npm - agent-relay - Versions diffs - 1.1.0 → 1.2.3 - Mend

agent-relay 1.1.0 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (567) hide show

package/.gitattributes +3 -0
package/.nvmrc +1 -0
package/.trajectories/completed/2026-01/traj_1dviorhnkcb5.json +65 -0
package/.trajectories/completed/2026-01/traj_1dviorhnkcb5.md +37 -0
package/.trajectories/completed/2026-01/traj_1k5if5snst2e.json +65 -0
package/.trajectories/completed/2026-01/traj_1k5if5snst2e.md +37 -0
package/.trajectories/completed/2026-01/traj_1rp3rges5811.json +49 -0
package/.trajectories/completed/2026-01/traj_1rp3rges5811.md +31 -0
package/.trajectories/completed/2026-01/traj_22bhyulruouw.json +113 -0
package/.trajectories/completed/2026-01/traj_22bhyulruouw.md +57 -0
package/.trajectories/completed/2026-01/traj_2dao7ddgnta0.json +53 -0
package/.trajectories/completed/2026-01/traj_2dao7ddgnta0.md +32 -0
package/.trajectories/completed/2026-01/traj_3t0440mjeunc.json +26 -0
package/.trajectories/completed/2026-01/traj_3t0440mjeunc.md +6 -0
package/.trajectories/completed/2026-01/traj_45x9494d9xnr.json +47 -0
package/.trajectories/completed/2026-01/traj_45x9494d9xnr.md +32 -0
package/.trajectories/completed/2026-01/traj_4aa0bb77s4nh.json +53 -0
package/.trajectories/completed/2026-01/traj_4aa0bb77s4nh.md +32 -0
package/.trajectories/completed/2026-01/traj_5lhmzq8rxpqv.json +59 -0
package/.trajectories/completed/2026-01/traj_5lhmzq8rxpqv.md +33 -0
package/.trajectories/completed/2026-01/traj_5vr4e9erb1fs.json +53 -0
package/.trajectories/completed/2026-01/traj_5vr4e9erb1fs.md +32 -0
package/.trajectories/completed/2026-01/traj_6fgiwdoklvym.json +48 -0
package/.trajectories/completed/2026-01/traj_6fgiwdoklvym.md +24 -0
package/.trajectories/completed/2026-01/traj_7ludwvz45veh.json +209 -0
package/.trajectories/completed/2026-01/traj_7ludwvz45veh.md +97 -0
package/.trajectories/completed/2026-01/traj_9921cuhel0pj.json +48 -0
package/.trajectories/completed/2026-01/traj_9921cuhel0pj.md +24 -0
package/.trajectories/completed/2026-01/traj_ajs7zqfux4wc.json +49 -0
package/.trajectories/completed/2026-01/traj_ajs7zqfux4wc.md +23 -0
package/.trajectories/completed/2026-01/traj_cvtqhlwcq9s0.json +53 -0
package/.trajectories/completed/2026-01/traj_cvtqhlwcq9s0.md +32 -0
package/.trajectories/completed/2026-01/traj_cxofprm2m2en.json +49 -0
package/.trajectories/completed/2026-01/traj_cxofprm2m2en.md +31 -0
package/.trajectories/completed/2026-01/traj_d2hhz3k0vrhn.json +26 -0
package/.trajectories/completed/2026-01/traj_d2hhz3k0vrhn.md +6 -0
package/.trajectories/completed/2026-01/traj_dfuvww9pege5.json +59 -0
package/.trajectories/completed/2026-01/traj_dfuvww9pege5.md +37 -0
package/.trajectories/completed/2026-01/traj_g0fisy9h51mf.json +77 -0
package/.trajectories/completed/2026-01/traj_g0fisy9h51mf.md +42 -0
package/.trajectories/completed/2026-01/traj_gjdre5voouod.json +53 -0
package/.trajectories/completed/2026-01/traj_gjdre5voouod.md +32 -0
package/.trajectories/completed/2026-01/traj_gtlyqtta3x8l.json +25 -0
package/.trajectories/completed/2026-01/traj_gtlyqtta3x8l.md +15 -0
package/.trajectories/completed/2026-01/traj_h4xijiuip3w4.json +101 -0
package/.trajectories/completed/2026-01/traj_h4xijiuip3w4.md +44 -0
package/.trajectories/completed/2026-01/traj_hhxte7w4gjjx.json +22 -0
package/.trajectories/completed/2026-01/traj_hhxte7w4gjjx.md +5 -0
package/.trajectories/completed/2026-01/traj_hpungyhoj6v5.json +53 -0
package/.trajectories/completed/2026-01/traj_hpungyhoj6v5.md +32 -0
package/.trajectories/completed/2026-01/traj_m2xkjv0w2sq7.json +25 -0
package/.trajectories/completed/2026-01/traj_m2xkjv0w2sq7.md +15 -0
package/.trajectories/completed/2026-01/traj_noq5zbvnrdvz.json +53 -0
package/.trajectories/completed/2026-01/traj_noq5zbvnrdvz.md +32 -0
package/.trajectories/completed/2026-01/traj_ntbs6ppopf46.json +53 -0
package/.trajectories/completed/2026-01/traj_ntbs6ppopf46.md +32 -0
package/.trajectories/completed/2026-01/traj_ozd98si6a7ns.json +48 -0
package/.trajectories/completed/2026-01/traj_ozd98si6a7ns.md +24 -0
package/.trajectories/completed/2026-01/traj_prdza7a5cxp5.json +53 -0
package/.trajectories/completed/2026-01/traj_prdza7a5cxp5.md +32 -0
package/.trajectories/completed/2026-01/traj_qb3twvvywfwi.json +77 -0
package/.trajectories/completed/2026-01/traj_qb3twvvywfwi.md +42 -0
package/.trajectories/completed/2026-01/traj_qft54mi7nfor.json +53 -0
package/.trajectories/completed/2026-01/traj_qft54mi7nfor.md +32 -0
package/.trajectories/completed/2026-01/traj_qx9uhf8whhxo.json +83 -0
package/.trajectories/completed/2026-01/traj_qx9uhf8whhxo.md +47 -0
package/.trajectories/completed/2026-01/traj_rd9toccj18a0.json +59 -0
package/.trajectories/completed/2026-01/traj_rd9toccj18a0.md +37 -0
package/.trajectories/completed/2026-01/traj_rt4fiw3ecp50.json +48 -0
package/.trajectories/completed/2026-01/traj_rt4fiw3ecp50.md +16 -0
package/.trajectories/completed/2026-01/traj_st8j35b0hrlc.json +59 -0
package/.trajectories/completed/2026-01/traj_st8j35b0hrlc.md +37 -0
package/.trajectories/completed/2026-01/traj_t1yy8m7hbuxp.json +53 -0
package/.trajectories/completed/2026-01/traj_t1yy8m7hbuxp.md +32 -0
package/.trajectories/completed/2026-01/traj_tmux_orchestrator_analysis.json +84 -0
package/.trajectories/completed/2026-01/traj_tmux_orchestrator_analysis.md +109 -0
package/.trajectories/completed/2026-01/traj_u9n9eqasw16k.json +53 -0
package/.trajectories/completed/2026-01/traj_u9n9eqasw16k.md +32 -0
package/.trajectories/completed/2026-01/traj_v87hypnongqx.json +71 -0
package/.trajectories/completed/2026-01/traj_v87hypnongqx.md +42 -0
package/.trajectories/completed/2026-01/traj_wkp2fgzdyinb.json +53 -0
package/.trajectories/completed/2026-01/traj_wkp2fgzdyinb.md +32 -0
package/.trajectories/completed/2026-01/traj_x14t8w8rn7xg.json +20 -0
package/.trajectories/completed/2026-01/traj_x14t8w8rn7xg.md +6 -0
package/.trajectories/completed/2026-01/traj_xnwbznkvv8ua.json +175 -0
