@agent-native/core 0.7.83 → 0.8.0

package/dist/{tools → extensions}/store.js

@@ -5,36 +5,38 @@ import { createGetDb } from "../db/create-get-db.js";
 import { accessFilter, assertAccess, resolveAccess, } from "../sharing/access.js";
 import { getRequestUserEmail, getRequestOrgId, } from "../server/request-context.js";
 import { registerShareableResource } from "../sharing/registry.js";
-import { tools, toolShares, TOOLS_CREATE_SQL, TOOLS_CREATE_SQL_PG, TOOL_SHARES_CREATE_SQL, TOOL_SHARES_CREATE_SQL_PG, TOOL_DATA_CREATE_SQL, TOOL_DATA_CREATE_SQL_PG, TOOL_DATA_ITEM_INDEX_SQL, TOOL_DATA_ITEM_INDEX_SQL_PG, TOOL_DATA_DROP_OLD_INDEX_SQL, TOOL_DATA_DROP_OLD_INDEX_SQL_PG, TOOLS_OWNER_INDEX_SQL, TOOLS_ORG_INDEX_SQL, TOOL_SHARES_RESOURCE_INDEX_SQL, TOOL_CONSENTS_CREATE_SQL, TOOL_CONSENTS_CREATE_SQL_PG, TOOL_CONSENTS_VIEWER_INDEX_SQL, } from "./schema.js";
-const getDb = createGetDb({ tools, toolShares });
+import { extensions, extensionShares, EXTENSIONS_CREATE_SQL, EXTENSIONS_CREATE_SQL_PG, EXTENSION_SHARES_CREATE_SQL, EXTENSION_SHARES_CREATE_SQL_PG, EXTENSION_DATA_CREATE_SQL, EXTENSION_DATA_CREATE_SQL_PG, EXTENSION_DATA_ITEM_INDEX_SQL, EXTENSION_DATA_ITEM_INDEX_SQL_PG, EXTENSION_DATA_DROP_OLD_INDEX_SQL, EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG, EXTENSIONS_OWNER_INDEX_SQL, EXTENSIONS_ORG_INDEX_SQL, EXTENSION_SHARES_RESOURCE_INDEX_SQL, EXTENSION_CONSENTS_CREATE_SQL, EXTENSION_CONSENTS_CREATE_SQL_PG, EXTENSION_CONSENTS_VIEWER_INDEX_SQL, } from "./schema.js";
+const getDb = createGetDb({ extensions, extensionShares });
 let _initPromise;
-export async function ensureToolsTables() {
+export async function ensureExtensionsTables() {
     if (!_initPromise) {
         _initPromise = (async () => {
             const client = getDbExec();
             const pg = isPostgres();
-            await retryOnDdlRace(() => client.execute(pg ? TOOLS_CREATE_SQL_PG : TOOLS_CREATE_SQL));
-            await retryOnDdlRace(() => client.execute(pg ? TOOL_SHARES_CREATE_SQL_PG : TOOL_SHARES_CREATE_SQL));
-            await retryOnDdlRace(() => client.execute(pg ? TOOL_DATA_CREATE_SQL_PG : TOOL_DATA_CREATE_SQL));
-            await ensureToolDataItemId(client, pg);
-            await ensureToolDataScope(client, pg);
-            await client.execute(pg ? TOOL_DATA_DROP_OLD_INDEX_SQL_PG : TOOL_DATA_DROP_OLD_INDEX_SQL);
-            await retryOnDdlRace(() => client.execute(pg ? TOOL_DATA_ITEM_INDEX_SQL_PG : TOOL_DATA_ITEM_INDEX_SQL));
-            await retryOnDdlRace(() => client.execute(TOOLS_OWNER_INDEX_SQL));
-            await retryOnDdlRace(() => client.execute(TOOLS_ORG_INDEX_SQL));
-            await retryOnDdlRace(() => client.execute(TOOL_SHARES_RESOURCE_INDEX_SQL));
+            await retryOnDdlRace(() => client.execute(pg ? EXTENSIONS_CREATE_SQL_PG : EXTENSIONS_CREATE_SQL));
+            await retryOnDdlRace(() => client.execute(pg ? EXTENSION_SHARES_CREATE_SQL_PG : EXTENSION_SHARES_CREATE_SQL));
+            await retryOnDdlRace(() => client.execute(pg ? EXTENSION_DATA_CREATE_SQL_PG : EXTENSION_DATA_CREATE_SQL));
+            await ensureExtensionDataItemId(client, pg);
+            await ensureExtensionDataScope(client, pg);
+            await client.execute(pg
+                ? EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG
+                : EXTENSION_DATA_DROP_OLD_INDEX_SQL);
+            await retryOnDdlRace(() => client.execute(pg ? EXTENSION_DATA_ITEM_INDEX_SQL_PG : EXTENSION_DATA_ITEM_INDEX_SQL));
+            await retryOnDdlRace(() => client.execute(EXTENSIONS_OWNER_INDEX_SQL));
+            await retryOnDdlRace(() => client.execute(EXTENSIONS_ORG_INDEX_SQL));
+            await retryOnDdlRace(() => client.execute(EXTENSION_SHARES_RESOURCE_INDEX_SQL));
             // tool_consents was introduced for an audit-C1 per-viewer consent
             // gate that we removed once we settled on intra-org trust as the
             // baseline. The table is kept (additive — never drop) so deploys
             // that already created it stay healthy; the runtime consent code
             // is gone. Idempotent CREATE IF NOT EXISTS for fresh schemas.
-            await retryOnDdlRace(() => client.execute(pg ? TOOL_CONSENTS_CREATE_SQL_PG : TOOL_CONSENTS_CREATE_SQL));
-            await retryOnDdlRace(() => client.execute(TOOL_CONSENTS_VIEWER_INDEX_SQL));
+            await retryOnDdlRace(() => client.execute(pg ? EXTENSION_CONSENTS_CREATE_SQL_PG : EXTENSION_CONSENTS_CREATE_SQL));
+            await retryOnDdlRace(() => client.execute(EXTENSION_CONSENTS_VIEWER_INDEX_SQL));
         })();
     }
     return _initPromise;
 }
-async function ensureToolDataItemId(client, pg) {
+async function ensureExtensionDataItemId(client, pg) {
     if (pg) {
         await client.execute(`ALTER TABLE tool_data ADD COLUMN IF NOT EXISTS item_id TEXT`);
         return;
@@ -52,7 +54,7 @@ async function ensureToolDataItemId(client, pg) {
         }
     }
 }
-async function ensureToolDataScope(client, pg) {
+async function ensureExtensionDataScope(client, pg) {
     const addCol = (name, def) => {
         if (pg) {
             return client.execute(`ALTER TABLE tool_data ADD COLUMN IF NOT EXISTS ${name} ${def}`);
@@ -75,31 +77,31 @@ async function ensureToolDataScope(client, pg) {
     // guard:allow-localhost-fallback — one-time backfill migration replacing dev-mode default scope_key with the row's real owner_email
     `UPDATE tool_data SET scope_key = owner_email WHERE scope_key = 'local@localhost' AND owner_email != 'local@localhost'`);
 }
-export function registerToolsShareable() {
+export function registerExtensionsShareable() {
     registerShareableResource({
-        type: "tool",
-        resourceTable: tools,
-        sharesTable: toolShares,
-        displayName: "Tool",
+        type: "extension",
+        resourceTable: extensions,
+        sharesTable: extensionShares,
+        displayName: "Extension",
         titleColumn: "name",
         getDb: () => getDb(),
     });
 }
-export async function listTools() {
-    await ensureToolsTables();
+export async function listExtensions() {
+    await ensureExtensionsTables();
     const db = getDb();
     return db
         .select()
-        .from(tools)
-        .where(accessFilter(tools, toolShares));
+        .from(extensions)
+        .where(accessFilter(extensions, extensionShares));
 }
-export async function getTool(id) {
-    await ensureToolsTables();
-    const access = await resolveAccess("tool", id);
+export async function getExtension(id) {
+    await ensureExtensionsTables();
+    const access = await resolveAccess("extension", id);
     return access?.resource ?? null;
 }
-export async function createTool(data) {
-    await ensureToolsTables();
+export async function createExtension(data) {
+    await ensureExtensionsTables();
     const db = getDb();
     const userEmail = getRequestUserEmail();
     if (!userEmail)
@@ -118,18 +120,18 @@ export async function createTool(data) {
         ownerEmail: userEmail,
         orgId: orgId ?? null,
         // Default to org-visibility when the user has an active organization so
-        // teammates see the tool in their sidebar — matching how analytics
+        // teammates see the extension in their sidebar — matching how analytics
         // dashboards/analyses are scoped (`templates/analytics/server/lib/
         // dashboards-store.ts:356`). Solo users (no org) get the private
-        // default. Owners can still flip back to private via update-tool.
+        // default. Owners can still flip back to private via update-extension.
         visibility: orgId ? "org" : "private",
     };
-    await db.insert(tools).values(row);
+    await db.insert(extensions).values(row);
     return row;
 }
-export async function updateTool(id, data) {
-    await ensureToolsTables();
-    await assertAccess("tool", id, "editor");
+export async function updateExtension(id, data) {
+    await ensureExtensionsTables();
+    await assertAccess("extension", id, "editor");
     const db = getDb();
     const updates = {
         updatedAt: new Date().toISOString(),
@@ -142,20 +144,23 @@ export async function updateTool(id, data) {
         updates.icon = data.icon;
     if (data.visibility !== undefined)
         updates.visibility = data.visibility;
-    await db.update(tools).set(updates).where(eq(tools.id, id));
-    const rows = await db.select().from(tools).where(eq(tools.id, id));
+    await db.update(extensions).set(updates).where(eq(extensions.id, id));
+    const rows = await db.select().from(extensions).where(eq(extensions.id, id));
     return rows[0] ?? null;
 }
-export async function updateToolContent(id, opts) {
-    await ensureToolsTables();
-    await assertAccess("tool", id, "editor");
+export async function updateExtensionContent(id, opts) {
+    await ensureExtensionsTables();
+    await assertAccess("extension", id, "editor");
     const db = getDb();
     let newContent;
     if (opts.content !== undefined) {
         newContent = opts.content;
     }
     else if (opts.patches) {
-        const rows = await db.select().from(tools).where(eq(tools.id, id));
+        const rows = await db
+            .select()
+            .from(extensions)
+            .where(eq(extensions.id, id));
         if (!rows[0])
             return null;
         newContent = rows[0].content;
@@ -167,27 +172,27 @@ export async function updateToolContent(id, opts) {
         return null;
     }
     await db
-        .update(tools)
+        .update(extensions)
         .set({ content: newContent, updatedAt: new Date().toISOString() })
-        .where(eq(tools.id, id));
-    const rows = await db.select().from(tools).where(eq(tools.id, id));
+        .where(eq(extensions.id, id));
+    const rows = await db.select().from(extensions).where(eq(extensions.id, id));
     return rows[0] ?? null;
 }
-export async function deleteTool(id) {
-    await ensureToolsTables();
-    await assertAccess("tool", id, "admin");
+export async function deleteExtension(id) {
+    await ensureExtensionsTables();
+    await assertAccess("extension", id, "admin");
     const db = getDb();
-    const rows = await db.select().from(tools).where(eq(tools.id, id));
+    const rows = await db.select().from(extensions).where(eq(extensions.id, id));
     if (!rows[0])
         return false;
-    await db.delete(toolShares).where(eq(toolShares.resourceId, id));
+    await db.delete(extensionShares).where(eq(extensionShares.resourceId, id));
     await getDbExec().execute({
         sql: `DELETE FROM tool_data WHERE tool_id = ?`,
         args: [id],
     });
-    const { cascadeDeleteToolSlots } = await import("./slots/store.js");
-    await cascadeDeleteToolSlots(id);
-    await db.delete(tools).where(eq(tools.id, id));
+    const { cascadeDeleteExtensionSlots } = await import("./slots/store.js");
+    await cascadeDeleteExtensionSlots(id);
+    await db.delete(extensions).where(eq(extensions.id, id));
     return true;
 }
 //# sourceMappingURL=store.js.map

