agor-live 0.21.2 → 0.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/branch/env/restart.js +1 -1
- package/dist/cli/commands/branch/env/start.js +1 -1
- package/dist/cli/commands/branch/env/stop.js +1 -1
- package/dist/core/api/index.cjs +5 -1
- package/dist/core/api/index.d.ts +6 -1
- package/dist/core/api/index.d.ts.map +1 -1
- package/dist/core/api/index.js +5 -1
- package/dist/core/claude/index.cjs +162 -14
- package/dist/core/claude/index.js +166 -18
- package/dist/core/client/index.cjs +43 -3
- package/dist/core/client/index.js +37 -3
- package/dist/core/config/browser.cjs +2 -2
- package/dist/core/config/browser.js +2 -2
- package/dist/core/config/config-manager.d.ts.map +1 -1
- package/dist/core/config/constants.d.ts +1 -1
- package/dist/core/config/index.cjs +174 -20
- package/dist/core/config/index.js +178 -24
- package/dist/core/config/types.d.ts +8 -0
- package/dist/core/config/types.d.ts.map +1 -1
- package/dist/core/db/index.cjs +495 -86
- package/dist/core/db/index.js +482 -75
- package/dist/core/db/repositories/artifacts.d.ts.map +1 -1
- package/dist/core/db/repositories/branches.d.ts +13 -1
- package/dist/core/db/repositories/branches.d.ts.map +1 -1
- package/dist/core/db/repositories/gateway-channels.d.ts.map +1 -1
- package/dist/core/db/repositories/index.d.ts +1 -0
- package/dist/core/db/repositories/index.d.ts.map +1 -1
- package/dist/core/db/repositories/session-relationships.d.ts +30 -0
- package/dist/core/db/repositories/session-relationships.d.ts.map +1 -0
- package/dist/core/db/repositories/users.d.ts +11 -0
- package/dist/core/db/repositories/users.d.ts.map +1 -1
- package/dist/core/db/schema.d.ts +421 -4
- package/dist/core/db/schema.d.ts.map +1 -1
- package/dist/core/db/schema.postgres.d.ts +226 -2
- package/dist/core/db/schema.postgres.d.ts.map +1 -1
- package/dist/core/db/schema.sqlite.d.ts +228 -2
- package/dist/core/db/schema.sqlite.d.ts.map +1 -1
- package/dist/core/drizzle/postgres/0050_artifact_source_session.sql +3 -0
- package/dist/core/drizzle/postgres/0051_session_relationships.sql +26 -0
- package/dist/core/drizzle/postgres/meta/_journal.json +14 -0
- package/dist/core/drizzle/sqlite/0059_artifact_source_session.sql +2 -0
- package/dist/core/drizzle/sqlite/0060_session_relationships.sql +23 -0
- package/dist/core/drizzle/sqlite/meta/_journal.json +14 -0
- package/dist/core/gateway/connector-registry.d.ts.map +1 -1
- package/dist/core/gateway/connector.d.ts +22 -0
- package/dist/core/gateway/connector.d.ts.map +1 -1
- package/dist/core/gateway/connectors/slack.d.ts +35 -3
- package/dist/core/gateway/connectors/slack.d.ts.map +1 -1
- package/dist/core/gateway/connectors/teams.d.ts +107 -0
- package/dist/core/gateway/connectors/teams.d.ts.map +1 -0
- package/dist/core/gateway/context.d.ts.map +1 -1
- package/dist/core/gateway/index.cjs +552 -52
- package/dist/core/gateway/index.d.ts +3 -2
- package/dist/core/gateway/index.d.ts.map +1 -1
- package/dist/core/gateway/index.js +544 -52
- package/dist/core/gateway/system-message.d.ts +21 -0
- package/dist/core/gateway/system-message.d.ts.map +1 -1
- package/dist/core/index.cjs +616 -127
- package/dist/core/index.js +597 -116
- package/dist/core/mcp/index.cjs +146 -9
- package/dist/core/mcp/index.js +146 -9
- package/dist/core/mcp/template-resolver.d.ts.map +1 -1
- package/dist/core/seed/index.cjs +375 -59
- package/dist/core/seed/index.js +378 -62
- package/dist/core/sessions/index.cjs +19 -0
- package/dist/core/sessions/index.js +19 -0
- package/dist/core/templates/agor-system-prompt.md +21 -53
- package/dist/core/templates/session-context.cjs +2 -73
- package/dist/core/templates/session-context.d.ts +9 -53
- package/dist/core/templates/session-context.d.ts.map +1 -1
- package/dist/core/templates/session-context.js +2 -72
- package/dist/core/tools/mcp/jwt-auth.cjs +2 -20
- package/dist/core/tools/mcp/jwt-auth.d.ts.map +1 -1
- package/dist/core/tools/mcp/jwt-auth.js +2 -20
- package/dist/core/tools/mcp/oauth-mcp-transport.cjs +2 -15
- package/dist/core/tools/mcp/oauth-mcp-transport.d.ts.map +1 -1
- package/dist/core/tools/mcp/oauth-mcp-transport.js +2 -15
- package/dist/core/tools/mcp/oauth-refresh.cjs +167 -19
- package/dist/core/tools/mcp/oauth-refresh.js +167 -19
- package/dist/core/types/artifact.d.ts +5 -1
- package/dist/core/types/artifact.d.ts.map +1 -1
- package/dist/core/types/branch.d.ts +14 -0
- package/dist/core/types/branch.d.ts.map +1 -1
- package/dist/core/types/gateway.d.ts +1 -1
- package/dist/core/types/gateway.d.ts.map +1 -1
- package/dist/core/types/id.d.ts +1 -0
- package/dist/core/types/id.d.ts.map +1 -1
- package/dist/core/types/index.cjs +36 -0
- package/dist/core/types/index.js +30 -0
- package/dist/core/types/session.d.ts +65 -1
- package/dist/core/types/session.d.ts.map +1 -1
- package/dist/core/types/task.d.ts +9 -0
- package/dist/core/types/task.d.ts.map +1 -1
- package/dist/core/unix/index.cjs +371 -55
- package/dist/core/unix/index.js +374 -58
- package/dist/core/unix/unix-integration-service.d.ts +10 -7
- package/dist/core/unix/unix-integration-service.d.ts.map +1 -1
- package/dist/core/utils/permission-mode-mapper.cjs +19 -0
- package/dist/core/utils/permission-mode-mapper.js +19 -0
- package/dist/daemon/declarations.d.ts +7 -0
- package/dist/daemon/declarations.d.ts.map +1 -1
- package/dist/daemon/hooks/gateway-route.d.ts.map +1 -1
- package/dist/daemon/hooks/gateway-route.js +53 -1
- package/dist/daemon/index.js +3760 -2107
- package/dist/daemon/main.js +3760 -2107
- package/dist/daemon/mcp/server.js +155 -17
- package/dist/daemon/mcp/tools/analytics.js +6 -7
- package/dist/daemon/mcp/tools/artifacts.d.ts.map +1 -1
- package/dist/daemon/mcp/tools/artifacts.js +7 -7
- package/dist/daemon/mcp/tools/boards.js +6 -7
- package/dist/daemon/mcp/tools/branches.js +6 -7
- package/dist/daemon/mcp/tools/card-types.js +6 -7
- package/dist/daemon/mcp/tools/cards.js +6 -7
- package/dist/daemon/mcp/tools/environment.d.ts.map +1 -1
- package/dist/daemon/mcp/tools/environment.js +19 -12
- package/dist/daemon/mcp/tools/knowledge.js +6 -7
- package/dist/daemon/mcp/tools/mcp-servers.js +6 -7
- package/dist/daemon/mcp/tools/messages.js +6 -7
- package/dist/daemon/mcp/tools/proxies.js +6 -7
- package/dist/daemon/mcp/tools/repos.js +6 -7
- package/dist/daemon/mcp/tools/schedules.js +6 -7
- package/dist/daemon/mcp/tools/search.js +6 -7
- package/dist/daemon/mcp/tools/sessions.d.ts.map +1 -1
- package/dist/daemon/mcp/tools/sessions.js +140 -11
- package/dist/daemon/mcp/tools/tasks.js +6 -7
- package/dist/daemon/mcp/tools/users.js +6 -7
- package/dist/daemon/mcp/tools/widgets.js +7 -8
- package/dist/daemon/register-hooks.d.ts +5 -1
- package/dist/daemon/register-hooks.d.ts.map +1 -1
- package/dist/daemon/register-hooks.js +404 -179
- package/dist/daemon/register-routes.d.ts.map +1 -1
- package/dist/daemon/register-routes.js +360 -162
- package/dist/daemon/register-services.d.ts.map +1 -1
- package/dist/daemon/register-services.js +1928 -671
- package/dist/daemon/services/artifacts.d.ts +10 -1
- package/dist/daemon/services/artifacts.d.ts.map +1 -1
- package/dist/daemon/services/artifacts.js +25 -1
- package/dist/daemon/services/branches.d.ts +11 -1
- package/dist/daemon/services/branches.d.ts.map +1 -1
- package/dist/daemon/services/branches.js +470 -184
- package/dist/daemon/services/claude-models.js +879 -339
- package/dist/daemon/services/gateway.d.ts +58 -2
- package/dist/daemon/services/gateway.d.ts.map +1 -1
- package/dist/daemon/services/gateway.js +590 -47
- package/dist/daemon/services/groups.d.ts +2 -0
- package/dist/daemon/services/groups.d.ts.map +1 -1
- package/dist/daemon/services/groups.js +56 -0
- package/dist/daemon/services/mcp-servers.d.ts.map +1 -1
- package/dist/daemon/services/mcp-servers.js +0 -6
- package/dist/daemon/services/scheduler.d.ts.map +1 -1
- package/dist/daemon/services/scheduler.js +6 -2
- package/dist/daemon/services/sessions.d.ts +11 -3
- package/dist/daemon/services/sessions.d.ts.map +1 -1
- package/dist/daemon/services/sessions.js +68 -7
- package/dist/daemon/services/tasks.d.ts +13 -2
- package/dist/daemon/services/tasks.d.ts.map +1 -1
- package/dist/daemon/services/tasks.js +42 -26
- package/dist/daemon/startup.js +6 -2
- package/dist/daemon/utils/session-stop.d.ts +43 -0
- package/dist/daemon/utils/session-stop.d.ts.map +1 -0
- package/dist/daemon/utils/session-stop.js +102 -0
- package/dist/daemon/utils/session-task-state.d.ts +7 -2
- package/dist/daemon/utils/session-task-state.d.ts.map +1 -1
- package/dist/daemon/utils/session-task-state.js +9 -3
- package/dist/daemon/utils/session-tasks.d.ts +4 -4
- package/dist/daemon/utils/session-tasks.d.ts.map +1 -1
- package/dist/daemon/utils/session-tasks.js +4 -8
- package/dist/executor/commands/environment.d.ts +13 -0
- package/dist/executor/commands/environment.d.ts.map +1 -0
- package/dist/executor/commands/environment.js +287 -0
- package/dist/executor/commands/index.d.ts.map +1 -1
- package/dist/executor/commands/index.js +5 -1
- package/dist/executor/commands/unix.d.ts +8 -1
- package/dist/executor/commands/unix.d.ts.map +1 -1
- package/dist/executor/commands/unix.js +157 -2
- package/dist/executor/payload-types.d.ts +201 -5
- package/dist/executor/payload-types.d.ts.map +1 -1
- package/dist/executor/payload-types.js +98 -0
- package/dist/executor/sdk-handlers/base/mcp-scoping.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/base/mcp-scoping.js +14 -0
- package/dist/executor/sdk-handlers/claude/message-processor.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/claude/message-processor.js +0 -1
- package/dist/executor/sdk-handlers/claude/query-builder.d.ts +1 -0
- package/dist/executor/sdk-handlers/claude/query-builder.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/claude/query-builder.js +91 -39
- package/dist/executor/sdk-handlers/codex/prompt-service.d.ts +12 -5
- package/dist/executor/sdk-handlers/codex/prompt-service.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/codex/prompt-service.js +72 -30
- package/dist/executor/sdk-handlers/copilot/prompt-service.d.ts +2 -4
- package/dist/executor/sdk-handlers/copilot/prompt-service.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/copilot/prompt-service.js +4 -13
- package/dist/executor/sdk-handlers/gemini/prompt-service.d.ts +2 -4
- package/dist/executor/sdk-handlers/gemini/prompt-service.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/gemini/prompt-service.js +4 -13
- package/dist/ui/assets/App-DcEY8Ota.js +3 -0
- package/dist/ui/assets/App-DcEY8Ota.js.gz +0 -0
- package/dist/ui/assets/{ArtifactConsentModal-ParNk5kW.js → ArtifactConsentModal-CiCbK9iv.js} +1 -1
- package/dist/ui/assets/ArtifactConsentModal-CiCbK9iv.js.gz +0 -0
- package/dist/ui/assets/ArtifactFullscreenPage-CfsTEGKd.js +9 -0
- package/dist/ui/assets/ArtifactFullscreenPage-CfsTEGKd.js.gz +0 -0
- package/dist/ui/assets/AutocompleteTextarea-BAFFH_5e.js +18 -0
- package/dist/ui/assets/AutocompleteTextarea-BAFFH_5e.js.gz +0 -0
- package/dist/ui/assets/BoardObjectNodes-D-O6bZIG.js +34 -0
- package/dist/ui/assets/BoardObjectNodes-D-O6bZIG.js.gz +0 -0
- package/dist/ui/assets/{CodeEditor.inner-D51Z_CLQ.js → CodeEditor.inner-DBgsP4tn.js} +2 -2
- package/dist/ui/assets/CodeEditor.inner-DBgsP4tn.js.gz +0 -0
- package/dist/ui/assets/ConversationView-CUWR0gR6.js +1 -0
- package/dist/ui/assets/ConversationView-CUWR0gR6.js.gz +0 -0
- package/dist/ui/assets/KnowledgePage-B2bzlXfn.js +24 -0
- package/dist/ui/assets/KnowledgePage-B2bzlXfn.js.gz +0 -0
- package/dist/ui/assets/MarketingScreenshotPage-9Qd7eZsm.css +1 -0
- package/dist/ui/assets/MarketingScreenshotPage-zv5RUCuV.js +143 -0
- package/dist/ui/assets/MarketingScreenshotPage-zv5RUCuV.js.gz +0 -0
- package/dist/ui/assets/MobileApp-VgVnsnsN.js +1 -0
- package/dist/ui/assets/MobileApp-VgVnsnsN.js.gz +0 -0
- package/dist/ui/assets/SessionCanvas-f1-1Gbcw.js +20 -0
