npm - @agent-native/dispatch - Versions diffs - 0.8.20 → 0.8.23 - Mend

@agent-native/dispatch 0.8.20 → 0.8.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/dist/routes/pages/chat.d.ts +21 -2
package/dist/routes/pages/chat.d.ts.map +1 -1
package/dist/routes/pages/chat.js +12 -3
package/dist/routes/pages/chat.js.map +1 -1
package/dist/routes/pages/overview.d.ts +21 -2
package/dist/routes/pages/overview.d.ts.map +1 -1
package/dist/routes/pages/overview.js +13 -4
package/dist/routes/pages/overview.js.map +1 -1
package/dist/server/lib/dispatch-integrations.d.ts.map +1 -1
package/dist/server/lib/dispatch-integrations.js +27 -3
package/dist/server/lib/dispatch-integrations.js.map +1 -1
package/dist/server/lib/thread-link-preview.d.ts +24 -0
package/dist/server/lib/thread-link-preview.d.ts.map +1 -0
package/dist/server/lib/thread-link-preview.js +176 -0
package/dist/server/lib/thread-link-preview.js.map +1 -0
package/package.json +1 -1
package/src/routes/pages/chat.tsx +20 -3
package/src/routes/pages/overview.tsx +21 -8
package/src/server/lib/dispatch-integrations.spec.ts +69 -0
package/src/server/lib/dispatch-integrations.ts +26 -3
package/src/server/lib/thread-link-preview.spec.ts +129 -0
package/src/server/lib/thread-link-preview.ts +187 -0