package/dist/extensions/store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"store.js","sourceRoot":"","sources":["../../src/extensions/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,aAAa,GACd,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,mBAAmB,EACnB,eAAe,GAChB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,yBAAyB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,EACL,UAAU,EACV,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,2BAA2B,EAC3B,8BAA8B,EAC9B,yBAAyB,EACzB,4BAA4B,EAC5B,6BAA6B,EAC7B,gCAAgC,EAChC,iCAAiC,EACjC,oCAAoC,EACpC,0BAA0B,EAC1B,wBAAwB,EACxB,mCAAmC,EACnC,6BAA6B,EAC7B,gCAAgC,EAChC,mCAAmC,GACpC,MAAM,aAAa,CAAC;AAErB,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC,CAAC;AAE3D,IAAI,YAAuC,CAAC;AAE5C,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;YAC3B,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;YACxB,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,wBAAwB,CAAC,CAAC,CAAC,qBAAqB,CAAC,CACtE,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,8BAA8B,CAAC,CAAC,CAAC,2BAA2B,CAClE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,yBAAyB,CAC9D,CACF,CAAC;YACF,MAAM,yBAAyB,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,wBAAwB,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC3C,MAAM,MAAM,CAAC,OAAO,CAClB,EAAE;gBACA,CAAC,CAAC,oCAAoC;gBACtC,CAAC,CAAC,iCAAiC,CACtC,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,6BAA6B,CACtE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CAAC;YACvE,MAAM,cAAc,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC,CAAC;YACrE,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,mCAAmC,CAAC,CACpD,CAAC;YACF,kEAAkE;YAClE,iEAAiE;YACjE,iEAAiE;YACjE,iEAAiE;YACjE,8DAA8D;YAC9D,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CACZ,EAAE,CAAC,CAAC,CAAC,gCAAgC,CAAC,CAAC,CAAC,6BAA6B,CACtE,CACF,CAAC;YACF,MAAM,cAAc,CAAC,GAAG,EAAE,CACxB,MAAM,CAAC,OAAO,CAAC,mCAAmC,CAAC,CACpD,CAAC;QACJ,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,KAAK,UAAU,yBAAyB,CACtC,MAAoC,EACpC,EAAW;IAEX,IAAI,EAAE,EAAE,CAAC;QACP,MAAM,MAAM,CAAC,OAAO,CAClB,6DAA6D,CAC9D,CAAC;QACF,OAAO;IACT,CAAC;IAED,2EAA2E;IAC3E,6EAA6E;IAC7E,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,+CAA+C,CAAC,CAAC;IACxE,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,IACE,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC;aACzB,WAAW,EAAE;aACb,QAAQ,CAAC,WAAW,CAAC,EACxB,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,MAAoC,EACpC,EAAW;IAEX,MAAM,MAAM,GAAG,CAAC,IAAY,EAAE,GAAW,EAAE,EAAE;QAC3C,IAAI,EAAE,EAAE,CAAC;YACP,OAAO,MAAM,CAAC,OAAO,CACnB,kDAAkD,IAAI,IAAI,GAAG,EAAE,CAChE,CAAC;QACJ,CAAC;QACD,OAAO,MAAM;aACV,OAAO,CAAC,oCAAoC,IAAI,IAAI,GAAG,EAAE,CAAC;aAC1D,KAAK,CAAC,CAAC,GAAQ,EAAE,EAAE;YAClB,IACE,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI,GAAG,CAAC;iBACzB,WAAW,EAAE;iBACb,QAAQ,CAAC,WAAW,CAAC;gBAExB,MAAM,GAAG,CAAC;QACd,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;IACF,MAAM,MAAM,CAAC,OAAO,EAAE,8BAA8B,CAAC,CAAC;IACtD,MAAM,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,MAAM,CAAC,WAAW,EAAE,yCAAyC,CAAC,CAAC;IACrE,uEAAuE;IACvE,gEAAgE;IAChE,MAAM,MAAM,CAAC,OAAO;IAClB,oIAAoI;IACpI,uHAAuH,CACxH,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B;IACzC,yBAAyB,CAAC;QACxB,IAAI,EAAE,WAAW;QACjB,aAAa,EAAE,UAAU;QACzB,WAAW,EAAE,eAAe;QAC5B,WAAW,EAAE,WAAW;QACxB,WAAW,EAAE,MAAM;QACnB,KAAK,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE;KACrB,CAAC,CAAC;AACL,CAAC;AAeD,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,OAAO,EAAE;SACN,MAAM,EAAE;SACR,IAAI,CAAC,UAAU,CAAC;SAChB,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,eAAe,CAAC,CAEjD,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,EAAU;IAC3C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACpD,OAAQ,MAAM,EAAE,QAAqC,IAAI,IAAI,CAAC;AAChE,CAAC;AASD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,IAAyB;IAEzB,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,SAAS,GAAG,mBAAmB,EAAE,CAAC;IACxC,IAAI,CAAC,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACzD,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;IACxB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,MAAM,GAAG,GAAiB;QACxB,EAAE;QACF,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;QACnC,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,EAAE;QAC3B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;QACvB,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;QACd,UAAU,EAAE,SAAS;QACrB,KAAK,EAAE,KAAK,IAAI,IAAI;QACpB,wEAAwE;QACxE,wEAAwE;QACxE,mEAAmE;QACnE,iEAAiE;QACjE,uEAAuE;QACvE,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACtC,CAAC;IACF,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACxC,OAAO,GAAG,CAAC;AACb,CAAC;AASD,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,EAAU,EACV,IAAyB;IAEzB,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,OAAO,GAA4B;QACvC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IACF,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS;QAAE,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;IACtD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC;IACxE,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,OAAQ,IAAI,CAAC,CAAC,CAAkB,IAAI,IAAI,CAAC;AAC3C,CAAC;AAOD,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,EAAU,EACV,IAAgC;IAEhC,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IAC9C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IAEnB,IAAI,UAAkB,CAAC;IACvB,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC/B,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC;IAC5B,CAAC;SAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACxB,MAAM,IAAI,GAAG,MAAM,EAAE;aAClB,MAAM,EAAE;aACR,IAAI,CAAC,UAAU,CAAC;aAChB,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAChC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QAC1B,UAAU,GAAI,IAAI,CAAC,CAAC,CAAkB,CAAC,OAAO,CAAC;QAC/C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjC,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE;SACL,MAAM,CAAC,UAAU,CAAC;SAClB,GAAG,CAAC,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC;SACjE,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAChC,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,OAAQ,IAAI,CAAC,CAAC,CAAkB,IAAI,IAAI,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,EAAU;IAC9C,MAAM,sBAAsB,EAAE,CAAC;IAC/B,MAAM,YAAY,CAAC,WAAW,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IAC7C,MAAM,EAAE,GAAG,KAAK,EAAE,CAAC;IACnB,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7E,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3B,MAAM,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,eAAe,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3E,MAAM,SAAS,EAAE,CAAC,OAAO,CAAC;QACxB,GAAG,EAAE,yCAAyC;QAC9C,IAAI,EAAE,CAAC,EAAE,CAAC;KACX,CAAC,CAAC;IACH,MAAM,EAAE,2BAA2B,EAAE,GAAG,MAAM,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACzE,MAAM,2BAA2B,CAAC,EAAE,CAAC,CAAC;IACtC,MAAM,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,IAAI,CAAC;AACd,CAAC","sourcesContent":["import { randomUUID } from \"node:crypto\";\nimport { eq } from \"drizzle-orm\";\nimport { getDbExec, isPostgres, retryOnDdlRace } from \"../db/client.js\";\nimport { createGetDb } from \"../db/create-get-db.js\";\nimport {\n  accessFilter,\n  assertAccess,\n  resolveAccess,\n} from \"../sharing/access.js\";\nimport {\n  getRequestUserEmail,\n  getRequestOrgId,\n} from \"../server/request-context.js\";\nimport { registerShareableResource } from \"../sharing/registry.js\";\nimport {\n  extensions,\n  extensionShares,\n  EXTENSIONS_CREATE_SQL,\n  EXTENSIONS_CREATE_SQL_PG,\n  EXTENSION_SHARES_CREATE_SQL,\n  EXTENSION_SHARES_CREATE_SQL_PG,\n  EXTENSION_DATA_CREATE_SQL,\n  EXTENSION_DATA_CREATE_SQL_PG,\n  EXTENSION_DATA_ITEM_INDEX_SQL,\n  EXTENSION_DATA_ITEM_INDEX_SQL_PG,\n  EXTENSION_DATA_DROP_OLD_INDEX_SQL,\n  EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG,\n  EXTENSIONS_OWNER_INDEX_SQL,\n  EXTENSIONS_ORG_INDEX_SQL,\n  EXTENSION_SHARES_RESOURCE_INDEX_SQL,\n  EXTENSION_CONSENTS_CREATE_SQL,\n  EXTENSION_CONSENTS_CREATE_SQL_PG,\n  EXTENSION_CONSENTS_VIEWER_INDEX_SQL,\n} from \"./schema.js\";\n\nconst getDb = createGetDb({ extensions, extensionShares });\n\nlet _initPromise: Promise<void> | undefined;\n\nexport async function ensureExtensionsTables(): Promise<void> {\n  if (!