@agent-native/core 0.49.25 → 0.49.27

package/dist/server/agent-chat-plugin.js

@@ -675,7 +675,7 @@ async function createDbScriptEntries() {
                 },
             }, schemaMod.default, { readOnly: true }),
             "db-query": wrapCliScript({
-                description: "Read from the app's own SQL database ONLY. Runs a SELECT against the app's internal tables (settings, application_state, template tables). Results are auto-scoped to the current user/org. IMPORTANT: This tool CANNOT access external data sources like BigQuery, HubSpot, Jira, Pylon, GA4, etc. For those, use the appropriate template action (e.g. `bigquery` for warehouse tables, `ga4-report` for Google Analytics, `jira`/`jira-search` for Jira, `pylon-issues` for Pylon). If the user names a provider, use that provider-specific action first; don't substitute BigQuery unless they ask for warehouse data. If a table isn't in the app schema, don't try db-query — use the data-source-specific action. For extension management, use list-extensions, update-extension, hide-extension, or delete-extension instead of querying the legacy tools table.",
+                description: "Read from the app's own SQL database ONLY. Runs a SELECT against the app's internal tables (settings, application_state, template tables). Results are auto-scoped to the current user/org. IMPORTANT: This tool CANNOT access external data sources like data warehouses, CRMs, issue trackers, analytics platforms, calendars, mail, docs, or other third-party services. For those, use the relevant template/provider action, MCP connector, or provider-api-catalog/provider-api-docs/provider-api-request when available. If the user names a provider, that named provider wins; do not substitute a warehouse or app database copy unless they explicitly ask for it. If a table isn't in the app schema, don't try db-query — use the data-source-specific action. For extension management, use list-extensions, update-extension, hide-extension, or delete-extension instead of querying the legacy tools table.",
                 parameters: {
                     type: "object",
                     properties: {
@@ -2194,6 +2194,28 @@ Do NOT try to call these by name as if they were tools — they will not exist i
 
 ${lines.join("\n")}`;
 }
+function generateCorpusToolsPrompt(registry) {
+    const hasProviderApi = "provider-api-request" in registry;
+    const providerDiscoveryTools = [
+        "provider-api-catalog" in registry ? "`provider-api-catalog`" : null,
+        "provider-api-docs" in registry ? "`provider-api-docs`" : null,
+    ].filter(Boolean);
+    const hasRunCode = "run-code" in registry;
+    const hasStagedDataset = "query-staged-dataset" in registry;
+    if (!hasProviderApi && !hasRunCode && !hasStagedDataset)
+        return "";
+    const available = [
+        ...providerDiscoveryTools,
+        hasProviderApi ? "`provider-api-request`" : null,
+        hasStagedDataset ? "`query-staged-dataset`" : null,
+        hasRunCode ? "`run-code`" : null,
+    ].filter(Boolean);
+    return `\n\n## Broad Provider And Corpus Workflows
+
+Available corpus-capable tools: ${available.join(", ")}.
+
+For broad provider searches, raw API access, multi-page cohorts, cross-source joins, classification/counting over records, or absence-sensitive answers, do not stop at a bounded shortcut action. Use the provider's broad API/search/list surface, fetch every relevant page or an explicit bounded cohort, stage/save large responses when needed, and reduce the corpus with staged-dataset queries or code execution. In run-code, prefer providerFetchAll() for cursor/page/offset pagination and providerRequest() when response status, headers, or truncation metadata matters. Report source, filters, row counts, pagination/truncation, failed pages, and remaining gaps.`;
+}
 /**
  * Creates a Nitro plugin that mounts the agent chat endpoint.
  *
@@ -2744,6 +2766,85 @@ export function createAgentChatPlugin(options) {
                 coreAttachmentTools = createCoreAttachmentActionEntries();
             }
             catch { }
+            // -----------------------------------------------------------------------
+            // Production code-execution mode resolution.
+            //
+            // Priority (highest -> lowest):
+            //   1. AGENT_PROD_CODE_EXECUTION env var ("trusted" | "sandboxed" | "off")
+            //   2. options.codeExecution.production
+            //   3. Default: "off"
+            //
+            // Dev mode ignores this entirely: dev always gets the run-code sandbox.
