@agent-native/core 0.7.12 → 0.7.14

package/dist/server/app-name.js

@@ -6,11 +6,15 @@
  * Resolution order:
  *   1. `APP_NAME` env var — explicit override (recommended for prod)
  *   2. `displayName` from the app's package.json
- *   3. Titlecased `name` from package.json
- *   4. `undefined` — caller should degrade gracefully
+ *   3. Titlecased `name` from package.json (only if it matches a known
+ *      first-party template — on serverless runtimes `process.cwd()` may
+ *      point at a bundler-generated package.json with a bogus name)
+ *   4. First-party template label matched by package.json name
+ *   5. `undefined` — caller should degrade gracefully
  */
 import path from "node:path";
 import fs from "node:fs";
+import { TEMPLATES } from "../cli/templates-meta.js";
 let cachedFromPkg = null;
 function readPkg() {
     try {
@@ -34,7 +38,14 @@ export function getAppName() {
     if (cachedFromPkg !== null)
         return cachedFromPkg ?? undefined;
     const pkg = readPkg();
-    const name = pkg?.displayName ?? (pkg?.name ? titlecase(pkg.name) : undefined);
+    let name;
+    if (pkg?.displayName) {
+        name = pkg.displayName;
+    }
+    else if (pkg?.name) {
+        const tmpl = TEMPLATES.find((t) => t.name === pkg.name);
+        name = tmpl ? tmpl.label || titlecase(tmpl.name) : undefined;
+    }
     cachedFromPkg = name ?? undefined;
     return name;
 }

package/dist/server/app-name.js.map

@@ -1 +1 @@
-{"version":3,"file":"app-name.js","sourceRoot":"","sources":["../../src/server/app-name.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AAEzB,IAAI,aAAa,GAA8B,IAAI,CAAC;AAEpD,SAAS,OAAO;IACd,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,OAAO,CAAC;SACL,KAAK,CAAC,SAAS,CAAC;SAChB,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAC3C,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IACtD,IAAI,aAAa,KAAK,IAAI;QAAE,OAAO,aAAa,IAAI,SAAS,CAAC;IAC9D,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,MAAM,IAAI,GACR,GAAG,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACpE,aAAa,GAAG,IAAI,IAAI,SAAS,CAAC;IAClC,OAAO,IAAI,CAAC;AACd,CAAC"}
+{"version":3,"file":"app-name.js","sourceRoot":"","sources":["../../src/server/app-name.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AAErD,IAAI,aAAa,GAA8B,IAAI,CAAC;AAEpD,SAAS,OAAO;IACd,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,CAAS;IAC1B,OAAO,CAAC;SACL,KAAK,CAAC,SAAS,CAAC;SAChB,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAC3C,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED,MAAM,UAAU,UAAU;IACxB,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IACtD,IAAI,aAAa,KAAK,IAAI;QAAE,OAAO,aAAa,IAAI,SAAS,CAAC;IAC9D,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;IACtB,IAAI,IAAwB,CAAC;IAC7B,IAAI,GAAG,EAAE,WAAW,EAAE,CAAC;QACrB,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC;IACzB,CAAC;SAAM,IAAI,GAAG,EAAE,IAAI,EAAE,CAAC;QACrB,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,CAAC;QACxD,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/D,CAAC;IACD,aAAa,GAAG,IAAI,IAAI,SAAS,CAAC;IAClC,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/server/app-url.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app-url.d.ts","sourceRoot":"","sources":["../../src/server/app-url.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAiB,KAAK,OAAO,EAAE,MAAM,IAAI,CAAC;AAyBjD;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,SAAS,CAKzD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CA2B3D"}
+{"version":3,"file":"app-url.d.ts","sourceRoot":"","sources":["../../src/server/app-url.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAiB,KAAK,OAAO,EAAE,MAAM,IAAI,CAAC;AAkCjD;;;;GAIG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,GAAG,SAAS,CAKzD;AAED,wBAAgB,mBAAmB,CAAC,KAAK,CAAC,EAAE,OAAO,GAAG,MAAM,CA2B3D"}

package/dist/server/app-url.js

@@ -19,13 +19,22 @@ import fs from "node:fs";
 import { TEMPLATES } from "../cli/templates-meta.js";
 import { isLocalDatabase } from "../db/client.js";
 let cachedPkgName = null;
+/**
+ * Read the app's package name, validated against the first-party template
+ * registry. On serverless runtimes (Netlify Functions, Cloudflare Workers),
+ * `process.cwd()` may point at a bundler-generated package.json with a
+ * bogus name (e.g. Nitro's "traced-node-modules"). Only trust the name if
+ * it matches a known template.
