsBlC,OAAO,CAAC,sBAAsB;IAgD9B,OAAO,CAAC,iBAAiB;IA4DzB,OAAO,CAAC,gBAAgB;IAQxB,OAAO,CAAC,cAAc;YAQR,eAAe;YAaf,gBAAgB;IAgF9B;;;;OAIG;YACW,gBAAgB;IA2D9B,OAAO,CAAC,wBAAwB;IAqBhC,OAAO,CAAC,qBAAqB;YAOf,6BAA6B;CAyD5C"}

package/esm/src/rendering/orchestrator/html.js

@@ -2,7 +2,7 @@ import { join } from "../../platform/compat/path/index.js";
 import { getExtensionName } from "../../utils/path-utils.js";
 import { buildImportMapJson, extractHTMLMetadata, generateHTMLShellParts, injectHTMLContent, isFullHTMLDocument, } from "../../html/index.js";
 import { DEFAULT_DASHBOARD_PORT, rendererLogger } from "../../utils/index.js";
-import { escapeHtml } from "../../utils/html-escape.js";
+import { addNonceToHtmlTags } from "../../html/nonce-injection.js";
 import { injectElementSelectors } from "../../studio/element-selector-injector.js";
 import { computeSourceHash } from "../../studio/hash-utils.js";
 import { extractRelativePath } from "../../utils/route-path-utils.js";
@@ -16,92 +16,6 @@ import { getRouteCandidates } from "./css-candidate-manifest.js";
 import { resolveStyleContentVersion } from "../../html/styles-builder/content-version.js";
 import { createStyleScopeProfile } from "../../html/styles-builder/style-scope-profile.js";
 const logger = rendererLogger.component("html-generator");
-function findTagEnd(html, start) {
-    let activeQuote = null;
-    for (let index = start + 1; index < html.length; index++) {
-        const char = html[index];
-        if (activeQuote) {
-            if (char === activeQuote)
-                activeQuote = null;
-            continue;
-        }
-        if (char === '"' || char === "'") {
-            activeQuote = char;
-            continue;
-        }
-        if (char === ">")
-            return index;
-    }
-    return -1;
-}
-function getOpeningTagName(tag) {
-    const match = /^<\s*([a-zA-Z][\w:-]*)/u.exec(tag);
-    const tagName = match?.[1]?.toLowerCase();
-    if (tagName === "script" || tagName === "style")
-        return tagName;
-    return undefined;
-}
-function injectNonceIntoOpeningTag(tag, escapedNonce) {
-    if (/\bnonce\s*=/iu.test(tag))
-        return tag;
-    const closeIndex = tag.lastIndexOf(">");
-    if (closeIndex === -1)
-        return tag;
-    const insertAt = /\/\s*>$/u.test(tag) ? closeIndex - 1 : closeIndex;
-    return `${tag.slice(0, insertAt)} nonce="${escapedNonce}"${tag.slice(insertAt)}`;
-}
-function addNonceToRenderedTags(html, nonce) {
-    if (!nonce)
-        return html;
-    const escapedNonce = escapeHtml(nonce);
-    const lowerHtml = html.toLowerCase();
-    let result = "";
-    let index = 0;
-    let rawTextTag = null;
-    while (index < html.length) {
-        if (rawTextTag) {
-            const closingIndex = lowerHtml.indexOf(`</${rawTextTag}`, index);
-            if (closingIndex === -1) {
-                result += html.slice(index);
-                break;
-            }
-            result += html.slice(index, closingIndex);
-            index = closingIndex;
-            rawTextTag = null;
-            continue;
-        }
-        if (html.startsWith("<!--", index)) {
-            const commentEnd = html.indexOf("-->", index + 4);
-            const endIndex = commentEnd === -1 ? html.length : commentEnd + 3;
-            result += html.slice(index, endIndex);
-            index = endIndex;
-            continue;
-        }
-        if (html[index] !== "<") {
-            result += html[index];
-            index++;
-            continue;
-        }
-        const tagEnd = findTagEnd(html, index);
-        if (tagEnd === -1) {
-            result += html.slice(index);
-            break;
-        }
-        const tag = html.slice(index, tagEnd + 1);
-        const tagName = getOpeningTagName(tag);
-        if (!tagName) {
-            result += tag;
-            index = tagEnd + 1;
-            continue;
-        }
-        result += injectNonceIntoOpeningTag(tag, escapedNonce);
-        index = tagEnd + 1;
-        if (!/\/\s*>$/u.test(tag)) {
-            rawTextTag = tagName;
-        }
-    }
-    return result;
-}
 export class HTMLGenerator {
     config;
     constructor(config) {
@@ -115,7 +29,7 @@ export class HTMLGenerator {
         if (context.options?.studioEmbed) {
             logger.debug("Injected element selectors for Studio");
         }
-        return addNonceToRenderedTags(finalHtml, context.options?.nonce);
+        return addNonceToHtmlTags(finalHtml, context.options?.nonce);
     }
     async generateHTMLStream(reactStream, context) {
         const fullContext = context;
@@ -137,7 +51,7 @@ export class HTMLGenerator {
         }
         const { start, end } = await profilePhase("html.generate_shell_parts", () => this.generateShellParts(fullContext, mergedFrontmatter, htmlOptions, reactContent, projectCSSPromise));
         const encoder = new TextEncoder();
-        const fullHtml = addNonceToRenderedTags(`${start}${reactContent}${end}`, context.options?.nonce);
+        const fullHtml = addNonceToHtmlTags(`${start}${reactContent}${end}`, context.options?.nonce);
         return new ReadableStream({
             start(controller) {
                 controller.enqueue(encoder.encode(fullHtml));

