@agent-native/core 0.32.2 → 0.32.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (241) hide show
  1. package/README.md +3 -1
  2. package/dist/agent/run-store.d.ts.map +1 -1
  3. package/dist/agent/run-store.js +48 -10
  4. package/dist/agent/run-store.js.map +1 -1
  5. package/dist/agent/thread-data-builder.d.ts +12 -0
  6. package/dist/agent/thread-data-builder.d.ts.map +1 -1
  7. package/dist/agent/thread-data-builder.js +104 -6
  8. package/dist/agent/thread-data-builder.js.map +1 -1
  9. package/dist/cli/app-skill.js +2 -2
  10. package/dist/cli/app-skill.js.map +1 -1
  11. package/dist/cli/code-agent-executor.d.ts.map +1 -1
  12. package/dist/cli/code-agent-executor.js +6 -1
  13. package/dist/cli/code-agent-executor.js.map +1 -1
  14. package/dist/cli/code-agent-output-smoother.d.ts +7 -0
  15. package/dist/cli/code-agent-output-smoother.d.ts.map +1 -0
  16. package/dist/cli/code-agent-output-smoother.js +111 -0
  17. package/dist/cli/code-agent-output-smoother.js.map +1 -0
  18. package/dist/cli/connect.d.ts.map +1 -1
  19. package/dist/cli/connect.js +5 -0
  20. package/dist/cli/connect.js.map +1 -1
  21. package/dist/cli/migrate.d.ts.map +1 -1
  22. package/dist/cli/migrate.js +17 -42
  23. package/dist/cli/migrate.js.map +1 -1
  24. package/dist/cli/skills.d.ts +23 -2
  25. package/dist/cli/skills.d.ts.map +1 -1
  26. package/dist/cli/skills.js +405 -41
  27. package/dist/cli/skills.js.map +1 -1
  28. package/dist/cli/templates-meta.d.ts.map +1 -1
  29. package/dist/cli/templates-meta.js +7 -105
  30. package/dist/cli/templates-meta.js.map +1 -1
  31. package/dist/client/AgentPanel.d.ts.map +1 -1
  32. package/dist/client/AgentPanel.js +41 -7
  33. package/dist/client/AgentPanel.js.map +1 -1
  34. package/dist/client/AgentTaskCard.d.ts.map +1 -1
  35. package/dist/client/AgentTaskCard.js +0 -28
  36. package/dist/client/AgentTaskCard.js.map +1 -1
  37. package/dist/client/AssistantChat.d.ts +8 -23
  38. package/dist/client/AssistantChat.d.ts.map +1 -1
  39. package/dist/client/AssistantChat.js +359 -205
  40. package/dist/client/AssistantChat.js.map +1 -1
  41. package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
  42. package/dist/client/MultiTabAssistantChat.js +254 -14
  43. package/dist/client/MultiTabAssistantChat.js.map +1 -1
  44. package/dist/client/agent-chat-adapter.d.ts.map +1 -1
  45. package/dist/client/agent-chat-adapter.js +14 -9
  46. package/dist/client/agent-chat-adapter.js.map +1 -1
  47. package/dist/client/agent-chat.d.ts +24 -0
  48. package/dist/client/agent-chat.d.ts.map +1 -1
  49. package/dist/client/agent-chat.js +73 -0
  50. package/dist/client/agent-chat.js.map +1 -1
  51. package/dist/client/assistant-ui-recovery.d.ts +34 -0
  52. package/dist/client/assistant-ui-recovery.d.ts.map +1 -0
  53. package/dist/client/assistant-ui-recovery.js +122 -0
  54. package/dist/client/assistant-ui-recovery.js.map +1 -0
  55. package/dist/client/composer/PromptComposer.d.ts.map +1 -1
  56. package/dist/client/composer/PromptComposer.js +7 -1
  57. package/dist/client/composer/PromptComposer.js.map +1 -1
  58. package/dist/client/composer/TiptapComposer.d.ts +7 -1
  59. package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
  60. package/dist/client/composer/TiptapComposer.js +22 -2
  61. package/dist/client/composer/TiptapComposer.js.map +1 -1
  62. package/dist/client/frame-protocol.d.ts +6 -2
  63. package/dist/client/frame-protocol.d.ts.map +1 -1
  64. package/dist/client/frame-protocol.js.map +1 -1
  65. package/dist/client/index.d.ts +2 -1
  66. package/dist/client/index.d.ts.map +1 -1
  67. package/dist/client/index.js +2 -1
  68. package/dist/client/index.js.map +1 -1
  69. package/dist/client/org/OrgSwitcher.d.ts.map +1 -1
  70. package/dist/client/org/OrgSwitcher.js +2 -1
  71. package/dist/client/org/OrgSwitcher.js.map +1 -1
  72. package/dist/client/progress/RunsTray.d.ts +13 -3
  73. package/dist/client/progress/RunsTray.d.ts.map +1 -1
  74. package/dist/client/progress/RunsTray.js +105 -36
  75. package/dist/client/progress/RunsTray.js.map +1 -1
  76. package/dist/client/route-warmup.d.ts +61 -0
  77. package/dist/client/route-warmup.d.ts.map +1 -0
  78. package/dist/client/route-warmup.js +456 -0
  79. package/dist/client/route-warmup.js.map +1 -0
  80. package/dist/client/settings/SettingsPanel.d.ts.map +1 -1
  81. package/dist/client/settings/SettingsPanel.js +2 -1
  82. package/dist/client/settings/SettingsPanel.js.map +1 -1
  83. package/dist/client/settings/useBuilderStatus.d.ts +5 -0
  84. package/dist/client/settings/useBuilderStatus.d.ts.map +1 -1
  85. package/dist/client/settings/useBuilderStatus.js +10 -4
  86. package/dist/client/settings/useBuilderStatus.js.map +1 -1
  87. package/dist/client/use-action.d.ts +1 -0
  88. package/dist/client/use-action.d.ts.map +1 -1
  89. package/dist/client/use-action.js +22 -4
  90. package/dist/client/use-action.js.map +1 -1
  91. package/dist/code-agents/background-run.d.ts +2 -0
  92. package/dist/code-agents/background-run.d.ts.map +1 -1
  93. package/dist/code-agents/background-run.js.map +1 -1
  94. package/dist/db/client.d.ts +1 -1
  95. package/dist/db/client.d.ts.map +1 -1
  96. package/dist/db/client.js +25 -1
  97. package/dist/db/client.js.map +1 -1
  98. package/dist/deploy/build.d.ts +4 -0
  99. package/dist/deploy/build.d.ts.map +1 -1
  100. package/dist/deploy/build.js +171 -14
  101. package/dist/deploy/build.js.map +1 -1
  102. package/dist/deploy/immutable-assets.d.ts +1 -0
  103. package/dist/deploy/immutable-assets.d.ts.map +1 -1
  104. package/dist/deploy/immutable-assets.js +1 -0
  105. package/dist/deploy/immutable-assets.js.map +1 -1
  106. package/dist/index.browser.d.ts +1 -1
  107. package/dist/index.browser.d.ts.map +1 -1
  108. package/dist/index.browser.js +1 -1
  109. package/dist/index.browser.js.map +1 -1
  110. package/dist/index.d.ts +1 -1
  111. package/dist/index.d.ts.map +1 -1
  112. package/dist/index.js +1 -1
  113. package/dist/index.js.map +1 -1
  114. package/dist/mcp/connect-route.d.ts.map +1 -1
  115. package/dist/mcp/connect-route.js +118 -82
  116. package/dist/mcp/connect-route.js.map +1 -1
  117. package/dist/progress/routes.d.ts.map +1 -1
  118. package/dist/progress/routes.js +1 -0
  119. package/dist/progress/routes.js.map +1 -1
  120. package/dist/progress/store.d.ts +13 -0
  121. package/dist/progress/store.d.ts.map +1 -1
  122. package/dist/progress/store.js +18 -0
  123. package/dist/progress/store.js.map +1 -1
  124. package/dist/progress/types.d.ts +2 -0
  125. package/dist/progress/types.d.ts.map +1 -1
  126. package/dist/progress/types.js.map +1 -1
  127. package/dist/scripts/db/wipe-leaked-builder-keys.d.ts +2 -2
  128. package/dist/scripts/db/wipe-leaked-builder-keys.d.ts.map +1 -1
  129. package/dist/scripts/db/wipe-leaked-builder-keys.js +14 -3
  130. package/dist/scripts/db/wipe-leaked-builder-keys.js.map +1 -1
  131. package/dist/server/action-routes.d.ts +1 -0
  132. package/dist/server/action-routes.d.ts.map +1 -1
  133. package/dist/server/action-routes.js +36 -2
  134. package/dist/server/action-routes.js.map +1 -1
  135. package/dist/server/agent-chat-plugin.d.ts +5 -0
  136. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  137. package/dist/server/agent-chat-plugin.js +131 -26
  138. package/dist/server/agent-chat-plugin.js.map +1 -1
  139. package/dist/server/agent-discovery.d.ts.map +1 -1
  140. package/dist/server/agent-discovery.js +14 -1
  141. package/dist/server/agent-discovery.js.map +1 -1
  142. package/dist/server/agent-teams-run-queue.d.ts +80 -0
  143. package/dist/server/agent-teams-run-queue.d.ts.map +1 -0
  144. package/dist/server/agent-teams-run-queue.js +208 -0
  145. package/dist/server/agent-teams-run-queue.js.map +1 -0
  146. package/dist/server/agent-teams.d.ts +67 -0
  147. package/dist/server/agent-teams.d.ts.map +1 -1
  148. package/dist/server/agent-teams.js +607 -180
  149. package/dist/server/agent-teams.js.map +1 -1
  150. package/dist/server/auth-marketing.d.ts.map +1 -1
  151. package/dist/server/auth-marketing.js +0 -64
  152. package/dist/server/auth-marketing.js.map +1 -1
  153. package/dist/server/auth.d.ts.map +1 -1
  154. package/dist/server/auth.js +67 -14
  155. package/dist/server/auth.js.map +1 -1
  156. package/dist/server/builder-browser.d.ts +12 -2
  157. package/dist/server/builder-browser.d.ts.map +1 -1
  158. package/dist/server/builder-browser.js +24 -0
  159. package/dist/server/builder-browser.js.map +1 -1
  160. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  161. package/dist/server/core-routes-plugin.js +66 -5
  162. package/dist/server/core-routes-plugin.js.map +1 -1
  163. package/dist/server/credential-provider.d.ts +10 -0
  164. package/dist/server/credential-provider.d.ts.map +1 -1
  165. package/dist/server/credential-provider.js +82 -3
  166. package/dist/server/credential-provider.js.map +1 -1
  167. package/dist/server/csrf.d.ts.map +1 -1
  168. package/dist/server/csrf.js +3 -0
  169. package/dist/server/csrf.js.map +1 -1
  170. package/dist/server/index.d.ts +1 -0
  171. package/dist/server/index.d.ts.map +1 -1
  172. package/dist/server/index.js +1 -0
  173. package/dist/server/index.js.map +1 -1
  174. package/dist/server/onboarding-html.d.ts +1 -0
  175. package/dist/server/onboarding-html.d.ts.map +1 -1
  176. package/dist/server/onboarding-html.js +14 -1
  177. package/dist/server/onboarding-html.js.map +1 -1
  178. package/dist/server/self-dispatch.d.ts +44 -0
  179. package/dist/server/self-dispatch.d.ts.map +1 -0
  180. package/dist/server/self-dispatch.js +113 -0
  181. package/dist/server/self-dispatch.js.map +1 -0
  182. package/dist/server/social-og-image.d.ts +14 -0
  183. package/dist/server/social-og-image.d.ts.map +1 -0
  184. package/dist/server/social-og-image.js +251 -0
  185. package/dist/server/social-og-image.js.map +1 -0
  186. package/dist/server/ssr-handler.d.ts +1 -1
  187. package/dist/server/ssr-handler.d.ts.map +1 -1
  188. package/dist/server/ssr-handler.js +27 -11
  189. package/dist/server/ssr-handler.js.map +1 -1
  190. package/dist/shared/cache-control.d.ts +7 -0
  191. package/dist/shared/cache-control.d.ts.map +1 -1
  192. package/dist/shared/cache-control.js +7 -0
  193. package/dist/shared/cache-control.js.map +1 -1
  194. package/dist/shared/index.d.ts +1 -1
  195. package/dist/shared/index.d.ts.map +1 -1
  196. package/dist/shared/index.js +1 -1
  197. package/dist/shared/index.js.map +1 -1
  198. package/dist/shared/route-warmup-config.d.ts +28 -0
  199. package/dist/shared/route-warmup-config.d.ts.map +1 -0
  200. package/dist/shared/route-warmup-config.js +58 -0
  201. package/dist/shared/route-warmup-config.js.map +1 -0
  202. package/dist/shared/social-meta.d.ts +5 -0
  203. package/dist/shared/social-meta.d.ts.map +1 -1
  204. package/dist/shared/social-meta.js +36 -2
  205. package/dist/shared/social-meta.js.map +1 -1
  206. package/dist/shared/streaming-text-smoothing.d.ts +12 -0
  207. package/dist/shared/streaming-text-smoothing.d.ts.map +1 -0
  208. package/dist/shared/streaming-text-smoothing.js +52 -0
  209. package/dist/shared/streaming-text-smoothing.js.map +1 -0
  210. package/dist/styles/agent-native.css +4 -4
  211. package/dist/templates/default/AGENTS.md +9 -4
  212. package/dist/templates/default/DEVELOPING.md +15 -1
  213. package/dist/templates/workspace-core/AGENTS.md +7 -3
  214. package/dist/templates/workspace-root/AGENTS.md +7 -3
  215. package/dist/vite/client.d.ts +13 -0
  216. package/dist/vite/client.d.ts.map +1 -1
  217. package/dist/vite/client.js +26 -0
  218. package/dist/vite/client.js.map +1 -1
  219. package/dist/vite/index.d.ts +1 -0
  220. package/dist/vite/index.d.ts.map +1 -1
  221. package/dist/vite/index.js.map +1 -1
  222. package/docs/content/client.md +62 -1
  223. package/docs/content/code-agents-ui.md +6 -13
  224. package/docs/content/context-awareness.md +186 -21
  225. package/docs/content/deployment.md +8 -11
  226. package/docs/content/dispatch.md +1 -1
  227. package/docs/content/external-agents.md +32 -2
  228. package/docs/content/migration-workbench.md +4 -21
  229. package/docs/content/multi-app-workspace.md +1 -1
  230. package/docs/content/recurring-jobs.md +1 -1
  231. package/docs/content/security.md +0 -1
  232. package/docs/content/sharing.md +1 -3
  233. package/docs/content/skills-guide.md +12 -10
  234. package/docs/content/template-assets.md +21 -1
  235. package/docs/content/template-design.md +23 -5
  236. package/docs/content/template-dispatch.md +1 -1
  237. package/package.json +2 -1
  238. package/src/templates/default/AGENTS.md +9 -4
  239. package/src/templates/default/DEVELOPING.md +15 -1
  240. package/src/templates/workspace-core/AGENTS.md +7 -3
  241. package/src/templates/workspace-root/AGENTS.md +7 -3
package/dist/scripts/db/wipe-leaked-builder-keys.d.ts CHANGED
@@ -4,8 +4,8 @@
4
4
  * One-shot cleanup for the legacy cross-tenant Builder credential leak.