package/.trajectories/completed/2026-01/traj_xnwbznkvv8ua.md +82 -0
package/.trajectories/completed/2026-01/traj_ysjc8zaeqtd3.json +47 -0
package/.trajectories/completed/2026-01/traj_ysjc8zaeqtd3.md +32 -0
package/.trajectories/completed/2026-01/traj_yvdadtvdgnz3.json +59 -0
package/.trajectories/completed/2026-01/traj_yvdadtvdgnz3.md +37 -0
package/.trajectories/completed/2026-01/traj_z0vcw1wrzide.json +53 -0
package/.trajectories/completed/2026-01/traj_z0vcw1wrzide.md +32 -0
package/.trajectories/index.json +314 -0
package/ARCHITECTURE.md +1245 -0
package/README.md +1 -1
package/TESTING.md +278 -0
package/deploy/init-db.sql +5 -0
package/deploy/scripts/setup-fly-workspaces.sh +69 -0
package/deploy/scripts/setup-railway.sh +75 -0
package/deploy/workspace/entrypoint-browser.sh +118 -0
package/deploy/workspace/entrypoint.sh +348 -0
package/deploy/workspace/git-credential-relay +111 -0
package/dist/bridge/spawner.d.ts +53 -0
package/dist/bridge/spawner.js +203 -19
package/dist/bridge/types.d.ts +12 -0
package/dist/cli/index.js +618 -5
package/dist/cloud/api/auth.d.ts +3 -2
package/dist/cloud/api/auth.js +10 -98
package/dist/cloud/api/billing.js +30 -9
package/dist/cloud/api/cli-pty-runner.d.ts +54 -0
package/dist/cloud/api/cli-pty-runner.js +119 -0
package/dist/cloud/api/codex-auth-helper.d.ts +15 -0
package/dist/cloud/api/codex-auth-helper.js +100 -0
package/dist/cloud/api/generic-webhooks.d.ts +8 -0
package/dist/cloud/api/generic-webhooks.js +129 -0
package/dist/cloud/api/git.d.ts +8 -0
package/dist/cloud/api/git.js +152 -0
package/dist/cloud/api/github-app.d.ts +11 -0
package/dist/cloud/api/github-app.js +189 -0
package/dist/cloud/api/middleware/planLimits.d.ts +7 -0
package/dist/cloud/api/middleware/planLimits.js +39 -1
package/dist/cloud/api/monitoring.d.ts +11 -0
package/dist/cloud/api/monitoring.js +578 -0
package/dist/cloud/api/nango-auth.d.ts +9 -0
package/dist/cloud/api/nango-auth.js +377 -0
package/dist/cloud/api/onboarding.d.ts +8 -1
package/dist/cloud/api/onboarding.js +313 -119
package/dist/cloud/api/policy.d.ts +8 -0
package/dist/cloud/api/policy.js +229 -0
package/dist/cloud/api/providers.js +114 -42
package/dist/cloud/api/repos.d.ts +1 -0
package/dist/cloud/api/repos.js +186 -0
package/dist/cloud/api/test-helpers.d.ts +10 -0
package/dist/cloud/api/test-helpers.js +575 -0
package/dist/cloud/api/webhooks.d.ts +8 -0
package/dist/cloud/api/webhooks.js +645 -0
package/dist/cloud/api/workspaces.js +320 -12
package/dist/cloud/billing/plans.js +32 -19
package/dist/cloud/billing/types.d.ts +9 -3
package/dist/cloud/config.d.ts +9 -2
package/dist/cloud/config.js +13 -4
package/dist/cloud/db/drizzle.d.ts +84 -1
package/dist/cloud/db/drizzle.js +470 -0
package/dist/cloud/db/index.d.ts +9 -4
package/dist/cloud/db/index.js +11 -3
package/dist/cloud/db/schema.d.ts +3283 -556
package/dist/cloud/db/schema.js +314 -1
package/dist/cloud/index.d.ts +1 -0
package/dist/cloud/index.js +2 -0
package/dist/cloud/provisioner/index.d.ts +56 -0
package/dist/cloud/provisioner/index.js +676 -34
package/dist/cloud/server.d.ts +1 -0
package/dist/cloud/server.js +362 -13
package/dist/cloud/services/auto-scaler.d.ts +152 -0
package/dist/cloud/services/auto-scaler.js +439 -0
package/dist/cloud/services/capacity-manager.d.ts +148 -0
package/dist/cloud/services/capacity-manager.js +449 -0
package/dist/cloud/services/ci-agent-spawner.d.ts +49 -0
package/dist/cloud/services/ci-agent-spawner.js +373 -0
package/dist/cloud/services/index.d.ts +12 -0
package/dist/cloud/services/index.js +15 -0
package/dist/cloud/services/mention-handler.d.ts +65 -0
package/dist/cloud/services/mention-handler.js +405 -0
package/dist/cloud/services/nango.d.ts +186 -0
package/dist/cloud/services/nango.js +344 -0
package/dist/cloud/services/persistence.d.ts +131 -0
package/dist/cloud/services/persistence.js +200 -0
package/dist/cloud/services/planLimits.d.ts +37 -0
package/dist/cloud/services/planLimits.js +86 -5
package/dist/cloud/services/scaling-orchestrator.d.ts +159 -0
package/dist/cloud/services/scaling-orchestrator.js +502 -0
package/dist/cloud/services/scaling-policy.d.ts +121 -0
package/dist/cloud/services/scaling-policy.js +415 -0
package/dist/cloud/vault/index.js +1 -1
package/dist/cloud/webhooks/index.d.ts +24 -0
package/dist/cloud/webhooks/index.js +29 -0
package/dist/cloud/webhooks/parsers/github.d.ts +8 -0
package/dist/cloud/webhooks/parsers/github.js +234 -0
package/dist/cloud/webhooks/parsers/index.d.ts +23 -0
package/dist/cloud/webhooks/parsers/index.js +30 -0
package/dist/cloud/webhooks/parsers/linear.d.ts +9 -0
package/dist/cloud/webhooks/parsers/linear.js +258 -0
package/dist/cloud/webhooks/parsers/slack.d.ts +9 -0
package/dist/cloud/webhooks/parsers/slack.js +214 -0
package/dist/cloud/webhooks/responders/github.d.ts +8 -0
package/dist/cloud/webhooks/responders/github.js +73 -0
package/dist/cloud/webhooks/responders/index.d.ts +23 -0
package/dist/cloud/webhooks/responders/index.js +30 -0
package/dist/cloud/webhooks/responders/linear.d.ts +9 -0
package/dist/cloud/webhooks/responders/linear.js +149 -0
package/dist/cloud/webhooks/responders/slack.d.ts +20 -0
package/dist/cloud/webhooks/responders/slack.js +178 -0
package/dist/cloud/webhooks/router.d.ts +25 -0
package/dist/cloud/webhooks/router.js +504 -0
package/dist/cloud/webhooks/rules-engine.d.ts +24 -0
package/dist/cloud/webhooks/rules-engine.js +287 -0
package/dist/cloud/webhooks/types.d.ts +186 -0
package/dist/cloud/webhooks/types.js +8 -0
package/dist/continuity/formatter.d.ts +51 -0
package/dist/continuity/formatter.js +313 -0
package/dist/continuity/handoff-store.d.ts +67 -0
package/dist/continuity/handoff-store.js +472 -0
package/dist/continuity/index.d.ts +45 -0
package/dist/continuity/index.js +48 -0
package/dist/continuity/ledger-store.d.ts +110 -0
package/dist/continuity/ledger-store.js +500 -0
package/dist/continuity/manager.d.ts +178 -0
package/dist/continuity/manager.js +562 -0
package/dist/continuity/parser.d.ts +76 -0
package/dist/continuity/parser.js +579 -0
