@agent-native/core 0.59.0 → 0.59.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/dist/client/AgentPanel.js +1 -1
  2. package/dist/client/AgentPanel.js.map +1 -1
  3. package/dist/client/AssistantChat.d.ts.map +1 -1
  4. package/dist/client/AssistantChat.js +8 -2
  5. package/dist/client/AssistantChat.js.map +1 -1
  6. package/dist/client/agent-chat-adapter.d.ts.map +1 -1
  7. package/dist/client/agent-chat-adapter.js +65 -12
  8. package/dist/client/agent-chat-adapter.js.map +1 -1
  9. package/dist/client/extensions/ExtensionViewer.js +1 -1
  10. package/dist/client/extensions/ExtensionViewer.js.map +1 -1
  11. package/dist/client/notifications/NotificationsBell.d.ts +3 -1
  12. package/dist/client/notifications/NotificationsBell.d.ts.map +1 -1
  13. package/dist/client/notifications/NotificationsBell.js +7 -3
  14. package/dist/client/notifications/NotificationsBell.js.map +1 -1
  15. package/dist/org/auto-join-domain.d.ts +11 -3
  16. package/dist/org/auto-join-domain.d.ts.map +1 -1
  17. package/dist/org/auto-join-domain.js +7 -6
  18. package/dist/org/auto-join-domain.js.map +1 -1
  19. package/dist/org/context.d.ts.map +1 -1
  20. package/dist/org/context.js +68 -32
  21. package/dist/org/context.js.map +1 -1
  22. package/dist/org/migrations.d.ts.map +1 -1
  23. package/dist/org/migrations.js +6 -0
  24. package/dist/org/migrations.js.map +1 -1
  25. package/dist/templates/workspace-core/.agents/skills/client-side-routing/SKILL.md +9 -0
  26. package/dist/templates/workspace-core/.agents/skills/context-awareness/SKILL.md +11 -1
  27. package/dist/vite/client.d.ts +2 -1
  28. package/dist/vite/client.d.ts.map +1 -1
  29. package/dist/vite/client.js +121 -2
  30. package/dist/vite/client.js.map +1 -1
  31. package/docs/content/context-awareness.md +14 -2
  32. package/docs/content/creating-templates.md +6 -0
  33. package/package.json +1 -1
  34. package/src/templates/workspace-core/.agents/skills/client-side-routing/SKILL.md +9 -0
  35. package/src/templates/workspace-core/.agents/skills/context-awareness/SKILL.md +11 -1
package/dist/client/notifications/NotificationsBell.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"NotificationsBell.js","sourceRoot":"","sources":["../../../src/client/notifications/NotificationsBell.tsx"],"names":[],"mappings":";AAAA,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EACL,QAAQ,EACR,eAAe,EACf,WAAW,EACX,KAAK,GACN,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EACL,OAAO,EACP,cAAc,EACd,cAAc,GACf,MAAM,6BAA6B,CAAC;AAwBrC,MAAM,eAAe,GAAG,MAAM,CAAC;AAC/B,MAAM,qBAAqB,GACzB,OAAO,MAAM,KAAK,WAAW,IAAI,cAAc,IAAI,MAAM,CAAC;AAE5D;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,EAChC,MAAM,GAAG,eAAe,EACxB,SAAS,EACT,oBAAoB,GAAG,KAAK,EAC5B,UAAU,GAAG,2BAA2B,EACxC,gBAAgB,GACO;IACvB,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAClD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAA2B,IAAI,CAAC,CAAC;IACnE,yEAAyE;IACzE,2EAA2E;IAC3E,6EAA6E;IAC7E,0EAA0E;IAC1E,0CAA0C;IAC1C,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAC/B,QAAQ,CAAyB,SAAS,CAAC,CAAC;IAE9C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,qBAAqB;YAAE,aAAa,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IACpE,CAAC,EAAE,EAAE,CAAC,CAAC;IACP,sEAAsE;IACtE,wDAAwD;IACxD,MAAM,UAAU,GAAG,MAAM,CAAqB,IAAI,CAAC,CAAC;IAEpD,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACvC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,eAAe,CAAC,uCAAuC,CAAC,CACzD,CAAC;YACF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO;YACpB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,2EAA2E;IAC3E,yEAAyE;IACzE,yEAAyE;IACzE,2EAA2E;IAC3E,2EAA2E;IAC3E,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACrC,IAAI,oBAAoB,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,eAAe,CAAC,mDAAmD,CAAC,CACrE,CAAC;gBACF,IAAI,CAAC,GAAG,CAAC,EAAE;oBAAE,OAAO;gBACpB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;gBACrD,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC5B,8DAA8D;gBAC9D,mEAAmE;gBACnE,iEAAiE;gBACjE,+CAA+C;gBAC/C,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC;gBAChC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;gBAC/B,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;oBACrB,MAAM,WAAW,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC;oBAC5C,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACf,IAAI,WAAW;wBAAE,SAAS;oBAC1B,IAAI,CAAC,qBAAqB;wBAAE,SAAS;oBACrC,IAAI,YAAY,CAAC,UAAU,KAAK,SAAS;wBAAE,SAAS;oBACpD,IAAI,CAAC;wBACH,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACzD,CAAC;oBAAC,MAAM,CAAC;wBACP,8DAA8D;wBAC9D,uCAAuC;oBACzC,CAAC;gBACH,CAAC;gBACD,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,cAAc;YAChB,CAAC;YACD,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,eAAe,CAAC,oCAAoC,CAAC,CACtD,CAAC;YACF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO;YACpB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;YACrD,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAE3B,kBAAkB,CAChB,OAAO,EACP,MAAM;IACN,qBAAqB,CAAC,CAAC,oBAAoB,CAC5C,CAAC;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,SAAS,EAAE,CAAC;IACd,CAAC,EAAE,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;IAEtB,MAAM,QAAQ,GAAG,KAAK,EAAE,EAAU,EAAE,EAAE;QACpC,IAAI,CAAC;YACH,+DAA+D;YAC/D,8DAA8D;YAC9D,+CAA+C;YAC/C,MAAM,KAAK,CAAC,eAAe,CAAC,gCAAgC,EAAE,OAAO,CAAC,EAAE;gBACtE,MAAM,EAAE,MAAM;gBACd,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YACH,QAAQ,CAAC,CAAC,IAAI,EAAE,EAAE,CAChB,IAAI;gBACF,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACb,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAC7D;gBACH,CAAC,CAAC,IAAI,CACT,CAAC;YACF,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,CAAC;IAEF,2EAA2E;IAC3E,4EAA4E;IAC5E,4EAA4E;IAC5E,mEAAmE;IACnE,MAAM,oBAAoB,GAAG,CAAC,IAAY,EAAiB,EAAE;QAC3D,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClD,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC1D,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK,IAAI,EAAE;QAC7B,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,eAAe,CAAC,uCAAuC,CAAC,EAAE;gBACpE,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YACH,QAAQ,CAAC,CAAC,IAAI,EAAE,EAAE,CAChB,IAAI;gBACF,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACb,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAC1D;gBACH,CAAC,CAAC,IAAI,CACT,CAAC;YACF,cAAc,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,EAAE,EAAU,EAAE,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,eAAe,CAAC,gCAAgC,EAAE,EAAE,CAAC,EAAE;gBACjE,MAAM,EAAE,QAAQ;aACjB,CAAC,CAAC;YACH,QAAQ,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YACpE,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,SAAS,GAAG,WAAW,GAAG,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC;IAEpD,OAAO,CACL,MAAC,OAAO,IAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,aACxC,KAAC,cAAc,IAAC,OAAO,kBACrB,kBACE,IAAI,EAAC,QAAQ,gBAEX,SAAS,CAAC,CAAC,CAAC,GAAG,WAAW,uBAAuB,CAAC,CAAC,CAAC,eAAe,EAErE,SAAS,EACP,mKAAmK;wBACnK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAGpC,KAAC,IAAI,IAAC,IAAI,EAAE,EAAE,wBAAgB,EAC7B,SAAS,CAAC,CAAC,CAAC,CACX,oCAEE,SAAS,EAAC,+JAA+J,YAExK,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,GAClC,CACR,CAAC,CAAC,CAAC,IAAI,IACD,GACM,EACjB,MAAC,cAAc,IACb,KAAK,EAAC,KAAK,EACX,UAAU,EAAE,CAAC,EACb,SAAS,EAAC,sCAAsC,aAEhD,eAAK,SAAS,EAAC,wFAAwF,aACrG,2CAA0B,EACzB,SAAS,CAAC,CAAC,CAAC,CACX,iBACE,IAAI,EAAC,QAAQ,EACb,OAAO,EAAE,WAAW,EACpB,SAAS,EAAC,sCAAsC,8BAGzC,CACV,CAAC,CAAC,CAAC,IAAI,IACJ,EACL,oBAAoB;wBACrB,qBAAqB;wBACrB,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,CACzB,eAAK,SAAS,EAAC,+GAA+G,aAC5H,uEAAsD,EACtD,iBACE,IAAI,EAAC,QAAQ,EACb,OAAO,EAAE,KAAK,IAAI,EAAE;oCAClB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,iBAAiB,EAAE,CAAC;oCACtD,aAAa,CAAC,MAAM,CAAC,CAAC;gCACxB,CAAC,EACD,SAAS,EAAC,iGAAiG,uBAGpG,IACL,CACP,CAAC,CAAC,CAAC,IAAI,EACR,cAAK,SAAS,EAAC,0BAA0B,YACtC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,CAChB,eAAK,SAAS,EAAC,2DAA2D,aACxE,KAAC,WAAW,IAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAC,cAAc,GAAG,sBAC9C,CACP,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CACrB,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;4BACd,MAAM,OAAO,GACX,OAAO,CAAC,CAAC,QAAQ,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;4BAChE,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;4BAC5D,MAAM,WAAW,GAAG,GAAG,EAAE;gCACvB,IAAI,CAAC,CAAC,CAAC,MAAM;oCAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gCACnC,IAAI,IAAI,EAAE,CAAC;oCACT,OAAO,CAAC,KAAK,CAAC,CAAC;oCACf,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gCAC/B,CAAC;4BACH,CAAC,CAAC;4BACF,OAAO,CACL,eAEE,SAAS,EACP,2EAA2E;oCAC3E,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,aAGhC,kBACE,IAAI,EAAC,QAAQ,EACb,OAAO,EAAE,WAAW,EACpB,SAAS,EACP,mEAAmE;4CACnE,CAAC,IAAI,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,aAGjC,eAAK,SAAS,EAAC,gDAAgD,aAC7D,eAAM,SAAS,EAAC,8CAA8C,YAC3D,CAAC,CAAC,KAAK,GACH,EACP,KAAC,aAAa,IAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,GAAI,IACnC,EACL,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CACR,eAAM,SAAS,EAAC,4CAA4C,YACzD,CAAC,CAAC,IAAI,GACF,CACR,CAAC,CAAC,CAAC,IAAI,EACR,eAAM,SAAS,EAAC,sCAAsC,YACnD,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,cAAc,EAAE,GAClC,IACA,EACT,iBACE,IAAI,EAAC,QAAQ,gBACF,sBAAsB,EACjC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;4CACb,CAAC,CAAC,eAAe,EAAE,CAAC;4CACpB,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wCACrB,CAAC,EACD,SAAS,EAAC,0HAA0H,YAEpI,KAAC,KAAK,IAAC,IAAI,EAAE,EAAE,GAAI,GACZ,KAvCJ,CAAC,CAAC,EAAE,CAwCL,CACP,CAAC;wBACJ,CAAC,CAAC,CACH,CAAC,CAAC,CAAC,CACF,eAAK,SAAS,EAAC,uBAAuB,aACpC,YAAG,SAAS,EAAC,6BAA6B,YAAE,UAAU,GAAK,EAC1D,gBAAgB,CAAC,CAAC,CAAC,CAClB,YAAG,SAAS,EAAC,+CAA+C,YACzD,gBAAgB,GACf,CACL,CAAC,CAAC,CAAC,IAAI,IACJ,CACP,GACG,IACS,IACT,CACX,CAAC;AACJ,CAAC;AAED,0EAA0E;AAC1E,2EAA2E;AAC3E,2EAA2E;AAC3E,4EAA4E;AAC5E,SAAS,aAAa,CAAC,EAAE,QAAQ,EAAsC;IACrE,MAAM,KAAK,GACT,QAAQ,KAAK,UAAU;QACrB,CAAC,CAAC,8CAA8C;QAChD,CAAC,CAAC,QAAQ,KAAK,SAAS;YACtB,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,gCAAgC,CAAC;IACzC,OAAO,CACL,eAAM,SAAS,EAAE,iDAAiD,KAAK,EAAE,YACtE,QAAQ,GACJ,CACR,CAAC;AACJ,CAAC","sourcesContent":["import { agentNativePath, appPath } from \"../api-path.js\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport {\n IconBell,\n IconBellRinging,\n IconLoader2,\n IconX,\n} from \"@tabler/icons-react\";\nimport { usePausingInterval } from \"../use-pausing-interval.js\";\nimport {\n Popover,\n PopoverContent,\n PopoverTrigger,\n} from \"../components/ui/popover.js\";\nimport type {\n Notification as NotificationDto,\n NotificationSeverity,\n} from \"../../notifications/types.js\";\n\ninterface NotificationsBellProps {\n /** Poll interval in ms. Set to 0 to disable polling. Default: 10000. */\n pollMs?: number;\n /** Optional className for the outer container. */\n className?: string;\n /**\n * When true, fires a system-level `new Notification(...)` popup for each\n * new unread notification — handy when the tab is in the background.\n * Renders an \"Enable browser notifications\" prompt in the dropdown until\n * the user grants permission. Silently no-ops on denied or unsupported.\n */\n browserNotifications?: boolean;\n /** Empty-state title shown when there are no notifications. */\n emptyTitle?: string;\n /** Optional empty-state detail text. */\n emptyDescription?: string;\n}\n\nconst POLL_MS_DEFAULT = 10_000;\nconst SUPPORTS_NOTIFICATION =\n typeof window !== \"undefined\" && \"Notification\" in window;\n\n/**\n * Header-bar bell that shows the unread-notification count and a dropdown of\n * recent entries. Polling keeps it in sync (the framework poll loop already\n * bumps a version counter so notifications ride on that signal, but we poll\n * the count endpoint directly so the bell updates even outside an app-state\n * change).\n */\nexport function NotificationsBell({\n pollMs = POLL_MS_DEFAULT,\n className,\n browserNotifications = false,\n emptyTitle = \"No app notifications yet.\",\n emptyDescription,\n}: NotificationsBellProps) {\n const [unreadCount, setUnreadCount] = useState(0);\n const [open, setOpen] = useState(false);\n const [items, setItems] = useState<NotificationDto[] | null>(null);\n // Init to \"default\" unconditionally so server and client render the same\n // HTML — reading Notification.permission at init would diverge between SSR\n // (\"denied\", no API) and hydration (\"default\"/\"granted\"), causing a mismatch\n // in templates that mount the bell outside a ClientOnly boundary. We sync\n // to the real value in a useEffect below.\n const [permission, setPermission] =\n useState<NotificationPermission>(\"default\");\n\n useEffect(() => {\n if (SUPPORTS_NOTIFICATION) setPermission(Notification.permission);\n }, []);\n // Ids already popped as browser notifications. Seeded on first run so\n // existing unread don't pop retroactively on page load.\n const seenIdsRef = useRef<Set<string> | null>(null);\n\n const loadItems = useCallback(async () => {\n try {\n const res = await fetch(\n agentNativePath(\"/_agent-native/notifications?limit=20\"),\n );\n if (!res.ok) return;\n const rows = (await res.json()) as NotificationDto[];\n setItems(rows);\n } catch {\n // best-effort\n }\n }, []);\n\n // One polling callback used by both paths. When browserNotifications is on\n // we fetch the unread list (source of truth for both the badge count AND\n // the popup loop — no second /count request), and pop Notification() for\n // any new ids. When off, we fetch just /count. The unread-list branch also\n // opts out of visibility pause so popups still fire for backgrounded tabs.\n const refresh = useCallback(async () => {\n if (browserNotifications) {\n try {\n const res = await fetch(\n agentNativePath(\"/_agent-native/notifications?unread=true&limit=20\"),\n );\n if (!res.ok) return;\n const rows = (await res.json()) as NotificationDto[];\n setUnreadCount(rows.length);\n // First run: treat everything as already seen so we don't pop\n // retroactively on page load. After that, rebuild from the current\n // unread list so ids for read/archived rows drop out — keeps the\n // set bounded to the unread fetch limit (~20).