@stigmer/react 3.0.6 → 3.0.7

package/src/session/useNewSessionFlow.ts

@@ -16,6 +16,7 @@ import { useCreateAgentExecution } from "../execution/useCreateAgentExecution";
 import type { ExecutionTargetOption } from "./execution-target";
 import { useExecutionTarget } from "../execution-target-context";
 import { useRunnerAdapter } from "../runner-adapter";
+import { resolveExecutionRuntimeEnv, type RuntimeEnvProvider } from "./runtime-env";
 
 const DEFAULT_AGENT_TIMEOUT_MS = 10_000;
 
@@ -55,6 +56,30 @@ export interface UseNewSessionFlowOptions {
    * server decides based on deployment context.
    */
   readonly executionTarget?: ExecutionTargetOption;
+  /**
+   * Supplies host-app environment variables for the session's first
+   * execution. Evaluated once per submission, at submit time, so
+   * short-lived credentials stay fresh; evaluated **before** the session
+   * is created so a credential failure never strands an empty session.
+   *
+   * Host values win over composer-collected env on key collisions. If
+   * the provider throws, the submission fails and the error surfaces
+   * via {@link UseNewSessionFlowReturn.submitError} / {@link onError}.
+   * See {@link RuntimeEnvProvider}.
+   */
+  readonly getRuntimeEnv?: RuntimeEnvProvider;
+  /**
+   * Harness pre-selected for new sessions when the user has not made an
+   * explicit choice yet (e.g. an embedder whose agents primarily run
+   * coding tasks defaults to `"cursor"`).
+   *
+   * Read once on mount. The user's own selection — persisted to
+   * localStorage on explicit change — always takes precedence on
+   * subsequent visits.
+   *
+   * @default DEFAULT_HARNESS ("native")
+   */
+  readonly defaultHarness?: HarnessOption;
 }
 
 /** Return value of {@link useNewSessionFlow}. */
@@ -158,15 +183,18 @@ export interface UseNewSessionFlowReturn {
 export function useNewSessionFlow(
   options: UseNewSessionFlowOptions,
 ): UseNewSessionFlowReturn {
-  const { org, onSessionCreated, onError } = options;
+  const { org, onSessionCreated, onError, getRuntimeEnv, defaultHarness } = options;
   const contextTarget = useExecutionTarget();
   const executionTarget = options.executionTarget ?? contextTarget;
   const adapter = useRunnerAdapter();
 
   const [harness, setHarnessRaw] = useState<HarnessOption>(() => {
-    if (typeof window === "undefined") return DEFAULT_HARNESS;
+    if (typeof window === "undefined") return defaultHarness ?? DEFAULT_HARNESS;
+    // Only explicit user choices are persisted (see setHarness), so a
+    // stored value always outranks the embedder's defaultHarness.
     const stored = localStorage.getItem(STORAGE_KEY_HARNESS);
-    return stored === "cursor" ? "cursor" : DEFAULT_HARNESS;
+    if (stored === "native" || stored === "cursor") return stored;
+    return defaultHarness ?? DEFAULT_HARNESS;
   });
 
   const { getModel, isLoading: isModelsLoading } = useModelRegistry({ harness });
@@ -191,14 +219,12 @@ export function useNewSessionFlow(
 
   const validModelId = modelId && getModel(modelId) ? modelId : undefined;
 
-  // Persist harness on change
-  useEffect(() => {
-    localStorage.setItem(STORAGE_KEY_HARNESS, harness);
-  }, [harness]);
-
   const setHarness = useCallback(
     (h: HarnessOption) => {
       setHarnessRaw(h);
+      // Persist only explicit choices — never the seeded value — so the
+      // embedder's defaultHarness keeps applying until the user decides.
+      localStorage.setItem(STORAGE_KEY_HARNESS, h);
       const storedModel = localStorage.getItem(modelStorageKey(h));
       const plain = storedModel ? (parseModelKey(storedModel)?.modelId ?? storedModel) : undefined;
       setModelId(plain);
@@ -246,6 +272,14 @@ export function useNewSessionFlow(
       setSubmitError(null);
 
