@renseiai/agentfactory-nextjs 0.8.0

package/dist/src/handlers/workers/list.d.ts

@@ -0,0 +1,22 @@
+/**
+ * GET /api/workers
+ *
+ * List all registered workers.
+ * Used by dashboard to display worker status.
+ */
+import { NextResponse } from 'next/server';
+export declare function createWorkerListHandler(): () => Promise<NextResponse<{
+    workers: import("@renseiai/agentfactory-server").WorkerInfo[];
+    summary: {
+        queueLength: number;
+        totalCapacity: number;
+        totalActive: number;
+        availableCapacity: number;
+        totalWorkers: number;
+        activeWorkers: number;
+    };
+}> | NextResponse<{
+    error: string;
+    message: string;
+}>>;
+//# sourceMappingURL=list.d.ts.map

package/dist/src/handlers/workers/list.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../../../src/handlers/workers/list.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAK1C,wBAAgB,uBAAuB;;;;;;;;;;;;;IA2BtC"}

package/dist/src/handlers/workers/list.js

@@ -0,0 +1,33 @@
+/**
+ * GET /api/workers
+ *
+ * List all registered workers.
+ * Used by dashboard to display worker status.
+ */
+import { NextResponse } from 'next/server';
+import { listWorkers, getTotalCapacity, getQueueLength, createLogger } from '@renseiai/agentfactory-server';
+const log = createLogger('api:workers:list');
+export function createWorkerListHandler() {
+    return async function GET() {
+        try {
+            const [workers, queueLength] = await Promise.all([
+                listWorkers(),
+                getQueueLength(),
+            ]);
+            const capacity = await getTotalCapacity(workers);
+            return NextResponse.json({
+                workers,
+                summary: {
+                    totalWorkers: workers.length,
+                    activeWorkers: workers.filter((w) => w.status === 'active').length,
+                    ...capacity,
+                    queueLength,
+                },
+            });
+        }
+        catch (error) {
+            log.error('Failed to list workers', { error });
+            return NextResponse.json({ error: 'Internal Server Error', message: 'Failed to list workers' }, { status: 500 });
+        }
+    };
+}

package/dist/src/handlers/workers/poll.d.ts

@@ -0,0 +1,14 @@
+/**
+ * GET /api/workers/[id]/poll
+ *
+ * Poll for pending work items and follow-up prompts.
+ */
+import { NextRequest, NextResponse } from 'next/server';
+interface RouteParams {
+    params: Promise<{
+        id: string;
+    }>;
+}
+export declare function createWorkerPollHandler(): (request: NextRequest, { params }: RouteParams) => Promise<NextResponse<unknown>>;
+export {};
+//# sourceMappingURL=poll.d.ts.map

package/dist/src/handlers/workers/poll.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"poll.d.ts","sourceRoot":"","sources":["../../../../src/handlers/workers/poll.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAavD,UAAU,WAAW;IACnB,MAAM,EAAE,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAChC;AAED,wBAAgB,uBAAuB,KACX,SAAS,WAAW,EAAE,YAAY,WAAW,oCAsGxE"}

