npm - @agent-team-foundation/first-tree-hub - Versions diffs - 0.10.1 → 0.10.3 - Mend

@agent-team-foundation/first-tree-hub 0.10.1 → 0.10.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/dist/{bootstrap-CtVqQA8a.mjs → bootstrap-CBAVWQUT.mjs} RENAMED Viewed

@@ -548,7 +548,8 @@ const serverConfigSchema = defineConfig({
 	},
 	server: {
 		port: field(z.number().default(8e3), { env: "FIRST_TREE_HUB_PORT" }),
-		host: field(z.string().default("127.0.0.1"), { env: "FIRST_TREE_HUB_HOST" })
+		host: field(z.string().default("127.0.0.1"), { env: "FIRST_TREE_HUB_HOST" }),
+		publicUrl: field(z.string().optional(), { env: "FIRST_TREE_HUB_PUBLIC_URL" })
 	},
 	secrets: {
 		jwtSecret: field(z.string(), {
@@ -576,6 +577,13 @@ const serverConfigSchema = defineConfig({
 		}),
 		allowedOrg: field(z.string().optional(), { env: "FIRST_TREE_HUB_GITHUB_ALLOWED_ORG" })
 	},
+	oauth: optional({ github: optional({
+		clientId: field(z.string(), { env: "FIRST_TREE_HUB_GITHUB_OAUTH_CLIENT_ID" }),
+		clientSecret: field(z.string(), {
+			env: "FIRST_TREE_HUB_GITHUB_OAUTH_CLIENT_SECRET",
+			secret: true
+		})
+	}) }),
 	cors: optional({ origin: field(z.string(), { env: "FIRST_TREE_HUB_CORS_ORIGIN" }) }),
 	rateLimit: optional({
 		max: field(z.number().default(100), { env: "FIRST_TREE_HUB_RATE_LIMIT_MAX" }),

package/dist/cli/index.mjs CHANGED Viewed

@@ -1,26 +1,15 @@
 #!/usr/bin/env node
-import "../observability-DV_fQKqV-oxfXX6Z2.mjs";
-import { $ as configureClientLoggerForService, A as installClientService, B as createOwner, C as checkNodeVersion, D as checkWebSocket, E as checkServerReachable, G as setJsonMode, H as resolveReplyToFromEnv, I as stopPostgres, J as FirstTreeHubSDK, L as ClientRuntime, O as printResults, Q as applyClientLoggerConfig, R as handleClientOrgMismatch, S as checkDocker, T as checkServerHealth, W as print, X as SessionRegistry, Y as SdkError, Z as cleanWorkspaces, _ as runMigrations, a as COMMAND_VERSION, b as checkClientConfig, c as promptMissingFields, d as onboardCheck, f as onboardCreate, g as migrateLocalAgentDirs, h as createApiNameResolver, i as startServer, j as isServiceSupported, k as getClientServiceStatus, l as formatCheckReport, m as runHomeMigration, n as declineUpdate, o as isInteractive, p as saveOnboardState, q as ClientOrgMismatchError, r as promptUpdate, s as promptAddAgent, t as createExecuteUpdate, u as loadOnboardState, v as checkAgentConfigs, w as checkServerConfig, x as checkDatabase, y as checkBackgroundService } from "../core-BgiFGT7Y.mjs";
+import "../observability-DPyf745N-BSc8QNcR.mjs";
+import { A as checkServerHealth, C as checkAgentConfigs, D as checkDocker, E as checkDatabase, F as installClientService, G as createOwner, H as ClientRuntime, I as isServiceSupported, J as fail, M as checkWebSocket, N as printResults, O as checkNodeVersion, P as getClientServiceStatus, Q as setJsonMode, S as runMigrations, T as checkClientConfig, U as handleClientOrgMismatch, V as stopPostgres, Y as success, Z as print, _ as onboardCreate, a as declineUpdate, at as probeCapabilities, b as createApiNameResolver, c as COMMAND_VERSION, d as isInteractive, et as ClientOrgMismatchError, f as promptAddAgent, g as onboardCheck, h as loadOnboardState, i as createExecuteUpdate, it as cleanWorkspaces, j as checkServerReachable, k as checkServerConfig, l as reconcileLocalRuntimeProviders, m as formatCheckReport, nt as SdkError, o as promptUpdate, ot as applyClientLoggerConfig, p as promptMissingFields, q as resolveReplyToFromEnv, r as registerSaaSConnectCommand, rt as SessionRegistry, s as startServer, st as configureClientLoggerForService, tt as FirstTreeHubSDK, u as uploadClientCapabilities, v as saveOnboardState, w as checkBackgroundService, x as migrateLocalAgentDirs, y as runHomeMigration } from "../saas-connect-3p-vBkuY.mjs";
