npm - webdaemon - Versions diffs - 21.1.0 → 24.0.0 - Mend

webdaemon 21.1.0 → 24.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/index.js +17 -3
package/dist/index.js.map +4 -4
package/dist/types/index.d.ts +20 -18
package/dist/types/index.d.ts.map +1 -1
package/dist/types/js/BrowserApp.d.ts +1 -1
package/dist/types/js/GenerativeChatBrowser.d.ts +192 -0
package/dist/types/js/GenerativeChatBrowser.d.ts.map +1 -0
package/dist/types/js/Token.d.ts +9 -9
package/dist/types/js/Token.d.ts.map +1 -1
package/dist/types/ts/GenerativeChatAgent.d.ts +45 -0
package/dist/types/ts/GenerativeChatAgent.d.ts.map +1 -0
package/dist/types/ts/McpServer.d.ts +1 -1
package/dist/types/ts/McpServer.d.ts.map +1 -1
package/dist/types/ts/McpToolAuthorization.d.ts +17 -2
package/dist/types/ts/McpToolAuthorization.d.ts.map +1 -1
package/dist/types/ts/YamlContent.d.ts +15 -1
package/dist/types/ts/YamlContent.d.ts.map +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,8 +1,22 @@
-async function X(r,t=0){let e=new TextEncoder().encode(r);if(!crypto.subtle)throw"Requires secure origin (localhost or https:)";let o=await crypto.subtle.digest("SHA-1",e),n=new Uint8Array(o),s=String.fromCodePoint(...n),a=btoa(s).replaceAll("+","-").replaceAll("/","_").replaceAll("=","");return t?a.substring(0,t):a}async function Nt(r,t=0){let e=new TextEncoder().encode(r);if(!crypto.subtle)throw"Requires secure origin (localhost or https:)";let o=await crypto.subtle.digest("SHA-1",e),s=Array.from(new Uint8Array(o)).map(i=>i.toString(16).padStart(2,"0")).join("");return t?s.substring(0,t):s}async function O(r){return typeof r=="string"&&(r=new URL(r)),await X(String(r),8)}var z={name:"RSASSA-PKCS1-v1_5",modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},k=class{#t;#r;constructor(t=z){if(this.#t=t,!crypto.subtle)throw"Crypto.subtle requires secure environment"}async generate(){this.#r=await crypto.subtle.generateKey(this.#t,!0,["sign","verify"])}async publicJwk(){if(!this.#r)throw"Must generate keypair";let t=this.#r.publicKey;return await crypto.subtle.exportKey("jwk",t)}async privateJwk(){if(!this.#r)throw"Must generate keypair";let t=this.#r.privateKey;return await crypto.subtle.exportKey("jwk",t)}async publicPem(){if(!this.#r)throw"Must generate keypair";let t=this.#r.publicKey,e=await crypto.subtle.exportKey("spki",t);return`-----BEGIN PUBLIC KEY-----
+async function Tt(o,t=0){let e=new TextEncoder().encode(o);if(!crypto.subtle)throw"Requires secure origin (localhost or https:)";let n=await crypto.subtle.digest("SHA-1",e),r=new Uint8Array(n),s=String.fromCodePoint(...r),a=btoa(s).replaceAll("+","-").replaceAll("/","_").replaceAll("=","");return t?a.substring(0,t):a}async function Ce(o,t=0){let e=new TextEncoder().encode(o);if(!crypto.subtle)throw"Requires secure origin (localhost or https:)";let n=await crypto.subtle.digest("SHA-1",e),s=Array.from(new Uint8Array(n)).map(i=>i.toString(16).padStart(2,"0")).join("");return t?s.substring(0,t):s}async function P(o){return typeof o=="string"&&(o=new URL(o)),await Tt(String(o),8)}var b={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},V=/https?:\/\/[^\/]+$/,Ct=/^\/issuer\/[a-f0-9]{32}$/,St=1e3*30,p=class o{static Source={PARTY_CONTROL:"party:control"};static Counterparty={PUBLIC:"public"};static Capability={OPEN:"open",CLOSE:"close",GRANT:"grant",REVOKE:"revoke",OFFER:"offer",RETRACT:"retract",DELETE:"delete",CATALOG:"catalog",ALIAS:"alias",UNALIAS:"unalias",GET_ITEM:"getitem",SET_ITEM:"setitem",ALERT:"alert",LOG:"log",CHAT:"chat",READ_MEMORY:"read_memory",WRITE_MEMORY:"write_memory",READ:"read",WRITE:"write"};static DEFAULT_EXPIRY_MILLIS=1e3*60*60*24;static TOKEN_HEADER="x-tabserver-token";static SCOPE_SEPARATOR=/[\s,;\|]+/;static#t=1e3*60;static#e=2048;static#o=new Map;static#s=new Map;#n=null;#r=null;#c;#u;#l;#i;constructor(t){let e=null;if(typeof t=="object")e=t;else if(typeof t=="string")try{e=JSON.parse(atob(t))}catch{throw"Invalid token format"}else throw`Cannot construct token from ${typeof t}`;this.#r=e.sig,delete e.sig,this.#n=e;let{iss:n,aud:r,sub:s,src:i,scope:a,iat:c,exp:l}=e;if(!n||!r||!s||!i||!a||!c||!l)throw"Token must include iss, aud, sub, src, scope, iat and exp";if(!r.match(V)||!s.match(V))throw"The aud and sub attributes must be origins";if(this.#c=new URL(r),this.#u=new URL(s),this.#l=new URL(i),this.#l.search||this.#l.hash)throw"The src attribute must have no query or fragment component.";this.#n=e}async signWith(t){if(this.#n==null)throw"No payload to sign";let e=await t,n=await crypto.subtle.importKey("jwk",e,b,!0,["sign"]),r=JSON.stringify(this.#n),s=new TextEncoder().encode(r).buffer,i=new Uint8Array(s),a=await crypto.subtle.sign(b,n,i),c=o.bytesToBase64(new Uint8Array(a));return this.#r=c,c}async verifySignatory(){let t=String(this.getIssuer()),{signatory:e,publicKey:n}=await o.#C(t);this.#i=e,this.#m(),await this.#p(n)}async fetchSignatory(){let t=String(this.getIssuer());this.#i=await o.#f(t),this.#m()}async checkSignature(t){if(!this.#n||!this.#r)throw"checkSignature: no payload or signatureBase64";let e=await t,n=await o.#y(e,String(this.getIssuer()));await this.#p(n)}async#p(t){if(!this.#n||!this.#r)throw"checkSignature: no payload or signatureBase64";let e=JSON.stringify(this.#n),n=new TextEncoder().encode(e),r=o.base64ToBytes(this.#r);if(!await crypto.subtle.verify(b,t,r,n))throw`Signature rejected by issuer ${this.getIssuer()}`}#m(){if(!this.#i)throw"validateSignatory: no signatory";let t=this.#i.src,e=this.getSrc(),n=this.getIssuer();if(n.origin!==this.getSub())throw`Token issuer origin '${n.origin}' should be token sub '${this.getSub()}'`;if(e===o.Source.PARTY_CONTROL){if(t!==o.Source.PARTY_CONTROL)throw`Token src '${e}' cannot be signed by signatory src '${t}'`}else if(this.#l.protocol==="http:"||this.#l.protocol==="https:"){if(t!==e&&t!==o.Source.PARTY_CONTROL)throw`Token src '${e}' cannot be signed by signatory src '${t}'`}else throw`Unsupported token src '${e}'`;if(t===o.Source.PARTY_CONTROL){if(!n.pathname.startsWith("/device/"))throw`Party control signatory issuer path '${n.pathname}' must start with /device/`;return}let r=new URL(t);if(r.protocol!=="http:"&&r.protocol!=="https:")throw`Invalid signatory src '${t}'`;if(!Ct.test(n.pathname))throw`App signatory issuer path '${n.pathname}' must match /issuer/<appId>`}static async#C(t){let e=o.#g(t);if(e)return e;let n=o.#s.get(t);if(n)return await n;let r=(async()=>{let s=await o.#f(t),i=await o.#y(s.jwk,t),a={signatory:s,publicKey:i,expiresAt:Date.now()+o.#t};return o.#d(t,a),a})();o.#s.set(t,r);try{return await r}finally{o.#s.delete(t)}}static#g(t){let e=o.#o.get(t);return e?e.expiresAt<=Date.now()?(o.#o.delete(t),null):(o.#o.delete(t),o.#o.set(t,e),e):null}static#d(t,e){for(o.#o.has(t)&&o.#o.delete(t),o.#o.set(t,e);o.#o.size>o.#e;){let n=o.#o.keys().next().value;if(!n)break;console.log("Evicting token signatory cache entry due max size",{issuer:t,entryExpiresAt:e.expiresAt,cacheMaxEntries:o.#e}),o.#o.delete(n)}}static async#f(t){try{let n=await(await fetch(t,{headers:{"content-type":"application/json"}})).json();if("error"in n)throw n.error;let r=n.ok;if(!r||typeof r!="object"||!r.jwk||typeof r.jwk!="object")throw"Invalid signatory response";if(typeof r.src!="string")throw"Invalid signatory src";return r}catch(e){throw`Failed to read signatory at ${t}: ${e}`}}static async#y(t,e){if(!t||typeof t!="object"||"error"in t)throw`Missing or invalid public JWK at issuer ${e}`;try{return await crypto.subtle.importKey("jwk",t,b,!0,["verify"])}catch{throw`Missing or invalid public JWK at issuer ${e}`}}getSignedPayload(){if(!this.#r||!this.#n)throw"getSignedPayload: no signatureBase64 or payload";return{...this.#n,sig:this.#r}}getPayload(){if(!this.#n)throw"getPayload: no payload";return this.#n}getAud(){return this.#c.origin}getParty(){return this.#c.host}getSub(){return this.#u.origin}getSrc(){return String(this.#l)}getCounterparty(){return this.#u.host}getSignatorySrc(){if(!this.#i)throw"getSignatorySrc: no signatory";return this.#i.src}getSourceUrl(){return this.#l}getIssuer(){return new URL(this.getPayload().iss)}getSources(){if(!this.#n)throw"getSources: no payload";let t=[];for(let e in this.#n.scope)t.push(e);return t}getCapabilities(t){if(!this.#n)throw"getCapabilities: no payload";let e=this.#n.scope;if(!(t in e))throw`Source '${t}' not in scope`;return e[t].split(o.SCOPE_SEPARATOR)}hasCapability(t,e){return this.getCapabilities(t).includes(e)}checkPeriod(){if(!this.#n)throw"checkPeriod: no payload";let{iat:t,exp:e}=this.#n,n=Date.now();if(n<t-St)throw"Token is not yet valid";if(n>e)throw"Token has expired"}asSignedBase64(){return btoa(JSON.stringify(this.getSignedPayload()))}static bytesToBase64(t){let e=Array.from(t,n=>String.fromCodePoint(n)).join("");return btoa(e)}static base64ToBytes(t){let e=atob(t);return Uint8Array.from(e,n=>n.codePointAt(0)??0)}static from(t){let e=t.headers.get(o.TOKEN_HEADER);return e?new o(e):null}static toSearchString(t){let e=new URLSearchParams;for(let n in t){let s=t[n].asSignedBase64();e.append(n,s)}return e.toString()}};var Rt=/^[\w\-.:]+(?:\/[\w\-.:]+)*$/,Pt=/^[\w\-.:%_]+(?:\/[\w\-.:%_]+)*$/,w=class{#t;constructor(t){this.