agor-live 0.9.3 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/commands/init.d.ts +1 -0
- package/dist/cli/commands/init.js +9 -0
- package/dist/cli/commands/user/create.d.ts +1 -0
- package/dist/cli/commands/user/create.js +9 -1
- package/dist/cli/commands/user/update.d.ts +1 -0
- package/dist/cli/commands/user/update.js +12 -1
- package/dist/core/api/index.d.cts +1 -1
- package/dist/core/api/index.d.ts +1 -1
- package/dist/core/claude/index.cjs +4 -0
- package/dist/core/claude/index.js +4 -0
- package/dist/core/{client-By3Q6aQA.d.ts → client-CFqfLUUF.d.ts} +34 -0
- package/dist/core/{client-KDgnPBwr.d.cts → client-Dq6QefL9.d.cts} +34 -0
- package/dist/core/config/browser.d.cts +6 -0
- package/dist/core/config/browser.d.ts +6 -0
- package/dist/core/config/index.cjs +12 -0
- package/dist/core/config/index.d.cts +8 -2
- package/dist/core/config/index.d.ts +8 -2
- package/dist/core/config/index.js +11 -0
- package/dist/core/db/index.cjs +7 -0
- package/dist/core/db/index.d.cts +37 -3
- package/dist/core/db/index.d.ts +37 -3
- package/dist/core/db/index.js +7 -0
- package/dist/core/drizzle/postgres/0009_clumsy_terror.sql +1 -0
- package/dist/core/drizzle/postgres/meta/0009_snapshot.json +1926 -0
- package/dist/core/drizzle/postgres/meta/_journal.json +7 -0
- package/dist/core/drizzle/sqlite/0021_flawless_butterfly.sql +15 -0
- package/dist/core/drizzle/sqlite/meta/0021_snapshot.json +1504 -0
- package/dist/core/drizzle/sqlite/meta/_journal.json +7 -0
- package/dist/core/index.cjs +190 -0
- package/dist/core/index.d.cts +4 -3
- package/dist/core/index.d.ts +4 -3
- package/dist/core/index.js +185 -0
- package/dist/core/mcp/index.cjs +1149 -0
- package/dist/core/mcp/index.d.cts +122 -0
- package/dist/core/mcp/index.d.ts +122 -0
- package/dist/core/mcp/index.js +1125 -0
- package/dist/core/package.json +5 -0
- package/dist/core/seed/index.cjs +5 -0
- package/dist/core/seed/index.js +5 -0
- package/dist/core/templates/agor-system-prompt.md +5 -2
- package/dist/core/templates/session-context.cjs +2 -0
- package/dist/core/templates/session-context.js +2 -0
- package/dist/core/types/index.d.cts +2 -2
- package/dist/core/types/index.d.ts +2 -2
- package/dist/core/unix/index.cjs +5 -0
- package/dist/core/unix/index.d.cts +1 -1
- package/dist/core/unix/index.d.ts +1 -1
- package/dist/core/unix/index.js +5 -0
- package/dist/core/{user-CMQOATsn.d.ts → user-DhXUWd3o.d.ts} +6 -0
- package/dist/core/{user-zv1BTkAp.d.cts → user-RShA3iU6.d.cts} +6 -0
- package/dist/daemon/index.js +66 -0
- package/dist/daemon/services/users.d.ts +2 -0
- package/dist/daemon/services/users.js +6 -0
- package/dist/executor/sdk-handlers/base/mcp-scoping.d.ts +5 -0
- package/dist/executor/sdk-handlers/base/mcp-scoping.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/base/mcp-scoping.js +52 -1
- package/dist/executor/sdk-handlers/claude/query-builder.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/claude/query-builder.js +20 -6
- package/dist/executor/sdk-handlers/claude/session-context.d.ts +9 -2
