@growthub/cli 0.14.1 → 0.14.3

package/assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/workspace-outcome-receipts.js

@@ -0,0 +1,157 @@
+/**
+ * Agent Outcome Receipt V1 writer — the unified receipt every mutation lane
+ * emits (contract: `@growthub/api-contract/workspace-outcome`).
+ *
+ * One canonical stream answers, for any agent action:
+ *   intent → what changed → was it preflighted → was it proven →
+ *   was it published → what runId/sourceId/hash/version proves it →
+ *   how does the next agent replay / rollback / continue.
+ *
+ * Storage is the EXISTING source-record sidecar (`growthub.source-records.json`)
+ * under the stable source id `workspace:agent-outcomes` — no new persistence
+ * backend. The stream is a rolling window (last 200 receipts). Existing
+ * helper-apply receipts and sandbox run records are untouched; outcome
+ * receipts LINK to them via `sourceId` / `runId` / `rollbackRef`.
+ *
+ * Safety rules enforced here, not trusted from callers:
+ *   - every string field is secret-redacted (`redactSecrets`) and truncated;
+ *   - receipt append failures are NEVER fatal to the mutation route
+ *     (read-only runtimes simply do not accumulate a stream);
+ *   - receipts carry summaries and references — never raw payloads.
+ */
+
+import { createHash } from "node:crypto";
+import {
+  readWorkspaceSourceRecords,
+  writeWorkspaceSourceRecords,
+  describePersistenceMode
+} from "@/lib/workspace-config";
+import { redactSecrets } from "@/lib/sandbox-agent-auth-redaction";
+import { stableStringify } from "@/lib/workspace-patch-policy";
+
+const AGENT_OUTCOMES_SOURCE_ID = "workspace:agent-outcomes";
+const MAX_RECEIPTS = 200;
+const MAX_SUMMARY_CHARS = 400;
+const MAX_INTENT_CHARS = 280;
+const MAX_LIST_ENTRIES = 24;
+
+function newReceiptId() {
+  return `aor_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 8)}`;
+}
+
+function safeText(value, maxChars) {
+  const text = redactSecrets(String(value ?? "")).trim();
+  return text.length > maxChars ? `${text.slice(0, maxChars)}…` : text;
+}
+
+function safeList(values, maxChars = 160) {
+  return (Array.isArray(values) ? values : [])
+    .slice(0, MAX_LIST_ENTRIES)
+    .map((v) => safeText(v, maxChars))
+    .filter(Boolean);
+}
+
+/**
+ * Build a canonical receipt from partial fields. Unknown/raw payloads are
+ * not accepted — only the contract's named fields survive.
+ */
+function buildOutcomeReceipt(fields) {
+  const f = fields && typeof fields === "object" ? fields : {};
+  const receipt = {
+    receiptId: newReceiptId(),
+    kind: safeText(f.kind || "agent-outcome", 40),
+    lane: safeText(f.lane || "untrusted-direct", 40),
+    outcomeStatus: safeText(f.outcomeStatus || "failed", 24),
+    summary: safeText(f.summary || "", MAX_SUMMARY_CHARS) || "(no summary)",
+    createdAt: new Date().toISOString()
+  };
+  if (f.intent) receipt.intent = safeText(f.intent, MAX_INTENT_CHARS);
+  if (f.actor) receipt.actor = safeText(f.actor, 80);
+  if (Array.isArray(f.objectRefs)) {
+    receipt.objectRefs = f.objectRefs.slice(0, MAX_LIST_ENTRIES).map((ref) => {
+      const out = { objectId: safeText(ref?.objectId, 120) };
+      if (ref?.rowName) out.rowName = safeText(ref.rowName, 120);
+      if (ref?.objectType) out.objectType = safeText(ref.objectType, 60);
+      return out;
+    });
+  }
+  if (Array.isArray(f.changedFields)) receipt.changedFields = safeList(f.changedFields, 60);
+  if (f.policyVerdict && typeof f.policyVerdict === "object") {
