@agent-native/core 0.18.1 → 0.19.1

package/dist/server/identity-sso-store.d.ts

@@ -0,0 +1,86 @@
+/**
+ * Framework-table store for the cross-app SSO ("Sign in with Agent-Native")
+ * CLIENT side. Backs two pieces of the federated login round-trip:
+ *
+ *   - `identity_sso_state` — short-lived (10 min), single-use, crypto-random
+ *     CSRF `state` values. Minted at `/_agent-native/identity/login`,
+ *     consumed exactly once at `/_agent-native/identity/callback`. Carries an
+ *     optional same-origin `return` path so the user lands back where they
+ *     started after federated sign-in.
+ *   - `identity_sso_jti` — replayed-token guard. The hub-issued identity JWT
+ *     carries a random `jti`; the first callback that verifies a given `jti`
+ *     records it here, and any later callback that presents the same `jti`
+ *     is rejected. Best-effort: a DB blip never widens the trust boundary
+ *     (signature + exp + scope + single-use state are still enforced), it
+ *     only relaxes the extra replay gate.
+ *
+ * Mirrors `mcp/connect-store.ts`: lazy `ensureTable()`, `getDbExec()`,
+ * dialect-agnostic SQL via `intType()`, `isConnectionError()` swallow so a
+ * transient Neon WS drop never 500s. `CREATE TABLE IF NOT EXISTS` only —
+ * strictly additive, never DROP / ALTER (shared prod DB rule).
+ *
+ * Node-only (crypto), bundled alongside the other framework auth modules.
+ */
+/**
+ * Read + normalise `AGENT_NATIVE_IDENTITY_HUB_URL`. Returns `undefined`
+ * (feature OFF) unless it is set to a syntactically valid http(s) URL. A
+ * malformed value is treated as OFF rather than throwing, so a typo can
+ * never brick an app's login — it just behaves as if SSO were unconfigured.
+ */
+export declare function getIdentityHubUrl(): string | undefined;
+/**
+ * Whether the federated-SSO client is active. When false, NOTHING in the
+ * SSO module has any effect: the route 404s, the guard bypass is inert, the
+ * login button is not rendered. This is the single switch the
+ * env-unset-no-op invariant is asserted against.
+ */
+export declare function isIdentitySsoEnabled(): boolean;
+/**
+ * The conditional "Sign in with Agent-Native" entry injected into the login
+ * page — ONLY when the feature is enabled. Returns an empty string when
+ * disabled so the login HTML is byte-for-byte identical to today's output
+ * with the env unset (asserted by the env-unset-no-op regression test). Pure
+ * string builder, no I/O — safe to call during HTML render. Lives in this
+ * leaf module so `onboarding-html.ts` can import it without creating an
+ * `auth.ts` ↔ `identity-sso.ts` import cycle.
+ */
+export declare function identitySsoLoginButtonHtml(): string;
+/** CSRF state values are valid for 10 minutes. */
+export declare const SSO_STATE_TTL_MS: number;
+/**
+ * Rate limit for `identity/login`: at most this many state rows may be
+ * created within `SSO_LOGIN_WINDOW_MS`. The endpoint is reachable without a
+ * session (it's the entry point), so keep a coarse global cap to stop table
+ * flooding without per-IP plumbing.
+ */
+export declare const SSO_LOGIN_MAX = 60;
+export declare const SSO_LOGIN_WINDOW_MS = 60000;
+/**
+ * Mint a fresh crypto-random `state` value, persist it with an optional
+ * same-origin return path, and return it. Rate-limited at creation: at most
+ * `SSO_LOGIN_MAX` rows within `SSO_LOGIN_WINDOW_MS`. Throws `RATE_LIMITED`
+ * when the cap is exceeded so the route can map it to a 429.
+ */
+export declare function createSsoState(returnPath: string | null): Promise<string>;
+export interface SsoStateConsumeResult {
+    ok: boolean;
+    returnPath: string | null;
+}
+/**
+ * Atomically consume a `state` value. Returns `{ ok: true, returnPath }` only
+ * when the state existed, had not expired, and had not been consumed before —
+ * and this call is the one that transitioned it to consumed (single-use,
+ * enforced via a conditional UPDATE so a double callback can't both pass).
+ * Any other condition returns `{ ok: false }`.
+ */
+export declare function consumeSsoState(state: string): Promise<SsoStateConsumeResult>;
+/**
+ * Returns true when the given identity-token `jti` has already been seen
+ * (i.e. this is a replay). On the first sighting, records the `jti` and
+ * returns false. Best-effort: a store/DB error returns `false` (not a
+ * replay) so a transient Neon WS drop never blocks a legitimate first-time
+ * sign-in — signature + exp + scope + single-use CSRF state remain the hard
+ * gates; this only adds defence in depth against token replay.
