@agent-team-foundation/first-tree-hub 0.9.8 → 0.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/{bootstrap-DWifXj9b.mjs → bootstrap-hh_PkTu6.mjs} +16 -0
  2. package/dist/cli/index.mjs +16 -6
  3. package/dist/{core-DKA6g1lL.mjs → core-BWaSYpXv.mjs} +1060 -60
  4. package/dist/drizzle/0023_clients_org_scoping.sql +40 -0
  5. package/dist/drizzle/meta/_journal.json +7 -0
  6. package/dist/{feishu-CRNUI05I.mjs → feishu-BJaN64iR.mjs} +2 -3
  7. package/dist/index.mjs +4 -4
  8. package/dist/web/assets/{index-Cp24nDIg.js → index-Cyvhyw0R.js} +1 -1
  9. package/dist/web/index.html +15 -1
  10. package/package.json +1 -1
package/dist/drizzle/0023_clients_org_scoping.sql ADDED
@@ -0,0 +1,40 @@
1
+ -- Multi-tenancy hardening:
2
+ -- 1. Drop dead column `agents.cloud_user_id` (unused since introduction in
3
+ -- 0010; never written by any code path).
4
+ -- 2. Bind every client to exactly one organization via `clients.organization_id`.
5
+ --
6
+ -- A client is bound to one org for its lifetime — Rule R-RUN and the
7
+ -- `client:register` handshake reject cross-org reuse of a clientId. See
8
+ -- docs/multi-tenancy-hardening-design.md.
9
+ --
10
+ -- Backfill strategy (guarded for safety across environments):
11
+ -- * Current production: exactly one org → UPDATE fills every row.
12
+ -- * Fresh installs / empty DB: clients table is empty → UPDATE is a no-op,
13
+ -- SET NOT NULL succeeds on the empty table.
14
+ -- * Any environment reaching this migration with multi-org data but
15
+ -- unpopulated clients.organization_id: the guard skips the UPDATE, and
16
+ -- SET NOT NULL fails loudly rather than misassigning rows to an
17
+ -- arbitrary org. Operator must backfill manually, then re-run.
18
+
19
+ ALTER TABLE "agents" DROP COLUMN "cloud_user_id";
20
+
21
+ --> statement-breakpoint
22
+ ALTER TABLE "clients" ADD COLUMN "organization_id" text;
23
+
24
+ --> statement-breakpoint
25
+ ALTER TABLE "clients"
26
+ ADD CONSTRAINT "clients_organization_id_organizations_id_fk"
27
+ FOREIGN KEY ("organization_id") REFERENCES "organizations"("id")
28
+ ON DELETE no action ON UPDATE no action;
29
+
30
+ --> statement-breakpoint
31
+ UPDATE "clients"
32
+ SET "organization_id" = (SELECT "id" FROM "organizations" LIMIT 1)
33
+ WHERE "organization_id" IS NULL
34
+ AND (SELECT count(*) FROM "organizations") = 1;
35
+
36
+ --> statement-breakpoint
37
+ ALTER TABLE "clients" ALTER COLUMN "organization_id" SET NOT NULL;
38
+
39
+ --> statement-breakpoint
40
+ CREATE INDEX IF NOT EXISTS "idx_clients_org" ON "clients" ("organization_id");
package/dist/drizzle/meta/_journal.json CHANGED
@@ -162,6 +162,13 @@
162
162
  "when": 1777161600000,
163
163
  "tag": "0022_session_events",
164
164
  "breakpoints": true
165
+ },
166
+ {
167
+ "idx": 23,
168
+ "version": "7",
169
+ "when": 1777248000000,
170
+ "tag": "0023_clients_org_scoping",
171
+ "breakpoints": true
165
172
  }
166
173
  ]
167
174
  }
package/dist/{feishu-CRNUI05I.mjs → feishu-BJaN64iR.mjs} RENAMED
@@ -209,7 +209,6 @@ z.object({
209
209
  inboxId: z.string(),
210
210
  status: z.string(),
211
211
  source: z.string().nullable().optional(),
212
- cloudUserId: z.string().nullable().optional(),
213
212
  visibility: agentVisibilitySchema,
214
213
  metadata: z.record(z.string(), z.unknown()),
215
214
  managerId: z.string().nullable(),
@@ -290,7 +289,7 @@ const gitRepoSchema = z.object({
290
289
  */
291
290