 import "../logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { C as serverConfigSchema, _ as loadAgents, b as resetConfig, c as saveCredentials, d as DEFAULT_HOME_DIR, f as agentConfigSchema, g as initConfig, h as getConfigValue, i as loadCredentials, l as DEFAULT_CONFIG_DIR, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, r as ensureFreshAdminToken, s as saveAgentConfig, u as DEFAULT_DATA_DIR, w as setConfigValue, x as resetConfigMeta, y as readConfigFile } from "../bootstrap-CtVqQA8a.mjs";
-import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-DEmwoNn_.mjs";
+import { C as serverConfigSchema, _ as loadAgents, b as resetConfig, c as saveCredentials, d as DEFAULT_HOME_DIR, f as agentConfigSchema, g as initConfig, h as getConfigValue, i as loadCredentials, l as DEFAULT_CONFIG_DIR, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, r as ensureFreshAdminToken, s as saveAgentConfig, u as DEFAULT_DATA_DIR, w as setConfigValue, x as resetConfigMeta, y as readConfigFile } from "../bootstrap-CBAVWQUT.mjs";
+import "../dist-DUCelK3Z.mjs";
+import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-Boy3n8CT.mjs";
+import "../invitation-C_zAhB8x-8Khychlu.mjs";
 import { join } from "node:path";
 import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync } from "node:fs";
 import { Command } from "commander";
 import { confirm, input, password, select } from "@inquirer/prompts";
-//#region src/cli/output.ts
-/**
-* CLI output re-exports. The underlying implementation lives in
-* `core/output.ts` (the Print layer). Keep these thin wrappers so callers that
-* only depend on `cli/output.ts` keep working during the migration.
-*/
-function success(data) {
-	print.result(data);
-}
-function fail(code, message, exitCode = 1) {
-	return print.fail(code, message, exitCode);
-}
-//#endregion
 //#region src/commands/agent-config.ts
 async function resolveAgentRecord(serverUrl, adminToken, agentName) {
 	const res = await fetch(`${serverUrl}/api/v1/admin/agents?limit=100`, {
@@ -360,7 +349,8 @@ function registerAgentCommands(program) {
 			const createBody = {
 				name,
 				type: options.type,
-				clientId: options.clientId
+				clientId: options.clientId,
+				runtimeProvider: options.runtime
 			};
 			if (options.displayName) createBody.displayName = options.displayName;
 			const createRes = await fetch(`${serverUrl}/api/v1/admin/agents`, {
@@ -927,6 +917,20 @@ function registerConnectCommand(parent) {
 				const msg = err instanceof Error ? err.message : String(err);
 				print.status("⚠️", `agent-dir migration skipped: ${msg}`);
 			}
+			let probedCapabilities = null;
+			try {
+				const accessToken = await ensureFreshAccessToken();
+				probedCapabilities = await probeCapabilities();
+				await reconcileLocalRuntimeProviders({
+					serverUrl: config.server.url,
+					accessToken,
+					agentsDir,
+					log: (level, msg) => print.status(level === "warn" ? "⚠️" : "•", msg)
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				print.status("⚠️", `runtime-provider reconcile skipped: ${msg}`);
+			}
 			const agents = loadAgents({
 				schema: agentConfigSchema,
 				agentsDir
@@ -941,6 +945,18 @@ function registerConnectCommand(parent) {
 			});
 			for (const [name, agentConfig] of agents) runtime.addAgent(name, agentConfig);
 			await runtime.start();
+			if (probedCapabilities) try {
+				const accessToken = await ensureFreshAccessToken();
+				await uploadClientCapabilities({
+					serverUrl: config.server.url,
+					accessToken,
+					clientId: config.client.id,