package/esm/src/rendering/script-page-handling.js

@@ -152,6 +152,7 @@ async function generateFullHtml(htmlBody, context) {
             mode: options.mode,
             slug,
             devPort: options.config?.dev?.port ?? DEFAULT_DASHBOARD_PORT,
+            nonce: options.nonce,
         });
     }
     const htmlOptions = {

package/esm/src/server/handlers/request/static.handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"static.handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/server/handlers/request/static.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,OAAO,MAAM,2BAA2B,CAAC;AAGrD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAmB,aAAa,EAAE,MAAM,aAAa,CAAC;AAUnG,qBAAa,aAAc,SAAQ,WAAW;IAC5C,QAAQ,EAAE,eAAe,CAOvB;IAEF,OAAO,CAAC,aAAa,CAA2B;IAEhD,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;IAazE,OAAO,CAAC,cAAc;CAiEvB"}
+{"version":3,"file":"static.handler.d.ts","sourceRoot":"","sources":["../../../../../src/src/server/handlers/request/static.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,OAAO,MAAM,2BAA2B,CAAC;AAGrD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAmB,aAAa,EAAE,MAAM,aAAa,CAAC;AAgBnG,qBAAa,aAAc,SAAQ,WAAW;IAC5C,QAAQ,EAAE,eAAe,CAOvB;IAEF,OAAO,CAAC,aAAa,CAA2B;IAEhD,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,aAAa,CAAC;IAazE,OAAO,CAAC,cAAc;CAuEvB"}