  const agentRuntimeConfigPayloadShape = z.object({
292
291
  prompt: promptConfigSchema.default({ append: "" }),
293
- model: z.string().default(""),
292
+ model: z.string().default("opus"),
294
293
  mcpServers: z.array(mcpServerSchema).default([]),
295
294
  env: z.array(envEntrySchema).default([]),
296
295
  gitRepos: z.array(gitRepoSchema).default([])
@@ -343,7 +342,7 @@ const agentRuntimeConfigPayloadSchema = agentRuntimeConfigPayloadShape.superRefi
343
342
  /** Default payload used when creating a fresh agent. */
344
343
  const DEFAULT_AGENT_RUNTIME_CONFIG_PAYLOAD = {
345
344
  prompt: { append: "" },
346
- model: "",
345
+ model: "opus",
347
346
  mcpServers: [],
348
347
  env: [],
349
348
  gitRepos: []
package/dist/index.mjs CHANGED
@@ -1,6 +1,6 @@
1
1
  import "./observability-DV_fQKqV-CuLWzBxQ.mjs";
2
- import { A as checkServerHealth, C as runMigrations, D as checkDocker, E as checkDatabase, F as isDockerAvailable, G as FirstTreeHubSDK, I as stopPostgres, K as SdkError, L as ClientRuntime, M as checkWebSocket, N as printResults, O as checkNodeVersion, P as ensurePostgres, R as createOwner, S as uninstallClientService, T as checkClientConfig, V as blank, W as status, _ as runHomeMigration, b as isServiceSupported, d as promptMissingFields, f as formatCheckReport, h as onboardCreate, j as checkServerReachable, k as checkServerConfig, l as isInteractive, m as onboardCheck, s as startServer, u as promptAddAgent, v as getClientServiceStatus, w as checkAgentConfigs, x as resolveCliInvocation, y as installClientService, z as hasUser } from "./core-DKA6g1lL.mjs";
2
+ import { A as checkServerHealth, B as createOwner, C as runMigrations, D as checkDocker, E as checkDatabase, F as isDockerAvailable, I as stopPostgres, J as FirstTreeHubSDK, K as status, L as ClientRuntime, M as checkWebSocket, N as printResults, O as checkNodeVersion, P as ensurePostgres, R as handleClientOrgMismatch, S as uninstallClientService, T as checkClientConfig, U as blank, V as hasUser, Y as SdkError, _ as runHomeMigration, b as isServiceSupported, d as promptMissingFields, f as formatCheckReport, h as onboardCreate, j as checkServerReachable, k as checkServerConfig, l as isInteractive, m as onboardCheck, s as startServer, u as promptAddAgent, v as getClientServiceStatus, w as checkAgentConfigs, x as resolveCliInvocation, y as installClientService, z as rotateClientIdWithBackup } from "./core-BWaSYpXv.mjs";
3
3
  import "./logger-core-BTmvdflj-DhdipBkV.mjs";
4
- import { a as resolveAccessToken, n as ensureFreshAccessToken, o as resolveServerUrl, r as ensureFreshAdminToken } from "./bootstrap-DWifXj9b.mjs";
5
- import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-CRNUI05I.mjs";
6
- export { ClientRuntime, FirstTreeHubSDK, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, runHomeMigration, runMigrations, startServer, status, stopPostgres, uninstallClientService };
4
+ import { a as resolveAccessToken, n as ensureFreshAccessToken, o as resolveServerUrl, r as ensureFreshAdminToken } from "./bootstrap-hh_PkTu6.mjs";
5
+ import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-BJaN64iR.mjs";
6
+ export { ClientRuntime, FirstTreeHubSDK, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, handleClientOrgMismatch, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, rotateClientIdWithBackup, runHomeMigration, runMigrations, startServer, status, stopPostgres, uninstallClientService };