@agent-native/core 0.7.22 → 0.7.24

package/dist/server/onboarding-html.js.map

@@ -1 +1 @@
-{"version":3,"file":"onboarding-html.js","sourceRoot":"","sources":["../../src/server/onboarding-html.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;IACjC,OAAO,GAAG,KAAK,aAAa,IAAI,GAAG,KAAK,MAAM,CAAC;AACjD,CAAC;AAED,SAAS,cAAc;IACrB,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,OAAO,qBAAqB,CAAC;IACvC,IAAI,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACrE,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,eAAe,CAAC;QACtD,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,mBAAmB,CAAC;QACzD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC1D,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5E,OAAO,cAAc,CAAC;AACxB,CAAC;AAsBD,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,UAAU,iBAAiB,CAAC,OAA8B,EAAE;IAChE,MAAM,aAAa,GACjB,CAAC,eAAe,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,eAAe,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;IACrC,MAAM,cAAc,GAAG,aAAa;QAClC,CAAC,CAAC;;;;mHAI6G;QAC/G,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,eAAe,GAAG,aAAa;QACnC,CAAC,CAAC;;;;;;;oCAO8B,gBAAgB;qCACf,gBAAgB;;;;;;;;;;;;;;;;;;;;IAoBjD;QACA,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IACjC,MAAM,YAAY,GAAG,CAAC,CAAC,SAAS,CAAC;IACjC,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,EAAE,CACxB,CAAC;SACE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAE7B,MAAM,eAAe,GAAG,YAAY;QAClC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+GL;QACG,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,kBAAkB,GAAG,YAAY;QACrC,CAAC,CAAC;;;;;;gBAMU,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC;;+BAER,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC;EACpD,SAAU,CAAC,WAAW,CAAC,CAAC,CAAC,6BAA6B,GAAG,CAAC,SAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GACxF,SAAU,CAAC,QAAQ,EAAE,MAAM;YACzB,CAAC,CAAC,oCAAoC,SAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAC9H,CAAC,CAAC,EACN;;;;;;2BAMqB;QACvB,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,kBAAkB,GAAG,YAAY,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,CAAC;IAEpE,MAAM,eAAe,GAAG,YAAY;QAClC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAwFE;QACJ,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO;;;;;SAKA,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,SAAS;EAExE,YAAY;QACV,CAAC,CAAC,qCAAqC,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC;qCAC7B,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC;2CACjB,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC,IAAI;QAClE,CAAC,CAAC,EACN;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAoKE,eAAe;;;OAGV,YAAY,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,EAAE;EACjD,kBAAkB;;;;;;;;EASlB,UAAU;QACR,CAAC,CAAC;;;;;;EAMJ,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,qCAAqC;CACxD;QACG,CAAC,CAAC,UAAU;YACV,CAAC,CAAC;;;;;CAKP;YACK,CAAC,CAAC,EACR;EAEE,UAAU;QACR,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UAqCN;EACE,cAAc;;;yDAGyC,kBAAkB,EAAE;MACvE,kBAAkB;;;;;;;;;;;;;;;;;EAkBtB,UAAU;QACR,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmNN,GAAG,eAAe;EAEhB,aAAa;QACX,CAAC,CAAC;;;;;;;;;mCAS6B,gBAAgB;;;;;;;;;;CAUlD;QACG,CAAC,CAAC,EACN;EAEE,UAAU;QACR,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAmCF;QACA,CAAC,CAAC,EACN;EACE,eAAe;;;QAGT,CAAC;AACT,CAAC;AAED,kDAAkD;AAClD,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,EAAE,CAAC;AAEnD;;;;GAIG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAsGD,CAAC;AACT,CAAC","sourcesContent":["/**\n * First-run onboarding page for agent-native apps.\n *\n * Shown when Better Auth is active and the user isn't signed in.\n * Provides two paths:\n * 1. Create account (email/password) — real identity from day one\n * 2. Use locally — sets AUTH_MODE=local for offline/solo dev (dev only)\n *\n * After first account exists, this page acts as a normal login page.\n * The \"Use locally\" escape hatch is hidden in production to ensure\n * real accounts are used (needed for per-user usage tracking/limits).\n * It's also hidden when DATABASE_URL points at a non-local DB (Postgres,\n * Turso, D1) — local@localhost has no per-user scoping, so enabling it\n * against a shared DB would silently fail server-side.\n */\n\nimport { isLocalDatabase } from \"../db/client.js\";\n\nfunction isProductionEnv(): boolean {\n  const env = process.env.NODE_ENV;\n  return env !== \"development\" && env !== \"test\";\n}\n\nfunction hasGoogleOAuth(): boolean {\n  return !!(process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET);\n}\n\nfunction getConnectionLabel(): string {\n  const url = process.env.DATABASE_URL || \"\";\n  if (!url) return \"SQLite (local file)\";\n  if (url.startsWith(\"postgres://\") || url.startsWith(\"postgresql://\")) {\n    if (url.includes(\"neon.tech\")) return \"Neon Postgres\";\n    if (url.includes(\"supabase\")) return \"Supabase Postgres\";\n    return \"Postgres\";\n  }\n  if (url.startsWith(\"file:\")) return \"SQLite (local file)\";\n  if (url.startsWith(\"libsql://\") || url.includes(\"turso.io\")) return \"Turso\";\n  return \"SQL database\";\n}\n\nexport interface OnboardingHtmlOptions {\n  /**\n   * Hide email/password forms and show ONLY the Google sign-in button.\n   * Useful for templates (mail, calendar) where Google is required anyway.\n   * If Google OAuth env vars are not configured, an error message is shown.\n   */\n  googleOnly?: boolean;\n  /**\n   * Product marketing content shown alongside the sign-in form.\n   * When provided, the page uses a split layout: marketing on the left,\n   * sign-in form on the right (stacked on mobile).\n   */\n  marketing?: {\n    appName: string;\n    tagline: string;\n    description?: string;\n    features?: string[];\n  };\n}\n\nconst MIGRATE_FLAG_KEY = \"an_migrate_from_local\";\n\nexport function getOnboardingHtml(opts: OnboardingHtmlOptions = {}): string {\n  const showLocalMode =\n    !isProductionEnv() && !opts.googleOnly && isLocalDatabase();\n  const showGoogle = hasGoogleOAuth();\n  const googleOnly = !!opts.googleOnly;\n  const localModeBlock = showLocalMode\n    ? `\n  <div class=\"divider\" id=\"local-divider\">or</div>\n\n  <button class=\"btn-secondary\" id=\"local-btn\" onclick=\"useLocally()\">Use locally without an account</button>\n  <p class=\"local-info\" id=\"local-info\">Skip auth for solo local development. You can create an account later.</p>`\n    : \"\";\n\n  const localModeScript = showLocalMode\n    ? `\n  async function useLocally() {\n    var btn = document.getElementById('local-btn');\n    btn.disabled = true;\n    btn.textContent = 'Setting up...';\n    try {\n      try {\n        if (localStorage.getItem('${MIGRATE_FLAG_KEY}')) {\n          localStorage.removeItem('${MIGRATE_FLAG_KEY}');\n        }\n      } catch (e) {}\n      var res = await fetch(__anPath('/_agent-native/auth/local-mode'), { method: 'POST' });\n      if (res.ok) {\n        window.location.reload();\n      } else {\n        var data = await res.json().catch(function() { return {}; });\n        var info = document.getElementById('local-info');\n        if (info && data && data.error) {\n          info.textContent = data.error;\n          info.style.color = '#f87171';\n        }\n        btn.textContent = 'Not available';\n        btn.disabled = true;\n      }\n    } catch(e) {\n      btn.textContent = 'Failed — try again';\n      btn.disabled = false;\n    }\n  }`\n    : \"\";\n\n  const marketing = opts.marketing;\n  const hasMarketing = !!marketing;\n  const esc = (s: string) =>\n    s\n      .replace(/&/g, \"&amp;\")\n      .replace(/</g, \"&lt;\")\n      .replace(/>/g, \"&gt;\")\n      .replace(/\"/g, \"&quot;\");\n\n  const marketingStyles = hasMarketing\n    ? `\n  body.has-marketing { padding: 0; position: relative; overflow-x: hidden; }\n  #starfield {\n    position: fixed;\n    inset: 0;\n    width: 100%;\n    height: 100%;\n    opacity: 0.35;\n    pointer-events: none;\n    z-index: 0;\n  }\n  .split {\n    position: relative;\n    z-index: 1;\n    display: flex;\n    min-height: 100vh;\n    width: 100%;\n    max-width: 1100px;\n    margin: 0 auto;\n  }\n  .marketing-panel {\n    flex: 1;\n    display: flex;\n    flex-direction: column;\n    justify-content: center;\n    padding: 3rem 3.5rem;\n  }\n  .marketing-content { max-width: 480px; }\n  .app-name {\n    display: flex;\n    align-items: center;\n    gap: 0.625rem;\n    font-size: 2rem;\n    font-weight: 700;\n    color: #fff;\n    margin-bottom: 0.625rem;\n    letter-spacing: -0.02em;\n  }\n  .app-name img.brand-mark {\n    height: 2.21375rem;\n    width: auto;\n    display: block;\n    flex-shrink: 0;\n  }\n  .app-tagline {\n    font-size: 1.25rem;\n    color: #a1a1aa;\n    line-height: 1.6;\n    margin-bottom: 2rem;\n  }\n  .app-desc {\n    font-size: 1rem;\n    color: #71717a;\n    line-height: 1.6;\n    margin-bottom: 2rem;\n  }\n  .feature-list {\n    list-style: none;\n    display: flex;\n    flex-direction: column;\n    gap: 0.875rem;\n  }\n  .feature-list li {\n    display: flex;\n    align-items: flex-start;\n    gap: 0.625rem;\n    font-size: 1rem;\n    color: #a1a1aa;\n    line-height: 1.5;\n  }\n  .feature-list li::before {\n    content: '';\n    flex-shrink: 0;\n    width: 8px;\n    height: 8px;\n    margin-top: 6px;\n    border-radius: 50%;\n    background: #3f3f46;\n    border: 1px solid #52525b;\n  }\n  .oss-link {\n    display: inline-flex;\n    align-items: center;\n    gap: 0.375rem;\n    margin-top: 2rem;\n    font-size: 0.8125rem;\n    color: #71717a;\n    text-decoration: none;\n  }\n  .oss-link:hover { color: #a1a1aa; }\n  .oss-link svg { width: 15px; height: 15px; flex-shrink: 0; }\n  .form-panel {\n    flex: 0 0 440px;\n    display: flex;\n    flex-direction: column;\n    align-items: center;\n    justify-content: center;\n    padding: 2rem;\n  }\n  .form-panel .card { max-width: 400px; }\n  .form-panel .local-note { max-width: 400px; }\n  @media (max-width: 900px) {\n    .split { flex-direction: column; min-height: auto; }\n    .marketing-panel { padding: 2rem 1.5rem 1.5rem; }\n    .app-name { font-size: 1.375rem; }\n    .app-name img.brand-mark { height: 1.58125rem; }\n    .app-tagline { font-size: 1rem; margin-bottom: 1rem; }\n    .app-desc { margin-bottom: 1rem; }\n    .feature-list { gap: 0.5rem; }\n    .form-panel { flex: none; padding: 1.5rem 1rem; }\n  }\n`\n    : \"\";\n\n  const marketingPanelHtml = hasMarketing\n    ? `<canvas id=\"starfield\"></canvas>\n<div class=\"split\">\n  <div class=\"marketing-panel\">\n    <div class=\"marketing-content\">\n      <h2 class=\"app-name\">\n        <img class=\"brand-mark\" src=\"/agent-native-icon-dark.svg\" alt=\"\" aria-hidden=\"true\" />\n        <span>${esc(marketing!.appName)}</span>\n      </h2>\n      <p class=\"app-tagline\">${esc(marketing!.tagline)}</p>\n${marketing!.description ? `      <p class=\"app-desc\">${esc(marketing!.description)}</p>\\n` : \"\"}${\n        marketing!.features?.length\n          ? `      <ul class=\"feature-list\">\\n${marketing!.features.map((f) => `        <li>${esc(f)}</li>`).join(\"\\n\")}\\n      </ul>\\n`\n          : \"\"\n      }      <a class=\"oss-link\" href=\"https://github.com/BuilderIO/agent-native\" target=\"_blank\" rel=\"noreferrer\">\n        <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M9 19c-4.3 1.4-4.3-2.5-6-3m12 5v-3.5c0-1 .1-1.4-.5-2 2.8-.3 5.5-1.4 5.5-6a4.6 4.6 0 00-1.3-3.2 4.2 4.2 0 00-.1-3.2s-1.1-.3-3.5 1.3a12.3 12.3 0 00-6.2 0C6.5 2.8 5.4 3.1 5.4 3.1a4.2 4.2 0 00-.1 3.2A4.6 4.6 0 004 9.5c0 4.6 2.7 5.7 5.5 6-.6.6-.6 1.2-.5 2V21\"/></svg>\n        Open source\n      </a>\n    </div>\n  </div>\n  <div class=\"form-panel\">`\n    : \"\";\n\n  const marketingCloseHtml = hasMarketing ? `\\n  </div>\\n</div>` : \"\";\n\n  const starfieldScript = hasMarketing\n    ? `\n  (function initStarfield() {\n    var canvas = document.getElementById('starfield');\n    if (!canvas) return;\n    var gl = canvas.getContext('webgl', { alpha: false, antialias: false });\n    if (!gl) return;\n\n    var vs = gl.createShader(gl.VERTEX_SHADER);\n    gl.shaderSource(vs, 'attribute vec2 position;void main(){gl_Position=vec4(position,0.0,1.0);}');\n    gl.compileShader(vs);\n\n    var fs = gl.createShader(gl.FRAGMENT_SHADER);\n    gl.shaderSource(fs, [\n      'precision highp float;',\n      'uniform float iTime;uniform vec2 iResolution;',\n      '#define S(a,b,t) smoothstep(a,b,t)',\n      '#define NUM_LAYERS 4.',\n      'float N21(vec2 p){vec3 a=fract(vec3(p.xyx)*vec3(213.897,653.453,253.098));a+=dot(a,a.yzx+79.76);return fract((a.x+a.y)*a.z);}',\n      'vec2 GetPos(vec2 id,vec2 offs,float t){float n=N21(id+offs);float n1=fract(n*10.);float n2=fract(n*100.);float a=t+n;return offs+vec2(sin(a*n1),cos(a*n2))*.4;}',\n      'float df_line(vec2 a,vec2 b,vec2 p){vec2 pa=p-a,ba=b-a;float h=clamp(dot(pa,ba)/dot(ba,ba),0.,1.);return length(pa-ba*h);}',\n      'float line(vec2 a,vec2 b,vec2 uv){float r1=.025;float r2=.006;float d=df_line(a,b,uv);float d2=length(a-b);float fade=S(1.5,.5,d2);fade+=S(.05,.02,abs(d2-.75));return S(r1,r2,d)*fade;}',\n      'float NetLayer(vec2 st,float n,float t){',\n      '  vec2 id=floor(st)+n;st=fract(st)-.5;',\n      '  vec2 p0=GetPos(id,vec2(-1,-1),t);vec2 p1=GetPos(id,vec2(0,-1),t);vec2 p2=GetPos(id,vec2(1,-1),t);',\n      '  vec2 p3=GetPos(id,vec2(-1,0),t);vec2 p4=GetPos(id,vec2(0,0),t);vec2 p5=GetPos(id,vec2(1,0),t);',\n      '  vec2 p6=GetPos(id,vec2(-1,1),t);vec2 p7=GetPos(id,vec2(0,1),t);vec2 p8=GetPos(id,vec2(1,1),t);',\n      '  float m=0.;float sparkle=0.;float d;float s;float pulse;',\n      '  m+=line(p4,p0,st);d=length(st-p0);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p0.x)+fract(p0.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p1,st);d=length(st-p1);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p1.x)+fract(p1.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p2,st);d=length(st-p2);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p2.x)+fract(p2.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p3,st);d=length(st-p3);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p3.x)+fract(p3.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p4,st);d=length(st-p4);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p4.x)+fract(p4.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p5,st);d=length(st-p5);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p5.x)+fract(p5.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p6,st);d=length(st-p6);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p6.x)+fract(p6.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p7,st);d=length(st-p7);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p7.x)+fract(p7.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p8,st);d=length(st-p8);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p8.x)+fract(p8.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p1,p3,st);m+=line(p1,p5,st);m+=line(p7,p5,st);m+=line(p7,p3,st);',\n      '  float sPhase=(sin(t+n)+sin(t*.1))*.25+.5;sPhase+=pow(sin(t*.1)*.5+.5,50.)*5.;m+=sparkle*sPhase;',\n      '  return m;',\n      '}',\n      'void mainImage(out vec4 fragColor,in vec2 fragCoord){',\n      '  vec2 uv=(fragCoord-iResolution.xy*.5)/iResolution.y;',\n      '  float t=iTime*.03;float s=sin(t);float c=cos(t);mat2 rot=mat2(c,-s,s,c);vec2 st=uv*rot;',\n      '  float m=0.;',\n      '  for(float i=0.;i<1.;i+=1./NUM_LAYERS){float z=fract(t+i);float size=mix(15.,1.,z);float fade=S(0.,.6,z)*S(1.,.8,z);m+=fade*NetLayer(st*size,i,iTime*0.3);}',\n      '  vec3 col=vec3(0.35)*m;col*=1.-dot(uv,uv);',\n      '  float tt=min(iTime,5.0);col*=S(0.,20.,tt);',\n      '  col=clamp(col,0.,1.);fragColor=vec4(col,1.);',\n      '}',\n      'void main(){mainImage(gl_FragColor,gl_FragCoord.xy);}'\n    ].join('\\\\n'));\n    gl.compileShader(fs);\n\n    var prog = gl.createProgram();\n    gl.attachShader(prog, vs);\n    gl.attachShader(prog, fs);\n    gl.linkProgram(prog);\n    gl.useProgram(prog);\n\n    var buf = gl.createBuffer();\n    gl.bindBuffer(gl.ARRAY_BUFFER, buf);\n    gl.bufferData(gl.ARRAY_BUFFER, new Float32Array([-1,-1,1,-1,-1,1,-1,1,1,-1,1,1]), gl.STATIC_DRAW);\n    var pos = gl.getAttribLocation(prog, 'position');\n    gl.enableVertexAttribArray(pos);\n    gl.vertexAttribPointer(pos, 2, gl.FLOAT, false, 0, 0);\n\n    var uTime = gl.getUniformLocation(prog, 'iTime');\n    var uRes = gl.getUniformLocation(prog, 'iResolution');\n\n    function resize() {\n      var w = window.innerWidth, h = window.innerHeight;\n      var dpr = Math.min(window.devicePixelRatio, 1.5);\n      canvas.width = w * dpr; canvas.height = h * dpr;\n      gl.viewport(0, 0, canvas.width, canvas.height);\n    }\n    resize();\n    window.addEventListener('resize', resize);\n\n    var start = performance.now(), last = 0;\n    function render(now) {\n      requestAnimationFrame(render);\n      if (now - last < 33) return;\n      last = now;\n      gl.uniform1f(uTime, (now - start) * 0.001);\n      gl.uniform2f(uRes, canvas.width, canvas.height);\n      gl.drawArrays(gl.TRIANGLES, 0, 6);\n    }\n    requestAnimationFrame(render);\n  })();`\n    : \"\";\n\n  return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\">\n<title>${hasMarketing ? esc(marketing!.appName) + \" — Sign in\" : \"Welcome\"}</title>\n${\n  hasMarketing\n    ? `<meta name=\"description\" content=\"${esc(marketing!.tagline)}\">\n<meta property=\"og:title\" content=\"${esc(marketing!.appName)}\">\n<meta property=\"og:description\" content=\"${esc(marketing!.tagline)}\">`\n    : \"\"\n}\n<style>\n  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }\n  body {\n    font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif;\n    background: #0a0a0a;\n    color: #e5e5e5;\n    display: flex;\n    flex-direction: column;\n    align-items: center;\n    justify-content: center;\n    min-height: 100vh;\n    padding: 1rem;\n  }\n  .card {\n    width: 100%;\n    max-width: 400px;\n    padding: 2rem;\n    background: #141414;\n    border: 1px solid rgba(255,255,255,0.08);\n    border-radius: 12px;\n  }\n  h1 { font-size: 1.25rem; font-weight: 600; margin-bottom: 0.25rem; color: #fff; }\n  .subtitle { font-size: 0.8125rem; color: #888; margin-bottom: 1.5rem; }\n  .tabs {\n    display: inline-flex;\n    width: 100%;\n    padding: 4px;\n    margin-bottom: 1.5rem;\n    background: rgba(255,255,255,0.06);\n    border-radius: 