- package/dist/executor/sdk-handlers/claude/session-context.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/claude/session-context.js +17 -5
- package/dist/executor/sdk-handlers/codex/codex-tool.d.ts +2 -1
- package/dist/executor/sdk-handlers/codex/codex-tool.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/codex/codex-tool.js +3 -2
- package/dist/executor/sdk-handlers/codex/prompt-service.d.ts +7 -3
- package/dist/executor/sdk-handlers/codex/prompt-service.d.ts.map +1 -1
- package/dist/executor/sdk-handlers/codex/prompt-service.js +23 -6
- package/dist/ui/assets/{_basePickBy-CSYiZMse.js → _basePickBy-Dc5H9BDd.js} +1 -1
- package/dist/ui/assets/_basePickBy-Dc5H9BDd.js.gz +0 -0
- package/dist/ui/assets/{_baseUniq-DvtGUhEt.js → _baseUniq-BgtPiuHg.js} +1 -1
- package/dist/ui/assets/_baseUniq-BgtPiuHg.js.gz +0 -0
- package/dist/ui/assets/{arc-BRr5j3D1.js → arc-DUctr1jD.js} +1 -1
- package/dist/ui/assets/arc-DUctr1jD.js.gz +0 -0
- package/dist/ui/assets/{architectureDiagram-VXUJARFQ-ebBOi_gK.js → architectureDiagram-VXUJARFQ-CrV8Isbn.js} +1 -1
- package/dist/ui/assets/architectureDiagram-VXUJARFQ-CrV8Isbn.js.gz +0 -0
- package/dist/ui/assets/{blockDiagram-VD42YOAC-DxejLyQ-.js → blockDiagram-VD42YOAC-BM5lqQxt.js} +1 -1
- package/dist/ui/assets/blockDiagram-VD42YOAC-BM5lqQxt.js.gz +0 -0
- package/dist/ui/assets/{c4Diagram-YG6GDRKO-DFKl-efs.js → c4Diagram-YG6GDRKO-DBaWD6JL.js} +1 -1
- package/dist/ui/assets/c4Diagram-YG6GDRKO-DBaWD6JL.js.gz +0 -0
- package/dist/ui/assets/channel-CyVogAGw.js +1 -0
- package/dist/ui/assets/{chunk-4BX2VUAB-jMOQ1WDz.js → chunk-4BX2VUAB-By6P4UtS.js} +1 -1
- package/dist/ui/assets/{chunk-55IACEB6-D1M6UwZY.js → chunk-55IACEB6-DCahZaZl.js} +1 -1
- package/dist/ui/assets/{chunk-B4BG7PRW-COzn6OFE.js → chunk-B4BG7PRW-BQ5jWD31.js} +1 -1
- package/dist/ui/assets/chunk-B4BG7PRW-BQ5jWD31.js.gz +0 -0
- package/dist/ui/assets/{chunk-DI55MBZ5-6QssijTz.js → chunk-DI55MBZ5-Cn1nO1Mx.js} +1 -1
- package/dist/ui/assets/chunk-DI55MBZ5-Cn1nO1Mx.js.gz +0 -0
- package/dist/ui/assets/{chunk-FMBD7UC4-BnG1D5CH.js → chunk-FMBD7UC4-c8FwGrf9.js} +1 -1
- package/dist/ui/assets/{chunk-QN33PNHL-C6hCjMzw.js → chunk-QN33PNHL-mWf6evOV.js} +1 -1
- package/dist/ui/assets/{chunk-QZHKN3VN-CKLJgdZH.js → chunk-QZHKN3VN-CeCuMpHu.js} +1 -1
- package/dist/ui/assets/{chunk-TZMSLE5B-DYJXqHip.js → chunk-TZMSLE5B-CGNXJZGH.js} +1 -1
- package/dist/ui/assets/chunk-TZMSLE5B-CGNXJZGH.js.gz +0 -0
- package/dist/ui/assets/classDiagram-2ON5EDUG-C8elooyv.js +1 -0
- package/dist/ui/assets/classDiagram-v2-WZHVMYZB-C8elooyv.js +1 -0
- package/dist/ui/assets/clone-xxDSNj54.js +1 -0
- package/dist/ui/assets/{cose-bilkent-S5V4N54A-DBdRhd2a.js → cose-bilkent-S5V4N54A-BnZTid_G.js} +1 -1
- package/dist/ui/assets/cose-bilkent-S5V4N54A-BnZTid_G.js.gz +0 -0
- package/dist/ui/assets/{dagre-6UL2VRFP-BURrt6xz.js → dagre-6UL2VRFP-Dah1fu_0.js} +1 -1
- package/dist/ui/assets/dagre-6UL2VRFP-Dah1fu_0.js.gz +0 -0
- package/dist/ui/assets/{diagram-PSM6KHXK-yPFDWvxo.js → diagram-PSM6KHXK-ZNTOUzkH.js} +1 -1
- package/dist/ui/assets/diagram-PSM6KHXK-ZNTOUzkH.js.gz +0 -0
- package/dist/ui/assets/{diagram-QEK2KX5R-DQP7GvBM.js → diagram-QEK2KX5R-DUf_2Dlz.js} +1 -1
