@agent-native/core 0.12.12 → 0.12.14

package/dist/server/credential-provider.d.ts

@@ -46,20 +46,22 @@ export declare class FeatureNotConfiguredError extends Error {
  * Multi-tenant call sites must gate this explicitly before calling.
  */
 export declare function readDeployCredentialEnv(key: string): string | undefined;
+type BuilderCredentialSource = "user" | "org" | "env";
+/**
+ * Resolve a Builder credential for the current request. User/org credentials
+ * win; deployment env is only a fallback. This lets local/root .env keys keep
+ * a template working while still allowing users to connect their own Builder
+ * account from Settings or onboarding.
+ */
 export declare function resolveBuilderCredential(key: string): Promise<string | null>;
 /**
- * True when `BUILDER_PRIVATE_KEY` is set at the deployment level — every
- * user of this deploy shares the operator's Builder identity, and per-user
- * connect/disconnect is disabled. UIs read this via `/builder/status` to
- * swap the "Connect Builder" prompts for a read-only "managed by deployment"
- * chip and to suppress the disconnect button.
+ * True when `BUILDER_PRIVATE_KEY` is set at the deployment level. This means
+ * a deploy-level fallback exists; it does not prevent per-user connect.
  */
 export declare function isBuilderEnvManaged(): boolean;
 /**
- * Resolve the Builder private key for the current request. In env-managed
- * mode (deploy-level `BUILDER_PRIVATE_KEY` set) returns the env value for
- * every caller. Otherwise reads the current user's per-user OAuth-stored
- * key from `app_secrets`.
+ * Resolve the Builder private key for the current request. User/org OAuth
+ * credentials win; deploy-level `BUILDER_PRIVATE_KEY` is the fallback.
  */
 export declare function resolveBuilderPrivateKey(): Promise<string | null>;
 /**
@@ -72,6 +74,11 @@ export declare function resolveBuilderAuthHeader(): Promise<string | null>;
  * (per-user or deployment-level).
  */
 export declare function resolveHasBuilderPrivateKey(): Promise<boolean>;
+/**
+ * Resolve where the effective Builder private key came from. Used by status
+ * UIs so they can distinguish a deploy fallback from a user/org connection.
+ */
+export declare function resolveBuilderCredentialSource(): Promise<BuilderCredentialSource | null>;
 /**
  * Resolve all per-user Builder credentials. Used by the status endpoint
  * and agent-chat-plugin to get orgName, userId, etc.
@@ -136,11 +143,9 @@ export declare function resolveSecret(key: string): Promise<string | null>;
 /**
  * True when a Builder private key is configured at the deployment level.
  *
- * This is the same check as `isBuilderEnvManaged()` (env-managed mode is
- * defined as "deploy-level BUILDER_PRIVATE_KEY is set"). Prefer
- * `isBuilderEnvManaged()` for new call sites — its name reflects what the
- * boolean means semantically. For "does this user have access to Builder
- * (env or per-user)?" use the async `resolveHasBuilderPrivateKey()`.
+ * This is the same env-only check as `isBuilderEnvManaged()`. For "does this
+ * request have access to Builder via user/org/env credentials?" use the async
+ * `resolveHasBuilderPrivateKey()`.
  */
 export declare function hasBuilderPrivateKey(): boolean;
 /** The origin for Builder-proxied API calls. Overridable for testing. */
@@ -160,4 +165,5 @@ export declare function getBuilderGatewayBaseUrl(): string;
 export declare function getBuilderImageGenerationBaseUrl(): string;
 /** Authorization header value for Builder-proxied calls (env-only). */
 export declare function getBuilderAuthHeader(): string | null;
+export {};
 //# sourceMappingURL=credential-provider.d.ts.map

package/dist/server/credential-provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"credential-provider.d.ts","sourceRoot":"","sources":["../../src/server/credential-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH;;;;;;;;GAQG;AACH,wBAAgB,2BAA2B,CACzC,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC9B;IAAE,KAAK,EAAE,MAAM,GAAG,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAK5C;AAED,qBAAa,yBAA0B,SAAQ,KAAK;IAClD,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;gBAElB,IAAI,EAAE;QAChB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB;CAUF;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEvE;AAwBD,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAyCxB;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,CAE7C;AAED;;;;;GAKG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAEvE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAGvE;AAED;;;GAGG;AACH,wBAAsB,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC,CAEpE;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC;IACzD,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CASD;AAUD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EACb,KAAK,EAAE;IACL,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,EACD,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GACxD,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,GAAG,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAgCrD;AAED;;;;;;;;;GASG;AACH,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GACxD,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,GAAG,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAiBrD;AAeD;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAoDvE;AAOD;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,IAAI,OAAO,CAE9C;AAED,yEAAyE;AACzE,wBAAgB,qBAAqB,IAAI,MAAM,CAO9C;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,IAAI,MAAM,CAKjD;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,IAAI,MAAM,CAKzD;AAED,uEAAuE;AACvE,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,IAAI,CAGpD"}
+{"version":3,"file":"credential-provider.d.ts","sourceRoot":"","sources":["../../src/server/credential-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH;;;;;;;;GAQG;AACH,wBAAgB,2BAA2B,CACzC,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC9B;IAAE,KAAK,EAAE,MAAM,GAAG,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAK5C;AAED,qBAAa,yBAA0B,SAAQ,KAAK;IAClD,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;gBAElB,IAAI,EAAE;QAChB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB;CAUF;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEvE;AAiBD,KAAK,uBAAuB,GAAG,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;AAwCtD;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAIxB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAI,OAAO,CAE7C;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAEvE;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAGvE;AAED;;;GAGG;AACH,wBAAsB,2BAA2B,IAAI,OAAO,CAAC,OAAO,CAAC,CAEpE;AAED;;;GAGG;AACH,wBAAsB,8BAA8B,IAAI,OAAO,CAAC,uBAAuB,GAAG,IAAI,CAAC,CAI9F;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,IAAI,OAAO,CAAC;IACzD,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAAC,CASD;AAUD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,MAAM,EACb,KAAK,EAAE;IACL,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB,EACD,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GACxD,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,GAAG,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAgCrD;AAED;;;;;;;;;GASG;AACH,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE;IAAE,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GACxD,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,GAAG,KAAK,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAiBrD;AAeD;;;;GAIG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAoDvE;AAOD;;;;;;GAMG;AACH,wBAAgB,oBAAoB,IAAI,OAAO,CAE9C;AAED,yEAAyE;AACzE,wBAAgB,qBAAqB,IAAI,MAAM,CAO9C;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,IAAI,MAAM,CAKjD;AAED;;;GAGG;AACH,wBAAgB,gCAAgC,IAAI,MAAM,CAKzD;AAED,uEAAuE;AACvE,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,IAAI,CAGpD"}

package/dist/server/credential-provider.js

@@ -53,35 +53,7 @@ export class FeatureNotConfiguredError extends Error {
 export function readDeployCredentialEnv(key) {
     return process.env[key] || undefined;
 }
-// ---------------------------------------------------------------------------
-// Builder credential resolution — two mutually-exclusive deployment modes:
-//
-//   1. **Single-tenant / env-managed.** When BUILDER_PRIVATE_KEY is set at
-//      the deployment level, it is THE Builder identity for every user of
-//      this deploy. The operator setting the env explicitly opts in to
-//      "everyone shares one Builder space" — same shape as DATABASE_URL or
-//      BETTER_AUTH_SECRET. The UI hides the per-user connect/disconnect
-//      flow when env-managed (see `isBuilderEnvManaged`).
-//
-//   2. **Multi-tenant / per-user OAuth.** When the env is unset, each user
-//      OAuth-connects their own Builder via the cli-auth flow. Their keys
-//      land in `app_secrets` (scope=user, scopeId=email) via the callback
-//      handler. They can disconnect via the settings panel.
-//
-// To run multi-tenant SaaS: leave the env unset. Setting BUILDER_PRIVATE_KEY
-// on a multi-tenant deploy will silently route every authenticated user
-// through the env-key owner's Builder identity — that was the KVesta Space
-// cross-tenant attribution leak (2026-04). The mode is binary: env-set
-// means single-tenant intent.
-// ---------------------------------------------------------------------------
-export async function resolveBuilderCredential(key) {
-    // Env-managed mode wins when set: deploy-level Builder identity for
-    // every user. Per-user app_secrets (left over from a previous OAuth
-    // connection or a mode switch) are intentionally ignored — the
-    // operator's deploy-level config is authoritative.