package/dist/src/handlers/workers/poll.js

@@ -0,0 +1,96 @@
+/**
+ * GET /api/workers/[id]/poll
+ *
+ * Poll for pending work items and follow-up prompts.
+ */
+import { NextResponse } from 'next/server';
+import { requireWorkerAuth } from '../../middleware/worker-auth.js';
+import { getWorker, peekWork, getPendingPrompts, maybeCleanupOrphans, createLogger, } from '@renseiai/agentfactory-server';
+const log = createLogger('api:workers:poll');
+export function createWorkerPollHandler() {
+    return async function GET(request, { params }) {
+        const authError = requireWorkerAuth(request);
+        if (authError)
+            return authError;
+        const { id: workerId } = await params;
+        try {
+            maybeCleanupOrphans().catch((err) => {
+                log.error('Background orphan cleanup failed', { error: err });
+            });
+            const worker = await getWorker(workerId);
+            if (!worker) {
+                return NextResponse.json({ error: 'Not Found', message: 'Worker not found' }, { status: 404 });
+            }
+            // Use activeSessions.length (authoritative Redis set) instead of
+            // activeCount (heartbeat-reported, can be stale after re-registration)
+            const availableCapacity = worker.capacity - worker.activeSessions.length;
+            let work = [];
+            if (availableCapacity > 0) {
+                const desiredCount = Math.min(availableCapacity, 5);
+                const workerProjects = worker.projects;
+                const hasProjectFilter = workerProjects && workerProjects.length > 0;
+                // Over-fetch when filtering, since some items may not match
+                const fetchLimit = hasProjectFilter ? Math.min(desiredCount * 4, 50) : desiredCount;
+                const allWork = await peekWork(fetchLimit);
+                if (hasProjectFilter) {
+                    // Only accept work tagged with a project this worker serves.
+                    // Untagged work is excluded — it should only be picked up by
+                    // workers with no project filter, preventing cross-repo execution.
+                    work = allWork
+                        .filter(w => w.projectName && workerProjects.includes(w.projectName))
+                        .slice(0, desiredCount);
+                }
+                else {
+                    work = allWork.slice(0, desiredCount);
+                }
+            }
+            const pendingPrompts = {};
+            let totalPendingPrompts = 0;
+            if (worker.activeSessions.length > 0) {
+                await Promise.all(worker.activeSessions.map(async (sessionId) => {
+                    const prompts = await getPendingPrompts(sessionId);
+                    if (prompts.length > 0) {
+                        pendingPrompts[sessionId] = prompts;
+                        totalPendingPrompts += prompts.length;
+                    }
+                }));
+            }
+            if (work.length > 0 || totalPendingPrompts > 0) {
+                log.info('Poll result with items', {
+                    workerId,
+                    availableCapacity,
+                    workCount: work.length,
+                    workItems: work.map((w) => ({
+                        sessionId: w.sessionId,
+                        issueIdentifier: w.issueIdentifier,
+                        workType: w.workType,
+                        projectName: w.projectName,
+                    })),
+                    activeSessionCount: worker.activeSessions.length,
+                    pendingPromptsCount: totalPendingPrompts,
+                    pendingPromptsBySession: Object.entries(pendingPrompts).map(([sessionId, prompts]) => ({
+                        sessionId,
+                        count: prompts.length,
+                        promptIds: prompts.map((p) => p.id),
+                    })),
+                });
+            }
+            else {
+                log.debug('Poll result (empty)', {
+                    workerId,
+                    availableCapacity,
+                    activeSessionCount: worker.activeSessions.length,
+                });
+            }
+            return NextResponse.json({
+                work,
+                pendingPrompts,
+                hasPendingPrompts: totalPendingPrompts > 0,
+            });
+        }
+        catch (error) {
+            log.error('Failed to poll for work', { error, workerId });
+            return NextResponse.json({ error: 'Internal Server Error', message: 'Failed to poll for work' }, { status: 500 });
+        }
+    };
+}

package/dist/src/handlers/workers/register.d.ts

@@ -0,0 +1,9 @@
+/**
+ * POST /api/workers/register
+ *
+ * Register a new worker with the coordinator.
+ * Returns worker ID and configuration.
+ */
+import { NextRequest, NextResponse } from 'next/server';
+export declare function createWorkerRegisterHandler(): (request: NextRequest) => Promise<NextResponse<unknown>>;
+//# sourceMappingURL=register.d.ts.map

package/dist/src/handlers/workers/register.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.d.ts","sourceRoot":"","sources":["../../../../src/handlers/workers/register.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAMvD,wBAAgB,2BAA2B,KACd,SAAS,WAAW,oCAwDhD"}

