@agent-native/core 0.7.80 → 0.7.82

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (244) hide show
  1. package/dist/action.d.ts +8 -0
  2. package/dist/action.d.ts.map +1 -1
  3. package/dist/action.js +4 -0
  4. package/dist/action.js.map +1 -1
  5. package/dist/agent/production-agent.d.ts +12 -2
  6. package/dist/agent/production-agent.d.ts.map +1 -1
  7. package/dist/agent/production-agent.js +58 -20
  8. package/dist/agent/production-agent.js.map +1 -1
  9. package/dist/agent/run-manager.d.ts +8 -1
  10. package/dist/agent/run-manager.d.ts.map +1 -1
  11. package/dist/agent/run-manager.js +11 -12
  12. package/dist/agent/run-manager.js.map +1 -1
  13. package/dist/agent/thread-data-builder.d.ts.map +1 -1
  14. package/dist/agent/thread-data-builder.js +13 -17
  15. package/dist/agent/thread-data-builder.js.map +1 -1
  16. package/dist/agent/types.d.ts +4 -0
  17. package/dist/agent/types.d.ts.map +1 -1
  18. package/dist/agent/types.js.map +1 -1
  19. package/dist/application-state/handlers.d.ts.map +1 -1
  20. package/dist/application-state/handlers.js +3 -8
  21. package/dist/application-state/handlers.js.map +1 -1
  22. package/dist/application-state/script-helpers.d.ts +2 -4
  23. package/dist/application-state/script-helpers.d.ts.map +1 -1
  24. package/dist/application-state/script-helpers.js +10 -47
  25. package/dist/application-state/script-helpers.js.map +1 -1
  26. package/dist/cli/workspace-dev.js +78 -15
  27. package/dist/cli/workspace-dev.js.map +1 -1
  28. package/dist/client/AgentPanel.d.ts.map +1 -1
  29. package/dist/client/AgentPanel.js +6 -2
  30. package/dist/client/AgentPanel.js.map +1 -1
  31. package/dist/client/AssistantChat.d.ts +0 -15
  32. package/dist/client/AssistantChat.d.ts.map +1 -1
  33. package/dist/client/AssistantChat.js +69 -57
  34. package/dist/client/AssistantChat.js.map +1 -1
  35. package/dist/client/ConnectBuilderCard.d.ts +7 -1
  36. package/dist/client/ConnectBuilderCard.d.ts.map +1 -1
  37. package/dist/client/ConnectBuilderCard.js +46 -5
  38. package/dist/client/ConnectBuilderCard.js.map +1 -1
  39. package/dist/client/ErrorBoundary.d.ts.map +1 -1
  40. package/dist/client/ErrorBoundary.js +20 -5
  41. package/dist/client/ErrorBoundary.js.map +1 -1
  42. package/dist/client/FeedbackButton.d.ts.map +1 -1
  43. package/dist/client/FeedbackButton.js +5 -1
  44. package/dist/client/FeedbackButton.js.map +1 -1
  45. package/dist/client/agent-chat-adapter.d.ts.map +1 -1
  46. package/dist/client/agent-chat-adapter.js +303 -169
  47. package/dist/client/agent-chat-adapter.js.map +1 -1
  48. package/dist/client/builder-frame.d.ts +25 -0
  49. package/dist/client/builder-frame.d.ts.map +1 -1
  50. package/dist/client/builder-frame.js +40 -0
  51. package/dist/client/builder-frame.js.map +1 -1
  52. package/dist/client/composer/ComposerPlusMenu.d.ts.map +1 -1
  53. package/dist/client/composer/ComposerPlusMenu.js +7 -2
  54. package/dist/client/composer/ComposerPlusMenu.js.map +1 -1
  55. package/dist/client/composer/PastedTextChip.d.ts +9 -0
  56. package/dist/client/composer/PastedTextChip.d.ts.map +1 -0
  57. package/dist/client/composer/PastedTextChip.js +47 -0
  58. package/dist/client/composer/PastedTextChip.js.map +1 -0
  59. package/dist/client/composer/PromptComposer.d.ts +2 -2
  60. package/dist/client/composer/PromptComposer.d.ts.map +1 -1
  61. package/dist/client/composer/PromptComposer.js +32 -4
  62. package/dist/client/composer/PromptComposer.js.map +1 -1
  63. package/dist/client/composer/TiptapComposer.d.ts +11 -1
  64. package/dist/client/composer/TiptapComposer.d.ts.map +1 -1
  65. package/dist/client/composer/TiptapComposer.js +49 -16
  66. package/dist/client/composer/TiptapComposer.js.map +1 -1
  67. package/dist/client/composer/VoiceButton.d.ts.map +1 -1
  68. package/dist/client/composer/VoiceButton.js +5 -1
  69. package/dist/client/composer/VoiceButton.js.map +1 -1
  70. package/dist/client/composer/pasted-text.d.ts +6 -0
  71. package/dist/client/composer/pasted-text.d.ts.map +1 -0
  72. package/dist/client/composer/pasted-text.js +49 -0
  73. package/dist/client/composer/pasted-text.js.map +1 -0
  74. package/dist/client/composer/useVoiceDictation.d.ts +1 -0
  75. package/dist/client/composer/useVoiceDictation.d.ts.map +1 -1
  76. package/dist/client/composer/useVoiceDictation.js +18 -0
  77. package/dist/client/composer/useVoiceDictation.js.map +1 -1
  78. package/dist/client/index.d.ts +0 -1
  79. package/dist/client/index.d.ts.map +1 -1
  80. package/dist/client/index.js +0 -1
  81. package/dist/client/index.js.map +1 -1
  82. package/dist/client/integrations/IntegrationCard.d.ts.map +1 -1
  83. package/dist/client/integrations/IntegrationCard.js +14 -2
  84. package/dist/client/integrations/IntegrationCard.js.map +1 -1
  85. package/dist/client/integrations/IntegrationsPanel.d.ts.map +1 -1
  86. package/dist/client/integrations/IntegrationsPanel.js +19 -3
  87. package/dist/client/integrations/IntegrationsPanel.js.map +1 -1
  88. package/dist/client/notifications/NotificationsBell.d.ts.map +1 -1
  89. package/dist/client/notifications/NotificationsBell.js +4 -42
  90. package/dist/client/notifications/NotificationsBell.js.map +1 -1
  91. package/dist/client/org/OrgSwitcher.d.ts +4 -6
  92. package/dist/client/org/OrgSwitcher.d.ts.map +1 -1
  93. package/dist/client/org/OrgSwitcher.js +84 -74
  94. package/dist/client/org/OrgSwitcher.js.map +1 -1
  95. package/dist/client/org/TeamPage.d.ts.map +1 -1
  96. package/dist/client/org/TeamPage.js +3 -154
  97. package/dist/client/org/TeamPage.js.map +1 -1
  98. package/dist/client/resources/ResourcesPanel.d.ts.map +1 -1
  99. package/dist/client/resources/ResourcesPanel.js +13 -35
  100. package/dist/client/resources/ResourcesPanel.js.map +1 -1
  101. package/dist/client/settings/SettingsPanel.js +1 -1
  102. package/dist/client/settings/SettingsPanel.js.map +1 -1
  103. package/dist/client/settings/useBuilderStatus.d.ts +6 -0
  104. package/dist/client/settings/useBuilderStatus.d.ts.map +1 -1
  105. package/dist/client/settings/useBuilderStatus.js +3 -0
  106. package/dist/client/settings/useBuilderStatus.js.map +1 -1
  107. package/dist/client/sse-event-processor.d.ts +15 -1
  108. package/dist/client/sse-event-processor.d.ts.map +1 -1
  109. package/dist/client/sse-event-processor.js +58 -54
  110. package/dist/client/sse-event-processor.js.map +1 -1
  111. package/dist/client/tools/ToolEditor.d.ts.map +1 -1
  112. package/dist/client/tools/ToolEditor.js +34 -4
  113. package/dist/client/tools/ToolEditor.js.map +1 -1
  114. package/dist/client/tools/ToolViewer.d.ts.map +1 -1
  115. package/dist/client/tools/ToolViewer.js +20 -1
  116. package/dist/client/tools/ToolViewer.js.map +1 -1
  117. package/dist/client/tools/ToolsListPage.d.ts.map +1 -1
  118. package/dist/client/tools/ToolsListPage.js +2 -1
  119. package/dist/client/tools/ToolsListPage.js.map +1 -1
  120. package/dist/client/transcription/BuilderTranscriptionCta.js +1 -1
  121. package/dist/client/transcription/BuilderTranscriptionCta.js.map +1 -1
  122. package/dist/client/use-chat-threads.d.ts.map +1 -1
  123. package/dist/client/use-chat-threads.js +7 -2
  124. package/dist/client/use-chat-threads.js.map +1 -1
  125. package/dist/collab/client.d.ts.map +1 -1
  126. package/dist/collab/client.js +26 -7
  127. package/dist/collab/client.js.map +1 -1
  128. package/dist/integrations/a2a-continuations-store.d.ts.map +1 -1
  129. package/dist/integrations/a2a-continuations-store.js +20 -19
  130. package/dist/integrations/a2a-continuations-store.js.map +1 -1
  131. package/dist/jobs/scheduler.js +0 -4
  132. package/dist/jobs/scheduler.js.map +1 -1
  133. package/dist/oauth-tokens/store.d.ts +0 -4
  134. package/dist/oauth-tokens/store.d.ts.map +1 -1
  135. package/dist/oauth-tokens/store.js +3 -24
  136. package/dist/oauth-tokens/store.js.map +1 -1
  137. package/dist/observability/routes.d.ts.map +1 -1
  138. package/dist/observability/routes.js +1 -9
  139. package/dist/observability/routes.js.map +1 -1
  140. package/dist/onboarding/default-steps.js +1 -1
  141. package/dist/onboarding/default-steps.js.map +1 -1
  142. package/dist/onboarding/plugin.d.ts.map +1 -1
  143. package/dist/onboarding/plugin.js +1 -8
  144. package/dist/onboarding/plugin.js.map +1 -1
  145. package/dist/org/accept-pending.d.ts.map +1 -1
  146. package/dist/org/accept-pending.js +1 -2
  147. package/dist/org/accept-pending.js.map +1 -1
  148. package/dist/org/context.d.ts +0 -2
  149. package/dist/org/context.d.ts.map +1 -1
  150. package/dist/org/context.js +0 -5
  151. package/dist/org/context.js.map +1 -1
  152. package/dist/resources/script-helpers.d.ts +3 -4
  153. package/dist/resources/script-helpers.d.ts.map +1 -1
  154. package/dist/resources/script-helpers.js +8 -15
  155. package/dist/resources/script-helpers.js.map +1 -1
  156. package/dist/scripts/chat/search-chats.d.ts.map +1 -1
  157. package/dist/scripts/chat/search-chats.js +4 -4
  158. package/dist/scripts/chat/search-chats.js.map +1 -1
  159. package/dist/scripts/manage-agent-loop-settings.js +2 -2
  160. package/dist/scripts/manage-agent-loop-settings.js.map +1 -1
  161. package/dist/scripts/resources/delete-memory.d.ts.map +1 -1
  162. package/dist/scripts/resources/delete-memory.js +4 -2
  163. package/dist/scripts/resources/delete-memory.js.map +1 -1
  164. package/dist/scripts/resources/delete.d.ts.map +1 -1
  165. package/dist/scripts/resources/delete.js +11 -4
  166. package/dist/scripts/resources/delete.js.map +1 -1
  167. package/dist/scripts/resources/list.d.ts.map +1 -1
  168. package/dist/scripts/resources/list.js +5 -3
  169. package/dist/scripts/resources/list.js.map +1 -1
  170. package/dist/scripts/resources/migrate-learnings.d.ts.map +1 -1
  171. package/dist/scripts/resources/migrate-learnings.js +5 -2
  172. package/dist/scripts/resources/migrate-learnings.js.map +1 -1
  173. package/dist/scripts/resources/read.d.ts.map +1 -1
  174. package/dist/scripts/resources/read.js +4 -2
  175. package/dist/scripts/resources/read.js.map +1 -1
  176. package/dist/scripts/resources/save-memory.d.ts.map +1 -1
  177. package/dist/scripts/resources/save-memory.js +4 -2
  178. package/dist/scripts/resources/save-memory.js.map +1 -1
  179. package/dist/scripts/resources/write.d.ts.map +1 -1
  180. package/dist/scripts/resources/write.js +11 -4
  181. package/dist/scripts/resources/write.js.map +1 -1
  182. package/dist/secrets/onboarding.d.ts.map +1 -1
  183. package/dist/secrets/onboarding.js +1 -9
  184. package/dist/secrets/onboarding.js.map +1 -1
  185. package/dist/secrets/routes.d.ts.map +1 -1
  186. package/dist/secrets/routes.js +2 -7
  187. package/dist/secrets/routes.js.map +1 -1
  188. package/dist/server/action-discovery.d.ts.map +1 -1
  189. package/dist/server/action-discovery.js +4 -0
  190. package/dist/server/action-discovery.js.map +1 -1
  191. package/dist/server/agent-chat-plugin.d.ts +5 -0
  192. package/dist/server/agent-chat-plugin.d.ts.map +1 -1
  193. package/dist/server/agent-chat-plugin.js +81 -20
  194. package/dist/server/agent-chat-plugin.js.map +1 -1
  195. package/dist/server/agent-discovery.d.ts.map +1 -1
  196. package/dist/server/agent-discovery.js +5 -7
  197. package/dist/server/agent-discovery.js.map +1 -1
  198. package/dist/server/auth.d.ts +16 -21
  199. package/dist/server/auth.d.ts.map +1 -1
  200. package/dist/server/auth.js +45 -315
  201. package/dist/server/auth.js.map +1 -1
  202. package/dist/server/core-routes-plugin.d.ts.map +1 -1
  203. package/dist/server/core-routes-plugin.js +22 -13
  204. package/dist/server/core-routes-plugin.js.map +1 -1
  205. package/dist/server/credential-provider.d.ts.map +1 -1
  206. package/dist/server/credential-provider.js +1 -2
  207. package/dist/server/credential-provider.js.map +1 -1
  208. package/dist/server/google-oauth.d.ts +14 -2
  209. package/dist/server/google-oauth.d.ts.map +1 -1
  210. package/dist/server/google-oauth.js +17 -7
  211. package/dist/server/google-oauth.js.map +1 -1
  212. package/dist/server/index.d.ts +1 -1
  213. package/dist/server/index.d.ts.map +1 -1
  214. package/dist/server/index.js +1 -1
  215. package/dist/server/index.js.map +1 -1
  216. package/dist/server/oauth-helpers.d.ts +2 -4
  217. package/dist/server/oauth-helpers.d.ts.map +1 -1
  218. package/dist/server/oauth-helpers.js +2 -4
  219. package/dist/server/oauth-helpers.js.map +1 -1
  220. package/dist/server/transcribe-voice.d.ts.map +1 -1
  221. package/dist/server/transcribe-voice.js +2 -4
  222. package/dist/server/transcribe-voice.js.map +1 -1
  223. package/dist/triggers/dispatcher.d.ts.map +1 -1
  224. package/dist/triggers/dispatcher.js +0 -3
  225. package/dist/triggers/dispatcher.js.map +1 -1
  226. package/dist/vite/client.d.ts.map +1 -1
  227. package/dist/vite/client.js +6 -0
  228. package/dist/vite/client.js.map +1 -1
  229. package/docs/content/actions.md +1 -0
  230. package/docs/content/authentication.md +3 -20
  231. package/docs/content/creating-templates.md +1 -1
  232. package/docs/content/deployment.md +0 -1
  233. package/docs/content/security.md +0 -1
  234. package/docs/content/template-content.md +1 -1
  235. package/docs/content/template-starter.md +1 -1
  236. package/package.json +1 -1
  237. package/dist/client/dev-mode.d.ts +0 -14
  238. package/dist/client/dev-mode.d.ts.map +0 -1
  239. package/dist/client/dev-mode.js +0 -14
  240. package/dist/client/dev-mode.js.map +0 -1
  241. package/dist/server/local-migration.d.ts +0 -41
  242. package/dist/server/local-migration.d.ts.map +0 -1
  243. package/dist/server/local-migration.js +0 -235
  244. package/dist/server/local-migration.js.map +0 -1
package/dist/oauth-tokens/store.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/oauth-tokens/store.ts"],"names":[],"mappings":"AA8CA,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAUzC;AAED;;;;;;;;GAQG;AACH,qBAAa,iCAAkC,SAAQ,KAAK;IAC1D,QAAQ,CAAC,UAAU,OAAO;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;gBACpB,IAAI,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;KACxB;CAUF;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAwEf;AAED,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAgBjB;AAED,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAChE,KAAK,CAAC;IACJ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAAC,CACH,CAaA;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GACZ,OAAO,CACR,KAAK,CAAC;IACJ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAAC,CACH,CAaA;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC,CAQf;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAgBlB"}
1
+ {"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../../src/oauth-tokens/store.ts"],"names":[],"mappings":"AA8CA,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CAUzC;AAED;;;;;;;;GAQG;AACH,qBAAa,iCAAkC,SAAQ,KAAK;IAC1D,QAAQ,CAAC,UAAU,OAAO;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;gBACpB,IAAI,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAC;QACjB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;QACtB,cAAc,EAAE,MAAM,CAAC;KACxB;CAUF;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CA4Df;AAED,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAgBjB;AAED,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAChE,KAAK,CAAC;IACJ,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAAC,CACH,CAaA;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GACZ,OAAO,CACR,KAAK,CAAC;IACJ,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC,CAAC,CACH,CAaA;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC,CAQf;AAED;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CASlB"}
package/dist/oauth-tokens/store.js CHANGED
@@ -93,13 +93,11 @@ export async function saveOAuthTokens(provider, accountId, tokens, owner) {
93
93
  await ensureTable();
94
94
  const client = getDbExec();
95
95
  const table = oauthTokensTable();
96
- // Never store "local@localhost" as owner — it creates shared-ownership bugs
97
- const sanitizedOwner = owner === "local@localhost" ? accountId : owner;
98
96
  // Read the current row before deciding what to write. We use this to
99
97
  // (a) preserve owner / display_name when this is a token refresh (no
100
98
  // owner argument), and (b) reject the write when the caller is trying
101
99
  // to overwrite a row owned by someone else.
102
- let resolvedOwner = sanitizedOwner ?? accountId;
100
+ let resolvedOwner = owner ?? accountId;
103
101
  let existingDisplayName = null;
104
102
  let existingOwner = null;
105
103
  let existingTokens = null;
@@ -117,15 +115,7 @@ export async function saveOAuthTokens(provider, accountId, tokens, owner) {
117
115
  if (existingOwner)
118
116
  resolvedOwner = existingOwner;
119
117
  }
120
- else if (existingOwner === "local@localhost" && sanitizedOwner) {
121
- // Legacy dev rows from older OAuth flows were sometimes stored under the
122
- // synthetic local user. A successful OAuth callback proves control of the
123
- // Google account, so let the reconnect repair that owner in place.
124
- resolvedOwner = sanitizedOwner;
125
- }
126
- else if (existingOwner &&
127
- sanitizedOwner &&
128
- existingOwner !== sanitizedOwner) {
118
+ else if (existingOwner && owner && existingOwner !== owner) {
129
119
  // Refuse to silently re-bind an account from one user to another.
130
120
  // This is the case the docstring promised but the previous
131
121
  // implementation didn't enforce — `ON CONFLICT DO UPDATE SET
@@ -134,7 +124,7 @@ export async function saveOAuthTokens(provider, accountId, tokens, owner) {
134
124
  provider,
135
125
  accountId,
136
126
  existingOwner,
137
- attemptedOwner: sanitizedOwner,
127
+ attemptedOwner: owner,
138
128
  });
139
129
  }
140
130
  const cleanedIncomingTokens = Object.fromEntries(Object.entries(tokens).filter(([, value]) => value !== undefined));
@@ -224,22 +214,11 @@ export async function setOAuthDisplayName(provider, accountId, displayName) {
224
214
  * across users — the onboarding banner would mark the OAuth secret as
225
215
  * "set" for user B as soon as ANY user in the deployment connected the
226
216
  * provider, and user B would never see the prompt to connect.
227
- *
228
- * For the local-dev / single-tenant case, callers pass the dev sentinel
229
- * (`DEV_MODE_USER_EMAIL`) and we degrade to "any row exists" — preserving
230
- * the original behaviour for that single-user surface.
