@supaku/agentfactory-nextjs 0.3.0 → 0.4.0

package/dist/src/factory.d.ts

@@ -4,8 +4,12 @@
  * Wires all handlers together from a single configuration object.
  * Consumers call `createAllRoutes(config)` and get back a nested
  * route tree that maps 1:1 onto Next.js App Router exports.
+ *
+ * When optional config fields are omitted, sensible defaults from
+ * @supaku/agentfactory-linear are used (defaultGeneratePrompt, etc.).
  */
 import type { RouteHandler, WebhookConfig, CronConfig } from './types.js';
+import { type OAuthConfig } from './handlers/oauth/callback.js';
 export interface AllRoutes {
     workers: {
         register: {
@@ -84,22 +88,46 @@ export interface AllRoutes {
         POST: RouteHandler;
         GET: RouteHandler;
     };
+    oauth: {
+        callback: {
+            GET: RouteHandler;
+        };
+    };
+}
+/**
+ * Configuration for createAllRoutes.
+ * Extends WebhookConfig & CronConfig with optional OAuth config.
+ */
+export interface AllRoutesConfig extends WebhookConfig, CronConfig {
+    /** OAuth configuration for the callback handler */
+    oauth?: OAuthConfig;
 }
 /**
  * Create all route handlers from a single config object.
  *
+ * Optional fields fall back to sensible defaults from @supaku/agentfactory-linear:
+ * - `generatePrompt` → `defaultGeneratePrompt`
+ * - `detectWorkTypeFromPrompt` → `defaultDetectWorkTypeFromPrompt`
+ * - `getPriority` → `defaultGetPriority`
+ * - `buildParentQAContext` → `defaultBuildParentQAContext`
+ * - `buildParentAcceptanceContext` → `defaultBuildParentAcceptanceContext`
+ *
  * @example
  * ```typescript
- * import { createAllRoutes } from '@supaku/agentfactory-nextjs'
+ * import { createAllRoutes, createDefaultLinearClientResolver } from '@supaku/agentfactory-nextjs'
  *
+ * // Minimal — everything uses defaults
  * const routes = createAllRoutes({
- *   linearClient: { getClient: async (orgId) => getLinearClient(orgId) },
- *   generatePrompt: (id, workType) => `Work on ${id}`,
+ *   linearClient: createDefaultLinearClientResolver(),
  * })
  *
- * // In app/api/workers/register/route.ts:
- * export const POST = routes.workers.register.POST
+ * // Custom — override specific callbacks
+ * const routes = createAllRoutes({
+ *   linearClient: createDefaultLinearClientResolver(),
+ *   generatePrompt: myCustomPromptFn,
+ *   oauth: { clientId: '...', clientSecret: '...' },
+ * })
  * ```
  */
-export declare function createAllRoutes(config: WebhookConfig & CronConfig): AllRoutes;
+export declare function createAllRoutes(config: AllRoutesConfig): AllRoutes;
 //# sourceMappingURL=factory.d.ts.map

