agor-live 0.17.2 → 0.17.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (316) hide show
  1. package/dist/cli/lib/banner.d.ts +1 -1
  2. package/dist/cli/lib/banner.js +1 -1
  3. package/dist/cli/lib/check-migrations.test.js +9627 -9112
  4. package/dist/cli/lib/daemon-manager.test.js +9632 -9117
  5. package/dist/cli/lib/help.js +1 -1
  6. package/dist/core/api/index.d.cts +3 -3
  7. package/dist/core/api/index.d.ts +3 -3
  8. package/dist/core/{board-comment-DIdOJrSF.d.cts → board-comment-CCFVVN7K.d.cts} +0 -2
  9. package/dist/core/{board-comment-3N-jSgsk.d.ts → board-comment-iT3DgZb4.d.ts} +0 -2
  10. package/dist/core/claude/index.cjs +29 -19
  11. package/dist/core/claude/index.d.cts +2 -2
  12. package/dist/core/claude/index.d.ts +2 -2
  13. package/dist/core/claude/index.js +32 -33
  14. package/dist/core/client/index.cjs +49 -0
  15. package/dist/core/client/index.d.cts +7 -7
  16. package/dist/core/client/index.d.ts +7 -7
  17. package/dist/core/client/index.js +46 -0
  18. package/dist/core/{client-B5PyIvNc.d.cts → client-CemqXk0v.d.cts} +116 -100
  19. package/dist/core/{client-C1CsRi19.d.ts → client-uYEOha6g.d.ts} +116 -100
  20. package/dist/core/config/browser.d.cts +3 -3
  21. package/dist/core/config/browser.d.ts +3 -3
  22. package/dist/core/config/index.cjs +84 -41
  23. package/dist/core/config/index.d.cts +59 -17
  24. package/dist/core/config/index.d.ts +59 -17
  25. package/dist/core/config/index.js +86 -55
  26. package/dist/core/{config-manager-TxxjFMRd.d.cts → config-manager-B8TP9Kz0.d.cts} +12 -3
  27. package/dist/core/{config-manager-DTrsj6G3.d.ts → config-manager-CDEB0FY4.d.ts} +12 -3
  28. package/dist/core/{config-services-YEZ4DwCD.d.cts → config-services-CXyQKEK5.d.cts} +1 -1
  29. package/dist/core/{config-services-DcO2GRgh.d.ts → config-services-DhM7_yWn.d.ts} +1 -1
  30. package/dist/core/db/index.cjs +235 -175
  31. package/dist/core/db/index.d.cts +190 -147
  32. package/dist/core/db/index.d.ts +190 -147
  33. package/dist/core/db/index.js +239 -190
  34. package/dist/core/db/session-guard.d.cts +4 -4
  35. package/dist/core/db/session-guard.d.ts +4 -4
  36. package/dist/core/drizzle/postgres/0028_queued_tasks.sql +8 -0
  37. package/dist/core/drizzle/postgres/0030_migrate_queued_messages.sql +24 -0
  38. package/dist/core/drizzle/postgres/0031_restructure_agentic_tool_config.sql +201 -0
  39. package/dist/core/drizzle/postgres/meta/_journal.json +21 -0
  40. package/dist/core/drizzle/sqlite/0039_queued_tasks.sql +13 -0
  41. package/dist/core/drizzle/sqlite/0040_migrate_queued_messages.sql +61 -0
  42. package/dist/core/drizzle/sqlite/0041_restructure_agentic_tool_config.sql +204 -0
  43. package/dist/core/drizzle/sqlite/meta/_journal.json +21 -0
  44. package/dist/core/gateway/index.d.cts +2 -2
  45. package/dist/core/gateway/index.d.ts +2 -2
  46. package/dist/core/{gateway-BnOlAelY.d.cts → gateway-BWq4j_Ll.d.cts} +1 -1
  47. package/dist/core/{gateway-B_4X-v07.d.ts → gateway-C3Jm_akw.d.ts} +1 -1
  48. package/dist/core/git/index.d.cts +4 -4
  49. package/dist/core/git/index.d.ts +4 -4
  50. package/dist/core/index.cjs +474 -201
  51. package/dist/core/index.d.cts +12 -10
  52. package/dist/core/index.d.ts +12 -10
  53. package/dist/core/index.js +473 -216
  54. package/dist/core/lib/feathers-validation.cjs +2 -1
  55. package/dist/core/lib/feathers-validation.d.cts +1 -1
  56. package/dist/core/lib/feathers-validation.d.ts +1 -1
  57. package/dist/core/lib/feathers-validation.js +2 -1
  58. package/dist/core/mcp/index.cjs +26 -16
  59. package/dist/core/mcp/index.js +26 -16
  60. package/dist/core/{message-DinITA7a.d.cts → message-CSWOsdcZ.d.cts} +1 -9
  61. package/dist/core/{message-CHUUP6OS.d.ts → message-DZa8g0s0.d.ts} +1 -9
  62. package/dist/core/models/index.d.cts +3 -73
  63. package/dist/core/models/index.d.ts +3 -73
  64. package/dist/core/package.json +5 -0
  65. package/dist/core/permissions/index.d.cts +1 -1
  66. package/dist/core/permissions/index.d.ts +1 -1
  67. package/dist/core/resolve-config-BcL-Hv8k.d.ts +74 -0
  68. package/dist/core/resolve-config-DTCxuSBx.d.cts +74 -0
  69. package/dist/core/seed/index.cjs +145 -98
  70. package/dist/core/seed/index.js +148 -112
  71. package/dist/core/{session-guard-C0LkDEN7.d.ts → session-guard-BFqVtBoS.d.ts} +1 -1
  72. package/dist/core/{session-guard-kvAx_8Fb.d.cts → session-guard-KHh0cnET.d.cts} +1 -1
  73. package/dist/core/sessions/index.cjs +184 -0
  74. package/dist/core/sessions/index.d.cts +79 -0
  75. package/dist/core/sessions/index.d.ts +79 -0
  76. package/dist/core/sessions/index.js +157 -0
  77. package/dist/core/{task-BLPFCORT.d.ts → task-BHV-YHg1.d.ts} +41 -3
  78. package/dist/core/{task-wht1RJEL.d.cts → task-C2Hy7H6u.d.cts} +41 -3
  79. package/dist/core/templates/session-context.d.cts +1 -1
  80. package/dist/core/templates/session-context.d.ts +1 -1
  81. package/dist/core/tools/mcp/oauth-mcp-transport.cjs +168 -66
  82. package/dist/core/tools/mcp/oauth-mcp-transport.d.cts +92 -16
  83. package/dist/core/tools/mcp/oauth-mcp-transport.d.ts +92 -16
  84. package/dist/core/tools/mcp/oauth-mcp-transport.js +165 -66
  85. package/dist/core/tools/mcp/oauth-refresh.cjs +43 -53
  86. package/dist/core/tools/mcp/oauth-refresh.d.cts +3 -3
  87. package/dist/core/tools/mcp/oauth-refresh.d.ts +3 -3
  88. package/dist/core/tools/mcp/oauth-refresh.js +58 -78
  89. package/dist/core/types/index.cjs +49 -0
  90. package/dist/core/types/index.d.cts +7 -7
  91. package/dist/core/types/index.d.ts +7 -7
  92. package/dist/core/types/index.js +46 -0
  93. package/dist/core/{types-DNqfdt1z.d.cts → types-D4Rl6ZKN.d.cts} +18 -2
  94. package/dist/core/{types-DqPMmTad.d.ts → types-n61iaXub.d.ts} +18 -2
  95. package/dist/core/unix/index.cjs +164 -110
  96. package/dist/core/unix/index.d.cts +7 -8
  97. package/dist/core/unix/index.d.ts +7 -8
  98. package/dist/core/unix/index.js +167 -124
  99. package/dist/core/{user-DkNdeFoz.d.cts → user-CpfkcV2C.d.cts} +139 -13