231
217
  */
232
218
  export async function hasOAuthTokens(provider, owner) {
233
219
  await ensureTable();
234
220
  const client = getDbExec();
235
221
  const table = oauthTokensTable();
236
- if (owner === "local@localhost") {
237
- const { rows } = await client.execute({
238
- sql: `SELECT 1 FROM ${table} WHERE provider = ? LIMIT 1`,
239
- args: [provider],
240
- });
241
- return rows.length > 0;
242
- }
243
222
  const { rows } = await client.execute({
244
223
  sql: `SELECT 1 FROM ${table} WHERE provider = ? AND owner = ? LIMIT 1`,
245
224
  args: [provider, owner],
package/dist/oauth-tokens/store.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/oauth-tokens/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAe,MAAM,iBAAiB,CAAC;AAE9E,IAAI,YAAuC,CAAC;AAE5C,SAAS,gBAAgB;IACvB,OAAO,UAAU,EAAE,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc,CAAC;AAC/D,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;YACjC,MAAM,MAAM,CAAC,OAAO,CAAC;qCACU,KAAK;;;;;uBAKnB,OAAO,EAAE;;;OAGzB,CAAC,CAAC;YACH,iDAAiD;YACjD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,KAAK,wBAAwB,CAAC,CAAC;YACrE,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;YACD,qCAAqC;YACrC,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,eAAe,KAAK,+BAA+B,CACpD,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;YACD,sEAAsE;YACtE,MAAM,MAAM,CAAC,OAAO,CAClB,UAAU,KAAK,6CAA6C,CAC7D,CAAC;QACJ,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,SAAiB;IAEjB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,sBAAsB,KAAK,wCAAwC;QACxE,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAC5B,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAgB,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,iCAAkC,SAAQ,KAAK;IACjD,UAAU,GAAG,GAAG,CAAC;IACjB,QAAQ,CAAS;IACjB,SAAS,CAAS;IAClB,aAAa,CAAS;IACtB,cAAc,CAAS;IAChC,YAAY,IAKX;QACC,KAAK,CACH,iBAAiB,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,SAAS,uEAAuE,CACxH,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,mCAAmC,CAAC;QAChD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;QACxC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC;IAC5C,CAAC;CACF;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,SAAiB,EACjB,MAA+B,EAC/B,KAAc;IAEd,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IAEjC,4EAA4E;IAC5E,MAAM,cAAc,GAAG,KAAK,KAAK,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC;IAEvE,qEAAqE;IACrE,qEAAqE;IACrE,sEAAsE;IACtE,4CAA4C;IAC5C,IAAI,aAAa,GAAG,cAAc,IAAI,SAAS,CAAC;IAChD,IAAI,mBAAmB,GAAkB,IAAI,CAAC;IAC9C,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,cAAc,GAAmC,IAAI,CAAC;IAC1D,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAC9C,GAAG,EAAE,2CAA2C,KAAK,wCAAwC;QAC7F,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAC5B,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,aAAa,GAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAgB,IAAI,IAAI,CAAC;QACtD,mBAAmB,GAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAuB,IAAI,IAAI,CAAC;QACnE,cAAc,GAAG,IAAI,CAAC,KAAK,CAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAiB,IAAI,IAAI,CAAC,CAAC;IACtE,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,qEAAqE;QACrE,IAAI,aAAa;YAAE,aAAa,GAAG,aAAa,CAAC;IACnD,CAAC;SAAM,IAAI,aAAa,KAAK,iBAAiB,IAAI,cAAc,EAAE,CAAC;QACjE,yEAAyE;QACzE,0EAA0E;QAC1E,mEAAmE;QACnE,aAAa,GAAG,cAAc,CAAC;IACjC,CAAC;SAAM,IACL,aAAa;QACb,cAAc;QACd,aAAa,KAAK,cAAc,EAChC,CAAC;QACD,kEAAkE;QAClE,2DAA2D;QAC3D,6DAA6D;QAC7D,gEAAgE;QAChE,MAAM,IAAI,iCAAiC,CAAC;YAC1C,QAAQ;YACR,SAAS;YACT,aAAa;YACb,cAAc,EAAE,cAAc;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,MAAM,qBAAqB,GAAG,MAAM,CAAC,WAAW,CAC9C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CAAC,CAClE,CAAC;IACF,MAAM,aAAa,GAAG;QACpB,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;QACzB,GAAG,qBAAqB;KACzB,CAAC;IAEF,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,UAAU,EAAE;YACf,CAAC,CAAC,eAAe,KAAK,kNAAkN,KAAK,wEAAwE;YACrT,CAAC,CAAC,0BAA0B,KAAK,4FAA4F;QAC/H,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,aAAa;YACb,mBAAmB;YACnB,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;YAC7B,IAAI,CAAC,GAAG,EAAE;SACX;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,SAAkB;IAElB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,eAAe,KAAK,wCAAwC;YACjE,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;SAC5B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,YAAY,CAAC;IAC7B,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE,eAAe,KAAK,qBAAqB;QAC9C,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,YAAY,CAAC;AAC7B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAgB;IAOtD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,yCAAyC,KAAK,qBAAqB;QACxE,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxB,SAAS,EAAE,GAAG,CAAC,UAAoB;QACnC,KAAK,EAAG,GAAG,CAAC,KAAgB,IAAI,IAAI;QACpC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAgB,CAAC;KACzC,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,QAAgB,EAChB,KAAa;IAQb,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,gDAAgD,KAAK,mCAAmC;QAC7F,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;KACxB,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxB,SAAS,EAAE,GAAG,CAAC,UAAoB;QACnC,WAAW,EAAG,GAAG,CAAC,YAAuB,IAAI,IAAI;QACjD,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAgB,CAAC;KACzC,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,SAAiB,EACjB,WAAmB;IAEnB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,UAAU,KAAK,6DAA6D;QACjF,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,SAAS,CAAC;KACzC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,KAAa;IAEb,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;QAChC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YACpC,GAAG,EAAE,iBAAiB,KAAK,6BAA6B;YACxD,IAAI,EAAE,CAAC,QAAQ,CAAC;SACjB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;IACzB,CAAC;IACD,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,iBAAiB,KAAK,2CAA2C;QACtE,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;KACxB,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;AACzB,CAAC","sourcesContent":["import { getDbExec, isPostgres, intType, type DbExec } from \"../db/client.js\";\n\nlet _initPromise: Promise<void> | undefined;\n\nfunction oauthTokensTable(): string {\n return isPostgres() ? \"public.oauth_tokens\" : \"oauth_tokens\";\n}\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n const table = oauthTokensTable();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS ${table} (\n provider TEXT NOT NULL,\n account_id TEXT NOT NULL,\n owner TEXT,\n tokens TEXT NOT NULL,\n updated_at ${intType()} NOT NULL,\n PRIMARY KEY (provider, account_id)\n )\n `);\n // Migration: add owner column to existing tables\n try {\n await client.execute(`ALTER TABLE ${table} ADD COLUMN owner TEXT`);\n } catch {\n // Column already exists\n }\n // Migration: add display_name column\n try {\n await client.execute(\n `ALTER TABLE ${table} ADD COLUMN display_name TEXT`,\n );\n } catch {\n // Column already exists\n }\n // Backfill: set owner = account_id for existing rows without an owner\n await client.execute(\n `UPDATE ${table} SET owner = account_id WHERE owner IS NULL`,\n );\n })();\n }\n return _initPromise;\n}\n\nexport async function getOAuthTokens(\n provider: string,\n accountId: string,\n): Promise<Record<string, unknown> | null> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n const { rows } = await client.execute({\n sql: `SELECT tokens FROM ${table} WHERE provider = ? AND account_id = ?`,\n args: [provider, accountId],\n });\n if (rows.length === 0) return null;\n return JSON.parse(rows[0].tokens as string);\n}\n\n/**\n * Thrown when an OAuth save would re-bind an `(provider, account_id)` row\n * to a different owner than already holds it. Callers should catch this and\n * surface a clean \"this account is already linked to another user\" message\n * to the requester rather than letting it propagate as a 500.\n *\n * Carries `statusCode = 409` so route handlers using h3's `createError` can\n * pass it straight through.\n */\nexport class OAuthAccountOwnedByOtherUserError extends Error {\n readonly statusCode = 409;\n readonly provider: string;\n readonly accountId: string;\n readonly existingOwner: string;\n readonly attemptedOwner: string;\n constructor(opts: {\n provider: string;\n accountId: string;\n existingOwner: string;\n attemptedOwner: string;\n }) {\n super(\n `OAuth account ${opts.provider}:${opts.accountId} is already linked to another user — refusing to overwrite the owner.`,\n );\n this.name = \"OAuthAccountOwnedByOtherUserError\";\n this.provider = opts.provider;\n this.accountId = opts.accountId;\n this.existingOwner = opts.existingOwner;\n this.attemptedOwner = opts.attemptedOwner;\n }\n}\n\n/**\n * Save OAuth tokens. The `owner` parameter specifies which user owns this\n * account — defaults to `accountId` (the account itself is the owner).\n * For multi-account support, pass the logged-in user's email as owner.\n *\n * If the account already exists and is owned by a different user, throws\n * `OAuthAccountOwnedByOtherUserError` (statusCode 409) to prevent silently\n * stealing another user's linked account.\n *\n * Read + write happen as a single linearised batch (Postgres) or paired\n * statements (SQLite). On both backends the per-row PK serialises concurrent\n * writes for the same `(provider, account_id)` so the owner check cannot be\n * raced by an attacker calling saveOAuthTokens twice in flight — the second\n * caller sees the first caller's owner row and raises 409.\n */\nexport async function saveOAuthTokens(\n provider: string,\n accountId: string,\n tokens: Record<string, unknown>,\n owner?: string,\n): Promise<void> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n\n // Never store \"local@localhost\" as owner — it creates shared-ownership bugs\n const sanitizedOwner = owner === \"local@localhost\" ? accountId : owner;\n\n // Read the current row before deciding what to write. We use this to\n // (a) preserve owner / display_name when this is a token refresh (no\n // owner argument), and (b) reject the write when the caller is trying\n // to overwrite a row owned by someone else.\n let resolvedOwner = sanitizedOwner ?? accountId;\n let existingDisplayName: string | null = null;\n let existingOwner: string | null = null;\n let existingTokens: Record<string, unknown> | null = null;\n const { rows: existing } = await client.execute({\n sql: `SELECT owner, display_name, tokens FROM ${table} WHERE provider = ? AND account_id = ?`,\n args: [provider, accountId],\n });\n if (existing.length > 0) {\n existingOwner = (existing[0].owner as string) ?? null;\n existingDisplayName = (existing[0].display_name as string) ?? null;\n existingTokens = JSON.parse((existing[0].tokens as string) ?? \"{}\");\n }\n\n if (!owner) {\n // Token-refresh path: keep the existing owner/displayName unchanged.\n if (existingOwner) resolvedOwner = existingOwner;\n } else if (existingOwner === \"local@localhost\" && sanitizedOwner) {\n // Legacy dev rows from older OAuth flows were sometimes stored under the\n // synthetic local user. A successful OAuth callback proves control of the\n // Google account, so let the reconnect repair that owner in place.\n resolvedOwner = sanitizedOwner;\n } else if (\n existingOwner &&\n sanitizedOwner &&\n existingOwner !== sanitizedOwner\n ) {\n // Refuse to silently re-bind an account from one user to another.\n // This is the case the docstring promised but the previous\n // implementation didn't enforce — `ON CONFLICT DO UPDATE SET\n // owner=EXCLUDED.owner` would have overwritten the prior owner.\n throw new OAuthAccountOwnedByOtherUserError({\n provider,\n accountId,\n existingOwner,\n attemptedOwner: sanitizedOwner,\n });\n }\n\n const cleanedIncomingTokens = Object.fromEntries(\n Object.entries(tokens).filter(([, value]) => value !== undefined),\n );\n const tokensToStore = {\n ...(existingTokens ?? {}),\n ...cleanedIncomingTokens,\n };\n\n await client.execute({\n sql: isPostgres()\n ? `INSERT INTO ${table} (provider, account_id, owner, display_name, tokens, updated_at) VALUES (?, ?, ?, ?, ?, ?) ON CONFLICT (provider, account_id) DO UPDATE SET owner=EXCLUDED.owner, display_name=COALESCE(EXCLUDED.display_name, ${table}.display_name), tokens=EXCLUDED.tokens, updated_at=EXCLUDED.updated_at`\n : `INSERT OR REPLACE INTO ${table} (provider, account_id, owner, display_name, tokens, updated_at) VALUES (?, ?, ?, ?, ?, ?)`,\n args: [\n provider,\n accountId,\n resolvedOwner,\n existingDisplayName,\n JSON.stringify(tokensToStore),\n Date.now(),\n ],\n });\n}\n\nexport async function deleteOAuthTokens(\n provider: string,\n accountId?: string,\n): Promise<number> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n if (accountId) {\n const result = await client.execute({\n sql: `DELETE FROM ${table} WHERE provider = ? AND account_id = ?`,\n args: [provider, accountId],\n });\n return result.rowsAffected;\n }\n const result = await client.execute({\n sql: `DELETE FROM ${table} WHERE provider = ?`,\n args: [provider],\n });\n return result.rowsAffected;\n}\n\nexport async function listOAuthAccounts(provider: string): Promise<\n Array<{\n accountId: string;\n owner: string | null;\n tokens: Record<string, unknown>;\n }>\n> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n const { rows } = await client.execute({\n sql: `SELECT account_id, owner, tokens FROM ${table} WHERE provider = ?`,\n args: [provider],\n });\n return rows.map((row) => ({\n accountId: row.account_id as string,\n owner: (row.owner as string) ?? null,\n tokens: JSON.parse(row.tokens as string),\n }));\n}\n\n/**\n * List all OAuth accounts owned by a specific user.\n * In multi-account mode, a user may have connected multiple Google accounts.\n */\nexport async function listOAuthAccountsByOwner(\n provider: string,\n owner: string,\n): Promise<\n Array<{\n accountId: string;\n displayName: string | null;\n tokens: Record<string, unknown>;\n }>\n> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n const { rows } = await client.execute({\n sql: `SELECT account_id, display_name, tokens FROM ${table} WHERE provider = ? AND owner = ?`,\n args: [provider, owner],\n });\n return rows.map((row) => ({\n accountId: row.account_id as string,\n displayName: (row.display_name as string) ?? null,\n tokens: JSON.parse(row.tokens as string),\n }));\n}\n\n/**\n * Set the display name for an OAuth account (e.g. Google profile name).\n */\nexport async function setOAuthDisplayName(\n provider: string,\n accountId: string,\n displayName: string,\n): Promise<void> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n await client.execute({\n sql: `UPDATE ${table} SET display_name = ? WHERE provider = ? AND account_id = ?`,\n args: [displayName, provider, accountId],\n });\n}\n\n/**\n * Check whether a specific user has tokens for a provider.\n *\n * `owner` is REQUIRED. The previous unscoped form leaked information\n * across users — the onboarding banner would mark the OAuth secret as\n * \"set\" for user B as soon as ANY user in the deployment connected the\n * provider, and user B would never see the prompt to connect.\n *\n * For the local-dev / single-tenant case, callers pass the dev sentinel\n * (`DEV_MODE_USER_EMAIL`) and we degrade to \"any row exists\" — preserving\n * the original behaviour for that single-user surface.\n */\nexport async function hasOAuthTokens(\n provider: string,\n owner: string,\n): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n if (owner === \"local@localhost\") {\n const { rows } = await client.execute({\n sql: `SELECT 1 FROM ${table} WHERE provider = ? LIMIT 1`,\n args: [provider],\n });\n return rows.length > 0;\n }\n const { rows } = await client.execute({\n sql: `SELECT 1 FROM ${table} WHERE provider = ? AND owner = ? LIMIT 1`,\n args: [provider, owner],\n });\n return rows.length > 0;\n}\n"]}
1
+ {"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/oauth-tokens/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAe,MAAM,iBAAiB,CAAC;AAE9E,IAAI,YAAuC,CAAC;AAE5C,SAAS,gBAAgB;IACvB,OAAO,UAAU,EAAE,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc,CAAC;AAC/D,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;YACjC,MAAM,MAAM,CAAC,OAAO,CAAC;qCACU,KAAK;;;;;uBAKnB,OAAO,EAAE;;;OAGzB,CAAC,CAAC;YACH,iDAAiD;YACjD,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAAC,eAAe,KAAK,wBAAwB,CAAC,CAAC;YACrE,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;YACD,qCAAqC;YACrC,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,eAAe,KAAK,+BAA+B,CACpD,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,wBAAwB;YAC1B,CAAC;YACD,sEAAsE;YACtE,MAAM,MAAM,CAAC,OAAO,CAClB,UAAU,KAAK,6CAA6C,CAC7D,CAAC;QACJ,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,SAAiB;IAEjB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,sBAAsB,KAAK,wCAAwC;QACxE,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAC5B,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,MAAgB,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,OAAO,iCAAkC,SAAQ,KAAK;IACjD,UAAU,GAAG,GAAG,CAAC;IACjB,QAAQ,CAAS;IACjB,SAAS,CAAS;IAClB,aAAa,CAAS;IACtB,cAAc,CAAS;IAChC,YAAY,IAKX;QACC,KAAK,CACH,iBAAiB,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,SAAS,uEAAuE,CACxH,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,mCAAmC,CAAC;QAChD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;QAChC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC;QACxC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC;IAC5C,CAAC;CACF;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,QAAgB,EAChB,SAAiB,EACjB,MAA+B,EAC/B,KAAc;IAEd,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IAEjC,qEAAqE;IACrE,qEAAqE;IACrE,sEAAsE;IACtE,4CAA4C;IAC5C,IAAI,aAAa,GAAG,KAAK,IAAI,SAAS,CAAC;IACvC,IAAI,mBAAmB,GAAkB,IAAI,CAAC;IAC9C,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,cAAc,GAAmC,IAAI,CAAC;IAC1D,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAC9C,GAAG,EAAE,2CAA2C,KAAK,wCAAwC;QAC7F,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;KAC5B,CAAC,CAAC;IACH,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,aAAa,GAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAgB,IAAI,IAAI,CAAC;QACtD,mBAAmB,GAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAuB,IAAI,IAAI,CAAC;QACnE,cAAc,GAAG,IAAI,CAAC,KAAK,CAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAiB,IAAI,IAAI,CAAC,CAAC;IACtE,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,qEAAqE;QACrE,IAAI,aAAa;YAAE,aAAa,GAAG,aAAa,CAAC;IACnD,CAAC;SAAM,IAAI,aAAa,IAAI,KAAK,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;QAC7D,kEAAkE;QAClE,2DAA2D;QAC3D,6DAA6D;QAC7D,gEAAgE;QAChE,MAAM,IAAI,iCAAiC,CAAC;YAC1C,QAAQ;YACR,SAAS;YACT,aAAa;YACb,cAAc,EAAE,KAAK;SACtB,CAAC,CAAC;IACL,CAAC;IAED,MAAM,qBAAqB,GAAG,MAAM,CAAC,WAAW,CAC9C,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,KAAK,KAAK,SAAS,CAAC,CAClE,CAAC;IACF,MAAM,aAAa,GAAG;QACpB,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;QACzB,GAAG,qBAAqB;KACzB,CAAC;IAEF,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,UAAU,EAAE;YACf,CAAC,CAAC,eAAe,KAAK,kNAAkN,KAAK,wEAAwE;YACrT,CAAC,CAAC,0BAA0B,KAAK,4FAA4F;QAC/H,IAAI,EAAE;YACJ,QAAQ;YACR,SAAS;YACT,aAAa;YACb,mBAAmB;YACnB,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;YAC7B,IAAI,CAAC,GAAG,EAAE;SACX;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,SAAkB;IAElB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;YAClC,GAAG,EAAE,eAAe,KAAK,wCAAwC;YACjE,IAAI,EAAE,CAAC,QAAQ,EAAE,SAAS,CAAC;SAC5B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC,YAAY,CAAC;IAC7B,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QAClC,GAAG,EAAE,eAAe,KAAK,qBAAqB;QAC9C,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,YAAY,CAAC;AAC7B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAgB;IAOtD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,yCAAyC,KAAK,qBAAqB;QACxE,IAAI,EAAE,CAAC,QAAQ,CAAC;KACjB,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxB,SAAS,EAAE,GAAG,CAAC,UAAoB;QACnC,KAAK,EAAG,GAAG,CAAC,KAAgB,IAAI,IAAI;QACpC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAgB,CAAC;KACzC,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,QAAgB,EAChB,KAAa;IAQb,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,gDAAgD,KAAK,mCAAmC;QAC7F,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;KACxB,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACxB,SAAS,EAAE,GAAG,CAAC,UAAoB;QACnC,WAAW,EAAG,GAAG,CAAC,YAAuB,IAAI,IAAI;QACjD,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAgB,CAAC;KACzC,CAAC,CAAC,CAAC;AACN,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,SAAiB,EACjB,WAAmB;IAEnB,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,MAAM,CAAC,OAAO,CAAC;QACnB,GAAG,EAAE,UAAU,KAAK,6DAA6D;QACjF,IAAI,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,SAAS,CAAC;KACzC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,KAAa;IAEb,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,MAAM,KAAK,GAAG,gBAAgB,EAAE,CAAC;IACjC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC;QACpC,GAAG,EAAE,iBAAiB,KAAK,2CAA2C;QACtE,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,CAAC;KACxB,CAAC,CAAC;IACH,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC;AACzB,CAAC","sourcesContent":["import { getDbExec, isPostgres, intType, type DbExec } from \"../db/client.js\";\n\nlet _initPromise: Promise<void> | undefined;\n\nfunction oauthTokensTable(): string {\n return isPostgres() ? \"public.oauth_tokens\" : \"oauth_tokens\";\n}\n\nasync function ensureTable(): Promise<void> {\n if (!