5
5
  *
6
6
  * Pre-migration, the Builder OAuth callback wrote BUILDER_PRIVATE_KEY,
7
- * BUILDER_PUBLIC_KEY, BUILDER_USER_ID, BUILDER_ORG_NAME, BUILDER_ORG_KIND
8
- * into the unscoped `persisted-env-vars` settings row. On shared-DB
7
+ * BUILDER_PUBLIC_KEY, BUILDER_USER_ID, BUILDER_ORG_NAME, BUILDER_ORG_KIND,
8
+ * and related account metadata into the unscoped `persisted-env-vars` row. On shared-DB
9
9
  * hosted templates that row was global, so the first user to connect
10
10
  * left their Builder identity sitting in `process.env` for every
11
11
  * subsequent tenant on the same serverless instance — anyone without
package/dist/scripts/db/wipe-leaked-builder-keys.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"wipe-leaked-builder-keys.d.ts","sourceRoot":"","sources":["../../../src/scripts/db/wipe-leaked-builder-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAyBH,wBAA8B,uBAAuB,CACnD,IAAI,EAAE,MAAM,EAAE,GACb,OAAO,CAAC,IAAI,CAAC,CA4Gf"}
1
+ {"version":3,"file":"wipe-leaked-builder-keys.d.ts","sourceRoot":"","sources":["../../../src/scripts/db/wipe-leaked-builder-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AA8BH,wBAA8B,uBAAuB,CACnD,IAAI,EAAE,MAAM,EAAE,GACb,OAAO,CAAC,IAAI,CAAC,CA4Gf"}
package/dist/scripts/db/wipe-leaked-builder-keys.js CHANGED
@@ -4,8 +4,8 @@
4
4
  * One-shot cleanup for the legacy cross-tenant Builder credential leak.
5
5
  *
6
6
  * Pre-migration, the Builder OAuth callback wrote BUILDER_PRIVATE_KEY,
7
- * BUILDER_PUBLIC_KEY, BUILDER_USER_ID, BUILDER_ORG_NAME, BUILDER_ORG_KIND
8
- * into the unscoped `persisted-env-vars` settings row. On shared-DB
7
+ * BUILDER_PUBLIC_KEY, BUILDER_USER_ID, BUILDER_ORG_NAME, BUILDER_ORG_KIND,
8
+ * and related account metadata into the unscoped `persisted-env-vars` row. On shared-DB
9
9
  * hosted templates that row was global, so the first user to connect
10
10
  * left their Builder identity sitting in `process.env` for every
11
11
  * subsequent tenant on the same serverless instance — anyone without
@@ -33,6 +33,11 @@ const BUILDER_KEYS = [
33
33
  "BUILDER_USER_ID",
34
34
  "BUILDER_ORG_NAME",
35
35
  "BUILDER_ORG_KIND",
36
+ "BUILDER_SUBSCRIPTION",
37
+ "BUILDER_SUBSCRIPTION_LEVEL",
38
+ "BUILDER_SUBSCRIPTION_NAME",
39
+ "BUILDER_IS_ENTERPRISE",
40
+ "BUILDER_IS_FREE_ACCOUNT",
36
41
  ];
37
42
  function isPostgresUrl(url) {
38
43
  return url.startsWith("postgres://") || url.startsWith("postgresql://");
@@ -154,7 +159,13 @@ function stripBuilderKeys(row) {
154
159
  function logRemoved(removed, row) {
155
160
  console.log(`[wipe-leaked-builder-keys] BUILDER_* keys present:`);
156
161
  for (const k of removed) {
157
- const masked = k === "BUILDER_ORG_NAME" || k === "BUILDER_ORG_KIND"
162
+ const masked = k === "BUILDER_ORG_NAME" ||
163
+ k === "BUILDER_ORG_KIND" ||
164
+ k === "BUILDER_SUBSCRIPTION" ||
165
+ k === "BUILDER_SUBSCRIPTION_LEVEL" ||
166
+ k === "BUILDER_SUBSCRIPTION_NAME" ||
167
+ k === "BUILDER_IS_ENTERPRISE" ||
168
+ k === "BUILDER_IS_FREE_ACCOUNT"
158
169
  ? String(row[k])
159
170
  : maskValue(row[k]);
160
171
  console.log(` - ${k}: ${masked}`);
package/dist/scripts/db/wipe-leaked-builder-keys.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"wipe-leaked-builder-keys.js","sourceRoot":"","sources":["../../../src/scripts/db/wipe-leaked-builder-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,YAAY,GAAG;IACnB,qBAAqB;IACrB,oBAAoB;IACpB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;CACV,CAAC;AAEX,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,SAAS,CAAC,CAAU;IAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IAC5C,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAChC,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC;AAC7D,CAAC;AAED,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,uBAAuB,CACnD,IAAc;IAEd,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;+CAW+B,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC;IAE5C,IAAI,GAAW,CAAC;IAChB,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;QACd,GAAG,GAAG,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC;SAAM,IAAI,cAAc,EAAE,EAAE,CAAC;QAC5B,GAAG,GAAG,cAAc,EAAE,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QACrC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAC3B,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC;IAC7B,OAAO,CAAC,GAAG,CACT,sCAAsC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9E,CAAC;IAEF,IAAI,GAAG,GAAmC,IAAI,CAAC;IAE/C,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,MAAM,CAC/B,6DAA6D,CAC9D,CAAC;YACF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAwC,CAAC;YACvE,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,gBAAgB,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;YACzD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CACT,+DAA+D,CAChE,CAAC;gBACF,OAAO;YACT,CAAC;YACD,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;YAC/B,IAAI,MAAM;gBAAE,OAAO;YACnB,MAAM,KAAK,CAAC,MAAM,CAChB,kFAAkF,EAClF,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CACtC,CAAC;YACF,OAAO,CAAC,GAAG,CACT,sCAAsC,OAAO,CAAC,MAAM,kCAAkC,CACvF,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,MAAM,KAAK,CAAC,GAAG,EAAE,CAAC;QACpB,CAAC;QACD,OAAO;IACT,CAAC;IAED,kBAAkB;IAClB,MAAM,MAAM,GAAG,YAAY,CAAC;QAC1B,GAAG;QACH,SAAS,EAAE,oBAAoB,EAAE;KAClC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,0CAA0C;YAC/C,IAAI,EAAE,CAAC,oBAAoB,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;YACrE,OAAO;QACT,CAAC;QACD,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC,CAAC;QACjD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,gBAAgB,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;QACzD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CACT,+DAA+D,CAChE,CAAC;YACF,OAAO;QACT,CAAC;QACD,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;QAC/B,IAAI,MAAM;YAAE,OAAO;QACnB,MAAM,MAAM,CAAC,OAAO,CAAC;YACnB,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC;SAClE,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CACT,sCAAsC,OAAO,CAAC,MAAM,kCAAkC,CACvF,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IAIpD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,YAAY,CAAC,CAAC;IACjD,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,UAAU,CAAC,OAAiB,EAAE,GAA4B;IACjE,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAClE,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GACV,CAAC,KAAK,kBAAkB,IAAI,CAAC,KAAK,kBAAkB;YAClD,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC;IACrC,CAAC;AACH,CAAC","sourcesContent":["/**\n * Core script: db-wipe-leaked-builder-keys\n *\n * One-shot cleanup for the legacy cross-tenant Builder credential leak.\n *\n * Pre-migration, the Builder OAuth callback wrote BUILDER_PRIVATE_KEY,\n * BUILDER_PUBLIC_KEY, BUILDER_USER_ID, BUILDER_ORG_NAME, BUILDER_ORG_KIND\n * into the unscoped `persisted-env-vars` settings row. On shared-DB\n * hosted templates that row was global, so the first user to connect\n * left their Builder identity sitting in `process.env` for every\n * subsequent tenant on the same serverless instance — anyone without\n * their own per-user app_secrets record fell back to the leaked key.\n *\n * Per-user Builder credentials now live in `app_secrets` (scope=user,\n * scopeId=email). The plugin init scrubs BUILDER_* on every boot, but\n * this script lets you wipe the row immediately, before redeploying.\n *\n * Idempotent. Re-running on a clean row is a no-op.\n *\n * Usage:\n * DATABASE_URL=postgres://... pnpm action db-wipe-leaked-builder-keys\n * DATABASE_URL=file:./data/app.db pnpm action db-wipe-leaked-builder-keys\n * pnpm action db-wipe-leaked-builder-keys --db ./data/app.db\n * pnpm action db-wipe-leaked-builder-keys --dry-run\n */\n\nimport path from \"path\";\nimport { createClient } from \"@libsql/client\";\nimport { getDatabaseUrl, getDatabaseAuthToken } from \"../../db/client.js\";\nimport { parseArgs } from \"../utils.js\";\n\nconst BUILDER_KEYS = [\n \"BUILDER_PRIVATE_KEY\",\n \"BUILDER_PUBLIC_KEY\",\n \"BUILDER_USER_ID\",\n \"BUILDER_ORG_NAME\",\n \"BUILDER_ORG_KIND\",\n] as const;\n\nfunction isPostgresUrl(url: string): boolean {\n return url.startsWith(\"postgres://\") || url.startsWith(\"postgresql://\");\n}\n\nfunction maskValue(v: unknown): string {\n if (typeof v !== \"string\") return String(v);\n if (v.length <= 8) return \"***\";\n return `${v.slice(0, 4)}…${v.slice(-4)} (len=${v.length})`;\n}\n\nexport default async function dbWipeLeakedBuilderKeys(\n args: string[],\n): Promise<void> {\n const parsed = parseArgs(args);\n\n if (parsed.help === \"true\") {\n console.log(`Usage: pnpm action db-wipe-leaked-builder-keys [options]\n\nRemoves BUILDER_* keys from the persisted-env-vars row in the settings\ntable. Run this once per hosted template database.\n\nOptions:\n --db <path> Path to SQLite database (default: data/app.db when no DATABASE_URL set)\n --dry-run Print what would be removed without writing\n --help Show this help message\n\nDatabase resolution:\n --db flag → DATABASE_URL env → ./data/app.db`);\n return;\n }\n\n const dryRun = parsed[\"dry-run\"] === \"true\";\n\n let url: string;\n if (parsed.db) {\n url = \"file:\" + path.resolve(parsed.db);\n } else if (getDatabaseUrl()) {\n url = getDatabaseUrl();\n } else {\n url = \"file:\" + path.resolve(process.cwd(), \"data\", \"app.db\");\n }\n\n const dbLabel = url.startsWith(\"file:\")\n ? url.slice(\"file:\".length)\n : new URL(url).host || url;\n console.log(\n `[wipe-leaked-builder-keys] target: ${dbLabel}${dryRun ? \" (dry-run)\" : \"\"}`,\n );\n\n let row: Record<string, unknown> | null = null;\n\n if (isPostgresUrl(url)) {\n const { default: pg } = await import(\"postgres\");\n const pgSql = pg(url);\n try {\n const result = await pgSql.unsafe(\n `SELECT value FROM settings WHERE key = 'persisted-env-vars'`,\n );\n const rows = Array.from(result) as unknown as Array<{ value: string }>;\n if (rows.length === 0) {\n console.log(\"[wipe-leaked-builder-keys] no persisted-env-vars row.\");\n return;\n }\n row = JSON.parse(rows[0].value);\n const { cleaned, removed } = stripBuilderKeys(row ?? {});\n if (removed.length === 0) {\n console.log(\n \"[wipe-leaked-builder-keys] row already clean — nothing to do.\",\n );\n return;\n }\n logRemoved(removed, row ?? {});\n if (dryRun) return;\n await pgSql.unsafe(\n `UPDATE settings SET value = $1, updated_at = $2 WHERE key = 'persisted-env-vars'`,\n [JSON.stringify(cleaned), Date.now()],\n );\n console.log(\n `[wipe-leaked-builder-keys] removed ${removed.length} key(s) from persisted-env-vars.`,\n );\n } finally {\n await pgSql.end();\n }\n return;\n }\n\n // libsql / SQLite\n const client = createClient({\n url,\n authToken: getDatabaseAuthToken(),\n });\n try {\n const result = await client.execute({\n sql: `SELECT value FROM settings WHERE key = ?`,\n args: [\"persisted-env-vars\"],\n });\n if (result.rows.length === 0) {\n console.log(\"[wipe-leaked-builder-keys] no persisted-env-vars row.\");\n return;\n }\n row = JSON.parse(result.rows[0].value as string);\n const { cleaned, removed } = stripBuilderKeys(row ?? {});\n if (removed.length === 0) {\n console.log(\n \"[wipe-leaked-builder-keys] row already clean — nothing to do.\",\n );\n return;\n }\n logRemoved(removed, row ?? {});\n if (dryRun) return;\n await client.execute({\n sql: `UPDATE settings SET value = ?, updated_at = ? WHERE key = ?`,\n args: [JSON.stringify(cleaned), Date.now(), \"persisted-env-vars\"],\n });\n console.log(\n `[wipe-leaked-builder-keys] removed ${removed.length} key(s) from persisted-env-vars.`,\n );\n } finally {\n client.close();\n }\n}\n\nfunction stripBuilderKeys(row: Record<string, unknown>): {\n cleaned: Record<string, unknown>;\n removed: string[];\n} {\n const builderSet = new Set<string>(BUILDER_KEYS);\n const cleaned: Record<string, unknown> = {};\n const removed: string[] = [];\n for (const [k, v] of Object.entries(row)) {\n if (builderSet.has(k)) {\n removed.push(k);\n } else {\n cleaned[k] = v;\n }\n }\n return { cleaned, removed };\n}\n\nfunction logRemoved(removed: string[], row: Record<string, unknown>): void {\n console.log(`[wipe-leaked-builder-keys] BUILDER_* keys present:`);\n for (const k of removed) {\n const masked =\n k === \"BUILDER_ORG_NAME\" || k === \"BUILDER_ORG_KIND\"\n ? String(row[k])\n : maskValue(row[k]);\n console.log(` - ${k}: ${masked}`);\n }\n}\n"]}
1