package/dist/src/handlers/workers/register.js

@@ -0,0 +1,45 @@
+/**
+ * POST /api/workers/register
+ *
+ * Register a new worker with the coordinator.
+ * Returns worker ID and configuration.
+ */
+import { NextResponse } from 'next/server';
+import { requireWorkerAuth } from '../../middleware/worker-auth.js';
+import { registerWorker, createLogger } from '@renseiai/agentfactory-server';
+const log = createLogger('api:workers:register');
+export function createWorkerRegisterHandler() {
+    return async function POST(request) {
+        const authError = requireWorkerAuth(request);
+        if (authError)
+            return authError;
+        try {
+            const body = await request.json();
+            const { hostname, capacity, version, projects } = body;
+            if (!hostname || typeof hostname !== 'string') {
+                return NextResponse.json({ error: 'Bad Request', message: 'hostname is required' }, { status: 400 });
+            }
+            if (!capacity || typeof capacity !== 'number' || capacity < 1) {
+                return NextResponse.json({ error: 'Bad Request', message: 'capacity must be a positive number' }, { status: 400 });
+            }
+            if (projects !== undefined && !Array.isArray(projects)) {
+                return NextResponse.json({ error: 'Bad Request', message: 'projects must be an array of strings' }, { status: 400 });
+            }
+            const result = await registerWorker(hostname, capacity, version, projects);
+            if (!result) {
+                return NextResponse.json({ error: 'Service Unavailable', message: 'Failed to register worker' }, { status: 503 });
+            }
+            log.info('Worker registered via API', {
+                workerId: result.workerId,
+                hostname,
+                capacity,
+                projects: projects?.length ? projects : 'all',
+            });
+            return NextResponse.json(result, { status: 201 });
+        }
+        catch (error) {
+            log.error('Failed to register worker', { error });
+            return NextResponse.json({ error: 'Internal Server Error', message: 'Failed to register worker' }, { status: 500 });
+        }
+    };
+}

