@agent-native/core 0.18.1 → 0.19.1

package/dist/server/sentry.js.map

@@ -1 +1 @@
-{"version":3,"file":"sentry.js","sourceRoot":"","sources":["../../src/server/sentry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,KAAK,MAAM,MAAM,cAAc,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAE5B,IAAI,YAAY,GAAG,KAAK,CAAC;AACzB,IAAI,cAAc,GAAG,KAAK,CAAC;AAE3B;;;;;GAKG;AACH,SAAS,oBAAoB;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAClD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,6CAA6C;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAEvD,CAAC;QACF,IAAI,GAAG,EAAE,OAAO;YAAE,OAAO,uBAAuB,GAAG,CAAC,OAAO,EAAE,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;IACD,OAAO,6BAA6B,CAAC;AACvC,CAAC;AAED,SAAS,qBAAqB;IAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC;IACzD,IAAI,CAAC,GAAG;QAAE,OAAO,CAAC,CAAC;IACnB,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC;IACpD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB;IAC9B,IAAI,YAAY;QAAE,OAAO,cAAc,CAAC;IACxC,YAAY,GAAG,IAAI,CAAC;IAEpB,MAAM,GAAG,GAAG,sBAAsB,EAAE,CAAC;IACrC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CACT,+EAA+E,CAChF,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,IAAI,CAAC;QACV,GAAG;QACH,WAAW,EAAE,wBAAwB,EAAE;QACvC,OAAO,EAAE,oBAAoB,EAAE;QAC/B,gBAAgB,EAAE,qBAAqB,EAAE;QACzC,sEAAsE;QACtE,mEAAmE;QACnE,uEAAuE;QACvE,cAAc,EAAE,KAAK;QACrB,UAAU,CAAC,KAAK;YACd,mEAAmE;YACnE,kEAAkE;YAClE,mEAAmE;YACnE,gEAAgE;YAChE,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC;YACzD,IACE,aAAa,KAAK,iBAAiB;gBACnC,KAAK,CAAC,IAAI,EAAE,OAAO,KAAK,YAAY,EACpC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,kEAAkE;YAClE,kEAAkE;YAClE,mEAAmE;YACnE,+DAA+D;YAC/D,iEAAiE;YACjE,mEAAmE;YACnE,6CAA6C;YAC7C,IACE,aAAa,KAAK,gBAAgB;gBAClC,aAAa,KAAK,mBAAmB,EACrC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,oEAAoE;YACpE,qEAAqE;YACrE,qEAAqE;YACrE,oEAAoE;YACpE,iEAAiE;YACjE,+DAA+D;YAC/D,kEAAkE;YAClE,+DAA+D;YAC/D,wDAAwD;YACxD,MAAM,cAAc,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;YACjE,MAAM,kBAAkB,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC;YACzE,IACE,cAAc,KAAK,gBAAgB;gBACnC,kBAAkB,KAAK,sBAAsB,EAC7C,CAAC;gBACD,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,IAAI,EAAE,CAAC;gBACtE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,EAAE,QAAQ,KAAK,oBAAoB;oBACpC,CAAC,EAAE,QAAQ,KAAK,mBAAmB,CACtC,CAAC;gBACF,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YACD,2DAA2D;YAC3D,8DAA8D;YAC9D,kEAAkE;YAClE,4DAA4D;YAC5D,+DAA+D;YAC/D,2DAA2D;YAC3D,iEAAiE;YACjE,2DAA2D;YAC3D,IAAI,aAAa,KAAK,WAAW,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBACjE,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU;oBAEtC,KAAK,CAAC,QAGP,EAAE,EAAE,EAAE,UAAU,CAAgC,CAAC;gBACpD,MAAM,IAAI,GACR,OAAO,UAAU,KAAK,QAAQ;oBAC5B,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC;oBAC1B,CAAC,CAAC,UAAU,CAAC;gBACjB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,IAAI,GAAG,IAAI,IAAI,GAAG,GAAG,EAAE,CAAC;oBAC1D,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,iEAAiE;gBACjE,8DAA8D;gBAC9D,4DAA4D;gBAC5D,gEAAgE;gBAChE,2BAA2B;gBAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;gBACxD,IACE,kCAAkC,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC9C,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC1B,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC/B,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,EAC7B,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,qEAAqE;YACrE,kDAAkD;YAClD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClB,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;oBAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAiC,CAAC;oBAChE,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBACrC,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;wBAC3B,IACE,EAAE,KAAK,QAAQ;4BACf,EAAE,KAAK,eAAe;4BACtB,EAAE,KAAK,YAAY;4BACnB,EAAE,KAAK,qBAAqB,EAC5B,CAAC;4BACD,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;wBACpB,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,uCAAuC;gBACvC,OAAQ,KAAK,CAAC,OAAmC,CAAC,OAAO,CAAC;YAC5D,CAAC;YAED,4DAA4D;YAC5D,iEAAiE;YACjE,kEAAkE;YAClE,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,MAAM,IAAI,GAAG,KAAK,CAAC,IAA+B,CAAC;gBACnD,OAAO,IAAI,CAAC,UAAU,CAAC;gBACvB,MAAM,WAAW,GACf,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ;oBAC3B,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;oBAC9B,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC;gBACpC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,OAAO,KAAK,CAAC,IAAI,CAAC;gBACpB,CAAC;YACH,CAAC;YAED,uEAAuE;YACvE,gDAAgD;YAChD,IAAI,KAAK,CAAC,QAAQ,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACzD,OAAQ,KAAK,CAAC,QAAoC,CAAC,WAAW,CAAC;YACjE,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC,CAAC;IAEH,cAAc,GAAG,IAAI,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA2B;IACjE,IAAI,CAAC,cAAc;QAAE,OAAO;IAC5B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QACD,KAAK,CAAC,OAAO,CAAC;YACZ,EAAE,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK;YACnC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;SACvB,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;QACnE,4DAA4D;IAC9D,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAGvC;IACC,IAAI,CAAC,cAAc;QAAE,OAAO;IAC5B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC;YAC3C,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC;gBACtC,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAc,EACd,OAAiE;IAEjE,IAAI,CAAC,cAAc;QAAE,OAAO,SAAS,CAAC;IACtC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE;YAChC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC1B,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAuBD;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAc,EACd,UAA6B,EAAE;IAE/B,IAAI,CAAC,cAAc;QAAE,OAAO,SAAS,CAAC;IACtC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE;YAChC,IAAI,OAAO,CAAC,KAAK;gBAAE,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,OAAO,CAAC,MAAM;gBAAE,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC3D,IAAI,OAAO,CAAC,SAAS;gBAAE,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;YACpE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClD,IAAI,OAAO,CAAC,KAAK,QAAQ;wBAAE,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACnD,IAAI,CAAC,KAAK,SAAS;wBAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC5C,CAAC;YACH,CAAC;YACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACtD,KAAK,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/**\n * Server-side Sentry initialization for Nitro.\n *\n * Errors thrown inside Nitro routes (the framework's own /_agent-native/*\n * handlers, the template's API routes, action handlers, agent-chat streams)\n * never reach the CLI's Sentry init — that only covers the developer's\n * machine. Without server-side Sentry the only signal a 500 ever produces\n * is a server-side console.error that lives and dies with the request.\n *\n * This module is the third Sentry init point in the framework:\n *   - cli/index.ts          → @sentry/node, hardcoded DSN, \"agent-native-cli\"\n *   - client/analytics.ts   → @sentry/browser, VITE_SENTRY_CLIENT_DSN / runtime config\n *   - server/sentry.ts      → @sentry/node, SENTRY_SERVER_DSN / SENTRY_DSN\n *\n * The browser and server can share a Sentry project/DSN. Separate projects\n * are an operational choice for noise, ownership, or quotas; not a runtime\n * requirement.