@agent-native/dispatch 0.8.20 → 0.8.24

package/dist/server/lib/thread-link-preview.js

@@ -0,0 +1,176 @@
+import { getRequestContext, getThread } from "@agent-native/core/server";
+const IMAGE_URL_KEYS = new Set([
+    "previewUrl",
+    "thumbnailUrl",
+    "imageUrl",
+    "image",
+    "downloadUrl",
+]);
+const GENERATION_TOOL_NAMES = new Set([
+    "generate-image",
+    "generate-image-batch",
+    "refine-image",
+    "rerun-generation-run",
+]);
+function safeJsonParse(value) {
+    try {
+        return JSON.parse(value);
+    }
+    catch {
+        return null;
+    }
+}
+function cleanUrlCandidate(value) {
+    return value
+        .trim()
+        .replace(/[),.;\]}]+$/g, "")
+        .replace(/^["'(<]+/g, "");
+}
+function isAbsoluteHttpUrl(value) {
+    try {
+        const url = new URL(value);
+        return url.protocol === "https:" || url.protocol === "http:";
+    }
+    catch {
+        return false;
+    }
+}
+function isImageLikeUrl(value) {
+    try {
+        const url = new URL(value);
+        return (/\.(?:png|jpe?g|webp|gif|avif)(?:$|[?#])/i.test(url.pathname) ||
+            /\/api\/assets\/[^/]+\/content(?:$|[?#])/i.test(url.pathname));
+    }
+    catch {
+        return false;
+    }
+}
+function validPreviewImageUrl(value, key) {
+    if (typeof value !== "string")
+        return null;
+    const candidate = cleanUrlCandidate(value);
+    if (!isAbsoluteHttpUrl(candidate))
+        return null;
+    if (key && IMAGE_URL_KEYS.has(key))
+        return candidate;
+    return isImageLikeUrl(candidate) ? candidate : null;
+}
+function imageUrlFromStructuredValue(value) {
+    if (!value || typeof value !== "object")
+        return null;
+    if (Array.isArray(value)) {
+        for (let i = value.length - 1; i >= 0; i--) {
+            const found = imageUrlFromStructuredValue(value[i]);
+            if (found)
+                return found;
+        }
+        return null;
+    }
+    const record = value;
+    for (const key of IMAGE_URL_KEYS) {
+        const found = validPreviewImageUrl(record[key], key);
+        if (found)
+            return found;
+    }
+    for (const [key, child] of Object.entries(record).reverse()) {
+        const direct = validPreviewImageUrl(child, key);
+        if (direct)
+            return direct;
+        if (child && typeof child === "object") {
+            const nested = imageUrlFromStructuredValue(child);
+            if (nested)
+                return nested;
+        }
+    }
+    return null;
+}
+function imageUrlFromText(value) {
+    const matches = value.match(/https?:\/\/[^\s<>"']+/g);
+    if (!matches)
+        return null;
+    for (let i = matches.length - 1; i >= 0; i--) {
+        const candidate = validPreviewImageUrl(matches[i]);
+        if (candidate)
+            return candidate;
+    }
+    return null;
+}
+export function extractThreadPreviewImageUrl(threadData) {
+    const parsed = safeJsonParse(threadData);
+    if (!parsed || typeof parsed !== "object")
+        return null;
+    const messages = parsed.messages;
+    if (!Array.isArray(messages))
+        return null;
+    for (let messageIndex = messages.length - 1; messageIndex >= 0; messageIndex--) {
+        const entry = messages[messageIndex];
+        const message = entry?.message ?? entry;
+        const content = message?.content;
+        if (!Array.isArray(content))
+            continue;
+        for (let partIndex = content.length - 1; partIndex >= 0; partIndex--) {
+            const part = content[partIndex];
+            const result = typeof part.result === "string" ? part.result : "";
+            if (!result.trim())
