@agent-native/core 0.12.23 → 0.12.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent/production-agent.d.ts +9 -2
- package/dist/agent/production-agent.d.ts.map +1 -1
- package/dist/agent/production-agent.js +36 -35
- package/dist/agent/production-agent.js.map +1 -1
- package/dist/agent/thread-data-builder.d.ts +26 -1
- package/dist/agent/thread-data-builder.d.ts.map +1 -1
- package/dist/agent/thread-data-builder.js +212 -0
- package/dist/agent/thread-data-builder.js.map +1 -1
- package/dist/agent/types.d.ts +7 -0
- package/dist/agent/types.d.ts.map +1 -1
- package/dist/agent/types.js.map +1 -1
- package/dist/cli/create.d.ts.map +1 -1
- package/dist/cli/create.js +3 -3
- package/dist/cli/create.js.map +1 -1
- package/dist/client/AgentPanel.d.ts.map +1 -1
- package/dist/client/AgentPanel.js +9 -1
- package/dist/client/AgentPanel.js.map +1 -1
- package/dist/client/AssistantChat.d.ts.map +1 -1
- package/dist/client/AssistantChat.js +49 -10
- package/dist/client/AssistantChat.js.map +1 -1
- package/dist/client/ErrorBoundary.d.ts.map +1 -1
- package/dist/client/ErrorBoundary.js +3 -2
- package/dist/client/ErrorBoundary.js.map +1 -1
- package/dist/client/agent-chat-adapter.d.ts.map +1 -1
- package/dist/client/agent-chat-adapter.js +105 -45
- package/dist/client/agent-chat-adapter.js.map +1 -1
- package/dist/client/composer/PromptComposer.js +1 -1
- package/dist/client/composer/PromptComposer.js.map +1 -1
- package/dist/client/composer/TiptapComposer.d.ts +5 -0
- package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
- package/dist/client/composer/TiptapComposer.js +10 -1
- package/dist/client/composer/TiptapComposer.js.map +1 -1
- package/dist/client/onboarding/OnboardingPanel.js +2 -1
- package/dist/client/onboarding/OnboardingPanel.js.map +1 -1
- package/dist/client/progress/RunsTray.d.ts.map +1 -1
- package/dist/client/progress/RunsTray.js +20 -3
- package/dist/client/progress/RunsTray.js.map +1 -1
- package/dist/client/resources/ResourceTree.d.ts.map +1 -1
- package/dist/client/resources/ResourceTree.js +5 -4
- package/dist/client/resources/ResourceTree.js.map +1 -1
- package/dist/client/settings/useBuilderStatus.d.ts.map +1 -1
- package/dist/client/settings/useBuilderStatus.js +5 -3
- package/dist/client/settings/useBuilderStatus.js.map +1 -1
- package/dist/client/sse-event-processor.d.ts.map +1 -1
- package/dist/client/sse-event-processor.js +4 -1
- package/dist/client/sse-event-processor.js.map +1 -1
- package/dist/collab/client.d.ts +9 -0
- package/dist/collab/client.d.ts.map +1 -1
- package/dist/collab/client.js +36 -10
- package/dist/collab/client.js.map +1 -1
- package/dist/onboarding/default-steps.d.ts.map +1 -1
- package/dist/onboarding/default-steps.js +9 -2
- package/dist/onboarding/default-steps.js.map +1 -1
- package/dist/progress/store.d.ts.map +1 -1
- package/dist/progress/store.js +1 -1
- package/dist/progress/store.js.map +1 -1
- package/dist/server/action-routes.d.ts +2 -0
- package/dist/server/action-routes.d.ts.map +1 -1
- package/dist/server/action-routes.js +4 -1
- package/dist/server/action-routes.js.map +1 -1
- package/dist/server/agent-chat-plugin.d.ts.map +1 -1
- package/dist/server/agent-chat-plugin.js +79 -16
- package/dist/server/agent-chat-plugin.js.map +1 -1
- package/dist/server/credential-provider.d.ts +2 -2
- package/dist/server/credential-provider.d.ts.map +1 -1
- package/dist/server/credential-provider.js +22 -1
- package/dist/server/credential-provider.js.map +1 -1
- package/dist/server/google-oauth.js +1 -1
- package/dist/server/google-oauth.js.map +1 -1
- package/dist/server/index.d.ts +1 -1
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +1 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/request-context.d.ts +9 -0
- package/dist/server/request-context.d.ts.map +1 -1
- package/dist/server/request-context.js +13 -0
- package/dist/server/request-context.js.map +1 -1
- package/package.json +1 -1
|
@@ -25,8 +25,8 @@ export declare function engineToProvider(engineName: string): string;
|
|
|
25
25
|
/**
|
|
26
26
|
* Resolve the active engine's provider and look up the user's API key for it.