+    receipt.policyVerdict = {
+      ok: f.policyVerdict.ok === true,
+      ...(Array.isArray(f.policyVerdict.violationCodes)
+        ? { violationCodes: safeList(f.policyVerdict.violationCodes, 60) }
+        : {})
+    };
+  }
+  if (f.schemaVerdict && typeof f.schemaVerdict === "object") {
+    receipt.schemaVerdict = {
+      ok: f.schemaVerdict.ok === true,
+      ...(Number.isFinite(f.schemaVerdict.errorCount) ? { errorCount: f.schemaVerdict.errorCount } : {})
+    };
+  }
+  for (const key of ["runId", "sourceId", "draftSha256", "publishedSha256", "version", "appId"]) {
+    if (f[key]) receipt[key] = safeText(f[key], 160);
+  }
+  if (Array.isArray(f.nextActions)) receipt.nextActions = safeList(f.nextActions, 240);
+  if (f.rollbackRef && typeof f.rollbackRef === "object") {
+    const rb = {};
+    for (const key of ["objectId", "rowName", "liveField", "previousVersion", "sourceId"]) {
+      if (f.rollbackRef[key]) rb[key] = safeText(f.rollbackRef[key], 120);
+    }
+    if (Number.isFinite(f.rollbackRef.deltaIndex)) rb.deltaIndex = f.rollbackRef.deltaIndex;
+    if (Object.keys(rb).length) receipt.rollbackRef = rb;
+  }
+  return receipt;
+}
+
+/**
+ * Append a receipt to the stream. NEVER throws — mutation routes must not
+ * fail because the receipt sidecar is read-only or momentarily unwritable.
+ * Returns the receipt (with `persisted` flag) so routes can echo its id.
+ */
+async function appendOutcomeReceipt(fields) {
+  const receipt = buildOutcomeReceipt(fields);
+  try {
+    const persistence = describePersistenceMode();
+    if (!persistence.canSave) return { receipt, persisted: false };
+    const existing = await readWorkspaceSourceRecords(AGENT_OUTCOMES_SOURCE_ID);
+    const prior = Array.isArray(existing?.records) ? existing.records : [];
+    // Tamper-evidence (Paperclip pattern, scoped to what this runtime can
+    // honestly provide): server-side monotonic sequence + hash chain. Each
+    // receipt carries sha256(stableStringify(previous receipt)); a mutated
+    // or removed receipt breaks every subsequent link. No signing key /
+    // TEE exists in this runtime — that stronger anchor is named future work.
+    const last = prior.length > 0 ? prior[prior.length - 1] : null;
+    receipt.seq = (Number.isFinite(last?.seq) ? last.seq : prior.length - 1) + 1;
+    receipt.prevReceiptSha256 = last
+      ? createHash("sha256").update(stableStringify(last), "utf8").digest("hex")
+      : null;
+    await writeWorkspaceSourceRecords(
+      AGENT_OUTCOMES_SOURCE_ID,
+      [...prior, receipt].slice(-MAX_RECEIPTS),
+      { integrationId: AGENT_OUTCOMES_SOURCE_ID, fetchedAt: receipt.createdAt }
+    );
+    return { receipt, persisted: true };
+  } catch {
+    return { receipt, persisted: false };
+  }
+}
+
+/** Read the stream, newest first. Returns [] when absent/unreadable. */
+async function readOutcomeReceipts(limit = MAX_RECEIPTS) {
+  try {
+    const existing = await readWorkspaceSourceRecords(AGENT_OUTCOMES_SOURCE_ID);
+    const records = Array.isArray(existing?.records) ? existing.records : [];
+    return records.slice(-Math.max(1, limit)).reverse();
+  } catch {
+    return [];
+  }
+}
+
+export {
+  AGENT_OUTCOMES_SOURCE_ID,
+  appendOutcomeReceipt,
+  buildOutcomeReceipt,
+  readOutcomeReceipts
+};

package/assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/workspace-patch-policy.js

@@ -0,0 +1,400 @@
+/**
+ * Workspace PATCH policy — server-authoritative guard for `PATCH /api/workspace`.