_initPromise) {\n _initPromise = (async () => {\n const client = getDbExec();\n const table = oauthTokensTable();\n await client.execute(`\n CREATE TABLE IF NOT EXISTS ${table} (\n provider TEXT NOT NULL,\n account_id TEXT NOT NULL,\n owner TEXT,\n tokens TEXT NOT NULL,\n updated_at ${intType()} NOT NULL,\n PRIMARY KEY (provider, account_id)\n )\n `);\n // Migration: add owner column to existing tables\n try {\n await client.execute(`ALTER TABLE ${table} ADD COLUMN owner TEXT`);\n } catch {\n // Column already exists\n }\n // Migration: add display_name column\n try {\n await client.execute(\n `ALTER TABLE ${table} ADD COLUMN display_name TEXT`,\n );\n } catch {\n // Column already exists\n }\n // Backfill: set owner = account_id for existing rows without an owner\n await client.execute(\n `UPDATE ${table} SET owner = account_id WHERE owner IS NULL`,\n );\n })();\n }\n return _initPromise;\n}\n\nexport async function getOAuthTokens(\n provider: string,\n accountId: string,\n): Promise<Record<string, unknown> | null> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n const { rows } = await client.execute({\n sql: `SELECT tokens FROM ${table} WHERE provider = ? AND account_id = ?`,\n args: [provider, accountId],\n });\n if (rows.length === 0) return null;\n return JSON.parse(rows[0].tokens as string);\n}\n\n/**\n * Thrown when an OAuth save would re-bind an `(provider, account_id)` row\n * to a different owner than already holds it. Callers should catch this and\n * surface a clean \"this account is already linked to another user\" message\n * to the requester rather than letting it propagate as a 500.\n *\n * Carries `statusCode = 409` so route handlers using h3's `createError` can\n * pass it straight through.\n */\nexport class OAuthAccountOwnedByOtherUserError extends Error {\n readonly statusCode = 409;\n readonly provider: string;\n readonly accountId: string;\n readonly existingOwner: string;\n readonly attemptedOwner: string;\n constructor(opts: {\n provider: string;\n accountId: string;\n existingOwner: string;\n attemptedOwner: string;\n }) {\n super(\n `OAuth account ${opts.provider}:${opts.accountId} is already linked to another user — refusing to overwrite the owner.`,\n );\n this.name = \"OAuthAccountOwnedByOtherUserError\";\n this.provider = opts.provider;\n this.accountId = opts.accountId;\n this.existingOwner = opts.existingOwner;\n this.attemptedOwner = opts.attemptedOwner;\n }\n}\n\n/**\n * Save OAuth tokens. The `owner` parameter specifies which user owns this\n * account — defaults to `accountId` (the account itself is the owner).\n * For multi-account support, pass the logged-in user's email as owner.\n *\n * If the account already exists and is owned by a different user, throws\n * `OAuthAccountOwnedByOtherUserError` (statusCode 409) to prevent silently\n * stealing another user's linked account.\n *\n * Read + write happen as a single linearised batch (Postgres) or paired\n * statements (SQLite). On both backends the per-row PK serialises concurrent\n * writes for the same `(provider, account_id)` so the owner check cannot be\n * raced by an attacker calling saveOAuthTokens twice in flight — the second\n * caller sees the first caller's owner row and raises 409.\n */\nexport async function saveOAuthTokens(\n provider: string,\n accountId: string,\n tokens: Record<string, unknown>,\n owner?: string,\n): Promise<void> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n\n // Read the current row before deciding what to write. We use this to\n // (a) preserve owner / display_name when this is a token refresh (no\n // owner argument), and (b) reject the write when the caller is trying\n // to overwrite a row owned by someone else.\n let resolvedOwner = owner ?? accountId;\n let existingDisplayName: string | null = null;\n let existingOwner: string | null = null;\n let existingTokens: Record<string, unknown> | null = null;\n const { rows: existing } = await client.execute({\n sql: `SELECT owner, display_name, tokens FROM ${table} WHERE provider = ? AND account_id = ?`,\n args: [provider, accountId],\n });\n if (existing.length > 0) {\n existingOwner = (existing[0].owner as string) ?? null;\n existingDisplayName = (existing[0].display_name as string) ?? null;\n existingTokens = JSON.parse((existing[0].tokens as string) ?? \"{}\");\n }\n\n if (!owner) {\n // Token-refresh path: keep the existing owner/displayName unchanged.\n if (existingOwner) resolvedOwner = existingOwner;\n } else if (existingOwner && owner && existingOwner !== owner) {\n // Refuse to silently re-bind an account from one user to another.\n // This is the case the docstring promised but the previous\n // implementation didn't enforce — `ON CONFLICT DO UPDATE SET\n // owner=EXCLUDED.owner` would have overwritten the prior owner.\n throw new OAuthAccountOwnedByOtherUserError({\n provider,\n accountId,\n existingOwner,\n attemptedOwner: owner,\n });\n }\n\n const cleanedIncomingTokens = Object.fromEntries(\n Object.entries(tokens).filter(([, value]) => value !== undefined),\n );\n const tokensToStore = {\n ...(existingTokens ?? {}),\n ...cleanedIncomingTokens,\n };\n\n await client.execute({\n sql: isPostgres()\n ? `INSERT INTO ${table} (provider, account_id, owner, display_name, tokens, updated_at) VALUES (?, ?, ?, ?, ?, ?) ON CONFLICT (provider, account_id) DO UPDATE SET owner=EXCLUDED.owner, display_name=COALESCE(EXCLUDED.display_name, ${table}.display_name), tokens=EXCLUDED.tokens, updated_at=EXCLUDED.updated_at`\n : `INSERT OR REPLACE INTO ${table} (provider, account_id, owner, display_name, tokens, updated_at) VALUES (?, ?, ?, ?, ?, ?)`,\n args: [\n provider,\n accountId,\n resolvedOwner,\n existingDisplayName,\n JSON.stringify(tokensToStore),\n Date.now(),\n ],\n });\n}\n\nexport async function deleteOAuthTokens(\n provider: string,\n accountId?: string,\n): Promise<number> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n if (accountId) {\n const result = await client.execute({\n sql: `DELETE FROM ${table} WHERE provider = ? AND account_id = ?`,\n args: [provider, accountId],\n });\n return result.rowsAffected;\n }\n const result = await client.execute({\n sql: `DELETE FROM ${table} WHERE provider = ?`,\n args: [provider],\n });\n return result.rowsAffected;\n}\n\nexport async function listOAuthAccounts(provider: string): Promise<\n Array<{\n accountId: string;\n owner: string | null;\n tokens: Record<string, unknown>;\n }>\n> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n const { rows } = await client.execute({\n sql: `SELECT account_id, owner, tokens FROM ${table} WHERE provider = ?`,\n args: [provider],\n });\n return rows.map((row) => ({\n accountId: row.account_id as string,\n owner: (row.owner as string) ?? null,\n tokens: JSON.parse(row.tokens as string),\n }));\n}\n\n/**\n * List all OAuth accounts owned by a specific user.\n * In multi-account mode, a user may have connected multiple Google accounts.\n */\nexport async function listOAuthAccountsByOwner(\n provider: string,\n owner: string,\n): Promise<\n Array<{\n accountId: string;\n displayName: string | null;\n tokens: Record<string, unknown>;\n }>\n> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n const { rows } = await client.execute({\n sql: `SELECT account_id, display_name, tokens FROM ${table} WHERE provider = ? AND owner = ?`,\n args: [provider, owner],\n });\n return rows.map((row) => ({\n accountId: row.account_id as string,\n displayName: (row.display_name as string) ?? null,\n tokens: JSON.parse(row.tokens as string),\n }));\n}\n\n/**\n * Set the display name for an OAuth account (e.g. Google profile name).\n */\nexport async function setOAuthDisplayName(\n provider: string,\n accountId: string,\n displayName: string,\n): Promise<void> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n await client.execute({\n sql: `UPDATE ${table} SET display_name = ? WHERE provider = ? AND account_id = ?`,\n args: [displayName, provider, accountId],\n });\n}\n\n/**\n * Check whether a specific user has tokens for a provider.\n *\n * `owner` is REQUIRED. The previous unscoped form leaked information\n * across users — the onboarding banner would mark the OAuth secret as\n * \"set\" for user B as soon as ANY user in the deployment connected the\n * provider, and user B would never see the prompt to connect.\n */\nexport async function hasOAuthTokens(\n provider: string,\n owner: string,\n): Promise<boolean> {\n await ensureTable();\n const client = getDbExec();\n const table = oauthTokensTable();\n const { rows } = await client.execute({\n sql: `SELECT 1 FROM ${table} WHERE provider = ? AND owner = ? LIMIT 1`,\n args: [provider, owner],\n });\n return rows.length > 0;\n}\n"]}
package/dist/observability/routes.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/observability/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAoEH,wBAAgB,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAySzC"}
1
+ {"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../../src/observability/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAoEH,wBAAgB,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAgSzC"}
package/dist/observability/routes.js CHANGED
@@ -20,7 +20,7 @@
20
20
  * GET /experiments/:id/results — get experiment results
21
21
  */
22
22
  import { defineEventHandler, getMethod, getQuery, setResponseStatus, } from "h3";
23
- import { getSession, DEV_MODE_USER_EMAIL } from "../server/auth.js";
23
+ import { getSession } from "../server/auth.js";
24
24
  import { readBody } from "../server/h3-helpers.js";
25
25
  import { getObservabilityOverview, getTraceSummaries, getTraceSummary, getTraceSpansForRun, getEvalsForRun, insertFeedback, getFeedback, getFeedbackStats, getSatisfactionScores, getEvalStats, listExperiments, insertExperiment, getExperiment, updateExperiment, getExperimentResults, } from "./store.js";
26
26
  function nanoid(size = 21) {
@@ -67,14 +67,6 @@ export function createObservabilityHandler() {
67
67
  .replace(/\/+$/, "");
68
68
  const parts = pathname ? pathname.split("/") : [];
69
69
  const owner = await resolveOwner(event);
70
- if (!owner || owner === DEV_MODE_USER_EMAIL) {
71
- const isLocal = process.env.NODE_ENV !== "production" ||
72
- process.env.AUTH_MODE === "local";
73
- if (!isLocal) {
74
- setResponseStatus(event, 401);
75
- return { error: "Authentication required" };
76
- }
77
- }
78
70
  // Every read endpoint passes `userId: owner` to the store. Omitting
79
71
  // it returns rows from every user — load-bearing.
80
72
  // GET / — overview stats
package/dist/observability/routes.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"routes.js","sourceRoot":"","sources":["../../src/observability/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,QAAQ,EACR,iBAAiB,GAElB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,qBAAqB,EACrB,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,SAAS,MAAM,CAAC,IAAI,GAAG,EAAE;IACvB,MAAM,QAAQ,GACZ,gEAAgE,CAAC;IACnE,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,EAAE,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,KAAc;IACxC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAC1D,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;QACpB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,aAAa,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,OAAO,CAAC,KAAK,CAAC;AACvB,CAAC;AAED,SAAS,UAAU,CAAC,CAAsB;IACxC,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC;IACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,UAAU,CAAC;AACrC,CAAC;AAED,SAAS,UAAU,CAAC,CAAsB,EAAE,QAAQ,GAAG,GAAG;IACxD,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC;IACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,0BAA0B;IACxC,OAAO,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;QACjD,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,QAAQ,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,EAAE,CAAC;aACzC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;aACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAElD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,mBAAmB,EAAE,CAAC;YAC5C,MAAM,OAAO,GACX,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;gBACrC,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,OAAO,CAAC;YACpC,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,oEAAoE;QACpE,kDAAkD;QAElD,yBAAyB;QACzB,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9B,OAAO,wBAAwB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,qCAAqC;QACrC,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACpE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,iBAAiB,CAAC;gBACvB,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;gBACtB,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpB,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;QACL,CAAC;QAED,sDAAsD;QACtD,IACE,MAAM,KAAK,KAAK;YAChB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;YACrB,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EACpB,CAAC;YACD,OAAO,cAAc,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,qEAAqE;QACrE,mEAAmE;QACnE,mEAAmE;QACnE,iEAAiE;QACjE,uBAAuB;QACvB,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACpE,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACzC,eAAe,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBACzC,mBAAmB,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;aAC9C,CAAC,CAAC;YACH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;YACtC,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;QAED,mDAAmD;QACnD,IACE,MAAM,KAAK,KAAK;YAChB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU;YACvB,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EACpB,CAAC;YACD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,mCAAmC;QACnC,IAAI,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;YACvE,IAAI,IAAS,CAAC;YACd,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACxC,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,EAAE,YAAwC,CAAC;YACpE,IACE,CAAC,YAAY;gBACb,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EACxE,CAAC;gBACD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;YAC/C,CAAC;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC;YAC5B,MAAM,KAAK,GACT,QAAQ,IAAI,IAAI;gBACd,CAAC,CAAC,EAAE;gBACJ,CAAC,CAAC,OAAO,QAAQ,KAAK,QAAQ;oBAC5B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;oBAC1B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACzB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,MAAM,cAAc,CAAC;gBACnB,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI;gBAC7C,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;gBACtD,UAAU,EACR,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI;gBAC9D,YAAY;gBACZ,KAAK;gBACL,MAAM,EAAE,KAAK;gBACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YACH,gEAAgE;YAChE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,eAAe,CAAC;qBACpB,IAAI,CAAC,CAAC,EAAE,wBAAwB,EAAE,EAAE,EAAE,CACrC,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;oBAC9C,MAAM,EAAE,KAAK;iBACd,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CACnB;qBACA,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,CAAC;QAChB,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;YACtE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,WAAW,CAAC;gBACjB,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;gBACtB,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpB,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;QACL,CAAC;QAED,0CAA0C;QAC1C,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,cAAc,EAAE,CAAC;YAC1E,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,qBAAqB,CAAC;gBAC3B,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;gBACtB,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;QACL,CAAC;QAED,gCAAgC;QAChC,IACE,MAAM,KAAK,KAAK;YAChB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO;YACpB,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EACpB,CAAC;YACD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,qEAAqE;QACrE,sEAAsE;QACtE,IAAI,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;YAC1E,IAAI,IAAS,CAAC;YACd,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACxC,CAAC;YACD,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;gBAChB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC;YACvC,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjE,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;YAChD,CAAC;YACD,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,MAAM,gBAAgB,CAAC;gBACrB,EAAE;gBACF,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;gBACvB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;gBAC3D,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBACxD,eAAe,EACb,IAAI,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;gBACzD,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,UAAU,EAAE,KAAK;aAClB,CAAC,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,CAAC;QAChB,CAAC;QAED,sEAAsE;QACtE,sEAAsE;QACtE,iEAAiE;QACjE,mCAAmC;QAEnC,sCAAsC;QACtC,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;YACzE,OAAO,eAAe,EAAE,CAAC;QAC3B,CAAC;QAED,mEAAmE;QACnE,uEAAuE;QACvE,yDAAyD;QACzD,iCAAiC;QACjC,IACE,MAAM,KAAK,MAAM;YACjB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa;YAC1B,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,EACtB,CAAC;YACD,MAAM,EAAE,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,EAAE,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,IAAI,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;gBACzD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBACtE,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,EAAE,CAAC,CAAC;gBACnD,OAAO,OAAO,CAAC;YACjB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,IAAI,2BAA2B,EAAE,CAAC;YAChE,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IACE,MAAM,KAAK,KAAK;YAChB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa;YAC1B,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,EACtB,CAAC;YACD,OAAO,oBAAoB,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;QAED,8DAA8D;QAC9D,qEAAqE;QACrE,4DAA4D;QAC5D,qEAAqE;QACrE,2DAA2D;QAC3D,0EAA0E;QAC1E,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;YACzE,MAAM,EAAE,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,EAAE,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,IAAI,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;gBACzD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,IAAI,IAAS,CAAC;YACd,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACxC,CAAC;YACD,MAAM,OAAO,GAAwB,EAAE,CAAC;YACxC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YAC5D,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,MAAM,CAAC,GAAG,IAAI,CAAC,MAA0B,CAAC;gBAC1C,IAAI,CAAC,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC7D,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;gBACrC,CAAC;gBACD,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;gBACnB,IAAI,CAAC,KAAK,WAAW;oBAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACtD,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;YACnE,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;YAChE,MAAM,gBAAgB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YACpC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QAED,2CAA2C;QAC3C,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;YACzE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["/**\n * H3 event handlers for the agent observability system.