@agent-native/core 0.14.8 → 0.15.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/agent/engine/builder-engine.d.ts.map +1 -1
- package/dist/agent/engine/builder-engine.js +30 -9
- package/dist/agent/engine/builder-engine.js.map +1 -1
- package/dist/agent/engine/registry.d.ts.map +1 -1
- package/dist/agent/engine/registry.js +14 -4
- package/dist/agent/engine/registry.js.map +1 -1
- package/dist/agent/production-agent.d.ts.map +1 -1
- package/dist/agent/production-agent.js +71 -4
- package/dist/agent/production-agent.js.map +1 -1
- package/dist/agent/types.d.ts +9 -0
- package/dist/agent/types.d.ts.map +1 -1
- package/dist/agent/types.js.map +1 -1
- package/dist/appearance/actions/change-appearance.d.ts +3 -0
- package/dist/appearance/actions/change-appearance.d.ts.map +1 -0
- package/dist/appearance/actions/change-appearance.js +29 -0
- package/dist/appearance/actions/change-appearance.js.map +1 -0
- package/dist/chat-threads/store.d.ts +53 -2
- package/dist/chat-threads/store.d.ts.map +1 -1
- package/dist/chat-threads/store.js +172 -12
- package/dist/chat-threads/store.js.map +1 -1
- package/dist/cli/create.d.ts.map +1 -1
- package/dist/cli/create.js +114 -37
- package/dist/cli/create.js.map +1 -1
- package/dist/cli/index.js +30 -4
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/workspace-dev.d.ts +25 -1
- package/dist/cli/workspace-dev.d.ts.map +1 -1
- package/dist/cli/workspace-dev.js +275 -49
- package/dist/cli/workspace-dev.js.map +1 -1
- package/dist/client/AgentPanel.d.ts +23 -4
- package/dist/client/AgentPanel.d.ts.map +1 -1
- package/dist/client/AgentPanel.js +276 -53
- package/dist/client/AgentPanel.js.map +1 -1
- package/dist/client/AppearancePicker.d.ts +11 -0
- package/dist/client/AppearancePicker.d.ts.map +1 -0
- package/dist/client/AppearancePicker.js +16 -0
- package/dist/client/AppearancePicker.js.map +1 -0
- package/dist/client/AssistantChat.d.ts +35 -0
- package/dist/client/AssistantChat.d.ts.map +1 -1
- package/dist/client/AssistantChat.js +315 -32
- package/dist/client/AssistantChat.js.map +1 -1
- package/dist/client/ConnectBuilderCard.d.ts.map +1 -1
- package/dist/client/ConnectBuilderCard.js +5 -2
- package/dist/client/ConnectBuilderCard.js.map +1 -1
- package/dist/client/ErrorBoundary.d.ts.map +1 -1
- package/dist/client/ErrorBoundary.js +8 -10
- package/dist/client/ErrorBoundary.js.map +1 -1
- package/dist/client/FeedbackButton.d.ts.map +1 -1
- package/dist/client/FeedbackButton.js +1 -1
- package/dist/client/FeedbackButton.js.map +1 -1
- package/dist/client/MultiTabAssistantChat.d.ts +13 -1
- package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
- package/dist/client/MultiTabAssistantChat.js +217 -38
- package/dist/client/MultiTabAssistantChat.js.map +1 -1
- package/dist/client/NewWorkspaceAppFlow.d.ts.map +1 -1
- package/dist/client/NewWorkspaceAppFlow.js +37 -14
- package/dist/client/NewWorkspaceAppFlow.js.map +1 -1
- package/dist/client/agent-chat-adapter.d.ts +5 -0
- package/dist/client/agent-chat-adapter.d.ts.map +1 -1
- package/dist/client/agent-chat-adapter.js +4 -0
- package/dist/client/agent-chat-adapter.js.map +1 -1
- package/dist/client/agent-sidebar-state.d.ts +12 -0
- package/dist/client/agent-sidebar-state.d.ts.map +1 -1
- package/dist/client/agent-sidebar-state.js +8 -0
- package/dist/client/agent-sidebar-state.js.map +1 -1
- package/dist/client/analytics.d.ts.map +1 -1
- package/dist/client/analytics.js +175 -3
- package/dist/client/analytics.js.map +1 -1
- package/dist/client/appearance.d.ts +40 -0
- package/dist/client/appearance.d.ts.map +1 -0
- package/dist/client/appearance.js +114 -0
- package/dist/client/appearance.js.map +1 -0
- package/dist/client/builder-frame.d.ts +1 -0
- package/dist/client/builder-frame.d.ts.map +1 -1
- package/dist/client/builder-frame.js +19 -9
- package/dist/client/builder-frame.js.map +1 -1
- package/dist/client/components/CodeRequiredDialog.d.ts.map +1 -1
- package/dist/client/components/CodeRequiredDialog.js +10 -2
- package/dist/client/components/CodeRequiredDialog.js.map +1 -1
- package/dist/client/components/ui/dropdown-menu.js +2 -2
- package/dist/client/components/ui/dropdown-menu.js.map +1 -1
- package/dist/client/components/ui/hover-card.js +1 -1
- package/dist/client/components/ui/hover-card.js.map +1 -1
- package/dist/client/components/ui/popover.js +1 -1
- package/dist/client/components/ui/popover.js.map +1 -1
- package/dist/client/composer/PromptComposer.d.ts +7 -0
- package/dist/client/composer/PromptComposer.d.ts.map +1 -1
- package/dist/client/composer/PromptComposer.js +63 -32
- package/dist/client/composer/PromptComposer.js.map +1 -1
- package/dist/client/composer/TiptapComposer.d.ts +5 -0
- package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
- package/dist/client/composer/TiptapComposer.js +36 -6
- package/dist/client/composer/TiptapComposer.js.map +1 -1
- package/dist/client/composer/useVoiceDictation.d.ts.map +1 -1
- package/dist/client/composer/useVoiceDictation.js +13 -1
- package/dist/client/composer/useVoiceDictation.js.map +1 -1
- package/dist/client/dev-mode.d.ts +14 -0
- package/dist/client/dev-mode.d.ts.map +1 -0
- package/dist/client/dev-mode.js +14 -0
- package/dist/client/dev-mode.js.map +1 -0
- package/dist/client/error-format.d.ts +3 -2
- package/dist/client/error-format.d.ts.map +1 -1
- package/dist/client/error-format.js +9 -2
- package/dist/client/error-format.js.map +1 -1
- package/dist/client/extensions/EmbeddedTool.d.ts +20 -0
- package/dist/client/extensions/EmbeddedTool.d.ts.map +1 -0
- package/dist/client/extensions/EmbeddedTool.js +199 -0
- package/dist/client/extensions/EmbeddedTool.js.map +1 -0
- package/dist/client/extensions/ExtensionViewer.d.ts.map +1 -1
- package/dist/client/extensions/ExtensionViewer.js +24 -2
- package/dist/client/extensions/ExtensionViewer.js.map +1 -1
- package/dist/client/extensions/ToolEditor.d.ts +5 -0
- package/dist/client/extensions/ToolEditor.d.ts.map +1 -0
- package/dist/client/extensions/ToolEditor.js +129 -0
- package/dist/client/extensions/ToolEditor.js.map +1 -0
- package/dist/client/extensions/ToolViewer.d.ts +5 -0
- package/dist/client/extensions/ToolViewer.d.ts.map +1 -0
- package/dist/client/extensions/ToolViewer.js +400 -0
- package/dist/client/extensions/ToolViewer.js.map +1 -0
- package/dist/client/extensions/ToolViewerPage.d.ts +2 -0
- package/dist/client/extensions/ToolViewerPage.d.ts.map +1 -0
- package/dist/client/extensions/ToolViewerPage.js +24 -0
- package/dist/client/extensions/ToolViewerPage.js.map +1 -0
- package/dist/client/extensions/ToolsListPage.d.ts +2 -0
- package/dist/client/extensions/ToolsListPage.d.ts.map +1 -0
- package/dist/client/extensions/ToolsListPage.js +67 -0
- package/dist/client/extensions/ToolsListPage.js.map +1 -0
- package/dist/client/extensions/ToolsSidebarSection.d.ts +2 -0
- package/dist/client/extensions/ToolsSidebarSection.d.ts.map +1 -0
- package/dist/client/extensions/ToolsSidebarSection.js +236 -0
- package/dist/client/extensions/ToolsSidebarSection.js.map +1 -0
- package/dist/client/extensions/tool-order.d.ts +7 -0
- package/dist/client/extensions/tool-order.d.ts.map +1 -0
- package/dist/client/extensions/tool-order.js +47 -0
- package/dist/client/extensions/tool-order.js.map +1 -0
- package/dist/client/index.d.ts +8 -1
- package/dist/client/index.d.ts.map +1 -1
- package/dist/client/index.js +7 -0
- package/dist/client/index.js.map +1 -1
- package/dist/client/onboarding/OnboardingPanel.js +1 -0
- package/dist/client/onboarding/OnboardingPanel.js.map +1 -1
- package/dist/client/org/InvitationBanner.d.ts.map +1 -1
- package/dist/client/org/InvitationBanner.js +23 -2
- package/dist/client/org/InvitationBanner.js.map +1 -1
- package/dist/client/org/OrgSwitcher.d.ts +5 -4
- package/dist/client/org/OrgSwitcher.d.ts.map +1 -1
- package/dist/client/org/OrgSwitcher.js +57 -9
- package/dist/client/org/OrgSwitcher.js.map +1 -1
- package/dist/client/org/hooks.d.ts.map +1 -1
- package/dist/client/org/hooks.js +10 -6
- package/dist/client/org/hooks.js.map +1 -1
- package/dist/client/org/workspace-app-links.d.ts +31 -0
- package/dist/client/org/workspace-app-links.d.ts.map +1 -0
- package/dist/client/org/workspace-app-links.js +268 -0
- package/dist/client/org/workspace-app-links.js.map +1 -0
- package/dist/client/resources/ResourcesPanel.d.ts.map +1 -1
- package/dist/client/resources/ResourcesPanel.js +18 -5
