@agent-native/core 0.58.3 → 0.58.4

package/dist/sharing/actions/set-resource-visibility.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"set-resource-visibility.d.ts","sourceRoot":"","sources":["../../../src/sharing/actions/set-resource-visibility.ts"],"names":[],"mappings":";;;;;;;;AAeA,wBA2DG"}
+{"version":3,"file":"set-resource-visibility.d.ts","sourceRoot":"","sources":["../../../src/sharing/actions/set-resource-visibility.ts"],"names":[],"mappings":";;;;;;;;AAeA,wBAwEG"}

package/dist/sharing/actions/set-resource-visibility.js

@@ -23,20 +23,34 @@ export default defineAction({
             throw new ForbiddenError(`${reg.displayName} cannot be made public — share with specific people or your organization instead.`);
         }
         const access = await assertAccess(args.resourceType, args.resourceId, "admin");
-        const beforeExtensionTargets = await getExtensionShareChangeTargets(args.resourceType, args.resourceId);
         const db = reg.getDb();
         const update = { visibility: args.visibility };
-        const currentOrgId = resolveRegisteredAccessContext(reg, currentAccess()).orgId;
-        // Only the resource owner may bind an org to a previously unscoped resource.
-        // If a non-owner admin did this, the resource would adopt the admin's org
-        // and ownerMatchesActiveScope would then lock the real owner out of their
-        // own resource. Non-owner admins can still flip visibility once orgId is set.
-        if (args.visibility === "org" &&
-            currentOrgId &&
-            !access.resource?.orgId &&
-            access.role === "owner") {
-            update.orgId = currentOrgId;
+        const rawAccess = currentAccess();
+        const currentOrgId = resolveRegisteredAccessContext(reg, rawAccess).orgId;
+        if (args.visibility === "org" && !access.resource?.orgId) {
+            if (!currentOrgId) {
+                const canKeepResourceUnscoped = !!rawAccess.orgId &&
+                    !!reg.resolveAccessContext &&
+                    access.role === "owner";
+                // Some templates intentionally normalize local single-user resources
+                // out of request org scope. In that mode, keep the row unbound while
+                // still allowing the owner to persist the visibility preference.
+                if (!canKeepResourceUnscoped) {
+                    throw new ForbiddenError(`${reg.displayName} cannot be shared with your organization because no active organization is selected.`);
+                }
+            }
+            else {
+                // Only the resource owner may bind an org to a previously unscoped resource.
+                // If a non-owner admin did this, the resource would adopt the admin's org
+                // and ownerMatchesActiveScope would then lock the real owner out of their
+                // own resource. Non-owner admins can still flip visibility once orgId is set.
+                if (access.role !== "owner") {
+                    throw new ForbiddenError(`${reg.displayName} can only be attached to an organization by its owner.`);
+                }
+                update.orgId = currentOrgId;
+            }
         }
+        const beforeExtensionTargets = await getExtensionShareChangeTargets(args.resourceType, args.resourceId);
         await db
             .update(reg.resourceTable)
             .set(update)