- package/dist/ui/assets/SessionCanvas-f1-1Gbcw.js.gz +0 -0
- package/dist/ui/assets/{App-BAdBsEnV.css → SessionCanvas-mEmYGZhC.css} +1 -1
- package/dist/ui/assets/SessionCanvas-mEmYGZhC.css.gz +0 -0
- package/dist/ui/assets/{StreamdownDemoPage-B9wbgp2s.js → StreamdownDemoPage-wzWaqWwr.js} +1 -1
- package/dist/ui/assets/StreamdownDemoPage-wzWaqWwr.js.gz +0 -0
- package/dist/ui/assets/{ThemeSwitcher-ubn6IOz9.js → ThemeSwitcher-Dly2y9pi.js} +1 -1
- package/dist/ui/assets/ThemeSwitcher-Dly2y9pi.js.gz +0 -0
- package/dist/ui/assets/antd-CfbbHJOz.js +401 -0
- package/dist/ui/assets/antd-CfbbHJOz.js.gz +0 -0
- package/dist/ui/assets/architecture-U656AL7Q-CykGFbQU.js +1 -0
- package/dist/ui/assets/{architectureDiagram-VXUJARFQ-ChmZt3zk.js → architectureDiagram-VXUJARFQ-C8HXAenz.js} +1 -1
- package/dist/ui/assets/architectureDiagram-VXUJARFQ-C8HXAenz.js.gz +0 -0
- package/dist/ui/assets/{blockDiagram-VD42YOAC-CzGHAHao.js → blockDiagram-VD42YOAC-BhZaEN19.js} +1 -1
- package/dist/ui/assets/blockDiagram-VD42YOAC-BhZaEN19.js.gz +0 -0
- package/dist/ui/assets/{c4Diagram-YG6GDRKO-DscJyaWN.js → c4Diagram-YG6GDRKO-Dk_UH-sY.js} +1 -1
- package/dist/ui/assets/c4Diagram-YG6GDRKO-Dk_UH-sY.js.gz +0 -0
- package/dist/ui/assets/channel-D6_nUWlW.js +1 -0
- package/dist/ui/assets/{chunk-4BX2VUAB-DoWpTvP8.js → chunk-4BX2VUAB-XprbG2TG.js} +1 -1
- package/dist/ui/assets/chunk-55IACEB6-ByzqIgSb.js +1 -0
- package/dist/ui/assets/{chunk-ABZYJK2D-RzDCrjE6.js → chunk-ABZYJK2D-BJcrryHK.js} +1 -1
- package/dist/ui/assets/chunk-ABZYJK2D-BJcrryHK.js.gz +0 -0
- package/dist/ui/assets/{chunk-AGHRB4JF-jidCS5Of.js → chunk-AGHRB4JF-DvxmfbM0.js} +1 -1
- package/dist/ui/assets/chunk-AGHRB4JF-DvxmfbM0.js.gz +0 -0
- package/dist/ui/assets/{chunk-ATLVNIR6-BEIIfJtC.js → chunk-ATLVNIR6-DbeJ0OrR.js} +1 -1
- package/dist/ui/assets/chunk-ATLVNIR6-DbeJ0OrR.js.gz +0 -0
- package/dist/ui/assets/{chunk-B4BG7PRW-B8b6dQQ2.js → chunk-B4BG7PRW-C53q2ggf.js} +1 -1
- package/dist/ui/assets/chunk-B4BG7PRW-C53q2ggf.js.gz +0 -0
- package/dist/ui/assets/{chunk-CVBHYZKI-D-mQAfrk.js → chunk-CVBHYZKI-B3EBSlb3.js} +1 -1
- package/dist/ui/assets/{chunk-DI55MBZ5-BfATX3V8.js → chunk-DI55MBZ5-vIyNEQN-.js} +1 -1
- package/dist/ui/assets/chunk-DI55MBZ5-vIyNEQN-.js.gz +0 -0
- package/dist/ui/assets/chunk-EXTU4WIE-B3ObkuOm.js +1 -0
- package/dist/ui/assets/{chunk-FMBD7UC4-fqXscNvc.js → chunk-FMBD7UC4-rddmfK-Z.js} +1 -1
- package/dist/ui/assets/{chunk-HN2XXSSU-BCHvD80g.js → chunk-HN2XXSSU-Dttqcg3b.js} +1 -1
- package/dist/ui/assets/chunk-HN2XXSSU-Dttqcg3b.js.gz +0 -0
- package/dist/ui/assets/{chunk-JA3XYJ7Z-Cp6dqHnY.js → chunk-JA3XYJ7Z-DbNDev3D.js} +1 -1
- package/dist/ui/assets/chunk-JA3XYJ7Z-DbNDev3D.js.gz +0 -0
- package/dist/ui/assets/{chunk-JZLCHNYA-cKMooY3y.js → chunk-JZLCHNYA-EUmx2y4H.js} +1 -1
- package/dist/ui/assets/chunk-JZLCHNYA-EUmx2y4H.js.gz +0 -0
- package/dist/ui/assets/{chunk-MI3HLSF2-BlzO5wOE.js → chunk-MI3HLSF2-65n9Mkyc.js} +1 -1
- package/dist/ui/assets/chunk-MI3HLSF2-65n9Mkyc.js.gz +0 -0
- package/dist/ui/assets/chunk-N4CR4FBY-mv5koXqW.js +2 -0
- package/dist/ui/assets/chunk-N4CR4FBY-mv5koXqW.js.gz +0 -0
- package/dist/ui/assets/{chunk-QN33PNHL-DIHGQ_pd.js → chunk-QN33PNHL-DsRKK6NR.js} +1 -1
- package/dist/ui/assets/{chunk-QXUST7PY-C9l0muI0.js → chunk-QXUST7PY-BCYnMiS3.js} +1 -1
- package/dist/ui/assets/chunk-QXUST7PY-BCYnMiS3.js.gz +0 -0
- package/dist/ui/assets/chunk-QZHKN3VN-HucAw4xW.js +1 -0
- package/dist/ui/assets/{chunk-S3R3BYOJ-VJiLzt2o.js → chunk-S3R3BYOJ-CWMEa9Dc.js} +1 -1
- package/dist/ui/assets/chunk-S3R3BYOJ-CWMEa9Dc.js.gz +0 -0
- package/dist/ui/assets/{chunk-TZMSLE5B-DZwI0C_2.js → chunk-TZMSLE5B-BuQUQcTr.js} +1 -1
- package/dist/ui/assets/chunk-TZMSLE5B-BuQUQcTr.js.gz +0 -0
- package/dist/ui/assets/classDiagram-2ON5EDUG-CUT3rPTB.js +1 -0
- package/dist/ui/assets/classDiagram-v2-WZHVMYZB-CUT3rPTB.js +1 -0
- package/dist/ui/assets/{cose-bilkent-S5V4N54A-Ipik-oSD.js → cose-bilkent-S5V4N54A-CnPB3ARO.js} +1 -1
- package/dist/ui/assets/cose-bilkent-S5V4N54A-CnPB3ARO.js.gz +0 -0
- package/dist/ui/assets/cursor-QEb7m-rN.png +0 -0
- package/dist/ui/assets/{dagre-6UL2VRFP-BDpyWQnh.js → dagre-6UL2VRFP-DhS-k_Se.js} +1 -1
- package/dist/ui/assets/dagre-6UL2VRFP-DhS-k_Se.js.gz +0 -0
- package/dist/ui/assets/{dagre-CgA4KhUX.js → dagre-KgLoHEuy.js} +1 -1
- package/dist/ui/assets/dagre-KgLoHEuy.js.gz +0 -0
- package/dist/ui/assets/{diagram-PSM6KHXK-B4GRzxLJ.js → diagram-PSM6KHXK-BZg3MJmb.js} +1 -1
- package/dist/ui/assets/diagram-PSM6KHXK-BZg3MJmb.js.gz +0 -0
- package/dist/ui/assets/{diagram-QEK2KX5R-BWPW28XI.js → diagram-QEK2KX5R-BPCitvbo.js} +1 -1
- package/dist/ui/assets/diagram-QEK2KX5R-BPCitvbo.js.gz +0 -0
- package/dist/ui/assets/{diagram-S2PKOQOG-BIHhcGoV.js → diagram-S2PKOQOG-NW4uK6sx.js} +1 -1
- package/dist/ui/assets/diagram-S2PKOQOG-NW4uK6sx.js.gz +0 -0
- package/dist/ui/assets/{editor-C-HJ7Yw0.js → editor-CzFWIUw2.js} +1 -1
- package/dist/ui/assets/editor-CzFWIUw2.js.gz +0 -0
- package/dist/ui/assets/{emoji-D8F6B62m.js → emoji-Dkz4Zzv_.js} +1 -1
- package/dist/ui/assets/emoji-Dkz4Zzv_.js.gz +0 -0
- package/dist/ui/assets/{erDiagram-Q2GNP2WA-ubTaAFcK.js → erDiagram-Q2GNP2WA-me1fboaf.js} +1 -1
- package/dist/ui/assets/erDiagram-Q2GNP2WA-me1fboaf.js.gz +0 -0
- package/dist/ui/assets/{flowDiagram-NV44I4VS-BHLCTYjI.js → flowDiagram-NV44I4VS-DzE8dGsh.js} +1 -1
- package/dist/ui/assets/flowDiagram-NV44I4VS-DzE8dGsh.js.gz +0 -0
- package/dist/ui/assets/{ganttDiagram-LVOFAZNH-ClC3pay1.js → ganttDiagram-LVOFAZNH-CFQD09Mi.js} +2 -2
- package/dist/ui/assets/ganttDiagram-LVOFAZNH-CFQD09Mi.js.gz +0 -0
- package/dist/ui/assets/{gitGraph-F6HP7TQM-DghoobE6.js → gitGraph-F6HP7TQM-CfFE_uAC.js} +1 -1
- package/dist/ui/assets/{gitGraphDiagram-NY62KEGX-Clqpiswu.js → gitGraphDiagram-NY62KEGX-CaVoxU4C.js} +1 -1
- package/dist/ui/assets/gitGraphDiagram-NY62KEGX-CaVoxU4C.js.gz +0 -0
- package/dist/ui/assets/index-BN5_Qq7R.js +324 -0
- package/dist/ui/assets/index-BN5_Qq7R.js.gz +0 -0
- package/dist/ui/assets/index-DxuPq13l.css +1 -0
- package/dist/ui/assets/index-DxuPq13l.css.gz +0 -0
- package/dist/ui/assets/{info-NVLQJR56-0ZldEXPQ.js → info-NVLQJR56-i_xHYg3f.js} +1 -1
- package/dist/ui/assets/{infoDiagram-ER5ION4S-DMmPX-il.js → infoDiagram-ER5ION4S-2NL93b78.js} +1 -1
- package/dist/ui/assets/{journeyDiagram-XKPGCS4Q-CrVickA2.js → journeyDiagram-XKPGCS4Q-CZF-2DHU.js} +1 -1
- package/dist/ui/assets/journeyDiagram-XKPGCS4Q-CZF-2DHU.js.gz +0 -0
- package/dist/ui/assets/{kanban-definition-3W4ZIXB7-C_BsdHYL.js → kanban-definition-3W4ZIXB7-CfvJIOny.js} +1 -1
- package/dist/ui/assets/kanban-definition-3W4ZIXB7-CfvJIOny.js.gz +0 -0
- package/dist/ui/assets/{line-CfBP7Yic.js → line-DDv8kOJk.js} +1 -1
- package/dist/ui/assets/{linear-BsjageUB.js → linear-Daef-l29.js} +1 -1
- package/dist/ui/assets/linear-Daef-l29.js.gz +0 -0
- package/dist/ui/assets/{mermaid-parser.core-DZdP-NFq.js → mermaid-parser.core-CdK9QgYV.js} +2 -2
- package/dist/ui/assets/mermaid-parser.core-CdK9QgYV.js.gz +0 -0
- package/dist/ui/assets/{mermaid.core-TNrI0pHG.js → mermaid.core-D6GS9mU-.js} +3 -3
- package/dist/ui/assets/mermaid.core-D6GS9mU-.js.gz +0 -0
- package/dist/ui/assets/message-SqLqNYcv.js +36 -0
- package/dist/ui/assets/message-SqLqNYcv.js.gz +0 -0
- package/dist/ui/assets/{mindmap-definition-VGOIOE7T-BbmaUjMY.js → mindmap-definition-VGOIOE7T-Cb3QMflX.js} +1 -1
- package/dist/ui/assets/mindmap-definition-VGOIOE7T-Cb3QMflX.js.gz +0 -0
- package/dist/ui/assets/{packet-BFZMPI3H-D_ZhkXuT.js → packet-BFZMPI3H-Bm2uwz4i.js} +1 -1
- package/dist/ui/assets/{particles-Dv28pjOd.js → particles-DsJFOarW.js} +1 -1
- package/dist/ui/assets/particles-DsJFOarW.js.gz +0 -0
- package/dist/ui/assets/{pie-7BOR55EZ-Dn0Q3qNx.js → pie-7BOR55EZ-5i17tVnF.js} +1 -1
- package/dist/ui/assets/{pieDiagram-ADFJNKIX-BbyjfYu8.js → pieDiagram-ADFJNKIX-BxIwQWvw.js} +1 -1
- package/dist/ui/assets/pieDiagram-ADFJNKIX-BxIwQWvw.js.gz +0 -0
- package/dist/ui/assets/{quadrantDiagram-AYHSOK5B-Bc3GqMKz.js → quadrantDiagram-AYHSOK5B-B5HPe4ga.js} +1 -1
- package/dist/ui/assets/quadrantDiagram-AYHSOK5B-B5HPe4ga.js.gz +0 -0
- package/dist/ui/assets/{radar-NHE76QYJ-BHwoAy1q.js → radar-NHE76QYJ-BTn-tq0k.js} +1 -1
- package/dist/ui/assets/{reactflow-BVYPxNhc.js → reactflow-Bf74ngoo.js} +2 -2
- package/dist/ui/assets/reactflow-Bf74ngoo.js.gz +0 -0
- package/dist/ui/assets/{requirementDiagram-UZGBJVZJ-BQaKKL09.js → requirementDiagram-UZGBJVZJ-YfI6llkX.js} +1 -1
- package/dist/ui/assets/requirementDiagram-UZGBJVZJ-YfI6llkX.js.gz +0 -0
- package/dist/ui/assets/{sandpack-BQW_FQ7G.js → sandpack-D7koO5op.js} +1 -1
- package/dist/ui/assets/sandpack-D7koO5op.js.gz +0 -0
- package/dist/ui/assets/{sankeyDiagram-TZEHDZUN-DiJvDvhb.js → sankeyDiagram-TZEHDZUN-DOk_B10B.js} +1 -1
- package/dist/ui/assets/sankeyDiagram-TZEHDZUN-DOk_B10B.js.gz +0 -0
- package/dist/ui/assets/{sequenceDiagram-WL72ISMW-Dw32824o.js → sequenceDiagram-WL72ISMW-DAe4Um17.js} +1 -1
- package/dist/ui/assets/sequenceDiagram-WL72ISMW-DAe4Um17.js.gz +0 -0
- package/dist/ui/assets/{stateDiagram-FKZM4ZOC-BCOpNdHV.js → stateDiagram-FKZM4ZOC-CCesDu_C.js} +1 -1
- package/dist/ui/assets/stateDiagram-FKZM4ZOC-CCesDu_C.js.gz +0 -0
- package/dist/ui/assets/stateDiagram-v2-4FDKWEC3-CMlIrsoO.js +1 -0
- package/dist/ui/assets/{syntax-VJrU5BEu.js → syntax-C-M-8jOU.js} +1 -1
- package/dist/ui/assets/syntax-C-M-8jOU.js.gz +0 -0
- package/dist/ui/assets/{theme-DZtFA8b4.js → theme-BQZdiqwv.js} +1 -1
- package/dist/ui/assets/{timeline-definition-IT6M3QCI-Jh_WZzXv.js → timeline-definition-IT6M3QCI-D6P5txjT.js} +1 -1
- package/dist/ui/assets/timeline-definition-IT6M3QCI-D6P5txjT.js.gz +0 -0
- package/dist/ui/assets/{treemap-KMMF4GRG-CPYIgjxE.js → treemap-KMMF4GRG-Bitm3gy4.js} +1 -1
- package/dist/ui/assets/{knowledgeRoutes-CivaUqha.js → useUserLocalStorage-Ckb8HsIw.js} +1 -1
- package/dist/ui/assets/useUserLocalStorage-Ckb8HsIw.js.gz +0 -0
- package/dist/ui/assets/{xychartDiagram-PRI3JC2R-CERc7Rdb.js → xychartDiagram-PRI3JC2R-CsybjUbd.js} +1 -1
- package/dist/ui/assets/xychartDiagram-PRI3JC2R-CsybjUbd.js.gz +0 -0
- package/dist/ui/index.html +13 -11
- package/dist/ui/index.html.gz +0 -0
- package/package.json +10 -9
- package/dist/ui/assets/App-9s2WHM6S.js +0 -22
- package/dist/ui/assets/App-9s2WHM6S.js.gz +0 -0
- package/dist/ui/assets/App-BAdBsEnV.css.gz +0 -0
- package/dist/ui/assets/ArtifactConsentModal-ParNk5kW.js.gz +0 -0
- package/dist/ui/assets/ArtifactFullscreenPage-VQxLMCiN.js +0 -9
- package/dist/ui/assets/ArtifactFullscreenPage-VQxLMCiN.js.gz +0 -0
- package/dist/ui/assets/AutocompleteTextarea-3RchrIgk.js +0 -18
- package/dist/ui/assets/AutocompleteTextarea-3RchrIgk.js.gz +0 -0
- package/dist/ui/assets/CodeEditor.inner-D51Z_CLQ.js.gz +0 -0
- package/dist/ui/assets/ConversationView-Dyddw2b1.js +0 -34
- package/dist/ui/assets/ConversationView-Dyddw2b1.js.gz +0 -0
- package/dist/ui/assets/KnowledgePage-CdftslnF.js +0 -24
- package/dist/ui/assets/KnowledgePage-CdftslnF.js.gz +0 -0
- package/dist/ui/assets/MobileApp-BdBMpnJ1.js +0 -1
- package/dist/ui/assets/MobileApp-BdBMpnJ1.js.gz +0 -0
- package/dist/ui/assets/StreamdownDemoPage-B9wbgp2s.js.gz +0 -0
- package/dist/ui/assets/ThemeSwitcher-ubn6IOz9.js.gz +0 -0
- package/dist/ui/assets/antd-C-HfEC4E.js +0 -400
- package/dist/ui/assets/antd-C-HfEC4E.js.gz +0 -0
- package/dist/ui/assets/architecture-U656AL7Q-dkBewUpN.js +0 -1
- package/dist/ui/assets/architectureDiagram-VXUJARFQ-ChmZt3zk.js.gz +0 -0
- package/dist/ui/assets/blockDiagram-VD42YOAC-CzGHAHao.js.gz +0 -0
- package/dist/ui/assets/c4Diagram-YG6GDRKO-DscJyaWN.js.gz +0 -0
- package/dist/ui/assets/channel-DvRQqEqC.js +0 -1
- package/dist/ui/assets/chunk-55IACEB6-DojF2pZN.js +0 -1
- package/dist/ui/assets/chunk-ABZYJK2D-RzDCrjE6.js.gz +0 -0
- package/dist/ui/assets/chunk-AGHRB4JF-jidCS5Of.js.gz +0 -0
- package/dist/ui/assets/chunk-ATLVNIR6-BEIIfJtC.js.gz +0 -0
- package/dist/ui/assets/chunk-B4BG7PRW-B8b6dQQ2.js.gz +0 -0
