@agent-native/core 0.7.47 → 0.7.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/dist/a2a/response-text.d.ts +3 -0
  2. package/dist/a2a/response-text.d.ts.map +1 -0
  3. package/dist/a2a/response-text.js +29 -0
  4. package/dist/a2a/response-text.js.map +1 -0
  5. package/dist/cli/create.d.ts.map +1 -1
  6. package/dist/cli/create.js +4 -30
  7. package/dist/cli/create.js.map +1 -1
  8. package/dist/client/NewWorkspaceAppFlow.d.ts.map +1 -1
  9. package/dist/client/NewWorkspaceAppFlow.js +13 -4
  10. package/dist/client/NewWorkspaceAppFlow.js.map +1 -1
  11. package/dist/deploy/workspace-deploy.d.ts.map +1 -1
  12. package/dist/deploy/workspace-deploy.js +39 -2
  13. package/dist/deploy/workspace-deploy.js.map +1 -1
  14. package/dist/integrations/a2a-continuation-marker.d.ts +2 -0
  15. package/dist/integrations/a2a-continuation-marker.d.ts.map +1 -0
  16. package/dist/integrations/a2a-continuation-marker.js +2 -0
  17. package/dist/integrations/a2a-continuation-marker.js.map +1 -0
  18. package/dist/integrations/webhook-handler.d.ts.map +1 -1
  19. package/dist/integrations/webhook-handler.js +31 -41
  20. package/dist/integrations/webhook-handler.js.map +1 -1
  21. package/dist/scripts/call-agent.d.ts.map +1 -1
  22. package/dist/scripts/call-agent.js +2 -2
  23. package/dist/scripts/call-agent.js.map +1 -1
  24. package/dist/server/agent-chat-plugin.d.ts +8 -1
  25. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  26. package/dist/server/agent-chat-plugin.js +17 -10
  27. package/dist/server/agent-chat-plugin.js.map +1 -1
  28. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  29. package/dist/server/core-routes-plugin.js +2 -22
  30. package/dist/server/core-routes-plugin.js.map +1 -1
  31. package/dist/server/create-server.d.ts.map +1 -1
  32. package/dist/server/create-server.js +1 -13
  33. package/dist/server/create-server.js.map +1 -1
  34. package/dist/server/env-var-writes.d.ts +10 -0
  35. package/dist/server/env-var-writes.d.ts.map +1 -0
  36. package/dist/server/env-var-writes.js +18 -0
  37. package/dist/server/env-var-writes.js.map +1 -0
  38. package/dist/shared/index.d.ts +1 -0
  39. package/dist/shared/index.d.ts.map +1 -1
  40. package/dist/shared/index.js +1 -0
  41. package/dist/shared/index.js.map +1 -1
  42. package/dist/shared/workspace-app-id.d.ts +6 -0
  43. package/dist/shared/workspace-app-id.d.ts.map +1 -0
  44. package/dist/shared/workspace-app-id.js +45 -0
  45. package/dist/shared/workspace-app-id.js.map +1 -0
  46. package/docs/content/deployment.md +4 -0
  47. package/package.json +1 -1
package/dist/server/create-server.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"create-server.d.ts","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,YAAY,EAOb,MAAM,IAAI,CAAC;AAkBZ,MAAM,WAAW,YAAY;IAC3B,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAC;IACZ,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,oFAAoF;IACpF,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,gFAAgF;IAChF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC;IACvC,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qFAAqF;IACrF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mEAAmE;IACnE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uHAAuH;IACvH,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;CAC1B;AA0BD;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,GAC1C,OAAO,CAAC,IAAI,CAAC,CAoDf;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC;IAClC,MAAM,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;CACzC;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,OAAO,GAAE,mBAAwB,GAChC,kBAAkB,CAkMpB"}
1
+ {"version":3,"file":"create-server.d.ts","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,YAAY,EAOb,MAAM,IAAI,CAAC;AAMZ,MAAM,WAAW,YAAY;IAC3B,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAC;IACZ,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,2DAA2D;IAC3D,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,oFAAoF;IACpF,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,gFAAgF;IAChF,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC;IACvC,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,qFAAqF;IACrF,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,mEAAmE;IACnE,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,uHAAuH;IACvH,OAAO,CAAC,EAAE,YAAY,EAAE,CAAC;CAC1B;AA0BD;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,MAAM,EACf,IAAI,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,GAC1C,OAAO,CAAC,IAAI,CAAC,CAoDf;AAED,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC;IAClC,MAAM,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;CACzC;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAC1B,OAAO,GAAE,mBAAwB,GAChC,kBAAkB,CAkMpB"}
package/dist/server/create-server.js CHANGED
@@ -2,19 +2,7 @@ import { createApp, createRouter, defineEventHandler, getMethod, getRequestHeade
2
2
  import path from "path";
3
3
  import { agentEnv } from "../shared/agent-env.js";
4
4
  import { readBody } from "../server/h3-helpers.js";
5
- import { isDevEnvironment } from "./auth.js";
6
- import { isLocalDatabase } from "../db/client.js";
7
- /**
8
- * Mirror of `isEnvVarWriteAllowed` in core-routes-plugin.ts. See the comment
9
- * there — env vars are deployment-wide globals and writes from authenticated
10
- * users would let one tenant overwrite shared Stripe / OpenAI / Sentry keys
11
- * for every other tenant on shared-DB hosted templates.
12
- */
13
- function isEnvVarWriteAllowed() {
14
- if (process.env.AGENT_NATIVE_ALLOW_ENV_VAR_WRITES === "1")
15
- return true;
16
- return isDevEnvironment() && isLocalDatabase();
17
- }
5
+ import { isEnvVarWriteAllowed } from "./env-var-writes.js";
18
6
  /**
19
7
  * Parse a .env file into key-value pairs, preserving comments and empty lines for roundtrip.