package/esm/src/server/handlers/request/static.handler.js

@@ -3,6 +3,11 @@ import { hasMatchingEtag } from "../utils/etag.js";
 import { HTTP_NOT_FOUND, HTTP_OK, PRIORITY_MEDIUM_STATIC, } from "../../../utils/constants/index.js";
 import { withSpan } from "../../../observability/tracing/otlp-setup.js";
 import { StaticFileService } from "../../services/static/index.js";
+import { addNonceToHtmlTags } from "../../../html/nonce-injection.js";
+import { computeEtag } from "../utils/etag.js";
+function isHtmlResponse(contentType) {
+    return /\btext\/html\b/i.test(contentType);
+}
 export class StaticHandler extends BaseHandler {
     metadata = {
         name: "StaticHandler",
@@ -31,6 +36,8 @@ export class StaticHandler extends BaseHandler {
             const isHead = method === "HEAD";
             const isLocal = !!ctx.isLocalProject;
             const isPreviewMode = ctx.requestContext?.mode === "preview" && !isLocal;
+            const builder = this.createResponseBuilder(ctx)
+                .withCORS(req, ctx.securityConfig?.cors);
             const result = await this.staticService.resolveFile(pathname, {
                 projectDir: ctx.projectDir,
                 adapter: ctx.adapter,
@@ -40,24 +47,25 @@ export class StaticHandler extends BaseHandler {
             if (!result) {
                 if (!this.staticService.isAssetRequest(pathname))
                     return null;
-                return this.createResponseBuilder(ctx)
-                    .withCORS(req, ctx.securityConfig?.cors)
+                return builder
                     .withSecurity(ctx.securityConfig ?? undefined, req)
                     .withCache("no-cache")
                     .withContentType("text/plain; charset=utf-8", isHead ? null : "Not Found", HTTP_NOT_FOUND);
             }
-            if (hasMatchingEtag(req, result.etag)) {
-                return this.createResponseBuilder(ctx)
-                    .withCORS(req, ctx.securityConfig?.cors)
+            const responseData = isHtmlResponse(result.contentType)
+                ? new TextEncoder().encode(addNonceToHtmlTags(new TextDecoder().decode(result.data), builder.nonce))
+                : result.data;
+            const etag = computeEtag(responseData);
+            if (hasMatchingEtag(req, etag)) {
+                return builder
                     .withSecurity(ctx.securityConfig ?? undefined, req)
-                    .notModified(result.etag);
+                    .notModified(etag);
             }
-            const body = isHead ? null : result.data.slice();
-            const response = this.createResponseBuilder(ctx)
-                .withCORS(req, ctx.securityConfig?.cors)
+            const body = isHead ? null : responseData.slice();
+            const response = builder
                 .withSecurity(ctx.securityConfig ?? undefined, req)
                 .withCache(result.cacheStrategy)
-                .withETag(result.etag)
+                .withETag(etag)
                 .withContentType(result.contentType, body, HTTP_OK);
             this.logDebug(`Served static file: ${result.path}`, {
                 contentType: result.contentType,

package/esm/src/utils/version-constant.d.ts

@@ -1,2 +1,2 @@
-export declare const VERSION = "0.1.131";
+export declare const VERSION = "0.1.132";
 //# sourceMappingURL=version-constant.d.ts.map

package/esm/src/utils/version-constant.js

@@ -1,3 +1,3 @@
 // Keep in sync with deno.json version.
 // scripts/release.ts updates this constant during releases.
-export const VERSION = "0.1.131";
+export const VERSION = "0.1.132";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "veryfront",
-  "version": "0.1.131",
+  "version": "0.1.132",
   "description": "The simplest way to build AI-powered apps",
   "keywords": [
     "react",

package/src/_dnt.polyfills.ts

@@ -506,6 +506,33 @@ if (!Uint8Array.prototype.findLast) {
   };
 }
 
+export {};
+// https://github.com/tc39/proposal-accessible-object-hasownproperty/blob/main/polyfill.js
+if (!Object.hasOwn) {
+  Object.defineProperty(Object, "hasOwn", {
+    value: function (object: any, property: any) {
+      if (object == null) {
+        throw new TypeError("Cannot convert undefined or null to object");
+      }
+      return Object.prototype.hasOwnProperty.call(Object(object), property);
+    },
+    configurable: true,
+    enumerable: false,
+    writable: true,
+  });
+}
+
+declare global {
+  interface Object {
+    /**
+     * Determines whether an object has a property with the specified name.
+     * @param o An object.
+     * @param v A property name.
+     */
+    hasOwn(o: object, v: PropertyKey): boolean;
+  }
+}
+
 export {};
 declare global {
   // https://github.com/denoland/deno/blob/0bfa0cc0276e94f1a308aaad5f925eaacb6e3db2/cli/tsc/dts/lib.es2021.promise.d.ts#L53

package/src/deno.js

@@ -1,6 +1,6 @@
 export default {
   "name": "veryfront",
-  "version": "0.1.131",
+  "version": "0.1.132",
   "license": "Apache-2.0",
   "nodeModulesDir": "auto",
   "exclude": [

package/src/src/agent/runtime/index.ts

@@ -77,6 +77,10 @@ import { resolveConfiguredAgentModel, resolveRuntimeModel } from "./model-resolu
 const logger = serverLogger.component("agent");
 const LOAD_SKILL_TOOL_ID = "load-skill";
 
+type RuntimeToolFilterConfig = AgentConfig & {
+  __vfAllowedRemoteTools?: string[];
+};
+
 function createAbortError(reason?: unknown): Error {
   if (reason instanceof Error) {
     return reason;
@@ -187,6 +191,18 @@ function isLocalModel(model: LanguageModel): boolean {
     (typeof m.modelId === "string" && m.modelId.startsWith("local/"));
 }
 