+ {"version":3,"file":"wipe-leaked-builder-keys.js","sourceRoot":"","sources":["../../../src/scripts/db/wipe-leaked-builder-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,MAAM,YAAY,GAAG;IACnB,qBAAqB;IACrB,oBAAoB;IACpB,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;IAClB,sBAAsB;IACtB,4BAA4B;IAC5B,2BAA2B;IAC3B,uBAAuB;IACvB,yBAAyB;CACjB,CAAC;AAEX,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,SAAS,CAAC,CAAU;IAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;IAC5C,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAChC,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC;AAC7D,CAAC;AAED,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,uBAAuB,CACnD,IAAc;IAEd,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAE/B,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC;;;;;;;;;;;+CAW+B,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,MAAM,CAAC;IAE5C,IAAI,GAAW,CAAC;IAChB,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;QACd,GAAG,GAAG,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAC1C,CAAC;SAAM,IAAI,cAAc,EAAE,EAAE,CAAC;QAC5B,GAAG,GAAG,cAAc,EAAE,CAAC;IACzB,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAChE,CAAC;IAED,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QACrC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;QAC3B,CAAC,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,GAAG,CAAC;IAC7B,OAAO,CAAC,GAAG,CACT,sCAAsC,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,CAC9E,CAAC;IAEF,IAAI,GAAG,GAAmC,IAAI,CAAC;IAE/C,IAAI,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,MAAM,CAC/B,6DAA6D,CAC9D,CAAC;YACF,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAwC,CAAC;YACvE,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;YACD,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,gBAAgB,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;YACzD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,GAAG,CACT,+DAA+D,CAChE,CAAC;gBACF,OAAO;YACT,CAAC;YACD,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;YAC/B,IAAI,MAAM;gBAAE,OAAO;YACnB,MAAM,KAAK,CAAC,MAAM,CAChB,kFAAkF,EAClF,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CACtC,CAAC;YACF,OAAO,CAAC,GAAG,CACT,sCAAsC,OAAO,CAAC,MAAM,kCAAkC,CACvF,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,MAAM,KAAK,CAAC,GAAG,EAAE,CAAC;QACpB,CAAC;QACD,OAAO;IACT,CAAC;IAED,kBAAkB;IAClB,MAAM,MAAM,GAAG,YAAY,CAAC;QAC1B,GAAG;QACH,SAAS,EAAE,oBAAoB,EAAE;KAClC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,0CAA0C;YAC/C,IAAI,EAAE,CAAC,oBAAoB,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;YACrE,OAAO;QACT,CAAC;QACD,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC,CAAC;QACjD,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,gBAAgB,CAAC,GAAG,IAAI,EAAE,CAAC,CAAC;QACzD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CACT,+DAA+D,CAChE,CAAC;YACF,OAAO;QACT,CAAC;QACD,UAAU,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC;QAC/B,IAAI,MAAM;YAAE,OAAO;QACnB,MAAM,MAAM,CAAC,OAAO,CAAC;YACnB,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC;SAClE,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CACT,sCAAsC,OAAO,CAAC,MAAM,kCAAkC,CACvF,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IAIpD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,YAAY,CAAC,CAAC;IACjD,MAAM,OAAO,GAA4B,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACzC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;AAC9B,CAAC;AAED,SAAS,UAAU,CAAC,OAAiB,EAAE,GAA4B;IACjE,OAAO,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;IAClE,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,MAAM,GACV,CAAC,KAAK,kBAAkB;YACxB,CAAC,KAAK,kBAAkB;YACxB,CAAC,KAAK,sBAAsB;YAC5B,CAAC,KAAK,4BAA4B;YAClC,CAAC,KAAK,2BAA2B;YACjC,CAAC,KAAK,uBAAuB;YAC7B,CAAC,KAAK,yBAAyB;YAC7B,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAChB,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,MAAM,EAAE,CAAC,CAAC;IACrC,CAAC;AACH,CAAC","sourcesContent":["/**\n * Core script: db-wipe-leaked-builder-keys\n *\n * One-shot cleanup for the legacy cross-tenant Builder credential leak.\n *\n * Pre-migration, the Builder OAuth callback wrote BUILDER_PRIVATE_KEY,\n * BUILDER_PUBLIC_KEY, BUILDER_USER_ID, BUILDER_ORG_NAME, BUILDER_ORG_KIND,\n * and related account metadata into the unscoped `persisted-env-vars` row. On shared-DB\n * hosted templates that row was global, so the first user to connect\n * left their Builder identity sitting in `process.env` for every\n * subsequent tenant on the same serverless instance — anyone without\n * their own per-user app_secrets record fell back to the leaked key.\n *\n * Per-user Builder credentials now live in `app_secrets` (scope=user,\n * scopeId=email). The plugin init scrubs BUILDER_* on every boot, but\n * this script lets you wipe the row immediately, before redeploying.\n *\n * Idempotent. Re-running on a clean row is a no-op.\n *\n * Usage:\n * DATABASE_URL=postgres://... pnpm action db-wipe-leaked-builder-keys\n * DATABASE_URL=file:./data/app.db pnpm action db-wipe-leaked-builder-keys\n * pnpm action db-wipe-leaked-builder-keys --db ./data/app.db\n * pnpm action db-wipe-leaked-builder-keys --dry-run\n */\n\nimport path from \"path\";\nimport { createClient } from \"@libsql/client\";\nimport { getDatabaseUrl, getDatabaseAuthToken } from \"../../db/client.js\";\nimport { parseArgs } from \"../utils.js\";\n\nconst BUILDER_KEYS = [\n \"BUILDER_PRIVATE_KEY\",\n \"BUILDER_PUBLIC_KEY\",\n \"BUILDER_USER_ID\",\n \"BUILDER_ORG_NAME\",\n \"BUILDER_ORG_KIND\",\n \"BUILDER_SUBSCRIPTION\",\n \"BUILDER_SUBSCRIPTION_LEVEL\",\n \"BUILDER_SUBSCRIPTION_NAME\",\n \"BUILDER_IS_ENTERPRISE\",\n \"BUILDER_IS_FREE_ACCOUNT\",\n] as const;\n\nfunction isPostgresUrl(url: string): boolean {\n return url.startsWith(\"postgres://\") || url.startsWith(\"postgresql://\");\n}\n\nfunction maskValue(v: unknown): string {\n if (typeof v !== \"string\") return String(v);\n if (v.length <= 8) return \"***\";\n return `${v.slice(0, 4)}…${v.slice(-4)} (len=${v.length})`;\n}\n\nexport default async function dbWipeLeakedBuilderKeys(\n args: string[],\n): Promise<void> {\n const parsed = parseArgs(args);\n\n if (parsed.help === \"true\") {\n console.log(`Usage: pnpm action db-wipe-leaked-builder-keys [options]\n\nRemoves BUILDER_* keys from the persisted-env-vars row in the settings\ntable. Run this once per hosted template database.\n\nOptions:\n --db <path> Path to SQLite database (default: data/app.db when no DATABASE_URL set)\n --dry-run Print what would be removed without writing\n --help Show this help message\n\nDatabase resolution:\n --db flag → DATABASE_URL env → ./data/app.db`);\n return;\n }\n\n const dryRun = parsed[\"dry-run\"] === \"true\";\n\n let url: string;\n if (parsed.db) {\n url = \"file:\" + path.resolve(parsed.db);\n } else if (getDatabaseUrl()) {\n url = getDatabaseUrl();\n } else {\n url = \"file:\" + path.resolve(process.cwd(), \"data\", \"app.db\");\n }\n\n const dbLabel = url.startsWith(\"file:\")\n ? url.slice(\"file:\".length)\n : new URL(url).host || url;\n console.log(\n `[wipe-leaked-builder-keys] target: ${dbLabel}${dryRun ? \" (dry-run)\" : \"\"}`,\n );\n\n let row: Record<string, unknown> | null = null;\n\n if (isPostgresUrl(url)) {\n const { default: pg } = await import(\"postgres\");\n const pgSql = pg(url);\n try {\n const result = await pgSql.unsafe(\n `SELECT value FROM settings WHERE key = 'persisted-env-vars'`,\n );\n const rows = Array.from(result) as unknown as Array<{ value: string }>;\n if (rows.length === 0) {\n console.log(\"[wipe-leaked-builder-keys] no persisted-env-vars row.\");\n return;\n }\n row = JSON.parse(rows[0].value);\n const { cleaned, removed } = stripBuilderKeys(row ?? {});\n if (removed.length === 0) {\n console.log(\n \"[wipe-leaked-builder-keys] row already clean — nothing to do.\",\n );\n return;\n }\n logRemoved(removed, row ?? {});\n if (dryRun) return;\n await pgSql.unsafe(\n `UPDATE settings SET value = $1, updated_at = $2 WHERE key = 'persisted-env-vars'`,\n [JSON.stringify(cleaned), Date.now()],\n );\n console.log(\n `[wipe-leaked-builder-keys] removed ${removed.length} key(s) from persisted-env-vars.`,\n );\n } finally {\n await pgSql.end();\n }\n return;\n }\n\n // libsql / SQLite\n const client = createClient({\n url,\n authToken: getDatabaseAuthToken(),\n });\n try {\n const result = await client.execute({\n sql: `SELECT value FROM settings WHERE key = ?`,\n args: [\"persisted-env-vars\"],\n });\n if (result.rows.length === 0) {\n console.log(\"[wipe-leaked-builder-keys] no persisted-env-vars row.\");\n return;\n }\n row = JSON.parse(result.rows[0].value as string);\n const { cleaned, removed } = stripBuilderKeys(row ?? {});\n if (removed.length === 0) {\n console.log(\n \"[wipe-leaked-builder-keys] row already clean — nothing to do.\",\n );\n return;\n }\n logRemoved(removed, row ?? {});\n if (dryRun) return;\n await client.execute({\n sql: `UPDATE settings SET value = ?, updated_at = ? WHERE key = ?`,\n args: [JSON.stringify(cleaned), Date.now(), \"persisted-env-vars\"],\n });\n console.log(\n `[wipe-leaked-builder-keys] removed ${removed.length} key(s) from persisted-env-vars.`,\n );\n } finally {\n client.close();\n }\n}\n\nfunction stripBuilderKeys(row: Record<string, unknown>): {\n cleaned: Record<string, unknown>;\n removed: string[];\n} {\n const builderSet = new Set<string>(BUILDER_KEYS);\n const cleaned: Record<string, unknown> = {};\n const removed: string[] = [];\n for (const [k, v] of Object.entries(row)) {\n if (builderSet.has(k)) {\n removed.push(k);\n } else {\n cleaned[k] = v;\n }\n }\n return { cleaned, removed };\n}\n\nfunction logRemoved(removed: string[], row: Record<string, unknown>): void {\n console.log(`[wipe-leaked-builder-keys] BUILDER_* keys present:`);\n for (const k of removed) {\n const masked =\n k === \"BUILDER_ORG_NAME\" ||\n k === \"BUILDER_ORG_KIND\" ||\n k === \"BUILDER_SUBSCRIPTION\" ||\n k === \"BUILDER_SUBSCRIPTION_LEVEL\" ||\n k === \"BUILDER_SUBSCRIPTION_NAME\" ||\n k === \"BUILDER_IS_ENTERPRISE\" ||\n k === \"BUILDER_IS_FREE_ACCOUNT\"\n ? String(row[k])\n : maskValue(row[k]);\n console.log(` - ${k}: ${masked}`);\n }\n}\n"]}
package/dist/server/action-routes.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import type { ActionEntry } from "../agent/production-agent.js";
2
+ export declare function parseActionSearchParams(searchParams: URLSearchParams): Record<string, any>;
2
3
  export interface MountActionRoutesOptions {
3
4
  /** Resolve owner email from the H3 event (for data scoping). */
4
5
  getOwnerFromEvent?: (event: any) => string | Promise<string>;
package/dist/server/action-routes.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"action-routes.d.ts","sourceRoot":"","sources":["../../src/server/action-routes.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AA2FhE,MAAM,WAAW,wBAAwB;IACvC,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,8DAA8D;IAC9D,oBAAoB,CAAC,EAAE,CACrB,KAAK,EAAE,GAAG,KACP,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IACtD,0DAA0D;IAC1D,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACvE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,GAAG,EACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,EACpC,OAAO,CAAC,EAAE,wBAAwB,QAkLnC"}
1
+ {"version":3,"file":"action-routes.d.ts","sourceRoot":"","sources":["../../src/server/action-routes.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAkBhE,wBAAgB,uBAAuB,CACrC,YAAY,EAAE,eAAe,GAC5B,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAMrB;AA2GD,MAAM,WAAW,wBAAwB;IACvC,gEAAgE;IAChE,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC7D,8DAA8D;IAC9D,oBAAoB,CAAC,EAAE,CACrB,KAAK,EAAE,GAAG,KACP,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IACtD,0DAA0D;IAC1D,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACvE;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,GAAG,EACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,EACpC,OAAO,CAAC,EAAE,wBAAwB,QAoLnC"}
package/dist/server/action-routes.js CHANGED
@@ -14,6 +14,40 @@ import { getAllowedCorsOrigin as resolveAllowedCorsOrigin, readCorsAllowedOrigin
14
14
  import { EMBED_TARGET_HEADER } from "../shared/embed-auth.js";
15
15
  import { isMcpEmbedCorsOrigin, MCP_EMBED_CORS_ALLOW_HEADERS, shouldAllowMcpEmbedCredentials, } from "../shared/mcp-embed-headers.js";
16
16
  const ROUTE_PREFIX = "/_agent-native/actions";
17
+ export function parseActionSearchParams(searchParams) {
18
+ const params = {};
19
+ for (const [rawKey, value] of searchParams.entries()) {
20
+ appendActionParam(params, rawKey, value);
21
+ }
22
+ return params;
23
+ }
24
+ function parseActionQueryObject(query) {
25
+ const params = {};
26
+ for (const [rawKey, rawValue] of Object.entries(query)) {
27
+ const values = Array.isArray(rawValue) ? rawValue : [rawValue];
28
+ for (const value of values) {
29
+ if (value != null)
30
+ appendActionParam(params, rawKey, String(value));
31
+ }
32
+ }
33
+ return params;
34
+ }
35
+ function appendActionParam(params, rawKey, value) {
36
+ const isArrayKey = rawKey.endsWith("[]");
37
+ // The core client serializes arrays as `key[]=value` so even a single
38
+ // value can validate against z.array() action schemas.