+ */
+export declare function isJtiReplayed(jti: string | undefined): Promise<boolean>;
+//# sourceMappingURL=identity-sso-store.d.ts.map

package/dist/server/identity-sso-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-sso-store.d.ts","sourceRoot":"","sources":["../../src/server/identity-sso-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAeH;;;;;GAKG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,GAAG,SAAS,CAUtD;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,IAAI,OAAO,CAE9C;AAED;;;;;;;;GAQG;AACH,wBAAgB,0BAA0B,IAAI,MAAM,CAWnD;AAED,kDAAkD;AAClD,eAAO,MAAM,gBAAgB,QAAc,CAAC;AAE5C;;;;;GAKG;AACH,eAAO,MAAM,aAAa,KAAK,CAAC;AAChC,eAAO,MAAM,mBAAmB,QAAS,CAAC;AA0C1C;;;;;GAKG;AACH,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,GAAG,IAAI,GACxB,OAAO,CAAC,MAAM,CAAC,CA2BjB;AAED,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,OAAO,CAAC;IACZ,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,qBAAqB,CAAC,CAgChC;AAMD;;;;;;;GAOG;AACH,wBAAsB,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,CA0B7E"}

package/dist/server/identity-sso-store.js

@@ -0,0 +1,243 @@
+/**
+ * Framework-table store for the cross-app SSO ("Sign in with Agent-Native")
+ * CLIENT side. Backs two pieces of the federated login round-trip:
+ *
+ *   - `identity_sso_state` — short-lived (10 min), single-use, crypto-random
+ *     CSRF `state` values. Minted at `/_agent-native/identity/login`,
+ *     consumed exactly once at `/_agent-native/identity/callback`. Carries an
+ *     optional same-origin `return` path so the user lands back where they
+ *     started after federated sign-in.
+ *   - `identity_sso_jti` — replayed-token guard. The hub-issued identity JWT
+ *     carries a random `jti`; the first callback that verifies a given `jti`
+ *     records it here, and any later callback that presents the same `jti`
+ *     is rejected. Best-effort: a DB blip never widens the trust boundary
+ *     (signature + exp + scope + single-use state are still enforced), it
+ *     only relaxes the extra replay gate.
+ *
+ * Mirrors `mcp/connect-store.ts`: lazy `ensureTable()`, `getDbExec()`,
+ * dialect-agnostic SQL via `intType()`, `isConnectionError()` swallow so a
+ * transient Neon WS drop never 500s. `CREATE TABLE IF NOT EXISTS` only —
+ * strictly additive, never DROP / ALTER (shared prod DB rule).
+ *
+ * Node-only (crypto), bundled alongside the other framework auth modules.
+ */
+import { getDbExec, isConnectionError, intType } from "../db/client.js";
+import { randomBytes } from "node:crypto";
+let _initPromise;
+// ---------------------------------------------------------------------------
+// Feature switch — the SINGLE source of truth for whether the federated-SSO
+// client is active. Lives here (a leaf module with no dependency on auth.ts)
+// so BOTH the auth guard and the route handler import the identical
+// validator and can never drift. Pure env read, no I/O — safe on the guard
+// hot path.
+// ---------------------------------------------------------------------------
+/**
+ * Read + normalise `AGENT_NATIVE_IDENTITY_HUB_URL`. Returns `undefined`
+ * (feature OFF) unless it is set to a syntactically valid http(s) URL. A
+ * malformed value is treated as OFF rather than throwing, so a typo can
+ * never brick an app's login — it just behaves as if SSO were unconfigured.
+ */
+export function getIdentityHubUrl() {
+    const raw = process.env.AGENT_NATIVE_IDENTITY_HUB_URL?.trim();
+    if (!raw)
+        return undefined;
+    try {
+        const u = new URL(raw);
+        if (u.protocol !== "https:" && u.protocol !== "http:")
+            return undefined;
+        return `${u.protocol}//${u.host}${u.pathname}`.replace(/\/+$/, "");
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Whether the federated-SSO client is active. When false, NOTHING in the
+ * SSO module has any effect: the route 404s, the guard bypass is inert, the
+ * login button is not rendered. This is the single switch the
+ * env-unset-no-op invariant is asserted against.
+ */
+export function isIdentitySsoEnabled() {
+    return !!getIdentityHubUrl();
+}
+/**
+ * The conditional "Sign in with Agent-Native" entry injected into the login
+ * page — ONLY when the feature is enabled. Returns an empty string when
+ * disabled so the login HTML is byte-for-byte identical to today's output
+ * with the env unset (asserted by the env-unset-no-op regression test). Pure
+ * string builder, no I/O — safe to call during HTML render. Lives in this
+ * leaf module so `onboarding-html.ts` can import it without creating an
+ * `auth.ts` ↔ `identity-sso.ts` import cycle.
