npm - @agent-native/core - Versions diffs - 0.4.5 → 0.6.1 - Mend

@agent-native/core 0.4.5 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1015) hide show

package/README.md +15 -43
package/dist/a2a/agent-card.d.ts.map +1 -1
package/dist/a2a/agent-card.js +12 -1
package/dist/a2a/agent-card.js.map +1 -1
package/dist/a2a/client.d.ts +18 -0
package/dist/a2a/client.d.ts.map +1 -1
package/dist/a2a/client.js +62 -4
package/dist/a2a/client.js.map +1 -1
package/dist/a2a/handlers.d.ts +6 -3
package/dist/a2a/handlers.d.ts.map +1 -1
package/dist/a2a/handlers.js +45 -39
package/dist/a2a/handlers.js.map +1 -1
package/dist/a2a/index.d.ts +2 -2
package/dist/a2a/index.d.ts.map +1 -1
package/dist/a2a/index.js +3 -3
package/dist/a2a/index.js.map +1 -1
package/dist/a2a/server.d.ts +11 -2
package/dist/a2a/server.d.ts.map +1 -1
package/dist/a2a/server.js +99 -14
package/dist/a2a/server.js.map +1 -1
package/dist/a2a/task-store.d.ts +6 -6
package/dist/a2a/task-store.d.ts.map +1 -1
package/dist/a2a/task-store.js +102 -42
package/dist/a2a/task-store.js.map +1 -1
package/dist/a2a/types.d.ts +3 -0
package/dist/a2a/types.d.ts.map +1 -1
package/dist/action.d.ts +80 -0
package/dist/action.d.ts.map +1 -0
package/dist/action.js +232 -0
package/dist/action.js.map +1 -0
package/dist/agent/engine/ai-sdk-engine.d.ts +24 -0
package/dist/agent/engine/ai-sdk-engine.d.ts.map +1 -0
package/dist/agent/engine/ai-sdk-engine.js +302 -0
package/dist/agent/engine/ai-sdk-engine.js.map +1 -0
package/dist/agent/engine/anthropic-engine.d.ts +24 -0
package/dist/agent/engine/anthropic-engine.d.ts.map +1 -0
package/dist/agent/engine/anthropic-engine.js +169 -0
package/dist/agent/engine/anthropic-engine.js.map +1 -0
package/dist/agent/engine/builtin.d.ts +12 -0
package/dist/agent/engine/builtin.d.ts.map +1 -0
package/dist/agent/engine/builtin.js +72 -0
package/dist/agent/engine/builtin.js.map +1 -0
package/dist/agent/engine/index.d.ts +9 -0
package/dist/agent/engine/index.d.ts.map +1 -0
package/dist/agent/engine/index.js +8 -0
package/dist/agent/engine/index.js.map +1 -0
package/dist/agent/engine/registry.d.ts +61 -0
package/dist/agent/engine/registry.d.ts.map +1 -0
package/dist/agent/engine/registry.js +101 -0
package/dist/agent/engine/registry.js.map +1 -0
package/dist/agent/engine/translate-ai-sdk.d.ts +20 -0
package/dist/agent/engine/translate-ai-sdk.d.ts.map +1 -0
package/dist/agent/engine/translate-ai-sdk.js +174 -0
package/dist/agent/engine/translate-ai-sdk.js.map +1 -0
package/dist/agent/engine/translate-anthropic.d.ts +23 -0
package/dist/agent/engine/translate-anthropic.d.ts.map +1 -0
package/dist/agent/engine/translate-anthropic.js +140 -0
package/dist/agent/engine/translate-anthropic.js.map +1 -0
package/dist/agent/engine/types.d.ts +168 -0
package/dist/agent/engine/types.d.ts.map +1 -0
package/dist/agent/engine/types.js +13 -0
package/dist/agent/engine/types.js.map +1 -0
package/dist/agent/index.d.ts +2 -2
package/dist/agent/index.d.ts.map +1 -1
package/dist/agent/index.js.map +1 -1
package/dist/agent/production-agent.d.ts +69 -7
package/dist/agent/production-agent.d.ts.map +1 -1
package/dist/agent/production-agent.js +480 -127
package/dist/agent/production-agent.js.map +1 -1
package/dist/agent/run-manager.d.ts +43 -0
package/dist/agent/run-manager.d.ts.map +1 -0
package/dist/agent/run-manager.js +364 -0
package/dist/agent/run-manager.js.map +1 -0
package/dist/agent/run-store.d.ts +26 -0
package/dist/agent/run-store.d.ts.map +1 -0
package/dist/agent/run-store.js +145 -0
package/dist/agent/run-store.js.map +1 -0
package/dist/agent/thread-data-builder.d.ts +31 -0
package/dist/agent/thread-data-builder.d.ts.map +1 -0
package/dist/agent/thread-data-builder.js +91 -0
package/dist/agent/thread-data-builder.js.map +1 -0
package/dist/agent/types.d.ts +73 -1
package/dist/agent/types.d.ts.map +1 -1
package/dist/application-state/emitter.d.ts +3 -2
package/dist/application-state/emitter.d.ts.map +1 -1
package/dist/application-state/emitter.js +14 -4
package/dist/application-state/emitter.js.map +1 -1
package/dist/application-state/handlers.d.ts +8 -8
package/dist/application-state/handlers.d.ts.map +1 -1
package/dist/application-state/handlers.js +15 -17
package/dist/application-state/handlers.js.map +1 -1
package/dist/application-state/script-helpers.d.ts +1 -1
package/dist/application-state/script-helpers.d.ts.map +1 -1
package/dist/application-state/script-helpers.js +56 -8
package/dist/application-state/script-helpers.js.map +1 -1
package/dist/application-state/store.d.ts +4 -3
package/dist/application-state/store.d.ts.map +1 -1
package/dist/application-state/store.js +31 -59
package/dist/application-state/store.js.map +1 -1
package/dist/chat-threads/emitter.d.ts +9 -0
package/dist/chat-threads/emitter.d.ts.map +1 -0
package/dist/chat-threads/emitter.js +14 -0
package/dist/chat-threads/emitter.js.map +1 -0
package/dist/chat-threads/store.d.ts +42 -0
package/dist/chat-threads/store.d.ts.map +1 -0
package/dist/chat-threads/store.js +156 -0
package/dist/chat-threads/store.js.map +1 -0
package/dist/cli/create.d.ts +8 -2
package/dist/cli/create.d.ts.map +1 -1
package/dist/cli/create.js +288 -47
package/dist/cli/create.js.map +1 -1
package/dist/cli/index.js +49 -9
package/dist/cli/index.js.map +1 -1
package/dist/cli/setup-agents.d.ts +11 -0
package/dist/cli/setup-agents.d.ts.map +1 -0
package/dist/cli/setup-agents.js +123 -0
package/dist/cli/setup-agents.js.map +1 -0
package/dist/client/AgentPanel.d.ts +13 -2
package/dist/client/AgentPanel.d.ts.map +1 -1
package/dist/client/AgentPanel.js +771 -38
package/dist/client/AgentPanel.js.map +1 -1
package/dist/client/AgentTaskCard.d.ts +12 -0
package/dist/client/AgentTaskCard.d.ts.map +1 -0
package/dist/client/AgentTaskCard.js +146 -0
package/dist/client/AgentTaskCard.js.map +1 -0
package/dist/client/AssistantChat.d.ts +36 -3
package/dist/client/AssistantChat.d.ts.map +1 -1
package/dist/client/AssistantChat.js +838 -86
package/dist/client/AssistantChat.js.map +1 -1
package/dist/client/ClientOnly.d.ts +14 -0
package/dist/client/ClientOnly.d.ts.map +1 -0
package/dist/client/ClientOnly.js +17 -0
package/dist/client/ClientOnly.js.map +1 -0
package/dist/client/CommandMenu.d.ts +71 -0
package/dist/client/CommandMenu.d.ts.map +1 -0
package/dist/client/CommandMenu.js +257 -0
package/dist/client/CommandMenu.js.map +1 -0
package/dist/client/DefaultSpinner.d.ts +7 -0
package/dist/client/DefaultSpinner.d.ts.map +1 -0
package/dist/client/DefaultSpinner.js +28 -0
package/dist/client/DefaultSpinner.js.map +1 -0
package/dist/client/MultiTabAssistantChat.d.ts +40 -2
package/dist/client/MultiTabAssistantChat.d.ts.map +1 -1
package/dist/client/MultiTabAssistantChat.js +630 -59
package/dist/client/MultiTabAssistantChat.js.map +1 -1
package/dist/client/PoweredByBadge.d.ts.map +1 -1
package/dist/client/PoweredByBadge.js +4 -3
package/dist/client/PoweredByBadge.js.map +1 -1
package/dist/client/Turnstile.d.ts.map +1 -1
package/dist/client/Turnstile.js +2 -3
package/dist/client/Turnstile.js.map +1 -1
package/dist/client/active-run-state.d.ts +10 -0
package/dist/client/active-run-state.d.ts.map +1 -0
package/dist/client/active-run-state.js +32 -0
package/dist/client/active-run-state.js.map +1 -0
package/dist/client/agent-chat-adapter.d.ts +2 -1
package/dist/client/agent-chat-adapter.d.ts.map +1 -1
package/dist/client/agent-chat-adapter.js +145 -130
package/dist/client/agent-chat-adapter.js.map +1 -1
package/dist/client/agent-chat.d.ts +14 -1
package/dist/client/agent-chat.d.ts.map +1 -1
package/dist/client/agent-chat.js +6 -4
package/dist/client/agent-chat.js.map +1 -1
package/dist/client/components/ApiKeySettings.d.ts +2 -2
package/dist/client/components/ApiKeySettings.js +4 -4
package/dist/client/components/ApiKeySettings.js.map +1 -1
package/dist/client/components/CodeAgentIndicator.d.ts +14 -0
package/dist/client/components/CodeAgentIndicator.d.ts.map +1 -0
package/dist/client/components/CodeAgentIndicator.js +29 -0
package/dist/client/components/CodeAgentIndicator.js.map +1 -0
package/dist/client/components/CodeRequiredDialog.d.ts.map +1 -1
package/dist/client/components/CodeRequiredDialog.js +4 -3
package/dist/client/components/CodeRequiredDialog.js.map +1 -1
package/dist/client/composer/MentionPopover.d.ts +29 -0
package/dist/client/composer/MentionPopover.d.ts.map +1 -0
package/dist/client/composer/MentionPopover.js +160 -0
package/dist/client/composer/MentionPopover.js.map +1 -0
package/dist/client/composer/TiptapComposer.d.ts +26 -0
package/dist/client/composer/TiptapComposer.d.ts.map +1 -0
package/dist/client/composer/TiptapComposer.js +545 -0
package/dist/client/composer/TiptapComposer.js.map +1 -0
package/dist/client/composer/extensions/FileReference.d.ts +3 -0
package/dist/client/composer/extensions/FileReference.d.ts.map +1 -0
package/dist/client/composer/extensions/FileReference.js +36 -0
package/dist/client/composer/extensions/FileReference.js.map +1 -0
package/dist/client/composer/extensions/MentionReference.d.ts +3 -0
package/dist/client/composer/extensions/MentionReference.d.ts.map +1 -0
package/dist/client/composer/extensions/MentionReference.js +63 -0
package/dist/client/composer/extensions/MentionReference.js.map +1 -0
package/dist/client/composer/extensions/SkillReference.d.ts +3 -0
package/dist/client/composer/extensions/SkillReference.d.ts.map +1 -0
package/dist/client/composer/extensions/SkillReference.js +40 -0
package/dist/client/composer/extensions/SkillReference.js.map +1 -0
package/dist/client/composer/index.d.ts +8 -0
package/dist/client/composer/index.d.ts.map +1 -0
package/dist/client/composer/index.js +7 -0
package/dist/client/composer/index.js.map +1 -0
package/dist/client/composer/types.d.ts +37 -0
package/dist/client/composer/types.d.ts.map +1 -0
package/dist/client/composer/types.js +2 -0
package/dist/client/composer/types.js.map +1 -0
package/dist/client/composer/use-file-search.d.ts +6 -0
package/dist/client/composer/use-file-search.d.ts.map +1 -0
package/dist/client/composer/use-file-search.js +40 -0
package/dist/client/composer/use-file-search.js.map +1 -0
package/dist/client/composer/use-mention-search.d.ts +6 -0
package/dist/client/composer/use-mention-search.d.ts.map +1 -0
package/dist/client/composer/use-mention-search.js +72 -0
package/dist/client/composer/use-mention-search.js.map +1 -0
package/dist/client/composer/use-skills.d.ts +7 -0
package/dist/client/composer/use-skills.d.ts.map +1 -0
package/dist/client/composer/use-skills.js +38 -0
package/dist/client/composer/use-skills.js.map +1 -0
package/dist/client/frame-protocol.d.ts +54 -0
package/dist/client/frame-protocol.d.ts.map +1 -0
package/dist/client/frame-protocol.js +9 -0
package/dist/client/frame-protocol.js.map +1 -0
package/dist/client/frame.d.ts +56 -0
package/dist/client/frame.d.ts.map +1 -0
package/dist/client/{harness.js → frame.js} +49 -26