- package/dist/client/resources/ResourcesPanel.js.map +1 -1
- package/dist/client/resources/use-resources.d.ts +18 -13
- package/dist/client/resources/use-resources.d.ts.map +1 -1
- package/dist/client/resources/use-resources.js +24 -6
- package/dist/client/resources/use-resources.js.map +1 -1
- package/dist/client/settings/BackgroundAgentSection.d.ts.map +1 -1
- package/dist/client/settings/BackgroundAgentSection.js +9 -1
- package/dist/client/settings/BackgroundAgentSection.js.map +1 -1
- package/dist/client/settings/BrowserSection.d.ts.map +1 -1
- package/dist/client/settings/BrowserSection.js +16 -1
- package/dist/client/settings/BrowserSection.js.map +1 -1
- package/dist/client/settings/SettingsPanel.d.ts.map +1 -1
- package/dist/client/settings/SettingsPanel.js +4 -1
- package/dist/client/settings/SettingsPanel.js.map +1 -1
- package/dist/client/settings/VoiceTranscriptionSection.d.ts.map +1 -1
- package/dist/client/settings/VoiceTranscriptionSection.js +5 -5
- package/dist/client/settings/VoiceTranscriptionSection.js.map +1 -1
- package/dist/client/settings/useBuilderStatus.d.ts +8 -0
- package/dist/client/settings/useBuilderStatus.d.ts.map +1 -1
- package/dist/client/settings/useBuilderStatus.js +50 -13
- package/dist/client/settings/useBuilderStatus.js.map +1 -1
- package/dist/client/settings/useBuilderStatus.spec.d.ts +2 -0
- package/dist/client/settings/useBuilderStatus.spec.d.ts.map +1 -0
- package/dist/client/settings/useBuilderStatus.spec.js +64 -0
- package/dist/client/settings/useBuilderStatus.spec.js.map +1 -0
- package/dist/client/sharing/ShareButton.d.ts +5 -0
- package/dist/client/sharing/ShareButton.d.ts.map +1 -1
- package/dist/client/sharing/ShareButton.js +60 -6
- package/dist/client/sharing/ShareButton.js.map +1 -1
- package/dist/client/theme.js +1 -1
- package/dist/client/theme.js.map +1 -1
- package/dist/client/tools/EmbeddedTool.d.ts +20 -0
- package/dist/client/tools/EmbeddedTool.d.ts.map +1 -0
- package/dist/client/tools/EmbeddedTool.js +199 -0
- package/dist/client/tools/EmbeddedTool.js.map +1 -0
- package/dist/client/tools/ExtensionSlot.d.ts +27 -0
- package/dist/client/tools/ExtensionSlot.d.ts.map +1 -0
- package/dist/client/tools/ExtensionSlot.js +96 -0
- package/dist/client/tools/ExtensionSlot.js.map +1 -0
- package/dist/client/tools/ToolEditor.d.ts +5 -0
- package/dist/client/tools/ToolEditor.d.ts.map +1 -0
- package/dist/client/tools/ToolEditor.js +129 -0
- package/dist/client/tools/ToolEditor.js.map +1 -0
- package/dist/client/tools/ToolViewer.d.ts +5 -0
- package/dist/client/tools/ToolViewer.d.ts.map +1 -0
- package/dist/client/tools/ToolViewer.js +400 -0
- package/dist/client/tools/ToolViewer.js.map +1 -0
- package/dist/client/tools/ToolViewerPage.d.ts +2 -0
- package/dist/client/tools/ToolViewerPage.d.ts.map +1 -0
- package/dist/client/tools/ToolViewerPage.js +24 -0
- package/dist/client/tools/ToolViewerPage.js.map +1 -0
- package/dist/client/tools/ToolsListPage.d.ts +2 -0
- package/dist/client/tools/ToolsListPage.d.ts.map +1 -0
- package/dist/client/tools/ToolsListPage.js +67 -0
- package/dist/client/tools/ToolsListPage.js.map +1 -0
- package/dist/client/tools/ToolsSidebarSection.d.ts +2 -0
- package/dist/client/tools/ToolsSidebarSection.d.ts.map +1 -0
- package/dist/client/tools/ToolsSidebarSection.js +236 -0
- package/dist/client/tools/ToolsSidebarSection.js.map +1 -0
- package/dist/client/tools/iframe-bridge.d.ts +38 -0
- package/dist/client/tools/iframe-bridge.d.ts.map +1 -0
- package/dist/client/tools/iframe-bridge.js +207 -0
- package/dist/client/tools/iframe-bridge.js.map +1 -0
- package/dist/client/tools/index.d.ts +8 -0
- package/dist/client/tools/index.d.ts.map +1 -0
- package/dist/client/tools/index.js +8 -0
- package/dist/client/tools/index.js.map +1 -0
- package/dist/client/tools/tool-order.d.ts +7 -0
- package/dist/client/tools/tool-order.d.ts.map +1 -0
- package/dist/client/tools/tool-order.js +47 -0
- package/dist/client/tools/tool-order.js.map +1 -0
- package/dist/client/transcription/BuilderTranscriptionCta.d.ts.map +1 -1
- package/dist/client/transcription/BuilderTranscriptionCta.js +2 -3
- package/dist/client/transcription/BuilderTranscriptionCta.js.map +1 -1
- package/dist/client/use-change-version.d.ts +46 -0
- package/dist/client/use-change-version.d.ts.map +1 -0
- package/dist/client/use-change-version.js +135 -0
- package/dist/client/use-change-version.js.map +1 -0
- package/dist/client/use-chat-threads.d.ts +16 -2
- package/dist/client/use-chat-threads.d.ts.map +1 -1
- package/dist/client/use-chat-threads.js +87 -12
- package/dist/client/use-chat-threads.js.map +1 -1
- package/dist/client/use-chat-threads.spec.d.ts +2 -0
- package/dist/client/use-chat-threads.spec.d.ts.map +1 -0
- package/dist/client/use-chat-threads.spec.js +85 -0
- package/dist/client/use-chat-threads.spec.js.map +1 -0
- package/dist/client/use-db-sync.d.ts +5 -2
- package/dist/client/use-db-sync.d.ts.map +1 -1
- package/dist/client/use-db-sync.js +41 -16
- package/dist/client/use-db-sync.js.map +1 -1
- package/dist/client/use-pinch-zoom.d.ts +35 -0
- package/dist/client/use-pinch-zoom.d.ts.map +1 -0
- package/dist/client/use-pinch-zoom.js +105 -0
- package/dist/client/use-pinch-zoom.js.map +1 -0
- package/dist/deploy/workspace-deploy.d.ts.map +1 -1
- package/dist/deploy/workspace-deploy.js +99 -5
- package/dist/deploy/workspace-deploy.js.map +1 -1
- package/dist/extensions/actions.d.ts.map +1 -1
- package/dist/extensions/actions.js +3 -0
- package/dist/extensions/actions.js.map +1 -1
- package/dist/extensions/store.d.ts +5 -0
- package/dist/extensions/store.d.ts.map +1 -1
- package/dist/extensions/store.js +16 -1
- package/dist/extensions/store.js.map +1 -1
- package/dist/file-upload/actions/upload-image.d.ts +3 -0
- package/dist/file-upload/actions/upload-image.d.ts.map +1 -0
- package/dist/file-upload/actions/upload-image.js +145 -0
- package/dist/file-upload/actions/upload-image.js.map +1 -0
- package/dist/file-upload/builder.d.ts.map +1 -1
- package/dist/file-upload/builder.js +31 -11
- package/dist/file-upload/builder.js.map +1 -1
- package/dist/file-upload/index.d.ts +1 -0
- package/dist/file-upload/index.d.ts.map +1 -1
- package/dist/file-upload/index.js +1 -0
- package/dist/file-upload/index.js.map +1 -1
- package/dist/file-upload/pre-upload-attachments.d.ts +39 -0
- package/dist/file-upload/pre-upload-attachments.d.ts.map +1 -0
- package/dist/file-upload/pre-upload-attachments.js +110 -0
- package/dist/file-upload/pre-upload-attachments.js.map +1 -0
- package/dist/file-upload/registry.d.ts.map +1 -1
- package/dist/file-upload/registry.js +8 -7
- package/dist/file-upload/registry.js.map +1 -1
- package/dist/onboarding/default-steps.js +1 -1
- package/dist/onboarding/default-steps.js.map +1 -1
- package/dist/org/context.d.ts +15 -1
- package/dist/org/context.d.ts.map +1 -1
- package/dist/org/context.js +25 -0
- package/dist/org/context.js.map +1 -1
- package/dist/org/handlers.d.ts +2 -2
- package/dist/org/handlers.d.ts.map +1 -1
- package/dist/org/handlers.js +3 -17
- package/dist/org/handlers.js.map +1 -1
- package/dist/org/index.d.ts +1 -1
- package/dist/org/index.d.ts.map +1 -1
- package/dist/org/index.js +1 -1
- package/dist/org/index.js.map +1 -1
- package/dist/resources/handlers.d.ts +6 -0
- package/dist/resources/handlers.d.ts.map +1 -1
- package/dist/resources/handlers.js +30 -6
- package/dist/resources/handlers.js.map +1 -1
- package/dist/resources/script-helpers.d.ts +11 -2
- package/dist/resources/script-helpers.d.ts.map +1 -1
- package/dist/resources/script-helpers.js +20 -3
- package/dist/resources/script-helpers.js.map +1 -1
- package/dist/resources/store.d.ts +28 -3
- package/dist/resources/store.d.ts.map +1 -1
- package/dist/resources/store.js +170 -20
- package/dist/resources/store.js.map +1 -1
- package/dist/scripts/resources/list.d.ts +1 -1
- package/dist/scripts/resources/list.d.ts.map +1 -1
- package/dist/scripts/resources/list.js +16 -4
- package/dist/scripts/resources/list.js.map +1 -1
- package/dist/scripts/resources/write.d.ts +1 -1
- package/dist/scripts/resources/write.d.ts.map +1 -1
- package/dist/scripts/resources/write.js +47 -3
- package/dist/scripts/resources/write.js.map +1 -1
- package/dist/server/action-discovery.d.ts.map +1 -1
- package/dist/server/action-discovery.js +8 -3
- package/dist/server/action-discovery.js.map +1 -1
- package/dist/server/agent-chat-plugin.d.ts.map +1 -1