+ */
+export function identitySsoLoginButtonHtml() {
+    if (!isIdentitySsoEnabled())
+        return "";
+    return (`\n  <a class="btn-identity-sso" id="identity-sso-btn" ` +
+        `href="/_agent-native/identity/login" ` +
+        `style="display:flex;align-items:center;justify-content:center;gap:0.5rem;` +
+        `width:100%;padding:0.7rem 1rem;margin-bottom:0.75rem;border-radius:8px;` +
+        `border:1px solid rgba(255,255,255,0.18);background:transparent;` +
+        `color:inherit;font:inherit;font-weight:600;text-decoration:none;` +
+        `cursor:pointer">Sign in with Agent-Native</a>\n`);
+}
+/** CSRF state values are valid for 10 minutes. */
+export const SSO_STATE_TTL_MS = 10 * 60_000;
+/**
+ * Rate limit for `identity/login`: at most this many state rows may be
+ * created within `SSO_LOGIN_WINDOW_MS`. The endpoint is reachable without a
+ * session (it's the entry point), so keep a coarse global cap to stop table
+ * flooding without per-IP plumbing.
+ */
+export const SSO_LOGIN_MAX = 60;
+export const SSO_LOGIN_WINDOW_MS = 60_000;
+async function ensureTable() {
+    if (!_initPromise) {
+        _initPromise = (async () => {
+            const client = getDbExec();
+            // Additive only. Never DROP / ALTER — this DB is shared across every
+            // deploy context (preview/branch/prod) for hosted templates.
+            await client.execute(`
+        CREATE TABLE IF NOT EXISTS identity_sso_state (
+          state TEXT PRIMARY KEY,
+          return_path TEXT,
+          created_at ${intType()},
+          expires_at ${intType()},
+          consumed_at ${intType()}
+        )
+      `);
+            await client.execute(`
+        CREATE TABLE IF NOT EXISTS identity_sso_jti (
+          jti TEXT PRIMARY KEY,
+          seen_at ${intType()}
+        )
+      `);
+        })().catch((err) => {
+            // Don't cache a rejection — let the next caller retry a fresh init.
+            _initPromise = undefined;
+            throw err;
+        });
+    }
+    return _initPromise;
+}
+function numOrNull(v) {
+    if (v == null)
+        return null;
+    const n = Number(v);
+    return Number.isFinite(n) ? n : null;
+}
+// ---------------------------------------------------------------------------
+// CSRF state
+// ---------------------------------------------------------------------------
+/**
+ * Mint a fresh crypto-random `state` value, persist it with an optional
+ * same-origin return path, and return it. Rate-limited at creation: at most
+ * `SSO_LOGIN_MAX` rows within `SSO_LOGIN_WINDOW_MS`. Throws `RATE_LIMITED`
+ * when the cap is exceeded so the route can map it to a 429.
+ */
+export async function createSsoState(returnPath) {
+    await ensureTable();
+    const client = getDbExec();
+    const now = Date.now();
+    try {
+        const { rows } = await client.execute({
+            sql: `SELECT COUNT(*) AS n FROM identity_sso_state WHERE created_at > ?`,
+            args: [now - SSO_LOGIN_WINDOW_MS],
+        });
+        const n = Number(rows[0]?.n ?? rows[0]?.["COUNT(*)"] ?? 0);
+        if (Number.isFinite(n) && n >= SSO_LOGIN_MAX) {
+            throw new Error("RATE_LIMITED");
+        }
+    }
+    catch (err) {
+        if (err?.message === "RATE_LIMITED")
+            throw err;
+        // A read failure must not block legitimate logins — single-use +
+        // short-TTL state is the primary protection. Continue.
+    }
+    const state = randomBytes(32).toString("base64url");
+    const expiresAt = now + SSO_STATE_TTL_MS;
+    await client.execute({
+        sql: `INSERT INTO identity_sso_state (state, return_path, created_at, expires_at, consumed_at) VALUES (?, ?, ?, ?, ?)`,
+        args: [state, returnPath ?? null, now, expiresAt, null],
+    });
+    return state;
+}
+/**
+ * Atomically consume a `state` value. Returns `{ ok: true, returnPath }` only
+ * when the state existed, had not expired, and had not been consumed before —
+ * and this call is the one that transitioned it to consumed (single-use,
+ * enforced via a conditional UPDATE so a double callback can't both pass).
+ * Any other condition returns `{ ok: false }`.