package/dist/continuity/types.d.ts +180 -0
package/dist/continuity/types.js +9 -0
package/dist/daemon/agent-manager.d.ts +27 -0
package/dist/daemon/agent-manager.js +107 -6
package/dist/daemon/agent-registry.d.ts +32 -0
package/dist/daemon/agent-registry.js +42 -2
package/dist/daemon/api.d.ts +12 -0
package/dist/daemon/api.js +131 -2
package/dist/daemon/cli-auth.d.ts +67 -0
package/dist/daemon/cli-auth.js +537 -0
package/dist/daemon/cloud-sync.js +9 -7
package/dist/daemon/orchestrator.js +30 -0
package/dist/daemon/router.d.ts +5 -0
package/dist/daemon/router.js +78 -26
package/dist/daemon/server.d.ts +5 -0
package/dist/daemon/server.js +9 -1
package/dist/daemon/services/browser-testing.d.ts +88 -0
package/dist/daemon/services/browser-testing.js +244 -0
package/dist/daemon/services/container-spawner.d.ts +135 -0
package/dist/daemon/services/container-spawner.js +313 -0
package/dist/daemon/types.d.ts +5 -1
package/dist/dashboard/out/404.html +1 -1
package/dist/dashboard/out/_next/static/chunks/116-2502180def231162.js +1 -0
package/dist/dashboard/out/_next/static/chunks/282-980c2eb8fff20123.js +1 -0
package/dist/dashboard/out/_next/static/chunks/699-3b1cd6618a45d259.js +1 -0
package/dist/dashboard/out/_next/static/chunks/724-2dae7627550ab88f.js +9 -0
package/dist/dashboard/out/_next/static/chunks/766-1f2dd8cb7f766b0b.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/app/onboarding/page-3fdfa60e53f2810d.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/app/page-e6381e5a6e1fbcfd.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/connect-repos/page-3538dfe0ffe984b8.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/history/{page-b6edd4dde8d08194.js → page-abb9ab2d329f56e9.js} +1 -1
package/dist/dashboard/out/_next/static/chunks/app/layout-c0d118c0f92d969c.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/login/page-c22d080201cbd9fb.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/metrics/page-67a3e98d9a43a6ed.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/page-77e9c65420a06cfb.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/pricing/page-b08ed1c34d14434a.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/providers/page-e88bc117ef7671c3.js +1 -0
package/dist/dashboard/out/_next/static/chunks/app/signup/page-68d34f50baa8ab6b.js +1 -0
package/dist/dashboard/out/_next/static/chunks/e868780c-48e5f147c90a3a41.js +18 -0
package/dist/dashboard/out/_next/static/chunks/{main-app-5d692157a8eb1fd9.js → main-app-6e8e8d3ef4e0192a.js} +1 -1
package/dist/dashboard/out/_next/static/chunks/{main-c2f423b9c9f4591b.js → main-ed4e1fb6f29c34cf.js} +1 -1
package/dist/dashboard/out/_next/static/chunks/webpack-1cdd8ed57114d5e1.js +1 -0
package/dist/dashboard/out/_next/static/css/29852f26181969a0.css +1 -0
package/dist/dashboard/out/_next/static/css/7c3ae9e8617d42a5.css +1 -0
package/dist/dashboard/out/app/onboarding.html +1 -0
package/dist/dashboard/out/app/onboarding.txt +7 -0
package/dist/dashboard/out/app.html +1 -14
package/dist/dashboard/out/app.txt +2 -2
package/dist/dashboard/out/connect-repos.html +1 -0
package/dist/dashboard/out/connect-repos.txt +7 -0
package/dist/dashboard/out/history.html +1 -1
package/dist/dashboard/out/history.txt +2 -2
package/dist/dashboard/out/index.html +1 -1
package/dist/dashboard/out/index.txt +2 -2
package/dist/dashboard/out/login.html +6 -0
package/dist/dashboard/out/login.txt +7 -0
package/dist/dashboard/out/metrics.html +1 -1
package/dist/dashboard/out/metrics.txt +2 -2
package/dist/dashboard/out/pricing.html +3 -3
package/dist/dashboard/out/pricing.txt +2 -2
package/dist/dashboard/out/providers.html +1 -0
package/dist/dashboard/out/providers.txt +7 -0
package/dist/dashboard/out/signup.html +6 -0
package/dist/dashboard/out/signup.txt +7 -0
package/dist/dashboard-server/server.js +1308 -8
package/dist/hooks/emitter.d.ts +40 -0
package/dist/hooks/emitter.js +63 -0
package/dist/hooks/index.d.ts +3 -0
package/dist/hooks/index.js +3 -0
package/dist/hooks/registry.d.ts +173 -0
package/dist/hooks/registry.js +476 -0
package/dist/hooks/trajectory-hooks.d.ts +52 -0
package/dist/hooks/trajectory-hooks.js +183 -0
package/dist/hooks/types.d.ts +141 -0
package/dist/index.d.ts +2 -0
package/dist/index.js +3 -0
package/dist/memory/adapters/index.d.ts +8 -0
package/dist/memory/adapters/index.js +8 -0
package/dist/memory/adapters/inmemory.d.ts +59 -0
package/dist/memory/adapters/inmemory.js +195 -0
package/dist/memory/adapters/supermemory.d.ts +71 -0
package/dist/memory/adapters/supermemory.js +338 -0
package/dist/memory/factory.d.ts +48 -0
package/dist/memory/factory.js +143 -0
package/dist/memory/index.d.ts +32 -0
package/dist/memory/index.js +32 -0
package/dist/memory/memory-hooks.d.ts +60 -0
package/dist/memory/memory-hooks.js +313 -0
package/dist/memory/service.d.ts +49 -0
package/dist/memory/service.js +146 -0
package/dist/memory/types.d.ts +195 -0
package/dist/memory/types.js +8 -0
package/dist/policy/agent-policy.d.ts +225 -0
package/dist/policy/agent-policy.js +665 -0
package/dist/policy/cloud-policy-fetcher.d.ts +12 -0
package/dist/policy/cloud-policy-fetcher.js +64 -0
package/dist/resiliency/crash-insights.d.ts +156 -0
package/dist/resiliency/crash-insights.js +492 -0
package/dist/resiliency/gossip-health.d.ts +137 -0
package/dist/resiliency/gossip-health.js +241 -0
package/dist/resiliency/index.d.ts +5 -0
package/dist/resiliency/index.js +5 -0
package/dist/resiliency/leader-watchdog.d.ts +109 -0
package/dist/resiliency/leader-watchdog.js +189 -0
package/dist/resiliency/memory-monitor.d.ts +172 -0
package/dist/resiliency/memory-monitor.js +593 -0
package/dist/resiliency/stateless-lead.d.ts +149 -0
package/dist/resiliency/stateless-lead.js +308 -0
package/dist/resiliency/supervisor.d.ts +38 -0
package/dist/resiliency/supervisor.js +122 -0
package/dist/shared/cli-auth-config.d.ts +91 -0
package/dist/shared/cli-auth-config.js +264 -0
package/dist/storage/adapter.d.ts +1 -1
package/dist/trajectory/config.d.ts +84 -0
package/dist/trajectory/config.js +163 -0
