@agent-team-foundation/first-tree-hub 0.10.2 → 0.10.4

package/dist/{bootstrap-Ca5Fiqz6.mjs → bootstrap-jx5nN1qZ.mjs}

@@ -582,8 +582,7 @@ const serverConfigSchema = defineConfig({
 		clientSecret: field(z.string(), {
 			env: "FIRST_TREE_HUB_GITHUB_OAUTH_CLIENT_SECRET",
 			secret: true
-		}),
-		devCallbackEnabled: field(z.boolean().default(false), { env: "FIRST_TREE_HUB_GITHUB_OAUTH_DEV_CALLBACK" })
+		})
 	}) }),
 	cors: optional({ origin: field(z.string(), { env: "FIRST_TREE_HUB_CORS_ORIGIN" }) }),
 	rateLimit: optional({
@@ -591,6 +590,7 @@ const serverConfigSchema = defineConfig({
 		loginMax: field(z.number().default(5), { env: "FIRST_TREE_HUB_RATE_LIMIT_LOGIN_MAX" }),
 		webhookMax: field(z.number().default(60), { env: "FIRST_TREE_HUB_RATE_LIMIT_WEBHOOK_MAX" })
 	}),
+	inbox: optional({ maxInFlightPerAgent: field(z.number().int().min(1).max(1024).default(32), { env: "FIRST_TREE_HUB_INBOX_MAX_IN_FLIGHT_PER_AGENT" }) }),
 	kael: optional({
 		endpoint: field(z.string(), { env: "KAEL_ENDPOINT" }),
 		apiKey: field(z.string(), {

