npm - @agent-native/core - Versions diffs - 0.32.2 → 0.32.17 - Mend

@agent-native/core 0.32.2 → 0.32.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (240) hide show

package/README.md +3 -1
package/dist/agent/run-store.d.ts.map +1 -1
package/dist/agent/run-store.js +48 -10
package/dist/agent/run-store.js.map +1 -1
package/dist/agent/thread-data-builder.d.ts +12 -0
package/dist/agent/thread-data-builder.d.ts.map +1 -1
package/dist/agent/thread-data-builder.js +104 -6
package/dist/agent/thread-data-builder.js.map +1 -1
package/dist/cli/app-skill.js +2 -2
package/dist/cli/app-skill.js.map +1 -1
package/dist/cli/code-agent-executor.d.ts.map +1 -1
package/dist/cli/code-agent-executor.js +6 -1
package/dist/cli/code-agent-executor.js.map +1 -1
package/dist/cli/code-agent-output-smoother.d.ts +7 -0
package/dist/cli/code-agent-output-smoother.d.ts.map +1 -0
package/dist/cli/code-agent-output-smoother.js +111 -0
package/dist/cli/code-agent-output-smoother.js.map +1 -0
package/dist/cli/connect.d.ts.map +1 -1
package/dist/cli/connect.js +5 -0
package/dist/cli/connect.js.map +1 -1
package/dist/cli/migrate.d.ts.map +1 -1
package/dist/cli/migrate.js +17 -42
package/dist/cli/migrate.js.map +1 -1
package/dist/cli/skills.d.ts +23 -2
package/dist/cli/skills.d.ts.map +1 -1
package/dist/cli/skills.js +405 -41
package/dist/cli/skills.js.map +1 -1
package/dist/cli/templates-meta.d.ts.map +1 -1
package/dist/cli/templates-meta.js +7 -105
package/dist/cli/templates-meta.js.map +1 -1
package/dist/client/AgentPanel.d.ts.map +1 -1
package/dist/client/AgentPanel.js +41 -7
package/dist/client/AgentPanel.js.map +1 -1
package/dist/client/AgentTaskCard.d.ts.map +1 -1
package/dist/client/AgentTaskCard.js +0 -28
package/dist/client/AgentTaskCard.js.map +1 -1
package/dist/client/AssistantChat.d.ts +8 -23
package/dist/client/AssistantChat.d.ts.map +1 -1
package/dist/client/AssistantChat.js +359 -205
package/dist/client/AssistantChat.js.map +1 -1
package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
package/dist/client/MultiTabAssistantChat.js +254 -14
package/dist/client/MultiTabAssistantChat.js.map +1 -1
package/dist/client/agent-chat-adapter.d.ts.map +1 -1
package/dist/client/agent-chat-adapter.js +14 -9
package/dist/client/agent-chat-adapter.js.map +1 -1
package/dist/client/agent-chat.d.ts +24 -0
package/dist/client/agent-chat.d.ts.map +1 -1
package/dist/client/agent-chat.js +73 -0
package/dist/client/agent-chat.js.map +1 -1
package/dist/client/assistant-ui-recovery.d.ts +34 -0
package/dist/client/assistant-ui-recovery.d.ts.map +1 -0
package/dist/client/assistant-ui-recovery.js +122 -0
package/dist/client/assistant-ui-recovery.js.map +1 -0
package/dist/client/composer/PromptComposer.d.ts.map +1 -1
package/dist/client/composer/PromptComposer.js +7 -1
package/dist/client/composer/PromptComposer.js.map +1 -1
package/dist/client/composer/TiptapComposer.d.ts +7 -1
package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
package/dist/client/composer/TiptapComposer.js +22 -2
package/dist/client/composer/TiptapComposer.js.map +1 -1
package/dist/client/frame-protocol.d.ts +6 -2
package/dist/client/frame-protocol.d.ts.map +1 -1
package/dist/client/frame-protocol.js.map +1 -1
package/dist/client/index.d.ts +2 -1
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +2 -1
package/dist/client/index.js.map +1 -1
package/dist/client/org/OrgSwitcher.d.ts.map +1 -1
