@agent-native/core 0.15.6 → 0.15.9

package/dist/server/builder-browser.d.ts

@@ -22,7 +22,11 @@ export interface BuilderBrowserStatus {
      * account, which takes precedence for their request.
      */
     envManaged: boolean;
-    credentialSource?: "user" | "org" | "env";
+    credentialSource?: "user" | "org" | "workspace" | "env";
+    connectError?: {
+        message: string;
+        at: number;
+    };
     appHost: string;
     apiHost: string;
     /**
@@ -75,6 +79,18 @@ export declare function getBuilderBranchProjectId(): string;
 export declare function isBuilderBranchingEnabled(): boolean;
 export declare function resolveBuilderBranchProjectId(): Promise<string>;
 export declare function resolveIsBuilderBranchingEnabled(): Promise<boolean>;
+/**
+ * Query param on the callback URL that carries the original preview opener
+ * origin when cli-auth's allow-list forces `preview_url` to the gateway.
+ * Read on the callback to derive the correct postMessage targetOrigin.
+ *
+ * Not signed: the receive-side trust check in `useBuilderStatus` still
+ * gates messages by allow-listed origin. The worst an attacker could do by
+ * crafting a different `_an_opener` value is target a postMessage to an
+ * origin that doesn't match the actual opener — postMessage drops the
+ * message in that case, identical to the legacy wildcard-fallback path.
+ */
+export declare const BUILDER_OPENER_PARAM = "_an_opener";
 /**
  * Build the Builder cli-auth URL for the connect popup. When a signed
  * `state` token is supplied it is embedded inside the `redirect_url`
@@ -83,12 +99,13 @@ export declare function resolveIsBuilderBranchingEnabled(): Promise<boolean>;
  * api-key / etc., so we don't depend on Builder echoing a top-level
  * `state` parameter (it doesn't).
  *
- * The user-facing connect entry point is `/_agent-native/builder/connect`
- * (a server-side 302). Status / chat-card responses surface that path
- * rather than the cli-auth URL directly, so the 302 handler can mint a
- * fresh state bound to the current session on every click.
+ * Status responses can surface this URL directly; the legacy
+ * `/_agent-native/builder/connect` trampoline still calls this helper for
+ * clients that only know the app-local connect URL.
  */
-export declare function buildBuilderCliAuthUrl(origin: string, state?: string | null): string;
+export declare function buildBuilderCliAuthUrl(callbackOrigin: string, state?: string | null, options?: {
+    previewOrigin?: string;
+}): string;
 /**
  * The bare URL surfaced to clients as `connectUrl`. The status route appends
  * a short-lived signed connect token when it knows the current owner; this
@@ -97,12 +114,20 @@ export declare function buildBuilderCliAuthUrl(origin: string, state?: string |
  */
 export declare function getBuilderBrowserConnectUrl(origin: string): string;
 /**
- * Builder CLI-auth does not need the workspace OAuth relay that Google uses.
- * In Builder/Fusion previews, keep connect + callback URLs on the actual app
- * preview origin so the signed connect token and pending row are verified by
- * the same deployment that minted them.
+ * User-visible Builder connect origin. In Builder/Fusion previews, keep the
+ * connect URL on the actual app preview origin so clicking Connect happens in
+ * the same deployment that minted the signed connect token.
  */
 export declare function getBuilderBrowserOriginForEvent(event: H3Event): string;
+/**
+ * Builder's /cli-auth page currently only accepts localhost, *.builder.io,
+ * *.agent-native.com, or builder: redirect_url destinations. Preview hosts
+ * such as *.builderio.xyz and *.builder.codes are valid app origins for us,
+ * but Builder rejects them and falls back to http://localhost:10110/auth.
+ * Use a configured public gateway for the callback in those cases while
+ * leaving the surfaced connect URL on the user's active preview.