\n const prev = seenIdsRef.current;\n const seen = new Set<string>();\n for (const n of rows) {\n const alreadySeen = prev?.has(n.id) ?? true;\n seen.add(n.id);\n if (alreadySeen) continue;\n if (!SUPPORTS_NOTIFICATION) continue;\n if (Notification.permission !== \"granted\") continue;\n try {\n new Notification(n.title, { body: n.body, tag: n.id });\n } catch {\n // Safari / restricted contexts may throw even when permission\n // claims to be granted — silent no-op.\n }\n }\n seenIdsRef.current = seen;\n } catch {\n // best-effort\n }\n return;\n }\n try {\n const res = await fetch(\n agentNativePath(\"/_agent-native/notifications/count\"),\n );\n if (!res.ok) return;\n const data = (await res.json()) as { count: number };\n setUnreadCount(data.count);\n } catch {\n // best-effort\n }\n }, [browserNotifications]);\n\n usePausingInterval(\n refresh,\n pollMs,\n /* pauseWhenHidden */ !browserNotifications,\n );\n\n useEffect(() => {\n if (!open) return;\n loadItems();\n }, [open, loadItems]);\n\n const markRead = async (id: string) => {\n try {\n // `keepalive: true` lets the request survive page navigation —\n // without it, clicking a notification with a link aborts this\n // request mid-flight and the row stays unread.\n await fetch(agentNativePath(`/_agent-native/notifications/${id}/read`), {\n method: \"POST\",\n keepalive: true,\n });\n setItems((prev) =>\n prev\n ? prev.map((n) =>\n n.id === id ? { ...n, readAt: new Date().toISOString() } : n,\n )\n : prev,\n );\n refresh();\n } catch {\n // best-effort\n }\n };\n\n // Reject any URL that isn't http(s) or a same-origin relative path. Blocks\n // `javascript:` execution, `data:` URIs, and absolute redirects to phishing\n // sites. Relative paths starting with `/` are routed through `appPath()` so\n // the link works in mounted deployments (e.g. /mail subdirectory).\n const safeNotificationLink = (link: string): string | null => {\n if (link.startsWith(\"/\") && !link.startsWith(\"//\")) {\n return appPath(link);\n }\n try {\n const url = new URL(link, window.location.origin);\n if (url.protocol === \"http:\" || url.protocol === \"https:\") {\n return url.toString();\n }\n } catch {\n // fallthrough\n }\n return null;\n };\n\n const markAllRead = async () => {\n try {\n await fetch(agentNativePath(`/_agent-native/notifications/read-all`), {\n method: \"POST\",\n });\n setItems((prev) =>\n prev\n ? prev.map((n) =>\n n.readAt ? n : { ...n, readAt: new Date().toISOString() },\n )\n : prev,\n );\n setUnreadCount(0);\n } catch {\n // best-effort\n }\n };\n\n const dismiss = async (id: string) => {\n try {\n await fetch(agentNativePath(`/_agent-native/notifications/${id}`), {\n method: \"DELETE\",\n });\n setItems((prev) => (prev ? prev.filter((n) => n.id !== id) : prev));\n refresh();\n } catch {\n // best-effort\n }\n };\n\n const hasUnread = unreadCount > 0;\n const Icon = hasUnread ? IconBellRinging : IconBell;\n\n return (\n <Popover open={open} onOpenChange={setOpen}>\n <PopoverTrigger asChild>\n <button\n type=\"button\"\n aria-label={\n hasUnread ? `${unreadCount} unread notifications` : \"Notifications\"\n }\n className={\n \"an-notifications-bell__trigger relative inline-flex h-8 w-8 items-center justify-center rounded-md text-muted-foreground hover:bg-accent/40 hover:text-foreground\" +\n (className ? ` ${className}` : \"\")\n }\n >\n <Icon size={18} aria-hidden />\n {hasUnread ? (\n <span\n aria-hidden\n className=\"an-notifications-bell__badge absolute -right-0.5 -top-0.5 rounded-full bg-destructive px-1 text-[10px] leading-[14px] font-medium text-destructive-foreground\"\n >\n {unreadCount > 99 ? \"99+\" : unreadCount}\n </span>\n ) : null}\n </button>\n </PopoverTrigger>\n <PopoverContent\n align=\"end\"\n sideOffset={8}\n className=\"an-notifications-bell__menu w-80 p-0\"\n >\n <div className=\"flex items-center justify-between border-b border-border px-3 py-2 text-sm font-medium\">\n <span>Notifications</span>\n {hasUnread ? (\n <button\n type=\"button\"\n onClick={markAllRead}\n className=\"text-xs text-primary hover:underline\"\n >\n Mark all read\n </button>\n ) : null}\n </div>\n {browserNotifications &&\n SUPPORTS_NOTIFICATION &&\n permission === \"default\" ? (\n <div className=\"flex items-center justify-between gap-2 border-b border-border bg-accent/40 px-3 py-2 text-xs text-foreground\">\n <span>Get a system popup for new notifications.</span>\n <button\n type=\"button\"\n onClick={async () => {\n const result = await Notification.requestPermission();\n setPermission(result);\n }}\n className=\"shrink-0 rounded bg-primary px-2 py-0.5 font-medium text-primary-foreground hover:bg-primary/90\"\n >\n Enable\n </button>\n </div>\n ) : null}\n <div className=\"max-h-96 overflow-y-auto\">\n {items === null ? (\n <div className=\"flex items-center gap-2 p-4 text-sm text-muted-foreground\">\n <IconLoader2 size={14} className=\"animate-spin\" /> Loading…\n </div>\n ) : items.length > 0 ? (\n items.map((n) => {\n const rawLink =\n typeof n.metadata?.link === \"string\" ? n.metadata.link : null;\n const link = rawLink ? safeNotificationLink(rawLink) : null;\n const onItemClick = () => {\n if (!n.readAt) void markRead(n.id);\n if (link) {\n setOpen(false);\n window.location.assign(link);\n }\n };\n return (\n <div\n key={n.id}\n className={\n \"group relative border-b border-border last:border-b-0 hover:bg-accent/40 \" +\n (n.readAt ? \"opacity-60\" : \"\")\n }\n >\n <button\n type=\"button\"\n onClick={onItemClick}\n className={\n \"flex w-full flex-col items-start gap-0.5 px-3 py-2 pr-8 text-left\" +\n (link ? \" cursor-pointer\" : \"\")\n }\n >\n <div className=\"flex w-full items-center justify-between gap-2\">\n <span className=\"truncate text-sm font-medium text-foreground\">\n {n.title}\n </span>\n <SeverityBadge severity={n.severity} />\n </div>\n {n.body ? (\n <span className=\"line-clamp-2 text-xs text-muted-foreground\">\n {n.body}\n </span>\n ) : null}\n <span className=\"text-[10px] text-muted-foreground/70\">\n {new Date(n.createdAt).toLocaleString()}\n </span>\n </button>\n <button\n type=\"button\"\n aria-label=\"Dismiss notification\"\n onClick={(e) => {\n e.stopPropagation();\n void dismiss(n.id);\n }}\n className=\"absolute right-2 top-2 hidden rounded p-0.5 text-muted-foreground hover:bg-accent hover:text-foreground group-hover:flex\"\n >\n <IconX size={12} />\n </button>\n </div>\n );\n })\n ) : (\n <div className=\"space-y-1 p-4 text-sm\">\n <p className=\"font-medium text-foreground\">{emptyTitle}</p>\n {emptyDescription ? (\n <p className=\"text-xs leading-relaxed text-muted-foreground\">\n {emptyDescription}\n </p>\n ) : null}\n </div>\n )}\n </div>\n </PopoverContent>\n </Popover>\n );\n}\n\n// Severity color pairs — use /20 opacity backdrops that work against both\n// light and dark theme backgrounds; text uses 700/300 so it stays readable\n// in each mode (the `dark:` prefix is one of the few places where explicit\n// variants are necessary since these are brand-color tokens, not semantic).\nfunction SeverityBadge({ severity }: { severity: NotificationSeverity }) {\n const color =\n severity === \"critical\"\n ? \"bg-red-500/20 text-red-700 dark:text-red-300\"\n : severity === \"warning\"\n ? \"bg-amber-500/20 text-amber-700 dark:text-amber-300\"\n : \"bg-muted text-muted-foreground\";\n return (\n <span className={`rounded px-1.5 py-0.5 text-[10px] font-medium ${color}`}>\n {severity}\n </span>\n );\n}\n"]}
1
+ {"version":3,"file":"NotificationsBell.js","sourceRoot":"","sources":["../../../src/client/notifications/NotificationsBell.tsx"],"names":[],"mappings":";AAAA,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACjE,OAAO,EACL,QAAQ,EACR,eAAe,EACf,WAAW,EACX,KAAK,GACN,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EACL,OAAO,EACP,cAAc,EACd,cAAc,GACf,MAAM,6BAA6B,CAAC;AA0BrC,MAAM,eAAe,GAAG,MAAM,CAAC;AAC/B,MAAM,qBAAqB,GACzB,OAAO,MAAM,KAAK,WAAW,IAAI,cAAc,IAAI,MAAM,CAAC;AAE5D;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,EAChC,MAAM,GAAG,eAAe,EACxB,SAAS,EACT,oBAAoB,GAAG,KAAK,EAC5B,UAAU,GAAG,2BAA2B,EACxC,gBAAgB,EAChB,YAAY,GACW;IACvB,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAClD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAA2B,IAAI,CAAC,CAAC;IACnE,yEAAyE;IACzE,2EAA2E;IAC3E,6EAA6E;IAC7E,0EAA0E;IAC1E,0CAA0C;IAC1C,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,GAC/B,QAAQ,CAAyB,SAAS,CAAC,CAAC;IAE9C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,qBAAqB;YAAE,aAAa,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IACpE,CAAC,EAAE,EAAE,CAAC,CAAC;IACP,sEAAsE;IACtE,wDAAwD;IACxD,MAAM,UAAU,GAAG,MAAM,CAAqB,IAAI,CAAC,CAAC;IAEpD,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACvC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,eAAe,CAAC,uCAAuC,CAAC,CACzD,CAAC;YACF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO;YACpB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;YACrD,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjB,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,EAAE,EAAE,CAAC,CAAC;IAEP,2EAA2E;IAC3E,yEAAyE;IACzE,yEAAyE;IACzE,2EAA2E;IAC3E,2EAA2E;IAC3E,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACrC,IAAI,oBAAoB,EAAE,CAAC;YACzB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,eAAe,CAAC,mDAAmD,CAAC,CACrE,CAAC;gBACF,IAAI,CAAC,GAAG,CAAC,EAAE;oBAAE,OAAO;gBACpB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;gBACrD,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC5B,8DAA8D;gBAC9D,mEAAmE;gBACnE,iEAAiE;gBACjE,+CAA+C;gBAC/C,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC;gBAChC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;gBAC/B,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;oBACrB,MAAM,WAAW,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC;oBAC5C,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;oBACf,IAAI,WAAW;wBAAE,SAAS;oBAC1B,IAAI,CAAC,qBAAqB;wBAAE,SAAS;oBACrC,IAAI,YAAY,CAAC,UAAU,KAAK,SAAS;wBAAE,SAAS;oBACpD,IAAI,CAAC;wBACH,IAAI,YAAY,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACzD,CAAC;oBAAC,MAAM,CAAC;wBACP,8DAA8D;wBAC9D,uCAAuC;oBACzC,CAAC;gBACH,CAAC;gBACD,UAAU,CAAC,OAAO,GAAG,IAAI,CAAC;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,cAAc;YAChB,CAAC;YACD,OAAO;QACT,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,eAAe,CAAC,oCAAoC,CAAC,CACtD,CAAC;YACF,IAAI,CAAC,GAAG,CAAC,EAAE;gBAAE,OAAO;YACpB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;YACrD,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,EAAE,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAE3B,kBAAkB,CAChB,OAAO,EACP,MAAM;IACN,qBAAqB,CAAC,CAAC,oBAAoB,CAC5C,CAAC;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,SAAS,EAAE,CAAC;IACd,CAAC,EAAE,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;IAEtB,MAAM,QAAQ,GAAG,KAAK,EAAE,EAAU,EAAE,EAAE;QACpC,IAAI,CAAC;YACH,+DAA+D;YAC/D,8DAA8D;YAC9D,+CAA+C;YAC/C,MAAM,KAAK,CAAC,eAAe,CAAC,gCAAgC,EAAE,OAAO,CAAC,EAAE;gBACtE,MAAM,EAAE,MAAM;gBACd,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YACH,QAAQ,CAAC,CAAC,IAAI,EAAE,EAAE,CAChB,IAAI;gBACF,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACb,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAC7D;gBACH,CAAC,CAAC,IAAI,CACT,CAAC;YACF,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,CAAC;IAEF,2EAA2E;IAC3E,4EAA4E;IAC5E,4EAA4E;IAC5E,mEAAmE;IACnE,MAAM,oBAAoB,GAAG,CAAC,IAAY,EAAiB,EAAE;QAC3D,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACnD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClD,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC1D,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,WAAW,GAAG,KAAK,IAAI,EAAE;QAC7B,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,eAAe,CAAC,uCAAuC,CAAC,EAAE;gBACpE,MAAM,EAAE,MAAM;aACf,CAAC,CAAC;YACH,QAAQ,CAAC,CAAC,IAAI,EAAE,EAAE,CAChB,IAAI;gBACF,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACb,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAC1D;gBACH,CAAC,CAAC,IAAI,CACT,CAAC;YACF,cAAc,CAAC,CAAC,CAAC,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,OAAO,GAAG,KAAK,EAAE,EAAU,EAAE,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,CAAC,eAAe,CAAC,gCAAgC,EAAE,EAAE,CAAC,EAAE;gBACjE,MAAM,EAAE,QAAQ;aACjB,CAAC,CAAC;YACH,QAAQ,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;YACpE,OAAO,EAAE,CAAC;QACZ,CAAC;QAAC,MAAM,CAAC;YACP,cAAc;QAChB,CAAC;IACH,CAAC,CAAC;IAEF,MAAM,SAAS,GAAG,WAAW,GAAG,CAAC,CAAC;IAClC,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,QAAQ,CAAC;IACpD,MAAM,gBAAgB,GAAG,CAAC,KAAc,EAAE,EAAE;QAC1C,OAAO,CAAC,KAAK,CAAC,CAAC;QACf,YAAY,EAAE,CAAC,KAAK,CAAC,CAAC;IACxB,CAAC,CAAC;IAEF,OAAO,CACL,MAAC,OAAO,IAAC,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,gBAAgB,aACjD,KAAC,cAAc,IAAC,OAAO,kBACrB,kBACE,IAAI,EAAC,QAAQ,gBAEX,SAAS,CAAC,CAAC,CAAC,GAAG,WAAW,uBAAuB,CAAC,CAAC,CAAC,eAAe,EAErE,SAAS,EACP,mKAAmK;wBACnK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,aAGpC,KAAC,IAAI,IAAC,IAAI,EAAE,EAAE,wBAAgB,EAC7B,SAAS,CAAC,CAAC,CAAC,CACX,oCAEE,SAAS,EAAC,+JAA+J,YAExK,WAAW,GAAG,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,GAClC,CACR,CAAC,CAAC,CAAC,IAAI,IACD,GACM,EACjB,MAAC,cAAc,IACb,KAAK,EAAC,KAAK,EACX,UAAU,EAAE,CAAC,EACb,SAAS,EAAC,sCAAsC,aAEhD,eAAK,SAAS,EAAC,wFAAwF,aACrG,2CAA0B,EACzB,SAAS,CAAC,CAAC,CAAC,CACX,iBACE,IAAI,EAAC,QAAQ,EACb,OAAO,EAAE,WAAW,EACpB,SAAS,EAAC,sCAAsC,8BAGzC,CACV,CAAC,CAAC,CAAC,IAAI,IACJ,EACL,oBAAoB;wBACrB,qBAAqB;wBACrB,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,CACzB,eAAK,SAAS,EAAC,+GAA+G,aAC5H,uEAAsD,EACtD,iBACE,IAAI,EAAC,QAAQ,EACb,OAAO,EAAE,KAAK,IAAI,EAAE;oCAClB,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,iBAAiB,EAAE,CAAC;oCACtD,aAAa,CAAC,MAAM,CAAC,CAAC;gCACxB,CAAC,EACD,SAAS,EAAC,iGAAiG,uBAGpG,IACL,CACP,CAAC,CAAC,CAAC,IAAI,EACR,cAAK,SAAS,EAAC,0BAA0B,YACtC,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,CAChB,eAAK,SAAS,EAAC,2DAA2D,aACxE,KAAC,WAAW,IAAC,IAAI,EAAE,EAAE,EAAE,SAAS,EAAC,cAAc,GAAG,sBAC9C,CACP,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CACrB,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;4BACd,MAAM,OAAO,GACX,OAAO,CAAC,CAAC,QAAQ,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;4BAChE,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;4BAC5D,MAAM,WAAW,GAAG,GAAG,EAAE;gCACvB,IAAI,CAAC,CAAC,CAAC,MAAM;oCAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gCACnC,IAAI,IAAI,EAAE,CAAC;oCACT,gBAAgB,CAAC,KAAK,CAAC,CAAC;oCACxB,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gCAC/B,CAAC;4BACH,CAAC,CAAC;4BACF,OAAO,CACL,eAEE,SAAS,EACP,2EAA2E;oCAC3E,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,aAGhC,kBACE,IAAI,EAAC,QAAQ,EACb,OAAO,EAAE,WAAW,EACpB,SAAS,EACP,mEAAmE;4CACnE,CAAC,IAAI,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC,aAGjC,eAAK,SAAS,EAAC,gDAAgD,aAC7D,eAAM,SAAS,EAAC,8CAA8C,YAC3D,CAAC,CAAC,KAAK,GACH,EACP,KAAC,aAAa,IAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,GAAI,IACnC,EACL,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CACR,eAAM,SAAS,EAAC,4CAA4C,YACzD,CAAC,CAAC,IAAI,GACF,CACR,CAAC,CAAC,CAAC,IAAI,EACR,eAAM,SAAS,EAAC,sCAAsC,YACnD,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,cAAc,EAAE,GAClC,IACA,EACT,iBACE,IAAI,EAAC,QAAQ,gBACF,sBAAsB,EACjC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;4CACb,CAAC,CAAC,eAAe,EAAE,CAAC;4CACpB,KAAK,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;wCACrB,CAAC,EACD,SAAS,EAAC,0HAA0H,YAEpI,KAAC,KAAK,IAAC,IAAI,EAAE,EAAE,GAAI,GACZ,KAvCJ,CAAC,CAAC,EAAE,CAwCL,CACP,CAAC;wBACJ,CAAC,CAAC,CACH,CAAC,CAAC,CAAC,CACF,eAAK,SAAS,EAAC,uBAAuB,aACpC,YAAG,SAAS,EAAC,6BAA6B,YAAE,UAAU,GAAK,EAC1D,gBAAgB,CAAC,CAAC,CAAC,CAClB,YAAG,SAAS,EAAC,+CAA+C,YACzD,gBAAgB,GACf,CACL,CAAC,CAAC,CAAC,IAAI,IACJ,CACP,GACG,IACS,IACT,CACX,CAAC;AACJ,CAAC;AAED,0EAA0E;AAC1E,2EAA2E;AAC3E,2EAA2E;AAC3E,4EAA4E;AAC5E,SAAS,aAAa,CAAC,EAAE,QAAQ,EAAsC;IACrE,MAAM,KAAK,GACT,QAAQ,KAAK,UAAU;QACrB,CAAC,CAAC,8CAA8C;QAChD,CAAC,CAAC,QAAQ,KAAK,SAAS;YACtB,CAAC,CAAC,oDAAoD;YACtD,CAAC,CAAC,gCAAgC,CAAC;IACzC,OAAO,CACL,eAAM,SAAS,EAAE,iDAAiD,KAAK,EAAE,YACtE,QAAQ,GACJ,CACR,CAAC;AACJ,CAAC","sourcesContent":["import { agentNativePath, appPath } from \"../api-path.js\";\nimport { useCallback, useEffect, useRef, useState } from \"react\";\nimport {\n IconBell,\n IconBellRinging,\n IconLoader2,\n IconX,\n} from \"@tabler/icons-react\";\nimport { usePausingInterval } from \"../use-pausing-interval.js\";\nimport {\n Popover,\n PopoverContent,\n PopoverTrigger,\n} from \"../components/ui/popover.js\";\nimport type {\n Notification as NotificationDto,\n NotificationSeverity,\n} from \"../../notifications/types.js\";\n\ninterface NotificationsBellProps {\n /** Poll interval in ms. Set to 0 to disable polling. Default: 10000. */\n pollMs?: number;\n /** Optional className for the outer container. */\n className?: string;\n /**\n * When true, fires a system-level `new Notification(...)` popup for each\n * new unread notification — handy when the tab is in the background.\n * Renders an \"Enable browser notifications\" prompt in the dropdown until\n * the user grants permission. Silently no-ops on denied or unsupported.\n */\n browserNotifications?: boolean;\n /** Empty-state title shown when there are no notifications. */\n emptyTitle?: string;\n /** Optional empty-state detail text. */\n emptyDescription?: string;\n /** Optional notification for parent shells that need to coordinate overlays. */\n onOpenChange?: (open: boolean) => void;\n}\n\nconst POLL_MS_DEFAULT = 10_000;\nconst SUPPORTS_NOTIFICATION =\n typeof window !== \"undefined\" && \"Notification\" in window;\n\n/**\n * Header-bar bell that shows the unread-notification count and a dropdown of\n * recent entries. Polling keeps it in sync (the framework poll loop already\n * bumps a version counter so notifications ride on that signal, but we poll\n * the count endpoint directly so the bell updates even outside an app-state\n * change).\n */\nexport function NotificationsBell({\n pollMs = POLL_MS_DEFAULT,\n className,\n browserNotifications = false,\n emptyTitle = \"No app notifications yet.\",\n emptyDescription,\n onOpenChange,\n}: NotificationsBellProps) {\n const [unreadCount, setUnreadCount] = useState(0);\n const [open, setOpen] = useState(false);\n const [items, setItems] = useState<NotificationDto[] | null>(null);\n // Init to \"default\" unconditionally so server and client render the same\n // HTML — reading Notification.permission at init would diverge between SSR\n // (\"denied\", no API) and hydration (\"default\"/\"granted\"), causing a mismatch\n // in templates that mount the bell outside a ClientOnly boundary. We sync\n // to the real value in a useEffect below.\n const [permission, setPermission] =\n useState<NotificationPermission>(\"default\");\n\n useEffect(() => {\n if (SUPPORTS_NOTIFICATION) setPermission(Notification.permission);\n }, []);\n // Ids already popped as browser notifications. Seeded on first run so\n // existing unread don't pop retroactively on page load.\n const seenIdsRef = useRef<Set<string> | null>(null);\n\n const loadItems = useCallback(async () => {\n try {\n const res = await fetch(\n agentNativePath(\"/_agent-native/notifications?limit=20\"),\n );\n if (!res.ok) return;\n const rows = (await res.json()) as NotificationDto[];\n setItems(rows);\n } catch {\n // best-effort\n }\n }, []);\n\n // One polling callback used by both paths. When browserNotifications is on\n // we fetch the unread list (source of truth for both the badge count AND\n // the popup loop — no second /count request), and pop Notification() for\n // any new ids. When off, we fetch just /count. The unread-list branch also\n // opts out of visibility pause so popups still fire for backgrounded tabs.\n const refresh = useCallback(async () => {\n if (browserNotifications) {\n try {\n const res = await fetch(\n agentNativePath(\"/_agent-native/notifications?unread=true&limit=20\"),\n );\n if (!res.ok) return;\n const rows = (await res.json()) as NotificationDto[];\n setUnreadCount(rows.length);\n // First run: treat everything as already seen so we don't pop\n // retroactively on page load. After that, rebuild from the current\n // unread list so ids for read/archived rows drop out — keeps the\n // set bounded to the unread fetch limit (~20).\n const prev = seenIdsRef.current;\n const seen = new Set<string>();\n for (const n of rows) {\n const alreadySeen = prev?.has(n.id) ?? true;\n seen.add(n.id);\n if (alreadySeen) continue;\n if (!SUPPORTS_NOTIFICATION) continue;\n if (Notification.permission !== \"granted\") continue;\n try {\n new Notification(n.title, { body: n.body, tag: n.id });\n } catch {\n // Safari / restricted contexts may throw even when permission\n // claims to be granted — silent no-op.\n }\n }\n seenIdsRef.current = seen;\n } catch {\n // best-effort\n }\n return;\n }\n try {\n const res = await fetch(\n agentNativePath(\"/_agent-native/notifications/count\"),\n );\n if (!res.ok) return;\n const data = (await res.json()) as { count: number };\n setUnreadCount(data.count);\n } catch {\n // best-effort\n }\n }, [browserNotifications]);\n\n usePausingInterval(\n refresh,\n pollMs,\n /* pauseWhenHidden */ !browserNotifications,\n );\n\n useEffect(() => {\n if (!open) return;\n loadItems();\n }, [open, loadItems]);\n\n const markRead = async (id: string) => {\n try {\n // `keepalive: true` lets the request survive page navigation —\n // without it, clicking a notification with a link aborts this\n // request mid-flight and the row stays unread.\n await fetch(agentNativePath(`/_agent-native/notifications/${id}/read`), {\n method: \"POST\",\n keepalive: true,\n });\n setItems((prev) =>\n prev\n ? prev.map((n) =>\n n.id === id ? { ...n, readAt: new Date().toISOString() } : n,\n )\n : prev,\n );\n refresh();\n } catch {\n // best-effort\n }\n };\n\n // Reject any URL that isn't http(s) or a same-origin relative path. Blocks\n // `javascript:` execution, `data:` URIs, and absolute redirects to phishing\n // sites. Relative paths starting with `/` are routed through `appPath()` so\n // the link works in mounted deployments (e.g. /mail subdirectory).\n const safeNotificationLink = (link: string): string | null => {\n if (link.startsWith(\"/\") && !link.startsWith(\"//\")) {\n return appPath(link);\n }\n try {\n const url = new URL(link, window.location.origin);\n if (url.protocol === \"http:\" || url.protocol === \"https:\") {\n return url.toString();\n }\n } catch {\n // fallthrough\n }\n return null;\n };\n\n const markAllRead = async () => {\n try {\n await fetch(agentNativePath(`/_agent-native/notifications/read-all`), {\n method: \"POST\",\n });\n setItems((prev) =>\n prev\n ? prev.map((n) =>\n n.readAt ? n : { ...n, readAt: new Date().toISOString() },\n )\n : prev,\n );\n setUnreadCount(0);\n } catch {\n // best-effort\n }\n };\n\n const dismiss = async (id: string) => {\n try {\n await fetch(agentNativePath(`/_agent-native/notifications/${id}`), {\n method: \"DELETE\",\n });\n setItems((prev) => (prev ? prev.filter((n) => n.id !== id) : prev));\n refresh();\n } catch {\n // best-effort\n }\n };\n\n const hasUnread = unreadCount > 0;\n const Icon = hasUnread ? IconBellRinging : IconBell;\n const setOpenAndNotify = (value: boolean) => {\n setOpen(value);\n onOpenChange?.(value);\n };\n\n return (\n <Popover open={open} onOpenChange={setOpenAndNotify}>\n <PopoverTrigger asChild>\n <button\n type=\"button\"\n aria-label={\n hasUnread ? `${unreadCount} unread notifications` : \"Notifications\"\n }\n className={\n \"an-notifications-bell__trigger relative inline-flex h-8 w-8 items-center justify-center rounded-md text-muted-foreground hover:bg-accent/40 hover:text-foreground\" +\n (className ? ` ${className}` : \"\")\n }\n >\n <Icon size={18} aria-hidden />\n {hasUnread ? (\n <span\n aria-hidden\n className=\"an-notifications-bell__badge absolute -right-0.5 -top-0.5 rounded-full bg-destructive px-1 text-[10px] leading-[14px] font-medium text-destructive-foreground\"\n >\n {unreadCount > 99 ? \"99+\" : unreadCount}\n </span>\n ) : null}\n </button>\n </PopoverTrigger>\n <PopoverContent\n align=\"end\"\n sideOffset={8}\n className=\"an-notifications-bell__menu w-80 p-0\"\n >\n <div className=\"flex items-center justify-between border-b border-border px-3 py-2 text-sm font-medium\">\n <span>Notifications</span>\n {hasUnread ? (\n <button\n type=\"button\"\n onClick={markAllRead}\n className=\"text-xs text-primary hover:underline\"\n >\n Mark all read\n </button>\n ) : null}\n </div>\n {browserNotifications &&\n SUPPORTS_NOTIFICATION &&\n permission === \"default\" ? (\n <div className=\"flex items-center justify-between gap-2 border-b border-border bg-accent/40 px-3 py-2 text-xs text-foreground\">\n <span>Get a system popup for new notifications.</span>\n <button\n type=\"button\"\n onClick={async () => {\n const result = await Notification.requestPermission();\n setPermission(result);\n }}\n className=\"shrink-0 rounded bg-primary px-2 py-0.5 font-medium text-primary-foreground hover:bg-primary/90\"\n >\n Enable\n </button>\n </div>\n ) : null}\n <div className=\"max-h-96 overflow-y-auto\">\n {items === null ? (\n <div className=\"flex items-center gap-2 p-4 text-sm text-muted-foreground\">\n <IconLoader2 size={14} className=\"animate-spin\" /> Loading…\n </div>\n ) : items.length > 0 ? (\n items.map((n) => {\n const rawLink =\n typeof n.metadata?.link === \"string\" ? n.metadata.link : null;\n const link = rawLink ? safeNotificationLink(rawLink) : null;\n const onItemClick = () => {\n if (!n.readAt) void markRead(n.id);\n if (link) {\n setOpenAndNotify(false);\n window.location.assign(link);\n }\n };\n return (\n <div\n key={n.id}\n className={\n \"group relative border-b border-border last:border-b-0 hover:bg-accent/40 \" +\n (n.readAt ? \"opacity-60\" : \"\")\n }\n >\n <button\n type=\"button\"\n onClick={onItemClick}\n className={\n \"flex w-full flex-col items-start gap-0.5 px-3 py-2 pr-8 text-left\" +\n (link ? \" cursor-pointer\" : \"\")\n }\n >\n <div className=\"flex w-full items-center justify-between gap-2\">\n <span className=\"truncate text-sm font-medium text-foreground\">\n {n.title}\n </span>\n <SeverityBadge severity={n.severity} />\n </div>\n {n.body ? (\n <span className=\"line-clamp-2 text-xs text-muted-foreground\">\n {n.body}\n </span>\n ) : null}\n <span className=\"text-[10px] text-muted-foreground/70\">\n {new Date(n.createdAt).toLocaleString()}\n </span>\n </button>\n <button\n type=\"button\"\n aria-label=\"Dismiss notification\"\n onClick={(e) => {\n e.stopPropagation();\n void dismiss(n.id);\n }}\n className=\"absolute right-2 top-2 hidden rounded p-0.5 text-muted-foreground hover:bg-accent hover:text-foreground group-hover:flex\"\n >\n <IconX size={12} />\n </button>\n </div>\n );\n })\n ) : (\n <div className=\"space-y-1 p-4 text-sm\">\n <p className=\"font-medium text-foreground\">{emptyTitle}</p>\n {emptyDescription ? (\n <p className=\"text-xs leading-relaxed text-muted-foreground\">\n {emptyDescription}\n </p>\n ) : null}\n </div>\n )}\n </div>\n </PopoverContent>\n </Popover>\n );\n}\n\n// Severity color pairs — use /20 opacity backdrops that work against both\n// light and dark theme backgrounds; text uses 700/300 so it stays readable\n// in each mode (the `dark:` prefix is one of the few places where explicit\n// variants are necessary since these are brand-color tokens, not semantic).\nfunction SeverityBadge({ severity }: { severity: NotificationSeverity }) {\n const color =\n severity === \"critical\"\n ? \"bg-red-500/20 text-red-700 dark:text-red-300\"\n : severity === \"warning\"\n ? \"bg-amber-500/20 text-amber-700 dark:text-amber-300\"\n : \"bg-muted text-muted-foreground\";\n return (\n <span className={`rounded px-1.5 py-0.5 text-[10px] font-medium ${color}`}>\n {severity}\n </span>\n );\n}\n"]}
package/dist/org/auto-join-domain.d.ts CHANGED
@@ -4,6 +4,14 @@ export interface AutoJoinDomainResult {
4
4
  }>;
5
5
  activeOrgId: string | null;
6
6
  }
7
+ export interface AutoJoinDomainOptions {
8
+ /**
9
+ * The signup hook should not clobber an org selected by an invite flow, but
10
+ * request-time org resolution may need to move an existing account from a
11
+ * personal workspace into its newly matched company org.