|
|
27
27
|
*
|
|
28
|
-
* In
|
|
29
|
-
*
|
|
28
|
+
* In shared hosted deploys we deliberately refuse the deploy-level fallback
|
|
29
|
+
* for authenticated users. Without that gate any
|
|
30
30
|
* signed-in user who hasn't configured their own provider key would silently
|
|
31
31
|
* inherit the deployment's key (uncapped billing on the owner's account,
|
|
32
32
|
* prompt logging tied to the deployment owner) — exactly the prior-incident
|
|
@@ -94,6 +94,13 @@ export interface ProductionAgentOptions {
|
|
|
94
94
|
providerOptions?: EngineMessage extends never ? never : any;
|
|
95
95
|
/** Called when a run completes (for server-side thread persistence) */
|
|
96
96
|
onRunComplete?: (run: ActiveRun, threadId: string | undefined) => void;
|
|
97
|
+
/** Called after request validation but before a run is started. */
|
|
98
|
+
onRunPrepared?: (details: {
|
|
99
|
+
runId: string;
|
|
100
|
+
threadId: string | undefined;
|
|
101
|
+
message: string;
|
|
102
|
+
attachments?: AgentChatAttachment[];
|
|
103
|
+
}) => void | Promise<void>;
|
|
97
104
|
/** Optional per-app agent run chunk budget in milliseconds. Defaults to
|
|
98
105
|
* AGENT_RUN_SOFT_TIMEOUT_MS when set, otherwise no framework-imposed
|
|
99
106
|
* timeout. When reached, the client receives an internal auto-continuation
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"production-agent.d.ts","sourceRoot":"","sources":["../../src/agent/production-agent.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"production-agent.d.ts","sourceRoot":"","sources":["../../src/agent/production-agent.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,YAAY,IAAI,cAAc,EAAE,MAAM,IAAI,CAAC;AACzD,OAAO,KAAK,EACV,UAAU,EACV,mBAAmB,EAEnB,cAAc,EAEd,0BAA0B,EAC3B,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EACV,WAAW,EACX,UAAU,EACV,aAAa,EACb,iBAAiB,EAClB,MAAM,mBAAmB,CAAC;AAQ3B,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EAEL,cAAc,EACd,qBAAqB,EACrB,0BAA0B,EAC1B,MAAM,EACN,QAAQ,EACT,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAiBlD,OAAO,EAGL,KAAK,eAAe,EACrB,MAAM,+BAA+B,CAAC;AAMvC,OAAO,EAAE,eAAe,EAAE,CAAC;AAE3B;;;;;;;;;GASG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GACpC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CA8C7B;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAE3D;AAaD;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,oBAAoB,CACxC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GACpC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAsB7B;AAED,sEAAsE;AACtE,wBAAsB,uBAAuB,CAC3C,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GACpC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAE7B;AAED,sEAAsE;AACtE,MAAM,WAAW,gBAAgB;IAC/B,4EAA4E;IAC5E,IAAI,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,CAAC;CACvC;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,UAAU,CAAC;IACjB,GAAG,EAAE,CACH,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC5B,OAAO,CAAC,EAAE,gBAAgB,KACvB,OAAO,CAAC,GAAG,CAAC,CAAC;IAClB,qFAAqF;IACrF,IAAI,CAAC,EAAE,OAAO,cAAc,EAAE,gBAAgB,GAAG,KAAK,CAAC;IACvD;4EACwE;IACxE,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB;;oDAEgD;IAChD,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB;;;;;gDAK4C;IAC5C,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,4CAA4C;AAC5C,MAAM,MAAM,WAAW,GAAG,WAAW,CAAC;AAEtC,MAAM,MAAM,kBAAkB,GAAG,KAAK,GAAG,MAAM,CAAC;AAEhD,eAAO,MAAM,uBAAuB,yuBAQ2H,CAAC;AAmFhK,wBAAgB,yBAAyB,CACvC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,WAAW,GACjB,OAAO,CAaT;AAkDD,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GACnC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CA4B7B;AAED,MAAM,WAAW,sBAAsB;IACrC,+FAA+F;IAC/F,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACtC,wCAAwC;IACxC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACtC,0FAA0F;IAC1F,YAAY,EAAE,MAAM,GAAG,CAAC,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IAClE,kFAAkF;IAClF,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