       try {
+        // Host env is evaluated per submission (short-lived credentials)
+        // and before session creation, so a credential failure can never
+        // strand an empty session. Without a provider the composer env
+        // passes through untouched — no extra await on the hot path.
+        const runtimeEnv = getRuntimeEnv
+          ? await resolveExecutionRuntimeEnv(getRuntimeEnv, context?.runtimeEnv)
+          : context?.runtimeEnv;
+
         const sessionFields = {
           org,
           workspaceEntries: workspace.hasEntries
@@ -261,7 +295,7 @@ export function useNewSessionFlow(
           org,
           message,
           modelName: selectedModel ?? validModelId,
-          runtimeEnv: context?.runtimeEnv,
+          runtimeEnv,
           attachments: context?.attachments,
           interactionMode: context?.interactionMode,
           workspaceFileRefs: context?.workspaceFileRefs,
@@ -344,6 +378,7 @@ export function useNewSessionFlow(
       harness,
       executionTarget,
       adapter,
+      getRuntimeEnv,
       validModelId,
       workspace,
       mcpServerUsages,

package/src/session/useSessionPageFlow.ts

@@ -14,6 +14,7 @@ import { fromProtoHarness, type HarnessOption } from "../models/harness";
 import { Harness, ExecutionTarget } from "@stigmer/protos/ai/stigmer/agentic/session/v1/enum_pb";
 import { fromProtoExecutionTarget, type ExecutionTargetOption } from "./execution-target";
 import { useSessionConversation, type UseSessionConversationReturn } from "./useSessionConversation";
+import { resolveExecutionRuntimeEnv, type RuntimeEnvProvider } from "./runtime-env";
 import { useAgentRefFromSession } from "./useAgentRefFromSession";
 import { usePersistedModel, type UsePersistedModelReturn } from "./usePersistedModel";
 import { specMcpUsagesToInput, specSkillRefsToInput } from "./session-spec-converters";
@@ -30,6 +31,18 @@ export interface UseSessionPageFlowOptions {
   readonly sessionId: string;
   /** Organization slug. */
   readonly org: string;
+  /**
+   * Supplies host-app environment variables for every follow-up
+   * execution. Evaluated once per follow-up, at send time, so
+   * short-lived credentials stay fresh.
+   *
+   * Host values win over composer-collected env on key collisions. If
+   * the provider throws, the follow-up is aborted before any optimistic
+   * UI or session mutation and the error surfaces via
+   * {@link UseSessionPageFlowReturn.submitError}. See
+   * {@link RuntimeEnvProvider}.
+   */
+  readonly getRuntimeEnv?: RuntimeEnvProvider;
 }
 
 /** Return value of {@link useSessionPageFlow}. */
@@ -128,8 +141,10 @@ export interface UseSessionPageFlowReturn {
 
   /**
    * Submit a follow-up message. Handles agent override resolution
-   * (if the user changed the agent mid-session) and delegates to
-   * `conv.sendFollowUp` with all managed state.
+   * (if the user changed the agent mid-session), evaluates the host
+   * runtime-env provider, and delegates to `conv.sendFollowUp` with
+   * all managed state. Never rejects — pre-send failures land in
+   * {@link submitError}.
    */
   readonly handleSubmit: (
     message: string,
@@ -137,6 +152,17 @@ export interface UseSessionPageFlowReturn {
     context?: SessionComposerSubmitContext,
   ) => Promise<void>;
 
+  /**
+   * Error from the most recent follow-up's pre-send work (agent
+   * override resolution, host runtime-env evaluation), or `null`.
+   *
+   * Distinct from `conv.sendError`, which covers the create-execution
+   * RPC itself. Kept as the raw `Error` so consumers can render
+   * contextual guidance (e.g. secret-flow errors). Cleared at the
+   * start of each submission.
+   */
+  readonly submitError: Error | null;
+
   /**
    * The most relevant execution for sidebar display — the active
    * streaming execution, or the last completed one.
@@ -199,7 +225,7 @@ export interface UseSessionPageFlowReturn {
 export function useSessionPageFlow(
   options: UseSessionPageFlowOptions,
 ): UseSessionPageFlowReturn {
-  const { sessionId, org } = options;
+  const { sessionId, org, getRuntimeEnv } = options;
 
   const stigmer = useStigmer();
   const conv = useSessionConversation(sessionId, org);
@@ -324,27 +350,48 @@ export function useSessionPageFlow(
   // Follow-up submission with agent override
   // -------------------------------------------------------------------------
 
+  const [submitError, setSubmitError] = useState<Error | null>(null);
+
   const handleSubmit = useCallback(
     async (
       message: string,
       selectedModel?: string,
       context?: SessionComposerSubmitContext,
     ) => {
-      let agentInstanceIdOverride: string | undefined;
+      setSubmitError(null);
 