package/dist/trajectory/index.d.ts +8 -0
package/dist/trajectory/index.js +8 -0
package/dist/trajectory/integration.d.ts +292 -0
package/dist/trajectory/integration.js +834 -0
package/dist/utils/logger.js +1 -1
package/dist/utils/project-namespace.d.ts +24 -0
package/dist/utils/project-namespace.js +84 -0
package/dist/wrapper/parser.d.ts +10 -0
package/dist/wrapper/parser.js +100 -33
package/dist/wrapper/pty-wrapper.d.ts +197 -16
package/dist/wrapper/pty-wrapper.js +943 -106
package/dist/wrapper/shared.d.ts +165 -0
package/dist/wrapper/shared.js +270 -0
package/dist/wrapper/tmux-wrapper.d.ts +73 -11
package/dist/wrapper/tmux-wrapper.js +541 -120
package/package.json +16 -16
package/scripts/postinstall.js +60 -0
package/test-push.txt +1 -0
package/bin/tmux +0 -0
package/dist/bridge/config.d.ts.map +0 -1
package/dist/bridge/config.js.map +0 -1
package/dist/bridge/index.d.ts.map +0 -1
package/dist/bridge/index.js.map +0 -1
package/dist/bridge/multi-project-client.d.ts.map +0 -1
package/dist/bridge/multi-project-client.js.map +0 -1
package/dist/bridge/shadow-cli.d.ts.map +0 -1
package/dist/bridge/shadow-cli.js.map +0 -1
package/dist/bridge/shadow-config.d.ts.map +0 -1
package/dist/bridge/shadow-config.js.map +0 -1
package/dist/bridge/spawner.d.ts.map +0 -1
package/dist/bridge/spawner.js.map +0 -1
package/dist/bridge/teams-config.d.ts.map +0 -1
package/dist/bridge/teams-config.js.map +0 -1
package/dist/bridge/types.d.ts.map +0 -1
package/dist/bridge/types.js.map +0 -1
package/dist/bridge/utils.d.ts.map +0 -1
package/dist/bridge/utils.js.map +0 -1
package/dist/cli/index.d.ts.map +0 -1
package/dist/cli/index.js.map +0 -1
package/dist/cloud/api/auth.d.ts.map +0 -1
package/dist/cloud/api/auth.js.map +0 -1
package/dist/cloud/api/billing.d.ts.map +0 -1
package/dist/cloud/api/billing.js.map +0 -1
package/dist/cloud/api/coordinators.d.ts.map +0 -1
package/dist/cloud/api/coordinators.js.map +0 -1
package/dist/cloud/api/daemons.d.ts.map +0 -1
package/dist/cloud/api/daemons.js.map +0 -1
package/dist/cloud/api/middleware/planLimits.d.ts.map +0 -1
package/dist/cloud/api/middleware/planLimits.js.map +0 -1
package/dist/cloud/api/onboarding.d.ts.map +0 -1
package/dist/cloud/api/onboarding.js.map +0 -1
package/dist/cloud/api/providers.d.ts.map +0 -1
package/dist/cloud/api/providers.js.map +0 -1
package/dist/cloud/api/repos.d.ts.map +0 -1
package/dist/cloud/api/repos.js.map +0 -1
package/dist/cloud/api/teams.d.ts.map +0 -1
package/dist/cloud/api/teams.js.map +0 -1
package/dist/cloud/api/usage.d.ts.map +0 -1
package/dist/cloud/api/usage.js.map +0 -1
package/dist/cloud/api/workspaces.d.ts.map +0 -1
package/dist/cloud/api/workspaces.js.map +0 -1
package/dist/cloud/billing/index.d.ts.map +0 -1
package/dist/cloud/billing/index.js.map +0 -1
package/dist/cloud/billing/plans.d.ts.map +0 -1
package/dist/cloud/billing/plans.js.map +0 -1
package/dist/cloud/billing/service.d.ts.map +0 -1
package/dist/cloud/billing/service.js.map +0 -1
package/dist/cloud/billing/types.d.ts.map +0 -1
package/dist/cloud/billing/types.js.map +0 -1
package/dist/cloud/config.d.ts.map +0 -1
package/dist/cloud/config.js.map +0 -1
package/dist/cloud/db/drizzle.d.ts.map +0 -1
package/dist/cloud/db/drizzle.js.map +0 -1
package/dist/cloud/db/index.d.ts.map +0 -1
package/dist/cloud/db/index.js.map +0 -1
package/dist/cloud/db/schema.d.ts.map +0 -1
package/dist/cloud/db/schema.js.map +0 -1
package/dist/cloud/index.d.ts.map +0 -1
package/dist/cloud/index.js.map +0 -1
package/dist/cloud/provisioner/index.d.ts.map +0 -1
package/dist/cloud/provisioner/index.js.map +0 -1
package/dist/cloud/server.d.ts.map +0 -1
package/dist/cloud/server.js.map +0 -1
package/dist/cloud/services/coordinator.d.ts.map +0 -1
package/dist/cloud/services/coordinator.js.map +0 -1
package/dist/cloud/services/planLimits.d.ts.map +0 -1
package/dist/cloud/services/planLimits.js.map +0 -1
package/dist/cloud/vault/index.d.ts.map +0 -1
package/dist/cloud/vault/index.js.map +0 -1
package/dist/daemon/agent-manager.d.ts.map +0 -1
package/dist/daemon/agent-manager.js.map +0 -1
package/dist/daemon/agent-registry.d.ts.map +0 -1
package/dist/daemon/agent-registry.js.map +0 -1
package/dist/daemon/api.d.ts.map +0 -1
package/dist/daemon/api.js.map +0 -1
package/dist/daemon/auth.d.ts.map +0 -1
package/dist/daemon/auth.js.map +0 -1
package/dist/daemon/cloud-sync.d.ts.map +0 -1
package/dist/daemon/cloud-sync.js.map +0 -1
package/dist/daemon/connection.d.ts.map +0 -1
package/dist/daemon/connection.js.map +0 -1
package/dist/daemon/index.d.ts.map +0 -1
package/dist/daemon/index.js.map +0 -1
package/dist/daemon/orchestrator.d.ts.map +0 -1
package/dist/daemon/orchestrator.js.map +0 -1
package/dist/daemon/registry.d.ts.map +0 -1
package/dist/daemon/registry.js.map +0 -1
package/dist/daemon/router.d.ts.map +0 -1
package/dist/daemon/router.js.map +0 -1
package/dist/daemon/server.d.ts.map +0 -1
package/dist/daemon/server.js.map +0 -1
package/dist/daemon/types.d.ts.map +0 -1
package/dist/daemon/types.js.map +0 -1
package/dist/daemon/workspace-manager.d.ts.map +0 -1
package/dist/daemon/workspace-manager.js.map +0 -1
package/dist/dashboard/out/_next/static/chunks/693-7b3301d8f6bc5014.js +0 -1
package/dist/dashboard/out/_next/static/chunks/713-f78477eb185f1f4d.js +0 -1
package/dist/dashboard/out/_next/static/chunks/766-e53e1cfe39b0b5b5.js +0 -1
package/dist/dashboard/out/_next/static/chunks/900-037c64bfd797fb2a.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/app/page-e3d9e1f4466b9bae.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/layout-2433bb48965f4333.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/metrics/page-e68825a81db67ba1.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/page-cc108bf68c8a657f.js +0 -1
package/dist/dashboard/out/_next/static/chunks/app/pricing/page-d80e03a5297f95b6.js +0 -1
package/dist/dashboard/out/_next/static/chunks/webpack-a5acc2831d094776.js +0 -1
package/dist/dashboard/out/_next/static/css/79b80143647a07d7.css +0 -1
