@agent-native/core 0.14.8 → 0.15.1

package/dist/sharing/actions/set-resource-visibility.js

@@ -1,7 +1,8 @@
 import { eq } from "drizzle-orm";
 import { z } from "zod";
 import { defineAction } from "../../action.js";
-import { assertAccess } from "../access.js";
+import { getRequestOrgId } from "../../server/request-context.js";
+import { assertAccess, ForbiddenError } from "../access.js";
 import { requireShareableResource } from "../registry.js";
 export default defineAction({
     description: "Change the coarse visibility of a shareable resource: 'private' | 'org' | 'public'. Owner or admin role required.",
@@ -15,11 +16,19 @@ export default defineAction({
     }),
     run: async (args) => {
         const reg = requireShareableResource(args.resourceType);
-        await assertAccess(args.resourceType, args.resourceId, "admin");
+        if (args.visibility === "public" && reg.allowPublic === false) {
+            throw new ForbiddenError(`${reg.displayName} cannot be made public — share with specific people or your organization instead.`);
+        }
+        const access = await assertAccess(args.resourceType, args.resourceId, "admin");
         const db = reg.getDb();
+        const update = { visibility: args.visibility };
+        const currentOrgId = getRequestOrgId();
+        if (args.visibility === "org" && currentOrgId && !access.resource?.orgId) {
+            update.orgId = currentOrgId;
+        }
         await db
             .update(reg.resourceTable)
-            .set({ visibility: args.visibility })
+            .set(update)
             .where(eq(reg.resourceTable.id, args.resourceId));
         return { ok: true, visibility: args.visibility };
     },

package/dist/sharing/actions/set-resource-visibility.js.map

@@ -1 +1 @@
-{"version":3,"file":"set-resource-visibility.js","sourceRoot":"","sources":["../../../src/sharing/actions/set-resource-visibility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAE1D,eAAe,YAAY,CAAC;IAC1B,WAAW,EACT,mHAAmH;IACrH,sEAAsE;IACtE,oEAAoE;IACpE,YAAY,EAAE,KAAK;IACnB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;KACjD,CAAC;IACF,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAClB,MAAM,GAAG,GAAG,wBAAwB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxD,MAAM,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAChE,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;QAC9B,MAAM,EAAE;aACL,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;aACzB,GAAG,CAAC,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;aACpC,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QACpD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;IACnD,CAAC;CACF,CAAC,CAAC","sourcesContent":["import { eq } from \"drizzle-orm\";\nimport { z } from \"zod\";\nimport { defineAction } from \"../../action.js\";\nimport { assertAccess } from \"../access.js\";\nimport { requireShareableResource } from \"../registry.js\";\n\nexport default defineAction({\n  description:\n    \"Change the coarse visibility of a shareable resource: 'private' | 'org' | 'public'. Owner or admin role required.\",\n  // (audit H5) Visibility changes are admin-tier and can flip a private\n  // resource org-wide or public. Refuse from the tools iframe bridge.\n  toolCallable: false,\n  schema: z.object({\n    resourceType: z.string(),\n    resourceId: z.string(),\n    visibility: z.enum([\"private\", \"org\", \"public\"]),\n  }),\n  run: async (args) => {\n    const reg = requireShareableResource(args.resourceType);\n    await assertAccess(args.resourceType, args.resourceId, \"admin\");\n    const db = reg.getDb() as any;\n    await db\n      .update(reg.resourceTable)\n      .set({ visibility: args.visibility })\n      .where(eq(reg.resourceTable.id, args.resourceId));\n    return { ok: true, visibility: args.visibility };\n  },\n});\n"]}
+{"version":3,"file":"set-resource-visibility.js","sourceRoot":"","sources":["../../../src/sharing/actions/set-resource-visibility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAE1D,eAAe,YAAY,CAAC;IAC1B,WAAW,EACT,mHAAmH;IACrH,sEAAsE;IACtE,oEAAoE;IACpE,YAAY,EAAE,KAAK;IACnB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;KACjD,CAAC;IACF,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAClB,MAAM,GAAG,GAAG,wBAAwB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;YAC9D,MAAM,IAAI,cAAc,CACtB,GAAG,GAAG,CAAC,WAAW,mFAAmF,CACtG,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAC/B,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,EACf,OAAO,CACR,CAAC;QACF,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;QAC9B,MAAM,MAAM,GAA4B,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;QACxE,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;QACvC,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,IAAI,YAAY,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC;YACzE,MAAM,CAAC,KAAK,GAAG,YAAY,CAAC;QAC9B,CAAC;QACD,MAAM,EAAE;aACL,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;aACzB,GAAG,CAAC,MAAM,CAAC;aACX,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QACpD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;IACnD,CAAC;CACF,CAAC,CAAC","sourcesContent":["import { eq } from \"drizzle-orm\";\nimport { z } from \"zod\";\nimport { defineAction } from \"../../action.js\";\nimport { getRequestOrgId } from \"../../server/request-context.js\";\nimport { assertAccess, ForbiddenError } from \"../access.js\";\nimport { requireShareableResource } from \"../registry.js\";\n\nexport default defineAction({\n  description:\n    \"Change the coarse visibility of a shareable resource: 'private' | 'org' | 'public'. Owner or admin role required.\",\n  // (audit H5) Visibility changes are admin-tier and can flip a private\n  // resource org-wide or public. Refuse from the tools iframe bridge.\n  toolCallable: false,\n  schema: z.object({\n    resourceType: z.string(),\n    resourceId: z.string(),\n    visibility: z.enum([\"private\", \"org\", \"public\"]),\n  }),\n  run: async (args) => {\n    const reg = requireShareableResource(args.resourceType);\n    if (args.visibility === \"public\" && reg.allowPublic === false) {\n      throw new ForbiddenError(\n        `${reg.displayName} cannot be made public — share with specific people or your organization instead.`,\n      );\n    }\n    const access = await assertAccess(\n      args.resourceType,\n      args.resourceId,\n      \"admin\",\n    );\n    const db = reg.getDb() as any;\n    const update: Record<string, unknown> = { visibility: args.visibility };\n    const currentOrgId = getRequestOrgId();\n    if (args.visibility === \"org\" && currentOrgId && !access.resource?.orgId) {\n      update.orgId = currentOrgId;\n    }\n    await db\n      .update(reg.resourceTable)\n      .set(update)\n      .where(eq(reg.resourceTable.id, args.resourceId));\n    return { ok: true, visibility: args.visibility };\n  },\n});\n"]}

package/dist/sharing/actions/share-resource.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"share-resource.d.ts","sourceRoot":"","sources":["../../../src/sharing/actions/share-resource.ts"],"names":[],"mappings":"AAUA,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAazD;AAwCD,wBAAgB,2BAA2B,CACzC,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,MAAM,SAAwB,GAC7B,MAAM,CAOR;;AAWD,wBAyHG"}
+{"version":3,"file":"share-resource.d.ts","sourceRoot":"","sources":["../../../src/sharing/actions/share-resource.ts"],"names":[],"mappings":"AAWA,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAazD;AAwCD,wBAAgB,2BAA2B,CACzC,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,YAAY,EAAE,MAAM,GAAG,SAAS,EAChC,MAAM,SAAwB,GAC7B,MAAM,CAOR;;AAwCD,wBAwJG"}

package/dist/sharing/actions/share-resource.js

@@ -7,6 +7,7 @@ import { requireShareableResource } from "../registry.js";
 import { sendEmail, isEmailConfigured } from "../../server/email.js";
 import { renderEmail, emailStrong } from "../../server/email-template.js";
 import { getAppProductionUrl } from "../../server/app-url.js";
+import { getDbExec } from "../../db/client.js";
 export function isSyntheticQaEmail(email) {
     const trimmed = email.trim().toLowerCase();
     const at = trimmed.lastIndexOf("@");
@@ -77,6 +78,33 @@ function nanoid(size = 12) {
         id += chars[byte % chars.length];
     return id;
 }
+/**
+ * Returns true if the given email is either an active member of `orgId` or
+ * has a pending invitation to `orgId`. Used by resources whose registration
+ * sets `requireOrgMemberForUserShares` (currently extensions) to refuse
+ * cross-org user shares.
+ *
+ * Both `org_members` and `org_invitations` store email case-insensitively
+ * via `LOWER()` in the rest of the framework, so we follow the same
+ * convention here.
+ */
+async function isOrgMemberOrInvited(orgId, email) {
+    const lower = email.trim().toLowerCase();
+    if (!lower || !orgId)
+        return false;
+    const client = getDbExec();
+    const member = await client.execute({
+        sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,
+        args: [orgId, lower],
+    });
+    if (member.rows.length > 0)
+        return true;
+    const invited = await client.execute({
+        sql: `SELECT 1 FROM org_invitations WHERE org_id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,
+        args: [orgId, lower],
+    });
+    return invited.rows.length > 0;
+}
 export default defineAction({
     description: "Grant a user or org access to a shareable resource. Owner or admin role required.",
     // (audit H5) Sharing-grant operations are admin-tier and let a caller
@@ -110,10 +138,31 @@ export default defineAction({
     }),
     run: async (args) => {
         const reg = requireShareableResource(args.resourceType);
-        await assertAccess(args.resourceType, args.resourceId, "admin");
+        const access = await assertAccess(args.resourceType, args.resourceId, "admin");
         const actor = getRequestUserEmail();
         if (!actor)
             throw new ForbiddenError("Not signed in");
+        if (reg.requireOrgMemberForUserShares) {
+            const resourceOrgId = access.resource?.orgId;
+            if (!resourceOrgId) {
+                throw new ForbiddenError(`${reg.displayName} can only be shared from within an organization. Create or join an organization first.`);
+            }
+            if (args.principalType === "user") {
+                const ok = await isOrgMemberOrInvited(resourceOrgId, args.principalId);
+                if (!ok) {
+                    throw new ForbiddenError(`${args.principalId} is not in your organization. Invite them to the organization first, then share.`);
+                }
+            }
+            else if (args.principalType === "org") {
+                // Cross-org org shares would let an outside org's members run
+                // extension code in the viewer's auth context — the same threat
+                // model that blocks public + cross-org user shares. Pin org-
+                // principal shares to the resource's own org.
+                if (args.principalId !== resourceOrgId) {
+                    throw new ForbiddenError(`${reg.displayName} can only be shared with its own organization, not a different one.`);
+                }
+            }
+        }
         const db = reg.getDb();
         const [existing] = await db
             .select()