+                continue;
+            const toolName = typeof part.toolName === "string" ? part.toolName : "";
+            const parsedResult = safeJsonParse(result);
+            if (parsedResult && GENERATION_TOOL_NAMES.has(toolName)) {
+                const structured = imageUrlFromStructuredValue(parsedResult);
+                if (structured)
+                    return structured;
+            }
+            const fromText = imageUrlFromText(result);
+            if (fromText)
+                return fromText;
+        }
+    }
+    return null;
+}
+function previewDescription(thread) {
+    const preview = thread.preview.trim();
+    if (preview)
+        return preview.slice(0, 180);
+    return "Open this Agent-Native thread in Dispatch.";
+}
+export async function loadThreadLinkPreview(threadId) {
+    const id = threadId?.trim();
+    if (!id)
+        return null;
+    const viewerEmail = getRequestContext()?.userEmail?.trim();
+    if (!viewerEmail)
+        return null;
+    const thread = await getThread(id).catch(() => null);
+    if (!thread)
+        return null;
+    if (thread.ownerEmail !== viewerEmail)
+        return null;
+    const title = thread.title.trim() || "Agent-Native thread";
+    return {
+        title,
+        description: previewDescription(thread),
+        imageUrl: extractThreadPreviewImageUrl(thread.threadData),
+    };
+}
+export function buildThreadLinkPreviewMeta(preview) {
+    const title = preview?.title ? `${preview.title} - Dispatch` : "Dispatch";
+    const description = preview?.description ||
+        "Open this Agent-Native thread in the Dispatch workspace.";
+    const image = preview?.imageUrl ?? null;
+    return [
+        { title },
+        { name: "description", content: description },
+        { property: "og:title", content: title },
+        { property: "og:description", content: description },
+        { property: "og:type", content: "website" },
+        ...(image ? [{ property: "og:image", content: image }] : []),
+        {
+            name: "twitter:card",
+            content: image ? "summary_large_image" : "summary",
+        },
+        { name: "twitter:title", content: title },
+        { name: "twitter:description", content: description },
+        ...(image ? [{ name: "twitter:image", content: image }] : []),
+    ];
+}
+//# sourceMappingURL=thread-link-preview.js.map

package/dist/server/lib/thread-link-preview.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"thread-link-preview.js","sourceRoot":"","sources":["../../../src/server/lib/thread-link-preview.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAQzE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,YAAY;IACZ,cAAc;IACd,UAAU;IACV,OAAO;IACP,aAAa;CACd,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,gBAAgB;IAChB,sBAAsB;IACtB,cAAc;IACd,sBAAsB;CACvB,CAAC,CAAC;AAEH,SAAS,aAAa,CAAC,KAAa;IAClC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,OAAO,KAAK;SACT,IAAI,EAAE;SACN,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;SAC3B,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAC9B,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAa;IACnC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,CACL,0CAA0C,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC;YAC7D,0CAA0C,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAC9D,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAc,EAAE,GAAY;IACxD,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3C,MAAM,SAAS,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC;IAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAC/C,IAAI,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