package/dist/src/index.d.ts

@@ -0,0 +1,52 @@
+/**
+ * @renseiai/agentfactory-nextjs
+ *
+ * Next.js API route handlers for AgentFactory.
+ * Provides webhook processing, worker/session management, public stats,
+ * OAuth callback, middleware factory, webhook orchestrator, and Linear client resolver.
+ */
+export type { LinearClientResolver, RouteConfig, WebhookConfig, AutoTriggerConfig, CronConfig, RouteHandler, } from './types.js';
+export { createAllRoutes } from './factory.js';
+export type { AllRoutes, AllRoutesConfig } from './factory.js';
+export { createOAuthCallbackHandler } from './handlers/oauth/callback.js';
+export type { OAuthConfig } from './handlers/oauth/callback.js';
+export { createAgentFactoryMiddleware } from './middleware/factory.js';
+export type { MiddlewareConfig } from './middleware/types.js';
+export { createWebhookOrchestrator, formatErrorForComment, } from './orchestrator/index.js';
+export type { WebhookOrchestratorConfig, WebhookOrchestratorHooks, WebhookOrchestratorInstance, } from './orchestrator/index.js';
+export { createDefaultLinearClientResolver } from './linear-client-resolver.js';
+export type { DefaultLinearClientResolverConfig } from './linear-client-resolver.js';
+export { verifyCronAuth } from './middleware/cron-auth.js';
+export { verifyWorkerAuth, requireWorkerAuth, unauthorizedResponse, isWorkerAuthConfigured, } from './middleware/worker-auth.js';
+export { createWebhookHandler } from './webhook/processor.js';
+export { verifyWebhookSignature } from './webhook/signature.js';
+export { setGovernorEventBus, getGovernorEventBus, publishGovernorEvent } from './webhook/governor-bridge.js';
+export { createWorkerRegisterHandler } from './handlers/workers/register.js';
+export { createWorkerListHandler } from './handlers/workers/list.js';
+export { createWorkerGetHandler, createWorkerDeleteHandler } from './handlers/workers/get-delete.js';
+export { createWorkerHeartbeatHandler } from './handlers/workers/heartbeat.js';
+export { createWorkerPollHandler } from './handlers/workers/poll.js';
+export { createSessionListHandler } from './handlers/sessions/list.js';
+export type { AgentSessionResponse } from './handlers/sessions/list.js';
+export { createSessionGetHandler } from './handlers/sessions/get.js';
+export { createSessionClaimHandler } from './handlers/sessions/claim.js';
+export { createSessionStatusPostHandler, createSessionStatusGetHandler } from './handlers/sessions/status.js';
+export { createSessionLockRefreshHandler } from './handlers/sessions/lock-refresh.js';
+export { createSessionPromptsGetHandler, createSessionPromptsPostHandler } from './handlers/sessions/prompts.js';
+export { createSessionTransferOwnershipHandler } from './handlers/sessions/transfer-ownership.js';
+export { createSessionActivityHandler } from './handlers/sessions/activity.js';
+export { createSessionCompletionHandler } from './handlers/sessions/completion.js';
+export { createSessionExternalUrlsHandler } from './handlers/sessions/external-urls.js';
+export { createSessionProgressHandler } from './handlers/sessions/progress.js';
+export { createSessionToolErrorHandler } from './handlers/sessions/tool-error.js';
+export { createPublicStatsHandler } from './handlers/public/stats.js';
+export type { PublicStatsResponse } from './handlers/public/stats.js';
+export { createPublicSessionsListHandler } from './handlers/public/sessions-list.js';
+export type { PublicSessionResponse } from './handlers/public/sessions-list.js';
+export { createPublicSessionDetailHandler } from './handlers/public/session-detail.js';
+export type { PublicSessionDetailResponse } from './handlers/public/session-detail.js';
+export { createCleanupHandler } from './handlers/cleanup.js';
+export { createConfigHandler } from './handlers/config.js';
+export { createIssueTrackerProxyHandler } from './handlers/issue-tracker-proxy/index.js';
+export type { ProxyHandlerConfig } from './handlers/issue-tracker-proxy/types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,oBAAoB,EACpB,WAAW,EACX,aAAa,EACb,iBAAiB,EACjB,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAA;AAGnB,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAG9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAA;AACzE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAA;AAG/D,OAAO,EAAE,4BAA4B,EAAE,MAAM,yBAAyB,CAAA;AACtE,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAG7D,OAAO,EACL,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,yBAAyB,CAAA;AAChC,YAAY,EACV,yBAAyB,EACzB,wBAAwB,EACxB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAA;AAGhC,OAAO,EAAE,iCAAiC,EAAE,MAAM,6BAA6B,CAAA;AAC/E,YAAY,EAAE,iCAAiC,EAAE,MAAM,6BAA6B,CAAA;AAGpF,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAA;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAA;AAG/D,OAAO,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAA;AAK7G,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AACpE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAA;AACpG,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AAGpE,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAA;AACtE,YAAY,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAA;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAA;AACxE,OAAO,EAAE,8BAA8B,EAAE,6BAA6B,EAAE,MAAM,+BAA+B,CAAA;AAC7G,OAAO,EAAE,+BAA+B,EAAE,MAAM,qCAAqC,CAAA;AACrF,OAAO,EAAE,8BAA8B,EAAE,+BAA+B,EAAE,MAAM,gCAAgC,CAAA;AAChH,OAAO,EAAE,qCAAqC,EAAE,MAAM,2CAA2C,CAAA;AAGjG,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,8BAA8B,EAAE,MAAM,mCAAmC,CAAA;AAClF,OAAO,EAAE,gCAAgC,EAAE,MAAM,sCAAsC,CAAA;AACvF,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,6BAA6B,EAAE,MAAM,mCAAmC,CAAA;AAGjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAA;AACrE,YAAY,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAA;AACrE,OAAO,EAAE,+BAA+B,EAAE,MAAM,oCAAoC,CAAA;AACpF,YAAY,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAA;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,qCAAqC,CAAA;AACtF,YAAY,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAA;AAGtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA;AAG5D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAA;AAG1D,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAA;AACxF,YAAY,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAA"}