\n *\n * Mounted under `/_agent-native/observability/*` by the observability plugin.\n *\n * GET / — overview stats\n * GET /traces?since=N&limit=N — list trace summaries\n * GET /traces/:runId — get trace detail (spans + summary)\n * GET /traces/:runId/evals — get evals for a run\n * POST /feedback — submit feedback\n * GET /feedback?since=N&limit=N — list feedback entries\n * GET /feedback/stats?since=N — feedback aggregation stats\n * GET /satisfaction?since=N — satisfaction scores\n * GET /evals/stats?since=N — eval stats\n * GET /experiments — list experiments\n * POST /experiments — create experiment\n * GET /experiments/:id — get experiment detail\n * PUT /experiments/:id — update experiment\n * POST /experiments/:id/results — compute experiment results\n * GET /experiments/:id/results — get experiment results\n */\n\nimport {\n defineEventHandler,\n getMethod,\n getQuery,\n setResponseStatus,\n type H3Event,\n} from \"h3\";\nimport { getSession, DEV_MODE_USER_EMAIL } from \"../server/auth.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport {\n getObservabilityOverview,\n getTraceSummaries,\n getTraceSummary,\n getTraceSpansForRun,\n getEvalsForRun,\n insertFeedback,\n getFeedback,\n getFeedbackStats,\n getSatisfactionScores,\n getEvalStats,\n listExperiments,\n insertExperiment,\n getExperiment,\n updateExperiment,\n getExperimentResults,\n} from \"./store.js\";\nimport type { FeedbackType, ExperimentStatus } from \"./types.js\";\n\nfunction nanoid(size = 21): string {\n const alphabet =\n \"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\";\n let id = \"\";\n const bytes = crypto.getRandomValues(new Uint8Array(size));\n for (let i = 0; i < size; i++) {\n id += alphabet[bytes[i] % alphabet.length];\n }\n return id;\n}\n\nasync function resolveOwner(event: H3Event): Promise<string> {\n const session = await getSession(event).catch(() => null);\n if (!session?.email) {\n const { createError } = await import(\"h3\");\n throw createError({ statusCode: 401, statusMessage: \"Unauthenticated\" });\n }\n return session.email;\n}\n\nfunction parseSince(q: Record<string, any>): number {\n const raw = q.since;\n if (typeof raw === \"string\" && raw.length > 0) {\n const n = Number(raw);\n if (!isNaN(n) && n >= 0) return n;\n }\n return Date.now() - 7 * 86_400_000;\n}\n\nfunction parseLimit(q: Record<string, any>, fallback = 100): number {\n const raw = q.limit;\n if (typeof raw === \"string\") {\n const n = Number(raw);\n if (!isNaN(n) && n > 0) return Math.min(n, 500);\n }\n return fallback;\n}\n\nexport function createObservabilityHandler() {\n return defineEventHandler(async (event: H3Event) => {\n const rawMethod = getMethod(event);\n const method = rawMethod === \"HEAD\" ? \"GET\" : rawMethod;\n const pathname = (event.url?.pathname || \"\")\n .replace(/^\\/+/, \"\")\n .replace(/\\/+$/, \"\");\n const parts = pathname ? pathname.split(\"/\") : [];\n\n const owner = await resolveOwner(event);\n if (!owner || owner === DEV_MODE_USER_EMAIL) {\n const isLocal =\n process.env.NODE_ENV !== \"production\" ||\n process.env.AUTH_MODE === \"local\";\n if (!isLocal) {\n setResponseStatus(event, 401);\n return { error: \"Authentication required\" };\n }\n }\n\n // Every read endpoint passes `userId: owner` to the store. Omitting\n // it returns rows from every user — load-bearing.\n\n // GET / — overview stats\n if (method === \"GET\" && parts.length === 0) {\n const q = getQuery(event);\n const sinceMs = parseSince(q);\n return getObservabilityOverview(sinceMs, { userId: owner });\n }\n\n // GET /traces — list trace summaries\n if (method === \"GET\" && parts.length === 1 && parts[0] === \"traces\") {\n const q = getQuery(event);\n return getTraceSummaries({\n sinceMs: parseSince(q),\n limit: parseLimit(q),\n userId: owner,\n });\n }\n\n // GET /traces/:runId/evals — evals for a specific run\n if (\n method === \"GET\" &&\n parts.length === 3 &&\n parts[0] === \"traces\" &&\n parts[2] === \"evals\"\n ) {\n return getEvalsForRun(decodeURIComponent(parts[1]), { userId: owner });\n }\n\n // GET /traces/:runId — trace detail (summary + spans). Looking up by\n // runId opens an IDOR vector if we don't ALSO scope to the owner —\n // a user who knows or guesses another user's runId would otherwise\n // get back the trace. The `userId: owner` filter on both lookups\n // returns 404 instead.\n if (method === \"GET\" && parts.length === 2 && parts[0] === \"traces\") {\n const runId = decodeURIComponent(parts[1]);\n const [summary, spans] = await Promise.all([\n getTraceSummary(runId, { userId: owner }),\n getTraceSpansForRun(runId, { userId: owner }),\n ]);\n if (!summary) {\n setResponseStatus(event, 404);\n return { error: \"Trace not found\" };\n }\n return { summary, spans };\n }\n\n // GET /feedback/stats — feedback aggregation stats\n if (\n method === \"GET\" &&\n parts.length === 2 &&\n parts[0] === \"feedback\" &&\n parts[1] === \"stats\"\n ) {\n const q = getQuery(event);\n return getFeedbackStats(parseSince(q), { userId: owner });\n }\n\n // POST /feedback — submit feedback\n if (method === \"POST\" && parts.length === 1 && parts[0] === \"feedback\") {\n let body: any;\n try {\n body = await readBody(event);\n } catch {\n setResponseStatus(event, 400);\n return { error: \"Invalid JSON body\" };\n }\n const feedbackType = body?.feedbackType as FeedbackType | undefined;\n if (\n !feedbackType ||\n ![\"thumbs_up\", \"thumbs_down\", \"category\", \"text\"].includes(feedbackType)\n ) {\n setResponseStatus(event, 400);\n return { error: \"feedbackType is required\" };\n }\n const rawValue = body.value;\n const value =\n rawValue == null\n ? \"\"\n : typeof rawValue === \"object\"\n ? JSON.stringify(rawValue)\n : String(rawValue);\n const id = nanoid();\n await insertFeedback({\n id,\n runId: body.runId ? String(body.runId) : null,\n threadId: body.threadId ? String(body.threadId) : null,\n messageSeq:\n typeof body.messageSeq === \"number\" ? body.messageSeq : null,\n feedbackType,\n value,\n userId: owner,\n createdAt: Date.now(),\n });\n // Fire-and-forget: recompute satisfaction score for the thread.\n if (body.threadId) {\n import(\"./feedback.js\")\n .then(({ computeSatisfactionScore }) =>\n computeSatisfactionScore(String(body.threadId), {\n userId: owner,\n }).catch(() => {}),\n )\n .catch(() => {});\n }\n return { id };\n }\n\n // GET /feedback — list feedback entries\n if (method === \"GET\" && parts.length === 1 && parts[0] === \"feedback\") {\n const q = getQuery(event);\n return getFeedback({\n sinceMs: parseSince(q),\n limit: parseLimit(q),\n userId: owner,\n });\n }\n\n // GET /satisfaction — satisfaction scores\n if (method === \"GET\" && parts.length === 1 && parts[0] === \"satisfaction\") {\n const q = getQuery(event);\n return getSatisfactionScores({\n sinceMs: parseSince(q),\n userId: owner,\n });\n }\n\n // GET /evals/stats — eval stats\n if (\n method === \"GET\" &&\n parts.length === 2 &&\n parts[0] === \"evals\" &&\n parts[1] === \"stats\"\n ) {\n const q = getQuery(event);\n return getEvalStats(parseSince(q), { userId: owner });\n }\n\n // POST /experiments — create experiment. Records the calling user as\n // the owner so subsequent PUT / POST results require the same caller.\n if (method === \"POST\" && parts.length === 1 && parts[0] === \"experiments\") {\n let body: any;\n try {\n body = await readBody(event);\n } catch {\n setResponseStatus(event, 400);\n return { error: \"Invalid JSON body\" };\n }\n if (!body?.name) {\n setResponseStatus(event, 400);\n return { error: \"name is required\" };\n }\n if (body.variants !== undefined && !Array.isArray(body.variants)) {\n setResponseStatus(event, 400);\n return { error: \"variants must be an array\" };\n }\n const id = nanoid();\n await insertExperiment({\n id,\n name: String(body.name),\n status: \"draft\",\n variants: Array.isArray(body.variants) ? body.variants : [],\n metrics: Array.isArray(body.metrics) ? body.metrics : [],\n assignmentLevel:\n body.assignmentLevel === \"session\" ? \"session\" : \"user\",\n startedAt: null,\n endedAt: null,\n createdAt: Date.now(),\n ownerEmail: owner,\n });\n return { id };\n }\n\n // Experiments are platform-wide A/B test configurations — they assign\n // variants across all users, so reads are NOT per-user scoped. Writes\n // are gated by authentication above (only authenticated users or\n // local-dev can reach this point).\n\n // GET /experiments — list experiments\n if (method === \"GET\" && parts.length === 1 && parts[0] === \"experiments\") {\n return listExperiments();\n }\n\n // POST /experiments/:id/results — compute experiment results. Only\n // the experiment's owner may trigger a recomputation in a multi-tenant\n // deployment; legacy rows (no owner) fall through to the\n // authenticated-only gate above.\n if (\n method === \"POST\" &&\n parts.length === 3 &&\n parts[0] === \"experiments\" &&\n parts[2] === \"results\"\n ) {\n const id = decodeURIComponent(parts[1]);\n const existing = await getExperiment(id);\n if (!existing) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n if (existing.ownerEmail && existing.ownerEmail !== owner) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n try {\n const { computeExperimentResults } = await import(\"./experiments.js\");\n const results = await computeExperimentResults(id);\n return results;\n } catch (err: any) {\n setResponseStatus(event, 500);\n return { error: err?.message ?? \"Failed to compute results\" };\n }\n }\n\n // GET /experiments/:id/results — experiment results\n if (\n method === \"GET\" &&\n parts.length === 3 &&\n parts[0] === \"experiments\" &&\n parts[2] === \"results\"\n ) {\n return getExperimentResults(decodeURIComponent(parts[1]));\n }\n\n // PUT /experiments/:id — update experiment. Restricted to the\n // experiment owner; cross-user mutation would let one signed-in user\n // silently end / reshape another user's experiment (variant\n // assignments, status, metrics). Legacy rows without an owner remain\n // updatable by any authenticated user — they're treated as\n // platform-wide and operators should re-save them to lock down ownership.\n if (method === \"PUT\" && parts.length === 2 && parts[0] === \"experiments\") {\n const id = decodeURIComponent(parts[1]);\n const existing = await getExperiment(id);\n if (!existing) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n if (existing.ownerEmail && existing.ownerEmail !== owner) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n let body: any;\n try {\n body = await readBody(event);\n } catch {\n setResponseStatus(event, 400);\n return { error: \"Invalid JSON body\" };\n }\n const updates: Record<string, any> = {};\n if (typeof body.name === \"string\") updates.name = body.name;\n if (typeof body.status === \"string\") {\n const s = body.status as ExperimentStatus;\n if (![\"draft\", \"running\", \"paused\", \"completed\"].includes(s)) {\n setResponseStatus(event, 400);\n return { error: \"Invalid status\" };\n }\n updates.status = s;\n if (s === \"completed\") updates.endedAt = Date.now();\n }\n if (Array.isArray(body.variants)) updates.variants = body.variants;\n if (Array.isArray(body.metrics)) updates.metrics = body.metrics;\n await updateExperiment(id, updates);\n return { ok: true };\n }\n\n // GET /experiments/:id — experiment detail\n if (method === \"GET\" && parts.length === 2 && parts[0] === \"experiments\") {\n const exp = await getExperiment(decodeURIComponent(parts[1]));\n if (!exp) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n return exp;\n }\n\n setResponseStatus(event, 404);\n return { error: \"Not found\" };\n });\n}\n"]}
1
+ {"version":3,"file":"routes.js","sourceRoot":"","sources":["../../src/observability/routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,QAAQ,EACR,iBAAiB,GAElB,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EACL,wBAAwB,EACxB,iBAAiB,EACjB,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,qBAAqB,EACrB,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,aAAa,EACb,gBAAgB,EAChB,oBAAoB,GACrB,MAAM,YAAY,CAAC;AAGpB,SAAS,MAAM,CAAC,IAAI,GAAG,EAAE;IACvB,MAAM,QAAQ,GACZ,gEAAgE,CAAC;IACnE,IAAI,EAAE,GAAG,EAAE,CAAC;IACZ,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC;IAC3D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,EAAE,IAAI,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,KAAc;IACxC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAC1D,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;QACpB,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,WAAW,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,aAAa,EAAE,iBAAiB,EAAE,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,OAAO,CAAC,KAAK,CAAC;AACvB,CAAC;AAED,SAAS,UAAU,CAAC,CAAsB;IACxC,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC;IACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9C,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,UAAU,CAAC;AACrC,CAAC;AAED,SAAS,UAAU,CAAC,CAAsB,EAAE,QAAQ,GAAG,GAAG;IACxD,MAAM,GAAG,GAAG,CAAC,CAAC,KAAK,CAAC;IACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACtB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,0BAA0B;IACxC,OAAO,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;QACjD,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,SAAS,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QACxD,MAAM,QAAQ,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,EAAE,CAAC;aACzC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;aACnB,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAElD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,CAAC;QAExC,oEAAoE;QACpE,kDAAkD;QAElD,yBAAyB;QACzB,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC9B,OAAO,wBAAwB,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,qCAAqC;QACrC,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACpE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,iBAAiB,CAAC;gBACvB,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;gBACtB,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpB,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;QACL,CAAC;QAED,sDAAsD;QACtD,IACE,MAAM,KAAK,KAAK;YAChB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;YACrB,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EACpB,CAAC;YACD,OAAO,cAAc,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,qEAAqE;QACrE,mEAAmE;QACnE,mEAAmE;QACnE,iEAAiE;QACjE,uBAAuB;QACvB,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;YACpE,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3C,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBACzC,eAAe,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;gBACzC,mBAAmB,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;aAC9C,CAAC,CAAC;YACH,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;YACtC,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC5B,CAAC;QAED,mDAAmD;QACnD,IACE,MAAM,KAAK,KAAK;YAChB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU;YACvB,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EACpB,CAAC;YACD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,mCAAmC;QACnC,IAAI,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;YACvE,IAAI,IAAS,CAAC;YACd,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACxC,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,EAAE,YAAwC,CAAC;YACpE,IACE,CAAC,YAAY;gBACb,CAAC,CAAC,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,EACxE,CAAC;gBACD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC;YAC/C,CAAC;YACD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC;YAC5B,MAAM,KAAK,GACT,QAAQ,IAAI,IAAI;gBACd,CAAC,CAAC,EAAE;gBACJ,CAAC,CAAC,OAAO,QAAQ,KAAK,QAAQ;oBAC5B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;oBAC1B,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACzB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,MAAM,cAAc,CAAC;gBACnB,EAAE;gBACF,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI;gBAC7C,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI;gBACtD,UAAU,EACR,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI;gBAC9D,YAAY;gBACZ,KAAK;gBACL,MAAM,EAAE,KAAK;gBACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YACH,gEAAgE;YAChE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClB,MAAM,CAAC,eAAe,CAAC;qBACpB,IAAI,CAAC,CAAC,EAAE,wBAAwB,EAAE,EAAE,EAAE,CACrC,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;oBAC9C,MAAM,EAAE,KAAK;iBACd,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CACnB;qBACA,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACrB,CAAC;YACD,OAAO,EAAE,EAAE,EAAE,CAAC;QAChB,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,UAAU,EAAE,CAAC;YACtE,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,WAAW,CAAC;gBACjB,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;gBACtB,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;gBACpB,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;QACL,CAAC;QAED,0CAA0C;QAC1C,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,cAAc,EAAE,CAAC;YAC1E,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,qBAAqB,CAAC;gBAC3B,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;gBACtB,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;QACL,CAAC;QAED,gCAAgC;QAChC,IACE,MAAM,KAAK,KAAK;YAChB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO;YACpB,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EACpB,CAAC;YACD,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,OAAO,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,CAAC;QAED,qEAAqE;QACrE,sEAAsE;QACtE,IAAI,MAAM,KAAK,MAAM,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;YAC1E,IAAI,IAAS,CAAC;YACd,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACxC,CAAC;YACD,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;gBAChB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC;YACvC,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjE,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;YAChD,CAAC;YACD,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,MAAM,gBAAgB,CAAC;gBACrB,EAAE;gBACF,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;gBACvB,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;gBAC3D,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBACxD,eAAe,EACb,IAAI,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM;gBACzD,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,IAAI;gBACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,UAAU,EAAE,KAAK;aAClB,CAAC,CAAC;YACH,OAAO,EAAE,EAAE,EAAE,CAAC;QAChB,CAAC;QAED,sEAAsE;QACtE,sEAAsE;QACtE,iEAAiE;QACjE,mCAAmC;QAEnC,sCAAsC;QACtC,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;YACzE,OAAO,eAAe,EAAE,CAAC;QAC3B,CAAC;QAED,mEAAmE;QACnE,uEAAuE;QACvE,yDAAyD;QACzD,iCAAiC;QACjC,IACE,MAAM,KAAK,MAAM;YACjB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa;YAC1B,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,EACtB,CAAC;YACD,MAAM,EAAE,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,EAAE,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,IAAI,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;gBACzD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,IAAI,CAAC;gBACH,MAAM,EAAE,wBAAwB,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;gBACtE,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,EAAE,CAAC,CAAC;gBACnD,OAAO,OAAO,CAAC;YACjB,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,IAAI,2BAA2B,EAAE,CAAC;YAChE,CAAC;QACH,CAAC;QAED,oDAAoD;QACpD,IACE,MAAM,KAAK,KAAK;YAChB,KAAK,CAAC,MAAM,KAAK,CAAC;YAClB,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa;YAC1B,KAAK,CAAC,CAAC,CAAC,KAAK,SAAS,EACtB,CAAC;YACD,OAAO,oBAAoB,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,CAAC;QAED,8DAA8D;QAC9D,qEAAqE;QACrE,4DAA4D;QAC5D,qEAAqE;QACrE,2DAA2D;QAC3D,0EAA0E;QAC1E,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;YACzE,MAAM,EAAE,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACxC,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,EAAE,CAAC,CAAC;YACzC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,IAAI,QAAQ,CAAC,UAAU,IAAI,QAAQ,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;gBACzD,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,IAAI,IAAS,CAAC;YACd,IAAI,CAAC;gBACH,IAAI,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC/B,CAAC;YAAC,MAAM,CAAC;gBACP,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;YACxC,CAAC;YACD,MAAM,OAAO,GAAwB,EAAE,CAAC;YACxC,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ;gBAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YAC5D,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBACpC,MAAM,CAAC,GAAG,IAAI,CAAC,MAA0B,CAAC;gBAC1C,IAAI,CAAC,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC7D,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;gBACrC,CAAC;gBACD,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;gBACnB,IAAI,CAAC,KAAK,WAAW;oBAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACtD,CAAC;YACD,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAAE,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;YACnE,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;YAChE,MAAM,gBAAgB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YACpC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC;QAED,2CAA2C;QAC3C,IAAI,MAAM,KAAK,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,aAAa,EAAE,CAAC;YACzE,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC;YAC3C,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QAED,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9B,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;IAChC,CAAC,CAAC,CAAC;AACL,CAAC","sourcesContent":["/**\n * H3 event handlers for the agent observability system.