agor-live 0.17.2 → 0.17.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (316) hide show
  1. package/dist/cli/lib/banner.d.ts +1 -1
  2. package/dist/cli/lib/banner.js +1 -1
  3. package/dist/cli/lib/check-migrations.test.js +9627 -9112
  4. package/dist/cli/lib/daemon-manager.test.js +9632 -9117
  5. package/dist/cli/lib/help.js +1 -1
  6. package/dist/core/api/index.d.cts +3 -3
  7. package/dist/core/api/index.d.ts +3 -3
  8. package/dist/core/{board-comment-DIdOJrSF.d.cts → board-comment-CCFVVN7K.d.cts} +0 -2
  9. package/dist/core/{board-comment-3N-jSgsk.d.ts → board-comment-iT3DgZb4.d.ts} +0 -2
  10. package/dist/core/claude/index.cjs +29 -19
  11. package/dist/core/claude/index.d.cts +2 -2
  12. package/dist/core/claude/index.d.ts +2 -2
  13. package/dist/core/claude/index.js +32 -33
  14. package/dist/core/client/index.cjs +49 -0
  15. package/dist/core/client/index.d.cts +7 -7
  16. package/dist/core/client/index.d.ts +7 -7
  17. package/dist/core/client/index.js +46 -0
  18. package/dist/core/{client-B5PyIvNc.d.cts → client-CemqXk0v.d.cts} +116 -100
  19. package/dist/core/{client-C1CsRi19.d.ts → client-uYEOha6g.d.ts} +116 -100
  20. package/dist/core/config/browser.d.cts +3 -3
  21. package/dist/core/config/browser.d.ts +3 -3
  22. package/dist/core/config/index.cjs +84 -41
  23. package/dist/core/config/index.d.cts +59 -17
  24. package/dist/core/config/index.d.ts +59 -17
  25. package/dist/core/config/index.js +86 -55
  26. package/dist/core/{config-manager-TxxjFMRd.d.cts → config-manager-B8TP9Kz0.d.cts} +12 -3
  27. package/dist/core/{config-manager-DTrsj6G3.d.ts → config-manager-CDEB0FY4.d.ts} +12 -3
  28. package/dist/core/{config-services-YEZ4DwCD.d.cts → config-services-CXyQKEK5.d.cts} +1 -1
  29. package/dist/core/{config-services-DcO2GRgh.d.ts → config-services-DhM7_yWn.d.ts} +1 -1
  30. package/dist/core/db/index.cjs +235 -175
  31. package/dist/core/db/index.d.cts +190 -147
  32. package/dist/core/db/index.d.ts +190 -147
  33. package/dist/core/db/index.js +239 -190
  34. package/dist/core/db/session-guard.d.cts +4 -4
  35. package/dist/core/db/session-guard.d.ts +4 -4
  36. package/dist/core/drizzle/postgres/0028_queued_tasks.sql +8 -0
  37. package/dist/core/drizzle/postgres/0030_migrate_queued_messages.sql +24 -0
  38. package/dist/core/drizzle/postgres/0031_restructure_agentic_tool_config.sql +201 -0
  39. package/dist/core/drizzle/postgres/meta/_journal.json +21 -0
  40. package/dist/core/drizzle/sqlite/0039_queued_tasks.sql +13 -0
  41. package/dist/core/drizzle/sqlite/0040_migrate_queued_messages.sql +61 -0
  42. package/dist/core/drizzle/sqlite/0041_restructure_agentic_tool_config.sql +204 -0
  43. package/dist/core/drizzle/sqlite/meta/_journal.json +21 -0
  44. package/dist/core/gateway/index.d.cts +2 -2
  45. package/dist/core/gateway/index.d.ts +2 -2
  46. package/dist/core/{gateway-BnOlAelY.d.cts → gateway-BWq4j_Ll.d.cts} +1 -1
  47. package/dist/core/{gateway-B_4X-v07.d.ts → gateway-C3Jm_akw.d.ts} +1 -1
  48. package/dist/core/git/index.d.cts +4 -4
  49. package/dist/core/git/index.d.ts +4 -4
  50. package/dist/core/index.cjs +474 -201
  51. package/dist/core/index.d.cts +12 -10
  52. package/dist/core/index.d.ts +12 -10
  53. package/dist/core/index.js +473 -216
  54. package/dist/core/lib/feathers-validation.cjs +2 -1
  55. package/dist/core/lib/feathers-validation.d.cts +1 -1
  56. package/dist/core/lib/feathers-validation.d.ts +1 -1
  57. package/dist/core/lib/feathers-validation.js +2 -1
  58. package/dist/core/mcp/index.cjs +26 -16
  59. package/dist/core/mcp/index.js +26 -16
  60. package/dist/core/{message-DinITA7a.d.cts → message-CSWOsdcZ.d.cts} +1 -9
  61. package/dist/core/{message-CHUUP6OS.d.ts → message-DZa8g0s0.d.ts} +1 -9
  62. package/dist/core/models/index.d.cts +3 -73
  63. package/dist/core/models/index.d.ts +3 -73
  64. package/dist/core/package.json +5 -0
  65. package/dist/core/permissions/index.d.cts +1 -1
  66. package/dist/core/permissions/index.d.ts +1 -1
  67. package/dist/core/resolve-config-BcL-Hv8k.d.ts +74 -0
  68. package/dist/core/resolve-config-DTCxuSBx.d.cts +74 -0
  69. package/dist/core/seed/index.cjs +145 -98
  70. package/dist/core/seed/index.js +148 -112
  71. package/dist/core/{session-guard-C0LkDEN7.d.ts → session-guard-BFqVtBoS.d.ts} +1 -1
  72. package/dist/core/{session-guard-kvAx_8Fb.d.cts → session-guard-KHh0cnET.d.cts} +1 -1
  73. package/dist/core/sessions/index.cjs +184 -0
  74. package/dist/core/sessions/index.d.cts +79 -0
  75. package/dist/core/sessions/index.d.ts +79 -0
  76. package/dist/core/sessions/index.js +157 -0
  77. package/dist/core/{task-BLPFCORT.d.ts → task-BHV-YHg1.d.ts} +41 -3
  78. package/dist/core/{task-wht1RJEL.d.cts → task-C2Hy7H6u.d.cts} +41 -3
  79. package/dist/core/templates/session-context.d.cts +1 -1
  80. package/dist/core/templates/session-context.d.ts +1 -1
  81. package/dist/core/tools/mcp/oauth-mcp-transport.cjs +168 -66
  82. package/dist/core/tools/mcp/oauth-mcp-transport.d.cts +92 -16
  83. package/dist/core/tools/mcp/oauth-mcp-transport.d.ts +92 -16
  84. package/dist/core/tools/mcp/oauth-mcp-transport.js +165 -66
  85. package/dist/core/tools/mcp/oauth-refresh.cjs +43 -53
  86. package/dist/core/tools/mcp/oauth-refresh.d.cts +3 -3
  87. package/dist/core/tools/mcp/oauth-refresh.d.ts +3 -3
  88. package/dist/core/tools/mcp/oauth-refresh.js +58 -78
  89. package/dist/core/types/index.cjs +49 -0
  90. package/dist/core/types/index.d.cts +7 -7
  91. package/dist/core/types/index.d.ts +7 -7
  92. package/dist/core/types/index.js +46 -0
  93. package/dist/core/{types-DNqfdt1z.d.cts → types-D4Rl6ZKN.d.cts} +18 -2
  94. package/dist/core/{types-DqPMmTad.d.ts → types-n61iaXub.d.ts} +18 -2
