@agent-native/core 0.12.27 → 0.12.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/dist/agent/engine/builder-engine.d.ts +1 -1
  2. package/dist/agent/engine/builder-engine.d.ts.map +1 -1
  3. package/dist/agent/model-config.d.ts +3 -3
  4. package/dist/agent/model-config.d.ts.map +1 -1
  5. package/dist/agent/model-config.js +5 -4
  6. package/dist/agent/model-config.js.map +1 -1
  7. package/dist/application-state/emitter.d.ts +3 -2
  8. package/dist/application-state/emitter.d.ts.map +1 -1
  9. package/dist/application-state/emitter.js +4 -2
  10. package/dist/application-state/emitter.js.map +1 -1
  11. package/dist/application-state/store.js +3 -3
  12. package/dist/application-state/store.js.map +1 -1
  13. package/dist/client/AgentPanel.d.ts.map +1 -1
  14. package/dist/client/AgentPanel.js +0 -1
  15. package/dist/client/AgentPanel.js.map +1 -1
  16. package/dist/client/AssistantChat.d.ts.map +1 -1
  17. package/dist/client/AssistantChat.js +45 -7
  18. package/dist/client/AssistantChat.js.map +1 -1
  19. package/dist/client/MultiTabAssistantChat.js.map +1 -1
  20. package/dist/client/agent-chat-adapter.d.ts.map +1 -1
  21. package/dist/client/agent-chat-adapter.js +12 -5
  22. package/dist/client/agent-chat-adapter.js.map +1 -1
  23. package/dist/client/use-chat-models.js.map +1 -1
  24. package/dist/client/use-db-sync.d.ts +4 -0
  25. package/dist/client/use-db-sync.d.ts.map +1 -1
  26. package/dist/client/use-db-sync.js +38 -13
  27. package/dist/client/use-db-sync.js.map +1 -1
  28. package/dist/client/use-pausing-interval.d.ts.map +1 -1
  29. package/dist/client/use-pausing-interval.js +5 -2
  30. package/dist/client/use-pausing-interval.js.map +1 -1
  31. package/dist/collab/client.d.ts +2 -0
  32. package/dist/collab/client.d.ts.map +1 -1
  33. package/dist/collab/client.js +37 -4
  34. package/dist/collab/client.js.map +1 -1
  35. package/dist/server/auth.d.ts.map +1 -1
  36. package/dist/server/auth.js +83 -2
  37. package/dist/server/auth.js.map +1 -1
  38. package/dist/server/google-auth-plugin.d.ts.map +1 -1
  39. package/dist/server/google-auth-plugin.js +50 -3
  40. package/dist/server/google-auth-plugin.js.map +1 -1
  41. package/dist/server/google-oauth.d.ts.map +1 -1
  42. package/dist/server/google-oauth.js +10 -4
  43. package/dist/server/google-oauth.js.map +1 -1
  44. package/dist/server/onboarding-html.d.ts.map +1 -1
  45. package/dist/server/onboarding-html.js +50 -3
  46. package/dist/server/onboarding-html.js.map +1 -1
  47. package/dist/server/poll.d.ts.map +1 -1
  48. package/dist/server/poll.js +15 -0
  49. package/dist/server/poll.js.map +1 -1
  50. package/dist/templates/default/app/hooks/use-navigation-state.ts +0 -1
  51. package/package.json +1 -1
  52. package/src/templates/default/app/hooks/use-navigation-state.ts +0 -1
package/dist/server/auth.js CHANGED
@@ -82,6 +82,37 @@ function getOAuthStateAppId() {
82
82
  .replace(/^-+|-+$/g, "");
83
83
  return slug || undefined;
84
84
  }
85
+ function oauthDebugFlowId(flowId) {
86
+ return typeof flowId === "string" && flowId ? flowId.slice(-10) : undefined;
87
+ }
88
+ function oauthDebugUrlPath(value) {
89
+ if (typeof value !== "string" || !value)
90
+ return undefined;
91
+ try {
92
+ const url = new URL(value);
93
+ return url.pathname;
94
+ }
95
+ catch {
96
+ return undefined;
97
+ }