20
8
  */
package/dist/server/create-server.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"create-server.js","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,GAElB,MAAM,IAAI,CAAC;AACZ,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD;;;;;GAKG;AACH,SAAS,oBAAoB;IAC3B,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACvE,OAAO,gBAAgB,EAAE,IAAI,eAAe,EAAE,CAAC;AACjD,CAAC;AA0BD;;GAEG;AACH,SAAS,YAAY,CAAC,OAAe;IACnC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAClD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,2BAA2B;QAC3B,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,IAA2C;IAE3C,gEAAgE;IAChE,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC;QAClC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,6BAA6B,GAAG,mDAAmD,CACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAE9B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE7D,iCAAiC;IACjC,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACrD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAChC,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;YAClC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,kBAAkB;IAClB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,0BAA0B;IAC1B,IAAI,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,IAAI,CAAC;IAE3C,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;IACjE,CAAC;AACH,CAAC;AAOD;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,UAA+B,EAAE;IAEjC,MAAM,GAAG,GAAG,SAAS,CAAC;QACpB,OAAO,CAAC,KAAK,EAAE,KAAK;YAClB,yFAAyF;YACzF,MAAM,GAAG,GAAG,KAA8B,CAAC;YAC3C,MAAM,IAAI,GAAG,GAAG,EAAE,IAAI,IAAK,GAAG,EAAE,KAA+B,EAAE,IAAI,CAAC;YACtE,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,cAAc;gBAAE,OAAO;YAC7D,IAAI,GAAG,EAAE,OAAO,KAAK,SAAS;gBAAE,OAAO;YACvC,OAAO,CAAC,KAAK,CACX,gCAAgC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,EAC5D,KAAK,CACN,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,kBAAkB;IAClB,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QAC3B,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;YACrD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClE,CAAC,CAAC,IAAI,CAAC;QACT,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;QAE3D;;;;;WAKG;QACH,MAAM,YAAY,GAChB,+DAA+D,CAAC;QAElE,GAAG,CAAC,GAAG,CACL,kBAAkB,CAAC,CAAC,KAAK,EAAE,EAAE;YAC3B,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAEhC;;;;;;;eAOG;YACH,IAAI,aAAa,GAAkB,IAAI,CAAC;YACxC,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChD,IAAI,aAAa,IAAI,cAAc,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBAC5D,aAAa,GAAG,aAAa,CAAC;gBAChC,CAAC;gBACD,8DAA8D;YAChE,CAAC;iBAAM,IAAI,aAAa,EAAE,CAAC;gBACzB,gEAAgE;gBAChE,gEAAgE;gBAChE,+CAA+C;gBAC/C,IAAI,YAAY,EAAE,CAAC;oBACjB,IAAI,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;wBACrC,aAAa,GAAG,aAAa,CAAC;oBAChC,CAAC;oBACD,mEAAmE;gBACrE,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG,aAAa,CAAC;gBAChC,CAAC;YACH,CAAC;YACD,oEAAoE;YACpE,kEAAkE;YAClE,mEAAmE;YAEnE,IAAI,aAAa,EAAE,CAAC;gBAClB,iBAAiB,CACf,KAAK,EACL,6BAA6B,EAC7B,aAAa,CACd,CAAC;gBACF,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;gBAC3C,6DAA6D;gBAC7D,8DAA8D;gBAC9D,4DAA4D;gBAC5D,8DAA8D;gBAC9D,iDAAiD;gBACjD,iBAAiB,CAAC,KAAK,EAAE,kCAAkC,EAAE,MAAM,CAAC,CAAC;YACvE,CAAC;iBAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC1B,kEAAkE;gBAClE,gEAAgE;gBAChE,2CAA2C;gBAC3C,iBAAiB,CAAC,KAAK,EAAE,6BAA6B,EAAE,GAAG,CAAC,CAAC;YAC/D,CAAC;YAED,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,wCAAwC,CACzC,CAAC;YACF,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,kFAAkF,CACnF,CAAC;YAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,kEAAkE;gBAClE,+DAA+D;gBAC/D,mEAAmE;gBACnE,iEAAiE;gBACjE,qEAAqE;gBACrE,IAAI,aAAa,IAAI,CAAC,aAAa,EAAE,CAAC;oBACpC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC7C,CAAC;gBACD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAC9B,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAEhB,eAAe;IACf,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,CACR,qBAAqB,EACrB,kBAAkB,CAAC,GAAG,EAAE;YACtB,MAAM,OAAO,GACX,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,MAAM,CAAC;YAC5D,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAEhC,MAAM,CAAC,GAAG,CACR,2BAA2B,EAC3B,kBAAkB,CAAC,GAAG,EAAE;YACtB,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC3B,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,KAAK;gBAC/B,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;gBAClC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC,CAAC,CAAC;QACN,CAAC,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,IAAI,CACT,yBAAyB,EACzB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,kEAAkE;YAClE,0DAA0D;YAC1D,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;gBAC5B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,KAAK,EACH,0JAA0J;iBAC7J,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,EAAE,IAAI,EAAE,GAAG,IAEhB,CAAC;YAEF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC9C,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;YAC1C,CAAC;YAED,6CAA6C;YAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;YACxD,CAAC;YAED,qBAAqB;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;YACjD,MAAM,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAEvC,oEAAoE;YACpE,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,QAAQ,EAAE,CAAC;gBACtC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;YAED,mDAAmD;YACnD,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAE3B,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;AACzB,CAAC","sourcesContent":["import {\n createApp,\n createRouter,\n defineEventHandler,\n getMethod,\n getRequestHeader,\n setResponseHeader,\n setResponseStatus,\n type H3Event,\n} from \"h3\";\nimport path from \"path\";\nimport { agentEnv } from \"../shared/agent-env.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { isDevEnvironment } from \"./auth.js\";\nimport { isLocalDatabase } from \"../db/client.js\";\n\n/**\n * Mirror of `isEnvVarWriteAllowed` in core-routes-plugin.ts. See the comment\n * there — env vars are deployment-wide globals and writes from authenticated\n * users would let one tenant overwrite shared Stripe / OpenAI / Sentry keys\n * for every other tenant on shared-DB hosted templates.\n */\nfunction isEnvVarWriteAllowed(): boolean {\n if (process.env.AGENT_NATIVE_ALLOW_ENV_VAR_WRITES === \"1\") return true;\n return isDevEnvironment() && isLocalDatabase();\n}\n\nexport interface EnvKeyConfig {\n /** Environment variable name (e.g. \"HUBSPOT_ACCESS_TOKEN\") */\n key: string;\n /** Human-readable label (e.g. \"HubSpot\") */\n label: string;\n /** Whether this key is required for the app to function */\n required?: boolean;\n /** Optional UI hint shown next to the field describing where to find this value. */\n helpText?: string;\n}\n\nexport interface CreateServerOptions {\n /** CORS options. Ignored (H3 handles CORS via middleware). Default: enabled. */\n cors?: Record<string, unknown> | false;\n /** JSON body parser limit. Kept for API compatibility (H3 uses readBody). */\n jsonLimit?: string;\n /** Custom ping message. Default: reads PING_MESSAGE env var, falls back to \"pong\" */\n pingMessage?: string;\n /** Disable the /_agent-native/ping health check. Default: false */\n disablePing?: boolean;\n /** Env key configuration for the settings UI. Enables /_agent-native/env-status and /_agent-native/env-vars routes. */\n envKeys?: EnvKeyConfig[];\n}\n\n/**\n * Parse a .env file into key-value pairs, preserving comments and empty lines for roundtrip.