  95. package/dist/core/unix/index.cjs +164 -110
  96. package/dist/core/unix/index.d.cts +7 -8
  97. package/dist/core/unix/index.d.ts +7 -8
  98. package/dist/core/unix/index.js +167 -124
  99. package/dist/core/{user-DkNdeFoz.d.cts → user-CpfkcV2C.d.cts} +139 -13
  100. package/dist/core/{user-BfVWBmXA.d.ts → user-DP-XZMIM.d.ts} +139 -13
  101. package/dist/core/utils/permission-mode-mapper.d.cts +0 -2
  102. package/dist/core/utils/permission-mode-mapper.d.ts +0 -2
  103. package/dist/daemon/index.js +2976 -2791
  104. package/dist/daemon/main.js +2976 -2791
  105. package/dist/daemon/mcp/server.js +177 -134
  106. package/dist/daemon/mcp/tools/analytics.js +19 -5
  107. package/dist/daemon/mcp/tools/artifacts.js +19 -5
  108. package/dist/daemon/mcp/tools/boards.js +19 -5
  109. package/dist/daemon/mcp/tools/card-types.js +19 -5
  110. package/dist/daemon/mcp/tools/cards.js +19 -5
  111. package/dist/daemon/mcp/tools/environment.js +19 -5
  112. package/dist/daemon/mcp/tools/mcp-servers.d.ts +29 -2
  113. package/dist/daemon/mcp/tools/mcp-servers.js +64 -54
  114. package/dist/daemon/mcp/tools/messages.js +19 -5
  115. package/dist/daemon/mcp/tools/repos.js +19 -5
  116. package/dist/daemon/mcp/tools/search.js +19 -5
  117. package/dist/daemon/mcp/tools/sessions.js +175 -53
  118. package/dist/daemon/mcp/tools/tasks.js +19 -5
  119. package/dist/daemon/mcp/tools/users.js +19 -5
  120. package/dist/daemon/mcp/tools/worktrees.js +37 -38
  121. package/dist/daemon/register-hooks.js +52 -1
  122. package/dist/daemon/register-routes.js +436 -424
  123. package/dist/daemon/register-services.js +255 -140
  124. package/dist/daemon/services/config.d.ts +7 -1
  125. package/dist/daemon/services/config.js +3 -2
  126. package/dist/daemon/services/gateway.js +28 -15
  127. package/dist/daemon/services/mcp-servers.d.ts +7 -2
  128. package/dist/daemon/services/repos.js +2 -0
  129. package/dist/daemon/services/sessions.d.ts +1 -1
  130. package/dist/daemon/services/sessions.js +8 -16
  131. package/dist/daemon/services/tasks.js +16 -10
  132. package/dist/daemon/services/terminals.js +2 -0
  133. package/dist/daemon/services/users.d.ts +27 -11
  134. package/dist/daemon/services/users.js +89 -43
  135. package/dist/daemon/services/worktree-owners.js +2 -0
  136. package/dist/daemon/services/worktrees.js +2 -0
  137. package/dist/daemon/setup/index.js +5 -2
  138. package/dist/daemon/setup/socketio.d.ts +10 -1
  139. package/dist/daemon/setup/socketio.js +7 -3
  140. package/dist/daemon/startup.js +13 -1
  141. package/dist/daemon/utils/apply-session-config-defaults.d.ts +54 -0
  142. package/dist/daemon/utils/apply-session-config-defaults.js +46 -0
  143. package/dist/daemon/utils/spawn-executor.js +2 -0
  144. package/dist/daemon/utils/worktree-authorization.d.ts +2 -4
  145. package/dist/executor/commands/zellij.d.ts.map +1 -1
  146. package/dist/executor/commands/zellij.js +2 -2
  147. package/dist/executor/handlers/sdk/base-executor.d.ts +4 -3
  148. package/dist/executor/handlers/sdk/base-executor.d.ts.map +1 -1
  149. package/dist/executor/handlers/sdk/base-executor.js +11 -5
  150. package/dist/executor/payload-types.d.ts +14 -14
  151. package/dist/executor/sdk-handlers/claude/claude-tool.d.ts.map +1 -1
  152. package/dist/executor/sdk-handlers/claude/claude-tool.js +9 -4
  153. package/dist/executor/sdk-handlers/claude/import/task-extractor.d.ts.map +1 -1
  154. package/dist/executor/sdk-handlers/claude/import/task-extractor.js +0 -5
  155. package/dist/executor/sdk-handlers/claude/message-builder.d.ts +23 -2
  156. package/dist/executor/sdk-handlers/claude/message-builder.d.ts.map +1 -1
  157. package/dist/executor/sdk-handlers/claude/message-builder.js +33 -2
  158. package/dist/executor/sdk-handlers/claude/permissions/permission-hooks.d.ts +9 -1
  159. package/dist/executor/sdk-handlers/claude/permissions/permission-hooks.d.ts.map +1 -1
  160. package/dist/executor/sdk-handlers/claude/permissions/permission-hooks.js +12 -0
  161. package/dist/executor/sdk-handlers/claude/query-builder.d.ts.map +1 -1
  162. package/dist/executor/sdk-handlers/claude/query-builder.js +11 -6
  163. package/dist/executor/sdk-handlers/codex/codex-tool.d.ts +0 -5
  164. package/dist/executor/sdk-handlers/codex/codex-tool.d.ts.map +1 -1
  165. package/dist/executor/sdk-handlers/codex/codex-tool.js +9 -24
  166. package/dist/executor/sdk-handlers/codex/prompt-service.d.ts +15 -2
  167. package/dist/executor/sdk-handlers/codex/prompt-service.d.ts.map +1 -1
  168. package/dist/executor/sdk-handlers/codex/prompt-service.js +39 -10
  169. package/dist/executor/sdk-handlers/copilot/copilot-tool.d.ts +0 -5
  170. package/dist/executor/sdk-handlers/copilot/copilot-tool.d.ts.map +1 -1
  171. package/dist/executor/sdk-handlers/copilot/copilot-tool.js +5 -22
  172. package/dist/executor/sdk-handlers/gemini/gemini-tool.d.ts +0 -5
  173. package/dist/executor/sdk-handlers/gemini/gemini-tool.d.ts.map +1 -1
  174. package/dist/executor/sdk-handlers/gemini/gemini-tool.js +9 -24
  175. package/dist/ui/assets/{CodeEditor.inner-CO-5PAnZ.js → CodeEditor.inner-CVLqZBtM.js} +1 -1
  176. package/dist/ui/assets/{CodeEditor.inner-CO-5PAnZ.js.gz → CodeEditor.inner-CVLqZBtM.js.gz} +0 -0
  177. package/dist/ui/assets/{_basePickBy-DfxojsEt.js → _basePickBy-CFq5ES2J.js} +1 -1
  178. package/dist/ui/assets/_basePickBy-CFq5ES2J.js.gz +0 -0
  179. package/dist/ui/assets/{_baseUniq-DWFPJOTC.js → _baseUniq-C4uKBvNt.js} +1 -1
  180. package/dist/ui/assets/_baseUniq-C4uKBvNt.js.gz +0 -0
  181. package/dist/ui/assets/{arc-vMZ_XGSI.js → arc-BnrcXDJJ.js} +1 -1
  182. package/dist/ui/assets/arc-BnrcXDJJ.js.gz +0 -0