+ */
 function readPackageName() {
     if (cachedPkgName !== null)
         return cachedPkgName ?? undefined;
     try {
         const pkgPath = path.join(process.cwd(), "package.json");
         const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
-        cachedPkgName = typeof pkg?.name === "string" ? pkg.name : undefined;
+        const name = typeof pkg?.name === "string" ? pkg.name : undefined;
+        const isKnown = name && TEMPLATES.some((t) => t.name === name);
+        cachedPkgName = isKnown ? name : undefined;
     }
     catch {
         cachedPkgName = undefined;

package/dist/server/app-url.js.map

@@ -1 +1 @@
-{"version":3,"file":"app-url.js","sourceRoot":"","sources":["../../src/server/app-url.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAE,aAAa,EAAgB,MAAM,IAAI,CAAC;AACjD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,IAAI,aAAa,GAA8B,IAAI,CAAC;AAEpD,SAAS,eAAe;IACtB,IAAI,aAAa,KAAK,IAAI;QAAE,OAAO,aAAa,IAAI,SAAS,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;QACzD,aAAa,GAAG,OAAO,GAAG,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,GAAG,SAAS,CAAC;IAC5B,CAAC;IACD,OAAO,aAAa,IAAI,SAAS,CAAC;AACpC,CAAC;AAED,+DAA+D;AAC/D,SAAS,kBAAkB,CAAC,CAAS;IACnC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,IAAI,GAAG,eAAe,EAAE,CAAC;IAC/B,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,OAAO,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAe;IACjD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,MAAM;QAAE,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAE9C,wEAAwE;IACxE,wEAAwE;IACxE,8CAA8C;IAC9C,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YACjC,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,uEAAuE;IACvE,qEAAqE;IACrE,wEAAwE;IACxE,oEAAoE;IACpE,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;QAChE,MAAM,UAAU,GAAG,oBAAoB,EAAE,CAAC;QAC1C,IAAI,UAAU;YAAE,OAAO,kBAAkB,CAAC,UAAU,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC"}
+{"version":3,"file":"app-url.js","sourceRoot":"","sources":["../../src/server/app-url.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAE,aAAa,EAAgB,MAAM,IAAI,CAAC;AACjD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,IAAI,aAAa,GAA8B,IAAI,CAAC;AAEpD;;;;;;GAMG;AACH,SAAS,eAAe;IACtB,IAAI,aAAa,KAAK,IAAI;QAAE,OAAO,aAAa,IAAI,SAAS,CAAC;IAC9D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;QACzD,MAAM,IAAI,GAAG,OAAO,GAAG,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAClE,MAAM,OAAO,GAAG,IAAI,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAC/D,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;IAC7C,CAAC;IAAC,MAAM,CAAC;QACP,aAAa,GAAG,SAAS,CAAC;IAC5B,CAAC;IACD,OAAO,aAAa,IAAI,SAAS,CAAC;AACpC,CAAC;AAED,+DAA+D;AAC/D,SAAS,kBAAkB,CAAC,CAAS;IACnC,OAAO,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,IAAI,GAAG,eAAe,EAAE,CAAC;IAC/B,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,OAAO,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAe;IACjD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClE,IAAI,MAAM;QAAE,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAE9C,wEAAwE;IACxE,wEAAwE;IACxE,8CAA8C;IAC9C,IAAI,KAAK,EAAE,CAAC;QACV,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;YACjC,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,uEAAuE;IACvE,qEAAqE;IACrE,wEAAwE;IACxE,oEAAoE;IACpE,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;QAChE,MAAM,UAAU,GAAG,oBAAoB,EAAE,CAAC;QAC1C,IAAI,UAAU;YAAE,OAAO,kBAAkB,CAAC,UAAU,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC"}

package/dist/server/auth.d.ts

@@ -11,6 +11,8 @@ export interface AuthSession {
     email: string;
     userId?: string;
     token?: string;
+    /** Display name from the auth provider, when available (Better Auth user.name). */
+    name?: string;
     /** Active organization ID (from Better Auth organization plugin) */
     orgId?: string;
     /** User's role in the active organization (owner/admin/member) */
@@ -60,6 +62,19 @@ export interface AuthOptions {
     betterAuth?: BetterAuthConfig;
 }
 export declare const COOKIE_NAME: string;
+/**
+ * Validate a `?return=` URL for the /_agent-native/sign-in entrypoint.
