@agent-native/dispatch 0.8.20 → 0.8.24

package/src/server/lib/thread-link-preview.spec.ts

@@ -0,0 +1,129 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import type { ChatThread } from "@agent-native/core/server";
+
+const getRequestContextMock = vi.hoisted(() => vi.fn());
+const getThreadMock = vi.hoisted(() => vi.fn());
+
+vi.mock("@agent-native/core/server", () => ({
+  getRequestContext: getRequestContextMock,
+  getThread: getThreadMock,
+}));
+
+import {
+  extractThreadPreviewImageUrl,
+  loadThreadLinkPreview,
+} from "./thread-link-preview";
+
+function threadDataWithResult(toolName: string, result: unknown) {
+  return JSON.stringify({
+    messages: [
+      {
+        message: {
+          role: "assistant",
+          content: [
+            {
+              type: "tool-call",
+              toolName,
+              result:
+                typeof result === "string" ? result : JSON.stringify(result),
+            },
+          ],
+        },
+        parentId: null,
+      },
+    ],
+  });
+}
+
+function previewThread(overrides: Partial<ChatThread> = {}): ChatThread {
+  return {
+    id: "thread-1",
+    ownerEmail: "owner@example.test",
+    title: "Launch image",
+    preview: "Generated a launch image",
+    threadData: threadDataWithResult("generate-image", {
+      previewUrl: "https://cdn.example.com/generated-social.webp",
+    }),
+    messageCount: 1,
+    createdAt: 1,
+    updatedAt: 2,
+    scope: null,
+    pinnedAt: null,
+    archivedAt: null,
+    ...overrides,
+  };
+}
+
+beforeEach(() => {
+  getRequestContextMock.mockReset();
+  getThreadMock.mockReset();
+});
+
+describe("thread link preview image extraction", () => {
+  it("uses generated image preview URLs from generate-image results", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image", {
+          url: "https://app.example.com/assets/asset/asset-1",
+          previewUrl: "https://cdn.example.com/generated-social.webp",
+          thumbnailUrl: "https://cdn.example.com/generated-social-thumb.webp",
+        }),
+      ),
+    ).toBe("https://cdn.example.com/generated-social.webp");
+  });
+
+  it("uses the newest image from batched generation results", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image-batch", {
+          images: [
+            { previewUrl: "https://cdn.example.com/first.png" },
+            { previewUrl: "https://cdn.example.com/latest.png" },
+          ],
+        }),
+      ),
+    ).toBe("https://cdn.example.com/latest.png");
+  });
+
+  it("ignores asset page URLs that are not image media", () => {
+    expect(
+      extractThreadPreviewImageUrl(
+        threadDataWithResult("generate-image", {
+          url: "https://app.example.com/assets/asset/asset-1",
+        }),
+      ),
+    ).toBeNull();
+  });
+});
+
+describe("thread link preview access", () => {
+  it("loads preview metadata for the owning user", async () => {
+    getRequestContextMock.mockReturnValue({
+      userEmail: "owner@example.test",
+    });
+    getThreadMock.mockResolvedValue(previewThread());
+
+    await expect(loadThreadLinkPreview(" thread-1 ")).resolves.toEqual({
+      title: "Launch image",
+      description: "Generated a launch image",
+      imageUrl: "https://cdn.example.com/generated-social.webp",
+    });
+    expect(getThreadMock).toHaveBeenCalledWith("thread-1");
+  });
+
+  it("does not read thread metadata without an authenticated request context", async () => {
+    getRequestContextMock.mockReturnValue(undefined);
+
+    await expect(loadThreadLinkPreview("thread-1")).resolves.toBeNull();
+    expect(getThreadMock).not.toHaveBeenCalled();
+  });
+
+  it("does not emit another user's thread metadata", async () => {
+    getRequestContextMock.mockReturnValue({
+      userEmail: "viewer@example.test",
+    });
+    getThreadMock.mockResolvedValue(previewThread());
+
+    await expect(loadThreadLinkPreview("thread-1")).resolves.toBeNull();
+  });
+});