package/dist/client/frame.js.map +1 -0
package/dist/client/index.d.ts +15 -6
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +13 -5
package/dist/client/index.js.map +1 -1
package/dist/client/integrations/IntegrationCard.d.ts +6 -0
package/dist/client/integrations/IntegrationCard.d.ts.map +1 -0
package/dist/client/integrations/IntegrationCard.js +45 -0
package/dist/client/integrations/IntegrationCard.js.map +1 -0
package/dist/client/integrations/IntegrationsPanel.d.ts +2 -0
package/dist/client/integrations/IntegrationsPanel.d.ts.map +1 -0
package/dist/client/integrations/IntegrationsPanel.js +149 -0
package/dist/client/integrations/IntegrationsPanel.js.map +1 -0
package/dist/client/integrations/index.d.ts +4 -0
package/dist/client/integrations/index.d.ts.map +1 -0
package/dist/client/integrations/index.js +3 -0
package/dist/client/integrations/index.js.map +1 -0
package/dist/client/integrations/useIntegrationStatus.d.ts +15 -0
package/dist/client/integrations/useIntegrationStatus.d.ts.map +1 -0
package/dist/client/integrations/useIntegrationStatus.js +37 -0
package/dist/client/integrations/useIntegrationStatus.js.map +1 -0
package/dist/client/org/InvitationBanner.d.ts +9 -0
package/dist/client/org/InvitationBanner.d.ts.map +1 -0
package/dist/client/org/InvitationBanner.js +17 -0
package/dist/client/org/InvitationBanner.js.map +1 -0
package/dist/client/org/OrgSwitcher.d.ts +14 -0
package/dist/client/org/OrgSwitcher.d.ts.map +1 -0
package/dist/client/org/OrgSwitcher.js +51 -0
package/dist/client/org/OrgSwitcher.js.map +1 -0
package/dist/client/org/TeamPage.d.ts +23 -0
package/dist/client/org/TeamPage.d.ts.map +1 -0
package/dist/client/org/TeamPage.js +145 -0
package/dist/client/org/TeamPage.js.map +1 -0
package/dist/client/org/hooks.d.ts +14 -0
package/dist/client/org/hooks.d.ts.map +1 -0
package/dist/client/org/hooks.js +101 -0
package/dist/client/org/hooks.js.map +1 -0
package/dist/client/org/index.d.ts +6 -0
package/dist/client/org/index.d.ts.map +1 -0
package/dist/client/org/index.js +6 -0
package/dist/client/org/index.js.map +1 -0
package/dist/client/resources/ResourceEditor.d.ts +14 -0
package/dist/client/resources/ResourceEditor.d.ts.map +1 -0
package/dist/client/resources/ResourceEditor.js +932 -0
package/dist/client/resources/ResourceEditor.js.map +1 -0
package/dist/client/resources/ResourceTree.d.ts +17 -0
package/dist/client/resources/ResourceTree.d.ts.map +1 -0
package/dist/client/resources/ResourceTree.js +137 -0
package/dist/client/resources/ResourceTree.js.map +1 -0
package/dist/client/resources/ResourcesPanel.d.ts +2 -0
package/dist/client/resources/ResourcesPanel.d.ts.map +1 -0
package/dist/client/resources/ResourcesPanel.js +366 -0
package/dist/client/resources/ResourcesPanel.js.map +1 -0
package/dist/client/resources/index.d.ts +5 -0
package/dist/client/resources/index.d.ts.map +1 -0
package/dist/client/resources/index.js +5 -0
package/dist/client/resources/index.js.map +1 -0
package/dist/client/resources/use-resources.d.ts +55 -0
package/dist/client/resources/use-resources.d.ts.map +1 -0
package/dist/client/resources/use-resources.js +102 -0
package/dist/client/resources/use-resources.js.map +1 -0
package/dist/client/sse-event-processor.d.ts +58 -0
package/dist/client/sse-event-processor.d.ts.map +1 -0
package/dist/client/sse-event-processor.js +300 -0
package/dist/client/sse-event-processor.js.map +1 -0
package/dist/client/terminal/AgentTerminal.d.ts +5 -5
package/dist/client/terminal/AgentTerminal.d.ts.map +1 -1
package/dist/client/terminal/AgentTerminal.js +25 -20
package/dist/client/terminal/AgentTerminal.js.map +1 -1
package/dist/client/use-action.d.ts +51 -0
package/dist/client/use-action.d.ts.map +1 -0
package/dist/client/use-action.js +102 -0
package/dist/client/use-action.js.map +1 -0
package/dist/client/use-agent-chat.d.ts +1 -1
package/dist/client/use-agent-chat.d.ts.map +1 -1
package/dist/client/use-agent-chat.js +3 -3
package/dist/client/use-agent-chat.js.map +1 -1
package/dist/client/use-avatar.d.ts +15 -0
package/dist/client/use-avatar.d.ts.map +1 -0
package/dist/client/use-avatar.js +116 -0
package/dist/client/use-avatar.js.map +1 -0
package/dist/client/use-chat-threads.d.ts +36 -0
package/dist/client/use-chat-threads.d.ts.map +1 -0
package/dist/client/use-chat-threads.js +191 -0
package/dist/client/use-chat-threads.js.map +1 -0
package/dist/client/use-db-sync.d.ts +35 -0
package/dist/client/use-db-sync.d.ts.map +1 -0
package/dist/client/use-db-sync.js +74 -0
package/dist/client/use-db-sync.js.map +1 -0
package/dist/client/use-dev-mode.d.ts +4 -2
package/dist/client/use-dev-mode.d.ts.map +1 -1
package/dist/client/use-dev-mode.js +41 -12
package/dist/client/use-dev-mode.js.map +1 -1
package/dist/client/use-send-to-agent-chat.d.ts +7 -4
package/dist/client/use-send-to-agent-chat.d.ts.map +1 -1
package/dist/client/use-send-to-agent-chat.js +31 -10
package/dist/client/use-send-to-agent-chat.js.map +1 -1
package/dist/client/use-session.d.ts +1 -1
package/dist/client/use-session.js +2 -2
package/dist/client/use-session.js.map +1 -1
package/dist/client/useProductionAgent.d.ts +1 -1
package/dist/client/useProductionAgent.d.ts.map +1 -1
package/dist/client/useProductionAgent.js +38 -3
package/dist/client/useProductionAgent.js.map +1 -1
package/dist/collab/awareness.d.ts +41 -0
package/dist/collab/awareness.d.ts.map +1 -0
package/dist/collab/awareness.js +82 -0
package/dist/collab/awareness.js.map +1 -0
package/dist/collab/client.d.ts +49 -0
package/dist/collab/client.d.ts.map +1 -0
package/dist/collab/client.js +250 -0
package/dist/collab/client.js.map +1 -0
package/dist/collab/emitter.d.ts +12 -0
package/dist/collab/emitter.d.ts.map +1 -0
package/dist/collab/emitter.js +16 -0
package/dist/collab/emitter.js.map +1 -0
package/dist/collab/index.d.ts +7 -0
package/dist/collab/index.d.ts.map +1 -0
package/dist/collab/index.js +14 -0
package/dist/collab/index.js.map +1 -0
package/dist/collab/routes.d.ts +69 -0
package/dist/collab/routes.d.ts.map +1 -0
package/dist/collab/routes.js +98 -0
package/dist/collab/routes.js.map +1 -0
package/dist/collab/storage.d.ts +18 -0
package/dist/collab/storage.d.ts.map +1 -0
package/dist/collab/storage.js +94 -0
package/dist/collab/storage.js.map +1 -0
package/dist/collab/text-to-yjs.d.ts +23 -0
package/dist/collab/text-to-yjs.d.ts.map +1 -0
package/dist/collab/text-to-yjs.js +63 -0
package/dist/collab/text-to-yjs.js.map +1 -0
package/dist/collab/xml-ops.d.ts +20 -0
package/dist/collab/xml-ops.d.ts.map +1 -0
package/dist/collab/xml-ops.js +59 -0
package/dist/collab/xml-ops.js.map +1 -0
package/dist/collab/ydoc-manager.d.ts +52 -0
package/dist/collab/ydoc-manager.d.ts.map +1 -0
package/dist/collab/ydoc-manager.js +154 -0
package/dist/collab/ydoc-manager.js.map +1 -0
package/dist/credentials/index.d.ts +18 -0
package/dist/credentials/index.d.ts.map +1 -0
package/dist/credentials/index.js +32 -0
package/dist/credentials/index.js.map +1 -0
package/dist/db/client.d.ts +45 -0
package/dist/db/client.d.ts.map +1 -0
package/dist/db/client.js +289 -0
package/dist/db/client.js.map +1 -0
package/dist/db/create-get-db.d.ts.map +1 -1
package/dist/db/create-get-db.js +103 -16
package/dist/db/create-get-db.js.map +1 -1
package/dist/db/index.d.ts +10 -6
package/dist/db/index.d.ts.map +1 -1
package/dist/db/index.js +10 -4
package/dist/db/index.js.map +1 -1
package/dist/db/migrations.d.ts +9 -1
package/dist/db/migrations.d.ts.map +1 -1
package/dist/db/migrations.js +67 -41
package/dist/db/migrations.js.map +1 -1
package/dist/db/schema.d.ts +52 -0
package/dist/db/schema.d.ts.map +1 -0
package/dist/db/schema.js +72 -0
package/dist/db/schema.js.map +1 -0
package/dist/deploy/build.js +636 -42
package/dist/deploy/build.js.map +1 -1
package/dist/deploy/route-discovery.d.ts +25 -3
package/dist/deploy/route-discovery.d.ts.map +1 -1
package/dist/deploy/route-discovery.js +135 -24
package/dist/deploy/route-discovery.js.map +1 -1
package/dist/index.browser.d.ts +3 -1
package/dist/index.browser.d.ts.map +1 -1
package/dist/index.browser.js +5 -1
package/dist/index.browser.js.map +1 -1
package/dist/index.d.ts +4 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +3 -2
package/dist/index.js.map +1 -1
package/dist/integrations/adapters/slack.d.ts +10 -0
package/dist/integrations/adapters/slack.d.ts.map +1 -0
package/dist/integrations/adapters/slack.js +215 -0
package/dist/integrations/adapters/slack.js.map +1 -0
package/dist/integrations/adapters/telegram.d.ts +12 -0
package/dist/integrations/adapters/telegram.d.ts.map +1 -0
package/dist/integrations/adapters/telegram.js +184 -0
package/dist/integrations/adapters/telegram.js.map +1 -0
package/dist/integrations/adapters/whatsapp.d.ts +14 -0
package/dist/integrations/adapters/whatsapp.d.ts.map +1 -0
package/dist/integrations/adapters/whatsapp.js +205 -0
package/dist/integrations/adapters/whatsapp.js.map +1 -0
package/dist/integrations/config-store.d.ts +24 -0
package/dist/integrations/config-store.d.ts.map +1 -0
package/dist/integrations/config-store.js +92 -0
package/dist/integrations/config-store.js.map +1 -0
package/dist/integrations/index.d.ts +8 -0
package/dist/integrations/index.d.ts.map +1 -0
package/dist/integrations/index.js +10 -0
package/dist/integrations/index.js.map +1 -0
package/dist/integrations/plugin.d.ts +20 -0
package/dist/integrations/plugin.d.ts.map +1 -0
package/dist/integrations/plugin.js +213 -0
package/dist/integrations/plugin.js.map +1 -0
package/dist/integrations/thread-mapping-store.d.ts +25 -0
package/dist/integrations/thread-mapping-store.d.ts.map +1 -0
package/dist/integrations/thread-mapping-store.js +95 -0
package/dist/integrations/thread-mapping-store.js.map +1 -0
package/dist/integrations/types.d.ts +111 -0
package/dist/integrations/types.d.ts.map +1 -0
package/dist/integrations/types.js +2 -0
package/dist/integrations/types.js.map +1 -0
package/dist/integrations/webhook-handler.d.ts +31 -0
package/dist/integrations/webhook-handler.d.ts.map +1 -0
package/dist/integrations/webhook-handler.js +210 -0
package/dist/integrations/webhook-handler.js.map +1 -0
package/dist/jobs/cron.d.ts +14 -0
package/dist/jobs/cron.d.ts.map +1 -0
package/dist/jobs/cron.js +100 -0
package/dist/jobs/cron.js.map +1 -0
package/dist/jobs/index.d.ts +4 -0
package/dist/jobs/index.d.ts.map +1 -0
package/dist/jobs/index.js +4 -0
package/dist/jobs/index.js.map +1 -0
package/dist/jobs/scheduler.d.ts +29 -0
package/dist/jobs/scheduler.d.ts.map +1 -0
package/dist/jobs/scheduler.js +205 -0
package/dist/jobs/scheduler.js.map +1 -0
package/dist/jobs/tools.d.ts +3 -0
package/dist/jobs/tools.d.ts.map +1 -0
package/dist/jobs/tools.js +192 -0
package/dist/jobs/tools.js.map +1 -0
package/dist/mcp/index.d.ts +3 -0
package/dist/mcp/index.d.ts.map +1 -0
package/dist/mcp/index.js +2 -0
package/dist/mcp/index.js.map +1 -0
package/dist/mcp/server.d.ts +26 -0
package/dist/mcp/server.d.ts.map +1 -0