-      if (resolution) {
-        if (
-          resolution.mode === "saved" &&
-          resolution.instanceId !== sessionInstanceId
-        ) {
-          agentInstanceIdOverride = resolution.instanceId;
-        } else if (resolution.mode === "direct" && agentRef) {
-          const agent = await stigmer.agent.getByReference(agentRef);
-          const defaultId = agent.status?.defaultInstanceId;
-          if (defaultId && defaultId !== sessionInstanceId) {
-            agentInstanceIdOverride = defaultId;
+      // Pre-send work runs before conv.sendFollowUp so a failure here
+      // aborts cleanly: no optimistic pending message, no session
+      // mutation. The composer fires this handler without awaiting it,
+      // so a rejection would otherwise be an unhandled rejection —
+      // failures must land in submitError instead.
+      let agentInstanceIdOverride: string | undefined;
+      let runtimeEnv: SessionComposerSubmitContext["runtimeEnv"];
+
+      try {
+        if (resolution) {
+          if (
+            resolution.mode === "saved" &&
+            resolution.instanceId !== sessionInstanceId
+          ) {
+            agentInstanceIdOverride = resolution.instanceId;
+          } else if (resolution.mode === "direct" && agentRef) {
+            const agent = await stigmer.agent.getByReference(agentRef);
+            const defaultId = agent.status?.defaultInstanceId;
+            if (defaultId && defaultId !== sessionInstanceId) {
+              agentInstanceIdOverride = defaultId;
+            }
           }
         }
+
+        // Evaluated per follow-up so short-lived host credentials are
+        // current; host values win over composer-collected env.
+        runtimeEnv = getRuntimeEnv
+          ? await resolveExecutionRuntimeEnv(getRuntimeEnv, context?.runtimeEnv)
+          : context?.runtimeEnv;
+      } catch (err) {
+        setSubmitError(err instanceof Error ? err : new Error(String(err)));
+        return;
       }
 
       conv.sendFollowUp(message, {
@@ -355,7 +402,7 @@ export function useSessionPageFlow(
           : undefined,
         mcpServerUsages: mcpServerUsages.length > 0 ? mcpServerUsages : undefined,
         skillRefs: skillRefs.length > 0 ? skillRefs : undefined,
-        runtimeEnv: context?.runtimeEnv,
+        runtimeEnv,
         attachments: context?.attachments,
         interactionMode: context?.interactionMode,
         // Sourced from the session-scoped preference set at the approval gate,
@@ -366,7 +413,7 @@ export function useSessionPageFlow(
 
       sessionVariables.clear();
     },
-    [conv.sendFollowUp, modelId, workspace, mcpServerUsages, skillRefs, sessionVariables.clear, resolution, agentRef, sessionInstanceId, stigmer, autoApproveAll],
+    [conv.sendFollowUp, modelId, workspace, mcpServerUsages, skillRefs, sessionVariables.clear, resolution, agentRef, sessionInstanceId, stigmer, autoApproveAll, getRuntimeEnv],
   );
 
   // -------------------------------------------------------------------------
@@ -416,6 +463,7 @@ export function useSessionPageFlow(
     setAutoApproveAll,
     submitApproval,
     handleSubmit,
+    submitError,
     displayExecution,
     allExecutions,
     sandboxWorkspaceRoot,

package/src/workflow/instance/CreateWorkflowInstanceDialog.tsx

@@ -203,6 +203,7 @@ export function CreateWorkflowInstanceDialog({
             <InstanceVisibilitySelector
               visibility={visibility}
               onVisibilityChange={setVisibility}
+              mode="create"
               disabled={isCreating}
             />
           </div>

package/src/workflow/instance/WorkflowInstanceDetailPanel.tsx

@@ -10,9 +10,7 @@ import type { ResourceRef } from "@stigmer/sdk";
 import { getUserMessage } from "@stigmer/sdk";
 import { useUpdateWorkflowInstance } from "./useUpdateWorkflowInstance";
 import { useDeleteWorkflowInstance } from "./useDeleteWorkflowInstance";
-import { useUpdateVisibility } from "../../library/useUpdateVisibility";
-import { InstanceVisibilitySelector } from "../../library/InstanceVisibilitySelector";
-import { visibilityLabel } from "../../library/visibilityLevels";
+import { ResourceVisibilityControl } from "../../library/ResourceVisibilityControl";
 import { PermissionGate } from "../../iam-policy/PermissionGate";
 import { SharePanel } from "../../iam-policy/SharePanel";
 import { EnvironmentPicker } from "../../environment/EnvironmentPicker";
@@ -56,7 +54,6 @@ export function WorkflowInstanceDetailPanel({
 
   const { update, isUpdating } = useUpdateWorkflowInstance();
   const { deleteInstance, isDeleting } = useDeleteWorkflowInstance();
-  const { updateVisibility, isPending: isVisibilityPending } = useUpdateVisibility("workflowInstance", id || null);
   const { environments } = useEnvironmentList(org);
 
   const [isEditingEnvs, setIsEditingEnvs] = useState(false);
@@ -65,14 +62,6 @@ export function WorkflowInstanceDetailPanel({
   const [showDeleteConfirm, setShowDeleteConfirm] = useState(false);
   const [deleteError, setDeleteError] = useState<Error | null>(null);
 