package/src/server/lib/thread-link-preview.ts

@@ -0,0 +1,187 @@
+import type { ChatThread } from "@agent-native/core/server";
+import { getRequestContext, getThread } from "@agent-native/core/server";
+
+export interface ThreadLinkPreview {
+  title: string;
+  description: string;
+  imageUrl: string | null;
+}
+
+const IMAGE_URL_KEYS = new Set([
+  "previewUrl",
+  "thumbnailUrl",
+  "imageUrl",
+  "image",
+  "downloadUrl",
+]);
+
+const GENERATION_TOOL_NAMES = new Set([
+  "generate-image",
+  "generate-image-batch",
+  "refine-image",
+  "rerun-generation-run",
+]);
+
+function safeJsonParse(value: string): unknown {
+  try {
+    return JSON.parse(value);
+  } catch {
+    return null;
+  }
+}
+
+function cleanUrlCandidate(value: string): string {
+  return value
+    .trim()
+    .replace(/[),.;\]}]+$/g, "")
+    .replace(/^["'(<]+/g, "");
+}
+
+function isAbsoluteHttpUrl(value: string): boolean {
+  try {
+    const url = new URL(value);
+    return url.protocol === "https:" || url.protocol === "http:";
+  } catch {
+    return false;
+  }
+}
+
+function isImageLikeUrl(value: string): boolean {
+  try {
+    const url = new URL(value);
+    return (
+      /\.(?:png|jpe?g|webp|gif|avif)(?:$|[?#])/i.test(url.pathname) ||
+      /\/api\/assets\/[^/]+\/content(?:$|[?#])/i.test(url.pathname)
+    );
+  } catch {
+    return false;
+  }
+}
+
+function validPreviewImageUrl(value: unknown, key?: string): string | null {
+  if (typeof value !== "string") return null;
+  const candidate = cleanUrlCandidate(value);
+  if (!isAbsoluteHttpUrl(candidate)) return null;
+  if (key && IMAGE_URL_KEYS.has(key)) return candidate;
+  return isImageLikeUrl(candidate) ? candidate : null;
+}
+
+function imageUrlFromStructuredValue(value: unknown): string | null {
+  if (!value || typeof value !== "object") return null;
+  if (Array.isArray(value)) {
+    for (let i = value.length - 1; i >= 0; i--) {
+      const found = imageUrlFromStructuredValue(value[i]);
+      if (found) return found;
+    }
+    return null;
+  }
+
+  const record = value as Record<string, unknown>;
+  for (const key of IMAGE_URL_KEYS) {
+    const found = validPreviewImageUrl(record[key], key);
+    if (found) return found;
+  }
+  for (const [key, child] of Object.entries(record).reverse()) {
+    const direct = validPreviewImageUrl(child, key);
+    if (direct) return direct;
+    if (child && typeof child === "object") {
+      const nested = imageUrlFromStructuredValue(child);
+      if (nested) return nested;
+    }
+  }
+  return null;
+}
+
+function imageUrlFromText(value: string): string | null {
+  const matches = value.match(/https?:\/\/[^\s<>"']+/g);
+  if (!matches) return null;
+  for (let i = matches.length - 1; i >= 0; i--) {
+    const candidate = validPreviewImageUrl(matches[i]);
+    if (candidate) return candidate;
+  }
+  return null;
+}
+
+export function extractThreadPreviewImageUrl(
+  threadData: string,
+): string | null {
+  const parsed = safeJsonParse(threadData);
+  if (!parsed || typeof parsed !== "object") return null;
+  const messages = (parsed as { messages?: unknown }).messages;
+  if (!Array.isArray(messages)) return null;
+
+  for (
+    let messageIndex = messages.length - 1;
+    messageIndex >= 0;
+    messageIndex--
+  ) {
+    const entry = messages[messageIndex] as any;
+    const message = entry?.message ?? entry;
+    const content = message?.content;
+    if (!Array.isArray(content)) continue;
+
+    for (let partIndex = content.length - 1; partIndex >= 0; partIndex--) {
+      const part = content[partIndex] as Record<string, unknown>;
+      const result = typeof part.result === "string" ? part.result : "";
+      if (!result.trim()) continue;
+
+      const toolName = typeof part.toolName === "string" ? part.toolName : "";
+      const parsedResult = safeJsonParse(result);
+      if (parsedResult && GENERATION_TOOL_NAMES.has(toolName)) {
+        const structured = imageUrlFromStructuredValue(parsedResult);
+        if (structured) return structured;
+      }
+
+      const fromText = imageUrlFromText(result);
+      if (fromText) return fromText;
+    }
+  }
+  return null;
+}
+
+function previewDescription(thread: ChatThread): string {
+  const preview = thread.preview.trim();
+  if (preview) return preview.slice(0, 180);
+  return "Open this Agent-Native thread in Dispatch.";
+}
+
+export async function loadThreadLinkPreview(
+  threadId: string | null | undefined,
+): Promise<ThreadLinkPreview | null> {
+  const id = threadId?.trim();
+  if (!id) return null;
+  const viewerEmail = getRequestContext()?.userEmail?.trim();
+  if (!viewerEmail) return null;
+  const thread = await getThread(id).catch(() => null);
+  if (!thread) return null;
+  if (thread.ownerEmail !== viewerEmail) return null;
+  const title = thread.title.trim() || "Agent-Native thread";
+  return {
+    title,
+    description: previewDescription(thread),
+    imageUrl: extractThreadPreviewImageUrl(thread.threadData),
+  };
+}
+
+export function buildThreadLinkPreviewMeta(preview: ThreadLinkPreview | null) {
+  const title = preview?.title ? `${preview.title} - Dispatch` : "Dispatch";
+  const description =
+    preview?.description ||
+    "Open this Agent-Native thread in the Dispatch workspace.";
+  const image = preview?.imageUrl ?? null;
+  return [
+    { title },
+    { name: "description", content: description },
+    { property: "og:title", content: title },
+    { property: "og:description", content: description },
+    { property: "og:type", content: "website" },
+    ...(image ? [{ property: "og:image", content: image }] : []),
+    {
+      name: "twitter:card",
+      content: image ? "summary_large_image" : "summary",
+    },
+    { name: "twitter:title", content: title },
+    { name: "twitter:description", content: description },
+    ...(image ? [{ name: "twitter:image", content: image }] : []),
+  ];
+}