,SAAS,CAAC;IACrD,OAAO,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;AACtD,CAAC;AAED,SAAS,2BAA2B,CAAC,KAAc;IACjD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,MAAM,KAAK,GAAG,2BAA2B,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACpD,IAAI,KAAK;gBAAE,OAAO,KAAK,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,KAAgC,CAAC;IAChD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,oBAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;QACrD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;IAC1B,CAAC;IACD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC;QAC5D,MAAM,MAAM,GAAG,oBAAoB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAChD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAC1B,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,2BAA2B,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAC;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAa;IACrC,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACtD,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC;IAC1B,KAAK,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC7C,MAAM,SAAS,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACnD,IAAI,SAAS;YAAE,OAAO,SAAS,CAAC;IAClC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,UAAkB;IAElB,MAAM,MAAM,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,QAAQ,GAAI,MAAiC,CAAC,QAAQ,CAAC;IAC7D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IAE1C,KACE,IAAI,YAAY,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,EACtC,YAAY,IAAI,CAAC,EACjB,YAAY,EAAE,EACd,CAAC;QACD,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAY,CAAQ,CAAC;QAC5C,MAAM,OAAO,GAAG,KAAK,EAAE,OAAO,IAAI,KAAK,CAAC;QACxC,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,SAAS;QAEtC,KAAK,IAAI,SAAS,GAAG,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,SAAS,IAAI,CAAC,EAAE,SAAS,EAAE,EAAE,CAAC;YACrE,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAA4B,CAAC;YAC3D,MAAM,MAAM,GAAG,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE;gBAAE,SAAS;YAE7B,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YACxE,MAAM,YAAY,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,YAAY,IAAI,qBAAqB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACxD,MAAM,UAAU,GAAG,2BAA2B,CAAC,YAAY,CAAC,CAAC;gBAC7D,IAAI,UAAU;oBAAE,OAAO,UAAU,CAAC;YACpC,CAAC;YAED,MAAM,QAAQ,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QAChC,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAkB;IAC5C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IACtC,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1C,OAAO,4CAA4C,CAAC;AACtD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAAmC;IAEnC,MAAM,EAAE,GAAG,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,IAAI,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IACrB,MAAM,WAAW,GAAG,iBAAiB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IAC3D,IAAI,CAAC,WAAW;QAAE,OAAO,IAAI,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IACrD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,MAAM,CAAC,UAAU,KAAK,WAAW;QAAE,OAAO,IAAI,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,qBAAqB,CAAC;IAC3D,OAAO;QACL,KAAK;QACL,WAAW,EAAE,kBAAkB,CAAC,MAAM,CAAC;QACvC,QAAQ,EAAE,4BAA4B,CAAC,MAAM,CAAC,UAAU,CAAC;KAC1D,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,OAAiC;IAC1E,MAAM,KAAK,GAAG,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC;IAC1E,MAAM,WAAW,GACf,OAAO,EAAE,WAAW;QACpB,0DAA0D,CAAC;IAC7D,MAAM,KAAK,GAAG,OAAO,EAAE,QAAQ,IAAI,IAAI,CAAC;IACxC,OAAO;QACL,EAAE,KAAK,EAAE;QACT,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE;QAC7C,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE;QACxC,EAAE,QAAQ,EAAE,gBAAgB,EAAE,OAAO,EAAE,WAAW,EAAE;QACpD,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE;QAC3C,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QAC5D;YACE,IAAI,EAAE,cAAc;YACpB,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS;SACnD;QACD,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE;QACzC,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,WAAW,EAAE;QACrD,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KAC9D,CAAC;AACJ,CAAC","sourcesContent":["import