@hachej/boring-core 0.1.20 → 0.1.22

package/dist/{CoreFront-CDeLdfb0.d.ts → CoreFront-CgAkiEts.d.ts}

@@ -7,6 +7,7 @@ interface CoreFrontAuthPagesOverride {
     forgotPassword?: React.FC;
     resetPassword?: React.FC;
     verifyEmail?: React.FC;
+    authError?: React.FC;
     userSettings?: React.FC;
 }
 interface CoreFrontProps {

package/dist/app/front/index.d.ts

@@ -1,6 +1,6 @@
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import { ReactNode } from 'react';
-import { C as CoreFrontAuthPagesOverride } from '../../CoreFront-CDeLdfb0.js';
+import { C as CoreFrontAuthPagesOverride } from '../../CoreFront-CgAkiEts.js';
 import { WorkspaceAgentSession, WorkspaceAgentFrontProps } from '@hachej/boring-workspace/app/front';
 
 interface CoreWorkspaceAgentFrontProps<TSession extends WorkspaceAgentSession = WorkspaceAgentSession> extends Omit<WorkspaceAgentFrontProps<TSession>, 'workspaceId' | 'frontPluginHotReload' | 'hotReloadEnabled'> {

package/dist/app/front/index.js

@@ -3,7 +3,7 @@ import {
   UserMenu,
   WorkspaceSwitcher,
   useCurrentWorkspace
-} from "../../chunk-A5TMALZR.js";
+} from "../../chunk-JMCBLJ6W.js";
 import "../../chunk-HYNKZSTF.js";
 import "../../chunk-H5KU6R6Y.js";
 import "../../chunk-MLKGABMK.js";

package/dist/app/server/index.d.ts

@@ -2,9 +2,10 @@ import { RuntimeProvisioningContribution, RegisterAgentRoutesOptions } from '@ha
 import { DirPluginEntry, CreateWorkspaceAgentServerOptions } from '@hachej/boring-workspace/app/server';
 import { WorkspaceServerPlugin } from '@hachej/boring-workspace/server';
 import { FastifyInstance } from 'fastify';
-import { C as CoreConfig } from '../../index-COZa03RP.js';
-import { B as BetterAuthInstance, L as LoadConfigOptions } from '../../authHook-C5ShLjAS.js';
-import { D as Database, U as UserStore, W as WorkspaceStore } from '../../connection-jW1Xwcne.js';
+import { C as CoreConfig } from '../../types-CbMOXLBf.js';
+import { TelemetrySink } from '../../shared/index.js';
+import { B as BetterAuthInstance, L as LoadConfigOptions } from '../../authHook-DUqyxueY.js';
+import { D as Database, U as UserStore, W as WorkspaceStore } from '../../connection-AL8KSENV.js';
 import { IncomingMessage, ServerResponse } from 'node:http';
 import 'better-auth';
 import 'drizzle-orm/postgres-js';
@@ -38,6 +39,8 @@ interface CreateCoreWorkspaceAgentServerOptions extends Omit<RegisterAgentRoutes
     extraTools?: RegisterAgentRoutesOptions['extraTools'];
     systemPromptAppend?: string;
     serveFrontend?: boolean;
+    /** Optional best-effort telemetry sink. Defaults to core's DB-backed env helper. */
+    telemetry?: TelemetrySink;
 }
 declare function createCoreWorkspaceAgentServer(options?: CreateCoreWorkspaceAgentServerOptions): Promise<CoreWorkspaceAgentServer>;
 

package/dist/app/server/index.js

@@ -9,13 +9,20 @@ import {
   registerRoutes,
   registerSettingsRoutes,
   registerWorkspaceRoutes
-} from "../../chunk-V5CXMFHP.js";
+} from "../../chunk-6D7LEQSL.js";
 import {
   PostgresUserStore,
   PostgresWorkspaceStore,
-  createDatabase
-} from "../../chunk-HSRBZLKT.js";
-import "../../chunk-H5KU6R6Y.js";
+  createDatabase,
+  telemetryEvents
+} from "../../chunk-C3YMOITB.js";
+import {
+  noopTelemetry,
+  safeCapture
+} from "../../chunk-AQBXNPMD.js";
+import {
+  ERROR_CODES
+} from "../../chunk-H5KU6R6Y.js";
 import "../../chunk-MLKGABMK.js";
 