+					capabilities: probedCapabilities
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				print.status("⚠️", `capabilities upload skipped: ${msg}`);
+			}
 			runtime.watchAgentsDir(agentsDir);
 			const shutdown = async () => {
 				print.line("\n  Shutting down...\n");
@@ -1000,6 +1016,20 @@ function registerClientCommands(program) {
 				const msg = err instanceof Error ? err.message : String(err);
 				print.status("⚠️", `agent-dir migration skipped: ${msg}`);
 			}
+			let probedCapabilities = null;
+			try {
+				const accessToken = await ensureFreshAccessToken();
+				probedCapabilities = await probeCapabilities();
+				await reconcileLocalRuntimeProviders({
+					serverUrl: config.server.url,
+					accessToken,
+					agentsDir,
+					log: (level, msg) => print.status(level === "warn" ? "⚠️" : "•", msg)
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				print.status("⚠️", `runtime-provider reconcile skipped: ${msg}`);
+			}
 			const agents = loadAgents({
 				schema: agentConfigSchema,
 				agentsDir
@@ -1016,6 +1046,18 @@ function registerClientCommands(program) {
 			});
 			for (const [name, agentConfig] of agents) runtime.addAgent(name, agentConfig);
 			await runtime.start();
+			if (probedCapabilities) try {
+				const accessToken = await ensureFreshAccessToken();
+				await uploadClientCapabilities({
+					serverUrl: config.server.url,
+					accessToken,
+					clientId: config.client.id,
+					capabilities: probedCapabilities
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				print.status("⚠️", `capabilities upload skipped: ${msg}`);
+			}
 			runtime.watchAgentsDir(agentsDir);
 			const shutdown = async () => {
 				print.line("\n  Shutting down...\n");
@@ -1223,13 +1265,13 @@ function isSecretField(schema, dotPath) {
 //#region src/commands/onboard.ts
 async function promptMissing(args) {
 	if (!args.server) try {
-		const { resolveServerUrl } = await import("../bootstrap-CtVqQA8a.mjs").then((n) => n.t);
+		const { resolveServerUrl } = await import("../bootstrap-CBAVWQUT.mjs").then((n) => n.t);
 		resolveServerUrl();
 	} catch {
 		args.server = await input({ message: "Hub server URL:" });
 		saveOnboardState(args);
 	}
-	const { loadCredentials } = await import("../bootstrap-CtVqQA8a.mjs").then((n) => n.t);
+	const { loadCredentials } = await import("../bootstrap-CBAVWQUT.mjs").then((n) => n.t);
 	if (!loadCredentials()) throw new Error("No saved credentials. Run `first-tree-hub client connect <server-url>` before onboarding.");
 	if (!args.id) {
 		args.id = await input({ message: "Agent ID:" });
@@ -1506,6 +1548,7 @@ program.name("first-tree-hub").description("First Tree Hub — centralized colla
 	});
 	else applyClientLoggerConfig({ level: "warn" });
 });
+registerSaaSConnectCommand(program);
 registerServerCommands(program);
 registerClientCommands(program);
 registerAgentCommands(program);

package/dist/{feishu-DEmwoNn_.mjs → dist-DUCelK3Z.mjs} RENAMED Viewed

@@ -1,4 +1,3 @@
-import { d as __exportAll } from "./esm-CYu4tXXn.mjs";
 import { z } from "zod";
 //#region ../shared/dist/index.mjs
 const MENTION_REGEX = /(?<![A-Za-z0-9_.@-])@([A-Za-z0-9][A-Za-z0-9_-]{0,63})\b/g;
@@ -38,6 +37,35 @@ function scanMentionTokens(content) {
 	}
 	return tokens;
 }
+/**
+* Single source of truth for "is this string safe to redirect to after a
+* successful OAuth callback".
+*
+* Both the server (`/auth/github/start` validates `?next=` before signing
+* the state JWT) and the web client (the fragment-consumer page validates
+* before navigating) must agree on the regex — drift here is what enables
+* open-redirect bugs. The server is authoritative; the client check is a
+* defense-in-depth.