+function getRuntimeAllowedRemoteTools(config: AgentConfig): string[] | undefined {
+  const configWithRuntimeFilters = config as RuntimeToolFilterConfig;
+  if (!Object.hasOwn(configWithRuntimeFilters, "__vfAllowedRemoteTools")) {
+    return undefined;
+  }
+  const raw = configWithRuntimeFilters.__vfAllowedRemoteTools;
+  if (!Array.isArray(raw)) {
+    return [];
+  }
+  return raw.every((toolName) => typeof toolName === "string") ? raw : [];
+}
+
 export class AgentRuntime {
   private id: string;
   private config: AgentConfig;
@@ -418,6 +434,7 @@ export class AgentRuntime {
 
       // Request-scoped skill policy (not class-level mutable state)
       let activeSkillPolicy: string[] | undefined;
+      const allowedRemoteToolNames = getRuntimeAllowedRemoteTools(this.config);
 
       for (let step = 0; step < maxSteps; step++) {
         this.status = "thinking";
@@ -425,6 +442,7 @@ export class AgentRuntime {
 
         let tools = isLocal ? [] : await getAvailableTools(this.config.tools, {
           includeSkillTools: Boolean(this.config.skills),
+          allowedRemoteToolNames,
         });
 
         // Layer 1: Filter tools based on active skill policy (planning-time)
@@ -548,6 +566,7 @@ export class AgentRuntime {
                   toolCallId: tc.toolCallId,
                   projectId: cacheCtx?.projectId,
                 },
+                allowedRemoteToolNames,
               );
 
               toolCall.status = "completed";
@@ -662,6 +681,7 @@ export class AgentRuntime {
     // Request-scoped skill policy (not class-level mutable state)
     let activeSkillPolicy: string[] | undefined;
     let finalFinishReason: string | undefined;
+    const allowedRemoteToolNames = getRuntimeAllowedRemoteTools(this.config);
 
     for (let step = 0; step < maxSteps; step++) {
       throwIfAborted(abortSignal);
@@ -669,6 +689,7 @@ export class AgentRuntime {
 
       let tools = isLocalStreaming ? [] : await getAvailableTools(this.config.tools, {
         includeSkillTools: Boolean(this.config.skills),
+        allowedRemoteToolNames,
       });
 
       // Layer 1: Filter tools based on active skill policy (planning-time)
@@ -791,6 +812,7 @@ export class AgentRuntime {
               toolCallId: tc.id,
               ...toolContext,
             },
+            allowedRemoteToolNames,
           );
           throwIfAborted(abortSignal);
 

package/src/src/agent/runtime/tool-helpers.ts

@@ -100,6 +100,7 @@ export async function executeConfiguredTool(
   input: Record<string, unknown>,
   toolsConfig: true | Record<string, ToolConfigEntry> | undefined,
   context?: ToolExecutionContext,
+  allowedRemoteToolNames?: string[],
 ): Promise<unknown> {
   const configuredTool = resolveConfiguredTool(toolsConfig, toolName);
   if (configuredTool) {
@@ -114,6 +115,9 @@ export async function executeConfiguredTool(
 
   // Fall back to remote execution for integration tools (e.g., github:list-repos)
   if (isRemoteIntegrationTool(toolName)) {
+    if (allowedRemoteToolNames && !allowedRemoteToolNames.includes(toolName)) {
+      throw new Error(`Tool "${toolName}" is not allowed for this run`);
+    }
     return await executeRemoteIntegrationTool(
       toolName,
       input,
@@ -152,7 +156,11 @@ function addToolDefinition(
  */
 export async function getAvailableTools(
   toolsConfig: true | Record<string, ToolConfigEntry> | undefined,
-  options?: { includeSkillTools?: boolean; includeIntegrationTools?: boolean },
+  options?: {
+    includeSkillTools?: boolean;
+    includeIntegrationTools?: boolean;
+    allowedRemoteToolNames?: string[];
+  },
 ): Promise<ToolDefinition[]> {
   if (!toolsConfig) return [];
 