12
+ */
13
+ activateJoinedOrg?: "if-missing" | "always";
14
+ }
7
15
  /**
8
16
  * Auto-join a newly-signed-up user into every org whose `allowed_domain`
9
17
  * matches their email domain.
@@ -16,13 +24,13 @@ export interface AutoJoinDomainResult {
16
24
  * "Join your team" UI in the picker; we use the same opt-in to drive
17
25
  * automatic join.
18
26
  *
19
- * Idempotent — skips orgs the user is already a member of and never
20
- * overwrites an existing `active-org-id` setting.
27
+ * Idempotent — skips orgs the user is already a member of and, by default,
28
+ * never overwrites an existing `active-org-id` setting.
21
29
  *
22
30
  * Safe to call when the org tables don't exist (some templates don't use
23
31
  * the org module): it swallows the "no such table" error and returns
24
32
  * empty. Never throws — the caller is a signup hook and we don't want to
25
33
  * block a user from creating their account because of an org-tier issue.
26
34
  */
27
- export declare function autoJoinDomainMatchingOrgs(rawEmail: string): Promise<AutoJoinDomainResult>;
35
+ export declare function autoJoinDomainMatchingOrgs(rawEmail: string, options?: AutoJoinDomainOptions): Promise<AutoJoinDomainResult>;
28
36
  //# sourceMappingURL=auto-join-domain.d.ts.map
package/dist/org/auto-join-domain.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auto-join-domain.d.ts","sourceRoot":"","sources":["../../src/org/auto-join-domain.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,0BAA0B,CAC9C,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,oBAAoB,CAAC,CAmE/B"}
1
+ {"version":3,"file":"auto-join-domain.d.ts","sourceRoot":"","sources":["../../src/org/auto-join-domain.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED,MAAM,WAAW,qBAAqB;IACpC;;;;OAIG;IACH,iBAAiB,CAAC,EAAE,YAAY,GAAG,QAAQ,CAAC;CAC7C;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,0BAA0B,CAC9C,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,qBAA0B,GAClC,OAAO,CAAC,oBAAoB,CAAC,CAoE/B"}
package/dist/org/auto-join-domain.js CHANGED
@@ -14,15 +14,15 @@ const nanoid = () => globalThis.crypto?.randomUUID?.().replace(/-/g, "") ??
14
14
  * "Join your team" UI in the picker; we use the same opt-in to drive
15
15
  * automatic join.
16
16
  *
17
- * Idempotent — skips orgs the user is already a member of and never
18
- * overwrites an existing `active-org-id` setting.
17
+ * Idempotent — skips orgs the user is already a member of and, by default,
18
+ * never overwrites an existing `active-org-id` setting.
19
19
  *
20
20
  * Safe to call when the org tables don't exist (some templates don't use
21
21
  * the org module): it swallows the "no such table" error and returns
22
22
  * empty. Never throws — the caller is a signup hook and we don't want to
23
23
  * block a user from creating their account because of an org-tier issue.
24
24
  */
25
- export async function autoJoinDomainMatchingOrgs(rawEmail) {
25
+ export async function autoJoinDomainMatchingOrgs(rawEmail, options = {}) {
26
26
  const email = rawEmail.trim().toLowerCase();
27
27
  if (!email)
28
28
  return { joined: [], activeOrgId: null };
@@ -71,14 +71,15 @@ export async function autoJoinDomainMatchingOrgs(rawEmail) {
71
71
  // existing membership intact; just skip this org.
72
72
  }
73
73
  }
74
- // Set active-org-id to the first match only if the user doesn't
75
- // already have one (a pending invite that ran first may have set it).
74
+ // Set active-org-id to the first match only if the user doesn't already have
75
+ // one, unless the caller is request-time org resolution intentionally moving
76
+ // an existing account into its newly matched company org.
76
77
  let activeOrgId = null;
77
78
  if (joined[0]) {
78
79
  try {
79
80
  const existing = await getUserSetting(email, "active-org-id");
80
81
  const hasActive = Boolean(existing?.orgId);
81
- if (!hasActive) {
82
+ if (options.activateJoinedOrg === "always" || !hasActive) {
82
83
  activeOrgId = joined[0].orgId;
83
84
  await putUserSetting(email, "active-org-id", { orgId: activeOrgId });
84
85
  }
package/dist/org/auto-join-domain.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auto-join-domain.js","sourceRoot":"","sources":["../../src/org/auto-join-domain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9E,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAOhE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,QAAgB;IAEhB,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAClD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAEtD,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;IAEvB,IAAI,OAAO,GAA6B,EAAE,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAC3B,GAAG,EAAE;;;;;;;;;sCAS2B;YAChC,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC;SACtB,CAAC,CAAC;QACH,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;YAClC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;SACnC,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,uCAAuC;QACvC,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAEnE,MAAM,MAAM,GAAmC,EAAE,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,OAAO,CAAC;gBACf,GAAG,EAAE,4FAA4F;gBACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;aAC7C,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;YACjE,kEAAkE;YAClE,kDAAkD;QACpD,CAAC;IACH,CAAC;IAED,gEAAgE;IAChE,sEAAsE;IACtE,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC3C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,WAAW,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC9B,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;AACjC,CAAC","sourcesContent":["import { getDbExec } from \"../db/client.js\";\nimport { getUserSetting, putUserSetting } from \"../settings/user-settings.js\";\n\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\n\nexport interface AutoJoinDomainResult {\n joined: Array<{ orgId: string }>;\n activeOrgId: string | null;\n}\n\n/**\n * Auto-join a newly-signed-up user into every org whose `allowed_domain`\n * matches their email domain.\n *\n * Called from the Better Auth `user.create.after` hook so that e.g. a new\n * `@builder.io` signup lands inside the existing Builder.io org on first\n * page load instead of starting in Personal and having to find the join\n * CTA. The org's owner opts into this by setting\n * `organizations.allowed_domain` — the column already gated the manual\n * \"Join your team\" UI in the picker; we use the same opt-in to drive\n * automatic join.\n *\n * Idempotent — skips orgs the user is already a member of and never\n * overwrites an existing `active-org-id` setting.\n *\n * Safe to call when the org tables don't exist (some templates don't use\n * the org module): it swallows the \"no such table\" error and returns\n * empty. Never throws — the caller is a signup hook and we don't want to\n * block a user from creating their account because of an org-tier issue.\n */\nexport async function autoJoinDomainMatchingOrgs(\n rawEmail: string,\n): Promise<AutoJoinDomainResult> {\n const email = rawEmail.trim().toLowerCase();\n if (!email) return { joined: [], activeOrgId: null };\n\n const domain = email.split(\"@\")[1]?.toLowerCase();\n if (!domain) return { joined: [], activeOrgId: null };\n\n const db = getDbExec();\n\n let matches: Array<{ orgId: string }> = [];\n try {\n const res = await db.execute({\n sql: `SELECT o.id AS \"orgId\"\n FROM organizations o\n WHERE LOWER(o.allowed_domain) = ?\n AND NOT EXISTS (\n SELECT 1\n FROM org_members m\n WHERE m.org_id = o.id\n AND LOWER(m.email) = ?\n )\n ORDER BY o.created_at ASC`,\n args: [domain, email],\n });\n matches = res.rows.map((r: any) => ({\n orgId: String(r.orgId ?? r.org_id),\n }));\n } catch {\n // Template without org tables (or `allowed_domain` column not yet\n // migrated). Not fatal — return empty.\n return { joined: [], activeOrgId: null };\n }\n\n if (matches.length === 0) return { joined: [], activeOrgId: null };\n\n const joined: AutoJoinDomainResult[\"joined\"] = [];\n for (const m of matches) {\n try {\n await db.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n args: [nanoid(), m.orgId, email, Date.now()],\n });\n joined.push({ orgId: m.orgId });\n } catch {\n // Race with a parallel join (e.g. user accepted an invite to the\n // same org milliseconds earlier). The unique constraint keeps the\n // existing membership intact; just skip this org.\n }\n }\n\n // Set active-org-id to the first match only if the user doesn't\n // already have one (a pending invite that ran first may have set it).\n let activeOrgId: string | null = null;\n if (joined[0]) {\n try {\n const existing = await getUserSetting(email, \"active-org-id\");\n const hasActive = Boolean(existing?.orgId);\n if (!hasActive) {\n activeOrgId = joined[0].orgId;\n await putUserSetting(email, \"active-org-id\", { orgId: activeOrgId });\n }\n } catch {\n // settings table missing — not fatal.\n }\n }\n\n return { joined, activeOrgId };\n}\n"]}
1
+ {"version":3,"file":"auto-join-domain.js","sourceRoot":"","sources":["../../src/org/auto-join-domain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9E,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAgBhE;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,QAAgB,EAChB,UAAiC,EAAE;IAEnC,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAErD,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;IAClD,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAEtD,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;IAEvB,IAAI,OAAO,GAA6B,EAAE,CAAC;IAC3C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAC3B,GAAG,EAAE;;;;;;;;;sCAS2B;YAChC,IAAI,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC;SACtB,CAAC,CAAC;QACH,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;YAClC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;SACnC,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,uCAAuC;QACvC,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAEnE,MAAM,MAAM,GAAmC,EAAE,CAAC;IAClD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,OAAO,CAAC;gBACf,GAAG,EAAE,4FAA4F;gBACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;aAC7C,CAAC,CAAC;YACH,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;YACjE,kEAAkE;YAClE,kDAAkD;QACpD,CAAC;IACH,CAAC;IAED,6EAA6E;IAC7E,6EAA6E;IAC7E,0DAA0D;IAC1D,IAAI,WAAW,GAAkB,IAAI,CAAC;IACtC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAC3C,IAAI,OAAO,CAAC,iBAAiB,KAAK,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;gBACzD,WAAW,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;gBAC9B,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;IACH,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;AACjC,CAAC","sourcesContent":["import { getDbExec } from \"../db/client.js\";\nimport { getUserSetting, putUserSetting } from \"../settings/user-settings.js\";\n\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\n\nexport interface AutoJoinDomainResult {\n joined: Array<{ orgId: string }>;\n activeOrgId: string | null;\n}\n\nexport interface AutoJoinDomainOptions {\n /**\n * The signup hook should not clobber an org selected by an invite flow, but\n * request-time org resolution may need to move an existing account from a\n * personal workspace into its newly matched company org.\n */\n activateJoinedOrg?: \"if-missing\" | \"always\";\n}\n\n/**\n * Auto-join a newly-signed-up user into every org whose `allowed_domain`\n * matches their email domain.\n *\n * Called from the Better Auth `user.create.after` hook so that e.g. a new\n * `@builder.io` signup lands inside the existing Builder.io org on first\n * page load instead of starting in Personal and having to find the join\n * CTA. The org's owner opts into this by setting\n * `organizations.allowed_domain` — the column already gated the manual\n * \"Join your team\" UI in the picker; we use the same opt-in to drive\n * automatic join.\n *\n * Idempotent — skips orgs the user is already a member of and, by default,\n * never overwrites an existing `active-org-id` setting.\n *\n * Safe to call when the org tables don't exist (some templates don't use\n * the org module): it swallows the \"no such table\" error and returns\n * empty. Never throws — the caller is a signup hook and we don't want to\n * block a user from creating their account because of an org-tier issue.\n */\nexport async function autoJoinDomainMatchingOrgs(\n rawEmail: string,\n options: AutoJoinDomainOptions = {},\n): Promise<AutoJoinDomainResult> {\n const email = rawEmail.trim().toLowerCase();\n if (!email) return { joined: [], activeOrgId: null };\n\n const domain = email.split(\"@\")[1]?.toLowerCase();\n if (!domain) return { joined: [], activeOrgId: null };\n\n const db = getDbExec();\n\n let matches: Array<{ orgId: string }> = [];\n try {\n const res = await db.execute({\n sql: `SELECT o.id AS \"orgId\"\n FROM organizations o\n WHERE LOWER(o.allowed_domain) = ?\n AND NOT EXISTS (\n SELECT 1\n FROM org_members m\n WHERE m.org_id = o.id\n AND LOWER(m.email) = ?\n )\n ORDER BY o.created_at ASC`,\n args: [domain, email],\n });\n matches = res.rows.map((r: any) => ({\n orgId: String(r.orgId ?? r.org_id),\n }));\n } catch {\n // Template without org tables (or `allowed_domain` column not yet\n // migrated). Not fatal — return empty.\n return { joined: [], activeOrgId: null };\n }\n\n if (matches.length === 0) return { joined: [], activeOrgId: null };\n\n const joined: AutoJoinDomainResult[\"joined\"] = [];\n for (const m of matches) {\n try {\n await db.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n args: [nanoid(), m.orgId, email, Date.now()],\n });\n joined.push({ orgId: m.orgId });\n } catch {\n // Race with a parallel join (e.g. user accepted an invite to the\n // same org milliseconds earlier). The unique constraint keeps the\n // existing membership intact; just skip this org.\n }\n }\n\n // Set active-org-id to the first match only if the user doesn't already have\n // one, unless the caller is request-time org resolution intentionally moving\n // an existing account into its newly matched company org.\n let activeOrgId: string | null = null;\n if (joined[0]) {\n try {\n const existing = await getUserSetting(email, \"active-org-id\");\n const hasActive = Boolean(existing?.orgId);\n if (options.activateJoinedOrg === \"always\" || !hasActive) {\n activeOrgId = joined[0].orgId;\n await putUserSetting(email, \"active-org-id\", { orgId: activeOrgId });\n }\n } catch {\n // settings table missing — not fatal.\n }\n }\n\n return { joined, activeOrgId };\n}\n"]}
package/dist/org/context.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/org/context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAKlC,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAmBtD;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAOvE;AAqGD;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,IAAI,GAAE,OAAiB,GACtB,OAAO,CAAC;IACT,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC,CAqBD;AAqLD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxE;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAa3E;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxB;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAepD"}
1
+ {"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/org/context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAMlC,OAAO,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AA2BtD;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAOvE;AA6ID;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAED;;;;;;GAMG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,IAAI,GAAE,OAAiB,GACtB,OAAO,CAAC;IACT,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,OAAO,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC,CAqBD;AAqLD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxE;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAa3E;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxB;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAepD"}
package/dist/org/context.js CHANGED
@@ -2,6 +2,7 @@ import { getSession } from "../server/auth.js";
2
2
  import { getUserSetting, putUserSetting } from "../settings/user-settings.js";
3
3
  import { getDbExec } from "../db/client.js";
4
4
  import { getSetting } from "../settings/store.js";
5
+ import { autoJoinDomainMatchingOrgs } from "./auto-join-domain.js";
5
6
  const EMPTY_CONTEXT = {
6
7
  email: "",
7
8
  orgId: null,
@@ -13,6 +14,9 @@ function normalizeOrgRole(value) {
13
14
  ? value
14
15
  : null;
15
16
  }
17
+ function isLikelyPersonalWorkspace(membership, email, session) {
18
+ return membership.orgName.trim() === defaultOrgName(email, session);
19
+ }
16
20
  const nanoid = () => globalThis.crypto?.randomUUID?.().replace(/-/g, "") ??