#t=t}getItem(t){return kt(this.#t,t)}getItemsLike(t){return Ot(this.#t,t)}setItem(t,e){return At(this.#t,t,e)}removeItem(t){return Et(this.#t,t)}};function L(o){if(o.match(Rt)==null)throw`DaemonStorage: Invalid key: '${o}`}function bt(o){if(o.match(Pt)==null)throw`DaemonStorage: Invalid like key: ${o}`}function xt(o){try{return JSON.stringify(o)}catch{throw"DaemonStorage: Invalid value"}}async function At(o,t,e){L(t);let n=xt(e),r=`${o.getAud()}/storage/${t}`;return(await fetch(r,{method:"PUT",headers:{"X-Tabserver-Token":o.asSignedBase64(),"Content-Type":"application/json"},body:n})).json()}async function kt(o,t){L(t);let e=`${o.getAud()}/storage/${t}`;return(await fetch(e,{method:"GET",headers:{"X-Tabserver-Token":o.asSignedBase64()}})).json()}async function Ot(o,t){bt(t);let e=new URL(`${o.getAud()}/storage`);return e.searchParams.append("like",t),await(await fetch(e,{method:"GET",headers:{"X-Tabserver-Token":o.asSignedBase64()}})).json()}async function Et(o,t){L(t);let e=`${o.getAud()}/storage/${t}`;return(await fetch(e,{method:"DELETE",headers:{"X-Tabserver-Token":o.asSignedBase64()}})).json()}var H={Ash:"\xE6",Hash:"#"},vt={Ash:encodeURIComponent("\xE6")},x=class{params=new URLSearchParams;extractHash(t){t=t.startsWith(H.Hash)?t.substring(1):t;let e=t.indexOf(vt.Ash);if(e===-1)return t;let n=new URLSearchParams(t.slice(e));return this.extract(n),t.slice(0,e)}extractQuery(t){let e=new URLSearchParams(t);return this.extract(e),e.toString()}extract(t){let e=Array.from(t.keys());for(let n of e)n.startsWith(H.Ash)&&(this.params.set(n.substring(1),t.get(n)??""),t.delete(n))}getParams(){return this.params}};var A="party",_="prefix",Nt="lastKnownDaemon",y=class o{static#t;#e;#o;#s;#n;static async getInstance(t=void 0){if(!t&&!o.#t)throw"Must provide app name";if(t&&o.#t&&t!==o.#t.#e)throw`Cannot change app name from ${o.#t.#e} to ${t}`;if(t&&!o.#t&&(o.#t=new o(t),await o.#t.init()),!o.#t)throw"No instance of BrowserApp";return o.#t}constructor(t){this.#e=t,this.#o=`${t}Party`,this.#s=`${t}Tokens`,this.#n=`${t}AppUrl`}async init(){let t=new URL(globalThis.location.href),e=new x,n=e.extractHash(t.hash),r=e.extractQuery(t.search),s=e.getParams();if(s.has(A)){sessionStorage[this.#s]=s.toString();let i=this.getToken();await i.verifySignatory(),sessionStorage[this.#o]=i.getParty(),localStorage.setItem(Nt,i.getParty());let a=i.getSourceUrl();if(a.origin!==t.origin||a.pathname!==t.pathname)throw`Party token is for different app: ${a}`}return t.hash=n,t.search=r,(s.has(A)||sessionStorage[this.#n]===void 0)&&(sessionStorage[this.#n]=t.toString()),globalThis.history.replaceState(null,"",t.toString()),this}isOrphan(){return sessionStorage[this.#o]===void 0||sessionStorage[this.#s]===void 0}getAppName(){return this.#e}getAppUrl(){return sessionStorage[this.#n]}getParty(){return sessionStorage[this.#o]}getPartyOrigin(){return`${globalThis.location.protocol}//${this.getParty()}`}getDefaultPrefix(t=null){t||(t=this.getAppUrl());let e=new URL(t);return e.hash="",P(e)}getPrefix(){return this.hasParam(_)?Promise.resolve(this.getParam(_)??""):this.getDefaultPrefix()}async getAgentUrl(t){let e=this.getPartyOrigin(),n=await this.getPrefix(),r=`${e}/tab/${n}`;return t?`${r}/${t}`:r}async getAgentEndpoint(t){let{party:e=this.getParty(),appUrl:n=this.getAppUrl(),prefix:r=await this.getDefaultPrefix(n),tab:s}=t,a=`${new URL(n).protocol}//${e}/tab/${r}`;return s?`${a}/${s}`:a}getTokenBase64(t=A){let e=sessionStorage[this.#s],r=new URLSearchParams(e).get(t);if(!r)throw`No token for ${t}, check 'audience' in YML`;return r}getToken(t=A){let e=this.getTokenBase64(t);return new p(e)}getParam(t){let e=new URL(globalThis.location.href).searchParams;for(let[r,s]of e)if(t.toLowerCase()==r.toLowerCase())return s;return document.querySelector("link[rel=webdaemon]")?.getAttribute(t)??null}hasParam(t){return new URL(globalThis.location.href).searchParams.has(t)?!0:document.querySelector("link[rel=webdaemon]")?.hasAttribute(t)??!1}async getLaunchAlert(){let t=this.getPartyOrigin(),e=new URL(`${t}/catalog`);e.searchParams.append("alert","");let r=await(await fetch(e,{headers:{"X-Tabserver-Token":this.getTokenBase64(),Accept:"application/json"}})).json();if("error"in r)throw r.error;return r.ok.alert.find(i=>i.type=="LAUNCH"&&i.sourceUrl==new URL(this.getAppUrl()))||null}async resolveLaunchAlert(){let t=this.getPartyOrigin(),e=new URL(`${t}/resolve`),r=await(await fetch(e,{method:"POST",headers:{"X-Tabserver-Token":this.getTokenBase64(),"Content-Type":"application/json"},body:JSON.stringify({type:"LAUNCH",source:this.getAppUrl()})})).json();if("error"in r)throw r.error}async rejectLaunchAlert(){let t=this.getPartyOrigin(),e=new URL(`${t}/reject`),r=await(await fetch(e,{method:"POST",headers:{"X-Tabserver-Token":this.getTokenBase64(),"Content-Type":"application/json"},body:JSON.stringify({type:"LAUNCH",source:this.getAppUrl()})})).json();if("error"in r)throw r.error}getStorage(){return new w(this.getToken())}};var It="agent",k=class{#t=new Map;register(t,e,n){return this.#t.set(t,{descriptor:e,execute:n}),this}descriptors(){return[...this.#t.values()].map(t=>t.descriptor)}async executeToolCalls(t,e={}){let n=[];for(let r of t){let s=this.#t.get(r.name);if(!s){n.push({toolCallId:r.id,name:r.name,content:`No client tool named ${r.name}`,isError:!0});continue}try{let i=await s.execute(r.input||{},e);n.push({toolCallId:r.id,name:r.name,content:JSON.stringify(i)})}catch(i){n.push({toolCallId:r.id,name:r.name,content:String(i),isError:!0})}}return n}},F=class{#t;#e;#o;#s=null;#n;constructor(t={}){this.#t=t.app,this.#e=t.appName,this.#o=t.agentTab??It,this.#n=t.clientTools??new k}get app(){return this.#t??null}get agentUrl(){return this.#s}get clientTools(){return this.#n}async init(){return this.#t??=await y.getInstance(this.#e),this.#t.isOrphan()||(this.#s=await this.#t.getAgentUrl(this.#o)),this}isOrphan(){return!!this.#t?.isOrphan()}getParty(){return this.#r().getParty()}listChats({targetParty:t}){return this.postAgent("/chats",{targetParty:t})}createSession(t){return this.postAgent("/session",{targetParty:t.targetParty,...t.chatId?{chatId:t.chatId}:{},systemPrompt:t.systemPrompt,temperature:t.temperature,clientTools:this.#n.descriptors()})}async sendMessage(t){let e=await this.postAgent("/send",{targetParty:t.targetParty,chatId:t.chatId,message:t.message,temperature:t.temperature,toolsEnabled:t.toolsEnabled,toolDetails:t.toolDetails});for(await t.onConversationResult?.(e);e.clientToolCalls?.length;){await t.onClientToolCalls?.(e.clientToolCalls);let n=await this.#n.executeToolCalls(e.clientToolCalls,{targetParty:t.targetParty});e=await this.sendClientToolResults({targetParty:t.targetParty,chatId:t.chatId,toolResults:n,temperature:t.temperature,toolsEnabled:t.toolsEnabled,toolDetails:t.toolDetails}),await t.onConversationResult?.(e)}return e}sendClientToolResults(t){return this.postAgent("/client-tool-results",{targetParty:t.targetParty,chatId:t.chatId,toolResults:t.toolResults,temperature:t.temperature,toolsEnabled:t.toolsEnabled,toolDetails:t.toolDetails})}closeChat({targetParty:t,chatId:e}){return this.postAgent("/close",{targetParty:t,chatId:e})}deleteChat({targetParty:t,chatId:e}){return this.postAgent("/delete",{targetParty:t,chatId:e})}async postAgent(t,e){if(!this.#s)throw"Agent URL is not available";let r=await(await fetch(`${this.#s}${t}`,{method:"POST",headers:{"Content-Type":"application/json","X-Tabserver-Token":this.#r().getTokenBase64()},body:JSON.stringify(e)})).json();if("error"in r)throw r.error;return r.ok}normalizeTargetParty(t){let e=String(t??"").trim();if(!e)throw"Daemon host is required";try{let n=e.includes("://")?new URL(e):new URL(`${globalThis.location.protocol}//${e}`);if(!n.host)throw"missing host";return n.host}catch{throw`Invalid daemon host: ${t}`}}#r(){if(!this.#t)throw"Browser app is not initialised";return this.#t}};function Ne(o=void 0){let t=new k;return t.register("browser_daemon_identity",{type:"function",name:"browser_daemon_identity",execution:"client",description:"Get the active chat daemon and the counterparty it is talking to, derived from the browser launch token and active chat target.",parameters:{type:"object",properties:{},additionalProperties:!1}},async(e,n={})=>{let s=(o??await y.getInstance()).getToken(),i=n.targetParty||s.getParty();return{aud:n.targetAud||`${globalThis.location.protocol}//${i}`,sub:s.getSub(),party:i,counterparty:s.getCounterparty(),src:s.getSrc()}}),t.register("browser_language",{type:"function",name:"browser_language",execution:"client",description:"Get the browser language preferences for this page.",parameters:{type:"object",properties:{},additionalProperties:!1}},()=>({language:navigator.language,languages:Array.from(navigator.languages??[])})),t.register("browser_time",{type:"function",name:"browser_time",execution:"client",description:"Get the current timezone and local time from the browser.",parameters:{type:"object",properties:{},additionalProperties:!1}},()=>{let e=new Date,n=Intl.DateTimeFormat().resolvedOptions().timeZone;return{timeZone:n,isoTime:e.toISOString(),localTime:e.toLocaleString(void 0,{timeZone:n}),offsetMinutes:-e.getTimezoneOffset()}}),t}var Jt={name:"RSASSA-PKCS1-v1_5",modulusLength:2048,publicExponent:new Uint8Array([1,0,1]),hash:"SHA-256"},Y=class{#t;#e;constructor(t=Jt){if(this.#t=t,!crypto.subtle)throw"Crypto.subtle requires secure environment"}async generate(){this.#e=await crypto.subtle.generateKey(this.#t,!0,["sign","verify"])}async publicJwk(){if(!this.#e)throw"Must generate keypair";let t=this.#e.publicKey;return await crypto.subtle.exportKey("jwk",t)}async privateJwk(){if(!this.#e)throw"Must generate keypair";let t=this.#e.privateKey;return await crypto.subtle.exportKey("jwk",t)}async publicPem(){if(!this.#e)throw"Must generate keypair";let t=this.#e.publicKey,e=await crypto.subtle.exportKey("spki",t);return`-----BEGIN PUBLIC KEY-----