8px;\n  }\n  .tab {\n    flex: 1;\n    padding: 0.5rem 0.75rem;\n    background: none;\n    border: none;\n    color: #888;\n    font-size: 0.8125rem;\n    font-weight: 500;\n    cursor: pointer;\n    border-radius: 6px;\n  }\n  .tab.active {\n    background: #1e1e1e;\n    color: #fff;\n    box-shadow: 0 1px 2px rgba(0,0,0,0.3);\n  }\n  .tab:hover:not(.active) { color: #bbb; }\n  .form { display: none; }\n  .form.active { display: block; }\n  label { display: block; font-size: 0.8125rem; color: #888; margin-bottom: 0.375rem; }\n  input {\n    width: 100%;\n    padding: 0.5rem 0.75rem;\n    background: transparent;\n    border: 1px solid rgba(255,255,255,0.12);\n    border-radius: 6px;\n    color: #e5e5e5;\n    font-size: 0.875rem;\n    outline: none;\n    margin-bottom: 0.875rem;\n  }\n  input:focus { border-color: rgba(255,255,255,0.3); box-shadow: 0 0 0 1px rgba(255,255,255,0.1); }\n  input::placeholder { color: #555; }\n  button[type=\"submit\"], .btn-primary {\n    width: 100%;\n    margin-top: 0.25rem;\n    padding: 0.5rem;\n    background: #fff;\n    color: #000;\n    border: none;\n    border-radius: 6px;\n    font-size: 0.875rem;\n    font-weight: 500;\n    cursor: pointer;\n  }\n  button[type=\"submit\"]:hover, .btn-primary:hover { background: #e5e5e5; }\n  button[type=\"submit\"]:disabled { opacity: 0.5; cursor: not-allowed; }\n  .btn-secondary {\n    width: 100%;\n    margin-top: 0.75rem;\n    padding: 0.5rem;\n    background: transparent;\n    color: #888;\n    border: 1px solid rgba(255,255,255,0.1);\n    border-radius: 6px;\n    font-size: 0.8125rem;\n    cursor: pointer;\n  }\n  .btn-secondary:hover { color: #bbb; border-color: rgba(255,255,255,0.2); }\n  .msg { margin-top: 0.75rem; font-size: 0.8125rem; display: none; }\n  .msg.error { color: #f87171; }\n  .msg.success { color: #4ade80; }\n  .msg.show { display: block; }\n  .divider {\n    display: flex;\n    align-items: center;\n    gap: 0.75rem;\n    margin: 1.25rem 0;\n    font-size: 0.75rem;\n    color: #555;\n  }\n  .divider::before, .divider::after {\n    content: '';\n    flex: 1;\n    height: 1px;\n    background: rgba(255,255,255,0.08);\n  }\n  .local-info {\n    font-size: 0.75rem;\n    color: #666;\n    margin-top: 0.5rem;\n    line-height: 1.4;\n  }\n  .upgrade-note {\n    margin-bottom: 1rem;\n    padding: 0.75rem;\n    border: 1px solid rgba(255,255,255,0.08);\n    border-radius: 8px;\n    background: rgba(255,255,255,0.03);\n    font-size: 0.75rem;\n    line-height: 1.5;\n    color: #a1a1aa;\n    display: none;\n  }\n  .upgrade-note.show { display: block; }\n  .btn-google {\n    width: 100%;\n    display: flex;\n    align-items: center;\n    justify-content: center;\n    gap: 0.625rem;\n    padding: 0.5rem;\n    background: #fff;\n    color: #000;\n    border: none;\n    border-radius: 6px;\n    font-size: 0.875rem;\n    font-weight: 500;\n    cursor: pointer;\n  }\n  .btn-google:hover { background: #e5e5e5; }\n  .btn-google:disabled { opacity: 0.5; cursor: wait; }\n  .btn-google svg { width: 18px; height: 18px; flex-shrink: 0; }\n  .google-error { margin-top: 0.5rem; font-size: 0.8125rem; color: #f87171; display: none; }\n  .google-error.show { display: block; }\n  .local-note {\n    display: none;\n    max-width: 400px;\n    width: 100%;\n    margin-top: 1rem;\n    padding: 0.625rem 0.875rem;\n    font-size: 0.6875rem;\n    line-height: 1.5;\n    color: #666;\n    border: 1px dashed rgba(255,255,255,0.08);\n    border-radius: 8px;\n    text-align: center;\n  }\n  .local-note.show { display: block; }\n  .local-note strong { color: #999; font-weight: 500; }\n  .local-note a { color: #888; text-decoration: none; }\n  .local-note a:hover { color: #bbb; }\n${marketingStyles}\n</style>\n</head>\n<body${hasMarketing ? ' class=\"has-marketing\"' : \"\"}>\n${marketingPanelHtml}\n<div class=\"card\">\n  <h1 id=\"heading\">Welcome</h1>\n  <p class=\"subtitle\" id=\"subtitle\">Create an account to get started</p>\n  <p class=\"upgrade-note\" id=\"upgrade-note\">\n    You started this flow from <code>local@localhost</code>. Continue signing in to upgrade this workspace to a real account and migrate your local data. If you want to cancel that and keep using local mode, use the secondary button below.\n  </p>\n\n${\n  showGoogle\n    ? `\n  <button class=\"btn-google\" id=\"google-btn\" onclick=\"signInWithGoogle()\">\n    <svg viewBox=\"0 0 24 24\"><path fill=\"#4285F4\" d=\"M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 0 1-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z\"/><path fill=\"#34A853\" d=\"M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z\"/><path fill=\"#FBBC05\" d=\"M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z\"/><path fill=\"#EA4335\" d=\"M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z\"/></svg>\n    Sign in with Google\n  </button>\n  <p class=\"google-error\" id=\"google-err\"></p>\n${googleOnly ? \"\" : `\\n  <div class=\"divider\">or</div>\\n`}\n`\n    : googleOnly\n      ? `\n  <p style=\"color:#f87171;font-size:0.875rem;text-align:center;padding:1rem 0\">\n    Google sign-in is not configured. Set <code>GOOGLE_CLIENT_ID</code> and\n    <code>GOOGLE_CLIENT_SECRET</code> environment variables to enable login.\n  </p>\n`\n      : \"\"\n}\n${\n  googleOnly\n    ? \"\"\n    : `  <div class=\"tabs\">\n    <button class=\"tab\" data-tab=\"signup\">Create account</button>\n    <button class=\"tab\" data-tab=\"login\">Sign in</button>\n  </div>\n\n  <form id=\"signup-form\" class=\"form\">\n    <label for=\"s-email\">Email</label>\n    <input id=\"s-email\" type=\"email\" autocomplete=\"email\" autofocus placeholder=\"you@example.com\" required />\n    <label for=\"s-pass\">Password</label>\n    <input id=\"s-pass\" type=\"password\" autocomplete=\"new-password\" placeholder=\"At least 8 characters\" required minlength=\"8\" />\n    <label for=\"s-pass2\">Confirm password</label>\n    <input id=\"s-pass2\" type=\"password\" autocomplete=\"new-password\" placeholder=\"Confirm password\" required minlength=\"8\" />\n    <button type=\"submit\">Create account</button>\n    <p class=\"msg\" id=\"s-msg\"></p>\n  </form>\n\n  <form id=\"login-form\" class=\"form\">\n    <label for=\"l-email\">Email</label>\n    <input id=\"l-email\" type=\"email\" autocomplete=\"email\" placeholder=\"you@example.com\" required />\n    <label for=\"l-pass\">Password</label>\n    <input id=\"l-pass\" type=\"password\" autocomplete=\"current-password\" placeholder=\"Enter password\" required />\n    <button type=\"submit\">Sign in</button>\n    <p class=\"msg error\" id=\"l-msg\"></p>\n    <p style=\"margin-top:0.75rem;font-size:0.75rem;text-align:right\">\n      <a href=\"#\" id=\"forgot-link\" style=\"color:#888;text-decoration:underline;text-underline-offset:2px\">Forgot password?</a>\n    </p>\n  </form>\n\n  <form id=\"forgot-form\" class=\"form\">\n    <label for=\"f-email\">Email</label>\n    <input id=\"f-email\" type=\"email\" autocomplete=\"email\" placeholder=\"you@example.com\" required />\n    <button type=\"submit\">Send reset link</button>\n    <p class=\"msg\" id=\"f-msg\"></p>\n    <p style=\"margin-top:0.75rem;font-size:0.75rem;text-align:center\">\n      <a href=\"#\" id=\"back-to-login\" style=\"color:#888;text-decoration:underline;text-underline-offset:2px\">Back to sign in</a>\n    </p>\n  </form>`\n}\n${localModeBlock}\n</div>\n<p class=\"local-note\" id=\"local-note\">\n  Your account is stored in this app's own DB (<strong>${getConnectionLabel()}</strong>), not a third-party service.\n</p>${marketingCloseHtml}\n<script>\n  function __anBasePath() {\n    var marker = '/_agent-native';\n    var idx = window.location.pathname.indexOf(marker);\n    return idx > 0 ? window.location.pathname.slice(0, idx) : '';\n  }\n  function __anPath(path) {\n    return __anBasePath() + path;\n  }\n  (function revealLocalNote() {\n    var h = location.hostname;\n    if (h === 'localhost' || h === '127.0.0.1' || h === '::1' || h.endsWith('.local')) {\n      var n = document.getElementById('local-note');\n      if (n) n.classList.add('show');\n    }\n  })();\n${\n  googleOnly\n    ? \"\"\n    : `  var TAB_STORAGE_KEY = 'an.onboarding.tab';\n  var tabs = document.querySelectorAll('.tab');\n  var forms = document.querySelectorAll('.form');\n  var subtitles = { signup: 'Create an account to get started', login: 'Sign in to your account' };\n  var headings = { signup: 'Welcome', login: 'Welcome back' };\n  function setActiveTab(name, opts) {\n    if (name !== 'signup' && name !== 'login') return;\n    var form = document.getElementById(name + '-form');\n    if (!form) return;\n    tabs.forEach(function(x) { x.classList.remove('active'); });\n    forms.forEach(function(x) { x.classList.remove('active'); });\n    var btn = document.querySelector('.tab[data-tab=\"' + name + '\"]');\n    if (btn) btn.classList.add('active');\n    form.classList.add('active');\n    var sub = document.getElementById('subtitle');\n    if (sub && subtitles[name]) sub.textContent = subtitles[name];\n    var heading = document.getElementById('heading');\n    if (heading && headings[name]) heading.textContent = headings[name];\n    if (opts && opts.persist) {\n      try { localStorage.setItem(TAB_STORAGE_KEY, name); } catch (e) {}\n    }\n  }\n  (function initActiveTab() {\n    var initial = 'signup';\n    try {\n      var params = new URLSearchParams(location.search);\n      var qp = params.get('tab');\n      if (qp === 'login' || qp === 'signup') {\n        initial = qp;\n      } else if (params.has('verified')) {\n        initial = 'login';\n      } else {\n        var stored = localStorage.getItem(TAB_STORAGE_KEY);\n        if (stored === 'login' || stored === 'signup') initial = stored;\n      }\n    } catch (e) {}\n    setActiveTab(initial, { persist: false });\n    try {\n      if (new URLSearchParams(location.search).has('verified')) {\n        var msg = document.getElementById('l-msg');\n        if (msg) {\n          msg.textContent = 'Email verified! Sign in to continue.';\n          msg.classList.remove('error');\n          msg.classList.add('show', 'success');\n        }\n      }\n    } catch (e) {}\n  })();\n  tabs.forEach(function(t) { t.addEventListener('click', function() {\n    setActiveTab(t.dataset.tab, { persist: true });\n  }); });\n\n  document.getElementById('signup-form').addEventListener('submit', async function(e) {\n    e.preventDefault();\n    var form = e.currentTarget;\n    var btn = form.querySelector('button[type=\"submit\"]');\n    var msg = document.getElementById('s-msg');\n    msg.classList.remove('show', 'error', 'success');\n    var pass = document.getElementById('s-pass').value;\n    var pass2 = document.getElementById('s-pass2').value;\n    if (pass !== pass2) {\n      msg.textContent = 'Passwords do not match';\n      msg.classList.add('show', 'error');\n      return;\n    }\n    var originalLabel = btn.textContent;\n    btn.disabled = true;\n    btn.textContent = 'Creating account…';\n    try {\n      var email = document.getElementById('s-email').value;\n      var res = await fetch(__anPath('/_agent-native/auth/register'), {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/json' },\n        body: JSON.stringify({ email: email, password: pass }),\n      });\n      var data = await res.json().catch(function() { return {}; });\n      if (res.ok) {\n        // If email verification is required, the server won't return a session.\n        // Try logging in — if it fails (unverified), show a \"check your email\" message.\n        var loginRes = await fetch(__anPath('/_agent-native/auth/login'), {\n          method: 'POST',\n          headers: { 'Content-Type': 'application/json' },\n          body: JSON.stringify({ email: email, password: pass }),\n        });\n        if (loginRes.ok) {\n          msg.textContent = 'Account created — signing you in…';\n          msg.classList.add('show', 'success');\n          window.location.reload();\n          return;\n        }\n        // Login failed — likely email verification required.\n        // Switch to login tab first, then show the message there so\n        // the user actually sees it (the signup form is hidden after switch).\n        btn.disabled = false;\n        btn.textContent = originalLabel;\n        setActiveTab('login', { persist: true });\n        var loginMsg = document.getElementById('l-msg');\n        if (loginMsg) {\n          loginMsg.textContent = 'Account created! Check your email to verify, then sign in.';\n          loginMsg.classList.remove('error');\n          loginMsg.classList.add('show', 'success');\n        }\n        return;\n      }\n      msg.textContent = data.error || 'Registration failed';\n      msg.classList.add('show', 'error');\n      btn.disabled = false;\n      btn.textContent = originalLabel;\n    } catch (err) {\n      msg.textContent = 'Network error — please try again';\n      msg.classList.add('show', 'error');\n      btn.disabled = false;\n      btn.textContent = originalLabel;\n    }\n  });\n\n  var forgotLink = document.getElementById('forgot-link');\n  var backToLogin = document.getElementById('back-to-login');\n  if (forgotLink) forgotLink.addEventListener('click', function(e) {\n    e.preventDefault();\n    document.getElementById('login-form').classList.remove('active');\n    document.getElementById('forgot-form').classList.add('active');\n    var sub = document.getElementById('subtitle');\n    if (sub) sub.textContent = 'Reset your password';\n    var heading = document.getElementById('heading');\n    if (heading) heading.textContent = 'Reset password';\n    var fEmail = document.getElementById('f-email');\n    var lEmail = document.getElementById('l-email');\n    if (lEmail && lEmail.value) fEmail.value = lEmail.value;\n    setTimeout(function() { fEmail.focus(); }, 0);\n  });\n  if (backToLogin) backToLogin.addEventListener('click', function(e) {\n    e.preventDefault();\n    document.getElementById('forgot-form').classList.remove('active');\n    document.getElementById('login-form').classList.add('active');\n    var sub = document.getElementById('subtitle');\n    if (sub) sub.textContent = subtitles.login;\n    var heading = document.getElementById('heading');\n    if (heading) heading.textContent = headings.login;\n  });\n\n  var forgotForm = document.getElementById('forgot-form');\n  if (forgotForm) forgotForm.addEventListener('submit', async function(e) {\n    e.preventDefault();\n    var btn = e.currentTarget.querySelector('button[type=\"submit\"]');\n    var msg = document.getElementById('f-msg');\n    msg.classList.remove('show', 'error', 'success');\n    var original = btn.textContent;\n    btn.disabled = true;\n    btn.textContent = 'Sending…';\n    try {\n      var email = document.getElementById('f-email').value;\n      var res = await fetch(__anPath('/_agent-native/auth/ba/request-password-reset'), {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/json' },\n        body: JSON.stringify({ email: email }),\n      });\n      if (res.ok) {\n        msg.textContent = 'If that email exists, a reset link is on its way.';\n        msg.classList.add('show', 'success');\n        btn.textContent = 'Sent';\n        return;\n      }\n      var data = await res.json().catch(function() { return {}; });\n      msg.textContent = (data && (data.message || data.error)) || 'Could not send reset email.';\n      msg.classList.add('show', 'error');\n      btn.disabled = false;\n      btn.textContent = original;\n    } catch (err) {\n      msg.textContent = 'Network error — please try again';\n      msg.classList.add('show', 'error');\n      btn.disabled = false;\n      btn.textContent = original;\n    }\n  });\n\n  document.getElementById('login-form').addEventListener('submit', async function(e) {\n    e.preventDefault();\n    var form = e.currentTarget;\n    var btn = form.querySelector('button[type=\"submit\"]');\n    var msg = document.getElementById('l-msg');\n    msg.classList.remove('show');\n    var originalLabel = btn.textContent;\n    btn.disabled = true;\n    btn.textContent = 'Signing in…';\n    try {\n      var res = await fetch(__anPath('/_agent-native/auth/login'), {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/json' },\n        body: JSON.stringify({\n          email: document.getElementById('l-email').value,\n          password: document.getElementById('l-pass').value,\n        }),\n      });\n      if (res.ok) {\n        window.location.reload();\n        return;\n      }\n      var data = await res.json().catch(function() { return {}; });\n      msg.textContent = data.error || 'Invalid email or password';\n      msg.classList.add('show');\n      btn.disabled = false;\n      btn.textContent = originalLabel;\n    } catch (err) {\n      msg.textContent = 'Network error — please try again';\n      msg.classList.add('show');\n      btn.disabled = false;\n      btn.textContent = originalLabel;\n    }\n  });\n`\n}${localModeScript}\n${\n  showLocalMode\n    ? `\n  (function syncUpgradeFromLocalUi() {\n    var subtitle = document.querySelector('.subtitle');\n    var note = document.getElementById('upgrade-note');\n    var localBtn = document.getElementById('local-btn');\n    var localInfo = document.getElementById('local-info');\n    var divider = document.getElementById('local-divider');\n    if (!subtitle || !note || !localBtn || !localInfo || !divider) return;\n    try {\n      if (!localStorage.getItem('${MIGRATE_FLAG_KEY}')) return;\n    } catch (e) {\n      return;\n    }\n    subtitle.textContent = 'Sign in to upgrade your local workspace';\n    note.classList.add('show');\n    localBtn.textContent = 'Stay in local mode';\n    localInfo.textContent = 'Use this if you want to cancel the upgrade and go back to local@localhost on this device.';\n    divider.textContent = 'or stay local';\n  })();\n`\n    : \"\"\n}\n${\n  showGoogle\n    ? `\n  function __anGetReturnPath() {\n    // If we landed here via /_agent-native/sign-in?return=X (force-sign-in\n    // entrypoint from a public page), prefer the inner return URL.\n    // Otherwise the loginHtml is being served at the URL the user actually\n    // wanted to reach (a bookmarked / deep-linked private path), so use it.