+ *
+ * Parses the candidate against a sentinel base origin; any input that
+ * resolves to a different origin (network-path references, absolute URLs,
+ * `data:` / `javascript:` schemes, backslash-bypass tricks WHATWG normalises
+ * to `//`) gets rejected and falls back to "/". Control characters are
+ * stripped up front to defend against header-injection. Returns the
+ * normalised path the parser produced — never the raw input.
+ *
+ * Exported for unit tests.
+ */
+export declare function safeReturnPath(raw: string | null | undefined): string;
 /**
  * Create a new session in the legacy sessions table.
  * Used by google-oauth.ts for mobile deep linking.
@@ -72,6 +87,7 @@ export declare function removeSession(token: string): Promise<void>;
  * Returns null if the session doesn't exist, is expired, or has no email.
  */
 export declare function getSessionEmail(token: string): Promise<string | null>;
+export declare function setDesktopExchange(flowId: string, token: string, email: string): void;
 /**
  * Run the auth guard on an event. Returns a Response/object to block the
  * request (login page or 401), or undefined to allow it through.

package/dist/server/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAsBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAOhE,KAAK,KAAK,GAAG,SAAS,CAAC;AASvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAWlE;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAMD,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,oEAAoE;IACpE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,mDAAmD;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAC7D;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;OAIG;IACH,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;IACF;;OAEG;IACH,UAAU,CAAC,EAAE,gBAAgB,CAAC;CAC/B;AAqBD,eAAO,MAAM,WAAW,QAER,CAAC;AAqJjB;;;GAGG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAW7E;AAED,uDAAuD;AACvD,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAShE;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAmB3E;AA0CD;;;;;;GAMG;AACH,wBAAsB,YAAY,CAChC,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,CAG5C;AAuID;;;;;;;;;;;;GAYG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CA0I5E;AAkzBD;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,KAAK,EACV,OAAO,GAAE,WAAgB,GACxB,OAAO,CAAC,OAAO,CAAC,CAyKlB;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAEzE"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAuBA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,gCAAgC,CAAC;AAOhE,KAAK,KAAK,GAAG,SAAS,CAAC;AASvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAmBlE;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAMD,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mFAAmF;IACnF,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oEAAoE;IACpE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,mDAAmD;IACnD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;OAGG;IACH,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,OAAO,KAAK,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAC7D;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;OAKG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;OAIG;IACH,SAAS,CAAC,EAAE;QACV,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;IACF;;OAEG;IACH,UAAU,CAAC,EAAE,gBAAgB,CAAC;CAC/B;AAqBD,eAAO,MAAM,WAAW,QAER,CAAC;AA8DjB;;;;;;;;;;;GAWG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAUrE;AAyFD;;;GAGG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAW7E;AAED,uDAAuD;AACvD,wBAAsB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAShE;AAED;;;GAGG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAmB3E;AAwCD,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,QAWd;AA8ED;;;;;;GAMG;AACH,wBAAsB,YAAY,CAChC,KAAK,EAAE,OAAO,GACb,OAAO,CAAC,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,CAG5C;AA0MD;;;;;;;;;;;;GAYG;AACH,wBAAsB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CA0I5E;AAyiCD;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,KAAK,EACV,OAAO,GAAE,WAAgB,GACxB,OAAO,CAAC,OAAO,CAAC,CA4KlB;AAMD;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAEzE"}

package/dist/server/auth.js

@@ -9,7 +9,7 @@ async function getFs() {
     }
     return _fs;
 }
-import { defineEventHandler, getMethod, getQuery, setResponseHeader, setResponseStatus, getCookie, setCookie, deleteCookie, } from "h3";
+import { defineEventHandler, getMethod, getQuery, sendRedirect, setResponseHeader, setResponseStatus, getCookie, setCookie, deleteCookie, } from "h3";
 // In h3 v2, `event.req` IS the web Request — no conversion needed.