package/dist/sharing/actions/share-resource.js.map

@@ -1 +1 @@
-{"version":3,"file":"share-resource.js","sourceRoot":"","sources":["../../../src/sharing/actions/share-resource.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,EAAE,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACrC,OAAO,CACL,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrB,CAAC,MAAM,KAAK,cAAc;YACxB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;YACxB,MAAM,KAAK,iBAAiB;YAC5B,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,IAAY;IAC3B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC;IAC9E,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAChE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC;IAClC,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,cAAc,GAAG,CAAC,EAAE,CAAC;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,GAAG,cAAc,GAAG,IAAI,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa,EAAE,MAAc;IACxD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACnD,MAAM,mBAAmB,GACvB,QAAQ,IAAI,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,QAAQ,GAAG,CAAC,CAAC;YAClE,MAAM,MAAM,GAAG,mBAAmB;gBAChC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE;gBACzB,CAAC,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC;YAC3C,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7D,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAC5C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,WAA+B,EAC/B,YAAgC,EAChC,MAAM,GAAG,mBAAmB,EAAE;IAE9B,KAAK,MAAM,SAAS,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;QACpD,IAAI,CAAC,SAAS;YAAE,SAAS;QACzB,MAAM,GAAG,GAAG,mBAAmB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACnD,IAAI,GAAG;YAAE,OAAO,GAAG,CAAC;IACtB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,MAAM,CAAC,IAAI,GAAG,EAAE;IACvB,MAAM,KAAK,GACT,gEAAgE,CAAC;IACnE,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,KAAK,MAAM,IAAI,IAAI,KAAK;QAAE,EAAE,IAAI,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3D,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,eAAe,YAAY,CAAC;IAC1B,WAAW,EACT,mFAAmF;IACrF,sEAAsE;IACtE,qEAAqE;IACrE,gEAAgE;IAChE,sDAAsD;IACtD,YAAY,EAAE,KAAK;IACnB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,YAAY,EAAE,CAAC;aACZ,MAAM,EAAE;aACR,QAAQ,CAAC,oDAAoD,CAAC;QACjE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAC/D,aAAa,EAAE,CAAC;aACb,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;aACrB,QAAQ,CAAC,2DAA2D,CAAC;QACxE,WAAW,EAAE,CAAC;aACX,MAAM,EAAE;aACR,QAAQ,CAAC,gDAAgD,CAAC;QAC7D,IAAI,EAAE,CAAC;aACJ,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;aACnC,OAAO,CAAC,QAAQ,CAAC;aACjB,QAAQ,CAAC,gBAAgB,CAAC;QAC7B,MAAM,EAAE,CAAC;aACN,OAAO,EAAE;aACT,OAAO,CAAC,IAAI,CAAC;aACb,QAAQ,CACP,2EAA2E,CAC5E;QACH,WAAW,EAAE,CAAC;aACX,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CACP,gGAAgG,CACjG;KACJ,CAAC;IACF,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAClB,MAAM,GAAG,GAAG,wBAAwB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxD,MAAM,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QAChE,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;QACpC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,cAAc,CAAC,eAAe,CAAC,CAAC;QAEtD,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;QAC9B,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;aACxB,MAAM,EAAE;aACR,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;aACrB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,EAC/C,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,EACrD,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAClD,CACF,CAAC;QAEJ,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,EAAE;iBACL,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;iBACvB,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;iBACxB,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9C,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC5C,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;YACtC,EAAE;YACF,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,KAAK;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;QAEH,IACE,IAAI,CAAC,MAAM,KAAK,KAAK;YACrB,IAAI,CAAC,aAAa,KAAK,MAAM;YAC7B,iBAAiB,EAAE;YACnB,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,EACrC,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC;gBAC5C,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;qBACxB,MAAM,EAAE;qBACR,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC;qBACvB,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;gBACpD,MAAM,aAAa,GAChB,QAAQ,EAAE,CAAC,QAAQ,CAAwB,IAAI,IAAI,CAAC,YAAY,CAAC;gBACpE,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;gBACrC,MAAM,YAAY,GAChB,QAAQ,IAAI,GAAG,CAAC,eAAe;oBAC7B,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC;oBAC/B,CAAC,CAAC,SAAS,CAAC;gBAChB,MAAM,eAAe,GAAG,2BAA2B,CACjD,IAAI,CAAC,WAAW,EAChB,YAAY,EACZ,MAAM,CACP,CAAC;gBACF,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,cAAc,CAAC;gBACtE,MAAM,OAAO,GAAG,GAAG,KAAK,YAAY,aAAa,iBAAiB,OAAO,EAAE,CAAC;gBAC5E,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,WAAW,CAAC;oBACjC,SAAS,EAAE,OAAO;oBAClB,OAAO,EAAE,0BAA0B;oBACnC,UAAU,EAAE;wBACV,GAAG,WAAW,CAAC,KAAK,CAAC,mBAAmB,GAAG,CAAC,WAAW,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;wBAChI,8DAA8D,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;qBAC/F;oBACD,GAAG,EAAE,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,WAAW,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE;oBAC/D,MAAM,EAAE,6BAA6B,KAAK,gBAAgB,IAAI,CAAC,IAAI,UAAU;iBAC9E,CAAC,CAAC;gBACH,MAAM,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACjE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CACX,qDAAqD,EACrD,GAAG,CACJ,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;CACF,CAAC,CAAC","sourcesContent":["import { and, eq } from \"drizzle-orm\";\nimport { z } from \"zod\";\nimport { defineAction } from \"../../action.js\";\nimport { getRequestUserEmail } from \"../../server/request-context.js\";\nimport { assertAccess, ForbiddenError } from \"../access.js\";\nimport { requireShareableResource } from \"../registry.js\";\nimport { sendEmail, isEmailConfigured } from \"../../server/email.js\";\nimport { renderEmail, emailStrong } from \"../../server/email-template.js\";\nimport { getAppProductionUrl } from \"../../server/app-url.js\";\n\nexport function isSyntheticQaEmail(email: string): boolean {\n  const trimmed = email.trim().toLowerCase();\n  const at = trimmed.lastIndexOf(\"@\");\n  if (at <= 0) return false;\n  const local = trimmed.slice(0, at);\n  const domain = trimmed.slice(at + 1);\n  return (\n    local.includes(\"+qa\") &&\n    (domain === \"example.test\" ||\n      domain.endsWith(\".test\") ||\n      domain === \"example.invalid\" ||\n      domain.endsWith(\".invalid\"))\n  );\n}\n\nfunction appPath(path: string): string {\n  if (!path.startsWith(\"/\")) return path;\n  const raw = process.env.VITE_APP_BASE_PATH || process.env.APP_BASE_PATH || \"\";\n  const base = raw.trim().replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n  if (!base) return path;\n  const normalizedBase = `/${base}`;\n  if (path === normalizedBase || path.startsWith(`${normalizedBase}/`)) {\n    return path;\n  }\n  return `${normalizedBase}${path}`;\n}\n\nfunction safeNotificationUrl(value: string, appUrl: string): string | null {\n  const trimmed = value.trim();\n  if (!trimmed) return null;\n\n  try {\n    const base = new URL(appUrl);\n    if (trimmed.startsWith(\"/\")) {\n      const path = appPath(trimmed);\n      const basePath = base.pathname.replace(/\\/+$/, \"\");\n      const alreadyIncludesBase =\n        basePath && basePath !== \"/\" && path.startsWith(`${basePath}/`);\n      const joined = alreadyIncludesBase\n        ? `${base.origin}${path}`\n        : `${appUrl.replace(/\\/+$/, \"\")}${path}`;\n      return new URL(joined).toString();\n    }\n\n    const url = new URL(trimmed);\n    if (![\"http:\", \"https:\"].includes(url.protocol)) return null;\n    if (url.origin !== base.origin) return null;\n    return url.toString();\n  } catch {\n    return null;\n  }\n}\n\nexport function resolveShareNotificationUrl(\n  explicitUrl: string | undefined,\n  fallbackPath: string | undefined,\n  appUrl = getAppProductionUrl(),\n): string {\n  for (const candidate of [explicitUrl, fallbackPath]) {\n    if (!candidate) continue;\n    const url = safeNotificationUrl(candidate, appUrl);\n    if (url) return url;\n  }\n  return appUrl;\n}\n\nfunction nanoid(size = 12): string {\n  const chars =\n    \"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\";\n  let id = \"\";\n  const bytes = crypto.getRandomValues(new Uint8Array(size));\n  for (const byte of bytes) id += chars[byte % chars.length];\n  return id;\n}\n\nexport default defineAction({\n  description:\n    \"Grant a user or org access to a shareable resource. Owner or admin role required.\",\n  // (audit H5) Sharing-grant operations are admin-tier and let a caller\n  // expand who can read/write a resource. Refuse from the tools iframe\n  // bridge so a malicious shared tool can't silently re-share its\n  // viewer's resources to an attacker-controlled email.\n  toolCallable: false,\n  schema: z.object({\n    resourceType: z\n      .string()\n      .describe(\"Registered resource type, e.g. 'document', 'form'.\"),\n    resourceId: z.string().describe(\"Id of the resource to share.\"),\n    principalType: z\n      .enum([\"user\", \"org\"])\n      .describe(\"'user' for an individual, 'org' for a whole organization.\"),\n    principalId: z\n      .string()\n      .describe(\"Email (user) or org id (org) of the principal.\"),\n    role: z\n      .enum([\"viewer\", \"editor\", \"admin\"])\n      .default(\"viewer\")\n      .describe(\"Role to grant.\"),\n    notify: z\n      .boolean()\n      .default(true)\n      .describe(\n        \"Whether to email the user about a new individual share. Defaults to true.\",\n      ),\n    resourceUrl: z\n      .string()\n      .optional()\n      .describe(\n        \"Optional app-relative or same-origin URL recipients should open. External origins are ignored.