package/dist/server/lib/thread-link-preview.js ADDED Viewed

@@ -0,0 +1,176 @@
+import { getRequestContext, getThread } from "@agent-native/core/server";
+const IMAGE_URL_KEYS = new Set([
+    "previewUrl",
+    "thumbnailUrl",
+    "imageUrl",
+    "image",
+    "downloadUrl",
+]);
+const GENERATION_TOOL_NAMES = new Set([
+    "generate-image",
+    "generate-image-batch",
+    "refine-image",
+    "rerun-generation-run",
+]);
+function safeJsonParse(value) {
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return null;
+    }
+}
+function cleanUrlCandidate(value) {
+    return value
+        .trim()
+        .replace(/[),.;\]}]+$/g, "")
+        .replace(/^["'(<]+/g, "");
+}
+function isAbsoluteHttpUrl(value) {
+    try {
+        const url = new URL(value);
+        return url.protocol === "https:" || url.protocol === "http:";
+    }
+    catch {
+        return false;
+    }
+}
+function isImageLikeUrl(value) {
+    try {
+        const url = new URL(value);
+        return (/\.(?:png|jpe?g|webp|gif|avif)(?:$|[?#])/i.test(url.pathname) ||
+            /\/api\/assets\/[^/]+\/content(?:$|[?#])/i.test(url.pathname));
+    }
+    catch {
+        return false;
+    }
+}
+function validPreviewImageUrl(value, key) {
+    if (typeof value !== "string")
+        return null;
+    const candidate = cleanUrlCandidate(value);
+    if (!isAbsoluteHttpUrl(candidate))
+        return null;
+    if (key && IMAGE_URL_KEYS.has(key))
+        return candidate;
+    return isImageLikeUrl(candidate) ? candidate : null;
+}
+function imageUrlFromStructuredValue(value) {
+    if (!value || typeof value !== "object")
+        return null;
+    if (Array.isArray(value)) {
+        for (let i = value.length - 1; i >= 0; i--) {
+            const found = imageUrlFromStructuredValue(value[i]);
+            if (found)
+                return found;
+        }
+        return null;
+    }
+    const record = value;
+    for (const key of IMAGE_URL_KEYS) {
+        const found = validPreviewImageUrl(record[key], key);
+        if (found)
+            return found;
+    }
+    for (const [key, child] of Object.entries(record).reverse()) {
+        const direct = validPreviewImageUrl(child, key);
+        if (direct)
+            return direct;
+        if (child && typeof child === "object") {
+            const nested = imageUrlFromStructuredValue(child);
+            if (nested)
+                return nested;
+        }
+    }
+    return null;
+}
+function imageUrlFromText(value) {
+    const matches = value.match(/https?:\/\/[^\s<>"']+/g);
+    if (!matches)
+        return null;
+    for (let i = matches.length - 1; i >= 0; i--) {
+        const candidate = validPreviewImageUrl(matches[i]);
+        if (candidate)
+            return candidate;
+    }
+    return null;
+}
+export function extractThreadPreviewImageUrl(threadData) {
+    const parsed = safeJsonParse(threadData);
+    if (!parsed || typeof parsed !== "object")
+        return null;
+    const messages = parsed.messages;
+    if (!Array.isArray(messages))
+        return null;
+    for (let messageIndex = messages.length - 1; messageIndex >= 0; messageIndex--) {
+        const entry = messages[messageIndex];
+        const message = entry?.message ?? entry;
+        const content = message?.content;
+        if (!Array.isArray(content))
+            continue;
+        for (let partIndex = content.length - 1; partIndex >= 0; partIndex--) {
+            const part = content[partIndex];
+            const result = typeof part.result === "string" ? part.result : "";
+            if (!result.trim())
+                continue;
+            const toolName = typeof part.toolName === "string" ? part.toolName : "";
+            const parsedResult = safeJsonParse(result);
+            if (parsedResult && GENERATION_TOOL_NAMES.has(toolName)) {
+                const structured = imageUrlFromStructuredValue(parsedResult);
+                if (structured)
+                    return structured;
+            }
+            const fromText = imageUrlFromText(result);
+            if (fromText)
+                return fromText;
+        }
+    }
+    return null;
+}
+function previewDescription(thread) {
+    const preview = thread.preview.trim();
+    if (preview)
+        return preview.slice(0, 180);
+    return "Open this Agent-Native thread in Dispatch.";
+}
+export async function loadThreadLinkPreview(threadId) {
+    const id = threadId?.trim();
+    if (!id)
+        return null;
+    const viewerEmail = getRequestContext()?.userEmail?.trim();
+    if (!viewerEmail)
+        return null;
+    const thread = await getThread(id).catch(() => null);
+    if (!thread)
+        return null;
+    if (thread.ownerEmail !== viewerEmail)
+        return null;
+    const title = thread.title.trim() || "Agent-Native thread";
+    return {
+        title,
+        description: previewDescription(thread),
+        imageUrl: extractThreadPreviewImageUrl(thread.threadData),
+    };
+}
+export function buildThreadLinkPreviewMeta(preview) {
+    const title = preview?.title ? `${preview.title} - Dispatch` : "Dispatch";
+    const description = preview?.description ||
+        "Open this Agent-Native thread in the Dispatch workspace.";
+    const image = preview?.imageUrl ?? null;
+    return [
+        { title },
+        { name: "description", content: description },
+        { property: "og:title", content: title },
+        { property: "og:description", content: description },
+        { property: "og:type", content: "website" },
+        ...(image ? [{ property: "og:image", content: image }] : []),
+        {
+            name: "twitter:card",
+            content: image ? "summary_large_image" : "summary",
+        },
+        { name: "twitter:title", content: title },
+        { name: "twitter:description", content: description },
+        ...(image ? [{ name: "twitter:image", content: image }] : []),
+    ];
+}
+//# sourceMappingURL=thread-link-preview.js.map

