@hachej/boring-core 0.1.23 → 0.1.26

package/dist/app/server/index.js

@@ -9,7 +9,7 @@ import {
   registerRoutes,
   registerSettingsRoutes,
   registerWorkspaceRoutes
-} from "../../chunk-6D7LEQSL.js";
+} from "../../chunk-2JDK4XUZ.js";
 import {
   PostgresUserStore,
   PostgresWorkspaceStore,
@@ -531,7 +531,8 @@ async function createCoreWorkspaceAgentServer(options = {}) {
   const { app, sql, db, userStore, workspaceStore } = await createCoreRuntime(config);
   const appRoot = options.appRoot;
   const serveFrontend = options.serveFrontend ?? (process.env.NODE_ENV !== "development" && Boolean(appRoot));
-  const workspaceRoot = options.workspaceRoot ?? process.cwd();
+  const pluginWorkspaceRoot = process.cwd();
+  const workspaceRoot = options.workspaceRoot ?? process.env.BORING_AGENT_WORKSPACE_ROOT ?? process.cwd();
   const telemetrySource = options.telemetry ? "custom" : process.env.BORING_TELEMETRY_ENABLED === "true" ? "db-env" : "noop-env";
   const telemetry = options.telemetry ?? createDatabaseTelemetryFromEnv(db, { appId: config.appId }, process.env);
   app.log.debug({ telemetry: { source: telemetrySource } }, "resolved telemetry sink");
@@ -544,7 +545,7 @@ async function createCoreWorkspaceAgentServer(options = {}) {
     serveSpaShell: (request, reply) => serveFrontendShell(request, reply, path.resolve(appRoot, "dist/front/index.html"), telemetry)
   } : void 0);
   const defaultPluginPackagePaths = resolveDefaultWorkspacePluginPackagePaths({
-    workspaceRoot,
+    workspaceRoot: pluginWorkspaceRoot,
     appPackageJsonPath: options.appPackageJsonPath,
     defaultPluginPackages: options.defaultPluginPackages
   });
@@ -568,7 +569,7 @@ async function createCoreWorkspaceAgentServer(options = {}) {
     return bridge;
   };
   const pluginResolveContext = {
-    workspaceRoot,
+    workspaceRoot: pluginWorkspaceRoot,
     bridge: createUnavailableCorePluginBridge()
   };
   const resolvedPlugins = await Promise.all(
@@ -578,7 +579,7 @@ async function createCoreWorkspaceAgentServer(options = {}) {
     ))
   );
   const pluginCollection = collectWorkspaceAgentServerPlugins({
-    workspaceRoot,
+    workspaceRoot: pluginWorkspaceRoot,
     systemPromptAppend: staticSystemPromptAppend,
     pi: mergePiOptions(options.pi, defaultPackagePiOptions),
     plugins: resolvedPlugins,

package/dist/{chunk-6D7LEQSL.js → chunk-2JDK4XUZ.js}

@@ -1951,9 +1951,79 @@ var updateWorkspaceBody = z3.object({
 }).strict();
 