package/dist/src/factory.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/factory.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAe,aAAa,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAoCtF,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE;QACP,QAAQ,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAChC,IAAI,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC3B,MAAM,EAAE;YAAE,GAAG,EAAE,YAAY,CAAC;YAAC,MAAM,EAAE,YAAY,CAAA;SAAE,CAAA;QACnD,SAAS,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACjC,IAAI,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,QAAQ,EAAE;QACR,IAAI,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC3B,MAAM,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC7B,KAAK,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAC7B,MAAM,EAAE;YAAE,GAAG,EAAE,YAAY,CAAC;YAAC,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACjD,WAAW,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACnC,OAAO,EAAE;YAAE,GAAG,EAAE,YAAY,CAAC;YAAC,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAClD,iBAAiB,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACzC,QAAQ,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAChC,UAAU,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAClC,YAAY,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACpC,QAAQ,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAChC,SAAS,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;KAClC,CAAA;IACD,MAAM,EAAE;QACN,KAAK,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC5B,QAAQ,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC/B,aAAa,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;KACrC,CAAA;IACD,OAAO,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,YAAY,CAAA;KAAE,CAAA;IAClD,OAAO,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,YAAY,CAAA;KAAE,CAAA;CACnD;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,aAAa,GAAG,UAAU,GAAG,SAAS,CAuC7E"}
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../src/factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,YAAY,EAAe,aAAa,EAAyB,UAAU,EAAE,MAAM,YAAY,CAAA;AA4C7G,OAAO,EAA8B,KAAK,WAAW,EAAE,MAAM,8BAA8B,CAAA;AAE3F,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE;QACP,QAAQ,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAChC,IAAI,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC3B,MAAM,EAAE;YAAE,GAAG,EAAE,YAAY,CAAC;YAAC,MAAM,EAAE,YAAY,CAAA;SAAE,CAAA;QACnD,SAAS,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACjC,IAAI,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;KAC5B,CAAA;IACD,QAAQ,EAAE;QACR,IAAI,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC3B,MAAM,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC7B,KAAK,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAC7B,MAAM,EAAE;YAAE,GAAG,EAAE,YAAY,CAAC;YAAC,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACjD,WAAW,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACnC,OAAO,EAAE;YAAE,GAAG,EAAE,YAAY,CAAC;YAAC,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAClD,iBAAiB,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACzC,QAAQ,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAChC,UAAU,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAClC,YAAY,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QACpC,QAAQ,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;QAChC,SAAS,EAAE;YAAE,IAAI,EAAE,YAAY,CAAA;SAAE,CAAA;KAClC,CAAA;IACD,MAAM,EAAE;QACN,KAAK,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC5B,QAAQ,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;QAC/B,aAAa,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;KACrC,CAAA;IACD,OAAO,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,YAAY,CAAA;KAAE,CAAA;IAClD,OAAO,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,YAAY,CAAA;KAAE,CAAA;IAClD,KAAK,EAAE;QACL,QAAQ,EAAE;YAAE,GAAG,EAAE,YAAY,CAAA;SAAE,CAAA;KAChC,CAAA;CACF;AAED;;;GAGG;AACH,MAAM,WAAW,eAAgB,SAAQ,aAAa,EAAE,UAAU;IAChE,mDAAmD;IACnD,KAAK,CAAC,EAAE,WAAW,CAAA;CACpB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,eAAe,GAAG,SAAS,CAqDlE"}

package/dist/src/factory.js

@@ -4,7 +4,11 @@
  * Wires all handlers together from a single configuration object.
  * Consumers call `createAllRoutes(config)` and get back a nested
  * route tree that maps 1:1 onto Next.js App Router exports.
+ *
+ * When optional config fields are omitted, sensible defaults from
+ * @supaku/agentfactory-linear are used (defaultGeneratePrompt, etc.).
  */
+import { defaultGeneratePrompt, defaultDetectWorkTypeFromPrompt, defaultGetPriority, defaultBuildParentQAContext, defaultBuildParentAcceptanceContext, } from '@supaku/agentfactory-linear';
 // Worker handlers
 import { createWorkerRegisterHandler } from './handlers/workers/register.js';
 import { createWorkerListHandler } from './handlers/workers/list.js';
@@ -33,29 +37,52 @@ import { createPublicSessionDetailHandler } from './handlers/public/session-deta
 import { createCleanupHandler } from './handlers/cleanup.js';
 // Webhook processor
 import { createWebhookHandler } from './webhook/processor.js';
+// OAuth handler
+import { createOAuthCallbackHandler } from './handlers/oauth/callback.js';
 /**
  * Create all route handlers from a single config object.
  *
+ * Optional fields fall back to sensible defaults from @supaku/agentfactory-linear:
+ * - `generatePrompt` → `defaultGeneratePrompt`
+ * - `detectWorkTypeFromPrompt` → `defaultDetectWorkTypeFromPrompt`
+ * - `getPriority` → `defaultGetPriority`
+ * - `buildParentQAContext` → `defaultBuildParentQAContext`
+ * - `buildParentAcceptanceContext` → `defaultBuildParentAcceptanceContext`
+ *
  * @example
  * ```typescript
- * import { createAllRoutes } from '@supaku/agentfactory-nextjs'
+ * import { createAllRoutes, createDefaultLinearClientResolver } from '@supaku/agentfactory-nextjs'
  *
+ * // Minimal — everything uses defaults
  * const routes = createAllRoutes({
- *   linearClient: { getClient: async (orgId) => getLinearClient(orgId) },
- *   generatePrompt: (id, workType) => `Work on ${id}`,
+ *   linearClient: createDefaultLinearClientResolver(),
  * })
  *
- * // In app/api/workers/register/route.ts:
- * export const POST = routes.workers.register.POST
+ * // Custom — override specific callbacks
+ * const routes = createAllRoutes({
+ *   linearClient: createDefaultLinearClientResolver(),
+ *   generatePrompt: myCustomPromptFn,
+ *   oauth: { clientId: '...', clientSecret: '...' },
+ * })
  * ```
  */
 export function createAllRoutes(config) {
+    // Apply defaults for optional webhook config fields
+    const webhookConfig = {
+        ...config,
+        generatePrompt: config.generatePrompt ?? defaultGeneratePrompt,
+        detectWorkTypeFromPrompt: config.detectWorkTypeFromPrompt ?? defaultDetectWorkTypeFromPrompt,
+        getPriority: config.getPriority ?? defaultGetPriority,
+        buildParentQAContext: config.buildParentQAContext ?? defaultBuildParentQAContext,
+        buildParentAcceptanceContext: config.buildParentAcceptanceContext ?? defaultBuildParentAcceptanceContext,
+    };
     const routeConfig = {
         linearClient: config.linearClient,
         appUrl: config.appUrl,
     };
-    const cleanup = createCleanupHandler(config);
-    const webhook = createWebhookHandler(config);
+    const cleanup = createCleanupHandler(webhookConfig);
+    const webhook = createWebhookHandler(webhookConfig);
+    const oauth = createOAuthCallbackHandler(config.oauth);
     return {
         workers: {
             register: { POST: createWorkerRegisterHandler() },
@@ -85,5 +112,8 @@ export function createAllRoutes(config) {
         },
         cleanup: { POST: cleanup.POST, GET: cleanup.GET },
         webhook: { POST: webhook.POST, GET: webhook.GET },
+        oauth: {
+            callback: { GET: oauth.GET },
+        },
     };
 }

