@inkeep/agents-core 0.22.9 → 0.22.11

package/dist/{chunk-F3AFTJB7.js → chunk-4SE2FOJY.js}

@@ -1,4 +1,4 @@
-import { subAgents, subAgentRelations, agents, tasks, taskRelations, tools, conversations, messages, contextCache, dataComponents, subAgentDataComponents, artifactComponents, subAgentArtifactComponents, externalAgents, apiKeys, credentialReferences, functionTools, functions, contextConfigs, subAgentToolRelations, ledgerArtifacts, projects } from './chunk-PR3DDXVU.js';
+import { subAgents, subAgentRelations, agents, tasks, taskRelations, tools, conversations, messages, contextCache, dataComponents, subAgentDataComponents, artifactComponents, subAgentArtifactComponents, externalAgents, apiKeys, credentialReferences, functionTools, functions, contextConfigs, subAgentToolRelations, ledgerArtifacts, projects } from './chunk-5B6IOJZY.js';
 import { VALID_RELATION_TYPES, MCPTransportType, TOOL_STATUS_VALUES, CredentialStoreType, MCPServerType } from './chunk-YFHT5M2R.js';
 import { z } from '@hono/zod-openapi';
 import { createSelectSchema, createInsertSchema } from 'drizzle-zod';

package/dist/{chunk-PR3DDXVU.js → chunk-5B6IOJZY.js}

@@ -266,6 +266,7 @@ var dataComponents = sqliteTable(
     ...projectScoped,
     ...uiProperties,
     props: blob("props", { mode: "json" }).$type(),
+    preview: blob("preview", { mode: "json" }).$type(),
     ...timestamps
   },
   (table) => [

package/dist/{chunk-TSKVAFS4.js → chunk-NLZO4BB6.js}

@@ -1,44 +1,6 @@
-import { AgentWithinContextOfProjectSchema, resourceIdSchema, MAX_ID_LENGTH } from './chunk-F3AFTJB7.js';
+import { AgentWithinContextOfProjectSchema, resourceIdSchema, MAX_ID_LENGTH } from './chunk-4SE2FOJY.js';
 import { z } from 'zod';
 