- package/dist/ui/assets/diagram-QEK2KX5R-DUf_2Dlz.js.gz +0 -0
- package/dist/ui/assets/{diagram-S2PKOQOG-Ceh9L5Ft.js → diagram-S2PKOQOG-BZsGTi_e.js} +1 -1
- package/dist/ui/assets/diagram-S2PKOQOG-BZsGTi_e.js.gz +0 -0
- package/dist/ui/assets/{erDiagram-Q2GNP2WA-BGBdyrlr.js → erDiagram-Q2GNP2WA-ZkVdTORV.js} +1 -1
- package/dist/ui/assets/erDiagram-Q2GNP2WA-ZkVdTORV.js.gz +0 -0
- package/dist/ui/assets/{flowDiagram-NV44I4VS-BXuoem71.js → flowDiagram-NV44I4VS-CUZShXzW.js} +1 -1
- package/dist/ui/assets/flowDiagram-NV44I4VS-CUZShXzW.js.gz +0 -0
- package/dist/ui/assets/{ganttDiagram-LVOFAZNH-D96TAOYN.js → ganttDiagram-LVOFAZNH-DNQUIZzq.js} +1 -1
- package/dist/ui/assets/ganttDiagram-LVOFAZNH-DNQUIZzq.js.gz +0 -0
- package/dist/ui/assets/{gitGraphDiagram-NY62KEGX-CsUtGEJW.js → gitGraphDiagram-NY62KEGX-Btykzt1M.js} +1 -1
- package/dist/ui/assets/gitGraphDiagram-NY62KEGX-Btykzt1M.js.gz +0 -0
- package/dist/ui/assets/{graph-DmuZZZ0O.js → graph-C-48Big3.js} +1 -1
- package/dist/ui/assets/graph-C-48Big3.js.gz +0 -0
- package/dist/ui/assets/{index-DPUzz4vA.js → index-D1CCofEs.js} +306 -371
- package/dist/ui/assets/index-D1CCofEs.js.gz +0 -0
- package/dist/ui/assets/{infoDiagram-ER5ION4S-DcxAd1Yp.js → infoDiagram-ER5ION4S-BbnQazbu.js} +1 -1
- package/dist/ui/assets/{journeyDiagram-XKPGCS4Q-CFtlwkTr.js → journeyDiagram-XKPGCS4Q-S_aWym8z.js} +1 -1
- package/dist/ui/assets/journeyDiagram-XKPGCS4Q-S_aWym8z.js.gz +0 -0
- package/dist/ui/assets/{kanban-definition-3W4ZIXB7-B74pWt6y.js → kanban-definition-3W4ZIXB7-DntgmgOy.js} +1 -1
- package/dist/ui/assets/kanban-definition-3W4ZIXB7-DntgmgOy.js.gz +0 -0
- package/dist/ui/assets/{layout-DpFHdru9.js → layout-ZhXFUUQG.js} +1 -1
- package/dist/ui/assets/layout-ZhXFUUQG.js.gz +0 -0
- package/dist/ui/assets/{linear-yVuUIGbC.js → linear-CpdtEmO1.js} +1 -1
- package/dist/ui/assets/linear-CpdtEmO1.js.gz +0 -0
- package/dist/ui/assets/{mermaid.core-CbMbakdH.js → mermaid.core-CqSg9woT.js} +6 -6
- package/dist/ui/assets/mermaid.core-CqSg9woT.js.gz +0 -0
- package/dist/ui/assets/{mindmap-definition-VGOIOE7T-XYo0CUDk.js → mindmap-definition-VGOIOE7T-CxS-eGbT.js} +1 -1
- package/dist/ui/assets/mindmap-definition-VGOIOE7T-CxS-eGbT.js.gz +0 -0
- package/dist/ui/assets/{pieDiagram-ADFJNKIX-b64mzYsL.js → pieDiagram-ADFJNKIX-CmOM0ENn.js} +1 -1
- package/dist/ui/assets/pieDiagram-ADFJNKIX-CmOM0ENn.js.gz +0 -0
- package/dist/ui/assets/{quadrantDiagram-AYHSOK5B-CzbNszXu.js → quadrantDiagram-AYHSOK5B-3k0D6uPf.js} +1 -1
- package/dist/ui/assets/quadrantDiagram-AYHSOK5B-3k0D6uPf.js.gz +0 -0
- package/dist/ui/assets/{requirementDiagram-UZGBJVZJ-ftflJl3O.js → requirementDiagram-UZGBJVZJ-BGL1nlEg.js} +1 -1
- package/dist/ui/assets/requirementDiagram-UZGBJVZJ-BGL1nlEg.js.gz +0 -0
- package/dist/ui/assets/{sankeyDiagram-TZEHDZUN-8PGribEE.js → sankeyDiagram-TZEHDZUN-CoPvyXD2.js} +1 -1
- package/dist/ui/assets/sankeyDiagram-TZEHDZUN-CoPvyXD2.js.gz +0 -0
- package/dist/ui/assets/{sequenceDiagram-WL72ISMW-B14pbZEr.js → sequenceDiagram-WL72ISMW-CzRex2qf.js} +1 -1
- package/dist/ui/assets/sequenceDiagram-WL72ISMW-CzRex2qf.js.gz +0 -0