package/dist/src/handlers/oauth/callback.d.ts

@@ -0,0 +1,36 @@
+/**
+ * OAuth Callback Handler for Linear
+ *
+ * Exchanges an authorization code for an access token and stores it
+ * in Redis for workspace-specific token resolution.
+ *
+ * @see https://developers.linear.app/docs/oauth/authentication
+ */
+import type { RouteHandler } from '../../types.js';
+/**
+ * Configuration for the OAuth callback handler.
+ */
+export interface OAuthConfig {
+    /** Linear OAuth client ID (defaults to LINEAR_CLIENT_ID env) */
+    clientId?: string;
+    /** Linear OAuth client secret (defaults to LINEAR_CLIENT_SECRET env) */
+    clientSecret?: string;
+    /** Application URL for redirect URI (defaults to NEXT_PUBLIC_APP_URL env) */
+    appUrl?: string;
+    /** Redirect path on success (defaults to '/?oauth=success') */
+    successRedirect?: string;
+}
+/**
+ * Create an OAuth callback route handler for Linear.
+ *
+ * @example
+ * ```typescript
+ * // In app/callback/route.ts:
+ * import { createOAuthCallbackHandler } from '@supaku/agentfactory-nextjs'
+ * export const { GET } = createOAuthCallbackHandler()
+ * ```
+ */
+export declare function createOAuthCallbackHandler(config?: OAuthConfig): {
+    GET: RouteHandler;
+};
+//# sourceMappingURL=callback.d.ts.map

package/dist/src/handlers/oauth/callback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/handlers/oauth/callback.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAWH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAElD;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,gEAAgE;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,wEAAwE;IACxE,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,+DAA+D;IAC/D,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AAID;;;;;;;;;GASG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,CAAC,EAAE,WAAW,GAAG;IAAE,GAAG,EAAE,YAAY,CAAA;CAAE,CA8FtF"}