-var TransferDataSchema = z.object({
-  fromSubAgent: z.string().describe("ID of the sub-agent transferring control"),
-  targetSubAgent: z.string().describe("ID of the sub-agent receiving control"),
-  reason: z.string().optional().describe("Reason for the transfer"),
-  context: z.any().optional().describe("Additional context data")
-});
-var DelegationSentDataSchema = z.object({
-  delegationId: z.string().describe("Unique identifier for this delegation"),
-  fromSubAgent: z.string().describe("ID of the delegating sub-agent"),
-  targetSubAgent: z.string().describe("ID of the sub-agent receiving the delegation"),
-  taskDescription: z.string().describe("Description of the delegated task"),
-  context: z.any().optional().describe("Additional context data")
-});
-var DelegationReturnedDataSchema = z.object({
-  delegationId: z.string().describe("Unique identifier matching the original delegation"),
-  fromSubAgent: z.string().describe("ID of the sub-agent that completed the task"),
-  targetSubAgent: z.string().describe("ID of the sub-agent receiving the result"),
-  result: z.any().optional().describe("Result data from the delegated task")
-});
-var DataOperationDetailsSchema = z.object({
-  timestamp: z.number().describe("Unix timestamp in milliseconds"),
-  subAgentId: z.string().describe("ID of the sub-agent that generated this data"),
-  data: z.any().describe("The actual data payload")
-});
-var DataOperationEventSchema = z.object({
-  type: z.string().describe("Event type identifier"),
-  label: z.string().describe("Human-readable label for the event"),
-  details: DataOperationDetailsSchema
-});
-var A2AMessageMetadataSchema = z.object({
-  fromSubAgentId: z.string().optional().describe("ID of the sending sub-agent"),
-  toSubAgentId: z.string().optional().describe("ID of the receiving sub-agent"),
-  fromExternalAgentId: z.string().optional().describe("ID of the sending external agent"),
-  toExternalAgentId: z.string().optional().describe("ID of the receiving external agent"),
-  taskId: z.string().optional().describe("Associated task ID"),
-  a2aTaskId: z.string().optional().describe("A2A-specific task ID")
-});
-
 // src/validation/agentFull.ts
 function isInternalAgent(agent) {
   return "prompt" in agent;
@@ -151,6 +113,43 @@ function validateAgentStructure(agentData, projectResources) {
   }
   validateAgentRelationships(agentData);
 }
+var TransferDataSchema = z.object({
+  fromSubAgent: z.string().describe("ID of the sub-agent transferring control"),
+  targetSubAgent: z.string().describe("ID of the sub-agent receiving control"),
+  reason: z.string().optional().describe("Reason for the transfer"),
+  context: z.any().optional().describe("Additional context data")
+});
+var DelegationSentDataSchema = z.object({
+  delegationId: z.string().describe("Unique identifier for this delegation"),
+  fromSubAgent: z.string().describe("ID of the delegating sub-agent"),
+  targetSubAgent: z.string().describe("ID of the sub-agent receiving the delegation"),
+  taskDescription: z.string().describe("Description of the delegated task"),
+  context: z.any().optional().describe("Additional context data")
+});
+var DelegationReturnedDataSchema = z.object({
+  delegationId: z.string().describe("Unique identifier matching the original delegation"),
+  fromSubAgent: z.string().describe("ID of the sub-agent that completed the task"),
+  targetSubAgent: z.string().describe("ID of the sub-agent receiving the result"),
+  result: z.any().optional().describe("Result data from the delegated task")
+});
+var DataOperationDetailsSchema = z.object({
+  timestamp: z.number().describe("Unix timestamp in milliseconds"),
+  subAgentId: z.string().describe("ID of the sub-agent that generated this data"),
+  data: z.any().describe("The actual data payload")
+});
+var DataOperationEventSchema = z.object({
+  type: z.string().describe("Event type identifier"),
+  label: z.string().describe("Human-readable label for the event"),
+  details: DataOperationDetailsSchema
+});
+var A2AMessageMetadataSchema = z.object({
+  fromSubAgentId: z.string().optional().describe("ID of the sending sub-agent"),
+  toSubAgentId: z.string().optional().describe("ID of the receiving sub-agent"),
+  fromExternalAgentId: z.string().optional().describe("ID of the sending external agent"),
+  toExternalAgentId: z.string().optional().describe("ID of the receiving external agent"),
+  taskId: z.string().optional().describe("Associated task ID"),
+  a2aTaskId: z.string().optional().describe("A2A-specific task ID")
+});
 
 // src/validation/id-validation.ts
 function isValidResourceId(id) {
@@ -170,4 +169,90 @@ function generateIdFromName(name) {
   return truncatedId;
 }
 