- package/dist/ui/assets/{stateDiagram-FKZM4ZOC-Ddx2Kkc3.js → stateDiagram-FKZM4ZOC-CGIvtPNE.js} +1 -1
- package/dist/ui/assets/stateDiagram-FKZM4ZOC-CGIvtPNE.js.gz +0 -0
- package/dist/ui/assets/stateDiagram-v2-4FDKWEC3-DqrTNTOr.js +1 -0
- package/dist/ui/assets/{timeline-definition-IT6M3QCI-bS_0u_jC.js → timeline-definition-IT6M3QCI-DaB6rNEt.js} +1 -1
- package/dist/ui/assets/timeline-definition-IT6M3QCI-DaB6rNEt.js.gz +0 -0
- package/dist/ui/assets/{treemap-KMMF4GRG-CZHIJMKL.js → treemap-KMMF4GRG-D85rMRGA.js} +1 -1
- package/dist/ui/assets/treemap-KMMF4GRG-D85rMRGA.js.gz +0 -0
- package/dist/ui/assets/{xychartDiagram-PRI3JC2R-DOTWxgqQ.js → xychartDiagram-PRI3JC2R-BeSXPo-C.js} +1 -1
- package/dist/ui/assets/xychartDiagram-PRI3JC2R-BeSXPo-C.js.gz +0 -0
- package/dist/ui/index.html +1 -1
- package/package.json +1 -1
- package/dist/ui/assets/_basePickBy-CSYiZMse.js.gz +0 -0
- package/dist/ui/assets/_baseUniq-DvtGUhEt.js.gz +0 -0
- package/dist/ui/assets/arc-BRr5j3D1.js.gz +0 -0
- package/dist/ui/assets/architectureDiagram-VXUJARFQ-ebBOi_gK.js.gz +0 -0
- package/dist/ui/assets/blockDiagram-VD42YOAC-DxejLyQ-.js.gz +0 -0
- package/dist/ui/assets/c4Diagram-YG6GDRKO-DFKl-efs.js.gz +0 -0
- package/dist/ui/assets/channel-D2mEA-Bx.js +0 -1
- package/dist/ui/assets/chunk-B4BG7PRW-COzn6OFE.js.gz +0 -0
- package/dist/ui/assets/chunk-DI55MBZ5-6QssijTz.js.gz +0 -0
- package/dist/ui/assets/chunk-TZMSLE5B-DYJXqHip.js.gz +0 -0
- package/dist/ui/assets/classDiagram-2ON5EDUG-CQUXqjFU.js +0 -1
- package/dist/ui/assets/classDiagram-v2-WZHVMYZB-CQUXqjFU.js +0 -1
- package/dist/ui/assets/clone-DLz_t3PG.js +0 -1
- package/dist/ui/assets/cose-bilkent-S5V4N54A-DBdRhd2a.js.gz +0 -0
- package/dist/ui/assets/dagre-6UL2VRFP-BURrt6xz.js.gz +0 -0
- package/dist/ui/assets/diagram-PSM6KHXK-yPFDWvxo.js.gz +0 -0
- package/dist/ui/assets/diagram-QEK2KX5R-DQP7GvBM.js.gz +0 -0
- package/dist/ui/assets/diagram-S2PKOQOG-Ceh9L5Ft.js.gz +0 -0
- package/dist/ui/assets/erDiagram-Q2GNP2WA-BGBdyrlr.js.gz +0 -0
- package/dist/ui/assets/flowDiagram-NV44I4VS-BXuoem71.js.gz +0 -0
- package/dist/ui/assets/ganttDiagram-LVOFAZNH-D96TAOYN.js.gz +0 -0
- package/dist/ui/assets/gitGraphDiagram-NY62KEGX-CsUtGEJW.js.gz +0 -0
- package/dist/ui/assets/graph-DmuZZZ0O.js.gz +0 -0
- package/dist/ui/assets/index-DPUzz4vA.js.gz +0 -0
- package/dist/ui/assets/journeyDiagram-XKPGCS4Q-CFtlwkTr.js.gz +0 -0
- package/dist/ui/assets/kanban-definition-3W4ZIXB7-B74pWt6y.js.gz +0 -0
- package/dist/ui/assets/layout-DpFHdru9.js.gz +0 -0
- package/dist/ui/assets/linear-yVuUIGbC.js.gz +0 -0
- package/dist/ui/assets/mermaid.core-CbMbakdH.js.gz +0 -0
- package/dist/ui/assets/mindmap-definition-VGOIOE7T-XYo0CUDk.js.gz +0 -0
- package/dist/ui/assets/pieDiagram-ADFJNKIX-b64mzYsL.js.gz +0 -0
- package/dist/ui/assets/quadrantDiagram-AYHSOK5B-CzbNszXu.js.gz +0 -0
- package/dist/ui/assets/requirementDiagram-UZGBJVZJ-ftflJl3O.js.gz +0 -0
- package/dist/ui/assets/sankeyDiagram-TZEHDZUN-8PGribEE.js.gz +0 -0
- package/dist/ui/assets/sequenceDiagram-WL72ISMW-B14pbZEr.js.gz +0 -0
- package/dist/ui/assets/stateDiagram-FKZM4ZOC-Ddx2Kkc3.js.gz +0 -0