package/dist/src/handlers/oauth/callback.js

@@ -0,0 +1,92 @@
+/**
+ * OAuth Callback Handler for Linear
+ *
+ * Exchanges an authorization code for an access token and stores it
+ * in Redis for workspace-specific token resolution.
+ *
+ * @see https://developers.linear.app/docs/oauth/authentication
+ */
+import { NextResponse } from 'next/server';
+import { storeToken, fetchOrganization, isRedisConfigured, createLogger, generateRequestId, } from '@supaku/agentfactory-server';
+const baseLogger = createLogger('oauth-callback');
+/**
+ * Create an OAuth callback route handler for Linear.
+ *
+ * @example
+ * ```typescript
+ * // In app/callback/route.ts:
+ * import { createOAuthCallbackHandler } from '@supaku/agentfactory-nextjs'
+ * export const { GET } = createOAuthCallbackHandler()
+ * ```
+ */
+export function createOAuthCallbackHandler(config) {
+    return {
+        GET: async (request) => {
+            const requestId = generateRequestId();
+            const log = baseLogger.child({ requestId });
+            const clientId = config?.clientId ?? process.env.LINEAR_CLIENT_ID;
+            const clientSecret = config?.clientSecret ?? process.env.LINEAR_CLIENT_SECRET;
+            const appUrl = config?.appUrl ?? process.env.NEXT_PUBLIC_APP_URL ?? 'http://localhost:3002';
+            const successRedirect = config?.successRedirect ?? '/?oauth=success';
+            const code = request.nextUrl.searchParams.get('code');
+            const error = request.nextUrl.searchParams.get('error');
+            const errorDescription = request.nextUrl.searchParams.get('error_description');
+            if (error) {
+                log.error('OAuth error from Linear', { oauthError: error, errorDescription });
+                return NextResponse.json({ error, description: errorDescription, requestId }, { status: 400 });
+            }
+            if (!code) {
+                log.warn('Missing authorization code');
+                return NextResponse.json({ error: 'Missing authorization code', requestId }, { status: 400 });
+            }
+            if (!clientId || !clientSecret) {
+                log.error('OAuth credentials not configured');
+                return NextResponse.json({ error: 'OAuth not configured', requestId }, { status: 500 });
+            }
+            try {
+                log.debug('Exchanging authorization code for token');
+                const tokenResponse = await fetch('https://api.linear.app/oauth/token', {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                    body: new URLSearchParams({
+                        grant_type: 'authorization_code',
+                        client_id: clientId,
+                        client_secret: clientSecret,
+                        redirect_uri: `${appUrl}/callback`,
+                        code,
+                    }),
+                });
+                if (!tokenResponse.ok) {
+                    const errorText = await tokenResponse.text();
+                    log.error('Token exchange failed', {
+                        statusCode: tokenResponse.status,
+                        errorDetails: errorText,
+                    });
+                    return NextResponse.json({ error: 'Token exchange failed', details: errorText, requestId }, { status: 400 });
+                }
+                const tokenData = (await tokenResponse.json());
+                if (isRedisConfigured()) {
+                    const organization = await fetchOrganization(tokenData.access_token);
+                    if (organization) {
+                        await storeToken(organization.id, tokenData, organization.name);
+                        log.info('OAuth successful, token stored', {
+                            workspaceId: organization.id,
+                            workspaceName: organization.name,
+                        });
+                    }
+                    else {
+                        log.warn('OAuth successful but could not fetch organization info - token not stored');
+                    }
+                }
+                else {
+                    log.info('OAuth successful, token received (Redis not configured for storage)');
+                }
+                return NextResponse.redirect(new URL(successRedirect, appUrl));
+            }
+            catch (err) {
+                log.error('OAuth callback error', { error: err });
+                return NextResponse.json({ error: 'Internal server error', requestId }, { status: 500 });
+            }
+        },
+    };
+}

package/dist/src/index.d.ts

@@ -2,11 +2,20 @@
  * @supaku/agentfactory-nextjs
  *
  * Next.js API route handlers for AgentFactory.
- * Provides webhook processing, worker/session management, and public stats.
+ * Provides webhook processing, worker/session management, public stats,
+ * OAuth callback, middleware factory, webhook orchestrator, and Linear client resolver.
  */
 export type { LinearClientResolver, RouteConfig, WebhookConfig, AutoTriggerConfig, CronConfig, RouteHandler, } from './types.js';
 export { createAllRoutes } from './factory.js';
-export type { AllRoutes } from './factory.js';
+export type { AllRoutes, AllRoutesConfig } from './factory.js';
+export { createOAuthCallbackHandler } from './handlers/oauth/callback.js';
+export type { OAuthConfig } from './handlers/oauth/callback.js';
+export { createAgentFactoryMiddleware } from './middleware/factory.js';
+export type { MiddlewareConfig } from './middleware/types.js';
+export { createWebhookOrchestrator, formatErrorForComment, } from './orchestrator/index.js';
+export type { WebhookOrchestratorConfig, WebhookOrchestratorHooks, WebhookOrchestratorInstance, } from './orchestrator/index.js';
+export { createDefaultLinearClientResolver } from './linear-client-resolver.js';
+export type { DefaultLinearClientResolverConfig } from './linear-client-resolver.js';
 export { verifyCronAuth } from './middleware/cron-auth.js';
 export { verifyWorkerAuth, requireWorkerAuth, unauthorizedResponse, isWorkerAuthConfigured, } from './middleware/worker-auth.js';
 export { createWebhookHandler } from './webhook/processor.js';