+ *
+ * `validateWorkspaceConfig` (workspace-schema.js) answers "is the merged
+ * config shaped correctly?". This module answers a different question:
+ * "is this *mutation* allowed to happen through direct PATCH at all?" —
+ * independent of whether the resulting config would validate.
+ *
+ * Enforced here, before `writeWorkspaceConfig`:
+ *
+ *   1. Allowlist — only `dashboards`, `widgetTypes`, `canvas`, `dataModel`.
+ *      Bodies that look like a full workspace config get a dedicated reason.
+ *   2. `workspaceSourceRecords` never travels through PATCH (sidecar writes
+ *      flow through POST /api/workspace/refresh-sources).
+ *   3. Live workflow fields on sandbox-environment rows are publish-owned.
+ *      Direct PATCH may save drafts; only POST /api/workspace/workflow/publish
+ *      may move a draft to the live fields, bump `version`, stamp
+ *      `orchestrationPublishedAt`, append `orchestrationDeltas`, or set
+ *      `lifecycleStatus: "live"`.
+ *   4. Size ceilings — oversized patches, oversized rows, oversized
+ *      orchestration node configs, and history blobs smuggled into rows
+ *      are rejected. Run history belongs in `growthub.source-records.json`.
+ *   5. Credential-shaped fields on sandbox rows are rejected here too, so
+ *      `POST /api/workspace/patch/preflight` reports them without running
+ *      full schema validation.
+ *
+ * Echo-safety: the Data Model grid and the Builder round-trip whole objects.
+ * A field that is byte-identical (stable JSON) to the currently persisted
+ * value is never a violation — only *changes* to protected fields are.
+ *
+ * Dependency-free on purpose: unit tests import this file directly
+ * (scripts/unit-workspace-patch-policy.test.mjs in the source repo).
+ */
+
+const WORKSPACE_PATCH_ALLOWED_FIELDS = Object.freeze([
+  "dashboards",
+  "widgetTypes",
+  "canvas",
+  "dataModel"
+]);
+
+/** Live workflow fields — only the publish route may change these. */
+const LIVE_WORKFLOW_ROW_FIELDS = Object.freeze([
+  "orchestrationGraph",
+  "orchestrationConfig",
+  "orchestrationPublishedAt",
+  "orchestrationDeltas"
+]);
+
+/** Draft workflow fields — direct PATCH may save these freely. */
+const DRAFT_WORKFLOW_ROW_FIELDS = Object.freeze([
+  "orchestrationDraftGraph",
+  "orchestrationDraftConfig",
+  "orchestrationDraftStatus",
+  "orchestrationDraftUpdatedAt",
+  "orchestrationDraftBaseVersion",
+  "orchestrationDraftTestPassed",
+  "orchestrationDraftTestedConfig",
+  "orchestrationDraftLastRunId",
+  "orchestrationDraftLastTested",
+  "orchestrationDraftLastResponse"
+]);
+
+/** Same set the schema rejects; duplicated here so preflight can report early. */
+const CREDENTIAL_ROW_FIELDS = Object.freeze([
+  "token",
+  "apiKey",
+  "accessToken",
+  "refreshToken",
+  "bearer",
+  "password",
+  "secret",
+  "sessionKey"
+]);
+
+/** Row fields whose presence as a populated array means history smuggling. */
+const HISTORY_BLOB_ROW_FIELDS = Object.freeze([
+  "records",
+  "versions",
+  "history",
+  "runHistory",
+  "sourceRecords"
+]);
+
+/** Top-level keys that signal "this is a whole workspace config, not a patch". */
+const FULL_CONFIG_SIGNATURE_FIELDS = Object.freeze([
+  "id",
+  "name",
+  "description",
+  "branding",
+  "capabilities",
+  "pipelines",
+  "integrations",
+  "provenance"
+]);
+
+const WORKSPACE_PATCH_LIMITS = Object.freeze({
+  /** Serialized PATCH body ceiling (bytes of JSON text). */
+  maxPatchBytes: 2_000_000,
+  /** Serialized single-row ceiling, unless byte-identical to the persisted row. */
+  maxRowBytes: 131_072,
+  /** Rows per dataModel object. */
+  maxRowsPerObject: 500,
+  /** Serialized single orchestration-node config ceiling. */
+  maxNodeConfigBytes: 65_536
+});
+