package/dist/src/index.js

@@ -0,0 +1,56 @@
+/**
+ * @renseiai/agentfactory-nextjs
+ *
+ * Next.js API route handlers for AgentFactory.
+ * Provides webhook processing, worker/session management, public stats,
+ * OAuth callback, middleware factory, webhook orchestrator, and Linear client resolver.
+ */
+// Factory
+export { createAllRoutes } from './factory.js';
+// OAuth handler
+export { createOAuthCallbackHandler } from './handlers/oauth/callback.js';
+// Middleware factory
+export { createAgentFactoryMiddleware } from './middleware/factory.js';
+// Webhook orchestrator
+export { createWebhookOrchestrator, formatErrorForComment, } from './orchestrator/index.js';
+// Default Linear client resolver
+export { createDefaultLinearClientResolver } from './linear-client-resolver.js';
+// Middleware (existing)
+export { verifyCronAuth } from './middleware/cron-auth.js';
+export { verifyWorkerAuth, requireWorkerAuth, unauthorizedResponse, isWorkerAuthConfigured, } from './middleware/worker-auth.js';
+// Webhook
+export { createWebhookHandler } from './webhook/processor.js';
+export { verifyWebhookSignature } from './webhook/signature.js';
+// Governor bridge
+export { setGovernorEventBus, getGovernorEventBus, publishGovernorEvent } from './webhook/governor-bridge.js';
+// Individual handler factories (for custom wiring)
+// Worker handlers
+export { createWorkerRegisterHandler } from './handlers/workers/register.js';
+export { createWorkerListHandler } from './handlers/workers/list.js';
+export { createWorkerGetHandler, createWorkerDeleteHandler } from './handlers/workers/get-delete.js';
+export { createWorkerHeartbeatHandler } from './handlers/workers/heartbeat.js';
+export { createWorkerPollHandler } from './handlers/workers/poll.js';
+// Session handlers (no Linear dependency)
+export { createSessionListHandler } from './handlers/sessions/list.js';
+export { createSessionGetHandler } from './handlers/sessions/get.js';
+export { createSessionClaimHandler } from './handlers/sessions/claim.js';
+export { createSessionStatusPostHandler, createSessionStatusGetHandler } from './handlers/sessions/status.js';
+export { createSessionLockRefreshHandler } from './handlers/sessions/lock-refresh.js';
+export { createSessionPromptsGetHandler, createSessionPromptsPostHandler } from './handlers/sessions/prompts.js';
+export { createSessionTransferOwnershipHandler } from './handlers/sessions/transfer-ownership.js';
+// Session handlers (Linear forwarding)
+export { createSessionActivityHandler } from './handlers/sessions/activity.js';
+export { createSessionCompletionHandler } from './handlers/sessions/completion.js';
+export { createSessionExternalUrlsHandler } from './handlers/sessions/external-urls.js';
+export { createSessionProgressHandler } from './handlers/sessions/progress.js';
+export { createSessionToolErrorHandler } from './handlers/sessions/tool-error.js';
+// Public handlers
+export { createPublicStatsHandler } from './handlers/public/stats.js';
+export { createPublicSessionsListHandler } from './handlers/public/sessions-list.js';
+export { createPublicSessionDetailHandler } from './handlers/public/session-detail.js';
+// Cleanup handler
+export { createCleanupHandler } from './handlers/cleanup.js';
+// Config handler
+export { createConfigHandler } from './handlers/config.js';
+// Issue tracker proxy handler (centralized API gateway for agents/governors)
+export { createIssueTrackerProxyHandler } from './handlers/issue-tracker-proxy/index.js';