,+DAA+D;IAC/D,MAAM,CAAC,EACH,WAAW,GACX,MAAM,GACN;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;IACtD,qEAAqE;IACrE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4EAA4E;IAC5E,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,6DAA6D;IAC7D,eAAe,CAAC,EAAE,aAAa,SAAS,KAAK,GAAG,KAAK,GAAG,GAAG,CAAC;IAC5D,uEAAuE;IACvE,aAAa,CAAC,EAAE,CAAC,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,GAAG,SAAS,KAAK,IAAI,CAAC;IACvE,mEAAmE;IACnE,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE;QACxB,KAAK,EAAE,MAAM,CAAC;QACd,QAAQ,EAAE,MAAM,GAAG,SAAS,CAAC;QAC7B,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,mBAAmB,EAAE,CAAC;KACrC,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3B;;;mDAG+C;IAC/C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,4FAA4F;IAC5F,UAAU,CAAC,EAAE,CACX,IAAI,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,EACrC,QAAQ,EAAE,MAAM,KACb,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,CAAC,MAAM,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAChE,qEAAqE;IACrE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,2BAA2B,CAAC;IACjD;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,IAAI,CAAC,sBAAsB,EAAE,mBAAmB,CAAC,EAC1D,KAAK,EAAE,GAAG,GACT,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAUxB;AAsJD,wBAAgB,+BAA+B,CAAC,IAAI,EAAE;IACpD,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,mBAAmB,EAAE,CAAC;CACrC,GAAG,iBAAiB,EAAE,CAsCtB;AAED,wBAAgB,iCAAiC,CAC/C,OAAO,EAAE,0BAA0B,EAAE,GAAG,SAAS,GAChD,aAAa,EAAE,GAAG,IAAI,CAuExB;AA8DD,qDAAqD;AACrD,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,MAAM,WAAW,0BAA0B;IACzC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,kCAAkC;IACjD,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,gBAAgB,EAAE,iBAAiB,EAAE,CAAC;IACtC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,wBAAwB,EAAE,CAAC;IACtC,WAAW,EAAE,0BAA0B,EAAE,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,iCAAiC,GACzC,MAAM,GACN;IACE,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAEN,MAAM,MAAM,2BAA2B,GAAG,CACxC,OAAO,EAAE,kCAAkC,KAEzC,iCAAiC,GACjC,IAAI,GACJ,SAAS,GACT,OAAO,CAAC,iCAAiC,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;AAYlE,eAAO,MAAM,8BAA8B,mOACuL,CAAC;AAEnO,wBAAgB,2BAA2B,CACzC,QAAQ,EAAE,aAAa,EAAE,EACzB,MAAM,EAAE,aAAa,GAAG,YAAY,GAAG,cAAc,QAiBtD;AAwDD;;GAEG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GACnC,UAAU,EAAE,CAiBd;AAmED;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,IAAI,EAAE;IACvC,MAAM,EAAE,WAAW,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;IACrC,IAAI,EAAE,CAAC,KAAK,EAAE,cAAc,KAAK,IAAI,CAAC;IACtC,MAAM,EAAE,WAAW,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,eAAe,CAAC,EAAE,GAAG,CAAC;IACtB,aAAa,CAAC,EAAE,kBAAkB,CAAC;IACnC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,kBAAkB,CAAC,EAAE,2BAA2B,CAAC;CAClD,GAAG,OAAO,CAAC,cAAc,CAAC,CAid1B;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,sBAAsB,GAC9B,cAAc,CAszBhB;AAED,OAAO,EACL,qBAAqB,EACrB,0BAA0B,EAC1B,MAAM,EACN,QAAQ,EACR,cAAc,GACf,CAAC"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
import { defineEventHandler, setResponseHeader, setResponseStatus, getMethod, } from "h3";
|
|
2
|
-
import {
|
|
3
|
-
import { readDeployCredentialEnv } from "../server/credential-provider.js";
|
|
2
|
+
import { isDeployCredentialFallbackAllowed, readDeployCredentialEnv, } from "../server/credential-provider.js";
|
|
4
3
|
import { EngineError } from "./engine/types.js";
|
|
5
4
|
import { resolveEngine, registerBuiltinEngines, getStoredModelForEngine, } from "./engine/index.js";
|
|
6
5
|
import { userFacingLlmCredentialError } from "./engine/credential-errors.js";
|
|
@@ -79,31 +78,20 @@ export function engineToProvider(engineName) {
|
|
|
79
78
|
return engineName.startsWith("ai-sdk:") ? engineName.slice(7) : engineName;
|
|
80
79
|
}
|
|
81
80
|
/**
|
|
82
|
-
* Returns true when this process
|
|
83
|
-
*
|
|
84
|
-
* silently substituted with the deploy-level API key.