 // src/app/server/createCoreWorkspaceAgentServer.ts
@@ -24,13 +31,14 @@ import { createReadStream } from "fs";
 import path from "path";
 import {
   compactPiPackages,
+  provisionWorkspaceRuntime,
   registerAgentRoutes
 } from "@hachej/boring-agent/server";
 import {
   collectWorkspaceAgentServerPlugins,
   hasDirServerPlugin,
-  provisionWorkspaceAgentServer,
   readWorkspacePluginPackagePiSnapshot,
+  readWorkspacePluginPackageRuntimePlugins,
   resolveDefaultWorkspacePluginPackagePaths,
   resolveOnePluginEntry
 } from "@hachej/boring-workspace/app/server";
@@ -39,6 +47,134 @@ import {
   createWorkspaceUiTools,
   uiRoutes
 } from "@hachej/boring-workspace/server";
+
+// src/server/telemetry/db.ts
+var EVENT_NAME_PATTERN = /^[a-z][a-z0-9_-]*(?:\.[a-z][a-z0-9_-]*){0,8}$/;
+var SAFE_ID_PATTERN = /^[A-Za-z0-9][A-Za-z0-9_.:-]{0,127}$/;
+var SAFE_SLUG_PATTERN = /^[A-Za-z0-9][A-Za-z0-9_.:-]{0,63}$/;
+var SAFE_STATUS_PATTERN = /^[a-z][a-z0-9_-]{0,31}$/;
+var SAFE_ERROR_CODE_PATTERN = /^[A-Za-z][A-Za-z0-9_:-]{0,63}$/;
+var SAFE_PACKAGE_NAME_PATTERN = /^(?:@[A-Za-z0-9_.-]+\/)?[A-Za-z0-9_.-]{1,96}$/;
+var SAFE_PACKAGE_VERSION_PATTERN = /^v?\d+\.\d+\.\d+(?:[-+][A-Za-z0-9.-]+)?$/;
+var SAFE_BOOLEAN_STRING_PATTERN = /^(?:true|false)$/;
+var SUSPICIOUS_STRING_PATTERN = /(?:secret|token|bearer|password|api[_-]?key|private|\.env|sk[_-](?:live|test)|ghp_|github_pat_|glpat-|xox[baprs]-|AKIA|ASIA|ya29\.|eyJ|phc_|npm_)/i;
+var ALLOWED_PROPERTY_KEYS = /* @__PURE__ */ new Set([
+  "workspaceId",
+  "sessionId",
+  "requestId",
+  "runtimeMode",
+  "modelProvider",
+  "toolName",
+  "panelId",
+  "commandId",
+  "status",
+  "durationMs",
+  "errorCode",
+  "phase",
+  "runtime",
+  "pluginId",
+  "packageId",
+  "changed",
+  "nodePackageCount",
+  "pythonPackageCount",
+  "skillCount",
+  "templateDirCount",
+  "packageName",
+  "packageVersion"
+]);
+function createDatabaseTelemetryFromEnv(db, options, env = process.env) {
+  if (env.BORING_TELEMETRY_ENABLED !== "true") return noopTelemetry;
+  return createDatabaseTelemetry(db, { appId: options.appId, enabled: true });
+}
+function createDatabaseTelemetry(db, options) {
+  if (options.enabled === false) return noopTelemetry;
+  return {
+    capture(event) {
+      const eventName = sanitizeTelemetryEventName(event.name);
+      if (!eventName) return;
+      const row = {
+        appId: options.appId,
+        eventName,
+        distinctId: sanitizeTelemetryDistinctId(event.distinctId),
+        properties: sanitizeTelemetryProperties(event.properties)
+      };
+      try {
+        void Promise.resolve(db.insert(telemetryEvents).values(row)).catch(() => {
+        });
+      } catch {
+      }
+    }
+  };
+}
+function sanitizeTelemetryEventName(value) {
+  if (value.length > 128) return void 0;
+  if (SUSPICIOUS_STRING_PATTERN.test(value)) return void 0;
+  return EVENT_NAME_PATTERN.test(value) ? value : void 0;
+}
+function sanitizeTelemetryDistinctId(value) {
+  if (!value) return "anonymous";
+  return sanitizeTelemetryString("distinctId", value) ?? "anonymous";
+}
+function sanitizeTelemetryProperties(properties) {
+  const sanitized = {};
+  if (!properties) return sanitized;
+  for (const [key, value] of Object.entries(properties)) {
+    if (!ALLOWED_PROPERTY_KEYS.has(key)) continue;
+    const sanitizedValue = sanitizeTelemetryProperty(key, value);
+    if (sanitizedValue === void 0) continue;
+    sanitized[key] = sanitizedValue;
+  }
+  return sanitized;
+}
+function sanitizeTelemetryProperty(key, value) {
+  if (key === "durationMs") {
+    return typeof value === "number" && Number.isFinite(value) && value >= 0 ? value : void 0;
+  }
+  if (key.endsWith("Count")) {
+    return typeof value === "number" && Number.isInteger(value) && value >= 0 ? value : void 0;
+  }
+  if (key === "status" && typeof value === "number") {