-export { A2AMessageMetadataSchema, DataOperationDetailsSchema, DataOperationEventSchema, DelegationReturnedDataSchema, DelegationSentDataSchema, TransferDataSchema, generateIdFromName, isExternalAgent, isInternalAgent, isValidResourceId, validateAgentRelationships, validateAgentStructure, validateAndTypeAgentData, validateArtifactComponentReferences, validateDataComponentReferences, validateToolReferences };
+// src/validation/preview-validation.ts
+var MAX_CODE_SIZE = 5e4;
+var MAX_DATA_SIZE = 1e4;
+var DANGEROUS_PATTERNS = [
+  /\beval\s*\(/i,
+  /\bFunction\s*\(/i,
+  /dangerouslySetInnerHTML/i,
+  /<script\b/i,
+  /\bon\w+\s*=/i,
+  // inline event handlers like onclick=
+  /document\.write/i,
+  /window\.location/i,
+  /\.innerHTML\s*=/i
+];
+var ALLOWED_IMPORTS = ["lucide-react"];
+function validatePreview(preview) {
+  const errors = [];
+  if (!preview.code || typeof preview.code !== "string") {
+    return {
+      isValid: false,
+      errors: [{ field: "preview.code", message: "Code must be a non-empty string" }]
+    };
+  }
+  if (!preview.data || typeof preview.data !== "object") {
+    return {
+      isValid: false,
+      errors: [{ field: "preview.data", message: "Data must be an object" }]
+    };
+  }
+  if (preview.code.length > MAX_CODE_SIZE) {
+    errors.push({
+      field: "preview.code",
+      message: `Code size exceeds maximum allowed (${MAX_CODE_SIZE} characters)`
+    });
+  }
+  const dataString = JSON.stringify(preview.data);
+  if (dataString.length > MAX_DATA_SIZE) {
+    errors.push({
+      field: "preview.data",
+      message: `Data size exceeds maximum allowed (${MAX_DATA_SIZE} characters)`
+    });
+  }
+  for (const pattern of DANGEROUS_PATTERNS) {
+    if (pattern.test(preview.code)) {
+      errors.push({
+        field: "preview.code",
+        message: `Code contains potentially dangerous pattern: ${pattern.source}`
+      });
+    }
+  }
+  const importMatches = preview.code.matchAll(/import\s+.*?\s+from\s+['"]([^'"]+)['"]/g);
+  for (const match of importMatches) {
+    const importPath = match[1];
+    if (!ALLOWED_IMPORTS.includes(importPath)) {
+      errors.push({
+        field: "preview.code",
+        message: `Import from "${importPath}" is not allowed. Only imports from ${ALLOWED_IMPORTS.join(", ")} are permitted`
+      });
+    }
+  }
+  const hasFunctionDeclaration = /function\s+\w+\s*\(/.test(preview.code);
+  if (!hasFunctionDeclaration) {
+    errors.push({
+      field: "preview.code",
+      message: "Code must contain a function declaration"
+    });
+  }
+  const hasReturn = /return\s*\(?\s*</.test(preview.code);
+  if (!hasReturn) {
+    errors.push({
+      field: "preview.code",
+      message: "Component function must have a return statement with JSX"
+    });
+  }
+  if (/\bexport\s+(default\s+)?/i.test(preview.code)) {
+    errors.push({
+      field: "preview.code",
+      message: "Code should not contain export statements"
+    });
+  }
+  return {
+    isValid: errors.length === 0,
+    errors
+  };
+}
+
+export { A2AMessageMetadataSchema, DataOperationDetailsSchema, DataOperationEventSchema, DelegationReturnedDataSchema, DelegationSentDataSchema, TransferDataSchema, generateIdFromName, isExternalAgent, isInternalAgent, isValidResourceId, validateAgentRelationships, validateAgentStructure, validateAndTypeAgentData, validateArtifactComponentReferences, validateDataComponentReferences, validatePreview, validateToolReferences };

package/dist/client-exports.cjs

@@ -243,6 +243,7 @@ var dataComponents = sqliteCore.sqliteTable(
     ...projectScoped,
     ...uiProperties,
     props: sqliteCore.blob("props", { mode: "json" }).$type(),
+    preview: sqliteCore.blob("preview", { mode: "json" }).$type(),
     ...timestamps
   },
   (table) => [