_initPromise) {\n    _initPromise = (async () => {\n      const client = getDbExec();\n      const pg = isPostgres();\n      await retryOnDdlRace(() =>\n        client.execute(pg ? EXTENSIONS_CREATE_SQL_PG : EXTENSIONS_CREATE_SQL),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_SHARES_CREATE_SQL_PG : EXTENSION_SHARES_CREATE_SQL,\n        ),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_DATA_CREATE_SQL_PG : EXTENSION_DATA_CREATE_SQL,\n        ),\n      );\n      await ensureExtensionDataItemId(client, pg);\n      await ensureExtensionDataScope(client, pg);\n      await client.execute(\n        pg\n          ? EXTENSION_DATA_DROP_OLD_INDEX_SQL_PG\n          : EXTENSION_DATA_DROP_OLD_INDEX_SQL,\n      );\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_DATA_ITEM_INDEX_SQL_PG : EXTENSION_DATA_ITEM_INDEX_SQL,\n        ),\n      );\n      await retryOnDdlRace(() => client.execute(EXTENSIONS_OWNER_INDEX_SQL));\n      await retryOnDdlRace(() => client.execute(EXTENSIONS_ORG_INDEX_SQL));\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_SHARES_RESOURCE_INDEX_SQL),\n      );\n      // tool_consents was introduced for an audit-C1 per-viewer consent\n      // gate that we removed once we settled on intra-org trust as the\n      // baseline. The table is kept (additive — never drop) so deploys\n      // that already created it stay healthy; the runtime consent code\n      // is gone. Idempotent CREATE IF NOT EXISTS for fresh schemas.\n      await retryOnDdlRace(() =>\n        client.execute(\n          pg ? EXTENSION_CONSENTS_CREATE_SQL_PG : EXTENSION_CONSENTS_CREATE_SQL,\n        ),\n      );\n      await retryOnDdlRace(() =>\n        client.execute(EXTENSION_CONSENTS_VIEWER_INDEX_SQL),\n      );\n    })();\n  }\n  return _initPromise;\n}\n\nasync function ensureExtensionDataItemId(\n  client: ReturnType<typeof getDbExec>,\n  pg: boolean,\n): Promise<void> {\n  if (pg) {\n    await client.execute(\n      `ALTER TABLE tool_data ADD COLUMN IF NOT EXISTS item_id TEXT`,\n    );\n    return;\n  }\n\n  // Keep this additive: legacy rows with item_id=id are still read correctly\n  // through COALESCE(item_id, id), so SQLite never needs a table rebuild here.\n  try {\n    await client.execute(`ALTER TABLE tool_data ADD COLUMN item_id TEXT`);\n  } catch (err: any) {\n    if (\n      !String(err?.message ?? err)\n        .toLowerCase()\n        .includes(\"duplicate\")\n    ) {\n      throw err;\n    }\n  }\n}\n\nasync function ensureExtensionDataScope(\n  client: ReturnType<typeof getDbExec>,\n  pg: boolean,\n): Promise<void> {\n  const addCol = (name: string, def: string) => {\n    if (pg) {\n      return client.execute(\n        `ALTER TABLE tool_data ADD COLUMN IF NOT EXISTS ${name} ${def}`,\n      );\n    }\n    return client\n      .execute(`ALTER TABLE tool_data ADD COLUMN ${name} ${def}`)\n      .catch((err: any) => {\n        if (\n          !String(err?.message ?? err)\n            .toLowerCase()\n            .includes(\"duplicate\")\n        )\n          throw err;\n      });\n  };\n  await addCol(\"scope\", \"TEXT NOT NULL DEFAULT 'user'\");\n  await addCol(\"org_id\", \"TEXT\");\n  await addCol(\"scope_key\", \"TEXT NOT NULL DEFAULT 'local@localhost'\");\n  // One-time backfill migration: replaces the dev-mode DEFAULT scope_key\n  // with each row's real owner_email. Not a per-request fallback.\n  await client.execute(\n    // guard:allow-localhost-fallback — one-time backfill migration replacing dev-mode default scope_key with the row's real owner_email\n    `UPDATE tool_data SET scope_key = owner_email WHERE scope_key = 'local@localhost' AND owner_email != 'local@localhost'`,\n  );\n}\n\nexport function registerExtensionsShareable() {\n  registerShareableResource({\n    type: \"extension\",\n    resourceTable: extensions,\n    sharesTable: extensionShares,\n    displayName: \"Extension\",\n    titleColumn: \"name\",\n    getDb: () => getDb(),\n  });\n}\n\nexport interface ExtensionRow {\n  id: string;\n  name: string;\n  description: string;\n  content: string;\n  icon: string | null;\n  createdAt: string;\n  updatedAt: string;\n  ownerEmail: string;\n  orgId: string | null;\n  visibility: \"private\" | \"org\" | \"public\";\n}\n\nexport async function listExtensions(): Promise<ExtensionRow[]> {\n  await ensureExtensionsTables();\n  const db = getDb();\n  return db\n    .select()\n    .from(extensions)\n    .where(accessFilter(extensions, extensionShares)) as Promise<\n    ExtensionRow[]\n  >;\n}\n\nexport async function getExtension(id: string): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  const access = await resolveAccess(\"extension\", id);\n  return (access?.resource as ExtensionRow | undefined) ?? null;\n}\n\nexport interface CreateExtensionData {\n  name: string;\n  description?: string;\n  content?: string;\n  icon?: string;\n}\n\nexport async function createExtension(\n  data: CreateExtensionData,\n): Promise<ExtensionRow> {\n  await ensureExtensionsTables();\n  const db = getDb();\n  const userEmail = getRequestUserEmail();\n  if (!userEmail) throw new Error(\"no authenticated user\");\n  const orgId = getRequestOrgId();\n  const id = randomUUID();\n  const now = new Date().toISOString();\n  const row: ExtensionRow = {\n    id,\n    name: data.name,\n    description: data.description ?? \"\",\n    content: data.content ?? \"\",\n    icon: data.icon ?? null,\n    createdAt: now,\n    updatedAt: now,\n    ownerEmail: userEmail,\n    orgId: orgId ?? null,\n    // Default to org-visibility when the user has an active organization so\n    // teammates see the extension in their sidebar — matching how analytics\n    // dashboards/analyses are scoped (`templates/analytics/server/lib/\n    // dashboards-store.ts:356`). Solo users (no org) get the private\n    // default. Owners can still flip back to private via update-extension.\n    visibility: orgId ? \"org\" : \"private\",\n  };\n  await db.insert(extensions).values(row);\n  return row;\n}\n\nexport interface UpdateExtensionData {\n  name?: string;\n  description?: string;\n  icon?: string;\n  visibility?: \"private\" | \"org\" | \"public\";\n}\n\nexport async function updateExtension(\n  id: string,\n  data: UpdateExtensionData,\n): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"editor\");\n  const db = getDb();\n  const updates: Record<string, unknown> = {\n    updatedAt: new Date().toISOString(),\n  };\n  if (data.name !== undefined) updates.name = data.name;\n  if (data.description !== undefined) updates.description = data.description;\n  if (data.icon !== undefined) updates.icon = data.icon;\n  if (data.visibility !== undefined) updates.visibility = data.visibility;\n  await db.update(extensions).set(updates).where(eq(extensions.id, id));\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  return (rows[0] as ExtensionRow) ?? null;\n}\n\nexport interface UpdateExtensionContentOpts {\n  content?: string;\n  patches?: Array<{ find: string; replace: string }>;\n}\n\nexport async function updateExtensionContent(\n  id: string,\n  opts: UpdateExtensionContentOpts,\n): Promise<ExtensionRow | null> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"editor\");\n  const db = getDb();\n\n  let newContent: string;\n  if (opts.content !== undefined) {\n    newContent = opts.content;\n  } else if (opts.patches) {\n    const rows = await db\n      .select()\n      .from(extensions)\n      .where(eq(extensions.id, id));\n    if (!rows[0]) return null;\n    newContent = (rows[0] as ExtensionRow).content;\n    for (const patch of opts.patches) {\n      newContent = newContent.replace(patch.find, patch.replace);\n    }\n  } else {\n    return null;\n  }\n\n  await db\n    .update(extensions)\n    .set({ content: newContent, updatedAt: new Date().toISOString() })\n    .where(eq(extensions.id, id));\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  return (rows[0] as ExtensionRow) ?? null;\n}\n\nexport async function deleteExtension(id: string): Promise<boolean> {\n  await ensureExtensionsTables();\n  await assertAccess(\"extension\", id, \"admin\");\n  const db = getDb();\n  const rows = await db.select().from(extensions).where(eq(extensions.id, id));\n  if (!rows[0]) return false;\n  await db.delete(extensionShares).where(eq(extensionShares.resourceId, id));\n  await getDbExec().execute({\n    sql: `DELETE FROM tool_data WHERE tool_id = ?`,\n    args: [id],\n  });\n  const { cascadeDeleteExtensionSlots } = await import(\"./slots/store.js\");\n  await cascadeDeleteExtensionSlots(id);\n  await db.delete(extensions).where(eq(extensions.id, id));\n  return true;\n}\n"]}