\n */\nimport * as Sentry from \"@sentry/node\";\nimport path from \"node:path\";\nimport fs from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport type { AuthSession } from \"./auth.js\";\nimport {\n  resolveSentryEnvironment,\n  resolveServerSentryDsn,\n} from \"./sentry-config.js\";\n\nlet _initStarted = false;\nlet _initSucceeded = false;\n\n/**\n * Resolve the agent-native version baked into core's package.json so Sentry\n * \"release\" reflects the running framework version. Mirrors how the CLI\n * computes `_version` — same dist layout, same fallback string. Guarded so\n * a missing/unreadable package.json never crashes server boot.\n */\nfunction resolveServerRelease(): string {\n  const explicit = process.env.AGENT_NATIVE_RELEASE;\n  if (explicit) return explicit;\n  try {\n    const here = path.dirname(fileURLToPath(import.meta.url));\n    // dist/server/sentry.js → ../../package.json\n    const pkgPath = path.resolve(here, \"../../package.json\");\n    const pkg = JSON.parse(fs.readFileSync(pkgPath, \"utf-8\")) as {\n      version?: string;\n    };\n    if (pkg?.version) return `agent-native-server@${pkg.version}`;\n  } catch {\n    // ignore — fall through to \"unknown\"\n  }\n  return \"agent-native-server@unknown\";\n}\n\nfunction parseTracesSampleRate(): number {\n  const raw = process.env.SENTRY_SERVER_TRACES_SAMPLE_RATE;\n  if (!raw) return 0;\n  const n = Number(raw);\n  if (!Number.isFinite(n) || n < 0 || n > 1) return 0;\n  return n;\n}\n\n/**\n * Initialize server-side Sentry. Idempotent — safe to call from multiple\n * plugin entrypoints. Returns `true` if initialization actually happened\n * (DSN was set), `false` if Sentry is disabled (no DSN).\n *\n * No DSN is hardcoded: unlike the CLI (a published binary that always wants\n * to phone home crashes), the server runs in customer environments. Operators\n * set `SENTRY_SERVER_DSN` or the common `SENTRY_DSN` when they want their own\n * Sentry project to receive these events; without one the module no-ops.\n */\nexport function initServerSentry(): boolean {\n  if (_initStarted) return _initSucceeded;\n  _initStarted = true;\n\n  const dsn = resolveServerSentryDsn();\n  if (!dsn) {\n    if (process.env.DEBUG) {\n      console.log(\n        \"[agent-native] SENTRY_SERVER_DSN/SENTRY_DSN not set — server Sentry disabled.\",\n      );\n    }\n    return false;\n  }\n\n  Sentry.init({\n    dsn,\n    environment: resolveSentryEnvironment(),\n    release: resolveServerRelease(),\n    tracesSampleRate: parseTracesSampleRate(),\n    // sendDefaultPii MUST stay false — the framework runs inside customer\n    // environments and we never want to silently ship request headers,\n    // cookies, or process.env contents to Sentry without explicit consent.\n    sendDefaultPii: false,\n    beforeSend(event) {\n      // Drop expected user-input rejections so they don't pollute Sentry\n      // with non-bug noise. Mirrors the CLI's drop list — the framework\n      // and CLI both throw `ValidationError` for the same class of input\n      // failures, and exception type comes through as the class name.\n      const exceptionType = event.exception?.values?.[0]?.type;\n      if (\n        exceptionType === \"ValidationError\" ||\n        event.tags?.handled === \"validation\"\n      ) {\n        return null;\n      }\n      // Drop access-control rejections (caller lacks permission, signed\n      // out, etc.). These are 4xx user-facing errors that propagated to\n      // Nitro's error hook because a route forgot to catch them — fixing\n      // the route is the right answer, but in the meantime they bury\n      // real bugs and don't represent server failures. Auth-routes use\n      // `captureAuthError` directly with `level: warning` so this filter\n      // only sees the generic-handler escape path.\n      if (\n        exceptionType === \"ForbiddenError\" ||\n        exceptionType === \"UnauthorizedError\"\n      ) {\n        return null;\n      }\n      // Drop \"socket hang up\" unhandled promise rejections that fire from\n      // Lambda freeze cycles. AWS Lambda recycles long-lived sockets (e.g.\n      // MCP Streamable HTTP long-polls, keep-alive HTTP agents) ~60s after\n      // a function returns 200; the next thaw delivers a socket-end event\n      // whose Promise has nobody left to await it. The function itself\n      // already returned correctly, so there's no user impact — just\n      // ~10k events/day of noise. The narrow shape (unhandled rejection\n      // from `Socket.socketOnEnd` in `node:_http_client`) keeps real\n      // application-thrown socket errors from being silenced.\n      const exceptionValue = event.exception?.values?.[0]?.value ?? \"\";\n      const exceptionMechanism = event.exception?.values?.[0]?.mechanism?.type;\n      if (\n        exceptionValue === \"socket hang up\" &&\n        exceptionMechanism === \"onunhandledrejection\"\n      ) {\n        const frames = event.exception?.values?.[0]?.stacktrace?.frames ?? [];\n        const fromHttpClient = frames.some(\n          (f) =>\n            f?.function === \"Socket.socketOnEnd\" ||\n            f?.filename === \"node:_http_client\",\n        );\n        if (fromHttpClient) {\n          return null;\n        }\n      }\n      // h3's `createError({ statusCode: 4xx, ... })` produces an\n      // `HTTPError` (h3 v2) / `H3Error` (h3 v1). 4xx HTTPErrors are\n      // handler-controlled \"expected failure\" responses (404 not found,\n      // 400 bad input) that route through Nitro's error hook just\n      // because they bubble out of `defineEventHandler`. They aren't\n      // bugs — they're the documented way to return a 4xx in h3.\n      // Capture only when the statusCode looks like 5xx (real failure)\n      // or is missing (generic Error masquerading as HTTPError).\n      if (exceptionType === \"HTTPError\" || exceptionType === \"H3Error\") {\n        const statusCode = (event.tags?.statusCode ??\n          (\n            event.contexts as\n              | Record<string, Record<string, unknown>>\n              | undefined\n          )?.h3?.statusCode) as number | string | undefined;\n        const code =\n          typeof statusCode === \"string\"\n            ? parseInt(statusCode, 10)\n            : statusCode;\n        if (typeof code === \"number\" && code >= 400 && code < 500) {\n          return null;\n        }\n        // No statusCode in the event payload — fall back to matching the\n        // common 4xx messages so handler-thrown 404/400/403/401 don't\n        // pollute Sentry. This is a heuristic, but the alternatives\n        // (every 4xx becomes a \"real\" issue, or we patch every route to\n        // catch+return) are worse.\n        const value = event.exception?.values?.[0]?.value ?? \"\";\n        if (\n          /^Cannot find any route matching/i.test(value) ||\n          / not found$/i.test(value) ||\n          /Unauthenticated$/i.test(value) ||\n          /^No access to /i.test(value)\n        ) {\n          return null;\n        }\n      }\n\n      // Defense in depth: scrub PII even if some integration auto-attached\n      // request metadata despite sendDefaultPii: false.\n      if (event.request) {\n        if (event.request.headers) {\n          const headers = event.request.headers as Record<string, string>;\n          for (const k of Object.keys(headers)) {\n            const lk = k.toLowerCase();\n            if (\n              lk === \"cookie\" ||\n              lk === \"authorization\" ||\n              lk === \"set-cookie\" ||\n              lk === \"proxy-authorization\"\n            ) {\n              delete headers[k];\n            }\n          }\n        }\n        // Cookies live in their own field too.\n        delete (event.request as Record<string, unknown>).cookies;\n      }\n\n      // Keep user info that was explicitly set via Sentry.setUser\n      // (id/email/username) so we can attribute crashes back to a real\n      // operator. Always strip ip_address — auto-collected, no consent.