package/dist/client-exports.d.cts

@@ -1,7 +1,7 @@
 export { h as ACTIVITY_NAMES, f as ACTIVITY_STATUS, e as ACTIVITY_TYPES, g as AGENT_IDS, o as AGGREGATE_OPERATORS, A as AI_OPERATIONS, i as AI_TOOL_TYPES, n as DATA_SOURCES, j as DATA_TYPES, D as DELEGATION_FROM_SUB_AGENT_ID, b as DELEGATION_ID, a as DELEGATION_TO_SUB_AGENT_ID, F as FIELD_TYPES, O as OPERATORS, l as ORDER_DIRECTIONS, P as PANEL_TYPES, p as QUERY_DEFAULTS, k as QUERY_EXPRESSIONS, Q as QUERY_FIELD_CONFIGS, m as QUERY_TYPES, R as REDUCE_OPERATIONS, d as SPAN_KEYS, S as SPAN_NAMES, T as TRANSFER_FROM_SUB_AGENT_ID, c as TRANSFER_TO_SUB_AGENT_ID, U as UNKNOWN_VALUE } from './signoz-queries-Bqpkx5sK.cjs';
 import { z } from 'zod';
-import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-DmLVF565.cjs';
-export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-DmLVF565.cjs';
+import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-06QUJeMa.cjs';
+export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-06QUJeMa.cjs';
 export { v as validatePropsAsJsonSchema } from './props-validation-BMR1qNiy.cjs';
 import 'drizzle-zod';
 import 'drizzle-orm/sqlite-core';
@@ -128,8 +128,8 @@ declare const DataComponentApiInsertSchema: z.ZodObject<{
     props: z.ZodRecord<z.ZodString, z.ZodUnknown>;
 }, z.core.$strip>;
 declare const ArtifactComponentApiInsertSchema: z.ZodObject<{
-    id: z.ZodString;
     name: z.ZodString;
+    id: z.ZodString;
     description: z.ZodString;
     props: z.ZodOptional<z.ZodNullable<z.ZodType<Record<string, unknown>, Record<string, unknown>, z.core.$ZodTypeInternals<Record<string, unknown>, Record<string, unknown>>>>>;
 }, {
@@ -164,12 +164,11 @@ declare const FullAgentDefinitionSchema: z.ZodObject<{
     description: z.ZodOptional<z.ZodString>;
     defaultSubAgentId: z.ZodOptional<z.ZodString>;
     subAgents: z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
-        id: z.ZodString;
         name: z.ZodString;
-        description: z.ZodString;
-        prompt: z.ZodString;
+        id: z.ZodString;
         createdAt: z.ZodOptional<z.ZodString>;
         updatedAt: z.ZodOptional<z.ZodString>;
+        description: z.ZodString;
         models: z.ZodOptional<z.ZodObject<{
             base: z.ZodOptional<z.ZodObject<{
                 model: z.ZodOptional<z.ZodString>;
@@ -193,6 +192,7 @@ declare const FullAgentDefinitionSchema: z.ZodObject<{
         }, {
             stepCountIs?: number | undefined;
         }>>>>;
+        prompt: z.ZodString;
         conversationHistoryConfig: z.ZodOptional<z.ZodNullable<z.ZodType<ConversationHistoryConfig, ConversationHistoryConfig, z.core.$ZodTypeInternals<ConversationHistoryConfig, ConversationHistoryConfig>>>>;
         type: z.ZodLiteral<"internal">;
         canUse: z.ZodArray<z.ZodObject<{

package/dist/client-exports.d.ts

@@ -1,7 +1,7 @@
 export { h as ACTIVITY_NAMES, f as ACTIVITY_STATUS, e as ACTIVITY_TYPES, g as AGENT_IDS, o as AGGREGATE_OPERATORS, A as AI_OPERATIONS, i as AI_TOOL_TYPES, n as DATA_SOURCES, j as DATA_TYPES, D as DELEGATION_FROM_SUB_AGENT_ID, b as DELEGATION_ID, a as DELEGATION_TO_SUB_AGENT_ID, F as FIELD_TYPES, O as OPERATORS, l as ORDER_DIRECTIONS, P as PANEL_TYPES, p as QUERY_DEFAULTS, k as QUERY_EXPRESSIONS, Q as QUERY_FIELD_CONFIGS, m as QUERY_TYPES, R as REDUCE_OPERATIONS, d as SPAN_KEYS, S as SPAN_NAMES, T as TRANSFER_FROM_SUB_AGENT_ID, c as TRANSFER_TO_SUB_AGENT_ID, U as UNKNOWN_VALUE } from './signoz-queries-Bqpkx5sK.js';
 import { z } from 'zod';
-import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-DmLVF565.js';
-export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-DmLVF565.js';
+import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-06QUJeMa.js';
+export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-06QUJeMa.js';
 export { v as validatePropsAsJsonSchema } from './props-validation-BMR1qNiy.js';
 import 'drizzle-zod';
 import 'drizzle-orm/sqlite-core';
@@ -128,8 +128,8 @@ declare const DataComponentApiInsertSchema: z.ZodObject<{
     props: z.ZodRecord<z.ZodString, z.ZodUnknown>;
 }, z.core.$strip>;
 declare const ArtifactComponentApiInsertSchema: z.ZodObject<{
-    id: z.ZodString;
     name: z.ZodString;
+    id: z.ZodString;
     description: z.ZodString;
     props: z.ZodOptional<z.ZodNullable<z.ZodType<Record<string, unknown>, Record<string, unknown>, z.core.$ZodTypeInternals<Record<string, unknown>, Record<string, unknown>>>>>;
 }, {
@@ -164,12 +164,11 @@ declare const FullAgentDefinitionSchema: z.ZodObject<{
     description: z.ZodOptional<z.ZodString>;
     defaultSubAgentId: z.ZodOptional<z.ZodString>;
     subAgents: z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
-        id: z.ZodString;
         name: z.ZodString;
-        description: z.ZodString;
-        prompt: z.ZodString;
+        id: z.ZodString;
         createdAt: z.ZodOptional<z.ZodString>;
         updatedAt: z.ZodOptional<z.ZodString>;
+        description: z.ZodString;
         models: z.ZodOptional<z.ZodObject<{
             base: z.ZodOptional<z.ZodObject<{
                 model: z.ZodOptional<z.ZodString>;
@@ -193,6 +192,7 @@ declare const FullAgentDefinitionSchema: z.ZodObject<{
         }, {
             stepCountIs?: number | undefined;
         }>>>>;
+        prompt: z.ZodString;
         conversationHistoryConfig: z.ZodOptional<z.ZodNullable<z.ZodType<ConversationHistoryConfig, ConversationHistoryConfig, z.core.$ZodTypeInternals<ConversationHistoryConfig, ConversationHistoryConfig>>>>;
         type: z.ZodLiteral<"internal">;
         canUse: z.ZodArray<z.ZodObject<{