type { ChatThread } from \"@agent-native/core/server\";\nimport { getRequestContext, getThread } from \"@agent-native/core/server\";\n\nexport interface ThreadLinkPreview {\n  title: string;\n  description: string;\n  imageUrl: string | null;\n}\n\nconst IMAGE_URL_KEYS = new Set([\n  \"previewUrl\",\n  \"thumbnailUrl\",\n  \"imageUrl\",\n  \"image\",\n  \"downloadUrl\",\n]);\n\nconst GENERATION_TOOL_NAMES = new Set([\n  \"generate-image\",\n  \"generate-image-batch\",\n  \"refine-image\",\n  \"rerun-generation-run\",\n]);\n\nfunction safeJsonParse(value: string): unknown {\n  try {\n    return JSON.parse(value);\n  } catch {\n    return null;\n  }\n}\n\nfunction cleanUrlCandidate(value: string): string {\n  return value\n    .trim()\n    .replace(/[),.;\\]}]+$/g, \"\")\n    .replace(/^[\"'(<]+/g, \"\");\n}\n\nfunction isAbsoluteHttpUrl(value: string): boolean {\n  try {\n    const url = new URL(value);\n    return url.protocol === \"https:\" || url.protocol === \"http:\";\n  } catch {\n    return false;\n  }\n}\n\nfunction isImageLikeUrl(value: string): boolean {\n  try {\n    const url = new URL(value);\n    return (\n      /\\.(?:png|jpe?g|webp|gif|avif)(?:$|[?#])/i.test(url.pathname) ||\n      /\\/api\\/assets\\/[^/]+\\/content(?:$|[?#])/i.test(url.pathname)\n    );\n  } catch {\n    return false;\n  }\n}\n\nfunction validPreviewImageUrl(value: unknown, key?: string): string | null {\n  if (typeof value !== \"string\") return null;\n  const candidate = cleanUrlCandidate(value);\n  if (!isAbsoluteHttpUrl(candidate)) return null;\n  if (key && IMAGE_URL_KEYS.has(key)) return candidate;\n  return isImageLikeUrl(candidate) ? candidate : null;\n}\n\nfunction imageUrlFromStructuredValue(value: unknown): string | null {\n  if (!value || typeof value !== \"object\") return null;\n  if (Array.isArray(value)) {\n    for (let i = value.length - 1; i >= 0; i--) {\n      const found = imageUrlFromStructuredValue(value[i]);\n      if (found) return found;\n    }\n    return null;\n  }\n\n  const record = value as Record<string, unknown>;\n  for (const key of IMAGE_URL_KEYS) {\n    const found = validPreviewImageUrl(record[key], key);\n    if (found) return found;\n  }\n  for (const [key, child] of Object.entries(record).reverse()) {\n    const direct = validPreviewImageUrl(child, key);\n    if (direct) return direct;\n    if (child && typeof child === \"object\") {\n      const nested = imageUrlFromStructuredValue(child);\n      if (nested) return nested;\n    }\n  }\n  return null;\n}\n\nfunction imageUrlFromText(value: string): string | null {\n  const matches = value.match(/https?:\\/\\/[^\\s<>\"']+/g);\n  if (!matches) return null;\n  for (let i = matches.length - 1; i >= 0; i--) {\n    const candidate = validPreviewImageUrl(matches[i]);\n    if (candidate) return candidate;\n  }\n  return null;\n}\n\nexport function extractThreadPreviewImageUrl(\n  threadData: string,\n): string | null {\n  const parsed = safeJsonParse(threadData);\n  if (!parsed || typeof parsed !