+ */
+export declare function getBuilderCliAuthCallbackOriginForEvent(event: H3Event): string;
 export declare function getBuilderBrowserStatus(origin: string): BuilderBrowserStatus;
 export declare function getBuilderBrowserStatusForEvent(event: H3Event): BuilderBrowserStatus;
 /**
@@ -125,7 +150,9 @@ export declare function getBuilderCallbackEnvVars(params: {
     value: string;
 }[];
 export declare function resolveSafePreviewUrl(previewUrl: string | null | undefined, event: H3Event): string;
-export declare function createBuilderBrowserCallbackPage(previewUrl: string): string;
+export declare function createBuilderBrowserCallbackPage(previewUrl: string, opts?: {
+    parentOrigin?: string;
+}): string;
 /**
  * HTML page rendered inside the OAuth popup when the callback handler caught
  * an error persisting the per-user Builder credentials. Without this, the
@@ -144,6 +171,7 @@ export declare function createBuilderBrowserCallbackErrorPage(message: string, o
     title?: string;
     body?: string;
     closeHint?: string;
+    parentOrigin?: string;
 }): string;
 export interface RunBuilderAgentArgs {
     prompt: string;

package/dist/server/builder-browser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"builder-browser.d.ts","sourceRoot":"","sources":["../../src/server/builder-browser.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAUlC,eAAO,MAAM,qBAAqB,oCAAoC,CAAC;AAmBvE;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,cAAc,CAAC;AAC/C,eAAO,MAAM,qBAAqB,gBAAgB,CAAC;AACnD,eAAO,MAAM,4BAA4B,6BAA6B,CAAC;AAIvE,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,yBAAyB,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;OAIG;IACH,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,CAAC;IAC1C,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAiED;;;;;;;;;;GAUG;AACH,wBAAgB,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAErE;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GACnB,OAAO,CAET;AAED,wBAAgB,qCAAqC,CACnD,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC/B,MAAM,GAAG,IAAI,CAef;AAED,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAElE;AAED,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,UAAU,EAAE,MAAM,GACjB,OAAO,CAET;AAED,wBAAgB,oCAAoC,CAClD,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC/B,MAAM,GAAG,IAAI,CAef;AAED,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,MAAM,CAOR;AA6BD,wBAAgB,iBAAiB,IAAI,MAAM,CAM1C;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAO1C;AAUD,wBAAgB,yBAAyB,IAAI,MAAM,CAElD;AAED,wBAAgB,yBAAyB,IAAI,OAAO,CAEnD;AAED,wBAAsB,6BAA6B,IAAI,OAAO,CAAC,MAAM,CAAC,CAmBrE;AAED,wBAAsB,gCAAgC,IAAI,OAAO,CAAC,OAAO,CAAC,CAEzE;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,MAAM,EACd,KAAK,GAAE,MAAM,GAAG,IAAW,GAC1B,MAAM,CAkBR;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAElE;AAgDD;;;;;GAKG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAiBtE;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB,CAqB5E;AAED,wBAAgB,+BAA+B,CAC7C,KAAK,EAAE,OAAO,GACb,oBAAoB,CAEtB;AAED;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,mHAMnB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE9D,wBAAgB,yBAAyB,CAAC,MAAM,EAAE;IAChD,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;;;IASA;AAED,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACrC,KAAK,EAAE,OAAO,GACb,MAAM,CAKR;AAoJD,wBAAgB,gCAAgC,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CA+D3E;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qCAAqC,CACnD,OAAO,EAAE,MAAM,EACf,IAAI,GAAE;IACJ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACf,GACL,MAAM,CA4DR;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAiCD;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,qBAAqB,CAAC,CAkEhC;AAED,wBAAsB,+BAA+B,CACnD,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAgDlC"}