+*
+* Allowed: a path that begins with exactly one `/` and is not the start of
+* an authority component (`//`, `/\`). Permits typical SPA paths with
+* query strings and fragments. Anything else (absolute URLs, scheme-less
+* authority components, `javascript:`) falls through to the safe default.
+*/
+const SAFE_NEXT_PATH = /^\/(?![/\\])[A-Za-z0-9_\-./?=&%#]*$/;
+/**
+* Return `next` if it is a syntactically safe relative path, otherwise the
+* default landing path. The check is deliberately conservative — the
+* intent is to reject anything that could be parsed as an absolute URL by
+* a browser navigation. Length is capped at 256 chars to defang
+* pathological inputs.
+*/
+function safeRedirectPath(next) {
+	if (!next || typeof next !== "string") return "/";
+	if (next.length > 256) return "/";
+	if (!SAFE_NEXT_PATH.test(next)) return "/";
+	return next;
+}
 const adapterPlatformSchema = z.enum([
 	"feishu",
 	"slack",
@@ -132,14 +160,16 @@ const AGENT_BIND_REJECT_REASONS = {
 	NOT_OWNED: "not_owned",
 	AGENT_SUSPENDED: "agent_suspended",
 	WRONG_ORG: "wrong_org",
-	UNKNOWN_AGENT: "unknown_agent"
+	UNKNOWN_AGENT: "unknown_agent",
+	RUNTIME_PROVIDER_MISMATCH: "runtime_provider_mismatch"
 };
 z.enum([
 	"wrong_client",
 	"not_owned",
 	"agent_suspended",
 	"wrong_org",
-	"unknown_agent"
+	"unknown_agent",
+	"runtime_provider_mismatch"
 ]);
 /** Header used on agent-scoped HTTP calls to select which managed agent the JWT acts as. */
 const AGENT_SELECTOR_HEADER = "x-agent-id";
@@ -167,6 +197,8 @@ z.object({
 	}),
 	clients: z.number().int()
 });
+const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
+const DEFAULT_RUNTIME_PROVIDER = "claude-code";
 const AGENT_TYPES = {
 	HUMAN: "human",
 	PERSONAL_ASSISTANT: "personal_assistant",
@@ -226,7 +258,8 @@ const createAgentSchema = z.object({
 	visibility: agentVisibilitySchema.optional(),
 	metadata: z.record(z.string(), z.unknown()).optional(),
 	managerId: z.string().optional(),
-	clientId: z.string().min(1).max(100).optional()
+	clientId: z.string().min(1).max(100).optional(),
+	runtimeProvider: runtimeProviderSchema.optional()
 });
 const updateAgentSchema = z.object({
 	type: agentTypeSchema.optional(),
@@ -237,6 +270,18 @@ const updateAgentSchema = z.object({
 	managerId: z.string().nullable().optional(),
 	clientId: z.string().min(1).max(100).nullable().optional()
 });
+/**
+* Service-level rebind input. Admin / owner re-binds an agent to a new
+* client and/or a new runtime provider in one atomic operation.
+*
+* `force` bypasses the capability-match check (e.g. when the client is
+* offline and capabilities are stale).
+*/
+const rebindAgentSchema = z.object({
+	clientId: z.string().min(1).max(100),
+	runtimeProvider: runtimeProviderSchema,
+	force: z.boolean().optional()
+});
 z.object({
 	uuid: z.string(),
 	name: z.string().nullable(),
@@ -251,6 +296,7 @@ z.object({
 	metadata: z.record(z.string(), z.unknown()),
 	managerId: z.string().nullable(),
 	clientId: z.string().nullable(),
+	runtimeProvider: runtimeProviderSchema,
 	presenceStatus: presenceStatusSchema.optional(),
 	createdAt: z.string(),
 	updatedAt: z.string()
@@ -270,14 +316,16 @@ const agentPinnedMessageSchema = z.object({
 	agentId: z.string(),
 	name: z.string().nullable(),
 	displayName: z.string(),
-	agentType: agentTypeSchema
+	agentType: agentTypeSchema,
+	runtimeProvider: runtimeProviderSchema
 });
 /**
-* Agent runtime configuration — M1 (Claude Code only).