\",\n      ),\n  }),\n  run: async (args) => {\n    const reg = requireShareableResource(args.resourceType);\n    await assertAccess(args.resourceType, args.resourceId, \"admin\");\n    const actor = getRequestUserEmail();\n    if (!actor) throw new ForbiddenError(\"Not signed in\");\n\n    const db = reg.getDb() as any;\n    const [existing] = await db\n      .select()\n      .from(reg.sharesTable)\n      .where(\n        and(\n          eq(reg.sharesTable.resourceId, args.resourceId),\n          eq(reg.sharesTable.principalType, args.principalType),\n          eq(reg.sharesTable.principalId, args.principalId),\n        ),\n      );\n\n    if (existing) {\n      await db\n        .update(reg.sharesTable)\n        .set({ role: args.role })\n        .where(eq(reg.sharesTable.id, existing.id));\n      return { id: existing.id, updated: true };\n    }\n\n    const id = nanoid();\n    await db.insert(reg.sharesTable).values({\n      id,\n      resourceId: args.resourceId,\n      principalType: args.principalType,\n      principalId: args.principalId,\n      role: args.role,\n      createdBy: actor,\n      createdAt: new Date().toISOString(),\n    });\n\n    if (\n      args.notify !== false &&\n      args.principalType === \"user\" &&\n      isEmailConfigured() &&\n      !isSyntheticQaEmail(args.principalId)\n    ) {\n      try {\n        const titleCol = reg.titleColumn ?? \"title\";\n        const [resource] = await db\n          .select()\n          .from(reg.resourceTable)\n          .where(eq(reg.resourceTable.id, args.resourceId));\n        const resourceTitle: string =\n          (resource?.[titleCol] as string | undefined) ?? args.resourceType;\n        const appUrl = getAppProductionUrl();\n        const resourcePath =\n          resource && reg.getResourcePath\n            ? reg.getResourcePath(resource)\n            : undefined;\n        const notificationUrl = resolveShareNotificationUrl(\n          args.resourceUrl,\n          resourcePath,\n          appUrl,\n        );\n        const appName =\n          process.env.APP_NAME || process.env.VITE_APP_NAME || \"Agent Native\";\n        const subject = `${actor} shared \"${resourceTitle}\" with you on ${appName}`;\n        const { html, text } = renderEmail({\n          preheader: subject,\n          heading: \"You've been given access\",\n          paragraphs: [\n            `${emailStrong(actor)} has shared the ${reg.displayName} ${emailStrong(resourceTitle)} with you as a ${emailStrong(args.role)}.`,\n            `Use the button below to open it. If prompted, sign in with ${emailStrong(args.principalId)}.`,\n          ],\n          cta: { label: `Open ${reg.displayName}`, url: notificationUrl },\n          footer: `You received this because ${actor} granted you ${args.role} access.`,\n        });\n        await sendEmail({ to: args.principalId, subject, html, text });\n      } catch (err) {\n        console.error(\n          \"[share-resource] failed to send share notification:\",\n          err,\n        );\n      }\n    }\n\n    return { id, updated: false };\n  },\n});\n"]}
+{"version":3,"file":"share-resource.js","sourceRoot":"","sources":["../../../src/sharing/actions/share-resource.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AACtE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC1E,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC3C,MAAM,EAAE,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,EAAE,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACrC,OAAO,CACL,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrB,CAAC,MAAM,KAAK,cAAc;YACxB,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC;YACxB,MAAM,KAAK,iBAAiB;YAC5B,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAC/B,CAAC;AACJ,CAAC;AAED,SAAS,OAAO,CAAC,IAAY;IAC3B,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACvC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,EAAE,CAAC;IAC9E,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAChE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC;IAClC,IAAI,IAAI,KAAK,cAAc,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,cAAc,GAAG,CAAC,EAAE,CAAC;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,GAAG,cAAc,GAAG,IAAI,EAAE,CAAC;AACpC,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAa,EAAE,MAAc;IACxD,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAE1B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;YAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YACnD,MAAM,mBAAmB,GACvB,QAAQ,IAAI,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,QAAQ,GAAG,CAAC,CAAC;YAClE,MAAM,MAAM,GAAG,mBAAmB;gBAChC,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,EAAE;gBACzB,CAAC,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC;YAC3C,OAAO,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QAC7B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7D,IAAI,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAC5C,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,2BAA2B,CACzC,WAA+B,EAC/B,YAAgC,EAChC,MAAM,GAAG,mBAAmB,EAAE;IAE9B,KAAK,MAAM,SAAS,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,EAAE,CAAC;QACpD,IAAI,CAAC,SAAS;YAAE,SAAS;QACzB,MAAM,GAAG,GAAG,mBAAmB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACnD,IAAI,GAAG;YAAE,OAAO,GAAG,CAAC;IACtB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,MAAM,CAAC,IAAI,GAAG,EAAE;IACvB,MAAM,KAAK,GACT,gEAAgE,CAAC;IACnE,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,KAAK,MAAM,IAAI,IAAI,KAAK;QAAE,EAAE,IAAI,KAAK,CAAC,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC3D,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;;;;;GASG;AACH,KAAK,UAAU,oBAAoB,CACjC,KAAa,EACb,KAAa;IAEb,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACzC,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE,yEAAyE;QAC9E,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KACrB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACnC,GAAG,EAAE,oGAAoG;QACzG,IAAI,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;KACrB,CAAC,CAAC;IACH,OAAO,OAAO,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;AACjC,CAAC;AAED,eAAe,YAAY,CAAC;IAC1B,WAAW,EACT,mFAAmF;IACrF,sEAAsE;IACtE,qEAAqE;IACrE,gEAAgE;IAChE,sDAAsD;IACtD,YAAY,EAAE,KAAK;IACnB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,YAAY,EAAE,CAAC;aACZ,MAAM,EAAE;aACR,QAAQ,CAAC,oDAAoD,CAAC;QACjE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,8BAA8B,CAAC;QAC/D,aAAa,EAAE,CAAC;aACb,IAAI,CAAC,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;aACrB,QAAQ,CAAC,2DAA2D,CAAC;QACxE,WAAW,EAAE,CAAC;aACX,MAAM,EAAE;aACR,QAAQ,CAAC,gDAAgD,CAAC;QAC7D,IAAI,EAAE,CAAC;aACJ,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;aACnC,OAAO,CAAC,QAAQ,CAAC;aACjB,QAAQ,CAAC,gBAAgB,CAAC;QAC7B,MAAM,EAAE,CAAC;aACN,OAAO,EAAE;aACT,OAAO,CAAC,IAAI,CAAC;aACb,QAAQ,CACP,2EAA2E,CAC5E;QACH,WAAW,EAAE,CAAC;aACX,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CACP,gGAAgG,CACjG;KACJ,CAAC;IACF,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAClB,MAAM,GAAG,GAAG,wBAAwB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,MAAM,YAAY,CAC/B,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,EACf,OAAO,CACR,CAAC;QACF,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;QACpC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,cAAc,CAAC,eAAe,CAAC,CAAC;QAEtD,IAAI,GAAG,CAAC,6BAA6B,EAAE,CAAC;YACtC,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,EAAE,KAAkC,CAAC;YAC1E,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,MAAM,IAAI,cAAc,CACtB,GAAG,GAAG,CAAC,WAAW,wFAAwF,CAC3G,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;gBAClC,MAAM,EAAE,GAAG,MAAM,oBAAoB,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACvE,IAAI,CAAC,EAAE,EAAE,CAAC;oBACR,MAAM,IAAI,cAAc,CACtB,GAAG,IAAI,CAAC,WAAW,kFAAkF,CACtG,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,CAAC,aAAa,KAAK,KAAK,EAAE,CAAC;gBACxC,8DAA8D;gBAC9D,gEAAgE;gBAChE,6DAA6D;gBAC7D,8CAA8C;gBAC9C,IAAI,IAAI,CAAC,WAAW,KAAK,aAAa,EAAE,CAAC;oBACvC,MAAM,IAAI,cAAc,CACtB,GAAG,GAAG,CAAC,WAAW,qEAAqE,CACxF,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;QAC9B,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;aACxB,MAAM,EAAE;aACR,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC;aACrB,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,UAAU,CAAC,EAC/C,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,EACrD,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,CAClD,CACF,CAAC;QAEJ,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,EAAE;iBACL,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;iBACvB,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC;iBACxB,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9C,OAAO,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC5C,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;QACpB,MAAM,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC;YACtC,EAAE;YACF,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,aAAa,EAAE,IAAI,CAAC,aAAa;YACjC,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,SAAS,EAAE,KAAK;YAChB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;QAEH,IACE,IAAI,CAAC,MAAM,KAAK,KAAK;YACrB,IAAI,CAAC,aAAa,KAAK,MAAM;YAC7B,iBAAiB,EAAE;YACnB,CAAC,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,EACrC,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,IAAI,OAAO,CAAC;gBAC5C,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,EAAE;qBACxB,MAAM,EAAE;qBACR,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC;qBACvB,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;gBACpD,MAAM,aAAa,GAChB,QAAQ,EAAE,CAAC,QAAQ,CAAwB,IAAI,IAAI,CAAC,YAAY,CAAC;gBACpE,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;gBACrC,MAAM,YAAY,GAChB,QAAQ,IAAI,GAAG,CAAC,eAAe;oBAC7B,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC;oBAC/B,CAAC,CAAC,SAAS,CAAC;gBAChB,MAAM,eAAe,GAAG,2BAA2B,CACjD,IAAI,CAAC,WAAW,EAChB,YAAY,EACZ,MAAM,CACP,CAAC;gBACF,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,cAAc,CAAC;gBACtE,MAAM,OAAO,GAAG,GAAG,KAAK,YAAY,aAAa,iBAAiB,OAAO,EAAE,CAAC;gBAC5E,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,WAAW,CAAC;oBACjC,SAAS,EAAE,OAAO;oBAClB,OAAO,EAAE,0BAA0B;oBACnC,UAAU,EAAE;wBACV,GAAG,WAAW,CAAC,KAAK,CAAC,mBAAmB,GAAG,CAAC,WAAW,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;wBAChI,8DAA8D,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG;qBAC/F;oBACD,GAAG,EAAE,EAAE,KAAK,EAAE,QAAQ,GAAG,CAAC,WAAW,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE;oBAC/D,MAAM,EAAE,6BAA6B,KAAK,gBAAgB,IAAI,CAAC,IAAI,UAAU;iBAC9E,CAAC,CAAC;gBACH,MAAM,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACjE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,KAAK,CACX,qDAAqD,EACrD,GAAG,CACJ,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;CACF,CAAC,CAAC","sourcesContent":["import { and, eq } from \"drizzle-orm\";\nimport { z } from \"zod\";\nimport { defineAction } from \"../../action.js\";\nimport { getRequestUserEmail } from \"../../server/request-context.js\";\nimport { assertAccess, ForbiddenError } from \"../access.js\";\nimport { requireShareableResource } from \"../registry.js\";\nimport { sendEmail, isEmailConfigured } from \"../../server/email.js\";\nimport { renderEmail, emailStrong } from \"../../server/email-template.js\";\nimport { getAppProductionUrl } from \"../../server/app-url.js\";\nimport { getDbExec } from \"../../db/client.js\";\n\nexport function isSyntheticQaEmail(email: string): boolean {\n  const trimmed = email.trim().toLowerCase();\n  const at = trimmed.lastIndexOf(\"@\");\n  if (at <= 0) return false;\n  const local = trimmed.slice(0, at);\n  const domain = trimmed.slice(at + 1);\n  return (\n    local.includes(\"+qa\") &&\n    (domain === \"example.test\" ||\n      domain.endsWith(\".test\") ||\n      domain === \"example.invalid\" ||\n      domain.endsWith(\".invalid\"))\n  );\n}\n\nfunction appPath(path: string): string {\n  if (!path.startsWith(\"/\")) return path;\n  const raw = process.env.VITE_APP_BASE_PATH || process.env.APP_BASE_PATH || \"\";\n  const base = raw.trim().replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n  if (!base) return path;\n  const normalizedBase = `/${base}`;\n  if (path === normalizedBase || path.startsWith(`${normalizedBase}/`)) {\n    return path;\n  }\n  return `${normalizedBase}${path}`;\n}\n\nfunction safeNotificationUrl(value: string, appUrl: string): string | null {\n  const trimmed = value.trim();\n  if (!trimmed) return null;\n\n  try {\n    const base = new URL(appUrl);\n    if (trimmed.startsWith(\"/\")) {\n      const path = appPath(trimmed);\n      const basePath = base.pathname.replace(/\\/+$/, \"\");\n      const alreadyIncludesBase =\n        basePath && basePath !== \"/\" && path.startsWith(`${basePath}/`);\n      const joined = alreadyIncludesBase\n        ? `${base.origin}${path}`\n        : `${appUrl.replace(/\\/+$/, \"\")}${path}`;\n      return new URL(joined).toString();\n    }\n\n    const url = new URL(trimmed);\n    if (![\"http:\", \"https:\"].includes(url.protocol)) return null;\n    if (url.origin !== base.origin) return null;\n    return url.toString();\n  } catch {\n    return null;\n  }\n}\n\nexport function resolveShareNotificationUrl(\n  explicitUrl: string | undefined,\n  fallbackPath: string | undefined,\n  appUrl = getAppProductionUrl(),\n): string {\n  for (const candidate of [explicitUrl, fallbackPath]) {\n    if (!candidate) continue;\n    const url = safeNotificationUrl(candidate, appUrl);\n    if (url) return url;\n  }\n  return appUrl;\n}\n\nfunction nanoid(size = 12): string {\n  const chars =\n    \"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\";\n  let id = \"\";\n  const bytes = crypto.getRandomValues(new Uint8Array(size));\n  for (const byte of bytes) id += chars[byte % chars.length];\n  return id;\n}\n\n/**\n * Returns true if the given email is either an active member of `orgId` or\n * has a pending invitation to `orgId`. Used by resources whose registration\n * sets `requireOrgMemberForUserShares` (currently extensions) to refuse\n * cross-org user shares.\n *\n * Both `org_members` and `org_invitations` store email case-insensitively\n * via `LOWER()` in the rest of the framework, so we follow the same\n * convention here.\n */\nasync function isOrgMemberOrInvited(\n  orgId: string,\n  email: string,\n): Promise<boolean> {\n  const lower = email.trim().toLowerCase();\n  if (!lower || !orgId) return false;\n  const client = getDbExec();\n  const member = await client.execute({\n    sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n    args: [orgId, lower],\n  });\n  if (member.rows.length > 0) return true;\n  const invited = await client.execute({\n    sql: `SELECT 1 FROM org_invitations WHERE org_id = ? AND LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n    args: [orgId, lower],\n  });\n  return invited.rows.length > 0;\n}\n\nexport default defineAction({\n  description:\n    \"Grant a user or org access to a shareable resource. Owner or admin role required.\",\n  // (audit H5) Sharing-grant operations are admin-tier and let a caller\n  // expand who can read/write a resource. Refuse from the tools iframe\n  // bridge so a malicious shared tool can't silently re-share its\n  // viewer's resources to an attacker-controlled email.\n  toolCallable: false,\n  schema: z.object({\n    resourceType: z\n      .string()\n      .describe(\"Registered resource type, e.g. 'document', 'form'.\"),\n    resourceId: z.string().describe(\"Id of the resource to share.\"),\n    principalType: z\n      .enum([\"user\", \"org\"])\n      .describe(\"'user' for an individual, 'org' for a whole organization.\"),\n    principalId: z\n      .string()\n      .describe(\"Email (user) or org id (org) of the principal.\"),\n    role: z\n      .enum([\"viewer\", \"editor\", \"admin\"])\n      .default(\"viewer\")\n      .describe(\"Role to grant.\"),\n    notify: z\n      .boolean()\n      .default(true)\n      .describe(\n        \"Whether to email the user about a new individual share. Defaults to true.\",\n      ),\n    resourceUrl: z\n      .string()\n      .optional()\n      .describe(\n        \"Optional app-relative or same-origin URL recipients should open. External origins are ignored.\",\n      ),\n  }),\n  run: async (args) => {\n    const reg = requireShareableResource(args.resourceType);\n    const access = await assertAccess(\n      args.resourceType,\n      args.resourceId,\n      \"admin\",\n    );\n    const actor = getRequestUserEmail();\n    if (!actor) throw new ForbiddenError(\"Not signed in\");\n\n    if (reg.requireOrgMemberForUserShares) {\n      const resourceOrgId = access.resource?.orgId as string | undefined | null;\n      if (!resourceOrgId) {\n        throw new ForbiddenError(\n          `${reg.displayName} can only be shared from within an organization. Create or join an organization first.`,\n        );\n      }\n      if (args.principalType === \"user\") {\n        const ok = await isOrgMemberOrInvited(resourceOrgId, args.principalId);\n        if (!ok) {\n          throw new ForbiddenError(\n            `${args.principalId} is not in your organization. Invite them to the organization first, then share.`,\n          );\n        }\n      } else if (args.principalType === \"org\") {\n        // Cross-org org shares would let an outside org's members run\n        // extension code in the viewer's auth context — the same threat\n        // model that blocks public + cross-org user shares. Pin org-\n        // principal shares to the resource's own org.\n        if (args.principalId !== resourceOrgId) {\n          throw new ForbiddenError(\n            `${reg.displayName} can only be shared with its own organization, not a different one.`,\n          );\n        }\n      }\n    }\n\n    const db = reg.getDb() as any;\n    const [existing] = await db\n      .select()\n      .from(reg.sharesTable)\n      .where(\n        and(\n          eq(reg.sharesTable.resourceId, args.resourceId),\n          eq(reg.sharesTable.principalType, args.principalType),\n          eq(reg.sharesTable.principalId, args.principalId),\n        ),\n      );\n\n    if (existing) {\n      await db\n        .update(reg.sharesTable)\n        .set({ role: args.role })\n        .where(eq(reg.sharesTable.id, existing.id));\n      return { id: existing.id, updated: true };\n    }\n\n    const id = nanoid();\n    await db.insert(reg.sharesTable).values({\n      id,\n      resourceId: args.resourceId,\n      principalType: args.principalType,\n      principalId: args.principalId,\n      role: args.role,\n      createdBy: actor,\n      createdAt: new Date().toISOString(),\n    });\n\n    if (\n      args.notify !== false &&\n      args.principalType === \"user\" &&\n      isEmailConfigured() &&\n      !isSyntheticQaEmail(args.principalId)\n    ) {\n      try {\n        const titleCol = reg.titleColumn ?? \"title\";\n        const [resource] = await db\n          .select()\n          .from(reg.resourceTable)\n          .where(eq(reg.resourceTable.id, args.resourceId));\n        const resourceTitle: string =\n          (resource?.[titleCol] as string | undefined) ?? args.resourceType;\n        const appUrl = getAppProductionUrl();\n        const resourcePath =\n          resource && reg.getResourcePath\n            ? reg.getResourcePath(resource)\n            : undefined;\n        const notificationUrl = resolveShareNotificationUrl(\n          args.resourceUrl,\n          resourcePath,\n          appUrl,\n        );\n        const appName =\n          process.env.APP_NAME || process.env.VITE_APP_NAME || \"Agent Native\";\n        const subject = `${actor} shared \"${resourceTitle}\" with you on ${appName}`;\n        const { html, text } = renderEmail({\n          preheader: subject,\n          heading: \"You've been given access\",\n          paragraphs: [\n            `${emailStrong(actor)} has shared the ${reg.displayName} ${emailStrong(resourceTitle)} with you as a ${emailStrong(args.role)}.`,\n            `Use the button below to open it. If prompted, sign in with ${emailStrong(args.principalId)}.`,\n          ],\n          cta: { label: `Open ${reg.displayName}`, url: notificationUrl },\n          footer: `You received this because ${actor} granted you ${args.role} access.`,\n        });\n        await sendEmail({ to: args.principalId, subject, html, text });\n      } catch (err) {\n        console.error(\n          \"[share-resource] failed to send share notification:\",\n          err,\n        );\n      }\n    }\n\n    return { id, updated: false };\n  },\n});\n"]}