-    const envValue = readDeployCredentialEnv(key);
-    if (envValue)
-        return envValue;
+async function resolveScopedBuilderCredential(key) {
     const email = getRequestUserEmail();
     if (!email)
         return null;
@@ -95,7 +67,7 @@ export async function resolveBuilderCredential(key) {
             scopeId: email,
         });
         if (userSecret)
-            return userSecret.value;
+            return { value: userSecret.value, source: "user" };
         // 2. Per-org shared credential: when one teammate connects Builder
         //    as an owner/admin we write the OAuth result at org scope so
         //    every member of that org gets the AI chat working without
@@ -109,7 +81,7 @@ export async function resolveBuilderCredential(key) {
                 scopeId: orgId,
             });
             if (orgSecret)
-                return orgSecret.value;
+                return { value: orgSecret.value, source: "org" };
         }
     }
     catch {
@@ -118,20 +90,27 @@ export async function resolveBuilderCredential(key) {
     return null;
 }
 /**
- * True when `BUILDER_PRIVATE_KEY` is set at the deployment level — every
- * user of this deploy shares the operator's Builder identity, and per-user
- * connect/disconnect is disabled. UIs read this via `/builder/status` to
- * swap the "Connect Builder" prompts for a read-only "managed by deployment"
- * chip and to suppress the disconnect button.
+ * Resolve a Builder credential for the current request. User/org credentials
+ * win; deployment env is only a fallback. This lets local/root .env keys keep
+ * a template working while still allowing users to connect their own Builder
+ * account from Settings or onboarding.
+ */
+export async function resolveBuilderCredential(key) {
+    const scoped = await resolveScopedBuilderCredential(key);
+    if (scoped)
+        return scoped.value;
+    return readDeployCredentialEnv(key) ?? null;
+}
+/**
+ * True when `BUILDER_PRIVATE_KEY` is set at the deployment level. This means
+ * a deploy-level fallback exists; it does not prevent per-user connect.
  */
 export function isBuilderEnvManaged() {
     return !!process.env.BUILDER_PRIVATE_KEY;
 }
 /**
- * Resolve the Builder private key for the current request. In env-managed
- * mode (deploy-level `BUILDER_PRIVATE_KEY` set) returns the env value for
- * every caller. Otherwise reads the current user's per-user OAuth-stored
- * key from `app_secrets`.
+ * Resolve the Builder private key for the current request. User/org OAuth
+ * credentials win; deploy-level `BUILDER_PRIVATE_KEY` is the fallback.
  */
 export async function resolveBuilderPrivateKey() {
     return resolveBuilderCredential("BUILDER_PRIVATE_KEY");
@@ -151,6 +130,16 @@ export async function resolveBuilderAuthHeader() {
 export async function resolveHasBuilderPrivateKey() {
     return !!(await resolveBuilderPrivateKey());
 }
+/**
+ * Resolve where the effective Builder private key came from. Used by status
+ * UIs so they can distinguish a deploy fallback from a user/org connection.
+ */
+export async function resolveBuilderCredentialSource() {
+    const scoped = await resolveScopedBuilderCredential("BUILDER_PRIVATE_KEY");
+    if (scoped)
+        return scoped.source;
+    return process.env.BUILDER_PRIVATE_KEY ? "env" : null;
+}
 /**
  * Resolve all per-user Builder credentials. Used by the status endpoint
  * and agent-chat-plugin to get orgName, userId, etc.
@@ -311,11 +300,9 @@ export async function resolveSecret(key) {
 /**
  * True when a Builder private key is configured at the deployment level.
  *
- * This is the same check as `isBuilderEnvManaged()` (env-managed mode is
- * defined as "deploy-level BUILDER_PRIVATE_KEY is set"). Prefer
- * `isBuilderEnvManaged()` for new call sites — its name reflects what the
- * boolean means semantically. For "does this user have access to Builder
- * (env or per-user)?" use the async `resolveHasBuilderPrivateKey()`.
+ * This is the same env-only check as `isBuilderEnvManaged()`. For "does this
+ * request have access to Builder via user/org/env credentials?" use the async
+ * `resolveHasBuilderPrivateKey()`.
  */
 export function hasBuilderPrivateKey() {
     return !!process.env.BUILDER_PRIVATE_KEY;

package/dist/server/credential-provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"credential-provider.js","sourceRoot":"","sources":["../../src/server/credential-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5E;;;;;;;;GAQG;AACH,MAAM,UAAU,2BAA2B,CACzC,KAAa,EACb,KAAgC,EAChC,IAA+B;IAE/B,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;QACpD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC1C,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,yBAA0B,SAAQ,KAAK;IACzC,kBAAkB,CAAS;IAC3B,iBAAiB,CAAU;IAC3B,WAAW,CAAU;IAE9B,YAAY,IAKX;QACC,KAAK,CACH,IAAI,CAAC,OAAO;YACV,gCAAgC,IAAI,CAAC,kBAAkB,yCAAyC,CACnG,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;QACxC,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC;QAClD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IACtC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAW;IACjD,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;AACvC,CAAC;AAED,8EAA8E;AAC9E,2EAA2E;AAC3E,EAAE;AACF,2EAA2E;AAC3E,0EAA0E;AAC1E,uEAAuE;AACvE,2EAA2E;AAC3E,wEAAwE;AACxE,0DAA0D;AAC1D,EAAE;AACF,2EAA2E;AAC3E,0EAA0E;AAC1E,0EAA0E;AAC1E,4DAA4D;AAC5D,EAAE;AACF,6EAA6E;AAC7E,wEAAwE;AACxE,2EAA2E;AAC3E,uEAAuE;AACvE,8BAA8B;AAC9B,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAW;IAEX,oEAAoE;IACpE,oEAAoE;IACpE,+DAA+D;IAC/D,mDAAmD;IACnD,MAAM,QAAQ,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAC9C,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAE9B,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,CAAC;QACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAEhE,sEAAsE;QACtE,iEAAiE;QACjE,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC;YACrC,GAAG;YACH,KAAK,EAAE,MAAM;YACb,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,IAAI,UAAU;YAAE,OAAO,UAAU,CAAC,KAAK,CAAC;QAExC,mEAAmE;QACnE,iEAAiE;QACjE,+DAA+D;QAC/D,6DAA6D;QAC7D,mEAAmE;QACnE,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;QAChC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC;gBACpC,GAAG;gBACH,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;YACH,IAAI,SAAS;gBAAE,OAAO,SAAS,CAAC,KAAK,CAAC;QACxC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AAC3C,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,OAAO,wBAAwB,CAAC,qBAAqB,CAAC,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,MAAM,GAAG,GAAG,MAAM,wBAAwB,EAAE,CAAC;IAC7C,OAAO,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B;IAC/C,OAAO,CAAC,CAAC,CAAC,MAAM,wBAAwB,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAO7C,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC1E,wBAAwB,CAAC,qBAAqB,CAAC;QAC/C,wBAAwB,CAAC,oBAAoB,CAAC;QAC9C,wBAAwB,CAAC,iBAAiB,CAAC;QAC3C,wBAAwB,CAAC,kBAAkB,CAAC;QAC5C,wBAAwB,CAAC,kBAAkB,CAAC;KAC7C,CAAC,CAAC;IACH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC7D,CAAC;AAED,MAAM,uBAAuB,GAAG;IAC9B,qBAAqB;IACrB,oBAAoB;IACpB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;CACV,CAAC;AAEX;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAAa,EACb,KAMC,EACD,OAAyD;IAEzD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,2BAA2B,CACxC,KAAK,EACL,OAAO,EAAE,KAAK,IAAI,IAAI,EACtB,OAAO,EAAE,IAAI,IAAI,IAAI,CACtB,CAAC;IAEF,MAAM,OAAO,GAA0C;QACrD,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,KAAK,CAAC,UAAU,EAAE;QACvD,EAAE,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE;KACtD,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,OAAO,CAAC,GAAG,CACf,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAC7B,cAAc,CAAC;QACb,GAAG;QACH,KAAK;QACL,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CACH,CACF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAAa,EACb,OAAyD;IAEzD,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,2BAA2B,CACxC,KAAK,EACL,OAAO,EAAE,KAAK,IAAI,IAAI,EACtB,OAAO,EAAE,IAAI,IAAI,IAAI,CACtB,CAAC;IACF,MAAM,OAAO,CAAC,GAAG,CACf,uBAAuB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAClC,eAAe,CAAC;QACd,GAAG;QACH,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CACnB,CACF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