package/dist/server/lib/thread-link-preview.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"thread-link-preview.js","sourceRoot":"","sources":["../../../src/server/lib/thread-link-preview.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAQzE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,YAAY;IACZ,cAAc;IACd,UAAU;IACV,OAAO;IACP,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,gBAAgB;IAChB,sBAAsB;IACtB,cAAc;IACd,sBAAsB;CACvB,CAAC,CAAC;AAEH,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK;SACT,IAAI,EAAE;SACN,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;SAC3B,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,CACL,0CAA0C,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;YAC7D,0CAA0C,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAC9D,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc,EAAE,GAAY;IACxD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3C,MAAM,SAAS,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IACrD,OAAO,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;AACtD,CAAC;AAED,SAAS,2BAA2B,CAAC,KAAc;IACjD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,2BAA2B,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACpD,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,KAAgC,CAAC;IAChD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,oBAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACrD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5D,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAChD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,2BAA2B,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7C,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;IAClC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,UAAkB;IAElB,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,QAAQ,GAAI,MAAiC,CAAC,QAAQ,CAAC;IAC7D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,KACE,IAAI,YAAY,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,EACtC,YAAY,IAAI,CAAC,EACjB,YAAY,EAAE,EACd,CAAC;QACD,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAY,CAAQ,CAAC;QAC5C,MAAM,OAAO,GAAG,KAAK,EAAE,OAAO,IAAI,KAAK,CAAC;QACxC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,SAAS;QAEtC,KAAK,IAAI,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,SAAS,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,CAAC;YACrE,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAA4B,CAAC;YAC3D,MAAM,MAAM,GAAG,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;gBAAE,SAAS;YAE7B,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YACxE,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,YAAY,IAAI,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACxD,MAAM,UAAU,GAAG,2BAA2B,CAAC,YAAY,CAAC,CAAC;gBAC7D,IAAI,UAAU;oBAAE,OAAO,UAAU,CAAC;YACpC,CAAC;YAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QAChC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAkB;IAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1C,OAAO,4CAA4C,CAAC;AACtD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAAmC;IAEnC,MAAM,EAAE,GAAG,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IACrB,MAAM,WAAW,GAAG,iBAAiB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC3D,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACrD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,qBAAqB,CAAC;IAC3D,OAAO;QACL,KAAK;QACL,WAAW,EAAE,kBAAkB,CAAC,MAAM,CAAC;QACvC,QAAQ,EAAE,4BAA4B,CAAC,MAAM,CAAC,UAAU,CAAC;KAC1D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,OAAiC;IAC1E,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC;IAC1E,MAAM,WAAW,GACf,OAAO,EAAE,WAAW;QACpB,0DAA0D,CAAC;IAC7D,MAAM,KAAK,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;IACxC,OAAO;QACL,EAAE,KAAK,EAAE;QACT,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE;QAC7C,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE;QACxC,EAAE,QAAQ,EAAE,gBAAgB,EAAE,OAAO,EAAE,WAAW,EAAE;QACpD,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE;QAC3C,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D;YACE,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS;SACnD;QACD,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE;QACzC,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,WAAW,EAAE;QACrD,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC;AACJ,CAAC","sourcesContent":["import type { ChatThread } from \"@agent-native/core/server\";\nimport { getRequestContext, getThread } from \"@agent-native/core/server\";\n\nexport interface ThreadLinkPreview {\n title: string;\n description: string;\n imageUrl: string | null;\n}\n\nconst IMAGE_URL_KEYS = new Set([\n \"previewUrl\",\n \"thumbnailUrl\",\n \"imageUrl\",\n \"image\",\n \"downloadUrl\",\n]);\n\nconst GENERATION_TOOL_NAMES = new Set([\n \"generate-image\",\n \"generate-image-batch\",\n \"refine-image\",\n \"rerun-generation-run\",\n]);\n\nfunction safeJsonParse(value: string): unknown {\n try {\n return JSON.parse(value);\n } catch {\n return null;\n }\n}\n\nfunction cleanUrlCandidate(value: string): string {\n return value\n .trim()\n .replace(/[),.;\\]}]+$/g, \"\")\n .replace(/^[\"'(<]+/g, \"\");\n}\n\nfunction isAbsoluteHttpUrl(value: string): boolean {\n try {\n const url = new URL(value);\n return url.protocol === \"https:\" || url.protocol === \"http:\";\n } catch {\n return false;\n }\n}\n\nfunction isImageLikeUrl(value: string): boolean {\n try {\n const url = new URL(value);\n return (\n /\\.