@agent-native/core 0.7.23 → 0.7.24

package/dist/templates/workspace-root/scripts/workspace-dev.ts

@@ -1,377 +0,0 @@
-#!/usr/bin/env tsx
-import { spawn, type ChildProcess } from "node:child_process";
-import fs from "node:fs";
-import http from "node:http";
-import net from "node:net";
-import path from "node:path";
-
-interface WorkspaceApp {
-  id: string;
-  name: string;
-  dir: string;
-  port: number;
-  process?: ChildProcess;
-}
-
-const root = process.cwd();
-const appsDir = path.join(root, "apps");
-fs.mkdirSync(path.join(root, "data"), { recursive: true });
-const gatewayHost = process.env.WORKSPACE_HOST || "127.0.0.1";
-const requestedPort = Number(
-  process.env.WORKSPACE_PORT || process.env.PORT || 8080,
-);
-const appPortStart = Number(process.env.WORKSPACE_APP_PORT_START || 8100);
-const forceVite = process.env.WORKSPACE_VITE_FORCE === "1";
-let gatewayUrl = `http://${gatewayHost}:${requestedPort}`;
-
-function readJson(file: string): any {
-  try {
-    return JSON.parse(fs.readFileSync(file, "utf8"));
-  } catch {
-    return null;
-  }
-}
-
-function discoverApps(): WorkspaceApp[] {
-  if (!fs.existsSync(appsDir)) return [];
-  return fs
-    .readdirSync(appsDir, { withFileTypes: true })
-    .filter((entry) => entry.isDirectory())
-    .map((entry) => {
-      const dir = path.join(appsDir, entry.name);
-      const pkg = readJson(path.join(dir, "package.json"));
-      if (!pkg) return null;
-      return {
-        id: entry.name,
-        name: pkg.displayName || pkg.name || entry.name,
-        dir,
-        port: appPortStart,
-      } satisfies WorkspaceApp;
-    })
-    .filter((app): app is WorkspaceApp => !!app)
-    .sort((a, b) => {
-      if (a.id === "dispatch") return -1;
-      if (b.id === "dispatch") return 1;
-      return a.id.localeCompare(b.id);
-    })
-    .map((app, index) => ({ ...app, port: appPortStart + index }));
-}
-
-const apps = discoverApps();
-if (apps.length === 0) {
-  console.error("[workspace] No apps found under ./apps");
-  process.exit(1);
-}
-
-const appById = new Map(apps.map((app) => [app.id, app]));
-const defaultApp =
-  process.env.WORKSPACE_DEFAULT_APP &&
-  appById.has(process.env.WORKSPACE_DEFAULT_APP)
-    ? process.env.WORKSPACE_DEFAULT_APP
-    : appById.has("dispatch")
-      ? "dispatch"
-      : apps[0].id;
-
-function syncApps(): void {
-  const discovered = discoverApps();
-  for (const app of discovered) {
-    if (appById.has(app.id)) continue;
-    const usedPorts = new Set(apps.map((existing) => existing.port));
-    let port = appPortStart;
-    while (usedPorts.has(port)) port++;
-    const next = { ...app, port };
-    apps.push(next);
-    apps.sort((a, b) => {
-      if (a.id === "dispatch") return -1;
-      if (b.id === "dispatch") return 1;
-      return a.id.localeCompare(b.id);
-    });
-    appById.set(next.id, next);
-    console.log(`[workspace] Detected new app: /${next.id}`);
-    startApp(next);
-  }
-}
-
-let syncTimer: NodeJS.Timeout | undefined;
-function scheduleSync(): void {
-  if (syncTimer) clearTimeout(syncTimer);
-  syncTimer = setTimeout(syncApps, 400);
-}
-
-function firstPathSegment(url: string | undefined): string | null {
-  if (!url) return null;
-  try {
-    const parsed = new URL(url, "http://workspace.local");
-    const [segment] = parsed.pathname.split("/").filter(Boolean);
-    return segment || null;
-  } catch {
-    return null;
-  }
-}
-
-function appForRequest(req: http.IncomingMessage): WorkspaceApp | null {
-  const direct = firstPathSegment(req.url);
-  if (direct && appById.has(direct)) return appById.get(direct) ?? null;