  100. package/dist/core/{user-BfVWBmXA.d.ts → user-DP-XZMIM.d.ts} +139 -13
  101. package/dist/core/utils/permission-mode-mapper.d.cts +0 -2
  102. package/dist/core/utils/permission-mode-mapper.d.ts +0 -2
  103. package/dist/daemon/index.js +2976 -2791
  104. package/dist/daemon/main.js +2976 -2791
  105. package/dist/daemon/mcp/server.js +177 -134
  106. package/dist/daemon/mcp/tools/analytics.js +19 -5
  107. package/dist/daemon/mcp/tools/artifacts.js +19 -5
  108. package/dist/daemon/mcp/tools/boards.js +19 -5
  109. package/dist/daemon/mcp/tools/card-types.js +19 -5
  110. package/dist/daemon/mcp/tools/cards.js +19 -5
  111. package/dist/daemon/mcp/tools/environment.js +19 -5
  112. package/dist/daemon/mcp/tools/mcp-servers.d.ts +29 -2
  113. package/dist/daemon/mcp/tools/mcp-servers.js +64 -54
  114. package/dist/daemon/mcp/tools/messages.js +19 -5
  115. package/dist/daemon/mcp/tools/repos.js +19 -5
  116. package/dist/daemon/mcp/tools/search.js +19 -5
  117. package/dist/daemon/mcp/tools/sessions.js +175 -53
  118. package/dist/daemon/mcp/tools/tasks.js +19 -5
  119. package/dist/daemon/mcp/tools/users.js +19 -5
  120. package/dist/daemon/mcp/tools/worktrees.js +37 -38
  121. package/dist/daemon/register-hooks.js +52 -1
  122. package/dist/daemon/register-routes.js +436 -424
  123. package/dist/daemon/register-services.js +255 -140
  124. package/dist/daemon/services/config.d.ts +7 -1
  125. package/dist/daemon/services/config.js +3 -2
  126. package/dist/daemon/services/gateway.js +28 -15
  127. package/dist/daemon/services/mcp-servers.d.ts +7 -2
  128. package/dist/daemon/services/repos.js +2 -0
  129. package/dist/daemon/services/sessions.d.ts +1 -1
  130. package/dist/daemon/services/sessions.js +8 -16
  131. package/dist/daemon/services/tasks.js +16 -10
  132. package/dist/daemon/services/terminals.js +2 -0
  133. package/dist/daemon/services/users.d.ts +27 -11
  134. package/dist/daemon/services/users.js +89 -43
  135. package/dist/daemon/services/worktree-owners.js +2 -0
  136. package/dist/daemon/services/worktrees.js +2 -0
  137. package/dist/daemon/setup/index.js +5 -2
  138. package/dist/daemon/setup/socketio.d.ts +10 -1
  139. package/dist/daemon/setup/socketio.js +7 -3
  140. package/dist/daemon/startup.js +13 -1
  141. package/dist/daemon/utils/apply-session-config-defaults.d.ts +54 -0
  142. package/dist/daemon/utils/apply-session-config-defaults.js +46 -0
  143. package/dist/daemon/utils/spawn-executor.js +2 -0
  144. package/dist/daemon/utils/worktree-authorization.d.ts +2 -4
  145. package/dist/executor/commands/zellij.d.ts.map +1 -1
  146. package/dist/executor/commands/zellij.js +2 -2
  147. package/dist/executor/handlers/sdk/base-executor.d.ts +4 -3
  148. package/dist/executor/handlers/sdk/base-executor.d.ts.map +1 -1
  149. package/dist/executor/handlers/sdk/base-executor.js +11 -5
  150. package/dist/executor/payload-types.d.ts +14 -14
  151. package/dist/executor/sdk-handlers/claude/claude-tool.d.ts.map +1 -1
  152. package/dist/executor/sdk-handlers/claude/claude-tool.js +9 -4
  153. package/dist/executor/sdk-handlers/claude/import/task-extractor.d.ts.map +1 -1
  154. package/dist/executor/sdk-handlers/claude/import/task-extractor.js +0 -5
  155. package/dist/executor/sdk-handlers/claude/message-builder.d.ts +23 -2
  156. package/dist/executor/sdk-handlers/claude/message-builder.d.ts.map +1 -1
  157. package/dist/executor/sdk-handlers/claude/message-builder.js +33 -2
  158. package/dist/executor/sdk-handlers/claude/permissions/permission-hooks.d.ts +9 -1
  159. package/dist/executor/sdk-handlers/claude/permissions/permission-hooks.d.ts.map +1 -1
  160. package/dist/executor/sdk-handlers/claude/permissions/permission-hooks.js +12 -0
  161. package/dist/executor/sdk-handlers/claude/query-builder.d.ts.map +1 -1
  162. package/dist/executor/sdk-handlers/claude/query-builder.js +11 -6
  163. package/dist/executor/sdk-handlers/codex/codex-tool.d.ts +0 -5
  164. package/dist/executor/sdk-handlers/codex/codex-tool.d.ts.map +1 -1
  165. package/dist/executor/sdk-handlers/codex/codex-tool.js +9 -24
  166. package/dist/executor/sdk-handlers/codex/prompt-service.d.ts +15 -2
  167. package/dist/executor/sdk-handlers/codex/prompt-service.d.ts.map +1 -1
  168. package/dist/executor/sdk-handlers/codex/prompt-service.js +39 -10
  169. package/dist/executor/sdk-handlers/copilot/copilot-tool.d.ts +0 -5
  170. package/dist/executor/sdk-handlers/copilot/copilot-tool.d.ts.map +1 -1
  171. package/dist/executor/sdk-handlers/copilot/copilot-tool.js +5 -22
  172. package/dist/executor/sdk-handlers/gemini/gemini-tool.d.ts +0 -5
  173. package/dist/executor/sdk-handlers/gemini/gemini-tool.d.ts.map +1 -1
  174. package/dist/executor/sdk-handlers/gemini/gemini-tool.js +9 -24
  175. package/dist/ui/assets/{CodeEditor.inner-CO-5PAnZ.js → CodeEditor.inner-CVLqZBtM.js} +1 -1
  176. package/dist/ui/assets/{CodeEditor.inner-CO-5PAnZ.js.gz → CodeEditor.inner-CVLqZBtM.js.gz} +0 -0
  177. package/dist/ui/assets/{_basePickBy-DfxojsEt.js → _basePickBy-CFq5ES2J.js} +1 -1
  178. package/dist/ui/assets/_basePickBy-CFq5ES2J.js.gz +0 -0
  179. package/dist/ui/assets/{_baseUniq-DWFPJOTC.js → _baseUniq-C4uKBvNt.js} +1 -1
  180. package/dist/ui/assets/_baseUniq-C4uKBvNt.js.gz +0 -0
  181. package/dist/ui/assets/{arc-vMZ_XGSI.js → arc-BnrcXDJJ.js} +1 -1
  182. package/dist/ui/assets/arc-BnrcXDJJ.js.gz +0 -0
  183. package/dist/ui/assets/{architectureDiagram-VXUJARFQ-DGpk_uOD.js → architectureDiagram-VXUJARFQ-DD9HD-WR.js} +1 -1
  184. package/dist/ui/assets/architectureDiagram-VXUJARFQ-DD9HD-WR.js.gz +0 -0
  185. package/dist/ui/assets/{base-80a1f760-BsVlOKqO.js → base-80a1f760-BK1VmxWU.js} +1 -1
  186. package/dist/ui/assets/{blockDiagram-VD42YOAC-BkRnxc94.js → blockDiagram-VD42YOAC-LBAckZZe.js} +1 -1
  187. package/dist/ui/assets/blockDiagram-VD42YOAC-LBAckZZe.js.gz +0 -0
  188. package/dist/ui/assets/{c4Diagram-YG6GDRKO-Dcf-anJy.js → c4Diagram-YG6GDRKO-yEdylcYP.js} +1 -1
  189. package/dist/ui/assets/{c4Diagram-YG6GDRKO-Dcf-anJy.js.gz → c4Diagram-YG6GDRKO-yEdylcYP.js.gz} +0 -0