\n */\nfunction parseEnvFile(content: string): Map<string, string> {\n const vars = new Map<string, string>();\n for (const line of content.split(\"\\n\")) {\n const trimmed = line.trim();\n if (!trimmed || trimmed.startsWith(\"#\")) continue;\n const eqIndex = trimmed.indexOf(\"=\");\n if (eqIndex === -1) continue;\n const key = trimmed.slice(0, eqIndex).trim();\n let value = trimmed.slice(eqIndex + 1).trim();\n // Strip surrounding quotes\n if (\n (value.startsWith('\"') && value.endsWith('\"')) ||\n (value.startsWith(\"'\") && value.endsWith(\"'\"))\n ) {\n value = value.slice(1, -1);\n }\n vars.set(key, value);\n }\n return vars;\n}\n\n/**\n * Upsert vars into a .env file, preserving existing structure.\n */\nexport async function upsertEnvFile(\n envPath: string,\n vars: Array<{ key: string; value: string }>,\n): Promise<void> {\n // Sanitize: reject values that could inject additional env vars\n for (const { key, value } of vars) {\n if (/[\\n\\r\\0]/.test(value)) {\n throw new Error(\n `Invalid env var value for ${key}: must not contain newlines or control characters`,\n );\n }\n }\n\n const fs = await import(\"fs\");\n\n let content = \"\";\n try {\n content = fs.readFileSync(envPath, \"utf-8\");\n } catch {\n // File doesn't exist yet\n }\n\n const lines = content.split(\"\\n\");\n const remaining = new Map(vars.map((v) => [v.key, v.value]));\n\n // Update existing lines in place\n const updated = lines.map((line) => {\n const trimmed = line.trim();\n if (!trimmed || trimmed.startsWith(\"#\")) return line;\n const eqIndex = trimmed.indexOf(\"=\");\n if (eqIndex === -1) return line;\n const key = trimmed.slice(0, eqIndex).trim();\n if (remaining.has(key)) {\n const value = remaining.get(key)!;\n remaining.delete(key);\n return `${key}=${value}`;\n }\n return line;\n });\n\n // Append new vars\n for (const [key, value] of remaining) {\n updated.push(`${key}=${value}`);\n }\n\n // Ensure trailing newline\n let result = updated.join(\"\\n\");\n if (!result.endsWith(\"\\n\")) result += \"\\n\";\n\n try {\n fs.mkdirSync(path.dirname(envPath), { recursive: true });\n fs.writeFileSync(envPath, result);\n } catch {\n // Edge runtimes don't have writable filesystem — skip silently\n }\n}\n\nexport interface CreateServerResult {\n app: ReturnType<typeof createApp>;\n router: ReturnType<typeof createRouter>;\n}\n\n/**\n * Create a pre-configured H3 app with standard agent-native setup:\n * - CORS headers via middleware\n * - /_agent-native/ping health check\n * - /_agent-native/env-status and /_agent-native/env-vars (when envKeys is provided)\n *\n * Returns { app, router } — mount routes on `router`.\n */\nexport function createServer(\n options: CreateServerOptions = {},\n): CreateServerResult {\n const app = createApp({\n onError(error, event) {\n // Suppress connection-reset errors — client disconnected mid-request (tab close, reload)\n const err = error as NodeJS.ErrnoException;\n const code = err?.code || (err?.cause as NodeJS.ErrnoException)?.code;\n if (code === \"ECONNRESET\" || code === \"ECONNABORTED\") return;\n if (err?.message === \"aborted\") return;\n console.error(\n `[agent-native] Server error: ${event.method} ${event.path}`,\n error,\n );\n },\n });\n\n // CORS middleware\n if (options.cors !== false) {\n const allowedOrigins = process.env.CORS_ALLOWED_ORIGINS\n ? process.env.CORS_ALLOWED_ORIGINS.split(\",\").map((o) => o.trim())\n : null;\n const isProduction = process.env.NODE_ENV === \"production\";\n\n /**\n * Localhost-style origins that we treat as same-trust in development.\n * When CORS_ALLOWED_ORIGINS is unset we still allow these (desktop tray\n * windows on a sibling port, the docs site at localhost:5173, etc.) but\n * in production an unset allowlist means no cross-origin credentials.\n */\n const LOCALHOST_RE =\n /^https?:\\/\\/(localhost|127\\.0\\.0\\.1|tauri\\.localhost)(:\\d+)?$/;\n\n app.use(\n defineEventHandler((event) => {\n const requestOrigin = getRequestHeader(event, \"origin\");\n const method = getMethod(event);\n\n /**\n * Decide whether the requesting origin is allowed. We never fall back\n * to \"the first allowlist entry\" when the origin isn't in the list —\n * that previously sent `Access-Control-Allow-Origin: <other-origin>`\n * with credentials enabled to attacker-controlled origins, which was\n * permissive enough that some clients followed through with the\n * credentialed request.\n */\n let allowedOrigin: string | null = null;\n if (allowedOrigins && allowedOrigins.length > 0) {\n if (requestOrigin && allowedOrigins.includes(requestOrigin)) {\n allowedOrigin = requestOrigin;\n }\n // Origin not in the explicit allowlist — emit no ACAO header.\n } else if (requestOrigin) {\n // No allowlist configured. In production we refuse credentialed\n // cross-origin requests except from localhost (desktop tray app\n // dev usage); in dev we allow any origin echo.\n if (isProduction) {\n if (LOCALHOST_RE.test(requestOrigin)) {\n allowedOrigin = requestOrigin;\n }\n // else: production + no allowlist + non-localhost origin → no ACAO\n } else {\n allowedOrigin = requestOrigin;\n }\n }\n // No origin header at all (same-origin fetch, server-to-server) and\n // no allowlist → fall through with `*`-equivalent behaviour: omit\n // ACAO entirely and let the browser apply its same-origin default.\n\n if (allowedOrigin) {\n setResponseHeader(\n event,\n \"Access-Control-Allow-Origin\",\n allowedOrigin,\n );\n setResponseHeader(event, \"Vary\", \"Origin\");\n // A specific origin means we can honor credentialed requests\n // (fetch with `credentials: \"include\"` — used by desktop tray\n // apps that share a same-site cookie with the web app). The\n // wildcard `*` is spec-incompatible with credentials, so only\n // set this when we're echoing a concrete origin.\n setResponseHeader(event, \"Access-Control-Allow-Credentials\", \"true\");\n } else if (!requestOrigin) {\n // No origin header — preserve the legacy permissive behaviour for\n // tools/scripts that hit the API directly (no credentialed CORS\n // semantics apply when there's no Origin).