- package/dist/server/agent-chat-plugin.js +214 -25
- package/dist/server/agent-chat-plugin.js.map +1 -1
- package/dist/server/agent-discovery.d.ts +35 -0
- package/dist/server/agent-discovery.d.ts.map +1 -1
- package/dist/server/agent-discovery.js +139 -8
- package/dist/server/agent-discovery.js.map +1 -1
- package/dist/server/app-url.d.ts +12 -6
- package/dist/server/app-url.d.ts.map +1 -1
- package/dist/server/app-url.js +58 -11
- package/dist/server/app-url.js.map +1 -1
- package/dist/server/auth.d.ts +22 -0
- package/dist/server/auth.d.ts.map +1 -1
- package/dist/server/auth.js +316 -65
- package/dist/server/auth.js.map +1 -1
- package/dist/server/better-auth-instance.d.ts +0 -4
- package/dist/server/better-auth-instance.d.ts.map +1 -1
- package/dist/server/better-auth-instance.js +0 -3
- package/dist/server/better-auth-instance.js.map +1 -1
- package/dist/server/builder-browser.d.ts.map +1 -1
- package/dist/server/builder-browser.js +23 -0
- package/dist/server/builder-browser.js.map +1 -1
- package/dist/server/core-routes-plugin.d.ts.map +1 -1
- package/dist/server/core-routes-plugin.js +29 -14
- package/dist/server/core-routes-plugin.js.map +1 -1
- package/dist/server/credential-provider.d.ts +14 -0
- package/dist/server/credential-provider.d.ts.map +1 -1
- package/dist/server/credential-provider.js +88 -11
- package/dist/server/credential-provider.js.map +1 -1
- package/dist/server/google-auth-plugin.d.ts.map +1 -1
- package/dist/server/google-auth-plugin.js +65 -17
- package/dist/server/google-auth-plugin.js.map +1 -1
- package/dist/server/google-oauth.d.ts.map +1 -1
- package/dist/server/google-oauth.js +47 -17
- package/dist/server/google-oauth.js.map +1 -1
- package/dist/server/index.d.ts +1 -1
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +1 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/local-migration.d.ts +41 -0
- package/dist/server/local-migration.d.ts.map +1 -0
- package/dist/server/local-migration.js +235 -0
- package/dist/server/local-migration.js.map +1 -0
- package/dist/server/oauth-public-origin.d.ts.map +1 -1
- package/dist/server/oauth-public-origin.js +19 -1
- package/dist/server/oauth-public-origin.js.map +1 -1
- package/dist/server/onboarding-html.d.ts.map +1 -1
- package/dist/server/onboarding-html.js +74 -19
- package/dist/server/onboarding-html.js.map +1 -1
- package/dist/server/poll.d.ts.map +1 -1
- package/dist/server/poll.js +20 -5
- package/dist/server/poll.js.map +1 -1
- package/dist/server/request-context.d.ts +8 -0
- package/dist/server/request-context.d.ts.map +1 -1
- package/dist/server/request-context.js.map +1 -1
- package/dist/shared/index.d.ts +2 -0
- package/dist/shared/index.d.ts.map +1 -1
- package/dist/shared/index.js +2 -0
- package/dist/shared/index.js.map +1 -1
- package/dist/shared/llm-connection.d.ts +10 -0
- package/dist/shared/llm-connection.d.ts.map +1 -0
- package/dist/shared/llm-connection.js +29 -0
- package/dist/shared/llm-connection.js.map +1 -0
- package/dist/shared/workspace-app-audience.d.ts +25 -0
- package/dist/shared/workspace-app-audience.d.ts.map +1 -0
- package/dist/shared/workspace-app-audience.js +126 -0
- package/dist/shared/workspace-app-audience.js.map +1 -0
- package/dist/shared/workspace-app-id.d.ts +1 -1
- package/dist/shared/workspace-app-id.d.ts.map +1 -1
- package/dist/shared/workspace-app-id.js +1 -0
- package/dist/shared/workspace-app-id.js.map +1 -1
- package/dist/sharing/access.d.ts.map +1 -1
- package/dist/sharing/access.js +46 -5
- package/dist/sharing/access.js.map +1 -1
- package/dist/sharing/actions/list-resource-shares.d.ts.map +1 -1
- package/dist/sharing/actions/list-resource-shares.js +8 -1
- package/dist/sharing/actions/list-resource-shares.js.map +1 -1
- package/dist/sharing/actions/set-resource-visibility.d.ts.map +1 -1
- package/dist/sharing/actions/set-resource-visibility.js +12 -3
- package/dist/sharing/actions/set-resource-visibility.js.map +1 -1
- package/dist/sharing/actions/share-resource.d.ts.map +1 -1
- package/dist/sharing/actions/share-resource.js +50 -1
- package/dist/sharing/actions/share-resource.js.map +1 -1
- package/dist/sharing/registry.d.ts +26 -0
- package/dist/sharing/registry.d.ts.map +1 -1
- package/dist/sharing/registry.js.map +1 -1
- package/dist/styles/agent-native.css +91 -0
- package/dist/templates/default/.agents/skills/adding-a-feature/SKILL.md +72 -0
- package/dist/templates/default/.agents/skills/frontend-design/SKILL.md +60 -37
- package/dist/templates/default/.agents/skills/real-time-sync/SKILL.md +28 -17
- package/dist/templates/default/.agents/skills/shadcn-ui/SKILL.md +79 -0
- package/dist/templates/default/AGENTS.md +22 -19
- package/dist/templates/default/actions/navigate.ts +3 -0
- package/dist/templates/default/app/hooks/use-navigation-state.ts +29 -5
- package/dist/templates/workspace-core/.agents/skills/a2a-protocol/SKILL.md +251 -0
- package/dist/templates/workspace-core/.agents/skills/actions/SKILL.md +264 -0
- package/dist/templates/workspace-core/.agents/skills/adding-a-feature/SKILL.md +130 -0
- package/dist/templates/workspace-core/.agents/skills/address-feedback/SKILL.md +112 -0
- package/dist/templates/workspace-core/.agents/skills/authentication/SKILL.md +88 -0
- package/dist/templates/workspace-core/.agents/skills/automations/SKILL.md +191 -0
- package/dist/templates/workspace-core/.agents/skills/capture-learnings/SKILL.md +74 -0
- package/dist/templates/workspace-core/.agents/skills/client-side-routing/SKILL.md +75 -0
- package/dist/templates/workspace-core/.agents/skills/context-awareness/SKILL.md +190 -0
- package/dist/templates/workspace-core/.agents/skills/create-skill/SKILL.md +168 -0
- package/dist/templates/workspace-core/.agents/skills/delegate-to-agent/SKILL.md +163 -0
- package/dist/templates/workspace-core/.agents/skills/extension-points/SKILL.md +205 -0
- package/dist/templates/workspace-core/.agents/skills/extensions/SKILL.md +720 -0
- package/dist/templates/workspace-core/.agents/skills/frontend-design/SKILL.md +92 -0
- package/dist/templates/workspace-core/.agents/skills/integration-webhooks/SKILL.md +285 -0
- package/dist/templates/workspace-core/.agents/skills/observability/SKILL.md +192 -0
- package/dist/templates/workspace-core/.agents/skills/onboarding/SKILL.md +43 -0
- package/dist/templates/workspace-core/.agents/skills/portability/SKILL.md +84 -0
- package/dist/templates/workspace-core/.agents/skills/qa/SKILL.md +313 -0
- package/dist/templates/workspace-core/.agents/skills/real-time-collab/SKILL.md +112 -0
- package/dist/templates/workspace-core/.agents/skills/real-time-sync/SKILL.md +165 -0
- package/dist/templates/workspace-core/.agents/skills/recurring-jobs/SKILL.md +41 -0
- package/dist/templates/workspace-core/.agents/skills/secrets/SKILL.md +239 -0
- package/dist/templates/workspace-core/.agents/skills/security/SKILL.md +191 -0
- package/dist/templates/workspace-core/.agents/skills/self-modifying-code/SKILL.md +79 -0
- package/dist/templates/workspace-core/.agents/skills/server-plugins/SKILL.md +73 -0
- package/dist/templates/workspace-core/.agents/skills/shadcn-ui/SKILL.md +79 -0
- package/dist/templates/workspace-core/.agents/skills/sharing/SKILL.md +217 -0
- package/dist/templates/workspace-core/.agents/skills/storing-data/SKILL.md +132 -0
- package/dist/templates/workspace-core/.agents/skills/tracking/SKILL.md +150 -0
- package/dist/templates/workspace-core/.agents/skills/voice-transcription/SKILL.md +124 -0
- package/dist/templates/workspace-core/AGENTS.md +16 -1
- package/dist/templates/workspace-root/AGENTS.md +35 -0
- package/dist/templates/workspace-root/README.md +7 -0
- package/dist/tools/actions.d.ts +3 -0
- package/dist/tools/actions.d.ts.map +1 -0
- package/dist/tools/actions.js +272 -0
- package/dist/tools/actions.js.map +1 -0
- package/dist/tools/fetch-tool.d.ts +23 -0
- package/dist/tools/fetch-tool.d.ts.map +1 -0
- package/dist/tools/fetch-tool.js +178 -0
- package/dist/tools/fetch-tool.js.map +1 -0
- package/dist/tools/html-shell.d.ts +45 -0
- package/dist/tools/html-shell.d.ts.map +1 -0
- package/dist/tools/html-shell.js +514 -0
- package/dist/tools/html-shell.js.map +1 -0
- package/dist/tools/proxy-security.d.ts +12 -0
- package/dist/tools/proxy-security.d.ts.map +1 -0
- package/dist/tools/proxy-security.js +158 -0
- package/dist/tools/proxy-security.js.map +1 -0
- package/dist/tools/routes.d.ts +2 -0