\n      if (event.user) {\n        const user = event.user as Record<string, unknown>;\n        delete user.ip_address;\n        const hasIdentity =\n          typeof user.id === \"string\" ||\n          typeof user.email === \"string\" ||\n          typeof user.username === \"string\";\n        if (!hasIdentity) {\n          delete event.user;\n        }\n      }\n\n      // Sentry's contexts can carry process.env snapshots — strip env-shaped\n      // contexts so we don't leak deployment secrets.\n      if (event.contexts && typeof event.contexts === \"object\") {\n        delete (event.contexts as Record<string, unknown>).runtime_env;\n      }\n\n      return event;\n    },\n  });\n\n  _initSucceeded = true;\n  return true;\n}\n\n/**\n * `true` once `initServerSentry()` has succeeded with a DSN. Plugins that\n * want to skip work when Sentry is disabled can check this before calling\n * the helpers below.\n */\nexport function isServerSentryEnabled(): boolean {\n  return _initSucceeded;\n}\n\n/**\n * Attach the current request's user to Sentry's isolation scope so any\n * `captureException` triggered later in the request carries the right\n * `user.id` / `user.email` / `user.username` and `orgId` tag.\n *\n * Sentry node 10 uses Node's AsyncLocalStorage to give each async context\n * its own isolation scope, so setting on `getIsolationScope()` here only\n * affects events emitted while this request's async context is active.\n *\n * No-ops gracefully when Sentry isn't initialized or no session exists —\n * never throws into the request path.\n */\nexport function setSentryUserForRequest(session: AuthSession | null): void {\n  if (!_initSucceeded) return;\n  try {\n    const scope = Sentry.getIsolationScope();\n    if (!session) {\n      scope.setUser(null);\n      scope.setTag(\"orgId\", null);\n      return;\n    }\n    scope.setUser({\n      id: session.userId ?? session.email,\n      email: session.email,\n      username: session.name,\n    });\n    scope.setTag(\"orgId\", session.orgId ?? null);\n    if (session.orgRole) {\n      scope.setTag(\"orgRole\", session.orgRole);\n    }\n  } catch {\n    // Sentry scope APIs should never throw, but if they do we'd rather\n    // continue serving the request than crash on observability.\n  }\n}\n\n/**\n * Pin a user/org onto the current isolation scope from a lighter\n * `RequestContext`-shaped payload. Used by the request-context observer so\n * action handlers, agent-chat runs, and integration webhook processors —\n * all of which already wrap their work in `runWithRequestContext({ userEmail,\n * orgId, ... })` — automatically tag Sentry events with the right user even\n * when the Nitro `request` hook didn't see a cookie (e.g. webhook delivery,\n * A2A calls, internal background runs).\n *\n * Skips overwriting a richer user identity already set by\n * `setSentryUserForRequest` — the cookie-resolved session has\n * userId/username on top of email, which we shouldn't clobber.\n */\nexport function setSentryRequestContext(ctx: {\n  userEmail?: string;\n  orgId?: string;\n}): void {\n  if (!_initSucceeded) return;\n  try {\n    const scope = Sentry.getIsolationScope();\n    if (ctx.userEmail) {\n      const existing = scope.getScopeData().user;\n      if (!existing?.id && !existing?.email) {\n        scope.setUser({ id: ctx.userEmail, email: ctx.userEmail });\n      }\n    }\n    if (ctx.orgId) {\n      scope.setTag(\"orgId\", ctx.orgId);\n    }\n  } catch {\n    // never throw\n  }\n}\n\n/**\n * Capture an error from one of the auth attempt routes (login / signup)\n * with the email pinned to the event so support can filter by user. Sets\n * Sentry level to `warning` (not `error`) — bad-password attempts aren't\n * actionable, but a sustained spike of warnings on a route IS the signal\n * we care about.\n *\n * Caller should still return their normal HTTP response (401/409/etc.);\n * this just records the error for observability.\n */\nexport function captureAuthError(\n  error: unknown,\n  context: { route: \"login\" | \"signup\" | \"logout\"; email?: string },\n): string | undefined {\n  if (!_initSucceeded) return undefined;\n  try {\n    return Sentry.withScope((scope) => {\n      scope.setLevel(\"warning\");\n      scope.setTag(\"auth\", context.route);\n      if (context.email) {\n        scope.setUser({ id: context.email, email: context.email });\n      }\n      return Sentry.captureException(error);\n    });\n  } catch {\n    return undefined;\n  }\n}\n\nexport interface RouteErrorContext {\n  /** The full request path (e.g. `/_agent-native/agent-chat`). */\n  route?: string;\n  /** HTTP method (e.g. `GET`, `POST`). */\n  method?: string;\n  /** Caller's `User-Agent` header. */\n  userAgent?: string;\n  /** Free-form extra tags to add to the event (low-cardinality). */\n  tags?: Record<string, string | undefined>;\n  /**\n   * High-cardinality / structured payload — not searchable but visible in\n   * the Sentry event detail (recording IDs, byte counts, compression\n   * metadata, response body tails, etc.).\n   */\n  extra?: Record<string, unknown>;\n  /**\n   * Grouped contexts shown as separate cards in the Sentry event UI.\n   */\n  contexts?: Record<string, Record<string, unknown>>;\n}\n\n/**\n * Capture an exception that surfaced in a Nitro route handler with the\n * request's route/method/userAgent attached as searchable Sentry tags.\n *\n * Non-throwing: if Sentry isn't initialized or the underlying capture\n * fails, this is a no-op. Returns the Sentry event ID when capture\n * succeeded, otherwise `undefined`.\n */\nexport function captureRouteError(\n  error: unknown,\n  context: RouteErrorContext = {},\n): string | undefined {\n  if (!_initSucceeded) return undefined;\n  try {\n    return Sentry.withScope((scope) => {\n      if (context.route) scope.setTag(\"route\", context.route);\n      if (context.method) scope.setTag(\"method\", context.method);\n      if (context.userAgent) scope.setTag(\"userAgent\", context.userAgent);\n      if (context.tags) {\n        for (const [k, v] of Object.entries(context.tags)) {\n          if (typeof v === \"string\") scope.setTag(k, v);\n        }\n      }\n      if (context.extra) {\n        for (const [k, v] of Object.entries(context.extra)) {\n          if (v !== undefined) scope.setExtra(k, v);\n        }\n      }\n      if (context.contexts) {\n        for (const [k, v] of Object.entries(context.contexts)) {\n          scope.setContext(k, v);\n        }\n      }\n      return Sentry.captureException(error);\n    });\n  } catch {\n    return undefined;\n  }\n}\n"]}