package/dist/client-exports.js

@@ -1,6 +1,6 @@
 export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, DATA_SOURCES, DATA_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE } from './chunk-QFIITHNT.js';
-import { ModelSettingsSchema, FullAgentAgentInsertSchema, ArtifactComponentApiInsertSchema } from './chunk-F3AFTJB7.js';
-export { AgentStopWhenSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettingsSchema, StopWhenSchema, SubAgentStopWhenSchema, validatePropsAsJsonSchema } from './chunk-F3AFTJB7.js';
+import { ModelSettingsSchema, FullAgentAgentInsertSchema, ArtifactComponentApiInsertSchema } from './chunk-4SE2FOJY.js';
+export { AgentStopWhenSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettingsSchema, StopWhenSchema, SubAgentStopWhenSchema, validatePropsAsJsonSchema } from './chunk-4SE2FOJY.js';
 import { CredentialStoreType } from './chunk-YFHT5M2R.js';
 export { CredentialStoreType, MCPTransportType } from './chunk-YFHT5M2R.js';
 import { z } from 'zod';

package/dist/db/schema.cjs

@@ -218,6 +218,7 @@ var dataComponents = sqliteCore.sqliteTable(
     ...projectScoped,
     ...uiProperties,
     props: sqliteCore.blob("props", { mode: "json" }).$type(),
+    preview: sqliteCore.blob("preview", { mode: "json" }).$type(),
     ...timestamps
   },
   (table) => [