,2CAA2C;AAC3C,EAAE;AACF,0EAA0E;AAC1E,wEAAwE;AACxE,0EAA0E;AAC1E,4EAA4E;AAC5E,yEAAyE;AACzE,0EAA0E;AAC1E,mEAAmE;AACnE,2BAA2B;AAC3B,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAW;IAC7C,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;YAChE,2BAA2B;YAC3B,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC;gBACrC,GAAG;gBACH,KAAK,EAAE,MAAM;gBACb,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;YACH,IAAI,UAAU,EAAE,KAAK;gBAAE,OAAO,UAAU,CAAC,KAAK,CAAC;YAE/C,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;YAChC,IAAI,KAAK,EAAE,CAAC;gBACV,kEAAkE;gBAClE,2CAA2C;gBAC3C,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC;oBACpC,GAAG;oBACH,KAAK,EAAE,KAAK;oBACZ,OAAO,EAAE,KAAK;iBACf,CAAC,CAAC;gBACH,IAAI,SAAS,EAAE,KAAK;oBAAE,OAAO,SAAS,CAAC,KAAK,CAAC;gBAE7C,6DAA6D;gBAC7D,mEAAmE;gBACnE,4BAA4B;gBAC5B,MAAM,eAAe,GAAG,MAAM,aAAa,CAAC;oBAC1C,GAAG;oBACH,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,KAAK;iBACf,CAAC,CAAC;gBACH,IAAI,eAAe,EAAE,KAAK;oBAAE,OAAO,eAAe,CAAC,KAAK,CAAC;YAC3D,CAAC;iBAAM,CAAC;gBACN,MAAM,mBAAmB,GAAG,MAAM,aAAa,CAAC;oBAC9C,GAAG;oBACH,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,QAAQ,KAAK,EAAE;iBACzB,CAAC,CAAC;gBACH,IAAI,mBAAmB,EAAE,KAAK;oBAAE,OAAO,mBAAmB,CAAC,KAAK,CAAC;YACnE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;QACD,sEAAsE;QACtE,mEAAmE;QACnE,6BAA6B;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,uEAAuE;IACvE,mDAAmD;IACnD,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;AAClC,CAAC;AAED,8EAA8E;AAC9E,uEAAuE;AACvE,iEAAiE;AACjE,8EAA8E;AAE9E;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AAC3C,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,qBAAqB;IACnC,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAChC,OAAO,CAAC,GAAG,CAAC,QAAQ;QACpB,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,gCAAgC,CACjC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACpC,gDAAgD,CACjD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gCAAgC;IAC9C,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,iCAAiC;QAC7C,+CAA+C,CAChD,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,oBAAoB;IAClC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAC5C,OAAO,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACtC,CAAC","sourcesContent":["/**\n * Credential provider abstraction.\n *\n * Every feature that needs an external credential (Anthropic API key,\n * Google OAuth tokens, OpenAI key, Slack bot token, etc.) should go through\n * one of the resolve*() helpers here instead of reading `process.env`\n * directly. That way the same feature can work in three modes:\n *\n *   1. User set their own key in .env              → use it directly\n *   2. User connected Builder via `/cli-auth`      → route through Builder proxy\n *   3. Neither                                      → throw FeatureNotConfigured\n *\n * Templates catch FeatureNotConfigured and show a \"Connect Builder (1 click) /\n * set up your own key (guide)\" card.\n *\n * Today these helpers are used by the Builder-hosted LLM gateway, and the\n * shape is meant to grow to cover future managed credential integrations\n * (e.g. additional Builder-hosted services) without rewrites.\n */\n\nimport { getRequestUserEmail, getRequestOrgId } from \"./request-context.js\";\n\n/**\n * Decide which `app_secrets` scope a Builder/credential write should use.\n *\n * Org scope (\"everyone in this org sees these credentials\") wins when the\n * connecting user is an owner or admin of an active org — the write\n * privileges shared infra. A plain member or a user without an active\n * org falls through to per-user scope so a teammate can't silently\n * overwrite the org-shared connection.\n */\nexport function resolveCredentialWriteScope(\n  email: string,\n  orgId: string | null | undefined,\n  role: string | null | undefined,\n): { scope: \"user\" | \"org\"; scopeId: string } {\n  if (orgId && (role === \"owner\" || role === \"admin\")) {\n    return { scope: \"org\", scopeId: orgId };\n  }\n  return { scope: \"user\", scopeId: email };\n}\n\nexport class FeatureNotConfiguredError extends Error {\n  readonly requiredCredential: string;\n  readonly builderConnectUrl?: string;\n  readonly byokDocsUrl?: string;\n\n  constructor(opts: {\n    requiredCredential: string;\n    message?: string;\n    builderConnectUrl?: string;\n    byokDocsUrl?: string;\n  }) {\n    super(\n      opts.message ??\n        `Feature requires credential \"${opts.requiredCredential}\". Connect Builder or set your own key.`,\n    );\n    this.name = \"FeatureNotConfiguredError\";\n    this.requiredCredential = opts.requiredCredential;\n    this.builderConnectUrl = opts.builderConnectUrl;\n    this.byokDocsUrl = opts.byokDocsUrl;\n  }\n}\n\n/**\n * Deployment-level credential fallback for single-tenant/local operation.\n * Multi-tenant call sites must gate this explicitly before calling.\n */\nexport function readDeployCredentialEnv(key: string): string | undefined {\n  return process.env[key] || undefined;\n}\n\n// ---------------------------------------------------------------------------\n// Builder credential resolution — two mutually-exclusive deployment modes:\n//\n//   1. **Single-tenant / env-managed.** When BUILDER_PRIVATE_KEY is set at\n//      the deployment level, it is THE Builder identity for every user of\n//      this deploy. The operator setting the env explicitly opts in to\n//      \"everyone shares one Builder space\" — same shape as DATABASE_URL or\n//      BETTER_AUTH_SECRET. The UI hides the per-user connect/disconnect\n//      flow when env-managed (see `isBuilderEnvManaged`).\n//\n//   2. **Multi-tenant / per-user OAuth.** When the env is unset, each user\n//      OAuth-connects their own Builder via the cli-auth flow. Their keys\n//      land in `app_secrets` (scope=user, scopeId=email) via the callback\n//      handler. They can disconnect via the settings panel.\n//\n// To run multi-tenant SaaS: leave the env unset. Setting BUILDER_PRIVATE_KEY\n// on a multi-tenant deploy will silently route every authenticated user\n// through the env-key owner's Builder identity — that was the KVesta Space\n// cross-tenant attribution leak (2026-04). The mode is binary: env-set\n// means single-tenant intent.\n// ---------------------------------------------------------------------------\n\nexport async function resolveBuilderCredential(\n  key: string,\n): Promise<string | null> {\n  // Env-managed mode wins when set: deploy-level Builder identity for\n  // every user. Per-user app_secrets (left over from a previous OAuth\n  // connection or a mode switch) are intentionally ignored — the\n  // operator's deploy-level config is authoritative.\n  const envValue = readDeployCredentialEnv(key);\n  if (envValue) return envValue;\n\n  const email = getRequestUserEmail();\n  if (!email) return null;\n\n  try {\n    const { readAppSecret } = await import(\"../secrets/storage.js\");\n\n    // 1. Per-user override: a user can paste their own key in settings to\n    //    overrule the org-shared one (handy for a personal sandbox).\n    const userSecret = await readAppSecret({\n      key,\n      scope: \"user\",\n      scopeId: email,\n    });\n    if (userSecret) return userSecret.value;\n\n    // 2. Per-org shared credential: when one teammate connects Builder\n    //    as an owner/admin we write the OAuth result at org scope so\n    //    every member of that org gets the AI chat working without\n    //    re-running the connect flow. Resolution falls back here\n    //    silently — the caller never has to know which scope answered.\n    const orgId = getRequestOrgId();\n    if (orgId) {\n      const orgSecret = await readAppSecret({\n        key,\n        scope: \"org\",\n        scopeId: orgId,\n      });\n      if (orgSecret) return orgSecret.value;\n    }\n  } catch {\n    // Secrets table not ready — treat as missing.\n  }\n  return null;\n}\n\n/**\n * True when `BUILDER_PRIVATE_KEY` is set at the deployment level — every\n * user of this deploy shares the operator's Builder identity, and per-user\n * connect/disconnect is disabled. UIs read this via `/builder/status` to\n * swap the \"Connect Builder\" prompts for a read-only \"managed by deployment\"\n * chip and to suppress the disconnect button.