 function toWebRequest(event) {
     return event.req;
@@ -20,7 +20,7 @@ import { getOnboardingHtml, getResetPasswordHtml } from "./onboarding-html.js";
 import { migrateLocalUserData } from "./local-migration.js";
 import { readBody } from "../server/h3-helpers.js";
 import { readDesktopSso, writeDesktopSso, clearDesktopSso, } from "./desktop-sso.js";
-import { isElectron as isElectronRequest } from "./google-oauth.js";
+import { isElectron as isElectronRequest, getOrigin, encodeOAuthState, decodeOAuthState, createOAuthSession, oauthCallbackResponse, oauthErrorPage, } from "./google-oauth.js";
 /**
  * Get the configured session max age. Desktop SSO broker writes from
  * OAuth flows read this so expiration stays consistent with the cookie.
@@ -99,6 +99,33 @@ function isDevEnvironment() {
     const env = process.env.NODE_ENV;
     return env === "development" || env === "test";
 }
+/**
+ * Validate a `?return=` URL for the /_agent-native/sign-in entrypoint.
+ *
+ * Parses the candidate against a sentinel base origin; any input that
+ * resolves to a different origin (network-path references, absolute URLs,
+ * `data:` / `javascript:` schemes, backslash-bypass tricks WHATWG normalises
+ * to `//`) gets rejected and falls back to "/". Control characters are
+ * stripped up front to defend against header-injection. Returns the
+ * normalised path the parser produced — never the raw input.
+ *
+ * Exported for unit tests.
+ */
+export function safeReturnPath(raw) {
+    if (!raw)
+        return "/";
+    if (/[\x00-\x1f]/.test(raw))
+        return "/";
+    try {
+        const parsed = new URL(raw, "http://safe-base.invalid");
+        if (parsed.origin !== "http://safe-base.invalid")
+            return "/";
+        return parsed.pathname + parsed.search + parsed.hash;
+    }
+    catch {
+        return "/";
+    }
+}
 // ---------------------------------------------------------------------------
 // ACCESS_TOKEN resolution
 // ---------------------------------------------------------------------------
@@ -233,6 +260,83 @@ export async function getSessionEmail(token) {
 let customGetSession = null;
 let authDisabledMode = false;
 let _authGuardConfig = null;
+// Desktop OAuth exchange store — holds session tokens keyed by a unique flow
+// ID so native apps (Tauri, Electron) that open OAuth in the system browser
+// can retrieve the token after the callback completes on the server.
+//
+// Primary: in-memory Map (fast, works for single-instance dev/preview builds).
+// Fallback: sessions table with a "dex:" prefixed key for cross-instance
+// durability (Cloudflare Workers, multi-region deployments). The value stored
+// in the `email` column is "{realToken}::{userEmail}" so both can be recovered
+// from a single DB lookup.
+const _desktopExchanges = new Map();
+// 5-minute TTL for exchange entries (short — single-use tokens).
+const DESKTOP_EXCHANGE_TTL_MS = 5 * 60 * 1000;
+export function setDesktopExchange(flowId, token, email) {
+    _desktopExchanges.set(flowId, {
+        token,
+        email,
+        expiresAt: Date.now() + DESKTOP_EXCHANGE_TTL_MS,
+    });
+    // Persist to DB so the token survives cross-instance routing (e.g. when
+    // templates call this helper directly instead of going through the OAuth
+    // callback path).
+    void persistDesktopExchangeToDB(flowId, token, email);
+}
+/**
+ * Persist a desktop exchange entry to the sessions table so it survives
+ * cross-instance routing (e.g. Cloudflare Workers). Stored under a synthetic
+ * token key "dex:{flowId}"; the `email` column packs both the real session
+ * token and the user email so they can be recovered in one query.