+{"version":3,"file":"builder-browser.d.ts","sourceRoot":"","sources":["../../src/server/builder-browser.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAUlC,eAAO,MAAM,qBAAqB,oCAAoC,CAAC;AAmBvE;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,cAAc,CAAC;AAC/C,eAAO,MAAM,qBAAqB,gBAAgB,CAAC;AACnD,eAAO,MAAM,4BAA4B,6BAA6B,CAAC;AAIvE,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,OAAO,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,yBAAyB,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;OAIG;IACH,UAAU,EAAE,OAAO,CAAC;IACpB,gBAAgB,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,WAAW,GAAG,KAAK,CAAC;IACxD,YAAY,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB,EAAE,OAAO,CAAC;IAC7B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,qBAAqB;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAiED;;;;;;;;;;GAUG;AACH,wBAAgB,wBAAwB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAErE;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,GACnB,OAAO,CAET;AAED,wBAAgB,qCAAqC,CACnD,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC/B,MAAM,GAAG,IAAI,CAef;AAED,wBAAgB,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAElE;AAED,wBAAgB,yBAAyB,CACvC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAChC,UAAU,EAAE,MAAM,GACjB,OAAO,CAET;AAED,wBAAgB,oCAAoC,CAClD,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAC/B,MAAM,GAAG,IAAI,CAef;AAED,wBAAgB,yBAAyB,CACvC,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,MAAM,CAOR;AAsCD,wBAAgB,iBAAiB,IAAI,MAAM,CAM1C;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAO1C;AAUD,wBAAgB,yBAAyB,IAAI,MAAM,CAElD;AAED,wBAAgB,yBAAyB,IAAI,OAAO,CAEnD;AAED,wBAAsB,6BAA6B,IAAI,OAAO,CAAC,MAAM,CAAC,CAmBrE;AAED,wBAAsB,gCAAgC,IAAI,OAAO,CAAC,OAAO,CAAC,CAEzE;AAgDD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,oBAAoB,eAAe,CAAC;AAYjD;;;;;;;;;;;GAWG;AACH,wBAAgB,sBAAsB,CACpC,cAAc,EAAE,MAAM,EACtB,KAAK,GAAE,MAAM,GAAG,IAAW,EAC3B,OAAO,GAAE;IAAE,aAAa,CAAC,EAAE,MAAM,CAAA;CAAO,GACvC,MAAM,CA0CR;AAED;;;;;GAKG;AACH,wBAAgB,2BAA2B,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAElE;AAqFD;;;;GAIG;AACH,wBAAgB,+BAA+B,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CAqBtE;AAED;;;;;;;GAOG;AACH,wBAAgB,uCAAuC,CACrD,KAAK,EAAE,OAAO,GACb,MAAM,CAIR;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,oBAAoB,CAqB5E;AAED,wBAAgB,+BAA+B,CAC7C,KAAK,EAAE,OAAO,GACb,oBAAoB,CAEtB;AAED;;;;;;GAMG;AACH,eAAO,MAAM,gBAAgB,mHAMnB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE9D,wBAAgB,yBAAyB,CAAC,MAAM,EAAE;IAChD,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;;;IASA;AAED,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EACrC,KAAK,EAAE,OAAO,GACb,MAAM,CAKR;AA6JD,wBAAgB,gCAAgC,CAC9C,UAAU,EAAE,MAAM,EAClB,IAAI,GAAE;IAAE,YAAY,CAAC,EAAE,MAAM,CAAA;CAAO,GACnC,MAAM,CAsER;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qCAAqC,CACnD,OAAO,EAAE,MAAM,EACf,IAAI,GAAE;IACJ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;CAClB,GACL,MAAM,CA8DR;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;CAChB;AAiCD;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,IAAI,EAAE,mBAAmB,GACxB,OAAO,CAAC,qBAAqB,CAAC,CAkEhC;AAED,wBAAsB,+BAA+B,CACnD,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAgDlC"}

package/dist/server/builder-browser.js

@@ -165,7 +165,16 @@ function isAllowedBrowserReturnUrl(urlString) {
         const isLocalhost = hostname === "localhost" ||
             hostname === "127.0.0.1" ||
             hostname === "[::1]";
-        const isBuilderDomain = hostname === "builder.io" || hostname.endsWith(".builder.io");
+        const isBuilderDomain = hostname === "builder.io" ||
+            hostname.endsWith(".builder.io") ||
+            hostname === "builder.my" ||
+            hostname.endsWith(".builder.my") ||
+            hostname === "builderio.xyz" ||
+            hostname.endsWith(".builderio.xyz") ||