 // src/server/routes/workspaces.ts
+var DEFAULT_WORKSPACE_NAME = "My Workspace";
 var workspaceRoutesPlugin = async (app) => {
   const store = app.workspaceStore;
   const provisioner = app.provisioner;
+  const defaultWorkspaceCreates = /* @__PURE__ */ new Map();
+  async function provisionWorkspace(workspace, ownerId, request) {
+    if (!provisioner) return;
+    await store.putWorkspaceRuntime(workspace.id, { state: "pending" });
+    try {
+      const result = await provisioner.provision({
+        workspaceId: workspace.id,
+        workspaceName: workspace.name,
+        ownerId,
+        appId: app.config.appId
+      });
+      await store.putWorkspaceRuntime(workspace.id, {
+        state: "ready",
+        volumePath: result.volumePath
+      });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      await store.putWorkspaceRuntime(workspace.id, {
+        state: "error",
+        lastError: message,
+        lastErrorOp: "provision"
+      });
+      request.log.error({ workspaceId: workspace.id, err }, "workspace.provision.failed");
+      throw new HttpError({
+        status: 500,
+        code: ERROR_CODES.PROVISION_FAILED,
+        message: "Workspace provisioning failed",
+        requestId: request.id
+      });
+    }
+  }
+  async function createWorkspaceForUser(userId, name, isDefault, request) {
+    const workspace = await store.create(userId, name, app.config.appId, { isDefault });
+    await provisionWorkspace(workspace, userId, request);
+    return workspace;
+  }
+  async function ensureDefaultWorkspaceProvisioned(workspace, request) {
+    if (!provisioner || !workspace.isDefault) return;
+    const runtime = await store.getWorkspaceRuntime(workspace.id);
+    const needsProvisioning = !runtime || runtime.state === "ready" && !runtime.volumePath;
+    if (needsProvisioning) await provisionWorkspace(workspace, workspace.createdBy, request);
+  }
+  async function listOrCreateDefaultWorkspace(userId, request) {
+    const existing = await store.list(userId, app.config.appId);
+    if (existing.length > 0) {
+      await Promise.all(existing.map((workspace) => ensureDefaultWorkspaceProvisioned(workspace, request)));
+      return existing;
+    }
+    const createKey = `${app.config.appId}:${userId}`;
+    const inFlight = defaultWorkspaceCreates.get(createKey);
+    if (inFlight) return await inFlight;
+    const createPromise = (async () => {
+      try {
+        const created = await createWorkspaceForUser(userId, DEFAULT_WORKSPACE_NAME, true, request);
+        return [created];
+      } catch (error) {
+        if (error instanceof HttpError) throw error;
+        const racedExisting = await store.list(userId, app.config.appId);
+        if (racedExisting.length > 0) return racedExisting;
+        throw error;
+      }
+    })();
+    defaultWorkspaceCreates.set(createKey, createPromise);
+    try {
+      return await createPromise;
+    } finally {
+      if (defaultWorkspaceCreates.get(createKey) === createPromise) defaultWorkspaceCreates.delete(createKey);
+    }
+  }
   app.post("/api/v1/workspaces", async (request, reply) => {
     const parsed = createWorkspaceBody.safeParse(request.body);
     if (!parsed.success) {
@@ -1967,42 +2037,13 @@ var workspaceRoutesPlugin = async (app) => {
     const user = request.user;
     const existing = await store.list(user.id, app.config.appId);
     const isDefault = existing.length === 0;
-    const workspace = await store.create(user.id, parsed.data.name, app.config.appId, { isDefault });
-    if (provisioner) {
-      await store.putWorkspaceRuntime(workspace.id, { state: "pending" });
-      try {
-        const result = await provisioner.provision({
-          workspaceId: workspace.id,
-          workspaceName: workspace.name,
-          ownerId: user.id,
-          appId: app.config.appId
-        });
-        await store.putWorkspaceRuntime(workspace.id, {
-          state: "ready",
-          volumePath: result.volumePath
-        });
-      } catch (err) {
-        const message = err instanceof Error ? err.message : String(err);
-        await store.putWorkspaceRuntime(workspace.id, {
-          state: "error",
-          lastError: message,
-          lastErrorOp: "provision"
-        });
-        request.log.error({ workspaceId: workspace.id, err }, "workspace.provision.failed");
-        throw new HttpError({
-          status: 500,
-          code: ERROR_CODES.PROVISION_FAILED,
-          message: "Workspace provisioning failed",
-          requestId: request.id
-        });
-      }
-    }
+    const workspace = await createWorkspaceForUser(user.id, parsed.data.name, isDefault, request);
     request.log.info({ workspaceId: workspace.id, userId: user.id }, "workspace.create");
     reply.status(201);
     return { workspace, role: "owner" };
   });
   app.get("/api/v1/workspaces", async (request) => {
-    const workspaces2 = await store.list(request.user.id, app.config.appId);
+    const workspaces2 = await listOrCreateDefaultWorkspace(request.user.id, request);
     return { workspaces: workspaces2 };
   });
   app.get(