 ${btoa(String.fromCharCode(...new Uint8Array(e))).match(/.{1,64}/g)?.join(`
 `)??""}
------END PUBLIC KEY-----`}async privatePem(){if(!this.#r)throw"Must generate keypair";let t=this.#r.privateKey,e=await crypto.subtle.exportKey("pkcs8",t);return`-----BEGIN PRIVATE KEY-----
+-----END PUBLIC KEY-----`}async privatePem(){if(!this.#e)throw"Must generate keypair";let t=this.#e.privateKey,e=await crypto.subtle.exportKey("pkcs8",t);return`-----BEGIN PRIVATE KEY-----
 ${btoa(String.fromCharCode(...new Uint8Array(e))).match(/.{1,64}/g)?.join(`
 `)??""}
------END PRIVATE KEY-----`}};var m={name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},E=/https?:\/\/[^\/]+$/,Q=/^\/issuer\/[a-f0-9]{32}$/,Z=1e3*30,l=class r{static Source={PARTY_CONTROL:"party:control"};static Counterparty={PUBLIC:"public"};static Capability={OPEN:"open",CLOSE:"close",GRANT:"grant",REVOKE:"revoke",OFFER:"offer",RETRACT:"retract",DELETE:"delete",CATALOG:"catalog",ALIAS:"alias",UNALIAS:"unalias",GET_ITEM:"getitem",SET_ITEM:"setitem",ALERT:"alert",LOG:"log",CHAT:"chat",READ_MEMORY:"read_memory",WRITE_MEMORY:"write_memory",READ:"read",WRITE:"write"};static DEFAULT_EXPIRY_MILLIS=1e3*60*60*24;static TOKEN_HEADER="x-tabserver-token";static SCOPE_SEPARATOR=/[\s,;\|]+/;static#t=1e3*60;static#r=2048;static#e=new Map;static#s=new Map;#o=null;#n=null;#i;#l;#a;#c;constructor(t){let e=null;if(typeof t=="object")e=t;else if(typeof t=="string")try{e=JSON.parse(atob(t))}catch{throw"Invalid token format"}else throw`Cannot construct token from ${typeof t}`;this.#n=e.sig,delete e.sig,this.#o=e;let{iss:o,aud:n,sub:s,src:i,scope:a,iat:p,exp:c}=e;if(!o||!n||!s||!i||!a||!p||!c)throw"Token must include iss, aud, sub, src, scope, iat and exp";if(!n.match(E)||!s.match(E))throw"The aud and sub attributes must be origins";if(this.#i=new URL(n),this.#l=new URL(s),this.#a=new URL(i),this.#a.search||this.#a.hash)throw"The src attribute must have no query or fragment component.";this.#o=e}async signWith(t){if(this.#o==null)throw"No payload to sign";let e=await t,o=await crypto.subtle.importKey("jwk",e,m,!0,["sign"]),n=JSON.stringify(this.#o),s=new TextEncoder().encode(n).buffer,i=new Uint8Array(s),a=await crypto.subtle.sign(m,o,i),p=r.bytesToBase64(new Uint8Array(a));return this.#n=p,p}async verifySignatory(){let t=String(this.getIssuer()),{signatory:e,publicKey:o}=await r.#f(t);this.#c=e,this.#u(),await this.#p(o)}async fetchSignatory(){let t=String(this.getIssuer());this.#c=await r.#h(t),this.#u()}async checkSignature(t){if(!this.#o||!this.#n)throw"checkSignature: no payload or signatureBase64";let e=await t,o=await r.#g(e,String(this.getIssuer()));await this.#p(o)}async#p(t){if(!this.#o||!this.#n)throw"checkSignature: no payload or signatureBase64";let e=JSON.stringify(this.#o),o=new TextEncoder().encode(e),n=r.base64ToBytes(this.#n);if(!await crypto.subtle.verify(m,t,n,o))throw`Signature rejected by issuer ${this.getIssuer()}`}#u(){if(!this.#c)throw"validateSignatory: no signatory";let t=this.#c.src,e=this.getSrc(),o=this.getIssuer();if(o.origin!==this.getSub())throw`Token issuer origin '${o.origin}' should be token sub '${this.getSub()}'`;if(e===r.Source.PARTY_CONTROL){if(t!==r.Source.PARTY_CONTROL)throw`Token src '${e}' cannot be signed by signatory src '${t}'`}else if(this.#a.protocol==="http:"||this.#a.protocol==="https:"){if(t!==e&&t!==r.Source.PARTY_CONTROL)throw`Token src '${e}' cannot be signed by signatory src '${t}'`}else throw`Unsupported token src '${e}'`;if(t===r.Source.PARTY_CONTROL){if(!o.pathname.startsWith("/device/"))throw`Party control signatory issuer path '${o.pathname}' must start with /device/`;return}let n=new URL(t);if(n.protocol!=="http:"&&n.protocol!=="https:")throw`Invalid signatory src '${t}'`;if(!Q.test(o.pathname))throw`App signatory issuer path '${o.pathname}' must match /issuer/<appId>`}static async#f(t){let e=r.#d(t);if(e)return e;let o=r.#s.get(t);if(o)return await o;let n=(async()=>{let s=await r.#h(t),i=await r.#g(s.jwk,t),a={signatory:s,publicKey:i,expiresAt:Date.now()+r.#t};return r.#y(t,a),a})();r.#s.set(t,n);try{return await n}finally{r.#s.delete(t)}}static#d(t){let e=r.#e.get(t);return e?e.expiresAt<=Date.now()?(r.#e.delete(t),null):(r.#e.delete(t),r.#e.set(t,e),e):null}static#y(t,e){for(r.#e.has(t)&&r.#e.delete(t),r.#e.set(t,e);r.#e.size>r.#r;){let o=r.#e.keys().next().value;if(!o)break;console.log("Evicting token signatory cache entry due max size",{issuer:t,entryExpiresAt:e.expiresAt,cacheMaxEntries:r.#r}),r.#e.delete(o)}}static async#h(t){try{let o=await(await fetch(t,{headers:{"content-type":"application/json"}})).json();if("error"in o)throw o.error;let n=o.ok;if(!n||typeof n!="object"||!n.jwk||typeof n.jwk!="object")throw"Invalid signatory response";if(typeof n.src!="string")throw"Invalid signatory src";return n}catch(e){throw`Failed to read signatory at ${t}: ${e}`}}static async#g(t,e){if(!t||typeof t!="object"||"error"in t)throw`Missing or invalid public JWK at issuer ${e}`;try{return await crypto.subtle.importKey("jwk",t,m,!0,["verify"])}catch{throw`Missing or invalid public JWK at issuer ${e}`}}getSignedPayload(){if(!this.#n||!this.#o)throw"getSignedPayload: no signatureBase64 or payload";return{...this.#o,sig:this.#n}}getPayload(){if(!this.#o)throw"getPayload: no payload";return this.#o}getAud(){return this.#i.origin}getParty(){return this.#i.host}getSub(){return this.#l.origin}getSrc(){return String(this.#a)}getCounterparty(){return this.#l.host}getSignatorySrc(){if(!this.#c)throw"getSignatorySrc: no signatory";return this.#c.src}getSourceUrl(){return this.#a}getIssuer(){return new URL(this.getPayload().iss)}getSources(){if(!this.#o)throw"getSources: no payload";let t=[];for(let e in this.#o.scope)t.push(e);return t}getCapabilities(t){if(!this.#o)throw"getCapabilities: no payload";let e=this.#o.scope;if(!(t in e))throw`Source '${t}' not in scope`;return e[t].split(r.SCOPE_SEPARATOR)}hasCapability(t,e){return this.getCapabilities(t).includes(e)}checkPeriod(){if(!this.#o)throw"checkPeriod: no payload";let{iat:t,exp:e}=this.#o,o=Date.now();if(o<t-Z)throw"Token is not yet valid";if(o>e)throw"Token has expired"}asSignedBase64(){return btoa(JSON.stringify(this.getSignedPayload()))}static bytesToBase64(t){let e=Array.from(t,o=>String.fromCodePoint(o)).join("");return btoa(e)}static base64ToBytes(t){let e=atob(t);return Uint8Array.from(e,o=>o.codePointAt(0)??0)}static from(t){let e=t.headers.get(r.TOKEN_HEADER);return e?new r(e):null}static toSearchString(t){let e=new URLSearchParams;for(let o in t){let s=t[o].asSignedBase64();e.append(o,s)}return e.toString()}};var tt=/^[\w\-.:]+(?:\/[\w\-.:]+)*$/,et=/^[\w\-.:%_]+(?:\/[\w\-.:%_]+)*$/,g=class{#t;constructor(t){this.#t=t}getItem(t){return st(this.#t,t)}getItemsLike(t){return it(this.#t,t)}setItem(t,e){return nt(this.#t,t,e)}removeItem(t){return at(this.#t,t)}};function P(r){if(r.match(tt)==null)throw`DaemonStorage: Invalid key: '${r}`}function rt(r){if(r.match(et)==null)throw`DaemonStorage: Invalid like key: ${r}`}function ot(r){try{return JSON.stringify(r)}catch{throw"DaemonStorage: Invalid value"}}async function nt(r,t,e){P(t);let o=ot(e),n=`${r.getAud()}/storage/${t}`;return(await fetch(n,{method:"PUT",headers:{"X-Tabserver-Token":r.asSignedBase64(),"Content-Type":"application/json"},body:o})).json()}async function st(r,t){P(t);let e=`${r.getAud()}/storage/${t}`;return(await fetch(e,{method:"GET",headers:{"X-Tabserver-Token":r.asSignedBase64()}})).json()}async function it(r,t){rt(t);let e=new URL(`${r.getAud()}/storage`);return e.searchParams.append("like",t),await(await fetch(e,{method:"GET",headers:{"X-Tabserver-Token":r.asSignedBase64()}})).json()}async function at(r,t){P(t);let e=`${r.getAud()}/storage/${t}`;return(await fetch(e,{method:"DELETE",headers:{"X-Tabserver-Token":r.asSignedBase64()}})).json()}var N={Ash:"\xE6",Hash:"#"},ct={Ash:encodeURIComponent("\xE6")},w=class{params=new URLSearchParams;extractHash(t){t=t.startsWith(N.Hash)?t.substring(1):t;let e=t.indexOf(ct.Ash);if(e===-1)return t;let o=new URLSearchParams(t.slice(e));return this.extract(o),t.slice(0,e)}extractQuery(t){let e=new URLSearchParams(t);return this.extract(e),e.toString()}extract(t){let e=Array.from(t.keys());for(let o of e)o.startsWith(N.Ash)&&(this.params.set(o.substring(1),t.get(o)??""),t.delete(o))}getParams(){return this.params}};var S="party",v="prefix",lt="lastKnownDaemon",T=class r{static#t;#r;#e;#s;#o;static async getInstance(t=void 0){if(!t&&!r.