npm - @agent-team-foundation/first-tree-hub - Versions diffs - 0.6.1 → 0.6.2 - Mend

@agent-team-foundation/first-tree-hub 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/{bootstrap-Dq_k_6ZD.mjs → bootstrap-DW7aIpmE.mjs} +49 -156
package/dist/cli/index.mjs +318 -120
package/dist/{core-Dt3yNBTm.mjs → core-RXUUKkCO.mjs} +4573 -3803
package/dist/drizzle/0019_agent_configs.sql +30 -0
package/dist/drizzle/0020_unified_user_token.sql +148 -0
package/dist/drizzle/0021_drop_agents_profile.sql +10 -0
package/dist/drizzle/meta/_journal.json +21 -0
package/dist/feishu-BZ8pnMrQ.mjs +832 -0
package/dist/index.mjs +4 -4
package/dist/web/assets/index-BMOr9-X2.js +308 -0
package/dist/web/assets/index-CTl4pHIL.css +1 -0
package/dist/web/index.html +2 -2
package/package.json +1 -1
package/dist/feishu-Y4m2zFc3.mjs +0 -51
package/dist/web/assets/index--kyp_ZHv.css +0 -1
package/dist/web/assets/index-D7-5shxZ.js +0 -310

package/dist/drizzle/0019_agent_configs.sql ADDED Viewed

@@ -0,0 +1,30 @@
+-- M1 agent configuration: Hub-managed runtime config table.
+-- Creates `agent_configs` and back-fills one row per non-deleted agent so
+-- Step 6 can flip Claude Code handler over to read prompt from config without
+-- silently dropping the existing `agents.profile` text.
+CREATE TABLE IF NOT EXISTS "agent_configs" (
+	"agent_id" text PRIMARY KEY NOT NULL,
+	"version" integer NOT NULL DEFAULT 1,
+	"payload" jsonb NOT NULL,
+	"updated_by" text NOT NULL,
+	"updated_at" timestamp with time zone NOT NULL DEFAULT now()
+);
+--> statement-breakpoint
+INSERT INTO "agent_configs" ("agent_id", "version", "payload", "updated_by", "updated_at")
+SELECT
+  "uuid",
+  1,
+  jsonb_build_object(
+    'prompt', jsonb_build_object('append', COALESCE("profile", '')),
+    'model', '',
+    'mcpServers', '[]'::jsonb,
+    'env', '[]'::jsonb,
+    'gitRepos', '[]'::jsonb
+  ),
+  'system',
+  now()
+FROM "agents"
+WHERE "status" != 'deleted'
+ON CONFLICT ("agent_id") DO NOTHING;