-  const referer = req.headers.referer;
-  const fromReferer =
-    typeof referer === "string" ? firstPathSegment(referer) : null;
-  return fromReferer && appById.has(fromReferer)
-    ? (appById.get(fromReferer) ?? null)
-    : null;
-}
-
-function startApp(app: WorkspaceApp): void {
-  const basePath = `/${app.id}`;
-  const child = spawn(
-    "pnpm",
-    [
-      "--dir",
-      app.dir,
-      "exec",
-      "vite",
-      "--host",
-      "127.0.0.1",
-      "--port",
-      String(app.port),
-      "--strictPort",
-      ...(forceVite ? ["--force"] : []),
-    ],
-    {
-      cwd: root,
-      stdio: ["ignore", "pipe", "pipe"],
-      env: {
-        ...process.env,
-        APP_NAME: app.id,
-        APP_BASE_PATH: basePath,
-        VITE_APP_BASE_PATH: basePath,
-        PORT: String(app.port),
-        WORKSPACE_GATEWAY_URL: gatewayUrl,
-      },
-    },
-  );
-  app.process = child;
-
-  const prefix = `[${app.id}]`;
-  child.stdout?.on("data", (chunk) => {
-    process.stdout.write(
-      String(chunk)
-        .split(/\r?\n/)
-        .filter(Boolean)
-        .map((line) => `${prefix} ${line}`)
-        .join("\n") + "\n",
-    );
-  });
-  child.stderr?.on("data", (chunk) => {
-    process.stderr.write(
-      String(chunk)
-        .split(/\r?\n/)
-        .filter(Boolean)
-        .map((line) => `${prefix} ${line}`)
-        .join("\n") + "\n",
-    );
-  });
-  child.on("exit", (code) => {
-    if (code === 0 || shuttingDown) return;
-    console.error(`${prefix} exited with code ${code}`);
-  });
-}
-
-function renderIndex(): string {
-  return `<!doctype html>
-<html>
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <title>Agent-Native Workspace</title>
-    <style>
-      body { font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; margin: 0; padding: 32px; background: #fafafa; color: #171717; }
-      main { max-width: 760px; margin: 0 auto; }
-      a { color: inherit; text-decoration: none; }
-      .grid { display: grid; gap: 12px; margin-top: 20px; }
-      .card { display: flex; justify-content: space-between; border: 1px solid #d4d4d4; border-radius: 8px; padding: 14px 16px; background: white; }
-      .muted { color: #737373; }
-    </style>
-  </head>
-  <body>
-    <main>
-      <h1>Agent-Native Workspace</h1>
-      <p class="muted">Open an app below. Dispatch is the workspace control plane.</p>
-      <div class="grid">
-        ${apps
-          .map(
-            (app) =>
-              `<a class="card" href="/${app.id}"><strong>${app.name}</strong><span class="muted">/${app.id}</span></a>`,
-          )
-          .join("")}
-      </div>
-    </main>
-  </body>
-</html>`;
-}
-
-function proxyHttp(
-  app: WorkspaceApp,
-  req: http.IncomingMessage,
-  res: http.ServerResponse,
-): void {
-  const headers = { ...req.headers, host: `127.0.0.1:${app.port}` };
-  const proxyReq = http.request(
-    {
-      hostname: "127.0.0.1",
-      port: app.port,
-      method: req.method,
-      path: req.url,
-      headers,
-    },
-    (proxyRes) => {
-      res.writeHead(proxyRes.statusCode ?? 502, proxyRes.headers);
-      proxyRes.pipe(res);
-    },
-  );
-
-  proxyReq.on("error", (err) => {
-    res.writeHead(502, { "content-type": "text/plain" });
-    res.end(`App "${app.id}" is not ready yet: ${err.message}`);
-  });
-
-  req.pipe(proxyReq);
-}
-
-function proxyUpgrade(
-  app: WorkspaceApp,
-  req: http.IncomingMessage,
-  socket: net.Socket,
-  head: Buffer,
-): void {
-  const target = net.connect(app.port, "127.0.0.1", () => {