\n *\n * Mounted under `/_agent-native/observability/*` by the observability plugin.\n *\n * GET / — overview stats\n * GET /traces?since=N&limit=N — list trace summaries\n * GET /traces/:runId — get trace detail (spans + summary)\n * GET /traces/:runId/evals — get evals for a run\n * POST /feedback — submit feedback\n * GET /feedback?since=N&limit=N — list feedback entries\n * GET /feedback/stats?since=N — feedback aggregation stats\n * GET /satisfaction?since=N — satisfaction scores\n * GET /evals/stats?since=N — eval stats\n * GET /experiments — list experiments\n * POST /experiments — create experiment\n * GET /experiments/:id — get experiment detail\n * PUT /experiments/:id — update experiment\n * POST /experiments/:id/results — compute experiment results\n * GET /experiments/:id/results — get experiment results\n */\n\nimport {\n defineEventHandler,\n getMethod,\n getQuery,\n setResponseStatus,\n type H3Event,\n} from \"h3\";\nimport { getSession } from \"../server/auth.js\";\nimport { readBody } from \"../server/h3-helpers.js\";\nimport {\n getObservabilityOverview,\n getTraceSummaries,\n getTraceSummary,\n getTraceSpansForRun,\n getEvalsForRun,\n insertFeedback,\n getFeedback,\n getFeedbackStats,\n getSatisfactionScores,\n getEvalStats,\n listExperiments,\n insertExperiment,\n getExperiment,\n updateExperiment,\n getExperimentResults,\n} from \"./store.js\";\nimport type { FeedbackType, ExperimentStatus } from \"./types.js\";\n\nfunction nanoid(size = 21): string {\n const alphabet =\n \"0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\";\n let id = \"\";\n const bytes = crypto.getRandomValues(new Uint8Array(size));\n for (let i = 0; i < size; i++) {\n id += alphabet[bytes[i] % alphabet.length];\n }\n return id;\n}\n\nasync function resolveOwner(event: H3Event): Promise<string> {\n const session = await getSession(event).catch(() => null);\n if (!session?.email) {\n const { createError } = await import(\"h3\");\n throw createError({ statusCode: 401, statusMessage: \"Unauthenticated\" });\n }\n return session.email;\n}\n\nfunction parseSince(q: Record<string, any>): number {\n const raw = q.since;\n if (typeof raw === \"string\" && raw.length > 0) {\n const n = Number(raw);\n if (!isNaN(n) && n >= 0) return n;\n }\n return Date.now() - 7 * 86_400_000;\n}\n\nfunction parseLimit(q: Record<string, any>, fallback = 100): number {\n const raw = q.limit;\n if (typeof raw === \"string\") {\n const n = Number(raw);\n if (!isNaN(n) && n > 0) return Math.min(n, 500);\n }\n return fallback;\n}\n\nexport function createObservabilityHandler() {\n return defineEventHandler(async (event: H3Event) => {\n const rawMethod = getMethod(event);\n const method = rawMethod === \"HEAD\" ? \"GET\" : rawMethod;\n const pathname = (event.url?.pathname || \"\")\n .replace(/^\\/+/, \"\")\n .replace(/\\/+$/, \"\");\n const parts = pathname ? pathname.split(\"/\") : [];\n\n const owner = await resolveOwner(event);\n\n // Every read endpoint passes `userId: owner` to the store. Omitting\n // it returns rows from every user — load-bearing.\n\n // GET / — overview stats\n if (method === \"GET\" && parts.length === 0) {\n const q = getQuery(event);\n const sinceMs = parseSince(q);\n return getObservabilityOverview(sinceMs, { userId: owner });\n }\n\n // GET /traces — list trace summaries\n if (method === \"GET\" && parts.length === 1 && parts[0] === \"traces\") {\n const q = getQuery(event);\n return getTraceSummaries({\n sinceMs: parseSince(q),\n limit: parseLimit(q),\n userId: owner,\n });\n }\n\n // GET /traces/:runId/evals — evals for a specific run\n if (\n method === \"GET\" &&\n parts.length === 3 &&\n parts[0] === \"traces\" &&\n parts[2] === \"evals\"\n ) {\n return getEvalsForRun(decodeURIComponent(parts[1]), { userId: owner });\n }\n\n // GET /traces/:runId — trace detail (summary + spans). Looking up by\n // runId opens an IDOR vector if we don't ALSO scope to the owner —\n // a user who knows or guesses another user's runId would otherwise\n // get back the trace. The `userId: owner` filter on both lookups\n // returns 404 instead.\n if (method === \"GET\" && parts.length === 2 && parts[0] === \"traces\") {\n const runId = decodeURIComponent(parts[1]);\n const [summary, spans] = await Promise.all([\n getTraceSummary(runId, { userId: owner }),\n getTraceSpansForRun(runId, { userId: owner }),\n ]);\n if (!summary) {\n setResponseStatus(event, 404);\n return { error: \"Trace not found\" };\n }\n return { summary, spans };\n }\n\n // GET /feedback/stats — feedback aggregation stats\n if (\n method === \"GET\" &&\n parts.length === 2 &&\n parts[0] === \"feedback\" &&\n parts[1] === \"stats\"\n ) {\n const q = getQuery(event);\n return getFeedbackStats(parseSince(q), { userId: owner });\n }\n\n // POST /feedback — submit feedback\n if (method === \"POST\" && parts.length === 1 && parts[0] === \"feedback\") {\n let body: any;\n try {\n body = await readBody(event);\n } catch {\n setResponseStatus(event, 400);\n return { error: \"Invalid JSON body\" };\n }\n const feedbackType = body?.feedbackType as FeedbackType | undefined;\n if (\n !feedbackType ||\n ![\"thumbs_up\", \"thumbs_down\", \"category\", \"text\"].includes(feedbackType)\n ) {\n setResponseStatus(event, 400);\n return { error: \"feedbackType is required\" };\n }\n const rawValue = body.value;\n const value =\n rawValue == null\n ? \"\"\n : typeof rawValue === \"object\"\n ? JSON.stringify(rawValue)\n : String(rawValue);\n const id = nanoid();\n await insertFeedback({\n id,\n runId: body.runId ? String(body.runId) : null,\n threadId: body.threadId ? String(body.threadId) : null,\n messageSeq:\n typeof body.messageSeq === \"number\" ? body.messageSeq : null,\n feedbackType,\n value,\n userId: owner,\n createdAt: Date.now(),\n });\n // Fire-and-forget: recompute satisfaction score for the thread.\n if (body.threadId) {\n import(\"./feedback.js\")\n .then(({ computeSatisfactionScore }) =>\n computeSatisfactionScore(String(body.threadId), {\n userId: owner,\n }).catch(() => {}),\n )\n .catch(() => {});\n }\n return { id };\n }\n\n // GET /feedback — list feedback entries\n if (method === \"GET\" && parts.length === 1 && parts[0] === \"feedback\") {\n const q = getQuery(event);\n return getFeedback({\n sinceMs: parseSince(q),\n limit: parseLimit(q),\n userId: owner,\n });\n }\n\n // GET /satisfaction — satisfaction scores\n if (method === \"GET\" && parts.length === 1 && parts[0] === \"satisfaction\") {\n const q = getQuery(event);\n return getSatisfactionScores({\n sinceMs: parseSince(q),\n userId: owner,\n });\n }\n\n // GET /evals/stats — eval stats\n if (\n method === \"GET\" &&\n parts.length === 2 &&\n parts[0] === \"evals\" &&\n parts[1] === \"stats\"\n ) {\n const q = getQuery(event);\n return getEvalStats(parseSince(q), { userId: owner });\n }\n\n // POST /experiments — create experiment. Records the calling user as\n // the owner so subsequent PUT / POST results require the same caller.\n if (method === \"POST\" && parts.length === 1 && parts[0] === \"experiments\") {\n let body: any;\n try {\n body = await readBody(event);\n } catch {\n setResponseStatus(event, 400);\n return { error: \"Invalid JSON body\" };\n }\n if (!body?.name) {\n setResponseStatus(event, 400);\n return { error: \"name is required\" };\n }\n if (body.variants !== undefined && !Array.isArray(body.variants)) {\n setResponseStatus(event, 400);\n return { error: \"variants must be an array\" };\n }\n const id = nanoid();\n await insertExperiment({\n id,\n name: String(body.name),\n status: \"draft\",\n variants: Array.isArray(body.variants) ? body.variants : [],\n metrics: Array.isArray(body.metrics) ? body.metrics : [],\n assignmentLevel:\n body.assignmentLevel === \"session\" ? \"session\" : \"user\",\n startedAt: null,\n endedAt: null,\n createdAt: Date.now(),\n ownerEmail: owner,\n });\n return { id };\n }\n\n // Experiments are platform-wide A/B test configurations — they assign\n // variants across all users, so reads are NOT per-user scoped. Writes\n // are gated by authentication above (only authenticated users or\n // local-dev can reach this point).\n\n // GET /experiments — list experiments\n if (method === \"GET\" && parts.length === 1 && parts[0] === \"experiments\") {\n return listExperiments();\n }\n\n // POST /experiments/:id/results — compute experiment results. Only\n // the experiment's owner may trigger a recomputation in a multi-tenant\n // deployment; legacy rows (no owner) fall through to the\n // authenticated-only gate above.\n if (\n method === \"POST\" &&\n parts.length === 3 &&\n parts[0] === \"experiments\" &&\n parts[2] === \"results\"\n ) {\n const id = decodeURIComponent(parts[1]);\n const existing = await getExperiment(id);\n if (!existing) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n if (existing.ownerEmail && existing.ownerEmail !== owner) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n try {\n const { computeExperimentResults } = await import(\"./experiments.js\");\n const results = await computeExperimentResults(id);\n return results;\n } catch (err: any) {\n setResponseStatus(event, 500);\n return { error: err?.message ?? \"Failed to compute results\" };\n }\n }\n\n // GET /experiments/:id/results — experiment results\n if (\n method === \"GET\" &&\n parts.length === 3 &&\n parts[0] === \"experiments\" &&\n parts[2] === \"results\"\n ) {\n return getExperimentResults(decodeURIComponent(parts[1]));\n }\n\n // PUT /experiments/:id — update experiment. Restricted to the\n // experiment owner; cross-user mutation would let one signed-in user\n // silently end / reshape another user's experiment (variant\n // assignments, status, metrics). Legacy rows without an owner remain\n // updatable by any authenticated user — they're treated as\n // platform-wide and operators should re-save them to lock down ownership.\n if (method === \"PUT\" && parts.length === 2 && parts[0] === \"experiments\") {\n const id = decodeURIComponent(parts[1]);\n const existing = await getExperiment(id);\n if (!existing) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n if (existing.ownerEmail && existing.ownerEmail !== owner) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n let body: any;\n try {\n body = await readBody(event);\n } catch {\n setResponseStatus(event, 400);\n return { error: \"Invalid JSON body\" };\n }\n const updates: Record<string, any> = {};\n if (typeof body.name === \"string\") updates.name = body.name;\n if (typeof body.status === \"string\") {\n const s = body.status as ExperimentStatus;\n if (![\"draft\", \"running\", \"paused\", \"completed\"].includes(s)) {\n setResponseStatus(event, 400);\n return { error: \"Invalid status\" };\n }\n updates.status = s;\n if (s === \"completed\") updates.endedAt = Date.now();\n }\n if (Array.isArray(body.variants)) updates.variants = body.variants;\n if (Array.isArray(body.metrics)) updates.metrics = body.metrics;\n await updateExperiment(id, updates);\n return { ok: true };\n }\n\n // GET /experiments/:id — experiment detail\n if (method === \"GET\" && parts.length === 2 && parts[0] === \"experiments\") {\n const exp = await getExperiment(decodeURIComponent(parts[1]));\n if (!exp) {\n setResponseStatus(event, 404);\n return { error: \"Experiment not found\" };\n }\n return exp;\n }\n\n setResponseStatus(event, 404);\n return { error: \"Not found\" };\n });\n}\n"]}
package/dist/onboarding/default-steps.js CHANGED
@@ -64,7 +64,7 @@ const llmStep = {
64
64
  id: "builder",
65
65
  kind: "builder-cli-auth",
66
66
  label: "Connect Builder",
67
- description: "One click, no API key needed. Builder routes Claude, GPT, Gemini, and more.",
67
+ description: "Free credits for Claude, GPT, Gemini, and more — no API key needed.",
68
68
  primary: true,
69
69
  payload: {
70
70
  scope: "llm",
package/dist/onboarding/default-steps.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"default-steps.js","sourceRoot":"","sources":["../../src/onboarding/default-steps.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AAEvD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAAE,8BAA8B,EAAE,MAAM,6BAA6B,CAAC;AAC7E,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAUlD,MAAM,eAAe,GAAmB;IACtC;QACE,QAAQ,EAAE,WAAW;QACrB,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,QAAQ,EAAE,YAAY;QACtB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,YAAY;QACnB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,QAAQ,EAAE,MAAM;QAChB,EAAE,EAAE,UAAU;QACd,KAAK,EAAE,MAAM;QACb,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,EAAE,EAAE,aAAa;QACjB,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,2CAA2C;KACzD;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,yCAAyC;KACvD;CACF,CAAC;AAEF,MAAM,OAAO,GAAmB;IAC9B,EAAE,EAAE,KAAK;IACT,KAAK,EAAE,EAAE;IACT,QAAQ,EAAE,IAAI;IACd,KAAK,EAAE,sBAAsB;IAC7B,WAAW,EAAE,gEAAgE;IAC7E,OAAO,EAAE;QACP;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,kBAAkB;YACxB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EACT,6EAA6E;YAC/E,OAAO,EAAE,IAAI;YACb,OAAO,EAAE;gBACP,KAAK,EAAE,KAAK;aACb;SACF;QACD,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,EAAE;YACvE,MAAM,IAAI,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,OAAO;gBACL,EAAE;gBACF,IAAI,EAAE,MAAe;gBACrB,KAAK;gBACL,WAAW;gBACX,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrC,OAAO,EAAE;oBACP,UAAU,EAAE,WAAoB;oBAChC,MAAM,EAAE;wBACN;4BACE,GAAG,EAAE,IAAI,CAAC,MAAM;4BAChB,KAAK,EAAE,IAAI,CAAC,MAAM;4BAClB,WAAW,EAAE,IAAI,CAAC,WAAW;4BAC7B,MAAM,EAAE,IAAI;yBACb;qBACF;iBACF;aACF,CAAC;QACJ,CAAC,CAAC;KACH;IACD,UAAU,EAAE,KAAK,IAAI,EAAE;QACrB,IAAI,CAAC;YACH,MAAM,EAAE,2BAA2B,EAAE,GACnC,MAAM,MAAM,CAAC,kCAAkC,CAAC,CAAC;YACnD,IAAI,MAAM,2BAA2B,EAAE;gBAAE,OAAO,IAAI,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB;gBAAE,OAAO,IAAI,CAAC;QACnD,CAAC;QACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QACjE,IAAI,CAAC;YACH,OAAO,8BAA8B,CAAC,MAAM,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF,CAAC;AAEF,6EAA6E;AAC7E,MAAM,YAAY,GAAmB;IACnC,EAAE,EAAE,UAAU;IACd,KAAK,EAAE,EAAE;IACT,QAAQ,EAAE,KAAK;IACf,KAAK,EAAE,UAAU;IACjB,WAAW,EACT,+GAA+G;IACjH,OAAO,EAAE;QACP;YACE,EAAE,EAAE,cAAc;YAClB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,kBAAkB;YACzB,WAAW,EAAE,sDAAsD;YACnE,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN;wBACE,GAAG,EAAE,cAAc;wBACnB,KAAK,EAAE,cAAc;wBACrB,WAAW,EAAE,kDAAkD;qBAChE;oBACD;wBACE,GAAG,EAAE,qBAAqB;wBAC1B,KAAK,EAAE,iCAAiC;wBACxC,WAAW,EAAE,0CAA0C;wBACvD,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF;KACF;IACD,kEAAkE;IAClE,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI;CACvB,CAAC;AAEF,yEAAyE;AACzE,MAAM,QAAQ,GAAmB;IAC/B,EAAE,EAAE,MAAM;IACV,KAAK,EAAE,EAAE;IACT,QAAQ,EAAE,KAAK;IACf,KAAK,EAAE,gBAAgB;IACvB,WAAW,EACT,qHAAqH;IACvH,OAAO,EAAE;QACP;YACE,EAAE,EAAE,cAAc;YAClB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,6CAA6C;YAC1D,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,kBAAkB,EAAE;oBACtD;wBACE,GAAG,EAAE,sBAAsB;wBAC3B,KAAK,EAAE,sBAAsB;wBAC7B,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF;QACD;YACE,EAAE,EAAE,cAAc;YAClB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,6CAA6C;YAC1D,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,kBAAkB,EAAE;oBACtD;wBACE,GAAG,EAAE,sBAAsB;wBAC3B,KAAK,EAAE,sBAAsB;wBAC7B,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF;QACD;YACE,EAAE,EAAE,cAAc;YAClB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,qBAAqB;YAC5B,WAAW,EAAE,kDAAkD;YAC/D,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN;wBACE,GAAG,EAAE,cAAc;wBACnB,KAAK,EAAE,cAAc;wBACrB,WAAW,EAAE,6BAA6B;wBAC1C,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF;KACF;IACD,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI;CACvB,CAAC;AAEF,6EAA6E;AAC7E,MAAM,SAAS,GAAmB;IAChC,EAAE,EAAE,OAAO;IACX,KAAK,EAAE,EAAE;IACT,QAAQ,EAAE,KAAK;IACf,KAAK,EAAE,gBAAgB;IACvB,WAAW,EACT,iIAAiI;IACnI,OAAO,EAAE;QACP;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,QAAQ;YACf,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN;wBACE,GAAG,EAAE,gBAAgB;wBACrB,KAAK,EAAE,gBAAgB;wBACvB,WAAW,EAAE,QAAQ;wBACrB,MAAM,EAAE,IAAI;qBACb;oBACD;wBACE,GAAG,EAAE,YAAY;wBACjB,KAAK,EAAE,2BAA2B;wBAClC,WAAW,EAAE,uCAAuC;qBACrD;oBACD;wBACE,GAAG,EAAE,UAAU;wBACf,KAAK,EAAE,mCAAmC;wBAC1C,WAAW,EAAE,YAAY;qBAC1B;iBACF;aACF;SACF;QACD;YACE,EAAE,EAAE,UAAU;YACd,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,UAAU;YACjB,WAAW,EAAE,uCAAuC;YACpD,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN;wBACE,GAAG,EAAE,kBAAkB;wBACvB,KAAK,EAAE,kBAAkB;wBACzB,WAAW,EAAE,QAAQ;wBACrB,MAAM,EAAE,IAAI;qBACb;oBACD;wBACE,GAAG,EAAE,YAAY;wBACjB,KAAK,EAAE,2BAA2B;wBAClC,WAAW,EAAE,uCAAuC;qBACrD;iBACF;aACF;SACF;KACF;IACD,UAAU,EAAE,GAAG,EAAE;QACf,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC;QAC5C,uEAAuE;QACvE,wEAAwE;QACxE,iBAAiB;QACjB,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB;YAAE,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;CACF,CAAC;AAEF,IAAI,UAAU,GAAG,KAAK,CAAC;AAEvB,6DAA6D;AAC7D,MAAM,UAAU,8BAA8B;IAC5C,IAAI,UAAU;QAAE,OAAO;IACvB,UAAU,GAAG,IAAI,CAAC;IAClB,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAChC,sBAAsB,CAAC,YAAY,CAAC,CAAC;IACrC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACjC,sBAAsB,CAAC,SAAS,CAAC,CAAC;AACpC,CAAC","sourcesContent":["/**\n * Default framework-level onboarding steps.\n *\n * Registered when `createOnboardingPlugin()` mounts (auto-mount or explicit).\n * Templates can override any step by registering another step with the same\n * `id` after these have been registered.\n */\n\nimport { registerOnboardingStep } from \"./registry.js\";\nimport type { OnboardingStep } from \"./types.js\";\nimport {\n PROVIDER_ENV_META,\n PROVIDER_ENV_VARS,\n} from \"../agent/engine/provider-env-vars.js\";\nimport { isAgentEngineSettingConfigured } from \"../agent/engine/registry.js\";\nimport { getSetting } from \"../settings/store.js\";\n\ntype LlmKeyMethod = {\n provider: keyof typeof PROVIDER_ENV_META;\n id: string;\n label: string;\n description: string;\n primary?: boolean;\n};\n\nconst LLM_KEY_METHODS: LlmKeyMethod[] = [\n {\n provider: \"anthropic\",\n id: \"anthropic-key\",\n label: \"Anthropic\",\n description: \"Claude models with your own Anthropic key.