  183. package/dist/ui/assets/{architectureDiagram-VXUJARFQ-DGpk_uOD.js → architectureDiagram-VXUJARFQ-DD9HD-WR.js} +1 -1
  184. package/dist/ui/assets/architectureDiagram-VXUJARFQ-DD9HD-WR.js.gz +0 -0
  185. package/dist/ui/assets/{base-80a1f760-BsVlOKqO.js → base-80a1f760-BK1VmxWU.js} +1 -1
  186. package/dist/ui/assets/{blockDiagram-VD42YOAC-BkRnxc94.js → blockDiagram-VD42YOAC-LBAckZZe.js} +1 -1
  187. package/dist/ui/assets/blockDiagram-VD42YOAC-LBAckZZe.js.gz +0 -0
  188. package/dist/ui/assets/{c4Diagram-YG6GDRKO-Dcf-anJy.js → c4Diagram-YG6GDRKO-yEdylcYP.js} +1 -1
  189. package/dist/ui/assets/{c4Diagram-YG6GDRKO-Dcf-anJy.js.gz → c4Diagram-YG6GDRKO-yEdylcYP.js.gz} +0 -0
  190. package/dist/ui/assets/channel-CMN-iY3Q.js +1 -0
  191. package/dist/ui/assets/{chunk-4BX2VUAB-C4oVWDo8.js → chunk-4BX2VUAB-IHtzKbmQ.js} +1 -1
  192. package/dist/ui/assets/{chunk-55IACEB6-CsBbTu57.js → chunk-55IACEB6-C4o5tv_F.js} +1 -1
  193. package/dist/ui/assets/{chunk-B4BG7PRW-DtkeCZab.js → chunk-B4BG7PRW-EPkzLvlB.js} +1 -1
  194. package/dist/ui/assets/chunk-B4BG7PRW-EPkzLvlB.js.gz +0 -0
  195. package/dist/ui/assets/{chunk-DI55MBZ5-BQ_asW-1.js → chunk-DI55MBZ5-CW-Bzkzj.js} +1 -1
  196. package/dist/ui/assets/chunk-DI55MBZ5-CW-Bzkzj.js.gz +0 -0
  197. package/dist/ui/assets/{chunk-FMBD7UC4-DAdcLNG-.js → chunk-FMBD7UC4-DvGU02Io.js} +1 -1
  198. package/dist/ui/assets/{chunk-QN33PNHL-Do2zad3m.js → chunk-QN33PNHL-C-PIlz9n.js} +1 -1
  199. package/dist/ui/assets/{chunk-QZHKN3VN-CyhMmSdC.js → chunk-QZHKN3VN-BhpJFm6h.js} +1 -1
  200. package/dist/ui/assets/{chunk-TZMSLE5B-DlPypnIq.js → chunk-TZMSLE5B-Biake8IU.js} +1 -1
  201. package/dist/ui/assets/chunk-TZMSLE5B-Biake8IU.js.gz +0 -0
  202. package/dist/ui/assets/classDiagram-2ON5EDUG-Bz1et8oA.js +1 -0
  203. package/dist/ui/assets/classDiagram-v2-WZHVMYZB-Bz1et8oA.js +1 -0
  204. package/dist/ui/assets/clone-Dxo5sEAf.js +1 -0
  205. package/dist/ui/assets/{consoleHook-59e792cb-DHYIclEd.js → consoleHook-59e792cb-BzEkHWE8.js} +1 -1
  206. package/dist/ui/assets/consoleHook-59e792cb-BzEkHWE8.js.gz +0 -0
  207. package/dist/ui/assets/{cose-bilkent-S5V4N54A-DotJH9qH.js → cose-bilkent-S5V4N54A-vAiVi74s.js} +1 -1
  208. package/dist/ui/assets/cose-bilkent-S5V4N54A-vAiVi74s.js.gz +0 -0
  209. package/dist/ui/assets/{dagre-6UL2VRFP-Btssr8QF.js → dagre-6UL2VRFP-C8w7TshD.js} +1 -1
  210. package/dist/ui/assets/dagre-6UL2VRFP-C8w7TshD.js.gz +0 -0
  211. package/dist/ui/assets/{diagram-PSM6KHXK-D5_Jkog3.js → diagram-PSM6KHXK-CvnjEmtQ.js} +1 -1
  212. package/dist/ui/assets/diagram-PSM6KHXK-CvnjEmtQ.js.gz +0 -0
  213. package/dist/ui/assets/{diagram-QEK2KX5R-DlPEVSL5.js → diagram-QEK2KX5R-D245unng.js} +1 -1
  214. package/dist/ui/assets/diagram-QEK2KX5R-D245unng.js.gz +0 -0
  215. package/dist/ui/assets/{diagram-S2PKOQOG-CjO1k8aG.js → diagram-S2PKOQOG-DgGUHL8Z.js} +1 -1
  216. package/dist/ui/assets/diagram-S2PKOQOG-DgGUHL8Z.js.gz +0 -0
  217. package/dist/ui/assets/{erDiagram-Q2GNP2WA-3cO02-K3.js → erDiagram-Q2GNP2WA-Cf5paK9b.js} +1 -1
  218. package/dist/ui/assets/erDiagram-Q2GNP2WA-Cf5paK9b.js.gz +0 -0
  219. package/dist/ui/assets/{flowDiagram-NV44I4VS-CajTpSxI.js → flowDiagram-NV44I4VS-BJpHmEXV.js} +1 -1
  220. package/dist/ui/assets/flowDiagram-NV44I4VS-BJpHmEXV.js.gz +0 -0
  221. package/dist/ui/assets/{ganttDiagram-LVOFAZNH-CnY_bV3o.js → ganttDiagram-LVOFAZNH-zOyTZcXC.js} +1 -1
  222. package/dist/ui/assets/{ganttDiagram-LVOFAZNH-CnY_bV3o.js.gz → ganttDiagram-LVOFAZNH-zOyTZcXC.js.gz} +0 -0
  223. package/dist/ui/assets/{gitGraphDiagram-NY62KEGX-CH16bg-j.js → gitGraphDiagram-NY62KEGX-B0uxwqMv.js} +1 -1
  224. package/dist/ui/assets/gitGraphDiagram-NY62KEGX-B0uxwqMv.js.gz +0 -0
  225. package/dist/ui/assets/{graph-IQoZvE3o.js → graph-NWXc73TO.js} +1 -1
  226. package/dist/ui/assets/graph-NWXc73TO.js.gz +0 -0
  227. package/dist/ui/assets/{index-599aeaf7-RUCkgwsg.js → index-599aeaf7-BKmNqoNF.js} +1 -1
  228. package/dist/ui/assets/index-599aeaf7-BKmNqoNF.js.gz +0 -0
  229. package/dist/ui/assets/{index-B3AvIgqP.js → index-BRYNiHLB.js} +345 -349
  230. package/dist/ui/assets/index-BRYNiHLB.js.gz +0 -0
  231. package/dist/ui/assets/{index-QV5-5yA2.js → index-BX6Xmhes.js} +1 -1
  232. package/dist/ui/assets/index-BX6Xmhes.js.gz +0 -0
  233. package/dist/ui/assets/{index-ChmRuj_T.js → index-W1hIq1uU.js} +1 -1
  234. package/dist/ui/assets/index-W1hIq1uU.js.gz +0 -0
  235. package/dist/ui/assets/{index-C-quzPWC.js → index-ctuok0zf.js} +1 -1
  236. package/dist/ui/assets/index-ctuok0zf.js.gz +0 -0
  237. package/dist/ui/assets/{infoDiagram-ER5ION4S-2e4gZVGT.js → infoDiagram-ER5ION4S-CquCuoTH.js} +1 -1
  238. package/dist/ui/assets/{journeyDiagram-XKPGCS4Q-B5bgV3GH.js → journeyDiagram-XKPGCS4Q-B_XkufZ8.js} +1 -1
  239. package/dist/ui/assets/journeyDiagram-XKPGCS4Q-B_XkufZ8.js.gz +0 -0
  240. package/dist/ui/assets/{kanban-definition-3W4ZIXB7-Bp-aWRSc.js → kanban-definition-3W4ZIXB7-C2Bo9HkB.js} +1 -1
  241. package/dist/ui/assets/kanban-definition-3W4ZIXB7-C2Bo9HkB.js.gz +0 -0
  242. package/dist/ui/assets/katex-C6wkUDai.css +1 -0
  243. package/dist/ui/assets/{katex-DGRguze2.css.gz → katex-C6wkUDai.css.gz} +0 -0
  244. package/dist/ui/assets/{layout-BH-2XJZq.js → layout-D9A7Uaku.js} +1 -1
  245. package/dist/ui/assets/layout-D9A7Uaku.js.gz +0 -0
  246. package/dist/ui/assets/{linear-DCYXhl_f.js → linear-BJUwJsxE.js} +1 -1
  247. package/dist/ui/assets/linear-BJUwJsxE.js.gz +0 -0
  248. package/dist/ui/assets/{mermaid.core-BAuL6kgQ.js → mermaid.core-DcOEcjcA.js} +5 -5
  249. package/dist/ui/assets/mermaid.core-DcOEcjcA.js.gz +0 -0
  250. package/dist/ui/assets/{mindmap-definition-VGOIOE7T-DpH5N-N0.js → mindmap-definition-VGOIOE7T-BFT1m7BG.js} +1 -1
  251. package/dist/ui/assets/mindmap-definition-VGOIOE7T-BFT1m7BG.js.gz +0 -0