#t)throw"Must provide app name";if(t&&r.#t&&t!==r.#t.#r)throw`Cannot change app name from ${r.#t.#r} to ${t}`;if(t&&!r.#t&&(r.#t=new r(t),await r.#t.init()),!r.#t)throw"No instance of BrowserApp";return r.#t}constructor(t){this.#r=t,this.#e=`${t}Party`,this.#s=`${t}Tokens`,this.#o=`${t}AppUrl`}async init(){let t=new URL(globalThis.location.href),e=new w,o=e.extractHash(t.hash),n=e.extractQuery(t.search),s=e.getParams();if(s.has(S)){sessionStorage[this.#s]=s.toString();let i=this.getToken();await i.verifySignatory(),sessionStorage[this.#e]=i.getParty(),localStorage.setItem(lt,i.getParty());let a=i.getSourceUrl();if(a.origin!==t.origin||a.pathname!==t.pathname)throw`Party token is for different app: ${a}`}return t.hash=o,t.search=n,(s.has(S)||sessionStorage[this.#o]===void 0)&&(sessionStorage[this.#o]=t.toString()),globalThis.history.replaceState(null,"",t.toString()),this}isOrphan(){return sessionStorage[this.#e]===void 0||sessionStorage[this.#s]===void 0}getAppName(){return this.#r}getAppUrl(){return sessionStorage[this.#o]}getParty(){return sessionStorage[this.#e]}getPartyOrigin(){return`${globalThis.location.protocol}//${this.getParty()}`}getDefaultPrefix(t=null){t||(t=this.getAppUrl());let e=new URL(t);return e.hash="",O(e)}getPrefix(){return this.hasParam(v)?Promise.resolve(this.getParam(v)??""):this.getDefaultPrefix()}async getAgentUrl(t){let e=this.getPartyOrigin(),o=await this.getPrefix(),n=`${e}/tab/${o}`;return t?`${n}/${t}`:n}async getAgentEndpoint(t){let{party:e=this.getParty(),appUrl:o=this.getAppUrl(),prefix:n=await this.getDefaultPrefix(o),tab:s}=t,a=`${new URL(o).protocol}//${e}/tab/${n}`;return s?`${a}/${s}`:a}getTokenBase64(t=S){let e=sessionStorage[this.#s],n=new URLSearchParams(e).get(t);if(!n)throw`No token for ${t}, check 'audience' in YML`;return n}getToken(t=S){let e=this.getTokenBase64(t);return new l(e)}getParam(t){let e=new URL(globalThis.location.href).searchParams;for(let[n,s]of e)if(t.toLowerCase()==n.toLowerCase())return s;return document.querySelector("link[rel=webdaemon]")?.getAttribute(t)??null}hasParam(t){return new URL(globalThis.location.href).searchParams.has(t)?!0:document.querySelector("link[rel=webdaemon]")?.hasAttribute(t)??!1}async getLaunchAlert(){let t=this.getPartyOrigin(),e=new URL(`${t}/catalog`);e.searchParams.append("alert","");let n=await(await fetch(e,{headers:{"X-Tabserver-Token":this.getTokenBase64(),Accept:"application/json"}})).json();if("error"in n)throw n.error;return n.ok.alert.find(i=>i.type=="LAUNCH"&&i.sourceUrl==new URL(this.getAppUrl()))||null}async resolveLaunchAlert(){let t=this.getPartyOrigin(),e=new URL(`${t}/resolve`),n=await(await fetch(e,{method:"POST",headers:{"X-Tabserver-Token":this.getTokenBase64(),"Content-Type":"application/json"},body:JSON.stringify({type:"LAUNCH",source:this.getAppUrl()})})).json();if("error"in n)throw n.error}async rejectLaunchAlert(){let t=this.getPartyOrigin(),e=new URL(`${t}/reject`),n=await(await fetch(e,{method:"POST",headers:{"X-Tabserver-Token":this.getTokenBase64(),"Content-Type":"application/json"},body:JSON.stringify({type:"LAUNCH",source:this.getAppUrl()})})).json();if("error"in n)throw n.error}getStorage(){return new g(this.getToken())}};async function Vt(){let r=await T.getInstance(),t=r.getPartyOrigin(),e=new URL(`${t}/catalog`);e.searchParams.append("alert","");let n=await(await fetch(e,{headers:{"X-Tabserver-Token":r.getTokenBase64(),Accept:"application/json"}})).json();if("error"in n)throw n.error;return n.ok.alert.find(i=>i.type=="LAUNCH"&&i.sourceUrl==new URL(r.getAppUrl()))||null}var L=class{#t;#r;#e;#s;#o;#n;#i;async initWithKey(t,e,o,n){this.#r=e.startsWith("https:")?"https:":"http:",this.#e=t,this.#o=e,this.#t=o,this.#s=n,await this.#l()}async checkActivate(){if(!this.#n)throw"checkActivate: No token";let t=new URL(`${this.#n.getAud()}/activate`),e=this.#n.asSignedBase64(),o={},n;try{n=await fetch(t,{method:"POST",headers:{"x-tabserver-token":e,"content-type":"application/json"},body:JSON.stringify(o)});let{ok:s,error:i}=await n.json();if(i)throw i;return!!s.isNew}catch(s){throw console.error(s),`Cannot activate ${this.#n.getParty()}`}}async makeOffer(t,e=null){let{type:o="TRANSIENT",ttl:n=300,expiry:s=30,payload:i}=e??{};if(!this.#n)throw"makeOffer: No token";let a=new URL(`${this.#n.getAud()}/offer`),p=this.#n.asSignedBase64(),c={role:"party",type:o,ttl:n,description:`Offered by ${this.#n.getCounterparty()}`,payload:i,expiry:new Date(Date.now()+1e3*s),flow:t},h=await(await fetch(a,{method:"POST",headers:{"x-tabserver-token":p,"content-type":"application/json"},body:JSON.stringify(c)})).json();if("error"in h)throw h.error;let{claimCode:R,_checkState:b}=h.ok;return this.#i=R,h.ok}async checkState(){if(!this.#n||!this.#i)throw"checkState: No token or claimCode";let t=new URL(`${this.#n.getAud()}/offer/check`);t.searchParams.append("claimCode",this.#i);let e=this.#n.asSignedBase64(),n=await(await fetch(t,{headers:{"x-tabserver-token":e}})).json();if("error"in n)throw n.error;return n.ok.checkState}async confirmClaim(t){if(!this.#n||!this.#i)throw"confirmClaim: No token or claimCode";let e=new URL(`${this.#n.getAud()}/offer/confirm`),o=await this.#n.asSignedBase64(),n={claimCode:this.#i,checkCode:t},i=await(await fetch(e,{method:"POST",headers:{"x-tabserver-token":o,"content-type":"application/json"},body:JSON.stringify(n)})).json();if("error"in i)throw i.error;return i.ok}getChild(){if(!this.#e)throw"getChild: no child";return this.#e}getChildOrigin(){if(!this.#s||!this.#e)throw"getDaemonUrl: no issUrl or daemon";return`${this.#r}//${this.#e}`}async#l(){if(!this.#s||!this.#e||!this.#t)throw"buildToken: missing iss, child or privateJwk";let t=this.#s,e=this.getChildOrigin(),o=new URL(this.#s).origin,n;if(this.#o){let a=new URL(this.#o);n=`${a.origin}${a.pathname}`}else n="party:control";let s={iss:t,aud:e,sub:o,src:n,scope:{"party:control":"offer"},iat:Date.now(),exp:Date.now()+1e3*60*3},i=new l(s);await i.signWith(Promise.resolve(this.#t)),this.#n=i}};var pt="qrcode",U=class{#t;#r;constructor(t,e){this.#t=t,this.#r=e}generate(){let t=qrcode(0,"L");t.addData(this.#r),t.make();let e=t.createDataURL();return this.#t.classList.add(pt),this.#t.src=e,new Promise((o,n)=>{this.#t.onload=o,this.#t.onerror=n})}};function J(r){if(r===null)return r;if(Array.isArray(r))return r.map(J);if(typeof r=="object"){let t={};for(let[e,o]of Object.entries(r))t[e]=J(o);return t}return r}function qt(r){return r!==null}function Gt(r){return r!==void 0}function C(r,t){if("ok"in r){let i=JSON.stringify(r);return new Response(i,{status:200,headers:{...t,"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}})}let e=r.error,[,o,n]=e.match(/^(\d{3})\s(.+)/)??[null,"200",e],s=JSON.stringify({error:n});return new Response(s,{status:Number(o),headers:{...t,"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}})}function Xt(r={error:"404 Not Found"}){let t=JSON.stringify(r);return new Response(t,{status:404,headers:{"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}})}function zt(r,t=[]){return new Response(null,{status:302,headers:{Location:r.toString(),"Access-Control-Allow-Origin":"*",...t}})}function Qt(r){let{name:t,value:e,domain:o,sameSite:n,path:s="/",expires:i,secure:a=!0,httpOnly:p=!0}=r,c=[];return c.push(`${encodeURIComponent(t)}=${encodeURIComponent(e)}`),o&&c.push(`Domain=${o}`),n&&c.push(`SameSite=${n}`),c.push(`Path=${s}`),i&&c.push(`Expires=${i.toUTCString()}`),a&&c.push("Secure"),p&&c.push("HttpOnly"),c.join("; ")}var I="daemon",ut="config",ht="event",$={Config:"config"},j="config",gt=1e3*60*60,M=class r extends EventTarget{static#t=new r;static Ev=$;static getInstance(){return this.#t}static shouldHandle(t){return r.isConfig(t)||r.isEvent(t)}static isConfig(t){let e=new URL(t.url);return t.method=="POST"&&e.pathname==`/${I}/${ut}`&&t.headers.get("Content-Type")=="application/json"}static isEvent(t){let e=new URL(t.url);return t.method=="POST"&&e.pathname==`/${I}/${ht}`&&t.headers.get("Content-Type")=="application/json"}async handler(t){return r.isConfig(t)?await this.handleConfig(t):r.isEvent(t)?await this.handleEvent(t):C({error:"Invalid daemon request"})}async handleConfig(t){let e=await t.json();return sessionStorage.setItem(j,JSON.stringify(e)),this.dispatchEvent(new CustomEvent($.Config,{detail:e})),C({ok:!0})}async handleEvent(t){let{type:e,payload:o}=await t.json();return this.dispatchEvent(new CustomEvent(e,{detail:o})),C({ok:!0})}static getConfig(){let t=sessionStorage.getItem(j);if(!t)throw"DaemonConfig not ready";return JSON.parse(t)}static getPrivateKey(){let{system:{privateJwk:t}}=r.getConfig();return Promise.resolve(t)}static async getTokenFor(t,e=null,o=null,n=gt){let s=r.getConfig();if(!s)throw"Lifecycle configuration not yet available";let{system:{protocol:i,party:a,issuer:p,source:c}}=s,d=new URL(c),h=e?