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,YAAY,EACV,oBAAoB,EACpB,WAAW,EACX,aAAa,EACb,iBAAiB,EACjB,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAA;AAGnB,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,YAAY,EAAE,SAAS,EAAE,MAAM,cAAc,CAAA;AAG7C,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAA;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAA;AAK/D,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AACpE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAA;AACpG,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AAGpE,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAA;AACtE,YAAY,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAA;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAA;AACxE,OAAO,EAAE,8BAA8B,EAAE,6BAA6B,EAAE,MAAM,+BAA+B,CAAA;AAC7G,OAAO,EAAE,+BAA+B,EAAE,MAAM,qCAAqC,CAAA;AACrF,OAAO,EAAE,8BAA8B,EAAE,+BAA+B,EAAE,MAAM,gCAAgC,CAAA;AAChH,OAAO,EAAE,qCAAqC,EAAE,MAAM,2CAA2C,CAAA;AAGjG,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,8BAA8B,EAAE,MAAM,mCAAmC,CAAA;AAClF,OAAO,EAAE,gCAAgC,EAAE,MAAM,sCAAsC,CAAA;AACvF,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,6BAA6B,EAAE,MAAM,mCAAmC,CAAA;AAGjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAA;AACrE,YAAY,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAA;AACrE,OAAO,EAAE,+BAA+B,EAAE,MAAM,oCAAoC,CAAA;AACpF,YAAY,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAA;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,qCAAqC,CAAA;AACtF,YAAY,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAA;AAGtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,YAAY,EACV,oBAAoB,EACpB,WAAW,EACX,aAAa,EACb,iBAAiB,EACjB,UAAU,EACV,YAAY,GACb,MAAM,YAAY,CAAA;AAGnB,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,YAAY,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAG9D,OAAO,EAAE,0BAA0B,EAAE,MAAM,8BAA8B,CAAA;AACzE,YAAY,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAA;AAG/D,OAAO,EAAE,4BAA4B,EAAE,MAAM,yBAAyB,CAAA;AACtE,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAG7D,OAAO,EACL,yBAAyB,EACzB,qBAAqB,GACtB,MAAM,yBAAyB,CAAA;AAChC,YAAY,EACV,yBAAyB,EACzB,wBAAwB,EACxB,2BAA2B,GAC5B,MAAM,yBAAyB,CAAA;AAGhC,OAAO,EAAE,iCAAiC,EAAE,MAAM,6BAA6B,CAAA;AAC/E,YAAY,EAAE,iCAAiC,EAAE,MAAM,6BAA6B,CAAA;AAGpF,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,6BAA6B,CAAA;AAGpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAA;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAA;AAK/D,OAAO,EAAE,2BAA2B,EAAE,MAAM,gCAAgC,CAAA;AAC5E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AACpE,OAAO,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,MAAM,kCAAkC,CAAA;AACpG,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AAGpE,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAA;AACtE,YAAY,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAA;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAA;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,8BAA8B,CAAA;AACxE,OAAO,EAAE,8BAA8B,EAAE,6BAA6B,EAAE,MAAM,+BAA+B,CAAA;AAC7G,OAAO,EAAE,+BAA+B,EAAE,MAAM,qCAAqC,CAAA;AACrF,OAAO,EAAE,8BAA8B,EAAE,+BAA+B,EAAE,MAAM,gCAAgC,CAAA;AAChH,OAAO,EAAE,qCAAqC,EAAE,MAAM,2CAA2C,CAAA;AAGjG,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,8BAA8B,EAAE,MAAM,mCAAmC,CAAA;AAClF,OAAO,EAAE,gCAAgC,EAAE,MAAM,sCAAsC,CAAA;AACvF,OAAO,EAAE,4BAA4B,EAAE,MAAM,iCAAiC,CAAA;AAC9E,OAAO,EAAE,6BAA6B,EAAE,MAAM,mCAAmC,CAAA;AAGjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAA;AACrE,YAAY,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAA;AACrE,OAAO,EAAE,+BAA+B,EAAE,MAAM,oCAAoC,CAAA;AACpF,YAAY,EAAE,qBAAqB,EAAE,MAAM,oCAAoC,CAAA;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,qCAAqC,CAAA;AACtF,YAAY,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAA;AAGtF,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAA"}

package/dist/src/index.js

@@ -2,11 +2,20 @@
  * @supaku/agentfactory-nextjs
  *
  * Next.js API route handlers for AgentFactory.
- * Provides webhook processing, worker/session management, and public stats.
+ * Provides webhook processing, worker/session management, public stats,
+ * OAuth callback, middleware factory, webhook orchestrator, and Linear client resolver.
  */
 // Factory
 export { createAllRoutes } from './factory.js';
-// Middleware
+// OAuth handler
+export { createOAuthCallbackHandler } from './handlers/oauth/callback.js';
+// Middleware factory
+export { createAgentFactoryMiddleware } from './middleware/factory.js';
+// Webhook orchestrator
+export { createWebhookOrchestrator, formatErrorForComment, } from './orchestrator/index.js';
+// Default Linear client resolver
+export { createDefaultLinearClientResolver } from './linear-client-resolver.js';
+// Middleware (existing)
 export { verifyCronAuth } from './middleware/cron-auth.js';
 export { verifyWorkerAuth, requireWorkerAuth, unauthorizedResponse, isWorkerAuthConfigured, } from './middleware/worker-auth.js';
 // Webhook