package/dist/src/linear-client-resolver.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Default Linear Client Resolver
+ *
+ * Provides a generic LinearClientResolver that uses:
+ * 1. Workspace-specific OAuth tokens from Redis (if configured)
+ * 2. Falls back to a global API key from environment for read-only operations
+ *    (only when no organizationId is provided)
+ *
+ * IMPORTANT: When an organizationId IS provided but no OAuth token is found,
+ * we throw instead of falling back. The personal API key cannot call Agent API
+ * endpoints (createAgentActivity, createAgentSessionOnIssue, etc.) so falling
+ * back would just waste rate limit quota on guaranteed-to-fail requests.
+ *
+ * Workspace clients are cached with a 5-minute TTL so all requests within
+ * the dashboard process share ONE client per workspace (and therefore one
+ * token bucket + one circuit breaker).
+ */
+import { type CircuitBreakerStrategy, type RateLimiterStrategy } from '@renseiai/agentfactory-linear';
+import type { LinearClientResolver } from './types.js';
+/**
+ * Configuration for the default Linear client resolver.
+ */
+export interface DefaultLinearClientResolverConfig {
+    /** Environment variable name for the API key (default: 'LINEAR_ACCESS_TOKEN') */
+    apiKeyEnvVar?: string;
+    /** Cache TTL in ms for workspace clients (default: 300_000 = 5 min) */
+    clientCacheTtlMs?: number;
+    /**
+     * Injectable rate limiter strategy shared across all workspace clients.
+     * Use this to inject a Redis-backed rate limiter for cross-process coordination.
+     */
+    rateLimiterStrategy?: RateLimiterStrategy;
+    /**
+     * Injectable circuit breaker strategy shared across all workspace clients.
+     * Use this to inject a Redis-backed circuit breaker for cross-process coordination.
+     */
+    circuitBreakerStrategy?: CircuitBreakerStrategy;
+}
+/**
+ * Create a default Linear client resolver.
+ *
+ * Resolves Linear clients with workspace-aware OAuth token support:
+ * - If an organizationId is provided and Redis is configured, attempts to
+ *   fetch a workspace-specific OAuth token.
+ * - If organizationId is provided but no OAuth token is found, throws an error
+ *   (prevents wasting quota on Agent API calls that require OAuth).
+ * - If no organizationId is provided, uses the global API key (for read-only operations).
+ *
+ * @example
+ * ```typescript
+ * import { createDefaultLinearClientResolver } from '@renseiai/agentfactory-nextjs'
+ *
+ * const resolver = createDefaultLinearClientResolver()
+ * // Use in route config:
+ * const routes = createAllRoutes({ linearClient: resolver, ... })
+ * ```
+ */
+export declare function createDefaultLinearClientResolver(config?: DefaultLinearClientResolverConfig): LinearClientResolver;
+//# sourceMappingURL=linear-client-resolver.d.ts.map

package/dist/src/linear-client-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"linear-client-resolver.d.ts","sourceRoot":"","sources":["../../src/linear-client-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAGL,KAAK,sBAAsB,EAC3B,KAAK,mBAAmB,EACzB,MAAM,+BAA+B,CAAA;AAMtC,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAatD;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,iFAAiF;IACjF,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,uEAAuE;IACvE,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB;;;OAGG;IACH,mBAAmB,CAAC,EAAE,mBAAmB,CAAA;IACzC;;;OAGG;IACH,sBAAsB,CAAC,EAAE,sBAAsB,CAAA;CAChD;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iCAAiC,CAC/C,MAAM,CAAC,EAAE,iCAAiC,GACzC,oBAAoB,CAwFtB"}