package/dist/extensions/theme.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"theme.d.ts","sourceRoot":"","sources":["../../src/extensions/theme.ts"],"names":[],"mappings":"AAAA,wBAAgB,YAAY,CAAC,MAAM,CAAC,EAAE,OAAO,GAAG,MAAM,CAkErD"}

package/dist/extensions/theme.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"theme.js","sourceRoot":"","sources":["../../src/extensions/theme.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,YAAY,CAAC,MAAgB;IAC3C,IAAI,MAAM,EAAE,CAAC;QACX,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA8BT,CAAC;IACD,CAAC;IAED,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA8BP,CAAC;AACH,CAAC","sourcesContent":["export function getThemeVars(isDark?: boolean): string {\n  if (isDark) {\n    return `\n:root {\n  --background: 240 10% 3.9%;\n  --foreground: 0 0% 98%;\n  --card: 240 10% 3.9%;\n  --card-foreground: 0 0% 98%;\n  --popover: 240 10% 3.9%;\n  --popover-foreground: 0 0% 98%;\n  --primary: 0 0% 98%;\n  --primary-foreground: 240 5.9% 10%;\n  --secondary: 240 3.7% 15.9%;\n  --secondary-foreground: 0 0% 98%;\n  --muted: 240 3.7% 15.9%;\n  --muted-foreground: 240 5% 64.9%;\n  --accent: 240 3.7% 15.9%;\n  --accent-foreground: 0 0% 98%;\n  --destructive: 0 62.8% 30.6%;\n  --destructive-foreground: 0 0% 98%;\n  --border: 240 3.7% 15.9%;\n  --input: 240 3.7% 15.9%;\n  --ring: 240 4.9% 83.9%;\n  --radius: 0.5rem;\n  --sidebar-background: 240 5.9% 10%;\n  --sidebar-foreground: 240 4.8% 95.9%;\n  --sidebar-primary: 224.3 76.3% 48%;\n  --sidebar-primary-foreground: 0 0% 100%;\n  --sidebar-accent: 240 3.7% 15.9%;\n  --sidebar-accent-foreground: 240 4.8% 95.9%;\n  --sidebar-border: 240 3.7% 15.9%;\n  --sidebar-ring: 240 4.9% 83.9%;\n}`;\n  }\n\n  return `\n:root {\n  --background: 0 0% 100%;\n  --foreground: 240 10% 3.9%;\n  --card: 0 0% 100%;\n  --card-foreground: 240 10% 3.9%;\n  --popover: 0 0% 100%;\n  --popover-foreground: 240 10% 3.9%;\n  --primary: 240 5.9% 10%;\n  --primary-foreground: 0 0% 98%;\n  --secondary: 240 4.8% 95.9%;\n  --secondary-foreground: 240 5.9% 10%;\n  --muted: 240 4.8% 95.9%;\n  --muted-foreground: 240 3.8% 46.1%;\n  --accent: 240 4.8% 95.9%;\n  --accent-foreground: 240 5.9% 10%;\n  --destructive: 0 84.2% 60.2%;\n  --destructive-foreground: 0 0% 98%;\n  --border: 240 5.9% 90%;\n  --input: 240 5.9% 90%;\n  --ring: 240 5.9% 10%;\n  --radius: 0.5rem;\n  --sidebar-background: 0 0% 98%;\n  --sidebar-foreground: 240 5.3% 26.1%;\n  --sidebar-primary: 240 5.9% 10%;\n  --sidebar-primary-foreground: 0 0% 98%;\n  --sidebar-accent: 240 4.8% 95.9%;\n  --sidebar-accent-foreground: 240 5.9% 10%;\n  --sidebar-border: 220 13% 91%;\n  --sidebar-ring: 240 5.9% 10%;\n}`;\n}\n"]}