|
|
81
|
+
* Returns true when this process should block generic deploy-level provider
|
|
82
|
+
* credentials for signed-in chat requests.
|
|
85
83
|
*
|
|
86
|
-
*
|
|
87
|
-
*
|
|
88
|
-
* Heuristic:
|
|
89
|
-
* - `NODE_ENV === "production"`, AND
|
|
90
|
-
* - The DB is not a local file (i.e. it's Neon/Postgres/Turso/D1 — any
|
|
91
|
-
* backend that could be shared across multiple users).
|
|
92
|
-
*
|
|
93
|
-
* Self-hosted single-tenant deployments (a local sqlite file, or NODE_ENV
|
|
94
|
-
* unset/development) keep the env-var fallback so the original BYO-server
|
|
95
|
-
* UX continues to work without a per-user key.
|
|
84
|
+
* Self-hosted single-tenant deployments keep the env-var fallback so the
|
|
85
|
+
* original BYO-server UX continues to work without a per-user key.
|
|
96
86
|
*/
|
|
97
|
-
function
|
|
98
|
-
|
|
99
|
-
return false;
|
|
100
|
-
return !isLocalDatabase();
|
|
87
|
+
function shouldBlockDeployCredentialFallback() {
|
|
88
|
+
return !isDeployCredentialFallbackAllowed();
|
|
101
89
|
}
|
|
102
90
|
/**
|
|
103
91
|
* Resolve the active engine's provider and look up the user's API key for it.
|
|
104
92
|
*
|
|
105
|
-
* In
|
|
106
|
-
*
|
|
93
|
+
* In shared hosted deploys we deliberately refuse the deploy-level fallback
|
|
94
|
+
* for authenticated users. Without that gate any
|
|
107
95
|
* signed-in user who hasn't configured their own provider key would silently
|
|
108
96
|
* inherit the deployment's key (uncapped billing on the owner's account,
|
|
109
97
|
* prompt logging tied to the deployment owner) — exactly the prior-incident
|
|
@@ -124,11 +112,12 @@ export async function getOwnerActiveApiKey(ownerEmail) {
|
|
|
124
112
|
const userKey = await getOwnerApiKey(provider, ownerEmail);
|
|
125
113
|
if (userKey)
|
|
126
114
|
return userKey;
|
|
127
|
-
if (
|
|
128
|
-
//
|
|
129
|
-
// background context with no owner) gets undefined
|
|
130
|
-
// no user to bill, and the call site must surface a
|
|
131
|
-
// error to the requester rather than silently using
|
|
115
|
+
if (shouldBlockDeployCredentialFallback()) {
|
|
116
|
+
// Shared hosted default: refuse the env fallback. A null user
|
|
117
|
+
// (unauthenticated / background context with no owner) gets undefined
|
|
118
|
+
// here too — there's no user to bill, and the call site must surface a
|
|
119
|
+
// "configure a key" error to the requester rather than silently using
|
|
120
|
+
// the deploy key.