+    return Number.isInteger(value) && value >= 100 && value <= 599 ? value : void 0;
+  }
+  if (typeof value !== "string") return void 0;
+  return sanitizeTelemetryString(key, value);
+}
+function sanitizeTelemetryString(key, value) {
+  if (value.length === 0) return void 0;
+  if (SUSPICIOUS_STRING_PATTERN.test(value)) return void 0;
+  switch (key) {
+    case "workspaceId":
+    case "sessionId":
+    case "requestId":
+    case "distinctId":
+      return SAFE_ID_PATTERN.test(value) ? value : void 0;
+    case "runtimeMode":
+    case "modelProvider":
+    case "toolName":
+    case "panelId":
+    case "commandId":
+    case "phase":
+    case "runtime":
+      return SAFE_SLUG_PATTERN.test(value) ? value : void 0;
+    case "pluginId":
+    case "packageId":
+      return SAFE_ID_PATTERN.test(value) ? value : void 0;
+    case "changed":
+      return SAFE_BOOLEAN_STRING_PATTERN.test(value) ? value : void 0;
+    case "status":
+      return SAFE_STATUS_PATTERN.test(value) ? value : void 0;
+    case "errorCode":
+      return SAFE_ERROR_CODE_PATTERN.test(value) ? value : void 0;
+    case "packageName":
+      return SAFE_PACKAGE_NAME_PATTERN.test(value) ? value : void 0;
+    case "packageVersion":
+      return SAFE_PACKAGE_VERSION_PATTERN.test(value) ? value : void 0;
+    default:
+      return void 0;
+  }
+}
+
+// src/app/server/createCoreWorkspaceAgentServer.ts
 var MIME_TYPES = {
   ".css": "text/css; charset=utf-8",
   ".html": "text/html; charset=utf-8",
@@ -62,11 +198,13 @@ var FRONTEND_AUTH_PAGES = /* @__PURE__ */ new Set([
   "/auth/signin",
   "/auth/signup",
   "/auth/forgot-password",
-  "/auth/reset-password",
-  "/auth/callback/github"
+  "/auth/reset-password"
 ]);
 var FRONTEND_AUTH_PAGES_SPA_ONLY = /* @__PURE__ */ new Set([
-  "/auth/verify-email"
+  "/auth/verify-email",
+  "/auth/error",
+  "/auth/callback/github",
+  "/auth/callback/google"
 ]);
 function dedupeStrings(values) {
   return Array.from(new Set(values));
@@ -239,10 +377,29 @@ function shouldServeFrontend(pathname) {
   if (pathname.startsWith("/auth/")) return false;
   return true;
 }
-async function registerAuthProxy(app) {
+async function serveFrontendShell(request, reply, indexPath, telemetry) {
+  if (!await pathExists(indexPath)) {
+    reply.status(503);
+    return {
+      error: "frontend_not_built",
+      message: "Build the frontend before starting in production mode."
+    };
+  }
+  const html = await readFile(indexPath, "utf-8");
+  captureAppOpened(telemetry, request.id);
+  reply.type("text/html; charset=utf-8");
+  return reply.send(injectCspNonceIntoHtml(html, request.cspNonce));
+}
+async function registerAuthProxy(app, options) {
   app.all("/auth/*", async (request, reply) => {
     const accept = String(request.headers?.accept ?? "");
-    if (request.method === "GET" && accept.includes("text/html")) {
+    const pathname = request.url.split("?")[0] ?? "/";
+    const isSpaOnlyAuthPage = FRONTEND_AUTH_PAGES_SPA_ONLY.has(pathname);
+    const isExplicitShellAuthPage = FRONTEND_AUTH_PAGES.has(pathname);
+    if (request.method === "GET" && accept.includes("text/html") && (isExplicitShellAuthPage || isSpaOnlyAuthPage && pathname !== "/auth/callback/github" && pathname !== "/auth/callback/google")) {
+      if (options?.serveSpaShell) {
+        return options.serveSpaShell(request, reply);
+      }
       return reply.callNotFound();
     }
     const body = encodeAuthRequestBody(request);
@@ -269,39 +426,36 @@ async function registerAuthProxy(app) {
     return reply.send(responseBody);
   });
 }
-async function registerFrontendAuthPages(app, appRoot) {
+function captureAppOpened(telemetry, requestId) {
+  safeCapture(telemetry, {
+    name: "app.opened",
+    properties: { requestId }
+  });
+}
+function registerTelemetryHooks(app, telemetry) {