-    const headers = Object.entries({
-      ...req.headers,
-      host: `127.0.0.1:${app.port}`,
-    })
-      .flatMap(([key, value]) =>
-        Array.isArray(value)
-          ? value.map((item) => `${key}: ${item}`)
-          : [`${key}: ${value ?? ""}`],
-      )
-      .join("\r\n");
-    target.write(
-      `${req.method} ${req.url} HTTP/${req.httpVersion}\r\n${headers}\r\n\r\n`,
-    );
-    if (head.length) target.write(head);
-    socket.pipe(target).pipe(socket);
-  });
-
-  target.on("error", () => socket.destroy());
-}
-
-let shuttingDown = false;
-let workspaceStarted = false;
-
-function startWorkspaceProcesses(): void {
-  if (workspaceStarted) return;
-  workspaceStarted = true;
-  for (const app of apps) startApp(app);
-  try {
-    fs.watch(appsDir, { recursive: true }, scheduleSync);
-  } catch {
-    // Some platforms do not support recursive directory watches.
-  }
-  setInterval(syncApps, 2_000).unref();
-}
-
-function openBrowser(url: string): void {
-  if (process.env.WORKSPACE_NO_OPEN === "1") return;
-  const command =
-    process.platform === "darwin"
-      ? "open"
-      : process.platform === "win32"
-        ? "cmd"
-        : "xdg-open";
-  const args = process.platform === "win32" ? ["/c", "start", "", url] : [url];
-  const child = spawn(command, args, {
-    stdio: "ignore",
-    detached: true,
-  });
-  child.unref();
-}
-
-const server = http.createServer((req, res) => {
-  if (req.url === "/" || req.url === "/index.html") {
-    res.writeHead(302, { location: `/${defaultApp}` });
-    res.end();
-    return;
-  }
-
-  if (req.url === "/_workspace/apps") {
-    res.writeHead(200, { "content-type": "application/json" });
-    res.end(
-      JSON.stringify(
-        apps.map((app) => ({
-          id: app.id,
-          name: app.name,
-          path: `/${app.id}`,
-          port: app.port,
-        })),
-      ),
-    );
-    return;
-  }
-
-  const app = appForRequest(req);
-  if (!app) {
-    res.writeHead(404, { "content-type": "text/html" });
-    res.end(renderIndex());
-    return;
-  }
-  proxyHttp(app, req, res);
-});
-
-server.on("upgrade", (req, socket, head) => {
-  const app = appForRequest(req);
-  if (!app) {
-    socket.destroy();
-    return;
-  }
-  proxyUpgrade(app, req, socket, head);
-});
-
-function listen(port: number, attempts = 20): void {
-  server.once("error", (err: NodeJS.ErrnoException) => {
-    if (err.code === "EADDRINUSE" && attempts > 0) {
-      listen(port + 1, attempts - 1);
-      return;
-    }
-    console.error(`[workspace] Could not start gateway: ${err.message}`);
-    process.exit(1);
-  });
-  server.listen(port, gatewayHost, () => {
-    const address = server.address();
-    const actualPort =
-      typeof address === "object" && address ? address.port : port;
-    gatewayUrl = `http://${gatewayHost}:${actualPort}`;
-    console.log(`[workspace] Gateway: http://${gatewayHost}:${actualPort}`);
-    console.log(
-      `[workspace] Default: http://${gatewayHost}:${actualPort}/${defaultApp}`,
-    );
-    for (const app of apps) {
-      console.log(`[workspace] ${app.id}: /${app.id} -> 127.0.0.1:${app.port}`);
-    }
-    startWorkspaceProcesses();
-    openBrowser(`http://${gatewayHost}:${actualPort}/${defaultApp}`);
-  });
-}
-
-function shutdown(): void {
-  if (shuttingDown) return;
-  shuttingDown = true;
-  server.close();
-  for (const app of apps) {
-    app.process?.kill("SIGTERM");
-  }
-  setTimeout(() => process.exit(0), 300).unref();
-}
-
-process.on("SIGINT", shutdown);
-process.on("SIGTERM", shutdown);
-
-listen(requestedPort);