package/dist/sharing/registry.d.ts

@@ -41,6 +41,32 @@ export interface ShareableResourceRegistration {
      * the right DB instance (schema is template-specific).
      */
     getDb: () => any;
+    /**
+     * When `false`, `visibility: "public"` is rejected by `set-resource-visibility`,
+     * and `accessFilter` / `resolveAccess` treat any stored public row as private
+     * (defense in depth — only owner + explicit shares grant access).
+     *
+     * Use this for resources that execute code or expose privileged data and must
+     * never be reachable by a random authenticated user. Extensions set this:
+     * extension HTML runs inside an iframe that calls actions / DB / proxied APIs
+     * as the *viewer*, so a public extension would be arbitrary code with the
+     * viewer's credentials.
+     *
+     * Default: `true` (matches the historical behavior — most resources can be public).
+     */
+    allowPublic?: boolean;
+    /**
+     * When `true`, individual user shares (`principalType: "user"`) must target
+     * an email that is already a member of the same org as the resource, OR has
+     * a pending invitation to that org. Cross-org user shares are rejected.
+     *
+     * Pair with `allowPublic: false` for resources that need a hard "this org
+     * only" trust boundary. Extensions set this so a malicious caller can't
+     * widen reach by sharing a code-executing extension to an outsider email.
+     *
+     * Default: `false` (matches the historical behavior — any email can be granted).
+     */
+    requireOrgMemberForUserShares?: boolean;
 }
 export declare function registerShareableResource(entry: ShareableResourceRegistration): void;
 export declare function getShareableResource(type: string): ShareableResourceRegistration | undefined;

package/dist/sharing/registry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/sharing/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,6BAA6B;IAC5C,iFAAiF;IACjF,IAAI,EAAE,MAAM,CAAC;IACb,0EAA0E;IAC1E,aAAa,EAAE,GAAG,CAAC;IACnB,qDAAqD;IACrD,WAAW,EAAE,GAAG,CAAC;IACjB,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,KAAK,MAAM,GAAG,SAAS,CAAC;IACxD;;;;OAIG;IACH,KAAK,EAAE,MAAM,GAAG,CAAC;CAClB;AAuBD,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,6BAA6B,GACnC,IAAI,CAEN;AAED,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,MAAM,GACX,6BAA6B,GAAG,SAAS,CAE3C;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,GACX,6BAA6B,CAS/B;AAED,wBAAgB,sBAAsB,IAAI,6BAA6B,EAAE,CAExE"}
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../src/sharing/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,MAAM,WAAW,6BAA6B;IAC5C,iFAAiF;IACjF,IAAI,EAAE,MAAM,CAAC;IACb,0EAA0E;IAC1E,aAAa,EAAE,GAAG,CAAC;IACnB,qDAAqD;IACrD,WAAW,EAAE,GAAG,CAAC;IACjB,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,eAAe,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,KAAK,MAAM,GAAG,SAAS,CAAC;IACxD;;;;OAIG;IACH,KAAK,EAAE,MAAM,GAAG,CAAC;IACjB;;;;;;;;;;;;OAYG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;;;;OAUG;IACH,6BAA6B,CAAC,EAAE,OAAO,CAAC;CACzC;AAuBD,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,6BAA6B,GACnC,IAAI,CAEN;AAED,wBAAgB,oBAAoB,CAClC,IAAI,EAAE,MAAM,GACX,6BAA6B,GAAG,SAAS,CAE3C;AAED,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,MAAM,GACX,6BAA6B,CAS/B;AAED,wBAAgB,sBAAsB,IAAI,6BAA6B,EAAE,CAExE"}