|
|
132
121
|
return undefined;
|
|
133
122
|
}
|
|
134
123
|
const envVar = PROVIDER_TO_ENV[provider];
|
|
@@ -1136,7 +1125,7 @@ export function createProductionAgentHandler(options) {
|
|
|
1136
1125
|
setResponseStatus(event, 400);
|
|
1137
1126
|
return { error: "Invalid request body" };
|
|
1138
1127
|
}
|
|
1139
|
-
const { message, history = [], structuredHistory, references = [], threadId, attachments, model: requestModel, engine: requestEngine, effort: requestEffort, } = body;
|
|
1128
|
+
const { message, history = [], structuredHistory, references = [], threadId, attachments, displayMessage, internalContinuation, model: requestModel, engine: requestEngine, effort: requestEffort, } = body;
|
|
1140
1129
|
const requestMode = body.mode === "plan" ? "plan" : "act";
|
|
1141
1130
|
const hasMessageText = typeof message === "string" && message.trim().length > 0;
|
|
1142
1131
|
const hasAttachments = Array.isArray(attachments) && attachments.length > 0;
|
|
@@ -1157,11 +1146,11 @@ export function createProductionAgentHandler(options) {
|
|
|
1157
1146
|
if (requestEngine) {
|
|
1158
1147
|
const provider = engineToProvider(requestEngine);
|
|
1159
1148
|
userApiKey = await getOwnerApiKey(provider, ownerEmail);
|
|
1160
|
-
if (!userApiKey && !
|
|
1161
|
-
// Single-tenant only: env fallback for the requested provider.
|
|
1162
|
-
//
|
|
1163
|
-
//
|
|
1164
|
-
//
|
|
1149
|
+
if (!userApiKey && !shouldBlockDeployCredentialFallback()) {
|
|
1150
|
+
// Single-tenant only: env fallback for the requested provider. Shared
|
|
1151
|
+
// hosted deploys never silently substitute the deploy-level key for
|
|
1152
|
+
// an authenticated user (see getOwnerActiveApiKey for the full
|
|
1153
|
+
// rationale).
|
|
1165
1154
|
const envVar = PROVIDER_TO_ENV[provider];
|
|
1166
1155
|
userApiKey = envVar ? readDeployCredentialEnv(envVar) : undefined;
|
|
1167
1156
|
}
|
|
@@ -1170,11 +1159,12 @@ export function createProductionAgentHandler(options) {
|
|
|
1170
1159
|
userApiKey = await getOwnerActiveApiKey(ownerEmail);
|
|
1171
1160
|
}
|
|
1172
1161
|
// `options.apiKey` is the value the template constructed the plugin with
|
|
1173
|
-
// (e.g. wired from a deployment env var). On a
|
|
1162
|
+
// (e.g. wired from a deployment env var). On a shared hosted deploy this
|
|
1174
1163
|
// is the same cross-tenant hazard as any deploy-level provider key:
|
|
1175
1164
|
// accepting it as the final fallback would silently bill every key-less
|
|
1176
|
-
// user to the deployment's account.
|
|
1177
|
-
|
|
1165
|
+
// user to the deployment's account. Honour it only when the generic
|
|
1166
|
+
// deploy fallback policy allows it.
|
|
1167
|
+
const effectiveApiKey = shouldBlockDeployCredentialFallback()
|
|
1178
1168
|
? userApiKey
|
|
1179
1169
|
: (userApiKey ??
|
|
1180
1170
|
options.apiKey ??
|
|
@@ -1453,6 +1443,17 @@ export function createProductionAgentHandler(options) {
|
|
|
1453
1443
|
}
|
|
1454
1444
|
// Start agent loop in background via run-manager
|
|
1455
1445
|
const runId = generateRunId();
|
|
1446
|
+
if (options.onRunPrepared && !internalContinuation) {
|
|
1447
|
+
const messageToPersist = typeof displayMessage === "string" && displayMessage.trim().length > 0
|
|
1448
|
+
? displayMessage
|
|
1449
|
+
: requestMessage;
|
|
1450
|
+
await options.onRunPrepared({
|
|
1451
|
+
runId,
|
|
1452
|
+
threadId,
|
|
1453
|
+
message: messageToPersist,
|
|
1454
|
+
attachments: Array.isArray(attachments) ? attachments : [],
|
|
1455
|
+
});
|
|
1456
|
+
}
|
|
1456
1457
|
startRun(runId, threadId ?? runId, async (send, signal) => {
|
|
1457
1458
|
// Notify listeners that a run has started (used by agent teams)
|
|
1458
1459
|
if (options.onRunStart) {
|