@@ -176,7 +184,9 @@ export async function getAvailableTools(
         const { getRemoteIntegrationToolDefinitions } = await import(
           "../../integrations/remote-tools.js"
         );
-        const remoteDefs = await getRemoteIntegrationToolDefinitions();
+        const remoteDefs = (await getRemoteIntegrationToolDefinitions()).filter((def) =>
+          !options?.allowedRemoteToolNames || options.allowedRemoteToolNames.includes(def.name)
+        );
         for (const def of remoteDefs) {
           logToolDefinition(def.name, def);
         }
@@ -211,7 +221,9 @@ export async function getAvailableTools(
       const { getRemoteIntegrationToolDefinitions } = await import(
         "../../integrations/remote-tools.js"
       );
-      const remoteDefs = await getRemoteIntegrationToolDefinitions();
+      const remoteDefs = (await getRemoteIntegrationToolDefinitions()).filter((def) =>
+        !options?.allowedRemoteToolNames || options.allowedRemoteToolNames.includes(def.name)
+      );
       for (const def of remoteDefs) {
         // Skip if already present (e.g., explicitly configured by name)
         if (!tools.some((t) => t.name === def.name)) {

package/src/src/html/html-injection.ts

@@ -116,8 +116,9 @@ export function injectHTMLContent(
         environment: options.environment,
       }),
     });
+    const nonceAttr = buildNonceAttribute(options.nonce);
     const hydrationScript =
-      `<script id="veryfront-hydration-data" type="application/json">${hydrationData}</script>`;
+      `<script id="veryfront-hydration-data" type="application/json"${nonceAttr}>${hydrationData}</script>`;
     html = html.replace(/<\/body>/i, `${hydrationScript}</body>`);
   }
 
@@ -125,19 +126,22 @@ export function injectHTMLContent(
     const hasDevScriptsPlaceholder = /{{\s*devScripts\s*}}/i.test(html);
 
     if (hasDevScriptsPlaceholder) {
-      html = html.replace(/{{\s*devScripts\s*}}/gi, getDevScripts());
+      html = html.replace(/{{\s*devScripts\s*}}/gi, getDevScripts(options.devPort, options.nonce));
     }
 
-    html = html.replace(/{{\s*devStyles\s*}}/gi, getDevStyles());
+    html = html.replace(/{{\s*devStyles\s*}}/gi, getDevStyles(options.nonce));
 
     if (!hasDevScriptsPlaceholder && hasBodyClose) {
-      html = html.replace(/<\/body>/i, `${getDevStyles()}${getDevScripts()}</body>`);
+      html = html.replace(
+        /<\/body>/i,
+        `${getDevStyles(options.nonce)}${getDevScripts(options.devPort, options.nonce)}</body>`,
+      );
     }
   } else {
     html = html.replace(/{{\s*devScripts\s*}}/gi, "");
     html = html.replace(/{{\s*devStyles\s*}}/gi, "");
 
-    const prodScripts = getProdScripts(options.slug);
+    const prodScripts = getProdScripts(options.slug, options.nonce);
     const hasProdScriptsPlaceholder = /{{\s*prodScripts\s*}}/i.test(html);
 