  190. package/dist/ui/assets/channel-CMN-iY3Q.js +1 -0
  191. package/dist/ui/assets/{chunk-4BX2VUAB-C4oVWDo8.js → chunk-4BX2VUAB-IHtzKbmQ.js} +1 -1
  192. package/dist/ui/assets/{chunk-55IACEB6-CsBbTu57.js → chunk-55IACEB6-C4o5tv_F.js} +1 -1
  193. package/dist/ui/assets/{chunk-B4BG7PRW-DtkeCZab.js → chunk-B4BG7PRW-EPkzLvlB.js} +1 -1
  194. package/dist/ui/assets/chunk-B4BG7PRW-EPkzLvlB.js.gz +0 -0
  195. package/dist/ui/assets/{chunk-DI55MBZ5-BQ_asW-1.js → chunk-DI55MBZ5-CW-Bzkzj.js} +1 -1
  196. package/dist/ui/assets/chunk-DI55MBZ5-CW-Bzkzj.js.gz +0 -0
  197. package/dist/ui/assets/{chunk-FMBD7UC4-DAdcLNG-.js → chunk-FMBD7UC4-DvGU02Io.js} +1 -1
  198. package/dist/ui/assets/{chunk-QN33PNHL-Do2zad3m.js → chunk-QN33PNHL-C-PIlz9n.js} +1 -1
  199. package/dist/ui/assets/{chunk-QZHKN3VN-CyhMmSdC.js → chunk-QZHKN3VN-BhpJFm6h.js} +1 -1
  200. package/dist/ui/assets/{chunk-TZMSLE5B-DlPypnIq.js → chunk-TZMSLE5B-Biake8IU.js} +1 -1
  201. package/dist/ui/assets/chunk-TZMSLE5B-Biake8IU.js.gz +0 -0
  202. package/dist/ui/assets/classDiagram-2ON5EDUG-Bz1et8oA.js +1 -0
  203. package/dist/ui/assets/classDiagram-v2-WZHVMYZB-Bz1et8oA.js +1 -0
  204. package/dist/ui/assets/clone-Dxo5sEAf.js +1 -0
  205. package/dist/ui/assets/{consoleHook-59e792cb-DHYIclEd.js → consoleHook-59e792cb-BzEkHWE8.js} +1 -1
  206. package/dist/ui/assets/consoleHook-59e792cb-BzEkHWE8.js.gz +0 -0
  207. package/dist/ui/assets/{cose-bilkent-S5V4N54A-DotJH9qH.js → cose-bilkent-S5V4N54A-vAiVi74s.js} +1 -1
  208. package/dist/ui/assets/cose-bilkent-S5V4N54A-vAiVi74s.js.gz +0 -0
  209. package/dist/ui/assets/{dagre-6UL2VRFP-Btssr8QF.js → dagre-6UL2VRFP-C8w7TshD.js} +1 -1
  210. package/dist/ui/assets/dagre-6UL2VRFP-C8w7TshD.js.gz +0 -0
  211. package/dist/ui/assets/{diagram-PSM6KHXK-D5_Jkog3.js → diagram-PSM6KHXK-CvnjEmtQ.js} +1 -1
  212. package/dist/ui/assets/diagram-PSM6KHXK-CvnjEmtQ.js.gz +0 -0
  213. package/dist/ui/assets/{diagram-QEK2KX5R-DlPEVSL5.js → diagram-QEK2KX5R-D245unng.js} +1 -1
  214. package/dist/ui/assets/diagram-QEK2KX5R-D245unng.js.gz +0 -0
  215. package/dist/ui/assets/{diagram-S2PKOQOG-CjO1k8aG.js → diagram-S2PKOQOG-DgGUHL8Z.js} +1 -1
  216. package/dist/ui/assets/diagram-S2PKOQOG-DgGUHL8Z.js.gz +0 -0
  217. package/dist/ui/assets/{erDiagram-Q2GNP2WA-3cO02-K3.js → erDiagram-Q2GNP2WA-Cf5paK9b.js} +1 -1
  218. package/dist/ui/assets/erDiagram-Q2GNP2WA-Cf5paK9b.js.gz +0 -0
  219. package/dist/ui/assets/{flowDiagram-NV44I4VS-CajTpSxI.js → flowDiagram-NV44I4VS-BJpHmEXV.js} +1 -1
  220. package/dist/ui/assets/flowDiagram-NV44I4VS-BJpHmEXV.js.gz +0 -0
  221. package/dist/ui/assets/{ganttDiagram-LVOFAZNH-CnY_bV3o.js → ganttDiagram-LVOFAZNH-zOyTZcXC.js} +1 -1
  222. package/dist/ui/assets/{ganttDiagram-LVOFAZNH-CnY_bV3o.js.gz → ganttDiagram-LVOFAZNH-zOyTZcXC.js.gz} +0 -0
  223. package/dist/ui/assets/{gitGraphDiagram-NY62KEGX-CH16bg-j.js → gitGraphDiagram-NY62KEGX-B0uxwqMv.js} +1 -1
  224. package/dist/ui/assets/gitGraphDiagram-NY62KEGX-B0uxwqMv.js.gz +0 -0
  225. package/dist/ui/assets/{graph-IQoZvE3o.js → graph-NWXc73TO.js} +1 -1
  226. package/dist/ui/assets/graph-NWXc73TO.js.gz +0 -0
  227. package/dist/ui/assets/{index-599aeaf7-RUCkgwsg.js → index-599aeaf7-BKmNqoNF.js} +1 -1
  228. package/dist/ui/assets/index-599aeaf7-BKmNqoNF.js.gz +0 -0
  229. package/dist/ui/assets/{index-B3AvIgqP.js → index-BRYNiHLB.js} +345 -349
  230. package/dist/ui/assets/index-BRYNiHLB.js.gz +0 -0
  231. package/dist/ui/assets/{index-QV5-5yA2.js → index-BX6Xmhes.js} +1 -1
  232. package/dist/ui/assets/index-BX6Xmhes.js.gz +0 -0
  233. package/dist/ui/assets/{index-ChmRuj_T.js → index-W1hIq1uU.js} +1 -1
  234. package/dist/ui/assets/index-W1hIq1uU.js.gz +0 -0
  235. package/dist/ui/assets/{index-C-quzPWC.js → index-ctuok0zf.js} +1 -1
  236. package/dist/ui/assets/index-ctuok0zf.js.gz +0 -0
  237. package/dist/ui/assets/{infoDiagram-ER5ION4S-2e4gZVGT.js → infoDiagram-ER5ION4S-CquCuoTH.js} +1 -1
  238. package/dist/ui/assets/{journeyDiagram-XKPGCS4Q-B5bgV3GH.js → journeyDiagram-XKPGCS4Q-B_XkufZ8.js} +1 -1
  239. package/dist/ui/assets/journeyDiagram-XKPGCS4Q-B_XkufZ8.js.gz +0 -0
  240. package/dist/ui/assets/{kanban-definition-3W4ZIXB7-Bp-aWRSc.js → kanban-definition-3W4ZIXB7-C2Bo9HkB.js} +1 -1
  241. package/dist/ui/assets/kanban-definition-3W4ZIXB7-C2Bo9HkB.js.gz +0 -0
  242. package/dist/ui/assets/katex-C6wkUDai.css +1 -0
  243. package/dist/ui/assets/{katex-DGRguze2.css.gz → katex-C6wkUDai.css.gz} +0 -0
  244. package/dist/ui/assets/{layout-BH-2XJZq.js → layout-D9A7Uaku.js} +1 -1
  245. package/dist/ui/assets/layout-D9A7Uaku.js.gz +0 -0
  246. package/dist/ui/assets/{linear-DCYXhl_f.js → linear-BJUwJsxE.js} +1 -1
  247. package/dist/ui/assets/linear-BJUwJsxE.js.gz +0 -0
  248. package/dist/ui/assets/{mermaid.core-BAuL6kgQ.js → mermaid.core-DcOEcjcA.js} +5 -5
  249. package/dist/ui/assets/mermaid.core-DcOEcjcA.js.gz +0 -0
  250. package/dist/ui/assets/{mindmap-definition-VGOIOE7T-DpH5N-N0.js → mindmap-definition-VGOIOE7T-BFT1m7BG.js} +1 -1
  251. package/dist/ui/assets/mindmap-definition-VGOIOE7T-BFT1m7BG.js.gz +0 -0
  252. package/dist/ui/assets/{pieDiagram-ADFJNKIX-BB8fBxj1.js → pieDiagram-ADFJNKIX-BFaX1oBV.js} +1 -1
  253. package/dist/ui/assets/pieDiagram-ADFJNKIX-BFaX1oBV.js.gz +0 -0
  254. package/dist/ui/assets/{quadrantDiagram-AYHSOK5B-D6oZLdUD.js → quadrantDiagram-AYHSOK5B-DQps5392.js} +1 -1
  255. package/dist/ui/assets/quadrantDiagram-AYHSOK5B-DQps5392.js.gz +0 -0
  256. package/dist/ui/assets/{requirementDiagram-UZGBJVZJ-B4uGPp8w.js → requirementDiagram-UZGBJVZJ-3EZ5KWEi.js} +1 -1
  257. package/dist/ui/assets/requirementDiagram-UZGBJVZJ-3EZ5KWEi.js.gz +0 -0
  258. package/dist/ui/assets/{sankeyDiagram-TZEHDZUN-MXhIjhme.js → sankeyDiagram-TZEHDZUN-D0qcydqq.js} +1 -1
  259. package/dist/ui/assets/sankeyDiagram-TZEHDZUN-D0qcydqq.js.gz +0 -0
  260. package/dist/ui/assets/{sequenceDiagram-WL72ISMW-Cm53TYug.js → sequenceDiagram-WL72ISMW-BCR5gaaN.js} +1 -1
  261. package/dist/ui/assets/sequenceDiagram-WL72ISMW-BCR5gaaN.js.gz +0 -0