package/dist/cli/index.mjs

@@ -1,11 +1,11 @@
 #!/usr/bin/env node
 import "../observability-DPyf745N-BSc8QNcR.mjs";
-import { $ as FirstTreeHubSDK, A as checkWebSocket, B as ClientRuntime, C as checkClientConfig, D as checkServerConfig, E as checkNodeVersion, G as resolveReplyToFromEnv, K as fail, M as getClientServiceStatus, N as installClientService, O as checkServerHealth, P as isServiceSupported, Q as ClientOrgMismatchError, S as checkBackgroundService, T as checkDocker, U as createOwner, V as handleClientOrgMismatch, X as setJsonMode, Y as print, _ as runHomeMigration, a as declineUpdate, b as runMigrations, c as COMMAND_VERSION, d as promptMissingFields, et as SdkError, f as formatCheckReport, g as saveOnboardState, h as onboardCreate, i as createExecuteUpdate, it as configureClientLoggerForService, j as printResults, k as checkServerReachable, l as isInteractive, m as onboardCheck, nt as cleanWorkspaces, o as promptUpdate, p as loadOnboardState, q as success, r as registerSaaSConnectCommand, rt as applyClientLoggerConfig, s as startServer, tt as SessionRegistry, u as promptAddAgent, v as createApiNameResolver, w as checkDatabase, x as checkAgentConfigs, y as migrateLocalAgentDirs, z as stopPostgres } from "../saas-connect-idjpoPTk.mjs";
+import { A as checkServerHealth, C as checkAgentConfigs, D as checkDocker, E as checkDatabase, F as installClientService, G as createOwner, H as ClientRuntime, I as isServiceSupported, J as fail, M as checkWebSocket, N as printResults, O as checkNodeVersion, P as getClientServiceStatus, Q as setJsonMode, S as runMigrations, T as checkClientConfig, U as handleClientOrgMismatch, V as stopPostgres, Y as success, Z as print, _ as onboardCreate, a as declineUpdate, at as probeCapabilities, b as createApiNameResolver, c as COMMAND_VERSION, d as isInteractive, et as ClientOrgMismatchError, f as promptAddAgent, g as onboardCheck, h as loadOnboardState, i as createExecuteUpdate, it as cleanWorkspaces, j as checkServerReachable, k as checkServerConfig, l as reconcileLocalRuntimeProviders, m as formatCheckReport, nt as SdkError, o as promptUpdate, ot as applyClientLoggerConfig, p as promptMissingFields, q as resolveReplyToFromEnv, r as registerSaaSConnectCommand, rt as SessionRegistry, s as startServer, st as configureClientLoggerForService, tt as FirstTreeHubSDK, u as uploadClientCapabilities, v as saveOnboardState, w as checkBackgroundService, x as migrateLocalAgentDirs, y as runHomeMigration } from "../saas-connect-2puW1r3r.mjs";
 import "../logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { C as serverConfigSchema, _ as loadAgents, b as resetConfig, c as saveCredentials, d as DEFAULT_HOME_DIR, f as agentConfigSchema, g as initConfig, h as getConfigValue, i as loadCredentials, l as DEFAULT_CONFIG_DIR, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, r as ensureFreshAdminToken, s as saveAgentConfig, u as DEFAULT_DATA_DIR, w as setConfigValue, x as resetConfigMeta, y as readConfigFile } from "../bootstrap-Ca5Fiqz6.mjs";
-import "../dist-CLiN7cVS.mjs";
-import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-FTWnoOsc.mjs";
-import "../invitation-C_zAhB8x-8Khychlu.mjs";
+import { C as serverConfigSchema, _ as loadAgents, b as resetConfig, c as saveCredentials, d as DEFAULT_HOME_DIR, f as agentConfigSchema, g as initConfig, h as getConfigValue, i as loadCredentials, l as DEFAULT_CONFIG_DIR, n as ensureFreshAccessToken, o as resolveServerUrl, p as clientConfigSchema, r as ensureFreshAdminToken, s as saveAgentConfig, u as DEFAULT_DATA_DIR, w as setConfigValue, x as resetConfigMeta, y as readConfigFile } from "../bootstrap-jx5nN1qZ.mjs";
+import "../dist-CbX9mUVH.mjs";
+import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-DvjRZMdZ.mjs";
+import "../invitation-BljIolbO-DLeHfURd.mjs";
 import { join } from "node:path";
 import { existsSync, mkdirSync, readFileSync, readdirSync, rmSync } from "node:fs";
 import { Command } from "commander";
@@ -349,7 +349,8 @@ function registerAgentCommands(program) {
 			const createBody = {
 				name,
 				type: options.type,
-				clientId: options.clientId
+				clientId: options.clientId,
+				runtimeProvider: options.runtime
 			};
 			if (options.displayName) createBody.displayName = options.displayName;
 			const createRes = await fetch(`${serverUrl}/api/v1/admin/agents`, {
@@ -916,6 +917,20 @@ function registerConnectCommand(parent) {
 				const msg = err instanceof Error ? err.message : String(err);
 				print.status("⚠️", `agent-dir migration skipped: ${msg}`);
 			}
+			let probedCapabilities = null;
+			try {
+				const accessToken = await ensureFreshAccessToken();
+				probedCapabilities = await probeCapabilities();
+				await reconcileLocalRuntimeProviders({
+					serverUrl: config.server.url,
+					accessToken,
+					agentsDir,
+					log: (level, msg) => print.status(level === "warn" ? "⚠️" : "•", msg)
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				print.status("⚠️", `runtime-provider reconcile skipped: ${msg}`);
+			}
 			const agents = loadAgents({
 				schema: agentConfigSchema,
 				agentsDir
@@ -930,6 +945,18 @@ function registerConnectCommand(parent) {
 			});
 			for (const [name, agentConfig] of agents) runtime.addAgent(name, agentConfig);
 			await runtime.start();
+			if (probedCapabilities) try {
+				const accessToken = await ensureFreshAccessToken();
+				await uploadClientCapabilities({
+					serverUrl: config.server.url,
+					accessToken,
+					clientId: config.client.id,
+					capabilities: probedCapabilities
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				print.status("⚠️", `capabilities upload skipped: ${msg}`);
+			}
 			runtime.watchAgentsDir(agentsDir);
 			const shutdown = async () => {
 				print.line("\n  Shutting down...\n");
@@ -989,6 +1016,20 @@ function registerClientCommands(program) {
 				const msg = err instanceof Error ? err.message : String(err);
 				print.status("⚠️", `agent-dir migration skipped: ${msg}`);
 			}
+			let probedCapabilities = null;
+			try {
+				const accessToken = await ensureFreshAccessToken();
+				probedCapabilities = await probeCapabilities();
+				await reconcileLocalRuntimeProviders({
+					serverUrl: config.server.url,
+					accessToken,
+					agentsDir,
+					log: (level, msg) => print.status(level === "warn" ? "⚠️" : "•", msg)
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				print.status("⚠️", `runtime-provider reconcile skipped: ${msg}`);
+			}
 			const agents = loadAgents({
 				schema: agentConfigSchema,
 				agentsDir
@@ -1005,6 +1046,18 @@ function registerClientCommands(program) {
 			});
 			for (const [name, agentConfig] of agents) runtime.addAgent(name, agentConfig);
 			await runtime.start();
+			if (probedCapabilities) try {
+				const accessToken = await ensureFreshAccessToken();
+				await uploadClientCapabilities({
+					serverUrl: config.server.url,
+					accessToken,
+					clientId: config.client.id,
+					capabilities: probedCapabilities
+				});
+			} catch (err) {
+				const msg = err instanceof Error ? err.message : String(err);
+				print.status("⚠️", `capabilities upload skipped: ${msg}`);
+			}
 			runtime.watchAgentsDir(agentsDir);
 			const shutdown = async () => {
 				print.line("\n  Shutting down...\n");
@@ -1212,13 +1265,13 @@ function isSecretField(schema, dotPath) {
 //#region src/commands/onboard.ts
 async function promptMissing(args) {
 	if (!args.server) try {
-		const { resolveServerUrl } = await import("../bootstrap-Ca5Fiqz6.mjs").then((n) => n.t);
+		const { resolveServerUrl } = await import("../bootstrap-jx5nN1qZ.mjs").then((n) => n.t);
 		resolveServerUrl();
 	} catch {
 		args.server = await input({ message: "Hub server URL:" });
 		saveOnboardState(args);
 	}
-	const { loadCredentials } = await import("../bootstrap-Ca5Fiqz6.mjs").then((n) => n.t);
+	const { loadCredentials } = await import("../bootstrap-jx5nN1qZ.mjs").then((n) => n.t);
 	if (!loadCredentials()) throw new Error("No saved credentials. Run `first-tree-hub client connect <server-url>` before onboarding.");
 	if (!args.id) {
 		args.id = await input({ message: "Agent ID:" });