     if (hasProdScriptsPlaceholder) {

package/src/src/html/nonce-injection.ts

@@ -0,0 +1,129 @@
+import { escapeHtml } from "../utils/html-escape.js";
+
+function findTagEnd(html: string, start: number): number {
+  let activeQuote: '"' | "'" | null = null;
+
+  for (let index = start + 1; index < html.length; index++) {
+    const char = html[index];
+
+    if (activeQuote) {
+      if (char === activeQuote) activeQuote = null;
+      continue;
+    }
+
+    if (char === '"' || char === "'") {
+      activeQuote = char;
+      continue;
+    }
+
+    if (char === ">") return index;
+  }
+
+  return -1;
+}
+
+function getOpeningTagName(tag: string): "script" | "style" | undefined {
+  const match = /^<\s*([a-zA-Z][\w:-]*)/u.exec(tag);
+  const tagName = match?.[1]?.toLowerCase();
+  if (tagName === "script" || tagName === "style") return tagName;
+  return undefined;
+}
+
+function isTagBoundary(char: string | undefined): boolean {
+  return char === undefined || /\s|\/|>/u.test(char);
+}
+
+function findRawTextClosingTagStart(
+  lowerHtml: string,
+  tagName: "script" | "style",
+  fromIndex: number,
+): number {
+  const needle = `</${tagName}`;
+  let searchIndex = fromIndex;
+
+  while (searchIndex < lowerHtml.length) {
+    const closingIndex = lowerHtml.indexOf(needle, searchIndex);
+    if (closingIndex === -1) return -1;
+
+    if (isTagBoundary(lowerHtml[closingIndex + needle.length])) {
+      return closingIndex;
+    }
+
+    searchIndex = closingIndex + needle.length;
+  }
+
+  return -1;
+}
+
+function injectNonceIntoOpeningTag(tag: string, escapedNonce: string): string {
+  if (/(?:\s|<)nonce\s*=/iu.test(tag)) return tag;
+
+  const closeIndex = tag.lastIndexOf(">");
+  if (closeIndex === -1) return tag;
+
+  const insertAt = /\/\s*>$/u.test(tag) ? closeIndex - 1 : closeIndex;
+  return `${tag.slice(0, insertAt)} nonce="${escapedNonce}"${tag.slice(insertAt)}`;
+}
+
+export function addNonceToHtmlTags(html: string, nonce?: string): string {
+  if (!nonce) return html;
+
+  const escapedNonce = escapeHtml(nonce);
+  const lowerHtml = html.toLowerCase();
+  let result = "";
+  let index = 0;
+  let rawTextTag: "script" | "style" | null = null;
+
+  while (index < html.length) {
+    if (rawTextTag) {
+      const closingIndex = findRawTextClosingTagStart(lowerHtml, rawTextTag, index);
+      if (closingIndex === -1) {
+        result += html.slice(index);
+        break;
+      }
+
+      result += html.slice(index, closingIndex);
+      index = closingIndex;
+      rawTextTag = null;
+      continue;
+    }
+
+    if (html.startsWith("<!--", index)) {
+      const commentEnd = html.indexOf("-->", index + 4);
+      const endIndex = commentEnd === -1 ? html.length : commentEnd + 3;
+      result += html.slice(index, endIndex);
+      index = endIndex;
+      continue;
+    }
+
+    if (html[index] !== "<") {
+      result += html[index];
+      index++;
+      continue;
+    }
+
+    const tagEnd = findTagEnd(html, index);
+    if (tagEnd === -1) {
+      result += html.slice(index);
+      break;
+    }
+
+    const tag = html.slice(index, tagEnd + 1);
+    const tagName = getOpeningTagName(tag);
+
+    if (!tagName) {
+      result += tag;
+      index = tagEnd + 1;
+      continue;
+    }
+
+    result += injectNonceIntoOpeningTag(tag, escapedNonce);
+    index = tagEnd + 1;
+
+    if (!/\/\s*>$/u.test(tag)) {
+      rawTextTag = tagName;
+    }
+  }
+
+  return result;
+}

package/src/src/internal-agents/run-stream.ts

@@ -20,6 +20,12 @@ import type { RuntimeRunAgentInput } from "./schema.js";
 
 const anyObjectSchema = z.record(z.string(), z.unknown());
 
+type RuntimeFilteredAgent = Agent & {
+  config: Agent["config"] & {
+    __vfAllowedRemoteTools?: string[];
+  };
+};
+
 export interface RuntimeAgentStreamExecutionDeps {
   sessionManager: AgentRunSessionManager;
   createRuntime?: (
@@ -203,6 +209,22 @@ function normalizeRuntimeMessages(messages: RuntimeRunAgentInput["messages"]): M
   }));
 }
 
+function getAllowedRemoteToolNames(
+  forwardedProps: RuntimeRunAgentInput["forwardedProps"],
+): string[] | undefined {
+  const runtimeOverrides = isRecord(forwardedProps?.runtimeOverrides)
+    ? forwardedProps.runtimeOverrides
+    : null;
+  if (!runtimeOverrides || !Object.hasOwn(runtimeOverrides, "allowedTools")) {
+    return undefined;
+  }
+  const allowedTools = runtimeOverrides.allowedTools;
+  if (!Array.isArray(allowedTools)) {
+    return [];
+  }
+  return allowedTools.every((toolName) => typeof toolName === "string") ? allowedTools : [];
+}
+
 export async function createRuntimeAgentStreamResponse(
   input: RuntimeRunAgentInput,
   agent: Agent,
@@ -214,10 +236,19 @@ export async function createRuntimeAgentStreamResponse(
   });
 