\n    try {\n      var inner = new URLSearchParams(window.location.search).get('return');\n      if (inner) return inner;\n    } catch(e) {}\n    return window.location.pathname + window.location.search;\n  }\n  async function signInWithGoogle() {\n    var btn = document.getElementById('google-btn');\n    var err = document.getElementById('google-err');\n    btn.disabled = true;\n    err.classList.remove('show');\n    try {\n      var ret = __anGetReturnPath();\n      var authUrl = __anPath('/_agent-native/google/auth-url') + '?return=' + encodeURIComponent(ret);\n      var res = await fetch(authUrl);\n      var data = await res.json();\n      if (data.url) {\n        try { sessionStorage.setItem('__an_signin', '1'); } catch(e) {}\n        window.location.href = data.url;\n      } else {\n        err.textContent = data.message || 'Google OAuth is not configured.';\n        err.classList.add('show');\n        btn.disabled = false;\n      }\n    } catch (e) {\n      err.textContent = 'Failed to connect. Please try again.';\n      err.classList.add('show');\n      btn.disabled = false;\n    }\n  }`\n    : \"\"\n}\n${starfieldScript}\n</script>\n</body>\n</html>`;\n}\n\n/** @deprecated Use getOnboardingHtml() instead */\nexport const ONBOARDING_HTML = getOnboardingHtml();\n\n/**\n * HTML for the password reset page — shown when the user clicks the link in\n * their reset email. Posts `{ newPassword, token }` to Better Auth's\n * `/reset-password` endpoint, then redirects to the login page.\n */\nexport function getResetPasswordHtml(): string {\n  return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\">\n<title>Reset password</title>\n<style>\n  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }\n  body { font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif; background: #0a0a0a; color: #e5e5e5; display: flex; align-items: center; justify-content: center; min-height: 100vh; padding: 1rem; }\n  .card { width: 100%; max-width: 400px; padding: 2rem; background: #141414; border: 1px solid rgba(255,255,255,0.08); border-radius: 12px; }\n  h1 { font-size: 1.25rem; font-weight: 600; margin-bottom: 0.25rem; color: #fff; }\n  .subtitle { font-size: 0.8125rem; color: #888; margin-bottom: 1.5rem; }\n  label { display: block; font-size: 0.8125rem; color: #888; margin-bottom: 0.375rem; }\n  input { width: 100%; padding: 0.5rem 0.75rem; background: transparent; border: 1px solid rgba(255,255,255,0.12); border-radius: 6px; color: #e5e5e5; font-size: 0.875rem; outline: none; margin-bottom: 0.875rem; }\n  input:focus { border-color: rgba(255,255,255,0.3); box-shadow: 0 0 0 1px rgba(255,255,255,0.1); }\n  input::placeholder { color: #555; }\n  button[type=\"submit\"] { width: 100%; margin-top: 0.25rem; padding: 0.5rem; background: #fff; color: #000; border: none; border-radius: 6px; font-size: 0.875rem; font-weight: 500; cursor: pointer; }\n  button[type=\"submit\"]:hover { background: #e5e5e5; }\n  button[type=\"submit\"]:disabled { opacity: 0.5; cursor: not-allowed; }\n  .msg { margin-top: 0.75rem; font-size: 0.8125rem; display: none; }\n  .msg.error { color: #f87171; }\n  .msg.success { color: #4ade80; }\n  .msg.show { display: block; }\n  .back { display: inline-block; margin-top: 1rem; font-size: 0.75rem; color: #888; text-decoration: none; }\n  .back:hover { color: #bbb; }\n</style>\n</head>\n<body>\n<div class=\"card\">\n  <h1>Choose a new password</h1>\n  <p class=\"subtitle\">Set a new password for your account.</p>\n  <form id=\"reset-form\">\n    <label for=\"p1\">New password</label>\n    <input id=\"p1\" type=\"password\" autocomplete=\"new-password\" autofocus placeholder=\"At least 8 characters\" required minlength=\"8\" />\n    <label for=\"p2\">Confirm password</label>\n    <input id=\"p2\" type=\"password\" autocomplete=\"new-password\" placeholder=\"Confirm password\" required minlength=\"8\" />\n    <button type=\"submit\">Save new password</button>\n    <p class=\"msg\" id=\"msg\"></p>\n  </form>\n  <a class=\"back\" id=\"back-link\" href=\"/\">Back to sign in</a>\n</div>\n<script>\n  (function() {\n    // Derive the app's base path so apps mounted under a prefix\n    // (e.g. /mail, /calendar) get sent home instead of to the root domain.\n    var RESET_PATH = '/_agent-native/auth/reset';\n    var pathname = window.location.pathname;\n    var idx = pathname.indexOf(RESET_PATH);\n    var basePath = (idx >= 0 ? pathname.slice(0, idx) : '') || '';\n    var homeHref = basePath + '/';\n    var backLink = document.getElementById('back-link');\n    if (backLink) backLink.setAttribute('href', homeHref);\n    var params = new URLSearchParams(location.search);\n    var token = params.get('token') || '';\n    var msg = document.getElementById('msg');\n    if (!token) {\n      msg.textContent = 'Missing or invalid reset token. Request a new reset link.';\n      msg.classList.add('show', 'error');\n      document.getElementById('reset-form').style.display = 'none';\n      return;\n    }\n    document.getElementById('reset-form').addEventListener('submit', async function(e) {\n      e.preventDefault();\n      var btn = e.currentTarget.querySelector('button[type=\"submit\"]');\n      var p1 = document.getElementById('p1').value;\n      var p2 = document.getElementById('p2').value;\n      msg.classList.remove('show', 'error', 'success');\n      if (p1 !== p2) {\n        msg.textContent = 'Passwords do not match';\n        msg.classList.add('show', 'error');\n        return;\n      }\n      var original = btn.textContent;\n      btn.disabled = true;\n      btn.textContent = 'Saving…';\n      try {\n        var res = await fetch(basePath + '/_agent-native/auth/ba/reset-password', {\n          method: 'POST',\n          headers: { 'Content-Type': 'application/json' },\n          body: JSON.stringify({ newPassword: p1, token: token }),\n        });\n        if (res.ok) {\n          msg.textContent = 'Password updated — redirecting to sign in…';\n          msg.classList.add('show', 'success');\n          setTimeout(function() { window.location.href = homeHref; }, 1200);\n          return;\n        }\n        var data = await res.json().catch(function() { return {}; });\n        msg.textContent = (data && (data.message || data.error)) || 'Reset failed. The link may have expired — request a new one.';\n        msg.classList.add('show', 'error');\n        btn.disabled = false;\n        btn.textContent = original;\n      } catch (err) {\n        msg.textContent = 'Network error — please try again';\n        msg.classList.add('show', 'error');\n        btn.disabled = false;\n        btn.textContent = original;\n      }\n    });\n  })();\n</script>\n</body>\n</html>`;\n}\n"]}
+{"version":3,"file":"onboarding-html.js","sourceRoot":"","sources":["../../src/server/onboarding-html.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,SAAS,cAAc;IACrB,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,kBAAkB;IACzB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IAC3C,IAAI,CAAC,GAAG;QAAE,OAAO,qBAAqB,CAAC;IACvC,IAAI,GAAG,CAAC,UAAU,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACrE,IAAI,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC;YAAE,OAAO,eAAe,CAAC;QACtD,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;YAAE,OAAO,mBAAmB,CAAC;QACzD,OAAO,UAAU,CAAC;IACpB,CAAC;IACD,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,qBAAqB,CAAC;IAC1D,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,OAAO,CAAC;IAC5E,OAAO,cAAc,CAAC;AACxB,CAAC;AAsBD,MAAM,UAAU,iBAAiB,CAAC,OAA8B,EAAE;IAChE,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;IAErC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IACjC,MAAM,YAAY,GAAG,CAAC,CAAC,SAAS,CAAC;IACjC,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,EAAE,CACxB,CAAC;SACE,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAE7B,MAAM,eAAe,GAAG,YAAY;QAClC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+GL;QACG,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,kBAAkB,GAAG,YAAY;QACrC,CAAC,CAAC;;;;;;gBAMU,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC;;+BAER,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC;EACpD,SAAU,CAAC,WAAW,CAAC,CAAC,CAAC,6BAA6B,GAAG,CAAC,SAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GACxF,SAAU,CAAC,QAAQ,EAAE,MAAM;YACzB,CAAC,CAAC,oCAAoC,SAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB;YAC9H,CAAC,CAAC,EACN;;;;;;2BAMqB;QACvB,CAAC,CAAC,EAAE,CAAC;IAEP,MAAM,kBAAkB,GAAG,YAAY,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,CAAC;IAEpE,MAAM,eAAe,GAAG,YAAY;QAClC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAwFE;QACJ,CAAC,CAAC,EAAE,CAAC;IAEP,OAAO;;;;;SAKA,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC,CAAC,SAAS;EAExE,YAAY;QACV,CAAC,CAAC,qCAAqC,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC;qCAC7B,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC;2CACjB,GAAG,CAAC,SAAU,CAAC,OAAO,CAAC,IAAI;QAClE,CAAC,CAAC,EACN;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2QE,eAAe;;;OAGV,YAAY,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,EAAE;EACjD,kBAAkB;;;;;;;;EASlB,UAAU;QACR,CAAC,CAAC;;;;;;EAMJ,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,uDAAuD;CAC1E;QACG,CAAC,CAAC,UAAU;YACV,CAAC,CAAC;;;;;CAKP;YACK,CAAC,CAAC,EACR;EAEE,UAAU;QACR,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UAwDN;;;yDAGyD,kBAAkB,EAAE;MACvE,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;EAyBtB,UAAU;QACR,CAAC,CAAC,EAAE;QACJ,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiVN;EAEE,UAAU;QACR,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;;IAwBF;QACA,CAAC,CAAC,EACN;EACE,eAAe;;;QAGT,CAAC;AACT,CAAC;AAED,kDAAkD;AAClD,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,EAAE,CAAC;AAEnD;;;;GAIG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAsGD,CAAC;AACT,CAAC","sourcesContent":["/**\n * First-run onboarding page for agent-native apps.\n *\n * Shown when Better Auth is active and the user isn't signed in.\n * Provides a path to create or sign into an account from day one.\n *\n * After first account exists, this page acts as a normal login page.\n */\n\nfunction hasGoogleOAuth(): boolean {\n  return !!(process.env.GOOGLE_CLIENT_ID && process.env.GOOGLE_CLIENT_SECRET);\n}\n\nfunction getConnectionLabel(): string {\n  const url = process.env.DATABASE_URL || \"\";\n  if (!url) return \"SQLite (local file)\";\n  if (url.startsWith(\"postgres://\") || url.startsWith(\"postgresql://\")) {\n    if (url.includes(\"neon.tech\")) return \"Neon Postgres\";\n    if (url.includes(\"supabase\")) return \"Supabase Postgres\";\n    return \"Postgres\";\n  }\n  if (url.startsWith(\"file:\")) return \"SQLite (local file)\";\n  if (url.startsWith(\"libsql://\") || url.includes(\"turso.io\")) return \"Turso\";\n  return \"SQL database\";\n}\n\nexport interface OnboardingHtmlOptions {\n  /**\n   * Hide email/password forms and show ONLY the Google sign-in button.\n   * Useful for templates (mail, calendar) where Google is required anyway.\n   * If Google OAuth env vars are not configured, an error message is shown.\n   */\n  googleOnly?: boolean;\n  /**\n   * Product marketing content shown alongside the sign-in form.\n   * When provided, the page uses a split layout: marketing on the left,\n   * sign-in form on the right (stacked on mobile).\n   */\n  marketing?: {\n    appName: string;\n    tagline: string;\n    description?: string;\n    features?: string[];\n  };\n}\n\nexport function getOnboardingHtml(opts: OnboardingHtmlOptions = {}): string {\n  const showGoogle = hasGoogleOAuth();\n  const googleOnly = !!opts.googleOnly;\n\n  const marketing = opts.marketing;\n  const hasMarketing = !!marketing;\n  const esc = (s: string) =>\n    s\n      .replace(/&/g, \"&amp;\")\n      .replace(/</g, \"&lt;\")\n      .replace(/>/g, \"&gt;\")\n      .replace(/\"/g, \"&quot;\");\n\n  const marketingStyles = hasMarketing\n    ? `\n  body.has-marketing { padding: 0; position: relative; overflow-x: hidden; }\n  #starfield {\n    position: fixed;\n    inset: 0;\n    width: 100%;\n    height: 100%;\n    opacity: 0.35;\n    pointer-events: none;\n    z-index: 0;\n  }\n  .split {\n    position: relative;\n    z-index: 1;\n    display: flex;\n    min-height: 100vh;\n    width: 100%;\n    max-width: 1100px;\n    margin: 0 auto;\n  }\n  .marketing-panel {\n    flex: 1;\n    display: flex;\n    flex-direction: column;\n    justify-content: center;\n    padding: 3rem 3.5rem;\n  }\n  .marketing-content { max-width: 480px; }\n  .app-name {\n    display: flex;\n    align-items: center;\n    gap: 0.625rem;\n    font-size: 2rem;\n    font-weight: 700;\n    color: #fff;\n    margin-bottom: 0.625rem;\n    letter-spacing: -0.02em;\n  }\n  .app-name img.brand-mark {\n    height: 2.21375rem;\n    width: auto;\n    display: block;\n    flex-shrink: 0;\n  }\n  .app-tagline {\n    font-size: 1.25rem;\n    color: #a1a1aa;\n    line-height: 1.6;\n    margin-bottom: 2rem;\n  }\n  .app-desc {\n    font-size: 1rem;\n    color: #71717a;\n    line-height: 1.6;\n    margin-bottom: 2rem;\n  }\n  .feature-list {\n    list-style: none;\n    display: flex;\n    flex-direction: column;\n    gap: 0.875rem;\n  }\n  .feature-list li {\n    display: flex;\n    align-items: flex-start;\n    gap: 0.625rem;\n    font-size: 1rem;\n    color: #a1a1aa;\n    line-height: 1.5;\n  }\n  .feature-list li::before {\n    content: '';\n    flex-shrink: 0;\n    width: 8px;\n    height: 8px;\n    margin-top: 6px;\n    border-radius: 50%;\n    background: #3f3f46;\n    border: 1px solid #52525b;\n  }\n  .oss-link {\n    display: inline-flex;\n    align-items: center;\n    gap: 0.375rem;\n    margin-top: 2rem;\n    font-size: 0.8125rem;\n    color: #71717a;\n    text-decoration: none;\n  }\n  .oss-link:hover { color: #a1a1aa; }\n  .oss-link svg { width: 15px; height: 15px; flex-shrink: 0; }\n  .form-panel {\n    flex: 0 0 440px;\n    display: flex;\n    flex-direction: column;\n    align-items: center;\n    justify-content: center;\n    padding: 2rem;\n  }\n  .form-panel .card { max-width: 400px; }\n  .form-panel .local-note { max-width: 400px; }\n  @media (max-width: 900px) {\n    .split { flex-direction: column; min-height: auto; }\n    .marketing-panel { padding: 2rem 1.5rem 1.5rem; }\n    .app-name { font-size: 1.375rem; }\n    .app-name img.brand-mark { height: 1.58125rem; }\n    .app-tagline { font-size: 1rem; margin-bottom: 1rem; }\n    .app-desc { margin-bottom: 1rem; }\n    .feature-list { gap: 0.5rem; }\n    .form-panel { flex: none; padding: 1.5rem 1rem; }\n  }\n`\n    : \"\";\n\n  const marketingPanelHtml = hasMarketing\n    ? `<canvas id=\"starfield\"></canvas>\n<div class=\"split\">\n  <div class=\"marketing-panel\">\n    <div class=\"marketing-content\">\n      <h2 class=\"app-name\">\n        <img class=\"brand-mark\" src=\"/agent-native-icon-dark.svg\" alt=\"\" aria-hidden=\"true\" />\n        <span>${esc(marketing!.appName)}</span>\n      </h2>\n      <p class=\"app-tagline\">${esc(marketing!.tagline)}</p>\n${marketing!.description ? `      <p class=\"app-desc\">${esc(marketing!.description)}</p>\\n` : \"\"}${\n        marketing!.features?.length\n          ? `      <ul class=\"feature-list\">\\n${marketing!.features.map((f) => `        <li>${esc(f)}</li>`).join(\"\\n\")}\\n      </ul>\\n`\n          : \"\"\n      }      <a class=\"oss-link\" href=\"https://github.com/BuilderIO/agent-native\" target=\"_blank\" rel=\"noreferrer\">\n        <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M9 19c-4.3 1.4-4.3-2.5-6-3m12 5v-3.5c0-1 .1-1.4-.5-2 2.8-.3 5.5-1.4 5.5-6a4.6 4.6 0 00-1.3-3.2 4.2 4.2 0 00-.1-3.2s-1.1-.3-3.5 1.3a12.3 12.3 0 00-6.2 0C6.5 2.8 5.4 3.1 5.4 3.1a4.2 4.2 0 00-.1 3.2A4.6 4.6 0 004 9.5c0 4.6 2.7 5.7 5.5 6-.6.6-.6 1.2-.5 2V21\"/></svg>\n        Open source\n      </a>\n    </div>\n  </div>\n  <div class=\"form-panel\">`\n    : \"\";\n\n  const marketingCloseHtml = hasMarketing ? `\\n  </div>\\n</div>` : \"\";\n\n  const starfieldScript = hasMarketing\n    ? `\n  (function initStarfield() {\n    var canvas = document.getElementById('starfield');\n    if (!canvas) return;\n    var gl = canvas.getContext('webgl', { alpha: false, antialias: false });\n    if (!gl) return;\n\n    var vs = gl.createShader(gl.VERTEX_SHADER);\n    gl.shaderSource(vs, 'attribute vec2 position;void main(){gl_Position=vec4(position,0.0,1.0);}');\n    gl.compileShader(vs);\n\n    var fs = gl.createShader(gl.FRAGMENT_SHADER);\n    gl.shaderSource(fs, [\n      'precision highp float;',\n      'uniform float iTime;uniform vec2 iResolution;',\n      '#define S(a,b,t) smoothstep(a,b,t)',\n      '#define NUM_LAYERS 4.',\n      'float N21(vec2 p){vec3 a=fract(vec3(p.xyx)*vec3(213.897,653.453,253.098));a+=dot(a,a.yzx+79.76);return fract((a.x+a.y)*a.z);}',\n      'vec2 GetPos(vec2 id,vec2 offs,float t){float n=N21(id+offs);float n1=fract(n*10.);float n2=fract(n*100.);float a=t+n;return offs+vec2(sin(a*n1),cos(a*n2))*.4;}',\n      'float df_line(vec2 a,vec2 b,vec2 p){vec2 pa=p-a,ba=b-a;float h=clamp(dot(pa,ba)/dot(ba,ba),0.,1.);return length(pa-ba*h);}',\n      'float line(vec2 a,vec2 b,vec2 uv){float r1=.025;float r2=.006;float d=df_line(a,b,uv);float d2=length(a-b);float fade=S(1.5,.5,d2);fade+=S(.05,.02,abs(d2-.75));return S(r1,r2,d)*fade;}',\n      'float NetLayer(vec2 st,float n,float t){',\n      '  vec2 id=floor(st)+n;st=fract(st)-.5;',\n      '  vec2 p0=GetPos(id,vec2(-1,-1),t);vec2 p1=GetPos(id,vec2(0,-1),t);vec2 p2=GetPos(id,vec2(1,-1),t);',\n      '  vec2 p3=GetPos(id,vec2(-1,0),t);vec2 p4=GetPos(id,vec2(0,0),t);vec2 p5=GetPos(id,vec2(1,0),t);',\n      '  vec2 p6=GetPos(id,vec2(-1,1),t);vec2 p7=GetPos(id,vec2(0,1),t);vec2 p8=GetPos(id,vec2(1,1),t);',\n      '  float m=0.;float sparkle=0.;float d;float s;float pulse;',\n      '  m+=line(p4,p0,st);d=length(st-p0);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p0.x)+fract(p0.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p1,st);d=length(st-p1);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p1.x)+fract(p1.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p2,st);d=length(st-p2);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p2.x)+fract(p2.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p3,st);d=length(st-p3);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p3.x)+fract(p3.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p4,st);d=length(st-p4);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p4.x)+fract(p4.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p5,st);d=length(st-p5);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p5.x)+fract(p5.