+* Agent runtime configuration.
 *
 * Defines the 5 user-tunable field groups that the Hub centrally manages
 * and pushes down to the client runtime: prompt append, model, MCP servers,
-* env vars, and Git repos.
+* env vars, and Git repos. Tagged by `kind` (a runtime provider) so future
+* provider-specific fields can land on a dedicated variant.
 *
 * NOTE: do not co-locate with `packages/shared/src/config/` — that namespace
 * is reserved for the local YAML config (`agent.yaml` / server / client) and
@@ -321,9 +369,11 @@ const gitRepoSchema = z.object({
 	localPath: z.string().min(1).optional()
 });
 /**
-* Base shape (no refinements) — used for `.partial()` derivations such as the
-* PATCH payload schema. Zod 4 forbids `.partial()` on a refined object, so we
-* keep refinements on a separate full schema below.
+* Untagged base shape — 5 user-tunable fields, no `kind` discriminator.
+* Used for `.partial()` derivations on the PATCH side, where `kind` is
+* pinned to `agents.runtime_provider` and never changes via config PATCH.
+* Zod 4 forbids `.partial()` on a refined object, so we keep refinements
+* on the tagged schema below.
 */
 const agentRuntimeConfigPayloadShape = z.object({
 	prompt: promptConfigSchema.default({ append: "" }),
@@ -332,6 +382,17 @@ const agentRuntimeConfigPayloadShape = z.object({
 	env: z.array(envEntrySchema).default([]),
 	gitRepos: z.array(gitRepoSchema).default([])
 });
+/**
+* Tagged variants — read-side, full payload including `kind`. Adding a new
+* provider means adding a variant here, plus a handler factory and a
+* capability probe module on the client side.
+*
+* Provider-specific fields (e.g. codex `sandboxMode`) belong on the
+* matching variant, not on the base shape.
+*/
+const claudeRuntimeConfigPayloadShape = agentRuntimeConfigPayloadShape.extend({ kind: z.literal("claude-code") });
+const codexRuntimeConfigPayloadShape = agentRuntimeConfigPayloadShape.extend({ kind: z.literal("codex") });
+const taggedPayloadUnion = z.discriminatedUnion("kind", [claudeRuntimeConfigPayloadShape, codexRuntimeConfigPayloadShape]);
 const payloadDuplicatesRefinement = (payload, ctx) => {
 	const seenMcp = /* @__PURE__ */ new Set();
 	payload.mcpServers.forEach((server, idx) => {
@@ -376,15 +437,54 @@ const payloadDuplicatesRefinement = (payload, ctx) => {
 		seenPaths.add(path);
 	});
 };
-const agentRuntimeConfigPayloadSchema = agentRuntimeConfigPayloadShape.superRefine(payloadDuplicatesRefinement);
-/** Default payload used when creating a fresh agent. */
+/**
+* Read-side full payload schema. Rows persisted before 0026 do not carry
+* `kind`; `z.preprocess` injects `"claude-code"` so they parse cleanly into
+* the claude variant. The service layer separately enforces
+* `payload.kind === agents.runtime_provider` on writes.
+*/
+const agentRuntimeConfigPayloadSchema = z.preprocess((input) => {
+	if (input && typeof input === "object" && !Array.isArray(input) && !("kind" in input)) return {
+		...input,
+		kind: "claude-code"
+	};
+	return input;
+}, taggedPayloadUnion).superRefine((payload, ctx) => {
+	payloadDuplicatesRefinement(payload, ctx);
+});
+/** Default payload used when creating a fresh claude-code agent. */
 const DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD = {
+	kind: "claude-code",
 	prompt: { append: "" },
 	model: "opus",
 	mcpServers: [],
 	env: [],
 	gitRepos: []
 };
+/**
+* Default payload for a fresh codex agent. Same 5 fields as claude-code.
+* `model` is left empty by default so the Codex CLI picks one matching the
+* user's auth mode — `gpt-5-codex` is rejected by ChatGPT-account auth, while
+* an empty string lets the SDK fall through to its built-in default.