package/dist/{chunk-JMCBLJ6W.js → chunk-5R3U6QKD.js}

@@ -471,68 +471,12 @@ function useWorkspaceMembers(workspaceId) {
 }
 
 // src/front/WorkspaceAuthProvider.tsx
-import { createContext as createContext3, useContext as useContext3 } from "react";
+import { createContext as createContext4, useContext as useContext4 } from "react";
 import { useQuery as useQuery2, useQueryClient } from "@tanstack/react-query";
 import { matchPath, useLocation, useParams } from "react-router-dom";
-import { jsx as jsx4 } from "react/jsx-runtime";
-var WorkspaceContext = createContext3({
-  workspace: null,
-  role: null
-});
-var WORKSPACES_QUERY_KEY = ["workspaces"];
-function workspaceQueryKey(workspaceId) {
-  return ["workspace", workspaceId ?? null];
-}
-async function fetchWorkspaces() {
-  const data = await apiFetchJson("/api/v1/workspaces");
-  return data.workspaces;
-}
-async function fetchWorkspace(workspaceId) {
-  return await apiFetchJson(
-    `/api/v1/workspaces/${encodeURIComponent(workspaceId)}`
-  );
-}
-function workspaceIdFromPath(pathname) {
-  const match = matchPath("/w/:id/*", pathname) ?? matchPath("/w/:id", pathname) ?? matchPath("/workspace/:id/*", pathname) ?? matchPath("/workspace/:id", pathname);
-  const id = match?.params.id?.trim();
-  return id ? id : null;
-}
-function WorkspaceAuthProvider({ children }) {
-  const { id } = useParams();
-  const location = useLocation();
-  const queryClient = useQueryClient();
-  const routeWorkspaceId = id?.trim() ? id : workspaceIdFromPath(location.pathname);
-  const workspacesQuery = useQuery2({
-    queryKey: WORKSPACES_QUERY_KEY,
-    queryFn: fetchWorkspaces
-  });
-  const defaultWorkspace = routeWorkspaceId === null ? workspacesQuery.data?.find((workspace2) => workspace2.isDefault) ?? workspacesQuery.data?.[0] ?? null : null;
-  const resolvedId = routeWorkspaceId ?? defaultWorkspace?.id ?? null;
-  const cachedDetail = resolvedId ? queryClient.getQueryData(workspaceQueryKey(resolvedId)) : void 0;
-  const detailQuery = useQuery2({
-    queryKey: workspaceQueryKey(resolvedId),
-    queryFn: () => {
-      if (!resolvedId) {
-        throw new Error("Workspace id is required");
-      }
-      return fetchWorkspace(resolvedId);
-    },
-    enabled: resolvedId !== null
-  });
-  const detail = detailQuery.data ?? cachedDetail ?? null;
-  const workspace = detailQuery.isError ? null : detail?.workspace ?? null;
-  const role = detailQuery.isError ? null : detail?.role ?? null;
-  return /* @__PURE__ */ jsx4(WorkspaceContext.Provider, { value: { workspace, role }, children });
-}
-function useCurrentWorkspace() {
-  return useContext3(WorkspaceContext).workspace;
-}
-function useWorkspaceRole() {
-  return useContext3(WorkspaceContext).role;
-}
 
 // src/front/auth/AuthProvider.tsx
-import { createContext as createContext4, useContext as useContext4, useCallback as useCallback2, useMemo as useMemo2 } from "react";
+import { createContext as createContext3, useContext as useContext3, useCallback as useCallback2, useMemo as useMemo2 } from "react";
 
 // src/front/auth/authClient.ts
 import { createAuthClient } from "better-auth/react";
@@ -555,8 +499,8 @@ function getAuthClient(baseURL) {
 }
 
 // src/front/auth/AuthProvider.tsx
-import { jsx as jsx5 } from "react/jsx-runtime";
-var AuthContext = createContext4(null);
+import { jsx as jsx4 } from "react/jsx-runtime";
+var AuthContext = createContext3(null);
 function toISOString(value) {
   if (!value) return "";
   if (value instanceof Date) return value.toISOString();
@@ -589,10 +533,10 @@ function AuthProvider({
     () => ({ client, signOut }),
     [client, signOut]
   );
-  return /* @__PURE__ */ jsx5(AuthContext.Provider, { value, children });
+  return /* @__PURE__ */ jsx4(AuthContext.Provider, { value, children });
 }
 function useAuthContext() {
-  const ctx = useContext4(AuthContext);
+  const ctx = useContext3(AuthContext);
   if (!ctx) throw new Error("useSession/signIn/signOut must be used within an AuthProvider");
   return ctx;
 }
@@ -620,8 +564,21 @@ function useSignUp() {
   return client.signUp;
 }
 function useForgetPassword() {
-  const { client } = useAuthContext();
-  return client.forgetPassword;
+  useAuthContext();
+  return async (opts) => {
+    const endpoint = buildApiUrl("/auth/request-password-reset");
+    const response = await fetch(endpoint, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      credentials: "include",
+      body: JSON.stringify(opts)
+    });
+    const data = await response.json().catch(() => null);
+    if (!response.ok) {
+      return { data: null, error: data ?? { status: response.status, message: "Request failed" } };
+    }
+    return { data, error: null };
+  };
 }
 function useResetPassword() {
   const { client } = useAuthContext();
@@ -644,6 +601,107 @@ function useSignOut() {
   return signOut;
 }
 