package/dist/mcp/server.js +182 -0
package/dist/mcp/server.js.map +1 -0
package/dist/oauth-tokens/index.d.ts +1 -1
package/dist/oauth-tokens/index.d.ts.map +1 -1
package/dist/oauth-tokens/index.js +1 -1
package/dist/oauth-tokens/index.js.map +1 -1
package/dist/oauth-tokens/store.d.ts +5 -0
package/dist/oauth-tokens/store.d.ts.map +1 -1
package/dist/oauth-tokens/store.js +67 -82
package/dist/oauth-tokens/store.js.map +1 -1
package/dist/org/context.d.ts +11 -0
package/dist/org/context.d.ts.map +1 -0
package/dist/org/context.js +61 -0
package/dist/org/context.js.map +1 -0
package/dist/org/handlers.d.ts +66 -0
package/dist/org/handlers.d.ts.map +1 -0
package/dist/org/handlers.js +306 -0
package/dist/org/handlers.js.map +1 -0
package/dist/org/index.d.ts +7 -0
package/dist/org/index.d.ts.map +1 -0
package/dist/org/index.js +11 -0
package/dist/org/index.js.map +1 -0
package/dist/org/migrations.d.ts +10 -0
package/dist/org/migrations.d.ts.map +1 -0
package/dist/org/migrations.js +39 -0
package/dist/org/migrations.js.map +1 -0
package/dist/org/plugin.d.ts +26 -0
package/dist/org/plugin.d.ts.map +1 -0
package/dist/org/plugin.js +94 -0
package/dist/org/plugin.js.map +1 -0
package/dist/org/schema.d.ts +301 -0
package/dist/org/schema.d.ts.map +1 -0
package/dist/org/schema.js +23 -0
package/dist/org/schema.js.map +1 -0
package/dist/org/types.d.ts +42 -0
package/dist/org/types.d.ts.map +1 -0
package/dist/org/types.js +5 -0
package/dist/org/types.js.map +1 -0
package/dist/resources/emitter.d.ts +13 -0
package/dist/resources/emitter.d.ts.map +1 -0
package/dist/resources/emitter.js +32 -0
package/dist/resources/emitter.js.map +1 -0
package/dist/resources/handlers.d.ts +54 -0
package/dist/resources/handlers.d.ts.map +1 -0
package/dist/resources/handlers.js +292 -0
package/dist/resources/handlers.js.map +1 -0
package/dist/resources/index.d.ts +5 -0
package/dist/resources/index.d.ts.map +1 -0
package/dist/resources/index.js +5 -0
package/dist/resources/index.js.map +1 -0
package/dist/resources/script-helpers.d.ts +24 -0
package/dist/resources/script-helpers.d.ts.map +1 -0
package/dist/resources/script-helpers.js +36 -0
package/dist/resources/script-helpers.js.map +1 -0
package/dist/resources/store.d.ts +40 -0
package/dist/resources/store.d.ts.map +1 -0
package/dist/resources/store.js +497 -0
package/dist/resources/store.js.map +1 -0
package/dist/scripts/agent-engines/list-agent-engines.d.ts +7 -0
package/dist/scripts/agent-engines/list-agent-engines.d.ts.map +1 -0
package/dist/scripts/agent-engines/list-agent-engines.js +42 -0
package/dist/scripts/agent-engines/list-agent-engines.js.map +1 -0
package/dist/scripts/agent-engines/set-agent-engine.d.ts +7 -0
package/dist/scripts/agent-engines/set-agent-engine.d.ts.map +1 -0
package/dist/scripts/agent-engines/set-agent-engine.js +57 -0
package/dist/scripts/agent-engines/set-agent-engine.js.map +1 -0
package/dist/scripts/agent-engines/test-agent-engine.d.ts +7 -0
package/dist/scripts/agent-engines/test-agent-engine.d.ts.map +1 -0
package/dist/scripts/agent-engines/test-agent-engine.js +102 -0
package/dist/scripts/agent-engines/test-agent-engine.js.map +1 -0
package/dist/scripts/call-agent.d.ts +5 -0
package/dist/scripts/call-agent.d.ts.map +1 -0
package/dist/scripts/call-agent.js +111 -0
package/dist/scripts/call-agent.js.map +1 -0
package/dist/scripts/chat/index.d.ts +2 -0
package/dist/scripts/chat/index.d.ts.map +1 -0
package/dist/scripts/chat/index.js +5 -0
package/dist/scripts/chat/index.js.map +1 -0
package/dist/scripts/chat/open-chat.d.ts +11 -0
package/dist/scripts/chat/open-chat.d.ts.map +1 -0
package/dist/scripts/chat/open-chat.js +48 -0
package/dist/scripts/chat/open-chat.js.map +1 -0
package/dist/scripts/chat/search-chats.d.ts +10 -0
package/dist/scripts/chat/search-chats.d.ts.map +1 -0
package/dist/scripts/chat/search-chats.js +89 -0
package/dist/scripts/chat/search-chats.js.map +1 -0
package/dist/scripts/core-scripts.d.ts.map +1 -1
package/dist/scripts/core-scripts.js +4 -0
package/dist/scripts/core-scripts.js.map +1 -1
package/dist/scripts/db/check-scoping.d.ts +14 -0
package/dist/scripts/db/check-scoping.d.ts.map +1 -0
package/dist/scripts/db/check-scoping.js +174 -0
package/dist/scripts/db/check-scoping.js.map +1 -0
package/dist/scripts/db/exec.d.ts +7 -2
package/dist/scripts/db/exec.d.ts.map +1 -1
package/dist/scripts/db/exec.js +143 -36
package/dist/scripts/db/exec.js.map +1 -1
package/dist/scripts/db/index.d.ts.map +1 -1
package/dist/scripts/db/index.js +2 -0
package/dist/scripts/db/index.js.map +1 -1
package/dist/scripts/db/patch.d.ts +50 -0
package/dist/scripts/db/patch.d.ts.map +1 -0
package/dist/scripts/db/patch.js +392 -0
package/dist/scripts/db/patch.js.map +1 -0
package/dist/scripts/db/query.d.ts +7 -2
package/dist/scripts/db/query.d.ts.map +1 -1
package/dist/scripts/db/query.js +89 -45
package/dist/scripts/db/query.js.map +1 -1
package/dist/scripts/db/schema.d.ts +2 -2
package/dist/scripts/db/schema.d.ts.map +1 -1
package/dist/scripts/db/schema.js +145 -6
package/dist/scripts/db/schema.js.map +1 -1
package/dist/scripts/db/scoping.d.ts +42 -0
package/dist/scripts/db/scoping.d.ts.map +1 -0
package/dist/scripts/db/scoping.js +216 -0
package/dist/scripts/db/scoping.js.map +1 -0
package/dist/scripts/dev/index.d.ts +2 -2
package/dist/scripts/dev/index.d.ts.map +1 -1
package/dist/scripts/dev/index.js +65 -2
package/dist/scripts/dev/index.js.map +1 -1
package/dist/scripts/dev/list-files.d.ts +2 -2
package/dist/scripts/dev/read-file.d.ts +2 -2
package/dist/scripts/dev/read-file.js +1 -1
package/dist/scripts/dev/read-file.js.map +1 -1
package/dist/scripts/dev/search-files.d.ts +2 -2
package/dist/scripts/dev/search-files.js +1 -1
package/dist/scripts/dev/search-files.js.map +1 -1
package/dist/scripts/dev/shell.d.ts +2 -2
package/dist/scripts/dev/shell.js +1 -1
package/dist/scripts/dev/shell.js.map +1 -1
package/dist/scripts/dev/write-file.d.ts +2 -2
package/dist/scripts/dev/write-file.js +1 -1
package/dist/scripts/dev/write-file.js.map +1 -1
package/dist/scripts/parse-args.d.ts +14 -0
package/dist/scripts/parse-args.d.ts.map +1 -0
package/dist/scripts/parse-args.js +45 -0
package/dist/scripts/parse-args.js.map +1 -0
package/dist/scripts/resources/delete.d.ts +10 -0
package/dist/scripts/resources/delete.d.ts.map +1 -0
package/dist/scripts/resources/delete.js +38 -0
package/dist/scripts/resources/delete.js.map +1 -0
package/dist/scripts/resources/index.d.ts +2 -0
package/dist/scripts/resources/index.d.ts.map +1 -0
package/dist/scripts/resources/index.js +8 -0
package/dist/scripts/resources/index.js.map +1 -0
package/dist/scripts/resources/list.d.ts +10 -0
package/dist/scripts/resources/list.d.ts.map +1 -0
package/dist/scripts/resources/list.js +57 -0
package/dist/scripts/resources/list.js.map +1 -0
package/dist/scripts/resources/migrate-learnings.d.ts +10 -0
package/dist/scripts/resources/migrate-learnings.d.ts.map +1 -0
package/dist/scripts/resources/migrate-learnings.js +23 -0
package/dist/scripts/resources/migrate-learnings.js.map +1 -0
package/dist/scripts/resources/read.d.ts +10 -0
package/dist/scripts/resources/read.d.ts.map +1 -0
package/dist/scripts/resources/read.js +59 -0
package/dist/scripts/resources/read.js.map +1 -0
package/dist/scripts/resources/write.d.ts +10 -0
package/dist/scripts/resources/write.d.ts.map +1 -0
package/dist/scripts/resources/write.js +67 -0
package/dist/scripts/resources/write.js.map +1 -0
package/dist/scripts/runner.d.ts +7 -7
package/dist/scripts/runner.d.ts.map +1 -1
package/dist/scripts/runner.js +78 -29
package/dist/scripts/runner.js.map +1 -1
package/dist/scripts/utils.d.ts +5 -10
package/dist/scripts/utils.d.ts.map +1 -1
package/dist/scripts/utils.js +7 -43
package/dist/scripts/utils.js.map +1 -1
package/dist/server/action-discovery.d.ts +40 -0
package/dist/server/action-discovery.d.ts.map +1 -0
package/dist/server/action-discovery.js +257 -0
package/dist/server/action-discovery.js.map +1 -0
package/dist/server/action-routes.d.ts +15 -0
package/dist/server/action-routes.d.ts.map +1 -0
package/dist/server/action-routes.js +105 -0
package/dist/server/action-routes.js.map +1 -0
package/dist/server/agent-chat-plugin.d.ts +32 -23
package/dist/server/agent-chat-plugin.d.ts.map +1 -1
package/dist/server/agent-chat-plugin.js +1983 -39
package/dist/server/agent-chat-plugin.js.map +1 -1
package/dist/server/agent-discovery.d.ts +21 -0
package/dist/server/agent-discovery.d.ts.map +1 -0
package/dist/server/agent-discovery.js +197 -0
package/dist/server/agent-discovery.js.map +1 -0
package/dist/server/agent-teams.d.ts +70 -0
package/dist/server/agent-teams.d.ts.map +1 -0
package/dist/server/agent-teams.js +367 -0
package/dist/server/agent-teams.js.map +1 -0
package/dist/server/agents-bundle.d.ts +87 -0
package/dist/server/agents-bundle.d.ts.map +1 -0
package/dist/server/agents-bundle.js +231 -0
package/dist/server/agents-bundle.js.map +1 -0
package/dist/server/auth-plugin.d.ts +5 -0
package/dist/server/auth-plugin.d.ts.map +1 -1
package/dist/server/auth-plugin.js +13 -3
package/dist/server/auth-plugin.js.map +1 -1
package/dist/server/auth.d.ts +54 -31
package/dist/server/auth.d.ts.map +1 -1
package/dist/server/auth.js +671 -294
package/dist/server/auth.js.map +1 -1
package/dist/server/better-auth-instance.d.ts +72 -0
package/dist/server/better-auth-instance.d.ts.map +1 -0
package/dist/server/better-auth-instance.js +144 -0
package/dist/server/better-auth-instance.js.map +1 -0
package/dist/server/collab-plugin.d.ts +29 -0
package/dist/server/collab-plugin.d.ts.map +1 -0
package/dist/server/collab-plugin.js +85 -0
package/dist/server/collab-plugin.js.map +1 -0
package/dist/server/core-routes-plugin.d.ts +54 -0
package/dist/server/core-routes-plugin.d.ts.map +1 -0
package/dist/server/core-routes-plugin.js +195 -0
package/dist/server/core-routes-plugin.js.map +1 -0
package/dist/server/create-server.d.ts +5 -5
package/dist/server/create-server.d.ts.map +1 -1
package/dist/server/create-server.js +44 -21
package/dist/server/create-server.js.map +1 -1
package/dist/server/framework-request-handler.d.ts +47 -0
package/dist/server/framework-request-handler.d.ts.map +1 -0
package/dist/server/framework-request-handler.js +168 -0
package/dist/server/framework-request-handler.js.map +1 -0
package/dist/server/google-auth-plugin.d.ts +4 -0
package/dist/server/google-auth-plugin.d.ts.map +1 -1
package/dist/server/google-auth-plugin.js +16 -15
package/dist/server/google-auth-plugin.js.map +1 -1
package/dist/server/google-oauth.d.ts +72 -0
package/dist/server/google-oauth.d.ts.map +1 -0
package/dist/server/google-oauth.js +209 -0
package/dist/server/google-oauth.js.map +1 -0
package/dist/server/h3-helpers.d.ts +23 -0
package/dist/server/h3-helpers.d.ts.map +1 -0
package/dist/server/h3-helpers.js +37 -0
package/dist/server/h3-helpers.js.map +1 -0
package/dist/server/index.d.ts +17 -5