- package/dist/ui/assets/chunk-DI55MBZ5-BfATX3V8.js.gz +0 -0
- package/dist/ui/assets/chunk-EXTU4WIE-BKt6lPJM.js +0 -1
- package/dist/ui/assets/chunk-HN2XXSSU-BCHvD80g.js.gz +0 -0
- package/dist/ui/assets/chunk-JA3XYJ7Z-Cp6dqHnY.js.gz +0 -0
- package/dist/ui/assets/chunk-JZLCHNYA-cKMooY3y.js.gz +0 -0
- package/dist/ui/assets/chunk-MI3HLSF2-BlzO5wOE.js.gz +0 -0
- package/dist/ui/assets/chunk-N4CR4FBY-pASDorUx.js +0 -2
- package/dist/ui/assets/chunk-N4CR4FBY-pASDorUx.js.gz +0 -0
- package/dist/ui/assets/chunk-QXUST7PY-C9l0muI0.js.gz +0 -0
- package/dist/ui/assets/chunk-QZHKN3VN-CZskCFCf.js +0 -1
- package/dist/ui/assets/chunk-S3R3BYOJ-VJiLzt2o.js.gz +0 -0
- package/dist/ui/assets/chunk-TZMSLE5B-DZwI0C_2.js.gz +0 -0
- package/dist/ui/assets/classDiagram-2ON5EDUG-BFASUbmZ.js +0 -1
- package/dist/ui/assets/classDiagram-v2-WZHVMYZB-BFASUbmZ.js +0 -1
- package/dist/ui/assets/cose-bilkent-S5V4N54A-Ipik-oSD.js.gz +0 -0
- package/dist/ui/assets/dagre-6UL2VRFP-BDpyWQnh.js.gz +0 -0
- package/dist/ui/assets/dagre-CgA4KhUX.js.gz +0 -0
- package/dist/ui/assets/diagram-PSM6KHXK-B4GRzxLJ.js.gz +0 -0
- package/dist/ui/assets/diagram-QEK2KX5R-BWPW28XI.js.gz +0 -0
- package/dist/ui/assets/diagram-S2PKOQOG-BIHhcGoV.js.gz +0 -0
- package/dist/ui/assets/editor-C-HJ7Yw0.js.gz +0 -0
- package/dist/ui/assets/emoji-D8F6B62m.js.gz +0 -0
- package/dist/ui/assets/erDiagram-Q2GNP2WA-ubTaAFcK.js.gz +0 -0
- package/dist/ui/assets/flowDiagram-NV44I4VS-BHLCTYjI.js.gz +0 -0
- package/dist/ui/assets/ganttDiagram-LVOFAZNH-ClC3pay1.js.gz +0 -0
- package/dist/ui/assets/gitGraphDiagram-NY62KEGX-Clqpiswu.js.gz +0 -0
- package/dist/ui/assets/index-D9OElx9A.css +0 -1
- package/dist/ui/assets/index-D9OElx9A.css.gz +0 -0
- package/dist/ui/assets/index-DxPuzG7E.js +0 -350
- package/dist/ui/assets/index-DxPuzG7E.js.gz +0 -0
- package/dist/ui/assets/journeyDiagram-XKPGCS4Q-CrVickA2.js.gz +0 -0
- package/dist/ui/assets/kanban-definition-3W4ZIXB7-C_BsdHYL.js.gz +0 -0
- package/dist/ui/assets/knowledgeRoutes-CivaUqha.js.gz +0 -0
- package/dist/ui/assets/linear-BsjageUB.js.gz +0 -0
- package/dist/ui/assets/mermaid-parser.core-DZdP-NFq.js.gz +0 -0
- package/dist/ui/assets/mermaid.core-TNrI0pHG.js.gz +0 -0
- package/dist/ui/assets/message-BtWWJ9Af.js +0 -36
- package/dist/ui/assets/message-BtWWJ9Af.js.gz +0 -0
- package/dist/ui/assets/mindmap-definition-VGOIOE7T-BbmaUjMY.js.gz +0 -0
- package/dist/ui/assets/particles-Dv28pjOd.js.gz +0 -0
- package/dist/ui/assets/pieDiagram-ADFJNKIX-BbyjfYu8.js.gz +0 -0
- package/dist/ui/assets/quadrantDiagram-AYHSOK5B-Bc3GqMKz.js.gz +0 -0
- package/dist/ui/assets/reactflow-BVYPxNhc.js.gz +0 -0
- package/dist/ui/assets/requirementDiagram-UZGBJVZJ-BQaKKL09.js.gz +0 -0
- package/dist/ui/assets/sandpack-BQW_FQ7G.js.gz +0 -0
- package/dist/ui/assets/sankeyDiagram-TZEHDZUN-DiJvDvhb.js.gz +0 -0
- package/dist/ui/assets/sequenceDiagram-WL72ISMW-Dw32824o.js.gz +0 -0
- package/dist/ui/assets/stateDiagram-FKZM4ZOC-BCOpNdHV.js.gz +0 -0
- package/dist/ui/assets/stateDiagram-v2-4FDKWEC3-Cuqwvgfg.js +0 -1
- package/dist/ui/assets/syntax-VJrU5BEu.js.gz +0 -0
- package/dist/ui/assets/timeline-definition-IT6M3QCI-Jh_WZzXv.js.gz +0 -0
- package/dist/ui/assets/xychartDiagram-PRI3JC2R-CERc7Rdb.js.gz +0 -0
|
@@ -8,6 +8,14 @@ var __export = (target, all) => {
|
|
|
8
8
|
__defProp(target, name, { get: all[name], enumerable: true });
|
|
9
9
|
};
|
|
10
10
|
|
|
11
|
+
// src/adapters/drizzle.ts
|
|
12
|
+
import { NotFoundError } from "@agor/core/utils/errors";
|
|
13
|
+
var init_drizzle = __esm({
|
|
14
|
+
"src/adapters/drizzle.ts"() {
|
|
15
|
+
"use strict";
|
|
16
|
+
}
|
|
17
|
+
});
|
|
18
|
+
|
|
11
19
|
// src/auth/runtime-tokens.ts
|
|
12
20
|
import jwt from "jsonwebtoken";
|
|
13
21
|
function issueRuntimeToken(payload, jwtSecret, expiresIn, options = {}) {
|
|
@@ -592,12 +600,12 @@ var init_spawn_executor = __esm({
|
|
|
592
600
|
});
|
|
593
601
|
|
|
594
602
|
// src/utils/mcp-token-authorization.ts
|
|
595
|
-
import { hasMinimumRole as hasMinimumRole5, ROLES as
|
|
603
|
+
import { hasMinimumRole as hasMinimumRole5, ROLES as ROLES6 } from "@agor/core/types";
|
|
596
604
|
function canReceiveMcpTokenForSession(params) {
|
|
597
605
|
const { callerUserId, callerRole, sessionCreatedBy } = params;
|
|
598
|
-
const isSuperadmin = hasMinimumRole5(callerRole,
|
|
606
|
+
const isSuperadmin = hasMinimumRole5(callerRole, ROLES6.SUPERADMIN);
|
|
599
607
|
const isServiceExecutor = callerRole === "service";
|
|
600
|
-
const isCreatorMember = !!callerUserId && callerUserId === sessionCreatedBy && hasMinimumRole5(callerRole,
|
|
608
|
+
const isCreatorMember = !!callerUserId && callerUserId === sessionCreatedBy && hasMinimumRole5(callerRole, ROLES6.MEMBER);
|
|
601
609
|
return isCreatorMember || isSuperadmin || isServiceExecutor;
|
|
602
610
|
}
|
|
603
611
|
var init_mcp_token_authorization = __esm({
|
|
@@ -618,7 +626,7 @@ __export(tokens_exports, {
|
|
|
618
626
|
validateSessionToken: () => validateSessionToken
|
|
619
627
|
});
|
|
620
628
|
import { MCP_TOKEN } from "@agor/core/config";
|
|
621
|
-
import { generateId as generateId2, SessionRepository, shortId as shortId3 } from "@agor/core/db";
|
|
629
|
+
import { generateId as generateId2, SessionRepository as SessionRepository2, shortId as shortId3 } from "@agor/core/db";
|
|
622
630
|
import {
|
|
623
631
|
MCP_TOKEN_AUDIENCE,
|
|
624
632
|
MCP_TOKEN_ISSUER
|
|
@@ -642,7 +650,7 @@ function initMcpTokens(options) {
|
|
|
642
650
|
const expirationMs = options.expirationMs ?? MCP_TOKEN.DEFAULT_EXPIRATION_MS;
|
|
643
651
|
const now = options.now ?? (() => Date.now());
|
|
644
652
|
_state = {
|
|
645
|
-
sessionRepo: new
|
|
653
|
+
sessionRepo: new SessionRepository2(options.db),
|
|
646
654
|
expirationMs,
|
|
647
655
|
now,
|
|
648
656
|
tokenCache: /* @__PURE__ */ new Map(),
|
|
@@ -753,14 +761,6 @@ var init_tokens = __esm({
|
|
|
753
761
|
}
|
|
754
762
|
});
|
|
755
763
|
|
|
756
|
-
// src/adapters/drizzle.ts
|
|
757
|
-
import { NotFoundError } from "@agor/core/utils/errors";
|
|
758
|
-
var init_drizzle = __esm({
|
|
759
|
-
"src/adapters/drizzle.ts"() {
|
|
760
|
-
"use strict";
|
|
761
|
-
}
|
|
762
|
-
});
|
|
763
|
-
|
|
764
764
|
// src/utils/build-initial-user-message.ts
|
|
765
765
|
import { generateId as generateId3 } from "@agor/core/db";
|
|
766
766
|
import { MessageRole } from "@agor/core/types";
|
|
@@ -1197,13 +1197,13 @@ import {
|
|
|
1197
1197
|
} from "@agor/core/claude-cli";
|
|
1198
1198
|
import {
|
|
1199
1199
|
generateId as generateId4,
|
|
1200
|
-
SessionRepository as
|
|
1200
|
+
SessionRepository as SessionRepository3,
|
|
1201
1201
|
shortId as shortId4,
|
|
1202
1202
|
TaskRepository
|
|
1203
1203
|
} from "@agor/core/db";
|
|
1204
1204
|
import {
|
|
1205
|
-
SessionStatus,
|
|
1206
|
-
TaskStatus
|
|
1205
|
+
SessionStatus as SessionStatus3,
|
|
1206
|
+
TaskStatus as TaskStatus2
|
|
1207
1207
|
} from "@agor/core/types";
|
|
1208
1208
|
import {
|
|
1209
1209
|
getHomedirFromUsername,
|
|
@@ -1217,7 +1217,7 @@ function getDb(app) {
|
|
|
1217
1217
|
async function persistActiveTurnSnapshot(app, sessionId, turn) {
|
|
1218
1218
|
const db = getDb(app);
|
|
1219
1219
|
if (!db) return;
|
|
1220
|
-
const repo = new
|
|
1220
|
+
const repo = new SessionRepository3(db);
|
|
1221
1221
|
const row = await repo.findById(sessionId);
|
|
1222
1222
|
if (!row) {
|
|
1223
1223
|
throw new Error(`persistActiveTurnSnapshot: session not found: ${shortId4(sessionId)}`);
|
|
@@ -1238,7 +1238,7 @@ async function clearActiveTurnSnapshot(app, sessionId) {
|
|
|
1238
1238
|
const db = getDb(app);
|
|
1239
1239
|
if (!db) return;
|
|
1240
1240
|
try {
|
|
1241
|
-
const repo = new
|
|
1241
|
+
const repo = new SessionRepository3(db);
|
|
1242
1242
|
const patch = {
|
|
1243
1243
|
cli_state: { active_turn: null }
|
|
1244
1244
|
};
|
|
@@ -1320,7 +1320,7 @@ function buildCliPersister(app) {
|
|
|
1320
1320
|
async saveOffset(sessionId, update2) {
|
|
1321
1321
|
const db = getDb(app);
|
|
1322
1322
|
if (!db) return;
|
|
1323
|
-
const repo = new
|
|
1323
|
+
const repo = new SessionRepository3(db);
|
|
1324
1324
|
const row = await repo.findById(sessionId).catch(() => null);
|
|
1325
1325
|
if (!row) return;
|
|
1326
1326
|
const existing = row.cli_state ?? {};
|
|
@@ -1353,7 +1353,7 @@ function buildCliEventSink(app) {
|
|
|
1353
1353
|
indexBySession.set(sessionId, 1);
|
|
1354
1354
|
return 0;
|
|
1355
1355
|
}
|
|
1356
|
-
const repo = new
|
|
1356
|
+
const repo = new SessionRepository3(db);
|
|
1357
1357
|
const count = await repo.countMessages(sessionId).catch(() => 0) ?? 0;
|
|
1358
1358
|
indexBySession.set(sessionId, count + 1);
|
|
1359
1359
|
return count;
|
|
@@ -1375,7 +1375,7 @@ function buildCliEventSink(app) {
|
|
|
1375
1375
|
const db = getDb(app);
|
|
1376
1376
|
if (!db) return null;
|
|
1377
1377
|
try {
|
|
1378
|
-
const sessionRepo = new
|
|
1378
|
+
const sessionRepo = new SessionRepository3(db);
|
|
1379
1379
|
const session = await sessionRepo.findById(sessionId).catch(() => null);
|
|
1380
1380
|
if (!session) return null;
|
|
1381
1381
|
const taskRepo = new TaskRepository(db);
|
|
@@ -1383,7 +1383,7 @@ function buildCliEventSink(app) {
|
|
|
1383
1383
|
session_id: sessionId,
|
|
1384
1384
|
created_by: session.created_by,
|
|
1385
1385
|
full_prompt: prompt,
|
|
1386
|
-
status:
|
|
1386
|
+
status: TaskStatus2.RUNNING,
|
|
1387
1387
|
started_at: timestamp,
|
|
1388
1388
|
message_range: {
|
|
1389
1389
|
start_index: userMessageIndex,
|
|
@@ -1400,7 +1400,7 @@ function buildCliEventSink(app) {
|
|
|
1400
1400
|
});
|
|
1401
1401
|
app.service("tasks").emit("created", task);
|
|
1402
1402
|
await app.service("sessions").patch(sessionId, {
|
|
1403
|
-
status:
|
|
1403
|
+
status: SessionStatus3.RUNNING,
|
|
1404
1404
|
ready_for_prompt: false,
|
|
1405
1405
|
tasks: [...session.tasks, task.task_id]
|
|
1406
1406
|
}).catch((err) => {
|
|
@@ -1654,7 +1654,7 @@ function buildCliEventSink(app) {
|
|
|
1654
1654
|
const computedContextWindow = lastTurn?.usage ? (lastTurn.usage.input_tokens ?? 0) + (lastTurn.usage.cache_creation_input_tokens ?? 0) + (lastTurn.usage.cache_read_input_tokens ?? 0) : void 0;
|
|
1655
1655
|
try {
|
|
1656
1656
|
await app.service("tasks").patch(active.taskId, {
|
|
1657
|
-
status:
|
|
1657
|
+
status: TaskStatus2.COMPLETED,
|
|
1658
1658
|
completed_at: ts,
|
|
1659
1659
|
message_range: {
|
|
1660
1660
|
start_index: active.userMessageIndex,
|
|
@@ -1677,7 +1677,7 @@ function buildCliEventSink(app) {
|
|
|
1677
1677
|
}
|
|
1678
1678
|
try {
|
|
1679
1679
|
const patch = {
|
|
1680
|
-
status:
|
|
1680
|
+
status: SessionStatus3.IDLE,
|
|
1681
1681
|
ready_for_prompt: true
|
|
1682
1682
|
};
|
|
1683
1683
|
if (computedContextWindow !== void 0) {
|
|
@@ -1918,7 +1918,7 @@ async function onCliSessionCreated(app, session, branchCwd) {
|
|
|
1918
1918
|
try {
|
|
1919
1919
|
const db = getDb(app);
|
|
1920
1920
|
if (db) {
|
|
1921
|
-
const repo = new
|
|
1921
|
+
const repo = new SessionRepository3(db);
|
|
1922
1922
|
const row = await repo.findById(session.session_id).catch(() => null);
|
|
1923
1923
|
if (row) {
|
|
1924
1924
|
const patch = {
|
|
@@ -1978,7 +1978,7 @@ async function onCliSessionEnded(app, sessionId) {
|
|
|
1978
1978
|
async function rehydrateCliWatchers(app, branchCwdLookup) {
|
|
1979
1979
|
const db = getDb(app);
|
|
1980
1980
|
if (!db) return;
|
|
1981
|
-
const repo = new
|
|
1981
|
+
const repo = new SessionRepository3(db);
|
|
1982
1982
|
const all = await repo.findAll().catch(() => []);
|
|
1983
1983
|
const reg = getCliWatcherRegistry(app);
|
|
1984
1984
|
let rehydrated = 0;
|
|
@@ -2050,7 +2050,7 @@ import {
|
|
|
2050
2050
|
validateRenderedManagedEnvUrlFields,
|
|
2051
2051
|
validateRepoEnvironmentLifecyclePolicy
|
|
2052
2052
|
} from "@agor/core/environment/webhook";