\",\n },\n {\n provider: \"openai\",\n id: \"openai-key\",\n label: \"OpenAI\",\n description: \"GPT models with your own OpenAI key.\",\n },\n {\n provider: \"google\",\n id: \"google-key\",\n label: \"Google Gemini\",\n description: \"Gemini models with your own Google AI key.\",\n },\n {\n provider: \"openrouter\",\n id: \"openrouter-key\",\n label: \"OpenRouter\",\n description: \"OpenRouter models with your own OpenRouter key.\",\n },\n {\n provider: \"groq\",\n id: \"groq-key\",\n label: \"Groq\",\n description: \"Groq-hosted models with your own Groq key.\",\n },\n {\n provider: \"mistral\",\n id: \"mistral-key\",\n label: \"Mistral\",\n description: \"Mistral models with your own Mistral key.\",\n },\n {\n provider: \"cohere\",\n id: \"cohere-key\",\n label: \"Cohere\",\n description: \"Cohere models with your own Cohere key.\",\n },\n];\n\nconst llmStep: OnboardingStep = {\n id: \"llm\",\n order: 10,\n required: true,\n title: \"Connect an AI engine\",\n description: \"Use Builder's managed gateway, or bring your own provider key.\",\n methods: [\n {\n id: \"builder\",\n kind: \"builder-cli-auth\",\n label: \"Connect Builder\",\n description:\n \"One click, no API key needed. Builder routes Claude, GPT, Gemini, and more.\",\n primary: true,\n payload: {\n scope: \"llm\",\n },\n },\n ...LLM_KEY_METHODS.map(({ provider, id, label, description, primary }) => {\n const meta = PROVIDER_ENV_META[provider];\n return {\n id,\n kind: \"form\" as const,\n label,\n description,\n ...(primary ? { primary: true } : {}),\n payload: {\n writeScope: \"workspace\" as const,\n fields: [\n {\n key: meta.envVar,\n label: meta.envVar,\n placeholder: meta.placeholder,\n secret: true,\n },\n ],\n },\n };\n }),\n ],\n isComplete: async () => {\n try {\n const { resolveHasBuilderPrivateKey } =\n await import(\"../server/credential-provider.js\");\n if (await resolveHasBuilderPrivateKey()) return true;\n } catch {\n if (process.env.BUILDER_PRIVATE_KEY) return true;\n }\n if (PROVIDER_ENV_VARS.some((k) => !!process.env[k])) return true;\n try {\n return isAgentEngineSettingConfigured(await getSetting(\"agent-engine\"));\n } catch {\n return false;\n }\n },\n};\n\n/** Step 2 — where application data lives. The default DB is non-blocking. */\nconst databaseStep: OnboardingStep = {\n id: \"database\",\n order: 20,\n required: false,\n title: \"Database\",\n description:\n \"Agent-native stores app data in SQL. Set DATABASE_URL when you want to point this app at a specific database.\",\n methods: [\n {\n id: \"database-url\",\n kind: \"form\",\n label: \"Set DATABASE_URL\",\n description: \"Paste the SQL connection string this app should use.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n {\n key: \"DATABASE_URL\",\n label: \"DATABASE_URL\",\n placeholder: \"postgres://..., libsql://..., file:./data/app.db\",\n },\n {\n key: \"DATABASE_AUTH_TOKEN\",\n label: \"DATABASE_AUTH_TOKEN (if needed)\",\n placeholder: \"Token for providers such as Turso/libSQL\",\n secret: true,\n },\n ],\n },\n },\n ],\n // The default local database means this step is always satisfied.\n isComplete: () => true,\n};\n\n/** Step 3 — how users sign in. Built-in account auth is non-blocking. */\nconst authStep: OnboardingStep = {\n id: \"auth\",\n order: 30,\n required: false,\n title: \"Authentication\",\n description:\n \"Built-in email/password accounts work by default. Add OAuth or access tokens only if you want another sign-in path.\",\n methods: [\n {\n id: \"google-oauth\",\n kind: \"form\",\n label: \"Google OAuth\",\n description: \"Add Google as an optional sign-in provider.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n { key: \"GOOGLE_CLIENT_ID\", label: \"GOOGLE_CLIENT_ID\" },\n {\n key: \"GOOGLE_CLIENT_SECRET\",\n label: \"GOOGLE_CLIENT_SECRET\",\n secret: true,\n },\n ],\n },\n },\n {\n id: \"github-oauth\",\n kind: \"form\",\n label: \"GitHub OAuth\",\n description: \"Add GitHub as an optional sign-in provider.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n { key: \"GITHUB_CLIENT_ID\", label: \"GITHUB_CLIENT_ID\" },\n {\n key: \"GITHUB_CLIENT_SECRET\",\n label: \"GITHUB_CLIENT_SECRET\",\n secret: true,\n },\n ],\n },\n },\n {\n id: \"access-token\",\n kind: \"form\",\n label: \"Shared access token\",\n description: \"Use a simple token gate for private deployments.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n {\n key: \"ACCESS_TOKEN\",\n label: \"ACCESS_TOKEN\",\n placeholder: \"Paste a strong shared token\",\n secret: true,\n },\n ],\n },\n },\n ],\n isComplete: () => true,\n};\n\n/** Step 4 — transactional email (password resets, invitations). Optional. */\nconst emailStep: OnboardingStep = {\n id: \"email\",\n order: 40,\n required: false,\n title: \"Email delivery\",\n description:\n \"Optional for local work. Before deploying with password resets, invitations, or share notifications, connect an email provider.\",\n methods: [\n {\n id: \"resend\",\n kind: \"form\",\n label: \"Resend\",\n description: \"Use Resend for transactional email.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n {\n key: \"RESEND_API_KEY\",\n label: \"RESEND_API_KEY\",\n placeholder: \"re_...\",\n secret: true,\n },\n {\n key: \"EMAIL_FROM\",\n label: \"EMAIL_FROM (from address)\",\n placeholder: \"Agent Native <noreply@yourdomain.com>\",\n },\n {\n key: \"APP_NAME\",\n label: \"APP_NAME (shown in invite emails)\",\n placeholder: \"Acme Forms\",\n },\n ],\n },\n },\n {\n id: \"sendgrid\",\n kind: \"form\",\n label: \"SendGrid\",\n description: \"Use SendGrid for transactional email.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n {\n key: \"SENDGRID_API_KEY\",\n label: \"SENDGRID_API_KEY\",\n placeholder: \"SG....\",\n secret: true,\n },\n {\n key: \"EMAIL_FROM\",\n label: \"EMAIL_FROM (from address)\",\n placeholder: \"Agent Native <noreply@yourdomain.com>\",\n },\n ],\n },\n },\n ],\n isComplete: () => {\n if (process.env.RESEND_API_KEY) return true;\n // SendGrid rejects Resend's sandbox sender, so EMAIL_FROM must also be\n // set — otherwise sendEmail() throws at runtime even though the API key\n // is configured.\n if (process.env.SENDGRID_API_KEY) return !!process.env.EMAIL_FROM;\n return false;\n },\n};\n\nlet registered = false;\n\n/** Idempotent. Safe to call from every plugin-mount call. */\nexport function registerDefaultOnboardingSteps(): void {\n if (registered) return;\n registered = true;\n registerOnboardingStep(llmStep);\n registerOnboardingStep(databaseStep);\n registerOnboardingStep(authStep);\n registerOnboardingStep(emailStep);\n}\n"]}
1
+ {"version":3,"file":"default-steps.js","sourceRoot":"","sources":["../../src/onboarding/default-steps.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,sBAAsB,EAAE,MAAM,eAAe,CAAC;AAEvD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,sCAAsC,CAAC;AAC9C,OAAO,EAAE,8BAA8B,EAAE,MAAM,6BAA6B,CAAC;AAC7E,OAAO,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AAUlD,MAAM,eAAe,GAAmB;IACtC;QACE,QAAQ,EAAE,WAAW;QACrB,EAAE,EAAE,eAAe;QACnB,KAAK,EAAE,WAAW;QAClB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,sCAAsC;KACpD;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,eAAe;QACtB,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,QAAQ,EAAE,YAAY;QACtB,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,YAAY;QACnB,WAAW,EAAE,iDAAiD;KAC/D;IACD;QACE,QAAQ,EAAE,MAAM;QAChB,EAAE,EAAE,UAAU;QACd,KAAK,EAAE,MAAM;QACb,WAAW,EAAE,4CAA4C;KAC1D;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,EAAE,EAAE,aAAa;QACjB,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,2CAA2C;KACzD;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,EAAE,EAAE,YAAY;QAChB,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,yCAAyC;KACvD;CACF,CAAC;AAEF,MAAM,OAAO,GAAmB;IAC9B,EAAE,EAAE,KAAK;IACT,KAAK,EAAE,EAAE;IACT,QAAQ,EAAE,IAAI;IACd,KAAK,EAAE,sBAAsB;IAC7B,WAAW,EAAE,gEAAgE;IAC7E,OAAO,EAAE;QACP;YACE,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,kBAAkB;YACxB,KAAK,EAAE,iBAAiB;YACxB,WAAW,EACT,qEAAqE;YACvE,OAAO,EAAE,IAAI;YACb,OAAO,EAAE;gBACP,KAAK,EAAE,KAAK;aACb;SACF;QACD,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,EAAE;YACvE,MAAM,IAAI,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;YACzC,OAAO;gBACL,EAAE;gBACF,IAAI,EAAE,MAAe;gBACrB,KAAK;gBACL,WAAW;gBACX,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrC,OAAO,EAAE;oBACP,UAAU,EAAE,WAAoB;oBAChC,MAAM,EAAE;wBACN;4BACE,GAAG,EAAE,IAAI,CAAC,MAAM;4BAChB,KAAK,EAAE,IAAI,CAAC,MAAM;4BAClB,WAAW,EAAE,IAAI,CAAC,WAAW;4BAC7B,MAAM,EAAE,IAAI;yBACb;qBACF;iBACF;aACF,CAAC;QACJ,CAAC,CAAC;KACH;IACD,UAAU,EAAE,KAAK,IAAI,EAAE;QACrB,IAAI,CAAC;YACH,MAAM,EAAE,2BAA2B,EAAE,GACnC,MAAM,MAAM,CAAC,kCAAkC,CAAC,CAAC;YACnD,IAAI,MAAM,2BAA2B,EAAE;gBAAE,OAAO,IAAI,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB;gBAAE,OAAO,IAAI,CAAC;QACnD,CAAC;QACD,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QACjE,IAAI,CAAC;YACH,OAAO,8BAA8B,CAAC,MAAM,UAAU,CAAC,cAAc,CAAC,CAAC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF,CAAC;AAEF,6EAA6E;AAC7E,MAAM,YAAY,GAAmB;IACnC,EAAE,EAAE,UAAU;IACd,KAAK,EAAE,EAAE;IACT,QAAQ,EAAE,KAAK;IACf,KAAK,EAAE,UAAU;IACjB,WAAW,EACT,+GAA+G;IACjH,OAAO,EAAE;QACP;YACE,EAAE,EAAE,cAAc;YAClB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,kBAAkB;YACzB,WAAW,EAAE,sDAAsD;YACnE,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN;wBACE,GAAG,EAAE,cAAc;wBACnB,KAAK,EAAE,cAAc;wBACrB,WAAW,EAAE,kDAAkD;qBAChE;oBACD;wBACE,GAAG,EAAE,qBAAqB;wBAC1B,KAAK,EAAE,iCAAiC;wBACxC,WAAW,EAAE,0CAA0C;wBACvD,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF;KACF;IACD,kEAAkE;IAClE,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI;CACvB,CAAC;AAEF,yEAAyE;AACzE,MAAM,QAAQ,GAAmB;IAC/B,EAAE,EAAE,MAAM;IACV,KAAK,EAAE,EAAE;IACT,QAAQ,EAAE,KAAK;IACf,KAAK,EAAE,gBAAgB;IACvB,WAAW,EACT,qHAAqH;IACvH,OAAO,EAAE;QACP;YACE,EAAE,EAAE,cAAc;YAClB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,6CAA6C;YAC1D,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,kBAAkB,EAAE;oBACtD;wBACE,GAAG,EAAE,sBAAsB;wBAC3B,KAAK,EAAE,sBAAsB;wBAC7B,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF;QACD;YACE,EAAE,EAAE,cAAc;YAClB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,cAAc;YACrB,WAAW,EAAE,6CAA6C;YAC1D,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN,EAAE,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,kBAAkB,EAAE;oBACtD;wBACE,GAAG,EAAE,sBAAsB;wBAC3B,KAAK,EAAE,sBAAsB;wBAC7B,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF;QACD;YACE,EAAE,EAAE,cAAc;YAClB,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,qBAAqB;YAC5B,WAAW,EAAE,kDAAkD;YAC/D,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN;wBACE,GAAG,EAAE,cAAc;wBACnB,KAAK,EAAE,cAAc;wBACrB,WAAW,EAAE,6BAA6B;wBAC1C,MAAM,EAAE,IAAI;qBACb;iBACF;aACF;SACF;KACF;IACD,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI;CACvB,CAAC;AAEF,6EAA6E;AAC7E,MAAM,SAAS,GAAmB;IAChC,EAAE,EAAE,OAAO;IACX,KAAK,EAAE,EAAE;IACT,QAAQ,EAAE,KAAK;IACf,KAAK,EAAE,gBAAgB;IACvB,WAAW,EACT,iIAAiI;IACnI,OAAO,EAAE;QACP;YACE,EAAE,EAAE,QAAQ;YACZ,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,QAAQ;YACf,WAAW,EAAE,qCAAqC;YAClD,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN;wBACE,GAAG,EAAE,gBAAgB;wBACrB,KAAK,EAAE,gBAAgB;wBACvB,WAAW,EAAE,QAAQ;wBACrB,MAAM,EAAE,IAAI;qBACb;oBACD;wBACE,GAAG,EAAE,YAAY;wBACjB,KAAK,EAAE,2BAA2B;wBAClC,WAAW,EAAE,uCAAuC;qBACrD;oBACD;wBACE,GAAG,EAAE,UAAU;wBACf,KAAK,EAAE,mCAAmC;wBAC1C,WAAW,EAAE,YAAY;qBAC1B;iBACF;aACF;SACF;QACD;YACE,EAAE,EAAE,UAAU;YACd,IAAI,EAAE,MAAM;YACZ,KAAK,EAAE,UAAU;YACjB,WAAW,EAAE,uCAAuC;YACpD,OAAO,EAAE;gBACP,UAAU,EAAE,WAAW;gBACvB,MAAM,EAAE;oBACN;wBACE,GAAG,EAAE,kBAAkB;wBACvB,KAAK,EAAE,kBAAkB;wBACzB,WAAW,EAAE,QAAQ;wBACrB,MAAM,EAAE,IAAI;qBACb;oBACD;wBACE,GAAG,EAAE,YAAY;wBACjB,KAAK,EAAE,2BAA2B;wBAClC,WAAW,EAAE,uCAAuC;qBACrD;iBACF;aACF;SACF;KACF;IACD,UAAU,EAAE,GAAG,EAAE;QACf,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc;YAAE,OAAO,IAAI,CAAC;QAC5C,uEAAuE;QACvE,wEAAwE;QACxE,iBAAiB;QACjB,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB;YAAE,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;QAClE,OAAO,KAAK,CAAC;IACf,CAAC;CACF,CAAC;AAEF,IAAI,UAAU,GAAG,KAAK,CAAC;AAEvB,6DAA6D;AAC7D,MAAM,UAAU,8BAA8B;IAC5C,IAAI,UAAU;QAAE,OAAO;IACvB,UAAU,GAAG,IAAI,CAAC;IAClB,sBAAsB,CAAC,OAAO,CAAC,CAAC;IAChC,sBAAsB,CAAC,YAAY,CAAC,CAAC;IACrC,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IACjC,sBAAsB,CAAC,SAAS,CAAC,CAAC;AACpC,CAAC","sourcesContent":["/**\n * Default framework-level onboarding steps.\n *\n * Registered when `createOnboardingPlugin()` mounts (auto-mount or explicit).\n * Templates can override any step by registering another step with the same\n * `id` after these have been registered.\n */\n\nimport { registerOnboardingStep } from \"./registry.js\";\nimport type { OnboardingStep } from \"./types.js\";\nimport {\n PROVIDER_ENV_META,\n PROVIDER_ENV_VARS,\n} from \"../agent/engine/provider-env-vars.js\";\nimport { isAgentEngineSettingConfigured } from \"../agent/engine/registry.js\";\nimport { getSetting } from \"../settings/store.js\";\n\ntype LlmKeyMethod = {\n provider: keyof typeof PROVIDER_ENV_META;\n id: string;\n label: string;\n description: string;\n primary?: boolean;\n};\n\nconst LLM_KEY_METHODS: LlmKeyMethod[] = [\n {\n provider: \"anthropic\",\n id: \"anthropic-key\",\n label: \"Anthropic\",\n description: \"Claude models with your own Anthropic key.\",\n },\n {\n provider: \"openai\",\n id: \"openai-key\",\n label: \"OpenAI\",\n description: \"GPT models with your own OpenAI key.\",\n },\n {\n provider: \"google\",\n id: \"google-key\",\n label: \"Google Gemini\",\n description: \"Gemini models with your own Google AI key.\",\n },\n {\n provider: \"openrouter\",\n id: \"openrouter-key\",\n label: \"OpenRouter\",\n description: \"OpenRouter models with your own OpenRouter key.\",\n },\n {\n provider: \"groq\",\n id: \"groq-key\",\n label: \"Groq\",\n description: \"Groq-hosted models with your own Groq key.\",\n },\n {\n provider: \"mistral\",\n id: \"mistral-key\",\n label: \"Mistral\",\n description: \"Mistral models with your own Mistral key.\",\n },\n {\n provider: \"cohere\",\n id: \"cohere-key\",\n label: \"Cohere\",\n description: \"Cohere models with your own Cohere key.\",\n },\n];\n\nconst llmStep: OnboardingStep = {\n id: \"llm\",\n order: 10,\n required: true,\n title: \"Connect an AI engine\",\n description: \"Use Builder's managed gateway, or bring your own provider key.\",\n methods: [\n {\n id: \"builder\",\n kind: \"builder-cli-auth\",\n label: \"Connect Builder\",\n description:\n \"Free credits for Claude, GPT, Gemini, and more — no API key needed.\",\n primary: true,\n payload: {\n scope: \"llm\",\n },\n },\n ...LLM_KEY_METHODS.map(({ provider, id, label, description, primary }) => {\n const meta = PROVIDER_ENV_META[provider];\n return {\n id,\n kind: \"form\" as const,\n label,\n description,\n ...(primary ? { primary: true } : {}),\n payload: {\n writeScope: \"workspace\" as const,\n fields: [\n {\n key: meta.envVar,\n label: meta.envVar,\n placeholder: meta.placeholder,\n secret: true,\n },\n ],\n },\n };\n }),\n ],\n isComplete: async () => {\n try {\n const { resolveHasBuilderPrivateKey } =\n await import(\"../server/credential-provider.js\");\n if (await resolveHasBuilderPrivateKey()) return true;\n } catch {\n if (process.env.BUILDER_PRIVATE_KEY) return true;\n }\n if (PROVIDER_ENV_VARS.some((k) => !!process.env[k])) return true;\n try {\n return isAgentEngineSettingConfigured(await getSetting(\"agent-engine\"));\n } catch {\n return false;\n }\n },\n};\n\n/** Step 2 — where application data lives. The default DB is non-blocking. */\nconst databaseStep: OnboardingStep = {\n id: \"database\",\n order: 20,\n required: false,\n title: \"Database\",\n description:\n \"Agent-native stores app data in SQL. Set DATABASE_URL when you want to point this app at a specific database.\",\n methods: [\n {\n id: \"database-url\",\n kind: \"form\",\n label: \"Set DATABASE_URL\",\n description: \"Paste the SQL connection string this app should use.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n {\n key: \"DATABASE_URL\",\n label: \"DATABASE_URL\",\n placeholder: \"postgres://..., libsql://..., file:./data/app.db\",\n },\n {\n key: \"DATABASE_AUTH_TOKEN\",\n label: \"DATABASE_AUTH_TOKEN (if needed)\",\n placeholder: \"Token for providers such as Turso/libSQL\",\n secret: true,\n },\n ],\n },\n },\n ],\n // The default local database means this step is always satisfied.\n isComplete: () => true,\n};\n\n/** Step 3 — how users sign in. Built-in account auth is non-blocking. */\nconst authStep: OnboardingStep = {\n id: \"auth\",\n order: 30,\n required: false,\n title: \"Authentication\",\n description:\n \"Built-in email/password accounts work by default. Add OAuth or access tokens only if you want another sign-in path.\",\n methods: [\n {\n id: \"google-oauth\",\n kind: \"form\",\n label: \"Google OAuth\",\n description: \"Add Google as an optional sign-in provider.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n { key: \"GOOGLE_CLIENT_ID\", label: \"GOOGLE_CLIENT_ID\" },\n {\n key: \"GOOGLE_CLIENT_SECRET\",\n label: \"GOOGLE_CLIENT_SECRET\",\n secret: true,\n },\n ],\n },\n },\n {\n id: \"github-oauth\",\n kind: \"form\",\n label: \"GitHub OAuth\",\n description: \"Add GitHub as an optional sign-in provider.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n { key: \"GITHUB_CLIENT_ID\", label: \"GITHUB_CLIENT_ID\" },\n {\n key: \"GITHUB_CLIENT_SECRET\",\n label: \"GITHUB_CLIENT_SECRET\",\n secret: true,\n },\n ],\n },\n },\n {\n id: \"access-token\",\n kind: \"form\",\n label: \"Shared access token\",\n description: \"Use a simple token gate for private deployments.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n {\n key: \"ACCESS_TOKEN\",\n label: \"ACCESS_TOKEN\",\n placeholder: \"Paste a strong shared token\",\n secret: true,\n },\n ],\n },\n },\n ],\n isComplete: () => true,\n};\n\n/** Step 4 — transactional email (password resets, invitations). Optional. */\nconst emailStep: OnboardingStep = {\n id: \"email\",\n order: 40,\n required: false,\n title: \"Email delivery\",\n description:\n \"Optional for local work. Before deploying with password resets, invitations, or share notifications, connect an email provider.\",\n methods: [\n {\n id: \"resend\",\n kind: \"form\",\n label: \"Resend\",\n description: \"Use Resend for transactional email.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n {\n key: \"RESEND_API_KEY\",\n label: \"RESEND_API_KEY\",\n placeholder: \"re_...\",\n secret: true,\n },\n {\n key: \"EMAIL_FROM\",\n label: \"EMAIL_FROM (from address)\",\n placeholder: \"Agent Native <noreply@yourdomain.com>\",\n },\n {\n key: \"APP_NAME\",\n label: \"APP_NAME (shown in invite emails)\",\n placeholder: \"Acme Forms\",\n },\n ],\n },\n },\n {\n id: \"sendgrid\",\n kind: \"form\",\n label: \"SendGrid\",\n description: \"Use SendGrid for transactional email.\",\n payload: {\n writeScope: \"workspace\",\n fields: [\n {\n key: \"SENDGRID_API_KEY\",\n label: \"SENDGRID_API_KEY\",\n placeholder: \"SG....\",\n secret: true,\n },\n {\n key: \"EMAIL_FROM\",\n label: \"EMAIL_FROM (from address)\",\n placeholder: \"Agent Native <noreply@yourdomain.com>\",\n },\n ],\n },\n },\n ],\n isComplete: () => {\n if (process.env.RESEND_API_KEY) return true;\n // SendGrid rejects Resend's sandbox sender, so EMAIL_FROM must also be\n // set — otherwise sendEmail() throws at runtime even though the API key\n // is configured.\n if (process.env.SENDGRID_API_KEY) return !!process.env.EMAIL_FROM;\n return false;\n },\n};\n\nlet registered = false;\n\n/** Idempotent. Safe to call from every plugin-mount call. */\nexport function registerDefaultOnboardingSteps(): void {\n if (registered) return;\n registered = true;\n registerOnboardingStep(llmStep);\n registerOnboardingStep(databaseStep);\n registerOnboardingStep(authStep);\n registerOnboardingStep(emailStep);\n}\n"]}