+{"version":3,"file":"sentry.js","sourceRoot":"","sources":["../../src/server/sentry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AACH,OAAO,KAAK,MAAM,MAAM,cAAc,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EACL,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAE5B,IAAI,YAAY,GAAG,KAAK,CAAC;AACzB,IAAI,cAAc,GAAG,KAAK,CAAC;AAE3B;;;;;GAKG;AACH,SAAS,oBAAoB;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAClD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,6CAA6C;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAEvD,CAAC;QACF,IAAI,GAAG,EAAE,OAAO;YAAE,OAAO,uBAAuB,GAAG,CAAC,OAAO,EAAE,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;IACD,OAAO,6BAA6B,CAAC;AACvC,CAAC;AAED,SAAS,qBAAqB;IAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC;IACzD,IAAI,CAAC,GAAG;QAAE,OAAO,CAAC,CAAC;IACnB,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC;IACpD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB;IAC9B,IAAI,YAAY;QAAE,OAAO,cAAc,CAAC;IACxC,YAAY,GAAG,IAAI,CAAC;IAEpB,MAAM,GAAG,GAAG,sBAAsB,EAAE,CAAC;IACrC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CACT,+EAA+E,CAChF,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,IAAI,CAAC;QACV,GAAG;QACH,WAAW,EAAE,wBAAwB,EAAE;QACvC,OAAO,EAAE,oBAAoB,EAAE;QAC/B,gBAAgB,EAAE,qBAAqB,EAAE;QACzC,sEAAsE;QACtE,mEAAmE;QACnE,uEAAuE;QACvE,cAAc,EAAE,KAAK;QACrB,UAAU,CAAC,KAAK;YACd,mEAAmE;YACnE,kEAAkE;YAClE,mEAAmE;YACnE,gEAAgE;YAChE,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC;YACzD,IACE,aAAa,KAAK,iBAAiB;gBACnC,KAAK,CAAC,IAAI,EAAE,OAAO,KAAK,YAAY,EACpC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,kEAAkE;YAClE,kEAAkE;YAClE,mEAAmE;YACnE,+DAA+D;YAC/D,iEAAiE;YACjE,mEAAmE;YACnE,6CAA6C;YAC7C,IACE,aAAa,KAAK,gBAAgB;gBAClC,aAAa,KAAK,mBAAmB,EACrC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,oEAAoE;YACpE,qEAAqE;YACrE,qEAAqE;YACrE,oEAAoE;YACpE,iEAAiE;YACjE,+DAA+D;YAC/D,kEAAkE;YAClE,+DAA+D;YAC/D,wDAAwD;YACxD,MAAM,cAAc,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;YACjE,MAAM,kBAAkB,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC;YACzE,MAAM,oBAAoB,GACxB,OAAO,kBAAkB,KAAK,QAAQ;gBACtC,kBAAkB,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;YACtD,IAAI,cAAc,KAAK,gBAAgB,IAAI,oBAAoB,EAAE,CAAC;gBAChE,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,IAAI,EAAE,CAAC;gBACtE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAChC,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,EAAE,QAAQ,KAAK,oBAAoB;oBACpC,CAAC,EAAE,QAAQ,KAAK,mBAAmB,CACtC,CAAC;gBACF,IAAI,cAAc,EAAE,CAAC;oBACnB,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YACD,oEAAoE;YACpE,kEAAkE;YAClE,sEAAsE;YACtE,sEAAsE;YACtE,qBAAqB;YACrB,IAAI,cAAc,KAAK,qBAAqB,IAAI,oBAAoB,EAAE,CAAC;gBACrE,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,MAAM,IAAI,EAAE,CAAC;gBACtE,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAClE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAC3C,MAAM,CAAC,KAAK,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CACjD,CAAC;gBACF,IAAI,CAAC,mBAAmB,IAAI,cAAc,EAAE,CAAC;oBAC3C,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YACD,2DAA2D;YAC3D,8DAA8D;YAC9D,kEAAkE;YAClE,4DAA4D;YAC5D,+DAA+D;YAC/D,2DAA2D;YAC3D,iEAAiE;YACjE,2DAA2D;YAC3D,IAAI,aAAa,KAAK,WAAW,IAAI,aAAa,KAAK,SAAS,EAAE,CAAC;gBACjE,MAAM,UAAU,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU;oBAEtC,KAAK,CAAC,QAGP,EAAE,EAAE,EAAE,UAAU,CAAgC,CAAC;gBACpD,MAAM,IAAI,GACR,OAAO,UAAU,KAAK,QAAQ;oBAC5B,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC;oBAC1B,CAAC,CAAC,UAAU,CAAC;gBACjB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,IAAI,GAAG,IAAI,IAAI,GAAG,GAAG,EAAE,CAAC;oBAC1D,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,iEAAiE;gBACjE,8DAA8D;gBAC9D,4DAA4D;gBAC5D,gEAAgE;gBAChE,2BAA2B;gBAC3B,MAAM,KAAK,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,EAAE,CAAC;gBACxD,IACE,kCAAkC,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC9C,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC1B,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC/B,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC;oBAC7B,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,EAC7B,CAAC;oBACD,OAAO,IAAI,CAAC;gBACd,CAAC;YACH,CAAC;YAED,qEAAqE;YACrE,kDAAkD;YAClD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClB,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;oBAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAiC,CAAC;oBAChE,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBACrC,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;wBAC3B,IACE,EAAE,KAAK,QAAQ;4BACf,EAAE,KAAK,eAAe;4BACtB,EAAE,KAAK,YAAY;4BACnB,EAAE,KAAK,qBAAqB,EAC5B,CAAC;4BACD,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;wBACpB,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,uCAAuC;gBACvC,OAAQ,KAAK,CAAC,OAAmC,CAAC,OAAO,CAAC;YAC5D,CAAC;YAED,4DAA4D;YAC5D,iEAAiE;YACjE,kEAAkE;YAClE,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,MAAM,IAAI,GAAG,KAAK,CAAC,IAA+B,CAAC;gBACnD,OAAO,IAAI,CAAC,UAAU,CAAC;gBACvB,MAAM,WAAW,GACf,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ;oBAC3B,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;oBAC9B,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC;gBACpC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,OAAO,KAAK,CAAC,IAAI,CAAC;gBACpB,CAAC;YACH,CAAC;YAED,uEAAuE;YACvE,gDAAgD;YAChD,IAAI,KAAK,CAAC,QAAQ,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACzD,OAAQ,KAAK,CAAC,QAAoC,CAAC,WAAW,CAAC;YACjE,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC,CAAC;IAEH,cAAc,GAAG,IAAI,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA2B;IACjE,IAAI,CAAC,cAAc;QAAE,OAAO;IAC5B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QACD,KAAK,CAAC,OAAO,CAAC;YACZ,EAAE,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK;YACnC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;SACvB,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;QACnE,4DAA4D;IAC9D,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAGvC;IACC,IAAI,CAAC,cAAc;QAAE,OAAO;IAC5B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC;YAC3C,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC;gBACtC,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAc,EACd,OAAiE;IAEjE,IAAI,CAAC,cAAc;QAAE,OAAO,SAAS,CAAC;IACtC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE;YAChC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC1B,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAuBD;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAc,EACd,UAA6B,EAAE;IAE/B,IAAI,CAAC,cAAc;QAAE,OAAO,SAAS,CAAC;IACtC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE;YAChC,IAAI,OAAO,CAAC,KAAK;gBAAE,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,OAAO,CAAC,MAAM;gBAAE,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC3D,IAAI,OAAO,CAAC,SAAS;gBAAE,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;YACpE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClD,IAAI,OAAO,CAAC,KAAK,QAAQ;wBAAE,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACnD,IAAI,CAAC,KAAK,SAAS;wBAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC5C,CAAC;YACH,CAAC;YACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACtD,KAAK,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/**\n * Server-side Sentry initialization for Nitro.\n *\n * Errors thrown inside Nitro routes (the framework's own /_agent-native/*\n * handlers, the template's API routes, action handlers, agent-chat streams)\n * never reach the CLI's Sentry init — that only covers the developer's\n * machine. Without server-side Sentry the only signal a 500 ever produces\n * is a server-side console.error that lives and dies with the request.\n *\n * This module is the third Sentry init point in the framework:\n *   - cli/index.ts          → @sentry/node, hardcoded DSN, \"agent-native-cli\"\n *   - client/analytics.ts   → @sentry/browser, VITE_SENTRY_CLIENT_DSN / runtime config\n *   - server/sentry.ts      → @sentry/node, SENTRY_SERVER_DSN / SENTRY_DSN\n *\n * The browser and server can share a Sentry project/DSN. Separate projects\n * are an operational choice for noise, ownership, or quotas; not a runtime\n * requirement.\n */\nimport * as Sentry from \"@sentry/node\";\nimport path from \"node:path\";\nimport fs from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport type { AuthSession } from \"./auth.js\";\nimport {\n  resolveSentryEnvironment,\n  resolveServerSentryDsn,\n} from \"./sentry-config.js\";\n\nlet _initStarted = false;\nlet _initSucceeded = false;\n\n/**\n * Resolve the agent-native version baked into core's package.json so Sentry\n * \"release\" reflects the running framework version. Mirrors how the CLI\n * computes `_version` — same dist layout, same fallback string. Guarded so\n * a missing/unreadable package.json never crashes server boot.