@promptbook/cli 0.112.0-137 → 0.112.0-138

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -26,7 +26,15 @@ export type TeamInternalAgentAccessHeadersOptions = {
26
26
  /**
27
27
  * Resolves the internal token used by same-server TEAM calls.
28
28
  *
29
- * @returns Hashed token, or `null` when the server does not have a private secret.
29
+ * `PROMPTBOOK_TEAM_AGENT_ACCESS_TOKEN` must be a dedicated secret falling
30
+ * back to `ADMIN_PASSWORD`, `SUPABASE_SERVICE_ROLE_KEY`, or any other shared
31
+ * credential would let a leak of one secret compromise both authentication
32
+ * boundaries (admin login and same-server teammate-agent access). When the
33
+ * dedicated variable is missing, this function returns `null` so the calling
34
+ * server fails closed — same-server TEAM access is disabled and no header is
35
+ * sent — instead of silently authorizing requests with the wrong secret.
36
+ *
37
+ * @returns Hashed token, or `null` when the dedicated secret is not configured.
30
38
  *
31
39
  * @private internal Agents Server access wiring
32
40
  */
@@ -15,7 +15,7 @@ export declare const BOOK_LANGUAGE_VERSION: string_semantic_version;
15
15
  export declare const PROMPTBOOK_ENGINE_VERSION: string_promptbook_version;
16
16
  /**
17
17
  * Represents the version string of the Promptbook engine.
18
- * It follows semantic versioning (e.g., `0.112.0-136`).
18
+ * It follows semantic versioning (e.g., `0.112.0-137`).
19
19
  *
20
20
  * @generated
21
21
  */
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@promptbook/cli",
3
- "version": "0.112.0-137",
3
+ "version": "0.112.0-138",
4
4
  "description": "Promptbook: Create persistent AI agents that turn your company's scattered knowledge into action",
5
5
  "private": false,
6
6
  "sideEffects": false,
@@ -39,6 +39,8 @@ const REQUIRED_AGENTS_SERVER_ENV_VARIABLES: ReadonlyArray<RequiredAgentsServerEn
39
39
  createAgentsServerEnvVariable('SUPABASE_SERVICE_ROLE_KEY', ''),
40
40
  createAgentsServerEnvVariable('SUPABASE_AUTO_MIGRATE', 'true'),
41
41
  createAgentsServerEnvVariable('ADMIN_PASSWORD', ''),
42
+ createAgentsServerEnvVariable('PTBK_AGENTS_SERVER_USER_CHAT_WORKER_TOKEN', ''),
43
+ createAgentsServerEnvVariable('PROMPTBOOK_TEAM_AGENT_ACCESS_TOKEN', ''),
42
44
  ];
43
45
 
44
46
  /**
@@ -31,15 +31,20 @@ export type TeamInternalAgentAccessHeadersOptions = {
31
31
  /**
32
32
  * Resolves the internal token used by same-server TEAM calls.
33
33
  *
34
- * @returns Hashed token, or `null` when the server does not have a private secret.
34
+ * `PROMPTBOOK_TEAM_AGENT_ACCESS_TOKEN` must be a dedicated secret falling
35
+ * back to `ADMIN_PASSWORD`, `SUPABASE_SERVICE_ROLE_KEY`, or any other shared
36
+ * credential would let a leak of one secret compromise both authentication
37
+ * boundaries (admin login and same-server teammate-agent access). When the
38
+ * dedicated variable is missing, this function returns `null` so the calling
39
+ * server fails closed — same-server TEAM access is disabled and no header is
40
+ * sent — instead of silently authorizing requests with the wrong secret.
41
+ *
42
+ * @returns Hashed token, or `null` when the dedicated secret is not configured.
35
43
  *
36
44
  * @private internal Agents Server access wiring
37
45
  */
38
46
  export function resolveTeamInternalAgentAccessToken(): string | null {
39
- const secret =
40
- normalizeSecret(readEnvironmentVariable('PROMPTBOOK_TEAM_AGENT_ACCESS_TOKEN')) ||
41
- normalizeSecret(readEnvironmentVariable('SUPABASE_SERVICE_ROLE_KEY')) ||
42
- normalizeSecret(readEnvironmentVariable('ADMIN_PASSWORD'));
47
+ const secret = normalizeSecret(readEnvironmentVariable('PROMPTBOOK_TEAM_AGENT_ACCESS_TOKEN'));
43
48
 
44
49
  if (!secret) {
45
50
  return null;