\n */\nexport function isBuilderEnvManaged(): boolean {\n  return !!process.env.BUILDER_PRIVATE_KEY;\n}\n\n/**\n * Resolve the Builder private key for the current request. In env-managed\n * mode (deploy-level `BUILDER_PRIVATE_KEY` set) returns the env value for\n * every caller. Otherwise reads the current user's per-user OAuth-stored\n * key from `app_secrets`.\n */\nexport async function resolveBuilderPrivateKey(): Promise<string | null> {\n  return resolveBuilderCredential(\"BUILDER_PRIVATE_KEY\");\n}\n\n/**\n * Resolve the current user's Builder auth header.\n * Returns `\"Bearer <key>\"` or null.\n */\nexport async function resolveBuilderAuthHeader(): Promise<string | null> {\n  const key = await resolveBuilderPrivateKey();\n  return key ? `Bearer ${key}` : null;\n}\n\n/**\n * Check whether the current user has a Builder private key configured\n * (per-user or deployment-level).\n */\nexport async function resolveHasBuilderPrivateKey(): Promise<boolean> {\n  return !!(await resolveBuilderPrivateKey());\n}\n\n/**\n * Resolve all per-user Builder credentials. Used by the status endpoint\n * and agent-chat-plugin to get orgName, userId, etc.\n */\nexport async function resolveBuilderCredentials(): Promise<{\n  privateKey: string | null;\n  publicKey: string | null;\n  userId: string | null;\n  orgName: string | null;\n  orgKind: string | null;\n}> {\n  const [privateKey, publicKey, userId, orgName, orgKind] = await Promise.all([\n    resolveBuilderCredential(\"BUILDER_PRIVATE_KEY\"),\n    resolveBuilderCredential(\"BUILDER_PUBLIC_KEY\"),\n    resolveBuilderCredential(\"BUILDER_USER_ID\"),\n    resolveBuilderCredential(\"BUILDER_ORG_NAME\"),\n    resolveBuilderCredential(\"BUILDER_ORG_KIND\"),\n  ]);\n  return { privateKey, publicKey, userId, orgName, orgKind };\n}\n\nconst BUILDER_CREDENTIAL_KEYS = [\n  \"BUILDER_PRIVATE_KEY\",\n  \"BUILDER_PUBLIC_KEY\",\n  \"BUILDER_USER_ID\",\n  \"BUILDER_ORG_NAME\",\n  \"BUILDER_ORG_KIND\",\n] as const;\n\n/**\n * Write Builder credentials to `app_secrets`.\n *\n * Scope decision (see `resolveCredentialWriteScope`): when the connecting\n * user is owner/admin of an active org we write at `scope: \"org\"` so every\n * member of that org auto-resolves the credentials via\n * `resolveBuilderCredential`'s org fallback — no per-user re-connect\n * needed. A plain member or a user with no active org writes at\n * `scope: \"user\"` (the safe default that doesn't trample the org's shared\n * connection).\n *\n * Returns the actual scope/scopeId used so the caller can show \"Connected\n * for Builder.io\" vs \"Connected (personal)\" in the UI.\n */\nexport async function writeBuilderCredentials(\n  email: string,\n  creds: {\n    privateKey: string;\n    publicKey: string;\n    userId?: string | null;\n    orgName?: string | null;\n    orgKind?: string | null;\n  },\n  options?: { orgId?: string | null; role?: string | null },\n): Promise<{ scope: \"user\" | \"org\"; scopeId: string }> {\n  const { writeAppSecret } = await import(\"../secrets/storage.js\");\n  const target = resolveCredentialWriteScope(\n    email,\n    options?.orgId ?? null,\n    options?.role ?? null,\n  );\n\n  const entries: Array<{ key: string; value: string }> = [\n    { key: \"BUILDER_PRIVATE_KEY\", value: creds.privateKey },\n    { key: \"BUILDER_PUBLIC_KEY\", value: creds.publicKey },\n  ];\n  if (creds.userId) {\n    entries.push({ key: \"BUILDER_USER_ID\", value: creds.userId });\n  }\n  if (creds.orgName) {\n    entries.push({ key: \"BUILDER_ORG_NAME\", value: creds.orgName });\n  }\n  if (creds.orgKind) {\n    entries.push({ key: \"BUILDER_ORG_KIND\", value: creds.orgKind });\n  }\n  await Promise.all(\n    entries.map(({ key, value }) =>\n      writeAppSecret({\n        key,\n        value,\n        scope: target.scope,\n        scopeId: target.scopeId,\n      }),\n    ),\n  );\n  return target;\n}\n\n/**\n * Delete Builder credentials.\n *\n * Default behaviour: clears only this user's per-user override (so a\n * member can disconnect their personal Builder identity without\n * collapsing the org-wide connection for every teammate). To revoke the\n * org's shared connection, pass `{ orgId, role }` for an owner/admin —\n * matching the same authority gate `writeBuilderCredentials` uses on\n * write. Plain members can never reach the org-scoped row.\n */\nexport async function deleteBuilderCredentials(\n  email: string,\n  options?: { orgId?: string | null; role?: string | null },\n): Promise<{ scope: \"user\" | \"org\"; scopeId: string }> {\n  const { deleteAppSecret } = await import(\"../secrets/storage.js\");\n  const target = resolveCredentialWriteScope(\n    email,\n    options?.orgId ?? null,\n    options?.role ?? null,\n  );\n  await Promise.all(\n    BUILDER_CREDENTIAL_KEYS.map((key) =>\n      deleteAppSecret({\n        key,\n        scope: target.scope,\n        scopeId: target.scopeId,\n      }).catch(() => {}),\n    ),\n  );\n  return target;\n}\n\n// ---------------------------------------------------------------------------\n// Generic request-scoped secret resolution\n//\n// New consumers should prefer this over reading `process.env.X` directly.\n// User-pasted and shared secrets live in `app_secrets` (encrypted). The\n// settings UI / onboarding panels can write user, org, or workspace rows.\n// Deploy-level env vars are the fallback for unauthenticated/CLI/background\n// contexts where there's no user to scope by — never the silent fallback\n// for an authenticated request, since on a multi-tenant deploy that would\n// silently identify every user as whoever set the deploy-level key\n// (KVesta Space, 2026-04).\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve a request-scoped secret. Reads from `app_secrets` first (current\n * user override, active org, then workspace row); falls back to `process.env`\n * only for unauthenticated/CLI/background contexts.\n */\nexport async function resolveSecret(key: string): Promise<string | null> {\n  const email = getRequestUserEmail();\n  if (email) {\n    try {\n      const { readAppSecret } = await import(\"../secrets/storage.js\");\n      // Per-user override first.\n      const userSecret = await readAppSecret({\n        key,\n        scope: \"user\",\n        scopeId: email,\n      });\n      if (userSecret?.value) return userSecret.value;\n\n      const orgId = getRequestOrgId();\n      if (orgId) {\n        // Fall back to the active org's shared row, when present. Builder\n        // Connect uses this first-class org scope.\n        const orgSecret = await readAppSecret({\n          key,\n          scope: \"org\",\n          scopeId: orgId,\n        });\n        if (orgSecret?.value) return orgSecret.value;\n\n        // Registered secrets historically used \"workspace\" scope for\n        // org-shared configuration. Keep reading it so Settings status and\n        // runtime resolution agree.\n        const workspaceSecret = await readAppSecret({\n          key,\n          scope: \"workspace\",\n          scopeId: orgId,\n        });\n        if (workspaceSecret?.value) return workspaceSecret.value;\n      } else {\n        const soloWorkspaceSecret = await readAppSecret({\n          key,\n          scope: \"workspace\",\n          scopeId: `solo:${email}`,\n        });\n        if (soloWorkspaceSecret?.value) return soloWorkspaceSecret.value;\n      }\n    } catch {\n      // Secrets table not ready — treat as missing.\n    }\n    // Authenticated multi-tenant context: never fall back to process.env.\n    // The deploy-level value would silently impersonate the actual key\n    // owner across every tenant.\n    return null;\n  }\n  // Unauthenticated / local-dev / CLI / background context: env fallback\n  // is safe because there's no user to mis-identify.\n  return process.env[key] || null;\n}\n\n// ---------------------------------------------------------------------------\n// Synchronous helpers — env-only fallbacks for contexts where per-user\n// lookup isn't possible (sync isConfigured checks, CLI scripts).\n// ---------------------------------------------------------------------------\n\n/**\n * True when a Builder private key is configured at the deployment level.