package/dist/db/schema.d.cts

@@ -1,7 +1,7 @@
 import 'drizzle-orm';
 import 'drizzle-orm/sqlite-core';
-import '../utility-DmLVF565.cjs';
-export { E as agentRelations, H as agentToolRelationsRelations, a as agents, w as apiKeys, G as apiKeysRelations, j as artifactComponents, M as artifactComponentsRelations, b as contextCache, C as contextCacheRelations, c as contextConfigs, B as contextConfigsRelations, r as conversations, K as conversationsRelations, x as credentialReferences, I as credentialReferencesRelations, h as dataComponents, O as dataComponentsRelations, f as externalAgents, F as externalAgentsRelations, m as functionTools, T as functionToolsRelations, n as functions, R as functionsRelations, v as ledgerArtifacts, Q as ledgerArtifactsRelations, u as messages, L as messagesRelations, p as projects, z as projectsRelations, k as subAgentArtifactComponents, N as subAgentArtifactComponentsRelations, i as subAgentDataComponents, P as subAgentDataComponentsRelations, q as subAgentFunctionToolRelations, U as subAgentFunctionToolRelationsRelations, e as subAgentRelations, S as subAgentRelationsRelations, o as subAgentToolRelations, d as subAgents, D as subAgentsRelations, g as taskRelations, A as taskRelationsRelations, t as tasks, y as tasksRelations, l as tools, J as toolsRelations } from '../schema-lnJ7dKE3.cjs';
+import '../utility-06QUJeMa.cjs';
+export { E as agentRelations, H as agentToolRelationsRelations, a as agents, w as apiKeys, G as apiKeysRelations, j as artifactComponents, M as artifactComponentsRelations, b as contextCache, C as contextCacheRelations, c as contextConfigs, B as contextConfigsRelations, r as conversations, K as conversationsRelations, x as credentialReferences, I as credentialReferencesRelations, h as dataComponents, O as dataComponentsRelations, f as externalAgents, F as externalAgentsRelations, m as functionTools, T as functionToolsRelations, n as functions, R as functionsRelations, v as ledgerArtifacts, Q as ledgerArtifactsRelations, u as messages, L as messagesRelations, p as projects, z as projectsRelations, k as subAgentArtifactComponents, N as subAgentArtifactComponentsRelations, i as subAgentDataComponents, P as subAgentDataComponentsRelations, q as subAgentFunctionToolRelations, U as subAgentFunctionToolRelationsRelations, e as subAgentRelations, S as subAgentRelationsRelations, o as subAgentToolRelations, d as subAgents, D as subAgentsRelations, g as taskRelations, A as taskRelationsRelations, t as tasks, y as tasksRelations, l as tools, J as toolsRelations } from '../schema-B8-O-pmG.cjs';
 import 'zod';
 import 'drizzle-zod';
 import '@hono/zod-openapi';

package/dist/db/schema.d.ts

@@ -1,7 +1,7 @@
 import 'drizzle-orm';
 import 'drizzle-orm/sqlite-core';
-import '../utility-DmLVF565.js';
-export { E as agentRelations, H as agentToolRelationsRelations, a as agents, w as apiKeys, G as apiKeysRelations, j as artifactComponents, M as artifactComponentsRelations, b as contextCache, C as contextCacheRelations, c as contextConfigs, B as contextConfigsRelations, r as conversations, K as conversationsRelations, x as credentialReferences, I as credentialReferencesRelations, h as dataComponents, O as dataComponentsRelations, f as externalAgents, F as externalAgentsRelations, m as functionTools, T as functionToolsRelations, n as functions, R as functionsRelations, v as ledgerArtifacts, Q as ledgerArtifactsRelations, u as messages, L as messagesRelations, p as projects, z as projectsRelations, k as subAgentArtifactComponents, N as subAgentArtifactComponentsRelations, i as subAgentDataComponents, P as subAgentDataComponentsRelations, q as subAgentFunctionToolRelations, U as subAgentFunctionToolRelationsRelations, e as subAgentRelations, S as subAgentRelationsRelations, o as subAgentToolRelations, d as subAgents, D as subAgentsRelations, g as taskRelations, A as taskRelationsRelations, t as tasks, y as tasksRelations, l as tools, J as toolsRelations } from '../schema-9o975__r.js';
+import '../utility-06QUJeMa.js';
+export { E as agentRelations, H as agentToolRelationsRelations, a as agents, w as apiKeys, G as apiKeysRelations, j as artifactComponents, M as artifactComponentsRelations, b as contextCache, C as contextCacheRelations, c as contextConfigs, B as contextConfigsRelations, r as conversations, K as conversationsRelations, x as credentialReferences, I as credentialReferencesRelations, h as dataComponents, O as dataComponentsRelations, f as externalAgents, F as externalAgentsRelations, m as functionTools, T as functionToolsRelations, n as functions, R as functionsRelations, v as ledgerArtifacts, Q as ledgerArtifactsRelations, u as messages, L as messagesRelations, p as projects, z as projectsRelations, k as subAgentArtifactComponents, N as subAgentArtifactComponentsRelations, i as subAgentDataComponents, P as subAgentDataComponentsRelations, q as subAgentFunctionToolRelations, U as subAgentFunctionToolRelationsRelations, e as subAgentRelations, S as subAgentRelationsRelations, o as subAgentToolRelations, d as subAgents, D as subAgentsRelations, g as taskRelations, A as taskRelationsRelations, t as tasks, y as tasksRelations, l as tools, J as toolsRelations } from '../schema-BPRMaYtZ.js';
 import 'zod';
 import 'drizzle-zod';
 import '@hono/zod-openapi';