|
|
2053
|
-
import { BadRequest as BadRequest3, Forbidden as
|
|
2053
|
+
import { BadRequest as BadRequest3, Forbidden as Forbidden8, NotAuthenticated as NotAuthenticated7 } from "@agor/core/feathers";
|
|
2054
2054
|
import {
|
|
2055
2055
|
boardCommentQueryValidator,
|
|
2056
2056
|
boardObjectQueryValidator,
|
|
@@ -2063,7 +2063,7 @@ import {
|
|
|
2063
2063
|
typedValidateQuery,
|
|
2064
2064
|
userQueryValidator
|
|
2065
2065
|
} from "@agor/core/lib/feathers-validation";
|
|
2066
|
-
import { hasMinimumRole as hasMinimumRole8, ROLES as
|
|
2066
|
+
import { hasMinimumRole as hasMinimumRole8, ROLES as ROLES9 } from "@agor/core/types";
|
|
2067
2067
|
|
|
2068
2068
|
// src/auth/executor-runtime-scope.ts
|
|
2069
2069
|
import { Forbidden } from "@agor/core/feathers";
|
|
@@ -2318,11 +2318,64 @@ function extractText(content) {
|
|
|
2318
2318
|
}
|
|
2319
2319
|
return "";
|
|
2320
2320
|
}
|
|
2321
|
+
function isGatewayThinkingPlaceholder(text) {
|
|
2322
|
+
return /^thinking\s*\.{3}$/i.test(text.trim());
|
|
2323
|
+
}
|
|
2324
|
+
function extractLatestToolUse(content) {
|
|
2325
|
+
if (!Array.isArray(content)) return null;
|
|
2326
|
+
for (let i = content.length - 1; i >= 0; i--) {
|
|
2327
|
+
const block = content[i];
|
|
2328
|
+
if (block.type !== "tool_use") continue;
|
|
2329
|
+
if (typeof block.name !== "string") continue;
|
|
2330
|
+
const input = block.input && typeof block.input === "object" && !Array.isArray(block.input) ? block.input : {};
|
|
2331
|
+
return { name: block.name, input };
|
|
2332
|
+
}
|
|
2333
|
+
return null;
|
|
2334
|
+
}
|
|
2335
|
+
function extractLatestToolUseFromMessage(message) {
|
|
2336
|
+
const fromContent = extractLatestToolUse(message.content);
|
|
2337
|
+
if (fromContent) return fromContent;
|
|
2338
|
+
const toolUses = message.tool_uses;
|
|
2339
|
+
if (!Array.isArray(toolUses) || toolUses.length === 0) return null;
|
|
2340
|
+
const latest = toolUses[toolUses.length - 1];
|
|
2341
|
+
if (!latest || typeof latest.name !== "string") return null;
|
|
2342
|
+
return {
|
|
2343
|
+
name: latest.name,
|
|
2344
|
+
input: latest.input && typeof latest.input === "object" && !Array.isArray(latest.input) ? latest.input : {}
|
|
2345
|
+
};
|
|
2346
|
+
}
|
|
2321
2347
|
var gatewayRouteHook = async (context) => {
|
|
2322
2348
|
const message = context.result;
|
|
2349
|
+
const gatewayService = context.app.service("gateway");
|
|
2323
2350
|
let shouldRoute = false;
|
|
2324
2351
|
let messageText = extractText(message.content);
|
|
2352
|
+
const latestToolUse = extractLatestToolUseFromMessage(message);
|
|
2353
|
+
if (latestToolUse) {
|
|
2354
|
+
try {
|
|
2355
|
+
void gatewayService.updateProgress({
|
|
2356
|
+
session_id: message.session_id,
|
|
2357
|
+
state: "working",
|
|
2358
|
+
task_id: message.task_id,
|
|
2359
|
+
tool_name: latestToolUse.name,
|
|
2360
|
+
tool_input: latestToolUse.input
|
|
2361
|
+
});
|
|
2362
|
+
} catch (error) {
|
|
2363
|
+
console.warn("[gateway-route] Failed to route tool progress:", error);
|
|
2364
|
+
}
|
|
2365
|
+
if (!messageText) {
|
|
2366
|
+
return context;
|
|
2367
|
+
}
|
|
2368
|
+
}
|
|
2369
|
+
if (!messageText && message.role === "assistant" && typeof message.content_preview === "string") {
|
|
2370
|
+
messageText = message.content_preview;
|
|
2371
|
+
}
|
|
2372
|
+
if (message.role === "assistant" && messageText && isGatewayThinkingPlaceholder(messageText)) {
|
|
2373
|
+
return context;
|
|
2374
|
+
}
|
|
2325
2375
|
if (message.role === "assistant") {
|
|
2376
|
+
if (gatewayService.wasMessageStreamedToSlack?.(message.message_id) || gatewayService.wasTaskStreamedToSlack?.(message.task_id)) {
|
|
2377
|
+
return context;
|
|
2378
|
+
}
|
|
2326
2379
|
shouldRoute = true;
|
|
2327
2380
|
} else if (message.role === "user") {
|
|
2328
2381
|
const source = message.metadata?.source;
|
|
@@ -2350,7 +2403,6 @@ var gatewayRouteHook = async (context) => {
|
|
|
2350
2403
|
return context;
|
|
2351
2404
|
}
|
|
2352
2405
|
try {
|
|
2353
|
-
const gatewayService = context.app.service("gateway");
|
|
2354
2406
|
gatewayService.routeMessage({
|
|
2355
2407
|
session_id: message.session_id,
|
|
2356
2408
|
message: messageText
|
|
@@ -3119,6 +3171,30 @@ var groupMembershipsHooks = {
|
|
|
3119
3171
|
}
|
|
3120
3172
|
};
|
|
3121
3173
|
|
|
3174
|
+
// src/services/sessions.ts
|
|
3175
|
+
init_drizzle();
|
|
3176
|
+
import { PAGINATION } from "@agor/core/config";
|
|
3177
|
+
import {
|
|
3178
|
+
BranchRepository,
|
|
3179
|
+
SessionEnvSelectionRepository,
|
|
3180
|
+
SessionMCPServerRepository,
|
|
3181
|
+
SessionRelationshipRepository,
|
|
3182
|
+
SessionRepository,
|
|
3183
|
+
UsersRepository
|
|
3184
|
+
} from "@agor/core/db";
|
|
3185
|
+
import { Forbidden as Forbidden4 } from "@agor/core/feathers";
|
|
3186
|
+
import { formatModelToolMismatchWarning, lintModelToolMatch } from "@agor/core/models";
|
|
3187
|
+
import { resolveChildSessionConfig } from "@agor/core/sessions";
|
|
3188
|
+
import { ROLES as ROLES3, SessionStatus } from "@agor/core/types";
|
|
3189
|
+
var remoteRelationshipsEnrichedResults = /* @__PURE__ */ new WeakSet();
|
|
3190
|
+
function markRemoteRelationshipsEnrichedResult(result) {
|
|
3191
|
+
remoteRelationshipsEnrichedResults.add(result);
|
|
3192
|
+
return result;
|
|
3193
|
+
}
|
|
3194
|
+
function isRemoteRelationshipsEnrichedResult(result) {
|
|
3195
|
+
return typeof result === "object" && result !== null && remoteRelationshipsEnrichedResults.has(result);
|
|
3196
|
+
}
|
|
3197
|
+
|
|
3122
3198
|
// src/services/users.ts
|
|
3123
3199
|
import { generateId } from "@agor/core";
|
|
3124
3200
|
import {
|
|
@@ -3141,13 +3217,13 @@ import {
|
|
|
3141
3217
|
update,
|
|
3142
3218
|
users
|
|
3143
3219
|
} from "@agor/core/db";
|
|
3144
|
-
import { Forbidden as
|
|
3220
|
+
import { Forbidden as Forbidden5, NotAuthenticated as NotAuthenticated3 } from "@agor/core/feathers";
|
|
3145
3221
|
import { isLikelyGitToken } from "@agor/core/git";
|
|
3146
3222
|
import {
|
|
3147
3223
|
extractAgenticToolsPublicValues,
|
|
3148
3224
|
hasMinimumRole as hasMinimumRole3,
|
|
3149
3225
|
normalizeRole,
|
|
3150
|
-
ROLES as
|
|
3226
|
+
ROLES as ROLES4,
|
|
3151
3227
|
toAgenticToolsStatus
|
|
3152
3228
|
} from "@agor/core/types";
|
|
3153
3229
|
var LOCAL_AUTH_LOOKUP_PARAM = Symbol("agor.users.local-auth-lookup");
|
|
@@ -3222,8 +3298,8 @@ function applySessionConfigDefaults(opts = {}) {
|
|
|
3222
3298
|
}
|
|
3223
3299
|
|
|
3224
3300
|
// src/utils/authorization.ts
|
|
3225
|
-
import { Forbidden as
|
|
3226
|
-
import { hasMinimumRole as hasMinimumRole4, ROLES as
|
|
3301
|
+
import { Forbidden as Forbidden6, NotAuthenticated as NotAuthenticated4 } from "@agor/core/feathers";
|
|
3302
|
+
import { hasMinimumRole as hasMinimumRole4, ROLES as ROLES5 } from "@agor/core/types";
|
|
3227
3303
|
function ensureMinimumRole(params, minimumRole, action = "perform this action") {
|
|
3228
3304
|
if (!params?.provider) {
|
|
3229
3305
|
return;
|
|
@@ -3235,7 +3311,7 @@ function ensureMinimumRole(params, minimumRole, action = "perform this action")
|
|
|
3235
3311
|
return;
|
|
3236
3312
|
}
|
|
3237
3313
|
if (!hasMinimumRole4(params.user.role, minimumRole)) {
|
|
3238
|
-
throw new
|
|
3314
|
+
throw new Forbidden6(`You need ${minimumRole} access to ${action}`);
|
|
3239
3315
|
}
|
|
3240
3316
|
}
|
|
3241
3317
|
function requireMinimumRole(minimumRole, action) {
|
|
@@ -3244,7 +3320,7 @@ function requireMinimumRole(minimumRole, action) {
|
|
|
3244
3320
|
return context;
|
|
3245
3321
|
};
|
|
3246
3322
|
}
|
|
3247
|
-
var DEFAULT_MANAGED_ENVS_MINIMUM_ROLE =
|
|
3323
|
+
var DEFAULT_MANAGED_ENVS_MINIMUM_ROLE = ROLES5.MEMBER;
|
|
3248
3324
|
var ENV_COMMAND_FIELDS = [
|
|
3249
3325
|
"environment",
|
|
3250
3326
|
// Repo-level: v2 named variants (source of truth)
|
|
@@ -3272,7 +3348,7 @@ function requireAdminForEnvConfig() {
|
|
|
3272
3348
|
}
|
|
3273
3349
|
ensureMinimumRole(
|
|
3274
3350
|
context.params,
|
|
3275
|
-
|
|
3351
|
+
ROLES5.ADMIN,
|
|
3276
3352
|
"modify environment commands (up_command, down_command, etc.)"
|
|
3277
3353
|
);
|
|
3278
3354
|
return context;
|
|
@@ -3325,7 +3401,7 @@ async function inspectBranchViaExecutor(app, branchId, options = {}) {
|
|
|
3325
3401
|
|
|
3326
3402
|
// src/utils/executor-read-impersonation.ts
|
|
3327
3403
|
import { loadConfigSync as loadConfigSync2 } from "@agor/core/config";
|
|
3328
|
-
import { UsersRepository } from "@agor/core/db";
|
|
3404
|
+
import { UsersRepository as UsersRepository2 } from "@agor/core/db";
|
|
3329
3405
|
async function resolveExecutorReadAsUser(db, userOrId) {
|
|
3330
3406
|
const config = loadConfigSync2();
|
|
3331
3407
|
const unixMode = config.execution?.unix_user_mode ?? "simple";
|
|
@@ -3334,7 +3410,7 @@ async function resolveExecutorReadAsUser(db, userOrId) {
|
|
|
3334
3410
|
}
|
|
3335
3411
|
let user;
|
|
3336
3412
|
if (typeof userOrId === "string") {
|
|
3337
|
-
user = await new
|
|
3413
|
+
user = await new UsersRepository2(db).findById(userOrId);
|
|
3338
3414
|
} else {
|
|
3339
3415
|
user = userOrId;
|
|
3340
3416
|
}
|
|
@@ -3533,7 +3609,7 @@ var RealtimeAccessCache = class {
|
|
|
3533
3609
|
|
|
3534
3610
|
// src/utils/realtime-publish.ts
|
|
3535
3611
|
import { shortId as shortId2 } from "@agor/core/db";
|
|
3536
|
-
import { hasMinimumRole as hasMinimumRole6, ROLES as
|
|
3612
|
+
import { hasMinimumRole as hasMinimumRole6, ROLES as ROLES7 } from "@agor/core/types";
|
|
3537
3613
|
var DEBUG_REALTIME_PUBLISH = process.env.AGOR_DEBUG_REALTIME_PUBLISH === "1" || process.env.DEBUG?.includes("realtime-publish");
|
|
3538
3614
|
function realtimePublishDebug(...args) {
|
|
3539
3615
|
if (DEBUG_REALTIME_PUBLISH) {
|
|
@@ -3600,7 +3676,7 @@ function isServiceConnection(connection) {
|
|
|
3600
3676
|
}
|
|
3601
3677
|
function isAdminConnection(connection, allowSuperadmin) {
|
|
3602
3678
|
const user = userFromConnection(connection);
|
|
3603
|
-
if (!user?._isServiceAccount && user?.role && hasMinimumRole6(user.role,
|
|
3679
|
+
if (!user?._isServiceAccount && user?.role && hasMinimumRole6(user.role, ROLES7.ADMIN)) {
|
|
3604
3680
|
return true;
|
|
3605
3681
|
}
|
|
3606
3682
|
return isSuperAdmin(user?.role, allowSuperadmin);
|
|
@@ -3757,8 +3833,8 @@ function configureRealtimePublish(options) {
|
|
|
3757
3833
|
}
|
|
3758
3834
|
|
|
3759
3835
|
// src/utils/schedule-hooks.ts
|
|
3760
|
-
import { BadRequest as BadRequest2, Forbidden as
|
|
3761
|
-
import { hasMinimumRole as hasMinimumRole7, ROLES as
|
|
3836
|
+
import { BadRequest as BadRequest2, Forbidden as Forbidden7, NotAuthenticated as NotAuthenticated6 } from "@agor/core/feathers";
|
|
3837
|
+
import { hasMinimumRole as hasMinimumRole7, ROLES as ROLES8 } from "@agor/core/types";
|
|
3762
3838
|
function ensureCurrentScheduleLoaded(scheduleRepo) {
|
|
3763
3839
|
return async (context) => {
|
|
3764
3840
|
if (context.method !== "patch") return context;
|
|
@@ -3813,14 +3889,14 @@ function ensureScheduleRunsAsCaller(options) {
|
|
|
3813
3889
|
}
|
|
3814
3890
|
const data = context.data;
|
|
3815
3891
|
if (data?.created_by !== void 0 && data.created_by !== schedule.created_by) {
|
|
3816
|
-
throw new
|
|
3892
|
+
throw new Forbidden7("Cannot change the user a schedule runs as.");
|
|
3817
3893
|
}
|
|
3818
3894
|
const allowSuperadmin = options?.allowSuperadmin ?? true;
|
|
3819
|
-
if (allowSuperadmin && hasMinimumRole7(user.role,
|
|
3895
|
+
if (allowSuperadmin && hasMinimumRole7(user.role, ROLES8.SUPERADMIN)) {
|
|
3820
3896
|
return context;
|
|
3821
3897
|
}
|
|
3822
3898
|
if (schedule.created_by !== user.user_id) {
|
|
3823
|
-
throw new
|
|
3899
|
+
throw new Forbidden7(
|
|
3824
3900
|
"Schedules run as the user who created them. You can only modify or run schedules you created."