package/src/templates/default/.claude/settings.json

@@ -1,100 +0,0 @@
-{
-  "hooks": {
-    "UserPromptSubmit": [
-      {
-        "hooks": [
-          {
-            "type": "command",
-            "command": "pnpm action view-screen 2>/dev/null || echo '{\"view\": \"unknown\"}'",
-            "timeout": 10
-          }
-        ]
-      }
-    ]
-  },
-  "permissions": {
-    "allow": [
-      "Read",
-      "Edit",
-      "Write",
-      "Glob",
-      "Grep",
-      "NotebookEdit",
-      "WebFetch",
-      "WebSearch",
-      "Bash(ls *)",
-      "Bash(pwd)",
-      "Bash(echo *)",
-      "Bash(cat *)",
-      "Bash(head *)",
-      "Bash(tail *)",
-      "Bash(find *)",
-      "Bash(wc *)",
-      "Bash(sort *)",
-      "Bash(uniq *)",
-      "Bash(diff *)",
-      "Bash(which *)",
-      "Bash(env)",
-      "Bash(mkdir *)",
-      "Bash(cp *)",
-      "Bash(mv *)",
-      "Bash(touch *)",
-      "Bash(chmod *)",
-      "Bash(cd *)",
-      "Bash(node *)",
-      "Bash(npx *)",
-      "Bash(npm *)",
-      "Bash(pnpm *)",
-      "Bash(yarn *)",
-      "Bash(tsx *)",
-      "Bash(tsc *)",
-      "Bash(vitest *)",
-      "Bash(jest *)",
-      "Bash(eslint *)",
-      "Bash(prettier *)",
-      "Bash(git status*)",
-      "Bash(git log *)",
-      "Bash(git diff *)",
-      "Bash(git show *)",
-      "Bash(git branch*)",
-      "Bash(git add *)",
-      "Bash(git commit *)",
-      "Bash(git checkout *)",
-      "Bash(git switch *)",
-      "Bash(git stash *)",
-      "Bash(git merge *)",
-      "Bash(git rebase *)",
-      "Bash(git pull *)",
-      "Bash(git blame *)",
-      "Bash(git rev-parse *)",
-      "Bash(git worktree *)",
-      "Bash(git remote -v)",
-      "Bash(gh *)",
-      "Bash(curl *)",
-      "Bash(grep *)",
-      "Bash(rg *)",
-      "Bash(sed *)",
-      "Bash(awk *)",
-      "Bash(jq *)",
-      "Bash(rm *)"
-    ],
-    "deny": [
-      "Bash(rm -rf /)",
-      "Bash(rm -rf /*)",
-      "Bash(rm -rf ~)",
-      "Bash(rm -rf ~/*)",
-      "Bash(sudo *)",
-      "Bash(git push --force *)",
-      "Bash(git push -f *)",
-      "Bash(git reset --hard *)",
-      "Bash(git clean -f *)",
-      "Bash(dd *)",
-      "Bash(mkfs *)",
-      "Bash(kill -9 *)",
-      "Bash(killall *)",
-      "Bash(pkill *)",
-      "Bash(shutdown *)",
-      "Bash(reboot *)"
-    ]
-  }
-}