\n *\n * This is the same check as `isBuilderEnvManaged()` (env-managed mode is\n * defined as \"deploy-level BUILDER_PRIVATE_KEY is set\"). Prefer\n * `isBuilderEnvManaged()` for new call sites — its name reflects what the\n * boolean means semantically. For \"does this user have access to Builder\n * (env or per-user)?\" use the async `resolveHasBuilderPrivateKey()`.\n */\nexport function hasBuilderPrivateKey(): boolean {\n  return !!process.env.BUILDER_PRIVATE_KEY;\n}\n\n/** The origin for Builder-proxied API calls. Overridable for testing. */\nexport function getBuilderProxyOrigin(): string {\n  return (\n    process.env.BUILDER_PROXY_ORIGIN ||\n    process.env.AIR_HOST ||\n    process.env.BUILDER_API_HOST ||\n    \"https://ai-services.builder.io\"\n  );\n}\n\n/**\n * Base URL for the public Builder LLM gateway (distinct from the internal\n * proxy origin above — the public gateway lives at\n * api.builder.io/agent-native/gateway, while the internal origin is\n * ai-services.builder.io).\n * Override via BUILDER_GATEWAY_BASE_URL for staging / testing.\n */\nexport function getBuilderGatewayBaseUrl(): string {\n  return (\n    process.env.BUILDER_GATEWAY_BASE_URL ||\n    \"https://api.builder.io/agent-native/gateway/v1\"\n  );\n}\n\n/**\n * Base URL for Builder-managed image generation.\n * Override via BUILDER_IMAGE_GENERATION_BASE_URL for staging / testing.\n */\nexport function getBuilderImageGenerationBaseUrl(): string {\n  return (\n    process.env.BUILDER_IMAGE_GENERATION_BASE_URL ||\n    \"https://api.builder.io/agent-native/images/v1\"\n  );\n}\n\n/** Authorization header value for Builder-proxied calls (env-only). */\nexport function getBuilderAuthHeader(): string | null {\n  const key = process.env.BUILDER_PRIVATE_KEY;\n  return key ? `Bearer ${key}` : null;\n}\n"]}
+{"version":3,"file":"credential-provider.js","sourceRoot":"","sources":["../../src/server/credential-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5E;;;;;;;;GAQG;AACH,MAAM,UAAU,2BAA2B,CACzC,KAAa,EACb,KAAgC,EAChC,IAA+B;IAE/B,IAAI,KAAK,IAAI,CAAC,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;QACpD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC1C,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,OAAO,yBAA0B,SAAQ,KAAK;IACzC,kBAAkB,CAAS;IAC3B,iBAAiB,CAAU;IAC3B,WAAW,CAAU;IAE9B,YAAY,IAKX;QACC,KAAK,CACH,IAAI,CAAC,OAAO;YACV,gCAAgC,IAAI,CAAC,kBAAkB,yCAAyC,CACnG,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,2BAA2B,CAAC;QACxC,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,kBAAkB,CAAC;QAClD,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAChD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IACtC,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAAW;IACjD,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;AACvC,CAAC;AAmBD,KAAK,UAAU,8BAA8B,CAC3C,GAAW;IAEX,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IAExB,IAAI,CAAC;QACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;QAEhE,sEAAsE;QACtE,iEAAiE;QACjE,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC;YACrC,GAAG;YACH,KAAK,EAAE,MAAM;YACb,OAAO,EAAE,KAAK;SACf,CAAC,CAAC;QACH,IAAI,UAAU;YAAE,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAEnE,mEAAmE;QACnE,iEAAiE;QACjE,+DAA+D;QAC/D,6DAA6D;QAC7D,mEAAmE;QACnE,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;QAChC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC;gBACpC,GAAG;gBACH,KAAK,EAAE,KAAK;gBACZ,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;YACH,IAAI,SAAS;gBAAE,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,8CAA8C;IAChD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,GAAW;IAEX,MAAM,MAAM,GAAG,MAAM,8BAA8B,CAAC,GAAG,CAAC,CAAC;IACzD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC,KAAK,CAAC;IAChC,OAAO,uBAAuB,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB;IACjC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AAC3C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,OAAO,wBAAwB,CAAC,qBAAqB,CAAC,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,MAAM,GAAG,GAAG,MAAM,wBAAwB,EAAE,CAAC;IAC7C,OAAO,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACtC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,2BAA2B;IAC/C,OAAO,CAAC,CAAC,CAAC,MAAM,wBAAwB,EAAE,CAAC,CAAC;AAC9C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B;IAClD,MAAM,MAAM,GAAG,MAAM,8BAA8B,CAAC,qBAAqB,CAAC,CAAC;IAC3E,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC,MAAM,CAAC;IACjC,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AACxD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB;IAO7C,MAAM,CAAC,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC1E,wBAAwB,CAAC,qBAAqB,CAAC;QAC/C,wBAAwB,CAAC,oBAAoB,CAAC;QAC9C,wBAAwB,CAAC,iBAAiB,CAAC;QAC3C,wBAAwB,CAAC,kBAAkB,CAAC;QAC5C,wBAAwB,CAAC,kBAAkB,CAAC;KAC7C,CAAC,CAAC;IACH,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC7D,CAAC;AAED,MAAM,uBAAuB,GAAG;IAC9B,qBAAqB;IACrB,oBAAoB;IACpB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;CACV,CAAC;AAEX;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAAa,EACb,KAMC,EACD,OAAyD;IAEzD,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,2BAA2B,CACxC,KAAK,EACL,OAAO,EAAE,KAAK,IAAI,IAAI,EACtB,OAAO,EAAE,IAAI,IAAI,IAAI,CACtB,CAAC;IAEF,MAAM,OAAO,GAA0C;QACrD,EAAE,GAAG,EAAE,qBAAqB,EAAE,KAAK,EAAE,KAAK,CAAC,UAAU,EAAE;QACvD,EAAE,GAAG,EAAE,oBAAoB,EAAE,KAAK,EAAE,KAAK,CAAC,SAAS,EAAE;KACtD,CAAC;IACF,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IAChE,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;QAClB,OAAO,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,OAAO,CAAC,GAAG,CACf,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,CAC7B,cAAc,CAAC;QACb,GAAG;QACH,KAAK;QACL,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CACH,CACF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAAa,EACb,OAAyD;IAEzD,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,2BAA2B,CACxC,KAAK,EACL,OAAO,EAAE,KAAK,IAAI,IAAI,EACtB,OAAO,EAAE,IAAI,IAAI,IAAI,CACtB,CAAC;IACF,MAAM,OAAO,CAAC,GAAG,CACf,uBAAuB,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAClC,eAAe,CAAC;QACd,GAAG;QACH,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CACnB,CACF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,2CAA2C;AAC3C,EAAE;AACF,0EAA0E;AAC1E,wEAAwE;AACxE,0EAA0E;AAC1E,4EAA4E;AAC5E,yEAAyE;AACzE,0EAA0E;AAC1E,mEAAmE;AACnE,2BAA2B;AAC3B,8EAA8E;AAE9E;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAW;IAC7C,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,CAAC;YAChE,2BAA2B;YAC3B,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC;gBACrC,GAAG;gBACH,KAAK,EAAE,MAAM;gBACb,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;YACH,IAAI,UAAU,EAAE,KAAK;gBAAE,OAAO,UAAU,CAAC,KAAK,CAAC;YAE/C,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;YAChC,IAAI,KAAK,EAAE,CAAC;gBACV,kEAAkE;gBAClE,2CAA2C;gBAC3C,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC;oBACpC,GAAG;oBACH,KAAK,EAAE,KAAK;oBACZ,OAAO,EAAE,KAAK;iBACf,CAAC,CAAC;gBACH,IAAI,SAAS,EAAE,KAAK;oBAAE,OAAO,SAAS,CAAC,KAAK,CAAC;gBAE7C,6DAA6D;gBAC7D,mEAAmE;gBACnE,4BAA4B;gBAC5B,MAAM,eAAe,GAAG,MAAM,aAAa,CAAC;oBAC1C,GAAG;oBACH,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,KAAK;iBACf,CAAC,CAAC;gBACH,IAAI,eAAe,EAAE,KAAK;oBAAE,OAAO,eAAe,CAAC,KAAK,CAAC;YAC3D,CAAC;iBAAM,CAAC;gBACN,MAAM,mBAAmB,GAAG,MAAM,aAAa,CAAC;oBAC9C,GAAG;oBACH,KAAK,EAAE,WAAW;oBAClB,OAAO,EAAE,QAAQ,KAAK,EAAE;iBACzB,CAAC,CAAC;gBACH,IAAI,mBAAmB,EAAE,KAAK;oBAAE,OAAO,mBAAmB,CAAC,KAAK,CAAC;YACnE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;QACD,sEAAsE;QACtE,mEAAmE;QACnE,6BAA6B;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,uEAAuE;IACvE,mDAAmD;IACnD,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;AAClC,CAAC;AAED,8EAA8E;AAC9E,uEAAuE;AACvE,iEAAiE;AACjE,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AAC3C,CAAC;AAED,yEAAyE;AACzE,MAAM,UAAU,qBAAqB;IACnC,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAChC,OAAO,CAAC,GAAG,CAAC,QAAQ;QACpB,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAC5B,gCAAgC,CACjC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB;IACtC,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,wBAAwB;QACpC,gDAAgD,CACjD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gCAAgC;IAC9C,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,iCAAiC;QAC7C,+CAA+C,CAChD,CAAC;AACJ,CAAC;AAED,uEAAuE;AACvE,MAAM,UAAU,oBAAoB;IAClC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAC5C,OAAO,GAAG,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AACtC,CAAC","sourcesContent":["/**\n * Credential provider abstraction.