package/dist/sharing/registry.js.map

@@ -1 +1 @@
-{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/sharing/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AA6BH,0EAA0E;AAC1E,6EAA6E;AAC7E,8EAA8E;AAC9E,4EAA4E;AAC5E,2EAA2E;AAC3E,0EAA0E;AAC1E,8EAA8E;AAC9E,+EAA+E;AAC/E,MAAM,YAAY,GAAG,mCAAmC,CAAC;AAEzD,MAAM,cAAc,GAClB,UAAiB,CAAC;AACpB,SAAS,WAAW;IAClB,IAAI,CAAC,GAAG,cAAc,CAAC,YAAY,CAAC,CAAC;IACrC,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,CAAC,GAAG,IAAI,GAAG,EAAyC,CAAC;QACrD,cAAc,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAoC;IAEpC,WAAW,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,IAAY;IAEZ,OAAO,WAAW,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,IAAY;IAEZ,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,qCAAqC,IAAI,gDAAgD,CAC1F,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5C,CAAC","sourcesContent":["/**\n * Registry of shareable resources.\n *\n * Each template registers its ownable resource(s) once on module load so the\n * framework-level share actions (`share-resource`, `list-resource-shares`,\n * etc.) can dispatch to the correct tables.\n *\n *   import { registerShareableResource } from \"@agent-native/core/sharing\";\n *   import * as schema from \"./schema.js\";\n *\n *   registerShareableResource({\n *     type: \"document\",\n *     resourceTable: schema.documents,\n *     sharesTable: schema.documentShares,\n *     displayName: \"Document\",\n *     titleColumn: \"title\",\n *   });\n */\n\nexport interface ShareableResourceRegistration {\n  /** Stable identifier used across actions, UI, and analytics. e.g. \"document\". */\n  type: string;\n  /** Drizzle table for the parent resource (must have ownableColumns()). */\n  resourceTable: any;\n  /** Drizzle table produced by createSharesTable(). */\n  sharesTable: any;\n  /** Human-readable singular label shown in the share dialog. */\n  displayName: string;\n  /**\n   * Column on the resource table that holds a human-readable title for\n   * display in the share UI. Default: \"title\".\n   */\n  titleColumn?: string;\n  /**\n   * Optional app-relative path to this resource. Used by share notifications\n   * when the caller does not pass a more specific resourceUrl.\n   */\n  getResourcePath?: (resource: any) => string | undefined;\n  /**\n   * Drizzle DB accessor from the template's server/db/index.ts. Required —\n   * the framework-level share actions and access helpers call this to reach\n   * the right DB instance (schema is template-specific).\n   */\n  getDb: () => any;\n}\n\n// Stash the registry on globalThis so it survives SSR bundle duplication.\n// Vite SSR's `noExternal: /^(?!node:)/` policy means @agent-native/core gets\n// inlined into every server bundle that imports it — and each bundle gets its\n// own module-level state. A plain `new Map()` here would create one Map per\n// bundle, so the template's `registerShareableResource()` (called from the\n// Nitro plugin graph) wouldn't be visible to the framework's auto-mounted\n// share-resource action (loaded via `import(\"../sharing/actions/...js\")` in a\n// different module instance). Using globalThis collapses them back to one Map.\nconst REGISTRY_KEY = \"__agentNativeShareableResources__\";\ntype RegistryStore = Map<string, ShareableResourceRegistration>;\nconst globalRegistry: { [K in typeof REGISTRY_KEY]?: RegistryStore } =\n  globalThis as any;\nfunction getRegistry(): RegistryStore {\n  let r = globalRegistry[REGISTRY_KEY];\n  if (!r) {\n    r = new Map<string, ShareableResourceRegistration>();\n    globalRegistry[REGISTRY_KEY] = r;\n  }\n  return r;\n}\n\nexport function registerShareableResource(\n  entry: ShareableResourceRegistration,\n): void {\n  getRegistry().set(entry.type, entry);\n}\n\nexport function getShareableResource(\n  type: string,\n): ShareableResourceRegistration | undefined {\n  return getRegistry().get(type);\n}\n\nexport function requireShareableResource(\n  type: string,\n): ShareableResourceRegistration {\n  const reg = getRegistry();\n  const entry = reg.get(type);\n  if (!entry) {\n    throw new Error(\n      `Unknown shareable resource type: \"${type}\". Did you forget registerShareableResource()?`,\n    );\n  }\n  return entry;\n}\n\nexport function listShareableResources(): ShareableResourceRegistration[] {\n  return Array.from(getRegistry().values());\n}\n"]}
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../src/sharing/registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAuDH,0EAA0E;AAC1E,6EAA6E;AAC7E,8EAA8E;AAC9E,4EAA4E;AAC5E,2EAA2E;AAC3E,0EAA0E;AAC1E,8EAA8E;AAC9E,+EAA+E;AAC/E,MAAM,YAAY,GAAG,mCAAmC,CAAC;AAEzD,MAAM,cAAc,GAClB,UAAiB,CAAC;AACpB,SAAS,WAAW;IAClB,IAAI,CAAC,GAAG,cAAc,CAAC,YAAY,CAAC,CAAC;IACrC,IAAI,CAAC,CAAC,EAAE,CAAC;QACP,CAAC,GAAG,IAAI,GAAG,EAAyC,CAAC;QACrD,cAAc,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;IACnC,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,yBAAyB,CACvC,KAAoC;IAEpC,WAAW,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,IAAY;IAEZ,OAAO,WAAW,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,IAAY;IAEZ,MAAM,GAAG,GAAG,WAAW,EAAE,CAAC;IAC1B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CACb,qCAAqC,IAAI,gDAAgD,CAC1F,CAAC;IACJ,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5C,CAAC","sourcesContent":["/**\n * Registry of shareable resources.\n *\n * Each template registers its ownable resource(s) once on module load so the\n * framework-level share actions (`share-resource`, `list-resource-shares`,\n * etc.) can dispatch to the correct tables.\n *\n *   import { registerShareableResource } from \"@agent-native/core/sharing\";\n *   import * as schema from \"./schema.js\";\n *\n *   registerShareableResource({\n *     type: \"document\",\n *     resourceTable: schema.documents,\n *     sharesTable: schema.documentShares,\n *     displayName: \"Document\",\n *     titleColumn: \"title\",\n *   });\n */\n\nexport interface ShareableResourceRegistration {\n  /** Stable identifier used across actions, UI, and analytics. e.g. \"document\". */\n  type: string;\n  /** Drizzle table for the parent resource (must have ownableColumns()). */\n  resourceTable: any;\n  /** Drizzle table produced by createSharesTable(). */\n  sharesTable: any;\n  /** Human-readable singular label shown in the share dialog. */\n  displayName: string;\n  /**\n   * Column on the resource table that holds a human-readable title for\n   * display in the share UI. Default: \"title\".\n   */\n  titleColumn?: string;\n  /**\n   * Optional app-relative path to this resource. Used by share notifications\n   * when the caller does not pass a more specific resourceUrl.\n   */\n  getResourcePath?: (resource: any) => string | undefined;\n  /**\n   * Drizzle DB accessor from the template's server/db/index.ts. Required —\n   * the framework-level share actions and access helpers call this to reach\n   * the right DB instance (schema is template-specific).\n   */\n  getDb: () => any;\n  /**\n   * When `false`, `visibility: \"public\"` is rejected by `set-resource-visibility`,\n   * and `accessFilter` / `resolveAccess` treat any stored public row as private\n   * (defense in depth — only owner + explicit shares grant access).\n   *\n   * Use this for resources that execute code or expose privileged data and must\n   * never be reachable by a random authenticated user. Extensions set this:\n   * extension HTML runs inside an iframe that calls actions / DB / proxied APIs\n   * as the *viewer*, so a public extension would be arbitrary code with the\n   * viewer's credentials.\n   *\n   * Default: `true` (matches the historical behavior — most resources can be public).\n   */\n  allowPublic?: boolean;\n  /**\n   * When `true`, individual user shares (`principalType: \"user\"`) must target\n   * an email that is already a member of the same org as the resource, OR has\n   * a pending invitation to that org. Cross-org user shares are rejected.\n   *\n   * Pair with `allowPublic: false` for resources that need a hard \"this org\n   * only\" trust boundary. Extensions set this so a malicious caller can't\n   * widen reach by sharing a code-executing extension to an outsider email.\n   *\n   * Default: `false` (matches the historical behavior — any email can be granted).\n   */\n  requireOrgMemberForUserShares?: boolean;\n}\n\n// Stash the registry on globalThis so it survives SSR bundle duplication.\n// Vite SSR's `noExternal: /^(?!node:)/` policy means @agent-native/core gets\n// inlined into every server bundle that imports it — and each bundle gets its\n// own module-level state. A plain `new Map()` here would create one Map per\n// bundle, so the template's `registerShareableResource()` (called from the\n// Nitro plugin graph) wouldn't be visible to the framework's auto-mounted\n// share-resource action (loaded via `import(\"../sharing/actions/...js\")` in a\n// different module instance). Using globalThis collapses them back to one Map.\nconst REGISTRY_KEY = \"__agentNativeShareableResources__\";\ntype RegistryStore = Map<string, ShareableResourceRegistration>;\nconst globalRegistry: { [K in typeof REGISTRY_KEY]?: RegistryStore } =\n  globalThis as any;\nfunction getRegistry(): RegistryStore {\n  let r = globalRegistry[REGISTRY_KEY];\n  if (!r) {\n    r = new Map<string, ShareableResourceRegistration>();\n    globalRegistry[REGISTRY_KEY] = r;\n  }\n  return r;\n}\n\nexport function registerShareableResource(\n  entry: ShareableResourceRegistration,\n): void {\n  getRegistry().set(entry.type, entry);\n}\n\nexport function getShareableResource(\n  type: string,\n): ShareableResourceRegistration | undefined {\n  return getRegistry().get(type);\n}\n\nexport function requireShareableResource(\n  type: string,\n): ShareableResourceRegistration {\n  const reg = getRegistry();\n  const entry = reg.get(type);\n  if (!entry) {\n    throw new Error(\n      `Unknown shareable resource type: \"${type}\". Did you forget registerShareableResource()?`,\n    );\n  }\n  return entry;\n}\n\nexport function listShareableResources(): ShareableResourceRegistration[] {\n  return Array.from(getRegistry().values());\n}\n"]}