package/src/templates/workspace-core/.agents/skills/company-policies/SKILL.md

@@ -1,42 +0,0 @@
----
-name: company-policies
-description: {{APP_TITLE}}-wide policies the agent must enforce for every app — data handling, PII, approval flows, compliance rules.
----
-
-# {{APP_TITLE}} Company Policies
-
-Every app in the workspace shares these policies. Read this skill before
-taking any action that touches customer data, external services, or
-deployed state.
-
-## Data handling
-
-- **PII minimization.** Only load the fields you actually need. Never
-  `SELECT *` on a table that contains customer records.
-- **No raw customer email in logs.** Hash or redact before logging.
-- **Retention.** Deleted records are soft-deleted first and purged by a
-  scheduled job. Do not write actions that hard-delete customer data.
-
-## Third-party calls
-
-- **Allowlist only.** Only call domains on the approved allowlist
-  (documented in the root `README.md`). If an integration needs a new
-  domain, surface a warning and wait for human approval before making
-  the call.
-- **Secrets come from `resolveCompanyCredential`.** Never hardcode.
-  Never check secrets into git. Rotating a key in the central store
-  updates every app on the next request.
-
-## Approval flows
-
-- **Destructive operations need a confirmation preview.** Any action
-  that modifies production data must first return a preview of the
-  change (what will be created / updated / deleted) and wait for
-  explicit user confirmation before executing.
-
-## Apply across apps
-
-This skill is loaded automatically in every workspace app. If an
-individual app needs different behavior, it can add a same-named skill
-under its own `.agents/skills/company-policies/SKILL.md` and that copy
-will win for that app only.

package/src/templates/workspace-core/actions/company-directory.ts

@@ -1,38 +0,0 @@
-/**
- * Shared action: look up an employee in the company directory.
- *
- * Every app in the workspace inherits this action automatically — no
- * wiring required. From the agent's perspective it behaves exactly like
- * a template action: the tool shows up in every app's agent, and calling
- * it from the UI via `useActionQuery("company-directory", { ... })` Just
- * Works.
- *
- * Replace the stub implementation with a real call to your company
- * directory (SCIM, Okta Users API, internal /people endpoint, etc.).
- */
-import { z } from "zod";
-import { defineAction } from "@agent-native/core";
-
-export default defineAction({
-  description:
-    "Look up a person in the {{APP_TITLE}} company directory by name or email. Returns role, team, and manager.",
-  schema: z.object({
-    query: z.string().describe("Name, email, or partial match to search for"),
-  }),
-  run: async (args) => {
-    // TODO: replace with a real lookup. This stub just echoes the query
-    // so the agent has a reasonable no-op while you wire up the real
-    // directory integration.
-    return {
-      results: [
-        {
-          query: args.query,
-          name: "(stub) " + args.query,
-          role: "Unknown",
-          team: "Unknown",
-          manager: null,
-        },
-      ],
-    };
-  },
-});

package/src/templates/workspace-core/src/client/AuthenticatedLayout.tsx

@@ -1,37 +0,0 @@
-/**
- * Shared authenticated layout for every app in the @{{APP_NAME}} workspace.
- *
- * Provides the common chrome (brand header, user menu, agent chat sidebar)
- * so individual apps only have to render their own content. Replace this
- * with a real component that pulls in your design system. Every app
- * imports it the same way:
- *
- *   import { AuthenticatedLayout } from "@{{APP_NAME}}/core-module/client";
- *
- *   export default function Home() {
- *     return (
- *       <AuthenticatedLayout>
- *         <h1>My app's screen</h1>
- *       </AuthenticatedLayout>
- *     );
- *   }
- */
-import type { ReactNode } from "react";
-
-export interface AuthenticatedLayoutProps {
-  children: ReactNode;
-}
-
-// Workspace title — replaced at scaffold time by the create-workspace CLI.
-const WORKSPACE_TITLE = "{{APP_TITLE}}";
-
-export function AuthenticatedLayout({ children }: AuthenticatedLayoutProps) {
-  return (
-    <div className="min-h-screen flex flex-col">
-      <header className="border-b px-6 py-3">
-        <strong>{WORKSPACE_TITLE}</strong>
-      </header>
-      <main className="flex-1 p-6">{children}</main>
-    </div>
-  );
-}