- package/dist/ui/assets/stateDiagram-v2-4FDKWEC3-ppKXpQQ4.js +0 -1
- package/dist/ui/assets/timeline-definition-IT6M3QCI-bS_0u_jC.js.gz +0 -0
- package/dist/ui/assets/treemap-KMMF4GRG-CZHIJMKL.js.gz +0 -0
- package/dist/ui/assets/xychartDiagram-PRI3JC2R-DOTWxgqQ.js.gz +0 -0
|
@@ -11,6 +11,7 @@ declare class Init extends Command {
|
|
|
11
11
|
'daemon-port': _oclif_core_interfaces.OptionFlag<number | undefined, _oclif_core_interfaces.CustomOptions>;
|
|
12
12
|
'daemon-host': _oclif_core_interfaces.OptionFlag<string | undefined, _oclif_core_interfaces.CustomOptions>;
|
|
13
13
|
'set-config': _oclif_core_interfaces.BooleanFlag<boolean>;
|
|
14
|
+
'instance-label': _oclif_core_interfaces.OptionFlag<string | undefined, _oclif_core_interfaces.CustomOptions>;
|
|
14
15
|
};
|
|
15
16
|
private pathExists;
|
|
16
17
|
private expandHome;
|
|
@@ -41,6 +41,10 @@ var Init = class _Init extends Command {
|
|
|
41
41
|
"set-config": Flags.boolean({
|
|
42
42
|
description: "Set daemon config values even if .agor already exists (for Docker/deployment)",
|
|
43
43
|
default: false
|
|
44
|
+
}),
|
|
45
|
+
"instance-label": Flags.string({
|
|
46
|
+
description: 'Instance label for deployment identification (e.g., "staging", "prod-us-east")',
|
|
47
|
+
required: false
|
|
44
48
|
})
|
|
45
49
|
};
|
|
46
50
|
async pathExists(path) {
|
|
@@ -529,6 +533,11 @@ var Init = class _Init extends Command {
|
|
|
529
533
|
const daemonHost = flags["daemon-host"] || "localhost";
|
|
530
534
|
await setConfigValue("daemon.host", daemonHost);
|
|
531
535
|
this.log(`${chalk.green(" \u2713")} Set daemon.host = ${daemonHost}`);
|
|
536
|
+
const instanceLabel = flags["instance-label"] || process.env.INSTANCE_LABEL;
|
|
537
|
+
if (instanceLabel) {
|
|
538
|
+
await setConfigValue("daemon.instanceLabel", instanceLabel);
|
|
539
|
+
this.log(`${chalk.green(" \u2713")} Set daemon.instanceLabel = ${instanceLabel}`);
|
|
540
|
+
}
|
|
532
541
|
await setConfigValue("daemon.requireAuth", true);
|
|
533
542
|
await setConfigValue("daemon.allowAnonymous", false);
|
|
534
543
|
this.log(`${chalk.green(" \u2713")} Enabled authentication`);
|
|
@@ -11,6 +11,7 @@ declare class UserCreate extends BaseCommand {
|
|
|
11
11
|
name: _oclif_core_interfaces.OptionFlag<string | undefined, _oclif_core_interfaces.CustomOptions>;
|
|
12
12
|
password: _oclif_core_interfaces.OptionFlag<string | undefined, _oclif_core_interfaces.CustomOptions>;
|
|
13
13
|
role: _oclif_core_interfaces.OptionFlag<string, _oclif_core_interfaces.CustomOptions>;
|
|
14
|
+
'force-password-change': _oclif_core_interfaces.BooleanFlag<boolean>;
|
|
14
15
|
};
|
|
15
16
|
run(): Promise<void>;
|
|
16
17
|
}
|
|
@@ -167,6 +167,10 @@ var UserCreate = class _UserCreate extends BaseCommand {
|
|
|
167
167
|
],
|
|
168
168
|
// owner role unused
|
|
169
169
|
default: "admin"
|
|
170
|
+
}),
|
|
171
|
+
"force-password-change": Flags.boolean({
|
|
172
|
+
description: "Force user to change password on first login",
|
|
173
|
+
default: false
|
|
170
174
|
})
|
|
171
175
|
};
|
|
172
176
|
async run() {