== \"object\") return null;\n  const messages = (parsed as { messages?: unknown }).messages;\n  if (!Array.isArray(messages)) return null;\n\n  for (\n    let messageIndex = messages.length - 1;\n    messageIndex >= 0;\n    messageIndex--\n  ) {\n    const entry = messages[messageIndex] as any;\n    const message = entry?.message ?? entry;\n    const content = message?.content;\n    if (!Array.isArray(content)) continue;\n\n    for (let partIndex = content.length - 1; partIndex >= 0; partIndex--) {\n      const part = content[partIndex] as Record<string, unknown>;\n      const result = typeof part.result === \"string\" ? part.result : \"\";\n      if (!result.trim()) continue;\n\n      const toolName = typeof part.toolName === \"string\" ? part.toolName : \"\";\n      const parsedResult = safeJsonParse(result);\n      if (parsedResult && GENERATION_TOOL_NAMES.has(toolName)) {\n        const structured = imageUrlFromStructuredValue(parsedResult);\n        if (structured) return structured;\n      }\n\n      const fromText = imageUrlFromText(result);\n      if (fromText) return fromText;\n    }\n  }\n  return null;\n}\n\nfunction previewDescription(thread: ChatThread): string {\n  const preview = thread.preview.trim();\n  if (preview) return preview.slice(0, 180);\n  return \"Open this Agent-Native thread in Dispatch.\";\n}\n\nexport async function loadThreadLinkPreview(\n  threadId: string | null | undefined,\n): Promise<ThreadLinkPreview | null> {\n  const id = threadId?.trim();\n  if (!id) return null;\n  const viewerEmail = getRequestContext()?.userEmail?.trim();\n  if (!viewerEmail) return null;\n  const thread = await getThread(id).catch(() => null);\n  if (!thread) return null;\n  if (thread.ownerEmail !== viewerEmail) return null;\n  const title = thread.title.trim() || \"Agent-Native thread\";\n  return {\n    title,\n    description: previewDescription(thread),\n    imageUrl: extractThreadPreviewImageUrl(thread.threadData),\n  };\n}\n\nexport function buildThreadLinkPreviewMeta(preview: ThreadLinkPreview | null) {\n  const title = preview?.title ? `${preview.title} - Dispatch` : \"Dispatch\";\n  const description =\n    preview?.description ||\n    \"Open this Agent-Native thread in the Dispatch workspace.\";\n  const image = preview?.imageUrl ?? null;\n  return [\n    { title },\n    { name: \"description\", content: description },\n    { property: \"og:title\", content: title },\n    { property: \"og:description\", content: description },\n    { property: \"og:type\", content: \"website\" },\n    ...(image ? [{ property: \"og:image\", content: image }] : []),\n    {\n      name: \"twitter:card\",\n      content: image ? \"summary_large_image\" : \"summary\",\n    },\n    { name: \"twitter:title\", content: title },\n    { name: \"twitter:description\", content: description },\n    ...(image ? [{ name: \"twitter:image\", content: image }] : []),\n  ];\n}\n"]}

package/dist/server/lib/vault-store.d.ts

@@ -25,6 +25,7 @@ export interface VaultCtx {
  * leaked rows across tenants when a misconfigured environment skipped auth.
  */
 export declare function requireVaultCtx(): VaultCtx;
+export declare function isTrustedEnvVarSyncAgentUrl(agentUrl: string): boolean;
 export declare function getVaultAccessSettings(): Promise<VaultAccessSettings>;
 export declare function setVaultAccessSettings(input: {
     mode: VaultAccessMode;