+// src/front/WorkspaceAuthProvider.tsx
+import { jsx as jsx5 } from "react/jsx-runtime";
+var WorkspaceContext = createContext4({
+  workspace: null,
+  role: null,
+  routeStatus: { status: "idle", workspaceId: null }
+});
+var WORKSPACES_QUERY_KEY = ["workspaces"];
+function workspaceQueryKey(workspaceId) {
+  return ["workspace", workspaceId ?? null];
+}
+async function fetchWorkspaces() {
+  const data = await apiFetchJson("/api/v1/workspaces");
+  return data.workspaces;
+}
+async function fetchWorkspace(workspaceId) {
+  return await apiFetchJson(
+    `/api/v1/workspaces/${encodeURIComponent(workspaceId)}`
+  );
+}
+function routePatterns(route) {
+  const normalized = route.endsWith("/*") ? route.slice(0, -2) : route;
+  return [`${normalized}/*`, normalized];
+}
+function workspaceIdFromPath(pathname, workspaceRoute = "/workspace/:id", workspaceIdParam = "id") {
+  const patterns = [
+    ...routePatterns(workspaceRoute),
+    "/w/:id/*",
+    "/w/:id",
+    "/workspace/:id/*",
+    "/workspace/:id"
+  ];
+  for (const pattern of patterns) {
+    const match = matchPath(pattern, pathname);
+    const id = match?.params[workspaceIdParam]?.trim() ?? match?.params.id?.trim();
+    if (id) return id;
+  }
+  return null;
+}
+function routeStatusFromError(workspaceId, error) {
+  const detail = getHttpErrorDetail(error);
+  if (detail.status === 404 || detail.code === "not_found") {
+    return { status: "not-found", workspaceId, message: detail.message };
+  }
+  if (detail.status === 403 || detail.code === "forbidden" || detail.code === "not_member") {
+    return { status: "forbidden", workspaceId, message: detail.message };
+  }
+  return { status: "switch-failed", workspaceId, message: detail.message };
+}
+function WorkspaceAuthProvider({
+  children,
+  workspaceRoute,
+  workspaceIdParam
+}) {
+  const { id } = useParams();
+  const location = useLocation();
+  const queryClient = useQueryClient();
+  const routeWorkspaceId = id?.trim() ? id : workspaceIdFromPath(location.pathname, workspaceRoute, workspaceIdParam);
+  const session = useSession();
+  const isAuthenticated = Boolean(session.data?.user);
+  const workspacesQuery = useQuery2({
+    queryKey: WORKSPACES_QUERY_KEY,
+    queryFn: fetchWorkspaces,
+    enabled: isAuthenticated
+  });
+  const defaultWorkspace = routeWorkspaceId === null ? workspacesQuery.data?.find((workspace2) => workspace2.isDefault) ?? workspacesQuery.data?.[0] ?? null : null;
+  const resolvedId = routeWorkspaceId ?? defaultWorkspace?.id ?? null;
+  const cachedDetail = resolvedId ? queryClient.getQueryData(workspaceQueryKey(resolvedId)) : void 0;
+  const detailQuery = useQuery2({
+    queryKey: workspaceQueryKey(resolvedId),
+    queryFn: () => {
+      if (!resolvedId) {
+        throw new Error("Workspace id is required");
+      }
+      return fetchWorkspace(resolvedId);
+    },
+    enabled: isAuthenticated && resolvedId !== null
+  });
+  const detail = detailQuery.data ?? cachedDetail ?? null;
+  const workspace = detailQuery.isError ? null : detail?.workspace ?? null;
+  const role = detailQuery.isError ? null : detail?.role ?? null;
+  const routeStatus = (() => {
+    if (!isAuthenticated) return { status: "idle", workspaceId: routeWorkspaceId };
+    if (routeWorkspaceId === null) return { status: "idle", workspaceId: null };
+    if (detailQuery.isError) return routeStatusFromError(routeWorkspaceId, detailQuery.error);
+    if (detailQuery.isPending && !detail) return { status: "loading", workspaceId: routeWorkspaceId };
+    if (workspace?.id === routeWorkspaceId) return { status: "matched", workspaceId: routeWorkspaceId, workspace };
+    return { status: "mismatched", workspaceId: routeWorkspaceId, currentWorkspaceId: workspace?.id ?? null };
+  })();
+  return /* @__PURE__ */ jsx5(WorkspaceContext.Provider, { value: { workspace, role, routeStatus }, children });
+}
+function useCurrentWorkspace() {
+  return useContext4(WorkspaceContext).workspace;
+}
+function useWorkspaceRole() {
+  return useContext4(WorkspaceContext).role;
+}
+function useWorkspaceRouteStatus() {
+  return useContext4(WorkspaceContext).routeStatus;
+}
+
 // src/front/auth/UserIdentityProvider.tsx
 import { createContext as createContext5, useContext as useContext5, useEffect as useEffect7, useState as useState6, useRef as useRef3 } from "react";
 import { jsx as jsx6 } from "react/jsx-runtime";
@@ -984,6 +1042,8 @@ function ForgotPasswordPage() {
   const forgetPassword = useForgetPassword();
   const [isSubmitting, setIsSubmitting] = useState10(false);
   const [submitted, setSubmitted] = useState10(false);
+  const redirect = typeof window === "undefined" ? null : new URLSearchParams(window.location.search).get("redirect");
+  const signinHref = redirect ? `${routes.signin}?redirect=${encodeURIComponent(redirect)}` : routes.signin;
   const {
     register,
     handleSubmit,
@@ -1007,7 +1067,7 @@ function ForgotPasswordPage() {
         /* @__PURE__ */ jsx10(CardTitle3, { children: "Check your inbox" }),
         /* @__PURE__ */ jsx10(CardDescription3, { children: "If an account exists with that email, we sent a password reset link. Check your inbox and follow the instructions." })
       ] }),
-      /* @__PURE__ */ jsx10(CardFooter3, { children: /* @__PURE__ */ jsx10("a", { href: routes.signin, className: "text-sm text-muted-foreground hover:underline", children: "Back to sign in" }) })
+      /* @__PURE__ */ jsx10(CardFooter3, { children: /* @__PURE__ */ jsx10("a", { href: signinHref, className: "text-sm text-muted-foreground hover:underline", children: "Back to sign in" }) })
     ] }) });
   }
   return /* @__PURE__ */ jsx10("div", { className: "flex min-h-screen items-center justify-center p-4", children: /* @__PURE__ */ jsxs3(Card3, { className: "w-full max-w-sm", children: [
@@ -1032,7 +1092,7 @@ function ForgotPasswordPage() {
       ] }) }),
       /* @__PURE__ */ jsxs3(CardFooter3, { className: "flex flex-col gap-4", children: [
         /* @__PURE__ */ jsx10(Button5, { type: "submit", className: "w-full", disabled: isSubmitting, children: isSubmitting ? "Sending\u2026" : "Send reset link" }),
-        /* @__PURE__ */ jsx10("a", { href: routes.signin, className: "text-sm text-muted-foreground hover:underline", children: "Back to sign in" })
+        /* @__PURE__ */ jsx10("a", { href: signinHref, className: "text-sm text-muted-foreground hover:underline", children: "Back to sign in" })
       ] })
     ] })
   ] }) });
@@ -1816,6 +1876,7 @@ function InviteAcceptPage() {
 
