@agent-team-foundation/first-tree-hub 0.9.8 → 0.9.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/{bootstrap-DWifXj9b.mjs → bootstrap-hh_PkTu6.mjs} +16 -0
  2. package/dist/cli/index.mjs +15 -5
  3. package/dist/{core-DKA6g1lL.mjs → core-B2YUTpgg.mjs} +1057 -57
  4. package/dist/drizzle/0023_clients_org_scoping.sql +40 -0
  5. package/dist/drizzle/meta/_journal.json +7 -0
  6. package/dist/{feishu-CRNUI05I.mjs → feishu-B1Kiq7S6.mjs} +0 -1
  7. package/dist/index.mjs +4 -4
  8. package/dist/web/assets/{index-Cp24nDIg.js → index-DkzjED0c.js} +1 -1
  9. package/dist/web/index.html +15 -1
  10. package/package.json +1 -1
package/dist/drizzle/0023_clients_org_scoping.sql ADDED
@@ -0,0 +1,40 @@
1
+ -- Multi-tenancy hardening:
2
+ -- 1. Drop dead column `agents.cloud_user_id` (unused since introduction in
3
+ -- 0010; never written by any code path).
4
+ -- 2. Bind every client to exactly one organization via `clients.organization_id`.
5
+ --
6
+ -- A client is bound to one org for its lifetime — Rule R-RUN and the
7
+ -- `client:register` handshake reject cross-org reuse of a clientId. See
8
+ -- docs/multi-tenancy-hardening-design.md.
9
+ --
10
+ -- Backfill strategy (guarded for safety across environments):
11
+ -- * Current production: exactly one org → UPDATE fills every row.
12
+ -- * Fresh installs / empty DB: clients table is empty → UPDATE is a no-op,
13
+ -- SET NOT NULL succeeds on the empty table.
14
+ -- * Any environment reaching this migration with multi-org data but
15
+ -- unpopulated clients.organization_id: the guard skips the UPDATE, and
16
+ -- SET NOT NULL fails loudly rather than misassigning rows to an
17
+ -- arbitrary org. Operator must backfill manually, then re-run.
18
+
19
+ ALTER TABLE "agents" DROP COLUMN "cloud_user_id";
20
+
21
+ --> statement-breakpoint
22
+ ALTER TABLE "clients" ADD COLUMN "organization_id" text;
23
+
24
+ --> statement-breakpoint
25
+ ALTER TABLE "clients"
26
+ ADD CONSTRAINT "clients_organization_id_organizations_id_fk"
27
+ FOREIGN KEY ("organization_id") REFERENCES "organizations"("id")
28
+ ON DELETE no action ON UPDATE no action;
29
+
30
+ --> statement-breakpoint
31
+ UPDATE "clients"
32
+ SET "organization_id" = (SELECT "id" FROM "organizations" LIMIT 1)
33
+ WHERE "organization_id" IS NULL
34
+ AND (SELECT count(*) FROM "organizations") = 1;
35
+
36
+ --> statement-breakpoint
37
+ ALTER TABLE "clients" ALTER COLUMN "organization_id" SET NOT NULL;
38
+
39
+ --> statement-breakpoint
40
+ CREATE INDEX IF NOT EXISTS "idx_clients_org" ON "clients" ("organization_id");
package/dist/drizzle/meta/_journal.json CHANGED
@@ -162,6 +162,13 @@
162
162
  "when": 1777161600000,
163
163
  "tag": "0022_session_events",
164
164
  "breakpoints": true
165
+ },
166
+ {
167
+ "idx": 23,
168
+ "version": "7",
169
+ "when": 1777248000000,
170
+ "tag": "0023_clients_org_scoping",
171
+ "breakpoints": true
165
172
  }
166
173
  ]
167
174
  }
package/dist/{feishu-CRNUI05I.mjs → feishu-B1Kiq7S6.mjs} RENAMED
@@ -209,7 +209,6 @@ z.object({
209
209
  inboxId: z.string(),
210
210
  status: z.string(),
211
211
  source: z.string().nullable().optional(),
212
- cloudUserId: z.string().nullable().optional(),
213
212
  visibility: agentVisibilitySchema,
214
213