package/dist/server/lib/vault-store.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"vault-store.d.ts","sourceRoot":"","sources":["../../../src/server/lib/vault-store.ts"],"names":[],"mappings":"AAGA,OAAO,EAIL,KAAK,WAAW,EACjB,MAAM,4BAA4B,CAAC;AAOpC,OAAO,EAAS,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAUlD,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEpD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,eAAe,CAAC;IACtB,KAAK,EAAE,KAAK,GAAG,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,QAAQ;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,QAAQ,CAM1C;AAyDD,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAU3E;AAED,wBAAsB,sBAAsB,CAAC,KAAK,EAAE;IAClD,IAAI,EAAE,eAAe,CAAC;CACvB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAmB/B;AAID,wBAAsB,gBAAgB,CAAC,KAAK,EAAE;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,iBAcA;AAED,wBAAsB,cAAc,CAAC,KAAK,SAAK;;;;;;;;;;;KAQ9C;AAID,wBAAsB,WAAW;;;;;;;;;;;;KAOhC;AAED,wBAAsB,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ;;;;;;;;;;;;GAa9D;AAED,wBAAsB,YAAY,CAChC,KAAK,EAAE;IACL,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B,EACD,GAAG,GAAE,QAA4B;;;;;;;;;;;;GAmGlC;AAED,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,KAAK,EACD,MAAM,GACN;IACE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B,EACL,GAAG,GAAE,QAA4B;;;;;;;;;;;;GAsGlC;AAED,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,GAAG,GAAE,QAA4B;;;;;;;;;;;;GAwClC;AAID,wBAAsB,UAAU,CAAC,MAAM,CAAC,EAAE;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;;;;;;;;;;;KAcA;AAED,wBAAsB,QAAQ,CAC5B,OAAO,EAAE,MAAM,EACf,GAAG,GAAE,QAA4B;;;;;;;;;;;GAclC;AAED,wBAAsB,WAAW,CAC/B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,GAAG,GAAE,QAA4B;;;;;;;;;;;GAuClC;AAED,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,MAAM,EAAE,EACnB,KAAK,EAAE,MAAM,EACb,GAAG,GAAE,QAA4B;;;;;;;;;;GAkClC;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,GAAG,GAAE,QAA4B;;;;;;;;;;;GAkClC;AAID,KAAK,cAAc,GAAG,OAAO,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC;AAE9D,wBAAgB,+BAA+B,CAAC,GAAG,EAAE,QAAQ,GAAG;IAC9D,KAAK,EAAE,OAAO,CAAC,WAAW,EAAE,KAAK,GAAG,WAAW,CAAC,CAAC;IACjD,OAAO,EAAE,MAAM,CAAC;CACjB,CAGA;AAED,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,cAAc,EAAE,EACzB,GAAG,EAAE,QAAQ;;WATN,OAAO,CAAC,WAAW,EAAE,KAAK,GAAG,WAAW,CAAC;aACvC,MAAM;GA0BhB;AAED,wBAAsB,mCAAmC,CACvD,GAAG,EAAE,QAAQ,EACb,aAAa,CAAC,EAAE,MAAM,EAAE,iBA+BzB;AAID,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,GAAG,GAAE,QAA4B;;;;;;;;;;;;;;;;;;gBAyCnB,QAAQ;cAAQ,MAAM,EAAE;;gBACxB,SAAS;gBAAU,MAAM;;gBACzB,QAAQ;gBAAU,MAAM;;GAqEvC;AAID,wBAAsB,YAAY,CAAC,MAAM,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE;;;;;;;;;;;;;KAW9D;AAED,wBAAsB,UAAU,CAC9B,SAAS,EAAE,MAAM,EACjB,GAAG,GAAE,QAA4B;;;;;;;;;;;;;GAclC;AAED,wBAAsB,aAAa,CAAC,KAAK,EAAE;IACzC,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;;;;;;;;;;;;;GA+BA;AAED,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,CAAC,EAAE,MAAM,EACnB,GAAG,GAAE,QAA4B;;;;;;;;;;;;;GAoElC;AAED,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,EACtB,GAAG,GAAE,QAA4B;;;;;;;;;;;;;GAmClC;AAID,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,eAAe,EAAE,eAAe,CAAC;IACjC,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC,CA8E1E;AAID,wBAAsB,iBAAiB;;;;;;GAiBtC"}
+{"version":3,"file":"vault-store.d.ts","sourceRoot":"","sources":["../../../src/server/lib/vault-store.ts"],"names":[],"mappings":"AAIA,OAAO,EAIL,KAAK,WAAW,EACjB,MAAM,4BAA4B,CAAC;AAOpC,OAAO,EAAS,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAUlD,MAAM,MAAM,eAAe,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEpD,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,eAAe,CAAC;IACtB,KAAK,EAAE,KAAK,GAAG,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,QAAQ;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,eAAe,IAAI,QAAQ,CAM1C;AA0DD,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAiBrE;AAoBD,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAU3E;AAED,wBAAsB,sBAAsB,CAAC,KAAK,EAAE;IAClD,IAAI,EAAE,eAAe,CAAC;CACvB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAmB/B;AAID,wBAAsB,gBAAgB,CAAC,KAAK,EAAE;