\n setResponseHeader(event, \"Access-Control-Allow-Origin\", \"*\");\n }\n\n setResponseHeader(\n event,\n \"Access-Control-Allow-Methods\",\n \"GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS\",\n );\n setResponseHeader(\n event,\n \"Access-Control-Allow-Headers\",\n \"Content-Type,Authorization,X-Requested-With,X-Request-Source,X-Agent-Native-CSRF\",\n );\n\n if (method === \"OPTIONS\") {\n // Reject preflights from disallowed cross-origin callers. We only\n // 204 if either (a) there was no Origin header (same-origin or\n // direct script invocation) or (b) the origin was in the allowlist\n // / dev fallback above. Otherwise we 403 so the browser surfaces\n // a hard CORS failure rather than blindly retrying with credentials.\n if (requestOrigin && !allowedOrigin) {\n return new Response(null, { status: 403 });\n }\n return new Response(null, { status: 204 });\n }\n }),\n );\n }\n\n const router = createRouter();\n app.use(router);\n\n // Health check\n if (!options.disablePing) {\n router.get(\n \"/_agent-native/ping\",\n defineEventHandler(() => {\n const message =\n options.pingMessage ?? process.env.PING_MESSAGE ?? \"pong\";\n return { message };\n }),\n );\n }\n\n // Env key management routes\n if (options.envKeys) {\n const envKeys = options.envKeys;\n\n router.get(\n \"/_agent-native/env-status\",\n defineEventHandler(() => {\n return envKeys.map((cfg) => ({\n key: cfg.key,\n label: cfg.label,\n required: cfg.required ?? false,\n configured: !!process.env[cfg.key],\n ...(cfg.helpText ? { helpText: cfg.helpText } : {}),\n }));\n }),\n );\n\n router.post(\n \"/_agent-native/env-vars\",\n defineEventHandler(async (event: H3Event) => {\n // Env vars are deployment-wide globals — see isEnvVarWriteAllowed\n // above. Disable the endpoint on any multi-tenant deploy.\n if (!isEnvVarWriteAllowed()) {\n setResponseStatus(event, 403);\n return {\n error:\n \"env-vars endpoint disabled on multi-tenant deployments. Use saveCredential(key, value, { userEmail, orgId, scope: 'org' }) to store per-org credentials.\",\n };\n }\n\n const body = await readBody(event);\n const { vars } = body as {\n vars?: Array<{ key: string; value: string }>;\n };\n\n if (!Array.isArray(vars) || vars.length === 0) {\n setResponseStatus(event, 400);\n return { error: \"vars array required\" };\n }\n\n // Only allow keys that are in the env config\n const allowedKeys = new Set(envKeys.map((k) => k.key));\n const filtered = vars.filter((v) => allowedKeys.has(v.key));\n if (filtered.length === 0) {\n setResponseStatus(event, 400);\n return { error: \"No recognized env keys in request\" };\n }\n\n // Write to .env file\n const envPath = path.join(process.cwd(), \".env\");\n await upsertEnvFile(envPath, filtered);\n\n // Update process.env so the app picks up the new values immediately\n for (const { key, value } of filtered) {\n process.env[key] = value;\n }\n\n // Notify parent (Builder or frame) via postMessage\n agentEnv.setVars(filtered);\n\n return { saved: filtered.map((v) => v.key) };\n }),\n );\n }\n\n return { app, router };\n}\n"]}
1
+ {"version":3,"file":"create-server.js","sourceRoot":"","sources":["../../src/server/create-server.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,YAAY,EACZ,kBAAkB,EAClB,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,GAElB,MAAM,IAAI,CAAC;AACZ,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AA0B3D;;GAEG;AACH,SAAS,YAAY,CAAC,OAAe;IACnC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAClD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAC7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC9C,2BAA2B;QAC3B,IACE,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAC9C,CAAC;YACD,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACvB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAe,EACf,IAA2C;IAE3C,gEAAgE;IAChE,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,IAAI,EAAE,CAAC;QAClC,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,6BAA6B,GAAG,mDAAmD,CACpF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;IAE9B,IAAI,OAAO,GAAG,EAAE,CAAC;IACjB,IAAI,CAAC;QACH,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,yBAAyB;IAC3B,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE7D,iCAAiC;IACjC,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;QACjC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QACrD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAChC,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC;YAClC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACtB,OAAO,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC,CAAC,CAAC;IAEH,kBAAkB;IAClB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,SAAS,EAAE,CAAC;QACrC,OAAO,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,0BAA0B;IAC1B,IAAI,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,IAAI,CAAC;IAE3C,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzD,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,+DAA+D;IACjE,CAAC;AACH,CAAC;AAOD;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAC1B,UAA+B,EAAE;IAEjC,MAAM,GAAG,GAAG,SAAS,CAAC;QACpB,OAAO,CAAC,KAAK,EAAE,KAAK;YAClB,yFAAyF;YACzF,MAAM,GAAG,GAAG,KAA8B,CAAC;YAC3C,MAAM,IAAI,GAAG,GAAG,EAAE,IAAI,IAAK,GAAG,EAAE,KAA+B,EAAE,IAAI,CAAC;YACtE,IAAI,IAAI,KAAK,YAAY,IAAI,IAAI,KAAK,cAAc;gBAAE,OAAO;YAC7D,IAAI,GAAG,EAAE,OAAO,KAAK,SAAS;gBAAE,OAAO;YACvC,OAAO,CAAC,KAAK,CACX,gCAAgC,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,IAAI,EAAE,EAC5D,KAAK,CACN,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,kBAAkB;IAClB,IAAI,OAAO,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QAC3B,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;YACrD,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClE,CAAC,CAAC,IAAI,CAAC;QACT,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;QAE3D;;;;;WAKG;QACH,MAAM,YAAY,GAChB,+DAA+D,CAAC;QAElE,GAAG,CAAC,GAAG,CACL,kBAAkB,CAAC,CAAC,KAAK,EAAE,EAAE;YAC3B,MAAM,aAAa,GAAG,gBAAgB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;YACxD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAEhC;;;;;;;eAOG;YACH,IAAI,aAAa,GAAkB,IAAI,CAAC;YACxC,IAAI,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAChD,IAAI,aAAa,IAAI,cAAc,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;oBAC5D,aAAa,GAAG,aAAa,CAAC;gBAChC,CAAC;gBACD,8DAA8D;YAChE,CAAC;iBAAM,IAAI,aAAa,EAAE,CAAC;gBACzB,gEAAgE;gBAChE,gEAAgE;gBAChE,+CAA+C;gBAC/C,IAAI,YAAY,EAAE,CAAC;oBACjB,IAAI,YAAY,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC;wBACrC,aAAa,GAAG,aAAa,CAAC;oBAChC,CAAC;oBACD,mEAAmE;gBACrE,CAAC;qBAAM,CAAC;oBACN,aAAa,GAAG,aAAa,CAAC;gBAChC,CAAC;YACH,CAAC;YACD,oEAAoE;YACpE,kEAAkE;YAClE,mEAAmE;YAEnE,IAAI,aAAa,EAAE,CAAC;gBAClB,iBAAiB,CACf,KAAK,EACL,6BAA6B,EAC7B,aAAa,CACd,CAAC;gBACF,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;gBAC3C,6DAA6D;gBAC7D,8DAA8D;gBAC9D,4DAA4D;gBAC5D,8DAA8D;gBAC9D,iDAAiD;gBACjD,iBAAiB,CAAC,KAAK,EAAE,kCAAkC,EAAE,MAAM,CAAC,CAAC;YACvE,CAAC;iBAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC1B,kEAAkE;gBAClE,gEAAgE;gBAChE,2CAA2C;gBAC3C,iBAAiB,CAAC,KAAK,EAAE,6BAA6B,EAAE,GAAG,CAAC,CAAC;YAC/D,CAAC;YAED,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,wCAAwC,CACzC,CAAC;YACF,iBAAiB,CACf,KAAK,EACL,8BAA8B,EAC9B,kFAAkF,CACnF,CAAC;YAEF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,kEAAkE;gBAClE,+DAA+D;gBAC/D,mEAAmE;gBACnE,iEAAiE;gBACjE,qEAAqE;gBACrE,IAAI,aAAa,IAAI,CAAC,aAAa,EAAE,CAAC;oBACpC,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBAC7C,CAAC;gBACD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAC9B,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAEhB,eAAe;IACf,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;QACzB,MAAM,CAAC,GAAG,CACR,qBAAqB,EACrB,kBAAkB,CAAC,GAAG,EAAE;YACtB,MAAM,OAAO,GACX,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,MAAM,CAAC;YAC5D,OAAO,EAAE,OAAO,EAAE,CAAC;QACrB,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAEhC,MAAM,CAAC,GAAG,CACR,2BAA2B,EAC3B,kBAAkB,CAAC,GAAG,EAAE;YACtB,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBAC3B,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,KAAK,EAAE,GAAG,CAAC,KAAK;gBAChB,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,KAAK;gBAC/B,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;gBAClC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC,CAAC,CAAC;QACN,CAAC,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,IAAI,CACT,yBAAyB,EACzB,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,kEAAkE;YAClE,0DAA0D;YAC1D,IAAI,CAAC,oBAAoB,EAAE,EAAE,CAAC;gBAC5B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO;oBACL,KAAK,EACH,0JAA0J;iBAC7J,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,EAAE,IAAI,EAAE,GAAG,IAEhB,CAAC;YAEF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC9C,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;YAC1C,CAAC;YAED,6CAA6C;YAC7C,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC1B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;YACxD,CAAC;YAED,qBAAqB;YACrB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;YACjD,MAAM,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAEvC,oEAAoE;YACpE,KAAK,MAAM,EAAE,GAAG,EAAE,KAAK,EAAE,IAAI,QAAQ,EAAE,CAAC;gBACtC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAC3B,CAAC;YAED,mDAAmD;YACnD,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAE3B,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,CAAC,CAAC,CACH,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC;AACzB,CAAC","sourcesContent":["import {\n createApp,\n createRouter,\n defineEventHandler,\n getMethod,\n getRequestHeader,\n setResponseHeader,\n setResponseStatus,\n type H3Event,\n} from \"h3\";\nimport path from \"path\";\nimport { agentEnv } from \"../shared/agent-env.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport { isEnvVarWriteAllowed } from \"./env-var-writes.js\";\n\nexport interface EnvKeyConfig {\n /** Environment variable name (e.g. \"HUBSPOT_ACCESS_TOKEN\") */\n key: string;\n /** Human-readable label (e.g. \"HubSpot\") */\n label: string;\n /** Whether this key is required for the app to function */\n required?: boolean;\n /** Optional UI hint shown next to the field describing where to find this value. */\n helpText?: string;\n}\n\nexport interface CreateServerOptions {\n /** CORS options. Ignored (H3 handles CORS via middleware). Default: enabled. */\n cors?: Record<string, unknown> | false;\n /** JSON body parser limit. Kept for API compatibility (H3 uses readBody). */\n jsonLimit?: string;\n /** Custom ping message. Default: reads PING_MESSAGE env var, falls back to \"pong\" */\n pingMessage?: string;\n /** Disable the /_agent-native/ping health check. Default: false */\n disablePing?: boolean;\n /** Env key configuration for the settings UI. Enables /_agent-native/env-status and /_agent-native/env-vars routes. */\n envKeys?: EnvKeyConfig[];\n}\n\n/**\n * Parse a .env file into key-value pairs, preserving comments and empty lines for roundtrip.\n */\nfunction parseEnvFile(content: string): Map<string, string> {\n const vars = new Map<string, string>();\n for (const line of content.split(\"\\n\")) {\n const trimmed = line.trim();\n if (!trimmed || trimmed.startsWith(\"#\")) continue;\n const eqIndex = trimmed.indexOf(\"=\");\n if (eqIndex === -1) continue;\n const key = trimmed.slice(0, eqIndex).trim();\n let value = trimmed.slice(eqIndex + 1).trim();\n // Strip surrounding quotes\n if (\n (value.startsWith('\"') && value.endsWith('\"')) ||\n (value.startsWith(\"'\") && value.endsWith(\"'\"))\n ) {\n value = value.slice(1, -1);\n }\n vars.set(key, value);\n }\n return vars;\n}\n\n/**\n * Upsert vars into a .env file, preserving existing structure.\n */\nexport async function upsertEnvFile(\n envPath: string,\n vars: Array<{ key: string; value: string }>,\n): Promise<void> {\n // Sanitize: reject values that could inject additional env vars\n for (const { key, value } of vars) {\n if (/[\\n\\r\\0]/.test(value)) {\n throw new Error(\n `Invalid env var value for ${key}: must not contain newlines or control characters`,\n );\n }\n }\n\n const fs = await import(\"fs\");\n\n let content = \"\";\n try {\n content = fs.readFileSync(envPath, \"utf-8\");\n } catch {\n // File doesn't exist yet\n }\n\n const lines = content.split(\"\\n\");\n const remaining = new Map(vars.map((v) => [v.key, v.value]));\n\n // Update existing lines in place\n const updated = lines.map((line) => {\n const trimmed = line.trim();\n if (!trimmed || trimmed.startsWith(\"#\")) return line;\n const eqIndex = trimmed.indexOf(\"=\");\n if (eqIndex === -1) return line;\n const key = trimmed.slice(0, eqIndex).trim();\n if (remaining.has(key)) {\n const value = remaining.get(key)!;\n remaining.delete(key);\n return `${key}=${value}`;\n }\n return line;\n });\n\n // Append new vars\n for (const [key, value] of remaining) {\n updated.push(`${key}=${value}`);\n }\n\n // Ensure trailing newline\n let result = updated.join(\"\\n\");\n if (!result.endsWith(\"\\n\")) result += \"\\n\";\n\n try {\n fs.mkdirSync(path.dirname(envPath), { recursive: true });\n fs.writeFileSync(envPath, result);\n } catch {\n // Edge runtimes don't have writable filesystem — skip silently\n }\n}\n\nexport interface CreateServerResult {\n app: ReturnType<typeof createApp>;\n router: ReturnType<typeof createRouter>;\n}\n\n/**\n * Create a pre-configured H3 app with standard agent-native setup:\n * - CORS headers via middleware\n * - /_agent-native/ping health check\n * - /_agent-native/env-status and /_agent-native/env-vars (when envKeys is provided)\n *\n * Returns { app, router } — mount routes on `router`.