package/dist/server/index.d.ts.map +1 -1
package/dist/server/index.js +19 -4
package/dist/server/index.js.map +1 -1
package/dist/server/local-migration.d.ts +32 -0
package/dist/server/local-migration.d.ts.map +1 -0
package/dist/server/local-migration.js +205 -0
package/dist/server/local-migration.js.map +1 -0
package/dist/server/oauth-helpers.d.ts +14 -0
package/dist/server/oauth-helpers.d.ts.map +1 -0
package/dist/server/oauth-helpers.js +23 -0
package/dist/server/oauth-helpers.js.map +1 -0
package/dist/server/onboarding-html.d.ts +24 -0
package/dist/server/onboarding-html.d.ts.map +1 -0
package/dist/server/onboarding-html.js +347 -0
package/dist/server/onboarding-html.js.map +1 -0
package/dist/server/poll.d.ts +45 -0
package/dist/server/poll.d.ts.map +1 -0
package/dist/server/poll.js +96 -0
package/dist/server/poll.js.map +1 -0
package/dist/server/resources-plugin.d.ts +27 -0
package/dist/server/resources-plugin.d.ts.map +1 -0
package/dist/server/resources-plugin.js +75 -0
package/dist/server/resources-plugin.js.map +1 -0
package/dist/server/schema-prompt.d.ts +16 -0
package/dist/server/schema-prompt.d.ts.map +1 -0
package/dist/server/schema-prompt.js +275 -0
package/dist/server/schema-prompt.js.map +1 -0
package/dist/server/script-discovery.d.ts +6 -0
package/dist/server/script-discovery.d.ts.map +1 -0
package/dist/server/script-discovery.js +6 -0
package/dist/server/script-discovery.js.map +1 -0
package/dist/server/sse.d.ts +4 -21
package/dist/server/sse.d.ts.map +1 -1
package/dist/server/sse.js +2 -30
package/dist/server/sse.js.map +1 -1
package/dist/server/ssr-handler.d.ts +6 -0
package/dist/server/ssr-handler.d.ts.map +1 -0
package/dist/server/ssr-handler.js +55 -0
package/dist/server/ssr-handler.js.map +1 -0
package/dist/settings/handlers.d.ts +6 -6
package/dist/settings/handlers.d.ts.map +1 -1
package/dist/settings/handlers.js +9 -6
package/dist/settings/handlers.js.map +1 -1
package/dist/settings/index.d.ts +2 -1
package/dist/settings/index.d.ts.map +1 -1
package/dist/settings/index.js +2 -0
package/dist/settings/index.js.map +1 -1
package/dist/settings/org-settings.d.ts +22 -0
package/dist/settings/org-settings.d.ts.map +1 -0
package/dist/settings/org-settings.js +45 -0
package/dist/settings/org-settings.js.map +1 -0
package/dist/settings/store.d.ts +6 -2
package/dist/settings/store.d.ts.map +1 -1
package/dist/settings/store.js +26 -63
package/dist/settings/store.js.map +1 -1
package/dist/settings/user-settings.d.ts +3 -2
package/dist/settings/user-settings.d.ts.map +1 -1
package/dist/settings/user-settings.js +5 -5
package/dist/settings/user-settings.js.map +1 -1
package/dist/shared/agent-chat.d.ts +5 -5
package/dist/shared/agent-chat.d.ts.map +1 -1
package/dist/shared/agent-chat.js +8 -8
package/dist/shared/agent-chat.js.map +1 -1
package/dist/shared/agent-env.d.ts +1 -1
package/dist/shared/agent-env.js +1 -1
package/dist/shared/runtime.d.ts +14 -0
package/dist/shared/runtime.d.ts.map +1 -0
package/dist/shared/runtime.js +25 -0
package/dist/shared/runtime.js.map +1 -0
package/dist/tailwind.preset.d.ts +7 -6
package/dist/tailwind.preset.d.ts.map +1 -1
package/dist/tailwind.preset.js +18 -1
package/dist/tailwind.preset.js.map +1 -1
package/dist/templates/default/.agents/skills/actions/SKILL.md +142 -0
package/dist/templates/default/.agents/skills/agent-engines/SKILL.md +127 -0
package/dist/templates/default/.agents/skills/capture-learnings/SKILL.md +50 -0
package/dist/templates/default/.agents/skills/create-skill/SKILL.md +167 -0
package/dist/templates/default/.agents/skills/delegate-to-agent/SKILL.md +90 -0
package/dist/templates/default/.agents/skills/frontend-design/SKILL.md +69 -0
package/dist/templates/default/.agents/skills/real-time-collab/SKILL.md +183 -0
package/dist/templates/default/.agents/skills/real-time-sync/SKILL.md +112 -0
package/dist/templates/default/.agents/skills/security/SKILL.md +108 -0
package/dist/templates/default/.agents/skills/self-modifying-code/SKILL.md +79 -0
package/{src/templates/default/.agents/skills/files-as-database → dist/templates/default/.agents/skills/storing-data}/SKILL.md +2 -2
package/dist/templates/default/.claude/settings.json +100 -0
package/dist/templates/default/.env.example +5 -0
package/dist/templates/default/.prettierrc +5 -0
package/dist/templates/default/AGENTS.md +110 -0
package/dist/templates/default/DEVELOPING.md +117 -0
package/dist/templates/default/_gitignore +37 -0
package/{src/templates/default/scripts → dist/templates/default/actions}/hello.ts +1 -1
package/dist/templates/default/actions/navigate.ts +53 -0
package/dist/templates/default/actions/view-screen.ts +39 -0
package/dist/templates/default/app/entry.client.tsx +4 -0
package/dist/templates/default/app/entry.server.tsx +56 -0
package/dist/templates/default/app/global.css +95 -0
package/dist/templates/default/app/lib/utils.ts +1 -0
package/dist/templates/default/app/root.tsx +107 -0
package/dist/templates/default/app/routes/_index.tsx +62 -0
package/dist/templates/default/app/routes.ts +4 -0
package/dist/templates/default/app/vite-env.d.ts +6 -0
package/dist/templates/default/components.json +20 -0
package/dist/templates/default/data/.gitkeep +0 -0
package/dist/templates/default/data/sync-config.json +1 -0
package/dist/templates/default/learnings.defaults.md +5 -0
package/dist/templates/default/learnings.md +0 -0
package/dist/templates/default/package.json +46 -0
package/dist/templates/default/postcss.config.js +6 -0
package/dist/templates/default/public/icon-180.svg +4 -0
package/dist/templates/default/public/icon-192.svg +4 -0
package/dist/templates/default/public/icon-512.svg +4 -0
package/dist/templates/default/public/manifest.json +13 -0
package/dist/templates/default/react-router.config.ts +6 -0
package/dist/templates/default/server/middleware/auth.ts +15 -0
package/dist/templates/default/server/plugins/.gitkeep +0 -0
package/dist/templates/default/server/routes/[...page].get.ts +5 -0
package/dist/templates/default/server/routes/api/hello.get.ts +5 -0
package/dist/templates/default/shared/api.ts +6 -0
package/dist/templates/default/ssr-entry.ts +20 -0
package/dist/templates/default/tailwind.config.ts +7 -0
package/dist/templates/default/tsconfig.json +11 -0
package/dist/templates/default/vite.config.ts +6 -0
package/dist/templates/templates/default/.agents/skills/actions/SKILL.md +142 -0
package/dist/templates/templates/default/.agents/skills/agent-engines/SKILL.md +127 -0
package/dist/templates/templates/default/.agents/skills/capture-learnings/SKILL.md +50 -0
package/dist/templates/templates/default/.agents/skills/create-skill/SKILL.md +167 -0
package/dist/templates/templates/default/.agents/skills/delegate-to-agent/SKILL.md +90 -0
package/dist/templates/templates/default/.agents/skills/frontend-design/SKILL.md +69 -0
package/dist/templates/templates/default/.agents/skills/real-time-collab/SKILL.md +183 -0
package/dist/templates/templates/default/.agents/skills/real-time-sync/SKILL.md +112 -0
package/dist/templates/templates/default/.agents/skills/security/SKILL.md +108 -0
package/dist/templates/templates/default/.agents/skills/self-modifying-code/SKILL.md +79 -0
package/dist/templates/templates/default/.agents/skills/storing-data/SKILL.md +110 -0
package/dist/templates/templates/default/.claude/settings.json +100 -0
package/dist/templates/templates/default/.env.example +5 -0
package/dist/templates/templates/default/.ignore +0 -0
package/dist/templates/templates/default/.prettierrc +5 -0
package/dist/templates/templates/default/AGENTS.md +110 -0
package/dist/templates/templates/default/DEVELOPING.md +117 -0
package/dist/templates/templates/default/_gitignore +37 -0
package/dist/templates/templates/default/actions/hello.ts +20 -0
package/dist/templates/templates/default/actions/navigate.ts +53 -0
package/dist/templates/templates/default/actions/run.ts +2 -0
package/dist/templates/templates/default/actions/view-screen.ts +39 -0
package/dist/templates/templates/default/app/entry.client.tsx +4 -0
package/dist/templates/templates/default/app/entry.server.tsx +56 -0
package/dist/templates/templates/default/app/global.css +95 -0
package/dist/templates/templates/default/app/lib/utils.ts +1 -0
package/dist/templates/templates/default/app/root.tsx +107 -0
package/dist/templates/templates/default/app/routes/_index.tsx +62 -0
package/dist/templates/templates/default/app/routes.ts +4 -0
package/dist/templates/templates/default/app/vite-env.d.ts +6 -0
package/dist/templates/templates/default/components.json +20 -0
package/dist/templates/templates/default/data/.gitkeep +0 -0
package/dist/templates/templates/default/data/sync-config.json +1 -0
package/dist/templates/templates/default/learnings.defaults.md +5 -0
package/dist/templates/templates/default/learnings.md +0 -0
package/dist/templates/templates/default/package.json +46 -0
package/dist/templates/templates/default/postcss.config.js +6 -0
package/dist/templates/templates/default/public/icon-180.svg +4 -0
package/dist/templates/templates/default/public/icon-192.svg +4 -0
package/dist/templates/templates/default/public/icon-512.svg +4 -0
package/dist/templates/templates/default/public/manifest.json +13 -0
package/dist/templates/templates/default/react-router.config.ts +6 -0
package/dist/templates/templates/default/server/middleware/auth.ts +15 -0
package/dist/templates/templates/default/server/plugins/.gitkeep +0 -0
package/dist/templates/templates/default/server/routes/[...page].get.ts +5 -0
package/dist/templates/templates/default/server/routes/api/hello.get.ts +5 -0
package/dist/templates/templates/default/shared/api.ts +6 -0
package/dist/templates/templates/default/ssr-entry.ts +20 -0
package/dist/templates/templates/default/tailwind.config.ts +7 -0
package/dist/templates/templates/default/tsconfig.json +11 -0
package/dist/templates/templates/default/vite.config.ts +6 -0
package/dist/terminal/cli-registry.d.ts +2 -2
package/dist/terminal/cli-registry.d.ts.map +1 -1
package/dist/terminal/cli-registry.js +8 -8
package/dist/terminal/cli-registry.js.map +1 -1
package/dist/terminal/pty-server.d.ts +1 -1
package/dist/terminal/pty-server.d.ts.map +1 -1
package/dist/terminal/pty-server.js +94 -18
package/dist/terminal/pty-server.js.map +1 -1
package/dist/terminal/terminal-plugin.d.ts +1 -10
package/dist/terminal/terminal-plugin.d.ts.map +1 -1
package/dist/terminal/terminal-plugin.js +77 -28
package/dist/terminal/terminal-plugin.js.map +1 -1
package/dist/usage/store.d.ts +29 -0
package/dist/usage/store.d.ts.map +1 -0
package/dist/usage/store.js +102 -0
package/dist/usage/store.js.map +1 -0
package/dist/vite/action-types-plugin.d.ts +13 -0
package/dist/vite/action-types-plugin.d.ts.map +1 -0
package/dist/vite/action-types-plugin.js +132 -0
package/dist/vite/action-types-plugin.js.map +1 -0
package/dist/vite/agents-bundle-plugin.d.ts +3 -0