package/dist/sharing/actions/set-resource-visibility.js.map

@@ -1 +1 @@
-{"version":3,"file":"set-resource-visibility.js","sourceRoot":"","sources":["../../../src/sharing/actions/set-resource-visibility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EACL,YAAY,EACZ,aAAa,EACb,cAAc,EACd,8BAA8B,GAC/B,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EACL,8BAA8B,EAC9B,2BAA2B,GAC5B,MAAM,uBAAuB,CAAC;AAE/B,eAAe,YAAY,CAAC;IAC1B,WAAW,EACT,wOAAwO;IAC1O,sEAAsE;IACtE,oEAAoE;IACpE,YAAY,EAAE,KAAK;IACnB,MAAM,EAAE;QACN,cAAc,EAAE,IAAI;KACrB;IACD,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;KACjD,CAAC;IACF,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAClB,MAAM,GAAG,GAAG,wBAAwB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;YAC9D,MAAM,IAAI,cAAc,CACtB,GAAG,GAAG,CAAC,WAAW,mFAAmF,CACtG,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAC/B,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,EACf,OAAO,CACR,CAAC;QACF,MAAM,sBAAsB,GAAG,MAAM,8BAA8B,CACjE,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,CAChB,CAAC;QACF,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;QAC9B,MAAM,MAAM,GAA4B,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;QACxE,MAAM,YAAY,GAAG,8BAA8B,CACjD,GAAG,EACH,aAAa,EAAE,CAChB,CAAC,KAAK,CAAC;QACR,6EAA6E;QAC7E,0EAA0E;QAC1E,0EAA0E;QAC1E,8EAA8E;QAC9E,IACE,IAAI,CAAC,UAAU,KAAK,KAAK;YACzB,YAAY;YACZ,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK;YACvB,MAAM,CAAC,IAAI,KAAK,OAAO,EACvB,CAAC;YACD,MAAM,CAAC,KAAK,GAAG,YAAY,CAAC;QAC9B,CAAC;QACD,MAAM,EAAE;aACL,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;aACzB,GAAG,CAAC,MAAM,CAAC;aACX,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QACpD,MAAM,2BAA2B,CAC/B,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,EACf,sBAAsB,CACvB,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;IACnD,CAAC;CACF,CAAC,CAAC","sourcesContent":["import { eq } from \"drizzle-orm\";\nimport { z } from \"zod\";\nimport { defineAction } from \"../../action.js\";\nimport {\n  assertAccess,\n  currentAccess,\n  ForbiddenError,\n  resolveRegisteredAccessContext,\n} from \"../access.js\";\nimport { requireShareableResource } from \"../registry.js\";\nimport {\n  getExtensionShareChangeTargets,\n  notifyExtensionShareChanged,\n} from \"./extension-change.js\";\n\nexport default defineAction({\n  description:\n    \"Change the coarse visibility of a shareable resource: 'private' keeps it owner-only, 'org' shares it with all members of the owner's organization, 'public' makes it accessible to anyone with the link. Owner or admin role required.\",\n  // (audit H5) Visibility changes are admin-tier and can flip a private\n  // resource org-wide or public. Refuse from the tools iframe bridge.\n  toolCallable: false,\n  mcpApp: {\n    compactCatalog: true,\n  },\n  schema: z.object({\n    resourceType: z.string(),\n    resourceId: z.string(),\n    visibility: z.enum([\"private\", \"org\", \"public\"]),\n  }),\n  run: async (args) => {\n    const reg = requireShareableResource(args.resourceType);\n    if (args.visibility === \"public\" && reg.allowPublic === false) {\n      throw new ForbiddenError(\n        `${reg.displayName} cannot be made public — share with specific people or your organization instead.