package/dist/client/org/OrgSwitcher.js +2 -1
package/dist/client/org/OrgSwitcher.js.map +1 -1
package/dist/client/progress/RunsTray.d.ts +13 -3
package/dist/client/progress/RunsTray.d.ts.map +1 -1
package/dist/client/progress/RunsTray.js +105 -36
package/dist/client/progress/RunsTray.js.map +1 -1
package/dist/client/route-warmup.d.ts +61 -0
package/dist/client/route-warmup.d.ts.map +1 -0
package/dist/client/route-warmup.js +456 -0
package/dist/client/route-warmup.js.map +1 -0
package/dist/client/settings/SettingsPanel.d.ts.map +1 -1
package/dist/client/settings/SettingsPanel.js +2 -1
package/dist/client/settings/SettingsPanel.js.map +1 -1
package/dist/client/settings/useBuilderStatus.d.ts +5 -0
package/dist/client/settings/useBuilderStatus.d.ts.map +1 -1
package/dist/client/settings/useBuilderStatus.js +10 -4
package/dist/client/settings/useBuilderStatus.js.map +1 -1
package/dist/client/use-action.d.ts +1 -0
package/dist/client/use-action.d.ts.map +1 -1
package/dist/client/use-action.js +22 -4
package/dist/client/use-action.js.map +1 -1
package/dist/code-agents/background-run.d.ts +2 -0
package/dist/code-agents/background-run.d.ts.map +1 -1
package/dist/code-agents/background-run.js.map +1 -1
package/dist/db/client.d.ts +1 -1
package/dist/db/client.d.ts.map +1 -1
package/dist/db/client.js +25 -1
package/dist/db/client.js.map +1 -1
package/dist/deploy/build.d.ts +4 -0
package/dist/deploy/build.d.ts.map +1 -1
package/dist/deploy/build.js +171 -14
package/dist/deploy/build.js.map +1 -1
package/dist/deploy/immutable-assets.d.ts +1 -0
package/dist/deploy/immutable-assets.d.ts.map +1 -1
package/dist/deploy/immutable-assets.js +1 -0
package/dist/deploy/immutable-assets.js.map +1 -1
package/dist/index.browser.d.ts +1 -1
package/dist/index.browser.d.ts.map +1 -1
package/dist/index.browser.js +1 -1
package/dist/index.browser.js.map +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +1 -1
package/dist/index.js.map +1 -1
package/dist/mcp/connect-route.d.ts.map +1 -1
package/dist/mcp/connect-route.js +118 -82
package/dist/mcp/connect-route.js.map +1 -1
package/dist/progress/routes.d.ts.map +1 -1
package/dist/progress/routes.js +1 -0
package/dist/progress/routes.js.map +1 -1
package/dist/progress/store.d.ts +13 -0
package/dist/progress/store.d.ts.map +1 -1
package/dist/progress/store.js +18 -0
package/dist/progress/store.js.map +1 -1
package/dist/progress/types.d.ts +2 -0
package/dist/progress/types.d.ts.map +1 -1
package/dist/progress/types.js.map +1 -1
package/dist/scripts/db/wipe-leaked-builder-keys.d.ts +2 -2
package/dist/scripts/db/wipe-leaked-builder-keys.d.ts.map +1 -1
package/dist/scripts/db/wipe-leaked-builder-keys.js +14 -3
package/dist/scripts/db/wipe-leaked-builder-keys.js.map +1 -1
package/dist/server/action-routes.d.ts +1 -0
package/dist/server/action-routes.d.ts.map +1 -1
package/dist/server/action-routes.js +36 -2
package/dist/server/action-routes.js.map +1 -1
package/dist/server/agent-chat-plugin.d.ts.map +1 -1
package/dist/server/agent-chat-plugin.js +123 -25
package/dist/server/agent-chat-plugin.js.map +1 -1
package/dist/server/agent-discovery.d.ts.map +1 -1
package/dist/server/agent-discovery.js +14 -1
package/dist/server/agent-discovery.js.map +1 -1
package/dist/server/agent-teams-run-queue.d.ts +80 -0
package/dist/server/agent-teams-run-queue.d.ts.map +1 -0
package/dist/server/agent-teams-run-queue.js +208 -0