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,iBAcA;AAED,wBAAsB,cAAc,CAAC,KAAK,SAAK;;;;;;;;;;;KAQ9C;AAID,wBAAsB,WAAW;;;;;;;;;;;;KAOhC;AAED,wBAAsB,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ;;;;;;;;;;;;GAa9D;AAED,wBAAsB,YAAY,CAChC,KAAK,EAAE;IACL,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B,EACD,GAAG,GAAE,QAA4B;;;;;;;;;;;;GAmGlC;AAED,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,KAAK,EACD,MAAM,GACN;IACE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B,EACL,GAAG,GAAE,QAA4B;;;;;;;;;;;;GAsGlC;AAED,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,GAAG,GAAE,QAA4B;;;;;;;;;;;;GAwClC;AAID,wBAAsB,UAAU,CAAC,MAAM,CAAC,EAAE;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;;;;;;;;;;;KAcA;AAED,wBAAsB,QAAQ,CAC5B,OAAO,EAAE,MAAM,EACf,GAAG,GAAE,QAA4B;;;;;;;;;;;GAclC;AAED,wBAAsB,WAAW,CAC/B,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,GAAG,GAAE,QAA4B;;;;;;;;;;;GAuClC;AAED,wBAAsB,iBAAiB,CACrC,SAAS,EAAE,MAAM,EAAE,EACnB,KAAK,EAAE,MAAM,EACb,GAAG,GAAE,QAA4B;;;;;;;;;;GAkClC;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,EACf,GAAG,GAAE,QAA4B;;;;;;;;;;;GAkClC;AAID,KAAK,cAAc,GAAG,OAAO,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC;AAE9D,wBAAgB,+BAA+B,CAAC,GAAG,EAAE,QAAQ,GAAG;IAC9D,KAAK,EAAE,OAAO,CAAC,WAAW,EAAE,KAAK,GAAG,WAAW,CAAC,CAAC;IACjD,OAAO,EAAE,MAAM,CAAC;CACjB,CAGA;AAED,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,cAAc,EAAE,EACzB,GAAG,EAAE,QAAQ;;WATN,OAAO,CAAC,WAAW,EAAE,KAAK,GAAG,WAAW,CAAC;aACvC,MAAM;GA0BhB;AAED,wBAAsB,mCAAmC,CACvD,GAAG,EAAE,QAAQ,EACb,aAAa,CAAC,EAAE,MAAM,EAAE,iBA+BzB;AAID,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,GAAG,GAAE,QAA4B;;;;;;;;;;;;;;;;;;gBAyCnB,QAAQ;cAAQ,MAAM,EAAE;;gBACxB,SAAS;gBAAU,MAAM;;gBACzB,QAAQ;gBAAU,MAAM;;GAiFvC;AAID,wBAAsB,YAAY,CAAC,MAAM,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE;;;;;;;;;;;;;KAW9D;AAED,wBAAsB,UAAU,CAC9B,SAAS,EAAE,MAAM,EACjB,GAAG,GAAE,QAA4B;;;;;;;;;;;;;GAclC;AAED,wBAAsB,aAAa,CAAC,KAAK,EAAE;IACzC,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;;;;;;;;;;;;;GA+BA;AAED,wBAAsB,cAAc,CAClC,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,UAAU,CAAC,EAAE,MAAM,EACnB,GAAG,GAAE,QAA4B;;;;;;;;;;;;;GAoElC;AAED,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,EACtB,GAAG,GAAE,QAA4B;;;;;;;;;;;;;GAmClC;AAID,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,OAAO,CAAC;IAClB,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,gBAAgB,EAAE,CAAC;IACjC,eAAe,EAAE,eAAe,CAAC;IACjC,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC,CAkF1E;AAID,wBAAsB,iBAAiB;;;;;;GAiBtC"}

package/dist/server/lib/vault-store.js

@@ -1,6 +1,7 @@
 import crypto from "node:crypto";
 import { and, desc, eq, isNull, or } from "drizzle-orm";
 import { discoverAgents } from "@agent-native/core/server/agent-discovery";
+import { ssrfSafeFetch } from "@agent-native/core/extensions/url-safety";
 import { deleteAppSecret, listAppSecretsForScope, writeAppSecret, } from "@agent-native/core/secrets";
 import { getOrgSetting, getUserSetting, putOrgSetting, putUserSetting, } from "@agent-native/core/settings";
 import { getDb, schema } from "../../db/index.js";
@@ -44,6 +45,43 @@ function now() {
 function safeJson(value) {
     return JSON.stringify(value ?? null);
 }
+function workspaceBaseOrigins() {
+    const out = new Set();
+    for (const value of [
+        process.env.WORKSPACE_GATEWAY_URL,
+        process.env.APP_URL,
+        process.env.URL,
+        process.env.DEPLOY_URL,
+        process.env.BETTER_AUTH_URL,
+    ]) {
+        if (!value)
+            continue;
+        try {
+            out.add(new URL(value).origin);
+        }
+        catch {
+            // Ignore malformed deploy metadata.