package/dist/{tools → extensions}/url-safety.d.ts

@@ -1,10 +1,10 @@
-export declare function isBlockedToolUrl(url: string): boolean;
+export declare function isBlockedExtensionUrl(url: string): boolean;
 /**
  * Async SSRF guard for environments that can resolve DNS. The synchronous
  * guard catches literals and known rebinding domains; this closes the common
  * "public hostname resolves to a private address" gap before dispatch.
  */
-export declare function isBlockedToolUrlWithDns(url: string): Promise<boolean>;
+export declare function isBlockedExtensionUrlWithDns(url: string): Promise<boolean>;
 /**
  * Build an undici Dispatcher whose connect-time DNS lookup runs through a
  * private-IP guard. This closes the TOCTOU gap where:
@@ -18,7 +18,9 @@ export declare function isBlockedToolUrlWithDns(url: string): Promise<boolean>;
  *
  * Returns `null` if undici / node:dns are not available (e.g. some edge
  * runtimes); the caller should fall back to the regular `fetch` path —
- * `isBlockedToolUrlWithDns` will still have caught most rebinding cases.
+ * `isBlockedExtensionUrlWithDns` will still have caught most rebinding cases.
  */
 export declare function createSsrfSafeDispatcher(): Promise<unknown | null>;
+export { isBlockedExtensionUrl as isBlockedToolUrl };
+export { isBlockedExtensionUrlWithDns as isBlockedToolUrlWithDns };
 //# sourceMappingURL=url-safety.d.ts.map

package/dist/extensions/url-safety.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-safety.d.ts","sourceRoot":"","sources":["../../src/extensions/url-safety.ts"],"names":[],"mappings":"AA4FA,wBAAgB,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAoB1D;AASD;;;;GAIG;AACH,wBAAsB,4BAA4B,CAChD,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,OAAO,CAAC,CAoBlB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CA+DxE;AAQD,OAAO,EAAE,qBAAqB,IAAI,gBAAgB,EAAE,CAAC;AACrD,OAAO,EAAE,4BAA4B,IAAI,uBAAuB,EAAE,CAAC"}

package/dist/{tools → extensions}/url-safety.js

@@ -101,7 +101,7 @@ function isPrivateHost(hostname) {
     }
     return false;
 }
-export function isBlockedToolUrl(url) {
+export function isBlockedExtensionUrl(url) {
     try {
         const parsed = new URL(url);
         if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
@@ -134,8 +134,8 @@ function isIpLiteralHost(hostname) {
  * guard catches literals and known rebinding domains; this closes the common
  * "public hostname resolves to a private address" gap before dispatch.
  */
-export async function isBlockedToolUrlWithDns(url) {
-    if (isBlockedToolUrl(url))
+export async function isBlockedExtensionUrlWithDns(url) {
+    if (isBlockedExtensionUrl(url))
         return true;
     let hostname;
     try {
@@ -170,7 +170,7 @@ export async function isBlockedToolUrlWithDns(url) {
  *
  * Returns `null` if undici / node:dns are not available (e.g. some edge
  * runtimes); the caller should fall back to the regular `fetch` path —
- * `isBlockedToolUrlWithDns` will still have caught most rebinding cases.
+ * `isBlockedExtensionUrlWithDns` will still have caught most rebinding cases.
  */
 export async function createSsrfSafeDispatcher() {
     // Dynamic import + `any`: undici is not a direct dependency, so the type
@@ -221,4 +221,11 @@ export async function createSsrfSafeDispatcher() {
         },
     });
 }
+// ─────────────────────────────────────────────────────────────────────────────
+// Legacy aliases — predate the Tools → Extensions rename. Templates import
+// these via the legacy `@agent-native/core/tools/url-safety` subpath; keep
+// the names exported so they keep resolving until every consumer updates.
+// ─────────────────────────────────────────────────────────────────────────────
+export { isBlockedExtensionUrl as isBlockedToolUrl };
+export { isBlockedExtensionUrlWithDns as isBlockedToolUrlWithDns };
 //# sourceMappingURL=url-safety.js.map

