npm - @agent-native/core - Versions diffs - 0.22.19 → 0.22.20 - Mend

@agent-native/core 0.22.19 → 0.22.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/dist/client/embed-auth.d.ts.map +1 -1
package/dist/client/embed-auth.js +85 -3
package/dist/client/embed-auth.js.map +1 -1
package/dist/client/mcp-apps/McpAppRenderer.d.ts +3 -0
package/dist/client/mcp-apps/McpAppRenderer.d.ts.map +1 -1
package/dist/client/mcp-apps/McpAppRenderer.js +86 -9
package/dist/client/mcp-apps/McpAppRenderer.js.map +1 -1
package/dist/deploy/build.d.ts.map +1 -1
package/dist/deploy/build.js +73 -5
package/dist/deploy/build.js.map +1 -1
package/dist/mcp/build-server.d.ts.map +1 -1
package/dist/mcp/build-server.js +40 -3
package/dist/mcp/build-server.js.map +1 -1
package/dist/mcp/builtin-tools.d.ts.map +1 -1
package/dist/mcp/builtin-tools.js +6 -3
package/dist/mcp/builtin-tools.js.map +1 -1
package/dist/mcp/embed-app.d.ts +2 -2
package/dist/mcp/embed-app.d.ts.map +1 -1
package/dist/mcp/embed-app.js +390 -17
package/dist/mcp/embed-app.js.map +1 -1
package/dist/server/core-routes-plugin.d.ts.map +1 -1
package/dist/server/core-routes-plugin.js +37 -10
package/dist/server/core-routes-plugin.js.map +1 -1
package/dist/server/create-server.d.ts.map +1 -1
package/dist/server/create-server.js +21 -7
package/dist/server/create-server.js.map +1 -1
package/dist/server/embed-route.d.ts.map +1 -1
package/dist/server/embed-route.js +62 -21
package/dist/server/embed-route.js.map +1 -1
package/dist/server/security-headers.d.ts.map +1 -1
package/dist/server/security-headers.js +9 -1
package/dist/server/security-headers.js.map +1 -1
package/dist/server/ssr-handler.d.ts +2 -0
package/dist/server/ssr-handler.d.ts.map +1 -1
package/dist/server/ssr-handler.js +66 -11
package/dist/server/ssr-handler.js.map +1 -1
package/dist/shared/mcp-embed-headers.d.ts +12 -0
package/dist/shared/mcp-embed-headers.d.ts.map +1 -0
package/dist/shared/mcp-embed-headers.js +51 -0
package/dist/shared/mcp-embed-headers.js.map +1 -0
package/dist/vite/client.d.ts.map +1 -1
package/dist/vite/client.js +23 -0
package/dist/vite/client.js.map +1 -1
package/docs/content/actions.md +15 -5
package/docs/content/external-agents.md +53 -27
package/docs/content/mcp-protocol.md +29 -4
package/package.json +1 -1