package/dist/server/agent-teams-run-queue.js.map +1 -0
package/dist/server/agent-teams.d.ts +67 -0
package/dist/server/agent-teams.d.ts.map +1 -1
package/dist/server/agent-teams.js +607 -180
package/dist/server/agent-teams.js.map +1 -1
package/dist/server/auth-marketing.d.ts.map +1 -1
package/dist/server/auth-marketing.js +0 -64
package/dist/server/auth-marketing.js.map +1 -1
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +67 -14
package/dist/server/auth.js.map +1 -1
package/dist/server/builder-browser.d.ts +12 -2
package/dist/server/builder-browser.d.ts.map +1 -1
package/dist/server/builder-browser.js +24 -0
package/dist/server/builder-browser.js.map +1 -1
package/dist/server/core-routes-plugin.d.ts.map +1 -1
package/dist/server/core-routes-plugin.js +66 -5
package/dist/server/core-routes-plugin.js.map +1 -1
package/dist/server/credential-provider.d.ts +10 -0
package/dist/server/credential-provider.d.ts.map +1 -1
package/dist/server/credential-provider.js +82 -3
package/dist/server/credential-provider.js.map +1 -1
package/dist/server/csrf.d.ts.map +1 -1
package/dist/server/csrf.js +3 -0
package/dist/server/csrf.js.map +1 -1
package/dist/server/index.d.ts +1 -0
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +1 -0
package/dist/server/index.js.map +1 -1
package/dist/server/onboarding-html.d.ts +1 -0
package/dist/server/onboarding-html.d.ts.map +1 -1
package/dist/server/onboarding-html.js +14 -1
package/dist/server/onboarding-html.js.map +1 -1
package/dist/server/self-dispatch.d.ts +44 -0
package/dist/server/self-dispatch.d.ts.map +1 -0
package/dist/server/self-dispatch.js +113 -0
package/dist/server/self-dispatch.js.map +1 -0
package/dist/server/social-og-image.d.ts +14 -0
package/dist/server/social-og-image.d.ts.map +1 -0
package/dist/server/social-og-image.js +251 -0
package/dist/server/social-og-image.js.map +1 -0
package/dist/server/ssr-handler.d.ts +1 -1
package/dist/server/ssr-handler.d.ts.map +1 -1
package/dist/server/ssr-handler.js +27 -11
package/dist/server/ssr-handler.js.map +1 -1
package/dist/shared/cache-control.d.ts +7 -0
package/dist/shared/cache-control.d.ts.map +1 -1
package/dist/shared/cache-control.js +7 -0
package/dist/shared/cache-control.js.map +1 -1
package/dist/shared/index.d.ts +1 -1
package/dist/shared/index.d.ts.map +1 -1
package/dist/shared/index.js +1 -1
package/dist/shared/index.js.map +1 -1
package/dist/shared/route-warmup-config.d.ts +28 -0
package/dist/shared/route-warmup-config.d.ts.map +1 -0
package/dist/shared/route-warmup-config.js +58 -0
package/dist/shared/route-warmup-config.js.map +1 -0
package/dist/shared/social-meta.d.ts +5 -0
package/dist/shared/social-meta.d.ts.map +1 -1
package/dist/shared/social-meta.js +36 -2
package/dist/shared/social-meta.js.map +1 -1
package/dist/shared/streaming-text-smoothing.d.ts +12 -0
package/dist/shared/streaming-text-smoothing.d.ts.map +1 -0
package/dist/shared/streaming-text-smoothing.js +52 -0
package/dist/shared/streaming-text-smoothing.js.map +1 -0
package/dist/styles/agent-native.css +4 -4
package/dist/templates/default/AGENTS.md +9 -4
package/dist/templates/default/DEVELOPING.md +15 -1
package/dist/templates/workspace-core/AGENTS.md +7 -3
package/dist/templates/workspace-root/AGENTS.md +7 -3
package/dist/vite/client.d.ts +13 -0
package/dist/vite/client.d.ts.map +1 -1
package/dist/vite/client.js +26 -0
package/dist/vite/client.js.map +1 -1