39
+ const key = isArrayKey ? rawKey.slice(0, -2) : rawKey;
40
+ const current = params[key];
41
+ if (current === undefined) {
42
+ params[key] = isArrayKey ? [value] : value;
43
+ }
44
+ else if (Array.isArray(current)) {
45
+ current.push(value);
46
+ }
47
+ else {
48
+ params[key] = [current, value];
49
+ }
50
+ }
17
51
  /**
18
52
  * Read the caller's IANA timezone from the `x-user-timezone` header. The core
19
53
  * client sends this on every action request so server-side "today" fallbacks
@@ -137,10 +171,10 @@ export function mountActionRoutes(nitroApp, actions, options) {
137
171
  const webReq = event.req;
138
172
  if (webReq?.url) {
139
173
  const url = new URL(webReq.url);
140
- params = Object.fromEntries(url.searchParams);
174
+ params = parseActionSearchParams(url.searchParams);
141
175
  }
142
176
  else {
143
- params = getQuery(event);
177
+ params = parseActionQueryObject(getQuery(event));
144
178
  }
145
179
  }
146
180
  else {
package/dist/server/action-routes.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"action-routes.js","sourceRoot":"","sources":["../../src/server/action-routes.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,QAAQ,EACR,SAAS,GACV,MAAM,IAAI,CAAC;AAEZ,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EACL,oBAAoB,IAAI,wBAAwB,EAChD,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,8BAA8B,GAC/B,MAAM,gCAAgC,CAAC;AAExC,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAE9C;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,KAAU;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACtD,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAOD,SAAS,oBAAoB,CAAC,MAA0B;IACtD,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,EAAE;QACrD,cAAc,EAAE,sBAAsB,EAAE;QACxC,6BAA6B,EAAE,IAAI;KACpC,CAAC,CAAC;IACH,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,oBAAoB,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,MAAM;YACN,WAAW,EAAE,8BAA8B,CAAC,MAAM,CAAC;SACpD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAU;IACtC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,oBAAoB,CAC/B,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAChD,CAAC;IAEF,IAAI,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QACpB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,iBAAiB,CAAC,KAAK,EAAE,6BAA6B,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACrE,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,iBAAiB,CAAC,KAAK,EAAE,kCAAkC,EAAE,MAAM,CAAC,CAAC;QACvE,CAAC;QACD,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,wCAAwC,CACzC,CAAC;QACF,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,IAAI,CAAC,WAAW;YACd,CAAC,CAAC,sJAAsJ,mBAAmB,EAAE;YAC7K,CAAC,CAAC,GAAG,4BAA4B,oDAAoD,CACxF,CAAC;IACJ,CAAC;IAED,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9B,OAAO,EAAE,CAAC;AACZ,CAAC;AAaD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAa,EACb,OAAoC,EACpC,OAAkC;IAElC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,0BAA0B;QAC1B,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;YAAE,SAAS;QAEnC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,MAAM,IAAI,MAAM,CAAC;QAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QACtC,MAAM,SAAS,GAAG,GAAG,YAAY,IAAI,IAAI,EAAE,CAAC;QAE5C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,SAAS,EACT,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,eAAe,GACnB,SAAS,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAE/D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACrC,CAAC;YAED,iBAAiB,CAAC,KAAK,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC;YAEtD,4BAA4B;YAC5B,IAAI,eAAe,KAAK,MAAM,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,2BAA2B,MAAM,GAAG,EAAE,CAAC;YACzD,CAAC;YAED,oEAAoE;YACpE,0DAA0D;YAC1D,qEAAqE;YACrE,8DAA8D;YAC9D,kDAAkD;YAClD,gEAAgE;YAChE,mEAAmE;YACnE,gEAAgE;YAChE,uCAAuC;YACvC,+DAA+D;YAC/D,oEAAoE;YACpE,+BAA+B;YAC/B,MAAM,cAAc,GAClB,SAAS,CAAC,KAAK,EAAE,4BAA4B,CAAC,KAAK,GAAG,CAAC;YACzD,IAAI,cAAc,IAAI,KAAK,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;gBACnD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,WAAW,IAAI,+BAA+B;iBACtD,CAAC;YACJ,CAAC;YAED,+CAA+C;YAC/C,MAAM,SAAS,GAAG,OAAO,EAAE,iBAAiB;gBAC1C,CAAC,CAAC,MAAM,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;gBACxC,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,OAAO,EAAE,oBAAoB;gBAC5C,CAAC,CAAC,MAAM,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC;gBAC3C,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,KAAK,GAAG,OAAO,EAAE,YAAY;gBACjC,CAAC,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,SAAS,CAAC;gBACpD,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAE3C,OAAO,qBAAqB,CAC1B,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,EACxC,KAAK,IAAI,EAAE;gBACT,kEAAkE;gBAClE,qEAAqE;gBACrE,qEAAqE;gBACrE,sCAAsC;gBACtC,IAAI,MAA2B,CAAC;gBAChC,IAAI,CAAC;oBACH,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;wBACrB,sDAAsD;wBACtD,MAAM,MAAM,GAAI,KAAa,CAAC,GAAG,CAAC;wBAClC,IAAI,MAAM,EAAE,GAAG,EAAE,CAAC;4BAChB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;4BAChC,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBAChD,CAAC;6BAAM,CAAC;4BACN,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAwB,CAAC;wBAClD,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,MAAM,GAAI,KAAa,CAAC,GAAG,CAAC;wBAClC,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;4BAChD,6DAA6D;4BAC7D,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;wBACzD,CAAC;6BAAM,CAAC;4BACN,wCAAwC;4BACxC,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;wBACzC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,GAAG,EAAE,CAAC;gBACd,CAAC;gBAED,iBAAiB;gBACjB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAEvC,8DAA8D;oBAC9D,+DAA+D;oBAC/D,gEAAgE;oBAChE,8DAA8D;oBAC9D,6DAA6D;oBAC7D,qDAAqD;oBACrD,+DAA+D;oBAC/D,mEAAmE;oBACnE,gEAAgE;oBAChE,6DAA6D;oBAC7D,MAAM,UAAU,GACd,OAAO,KAAK,CAAC,QAAQ,KAAK,SAAS;wBACjC,CAAC,CAAC,KAAK,CAAC,QAAQ;wBAChB,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC;oBACvB,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,IAAI,CAAC;4BACH,MAAM,kBAAkB,CAAC;gCACvB,UAAU,EAAE,IAAI;gCAChB,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;6BAC3C,CAAC,CAAC;wBACL,CAAC;wBAAC,MAAM,CAAC;4BACP,SAAS;wBACX,CAAC;oBACH,CAAC;oBAED,6EAA6E;oBAC7E,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;wBAC/B,IAAI,CAAC;4BACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;wBAC5B,CAAC;wBAAC,MAAM,CAAC;4BACP,OAAO,MAAM,CAAC;wBAChB,CAAC;oBACH,CAAC;oBAED,OAAO,MAAM,CAAC;gBAChB,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,MAAM,GAAG,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;oBACxC,MAAM,iBAAiB,GAAG,GAAG,CAAC,UAAU,CACtC,2BAA2B,CAC5B,CAAC;oBACF,MAAM,cAAc,GAClB,OAAO,GAAG,EAAE,UAAU,KAAK,QAAQ;wBACjC,CAAC,CAAC,GAAG,CAAC,UAAU;wBAChB,CAAC,CAAC,SAAS,CAAC;oBAChB,+DAA+D;oBAC/D,sBAAsB;oBACtB,MAAM,MAAM,GAAG,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,IAAI,GAAG,CAAC,CAAC;oBACjE,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;oBAEjC,kDAAkD;oBAClD,6DAA6D;oBAC7D,iEAAiE;oBACjE,8DAA8D;oBAC9D,gEAAgE;oBAChE,2DAA2D;oBAC3D,kDAAkD;oBAClD,MAAM,YAAY,GAChB,iBAAiB;wBACjB,sBAAsB,CAAC,GAAG,CAAC;wBAC3B,CAAC,cAAc,KAAK,SAAS,IAAI,cAAc,GAAG,GAAG,CAAC,CAAC;oBACzD,IAAI,YAAY,EAAE,CAAC;wBACjB,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;oBACxB,CAAC;oBACD,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,WAAW,EAAE,GAAG,CAAC,CAAC;oBAC9D,OAAO,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;gBAC5C,CAAC;YACH,CAAC,CACF,CAAC,CAAC,4BAA4B;QACjC,CAAC,CAAC,CACH,CAAC;QAEF,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACzC,OAAO,CAAC,GAAG,CACT,2BAA2B,OAAO,CAAC,MAAM,qBAAqB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnF,CAAC;AACN,CAAC","sourcesContent":["/**\n * Auto-mount actions as HTTP endpoints under /_agent-native/actions/:name.\n *\n * Actions are exposed as POST by default. Use `http: { method: \"GET\" }` in\n * defineAction to expose as GET. Use `http: false` to mark as agent-only.\n */\nimport { getH3App } from \"./framework-request-handler.js\";\nimport {\n defineEventHandler,\n setResponseStatus,\n setResponseHeader,\n getMethod,\n getQuery,\n getHeader,\n} from \"h3\";\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { isAgentActionStopError } from \"../action.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { runWithRequestContext } from \"./request-context.js\";\nimport { notifyActionChange } from \"./action-change.js\";\nimport {\n getAllowedCorsOrigin as resolveAllowedCorsOrigin,\n readCorsAllowedOrigins,\n} from \"./cors-origins.js\";\nimport { EMBED_TARGET_HEADER } from \"../shared/embed-auth.js\";\nimport {\n isMcpEmbedCorsOrigin,\n MCP_EMBED_CORS_ALLOW_HEADERS,\n shouldAllowMcpEmbedCredentials,\n} from \"../shared/mcp-embed-headers.js\";\n\nconst ROUTE_PREFIX = \"/_agent-native/actions\";\n\n/**\n * Read the caller's IANA timezone from the `x-user-timezone` header. The core\n * client sends this on every action request so server-side \"today\" fallbacks\n * can honor the user's local day.\n */\nfunction readTimezoneHeader(event: any): string | undefined {\n try {\n const raw = getHeader(event, \"x-user-timezone\");\n if (!raw || typeof raw !== \"string\") return undefined;\n const trimmed = raw.trim();\n return trimmed.length > 0 && trimmed.length < 64 ? trimmed : undefined;\n } catch {\n return undefined;\n }\n}\n\ntype CorsOrigin = {\n origin: string;\n credentials: boolean;\n};\n\nfunction getAllowedCorsOrigin(origin: string | undefined): CorsOrigin | null {\n const allowedOrigin = resolveAllowedCorsOrigin(origin, {\n allowedOrigins: readCorsAllowedOrigins(),\n allowLocalhostWhenNoAllowlist: true,\n });\n if (allowedOrigin) {\n return { origin: allowedOrigin, credentials: true };\n }\n if (isMcpEmbedCorsOrigin(origin)) {\n return {\n origin,\n credentials: shouldAllowMcpEmbedCredentials(origin),\n };\n }\n return null;\n}\n\nfunction handleOptionsRequest(event: any): string {\n const origin = getHeader(event, \"origin\");\n const cors = getAllowedCorsOrigin(\n typeof origin === \"string\" ? origin : undefined,\n );\n\n if (origin && !cors) {\n setResponseStatus(event, 403);\n return \"\";\n }\n\n if (cors) {\n setResponseHeader(event, \"Access-Control-Allow-Origin\", cors.origin);\n setResponseHeader(event, \"Vary\", \"Origin\");\n if (cors.credentials) {\n setResponseHeader(event, \"Access-Control-Allow-Credentials\", \"true\");\n }\n setResponseHeader(\n event,\n \"Access-Control-Allow-Methods\",\n \"GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS\",\n );\n setResponseHeader(\n event,\n \"Access-Control-Allow-Headers\",\n cors.credentials\n ? `Content-Type,Authorization,X-Requested-With,X-Request-Source,X-Agent-Native-CSRF,X-User-Timezone,X-Agent-Native-Tool-Bridge,X-Agent-Native-Tool-Id,${EMBED_TARGET_HEADER}`\n : `${MCP_EMBED_CORS_ALLOW_HEADERS},X-Agent-Native-Tool-Bridge,X-Agent-Native-Tool-Id`,\n );\n }\n\n setResponseStatus(event, 204);\n return \"\";\n}\n\nexport interface MountActionRoutesOptions {\n /** Resolve owner email from the H3 event (for data scoping). */\n getOwnerFromEvent?: (event: any) => string | Promise<string>;\n /** Resolve display name from the H3 event, when available. */\n getUserNameFromEvent?: (\n event: any,\n ) => string | undefined | Promise<string | undefined>;\n /** Resolve org ID from the H3 event (for org scoping). */\n resolveOrgId?: (event: any) => string | null | Promise<string | null>;\n}\n\n/**\n * Mount discovered actions as HTTP endpoints.\n *\n * Only actions from `autoDiscoverActions` (template actions) are mounted.\n * Built-in actions (resource-*, chat-*, shell, etc.) are NOT passed here.\n */\nexport function mountActionRoutes(\n nitroApp: any,\n actions: Record<string, ActionEntry>,\n options?: MountActionRoutesOptions,\n) {\n const mounted: string[] = [];\n\n for (const [name, entry] of Object.entries(actions)) {\n // Skip agent-only actions\n if (entry.http === false) continue;\n\n const method = entry.http?.method ?? \"POST\";\n const path = entry.http?.path ?? name;\n const routePath = `${ROUTE_PREFIX}/${path}`;\n\n getH3App(nitroApp).use(\n routePath,\n defineEventHandler(async (event) => {\n const reqMethod = getMethod(event);\n const effectiveMethod =\n reqMethod === \"HEAD\" && method === \"GET\" ? \"GET\" : reqMethod;\n\n if (reqMethod === \"OPTIONS\") {\n return handleOptionsRequest(event);\n }\n\n setResponseHeader(event, \"Cache-Control\", \"no-store\");\n\n // Allow the declared method\n if (effectiveMethod !== method) {\n setResponseStatus(event, 405);\n return { error: `Method not allowed. Use ${method}.