  252. package/dist/ui/assets/{pieDiagram-ADFJNKIX-BB8fBxj1.js → pieDiagram-ADFJNKIX-BFaX1oBV.js} +1 -1
  253. package/dist/ui/assets/pieDiagram-ADFJNKIX-BFaX1oBV.js.gz +0 -0
  254. package/dist/ui/assets/{quadrantDiagram-AYHSOK5B-D6oZLdUD.js → quadrantDiagram-AYHSOK5B-DQps5392.js} +1 -1
  255. package/dist/ui/assets/quadrantDiagram-AYHSOK5B-DQps5392.js.gz +0 -0
  256. package/dist/ui/assets/{requirementDiagram-UZGBJVZJ-B4uGPp8w.js → requirementDiagram-UZGBJVZJ-3EZ5KWEi.js} +1 -1
  257. package/dist/ui/assets/requirementDiagram-UZGBJVZJ-3EZ5KWEi.js.gz +0 -0
  258. package/dist/ui/assets/{sankeyDiagram-TZEHDZUN-MXhIjhme.js → sankeyDiagram-TZEHDZUN-D0qcydqq.js} +1 -1
  259. package/dist/ui/assets/sankeyDiagram-TZEHDZUN-D0qcydqq.js.gz +0 -0
  260. package/dist/ui/assets/{sequenceDiagram-WL72ISMW-Cm53TYug.js → sequenceDiagram-WL72ISMW-BCR5gaaN.js} +1 -1
  261. package/dist/ui/assets/sequenceDiagram-WL72ISMW-BCR5gaaN.js.gz +0 -0
  262. package/dist/ui/assets/{stateDiagram-FKZM4ZOC-BVuxUkj5.js → stateDiagram-FKZM4ZOC-BvX4FLQ9.js} +1 -1
  263. package/dist/ui/assets/stateDiagram-FKZM4ZOC-BvX4FLQ9.js.gz +0 -0
  264. package/dist/ui/assets/stateDiagram-v2-4FDKWEC3-CxLDvgTF.js +1 -0
  265. package/dist/ui/assets/{timeline-definition-IT6M3QCI-CMypNiEP.js → timeline-definition-IT6M3QCI-_AWp5LJn.js} +1 -1
  266. package/dist/ui/assets/timeline-definition-IT6M3QCI-_AWp5LJn.js.gz +0 -0
  267. package/dist/ui/assets/{treemap-KMMF4GRG-BEtnV3BT.js → treemap-KMMF4GRG-BZ9FBl5-.js} +1 -1
  268. package/dist/ui/assets/treemap-KMMF4GRG-BZ9FBl5-.js.gz +0 -0
  269. package/dist/ui/assets/{xychartDiagram-PRI3JC2R-BnioEYUM.js → xychartDiagram-PRI3JC2R-_wB7yuVd.js} +1 -1
  270. package/dist/ui/assets/xychartDiagram-PRI3JC2R-_wB7yuVd.js.gz +0 -0
  271. package/dist/ui/index.html +1 -1
  272. package/package.json +8 -8
  273. package/dist/ui/assets/_basePickBy-DfxojsEt.js.gz +0 -0
  274. package/dist/ui/assets/_baseUniq-DWFPJOTC.js.gz +0 -0
  275. package/dist/ui/assets/arc-vMZ_XGSI.js.gz +0 -0
  276. package/dist/ui/assets/architectureDiagram-VXUJARFQ-DGpk_uOD.js.gz +0 -0
  277. package/dist/ui/assets/blockDiagram-VD42YOAC-BkRnxc94.js.gz +0 -0
  278. package/dist/ui/assets/channel-B9aI4bYN.js +0 -1
  279. package/dist/ui/assets/chunk-B4BG7PRW-DtkeCZab.js.gz +0 -0
  280. package/dist/ui/assets/chunk-DI55MBZ5-BQ_asW-1.js.gz +0 -0
  281. package/dist/ui/assets/chunk-TZMSLE5B-DlPypnIq.js.gz +0 -0
  282. package/dist/ui/assets/classDiagram-2ON5EDUG-p-68WO4Z.js +0 -1
  283. package/dist/ui/assets/classDiagram-v2-WZHVMYZB-p-68WO4Z.js +0 -1
  284. package/dist/ui/assets/clone-DzK5ogfn.js +0 -1
  285. package/dist/ui/assets/consoleHook-59e792cb-DHYIclEd.js.gz +0 -0
  286. package/dist/ui/assets/cose-bilkent-S5V4N54A-DotJH9qH.js.gz +0 -0
  287. package/dist/ui/assets/dagre-6UL2VRFP-Btssr8QF.js.gz +0 -0
  288. package/dist/ui/assets/diagram-PSM6KHXK-D5_Jkog3.js.gz +0 -0
  289. package/dist/ui/assets/diagram-QEK2KX5R-DlPEVSL5.js.gz +0 -0
  290. package/dist/ui/assets/diagram-S2PKOQOG-CjO1k8aG.js.gz +0 -0
  291. package/dist/ui/assets/erDiagram-Q2GNP2WA-3cO02-K3.js.gz +0 -0
  292. package/dist/ui/assets/flowDiagram-NV44I4VS-CajTpSxI.js.gz +0 -0
  293. package/dist/ui/assets/gitGraphDiagram-NY62KEGX-CH16bg-j.js.gz +0 -0
  294. package/dist/ui/assets/graph-IQoZvE3o.js.gz +0 -0
  295. package/dist/ui/assets/index-599aeaf7-RUCkgwsg.js.gz +0 -0
  296. package/dist/ui/assets/index-B3AvIgqP.js.gz +0 -0
  297. package/dist/ui/assets/index-C-quzPWC.js.gz +0 -0
  298. package/dist/ui/assets/index-ChmRuj_T.js.gz +0 -0
  299. package/dist/ui/assets/index-QV5-5yA2.js.gz +0 -0
  300. package/dist/ui/assets/journeyDiagram-XKPGCS4Q-B5bgV3GH.js.gz +0 -0
  301. package/dist/ui/assets/kanban-definition-3W4ZIXB7-Bp-aWRSc.js.gz +0 -0
  302. package/dist/ui/assets/katex-DGRguze2.css +0 -1
  303. package/dist/ui/assets/layout-BH-2XJZq.js.gz +0 -0
  304. package/dist/ui/assets/linear-DCYXhl_f.js.gz +0 -0
  305. package/dist/ui/assets/mermaid.core-BAuL6kgQ.js.gz +0 -0
  306. package/dist/ui/assets/mindmap-definition-VGOIOE7T-DpH5N-N0.js.gz +0 -0
  307. package/dist/ui/assets/pieDiagram-ADFJNKIX-BB8fBxj1.js.gz +0 -0
  308. package/dist/ui/assets/quadrantDiagram-AYHSOK5B-D6oZLdUD.js.gz +0 -0
  309. package/dist/ui/assets/requirementDiagram-UZGBJVZJ-B4uGPp8w.js.gz +0 -0
  310. package/dist/ui/assets/sankeyDiagram-TZEHDZUN-MXhIjhme.js.gz +0 -0
  311. package/dist/ui/assets/sequenceDiagram-WL72ISMW-Cm53TYug.js.gz +0 -0
  312. package/dist/ui/assets/stateDiagram-FKZM4ZOC-BVuxUkj5.js.gz +0 -0
  313. package/dist/ui/assets/stateDiagram-v2-4FDKWEC3-8Jeww6Dc.js +0 -1
  314. package/dist/ui/assets/timeline-definition-IT6M3QCI-CMypNiEP.js.gz +0 -0
  315. package/dist/ui/assets/treemap-KMMF4GRG-BEtnV3BT.js.gz +0 -0
  316. package/dist/ui/assets/xychartDiagram-PRI3JC2R-BnioEYUM.js.gz +0 -0
@@ -67,6 +67,7 @@ __export(config_manager_exports, {
67
67
  getWorktreesDir: () => getWorktreesDir,
68
68
  getWorktreesDirAsync: () => getWorktreesDirAsync,
69
69
  initConfig: () => initConfig,
70
+ isConfigCredentialKey: () => isConfigCredentialKey,
70
71
  isUnixImpersonationEnabled: () => isUnixImpersonationEnabled,
71
72
  isWorktreeRbacEnabled: () => isWorktreeRbacEnabled,
72
73
  loadConfig: () => loadConfig,
@@ -338,6 +339,9 @@ function loadConfigSync() {
338
339
  );
339
340
  }
340
341
  }
342
+ function isConfigCredentialKey(key) {
343
+ return CONFIG_CREDENTIAL_KEYS.has(key);
344
+ }
341
345
  function getCredential(key) {
342
346
  try {
343
347
  const config = loadConfigSync();
@@ -433,7 +437,7 @@ async function getReposDirAsync() {
433
437
  async function getWorktreesDirAsync() {
434
438
  return path2.join(await getDataHomeAsync(), "worktrees");
435
439
  }
436
- var PublicBaseUrlNotConfiguredError;
440