17
21
  Math.random().toString(36).slice(2) + Date.now().toString(36);
18
22
  /**
@@ -47,23 +51,8 @@ async function resolveOrgContextUncached(event) {
47
51
  : null;
48
52
  const sessionOrgRole = normalizeOrgRole(session.orgRole);
49
53
  const exec = getDbExec();
50
- let memberships = [];
51
- try {
52
- const { rows } = await exec.execute({
53
- sql: `SELECT m.org_id AS "orgId", m.role AS role, o.name AS "orgName"
54
- FROM org_members m
55
- INNER JOIN organizations o ON m.org_id = o.id
56
- WHERE LOWER(m.email) = ?`,
57
- args: [email.toLowerCase()],
58
- });
59
- memberships = rows.map((r) => ({
60
- orgId: String(r.orgId ?? r.org_id),
61
- role: String(r.role),
62
- orgName: String(r.orgName ?? r.org_name),
63
- }));
64
- }
65
- catch {
66
- // Tables may not exist yet on first boot before migrations finish.
54
+ let memberships = await loadMemberships(exec, email);
55
+ if (memberships === null) {
67
56
  if (sessionOrgId) {
68
57
  return {
69
58
  email,
@@ -74,8 +63,49 @@ async function resolveOrgContextUncached(event) {
74
63
  }
75
64
  return { email, orgId: null, orgName: null, role: null };
76
65
  }
66
+ if (memberships.length > 1) {
67
+ const activeOrgSetting = (await getUserSetting(email, "active-org-id"));
68
+ if (activeOrgSetting?.orgId) {
69
+ const active = memberships.find((m) => m.orgId === activeOrgSetting.orgId);
70
+ if (active) {
71
+ return {
72
+ email,
73
+ orgId: active.orgId,
74
+ orgName: active.orgName,
75
+ role: active.role,
76
+ };
77
+ }
78
+ }
79
+ }
80
+ const sessionMembership = sessionOrgId
81
+ ? memberships.find((m) => m.orgId === sessionOrgId)
82
+ : null;
83
+ const shouldTryDomainAutoJoin = memberships.length === 0 ||
84
+ (memberships.length === 1 &&
85
+ isLikelyPersonalWorkspace(memberships[0], email, session));
86
+ if (shouldTryDomainAutoJoin) {
87
+ const joined = await autoJoinDomainMatchingOrgs(email, {
88
+ activateJoinedOrg: "always",
89
+ });
90
+ if (joined.joined.length > 0) {
91
+ const refreshed = await loadMemberships(exec, email);
92
+ if (refreshed !== null)
93
+ memberships = refreshed;
94
+ }
95
+ if (joined.activeOrgId) {
96
+ const active = memberships.find((m) => m.orgId === joined.activeOrgId);
97
+ if (active) {
98
+ return {
99
+ email,
100
+ orgId: active.orgId,
101
+ orgName: active.orgName,
102
+ role: active.role,
103
+ };
104
+ }
105
+ }
106
+ }
77
107
  if (sessionOrgId) {
78
- const active = memberships.find((m) => m.orgId === sessionOrgId);
108
+ const active = sessionMembership ?? memberships.find((m) => m.orgId === sessionOrgId);
79
109
  if (active) {
80
110
  return {
81
111
  email,
@@ -101,20 +131,6 @@ async function resolveOrgContextUncached(event) {
101
131
  if (memberships.length === 0) {
102
132
  return { email, orgId: null, orgName: null, role: null };
103
133
  }
104
- if (memberships.length > 1) {
105
- const activeOrgSetting = (await getUserSetting(email, "active-org-id"));
106
- if (activeOrgSetting?.orgId) {
107
- const active = memberships.find((m) => m.orgId === activeOrgSetting.orgId);
108
- if (active) {
109
- return {
110
- email,
111
- orgId: active.orgId,
112
- orgName: active.orgName,
113
- role: active.role,
114
- };
115
- }
116
- }
117
- }
118
134
  return {
119
135
  email,
120
136
  orgId: memberships[0].orgId,
@@ -122,6 +138,26 @@ async function resolveOrgContextUncached(event) {
122
138
  role: memberships[0].role,
123
139
  };
124
140
  }
141
+ async function loadMemberships(exec, email) {
142
+ try {
143
+ const { rows } = await exec.execute({
144
+ sql: `SELECT m.org_id AS "orgId", m.role AS role, o.name AS "orgName"
145
+ FROM org_members m
146
+ INNER JOIN organizations o ON m.org_id = o.id
147
+ WHERE LOWER(m.email) = ?`,
148
+ args: [email.toLowerCase()],
149
+ });
150
+ return rows.map((r) => ({
151
+ orgId: String(r.orgId ?? r.org_id),
152
+ role: String(r.role),
153
+ orgName: String(r.orgName ?? r.org_name),
154
+ }));
155
+ }
156
+ catch {
157
+ // Tables may not exist yet on first boot before migrations finish.
158
+ return null;
159
+ }
160
+ }
125
161
  /**
126
162
  * Resolve the active org ID for a given email — for non-HTTP contexts like
127
163
  * the integration webhook handler where we have an email but no event/session.
package/dist/org/context.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"context.js","sourceRoot":"","sources":["../../src/org/context.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAGlD,MAAM,aAAa,GAAe;IAChC,KAAK,EAAE,EAAE;IACT,KAAK,EAAE,IAAI;IACX,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,IAAI;CACX,CAAC;AAEF,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,QAAQ;QACjE,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhE;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAc;IAChD,6EAA6E;IAC7E,wEAAwE;IACxE,MAAM,GAAG,GAAG,KAAK,CAAC,OAEjB,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC;AACxE,CAAC;AAED,KAAK,UAAU,yBAAyB,CAAC,KAAc;IACrD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,OAAO,aAAa,CAAC;IACjC,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE;QACvD,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE;QACtB,CAAC,CAAC,IAAI,CAAC;IACX,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEzD,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IAEzB,IAAI,WAAW,GAIV,EAAE,CAAC;IACR,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE;;;qCAG0B;YAC/B,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;SAC5B,CAAC,CAAC;QACH,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;YAClC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;YAClC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;YAC/B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;SACzC,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;QACnE,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO;gBACL,KAAK;gBACL,KAAK,EAAE,YAAY;gBACnB,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,cAAc;aACrB,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC3D,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC,CAAC;QACjE,IAAI,MAAM,EAAE,CAAC;YACX,OAAO;gBACL,KAAK;gBACL,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;aAClB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK;YACL,KAAK,EAAE,YAAY;YACnB,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,cAAc;SACrB,CAAC;IACJ,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAChE,IAAI,OAAO;YAAE,OAAO,OAAO,CAAC;QAC5B,8DAA8D;QAC9D,iDAAiD;IACnD,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC3D,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,gBAAgB,GAAG,CAAC,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,CAE9D,CAAC;QACT,IAAI,gBAAgB,EAAE,KAAK,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,gBAAgB,CAAC,KAAK,CAC1C,CAAC;YACF,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;oBACL,KAAK;oBACL,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;iBAClB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK;QACL,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;QAC3B,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO;QAC/B,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI;KAC1B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAa;IAEb,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IACzB,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,uDAAuD;YAC5D,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;SAC5B,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACnD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,gBAAgB,GAAG,CAAC,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,CAE9D,CAAC;QACT,IAAI,gBAAgB,EAAE,KAAK,IAAI,GAAG,CAAC,QAAQ,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;YACpE,OAAO,gBAAgB,CAAC,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAY,EACZ,KAAa,EACb,OAAgB,OAAO;IAQvB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IACzB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAExD,MAAM,IAAI,CAAC,OAAO,CAAC;QACjB,GAAG,EAAE,iGAAiG;QACtG,IAAI,EAAE,CAAC,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,CAAC;KACrD,CAAC,CAAC;IAEH,MAAM,IAAI,CAAC,OAAO,CAAC;QACjB,GAAG,EAAE,qFAAqF;QAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC;KAC7C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;IAE5D,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AAC/D,CAAC;AAED,SAAS,cAAc,CACrB,KAAa,EACb,OAAiC;IAEjC,MAAM,IAAI,GAAG,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACnC,IAAI,IAAI;QAAE,OAAO,GAAG,IAAI,cAAc,CAAC;IACvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GACV,OAAO;SACJ,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACvB,OAAO,GAAG,MAAM,cAAc,CAAC;AACjC,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB,CACjC,IAAkC,EAClC,KAAa;IAEb,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,qFAAqF;YAC1F,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;SAC5B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;QAC/D,4DAA4D;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,IAAkC,EAClC,KAAa;IAEb,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,qEAAqE;YAC1E,IAAI,EAAE,CAAC,MAAM,CAAC;SACf,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;sDAIsD;AACtD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,KAAK,UAAU,mBAAmB,CAChC,IAAkC,EAClC,KAAa,EACb,OAAiC;IAEjC,sEAAsE;IACtE,mEAAmE;IACnE,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAE7C,MAAM,QAAQ,GAAG,KAAK,KAAK,CAAC,WAAW,EAAE,oBAAoB,CAAC;IAE9D,IAAI,CAAC,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvD,sEAAsE;IACtE,qEAAqE;IACrE,mEAAmE;IACnE,yDAAyD;IACzD,IAAI,MAAM,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;QACtC,MAAM,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,IAAI,CAAC,OAAO,CAAC;YACjB,GAAG,EAAE,kFAAkF;YACvF,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC;SACnC,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,OAAO,CAAC;YACjB,GAAG,EAAE,qFAAqF;YAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC;SAC7C,CAAC,CAAC;QAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAExD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,IAAkC,EAClC,QAAgB;IAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,OAAO,CAAC;YACjB,GAAG,EAAE,gEAAgE;YACrE,IAAI,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC;SACnD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,iEAAiE;QACjE,mDAAmD;QACnD,EAAE;QACF,2DAA2D;QAC3D,iEAAiE;QACjE,iEAAiE;QACjE,kEAAkE;QAClE,iEAAiE;QACjE,0DAA0D;QAC1D,gEAAgE;QAChE,uEAAuE;QACvE,yBAAyB;QACzB,MAAM,cAAc,GAAG,GAAG,GAAG,YAAY,CAAC;QAC1C,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC;YACjC,GAAG,EAAE,iFAAiF;YACtF,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,cAAc,CAAC;SACnE,CAAC,CAA8B,CAAC;QACjC,OAAO,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,IAAkC,EAClC,QAAgB;IAEhB,+DAA+D;IAC/D,qEAAqE;IACrE,kDAAkD;IAClD,MAAM,IAAI;SACP,OAAO,CAAC,EAAE,GAAG,EAAE,oCAAoC,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC;SACxE,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAa;IAC9C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,+DAA+D;YACpE,IAAI,EAAE,CAAC,KAAK,CAAC;SACd,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;QAC7D,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa;IACjD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,2DAA2D;YAChE,IAAI,EAAE,CAAC,KAAK,CAAC;SACd,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACzD,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,8EAA8E;YACnF,IAAI,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACzD,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,4EAA4E;YACjF,IAAI,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,OAAO;YACL,KAAK,EAAE,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAC;SACvC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { getSession } from \"../server/auth.js\";\nimport { getUserSetting, putUserSetting } from \"../settings/user-settings.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport { getSetting } from \"../settings/store.js\";\nimport type { OrgContext, OrgRole } from \"./types.js\";\n\nconst EMPTY_CONTEXT: OrgContext = {\n email: \"\",\n orgId: null,\n orgName: null,\n role: null,\n};\n\nfunction normalizeOrgRole(value: unknown): OrgRole | null {\n return value === \"owner\" || value === \"admin\" || value === \"member\"\n ? value\n : null;\n}\n\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\n\n/**\n * Resolve the current user's organization context from their session.\n *\n * - For users in multiple orgs, honors their `active-org-id` user setting.\n * - Falls back to the user's first membership.\n * - When `AUTO_CREATE_DEFAULT_ORG` is set and the authenticated user has\n * zero memberships, provisions a default org named after the user\n * ({name}'s workspace, falling back to the email local-part). Opt-in\n * per deployment so templates that don't use orgs don't accrue phantom\n * default orgs in their DB. The <RequireActiveOrg> client guard remains\n * the safety net for pre-existing accounts or provisioning failures.\n *\n * Per-request memoized on `event.context` — mirrors the `getSession`\n * pattern so multiple callers in the same request (e.g. ssr-handler +\n * a loader) share a single org_members round trip.\n */\nexport async function getOrgContext(event: H3Event): Promise<OrgContext> {\n // Per-request memoization. Multiple call sites per request (action wrappers,\n // SSR handler, loaders) must not each pay a separate org_members query.\n const ctx = event.context as {\n __anOrgContextCache?: Promise<OrgContext>;\n };\n return (ctx.__anOrgContextCache ??= resolveOrgContextUncached(event));\n}\n\nasync function resolveOrgContextUncached(event: H3Event): Promise<OrgContext> {\n const session = await getSession(event);\n const email = session?.email;\n if (!email) return EMPTY_CONTEXT;\n const sessionOrgId =\n typeof session.orgId === \"string\" && session.orgId.trim()\n ? session.orgId.trim()\n : null;\n const sessionOrgRole = normalizeOrgRole(session.orgRole);\n\n const exec = getDbExec();\n\n let memberships: Array<{\n orgId: string;\n role: OrgRole;\n orgName: string;\n }> = [];\n try {\n const { rows } = await exec.execute({\n sql: `SELECT m.org_id AS \"orgId\", m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE LOWER(m.email) = ?`,\n args: [email.toLowerCase()],\n });\n memberships = rows.map((r: any) => ({\n orgId: String(r.orgId ?? r.org_id),\n role: String(r.role) as OrgRole,\n orgName: String(r.orgName ?? r.org_name),\n }));\n } catch {\n // Tables may not exist yet on first boot before migrations finish.\n if (sessionOrgId) {\n return {\n email,\n orgId: sessionOrgId,\n orgName: null,\n role: sessionOrgRole,\n };\n }\n return { email, orgId: null, orgName: null, role: null };\n }\n\n if (sessionOrgId) {\n const active = memberships.find((m) => m.orgId === sessionOrgId);\n if (active) {\n return {\n email,\n orgId: active.orgId,\n orgName: active.orgName,\n role: active.role,\n };\n }\n return {\n email,\n orgId: sessionOrgId,\n orgName: null,\n role: sessionOrgRole,\n };\n }\n\n if (memberships.length === 0 && process.env.AUTO_CREATE_DEFAULT_ORG) {\n const created = await tryCreateDefaultOrg(exec, email, session);\n if (created) return created;\n // Creation failed (race / DB error); fall through and let the\n // RequireActiveOrg client guard prompt the user.\n }\n\n if (memberships.length === 0) {\n return { email, orgId: null, orgName: null, role: null };\n }\n\n if (memberships.length > 1) {\n const activeOrgSetting = (await getUserSetting(email, \"active-org-id\")) as {\n orgId: string;\n } | null;\n if (activeOrgSetting?.orgId) {\n const active = memberships.find(\n (m) => m.orgId === activeOrgSetting.orgId,\n );\n if (active) {\n return {\n email,\n orgId: active.orgId,\n orgName: active.orgName,\n role: active.role,\n };\n }\n }\n }\n\n return {\n email,\n orgId: memberships[0].orgId,\n orgName: memberships[0].orgName,\n role: memberships[0].role,\n };\n}\n\n/**\n * Resolve the active org ID for a given email — for non-HTTP contexts like\n * the integration webhook handler where we have an email but no event/session.\n * Picks the user's active-org-id setting if set, otherwise the first membership.