package/dist/src/linear-client-resolver.js

@@ -0,0 +1,104 @@
+/**
+ * Default Linear Client Resolver
+ *
+ * Provides a generic LinearClientResolver that uses:
+ * 1. Workspace-specific OAuth tokens from Redis (if configured)
+ * 2. Falls back to a global API key from environment for read-only operations
+ *    (only when no organizationId is provided)
+ *
+ * IMPORTANT: When an organizationId IS provided but no OAuth token is found,
+ * we throw instead of falling back. The personal API key cannot call Agent API
+ * endpoints (createAgentActivity, createAgentSessionOnIssue, etc.) so falling
+ * back would just waste rate limit quota on guaranteed-to-fail requests.
+ *
+ * Workspace clients are cached with a 5-minute TTL so all requests within
+ * the dashboard process share ONE client per workspace (and therefore one
+ * token bucket + one circuit breaker).
+ */
+import { createLinearAgentClient, } from '@renseiai/agentfactory-linear';
+import { getAccessToken, isRedisConfigured, createLogger, } from '@renseiai/agentfactory-server';
+const log = createLogger('linear-client-resolver');
+/** Default cache TTL: 5 minutes */
+const CLIENT_CACHE_TTL_MS = 5 * 60 * 1000;
+/**
+ * Create a default Linear client resolver.
+ *
+ * Resolves Linear clients with workspace-aware OAuth token support:
+ * - If an organizationId is provided and Redis is configured, attempts to
+ *   fetch a workspace-specific OAuth token.
+ * - If organizationId is provided but no OAuth token is found, throws an error
+ *   (prevents wasting quota on Agent API calls that require OAuth).
+ * - If no organizationId is provided, uses the global API key (for read-only operations).
+ *
+ * @example
+ * ```typescript
+ * import { createDefaultLinearClientResolver } from '@renseiai/agentfactory-nextjs'
+ *
+ * const resolver = createDefaultLinearClientResolver()
+ * // Use in route config:
+ * const routes = createAllRoutes({ linearClient: resolver, ... })
+ * ```
+ */
+export function createDefaultLinearClientResolver(config) {
+    const apiKeyEnvVar = config?.apiKeyEnvVar ?? 'LINEAR_ACCESS_TOKEN';
+    const cacheTtlMs = config?.clientCacheTtlMs ?? CLIENT_CACHE_TTL_MS;
+    let _globalClient = null;
+    /** Per-workspace client cache: workspaceId → { client, expiresAt } */
+    const clientCache = new Map();
+    function getGlobalClient() {
+        if (!_globalClient) {
+            const apiKey = process.env[apiKeyEnvVar];
+            if (!apiKey) {
+                throw new Error(`${apiKeyEnvVar} not set - Linear API operations will fail`);
+            }
+            _globalClient = createLinearAgentClient({
+                apiKey,
+                rateLimiterStrategy: config?.rateLimiterStrategy,
+                circuitBreakerStrategy: config?.circuitBreakerStrategy,
+            });
+        }
+        return _globalClient;
+    }
+    async function getClientForWorkspace(workspaceId) {
+        // Check cache first
+        const cached = clientCache.get(workspaceId);
+        if (cached && cached.expiresAt > Date.now()) {
+            return cached.client;
+        }
+        // Remove expired entry
+        if (cached) {
+            clientCache.delete(workspaceId);
+        }
+        if (isRedisConfigured()) {
+            const accessToken = await getAccessToken(workspaceId);
+            if (accessToken) {
+                log.debug('Using OAuth token from Redis', { workspaceId });
+                const client = createLinearAgentClient({
+                    apiKey: accessToken,
+                    rateLimiterStrategy: config?.rateLimiterStrategy,
+                    circuitBreakerStrategy: config?.circuitBreakerStrategy,
+                });
+                // Cache the client
+                clientCache.set(workspaceId, {
+                    client,
+                    expiresAt: Date.now() + cacheTtlMs,
+                });
+                return client;
+            }
+            // OAuth token not found — DO NOT fall back to personal API key.
+            // Personal API keys cannot call Agent API endpoints, so falling back
+            // just wastes rate limit quota on guaranteed 400 errors.
+            log.error('No OAuth token for workspace — re-authenticate at /oauth/authorize', { workspaceId });
+            throw new Error(`No OAuth token for workspace ${workspaceId}. Re-authenticate required.`);
+        }
+        // Redis not configured — cannot resolve workspace-specific tokens.
+        // This is a configuration error when organizationId is explicitly provided.
+        log.error('Redis not configured but workspace-specific client requested', { workspaceId });
+        throw new Error(`Cannot resolve OAuth token for workspace ${workspaceId} — Redis is not configured.`);
+    }
+    return {
+        getClient: async (organizationId) => organizationId
+            ? await getClientForWorkspace(organizationId)
+            : getGlobalClient(),
+    };
+}