package/src/server/lib/vault-store.spec.ts

@@ -24,11 +24,13 @@ vi.mock("../../db/index.js", async (importOriginal) => {
 import {
   cleanupSyncedCredentialKeysIfUnused,
   credentialStoreScopeForVaultCtx,
+  isTrustedEnvVarSyncAgentUrl,
   syncSecretsToCredentialStore,
 } from "./vault-store.js";
 
 afterEach(() => {
   vi.clearAllMocks();
+  vi.unstubAllEnvs();
 });
 
 describe("credentialStoreScopeForVaultCtx", () => {
@@ -54,6 +56,29 @@ describe("credentialStoreScopeForVaultCtx", () => {
   });
 });
 
+describe("isTrustedEnvVarSyncAgentUrl", () => {
+  it("allows localhost development app URLs", () => {
+    expect(isTrustedEnvVarSyncAgentUrl("http://localhost:9201")).toBe(true);
+    expect(isTrustedEnvVarSyncAgentUrl("http://127.0.0.1:9201")).toBe(true);
+  });
+
+  it("allows same-origin workspace app URLs from deploy metadata", () => {
+    vi.stubEnv("WORKSPACE_GATEWAY_URL", "https://workspace.example.test");
+
+    expect(
+      isTrustedEnvVarSyncAgentUrl("https://workspace.example.test/slides"),
+    ).toBe(true);
+  });
+
+  it("rejects remote custom agent origins", () => {
+    vi.stubEnv("WORKSPACE_GATEWAY_URL", "https://workspace.example.test");
+
+    expect(isTrustedEnvVarSyncAgentUrl("https://attacker.example.test")).toBe(
+      false,
+    );
+  });
+});
+
 describe("syncSecretsToCredentialStore", () => {
   it("writes vault secrets into app_secrets without returning values", async () => {
     const result = await syncSecretsToCredentialStore(

package/src/server/lib/vault-store.ts

@@ -1,6 +1,7 @@
 import crypto from "node:crypto";
 import { and, desc, eq, isNull, or } from "drizzle-orm";
 import { discoverAgents } from "@agent-native/core/server/agent-discovery";
+import { ssrfSafeFetch } from "@agent-native/core/extensions/url-safety";
 import {
   deleteAppSecret,
   listAppSecretsForScope,
@@ -95,6 +96,44 @@ function safeJson(value: unknown) {
   return JSON.stringify(value ?? null);
 }
 