\n * Returns null if the user has no memberships.\n */\nexport async function resolveOrgIdForEmail(\n email: string,\n): Promise<string | null> {\n const exec = getDbExec();\n if (!exec) return null;\n try {\n const { rows } = await exec.execute({\n sql: `SELECT org_id FROM org_members WHERE LOWER(email) = ?`,\n args: [email.toLowerCase()],\n });\n if (rows.length === 0) return null;\n const ids = rows.map((r: any) => String(r.org_id));\n if (ids.length === 1) return ids[0];\n const activeOrgSetting = (await getUserSetting(email, \"active-org-id\")) as {\n orgId: string;\n } | null;\n if (activeOrgSetting?.orgId && ids.includes(activeOrgSetting.orgId)) {\n return activeOrgSetting.orgId;\n }\n return ids[0];\n } catch {\n return null;\n }\n}\n\n/**\n * Create a new organization and add the caller as a member with the given\n * role. Generates a per-org A2A secret for cross-app delegation and writes\n * the caller's `active-org-id` user-setting so the new org is immediately\n * active.\n *\n */\nexport async function createOrganization(\n name: string,\n email: string,\n role: OrgRole = \"owner\",\n): Promise<{\n id: string;\n name: string;\n role: OrgRole;\n a2aSecret: string;\n createdAt: number;\n}> {\n const trimmedName = name.trim();\n const exec = getDbExec();\n const id = nanoid();\n const createdAt = Date.now();\n const { randomBytes } = await import(\"node:crypto\");\n const a2aSecret = randomBytes(32).toString(\"base64url\");\n\n await exec.execute({\n sql: `INSERT INTO organizations (id, name, created_by, created_at, a2a_secret) VALUES (?, ?, ?, ?, ?)`,\n args: [id, trimmedName, email, createdAt, a2aSecret],\n });\n\n await exec.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n args: [nanoid(), id, email, role, createdAt],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId: id });\n\n return { id, name: trimmedName, role, a2aSecret, createdAt };\n}\n\nfunction defaultOrgName(\n email: string,\n session: { name?: string } | null,\n): string {\n const full = session?.name?.trim();\n if (full) return `${full}'s workspace`;\n const local = email.split(\"@\")[0] ?? email;\n const cleaned = local.replace(/[._-]+/g, \" \").trim();\n const titled =\n cleaned\n .split(\" \")\n .filter(Boolean)\n .map((w) => w.charAt(0).toUpperCase() + w.slice(1))\n .join(\" \") || \"My\";\n return `${titled}'s workspace`;\n}\n\n/**\n * Check whether the user has a pending invitation. If so, auto-create\n * MUST be skipped — otherwise we'd provision a personal org for them\n * before they ever see the inviter's org in the RequireActiveOrg\n * accept-invite pane, and they'd never join the team that invited them.\n */\nasync function hasPendingInvitation(\n exec: ReturnType<typeof getDbExec>,\n email: string,\n): Promise<boolean> {\n try {\n const { rows } = await exec.execute({\n sql: `SELECT 1 FROM org_invitations WHERE LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [email.toLowerCase()],\n });\n return rows.length > 0;\n } catch {\n // If we can't tell, err on the side of NOT auto-creating — the\n // RequireActiveOrg client guard will surface the situation.\n return true;\n }\n}\n\nasync function hasDomainMatch(\n exec: ReturnType<typeof getDbExec>,\n email: string,\n): Promise<boolean> {\n try {\n const domain = email.split(\"@\")[1]?.toLowerCase();\n if (!domain) return false;\n const { rows } = await exec.execute({\n sql: `SELECT 1 FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [domain],\n });\n return rows.length > 0;\n } catch {\n return false;\n }\n}\n\n/** Stale-claim threshold. A claim row this old is treated as abandoned\n * (process crashed, DELETE failed, etc.) and a new caller may take it\n * over. Long enough that two genuine concurrent first-loads don't\n * trample each other (those settle in milliseconds), short enough that\n * a stuck user recovers on their next navigation. */\nconst CLAIM_TTL_MS = 5 * 60 * 1000;\n\n/**\n * Attempt to provision a default org + owner membership for a user with\n * zero memberships.\n *\n * Race protection: claims the user's auto-create slot via an atomic\n * INSERT into the framework `settings` table (PRIMARY KEY (key) — so\n * concurrent inserts for the same key throw uniqueness violations on\n * both SQLite and Postgres). Only the request that wins the claim\n * proceeds to create the org; losers bail. By the time a losing\n * request retries on a subsequent navigation, the winner's org is in\n * `org_members` and the auto-create branch is skipped entirely.\n *\n * Stuck-state recovery: a stale claim (held longer than CLAIM_TTL_MS)\n * is reclaimed automatically. So even if the DELETE on the failure\n * path fails (network blip, DB error), the user isn't stranded — the\n * next request after the TTL elapses retries cleanly.\n *\n * Returns null on any failure so the caller can fall back to the\n * empty-context / client-guard path.\n */\nasync function tryCreateDefaultOrg(\n exec: ReturnType<typeof getDbExec>,\n email: string,\n session: { name?: string } | null,\n): Promise<OrgContext | null> {\n // Make sure the framework `settings` table exists before we use it as\n // a claim primitive. getSetting() ensures the table on first call.\n await getSetting(\"__init\").catch(() => null);\n\n const claimKey = `u:${email.toLowerCase()}:auto-create-claim`;\n\n if (!(await acquireClaim(exec, claimKey))) return null;\n\n // Pending-invite check happens INSIDE the claim so the window where a\n // newly-arrived invitation can be missed is narrowed to a single SQL\n // round-trip. (A still-narrower window would require a transaction\n // spanning org_invitations and settings — out of scope.)\n if (await hasPendingInvitation(exec, email)) {\n await releaseClaim(exec, claimKey);\n return null;\n }\n\n if (await hasDomainMatch(exec, email)) {\n await releaseClaim(exec, claimKey);\n return null;\n }\n\n try {\n const orgId = nanoid();\n const orgName = defaultOrgName(email, session);\n const now = Date.now();\n\n await exec.execute({\n sql: `INSERT INTO organizations (id, name, created_by, created_at) VALUES (?, ?, ?, ?)`,\n args: [orgId, orgName, email, now],\n });\n await exec.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n args: [nanoid(), orgId, email, \"owner\", now],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n return { email, orgId, orgName, role: \"owner\" };\n } catch {\n await releaseClaim(exec, claimKey);\n return null;\n }\n}\n\nasync function acquireClaim(\n exec: ReturnType<typeof getDbExec>,\n claimKey: string,\n): Promise<boolean> {\n const now = Date.now();\n try {\n await exec.execute({\n sql: `INSERT INTO settings (key, value, updated_at) VALUES (?, ?, ?)`,\n args: [claimKey, JSON.stringify({ at: now }), now],\n });\n return true;\n } catch {\n // Conflict — someone else's claim is already in the row. If it's\n // stale (older than CLAIM_TTL_MS) we take it over.\n //\n // CRITICAL: this MUST be a single atomic UPDATE guarded on\n // `updated_at <= staleThreshold`. A read-then-DELETE-then-INSERT\n // sequence lets two concurrent reclaimers each observe the stale\n // timestamp, delete each other's fresh claim, and both think they\n // won — duplicating org creation. The conditional UPDATE matches\n // each stale row at most once: only the first writer sees\n // rowsAffected === 1; the row's updated_at is now `now`, so any\n // subsequent UPDATE no longer satisfies `updated_at <= staleThreshold`\n // and matches zero rows.\n const staleThreshold = now - CLAIM_TTL_MS;\n const result = (await exec.execute({\n sql: `UPDATE settings SET value = ?, updated_at = ? WHERE key = ? AND updated_at <= ?`,\n args: [JSON.stringify({ at: now }), now, claimKey, staleThreshold],\n })) as { rowsAffected?: number };\n return (result.rowsAffected ?? 0) > 0;\n }\n}\n\nasync function releaseClaim(\n exec: ReturnType<typeof getDbExec>,\n claimKey: string,\n): Promise<void> {\n // Best-effort. If this fails (transient network/DB error), the\n // CLAIM_TTL_MS-based takeover in acquireClaim recovers automatically\n // on a future request — no permanent stuck state.\n await exec\n .execute({ sql: `DELETE FROM settings WHERE key = ?`, args: [claimKey] })\n .catch(() => {});\n}\n\n/**\n * Look up the `allowed_domain` for an org by its ID.\n * Used when making outbound A2A calls so the JWT includes the\n * caller's org domain for cross-app org resolution.\n */\nexport async function getOrgDomain(orgId: string): Promise<string | null> {\n try {\n const exec = getDbExec();\n const { rows } = await exec.execute({\n sql: `SELECT allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [orgId],\n });\n if (!rows[0]) return null;\n const domain = String((rows[0] as any).allowed_domain || \"\");\n return domain || null;\n } catch {\n return null;\n }\n}\n\n/**\n * Look up the org's A2A secret by org ID.\n * Used when making outbound A2A calls so the JWT is signed with the\n * org-specific secret rather than the global A2A_SECRET env var.\n */\nexport async function getOrgA2ASecret(orgId: string): Promise<string | null> {\n try {\n const exec = getDbExec();\n const { rows } = await exec.execute({\n sql: `SELECT a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [orgId],\n });\n if (!rows[0]) return null;\n const secret = String((rows[0] as any).a2a_secret || \"\");\n return secret || null;\n } catch {\n return null;\n }\n}\n\n/**\n * Look up an org's A2A secret by its `allowed_domain`.\n * Used on the A2A receiving side: the caller's JWT includes `org_domain`,\n * and the receiver looks up which local org matches that domain to find\n * the secret used to verify the JWT signature.\n */\nexport async function getA2ASecretByDomain(\n domain: string,\n): Promise<string | null> {\n try {\n const exec = getDbExec();\n const { rows } = await exec.execute({\n sql: `SELECT a2a_secret FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [domain.toLowerCase()],\n });\n if (!rows[0]) return null;\n const secret = String((rows[0] as any).a2a_secret || \"\");\n return secret || null;\n } catch {\n return null;\n }\n}\n\n/**\n * Resolve a local org by its `allowed_domain`.\n * Used on the A2A receiving side: the caller sends `org_domain` in the JWT,\n * and the receiver looks up which local org matches that domain.\n */\nexport async function resolveOrgByDomain(\n domain: string,\n): Promise<{ orgId: string; orgName: string } | null> {\n try {\n const exec = getDbExec();\n const { rows } = await exec.execute({\n sql: `SELECT id, name FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [domain.toLowerCase()],\n });\n if (!rows[0]) return null;\n return {\n orgId: String((rows[0] as any).id),\n orgName: String((rows[0] as any).name),\n };\n } catch {\n return null;\n }\n}\n"]}
1
+ {"version":3,"file":"context.js","sourceRoot":"","sources":["../../src/org/context.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9E,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAClD,OAAO,EAAE,0BAA0B,EAAE,MAAM,uBAAuB,CAAC;AAGnE,MAAM,aAAa,GAAe;IAChC,KAAK,EAAE,EAAE;IACT,KAAK,EAAE,IAAI;IACX,OAAO,EAAE,IAAI;IACb,IAAI,EAAE,IAAI;CACX,CAAC;AAEF,SAAS,gBAAgB,CAAC,KAAc;IACtC,OAAO,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,QAAQ;QACjE,CAAC,CAAC,KAAK;QACP,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,SAAS,yBAAyB,CAChC,UAA+B,EAC/B,KAAa,EACb,OAAiC;IAEjC,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAEhE;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAc;IAChD,6EAA6E;IAC7E,wEAAwE;IACxE,MAAM,GAAG,GAAG,KAAK,CAAC,OAEjB,CAAC;IACF,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,yBAAyB,CAAC,KAAK,CAAC,CAAC,CAAC;AACxE,CAAC;AAED,KAAK,UAAU,yBAAyB,CAAC,KAAc;IACrD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,OAAO,aAAa,CAAC;IACjC,MAAM,YAAY,GAChB,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE;QACvD,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE;QACtB,CAAC,CAAC,IAAI,CAAC;IACX,MAAM,cAAc,GAAG,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEzD,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IAEzB,IAAI,WAAW,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACrD,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;QACzB,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO;gBACL,KAAK;gBACL,KAAK,EAAE,YAAY;gBACnB,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,cAAc;aACrB,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC3D,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,gBAAgB,GAAG,CAAC,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,CAE9D,CAAC;QACT,IAAI,gBAAgB,EAAE,KAAK,EAAE,CAAC;YAC5B,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAC7B,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,gBAAgB,CAAC,KAAK,CAC1C,CAAC;YACF,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;oBACL,KAAK;oBACL,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;iBAClB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,iBAAiB,GAAG,YAAY;QACpC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC;IACT,MAAM,uBAAuB,GAC3B,WAAW,CAAC,MAAM,KAAK,CAAC;QACxB,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;YACvB,yBAAyB,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;IAE/D,IAAI,uBAAuB,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,0BAA0B,CAAC,KAAK,EAAE;YACrD,iBAAiB,EAAE,QAAQ;SAC5B,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACrD,IAAI,SAAS,KAAK,IAAI;gBAAE,WAAW,GAAG,SAAS,CAAC;QAClD,CAAC;QAED,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,WAAW,CAAC,CAAC;YACvE,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO;oBACL,KAAK;oBACL,KAAK,EAAE,MAAM,CAAC,KAAK;oBACnB,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;iBAClB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,MAAM,GACV,iBAAiB,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,YAAY,CAAC,CAAC;QACzE,IAAI,MAAM,EAAE,CAAC;YACX,OAAO;gBACL,KAAK;gBACL,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,MAAM,CAAC,IAAI;aAClB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK;YACL,KAAK,EAAE,YAAY;YACnB,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,cAAc;SACrB,CAAC;IACJ,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,CAAC;QACpE,MAAM,OAAO,GAAG,MAAM,mBAAmB,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;QAChE,IAAI,OAAO;YAAE,OAAO,OAAO,CAAC;QAC5B,8DAA8D;QAC9D,iDAAiD;IACnD,CAAC;IAED,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IAC3D,CAAC;IAED,OAAO;QACL,KAAK;QACL,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK;QAC3B,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,OAAO;QAC/B,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI;KAC1B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,IAAkC,EAClC,KAAa;IAMb,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE;;;qCAG0B;YAC/B,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;SAC5B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;YAC3B,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;YAClC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,CAAY;YAC/B,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC;SACzC,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;QACnE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAa;IAEb,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IACzB,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,uDAAuD;YAC5D,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;SAC5B,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC;QACnD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,gBAAgB,GAAG,CAAC,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,CAAC,CAE9D,CAAC;QACT,IAAI,gBAAgB,EAAE,KAAK,IAAI,GAAG,CAAC,QAAQ,CAAC,gBAAgB,CAAC,KAAK,CAAC,EAAE,CAAC;YACpE,OAAO,gBAAgB,CAAC,KAAK,CAAC;QAChC,CAAC;QACD,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAY,EACZ,KAAa,EACb,OAAgB,OAAO;IAQvB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;IACzB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IACpB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAExD,MAAM,IAAI,CAAC,OAAO,CAAC;QACjB,GAAG,EAAE,iGAAiG;QACtG,IAAI,EAAE,CAAC,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,CAAC;KACrD,CAAC,CAAC;IAEH,MAAM,IAAI,CAAC,OAAO,CAAC;QACjB,GAAG,EAAE,qFAAqF;QAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC;KAC7C,CAAC,CAAC;IAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;IAE5D,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;AAC/D,CAAC;AAED,SAAS,cAAc,CACrB,KAAa,EACb,OAAiC;IAEjC,MAAM,IAAI,GAAG,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACnC,IAAI,IAAI;QAAE,OAAO,GAAG,IAAI,cAAc,CAAC;IACvC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrD,MAAM,MAAM,GACV,OAAO;SACJ,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACvB,OAAO,GAAG,MAAM,cAAc,CAAC;AACjC,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB,CACjC,IAAkC,EAClC,KAAa;IAEb,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,qFAAqF;YAC1F,IAAI,EAAE,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC;SAC5B,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;QAC/D,4DAA4D;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,IAAkC,EAClC,KAAa;IAEb,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,CAAC;QAClD,IAAI,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QAC1B,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,qEAAqE;YAC1E,IAAI,EAAE,CAAC,MAAM,CAAC;SACf,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;sDAIsD;AACtD,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEnC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,KAAK,UAAU,mBAAmB,CAChC,IAAkC,EAClC,KAAa,EACb,OAAiC;IAEjC,sEAAsE;IACtE,mEAAmE;IACnE,MAAM,UAAU,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAE7C,MAAM,QAAQ,GAAG,KAAK,KAAK,CAAC,WAAW,EAAE,oBAAoB,CAAC;IAE9D,IAAI,CAAC,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvD,sEAAsE;IACtE,qEAAqE;IACrE,mEAAmE;IACnE,yDAAyD;IACzD,IAAI,MAAM,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,MAAM,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC;QACtC,MAAM,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC;QACvB,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,IAAI,CAAC,OAAO,CAAC;YACjB,GAAG,EAAE,kFAAkF;YACvF,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC;SACnC,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,OAAO,CAAC;YACjB,GAAG,EAAE,qFAAqF;YAC1F,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC;SAC7C,CAAC,CAAC;QAEH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAExD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;IAClD,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,IAAkC,EAClC,QAAgB;IAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,IAAI,CAAC,OAAO,CAAC;YACjB,GAAG,EAAE,gEAAgE;YACrE,IAAI,EAAE,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,CAAC;SACnD,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,iEAAiE;QACjE,mDAAmD;QACnD,EAAE;QACF,2DAA2D;QAC3D,iEAAiE;QACjE,iEAAiE;QACjE,kEAAkE;QAClE,iEAAiE;QACjE,0DAA0D;QAC1D,gEAAgE;QAChE,uEAAuE;QACvE,yBAAyB;QACzB,MAAM,cAAc,GAAG,GAAG,GAAG,YAAY,CAAC;QAC1C,MAAM,MAAM,GAAG,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC;YACjC,GAAG,EAAE,iFAAiF;YACtF,IAAI,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,cAAc,CAAC;SACnE,CAAC,CAA8B,CAAC;QACjC,OAAO,CAAC,MAAM,CAAC,YAAY,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,IAAkC,EAClC,QAAgB;IAEhB,+DAA+D;IAC/D,qEAAqE;IACrE,kDAAkD;IAClD,MAAM,IAAI;SACP,OAAO,CAAC,EAAE,GAAG,EAAE,oCAAoC,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC;SACxE,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AACrB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAa;IAC9C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,+DAA+D;YACpE,IAAI,EAAE,CAAC,KAAK,CAAC;SACd,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC;QAC7D,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,KAAa;IACjD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,2DAA2D;YAChE,IAAI,EAAE,CAAC,KAAK,CAAC;SACd,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACzD,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,8EAA8E;YACnF,IAAI,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,MAAM,GAAG,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC;QACzD,OAAO,MAAM,IAAI,IAAI,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,SAAS,EAAE,CAAC;QACzB,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,4EAA4E;YACjF,IAAI,EAAE,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,OAAO;YACL,KAAK,EAAE,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,EAAE,CAAC;YAClC,OAAO,EAAE,MAAM,CAAE,IAAI,CAAC,CAAC,CAAS,CAAC,IAAI,CAAC;SACvC,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["import type { H3Event } from \"h3\";\nimport { getSession } from \"../server/auth.js\";\nimport { getUserSetting, putUserSetting } from \"../settings/user-settings.js\";\nimport { getDbExec } from \"../db/client.js\";\nimport { getSetting } from \"../settings/store.js\";\nimport { autoJoinDomainMatchingOrgs } from \"./auto-join-domain.js\";\nimport type { OrgContext, OrgRole } from \"./types.js\";\n\nconst EMPTY_CONTEXT: OrgContext = {\n email: \"\",\n orgId: null,\n orgName: null,\n role: null,\n};\n\nfunction normalizeOrgRole(value: unknown): OrgRole | null {\n return value === \"owner\" || value === \"admin\" || value === \"member\"\n ? value\n : null;\n}\n\nfunction isLikelyPersonalWorkspace(\n membership: { orgName: string },\n email: string,\n session: { name?: string } | null,\n): boolean {\n return membership.orgName.trim() === defaultOrgName(email, session);\n}\n\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\n\n/**\n * Resolve the current user's organization context from their session.\n *\n * - For users in multiple orgs, honors their `active-org-id` user setting.\n * - Falls back to the user's first membership.\n * - When `AUTO_CREATE_DEFAULT_ORG` is set and the authenticated user has\n * zero memberships, provisions a default org named after the user\n * ({name}'s workspace, falling back to the email local-part). Opt-in\n * per deployment so templates that don't use orgs don't accrue phantom\n * default orgs in their DB. The <RequireActiveOrg> client guard remains\n * the safety net for pre-existing accounts or provisioning failures.\n *\n * Per-request memoized on `event.context` — mirrors the `getSession`\n * pattern so multiple callers in the same request (e.g. ssr-handler +\n * a loader) share a single org_members round trip.\n */\nexport async function getOrgContext(event: H3Event): Promise<OrgContext> {\n // Per-request memoization. Multiple call sites per request (action wrappers,\n // SSR handler, loaders) must not each pay a separate org_members query.\n const ctx = event.context as {\n __anOrgContextCache?: Promise<OrgContext>;\n };\n return (ctx.__anOrgContextCache ??= resolveOrgContextUncached(event));\n}\n\nasync function resolveOrgContextUncached(event: H3Event): Promise<OrgContext> {\n const session = await getSession(event);\n const email = session?.email;\n if (!email) return EMPTY_CONTEXT;\n const sessionOrgId =\n typeof session.orgId === \"string\" && session.orgId.trim()\n ? session.orgId.trim()\n : null;\n const sessionOrgRole = normalizeOrgRole(session.orgRole);\n\n const exec = getDbExec();\n\n let memberships = await loadMemberships(exec, email);\n if (memberships === null) {\n if (sessionOrgId) {\n return {\n email,\n orgId: sessionOrgId,\n orgName: null,\n role: sessionOrgRole,\n };\n }\n return { email, orgId: null, orgName: null, role: null };\n }\n\n if (memberships.length > 1) {\n const activeOrgSetting = (await getUserSetting(email, \"active-org-id\")) as {\n orgId: string;\n } | null;\n if (activeOrgSetting?.orgId) {\n const active = memberships.find(\n (m) => m.orgId === activeOrgSetting.orgId,\n );\n if (active) {\n return {\n email,\n orgId: active.orgId,\n orgName: active.orgName,\n role: active.role,\n };\n }\n }\n }\n\n const sessionMembership = sessionOrgId\n ? memberships.find((m) => m.orgId === sessionOrgId)\n : null;\n const shouldTryDomainAutoJoin =\n memberships.length === 0 ||\n (memberships.length === 1 &&\n isLikelyPersonalWorkspace(memberships[0], email, session));\n\n if (shouldTryDomainAutoJoin) {\n const joined = await autoJoinDomainMatchingOrgs(email, {\n activateJoinedOrg: \"always\",\n });\n if (joined.joined.length > 0) {\n const refreshed = await loadMemberships(exec, email);\n if (refreshed !== null) memberships = refreshed;\n }\n\n if (joined.activeOrgId) {\n const active = memberships.find((m) => m.orgId === joined.activeOrgId);\n if (active) {\n return {\n email,\n orgId: active.orgId,\n orgName: active.orgName,\n role: active.role,\n };\n }\n }\n }\n\n if (sessionOrgId) {\n const active =\n sessionMembership ?? memberships.find((m) => m.orgId === sessionOrgId);\n if (active) {\n return {\n email,\n orgId: active.orgId,\n orgName: active.orgName,\n role: active.role,\n };\n }\n return {\n email,\n orgId: sessionOrgId,\n orgName: null,\n role: sessionOrgRole,\n };\n }\n\n if (memberships.length === 0 && process.env.AUTO_CREATE_DEFAULT_ORG) {\n const created = await tryCreateDefaultOrg(exec, email, session);\n if (created) return created;\n // Creation failed (race / DB error); fall through and let the\n // RequireActiveOrg client guard prompt the user.\n }\n\n if (memberships.length === 0) {\n return { email, orgId: null, orgName: null, role: null };\n }\n\n return {\n email,\n orgId: memberships[0].orgId,\n orgName: memberships[0].orgName,\n role: memberships[0].role,\n };\n}\n\nasync function loadMemberships(\n exec: ReturnType<typeof getDbExec>,\n email: string,\n): Promise<Array<{\n orgId: string;\n role: OrgRole;\n orgName: string;\n}> | null> {\n try {\n const { rows } = await exec.execute({\n sql: `SELECT m.org_id AS \"orgId\", m.role AS role, o.name AS \"orgName\"\n FROM org_members m\n INNER JOIN organizations o ON m.org_id = o.id\n WHERE LOWER(m.email) = ?`,\n args: [email.toLowerCase()],\n });\n return rows.map((r: any) => ({\n orgId: String(r.orgId ?? r.org_id),\n role: String(r.role) as OrgRole,\n orgName: String(r.orgName ?? r.org_name),\n }));\n } catch {\n // Tables may not exist yet on first boot before migrations finish.\n return null;\n }\n}\n\n/**\n * Resolve the active org ID for a given email — for non-HTTP contexts like\n * the integration webhook handler where we have an email but no event/session.\n * Picks the user's active-org-id setting if set, otherwise the first membership.\n * Returns null if the user has no memberships.\n */\nexport async function resolveOrgIdForEmail(\n email: string,\n): Promise<string | null> {\n const exec = getDbExec();\n if (!exec) return null;\n try {\n const { rows } = await exec.execute({\n sql: `SELECT org_id FROM org_members WHERE LOWER(email) = ?`,\n args: [email.toLowerCase()],\n });\n if (rows.length === 0) return null;\n const ids = rows.map((r: any) => String(r.org_id));\n if (ids.length === 1) return ids[0];\n const activeOrgSetting = (await getUserSetting(email, \"active-org-id\")) as {\n orgId: string;\n } | null;\n if (activeOrgSetting?.orgId && ids.includes(activeOrgSetting.orgId)) {\n return activeOrgSetting.orgId;\n }\n return ids[0];\n } catch {\n return null;\n }\n}\n\n/**\n * Create a new organization and add the caller as a member with the given\n * role. Generates a per-org A2A secret for cross-app delegation and writes\n * the caller's `active-org-id` user-setting so the new org is immediately\n * active.\n *\n */\nexport async function createOrganization(\n name: string,\n email: string,\n role: OrgRole = \"owner\",\n): Promise<{\n id: string;\n name: string;\n role: OrgRole;\n a2aSecret: string;\n createdAt: number;\n}> {\n const trimmedName = name.trim();\n const exec = getDbExec();\n const id = nanoid();\n const createdAt = Date.now();\n const { randomBytes } = await import(\"node:crypto\");\n const a2aSecret = randomBytes(32).toString(\"base64url\");\n\n await exec.execute({\n sql: `INSERT INTO organizations (id, name, created_by, created_at, a2a_secret) VALUES (?, ?, ?, ?, ?)`,\n args: [id, trimmedName, email, createdAt, a2aSecret],\n });\n\n await exec.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n args: [nanoid(), id, email, role, createdAt],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId: id });\n\n return { id, name: trimmedName, role, a2aSecret, createdAt };\n}\n\nfunction defaultOrgName(\n email: string,\n session: { name?: string } | null,\n): string {\n const full = session?.name?.trim();\n if (full) return `${full}'s workspace`;\n const local = email.split(\"@\")[0] ?? email;\n const cleaned = local.replace(/[._-]+/g, \" \").trim();\n const titled =\n cleaned\n .split(\" \")\n .filter(Boolean)\n .map((w) => w.charAt(0).toUpperCase() + w.slice(1))\n .join(\" \") || \"My\";\n return `${titled}'s workspace`;\n}\n\n/**\n * Check whether the user has a pending invitation. If so, auto-create\n * MUST be skipped — otherwise we'd provision a personal org for them\n * before they ever see the inviter's org in the RequireActiveOrg\n * accept-invite pane, and they'd never join the team that invited them.\n */\nasync function hasPendingInvitation(\n exec: ReturnType<typeof getDbExec>,\n email: string,\n): Promise<boolean> {\n try {\n const { rows } = await exec.execute({\n sql: `SELECT 1 FROM org_invitations WHERE LOWER(email) = ? AND status = 'pending' LIMIT 1`,\n args: [email.toLowerCase()],\n });\n return rows.length > 0;\n } catch {\n // If we can't tell, err on the side of NOT auto-creating — the\n // RequireActiveOrg client guard will surface the situation.\n return true;\n }\n}\n\nasync function hasDomainMatch(\n exec: ReturnType<typeof getDbExec>,\n email: string,\n): Promise<boolean> {\n try {\n const domain = email.split(\"@\")[1]?.toLowerCase();\n if (!domain) return false;\n const { rows } = await exec.execute({\n sql: `SELECT 1 FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [domain],\n });\n return rows.length > 0;\n } catch {\n return false;\n }\n}\n\n/** Stale-claim threshold. A claim row this old is treated as abandoned\n * (process crashed, DELETE failed, etc.) and a new caller may take it\n * over. Long enough that two genuine concurrent first-loads don't\n * trample each other (those settle in milliseconds), short enough that\n * a stuck user recovers on their next navigation. */\nconst CLAIM_TTL_MS = 5 * 60 * 1000;\n\n/**\n * Attempt to provision a default org + owner membership for a user with\n * zero memberships.\n *\n * Race protection: claims the user's auto-create slot via an atomic\n * INSERT into the framework `settings` table (PRIMARY KEY (key) — so\n * concurrent inserts for the same key throw uniqueness violations on\n * both SQLite and Postgres). Only the request that wins the claim\n * proceeds to create the org; losers bail. By the time a losing\n * request retries on a subsequent navigation, the winner's org is in\n * `org_members` and the auto-create branch is skipped entirely.\n *\n * Stuck-state recovery: a stale claim (held longer than CLAIM_TTL_MS)\n * is reclaimed automatically. So even if the DELETE on the failure\n * path fails (network blip, DB error), the user isn't stranded — the\n * next request after the TTL elapses retries cleanly.\n *\n * Returns null on any failure so the caller can fall back to the\n * empty-context / client-guard path.\n */\nasync function tryCreateDefaultOrg(\n exec: ReturnType<typeof getDbExec>,\n email: string,\n session: { name?: string } | null,\n): Promise<OrgContext | null> {\n // Make sure the framework `settings` table exists before we use it as\n // a claim primitive. getSetting() ensures the table on first call.\n await getSetting(\"__init\").catch(() => null);\n\n const claimKey = `u:${email.toLowerCase()}:auto-create-claim`;\n\n if (!(await acquireClaim(exec, claimKey))) return null;\n\n // Pending-invite check happens INSIDE the claim so the window where a\n // newly-arrived invitation can be missed is narrowed to a single SQL\n // round-trip. (A still-narrower window would require a transaction\n // spanning org_invitations and settings — out of scope.)