{"version":3,"sources":["../src/server/schemas/auth.ts"],"names":["z"],"mappings":";;;;;AAMO,IAAM,eAAA,GAAkBA,KAAE,MAAA,CAAO;AAAA,EACtC,QAAA,EAAUA,KAAE,MAAA,EAAO;AAAA,EACnB,IAAA,EAAMA,KAAE,MAAA,EAAO;AAAA,EACf,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EACjC,GAAA,EAAKA,KAAE,MAAA;AACT,CAAC;AAEM,IAAM,iBAAA,GAAoBA,KAC9B,MAAA,CAAO;AAAA,EACN,MAAMA,IAAA,CAAE,IAAA,CAAK,CAAC,KAAA,EAAO,aAAA,EAAe,MAAM,CAAC,CAAA;AAAA,EAC3C,GAAA,EAAK,gBAAgB,QAAA,EAAS;AAAA,EAC9B,aAAA,EAAeA,IAAA,CAAE,OAAA,EAAQ,CAAE,QAAA,EAAS;AAAA,EACpC,WAAA,EAAaA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC1B,CAAC,EACA,QAAA;AAEI,IAAM,wBAAA,GAA2BA,KAAE,MAAA,CAAO;AAAA,EAC/C,OAAA,EAASA,KAAE,OAAA,EAAQ;AAAA,EACnB,KAAA,EAAO;AACT,CAAC;AAEM,IAAM,uBAAA,GAA0BA,KAAE,MAAA,CAAO;AAAA,EAC9C,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,EACb,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,SAAA,EAAWA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACxB,CAAC;AAEM,IAAM,qBAAA,GAAwBA,KAAE,MAAA,CAAO;AAAA,EAC5C,IAAA,EAAMA,KAAE,OAAA,EAAQ;AAAA,EAChB,OAAA,EAASA,KAAE,OAAA,EAAQ;AAAA,EACnB,GAAA,EAAKA,KAAE,OAAA,EAAQ;AAAA,EACf,IAAA,EAAMA,KAAE,OAAA,EAAQ;AAAA,EAChB,GAAA,EAAKA,KAAE,OAAA;AACT,CAAC;AAEM,IAAM,gBAAA,GAAmBA,KAC7B,MAAA,CAAO;AAAA,EACN,KAAA,EAAOA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,QAAQ,CAAA;AAAA,EACzB,WAAA,EAAaA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,QAAQ;AACjC,CAAC,EACA,QAAA;AAEI,IAAM,+BAAA,GAAkC,yBAAyB,MAAA,CAAO;AAAA,EAC7E,IAAA,EAAM,uBAAA;AAAA,EACN,YAAA,EAAc,qBAAA;AAAA,EACd,MAAA,EAAQ;AACV,CAAC;AAIM,IAAM,6BAA6BA,IAAA,CAAE,KAAA,CAAM,CAAC,+BAAA,EAAiC,wBAAwB,CAAC;AAMtG,IAAM,mBAAA,GAAsBA,KAAE,MAAA,CAAO;AAAA,EAC1C,YAAA,EAAcA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AAC3B,CAAC;AAEM,IAAM,sBAAA,GAAyBA,KAAE,MAAA,CAAO;AAAA,EAC7C,IAAA,EAAMA,KAAE,MAAA,EAAO;AAAA,EACf,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACpB,CAAC;AAEM,IAAM,sBAAA,GAAyBA,KAAE,MAAA,CAAO;AAAA,EAC7C,GAAA,EAAKA,KAAE,MAAA;AACT,CAAC;AAEM,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EAChD,OAAA,EAASA,KAAE,OAAA,EAAQ;AAAA,EACnB,IAAA,EAAM,wBAAwB,QAAA,EAAS;AAAA,EACvC,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAMM,IAAM,oBAAA,GAAuBA,KAAE,MAAA,CAAO;AAAA,EAC3C,OAAA,EAASA,KAAE,OAAA,EAAQ;AAAA,EACnB,UAAA,EAAYA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACzB,CAAC;AAMM,IAAM,qBAAA,GAAwBA,KAAE,MAAA,CAAO;AAAA,EAC5C,OAAA,EAASA,KAAE,OAAA;AACb,CAAC;AAMM,IAAM,yBAAA,GAA4BA,KACtC,MAAA,CAAO;AAAA,EACN,EAAA,EAAIA,KAAE,MAAA,EAAO;AAAA,EACb,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC3B,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC1B,SAAA,EAAWA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA,EAAS;AAAA,EAC/B,OAAOA,IAAA,CAAE,KAAA,CAAMA,KAAE,MAAA,EAAQ,EAAE,QAAA,EAAS;AAAA,EACpC,aAAaA,IAAA,CAAE,KAAA,CAAMA,KAAE,MAAA,EAAQ,EAAE,QAAA;AACnC,CAAC,EACA,QAAA;AAMI,IAAM,2BAAA,GAA8BA,KAAE,MAAA,CAAO;AAAA,EAClD,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,KAAA,EAAM;AAAA,EACxB,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC;AAC5B,CAAC;AAEM,IAAM,2BAAA,GAA8BA,KAAE,MAAA,CAAO;AAAA,EAClD,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,KAAA,EAAM;AAAA,EACxB,QAAA,EAAUA,IAAA,CAAE,MAAA,EAAO,CAAE,IAAI,CAAC,CAAA;AAAA,EAC1B,IAAA,EAAMA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACnB,CAAC;AAEM,IAAM,yBAAA,GAA4BA,KAAE,MAAA,CAAO;AAAA,EAChD,IAAA,EAAM,uBAAA;AAAA,EACN,KAAA,EAAOA,IAAA,CAAE,MAAA,EAAO,CAAE,QAAA;AACpB,CAAC;AAUM,IAAM,gCAAA,GAAmCA,KAAE,MAAA,CAAO;AAAA,EACvD,QAAA,EAAUA,IAAA,CAAE,KAAA,CAAMA,IAAA,CAAE,QAAQ;AAC9B,CAAC","file":"chunk-RR5IB5A2.cjs","sourcesContent":["import { z } from 'zod/v4';\n\n// ============================================================================\n// Capabilities Response Schemas\n// ============================================================================\n\nexport const ssoConfigSchema = z.object({\n provider: z.string(),\n text: z.string(),\n icon: z.string().optional(),\n description: z.string().optional(),\n url: z.string(),\n});\n\nexport const loginConfigSchema = z\n .object({\n type: z.enum(['sso', 'credentials', 'both']),\n sso: ssoConfigSchema.optional(),\n signUpEnabled: z.boolean().optional(),\n description: z.string().optional(),\n })\n .nullable();\n\nexport const publicCapabilitiesSchema = z.object({\n enabled: z.boolean(),\n login: loginConfigSchema,\n});\n\nexport const authenticatedUserSchema = z.object({\n id: z.string(),\n email: z.string().optional(),\n name: z.string().optional(),\n avatarUrl: z.string().optional(),\n});\n\nexport const capabilityFlagsSchema = z.object({\n user: z.boolean(),\n session: z.boolean(),\n sso: z.boolean(),\n rbac: z.boolean(),\n acl: z.boolean(),\n});\n\nexport const userAccessSchema = z\n .object({\n roles: z.array(z.string()),\n permissions: z.array(z.string()),\n })\n .nullable();\n\nexport const authenticatedCapabilitiesSchema = publicCapabilitiesSchema.extend({\n user: authenticatedUserSchema,\n capabilities: capabilityFlagsSchema,\n access: userAccessSchema,\n});\n\n// Note: authenticatedCapabilitiesSchema is listed first because z.union checks left-to-right\n// and the authenticated schema is a superset of the public schema (extends it with user, capabilities, access).\nexport const capabilitiesResponseSchema = z.union([authenticatedCapabilitiesSchema, publicCapabilitiesSchema]);\n\n// ============================================================================\n// SSO Schemas\n// ============================================================================\n\nexport const ssoLoginQuerySchema = z.object({\n redirect_uri: z.string().optional(),\n});\n\nexport const ssoCallbackQuerySchema = z.object({\n code: z.string(),\n state: z.string().optional(),\n});\n\nexport const ssoLoginResponseSchema = z.object({\n url: z.string(),\n});\n\nexport const ssoCallbackResponseSchema = z.object({\n success: z.boolean(),\n user: authenticatedUserSchema.optional(),\n redirectTo: z.string().optional(),\n});\n\n// ============================================================================\n// Logout Schema\n// ============================================================================\n\nexport const logoutResponseSchema = z.object({\n success: z.boolean(),\n redirectTo: z.string().optional(),\n});\n\n// ============================================================================\n// Refresh Schema\n// ============================================================================\n\nexport const refreshResponseSchema = z.object({\n success: z.boolean(),\n});\n\n// ============================================================================\n// Current User Schema\n// ============================================================================\n\nexport const currentUserResponseSchema = z\n .object({\n id: z.string(),\n email: z.string().optional(),\n name: z.string().optional(),\n avatarUrl: z.string().optional(),\n roles: z.array(z.string()).optional(),\n permissions: z.array(z.string()).optional(),\n })\n .nullable();\n\n// ============================================================================\n// Credentials Schemas\n// ============================================================================\n\nexport const credentialsSignInBodySchema = z.object({\n email: z.string().email(),\n password: z.string().min(1),\n});\n\nexport const credentialsSignUpBodySchema = z.object({\n email: z.string().email(),\n password: z.string().min(1),\n name: z.string().optional(),\n});\n\nexport const credentialsResponseSchema = z.object({\n user: authenticatedUserSchema,\n token: z.string().optional(),\n});\n\n/**\n * Response schema for GET /auth/permission-patterns.\n *\n * Returns the authoritative list of valid permission-pattern strings (the keys\n * of the EE `PERMISSION_PATTERNS` table). Studio fetches this to validate the\n * hardcoded route→permission literals it ships, replacing a compile-time\n * `@mastra/core/auth/ee` import in the browser bundle.\n */\nexport const permissionPatternsResponseSchema = z.object({\n patterns: z.array(z.string()),\n});\n"]}