- package/dist/tools/routes.d.ts.map +1 -0
- package/dist/tools/routes.js +627 -0
- package/dist/tools/routes.js.map +1 -0
- package/dist/tools/schema.d.ts +664 -0
- package/dist/tools/schema.d.ts.map +1 -0
- package/dist/tools/schema.js +146 -0
- package/dist/tools/schema.js.map +1 -0
- package/dist/tools/slots/routes.d.ts +15 -0
- package/dist/tools/slots/routes.d.ts.map +1 -0
- package/dist/tools/slots/routes.js +94 -0
- package/dist/tools/slots/routes.js.map +1 -0
- package/dist/tools/slots/schema.d.ts +303 -0
- package/dist/tools/slots/schema.d.ts.map +1 -0
- package/dist/tools/slots/schema.js +76 -0
- package/dist/tools/slots/schema.js.map +1 -0
- package/dist/tools/slots/store.d.ts +66 -0
- package/dist/tools/slots/store.d.ts.map +1 -0
- package/dist/tools/slots/store.js +227 -0
- package/dist/tools/slots/store.js.map +1 -0
- package/dist/tools/store.d.ts +40 -0
- package/dist/tools/store.d.ts.map +1 -0
- package/dist/tools/store.js +193 -0
- package/dist/tools/store.js.map +1 -0
- package/dist/tools/theme.d.ts +2 -0
- package/dist/tools/theme.d.ts.map +1 -0
- package/dist/tools/theme.js +67 -0
- package/dist/tools/theme.js.map +1 -0
- package/dist/tools/url-safety.d.ts +24 -0
- package/dist/tools/url-safety.d.ts.map +1 -0
- package/dist/tools/url-safety.js +224 -0
- package/dist/tools/url-safety.js.map +1 -0
- package/dist/vite/action-types-plugin.d.ts.map +1 -1
- package/dist/vite/action-types-plugin.js +4 -0
- package/dist/vite/action-types-plugin.js.map +1 -1
- package/docs/content/authentication.md +36 -0
- package/docs/content/creating-templates.md +15 -0
- package/docs/content/dispatch.md +3 -3
- package/docs/content/multi-app-workspace.md +5 -0
- package/docs/content/tracking.md +12 -0
- package/docs/content/workspace-management.md +39 -4
- package/package.json +15 -12
- package/src/templates/default/.agents/skills/adding-a-feature/SKILL.md +72 -0
- package/src/templates/default/.agents/skills/frontend-design/SKILL.md +60 -37
- package/src/templates/default/.agents/skills/real-time-sync/SKILL.md +28 -17
- package/src/templates/default/.agents/skills/shadcn-ui/SKILL.md +79 -0
- package/src/templates/default/AGENTS.md +22 -19
- package/src/templates/default/actions/navigate.ts +3 -0
- package/src/templates/default/app/hooks/use-navigation-state.ts +29 -5
- package/src/templates/workspace-core/.agents/skills/a2a-protocol/SKILL.md +251 -0
- package/src/templates/workspace-core/.agents/skills/actions/SKILL.md +264 -0
- package/src/templates/workspace-core/.agents/skills/adding-a-feature/SKILL.md +130 -0
- package/src/templates/workspace-core/.agents/skills/address-feedback/SKILL.md +112 -0
- package/src/templates/workspace-core/.agents/skills/authentication/SKILL.md +88 -0
- package/src/templates/workspace-core/.agents/skills/automations/SKILL.md +191 -0
- package/src/templates/workspace-core/.agents/skills/capture-learnings/SKILL.md +74 -0
- package/src/templates/workspace-core/.agents/skills/client-side-routing/SKILL.md +75 -0
- package/src/templates/workspace-core/.agents/skills/context-awareness/SKILL.md +190 -0
- package/src/templates/workspace-core/.agents/skills/create-skill/SKILL.md +168 -0
- package/src/templates/workspace-core/.agents/skills/delegate-to-agent/SKILL.md +163 -0
- package/src/templates/workspace-core/.agents/skills/extension-points/SKILL.md +205 -0
- package/src/templates/workspace-core/.agents/skills/extensions/SKILL.md +720 -0
- package/src/templates/workspace-core/.agents/skills/frontend-design/SKILL.md +92 -0
- package/src/templates/workspace-core/.agents/skills/integration-webhooks/SKILL.md +285 -0
- package/src/templates/workspace-core/.agents/skills/observability/SKILL.md +192 -0
- package/src/templates/workspace-core/.agents/skills/onboarding/SKILL.md +43 -0
- package/src/templates/workspace-core/.agents/skills/portability/SKILL.md +84 -0
- package/src/templates/workspace-core/.agents/skills/qa/SKILL.md +313 -0
- package/src/templates/workspace-core/.agents/skills/real-time-collab/SKILL.md +112 -0
- package/src/templates/workspace-core/.agents/skills/real-time-sync/SKILL.md +165 -0
- package/src/templates/workspace-core/.agents/skills/recurring-jobs/SKILL.md +41 -0
- package/src/templates/workspace-core/.agents/skills/secrets/SKILL.md +239 -0
- package/src/templates/workspace-core/.agents/skills/security/SKILL.md +191 -0
- package/src/templates/workspace-core/.agents/skills/self-modifying-code/SKILL.md +79 -0
- package/src/templates/workspace-core/.agents/skills/server-plugins/SKILL.md +73 -0
- package/src/templates/workspace-core/.agents/skills/shadcn-ui/SKILL.md +79 -0
- package/src/templates/workspace-core/.agents/skills/sharing/SKILL.md +217 -0
- package/src/templates/workspace-core/.agents/skills/storing-data/SKILL.md +132 -0
- package/src/templates/workspace-core/.agents/skills/tracking/SKILL.md +150 -0
- package/src/templates/workspace-core/.agents/skills/voice-transcription/SKILL.md +124 -0
- package/src/templates/workspace-core/AGENTS.md +16 -1
- package/src/templates/workspace-root/AGENTS.md +35 -0
- package/src/templates/workspace-root/README.md +7 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAsChE,KAAK,KAAK,GAAG,SAAS,CAAC;AAQvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAMlE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAsChE,KAAK,KAAK,GAAG,SAAS,CAAC;AAQvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAMlE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAwB5D,OAAO,EAIL,KAAK,oBAAoB,EAC1B,MAAM,qCAAqC,CAAC;AAE7C;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAMD,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mFAAmF;IACnF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oEAAoE;IACpE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,mDAAmD;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAC7D;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB;;;;;;;;OAQG;IACH,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;IAC5C;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC;;;OAGG;IACH,0BAA0B,CAAC,EAAE,MAAM,EAAE,CAAC;IACtC;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;;;OAMG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB;;;;OAIG;IACH,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,CAAC;IACF;;;OAGG;IACH,kBAAkB,CAAC,EAAE;QACnB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,CAAC;QACd,IAAI,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;QACxB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF;;;;;;;;;;OAUG;IACH,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC;;OAEG;IACH,UAAU,CAAC,EAAE,gBAAgB,CAAC;CAC/B;AAwCD;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,MAAM,GAAG,SAAS,CAKpD;AAID,eAAO,MAAM,WAAW,QAMJ,CAAC;AAErB;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAGvD;AA2JD;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,OAAO,CAG1C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAUrE;AA8ND;;;GAGG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAW7E;AAED,uDAAuD;AACvD,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAShE;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAmB3E;AAsED,MAAM,WAAW,2BAA2B;IAC1C,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAmBD,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,QAWd;AAED,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,2BAA2B,QAOnC;AAmGD;;;;;;GAMG;AACH,wBAAsB,YAAY,CAChC,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,CAG5C;AAsbD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAqE5E;AA0CD,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAS7E;AAu2CD;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,KAAK,EACV,OAAO,GAAE,WAAgB,GACxB,OAAO,CAAC,OAAO,CAAC,CAmMlB;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAEzE"}
|
package/dist/server/auth.js
CHANGED
|
@@ -45,6 +45,7 @@ import { safeOAuthReturnUrl } from "./oauth-return-url.js";
|
|
|
45
45
|
import { captureAuthError } from "./sentry.js";
|
|
46
46
|
import { extractOAuthStateAppId } from "../shared/oauth-state.js";
|
|
47
47
|
import { isValidWorkspaceAppIdFormat } from "../shared/workspace-app-id.js";
|
|
48
|
+
import { normalizeWorkspaceAppAudience, workspaceAppAudienceFromEnv, workspaceAppRouteAccessFromEnv, } from "../shared/workspace-app-audience.js";
|
|
48
49
|
/**
|
|
49
50
|
* Get the configured session max age. Desktop SSO broker writes from
|
|
50
51
|
* OAuth flows read this so expiration stays consistent with the cookie.