+            hostname === "builderio.dev" ||
+            hostname.endsWith(".builderio.dev") ||
+            hostname === "builder.codes" ||
+            hostname.endsWith(".builder.codes");
         const isAgentNativeDomain = hostname === "agent-native.com" || hostname.endsWith(".agent-native.com");
         return (isAllowedProtocol &&
             (isLocalhost || isBuilderDomain || isAgentNativeDomain));
@@ -224,6 +233,72 @@ export async function resolveBuilderBranchProjectId() {
 export async function resolveIsBuilderBranchingEnabled() {
     return !!(await resolveBuilderBranchProjectId());
 }
+function isBuilderCliAuthAllowedOrigin(origin) {
+    if (!origin)
+        return false;
+    try {
+        const parsed = new URL(origin);
+        const hostname = parsed.hostname.toLowerCase();
+        const isAllowedProtocol = parsed.protocol === "http:" || parsed.protocol === "https:";
+        const isLocalhost = hostname === "localhost" ||
+            hostname === "127.0.0.1" ||
+            hostname === "::1" ||
+            hostname === "[::1]";
+        const isBuilderDomain = hostname === "builder.io" || hostname.endsWith(".builder.io");
+        const isAgentNativeDomain = hostname === "agent-native.com" || hostname.endsWith(".agent-native.com");
+        return (isAllowedProtocol &&
+            (isLocalhost || isBuilderDomain || isAgentNativeDomain));
+    }
+    catch {
+        return false;
+    }
+}
+function firstBuilderCliAuthCallbackOriginFromEnv() {
+    for (const key of [
+        "APP_URL",
+        "VITE_APP_URL",
+        "BETTER_AUTH_URL",
+        "VITE_BETTER_AUTH_URL",
+        "WORKSPACE_GATEWAY_URL",
+        "VITE_WORKSPACE_GATEWAY_URL",
+    ]) {
+        const raw = process.env[key];
+        if (!raw)
+            continue;
+        try {
+            const origin = new URL(raw).origin;
+            if (isBuilderCliAuthAllowedOrigin(origin))
+                return origin;
+        }
+        catch {
+            // Ignore malformed environment values.
+        }
+    }
+    return null;
+}
+/**
+ * Query param on the callback URL that carries the original preview opener
+ * origin when cli-auth's allow-list forces `preview_url` to the gateway.
+ * Read on the callback to derive the correct postMessage targetOrigin.
+ *
+ * Not signed: the receive-side trust check in `useBuilderStatus` still
+ * gates messages by allow-listed origin. The worst an attacker could do by
+ * crafting a different `_an_opener` value is target a postMessage to an
+ * origin that doesn't match the actual opener — postMessage drops the
+ * message in that case, identical to the legacy wildcard-fallback path.
+ */
+export const BUILDER_OPENER_PARAM = "_an_opener";
+function isBuilderOpenerOriginSafe(value) {
+    if (!value)
+        return false;
+    try {
+        const parsed = new URL(value);
+        return parsed.protocol === "http:" || parsed.protocol === "https:";
+    }
+    catch {
+        return false;
+    }
+}
 /**
  * Build the Builder cli-auth URL for the connect popup. When a signed
  * `state` token is supplied it is embedded inside the `redirect_url`
@@ -232,24 +307,38 @@ export async function resolveIsBuilderBranchingEnabled() {
  * api-key / etc., so we don't depend on Builder echoing a top-level
  * `state` parameter (it doesn't).
  *
- * The user-facing connect entry point is `/_agent-native/builder/connect`
- * (a server-side 302). Status / chat-card responses surface that path
- * rather than the cli-auth URL directly, so the 302 handler can mint a
- * fresh state bound to the current session on every click.
+ * Status responses can surface this URL directly; the legacy
+ * `/_agent-native/builder/connect` trampoline still calls this helper for
+ * clients that only know the app-local connect URL.