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p6,st);d=length(st-p6);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p6.x)+fract(p6.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p7,st);d=length(st-p7);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p7.x)+fract(p7.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p4,p8,st);d=length(st-p8);s=(.005/(d*d));s*=S(1.,.7,d);pulse=sin((fract(p8.x)+fract(p8.y)+t)*5.)*.4+.6;pulse=pow(pulse,20.);sparkle+=s*pulse;',\n      '  m+=line(p1,p3,st);m+=line(p1,p5,st);m+=line(p7,p5,st);m+=line(p7,p3,st);',\n      '  float sPhase=(sin(t+n)+sin(t*.1))*.25+.5;sPhase+=pow(sin(t*.1)*.5+.5,50.)*5.;m+=sparkle*sPhase;',\n      '  return m;',\n      '}',\n      'void mainImage(out vec4 fragColor,in vec2 fragCoord){',\n      '  vec2 uv=(fragCoord-iResolution.xy*.5)/iResolution.y;',\n      '  float t=iTime*.03;float s=sin(t);float c=cos(t);mat2 rot=mat2(c,-s,s,c);vec2 st=uv*rot;',\n      '  float m=0.;',\n      '  for(float i=0.;i<1.;i+=1./NUM_LAYERS){float z=fract(t+i);float size=mix(15.,1.,z);float fade=S(0.,.6,z)*S(1.,.8,z);m+=fade*NetLayer(st*size,i,iTime*0.3);}',\n      '  vec3 col=vec3(0.35)*m;col*=1.-dot(uv,uv);',\n      '  float tt=min(iTime,5.0);col*=S(0.,20.,tt);',\n      '  col=clamp(col,0.,1.);fragColor=vec4(col,1.);',\n      '}',\n      'void main(){mainImage(gl_FragColor,gl_FragCoord.xy);}'\n    ].join('\\\\n'));\n    gl.compileShader(fs);\n\n    var prog = gl.createProgram();\n    gl.attachShader(prog, vs);\n    gl.attachShader(prog, fs);\n    gl.linkProgram(prog);\n    gl.useProgram(prog);\n\n    var buf = gl.createBuffer();\n    gl.bindBuffer(gl.ARRAY_BUFFER, buf);\n    gl.bufferData(gl.ARRAY_BUFFER, new Float32Array([-1,-1,1,-1,-1,1,-1,1,1,-1,1,1]), gl.STATIC_DRAW);\n    var pos = gl.getAttribLocation(prog, 'position');\n    gl.enableVertexAttribArray(pos);\n    gl.vertexAttribPointer(pos, 2, gl.FLOAT, false, 0, 0);\n\n    var uTime = gl.getUniformLocation(prog, 'iTime');\n    var uRes = gl.getUniformLocation(prog, 'iResolution');\n\n    function resize() {\n      var w = window.innerWidth, h = window.innerHeight;\n      var dpr = Math.min(window.devicePixelRatio, 1.5);\n      canvas.width = w * dpr; canvas.height = h * dpr;\n      gl.viewport(0, 0, canvas.width, canvas.height);\n    }\n    resize();\n    window.addEventListener('resize', resize);\n\n    var start = performance.now(), last = 0;\n    function render(now) {\n      requestAnimationFrame(render);\n      if (now - last < 33) return;\n      last = now;\n      gl.uniform1f(uTime, (now - start) * 0.001);\n      gl.uniform2f(uRes, canvas.width, canvas.height);\n      gl.drawArrays(gl.TRIANGLES, 0, 6);\n    }\n    requestAnimationFrame(render);\n  })();`\n    : \"\";\n\n  return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\">\n<title>${hasMarketing ? esc(marketing!.appName) + \" — Sign in\" : \"Welcome\"}</title>\n${\n  hasMarketing\n    ? `<meta name=\"description\" content=\"${esc(marketing!.tagline)}\">\n<meta property=\"og:title\" content=\"${esc(marketing!.appName)}\">\n<meta property=\"og:description\" content=\"${esc(marketing!.tagline)}\">`\n    : \"\"\n}\n<style>\n  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }\n  body {\n    font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif;\n    background: #0a0a0a;\n    color: #e5e5e5;\n    display: flex;\n    flex-direction: column;\n    align-items: center;\n    justify-content: center;\n    min-height: 100vh;\n    padding: 1rem;\n  }\n  .card {\n    width: 100%;\n    max-width: 400px;\n    padding: 2rem;\n    background: #141414;\n    border: 1px solid rgba(255,255,255,0.08);\n    border-radius: 12px;\n  }\n  h1 { font-size: 1.25rem; font-weight: 600; margin-bottom: 0.25rem; color: #fff; }\n  .subtitle { font-size: 0.8125rem; color: #888; margin-bottom: 1.5rem; }\n  .tabs {\n    display: inline-flex;\n    width: 100%;\n    padding: 4px;\n    margin-bottom: 1.5rem;\n    background: rgba(255,255,255,0.06);\n    border-radius: 8px;\n  }\n  .tab {\n    flex: 1;\n    padding: 0.5rem 0.75rem;\n    background: none;\n    border: none;\n    color: #888;\n    font-size: 0.8125rem;\n    font-weight: 500;\n    cursor: pointer;\n    border-radius: 6px;\n  }\n  .tab.active {\n    background: #1e1e1e;\n    color: #fff;\n    box-shadow: 0 1px 2px rgba(0,0,0,0.3);\n  }\n  .tab:hover:not(.active) { color: #bbb; }\n  .form { display: none; }\n  .form.active { display: block; }\n  .card.verifying .tabs,\n  .card.verifying #google-btn,\n  .card.verifying #google-err,\n  .card.verifying #auth-divider,\n  .card.verifying #upgrade-note {\n    display: none;\n  }\n  label { display: block; font-size: 0.8125rem; color: #888; margin-bottom: 0.375rem; }\n  input {\n    width: 100%;\n    padding: 0.5rem 0.75rem;\n    background: transparent;\n    border: 1px solid rgba(255,255,255,0.12);\n    border-radius: 6px;\n    color: #e5e5e5;\n    font-size: 0.875rem;\n    outline: none;\n    margin-bottom: 0.875rem;\n  }\n  input:focus { border-color: rgba(255,255,255,0.3); box-shadow: 0 0 0 1px rgba(255,255,255,0.1); }\n  input::placeholder { color: #555; }\n  button[type=\"submit\"], .btn-primary {\n    width: 100%;\n    margin-top: 0.25rem;\n    padding: 0.5rem;\n    background: #fff;\n    color: #000;\n    border: none;\n    border-radius: 6px;\n    font-size: 0.875rem;\n    font-weight: 500;\n    cursor: pointer;\n  }\n  button[type=\"submit\"]:hover, .btn-primary:hover { background: #e5e5e5; }\n  button[type=\"submit\"]:disabled { opacity: 0.5; cursor: not-allowed; }\n  .btn-secondary {\n    width: 100%;\n    margin-top: 0.75rem;\n    padding: 0.5rem;\n    background: transparent;\n    color: #888;\n    border: 1px solid rgba(255,255,255,0.1);\n    border-radius: 6px;\n    font-size: 0.8125rem;\n    cursor: pointer;\n  }\n  .btn-secondary:hover { color: #bbb; border-color: rgba(255,255,255,0.2); }\n  .msg { margin-top: 0.75rem; font-size: 0.8125rem; display: none; }\n  .msg.error { color: #f87171; }\n  .msg.success { color: #4ade80; }\n  .msg.show { display: block; }\n  .step-progress {\n    display: grid;\n    grid-template-columns: repeat(3, minmax(0, 1fr));\n    gap: 0.5rem;\n    margin-bottom: 1.25rem;\n  }\n  .progress-step {\n    position: relative;\n    display: flex;\n    flex-direction: column;\n    align-items: center;\n    gap: 0.375rem;\n    color: #666;\n    font-size: 0.6875rem;\n    line-height: 1.2;\n    text-align: center;\n  }\n  .progress-step::before {\n    content: '';\n    position: absolute;\n    top: 11px;\n    left: calc(-50% + 16px);\n    width: calc(100% - 32px);\n    height: 1px;\n    background: rgba(255,255,255,0.1);\n  }\n  .progress-step:first-child::before { display: none; }\n  .progress-step span {\n    display: inline-flex;\n    align-items: center;\n    justify-content: center;\n    width: 22px;\n    height: 22px;\n    border-radius: 999px;\n    border: 1px solid rgba(255,255,255,0.14);\n    background: #151515;\n    color: #777;\n    font-size: 0.6875rem;\n    font-weight: 600;\n  }\n  .progress-step strong { font-weight: 500; }\n  .progress-step.complete,\n  .progress-step.current { color: #e5e5e5; }\n  .progress-step.complete span {\n    background: #d9f99d;\n    border-color: #d9f99d;\n    color: #111;\n  }\n  .progress-step.current span {\n    background: #fff;\n    border-color: #fff;\n    color: #000;\n    box-shadow: 0 0 0 4px rgba(255,255,255,0.08);\n  }\n  .verification-panel {\n    padding: 1rem;\n    margin-bottom: 0.875rem;\n    background: rgba(255,255,255,0.04);\n    border: 1px solid rgba(255,255,255,0.08);\n    border-radius: 8px;\n  }\n  .verification-kicker {\n    margin-bottom: 0.5rem;\n    color: #bef264;\n    font-size: 0.75rem;\n    font-weight: 500;\n  }\n  .verification-copy {\n    color: #d4d4d8;\n    font-size: 0.875rem;\n    line-height: 1.55;\n  }\n  .verification-copy strong {\n    color: #fff;\n    font-weight: 600;\n    word-break: break-word;\n  }\n  .verification-note {\n    margin-top: 0.75rem;\n    color: #71717a;\n    font-size: 0.75rem;\n    line-height: 1.45;\n  }\n  .inline-actions {\n    display: flex;\n    align-items: center;\n    justify-content: space-between;\n    gap: 0.75rem;\n    margin-top: 0.75rem;\n  }\n  .link-button {\n    padding: 0.25rem 0;\n    background: none;\n    border: none;\n    color: #888;\n    cursor: pointer;\n    font-size: 0.75rem;\n    text-decoration: underline;\n    text-underline-offset: 2px;\n  }\n  .link-button:hover { color: #bbb; }\n  .link-button:disabled { cursor: wait; opacity: 0.5; }\n  .divider {\n    display: flex;\n    align-items: center;\n    gap: 0.75rem;\n    margin: 1.25rem 0;\n    font-size: 0.75rem;\n    color: #555;\n  }\n  .divider::before, .divider::after {\n    content: '';\n    flex: 1;\n    height: 1px;\n    background: rgba(255,255,255,0.08);\n  }\n  .upgrade-note {\n    margin-bottom: 1rem;\n    padding: 0.75rem;\n    border: 1px solid rgba(255,255,255,0.08);\n    border-radius: 8px;\n    background: rgba(255,255,255,0.03);\n    font-size: 0.75rem;\n    line-height: 1.5;\n    color: #a1a1aa;\n    display: none;\n  }\n  .upgrade-note.show { display: block; }\n  .btn-google {\n    width: 100%;\n    display: flex;\n    align-items: center;\n    justify-content: center;\n    gap: 0.625rem;\n    padding: 0.5rem;\n    background: #fff;\n    color: #000;\n    border: none;\n    border-radius: 6px;\n    font-size: 0.875rem;\n    font-weight: 500;\n    cursor: pointer;\n  }\n  .btn-google:hover { background: #e5e5e5; }\n  .btn-google:disabled { opacity: 0.5; cursor: wait; }\n  .btn-google svg { width: 18px; height: 18px; flex-shrink: 0; }\n  .google-error { margin-top: 0.5rem; font-size: 0.8125rem; color: #f87171; display: none; }\n  .google-error.show { display: block; }\n  .local-note {\n    display: none;\n    max-width: 400px;\n    width: 100%;\n    margin-top: 1rem;\n    padding: 0.625rem 0.875rem;\n    font-size: 0.6875rem;\n    line-height: 1.5;\n    color: #666;\n    border: 1px dashed rgba(255,255,255,0.08);\n    border-radius: 8px;\n    text-align: center;\n  }\n  .local-note.show { display: block; }\n  .local-note strong { color: #999; font-weight: 500; }\n  .local-note a { color: #888; text-decoration: none; }\n  .local-note a:hover { color: #bbb; }\n${marketingStyles}\n</style>\n</head>\n<body${hasMarketing ? ' class=\"has-marketing\"' : \"\"}>\n${marketingPanelHtml}\n<div class=\"card\">\n  <h1 id=\"heading\">Welcome</h1>\n  <p class=\"subtitle\" id=\"subtitle\">Create an account to get started</p>\n  <p class=\"upgrade-note\" id=\"upgrade-note\">\n    You started this flow from <code>local@localhost</code>. Continue signing in to upgrade this workspace to a real account and migrate your local data. If you want to cancel that and keep using local mode, use the secondary button below.\n  </p>\n\n${\n  showGoogle\n    ? `\n  <button class=\"btn-google\" id=\"google-btn\" onclick=\"signInWithGoogle()\">\n    <svg viewBox=\"0 0 24 24\"><path fill=\"#4285F4\" d=\"M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 0 1-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z\"/><path fill=\"#34A853\" d=\"M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z\"/><path fill=\"#FBBC05\" d=\"M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z\"/><path fill=\"#EA4335\" d=\"M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z\"/></svg>\n    Sign in with Google\n  </button>\n  <p class=\"google-error\" id=\"google-err\"></p>\n${googleOnly ? \"\" : `\\n  <div class=\"divider\" id=\"auth-divider\">or</div>\\n`}\n`\n    : googleOnly\n      ? `\n  <p style=\"color:#f87171;font-size:0.875rem;text-align:center;padding:1rem 0\">\n    Google sign-in is not configured. Set <code>GOOGLE_CLIENT_ID</code> and\n    <code>GOOGLE_CLIENT_SECRET</code> environment variables to enable login.\n  </p>\n`\n      : \"\"\n}\n${\n  googleOnly\n    ? \"\"\n    : `  <div class=\"tabs\">\n    <button class=\"tab\" data-tab=\"signup\">Create account</button>\n    <button class=\"tab\" data-tab=\"login\">Sign in</button>\n  </div>\n\n    <form id=\"signup-form\" class=\"form\">\n      <label for=\"s-email\">Email</label>\n      <input id=\"s-email\" type=\"email\" autocomplete=\"email\" autofocus placeholder=\"you@example.com\" required />\n    <label for=\"s-pass\">Password</label>\n    <input id=\"s-pass\" type=\"password\" autocomplete=\"new-password\" placeholder=\"At least 8 characters\" required minlength=\"8\" />\n    <label for=\"s-pass2\">Confirm password</label>\n    <input id=\"s-pass2\" type=\"password\" autocomplete=\"new-password\" placeholder=\"Confirm password\" required minlength=\"8\" />\n      <button type=\"submit\">Create account</button>\n      <p class=\"msg\" id=\"s-msg\"></p>\n    </form>\n\n    <div id=\"verification-step\" class=\"form verification-step\" aria-live=\"polite\">\n      <div class=\"step-progress\" aria-label=\"Signup progress\">\n        <div class=\"progress-step complete\"><span>1</span><strong>Account</strong></div>\n        <div class=\"progress-step current\"><span>2</span><strong>Verify</strong></div>\n        <div class=\"progress-step\"><span>3</span><strong>Start</strong></div>\n      </div>\n      <div class=\"verification-panel\">\n        <p class=\"verification-kicker\">Verification email sent</p>\n        <p class=\"verification-copy\">We sent a secure link to <strong id=\"verify-email\"></strong>. When you click it, this app will finish signing you in automatically.</p>\n        <p class=\"verification-note\">You can keep this tab open. After verifying, use Continue if the app has not refreshed yet.</p>\n      </div>\n      <button type=\"button\" class=\"btn-primary\" id=\"verify-continue\">Continue</button>\n      <div class=\"inline-actions\">\n        <button type=\"button\" class=\"link-button\" id=\"resend-verification\">Resend email</button>\n        <button type=\"button\" class=\"link-button\" id=\"back-to-signup\">Back</button>\n      </div>\n      <p class=\"msg\" id=\"verify-msg\"></p>\n    </div>\n\n    <form id=\"login-form\" class=\"form\">\n    <label for=\"l-email\">Email</label>\n    <input id=\"l-email\" type=\"email\" autocomplete=\"email\" placeholder=\"you@example.com\" required />\n    <label for=\"l-pass\">Password</label>\n    <input id=\"l-pass\" type=\"password\" autocomplete=\"current-password\" placeholder=\"Enter password\" required />\n    <button type=\"submit\">Sign in</button>\n    <p class=\"msg error\" id=\"l-msg\"></p>\n    <p style=\"margin-top:0.75rem;font-size:0.75rem;text-align:right\">\n      <a href=\"#\" id=\"forgot-link\" style=\"color:#888;text-decoration:underline;text-underline-offset:2px\">Forgot password?</a>\n    </p>\n  </form>\n\n  <form id=\"forgot-form\" class=\"form\">\n    <label for=\"f-email\">Email</label>\n    <input id=\"f-email\" type=\"email\" autocomplete=\"email\" placeholder=\"you@example.com\" required />\n    <button type=\"submit\">Send reset link</button>\n    <p class=\"msg\" id=\"f-msg\"></p>\n    <p style=\"margin-top:0.75rem;font-size:0.75rem;text-align:center\">\n      <a href=\"#\" id=\"back-to-login\" style=\"color:#888;text-decoration:underline;text-underline-offset:2px\">Back to sign in</a>\n    </p>\n  </form>`\n}\n</div>\n<p class=\"local-note\" id=\"local-note\">\n  Your account is stored in this app's own DB (<strong>${getConnectionLabel()}</strong>), not a third-party service.\n</p>${marketingCloseHtml}\n<script>\n  function __anBasePath() {\n    var marker = '/_agent-native';\n    var idx = window.location.pathname.indexOf(marker);\n    return idx > 0 ? window.location.pathname.slice(0, idx) : '';\n  }\n    function __anPath(path) {\n      return __anBasePath() + path;\n    }\n    function __anGetReturnPath() {\n      try {\n        var inner = new URLSearchParams(window.location.search).get('return');\n        if (inner) return inner;\n      } catch(e) {}\n      return window.location.pathname + window.location.search;\n    }\n    (function revealLocalNote() {\n    var h = location.hostname;\n    if (h === 'localhost' || h === '127.0.0.1' || h === '::1' || h.endsWith('.local')) {\n      var n = document.getElementById('local-note');\n      if (n) n.classList.add('show');\n    }\n  })();\n${\n  googleOnly\n    ? \"\"\n    : `  var TAB_STORAGE_KEY = 'an.onboarding.tab';\n    var tabs = document.querySelectorAll('.tab');\n    var forms = document.querySelectorAll('.form');\n    var subtitles = { signup: 'Create an account to get started', login: 'Sign in to your account' };\n    var headings = { signup: 'Welcome', login: 'Welcome back' };\n    var pendingSignupEmail = '';\n    function setActiveTab(name, opts) {\n      if (name !== 'signup' && name !