\n */\nfunction resolveServerRelease(): string {\n  const explicit = process.env.AGENT_NATIVE_RELEASE;\n  if (explicit) return explicit;\n  try {\n    const here = path.dirname(fileURLToPath(import.meta.url));\n    // dist/server/sentry.js → ../../package.json\n    const pkgPath = path.resolve(here, \"../../package.json\");\n    const pkg = JSON.parse(fs.readFileSync(pkgPath, \"utf-8\")) as {\n      version?: string;\n    };\n    if (pkg?.version) return `agent-native-server@${pkg.version}`;\n  } catch {\n    // ignore — fall through to \"unknown\"\n  }\n  return \"agent-native-server@unknown\";\n}\n\nfunction parseTracesSampleRate(): number {\n  const raw = process.env.SENTRY_SERVER_TRACES_SAMPLE_RATE;\n  if (!raw) return 0;\n  const n = Number(raw);\n  if (!Number.isFinite(n) || n < 0 || n > 1) return 0;\n  return n;\n}\n\n/**\n * Initialize server-side Sentry. Idempotent — safe to call from multiple\n * plugin entrypoints. Returns `true` if initialization actually happened\n * (DSN was set), `false` if Sentry is disabled (no DSN).\n *\n * No DSN is hardcoded: unlike the CLI (a published binary that always wants\n * to phone home crashes), the server runs in customer environments. Operators\n * set `SENTRY_SERVER_DSN` or the common `SENTRY_DSN` when they want their own\n * Sentry project to receive these events; without one the module no-ops.\n */\nexport function initServerSentry(): boolean {\n  if (_initStarted) return _initSucceeded;\n  _initStarted = true;\n\n  const dsn = resolveServerSentryDsn();\n  if (!dsn) {\n    if (process.env.DEBUG) {\n      console.log(\n        \"[agent-native] SENTRY_SERVER_DSN/SENTRY_DSN not set — server Sentry disabled.\",\n      );\n    }\n    return false;\n  }\n\n  Sentry.init({\n    dsn,\n    environment: resolveSentryEnvironment(),\n    release: resolveServerRelease(),\n    tracesSampleRate: parseTracesSampleRate(),\n    // sendDefaultPii MUST stay false — the framework runs inside customer\n    // environments and we never want to silently ship request headers,\n    // cookies, or process.env contents to Sentry without explicit consent.\n    sendDefaultPii: false,\n    beforeSend(event) {\n      // Drop expected user-input rejections so they don't pollute Sentry\n      // with non-bug noise. Mirrors the CLI's drop list — the framework\n      // and CLI both throw `ValidationError` for the same class of input\n      // failures, and exception type comes through as the class name.\n      const exceptionType = event.exception?.values?.[0]?.type;\n      if (\n        exceptionType === \"ValidationError\" ||\n        event.tags?.handled === \"validation\"\n      ) {\n        return null;\n      }\n      // Drop access-control rejections (caller lacks permission, signed\n      // out, etc.). These are 4xx user-facing errors that propagated to\n      // Nitro's error hook because a route forgot to catch them — fixing\n      // the route is the right answer, but in the meantime they bury\n      // real bugs and don't represent server failures. Auth-routes use\n      // `captureAuthError` directly with `level: warning` so this filter\n      // only sees the generic-handler escape path.\n      if (\n        exceptionType === \"ForbiddenError\" ||\n        exceptionType === \"UnauthorizedError\"\n      ) {\n        return null;\n      }\n      // Drop \"socket hang up\" unhandled promise rejections that fire from\n      // Lambda freeze cycles. AWS Lambda recycles long-lived sockets (e.g.\n      // MCP Streamable HTTP long-polls, keep-alive HTTP agents) ~60s after\n      // a function returns 200; the next thaw delivers a socket-end event\n      // whose Promise has nobody left to await it. The function itself\n      // already returned correctly, so there's no user impact — just\n      // ~10k events/day of noise. The narrow shape (unhandled rejection\n      // from `Socket.socketOnEnd` in `node:_http_client`) keeps real\n      // application-thrown socket errors from being silenced.\n      const exceptionValue = event.exception?.values?.[0]?.value ?? \"\";\n      const exceptionMechanism = event.exception?.values?.[0]?.mechanism?.type;\n      const isUnhandledRejection =\n        typeof exceptionMechanism === \"string\" &&\n        exceptionMechanism.endsWith(\"onunhandledrejection\");\n      if (exceptionValue === \"socket hang up\" && isUnhandledRejection) {\n        const frames = event.exception?.values?.[0]?.stacktrace?.frames ?? [];\n        const fromHttpClient = frames.some(\n          (f) =>\n            f?.function === \"Socket.socketOnEnd\" ||\n            f?.filename === \"node:_http_client\",\n        );\n        if (fromHttpClient) {\n          return null;\n        }\n      }\n      // Drop SDK-only ErrorEvent promise rejections. These arrive as Node\n      // unhandled rejections with no application frames, usually from a\n      // browser ErrorEvent object crossing the shared browser/server bundle\n      // boundary. Keep any event with app frames so real thrown ErrorEvents\n      // are still visible.\n      if (exceptionValue === \"[object ErrorEvent]\" && isUnhandledRejection) {\n        const frames = event.exception?.values?.[0]?.stacktrace?.frames ?? [];\n        const hasApplicationFrame = frames.some((frame) => frame?.in_app);\n        const hasSentryFrame = frames.some((frame) =>\n          String(frame?.filename ?? \"\").includes(\"sentry\"),\n        );\n        if (!hasApplicationFrame && hasSentryFrame) {\n          return null;\n        }\n      }\n      // h3's `createError({ statusCode: 4xx, ... })` produces an\n      // `HTTPError` (h3 v2) / `H3Error` (h3 v1). 4xx HTTPErrors are\n      // handler-controlled \"expected failure\" responses (404 not found,\n      // 400 bad input) that route through Nitro's error hook just\n      // because they bubble out of `defineEventHandler`. They aren't\n      // bugs — they're the documented way to return a 4xx in h3.\n      // Capture only when the statusCode looks like 5xx (real failure)\n      // or is missing (generic Error masquerading as HTTPError).\n      if (exceptionType === \"HTTPError\" || exceptionType === \"H3Error\") {\n        const statusCode = (event.tags?.statusCode ??\n          (\n            event.contexts as\n              | Record<string, Record<string, unknown>>\n              | undefined\n          )?.h3?.statusCode) as number | string | undefined;\n        const code =\n          typeof statusCode === \"string\"\n            ? parseInt(statusCode, 10)\n            : statusCode;\n        if (typeof code === \"number\" && code >= 400 && code < 500) {\n          return null;\n        }\n        // No statusCode in the event payload — fall back to matching the\n        // common 4xx messages so handler-thrown 404/400/403/401 don't\n        // pollute Sentry. This is a heuristic, but the alternatives\n        // (every 4xx becomes a \"real\" issue, or we patch every route to\n        // catch+return) are worse.\n        const value = event.exception?.values?.[0]?.value ?? \"\";\n        if (\n          /^Cannot find any route matching/i.test(value) ||\n          / not found$/i.test(value) ||\n          /Unauthenticated$/i.test(value) ||\n          /^Unauthorized$/i.test(value) ||\n          /^No access to /i.test(value)\n        ) {\n          return null;\n        }\n      }\n\n      // Defense in depth: scrub PII even if some integration auto-attached\n      // request metadata despite sendDefaultPii: false.