package/dist/db/schema.js

@@ -1 +1 @@
-export { agentRelations, agentToolRelationsRelations, agents, apiKeys, apiKeysRelations, artifactComponents, artifactComponentsRelations, contextCache, contextCacheRelations, contextConfigs, contextConfigsRelations, conversations, conversationsRelations, credentialReferences, credentialReferencesRelations, dataComponents, dataComponentsRelations, externalAgents, externalAgentsRelations, functionTools, functionToolsRelations, functions, functionsRelations, ledgerArtifacts, ledgerArtifactsRelations, messages, messagesRelations, projects, projectsRelations, subAgentArtifactComponents, subAgentArtifactComponentsRelations, subAgentDataComponents, subAgentDataComponentsRelations, subAgentFunctionToolRelations, subAgentFunctionToolRelationsRelations, subAgentRelations, subAgentRelationsRelations, subAgentToolRelations, subAgents, subAgentsRelations, taskRelations, taskRelationsRelations, tasks, tasksRelations, tools, toolsRelations } from '../chunk-PR3DDXVU.js';
+export { agentRelations, agentToolRelationsRelations, agents, apiKeys, apiKeysRelations, artifactComponents, artifactComponentsRelations, contextCache, contextCacheRelations, contextConfigs, contextConfigsRelations, conversations, conversationsRelations, credentialReferences, credentialReferencesRelations, dataComponents, dataComponentsRelations, externalAgents, externalAgentsRelations, functionTools, functionToolsRelations, functions, functionsRelations, ledgerArtifacts, ledgerArtifactsRelations, messages, messagesRelations, projects, projectsRelations, subAgentArtifactComponents, subAgentArtifactComponentsRelations, subAgentDataComponents, subAgentDataComponentsRelations, subAgentFunctionToolRelations, subAgentFunctionToolRelationsRelations, subAgentRelations, subAgentRelationsRelations, subAgentToolRelations, subAgents, subAgentsRelations, taskRelations, taskRelationsRelations, tasks, tasksRelations, tools, toolsRelations } from '../chunk-5B6IOJZY.js';