== 'login') return;\n      var form = document.getElementById(name + '-form');\n      if (!form) return;\n      var card = document.querySelector('.card');\n      if (card) card.classList.remove('verifying');\n      tabs.forEach(function(x) { x.classList.remove('active'); });\n      forms.forEach(function(x) { x.classList.remove('active'); });\n    var btn = document.querySelector('.tab[data-tab=\"' + name + '\"]');\n    if (btn) btn.classList.add('active');\n    form.classList.add('active');\n    var sub = document.getElementById('subtitle');\n    if (sub && subtitles[name]) sub.textContent = subtitles[name];\n    var heading = document.getElementById('heading');\n    if (heading && headings[name]) heading.textContent = headings[name];\n      if (opts && opts.persist) {\n        try { localStorage.setItem(TAB_STORAGE_KEY, name); } catch (e) {}\n      }\n    }\n    function showVerificationStep(email) {\n      pendingSignupEmail = email || '';\n      tabs.forEach(function(x) { x.classList.remove('active'); });\n      forms.forEach(function(x) { x.classList.remove('active'); });\n      var card = document.querySelector('.card');\n      if (card) card.classList.add('verifying');\n      var step = document.getElementById('verification-step');\n      if (step) step.classList.add('active');\n      var emailNode = document.getElementById('verify-email');\n      if (emailNode) emailNode.textContent = pendingSignupEmail;\n      var heading = document.getElementById('heading');\n      if (heading) heading.textContent = 'Check your email';\n      var sub = document.getElementById('subtitle');\n      if (sub) sub.textContent = 'Finish creating your account';\n      var msg = document.getElementById('verify-msg');\n      if (msg) {\n        msg.classList.remove('show', 'error', 'success');\n        msg.textContent = '';\n      }\n      try { localStorage.setItem(TAB_STORAGE_KEY, 'signup'); } catch (e) {}\n    }\n    function getVerificationMessageNode() {\n      var verifyStep = document.getElementById('verification-step');\n      if (verifyStep && verifyStep.classList.contains('active')) {\n        return document.getElementById('verify-msg');\n      }\n      return document.getElementById('l-msg') || document.getElementById('verify-msg');\n    }\n    async function checkVerificationSession(fallbackText) {\n      var msg = getVerificationMessageNode();\n      if (msg) {\n        msg.textContent = 'Checking your verification...';\n        msg.classList.remove('error');\n        msg.classList.add('show', 'success');\n      }\n      try {\n        var res = await fetch(__anPath('/_agent-native/auth/session'), {\n          headers: { 'Accept': 'application/json' },\n        });\n        var data = await res.json().catch(function() { return {}; });\n        if (res.ok && data && data.email && !data.error) {\n          window.location.reload();\n          return;\n        }\n        if (msg) {\n          msg.textContent = fallbackText || 'Still waiting on verification. Click the link in your email, then try Continue again.';\n          msg.classList.remove('success');\n          msg.classList.add('show', 'error');\n        }\n      } catch (err) {\n        if (msg) {\n          msg.textContent = 'Could not check verification. Please try again.';\n          msg.classList.remove('success');\n          msg.classList.add('show', 'error');\n        }\n      }\n    }\n    async function resendVerificationEmail() {\n      var btn = document.getElementById('resend-verification');\n      var msg = document.getElementById('verify-msg');\n      var email = pendingSignupEmail || document.getElementById('s-email').value;\n      if (!email) return;\n      var original = btn ? btn.textContent : '';\n      if (btn) {\n        btn.disabled = true;\n        btn.textContent = 'Sending...';\n      }\n      if (msg) msg.classList.remove('show', 'error', 'success');\n      try {\n        var res = await fetch(__anPath('/_agent-native/auth/ba/send-verification-email'), {\n          method: 'POST',\n          headers: { 'Content-Type': 'application/json' },\n          body: JSON.stringify({ email: email, callbackURL: __anGetReturnPath() }),\n        });\n        if (res.ok) {\n          if (msg) {\n            msg.textContent = 'Sent a fresh verification link.';\n            msg.classList.add('show', 'success');\n          }\n          if (btn) btn.textContent = 'Sent';\n          setTimeout(function() {\n            if (btn) {\n              btn.disabled = false;\n              btn.textContent = original;\n            }\n          }, 1600);\n          return;\n        }\n        var data = await res.json().catch(function() { return {}; });\n        if (msg) {\n          msg.textContent = (data && (data.message || data.error)) || 'Could not resend the verification email.';\n          msg.classList.add('show', 'error');\n        }\n        if (btn) {\n          btn.disabled = false;\n          btn.textContent = original;\n        }\n      } catch (err) {\n        if (msg) {\n          msg.textContent = 'Network error. Please try again.';\n          msg.classList.add('show', 'error');\n        }\n        if (btn) {\n          btn.disabled = false;\n          btn.textContent = original;\n        }\n      }\n    }\n    (function initActiveTab() {\n    var initial = 'signup';\n    try {\n      var params = new URLSearchParams(location.search);\n      var qp = params.get('tab');\n      if (qp === 'login' || qp === 'signup') {\n        initial = qp;\n      } else if (params.has('verified')) {\n        initial = 'login';\n      } else {\n        var stored = localStorage.getItem(TAB_STORAGE_KEY);\n        if (stored === 'login' || stored === 'signup') initial = stored;\n      }\n    } catch (e) {}\n    setActiveTab(initial, { persist: false });\n      try {\n        if (new URLSearchParams(location.search).has('verified')) {\n          var msg = document.getElementById('l-msg');\n          if (msg) {\n            msg.textContent = 'Email verified. Finishing sign-in...';\n            msg.classList.remove('error');\n            msg.classList.add('show', 'success');\n          }\n          checkVerificationSession('Email verified. Sign in to continue.');\n        }\n      } catch (e) {}\n    })();\n  tabs.forEach(function(t) { t.addEventListener('click', function() {\n    setActiveTab(t.dataset.tab, { persist: true });\n  }); });\n\n  document.getElementById('signup-form').addEventListener('submit', async function(e) {\n    e.preventDefault();\n    var form = e.currentTarget;\n    var btn = form.querySelector('button[type=\"submit\"]');\n    var msg = document.getElementById('s-msg');\n    msg.classList.remove('show', 'error', 'success');\n    var pass = document.getElementById('s-pass').value;\n    var pass2 = document.getElementById('s-pass2').value;\n    if (pass !== pass2) {\n      msg.textContent = 'Passwords do not match';\n      msg.classList.add('show', 'error');\n      return;\n    }\n    var originalLabel = btn.textContent;\n    btn.disabled = true;\n    btn.textContent = 'Creating account…';\n    try {\n      var email = document.getElementById('s-email').value;\n      var res = await fetch(__anPath('/_agent-native/auth/register'), {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/json' },\n          body: JSON.stringify({\n            email: email,\n            password: pass,\n            callbackURL: __anGetReturnPath(),\n          }),\n        });\n      var data = await res.json().catch(function() { return {}; });\n      if (res.ok) {\n        // If email verification is required, the server won't return a session.\n        // Try logging in — if it fails (unverified), show a \"check your email\" message.\n        var loginRes = await fetch(__anPath('/_agent-native/auth/login'), {\n          method: 'POST',\n          headers: { 'Content-Type': 'application/json' },\n          body: JSON.stringify({ email: email, password: pass }),\n        });\n        if (loginRes.ok) {\n          msg.textContent = 'Account created — signing you in…';\n          msg.classList.add('show', 'success');\n          window.location.reload();\n          return;\n        }\n          btn.disabled = false;\n          btn.textContent = originalLabel;\n          showVerificationStep(email);\n          return;\n        }\n      msg.textContent = data.error || 'Registration failed';\n      msg.classList.add('show', 'error');\n      btn.disabled = false;\n      btn.textContent = originalLabel;\n    } catch (err) {\n      msg.textContent = 'Network error — please try again';\n      msg.classList.add('show', 'error');\n      btn.disabled = false;\n      btn.textContent = originalLabel;\n    }\n    });\n\n    var verifyContinue = document.getElementById('verify-continue');\n    if (verifyContinue) verifyContinue.addEventListener('click', function(e) {\n      e.preventDefault();\n      checkVerificationSession();\n    });\n    var resendBtn = document.getElementById('resend-verification');\n    if (resendBtn) resendBtn.addEventListener('click', function(e) {\n      e.preventDefault();\n      resendVerificationEmail();\n    });\n    var backToSignup = document.getElementById('back-to-signup');\n    if (backToSignup) backToSignup.addEventListener('click', function(e) {\n      e.preventDefault();\n      setActiveTab('signup', { persist: true });\n      var email = document.getElementById('s-email');\n      setTimeout(function() { if (email) email.focus(); }, 0);\n    });\n\n    var forgotLink = document.getElementById('forgot-link');\n  var backToLogin = document.getElementById('back-to-login');\n  if (forgotLink) forgotLink.addEventListener('click', function(e) {\n    e.preventDefault();\n    document.getElementById('login-form').classList.remove('active');\n    document.getElementById('forgot-form').classList.add('active');\n    var sub = document.getElementById('subtitle');\n    if (sub) sub.textContent = 'Reset your password';\n    var heading = document.getElementById('heading');\n    if (heading) heading.textContent = 'Reset password';\n    var fEmail = document.getElementById('f-email');\n    var lEmail = document.getElementById('l-email');\n    if (lEmail && lEmail.value) fEmail.value = lEmail.value;\n    setTimeout(function() { fEmail.focus(); }, 0);\n  });\n  if (backToLogin) backToLogin.addEventListener('click', function(e) {\n    e.preventDefault();\n    document.getElementById('forgot-form').classList.remove('active');\n    document.getElementById('login-form').classList.add('active');\n    var sub = document.getElementById('subtitle');\n    if (sub) sub.textContent = subtitles.login;\n    var heading = document.getElementById('heading');\n    if (heading) heading.textContent = headings.login;\n  });\n\n  var forgotForm = document.getElementById('forgot-form');\n  if (forgotForm) forgotForm.addEventListener('submit', async function(e) {\n    e.preventDefault();\n    var btn = e.currentTarget.querySelector('button[type=\"submit\"]');\n    var msg = document.getElementById('f-msg');\n    msg.classList.remove('show', 'error', 'success');\n    var original = btn.textContent;\n    btn.disabled = true;\n    btn.textContent = 'Sending…';\n    try {\n      var email = document.getElementById('f-email').value;\n      var res = await fetch(__anPath('/_agent-native/auth/ba/request-password-reset'), {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/json' },\n        body: JSON.stringify({ email: email }),\n      });\n      if (res.ok) {\n        msg.textContent = 'If that email exists, a reset link is on its way.';\n        msg.classList.add('show', 'success');\n        btn.textContent = 'Sent';\n        return;\n      }\n      var data = await res.json().catch(function() { return {}; });\n      msg.textContent = (data && (data.message || data.error)) || 'Could not send reset email.';\n      msg.classList.add('show', 'error');\n      btn.disabled = false;\n      btn.textContent = original;\n    } catch (err) {\n      msg.textContent = 'Network error — please try again';\n      msg.classList.add('show', 'error');\n      btn.disabled = false;\n      btn.textContent = original;\n    }\n  });\n\n    document.getElementById('login-form').addEventListener('submit', async function(e) {\n    e.preventDefault();\n    var form = e.currentTarget;\n      var btn = form.querySelector('button[type=\"submit\"]');\n      var msg = document.getElementById('l-msg');\n      msg.classList.remove('show', 'success');\n      msg.classList.add('error');\n    var originalLabel = btn.textContent;\n    btn.disabled = true;\n    btn.textContent = 'Signing in…';\n    try {\n      var res = await fetch(__anPath('/_agent-native/auth/login'), {\n        method: 'POST',\n        headers: { 'Content-Type': 'application/json' },\n        body: JSON.stringify({\n          email: document.getElementById('l-email').value,\n          password: document.getElementById('l-pass').value,\n        }),\n      });\n      if (res.ok) {\n        window.location.reload();\n        return;\n      }\n      var data = await res.json().catch(function() { return {}; });\n      msg.textContent = data.error || 'Invalid email or password';\n      msg.classList.add('show');\n      btn.disabled = false;\n      btn.textContent = originalLabel;\n    } catch (err) {\n      msg.textContent = 'Network error — please try again';\n      msg.classList.add('show');\n      btn.disabled = false;\n      btn.textContent = originalLabel;\n    }\n  });\n`\n}\n${\n  showGoogle\n    ? `\n    async function signInWithGoogle() {\n    var btn = document.getElementById('google-btn');\n    var err = document.getElementById('google-err');\n    btn.disabled = true;\n    err.classList.remove('show');\n    try {\n      var ret = __anGetReturnPath();\n      var authUrl = __anPath('/_agent-native/google/auth-url') + '?return=' + encodeURIComponent(ret);\n      var res = await fetch(authUrl);\n      var data = await res.json();\n      if (data.url) {\n        try { sessionStorage.setItem('__an_signin', '1'); } catch(e) {}\n        window.location.href = data.url;\n      } else {\n        err.textContent = data.message || 'Google OAuth is not configured.';\n        err.classList.add('show');\n        btn.disabled = false;\n      }\n    } catch (e) {\n      err.textContent = 'Failed to connect. Please try again.';\n      err.classList.add('show');\n      btn.disabled = false;\n    }\n  }`\n    : \"\"\n}\n${starfieldScript}\n</script>\n</body>\n</html>`;\n}\n\n/** @deprecated Use getOnboardingHtml() instead */\nexport const ONBOARDING_HTML = getOnboardingHtml();\n\n/**\n * HTML for the password reset page — shown when the user clicks the link in\n * their reset email. Posts `{ newPassword, token }` to Better Auth's\n * `/reset-password` endpoint, then redirects to the login page.\n */\nexport function getResetPasswordHtml(): string {\n  return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\">\n<meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no\">\n<title>Reset password</title>\n<style>\n  *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }\n  body { font-family: -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif; background: #0a0a0a; color: #e5e5e5; display: flex; align-items: center; justify-content: center; min-height: 100vh; padding: 1rem; }\n  .card { width: 100%; max-width: 400px; padding: 2rem; background: #141414; border: 1px solid rgba(255,255,255,0.08); border-radius: 12px; }\n  h1 { font-size: 1.25rem; font-weight: 600; margin-bottom: 0.25rem; color: #fff; }\n  .subtitle { font-size: 0.8125rem; color: #888; margin-bottom: 1.5rem; }\n  label { display: block; font-size: 0.8125rem; color: #888; margin-bottom: 0.375rem; }\n  input { width: 100%; padding: 0.5rem 0.75rem; background: transparent; border: 1px solid rgba(255,255,255,0.12); border-radius: 6px; color: #e5e5e5; font-size: 0.875rem; outline: none; margin-bottom: 0.875rem; }\n  input:focus { border-color: rgba(255,255,255,0.3); box-shadow: 0 0 0 1px rgba(255,255,255,0.1); }\n  input::placeholder { color: #555; }\n  button[type=\"submit\"] { width: 100%; margin-top: 0.25rem; padding: 0.5rem; background: #fff; color: #000; border: none; border-radius: 6px; font-size: 0.875rem; font-weight: 500; cursor: pointer; }\n  button[type=\"submit\"]:hover { background: #e5e5e5; }\n  button[type=\"submit\"]:disabled { opacity: 0.5; cursor: not-allowed; }\n  .msg { margin-top: 0.75rem; font-size: 0.8125rem; display: none; }\n  .msg.error { color: #f87171; }\n  .msg.success { color: #4ade80; }\n  .msg.show { display: block; }\n  .back { display: inline-block; margin-top: 1rem; font-size: 0.75rem; color: #888; text-decoration: none; }\n  .back:hover { color: #bbb; }\n</style>\n</head>\n<body>\n<div class=\"card\">\n  <h1>Choose a new password</h1>\n  <p class=\"subtitle\">Set a new password for your account.</p>\n  <form id=\"reset-form\">\n    <label for=\"p1\">New password</label>\n    <input id=\"p1\" type=\"password\" autocomplete=\"new-password\" autofocus placeholder=\"At least 8 characters\" required minlength=\"8\" />\n    <label for=\"p2\">Confirm password</label>\n    <input id=\"p2\" type=\"password\" autocomplete=\"new-password\" placeholder=\"Confirm password\" required minlength=\"8\" />\n    <button type=\"submit\">Save new password</button>\n    <p class=\"msg\" id=\"msg\"></p>\n  </form>\n  <a class=\"back\" id=\"back-link\" href=\"/\">Back to sign in</a>\n</div>\n<script>\n  (function() {\n    // Derive the app's base path so apps mounted under a prefix\n    // (e.g. /mail, /calendar) get sent home instead of to the root domain.\n    var RESET_PATH = '/_agent-native/auth/reset';\n    var pathname = window.location.pathname;\n    var idx = pathname.indexOf(RESET_PATH);\n    var basePath = (idx >= 0 ? pathname.slice(0, idx) : '') || '';\n    var homeHref = basePath + '/';\n    var backLink = document.getElementById('back-link');\n    if (backLink) backLink.setAttribute('href', homeHref);\n    var params = new URLSearchParams(location.search);\n    var token = params.get('token') || '';\n    var msg = document.getElementById('msg');\n    if (!token) {\n      msg.textContent = 'Missing or invalid reset token. Request a new reset link.';\n      msg.classList.add('show', 'error');\n      document.getElementById('reset-form').style.display = 'none';\n      return;\n    }\n    document.getElementById('reset-form').addEventListener('submit', async function(e) {\n      e.preventDefault();\n      var btn = e.currentTarget.querySelector('button[type=\"submit\"]');\n      var p1 = document.getElementById('p1').value;\n      var p2 = document.getElementById('p2').value;\n      msg.classList.remove('show', 'error', 'success');\n      if (p1 !== p2) {\n        msg.textContent = 'Passwords do not match';\n        msg.classList.add('show', 'error');\n        return;\n      }\n      var original = btn.textContent;\n      btn.disabled = true;\n      btn.textContent = 'Saving…';\n      try {\n        var res = await fetch(basePath + '/_agent-native/auth/ba/reset-password', {\n          method: 'POST',\n          headers: { 'Content-Type': 'application/json' },\n          body: JSON.stringify({ newPassword: p1, token: token }),\n        });\n        if (res.ok) {\n          msg.textContent = 'Password updated — redirecting to sign in…';\n          msg.classList.add('show', 'success');\n          setTimeout(function() { window.location.href = homeHref; }, 1200);\n          return;\n        }\n        var data = await res.json().catch(function() { return {}; });\n        msg.textContent = (data && (data.message || data.error)) || 'Reset failed. The link may have expired — request a new one.';\n        msg.classList.add('show', 'error');\n        btn.disabled = false;\n        btn.textContent = original;\n      } catch (err) {\n        msg.textContent = 'Network error — please try again';\n        msg.classList.add('show', 'error');\n        btn.disabled = false;\n        btn.textContent = original;\n      }\n    });\n  })();\n</script>\n</body>\n</html>`;\n}\n"]}