package/dist/src/middleware/cron-auth.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Cron Authentication Middleware
+ *
+ * Verifies cron job requests using CRON_SECRET or Vercel Cron headers.
+ * In development, allows requests without secret.
+ */
+import { NextRequest } from 'next/server';
+/**
+ * Verify cron authentication
+ *
+ * Requires CRON_SECRET in production to prevent abuse.
+ * In development, allows requests without secret.
+ *
+ * @param request - Next.js request object
+ * @param cronSecret - Optional override for CRON_SECRET env var
+ */
+export declare function verifyCronAuth(request: NextRequest, cronSecret?: string): {
+    authorized: boolean;
+    reason?: string;
+};
+//# sourceMappingURL=cron-auth.d.ts.map

package/dist/src/middleware/cron-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cron-auth.d.ts","sourceRoot":"","sources":["../../../src/middleware/cron-auth.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAKzC;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,WAAW,EACpB,UAAU,CAAC,EAAE,MAAM,GAClB;IAAE,UAAU,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAkC1C"}

package/dist/src/middleware/cron-auth.js

@@ -0,0 +1,46 @@
+/**
+ * Cron Authentication Middleware
+ *
+ * Verifies cron job requests using CRON_SECRET or Vercel Cron headers.
+ * In development, allows requests without secret.
+ */
+import { createLogger } from '@renseiai/agentfactory-server';
+const log = createLogger('cron-auth');
+/**
+ * Verify cron authentication
+ *
+ * Requires CRON_SECRET in production to prevent abuse.
+ * In development, allows requests without secret.
+ *
+ * @param request - Next.js request object
+ * @param cronSecret - Optional override for CRON_SECRET env var
+ */
+export function verifyCronAuth(request, cronSecret) {
+    const secret = cronSecret ?? process.env.CRON_SECRET;
+    const isProduction = process.env.NODE_ENV === 'production' ||
+        process.env.VERCEL_ENV === 'production';
+    const isVercel = !!process.env.VERCEL;
+    // Check if running as Vercel Cron (trusted header only on Vercel)
+    const vercelCron = request.headers.get('x-vercel-cron');
+    if (isVercel && vercelCron) {
+        return { authorized: true };
+    }
+    // Check Authorization header
+    const authHeader = request.headers.get('authorization');
+    if (secret && authHeader === `Bearer ${secret}`) {
+        return { authorized: true };
+    }
+    // In production, CRON_SECRET is required
+    if (isProduction) {
+        if (!secret) {
+            return { authorized: false, reason: 'CRON_SECRET not configured' };
+        }
+        return { authorized: false, reason: 'Invalid or missing authorization' };
+    }
+    // In development, allow without secret but log warning
+    if (!secret) {
+        log.warn('CRON_SECRET not configured - allowing request in development');
+        return { authorized: true };
+    }
+    return { authorized: false, reason: 'Invalid authorization' };
+}

package/dist/src/middleware/factory.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Middleware Factory — Edge Runtime Compatible
+ *
+ * Creates a Next.js middleware function that handles authentication,
+ * rate limiting, and security for AgentFactory API routes.
+ *
+ * IMPORTANT: This module runs in the Edge Runtime. It MUST NOT import
+ * from @renseiai/agentfactory-server (which uses Node.js crypto/ioredis).
+ * All utilities are inlined for Edge compatibility.
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import type { MiddlewareConfig } from './types.js';
+/**
+ * Create an AgentFactory middleware function with configurable routes
+ * and rate limiting.
+ *
+ * @example
+ * ```typescript
+ * // In middleware.ts:
+ * import { createAgentFactoryMiddleware } from '@renseiai/agentfactory-nextjs'
+ *
+ * const { middleware, matcherConfig } = createAgentFactoryMiddleware()
+ * export { middleware }
+ * export const config = matcherConfig
+ * ```
+ */
+export declare function createAgentFactoryMiddleware(userConfig?: MiddlewareConfig): {
+    middleware: (request: NextRequest) => NextResponse | undefined;
+    matcherConfig: {
+        matcher: string[];
+    };
+};
+//# sourceMappingURL=factory.d.ts.map

package/dist/src/middleware/factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../src/middleware/factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AACvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAA;AA0GlD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,4BAA4B,CAAC,UAAU,CAAC,EAAE,gBAAgB;0BAO3C,WAAW,KAAG,YAAY,GAAG,SAAS;;;;EAkHpE"}