package/src/templates/workspace-core/src/credentials.ts

@@ -1,67 +0,0 @@
-/**
- * Centralized credential helpers for the @{{APP_NAME}} workspace.
- *
- * Every enterprise has a few API keys that multiple apps need to share:
- * a Slack bot token, a Sentry DSN, an OpenAI key, internal service
- * credentials. Instead of each app reading them separately, we namespace
- * them here so there's a single place to update when a key rotates.
- *
- * Under the hood this is a thin wrapper over @agent-native/core's
- * `resolveCredential()`, which reads per-user / per-org rows in the
- * shared SQL settings table. Apps inside the workspace share the same
- * DATABASE_URL by default, so storing a credential once makes it
- * available everywhere.
- *
- * A request/action context is required so credentials stay scoped to the
- * correct user and organization. This helper can read that context
- * automatically inside agent-native actions; otherwise pass it explicitly.
- */
-import { resolveCredential } from "@agent-native/core/credentials";
-import {
-  getRequestOrgId,
-  getRequestUserEmail,
-} from "@agent-native/core/server";
-
-/**
- * Optional context for scoping a credential lookup to a specific user or org.
- */
-export interface CompanyCredentialContext {
-  userEmail?: string;
-  orgId?: string | null;
-}
-
-type ResolveCredentialFn = (
-  key: string,
-  ctx: CompanyCredentialContext,
-) => Promise<string | undefined>;
-
-/**
- * Resolve a company-wide credential. Prefer this over `resolveCredential()`
- * directly — it keeps your keys organized under a workspace namespace and
- * makes "where does this secret come from" greppable.
- *
- * Inside an agent-native action:
- *   const slackToken = await resolveCompanyCredential("SLACK_BOT_TOKEN");
- *
- * Outside request context:
- *   const slackToken = await resolveCompanyCredential("SLACK_BOT_TOKEN", {
- *     userEmail: session.email,
- *     orgId: session.orgId ?? null,
- *   });
- */
-export async function resolveCompanyCredential(
-  key: string,
-  ctx?: CompanyCredentialContext,
-): Promise<string | undefined> {
-  const effectiveCtx: CompanyCredentialContext = ctx?.userEmail
-    ? ctx
-    : {
-        userEmail: getRequestUserEmail() ?? undefined,
-        orgId: getRequestOrgId(),
-      };
-  if (!effectiveCtx.userEmail) return undefined;
-  return await (resolveCredential as ResolveCredentialFn)(key, {
-    userEmail: effectiveCtx.userEmail,
-    orgId: effectiveCtx.orgId ?? null,
-  });
-}

package/src/templates/workspace-core/src/server/agent-chat-plugin.ts

@@ -1,30 +0,0 @@
-/**
- * Workspace-wide agent-chat plugin for @{{APP_NAME}}/core-module.
- *
- * This mounts the framework's default agent-chat plugin so every app in
- * the workspace gets the same chat endpoint, mention providers, and
- * built-in tools. The ENTERPRISE-WIDE system prompt additions — things
- * the agent should know across every app — live in the workspace's
- * AGENTS.md file, which is loaded automatically into the prompt as a
- * `<resource scope="workspace">` block.
- *
- * Customize this wrapper when you need agent behavior that can't be
- * expressed in AGENTS.md — e.g. injecting enterprise-specific mention
- * providers, pre-loading a custom set of MCP servers, or rewriting
- * model choice based on your company's allowlist.
- */
-import { defaultAgentChatPlugin } from "@agent-native/core/server";
-
-export const agentChatPlugin = async (nitroApp: any): Promise<void> => {
-  await defaultAgentChatPlugin(nitroApp);
-
-  // Hook for enterprise customization:
-  //
-  //   const chat = createAgentChatPlugin({
-  //     systemPrompt: (base) => `${base}\n\nCompany policy: …`,
-  //     mentionProviders: {
-  //       people: async (query) => searchCompanyDirectory(query),
-  //     },
-  //   });
-  //   await chat(nitroApp);
-};