package/dist/src/linear-client-resolver.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Default Linear Client Resolver
+ *
+ * Provides a generic LinearClientResolver that uses:
+ * 1. Workspace-specific OAuth tokens from Redis (if configured)
+ * 2. Falls back to a global API key from environment
+ *
+ * This is the pattern every consumer needs — extracted from Supaku's
+ * linear.ts for reuse.
+ */
+import type { LinearClientResolver } from './types.js';
+/**
+ * Configuration for the default Linear client resolver.
+ */
+export interface DefaultLinearClientResolverConfig {
+    /** Environment variable name for the API key (default: 'LINEAR_ACCESS_TOKEN') */
+    apiKeyEnvVar?: string;
+}
+/**
+ * Create a default Linear client resolver.
+ *
+ * Resolves Linear clients with workspace-aware OAuth token support:
+ * - If an organizationId is provided and Redis is configured, attempts to
+ *   fetch a workspace-specific OAuth token.
+ * - Falls back to a global API key from the environment.
+ *
+ * @example
+ * ```typescript
+ * import { createDefaultLinearClientResolver } from '@supaku/agentfactory-nextjs'
+ *
+ * const resolver = createDefaultLinearClientResolver()
+ * // Use in route config:
+ * const routes = createAllRoutes({ linearClient: resolver, ... })
+ * ```
+ */
+export declare function createDefaultLinearClientResolver(config?: DefaultLinearClientResolverConfig): LinearClientResolver;
+//# sourceMappingURL=linear-client-resolver.d.ts.map

package/dist/src/linear-client-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"linear-client-resolver.d.ts","sourceRoot":"","sources":["../../src/linear-client-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAWH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAItD;;GAEG;AACH,MAAM,WAAW,iCAAiC;IAChD,iFAAiF;IACjF,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,iCAAiC,CAC/C,MAAM,CAAC,EAAE,iCAAiC,GACzC,oBAAoB,CAwCtB"}

package/dist/src/linear-client-resolver.js

@@ -0,0 +1,60 @@
+/**
+ * Default Linear Client Resolver
+ *
+ * Provides a generic LinearClientResolver that uses:
+ * 1. Workspace-specific OAuth tokens from Redis (if configured)
+ * 2. Falls back to a global API key from environment
+ *
+ * This is the pattern every consumer needs — extracted from Supaku's
+ * linear.ts for reuse.
+ */
+import { createLinearAgentClient, } from '@supaku/agentfactory-linear';
+import { getAccessToken, isRedisConfigured, createLogger, } from '@supaku/agentfactory-server';
+const log = createLogger('linear-client-resolver');
+/**
+ * Create a default Linear client resolver.
+ *
+ * Resolves Linear clients with workspace-aware OAuth token support:
+ * - If an organizationId is provided and Redis is configured, attempts to
+ *   fetch a workspace-specific OAuth token.
+ * - Falls back to a global API key from the environment.
+ *
+ * @example
+ * ```typescript
+ * import { createDefaultLinearClientResolver } from '@supaku/agentfactory-nextjs'
+ *
+ * const resolver = createDefaultLinearClientResolver()
+ * // Use in route config:
+ * const routes = createAllRoutes({ linearClient: resolver, ... })
+ * ```
+ */
+export function createDefaultLinearClientResolver(config) {
+    const apiKeyEnvVar = config?.apiKeyEnvVar ?? 'LINEAR_ACCESS_TOKEN';
+    let _globalClient = null;
+    function getGlobalClient() {
+        if (!_globalClient) {
+            const apiKey = process.env[apiKeyEnvVar];
+            if (!apiKey) {
+                throw new Error(`${apiKeyEnvVar} not set - Linear API operations will fail`);
+            }
+            _globalClient = createLinearAgentClient({ apiKey });
+        }
+        return _globalClient;
+    }
+    async function getClientForWorkspace(workspaceId) {
+        if (isRedisConfigured()) {
+            const accessToken = await getAccessToken(workspaceId);
+            if (accessToken) {
+                log.debug('Using OAuth token from Redis', { workspaceId });
+                return createLinearAgentClient({ apiKey: accessToken });
+            }
+            log.debug('No OAuth token in Redis, falling back to env var', { workspaceId });
+        }
+        return getGlobalClient();
+    }
+    return {
+        getClient: async (organizationId) => organizationId
+            ? await getClientForWorkspace(organizationId)
+            : getGlobalClient(),
+    };
+}