`${i}//${e}`:`${i}//${a}`,R=`${i}//${a}`,b=Date.now(),_={iss:p,aud:h,sub:R,src:o??`${d.origin}${d.pathname}`,scope:t,iat:b,exp:b+n},A=new l(_);return await A.signWith(r.getPrivateKey()),A}static async getStorage(){let t=await r.getStorageToken();return new g(t)}static getStorageToken(){let{system:{party:t}}=r.getConfig(),e={[l.Source.PARTY_CONTROL]:`${l.Capability.GET_ITEM} ${l.Capability.SET_ITEM}`};return r.getTokenFor(e,t)}};var x=class{#t;#r=1;constructor(t){if(t.post){this.#t=t.post;return}if(!t.url)throw new Error("JsonRpcMcpClient requires post or url");let e=t.fetch??fetch;this.#t=async o=>{let n=typeof t.headers=="function"?await t.headers():t.headers??{};return await(await e(t.url,{method:"POST",headers:dt(n),body:JSON.stringify(o)})).json()}}async listTools(){let e=(await this.#e("tools/list",{}))?.tools;return Array.isArray(e)?e:[]}async callTool(t,e={}){let o=await this.#e("tools/call",{name:t,arguments:e});if(o?.isError)throw ft(o);return o?.structuredContent??null}async#e(t,e){let o=await this.#t({jsonrpc:"2.0",id:this.#r++,method:t,params:e});if(o.error)throw o.error.message??JSON.stringify(o.error);return o.result}};function ft(r){let t=r?.content;if(Array.isArray(t)){let e=t[0];if(typeof e?.text=="string")return e.text}return"MCP tool failed"}function dt(r){let t=new Headers(r);return t.set("Content-Type","application/json"),t}var D=class{#t;#r;#e=[];#s=new Map;#o=new Map;constructor(t){this.#t=t.postParty,this.#r=t.postPartyRaw}get toolCatalog(){return this.#e}async refreshCatalog(){let t=await this.#t("/ai/tools/catalog",{});this.setCatalog(t.tools)}setCatalog(t){let e=Array.isArray(t)?t:[];this.#e=e,this.#s=new Map(this.#e.filter(o=>o.tool?.name&&o.route).map(o=>[o.tool.name,o.route])),this.#o.clear()}chatTools(t={}){return[...this.#e.map(yt).filter(mt),...t.clientTools??[]]}async executeToolCalls(t){let e=[];for(let o of t)try{e.push({toolCallId:o.id,name:o.name,content:await this.executeToolCall(o)})}catch(n){e.push({toolCallId:o.id,name:o.name,content:String(n),isError:!0})}return e}async executeToolCall(t){let e=this.#s.get(t.name);if(!e)throw new Error(`No discovered tool named ${t.name}`);if(e.method!=="POST"||!e.path)throw new Error(`Unsupported route for tool ${t.name}`);if(e.kind==="platform"){let o=await this.#t(e.path,t.input);return JSON.stringify(o)}if(e.kind==="mcp")return await this.#n(e,t);throw new Error(`Unsupported route kind for tool ${t.name}`)}async#n(t,e){let o=this.#o.get(t.path);o||(o=new x({post:s=>this.#r(t.path,s)}),this.#o.set(t.path,o));let n=await o.callTool(t.mcpToolName||e.name,{...e.input});return JSON.stringify(n)}};function yt(r){return r?.tool?.name?{type:"function",name:r.tool.name,execution:"server",description:r.tool.description,parameters:r.tool.inputSchema}:null}function mt(r){return r!=null}var wt="2025-06-18",H={"Access-Control-Allow-Origin":"*"},K=class{#t;constructor(t){this.#t=t}listTools(){return this.#t.map(t=>({name:t.name,...t.title===void 0?{}:{title:t.title},description:t.description,inputSchema:t.inputSchema,...t.outputSchema===void 0?{}:{outputSchema:t.outputSchema},...t.annotations===void 0?{}:{annotations:t.annotations}}))}async callTool(t,e,o){let n=this.#t.find(s=>s.name===t);if(!n)throw new u(-32602,`Unknown tool: ${t}`);return await n.call(e,o)}},B=class{#t;#r;#e;constructor(t,e){this.#t=t,typeof e=="function"?(this.#r=e,this.#e={name:"mcp-server",version:"1"}):(this.#r=e.context,this.#e=e.serverInfo??{name:"mcp-server",version:"1"})}async handle(t){if(t.method!=="POST")return f(y(null,-32600,"MCP requires POST"));let e;try{e=await t.json()}catch{return f(y(null,-32700,"Parse error"))}let o=St(e.id);if(e.jsonrpc!=="2.0"||typeof e.method!="string")return f(y(o,-32600,"Invalid Request"));if(e.method==="notifications/initialized"&&e.id===void 0)return new Response(null,{status:202,headers:H});try{let n=await this.#s(e.method,e.params,t);return f({jsonrpc:"2.0",id:o,result:n})}catch(n){return n instanceof u?f(y(o,n.code,n.message)):f(y(o,-32603,String(n)))}}async#s(t,e,o){switch(t){case"initialize":return{protocolVersion:wt,capabilities:{tools:{listChanged:!1}},serverInfo:this.#e};case"notifications/initialized":return{};case"tools/list":return{tools:this.#t.listTools()};case"tools/call":return await this.#o(e,o);default:throw new u(-32601,`Method not found: ${t}`)}}async#o(t,e){if(!t||typeof t!="object"||Array.isArray(t))throw new u(-32602,"tools/call params must be an object");let{name:o,arguments:n={}}=t;if(typeof o!="string"||!n||typeof n!="object"||Array.isArray(n))throw new u(-32602,"Invalid tools/call params");try{let s=await this.#t.callTool(o,n,this.#r(e));return V(s)}catch(s){if(s instanceof u)throw s;return V({error:String(s)},!0)}}},u=class extends Error{code;constructor(t,e){super(e),this.code=t}};function V(r,t=!1){return{content:[{type:"text",text:typeof r=="string"?r:JSON.stringify(r)}],structuredContent:r,isError:t}}function y(r,t,e){return{jsonrpc:"2.0",id:r,error:{code:t,message:e}}}function f(r){return new Response(JSON.stringify(r),{headers:{...H,"Content-Type":"application/json"}})}function St(r){return typeof r=="string"||typeof r=="number"||r===null?r:null}var Tt="useTools",Ct=/[\s,;\|]+/;function le(r){let{token:t,providerSource:e,toolName:o,capability:n,providerYaml:s}=r;if(!t)return!1;if(Y(t,e,n))return!0;if(!s)return!1;let i=String(t.getSourceUrl());return Y(t,i,Tt)&&xt(s,o,n)&&Rt(s.grant,t.getCounterparty(),t.getSrc(),n)}function Y(r,t,e){try{return r.hasCapability(t,e)}catch{return!1}}function xt(r,t,e){return!!r.mcp?.tools.some(o=>o.name===t&&o.capability===e)}function Rt(r,t,e,o){for(let n in r??{}){if(!F(t.toLowerCase(),n.toLowerCase()))continue;let s=r[n];if(Array.isArray(s)){if(s.includes(o))return!0;continue}for(let i in s)if(F(e,i)&&bt(s[i]).includes(o))return!0}return!1}function bt(r){return r.split(Ct).filter(t=>t.length>0)}function F(r,t){return new RegExp(`^${t.replace(/[.*+?^${}()|[\]\\]/g,"\\$&").replace(/%/g,".*").replace(/_/g,".")}$`).test(r)}var W="x-forwarded-host",q="x-forwarded-proto",G="x-forwarded-pathname";function Pt(r){return r.headers.has(q)?r.headers.get(q)+":":new URL(r.url).protocol}function At(r){return r.headers.has(W)?r.headers.get(W)||"":new URL(r.url).host}function Ot(r){return r.headers.has(G)?r.headers.get(G)||"":new URL(r.url).pathname}function kt(r){let t=Pt(r),e=At(r),o=Ot(r);return new URL(`${t}//${e}${o}`)}function ue(r){let t=new URL(r.url),e=kt(r);return e.search=t.search,e.hash=t.hash,e}function he(r){return new URL(r.url).pathname}function ge(r,t){let e=Et(r);return t in e?e[t]:null}function Et(r){let t={},e=r.headers.get("Cookie");if(e)for(let o of e.split("; ")){let[n,s]=o.split("=");t[n]=s}return t}export{D as AgentToolRuntime,T as BrowserApp,ut as CONFIG_PATH,I as DAEMON_PREFIX,ht as EVENT_PATH,pt as ImgClass,x as JsonRpcMcpClient,B as JsonRpcMcpServer,k as KeyPair,M as Lifecycle,K as McpToolRegistry,L as ParentHelper,u as ProtocolError,U as QrCode,g as Storage,l as Token,Tt as USE_TOOLS_CAPABILITY,Qt as buildCookie,J as cloneJSONValue,O as getAppId,At as getClientHost,Ot as getClientPathname,Pt as getClientProtocol,ue as getClientUrl,kt as getClientUrlPhp,ge as getCookie,Et as getCookies,st as getItem,it as getItemsLike,Vt as getLaunchAlert,he as getPathname,le as hasMcpToolCapability,Gt as isDefined,ft as mcpToolErrorMessage,V as mcpToolResult,qt as notNull,at as removeItem,C as response,zt as response302,Xt as response404,nt as setItem,Nt as shortHexDigest,X as shortSafeDigest,yt as toChatTool,Y as tokenHasCapability,xt as yamlDeclaresMcpToolCapability,Rt as yamlGrantsCapability};