|
|
@@ -228,7 +232,8 @@ var UserCreate = class _UserCreate extends BaseCommand {
|
|
|
228
232
|
email,
|
|
229
233
|
password,
|
|
230
234
|
name: name || void 0,
|
|
231
|
-
role: flags.role
|
|
235
|
+
role: flags.role,
|
|
236
|
+
must_change_password: flags["force-password-change"]
|
|
232
237
|
};
|
|
233
238
|
const user = await client.service("users").create(userData);
|
|
234
239
|
this.log(`${chalk2.green("\u2713")} User created successfully`);
|
|
@@ -237,6 +242,9 @@ var UserCreate = class _UserCreate extends BaseCommand {
|
|
|
237
242
|
this.log(` Name: ${chalk2.cyan(user.name || "(not set)")}`);
|
|
238
243
|
this.log(` Role: ${chalk2.cyan(user.role)}`);
|
|
239
244
|
this.log(` ID: ${chalk2.gray(user.user_id.substring(0, 8))}`);
|
|
245
|
+
if (user.must_change_password) {
|
|
246
|
+
this.log(` ${chalk2.yellow("\u26A0")} User must change password on first login`);
|
|
247
|
+
}
|
|
240
248
|
this.log("");
|
|
241
249
|
this.log(chalk2.gray("Next steps:"));
|
|
242
250
|
this.log(chalk2.gray(" 1. Start daemon: pnpm --filter @agor/daemon dev"));
|
|
@@ -14,6 +14,7 @@ declare class UserUpdate extends BaseCommand {
|
|
|
14
14
|
name: _oclif_core_interfaces.OptionFlag<string | undefined, _oclif_core_interfaces.CustomOptions>;
|
|
15
15
|
password: _oclif_core_interfaces.OptionFlag<string | undefined, _oclif_core_interfaces.CustomOptions>;
|
|
16
16
|
role: _oclif_core_interfaces.OptionFlag<string | undefined, _oclif_core_interfaces.CustomOptions>;
|
|
17
|
+
'force-password-change': _oclif_core_interfaces.BooleanFlag<boolean>;
|
|
17
18
|
};
|
|
18
19
|
run(): Promise<void>;
|
|
19
20
|
}
|
|
@@ -163,6 +163,11 @@ var UserUpdate = class _UserUpdate extends BaseCommand {
|
|
|
163
163
|
role: Flags.string({
|
|
164
164
|
description: "New role",
|
|
165
165
|
options: ["owner", "admin", "member", "viewer"]
|
|
166
|
+
}),
|
|
167
|
+
"force-password-change": Flags.boolean({
|
|
168
|
+
description: "Force user to change password on next login",
|
|
169
|
+
allowNo: true
|
|
170
|
+
// Allows --no-force-password-change to clear the flag
|
|
166
171
|
})
|
|
167
172
|
};
|
|
168
173
|
async run() {
|
|
@@ -182,7 +187,7 @@ var UserUpdate = class _UserUpdate extends BaseCommand {
|
|
|
182
187
|
${chalk2.gray(` No user matching: ${args.user}`)}`
|
|
183
188
|
);
|
|
184
189
|
}
|
|
185
|
-
if (!flags.email && !flags.name && !flags.password && !flags.role) {
|
|
190
|
+
if (!flags.email && !flags.name && !flags.password && !flags.role && flags["force-password-change"] === void 0) {
|
|
186
191
|
const { fields } = await inquirer.prompt([
|
|
187
192
|
{
|
|
188
193
|
type: "checkbox",
|
|
@@ -252,6 +257,9 @@ ${chalk2.gray(` No user matching: ${args.user}`)}`
|
|
|
252
257
|
if (flags.name) updates.name = flags.name;
|
|
253
258
|
if (flags.password) updates.password = flags.password;
|
|
254
259
|
if (flags.role) updates.role = flags.role;
|
|
260
|
+
if (flags["force-password-change"] !== void 0) {
|
|
261
|
+
updates.must_change_password = flags["force-password-change"];
|
|
262
|
+
}
|
|
255
263
|
if (Object.keys(updates).length === 0) {