+/** Stable stringify (sorted object keys) so echo comparison is order-proof. */
+function stableStringify(value) {
+  if (value === undefined) return "undefined";
+  return JSON.stringify(value, function replacer(key, v) {
+    if (v && typeof v === "object" && !Array.isArray(v)) {
+      const sorted = {};
+      for (const k of Object.keys(v).sort()) sorted[k] = v[k];
+      return sorted;
+    }
+    return v;
+  });
+}
+
+function sameValue(a, b) {
+  return stableStringify(a) === stableStringify(b);
+}
+
+function isPlainObject(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+
+function rowName(row) {
+  // Sandbox row identity is the Data Model grid's capital-N `Name` column.
+  return String(row?.Name ?? "").trim();
+}
+
+function violation(code, path, message) {
+  return { code, path, message };
+}
+
+/**
+ * Try to parse an orchestration graph value (string or object) far enough
+ * to measure node configs. Returns null when not parseable — schema
+ * validation owns deep correctness; the policy only measures size.
+ */
+function parseGraphForMeasurement(value) {
+  if (isPlainObject(value)) return value;
+  if (typeof value !== "string" || !value.trim()) return null;
+  try {
+    const parsed = JSON.parse(value);
+    return isPlainObject(parsed) ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+
+function checkRowSizes(row, currentRow, path, violations) {
+  const serialized = stableStringify(row);
+  if (serialized.length > WORKSPACE_PATCH_LIMITS.maxRowBytes && !sameValue(row, currentRow)) {
+    violations.push(violation(
+      "oversized_row",
+      path,
+      `row serializes to ${serialized.length} bytes (limit ${WORKSPACE_PATCH_LIMITS.maxRowBytes}); ` +
+        "move bulk payloads to source records or split the row"
+    ));
+  }
+  for (const field of HISTORY_BLOB_ROW_FIELDS) {
+    const value = row[field];
+    if (Array.isArray(value) && value.length > 0 && !sameValue(value, currentRow?.[field])) {
+      violations.push(violation(
+        "history_smuggling",
+        `${path}.${field}`,
+        `${field} is a populated array — run/record history belongs in growthub.source-records.json ` +
+          "(written by sandbox-run / refresh-sources), never inside dataModel rows"
+      ));
+    }
+  }
+  for (const graphField of ["orchestrationGraph", "orchestrationConfig", "orchestrationDraftGraph", "orchestrationDraftConfig"]) {
+    if (sameValue(row[graphField], currentRow?.[graphField])) continue;
+    const graph = parseGraphForMeasurement(row[graphField]);
+    if (!graph || !Array.isArray(graph.nodes)) continue;
+    graph.nodes.forEach((node, nodeIndex) => {
+      const config = node?.config;
+      if (!isPlainObject(config)) return;
+      const size = stableStringify(config).length;
+      if (size > WORKSPACE_PATCH_LIMITS.maxNodeConfigBytes) {
+        violations.push(violation(
+          "oversized_node_config",
+          `${path}.${graphField}.nodes[${nodeIndex}].config`,
+          `node config serializes to ${size} bytes (limit ${WORKSPACE_PATCH_LIMITS.maxNodeConfigBytes}); ` +
+            "reference large payloads through source records or env refs instead of inlining them"
+        ));
+      }
+    });
+  }
+}
+
+function checkSandboxRow(row, currentRow, path, violations) {
+  for (const field of CREDENTIAL_ROW_FIELDS) {
+    if (row[field] !== undefined) {
+      violations.push(violation(
+        "credential_field",
+        `${path}.${field}`,
+        `${field} is not allowed on a sandbox row — auth secrets must stay in the local CLI's own store; ` +
+          "rows carry authRef / env-ref names only"
+      ));
+    }
+  }
+
+  const isNewRow = !currentRow;
+  for (const field of LIVE_WORKFLOW_ROW_FIELDS) {
+    const incoming = row[field];