\n */\nexport function createServer(\n options: CreateServerOptions = {},\n): CreateServerResult {\n const app = createApp({\n onError(error, event) {\n // Suppress connection-reset errors — client disconnected mid-request (tab close, reload)\n const err = error as NodeJS.ErrnoException;\n const code = err?.code || (err?.cause as NodeJS.ErrnoException)?.code;\n if (code === \"ECONNRESET\" || code === \"ECONNABORTED\") return;\n if (err?.message === \"aborted\") return;\n console.error(\n `[agent-native] Server error: ${event.method} ${event.path}`,\n error,\n );\n },\n });\n\n // CORS middleware\n if (options.cors !== false) {\n const allowedOrigins = process.env.CORS_ALLOWED_ORIGINS\n ? process.env.CORS_ALLOWED_ORIGINS.split(\",\").map((o) => o.trim())\n : null;\n const isProduction = process.env.NODE_ENV === \"production\";\n\n /**\n * Localhost-style origins that we treat as same-trust in development.\n * When CORS_ALLOWED_ORIGINS is unset we still allow these (desktop tray\n * windows on a sibling port, the docs site at localhost:5173, etc.) but\n * in production an unset allowlist means no cross-origin credentials.\n */\n const LOCALHOST_RE =\n /^https?:\\/\\/(localhost|127\\.0\\.0\\.1|tauri\\.localhost)(:\\d+)?$/;\n\n app.use(\n defineEventHandler((event) => {\n const requestOrigin = getRequestHeader(event, \"origin\");\n const method = getMethod(event);\n\n /**\n * Decide whether the requesting origin is allowed. We never fall back\n * to \"the first allowlist entry\" when the origin isn't in the list —\n * that previously sent `Access-Control-Allow-Origin: <other-origin>`\n * with credentials enabled to attacker-controlled origins, which was\n * permissive enough that some clients followed through with the\n * credentialed request.\n */\n let allowedOrigin: string | null = null;\n if (allowedOrigins && allowedOrigins.length > 0) {\n if (requestOrigin && allowedOrigins.includes(requestOrigin)) {\n allowedOrigin = requestOrigin;\n }\n // Origin not in the explicit allowlist — emit no ACAO header.\n } else if (requestOrigin) {\n // No allowlist configured. In production we refuse credentialed\n // cross-origin requests except from localhost (desktop tray app\n // dev usage); in dev we allow any origin echo.\n if (isProduction) {\n if (LOCALHOST_RE.test(requestOrigin)) {\n allowedOrigin = requestOrigin;\n }\n // else: production + no allowlist + non-localhost origin → no ACAO\n } else {\n allowedOrigin = requestOrigin;\n }\n }\n // No origin header at all (same-origin fetch, server-to-server) and\n // no allowlist → fall through with `*`-equivalent behaviour: omit\n // ACAO entirely and let the browser apply its same-origin default.\n\n if (allowedOrigin) {\n setResponseHeader(\n event,\n \"Access-Control-Allow-Origin\",\n allowedOrigin,\n );\n setResponseHeader(event, \"Vary\", \"Origin\");\n // A specific origin means we can honor credentialed requests\n // (fetch with `credentials: \"include\"` — used by desktop tray\n // apps that share a same-site cookie with the web app). The\n // wildcard `*` is spec-incompatible with credentials, so only\n // set this when we're echoing a concrete origin.\n setResponseHeader(event, \"Access-Control-Allow-Credentials\", \"true\");\n } else if (!requestOrigin) {\n // No origin header — preserve the legacy permissive behaviour for\n // tools/scripts that hit the API directly (no credentialed CORS\n // semantics apply when there's no Origin).\n setResponseHeader(event, \"Access-Control-Allow-Origin\", \"*\");\n }\n\n setResponseHeader(\n event,\n \"Access-Control-Allow-Methods\",\n \"GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS\",\n );\n setResponseHeader(\n event,\n \"Access-Control-Allow-Headers\",\n \"Content-Type,Authorization,X-Requested-With,X-Request-Source,X-Agent-Native-CSRF\",\n );\n\n if (method === \"OPTIONS\") {\n // Reject preflights from disallowed cross-origin callers. We only\n // 204 if either (a) there was no Origin header (same-origin or\n // direct script invocation) or (b) the origin was in the allowlist\n // / dev fallback above. Otherwise we 403 so the browser surfaces\n // a hard CORS failure rather than blindly retrying with credentials.\n if (requestOrigin && !allowedOrigin) {\n return new Response(null, { status: 403 });\n }\n return new Response(null, { status: 204 });\n }\n }),\n );\n }\n\n const router = createRouter();\n app.use(router);\n\n // Health check\n if (!options.disablePing) {\n router.get(\n \"/_agent-native/ping\",\n defineEventHandler(() => {\n const message =\n options.pingMessage ?? process.env.PING_MESSAGE ?? \"pong\";\n return { message };\n }),\n );\n }\n\n // Env key management routes\n if (options.envKeys) {\n const envKeys = options.envKeys;\n\n router.get(\n \"/_agent-native/env-status\",\n defineEventHandler(() => {\n return envKeys.map((cfg) => ({\n key: cfg.key,\n label: cfg.label,\n required: cfg.required ?? false,\n configured: !!process.env[cfg.key],\n ...(cfg.helpText ? { helpText: cfg.helpText } : {}),\n }));\n }),\n );\n\n router.post(\n \"/_agent-native/env-vars\",\n defineEventHandler(async (event: H3Event) => {\n // Env vars are deployment-wide globals — see isEnvVarWriteAllowed\n // above. Disable the endpoint on any multi-tenant deploy.\n if (!isEnvVarWriteAllowed()) {\n setResponseStatus(event, 403);\n return {\n error:\n \"env-vars endpoint disabled on multi-tenant deployments. Use saveCredential(key, value, { userEmail, orgId, scope: 'org' }) to store per-org credentials.\",\n };\n }\n\n const body = await readBody(event);\n const { vars } = body as {\n vars?: Array<{ key: string; value: string }>;\n };\n\n if (!Array.isArray(vars) || vars.length === 0) {\n setResponseStatus(event, 400);\n return { error: \"vars array required\" };\n }\n\n // Only allow keys that are in the env config\n const allowedKeys = new Set(envKeys.map((k) => k.key));\n const filtered = vars.filter((v) => allowedKeys.has(v.key));\n if (filtered.length === 0) {\n setResponseStatus(event, 400);\n return { error: \"No recognized env keys in request\" };\n }\n\n // Write to .env file\n const envPath = path.join(process.cwd(), \".env\");\n await upsertEnvFile(envPath, filtered);\n\n // Update process.env so the app picks up the new values immediately\n for (const { key, value } of filtered) {\n process.env[key] = value;\n }\n\n // Notify parent (Builder or frame) via postMessage\n agentEnv.setVars(filtered);\n\n return { saved: filtered.map((v) => v.key) };\n }),\n );\n }\n\n return { app, router };\n}\n"]}
package/dist/server/env-var-writes.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ /**
2
+ * Whether deployment-wide `process.env` writes (and .env file writes) are safe.
3
+ *
4
+ * Production never allows request-time env writes, even with the escape hatch.
5
+ * Env vars are deployment-wide globals and one tenant could otherwise
6
+ * overwrite shared keys for every other tenant. Per-user/org credentials
7
+ * should use `app_secrets` instead.