package/dist/styles/agent-native.css

@@ -138,3 +138,94 @@
     cursor: pointer;
   }
 }
+
+/* Appearance presets.
+   Applied via `<html data-appearance="...">` so the user can switch the
+   background tint and accent without editing the template's source. Presets
+   override the most visible HSL vars (background, accent, primary, ring,
+   sidebar tint); everything else inherits from the template's :root / .dark.
+   The `default` preset is the absence of the attribute — no overrides. */
+:root[data-appearance="warm"] {
+  --background: 35 30% 97%;
+  --sidebar-background: 35 28% 95%;
+  --accent: 30 35% 92%;
+  --muted: 35 25% 94%;
+  --primary: 25 65% 45%;
+  --ring: 25 55% 50%;
+}
+.dark[data-appearance="warm"] {
+  --background: 28 14% 7%;
+  --sidebar-background: 28 14% 5%;
+  --accent: 28 12% 14%;
+  --muted: 28 10% 12%;
+  --primary: 30 65% 65%;
+  --ring: 30 55% 55%;
+}
+
+:root[data-appearance="ocean"] {
+  --background: 210 35% 97%;
+  --sidebar-background: 210 32% 95%;
+  --accent: 200 40% 92%;
+  --muted: 210 28% 94%;
+  --primary: 205 70% 42%;
+  --ring: 205 60% 50%;
+}
+.dark[data-appearance="ocean"] {
+  --background: 215 25% 8%;
+  --sidebar-background: 215 28% 6%;
+  --accent: 215 22% 15%;
+  --muted: 215 20% 12%;
+  --primary: 200 75% 65%;
+  --ring: 200 65% 55%;
+}
+
+:root[data-appearance="forest"] {
+  --background: 130 22% 97%;
+  --sidebar-background: 130 20% 95%;
+  --accent: 135 28% 92%;
+  --muted: 130 18% 94%;
+  --primary: 145 55% 35%;
+  --ring: 145 45% 45%;
+}
+.dark[data-appearance="forest"] {
+  --background: 140 14% 7%;
+  --sidebar-background: 140 14% 5%;
+  --accent: 140 12% 14%;
+  --muted: 140 10% 12%;
+  --primary: 145 50% 60%;
+  --ring: 145 40% 50%;
+}
+
+:root[data-appearance="rose"] {
+  --background: 340 35% 98%;
+  --sidebar-background: 340 32% 96%;
+  --accent: 345 40% 93%;
+  --muted: 340 28% 95%;
+  --primary: 345 60% 50%;
+  --ring: 345 50% 55%;
+}
+.dark[data-appearance="rose"] {
+  --background: 340 14% 8%;
+  --sidebar-background: 340 14% 6%;
+  --accent: 340 14% 15%;
+  --muted: 340 12% 12%;
+  --primary: 345 65% 65%;
+  --ring: 345 55% 55%;
+}
+
+:root[data-appearance="slate"] {
+  --background: 215 16% 96%;
+  --sidebar-background: 215 14% 94%;
+  --accent: 215 18% 91%;
+  --muted: 215 14% 93%;
+  --primary: 215 25% 25%;
+  --ring: 215 20% 40%;
+}
+.dark[data-appearance="slate"] {
+  --background: 215 14% 8%;
+  --sidebar-background: 215 14% 6%;
+  --accent: 215 12% 14%;
+  --muted: 215 10% 12%;
+  --primary: 215 15% 75%;
+  --ring: 215 12% 60%;
+}

package/dist/templates/default/.agents/skills/adding-a-feature/SKILL.md

@@ -0,0 +1,72 @@
+---
+name: adding-a-feature
+description: >-
+  The four-area checklist every new feature in this app must complete. Use
+  when adding any feature, integration, or capability to keep the agent and
+  UI in parity.
+---
+
+# Adding a Feature — The Four-Area Checklist
+
+## Rule
+
+Every new feature MUST update all four areas. Skipping any one breaks the agent-native contract — the agent and UI must always be equal partners.
+
+## Why
+
+Agent-native apps are defined by parity: everything the UI can do, the agent can do, and vice versa. A feature that only has UI is invisible to the agent. A feature that only has actions is invisible to the user. A feature without app-state sync means the agent is blind to what the user is doing. And **a feature without auto-refresh wiring means the agent's writes are silently invisible until the user manually reloads** — that breaks the framework's #1 promise.
+
+## The Checklist
+
+### 1. UI Component
+
+Build the user-facing interface — a page, component, dialog, or route. Use `useActionQuery` and `useActionMutation` from `@agent-native/core/client` for data fetching and mutations. You rarely need custom `/api/` routes.
+
+**Auto-refresh on agent writes is non-negotiable** — when the agent mutates the data this UI shows, the UI must reflect the change without a manual refresh. Two paths, pick the right one:
+
+- **`useActionQuery` (preferred)** — automatically covered. The framework's `useDbSync` invalidates `["action"]` on every change event, so every `useActionQuery` hook refetches when the agent runs an action. No extra wiring required.
+
+- **Raw `useQuery` with a custom key** — needs explicit wiring. Fold `useChangeVersions([<source>, "action"])` from `@agent-native/core/client` into the `queryKey` and set `placeholderData: (prev) => prev`. The `"action"` source is the reliable signal — the agent runner emits it after every successful tool call. The resource-specific source (e.g. `"settings"`, `"app-state"`) is bonus. Without this wiring, agent writes will be invisible until manual refresh.
+
+  ```tsx
+  import { useChangeVersions } from "@agent-native/core/client";
+  import { useQuery } from "@tanstack/react-query";
+
+  function useItem(id: string) {
+    const v = useChangeVersions(["items", "action"]);
+    return useQuery({
+      queryKey: ["item", id, v],
+      queryFn: () => fetchItem(id),
+      placeholderData: (prev) => prev, // no flicker on refetch
+    });
+  }
+  ```
+
+  See the `real-time-sync` skill for the full pattern and source catalog.
+
+### 2. Action
+
+Create an action in `actions/` using `defineAction`. This serves double duty: the agent calls it as a tool, and the framework auto-exposes it as an HTTP endpoint at `/_agent-native/actions/:name` for the UI to call. Set `http: { method: "GET" }` for read actions, leave default for writes, or set `http: false` for agent-only actions like `navigate` and `view-screen`.
+
+### 3. Skills / Instructions
+
+Update `AGENTS.md` (the per-app guide) and/or create a skill in `.agents/skills/` if the feature introduces patterns the agent needs to know. At minimum, add the new actions to the action table in the template's `AGENTS.md`.
+
+### 4. Application State Sync
+
+Expose navigation and selection state so the agent knows what the user is looking at. Write to the `navigation` app-state key on route changes. Update the `view-screen` action to fetch relevant data for the new feature. Add a `navigate` command if the agent needs to open the new view.
+
+## Anti-Patterns
+
+- **UI without actions** — The user can create things but the agent cannot. Breaks parity.
+- **Actions without UI** — The agent can do something the user cannot. Less common but still breaks parity.
+- **Mutations without auto-refresh wiring** — The agent says "done!" but the screen doesn't change until the user hits reload. This is the most common silent regression. If you used `useActionQuery` you're covered; if you used raw `useQuery`, fold `useChangeVersions` into the key. Always test by asking the agent to mutate the data and watching the UI without refreshing.
+
+## Verification
+
+For every new feature, manually verify:
+
+1. Can the user perform the operation from the UI?
+2. Can the agent perform the operation via an action (`pnpm action <name>`)?
+3. When the agent runs the action, **does the UI update within a second or two without a manual refresh**? If not, your query is missing `useActionQuery` or `useChangeVersions` wiring — go back to step 1.
+4. Does `view-screen` return the new feature's state when the user is on that page?

package/dist/templates/default/.agents/skills/frontend-design/SKILL.md

@@ -12,58 +12,81 @@ source: https://github.com/anthropics/skills/blob/main/skills/frontend-design/SK
 
 # Frontend Design
 
-This skill guides creation of distinctive, production-grade frontend interfaces that avoid generic "AI slop" aesthetics. Implement real working code with exceptional attention to aesthetic details and creative choices.
+This skill guides creation of distinctive, production-grade frontend interfaces. Implement real working code with strong product judgment, excellent accessibility, and a clear visual point of view.
 
-The user provides frontend requirements: a component, page, application, or interface to build. They may include context about the purpose, audience, or technical constraints.
+The user may ask for a component, page, full app, dashboard, marketing surface, or restyle. Before coding, understand the audience and pick a direction that fits the product instead of defaulting to generic SaaS polish.
 