+    if (isNewRow) {
+      const populated = Array.isArray(incoming)
+        ? incoming.length > 0
+        : incoming !== undefined && incoming !== null && String(incoming).trim() !== "";
+      if (populated) {
+        violations.push(violation(
+          "live_workflow_field",
+          `${path}.${field}`,
+          `${field} may not be created through direct PATCH — save it as a draft ` +
+            "(orchestrationDraft*) and promote it through POST /api/workspace/workflow/publish"
+        ));
+      }
+      continue;
+    }
+    if (!sameValue(incoming, currentRow[field])) {
+      violations.push(violation(
+        "live_workflow_field",
+        `${path}.${field}`,
+        `${field} is publish-owned — direct PATCH may only echo the persisted value; ` +
+          "use POST /api/workspace/workflow/publish to change the live workflow"
+      ));
+    }
+  }
+
+  if (!isNewRow && row.version !== undefined && !sameValue(row.version, currentRow.version)) {
+    violations.push(violation(
+      "live_workflow_field",
+      `${path}.version`,
+      "version increments are publish-owned — direct PATCH may only echo the persisted version"
+    ));
+  }
+
+  const incomingStatus = String(row.lifecycleStatus ?? "").trim().toLowerCase();
+  const currentStatus = String(currentRow?.lifecycleStatus ?? "").trim().toLowerCase();
+  if (incomingStatus === "live" && currentStatus !== "live") {
+    violations.push(violation(
+      "live_publish_via_patch",
+      `${path}.lifecycleStatus`,
+      'lifecycleStatus: "live" is publish-owned — POST /api/workspace/workflow/publish is the only ' +
+        "transition into live; direct PATCH may keep a live row live or move it back to draft"
+    ));
+  }
+}
+
+function checkDataModel(dataModel, currentConfig, violations) {
+  if (dataModel === undefined) return;
+  if (!isPlainObject(dataModel) || (dataModel.objects !== undefined && !Array.isArray(dataModel.objects))) {
+    // Shape errors are the validator's domain; the policy stops here so the
+    // two layers never disagree about the same malformed input.
+    return;
+  }
+  const currentObjects = Array.isArray(currentConfig?.dataModel?.objects)
+    ? currentConfig.dataModel.objects
+    : [];
+  const currentById = new Map(currentObjects.map((o) => [String(o?.id ?? ""), o]));
+
+  (dataModel.objects ?? []).forEach((object, objectIndex) => {
+    if (!isPlainObject(object)) return;
+    const path = `dataModel.objects[${objectIndex}]`;
+    const currentObject = currentById.get(String(object.id ?? "")) ?? null;
+    const rows = Array.isArray(object.rows) ? object.rows : [];
+
+    if (rows.length > WORKSPACE_PATCH_LIMITS.maxRowsPerObject) {
+      violations.push(violation(
+        "oversized_object",
+        `${path}.rows`,
+        `${rows.length} rows exceeds the ${WORKSPACE_PATCH_LIMITS.maxRowsPerObject}-row ceiling per object; ` +
+          "page bulk data through source records instead"
+      ));
+    }
+
+    const objectType = String(object.objectType ?? currentObject?.objectType ?? "").trim();
+    const currentRows = Array.isArray(currentObject?.rows) ? currentObject.rows : [];
+    const currentRowsByName = new Map(
+      currentRows.filter((r) => rowName(r)).map((r) => [rowName(r), r])
+    );
+
+    rows.forEach((row, rowIndex) => {
+      if (!isPlainObject(row)) return;
+      const rowPath = `${path}.rows[${rowIndex}]`;
+      const currentRow = rowName(row) ? currentRowsByName.get(rowName(row)) ?? null : null;
+      checkRowSizes(row, currentRow, rowPath, violations);
+      if (objectType === "sandbox-environment") {
+        checkSandboxRow(row, currentRow, rowPath, violations);
+      }
+    });
+  });
+}
+
+/**
+ * Evaluate a PATCH body against the mutation policy.