\n      if (event.request) {\n        if (event.request.headers) {\n          const headers = event.request.headers as Record<string, string>;\n          for (const k of Object.keys(headers)) {\n            const lk = k.toLowerCase();\n            if (\n              lk === \"cookie\" ||\n              lk === \"authorization\" ||\n              lk === \"set-cookie\" ||\n              lk === \"proxy-authorization\"\n            ) {\n              delete headers[k];\n            }\n          }\n        }\n        // Cookies live in their own field too.\n        delete (event.request as Record<string, unknown>).cookies;\n      }\n\n      // Keep user info that was explicitly set via Sentry.setUser\n      // (id/email/username) so we can attribute crashes back to a real\n      // operator. Always strip ip_address — auto-collected, no consent.\n      if (event.user) {\n        const user = event.user as Record<string, unknown>;\n        delete user.ip_address;\n        const hasIdentity =\n          typeof user.id === \"string\" ||\n          typeof user.email === \"string\" ||\n          typeof user.username === \"string\";\n        if (!hasIdentity) {\n          delete event.user;\n        }\n      }\n\n      // Sentry's contexts can carry process.env snapshots — strip env-shaped\n      // contexts so we don't leak deployment secrets.\n      if (event.contexts && typeof event.contexts === \"object\") {\n        delete (event.contexts as Record<string, unknown>).runtime_env;\n      }\n\n      return event;\n    },\n  });\n\n  _initSucceeded = true;\n  return true;\n}\n\n/**\n * `true` once `initServerSentry()` has succeeded with a DSN. Plugins that\n * want to skip work when Sentry is disabled can check this before calling\n * the helpers below.\n */\nexport function isServerSentryEnabled(): boolean {\n  return _initSucceeded;\n}\n\n/**\n * Attach the current request's user to Sentry's isolation scope so any\n * `captureException` triggered later in the request carries the right\n * `user.id` / `user.email` / `user.username` and `orgId` tag.\n *\n * Sentry node 10 uses Node's AsyncLocalStorage to give each async context\n * its own isolation scope, so setting on `getIsolationScope()` here only\n * affects events emitted while this request's async context is active.\n *\n * No-ops gracefully when Sentry isn't initialized or no session exists —\n * never throws into the request path.\n */\nexport function setSentryUserForRequest(session: AuthSession | null): void {\n  if (!_initSucceeded) return;\n  try {\n    const scope = Sentry.getIsolationScope();\n    if (!session) {\n      scope.setUser(null);\n      scope.setTag(\"orgId\", null);\n      return;\n    }\n    scope.setUser({\n      id: session.userId ?? session.email,\n      email: session.email,\n      username: session.name,\n    });\n    scope.setTag(\"orgId\", session.orgId ?? null);\n    if (session.orgRole) {\n      scope.setTag(\"orgRole\", session.orgRole);\n    }\n  } catch {\n    // Sentry scope APIs should never throw, but if they do we'd rather\n    // continue serving the request than crash on observability.\n  }\n}\n\n/**\n * Pin a user/org onto the current isolation scope from a lighter\n * `RequestContext`-shaped payload. Used by the request-context observer so\n * action handlers, agent-chat runs, and integration webhook processors —\n * all of which already wrap their work in `runWithRequestContext({ userEmail,\n * orgId, ... })` — automatically tag Sentry events with the right user even\n * when the Nitro `request` hook didn't see a cookie (e.g. webhook delivery,\n * A2A calls, internal background runs).\n *\n * Skips overwriting a richer user identity already set by\n * `setSentryUserForRequest` — the cookie-resolved session has\n * userId/username on top of email, which we shouldn't clobber.\n */\nexport function setSentryRequestContext(ctx: {\n  userEmail?: string;\n  orgId?: string;\n}): void {\n  if (!_initSucceeded) return;\n  try {\n    const scope = Sentry.getIsolationScope();\n    if (ctx.userEmail) {\n      const existing = scope.getScopeData().user;\n      if (!existing?.id && !existing?.email) {\n        scope.setUser({ id: ctx.userEmail, email: ctx.userEmail });\n      }\n    }\n    if (ctx.orgId) {\n      scope.setTag(\"orgId\", ctx.orgId);\n    }\n  } catch {\n    // never throw\n  }\n}\n\n/**\n * Capture an error from one of the auth attempt routes (login / signup)\n * with the email pinned to the event so support can filter by user. Sets\n * Sentry level to `warning` (not `error`) — bad-password attempts aren't\n * actionable, but a sustained spike of warnings on a route IS the signal\n * we care about.\n *\n * Caller should still return their normal HTTP response (401/409/etc.);\n * this just records the error for observability.\n */\nexport function captureAuthError(\n  error: unknown,\n  context: { route: \"login\" | \"signup\" | \"logout\"; email?: string },\n): string | undefined {\n  if (!_initSucceeded) return undefined;\n  try {\n    return Sentry.withScope((scope) => {\n      scope.setLevel(\"warning\");\n      scope.setTag(\"auth\", context.route);\n      if (context.email) {\n        scope.setUser({ id: context.email, email: context.email });\n      }\n      return Sentry.captureException(error);\n    });\n  } catch {\n    return undefined;\n  }\n}\n\nexport interface RouteErrorContext {\n  /** The full request path (e.g. `/_agent-native/agent-chat`). */\n  route?: string;\n  /** HTTP method (e.g. `GET`, `POST`). */\n  method?: string;\n  /** Caller's `User-Agent` header. */\n  userAgent?: string;\n  /** Free-form extra tags to add to the event (low-cardinality). */\n  tags?: Record<string, string | undefined>;\n  /**\n   * High-cardinality / structured payload — not searchable but visible in\n   * the Sentry event detail (recording IDs, byte counts, compression\n   * metadata, response body tails, etc.).\n   */\n  extra?: Record<string, unknown>;\n  /**\n   * Grouped contexts shown as separate cards in the Sentry event UI.\n   */\n  contexts?: Record<string, Record<string, unknown>>;\n}\n\n/**\n * Capture an exception that surfaced in a Nitro route handler with the\n * request's route/method/userAgent attached as searchable Sentry tags.\n *\n * Non-throwing: if Sentry isn't initialized or the underlying capture\n * fails, this is a no-op. Returns the Sentry event ID when capture\n * succeeded, otherwise `undefined`.\n */\nexport function captureRouteError(\n  error: unknown,\n  context: RouteErrorContext = {},\n): string | undefined {\n  if (!_initSucceeded) return undefined;\n  try {\n    return Sentry.withScope((scope) => {\n      if (context.route) scope.setTag(\"route\", context.route);\n      if (context.method) scope.setTag(\"method\", context.method);\n      if (context.userAgent) scope.setTag(\"userAgent\", context.userAgent);\n      if (context.tags) {\n        for (const [k, v] of Object.entries(context.tags)) {\n          if (typeof v === \"string\") scope.setTag(k, v);\n        }\n      }\n      if (context.extra) {\n        for (const [k, v] of Object.entries(context.extra)) {\n          if (v !== undefined) scope.setExtra(k, v);\n        }\n      }\n      if (context.contexts) {\n        for (const [k, v] of Object.entries(context.contexts)) {\n          scope.setContext(k, v);\n        }\n      }\n      return Sentry.captureException(error);\n    });\n  } catch {\n    return undefined;\n  }\n}\n"]}