package/dist/{dist-CLiN7cVS.mjs → dist-CbX9mUVH.mjs}

@@ -160,14 +160,16 @@ const AGENT_BIND_REJECT_REASONS = {
 	NOT_OWNED: "not_owned",
 	AGENT_SUSPENDED: "agent_suspended",
 	WRONG_ORG: "wrong_org",
-	UNKNOWN_AGENT: "unknown_agent"
+	UNKNOWN_AGENT: "unknown_agent",
+	RUNTIME_PROVIDER_MISMATCH: "runtime_provider_mismatch"
 };
 z.enum([
 	"wrong_client",
 	"not_owned",
 	"agent_suspended",
 	"wrong_org",
-	"unknown_agent"
+	"unknown_agent",
+	"runtime_provider_mismatch"
 ]);
 /** Header used on agent-scoped HTTP calls to select which managed agent the JWT acts as. */
 const AGENT_SELECTOR_HEADER = "x-agent-id";
@@ -195,6 +197,8 @@ z.object({
 	}),
 	clients: z.number().int()
 });
+const runtimeProviderSchema = z.enum(["claude-code", "codex"]);
+const DEFAULT_RUNTIME_PROVIDER = "claude-code";
 const AGENT_TYPES = {
 	HUMAN: "human",
 	PERSONAL_ASSISTANT: "personal_assistant",
@@ -254,7 +258,8 @@ const createAgentSchema = z.object({
 	visibility: agentVisibilitySchema.optional(),
 	metadata: z.record(z.string(), z.unknown()).optional(),
 	managerId: z.string().optional(),
-	clientId: z.string().min(1).max(100).optional()
+	clientId: z.string().min(1).max(100).optional(),
+	runtimeProvider: runtimeProviderSchema.optional()
 });
 const updateAgentSchema = z.object({
 	type: agentTypeSchema.optional(),
@@ -265,6 +270,18 @@ const updateAgentSchema = z.object({
 	managerId: z.string().nullable().optional(),
 	clientId: z.string().min(1).max(100).nullable().optional()
 });
+/**
+* Service-level rebind input. Admin / owner re-binds an agent to a new
+* client and/or a new runtime provider in one atomic operation.
+*
+* `force` bypasses the capability-match check (e.g. when the client is
+* offline and capabilities are stale).
+*/
+const rebindAgentSchema = z.object({
+	clientId: z.string().min(1).max(100),
+	runtimeProvider: runtimeProviderSchema,
+	force: z.boolean().optional()
+});
 z.object({
 	uuid: z.string(),
 	name: z.string().nullable(),
@@ -279,6 +296,7 @@ z.object({
 	metadata: z.record(z.string(), z.unknown()),
 	managerId: z.string().nullable(),
 	clientId: z.string().nullable(),
+	runtimeProvider: runtimeProviderSchema,
 	presenceStatus: presenceStatusSchema.optional(),
 	createdAt: z.string(),
 	updatedAt: z.string()
@@ -298,14 +316,16 @@ const agentPinnedMessageSchema = z.object({
 	agentId: z.string(),
 	name: z.string().nullable(),
 	displayName: z.string(),
-	agentType: agentTypeSchema
+	agentType: agentTypeSchema,
+	runtimeProvider: runtimeProviderSchema
 });
 /**
-* Agent runtime configuration — M1 (Claude Code only).
+* Agent runtime configuration.
 *
 * Defines the 5 user-tunable field groups that the Hub centrally manages
 * and pushes down to the client runtime: prompt append, model, MCP servers,
-* env vars, and Git repos.
+* env vars, and Git repos. Tagged by `kind` (a runtime provider) so future
+* provider-specific fields can land on a dedicated variant.
 *
 * NOTE: do not co-locate with `packages/shared/src/config/` — that namespace
 * is reserved for the local YAML config (`agent.yaml` / server / client) and
@@ -349,9 +369,11 @@ const gitRepoSchema = z.object({
 	localPath: z.string().min(1).optional()
 });
 /**
-* Base shape (no refinements) — used for `.partial()` derivations such as the
-* PATCH payload schema. Zod 4 forbids `.partial()` on a refined object, so we
-* keep refinements on a separate full schema below.
+* Untagged base shape — 5 user-tunable fields, no `kind` discriminator.
+* Used for `.partial()` derivations on the PATCH side, where `kind` is
+* pinned to `agents.runtime_provider` and never changes via config PATCH.
+* Zod 4 forbids `.partial()` on a refined object, so we keep refinements
+* on the tagged schema below.
 */
 const agentRuntimeConfigPayloadShape = z.object({
 	prompt: promptConfigSchema.default({ append: "" }),
@@ -360,6 +382,17 @@ const agentRuntimeConfigPayloadShape = z.object({
 	env: z.array(envEntrySchema).default([]),
 	gitRepos: z.array(gitRepoSchema).default([])
 });
+/**