package/dist/src/middleware/factory.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Middleware Factory
+ *
+ * Creates a Next.js middleware function that handles authentication,
+ * rate limiting, and security for AgentFactory API routes.
+ *
+ * Uses the rate limiter and worker auth from @supaku/agentfactory-server
+ * for proper LRU eviction and crypto.timingSafeEqual.
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import type { MiddlewareConfig } from './types.js';
+/**
+ * Create an AgentFactory middleware function with configurable routes
+ * and rate limiting.
+ *
+ * @example
+ * ```typescript
+ * // In middleware.ts:
+ * import { createAgentFactoryMiddleware } from '@supaku/agentfactory-nextjs'
+ *
+ * const { middleware, matcherConfig } = createAgentFactoryMiddleware()
+ * export { middleware }
+ * export const config = matcherConfig
+ * ```
+ */
+export declare function createAgentFactoryMiddleware(userConfig?: MiddlewareConfig): {
+    middleware: (request: NextRequest) => NextResponse | undefined;
+    matcherConfig: {
+        matcher: string[];
+    };
+};
+//# sourceMappingURL=factory.d.ts.map

package/dist/src/middleware/factory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"factory.d.ts","sourceRoot":"","sources":["../../../src/middleware/factory.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAOvD,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAA;AAQlD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,4BAA4B,CAAC,UAAU,CAAC,EAAE,gBAAgB;0BAO3C,WAAW,KAAG,YAAY,GAAG,SAAS;;;;EA8GpE"}

package/dist/src/middleware/factory.js

@@ -0,0 +1,115 @@
+/**
+ * Middleware Factory
+ *
+ * Creates a Next.js middleware function that handles authentication,
+ * rate limiting, and security for AgentFactory API routes.
+ *
+ * Uses the rate limiter and worker auth from @supaku/agentfactory-server
+ * for proper LRU eviction and crypto.timingSafeEqual.
+ */
+import { NextResponse } from 'next/server';
+import { checkRateLimit, getClientIP, buildRateLimitHeaders, verifyApiKey, } from '@supaku/agentfactory-server';
+const DEFAULT_PUBLIC_ROUTES = ['/api/public/', '/dashboard', '/'];
+const DEFAULT_PROTECTED_ROUTES = ['/api/sessions', '/api/workers'];
+const DEFAULT_SESSION_PAGES = ['/sessions/'];
+const DEFAULT_WEBHOOK_ROUTE = '/webhook';
+const DEFAULT_PASSTHROUGH_ROUTES = ['/api/cleanup'];
+/**
+ * Create an AgentFactory middleware function with configurable routes
+ * and rate limiting.
+ *
+ * @example
+ * ```typescript
+ * // In middleware.ts:
+ * import { createAgentFactoryMiddleware } from '@supaku/agentfactory-nextjs'
+ *
+ * const { middleware, matcherConfig } = createAgentFactoryMiddleware()
+ * export { middleware }
+ * export const config = matcherConfig
+ * ```
+ */
+export function createAgentFactoryMiddleware(userConfig) {
+    const publicRoutes = userConfig?.routes?.public ?? DEFAULT_PUBLIC_ROUTES;
+    const protectedRoutes = userConfig?.routes?.protected ?? DEFAULT_PROTECTED_ROUTES;
+    const sessionPages = userConfig?.routes?.sessionPages ?? DEFAULT_SESSION_PAGES;
+    const webhookRoute = userConfig?.routes?.webhook ?? DEFAULT_WEBHOOK_ROUTE;
+    const passthroughRoutes = userConfig?.routes?.passthrough ?? DEFAULT_PASSTHROUGH_ROUTES;
+    function middleware(request) {
+        const { pathname } = request.nextUrl;
+        const clientIP = getClientIP(request.headers);
+        // === PUBLIC ROUTES ===
+        if (publicRoutes.some(route => pathname === route || pathname.startsWith(route))) {
+            const result = checkRateLimit('public', clientIP);
+            if (!result.allowed) {
+                return new NextResponse(JSON.stringify({ error: 'Too many requests' }), {
+                    status: 429,
+                    headers: {
+                        'Content-Type': 'application/json',
+                        ...buildRateLimitHeaders(result),
+                    },
+                });
+            }
+            const response = NextResponse.next();
+            const rateLimitHeaders = buildRateLimitHeaders(result);
+            for (const [key, value] of Object.entries(rateLimitHeaders)) {
+                response.headers.set(key, value);
+            }
+            return response;
+        }
+        // === SESSION DETAIL PAGES ===
+        if (sessionPages.some(route => pathname.startsWith(route))) {
+            return NextResponse.next();
+        }
+        // === WEBHOOK ROUTE ===
+        if (pathname === webhookRoute) {
+            const result = checkRateLimit('webhook', clientIP);
+            if (!result.allowed) {
+                return new NextResponse(JSON.stringify({ error: 'Too many requests' }), {
+                    status: 429,
+                    headers: {
+                        'Content-Type': 'application/json',
+                        ...buildRateLimitHeaders(result),
+                    },
+                });
+            }
+            return NextResponse.next();
+        }
+        // === PROTECTED INTERNAL APIS ===
+        if (protectedRoutes.some(route => pathname.startsWith(route))) {
+            const workerApiKey = process.env.WORKER_API_KEY;
+            // In development without key, allow access
+            if (!workerApiKey && process.env.NODE_ENV !== 'production') {
+                return NextResponse.next();
+            }
+            if (!workerApiKey) {
+                console.error('WORKER_API_KEY not configured - blocking protected API access');
+                return new NextResponse(JSON.stringify({ error: 'Unauthorized', message: 'Invalid or missing API key' }), { status: 401, headers: { 'Content-Type': 'application/json' } });
+            }
+            const authHeader = request.headers.get('authorization');
+            if (!authHeader?.startsWith('Bearer ')) {
+                return new NextResponse(JSON.stringify({ error: 'Unauthorized', message: 'Invalid or missing API key' }), { status: 401, headers: { 'Content-Type': 'application/json' } });
+            }
+            const token = authHeader.slice(7);
+            if (!verifyApiKey(token, workerApiKey)) {
+                return new NextResponse(JSON.stringify({ error: 'Unauthorized', message: 'Invalid or missing API key' }), { status: 401, headers: { 'Content-Type': 'application/json' } });
+            }
+            return NextResponse.next();
+        }
+        // === PASSTHROUGH ROUTES ===
+        if (passthroughRoutes.some(route => pathname === route || pathname.startsWith(route))) {
+            return NextResponse.next();
+        }
+        // === ALL OTHER ROUTES ===
+        return NextResponse.next();
+    }
+    const matcherConfig = {
+        matcher: [
+            '/api/:path*',
+            webhookRoute,
+            '/dashboard',
+            '/sessions/:path*',
+            '/',
+        ],
+    };
+    return { middleware, matcherConfig };
+}