+  app.addHook("onResponse", async (request, reply) => {
+    if (reply.statusCode < 500) return;
+    safeCapture(telemetry, {
+      name: "server.request.failed",
+      properties: {
+        requestId: request.id,
+        status: reply.statusCode,
+        errorCode: ERROR_CODES.INTERNAL_ERROR
+      }
+    });
+  });
+}
+async function registerFrontendAuthPages(app, appRoot, telemetry) {
   const frontDistDir = path.resolve(appRoot, "dist/front");
   const indexPath = path.resolve(frontDistDir, "index.html");
   for (const pagePath of FRONTEND_AUTH_PAGES) {
-    app.get(pagePath, async (request, reply) => {
-      if (!await pathExists(indexPath)) {
-        reply.status(503);
-        return {
-          error: "frontend_not_built",
-          message: "Build the frontend before starting in production mode."
-        };
-      }
-      const html = await readFile(indexPath, "utf-8");
-      reply.type("text/html; charset=utf-8");
-      return reply.send(injectCspNonceIntoHtml(html, request.cspNonce));
-    });
+    app.get(pagePath, async (request, reply) => serveFrontendShell(request, reply, indexPath, telemetry));
   }
 }
-async function registerFrontendFallback(app, appRoot) {
+async function registerFrontendFallback(app, appRoot, telemetry) {
   const frontDistDir = path.resolve(appRoot, "dist/front");
   const indexPath = path.resolve(frontDistDir, "index.html");
-  app.get("/", async (request, reply) => {
-    if (!await pathExists(indexPath)) {
-      reply.status(503);
-      return {
-        error: "frontend_not_built",
-        message: "Build the frontend before starting in production mode."
-      };
-    }
-    const html = await readFile(indexPath, "utf-8");
-    reply.type("text/html; charset=utf-8");
-    return reply.send(injectCspNonceIntoHtml(html, request.cspNonce));
-  });
+  app.get("/", async (request, reply) => serveFrontendShell(request, reply, indexPath, telemetry));
   app.get("/*", async (request, reply) => {
     const pathname = request.url.split("?")[0] ?? "/";
     if (!shouldServeFrontend(pathname)) return reply.callNotFound();
@@ -315,16 +469,7 @@ async function registerFrontendFallback(app, appRoot) {
       reply.type(contentType(candidate));
       return reply.send(createReadStream(candidate));
     }
-    if (!await pathExists(indexPath)) {
-      reply.status(503);
-      return {
-        error: "frontend_not_built",
-        message: "Build the frontend before starting in production mode."
-      };
-    }
-    const html = await readFile(indexPath, "utf-8");
-    reply.type("text/html; charset=utf-8");
-    return reply.send(injectCspNonceIntoHtml(html, request.cspNonce));
+    return serveFrontendShell(request, reply, indexPath, telemetry);
   });
 }
 async function createCoreRuntime(config) {
@@ -387,17 +532,24 @@ async function createCoreWorkspaceAgentServer(options = {}) {
   const appRoot = options.appRoot;
   const serveFrontend = options.serveFrontend ?? (process.env.NODE_ENV !== "development" && Boolean(appRoot));
   const workspaceRoot = options.workspaceRoot ?? process.cwd();
+  const telemetrySource = options.telemetry ? "custom" : process.env.BORING_TELEMETRY_ENABLED === "true" ? "db-env" : "noop-env";
+  const telemetry = options.telemetry ?? createDatabaseTelemetryFromEnv(db, { appId: config.appId }, process.env);
+  app.log.debug({ telemetry: { source: telemetrySource } }, "resolved telemetry sink");
+  registerTelemetryHooks(app, telemetry);
   await registerCoreRoutes({ app, sql, db, userStore, workspaceStore });
   if (serveFrontend && appRoot) {
-    await registerFrontendAuthPages(app, appRoot);
+    await registerFrontendAuthPages(app, appRoot, telemetry);
   }
-  await registerAuthProxy(app);
+  await registerAuthProxy(app, serveFrontend && appRoot ? {