\n *\n * Every feature that needs an external credential (Anthropic API key,\n * Google OAuth tokens, OpenAI key, Slack bot token, etc.) should go through\n * one of the resolve*() helpers here instead of reading `process.env`\n * directly. That way the same feature can work in three modes:\n *\n *   1. User set their own key in .env              → use it directly\n *   2. User connected Builder via `/cli-auth`      → route through Builder proxy\n *   3. Neither                                      → throw FeatureNotConfigured\n *\n * Templates catch FeatureNotConfigured and show a \"Connect Builder (1 click) /\n * set up your own key (guide)\" card.\n *\n * Today these helpers are used by the Builder-hosted LLM gateway, and the\n * shape is meant to grow to cover future managed credential integrations\n * (e.g. additional Builder-hosted services) without rewrites.\n */\n\nimport { getRequestUserEmail, getRequestOrgId } from \"./request-context.js\";\n\n/**\n * Decide which `app_secrets` scope a Builder/credential write should use.\n *\n * Org scope (\"everyone in this org sees these credentials\") wins when the\n * connecting user is an owner or admin of an active org — the write\n * privileges shared infra. A plain member or a user without an active\n * org falls through to per-user scope so a teammate can't silently\n * overwrite the org-shared connection.\n */\nexport function resolveCredentialWriteScope(\n  email: string,\n  orgId: string | null | undefined,\n  role: string | null | undefined,\n): { scope: \"user\" | \"org\"; scopeId: string } {\n  if (orgId && (role === \"owner\" || role === \"admin\")) {\n    return { scope: \"org\", scopeId: orgId };\n  }\n  return { scope: \"user\", scopeId: email };\n}\n\nexport class FeatureNotConfiguredError extends Error {\n  readonly requiredCredential: string;\n  readonly builderConnectUrl?: string;\n  readonly byokDocsUrl?: string;\n\n  constructor(opts: {\n    requiredCredential: string;\n    message?: string;\n    builderConnectUrl?: string;\n    byokDocsUrl?: string;\n  }) {\n    super(\n      opts.message ??\n        `Feature requires credential \"${opts.requiredCredential}\". Connect Builder or set your own key.`,\n    );\n    this.name = \"FeatureNotConfiguredError\";\n    this.requiredCredential = opts.requiredCredential;\n    this.builderConnectUrl = opts.builderConnectUrl;\n    this.byokDocsUrl = opts.byokDocsUrl;\n  }\n}\n\n/**\n * Deployment-level credential fallback for single-tenant/local operation.\n * Multi-tenant call sites must gate this explicitly before calling.\n */\nexport function readDeployCredentialEnv(key: string): string | undefined {\n  return process.env[key] || undefined;\n}\n\n// ---------------------------------------------------------------------------\n// Builder credential resolution:\n//\n//   1. **Request-scoped credentials.** A signed-in user can connect Builder\n//      through the CLI-auth flow. Owner/admin connections land at org scope;\n//      member/no-org connections land at user scope.\n//\n//   2. **Deployment fallback.** BUILDER_PRIVATE_KEY in env still makes local\n//      and single-tenant deploys work out of the box, but it no longer blocks\n//      per-user connect. Request-scoped credentials win whenever present.\n//\n// To run multi-tenant SaaS: prefer leaving BUILDER_PRIVATE_KEY unset unless a\n// shared fallback identity is intentional.\n// ---------------------------------------------------------------------------\n\ntype BuilderCredentialSource = \"user\" | \"org\" | \"env\";\n\nasync function resolveScopedBuilderCredential(\n  key: string,\n): Promise<{ value: string; source: \"user\" | \"org\" } | null> {\n  const email = getRequestUserEmail();\n  if (!email) return null;\n\n  try {\n    const { readAppSecret } = await import(\"../secrets/storage.js\");\n\n    // 1. Per-user override: a user can paste their own key in settings to\n    //    overrule the org-shared one (handy for a personal sandbox).\n    const userSecret = await readAppSecret({\n      key,\n      scope: \"user\",\n      scopeId: email,\n    });\n    if (userSecret) return { value: userSecret.value, source: \"user\" };\n\n    // 2. Per-org shared credential: when one teammate connects Builder\n    //    as an owner/admin we write the OAuth result at org scope so\n    //    every member of that org gets the AI chat working without\n    //    re-running the connect flow. Resolution falls back here\n    //    silently — the caller never has to know which scope answered.\n    const orgId = getRequestOrgId();\n    if (orgId) {\n      const orgSecret = await readAppSecret({\n        key,\n        scope: \"org\",\n        scopeId: orgId,\n      });\n      if (orgSecret) return { value: orgSecret.value, source: \"org\" };\n    }\n  } catch {\n    // Secrets table not ready — treat as missing.\n  }\n  return null;\n}\n\n/**\n * Resolve a Builder credential for the current request. User/org credentials\n * win; deployment env is only a fallback. This lets local/root .env keys keep\n * a template working while still allowing users to connect their own Builder\n * account from Settings or onboarding.\n */\nexport async function resolveBuilderCredential(\n  key: string,\n): Promise<string | null> {\n  const scoped = await resolveScopedBuilderCredential(key);\n  if (scoped) return scoped.value;\n  return readDeployCredentialEnv(key) ?? null;\n}\n\n/**\n * True when `BUILDER_PRIVATE_KEY` is set at the deployment level. This means\n * a deploy-level fallback exists; it does not prevent per-user connect.\n */\nexport function isBuilderEnvManaged(): boolean {\n  return !!process.env.BUILDER_PRIVATE_KEY;\n}\n\n/**\n * Resolve the Builder private key for the current request. User/org OAuth\n * credentials win; deploy-level `BUILDER_PRIVATE_KEY` is the fallback.\n */\nexport async function resolveBuilderPrivateKey(): Promise<string | null> {\n  return resolveBuilderCredential(\"BUILDER_PRIVATE_KEY\");\n}\n\n/**\n * Resolve the current user's Builder auth header.\n * Returns `\"Bearer <key>\"` or null.\n */\nexport async function resolveBuilderAuthHeader(): Promise<string | null> {\n  const key = await resolveBuilderPrivateKey();\n  return key ? `Bearer ${key}` : null;\n}\n\n/**\n * Check whether the current user has a Builder private key configured\n * (per-user or deployment-level).\n */\nexport async function resolveHasBuilderPrivateKey(): Promise<boolean> {\n  return !!(await resolveBuilderPrivateKey());\n}\n\n/**\n * Resolve where the effective Builder private key came from. Used by status\n * UIs so they can distinguish a deploy fallback from a user/org connection.\n */\nexport async function resolveBuilderCredentialSource(): Promise<BuilderCredentialSource | null> {\n  const scoped = await resolveScopedBuilderCredential(\"BUILDER_PRIVATE_KEY\");\n  if (scoped) return scoped.source;\n  return process.env.BUILDER_PRIVATE_KEY ? \"env\" : null;\n}\n\n/**\n * Resolve all per-user Builder credentials. Used by the status endpoint\n * and agent-chat-plugin to get orgName, userId, etc.\n */\nexport async function resolveBuilderCredentials(): Promise<{\n  privateKey: string | null;\n  publicKey: string | null;\n  userId: string | null;\n  orgName: string | null;\n  orgKind: string | null;\n}> {\n  const [privateKey, publicKey, userId, orgName, orgKind] = await Promise.all([\n    resolveBuilderCredential(\"BUILDER_PRIVATE_KEY\"),\n    resolveBuilderCredential(\"BUILDER_PUBLIC_KEY\"),\n    resolveBuilderCredential(\"BUILDER_USER_ID\"),\n    resolveBuilderCredential(\"BUILDER_ORG_NAME\"),\n    resolveBuilderCredential(\"BUILDER_ORG_KIND\"),\n  ]);\n  return { privateKey, publicKey, userId, orgName, orgKind };\n}\n\nconst BUILDER_CREDENTIAL_KEYS = [\n  \"BUILDER_PRIVATE_KEY\",\n  \"BUILDER_PUBLIC_KEY\",\n  \"BUILDER_USER_ID\",\n  \"BUILDER_ORG_NAME\",\n  \"BUILDER_ORG_KIND\",\n] as const;\n\n/**\n * Write Builder credentials to `app_secrets`.