+* Tagged variants — read-side, full payload including `kind`. Adding a new
+* provider means adding a variant here, plus a handler factory and a
+* capability probe module on the client side.
+*
+* Provider-specific fields (e.g. codex `sandboxMode`) belong on the
+* matching variant, not on the base shape.
+*/
+const claudeRuntimeConfigPayloadShape = agentRuntimeConfigPayloadShape.extend({ kind: z.literal("claude-code") });
+const codexRuntimeConfigPayloadShape = agentRuntimeConfigPayloadShape.extend({ kind: z.literal("codex") });
+const taggedPayloadUnion = z.discriminatedUnion("kind", [claudeRuntimeConfigPayloadShape, codexRuntimeConfigPayloadShape]);
 const payloadDuplicatesRefinement = (payload, ctx) => {
 	const seenMcp = /* @__PURE__ */ new Set();
 	payload.mcpServers.forEach((server, idx) => {
@@ -404,15 +437,54 @@ const payloadDuplicatesRefinement = (payload, ctx) => {
 		seenPaths.add(path);
 	});
 };
-const agentRuntimeConfigPayloadSchema = agentRuntimeConfigPayloadShape.superRefine(payloadDuplicatesRefinement);
-/** Default payload used when creating a fresh agent. */
+/**
+* Read-side full payload schema. Rows persisted before 0026 do not carry
+* `kind`; `z.preprocess` injects `"claude-code"` so they parse cleanly into
+* the claude variant. The service layer separately enforces
+* `payload.kind === agents.runtime_provider` on writes.
+*/
+const agentRuntimeConfigPayloadSchema = z.preprocess((input) => {
+	if (input && typeof input === "object" && !Array.isArray(input) && !("kind" in input)) return {
+		...input,
+		kind: "claude-code"
+	};
+	return input;
+}, taggedPayloadUnion).superRefine((payload, ctx) => {
+	payloadDuplicatesRefinement(payload, ctx);
+});
+/** Default payload used when creating a fresh claude-code agent. */
 const DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD = {
+	kind: "claude-code",
 	prompt: { append: "" },
 	model: "opus",
 	mcpServers: [],
 	env: [],
 	gitRepos: []
 };
+/**
+* Default payload for a fresh codex agent. Same 5 fields as claude-code.
+* `model` is left empty by default so the Codex CLI picks one matching the
+* user's auth mode — `gpt-5-codex` is rejected by ChatGPT-account auth, while
+* an empty string lets the SDK fall through to its built-in default.
+*/
+const DEFAULT_CODEX_RUNTIME_CONFIG_PAYLOAD = {
+	kind: "codex",
+	prompt: { append: "" },
+	model: "",
+	mcpServers: [],
+	env: [],
+	gitRepos: []
+};
+/**
+* Default payload selector by runtime provider.
+*/
+function defaultRuntimeConfigPayload(provider) {
+	switch (provider) {
+		case "codex": return { ...DEFAULT_CODEX_RUNTIME_CONFIG_PAYLOAD };
+		case "claude-code": return { ...DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD };
+		default: return { ...DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD };
+	}
+}
 const agentRuntimeConfigSchema = z.object({
 	agentId: z.string(),
 	version: z.number().int().positive(),
@@ -525,12 +597,53 @@ z.object({
 	lastSeenAt: z.string(),
 	metadata: z.record(z.string(), z.unknown()).nullable()
 });
+/**
+* Optional opt-in flags the client carries on `client:register` to advertise
+* which negotiable wire-protocol features it implements. Distinct from
+* `clientCapabilitiesSchema` (per-runtime-provider availability — different
+* concept). Older clients omit the field; the server treats every unset flag
+* as `false` and falls back to the legacy path. See proposal
+* hub-inbox-ws-data-plane §3.6.
+*/
+const clientWireCapabilitiesSchema = z.object({ wsInboxDeliver: z.boolean().default(false) }).partial();
 const clientRegisterSchema = z.object({
 	clientId: z.string().min(1).max(100),
 	hostname: z.string().max(100).optional(),
 	os: z.string().max(50).optional(),
-	sdkVersion: z.string().max(50).optional()
+	sdkVersion: z.string().max(50).optional(),
+	wireCapabilities: clientWireCapabilitiesSchema.optional()
+});
+const capabilityStateSchema = z.enum([
+	"ok",
+	"missing",
+	"unauthenticated",
+	"error"
+]);
+const capabilityAuthMethodSchema = z.enum([
+	"api_key",
+	"oauth",
+	"auth_json",