|
|
256
264
|
this.log(chalk2.gray("No changes to apply"));
|
|
257
265
|
await this.cleanupClient(client);
|
|
@@ -266,6 +274,9 @@ ${chalk2.gray(` No user matching: ${args.user}`)}`
|
|
|
266
274
|
this.log(` Name: ${chalk2.cyan(updatedUser.name || "(not set)")}`);
|
|
267
275
|
this.log(` Role: ${chalk2.cyan(updatedUser.role)}`);
|
|
268
276
|
this.log(` ID: ${chalk2.gray(updatedUser.user_id.substring(0, 8))}`);
|
|
277
|
+
if (updatedUser.must_change_password) {
|
|
278
|
+
this.log(` ${chalk2.yellow("\u26A0")} User must change password on next login`);
|
|
279
|
+
}
|
|
269
280
|
await this.cleanupClient(client);
|
|
270
281
|
} catch (error) {
|
|
271
282
|
await this.cleanupClient(client);
|
|
@@ -3,7 +3,7 @@ import { e as Board, f as BoardExportBlob } from '../board-BGkmgUH3.cjs';
|
|
|
3
3
|
import { a as ContextFileListItem, b as ContextFileDetail } from '../context-ByxGjp5l.cjs';
|
|
4
4
|
import { b as AuthenticationResult } from '../feathers-BzHEPnpl.cjs';
|
|
5
5
|
import { i as MCPServer } from '../mcp-oU9TGu_S.cjs';
|
|
6
|
-
import { d as User } from '../user-
|
|
6
|
+
import { d as User } from '../user-RShA3iU6.cjs';
|
|
7
7
|
import { b as Repo, d as Worktree } from '../repo-DbOIBw1c.cjs';
|
|
8
8
|
import { f as Session } from '../session-DE9tT7Cm.cjs';
|
|
9
9
|
import { c as Task } from '../task-D5cWUcAY.cjs';
|
package/dist/core/api/index.d.ts
CHANGED
|
@@ -3,7 +3,7 @@ import { e as Board, f as BoardExportBlob } from '../board-CKJQAhxz.js';
|
|
|
3
3
|
import { a as ContextFileListItem, b as ContextFileDetail } from '../context-ByxGjp5l.js';
|
|
4
4
|
import { b as AuthenticationResult } from '../feathers-BzHEPnpl.js';
|
|
5
5
|
import { i as MCPServer } from '../mcp-C-LwrhHt.js';
|
|
6
|
-
import { d as User } from '../user-
|
|
6
|
+
import { d as User } from '../user-DhXUWd3o.js';
|
|
7
7
|
import { b as Repo, d as Worktree } from '../repo-DkEPOBbI.js';
|
|
8
8
|
import { f as Session } from '../session-DrzT_Csl.js';
|
|
9
9
|
import { c as Task } from '../task-D0i_mU9u.js';
|
|
@@ -513,6 +513,8 @@ var users = (0, import_pg_core.pgTable)(
|
|
|
513
513
|
unix_username: (0, import_pg_core.text)("unix_username"),
|
|
514
514
|
// Onboarding state
|
|
515
515
|
onboarding_completed: t.bool("onboarding_completed").notNull().default(false),
|
|
516
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
517
|
+
must_change_password: t.bool("must_change_password").notNull().default(false),
|
|
516
518
|
// JSON blob for profile/preferences
|
|
517
519
|
data: t.json("data").$type().notNull()
|
|
518
520
|
},
|
|
@@ -957,6 +959,8 @@ var users2 = (0, import_sqlite_core.sqliteTable)(
|
|
|
957
959
|
unix_username: (0, import_sqlite_core.text)("unix_username"),
|
|
958
960
|
// Onboarding state
|
|
959
961
|
onboarding_completed: t2.bool("onboarding_completed").notNull().default(false),
|
|
962
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
963
|
+
must_change_password: t2.bool("must_change_password").notNull().default(false),
|
|
960
964
|
// JSON blob for profile/preferences
|
|
961
965
|
data: t2.json("data").$type().notNull()