+ */
+export async function consumeSsoState(state) {
+    if (!state)
+        return { ok: false, returnPath: null };
+    await ensureTable();
+    const client = getDbExec();
+    const now = Date.now();
+    const { rows } = await client.execute({
+        sql: `SELECT state, return_path, expires_at, consumed_at FROM identity_sso_state WHERE state = ?`,
+        args: [state],
+    });
+    if (rows.length === 0)
+        return { ok: false, returnPath: null };
+    const row = rows[0];
+    const expiresAt = numOrNull(row.expires_at ?? row.expiresAt);
+    const consumedAt = numOrNull(row.consumed_at ?? row.consumedAt);
+    if (consumedAt != null)
+        return { ok: false, returnPath: null };
+    if (expiresAt != null && expiresAt < now) {
+        return { ok: false, returnPath: null };
+    }
+    // Single-use: only the caller that flips `consumed_at` from NULL wins.
+    const result = await client.execute({
+        sql: `UPDATE identity_sso_state SET consumed_at = ? WHERE state = ? AND consumed_at IS NULL`,
+        args: [now, state],
+    });
+    if (result.rowsAffected === 0) {
+        // Lost the race to a concurrent callback — treat as already consumed.
+        return { ok: false, returnPath: null };
+    }
+    const returnPath = (row.return_path ?? row.returnPath ?? null);
+    return { ok: true, returnPath };
+}
+// ---------------------------------------------------------------------------
+// Replay (jti) guard
+// ---------------------------------------------------------------------------
+/**
+ * Returns true when the given identity-token `jti` has already been seen
+ * (i.e. this is a replay). On the first sighting, records the `jti` and
+ * returns false. Best-effort: a store/DB error returns `false` (not a
+ * replay) so a transient Neon WS drop never blocks a legitimate first-time
+ * sign-in — signature + exp + scope + single-use CSRF state remain the hard
+ * gates; this only adds defence in depth against token replay.
+ */
+export async function isJtiReplayed(jti) {
+    if (!jti)
+        return false;
+    try {
+        await ensureTable();
+        const client = getDbExec();
+        const result = await client.execute({
+            sql: `INSERT INTO identity_sso_jti (jti, seen_at) VALUES (?, ?)`,
+            args: [jti, Date.now()],
+        });
+        // A successful insert means this jti was never seen → not a replay.
+        return result.rowsAffected === 0;
+    }
+    catch (err) {
+        // Primary-key conflict = the jti already exists = replay.
+        const msg = String(err?.message ?? "").toLowerCase();
+        if (msg.includes("unique") ||
+            msg.includes("duplicate") ||
+            msg.includes("constraint")) {
+            return true;
+        }
+        // Any other error (incl. connection blips): fail open — do not block a
+        // legitimate first sign-in over a transient DB issue.
+        if (isConnectionError(err))
+            return false;
+        return false;
+    }
+}
+//# sourceMappingURL=identity-sso-store.js.map

package/dist/server/identity-sso-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-sso-store.js","sourceRoot":"","sources":["../../src/server/identity-sso-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,IAAI,YAAuC,CAAC;AAE5C,8EAA8E;AAC9E,4EAA4E;AAC5E,6EAA6E;AAC7E,oEAAoE;AACpE,2EAA2E;AAC3E,YAAY;AACZ,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,EAAE,IAAI,EAAE,CAAC;IAC9D,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO;YAAE,OAAO,SAAS,CAAC;QACxE,OAAO,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACrE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,CAAC,CAAC,iBAAiB,EAAE,CAAC;AAC/B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,0BAA0B;IACxC,IAAI,CAAC,oBAAoB,EAAE;QAAE,OAAO,EAAE,CAAC;IACvC,OAAO,CACL,wDAAwD;QACxD,uCAAuC;QACvC,2EAA2E;QAC3E,yEAAyE;QACzE,iEAAiE;QACjE,kEAAkE;QAClE,iDAAiD,CAClD,CAAC;AACJ,CAAC;AAED,kDAAkD;AAClD,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,GAAG,MAAM,CAAC;AAE5C;;;;;GAKG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC;AAChC,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAE1C,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,qEAAqE;YACrE,6DAA6D;YAC7D,MAAM,MAAM,CAAC,OAAO,CAAC;;;;uBAIJ,OAAO,EAAE;uBACT,OAAO,EAAE;wBACR,OAAO,EAAE;;OAE1B,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,OAAO,CAAC;;;oBAGP,OAAO,EAAE;;OAEtB,CAAC,CAAC;QACL,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;YACjB,oEAAoE;YACpE,YAAY,GAAG,SAAS,CAAC;YACzB,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,SAAS,CAAC,CAAU;IAC3B,IAAI,CAAC,IAAI,IAAI;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACpB,OAAO,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACvC,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