  */
-export function buildBuilderCliAuthUrl(origin, state = null) {
-    const normalizedOrigin = normalizeOrigin(origin);
+export function buildBuilderCliAuthUrl(callbackOrigin, state = null, options = {}) {
+    const normalizedCallbackOrigin = normalizeOrigin(callbackOrigin);
+    const requestedPreviewOrigin = normalizeOrigin(options.previewOrigin || callbackOrigin);
+    const normalizedPreviewOrigin = isBuilderCliAuthAllowedOrigin(requestedPreviewOrigin)
+        ? requestedPreviewOrigin
+        : normalizedCallbackOrigin;
     const appBasePath = getAppBasePath();
-    const callbackUrl = new URL(`${appBasePath}${BUILDER_CALLBACK_PATH}`, normalizedOrigin);
+    const callbackUrl = new URL(`${appBasePath}${BUILDER_CALLBACK_PATH}`, normalizedCallbackOrigin);
     if (state) {
         callbackUrl.searchParams.set(BUILDER_STATE_PARAM, state);
     }
+    // When the cli-auth allow-list forces preview_url onto the gateway origin,
+    // the callback would otherwise lose the real opener origin and post its
+    // success message to the gateway instead of the preview tab. Embed the
+    // original preview origin in the callback's own query string so the
+    // callback handler can recover it for parentOrigin / postMessage. Builder
+    // preserves the redirect_url's query verbatim, so this round-trips.
+    if (requestedPreviewOrigin &&
+        requestedPreviewOrigin !== normalizedPreviewOrigin &&
+        isBuilderOpenerOriginSafe(requestedPreviewOrigin)) {
+        callbackUrl.searchParams.set(BUILDER_OPENER_PARAM, requestedPreviewOrigin);
+    }
     const url = new URL("/cli-auth", getBuilderAppHost());
     url.searchParams.set("response_type", "code");
     url.searchParams.set("host", BUILDER_BROWSER_HOST);
     url.searchParams.set("client_id", BUILDER_BROWSER_CLIENT_ID);
     url.searchParams.set("redirect_url", callbackUrl.toString());
-    url.searchParams.set("preview_url", `${normalizedOrigin}${appBasePath}`);
+    url.searchParams.set("preview_url", `${normalizedPreviewOrigin}${appBasePath}`);
     url.searchParams.set("framework", "agent-native");
     return url.toString();
 }
@@ -301,17 +390,61 @@ function isTrustedBuilderRequestHost(host) {
         return false;
     }
 }
+function isLoopbackBuilderRequestHost(host) {
+    if (!host)
+        return false;
+    try {
+        const hostname = new URL(`http://${host}`).hostname.toLowerCase();
+        return (hostname === "localhost" ||
+            hostname === "127.0.0.1" ||
+            hostname === "::1" ||
+            hostname === "[::1]");
+    }
+    catch {
+        return false;
+    }
+}
+function firstPublicBuilderPreviewOriginFromEnv() {
+    for (const key of [
+        "FUSION_ENV_ORIGIN",
+        "VITE_FUSION_ENV_ORIGIN",
+        "BUILDER_PREVIEW_URL",
+        "VITE_BUILDER_PREVIEW_URL",
+    ]) {
+        const raw = process.env[key];
+        if (!raw)
+            continue;
+        try {
+            const url = new URL(raw);
+            if (url.protocol !== "http:" && url.protocol !== "https:")
+                continue;
+            if (isLoopbackBuilderRequestHost(url.host))
+                continue;
+            if (!isTrustedBuilderRequestHost(url.host))
+                continue;
+            return url.origin;
+        }
+        catch {
+            // Ignore malformed environment values.
+        }
+    }
+    return null;
+}
 /**
- * Builder CLI-auth does not need the workspace OAuth relay that Google uses.
- * In Builder/Fusion previews, keep connect + callback URLs on the actual app
- * preview origin so the signed connect token and pending row are verified by
- * the same deployment that minted them.
+ * User-visible Builder connect origin. In Builder/Fusion previews, keep the
+ * connect URL on the actual app preview origin so clicking Connect happens in
+ * the same deployment that minted the signed connect token.