 // src/front/AuthGate.tsx
 import { useEffect as useEffect9, useMemo as useMemo3, useRef as useRef5 } from "react";
+import { matchPath as matchPath2 } from "react-router-dom";
 import { Fragment as Fragment3, jsx as jsx15 } from "react/jsx-runtime";
 var DEFAULT_GRACE_MS = 3e4;
 var UNSAFE_REDIRECT_RE = /[\0\r\n<>"'`]/;
@@ -1842,7 +1903,12 @@ function normalizePublicPath(path) {
 function isPublicPath(pathname, publicPaths) {
   const normalizedPath = normalizePath(pathname);
   if (normalizedPath === "/auth" || normalizedPath.startsWith("/auth/")) return true;
-  return publicPaths.some((candidate) => normalizedPath === candidate || normalizedPath.startsWith(`${candidate}/`));
+  return publicPaths.some((candidate) => {
+    if (candidate.includes(":") || candidate.includes("*")) {
+      return Boolean(matchPath2({ path: candidate, end: !candidate.includes("*") }, normalizedPath));
+    }
+    return normalizedPath === candidate || normalizedPath.startsWith(`${candidate}/`);
+  });
 }
 function readSafeRedirect(search) {
   const redirect = new URLSearchParams(normalizeSearch(search)).get("redirect");
@@ -1938,8 +2004,8 @@ function AuthGate({
 }
 
 // src/front/CoreFront.tsx
-import { Suspense, useMemo as useMemo6 } from "react";
-import { BrowserRouter, Routes, Route } from "react-router-dom";
+import { Suspense, useCallback as useCallback9, useMemo as useMemo6 } from "react";
+import { BrowserRouter, Routes, Route, useLocation as useLocation2, useNavigate as useNavigate5 } from "react-router-dom";
 import { QueryClient, QueryClientProvider } from "@tanstack/react-query";
 import { Helmet, HelmetProvider } from "react-helmet-async";
 