+        }
+    }
+    return out;
+}
+export function isTrustedEnvVarSyncAgentUrl(agentUrl) {
+    let parsed;
+    try {
+        parsed = new URL(agentUrl);
+    }
+    catch {
+        return false;
+    }
+    const hostname = parsed.hostname.toLowerCase();
+    if (hostname === "localhost" ||
+        hostname === "127.0.0.1" ||
+        hostname === "::1" ||
+        hostname.endsWith(".localhost")) {
+        return true;
+    }
+    return workspaceBaseOrigins().has(parsed.origin);
+}
 function scopedFilter(table) {
     return ctxScope(table, requireVaultCtx());
 }
@@ -517,27 +555,36 @@ export async function syncGrantsToApp(appId, ctx = requireVaultCtx()) {
     // still read process.env directly. Production/shared-DB apps intentionally
     // reject env writes; the encrypted app_secrets sync above is the canonical
     // path for request-scoped credentials.
-    try {
-        const res = await fetch(`${agent.url}/_agent-native/env-vars`, {
-            method: "POST",
-            headers: { "Content-Type": "application/json" },
-            body: JSON.stringify({ vars }),
-        });
-        if (res.ok) {
-            const result = await res.json();
-            envVarSync = { status: "synced", keys: result.saved || [] };
-        }
-        else {
-            const err = await res.text().catch(() => "Unknown error");
-            envVarSync = { status: "skipped", reason: err };
-        }
-    }
-    catch (err) {
+    if (!isTrustedEnvVarSyncAgentUrl(agent.url)) {
         envVarSync = {
-            status: "failed",
-            reason: err instanceof Error ? err.message : String(err),
+            status: "skipped",
+            reason: "env-var sync is limited to localhost or workspace-owned apps",
         };
     }
+    else {
+        try {
+            const res = await ssrfSafeFetch(`${agent.url}/_agent-native/env-vars`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({ vars }),
+                signal: AbortSignal.timeout(10_000),
+            }, { maxRedirects: 3 });
+            if (res.ok) {
+                const result = await res.json();
+                envVarSync = { status: "synced", keys: result.saved || [] };
+            }
+            else {
+                const err = await res.text().catch(() => "Unknown error");
+                envVarSync = { status: "skipped", reason: err };
+            }
+        }
+        catch (err) {
+            envVarSync = {
+                status: "failed",
+                reason: err instanceof Error ? err.message : String(err),
+            };
+        }
+    }
     const syncedKeys = credentialStoreSync.keys;
     const timestamp = now();
     // Update syncedAt on grants that were successfully pushed to the shared
@@ -712,9 +759,9 @@ export async function listIntegrationsCatalog() {
     const results = [];
     for (const agent of agents) {
         try {
-            const res = await fetch(`${agent.url}/_agent-native/env-status`, {
+            const res = await ssrfSafeFetch(`${agent.url}/_agent-native/env-status`, {
                 signal: AbortSignal.timeout(3000),
-            });
+            }, { maxRedirects: 3 });
             if (!res.ok) {
                 results.push({
                     appId: agent.id,