+ *
+ * @param {object|null} currentConfig — currently persisted workspace config.
+ * @param {unknown} patch — the incoming PATCH body, exactly as received.
+ * @returns {{ ok: boolean, violations: Array<{code: string, path: string, message: string}> }}
+ */
+function evaluateWorkspacePatchPolicy(currentConfig, patch) {
+  const violations = [];
+
+  if (!isPlainObject(patch)) {
+    violations.push(violation("invalid_body", "", "patch must be a plain object"));
+    return { ok: false, violations };
+  }
+
+  const unknown = Object.keys(patch).filter((key) => !WORKSPACE_PATCH_ALLOWED_FIELDS.includes(key));
+  if (unknown.includes("workspaceSourceRecords")) {
+    violations.push(violation(
+      "source_records_through_patch",
+      "workspaceSourceRecords",
+      "workspaceSourceRecords is GET-only hydration — sidecar writes flow through " +
+        "POST /api/workspace/refresh-sources, never through PATCH"
+    ));
+  }
+  const signatureHits = unknown.filter((key) => FULL_CONFIG_SIGNATURE_FIELDS.includes(key));
+  if (signatureHits.length >= 2) {
+    violations.push(violation(
+      "full_config_body",
+      "",
+      `body carries whole-config fields (${signatureHits.join(", ")}) — never PATCH the full ` +
+        "workspace config back; send only the changed allowlisted key(s)"
+    ));
+  }
+  for (const key of unknown) {
+    if (key === "workspaceSourceRecords") continue;
+    violations.push(violation(
+      "unknown_field",
+      key,
+      `${key} is outside the permanent PATCH allowlist (${WORKSPACE_PATCH_ALLOWED_FIELDS.join(", ")})`
+    ));
+  }
+
+  const serialized = stableStringify(patch);
+  if (serialized.length > WORKSPACE_PATCH_LIMITS.maxPatchBytes) {
+    violations.push(violation(
+      "oversized_patch",
+      "",
+      `patch serializes to ${serialized.length} bytes (limit ${WORKSPACE_PATCH_LIMITS.maxPatchBytes})`
+    ));
+  }
+
+  checkDataModel(patch.dataModel, currentConfig, violations);
+
+  return { ok: violations.length === 0, violations };
+}
+
+/**
+ * Repair guidance — one governed alternative per violation code, so a
+ * rejection teaches self-correction instead of provoking retry loops.
+ * Returned by patch/preflight (`repairPlan[]`) and the PATCH 422 envelope.
+ */
+const REPAIR_PLANS = Object.freeze({
+  invalid_body: "Send a single JSON object containing only changed allowlisted keys.",
+  unknown_field: `Remove keys outside the allowlist (${WORKSPACE_PATCH_ALLOWED_FIELDS.join(", ")}); other config fields are read-only through this API.`,
+  full_config_body: "Never PATCH the whole workspace config back — GET first, then send only the changed allowlisted key(s).",
+  source_records_through_patch: "Write source records through POST /api/workspace/refresh-sources (or let sandbox-run persist run records); PATCH never touches the sidecar.",
+  oversized_patch: "Split the change into smaller PATCHes per allowlisted key, and move bulk data into source records.",
+  oversized_object: "Page bulk rows through source records; keep dataModel objects under the row ceiling.",
+  oversized_row: "Move bulk payloads into source records and store only a sourceId/reference on the row.",
+  oversized_node_config: "Reference large payloads from node configs via source records or env refs instead of inlining them.",
+  history_smuggling: "Run/record history lives in growthub.source-records.json (written by sandbox-run / refresh-sources) — store only lastRunId/lastSourceId on the row.",
+  credential_field: "Store the secret in the local CLI's own store and reference it via authRef / envRefs names only.",
+  live_workflow_field: "Move the graph into orchestrationDraftConfig (or orchestrationDraftGraph), prove it with POST /api/workspace/sandbox-run {useDraft:true}, then promote it with POST /api/workspace/workflow/publish.",
+  live_publish_via_patch: "lifecycleStatus \"live\" is set only by POST /api/workspace/workflow/publish after a verified draft test."