   const mergedTools = buildMergedTools(agent, input, deps.sessionManager);
-  const runtime = deps.createRuntime?.(agent, mergedTools) ?? new AgentRuntime(agent.id, {
-    ...agent.config,
-    tools: mergedTools,
-  });
+  const allowedRemoteToolNames = getAllowedRemoteToolNames(input.forwardedProps);
+  const runtimeAgent: RuntimeFilteredAgent = {
+    ...agent,
+    config: {
+      ...agent.config,
+      tools: mergedTools,
+      ...(allowedRemoteToolNames !== undefined
+        ? { __vfAllowedRemoteTools: allowedRemoteToolNames }
+        : {}),
+    },
+  };
+  const runtime = deps.createRuntime?.(runtimeAgent, mergedTools) ??
+    new AgentRuntime(runtimeAgent.id, runtimeAgent.config);
 
   let completedResponse: AgentResponse | null = null;
   const runtimeMessages = normalizeRuntimeMessages(input.messages);

package/src/src/rendering/orchestrator/html.ts

@@ -19,7 +19,7 @@ import type {
   PageBundle,
 } from "../../types/index.js";
 import { DEFAULT_DASHBOARD_PORT, rendererLogger } from "../../utils/index.js";
-import { escapeHtml } from "../../utils/html-escape.js";
+import { addNonceToHtmlTags } from "../../html/nonce-injection.js";
 import type { RenderOptions } from "./types.js";
 import { injectElementSelectors } from "../../studio/element-selector-injector.js";
 import { computeSourceHash } from "../../studio/hash-utils.js";
@@ -41,108 +41,6 @@ import type { ResolvedContentContext } from "../../platform/adapters/fs/veryfron
 const logger = rendererLogger.component("html-generator");
 type ProjectCSSResult = Awaited<ReturnType<typeof getProjectCSS>> | null;
 
-function findTagEnd(html: string, start: number): number {
-  let activeQuote: '"' | "'" | null = null;
-
-  for (let index = start + 1; index < html.length; index++) {
-    const char = html[index];
-
-    if (activeQuote) {
-      if (char === activeQuote) activeQuote = null;
-      continue;
-    }
-
-    if (char === '"' || char === "'") {
-      activeQuote = char;
-      continue;
-    }
-
-    if (char === ">") return index;
-  }
-
-  return -1;
-}
-
-function getOpeningTagName(tag: string): "script" | "style" | undefined {
-  const match = /^<\s*([a-zA-Z][\w:-]*)/u.exec(tag);
-  const tagName = match?.[1]?.toLowerCase();
-  if (tagName === "script" || tagName === "style") return tagName;
-  return undefined;
-}
-
-function injectNonceIntoOpeningTag(tag: string, escapedNonce: string): string {
-  if (/\bnonce\s*=/iu.test(tag)) return tag;
-
-  const closeIndex = tag.lastIndexOf(">");
-  if (closeIndex === -1) return tag;
-
-  const insertAt = /\/\s*>$/u.test(tag) ? closeIndex - 1 : closeIndex;
-  return `${tag.slice(0, insertAt)} nonce="${escapedNonce}"${tag.slice(insertAt)}`;
-}
-
-function addNonceToRenderedTags(html: string, nonce?: string): string {
-  if (!nonce) return html;
-
-  const escapedNonce = escapeHtml(nonce);
-  const lowerHtml = html.toLowerCase();
-  let result = "";
-  let index = 0;
-  let rawTextTag: "script" | "style" | null = null;
-
-  while (index < html.length) {
-    if (rawTextTag) {
-      const closingIndex = lowerHtml.indexOf(`</${rawTextTag}`, index);
-      if (closingIndex === -1) {
-        result += html.slice(index);
-        break;
-      }
-
-      result += html.slice(index, closingIndex);
-      index = closingIndex;
-      rawTextTag = null;
-      continue;
-    }
-
-    if (html.startsWith("<!--", index)) {
-      const commentEnd = html.indexOf("-->", index + 4);
-      const endIndex = commentEnd === -1 ? html.length : commentEnd + 3;
-      result += html.slice(index, endIndex);
-      index = endIndex;
-      continue;
-    }
-
-    if (html[index] !== "<") {
-      result += html[index];
-      index++;
-      continue;
-    }
-
-    const tagEnd = findTagEnd(html, index);
-    if (tagEnd === -1) {
-      result += html.slice(index);
-      break;
-    }
-
-    const tag = html.slice(index, tagEnd + 1);
-    const tagName = getOpeningTagName(tag);
-
-    if (!tagName) {
-      result += tag;
-      index = tagEnd + 1;
-      continue;
-    }
-
-    result += injectNonceIntoOpeningTag(tag, escapedNonce);
-    index = tagEnd + 1;
-
-    if (!/\/\s*>$/u.test(tag)) {
-      rawTextTag = tagName;
-    }
-  }
-
-  return result;
-}
-
 export interface HTMLGeneratorConfig {
   projectDir: string;
   adapter: RuntimeAdapter;
@@ -182,7 +80,7 @@ export class HTMLGenerator {
       logger.debug("Injected element selectors for Studio");
     }
 