  */
 export function getBuilderBrowserOriginForEvent(event) {
     const headerHost = firstHeaderValue(readEventHeader(event, "x-forwarded-host") ||
         readEventHeader(event, "host"));
     if (!isTrustedBuilderRequestHost(headerHost))
         return getOrigin(event);
+    if (isLoopbackBuilderRequestHost(headerHost)) {
+        const publicPreviewOrigin = firstPublicBuilderPreviewOriginFromEnv();
+        if (publicPreviewOrigin)
+            return publicPreviewOrigin;
+    }
     const rawProto = firstHeaderValue(readEventHeader(event, "x-forwarded-proto"));
     const proto = rawProto === "http" || rawProto === "https"
         ? rawProto
@@ -320,6 +453,20 @@ export function getBuilderBrowserOriginForEvent(event) {
             : "http";
     return `${proto}://${headerHost}`;
 }
+/**
+ * Builder's /cli-auth page currently only accepts localhost, *.builder.io,
+ * *.agent-native.com, or builder: redirect_url destinations. Preview hosts
+ * such as *.builderio.xyz and *.builder.codes are valid app origins for us,
+ * but Builder rejects them and falls back to http://localhost:10110/auth.
+ * Use a configured public gateway for the callback in those cases while
+ * leaving the surfaced connect URL on the user's active preview.
+ */
+export function getBuilderCliAuthCallbackOriginForEvent(event) {
+    const previewOrigin = getBuilderBrowserOriginForEvent(event);
+    if (isBuilderCliAuthAllowedOrigin(previewOrigin))
+        return previewOrigin;
+    return firstBuilderCliAuthCallbackOriginFromEnv() ?? previewOrigin;
+}
 export function getBuilderBrowserStatus(origin) {
     const branchProjectId = getConfiguredBuilderBranchProjectId();
     const envManaged = !!process.env.BUILDER_PRIVATE_KEY;
@@ -371,7 +518,7 @@ export function resolveSafePreviewUrl(previewUrl, event) {
     if (previewUrl && isAllowedBrowserReturnUrl(previewUrl)) {
         return previewUrl;
     }
-    return getOrigin(event);
+    return getBuilderBrowserOriginForEvent(event);
 }
 /**
  * Inline theme-detection script that runs before the body paints. Reads the
@@ -517,8 +664,24 @@ const BUILDER_CALLBACK_BASE_CSS = `
     word-break: break-word;
   }
 `;
-export function createBuilderBrowserCallbackPage(previewUrl) {
+function safeOriginFromUrl(value) {
+    if (!value)
+        return null;
+    try {
+        return new URL(value).origin;
+    }
+    catch {
+        return null;
+    }
+}
+export function createBuilderBrowserCallbackPage(previewUrl, opts = {}) {
     const escapedUrl = JSON.stringify(previewUrl);
+    const parentOrigin = safeOriginFromUrl(opts.parentOrigin) ?? safeOriginFromUrl(previewUrl);
+    // postMessage requires a specific target origin for cross-origin opener
+    // delivery; only fall back to "*" when we have no usable origin (the
+    // BroadcastChannel path on the success page still works for same-origin
+    // openers in that case).
+    const escapedTargetOrigin = JSON.stringify(parentOrigin ?? "*");
     return `<!doctype html>
 <html lang="en">
   <head>
@@ -561,7 +724,7 @@ export function createBuilderBrowserCallbackPage(previewUrl) {
         if (window.opener && !window.opener.closed) {
           window.opener.postMessage(
             { type: "builder-connect-success" },
-            window.location.origin,
+            ${escapedTargetOrigin},
           );
         }
       } catch (e) {}
@@ -597,6 +760,8 @@ export function createBuilderBrowserCallbackPage(previewUrl) {
  */
 export function createBuilderBrowserCallbackErrorPage(message, opts = {}) {
     const escapedMessage = JSON.stringify(message);
+    const parentOrigin = safeOriginFromUrl(opts.parentOrigin);
+    const escapedTargetOrigin = JSON.stringify(parentOrigin ?? "*");
     const title = opts.title ?? "Couldn't save Builder connection";
     const body = opts.body ??
         "Builder authorized your account but the server couldn't persist the credentials.";
@@ -645,7 +810,7 @@ export function createBuilderBrowserCallbackErrorPage(message, opts = {}) {
           try {
             window.opener.postMessage(
               { type: "builder-connect-error", message: msg },
-              window.location.origin,
+              ${escapedTargetOrigin},
             );
           } catch (e) {}
         }