package/dist/drizzle/0020_unified_user_token.sql ADDED Viewed

@@ -0,0 +1,148 @@
+-- Unified user token milestone — retire agent tokens, authenticate every
+-- caller as a user.
+--
+-- This migration collapses the two-track auth (member JWT + `aghub_*` agent
+-- token) into a single member-JWT credential. Three structural changes:
+--   1. Drop `agent_tokens` (table + FK cascade).
+--   2. Add `clients.user_id` (nullable) — owning user of the physical client.
+--   3. Add `agents.client_id` (nullable FK) — pin an agent to the client that
+--      runs it. `client_id` is backfilled from `agent_presence` and is
+--      required for every non-human agent (enforced in the service layer per
+--      CLAUDE.md "integrity in service layer"; no DB CHECK/trigger).
+--   4. Make `agents.manager_id` NOT NULL after backfilling the first admin
+--      member of each org onto the unmanaged rows.
+--
+-- There is no compatibility layer: operators stop SDK/CLI processes, run
+-- `db:migrate`, then re-login via `first-tree-hub connect`. See the proposal
+-- "unified-user-token.20260417" for the full upgrade runbook.
+BEGIN;
+-- ---------------------------------------------------------------------------
+-- 1. Drop agent_tokens (FK cascade handles row removal).
+-- ---------------------------------------------------------------------------
+DROP TABLE IF EXISTS "agent_tokens";
+-- ---------------------------------------------------------------------------
+-- 2. clients.user_id — nullable FK to users(id).
+--    Nullable so legacy rows (created before handshake auth) keep existing;
+--    the WS handshake claims them on first re-register under a JWT.
+-- ---------------------------------------------------------------------------
+ALTER TABLE "clients"
+  ADD COLUMN IF NOT EXISTS "user_id" text REFERENCES "users"("id") ON DELETE SET NULL;
+CREATE INDEX IF NOT EXISTS "idx_clients_user" ON "clients" ("user_id");
+-- ---------------------------------------------------------------------------
+-- 3. agents.client_id — pin an agent to the physical client that runs it.
+--    Backfill in two steps:
+--      a. Copy the most recent bind from agent_presence, if any.
+--      b. For non-human agents with no bind history, attempt to pick the
+--         first client in the agent's org. If none exists we intentionally
+--         leave the row NULL; the service layer refuses runtime bind while
+--         `client_id IS NULL` so operators notice and fix it.
+-- ---------------------------------------------------------------------------
+ALTER TABLE "agents"
+  ADD COLUMN IF NOT EXISTS "client_id" text REFERENCES "clients"("id") ON DELETE RESTRICT;
+-- 3a. Copy last-bound client from agent_presence.
+UPDATE "agents" a
+SET "client_id" = ap."client_id"
+FROM "agent_presence" ap
+WHERE ap."agent_id" = a."uuid"
+  AND ap."client_id" IS NOT NULL
+  AND a."client_id" IS NULL;
+-- 3b. Fail loudly if any non-deleted non-human agent is missing a client_id
+--     after 3a. These rows would pass migration but surface at runtime as
+--     `WRONG_CLIENT` / `assertClientOwner` 404 — which looks like "installed
+--     but broken" to the operator. Mirrors 4c's orphan-count pattern. Admins
+--     must either soft-delete the orphans or re-register their client via
+--     `first-tree-hub connect` and manually UPDATE before retrying.
+DO $$
+DECLARE
+  unpinned_count integer;
+BEGIN
+  SELECT COUNT(*) INTO unpinned_count
+  FROM "agents"
+  WHERE "client_id" IS NULL
+    AND "type" <> 'human'
+    AND "status" <> 'deleted';
+  IF unpinned_count > 0 THEN
+    RAISE EXCEPTION
+      'unified-user-token migration: % non-human agents have no client_id after backfill; '
+      're-register their client via `first-tree-hub connect` (which will update agent_presence) '
+      'or soft-delete the orphan agents, then retry',
+      unpinned_count;
+  END IF;
+END $$;
+CREATE INDEX IF NOT EXISTS "idx_agents_client" ON "agents" ("client_id");
+-- ---------------------------------------------------------------------------
+-- 4. agents.manager_id — backfill then enforce NOT NULL.
+--    Human agents own their members row, so self-assign via members.
+--    Non-human agents get the first admin member in their org.
+-- ---------------------------------------------------------------------------
+-- 4a. Human agents: self-assign to their own member row.
+UPDATE "agents" a
+SET "manager_id" = m."id"
+FROM "members" m
+WHERE m."agent_id" = a."uuid"
+  AND a."manager_id" IS NULL
+  AND a."type" = 'human';
+-- 4b. Non-human agents: first admin in org, ordered by created_at asc.
+UPDATE "agents" a
+SET "manager_id" = m."id"
+FROM (
+  SELECT DISTINCT ON (m."organization_id")
+    m."id" AS id,
+    m."organization_id" AS organization_id
+  FROM "members" m
+  WHERE m."role" = 'admin'
+  ORDER BY m."organization_id", m."created_at" ASC
+) m
+WHERE a."organization_id" = m."organization_id"
+  AND a."manager_id" IS NULL;
+-- 4c. Fail loudly if any agent still lacks a manager. Admin must intervene
+--     before the migration can complete.
+DO $$
+DECLARE
+  orphan_count integer;
+BEGIN
+  SELECT COUNT(*) INTO orphan_count
+  FROM "agents"
+  WHERE "manager_id" IS NULL
+    AND "status" <> 'deleted';
+  IF orphan_count > 0 THEN
+    RAISE EXCEPTION
+      'unified-user-token migration: % non-deleted agents have no manager_id after backfill; '
+      'create at least one admin member per org, or set agents.manager_id manually, then retry',
+      orphan_count;
+  END IF;
+END $$;
+ALTER TABLE "agents"
+  ALTER COLUMN "manager_id" SET NOT NULL;
+-- 4d. Recreate the manager_id FK as DEFERRABLE INITIALLY DEFERRED so the
+--     bootstrap path for a new human agent + member row can run inside a
+--     single transaction. The two rows reference each other (agents.manager_id
+--     → members.id, members.agent_id → agents.uuid); without deferred FKs the
+--     first INSERT always fails the sibling constraint. Manager reassignment
+--     (member.ts::deleteMember) also benefits: we can move every agent in one
+--     pass without fighting constraint order.
+ALTER TABLE "agents"
+  DROP CONSTRAINT IF EXISTS "agents_manager_id_fkey";
+ALTER TABLE "agents"
+  ADD CONSTRAINT "agents_manager_id_fkey"
+  FOREIGN KEY ("manager_id") REFERENCES "members"("id")
+  ON DELETE SET NULL
+  DEFERRABLE INITIALLY DEFERRED;
+COMMIT;

package/dist/drizzle/0021_drop_agents_profile.sql ADDED Viewed

@@ -0,0 +1,10 @@
+-- PRD D7: remove `agents.profile` column and all dependent code paths.
+-- The column was backfilled into `agent_configs.payload.prompt.append` by
+-- migration 0018. After this migration, agent behavior instructions live
+-- exclusively in `agent_configs`; the `profile` column is dead weight.
+--
+-- Callers that used to read/write `profile` have been updated in the same
+-- release; operators must deploy this migration together with the matching
+-- code change — no compatibility layer.
+ALTER TABLE "agents" DROP COLUMN IF EXISTS "profile";

package/dist/drizzle/meta/_journal.json CHANGED Viewed

@@ -134,6 +134,27 @@
       "when": 1776816000000,
       "tag": "0018_agent_visibility",
       "breakpoints": true
+    },
+    {
+      "idx": 19,
+      "version": "7",
+      "when": 1776902400000,
+      "tag": "0019_agent_configs",
+      "breakpoints": true
+    },
+    {
+      "idx": 20,
+      "version": "7",
+      "when": 1776988800000,
+      "tag": "0020_unified_user_token",
+      "breakpoints": true
+    },
+    {
+      "idx": 21,
+      "version": "7",
+      "when": 1777075200000,
+      "tag": "0021_drop_agents_profile",
+      "breakpoints": true
     }
   ]
 }