package/dist/vite/agents-bundle-plugin.d.ts.map +1 -0
package/dist/vite/agents-bundle-plugin.js +87 -0
package/dist/vite/agents-bundle-plugin.js.map +1 -0
package/dist/vite/client.d.ts +5 -0
package/dist/vite/client.d.ts.map +1 -1
package/dist/vite/client.js +310 -19
package/dist/vite/client.js.map +1 -1
package/dist/vite/index.d.ts +2 -1
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +2 -1
package/dist/vite/index.js.map +1 -1
package/package.json +78 -14
package/src/templates/default/.agents/skills/actions/SKILL.md +142 -0
package/src/templates/default/.agents/skills/agent-engines/SKILL.md +127 -0
package/src/templates/default/.agents/skills/create-skill/SKILL.md +1 -1
package/src/templates/default/.agents/skills/delegate-to-agent/SKILL.md +1 -1
package/src/templates/default/.agents/skills/real-time-collab/SKILL.md +183 -0
package/src/templates/default/.agents/skills/real-time-sync/SKILL.md +112 -0
package/src/templates/default/.agents/skills/security/SKILL.md +108 -0
package/src/templates/default/.agents/skills/storing-data/SKILL.md +110 -0
package/src/templates/default/.claude/settings.json +13 -0
package/src/templates/default/AGENTS.md +72 -164
package/src/templates/default/DEVELOPING.md +117 -0
package/src/templates/default/actions/hello.ts +20 -0
package/src/templates/default/actions/navigate.ts +53 -0
package/src/templates/default/actions/run.ts +2 -0
package/src/templates/default/actions/view-screen.ts +39 -0
package/src/templates/default/app/global.css +2 -2
package/src/templates/default/app/root.tsx +19 -16
package/src/templates/default/app/routes/_index.tsx +1 -1
package/src/templates/default/package.json +6 -2
package/src/templates/default/server/middleware/auth.ts +15 -0
package/src/templates/default/server/plugins/.gitkeep +0 -0
package/src/templates/default/server/routes/[...page].get.ts +2 -9
package/src/templates/default/ssr-entry.ts +20 -0
package/dist/a2a/middleware.d.ts +0 -3
package/dist/a2a/middleware.d.ts.map +0 -1
package/dist/a2a/middleware.js +0 -36
package/dist/a2a/middleware.js.map +0 -1
package/dist/adapters/convex/adapter.d.ts +0 -24
package/dist/adapters/convex/adapter.d.ts.map +0 -1
package/dist/adapters/convex/adapter.js +0 -125
package/dist/adapters/convex/adapter.js.map +0 -1
package/dist/adapters/convex/index.d.ts +0 -4
package/dist/adapters/convex/index.d.ts.map +0 -1
package/dist/adapters/convex/index.js +0 -3
package/dist/adapters/convex/index.js.map +0 -1
package/dist/adapters/drizzle/adapter.d.ts +0 -36
package/dist/adapters/drizzle/adapter.d.ts.map +0 -1
package/dist/adapters/drizzle/adapter.js +0 -210
package/dist/adapters/drizzle/adapter.js.map +0 -1
package/dist/adapters/drizzle/index.d.ts +0 -3
package/dist/adapters/drizzle/index.d.ts.map +0 -1
package/dist/adapters/drizzle/index.js +0 -3
package/dist/adapters/drizzle/index.js.map +0 -1
package/dist/adapters/drizzle/schema.d.ts +0 -146
package/dist/adapters/drizzle/schema.d.ts.map +0 -1
package/dist/adapters/drizzle/schema.js +0 -20
package/dist/adapters/drizzle/schema.js.map +0 -1
package/dist/adapters/firestore/adapter.d.ts +0 -48
package/dist/adapters/firestore/adapter.d.ts.map +0 -1
package/dist/adapters/firestore/adapter.js +0 -62
package/dist/adapters/firestore/adapter.js.map +0 -1
package/dist/adapters/firestore/index.d.ts +0 -4
package/dist/adapters/firestore/index.d.ts.map +0 -1
package/dist/adapters/firestore/index.js +0 -3
package/dist/adapters/firestore/index.js.map +0 -1
package/dist/adapters/supabase/adapter.d.ts +0 -43
package/dist/adapters/supabase/adapter.d.ts.map +0 -1
package/dist/adapters/supabase/adapter.js +0 -137
package/dist/adapters/supabase/adapter.js.map +0 -1
package/dist/adapters/supabase/index.d.ts +0 -3
package/dist/adapters/supabase/index.d.ts.map +0 -1
package/dist/adapters/supabase/index.js +0 -3
package/dist/adapters/supabase/index.js.map +0 -1
package/dist/adapters/sync/config.d.ts +0 -40
package/dist/adapters/sync/config.d.ts.map +0 -1
package/dist/adapters/sync/config.js +0 -209
package/dist/adapters/sync/config.js.map +0 -1
package/dist/adapters/sync/create-file-sync.d.ts +0 -32
package/dist/adapters/sync/create-file-sync.d.ts.map +0 -1
package/dist/adapters/sync/create-file-sync.js +0 -218
package/dist/adapters/sync/create-file-sync.js.map +0 -1
package/dist/adapters/sync/file-sync.d.ts +0 -94
package/dist/adapters/sync/file-sync.d.ts.map +0 -1
package/dist/adapters/sync/file-sync.js +0 -671
package/dist/adapters/sync/file-sync.js.map +0 -1
package/dist/adapters/sync/index.d.ts +0 -6
package/dist/adapters/sync/index.d.ts.map +0 -1
package/dist/adapters/sync/index.js +0 -6
package/dist/adapters/sync/index.js.map +0 -1
package/dist/adapters/sync/merge.d.ts +0 -21
package/dist/adapters/sync/merge.d.ts.map +0 -1
package/dist/adapters/sync/merge.js +0 -132
package/dist/adapters/sync/merge.js.map +0 -1
package/dist/adapters/sync/types.d.ts +0 -62
package/dist/adapters/sync/types.d.ts.map +0 -1
package/dist/adapters/sync/types.js +0 -23
package/dist/adapters/sync/types.js.map +0 -1
package/dist/client/harness.d.ts +0 -48
package/dist/client/harness.d.ts.map +0 -1
package/dist/client/harness.js.map +0 -1
package/dist/client/use-file-sync-status.d.ts +0 -21
package/dist/client/use-file-sync-status.d.ts.map +0 -1
package/dist/client/use-file-sync-status.js +0 -65
package/dist/client/use-file-sync-status.js.map +0 -1
package/dist/client/use-file-watcher.d.ts +0 -23
package/dist/client/use-file-watcher.d.ts.map +0 -1
package/dist/client/use-file-watcher.js +0 -50
package/dist/client/use-file-watcher.js.map +0 -1
package/dist/server/default-watcher.d.ts +0 -17
package/dist/server/default-watcher.d.ts.map +0 -1
package/dist/server/default-watcher.js +0 -37
package/dist/server/default-watcher.js.map +0 -1
package/dist/server/file-sync-plugin.d.ts +0 -7
package/dist/server/file-sync-plugin.d.ts.map +0 -1
package/dist/server/file-sync-plugin.js +0 -38
package/dist/server/file-sync-plugin.js.map +0 -1
package/dist/vite/dev-api-server.d.ts +0 -10
package/dist/vite/dev-api-server.d.ts.map +0 -1
package/dist/vite/dev-api-server.js +0 -160
package/dist/vite/dev-api-server.js.map +0 -1
package/src/templates/default/.agents/skills/scripts/SKILL.md +0 -121
package/src/templates/default/.agents/skills/sse-file-watcher/SKILL.md +0 -80
package/src/templates/default/server/plugins/agent-chat.ts +0 -1
package/src/templates/default/server/plugins/auth.ts +0 -1
package/src/templates/default/server/plugins/file-sync.ts +0 -1
package/src/templates/default/server/plugins/terminal.ts +0 -1
package/src/templates/default/server/routes/api/events.get.ts +0 -3
package/src/templates/default/server/routes/api/file-sync/status.get.ts +0 -4
/package/{src/templates/default/application-state/.gitkeep → dist/templates/default/.ignore} +0 -0
/package/{src/templates/default/scripts → dist/templates/default/actions}/run.ts +0 -0

package/dist/server/auth.js CHANGED Viewed

@@ -1,116 +1,156 @@
 import crypto from "node:crypto";
-import fs from "node:fs";
 import path from "node:path";
-import { defineEventHandler, readBody, getMethod, setResponseHeader, setResponseStatus, getCookie, setCookie, deleteCookie, } from "h3";
-import { createClient } from "@libsql/client";
+// Lazy fs — loaded via dynamic import() on first use.
+// Avoids static require() which crashes on CF Workers.
+let _fs;
+async function getFs() {
+    if (!_fs) {
+        _fs = await import("node:fs");
+    }
+    return _fs;
+}
+import { defineEventHandler, getMethod, getQuery, setResponseHeader, setResponseStatus, getCookie, setCookie, deleteCookie, } from "h3";
+// In h3 v2, `event.req` IS the web Request — no conversion needed.
+function toWebRequest(event) {
+    return event.req;
+}
+import { getDbExec, isPostgres, intType } from "../db/client.js";
+import { getBetterAuth, getBetterAuthSync } from "./better-auth-instance.js";
+import { getOnboardingHtml } from "./onboarding-html.js";
+import { migrateLocalUserData } from "./local-migration.js";
+import { readBody } from "../server/h3-helpers.js";
 // ---------------------------------------------------------------------------
 // Constants
 // ---------------------------------------------------------------------------
 const COOKIE_NAME = "an_session";
 const DEFAULT_MAX_AGE = 60 * 60 * 24 * 30; // 30 days
 // ---------------------------------------------------------------------------
-// Session store — SQL-backed
+// AUTH_MODE detection
 // ---------------------------------------------------------------------------
-let _sessionClient;
-let _sessionTableReady = false;
-let sessionMaxAge = DEFAULT_MAX_AGE;
-function getSessionClient() {
-    if (!_sessionClient) {
-        // Check for Cloudflare D1 binding
-        const d1 = globalThis.__cf_env?.DB;
-        if (d1) {
-            _sessionClient = {
-                async execute(sql) {
-                    if (typeof sql === "string") {
-                        const r = await d1.prepare(sql).all();
-                        return {
-                            rows: r.results || [],
-                            rowsAffected: r.meta?.changes ?? 0,
-                        };
-                    }
-                    const r = await d1
-                        .prepare(sql.sql)
-                        .bind(...sql.args)
-                        .all();
-                    return { rows: r.results || [], rowsAffected: r.meta?.changes ?? 0 };
-                },
-            };
-            return _sessionClient;
+/**
+ * Check if the app is in local-only mode (no auth).
+ *
+ * Returns true when:
+ * - AUTH_MODE=local is explicitly set (escape hatch)
+ * - In dev environment (NODE_ENV=development) with no explicit auth token
+ *   configured (no ACCESS_TOKEN, no BYOA). This makes dev "just work"
+ *   without requiring auth setup, while still respecting auth when configured.
+ *
+ * NOTE: GOOGLE_CLIENT_ID is intentionally NOT checked here — it is used for
+ * Google Calendar / Gmail API access as well as Google Sign-In, and its
+ * presence alone should not force authentication. Only ACCESS_TOKEN/ACCESS_TOKENS
+ * (explicit token-based auth) or a custom getSession (BYOA) signal that the
+ * developer has explicitly opted into requiring authentication.
+ *
+ * BYOA (customGetSession) opts out of dev auto-local — templates that provide
+ * their own auth (e.g. Supabase) shouldn't be silently bypassed in dev.
+ */
+function isLocalMode() {
+    if (process.env.AUTH_MODE === "local")
+        return true;
+    // Default to local mode in dev when no explicit auth is configured
+    if (isDevEnvironment() &&
+        !process.env.ACCESS_TOKEN &&
+        !process.env.ACCESS_TOKENS &&
+        !customGetSession) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Check if we're in a development/test environment.
+ * Used for cookie security settings, not for auth bypass.