package/dist/server/request-context.d.ts

@@ -32,11 +32,21 @@ export interface RequestContext {
     /**
      * True when this request is being processed by an integration-platform
      * webhook (Slack, Telegram, etc.) where the function timeout is the
-     * binding constraint (~26s on Netlify Pro). Code that calls slow remote
-     * APIs can use this to apply tighter budgets on this path while leaving
-     * normal agent-chat callers (5+ min budget) unaffected.
+     * binding constraint. Code that calls slow remote APIs can use this to apply
+     * tighter budgets on this path while leaving normal agent-chat callers
+     * (5+ min budget) unaffected.
      */
     isIntegrationCaller?: boolean;
+    /**
+     * Metadata for the currently-processing integration task. This lets tools
+     * that start long-running remote work persist a continuation that can update
+     * the originating platform thread after the current function budget ends.
+     */
+    integration?: {
+        taskId: string;
+        incoming: import("../integrations/types.js").IncomingMessage;
+        placeholderRef?: string;
+    };
     /**
      * Mutable per-request agent-run state. Populated by the agent-chat plugin
      * during a run; tool closures dereference it on each invocation.
@@ -97,6 +107,7 @@ export declare function getRequestTimezone(): string | undefined;
  * agent chat) should treat this as `false`.
  */
 export declare function isIntegrationCallerRequest(): boolean;
+export declare function getIntegrationRequestContext(): NonNullable<RequestContext["integration"]> | undefined;
 /**
  * Convenience: returns `{ userEmail, orgId }` from the active request context,
  * suitable for passing to `resolveCredential(key, ctx)`. Returns `null` when