+ var PublicBaseUrlNotConfiguredError, CONFIG_CREDENTIAL_KEYS;
437
441
  var init_config_manager = __esm({
438
442
  "src/config/config-manager.ts"() {
439
443
  "use strict";
@@ -446,6 +450,13 @@ var init_config_manager = __esm({
446
450
  this.name = "PublicBaseUrlNotConfiguredError";
447
451
  }
448
452
  };
453
+ CONFIG_CREDENTIAL_KEYS = /* @__PURE__ */ new Set([
454
+ "ANTHROPIC_API_KEY",
455
+ "ANTHROPIC_AUTH_TOKEN",
456
+ "ANTHROPIC_BASE_URL",
457
+ "OPENAI_API_KEY",
458
+ "GEMINI_API_KEY"
459
+ ]);
449
460
  }
450
461
  });
451
462
 
@@ -865,6 +876,21 @@ var init_ui = __esm({
865
876
  });
866
877
 
867
878
  // src/types/user.ts
879
+ function toAgenticToolsStatus(stored) {
880
+ if (!stored) return void 0;
881
+ const out = {};
882
+ for (const [tool, fields] of Object.entries(stored)) {
883
+ if (!fields) continue;
884
+ const flags = {};
885
+ for (const [field, value] of Object.entries(fields)) {
886
+ if (value) flags[field] = true;
887
+ }
888
+ if (Object.keys(flags).length > 0) {
889
+ out[tool] = flags;
890
+ }
891
+ }
892
+ return Object.keys(out).length > 0 ? out : void 0;
893
+ }
868
894
  var ROLES, ROLE_RANK;
869
895
  var init_user = __esm({
870
896
  "src/types/user.ts"() {
@@ -1071,6 +1097,7 @@ var init_schema_postgres = __esm({
1071
1097
  completed_at: t.timestamp("completed_at"),
1072
1098
  status: text("status", {
1073
1099
  enum: [
1100
+ "queued",
1074
1101
  "created",
1075
1102
  "running",
1076
1103
  "stopping",
@@ -1082,6 +1109,8 @@ var init_schema_postgres = __esm({
1082
1109
  "stopped"
1083
1110
  ]
1084
1111
  }).notNull(),
1112
+ // Queue position (lower drains first); only populated for status='queued'
1113
+ queue_position: integer("queue_position"),
1085
1114
  // User attribution
1086
1115
  created_by: varchar("created_by", { length: 36 }).notNull().default("anonymous"),
1087
1116
  // MD5 of SDK session file at task completion (only populated when stateless_fs_mode is enabled)
@@ -1091,7 +1120,12 @@ var init_schema_postgres = __esm({
1091
1120
  (table) => ({
1092
1121
  sessionIdx: index("tasks_session_idx").on(table.session_id),
1093
1122
  statusIdx: index("tasks_status_idx").on(table.status),
1094
- createdIdx: index("tasks_created_idx").on(table.created_at)
1123
+ createdIdx: index("tasks_created_idx").on(table.created_at),
1124
+ queueIdx: index("tasks_queue_idx").on(table.session_id, table.status, table.queue_position),
1125
+ // Partial unique index — defense-in-depth for `tasks.createPending` race
1126
+ // serialization. Only QUEUED rows are constrained; CREATED/RUNNING/done
1127
+ // rows have NULL queue_position and are unaffected.
1128
+ queuedPositionUnique: uniqueIndex("tasks_queued_position_unique").on(table.session_id, table.queue_position).where(sql2`${table.status} = 'queued'`)
1095
1129
  })
1096
1130
  );
1097
1131
  serializedSessions = pgTable(
@@ -1151,11 +1185,9 @@ var init_schema_postgres = __esm({
1151
1185
  // First 200 chars for list views
1152
1186
  // Parent tool use ID (for nested tool calls - e.g., Task tool spawning Read/Grep)
1153
1187
  parent_tool_use_id: text("parent_tool_use_id"),
1154
- // Message queueing fields
1155
- status: text("status", { enum: ["queued"] }),
1156
- // 'queued' or null (normal message)
1157
- queue_position: integer("queue_position"),
1158
- // Position in queue (1, 2, 3, ...)
1188
+ // NOTE: queueing moved off `messages` and onto `tasks.status='queued'` as
1189
+ // of migration sqlite/0040 (postgres/0030). The legacy `status` and
1190
+ // `queue_position` columns are gone — see `tasks.queue_position` instead.
1159
1191
  // Full data (JSON blob)
1160
1192
  data: t.json("data").$type().notNull()
1161
1193
  },
@@ -1163,8 +1195,7 @@ var init_schema_postgres = __esm({
1163
1195
  // Indexes for efficient lookups
1164
1196
  sessionIdx: index("messages_session_id_idx").on(table.session_id),
1165
1197
  taskIdx: index("messages_task_id_idx").on(table.task_id),
1166
- sessionIndexIdx: index("messages_session_index_idx").on(table.session_id, table.index),
1167
- queueIdx: index("messages_queue_idx").on(table.session_id, table.status, table.queue_position)
1198
+ sessionIndexIdx: index("messages_session_index_idx").on(table.session_id, table.index)
1168
1199
  })
1169
1200
  );
1170
1201
  boards = pgTable(
@@ -1809,6 +1840,7 @@ var init_schema_sqlite = __esm({
1809
1840
  completed_at: t2.timestamp("completed_at"),
1810
1841
  status: text2("status", {
1811
1842
  enum: [
1843
+ "queued",
1812
1844
  "created",
1813
1845
  "running",
1814
1846
  "stopping",
@@ -1820,6 +1852,8 @@ var init_schema_sqlite = __esm({
1820
1852
  "stopped"
1821
1853
  ]
1822
1854
  }).notNull(),
1855
+ // Queue position (lower drains first); only populated for status='queued'
1856
+ queue_position: integer2("queue_position"),
1823
1857
  // User attribution
1824
1858
  created_by: text2("created_by", { length: 36 }).notNull().default("anonymous"),
1825
1859
  // MD5 of SDK session file at task completion (only populated when stateless_fs_mode is enabled)
@@ -1829,7 +1863,12 @@ var init_schema_sqlite = __esm({
1829
1863
  (table) => ({
1830
1864
  sessionIdx: index2("tasks_session_idx").on(table.session_id),
1831
1865
  statusIdx: index2("tasks_status_idx").on(table.status),
1832
- createdIdx: index2("tasks_created_idx").on(table.created_at)
1866
+ createdIdx: index2("tasks_created_idx").on(table.created_at),
1867
+ queueIdx: index2("tasks_queue_idx").on(table.session_id, table.status, table.queue_position),
1868
+ // Partial unique index — defense-in-depth for `tasks.createPending` race
1869
+ // serialization. Only QUEUED rows are constrained; CREATED/RUNNING/done
1870
+ // rows have NULL queue_position and are unaffected.