package/dist/onboarding/plugin.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/onboarding/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAwBH,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAM9D,MAAM,WAAW,uBAAuB;IACtC,yEAAyE;IACzE,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AA2FD,wBAAgB,sBAAsB,CACpC,OAAO,GAAE,uBAA4B,GACpC,cAAc,CAkIhB;AAED,wFAAwF;AACxF,eAAO,MAAM,uBAAuB,EAAE,cAAyC,CAAC"}
1
+ {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../../src/onboarding/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAwBH,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAM9D,MAAM,WAAW,uBAAuB;IACtC,yEAAyE;IACzE,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAoFD,wBAAgB,sBAAsB,CACpC,OAAO,GAAE,uBAA4B,GACpC,cAAc,CAkIhB;AAED,wFAAwF;AACxF,eAAO,MAAM,uBAAuB,EAAE,cAAyC,CAAC"}
package/dist/onboarding/plugin.js CHANGED
@@ -10,7 +10,7 @@
10
10
  import { defineEventHandler, getMethod, getQuery, setResponseStatus, } from "h3";
11
11
  import { awaitBootstrap, getH3App, markDefaultPluginProvided, } from "../server/framework-request-handler.js";
12
12
  import { appStateGet, appStatePut } from "../application-state/store.js";
13
- import { getSession, DEV_MODE_USER_EMAIL } from "../server/auth.js";
13
+ import { getSession } from "../server/auth.js";
14
14
  import { runWithRequestContext } from "../server/request-context.js";
15
15
  import { listOnboardingSteps } from "./registry.js";
16
16
  import { registerDefaultOnboardingSteps } from "./default-steps.js";
@@ -22,13 +22,6 @@ async function resolveOnboardingContext(event) {
22
22
  const session = await getSession(event);
23
23
  if (!session)
24
24
  return { sessionId: "local" };
25
- if (session.email === DEV_MODE_USER_EMAIL) {
26
- return {
27
- sessionId: "local",
28
- userEmail: session.email,
29
- orgId: session.orgId ?? null,
30
- };
31
- }
32
25
  return {
33
26
  sessionId: session.email,
34
27
  userEmail: session.email,
package/dist/onboarding/plugin.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../../src/onboarding/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,QAAQ,EACR,iBAAiB,GAElB,MAAM,IAAI,CAAC;AACZ,OAAO,EACL,cAAc,EACd,QAAQ,EACR,yBAAyB,GAC1B,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACpE,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AAQpE,MAAM,iBAAiB,GAAG,2BAA2B,CAAC;AACtD,MAAM,mBAAmB,GAAG,sBAAsB,CAAC;AACnD,MAAM,aAAa,GAAG,sBAAsB,CAAC;AAO7C,oFAAoF;AACpF,KAAK,UAAU,wBAAwB,CACrC,KAAc;IAEd,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;IAC5C,IAAI,OAAO,CAAC,KAAK,KAAK,mBAAmB,EAAE,CAAC;QAC1C,OAAO;YACL,SAAS,EAAE,OAAO;YAClB,SAAS,EAAE,OAAO,CAAC,KAAK;YACxB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;SAC7B,CAAC;IACJ,CAAC;IACD,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,KAAK;QACxB,SAAS,EAAE,OAAO,CAAC,KAAK;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;KAC7B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,MAAc;IAEd,2EAA2E;IAC3E,2EAA2E;IAC3E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,mBAAmB,GAAG,MAAM,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,CAAC,CAAC,GAAG,IAAK,GAA8B,CAAC,QAAQ,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAiC,EACjC,UAAiC,EAAE;IAEnC,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,GAAG,KAAK,CAAC;YACnB,CAAC;YACD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,QAAQ,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,KAAK;YAChC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,4BAA4B,CACnC,OAAiC,EACjC,EAAwB;IAExB,OAAO,qBAAqB,CAC1B;QACE,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,SAAS;KAClC,EACD,EAAE,CACH,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgC;IAC3D,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,UAAmC,EAAE;IAErC,OAAO,KAAK,EAAE,QAAa,EAAE,EAAE;QAC7B,yBAAyB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAClD,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE/B,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC9B,8BAA8B,EAAE,CAAC;QACnC,CAAC;QAED,iEAAiE;QACjE,sEAAsE;QACtE,EAAE;QACF,wEAAwE;QACxE,yEAAyE;QACzE,YAAY;QACZ,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,QAAQ,EAC5B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAEjE,0DAA0D;YAC1D,IAAI,OAAO,KAAK,EAAE,EAAE,CAAC;gBACnB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;oBACrB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;gBACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAA4B,CAAC;gBACzD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,KAAK,CAAC,CAAC;gBAC7D,OAAO,4BAA4B,CAAC,OAAO,EAAE,GAAG,EAAE,CAChD,cAAc,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CACrC,CAAC;YACJ,CAAC;YAED,+CAA+C;YAC/C,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC1B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACR,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;gBAClC,CAAC;gBACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;gBAC5D,MAAM,WAAW,CACf,SAAS,EACT,GAAG,mBAAmB,GAAG,EAAE,EAAE,EAC7B,EAAE,QAAQ,EAAE,IAAI,EAAE,EAClB,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;gBACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YAC1B,CAAC;YAED,uDAAuD;YACvD,OAAO;QACT,CAAC,CAAC,CACH,CAAC;QAEF,yCAAyC;QACzC,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,UAAU,EAC9B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,WAAW,CACf,SAAS,EACT,aAAa,EACb,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EACjD,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;QAEF,+DAA+D;QAC/D,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,SAAS,EAC7B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,WAAW,CACf,SAAS,EACT,aAAa,EACb,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAClD,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;QAEF,0CAA0C;QAC1C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,YAAY,EAChC,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YACtD,kEAAkE;YAClE,mEAAmE;YACnE,0CAA0C;YAC1C,IAAI,CAAC;gBACH,OAAO,MAAM,4BAA4B,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;oBAC5D,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAClE,MAAM,SAAS,GAAG,CAAC,CAAC,CAClB,KAAK,IAAK,KAAiC,CAAC,SAAS,CACtD,CAAC;oBACF,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;oBAC/C,OAAO;wBACL,SAAS;wBACT,WAAW,EAAE,mBAAmB,CAAC,QAAQ,CAAC;qBAC3C,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;YAClD,CAAC;QACH,CAAC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,wFAAwF;AACxF,MAAM,CAAC,MAAM,uBAAuB,GAAmB,sBAAsB,EAAE,CAAC","sourcesContent":["/**\n * Onboarding plugin — auto-mounts the `/_agent-native/onboarding/*` routes.\n *\n * Routes:\n * GET /_agent-native/onboarding/steps — list steps + completion\n * POST /_agent-native/onboarding/steps/:id/complete — manual override (marks complete)\n * POST /_agent-native/onboarding/dismiss — dismiss the banner\n * GET /_agent-native/onboarding/dismissed — dismissed flag + allComplete\n */\n\nimport {\n defineEventHandler,\n getMethod,\n getQuery,\n setResponseStatus,\n type H3Event,\n} from \"h3\";\nimport {\n awaitBootstrap,\n getH3App,\n markDefaultPluginProvided,\n} from \"../server/framework-request-handler.js\";\nimport { appStateGet, appStatePut } from \"../application-state/store.js\";\nimport { getSession, DEV_MODE_USER_EMAIL } from \"../server/auth.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { listOnboardingSteps } from \"./registry.js\";\nimport { registerDefaultOnboardingSteps } from \"./default-steps.js\";\nimport type {\n OnboardingResolveContext,\n OnboardingStepStatus,\n} from \"./types.js\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nconst ONBOARDING_PREFIX = \"/_agent-native/onboarding\";\nconst OVERRIDE_KEY_PREFIX = \"onboarding:override:\";\nconst DISMISSED_KEY = \"onboarding:dismissed\";\n\nexport interface OnboardingPluginOptions {\n /** Skip registering the built-in default steps (llm, database, auth). */\n skipDefaultSteps?: boolean;\n}\n\n/** Resolve the caller context used for onboarding and application-state scoping. */\nasync function resolveOnboardingContext(\n event: H3Event,\n): Promise<OnboardingResolveContext> {\n const session = await getSession(event);\n if (!session) return { sessionId: \"local\" };\n if (session.email === DEV_MODE_USER_EMAIL) {\n return {\n sessionId: \"local\",\n userEmail: session.email,\n orgId: session.orgId ?? null,\n };\n }\n return {\n sessionId: session.email,\n userEmail: session.email,\n orgId: session.orgId ?? null,\n };\n}\n\nasync function hasOverride(\n sessionId: string,\n stepId: string,\n): Promise<boolean> {\n // appStateGet hits the DB; on transient connection errors (flaky network /\n // Neon timeout) treat as \"no override\" rather than 500ing the whole route.\n try {\n const val = await appStateGet(sessionId, `${OVERRIDE_KEY_PREFIX}${stepId}`);\n return !!(val && (val as { complete?: boolean }).complete);\n } catch {\n return false;\n }\n}\n\n/**\n * Serialise every registered onboarding step (awaiting `isComplete()`).\n * Honours the per-session \"manual override\" flag in application-state.\n *\n * `preview` short-circuits both the resolver and the override lookup so the\n * dev overlay can render the new-user flow without touching real state.\n */\nasync function serializeSteps(\n context: OnboardingResolveContext,\n options: { preview?: boolean } = {},\n): Promise<OnboardingStepStatus[]> {\n const steps = listOnboardingSteps();\n const out: OnboardingStepStatus[] = [];\n for (const step of steps) {\n let complete = false;\n if (!options.preview) {\n try {\n complete = (await step.isComplete(context)) === true;\n } catch {\n complete = false;\n }\n if (!complete) {\n complete = await hasOverride(context.sessionId, step.id);\n }\n }\n out.push({\n id: step.id,\n title: step.title,\n description: step.description,\n order: step.order,\n required: step.required ?? false,\n complete,\n methods: step.methods,\n });\n }\n return out;\n}\n\nfunction withOnboardingRequestContext<T>(\n context: OnboardingResolveContext,\n fn: () => T | Promise<T>,\n): T | Promise<T> {\n return runWithRequestContext(\n {\n userEmail: context.userEmail,\n orgId: context.orgId ?? undefined,\n },\n fn,\n );\n}\n\nfunction allRequiredComplete(statuses: OnboardingStepStatus[]): boolean {\n return statuses.filter((s) => s.required).every((s) => s.complete);\n}\n\nexport function createOnboardingPlugin(\n options: OnboardingPluginOptions = {},\n): NitroPluginDef {\n return async (nitroApp: any) => {\n markDefaultPluginProvided(nitroApp, \"onboarding\");\n await awaitBootstrap(nitroApp);\n\n if (!options.skipDefaultSteps) {\n registerDefaultOnboardingSteps();\n }\n\n // GET /_agent-native/onboarding/steps — list steps\n // POST /_agent-native/onboarding/steps/:id/complete — manual override\n //\n // Mounting on `/steps` means the middleware wrapper strips that prefix,\n // so this handler sees `/` for the list and `/<stepId>/complete` for the\n // override.\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/steps`,\n defineEventHandler(async (event: H3Event) => {\n const method = getMethod(event);\n const pathname = event.url?.pathname || \"/\";\n const trimmed = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n\n // List endpoint — GET /steps (pathname becomes \"\" or \"/\")\n if (trimmed === \"\") {\n if (method !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const context = await resolveOnboardingContext(event);\n const query = getQuery(event) as Record<string, unknown>;\n const preview = query.preview === \"1\" || query.preview === 1;\n return withOnboardingRequestContext(context, () =>\n serializeSteps(context, { preview }),\n );\n }\n\n // Override endpoint — POST /steps/:id/complete\n const [id, action] = trimmed.split(\"/\");\n if (action === \"complete\") {\n if (method !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n if (!id) {\n setResponseStatus(event, 400);\n return { error: \"id required\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n `${OVERRIDE_KEY_PREFIX}${id}`,\n { complete: true },\n { requestSource: \"agent\" },\n );\n return { ok: true, id };\n }\n\n // Unknown subroute — fall through to other middleware.\n return;\n }),\n );\n\n // POST /_agent-native/onboarding/dismiss\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/dismiss`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n DISMISSED_KEY,\n { dismissed: true, at: new Date().toISOString() },\n { requestSource: \"agent\" },\n );\n return { ok: true };\n }),\n );\n\n // POST /_agent-native/onboarding/reopen — clear dismissed flag\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/reopen`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n DISMISSED_KEY,\n { dismissed: false, at: new Date().toISOString() },\n { requestSource: \"agent\" },\n );\n return { ok: true };\n }),\n );\n\n // GET /_agent-native/onboarding/dismissed\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/dismissed`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const context = await resolveOnboardingContext(event);\n // On flaky networks (or transient Neon hiccups) the DB call below\n // can throw — return safe defaults so a transient connection error\n // doesn't surface as a 500 to the client.\n try {\n return await withOnboardingRequestContext(context, async () => {\n const value = await appStateGet(context.sessionId, DISMISSED_KEY);\n const dismissed = !!(\n value && (value as { dismissed?: boolean }).dismissed\n );\n const statuses = await serializeSteps(context);\n return {\n dismissed,\n allComplete: allRequiredComplete(statuses),\n };\n });\n } catch {\n return { dismissed: false, allComplete: false };\n }\n }),\n );\n };\n}\n\n/** Default plugin instance — mounted automatically when a template doesn't override. */\nexport const defaultOnboardingPlugin: NitroPluginDef = createOnboardingPlugin();\n"]}
1
+ {"version":3,"file":"plugin.js","sourceRoot":"","sources":["../../src/onboarding/plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,kBAAkB,EAClB,SAAS,EACT,QAAQ,EACR,iBAAiB,GAElB,MAAM,IAAI,CAAC;AACZ,OAAO,EACL,cAAc,EACd,QAAQ,EACR,yBAAyB,GAC1B,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AACrE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,8BAA8B,EAAE,MAAM,oBAAoB,CAAC;AAQpE,MAAM,iBAAiB,GAAG,2BAA2B,CAAC;AACtD,MAAM,mBAAmB,GAAG,sBAAsB,CAAC;AACnD,MAAM,aAAa,GAAG,sBAAsB,CAAC;AAO7C,oFAAoF;AACpF,KAAK,UAAU,wBAAwB,CACrC,KAAc;IAEd,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;IAC5C,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,KAAK;QACxB,SAAS,EAAE,OAAO,CAAC,KAAK;QACxB,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;KAC7B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,SAAiB,EACjB,MAAc;IAEd,2EAA2E;IAC3E,2EAA2E;IAC3E,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,GAAG,mBAAmB,GAAG,MAAM,EAAE,CAAC,CAAC;QAC5E,OAAO,CAAC,CAAC,CAAC,GAAG,IAAK,GAA8B,CAAC,QAAQ,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAiC,EACjC,UAAiC,EAAE;IAEnC,MAAM,KAAK,GAAG,mBAAmB,EAAE,CAAC;IACpC,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACrB,IAAI,CAAC;gBACH,QAAQ,GAAG,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC;gBACP,QAAQ,GAAG,KAAK,CAAC;YACnB,CAAC;YACD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,QAAQ,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3D,CAAC;QACH,CAAC;QACD,GAAG,CAAC,IAAI,CAAC;YACP,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,KAAK;YAChC,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,4BAA4B,CACnC,OAAiC,EACjC,EAAwB;IAExB,OAAO,qBAAqB,CAC1B;QACE,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,SAAS;KAClC,EACD,EAAE,CACH,CAAC;AACJ,CAAC;AAED,SAAS,mBAAmB,CAAC,QAAgC;IAC3D,OAAO,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED,MAAM,UAAU,sBAAsB,CACpC,UAAmC,EAAE;IAErC,OAAO,KAAK,EAAE,QAAa,EAAE,EAAE;QAC7B,yBAAyB,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAClD,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE/B,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YAC9B,8BAA8B,EAAE,CAAC;QACnC,CAAC;QAED,iEAAiE;QACjE,sEAAsE;QACtE,EAAE;QACF,wEAAwE;QACxE,yEAAyE;QACzE,YAAY;QACZ,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,QAAQ,EAC5B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,EAAE,QAAQ,IAAI,GAAG,CAAC;YAC5C,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAEjE,0DAA0D;YAC1D,IAAI,OAAO,KAAK,EAAE,EAAE,CAAC;gBACnB,IAAI,MAAM,KAAK,KAAK,EAAE,CAAC;oBACrB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;gBACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAA4B,CAAC;gBACzD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,KAAK,CAAC,CAAC;gBAC7D,OAAO,4BAA4B,CAAC,OAAO,EAAE,GAAG,EAAE,CAChD,cAAc,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,CAAC,CACrC,CAAC;YACJ,CAAC;YAED,+CAA+C;YAC/C,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxC,IAAI,MAAM,KAAK,UAAU,EAAE,CAAC;gBAC1B,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;oBACtB,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;gBACzC,CAAC;gBACD,IAAI,CAAC,EAAE,EAAE,CAAC;oBACR,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC9B,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC;gBAClC,CAAC;gBACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;gBAC5D,MAAM,WAAW,CACf,SAAS,EACT,GAAG,mBAAmB,GAAG,EAAE,EAAE,EAC7B,EAAE,QAAQ,EAAE,IAAI,EAAE,EAClB,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;gBACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;YAC1B,CAAC;YAED,uDAAuD;YACvD,OAAO;QACT,CAAC,CAAC,CACH,CAAC;QAEF,yCAAyC;QACzC,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,UAAU,EAC9B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,WAAW,CACf,SAAS,EACT,aAAa,EACb,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EACjD,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;QAEF,+DAA+D;QAC/D,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,SAAS,EAC7B,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,MAAM,EAAE,CAAC;gBAChC,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,WAAW,CACf,SAAS,EACT,aAAa,EACb,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,EAClD,EAAE,aAAa,EAAE,OAAO,EAAE,CAC3B,CAAC;YACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;QACtB,CAAC,CAAC,CACH,CAAC;QAEF,0CAA0C;QAC1C,QAAQ,CAAC,QAAQ,CAAC,CAAC,GAAG,CACpB,GAAG,iBAAiB,YAAY,EAChC,kBAAkB,CAAC,KAAK,EAAE,KAAc,EAAE,EAAE;YAC1C,IAAI,SAAS,CAAC,KAAK,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC/B,iBAAiB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBAC9B,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC;YACzC,CAAC;YACD,MAAM,OAAO,GAAG,MAAM,wBAAwB,CAAC,KAAK,CAAC,CAAC;YACtD,kEAAkE;YAClE,mEAAmE;YACnE,0CAA0C;YAC1C,IAAI,CAAC;gBACH,OAAO,MAAM,4BAA4B,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;oBAC5D,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;oBAClE,MAAM,SAAS,GAAG,CAAC,CAAC,CAClB,KAAK,IAAK,KAAiC,CAAC,SAAS,CACtD,CAAC;oBACF,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAC;oBAC/C,OAAO;wBACL,SAAS;wBACT,WAAW,EAAE,mBAAmB,CAAC,QAAQ,CAAC;qBAC3C,CAAC;gBACJ,CAAC,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,CAAC;YAClD,CAAC;QACH,CAAC,CAAC,CACH,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED,wFAAwF;AACxF,MAAM,CAAC,MAAM,uBAAuB,GAAmB,sBAAsB,EAAE,CAAC","sourcesContent":["/**\n * Onboarding plugin — auto-mounts the `/_agent-native/onboarding/*` routes.\n *\n * Routes:\n * GET /_agent-native/onboarding/steps — list steps + completion\n * POST /_agent-native/onboarding/steps/:id/complete — manual override (marks complete)\n * POST /_agent-native/onboarding/dismiss — dismiss the banner\n * GET /_agent-native/onboarding/dismissed — dismissed flag + allComplete\n */\n\nimport {\n defineEventHandler,\n getMethod,\n getQuery,\n setResponseStatus,\n type H3Event,\n} from \"h3\";\nimport {\n awaitBootstrap,\n getH3App,\n markDefaultPluginProvided,\n} from \"../server/framework-request-handler.js\";\nimport { appStateGet, appStatePut } from \"../application-state/store.js\";\nimport { getSession } from \"../server/auth.js\";\nimport { runWithRequestContext } from \"../server/request-context.js\";\nimport { listOnboardingSteps } from \"./registry.js\";\nimport { registerDefaultOnboardingSteps } from \"./default-steps.js\";\nimport type {\n OnboardingResolveContext,\n OnboardingStepStatus,\n} from \"./types.js\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nconst ONBOARDING_PREFIX = \"/_agent-native/onboarding\";\nconst OVERRIDE_KEY_PREFIX = \"onboarding:override:\";\nconst DISMISSED_KEY = \"onboarding:dismissed\";\n\nexport interface OnboardingPluginOptions {\n /** Skip registering the built-in default steps (llm, database, auth). */\n skipDefaultSteps?: boolean;\n}\n\n/** Resolve the caller context used for onboarding and application-state scoping. */\nasync function resolveOnboardingContext(\n event: H3Event,\n): Promise<OnboardingResolveContext> {\n const session = await getSession(event);\n if (!session) return { sessionId: \"local\" };\n return {\n sessionId: session.email,\n userEmail: session.email,\n orgId: session.orgId ?? null,\n };\n}\n\nasync function hasOverride(\n sessionId: string,\n stepId: string,\n): Promise<boolean> {\n // appStateGet hits the DB; on transient connection errors (flaky network /\n // Neon timeout) treat as \"no override\" rather than 500ing the whole route.