,UAAyB;IAEzB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YACpC,GAAG,EAAE,mEAAmE;YACxE,IAAI,EAAE,CAAC,GAAG,GAAG,mBAAmB,CAAC;SAClC,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3D,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,aAAa,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IAAI,GAAG,EAAE,OAAO,KAAK,cAAc;YAAE,MAAM,GAAG,CAAC;QAC/C,iEAAiE;QACjE,uDAAuD;IACzD,CAAC;IAED,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,GAAG,GAAG,gBAAgB,CAAC;IACzC,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,iHAAiH;QACtH,IAAI,EAAE,CAAC,KAAK,EAAE,UAAU,IAAI,IAAI,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC;KACxD,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC;AAOD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,KAAa;IAEb,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACnD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,4FAA4F;QACjG,IAAI,EAAE,CAAC,KAAK,CAAC;KACd,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IAC9D,MAAM,GAAG,GAAQ,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,CAAC,UAAU,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,SAAS,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,CAAC,CAAC;IAChE,IAAI,UAAU,IAAI,IAAI;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IAC/D,IAAI,SAAS,IAAI,IAAI,IAAI,SAAS,GAAG,GAAG,EAAE,CAAC;QACzC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACzC,CAAC;IAED,uEAAuE;IACvE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE,uFAAuF;QAC5F,IAAI,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC;KACnB,CAAC,CAAC;IACH,IAAI,MAAM,CAAC,YAAY,KAAK,CAAC,EAAE,CAAC;QAC9B,sEAAsE;QACtE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACzC,CAAC;IACD,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,UAAU,IAAI,IAAI,CAErD,CAAC;IACT,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AAClC,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAuB;IACzD,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,WAAW,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,2DAA2D;YAChE,IAAI,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;SACxB,CAAC,CAAC;QACH,oEAAoE;QACpE,OAAO,MAAM,CAAC,YAAY,KAAK,CAAC,CAAC;IACnC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,0DAA0D;QAC1D,MAAM,GAAG,GAAG,MAAM,CAAE,GAAW,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9D,IACE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACtB,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;YACzB,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,EAC1B,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QACD,uEAAuE;QACvE,sDAAsD;QACtD,IAAI,iBAAiB,CAAC,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QACzC,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC","sourcesContent":["/**\n * Framework-table store for the cross-app SSO (\"Sign in with Agent-Native\")\n * CLIENT side. Backs two pieces of the federated login round-trip:\n *\n *   - `identity_sso_state` — short-lived (10 min), single-use, crypto-random\n *     CSRF `state` values. Minted at `/_agent-native/identity/login`,\n *     consumed exactly once at `/_agent-native/identity/callback`. Carries an\n *     optional same-origin `return` path so the user lands back where they\n *     started after federated sign-in.\n *   - `identity_sso_jti` — replayed-token guard. The hub-issued identity JWT\n *     carries a random `jti`; the first callback that verifies a given `jti`\n *     records it here, and any later callback that presents the same `jti`\n *     is rejected. Best-effort: a DB blip never widens the trust boundary\n *     (signature + exp + scope + single-use state are still enforced), it\n *     only relaxes the extra replay gate.\n *\n * Mirrors `mcp/connect-store.ts`: lazy `ensureTable()`, `getDbExec()`,\n * dialect-agnostic SQL via `intType()`, `isConnectionError()` swallow so a\n * transient Neon WS drop never 500s. `CREATE TABLE IF NOT EXISTS` only —\n * strictly additive, never DROP / ALTER (shared prod DB rule).\n *\n * Node-only (crypto), bundled alongside the other framework auth modules.\n */\n\nimport { getDbExec, isConnectionError, intType } from \"../db/client.js\";\nimport { randomBytes } from \"node:crypto\";\n\nlet _initPromise: Promise<void> | undefined;\n\n// ---------------------------------------------------------------------------\n// Feature switch — the SINGLE source of truth for whether the federated-SSO\n// client is active. Lives here (a leaf module with no dependency on auth.ts)\n// so BOTH the auth guard and the route handler import the identical\n// validator and can never drift. Pure env read, no I/O — safe on the guard\n// hot path.