|
|
@@ -117,6 +118,72 @@ export function cookieDomainAttrs() {
|
|
|
117
118
|
const domain = getCookieDomain();
|
|
118
119
|
return domain ? { domain } : {};
|
|
119
120
|
}
|
|
121
|
+
function getCookieValues(event, name) {
|
|
122
|
+
const values = [];
|
|
123
|
+
const raw = getHeader(event, "cookie");
|
|
124
|
+
if (raw) {
|
|
125
|
+
for (const part of String(raw).split(";")) {
|
|
126
|
+
const trimmed = part.trim();
|
|
127
|
+
if (!trimmed)
|
|
128
|
+
continue;
|
|
129
|
+
const eq = trimmed.indexOf("=");
|
|
130
|
+
if (eq <= 0)
|
|
131
|
+
continue;
|
|
132
|
+
if (trimmed.slice(0, eq).trim() !== name)
|
|
133
|
+
continue;
|
|
134
|
+
let value = trimmed.slice(eq + 1).trim();
|
|
135
|
+
if (value.startsWith('"') && value.endsWith('"')) {
|
|
136
|
+
value = value.slice(1, -1);
|
|
137
|
+
}
|
|
138
|
+
try {
|
|
139
|
+
value = decodeURIComponent(value);
|
|
140
|
+
}
|
|
141
|
+
catch {
|
|
142
|
+
// Keep the raw cookie value if it was not percent-encoded.
|
|
143
|
+
}
|
|
144
|
+
if (value && !values.includes(value))
|
|
145
|
+
values.push(value);
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
// H3's cookie parser keeps only the first duplicate name. Preserve it as a
|
|
149
|
+
// fallback for mock/runtime shapes that do not expose the raw Cookie header.
|
|
150
|
+
const parsed = getCookie(event, name);
|
|
151
|
+
if (parsed && !values.includes(parsed))
|
|
152
|
+
values.push(parsed);
|
|
153
|
+
return values;
|
|
154
|
+
}
|
|
155
|
+
function getFrameworkSessionCookieValues(event) {
|
|
156
|
+
return getCookieValues(event, COOKIE_NAME);
|
|
157
|
+
}
|
|
158
|
+
function frameworkSessionCookieNamesToClear() {
|
|
159
|
+
const names = new Set([COOKIE_NAME]);
|
|
160
|
+
if (APP_NAME_SLUG)
|
|
161
|
+
names.add(`an_session_${APP_NAME_SLUG}`);
|
|
162
|
+
return [...names];
|
|
163
|
+
}
|
|
164
|
+
function deleteCookieFromEveryScope(event, name) {
|
|
165
|
+
// Clear host-only cookies first. When COOKIE_DOMAIN was introduced, stale
|
|
166
|
+
// host-only `an_session` cookies could shadow the new domain cookie because
|
|
167
|
+
// browsers send older same-path duplicates first.
|
|
168
|
+
deleteCookie(event, name, { path: "/" });
|
|
169
|
+
const domainAttrs = cookieDomainAttrs();
|
|
170
|
+
if (domainAttrs.domain) {
|
|
171
|
+
deleteCookie(event, name, { path: "/", ...domainAttrs });
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
function clearFrameworkSessionCookies(event) {
|
|
175
|
+
for (const name of frameworkSessionCookieNamesToClear()) {
|
|
176
|
+
deleteCookieFromEveryScope(event, name);
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
async function getLegacyCookieSession(event) {
|
|
180
|
+
for (const cookie of getFrameworkSessionCookieValues(event)) {
|
|
181
|
+
const email = await getSessionEmail(cookie);
|
|
182
|
+
if (email)
|
|
183
|
+
return { email, token: cookie };
|
|
184
|
+
}
|
|
185
|
+
return null;
|
|
186
|
+
}
|
|
120
187
|
function getOAuthStateAppId() {
|
|
121
188
|
const raw = process.env.APP_NAME || process.env.npm_package_name;
|
|
122
189
|
if (!raw)
|
|
@@ -478,6 +545,16 @@ export async function getSessionEmail(token) {
|
|
|
478
545
|
let customGetSession = null;
|
|
479
546
|
let _authGuardConfig = null;
|
|
480
547
|
const _genericGoogleOAuthRoutesEnabled = new WeakMap();
|
|
548
|
+
function resolveWorkspaceAppAudience(options = {}) {
|
|
549
|
+
return normalizeWorkspaceAppAudience(options.workspaceAppAudience ?? workspaceAppAudienceFromEnv());
|
|
550
|
+
}
|
|
551
|
+
function resolveWorkspaceAppRouteAccess(options = {}) {
|
|
552
|
+
const env = workspaceAppRouteAccessFromEnv();
|
|
553
|
+
return {
|
|
554
|
+
publicPaths: options.workspaceAppPublicPaths ?? env.publicPaths,
|
|
555
|
+
protectedPaths: options.workspaceAppProtectedPaths ?? env.protectedPaths,
|
|
556
|
+
};
|
|
557
|
+
}
|
|
481
558
|
function setGenericGoogleOAuthRoutesEnabled(app, enabled) {
|
|
482
559
|
if (app && typeof app === "object") {
|
|
483
560
|
_genericGoogleOAuthRoutesEnabled.set(app, enabled);
|
|
@@ -850,6 +927,9 @@ function createAuthGuardFn() {
|
|
|
850
927
|
return;
|
|
851
928
|
if (isPublicPath(normalizedUrl, publicPaths))
|
|
852
929
|
return;
|
|
930
|
+
if (isPublicWorkspacePageRequest(event, p, config)) {
|
|
931
|
+
return;
|
|
932
|
+
}
|
|
853
933
|
const session = await getSession(event);
|
|
854
934
|
if (session)
|
|
855
935
|
return;
|
|
@@ -857,12 +937,116 @@ function createAuthGuardFn() {
|
|
|
857
937
|
setResponseStatus(event, 401);
|
|
858
938
|
return { error: "Unauthorized" };
|
|
859
939
|
}
|
|
940
|
+
// Local-dev convenience: on the first page GET of a freshly-scaffolded
|
|
941
|
+
// app, transparently create + sign in `dev@local` instead of showing the
|
|
942
|
+
// sign-up form. Gated on NODE_ENV=development AND no real users in the
|
|
943
|
+
// DB, so production and any app that has ever had a real signup are
|
|
944
|
+
// unaffected. See maybeAutoCreateDevSession for full conditions.
|
|
945
|
+
if (getMethod(event) === "GET") {
|
|
946
|
+
const autoSession = await maybeAutoCreateDevSession(event, url);
|
|
947
|
+
if (autoSession)
|
|
948
|
+
return autoSession;
|
|
949
|
+
}
|
|
860
950
|
return new Response(loginHtml, {
|
|
861
951
|
status: 200,
|
|
862
952
|
headers: { "Content-Type": "text/html; charset=utf-8" },
|
|
863
953
|
});
|
|
864
954
|
};
|
|
865
955
|
}
|
|
956
|
+
const AUTO_DEV_ACCOUNT_EMAIL = "dev@local";
|
|
957
|
+
const AUTO_DEV_ACCOUNT_PASSWORD = "local-dev-account";
|
|
958
|
+
/**
|
|
959
|
+
* Local-dev convenience: skip the sign-up wall on first run.
|
|
960
|
+
*
|
|
961
|
+
* When NODE_ENV=development AND the `user` table has no rows for any
|
|
962
|
+
* email other than `dev@local`, transparently sign up (or sign back in
|
|
963
|
+
* to) the auto-managed dev account and return a 302 to the original URL
|
|
964
|
+
* with a session cookie set. A developer who just ran `pnpm dev` lands
|
|
965
|
+
* in the app immediately instead of being asked to fill in name + email
|
|
966
|
+
* + password to try the framework.
|
|
967
|
+
*
|
|
968
|
+
* Auto-create fires exactly once per local DB: as soon as `dev@local`
|
|
969
|
+
* (or any real user) exists in the `user` table, the helper returns
|
|
970
|
+
* null and the normal login flow takes over. Signing out then leaves
|
|
971
|
+
* the user on the regular sign-in form; without this guard the
|
|
972
|
+
* post-logout reload would silently re-create the session.
|
|
973
|
+
*
|
|
974
|
+
* The fixed password is intentional: it means a developer who signs
|
|
975
|
+
* out can sign back in with `dev@local` / `local-dev-account` from
|
|
976
|
+
* the regular login form. To get the auto-flow back, drop the user
|
|
977
|
+
* row or wipe the local DB. Set
|
|
978
|
+
* `AGENT_NATIVE_DISABLE_AUTO_DEV_ACCOUNT=1` to opt out entirely
|
|
979
|
+
* (useful for tests that exercise the unauthenticated branch). This
|
|
980
|
+
* is local-only — the helper is gated on NODE_ENV.