+*/
+const DEFAULT_CODEX_RUNTIME_CONFIG_PAYLOAD = {
+	kind: "codex",
+	prompt: { append: "" },
+	model: "",
+	mcpServers: [],
+	env: [],
+	gitRepos: []
+};
+/**
+* Default payload selector by runtime provider.
+*/
+function defaultRuntimeConfigPayload(provider) {
+	switch (provider) {
+		case "codex": return { ...DEFAULT_CODEX_RUNTIME_CONFIG_PAYLOAD };
+		case "claude-code": return { ...DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD };
+		default: return { ...DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD };
+	}
+}
 const agentRuntimeConfigSchema = z.object({
 	agentId: z.string(),
 	version: z.number().int().positive(),
@@ -503,6 +603,37 @@ const clientRegisterSchema = z.object({
 	os: z.string().max(50).optional(),
 	sdkVersion: z.string().max(50).optional()
 });
+const capabilityStateSchema = z.enum([
+	"ok",
+	"missing",
+	"unauthenticated",
+	"error"
+]);
+const capabilityAuthMethodSchema = z.enum([
+	"api_key",
+	"oauth",
+	"auth_json",
+	"none"
+]);
+const capabilityEntrySchema = z.object({
+	state: capabilityStateSchema,
+	available: z.boolean(),
+	authenticated: z.boolean(),
+	sdkVersion: z.string().nullable().optional(),
+	authMethod: capabilityAuthMethodSchema,
+	error: z.string().nullable().optional(),
+	detectedAt: z.string()
+});
+/**
+* Capabilities snapshot keyed by runtime provider name. Recorded as a plain
+* `Record<string, CapabilityEntry>` — every entry is optional (a client may
+* report only the runtimes it actually probed) and the key set evolves
+* naturally as new providers ship without a schema migration. Service-layer
+* lookups (`agents.runtime_provider ∈ keys(capabilities)`) treat the keys
+* as `RuntimeProvider` strings.
+*/
+const clientCapabilitiesSchema = z.record(z.string(), capabilityEntrySchema);
+const updateClientCapabilitiesSchema = z.object({ capabilities: clientCapabilitiesSchema });
 const paginationQuerySchema = z.object({
 	limit: z.coerce.number().int().min(1).max(100).default(20),
 	cursor: z.string().optional()
@@ -667,6 +798,42 @@ z.object({
 	ackedAt: z.string().nullable()
 }).extend({ message: clientMessageSchema });
 const inboxPollQuerySchema = z.object({ limit: z.coerce.number().int().min(1).max(50).default(10) });
+z.object({
+	organizationId: z.string(),
+	organizationName: z.string(),
+	organizationDisplayName: z.string(),
+	role: z.string()
+});
+z.object({
+	id: z.string(),
+	organizationId: z.string(),
+	token: z.string(),
+	inviteUrl: z.string(),
+	role: z.string(),
+	createdAt: z.string(),
+	expiresAt: z.string().nullable()
+});
+/** Body for joining via invite token. */
+const joinByInvitationSchema = z.object({ token: z.string().min(1) });
+z.object({}).optional();
+z.enum([
+	"connect",
+	"create_agent",
+	"completed"
+]);
+z.object({
+	id: z.string(),
+	name: z.string(),
+	displayName: z.string(),
+	role: z.enum(["admin", "member"])
+});
+/** Body for `POST /me/organizations` — operator wants to create another team. */
+const createOrgFromMeSchema = z.object({
+	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/),
+	displayName: z.string().min(1).max(200)
+});
+/** Body for `POST /auth/switch-org`. */
+const switchOrgSchema = z.object({ organizationId: z.string().min(1) });
 const memberRoleSchema = z.enum(["admin", "member"]);
 const memberSchema = z.object({
 	id: z.string(),
@@ -724,6 +891,28 @@ const notificationQuerySchema = z.object({
 	read: z.enum(["true", "false"]).transform((v) => v === "true").optional(),
 	agentId: z.string().optional()
 });
+/**
+* `GET /api/v1/auth/github/start` query — `next` is the post-login landing
+* path. It is validated again before signing the state JWT (see
+* `safe-redirect.ts`); the schema only enforces the syntactic upper bound
+* so over-long paths bounce with a Zod error rather than silently truncate.