  262. package/dist/ui/assets/{stateDiagram-FKZM4ZOC-BVuxUkj5.js → stateDiagram-FKZM4ZOC-BvX4FLQ9.js} +1 -1
  263. package/dist/ui/assets/stateDiagram-FKZM4ZOC-BvX4FLQ9.js.gz +0 -0
  264. package/dist/ui/assets/stateDiagram-v2-4FDKWEC3-CxLDvgTF.js +1 -0
  265. package/dist/ui/assets/{timeline-definition-IT6M3QCI-CMypNiEP.js → timeline-definition-IT6M3QCI-_AWp5LJn.js} +1 -1
  266. package/dist/ui/assets/timeline-definition-IT6M3QCI-_AWp5LJn.js.gz +0 -0
  267. package/dist/ui/assets/{treemap-KMMF4GRG-BEtnV3BT.js → treemap-KMMF4GRG-BZ9FBl5-.js} +1 -1
  268. package/dist/ui/assets/treemap-KMMF4GRG-BZ9FBl5-.js.gz +0 -0
  269. package/dist/ui/assets/{xychartDiagram-PRI3JC2R-BnioEYUM.js → xychartDiagram-PRI3JC2R-_wB7yuVd.js} +1 -1
  270. package/dist/ui/assets/xychartDiagram-PRI3JC2R-_wB7yuVd.js.gz +0 -0
  271. package/dist/ui/index.html +1 -1
  272. package/package.json +8 -8
  273. package/dist/ui/assets/_basePickBy-DfxojsEt.js.gz +0 -0
  274. package/dist/ui/assets/_baseUniq-DWFPJOTC.js.gz +0 -0
  275. package/dist/ui/assets/arc-vMZ_XGSI.js.gz +0 -0
  276. package/dist/ui/assets/architectureDiagram-VXUJARFQ-DGpk_uOD.js.gz +0 -0
  277. package/dist/ui/assets/blockDiagram-VD42YOAC-BkRnxc94.js.gz +0 -0
  278. package/dist/ui/assets/channel-B9aI4bYN.js +0 -1
  279. package/dist/ui/assets/chunk-B4BG7PRW-DtkeCZab.js.gz +0 -0
  280. package/dist/ui/assets/chunk-DI55MBZ5-BQ_asW-1.js.gz +0 -0
  281. package/dist/ui/assets/chunk-TZMSLE5B-DlPypnIq.js.gz +0 -0
  282. package/dist/ui/assets/classDiagram-2ON5EDUG-p-68WO4Z.js +0 -1
  283. package/dist/ui/assets/classDiagram-v2-WZHVMYZB-p-68WO4Z.js +0 -1
  284. package/dist/ui/assets/clone-DzK5ogfn.js +0 -1
  285. package/dist/ui/assets/consoleHook-59e792cb-DHYIclEd.js.gz +0 -0
  286. package/dist/ui/assets/cose-bilkent-S5V4N54A-DotJH9qH.js.gz +0 -0
  287. package/dist/ui/assets/dagre-6UL2VRFP-Btssr8QF.js.gz +0 -0
  288. package/dist/ui/assets/diagram-PSM6KHXK-D5_Jkog3.js.gz +0 -0
  289. package/dist/ui/assets/diagram-QEK2KX5R-DlPEVSL5.js.gz +0 -0
  290. package/dist/ui/assets/diagram-S2PKOQOG-CjO1k8aG.js.gz +0 -0
  291. package/dist/ui/assets/erDiagram-Q2GNP2WA-3cO02-K3.js.gz +0 -0
  292. package/dist/ui/assets/flowDiagram-NV44I4VS-CajTpSxI.js.gz +0 -0
  293. package/dist/ui/assets/gitGraphDiagram-NY62KEGX-CH16bg-j.js.gz +0 -0
  294. package/dist/ui/assets/graph-IQoZvE3o.js.gz +0 -0
  295. package/dist/ui/assets/index-599aeaf7-RUCkgwsg.js.gz +0 -0
  296. package/dist/ui/assets/index-B3AvIgqP.js.gz +0 -0
  297. package/dist/ui/assets/index-C-quzPWC.js.gz +0 -0
  298. package/dist/ui/assets/index-ChmRuj_T.js.gz +0 -0
  299. package/dist/ui/assets/index-QV5-5yA2.js.gz +0 -0
  300. package/dist/ui/assets/journeyDiagram-XKPGCS4Q-B5bgV3GH.js.gz +0 -0
  301. package/dist/ui/assets/kanban-definition-3W4ZIXB7-Bp-aWRSc.js.gz +0 -0
  302. package/dist/ui/assets/katex-DGRguze2.css +0 -1
  303. package/dist/ui/assets/layout-BH-2XJZq.js.gz +0 -0
  304. package/dist/ui/assets/linear-DCYXhl_f.js.gz +0 -0
  305. package/dist/ui/assets/mermaid.core-BAuL6kgQ.js.gz +0 -0
  306. package/dist/ui/assets/mindmap-definition-VGOIOE7T-DpH5N-N0.js.gz +0 -0
  307. package/dist/ui/assets/pieDiagram-ADFJNKIX-BB8fBxj1.js.gz +0 -0
  308. package/dist/ui/assets/quadrantDiagram-AYHSOK5B-D6oZLdUD.js.gz +0 -0
  309. package/dist/ui/assets/requirementDiagram-UZGBJVZJ-B4uGPp8w.js.gz +0 -0
  310. package/dist/ui/assets/sankeyDiagram-TZEHDZUN-MXhIjhme.js.gz +0 -0
  311. package/dist/ui/assets/sequenceDiagram-WL72ISMW-Cm53TYug.js.gz +0 -0
  312. package/dist/ui/assets/stateDiagram-FKZM4ZOC-BVuxUkj5.js.gz +0 -0
  313. package/dist/ui/assets/stateDiagram-v2-4FDKWEC3-8Jeww6Dc.js +0 -1
  314. package/dist/ui/assets/timeline-definition-IT6M3QCI-CMypNiEP.js.gz +0 -0
  315. package/dist/ui/assets/treemap-KMMF4GRG-BEtnV3BT.js.gz +0 -0
  316. package/dist/ui/assets/xychartDiagram-PRI3JC2R-BnioEYUM.js.gz +0 -0
@@ -57,6 +57,59 @@ async function resolveResourceMetadataUrl(wwwAuthenticateHeader, mcpUrl) {
57
57
  }
58
58
  return null;
59
59
  }
60
+ async function discoverAuthorizationServerFromMcpOrigin(mcpUrl) {
61
+ const url = new URL(mcpUrl);
62
+ const origin = url.origin;
63
+ const path = url.pathname === "/" ? "" : url.pathname.replace(/\/$/, "");
64
+ const candidates = [];
65
+ if (path) {
66
+ candidates.push(`${origin}/.well-known/oauth-authorization-server${path}`);
67
+ }
68
+ candidates.push(`${origin}/.well-known/oauth-authorization-server`);
69
+ if (path) {
70
+ candidates.push(`${origin}${path}/.well-known/openid-configuration`);
71
+ }
72
+ candidates.push(`${origin}/.well-known/openid-configuration`);
73
+ const unique = Array.from(new Set(candidates));
74
+ for (const candidate of unique) {
75
+ try {
76
+ console.log("[MCP OAuth] Trying AS-direct discovery:", candidate);
77
+ const response = await fetch(candidate, { signal: AbortSignal.timeout(1e4) });
78
+ if (!response.ok) continue;
79
+ const data = await response.json();
80
+ if (typeof data.authorization_endpoint === "string" && typeof data.token_endpoint === "string") {
81
+ console.log("[MCP OAuth] \u2713 Discovered AS metadata at:", candidate);
82
+ return {
83
+ metadata: data,
84
+ discoveredAt: candidate
85
+ };
86
+ }
87
+ } catch (err) {
88
+ console.log(
89
+ "[MCP OAuth] AS-direct discovery failed for",
90
+ candidate,
91
+ ":",
92
+ err instanceof Error ? err.message : String(err)
93
+ );
94
+ }
95
+ }
96
+ return null;
97
+ }
98
+ async function resolveMCPOAuthDiscovery(wwwAuthenticateHeader, mcpUrl) {
99
+ const rfc9728 = await resolveResourceMetadataUrl(wwwAuthenticateHeader, mcpUrl);
100
+ if (rfc9728) {
101
+ return { kind: "resource-metadata", ...rfc9728 };
102
+ }
103
+ const asDirect = await discoverAuthorizationServerFromMcpOrigin(mcpUrl);
104
+ if (asDirect) {
105
+ return {
106
+ kind: "authorization-server",
107
+ authServerMetadata: asDirect.metadata,
108
+ discoveredAt: asDirect.discoveredAt
109
+ };
110
+ }
111
+ return null;
112
+ }
60
113
  async function fetchResourceMetadata(metadataUrl) {