|
|
981
|
+
*/
|
|
982
|
+
async function maybeAutoCreateDevSession(event, redirectTo) {
|
|
983
|
+
if (!isDevEnvironment())
|
|
984
|
+
return null;
|
|
985
|
+
if (process.env.AGENT_NATIVE_DISABLE_AUTO_DEV_ACCOUNT === "1")
|
|
986
|
+
return null;
|
|
987
|
+
try {
|
|
988
|
+
const db = getDbExec();
|
|
989
|
+
const { rows: realUsers } = await db.execute({
|
|
990
|
+
sql: 'SELECT 1 FROM "user" WHERE email != ? LIMIT 1',
|
|
991
|
+
args: [AUTO_DEV_ACCOUNT_EMAIL],
|
|
992
|
+
});
|
|
993
|
+
if (realUsers.length > 0)
|
|
994
|
+
return null;
|
|
995
|
+
// If `dev@local` already exists, this is not a freshly-scaffolded
|
|
996
|
+
// app — the user has been through the auto-create flow at least
|
|
997
|
+
// once. Skip auto-create so signing out actually works: without
|
|
998
|
+
// this guard, the post-logout reload immediately re-creates the
|
|
999
|
+
// session and the user is stuck in dev@local forever (or has to
|
|
1000
|
+
// set AGENT_NATIVE_DISABLE_AUTO_DEV_ACCOUNT=1). To get the demo
|
|
1001
|
+
// experience back, drop the row or wipe the local DB.
|
|
1002
|
+
const { rows: devUsers } = await db.execute({
|
|
1003
|
+
sql: 'SELECT 1 FROM "user" WHERE email = ? LIMIT 1',
|
|
1004
|
+
args: [AUTO_DEV_ACCOUNT_EMAIL],
|
|
1005
|
+
});
|
|
1006
|
+
if (devUsers.length > 0)
|
|
1007
|
+
return null;
|
|
1008
|
+
const auth = await getBetterAuth();
|
|
1009
|
+
if (!auth)
|
|
1010
|
+
return null;
|
|
1011
|
+
// Idempotent sign-up: succeeds on first run, throws an "already exists"
|
|
1012
|
+
// failure on subsequent runs (which we swallow before falling through
|
|
1013
|
+
// to the sign-in path below).
|
|
1014
|
+
try {
|
|
1015
|
+
await auth.api.signUpEmail({
|
|
1016
|
+
body: {
|
|
1017
|
+
email: AUTO_DEV_ACCOUNT_EMAIL,
|
|
1018
|
+
password: AUTO_DEV_ACCOUNT_PASSWORD,
|
|
1019
|
+
name: "Dev",
|
|
1020
|
+
},
|
|
1021
|
+
});
|
|
1022
|
+
}
|
|
1023
|
+
catch (e) {
|
|
1024
|
+
if (!isExpectedAuthFailure(e))
|
|
1025
|
+
throw e;
|
|
1026
|
+
}
|
|
1027
|
+
const result = await auth.api.signInEmail({
|
|
1028
|
+
body: {
|
|
1029
|
+
email: AUTO_DEV_ACCOUNT_EMAIL,
|
|
1030
|
+
password: AUTO_DEV_ACCOUNT_PASSWORD,
|
|
1031
|
+
},
|
|
1032
|
+
});
|
|
1033
|
+
if (!result?.token)
|
|
1034
|
+
return null;
|
|
1035
|
+
setFrameworkSessionCookie(event, result.token);
|
|
1036
|
+
await addSession(result.token, AUTO_DEV_ACCOUNT_EMAIL);
|
|
1037
|
+
return new Response("", {
|
|
1038
|
+
status: 302,
|
|
1039
|
+
headers: { Location: redirectTo },
|
|
1040
|
+
});
|
|
1041
|
+
}
|
|
1042
|
+
catch (e) {
|
|
1043
|
+
// Local-dev only — log to console for debugging, but don't surface
|
|
1044
|
+
// through Sentry. Falling back to the regular login form is the
|
|
1045
|
+
// correct user-facing behavior when this path fails.
|
|
1046
|
+
console.warn("[agent-native] auto dev account skipped:", e);
|
|
1047
|
+
return null;
|
|
1048
|
+
}
|
|
1049
|
+
}
|
|
866
1050
|
/**
|
|
867
1051
|
* Map a Better Auth session to our AuthSession type.
|
|
868
1052
|
*/
|
|
@@ -896,12 +1080,9 @@ export async function getSession(event) {
|
|
|
896
1080
|
// 1. ACCESS_TOKEN check (programmatic/agent access)
|
|
897
1081
|
const accessTokens = getAccessTokens();
|
|
898
1082
|
if (accessTokens.length > 0) {
|
|
899
|
-
const
|
|
900
|
-
if (
|
|
901
|
-
|
|
902
|
-
if (email)
|
|
903
|
-
return { email, token: cookie };
|
|
904
|
-
}
|
|
1083
|
+
const cookieSession = await getLegacyCookieSession(event);
|
|
1084
|
+
if (cookieSession)
|
|
1085
|
+
return cookieSession;
|
|
905
1086
|
}
|
|
906
1087
|
// 2. BYOA custom getSession
|
|
907
1088
|
if (customGetSession) {
|
|
@@ -943,13 +1124,9 @@ export async function getSession(event) {
|
|
|
943
1124
|
console.error("[auth] ba.api.getSession error:", e);
|
|
944
1125
|
}
|
|
945
1126
|
// 5. Legacy cookie fallback (for sessions created before migration)
|
|
946
|
-
const
|
|
947
|
-
if (
|
|
948
|
-
|
|
949
|
-
if (email) {
|
|
950
|
-
return { email, token: cookie };
|
|
951
|
-
}
|
|
952
|
-
}
|
|
1127
|
+
const cookieSession = await getLegacyCookieSession(event);
|
|
1128
|
+
if (cookieSession)
|
|
1129
|
+
return cookieSession;
|
|
953
1130
|
// 6. Desktop SSO broker fallback.
|
|
954
1131
|
// Each template in the Electron desktop app has its own database, so
|
|
955
1132
|
// a session token created by one template doesn't resolve in another.
|
|
@@ -1004,6 +1181,7 @@ function crossSiteCookieAttrs(event) {
|
|
|
1004
1181
|
: { sameSite: "lax", secure: false };
|
|
1005
1182
|
}
|
|
1006
1183
|
export function setFrameworkSessionCookie(event, token) {
|
|
1184
|
+
clearFrameworkSessionCookies(event);
|
|
1007
1185
|
setCookie(event, COOKIE_NAME, token, {
|
|
1008
1186
|
httpOnly: true,
|
|
1009
1187
|
...crossSiteCookieAttrs(event),
|
|
@@ -1036,7 +1214,32 @@ function isHttpsRequest(event) {
|
|
|
1036
1214
|
// ---------------------------------------------------------------------------
|
|
1037
1215
|
function isPublicPath(url, publicPaths) {
|
|
1038
1216
|
const p = url.split("?")[0];
|
|
1039
|
-
return
|
|
1217
|
+
return matchesPathList(p, publicPaths);
|
|
1218
|
+
}
|
|
1219
|
+
function matchesPathList(path, paths) {
|
|
1220
|
+
return paths.some((candidate) => {
|
|
1221
|
+
const normalized = candidate.length > 1 && candidate.endsWith("/")
|
|
1222
|
+
? candidate.slice(0, -1)
|
|
1223
|
+
: candidate;
|
|
1224
|
+
return path === normalized || path.startsWith(normalized + "/");
|
|
1225
|
+
});
|
|
1226
|
+
}
|
|
1227
|
+
function isPublicWorkspacePageRequest(event, path, config) {
|
|
1228
|
+
if (!isReadMethod(event))
|
|
1229
|
+
return false;
|
|
1230
|
+
if (path === "/_agent-native" ||
|
|
1231
|
+
path.startsWith("/_agent-native/") ||
|
|
1232
|
+
path === "/api" ||
|
|
1233
|
+
path.startsWith("/api/") ||
|
|
1234
|
+
path === "/.well-known" ||
|
|
1235
|
+
path.startsWith("/.well-known/")) {
|
|
1236
|
+
return false;
|
|
1237
|
+
}
|
|
1238
|
+
if (matchesPathList(path, config.workspaceAppProtectedPaths))
|
|
1239
|
+
return false;
|
|
1240
|
+
if (matchesPathList(path, config.workspaceAppPublicPaths))
|
|
1241
|
+
return true;
|
|
1242
|
+
return config.workspaceAppAudience === "public";
|
|
1040
1243
|
}
|
|
1041
1244
|
function stripAppBasePath(pathname) {
|
|
1042
1245
|
const basePath = getAppBasePath();
|
|
@@ -1384,6 +1587,8 @@ function getTokenLoginHtml(options = {}) {
|
|
|
1384
1587
|
// ---------------------------------------------------------------------------
|
|
1385
1588
|
async function mountBetterAuthRoutes(app, options) {
|
|
1386
1589
|
const publicPaths = [...(options.publicPaths ?? [])];
|
|
1590
|
+
const workspaceAppAudience = resolveWorkspaceAppAudience(options);
|
|
1591
|
+
const workspaceAppRouteAccess = resolveWorkspaceAppRouteAccess(options);
|
|
1387
1592
|
// The A2A agent card is part of an open protocol — other agents must be
|
|
1388
1593
|
// able to discover it without auth. Same for favicons and similar probes.