(?:png|jpe?g|webp|gif|avif)(?:$|[?#])/i.test(url.pathname) ||\n /\\/api\\/assets\\/[^/]+\\/content(?:$|[?#])/i.test(url.pathname)\n );\n } catch {\n return false;\n }\n}\n\nfunction validPreviewImageUrl(value: unknown, key?: string): string | null {\n if (typeof value !== \"string\") return null;\n const candidate = cleanUrlCandidate(value);\n if (!isAbsoluteHttpUrl(candidate)) return null;\n if (key && IMAGE_URL_KEYS.has(key)) return candidate;\n return isImageLikeUrl(candidate) ? candidate : null;\n}\n\nfunction imageUrlFromStructuredValue(value: unknown): string | null {\n if (!value || typeof value !== \"object\") return null;\n if (Array.isArray(value)) {\n for (let i = value.length - 1; i >= 0; i--) {\n const found = imageUrlFromStructuredValue(value[i]);\n if (found) return found;\n }\n return null;\n }\n\n const record = value as Record<string, unknown>;\n for (const key of IMAGE_URL_KEYS) {\n const found = validPreviewImageUrl(record[key], key);\n if (found) return found;\n }\n for (const [key, child] of Object.entries(record).reverse()) {\n const direct = validPreviewImageUrl(child, key);\n if (direct) return direct;\n if (child && typeof child === \"object\") {\n const nested = imageUrlFromStructuredValue(child);\n if (nested) return nested;\n }\n }\n return null;\n}\n\nfunction imageUrlFromText(value: string): string | null {\n const matches = value.match(/https?:\\/\\/[^\\s<>\"']+/g);\n if (!matches) return null;\n for (let i = matches.length - 1; i >= 0; i--) {\n const candidate = validPreviewImageUrl(matches[i]);\n if (candidate) return candidate;\n }\n return null;\n}\n\nexport function extractThreadPreviewImageUrl(\n threadData: string,\n): string | null {\n const parsed = safeJsonParse(threadData);\n if (!parsed || typeof parsed !== \"object\") return null;\n const messages = (parsed as { messages?: unknown }).messages;\n if (!Array.isArray(messages)) return null;\n\n for (\n let messageIndex = messages.length - 1;\n messageIndex >= 0;\n messageIndex--\n ) {\n const entry = messages[messageIndex] as any;\n const message = entry?.message ?? entry;\n const content = message?.content;\n if (!Array.isArray(content)) continue;\n\n for (let partIndex = content.length - 1; partIndex >= 0; partIndex--) {\n const part = content[partIndex] as Record<string, unknown>;\n const result = typeof part.result === \"string\" ? part.result : \"\";\n if (!result.trim()) continue;\n\n const toolName = typeof part.toolName === \"string\" ? part.toolName : \"\";\n const parsedResult = safeJsonParse(result);\n if (parsedResult && GENERATION_TOOL_NAMES.has(toolName)) {\n const structured = imageUrlFromStructuredValue(parsedResult);\n if (structured) return structured;\n }\n\n const fromText = imageUrlFromText(result);\n if (fromText) return fromText;\n }\n }\n return null;\n}\n\nfunction previewDescription(thread: ChatThread): string {\n const preview = thread.preview.trim();\n if (preview) return preview.slice(0, 180);\n return \"Open this Agent-Native thread in Dispatch.\";\n}\n\nexport async function loadThreadLinkPreview(\n threadId: string | null | undefined,\n): Promise<ThreadLinkPreview | null> {\n const id = threadId?.trim();\n if (!id) return null;\n const viewerEmail = getRequestContext()?.userEmail?.trim();\n if (!viewerEmail) return null;\n const thread = await getThread(id).catch(() => null);\n if (!thread) return null;\n if (thread.ownerEmail !== viewerEmail) return null;\n const title = thread.title.trim() || \"Agent-Native thread\";\n return {\n title,\n description: previewDescription(thread),\n imageUrl: extractThreadPreviewImageUrl(thread.threadData),\n };\n}\n\nexport function buildThreadLinkPreviewMeta(preview: ThreadLinkPreview | null) {\n const title = preview?.title ? `${preview.title} - Dispatch` : \"Dispatch\";\n const description =\n preview?.description ||\n \"Open this Agent-Native thread in the Dispatch workspace.\";\n const image = preview?.imageUrl ?? null;\n return [\n { title },\n { name: \"description\", content: description },\n { property: \"og:title\", content: title },\n { property: \"og:description\", content: description },\n { property: \"og:type\", content: \"website\" },\n ...(image ? [{ property: \"og:image\", content: image }] : []),\n {\n name: \"twitter:card\",\n content: image ? \"summary_large_image\" : \"summary\",\n },\n { name: \"twitter:title\", content: title },\n { name: \"twitter:description\", content: description },\n ...(image ? [{ name: \"twitter:image\", content: image }] : []),\n ];\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@agent-native/dispatch",
-  "version": "0.8.20",
+  "version": "0.8.23",
   "type": "module",
   "description": "Dispatch — workspace control plane for agent-native apps. Vault, integrations, destinations, scheduled jobs, and cross-app delegation, shipped as a single drop-in package.",
   "license": "MIT",