\n// ---------------------------------------------------------------------------\n\n/**\n * Read + normalise `AGENT_NATIVE_IDENTITY_HUB_URL`. Returns `undefined`\n * (feature OFF) unless it is set to a syntactically valid http(s) URL. A\n * malformed value is treated as OFF rather than throwing, so a typo can\n * never brick an app's login — it just behaves as if SSO were unconfigured.\n */\nexport function getIdentityHubUrl(): string | undefined {\n  const raw = process.env.AGENT_NATIVE_IDENTITY_HUB_URL?.trim();\n  if (!raw) return undefined;\n  try {\n    const u = new URL(raw);\n    if (u.protocol !== \"https:\" && u.protocol !== \"http:\") return undefined;\n    return `${u.protocol}//${u.host}${u.pathname}`.replace(/\\/+$/, \"\");\n  } catch {\n    return undefined;\n  }\n}\n\n/**\n * Whether the federated-SSO client is active. When false, NOTHING in the\n * SSO module has any effect: the route 404s, the guard bypass is inert, the\n * login button is not rendered. This is the single switch the\n * env-unset-no-op invariant is asserted against.\n */\nexport function isIdentitySsoEnabled(): boolean {\n  return !!getIdentityHubUrl();\n}\n\n/**\n * The conditional \"Sign in with Agent-Native\" entry injected into the login\n * page — ONLY when the feature is enabled. Returns an empty string when\n * disabled so the login HTML is byte-for-byte identical to today's output\n * with the env unset (asserted by the env-unset-no-op regression test). Pure\n * string builder, no I/O — safe to call during HTML render. Lives in this\n * leaf module so `onboarding-html.ts` can import it without creating an\n * `auth.ts` ↔ `identity-sso.ts` import cycle.\n */\nexport function identitySsoLoginButtonHtml(): string {\n  if (!isIdentitySsoEnabled()) return \"\";\n  return (\n    `\\n  <a class=\"btn-identity-sso\" id=\"identity-sso-btn\" ` +\n    `href=\"/_agent-native/identity/login\" ` +\n    `style=\"display:flex;align-items:center;justify-content:center;gap:0.5rem;` +\n    `width:100%;padding:0.7rem 1rem;margin-bottom:0.75rem;border-radius:8px;` +\n    `border:1px solid rgba(255,255,255,0.18);background:transparent;` +\n    `color:inherit;font:inherit;font-weight:600;text-decoration:none;` +\n    `cursor:pointer\">Sign in with Agent-Native</a>\\n`\n  );\n}\n\n/** CSRF state values are valid for 10 minutes. */\nexport const SSO_STATE_TTL_MS = 10 * 60_000;\n\n/**\n * Rate limit for `identity/login`: at most this many state rows may be\n * created within `SSO_LOGIN_WINDOW_MS`. The endpoint is reachable without a\n * session (it's the entry point), so keep a coarse global cap to stop table\n * flooding without per-IP plumbing.\n */\nexport const SSO_LOGIN_MAX = 60;\nexport const SSO_LOGIN_WINDOW_MS = 60_000;\n\nasync function ensureTable(): Promise<void> {\n  if (!_initPromise) {\n    _initPromise = (async () => {\n      const client = getDbExec();\n      // Additive only. Never DROP / ALTER — this DB is shared across every\n      // deploy context (preview/branch/prod) for hosted templates.\n      await client.execute(`\n        CREATE TABLE IF NOT EXISTS identity_sso_state (\n          state TEXT PRIMARY KEY,\n          return_path TEXT,\n          created_at ${intType()},\n          expires_at ${intType()},\n          consumed_at ${intType()}\n        )\n      `);\n      await client.execute(`\n        CREATE TABLE IF NOT EXISTS identity_sso_jti (\n          jti TEXT PRIMARY KEY,\n          seen_at ${intType()}\n        )\n      `);\n    })().catch((err) => {\n      // Don't cache a rejection — let the next caller retry a fresh init.\n      _initPromise = undefined;\n      throw err;\n    });\n  }\n  return _initPromise;\n}\n\nfunction numOrNull(v: unknown): number | null {\n  if (v == null) return null;\n  const n = Number(v);\n  return Number.isFinite(n) ? n : null;\n}\n\n// ---------------------------------------------------------------------------\n// CSRF state\n// ---------------------------------------------------------------------------\n\n/**\n * Mint a fresh crypto-random `state` value, persist it with an optional\n * same-origin return path, and return it. Rate-limited at creation: at most\n * `SSO_LOGIN_MAX` rows within `SSO_LOGIN_WINDOW_MS`. Throws `RATE_LIMITED`\n * when the cap is exceeded so the route can map it to a 429.\n */\nexport async function createSsoState(\n  returnPath: string | null,\n): Promise<string> {\n  await ensureTable();\n  const client = getDbExec();\n  const now = Date.now();\n\n  try {\n    const { rows } = await client.execute({\n      sql: `SELECT COUNT(*) AS n FROM identity_sso_state WHERE created_at > ?`,\n      args: [now - SSO_LOGIN_WINDOW_MS],\n    });\n    const n = Number(rows[0]?.n ?? rows[0]?.[\"COUNT(*)\"] ?? 