\n if (await hasPendingInvitation(exec, email)) {\n await releaseClaim(exec, claimKey);\n return null;\n }\n\n if (await hasDomainMatch(exec, email)) {\n await releaseClaim(exec, claimKey);\n return null;\n }\n\n try {\n const orgId = nanoid();\n const orgName = defaultOrgName(email, session);\n const now = Date.now();\n\n await exec.execute({\n sql: `INSERT INTO organizations (id, name, created_by, created_at) VALUES (?, ?, ?, ?)`,\n args: [orgId, orgName, email, now],\n });\n await exec.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, ?, ?)`,\n args: [nanoid(), orgId, email, \"owner\", now],\n });\n\n await putUserSetting(email, \"active-org-id\", { orgId });\n\n return { email, orgId, orgName, role: \"owner\" };\n } catch {\n await releaseClaim(exec, claimKey);\n return null;\n }\n}\n\nasync function acquireClaim(\n exec: ReturnType<typeof getDbExec>,\n claimKey: string,\n): Promise<boolean> {\n const now = Date.now();\n try {\n await exec.execute({\n sql: `INSERT INTO settings (key, value, updated_at) VALUES (?, ?, ?)`,\n args: [claimKey, JSON.stringify({ at: now }), now],\n });\n return true;\n } catch {\n // Conflict — someone else's claim is already in the row. If it's\n // stale (older than CLAIM_TTL_MS) we take it over.\n //\n // CRITICAL: this MUST be a single atomic UPDATE guarded on\n // `updated_at <= staleThreshold`. A read-then-DELETE-then-INSERT\n // sequence lets two concurrent reclaimers each observe the stale\n // timestamp, delete each other's fresh claim, and both think they\n // won — duplicating org creation. The conditional UPDATE matches\n // each stale row at most once: only the first writer sees\n // rowsAffected === 1; the row's updated_at is now `now`, so any\n // subsequent UPDATE no longer satisfies `updated_at <= staleThreshold`\n // and matches zero rows.\n const staleThreshold = now - CLAIM_TTL_MS;\n const result = (await exec.execute({\n sql: `UPDATE settings SET value = ?, updated_at = ? WHERE key = ? AND updated_at <= ?`,\n args: [JSON.stringify({ at: now }), now, claimKey, staleThreshold],\n })) as { rowsAffected?: number };\n return (result.rowsAffected ?? 0) > 0;\n }\n}\n\nasync function releaseClaim(\n exec: ReturnType<typeof getDbExec>,\n claimKey: string,\n): Promise<void> {\n // Best-effort. If this fails (transient network/DB error), the\n // CLAIM_TTL_MS-based takeover in acquireClaim recovers automatically\n // on a future request — no permanent stuck state.\n await exec\n .execute({ sql: `DELETE FROM settings WHERE key = ?`, args: [claimKey] })\n .catch(() => {});\n}\n\n/**\n * Look up the `allowed_domain` for an org by its ID.\n * Used when making outbound A2A calls so the JWT includes the\n * caller's org domain for cross-app org resolution.\n */\nexport async function getOrgDomain(orgId: string): Promise<string | null> {\n try {\n const exec = getDbExec();\n const { rows } = await exec.execute({\n sql: `SELECT allowed_domain FROM organizations WHERE id = ? LIMIT 1`,\n args: [orgId],\n });\n if (!rows[0]) return null;\n const domain = String((rows[0] as any).allowed_domain || \"\");\n return domain || null;\n } catch {\n return null;\n }\n}\n\n/**\n * Look up the org's A2A secret by org ID.\n * Used when making outbound A2A calls so the JWT is signed with the\n * org-specific secret rather than the global A2A_SECRET env var.\n */\nexport async function getOrgA2ASecret(orgId: string): Promise<string | null> {\n try {\n const exec = getDbExec();\n const { rows } = await exec.execute({\n sql: `SELECT a2a_secret FROM organizations WHERE id = ? LIMIT 1`,\n args: [orgId],\n });\n if (!rows[0]) return null;\n const secret = String((rows[0] as any).a2a_secret || \"\");\n return secret || null;\n } catch {\n return null;\n }\n}\n\n/**\n * Look up an org's A2A secret by its `allowed_domain`.\n * Used on the A2A receiving side: the caller's JWT includes `org_domain`,\n * and the receiver looks up which local org matches that domain to find\n * the secret used to verify the JWT signature.\n */\nexport async function getA2ASecretByDomain(\n domain: string,\n): Promise<string | null> {\n try {\n const exec = getDbExec();\n const { rows } = await exec.execute({\n sql: `SELECT a2a_secret FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [domain.toLowerCase()],\n });\n if (!rows[0]) return null;\n const secret = String((rows[0] as any).a2a_secret || \"\");\n return secret || null;\n } catch {\n return null;\n }\n}\n\n/**\n * Resolve a local org by its `allowed_domain`.\n * Used on the A2A receiving side: the caller sends `org_domain` in the JWT,\n * and the receiver looks up which local org matches that domain.\n */\nexport async function resolveOrgByDomain(\n domain: string,\n): Promise<{ orgId: string; orgName: string } | null> {\n try {\n const exec = getDbExec();\n const { rows } = await exec.execute({\n sql: `SELECT id, name FROM organizations WHERE LOWER(allowed_domain) = ? LIMIT 1`,\n args: [domain.toLowerCase()],\n });\n if (!rows[0]) return null;\n return {\n orgId: String((rows[0] as any).id),\n orgName: String((rows[0] as any).name),\n };\n } catch {\n return null;\n }\n}\n"]}
package/dist/org/migrations.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../../src/org/migrations.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,eAAO,MAAM,cAAc;;;GAoD1B,CAAC"}
1
+ {"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../../src/org/migrations.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,eAAO,MAAM,cAAc;;;GA0D1B,CAAC"}
package/dist/org/migrations.js CHANGED
@@ -55,5 +55,11 @@ export const ORG_MIGRATIONS = [
55
55
  version: 1007,
56
56
  sql: `CREATE INDEX IF NOT EXISTS org_members_lower_email_idx ON org_members (LOWER(email))`,
57
57
  },
58
+ {
59
+ // Domain join and org resolution query `LOWER(allowed_domain)`.
60
+ // Keep that opt-in lookup indexed before it appears on any request path.
61
+ version: 1008,
62
+ sql: `CREATE INDEX IF NOT EXISTS organizations_lower_allowed_domain_idx ON organizations (LOWER(allowed_domain))`,
63
+ },
58
64
  ];
59
65
  //# sourceMappingURL=migrations.js.map
package/dist/org/migrations.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"migrations.js","sourceRoot":"","sources":["../../src/org/migrations.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE;;;;;MAKH;KACH;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE;;;;;;;MAOH;KACH;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE;;;;;;;MAOH;KACH;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,wEAAwE;KAC9E;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,oEAAoE;KAC1E;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,gEAAgE;KACtE;IACD;QACE,kEAAkE;QAClE,mEAAmE;QACnE,oEAAoE;QACpE,8CAA8C;QAC9C,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,sFAAsF;KAC5F;CACF,CAAC","sourcesContent":["/**\n * Migration definitions for the org module. Versions are namespaced into a high\n * range (1000+) so they don't collide with template-owned migrations sharing\n * the same `_migrations` table.\n */\nexport const ORG_MIGRATIONS = [\n {\n version: 1001,\n sql: `CREATE TABLE IF NOT EXISTS organizations (\n id TEXT PRIMARY KEY,\n name TEXT NOT NULL,\n created_by TEXT NOT NULL,\n created_at INTEGER NOT NULL\n )`,\n },\n {\n version: 1002,\n sql: `CREATE TABLE IF NOT EXISTS org_members (\n id TEXT PRIMARY KEY,\n org_id TEXT NOT NULL,\n email TEXT NOT NULL,\n role TEXT NOT NULL,\n joined_at INTEGER NOT NULL,\n UNIQUE(org_id, email)\n )`,\n },\n {\n version: 1003,\n sql: `CREATE TABLE IF NOT EXISTS org_invitations (\n id TEXT PRIMARY KEY,\n org_id TEXT NOT NULL,\n email TEXT NOT NULL,\n invited_by TEXT NOT NULL,\n created_at INTEGER NOT NULL,\n status TEXT NOT NULL\n )`,\n },\n {\n version: 1004,\n sql: `ALTER TABLE organizations ADD COLUMN IF NOT EXISTS allowed_domain TEXT`,\n },\n {\n version: 1005,\n sql: `ALTER TABLE organizations ADD COLUMN IF NOT EXISTS a2a_secret TEXT`,\n },\n {\n version: 1006,\n sql: `ALTER TABLE org_invitations ADD COLUMN IF NOT EXISTS role TEXT`,\n },\n {\n // Every authenticated request calls `getOrgContext` which queries\n // `WHERE LOWER(m.email) = ?`. Without a supporting index this is a\n // full table scan on every request. A LOWER(email) expression index\n // lets the planner use an index seek instead.\n version: 1007,\n sql: `CREATE INDEX IF NOT EXISTS org_members_lower_email_idx ON org_members (LOWER(email))`,\n },\n];\n"]}
1
+ {"version":3,"file":"migrations.js","sourceRoot":"","sources":["../../src/org/migrations.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE;;;;;MAKH;KACH;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE;;;;;;;MAOH;KACH;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE;;;;;;;MAOH;KACH;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,wEAAwE;KAC9E;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,oEAAoE;KAC1E;IACD;QACE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,gEAAgE;KACtE;IACD;QACE,kEAAkE;QAClE,mEAAmE;QACnE,oEAAoE;QACpE,8CAA8C;QAC9C,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,sFAAsF;KAC5F;IACD;QACE,gEAAgE;QAChE,yEAAyE;QACzE,OAAO,EAAE,IAAI;QACb,GAAG,EAAE,4GAA4G;KAClH;CACF,CAAC","sourcesContent":["/**\n * Migration definitions for the org module. Versions are namespaced into a high\n * range (1000+) so they don't collide with template-owned migrations sharing\n * the same `_migrations` table.\n */\nexport const ORG_MIGRATIONS = [\n {\n version: 1001,\n sql: `CREATE TABLE IF NOT EXISTS organizations (\n id TEXT PRIMARY KEY,\n name TEXT NOT NULL,\n created_by TEXT NOT NULL,\n created_at INTEGER NOT NULL\n )`,\n },\n {\n version: 1002,\n sql: `CREATE TABLE IF NOT EXISTS org_members (\n id TEXT PRIMARY KEY,\n org_id TEXT NOT NULL,\n email TEXT NOT NULL,\n role TEXT NOT NULL,\n joined_at INTEGER NOT NULL,\n UNIQUE(org_id, email)\n )`,\n },\n {\n version: 1003,\n sql: `CREATE TABLE IF NOT EXISTS org_invitations (\n id TEXT PRIMARY KEY,\n org_id TEXT NOT NULL,\n email TEXT NOT NULL,\n invited_by TEXT NOT NULL,\n created_at INTEGER NOT NULL,\n status TEXT NOT NULL\n )`,\n },\n {\n version: 1004,\n sql: `ALTER TABLE organizations ADD COLUMN IF NOT EXISTS allowed_domain TEXT`,\n },\n {\n version: 1005,\n sql: `ALTER TABLE organizations ADD COLUMN IF NOT EXISTS a2a_secret TEXT`,\n },\n {\n version: 1006,\n sql: `ALTER TABLE org_invitations ADD COLUMN IF NOT EXISTS role TEXT`,\n },\n {\n // Every authenticated request calls `getOrgContext` which queries\n // `WHERE LOWER(m.email) = ?`. Without a supporting index this is a\n // full table scan on every request. A LOWER(email) expression index\n // lets the planner use an index seek instead.\n version: 1007,\n sql: `CREATE INDEX IF NOT EXISTS org_members_lower_email_idx ON org_members (LOWER(email))`,\n },\n {\n // Domain join and org resolution query `LOWER(allowed_domain)`.\n // Keep that opt-in lookup indexed before it appears on any request path.\n version: 1008,\n sql: `CREATE INDEX IF NOT EXISTS organizations_lower_allowed_domain_idx ON organizations (LOWER(allowed_domain))`,\n },\n];\n"]}
package/dist/templates/workspace-core/.agents/skills/client-side-routing/SKILL.md CHANGED
@@ -66,6 +66,15 @@ export default function Settings() {
66
66
 
67
67
  If a page needs per-route data (e.g. sidebar highlighting the active document), derive it inside the layout from `useParams()` / `useLocation()` — don't pass it as a prop through every route file.
68
68
 
69
+ ## Chat-First Routes
70
+
71
+ If `/` is a full-page chat such as `AgentChatHome`, keep the app shell mounted
72
+ around it when possible so `AgentSidebar` URL sync and route warmup stay active.
73
+ If the chat route intentionally lives outside the shell, add a tiny app-owned
74
+ prewarm for the routes agents commonly open from that chat. In local dev,
75
+ React Router can update the address bar before a cold Vite route chunk commits,
76
+ which makes navigation look broken even when the URL is correct.
77
+
69
78
  ## Adding a New Route
70
79
 
71
80
  - **Pattern #1** (AppLayout in `root.tsx`): just render page content — nothing else.
package/dist/templates/workspace-core/.agents/skills/context-awareness/SKILL.md CHANGED
@@ -125,6 +125,15 @@ await writeAppState("navigate", { view: "inbox", threadId: "abc123" });
125
125
  **UI side** — use `useAgentRouteState`, shown above. It polls command keys,
126
126
  dedupes `_writeId`, deletes consumed commands, and applies app-local routing.
127
127
 
128
+ When a destination has a real URL, let the `navigate` command carry that local
129
+ `path` (plus semantic fields when useful) and have the UI prefer `path` before
130
+ falling back to semantic routing. Keep app navigation single-channel: do not
131
+ also write `__set_url__` for the same navigation. `__set_url__` belongs to the
132
+ framework URL tools (`set-url-path`, `set-search-params`) and URL-only filter
133
+ changes. If a command can arrive while a chat stream is rendering, prefer
134
+ `navigate(path, { replace: true, flushSync: true })` over a view-transition
135
+ wrapper so the URL and visible route commit together.
136
+
128
137
  ## Jitter Prevention
129
138
 
130
139
  When the agent writes to application-state via script helpers (`writeAppState`), the write is tagged with `requestSource: "agent"`. The UI uses the `ignoreSource` option on `useDbSync()` with a per-tab ID so it ignores its own writes while still picking up changes from agents, other tabs, and scripts.
@@ -171,7 +180,7 @@ The mail template demonstrates these patterns working together:
171
180
  - Keep shareable filters in URL query params so `<current-url>` and `set-search-params` work
172
181
  - Update `view-screen` when adding new features — it should return data for every view
173
182
  - Use `useAgentRouteState` or `useSemanticNavigationState` for UI-side navigation sync and command consumption
174
- - Use the one-shot `navigate` command pattern for semantic agent-initiated navigation
183
+ - Use the one-shot `navigate` command pattern for app navigation; include a same-origin `path` when the target URL is known
175
184
  - Tag agent writes with `requestSource: "agent"` (the script helpers do this automatically)
176
185
 
177
186
  ## Don't
@@ -179,6 +188,7 @@ The mail template demonstrates these patterns working together:
179
188
  - Don't assume the user is on a specific page — always check navigation state
180
189
  - Don't hardcode navigation paths in scripts — read the current state and branch
181
190
  - Don't write to the `navigation` key from the agent — it belongs to the UI. Use `navigate` instead.
191
+ - Don't write both `navigate` and `__set_url__` for one app navigation; competing consumers can make the browser URL change before React Router commits the page.
182
192
  - Don't ignore the `<current-screen>` block — it tells you where the user is
183
193
  - Don't duplicate whole URL query strings into `navigation` when `<current-url>` already exposes them
184
194
  - Don't store fetched data in navigation state — it holds IDs and semantic UI state only. The `view-screen` script fetches the actual data.
package/dist/vite/client.d.ts CHANGED
@@ -25,6 +25,7 @@ declare function getReactRouterAliases(cwd: string): Array<{
25
25
  find: RegExp;
26
26
  replacement: string;
27
27
  }>;
28
+ declare function getDefaultOptimizeDeps(cwd: string): string[];
28
29
  export interface NitroOptions {
29
30
  /** Nitro deployment preset (e.g. "node", "vercel", "netlify", "cloudflare_pages"). Default: "node" */
30
31
  preset?: string;
@@ -112,5 +113,5 @@ export declare function isFrameworkDevPath(reqUrl: string, base: string | undefi
112
113
  * Both modes include Nitro for API routes, path aliases, and fs restrictions.
113
114
  */
114
115
  export declare function defineConfig(options?: ClientConfigOptions): UserConfig;
115
- export { getClientDedupe as _getClientDedupe, findCorePackageRoot as _findCorePackageRoot, getReactRouterAliases as _getReactRouterAliases, };
116
+ export { getClientDedupe as _getClientDedupe, getDefaultOptimizeDeps as _getDefaultOptimizeDeps, findCorePackageRoot as _findCorePackageRoot, getReactRouterAliases as _getReactRouterAliases, };
116
117
  //# sourceMappingURL=client.d.ts.map