1871
+ queuedPositionUnique: uniqueIndex2("tasks_queued_position_unique").on(table.session_id, table.queue_position).where(sql3`${table.status} = 'queued'`)
1833
1872
  })
1834
1873
  );
1835
1874
  serializedSessions2 = sqliteTable(
@@ -1889,11 +1928,9 @@ var init_schema_sqlite = __esm({
1889
1928
  // First 200 chars for list views
1890
1929
  // Parent tool use ID (for nested tool calls - e.g., Task tool spawning Read/Grep)
1891
1930
  parent_tool_use_id: text2("parent_tool_use_id"),
1892
- // Message queueing fields
1893
- status: text2("status", { enum: ["queued"] }),
1894
- // 'queued' or null (normal message)
1895
- queue_position: integer2("queue_position"),
1896
- // Position in queue (1, 2, 3, ...)
1931
+ // NOTE: queueing moved off `messages` and onto `tasks.status='queued'` as
1932
+ // of migration sqlite/0040 (postgres/0030). The legacy `status` and
1933
+ // `queue_position` columns are gone — see `tasks.queue_position` instead.
1897
1934
  // Full data (JSON blob)
1898
1935
  data: t2.json("data").$type().notNull()
1899
1936
  },
@@ -1901,8 +1938,7 @@ var init_schema_sqlite = __esm({
1901
1938
  // Indexes for efficient lookups
1902
1939
  sessionIdx: index2("messages_session_id_idx").on(table.session_id),
1903
1940
  taskIdx: index2("messages_task_id_idx").on(table.task_id),
1904
- sessionIndexIdx: index2("messages_session_index_idx").on(table.session_id, table.index),
1905
- queueIdx: index2("messages_queue_idx").on(table.session_id, table.status, table.queue_position)
1941
+ sessionIndexIdx: index2("messages_session_index_idx").on(table.session_id, table.index)
1906
1942
  })
1907
1943
  );
1908
1944
  boards2 = sqliteTable(
@@ -4190,7 +4226,7 @@ init_esm_shims();
4190
4226
  init_types();
4191
4227
  init_config_manager();
4192
4228
  init_ids();
4193
- import { and as and9, desc as desc2, eq as eq13, inArray as inArray2, isNotNull as isNotNull2, isNull as isNull2, like as like9, or as or3, sql as sql6 } from "drizzle-orm";
4229
+ import { and as and9, desc as desc2, eq as eq13, inArray as inArray2, isNotNull as isNotNull2, like as like9, or as or3, sql as sql6 } from "drizzle-orm";
4194
4230
  init_database_wrapper();
4195
4231
  init_schema();
4196
4232
 
@@ -4222,10 +4258,11 @@ import { and as and12, eq as eq17 } from "drizzle-orm";
4222
4258
  init_esm_shims();
4223
4259
  init_database_wrapper();
4224
4260
  init_schema();
4225
- import { and as and13, eq as eq18, isNull as isNull3 } from "drizzle-orm";
4261
+ import { and as and13, eq as eq18, isNull as isNull2 } from "drizzle-orm";
4226
4262
 
4227
4263
  // src/db/repositories/users.ts
4228
4264
  init_esm_shims();
4265
+ init_types();
4229
4266
  import { eq as eq19, like as like12 } from "drizzle-orm";
4230
4267
 
4231
4268
  // src/config/env-vars.ts
@@ -4265,8 +4302,9 @@ var UsersRepository = class {
4265
4302
  this.db = db;
4266
4303
  }
4267
4304
  /**
4268
- * Convert database row to User type
4269
- * Note: Converts encrypted API keys (strings) to boolean flags for API exposure
4305
+ * Convert database row to User type.
4306
+ * Converts the encrypted `agentic_tools` blob to a boolean presence DTO so
4307
+ * decrypted credentials never leave this repository.
4270
4308
  */
4271
4309
  rowToUser(row) {
4272
4310
  return {
@@ -4282,13 +4320,8 @@ var UsersRepository = class {
4282
4320
  must_change_password: row.must_change_password,
4283
4321
  avatar: row.data.avatar,
4284
4322
  preferences: row.data.preferences,
4285
- // Convert encrypted keys to boolean flags (true = key exists, false/undefined = no key)
4286
- api_keys: row.data.api_keys ? {
4287
- ANTHROPIC_API_KEY: !!row.data.api_keys.ANTHROPIC_API_KEY,
4288
- OPENAI_API_KEY: !!row.data.api_keys.OPENAI_API_KEY,
4289
- GEMINI_API_KEY: !!row.data.api_keys.GEMINI_API_KEY,
4290
- COPILOT_GITHUB_TOKEN: !!row.data.api_keys.COPILOT_GITHUB_TOKEN
4291
- } : void 0,
4323
+ // Convert encrypted per-tool credential blobs into boolean presence flags.
4324
+ agentic_tools: toAgenticToolsStatus(row.data.agentic_tools),
4292
4325
  // Convert stored env vars to presence + scope metadata (never exposes secrets).
4293
4326
  // Handles both legacy string form and v0.5 object form via normalizeStoredEnvMap.
4294
4327
  // The schema stores `scope` as a generic string (no SQL CHECK constraint); the
@@ -4332,10 +4365,17 @@ var UsersRepository = class {
4332
4365
  data: {
4333
4366
  avatar: user.avatar,
4334
4367
  preferences: user.preferences,
4335
- // Use raw API keys if provided (for internal operations like setApiKey)
4336
- api_keys: user.api_keys_raw,
4337
- env_vars: void 0,
4338
- // Not implemented yet
4368
+ // Encrypted per-tool credentials. Only forwarded when caller passes the
4369
+ // raw shape (internal credential mutators); regular updates leave it undefined,
4370
+ // letting the merge in `update()` reuse the existing on-disk blob.
4371
+ // Cast: schema declares `opencode: Record<string, never>` (no fields by
4372
+ // contract); StoredAgenticTools widens that to string values for shape
4373
+ // uniformity. Runtime never writes opencode, so the cast is safe.
4374
+ agentic_tools: user.agentic_tools_raw,
4375
+ // Same pass-through as agentic_tools: env_vars are encrypted blobs
4376
+ // not represented on the public DTO. `update()` threads the raw value
4377
+ // from the existing row so a generic field update doesn't wipe them.
4378
+ env_vars: user.env_vars_raw,
4339
4379
  default_agentic_config: user.default_agentic_config
4340
4380
  }
4341
4381
  };
@@ -4447,7 +4487,14 @@ var UsersRepository = class {
4447
4487
  );
4448
4488
  }
4449
4489
  }
4490
+ const rawRow = await this.getRawRow(fullId);
4450
4491
  const merged = { ...current, ...updates };
4492
+ if (rawRow?.data.agentic_tools) {
4493
+ merged.agentic_tools_raw = rawRow.data.agentic_tools;
4494
+ }
4495
+ if (rawRow?.data.env_vars) {
4496
+ merged.env_vars_raw = rawRow.data.env_vars;
4497
+ }
4451
4498
  const insertData = this.userToInsert(merged);
4452
4499
  await update(this.db, users3).set({
4453
4500
  ...insertData,
@@ -4482,96 +4529,103 @@ var UsersRepository = class {
4482
4529
  }
4483
4530
  }
4484
4531
  /**
4485
- * Get decrypted API key for a user and service
4532
+ * Get the full decrypted credential bag for a single agentic tool.
4486
4533
  *
4487
- * @param userId - User ID
4488
- * @param service - Service name ('anthropic', 'openai', 'gemini')
4489
- * @returns Decrypted API key or null if not found
4534
+ * Returns `null` when the user has no stored config for that tool.
4535
+ * Fields that fail to decrypt are dropped from the returned object and
4536
+ * logged callers see "missing field" rather than a thrown error so a
4537
+ * single corrupt value doesn't poison an entire SDK spawn.