0);\n    if (Number.isFinite(n) && n >= SSO_LOGIN_MAX) {\n      throw new Error(\"RATE_LIMITED\");\n    }\n  } catch (err: any) {\n    if (err?.message === \"RATE_LIMITED\") throw err;\n    // A read failure must not block legitimate logins — single-use +\n    // short-TTL state is the primary protection. Continue.\n  }\n\n  const state = randomBytes(32).toString(\"base64url\");\n  const expiresAt = now + SSO_STATE_TTL_MS;\n  await client.execute({\n    sql: `INSERT INTO identity_sso_state (state, return_path, created_at, expires_at, consumed_at) VALUES (?, ?, ?, ?, ?)`,\n    args: [state, returnPath ?? null, now, expiresAt, null],\n  });\n  return state;\n}\n\nexport interface SsoStateConsumeResult {\n  ok: boolean;\n  returnPath: string | null;\n}\n\n/**\n * Atomically consume a `state` value. Returns `{ ok: true, returnPath }` only\n * when the state existed, had not expired, and had not been consumed before —\n * and this call is the one that transitioned it to consumed (single-use,\n * enforced via a conditional UPDATE so a double callback can't both pass).\n * Any other condition returns `{ ok: false }`.\n */\nexport async function consumeSsoState(\n  state: string,\n): Promise<SsoStateConsumeResult> {\n  if (!state) return { ok: false, returnPath: null };\n  await ensureTable();\n  const client = getDbExec();\n  const now = Date.now();\n\n  const { rows } = await client.execute({\n    sql: `SELECT state, return_path, expires_at, consumed_at FROM identity_sso_state WHERE state = ?`,\n    args: [state],\n  });\n  if (rows.length === 0) return { ok: false, returnPath: null };\n  const row: any = rows[0];\n  const expiresAt = numOrNull(row.expires_at ?? row.expiresAt);\n  const consumedAt = numOrNull(row.consumed_at ?? row.consumedAt);\n  if (consumedAt != null) return { ok: false, returnPath: null };\n  if (expiresAt != null && expiresAt < now) {\n    return { ok: false, returnPath: null };\n  }\n\n  // Single-use: only the caller that flips `consumed_at` from NULL wins.\n  const result = await client.execute({\n    sql: `UPDATE identity_sso_state SET consumed_at = ? WHERE state = ? AND consumed_at IS NULL`,\n    args: [now, state],\n  });\n  if (result.rowsAffected === 0) {\n    // Lost the race to a concurrent callback — treat as already consumed.\n    return { ok: false, returnPath: null };\n  }\n  const returnPath = (row.return_path ?? row.returnPath ?? null) as\n    | string\n    | null;\n  return { ok: true, returnPath };\n}\n\n// ---------------------------------------------------------------------------\n// Replay (jti) guard\n// ---------------------------------------------------------------------------\n\n/**\n * Returns true when the given identity-token `jti` has already been seen\n * (i.e. this is a replay). On the first sighting, records the `jti` and\n * returns false. Best-effort: a store/DB error returns `false` (not a\n * replay) so a transient Neon WS drop never blocks a legitimate first-time\n * sign-in — signature + exp + scope + single-use CSRF state remain the hard\n * gates; this only adds defence in depth against token replay.\n */\nexport async function isJtiReplayed(jti: string | undefined): Promise<boolean> {\n  if (!jti) return false;\n  try {\n    await ensureTable();\n    const client = getDbExec();\n    const result = await client.execute({\n      sql: `INSERT INTO identity_sso_jti (jti, seen_at) VALUES (?, ?)`,\n      args: [jti, Date.now()],\n    });\n    // A successful insert means this jti was never seen → not a replay.\n    return result.rowsAffected === 0;\n  } catch (err) {\n    // Primary-key conflict = the jti already exists = replay.\n    const msg = String((err as any)?.message ?? \"\").toLowerCase();\n    if (\n      msg.includes(\"unique\") ||\n      msg.includes(\"duplicate\") ||\n      msg.includes(\"constraint\")\n    ) {\n      return true;\n    }\n    // Any other error (incl. connection blips): fail open — do not block a\n    // legitimate first sign-in over a transient DB issue.\n    if (isConnectionError(err)) return false;\n    return false;\n  }\n}\n"]}

package/dist/server/identity-sso.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Cross-app SSO ("Sign in with Agent-Native") — the CLIENT side.
+ *
+ * Each hosted `*.agent-native.com` app has its OWN Better Auth user store
+ * (a separate database per app). This module lets an app federate sign-in to
+ * an identity authority (Dispatch) so a user logged in there can land in this
+ * app without re-entering credentials.
+ *
+ * Opt-in, OFF by default, fully reversible. Everything here is gated on the
+ * single env var `AGENT_NATIVE_IDENTITY_HUB_URL`:
+ *
+ *   - UNSET  → `isIdentitySsoEnabled()` is false. The route handler 404s, the
+ *     auth-guard bypass does not apply, and the login page renders no SSO
+ *     button. Existing auth is byte-for-byte unchanged.