+	"none"
+]);
+const capabilityEntrySchema = z.object({
+	state: capabilityStateSchema,
+	available: z.boolean(),
+	authenticated: z.boolean(),
+	sdkVersion: z.string().nullable().optional(),
+	authMethod: capabilityAuthMethodSchema,
+	error: z.string().nullable().optional(),
+	detectedAt: z.string()
 });
+/**
+* Capabilities snapshot keyed by runtime provider name. Recorded as a plain
+* `Record<string, CapabilityEntry>` — every entry is optional (a client may
+* report only the runtimes it actually probed) and the key set evolves
+* naturally as new providers ship without a schema migration. Service-layer
+* lookups (`agents.runtime_provider ∈ keys(capabilities)`) treat the keys
+* as `RuntimeProvider` strings.
+*/
+const clientCapabilitiesSchema = z.record(z.string(), capabilityEntrySchema);
+const updateClientCapabilitiesSchema = z.object({ capabilities: clientCapabilitiesSchema });
 const paginationQuerySchema = z.object({
 	limit: z.coerce.number().int().min(1).max(100).default(20),
 	cursor: z.string().optional()
@@ -695,11 +808,41 @@ z.object({
 	ackedAt: z.string().nullable()
 }).extend({ message: clientMessageSchema });
 const inboxPollQuerySchema = z.object({ limit: z.coerce.number().int().min(1).max(50).default(10) });
+/**
+* server → client: a single inbox entry pushed over the active WS connection,
+* replacing the legacy `new_message` doorbell + HTTP `/inbox` poll round-trip.
+*
+* `entryId` is the server-side `inbox_entries.id` the client must echo back
+* in `inbox:ack`. `message` is exactly what the legacy poll path returned —
+* `clientMessageSchema` already carries `precedingMessages`, so the client-
+* side dispatch logic is reused verbatim (see proposal
+* hub-inbox-ws-data-plane §3.1).
+*
+* `.passthrough()` so a forward-rolling server may extend the frame without
+* breaking older clients that validate strictly. Older clients drop unknown
+* fields silently.
+*/
+const inboxDeliverFrameSchema = z.object({
+	type: z.literal("inbox:deliver"),
+	entryId: z.number().int().nonnegative(),
+	inboxId: z.string().min(1),
+	chatId: z.string().nullable(),
+	message: clientMessageSchema
+}).passthrough();
+/**
+* client → server: ack for an `inbox:deliver` frame. Replaces the legacy
+* `POST /inbox/:id/ack` HTTP endpoint when the WS data plane is active.
+*/
+const inboxAckFrameSchema = z.object({
+	type: z.literal("inbox:ack"),
+	entryId: z.number().int().nonnegative()
+});
 z.object({
 	organizationId: z.string(),
 	organizationName: z.string(),
 	organizationDisplayName: z.string(),
-	role: z.string()
+	role: z.string(),
+	expiresAt: z.string().nullable()
 });
 z.object({
 	id: z.string(),
@@ -801,7 +944,7 @@ const githubCallbackQuerySchema = z.object({
 });
 /**
 * Dev-only callback to bypass the GitHub round-trip — sign in as a stub
-* Github user. Gated by NODE_ENV !== 'production' AND `oauth.github.devCallbackEnabled`.
+* Github user. Gated by NODE_ENV !== 'production'; production always 404s.
 */
 const githubDevCallbackQuerySchema = z.object({
 	githubId: z.string().min(1),
@@ -1141,10 +1284,18 @@ const wsAuthFrameSchema = z.object({
 });
 /** How long the server waits for the first `auth` frame before closing the WS. */
 const WS_AUTH_FRAME_TIMEOUT_MS = 5e3;
+/**
+* Negotiable wire-protocol features the server advertises in its `welcome`
+* frame. Older clients drop the `capabilities` field silently because the
+* frame is `.passthrough()`. New clients gate optional code paths on it —
+* absent ⇒ feature off, never assumed.
+*/
+const serverCapabilitiesSchema = z.object({ wsInboxDeliver: z.boolean().default(false) }).partial();
 z.object({
 	type: z.literal("server:welcome"),
 	serverCommandVersion: z.string().min(1),
-	serverTimeMs: z.number().int().nonnegative()
+	serverTimeMs: z.number().int().nonnegative(),
+	capabilities: serverCapabilitiesSchema.optional()
 }).passthrough();
 //#endregion