\n *\n * Scope decision (see `resolveCredentialWriteScope`): when the connecting\n * user is owner/admin of an active org we write at `scope: \"org\"` so every\n * member of that org auto-resolves the credentials via\n * `resolveBuilderCredential`'s org fallback — no per-user re-connect\n * needed. A plain member or a user with no active org writes at\n * `scope: \"user\"` (the safe default that doesn't trample the org's shared\n * connection).\n *\n * Returns the actual scope/scopeId used so the caller can show \"Connected\n * for Builder.io\" vs \"Connected (personal)\" in the UI.\n */\nexport async function writeBuilderCredentials(\n  email: string,\n  creds: {\n    privateKey: string;\n    publicKey: string;\n    userId?: string | null;\n    orgName?: string | null;\n    orgKind?: string | null;\n  },\n  options?: { orgId?: string | null; role?: string | null },\n): Promise<{ scope: \"user\" | \"org\"; scopeId: string }> {\n  const { writeAppSecret } = await import(\"../secrets/storage.js\");\n  const target = resolveCredentialWriteScope(\n    email,\n    options?.orgId ?? null,\n    options?.role ?? null,\n  );\n\n  const entries: Array<{ key: string; value: string }> = [\n    { key: \"BUILDER_PRIVATE_KEY\", value: creds.privateKey },\n    { key: \"BUILDER_PUBLIC_KEY\", value: creds.publicKey },\n  ];\n  if (creds.userId) {\n    entries.push({ key: \"BUILDER_USER_ID\", value: creds.userId });\n  }\n  if (creds.orgName) {\n    entries.push({ key: \"BUILDER_ORG_NAME\", value: creds.orgName });\n  }\n  if (creds.orgKind) {\n    entries.push({ key: \"BUILDER_ORG_KIND\", value: creds.orgKind });\n  }\n  await Promise.all(\n    entries.map(({ key, value }) =>\n      writeAppSecret({\n        key,\n        value,\n        scope: target.scope,\n        scopeId: target.scopeId,\n      }),\n    ),\n  );\n  return target;\n}\n\n/**\n * Delete Builder credentials.\n *\n * Default behaviour: clears only this user's per-user override (so a\n * member can disconnect their personal Builder identity without\n * collapsing the org-wide connection for every teammate). To revoke the\n * org's shared connection, pass `{ orgId, role }` for an owner/admin —\n * matching the same authority gate `writeBuilderCredentials` uses on\n * write. Plain members can never reach the org-scoped row.\n */\nexport async function deleteBuilderCredentials(\n  email: string,\n  options?: { orgId?: string | null; role?: string | null },\n): Promise<{ scope: \"user\" | \"org\"; scopeId: string }> {\n  const { deleteAppSecret } = await import(\"../secrets/storage.js\");\n  const target = resolveCredentialWriteScope(\n    email,\n    options?.orgId ?? null,\n    options?.role ?? null,\n  );\n  await Promise.all(\n    BUILDER_CREDENTIAL_KEYS.map((key) =>\n      deleteAppSecret({\n        key,\n        scope: target.scope,\n        scopeId: target.scopeId,\n      }).catch(() => {}),\n    ),\n  );\n  return target;\n}\n\n// ---------------------------------------------------------------------------\n// Generic request-scoped secret resolution\n//\n// New consumers should prefer this over reading `process.env.X` directly.\n// User-pasted and shared secrets live in `app_secrets` (encrypted). The\n// settings UI / onboarding panels can write user, org, or workspace rows.\n// Deploy-level env vars are the fallback for unauthenticated/CLI/background\n// contexts where there's no user to scope by — never the silent fallback\n// for an authenticated request, since on a multi-tenant deploy that would\n// silently identify every user as whoever set the deploy-level key\n// (KVesta Space, 2026-04).\n// ---------------------------------------------------------------------------\n\n/**\n * Resolve a request-scoped secret. Reads from `app_secrets` first (current\n * user override, active org, then workspace row); falls back to `process.env`\n * only for unauthenticated/CLI/background contexts.\n */\nexport async function resolveSecret(key: string): Promise<string | null> {\n  const email = getRequestUserEmail();\n  if (email) {\n    try {\n      const { readAppSecret } = await import(\"../secrets/storage.js\");\n      // Per-user override first.\n      const userSecret = await readAppSecret({\n        key,\n        scope: \"user\",\n        scopeId: email,\n      });\n      if (userSecret?.value) return userSecret.value;\n\n      const orgId = getRequestOrgId();\n      if (orgId) {\n        // Fall back to the active org's shared row, when present. Builder\n        // Connect uses this first-class org scope.\n        const orgSecret = await readAppSecret({\n          key,\n          scope: \"org\",\n          scopeId: orgId,\n        });\n        if (orgSecret?.value) return orgSecret.value;\n\n        // Registered secrets historically used \"workspace\" scope for\n        // org-shared configuration. Keep reading it so Settings status and\n        // runtime resolution agree.\n        const workspaceSecret = await readAppSecret({\n          key,\n          scope: \"workspace\",\n          scopeId: orgId,\n        });\n        if (workspaceSecret?.value) return workspaceSecret.value;\n      } else {\n        const soloWorkspaceSecret = await readAppSecret({\n          key,\n          scope: \"workspace\",\n          scopeId: `solo:${email}`,\n        });\n        if (soloWorkspaceSecret?.value) return soloWorkspaceSecret.value;\n      }\n    } catch {\n      // Secrets table not ready — treat as missing.\n    }\n    // Authenticated multi-tenant context: never fall back to process.env.\n    // The deploy-level value would silently impersonate the actual key\n    // owner across every tenant.\n    return null;\n  }\n  // Unauthenticated / local-dev / CLI / background context: env fallback\n  // is safe because there's no user to mis-identify.\n  return process.env[key] || null;\n}\n\n// ---------------------------------------------------------------------------\n// Synchronous helpers — env-only fallbacks for contexts where per-user\n// lookup isn't possible (sync isConfigured checks, CLI scripts).\n// ---------------------------------------------------------------------------\n\n/**\n * True when a Builder private key is configured at the deployment level.\n *\n * This is the same env-only check as `isBuilderEnvManaged()`. For \"does this\n * request have access to Builder via user/org/env credentials?\" use the async\n * `resolveHasBuilderPrivateKey()`.\n */\nexport function hasBuilderPrivateKey(): boolean {\n  return !!process.env.BUILDER_PRIVATE_KEY;\n}\n\n/** The origin for Builder-proxied API calls. Overridable for testing. */\nexport function getBuilderProxyOrigin(): string {\n  return (\n    process.env.BUILDER_PROXY_ORIGIN ||\n    process.env.AIR_HOST ||\n    process.env.BUILDER_API_HOST ||\n    \"https://ai-services.builder.io\"\n  );\n}\n\n/**\n * Base URL for the public Builder LLM gateway (distinct from the internal\n * proxy origin above — the public gateway lives at\n * api.builder.io/agent-native/gateway, while the internal origin is\n * ai-services.builder.io).\n * Override via BUILDER_GATEWAY_BASE_URL for staging / testing.\n */\nexport function getBuilderGatewayBaseUrl(): string {\n  return (\n    process.env.BUILDER_GATEWAY_BASE_URL ||\n    \"https://api.builder.io/agent-native/gateway/v1\"\n  );\n}\n\n/**\n * Base URL for Builder-managed image generation.\n * Override via BUILDER_IMAGE_GENERATION_BASE_URL for staging / testing.\n */\nexport function getBuilderImageGenerationBaseUrl(): string {\n  return (\n    process.env.BUILDER_IMAGE_GENERATION_BASE_URL ||\n    \"https://api.builder.io/agent-native/images/v1\"\n  );\n}\n\n/** Authorization header value for Builder-proxied calls (env-only). */\nexport function getBuilderAuthHeader(): string | null {\n  const key = process.env.BUILDER_PRIVATE_KEY;\n  return key ? `Bearer ${key}` : null;\n}\n"]}

package/dist/server/onboarding-html.d.ts

@@ -23,6 +23,7 @@ export interface OnboardingHtmlOptions {
         tagline: string;
         description?: string;
         features?: string[];
+        runLocalCommand?: string;
     };
     /**
      * Optional preflight copy shown before redirecting through Google sign-in.