|
|
3825
3901
|
);
|
|
3826
3902
|
}
|
|
@@ -3857,6 +3933,17 @@ function recomputeNextRunAt() {
|
|
|
3857
3933
|
};
|
|
3858
3934
|
}
|
|
3859
3935
|
|
|
3936
|
+
// src/utils/session-task-state.ts
|
|
3937
|
+
import {
|
|
3938
|
+
isTerminalTaskStatus,
|
|
3939
|
+
SessionStatus as SessionStatus2,
|
|
3940
|
+
sessionCanStartTask,
|
|
3941
|
+
TaskStatus
|
|
3942
|
+
} from "@agor/core/types";
|
|
3943
|
+
function isTerminalQueueProcessingSuppressed(params) {
|
|
3944
|
+
return params?.suppressTerminalQueueProcessing === true;
|
|
3945
|
+
}
|
|
3946
|
+
|
|
3860
3947
|
// src/register-hooks.ts
|
|
3861
3948
|
init_spawn_executor();
|
|
3862
3949
|
var DEBUG_MCP_TOKENS2 = process.env.AGOR_DEBUG_MCP_TOKENS === "1" || process.env.DEBUG?.includes("mcp-tokens");
|
|
@@ -3876,6 +3963,9 @@ var BRANCH_ENV_FIELDS = [
|
|
|
3876
3963
|
function itemHasAnyField(item, fields) {
|
|
3877
3964
|
return fields.some((field) => Object.hasOwn(item, field));
|
|
3878
3965
|
}
|
|
3966
|
+
function shouldValidateRepoEnvironmentPayload(value) {
|
|
3967
|
+
return value !== void 0 && value !== null;
|
|
3968
|
+
}
|
|
3879
3969
|
async function getManagedEnvExecutionMode() {
|
|
3880
3970
|
const config = await loadConfig();
|
|
3881
3971
|
return config.execution?.managed_envs_execution_mode ?? MANAGED_ENV_EXECUTION_MODE_DEFAULT;
|
|
@@ -3885,7 +3975,7 @@ function validateRepoEnvPolicyHook() {
|
|
|
3885
3975
|
const mode = await getManagedEnvExecutionMode();
|
|
3886
3976
|
const items = Array.isArray(context.data) ? context.data : [context.data];
|
|
3887
3977
|
for (const item of items) {
|
|
3888
|
-
if (Object.hasOwn(item, "environment") && item.environment
|
|
3978
|
+
if (Object.hasOwn(item, "environment") && shouldValidateRepoEnvironmentPayload(item.environment)) {
|
|
3889
3979
|
try {
|
|
3890
3980
|
const env = validateRepoEnvironment(item.environment);
|
|
3891
3981
|
validateRepoEnvironmentLifecyclePolicy(env, mode);
|
|
@@ -3893,7 +3983,7 @@ function validateRepoEnvPolicyHook() {
|
|
|
3893
3983
|
throw new BadRequest3(error instanceof Error ? error.message : "Invalid repo environment");
|
|
3894
3984
|
}
|
|
3895
3985
|
}
|
|
3896
|
-
if (Object.hasOwn(item, "environment_config") && item.environment_config
|
|
3986
|
+
if (Object.hasOwn(item, "environment_config") && shouldValidateRepoEnvironmentPayload(item.environment_config)) {
|
|
3897
3987
|
try {
|
|
3898
3988
|
const env = wrapV1AsV2(item.environment_config);
|
|
3899
3989
|
if (env) validateRepoEnvironmentLifecyclePolicy(env, mode, "legacy repo environment");
|
|
@@ -3961,6 +4051,24 @@ function isPromptFlowPatchOnly(data) {
|
|
|
3961
4051
|
if (keys.length === 0) return false;
|
|
3962
4052
|
return keys.every((key) => PROMPT_FLOW_PATCH_FIELDS.includes(key));
|
|
3963
4053
|
}
|
|
4054
|
+
function shouldRunSessionPostTurnHooks(session) {
|
|
4055
|
+
return sessionCanStartTask(session.status, session.ready_for_prompt);
|
|
4056
|
+
}
|
|
4057
|
+
function shouldDrainQueueAfterSessionPostTurnPatch(session, params) {
|
|
4058
|
+
return shouldRunSessionPostTurnHooks(session) && session.ready_for_prompt === true && !isTerminalQueueProcessingSuppressed(params);
|
|
4059
|
+
}
|
|
4060
|
+
async function enrichSessionFindResultWithRemoteRelationships(result, sessionsService) {
|
|
4061
|
+
if (isRemoteRelationshipsEnrichedResult(result)) return result;
|
|
4062
|
+
if (Array.isArray(result)) {
|
|
4063
|
+
return markRemoteRelationshipsEnrichedResult(
|
|
4064
|
+
await sessionsService.enrichRemoteRelationships(result)
|
|
4065
|
+
);
|
|
4066
|
+
}
|
|
4067
|
+
return markRemoteRelationshipsEnrichedResult({
|
|
4068
|
+
...result,
|
|
4069
|
+
data: await sessionsService.enrichRemoteRelationships(result.data)
|
|
4070
|
+
});
|
|
4071
|
+
}
|
|
3964
4072
|
function registerHooks(ctx) {
|
|
3965
4073
|
const {
|
|
3966
4074
|
db,
|
|
@@ -4006,6 +4114,65 @@ function registerHooks(ctx) {
|
|
|
4006
4114
|
await invalidateRealtimeBranchAccess(context.params.route?.id);
|
|
4007
4115
|
return context;
|
|
4008
4116
|
};
|
|
4117
|
+
const syncBranchUnixAccess = (branchId, logPrefix) => {
|
|
4118
|
+
if (!jwtSecret) return;
|
|
4119
|
+
const serviceToken = createServiceToken(jwtSecret, void 0, {
|
|
4120
|
+
branch_id: branchId,
|
|
4121
|
+
command: "unix.sync-branch"
|
|
4122
|
+
});
|
|
4123
|
+
spawnExecutorFireAndForget(
|
|
4124
|
+
{
|
|
4125
|
+
command: "unix.sync-branch",
|
|
4126
|
+
sessionToken: serviceToken,
|
|
4127
|
+
daemonUrl: getDaemonUrl(),
|
|
4128
|
+
params: {
|
|
4129
|
+
branchId,
|
|
4130
|
+
daemonUser: config.daemon?.unix_user
|
|
4131
|
+
}
|
|
4132
|
+
},
|
|
4133
|
+
{ logPrefix }
|
|
4134
|
+
);
|
|
4135
|
+
};
|
|
4136
|
+
const syncUnixAccessForBoardAlignedBranches = async (boardId, logPrefix) => {
|
|
4137
|
+
if (!jwtSecret || typeof boardId !== "string" || boardId.length === 0) return;
|
|
4138
|
+
const alignedBranches = await branchRepository.findBoardAlignedBranches(boardId);
|
|
4139
|
+
if (alignedBranches.length === 0) return;
|
|
4140
|
+
console.log(
|
|
4141
|
+
`[Unix Integration] Queueing board permission sync for ${alignedBranches.length} board-aligned branch(es) on board ${shortId5(boardId)}`
|
|
4142
|
+
);
|
|
4143
|
+
for (const branch of alignedBranches) {
|
|
4144
|
+
await invalidateRealtimeBranchAccess(branch.branch_id);
|
|
4145
|
+
}
|
|
4146
|
+
const serviceToken = createServiceToken(jwtSecret, void 0, {
|
|
4147
|
+
board_id: boardId,
|
|
4148
|
+
command: "unix.sync-board"
|
|
4149
|
+
});
|
|
4150
|
+
spawnExecutorFireAndForget(
|
|
4151
|
+
{
|
|
4152
|
+
command: "unix.sync-board",
|
|
4153
|
+
sessionToken: serviceToken,
|
|
4154
|
+
daemonUrl: getDaemonUrl(),
|
|
4155
|
+
params: {
|
|
4156
|
+
boardId,
|
|
4157
|
+
daemonUser: config.daemon?.unix_user
|
|
4158
|
+
}
|
|
4159
|
+
},
|
|
4160
|
+
{ logPrefix }
|
|
4161
|
+
);
|
|
4162
|
+
};
|
|
4163
|
+
const syncUnixAccessForBoardFromRoute = async (context, logPrefix) => {
|
|
4164
|
+
await syncUnixAccessForBoardAlignedBranches(context.params.route?.id, logPrefix);
|
|
4165
|
+
return context;
|
|
4166
|
+
};
|
|
4167
|
+
const syncUnixAccessForAllBranches = async (context, logPrefix) => {
|
|
4168
|
+
if (!jwtSecret) return context;
|
|
4169
|
+
const branches = await branchRepository.findAll({ includeArchived: false });
|
|
4170
|
+
for (const branch of branches) {
|
|
4171
|
+
syncBranchUnixAccess(branch.branch_id, logPrefix);
|
|
4172
|
+
await invalidateRealtimeBranchAccess(branch.branch_id);
|
|
4173
|
+
}
|
|
4174
|
+
return context;
|
|
4175
|
+
};
|
|
4009
4176
|
const clearRealtimeBranchVisibility = (context) => {
|
|
4010
4177
|
realtimeAccessCache.clearVisibility();
|
|
4011
4178
|
return context;
|
|
@@ -4030,7 +4197,7 @@ function registerHooks(ctx) {
|
|
|
4030
4197
|
] : []
|
|
4031
4198
|
],
|
|
4032
4199
|
create: [
|
|
4033
|
-
requireMinimumRole(
|
|
4200
|
+
requireMinimumRole(ROLES9.MEMBER, "create messages"),
|
|
4034
4201
|
...branchRbacEnabled ? [
|
|
4035
4202
|
resolveSessionContext(),
|
|
4036
4203
|
loadSession(sessionsService),
|
|
@@ -4042,7 +4209,7 @@ function registerHooks(ctx) {
|
|
|
4042
4209
|
] : []
|
|
4043
4210
|
],
|
|
4044
4211
|
patch: [
|
|
4045
|
-
requireMinimumRole(
|
|
4212
|
+
requireMinimumRole(ROLES9.MEMBER, "update messages"),
|
|
4046
4213
|
...branchRbacEnabled ? [
|
|
4047
4214
|
resolveSessionContext(),
|
|
4048
4215
|
loadSession(sessionsService),
|
|
@@ -4052,7 +4219,7 @@ function registerHooks(ctx) {
|
|
|
4052
4219
|
] : []
|
|
4053
4220
|
],
|
|
4054
4221
|
remove: [
|
|
4055
|
-
requireMinimumRole(
|
|
4222
|
+
requireMinimumRole(ROLES9.MEMBER, "delete messages"),
|
|
4056
4223
|
...branchRbacEnabled ? [
|
|
4057
4224
|
resolveSessionContext(),
|
|
4058
4225
|
loadSession(sessionsService),
|
|
@@ -4092,7 +4259,7 @@ function registerHooks(ctx) {
|
|
|
4092
4259
|
all: [
|
|
4093
4260
|
typedValidateQuery(boardObjectQueryValidator),
|
|
4094
4261
|
requireAuth,
|
|
4095
|
-
requireMinimumRole(
|
|
4262
|
+
requireMinimumRole(ROLES9.MEMBER, "manage board objects")
|
|
4096
4263
|
],
|
|
4097
4264
|
// NOTE: We deliberately do NOT add the generic scopeFindToAccessibleBranches here.
|
|
4098
4265
|
// Board-objects may reference `branch_id` (branch cards) OR `card_id`
|
|
@@ -4193,17 +4360,17 @@ function registerHooks(ctx) {
|
|
|
4193
4360
|
safeService("card-types")?.hooks({
|
|
4194
4361
|
before: {
|
|
4195
4362
|
all: [requireAuth],
|
|
4196
|
-
create: [requireMinimumRole(
|
|
4197
|
-
patch: [requireMinimumRole(
|
|
4198
|
-
remove: [requireMinimumRole(
|
|
4363
|
+
create: [requireMinimumRole(ROLES9.MEMBER, "create card types")],
|
|
4364
|
+
patch: [requireMinimumRole(ROLES9.MEMBER, "update card types")],
|
|
4365
|
+
remove: [requireMinimumRole(ROLES9.MEMBER, "delete card types")]
|
|
4199
4366
|
}
|
|
4200
4367
|
});
|
|
4201
4368
|
safeService("cards")?.hooks({
|
|
4202
4369
|
before: {
|
|
4203
4370
|
all: [requireAuth],
|
|
4204
|
-
create: [requireMinimumRole(
|
|
4205
|
-
patch: [requireMinimumRole(
|
|
4206
|
-
remove: [requireMinimumRole(
|
|
4371
|
+
create: [requireMinimumRole(ROLES9.MEMBER, "create cards"), injectCreatedBy()],
|
|
4372
|
+
patch: [requireMinimumRole(ROLES9.MEMBER, "update cards")],
|
|
4373
|
+
remove: [requireMinimumRole(ROLES9.MEMBER, "delete cards")]
|
|
4207
4374
|
}
|
|
4208
4375
|
});
|
|
4209
4376
|
const ensureArtifactOwnerOrAdmin = () => async (context) => {
|
|
@@ -4211,16 +4378,16 @@ function registerHooks(ctx) {
|
|
|
4211
4378
|
const user = context.params?.user;
|
|
4212
4379
|
if (!user) throw new NotAuthenticated7("Authentication required");
|
|
4213
4380
|
if (user._isServiceAccount) return context;
|
|
4214
|
-
if (hasMinimumRole8(user.role,
|
|
4381
|
+
if (hasMinimumRole8(user.role, ROLES9.ADMIN)) return context;
|
|
4215
4382
|
const artifactId = context.id;
|
|
4216
4383
|
if (artifactId === void 0 || artifactId === null) return context;
|
|
4217
4384
|
const artifactRepo = new ArtifactRepository(db);
|
|
4218
4385
|
const artifact = await artifactRepo.findById(String(artifactId));
|
|
4219
4386
|
if (!artifact) {
|
|
4220
|
-
throw new
|
|
4387
|
+
throw new Forbidden8(`Artifact ${artifactId} not found or not accessible`);
|
|
4221
4388
|
}
|
|
4222
4389
|
if (artifact.created_by && artifact.created_by === user.user_id) return context;
|
|
4223
|
-
throw new
|
|
4390
|
+
throw new Forbidden8(
|
|
4224
4391
|
"Only the artifact's creator or an admin may modify it. Use agor_artifacts_publish to create your own copy."