-    return addNonceToRenderedTags(finalHtml, context.options?.nonce);
+    return addNonceToHtmlTags(finalHtml, context.options?.nonce);
   }
 
   async generateHTMLStream(
@@ -223,7 +121,7 @@ export class HTMLGenerator {
     );
 
     const encoder = new TextEncoder();
-    const fullHtml = addNonceToRenderedTags(
+    const fullHtml = addNonceToHtmlTags(
       `${start}${reactContent}${end}`,
       context.options?.nonce,
     );

package/src/src/rendering/script-page-handling.ts

@@ -239,6 +239,7 @@ async function generateFullHtml(
       mode: options.mode,
       slug,
       devPort: options.config?.dev?.port ?? DEFAULT_DASHBOARD_PORT,
+      nonce: options.nonce,
     });
   }
 

package/src/src/server/handlers/request/static.handler.ts

@@ -21,6 +21,12 @@ import {
 } from "../../../utils/constants/index.js";
 import { withSpan } from "../../../observability/tracing/otlp-setup.js";
 import { StaticFileService } from "../../services/static/index.js";
+import { addNonceToHtmlTags } from "../../../html/nonce-injection.js";
+import { computeEtag } from "../utils/etag.js";
+
+function isHtmlResponse(contentType: string): boolean {
+  return /\btext\/html\b/i.test(contentType);
+}
 
 export class StaticHandler extends BaseHandler {
   metadata: HandlerMetadata = {
@@ -59,6 +65,8 @@ export class StaticHandler extends BaseHandler {
         const isHead = method === "HEAD";
         const isLocal = !!ctx.isLocalProject;
         const isPreviewMode = ctx.requestContext?.mode === "preview" && !isLocal;
+        const builder = this.createResponseBuilder(ctx)
+          .withCORS(req, ctx.securityConfig?.cors);
 
         const result = await this.staticService.resolveFile(pathname, {
           projectDir: ctx.projectDir,
@@ -70,8 +78,7 @@ export class StaticHandler extends BaseHandler {
         if (!result) {
           if (!this.staticService.isAssetRequest(pathname)) return null;
 
-          return this.createResponseBuilder(ctx)
-            .withCORS(req, ctx.securityConfig?.cors)
+          return builder
             .withSecurity(ctx.securityConfig ?? undefined, req)
             .withCache("no-cache")
             .withContentType(
@@ -81,19 +88,24 @@ export class StaticHandler extends BaseHandler {
             );
         }
 
-        if (hasMatchingEtag(req, result.etag)) {
-          return this.createResponseBuilder(ctx)
-            .withCORS(req, ctx.securityConfig?.cors)
+        const responseData = isHtmlResponse(result.contentType)
+          ? new TextEncoder().encode(
+            addNonceToHtmlTags(new TextDecoder().decode(result.data), builder.nonce),
+          )
+          : result.data;
+        const etag = computeEtag(responseData);
+
+        if (hasMatchingEtag(req, etag)) {
+          return builder
             .withSecurity(ctx.securityConfig ?? undefined, req)
-            .notModified(result.etag);
+            .notModified(etag);
         }
 
-        const body: dntShim.BodyInit | null = isHead ? null : result.data.slice();
-        const response = this.createResponseBuilder(ctx)
-          .withCORS(req, ctx.securityConfig?.cors)
+        const body: dntShim.BodyInit | null = isHead ? null : responseData.slice();
+        const response = builder
           .withSecurity(ctx.securityConfig ?? undefined, req)
           .withCache(result.cacheStrategy)
-          .withETag(result.etag)
+          .withETag(etag)
           .withContentType(result.contentType, body, HTTP_OK);
 
         this.logDebug(

package/src/src/utils/version-constant.ts

@@ -1,3 +1,3 @@
 // Keep in sync with deno.json version.
 // scripts/release.ts updates this constant during releases.
-export const VERSION = "0.1.131";
+export const VERSION = "0.1.132";