package/dist/deploy/build.js CHANGED Viewed

@@ -20,8 +20,12 @@ import { fileURLToPath } from "url";
 import { discoverApiRoutes, discoverPlugins, discoverActionFiles, getMissingDefaultPlugins, DEFAULT_PLUGIN_REGISTRY, } from "./route-discovery.js";
 import { getWorkspaceCoreExports, } from "./workspace-core.js";
 import { generateActionRegistryForProject } from "../vite/action-types-plugin.js";
+import { mcpEmbedStaticAssetRouteRules } from "../shared/mcp-embed-headers.js";
+import { EMBED_SESSION_COOKIE, EMBED_TOKEN_QUERY_PARAM, } from "../shared/embed-auth.js";
 const cwd = process.cwd();
 const preset = process.env.NITRO_PRESET || "node";
+const DEFAULT_SSR_CACHE_CONTROL = "public, max-age=5, stale-while-revalidate=604800, stale-if-error=3600";
+const AUTHENTICATED_SSR_CACHE_CONTROL = "private, max-age=5, stale-while-revalidate=604800, stale-if-error=3600";
 function normalizeConfiguredAppBasePath() {
     const raw = process.env.VITE_APP_BASE_PATH || process.env.APP_BASE_PATH;
     if (!raw || raw === "/")
@@ -259,16 +263,77 @@ function injectHeadScript(html, script) {
   return html.slice(0, headCloseIdx) + script + html.slice(headCloseIdx);
 }
-async function rewriteMountedResponse(response, basePath) {
-  const sentryClientConfigScript = getSentryClientConfigScript();
-  if (!basePath && !sentryClientConfigScript) return response;
+const DEFAULT_SSR_CACHE_CONTROL = ${JSON.stringify(DEFAULT_SSR_CACHE_CONTROL)};
+const AUTHENTICATED_SSR_CACHE_CONTROL = ${JSON.stringify(AUTHENTICATED_SSR_CACHE_CONTROL)};
+const EMBED_SESSION_COOKIE = ${JSON.stringify(EMBED_SESSION_COOKIE)};
+const EMBED_TOKEN_QUERY_PARAM = ${JSON.stringify(EMBED_TOKEN_QUERY_PARAM)};
+const ANONYMOUS_SESSION_COOKIE_NAMES = new Set(["an_docs_session"]);
+const BETTER_AUTH_SESSION_COOKIE_RE = /\\.session_(?:token|data)$/;
+function isAuthenticatedCookieName(name) {
+  if (ANONYMOUS_SESSION_COOKIE_NAMES.has(name)) return false;
+  const bareName = String(name || "").replace(/^__(?:Secure|Host)-/, "");
+  return (
+    bareName === EMBED_SESSION_COOKIE ||
+    bareName === "an_session" ||
+    bareName === "an_session_workspace" ||
+    bareName.startsWith("an_session_") ||
+    bareName === "an.session_token" ||
+    bareName === "an.session_data" ||
+    BETTER_AUTH_SESSION_COOKIE_RE.test(bareName)
+  );
+}
+function requestHasAuthenticatedCookie(cookieHeader) {
+  if (!cookieHeader) return false;
+  return String(cookieHeader)
+    .split(";")
+    .map((cookie) => cookie.trim().split("=", 1)[0]?.trim())
+    .filter(Boolean)
+    .some(isAuthenticatedCookieName);
+}
+function requestHasAuthSignal(request) {
+  const url = new URL(request.url);
+  return Boolean(
+    request.headers.get("authorization") ||
+    requestHasAuthenticatedCookie(request.headers.get("cookie")) ||
+    url.searchParams.has(EMBED_TOKEN_QUERY_PARAM) ||
+    url.searchParams.has("_session")
+  );
+}
+function applyDefaultSsrCacheHeader(headers, status, hasAuthSignal) {
+  if (headers.has("cache-control")) return;
+  if (status < 200 || status >= 400) return;
+  const contentType = (headers.get("content-type") || "").toLowerCase();
+  if (!contentType.includes("text/html")) return;
+  headers.set(
+    "cache-control",
+    hasAuthSignal ? AUTHENTICATED_SSR_CACHE_CONTROL : DEFAULT_SSR_CACHE_CONTROL,
+  );
+}
+async function rewriteMountedResponse(response, basePath, hasAuthSignal) {
+  const sentryClientConfigScript = getSentryClientConfigScript();
   const headers = new Headers(response.headers);
+  applyDefaultSsrCacheHeader(headers, response.status, hasAuthSignal);
   const location = headers.get("location");
   if (location?.startsWith("/") && !location.startsWith("//")) {
     headers.set("location", prefixMountedPath(location, basePath));
   }
+  if (!basePath && !sentryClientConfigScript) {
+    return new Response(response.body, {
+      status: response.status,
+      statusText: response.statusText,
+      headers,
+    });
+  }
   const contentType = headers.get("content-type") || "";
   if (!contentType.toLowerCase().includes("text/html") || !response.body) {
     return new Response(response.body, {
@@ -338,7 +403,7 @@ async function getHandler() {
         headers: {
           "Access-Control-Allow-Origin": "*",
           "Access-Control-Allow-Methods": "GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS",
-          "Access-Control-Allow-Headers": "Content-Type,Authorization,X-Requested-With,X-Request-Source",
+          "Access-Control-Allow-Headers": "Content-Type,Authorization,X-Requested-With,X-Request-Source,X-Agent-Native-CSRF,X-Agent-Native-Embed-Target",
         },
       });
     }
@@ -370,6 +435,7 @@ ${actionRegistrations.join("\n")}
       return new Response(null, { status: 404 });
     }
     const request = requestWithPathname(event.req, p);
+    const hasAuthSignal = requestHasAuthSignal(event.req);
     if (event.req.method === "HEAD") {
       const getRequest = requestWithMethod(request, "GET");
       const response = await rrHandler(getRequest);
@@ -380,9 +446,10 @@ ${actionRegistrations.join("\n")}
           headers: response.headers,
         }),
         basePath,
+        hasAuthSignal,
       );
     }
-    return rewriteMountedResponse(await rrHandler(request), basePath);
+    return rewriteMountedResponse(await rrHandler(request), basePath, hasAuthSignal);
   }));
   _handler = app.fetch.bind(app);
@@ -1102,6 +1169,7 @@ export default bundle;
         virtual: {
             "virtual:agents-bundle": agentsBundleModuleSource,
         },
+        routeRules: mcpEmbedStaticAssetRouteRules(appBasePath),
         // For edge presets (cloudflare, deno), bundle all deps — node_modules
         // aren't available at runtime. Netlify/Vercel/Node have node_modules.
         ...(preset.startsWith("cloudflare") || preset.startsWith("deno")