|
|
4225
4392
|
);
|
|
4226
4393
|
};
|
|
@@ -4235,9 +4402,9 @@ function registerHooks(ctx) {
|
|
|
4235
4402
|
// board-scoped queries.
|
|
4236
4403
|
...branchRbacEnabled ? [scopeFindToAccessibleBranches(branchRepository, superadminOpts)] : []
|
|
4237
4404
|
],
|
|
4238
|
-
create: [requireMinimumRole(
|
|
4239
|
-
patch: [requireMinimumRole(
|
|
4240
|
-
remove: [requireMinimumRole(
|
|
4405
|
+
create: [requireMinimumRole(ROLES9.MEMBER, "create artifacts"), injectCreatedBy()],
|
|
4406
|
+
patch: [requireMinimumRole(ROLES9.MEMBER, "update artifacts"), ensureArtifactOwnerOrAdmin()],
|
|
4407
|
+
remove: [requireMinimumRole(ROLES9.MEMBER, "delete artifacts"), ensureArtifactOwnerOrAdmin()]
|
|
4241
4408
|
}
|
|
4242
4409
|
});
|
|
4243
4410
|
if (svcEnabled("artifacts")) {
|
|
@@ -4252,7 +4419,7 @@ function registerHooks(ctx) {
|
|
|
4252
4419
|
return artifactsService.getPayload(artifactId, _params.user?.user_id);
|
|
4253
4420
|
}
|
|
4254
4421
|
},
|
|
4255
|
-
{ find: { role:
|
|
4422
|
+
{ find: { role: ROLES9.VIEWER, action: "get artifact payload" } },
|
|
4256
4423
|
requireAuth
|
|
4257
4424
|
);
|
|
4258
4425
|
registerAuthenticatedRoute(
|
|
@@ -4279,7 +4446,7 @@ function registerHooks(ctx) {
|
|
|
4279
4446
|
}
|
|
4280
4447
|
},
|
|
4281
4448
|
{
|
|
4282
|
-
create: { role:
|
|
4449
|
+
create: { role: ROLES9.MEMBER, action: "post artifact console logs" }
|
|
4283
4450
|
},
|
|
4284
4451
|
requireAuth
|
|
4285
4452
|
);
|
|
@@ -4308,7 +4475,7 @@ function registerHooks(ctx) {
|
|
|
4308
4475
|
}
|
|
4309
4476
|
},
|
|
4310
4477
|
{
|
|
4311
|
-
create: { role:
|
|
4478
|
+
create: { role: ROLES9.MEMBER, action: "post artifact sandpack error" }
|
|
4312
4479
|
},
|
|
4313
4480
|
requireAuth
|
|
4314
4481
|
);
|
|
@@ -4349,7 +4516,7 @@ function registerHooks(ctx) {
|
|
|
4349
4516
|
}
|
|
4350
4517
|
},
|
|
4351
4518
|
{
|
|
4352
|
-
create: { role:
|
|
4519
|
+
create: { role: ROLES9.MEMBER, action: "post artifact runtime response" }
|
|
4353
4520
|
},
|
|
4354
4521
|
requireAuth
|
|
4355
4522
|
);
|
|
@@ -4371,7 +4538,7 @@ function registerHooks(ctx) {
|
|
|
4371
4538
|
}
|
|
4372
4539
|
},
|
|
4373
4540
|
{
|
|
4374
|
-
create: { role:
|
|
4541
|
+
create: { role: ROLES9.MEMBER, action: "create artifact trust grant" }
|
|
4375
4542
|
},
|
|
4376
4543
|
requireAuth
|
|
4377
4544
|
);
|
|
@@ -4395,8 +4562,8 @@ function registerHooks(ctx) {
|
|
|
4395
4562
|
}
|
|
4396
4563
|
},
|
|
4397
4564
|
{
|
|
4398
|
-
find: { role:
|
|
4399
|
-
remove: { role:
|
|
4565
|
+
find: { role: ROLES9.VIEWER, action: "list artifact trust grants" },
|
|
4566
|
+
remove: { role: ROLES9.MEMBER, action: "revoke artifact trust grant" }
|
|
4400
4567
|
},
|
|
4401
4568
|
requireAuth
|
|
4402
4569
|
);
|
|
@@ -4404,9 +4571,9 @@ function registerHooks(ctx) {
|
|
|
4404
4571
|
safeService("board-comments")?.hooks({
|
|
4405
4572
|
before: {
|
|
4406
4573
|
all: [typedValidateQuery(boardCommentQueryValidator), requireAuth],
|
|
4407
|
-
create: [requireMinimumRole(
|
|
4408
|
-
patch: [requireMinimumRole(
|
|
4409
|
-
remove: [requireMinimumRole(
|
|
4574
|
+
create: [requireMinimumRole(ROLES9.MEMBER, "create board comments"), injectCreatedBy()],
|
|
4575
|
+
patch: [requireMinimumRole(ROLES9.MEMBER, "update board comments")],
|
|
4576
|
+
remove: [requireMinimumRole(ROLES9.MEMBER, "delete board comments")]
|
|
4410
4577
|
}
|
|
4411
4578
|
});
|
|
4412
4579
|
app.service("repos").hooks({
|
|
@@ -4414,24 +4581,24 @@ function registerHooks(ctx) {
|
|
|
4414
4581
|
all: [
|
|
4415
4582
|
typedValidateQuery(repoQueryValidator),
|
|
4416
4583
|
requireAuth,
|
|
4417
|
-
requireMinimumRole(
|
|
4584
|
+
requireMinimumRole(ROLES9.MEMBER, "access repositories")
|
|
4418
4585
|
],
|
|
4419
4586
|
create: [
|
|
4420
|
-
requireMinimumRole(
|
|
4587
|
+
requireMinimumRole(ROLES9.MEMBER, "create repositories"),
|
|
4421
4588
|
requireAdminForEnvConfig(),
|
|
4422
4589
|
validateRepoEnvPolicyHook()
|
|
4423
4590
|
],
|
|
4424
4591
|
update: [
|
|
4425
|
-
requireMinimumRole(
|
|
4592
|
+
requireMinimumRole(ROLES9.MEMBER, "update repositories"),
|
|
4426
4593
|
requireAdminForEnvConfig(),
|
|
4427
4594
|
validateRepoEnvPolicyHook()
|
|
4428
4595
|
],
|
|
4429
4596
|
patch: [
|
|
4430
|
-
requireMinimumRole(
|
|
4597
|
+
requireMinimumRole(ROLES9.MEMBER, "update repositories"),
|
|
4431
4598
|
requireAdminForEnvConfig(),
|
|
4432
4599
|
validateRepoEnvPolicyHook()
|
|
4433
4600
|
],
|
|
4434
|
-
remove: [requireMinimumRole(
|
|
4601
|
+
remove: [requireMinimumRole(ROLES9.MEMBER, "delete repositories")]
|
|
4435
4602
|
},
|
|
4436
4603
|
after: {
|
|
4437
4604
|
patch: [realignRepoOriginAfterPatchHook()]
|
|
@@ -4443,7 +4610,7 @@ function registerHooks(ctx) {
|
|
|
4443
4610
|
typedValidateQuery(branchQueryValidator),
|
|
4444
4611
|
requireAuth,
|
|
4445
4612
|
executorRuntimeScopeGuard(),
|
|
4446
|
-
requireMinimumRole(
|
|
4613
|
+
requireMinimumRole(ROLES9.MEMBER, "access branches")
|
|
4447
4614
|
],
|
|
4448
4615
|
find: [
|
|
4449
4616
|
// RBAC: compose an accessible branch_id filter and let BranchesService.find()
|
|
@@ -4458,13 +4625,13 @@ function registerHooks(ctx) {
|
|
|
4458
4625
|
] : []
|
|
4459
4626
|
],
|
|
4460
4627
|
create: [
|
|
4461
|
-
requireMinimumRole(
|
|
4628
|
+
requireMinimumRole(ROLES9.MEMBER, "create branches"),
|
|
4462
4629
|
requireAdminForEnvConfig(),
|
|
4463
4630
|
validateBranchEnvPolicyHook(),
|
|
4464
4631
|
injectCreatedBy()
|
|
4465
4632
|
],
|
|
4466
4633
|
update: [
|
|
4467
|
-
requireMinimumRole(
|
|
4634
|
+
requireMinimumRole(ROLES9.MEMBER, "update branches"),
|
|
4468
4635
|
requireAdminForEnvConfig(),
|
|
4469
4636
|
validateBranchEnvPolicyHook()
|
|
4470
4637
|
],
|
|
@@ -4600,28 +4767,28 @@ function registerHooks(ctx) {
|
|
|
4600
4767
|
safeService("kb/namespaces")?.hooks({
|
|
4601
4768
|
before: {
|
|
4602
4769
|
all: [requireAuth],
|
|
4603
|
-
create: [requireMinimumRole(
|
|
4604
|
-
patch: [requireMinimumRole(
|
|
4605
|
-
update: [requireMinimumRole(
|
|
4606
|
-
remove: [requireMinimumRole(
|
|
4607
|
-
saveWithAcl: [requireMinimumRole(
|
|
4608
|
-
listAcl: [requireMinimumRole(
|
|
4609
|
-
setAcl: [requireMinimumRole(
|
|
4610
|
-
removeAcl: [requireMinimumRole(
|
|
4770
|
+
create: [requireMinimumRole(ROLES9.MEMBER, "create knowledge namespaces")],
|
|
4771
|
+
patch: [requireMinimumRole(ROLES9.MEMBER, "update knowledge namespaces")],
|
|
4772
|
+
update: [requireMinimumRole(ROLES9.MEMBER, "update knowledge namespaces")],
|
|
4773
|
+
remove: [requireMinimumRole(ROLES9.MEMBER, "delete knowledge namespaces")],
|
|
4774
|
+
saveWithAcl: [requireMinimumRole(ROLES9.MEMBER, "save knowledge namespace permissions")],
|
|
4775
|
+
listAcl: [requireMinimumRole(ROLES9.MEMBER, "manage knowledge namespace permissions")],
|
|
4776
|
+
setAcl: [requireMinimumRole(ROLES9.MEMBER, "manage knowledge namespace permissions")],
|
|
4777
|
+
removeAcl: [requireMinimumRole(ROLES9.MEMBER, "manage knowledge namespace permissions")]
|
|
4611
4778
|
}
|
|
4612
4779
|
});
|
|
4613
4780
|
safeService("kb/documents")?.hooks({
|
|
4614
4781
|
before: {
|
|
4615
4782
|
all: [requireAuth],
|
|
4616
|
-
create: [requireMinimumRole(
|
|
4617
|
-
patch: [requireMinimumRole(
|
|
4618
|
-
update: [requireMinimumRole(
|
|
4619
|
-
remove: [requireMinimumRole(
|
|
4783
|
+
create: [requireMinimumRole(ROLES9.MEMBER, "create knowledge documents")],
|
|
4784
|
+
patch: [requireMinimumRole(ROLES9.MEMBER, "update knowledge documents")],
|
|
4785
|
+
update: [requireMinimumRole(ROLES9.MEMBER, "update knowledge documents")],
|
|
4786
|
+
remove: [requireMinimumRole(ROLES9.MEMBER, "delete knowledge documents")]
|
|
4620
4787
|
}
|
|
4621
4788
|
});
|
|
4622
4789
|
safeService("kb/document-edits")?.hooks({
|
|
4623
4790
|
before: {
|
|
4624
|
-
all: [requireAuth, requireMinimumRole(
|
|
4791
|
+
all: [requireAuth, requireMinimumRole(ROLES9.MEMBER, "edit knowledge documents")]
|
|
4625
4792
|
}
|
|
4626
4793
|
});
|
|
4627
4794
|
safeService("kb/versions")?.hooks({
|
|
@@ -4636,35 +4803,30 @@ function registerHooks(ctx) {
|
|
|
4636
4803
|
});
|
|
4637
4804
|
safeService("kb/settings")?.hooks({
|
|
4638
4805
|
before: {
|
|
4639
|
-
all: [requireAuth, requireMinimumRole(
|
|
4806
|
+
all: [requireAuth, requireMinimumRole(ROLES9.ADMIN, "configure Knowledge semantic search")]
|
|
4640
4807
|
}
|
|
4641
4808
|
});
|
|
4642
4809
|
safeService("kb/indexing/status")?.hooks({
|
|
4643
4810
|
before: {
|
|
4644
|
-
all: [requireAuth, requireMinimumRole(
|
|
4811
|
+
all: [requireAuth, requireMinimumRole(ROLES9.ADMIN, "view Knowledge indexing status")]
|
|
4645
4812
|
}
|
|
4646
4813
|
});
|
|
4647
4814
|
safeService("kb/indexing/reindex")?.hooks({
|
|
4648
4815
|
before: {
|
|
4649
|
-
all: [requireAuth, requireMinimumRole(
|
|
4816
|
+
all: [requireAuth, requireMinimumRole(ROLES9.ADMIN, "reindex Knowledge embeddings")]
|
|
4650
4817
|
}
|
|
4651
4818
|
});
|
|
4652
4819
|
safeService("kb/graph")?.hooks?.({
|
|
4653
4820
|
before: {
|
|
4654
4821
|
all: [requireAuth],
|
|
4655
|
-
create: [requireMinimumRole(
|
|
4656
|
-
link: [requireMinimumRole(
|
|
4822
|
+
create: [requireMinimumRole(ROLES9.MEMBER, "link knowledge graph nodes")],
|
|
4823
|
+
link: [requireMinimumRole(ROLES9.MEMBER, "link knowledge graph nodes")]
|
|
4657
4824
|
}
|
|
4658
4825
|
});
|
|
4659
4826
|
const injectPerUserOAuthTokens = async (context) => {
|
|
4660
4827
|
const queryForUserId = context.params?.query?.forUserId;
|
|
4661
4828
|
const userId = context.params?.user?.user_id || queryForUserId;
|
|
4662
|
-
const source = context.params?.user?.user_id ? "socket-auth" : queryForUserId ? "query-param" : "none";
|
|
4663
|
-
console.log(
|
|
4664
|
-
`[MCP OAuth] injectPerUserOAuthTokens called - userId: ${userId || "NONE"}, source: ${source}, provider: ${context.params?.provider || "internal"}, method: ${context.method}, resultCount: ${Array.isArray(context.result) ? context.result.length : 1}`
|
|
4665
|
-
);
|
|
4666
4829
|
if (!userId) {
|
|
4667
|
-
console.log("[MCP OAuth] No user ID - skipping token injection");
|
|
4668
4830
|
return context;
|
|
4669
4831
|
}
|
|
4670
4832
|
const injectToken = async (server) => {
|
|
@@ -4677,9 +4839,6 @@ function registerHooks(ctx) {
|
|
|
4677
4839
|
const userTokenRepo = new UserMCPOAuthTokenRepository(db);
|
|
4678
4840
|
const row = await userTokenRepo.getToken(tokenUserId, server.mcp_server_id);
|
|
4679
4841
|
if (!row) {
|
|
4680
|
-
console.log(
|
|
4681
|
-
`[MCP OAuth] No token row for user=${tokenUserId ?? "<shared>"} server=${server.name}`
|
|
4682
|
-
);
|
|
4683
4842
|
return server;
|
|
4684
4843
|
}
|
|
4685
4844
|
let accessToken = row.oauth_access_token;
|
|
@@ -4749,9 +4908,9 @@ function registerHooks(ctx) {
|
|
|
4749
4908
|
safeService("mcp-servers")?.hooks({
|
|
4750
4909
|
before: {
|
|
4751
4910
|
all: [typedValidateQuery(mcpServerQueryValidator), requireAuth],
|
|
4752
|
-
create: [requireMinimumRole(
|
|
4753
|
-
patch: [requireMinimumRole(
|
|
4754
|
-
remove: [requireMinimumRole(
|
|
4911
|
+
create: [requireMinimumRole(ROLES9.ADMIN, "create MCP servers")],
|
|
4912
|
+
patch: [requireMinimumRole(ROLES9.ADMIN, "update MCP servers")],
|
|
4913
|
+
remove: [requireMinimumRole(ROLES9.ADMIN, "delete MCP servers")]
|
|
4755
4914
|
},
|
|
4756
4915
|
after: {
|
|
4757
4916
|
find: [injectPerUserOAuthTokens, redactMCPServerSecretFields],
|
|
@@ -4765,7 +4924,7 @@ function registerHooks(ctx) {
|
|
|
4765
4924
|
before: {
|
|
4766
4925
|
all: [requireAuth],
|
|
4767
4926
|
find: [
|
|
4768
|
-
requireMinimumRole(
|
|
4927
|
+
requireMinimumRole(ROLES9.MEMBER, "list session MCP servers"),
|
|
4769
4928
|
// RBAC: Scope to sessions the caller can access.