package/dist/src/middleware/types.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Types for the middleware factory.
+ */
+/**
+ * Configuration for the AgentFactory middleware.
+ */
+export interface MiddlewareConfig {
+    /** Route path configuration */
+    routes?: {
+        /** Public routes - no auth, with rate limiting (default: ['/api/public/', '/dashboard', '/']) */
+        public?: string[];
+        /** Protected routes - require WORKER_API_KEY (default: ['/api/sessions', '/api/workers']) */
+        protected?: string[];
+        /** Session detail pages - allow public access (default: ['/sessions/']) */
+        sessionPages?: string[];
+        /** Webhook route (default: '/webhook') */
+        webhook?: string;
+        /** Routes with custom auth in handler (default: ['/api/cleanup']) */
+        passthrough?: string[];
+    };
+    /** Rate limit configurations */
+    rateLimits?: {
+        /** Public endpoint rate limit (default: 60/min) */
+        public?: {
+            max: number;
+            windowMs: number;
+        };
+        /** Webhook endpoint rate limit (default: 10/sec) */
+        webhook?: {
+            max: number;
+            windowMs: number;
+        };
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/middleware/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/middleware/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,+BAA+B;IAC/B,MAAM,CAAC,EAAE;QACP,iGAAiG;QACjG,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;QACjB,6FAA6F;QAC7F,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;QACpB,2EAA2E;QAC3E,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;QACvB,0CAA0C;QAC1C,OAAO,CAAC,EAAE,MAAM,CAAA;QAChB,qEAAqE;QACrE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAA;KACvB,CAAA;IACD,gCAAgC;IAChC,UAAU,CAAC,EAAE;QACX,mDAAmD;QACnD,MAAM,CAAC,EAAE;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,CAAA;QAC1C,oDAAoD;QACpD,OAAO,CAAC,EAAE;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,CAAA;KAC5C,CAAA;CACF"}

package/dist/src/middleware/types.js

@@ -0,0 +1,4 @@
+/**
+ * Types for the middleware factory.
+ */
+export {};