+*/
+const githubStartQuerySchema = z.object({ next: z.string().max(256).optional() });
+const githubCallbackQuerySchema = z.object({
+	code: z.string().min(1),
+	state: z.string().min(1)
+});
+/**
+* Dev-only callback to bypass the GitHub round-trip — sign in as a stub
+* Github user. Gated by NODE_ENV !== 'production'; production always 404s.
+*/
+const githubDevCallbackQuerySchema = z.object({
+	githubId: z.string().min(1),
+	login: z.string().min(1),
+	email: z.string().email().optional(),
+	displayName: z.string().optional(),
+	next: z.string().max(256).optional()
+});
 const UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 const createOrganizationSchema = z.object({
 	name: z.string().min(2).max(50).regex(/^[a-z0-9][a-z0-9-]*$/, "Must start with a letter or digit and contain only lowercase alphanumeric and hyphens").refine((v) => !UUID_PATTERN.test(v), "Name must not be a UUID format"),
@@ -1061,53 +1250,4 @@ z.object({
 	serverTimeMs: z.number().int().nonnegative()
 }).passthrough();
 //#endregion
-//#region src/core/feishu.ts
-var feishu_exports = /* @__PURE__ */ __exportAll({
-	bindFeishuBot: () => bindFeishuBot,
-	bindFeishuUser: () => bindFeishuUser
-});
-/**
-* Feishu-related core operations: bind-bot, bind-user.
-*
-* All agent-scoped calls carry both the member access JWT (Authorization)
-* and the acting agent UUID (X-Agent-Id); the server's agent-selector
-* middleware enforces Rule R-RUN.
-*/
-async function bindFeishuBot(serverUrl, accessToken, agentId, appId, appSecret) {
-	const res = await fetch(`${serverUrl}/api/v1/agent/me/feishu-bot`, {
-		method: "PUT",
-		headers: {
-			Authorization: `Bearer ${accessToken}`,
-			[AGENT_SELECTOR_HEADER]: agentId,
-			"Content-Type": "application/json"
-		},
-		body: JSON.stringify({
-			appId,
-			appSecret
-		})
-	});
-	if (!res.ok) {
-		const body = await res.json().catch(() => ({}));
-		throw new Error(body.error ?? `Bind Feishu bot failed: HTTP ${res.status}`);
-	}
-}
-async function bindFeishuUser(serverUrl, accessToken, agentId, humanAgentId, feishuUserId, displayName) {
-	const res = await fetch(`${serverUrl}/api/v1/agent/delegated/${encodeURIComponent(humanAgentId)}/feishu-user`, {
-		method: "POST",
-		headers: {
-			Authorization: `Bearer ${accessToken}`,
-			[AGENT_SELECTOR_HEADER]: agentId,
-			"Content-Type": "application/json"
-		},
-		body: JSON.stringify({
-			feishuUserId,
-			displayName
-		})
-	});
-	if (!res.ok) {
-		const body = await res.json().catch(() => ({}));
-		throw new Error(body.error ?? `Bind Feishu user failed: HTTP ${res.status}`);
-	}
-}
-//#endregion
-export { sessionEventMessageSchema as $, createChatSchema as A, isReservedAgentName as B, agentRuntimeConfigPayloadSchema as C, createAdapterConfigSchema as D, connectTokenExchangeSchema as E, dryRunAgentRuntimeConfigSchema as F, paginationQuerySchema as G, loginSchema as H, extractMentions as I, scanMentionTokens as J, refreshTokenSchema as K, imageInlineContentSchema as L, createOrganizationSchema as M, createTaskSchema as N, createAdapterMappingSchema as O, delegateFeishuUserSchema as P, sessionCompletionMessageSchema as Q, inboxPollQuerySchema as R, agentPinnedMessageSchema as S, clientRegisterSchema as T, messageSourceSchema as U, linkTaskChatSchema as V, notificationQuerySchema