package/dist/index.cjs

@@ -213694,6 +213694,7 @@ var dataComponents = sqliteCore.sqliteTable(
     ...projectScoped,
     ...uiProperties,
     props: sqliteCore.blob("props", { mode: "json" }).$type(),
+    preview: sqliteCore.blob("preview", { mode: "json" }).$type(),
     ...timestamps
   },
   (table) => [
@@ -219649,6 +219650,94 @@ var setActiveAgentForThread = (db) => async ({
     subAgentId
   });
 };
+
+// src/validation/preview-validation.ts
+var MAX_CODE_SIZE = 5e4;
+var MAX_DATA_SIZE = 1e4;
+var DANGEROUS_PATTERNS = [
+  /\beval\s*\(/i,
+  /\bFunction\s*\(/i,
+  /dangerouslySetInnerHTML/i,
+  /<script\b/i,
+  /\bon\w+\s*=/i,
+  // inline event handlers like onclick=
+  /document\.write/i,
+  /window\.location/i,
+  /\.innerHTML\s*=/i
+];
+var ALLOWED_IMPORTS = ["lucide-react"];
+function validatePreview(preview2) {
+  const errors = [];
+  if (!preview2.code || typeof preview2.code !== "string") {
+    return {
+      isValid: false,
+      errors: [{ field: "preview.code", message: "Code must be a non-empty string" }]
+    };
+  }
+  if (!preview2.data || typeof preview2.data !== "object") {
+    return {
+      isValid: false,
+      errors: [{ field: "preview.data", message: "Data must be an object" }]
+    };
+  }
+  if (preview2.code.length > MAX_CODE_SIZE) {
+    errors.push({
+      field: "preview.code",
+      message: `Code size exceeds maximum allowed (${MAX_CODE_SIZE} characters)`
+    });
+  }
+  const dataString = JSON.stringify(preview2.data);
+  if (dataString.length > MAX_DATA_SIZE) {
+    errors.push({
+      field: "preview.data",
+      message: `Data size exceeds maximum allowed (${MAX_DATA_SIZE} characters)`
+    });
+  }
+  for (const pattern of DANGEROUS_PATTERNS) {
+    if (pattern.test(preview2.code)) {
+      errors.push({
+        field: "preview.code",
+        message: `Code contains potentially dangerous pattern: ${pattern.source}`
+      });
+    }
+  }
+  const importMatches = preview2.code.matchAll(/import\s+.*?\s+from\s+['"]([^'"]+)['"]/g);
+  for (const match2 of importMatches) {
+    const importPath = match2[1];
+    if (!ALLOWED_IMPORTS.includes(importPath)) {
+      errors.push({
+        field: "preview.code",
+        message: `Import from "${importPath}" is not allowed. Only imports from ${ALLOWED_IMPORTS.join(", ")} are permitted`
+      });
+    }
+  }
+  const hasFunctionDeclaration = /function\s+\w+\s*\(/.test(preview2.code);
+  if (!hasFunctionDeclaration) {
+    errors.push({
+      field: "preview.code",
+      message: "Code must contain a function declaration"
+    });
+  }
+  const hasReturn = /return\s*\(?\s*</.test(preview2.code);
+  if (!hasReturn) {
+    errors.push({
+      field: "preview.code",
+      message: "Component function must have a return statement with JSX"
+    });
+  }
+  if (/\bexport\s+(default\s+)?/i.test(preview2.code)) {
+    errors.push({
+      field: "preview.code",
+      message: "Code should not contain export statements"
+    });
+  }
+  return {
+    isValid: errors.length === 0,
+    errors
+  };
+}
+
+// src/data-access/dataComponents.ts
 var getDataComponent = (db) => async (params) => {
   const result = await db.query.dataComponents.findFirst({
     where: drizzleOrm.and(
@@ -219700,6 +219789,13 @@ var createDataComponent = (db) => async (params) => {
       throw new Error(`Invalid props schema: ${errorMessages}`);
     }
   }
+  if (params.preview !== void 0 && params.preview !== null) {
+    const previewValidation = validatePreview(params.preview);
+    if (!previewValidation.isValid) {
+      const errorMessages = previewValidation.errors.map((e) => `${e.field}: ${e.message}`).join(", ");
+      throw new Error(`Invalid preview: ${errorMessages}`);
+    }
+  }
   const dataComponent = await db.insert(dataComponents).values(params).returning();
   return dataComponent[0];
 };
@@ -219711,6 +219807,13 @@ var updateDataComponent = (db) => async (params) => {
       throw new Error(`Invalid props schema: ${errorMessages}`);
     }
   }
+  if (params.data.preview !== void 0 && params.data.preview !== null) {
+    const previewValidation = validatePreview(params.data.preview);
+    if (!previewValidation.isValid) {
+      const errorMessages = previewValidation.errors.map((e) => `${e.field}: ${e.message}`).join(", ");
+      throw new Error(`Invalid preview: ${errorMessages}`);
+    }
+  }
   const now = (/* @__PURE__ */ new Date()).toISOString();
   await db.update(dataComponents).set({
     ...params.data,
@@ -219746,7 +219849,8 @@ var getDataComponentsForAgent = (db) => async (params) => {
     description: dataComponents.description,
     props: dataComponents.props,
     createdAt: dataComponents.createdAt,
-    updatedAt: dataComponents.updatedAt
+    updatedAt: dataComponents.updatedAt,
+    preview: dataComponents.preview
   }).from(dataComponents).innerJoin(
     subAgentDataComponents,
     drizzleOrm.eq(dataComponents.id, subAgentDataComponents.dataComponentId)
@@ -225683,6 +225787,7 @@ exports.validateExternalAgent = validateExternalAgent;
 exports.validateHeaders = validateHeaders;
 exports.validateHttpRequestHeaders = validateHttpRequestHeaders;
 exports.validateInternalSubAgent = validateInternalSubAgent;
+exports.validatePreview = validatePreview;
 exports.validateProjectExists = validateProjectExists;
 exports.validatePropsAsJsonSchema = validatePropsAsJsonSchema;
 exports.validateToolReferences = validateToolReferences;