package/dist/server/request-context.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"request-context.d.ts","sourceRoot":"","sources":["../../src/server/request-context.ts"],"names":[],"mappings":"AAmBA;;;;;;;;;;GAUG;AACH,MAAM,WAAW,iBAAiB;IAChC,wEAAwE;IACxE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,MAAM,CAAC,EAAE,OAAO,0BAA0B,EAAE,WAAW,CAAC;IACxD,yDAAyD;IACzD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;;OAMG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B;;;OAGG;IACH,GAAG,CAAC,EAAE,iBAAiB,CAAC;CACzB;AAYD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,EACrC,GAAG,EAAE,cAAc,EACnB,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,GACvB,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAEhB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,GAAG,SAAS,CAE9D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,GAAG,SAAS,CAIxD;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,IAAI,MAAM,GAAG,SAAS,CAIpD;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,GAAG,SAAS,CAIvD;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,IAAI,OAAO,CAEpD;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,IAAI;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,GAAG,IAAI,CAIP;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,IAAI,iBAAiB,GAAG,SAAS,CAIpE;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,IAAI,iBAAiB,GAAG,SAAS,CAKvE"}
+{"version":3,"file":"request-context.d.ts","sourceRoot":"","sources":["../../src/server/request-context.ts"],"names":[],"mappings":"AAmBA;;;;;;;;;;GAUG;AACH,MAAM,WAAW,iBAAiB;IAChC,wEAAwE;IACxE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,4DAA4D;IAC5D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6DAA6D;IAC7D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,8DAA8D;IAC9D,MAAM,CAAC,EAAE,OAAO,0BAA0B,EAAE,WAAW,CAAC;IACxD,yDAAyD;IACzD,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;;OAMG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B;;;;OAIG;IACH,WAAW,CAAC,EAAE;QACZ,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,OAAO,0BAA0B,EAAE,eAAe,CAAC;QAC7D,cAAc,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC;IACF;;;OAGG;IACH,GAAG,CAAC,EAAE,iBAAiB,CAAC;CACzB;AAYD;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,CAAC,EACrC,GAAG,EAAE,cAAc,EACnB,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,GACvB,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAEhB;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,IAAI,cAAc,GAAG,SAAS,CAE9D;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,GAAG,SAAS,CAIxD;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,IAAI,MAAM,GAAG,SAAS,CAIpD;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,GAAG,SAAS,CAIvD;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,IAAI,OAAO,CAEpD;AAED,wBAAgB,4BAA4B,IACxC,WAAW,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,GAC1C,SAAS,CAEZ;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,IAAI;IACtC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,GAAG,IAAI,CAIP;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,IAAI,iBAAiB,GAAG,SAAS,CAIpE;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,IAAI,iBAAiB,GAAG,SAAS,CAKvE"}

package/dist/server/request-context.js

@@ -99,6 +99,9 @@ export function getRequestTimezone() {
 export function isIntegrationCallerRequest() {
     return als.getStore()?.isIntegrationCaller === true;
 }
+export function getIntegrationRequestContext() {
+    return als.getStore()?.integration;
+}
 /**
  * Convenience: returns `{ userEmail, orgId }` from the active request context,
  * suitable for passing to `resolveCredential(key, ctx)`. Returns `null` when

package/dist/server/request-context.js.map

@@ -1 +1 @@
-{"version":3,"file":"request-context.js","sourceRoot":"","sources":["../../src/server/request-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAiDrD,MAAM,UAAU,GAAG,gCAAyC,CAAC;AAI7D,MAAM,SAAS,GAAG,UAAsC,CAAC;AACzD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;IAC3B,SAAS,CAAC,UAAU,CAAC,GAAG,IAAI,iBAAiB,EAAkB,CAAC;AAClE,CAAC;AACD,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAE,CAAC;AAEnC;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAmB,EACnB,EAAwB;IAExB,OAAO,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,GAAG,CAAC,QAAQ,EAAE,KAAK,SAAS,CAAC;AACtC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,SAAS,CAAC;IAChD,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AACtC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,KAAK,CAAC;IAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AAClC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,QAAQ,CAAC;IAC/C,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AACzC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO,GAAG,CAAC,QAAQ,EAAE,EAAE,mBAAmB,KAAK,IAAI,CAAC;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB;IAIlC,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,IAAI,EAAE,CAAC;AACzD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,OAAO,KAAK,CAAC,GAAG,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,CAAC,KAAK,CAAC,GAAG;QAAE,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;IAC/B,OAAO,KAAK,CAAC,GAAG,CAAC;AACnB,CAAC","sourcesContent":["/**\n * Per-request context using AsyncLocalStorage.\n *\n * Replaces the unsafe pattern of mutating `process.env.AGENT_USER_EMAIL` /\n * `process.env.AGENT_ORG_ID` on every request. On Node.js (Netlify, self-hosted)\n * concurrent requests would overwrite each other's env vars. AsyncLocalStorage\n * gives each async call-chain its own isolated context.\n *\n * Supported on all deployment targets:\n * - Node.js (native)\n * - Cloudflare Workers (via nodejs_compat flag)\n * - Deno Deploy (via node:async_hooks compat)\n *\n * For CLI scripts that run outside a request context, the getters fall back to\n * process.env so existing `AGENT_USER_EMAIL=x pnpm action foo` invocations\n * continue to work.\n */\nimport { AsyncLocalStorage } from \"node:async_hooks\";\n\n/**\n * Per-request agent-run state. Lives on `RequestContext.run` so the\n * agent-chat plugin can populate fields as the run progresses (owner,\n * resolved API key, system prompt, engine, model, threadId) without\n * mutating module-scope `let` bindings — those leak across concurrent\n * requests on a single Node.js process.\n *\n * Mutated in-place by `prepareRun`, `onEngineResolved`, `onRunStart` so\n * tool factory closures (automation, fetch, team, builder-browser) read\n * the live per-request value via `getRequestRunContext()`.\n */\nexport interface RequestRunContext {\n  /** Origin of the current request (used by the builder-browser tool). */\n  requestOrigin?: string;\n  /** Resolved owner email (set by prepareRun). */\n  owner?: string;\n  /** Owner's active Anthropic API key (set by prepareRun). */\n  userApiKey?: string;\n  /** Thread ID for the current run (set by onRunStart). */\n  threadId?: string;\n  /** System prompt actually sent to the model for this run. */\n  systemPrompt?: string;\n  /** Engine instance for this run (set by onEngineResolved). */\n  engine?: import(\"../agent/engine/types.js\").AgentEngine;\n  /** Model name for this run (set by onEngineResolved). */\n  model?: string;\n}\n\nexport interface RequestContext {\n  userEmail?: string;\n  orgId?: string;\n  timezone?: string;\n  /**\n   * True when this request is being processed by an integration-platform\n   * webhook (Slack, Telegram, etc.) where the function timeout is the\n   * binding constraint (~26s on Netlify Pro). Code that calls slow remote\n   * APIs can use this to apply tighter budgets on this path while leaving\n   * normal agent-chat callers (5+ min budget) unaffected.\n   */\n  isIntegrationCaller?: boolean;\n  /**\n   * Mutable per-request agent-run state. Populated by the agent-chat plugin\n   * during a run; tool closures dereference it on each invocation.\n   */\n  run?: RequestRunContext;\n}\n\nconst GLOBAL_KEY = \"__agentNativeRequestContextAls\" as const;\ntype GlobalWithRequestContext = typeof globalThis & {\n  [GLOBAL_KEY]?: AsyncLocalStorage<RequestContext>;\n};\nconst globalRef = globalThis as GlobalWithRequestContext;\nif (!globalRef[GLOBAL_KEY]) {\n  globalRef[GLOBAL_KEY] = new AsyncLocalStorage<RequestContext>();\n}\nconst als = globalRef[GLOBAL_KEY]!;\n\n/**\n * Run a callback within a per-request context. The context is available to all\n * async operations spawned from `fn` via `getRequestUserEmail()` / `getRequestOrgId()`.\n */\nexport function runWithRequestContext<T>(\n  ctx: RequestContext,\n  fn: () => T | Promise<T>,\n): T | Promise<T> {\n  return als.run(ctx, fn);\n}\n\n/**\n * Return the active request context, if this call chain is running under one.\n *\n * This is intentionally distinct from `getRequestUserEmail()`: callers that\n * have an active context with no authenticated user must not fall through to\n * process-wide CLI fallbacks such as `AGENT_USER_EMAIL` or \"latest session\".\n */\nexport function getRequestContext(): RequestContext | undefined {\n  return als.getStore();\n}\n\n/**\n * True when AsyncLocalStorage has an active context for this call chain.\n * Useful for helpers that support both HTTP requests and standalone CLI runs.\n */\nexport function hasRequestContext(): boolean {\n  return als.getStore() !== undefined;\n}\n\n/**\n * Get the current request's user email.\n *\n * - If a request context exists (HTTP/A2A path), returns its `userEmail` —\n *   even when that value is `undefined`. The env fallback MUST NOT fire here:\n *   a stale process-wide `AGENT_USER_EMAIL` from a CLI run or previous bug\n *   would leak into an unauthenticated A2A/API call (e.g. unsigned or API-key\n *   modes where `runWithRequestContext({ userEmail: undefined })` is used).\n * - Only when there is NO request context (CLI scripts) do we fall back to\n *   `process.env.AGENT_USER_EMAIL`.\n */\nexport function getRequestUserEmail(): string | undefined {\n  const store = als.getStore();\n  if (store !== undefined) return store.userEmail;\n  return process.env.AGENT_USER_EMAIL;\n}\n\n/**\n * Get the current request's org ID.\n *\n * Same store-aware semantics as `getRequestUserEmail()` — env fallback is\n * CLI-only, so a request that explicitly has no org doesn't inherit a stale\n * `process.env.AGENT_ORG_ID` from a prior request on the same Lambda instance.\n */\nexport function getRequestOrgId(): string | undefined {\n  const store = als.getStore();\n  if (store !== undefined) return store.orgId;\n  return process.env.AGENT_ORG_ID;\n}\n\n/**\n * Get the current request's IANA timezone (e.g. \"America/Los_Angeles\").\n * The UI sends this via the `x-user-timezone` header on every action call, and\n * the agent chat plugin propagates it into the request context so that\n * agent-initiated tool calls also see the user's timezone. Falls back to\n * `process.env.AGENT_USER_TIMEZONE` only for CLI scripts (no request context).\n */\nexport function getRequestTimezone(): string | undefined {\n  const store = als.getStore();\n  if (store !== undefined) return store.timezone;\n  return process.env.AGENT_USER_TIMEZONE;\n}\n\n/**\n * Returns true when this request is on an integration-platform path (Slack,\n * Telegram, etc.) — i.e. we're inside the integration plugin's processor\n * function and the platform's deliver-by deadline plus the host's function\n * timeout are the binding budget. Non-integration callers (CLI, normal\n * agent chat) should treat this as `false`.\n */\nexport function isIntegrationCallerRequest(): boolean {\n  return als.getStore()?.isIntegrationCaller === true;\n}\n\n/**\n * Convenience: returns `{ userEmail, orgId }` from the active request context,\n * suitable for passing to `resolveCredential(key, ctx)`. Returns `null` when\n * no user is associated with the call (e.g. an unauthenticated public route).\n *\n * For framework actions auto-mounted at `/_agent-native/actions/...` this is\n * always populated because action-routes wraps every invocation in\n * `runWithRequestContext`. For hand-written `/api/*` routes the calling code\n * is responsible for setting up the context (see `runWithRequestContext`).\n */\nexport function getCredentialContext(): {\n  userEmail: string;\n  orgId: string | null;\n} | null {\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) return null;\n  return { userEmail, orgId: getRequestOrgId() ?? null };\n}\n\n/**\n * Get the active request's mutable agent-run state. Returns `undefined` when\n * called outside an agent run (e.g. before `prepareRun` or in a non-agent\n * code path). Callers must tolerate the field absence; use the helper\n * `requireRequestRunContext()` if missing context is a programming error.\n */\nexport function getRequestRunContext(): RequestRunContext | undefined {\n  const store = als.getStore();\n  if (!store) return undefined;\n  return store.run;\n}\n\n/**\n * Ensure a `RequestRunContext` exists on the active request store and\n * return it. Used by the agent-chat handler to attach run state once it\n * starts processing a chat request. Returns `undefined` if there is no\n * active request store (caller should not be invoking this outside ALS).\n */\nexport function ensureRequestRunContext(): RequestRunContext | undefined {\n  const store = als.getStore();\n  if (!store) return undefined;\n  if (!store.run) store.run = {};\n  return store.run;\n}\n"]}
+{"version":3,"file":"request-context.js","sourceRoot":"","sources":["../../src/server/request-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AA2DrD,MAAM,UAAU,GAAG,gCAAyC,CAAC;AAI7D,MAAM,SAAS,GAAG,UAAsC,CAAC;AACzD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;IAC3B,SAAS,CAAC,UAAU,CAAC,GAAG,IAAI,iBAAiB,EAAkB,CAAC;AAClE,CAAC;AACD,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,CAAE,CAAC;AAEnC;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CACnC,GAAmB,EACnB,EAAwB;IAExB,OAAO,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,GAAG,CAAC,QAAQ,EAAE,KAAK,SAAS,CAAC;AACtC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB;IACjC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,SAAS,CAAC;IAChD,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AACtC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,KAAK,CAAC;IAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;AAClC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC,QAAQ,CAAC;IAC/C,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AACzC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B;IACxC,OAAO,GAAG,CAAC,QAAQ,EAAE,EAAE,mBAAmB,KAAK,IAAI,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,4BAA4B;IAG1C,OAAO,GAAG,CAAC,QAAQ,EAAE,EAAE,WAAW,CAAC;AACrC,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB;IAIlC,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAC;IAC5B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,eAAe,EAAE,IAAI,IAAI,EAAE,CAAC;AACzD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB;IAClC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,OAAO,KAAK,CAAC,GAAG,CAAC;AACnB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB;IACrC,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,IAAI,CAAC,KAAK,CAAC,GAAG;QAAE,KAAK,CAAC,GAAG,GAAG,EAAE,CAAC;IAC/B,OAAO,KAAK,CAAC,GAAG,CAAC;AACnB,CAAC","sourcesContent":["/**\n * Per-request context using AsyncLocalStorage.\n *\n * Replaces the unsafe pattern of mutating `process.env.AGENT_USER_EMAIL` /\n * `process.env.AGENT_ORG_ID` on every request. On Node.js (Netlify, self-hosted)\n * concurrent requests would overwrite each other's env vars. AsyncLocalStorage\n * gives each async call-chain its own isolated context.\n *\n * Supported on all deployment targets:\n * - Node.js (native)\n * - Cloudflare Workers (via nodejs_compat flag)\n * - Deno Deploy (via node:async_hooks compat)\n *\n * For CLI scripts that run outside a request context, the getters fall back to\n * process.env so existing `AGENT_USER_EMAIL=x pnpm action foo` invocations\n * continue to work.\n */\nimport { AsyncLocalStorage } from \"node:async_hooks\";\n\n/**\n * Per-request agent-run state. Lives on `RequestContext.run` so the\n * agent-chat plugin can populate fields as the run progresses (owner,\n * resolved API key, system prompt, engine, model, threadId) without\n * mutating module-scope `let` bindings — those leak across concurrent\n * requests on a single Node.js process.\n *\n * Mutated in-place by `prepareRun`, `onEngineResolved`, `onRunStart` so\n * tool factory closures (automation, fetch, team, builder-browser) read\n * the live per-request value via `getRequestRunContext()`.\n */\nexport interface RequestRunContext {\n  /** Origin of the current request (used by the builder-browser tool). */\n  requestOrigin?: string;\n  /** Resolved owner email (set by prepareRun). */\n  owner?: string;\n  /** Owner's active Anthropic API key (set by prepareRun). */\n  userApiKey?: string;\n  /** Thread ID for the current run (set by onRunStart). */\n  threadId?: string;\n  /** System prompt actually sent to the model for this run. */\n  systemPrompt?: string;\n  /** Engine instance for this run (set by onEngineResolved). */\n  engine?: import(\"../agent/engine/types.js\").AgentEngine;\n  /** Model name for this run (set by onEngineResolved). */\n  model?: string;\n}\n\nexport interface RequestContext {\n  userEmail?: string;\n  orgId?: string;\n  timezone?: string;\n  /**\n   * True when this request is being processed by an integration-platform\n   * webhook (Slack, Telegram, etc.) where the function timeout is the\n   * binding constraint. Code that calls slow remote APIs can use this to apply\n   * tighter budgets on this path while leaving normal agent-chat callers\n   * (5+ min budget) unaffected.\n   */\n  isIntegrationCaller?: boolean;\n  /**\n   * Metadata for the currently-processing integration task. This lets tools\n   * that start long-running remote work persist a continuation that can update\n   * the originating platform thread after the current function budget ends.\n   */\n  integration?: {\n    taskId: string;\n    incoming: import(\"../integrations/types.js\").IncomingMessage;\n    placeholderRef?: string;\n  };\n  /**\n   * Mutable per-request agent-run state. Populated by the agent-chat plugin\n   * during a run; tool closures dereference it on each invocation.\n   */\n  run?: RequestRunContext;\n}\n\nconst GLOBAL_KEY = \"__agentNativeRequestContextAls\" as const;\ntype GlobalWithRequestContext = typeof globalThis & {\n  [GLOBAL_KEY]?: AsyncLocalStorage<RequestContext>;\n};\nconst globalRef = globalThis as GlobalWithRequestContext;\nif (!globalRef[GLOBAL_KEY]) {\n  globalRef[GLOBAL_KEY] = new AsyncLocalStorage<RequestContext>();\n}\nconst als = globalRef[GLOBAL_KEY]!;\n\n/**\n * Run a callback within a per-request context. The context is available to all\n * async operations spawned from `fn` via `getRequestUserEmail()` / `getRequestOrgId()`.\n */\nexport function runWithRequestContext<T>(\n  ctx: RequestContext,\n  fn: () => T | Promise<T>,\n): T | Promise<T> {\n  return als.run(ctx, fn);\n}\n\n/**\n * Return the active request context, if this call chain is running under one.\n *\n * This is intentionally distinct from `getRequestUserEmail()`: callers that\n * have an active context with no authenticated user must not fall through to\n * process-wide CLI fallbacks such as `AGENT_USER_EMAIL` or \"latest session\".\n */\nexport function getRequestContext(): RequestContext | undefined {\n  return als.getStore();\n}\n\n/**\n * True when AsyncLocalStorage has an active context for this call chain.\n * Useful for helpers that support both HTTP requests and standalone CLI runs.\n */\nexport function hasRequestContext(): boolean {\n  return als.getStore() !== undefined;\n}\n\n/**\n * Get the current request's user email.\n *\n * - If a request context exists (HTTP/A2A path), returns its `userEmail` —\n *   even when that value is `undefined`. The env fallback MUST NOT fire here:\n *   a stale process-wide `AGENT_USER_EMAIL` from a CLI run or previous bug\n *   would leak into an unauthenticated A2A/API call (e.g. unsigned or API-key\n *   modes where `runWithRequestContext({ userEmail: undefined })` is used).\n * - Only when there is NO request context (CLI scripts) do we fall back to\n *   `process.env.AGENT_USER_EMAIL`.\n */\nexport function getRequestUserEmail(): string | undefined {\n  const store = als.getStore();\n  if (store !== undefined) return store.userEmail;\n  return process.env.AGENT_USER_EMAIL;\n}\n\n/**\n * Get the current request's org ID.\n *\n * Same store-aware semantics as `getRequestUserEmail()` — env fallback is\n * CLI-only, so a request that explicitly has no org doesn't inherit a stale\n * `process.env.AGENT_ORG_ID` from a prior request on the same Lambda instance.\n */\nexport function getRequestOrgId(): string | undefined {\n  const store = als.getStore();\n  if (store !== undefined) return store.orgId;\n  return process.env.AGENT_ORG_ID;\n}\n\n/**\n * Get the current request's IANA timezone (e.g. \"America/Los_Angeles\").\n * The UI sends this via the `x-user-timezone` header on every action call, and\n * the agent chat plugin propagates it into the request context so that\n * agent-initiated tool calls also see the user's timezone. Falls back to\n * `process.env.AGENT_USER_TIMEZONE` only for CLI scripts (no request context).\n */\nexport function getRequestTimezone(): string | undefined {\n  const store = als.getStore();\n  if (store !== undefined) return store.timezone;\n  return process.env.AGENT_USER_TIMEZONE;\n}\n\n/**\n * Returns true when this request is on an integration-platform path (Slack,\n * Telegram, etc.) — i.e. we're inside the integration plugin's processor\n * function and the platform's deliver-by deadline plus the host's function\n * timeout are the binding budget. Non-integration callers (CLI, normal\n * agent chat) should treat this as `false`.\n */\nexport function isIntegrationCallerRequest(): boolean {\n  return als.getStore()?.isIntegrationCaller === true;\n}\n\nexport function getIntegrationRequestContext():\n  | NonNullable<RequestContext[\"integration\"]>\n  | undefined {\n  return als.getStore()?.integration;\n}\n\n/**\n * Convenience: returns `{ userEmail, orgId }` from the active request context,\n * suitable for passing to `resolveCredential(key, ctx)`. Returns `null` when\n * no user is associated with the call (e.g. an unauthenticated public route).\n *\n * For framework actions auto-mounted at `/_agent-native/actions/...` this is\n * always populated because action-routes wraps every invocation in\n * `runWithRequestContext`. For hand-written `/api/*` routes the calling code\n * is responsible for setting up the context (see `runWithRequestContext`).\n */\nexport function getCredentialContext(): {\n  userEmail: string;\n  orgId: string | null;\n} | null {\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) return null;\n  return { userEmail, orgId: getRequestOrgId() ?? null };\n}\n\n/**\n * Get the active request's mutable agent-run state. Returns `undefined` when\n * called outside an agent run (e.g. before `prepareRun` or in a non-agent\n * code path). Callers must tolerate the field absence; use the helper\n * `requireRequestRunContext()` if missing context is a programming error.\n */\nexport function getRequestRunContext(): RequestRunContext | undefined {\n  const store = als.getStore();\n  if (!store) return undefined;\n  return store.run;\n}\n\n/**\n * Ensure a `RequestRunContext` exists on the active request store and\n * return it. Used by the agent-chat handler to attach run state once it\n * starts processing a chat request. Returns `undefined` if there is no\n * active request store (caller should not be invoking this outside ALS).\n */\nexport function ensureRequestRunContext(): RequestRunContext | undefined {\n  const store = als.getStore();\n  if (!store) return undefined;\n  if (!store.run) store.run = {};\n  return store.run;\n}\n"]}