-  const handleVisibilityChange = useCallback(
-    async (v: ApiResourceVisibility) => {
-      await updateVisibility(v);
-      onUpdated?.();
-    },
-    [updateVisibility, onUpdated],
-  );
-
   const handleStartEditEnvs = useCallback(() => {
     const currentRefs: ResourceRef[] = (spec?.environmentRefs ?? []).map((ref) => ({
       org: ref.org || org,
@@ -255,21 +244,12 @@ export function WorkflowInstanceDetailPanel({
         {/* Visibility */}
         <div className="px-4 py-3">
           <h4 className="text-xs font-medium text-muted-foreground mb-2">Visibility</h4>
-          <PermissionGate
-            resource={{ kind: "workflow_instance", id }}
-            relation="can_edit"
-            fallback={
-              <span className="text-sm text-foreground">
-                {visibilityLabel(meta?.visibility ?? ApiResourceVisibility.visibility_private)}
-              </span>
-            }
-          >
-            <InstanceVisibilitySelector
-              visibility={meta?.visibility ?? ApiResourceVisibility.visibility_private}
-              onVisibilityChange={handleVisibilityChange}
-              isPending={isVisibilityPending}
-            />
-          </PermissionGate>
+          <ResourceVisibilityControl
+            kind="workflowInstance"
+            resourceId={id}
+            visibility={meta?.visibility ?? ApiResourceVisibility.visibility_private}
+            onChanged={onUpdated}
+          />
         </div>
 
         {/* Share Panel */}

package/src/workflow/instance/WorkflowInstanceList.tsx

@@ -6,9 +6,7 @@ import type { WorkflowInstance } from "@stigmer/protos/ai/stigmer/agentic/workfl
 import { ApiResourceVisibility } from "@stigmer/protos/ai/stigmer/commons/apiresource/enum_pb";
 import { useWorkflowInstances } from "../useWorkflowInstances";
 import { useEnvironmentList } from "../../environment/useEnvironmentList";
-import { useUpdateVisibility } from "../../library/useUpdateVisibility";
-import { InstanceVisibilitySelector } from "../../library/InstanceVisibilitySelector";
-import { visibilityLabel } from "../../library/visibilityLevels";
+import { ResourceVisibilityControl } from "../../library/ResourceVisibilityControl";
 import { PermissionGate } from "../../iam-policy/PermissionGate";
 import { WorkflowInstanceEmptyState } from "./WorkflowInstanceEmptyState";
 
@@ -167,18 +165,9 @@ function InstanceRow({
 }: InstanceRowProps) {
   const meta = instance.metadata;
   const id = meta?.id ?? "";
-  const { updateVisibility, isPending } = useUpdateVisibility("workflowInstance", id || null);
 
   const envRefs = instance.spec?.environmentRefs ?? [];
 
-  const handleVisibilityChange = useCallback(
-    async (v: ApiResourceVisibility) => {
-      await updateVisibility(v);
-      refetch();
-    },
-    [updateVisibility, refetch],
-  );
-
   return (
     <tr
       className={cn(
@@ -224,21 +213,12 @@ function InstanceRow({
 
       <td className="px-4 py-2.5" onClick={(e) => e.stopPropagation()}>
         {id ? (
-          <PermissionGate
-            resource={{ kind: "workflow_instance", id }}
-            relation="can_edit"
-            fallback={
-              <span className="text-xs text-muted-foreground">
-                {visibilityLabel(meta?.visibility ?? ApiResourceVisibility.visibility_private)}
-              </span>
-            }
-          >
-            <InstanceVisibilitySelector
-              visibility={meta?.visibility ?? ApiResourceVisibility.visibility_private}
-              onVisibilityChange={handleVisibilityChange}
-              isPending={isPending}
-            />
-          </PermissionGate>
+          <ResourceVisibilityControl
+            kind="workflowInstance"
+            resourceId={id}
+            visibility={meta?.visibility ?? ApiResourceVisibility.visibility_private}
+            onChanged={refetch}
+          />
         ) : (
           <span className="text-xs text-muted-foreground">—</span>
         )}