npm - @standardagents/builder - Versions diffs - 0.17.3 → 0.18.0 - Mend

@standardagents/builder 0.17.3 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/dist/built-in-routes.js +442 -358
package/dist/built-in-routes.js.map +1 -1
package/dist/client/LoginView.js +1 -1
package/dist/client/index.js +3 -3
package/dist/index.js +461 -47
package/dist/index.js.map +1 -1
package/dist/plugin.js +70 -2
package/dist/plugin.js.map +1 -1
package/dist/runtime.d.ts +72 -4
package/dist/runtime.js +391 -45
package/dist/runtime.js.map +1 -1
package/package.json +4 -4

package/dist/plugin.js CHANGED Viewed

@@ -7206,6 +7206,7 @@ const PUBLIC_ROUTES = [
   '/api/auth/bootstrap',
   '/api/auth/login',
   '/api/auth/config',
+  '/api/auth/platform-replica',
   '/api/auth/sa/start',     // Login with Standard Agents (OAuth) \u2014 unauthenticated entry
   '/api/auth/sa/callback',  // OAuth callback (sets the session cookie)
   '/api/config',
@@ -7253,16 +7254,25 @@ function isPublicRoute(routePath, hosted) {
     return true;
   }
-  // Platform proxy routes handle their own auth.
+  // Platform proxy routes handle their own auth in local dev only.
+  if (hosted && (routePath.startsWith('/api/platform/') || routePath === '/api/platform')) {
+    return false;
+  }
   if (routePath.startsWith('/api/platform/') || routePath === '/api/platform') {
     return true;
   }
-  // Platform session proxy and auth bridge handle auth via platform cookies.
+  // Platform session proxy and auth bridge are local-dev helpers only.
+  if (hosted && (routePath.startsWith('/api/platform-session/') || routePath === '/api/platform-session')) {
+    return false;
+  }
   if (routePath.startsWith('/api/platform-session/') || routePath === '/api/platform-session') {
     return true;
   }
+  if (hosted && (routePath.startsWith('/api/platform-auth/') || routePath === '/api/platform-auth')) {
+    return false;
+  }
   if (routePath.startsWith('/api/platform-auth/') || routePath === '/api/platform-auth') {
     return true;
   }
@@ -7270,6 +7280,36 @@ function isPublicRoute(routePath, hosted) {
   return false;
 }
+function platformEndpoint(env) {
+  const configured =
+    env && (env.PLATFORM_ENDPOINT || env.STANDARD_AGENTS_PLATFORM_URL || env.PLATFORM_URL || env.STANDARD_AGENTS_PUBLIC_URL);
+  if (typeof configured === 'string' && configured.trim()) {
+    return configured.trim().replace(/\\/+$/, '');
+  }
+  return 'https://platform.standardagents.ai';
+}
+function hostedInstanceRedirectId(request, env) {
+  const configured = env && (env.STANDARD_AGENTS_PROJECT_ID || env.STANDARD_AGENTS_INSTANCE_ID || env.STANDARD_AGENTS_INSTANCE_SUBDOMAIN);
+  if (typeof configured === 'string' && configured.trim()) {
+    return configured.trim();
+  }
+  return new URL(request.url).hostname;
+}
+function platformLoginUrl(request, env) {
+  const requestUrl = new URL(request.url);
+  const url = new URL('/login', platformEndpoint(env));
+  url.searchParams.set('redirect', hostedInstanceRedirectId(request, env));
+  url.searchParams.set('return_to', requestUrl.pathname + requestUrl.search || '/');
+  return url.toString();
+}
+function isHtmlNavigationRequest(request) {
+  if (request.method !== 'GET' && request.method !== 'HEAD') return false;
+  return (request.headers.get('Accept') || '').includes('text/html');
+}
 // CORS headers for API responses
 const CORS_HEADERS = {
   "Access-Control-Allow-Origin": "*",
@@ -7361,6 +7401,21 @@ ${packedThreadRouteCode}
       }
       authContext = authResult;
+      if (routePath.startsWith('/api/threads/')) {
+        const threadId = routeMatch.params?.id || routeMatch.params?.threadId;
+        if (threadId) {
+          const agentBuilderId = env.AGENT_BUILDER.idFromName('singleton');
+          const agentBuilder = env.AGENT_BUILDER.get(agentBuilderId);
+          const thread = await agentBuilder.getThread(threadId);
+          if (!thread) {
+            return addCorsHeaders(Response.json({ error: \`Thread not found: \${threadId}\` }, { status: 404 }));
+          }
+          if (authContext.user.role !== 'admin' && (thread.user_id === null || thread.user_id !== authContext.user.id)) {
+            return addCorsHeaders(Response.json({ error: "Forbidden: You don't have access to this thread" }, { status: 403 }));
+          }
+        }
+      }
     }
     let controller = await routeMatch.data();
@@ -7396,6 +7451,19 @@ ${packedThreadRouteCode}
     });
   }
+  // Hosted browser navigations do not render a local login page. Redirect
+  // anonymous users directly to the platform, where the instance membership is
+  // resolved and returned as a signed handoff token.
+  if (isHostedInstance(env) && isHtmlNavigationRequest(request)) {
+    const authResult = await requireAuth(request, env);
+    if (authResult instanceof Response) {
+      return new Response(null, {
+        status: 302,
+        headers: { Location: platformLoginUrl(request, env) },
+      });
+    }
+  }
   // Serve UI for all other routes (SPA fallback)
   return serveUI(routePath, env);
 }