package/dist/extensions/url-safety.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"url-safety.js","sourceRoot":"","sources":["../../src/extensions/url-safety.ts"],"names":[],"mappings":"AAAA,MAAM,cAAc,GAAG;IACrB,0BAA0B;IAC1B,2BAA2B;CAC5B,CAAC;AAEF,MAAM,mBAAmB,GAAG;IAC1B,SAAS;IACT,WAAW;IACX,SAAS;IACT,eAAe;IACf,SAAS;CACV,CAAC;AAEF,SAAS,aAAa,CAAC,CAAS,EAAE,CAAS,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC;IACvD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACzE,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC;IAClD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACjD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACnD,IAAI,CAAC,IAAI,GAAG;QAAE,OAAO,IAAI,CAAC;IAC1B,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACvE,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC3C,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,GAAG,MAAM;QAAE,OAAO,KAAK,CAAC;IACvE,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;IAC7B,MAAM,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;IACtB,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;IAC5B,MAAM,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC;IACrB,OAAO,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,aAAa,CAAC,QAAgB;IACrC,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC5D,IACE,IAAI,KAAK,WAAW;QACpB,IAAI,KAAK,KAAK;QACd,IAAI,KAAK,KAAK;QACd,IAAI,KAAK,IAAI,EACb,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAE/C,iCAAiC;IACjC,IAAI,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/D,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAEnC,0EAA0E;IAC1E,oEAAoE;IACpE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnE,IAAI,cAAc,EAAE,CAAC;QACnB,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9D,IAAI,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IAC7C,CAAC;IACD,IAAI,sBAAsB,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9C,wEAAwE;IACxE,6CAA6C;IAC7C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;IAC7C,CAAC;IAED,wBAAwB;IACxB,IAAI,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,EAAE,CAAC;YAClC,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;YAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;YAC9B,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC;YAC7B,MAAM,CAAC,GAAG,GAAG,GAAG,IAAI,CAAC;YACrB,IAAI,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC7C,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,GAAW;IAC/C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC3C,IAAI,aAAa,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACrC,IACE,mBAAmB,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAClC,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC7B,OAAO,IAAI,KAAK,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC,CAAC,EACF,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB;IACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC5D,IAAI,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,GAAW;IAEX,IAAI,qBAAqB,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC;IAE5C,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,QAAQ,IAAI,eAAe,CAAC,QAAQ,CAAC;QAAE,OAAO,KAAK,CAAC;IAEzD,IAAI,CAAC;QACH,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACtE,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,sEAAsE;QACtE,sEAAsE;QACtE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB;IAC5C,yEAAyE;IACzE,wEAAwE;IACxE,yEAAyE;IACzE,IAAI,MAAW,CAAC;IAChB,IAAI,SAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,MAAM,CAAC,QAAkB,CAAC,CAAC;QAC1C,SAAS,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,EAAE,GAAG,SAAS,CAAC;IAC7B,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEnC,OAAO,IAAI,KAAK,CAAC;QACf,OAAO,EAAE;YACP,oEAAoE;YACpE,oEAAoE;YACpE,gCAAgC;YAChC,MAAM,EAAE,CACN,QAAgB,EAChB,OAAY,EACZ,QAIS,EACT,EAAE;gBACF,MAAM,CACJ,QAAQ,EACR,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAC7B,CAAC,GAAiC,EAAE,SAAc,EAAE,EAAE;oBACpD,IAAI,GAAG;wBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;oBAC9B,MAAM,IAAI,GAA0C,KAAK,CAAC,OAAO,CAC/D,SAAS,CACV;wBACC,CAAC,CAAC,SAAS;wBACX,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC;oBACxC,KAAK,MAAM,MAAM,IAAI,IAAI,EAAE,CAAC;wBAC1B,IAAI,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;4BAClC,MAAM,CAAC,GAAG,IAAI,KAAK,CACjB,oBAAoB,QAAQ,gCAAgC,MAAM,CAAC,OAAO,EAAE,CACpD,CAAC;4BAC3B,CAAC,CAAC,IAAI,GAAG,aAAa,CAAC;4BACvB,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;wBACrB,CAAC;oBACH,CAAC;oBACD,gEAAgE;oBAChE,4DAA4D;oBAC5D,iBAAiB;oBACjB,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;wBAC3B,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAW,CAAC,CAAC;oBACrC,CAAC;oBACD,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;oBACtB,OAAO,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;gBACrD,CAAC,CACF,CAAC;YACJ,CAAC;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAED,gFAAgF;AAChF,2EAA2E;AAC3E,2EAA2E;AAC3E,0EAA0E;AAC1E,gFAAgF;AAEhF,OAAO,EAAE,qBAAqB,IAAI,gBAAgB,EAAE,CAAC;AACrD,OAAO,EAAE,4BAA4B,IAAI,uBAAuB,EAAE,CAAC","sourcesContent":["const METADATA_HOSTS = [\n  \"metadata.google.internal\",\n  \"metadata.google.internal.\",\n];\n\nconst DNS_REBIND_SUFFIXES = [\n  \".nip.io\",\n  \".sslip.io\",\n  \".xip.io\",\n  \".localtest.me\",\n  \".lvh.me\",\n];\n\nfunction isPrivateIpv4(a: number, b: number, c = 0, d = 0): boolean {\n  if (![a, b, c, d].every((part) => part >= 0 && part <= 255)) return true;\n  if (a === 127) return true;\n  if (a === 10) return true;\n  if (a === 172 && b >= 16 && b <= 31) return true;\n  if (a === 192 && b === 168) return true;\n  if (a === 169 && b === 254) return true;\n  if (a === 0) return true;\n  if (a === 100 && b >= 64 && b <= 127) return true;\n  if (a === 192 && b === 0) return true;\n  if (a === 198 && (b === 18 || b === 19)) return true;\n  if (a === 192 && b === 0 && c === 2) return true;\n  if (a === 198 && b === 51 && c === 100) return true;\n  if (a === 203 && b === 0 && c === 113) return true;\n  if (a >= 224) return true;\n  return false;\n}\n\nfunction isPrivateIpv4MappedHex(host: string): boolean {\n  const mapped = host.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);\n  if (!mapped) return false;\n  const high = Number.parseInt(mapped[1], 16);\n  const low = Number.parseInt(mapped[2], 16);\n  if (high < 0 || high > 0xffff || low < 0 || low > 0xffff) return false;\n  const a = (high >> 8) & 0xff;\n  const b = high & 0xff;\n  const c = (low >> 8) & 0xff;\n  const d = low & 0xff;\n  return isPrivateIpv4(a, b, c, d);\n}\n\nfunction isPrivateHost(hostname: string): boolean {\n  const host = hostname.toLowerCase().replace(/^\\[|\\]$/g, \"\");\n  if (\n    host === \"localhost\" ||\n    host === \"::1\" ||\n    host === \"::0\" ||\n    host === \"::\"\n  ) {\n    return true;\n  }\n  if (METADATA_HOSTS.includes(host)) return true;\n\n  // IPv6 ULA/link-local/multicast.\n  if (/^f[cd]/.test(host) || /^fe[89ab]/.test(host)) return true;\n  if (/^ff/i.test(host)) return true;\n\n  // IPv4-mapped IPv6. URL parsing may preserve dotted form in some runtimes\n  // or normalize it to hex, e.g. [::ffff:127.0.0.1] -> ::ffff:7f00:1.\n  const v4mappedDotted = host.match(/^::ffff:(\\d+\\.\\d+\\.\\d+\\.\\d+)$/);\n  if (v4mappedDotted) {\n    const [a, b, c, d] = v4mappedDotted[1].split(\".\").map(Number);\n    if (isPrivateIpv4(a, b, c, d)) return true;\n  }\n  if (isPrivateIpv4MappedHex(host)) return true;\n\n  // Dotted IPv4. URL parsing normalizes shorthand/octal/hex IPv4 forms to\n  // dotted decimal before we reach this point.\n  const parts = host.split(\".\");\n  if (parts.length === 4 && parts.every((p) => /^\\d+$/.test(p))) {\n    const [a, b, c, d] = parts.map(Number);\n    if (isPrivateIpv4(a, b, c, d)) return true;\n  }\n\n  // Decimal integer IPv4.\n  if (/^\\d+$/.test(host)) {\n    const num = Number(host);\n    if (num >= 0 && num <= 0xffffffff) {\n      const a = (num >>> 24) & 0xff;\n      const b = (num >>> 16) & 0xff;\n      const c = (num >>> 8) & 0xff;\n      const d = num & 0xff;\n      if (isPrivateIpv4(a, b, c, d)) return true;\n    }\n  }\n\n  return false;\n}\n\nexport function isBlockedExtensionUrl(url: string): boolean {\n  try {\n    const parsed = new URL(url);\n    if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") {\n      return true;\n    }\n    const host = parsed.hostname.toLowerCase();\n    if (isPrivateHost(host)) return true;\n    if (\n      DNS_REBIND_SUFFIXES.some((suffix) => {\n        const bare = suffix.slice(1);\n        return host === bare || host.endsWith(suffix);\n      })\n    ) {\n      return true;\n    }\n  } catch {\n    return true;\n  }\n  return false;\n}\n\nfunction isIpLiteralHost(hostname: string): boolean {\n  const host = hostname.toLowerCase().replace(/^\\[|\\]$/g, \"\");\n  if (host.includes(\":\")) return true;\n  const parts = host.split(\".\");\n  return parts.length === 4 && parts.every((p) => /^\\d+$/.test(p));\n}\n\n/**\n * Async SSRF guard for environments that can resolve DNS. The synchronous\n * guard catches literals and known rebinding domains; this closes the common\n * \"public hostname resolves to a private address\" gap before dispatch.\n */\nexport async function isBlockedExtensionUrlWithDns(\n  url: string,\n): Promise<boolean> {\n  if (isBlockedExtensionUrl(url)) return true;\n\n  let hostname: string;\n  try {\n    hostname = new URL(url).hostname.toLowerCase();\n  } catch {\n    return true;\n  }\n  if (!hostname || isIpLiteralHost(hostname)) return false;\n\n  try {\n    const { lookup } = await import(\"node:dns/promises\");\n    const records = await lookup(hostname, { all: true, verbatim: true });\n    return records.some((record) => isPrivateHost(record.address));\n  } catch {\n    // Some edge runtimes do not expose DNS lookup. Keep the deterministic\n    // parser-based protections instead of failing every outbound request.\n    return false;\n  }\n}\n\n/**\n * Build an undici Dispatcher whose connect-time DNS lookup runs through a\n * private-IP guard. This closes the TOCTOU gap where:\n *   1. We resolve hostname → public IP and pass.\n *   2. Between that lookup and the actual connect, DNS rebinding flips the\n *      record to a private IP.\n *   3. fetch() resolves again and connects to the private IP.\n *\n * With a custom dispatcher, the same lookup that produces the IP also gates\n * the connect: if the IP is in the private set, the connect throws.\n *\n * Returns `null` if undici / node:dns are not available (e.g. some edge\n * runtimes); the caller should fall back to the regular `fetch` path —\n * `isBlockedExtensionUrlWithDns` will still have caught most rebinding cases.\n */\nexport async function createSsrfSafeDispatcher(): Promise<unknown | null> {\n  // Dynamic import + `any`: undici is not a direct dependency, so the type\n  // declarations may not resolve. The runtime path is still safe — if the\n  // import throws we return null and the caller falls back to plain fetch.\n  let undici: any;\n  let dnsModule: any;\n  try {\n    undici = await import(\"undici\" as string);\n    dnsModule = await import(\"node:dns\");\n  } catch {\n    return null;\n  }\n\n  const { Agent } = undici;\n  const { lookup } = dnsModule;\n  if (!Agent || !lookup) return null;\n\n  return new Agent({\n    connect: {\n      // Override DNS lookup at connect time so the IP we hand to undici's\n      // socket is the one we authorized. Reject any record in the private\n      // set BEFORE the TCP handshake.\n      lookup: (\n        hostname: string,\n        options: any,\n        callback: (\n          err: NodeJS.ErrnoException | null,\n          address?: string | { address: string; family: number }[],\n          family?: number,\n        ) => void,\n      ) => {\n        lookup(\n          hostname,\n          { all: true, verbatim: true },\n          (err: NodeJS.ErrnoException | null, addresses: any) => {\n            if (err) return callback(err);\n            const list: { address: string; family: number }[] = Array.isArray(\n              addresses,\n            )\n              ? addresses\n              : [{ address: addresses, family: 4 }];\n            for (const record of list) {\n              if (isPrivateHost(record.address)) {\n                const e = new Error(\n                  `Connect blocked: ${hostname} resolved to private address ${record.address}`,\n                ) as NodeJS.ErrnoException;\n                e.code = \"EAI_BLOCKED\";\n                return callback(e);\n              }\n            }\n            // Mirror Node's lookup behavior: when `all` is true, return the\n            // array; otherwise the first entry. undici's connect honors\n            // `options.all`.\n            if (options && options.all) {\n              return callback(null, list as any);\n            }\n            const first = list[0];\n            return callback(null, first.address, first.family);\n          },\n        );\n      },\n    },\n  });\n}\n\n// ─────────────────────────────────────────────────────────────────────────────\n// Legacy aliases — predate the Tools → Extensions rename. Templates import\n// these via the legacy `@agent-native/core/tools/url-safety` subpath; keep\n// the names exported so they keep resolving until every consumer updates.\n// ─────────────────────────────────────────────────────────────────────────────\n\nexport { isBlockedExtensionUrl as isBlockedToolUrl };\nexport { isBlockedExtensionUrlWithDns as isBlockedToolUrlWithDns };\n"]}