|
|
4770
4929
|
...branchRbacEnabled ? [scopeFindToAccessibleSessions(sessionsRepository, superadminOpts)] : []
|
|
4771
4930
|
]
|
|
@@ -4778,7 +4937,7 @@ function registerHooks(ctx) {
|
|
|
4778
4937
|
before: {
|
|
4779
4938
|
all: [requireAuth],
|
|
4780
4939
|
find: [
|
|
4781
|
-
requireMinimumRole(
|
|
4940
|
+
requireMinimumRole(ROLES9.MEMBER, "list session env selections"),
|
|
4782
4941
|
// RBAC: Scope to sessions the caller can access.
|
|
4783
4942
|
...branchRbacEnabled ? [scopeFindToAccessibleSessions(sessionsRepository, superadminOpts)] : []
|
|
4784
4943
|
]
|
|
@@ -4811,7 +4970,7 @@ function registerHooks(ctx) {
|
|
|
4811
4970
|
before: {
|
|
4812
4971
|
all: [requireAuth],
|
|
4813
4972
|
create: [
|
|
4814
|
-
requireMinimumRole(
|
|
4973
|
+
requireMinimumRole(ROLES9.ADMIN, "create gateway channels"),
|
|
4815
4974
|
injectCreatedBy(),
|
|
4816
4975
|
// Encrypt env var values at rest (same pattern as user env vars / API keys)
|
|
4817
4976
|
async (context) => {
|
|
@@ -4829,7 +4988,7 @@ function registerHooks(ctx) {
|
|
|
4829
4988
|
}
|
|
4830
4989
|
],
|
|
4831
4990
|
patch: [
|
|
4832
|
-
requireMinimumRole(
|
|
4991
|
+
requireMinimumRole(ROLES9.ADMIN, "update gateway channels"),
|
|
4833
4992
|
// Resolve redacted env var sentinel values ('••••••••') back to real
|
|
4834
4993
|
// values from the database. Uses the repository directly to bypass
|
|
4835
4994
|
// the after-hook redaction that the service layer applies.
|
|
@@ -4894,7 +5053,7 @@ function registerHooks(ctx) {
|
|
|
4894
5053
|
return context;
|
|
4895
5054
|
}
|
|
4896
5055
|
],
|
|
4897
|
-
remove: [requireMinimumRole(
|
|
5056
|
+
remove: [requireMinimumRole(ROLES9.ADMIN, "delete gateway channels")]
|
|
4898
5057
|
},
|
|
4899
5058
|
after: {
|
|
4900
5059
|
all: [
|
|
@@ -4944,9 +5103,9 @@ function registerHooks(ctx) {
|
|
|
4944
5103
|
app.service("config").hooks({
|
|
4945
5104
|
before: {
|
|
4946
5105
|
all: [requireAuth],
|
|
4947
|
-
find: [requireMinimumRole(
|
|
4948
|
-
get: [requireMinimumRole(
|
|
4949
|
-
patch: [requireMinimumRole(
|
|
5106
|
+
find: [requireMinimumRole(ROLES9.ADMIN, "view configuration")],
|
|
5107
|
+
get: [requireMinimumRole(ROLES9.ADMIN, "view configuration")],
|
|
5108
|
+
patch: [requireMinimumRole(ROLES9.ADMIN, "update configuration")]
|
|
4950
5109
|
}
|
|
4951
5110
|
});
|
|
4952
5111
|
safeService("context")?.hooks({
|
|
@@ -4958,7 +5117,7 @@ function registerHooks(ctx) {
|
|
|
4958
5117
|
before: {
|
|
4959
5118
|
all: [
|
|
4960
5119
|
requireAuth,
|
|
4961
|
-
requireMinimumRole(
|
|
5120
|
+
requireMinimumRole(ROLES9.MEMBER, "search files"),
|
|
4962
5121
|
// RBAC: files service takes a sessionId query param and returns files
|
|
4963
5122
|
// from that session's branch. Verify the caller can at least 'view'
|
|
4964
5123
|
// that branch before running git ls-files. If sessionId is missing
|
|
@@ -4985,7 +5144,7 @@ function registerHooks(ctx) {
|
|
|
4985
5144
|
before: {
|
|
4986
5145
|
all: [
|
|
4987
5146
|
requireAuth,
|
|
4988
|
-
requireMinimumRole(
|
|
5147
|
+
requireMinimumRole(ROLES9.MEMBER, "read files"),
|
|
4989
5148
|
...branchRbacEnabled ? [loadBranch(branchRepository, "branch_id"), ensureCanView(superadminOpts)] : []
|
|
4990
5149
|
]
|
|
4991
5150
|
}
|
|
@@ -4997,13 +5156,13 @@ function registerHooks(ctx) {
|
|
|
4997
5156
|
requireAuth,
|
|
4998
5157
|
(context) => {
|
|
4999
5158
|
if (!webTerminalEnabled) {
|
|
5000
|
-
throw new
|
|
5159
|
+
throw new Forbidden8(
|
|
5001
5160
|
"Web terminal is disabled on this instance. Ask an administrator to unset or enable execution.allow_web_terminal in the daemon config."
|
|
5002
5161
|
);
|
|
5003
5162
|
}
|
|
5004
5163
|
return context;
|
|
5005
5164
|
},
|
|
5006
|
-
requireMinimumRole(
|
|
5165
|
+
requireMinimumRole(ROLES9.MEMBER, "access terminals")
|
|
5007
5166
|
]
|
|
5008
5167
|
}
|
|
5009
5168
|
});
|
|
@@ -5017,8 +5176,14 @@ function registerHooks(ctx) {
|
|
|
5017
5176
|
safeService("group-memberships")?.hooks(groupMembershipsHooks);
|
|
5018
5177
|
safeService("group-memberships")?.hooks({
|
|
5019
5178
|
after: {
|
|
5020
|
-
create: [
|
|
5021
|
-
|
|
5179
|
+
create: [
|
|
5180
|
+
clearRealtimeBranchVisibility,
|
|
5181
|
+
(context) => syncUnixAccessForAllBranches(context, "[Executor/group-memberships.create]")
|
|
5182
|
+
],
|
|
5183
|
+
remove: [
|
|
5184
|
+
clearRealtimeBranchVisibility,
|
|
5185
|
+
(context) => syncUnixAccessForAllBranches(context, "[Executor/group-memberships.remove]")
|
|
5186
|
+
]
|
|
5022
5187
|
}
|
|
5023
5188
|
});
|
|
5024
5189
|
safeService("branches/:id/owners")?.hooks({
|
|
@@ -5029,22 +5194,64 @@ function registerHooks(ctx) {
|
|
|
5029
5194
|
});
|
|
5030
5195
|
safeService("branches/:id/group-grants")?.hooks({
|
|
5031
5196
|
after: {
|
|
5032
|
-
create: [
|
|
5033
|
-
|
|
5034
|
-
|
|
5197
|
+
create: [
|
|
5198
|
+
invalidateRealtimeBranchFromRoute,
|
|
5199
|
+
(context) => {
|
|
5200
|
+
const branchId = context.params.route?.id;
|
|
5201
|
+
if (typeof branchId === "string") {
|
|
5202
|
+
syncBranchUnixAccess(branchId, "[Executor/branch-group-grants.create]");
|
|
5203
|
+
}
|
|
5204
|
+
return context;
|
|
5205
|
+
}
|
|
5206
|
+
],
|
|
5207
|
+
patch: [
|
|
5208
|
+
invalidateRealtimeBranchFromRoute,
|
|
5209
|
+
(context) => {
|
|
5210
|
+
const branchId = context.params.route?.id;
|
|
5211
|
+
if (typeof branchId === "string") {
|
|
5212
|
+
syncBranchUnixAccess(branchId, "[Executor/branch-group-grants.patch]");
|
|
5213
|
+
}
|
|
5214
|
+
return context;
|
|
5215
|
+
}
|
|
5216
|
+
],
|
|
5217
|
+
remove: [
|
|
5218
|
+
invalidateRealtimeBranchFromRoute,
|
|
5219
|
+
(context) => {
|
|
5220
|
+
const branchId = context.params.route?.id;
|
|
5221
|
+
if (typeof branchId === "string") {
|
|
5222
|
+
syncBranchUnixAccess(branchId, "[Executor/branch-group-grants.remove]");
|
|
5223
|
+
}
|
|
5224
|
+
return context;
|
|
5225
|
+
}
|
|
5226
|
+
]
|
|
5035
5227
|
}
|
|
5036
5228
|
});
|
|
5037
5229
|
safeService("boards/:id/owners")?.hooks({
|
|
5038
5230
|
after: {
|
|
5039
|
-
create: [
|
|
5040
|
-
|
|
5231
|
+
create: [
|
|
5232
|
+
clearRealtimeBranchVisibility,
|
|
5233
|
+
(context) => syncUnixAccessForBoardFromRoute(context, "[Executor/board-owners.create]")
|
|
5234
|
+
],
|
|
5235
|
+
remove: [
|
|
5236
|
+
clearRealtimeBranchVisibility,
|
|
5237
|
+
(context) => syncUnixAccessForBoardFromRoute(context, "[Executor/board-owners.remove]")
|
|
5238
|
+
]
|
|
5041
5239
|
}
|
|
5042
5240
|
});
|
|
5043
5241
|
safeService("boards/:id/group-grants")?.hooks({
|
|
5044
5242
|
after: {
|
|
5045
|
-
create: [
|
|
5046
|
-
|
|
5047
|
-
|
|
5243
|
+
create: [
|
|
5244
|
+
clearRealtimeBranchVisibility,
|
|
5245
|
+
(context) => syncUnixAccessForBoardFromRoute(context, "[Executor/board-group-grants.create]")
|
|
5246
|
+
],
|
|
5247
|
+
patch: [
|
|
5248
|
+
clearRealtimeBranchVisibility,
|
|
5249
|
+
(context) => syncUnixAccessForBoardFromRoute(context, "[Executor/board-group-grants.patch]")
|
|
5250
|
+
],
|
|
5251
|
+
remove: [
|
|
5252
|
+
clearRealtimeBranchVisibility,
|
|
5253
|
+
(context) => syncUnixAccessForBoardFromRoute(context, "[Executor/board-group-grants.remove]")
|
|
5254
|
+
]
|
|
5048
5255
|
}
|
|
5049
5256
|
});
|
|
5050
5257
|
app.service("users").hooks({
|
|
@@ -5057,7 +5264,7 @@ function registerHooks(ctx) {
|
|
|
5057
5264
|
return context;
|
|
5058
5265
|
}
|
|
5059
5266
|
if (params.user) {
|
|
5060
|
-
ensureMinimumRole(params,
|
|
5267
|
+
ensureMinimumRole(params, ROLES9.MEMBER, "list users");
|
|
5061
5268
|
return context;
|
|
5062
5269
|
}
|
|
5063
5270
|
const query = params.query || {};
|
|
@@ -5070,7 +5277,7 @@ function registerHooks(ctx) {
|
|
|
5070
5277
|
],
|
|
5071
5278
|
get: [
|
|
5072
5279
|
(context) => {
|
|
5073
|
-
ensureMinimumRole(context.params,
|
|
5280
|
+
ensureMinimumRole(context.params, ROLES9.MEMBER, "view users");
|
|
5074
5281
|
return context;
|
|
5075
5282
|
}
|
|
5076
5283
|
],
|
|
@@ -5082,13 +5289,13 @@ function registerHooks(ctx) {
|
|
|
5082
5289
|
}
|
|
5083
5290
|
const existing = await usersService.find({ query: { $limit: 1 } });
|
|
5084
5291
|
if (existing.total > 0) {
|
|
5085
|
-
ensureMinimumRole(params,
|
|
5292
|
+
ensureMinimumRole(params, ROLES9.ADMIN, "create users");
|
|
5086
5293
|
}
|
|
5087
5294
|
const data = context.data;
|
|
5088
|
-
if (hasMinimumRole8(data?.role,
|
|
5295
|
+
if (hasMinimumRole8(data?.role, ROLES9.SUPERADMIN)) {
|
|
5089
5296
|
const callerRole = params.user?.role;
|
|
5090
|
-
if (!hasMinimumRole8(callerRole,
|
|
5091
|
-
throw new
|
|
5297
|
+
if (!hasMinimumRole8(callerRole, ROLES9.SUPERADMIN)) {
|
|
5298
|
+
throw new Forbidden8("Only superadmins can create superadmin users");
|
|
5092
5299
|
}
|
|
5093
5300
|
}
|
|
5094
5301
|
return context;
|
|
@@ -5099,28 +5306,28 @@ function registerHooks(ctx) {
|
|
|
5099
5306
|
const params = context.params;
|
|
5100
5307
|
const userId = context.id;
|
|
5101
5308
|
const callerRole = params.user?.role;
|
|
5102
|
-
const callerIsAdmin = hasMinimumRole8(callerRole,
|
|
5309
|
+
const callerIsAdmin = hasMinimumRole8(callerRole, ROLES9.ADMIN);
|
|
5103
5310
|
if (!Array.isArray(context.data)) {
|
|
5104
5311
|
if (context.data?.unix_username !== void 0) {
|
|
5105
5312
|
if (!callerIsAdmin) {
|
|
5106
|
-
throw new
|
|
5313
|
+
throw new Forbidden8("Only admins can modify unix_username");
|
|
5107
5314
|
}
|
|
5108
5315
|
}
|
|
5109
5316
|
if (context.data?.role !== void 0) {
|
|
5110
5317
|
if (!callerIsAdmin) {
|
|
5111
|
-
throw new
|
|
5318
|
+
throw new Forbidden8("Only admins can modify user roles");
|
|
5112
5319
|
}
|
|
5113
|
-
if (hasMinimumRole8(context.data.role,
|
|
5320
|
+
if (hasMinimumRole8(context.data.role, ROLES9.SUPERADMIN) && !hasMinimumRole8(callerRole, ROLES9.SUPERADMIN)) {
|
|
5114
5321
|
const allUsers = await usersService.find({});
|
|
5115
|
-
const hasSuperadmin = allUsers.data.some((u) => u.role ===
|
|
5322
|
+
const hasSuperadmin = allUsers.data.some((u) => u.role === ROLES9.SUPERADMIN);
|
|
5116
5323
|
if (hasSuperadmin) {
|
|
5117
|
-
throw new
|
|
5324
|
+
throw new Forbidden8("Only superadmins can assign the superadmin role");
|
|
5118
5325
|
}
|
|
5119
5326
|
}
|
|
5120
5327
|
}
|
|
5121
5328
|
if (context.data?.must_change_password !== void 0) {
|
|
5122
5329
|
if (!callerIsAdmin) {
|
|
5123
|
-
throw new
|
|
5330
|
+
throw new Forbidden8("Only admins can force password changes");
|
|
5124
5331
|
}
|
|
5125
5332
|
}
|
|
5126
5333
|
}
|
|
@@ -5133,16 +5340,16 @@ function registerHooks(ctx) {
|
|
|
5133
5340
|
if (!context.params.provider && params.trustedEnvVarWrite === true) {
|
|
5134
5341
|
const keys = Object.keys(context.data ?? {});
|
|
5135
5342
|
if (!keys.every((k) => k === "env_vars" || k === "env_var_scopes")) {
|
|
5136
|
-
throw new
|
|
5343
|
+
throw new Forbidden8(
|
|
5137
5344
|
"trustedEnvVarWrite only permits env_vars and env_var_scopes updates"
|
|
5138
5345
|
);
|
|
5139
5346
|
}
|
|
5140
5347
|
return context;
|
|
5141
5348
|
}
|
|
5142
|
-
throw new
|
|
5349
|
+
throw new Forbidden8("You can only update your own profile");
|
|
5143
5350
|
}
|
|
5144
5351
|
],
|
|
5145
|
-
remove: [requireMinimumRole(
|
|
5352
|
+
remove: [requireMinimumRole(ROLES9.ADMIN, "delete users")]