+ * Non-fatal — if the DB isn't ready yet the in-memory Map still works for
+ * same-instance requests.
+ */
+async function persistDesktopExchangeToDB(flowId, token, email) {
+    try {
+        await addSession(`dex:${flowId}`, `${token}::${email}`);
+    }
+    catch {
+        // non-fatal — in-memory Map is the primary path
+    }
+}
+/**
+ * Retrieve and consume a desktop exchange entry from the DB fallback.
+ * Returns null if not found or already consumed.
+ */
+async function consumeDesktopExchangeFromDB(flowId) {
+    try {
+        // Atomic DELETE...RETURNING prevents token replay: two concurrent polls
+        // cannot both retrieve the token because only one DELETE will match the row.
+        // SQLite ≥3.35 and PostgreSQL both support this syntax.
+        // The created_at predicate enforces the 5-minute TTL so stale DB entries
+        // (e.g. the desktop app never polled) are rejected rather than silently
+        // redeemed with the session table's default 30-day TTL.
+        const client = getDbExec();
+        const { rows } = await client.execute({
+            sql: `DELETE FROM sessions WHERE token = ? AND created_at > ? RETURNING email`,
+            args: [`dex:${flowId}`, Date.now() - DESKTOP_EXCHANGE_TTL_MS],
+        });
+        if (rows.length === 0)
+            return null;
+        const packed = (rows[0].email ?? rows[0][0]);
+        if (!packed)
+            return null;
+        const sepIdx = packed.indexOf("::");
+        if (sepIdx === -1)
+            return null;
+        return { token: packed.slice(0, sepIdx), email: packed.slice(sepIdx + 2) };
+    }
+    catch {
+        return null;
+    }
+}
+setInterval(() => {
+    const now = Date.now();
+    for (const [k, v] of _desktopExchanges) {
+        if (v.expiresAt < now)
+            _desktopExchanges.delete(k);
+    }
+}, 60_000).unref?.();
 /**
  * Module-level auth guard function. Set by autoMountAuth() when auth is active.
  * Called by the server middleware to enforce auth on ALL requests (not just
@@ -292,7 +396,7 @@ function applyCorsHeaders(event) {
         .map((s) => s.trim())
         .filter(Boolean);
     const allowed = allowlist.length === 0
-        ? /^https?:\/\/(localhost|127\.0\.0\.1)(:\d+)?$/.test(origin)
+        ? /^(https?|tauri):\/\/(localhost|127\.0\.0\.1|tauri\.localhost)(:\d+)?$/.test(origin)
         : allowlist.includes(origin);
     if (!allowed)
         return;
@@ -327,6 +431,62 @@ function createAuthGuardFn() {
             p === "/_agent-native/google/add-account/callback") {
             return;
         }
+        // Integration webhook endpoints verify authenticity via platform-specific
+        // signature verification (Slack HMAC, Telegram token, etc.), not sessions.
+        if (/^\/_agent-native\/integrations\/[^/]+\/webhook$/.test(p)) {
+            return;
+        }
+        // Internal processor endpoint for the integration webhook fanout. The
+        // webhook handler enqueues a task to SQL and dispatches a fresh HTTP POST
+        // to this endpoint so the agent loop runs in its own function execution
+        // (cross-platform serverless-safe — see `integrations/webhook-handler.ts`).
+        // Authenticity is verified via an HMAC token signed with A2A_SECRET, plus
+        // an atomic SQL claim that prevents duplicate processing.
+        if (p === "/_agent-native/integrations/process-task") {
+            return;
+        }
+        // A2A endpoint verifies authenticity via JWT signed with the org's A2A
+        // secret (or the global A2A_SECRET fallback), not via session cookies.
+        if (p === "/_agent-native/a2a") {
+            return;
+        }
+        // A2A secret receive endpoint — verifies authenticity via JWT signed
+        // with the calling app's A2A secret, not via session cookies. Used to
+        // sync the org A2A secret across connected apps.
+        if (p === "/_agent-native/org/a2a-secret/receive") {
+            return;
+        }
+        // Force-sign-in entrypoint. Templates send viewers from public pages
+        // (share links, embeds) here with a `?return=<path>` query — anonymous
+        // visitors get the loginHtml, and once they sign in the loginHtml's
+        // post-login reload re-hits this same URL with a session cookie set,
+        // so we 302 them to the original page.