` };\n }\n\n // (audit H5) Per-action `toolCallable` opt-out for the tools-iframe\n // bridge. The bridge tags every outbound action call with\n // X-Agent-Native-Tool-Bridge: 1. When that header is present and the\n // action declares `toolCallable: false`, we 403 — used by the\n // framework's share-resource / unshare-resource /\n // set-resource-visibility for defense-in-depth on auth-adjacent\n // operations. Undefined defaults to allow: tools are intra-org and\n // typically authored by trusted teammates, so the default is to\n // trust the org-level access controls.\n // The header is set by the parent (the React host), not by the\n // iframe's user-authored content; sanitizeToolRequestOptions strips\n // iframe attempts to spoof it.\n const fromToolBridge =\n getHeader(event, \"x-agent-native-tool-bridge\") === \"1\";\n if (fromToolBridge && entry.toolCallable === false) {\n setResponseStatus(event, 403);\n return {\n error: `Action '${name}' is not callable from tools.`,\n };\n }\n\n // Resolve auth context for per-request scoping\n const userEmail = options?.getOwnerFromEvent\n ? await options.getOwnerFromEvent(event)\n : undefined;\n const userName = options?.getUserNameFromEvent\n ? await options.getUserNameFromEvent(event)\n : undefined;\n const orgId = options?.resolveOrgId\n ? ((await options.resolveOrgId(event)) ?? undefined)\n : undefined;\n const timezone = readTimezoneHeader(event);\n\n return runWithRequestContext(\n { userEmail, userName, orgId, timezone },\n async () => {\n // Parse params based on method. On web-standard runtimes (Netlify\n // Functions, CF Workers), event.req IS the web Request — use .json()\n // directly. H3's readBody fails on those runtimes because it expects\n // a Node.js stream on event.node.req.\n let params: Record<string, any>;\n try {\n if (method === \"GET\") {\n // H3 v2: prefer web Request URL, fallback to getQuery\n const webReq = (event as any).req;\n if (webReq?.url) {\n const url = new URL(webReq.url);\n params = Object.fromEntries(url.searchParams);\n } else {\n params = getQuery(event) as Record<string, any>;\n }\n } else {\n const webReq = (event as any).req;\n if (webReq && typeof webReq.json === \"function\") {\n // H3 v2: event.req is the web Request — use .json() directly\n params = (await webReq.json().catch(() => null)) ?? {};\n } else {\n // Fallback: H3's readBody (Node.js dev)\n params = (await readBody(event)) ?? {};\n }\n }\n } catch {\n params = {};\n }\n\n // Run the action\n try {\n const result = await entry.run(params);\n\n // Auto-refresh the UI after a successful mutating action. GET\n // actions and actions explicitly flagged readOnly are skipped.\n // Other tabs' useDbSync will see source:\"action\" and invalidate\n // their action queries. The calling tab already refetches via\n // useActionMutation's onSuccess, so this is mainly cross-tab\n // sync (and parity with the agent's tool-call path).\n // Explicit entry.readOnly (true OR false) wins over the method\n // heuristic. defineAction already auto-infers GET → readOnly=true,\n // so for actions registered through that path entry.readOnly is\n // always set and the fallback just guards legacy wrap paths.\n const isReadOnly =\n typeof entry.readOnly === \"boolean\"\n ? entry.readOnly\n : method === \"GET\";\n if (!isReadOnly) {\n try {\n await notifyActionChange({\n actionName: name,\n ...(userEmail ? { owner: userEmail } : {}),\n });\n } catch {\n // ignore\n }\n }\n\n // If the action returned a string, try to parse as JSON for a clean response\n if (typeof result === \"string\") {\n try {\n return JSON.parse(result);\n } catch {\n return result;\n }\n }\n\n return result;\n } catch (err: any) {\n const msg = err?.message ?? String(err);\n const isValidationError = msg.startsWith(\n \"Invalid action parameters\",\n );\n const explicitStatus =\n typeof err?.statusCode === \"number\"\n ? err.statusCode\n : undefined;\n // Return 400 for validation errors, the explicit statusCode if\n // set, otherwise 500.\n const status = isValidationError ? 400 : (explicitStatus ?? 500);\n setResponseStatus(event, status);\n\n // Only echo the raw message for known-safe cases:\n // - validation errors (deterministic, parameter-shape only)\n // - explicit user-facing errors (AgentActionStopError / fail())\n // - errors with an explicit statusCode < 500 (client errors)\n // For uncategorized 500s, return a generic message and keep the\n // real detail server-side only — it can contain DB/driver/\n // upstream text we must not leak to HTTP callers.\n const isUserFacing =\n isValidationError ||\n isAgentActionStopError(err) ||\n (explicitStatus !== undefined && explicitStatus < 500);\n if (isUserFacing) {\n return { error: msg };\n }\n console.error(`[agent-native] action '${name}' failed:`, err);\n return { error: \"Internal server error\" };\n }\n },\n ); // end runWithRequestContext\n }),\n );\n\n mounted.push(`${method} ${routePath}`);\n }\n\n if (mounted.length > 0 && process.env.DEBUG)\n console.log(\n `[action-routes] Mounted ${mounted.length} action route(s): ${mounted.join(\", \")}`,\n );\n}\n"]}
1
+ {"version":3,"file":"action-routes.js","sourceRoot":"","sources":["../../src/server/action-routes.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EAAE,QAAQ,EAAE,MAAM,gCAAgC,CAAC;AAC1D,OAAO,EACL,kBAAkB,EAClB,iBAAiB,EACjB,iBAAiB,EACjB,SAAS,EACT,QAAQ,EACR,SAAS,GACV,MAAM,IAAI,CAAC;AAEZ,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EACL,oBAAoB,IAAI,wBAAwB,EAChD,sBAAsB,GACvB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EACL,oBAAoB,EACpB,4BAA4B,EAC5B,8BAA8B,GAC/B,MAAM,gCAAgC,CAAC;AAExC,MAAM,YAAY,GAAG,wBAAwB,CAAC;AAE9C,MAAM,UAAU,uBAAuB,CACrC,YAA6B;IAE7B,MAAM,MAAM,GAAwB,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;QACrD,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,sBAAsB,CAC7B,KAA8B;IAE9B,MAAM,MAAM,GAAwB,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;QAC/D,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,IAAI,KAAK,IAAI,IAAI;gBAAE,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,iBAAiB,CACxB,MAA2B,EAC3B,MAAc,EACd,KAAU;IAEV,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACzC,sEAAsE;IACtE,uDAAuD;IACvD,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACtD,MAAM,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAC7C,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACjC,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,kBAAkB,CAAC,KAAU;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;QAChD,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACtD,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;QAC3B,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAOD,SAAS,oBAAoB,CAAC,MAA0B;IACtD,MAAM,aAAa,GAAG,wBAAwB,CAAC,MAAM,EAAE;QACrD,cAAc,EAAE,sBAAsB,EAAE;QACxC,6BAA6B,EAAE,IAAI;KACpC,CAAC,CAAC;IACH,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IACtD,CAAC;IACD,IAAI,oBAAoB,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,OAAO;YACL,MAAM;YACN,WAAW,EAAE,8BAA8B,CAAC,MAAM,CAAC;SACpD,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAU;IACtC,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAC1C,MAAM,IAAI,GAAG,oBAAoB,CAC/B,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAChD,CAAC;IAEF,IAAI,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QACpB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,iBAAiB,CAAC,KAAK,EAAE,6BAA6B,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACrE,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3C,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,iBAAiB,CAAC,KAAK,EAAE,kCAAkC,EAAE,MAAM,CAAC,CAAC;QACvE,CAAC;QACD,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,wCAAwC,CACzC,CAAC;QACF,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,IAAI,CAAC,WAAW;YACd,CAAC,CAAC,sJAAsJ,mBAAmB,EAAE;YAC7K,CAAC,CAAC,GAAG,4BAA4B,oDAAoD,CACxF,CAAC;IACJ,CAAC;IAED,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAC9B,OAAO,EAAE,CAAC;AACZ,CAAC;AAaD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAa,EACb,OAAoC,EACpC,OAAkC;IAElC,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,0BAA0B;QAC1B,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK;YAAE,SAAS;QAEnC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,EAAE,MAAM,IAAI,MAAM,CAAC;QAC5C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;QACtC,MAAM,SAAS,GAAG,GAAG,YAAY,IAAI,IAAI,EAAE,CAAC;QAE5C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,SAAS,EACT,kBAAkB,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;YACjC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,eAAe,GACnB,SAAS,KAAK,MAAM,IAAI,MAAM,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAE/D,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;gBAC5B,OAAO,oBAAoB,CAAC,KAAK,CAAC,CAAC;YACrC,CAAC;YAED,iBAAiB,CAAC,KAAK,EAAE,eAAe,EAAE,UAAU,CAAC,CAAC;YAEtD,4BAA4B;YAC5B,IAAI,eAAe,KAAK,MAAM,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,2BAA2B,MAAM,GAAG,EAAE,CAAC;YACzD,CAAC;YAED,oEAAoE;YACpE,0DAA0D;YAC1D,qEAAqE;YACrE,8DAA8D;YAC9D,kDAAkD;YAClD,gEAAgE;YAChE,mEAAmE;YACnE,gEAAgE;YAChE,uCAAuC;YACvC,+DAA+D;YAC/D,oEAAoE;YACpE,+BAA+B;YAC/B,MAAM,cAAc,GAClB,SAAS,CAAC,KAAK,EAAE,4BAA4B,CAAC,KAAK,GAAG,CAAC;YACzD,IAAI,cAAc,IAAI,KAAK,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;gBACnD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,WAAW,IAAI,+BAA+B;iBACtD,CAAC;YACJ,CAAC;YAED,+CAA+C;YAC/C,MAAM,SAAS,GAAG,OAAO,EAAE,iBAAiB;gBAC1C,CAAC,CAAC,MAAM,OAAO,CAAC,iBAAiB,CAAC,KAAK,CAAC;gBACxC,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,OAAO,EAAE,oBAAoB;gBAC5C,CAAC,CAAC,MAAM,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC;gBAC3C,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,KAAK,GAAG,OAAO,EAAE,YAAY;gBACjC,CAAC,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,IAAI,SAAS,CAAC;gBACpD,CAAC,CAAC,SAAS,CAAC;YACd,MAAM,QAAQ,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;YAE3C,OAAO,qBAAqB,CAC1B,EAAE,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,EACxC,KAAK,IAAI,EAAE;gBACT,kEAAkE;gBAClE,qEAAqE;gBACrE,qEAAqE;gBACrE,sCAAsC;gBACtC,IAAI,MAA2B,CAAC;gBAChC,IAAI,CAAC;oBACH,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;wBACrB,sDAAsD;wBACtD,MAAM,MAAM,GAAI,KAAa,CAAC,GAAG,CAAC;wBAClC,IAAI,MAAM,EAAE,GAAG,EAAE,CAAC;4BAChB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;4BAChC,MAAM,GAAG,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;wBACrD,CAAC;6BAAM,CAAC;4BACN,MAAM,GAAG,sBAAsB,CAC7B,QAAQ,CAAC,KAAK,CAAwB,CACvC,CAAC;wBACJ,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,MAAM,GAAI,KAAa,CAAC,GAAG,CAAC;wBAClC,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;4BAChD,6DAA6D;4BAC7D,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;wBACzD,CAAC;6BAAM,CAAC;4BACN,wCAAwC;4BACxC,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;wBACzC,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,GAAG,EAAE,CAAC;gBACd,CAAC;gBAED,iBAAiB;gBACjB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAEvC,8DAA8D;oBAC9D,+DAA+D;oBAC/D,gEAAgE;oBAChE,8DAA8D;oBAC9D,6DAA6D;oBAC7D,qDAAqD;oBACrD,+DAA+D;oBAC/D,mEAAmE;oBACnE,gEAAgE;oBAChE,6DAA6D;oBAC7D,MAAM,UAAU,GACd,OAAO,KAAK,CAAC,QAAQ,KAAK,SAAS;wBACjC,CAAC,CAAC,KAAK,CAAC,QAAQ;wBAChB,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC;oBACvB,IAAI,CAAC,UAAU,EAAE,CAAC;wBAChB,IAAI,CAAC;4BACH,MAAM,kBAAkB,CAAC;gCACvB,UAAU,EAAE,IAAI;gCAChB,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;6BAC3C,CAAC,CAAC;wBACL,CAAC;wBAAC,MAAM,CAAC;4BACP,SAAS;wBACX,CAAC;oBACH,CAAC;oBAED,6EAA6E;oBAC7E,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;wBAC/B,IAAI,CAAC;4BACH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;wBAC5B,CAAC;wBAAC,MAAM,CAAC;4BACP,OAAO,MAAM,CAAC;wBAChB,CAAC;oBACH,CAAC;oBAED,OAAO,MAAM,CAAC;gBAChB,CAAC;gBAAC,OAAO,GAAQ,EAAE,CAAC;oBAClB,MAAM,GAAG,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;oBACxC,MAAM,iBAAiB,GAAG,GAAG,CAAC,UAAU,CACtC,2BAA2B,CAC5B,CAAC;oBACF,MAAM,cAAc,GAClB,OAAO,GAAG,EAAE,UAAU,KAAK,QAAQ;wBACjC,CAAC,CAAC,GAAG,CAAC,UAAU;wBAChB,CAAC,CAAC,SAAS,CAAC;oBAChB,+DAA+D;oBAC/D,sBAAsB;oBACtB,MAAM,MAAM,GAAG,iBAAiB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,cAAc,IAAI,GAAG,CAAC,CAAC;oBACjE,iBAAiB,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;oBAEjC,kDAAkD;oBAClD,6DAA6D;oBAC7D,iEAAiE;oBACjE,8DAA8D;oBAC9D,gEAAgE;oBAChE,2DAA2D;oBAC3D,kDAAkD;oBAClD,MAAM,YAAY,GAChB,iBAAiB;wBACjB,sBAAsB,CAAC,GAAG,CAAC;wBAC3B,CAAC,cAAc,KAAK,SAAS,IAAI,cAAc,GAAG,GAAG,CAAC,CAAC;oBACzD,IAAI,YAAY,EAAE,CAAC;wBACjB,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;oBACxB,CAAC;oBACD,OAAO,CAAC,KAAK,CAAC,0BAA0B,IAAI,WAAW,EAAE,GAAG,CAAC,CAAC;oBAC9D,OAAO,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;gBAC5C,CAAC;YACH,CAAC,CACF,CAAC,CAAC,4BAA4B;QACjC,CAAC,CAAC,CACH,CAAC;QAEF,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,SAAS,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;QACzC,OAAO,CAAC,GAAG,CACT,2BAA2B,OAAO,CAAC,MAAM,qBAAqB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACnF,CAAC;AACN,CAAC","sourcesContent":["/**\n * Auto-mount actions as HTTP endpoints under /_agent-native/actions/:name.