package/dist/vite/index.d.ts +1 -0
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js.map +1 -1
package/docs/content/client.md +62 -1
package/docs/content/code-agents-ui.md +6 -13
package/docs/content/context-awareness.md +186 -21
package/docs/content/deployment.md +8 -11
package/docs/content/dispatch.md +1 -1
package/docs/content/external-agents.md +32 -2
package/docs/content/migration-workbench.md +4 -21
package/docs/content/multi-app-workspace.md +1 -1
package/docs/content/recurring-jobs.md +1 -1
package/docs/content/security.md +0 -1
package/docs/content/sharing.md +1 -3
package/docs/content/skills-guide.md +12 -10
package/docs/content/template-assets.md +21 -1
package/docs/content/template-design.md +23 -5
package/docs/content/template-dispatch.md +1 -1
package/package.json +2 -1
package/src/templates/default/AGENTS.md +9 -4
package/src/templates/default/DEVELOPING.md +15 -1
package/src/templates/workspace-core/AGENTS.md +7 -3
package/src/templates/workspace-root/AGENTS.md +7 -3

package/dist/server/auth.js CHANGED Viewed

@@ -44,13 +44,13 @@ import { getAllowedCorsOrigin, readCorsAllowedOrigins, } from "./cors-origins.js
 import { getOnboardingHtml, getResetPasswordHtml, } from "./onboarding-html.js";
 import { readBody } from "../server/h3-helpers.js";
 import { readDesktopSso, writeDesktopSso, clearDesktopSso, } from "./desktop-sso.js";
-import { isElectron as isElectronRequest, getAppBasePath, getAppUrl, encodeOAuthState, decodeOAuthState, createOAuthSession, oauthCallbackResponse, oauthErrorPage, resolveOAuthRedirectUri, isAllowedOAuthRedirectUri, } from "./google-oauth.js";
+import { isElectron as isElectronRequest, getAppBasePath, getAppUrl, getOrigin, encodeOAuthState, decodeOAuthState, createOAuthSession, oauthCallbackResponse, oauthErrorPage, resolveOAuthRedirectUri, isAllowedOAuthRedirectUri, } from "./google-oauth.js";
 import { safeOAuthReturnUrl } from "./oauth-return-url.js";
 import { captureAuthError } from "./sentry.js";
 import { extractOAuthStateAppId } from "../shared/oauth-state.js";
 import { isValidWorkspaceAppIdFormat } from "../shared/workspace-app-id.js";
+import { AGENT_NATIVE_SOCIAL_IMAGE_ALT, AGENT_NATIVE_SOCIAL_IMAGE_HEIGHT, AGENT_NATIVE_SOCIAL_IMAGE_PATH, AGENT_NATIVE_SOCIAL_IMAGE_TYPE, AGENT_NATIVE_SOCIAL_IMAGE_WIDTH, } from "../shared/social-meta.js";
 import { normalizeWorkspaceAppAudience, workspaceAppAudienceFromEnv, workspaceAppRouteAccessFromEnv, } from "../shared/workspace-app-audience.js";
-import { DEFAULT_SSR_CACHE_CONTROL } from "../shared/cache-control.js";
 import { resolveAuthCookieNamespace } from "./cookie-namespace.js";
 import { BUILDER_CONNECT_OWNER_COOKIE, BUILDER_CONNECT_PARAM, BUILDER_STATE_PARAM, verifyBuilderCallbackStateAndGetOwner, verifyBuilderConnectTokenAndGetOwner, } from "./builder-browser.js";
 // Pure env-read feature switch from a leaf module (no dependency back on
@@ -72,7 +72,7 @@ export function getSessionMaxAge() {
  *
  * Browsers scope cookies by host (NOT host+port — RFC 6265), so two apps
  * running on different localhost ports share one cookie jar. When multiple
- * templates run side-by-side (`dev:all`, the desktop app, multi-template
+ * templates run side-by-side (eager repo dev, the desktop app, multi-template
  * deploys on a shared domain), they would otherwise stomp on each other's
  * `an_session` cookie and ping-pong each other into a logged-out state.