`,\n      );\n    }\n    const access = await assertAccess(\n      args.resourceType,\n      args.resourceId,\n      \"admin\",\n    );\n    const beforeExtensionTargets = await getExtensionShareChangeTargets(\n      args.resourceType,\n      args.resourceId,\n    );\n    const db = reg.getDb() as any;\n    const update: Record<string, unknown> = { visibility: args.visibility };\n    const currentOrgId = resolveRegisteredAccessContext(\n      reg,\n      currentAccess(),\n    ).orgId;\n    // Only the resource owner may bind an org to a previously unscoped resource.\n    // If a non-owner admin did this, the resource would adopt the admin's org\n    // and ownerMatchesActiveScope would then lock the real owner out of their\n    // own resource. Non-owner admins can still flip visibility once orgId is set.\n    if (\n      args.visibility === \"org\" &&\n      currentOrgId &&\n      !access.resource?.orgId &&\n      access.role === \"owner\"\n    ) {\n      update.orgId = currentOrgId;\n    }\n    await db\n      .update(reg.resourceTable)\n      .set(update)\n      .where(eq(reg.resourceTable.id, args.resourceId));\n    await notifyExtensionShareChanged(\n      args.resourceType,\n      args.resourceId,\n      beforeExtensionTargets,\n    );\n    return { ok: true, visibility: args.visibility };\n  },\n});\n"]}
+{"version":3,"file":"set-resource-visibility.js","sourceRoot":"","sources":["../../../src/sharing/actions/set-resource-visibility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EACL,YAAY,EACZ,aAAa,EACb,cAAc,EACd,8BAA8B,GAC/B,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EACL,8BAA8B,EAC9B,2BAA2B,GAC5B,MAAM,uBAAuB,CAAC;AAE/B,eAAe,YAAY,CAAC;IAC1B,WAAW,EACT,wOAAwO;IAC1O,sEAAsE;IACtE,oEAAoE;IACpE,YAAY,EAAE,KAAK;IACnB,MAAM,EAAE;QACN,cAAc,EAAE,IAAI;KACrB;IACD,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;KACjD,CAAC;IACF,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE;QAClB,MAAM,GAAG,GAAG,wBAAwB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,GAAG,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;YAC9D,MAAM,IAAI,cAAc,CACtB,GAAG,GAAG,CAAC,WAAW,mFAAmF,CACtG,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,YAAY,CAC/B,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,EACf,OAAO,CACR,CAAC;QACF,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,EAAS,CAAC;QAC9B,MAAM,MAAM,GAA4B,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;QACxE,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,8BAA8B,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC,KAAK,CAAC;QAC1E,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC;YACzD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,MAAM,uBAAuB,GAC3B,CAAC,CAAC,SAAS,CAAC,KAAK;oBACjB,CAAC,CAAC,GAAG,CAAC,oBAAoB;oBAC1B,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC;gBAC1B,qEAAqE;gBACrE,qEAAqE;gBACrE,iEAAiE;gBACjE,IAAI,CAAC,uBAAuB,EAAE,CAAC;oBAC7B,MAAM,IAAI,cAAc,CACtB,GAAG,GAAG,CAAC,WAAW,sFAAsF,CACzG,CAAC;gBACJ,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,6EAA6E;gBAC7E,0EAA0E;gBAC1E,0EAA0E;gBAC1E,8EAA8E;gBAC9E,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC5B,MAAM,IAAI,cAAc,CACtB,GAAG,GAAG,CAAC,WAAW,wDAAwD,CAC3E,CAAC;gBACJ,CAAC;gBACD,MAAM,CAAC,KAAK,GAAG,YAAY,CAAC;YAC9B,CAAC;QACH,CAAC;QACD,MAAM,sBAAsB,GAAG,MAAM,8BAA8B,CACjE,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,CAChB,CAAC;QACF,MAAM,EAAE;aACL,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;aACzB,GAAG,CAAC,MAAM,CAAC;aACX,KAAK,CAAC,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QACpD,MAAM,2BAA2B,CAC/B,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,UAAU,EACf,sBAAsB,CACvB,CAAC;QACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;IACnD,CAAC;CACF,CAAC,CAAC","sourcesContent":["import { eq } from \"drizzle-orm\";\nimport { z } from \"zod\";\nimport { defineAction } from \"../../action.js\";\nimport {\n  assertAccess,\n  currentAccess,\n  ForbiddenError,\n  resolveRegisteredAccessContext,\n} from \"../access.js\";\nimport { requireShareableResource } from \"../registry.js\";\nimport {\n  getExtensionShareChangeTargets,\n  notifyExtensionShareChanged,\n} from \"./extension-change.js\";\n\nexport default defineAction({\n  description:\n    \"Change the coarse visibility of a shareable resource: 'private' keeps it owner-only, 'org' shares it with all members of the owner's organization, 'public' makes it accessible to anyone with the link. Owner or admin role required.\",\n  // (audit H5) Visibility changes are admin-tier and can flip a private\n  // resource org-wide or public. Refuse from the tools iframe bridge.\n  toolCallable: false,\n  mcpApp: {\n    compactCatalog: true,\n  },\n  schema: z.object({\n    resourceType: z.string(),\n    resourceId: z.string(),\n    visibility: z.enum([\"private\", \"org\", \"public\"]),\n  }),\n  run: async (args) => {\n    const reg = requireShareableResource(args.resourceType);\n    if (args.visibility === \"public\" && reg.allowPublic === false) {\n      throw new ForbiddenError(\n        `${reg.displayName} cannot be made public — share with specific people or your organization instead.`,\n      );\n    }\n    const access = await assertAccess(\n      args.resourceType,\n      args.resourceId,\n      \"admin\",\n    );\n    const db = reg.getDb() as any;\n    const update: Record<string, unknown> = { visibility: args.visibility };\n    const rawAccess = currentAccess();\n    const currentOrgId = resolveRegisteredAccessContext(reg, rawAccess).orgId;\n    if (args.visibility === \"org\" && !access.resource?.orgId) {\n      if (!currentOrgId) {\n        const canKeepResourceUnscoped =\n          !!rawAccess.orgId &&\n          !!reg.resolveAccessContext &&\n          access.role === \"owner\";\n        // Some templates intentionally normalize local single-user resources\n        // out of request org scope. In that mode, keep the row unbound while\n        // still allowing the owner to persist the visibility preference.\n        if (!canKeepResourceUnscoped) {\n          throw new ForbiddenError(\n            `${reg.displayName} cannot be shared with your organization because no active organization is selected.`,\n          );\n        }\n      } else {\n        // Only the resource owner may bind an org to a previously unscoped resource.\n        // If a non-owner admin did this, the resource would adopt the admin's org\n        // and ownerMatchesActiveScope would then lock the real owner out of their\n        // own resource. Non-owner admins can still flip visibility once orgId is set.\n        if (access.role !== \"owner\") {\n          throw new ForbiddenError(\n            `${reg.displayName} can only be attached to an organization by its owner.`,\n          );\n        }\n        update.orgId = currentOrgId;\n      }\n    }\n    const beforeExtensionTargets = await getExtensionShareChangeTargets(\n      args.resourceType,\n      args.resourceId,\n    );\n    await db\n      .update(reg.resourceTable)\n      .set(update)\n      .where(eq(reg.resourceTable.id, args.resourceId));\n    await notifyExtensionShareChanged(\n      args.resourceType,\n      args.resourceId,\n      beforeExtensionTargets,\n    );\n    return { ok: true, visibility: args.visibility };\n  },\n});\n"]}