+ */
+function isDevEnvironment() {
+    const env = process.env.NODE_ENV;
+    return env === "development" || env === "test";
+}
+// ---------------------------------------------------------------------------
+// ACCESS_TOKEN resolution
+// ---------------------------------------------------------------------------
+function getAccessTokens() {
+    const single = process.env.ACCESS_TOKEN;
+    const multi = process.env.ACCESS_TOKENS;
+    const tokens = [];
+    if (single)
+        tokens.push(single);
+    if (multi) {
+        for (const t of multi.split(",")) {
+            const trimmed = t.trim();
+            if (trimmed && !tokens.includes(trimmed))
+                tokens.push(trimmed);
         }
-        // Fall back to libsql
-        const url = process.env.DATABASE_URL || "file:./data/app.db";
-        if (url.startsWith("file:")) {
-            try {
-                fs.mkdirSync(path.join(process.cwd(), "data"), { recursive: true });
-            }
-            catch {
-                // Edge runtime — no filesystem
-            }
+    }
+    return tokens;
+}
+function safeTokenMatch(input, tokens) {
+    const inputBuf = Buffer.from(input);
+    for (const token of tokens) {
+        const tokenBuf = Buffer.from(token);
+        if (inputBuf.length === tokenBuf.length &&
+            crypto.timingSafeEqual(inputBuf, tokenBuf)) {
+            return true;
         }
-        _sessionClient = createClient({
-            url,
-            authToken: process.env.DATABASE_AUTH_TOKEN,
-        });
     }
-    return _sessionClient;
+    return false;
 }
+// ---------------------------------------------------------------------------
+// Legacy session store — kept for backward compat (addSession/getSessionEmail)
+// Used by google-oauth.ts for mobile deep linking session creation.
+// ---------------------------------------------------------------------------
+let _sessionInitPromise;
+let sessionMaxAge = DEFAULT_MAX_AGE;
 async function ensureSessionTable() {
-    if (_sessionTableReady)
-        return;
-    const client = getSessionClient();
-    await client.execute(`
-    CREATE TABLE IF NOT EXISTS sessions (
-      token TEXT PRIMARY KEY,
-      email TEXT,
-      created_at INTEGER NOT NULL
-    )
-  `);
-    // Migration: add email column to existing tables that lack it
-    try {
-        await client.execute(`ALTER TABLE sessions ADD COLUMN email TEXT`);
-    }
-    catch {
-        // Column already exists — ignore
+    if (!_sessionInitPromise) {
+        _sessionInitPromise = (async () => {
+            const client = getDbExec();
+            await client.execute(`
+        CREATE TABLE IF NOT EXISTS sessions (
+          token TEXT PRIMARY KEY,
+          email TEXT,
+          created_at ${intType()} NOT NULL
+        )
+      `);
+            try {
+                await client.execute(`ALTER TABLE sessions ADD COLUMN email TEXT`);
+            }
+            catch {
+                // Column already exists
+            }
+        })();
     }
-    _sessionTableReady = true;
-}
-async function pruneExpiredSessions() {
-    await ensureSessionTable();
-    const client = getSessionClient();
-    const cutoff = Date.now() - sessionMaxAge * 1000;
-    await client.execute({
-        sql: `DELETE FROM sessions WHERE created_at < ?`,
-        args: [cutoff],
-    });
+    return _sessionInitPromise;
 }
 /**
- * Create a new session. Optionally associate it with an email address
- * (used by Google OAuth and other identity-aware auth providers).
+ * Create a new session in the legacy sessions table.
+ * Used by google-oauth.ts for mobile deep linking.
  */
 export async function addSession(token, email) {
     await ensureSessionTable();
-    const client = getSessionClient();
+    const client = getDbExec();
     await client.execute({
-        sql: `INSERT OR REPLACE INTO sessions (token, email, created_at) VALUES (?, ?, ?)`,
+        sql: isPostgres()
+            ? `INSERT INTO sessions (token, email, created_at) VALUES (?, ?, ?) ON CONFLICT (token) DO UPDATE SET email=EXCLUDED.email, created_at=EXCLUDED.created_at`
+            : `INSERT OR REPLACE INTO sessions (token, email, created_at) VALUES (?, ?, ?)`,
         args: [token, email ?? null, Date.now()],
     });
 }
-/** Remove a session by token. */
+/** Remove a session from the legacy sessions table. */
 export async function removeSession(token) {
     await ensureSessionTable();
-    const client = getSessionClient();
+    const client = getDbExec();
     await client.execute({
         sql: `DELETE FROM sessions WHERE token = ?`,
         args: [token],
     });
 }
 /**
- * Look up the email associated with a session token.
+ * Look up the email associated with a legacy session token.
  * Returns null if the session doesn't exist, is expired, or has no email.
  */
 export async function getSessionEmail(token) {
     await ensureSessionTable();
-    const client = getSessionClient();
+    const client = getDbExec();
     const { rows } = await client.execute({
         sql: `SELECT email, created_at FROM sessions WHERE token = ?`,
         args: [token],
@@ -127,96 +167,209 @@ export async function getSessionEmail(token) {
     }
     return rows[0].email ?? null;
 }
-async function hasSession(token) {
-    await ensureSessionTable();
-    const client = getSessionClient();
-    const { rows } = await client.execute({
-        sql: `SELECT created_at FROM sessions WHERE token = ?`,
-        args: [token],
-    });
-    if (rows.length === 0)
-        return false;
-    const createdAt = rows[0].created_at;
-    if (Date.now() - createdAt > sessionMaxAge * 1000) {
-        await client.execute({
-            sql: `DELETE FROM sessions WHERE token = ?`,
-            args: [token],
-        });
-        return false;
-    }
-    return true;
-}
 // ---------------------------------------------------------------------------
-// Token resolution — supports ACCESS_TOKEN (single) or ACCESS_TOKENS (multi)
+// getSession — the auth contract
 // ---------------------------------------------------------------------------
-function getAccessTokens() {
-    const single = process.env.ACCESS_TOKEN;
-    const multi = process.env.ACCESS_TOKENS;
-    const tokens = [];
-    if (single)
-        tokens.push(single);
-    if (multi) {
-        for (const t of multi.split(",")) {
-            const trimmed = t.trim();
-            if (trimmed && !tokens.includes(trimmed))
-                tokens.push(trimmed);
-        }
-    }
-    return tokens;
+let customGetSession = null;
+let authDisabledMode = false;
+let _authGuardConfig = null;
+/**
+ * Module-level auth guard function. Set by autoMountAuth() when auth is active.
+ * Called by the server middleware to enforce auth on ALL requests (not just
+ * /_agent-native/* routes).
+ */
+let _authGuardFn = null;
+/**
+ * Run the auth guard on an event. Returns a Response/object to block the
+ * request (login page or 401), or undefined to allow it through.
+ *
+ * Called by the default server middleware (server/middleware/auth.ts) to
+ * enforce auth on page routes and API routes — not just framework routes.
+ */
+export async function runAuthGuard(event) {
+    if (!_authGuardFn)
+        return; // Auth not mounted (local mode, etc.)
+    return _authGuardFn(event);
 }
+const LOCAL_SESSION = { email: "local@localhost" };
 // ---------------------------------------------------------------------------
-// Dev mode detection
+// Auth guard factory
 // ---------------------------------------------------------------------------
-function isDevMode() {
-    // On edge runtimes (e.g. CF Workers), NODE_ENV may not be set.
-    // Treat undefined as production — dev mode must be explicitly opted in.
-    const env = process.env.NODE_ENV;
-    return env === "development" || env === "test";
+/**
+ * Create an auth guard function that checks session and blocks
+ * unauthenticated requests. Returns the login HTML for page routes
+ * or a 401 JSON response for API routes.
+ *
+ * Reads loginHtml and publicPaths from _authGuardConfig on every request
+ * so that a custom plugin can update them after the default has already
+ * installed this middleware (the production race condition fix).
+ */
+function createAuthGuardFn() {
+    return async (event) => {
+        const config = _authGuardConfig;
+        if (!config)
+            return;
+        const { loginHtml, publicPaths } = config;
+        const url = event.node?.req?.url ?? event.path ?? "/";
+        const p = url.split("?")[0];
+        // Skip auth routes (all /_agent-native/auth/* and /_agent-native/google/*)
+        if (p.startsWith("/_agent-native/auth/") ||
+            p.startsWith("/_agent-native/google/")) {
+            return;
+        }
+        // Skip static assets (Vite chunks, fonts, images, etc.)
+        if (p.startsWith("/assets/") ||
+            p.startsWith("/_build/") ||
+            p.endsWith(".js") ||
+            p.endsWith(".css") ||
+            p.endsWith(".map") ||
+            p.endsWith(".ico") ||
+            p.endsWith(".png") ||
+            p.endsWith(".svg") ||
+            p.endsWith(".woff2") ||
+            p.endsWith(".woff")) {
+            return;
+        }
+        if (isPublicPath(url, publicPaths))
+            return;
+        const session = await getSession(event);
+        if (session)
+            return;
+        if (p.startsWith("/api/") || p.startsWith("/_agent-native/")) {
+            setResponseStatus(event, 401);
+            return { error: "Unauthorized" };
+        }
+        return new Response(loginHtml, {
+            status: 200,
+            headers: { "Content-Type": "text/html; charset=utf-8" },
+        });
+    };
+}
+/**
+ * Map a Better Auth session to our AuthSession type.
+ */
+function mapBetterAuthSession(baSession) {
+    return {
+        email: baSession.user.email,
+        userId: baSession.user.id,
+        token: baSession.session?.token,
+        orgId: baSession.session?.activeOrganizationId ?? undefined,
+    };
 }
-// ---------------------------------------------------------------------------
-// getSession — the auth contract
-// ---------------------------------------------------------------------------
-let customGetSession = null;
-let authDisabledMode = false;
-const DEV_SESSION = { email: "local@localhost" };
 /**
  * Get the current auth session for a request.
  *
- * - In dev mode: always returns { email: "local@localhost" }
- * - In production with built-in auth: returns session if cookie is valid
- * - With custom auth (BYOA): delegates to the custom getSession
+ * Resolution chain:
+ * 1. AUTH_MODE=local → local@localhost (explicit escape hatch)
+ * 2. AUTH_DISABLED=true → local@localhost (infrastructure auth)
+ * 3. ACCESS_TOKEN → check legacy cookie-based token sessions
+ * 4. BYOA custom getSession → delegate to template callback
+ * 5. Better Auth → check session via Better Auth API (cookie or Bearer)
+ * 6. Legacy cookie → check an_session cookie in legacy sessions table
+ * 7. Mobile _session query param → promote to cookie
  */
 export async function getSession(event) {
-    if (isDevMode())
-        return DEV_SESSION;
-    if (authDisabledMode)
-        return DEV_SESSION;
-    if (customGetSession)
-        return customGetSession(event);
-    const cookie = getCookie(event, COOKIE_NAME);
-    if (cookie && (await hasSession(cookie))) {
-        return { email: "user", token: cookie };
+    // 1. AUTH_MODE=local — explicit local-only mode
+    if (isLocalMode() || authDisabledMode) {
+        // Check for a real session cookie first (e.g. from Google OAuth)
+        try {
+            const cookie = getCookie(event, COOKIE_NAME);
+            if (cookie) {
+                const email = await getSessionEmail(cookie);
+                if (email)
+                    return { email, token: cookie };
+            }
+        }
+        catch {
+            // DB not ready yet
+        }
+        // Also try Better Auth session (for users who created an account then went local)
+        try {
+            const ba = getBetterAuthSync();
+            if (ba) {
+                const baSession = await ba.api.getSession({
+                    headers: event.headers,
+                });
+                if (baSession?.user?.email) {
+                    return mapBetterAuthSession(baSession);
+                }
+            }
+        }
+        catch {
+            // Better Auth not initialized yet
+        }
+        return LOCAL_SESSION;
+    }
+    // 2. ACCESS_TOKEN check (programmatic/agent access)
+    const accessTokens = getAccessTokens();
+    if (accessTokens.length > 0) {
+        const cookie = getCookie(event, COOKIE_NAME);
+        if (cookie) {
+            const email = await getSessionEmail(cookie);
+            if (email)
+                return { email, token: cookie };
+        }
+    }
+    // 3. BYOA custom getSession
+    if (customGetSession) {
+        const session = await customGetSession(event);
+        if (session)
+            return session;
+        // Fall through to mobile _session check
+    }
+    else {
+        // 4. Better Auth session (cookie or Bearer token)
+        try {
+            const ba = getBetterAuthSync();
+            if (ba) {
+                const baSession = await ba.api.getSession({
+                    headers: event.headers,
+                });
+                if (baSession?.user?.email) {
+                    return mapBetterAuthSession(baSession);
+                }
+            }
+        }
+        catch {
+            // Better Auth not ready
+        }
+        // 5. Legacy cookie fallback (for sessions created before migration)
+        const cookie = getCookie(event, COOKIE_NAME);
+        if (cookie) {
+            const email = await getSessionEmail(cookie);
+            if (email)
+                return { email, token: cookie };
+        }
+    }
+    // 6. Mobile WebView bridge — _session query param
+    const qToken = getQuery(event)?._session;
+    if (qToken) {
+        const email = await getSessionEmail(qToken);
+        if (email) {
+            setCookie(event, COOKIE_NAME, qToken, {
+                httpOnly: true,
+                secure: !isDevEnvironment(),
+                sameSite: "lax",
+                path: "/",
+                maxAge: sessionMaxAge,
+            });
+            setResponseHeader(event, "Referrer-Policy", "no-referrer");
+            return { email, token: qToken };
+        }
     }
     return null;
 }
 // ---------------------------------------------------------------------------
-// Constant-time token comparison
+// Public path matching
 // ---------------------------------------------------------------------------
-function safeTokenMatch(input, tokens) {
-    const inputBuf = Buffer.from(input);
-    for (const token of tokens) {
-        const tokenBuf = Buffer.from(token);
-        if (inputBuf.length === tokenBuf.length &&
-            crypto.timingSafeEqual(inputBuf, tokenBuf)) {
-            return true;
-        }
-    }
-    return false;
+function isPublicPath(url, publicPaths) {
+    const p = url.split("?")[0];
+    return publicPaths.some((pp) => p === pp || p.startsWith(pp + "/"));
 }
 // ---------------------------------------------------------------------------
-// Login page HTML
+// Login page HTML (ACCESS_TOKEN mode)
 // ---------------------------------------------------------------------------
-const LOGIN_HTML = `<!DOCTYPE html>
+const TOKEN_LOGIN_HTML = `<!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="UTF-8">
@@ -252,7 +405,6 @@ const LOGIN_HTML = `<!DOCTYPE html>
     color: #e5e5e5;
     font-size: 0.9375rem;
     outline: none;
-    transition: border-color 0.15s;
   }
   input:focus { border-color: rgba(255,255,255,0.3); }
   button {
@@ -266,7 +418,6 @@ const LOGIN_HTML = `<!DOCTYPE html>
     font-size: 0.9375rem;
     font-weight: 500;
     cursor: pointer;
-    transition: opacity 0.15s;
   }
   button:hover { opacity: 0.85; }
   .error { margin-top: 0.75rem; font-size: 0.8125rem; color: #f87171; display: none; }
@@ -287,7 +438,7 @@ const LOGIN_HTML = `<!DOCTYPE html>
   document.getElementById('form').addEventListener('submit', async (e) => {
     e.preventDefault();
     const token = document.getElementById('token').value;
-    const res = await fetch('/api/auth/login', {
+    const res = await fetch('/_agent-native/auth/login', {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
       body: JSON.stringify({ token }),
@@ -302,25 +453,259 @@ const LOGIN_HTML = `<!DOCTYPE html>
 </body>
 </html>`;
 // ---------------------------------------------------------------------------
-// mountAuthMiddleware — mounts login/logout/session routes + auth guard
+// setAuthModeLocal — write AUTH_MODE=local to .env for the escape hatch
 // ---------------------------------------------------------------------------
-/**
- * Mount auth middleware + login/logout/session routes onto an H3 app.