+        //
+        // `return` is validated by parsing it against a sentinel base origin
+        // and checking the resolved origin still matches. This rejects every
+        // open-redirect shape — `//evil.com/...` (network-path reference),
+        // `/\evil.com/...` (WHATWG URL parser normalises `\` to `/` in HTTP
+        // URLs, so a naive prefix check on `//` misses this), absolute URLs
+        // like `https://evil.com`, and `data:` / `javascript:` schemes. The
+        // reconstructed path comes from the parsed segments so any leftover
+        // quirks get normalised. Control chars (incl. CR/LF for header
+        // injection) are rejected up front.
+        //
+        if (p === "/_agent-native/sign-in") {
+            const queryStr = url.includes("?") ? url.slice(url.indexOf("?") + 1) : "";
+            const safeReturn = safeReturnPath(new URLSearchParams(queryStr).get("return"));
+            const session = await getSession(event);
+            if (session) {
+                return new Response("", {
+                    status: 302,
+                    headers: { Location: safeReturn },
+                });
+            }
+            return new Response(loginHtml, {
+                status: 200,
+                headers: { "Content-Type": "text/html; charset=utf-8" },
+            });
+        }
         // Skip static assets (Vite chunks, fonts, images, etc.)
         if (p.startsWith("/assets/") ||
             p.startsWith("/_build/") ||
@@ -362,6 +522,7 @@ function mapBetterAuthSession(baSession) {
     return {
         email: baSession.user.email,
         userId: baSession.user.id,
+        name: baSession.user.name,
         token: baSession.session?.token,
         orgId: baSession.session?.activeOrganizationId ?? undefined,
     };
@@ -768,7 +929,9 @@ async function mountBetterAuthRoutes(app, options) {
         if (!publicPaths.includes(pp))
             publicPaths.push(pp);
     }
-    // Auto-add Google OAuth routes when credentials are configured
+    // Auto-add Google OAuth routes when credentials are configured.
+    // Templates can override by defining their own Nitro routes at the same
+    // paths (e.g. mail/calendar need broader scopes for API access).
     if (process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET) {
         for (const gp of [
             "/_agent-native/google/callback",
@@ -777,13 +940,213 @@ async function mountBetterAuthRoutes(app, options) {
             if (!publicPaths.includes(gp))
                 publicPaths.push(gp);
         }
+        const googleScopes = [
+            "openid",
+            "https://www.googleapis.com/auth/userinfo.email",
+            "https://www.googleapis.com/auth/userinfo.profile",
+        ].join(" ");
+        app.use("/_agent-native/google/auth-url", defineEventHandler((event) => {
+            if (getMethod(event) !== "GET") {
+                setResponseStatus(event, 405);
+                return { error: "Method not allowed" };
+            }
+            const redirectUri = getQuery(event).redirect_uri ||
+                `${getOrigin(event)}/_agent-native/google/callback`;
+            const q = getQuery(event);
+            const desktop = isElectronRequest(event) || q.desktop === "1" || q.desktop === "true";
+            const flowId = desktop ? q.flow_id || undefined : undefined;
+            // Validate the caller's return param up front and only embed it
+            // into the OAuth state when it normalises to a non-root path —
+            // skip embedding "/" (the default fallback) so the state stays
+            // small for the common case.