package/dist/styles/agent-native.css

@@ -258,16 +258,17 @@
   min-height: 7.5rem;
   border-radius: 1rem;
   border-color: hsl(var(--border) / 0.75);
-  background: hsl(var(--background) / 0.96);
+  background: hsl(var(--muted) / 0.62);
   box-shadow:
     0 18px 55px hsl(var(--foreground) / 0.08),
     0 1px 0 hsl(var(--foreground) / 0.04);
 }
 
 .agent-composer-root--hero:focus-within {
+  border-color: hsl(var(--ring) / 0.9);
   box-shadow:
     0 20px 60px hsl(var(--foreground) / 0.1),
-    0 0 0 1px hsl(var(--ring) / 0.22);
+    0 1px 0 hsl(var(--foreground) / 0.04);
 }
 
 .agent-composer-root--hero [data-agent-composer-slot="editor-wrap"] {
@@ -290,6 +291,118 @@
   overflow: visible;
 }
 
+.agent-thinking-indicator {
+  display: inline-flex;
+  align-items: center;
+  min-height: 1.125rem;
+}
+
+.agent-thinking-indicator__glyph {
+  display: block;
+  width: var(--agent-thinking-width);
+  height: 1.125rem;
+  overflow: visible;
+}
+
+.agent-thinking-indicator__base {
+  fill: hsl(var(--muted-foreground) / 0.48);
+}
+
+.agent-thinking-indicator__shimmer {
+  transform-box: fill-box;
+  transform-origin: left center;
+  will-change: transform, opacity;
+  animation: agent-thinking-shimmer 1.7s cubic-bezier(0.42, 0, 0.18, 1) infinite;
+}
+
+.agent-thinking-indicator__sheen-edge {
+  stop-color: hsl(var(--foreground));
+  stop-opacity: 0;
+}
+
+.agent-thinking-indicator__sheen-mid {
+  stop-color: hsl(var(--foreground));
+  stop-opacity: 0.92;
+}
+
+.agent-thinking-indicator__ellipsis-dot {
+  opacity: 0;
+}
+
+.agent-thinking-indicator__ellipsis-dot--1 {
+  animation: agent-thinking-ellipsis-one 1.35s steps(1, end) infinite;
+}
+
+.agent-thinking-indicator__ellipsis-dot--2 {
+  animation: agent-thinking-ellipsis-two 1.35s steps(1, end) infinite;
+}
+
+.agent-thinking-indicator__ellipsis-dot--3 {
+  animation: agent-thinking-ellipsis-three 1.35s steps(1, end) infinite;
+}
+
+@keyframes agent-thinking-shimmer {
+  0% {
+    opacity: 0;
+    transform: translateX(-118%);
+  }
+  22% {
+    opacity: 0.9;
+  }
+  62% {
+    opacity: 0.9;
+  }
+  100% {
+    opacity: 0;
+    transform: translateX(245%);
+  }
+}
+
+@keyframes agent-thinking-ellipsis-one {
+  0%,
+  24% {
+    opacity: 0;
+  }
+  25%,
+  100% {
+    opacity: 1;
+  }
+}
+
+@keyframes agent-thinking-ellipsis-two {
+  0%,
+  49% {
+    opacity: 0;
+  }
+  50%,
+  100% {
+    opacity: 1;
+  }
+}
+
+@keyframes agent-thinking-ellipsis-three {
+  0%,
+  74% {
+    opacity: 0;
+  }
+  75%,
+  100% {
+    opacity: 1;
+  }
+}
+
+@media (prefers-reduced-motion: reduce) {
+  .agent-thinking-indicator__shimmer {
+    animation: none;
+    opacity: 0;
+  }
+
+  .agent-thinking-indicator__ellipsis-dot {
+    animation: none;
+    opacity: 1;
+  }
+}
+
 @media (prefers-reduced-motion: no-preference) {
   @supports (view-transition-name: agent-native-chat) {
     .agent-native-chat-view-transition {