\n *\n * Actions are exposed as POST by default. Use `http: { method: \"GET\" }` in\n * defineAction to expose as GET. Use `http: false` to mark as agent-only.\n */\nimport { getH3App } from \"./framework-request-handler.js\";\nimport {\n defineEventHandler,\n setResponseStatus,\n setResponseHeader,\n getMethod,\n getQuery,\n getHeader,\n} from \"h3\";\nimport type { ActionEntry } from \"../agent/production-agent.js\";\nimport { isAgentActionStopError } from \"../action.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { runWithRequestContext } from \"./request-context.js\";\nimport { notifyActionChange } from \"./action-change.js\";\nimport {\n getAllowedCorsOrigin as resolveAllowedCorsOrigin,\n readCorsAllowedOrigins,\n} from \"./cors-origins.js\";\nimport { EMBED_TARGET_HEADER } from \"../shared/embed-auth.js\";\nimport {\n isMcpEmbedCorsOrigin,\n MCP_EMBED_CORS_ALLOW_HEADERS,\n shouldAllowMcpEmbedCredentials,\n} from \"../shared/mcp-embed-headers.js\";\n\nconst ROUTE_PREFIX = \"/_agent-native/actions\";\n\nexport function parseActionSearchParams(\n searchParams: URLSearchParams,\n): Record<string, any> {\n const params: Record<string, any> = {};\n for (const [rawKey, value] of searchParams.entries()) {\n appendActionParam(params, rawKey, value);\n }\n return params;\n}\n\nfunction parseActionQueryObject(\n query: Record<string, unknown>,\n): Record<string, any> {\n const params: Record<string, any> = {};\n for (const [rawKey, rawValue] of Object.entries(query)) {\n const values = Array.isArray(rawValue) ? rawValue : [rawValue];\n for (const value of values) {\n if (value != null) appendActionParam(params, rawKey, String(value));\n }\n }\n return params;\n}\n\nfunction appendActionParam(\n params: Record<string, any>,\n rawKey: string,\n value: any,\n) {\n const isArrayKey = rawKey.endsWith(\"[]\");\n // The core client serializes arrays as `key[]=value` so even a single\n // value can validate against z.array() action schemas.\n const key = isArrayKey ? rawKey.slice(0, -2) : rawKey;\n const current = params[key];\n if (current === undefined) {\n params[key] = isArrayKey ? [value] : value;\n } else if (Array.isArray(current)) {\n current.push(value);\n } else {\n params[key] = [current, value];\n }\n}\n\n/**\n * Read the caller's IANA timezone from the `x-user-timezone` header. The core\n * client sends this on every action request so server-side \"today\" fallbacks\n * can honor the user's local day.\n */\nfunction readTimezoneHeader(event: any): string | undefined {\n try {\n const raw = getHeader(event, \"x-user-timezone\");\n if (!raw || typeof raw !== \"string\") return undefined;\n const trimmed = raw.trim();\n return trimmed.length > 0 && trimmed.length < 64 ? trimmed : undefined;\n } catch {\n return undefined;\n }\n}\n\ntype CorsOrigin = {\n origin: string;\n credentials: boolean;\n};\n\nfunction getAllowedCorsOrigin(origin: string | undefined): CorsOrigin | null {\n const allowedOrigin = resolveAllowedCorsOrigin(origin, {\n allowedOrigins: readCorsAllowedOrigins(),\n allowLocalhostWhenNoAllowlist: true,\n });\n if (allowedOrigin) {\n return { origin: allowedOrigin, credentials: true };\n }\n if (isMcpEmbedCorsOrigin(origin)) {\n return {\n origin,\n credentials: shouldAllowMcpEmbedCredentials(origin),\n };\n }\n return null;\n}\n\nfunction handleOptionsRequest(event: any): string {\n const origin = getHeader(event, \"origin\");\n const cors = getAllowedCorsOrigin(\n typeof origin === \"string\" ? origin : undefined,\n );\n\n if (origin && !cors) {\n setResponseStatus(event, 403);\n return \"\";\n }\n\n if (cors) {\n setResponseHeader(event, \"Access-Control-Allow-Origin\", cors.origin);\n setResponseHeader(event, \"Vary\", \"Origin\");\n if (cors.credentials) {\n setResponseHeader(event, \"Access-Control-Allow-Credentials\", \"true\");\n }\n setResponseHeader(\n event,\n \"Access-Control-Allow-Methods\",\n \"GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS\",\n );\n setResponseHeader(\n event,\n \"Access-Control-Allow-Headers\",\n cors.credentials\n ? `Content-Type,Authorization,X-Requested-With,X-Request-Source,X-Agent-Native-CSRF,X-User-Timezone,X-Agent-Native-Tool-Bridge,X-Agent-Native-Tool-Id,${EMBED_TARGET_HEADER}`\n : `${MCP_EMBED_CORS_ALLOW_HEADERS},X-Agent-Native-Tool-Bridge,X-Agent-Native-Tool-Id`,\n );\n }\n\n setResponseStatus(event, 204);\n return \"\";\n}\n\nexport interface MountActionRoutesOptions {\n /** Resolve owner email from the H3 event (for data scoping). */\n getOwnerFromEvent?: (event: any) => string | Promise<string>;\n /** Resolve display name from the H3 event, when available. */\n getUserNameFromEvent?: (\n event: any,\n ) => string | undefined | Promise<string | undefined>;\n /** Resolve org ID from the H3 event (for org scoping). */\n resolveOrgId?: (event: any) => string | null | Promise<string | null>;\n}\n\n/**\n * Mount discovered actions as HTTP endpoints.\n *\n * Only actions from `autoDiscoverActions` (template actions) are mounted.\n * Built-in actions (resource-*, chat-*, shell, etc.) are NOT passed here.\n */\nexport function mountActionRoutes(\n nitroApp: any,\n actions: Record<string, ActionEntry>,\n options?: MountActionRoutesOptions,\n) {\n const mounted: string[] = [];\n\n for (const [name, entry] of Object.entries(actions)) {\n // Skip agent-only actions\n if (entry.http === false) continue;\n\n const method = entry.http?.method ?? \"POST\";\n const path = entry.http?.path ?? name;\n const routePath = `${ROUTE_PREFIX}/${path}`;\n\n getH3App(nitroApp).use(\n routePath,\n defineEventHandler(async (event) => {\n const reqMethod = getMethod(event);\n const effectiveMethod =\n reqMethod === \"HEAD\" && method === \"GET\" ? \"GET\" : reqMethod;\n\n if (reqMethod === \"OPTIONS\") {\n return handleOptionsRequest(event);\n }\n\n setResponseHeader(event, \"Cache-Control\", \"no-store\");\n\n // Allow the declared method\n if (effectiveMethod !== method) {\n setResponseStatus(event, 405);\n return { error: `Method not allowed. Use ${method}.` };\n }\n\n // (audit H5) Per-action `toolCallable` opt-out for the tools-iframe\n // bridge. The bridge tags every outbound action call with\n // X-Agent-Native-Tool-Bridge: 1. When that header is present and the\n // action declares `toolCallable: false`, we 403 — used by the\n // framework's share-resource / unshare-resource /\n // set-resource-visibility for defense-in-depth on auth-adjacent\n // operations. Undefined defaults to allow: tools are intra-org and\n // typically authored by trusted teammates, so the default is to\n // trust the org-level access controls.\n // The header is set by the parent (the React host), not by the\n // iframe's user-authored content; sanitizeToolRequestOptions strips\n // iframe attempts to spoof it.\n const fromToolBridge =\n getHeader(event, \"x-agent-native-tool-bridge\") === \"1\";\n if (fromToolBridge && entry.toolCallable === false) {\n setResponseStatus(event, 403);\n return {\n error: `Action '${name}' is not callable from tools.`,\n };\n }\n\n // Resolve auth context for per-request scoping\n const userEmail = options?.getOwnerFromEvent\n ? await options.getOwnerFromEvent(event)\n : undefined;\n const userName = options?.getUserNameFromEvent\n ? await options.getUserNameFromEvent(event)\n : undefined;\n const orgId = options?.resolveOrgId\n ? ((await options.resolveOrgId(event)) ?? undefined)\n : undefined;\n const timezone = readTimezoneHeader(event);\n\n return runWithRequestContext(\n { userEmail, userName, orgId, timezone },\n async () => {\n // Parse params based on method. On web-standard runtimes (Netlify\n // Functions, CF Workers), event.req IS the web Request — use .json()\n // directly. H3's readBody fails on those runtimes because it expects\n // a Node.js stream on event.node.req.\n let params: Record<string, any>;\n try {\n if (method === \"GET\") {\n // H3 v2: prefer web Request URL, fallback to getQuery\n const webReq = (event as any).req;\n if (webReq?.url) {\n const url = new URL(webReq.url);\n params = parseActionSearchParams(url.searchParams);\n } else {\n params = parseActionQueryObject(\n getQuery(event) as Record<string, any>,\n );\n }\n } else {\n const webReq = (event as any).req;\n if (webReq && typeof webReq.json === \"function\") {\n // H3 v2: event.req is the web Request — use .json() directly\n params = (await webReq.json().catch(() => null)) ?? {};\n } else {\n // Fallback: H3's readBody (Node.js dev)\n params = (await readBody(event)) ?? {};\n }\n }\n } catch {\n params = {};\n }\n\n // Run the action\n try {\n const result = await entry.run(params);\n\n // Auto-refresh the UI after a successful mutating action. GET\n // actions and actions explicitly flagged readOnly are skipped.\n // Other tabs' useDbSync will see source:\"action\" and invalidate\n // their action queries. The calling tab already refetches via\n // useActionMutation's onSuccess, so this is mainly cross-tab\n // sync (and parity with the agent's tool-call path).\n // Explicit entry.readOnly (true OR false) wins over the method\n // heuristic. defineAction already auto-infers GET → readOnly=true,\n // so for actions registered through that path entry.readOnly is\n // always set and the fallback just guards legacy wrap paths.\n const isReadOnly =\n typeof entry.readOnly === \"boolean\"\n ? entry.readOnly\n : method === \"GET\";\n if (!isReadOnly) {\n try {\n await notifyActionChange({\n actionName: name,\n ...(userEmail ? { owner: userEmail } : {}),\n });\n } catch {\n // ignore\n }\n }\n\n // If the action returned a string, try to parse as JSON for a clean response\n if (typeof result === \"string\") {\n try {\n return JSON.parse(result);\n } catch {\n return result;\n }\n }\n\n return result;\n } catch (err: any) {\n const msg = err?.message ?? String(err);\n const isValidationError = msg.startsWith(\n \"Invalid action parameters\",\n );\n const explicitStatus =\n typeof err?.statusCode === \"number\"\n ? err.statusCode\n : undefined;\n // Return 400 for validation errors, the explicit statusCode if\n // set, otherwise 500.\n const status = isValidationError ? 400 : (explicitStatus ?? 500);\n setResponseStatus(event, status);\n\n // Only echo the raw message for known-safe cases:\n // - validation errors (deterministic, parameter-shape only)\n // - explicit user-facing errors (AgentActionStopError / fail())\n // - errors with an explicit statusCode < 500 (client errors)\n // For uncategorized 500s, return a generic message and keep the\n // real detail server-side only — it can contain DB/driver/\n // upstream text we must not leak to HTTP callers.\n const isUserFacing =\n isValidationError ||\n isAgentActionStopError(err) ||\n (explicitStatus !== undefined && explicitStatus < 500);\n if (isUserFacing) {\n return { error: msg };\n }\n console.error(`[agent-native] action '${name}' failed:`, err);\n return { error: \"Internal server error\" };\n }\n },\n ); // end runWithRequestContext\n }),\n );\n\n mounted.push(`${method} ${routePath}`);\n }\n\n if (mounted.length > 0 && process.env.DEBUG)\n console.log(\n `[action-routes] Mounted ${mounted.length} action route(s): ${mounted.join(\", \")}`,\n );\n}\n"]}
package/dist/server/agent-chat-plugin.d.ts CHANGED
@@ -199,6 +199,11 @@ export interface AgentChatPluginOptions {
199
199
  userEmail: string | undefined;
200
200
  }) => import("../a2a/types.js").Message | string | null | undefined | Promise<import("../a2a/types.js").Message | string | null | undefined>;
201
201
  }
202
+ export declare const _agentChatPromptSectionsForTests: {
203
+ frameworkCore: string;
204
+ frameworkCoreCompact: string;
205
+ frameworkContextSections: Record<string, string>;
206
+ };
202
207
  /**
203
208
  * Pre-load the agent's context: AGENTS.md (workspace/template/runtime
204
209
  * instructions), the skills index, shared LEARNINGS.md (team notes), a shared