+            // Build these tools before A2A/MCP registries so every agent-loop surface
+            // has the same code execution capability when enabled.
+            // -----------------------------------------------------------------------
+            const rawEnvCodeExec = (process.env.AGENT_PROD_CODE_EXECUTION ?? "")
+                .toLowerCase()
+                .trim();
+            const resolvedProdCodeExec = rawEnvCodeExec === "trusted"
+                ? "trusted"
+                : rawEnvCodeExec === "sandboxed"
+                    ? "sandboxed"
+                    : rawEnvCodeExec === "off"
+                        ? "off"
+                        : (options?.codeExecution?.production ?? "off");
+            // Forward-declaration for the production run-code bridge supplier.
+            // Must come before createRunCodeEntry so the closure can capture it.
+            let prodRunCodeToolActions = {};
+            let leanRunCodeToolActions = {};
+            // Sandboxed run-code tool: available in "sandboxed" or "trusted" prod
+            // modes and always in dev mode.
+            const runCodeTool = {};
+            const leanRunCodeTool = {};
+            try {
+                const { createRunCodeEntry } = await import("../coding-tools/run-code.js");
+                runCodeTool["run-code"] = createRunCodeEntry(
+                // Supplier is evaluated at invocation time so runtime additions to
+                // prodActions (e.g. MCP sync) are visible to the bridge.
+                () => prodRunCodeToolActions, { bridgeTools: options?.codeExecution?.bridgeTools });
+                leanRunCodeTool["run-code"] = createRunCodeEntry(
+                // Lean prompt mode intentionally exposes a much smaller action
+                // surface; keep sandbox appAction() calls scoped to that same surface.
+                () => leanRunCodeToolActions, { bridgeTools: options?.codeExecution?.bridgeTools });
+            }
+            catch {
+                // Module unavailable (e.g. bundled browser build) — skip silently.
+            }
+            // Full coding tool registry (bash/read/edit/write) for "trusted" prod.
+            // In dev mode this is handled separately via devHandler below.
+            const prodCodingTools = {};
+            if (resolvedProdCodeExec === "trusted" && !canToggle) {
+                try {
+                    const { createCodingToolRegistry } = await import("../coding-tools/index.js");
+                    const codingRegistry = createCodingToolRegistry({
+                        cwd: process.cwd(),
+                        beforeBash: async ({ command: _command }) => {
+                            // In plan mode the agent loop blocks via isPlanModeToolCallAllowed;
+                            // this hook is a belt-and-suspenders guard inside trusted production.
+                            return null;
+                        },
+                    });
+                    Object.assign(prodCodingTools, codingRegistry);
+                }
+                catch {
+                    // Coding tools unavailable — skip silently.
+                }
+            }
+            // Forward-declaration: populated after devActions is assembled below.
+            // Must be declared before devRunCodeTool so the closure can close over it.
+            let devRunCodeToolActions = {};
+            // Always register run-code in dev mode (when the coding module loads).
+            const devRunCodeTool = {};
+            if (canToggle) {
+                try {
+                    const { createRunCodeEntry } = await import("../coding-tools/run-code.js");
+                    // devActions is not yet defined at this point; we use a late-binding
+                    // supplier so devRunCodeTool can reference the devActions registry
+                    // once it is built below (see devHandler block).