+    serveSpaShell: (request, reply) => serveFrontendShell(request, reply, path.resolve(appRoot, "dist/front/index.html"), telemetry)
+  } : void 0);
   const defaultPluginPackagePaths = resolveDefaultWorkspacePluginPackagePaths({
     workspaceRoot,
     appPackageJsonPath: options.appPackageJsonPath,
     defaultPluginPackages: options.defaultPluginPackages
   });
   const defaultPackagePiSnapshot = readWorkspacePluginPackagePiSnapshot(defaultPluginPackagePaths);
+  const defaultPackageRuntimePlugins = readWorkspacePluginPackageRuntimePlugins(defaultPluginPackagePaths);
   const { systemPromptAppend: defaultPackageSystemPromptAppend, ...defaultPackagePiOptions } = defaultPackagePiSnapshot;
   const staticSystemPromptAppend = [options.systemPromptAppend, defaultPackageSystemPromptAppend].filter(Boolean).join("\n\n") || void 0;
   const defaultPluginDirEntries = defaultPluginPackagePaths.map((dir) => ({ dir, hotReload: false })).filter((entry) => hasDirServerPlugin(entry));
@@ -432,28 +584,9 @@ async function createCoreWorkspaceAgentServer(options = {}) {
     plugins: resolvedPlugins,
     excludeDefaults: options.excludeDefaults
   });
-  const provisionedWorkspaceRoots = /* @__PURE__ */ new Map();
-  const ensureWorkspaceProvisioned = (root) => {
-    if (pluginCollection.provisioningContributions.length === 0) return Promise.resolve();
-    const resolvedRoot = path.resolve(root);
-    const existing = provisionedWorkspaceRoots.get(resolvedRoot);
-    if (existing) return existing;
-    const pending = provisionWorkspaceAgentServer({
-      workspaceRoot: resolvedRoot,
-      provisioningContributions: pluginCollection.provisioningContributions,
-      force: options.forceProvisioning
-    }).catch((error) => {
-      provisionedWorkspaceRoots.delete(resolvedRoot);
-      throw error;
-    });
-    provisionedWorkspaceRoots.set(resolvedRoot, pending);
-    return pending;
-  };
-  await ensureWorkspaceProvisioned(workspaceRoot);
   const resolveWorkspaceId = async (request) => options.getWorkspaceId ? await options.getWorkspaceId(request) : await resolveAuthorizedWorkspaceId(request, workspaceStore);
   const resolveRoot = async (workspaceId, request) => {
     const root = options.getWorkspaceRoot ? await options.getWorkspaceRoot(workspaceId, request) : await resolveWorkspaceRoot(workspaceRoot, workspaceId);
-    await ensureWorkspaceProvisioned(root);
     return root;
   };
   const piOptionsByRoot = /* @__PURE__ */ new Map();
@@ -508,7 +641,26 @@ async function createCoreWorkspaceAgentServer(options = {}) {
     sandboxHandleStore: options.sandboxHandleStore ?? new WorkspaceRuntimeSandboxHandleStore(workspaceStore),
     getWorkspaceId: resolveWorkspaceId,
     getWorkspaceRoot: resolveRoot,
-    registerHealthRoute: options.registerHealthRoute ?? false
+    provisionRuntime: async ({ provisioningAdapter, runtimeLayout, workspaceId, request, runtimeMode }) => {
+      if (!provisioningAdapter) return void 0;
+      return await provisionWorkspaceRuntime({
+        plugins: [
+          ...pluginCollection.runtimePlugins,
+          ...defaultPackageRuntimePlugins
+        ],
+        adapter: provisioningAdapter,
+        runtimeLayout,
+        telemetry,
+        telemetryContext: {
+          workspaceId,
+          requestId: request?.id,
+          runtimeMode
+        }
+      });
+    },
+    provisionWorkspace: options.provisionWorkspace,
+    registerHealthRoute: options.registerHealthRoute ?? false,
+    telemetry
   });
   await app.register(uiRoutes, {
     getBridge: async (request) => getUiBridge(await resolveWorkspaceId(request)),
@@ -518,7 +670,7 @@ async function createCoreWorkspaceAgentServer(options = {}) {
     await app.register(routes);
   }
   if (serveFrontend && appRoot) {
-    await registerFrontendFallback(app, appRoot);
+    await registerFrontendFallback(app, appRoot, telemetry);
   }
   return app;
 }