package/src/routes/pages/chat.tsx CHANGED Viewed

@@ -1,7 +1,15 @@
 import { useEffect, useRef } from "react";
-import { useLocation, useNavigate } from "react-router";
+import {
+  useLocation,
+  useNavigate,
+  type LoaderFunctionArgs,
+} from "react-router";
 import { AgentChatSurface } from "@agent-native/core/client";
 import { submitOverviewPrompt } from "@/lib/overview-chat";
+import {
+  buildThreadLinkPreviewMeta,
+  loadThreadLinkPreview,
+} from "@/server/lib/thread-link-preview";
 interface DispatchChatLocationState {
   dispatchPrompt?: {
@@ -15,8 +23,17 @@ interface DispatchChatLocationState {
   };
 }
-export function meta() {
-  return [{ title: "Chat — Dispatch" }];
+export async function loader({ request }: LoaderFunctionArgs) {
+  const threadId = new URL(request.url).searchParams.get("thread");
+  return {
+    threadPreview: await loadThreadLinkPreview(threadId),
+  };
+}
+export function meta({ data }: { data?: Awaited<ReturnType<typeof loader>> }) {
+  return data?.threadPreview
+    ? buildThreadLinkPreviewMeta(data.threadPreview)
+    : [{ title: "Chat — Dispatch" }];
 }
 export default function ChatRoute() {

package/src/routes/pages/overview.tsx CHANGED Viewed

@@ -1,5 +1,5 @@
 import { useEffect, useMemo, useState } from "react";
-import { Link, useNavigate } from "react-router";
+import { Link, useNavigate, type LoaderFunctionArgs } from "react-router";
 import {
   PromptComposer,
   useActionQuery,
@@ -34,6 +34,10 @@ import {
   TooltipTrigger,
 } from "@/components/ui/tooltip";
 import { submitOverviewPrompt } from "@/lib/overview-chat";
+import {
+  buildThreadLinkPreviewMeta,
+  loadThreadLinkPreview,
+} from "@/server/lib/thread-link-preview";
 import type { WorkspaceAppSummary } from "@/lib/workspace-apps";
 interface IntegrationStatus {
@@ -395,18 +399,18 @@ function StatCard({
   cta?: React.ReactNode;
 }) {
   return (
-    <div className="rounded-2xl border bg-card p-5">
+    <div className="min-w-0 rounded-2xl border bg-card p-5">
       <div className="flex items-start justify-between gap-3">
         <div className="min-w-0">
-          <div className="flex items-center gap-1.5 text-sm font-medium text-foreground">
-            <span>{label}</span>
+          <div className="flex items-center gap-1.5 text-sm font-medium leading-snug text-foreground">
+            <span className="min-w-0">{label}</span>
             <HelpTooltip content={help} />
           </div>
           <div className="mt-3 text-3xl font-semibold text-foreground">
             {value}
           </div>
         </div>
-        <div className="rounded-xl border bg-muted/30 p-3 text-muted-foreground">
+        <div className="shrink-0 rounded-xl border bg-muted/30 p-3 text-muted-foreground">
           <Icon size={18} />
         </div>
       </div>
@@ -471,8 +475,17 @@ function StepRow({ step }: { step: ChecklistStep }) {
   );
 }
-export function meta() {
-  return [{ title: "Overview — Dispatch" }];
+export async function loader({ request }: LoaderFunctionArgs) {
+  const threadId = new URL(request.url).searchParams.get("thread");
+  return {
+    threadPreview: await loadThreadLinkPreview(threadId),
+  };
+}
+export function meta({ data }: { data?: Awaited<ReturnType<typeof loader>> }) {
+  return data?.threadPreview
+    ? buildThreadLinkPreviewMeta(data.threadPreview)
+    : [{ title: "Overview — Dispatch" }];
 }
 export default function OverviewRoute() {
@@ -636,7 +649,7 @@ export default function OverviewRoute() {
           <IconActivity size={16} className="text-muted-foreground" />
           <h2 className="text-sm font-semibold text-foreground">At a glance</h2>
         </div>
-        <div className="grid gap-4 md:grid-cols-2 xl:grid-cols-4">
+        <div className="grid grid-cols-[repeat(auto-fit,minmax(min(100%,13rem),1fr))] gap-4">
           <StatCard
             label="Vault secrets"
             help="Credentials stored in the workspace vault."