+                    devRunCodeTool["run-code"] = createRunCodeEntry(() => devRunCodeToolActions, { bridgeTools: options?.codeExecution?.bridgeTools });
+                }
+                catch { }
+            }
             const resolveExtraContext = async (event, owner) => {
                 if (!options?.extraContext)
                     return "";
@@ -2775,12 +2876,14 @@ export function createAgentChatPlugin(options) {
                     ...progressTools,
                     ...fetchTool,
                     ...webSearchTool,
+                    ...workspaceFilesTool,
                     ...toolActions,
                     ...browserSessionTools,
                     ...coreEmailTools,
                     ...coreAttachmentTools,
                     ...browserTools,
                     ...devScriptsForA2A,
+                    ...devRunCodeTool,
                 }
                 : {
                     ...discoveredActions,
@@ -2798,12 +2901,15 @@ export function createAgentChatPlugin(options) {
                     ...progressTools,
                     ...fetchTool,
                     ...webSearchTool,
+                    ...workspaceFilesTool,
                     ...toolActions,
                     ...browserSessionTools,
                     ...coreEmailTools,
                     ...coreAttachmentTools,
                     ...browserTools,
                     ...devScriptsForA2A,
+                    ...(resolvedProdCodeExec !== "off" ? runCodeTool : {}),
+                    ...prodCodingTools,
                 });
             // Full ("production") MCP surface served to an authenticated *real
             // caller* — a connect-minted token, an `agent-native mcp install` stdio
@@ -2832,12 +2938,14 @@ export function createAgentChatPlugin(options) {
                     ...progressTools,
                     ...fetchTool,
                     ...webSearchTool,
+                    ...workspaceFilesTool,
                     ...toolActions,
                     ...browserSessionTools,
                     ...coreEmailTools,
                     ...coreAttachmentTools,
                     ...browserTools,
                     ...devScriptsForA2A,
+                    ...devRunCodeTool,
                 })
                 : undefined;
             const { mountA2A } = await import("../a2a/server.js");
@@ -3019,12 +3127,17 @@ export function createAgentChatPlugin(options) {
                             ...(lazyContext ? frameworkContextTool : {}),
                             ...urlTools,
                             ...chatScripts,
+                            ...fetchTool,
+                            ...webSearchTool,
+                            ...workspaceFilesTool,
                             ...toolActions,
                             ...browserSessionTools,
                             ...coreEmailTools,
                             ...coreAttachmentTools,
                             ...browserTools,
+                            ...mcpActionEntries,
                             ...devScriptsForA2A,
+                            ...devRunCodeTool,
                         }
                         : {
                             ...templateScripts,
@@ -3035,11 +3148,17 @@ export function createAgentChatPlugin(options) {
                             ...(lazyContext ? frameworkContextTool : {}),
                             ...urlTools,
                             ...chatScripts,
+                            ...fetchTool,
+                            ...webSearchTool,
+                            ...workspaceFilesTool,
                             ...toolActions,
                             ...browserSessionTools,
                             ...coreEmailTools,
                             ...coreAttachmentTools,
                             ...browserTools,
+                            ...mcpActionEntries,
+                            ...(resolvedProdCodeExec !== "off" ? runCodeTool : {}),
+                            ...prodCodingTools,
                         });
                     const a2aTools = actionsToEngineTools(a2aActions);
                     const a2aMessages = [
@@ -3119,8 +3238,16 @@ export function createAgentChatPlugin(options) {
             // Dev: actions are invoked via bash — emit `pnpm action name --arg <type>`
             //      and include discoveredActions too, since those are also missing
             //      from the dev tool registry.
-            const prodActionsPrompt = generateActionsPrompt(templateScripts, "tool");
-            const devActionsPrompt = generateActionsPrompt({ ...discoveredActions, ...templateScripts }, "cli");
+            const corpusToolsPrompt = generateCorpusToolsPrompt({
+                ...templateScripts,
+                ...(canToggle
+                    ? devRunCodeTool
+                    : resolvedProdCodeExec !== "off"
+                        ? runCodeTool
+                        : {}),
+            });
+            const prodActionsPrompt = generateActionsPrompt(templateScripts, "tool") + corpusToolsPrompt;
+            const devActionsPrompt = generateActionsPrompt({ ...discoveredActions, ...templateScripts }, "cli") + corpusToolsPrompt;
             // Build system prompts — dynamic functions that pre-load resources per-request.
             // Production gets PROD_FRAMEWORK_PROMPT, dev gets DEV_FRAMEWORK_PROMPT.
             // Custom systemPrompt from options overrides the framework default entirely.