  metadata: z.record(z.string(), z.unknown()),
215
214
  managerId: z.string().nullable(),
package/dist/index.mjs CHANGED
@@ -1,6 +1,6 @@
1
1
  import "./observability-DV_fQKqV-CuLWzBxQ.mjs";
2
- import { A as checkServerHealth, C as runMigrations, D as checkDocker, E as checkDatabase, F as isDockerAvailable, G as FirstTreeHubSDK, I as stopPostgres, K as SdkError, L as ClientRuntime, M as checkWebSocket, N as printResults, O as checkNodeVersion, P as ensurePostgres, R as createOwner, S as uninstallClientService, T as checkClientConfig, V as blank, W as status, _ as runHomeMigration, b as isServiceSupported, d as promptMissingFields, f as formatCheckReport, h as onboardCreate, j as checkServerReachable, k as checkServerConfig, l as isInteractive, m as onboardCheck, s as startServer, u as promptAddAgent, v as getClientServiceStatus, w as checkAgentConfigs, x as resolveCliInvocation, y as installClientService, z as hasUser } from "./core-DKA6g1lL.mjs";
2
+ import { A as checkServerHealth, B as createOwner, C as runMigrations, D as checkDocker, E as checkDatabase, F as isDockerAvailable, I as stopPostgres, J as FirstTreeHubSDK, K as status, L as ClientRuntime, M as checkWebSocket, N as printResults, O as checkNodeVersion, P as ensurePostgres, R as handleClientOrgMismatch, S as uninstallClientService, T as checkClientConfig, U as blank, V as hasUser, Y as SdkError, _ as runHomeMigration, b as isServiceSupported, d as promptMissingFields, f as formatCheckReport, h as onboardCreate, j as checkServerReachable, k as checkServerConfig, l as isInteractive, m as onboardCheck, s as startServer, u as promptAddAgent, v as getClientServiceStatus, w as checkAgentConfigs, x as resolveCliInvocation, y as installClientService, z as rotateClientIdWithBackup } from "./core-B2YUTpgg.mjs";
3
3
  import "./logger-core-BTmvdflj-DhdipBkV.mjs";
4
- import { a as resolveAccessToken, n as ensureFreshAccessToken, o as resolveServerUrl, r as ensureFreshAdminToken } from "./bootstrap-DWifXj9b.mjs";
5
- import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-CRNUI05I.mjs";
6
- export { ClientRuntime, FirstTreeHubSDK, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, runHomeMigration, runMigrations, startServer, status, stopPostgres, uninstallClientService };
4
+ import { a as resolveAccessToken, n as ensureFreshAccessToken, o as resolveServerUrl, r as ensureFreshAdminToken } from "./bootstrap-hh_PkTu6.mjs";
5
+ import { n as bindFeishuUser, t as bindFeishuBot } from "./feishu-B1Kiq7S6.mjs";
6
+ export { ClientRuntime, FirstTreeHubSDK, SdkError, bindFeishuBot, bindFeishuUser, blank, checkAgentConfigs, checkClientConfig, checkDatabase, checkDocker, checkNodeVersion, checkServerConfig, checkServerHealth, checkServerReachable, checkWebSocket, createOwner, ensureFreshAccessToken, ensureFreshAdminToken, ensurePostgres, formatCheckReport, getClientServiceStatus, handleClientOrgMismatch, hasUser, installClientService, isDockerAvailable, isInteractive, isServiceSupported, onboardCheck, onboardCreate, printResults, promptAddAgent, promptMissingFields, resolveAccessToken, resolveCliInvocation, resolveServerUrl, rotateClientIdWithBackup, runHomeMigration, runMigrations, startServer, status, stopPostgres, uninstallClientService };