|
|
1389
1594
|
for (const pp of ["/.well-known", "/favicon.ico", "/favicon.png"]) {
|
|
@@ -1488,10 +1693,6 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
1488
1693
|
try {
|
|
1489
1694
|
const query = getQuery(event);
|
|
1490
1695
|
const code = query.code;
|
|
1491
|
-
if (!code) {
|
|
1492
|
-
setResponseStatus(event, 400);
|
|
1493
|
-
return { error: "Missing authorization code" };
|
|
1494
|
-
}
|
|
1495
1696
|
const { redirectUri, desktop, returnUrl, flowId } = decodeOAuthState(query.state, getAppUrl(event, "/_agent-native/google/callback"));
|
|
1496
1697
|
callbackFlowId = flowId;
|
|
1497
1698
|
callbackDesktop = desktop;
|
|
@@ -1502,14 +1703,50 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
1502
1703
|
hasCode: !!code,
|
|
1503
1704
|
returnUrl,
|
|
1504
1705
|
});
|
|
1706
|
+
if (!code) {
|
|
1707
|
+
const providerError = typeof query.error === "string" && query.error
|
|
1708
|
+
? query.error
|
|
1709
|
+
: undefined;
|
|
1710
|
+
const providerDescription = typeof query.error_description === "string" &&
|
|
1711
|
+
query.error_description
|
|
1712
|
+
? query.error_description
|
|
1713
|
+
: undefined;
|
|
1714
|
+
const msg = providerDescription ||
|
|
1715
|
+
providerError ||
|
|
1716
|
+
"Missing authorization code";
|
|
1717
|
+
if (flowId) {
|
|
1718
|
+
setDesktopExchangeError(flowId, {
|
|
1719
|
+
message: `Google sign-in failed: ${msg}`,
|
|
1720
|
+
code: providerError || "missing_authorization_code",
|
|
1721
|
+
});
|
|
1722
|
+
}
|
|
1723
|
+
logGoogleOAuthDebug(event, "callback-error", {
|
|
1724
|
+
flowId,
|
|
1725
|
+
desktop,
|
|
1726
|
+
message: msg,
|
|
1727
|
+
code: providerError,
|
|
1728
|
+
});
|
|
1729
|
+
return oauthErrorPage(`Connection failed: ${msg}`);
|
|
1730
|
+
}
|
|
1505
1731
|
// Defence in depth: the state is HMAC-signed, but if the signing
|
|
1506
1732
|
// key ever leaked an attacker could mint state with their own
|
|
1507
1733
|
// redirect_uri. Re-validate against the same allowlist used at
|
|
1508
1734
|
// auth-url time so the token exchange is always sent to a URI we
|
|
1509
1735
|
// own.
|
|
1510
1736
|
if (!isAllowedOAuthRedirectUri(redirectUri, event)) {
|
|
1511
|
-
|
|
1512
|
-
|
|
1737
|
+
const msg = "Invalid Google OAuth redirect URI in state. Restart sign-in from this app.";
|
|
1738
|
+
if (flowId) {
|
|
1739
|
+
setDesktopExchangeError(flowId, {
|
|
1740
|
+
message: msg,
|
|
1741
|
+
code: "invalid_redirect_uri",
|
|
1742
|
+
});
|
|
1743
|
+
}
|
|
1744
|
+
logGoogleOAuthDebug(event, "callback-error", {
|
|
1745
|
+
flowId,
|
|
1746
|
+
desktop,
|
|
1747
|
+
message: msg,
|
|
1748
|
+
});
|
|
1749
|
+
return oauthErrorPage(`Connection failed: ${msg}`);
|
|
1513
1750
|
}
|
|
1514
1751
|
const tokenRes = await fetch("https://oauth2.googleapis.com/token", {
|
|
1515
1752
|
method: "POST",
|
|
@@ -1580,6 +1817,12 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
1580
1817
|
}
|
|
1581
1818
|
catch (error) {
|
|
1582
1819
|
const msg = error.message || "Unknown error";
|
|
1820
|
+
if (callbackFlowId) {
|
|
1821
|
+
setDesktopExchangeError(callbackFlowId, {
|
|
1822
|
+
message: `Google sign-in failed: ${msg}`,
|
|
1823
|
+
code: "callback_error",
|
|
1824
|
+
});
|
|
1825
|
+
}
|
|
1583
1826
|
logGoogleOAuthDebug(event, "callback-error", {
|
|
1584
1827
|
flowId: callbackFlowId,
|
|
1585
1828
|
desktop: callbackDesktop,
|
|
@@ -1821,13 +2064,7 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
1821
2064
|
}
|
|
1822
2065
|
const sessionToken = crypto.randomBytes(32).toString("hex");
|
|
1823
2066
|
await addSession(sessionToken, "user");
|
|
1824
|
-
|
|
1825
|
-
httpOnly: true,
|
|
1826
|
-
...crossSiteCookieAttrs(event),
|
|
1827
|
-
...cookieDomainAttrs(),
|
|
1828
|
-
path: "/",
|
|
1829
|
-
maxAge: sessionMaxAge,
|
|
1830
|
-
});
|
|
2067
|
+
setFrameworkSessionCookie(event, sessionToken);
|
|
1831
2068
|
return authLoginResponse(event, sessionToken, "user");
|
|
1832
2069
|
}
|
|
1833
2070
|
// Email/password login via Better Auth
|
|
@@ -1842,13 +2079,7 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
1842
2079
|
body: { email, password },
|
|
1843
2080
|
});
|
|
1844
2081
|
if (result?.token) {
|
|
1845
|
-
|
|
1846
|
-
httpOnly: true,
|
|
1847
|
-
...crossSiteCookieAttrs(event),
|
|
1848
|
-
...cookieDomainAttrs(),
|
|
1849
|
-
path: "/",
|
|
1850
|
-
maxAge: sessionMaxAge,
|
|
1851
|
-
});
|
|
2082
|
+
setFrameworkSessionCookie(event, result.token);
|
|
1852
2083
|
await addSession(result.token, email);
|
|
1853
2084
|
if (isElectronRequest(event)) {
|
|
1854
2085
|
await writeDesktopSso({
|
|
@@ -1911,13 +2142,13 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
1911
2142
|
}));
|
|
1912
2143
|
// Backward-compat: POST /_agent-native/auth/logout
|
|
1913
2144
|
app.use("/_agent-native/auth/logout", defineEventHandler(async (event) => {
|
|
1914
|
-
const cookie
|
|
1915
|
-
if (cookie)
|
|
2145
|
+
for (const cookie of getFrameworkSessionCookieValues(event)) {
|
|
1916
2146
|
await removeSession(cookie);
|
|
2147
|
+
}
|
|
1917
2148
|
const bearerToken = getBearerSessionToken(event);
|
|
1918
2149
|
if (bearerToken)
|
|
1919
2150
|
await removeSession(bearerToken);
|
|
1920
|
-
|
|
2151
|
+
clearFrameworkSessionCookies(event);
|
|
1921
2152
|
try {
|
|
1922
2153
|
await auth.api.signOut({ headers: event.headers });
|
|
1923
2154
|
}
|
|
@@ -1980,7 +2211,7 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
1980
2211
|
}
|
|
1981
2212
|
// 3. Drop the current request's cookie and best-effort sign out
|
|
1982
2213
|
// of Better Auth (so the response sets the proper expiry header).