package/dist/dashboard/out/_next/static/css/8cf277370ad48cfe.css +0 -1
package/dist/dashboard-server/metrics.d.ts.map +0 -1
package/dist/dashboard-server/metrics.js.map +0 -1
package/dist/dashboard-server/needs-attention.d.ts.map +0 -1
package/dist/dashboard-server/needs-attention.js.map +0 -1
package/dist/dashboard-server/server.d.ts.map +0 -1
package/dist/dashboard-server/server.js.map +0 -1
package/dist/dashboard-server/start.d.ts.map +0 -1
package/dist/dashboard-server/start.js.map +0 -1
package/dist/hooks/inbox-check/hook.d.ts.map +0 -1
package/dist/hooks/inbox-check/hook.js.map +0 -1
package/dist/hooks/inbox-check/index.d.ts.map +0 -1
package/dist/hooks/inbox-check/index.js.map +0 -1
package/dist/hooks/inbox-check/types.d.ts.map +0 -1
package/dist/hooks/inbox-check/types.js.map +0 -1
package/dist/hooks/inbox-check/utils.d.ts.map +0 -1
package/dist/hooks/inbox-check/utils.js.map +0 -1
package/dist/hooks/index.d.ts.map +0 -1
package/dist/hooks/index.js.map +0 -1
package/dist/hooks/types.d.ts.map +0 -1
package/dist/hooks/types.js.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/index.js.map +0 -1
package/dist/protocol/framing.d.ts.map +0 -1
package/dist/protocol/framing.js.map +0 -1
package/dist/protocol/index.d.ts.map +0 -1
package/dist/protocol/index.js.map +0 -1
package/dist/protocol/types.d.ts.map +0 -1
package/dist/protocol/types.js.map +0 -1
package/dist/resiliency/context-persistence.d.ts.map +0 -1
package/dist/resiliency/context-persistence.js.map +0 -1
package/dist/resiliency/health-monitor.d.ts.map +0 -1
package/dist/resiliency/health-monitor.js.map +0 -1
package/dist/resiliency/index.d.ts.map +0 -1
package/dist/resiliency/index.js.map +0 -1
package/dist/resiliency/logger.d.ts.map +0 -1
package/dist/resiliency/logger.js.map +0 -1
package/dist/resiliency/metrics.d.ts.map +0 -1
package/dist/resiliency/metrics.js.map +0 -1
package/dist/resiliency/provider-context.d.ts.map +0 -1
package/dist/resiliency/provider-context.js.map +0 -1
package/dist/resiliency/supervisor.d.ts.map +0 -1
package/dist/resiliency/supervisor.js.map +0 -1
package/dist/state/agent-state.d.ts.map +0 -1
package/dist/state/agent-state.js.map +0 -1
package/dist/storage/adapter.d.ts.map +0 -1
package/dist/storage/adapter.js.map +0 -1
package/dist/storage/sqlite-adapter.d.ts.map +0 -1
package/dist/storage/sqlite-adapter.js.map +0 -1
package/dist/utils/agent-config.d.ts.map +0 -1
package/dist/utils/agent-config.js.map +0 -1
package/dist/utils/command-resolver.d.ts.map +0 -1
package/dist/utils/command-resolver.js.map +0 -1
package/dist/utils/index.d.ts.map +0 -1
package/dist/utils/index.js.map +0 -1
package/dist/utils/logger.d.ts.map +0 -1
package/dist/utils/logger.js.map +0 -1
package/dist/utils/name-generator.d.ts.map +0 -1
package/dist/utils/name-generator.js.map +0 -1
package/dist/utils/project-namespace.d.ts.map +0 -1
package/dist/utils/project-namespace.js.map +0 -1
package/dist/utils/tmux-resolver.d.ts.map +0 -1
package/dist/utils/tmux-resolver.js.map +0 -1
package/dist/utils/update-checker.d.ts.map +0 -1
package/dist/utils/update-checker.js.map +0 -1
package/dist/wrapper/client.d.ts.map +0 -1
package/dist/wrapper/client.js.map +0 -1
package/dist/wrapper/inbox.d.ts.map +0 -1
package/dist/wrapper/inbox.js.map +0 -1
package/dist/wrapper/index.d.ts.map +0 -1
package/dist/wrapper/index.js.map +0 -1
package/dist/wrapper/parser.d.ts.map +0 -1
package/dist/wrapper/parser.js.map +0 -1
package/dist/wrapper/pty-wrapper.d.ts.map +0 -1
package/dist/wrapper/pty-wrapper.js.map +0 -1
package/dist/wrapper/tmux-wrapper.d.ts.map +0 -1
package/dist/wrapper/tmux-wrapper.js.map +0 -1
package/docs/AGENTS.md +0 -513
package/docs/ARCHITECTURE_DECISIONS.md +0 -175
package/docs/CHANGELOG.md +0 -11
package/docs/CLI-SIMPLIFICATION-COMPLETE.md +0 -48
package/docs/CLOUD-ARCHITECTURE.md +0 -652
package/docs/CLOUD-ONBOARDING-DESIGN.md +0 -1983
package/docs/COMPETITIVE_ANALYSIS.md +0 -897
package/docs/CONTRIBUTING.md +0 -151
package/docs/DESIGN_BRIDGE_STAFFING.md +0 -878
package/docs/DESIGN_V2.md +0 -1079
package/docs/INTEGRATION-GUIDE.md +0 -926
package/docs/MONETIZATION.md +0 -1679
package/docs/PROPOSAL-trajectories.md +0 -1582
package/docs/PROTOCOL.md +0 -325
package/docs/SCALING_ANALYSIS.md +0 -280
package/docs/TESTING_PRESENCE_FEATURES.md +0 -327
package/docs/TMUX_IMPLEMENTATION_NOTES.md +0 -364
package/docs/TMUX_IMPROVEMENTS.md +0 -968
package/docs/agent-relay-snippet.md +0 -168
package/docs/competitive-analysis-mcp-agent-mail.md +0 -389
package/docs/dashboard-v2-plan.md +0 -179
package/docs/guides/CLOUD.md +0 -236
package/docs/guides/LOCAL.md +0 -535
package/docs/guides/SELF-HOSTED.md +0 -494
package/docs/proposals/shadow-as-subagent.md +0 -765
package/docs/proposals/slack-bot-integration.md +0 -1457
package/docs/removable-code-analysis.md +0 -24
package/scripts/dev/PUBLIC_RELEASE_PLAN.md +0 -88
package/scripts/dev/dev-team-setup.sh +0 -431
package/scripts/e2e-test.sh +0 -119
package/scripts/games/game-protocol.md +0 -79
package/scripts/games/hearts-setup.sh +0 -264
package/scripts/tictactoe-setup.sh +0 -181
/package/dist/dashboard/out/_next/static/chunks/{117-b2cd8d6485aacf2b.js → 117-f7b8ab0809342e77.js} +0 -0
/package/dist/dashboard/out/_next/static/chunks/{648-8f3f26864ce515e5.js → 648-5cc6e1921389a58a.js} +0 -0
/package/dist/dashboard/out/_next/static/chunks/app/_not-found/{page-0b990dbb71d72a98.js → page-53b8a69f76db17d0.js} +0 -0
/package/dist/dashboard/out/_next/static/chunks/{fd9d1056-bf46c09eb57e019c.js → fd9d1056-609918ca7b6280bb.js} +0 -0
/package/dist/dashboard/out/_next/static/{6HHWb2ZmnJ4OSm0zUP7h4 → wPgKJtcOmTFLpUncDg16A}/_buildManifest.js +0 -0
/package/dist/dashboard/out/_next/static/{6HHWb2ZmnJ4OSm0zUP7h4 → wPgKJtcOmTFLpUncDg16A}/_ssgManifest.js +0 -0

package/dist/cloud/api/policy.js ADDED Viewed

@@ -0,0 +1,229 @@
+/**
+ * Agent Policy API Routes
+ *
+ * Provides endpoints for managing workspace-level agent policies.
+ * These policies serve as fallbacks when repos don't have .claude/policies/ files.