-export { sendMessageSchema as $, createOrganizationSchema as A, isRedactedEnvValue as B, connectTokenExchangeSchema as C, createChatSchema as D, createAgentSchema as E, githubCallbackQuerySchema as F, messageSourceSchema as G, joinByInvitationSchema as H, githubDevCallbackQuerySchema as I, refreshTokenSchema as J, notificationQuerySchema as K, githubStartQuerySchema as L, delegateFeishuUserSchema as M, dryRunAgentRuntimeConfigSchema as N, createMemberSchema as O, extractMentions as P, selfServiceFeishuBotSchema as Q, imageInlineContentSchema as R, clientRegisterSchema as S, createAdapterMappingSchema as T, linkTaskChatSchema as U, isReservedAgentName as V, loginSchema as W, safeRedirectPath as X, runtimeStateMessageSchema as Y, scanMentionTokens as Z, adminUpdateTaskSchema as _, AGENT_STATUSES as a, sessionStateMessageSchema as at, agentRuntimeConfigPayloadSchema as b, DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD as c, updateAdapterConfigSchema as ct, TASK_HEALTH_SIGNALS as d, updateChatSchema as dt, sendToAgentSchema as et, TASK_STATUSES as f, updateMemberSchema as ft, adminCreateTaskSchema as g, wsAuthFrameSchema as gt, addParticipantSchema as h, updateTaskStatusSchema as ht, AGENT_SOURCES as i, sessionReconcileRequestSchema as it, createTaskSchema as j, createOrgFromMeSchema as k, SYSTEM_CONFIG_DEFAULTS as l, updateAgentRuntimeConfigSchema as lt, WS_AUTH_FRAME_TIMEOUT_MS as m, updateSystemConfigSchema as mt, AGENT_NAME_REGEX as n, sessionEventMessageSchema as nt, AGENT_TYPES as o, switchOrgSchema as ot, TASK_TERMINAL_STATUSES as p, updateOrganizationSchema as pt, paginationQuerySchema as q, AGENT_SELECTOR_HEADER as r, sessionEventSchema as rt, AGENT_VISIBILITY as s, taskListQuerySchema as st, AGENT_BIND_REJECT_REASONS as t, sessionCompletionMessageSchema as tt, TASK_CREATOR_TYPES as u, updateAgentSchema as ut, agentBindRequestSchema as v, createAdapterConfigSchema as w, agentTypeSchema as x, agentPinnedMessageSchema as y, inboxPollQuerySchema as z };
+export { refreshTokenSchema as $, createOrgFromMeSchema as A, imageInlineContentSchema as B, clientRegisterSchema as C, createAgentSchema as D, createAdapterMappingSchema as E, dryRunAgentRuntimeConfigSchema as F, isReservedAgentName as G, inboxDeliverFrameSchema as H, extractMentions as I, loginSchema as J, joinByInvitationSchema as K, githubCallbackQuerySchema as L, createTaskSchema as M, defaultRuntimeConfigPayload as N, createChatSchema as O, delegateFeishuUserSchema as P, rebindAgentSchema as Q, githubDevCallbackQuerySchema as R, clientCapabilitiesSchema as S, wsAuthFrameSchema as St, createAdapterConfigSchema as T, inboxPollQuerySchema as U, inboxAckFrameSchema as V, isRedactedEnvValue as W, notificationQuerySchema as X, messageSourceSchema as Y, paginationQuerySchema as Z, adminUpdateTaskSchema as _, updateClientCapabilitiesSchema as _t, AGENT_STATUSES as a, sendToAgentSchema as at, agentRuntimeConfigPayloadSchema as b, updateSystemConfigSchema as bt, DEFAULT_RUNTIME_PROVIDER as c, sessionEventSchema as ct, TASK_HEALTH_SIGNALS as d, switchOrgSchema as dt, runtimeStateMessageSchema as et, TASK_STATUSES as f, taskListQuerySchema as ft, adminCreateTaskSchema as g, updateChatSchema as gt, addParticipantSchema as h, updateAgentSchema as ht, AGENT_SOURCES as i, sendMessageSchema as it, createOrganizationSchema as j, createMemberSchema as k, SYSTEM_CONFIG_DEFAULTS as l, sessionReconcileRequestSchema as lt, WS_AUTH_FRAME_TIMEOUT_MS as m, updateAgentRuntimeConfigSchema as mt, AGENT_NAME_REGEX as n, scanMentionTokens as nt, AGENT_TYPES as o, sessionCompletionMessageSchema as ot, TASK_TERMINAL_STATUSES as p, updateAdapterConfigSchema as pt, linkTaskChatSchema as q, AGENT_SELECTOR_HEADER as r, selfServiceFeishuBotSchema as rt, AGENT_VISIBILITY as s, sessionEventMessageSchema as st, AGENT_BIND_REJECT_REASONS as t, safeRedirectPath as tt, TASK_CREATOR_TYPES as u, sessionStateMessageSchema as ut, agentBindRequestSchema as v, updateMemberSchema as vt, connectTokenExchangeSchema as w, agentTypeSchema as x, updateTaskStatusSchema as xt, agentPinnedMessageSchema as y, updateOrganizationSchema as yt, githubStartQuerySchema as z };

