@agent-native/core 0.49.8 → 0.49.10

package/docs/content/pr-visual-recap.md

@@ -19,9 +19,9 @@ On each PR push, the workflow:
 2. Creates an informational `Visual Recap` GitHub check with `Visual recap in progress`.
 3. Runs the configured coding agent against that diff. The agent reads the bundled `visual-recap` skill guidance (or your repo-pinned copy) and authors a recap, publishing it with `create-visual-recap`.
 4. Reads the published plan URL the agent wrote to `recap-url.txt`.
-5. Opens that URL in headless Chrome and screenshots the rendered plan.
-6. Uploads the PNG to a signed public image route on the Plans app.
-7. Upserts a single sticky PR comment that embeds the screenshot **inline** (served through GitHub's camo image proxy) next to the link to the interactive recap.
+5. Opens that URL in headless Chrome and screenshots the rendered plan in light and dark modes.
+6. Uploads the PNGs to a signed public image route on the Plans app.
+7. Upserts a single sticky PR comment that embeds the screenshots **inline** with a `<picture>` element (served through GitHub's camo image proxy) next to the link to the interactive recap.
 8. Completes the `Visual Recap` check as success, skipped, or neutral.
 
 A re-push updates the same plan and the same sticky comment in place — no orphaned plans, no comment spam.
@@ -134,7 +134,7 @@ The workflow auto-detects how to invoke its helper CLI (local source inside this
 
 ## Inline screenshot in the comment
 
-After the agent publishes the recap, the workflow screenshots the rendered plan in headless Chrome and uploads the PNG to a signed public image route on the Plans app. The sticky PR comment then embeds that screenshot **inline** — GitHub re-serves it through its camo proxy, so reviewers see a preview of the recap directly in the comment without opening anything. The link to the full interactive plan sits right next to it for when they want to explore, comment, or annotate.
+After the agent publishes the recap, the workflow screenshots the rendered plan in headless Chrome in both light and dark modes and uploads the PNGs to a signed public image route on the Plans app. The sticky PR comment then embeds those screenshots **inline** with a `<picture>` element — GitHub re-serves them through its camo proxy, so reviewers see a preview that matches their GitHub theme directly in the comment without opening anything. The link to the full interactive plan sits right next to it for when they want to explore, comment, or annotate.
 
 ## Fork PRs
 
@@ -182,23 +182,22 @@ These mitigations are already layered in the workflow (secret scan, sensitive-pa
 
 ### Relationship to the main workflow
 
-The two workflow files are independent. For non-fork PRs, only `pr-visual-recap.yml` fires (fork check in its gate excludes them). For fork PRs, only `pr-visual-recap-fork.yml` fires (non-fork check in its gate excludes them). They share the same sticky comment marker and plan-id threading, so both PRs and fork PRs produce a single upserted comment on the same PR.
+The two workflow files are independent. For non-fork PR updates, `pr-visual-recap.yml` is the only workflow that runs. For fork PRs, the normal workflow exits at its fork gate, and `pr-visual-recap-fork.yml` runs only when a maintainer applies the `recap` label. They share the same sticky comment marker and plan-id threading, so both PRs and fork PRs produce a single upserted comment on the same PR.
 
 ### Self-modifying guard {#self-modifying-guard}
 
-The `gate` step skips the recap entirely when a PR touches any of the following paths, so a PR can never rewrite what the trusted recap job runs and exfiltrate secrets:
+The `gate` step skips the recap entirely when a PR touches any of the following paths, so a PR can never rewrite the workflow, skill, or agent config that the trusted recap job loads and exfiltrate secrets:
 
-| Path pattern                               | Reason                                                    |
-| ------------------------------------------ | --------------------------------------------------------- |
-| `.github/workflows/pr-visual-recap.yml`    | The workflow itself                                       |
-| `**/skills/visual-(recap\|plan\|plans)/**` | The visual-recap skill the agent follows                  |
-| `**/.claude/**`                            | Agent settings the runner loads                           |
-| `**/CLAUDE.md`                             | Agent instructions the runner loads                       |
-| `**/AGENTS.md`                             | Agent instructions the runner loads                       |
-| `**/.mcp.json`                             | MCP server config the runner loads                        |
-| `packages/core/**`                         | Recap CLI source _(BuilderIO/agent-native monorepo only)_ |
+| Path pattern                               | Reason                                   |
+| ------------------------------------------ | ---------------------------------------- |
+| `.github/workflows/pr-visual-recap.yml`    | The workflow itself                      |
+| `**/skills/visual-(recap\|plan\|plans)/**` | The visual-recap skill the agent follows |
+| `**/.claude/**`                            | Agent settings the runner loads          |
+| `**/CLAUDE.md`                             | Agent instructions the runner loads      |
+| `**/AGENTS.md`                             | Agent instructions the runner loads      |
+| `**/.mcp.json`                             | MCP server config the runner loads       |
 
-The `packages/core/**` rule applies only in the `BuilderIO/agent-native` monorepo where `packages/core` is the recap CLI source. In consumer repos an unrelated `packages/core/` directory does not trigger the guard.
+In the `BuilderIO/agent-native` monorepo, the workflow runs the recap CLI from trusted base-branch source instead of PR-head source. That keeps normal package changes, including `packages/core/**`, eligible for recaps without executing PR-modified CLI code.
 
 ## Local-files privacy mode
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-native/core",
-  "version": "0.49.8",
+  "version": "0.49.10",
   "type": "module",
   "engines": {
     "node": ">=22"
@@ -159,6 +159,7 @@
     "@clack/prompts": "^1.4.0",
     "@codemirror/lang-sql": "^6.10.0",
     "@codemirror/theme-one-dark": "^6.1.3",
+    "@floating-ui/dom": "^1.7.6",
     "@libsql/client": "^0.15.0",
     "@modelcontextprotocol/ext-apps": "1.7.2",
     "@modelcontextprotocol/sdk": "^1.29.0",