+            const returnQuery = q.return;
+            const validated = typeof returnQuery === "string" ? safeReturnPath(returnQuery) : "/";
+            const returnUrl = validated !== "/" ? validated : undefined;
+            const state = encodeOAuthState(redirectUri, undefined, desktop, false, undefined, returnUrl, flowId);
+            const params = new URLSearchParams({
+                client_id: process.env.GOOGLE_CLIENT_ID,
+                redirect_uri: redirectUri,
+                response_type: "code",
+                scope: googleScopes,
+                access_type: "online",
+                prompt: "select_account",
+                state,
+            });
+            const authUrl = `https://accounts.google.com/o/oauth2/v2/auth?${params}`;
+            if (q.redirect === "1") {
+                return sendRedirect(event, authUrl, 302);
+            }
+            return { url: authUrl };
+        }));
+        app.use("/_agent-native/google/callback", defineEventHandler(async (event) => {
+            if (getMethod(event) !== "GET") {
+                setResponseStatus(event, 405);
+                return { error: "Method not allowed" };
+            }
+            try {
+                const query = getQuery(event);
+                const code = query.code;
+                if (!code) {
+                    setResponseStatus(event, 400);
+                    return { error: "Missing authorization code" };
+                }
+                const { redirectUri, desktop, returnUrl, flowId } = decodeOAuthState(query.state, `${getOrigin(event)}/_agent-native/google/callback`);
+                const tokenRes = await fetch("https://oauth2.googleapis.com/token", {
+                    method: "POST",
+                    headers: {
+                        "Content-Type": "application/x-www-form-urlencoded",
+                    },
+                    body: new URLSearchParams({
+                        code,
+                        client_id: process.env.GOOGLE_CLIENT_ID,
+                        client_secret: process.env.GOOGLE_CLIENT_SECRET,
+                        redirect_uri: redirectUri,
+                        grant_type: "authorization_code",
+                    }),
+                });
+                const tokens = await tokenRes.json();
+                if (!tokenRes.ok) {
+                    throw new Error(tokens.error_description ||
+                        tokens.error ||
+                        "Token exchange failed");
+                }
+                const userRes = await fetch("https://www.googleapis.com/oauth2/v2/userinfo", { headers: { Authorization: `Bearer ${tokens.access_token}` } });
+                const user = await userRes.json();
+                const email = user.email;
+                if (!email)
+                    throw new Error("Could not get email from Google");
+                const { sessionToken } = await createOAuthSession(event, email, {
+                    hasProductionSession: false,
+                    desktop,
+                });
+                if (flowId && sessionToken) {
+                    _desktopExchanges.set(flowId, {
+                        token: sessionToken,
+                        email,
+                        expiresAt: Date.now() + DESKTOP_EXCHANGE_TTL_MS,
+                    });
+                    // Also persist to DB for cross-instance durability (Cloudflare
+                    // Workers, multi-region). Fire-and-forget — in-memory Map is
+                    // still the primary fast path for same-instance requests.
+                    void persistDesktopExchangeToDB(flowId, sessionToken, email);
+                }
+                return oauthCallbackResponse(event, email, {
+                    sessionToken,
+                    desktop,
+                    returnUrl,
+                    flowId,
+                });
+            }
+            catch (error) {
+                const msg = error.message || "Unknown error";
+                return oauthErrorPage(`Connection failed: ${msg}`);
+            }
+        }));
     }
+    // Desktop OAuth exchange — native apps (Tauri tray, Electron) open OAuth
+    // in the system browser but need a way to retrieve the session token
+    // afterwards since they don't share a cookie jar with the browser.
+    app.use("/_agent-native/auth/desktop-exchange", defineEventHandler(async (event) => {
+        if (getMethod(event) !== "GET") {
+            setResponseStatus(event, 405);
+            return { error: "Method not allowed" };
+        }
+        const flowId = getQuery(event).flow_id;
+        if (!flowId) {
+            setResponseStatus(event, 400);
+            return { error: "Missing flow_id" };
+        }
+        let entry = _desktopExchanges.get(flowId);
+        if (!entry || entry.expiresAt < Date.now()) {
+            // In-memory miss — fall back to the DB-persisted entry. This handles
+            // cross-instance routing (Cloudflare Workers, multi-region) where the
+            // OAuth callback and the polling request may hit different isolates.
+            const fromDb = await consumeDesktopExchangeFromDB(flowId);
+            if (!fromDb) {
+                return { pending: true };
+            }
+            entry = {
+                token: fromDb.token,
+                email: fromDb.email,
+                expiresAt: Date.now() + 1, // already consumed from DB
+            };
+        }
+        _desktopExchanges.delete(flowId);
+        // Also wipe the DB-persisted entry so it cannot be replayed via the
+        // DB fallback path after in-memory consumption.