+-----END PRIVATE KEY-----`}};async function $e(){let o=await y.getInstance(),t=o.getPartyOrigin(),e=new URL(`${t}/catalog`);e.searchParams.append("alert","");let r=await(await fetch(e,{headers:{"X-Tabserver-Token":o.getTokenBase64(),Accept:"application/json"}})).json();if("error"in r)throw r.error;return r.ok.alert.find(i=>i.type=="LAUNCH"&&i.sourceUrl==new URL(o.getAppUrl()))||null}var q=class{#t;#e;#o;#s;#n;#r;#c;async initWithKey(t,e,n,r){this.#e=e.startsWith("https:")?"https:":"http:",this.#o=t,this.#n=e,this.#t=n,this.#s=r,await this.#u()}async checkActivate(){if(!this.#r)throw"checkActivate: No token";let t=new URL(`${this.#r.getAud()}/activate`),e=this.#r.asSignedBase64(),n={},r;try{r=await fetch(t,{method:"POST",headers:{"x-tabserver-token":e,"content-type":"application/json"},body:JSON.stringify(n)});let{ok:s,error:i}=await r.json();if(i)throw i;return!!s.isNew}catch(s){throw console.error(s),`Cannot activate ${this.#r.getParty()}`}}async makeOffer(t,e=null){let{type:n="TRANSIENT",ttl:r=300,expiry:s=30,payload:i}=e??{};if(!this.#r)throw"makeOffer: No token";let a=new URL(`${this.#r.getAud()}/offer`),c=this.#r.asSignedBase64(),l={role:"party",type:n,ttl:r,description:`Offered by ${this.#r.getCounterparty()}`,payload:i,expiry:new Date(Date.now()+1e3*s),flow:t},h=await(await fetch(a,{method:"POST",headers:{"x-tabserver-token":c,"content-type":"application/json"},body:JSON.stringify(l)})).json();if("error"in h)throw h.error;let{claimCode:d,_checkState:$}=h.ok;return this.#c=d,h.ok}async checkState(){if(!this.#r||!this.#c)throw"checkState: No token or claimCode";let t=new URL(`${this.#r.getAud()}/offer/check`);t.searchParams.append("claimCode",this.#c);let e=this.#r.asSignedBase64(),r=await(await fetch(t,{headers:{"x-tabserver-token":e}})).json();if("error"in r)throw r.error;return r.ok.checkState}async confirmClaim(t){if(!this.#r||!this.#c)throw"confirmClaim: No token or claimCode";let e=new URL(`${this.#r.getAud()}/offer/confirm`),n=await this.#r.asSignedBase64(),r={claimCode:this.#c,checkCode:t},i=await(await fetch(e,{method:"POST",headers:{"x-tabserver-token":n,"content-type":"application/json"},body:JSON.stringify(r)})).json();if("error"in i)throw i.error;return i.ok}getChild(){if(!this.#o)throw"getChild: no child";return this.#o}getChildOrigin(){if(!this.#s||!this.#o)throw"getDaemonUrl: no issUrl or daemon";return`${this.#e}//${this.#o}`}async#u(){if(!this.#s||!this.#o||!this.#t)throw"buildToken: missing iss, child or privateJwk";let t=this.#s,e=this.getChildOrigin(),n=new URL(this.#s).origin,r;if(this.#n){let a=new URL(this.#n);r=`${a.origin}${a.pathname}`}else r="party:control";let s={iss:t,aud:e,sub:n,src:r,scope:{"party:control":"offer"},iat:Date.now(),exp:Date.now()+1e3*60*3},i=new p(s);await i.signWith(Promise.resolve(this.#t)),this.#r=i}};var Ut="qrcode",W=class{#t;#e;constructor(t,e){this.#t=t,this.#e=e}generate(){let t=qrcode(0,"L");t.addData(this.#e),t.make();let e=t.createDataURL();return this.#t.classList.add(Ut),this.#t.src=e,new Promise((n,r)=>{this.#t.onload=n,this.#t.onerror=r})}};function X(o){if(o===null)return o;if(Array.isArray(o))return o.map(X);if(typeof o=="object"){let t={};for(let[e,n]of Object.entries(o))t[e]=X(n);return t}return o}function Ge(o){return o!==null}function Ke(o){return o!==void 0}function g(o,t){if("ok"in o){let i=JSON.stringify(o);return new Response(i,{status:200,headers:{...t,"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}})}let e=o.error,[,n,r]=e.match(/^(\d{3})\s(.+)/)??[null,"200",e],s=JSON.stringify({error:r});return new Response(s,{status:Number(n),headers:{...t,"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}})}function Ve(o={error:"404 Not Found"}){let t=JSON.stringify(o);return new Response(t,{status:404,headers:{"Content-Type":"application/json","Access-Control-Allow-Origin":"*"}})}function He(o,t=[]){return new Response(null,{status:302,headers:{Location:o.toString(),"Access-Control-Allow-Origin":"*",...t}})}function _e(o){let{name:t,value:e,domain:n,sameSite:r,path:s="/",expires:i,secure:a=!0,httpOnly:c=!0}=o,l=[];return l.push(`${encodeURIComponent(t)}=${encodeURIComponent(e)}`),n&&l.push(`Domain=${n}`),r&&l.push(`SameSite=${r}`),l.push(`Path=${s}`),i&&l.push(`Expires=${i.toUTCString()}`),a&&l.push("Secure"),c&&l.push("HttpOnly"),l.join("; ")}var z="daemon",$t="config",Lt="event",Q={Config:"config"},Z="config",Mt=1e3*60*60,m=class o extends EventTarget{static#t=new o;static Ev=Q;static getInstance(){return this.#t}static shouldHandle(t){return o.isConfig(t)||o.isEvent(t)}static isConfig(t){let e=new URL(t.url);return t.method=="POST"&&e.pathname==`/${z}/${$t}`&&t.headers.get("Content-Type")=="application/json"}static isEvent(t){let e=new URL(t.url);return t.method=="POST"&&e.pathname==`/${z}/${Lt}`&&t.headers.get("Content-Type")=="application/json"}async handler(t){return o.isConfig(t)?await this.handleConfig(t):o.isEvent(t)?await this.handleEvent(t):g({error:"Invalid daemon request"})}async handleConfig(t){let e=await t.json();return sessionStorage.setItem(Z,JSON.stringify(e)),this.dispatchEvent(new CustomEvent(Q.Config,{detail:e})),g({ok:!0})}async handleEvent(t){let{type:e,payload:n}=await t.json();return this.dispatchEvent(new CustomEvent(e,{detail:n})),g({ok:!0})}static getConfig(){let t=sessionStorage.getItem(Z);if(!t)throw"DaemonConfig not ready";return JSON.parse(t)}static getPrivateKey(){let{system:{privateJwk:t}}=o.getConfig();return Promise.resolve(t)}static async getTokenFor(t,e=null,n=null,r=Mt){let s=o.getConfig();if(!s)throw"Lifecycle configuration not yet available";let{system:{protocol:i,party:a,issuer:c,source:l}}=s,u=new URL(l),h=e?`${i}//${e}`:`${i}//${a}`,d=`${i}//${a}`,$=Date.now(),wt={iss:c,aud:h,sub:d,src:n??`${u.origin}${u.pathname}`,scope:t,iat:$,exp:$+r},B=new p(wt);return await B.signWith(o.getPrivateKey()),B}static async getStorage(){let t=await o.getStorageToken();return new w(t)}static getStorageToken(){let{system:{party:t}}=o.getConfig(),e={[p.Source.PARTY_CONTROL]:`${p.Capability.GET_ITEM} ${p.Capability.SET_ITEM}`};return o.getTokenFor(e,t)}};var O=class{#t;#e=1;constructor(t){if(t.post){this.#t=t.post;return}if(!t.url)throw new Error("JsonRpcMcpClient requires post or url");let e=t.fetch??fetch;this.#t=async n=>{let r=typeof t.headers=="function"?await t.headers():t.headers??{};return await(await e(t.url,{method:"POST",headers:Dt(r),body:JSON.stringify(n)})).json()}}async listTools(){let e=(await this.#o("tools/list",{}))?.tools;return Array.isArray(e)?e:[]}async callTool(t,e={}){let n=await this.#o("tools/call",{name:t,arguments:e});if(n?.isError)throw jt(n);return n?.structuredContent??null}async#o(t,e){let n=await this.#t({jsonrpc:"2.0",id:this.#e++,method:t,params:e});if(n.error)throw n.error.message??JSON.stringify(n.error);return n.result}};function jt(o){let t=o?.content;if(Array.isArray(t)){let e=t[0];if(typeof e?.text=="string")return e.text}return"MCP tool failed"}function Dt(o){let t=new Headers(o);return t.set("Content-Type","application/json"),t}var E=class{#t;#e;#o=[];#s=new Map;#n=new Map;constructor(t){this.#t=t.postParty,this.#e=t.postPartyRaw}get toolCatalog(){return this.#o}async refreshCatalog(){let t=await this.#t("/ai/tools/catalog",{});this.setCatalog(t.tools)}setCatalog(t){let e=Array.isArray(t)?t:[];this.#o=e,this.#s=new Map(this.#o.filter(n=>n.tool?.name&&n.route).map(n=>[n.tool.name,n.route])),this.#n.clear()}chatTools(t={}){return[...this.#o.map(Gt).filter(Kt),...t.clientTools??[]]}async executeToolCalls(t){let e=[];for(let n of t)try{e.push({toolCallId:n.id,name:n.name,content:await this.executeToolCall(n)})}catch(r){e.push({toolCallId:n.id,name:n.name,content:String(r),isError:!0})}return e}async executeToolCall(t){let e=this.#s.get(t.name);if(!e)throw new Error(`No discovered tool named ${t.name}`);if(e.method!=="POST"||!e.path)throw new Error(`Unsupported route for tool ${t.name}`);if(e.kind==="platform"){let n=await this.#t(e.path,t.input);return JSON.stringify(n)}if(e.kind==="mcp")return await this.#r(e,t);throw new Error(`Unsupported route kind for tool ${t.name}`)}async#r(t,e){let n=this.#n.get(t.path);n||(n=new O({post:s=>this.#e(t.path,s)}),this.#n.set(t.path,n));let r=await n.callTool(t.mcpToolName||e.name,{...e.input});return JSON.stringify(r)}};function Gt(o){return o?.tool?.name?{type:"function",name:o.tool.name,execution:"server",description:o.tool.description,parameters:o.tool.inputSchema}:null}function Kt(o){return o!=null}var Bt="2025-06-18",I={"Access-Control-Allow-Origin":"*"},Vt="POST, GET",tt=class{#t;constructor(t){this.#t=t}listTools(){return this.#t.map(t=>({name:t.name,...t.title===void 0?{}:{title:t.title},description:t.description,inputSchema:t.inputSchema,...t.outputSchema===void 0?{}:{outputSchema:t.outputSchema},...t.annotations===void 0?{}:{annotations:t.annotations}}))}async callTool(t,e,n){let r=this.#t.find(s=>s.name===t);if(!r)throw new f(-32602,`Unknown tool: ${t}`);return await r.call(e,n)}},N=class{#t;#e;#o;constructor(t,e){this.#t=t,typeof e=="function"?(this.#e=e,this.#o={name:"mcp-server",version:"1"}):(this.#e=e.context,this.#o=e.serverInfo??{name:"mcp-server",version:"1"})}async handle(t){if(t.method==="GET")return _t(t);if(t.method==="DELETE"||t.method!=="POST")return ot();let e;try{e=await t.json()}catch{return T(v(null,-32700,"Parse error"))}let n=Ft(e.id);if(e.jsonrpc!=="2.0"||typeof e.method!="string")return T(v(n,-32600,"Invalid Request"));if(e.id===void 0)return Ht();try{let r=await this.#s(e.method,e.params,t);return T({jsonrpc:"2.0",id:n,result:r})}catch(r){return r instanceof f?T(v(n,r.code,r.message)):T(v(n,-32603,String(r)))}}async#s(t,e,n){switch(t){case"initialize":return{protocolVersion:Bt,capabilities:{tools:{listChanged:!1}},serverInfo:this.#o};case"notifications/initialized":return{};case"tools/list":return{tools:await this.#t.listTools(this.#e(n))};case"tools/call":return await this.#n(e,n);default:throw new f(-32601,`Method not found: ${t}`)}}async#n(t,e){if(!t||typeof t!="object"||Array.isArray(t))throw new f(-32602,"tools/call params must be an object");let{name:n,arguments:r={}}=t;if(typeof n!="string"||!r||typeof r!="object"||Array.isArray(r))throw new f(-32602,"Invalid tools/call params");try{let s=await this.#t.callTool(n,r,this.#e(e));return et(s)}catch(s){if(s instanceof f)throw s;return et({error:String(s)},!0)}}},f=class extends Error{code;constructor(t,e){super(e),this.code=t}};function et(o,t=!1){return{content:[{type:"text",text:typeof o=="string"?o:JSON.stringify(o)}],structuredContent:o,isError:t}}function v(o,t,e){return{jsonrpc:"2.0",id:o,error:{code:t,message:e}}}function T(o){return new Response(JSON.stringify(o),{headers:{...I,"Content-Type":"application/json"}})}function Ht(){return new Response(null,{status:202,headers:I})}function _t(o){let t=new URL(o.url);return new Response(`event: endpoint