|
|
5146
5353
|
},
|
|
5147
5354
|
after: {
|
|
5148
5355
|
// After user create/patch: optionally ensure Unix user exists and sync password
|
|
@@ -5249,7 +5456,7 @@ function registerHooks(ctx) {
|
|
|
5249
5456
|
] : []
|
|
5250
5457
|
],
|
|
5251
5458
|
create: [
|
|
5252
|
-
requireMinimumRole(
|
|
5459
|
+
requireMinimumRole(ROLES9.MEMBER, "create sessions"),
|
|
5253
5460
|
...branchRbacEnabled ? [
|
|
5254
5461
|
setSessionUnixUsername(usersRepository),
|
|
5255
5462
|
// Stamp session with creator's unix_username (MUST run first)
|
|
@@ -5260,7 +5467,7 @@ function registerHooks(ctx) {
|
|
|
5260
5467
|
try {
|
|
5261
5468
|
const branch = await branchRepository.findById(data.branch_id);
|
|
5262
5469
|
if (!branch) {
|
|
5263
|
-
throw new
|
|
5470
|
+
throw new Forbidden8(`Branch not found: ${data.branch_id}`);
|
|
5264
5471
|
}
|
|
5265
5472
|
await cacheBranchAccess(context.params, branchRepository, branch);
|
|
5266
5473
|
} catch (error) {
|
|
@@ -5318,7 +5525,8 @@ function registerHooks(ctx) {
|
|
|
5318
5525
|
`\u2705 Auto-populated git_state from branch: ref=${currentRef}, sha=${currentSha.substring(0, 8)}`
|
|
5319
5526
|
);
|
|
5320
5527
|
} catch (gitError) {
|
|
5321
|
-
|
|
5528
|
+
const message = gitError instanceof Error ? gitError.message : String(gitError);
|
|
5529
|
+
console.warn(`Failed to auto-populate git_state from branch: ${message}`);
|
|
5322
5530
|
}
|
|
5323
5531
|
}
|
|
5324
5532
|
}
|
|
@@ -5392,6 +5600,15 @@ function registerHooks(ctx) {
|
|
|
5392
5600
|
]
|
|
5393
5601
|
},
|
|
5394
5602
|
after: {
|
|
5603
|
+
find: [
|
|
5604
|
+
async (context) => {
|
|
5605
|
+
context.result = await enrichSessionFindResultWithRemoteRelationships(
|
|
5606
|
+
context.result,
|
|
5607
|
+
sessionsService
|
|
5608
|
+
);
|
|
5609
|
+
return context;
|
|
5610
|
+
}
|
|
5611
|
+
],
|
|
5395
5612
|
get: [
|
|
5396
5613
|
async (context) => {
|
|
5397
5614
|
if (config.daemon?.mcpEnabled === false) {
|
|
@@ -5459,7 +5676,7 @@ function registerHooks(ctx) {
|
|
|
5459
5676
|
return context;
|
|
5460
5677
|
}
|
|
5461
5678
|
const callerRole = context.params.user?.role;
|
|
5462
|
-
if (!hasMinimumRole8(callerRole,
|
|
5679
|
+
if (!hasMinimumRole8(callerRole, ROLES9.MEMBER)) {
|
|
5463
5680
|
return context;
|
|
5464
5681
|
}
|
|
5465
5682
|
const { generateSessionToken: generateSessionToken3 } = await Promise.resolve().then(() => (init_tokens(), tokens_exports));
|
|
@@ -5535,23 +5752,27 @@ function registerHooks(ctx) {
|
|
|
5535
5752
|
patch: [
|
|
5536
5753
|
async (context) => {
|
|
5537
5754
|
const session = Array.isArray(context.result) ? context.result[0] : context.result;
|
|
5538
|
-
if (session && session
|
|
5755
|
+
if (session && shouldRunSessionPostTurnHooks(session)) {
|
|
5539
5756
|
setImmediate(async () => {
|
|
5540
5757
|
try {
|
|
5541
5758
|
const gatewayService = context.app.service("gateway");
|
|
5542
5759
|
await gatewayService.flushGitHubBuffer(session.session_id);
|
|
5760
|
+
await gatewayService.updateProgress({
|
|
5761
|
+
session_id: session.session_id,
|
|
5762
|
+
state: "done"
|
|
5763
|
+
});
|
|
5543
5764
|
} catch (error) {
|
|
5544
5765
|
console.warn(
|
|
5545
|
-
`[gateway] Failed to flush
|
|
5766
|
+
`[gateway] Failed to flush gateway buffers/status for session ${shortId5(session.session_id)}:`,
|
|
5546
5767
|
error
|
|
5547
5768
|
);
|
|
5548
5769
|
}
|
|
5549
5770
|
});
|
|
5550
|
-
if (session.
|
|
5771
|
+
if (shouldDrainQueueAfterSessionPostTurnPatch(session, context.params)) {
|
|
5551
5772
|
setImmediate(async () => {
|
|
5552
5773
|
try {
|
|
5553
5774
|
console.log(
|
|
5554
|
-
`\u{1F504} [SessionsService.after.patch] Session ${shortId5(session.session_id)} became
|
|
5775
|
+
`\u{1F504} [SessionsService.after.patch] Session ${shortId5(session.session_id)} became promptable (${session.status}), checking for queued tasks...`
|
|
5555
5776
|
);
|
|
5556
5777
|
await sessionsService.triggerQueueProcessing(session.session_id, context.params);
|
|
5557
5778
|
} catch (error) {
|
|
@@ -5589,14 +5810,14 @@ function registerHooks(ctx) {
|
|
|
5589
5810
|
] : []
|
|
5590
5811
|
],
|
|
5591
5812
|
create: [
|
|
5592
|
-
requireMinimumRole(
|
|
5813
|
+
requireMinimumRole(ROLES9.MEMBER, "create schedules"),
|
|
5593
5814
|
...branchRbacEnabled ? [loadBranch(branchRepository, "branch_id"), ensureCanCreateSession(superadminOpts)] : [],
|
|
5594
5815
|
injectCreatedBy(),
|
|
5595
5816
|
validateScheduleConfig(),
|
|
5596
5817
|
recomputeNextRunAt()
|
|
5597
5818
|
],
|
|
5598
5819
|
patch: [
|
|
5599
|
-
requireMinimumRole(
|
|
5820
|
+
requireMinimumRole(ROLES9.MEMBER, "update schedules"),
|
|
5600
5821
|
...branchRbacEnabled ? [
|
|
5601
5822
|
loadScheduleAndBranch(scheduleRepository, branchRepository),
|
|
5602
5823
|
ensureCanModifySchedule(superadminOpts)
|
|
@@ -5611,7 +5832,7 @@ function registerHooks(ctx) {
|
|
|
5611
5832
|
recomputeNextRunAt()
|
|
5612
5833
|
],
|
|
5613
5834
|
remove: [
|
|
5614
|
-
requireMinimumRole(
|
|
5835
|
+
requireMinimumRole(ROLES9.MEMBER, "delete schedules"),
|
|
5615
5836
|
...branchRbacEnabled ? [
|
|
5616
5837
|
loadScheduleAndBranch(scheduleRepository, branchRepository),
|
|
5617
5838
|
ensureBranchPermission("all", "delete schedule", superadminOpts)
|
|
@@ -5636,7 +5857,7 @@ function registerHooks(ctx) {
|
|
|
5636
5857
|
] : []
|
|
5637
5858
|
],
|
|
5638
5859
|
create: [
|
|
5639
|
-
requireMinimumRole(
|
|
5860
|
+
requireMinimumRole(ROLES9.MEMBER, "create tasks"),
|
|
5640
5861
|
...branchRbacEnabled ? [
|
|
5641
5862
|
resolveSessionContext(),
|
|
5642
5863
|
loadSession(sessionsService),
|
|
@@ -5658,7 +5879,7 @@ function registerHooks(ctx) {
|
|
|
5658
5879
|
] : []
|
|
5659
5880
|
],
|
|
5660
5881
|
remove: [
|
|
5661
|
-
requireMinimumRole(
|
|
5882
|
+
requireMinimumRole(ROLES9.MEMBER, "delete tasks"),
|
|
5662
5883
|
// RBAC: deleting a task requires 'all' permission on the branch
|
|
5663
5884
|
// (mirrors sessions.remove). Without this, any member with 'session'
|
|
5664
5885
|
// access could delete tasks owned by other users on shared branches.
|
|
@@ -5679,7 +5900,7 @@ function registerHooks(ctx) {
|
|
|
5679
5900
|
if (!user) throw new NotAuthenticated7("Authentication required");
|
|
5680
5901
|
if (user._isServiceAccount) return context;
|
|
5681
5902
|
const allowSuperadmin = superadminOpts?.allowSuperadmin ?? true;
|
|
5682
|
-
if (user.role ===
|
|
5903
|
+
if (user.role === ROLES9.ADMIN || allowSuperadmin && user.role === ROLES9.SUPERADMIN) {
|
|
5683
5904
|
return context;
|
|
5684
5905
|
}
|
|
5685
5906
|
const args = context.arguments;
|
|
@@ -5687,10 +5908,10 @@ function registerHooks(ctx) {
|
|
|
5687
5908
|
const id = typeof context.id === "string" ? context.id : typeof context.params.route?.id === "string" ? context.params.route.id : typeof firstArg === "string" ? firstArg : firstArg && typeof firstArg === "object" ? firstArg.boardId ?? firstArg.id ?? firstArg.slug : void 0;
|
|
5688
5909
|
if (!id) throw new BadRequest3("Board ID is required");
|
|
5689
5910
|
const board = await boardRepository.findBySlugOrId(id);
|
|
5690
|
-
if (!board) throw new
|
|
5911
|
+
if (!board) throw new Forbidden8(`Board not found: ${id}`);
|
|
5691
5912
|
const allowed = mode === "view" ? await boardRepository.canView(board.board_id, user.user_id) : await boardRepository.canMutate(board.board_id, user.user_id);
|
|
5692
5913
|
if (!allowed) {
|
|
5693
|
-
throw new
|
|
5914
|
+
throw new Forbidden8(
|
|
5694
5915
|
mode === "view" ? `You need board access to ${action}` : `You need board owner or board group 'all' access to ${action}`
|
|
5695
5916
|
);
|
|
5696
5917
|
}
|
|
@@ -5711,9 +5932,9 @@ function registerHooks(ctx) {
|
|
|
5711
5932
|
get: [ensureCanViewBoard("view this board")],
|
|
5712
5933
|
findBySlug: [ensureCanViewBoard("view this board")],
|
|
5713
5934
|
findBySlugOrId: [ensureCanViewBoard("view this board")],
|
|
5714
|
-
create: [requireMinimumRole(
|
|
5935
|
+
create: [requireMinimumRole(ROLES9.MEMBER, "create boards"), injectCreatedBy()],
|
|
5715
5936
|
patch: [
|
|
5716
|
-
requireMinimumRole(
|
|
5937
|
+
requireMinimumRole(ROLES9.MEMBER, "update boards"),
|
|
5717
5938
|
ensureCanMutateBoard("update this board"),
|
|
5718
5939
|
async (context) => {
|
|
5719
5940
|
const contextData = context.data || {};
|
|
@@ -5780,30 +6001,30 @@ function registerHooks(ctx) {
|
|
|
5780
6001
|
}
|
|
5781
6002
|
],
|
|
5782
6003
|
remove: [
|
|
5783
|
-
requireMinimumRole(
|
|
6004
|
+
requireMinimumRole(ROLES9.MEMBER, "delete boards"),
|
|
5784
6005
|
ensureCanMutateBoard("delete this board")
|
|
5785
6006
|
],
|
|
5786
6007
|
toBlob: [
|
|
5787
|
-
requireMinimumRole(
|
|
6008
|
+
requireMinimumRole(ROLES9.MEMBER, "export boards"),
|
|
5788
6009
|
ensureCanViewBoard("export boards")
|
|
5789
6010
|
],
|
|
5790
6011
|
toYaml: [
|
|
5791
|
-
requireMinimumRole(
|
|
6012
|
+
requireMinimumRole(ROLES9.MEMBER, "export boards"),
|
|
5792
6013
|
ensureCanViewBoard("export boards")
|
|
5793
6014
|
],
|
|
5794
|
-
fromBlob: [requireMinimumRole(
|
|
5795
|
-
fromYaml: [requireMinimumRole(
|
|
5796
|
-
clone: [requireMinimumRole(
|
|
6015
|
+
fromBlob: [requireMinimumRole(ROLES9.MEMBER, "import boards")],
|
|
6016
|
+
fromYaml: [requireMinimumRole(ROLES9.MEMBER, "import boards")],
|
|
6017
|
+
clone: [requireMinimumRole(ROLES9.MEMBER, "clone boards"), ensureCanViewBoard("clone boards")],
|
|
5797
6018
|
setPrimaryAssistant: [
|
|
5798
|
-
requireMinimumRole(
|
|
6019
|
+
requireMinimumRole(ROLES9.MEMBER, "set primary assistant"),
|
|
5799
6020
|
ensureCanMutateBoard("set primary assistant")
|
|
5800
6021
|
],
|
|
5801
6022
|
clearPrimaryAssistant: [
|
|
5802
|
-
requireMinimumRole(
|
|
6023
|
+
requireMinimumRole(ROLES9.MEMBER, "clear primary assistant"),
|
|
5803
6024
|
ensureCanMutateBoard("clear primary assistant")
|
|
5804
6025
|
],
|
|
5805
6026
|
ensureAssistantWelcomeNote: [
|
|
5806
|
-
requireMinimumRole(
|
|
6027
|
+
requireMinimumRole(ROLES9.MEMBER, "create assistant welcome note"),
|
|
5807
6028
|
ensureCanMutateBoard("create assistant welcome note")
|
|
5808
6029
|
]
|
|
5809
6030
|
},
|
|
@@ -5944,7 +6165,7 @@ function registerHooks(ctx) {
|
|
|
5944
6165
|
before: {
|
|
5945
6166
|
create: [
|
|
5946
6167
|
requireAuth,
|
|
5947
|
-
requireMinimumRole(
|
|
6168
|
+
requireMinimumRole(ROLES9.MEMBER, "archive boards"),
|
|
5948
6169
|
ensureCanMutateBoard("archive this board")
|
|
5949
6170
|
]
|
|
5950
6171
|
},
|
|
@@ -5961,7 +6182,7 @@ function registerHooks(ctx) {
|
|
|
5961
6182
|
before: {
|
|
5962
6183
|
create: [
|
|
5963
6184
|
requireAuth,
|
|
5964
|
-
requireMinimumRole(
|
|
6185
|
+
requireMinimumRole(ROLES9.MEMBER, "unarchive boards"),
|
|
5965
6186
|
ensureCanMutateBoard("unarchive this board")
|
|
5966
6187
|
]
|
|
5967
6188
|
},
|
|
@@ -5971,6 +6192,10 @@ function registerHooks(ctx) {
|
|
|
5971
6192
|
}
|
|
5972
6193
|
export {
|
|
5973
6194
|
PROMPT_FLOW_PATCH_FIELDS,
|
|
6195
|
+
enrichSessionFindResultWithRemoteRelationships,
|
|
5974
6196
|
isPromptFlowPatchOnly,
|
|
5975
|
-
registerHooks
|
|
6197
|
+
registerHooks,
|
|
6198
|
+
shouldDrainQueueAfterSessionPostTurnPatch,
|
|
6199
|
+
shouldRunSessionPostTurnHooks,
|
|
6200
|
+
shouldValidateRepoEnvironmentPayload
|
|
5976
6201
|
};
|