package/dist/server/agent-chat-plugin.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"agent-chat-plugin.d.ts","sourceRoot":"","sources":["../../src/server/agent-chat-plugin.ts"],"names":[],"mappings":"AAcA,OAAO,EAML,KAAK,WAAW,EACjB,MAAM,8BAA8B,CAAC;AAqBtC,OAAO,KAAK,EACV,mBAAmB,EACnB,cAAc,EACd,kBAAkB,EAElB,eAAe,EAChB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAcjB,MAAM,wBAAwB,CAAC;AA+DhC,OAAO,EAGL,KAAK,0BAA0B,EAC/B,KAAK,oBAAoB,EAC1B,MAAM,6BAA6B,CAAC;AAiUrC,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GACnC,KAAK,CAAC;IACP,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC;CACzC,CAAC,CASD;AAmBD,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,SAAS,cAAc,EAAE,EACjC,WAAW,EAAE,SAAS,oBAAoB,EAAE,EAC5C,OAAO,GAAE,0BAA0B,GAAG;IAAE,KAAK,CAAC,EAAE,GAAG,CAAA;CAAO,GACzD;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAO7C;AA09CD,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,sBAAsB;IACrC,+DAA+D;IAC/D,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,wCAAwC;IACxC,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qEAAqE;IACrE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;sDAGkD;IAClD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,MAAM,CAAC,EACH,OAAO,0BAA0B,EAAE,WAAW,GAC9C,MAAM,GACN;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;IACtD,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,gBAAgB,CAAC,EACb,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClD,kFAAkF;IAClF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,aAAa,CAAC,EAAE;QACd,mEAAmE;QACnE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,uEAAuE;QACvE,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,gFAAgF;QAChF,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,gFAAgF;QAChF,KAAK,CAAC,EAAE,KAAK,CAAC;YACZ,GAAG,EAAE,MAAM,CAAC;YACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;YACjB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;SAC1B,CAAC,CAAC;KACJ,CAAC;IACF;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACtE;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACxE;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B;;;;;;;;;;;;;;OAcG;IACH,YAAY,CAAC,EAAE,CACb,KAAK,EAAE,GAAG,EACV,KAAK,EAAE,MAAM,KACV,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5C;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,8BAA8B,EAAE,2BAA2B,CAAC;IACxF;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE;QACzB,KAAK,EAAE,GAAG,CAAC;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,WAAW,EAAE,mBAAmB,EAAE,CAAC;QACnC,UAAU,EAAE,kBAAkB,EAAE,CAAC;QACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,IAAI,EAAE,KAAK,GAAG,MAAM,CAAC;KACtB,KACG,IAAI,GACJ;QACE,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,WAAW,CAAC,EAAE,mBAAmB,EAAE,CAAC;KACrC,GACD,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,WAAW,CAAC,EAAE,mBAAmB,EAAE,CAAC;KACrC,CAAC,CAAC;IACP;;;;;;;;;;;;;;OAcG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC7B,OAAO,EAAE,OAAO,iBAAiB,EAAE,OAAO,CAAC;QAC3C,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,OAAO,iBAAiB,EAAE,iBAAiB,CAAC;QACrD,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;KAC/B,KACG,OAAO,iBAAiB,EAAE,OAAO,GACjC,MAAM,GACN,IAAI,GACJ,SAAS,GACT,OAAO,CAAC,OAAO,iBAAiB,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;CAC5E;AAydD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,MAAM,EACb,OAAO,UAAQ,EACf,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CA8KjB;AA0ND,wBAAgB,sCAAsC,CAAC,KAAK,EAAE;IAC5D,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,GAAG,OAAO,CA2BV;AAED,wBAAgB,qBAAqB,CACnC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,cAAc,CAq6GhB;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,EAAE,cAAwC,CAAC;AAa9E,yEAAyE;AACzE,wBAAgB,mBAAmB,IAAI,gBAAgB,GAAG,IAAI,CAE7D"}
1
+ {"version":3,"file":"agent-chat-plugin.d.ts","sourceRoot":"","sources":["../../src/server/agent-chat-plugin.ts"],"names":[],"mappings":"AAcA,OAAO,EAML,KAAK,WAAW,EACjB,MAAM,8BAA8B,CAAC;AAqBtC,OAAO,KAAK,EACV,mBAAmB,EACnB,cAAc,EACd,kBAAkB,EAElB,eAAe,EAChB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAcjB,MAAM,wBAAwB,CAAC;AA6EhC,OAAO,EAGL,KAAK,0BAA0B,EAC/B,KAAK,oBAAoB,EAC1B,MAAM,6BAA6B,CAAC;AAiUrC,wBAAgB,yBAAyB,CACvC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GACnC,KAAK,CAAC;IACP,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC,CAAC;CACzC,CAAC,CASD;AAmBD,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,SAAS,cAAc,EAAE,EACjC,WAAW,EAAE,SAAS,oBAAoB,EAAE,EAC5C,OAAO,GAAE,0BAA0B,GAAG;IAAE,KAAK,CAAC,EAAE,GAAG,CAAA;CAAO,GACzD;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAO7C;AA4+CD,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,sBAAsB;IACrC,+DAA+D;IAC/D,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,wCAAwC;IACxC,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,qEAAqE;IACrE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;sDAGkD;IAClD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,MAAM,CAAC,EACH,OAAO,0BAA0B,EAAE,WAAW,GAC9C,MAAM,GACN;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;IACtD,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,gBAAgB,CAAC,EACb,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClD,kFAAkF;IAClF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,6EAA6E;IAC7E,aAAa,CAAC,EAAE;QACd,mEAAmE;QACnE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,uEAAuE;QACvE,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,gFAAgF;QAChF,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,gFAAgF;QAChF,KAAK,CAAC,EAAE,KAAK,CAAC;YACZ,GAAG,EAAE,MAAM,CAAC;YACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;YACjB,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;SAC1B,CAAC,CAAC;KACJ,CAAC;IACF;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACtE;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACxE;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B;;;;;;;;;;;;;;OAcG;IACH,YAAY,CAAC,EAAE,CACb,KAAK,EAAE,GAAG,EACV,KAAK,EAAE,MAAM,KACV,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5C;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,OAAO,8BAA8B,EAAE,2BAA2B,CAAC;IACxF;;;;OAIG;IACH,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE;QACzB,KAAK,EAAE,GAAG,CAAC;QACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC;QAChB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,WAAW,EAAE,mBAAmB,EAAE,CAAC;QACnC,UAAU,EAAE,kBAAkB,EAAE,CAAC;QACjC,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,oBAAoB,CAAC,EAAE,OAAO,CAAC;QAC/B,IAAI,EAAE,KAAK,GAAG,MAAM,CAAC;KACtB,KACG,IAAI,GACJ;QACE,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,WAAW,CAAC,EAAE,mBAAmB,EAAE,CAAC;KACrC,GACD,OAAO,CAAC,IAAI,GAAG;QACb,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,WAAW,CAAC,EAAE,mBAAmB,EAAE,CAAC;KACrC,CAAC,CAAC;IACP;;;;;;;;;;;;;;OAcG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC7B,OAAO,EAAE,OAAO,iBAAiB,EAAE,OAAO,CAAC;QAC3C,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,OAAO,iBAAiB,EAAE,iBAAiB,CAAC;QACrD,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;KAC/B,KACG,OAAO,iBAAiB,EAAE,OAAO,GACjC,MAAM,GACN,IAAI,GACJ,SAAS,GACT,OAAO,CAAC,OAAO,iBAAiB,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,GAAG,SAAS,CAAC,CAAC;CAC5E;AA6dD,eAAO,MAAM,gCAAgC;;;;CAI5C,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,MAAM,EACb,OAAO,UAAQ,EACf,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CA8KjB;AA0ND,wBAAgB,sCAAsC,CAAC,KAAK,EAAE;IAC5D,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,GAAG,OAAO,CA2BV;AAED,wBAAgB,qBAAqB,CACnC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,cAAc,CAkgHhB;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,EAAE,cAAwC,CAAC;AAa9E,yEAAyE;AACzE,wBAAgB,mBAAmB,IAAI,gBAAgB,GAAG,IAAI,CAE7D"}
package/dist/server/agent-chat-plugin.js CHANGED
@@ -21,6 +21,10 @@ import { resourceList, resourceListAccessible, resourceGet, resourceGetByPath, e
21
21
  import { getFrontmatterValue, getSkillNameFromPath, parseFrontmatter, } from "../resources/metadata.js";
22
22
  import nodePath from "node:path";
23
23
  import { readBody } from "./h3-helpers.js";
24
+ import { AGENT_TEAM_PROCESS_RUN_PATH, processAgentTeamRun, reconcileAgentTeamRunsForOwner, } from "./agent-teams.js";
25
+ import { setProgressPreListHook } from "../progress/store.js";
26
+ import { verifyInternalToken, extractBearerToken, } from "../integrations/internal-token.js";
27
+ import { hasConfiguredA2ASecret, isA2AProductionRuntime, } from "../a2a/auth-policy.js";
24
28
  import { getBuilderBrowserConnectUrlForOwner, resolveBuilderBranchProjectId, } from "./builder-browser.js";
25
29
  import { captureCliOutput } from "./cli-capture.js";
26
30
  import { withConfiguredAppBasePath } from "./app-base-path.js";
@@ -1409,7 +1413,7 @@ function createTeamTools(deps) {
1409
1413
  return {
1410
1414
  "agent-teams": {
1411
1415
  tool: {
1412
- description: "Manage sub-agent tasks. Use action 'spawn' to start a new sub-agent, 'status' to check progress, 'read-result' to get a finished task's output, 'send' to message a running sub-agent, or 'list' to see all tasks.",
1416
+ description: "Manage background sub-agent tasks. Use action 'spawn' to start a new sub-agent, 'status' to check progress, 'read-result' to get a finished task's output, 'send' to message a running sub-agent, or 'list' to see all tasks. A successful spawn only means the task started and is running; do not report it as finished until status/read-result shows a terminal status.",
1413
1417
  parameters: {
1414
1418
  type: "object",
1415
1419
  properties: {
@@ -1484,6 +1488,7 @@ function createTeamTools(deps) {
1484
1488
  actions: subAgentActions,
1485
1489
  engine: deps.getEngine(),
1486
1490
  model: selectedModel,
1491
+ name: selectedName || undefined,
1487
1492
  parentThreadId: deps.getParentThreadId(),
1488
1493
  parentSend: (event) => {
1489
1494
  if (capturedSend)
@@ -1493,9 +1498,13 @@ function createTeamTools(deps) {
1493
1498
  return JSON.stringify({
1494
1499
  taskId: task.taskId,
1495
1500
  threadId: task.threadId,
1501
+ runId: task.runId,
1496
1502
  status: task.status,
1503
+ parentThreadId: task.parentThreadId,
1504
+ state: "launched_pending_completion",
1505
+ message: "Sub-agent launched and is still running. Use status or read-result later; do not describe this task as completed from the spawn response alone.",
1497
1506
  description: task.description,
1498
- name: selectedName,
1507
+ name: task.name ?? selectedName,
1499
1508
  });
1500
1509
  }
1501
1510
  // ── status ─────────────────────────────────────────────
@@ -1509,8 +1518,10 @@ function createTeamTools(deps) {
1509
1518
  return JSON.stringify({
1510
1519
  taskId: task.taskId,
1511
1520
  threadId: task.threadId,
1521
+ parentThreadId: task.parentThreadId,
1512
1522
  status: task.status,
1513
1523
  description: task.description,
1524
+ name: task.name,
1514
1525
  preview: task.preview,
1515
1526
  currentStep: task.currentStep,
1516
1527
  summary: task.summary,
@@ -1527,12 +1538,19 @@ function createTeamTools(deps) {
1527
1538
  if (task.status === "running") {
1528
1539
  return JSON.stringify({
1529
1540
  status: "running",
1541
+ taskId: task.taskId,
1542
+ threadId: task.threadId,
1543
+ parentThreadId: task.parentThreadId,
1544
+ name: task.name,
1530
1545
  preview: task.preview,
1531
- message: "Task is still running. Check back later.",
1546
+ message: "Task is still running. Do not report it as complete; use status/read-result later.",
1532
1547
  });
1533
1548
  }
1534
1549
  return JSON.stringify({
1535
1550
  taskId: task.taskId,
1551
+ threadId: task.threadId,
1552
+ parentThreadId: task.parentThreadId,
1553
+ name: task.name,
1536
1554
  status: task.status,
1537
1555
  summary: task.summary,
1538
1556
  preview: task.preview,
@@ -1558,6 +1576,8 @@ function createTeamTools(deps) {
1558
1576
  return JSON.stringify(tasks.map((t) => ({
1559
1577
  taskId: t.taskId,
1560
1578
  threadId: t.threadId,
1579
+ parentThreadId: t.parentThreadId,
1580
+ name: t.name,
1561
1581
  description: t.description,
1562
1582
  status: t.status,
1563
1583
  currentStep: t.currentStep,
@@ -1627,7 +1647,7 @@ On the user's first interaction, check \`readAppState("personalization")\`. If i
1627
1647
 
1628
1648
  You also have tools for: inline embeds, chat history search, agent teams/sub-agents, recurring jobs, A2A cross-app calls, structured memory, live embedded browser sessions (\`list-browser-sessions\`, \`view-browser-session\`, \`run-browser-session-action\`, \`send-browser-session-command\`), and browser automation (\`activate-browser\` for Builder-provisioned Chrome; local development may also include \`set-browser-control\`). Call \`get-framework-context\` to read detailed instructions for any of these when needed — each capability's full doc lives there.