+ */
+import { Router } from 'express';
+import { db } from '../db/index.js';
+export const policyRouter = Router();
+/**
+ * GET /api/policy/:workspaceId
+ * Get the agent policy for a workspace
+ */
+policyRouter.get('/:workspaceId', async (req, res) => {
+    const { workspaceId } = req.params;
+    const userId = req.userId;
+    if (!userId) {
+        return res.status(401).json({ error: 'Unauthorized' });
+    }
+    try {
+        const workspace = await db.workspaces.findById(workspaceId);
+        if (!workspace) {
+            return res.status(404).json({ error: 'Workspace not found' });
+        }
+        // Check user has access to this workspace
+        if (workspace.userId !== userId) {
+            const members = await db.workspaceMembers.findByWorkspaceId(workspaceId);
+            const member = members.find(m => m.userId === userId);
+            if (!member) {
+                return res.status(403).json({ error: 'Access denied' });
+            }
+        }
+        // Return the policy (or default if not set)
+        const policy = workspace.config?.agentPolicy ?? getDefaultPolicy();
+        res.json({
+            workspaceId,
+            policy,
+            source: workspace.config?.agentPolicy ? 'workspace' : 'default',
+        });
+    }
+    catch (error) {
+        console.error('[policy] Error getting policy:', error);
+        res.status(500).json({ error: 'Failed to get policy' });
+    }
+});
+/**
+ * PUT /api/policy/:workspaceId
+ * Update the agent policy for a workspace
+ */
+policyRouter.put('/:workspaceId', async (req, res) => {
+    const { workspaceId } = req.params;
+    const userId = req.userId;
+    const policy = req.body.policy;
+    if (!userId) {
+        return res.status(401).json({ error: 'Unauthorized' });
+    }
+    if (!policy || typeof policy !== 'object') {
+        return res.status(400).json({ error: 'Policy object is required' });
+    }
+    try {
+        const workspace = await db.workspaces.findById(workspaceId);
+        if (!workspace) {
+            return res.status(404).json({ error: 'Workspace not found' });
+        }
+        // Only owner can update policy
+        if (workspace.userId !== userId) {
+            const members = await db.workspaceMembers.findByWorkspaceId(workspaceId);
+            const member = members.find(m => m.userId === userId);
+            if (!member || !['owner', 'admin'].includes(member.role)) {
+                return res.status(403).json({ error: 'Only owners and admins can update policy' });
+            }
+        }
+        // Validate policy structure
+        const validationError = validatePolicy(policy);
+        if (validationError) {
+            return res.status(400).json({ error: validationError });
+        }
+        // Update workspace config with new policy
+        const newConfig = {
+            ...workspace.config,
+            agentPolicy: policy,
+        };
+        await db.workspaces.updateConfig(workspaceId, newConfig);
+        res.json({
+            success: true,
+            workspaceId,
+            policy,
+        });
+    }
+    catch (error) {
+        console.error('[policy] Error updating policy:', error);
+        res.status(500).json({ error: 'Failed to update policy' });
+    }
+});
+/**
+ * DELETE /api/policy/:workspaceId
+ * Reset workspace policy to defaults
+ */
+policyRouter.delete('/:workspaceId', async (req, res) => {
+    const { workspaceId } = req.params;
+    const userId = req.userId;
+    if (!userId) {
+        return res.status(401).json({ error: 'Unauthorized' });
+    }
+    try {
+        const workspace = await db.workspaces.findById(workspaceId);
+        if (!workspace) {
+            return res.status(404).json({ error: 'Workspace not found' });
+        }
+        // Only owner can reset policy
+        if (workspace.userId !== userId) {
+            const members = await db.workspaceMembers.findByWorkspaceId(workspaceId);
+            const member = members.find(m => m.userId === userId);
+            if (!member || member.role !== 'owner') {
+                return res.status(403).json({ error: 'Only owners can reset policy' });
+            }
+        }
+        // Remove policy from config
+        const { agentPolicy: _agentPolicy, ...restConfig } = workspace.config ?? {};
+        await db.workspaces.updateConfig(workspaceId, restConfig);
+        res.json({
+            success: true,
+            workspaceId,
+            policy: getDefaultPolicy(),
+            source: 'default',
+        });
+    }
+    catch (error) {
+        console.error('[policy] Error resetting policy:', error);
+        res.status(500).json({ error: 'Failed to reset policy' });
+    }
+});
+/**
+ * GET /api/policy/:workspaceId/internal
+ * Internal endpoint for workspace containers to fetch policy
+ * Uses workspace token authentication (not user auth)
+ */
+policyRouter.get('/:workspaceId/internal', async (req, res) => {
+    const { workspaceId } = req.params;
+    // This endpoint should be called with the workspace token
+    // The git.ts file has the token verification logic we can reuse
+    // For now, we'll trust the workspace ID from container requests
+    try {
+        const workspace = await db.workspaces.findById(workspaceId);
+        if (!workspace) {
+            return res.status(404).json({ error: 'Workspace not found' });
+        }
+        const policy = workspace.config?.agentPolicy ?? getDefaultPolicy();
+        res.json({
+            defaultPolicy: policy.defaultPolicy,
+            agents: policy.agents ?? [],
+            settings: policy.settings ?? {
+                requireExplicitAgents: false,
+                auditEnabled: true,
+                maxTotalAgents: 50,
+            },
+        });
+    }
+    catch (error) {
+        console.error('[policy] Error getting internal policy:', error);
+        res.status(500).json({ error: 'Failed to get policy' });
+    }
+});
+/**
+ * Get default policy
+ */
+function getDefaultPolicy() {
+    return {
+        defaultPolicy: {
+            name: '*',
+            allowedTools: undefined, // All tools allowed
+            canSpawn: undefined, // Can spawn any
+            canMessage: undefined, // Can message any
+            maxSpawns: 10,
+            rateLimit: 60,
+            canBeSpawned: true,
+        },
+        agents: [],
+        settings: {
+            requireExplicitAgents: false,
+            auditEnabled: true,
+            maxTotalAgents: 50,
+        },
+    };
+}
+/**
+ * Validate policy structure
+ */
+function validatePolicy(policy) {
+    // Validate defaultPolicy
+    if (policy.defaultPolicy && typeof policy.defaultPolicy !== 'object') {
+        return 'defaultPolicy must be an object';
+    }
+    // Validate agents array
+    if (policy.agents) {
+        if (!Array.isArray(policy.agents)) {
+            return 'agents must be an array';
+        }
+        for (let i = 0; i < policy.agents.length; i++) {
+            const agent = policy.agents[i];
+            if (!agent.name || typeof agent.name !== 'string') {
+                return `agents[${i}].name is required and must be a string`;
+            }
+            // Validate arrays
+            if (agent.allowedTools && !Array.isArray(agent.allowedTools)) {
+                return `agents[${i}].allowedTools must be an array`;
+            }
+            if (agent.canSpawn && !Array.isArray(agent.canSpawn)) {
+                return `agents[${i}].canSpawn must be an array`;
+            }
+            if (agent.canMessage && !Array.isArray(agent.canMessage)) {
+                return `agents[${i}].canMessage must be an array`;
+            }
+            // Validate numbers
+            if (agent.maxSpawns !== undefined && typeof agent.maxSpawns !== 'number') {
+                return `agents[${i}].maxSpawns must be a number`;
+            }
+            if (agent.rateLimit !== undefined && typeof agent.rateLimit !== 'number') {
+                return `agents[${i}].rateLimit must be a number`;
+            }
+        }
+    }
+    // Validate settings
+    if (policy.settings && typeof policy.settings !== 'object') {
+        return 'settings must be an object';
+    }
+    return null;
+}
+//# sourceMappingURL=policy.js.map

package/dist/cloud/api/providers.js CHANGED Viewed

@@ -13,52 +13,47 @@ import { vault } from '../vault/index.js';
 export const providersRouter = Router();
 // All routes require authentication
 providersRouter.use(requireAuth);
-/**
- * Provider registry with OAuth/device flow configuration
- *
- * Auth Strategy:
- * - google: Real OAuth device flow (works today)
- * - anthropic: CLI-based auth (user runs `claude login`, we detect credentials)
- * - openai: CLI-based auth (user runs `codex auth`, we detect credentials)
- *
- * When providers add OAuth support, we can switch to device flow.