  *
@@ -315,7 +315,8 @@ export function getConfiguredLoginHtml(event) {
     const url = event.node?.req?.url ?? event.path ?? "/";
     const queryStart = url.indexOf("?");
     const rawPath = queryStart >= 0 ? url.slice(0, queryStart) : url;
-    return config.getLoginHtml?.(event, rawPath) ?? config.loginHtml ?? null;
+    const loginHtml = config.getLoginHtml?.(event, rawPath) ?? config.loginHtml ?? null;
+    return loginHtml ? injectLoginSocialImageMeta(loginHtml, event) : null;
 }
 /**
  * True only when the request originates from the local machine — the raw
@@ -598,6 +599,7 @@ function getOnboardingHtmlOptions(options, event, rawPath) {
         googleAuthMode: options.googleAuthMode,
         requestHost: event ? getRequestHost(event) : undefined,
         requestPath: rawPath,
+        requestOrigin: event ? getOrigin(event) : undefined,
     };
 }
 function getAuthOnboardingHtml(options, event, rawPath) {
@@ -904,12 +906,56 @@ function shouldBypassAuthForBuilderConnect(event, p) {
     }
     return false;
 }
-function loginHtmlResponse(loginHtml) {
-    return new Response(loginHtml, {
+const LOGIN_OG_IMAGE_META_RE = /<meta\b(?=[^>]*\bproperty=(["'])og:image\1)[^>]*>/i;
+const LOGIN_TWITTER_CARD_META_RE = /<meta\b(?=[^>]*\bname=(["'])twitter:card\1)[^>]*>/i;
+const LOGIN_TWITTER_IMAGE_META_RE = /<meta\b(?=[^>]*\bname=(["'])twitter:image\1)[^>]*>/i;
+function escapeHtmlAttr(value) {
+    return value
+        .replace(/&/g, "&amp;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;");
+}
+function injectLoginSocialImageMeta(loginHtml, event) {
+    const headCloseIdx = loginHtml.indexOf("</head>");
+    if (headCloseIdx === -1)
+        return loginHtml;
+    const hasAnySocialImage = LOGIN_OG_IMAGE_META_RE.test(loginHtml) ||
+        LOGIN_TWITTER_IMAGE_META_RE.test(loginHtml);
+    const imageUrl = escapeHtmlAttr(getAppUrl(event, AGENT_NATIVE_SOCIAL_IMAGE_PATH));
+    const tags = [];
+    if (!hasAnySocialImage) {
+        tags.push(`<meta property="og:image" content="${imageUrl}">`);
+        tags.push(`<meta property="og:image:secure_url" content="${imageUrl}">`);
+        tags.push(`<meta property="og:image:type" content="${AGENT_NATIVE_SOCIAL_IMAGE_TYPE}">`);
+        tags.push(`<meta property="og:image:width" content="${AGENT_NATIVE_SOCIAL_IMAGE_WIDTH}">`);
+        tags.push(`<meta property="og:image:height" content="${AGENT_NATIVE_SOCIAL_IMAGE_HEIGHT}">`);
+        tags.push(`<meta property="og:image:alt" content="${AGENT_NATIVE_SOCIAL_IMAGE_ALT}">`);
+    }
+    if (!LOGIN_TWITTER_CARD_META_RE.test(loginHtml)) {
+        tags.push(`<meta name="twitter:card" content="summary_large_image">`);
+    }
+    if (!hasAnySocialImage) {
+        tags.push(`<meta name="twitter:image" content="${imageUrl}">`);
+        tags.push(`<meta name="twitter:image:alt" content="${AGENT_NATIVE_SOCIAL_IMAGE_ALT}">`);
+    }
+    if (tags.length === 0)
+        return loginHtml;
+    return (loginHtml.slice(0, headCloseIdx) +
+        tags.join("") +
+        loginHtml.slice(headCloseIdx));
+}
+function loginHtmlResponse(loginHtml, event) {
+    return new Response(injectLoginSocialImageMeta(loginHtml, event), {
         status: 200,
         headers: {
             "Content-Type": "text/html; charset=utf-8",
-            "Cache-Control": DEFAULT_SSR_CACHE_CONTROL,
+            // Login HTML is selected by the absence of a session cookie. Never put it
+            // in a shared CDN cache: the same route may redirect authenticated users
+            // or render the app after sign-in.