+});
+
+/** Ordered, deduplicated repair steps for a violation list. */
+function repairPlanForViolations(violations) {
+  const seen = new Set();
+  const plan = [];
+  for (const v of Array.isArray(violations) ? violations : []) {
+    const step = REPAIR_PLANS[v?.code];
+    if (step && !seen.has(step)) {
+      seen.add(step);
+      plan.push(step);
+    }
+  }
+  return plan;
+}
+
+export {
+  CREDENTIAL_ROW_FIELDS,
+  DRAFT_WORKFLOW_ROW_FIELDS,
+  FULL_CONFIG_SIGNATURE_FIELDS,
+  HISTORY_BLOB_ROW_FIELDS,
+  LIVE_WORKFLOW_ROW_FIELDS,
+  WORKSPACE_PATCH_ALLOWED_FIELDS,
+  WORKSPACE_PATCH_LIMITS,
+  evaluateWorkspacePatchPolicy,
+  repairPlanForViolations,
+  stableStringify
+};

package/assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/workspace-schema.js

@@ -1044,6 +1044,12 @@ function validateSandboxEnvironmentRow(row, path, errors) {
   if (row.allowList !== undefined && typeof row.allowList !== "string" && !Array.isArray(row.allowList)) {
     errors.push(`${path}.allowList must be a comma-separated string or array of hostnames`);
   }
+  if (row.browserAccess !== undefined) {
+    const value = String(row.browserAccess).trim().toLowerCase();
+    if (!["", "true", "false", "0", "1", "on", "off"].includes(value)) {
+      errors.push(`${path}.browserAccess must coerce to a boolean (true/false/on/off)`);
+    }
+  }
   if (row.instructions !== undefined && typeof row.instructions !== "string") {
     errors.push(`${path}.instructions must be a string`);
   }

package/assets/worker-kits/growthub-custom-workspace-starter-v1/apps/workspace/lib/workspace-swarm-proposal.js

@@ -69,6 +69,7 @@ const SWARM_EXECUTION_TARGET_FIELDS = [
   "timeoutMs",
   "networkAllow",
   "allowList",
+  "browserAccess",
 ];
 
 function clean(value) {
@@ -152,6 +153,7 @@ function resolveSwarmExecutionTarget(workspaceConfig, payload = {}) {
     timeoutMs: String(clampPositiveInt(payload?.timeoutMs || helperRow?.timeoutMs, SWARM_DEFAULT_TIMEOUT_MS)),
     networkAllow: clean(payload?.networkAllow || helperRow?.networkAllow),
     allowList: clean(payload?.allowList || helperRow?.allowList),
+    browserAccess: clean(payload?.browserAccess || helperRow?.browserAccess),
     inheritedFromObjectId: helperRow ? WORKSPACE_HELPER_SANDBOX_OBJECT_ID : "",
     inheritedFromName: helperRow ? clean(helperRow.Name || WORKSPACE_HELPER_ROW_NAME) : "",
   };
@@ -406,6 +408,7 @@ function buildSandboxRowFromSwarmProposal(workspaceConfig, proposal) {
     envRefs: "",
     networkAllow: executionTarget.networkAllow,
     allowList: executionTarget.allowList,
+    browserAccess: executionTarget.browserAccess,
     instructions: clean(payload.objective),
     command: "",
     timeoutMs: executionTarget.timeoutMs,