package/dist/server/agent-chat-plugin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent-chat-plugin.d.ts","sourceRoot":"","sources":["../../src/server/agent-chat-plugin.ts"],"names":[],"mappings":"AAaA,OAAO,EAUL,KAAK,WAAW,EACjB,MAAM,8BAA8B,CAAC;AAKtC,OAAO,KAAK,EACV,cAAc,EAEd,eAAe,EAEhB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAUjB,MAAM,wBAAwB,CAAC;AA4ChC,OAAO,EAGL,KAAK,0BAA0B,EAC/B,KAAK,oBAAoB,EAC1B,MAAM,6BAA6B,CAAC;AAkIrC,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,SAAS,cAAc,EAAE,EACjC,WAAW,EAAE,SAAS,oBAAoB,EAAE,EAC5C,OAAO,GAAE,0BAA0B,GAAG;IAAE,KAAK,CAAC,EAAE,GAAG,CAAA;CAAO,GACzD;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAO7C;AAmiCD,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,sBAAsB;IACrC,+DAA+D;IAC/D,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,wCAAwC;IACxC,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;sDAGkD;IAClD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,MAAM,CAAC,EACH,OAAO,0BAA0B,EAAE,WAAW,GAC9C,MAAM,GACN;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;IACtD,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,gBAAgB,CAAC,EACb,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClD,kFAAkF;IAClF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACtE;;;;;;;;;;;;;;OAcG;IACH,YAAY,CAAC,EAAE,CACb,KAAK,EAAE,GAAG,EACV,KAAK,EAAE,MAAM,KACV,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5C;;;;;;;;;;;;;;OAcG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAkwBD,wBAAgB,qBAAqB,CACnC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,cAAc,CAigFhB;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,EAAE,cAAwC,CAAC;AAa9E,yEAAyE;AACzE,wBAAgB,mBAAmB,IAAI,gBAAgB,GAAG,IAAI,CAE7D"}
+{"version":3,"file":"agent-chat-plugin.d.ts","sourceRoot":"","sources":["../../src/server/agent-chat-plugin.ts"],"names":[],"mappings":"AAaA,OAAO,EAUL,KAAK,WAAW,EACjB,MAAM,8BAA8B,CAAC;AAKtC,OAAO,KAAK,EACV,cAAc,EAEd,eAAe,EAEhB,MAAM,mBAAmB,CAAC;AAG3B,OAAO,EACL,gBAAgB,EAUjB,MAAM,wBAAwB,CAAC;AA4ChC,OAAO,EAGL,KAAK,0BAA0B,EAC/B,KAAK,oBAAoB,EAC1B,MAAM,6BAA6B,CAAC;AAkIrC,wBAAgB,wBAAwB,CACtC,MAAM,EAAE,SAAS,cAAc,EAAE,EACjC,WAAW,EAAE,SAAS,oBAAoB,EAAE,EAC5C,OAAO,GAAE,0BAA0B,GAAG;IAAE,KAAK,CAAC,EAAE,GAAG,CAAA;CAAO,GACzD;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAO7C;AAmiCD,KAAK,cAAc,GAAG,CAAC,QAAQ,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;AAE9D,MAAM,WAAW,sBAAsB;IACrC,+DAA+D;IAC/D,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,wCAAwC;IACxC,OAAO,CAAC,EACJ,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,GAC3B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC9C,mEAAmE;IACnE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sDAAsD;IACtD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;sDAGkD;IAClD,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iEAAiE;IACjE,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;;;;OAIG;IACH,MAAM,CAAC,EACH,OAAO,0BAA0B,EAAE,WAAW,GAC9C,MAAM,GACN;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;IACtD,qDAAqD;IACrD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,gBAAgB,CAAC,EACb,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,CAAC,MACG,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IAClD,kFAAkF;IAClF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;;;OASG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACtE;;;;;;;;;;;;;;OAcG;IACH,YAAY,CAAC,EAAE,CACb,KAAK,EAAE,GAAG,EACV,KAAK,EAAE,MAAM,KACV,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC5C;;;;;;;;;;;;;;OAcG;IACH,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB;;;;;;;;;;;;;;;;;;OAkBG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAowBD,wBAAgB,qBAAqB,CACnC,OAAO,CAAC,EAAE,sBAAsB,GAC/B,cAAc,CAmgFhB;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,EAAE,cAAwC,CAAC;AAa9E,yEAAyE;AACzE,wBAAgB,mBAAmB,IAAI,gBAAgB,GAAG,IAAI,CAE7D"}