+            "Cache-Control": "private, no-store, max-age=0, must-revalidate",
+            "CDN-Cache-Control": "no-store",
+            "Netlify-CDN-Cache-Control": "no-store",
             "X-Robots-Tag": "noindex, nofollow",
         },
     });
@@ -989,6 +1035,13 @@ function createAuthGuardFn() {
         if (p === "/_agent-native/integrations/process-a2a-continuation") {
             return;
         }
+        // Agent Teams durable sub-agent processor. Self-fired by `spawnTask` to run
+        // a queued sub-agent in a fresh function invocation; authenticity is
+        // verified by the same HMAC internal-token scheme plus an atomic SQL claim,
+        // so it bypasses cookie/session auth (mirrors the integration processor).
+        if (p === "/_agent-native/agent-teams/_process-run") {
+            return;
+        }
         // A2A endpoint verifies authenticity via JWT signed with the org's A2A
         // secret (or the global A2A_SECRET fallback), not via session cookies.
         if (p === "/_agent-native/a2a") {
@@ -999,10 +1052,10 @@ function createAuthGuardFn() {
         // authoritative gate — exactly like A2A above. Without this bypass the
         // guard's blanket 401-for-/_agent-native/* below shadows that check, so
         // an external coding agent (Claude Code / Codex / Cowork) connecting via
-        // the stdio proxy or HTTP can never reach it. Exact path only: the MCP
-        // handler returns early for `/_agent-native/mcp/*` management subroutes,
-        // which keep their normal session auth.
-        if (p === "/_agent-native/mcp") {
+        // the stdio proxy or HTTP can never reach it. Exact protocol endpoint only:
+        // tolerate the common trailing slash, but keep
+        // `/_agent-native/mcp/*` management subroutes on normal session auth.
+        if (p === "/_agent-native/mcp" || p === "/_agent-native/mcp/") {
             return;
         }
         // MCP connect — frictionless external-agent connection. Like /open
@@ -1089,7 +1142,7 @@ function createAuthGuardFn() {
                     headers: { Location: safeReturn },
                 });
             }
-            return loginHtmlResponse(loginHtml);
+            return loginHtmlResponse(loginHtml, event);
         }
         // Auth entry pages are framework-owned pages, not app routes. When a user
         // already has a session, redirect them back to the mounted app instead of
@@ -1102,7 +1155,7 @@ function createAuthGuardFn() {
                     headers: { Location: getAppBasePath() || "/" },
                 });
             }
-            return loginHtmlResponse(loginHtml);
+            return loginHtmlResponse(loginHtml, event);
         }
         // Skip static assets (Vite chunks, fonts, images, etc.)
         if (p.startsWith("/assets/") ||
@@ -1154,7 +1207,7 @@ function createAuthGuardFn() {
             if (autoSession)
                 return autoSession;
         }
-        return loginHtmlResponse(loginHtml);
+        return loginHtmlResponse(loginHtml, event);
     };
 }
 // `.test` is an RFC 6761 reserved TLD that never resolves, so this stays a