4490
4538
  */
4491
- async getApiKey(userId, service) {
4539
+ async getToolConfig(userId, tool) {
4492
4540
  const row = await this.getRawRow(userId);
4493
- if (!row || !row.data.api_keys) {
4494
- return null;
4495
- }
4496
- const keyMap = {
4497
- anthropic: "ANTHROPIC_API_KEY",
4498
- openai: "OPENAI_API_KEY",
4499
- gemini: "GEMINI_API_KEY",
4500
- copilot: "COPILOT_GITHUB_TOKEN"
4501
- };
4502
- const encryptedKey = row.data.api_keys[keyMap[service]];
4503
- if (!encryptedKey) {
4504
- return null;
4541
+ if (!row) return null;
4542
+ const stored = row.data.agentic_tools;
4543
+ const fields = stored?.[tool];
4544
+ if (!fields || Object.keys(fields).length === 0) return null;
4545
+ const out = {};
4546
+ for (const [field, encrypted] of Object.entries(fields)) {
4547
+ if (!encrypted) continue;
4548
+ try {
4549
+ out[field] = decryptApiKey(encrypted);
4550
+ } catch (error) {
4551
+ console.error(
4552
+ `[users] Failed to decrypt ${tool}.${field} for user ${userId.substring(0, 8)}: ${error.message}`
4553
+ );
4554
+ }
4505
4555
  }
4556
+ return Object.keys(out).length > 0 ? out : null;
4557
+ }
4558
+ /**
4559
+ * Get a single decrypted credential field for a tool.
4560
+ *
4561
+ * Returns `null` when the field is unset OR when decryption fails (logged).
4562
+ * Throws only on storage-layer errors, not on missing/corrupt values.
4563
+ */
4564
+ async getToolConfigField(userId, tool, field) {
4565
+ const row = await this.getRawRow(userId);
4566
+ if (!row) return null;
4567
+ const stored = row.data.agentic_tools;
4568
+ const encrypted = stored?.[tool]?.[field];
4569
+ if (!encrypted) return null;
4506
4570
  try {
4507
- return decryptApiKey(encryptedKey);
4571
+ return decryptApiKey(encrypted);
4508
4572
  } catch (error) {
4509
- throw new RepositoryError(`Failed to decrypt API key for service ${service}`, error);
4573
+ console.error(
4574
+ `[users] Failed to decrypt ${tool}.${field} for user ${userId.substring(0, 8)}: ${error.message}`
4575
+ );
4576
+ return null;
4510
4577
  }
4511
4578
  }
4512
4579
  /**
4513
- * Set encrypted API key for a user and service
4580
+ * Set (encrypt + persist) a single credential field for a tool.
4514
4581
  *
4515
- * @param userId - User ID
4516
- * @param service - Service name ('anthropic', 'openai', 'gemini')
4517
- * @param apiKey - Plaintext API key to encrypt and store
4582
+ * Field names are env-var-shaped (e.g. ANTHROPIC_API_KEY, ANTHROPIC_BASE_URL)
4583
+ * and are stored encrypted regardless of whether the value is a secret —
4584
+ * keeping the on-disk shape uniform avoids decrypt-vs-plain branching at
4585
+ * read time. UI controls own the text-vs-password rendering distinction.
4518
4586
  */
4519
- async setApiKey(userId, service, apiKey) {
4587
+ async setToolConfigField(userId, tool, field, value) {
4520
4588
  const fullId = await this.resolveId(userId);
4521
4589
  const row = await this.getRawRow(fullId);
4522
4590
  if (!row) {
4523
4591
  throw new EntityNotFoundError("User", userId);
4524
4592
  }
4525
- const keyMap = {
4526
- anthropic: "ANTHROPIC_API_KEY",
4527
- openai: "OPENAI_API_KEY",
4528
- gemini: "GEMINI_API_KEY",
4529
- copilot: "COPILOT_GITHUB_TOKEN"
4530
- };
4531
- const encryptedKey = encryptApiKey(apiKey);
4532
- const updatedApiKeys = {
4533
- ...row.data.api_keys || {},
4534
- [keyMap[service]]: encryptedKey
4535
- };
4536
- const user = this.rowToUser(row);
4537
- const updateData = {
4538
- ...user,
4539
- api_keys_raw: updatedApiKeys
4593
+ const stored = row.data.agentic_tools ?? {};
4594
+ const next = {
4595
+ ...stored,
4596
+ [tool]: {
4597
+ ...stored[tool] ?? {},
4598
+ [field]: encryptApiKey(value)
4599
+ }
4540
4600
  };
4541
- const insertData = this.userToInsert(updateData);
4542
4601
  await update(this.db, users3).set({
4543
- ...insertData,
4602
+ data: { ...row.data, agentic_tools: next },
4544
4603
  updated_at: /* @__PURE__ */ new Date()
4545
4604
  }).where(eq19(users3.user_id, fullId)).run();
4546
4605
  }
4547
4606
  /**
4548
- * Delete API key for a user and service
4607
+ * Delete a single credential field for a tool.
4549
4608
  *
4550
- * @param userId - User ID
4551
- * @param service - Service name ('anthropic', 'openai', 'gemini')
4609
+ * If the tool's bucket becomes empty after the delete, the bucket itself is
4610
+ * removed so `data.agentic_tools` doesn't accumulate empty objects.
4552
4611
  */
4553
- async deleteApiKey(userId, service) {
4612
+ async deleteToolConfigField(userId, tool, field) {
4554
4613
  const fullId = await this.resolveId(userId);
4555
4614
  const row = await this.getRawRow(fullId);
4556
4615
  if (!row) {
4557
4616
  throw new EntityNotFoundError("User", userId);
4558
4617
  }
4559
- const keyMap = {
4560
- anthropic: "ANTHROPIC_API_KEY",
4561
- openai: "OPENAI_API_KEY",
4562
- gemini: "GEMINI_API_KEY",
4563
- copilot: "COPILOT_GITHUB_TOKEN"
4564
- };
4565
- const updatedApiKeys = { ...row.data.api_keys || {} };
4566
- delete updatedApiKeys[keyMap[service]];
4567
- const user = this.rowToUser(row);
4568
- const updateData = {
4569
- ...user,
4570
- api_keys_raw: updatedApiKeys
4571
- };
4572
- const insertData = this.userToInsert(updateData);
4618
+ const stored = row.data.agentic_tools ?? {};
4619
+ const toolFields = { ...stored[tool] ?? {} };
4620
+ delete toolFields[field];
4621
+ const next = { ...stored };
4622
+ if (Object.keys(toolFields).length > 0) {
4623
+ next[tool] = toolFields;
4624
+ } else {
4625
+ delete next[tool];
4626
+ }
4573
4627
  await update(this.db, users3).set({
4574
- ...insertData,
4628
+ data: { ...row.data, agentic_tools: next },
4575
4629
  updated_at: /* @__PURE__ */ new Date()
4576
4630
  }).where(eq19(users3.user_id, fullId)).run();
4577
4631
  }
@@ -4583,18 +4637,7 @@ init_types();
4583
4637
  init_ids();
4584
4638
  init_database_wrapper();
4585
4639
  init_schema();
4586
- import {
4587
- and as and14,
4588
- desc as desc3,
4589
- eq as eq20,
4590
- getTableColumns,
4591
- inArray as inArray3,
4592
- isNotNull as isNotNull3,
4593
- isNull as isNull4,
4594
- like as like13,
4595
- or as or4,
4596
- sql as sql8
4597
- } from "drizzle-orm";
4640
+ import { and as and14, desc as desc3, eq as eq20, getTableColumns, inArray as inArray3, isNotNull as isNotNull3, like as like13, or as or4, sql as sql8 } from "drizzle-orm";
4598
4641
  var WorktreeRepository = class {
4599
4642
  constructor(db) {
4600
4643
  this.db = db;
@@ -5122,14 +5165,7 @@ var WorktreeRepository = class {
5122
5165
  for (const sessionId of sessionIds) {
5123
5166
  const query = select(this.db, {
5124
5167
  data: messagesTable.data
5125
- }).from(messagesTable).where(
5126
- and14(
5127
- eq20(messagesTable.session_id, sessionId),
5128
- eq20(messagesTable.role, "assistant"),