61
114
  const response = await fetch(metadataUrl, { signal: AbortSignal.timeout(15e3) });
62
115
  if (!response.ok) {
@@ -486,101 +539,72 @@ function getAuthCodeTokenCacheStats() {
486
539
  expiredEntries
487
540
  };
488
541
  }
489
- async function startMCPOAuthFlow(wwwAuthenticateHeader, clientId, redirectUri, options) {
490
- console.log("[MCP OAuth] Starting two-phase OAuth 2.1 flow");
491
- const metadataUrl = parseWWWAuthenticate(wwwAuthenticateHeader) || options?.resourceMetadataUrl;
492
- if (!metadataUrl) {
493
- throw new Error(
494
- "Could not determine OAuth resource metadata URL. The WWW-Authenticate header does not contain resource_metadata, and no pre-discovered metadata URL was provided."
495
- );
496
- }
497
- console.log("[MCP OAuth] Resource metadata URL:", metadataUrl);
498
- const resourceMetadata = await fetchResourceMetadata(metadataUrl);
499
- console.log("[MCP OAuth] Resource metadata:", resourceMetadata);
500
- if (!resourceMetadata.authorization_servers || resourceMetadata.authorization_servers.length === 0) {
501
- throw new Error("No authorization servers found in resource metadata");
502
- }
503
- const authServerUrl = resourceMetadata.authorization_servers[0];
504
- console.log("[MCP OAuth] Authorization server:", authServerUrl);
505
- const hasFullOverrides = options?.authorizationUrlOverride && options?.tokenUrlOverride;
506
- let authServerMetadata = null;
507
- if (hasFullOverrides) {
508
- console.log("[MCP OAuth] Skipping auth server metadata fetch \u2014 manual overrides provided:", {
509
- authorization: options.authorizationUrlOverride,
510
- token: options.tokenUrlOverride
511
- });
512
- } else {
513
- try {
514
- authServerMetadata = await fetchAuthorizationServerMetadata(authServerUrl);
515
- console.log("[MCP OAuth] Authorization server metadata:", authServerMetadata);
516
- } catch (metadataError) {
517
- if (options?.authorizationUrlOverride || options?.tokenUrlOverride) {
518
- console.log(
519
- "[MCP OAuth] Auth server metadata fetch failed, but partial overrides available:",
520
- metadataError instanceof Error ? metadataError.message : String(metadataError)
521
- );
522
- } else {
523
- throw metadataError;
524
- }
525
- }
526
- }
542
+ async function startMCPOAuthFlowWithAS(opts) {
543
+ const {
544
+ authServerMetadata,
545
+ cacheKey,
546
+ clientId,
547
+ redirectUri,
548
+ authorizationUrlOverride,
549
+ tokenUrlOverride,
550
+ fallbackRegistrationEndpoint,
551
+ resourceScopesSupported
552
+ } = opts;
553
+ const hasFullOverrides = !!(authorizationUrlOverride && tokenUrlOverride);
527
554
  const pkce = generatePKCE();
528
555
  const actualRedirectUri = redirectUri || "http://127.0.0.1:0/oauth/callback";
529
- const scopeString = options?.scope ? options.scope : !clientId && resourceMetadata.scopes_supported && resourceMetadata.scopes_supported.length > 0 ? resourceMetadata.scopes_supported.join(" ") : void 0;
556
+ const scopeString = opts.scope ? opts.scope : !clientId && resourceScopesSupported && resourceScopesSupported.length > 0 ? resourceScopesSupported.join(" ") : void 0;
530
557
  let actualClientId = clientId;
531
- let clientSecret = options?.clientSecret;
558
+ let resolvedClientSecret = opts.clientSecret;
532
559
  if (!actualClientId) {
533
- if (authServerMetadata?.registration_endpoint) {
534
- console.log("[MCP OAuth] Server supports Dynamic Client Registration");
535
- const registration = await registerDynamicClient(
536
- authServerMetadata.registration_endpoint,
537
- actualRedirectUri,
538
- "Agor MCP Client",
539
- scopeString
540
- );
541
- actualClientId = registration.client_id;
542
- clientSecret = registration.client_secret;
543
- } else if (!hasFullOverrides) {
544
- const mcpRegisterEndpoint = `${authServerUrl}/register`;
545
- console.log("[MCP OAuth] Trying MCP-style registration endpoint:", mcpRegisterEndpoint);
560
+ const registrationEndpoint = authServerMetadata?.registration_endpoint || fallbackRegistrationEndpoint;
561
+ if (registrationEndpoint) {
562
+ console.log("[MCP OAuth] Using DCR endpoint:", registrationEndpoint);
546
563
  try {
547
564
  const registration = await registerDynamicClient(
548
- mcpRegisterEndpoint,
565
+ registrationEndpoint,
549
566
  actualRedirectUri,
550
567
  "Agor MCP Client",
551
568
  scopeString
552
569
  );
553
570
  actualClientId = registration.client_id;
554
- clientSecret = registration.client_secret;
555
- } catch (_regError) {
571
+ resolvedClientSecret = registration.client_secret;
572
+ } catch (regError) {
573
+ const detail = regError instanceof Error ? regError.message : String(regError);
556
574
  throw new Error(
557
- "OAuth client_id is required but the authorization server does not support Dynamic Client Registration.\n\nRegister an OAuth app in the provider's developer portal and enter the Client ID (and Client Secret if required) in the MCP server configuration."
575
+ `Dynamic Client Registration failed.
576
+
577
+ Registration endpoint: ${registrationEndpoint}
578
+ Error: ${detail}
579
+
580
+ Register an OAuth app in the provider's developer portal and enter the Client ID (and Client Secret if required) in the MCP server configuration.`
558
581
  );
559
582
  }
560
- } else {
583
+ } else if (hasFullOverrides) {
561
584
  throw new Error(
562
585
  "OAuth client_id is required when using manual OAuth URL overrides.\n\nPlease provide a client_id in the MCP server configuration."
563
586
  );
587
+ } else {
588
+ throw new Error(
589
+ "OAuth client_id is required but the authorization server does not advertise a Dynamic Client Registration endpoint (RFC 7591).\n\nRegister an OAuth app in the provider's developer portal and enter the Client ID (and Client Secret if required) in the MCP server configuration."
590
+ );
564
591
  }
565
592
  }
566
593
  const state = crypto.randomUUID();
567
- const tokenEndpoint = options?.tokenUrlOverride || authServerMetadata?.token_endpoint;
594
+ const tokenEndpoint = tokenUrlOverride || authServerMetadata?.token_endpoint;