@@ -2202,12 +2268,15 @@ function WorkspaceSwitcher({
         headers: { "content-type": "application/json" },
         body: JSON.stringify({ name: parsed.data.name })
       });
-      await Promise.all([
-        queryClient.invalidateQueries({ queryKey: WORKSPACES_QUERY_KEY }),
-        queryClient.invalidateQueries({ queryKey: workspaceQueryKey(data.workspace.id) })
-      ]);
+      queryClient.setQueryData(workspaceQueryKey(data.workspace.id), data);
+      queryClient.setQueryData(WORKSPACES_QUERY_KEY, (current = []) => {
+        if (current.some((workspace) => workspace.id === data.workspace.id)) return current;
+        return [...current, data.workspace];
+      });
       onModalChange(false);
       navigate(hrefForWorkspace(workspacePathPrefix, data.workspace.id));
+      void queryClient.invalidateQueries({ queryKey: WORKSPACES_QUERY_KEY });
+      void queryClient.invalidateQueries({ queryKey: workspaceQueryKey(data.workspace.id) });
     } catch (error) {
       const detail = getHttpErrorDetail(error);
       if (typeof detail.status === "number" && detail.status >= 400 && detail.status < 500) {
@@ -3420,7 +3489,30 @@ function createDefaultQueryClient() {
     }
   });
 }
-function CoreFront({ children, authPages, cspNonce }) {
+function RouterAuthGate({ children, publicPaths }) {
+  const location = useLocation2();
+  const navigate = useNavigate5();
+  const authLocation = useMemo6(
+    () => ({ pathname: location.pathname, search: location.search, hash: location.hash }),
+    [location.hash, location.pathname, location.search]
+  );
+  const navigateWithinRouter = useCallback9(
+    (to, options) => {
+      navigate(to, { replace: options?.replace });
+    },
+    [navigate]
+  );
+  return /* @__PURE__ */ jsx22(
+    AuthGate,
+    {
+      location: authLocation,
+      navigate: navigateWithinRouter,
+      publicPaths,
+      children
+    }
+  );
+}
+function CoreFront({ children, authPages, cspNonce, workspaceRoute, workspaceIdParam, publicPaths }) {
   const queryClient = useMemo6(createDefaultQueryClient, []);
   const resolvedCspNonce = useMemo6(
     () => cspNonce ?? readCspNonceFromDom(),
@@ -3433,7 +3525,7 @@ function CoreFront({ children, authPages, cspNonce }) {
   const VerifyEmailPage2 = authPages?.verifyEmail ?? VerifyEmailPage;
   const AuthErrorPage2 = authPages?.authError ?? AuthErrorPage;
   const UserSettingsPage2 = authPages?.userSettings ?? UserSettingsPage;
-  return /* @__PURE__ */ jsx22(HelmetProvider, { children: /* @__PURE__ */ jsx22(AppErrorBoundary, { children: /* @__PURE__ */ jsx22(QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ jsx22(ConfigProvider, { children: /* @__PURE__ */ jsx22(ThemeProvider, { children: /* @__PURE__ */ jsx22(AuthProvider, { queryClient, children: /* @__PURE__ */ jsx22(UserIdentityProvider, { children: /* @__PURE__ */ jsx22(BrowserRouter, { children: /* @__PURE__ */ jsx22(WorkspaceAuthProvider, { children: /* @__PURE__ */ jsxs15(TopBarSlotProvider, { slot: /* @__PURE__ */ jsx22(UserMenu, {}), children: [
+  return /* @__PURE__ */ jsx22(HelmetProvider, { children: /* @__PURE__ */ jsx22(AppErrorBoundary, { children: /* @__PURE__ */ jsx22(QueryClientProvider, { client: queryClient, children: /* @__PURE__ */ jsx22(ConfigProvider, { children: /* @__PURE__ */ jsx22(ThemeProvider, { children: /* @__PURE__ */ jsx22(AuthProvider, { queryClient, children: /* @__PURE__ */ jsx22(UserIdentityProvider, { children: /* @__PURE__ */ jsx22(BrowserRouter, { children: /* @__PURE__ */ jsx22(WorkspaceAuthProvider, { workspaceRoute, workspaceIdParam, children: /* @__PURE__ */ jsxs15(TopBarSlotProvider, { slot: /* @__PURE__ */ jsx22(UserMenu, {}), children: [
     /* @__PURE__ */ jsx22(Helmet, { children: resolvedCspNonce ? /* @__PURE__ */ jsxs15(Fragment6, { children: [
       /* @__PURE__ */ jsx22("meta", { name: CSP_NONCE_META_NAME, content: resolvedCspNonce }),
       /* @__PURE__ */ jsx22(
@@ -3446,7 +3538,7 @@ function CoreFront({ children, authPages, cspNonce }) {
         }
       )
     ] }) : null }),
-    /* @__PURE__ */ jsx22(AuthGate, { publicPaths: ["/invites"], children: /* @__PURE__ */ jsx22(Suspense, { fallback: null, children: /* @__PURE__ */ jsxs15(Routes, { children: [
+    /* @__PURE__ */ jsx22(RouterAuthGate, { publicPaths: ["/invites", ...publicPaths ?? []], children: /* @__PURE__ */ jsx22(Suspense, { fallback: null, children: /* @__PURE__ */ jsxs15(Routes, { children: [
       /* @__PURE__ */ jsx22(Route, { path: routes.signin, element: /* @__PURE__ */ jsx22(SignInPage2, {}) }),
       /* @__PURE__ */ jsx22(Route, { path: routes.signup, element: /* @__PURE__ */ jsx22(SignUpPage2, {}) }),
       /* @__PURE__ */ jsx22(Route, { path: routes.forgotPassword, element: /* @__PURE__ */ jsx22(ForgotPasswordPage2, {}) }),
@@ -3470,7 +3562,7 @@ function CoreFront({ children, authPages, cspNonce }) {
 