package/dist/{authHook-C5ShLjAS.d.ts → authHook-DUqyxueY.d.ts}

@@ -1,7 +1,7 @@
-import { C as CoreConfig, R as RuntimeConfig } from './index-COZa03RP.js';
+import { C as CoreConfig, R as RuntimeConfig } from './types-CbMOXLBf.js';
 import { FastifyPluginAsync } from 'fastify';
 import { Auth } from 'better-auth';
-import { W as WorkspaceStore, D as Database } from './connection-jW1Xwcne.js';
+import { W as WorkspaceStore, D as Database } from './connection-AL8KSENV.js';
 
 interface LoadConfigOptions {
     tomlPath?: string;

package/dist/{chunk-V5CXMFHP.js → chunk-6D7LEQSL.js}

@@ -8,7 +8,7 @@ import {
   workspaceRuntimes,
   workspaceSettings,
   workspaces
-} from "./chunk-HSRBZLKT.js";
+} from "./chunk-C3YMOITB.js";
 import {
   ConfigValidationError,
   ERROR_CODES,
@@ -68,6 +68,10 @@ var coreConfigSchema = z.object({
       clientId: z.string().min(1),
       clientSecret: z.string().min(1)
     }).optional(),
+    google: z.object({
+      clientId: z.string().min(1),
+      clientSecret: z.string().min(1)
+    }).optional(),
     mail: z.object({
       from: z.string().min(1),
       transportUrl: mailTransportUrlSchema
@@ -77,6 +81,7 @@ var coreConfigSchema = z.object({
   }),
   features: z.object({
     githubOauth: z.boolean(),
+    googleOauth: z.boolean(),
     invitesEnabled: z.boolean(),
     sendWelcomeEmail: z.boolean(),
     inviteTtlDays: z.number().int().min(1).max(30).default(7)
@@ -162,6 +167,11 @@ async function loadConfig(options) {
     clientId: env.GITHUB_CLIENT_ID,
     clientSecret: env.GITHUB_CLIENT_SECRET
   } : void 0;
+  const googleOauth = toml.features?.google_oauth === true;
+  const google = env.GOOGLE_CLIENT_ID && env.GOOGLE_CLIENT_SECRET ? {
+    clientId: env.GOOGLE_CLIENT_ID,
+    clientSecret: env.GOOGLE_CLIENT_SECRET
+  } : void 0;
   const mailFrom = env.MAIL_FROM;
   const mailTransportUrl = env.MAIL_TRANSPORT_URL;
   const mail = mailFrom && mailTransportUrl ? { from: mailFrom, transportUrl: mailTransportUrl } : void 0;
@@ -194,6 +204,7 @@ async function loadConfig(options) {
       secret: authSecret,
       url: authUrl,
       github,
+      google,
       mail,
       sessionTtlSeconds: parseInt(
         env.SESSION_TTL_SECONDS ?? String(THIRTY_DAYS_SECONDS),
@@ -203,6 +214,7 @@ async function loadConfig(options) {
     },
     features: {
       githubOauth: githubOauth && github !== void 0,
+      googleOauth: googleOauth && google !== void 0,
       invitesEnabled: toml.features?.invites_enabled ?? true,
       sendWelcomeEmail: env.SEND_WELCOME_EMAIL !== "false",
       ...toml.features?.invite_ttl_days != null && { inviteTtlDays: toml.features.invite_ttl_days }
@@ -222,6 +234,9 @@ function validateConfig(raw) {
   }
   return result.data;
 }
+function isGoogleOauthUsable(config) {
+  return config.features.googleOauth && config.auth.google !== void 0;
+}
 function buildRuntimeConfigPayload(config) {
   return {
     appId: config.appId,
@@ -230,6 +245,7 @@ function buildRuntimeConfigPayload(config) {
     apiBase: config.auth.url,
     features: {
       githubOauth: config.features.githubOauth,
+      googleOauth: isGoogleOauthUsable(config),
       invitesEnabled: config.features.invitesEnabled,
       sendWelcomeEmail: config.features.sendWelcomeEmail
     }
@@ -362,16 +378,19 @@ function registerCapabilities(app) {
   );
   const hasMail = !!app.config.auth.mail;
   app.registerCapabilitiesContributor("core", () => {
+    const googleOauth = isGoogleOauthUsable(app.config);
     const core = {
       version: getCoreVersion(),
       features: {
         invitesEnabled: app.config.features.invitesEnabled,
         githubOauth: app.config.features.githubOauth,
+        googleOauth,
         emailFlows: hasMail
       },
       auth: {
         emailPassword: true,
         github: false,
+        google: googleOauth,
         emailVerification: hasMail,
         passwordReset: hasMail,
         magicLink: hasMail
@@ -1717,6 +1736,20 @@ function createAuth(config, db, opts) {
     transport,
     logger: opts.logger
   }) : void 0;
+  const socialProviders = {
+    ...config.auth.github ? {
+      github: {
+        clientId: config.auth.github.clientId,
+        clientSecret: config.auth.github.clientSecret
+      }
+    } : {},
+    ...config.features.googleOauth && config.auth.google ? {
+      google: {
+        clientId: config.auth.google.clientId,
+        clientSecret: config.auth.google.clientSecret
+      }
+    } : {}
+  };
   return betterAuth({
     database: drizzleAdapter(db, { provider: "pg", schema: schema_exports }),
     secret: config.auth.secret,
@@ -1797,7 +1830,7 @@ function createAuth(config, db, opts) {
       }
     },
     emailVerification: emailVerificationConfig,
-    socialProviders: config.auth.github ? { github: { clientId: config.auth.github.clientId, clientSecret: config.auth.github.clientSecret } } : {},
+    socialProviders,
     plugins
   });
 }