package/dist/sharing/schema.d.ts

@@ -138,7 +138,7 @@ export declare function createSharesTable(tableName: string): import("drizzle-or
             tableName: string;
             dataType: "string";
             columnType: "SQLiteText";
-            data: "viewer" | "editor" | "admin";
+            data: "admin" | "viewer" | "editor";
             driverParam: string;
             notNull: true;
             hasDefault: true;

package/docs/content/client.md

@@ -102,6 +102,21 @@ sendToAgentChat({
 | `preset`              | `string?`   | Optional preset name for downstream consumers  |
 | `referenceImagePaths` | `string[]?` | Optional reference image paths                 |
 
+## Dynamic Suggestions {#dynamic-suggestions}
+
+`<AgentSidebar>`, `<AgentPanel>`, and `<AssistantChat>` merge static `suggestions` with context-aware suggestions by default. The framework reads `navigation`, `selection`, `pending-selection-context`, and the current URL from application state while an empty chat is visible, then offers prompt chips that match the current screen.
+
+```tsx
+<AgentSidebar
+  suggestions={["Summarize my inbox"]}
+  dynamicSuggestions={{ max: 4 }}
+>
+  <App />
+</AgentSidebar>
+```
+
+Set `dynamicSuggestions={false}` to keep only static chips. Pass `getSuggestions` when an app wants deterministic domain-specific chips from the same application-state context.
+
 ## useAgentChatGenerating() {#useagentchatgenerating}
 
 React hook that wraps sendToAgentChat with loading state tracking:

package/docs/content/code-agents-ui.md

@@ -31,6 +31,8 @@ const host: CodeAgentsHost = {
   listRuns: (goalId) => listRunsSomehow(goalId),
   listCodePacks: () => listCodePacksSomehow(),
   createRun: (request) => createRunSomehow(request),
+  subscribeTranscript: (request, callback) =>
+    subscribeToTranscriptSomehow(request, callback),
   readTranscript: (request) => readTranscriptSomehow(request),
   appendFollowUp: (request) => appendFollowUpSomehow(request),
   updateRun: (request) => updateRunSomehow(request),
@@ -193,7 +195,8 @@ AGENT_NATIVE_CODE_AGENTS_HOME=./data/code-agents pnpm dev
 | `listRuns(goalId?)`                                   | List sessions for the selected goal                    |
 | `listCodePacks?()`                                    | List `.agents/commands` and `.agents/skills`           |
 | `createRun(request)`                                  | Start a new run                                        |
-| `readTranscript(request)`                             | Read transcript/tool/status events                     |
+| `subscribeTranscript?(request, callback)`             | Push transcript updates to the shared conversation     |
+| `readTranscript(request)`                             | Poll transcript events as a compatibility fallback     |
 | `appendFollowUp(request)`                             | Add a follow-up, either steering active work or queued |
 | `updateRun(request)`                                  | Update mode or run metadata                            |
 | `retryRun?(request)`                                  | Retry the selected run in place                        |
@@ -207,7 +210,7 @@ Browser hosts should return a graceful `openTerminal` error instead of trying to
 
 Agent-Native Code uses the same `AgentComposerFrame` + `PromptComposer` /
 `TiptapComposer` stack as the framework agent sidebar. Do not fork a separate
-textarea, shell, upload picker, voice button, model picker, or Enter-to-submit
+textarea, coding-tool picker, upload picker, voice button, model picker, or Enter-to-submit
 implementation for Code-like surfaces. If a host needs one extra control, pass
 it through the shared composer extension points so the sidebar, Code UI, and
 Brain chat keep the same interaction model and visual field.
@@ -216,6 +219,16 @@ Brain's Ask route uses `AgentChatSurface`, which is already backed by the
 standard sidebar composer. Code uses `PromptComposer` directly because the host
 owns run creation, transcripts, and follow-up delivery.
 
+## Shared Coding Tools
+
+The sidebar development agent and Agent-Native Code both use the same minimal
+coding-tool profile: `bash`, `read`, `edit`, and `write`. `bash` is the default
+for listing/searching files, running tests, and invoking project CLIs; `read`
+shows line-numbered file slices; `edit` applies exact text replacements; and
+`write` is reserved for new files or intentional full rewrites. Older aliases
+such as `shell`, `read-file`, `write-file`, `list-files`, and `search-files`
+are compatibility-only and are not part of the default advertised surface.
+
 Code-specific UI belongs around the composer, not inside a forked chatfield. The
 shared Code UI may add slots for:
 
@@ -227,6 +240,12 @@ Everything else stays in the shared composer: attachments, references, slash and
 skill insertion, pasted-text handling, voice dictation, drafts, keyboard
 shortcuts, and submission semantics.
 
+The user-facing transcript should stay conversational. Code hosts normalize raw
+transcript/status/tool events into the shared conversation renderer: assistant
+text coalesces into one turn, low-signal lifecycle noise stays out of the main
+surface, and tool activity renders as compact inline summaries with details
+available when needed.
+
 ## Slash Commands
 
 Agent-Native Code treats migration as a capability, not a separate app category. `/migrate` can be a built-in goal, a project command, or a custom instruction pack on top of the same host contract.
@@ -278,8 +297,10 @@ adapter, `run-manager`, or `agent-teams` rather than a bespoke queue/runner.
 
 Follow-ups on active runs support two delivery modes:
 
-- **Send now** records a steering prompt that the active runner applies at the next safe continuation point.
-- **Queue** runs after the current turn finishes.
+- Pressing Enter or clicking send records an immediate steering prompt that the
+  active runner applies at the next safe continuation point.
+- Pressing Cmd+Enter on macOS or Ctrl+Enter elsewhere queues the prompt to run
+  after the current turn finishes.
 
 Inactive runs keep the compatible behavior: the follow-up is appended and the run resumes immediately.
 