1629
1649
 
1630
- **Agent teams:** default to doing the work yourself. Delegate ONE sub-agent (\`agent-teams\` action "spawn") for self-contained heavy work; fan out to several only for genuinely independent units; never parallelize tightly-coupled work; cap fan-out around 3. Give each sub-agent a self-contained brief (objective, the specific context/IDs it needs, output format, boundaries) — it can't see this thread — then read all results and synthesize one integrated answer. Full details: \`get-framework-context\` key \`agent-teams\`.
1650
+ **Agent teams:** default to doing the work yourself. Delegate ONE sub-agent (\`agent-teams\` action "spawn") for self-contained heavy work; fan out to several only for genuinely independent units; never parallelize tightly-coupled work; cap fan-out around 3. Treat "background agent", "sub-agent", "parallel", "batch", "kick off", "run the rest", and "queued items" as delegation intent when the user is asking you to start or continue independent work items. After \`spawn\`, say the task started/running, not completed; use \`status\`/\`read-result\` before claiming the delegated work is done. Give each sub-agent a self-contained brief (objective, the specific context/IDs it needs, output format, boundaries) — it can't see this thread — then read all results and synthesize one integrated answer. Full details: \`get-framework-context\` key \`agent-teams\`.
1631
1651
 
1632
1652
  For brand-consistent generated media, use the first-party Assets agent via \`call-agent\` with agent "assets" when another app needs generated heroes, diagrams, product shots, thumbnails, videos, or design imagery. If this app has a native generation action, prefer that action because it may attach the asset to the local document/deck/design.
1633
1653
  `;
@@ -1668,7 +1688,7 @@ When the user asks to find a previous conversation, use \`chat-history\` with ac
1668
1688
  "agent-teams": `### Agent Teams — Orchestration
1669
1689
 
1670
1690
  You can delegate to background sub-agents with the \`agent-teams\` tool:
1671
- - \`agent-teams\` (action: "spawn") — Start a sub-agent on a task. It runs in its own thread with a clean context while you stay available; a live preview card appears in the chat. Optionally pass a custom agent profile from \`agents/*.md\` via the \`agent\` parameter.
1691
+ - \`agent-teams\` (action: "spawn") — Launch a sub-agent on a task. It runs in its own thread with a clean context while you stay available; a live preview card appears in the chat. The spawn result confirms launch only, not completion. Optionally pass a custom agent profile from \`agents/*.md\` via the \`agent\` parameter.
1672
1692
  - \`agent-teams\` (action: "status") — Check a running sub-agent's progress.
1673
1693
  - \`agent-teams\` (action: "read-result") — Read a finished sub-agent's output.
1674
1694
  - \`agent-teams\` (action: "send") — Message a running sub-agent.
@@ -1676,6 +1696,10 @@ You can delegate to background sub-agents with the \`agent-teams\` tool:
1676
1696
 
1677
1697
  Sub-agents inherit all of your template tools but **cannot spawn sub-agents themselves** — only you orchestrate.
1678
1698
 
1699
+ **User intent phrases.** If the user asks you to use a "sub-agent" or "background agent", that is explicit delegation intent. Also treat phrases like "run these in the background", "kick off the rest", "run the queued items", "batch run these jobs", "parallelize this", or "start the next batch" as delegation intent when the context is a set of independent work items.
1700
+
1701
+ **Spawn is not completion.** A successful \`spawn\` call means the sub-agent started and is running. Tell the user it started, show the task id if useful, and then use \`status\`/\`list\`/\`read-result\` to monitor it. Never say the delegated task "completed", "ran successfully", or "finished" until \`status\` or \`read-result\` reports \`completed\` or \`errored\`. If a task is still running, say that plainly.
1702
+
1679
1703
  **Default to doing the work yourself in this thread.** A sub-agent costs real tokens and adds a merge step, so reach for one only when delegation clearly pays for that overhead.
1680
1704
 
1681
1705
  **Delegate ONE sub-agent** when a task is self-contained and heavy: deep research, long multi-step content generation, or a noisy scan whose intermediate steps would clutter this thread. The sub-agent gets its own clean context and hands you back a distilled result.
@@ -1872,7 +1896,7 @@ Each of these has a one-line pointer here and a full doc you can pull on demand
1872
1896
 
1873
1897
  - **Inline embeds** — render an interactive app view inline in chat via an \`embed\` fenced code block. Detailed instructions: call \`get-framework-context\` with key \`embeds\`.
1874
1898
  - **Chat history** — search and reopen past conversations with \`chat-history\` (actions: search, open, rename, pin, unpin, archive). Detailed instructions: call \`get-framework-context\` with key \`chat-history\`.
1875
- - **Agent teams / sub-agents** — orchestrate background sub-agents with \`agent-teams\` (actions: spawn, status, read-result, send, list). Default to doing the work yourself in this thread. Delegate ONE sub-agent for self-contained heavy work (deep research, long multi-step generation, noisy scans); fan out to MULTIPLE only for genuinely independent units; never parallelize tightly-coupled work; cap fan-out around 3. Give every sub-agent a self-contained brief (objective, the specific context/IDs it needs, output format, boundaries), then read all results and synthesize one integrated answer. Detailed instructions: call \`get-framework-context\` with key \`agent-teams\`.
1899
+ - **Agent teams / sub-agents** — orchestrate background sub-agents with \`agent-teams\` (actions: spawn, status, read-result, send, list). Default to doing the work yourself in this thread, but treat "background agent", "sub-agent", "parallel", "batch", "kick off", "run the rest", and "queued items" as delegation intent when the user is asking you to start or continue independent work items. Delegate ONE sub-agent for self-contained heavy work (deep research, long multi-step generation, noisy scans); fan out to MULTIPLE only for genuinely independent units; never parallelize tightly-coupled work; cap fan-out around 3. After \`spawn\`, say the task started/running, not completed; use \`status\`/\`read-result\` before claiming delegated work is done. Give every sub-agent a self-contained brief (objective, the specific context/IDs it needs, output format, boundaries), then read all results and synthesize one integrated answer. Detailed instructions: call \`get-framework-context\` with key \`agent-teams\`.
1876
1900
  - **Recurring jobs** — create cron-scheduled jobs with \`manage-jobs\` (actions: create, list, update). After a task with obvious recurring value, offer in one line to save it as an automation. Detailed instructions: call \`get-framework-context\` with key \`recurring-jobs\`.
1877
1901
  - **Connecting Builder.io** — when the user needs a source-code change or hits "Builder not configured", call \`connect-builder\`; it renders a one-click Connect card. Do NOT write setup steps yourself, and never route users to Builder org/beta settings. Detailed instructions: call \`get-framework-context\` with key \`builder\`.
1878
1902
  - **Browser automation** — drive a real Chrome via \`set-browser-control\` (local dev) or \`activate-browser\` (production) for rendered pages, screenshots, and design-token extraction. Detailed instructions: call \`get-framework-context\` with key \`browser\`.
@@ -2024,6 +2048,11 @@ When editing code, follow the agent-native architecture:
2024
2048
  - No Node.js-specific APIs in server routes (must work on Cloudflare Workers, etc.)
2025
2049
  - Use shadcn/ui components and Tabler Icons for all UI work
2026
2050
  ${FRAMEWORK_CORE_COMPACT}`;
2051
+ export const _agentChatPromptSectionsForTests = {
2052
+ frameworkCore: FRAMEWORK_CORE,
2053
+ frameworkCoreCompact: FRAMEWORK_CORE_COMPACT,
2054
+ frameworkContextSections: FRAMEWORK_CONTEXT_SECTIONS,
2055
+ };
2027
2056
  /**
2028
2057
  * Pre-load the agent's context: AGENTS.md (workspace/template/runtime
2029
2058
  * instructions), the skills index, shared LEARNINGS.md (team notes), a shared
@@ -3528,29 +3557,33 @@ export function createAgentChatPlugin(options) {
3528
3557
  // requests for different threads don't clobber each other.
3529
3558
  const _runSendByThread = new Map();
3530
3559
  const resolvedModel = options?.model ?? DEFAULT_ANTHROPIC_MODEL;
3560
+ // The action set a sub-agent inherits. Shared between the spawn-time team
3561
+ // tool and the `_process-run` processor route below so the durable run
3562
+ // executes with exactly the tools the orchestrator intended.
3563
+ const buildSubAgentActions = () => isDevMode()
3564
+ ? {
3565
+ // Sub-agents spawned in dev mode also invoke template actions
3566
+ // via bash, so omit them from the native tool registry.
3567
+ ...resourceScripts,
3568
+ ...docsScripts,
3569
+ ...(lazyContext ? frameworkContextTool : {}),
3570
+ ...chatScripts,
3571
+ ...devScriptsForA2A,
3572
+ }
3573
+ : {
3574
+ ...templateScripts,
3575
+ ...resourceScripts,
3576
+ ...docsScripts,
3577
+ ...dbScripts,
3578
+ ...refreshScreenTool,
3579
+ ...(lazyContext ? frameworkContextTool : {}),
3580
+ ...urlTools,
3581
+ ...chatScripts,
3582
+ };
3531
3583
  const teamTools = createTeamTools({
3532
3584
  getOwner: () => requireCurrentRunOwner("spawn or manage sub-agents"),
3533
3585
  getSystemPrompt: () => getRequestRunContext()?.systemPrompt ?? basePrompt,
3534
- getActions: () => isDevMode()
3535
- ? {
3536
- // Sub-agents spawned in dev mode also invoke template actions
3537
- // via bash, so omit them from the native tool registry.
3538
- ...resourceScripts,
3539
- ...docsScripts,
3540
- ...(lazyContext ? frameworkContextTool : {}),
3541
- ...chatScripts,
3542
- ...devScriptsForA2A,
3543
- }
3544
- : {
3545
- ...templateScripts,
3546
- ...resourceScripts,
3547
- ...docsScripts,
3548
- ...dbScripts,
3549
- ...refreshScreenTool,
3550
- ...(lazyContext ? frameworkContextTool : {}),
3551
- ...urlTools,
3552
- ...chatScripts,
3553
- },
3586
+ getActions: buildSubAgentActions,
3554
3587
  getEngine: () => {
3555
3588
  const runCtx = getRequestRunContext();
3556
3589
  return (runCtx?.engine ??
@@ -3929,6 +3962,78 @@ Non-code requests are still fine on this surface: read data, navigate the UI, su
3929
3962
  canToggle,
3930
3963
  };
3931
3964
  }));
3965
+ // Self-heal the RunsTray: when the tray lists this owner's runs, first
3966
+ // reconcile their in-flight sub-agent runs (re-fire dropped dispatches,
3967
+ // mark dead runs failed) so the tray reflects precise status without
3968
+ // waiting on the orchestrator chat to poll. Registered here to keep the
3969
+ // generic progress store free of feature-module imports.
3970
+ setProgressPreListHook((owner, context) => runWithRequestContext({ userEmail: owner }, () => reconcileAgentTeamRunsForOwner(owner, context.event)));
3971
+ // ─── Agent Teams: durable sub-agent run processor ─────────────────
3972
+ // Self-fire target for `spawnTask`. Executes one chunk of a queued
3973
+ // sub-agent in this fresh function invocation (its own timeout budget)
3974
+ // so background sub-agents survive serverless instead of dying as a
3975
+ // detached promise. Mounted here so it closes over the sub-agent action
3976
+ // set / base prompt / engine (per-deployment closures that can't be
3977
+ // serialized into the queue). HMAC-authed with the same internal-token
3978
+ // scheme as the A2A/webhook processors.
3979
+ getH3App(nitroApp).use(AGENT_TEAM_PROCESS_RUN_PATH, defineEventHandler(async (event) => {
3980
+ if (getMethod(event) !== "POST") {
3981
+ setResponseStatus(event, 405);
3982
+ return { error: "Method not allowed" };
3983
+ }
3984
+ const body = (await readBody(event));
3985
+ const taskId = body && typeof body.taskId === "string" ? body.taskId : "";
3986
+ if (!taskId) {
3987
+ setResponseStatus(event, 400);
3988
+ return { error: "taskId required" };
3989
+ }
3990
+ const mode = body?.mode === "continue" ? "continue" : "start";
3991
+ if (hasConfiguredA2ASecret()) {
3992
+ const tok = extractBearerToken(getHeader(event, "authorization"));
3993
+ if (!verifyInternalToken(taskId, tok ?? "")) {
3994
+ setResponseStatus(event, 401);
3995
+ return { error: "Invalid or expired processor token" };
3996
+ }
3997
+ }
3998
+ else if (isA2AProductionRuntime()) {
3999
+ setResponseStatus(event, 503);
4000
+ return {
4001
+ error: "Agent Teams processor not configured — set A2A_SECRET on this deployment.",
4002
+ };
4003
+ }
4004
+ try {
4005
+ return await processAgentTeamRun({
4006
+ taskId,
4007
+ mode,
4008
+ event,
4009
+ resolveConfig: async ({ payload, ownerEmail }) => {
4010
+ let apiKey;
4011
+ try {
4012
+ const { getOwnerActiveApiKey } = await import("../agent/production-agent.js");
4013
+ apiKey =
4014
+ (await getOwnerActiveApiKey(ownerEmail)) ?? undefined;
4015
+ }
4016
+ catch {
4017
+ apiKey = undefined;
4018
+ }
4019
+ const engine = createAnthropicEngine({
4020
+ apiKey: apiKey ?? options?.apiKey ?? process.env.ANTHROPIC_API_KEY,
4021
+ });
4022
+ return {
4023
+ baseSystemPrompt: basePrompt,
4024
+ actions: buildSubAgentActions(),
4025
+ engine,
4026
+ model: payload.model ?? resolvedModel,
4027
+ };
4028
+ },
4029
+ });
4030
+ }
4031
+ catch (err) {
4032
+ console.error("[agent-teams] _process-run failed:", err);
4033
+ setResponseStatus(event, 500);
4034
+ return { error: "process-run failed" };
4035
+ }
4036
+ }));
3932
4037
  const modelDefaultsAppId = normalizeAgentAppModelDefaultAppId(options?.appId ??
3933
4038
  process.env.AGENT_NATIVE_APP_ID ??
3934
4039
  process.env.VITE_AGENT_NATIVE_TEMPLATE ??