+        void removeSession(`dex:${flowId}`);
+        return { token: entry.token, email: entry.email };
+    }));
     const accessTokens = getAccessTokens();
     // Initialize Better Auth
     const auth = await getBetterAuth(options.betterAuth);
     // Mount Better Auth catch-all handler at /_agent-native/auth/ba/*
     app.use("/_agent-native/auth/ba", defineEventHandler(async (event) => {
+        const reqPath = event.url?.pathname ?? event.path ?? "";
+        const isResetPassword = reqPath.includes("reset-password") && getMethod(event) === "POST";
+        // Pre-read the body for reset-password so we can extract the
+        // token after Better Auth consumes the stream.
+        let resetToken;
+        if (isResetPassword) {
+            try {
+                const body = await readBody(event);
+                resetToken = body?.token;
+            }
+            catch {
+                // ignore — Better Auth will handle validation
+            }
+        }
         const response = await auth.handler(toWebRequest(event));
+        const isResponse = response != null &&
+            typeof response.status === "number" &&
+            typeof response.headers?.get === "function";
+        // After email verification, add ?verified to the redirect so the
+        // login page can show a "Email verified!" success message.
+        if (reqPath.includes("verify-email") &&
+            isResponse &&
+            response.status >= 300 &&
+            response.status < 400) {
+            const loc = response.headers.get("location");
+            if (loc && !/[?&]verified=/.test(loc)) {
+                const sep = loc.includes("?") ? "&" : "?";
+                const newResponse = new Response(null, {
+                    status: response.status,
+                    headers: new Headers(response.headers),
+                });
+                newResponse.headers.set("location", loc + sep + "verified=1");
+                return newResponse;
+            }
+        }
+        // Auto-verify email after a successful password reset. The user
+        // proved email ownership by receiving and using the reset link.
+        if (isResetPassword &&
+            resetToken &&
+            isResponse &&
+            response.status >= 200 &&
+            response.status < 300) {
+            try {
+                const { getDbExec } = await import("../db/client.js");
+                const db = getDbExec();
+                // Better Auth stores the reset token in its `verification`
+                // table with the user's identifier. Look up the user via the
+                // token and mark their email as verified — they proved
+                // ownership by receiving and using the email-delivered link.
+                const rows = await db.execute({
+                    sql: "SELECT identifier FROM verification WHERE value = ?",
+                    args: [resetToken],
+                });
+                const email = rows.rows[0]?.identifier;
+                if (email) {
+                    await db.execute({
+                        sql: "UPDATE user SET email_verified = 1 WHERE email = ? AND (email_verified = 0 OR email_verified IS NULL)",
+                        args: [email],
+                    });
+                }
+            }
+            catch {
+                // Best-effort — don't block the response
+            }
+        }
         return response;
     }));
     // POST /_agent-native/auth/local-mode — switch to local mode (onboarding escape hatch)
@@ -1315,7 +1678,8 @@ export async function autoMountAuth(app, options = {}) {
         const guardFn = createAuthGuardFn();
         _authGuardFn = guardFn;
         app.use(defineEventHandler(guardFn));
-        console.log("[agent-native] Auth enabled — custom getSession provider.");
+        if (process.env.DEBUG)
+            console.log("[agent-native] Auth enabled — custom getSession provider.");
         return true;
     }
     // AUTH_DISABLED — skip auth (infrastructure-level auth)
@@ -1330,13 +1694,15 @@ export async function autoMountAuth(app, options = {}) {
     const tokens = getAccessTokens();
     if (tokens.length > 0) {
         mountTokenOnlyRoutes(app, tokens, publicPaths);
-        console.log(`[agent-native] Auth enabled — ${tokens.length} access token(s) configured.`);
+        if (process.env.DEBUG)
+            console.log(`[agent-native] Auth enabled — ${tokens.length} access token(s) configured.`);
         return true;
     }
     // Default: Better Auth (account-first)
     try {
         await mountBetterAuthRoutes(app, options);
-        console.log("[agent-native] Auth enabled — Better Auth (accounts + organizations).");
+        if (process.env.DEBUG)
+            console.log("[agent-native] Auth enabled — Better Auth (accounts + organizations).");
     }
     catch (err) {
         console.error("[agent-native] Failed to initialize Better Auth:", err);