package/src/server/lib/dispatch-integrations.spec.ts CHANGED Viewed

@@ -38,6 +38,21 @@ function slackIncoming(
   };
 }
+function emailIncoming(
+  overrides: Partial<IncomingMessage> = {},
+): IncomingMessage {
+  return {
+    platform: "email",
+    externalThreadId: "victim@member.test::<root@member.test>",
+    text: "transfer everything",
+    senderId: "victim@member.test",
+    senderName: "Victim",
+    platformContext: { from: "victim@member.test" },
+    timestamp: 1,
+    ...overrides,
+  };
+}
 beforeEach(() => {
   mocks.resolveLinkedOwner.mockResolvedValue(null);
   mocks.consumeLinkToken.mockResolvedValue("owner@example.test");
@@ -113,4 +128,58 @@ describe("resolveDispatchOwner", () => {
       "default@example.test",
     );
   });
+  it("does NOT impersonate an org member from an unverified (spoofed) email From", async () => {
+    // Attacker spoofs From: victim@member.test, which IS a real org member —
+    // but the message is unverified (no DKIM/SPF pass). Must fall through to
+    // the synthetic, credential-less owner, NOT the victim's identity.
+    mocks.resolveOrgIdForEmail.mockResolvedValue("org_123");
+    const owner = await resolveDispatchOwner(
+      emailIncoming({ senderVerified: false }),
+    );
+    expect(owner).not.toBe("victim@member.test");
+    expect(owner).toMatch(/@integration\.local$/);
+  });
+  it("does NOT impersonate when sender is verified but not an org member", async () => {
+    mocks.resolveOrgIdForEmail.mockResolvedValue(null);
+    const owner = await resolveDispatchOwner(
+      emailIncoming({
+        senderId: "stranger@outside.test",
+        platformContext: { from: "stranger@outside.test" },
+        senderVerified: true,
+      }),
+    );
+    expect(owner).not.toBe("stranger@outside.test");
+    expect(owner).toMatch(/@integration\.local$/);
+  });
+  it("uses the email sender as owner when verified AND an org member", async () => {
+    mocks.resolveOrgIdForEmail.mockResolvedValue("org_123");
+    await expect(
+      resolveDispatchOwner(emailIncoming({ senderVerified: true })),
+    ).resolves.toBe("victim@member.test");
+  });
+  it("honors a linked identity for email regardless of verification", async () => {
+    mocks.resolveLinkedOwner.mockResolvedValueOnce("linked@member.test");
+    await expect(
+      resolveDispatchOwner(emailIncoming({ senderVerified: false })),
+    ).resolves.toBe("linked@member.test");
+    expect(mocks.resolveOrgIdForEmail).not.toHaveBeenCalled();
+  });
+  it("restores legacy trust-From behavior under the escape hatch", async () => {
+    vi.stubEnv("DISPATCH_TRUST_UNVERIFIED_EMAIL_SENDER", "1");
+    await expect(
+      resolveDispatchOwner(emailIncoming({ senderVerified: false })),
+    ).resolves.toBe("victim@member.test");
+  });
 });

package/src/server/lib/dispatch-integrations.ts CHANGED Viewed

@@ -164,14 +164,37 @@ export async function resolveDispatchOwner(
     });
     if (owner) return owner;
-    // For email, the sender's email address is already a natural identity.
-    // If the senderId looks like an email address, use it directly as the owner.
+    // For email, the sender's `From:` address is attacker-settable: SMTP lets
+    // anyone claim any From, and our inbound webhook secret only authenticates
+    // the provider→app hop, not the original sender. So we must NOT grant a
+    // real user's identity (their API keys, org secrets, personal
+    // instructions, ownable data) off the bare From. Mirror the Slack gate:
+    // only return the sender email as the acting owner when BOTH
+    //   (a) the message is DKIM/SPF-verified for the From domain, AND
+    //   (b) that email maps to a real org member.
+    // Otherwise fall through to the synthetic, credential-less fallback owner.
+    // (A linked identity, handled by resolveLinkedOwner above, remains an
+    // always-allowed way to bind an address regardless of verification.)
+    //
+    // Escape hatch: set DISPATCH_TRUST_UNVERIFIED_EMAIL_SENDER=1 to restore
+    // the legacy "trust the From header" behavior. OFF by default; only use
+    // this if you fully control the inbound mail path and accept that a
+    // spoofed From can act as any org member. See FINDING 3 (inbound-email
+    // impersonation) in the webhook security audit.
     if (
       incoming.platform === "email" &&
       incoming.senderId &&
       incoming.senderId.includes("@")
     ) {
-      return incoming.senderId;
+      if (process.env.DISPATCH_TRUST_UNVERIFIED_EMAIL_SENDER === "1") {
+        return incoming.senderId;
+      }
+      if (incoming.senderVerified) {
+        const orgId = await resolveOrgIdForEmail(incoming.senderId);
+        if (orgId) return incoming.senderId;
+      }
+      // Unverified or not an org member — do not impersonate. Fall through to
+      // the synthetic fallback owner below.
     }
     // Slack gives us a user id in the event payload. Resolve it to a verified