8
+ */
9
+ export declare function isEnvVarWriteAllowed(): boolean;
10
+ //# sourceMappingURL=env-var-writes.d.ts.map
package/dist/server/env-var-writes.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"env-var-writes.d.ts","sourceRoot":"","sources":["../../src/server/env-var-writes.ts"],"names":[],"mappings":"AAGA;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,IAAI,OAAO,CAI9C"}
package/dist/server/env-var-writes.js ADDED
@@ -0,0 +1,18 @@
1
+ import { isLocalDatabase } from "../db/client.js";
2
+ import { isDevEnvironment } from "./auth.js";
3
+ /**
4
+ * Whether deployment-wide `process.env` writes (and .env file writes) are safe.
5
+ *
6
+ * Production never allows request-time env writes, even with the escape hatch.
7
+ * Env vars are deployment-wide globals and one tenant could otherwise
8
+ * overwrite shared keys for every other tenant. Per-user/org credentials
9
+ * should use `app_secrets` instead.
10
+ */
11
+ export function isEnvVarWriteAllowed() {
12
+ if (process.env.NODE_ENV === "production")
13
+ return false;
14
+ if (process.env.AGENT_NATIVE_ALLOW_ENV_VAR_WRITES === "1")
15
+ return true;
16
+ return isDevEnvironment() && isLocalDatabase();
17
+ }
18
+ //# sourceMappingURL=env-var-writes.js.map
package/dist/server/env-var-writes.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"env-var-writes.js","sourceRoot":"","sources":["../../src/server/env-var-writes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB;IAClC,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IACxD,IAAI,OAAO,CAAC,GAAG,CAAC,iCAAiC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACvE,OAAO,gBAAgB,EAAE,IAAI,eAAe,EAAE,CAAC;AACjD,CAAC","sourcesContent":["import { isLocalDatabase } from \"../db/client.js\";\nimport { isDevEnvironment } from \"./auth.js\";\n\n/**\n * Whether deployment-wide `process.env` writes (and .env file writes) are safe.\n *\n * Production never allows request-time env writes, even with the escape hatch.\n * Env vars are deployment-wide globals and one tenant could otherwise\n * overwrite shared keys for every other tenant. Per-user/org credentials\n * should use `app_secrets` instead.\n */\nexport function isEnvVarWriteAllowed(): boolean {\n if (process.env.NODE_ENV === \"production\") return false;\n if (process.env.AGENT_NATIVE_ALLOW_ENV_VAR_WRITES === \"1\") return true;\n return isDevEnvironment() && isLocalDatabase();\n}\n"]}
package/dist/shared/index.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  export { agentChat, type AgentChatMessage, type AgentChatCallOptions, type AgentChatResponse, } from "./agent-chat.js";
2
2
  export { agentEnv, type EnvVar } from "./agent-env.js";
3
3
  export { truncate } from "./truncate.js";
4
+ export { DISPATCH_WORKSPACE_ROOT_REDIRECTS, RESERVED_WORKSPACE_APP_IDS, assertValidWorkspaceAppId, getWorkspaceAppIdValidationError, isValidWorkspaceAppIdFormat, } from "./workspace-app-id.js";
4
5
  //# sourceMappingURL=index.d.ts.map
package/dist/shared/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/shared/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,GACvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,QAAQ,EAAE,KAAK,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/shared/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,EACT,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,GACvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,QAAQ,EAAE,KAAK,MAAM,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EACL,iCAAiC,EACjC,0BAA0B,EAC1B,yBAAyB,EACzB,gCAAgC,EAChC,2BAA2B,GAC5B,MAAM,uBAAuB,CAAC"}
package/dist/shared/index.js CHANGED
@@ -1,4 +1,5 @@
1
1
  export { agentChat, } from "./agent-chat.js";
2
2
  export { agentEnv } from "./agent-env.js";
3
3
  export { truncate } from "./truncate.js";
4
+ export { DISPATCH_WORKSPACE_ROOT_REDIRECTS, RESERVED_WORKSPACE_APP_IDS, assertValidWorkspaceAppId, getWorkspaceAppIdValidationError, isValidWorkspaceAppIdFormat, } from "./workspace-app-id.js";
4
5
  //# sourceMappingURL=index.js.map
package/dist/shared/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/shared/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,GAIV,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,QAAQ,EAAe,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC","sourcesContent":["export {\n agentChat,\n type AgentChatMessage,\n type AgentChatCallOptions,\n type AgentChatResponse,\n} from \"./agent-chat.js\";\nexport { agentEnv, type EnvVar } from \"./agent-env.js\";\nexport { truncate } from \"./truncate.js\";\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/shared/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,SAAS,GAIV,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,QAAQ,EAAe,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EACL,iCAAiC,EACjC,0BAA0B,EAC1B,yBAAyB,EACzB,gCAAgC,EAChC,2BAA2B,GAC5B,MAAM,uBAAuB,CAAC","sourcesContent":["export {\n agentChat,\n type AgentChatMessage,\n type AgentChatCallOptions,\n type AgentChatResponse,\n} from \"./agent-chat.js\";\nexport { agentEnv, type EnvVar } from \"./agent-env.js\";\nexport { truncate } from \"./truncate.js\";\nexport {\n DISPATCH_WORKSPACE_ROOT_REDIRECTS,\n RESERVED_WORKSPACE_APP_IDS,\n assertValidWorkspaceAppId,\n getWorkspaceAppIdValidationError,\n isValidWorkspaceAppIdFormat,\n} from \"./workspace-app-id.js\";\n"]}
package/dist/shared/workspace-app-id.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ export declare const DISPATCH_WORKSPACE_ROOT_REDIRECTS: readonly [readonly ["overview", "overview"], readonly ["login", "login"], readonly ["signup", "signup"], readonly ["apps", "apps"], readonly ["apps/new-app", "new-app"], readonly ["new-app", "new-app"], readonly ["vault", "vault"], readonly ["integrations", "integrations"], readonly ["agents", "agents"], readonly ["workspace", "workspace"], readonly ["messaging", "messaging"], readonly ["destinations", "destinations"], readonly ["identities", "identities"], readonly ["approvals", "approvals"], readonly ["audit", "audit"], readonly ["team", "team"]];
2
+ export declare const RESERVED_WORKSPACE_APP_IDS: Set<string>;
3
+ export declare function isValidWorkspaceAppIdFormat(appId: string): boolean;
4
+ export declare function getWorkspaceAppIdValidationError(appId: string): string | null;