+function workspaceBaseOrigins(): Set<string> {
+  const out = new Set<string>();
+  for (const value of [
+    process.env.WORKSPACE_GATEWAY_URL,
+    process.env.APP_URL,
+    process.env.URL,
+    process.env.DEPLOY_URL,
+    process.env.BETTER_AUTH_URL,
+  ]) {
+    if (!value) continue;
+    try {
+      out.add(new URL(value).origin);
+    } catch {
+      // Ignore malformed deploy metadata.
+    }
+  }
+  return out;
+}
+
+export function isTrustedEnvVarSyncAgentUrl(agentUrl: string): boolean {
+  let parsed: URL;
+  try {
+    parsed = new URL(agentUrl);
+  } catch {
+    return false;
+  }
+  const hostname = parsed.hostname.toLowerCase();
+  if (
+    hostname === "localhost" ||
+    hostname === "127.0.0.1" ||
+    hostname === "::1" ||
+    hostname.endsWith(".localhost")
+  ) {
+    return true;
+  }
+  return workspaceBaseOrigins().has(parsed.origin);
+}
+
 function scopedFilter<T extends { ownerEmail: any; orgId: any }>(table: T) {
   return ctxScope(table, requireVaultCtx());
 }
@@ -759,25 +798,37 @@ export async function syncGrantsToApp(
   // still read process.env directly. Production/shared-DB apps intentionally
   // reject env writes; the encrypted app_secrets sync above is the canonical
   // path for request-scoped credentials.
-  try {
-    const res = await fetch(`${agent.url}/_agent-native/env-vars`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ vars }),
-    });
-
-    if (res.ok) {
-      const result = await res.json();
-      envVarSync = { status: "synced", keys: result.saved || [] };
-    } else {
-      const err = await res.text().catch(() => "Unknown error");
-      envVarSync = { status: "skipped", reason: err };
-    }
-  } catch (err) {
+  if (!isTrustedEnvVarSyncAgentUrl(agent.url)) {
     envVarSync = {
-      status: "failed",
-      reason: err instanceof Error ? err.message : String(err),
+      status: "skipped",
+      reason: "env-var sync is limited to localhost or workspace-owned apps",
     };
+  } else {
+    try {
+      const res = await ssrfSafeFetch(
+        `${agent.url}/_agent-native/env-vars`,
+        {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ vars }),
+          signal: AbortSignal.timeout(10_000),
+        },
+        { maxRedirects: 3 },
+      );
+
+      if (res.ok) {
+        const result = await res.json();
+        envVarSync = { status: "synced", keys: result.saved || [] };
+      } else {
+        const err = await res.text().catch(() => "Unknown error");
+        envVarSync = { status: "skipped", reason: err };
+      }
+    } catch (err) {
+      envVarSync = {
+        status: "failed",
+        reason: err instanceof Error ? err.message : String(err),
+      };
+    }
   }
 
   const syncedKeys = credentialStoreSync.keys;
@@ -1041,9 +1092,13 @@ export async function listIntegrationsCatalog(): Promise<AppIntegrations[]> {
 
   for (const agent of agents) {
     try {
-      const res = await fetch(`${agent.url}/_agent-native/env-status`, {
-        signal: AbortSignal.timeout(3000),
-      });
+      const res = await ssrfSafeFetch(
+        `${agent.url}/_agent-native/env-status`,
+        {
+          signal: AbortSignal.timeout(3000),
+        },
+        { maxRedirects: 3 },
+      );
       if (!res.ok) {
         results.push({
           appId: agent.id,

package/src/server/lib/workspace-resource-approval-lifecycle.spec.ts

@@ -222,5 +222,5 @@ describe("workspace resource approval lifecycle", () => {
         personalOverride.layers.find((layer) => layer.scope === "personal"),
       ).toMatchObject({ exists: true, effective: true });
     });
-  });
+  }, 30_000);
 });