@@ -3185,8 +3312,13 @@ export function createAgentChatPlugin(options) {
                             ...(lazyContext ? frameworkContextTool : {}),
                             ...urlTools,
                             ...chatScripts,
+                            ...fetchTool,
+                            ...webSearchTool,
+                            ...workspaceFilesTool,
                             ...toolActions,
+                            ...mcpActionEntries,
                             ...devScriptsForA2A,
+                            ...devRunCodeTool,
                         }
                         : {
                             ...templateScripts,
@@ -3197,7 +3329,13 @@ export function createAgentChatPlugin(options) {
                             ...(lazyContext ? frameworkContextTool : {}),
                             ...urlTools,
                             ...chatScripts,
+                            ...fetchTool,
+                            ...webSearchTool,
+                            ...workspaceFilesTool,
                             ...toolActions,
+                            ...mcpActionEntries,
+                            ...(resolvedProdCodeExec !== "off" ? runCodeTool : {}),
+                            ...prodCodingTools,
                         });
                     const mcpTools = actionsToEngineTools(mcpActions);
                     const resources = await loadResourcesForPrompt(SHARED_OWNER, lazyContext, options?.appId);
@@ -3612,91 +3750,20 @@ export function createAgentChatPlugin(options) {
             // progress, call-agent, and MCP entries to keep the tool list tight and
             // prevent the LLM from reaching for web-request instead of the
             // template's native actions (e.g. log-meal).
-            const leanActions = attachToolSearch({
+            const leanActionEntries = {
                 ...templateScripts,
                 ...resourceScripts,
                 ...refreshScreenTool,
                 ...urlTools,
                 ...chatScripts,
                 ...toolActions,
-            });
+            };
             const anonymousReadOnlyActions = attachToolSearch(filterReadOnlyActions(templateScripts));
             // Full-database admin tools. Gated on NODE_ENV=development to match the
             // DB-admin UI + HTTP routes (which gate on the environment, not the
             // Code-mode toggle), so the agent has the same DB-admin capability the UI
             // does whenever it is available — true agent/UI parity, in App or Code mode.
             const dbAdminScripts = process.env.NODE_ENV === "development" ? createDbAdminAgentTools() : {};
-            // -----------------------------------------------------------------------
-            // Production code-execution mode resolution.
-            //
-            // Priority (highest → lowest):
-            //   1. AGENT_PROD_CODE_EXECUTION env var ("trusted" | "sandboxed" | "off")
-            //   2. options.codeExecution.production
-            //   3. Default: "off"
-            //
-            // Dev mode ignores this entirely — dev always gets the full coding surface.
-            // -----------------------------------------------------------------------
-            const rawEnvCodeExec = (process.env.AGENT_PROD_CODE_EXECUTION ?? "")
-                .toLowerCase()
-                .trim();
-            const resolvedProdCodeExec = rawEnvCodeExec === "trusted"
-                ? "trusted"
-                : rawEnvCodeExec === "sandboxed"
-                    ? "sandboxed"
-                    : rawEnvCodeExec === "off"
-                        ? "off"
-                        : (options?.codeExecution?.production ?? "off");
-            // Forward-declaration for the production run-code bridge supplier.
-            // Must come before createRunCodeEntry so the closure can capture it.
-            let prodRunCodeToolActions = {};
-            // Sandboxed run-code tool — available in "sandboxed" or "trusted" prod
-            // modes and always in dev mode.
-            const runCodeTool = {};
-            try {
-                const { createRunCodeEntry } = await import("../coding-tools/run-code.js");
-                runCodeTool["run-code"] = createRunCodeEntry(
-                // Supplier is evaluated at invocation time so runtime additions to
-                // prodActions (e.g. MCP sync) are visible to the bridge.
-                () => prodRunCodeToolActions, { bridgeTools: options?.codeExecution?.bridgeTools });
-            }
-            catch {
-                // Module unavailable (e.g. bundled browser build) — skip silently.
-            }
-            // Full coding tool registry (bash/read/edit/write) for "trusted" prod.
-            // In dev mode this is handled separately via devHandler below.
-            const prodCodingTools = {};
-            if (resolvedProdCodeExec === "trusted" && !canToggle) {
-                try {
-                    const { createCodingToolRegistry } = await import("../coding-tools/index.js");
-                    const codingRegistry = createCodingToolRegistry({
-                        cwd: process.cwd(),
-                        beforeBash: async ({ command: _command }) => {
-                            // In plan mode the agent loop blocks via isPlanModeToolCallAllowed;
-                            // this hook is a belt-and-suspenders guard inside "trusted" production.
-                            return null;
-                        },
-                    });
-                    Object.assign(prodCodingTools, codingRegistry);
-                }
-                catch {
-                    // Coding tools unavailable — skip silently.