package/dist/templates/workspace-core/.agents/skills/visual-answer/SKILL.md

@@ -0,0 +1,100 @@
+---
+name: visual-answer
+description: >-
+  Answer code/product questions as visual Plan artifacts using repo, bridge, or
+  GitHub context; use for API specs, UI look, schema models, and architecture.
+metadata:
+  visibility: exported
+---
+
+# Visual Answer
+
+`/visual-answer` turns a specific code or product question into a published
+Agent-Native Plan artifact. It is for questions that need a visual, inspectable
+answer rather than a chat paragraph: API contracts, schema/data models, UI
+states, component behavior, architecture flows, and code evidence.
+
+## When To Use
+
+Use this skill when the user asks:
+
+- "what is the API spec for this?"
+- "what does this UI look like?"
+- "what is the schema model for x?"
+- "draw the flow for this code path"
+- "show me the current shape of this component/API/data model"
+
+For history questions about what changed or shipped, search merged PR recaps
+first with `search-pr-recaps`, then pull a relevant hit into the conversation
+with `show-visual-plan` (it renders that plan or recap's blocks inline). Reach
+for `get-visual-plan` only when you need the full bundle/MDX to edit, not to
+display. Use `visual-answer` when the current codebase, a local bridge, or
+GitHub source needs to be inspected to produce a new answer.
+
+## Workflow
+
+1. Inspect the real source first. Use the host agent's repo tools, the Plan
+   local bridge, or GitHub/source links. Do not invent endpoints, schema fields,
+   UI states, file names, or behavior.
+2. Call `get-plan-blocks` before authoring. Use the live registry, not memory.
+   If the question asks what components are available, call
+   `list-plan-components`.
+3. Pick the evidence blocks:
+   - API shape: `openapi-spec` plus `api-endpoint`; use before/after only when
+     comparing historical changes from recaps.
+   - UI look: `wireframe` or a `columns` before/after pair when comparing a
+     recap.
+   - Schema/data model: `data-model`, optionally with `diagram`.
+   - Code evidence: `file-tree`, `tabs`, `annotated-code`, and `diff` when the
+     answer depends on implementation details.
+4. Publish with the Plan `visual-answer` action. Include the user's question,
+   `repoPath`/`sourceUrl` when known, a concise title/brief, and MDX source
+   under `mdx`.
+5. In Agent-Native chat the published answer renders inline automatically — its
+   blocks appear in the conversation. Add a one-line summary of the evidence plus
+   the deep link; do not paste raw MDX or block source as text. (In terminal or
+   external MCP hosts that cannot render the blocks, return the URL.)
+
+## Terminal Handoff
+
+When running from a terminal or coding-agent shell, write
+`visual-answer-source.json`:
+
+```json
+{
+  "question": "What is the billing API shape?",
+  "title": "Billing API visual answer",
+  "brief": "Shows the request and response contract.",
+  "repoPath": "owner/repo",
+  "sourceUrl": "https://github.com/owner/repo",
+  "mdx": {
+    "plan.mdx": "---\ntitle: Billing API visual answer\n---\n\n..."
+  }
+}
+```
+
+Then publish:
+
+```sh
+agent-native plan visual-answer publish --question "What is the billing API shape?" --source visual-answer-source.json --repo owner/repo
+```
+
+Use `--source-url` for a GitHub file/PR/commit/issue URL, `--prev-plan-id` to
+refresh an existing answer, and `--visibility private` for owner-only output.
+The command writes `visual-answer-url.txt`.
+
+## Don't
+
+- Do not use `visual-answer` for a plain implementation plan; use
+  `visual-plan`.
+- Do not use it for a PR diff recap; use `visual-recap`.
+- Do not skip code inspection and infer from names alone.
+- Do not publish screenshots, secrets, credential-looking values, or private
+  source excerpts beyond what the user has asked to visualize.
+
+## Related Skills
+
+- `visual-plan`
+- `visual-recap`
+- `delegate-to-agent`
+- `context-awareness`

package/docs/content/pr-visual-recap.md

@@ -308,7 +308,7 @@ name: PR Visual Recap
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened, ready_for_review]
+    types: [opened, synchronize, reopened, ready_for_review, closed]
 
 jobs:
   visual-recap:
@@ -360,7 +360,7 @@ The `cli-version` input controls which `@agent-native/core` CLI version runs ins
 
 ### workflow_call event context
 
-`workflow_call` workflows inherit the **caller's** event context. The reusable workflow uses `github.event.pull_request.*` expressions to read the PR number, head SHA, base SHA, and PR metadata — these work correctly only when the caller triggers on `pull_request`. The caller snippet above already includes the correct event types.
+`workflow_call` workflows inherit the **caller's** event context. The reusable workflow uses `github.event.pull_request.*` expressions to read the PR number, head SHA, base SHA, merge timestamp, and PR metadata — these work correctly only when the caller triggers on `pull_request`. The caller snippet above already includes the correct event types. The `closed` event is included so merged PR recaps can be stamped with `merged_at` and later searched as shipped work.
 