 ## Design Thinking
 
-Before coding, understand the context and commit to a BOLD aesthetic direction:
-- **Purpose**: What problem does this interface solve? Who uses it?
-- **Tone**: Pick an extreme: brutally minimal, maximalist chaos, retro-futuristic, organic/natural, luxury/refined, playful/toy-like, editorial/magazine, brutalist/raw, art deco/geometric, soft/pastel, industrial/utilitarian, etc. There are so many flavors to choose from. Use these for inspiration but design one that is true to the aesthetic direction.
-- **Constraints**: Technical requirements (framework, performance, accessibility).
-- **Differentiation**: What makes this UNFORGETTABLE? What's the one thing someone will remember?
+Before coding, decide:
 
-**CRITICAL**: Choose a clear conceptual direction and execute it with precision. Bold maximalism and refined minimalism both work — the key is intentionality, not intensity.
+- **Purpose**: What workflow does this surface make easier? What is the primary action?
+- **Audience**: Who will use it repeatedly, and what should feel fast, calm, playful, premium, editorial, technical, or utilitarian?
+- **Tone**: Choose a concrete aesthetic direction: refined minimal, dense operations console, editorial, playful, industrial, warm handmade, high-contrast data tool, etc.
+- **Information hierarchy**: What must be visible in the first five seconds, and what should be progressively disclosed?
+- **Differentiation**: What makes this feel designed for this exact domain?
 
-Then implement working code (HTML/CSS/JS, React, Vue, etc.) that is:
-- Production-grade and functional
-- Visually striking and memorable
-- Cohesive with a clear aesthetic point-of-view
-- Meticulously refined in every detail
+Then implement working code that is cohesive, accessible, responsive, and polished in small details: typography, spacing, copy, motion, empty states, loading states, focus states, and error states.
 
-## Frontend Aesthetics Guidelines
+## Aesthetic Guidelines
 
-Focus on:
-- **Typography**: Choose fonts that are beautiful, unique, and interesting. Avoid generic fonts like Arial and Inter; opt instead for distinctive choices that elevate the frontend's aesthetics; unexpected, characterful font choices. Pair a distinctive display font with a refined body font.
-- **Color & Theme**: Commit to a cohesive aesthetic. Use CSS variables for consistency. Dominant colors with sharp accents outperform timid, evenly-distributed palettes.
-- **Motion**: Use animations for effects and micro-interactions. Prioritize CSS-only solutions for HTML. Use Motion library for React when available. Focus on high-impact moments: one well-orchestrated page load with staggered reveals (`animation-delay`) creates more delight than scattered micro-interactions. Use scroll-triggering and hover states that surprise.
-- **Spatial Composition**: Unexpected layouts. Asymmetry. Overlap. Diagonal flow. Grid-breaking elements. Generous negative space OR controlled density.
-- **Backgrounds & Visual Details**: Create atmosphere and depth rather than defaulting to solid colors. Add contextual effects and textures that match the overall aesthetic. Apply creative forms like gradient meshes, noise textures, geometric patterns, layered transparencies, dramatic shadows, decorative borders, custom cursors, and grain overlays.
+- **Typography**: Use the product's existing type system first. For net-new public pages, choose characterful but readable type and keep sizing appropriate to the surface.
+- **Color and theme**: Use semantic tokens and CSS variables. Avoid one-note palettes and default purple/blue gradients unless the brand demands them.
+- **Motion**: Prefer purposeful transitions and small state changes. Use CSS transitions/keyframes unless the app already uses a motion library.
+- **Composition**: Match the workflow. Operational apps should be dense and scannable; marketing or portfolio pages can be more immersive.
+- **Visual assets**: Websites, games, and object-focused pages need real or generated media when images help users understand the subject.
+- **Responsive fit**: Text must not overflow buttons, cards, tabs, sidebars, or fixed-format tools. Use stable dimensions for boards, grids, toolbars, and counters.
 
-## Anti-Patterns to Avoid
+## Agent-Native UI Rules
 
-NEVER use generic AI-generated aesthetics like:
-- Overused font families (Inter, Roboto, Arial, system fonts)
-- Clichéd color schemes (particularly purple gradients on white backgrounds)
-- Predictable layouts and component patterns
-- Cookie-cutter design that lacks context-specific character
+- Agent-native apps use React, Vite, Tailwind CSS, shadcn/ui, and `@tabler/icons-react`.
+- **Use shadcn/ui primitives for standard UI**: `DropdownMenu`, `Popover`, `Dialog`, `AlertDialog`, `Sheet`, `Tabs`, `Tooltip`, `Select`, `Command`, `Sidebar`, `Table`, `Card`, `Badge`, `Skeleton`, and related primitives.
+- **When touching shadcn/ui components, also read `shadcn-ui` if it exists.** That skill covers `components.json`, CLI docs, component composition, theming, and registry workflows.
+- Check `app/components/ui/` before importing a shadcn component. If a primitive is missing, add it from the app root with `pnpm dlx shadcn@latest add <component>`, then review the generated file.
+- Do not build custom dropdowns, menus, popovers, modals, or confirmations with manual absolute positioning and click-outside effects.
+- Never use browser dialogs (`window.alert`, `window.confirm`, `window.prompt`). Use `AlertDialog`, `Dialog`, or app-specific confirmation UI.
+- Use Tabler icons for all first-party UI icons. Do not add Lucide, Heroicons, inline SVG icon sets, or emoji icons.
+- Use `useActionQuery` and `useActionMutation` from `@agent-native/core/client` for action-backed UI. Standard CRUD should go through actions, not custom `/api/` routes.
+- Keep UI optimistic where possible: update cache and navigation immediately, then reconcile or roll back on mutation result.
+- Custom styles belong in Tailwind classes, component CSS, or the existing global CSS theme file; avoid inline styles.
 
-Interpret creatively and make unexpected choices that feel genuinely designed for the context. No design should be the same. Vary between light and dark themes, different fonts, different aesthetics. NEVER converge on common choices (Space Grotesk, for example) across generations.
+## shadcn/ui Design Rules
 
-## Implementation Notes
+- Use built-in component variants first (`variant`, `size`) before overriding classes.
+- Use semantic tokens (`bg-background`, `text-muted-foreground`, `border-border`, `bg-primary`) instead of raw Tailwind colors for app chrome and reusable components.
+- Use `gap-*` in flex/grid layouts instead of `space-x-*` or `space-y-*`.
+- Use `size-*` when width and height are equal, and `truncate` instead of spelling out overflow/ellipsis/nowrap.
+- Use `cn()` from the local utils alias for conditional classes.
+- Dialog, Sheet, Drawer, and AlertDialog content must have an accessible title. Use `sr-only` only when the visible design already communicates the title.
+- Put menu/list items inside their group primitives: `SelectGroup`, `DropdownMenuGroup`, `CommandGroup`, and equivalents.
+- Use full `Card` composition when the content has a title, description, content, or actions. Do not dump complex cards into a single `CardContent`.
+- Use `ToggleGroup` for small option sets, `Switch` for binary settings, `Checkbox` for multi-select, `RadioGroup` for one-of-many, and `Slider`/inputs for numeric values.
+- For forms, prefer the app's existing shadcn form pattern. If newer `Field`, `FieldGroup`, or `InputGroup` primitives are installed or appropriate to add, use them instead of raw layout divs.
+- Loading states use `Skeleton`, `Progress`, `Spinner`, or the app's existing loading primitives. Empty states should have one clear next action.
 
-**Match implementation complexity to the aesthetic vision.** Maximalist designs need elaborate code with extensive animations and effects. Minimalist or refined designs need restraint, precision, and careful attention to spacing, typography, and subtle details. Elegance comes from executing the vision well.
+## Anti-Patterns
 
-In the agent-native framework context:
-- Agent-native apps use React 18, Vite, TailwindCSS, and shadcn/ui
-- Custom styles go in component CSS or Tailwind classes — never inline styles
-- For complex visual effects, use a `<style>` tag in the component or a dedicated CSS file
-- Fonts can be loaded from Google Fonts via `@import` in a CSS file or `<link>` in `index.html`
-- Animation libraries: prefer CSS transitions and keyframes; use Framer Motion for complex sequences
-- All new UI components should be placed in `app/components/`
+Avoid:
+
+- Generic AI aesthetics: purple gradients, glassy cards everywhere, vague sparkle language, decorative blobs, and context-free hero sections.
+- Custom reimplementations of shadcn primitives.
+- Raw color overrides on shared components when semantic tokens or variants would work.
+- New always-visible controls for rare actions. Prefer menus, popovers, sheets, tabs, collapsibles, or advanced sections.
+- UI cards nested inside other cards.
+- Text or icons that resize or shift fixed-format UI on hover/loading.
+
+## Verification
+
+For substantial frontend work:
+
+1. Run the relevant formatter/checks.
+2. Start the dev server when the app needs one.
+3. Verify with browser screenshots at desktop and mobile widths.
+4. Check interactive states: hover, focus, loading, empty, error, and destructive confirmations.
 
 ## Related Skills
 
+- **shadcn-ui** — shadcn CLI, component docs, composition rules, theming, and registries
 - **self-modifying-code** — The agent can edit source code to apply design changes
-- **storing-data** — Design configuration can be stored in the settings table for agent-editable theming
+- **storing-data** — All data lives in SQL; use actions for data access
+- **actions** — `useActionQuery`/`useActionMutation` hooks for frontend data fetching