5
+ export declare function assertValidWorkspaceAppId(appId: string): void;
6
+ //# sourceMappingURL=workspace-app-id.d.ts.map
package/dist/shared/workspace-app-id.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"workspace-app-id.d.ts","sourceRoot":"","sources":["../../src/shared/workspace-app-id.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iCAAiC,4iBAiBpC,CAAC;AAEX,eAAO,MAAM,0BAA0B,aAQrC,CAAC;AAEH,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAElE;AAED,wBAAgB,gCAAgC,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAQ7E;AAED,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAG7D"}
package/dist/shared/workspace-app-id.js ADDED
@@ -0,0 +1,45 @@
1
+ export const DISPATCH_WORKSPACE_ROOT_REDIRECTS = [
2
+ ["overview", "overview"],
3
+ ["login", "login"],
4
+ ["signup", "signup"],
5
+ ["apps", "apps"],
6
+ ["apps/new-app", "new-app"],
7
+ ["new-app", "new-app"],
8
+ ["vault", "vault"],
9
+ ["integrations", "integrations"],
10
+ ["agents", "agents"],
11
+ ["workspace", "workspace"],
12
+ ["messaging", "messaging"],
13
+ ["destinations", "destinations"],
14
+ ["identities", "identities"],
15
+ ["approvals", "approvals"],
16
+ ["audit", "audit"],
17
+ ["team", "team"],
18
+ ];
19
+ export const RESERVED_WORKSPACE_APP_IDS = new Set([
20
+ "_agent-native",
21
+ "_workspace_static",
22
+ "api",
23
+ "auth",
24
+ "dispatch",
25
+ "netlify",
26
+ ...DISPATCH_WORKSPACE_ROOT_REDIRECTS.map(([from]) => from),
27
+ ]);
28
+ export function isValidWorkspaceAppIdFormat(appId) {
29
+ return /^[a-z][a-z0-9-]*$/.test(appId);
30
+ }
31
+ export function getWorkspaceAppIdValidationError(appId) {
32
+ if (RESERVED_WORKSPACE_APP_IDS.has(appId)) {
33
+ return `App name "${appId}" conflicts with a reserved workspace route. Choose a different name.`;
34
+ }
35
+ if (!isValidWorkspaceAppIdFormat(appId)) {
36
+ return `Invalid app name "${appId}". Use lowercase letters, numbers, and hyphens.`;
37
+ }
38
+ return null;
39
+ }
40
+ export function assertValidWorkspaceAppId(appId) {
41
+ const error = getWorkspaceAppIdValidationError(appId);
42
+ if (error)
43
+ throw new Error(error);
44
+ }
45
+ //# sourceMappingURL=workspace-app-id.js.map
package/dist/shared/workspace-app-id.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"workspace-app-id.js","sourceRoot":"","sources":["../../src/shared/workspace-app-id.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iCAAiC,GAAG;IAC/C,CAAC,UAAU,EAAE,UAAU,CAAC;IACxB,CAAC,OAAO,EAAE,OAAO,CAAC;IAClB,CAAC,QAAQ,EAAE,QAAQ,CAAC;IACpB,CAAC,MAAM,EAAE,MAAM,CAAC;IAChB,CAAC,cAAc,EAAE,SAAS,CAAC;IAC3B,CAAC,SAAS,EAAE,SAAS,CAAC;IACtB,CAAC,OAAO,EAAE,OAAO,CAAC;IAClB,CAAC,cAAc,EAAE,cAAc,CAAC;IAChC,CAAC,QAAQ,EAAE,QAAQ,CAAC;IACpB,CAAC,WAAW,EAAE,WAAW,CAAC;IAC1B,CAAC,WAAW,EAAE,WAAW,CAAC;IAC1B,CAAC,cAAc,EAAE,cAAc,CAAC;IAChC,CAAC,YAAY,EAAE,YAAY,CAAC;IAC5B,CAAC,WAAW,EAAE,WAAW,CAAC;IAC1B,CAAC,OAAO,EAAE,OAAO,CAAC;IAClB,CAAC,MAAM,EAAE,MAAM,CAAC;CACR,CAAC;AAEX,MAAM,CAAC,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAC;IAChD,eAAe;IACf,mBAAmB;IACnB,KAAK;IACL,MAAM;IACN,UAAU;IACV,SAAS;IACT,GAAG,iCAAiC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC;CAC3D,CAAC,CAAC;AAEH,MAAM,UAAU,2BAA2B,CAAC,KAAa;IACvD,OAAO,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,gCAAgC,CAAC,KAAa;IAC5D,IAAI,0BAA0B,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,OAAO,aAAa,KAAK,uEAAuE,CAAC;IACnG,CAAC;IACD,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,EAAE,CAAC;QACxC,OAAO,qBAAqB,KAAK,iDAAiD,CAAC;IACrF,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAa;IACrD,MAAM,KAAK,GAAG,gCAAgC,CAAC,KAAK,CAAC,CAAC;IACtD,IAAI,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;AACpC,CAAC","sourcesContent":["export const DISPATCH_WORKSPACE_ROOT_REDIRECTS = [\n [\"overview\", \"overview\"],\n [\"login\", \"login\"],\n [\"signup\", \"signup\"],\n [\"apps\", \"apps\"],\n [\"apps/new-app\", \"new-app\"],\n [\"new-app\", \"new-app\"],\n [\"vault\", \"vault\"],\n [\"integrations\", \"integrations\"],\n [\"agents\", \"agents\"],\n [\"workspace\", \"workspace\"],\n [\"messaging\", \"messaging\"],\n [\"destinations\", \"destinations\"],\n [\"identities\", \"identities\"],\n [\"approvals\", \"approvals\"],\n [\"audit\", \"audit\"],\n [\"team\", \"team\"],\n] as const;\n\nexport const RESERVED_WORKSPACE_APP_IDS = new Set([\n \"_agent-native\",\n \"_workspace_static\",\n \"api\",\n \"auth\",\n \"dispatch\",\n \"netlify\",\n ...DISPATCH_WORKSPACE_ROOT_REDIRECTS.map(([from]) => from),\n]);\n\nexport function isValidWorkspaceAppIdFormat(appId: string): boolean {\n return /^[a-z][a-z0-9-]*$/.test(appId);\n}\n\nexport function getWorkspaceAppIdValidationError(appId: string): string | null {\n if (RESERVED_WORKSPACE_APP_IDS.has(appId)) {\n return `App name \"${appId}\" conflicts with a reserved workspace route. Choose a different name.`;\n }\n if (!isValidWorkspaceAppIdFormat(appId)) {\n return `Invalid app name \"${appId}\". Use lowercase letters, numbers, and hyphens.`;\n }\n return null;\n}\n\nexport function assertValidWorkspaceAppId(appId: string): void {\n const error = getWorkspaceAppIdValidationError(appId);\n if (error) throw new Error(error);\n}\n"]}
package/docs/content/deployment.md CHANGED
@@ -39,6 +39,10 @@ agent-native deploy --preset netlify
39
39
 
40
40
  Generated workspaces include a root `netlify.toml` that runs `agent-native deploy --preset netlify --build-only`, publishes `dist`, and points Netlify at `.netlify/functions-internal`.
41
41
 
42
+ Hosted workspace builds require `A2A_SECRET` in the deploy provider environment.
43
+ This makes Slack, inbound webhooks, and cross-app A2A resume work through signed
44
+ background processors. Local `--build-only` artifact checks still run without it.
45
+
42
46
  Per-app independent deploy is still supported — just `cd apps/<name> && agent-native build` like a standalone scaffold.
43
47
 
44
48
  ## How It Works {#how-it-works}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@agent-native/core",
3
- "version": "0.7.47",
3
+ "version": "0.7.49",
4
4
  "type": "module",
5
5
  "description": "Framework for agent-native application development — where AI agents and UI share state via files",
6
6
  "license": "MIT",