98
+ }
99
+ function logGoogleOAuthDebug(event, phase, details = {}) {
100
+ const { flowId, ...rest } = details;
101
+ const reqUrl = event.node?.req?.url ?? event.path ?? "";
102
+ const path = reqUrl.split("?")[0] || undefined;
103
+ const userAgent = getHeader(event, "user-agent") || "";
104
+ const referer = getHeader(event, "referer") || "";
105
+ console.info("[agent-native][google-oauth]", {
106
+ phase,
107
+ app: getOAuthStateAppId(),
108
+ path,
109
+ flow: oauthDebugFlowId(flowId),
110
+ electron: /Electron/i.test(userAgent),
111
+ agentNativeDesktop: /AgentNativeDesktop/i.test(userAgent),
112
+ builderReferrer: /builder\.(io|my)|builderio\.xyz/i.test(referer),
113
+ ...rest,
114
+ });
115
+ }
85
116
  const DEFAULT_MAX_AGE = 60 * 60 * 24 * 30; // 30 days
86
117
  // ---------------------------------------------------------------------------
87
118
  // Environment helpers
@@ -1332,6 +1363,15 @@ async function mountBetterAuthRoutes(app, options) {
1332
1363
  returnUrl,
1333
1364
  flowId,
1334
1365
  });
1366
+ logGoogleOAuthDebug(event, "auth-url", {
1367
+ flowId,
1368
+ desktop,
1369
+ redirectPath: oauthDebugUrlPath(redirectUri),
1370
+ returnUrl,
1371
+ redirect: q.redirect === "1",
1372
+ workspace: process.env.AGENT_NATIVE_WORKSPACE === "1" ||
1373
+ process.env.VITE_AGENT_NATIVE_WORKSPACE === "1",
1374
+ });
1335
1375
  const params = new URLSearchParams({
1336
1376
  client_id: process.env.GOOGLE_CLIENT_ID,
1337
1377
  redirect_uri: redirectUri,
@@ -1357,6 +1397,8 @@ async function mountBetterAuthRoutes(app, options) {
1357
1397
  const callbackRelay = workspaceOAuthCallbackRelayResponse(event);
1358
1398
  if (callbackRelay)
1359
1399
  return callbackRelay;
1400
+ let callbackFlowId;
1401
+ let callbackDesktop = false;
1360
1402
  try {
1361
1403
  const query = getQuery(event);
1362
1404
  const code = query.code;
@@ -1365,6 +1407,15 @@ async function mountBetterAuthRoutes(app, options) {
1365
1407
  return { error: "Missing authorization code" };
1366
1408
  }
1367
1409
  const { redirectUri, desktop, returnUrl, flowId } = decodeOAuthState(query.state, getAppUrl(event, "/_agent-native/google/callback"));
1410
+ callbackFlowId = flowId;
1411
+ callbackDesktop = desktop;
1412
+ logGoogleOAuthDebug(event, "callback-start", {
1413
+ flowId,
1414
+ desktop,
1415
+ redirectPath: oauthDebugUrlPath(redirectUri),
1416
+ hasCode: !!code,
1417
+ returnUrl,
1418
+ });
1368
1419
  // Defence in depth: the state is HMAC-signed, but if the signing
1369
1420
  // key ever leaked an attacker could mint state with their own
1370
1421
  // redirect_uri. Re-validate against the same allowlist used at
@@ -1413,6 +1464,12 @@ async function mountBetterAuthRoutes(app, options) {
1413
1464
  hasProductionSession: false,
1414
1465
  desktop,
1415
1466
  });
1467
+ logGoogleOAuthDebug(event, "callback-session-created", {
1468
+ flowId,
1469
+ desktop,
1470
+ hasSessionToken: !!sessionToken,
1471
+ emailDomain: email.split("@")[1] || "",
1472
+ });
1416
1473
  if (flowId && sessionToken) {
1417
1474
  _desktopExchanges.set(flowId, {
1418
1475
  token: sessionToken,
@@ -1423,6 +1480,10 @@ async function mountBetterAuthRoutes(app, options) {
1423
1480
  // Workers, multi-region). Fire-and-forget — in-memory Map is
1424
1481
  // still the primary fast path for same-instance requests.