5129
- isNull4(messagesTable.status)
5130
- // Exclude queued messages
5131
- )
5132
- );
5168
+ }).from(messagesTable).where(and14(eq20(messagesTable.session_id, sessionId), eq20(messagesTable.role, "assistant")));
5133
5169
  const lastMessage = await query.orderBy(desc3(messagesTable.index)).limit(1).one();
5134
5170
  if (lastMessage) {
5135
5171
  const messageData = lastMessage.data;
@@ -1,6 +1,6 @@
1
1
  import { e as UUID, S as SessionID } from './id-CoIbY_uc.js';
2
2
  import { a as Session } from './session-CAfhv1qL.js';
3
- import { j as Database } from './client-C1CsRi19.js';
3
+ import { j as Database } from './client-uYEOha6g.js';
4
4
 
5
5
  /**
6
6
  * Base Repository Interface
@@ -1,6 +1,6 @@
1
1
  import { e as UUID, S as SessionID } from './id-CoIbY_uc.cjs';
2
2
  import { a as Session } from './session-MNU4BQv4.cjs';
3
- import { j as Database } from './client-B5PyIvNc.cjs';
3
+ import { j as Database } from './client-CemqXk0v.cjs';
4
4
 
5
5
  /**
6
6
  * Base Repository Interface
@@ -0,0 +1,184 @@
1
+ "use strict";
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
4
+ var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ var __export = (target, all) => {
7
+ for (var name in all)
8
+ __defProp(target, name, { get: all[name], enumerable: true });
9
+ };
10
+ var __copyProps = (to, from, except, desc) => {
11
+ if (from && typeof from === "object" || typeof from === "function") {
12
+ for (let key of __getOwnPropNames(from))
13
+ if (!__hasOwnProp.call(to, key) && key !== except)
14
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
15
+ }
16
+ return to;
17
+ };
18
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
19
+
20
+ // src/sessions/index.ts
21
+ var sessions_exports = {};
22
+ __export(sessions_exports, {
23
+ resolveSessionDefaults: () => resolveSessionDefaults
24
+ });
25
+ module.exports = __toCommonJS(sessions_exports);
26
+
27
+ // src/models/resolve-config.ts
28
+ function resolveModelConfig(input, opts) {
29
+ if (!input?.model) return void 0;
30
+ return {
31
+ mode: input.mode ?? "alias",
32
+ model: input.model,
33
+ updated_at: (opts?.now ?? /* @__PURE__ */ new Date()).toISOString(),
34
+ ...input.effort !== void 0 && { effort: input.effort },
35
+ ...input.provider !== void 0 && { provider: input.provider }
36
+ };
37
+ }
38
+
39
+ // src/types/session.ts
40
+ function getDefaultPermissionMode(agenticTool) {
41
+ switch (agenticTool) {
42
+ case "gemini":
43
+ return "autoEdit";
44
+ // Native Gemini SDK mode
45
+ case "codex":
46
+ return "auto";
47
+ // Native Codex SDK mode
48
+ case "opencode":
49
+ return "autoEdit";
50
+ // OpenCode auto-approves, similar to Gemini
51
+ case "copilot":
52
+ return "acceptEdits";
53
+ // Copilot uses same semantics as Claude Code
54
+ default:
55
+ return "acceptEdits";
56
+ }
57
+ }
58
+
59
+ // src/utils/permission-mode-mapper.ts
60
+ function mapPermissionMode(mode, agenticTool) {
61
+ switch (agenticTool) {
62
+ case "claude-code":
63
+ case "copilot":
64
+ switch (mode) {
65
+ // Native Claude modes - pass through
66
+ case "default":
67
+ case "acceptEdits":
68
+ case "bypassPermissions":
69
+ case "plan":
70
+ case "dontAsk":
71
+ return mode;
72
+ // Gemini modes → Claude equivalents
73
+ case "autoEdit":
74
+ return "acceptEdits";
75
+ case "yolo":
76
+ return "bypassPermissions";
77
+ // Codex modes → Claude equivalents
78
+ case "ask":
79
+ return "default";
80
+ case "auto":
81
+ return "acceptEdits";
82
+ case "on-failure":
83
+ return "acceptEdits";
84
+ case "allow-all":
85
+ return "bypassPermissions";
86
+ default:
87
+ return "acceptEdits";
88
+ }
89
+ case "gemini":
90
+ case "opencode":
91
+ switch (mode) {
92
+ // Native Gemini modes - pass through
93
+ case "default":
94
+ case "autoEdit":
95
+ case "yolo":
96
+ return mode;
97
+ // Claude modes → Gemini equivalents
98
+ case "acceptEdits":
99
+ return "autoEdit";
100
+ case "bypassPermissions":
101
+ case "dontAsk":
102
+ return "yolo";
103
+ case "plan":
104
+ return "default";
105
+ // Plan mode → restrictive
106
+ // Codex modes → Gemini equivalents
107
+ case "ask":
108
+ return "default";
109
+ case "auto":
110
+ return "autoEdit";
111
+ case "on-failure":
112
+ return "autoEdit";
113
+ case "allow-all":
114
+ return "yolo";
115
+ default:
116
+ return "autoEdit";
117
+ }
118
+ case "codex":
119
+ switch (mode) {
120
+ // Native Codex modes - pass through
121
+ case "ask":
122
+ case "auto":
123
+ case "on-failure":
124
+ case "allow-all":
125
+ return mode;
126
+ // Claude modes → Codex equivalents
127
+ case "default":
128
+ return "ask";
129
+ case "acceptEdits":
130
+ return "auto";
131
+ case "bypassPermissions":
132
+ case "dontAsk":
133
+ return "allow-all";
134
+ case "plan":
135
+ return "ask";
136
+ // Gemini modes → Codex equivalents
137
+ case "autoEdit":
138
+ return "auto";
139
+ case "yolo":
140
+ return "allow-all";
141
+ default:
142
+ return "auto";
143
+ }
144
+ default:
145
+ return mode;
146
+ }
147
+ }
148
+
149
+ // src/sessions/resolve-session-defaults.ts
150
+ function resolveSessionDefaults(args) {
151
+ const { agenticTool, user, worktree, overrides, now } = args;
152
+ const userToolDefaults = user?.default_agentic_config?.[agenticTool];
153
+ const requestedMode = overrides?.permissionMode ?? userToolDefaults?.permissionMode ?? getDefaultPermissionMode(agenticTool);
154
+ const permissionMode = mapPermissionMode(requestedMode, agenticTool);
155
+ const permission_config = {
156
+ mode: permissionMode
157
+ };
158
+ if (agenticTool === "codex") {
159
+ const sandboxMode = overrides?.codexSandboxMode ?? userToolDefaults?.codexSandboxMode;
160
+ const approvalPolicy = overrides?.codexApprovalPolicy ?? userToolDefaults?.codexApprovalPolicy;
161
+ const networkAccess = overrides?.codexNetworkAccess ?? userToolDefaults?.codexNetworkAccess;
162
+ if (sandboxMode && approvalPolicy) {
163
+ permission_config.codex = {
164
+ sandboxMode,
165
+ approvalPolicy,
166
+ ...networkAccess !== void 0 && { networkAccess }
167
+ };
168
+ }
169
+ }
170
+ const model_config = resolveModelConfig(overrides?.modelConfig, { now }) ?? resolveModelConfig(userToolDefaults?.modelConfig, { now });
171
+ let mcp_server_ids;
172
+ if (overrides?.mcpServerIds !== void 0) {
173
+ mcp_server_ids = overrides.mcpServerIds;
174
+ } else if (worktree?.mcp_server_ids && worktree.mcp_server_ids.length > 0) {
175
+ mcp_server_ids = worktree.mcp_server_ids;
176
+ } else {
177
+ mcp_server_ids = userToolDefaults?.mcpServerIds ?? [];
178
+ }
179
+ return { permission_config, model_config, mcp_server_ids };
180
+ }
181
+ // Annotate the CommonJS export names for ESM import in node:
182
+ 0 && (module.exports = {
183
+ resolveSessionDefaults
184
+ });