package/dist/drizzle/0027_runtime_provider.sql

@@ -0,0 +1,10 @@
+-- Add runtime_provider to agents.
+--
+-- Tags each agent with the runtime that drives it (e.g. "claude-code", "codex").
+-- DEFAULT 'claude-code' backfills every existing row so the NOT NULL constraint
+-- is safe to land in a single step. Hub deploys are stop-migrate-restart, not
+-- rolling, so we don't need a two-phase add (nullable → backfill → not null).
+--
+-- Capabilities reporting reuses the existing `clients.metadata` jsonb column
+-- under the `capabilities` subkey (Option C); no SQL change for clients.
+ALTER TABLE "agents" ADD COLUMN "runtime_provider" text DEFAULT 'claude-code' NOT NULL;

package/dist/drizzle/0028_auth_identity_user_github_unique.sql

@@ -0,0 +1,12 @@
+-- Partial unique index: each user can hold at most one github identity.
+--
+-- Defense-in-depth. The (provider, identifier) UNIQUE catches duplicates
+-- of the SAME githubId, but does not stop a single user from collecting
+-- multiple DIFFERENT githubIds (e.g. a future "merge accounts" or
+-- "rebind" flow that misfires, or a one-off SQL migration that errs).
+-- This index makes any such double-bind fail atomically with a
+-- unique-violation at the storage layer.
+
+CREATE UNIQUE INDEX IF NOT EXISTS "uq_auth_identities_user_github"
+  ON "auth_identities" ("user_id")
+  WHERE "provider" = 'github';

package/dist/drizzle/meta/_journal.json

@@ -190,6 +190,20 @@
       "when": 1777507200000,
       "tag": "0026_saas_onboarding",
       "breakpoints": true
+    },
+    {
+      "idx": 27,
+      "version": "7",
+      "when": 1777593600000,
+      "tag": "0027_runtime_provider",
+      "breakpoints": true
+    },
+    {
+      "idx": 28,
+      "version": "7",
+      "when": 1777680000000,
+      "tag": "0028_auth_identity_user_github_unique",
+      "breakpoints": true
     }
   ]
 }

package/dist/{feishu-FTWnoOsc.mjs → feishu-DvjRZMdZ.mjs}

@@ -1,5 +1,5 @@
 import { d as __exportAll } from "./esm-CYu4tXXn.mjs";
-import { r as AGENT_SELECTOR_HEADER } from "./dist-CLiN7cVS.mjs";
+import { r as AGENT_SELECTOR_HEADER } from "./dist-CbX9mUVH.mjs";
 //#region src/core/feishu.ts
 var feishu_exports = /* @__PURE__ */ __exportAll({
 	bindFeishuBot: () => bindFeishuBot,