- *
- * @deprecated Use `autoMountAuth(app, options?)` instead for automatic
- * dev/prod behavior. This function is kept for backwards compatibility
- * when you need explicit control over the access token.
- */
-export function mountAuthMiddleware(app, accessToken) {
-    mountAuthRoutes(app, [accessToken]);
+async function setAuthModeLocal() {
+    try {
+        const fs = await getFs();
+        const envPath = path.resolve(process.cwd(), ".env");
+        let content = "";
+        try {
+            content = fs.readFileSync(envPath, "utf-8");
+        }
+        catch {
+            // .env doesn't exist yet
+        }
+        if (content.includes("AUTH_MODE=")) {
+            content = content.replace(/AUTH_MODE=.*/g, "AUTH_MODE=local");
+        }
+        else {
+            content = content.trimEnd() + "\nAUTH_MODE=local\n";
+        }
+        fs.writeFileSync(envPath, content, "utf-8");
+        process.env.AUTH_MODE = "local";
+        return true;
+    }
+    catch {
+        return false;
+    }
 }
-function isPublicPath(url, publicPaths) {
-    const p = url.split("?")[0];
-    return publicPaths.some((pp) => p === pp || p.startsWith(pp + "/"));
+async function removeAuthModeLocal() {
+    try {
+        const fs = await getFs();
+        const envPath = path.resolve(process.cwd(), ".env");
+        let content = "";
+        try {
+            content = fs.readFileSync(envPath, "utf-8");
+        }
+        catch {
+            return true; // No .env file means nothing to remove
+        }
+        // Remove AUTH_MODE=local line entirely
+        content = content
+            .split("\n")
+            .filter((line) => !line.match(/^\s*AUTH_MODE\s*=/))
+            .join("\n");
+        fs.writeFileSync(envPath, content, "utf-8");
+        delete process.env.AUTH_MODE;
+        return true;
+    }
+    catch {
+        return false;
+    }
 }
-function mountAuthRoutes(app, accessTokens, publicPaths = []) {
-    // POST /api/auth/login
-    app.use("/api/auth/login", defineEventHandler(async (event) => {
+// ---------------------------------------------------------------------------
+// mountBetterAuthRoutes — Better Auth powered auth with backward-compat routes
+// ---------------------------------------------------------------------------
+async function mountBetterAuthRoutes(app, options) {
+    const publicPaths = [...(options.publicPaths ?? [])];
+    // The A2A agent card is part of an open protocol — other agents must be
+    // able to discover it without auth. Same for favicons and similar probes.
+    for (const pp of ["/.well-known", "/favicon.ico", "/favicon.png"]) {
+        if (!publicPaths.includes(pp))
+            publicPaths.push(pp);
+    }
+    // Auto-add Google OAuth routes when credentials are configured
+    if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
+        for (const gp of [
+            "/_agent-native/google/callback",
+            "/_agent-native/google/auth-url",
+        ]) {
+            if (!publicPaths.includes(gp))
+                publicPaths.push(gp);
+        }
+    }
+    const accessTokens = getAccessTokens();
+    // Initialize Better Auth
+    const auth = await getBetterAuth(options.betterAuth);
+    // Mount Better Auth catch-all handler at /_agent-native/auth/ba/*
+    app.use("/_agent-native/auth/ba", defineEventHandler(async (event) => {
+        const response = await auth.handler(toWebRequest(event));
+        return response;
+    }));
+    // POST /_agent-native/auth/local-mode — switch to local mode (onboarding escape hatch)
+    // Only available in dev — production requires real accounts for usage tracking.
+    app.use("/_agent-native/auth/local-mode", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "POST") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
+        }
+        if (!isDevEnvironment()) {
+            setResponseStatus(event, 403);
+            return {
+                error: "Local mode is not available in production. Create an account to continue.",
+            };
+        }
+        const ok = await setAuthModeLocal();
+        if (!ok) {
+            setResponseStatus(event, 500);
+            return { error: "Failed to set AUTH_MODE=local in .env" };
+        }
+        return { ok: true };
+    }));
+    // POST /_agent-native/auth/exit-local-mode — switch back to real auth
+    app.use("/_agent-native/auth/exit-local-mode", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "POST") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
+        }
+        const ok = await removeAuthModeLocal();
+        if (!ok) {
+            setResponseStatus(event, 500);
+            return { error: "Failed to remove AUTH_MODE from .env" };
+        }
+        return { ok: true };
+    }));
+    // Backward-compat: POST /_agent-native/auth/login
+    app.use("/_agent-native/auth/login", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "POST") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
+        }
+        const body = await readBody(event);
+        // Legacy ACCESS_TOKEN login
+        if (body?.token &&
+            typeof body.token === "string" &&
+            accessTokens.length > 0) {
+            if (!safeTokenMatch(body.token, accessTokens)) {
+                setResponseStatus(event, 401);
+                return { error: "Invalid token" };
+            }
+            const sessionToken = crypto.randomBytes(32).toString("hex");
+            await addSession(sessionToken, "user");
+            setCookie(event, COOKIE_NAME, sessionToken, {
+                httpOnly: true,
+                secure: !isDevEnvironment(),
+                sameSite: "lax",
+                path: "/",
+                maxAge: sessionMaxAge,
+            });
+            return { ok: true };
+        }
+        // Email/password login via Better Auth
+        const email = body?.email?.trim?.()?.toLowerCase?.();
+        const password = body?.password;
+        if (!email || !password) {
+            setResponseStatus(event, 400);
+            return { error: "Email and password are required" };
+        }
+        try {
+            const result = await auth.api.signInEmail({
+                body: { email, password },
+            });
+            if (result?.token) {
+                setCookie(event, COOKIE_NAME, result.token, {
+                    httpOnly: true,
+                    secure: !isDevEnvironment(),
+                    sameSite: "lax",
+                    path: "/",
+                    maxAge: sessionMaxAge,
+                });
+                await addSession(result.token, email);
+            }
+            return { ok: true };
+        }
+        catch (e) {
+            setResponseStatus(event, 401);
+            return { error: e?.message || "Invalid email or password" };
+        }
+    }));
+    // Backward-compat: POST /_agent-native/auth/register
+    app.use("/_agent-native/auth/register", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "POST") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
+        }
+        const body = await readBody(event);
+        const email = body?.email?.trim?.()?.toLowerCase?.();
+        const password = body?.password;
+        if (!email || typeof email !== "string" || !email.includes("@")) {
+            setResponseStatus(event, 400);
+            return { error: "Valid email is required" };
+        }
+        if (!password || typeof password !== "string" || password.length < 8) {
+            setResponseStatus(event, 400);
+            return { error: "Password must be at least 8 characters" };
+        }
+        try {
+            await auth.api.signUpEmail({
+                body: { email, password, name: email.split("@")[0] },
+            });
+            return { ok: true };
+        }
+        catch (e) {
+            setResponseStatus(event, 409);
+            return { error: e?.message || "Registration failed" };
+        }
+    }));
+    // Backward-compat: POST /_agent-native/auth/logout
+    app.use("/_agent-native/auth/logout", defineEventHandler(async (event) => {
+        const cookie = getCookie(event, COOKIE_NAME);
+        if (cookie)
+            await removeSession(cookie);
+        deleteCookie(event, COOKIE_NAME, { path: "/" });
+        try {
+            await auth.api.signOut({ headers: event.headers });
+        }
+        catch {
+            // Ignore if no Better Auth session
+        }
+        return { ok: true };
+    }));
+    // GET /_agent-native/auth/session
+    app.use("/_agent-native/auth/session", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "GET") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
+        }
+        const session = await getSession(event);
+        return session ?? { error: "Not authenticated" };
+    }));
+    // POST /_agent-native/auth/migrate-local-data — move local-mode data to
+    // the currently signed-in account. Called by the UI after a user upgrades
+    // from local mode to a real account so they don't lose their data.
+    app.use("/_agent-native/auth/migrate-local-data", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "POST") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
+        }
+        const session = await getSession(event);
+        if (!session?.email || session.email === "local@localhost") {
+            setResponseStatus(event, 401);
+            return { error: "Not authenticated as a real account" };
+        }
+        try {
+            const result = await migrateLocalUserData(session.email);
+            return { ok: true, ...result };
+        }
+        catch (e) {
+            setResponseStatus(event, 500);
+            return { error: e?.message || "Migration failed" };
+        }
+    }));
+    // Auth guard — stored both in framework middleware registry AND in
+    // _authGuardFn so the server middleware can enforce it on ALL routes.