package/dist/templates/default/_gitignore

@@ -40,3 +40,5 @@ data/.sessions.json
 
 # Learnings (personal preferences and memory — use learnings.defaults.md for tracked defaults)
 learnings.md
+
+.vercel/

package/dist/templates/workspace-core/AGENTS.md

@@ -1,78 +1,25 @@
-# {{APP_TITLE}} — Enterprise Agent Instructions
+# {{APP_TITLE}} Workspace Instructions
 
-These instructions apply to **every app** in the {{APP_TITLE}} workspace. The
-framework auto-injects this file into each app's agent system prompt as a
-`<resource name="AGENTS.md" scope="workspace">` block. Individual apps can
-add their own template-specific AGENTS.md on top.
+These instructions apply to every app in the {{APP_TITLE}} workspace. Keep
+only rules that should be shared across all apps here. App-specific behavior
+belongs in that app's own `AGENTS.md` or `.agents/skills/` directory.
 
-## Company context
+## Shared Context
 
-Write a short paragraph here describing your company and what you do. The
-agent reads this first so every response can be grounded in the same
-business context without you having to repeat it per app.
+Add company, product, compliance, or support-context notes that every app
+agent should know.
 
-## Shared conventions
+## Shared Conventions
 
-- **All cross-app state lives in the shared database.** Apps in this
-  workspace share `DATABASE_URL` by default, so a record created by one
-  app can be read by another as long as it respects the `owner_email` and
-  `org_id` scoping conventions.
-- **All API secrets come from scoped credential storage.** Never hardcode a
-  token or read `process.env` for user/org credentials in production. Call
-  `resolveCompanyCredential("KEY", { userEmail, orgId })` from
-  `@{{APP_NAME}}/core-module/credentials`, or omit the context only when the
-  current request/action already has agent-native request context. The helper
-  reads per-user credentials first and org-shared credentials second.
-- **UI chrome comes from the workspace core.** Wrap every screen in
-  `<AuthenticatedLayout>` from `@{{APP_NAME}}/core-module/client`. Don't
-  re-implement the brand header, sidebar, or org switcher per app.
-- **Design system.** If the app needs a button, dialog, or form control,
-  import from our internal design system package (if you have one) or
-  from the shared UI re-exports in `@{{APP_NAME}}/core-module/client`.
+- Put shared code in `packages/shared` only when multiple apps need it.
+- Keep app-specific screens, actions, state, and skills inside `apps/<app>`.
+- Store shared runtime configuration in the workspace root `.env`; use
+  `apps/<app>/.env` only for app-specific overrides.
+- Prefer framework defaults until the workspace has a real custom rule,
+  component, plugin, action, or skill to share.
 
-## Compliance and policy
+## Adding Apps
 
-List any enterprise-wide rules the agent must follow — data handling, PII
-guidelines, approval flows, deployment constraints. The agent will apply
-these to every decision it makes in every app.
-
-Example rules:
-
-- Never expose raw customer email addresses in logs.
-- Any action that modifies data must first be shown to the user with a
-  preview and wait for confirmation.
-- Never make network calls to anything outside `*.{{APP_NAME}}.com` or
-  the approved third-party allowlist.
-
-## How to add a new app
-
-```bash
-pnpm exec agent-native create <app-name> --template=starter
-```
-
-Run this from the workspace root. The CLI detects the workspace and creates
-`apps/<app-name>` with the workspace core module already connected. Use a
-different template when useful, for example `--template=analytics` or
-`--template=forms`.
-
-The workspace dev command is a gateway:
-
-```bash
-pnpm dev
-```
-
-It opens Dispatch at `/dispatch`, serves every app at `/<app-name>`, and
-auto-detects newly-created app directories. After creating an app, do not
-restart the dev server unless the gateway reports an error; wait for it to
-start the new app process, then open `/<app-name>`.
-
-The new app will automatically inherit:
-
-1. The workspace auth plugin (Better Auth + company SSO)
-2. The agent chat plugin with this AGENTS.md pre-loaded
-3. Every skill in `packages/core-module/skills/`
-4. Every action in `packages/core-module/actions/`
-5. The shared Tailwind preset and React components
-
-The only files the new app needs to own are its own routes/screens and any
-template-specific actions.
+Run `pnpm exec agent-native create <app-name> --template=starter` from the
+workspace root. The workspace dev gateway (`pnpm dev`) detects new
+`apps/<app-name>` directories automatically.

package/dist/templates/workspace-core/package.json

@@ -1,5 +1,5 @@
 {
-  "name": "@{{APP_NAME}}/core-module",
+  "name": "@{{APP_NAME}}/shared",
   "private": true,
   "version": "0.0.0",
   "type": "module",
@@ -18,19 +18,11 @@
       "types": "./src/client/index.ts",
       "development": "./src/client/index.ts",
       "default": "./dist/client/index.js"
-    },
-    "./credentials": {
-      "types": "./src/credentials.ts",
-      "development": "./src/credentials.ts",
-      "default": "./dist/credentials.js"
-    },
-    "./styles/tokens.css": "./styles/tokens.css"
+    }
   },
   "files": [
     "dist",
     "src",
-    "styles",
-    "actions",
     "AGENTS.md"
   ],
   "scripts": {
@@ -39,17 +31,7 @@
     "typecheck": "tsc --noEmit",
     "prepare": "tsc"
   },
-  "dependencies": {
-    "@agent-native/core": "latest",
-    "zod": "^4.3.6"
-  },
   "devDependencies": {
-    "@types/node": "^24.2.1",
-    "@types/react": "^19.2.14",
-    "react": "^19.2.5",
     "typescript": "^6.0.3"
-  },
-  "peerDependencies": {
-    "react": "^19.2.5"
   }
 }

package/dist/templates/workspace-core/src/client/index.ts

@@ -1,26 +1,2 @@
-/**
- * Client-side entry for @{{APP_NAME}}/core-module.
- *
- * This is where shared React components, hooks, and providers that EVERY
- * app in your workspace needs live. Think of it as the "app shell" layer
- * between the framework's primitives (@agent-native/core/client) and the
- * individual app's screens:
- *
- *   - Authenticated layouts (header / sidebar / footer with brand)
- *   - Org switchers wired to your company's org plugin
- *   - Common chrome: loading states, error boundaries, empty states
- *   - Wrappers around @agent-native/core components that apply your
- *     enterprise design tokens
- *
- * Apps import from here instead of re-implementing or copy-pasting:
- *
- *   import { AuthenticatedLayout } from "@{{APP_NAME}}/core-module/client";
- *
- * NOTE: This package does not ship shadcn/ui or a generic design system
- * by default. If you already have an internal `@{{APP_NAME}}/design-system`
- * package, add it as a dep here and re-export from this file. Otherwise
- * you can drop any shadcn components the apps share into `./ui/` and
- * export them from this index.
- */
-
-export { AuthenticatedLayout } from "./AuthenticatedLayout.js";
+// Export shared React components and hooks here when multiple apps need them.
+export {};

package/dist/templates/workspace-core/src/index.ts

@@ -1,21 +1 @@
-/**
- * @{{APP_NAME}}/core-module — enterprise-wide workspace core.
- *
- * Every agent-native app in this workspace inherits from this package:
- *   - Server plugins (auth, org, agent-chat) — see src/server
- *   - Shared React components and hooks — see src/client
- *   - Shared agent actions — see actions/
- *   - Shared agent skills — see skills/
- *   - Enterprise-wide agent instructions — see AGENTS.md
- *   - Shared Tailwind v4 design tokens — see styles/tokens.css
- *
- * Apps don't import from this root entry directly — they import from
- * the specific sub-path they need:
- *
- *   import { authPlugin } from "@{{APP_NAME}}/core-module/server";
- *   import { AuthenticatedLayout } from "@{{APP_NAME}}/core-module/client";
- *   import { resolveCompanyCredential } from "@{{APP_NAME}}/core-module/credentials";
- *
- * This root file is for package metadata only.
- */
-export const WORKSPACE_CORE_NAME = "@{{APP_NAME}}/core-module";
+export const WORKSPACE_SHARED_NAME = "@{{APP_NAME}}/shared";

package/dist/templates/workspace-core/src/server/index.ts

@@ -1,22 +1,3 @@
-/**
- * Server-side entry for @{{APP_NAME}}/core-module.
- *
- * Exports plugin overrides for any framework slot you want to customize
- * across every app in this workspace. The agent-native framework looks for
- * these exports by name when deciding what to auto-mount — see the "three
- * layer inheritance" section in the root README.
- *
- * Supported export names (any subset):
- *   - authPlugin            → overrides @agent-native/core's auth
- *   - orgPlugin             → overrides @agent-native/core's org
- *   - agentChatPlugin       → overrides @agent-native/core's agent-chat
- *   - coreRoutesPlugin      → overrides @agent-native/core's core-routes
- *   - integrationsPlugin    → overrides @agent-native/core's integrations
- *   - resourcesPlugin       → overrides @agent-native/core's resources
- *   - terminalPlugin        → overrides @agent-native/core's terminal
- *
- * Anything you don't export falls through to the framework default.
- */
-
-export { authPlugin } from "./auth-plugin.js";
-export { agentChatPlugin } from "./agent-chat-plugin.js";
+// Export workspace-wide server plugin overrides here when you need them.
+// Anything not exported falls through to @agent-native/core defaults.
+export {};

package/dist/templates/workspace-root/.prettierignore

@@ -0,0 +1,19 @@
+node_modules/
+.pnpm-store/
+pnpm-lock.yaml
+
+.netlify/
+.vercel/
+dist/
+build/
+
+apps/*/.agents/
+apps/*/.generated/
+apps/*/.netlify/
+apps/*/.output/
+apps/*/.react-router/
+apps/*/.vercel/
+apps/*/build/
+apps/*/dist/
+
+packages/*/dist/