package/dist/server/agent-chat-plugin.js

@@ -1394,15 +1394,17 @@ The agent and the UI are equal partners — everything the UI can do, you can do
 
 **In production mode, you operate through registered actions exposed as tools.** These are your capabilities — use them to read data, take actions, and help the user. You cannot edit source code or access the filesystem directly. Your tools are the app's API.
 
-### Tools (Mini-Apps) — Use \`create-tool\` for tools / widgets / dashboards
+### Extensions (Mini-Apps) — Use \`create-extension\` for extensions / widgets / dashboards
 
-If the user asks you to create, build, or make a **tool**, **widget**, **dashboard**, **calculator**, **mini-app**, or any small self-contained interactive utility — call \`create-tool\` immediately with a self-contained Alpine.js HTML body. This is **NOT** a code change and does **NOT** go through \`connect-builder\`. Tools are sandboxed mini-apps stored in the database — no source files are touched, no PR is opened, no build is required. The tool appears in the Tools view and can be edited later via \`update-tool\`.
+If the user asks you to create, build, or make an **extension**, **widget**, **dashboard**, **calculator**, **mini-app**, or any small self-contained interactive utility — call \`create-extension\` immediately with a self-contained Alpine.js HTML body. This is **NOT** a code change and does **NOT** go through \`connect-builder\`. Extensions are sandboxed mini-apps stored in the database — no source files are touched, no PR is opened, no build is required. The extension appears in the Extensions view and can be edited later via \`update-extension\`.
 
-When in doubt — if the request mentions "tool", "widget", "dashboard", "calculator", or asks for a small interactive utility — choose \`create-tool\`. Do **not** preface the call with planning text like "let me build the dashboard…" — just call \`create-tool\` directly. One tool call, one response.
+When in doubt — if the request mentions "extension", "widget", "dashboard", "calculator", or asks for a small interactive utility — choose \`create-extension\`. Do **not** preface the call with planning text like "let me build the dashboard…" — just call \`create-extension\` directly. One tool call, one response.
+
+Note: "extension" is the user-facing primitive (the sandboxed Alpine.js mini-app). Don't confuse it with the LLM concept of "tools" (function calls) — those are how you invoke ANY action, including \`create-extension\` itself.
 
 ### Code Changes Not Available — Call \`connect-builder\` Immediately
 
-If the request matches the Tools section above (tool / widget / dashboard / calculator / mini-app), use \`create-tool\` instead — do NOT route it to \`connect-builder\`.
+If the request matches the Extensions section above (extension / widget / dashboard / calculator / mini-app), use \`create-extension\` instead — do NOT route it to \`connect-builder\`.
 
 When the user asks you to change the UI, modify code, add a feature, fix a bug in the app itself, change styles, add a hook, create a component, add a route, add an integration, or anything else that requires editing source files — you MUST take exactly these steps, in order:
 
@@ -1451,13 +1453,13 @@ The agent and the UI are equal partners — everything the UI can do, you can do
 
 **In production mode, you operate through registered actions exposed as tools.** These are your capabilities — use them to read data, take actions, and help the user. You cannot edit source code or access the filesystem directly. Your tools are the app's API.
 
-### Tools (Mini-Apps) — Use \`create-tool\`
+### Extensions (Mini-Apps) — Use \`create-extension\`
 
-If the user asks for a **tool**, **widget**, **dashboard**, **calculator**, or **mini-app**, call \`create-tool\` immediately with a self-contained Alpine.js HTML body. This is NOT a code change — tools are sandboxed mini-apps stored in the database. Do not preface with "let me build…" — just call \`create-tool\`.
+If the user asks for an **extension**, **widget**, **dashboard**, **calculator**, or **mini-app**, call \`create-extension\` immediately with a self-contained Alpine.js HTML body. This is NOT a code change — extensions are sandboxed mini-apps stored in the database. Do not preface with "let me build…" — just call \`create-extension\`.
 
 ### Code Changes — Call \`connect-builder\`
 
-When the user asks to change the UI, modify code, add a feature, or fix a bug in the app itself — call \`connect-builder\` immediately, passing the user's request as the \`prompt\`. (Tool / widget / dashboard requests use \`create-tool\` instead — see above.) Do NOT write code, list files, make plans, or spawn sub-agents for code changes. Builder handles it in the cloud. Mention \`npx agent-native create <app-name>\` as an offline fallback.
+When the user asks to change the UI, modify code, add a feature, or fix a bug in the app itself — call \`connect-builder\` immediately, passing the user's request as the \`prompt\`. (Extension / widget / dashboard requests use \`create-extension\` instead — see above.) Do NOT write code, list files, make plans, or spawn sub-agents for code changes. Builder handles it in the cloud. Mention \`npx agent-native create <app-name>\` as an offline fallback.
 ${FRAMEWORK_CORE_COMPACT}`;
 const DEV_FRAMEWORK_PROMPT_COMPACT = `## Agent-Native Framework — Development Mode
 
@@ -2082,7 +2084,7 @@ export function createAgentChatPlugin(options) {
             catch { }
             let fetchTool = {};
             try {
-                const { createFetchToolEntry } = await import("../tools/fetch-tool.js");
+                const { createFetchToolEntry } = await import("../extensions/fetch-tool.js");
                 const { resolveKeyReferences, validateUrlAllowlist, getKeyAllowlist } = await import("../secrets/substitution.js");
                 fetchTool = createFetchToolEntry({
                     resolveKeys: async (text) => resolveKeyReferences(text, "user", requireCurrentRunOwner("resolve key references")),
@@ -2100,8 +2102,8 @@ export function createAgentChatPlugin(options) {
             catch { }
             let toolActions = {};
             try {
-                const { createToolActionEntries } = await import("../tools/actions.js");
-                toolActions = createToolActionEntries();
+                const { createExtensionActionEntries } = await import("../extensions/actions.js");
+                toolActions = createExtensionActionEntries();
             }
             catch { }
             const resolveExtraContext = async (event, owner) => {