+    const loginHtml = options.loginHtml ?? getOnboardingHtml({ googleOnly: options.googleOnly });
+    _authGuardConfig = { loginHtml, publicPaths };
+    const guardFn = createAuthGuardFn();
+    _authGuardFn = guardFn;
+    app.use(defineEventHandler(guardFn));
+}
+// ---------------------------------------------------------------------------
+// mountTokenOnlyRoutes — ACCESS_TOKEN-only auth (no Better Auth)
+// ---------------------------------------------------------------------------
+function mountTokenOnlyRoutes(app, accessTokens, publicPaths = []) {
+    app.use("/_agent-native/auth/login", defineEventHandler(async (event) => {
         if (getMethod(event) !== "POST") {
             setResponseStatus(event, 405);
             return { error: "Method not allowed" };
@@ -333,26 +718,24 @@ function mountAuthRoutes(app, accessTokens, publicPaths = []) {
             return { error: "Invalid token" };
         }
         const sessionToken = crypto.randomBytes(32).toString("hex");
-        await addSession(sessionToken);
+        await addSession(sessionToken, "user");
         setCookie(event, COOKIE_NAME, sessionToken, {
             httpOnly: true,
-            secure: true,
+            secure: !isDevEnvironment(),
             sameSite: "lax",
             path: "/",
             maxAge: sessionMaxAge,
         });
         return { ok: true };
     }));
-    // POST /api/auth/logout
-    app.use("/api/auth/logout", defineEventHandler(async (event) => {
+    app.use("/_agent-native/auth/logout", defineEventHandler(async (event) => {
         const cookie = getCookie(event, COOKIE_NAME);
         if (cookie)
             await removeSession(cookie);
         deleteCookie(event, COOKIE_NAME, { path: "/" });
         return { ok: true };
     }));
-    // GET /api/auth/session — client session check
-    app.use("/api/auth/session", defineEventHandler(async (event) => {
+    app.use("/_agent-native/auth/session", defineEventHandler(async (event) => {
         if (getMethod(event) !== "GET") {
             setResponseStatus(event, 405);
             return { error: "Method not allowed" };
@@ -360,68 +743,86 @@ function mountAuthRoutes(app, accessTokens, publicPaths = []) {
         const session = await getSession(event);
         return session ?? { error: "Not authenticated" };
     }));
-    // Auth guard — runs before all other handlers
-    app.use(defineEventHandler(async (event) => {
-        const url = event.node?.req?.url ?? event.path ?? "/";
-        const p = url.split("?")[0];
-        // Skip auth routes
-        if (p === "/api/auth/login" ||
-            p === "/api/auth/logout" ||
-            p === "/api/auth/session") {
-            return;
-        }
-        // Skip public paths
-        if (isPublicPath(url, publicPaths)) {
-            return;
+    _authGuardConfig = { loginHtml: TOKEN_LOGIN_HTML, publicPaths };
+    const guardFn = createAuthGuardFn();
+    _authGuardFn = guardFn;
+    app.use(defineEventHandler(guardFn));
+}
+// ---------------------------------------------------------------------------
+// mountLocalModeRoutes — stub routes for AUTH_MODE=local
+// ---------------------------------------------------------------------------
+function mountLocalModeRoutes(app) {
+    app.use("/_agent-native/auth/session", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "GET") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
         }
-        // Use getSession() so BYOA custom auth is respected
-        const session = await getSession(event);
-        if (session) {
-            return; // Authenticated
+        return await getSession(event);
+    }));
+    app.use("/_agent-native/auth/login", defineEventHandler(() => ({ ok: true })));
+    app.use("/_agent-native/auth/logout", defineEventHandler(() => ({ ok: true })));
+    // Allow exiting local mode to switch to real auth
+    app.use("/_agent-native/auth/exit-local-mode", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "POST") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
         }
-        // Unauthenticated
-        if (p.startsWith("/api/")) {
-            setResponseStatus(event, 401);
-            return { error: "Unauthorized" };
+        const ok = await removeAuthModeLocal();
+        if (!ok) {
+            setResponseStatus(event, 500);
+            return { error: "Failed to remove AUTH_MODE from .env" };
         }
-        setResponseStatus(event, 200);
-        setResponseHeader(event, "Content-Type", "text/html");
-        return LOGIN_HTML;
+        return { ok: true };
     }));
 }
 // ---------------------------------------------------------------------------
 // autoMountAuth — the recommended entry point
 // ---------------------------------------------------------------------------
 /**
- * Automatically configure auth based on the environment:
+ * Automatically configure auth based on environment and configuration:
  *
- * - **Dev mode** (`NODE_ENV !== "production"`): Auth is skipped entirely.
- *   `getSession()` returns `{ email: "local@localhost" }` for all requests.
- *
- * - **Production with ACCESS_TOKEN/ACCESS_TOKENS set**: Auth middleware is
- *   mounted. Unauthenticated requests see a login page. One env var is all
- *   you need.
- *
- * - **Production without tokens and AUTH_DISABLED !== "true"**: Refuses to
- *   start. Logs a clear error explaining what to do.
- *
- * - **Production with AUTH_DISABLED=true**: Auth is skipped (for apps behind
- *   infrastructure-level auth like Cloudflare Access or a VPN).
+ * - **AUTH_MODE=local**: Auth bypassed. `getSession()` returns `{ email: "local@localhost" }`.
+ *   This is the explicit escape hatch for solo local development.
+ * - **BYOA (custom getSession)**: Template-provided auth callback handles everything.
+ * - **AUTH_DISABLED=true**: Auth bypassed (for infrastructure-level auth like Cloudflare Access).
+ * - **ACCESS_TOKEN/ACCESS_TOKENS**: Simple token-based auth.
+ * - **Default**: Better Auth with email/password, social providers, organizations, and JWT.
+ *   Users see an onboarding page to create an account on first visit.
  *
  * Returns true if auth was mounted, false if skipped.
  */
-export function autoMountAuth(app, options = {}) {
-    // In Nitro 3.0 dev mode, the H3 app may not be available yet.
-    // In dev mode auth is bypassed anyway, so we can safely skip.
+export async function autoMountAuth(app, options = {}) {
+    // If auth is already mounted (e.g., default plugin ran before custom plugin),
+    // don't re-mount routes — but DO update the live config if custom options
+    // like googleOnly or loginHtml were provided. This fixes the production race
+    // where the default plugin (no googleOnly) mounts first, and the template's
+    // custom auth plugin runs later. Because createAuthGuardFn() reads from
+    // _authGuardConfig on every request, updating it here takes effect immediately.
+    if (_authGuardFn) {
+        if (_authGuardConfig) {
+            if (options.googleOnly || options.loginHtml) {
+                _authGuardConfig.loginHtml =
+                    options.loginHtml ??
+                        getOnboardingHtml({ googleOnly: options.googleOnly });
+            }
+            if (options.publicPaths) {
+                _authGuardConfig.publicPaths = [
+                    ...(_authGuardConfig.publicPaths ?? []),
+                    ...options.publicPaths,
+                ];
+            }
+        }
+        return true;
+    }
     if (!app) {
-        if (isDevMode()) {
+        if (isLocalMode() || isDevEnvironment()) {
             authDisabledMode = false;
             customGetSession = null;
             return false;
         }
         throw new Error("autoMountAuth: H3 app is required. In Nitro plugins, pass nitroApp.h3App.");
     }
-    // Reset globals to avoid stale state from prior calls
+    // Reset globals
     customGetSession = null;
     authDisabledMode = false;
     sessionMaxAge = options.maxAge ?? DEFAULT_MAX_AGE;
@@ -429,25 +830,17 @@ export function autoMountAuth(app, options = {}) {
     if (options.getSession) {
         customGetSession = options.getSession;
     }
-    // Dev mode — skip auth entirely
-    if (isDevMode()) {
-        // Mount a session endpoint that returns the dev stub
-        app.use("/api/auth/session", defineEventHandler(async (event) => {
-            if (getMethod(event) !== "GET") {
-                setResponseStatus(event, 405);
-                return { error: "Method not allowed" };
-            }
-            return DEV_SESSION;
-        }));
-        // Mount no-op login/logout so client code doesn't break
-        app.use("/api/auth/login", defineEventHandler(() => ({ ok: true })));
-        app.use("/api/auth/logout", defineEventHandler(() => ({ ok: true })));
+    // AUTH_MODE=local — explicit local-only mode (escape hatch)
+    if (isLocalMode()) {
+        mountLocalModeRoutes(app);
+        // Still init Better Auth in background so users can create accounts later
+        getBetterAuth(options.betterAuth).catch(() => { });
+        console.log("[agent-native] Auth mode: local (no auth required).");
         return false;
     }
-    // BYOA with custom getSession — skip token check, mount session/guard routes
+    // BYOA — custom getSession provider
     if (customGetSession) {
-        // Mount session endpoint
-        app.use("/api/auth/session", defineEventHandler(async (event) => {
+        app.use("/_agent-native/auth/session", defineEventHandler(async (event) => {
             if (getMethod(event) !== "GET") {
                 setResponseStatus(event, 405);
                 return { error: "Method not allowed" };
@@ -455,80 +848,64 @@ export function autoMountAuth(app, options = {}) {
             const session = await getSession(event);
             return session ?? { error: "Not authenticated" };
         }));
-        app.use("/api/auth/login", defineEventHandler(() => ({ ok: true })));
-        app.use("/api/auth/logout", defineEventHandler(async (event) => {
+        app.use("/_agent-native/auth/login", defineEventHandler(() => ({ ok: true })));
+        app.use("/_agent-native/auth/logout", defineEventHandler(async (event) => {
             const cookie = getCookie(event, COOKIE_NAME);
             if (cookie)
                 await removeSession(cookie);
             deleteCookie(event, COOKIE_NAME, { path: "/" });
             return { ok: true };
         }));
-        // Mount auth guard that delegates to custom getSession
-        const byoaLoginHtml = options.loginHtml ?? LOGIN_HTML;
-        app.use(defineEventHandler(async (event) => {
-            // Use H3's getRequestURL for cross-platform compat (Node + Workers)
-            const url = event.node?.req?.url ?? event.path ?? "/";
-            const p = url.split("?")[0];
-            if (p === "/api/auth/login" ||
-                p === "/api/auth/logout" ||
-                p === "/api/auth/session") {
-                return;
-            }
-            // Skip public paths
-            if (isPublicPath(url, publicPaths)) {
-                return;
-            }
-            const session = await getSession(event);
-            if (session)
-                return;
-            if (p.startsWith("/api/")) {
-                setResponseStatus(event, 401);
-                return { error: "Unauthorized" };
-            }
-            setResponseStatus(event, 200);
-            setResponseHeader(event, "Content-Type", "text/html");
-            return byoaLoginHtml;
-        }));
+        const byoaLoginHtml = options.loginHtml ?? TOKEN_LOGIN_HTML;
+        _authGuardConfig = { loginHtml: byoaLoginHtml, publicPaths };
+        const guardFn = createAuthGuardFn();
+        _authGuardFn = guardFn;
+        app.use(defineEventHandler(guardFn));
         console.log("[agent-native] Auth enabled — custom getSession provider.");
         return true;
     }
-    // Production — check for tokens
+    // AUTH_DISABLED — skip auth (infrastructure-level auth)
+    if (process.env.AUTH_DISABLED === "true") {
+        authDisabledMode = true;
+        console.warn("[agent-native] AUTH_DISABLED=true — running without auth. " +
+            "Ensure this app is behind infrastructure-level auth (Cloudflare Access, VPN, etc.).");
+        mountLocalModeRoutes(app);
+        return false;
+    }
+    // ACCESS_TOKEN-only mode
     const tokens = getAccessTokens();
-    if (tokens.length === 0) {
-        // No tokens set — check if auth is explicitly disabled
-        if (process.env.AUTH_DISABLED === "true") {
-            authDisabledMode = true;
-            console.warn("[agent-native] AUTH_DISABLED=true — running in production without auth. " +
-                "Ensure this app is behind infrastructure-level auth (Cloudflare Access, VPN, etc.).");
-            // Mount session endpoint — getSession() will return DEV_SESSION
-            app.use("/api/auth/session", defineEventHandler(async (event) => {
-                if (getMethod(event) !== "GET") {
-                    setResponseStatus(event, 405);
-                    return { error: "Method not allowed" };
-                }
-                return DEV_SESSION;
-            }));
-            app.use("/api/auth/login", defineEventHandler(() => ({ ok: true })));
-            app.use("/api/auth/logout", defineEventHandler(() => ({ ok: true })));
-            return false;
-        }
-        // Refuse to start without auth in production
-        const msg = "\n" +
-            "=".repeat(70) +
-            "\n" +
-            " ERROR: Running in production without authentication.\n\n" +
-            " Set ACCESS_TOKEN=<your-secret> to enable auth, or\n" +
-            " set AUTH_DISABLED=true if this app is behind infrastructure auth.\n\n" +
-            " For multi-user access: ACCESS_TOKENS=token1,token2,token3\n" +
-            "=".repeat(70) +
-            "\n";
-        console.error(msg);
-        process.exit(1);
+    if (tokens.length > 0) {
+        mountTokenOnlyRoutes(app, tokens, publicPaths);
+        console.log(`[agent-native] Auth enabled — ${tokens.length} access token(s) configured.`);
+        return true;
+    }
+    // Default: Better Auth (account-first)
+    try {
+        await mountBetterAuthRoutes(app, options);
+        console.log("[agent-native] Auth enabled — Better Auth (accounts + organizations).");
+    }
+    catch (err) {
+        console.error("[agent-native] Failed to initialize Better Auth:", err);
+        // CRITICAL: Even if Better Auth fails, register the auth guard so
+        // unauthenticated users can't access the app. They'll see the login
+        // page but won't be able to sign in until the DB is available.
+        const loginHtml = options.loginHtml ??
+            getOnboardingHtml({ googleOnly: options.googleOnly });
+        _authGuardConfig = { loginHtml, publicPaths };
+        const guardFn = createAuthGuardFn();
+        _authGuardFn = guardFn;
+        app.use(defineEventHandler(guardFn));
+        console.log("[agent-native] Auth guard registered despite init failure — app is locked.");
     }
-    // Production with tokens — mount auth
-    pruneExpiredSessions().catch(() => { });
-    mountAuthRoutes(app, tokens, publicPaths);
-    console.log(`[agent-native] Auth enabled — ${tokens.length} access token(s) configured.`);
     return true;
 }
+// ---------------------------------------------------------------------------
+// Deprecated — kept for backward compat
+// ---------------------------------------------------------------------------
+/**
+ * @deprecated Use `autoMountAuth(app, options?)` instead.
+ */
+export function mountAuthMiddleware(app, accessToken) {
+    mountTokenOnlyRoutes(app, [accessToken]);
+}
 //# sourceMappingURL=auth.js.map