+data: ${t.pathname}
+`,{headers:{...I,"Content-Type":"text/event-stream","Cache-Control":"no-cache"}})}function ot(){return new Response(null,{status:405,headers:{...I,Allow:Vt}})}function Ft(o){return typeof o=="string"||typeof o=="number"||o===null?o:null}var Yt="useTools",st=/[\s,;\|]+/,J=class{#t;constructor(t){this.#t=t}hasCapability(t,e){return(this.#t.scope[t]??"").split(st).includes(e)}getParty(){return this.#t.party??""}getCounterparty(){return this.#t.counterparty}getSourceUrl(){return new URL(this.#t.src)}getSrc(){return this.#t.src}};function it(o){let{token:t,providerSource:e,toolName:n,capability:r,providerYaml:s}=o;if(!t)return!1;if(nt(t,e,r))return!0;if(!s)return!1;let i=String(t.getSourceUrl());return nt(t,i,Yt)&&qt(s,n,r)&&Wt(s.grant,t.getCounterparty(),t.getSrc(),r)}function nt(o,t,e){try{return o.hasCapability(t,e)}catch{return!1}}function qt(o,t,e){return!!o.mcp?.tools.some(n=>n.name===t&&n.capability===e)}function Wt(o,t,e,n){for(let r in o??{}){if(!rt(t.toLowerCase(),r.toLowerCase()))continue;let s=o[r];if(Array.isArray(s)){if(s.includes(n))return!0;continue}for(let i in s)if(rt(e,i)&&Xt(s[i]).includes(n))return!0}return!1}function Xt(o){return o.split(st).filter(t=>t.length>0)}function rt(o,t){return new RegExp(`^${t.replace(/[.*+?^${}()|[\]\\]/g,"\\$&").replace(/%/g,".*").replace(/_/g,".")}$`).test(o)}var zt=4,Qt=.2,at="x-tabserver-token",U="x-tabserver-oauth-context",K="expert_ask",ct="expertAsk",lt=class{#t;#e;#o;#s;#n;#r=new Map;#c=new m;#u;#l=null;#i;#p;constructor(t){this.#t=t.targetScope,this.#e=t.defaultSystemPromptUrl,this.#o=t.defaultTemperature??Qt,this.#s=t.maxToolRounds??zt,this.#n=t.mcpPath??"/rpc",this.#i={temperature:this.#o,toolsEnabled:!0,toolDetails:!0},this.#u=new Promise(e=>{this.#c.addEventListener("config",n=>{e(n.detail)},{once:!0})}),this.#p=new N(new G(this),{context:le,serverInfo:{name:"ai-chat-expert",version:"1"}})}async handler(t){if(m.shouldHandle(t))return await this.#c.handler(t);try{if(t.method!=="POST")throw"405 Method Not Allowed";let e=new URL(t.url);if(e.pathname===this.#n)return await this.#p.handle(t);switch(e.pathname){case"/session":return g({ok:await this.#f(t)});case"/settings":return g({ok:await this.#y(t)});case"/chats":return g({ok:await this.#N(t)});case"/send":return g({ok:await this.#m(t)});case"/client-tool-results":return g({ok:await this.#C(t)});case"/close":return g({ok:await this.#I(t)});case"/delete":return g({ok:await this.#J(t)});default:throw"404 Not Found"}}catch(e){return console.error(e),g({error:String(e)})}}async askExpert(t,e){let n=e.trim();if(!n)throw"Question is required";let r=this.#E(void 0),s=await this.#P(r,{expert:!0}),i=this.#i.temperature,a=await this.#w(t,r,void 0,s,i);M(a),a.toolRounds=0,await this.#T(a);let c=[];try{let l=await this.#a(a.targetParty,"/ai/chat/send",{chatId:a.chatId,message:n,options:this.#S(a,this.#i.toolsEnabled,i)},a.oauthContext),u=await this.#g(a,l.message,this.#i.toolsEnabled,!1,i,c);if(u.clientToolCalls?.length)throw"Expert MCP cannot execute browser client tools";let h=he(u.events);if(!h)throw"Expert did not return an answer";return{answer:h}}finally{let l=R(t,a.targetParty,a.chatId);this.#r.delete(l),await this.#a(a.targetParty,"/ai/chat/close",{chatId:a.chatId}).catch(u=>console.error(u))}}async#m(t){let e=await ut(t);if(typeof e.message!="string"||!e.message.trim())throw"Message is required";let n=this.#k(e),r=this.#O(e),s=this.#R(e),i=this.#h(e),a=S(e),c=await this.#w(t,i,a,void 0,s);M(c),c.toolRounds=0,ht(c,e),n&&await this.#T(c);let l=[],u=await this.#a(c.targetParty,"/ai/chat/send",{chatId:c.chatId,message:e.message.trim(),options:this.#S(c,n,s)},c.oauthContext);return await this.#g(c,u.message,n,r,s,l)}async#C(t){let e=await ut(t),n=this.#k(e),r=this.#O(e),s=this.#R(e),i=this.#h(e),a=S(e),c=await this.#w(t,i,a,void 0,s);ht(c,e);let l=te(c,e.toolResults),u=[];for(let d of l)D(u,d.name??"client_tool",d.content,r,d.isError);let h=[...c.pendingToolResults,...l];return M(c),await this.#d(c,h,n,r,s,u)}async#g(t,e,n,r,s,i){let a=e;for(;;){re(i,a);let c=a.toolCalls??[];if(!c.length)return{events:i};if(t.toolRounds>=this.#s)return i.push({role:"tool-result",content:"Stopped after too many tool rounds.",error:!0}),{events:i};let{toolResults:l,clientToolCalls:u}=await ne(t,c,r,i);if(u.length)return t.pendingClientToolCalls=new Map(u.map(d=>[d.id,d])),t.pendingToolResults=l,{events:i,clientToolCalls:u};let h=await this.#d(t,l,n,r,s,i);return h.clientToolCalls?.length,h}}async#d(t,e,n,r,s,i){if(t.toolRounds>=this.#s)return i.push({role:"tool-result",content:"Stopped after too many tool rounds.",error:!0}),{events:i};t.toolRounds++;let a=await this.#a(t.targetParty,"/ai/chat/send",{chatId:t.chatId,message:{role:"user",content:"",toolResults:e},options:this.#S(t,n,s)},t.oauthContext);return await this.#g(t,a.message,n,r,s,i)}async#f(t){let e=await C(t),n=this.#h(e),r=S(e),s=await this.#w(t,n,r,r?void 0:await this.#M(e,n),this.#R(e));return gt(s,e.clientTools),await this.#T(s),{chatId:s.chatId,history:await this.#U(s),closed:r?await this.#$(n,r):null}}async#y(t){let e=await C(t);return Object.keys(e).length&&await this.#K(e),await this.#G()}async#N(t){let e=await C(t),n=this.#h(e),r=await this.#a(n,"/ai/chat/list",{});return{chats:Array.isArray(r.chats)?r.chats:[]}}async#I(t){let e=await C(t),n=this.#h(e),r=S(e);if(!r)throw"chatId is required";let s=R(t,n,r),i=this.#r.get(s);return i?(await this.#a(i.targetParty,"/ai/chat/close",{chatId:i.chatId}),this.#r.delete(s),!0):(await this.#a(n,"/ai/chat/close",{chatId:r}),!0)}async#J(t){let e=await C(t),n=this.#h(e),r=S(e);if(!r)throw"chatId is required";let s=R(t,n,r);return await this.#a(n,"/ai/chat/delete",{chatId:r}),this.#r.delete(s),!0}async#w(t,e,n,r,s=this.#o){let i=R(t,e,n);if(n){let l=this.#r.get(i);if(l)return l}let a=n?{id:n}:await this.#a(e,"/ai/chat/create",{system:r??await this.#P(e,{expert:!1}),temperature:s});i=R(t,e,String(a.id));let c={chatId:String(a.id),targetParty:e,oauthContext:t.headers.get(U),toolRuntime:this.#L(e),clientTools:[],clientToolNames:new Set,pendingClientToolCalls:new Map,pendingToolResults:[],toolRounds:0};return await this.#T(c),this.#r.set(i,c),c}async#U(t){let e=await this.#a(t.targetParty,"/ai/chat/history",{chatId:t.chatId});return Array.isArray(e.messages)?e.messages:[]}async#$(t,e){let n=await this.#a(t,"/ai/chat/list",{}),s=(Array.isArray(n.chats)?n.chats:[]).find(i=>i.id===e);return typeof s?.closed=="string"?s.closed:null}#L(t){return new E({postParty:(e,n)=>this.#a(t,e,n),postPartyRaw:(e,n)=>this.#A(t,e,n)})}async#T(t){await t.toolRuntime.refreshCatalog()}#S(t,e,n){if(!e)return{temperature:n};let r=t.toolRuntime.chatTools({clientTools:t.clientTools});return r.length?{temperature:n,tools:r,toolChoice:"auto"}:{temperature:n}}async#a(t,e,n,r){let s=await this.#A(t,e,n,r);if("error"in s)throw s.error;return s.ok}async#A(t,e,n,r){let s=m.getConfig(),i=await m.getTokenFor({[s.system.source]:this.#t},t),a=`${s.system.protocol}//${t}${e}`,c={"Content-Type":"application/json","X-Tabserver-Token":i.asSignedBase64()};return r&&(c[U]=r),await(await fetch(a,{method:"POST",headers:c,body:JSON.stringify(n)})).json()}async#M(t,e){let n=typeof t.systemPrompt=="string"&&t.systemPrompt.trim()?t.systemPrompt.trim():await this.#x();return await this.#P(e,{basePrompt:n,expert:!1})}#R(t){return typeof t.temperature=="number"&&Number.isFinite(t.temperature)&&t.temperature>=0&&t.temperature<=2?Math.round(t.temperature*10)/10:this.#i.temperature}#k(t){return typeof t.toolsEnabled=="boolean"?t.toolsEnabled:this.#i.toolsEnabled}#O(t){return typeof t.toolDetails=="boolean"?t.toolDetails:this.#i.toolDetails}#h(t){return this.#E(t.targetParty)}#E(t){let{system:{party:e,protocol:n}}=m.getConfig();if(t==null||t==="")return e;if(typeof t!="string")throw"targetParty must be a string";let r=t.trim();if(!r)return e;try{let s=r.includes("://")?new URL(r):new URL(`${n}//${r}`);if(!s.host)throw"missing host";return s.host}catch{throw`Invalid targetParty: ${t}`}}#v(){return this.#l??=this.#B(),this.#l}async#P(t,e){let n=e.basePrompt??await this.#x(),r=await me(),s=e.expert&&r?`