568
595
  if (!tokenEndpoint) {
569
596
  throw new Error(
570
597
  "No token endpoint available. Either provide oauth_token_url in the MCP server config, or ensure the authorization server supports RFC 8414 metadata discovery."
571
598
  );
572
599
  }
573
- console.log("[MCP OAuth] Using token endpoint:", tokenEndpoint);
574
- if (options?.tokenUrlOverride) {
575
- console.log("[MCP OAuth] (overridden from:", authServerMetadata?.token_endpoint, ")");
576
- }
577
- const authorizationEndpoint = options?.authorizationUrlOverride || authServerMetadata?.authorization_endpoint;
600
+ const authorizationEndpoint = authorizationUrlOverride || authServerMetadata?.authorization_endpoint;
578
601
  if (!authorizationEndpoint) {
579
602
  throw new Error(
580
603
  "No authorization endpoint available. Either provide oauth_authorization_url in the MCP server config, or ensure the authorization server supports RFC 8414 metadata discovery."
581
604
  );
582
605
  }
583
606
  console.log("[MCP OAuth] Using authorization endpoint:", authorizationEndpoint);
607
+ console.log("[MCP OAuth] Using token endpoint:", tokenEndpoint);
584
608
  const authUrl = new URL(authorizationEndpoint);
585
609
  authUrl.searchParams.set("response_type", "code");
586
610
  authUrl.searchParams.set("client_id", actualClientId);
@@ -593,16 +617,88 @@ async function startMCPOAuthFlow(wwwAuthenticateHeader, clientId, redirectUri, o
593
617
  }
594
618
  console.log("[MCP OAuth] Authorization URL:", authUrl.toString());
595
619
  return {
596
- metadataUrl,
620
+ metadataUrl: cacheKey,
597
621
  tokenEndpoint,
598
622
  redirectUri: actualRedirectUri,
599
623
  pkceVerifier: pkce.verifier,
600
624
  clientId: actualClientId,
601
- clientSecret,
625
+ clientSecret: resolvedClientSecret,
602
626
  state,
603
627
  authorizationUrl: authUrl.toString()
604
628
  };
605
629
  }
630
+ async function startMCPOAuthFlow(wwwAuthenticateHeader, clientId, redirectUri, options) {
631
+ console.log("[MCP OAuth] Starting two-phase OAuth 2.1 flow");
632
+ if (options?.prefetchedAuthServerMetadata) {
633
+ if (!options.cacheKey) {
634
+ throw new Error(
635
+ "startMCPOAuthFlow: cacheKey is required when prefetchedAuthServerMetadata is provided (typically pass the MCP server URL)."
636
+ );
637
+ }
638
+ console.log(
639
+ "[MCP OAuth] Using prefetched AS metadata (RFC 9728 skipped):",
640
+ options.prefetchedAuthServerMetadata
641
+ );
642
+ return startMCPOAuthFlowWithAS({
643
+ authServerMetadata: options.prefetchedAuthServerMetadata,
644
+ cacheKey: options.cacheKey,
645
+ clientId,
646
+ redirectUri,
647
+ authorizationUrlOverride: options.authorizationUrlOverride,
648
+ tokenUrlOverride: options.tokenUrlOverride,
649
+ clientSecret: options.clientSecret,
650
+ scope: options.scope
651
+ });
652
+ }
653
+ const metadataUrl = parseWWWAuthenticate(wwwAuthenticateHeader) || options?.resourceMetadataUrl;
654
+ if (!metadataUrl) {
655
+ throw new Error(
656
+ "Could not determine OAuth resource metadata URL. The WWW-Authenticate header does not contain resource_metadata, and no pre-discovered metadata URL was provided."
657
+ );
658
+ }
659
+ console.log("[MCP OAuth] Resource metadata URL:", metadataUrl);
660
+ const resourceMetadata = await fetchResourceMetadata(metadataUrl);
661
+ console.log("[MCP OAuth] Resource metadata:", resourceMetadata);
662
+ if (!resourceMetadata.authorization_servers || resourceMetadata.authorization_servers.length === 0) {
663
+ throw new Error("No authorization servers found in resource metadata");
664
+ }
665
+ const authServerUrl = resourceMetadata.authorization_servers[0];
666
+ console.log("[MCP OAuth] Authorization server:", authServerUrl);
667
+ const hasFullOverrides = options?.authorizationUrlOverride && options?.tokenUrlOverride;
668
+ let authServerMetadata = null;
669
+ if (hasFullOverrides) {
670
+ console.log("[MCP OAuth] Skipping auth server metadata fetch \u2014 manual overrides provided:", {
671
+ authorization: options.authorizationUrlOverride,
672
+ token: options.tokenUrlOverride
673
+ });
674
+ } else {
675
+ try {
676
+ authServerMetadata = await fetchAuthorizationServerMetadata(authServerUrl);
677
+ console.log("[MCP OAuth] Authorization server metadata:", authServerMetadata);
678
+ } catch (metadataError) {
679
+ if (options?.authorizationUrlOverride || options?.tokenUrlOverride) {
680
+ console.log(
681
+ "[MCP OAuth] Auth server metadata fetch failed, but partial overrides available:",
682
+ metadataError instanceof Error ? metadataError.message : String(metadataError)
683
+ );
684
+ } else {
685
+ throw metadataError;
686
+ }
687
+ }
688
+ }
689
+ return startMCPOAuthFlowWithAS({
690
+ authServerMetadata,
691
+ cacheKey: metadataUrl,
692
+ clientId,
693
+ redirectUri,
694
+ authorizationUrlOverride: options?.authorizationUrlOverride,
695
+ tokenUrlOverride: options?.tokenUrlOverride,
696
+ clientSecret: options?.clientSecret,
697
+ scope: options?.scope,
698
+ fallbackRegistrationEndpoint: hasFullOverrides ? void 0 : `${authServerUrl}/register`,
699
+ resourceScopesSupported: resourceMetadata.scopes_supported
700
+ });
701
+ }
606
702
  async function completeMCPOAuthFlow(context, code, state) {
607
703
  console.log("[MCP OAuth] Completing OAuth flow with authorization code");
608
704
  console.log("[MCP OAuth] Token endpoint:", context.tokenEndpoint);
@@ -661,12 +757,15 @@ function parseOAuthCallback(callbackUrl) {
661
757
  export {
662
758
  clearAuthCodeTokenCache,
663
759
  completeMCPOAuthFlow,
760
+ discoverAuthorizationServerFromMcpOrigin,
664
761
  discoverResourceMetadataUrl,
762
+ fetchAuthorizationServerMetadata,
665
763
  getAuthCodeTokenCacheStats,
666
764
  getCachedOAuth21Token,
667
765
  isOAuthRequired,
668
766
  parseOAuthCallback,
669
767
  performMCPOAuthFlow,
768
+ resolveMCPOAuthDiscovery,
670
769
  resolveResourceMetadataUrl,
671
770
  startMCPOAuthFlow
672
771
  };
@@ -48,26 +48,6 @@ var init_id = __esm({
48
48
  }
49
49
  });
50
50
 