package/dist/chunk-AQBXNPMD.js

@@ -0,0 +1,17 @@
+// src/shared/telemetry.ts
+var noopTelemetry = {
+  capture() {
+  }
+};
+function safeCapture(telemetry, event) {
+  try {
+    void Promise.resolve(telemetry.capture(event)).catch(() => {
+    });
+  } catch {
+  }
+}
+
+export {
+  noopTelemetry,
+  safeCapture
+};

package/dist/{chunk-HSRBZLKT.js → chunk-C3YMOITB.js}

@@ -542,6 +542,7 @@ __export(schema_exports, {
   idempotencyKeys: () => idempotencyKeys,
   sessions: () => sessions,
   sessionsRelations: () => sessionsRelations,
+  telemetryEvents: () => telemetryEvents,
   userSettings: () => userSettings,
   userSettingsRelations: () => userSettingsRelations,
   users: () => users,
@@ -866,6 +867,21 @@ var idempotencyKeys = pgTable2(
     index2("idempotency_keys_created_at_idx").on(table.createdAt)
   ]
 );
+var telemetryEvents = pgTable2(
+  "telemetry_events",
+  {
+    id: uuid2("id").default(sql3`gen_random_uuid()`).primaryKey(),
+    appId: text2("app_id").notNull(),
+    eventName: text2("event_name").notNull(),
+    distinctId: text2("distinct_id").notNull().default("anonymous"),
+    properties: jsonb("properties").notNull().default({}),
+    createdAt: timestamp2("created_at").defaultNow().notNull()
+  },
+  (table) => [
+    index2("telemetry_events_app_created_at_idx").on(table.appId, table.createdAt),
+    index2("telemetry_events_event_name_idx").on(table.eventName)
+  ]
+);
 
 // src/server/db/stores/PostgresWorkspaceStore.ts
 var UI_STATE_KEY_PREFIX = "workspace_ui_state:";
@@ -1674,6 +1690,7 @@ export {
   workspaceRuntimes,
   workspaceInvites,
   idempotencyKeys,
+  telemetryEvents,
   schema_exports,
   createDatabase,
   runMigrations,