+When answering expert MCP questions, prefer semantic and structured memory under root "${r}" when looking up remembered information.`:"",i=await this.#j(t);return`${n}${s}${i}`}async#j(t){try{let e=mt(),n=e?await this.#D(t,e):await this.#b(t,{});return pe(n)}catch{return`
+Semantic memory catalog is unavailable for this session.`}}async#D(t,e){let n=await this.#b(t,{root:e});return n.length?n:await this.#b(t,{})}async#b(t,e){let n=await this.#a(t,"/ai/memory/catalog",{kind:"semantic",...e.root?{root:e.root}:{}});return Array.isArray(n.resources)?n.resources:[]}async#x(){return this.#i.systemPrompt??await this.#v()}async#G(){return{...this.#i,systemPrompt:await this.#x()}}async#K(t){if(t.systemPrompt!==void 0){if(typeof t.systemPrompt!="string")throw"systemPrompt must be a string";this.#i.systemPrompt=t.systemPrompt.trim()?t.systemPrompt:await this.#v()}if(t.temperature!==void 0){if(typeof t.temperature!="number"||!Number.isFinite(t.temperature)||t.temperature<0||t.temperature>2)throw"temperature must be between 0 and 2";this.#i.temperature=Math.round(t.temperature*10)/10}if(t.toolsEnabled!==void 0){if(typeof t.toolsEnabled!="boolean")throw"toolsEnabled must be a boolean";this.#i.toolsEnabled=t.toolsEnabled}if(t.toolDetails!==void 0){if(typeof t.toolDetails!="boolean")throw"toolDetails must be a boolean";this.#i.toolDetails=t.toolDetails}}async#B(){let t=await this.#V(),e=await fetch(t);if(!e.ok)throw`Failed to load default system prompt: ${e.status}`;return await e.text()}async#V(){if(this.#e instanceof URL)return this.#e;if(typeof this.#e=="string")try{return new URL(this.#e)}catch{let{system:{source:e}}=await this.#u;return new URL(this.#e,e)}return await this.#H()}async#H(){let{system:{source:t}}=await this.#u;return new URL("system-prompt.txt",t)}};async function ut(o){if(!o.headers.get("Content-Type")?.startsWith("application/json"))throw"Content-Type must be 'application/json'";let t=await o.json();if(!t||typeof t!="object"||Array.isArray(t))throw"Request body must be an object";return t}async function C(o){if(!o.headers.get("Content-Type")?.startsWith("application/json"))return{};let t=await o.json();return!t||typeof t!="object"||Array.isArray(t)?{}:t}function ht(o,t){Object.hasOwn(t,"clientTools")&&gt(o,t.clientTools)}function gt(o,t){let e=Array.isArray(t)?t.filter(Zt):[];o.clientTools=e,o.clientToolNames=new Set(e.map(n=>n.name))}function Zt(o){return!!o&&typeof o=="object"&&!Array.isArray(o)&&o.type==="function"&&typeof o.name=="string"&&o.execution==="client"}function te(o,t){if(!Array.isArray(t))throw"toolResults must be an array";let e=new Set(o.pendingClientToolCalls.keys());if(!e.size)throw"No pending client tool calls";let n=[];for(let r of t){if(!ee(r))throw"Invalid client tool result";if(!e.delete(r.toolCallId))throw`Unexpected client tool result: ${r.toolCallId}`;if(o.pendingClientToolCalls.get(r.toolCallId)?.name!==r.name)throw`Client tool result name mismatch: ${r.toolCallId}`;n.push(r)}if(e.size)throw`Missing client tool results: ${[...e].join(", ")}`;return n}function ee(o){return!!o&&typeof o=="object"&&!Array.isArray(o)&&typeof o.toolCallId=="string"&&typeof o.name=="string"&&typeof o.content=="string"&&(o.isError===void 0||typeof o.isError=="boolean")}function M(o){o.pendingClientToolCalls.clear(),o.pendingToolResults=[]}function S(o){if(!(o.chatId===void 0||o.chatId===null||o.chatId==="")){if(typeof o.chatId!="string")throw"chatId must be a string";return o.chatId}}function R(o,t,e){return`${oe(o)}
+${t}
+${e??"default"}`}function oe(o){let t=o.headers.get(at);if(t)return t;let e=o.headers.get(U);if(e)return e;throw`This request must provide a token in '${at}'`}async function ne(o,t,e,n){let r=[],s=[];for(let i of t){let a=o.clientToolNames.has(i.name);if(e&&n.push({role:"tool",content:se(i,a)}),a){s.push(i);continue}try{let c=await o.toolRuntime.executeToolCall(i);D(n,i.name,c,e),r.push({toolCallId:i.id,name:i.name,content:c})}catch(c){let l=String(c);D(n,i.name,l,e,!0),r.push({toolCallId:i.id,name:i.name,content:l,isError:!0})}}return{toolResults:r,clientToolCalls:s}}function re(o,t){t.content?o.push({role:"assistant",content:t.content}):t.toolCalls?.length||o.push({role:"assistant",content:""})}function se(o,t){return`${t?"Client tool call":"Agent tool call"}: ${o.name}
+${JSON.stringify(o.input,null,2)}`}function D(o,t,e,n,r=!1){n&&o.push({role:"tool-result",content:ie(t,e,r),...r?{error:!0}:{}})}function ie(o,t,e=!1){return`${e?"Tool error":"Tool result"}: ${o}
+${t}`}var G=class{#t;constructor(t){this.#t=t}listTools(){return[ae()]}async callTool(t,e,n){if(t!==K)throw new f(-32602,`Unknown tool: ${t}`);if(ce(n),typeof e.question!="string"||!e.question.trim())throw"question is required";return await this.#t.askExpert(n.request,e.question)}};function ae(){return{name:K,title:"Ask Expert",description:"Ask this AI Chat expert a question. The expert may use its configured memory and tools before answering.",inputSchema:{type:"object",properties:{question:{type:"string",description:"Question to ask the expert."}},required:["question"],additionalProperties:!1},outputSchema:{type:"object",properties:{answer:{type:"string"}},required:["answer"],additionalProperties:!1},annotations:{readOnlyHint:!0,destructiveHint:!1}}}function ce(o){if(!it({token:o.token,providerSource:o.source,toolName:K,capability:ct,providerYaml:o.yaml}))throw`Missing capability: ${ct}`}function le(o){let{system:{party:t,source:e,protocol:n,sourcePrefix:r},content:{yaml:s}}=m.getConfig();return{party:t,source:e,protocol:n,sourcePrefix:r,yaml:s,token:ue(o),request:o}}function ue(o){let t=p.from(o);if(t)return t;let e=o.headers.get(U);return e?new J(JSON.parse(e)):null}function he(o){for(let t=o.length-1;t>=0;t--){let e=o[t];if(e.role==="assistant"&&!e.error)return e.content}return null}function pe(o){if(!o.length)return`
+Available semantic memories:
+None discovered.`;let t=["","","Available semantic memories:","Use semantic_query with the exact root and collection when these memories are relevant."];for(let e of o){let n=j(e.root),r=j(e.collection);if(!n||!r)continue;t.push(`- root: ${n}`),t.push(`  collection: ${r}`);let s=j(e.description);s&&t.push(`  description: ${s}`);let i=pt(e.schema),a=ge(i?.textProperties);a.length&&t.push(`  textProperties: ${a.join(", ")}`);let c=pt(i?.propertyTypes);c&&t.push(`  propertyTypes: ${JSON.stringify(c)}`),t.push(`  query with: semantic_query({ root: ${JSON.stringify(n)}, collection: ${JSON.stringify(r)}, query: { text: "<search text>", limit: 5 } })`)}return t.join(`
+`)}function j(o){return typeof o=="string"?o:""}function pt(o){return o&&typeof o=="object"&&!Array.isArray(o)?o:null}function ge(o){return Array.isArray(o)?o.filter(t=>typeof t=="string"):[]}function mt(){let{system:{source:o}}=m.getConfig();return new URL(o).searchParams.get("root")?.trim().replace(/^\/+|\/+$/g,"")||void 0}async function me(){let{system:{source:o}}=m.getConfig(),t=new URL(o),e=mt();return e||(t.hash="",await P(t))}var dt="x-forwarded-host",ft="x-forwarded-proto",yt="x-forwarded-pathname";function de(o){return o.headers.has(ft)?o.headers.get(ft)+":":new URL(o.url).protocol}function fe(o){return o.headers.has(dt)?o.headers.get(dt)||"":new URL(o.url).host}function ye(o){return o.headers.has(yt)?o.headers.get(yt)||"":new URL(o.url).pathname}function we(o){let t=de(o),e=fe(o),n=ye(o);return new URL(`${t}//${e}${n}`)}function ho(o){let t=new URL(o.url),e=we(o);return e.search=t.search,e.hash=t.hash,e}function po(o){return new URL(o.url).pathname}function go(o,t){let e=Te(o);return t in e?e[t]:null}function Te(o){let t={},e=o.headers.get("Cookie");if(e)for(let n of e.split("; ")){let[r,s]=n.split("=");t[r]=s}return t}export{E as AgentToolRuntime,y as BrowserApp,$t as CONFIG_PATH,k as ClientToolRegistry,z as DAEMON_PREFIX,Lt as EVENT_PATH,lt as GenerativeChatAgent,F as GenerativeChatClient,Ut as ImgClass,O as JsonRpcMcpClient,N as JsonRpcMcpServer,Y as KeyPair,m as Lifecycle,tt as McpToolRegistry,J as OAuthMcpToken,q as ParentHelper,f as ProtocolError,W as QrCode,w as Storage,p as Token,Yt as USE_TOOLS_CAPABILITY,_e as buildCookie,X as cloneJSONValue,Ne as createDefaultBrowserChatTools,P as getAppId,fe as getClientHost,ye as getClientPathname,de as getClientProtocol,ho as getClientUrl,we as getClientUrlPhp,go as getCookie,Te as getCookies,kt as getItem,Ot as getItemsLike,$e as getLaunchAlert,po as getPathname,it as hasMcpToolCapability,Ke as isDefined,jt as mcpToolErrorMessage,et as mcpToolResult,Ge as notNull,Et as removeItem,g as response,He as response302,Ve as response404,At as setItem,Ce as shortHexDigest,Tt as shortSafeDigest,Gt as toChatTool,nt as tokenHasCapability,qt as yamlDeclaresMcpToolCapability,Wt as yamlGrantsCapability};
 //# sourceMappingURL=index.js.map