as W, sendMessageSchema as X, selfServiceFeishuBotSchema as Y, sendToAgentSchema as Z, WS_AUTH_FRAME_TIMEOUT_MS as _, AGENT_NAME_REGEX as a, updateAgentRuntimeConfigSchema as at, adminUpdateTaskSchema as b, AGENT_STATUSES as c, updateMemberSchema as ct, DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD as d, updateTaskStatusSchema as dt, sessionEventSchema as et, SYSTEM_CONFIG_DEFAULTS as f, wsAuthFrameSchema as ft, TASK_TERMINAL_STATUSES as g, TASK_STATUSES as h, AGENT_BIND_REJECT_REASONS as i, updateAdapterConfigSchema as it, createMemberSchema as j, createAgentSchema as k, AGENT_TYPES as l, updateOrganizationSchema as lt, TASK_HEALTH_SIGNALS as m, bindFeishuUser as n, sessionStateMessageSchema as nt, AGENT_SELECTOR_HEADER as o, updateAgentSchema as ot, TASK_CREATOR_TYPES as p, runtimeStateMessageSchema as q, feishu_exports as r, taskListQuerySchema as rt, AGENT_SOURCES as s, updateChatSchema as st, bindFeishuBot as t, sessionReconcileRequestSchema as tt, AGENT_VISIBILITY as u, updateSystemConfigSchema as ut, addParticipantSchema as v, agentTypeSchema as w, agentBindRequestSchema as x, adminCreateTaskSchema as y, isRedactedEnvValue as z };
+export { safeRedirectPath as $, createOrgFromMeSchema as A, imageInlineContentSchema as B, clientRegisterSchema as C, createAgentSchema as D, createAdapterMappingSchema as E, dryRunAgentRuntimeConfigSchema as F, linkTaskChatSchema as G, isRedactedEnvValue as H, extractMentions as I, notificationQuerySchema as J, loginSchema as K, githubCallbackQuerySchema as L, createTaskSchema as M, defaultRuntimeConfigPayload as N, createChatSchema as O, delegateFeishuUserSchema as P, runtimeStateMessageSchema as Q, githubDevCallbackQuerySchema as R, clientCapabilitiesSchema as S, createAdapterConfigSchema as T, isReservedAgentName as U, inboxPollQuerySchema as V, joinByInvitationSchema as W, rebindAgentSchema as X, paginationQuerySchema as Y, refreshTokenSchema as Z, adminUpdateTaskSchema as _, updateOrganizationSchema as _t, AGENT_STATUSES as a, sessionEventMessageSchema as at, agentRuntimeConfigPayloadSchema as b, wsAuthFrameSchema as bt, DEFAULT_RUNTIME_PROVIDER as c, sessionStateMessageSchema as ct, TASK_HEALTH_SIGNALS as d, updateAdapterConfigSchema as dt, scanMentionTokens as et, TASK_STATUSES as f, updateAgentRuntimeConfigSchema as ft, adminCreateTaskSchema as g, updateMemberSchema as gt, addParticipantSchema as h, updateClientCapabilitiesSchema as ht, AGENT_SOURCES as i, sessionCompletionMessageSchema as it, createOrganizationSchema as j, createMemberSchema as k, SYSTEM_CONFIG_DEFAULTS as l, switchOrgSchema as lt, WS_AUTH_FRAME_TIMEOUT_MS as m, updateChatSchema as mt, AGENT_NAME_REGEX as n, sendMessageSchema as nt, AGENT_TYPES as o, sessionEventSchema as ot, TASK_TERMINAL_STATUSES as p, updateAgentSchema as pt, messageSourceSchema as q, AGENT_SELECTOR_HEADER as r, sendToAgentSchema as rt, AGENT_VISIBILITY as s, sessionReconcileRequestSchema as st, AGENT_BIND_REJECT_REASONS as t, selfServiceFeishuBotSchema as tt, TASK_CREATOR_TYPES as u, taskListQuerySchema as ut, agentBindRequestSchema as v, updateSystemConfigSchema as vt, connectTokenExchangeSchema as w, agentTypeSchema as x, agentPinnedMessageSchema as y, updateTaskStatusSchema as yt, githubStartQuerySchema as z };