 Do not trigger the caller on `workflow_dispatch` or `push` — those events do not carry a `pull_request` payload, and the gate will skip the recap with "no pull_request payload".
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agent-native/core",
-  "version": "0.58.3",
+  "version": "0.58.4",
   "type": "module",
   "engines": {
     "node": ">=22"

package/src/templates/workspace-core/.agents/skills/visual-answer/SKILL.md

@@ -0,0 +1,100 @@
+---
+name: visual-answer
+description: >-
+  Answer code/product questions as visual Plan artifacts using repo, bridge, or
+  GitHub context; use for API specs, UI look, schema models, and architecture.
+metadata:
+  visibility: exported
+---
+
+# Visual Answer
+
+`/visual-answer` turns a specific code or product question into a published
+Agent-Native Plan artifact. It is for questions that need a visual, inspectable
+answer rather than a chat paragraph: API contracts, schema/data models, UI
+states, component behavior, architecture flows, and code evidence.
+
+## When To Use
+
+Use this skill when the user asks:
+
+- "what is the API spec for this?"
+- "what does this UI look like?"
+- "what is the schema model for x?"
+- "draw the flow for this code path"
+- "show me the current shape of this component/API/data model"
+
+For history questions about what changed or shipped, search merged PR recaps
+first with `search-pr-recaps`, then pull a relevant hit into the conversation
+with `show-visual-plan` (it renders that plan or recap's blocks inline). Reach
+for `get-visual-plan` only when you need the full bundle/MDX to edit, not to
+display. Use `visual-answer` when the current codebase, a local bridge, or
+GitHub source needs to be inspected to produce a new answer.
+
+## Workflow
+
+1. Inspect the real source first. Use the host agent's repo tools, the Plan
+   local bridge, or GitHub/source links. Do not invent endpoints, schema fields,
+   UI states, file names, or behavior.
+2. Call `get-plan-blocks` before authoring. Use the live registry, not memory.
+   If the question asks what components are available, call
+   `list-plan-components`.
+3. Pick the evidence blocks:
+   - API shape: `openapi-spec` plus `api-endpoint`; use before/after only when
+     comparing historical changes from recaps.
+   - UI look: `wireframe` or a `columns` before/after pair when comparing a
+     recap.
+   - Schema/data model: `data-model`, optionally with `diagram`.
+   - Code evidence: `file-tree`, `tabs`, `annotated-code`, and `diff` when the
+     answer depends on implementation details.
+4. Publish with the Plan `visual-answer` action. Include the user's question,
+   `repoPath`/`sourceUrl` when known, a concise title/brief, and MDX source
+   under `mdx`.
+5. In Agent-Native chat the published answer renders inline automatically — its
+   blocks appear in the conversation. Add a one-line summary of the evidence plus
+   the deep link; do not paste raw MDX or block source as text. (In terminal or
+   external MCP hosts that cannot render the blocks, return the URL.)
+
+## Terminal Handoff
+
+When running from a terminal or coding-agent shell, write
+`visual-answer-source.json`:
+
+```json
+{
+  "question": "What is the billing API shape?",
+  "title": "Billing API visual answer",
+  "brief": "Shows the request and response contract.",
+  "repoPath": "owner/repo",
+  "sourceUrl": "https://github.com/owner/repo",
+  "mdx": {
+    "plan.mdx": "---\ntitle: Billing API visual answer\n---\n\n..."
+  }
+}
+```
+
+Then publish:
+
+```sh
+agent-native plan visual-answer publish --question "What is the billing API shape?" --source visual-answer-source.json --repo owner/repo
+```
+
+Use `--source-url` for a GitHub file/PR/commit/issue URL, `--prev-plan-id` to
+refresh an existing answer, and `--visibility private` for owner-only output.
+The command writes `visual-answer-url.txt`.
+
+## Don't
+
+- Do not use `visual-answer` for a plain implementation plan; use
+  `visual-plan`.
+- Do not use it for a PR diff recap; use `visual-recap`.
+- Do not skip code inspection and infer from names alone.
+- Do not publish screenshots, secrets, credential-looking values, or private
+  source excerpts beyond what the user has asked to visualize.
+
+## Related Skills
+
+- `visual-plan`
+- `visual-recap`
+- `delegate-to-agent`
+- `context-awareness`