|
|
1983
|
-
|
|
2214
|
+
clearFrameworkSessionCookies(event);
|
|
1984
2215
|
try {
|
|
1985
2216
|
await auth.api.signOut({ headers: event.headers });
|
|
1986
2217
|
}
|
|
@@ -2026,7 +2257,13 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
2026
2257
|
googleSignInNotice: options.googleSignInNotice,
|
|
2027
2258
|
googleAuthMode: options.googleAuthMode,
|
|
2028
2259
|
});
|
|
2029
|
-
_authGuardConfig = {
|
|
2260
|
+
_authGuardConfig = {
|
|
2261
|
+
loginHtml,
|
|
2262
|
+
publicPaths,
|
|
2263
|
+
workspaceAppAudience,
|
|
2264
|
+
workspaceAppPublicPaths: workspaceAppRouteAccess.publicPaths,
|
|
2265
|
+
workspaceAppProtectedPaths: workspaceAppRouteAccess.protectedPaths,
|
|
2266
|
+
};
|
|
2030
2267
|
const guardFn = createAuthGuardFn();
|
|
2031
2268
|
_authGuardFn = guardFn;
|
|
2032
2269
|
app.use(defineEventHandler(guardFn));
|
|
@@ -2034,7 +2271,7 @@ async function mountBetterAuthRoutes(app, options) {
|
|
|
2034
2271
|
// ---------------------------------------------------------------------------
|
|
2035
2272
|
// mountTokenOnlyRoutes — ACCESS_TOKEN-only auth (no Better Auth)
|
|
2036
2273
|
// ---------------------------------------------------------------------------
|
|
2037
|
-
function mountTokenOnlyRoutes(app, accessTokens, publicPaths = []) {
|
|
2274
|
+
function mountTokenOnlyRoutes(app, accessTokens, publicPaths = [], workspaceAppAudience = resolveWorkspaceAppAudience(), workspaceAppRouteAccess = resolveWorkspaceAppRouteAccess()) {
|
|
2038
2275
|
app.use("/_agent-native/auth/login", defineEventHandler(async (event) => {
|
|
2039
2276
|
if (getMethod(event) !== "POST") {
|
|
2040
2277
|
setResponseStatus(event, 405);
|
|
@@ -2049,23 +2286,17 @@ function mountTokenOnlyRoutes(app, accessTokens, publicPaths = []) {
|
|
|
2049
2286
|
}
|
|
2050
2287
|
const sessionToken = crypto.randomBytes(32).toString("hex");
|
|
2051
2288
|
await addSession(sessionToken, "user");
|
|
2052
|
-
|
|
2053
|
-
httpOnly: true,
|
|
2054
|
-
...crossSiteCookieAttrs(event),
|
|
2055
|
-
...cookieDomainAttrs(),
|
|
2056
|
-
path: "/",
|
|
2057
|
-
maxAge: sessionMaxAge,
|
|
2058
|
-
});
|
|
2289
|
+
setFrameworkSessionCookie(event, sessionToken);
|
|
2059
2290
|
return authLoginResponse(event, sessionToken, "user");
|
|
2060
2291
|
}));
|
|
2061
2292
|
app.use("/_agent-native/auth/logout", defineEventHandler(async (event) => {
|
|
2062
|
-
const cookie
|
|
2063
|
-
if (cookie)
|
|
2293
|
+
for (const cookie of getFrameworkSessionCookieValues(event)) {
|
|
2064
2294
|
await removeSession(cookie);
|
|
2295
|
+
}
|
|
2065
2296
|
const bearerToken = getBearerSessionToken(event);
|
|
2066
2297
|
if (bearerToken)
|
|
2067
2298
|
await removeSession(bearerToken);
|
|
2068
|
-
|
|
2299
|
+
clearFrameworkSessionCookies(event);
|
|
2069
2300
|
if (isElectronRequest(event))
|
|
2070
2301
|
await clearDesktopSso();
|
|
2071
2302
|
return { ok: true };
|
|
@@ -2082,6 +2313,9 @@ function mountTokenOnlyRoutes(app, accessTokens, publicPaths = []) {
|
|
|
2082
2313
|
loginHtml: getTokenLoginHtml(),
|
|
2083
2314
|
getLoginHtml: (_event, rawPath) => getTokenLoginHtml({ requestPath: rawPath }),
|
|
2084
2315
|
publicPaths,
|
|
2316
|
+
workspaceAppAudience,
|
|
2317
|
+
workspaceAppPublicPaths: workspaceAppRouteAccess.publicPaths,
|
|
2318
|
+
workspaceAppProtectedPaths: workspaceAppRouteAccess.protectedPaths,
|
|
2085
2319
|
};
|
|
2086
2320
|
const guardFn = createAuthGuardFn();
|
|
2087
2321
|
_authGuardFn = guardFn;
|
|
@@ -2109,13 +2343,7 @@ function mountAuthFallbackRoutes(app) {
|
|
|
2109
2343
|
body: { email, password },
|
|
2110
2344
|
});
|
|
2111
2345
|
if (result?.token) {
|
|
2112
|
-
|
|
2113
|
-
httpOnly: true,
|
|
2114
|
-
...crossSiteCookieAttrs(event),
|
|
2115
|
-
...cookieDomainAttrs(),
|
|
2116
|
-
path: "/",
|
|
2117
|
-
maxAge: sessionMaxAge,
|
|
2118
|
-
});
|
|
2346
|
+
setFrameworkSessionCookie(event, result.token);
|
|
2119
2347
|
await addSession(result.token, email);
|
|
2120
2348
|
if (isElectronRequest(event)) {
|
|
2121
2349
|
await writeDesktopSso({
|
|
@@ -2171,13 +2399,13 @@ function mountAuthFallbackRoutes(app) {
|
|
|
2171
2399
|
}
|
|
2172
2400
|
}));
|
|
2173
2401
|
app.use("/_agent-native/auth/logout", defineEventHandler(async (event) => {
|
|
2174
|
-
const cookie
|
|
2175
|
-
if (cookie)
|
|
2402
|
+
for (const cookie of getFrameworkSessionCookieValues(event)) {
|
|
2176
2403
|
await removeSession(cookie);
|
|
2404
|
+
}
|
|
2177
2405
|
const bearerToken = getBearerSessionToken(event);
|
|
2178
2406
|
if (bearerToken)
|
|
2179
2407
|
await removeSession(bearerToken);
|
|
2180
|
-
|
|
2408
|
+
clearFrameworkSessionCookies(event);
|
|
2181
2409
|
try {
|
|
2182
2410
|
const auth = await getBetterAuth();
|
|
2183
2411
|
await auth.api.signOut({ headers: event.headers });
|
|
@@ -2257,6 +2485,18 @@ export async function autoMountAuth(app, options = {}) {
|
|
|
2257
2485
|
...options.publicPaths,
|
|
2258
2486
|
];
|
|
2259
2487
|
}
|
|
2488
|
+
if (options.workspaceAppAudience) {
|
|
2489
|
+
_authGuardConfig.workspaceAppAudience =
|
|
2490
|
+
resolveWorkspaceAppAudience(options);
|
|
2491
|
+
}
|
|
2492
|
+
if (options.workspaceAppPublicPaths) {
|
|
2493
|
+
_authGuardConfig.workspaceAppPublicPaths =
|
|
2494
|
+
options.workspaceAppPublicPaths;
|
|
2495
|
+
}
|
|
2496
|
+
if (options.workspaceAppProtectedPaths) {
|
|
2497
|
+
_authGuardConfig.workspaceAppProtectedPaths =
|
|
2498
|
+
options.workspaceAppProtectedPaths;
|
|
2499
|
+
}
|
|
2260
2500
|
}
|
|
2261
2501
|
return true;
|
|
2262
2502
|
}
|
|
@@ -2276,6 +2516,8 @@ export async function autoMountAuth(app, options = {}) {
|
|
|
2276
2516
|
customGetSession = null;
|
|
2277
2517
|
sessionMaxAge = options.maxAge ?? DEFAULT_MAX_AGE;
|
|
2278
2518
|
const publicPaths = options.publicPaths ?? [];
|
|
2519
|
+
const workspaceAppAudience = resolveWorkspaceAppAudience(options);
|
|
2520
|
+
const workspaceAppRouteAccess = resolveWorkspaceAppRouteAccess(options);
|
|
2279
2521
|
mountAuthCorsMiddleware(app);
|
|
2280
2522
|
if (options.getSession) {
|
|
2281
2523
|
customGetSession = options.getSession;
|
|
@@ -2292,13 +2534,13 @@ export async function autoMountAuth(app, options = {}) {
|
|
|
2292
2534
|
}));
|
|
2293
2535
|
app.use("/_agent-native/auth/login", defineEventHandler(() => ({ ok: true })));
|
|
2294
2536
|
app.use("/_agent-native/auth/logout", defineEventHandler(async (event) => {
|
|
2295
|
-
const cookie
|
|
2296
|
-
if (cookie)
|
|
2537
|
+
for (const cookie of getFrameworkSessionCookieValues(event)) {
|
|
2297
2538
|
await removeSession(cookie);
|
|
2539
|
+
}
|
|
2298
2540
|
const bearerToken = getBearerSessionToken(event);
|
|
2299
2541
|
if (bearerToken)
|
|
2300
2542
|
await removeSession(bearerToken);
|
|
2301
|
-
|
|
2543
|
+
clearFrameworkSessionCookies(event);
|
|
2302
2544
|
if (isElectronRequest(event))
|
|
2303
2545
|
await clearDesktopSso();
|
|
2304
2546
|
return { ok: true };
|
|
@@ -2312,6 +2554,9 @@ export async function autoMountAuth(app, options = {}) {
|
|
|
2312
2554
|
getLoginHtml: (_event, rawPath) => getTokenLoginHtml({ requestPath: rawPath }),
|
|
2313
2555
|
}),
|
|
2314
2556
|
publicPaths,
|
|
2557
|
+
workspaceAppAudience,
|
|
2558
|
+
workspaceAppPublicPaths: workspaceAppRouteAccess.publicPaths,
|
|
2559
|
+
workspaceAppProtectedPaths: workspaceAppRouteAccess.protectedPaths,
|
|
2315
2560
|
};
|
|
2316
2561
|
const guardFn = createAuthGuardFn();
|
|
2317
2562
|
_authGuardFn = guardFn;
|
|
@@ -2323,7 +2568,7 @@ export async function autoMountAuth(app, options = {}) {
|
|
|
2323
2568
|
// ACCESS_TOKEN-only mode
|
|
2324
2569
|
const tokens = getAccessTokens();
|
|
2325
2570
|
if (tokens.length > 0) {
|
|
2326
|
-
mountTokenOnlyRoutes(app, tokens, publicPaths);
|
|
2571
|
+
mountTokenOnlyRoutes(app, tokens, publicPaths, workspaceAppAudience, workspaceAppRouteAccess);
|
|
2327
2572
|
if (process.env.DEBUG)
|
|
2328
2573
|
console.log(`[agent-native] Auth enabled — ${tokens.length} access token(s) configured.`);
|
|
2329
2574
|
return true;
|
|
@@ -2347,7 +2592,13 @@ export async function autoMountAuth(app, options = {}) {
|
|
|
2347
2592
|
googleSignInNotice: options.googleSignInNotice,
|
|
2348
2593
|
googleAuthMode: options.googleAuthMode,
|
|
2349
2594
|
});
|
|
2350
|
-
_authGuardConfig = {
|
|
2595
|
+
_authGuardConfig = {
|
|
2596
|
+
loginHtml,
|
|
2597
|
+
publicPaths,
|
|
2598
|
+
workspaceAppAudience,
|
|
2599
|
+
workspaceAppPublicPaths: workspaceAppRouteAccess.publicPaths,
|
|
2600
|
+
workspaceAppProtectedPaths: workspaceAppRouteAccess.protectedPaths,
|
|
2601
|
+
};
|
|
2351
2602
|
const guardFn = createAuthGuardFn();
|
|
2352
2603
|
_authGuardFn = guardFn;
|
|
2353
2604
|
app.use(defineEventHandler(guardFn));
|