- */
 const PROVIDERS = {
     anthropic: {
         name: 'Anthropic',
         displayName: 'Claude',
         description: 'Claude Code - recommended for code tasks',
-        // Auth strategy: CLI-based until Anthropic adds OAuth
         authStrategy: 'cli',
-        cliCommand: 'claude login',
-        credentialPath: '~/.claude/credentials.json', // Where Claude stores tokens
-        // Future OAuth endpoints (hypothetical - for when Anthropic implements)
-        deviceCodeUrl: 'https://api.anthropic.com/oauth/device/code',
-        tokenUrl: 'https://api.anthropic.com/oauth/token',
-        userInfoUrl: 'https://api.anthropic.com/v1/user',
-        scopes: ['claude-code:execute', 'user:read'],
+        cliCommand: 'claude',
+        credentialPath: '~/.claude/credentials.json',
         color: '#D97757',
     },
-    openai: {
+    codex: {
         name: 'OpenAI',
         displayName: 'Codex',
-        description: 'Codex CLI for AI-assisted coding',
-        // Auth strategy: CLI-based until OpenAI adds OAuth
+        description: 'Codex - OpenAI coding assistant',
         authStrategy: 'cli',
-        cliCommand: 'codex auth',
+        cliCommand: 'codex login',
         credentialPath: '~/.codex/credentials.json',
-        // Future OAuth endpoints (hypothetical)
-        deviceCodeUrl: 'https://auth.openai.com/device/code',
-        tokenUrl: 'https://auth.openai.com/oauth/token',
-        userInfoUrl: 'https://api.openai.com/v1/user',
-        scopes: ['openid', 'profile', 'email', 'codex:execute'],
         color: '#10A37F',
     },
+    opencode: {
+        name: 'OpenCode',
+        displayName: 'OpenCode',
+        description: 'OpenCode - AI coding assistant',
+        authStrategy: 'cli',
+        cliCommand: 'opencode',
+        credentialPath: '~/.opencode/credentials.json',
+        color: '#00D4AA',
+    },
+    droid: {
+        name: 'Factory',
+        displayName: 'Droid',
+        description: 'Droid - Factory AI coding agent',
+        authStrategy: 'cli',
+        cliCommand: 'droid',
+        credentialPath: '~/.factory/credentials.json',
+        color: '#6366F1',
+    },
     google: {
         name: 'Google',
         displayName: 'Gemini',
         description: 'Gemini - multi-modal capabilities',
-        // Auth strategy: Real OAuth device flow (works today!)
         authStrategy: 'device_flow',
         deviceCodeUrl: 'https://oauth2.googleapis.com/device/code',
         tokenUrl: 'https://oauth2.googleapis.com/token',
@@ -67,6 +62,10 @@ const PROVIDERS = {
         color: '#4285F4',
     },
 };
+// Type guard for device flow providers
+function isDeviceFlowProvider(provider) {
+    return provider.authStrategy === 'device_flow';
+}
 let redisClient = null;
 async function getRedisClient() {
     if (!redisClient) {
@@ -171,7 +170,12 @@ providersRouter.post('/:provider/connect', async (req, res) => {
         });
     }
     // Device flow auth (Google) - start OAuth device flow
-    const clientConfig = config.providers[provider];
+    // At this point, we know it's a device flow provider (CLI was handled above)
+    if (!isDeviceFlowProvider(providerConfig)) {
+        return res.status(400).json({ error: 'Provider does not support device flow' });
+    }
+    // Only google is configured for device flow in config
+    const clientConfig = provider === 'google' ? config.providers.google : undefined;
     if (!clientConfig) {
         return res.status(400).json({ error: `Provider ${provider} not configured` });
     }
@@ -245,7 +249,7 @@ providersRouter.post('/:provider/verify', async (req, res) => {
             userId,
             provider,
             accessToken: 'cli-authenticated', // Placeholder - real token from CLI
-            scopes: providerConfig.scopes,
+            scopes: [], // CLI auth doesn't use scopes
             providerAccountEmail: req.body.email, // User can optionally provide
         });
         res.json({
@@ -259,6 +263,67 @@ providersRouter.post('/:provider/verify', async (req, res) => {
         res.status(500).json({ error: 'Failed to verify connection' });
     }
 });
+/**
+ * POST /api/providers/:provider/api-key
+ * Connect a provider using an API key (for cloud-hosted workspaces)
+ */
+providersRouter.post('/:provider/api-key', async (req, res) => {
+    const { provider } = req.params;
+    const userId = req.session.userId;
+    const { apiKey } = req.body;
+    if (!apiKey || typeof apiKey !== 'string') {
+        return res.status(400).json({ error: 'API key is required' });
+    }
+    const providerConfig = PROVIDERS[provider];
+    if (!providerConfig) {
+        return res.status(404).json({ error: 'Unknown provider' });
+    }
+    // Validate the API key by making a test request
+    try {
+        let isValid = false;
+        if (provider === 'anthropic') {
+            // Test Anthropic API key
+            const testRes = await fetch('https://api.anthropic.com/v1/messages', {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'x-api-key': apiKey,
+                    'anthropic-version': '2023-06-01',
+                },
+                body: JSON.stringify({
+                    model: 'claude-3-haiku-20240307',
+                    max_tokens: 1,
+                    messages: [{ role: 'user', content: 'hi' }],
+                }),
+            });
+            // 200 = valid, 401 = invalid key, 400/other = might still be valid key
+            isValid = testRes.status !== 401;
+        }
+        else {
+            // For other providers, just accept the key
+            isValid = true;
+        }
+        if (!isValid) {
+            return res.status(400).json({ error: 'Invalid API key' });
+        }
+        // Store the API key - use scopes from device flow providers, empty for CLI providers
+        const scopes = isDeviceFlowProvider(providerConfig) ? providerConfig.scopes : [];
+        await vault.storeCredential({
+            userId,
+            provider,
+            accessToken: apiKey,
+            scopes,
+        });
+        res.json({
+            success: true,
+            message: `${providerConfig.displayName} connected`,
+        });
+    }
+    catch (error) {
+        console.error(`Error connecting ${provider} with API key:`, error);
+        res.status(500).json({ error: 'Failed to connect provider' });
+    }
+});
 /**
  * GET /api/providers/:provider/status/:flowId
  * Check status of device flow
@@ -329,6 +394,11 @@ providersRouter.delete('/:provider/flow/:flowId', (req, res) => {
  */
 async function pollForToken(flowId, provider, clientId) {
     const providerConfig = PROVIDERS[provider];
+    // Only device flow providers can poll for tokens
+    if (!isDeviceFlowProvider(providerConfig)) {
+        console.error(`Provider ${provider} does not support device flow polling`);
+        return;
+    }
     const poll = async (intervalMs) => {
         const current = await loadFlow(flowId);
         if (!current || current.status !== 'pending')
@@ -403,20 +473,22 @@ async function pollForToken(flowId, provider, clientId) {
  */
 async function storeProviderTokens(userId, provider, tokens) {
     const providerConfig = PROVIDERS[provider];
-    // Fetch user info from provider
+    // Fetch user info from provider (only device flow providers have userInfoUrl)
     let userInfo = {};
-    try {
-        const response = await fetch(providerConfig.userInfoUrl, {
-            headers: {
-                Authorization: `Bearer ${tokens.accessToken}`,
-            },
-        });
-        if (response.ok) {
-            userInfo = await response.json();
+    if (isDeviceFlowProvider(providerConfig)) {
+        try {
+            const response = await fetch(providerConfig.userInfoUrl, {
+                headers: {
+                    Authorization: `Bearer ${tokens.accessToken}`,
+                },
+            });
+            if (response.ok) {
+                userInfo = await response.json();
+            }
+        }
+        catch (error) {
+            console.error('Error fetching user info:', error);
         }
-    }
-    catch (error) {
-        console.error('Error fetching user info:', error);
     }
     // Encrypt and store
     await vault.storeCredential({

package/dist/cloud/api/repos.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@
  * Repos API Routes
  *
  * GitHub repository management - list, import, sync.