 // src/front/commands/CoreCommandContributions.tsx
 import { useMemo as useMemo7, useState as useState20 } from "react";
-import { useNavigate as useNavigate5 } from "react-router-dom";
+import { useNavigate as useNavigate6 } from "react-router-dom";
 
 // src/front/workspace/commands.ts
 function getWorkspaceCommands(workspaceId, navigate) {
@@ -3508,7 +3600,7 @@ function toPaletteCommand(command) {
   };
 }
 function useCoreCommands() {
-  const navigate = useNavigate5();
+  const navigate = useNavigate6();
   const signOut = useSignOut();
   const workspace = useCurrentWorkspace();
   const [isSigningOut, setIsSigningOut] = useState20(false);
@@ -3632,9 +3724,6 @@ export {
   useBlobUrl,
   useCapabilities,
   useWorkspaceMembers,
-  WorkspaceAuthProvider,
-  useCurrentWorkspace,
-  useWorkspaceRole,
   getAuthClient,
   AuthProvider,
   useSession,
@@ -3644,6 +3733,10 @@ export {
   useSendVerificationEmail,
   useChangePassword,
   useSignOut,
+  WorkspaceAuthProvider,
+  useCurrentWorkspace,
+  useWorkspaceRole,
+  useWorkspaceRouteStatus,
   UserIdentityProvider,
   useUser,
   GoogleAuthButton,

package/dist/front/index.d.ts

@@ -6,7 +6,7 @@ import * as _tanstack_react_query from '@tanstack/react-query';
 import * as better_auth_react from 'better-auth/react';
 import { createAuthClient } from 'better-auth/react';
 import * as better_auth from 'better-auth';
-export { a as CoreFront, C as CoreFrontAuthPagesOverride, b as CoreFrontProps } from '../CoreFront-CgAkiEts.js';
+export { a as CoreFront, C as CoreFrontAuthPagesOverride, b as CoreFrontProps } from '../CoreFront-N0QJSYaM.js';
 import { NavigateFunction } from 'react-router-dom';
 export { TopBarSlotProvider, useTopBarSlot } from './top-bar-slot.js';
 
@@ -70,12 +70,42 @@ type EnrichedMember = WorkspaceMember & {
 };
 declare function useWorkspaceMembers(workspaceId: string): _tanstack_react_query.UseQueryResult<EnrichedMember[], Error>;
 
+type WorkspaceRouteStatus = {
+    status: 'idle';
+    workspaceId: string | null;
+} | {
+    status: 'loading';
+    workspaceId: string | null;
+} | {
+    status: 'matched';
+    workspaceId: string;
+    workspace: Workspace;
+} | {
+    status: 'mismatched';
+    workspaceId: string;
+    currentWorkspaceId: string | null;
+} | {
+    status: 'not-found';
+    workspaceId: string;
+    message: string;
+} | {
+    status: 'forbidden';
+    workspaceId: string;
+    message: string;
+} | {
+    status: 'switch-failed';
+    workspaceId: string;
+    message: string;
+};
 interface WorkspaceAuthProviderProps {
     children: ReactNode;
+    workspaceRoute?: string;
+    workspaceIdParam?: string;
 }
-declare function WorkspaceAuthProvider({ children }: WorkspaceAuthProviderProps): react_jsx_runtime.JSX.Element;
+declare function WorkspaceAuthProvider({ children, workspaceRoute, workspaceIdParam, }: WorkspaceAuthProviderProps): react_jsx_runtime.JSX.Element;
 declare function useCurrentWorkspace(): Workspace | null;
 declare function useWorkspaceRole(): MemberRole | null;
+declare function useWorkspaceRouteStatus(): WorkspaceRouteStatus;
 
 interface AuthProviderProps {
     children: ReactNode;
@@ -464,4 +494,4 @@ declare function sanitizeToolOutput(input: string): string;
 
 declare function debounce<T extends (...args: unknown[]) => unknown>(fn: T, ms: number): T;
 