package/dist/index.mjs

@@ -1,8 +1,8 @@
 import "./observability-DPyf745N-BSc8QNcR.mjs";
-import { $ as FirstTreeHubSDK, A as checkWebSocket, B as ClientRuntime, C as checkClientConfig, D as checkServerConfig, E as checkNodeVersion, F as resolveCliInvocation, H as rotateClientIdWithBackup, I as uninstallClientService, J as blank, L as ensurePostgres, M as getClientServiceStatus, N as installClientService, O as checkServerHealth, P as isServiceSupported, R as isDockerAvailable, T as checkDocker, U as createOwner, V as handleClientOrgMismatch, W as hasUser, Z as status, _ as runHomeMigration, b as runMigrations, d as promptMissingFields, et as SdkError, f as formatCheckReport, h as onboardCreate, j as printResults, k as checkServerReachable, l as isInteractive, m as onboardCheck, n as deriveHubUrlFromToken, s as startServer, t as HubUrlDerivationError, u as promptAddAgent, w as checkDatabase, x as checkAgentConfigs, z as stopPostgres } from "./saas-connect-idjpoPTk.mjs";
+import { $ as status, A as checkServerHealth, B as isDockerAvailable, C as checkAgentConfigs, D as checkDocker, E as checkDatabase, F as installClientService, G as createOwner, H as ClientRuntime, I as isServiceSupported, K as hasUser, L as resolveCliInvocation, M as checkWebSocket, N as printResults, O as checkNodeVersion, P as getClientServiceStatus, R as uninstallClientService, S as runMigrations, T as checkClientConfig, U as handleClientOrgMismatch, V as stopPostgres, W as rotateClientIdWithBackup, X as blank, _ as onboardCreate, d as isInteractive, f as promptAddAgent, g as onboardCheck, j as checkServerReachable, k as checkServerConfig, m as formatCheckReport, n as deriveHubUrlFromToken, nt as SdkError, p as promptMissingFields, s as startServer, t as HubUrlDerivationError, tt as FirstTreeHubSDK, y as runHomeMigration, z as ensurePostgres } from "./saas-connect-2puW1r3r.mjs";
 import "./logger-core-BTmvdflj-DjW8FM4T.mjs";
-import { a as resolveAccessToken, n as ensureFreshAccessToken, o as resolveServerUrl, r as ensureFreshAdminToken } from "./bootstrap-Ca5Fiqz6.mjs";
-import "./dist-CLiN7cVS.mjs";
-import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-FTWnoOsc.mjs";
-import "./invitation-C_zAhB8x-8Khychlu.mjs";
+import { a as resolveAccessToken, n as ensureFreshAccessToken, o as resolveServerUrl, r as ensureFreshAdminToken } from "./bootstrap-jx5nN1qZ.mjs";
+import "./dist-CbX9mUVH.mjs";
+import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-DvjRZMdZ.mjs";
+import "./invitation-BljIolbO-DLeHfURd.mjs";
 export { ClientRuntime, FirstTreeHubSDK, HubUrlDerivationError, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, deriveHubUrlFromToken, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, handleClientOrgMismatch, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, rotateClientIdWithBackup, runHomeMigration, runMigrations, startServer, status, stopPostgres, uninstallClientService };

package/dist/{invitation-C_zAhB8x-8Khychlu.mjs → invitation-BljIolbO-DLeHfURd.mjs}

@@ -1,7 +1,7 @@
 import { randomBytes } from "node:crypto";
 import { and, desc, eq, gt, isNull, or } from "drizzle-orm";
 import { index, integer, jsonb, pgTable, text, timestamp } from "drizzle-orm/pg-core";
-//#region ../server/dist/invitation-C_zAhB8x.mjs
+//#region ../server/dist/invitation-BljIolbO.mjs
 /** Organization entity. Agents and chats belong to exactly one organization. */
 const organizations = pgTable("organizations", {
 	id: text("id").primaryKey(),
@@ -230,7 +230,8 @@ async function previewInvitation(db, token) {
 		organizationId: org.id,
 		organizationName: org.name,
 		organizationDisplayName: org.displayName,
-		role: inv.role
+		role: inv.role,
+		expiresAt: inv.expiresAt ? inv.expiresAt.toISOString() : null
 	};
 }
 /**

package/dist/{invitation-BTlGMy0o-dIoR8JRj.mjs → invitation-D3feYxet-366MNOor.mjs}

@@ -1,3 +1,3 @@
-import "./dist-CLiN7cVS.mjs";
-import { _ as rotateInvitation, h as previewInvitation } from "./invitation-C_zAhB8x-8Khychlu.mjs";
+import "./dist-CbX9mUVH.mjs";
+import { _ as rotateInvitation, h as previewInvitation } from "./invitation-BljIolbO-DLeHfURd.mjs";
 export { previewInvitation, rotateInvitation };