1425
1482
  void persistDesktopExchangeToDB(flowId, sessionToken, email);
1483
+ logGoogleOAuthDebug(event, "callback-exchange-stored", {
1484
+ flowId,
1485
+ desktop,
1486
+ });
1426
1487
  }
1427
1488
  return oauthCallbackResponse(event, email, {
1428
1489
  sessionToken,
@@ -1433,6 +1494,11 @@ async function mountBetterAuthRoutes(app, options) {
1433
1494
  }
1434
1495
  catch (error) {
1435
1496
  const msg = error.message || "Unknown error";
1497
+ logGoogleOAuthDebug(event, "callback-error", {
1498
+ flowId: callbackFlowId,
1499
+ desktop: callbackDesktop,
1500
+ message: msg,
1501
+ });
1436
1502
  return oauthErrorPage(`Connection failed: ${msg}`);
1437
1503
  }
1438
1504
  }));
@@ -1445,7 +1511,8 @@ async function mountBetterAuthRoutes(app, options) {
1445
1511
  setResponseStatus(event, 405);
1446
1512
  return { error: "Method not allowed" };
1447
1513
  }
1448
- const flowId = getQuery(event).flow_id;
1514
+ const query = getQuery(event);
1515
+ const flowId = query.flow_id;
1449
1516
  if (!flowId) {
1450
1517
  setResponseStatus(event, 400);
1451
1518
  return { error: "Missing flow_id" };
@@ -1457,7 +1524,12 @@ async function mountBetterAuthRoutes(app, options) {
1457
1524
  // OAuth callback and the polling request may hit different isolates.
1458
1525
  const fromDb = await consumeDesktopExchangeFromDB(flowId);
1459
1526
  if (!fromDb) {
1460
- return { pending: true };
1527
+ // Don't log on the pending path — clients poll every second for up
1528
+ // to 5 minutes, so logging here floods telemetry. The auth-url,
1529
+ // callback-start, callback-session-created, exchange-success, and
1530
+ // exchange-error breadcrumbs already cover every meaningful state
1531
+ // transition.
1532
+ return { pending: true, flow: oauthDebugFlowId(flowId) };
1461
1533
  }
1462
1534
  entry =
1463
1535
  "error" in fromDb
@@ -1473,6 +1545,11 @@ async function mountBetterAuthRoutes(app, options) {
1473
1545
  // DB fallback path after in-memory consumption.
1474
1546
  void removeSession(`dex:${flowId}`);
1475
1547
  if ("error" in entry) {
1548
+ logGoogleOAuthDebug(event, "exchange-error", {
1549
+ flowId,
1550
+ message: entry.error.message,
1551
+ code: entry.error.code,
1552
+ });
1476
1553
  return { error: entry.error.message, ...entry.error };
1477
1554
  }
1478
1555
  // Make the exchange itself establish the app session. Older clients
@@ -1480,6 +1557,10 @@ async function mountBetterAuthRoutes(app, options) {
1480
1557
  // OAuth handoff should not depend on that second request succeeding.
1481
1558
  setFrameworkSessionCookie(event, entry.token);
1482
1559
  setResponseHeader(event, "Referrer-Policy", "no-referrer");
1560
+ logGoogleOAuthDebug(event, "exchange-success", {
1561
+ flowId,
1562
+ emailDomain: entry.email.split("@")[1] || "",
1563
+ });
1483
1564
  return { token: entry.token, email: entry.email };
1484
1565
  }));
1485
1566
  const accessTokens = getAccessTokens();