+ * Includes Nango-based GitHub permission checking for dashboard access control.
  */
 export declare const reposRouter: import("express-serve-static-core").Router;
 //# sourceMappingURL=repos.d.ts.map

package/dist/cloud/api/repos.js CHANGED Viewed

@@ -2,10 +2,12 @@
  * Repos API Routes
  *
  * GitHub repository management - list, import, sync.
+ * Includes Nango-based GitHub permission checking for dashboard access control.
  */
 import { Router } from 'express';
 import { requireAuth } from './auth.js';
 import { db } from '../db/index.js';
+import { nangoService } from '../services/nango.js';
 export const reposRouter = Router();
 // All routes require authentication
 reposRouter.use(requireAuth);
@@ -311,4 +313,188 @@ reposRouter.get('/search', async (req, res) => {
         res.status(500).json({ error: 'Failed to search repositories' });
     }
 });
+// ============================================================================
+// Nango-based GitHub Permission APIs (for dashboard access control)
+// ============================================================================
+/**
+ * GET /api/repos/check-access/:owner/:repo
+ * Check if authenticated user has access to a specific GitHub repository.
+ * Uses Nango proxy with user's GitHub OAuth token.
+ *
+ * Response:
+ * - hasAccess: boolean - Whether user can access this repo
+ * - permission: 'admin' | 'write' | 'read' | 'none' - User's permission level
+ * - repository: Repository details if user has access
+ *
+ * Use this for dashboard access control - grant access if hasAccess is true.
+ */
+reposRouter.get('/check-access/:owner/:repo', async (req, res) => {
+    const userId = req.session.userId;
+    const { owner, repo } = req.params;
+    if (!owner || !repo) {
+        return res.status(400).json({ error: 'Owner and repo parameters are required' });
+    }
+    try {
+        // Get user's Nango connection ID
+        const user = await db.users.findById(userId);
+        if (!user) {
+            return res.status(404).json({ error: 'User not found' });
+        }
+        if (!user.nangoConnectionId) {
+            return res.status(400).json({
+                error: 'GitHub not connected via Nango',
+                code: 'NANGO_NOT_CONNECTED',
+                message: 'Please reconnect your GitHub account',
+            });
+        }
+        // Check access via Nango proxy
+        const accessResult = await nangoService.checkUserRepoAccess(user.nangoConnectionId, owner, repo);
+        res.json({
+            hasAccess: accessResult.hasAccess,
+            permission: accessResult.permission,
+            repository: accessResult.repository,
+            // Include user info for dashboard context
+            checkedBy: {
+                userId: user.id,
+                githubUsername: user.githubUsername,
+            },
+        });
+    }
+    catch (error) {
+        console.error('Error checking repo access:', error);
+        res.status(500).json({ error: 'Failed to check repository access' });
+    }
+});
+/**
+ * GET /api/repos/accessible
+ * List all GitHub repositories the authenticated user has access to.
+ * Uses Nango proxy with user's GitHub OAuth token.
+ *
+ * Query params:
+ * - page: Page number (default: 1)
+ * - perPage: Results per page (default: 100, max: 100)
+ * - type: Filter by type (all, owner, public, private, member)
+ * - sort: Sort by (created, updated, pushed, full_name)
+ *
+ * Use this to determine which dashboards/workspaces a user can access.
+ */
+reposRouter.get('/accessible', async (req, res) => {
+    const userId = req.session.userId;
+    const { page, perPage, type, sort } = req.query;
+    try {
+        // Get user's Nango connection ID
+        const user = await db.users.findById(userId);
+        if (!user) {
+            return res.status(404).json({ error: 'User not found' });
+        }
+        if (!user.nangoConnectionId) {
+            return res.status(400).json({
+                error: 'GitHub not connected via Nango',
+                code: 'NANGO_NOT_CONNECTED',
+                message: 'Please reconnect your GitHub account',
+            });
+        }
+        // List accessible repos via Nango proxy
+        const result = await nangoService.listUserAccessibleRepos(user.nangoConnectionId, {
+            page: page ? parseInt(page, 10) : undefined,
+            perPage: perPage ? Math.min(parseInt(perPage, 10), 100) : undefined,
+            type: type,
+            sort: sort,
+        });
+        res.json({
+            repositories: result.repositories,
+            pagination: {
+                page: page ? parseInt(page, 10) : 1,
+                perPage: perPage ? Math.min(parseInt(perPage, 10), 100) : 100,
+                hasMore: result.hasMore,
+            },
+            // Include user info for context
+            checkedBy: {
+                userId: user.id,
+                githubUsername: user.githubUsername,
+            },
+        });
+    }
+    catch (error) {
+        console.error('Error listing accessible repos:', error);
+        res.status(500).json({ error: 'Failed to list accessible repositories' });
+    }
+});
+/**
+ * POST /api/repos/check-access-bulk
+ * Check access to multiple repositories at once.
+ * Useful for determining which workspaces a user can view.
+ *
+ * Body:
+ * - repositories: Array of "owner/repo" strings
+ *
+ * Response:
+ * - results: Array of { fullName, hasAccess, permission }
+ */
+reposRouter.post('/check-access-bulk', async (req, res) => {
+    const userId = req.session.userId;
+    const { repositories } = req.body;
+    if (!repositories || !Array.isArray(repositories)) {
+        return res.status(400).json({ error: 'repositories array is required' });
+    }
+    if (repositories.length > 50) {
+        return res.status(400).json({ error: 'Maximum 50 repositories per request' });
+    }
+    try {
+        // Get user's Nango connection ID
+        const user = await db.users.findById(userId);
+        if (!user) {
+            return res.status(404).json({ error: 'User not found' });
+        }
+        if (!user.nangoConnectionId) {
+            return res.status(400).json({
+                error: 'GitHub not connected via Nango',
+                code: 'NANGO_NOT_CONNECTED',
+                message: 'Please reconnect your GitHub account',
+            });
+        }
+        // Check access for each repo (in parallel with concurrency limit)
+        const results = [];
+        // Process in batches of 10 to avoid rate limiting
+        const batchSize = 10;
+        for (let i = 0; i < repositories.length; i += batchSize) {
+            const batch = repositories.slice(i, i + batchSize);
+            const batchResults = await Promise.all(batch.map(async (fullName) => {
+                try {
+                    const [owner, repo] = fullName.split('/');
+                    if (!owner || !repo) {
+                        return { fullName, hasAccess: false, error: 'Invalid repository format' };
+                    }
+                    const accessResult = await nangoService.checkUserRepoAccess(user.nangoConnectionId, owner, repo);
+                    return {
+                        fullName,
+                        hasAccess: accessResult.hasAccess,
+                        permission: accessResult.permission,
+                    };
+                }
+                catch (_err) {
+                    return { fullName, hasAccess: false, error: 'Check failed' };
+                }
+            }));
+            results.push(...batchResults);
+        }
+        const accessibleCount = results.filter(r => r.hasAccess).length;
+        res.json({
+            results,
+            summary: {
+                total: repositories.length,
+                accessible: accessibleCount,
+                denied: repositories.length - accessibleCount,
+            },
+            checkedBy: {
+                userId: user.id,
+                githubUsername: user.githubUsername,
+            },
+        });
+    }
+    catch (error) {
+        console.error('Error checking bulk repo access:', error);
+        res.status(500).json({ error: 'Failed to check repository access' });
+    }
+});
 //# sourceMappingURL=repos.js.map

package/dist/cloud/api/test-helpers.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Test Helper API Routes
+ *
+ * These endpoints are ONLY available in test/development mode.
+ * They allow integration tests to create users and daemons without OAuth.
+ *
+ * IMPORTANT: These routes are disabled in production (NODE_ENV=production).
+ */
+export declare const testHelpersRouter: import("express-serve-static-core").Router;
+//# sourceMappingURL=test-helpers.d.ts.map