package/docs/content/cross-app-sso.md

@@ -0,0 +1,118 @@
+---
+title: "Cross-App SSO"
+description: "Sign in once across every hosted agent-native app via identity federation with Dispatch as the identity authority — opt-in per app, reversible with a single env var."
+---
+
+# Cross-App SSO
+
+Each hosted app at `*.agent-native.com` runs its own deployment with its **own separate user store**. `mail.agent-native.com` and `calendar.agent-native.com` do not share a database, a session table, or a cookie domain. So "sign in once, use every app" cannot be a shared cookie — it has to be **identity federation**, with [Dispatch](/docs/dispatch) acting as the identity authority for the workspace.
+
+This is the same trust primitive [A2A](/docs/a2a-protocol) and [External Agents](/docs/external-agents) already use — an `A2A_SECRET`-signed JWT verified at the request boundary — applied to the human sign-in path instead of agent-to-agent calls.
+
+## What & why {#what-why}
+
+Per-app user stores mean there is no single place a browser cookie could live that every app trusts. The federation model instead names one app — **Dispatch** — as the identity authority. Any other app can delegate "who is this person?" to Dispatch, get back a short-lived signed assertion of the user's verified email, and then **link that to its own local account by email**.
+
+The linking rule is deliberately narrow and additive:
+
+- **Existing same-email user → linked.** The local account is matched by verified email and reused as-is. It is **never modified, renamed, or deleted** — the federation layer only ever reads it and mints a session for it.
+- **New email → created.** A fresh local account is created for that verified email, then a normal local session is minted.
+
+This makes the rollout safe even though it logs people out. **Logout is expected.** When an app turns this on, existing sessions end and users re-authenticate through Dispatch. But they always log back into the **same email-matched account, with all their data intact**, because identity rows are only ever _added to_ — never destroyed, renamed, or repointed. There is no migration, no table rename, no destructive write anywhere in this path. (See the auth invariants in [Authentication](/docs/authentication) and [Security & Data Scoping](/docs/security).)
+
+## How it works {#how-it-works}
+
+The flow is a standard authorize → signed-token → callback redirect, with email as the only thing that crosses the trust boundary.
+
+1. **App → Dispatch (authorize).** The app sends the user to the identity authority:
+
+   ```
+   GET https://dispatch.agent-native.com/_agent-native/identity/authorize
+       ?app=<requesting-app>
+       &redirect_uri=<app-callback-url>
+       &state=<csrf-state>
+   ```
+
+2. **Dispatch authenticates the human.** If the user already has a Dispatch session, this is transparent. If not, Dispatch shows its own normal login (email/password, Google, etc. — see [Authentication](/docs/authentication)). Dispatch is just a regular agent-native app here; it is not running a special auth mode.
+
+3. **Dispatch → App (signed identity token).** Dispatch validates `redirect_uri` against a **strict allowlist** (`*.agent-native.com` plus localhost — nothing else) and 302-redirects back to the app's `redirect_uri` carrying a short-lived **`A2A_SECRET`-signed identity JWT**. The token's claims are intentionally minimal:
+
+   | Claim        | Meaning                                                  |
+   | ------------ | -------------------------------------------------------- |
+   | `sub`        | Stable user id at the identity authority                 |
+   | `email`      | The user's **verified** email — the only join key        |
+   | `name`       | Display name (non-authoritative, for UI only)            |
+   | `org_domain` | Workspace/org domain, when present                       |
+   | `scope`      | Always `"identity"` — this token authorizes sign-in only |
+   | `exp`        | **≤ 5 minutes** from issue                               |
+
+4. **App verifies and JIT-links by email.** The app verifies the token signature with its own `A2A_SECRET`, checks `scope: "identity"` and `exp`, then performs **just-in-time linking strictly by verified email**:
+   - If a local user with that email exists → reuse it unchanged.
+   - If not → create a local user for that email.
+
+5. **App mints a normal local session.** From here on the user has an ordinary local session in that app's own store — every existing access check, org scoping, and action guard works exactly as before. The federation only happened at the front door.
+
+### Opting in {#opt-in}
+
+An app participates **only** when this environment variable is set on its deployment:
+
+```bash
+AGENT_NATIVE_IDENTITY_HUB_URL=https://dispatch.agent-native.com
+```
+
+- **Set** → the app shows a **"Sign in with Agent-Native"** option that runs the flow above. Direct local login (email/password, Google) still works alongside it.
+- **Unset (default)** → **zero behavior change.** The app authenticates exactly as it did before; the federation code path is dormant. There is no schema change and nothing to migrate, so flipping the variable on or off is fully reversible at any time.
+
+## Security {#security}
+
+The whole model rests on a few deliberately small guarantees:
+
+- **Short-lived signed token.** The identity assertion is an `A2A_SECRET`-signed JWT with a **≤ 5-minute** expiry and `scope: "identity"`. It authorizes a single sign-in and cannot be replayed for long or repurposed for API/A2A access. Verification runs at the request boundary before any session is minted — same boundary discipline as [A2A auth](/docs/a2a-protocol#auth-policy).
+- **Strict `redirect_uri` allowlist.** Dispatch only ever redirects to `*.agent-native.com` or localhost. Arbitrary, scheme-relative (`//host`), and cross-origin redirect targets are rejected, so the authority can't be turned into an open-redirect or token-exfiltration oracle.
+- **Email-only join from a verified token.** The _only_ thing that crosses the trust boundary is the verified email in a signed token. The app does not accept a user id, role, org membership, or any privileged state from the wire — it derives everything locally from the matched account.
+- **Additive-only identity writes.** Linking either reuses an existing same-email account untouched or inserts a new one. No update, rename, repoint, or delete of identity rows ever happens on this path — consistent with the framework's "no breaking database changes" rule.
+- **Off by default.** With `AGENT_NATIVE_IDENTITY_HUB_URL` unset the entire feature is inert. Enabling or disabling it is one env var on one deploy, with no data side effects.
+
+## Canary rollout runbook {#canary-rollout}
+
+Cutover and rollback are **a single environment variable per app deployment**. Roll out one app at a time, verify, then expand. Do not set the variable on every app at once.
+
+**1. Deploy the code — no behavior change.**
+Ship the release to every app with `AGENT_NATIVE_IDENTITY_HUB_URL` **unset everywhere**. Because the feature is off by default, this deploy is a no-op for users: every app keeps authenticating exactly as before. Confirm normal logins still work on a couple of apps.
+
+**2. Enable the canary on ONE app (mail) only.**
+Set, on the **mail** deployment only:
+
+```bash
+AGENT_NATIVE_IDENTITY_HUB_URL=https://dispatch.agent-native.com
+```
+
+Leave every other app's environment unset. Redeploy/restart mail so it picks up the variable.
+
+**3. Verify the canary (checklist).**
+On mail, walk the full loop:
+
+- Log **out** of mail.
+- The login screen now shows **"Sign in with Agent-Native"**. Click it.
+- You are taken to **Dispatch** and complete its login (or pass straight through if already signed in there).
+- You are redirected **back to mail, logged in** — and it is the **same pre-existing account** (same email) you had before, not a new one.
+- **Mail data is intact** — your existing mailboxes, drafts, settings, and org scoping are all exactly as they were.
+- **Existing direct logins still work** — email/password and Google sign-in on mail continue to function for users who don't use the SSO button.
+
+If any check fails, go straight to step 5 (rollback) — it is instant and data-safe.
+
+**4. Expand app-by-app.**
+Once mail is verified, repeat steps 2–3 for the next app, then the next — setting `AGENT_NATIVE_IDENTITY_HUB_URL` on one deployment at a time and running the same checklist after each. Never batch-enable.
+
+**5. Rollback = unset the env var on that app's deploy.**
+To revert any app, **remove `AGENT_NATIVE_IDENTITY_HUB_URL` from that app's environment and redeploy/restart it.** The app immediately returns to its prior auth behavior. There is **no data change to undo** — identity rows were only ever added, and unsetting the variable simply makes the federation path dormant again. Each app's cutover and rollback are independent and reversible.
+
+> The rollout logs users out as each app is enabled (they re-auth via Dispatch), but they always log back into the **same email-matched account with data intact**, because identity rows are never destroyed or renamed — only added.
+
+## Related {#related}
+
+- [Authentication](/docs/authentication) — local auth modes, sessions, orgs, the `A2A_SECRET` env var.
+- [A2A Protocol](/docs/a2a-protocol) — the signed-JWT, verify-at-the-boundary trust model this reuses.
+- [External Agents](/docs/external-agents) — the same `A2A_SECRET`-signed identity pattern applied to agent connections and deep links.
+- [Dispatch](/docs/dispatch) — the workspace identity authority and routing hub.
+- [Security & Data Scoping](/docs/security) — additive-only data writes and per-account scoping.

package/docs/content/drop-in-agent.md

@@ -38,6 +38,7 @@ export default function Root() {
         "Draft a reply to the latest email",
         "Show me yesterday's signup numbers",
       ]}
+      dynamicSuggestions
       defaultSidebarWidth={420}
       position="right"
     >
@@ -57,6 +58,7 @@ That's it. The user now has a toggleable agent on every page — with chat histo
 - **`children`** — your app. Rendered in the main area; the sidebar overlays from the chosen side.
 - **`emptyStateText`** — greeting shown when the chat has no messages. Default: `"How can I help you?"`.
 - **`suggestions`** — starter prompts rendered as clickable chips when empty.
+- **`dynamicSuggestions`** — context-aware prompt chips merged with `suggestions`. Enabled by default; pass `false` to show only static suggestions, or `{ max, includeStatic, getSuggestions }` to customize.
 - **`defaultSidebarWidth`** — initial pixel width (mount-only; user resize and saved value override). Default: `380`.
 - **`position`** — `"left"` or `"right"`. Default: `"right"`.
 - **`defaultOpen`** — whether the sidebar starts open (desktop only). Default: `false`.
@@ -146,7 +148,7 @@ Type-safe arguments come from the zod schema in your `defineAction()`. See [Acti
 
 ## Selection + cursor awareness {#selection}
 
-The agent can see what the user has selected — text, cells, slides, contacts — via the `navigation` and `selection` keys in application state. If you'd like Cmd-I (or similar) to send a selected range into the chat as context, see [Context Awareness](/docs/context-awareness).
+The agent can see what the user has selected — text, cells, slides, contacts — via the `navigation` and `selection` keys in application state. The empty chat also uses those keys to offer dynamic suggestions such as "Summarize this selection" or "Improve this slide" when the current screen makes them relevant. If you'd like Cmd-I (or similar) to send a selected range into the chat as context, see [Context Awareness](/docs/context-awareness).
 
 ## Putting it all together {#putting-it-together}