51
- // src/lib/ids.ts
52
- function generateId() {
53
- return (0, import_uuid.v7)();
54
- }
55
- function shortId(uuid, length = 8) {
56
- return toShortId(uuid, length);
57
- }
58
- function formatShortId(uuid, length = 8) {
59
- return shortId(uuid, length);
60
- }
61
- var import_uuid;
62
- var init_ids = __esm({
63
- "src/lib/ids.ts"() {
64
- "use strict";
65
- init_cjs_shims();
66
- import_uuid = require("uuid");
67
- init_id();
68
- }
69
- });
70
-
71
51
  // src/db/database-wrapper.ts
72
52
  function isSQLiteDatabase(db) {
73
53
  return "run" in db && typeof db.run === "function";
@@ -520,6 +500,7 @@ var init_schema_postgres = __esm({
520
500
  completed_at: t.timestamp("completed_at"),
521
501
  status: (0, import_pg_core.text)("status", {
522
502
  enum: [
503
+ "queued",
523
504
  "created",
524
505
  "running",
525
506
  "stopping",
@@ -531,6 +512,8 @@ var init_schema_postgres = __esm({
531
512
  "stopped"
532
513
  ]
533
514
  }).notNull(),
515
+ // Queue position (lower drains first); only populated for status='queued'
516
+ queue_position: (0, import_pg_core.integer)("queue_position"),
534
517
  // User attribution
535
518
  created_by: (0, import_pg_core.varchar)("created_by", { length: 36 }).notNull().default("anonymous"),
536
519
  // MD5 of SDK session file at task completion (only populated when stateless_fs_mode is enabled)
@@ -540,7 +523,12 @@ var init_schema_postgres = __esm({
540
523
  (table) => ({
541
524
  sessionIdx: (0, import_pg_core.index)("tasks_session_idx").on(table.session_id),
542
525
  statusIdx: (0, import_pg_core.index)("tasks_status_idx").on(table.status),
543
- createdIdx: (0, import_pg_core.index)("tasks_created_idx").on(table.created_at)
526
+ createdIdx: (0, import_pg_core.index)("tasks_created_idx").on(table.created_at),
527
+ queueIdx: (0, import_pg_core.index)("tasks_queue_idx").on(table.session_id, table.status, table.queue_position),
528
+ // Partial unique index — defense-in-depth for `tasks.createPending` race
529
+ // serialization. Only QUEUED rows are constrained; CREATED/RUNNING/done
530
+ // rows have NULL queue_position and are unaffected.
531
+ queuedPositionUnique: (0, import_pg_core.uniqueIndex)("tasks_queued_position_unique").on(table.session_id, table.queue_position).where(import_drizzle_orm2.sql`${table.status} = 'queued'`)
544
532
  })
545
533
  );
546
534
  serializedSessions = (0, import_pg_core.pgTable)(
@@ -600,11 +588,9 @@ var init_schema_postgres = __esm({
600
588
  // First 200 chars for list views
601
589
  // Parent tool use ID (for nested tool calls - e.g., Task tool spawning Read/Grep)
602
590
  parent_tool_use_id: (0, import_pg_core.text)("parent_tool_use_id"),
603
- // Message queueing fields
604
- status: (0, import_pg_core.text)("status", { enum: ["queued"] }),
605
- // 'queued' or null (normal message)
606
- queue_position: (0, import_pg_core.integer)("queue_position"),
607
- // Position in queue (1, 2, 3, ...)
591
+ // NOTE: queueing moved off `messages` and onto `tasks.status='queued'` as
592
+ // of migration sqlite/0040 (postgres/0030). The legacy `status` and
593
+ // `queue_position` columns are gone — see `tasks.queue_position` instead.
608
594
  // Full data (JSON blob)
609
595
  data: t.json("data").$type().notNull()
610
596
  },
@@ -612,8 +598,7 @@ var init_schema_postgres = __esm({
612
598
  // Indexes for efficient lookups
613
599
  sessionIdx: (0, import_pg_core.index)("messages_session_id_idx").on(table.session_id),
614
600
  taskIdx: (0, import_pg_core.index)("messages_task_id_idx").on(table.task_id),
615
- sessionIndexIdx: (0, import_pg_core.index)("messages_session_index_idx").on(table.session_id, table.index),
616
- queueIdx: (0, import_pg_core.index)("messages_queue_idx").on(table.session_id, table.status, table.queue_position)
601
+ sessionIndexIdx: (0, import_pg_core.index)("messages_session_index_idx").on(table.session_id, table.index)
617
602
  })
618
603
  );
619
604
  boards = (0, import_pg_core.pgTable)(
@@ -1250,6 +1235,7 @@ var init_schema_sqlite = __esm({
1250
1235
  completed_at: t2.timestamp("completed_at"),
1251
1236
  status: (0, import_sqlite_core.text)("status", {
1252
1237
  enum: [
1238
+ "queued",
1253
1239
  "created",
1254
1240
  "running",
1255
1241
  "stopping",
@@ -1261,6 +1247,8 @@ var init_schema_sqlite = __esm({
1261
1247
  "stopped"
1262
1248
  ]
1263
1249
  }).notNull(),
1250
+ // Queue position (lower drains first); only populated for status='queued'
1251
+ queue_position: (0, import_sqlite_core.integer)("queue_position"),
1264
1252
  // User attribution
1265
1253
  created_by: (0, import_sqlite_core.text)("created_by", { length: 36 }).notNull().default("anonymous"),
1266
1254
  // MD5 of SDK session file at task completion (only populated when stateless_fs_mode is enabled)
@@ -1270,7 +1258,12 @@ var init_schema_sqlite = __esm({
1270
1258
  (table) => ({
1271
1259
  sessionIdx: (0, import_sqlite_core.index)("tasks_session_idx").on(table.session_id),
1272
1260
  statusIdx: (0, import_sqlite_core.index)("tasks_status_idx").on(table.status),
1273
- createdIdx: (0, import_sqlite_core.index)("tasks_created_idx").on(table.created_at)
1261
+ createdIdx: (0, import_sqlite_core.index)("tasks_created_idx").on(table.created_at),
1262
+ queueIdx: (0, import_sqlite_core.index)("tasks_queue_idx").on(table.session_id, table.status, table.queue_position),
1263
+ // Partial unique index — defense-in-depth for `tasks.createPending` race
1264
+ // serialization. Only QUEUED rows are constrained; CREATED/RUNNING/done
1265
+ // rows have NULL queue_position and are unaffected.
1266
+ queuedPositionUnique: (0, import_sqlite_core.uniqueIndex)("tasks_queued_position_unique").on(table.session_id, table.queue_position).where(import_drizzle_orm3.sql`${table.status} = 'queued'`)
1274
1267
  })
1275
1268
  );
1276
1269
  serializedSessions2 = (0, import_sqlite_core.sqliteTable)(
@@ -1330,11 +1323,9 @@ var init_schema_sqlite = __esm({
1330
1323
  // First 200 chars for list views
1331
1324
  // Parent tool use ID (for nested tool calls - e.g., Task tool spawning Read/Grep)
1332
1325
  parent_tool_use_id: (0, import_sqlite_core.text)("parent_tool_use_id"),
1333
- // Message queueing fields
1334
- status: (0, import_sqlite_core.text)("status", { enum: ["queued"] }),
1335
- // 'queued' or null (normal message)
1336
- queue_position: (0, import_sqlite_core.integer)("queue_position"),
1337
- // Position in queue (1, 2, 3, ...)
1326
+ // NOTE: queueing moved off `messages` and onto `tasks.status='queued'` as
1327
+ // of migration sqlite/0040 (postgres/0030). The legacy `status` and
1328
+ // `queue_position` columns are gone — see `tasks.queue_position` instead.
1338
1329
  // Full data (JSON blob)
1339
1330
  data: t2.json("data").$type().notNull()
1340
1331
  },
@@ -1342,8 +1333,7 @@ var init_schema_sqlite = __esm({
1342
1333
  // Indexes for efficient lookups
1343
1334
  sessionIdx: (0, import_sqlite_core.index)("messages_session_id_idx").on(table.session_id),
1344
1335
  taskIdx: (0, import_sqlite_core.index)("messages_task_id_idx").on(table.task_id),
1345
- sessionIndexIdx: (0, import_sqlite_core.index)("messages_session_index_idx").on(table.session_id, table.index),
1346
- queueIdx: (0, import_sqlite_core.index)("messages_queue_idx").on(table.session_id, table.status, table.queue_position)
1336
+ sessionIndexIdx: (0, import_sqlite_core.index)("messages_session_index_idx").on(table.session_id, table.index)
1347
1337
  })
1348
1338
  );
1349
1339
  boards2 = (0, import_sqlite_core.sqliteTable)(
@@ -2068,7 +2058,22 @@ init_cjs_shims();
2068
2058
  // src/db/repositories/artifacts.ts
2069
2059
  init_cjs_shims();
2070
2060
  var import_drizzle_orm4 = require("drizzle-orm");
2071
- init_ids();
2061
+
2062
+ // src/lib/ids.ts
2063
+ init_cjs_shims();
2064
+ var import_uuid = require("uuid");
2065
+ init_id();
2066
+ function generateId() {
2067
+ return (0, import_uuid.v7)();
2068
+ }
2069
+ function shortId(uuid, length = 8) {
2070
+ return toShortId(uuid, length);
2071
+ }
2072
+ function formatShortId(uuid, length = 8) {
2073
+ return shortId(uuid, length);
2074
+ }
2075
+
2076
+ // src/db/repositories/artifacts.ts
2072
2077
  init_database_wrapper();
2073
2078
  init_schema();
2074
2079
 