-                }
-            }
-            // Forward-declaration: populated after devActions is assembled below.
-            // Must be declared BEFORE devRunCodeTool so the closure can close over it.
-            let devRunCodeToolActions = {};
-            // Always register run-code in dev mode (when the coding module loads).
-            const devRunCodeTool = {};
-            if (canToggle) {
-                try {
-                    const { createRunCodeEntry } = await import("../coding-tools/run-code.js");
-                    // devActions is not yet defined at this point; we use a late-binding
-                    // supplier so devRunCodeTool can reference the devActions registry
-                    // once it is built below (see devHandler block).
-                    devRunCodeTool["run-code"] = createRunCodeEntry(() => devRunCodeToolActions, { bridgeTools: options?.codeExecution?.bridgeTools });
-                }
-                catch { }
-            }
             const prodActions = attachToolSearch({
                 ...templateScripts,
                 ...resourceScripts,
@@ -3722,14 +3789,24 @@ export function createAgentChatPlugin(options) {
                 ...coreAttachmentTools,
                 ...browserTools,
                 ...mcpActionEntries,
-                // Sandboxed run-code tool in production when mode allows it.
-                ...(resolvedProdCodeExec !== "off" && !canToggle ? runCodeTool : {}),
+                // Sandboxed run-code for hosted production when enabled, and for the
+                // app-rendered production-style handler in local dev.
+                ...(canToggle || resolvedProdCodeExec !== "off" ? runCodeTool : {}),
                 // Full coding tools in production when mode is "trusted".
                 ...(!canToggle ? prodCodingTools : {}),
             });
             // Wire the prod run-code bridge supplier so it sees the fully-assembled
             // prodActions registry (including MCP entries added at runtime).
             prodRunCodeToolActions = prodActions;
+            const leanActions = attachToolSearch({
+                ...leanActionEntries,
+                // Lean mode still needs run-code when code execution is enabled.
+                // Otherwise templates with a minimal prompt can advertise sandboxed
+                // execution in the system prompt while the actual tool registry omits
+                // it.
+                ...(canToggle || resolvedProdCodeExec !== "off" ? leanRunCodeTool : {}),
+            });
+            leanRunCodeToolActions = leanActions;
             // Keep the prod action dict's MCP entries in sync when the manager's
             // server set changes at runtime (e.g. a user adds a remote MCP server
             // through the settings UI). getEngineTools() in production-agent re-reads
@@ -3834,8 +3911,8 @@ Non-code requests are still fine on this surface: read data, navigate the UI, su
             // System-prompt note appended when production code execution is enabled.
             const prodCodeExecPromptNote = !canToggle && resolvedProdCodeExec !== "off"
                 ? resolvedProdCodeExec === "trusted"
-                    ? "\n\n<code-execution-mode>Full shell access is enabled (trusted mode). You have bash, read, edit, write, and run-code tools available. Use bash for file discovery, running tests and builds, and project CLIs. Use run-code for sandboxed JavaScript analytics. Use `pnpm action <name>` in bash to invoke registered app actions from the shell.</code-execution-mode>"
-                    : "\n\n<code-execution-mode>Sandboxed code execution is enabled. The run-code tool lets you execute isolated JavaScript (ESM, top-level await) to fetch, aggregate, and reduce data. Use providerFetch() and webFetch() inside run-code for authenticated provider calls.</code-execution-mode>"
+                    ? "\n\n<code-execution-mode>Full shell access is enabled (trusted mode). You have bash, read, edit, write, and run-code tools available. Use bash for file discovery, running tests and builds, and project CLIs. Use run-code for sandboxed JavaScript data processing: provider/API pagination, joins, classification, aggregation, and large-response reduction. Use `pnpm action <name>` in bash to invoke registered app actions from the shell.</code-execution-mode>"
+                    : "\n\n<code-execution-mode>Sandboxed code execution is enabled. The run-code tool lets you execute isolated JavaScript (ESM, top-level await) to fetch, aggregate, and reduce data. Use providerFetch(), providerFetchAll(), providerRequest(), and webFetch() inside run-code for authenticated provider calls.</code-execution-mode>"
                 : "";
             const prodHandler = createProductionAgentHandler({
                 actions: leanPrompt ? leanActions : prodActions,