-export { AppErrorBoundary, type AuthClient, AuthGate, type AuthGateProps, AuthProvider, type AuthProviderProps, type Binding, type Breakpoint, ConfigProvider, type ConfigProviderProps, type CoreCommand, type EnrichedMember, ForgotPasswordPage, GoogleAuthButton, type GoogleAuthButtonProps, InviteAcceptPage, InvitesPage, MembersPage, ResetPasswordPage, type RouteMap, SignInPage, SignUpPage, type ThemeApi, ThemeProvider, type ThemeProviderProps, ThemeToggle, type UserIdentity, UserIdentityProvider, type UserIdentityProviderProps, UserMenu, UserSettingsPage, VerifyEmailPage, WorkspaceAuthProvider, type WorkspaceAuthProviderProps, type WorkspaceCommand, WorkspaceSettingsPage, WorkspaceSwitcher, apiFetch, apiFetchJson, buildApiUrl, buildWsUrl, debounce, getApiBase, getAuthClient, getHttpErrorDetail, getWorkspaceCommands, getWsBase, openWebSocket, routeHref, routes, sanitizeMarkdown, sanitizeToolOutput, setApiBase, useBlobUrl, useCapabilities, useChangePassword, useConfig, useConfigLoaded, useCoreCommands, useCurrentWorkspace, useKeyboardShortcuts, useReducedMotion, useSendVerificationEmail, useSession, useSignIn, useSignOut, useSignUp, useTheme, useUser, useVerifyEmail, useViewportBreakpoint, useWorkspaceMembers, useWorkspaceRole };
+export { AppErrorBoundary, type AuthClient, AuthGate, type AuthGateProps, AuthProvider, type AuthProviderProps, type Binding, type Breakpoint, ConfigProvider, type ConfigProviderProps, type CoreCommand, type EnrichedMember, ForgotPasswordPage, GoogleAuthButton, type GoogleAuthButtonProps, InviteAcceptPage, InvitesPage, MembersPage, ResetPasswordPage, type RouteMap, SignInPage, SignUpPage, type ThemeApi, ThemeProvider, type ThemeProviderProps, ThemeToggle, type UserIdentity, UserIdentityProvider, type UserIdentityProviderProps, UserMenu, UserSettingsPage, VerifyEmailPage, WorkspaceAuthProvider, type WorkspaceAuthProviderProps, type WorkspaceCommand, type WorkspaceRouteStatus, WorkspaceSettingsPage, WorkspaceSwitcher, apiFetch, apiFetchJson, buildApiUrl, buildWsUrl, debounce, getApiBase, getAuthClient, getHttpErrorDetail, getWorkspaceCommands, getWsBase, openWebSocket, routeHref, routes, sanitizeMarkdown, sanitizeToolOutput, setApiBase, useBlobUrl, useCapabilities, useChangePassword, useConfig, useConfigLoaded, useCoreCommands, useCurrentWorkspace, useKeyboardShortcuts, useReducedMotion, useSendVerificationEmail, useSession, useSignIn, useSignOut, useSignUp, useTheme, useUser, useVerifyEmail, useViewportBreakpoint, useWorkspaceMembers, useWorkspaceRole, useWorkspaceRouteStatus };

package/dist/front/index.js

@@ -56,8 +56,9 @@ import {
   useVerifyEmail,
   useViewportBreakpoint,
   useWorkspaceMembers,
-  useWorkspaceRole
-} from "../chunk-JMCBLJ6W.js";
+  useWorkspaceRole,
+  useWorkspaceRouteStatus
+} from "../chunk-5R3U6QKD.js";
 import {
   TopBarSlotProvider,
   useTopBarSlot
@@ -124,5 +125,6 @@ export {
   useVerifyEmail,
   useViewportBreakpoint,
   useWorkspaceMembers,
-  useWorkspaceRole
+  useWorkspaceRole,
+  useWorkspaceRouteStatus
 };

package/dist/server/index.js

@@ -24,7 +24,7 @@ import {
   requireWorkspaceMember,
   validateConfig,
   validatePasswordStrength
-} from "../chunk-6D7LEQSL.js";
+} from "../chunk-2JDK4XUZ.js";
 import {
   createDatabase,
   runMigrations