@@ -2104,14 +2109,12 @@ var AmbiguousIdError = class extends RepositoryError {
2104
2109
  // src/db/repositories/board-comments.ts
2105
2110
  init_cjs_shims();
2106
2111
  var import_drizzle_orm5 = require("drizzle-orm");
2107
- init_ids();
2108
2112
  init_database_wrapper();
2109
2113
  init_schema();
2110
2114
 
2111
2115
  // src/db/repositories/board-objects.ts
2112
2116
  init_cjs_shims();
2113
2117
  var import_drizzle_orm6 = require("drizzle-orm");
2114
- init_ids();
2115
2118
 
2116
2119
  // src/utils/board-placement.ts
2117
2120
  init_cjs_shims();
@@ -2126,14 +2129,12 @@ init_types();
2126
2129
  var import_drizzle_orm7 = require("drizzle-orm");
2127
2130
  var yaml2 = __toESM(require("js-yaml"), 1);
2128
2131
  init_config_manager();
2129
- init_ids();
2130
2132
 
2131
2133
  // src/lib/slugs.ts
2132
2134
  init_cjs_shims();
2133
2135
 
2134
2136
  // src/utils/url.ts
2135
2137
  init_cjs_shims();
2136
- init_ids();
2137
2138
 
2138
2139
  // src/db/repositories/boards.ts
2139
2140
  init_database_wrapper();
@@ -2142,21 +2143,18 @@ init_schema();
2142
2143
  // src/db/repositories/card-types.ts
2143
2144
  init_cjs_shims();
2144
2145
  var import_drizzle_orm8 = require("drizzle-orm");
2145
- init_ids();
2146
2146
  init_database_wrapper();
2147
2147
  init_schema();
2148
2148
 
2149
2149
  // src/db/repositories/cards.ts
2150
2150
  init_cjs_shims();
2151
2151
  var import_drizzle_orm9 = require("drizzle-orm");
2152
- init_ids();
2153
2152
  init_database_wrapper();
2154
2153
  init_schema();
2155
2154
 
2156
2155
  // src/db/repositories/gateway-channels.ts
2157
2156
  init_cjs_shims();
2158
2157
  var import_drizzle_orm10 = require("drizzle-orm");
2159
- init_ids();
2160
2158
  init_database_wrapper();
2161
2159
 
2162
2160
  // src/db/encryption.ts
@@ -2169,7 +2167,6 @@ init_schema();
2169
2167
  // src/db/repositories/mcp-servers.ts
2170
2168
  init_cjs_shims();
2171
2169
  var import_drizzle_orm11 = require("drizzle-orm");
2172
- init_ids();
2173
2170
  init_database_wrapper();
2174
2171
  init_schema();
2175
2172
  var MCPServerRepository = class {
@@ -2433,7 +2430,6 @@ var dump2 = import_js_yaml2.default.dump;
2433
2430
  var YAMLException = import_js_yaml2.default.YAMLException;
2434
2431
 
2435
2432
  // src/db/repositories/repos.ts
2436
- init_ids();
2437
2433
  init_database_wrapper();
2438
2434
  init_schema();
2439
2435
 
@@ -2443,7 +2439,6 @@ init_cjs_shims();
2443
2439
  // src/db/repositories/serialized-sessions.ts
2444
2440
  init_cjs_shims();
2445
2441
  var import_drizzle_orm14 = require("drizzle-orm");
2446
- init_ids();
2447
2442
  init_database_wrapper();
2448
2443
  init_schema();
2449
2444
 
@@ -2464,7 +2459,6 @@ init_cjs_shims();
2464
2459
  init_types();
2465
2460
  var import_drizzle_orm16 = require("drizzle-orm");
2466
2461
  init_config_manager();
2467
- init_ids();
2468
2462
  init_database_wrapper();
2469
2463
  init_schema();
2470
2464
 
@@ -2472,14 +2466,12 @@ init_schema();
2472
2466
  init_cjs_shims();
2473
2467
  init_types();
2474
2468
  var import_drizzle_orm18 = require("drizzle-orm");
2475
- init_ids();
2476
2469
  init_database_wrapper();
2477
2470
  init_schema();
2478
2471
 
2479
2472
  // src/db/repositories/thread-session-map.ts
2480
2473
  init_cjs_shims();
2481
2474
  var import_drizzle_orm19 = require("drizzle-orm");
2482
- init_ids();
2483
2475
  init_database_wrapper();
2484
2476
  init_schema();
2485
2477
 
@@ -2488,7 +2480,6 @@ init_cjs_shims();
2488
2480
  var import_node_crypto2 = require("crypto");
2489
2481
  var import_bcryptjs = __toESM(require("bcryptjs"), 1);
2490
2482
  var import_drizzle_orm20 = require("drizzle-orm");
2491
- init_ids();
2492
2483
  init_database_wrapper();
2493
2484
  init_schema();
2494
2485
 
@@ -2664,6 +2655,7 @@ var UserMCPOAuthTokenRepository = class {
2664
2655
 
2665
2656
  // src/db/repositories/users.ts
2666
2657
  init_cjs_shims();
2658
+ init_types();
2667
2659
  var import_drizzle_orm22 = require("drizzle-orm");
2668
2660
 
2669
2661
  // src/config/env-vars.ts
@@ -2672,7 +2664,6 @@ var V05_SCOPES = ["global", "session"];
2672
2664
  var V05_SCOPE_SET = new Set(V05_SCOPES);
2673
2665
 
2674
2666
  // src/db/repositories/users.ts
2675
- init_ids();
2676
2667
  init_database_wrapper();
2677
2668
  init_schema();
2678
2669
 
@@ -2680,7 +2671,6 @@ init_schema();
2680
2671
  init_cjs_shims();
2681
2672
  init_types();
2682
2673
  var import_drizzle_orm23 = require("drizzle-orm");
2683
- init_ids();
2684
2674
  init_database_wrapper();
2685
2675
  init_schema();
2686
2676
 
@@ -1,15 +1,15 @@
1
- import { j as Database } from '../../client-B5PyIvNc.cjs';
1
+ import { j as Database } from '../../client-CemqXk0v.cjs';
2
2
  import { f as UserID } from '../../id-CoIbY_uc.cjs';
3
3
  import { h as MCPServerID } from '../../mcp-DC7GLAg2.cjs';
4
4
  import 'drizzle-orm/libsql';
5
5
  import 'drizzle-orm/postgres-js';
6
6
  import 'drizzle-orm';
7
- import '../../message-DinITA7a.cjs';
7
+ import '../../message-CSWOsdcZ.cjs';
8
8
  import '../../agentic-tool-BulhIUGb.cjs';
9
9
  import '../../board-D7SnPqp-.cjs';
10
10
  import '../../session-MNU4BQv4.cjs';
11
11
  import '../../context-BpkCELpO.cjs';
12
- import '../../task-wht1RJEL.cjs';
12
+ import '../../task-C2Hy7H6u.cjs';
13
13
  import 'drizzle-orm/pg-core';
14
14
  import 'drizzle-orm/sqlite-core';
15
15
 
@@ -1,15 +1,15 @@
1
- import { j as Database } from '../../client-C1CsRi19.js';
1
+ import { j as Database } from '../../client-uYEOha6g.js';
2
2
  import { f as UserID } from '../../id-CoIbY_uc.js';
3
3
  import { h as MCPServerID } from '../../mcp-z5v19H-r.js';
4
4
  import 'drizzle-orm/libsql';
5
5
  import 'drizzle-orm/postgres-js';
6
6
  import 'drizzle-orm';
7
- import '../../message-CHUUP6OS.js';
7
+ import '../../message-DZa8g0s0.js';
8
8
  import '../../agentic-tool-cYqsU5i5.js';
9
9
  import '../../board-D3YJ0_ih.js';
10
10
  import '../../session-CAfhv1qL.js';
11
11
  import '../../context-BpkCELpO.js';
12
- import '../../task-BLPFCORT.js';
12
+ import '../../task-BHV-YHg1.js';
13
13
  import 'drizzle-orm/pg-core';
14
14
  import 'drizzle-orm/sqlite-core';
15
15