+ *   - SET    (e.g. `https://dispatch.agent-native.com`) → two routes mount:
+ *       GET /_agent-native/identity/login
+ *         302 → `<HUB>/_agent-native/identity/authorize?app=<id>
+ *                 &redirect_uri=<thisOrigin>/_agent-native/identity/callback
+ *                 &state=<single-use CSRF state>`
+ *       GET /_agent-native/identity/callback?token=<jwt>&state=<state>
+ *         Verifies the hub-issued identity JWT (HS256 over the SHARED A2A
+ *         secret — the exact verify path A2A / MCP `verifyAuth` use), checks
+ *         `scope:"identity"`, `exp`, single-use CSRF `state`, and (best
+ *         effort) `jti` replay, then JIT-links the verified email into this
+ *         app's local Better Auth store and mints a normal framework session
+ *         the SAME way the Google OAuth callback does.
+ *
+ * Crypto reuse: the hub signs with `jose.SignJWT(...).sign(A2A_SECRET)` (the
+ * existing `signA2AToken` builder). We verify with the identical
+ * `jose.jwtVerify(token, A2A_SECRET)` call `mcp/build-server.ts#verifyAuth`
+ * uses — no new crypto, no new keys.
+ *
+ * Session reuse: a NEW email is created via `auth.api.signUpEmail` — the
+ * exact Better Auth signup path `maybeAutoCreateDevSession` already uses, so
+ * the adapter creates the `user` (+ adapter-managed credential `account`)
+ * row schema-correctly and the normal `databaseHooks.user.create.after`
+ * (org auto-join, analytics) fires. The framework session is then minted via
+ * `createOAuthSession` — the literal Google-OAuth session-mint path
+ * (`addSession` + `setFrameworkSessionCookie`). An EXISTING email is never
+ * mutated: we only ADD an inert federated-provider `account` row (if absent)
+ * and mint the same framework session. Removing the env returns the app to
+ * its prior auth with no residue.
+ */
+import type { H3Event } from "h3";
+import { getIdentityHubUrl, isIdentitySsoEnabled, identitySsoLoginButtonHtml } from "./identity-sso-store.js";
+export { getIdentityHubUrl, isIdentitySsoEnabled, identitySsoLoginButtonHtml };
+/**
+ * The provider id recorded on the additive `account` row we link for an
+ * EXISTING local user. Must match the value the Dispatch authority agent
+ * expects to interoperate with — documented in the report so the two sides
+ * stay in sync. Inert when this provider is unused, so removing the env var
+ * leaves no behavioural residue.
+ */
+export declare const IDENTITY_SSO_PROVIDER_ID = "agent-native";
+/**
+ * The JWT `scope` claim the hub MUST set on the identity token. The callback
+ * rejects any token whose `scope` is not exactly this value, so an A2A
+ * delegation JWT (no scope, or `scope:"mcp-connect"`) can never be replayed
+ * as an identity assertion.
+ */
+export declare const IDENTITY_SSO_SCOPE = "identity";
+/**
+ * Handle a `/_agent-native/identity/*` request. `subpath` is the part after
+ * `/identity` (e.g. `/login`, `/callback`). Returns a 404 Response whenever
+ * the feature is disabled so an unset env var is a true no-op even if the
+ * route somehow gets mounted.
+ */
+export declare function handleIdentitySso(event: H3Event, subpath: string): Promise<Response>;
+/**
+ * Whether the given (already base-path-stripped) request path is one of the
+ * SSO routes that must bypass the blanket auth guard. Both routes resolve /
+ * mint the browser session themselves: `/login` is the unauthenticated entry
+ * point, and `/callback` is hit by a user who is (by definition) not yet
+ * signed in to THIS app. Returns false when the feature is disabled, so the
+ * guard's behaviour is unchanged with the env unset.
+ */
+export declare function isIdentitySsoBypassPath(p: string): boolean;
+//# sourceMappingURL=identity-sso.d.ts.map

package/dist/server/identity-sso.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity-sso.d.ts","sourceRoot":"","sources":["../../src/server/identity-sso.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAWlC,OAAO,EAIL,iBAAiB,EACjB,oBAAoB,EACpB,0BAA0B,EAC3B,MAAM,yBAAyB,CAAC;AAEjC,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,CAAC;AAE/E;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,iBAAiB,CAAC;AAEvD;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,aAAa,CAAC;AAoQ7C;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,OAAO,EACd,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,QAAQ,CAAC,CAiJnB;AAED;;;;;;;GAOG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAM1D"}