@agent-native/core 0.8.2 → 0.9.1

package/dist/server/core-routes-plugin.js

@@ -299,7 +299,21 @@ export function createCoreRoutesPlugin(options = {}) {
             if (envStatus.envManaged) {
                 return envStatus;
             }
-            return runWithRequestContext({ userEmail }, async () => {
+            // Pass the user's active orgId so the status read can fall back
+            // to org-scoped credentials. Without it, an admin's org-scope
+            // OAuth result is invisible to every other org member's status
+            // poller and the UI would show "not connected" forever even
+            // though the chat actually resolves the org-shared credential.
+            let orgId = null;
+            try {
+                const { getOrgContext } = await import("../org/context.js");
+                const orgCtx = await getOrgContext(event);
+                orgId = orgCtx.orgId ?? null;
+            }
+            catch {
+                /* org module not present in this template — keep userEmail-only */
+            }
+            return runWithRequestContext({ userEmail, orgId }, async () => {
                 // Per-user OAuth mode: read the user's app_secrets-stored creds.
                 try {
                     const { resolveBuilderCredentials } = await import("./credential-provider.js");
@@ -720,17 +734,28 @@ export function createCoreRoutesPlugin(options = {}) {
             let writeError = null;
             try {
                 const { writeBuilderCredentials } = await import("./credential-provider.js");
-                await writeBuilderCredentials(session.email, {
-                    privateKey,
-                    publicKey,
-                    userId,
-                    orgName,
-                    orgKind,
-                });
+                // Resolve the user's active org / role so the credentials land
+                // at org scope when an owner/admin is connecting (everyone in
+                // the org auto-resolves them on next chat call). Members and
+                // users with no active org silently fall back to user scope.
+                // Failure to read org context is non-fatal — we just keep the
+                // legacy per-user behaviour for that connection.
+                let orgId = null;
+                let role = null;
+                try {
+                    const { getOrgContext } = await import("../org/context.js");
+                    const orgCtx = await getOrgContext(event);
+                    orgId = orgCtx.orgId ?? null;
+                    role = orgCtx.role ?? null;
+                }
+                catch {
+                    /* org module not present in this template — keep user scope */
+                }
+                await writeBuilderCredentials(session.email, { privateKey, publicKey, userId, orgName, orgKind }, { orgId, role });
             }
             catch (err) {
                 writeError = err?.message ?? String(err);
-                console.error("[builder] Failed to persist per-user credentials:", writeError);
+                console.error("[builder] Failed to persist Builder credentials:", writeError);
             }
             if (writeError) {
                 trackBuilderLifecycle("builder connect failed", session.email, {
@@ -800,9 +825,25 @@ export function createCoreRoutesPlugin(options = {}) {
                     envManaged: true,
                 };
             }
-            // Delete per-user Builder credentials from app_secrets.
+            // Mirror the connect-side scope decision so disconnect undoes
+            // exactly what connect wrote: owner/admin connections land at
+            // org scope and tear down at org scope; member or no-org
+            // connections stay user-scoped on both ends. Symmetric, so a
+            // single Disconnect press always reverses what the same user's
+            // Connect press did.
+            let orgId = null;
+            let role = null;
+            try {
+                const { getOrgContext } = await import("../org/context.js");
+                const orgCtx = await getOrgContext(event);
+                orgId = orgCtx.orgId ?? null;
+                role = orgCtx.role ?? null;
+            }
+            catch {
+                /* org module not present — keep user scope */
+            }
             try {
-                await deleteBuilderCredentials(session.email);
+                await deleteBuilderCredentials(session.email, { orgId, role });
             }
             catch (err) {
                 trackBuilderLifecycle("builder disconnect failed", session.email, {
@@ -996,8 +1037,10 @@ export function createCoreRoutesPlugin(options = {}) {
         // is configured (settings row, settings+env, or auto-detected from env).
         // The agent-chat UI uses this to skip the onboarding gate for providers
         // not in the env-status list (OpenRouter, Groq, Ollama, …).
-        getH3App(nitroApp).use(`${P}/agent-engine/status`, defineEventHandler(async () => {
+        getH3App(nitroApp).use(`${P}/agent-engine/status`, defineEventHandler(async (event) => {
             try {
+                const session = await getSession(event).catch(() => null);
+                const userEmail = session?.email;
                 const stored = (await getSetting("agent-engine"));
                 if (isAgentEngineSettingConfigured(stored)) {
                     return {
@@ -1021,7 +1064,7 @@ export function createCoreRoutesPlugin(options = {}) {
                 // their own provider key) may not have any deploy-level env vars
                 // set, so check their per-user secret store before reporting "no
                 // engine configured" and re-showing the onboarding gate.
-                const detectedFromUser = await detectEngineFromUserSecrets();
+                const detectedFromUser = await runWithRequestContext({ userEmail }, () => detectEngineFromUserSecrets());
                 if (detectedFromUser) {
                     return {
                         configured: true,