\n try {\n const val = await appStateGet(sessionId, `${OVERRIDE_KEY_PREFIX}${stepId}`);\n return !!(val && (val as { complete?: boolean }).complete);\n } catch {\n return false;\n }\n}\n\n/**\n * Serialise every registered onboarding step (awaiting `isComplete()`).\n * Honours the per-session \"manual override\" flag in application-state.\n *\n * `preview` short-circuits both the resolver and the override lookup so the\n * dev overlay can render the new-user flow without touching real state.\n */\nasync function serializeSteps(\n context: OnboardingResolveContext,\n options: { preview?: boolean } = {},\n): Promise<OnboardingStepStatus[]> {\n const steps = listOnboardingSteps();\n const out: OnboardingStepStatus[] = [];\n for (const step of steps) {\n let complete = false;\n if (!options.preview) {\n try {\n complete = (await step.isComplete(context)) === true;\n } catch {\n complete = false;\n }\n if (!complete) {\n complete = await hasOverride(context.sessionId, step.id);\n }\n }\n out.push({\n id: step.id,\n title: step.title,\n description: step.description,\n order: step.order,\n required: step.required ?? false,\n complete,\n methods: step.methods,\n });\n }\n return out;\n}\n\nfunction withOnboardingRequestContext<T>(\n context: OnboardingResolveContext,\n fn: () => T | Promise<T>,\n): T | Promise<T> {\n return runWithRequestContext(\n {\n userEmail: context.userEmail,\n orgId: context.orgId ?? undefined,\n },\n fn,\n );\n}\n\nfunction allRequiredComplete(statuses: OnboardingStepStatus[]): boolean {\n return statuses.filter((s) => s.required).every((s) => s.complete);\n}\n\nexport function createOnboardingPlugin(\n options: OnboardingPluginOptions = {},\n): NitroPluginDef {\n return async (nitroApp: any) => {\n markDefaultPluginProvided(nitroApp, \"onboarding\");\n await awaitBootstrap(nitroApp);\n\n if (!options.skipDefaultSteps) {\n registerDefaultOnboardingSteps();\n }\n\n // GET /_agent-native/onboarding/steps — list steps\n // POST /_agent-native/onboarding/steps/:id/complete — manual override\n //\n // Mounting on `/steps` means the middleware wrapper strips that prefix,\n // so this handler sees `/` for the list and `/<stepId>/complete` for the\n // override.\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/steps`,\n defineEventHandler(async (event: H3Event) => {\n const method = getMethod(event);\n const pathname = event.url?.pathname || \"/\";\n const trimmed = pathname.replace(/^\\/+/, \"\").replace(/\\/+$/, \"\");\n\n // List endpoint — GET /steps (pathname becomes \"\" or \"/\")\n if (trimmed === \"\") {\n if (method !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const context = await resolveOnboardingContext(event);\n const query = getQuery(event) as Record<string, unknown>;\n const preview = query.preview === \"1\" || query.preview === 1;\n return withOnboardingRequestContext(context, () =>\n serializeSteps(context, { preview }),\n );\n }\n\n // Override endpoint — POST /steps/:id/complete\n const [id, action] = trimmed.split(\"/\");\n if (action === \"complete\") {\n if (method !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n if (!id) {\n setResponseStatus(event, 400);\n return { error: \"id required\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n `${OVERRIDE_KEY_PREFIX}${id}`,\n { complete: true },\n { requestSource: \"agent\" },\n );\n return { ok: true, id };\n }\n\n // Unknown subroute — fall through to other middleware.\n return;\n }),\n );\n\n // POST /_agent-native/onboarding/dismiss\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/dismiss`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n DISMISSED_KEY,\n { dismissed: true, at: new Date().toISOString() },\n { requestSource: \"agent\" },\n );\n return { ok: true };\n }),\n );\n\n // POST /_agent-native/onboarding/reopen — clear dismissed flag\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/reopen`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"POST\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const { sessionId } = await resolveOnboardingContext(event);\n await appStatePut(\n sessionId,\n DISMISSED_KEY,\n { dismissed: false, at: new Date().toISOString() },\n { requestSource: \"agent\" },\n );\n return { ok: true };\n }),\n );\n\n // GET /_agent-native/onboarding/dismissed\n getH3App(nitroApp).use(\n `${ONBOARDING_PREFIX}/dismissed`,\n defineEventHandler(async (event: H3Event) => {\n if (getMethod(event) !== \"GET\") {\n setResponseStatus(event, 405);\n return { error: \"Method not allowed\" };\n }\n const context = await resolveOnboardingContext(event);\n // On flaky networks (or transient Neon hiccups) the DB call below\n // can throw — return safe defaults so a transient connection error\n // doesn't surface as a 500 to the client.\n try {\n return await withOnboardingRequestContext(context, async () => {\n const value = await appStateGet(context.sessionId, DISMISSED_KEY);\n const dismissed = !!(\n value && (value as { dismissed?: boolean }).dismissed\n );\n const statuses = await serializeSteps(context);\n return {\n dismissed,\n allComplete: allRequiredComplete(statuses),\n };\n });\n } catch {\n return { dismissed: false, allComplete: false };\n }\n }),\n );\n };\n}\n\n/** Default plugin instance — mounted automatically when a template doesn't override. */\nexport const defaultOnboardingPlugin: NitroPluginDef = createOnboardingPlugin();\n"]}
package/dist/org/accept-pending.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"accept-pending.d.ts","sourceRoot":"","sources":["../../src/org/accept-pending.ts"],"names":[],"mappings":"AAQA,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,KAAK,CAAC;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzD,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,gCAAgC,CACpD,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC,CA4D9B"}
1
+ {"version":3,"file":"accept-pending.d.ts","sourceRoot":"","sources":["../../src/org/accept-pending.ts"],"names":[],"mappings":"AAOA,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,KAAK,CAAC;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACzD,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,gCAAgC,CACpD,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,mBAAmB,CAAC,CA4D9B"}
package/dist/org/accept-pending.js CHANGED
@@ -1,6 +1,5 @@
1
1
  import { getDbExec } from "../db/client.js";
2
2
  import { putUserSetting } from "../settings/user-settings.js";
3
- import { DEV_MODE_USER_EMAIL } from "../server/auth.js";
4
3
  const nanoid = () => globalThis.crypto?.randomUUID?.().replace(/-/g, "") ??
5
4
  Math.random().toString(36).slice(2) + Date.now().toString(36);
6
5
  /**
@@ -18,7 +17,7 @@ const nanoid = () => globalThis.crypto?.randomUUID?.().replace(/-/g, "") ??
18
17
  */
19
18
  export async function acceptPendingInvitationsForEmail(rawEmail) {
20
19
  const email = rawEmail.trim().toLowerCase();
21
- if (!email || email === DEV_MODE_USER_EMAIL) {
20
+ if (!email) {
22
21
  return { accepted: [], activeOrgId: null };
23
22
  }
24
23
  const db = getDbExec();
package/dist/org/accept-pending.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"accept-pending.js","sourceRoot":"","sources":["../../src/org/accept-pending.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAExD,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAOhE;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,QAAgB;IAEhB,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,KAAK,IAAI,KAAK,KAAK,mBAAmB,EAAE,CAAC;QAC5C,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;IAEvB,IAAI,IAAI,GAAyC,EAAE,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAC3B,GAAG,EAAE;;qCAE0B;YAC/B,IAAI,EAAE,CAAC,KAAK,CAAC;SACd,CAAC,CAAC;QACH,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;YAC/B,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;SACnC,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,iEAAiE;QACjE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,QAAQ,GAAoC,EAAE,CAAC;IACrD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAChC,GAAG,EAAE,yEAAyE;YAC9E,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;SACzB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,MAAM,EAAE,CAAC,OAAO,CAAC;gBACf,GAAG,EAAE,4FAA4F;gBACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;aAC/C,CAAC,CAAC;QACL,CAAC;QACD,MAAM,EAAE,CAAC,OAAO,CAAC;YACf,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;SACf,CAAC,CAAC;QACH,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,qEAAqE;IACrE,qCAAqC;IACrC,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC/C,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACvE,CAAC;QAAC,MAAM,CAAC;YACP,yEAAyE;QAC3E,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACnC,CAAC","sourcesContent":["import { getDbExec } from \"../db/client.js\";\nimport { putUserSetting } from \"../settings/user-settings.js\";\nimport { DEV_MODE_USER_EMAIL } from \"../server/auth.js\";\n\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\n\nexport interface AcceptPendingResult {\n accepted: Array<{ invitationId: string; orgId: string }>;\n activeOrgId: string | null;\n}\n\n/**\n * Accept every pending `org_invitations` row for this email:\n * - insert a matching `org_members` row (role 'member') when one doesn't exist\n * - flip the invitation's status to 'accepted'\n * - set the user's `active-org-id` to the most-recently-created invite\n *\n * Called from the Better Auth `user.create.after` hook so that a user who signs\n * up with an email they were just invited to lands in the org immediately,\n * rather than seeing a blank-slate app until they navigate to /team.\n *\n * Safe to call when the org tables don't exist (some templates don't use the\n * org module) — it swallows the \"no such table\" error and returns empty.\n */\nexport async function acceptPendingInvitationsForEmail(\n rawEmail: string,\n): Promise<AcceptPendingResult> {\n const email = rawEmail.trim().toLowerCase();\n if (!email || email === DEV_MODE_USER_EMAIL) {\n return { accepted: [], activeOrgId: null };\n }\n\n const db = getDbExec();\n\n let rows: Array<{ id: string; orgId: string }> = [];\n try {\n const res = await db.execute({\n sql: `SELECT id, org_id AS \"orgId\" FROM org_invitations\n WHERE LOWER(email) = ? AND status = 'pending'\n ORDER BY created_at DESC`,\n args: [email],\n });\n rows = res.rows.map((r: any) => ({\n id: String(r.id),\n orgId: String(r.orgId ?? r.org_id),\n }));\n } catch (err) {\n // Template doesn't use the org module / tables not migrated yet.\n return { accepted: [], activeOrgId: null };\n }\n\n if (rows.length === 0) {\n return { accepted: [], activeOrgId: null };\n }\n\n const accepted: AcceptPendingResult[\"accepted\"] = [];\n for (const inv of rows) {\n const existing = await db.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [inv.orgId, email],\n });\n if (existing.rows.length === 0) {\n await db.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n args: [nanoid(), inv.orgId, email, Date.now()],\n });\n }\n await db.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [inv.id],\n });\n accepted.push({ invitationId: inv.id, orgId: inv.orgId });\n }\n\n // Set active-org-id to the most recent invite so the user lands in a\n // populated workspace on first load.\n const activeOrgId = accepted[0]?.orgId ?? null;\n if (activeOrgId) {\n try {\n await putUserSetting(email, \"active-org-id\", { orgId: activeOrgId });\n } catch {\n // user_settings table might not exist in a minimal template — not fatal.\n }\n }\n\n return { accepted, activeOrgId };\n}\n"]}
1
+ {"version":3,"file":"accept-pending.js","sourceRoot":"","sources":["../../src/org/accept-pending.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAE9D,MAAM,MAAM,GAAG,GAAW,EAAE,CAC1B,UAAU,CAAC,MAAM,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;AAOhE;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,QAAgB;IAEhB,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,EAAE,GAAG,SAAS,EAAE,CAAC;IAEvB,IAAI,IAAI,GAAyC,EAAE,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAC3B,GAAG,EAAE;;qCAE0B;YAC/B,IAAI,EAAE,CAAC,KAAK,CAAC;SACd,CAAC,CAAC;QACH,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC;YAC/B,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;YAChB,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;SACnC,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,iEAAiE;QACjE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC;IAC7C,CAAC;IAED,MAAM,QAAQ,GAAoC,EAAE,CAAC;IACrD,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC;YAChC,GAAG,EAAE,yEAAyE;YAC9E,IAAI,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC;SACzB,CAAC,CAAC;QACH,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,MAAM,EAAE,CAAC,OAAO,CAAC;gBACf,GAAG,EAAE,4FAA4F;gBACjG,IAAI,EAAE,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;aAC/C,CAAC,CAAC;QACL,CAAC;QACD,MAAM,EAAE,CAAC,OAAO,CAAC;YACf,GAAG,EAAE,6DAA6D;YAClE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;SACf,CAAC,CAAC;QACH,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,qEAAqE;IACrE,qCAAqC;IACrC,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC/C,IAAI,WAAW,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,cAAc,CAAC,KAAK,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;QACvE,CAAC;QAAC,MAAM,CAAC;YACP,yEAAyE;QAC3E,CAAC;IACH,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;AACnC,CAAC","sourcesContent":["import { getDbExec } from \"../db/client.js\";\nimport { putUserSetting } from \"../settings/user-settings.js\";\n\nconst nanoid = (): string =>\n globalThis.crypto?.randomUUID?.().replace(/-/g, \"\") ??\n Math.random().toString(36).slice(2) + Date.now().toString(36);\n\nexport interface AcceptPendingResult {\n accepted: Array<{ invitationId: string; orgId: string }>;\n activeOrgId: string | null;\n}\n\n/**\n * Accept every pending `org_invitations` row for this email:\n * - insert a matching `org_members` row (role 'member') when one doesn't exist\n * - flip the invitation's status to 'accepted'\n * - set the user's `active-org-id` to the most-recently-created invite\n *\n * Called from the Better Auth `user.create.after` hook so that a user who signs\n * up with an email they were just invited to lands in the org immediately,\n * rather than seeing a blank-slate app until they navigate to /team.\n *\n * Safe to call when the org tables don't exist (some templates don't use the\n * org module) — it swallows the \"no such table\" error and returns empty.\n */\nexport async function acceptPendingInvitationsForEmail(\n rawEmail: string,\n): Promise<AcceptPendingResult> {\n const email = rawEmail.trim().toLowerCase();\n if (!email) {\n return { accepted: [], activeOrgId: null };\n }\n\n const db = getDbExec();\n\n let rows: Array<{ id: string; orgId: string }> = [];\n try {\n const res = await db.execute({\n sql: `SELECT id, org_id AS \"orgId\" FROM org_invitations\n WHERE LOWER(email) = ? AND status = 'pending'\n ORDER BY created_at DESC`,\n args: [email],\n });\n rows = res.rows.map((r: any) => ({\n id: String(r.id),\n orgId: String(r.orgId ?? r.org_id),\n }));\n } catch (err) {\n // Template doesn't use the org module / tables not migrated yet.\n return { accepted: [], activeOrgId: null };\n }\n\n if (rows.length === 0) {\n return { accepted: [], activeOrgId: null };\n }\n\n const accepted: AcceptPendingResult[\"accepted\"] = [];\n for (const inv of rows) {\n const existing = await db.execute({\n sql: `SELECT 1 FROM org_members WHERE org_id = ? AND LOWER(email) = ? LIMIT 1`,\n args: [inv.orgId, email],\n });\n if (existing.rows.length === 0) {\n await db.execute({\n sql: `INSERT INTO org_members (id, org_id, email, role, joined_at) VALUES (?, ?, ?, 'member', ?)`,\n args: [nanoid(), inv.orgId, email, Date.now()],\n });\n }\n await db.execute({\n sql: `UPDATE org_invitations SET status = 'accepted' WHERE id = ?`,\n args: [inv.id],\n });\n accepted.push({ invitationId: inv.id, orgId: inv.orgId });\n }\n\n // Set active-org-id to the most recent invite so the user lands in a\n // populated workspace on first load.\n const activeOrgId = accepted[0]?.orgId ?? null;\n if (activeOrgId) {\n try {\n await putUserSetting(email, \"active-org-id\", { orgId: activeOrgId });\n } catch {\n // user_settings table might not exist in a minimal template — not fatal.\n }\n }\n\n return { accepted, activeOrgId };\n}\n"]}
package/dist/org/context.d.ts CHANGED
@@ -5,8 +5,6 @@ import type { OrgContext } from "./types.js";
5
5
  *
6
6
  * - For users in multiple orgs, honors their `active-org-id` user setting.
7
7
  * - Falls back to the user's first membership.
8
- * - `local@localhost` (dev / no-auth mode) is treated as a regular identity:
9
- * it owns whatever orgs it has created locally.
10
8
  * - When `AUTO_CREATE_DEFAULT_ORG` is set and the authenticated user has
11
9
  * zero memberships, provisions a default org named after the user
12
10
  * ({name}'s workspace, falling back to the email local-part). Opt-in
package/dist/org/context.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/org/context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAKlC,OAAO,KAAK,EAAE,UAAU,EAAW,MAAM,YAAY,CAAC;AAatD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAqEvE;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAqLD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxE;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAa3E;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxB;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAepD"}
1
+ {"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../../src/org/context.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAKlC,OAAO,KAAK,EAAE,UAAU,EAAW,MAAM,YAAY,CAAC;AAatD;;;;;;;;;;;GAWG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAkEvE;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAqBxB;AAqLD;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxE;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAa3E;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxB;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAepD"}
package/dist/org/context.js CHANGED
@@ -15,8 +15,6 @@ const nanoid = () => globalThis.crypto?.randomUUID?.().replace(/-/g, "") ??
15
15
  *
16
16
  * - For users in multiple orgs, honors their `active-org-id` user setting.
17
17
  * - Falls back to the user's first membership.
18
- * - `local@localhost` (dev / no-auth mode) is treated as a regular identity:
19
- * it owns whatever orgs it has created locally.
20
18
  * - When `AUTO_CREATE_DEFAULT_ORG` is set and the authenticated user has
21
19
  * zero memberships, provisions a default org named after the user
22
20
  * ({name}'s workspace, falling back to the email local-part). Opt-in
@@ -27,9 +25,6 @@ const nanoid = () => globalThis.crypto?.randomUUID?.().replace(/-/g, "") ??
27
25
  export async function getOrgContext(event) {
28
26
  const session = await getSession(event);
29
27
  const email = session?.email;
30
- // No `?? "local@localhost"` fallback — if the session is genuinely
31
- // missing (misconfigured prod, expired token mid-request) don't
32
- // silently promote the caller to the shared dev identity.
33
28
  if (!email)
34
29
  return EMPTY_CONTEXT;
35
30
  const exec = getDbExec();