@@ -32,7 +33,7 @@ export interface OnboardingHtmlOptions {
     googleSignInNotice?: {
         host?: string;
         title: string;
-        body: string;
+        body: string | string[];
         continueLabel?: string;
         cancelLabel?: string;
     };

package/dist/server/onboarding-html.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"onboarding-html.d.ts","sourceRoot":"","sources":["../../src/server/onboarding-html.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAkCH,MAAM,WAAW,qBAAqB;IACpC;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;OAIG;IACH,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;IACF;;;;OAIG;IACH,kBAAkB,CAAC,EAAE;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,wBAAgB,iBAAiB,CAAC,IAAI,GAAE,qBAA0B,GAAG,MAAM,CA8uC1E;AAED,kDAAkD;AAClD,eAAO,MAAM,eAAe,QAAsB,CAAC;AAEnD;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAwG7C"}
+{"version":3,"file":"onboarding-html.d.ts","sourceRoot":"","sources":["../../src/server/onboarding-html.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAkCH,MAAM,WAAW,qBAAqB;IACpC;;;;OAIG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;OAIG;IACH,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF;;;;OAIG;IACH,kBAAkB,CAAC,EAAE;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACxB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;CACH;AAED,wBAAgB,iBAAiB,CAAC,IAAI,GAAE,qBAA0B,GAAG,MAAM,CA41C1E;AAED,kDAAkD;AAClD,eAAO,MAAM,eAAe,QAAsB,CAAC;AAEnD;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAwG7C"}

package/dist/server/onboarding-html.js

@@ -45,6 +45,7 @@ export function getOnboardingHtml(opts = {}) {
     const appBasePath = normalizeAppBasePath(process.env.VITE_APP_BASE_PATH || process.env.APP_BASE_PATH);
     const marketing = opts.marketing;
     const hasMarketing = !!marketing;
+    const runLocalCommand = marketing?.runLocalCommand?.trim();
     const brandMarkSrc = withAppBasePath("/agent-native-icon-dark.svg");
     const esc = (s) => s
         .replace(/&/g, "&")
@@ -52,6 +53,14 @@ export function getOnboardingHtml(opts = {}) {
         .replace(/>/g, ">")
         .replace(/"/g, """);
     const googleSignInNotice = opts.googleSignInNotice;
+    const googleNoticeBodyHtml = googleSignInNotice
+        ? (Array.isArray(googleSignInNotice.body)
+            ? googleSignInNotice.body
+            : [googleSignInNotice.body])
+            .filter((body) => body.trim().length > 0)
+            .map((body, index) => `<p class="google-preflight-copy"${index === 0 ? ' id="google-preflight-copy"' : ""}>${esc(body)}</p>`)
+            .join("\n")
+        : "";
     const googleNoticeHtml = showGoogle && googleSignInNotice
         ? `
   <div
@@ -63,7 +72,7 @@ export function getOnboardingHtml(opts = {}) {
     aria-describedby="google-preflight-copy"
   >
     <p class="google-preflight-title" id="google-preflight-title">${esc(googleSignInNotice.title)}</p>
-    <p class="google-preflight-copy" id="google-preflight-copy">${esc(googleSignInNotice.body)}</p>
+${googleNoticeBodyHtml}
     <div class="google-preflight-actions">
       <button type="button" class="btn-primary" id="google-preflight-continue" onclick="__anAcceptGoogleNotice()">${esc(googleSignInNotice.continueLabel ?? "Continue")}</button>
       <button type="button" class="btn-secondary" onclick="__anHideGoogleNotice()">${esc(googleSignInNotice.cancelLabel ?? "Cancel")}</button>
@@ -158,13 +167,68 @@ export function getOnboardingHtml(opts = {}) {
     display: inline-flex;
     align-items: center;
     gap: 0.375rem;
-    margin-top: 2rem;
     font-size: 0.8125rem;
     color: #71717a;
     text-decoration: none;
   }
   .oss-link:hover { color: #a1a1aa; }
   .oss-link svg { width: 15px; height: 15px; flex-shrink: 0; }
+  .marketing-actions {
+    display: flex;
+    flex-wrap: wrap;
+    align-items: center;
+    gap: 0.75rem;
+    margin-top: 2rem;
+  }
+  .run-local-button {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-height: 2.25rem;
+    padding: 0.5rem 0.875rem;
+    background: rgba(255,255,255,0.08);
+    color: #fff;
+    border: 1px solid rgba(255,255,255,0.14);
+    border-radius: 8px;
+    font-size: 0.8125rem;
+    font-weight: 500;
+    cursor: pointer;
+  }
+  .run-local-button:hover {
+    background: rgba(255,255,255,0.12);
+    border-color: rgba(255,255,255,0.24);
+  }
+  .run-local-panel {
+    max-width: 480px;
+    margin-top: 0.75rem;
+    padding: 0.75rem;
+    background: rgba(20,20,20,0.86);
+    border: 1px solid rgba(255,255,255,0.1);
+    border-radius: 10px;
+    box-shadow: 0 14px 36px rgba(0,0,0,0.28);
+  }
+  .run-local-panel[hidden] { display: none; }
+  .run-local-panel code {
+    display: block;
+    overflow-x: auto;
+    padding-bottom: 0.125rem;
+    color: #e5e5e5;
+    font-family: "SFMono-Regular", Consolas, "Liberation Mono", monospace;
+    font-size: 0.75rem;
+    line-height: 1.5;
+    white-space: nowrap;
+  }
+  .copy-run-local {
+    margin-top: 0.625rem;
+    padding: 0.375rem 0.625rem;
+    background: transparent;
+    color: #a1a1aa;
+    border: 1px solid rgba(255,255,255,0.12);
+    border-radius: 6px;
+    font-size: 0.75rem;
+    cursor: pointer;
+  }
+  .copy-run-local:hover { color: #fff; border-color: rgba(255,255,255,0.22); }
   .form-panel {
     flex: 0 0 440px;
     display: flex;
@@ -199,10 +263,18 @@ export function getOnboardingHtml(opts = {}) {
       <p class="app-tagline">${esc(marketing.tagline)}</p>
 ${marketing.description ? `      <p class="app-desc">${esc(marketing.description)}</p>\n` : ""}${marketing.features?.length
             ? `      <ul class="feature-list">\n${marketing.features.map((f) => `        <li>${esc(f)}</li>`).join("\n")}\n      </ul>\n`
-            : ""}      <a class="oss-link" href="https://github.com/BuilderIO/agent-native" target="_blank" rel="noreferrer">
+            : ""}      <div class="marketing-actions">
+${runLocalCommand ? `        <button type="button" class="run-local-button" id="run-local-button" aria-expanded="false" aria-controls="run-local-panel" onclick="__anToggleRunLocalCommand()">Run Locally</button>\n` : ""}        <a class="oss-link" href="https://github.com/BuilderIO/agent-native" target="_blank" rel="noreferrer">
         <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M9 19c-4.3 1.4-4.3-2.5-6-3m12 5v-3.5c0-1 .1-1.4-.5-2 2.8-.3 5.5-1.4 5.5-6a4.6 4.6 0 00-1.3-3.2 4.2 4.2 0 00-.1-3.2s-1.1-.3-3.5 1.3a12.3 12.3 0 00-6.2 0C6.5 2.8 5.4 3.1 5.4 3.1a4.2 4.2 0 00-.1 3.2A4.6 4.6 0 004 9.5c0 4.6 2.7 5.7 5.5 6-.6.6-.6 1.2-.5 2V21"/></svg>
         Open source
       </a>
+      </div>
+${runLocalCommand
+            ? `      <div class="run-local-panel" id="run-local-panel" hidden data-command="${esc(runLocalCommand)}">
+        <code>${esc(runLocalCommand)}</code>
+        <button type="button" class="copy-run-local" id="copy-run-local" onclick="__anCopyRunLocalCommand()">Copy command</button>
+      </div>\n`
+            : ""}
     </div>
   </div>
   <div class="form-panel">`
@@ -616,6 +688,7 @@ ${hasMarketing
     font-size: 0.75rem;
     line-height: 1.55;
   }
+  .google-preflight-copy + .google-preflight-copy { margin-top: 0.5rem; }
   .google-preflight-actions {
     display: flex;
     gap: 0.5rem;
@@ -1274,6 +1347,35 @@ ${googleSignInNotice
         : `
   function __anShouldShowGoogleNotice() { return false; }`}
 ${starfieldScript}
+${runLocalCommand
+        ? `
+  function __anToggleRunLocalCommand() {
+    var panel = document.getElementById('run-local-panel');
+    var button = document.getElementById('run-local-button');
+    if (!panel || !button) return;
+    var nextOpen = panel.hasAttribute('hidden');
+    if (nextOpen) {
+      panel.removeAttribute('hidden');
+    } else {
+      panel.setAttribute('hidden', '');
+    }
+    button.setAttribute('aria-expanded', String(nextOpen));
+  }
+  function __anCopyRunLocalCommand() {
+    var panel = document.getElementById('run-local-panel');
+    var button = document.getElementById('copy-run-local');
+    if (!panel || !button) return;
+    var command = panel.getAttribute('data-command') || '';
+    var original = button.textContent || 'Copy command';
+    function markCopied() {
+      button.textContent = 'Copied';
+      setTimeout(function() { button.textContent = original; }, 1600);
+    }
+    if (navigator.clipboard && navigator.clipboard.writeText) {
+      navigator.clipboard.writeText(command).then(markCopied).catch(function() {});
+    }
+  }`
+        : ""}
 </script>
 </body>
 </html>`;