package/src/server/lib/thread-link-preview.spec.ts ADDED Viewed

@@ -0,0 +1,129 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { ChatThread } from "@agent-native/core/server";
+const getRequestContextMock = vi.hoisted(() => vi.fn());
+const getThreadMock = vi.hoisted(() => vi.fn());
+vi.mock("@agent-native/core/server", () => ({
+  getRequestContext: getRequestContextMock,
+  getThread: getThreadMock,
+}));
+import {
+  extractThreadPreviewImageUrl,
+  loadThreadLinkPreview,
+} from "./thread-link-preview";
+function threadDataWithResult(toolName: string, result: unknown) {
+  return JSON.stringify({
+    messages: [
+      {
+        message: {
+          role: "assistant",
+          content: [
+            {
+              type: "tool-call",
+              toolName,
+              result:
+                typeof result === "string" ? result : JSON.stringify(result),
+            },
+          ],
+        },
+        parentId: null,
+      },
+    ],
+  });
+}
+function previewThread(overrides: Partial<ChatThread> = {}): ChatThread {
+  return {
+    id: "thread-1",
+    ownerEmail: "owner@example.test",
+    title: "Launch image",
+    preview: "Generated a launch image",
+    threadData: threadDataWithResult("generate-image", {
+      previewUrl: "https://cdn.example.com/generated-social.webp",
+    }),
+    messageCount: 1,
+    createdAt: 1,
+    updatedAt: 2,
+    scope: null,
+    pinnedAt: null,
+    archivedAt: null,
+    ...overrides,
+  };
+}
+beforeEach(() => {
+  getRequestContextMock.mockReset();
+  getThreadMock.mockReset();
+});
+describe("thread link preview image extraction", () => {
+  it("uses generated image preview URLs from generate-image results", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image", {
+          url: "https://app.example.com/assets/asset/asset-1",
+          previewUrl: "https://cdn.example.com/generated-social.webp",
+          thumbnailUrl: "https://cdn.example.com/generated-social-thumb.webp",
+        }),
+      ),
+    ).toBe("https://cdn.example.com/generated-social.webp");
+  });
+  it("uses the newest image from batched generation results", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image-batch", {
+          images: [
+            { previewUrl: "https://cdn.example.com/first.png" },
+            { previewUrl: "https://cdn.example.com/latest.png" },
+          ],
+        }),
+      ),
+    ).toBe("https://cdn.example.com/latest.png");
+  });
+  it("ignores asset page URLs that are not image media", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image", {
+          url: "https://app.example.com/assets/asset/asset-1",
+        }),
+      ),
+    ).toBeNull();
+  });
+});
+describe("thread link preview access", () => {
+  it("loads preview metadata for the owning user", async () => {
+    getRequestContextMock.mockReturnValue({
+      userEmail: "owner@example.test",
+    });
+    getThreadMock.mockResolvedValue(previewThread());
+    await expect(loadThreadLinkPreview(" thread-1 ")).resolves.toEqual({
+      title: "Launch image",
+      description: "Generated a launch image",
+      imageUrl: "https://cdn.example.com/generated-social.webp",
+    });
+    expect(getThreadMock).toHaveBeenCalledWith("thread-1");
+  });
+  it("does not read thread metadata without an authenticated request context", async () => {
+    getRequestContextMock.mockReturnValue(undefined);
+    await expect(loadThreadLinkPreview("thread-1")).resolves.toBeNull();
+    expect(getThreadMock).not.toHaveBeenCalled();
+  });
+  it("does not emit another user's thread metadata", async () => {
+    getRequestContextMock.mockReturnValue({
+      userEmail: "viewer@example.test",
+    });
+    getThreadMock.mockResolvedValue(previewThread());
+    await expect(loadThreadLinkPreview("thread-1")).resolves.toBeNull();
+  });
+});