|
|
962
966
|
},
|
|
@@ -488,6 +488,8 @@ var users = pgTable(
|
|
|
488
488
|
unix_username: text("unix_username"),
|
|
489
489
|
// Onboarding state
|
|
490
490
|
onboarding_completed: t.bool("onboarding_completed").notNull().default(false),
|
|
491
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
492
|
+
must_change_password: t.bool("must_change_password").notNull().default(false),
|
|
491
493
|
// JSON blob for profile/preferences
|
|
492
494
|
data: t.json("data").$type().notNull()
|
|
493
495
|
},
|
|
@@ -932,6 +934,8 @@ var users2 = sqliteTable(
|
|
|
932
934
|
unix_username: text2("unix_username"),
|
|
933
935
|
// Onboarding state
|
|
934
936
|
onboarding_completed: t2.bool("onboarding_completed").notNull().default(false),
|
|
937
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
938
|
+
must_change_password: t2.bool("must_change_password").notNull().default(false),
|
|
935
939
|
// JSON blob for profile/preferences
|
|
936
940
|
data: t2.json("data").$type().notNull()
|
|
937
941
|
},
|
|
@@ -2007,6 +2007,23 @@ declare const users$1: drizzle_orm_pg_core.PgTableWithColumns<{
|
|
|
2007
2007
|
identity: undefined;
|
|
2008
2008
|
generated: undefined;
|
|
2009
2009
|
}, {}, {}>;
|
|
2010
|
+
must_change_password: drizzle_orm_pg_core.PgColumn<{
|
|
2011
|
+
name: string;
|
|
2012
|
+
tableName: "users";
|
|
2013
|
+
dataType: "boolean";
|
|
2014
|
+
columnType: "PgBoolean";
|
|
2015
|
+
data: boolean;
|
|
2016
|
+
driverParam: boolean;
|
|
2017
|
+
notNull: true;
|
|
2018
|
+
hasDefault: true;
|
|
2019
|
+
isPrimaryKey: false;
|
|
2020
|
+
isAutoincrement: false;
|
|
2021
|
+
hasRuntimeDefault: false;
|
|
2022
|
+
enumValues: undefined;
|
|
2023
|
+
baseColumn: never;
|
|
2024
|
+
identity: undefined;
|
|
2025
|
+
generated: undefined;
|
|
2026
|
+
}, {}, {}>;
|
|
2010
2027
|
data: drizzle_orm_pg_core.PgColumn<{
|
|
2011
2028
|
name: string;
|
|
2012
2029
|
tableName: "users";
|
|
@@ -5036,6 +5053,23 @@ declare const users: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
5036
5053
|
identity: undefined;
|
|
5037
5054
|
generated: undefined;
|
|
5038
5055
|
}, {}, {}>;
|
|
5056
|
+
must_change_password: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5057
|
+
name: string;
|
|
5058
|
+
tableName: "users";
|
|
5059
|
+
dataType: "boolean";
|
|
5060
|
+
columnType: "SQLiteBoolean";
|
|
5061
|
+
data: boolean;
|
|
5062
|
+
driverParam: number;
|
|
5063
|
+
notNull: true;
|
|
5064
|
+
hasDefault: true;
|
|
5065
|
+
isPrimaryKey: false;
|
|
5066
|
+
isAutoincrement: false;
|
|
5067
|
+
hasRuntimeDefault: false;
|
|
5068
|
+
enumValues: undefined;
|
|
5069
|
+
baseColumn: never;
|
|
5070
|
+
identity: undefined;
|
|
5071
|
+
generated: undefined;
|
|
5072
|
+
}, {}, {}>;
|
|
5039
5073
|
data: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5040
5074
|
name: string;
|
|
5041
5075
|
tableName: "users";
|
|
@@ -2007,6 +2007,23 @@ declare const users$1: drizzle_orm_pg_core.PgTableWithColumns<{
|
|
|
2007
2007
|
identity: undefined;
|
|
2008
2008
|
generated: undefined;
|
|
2009
2009
|
}, {}, {}>;
|
|
2010
|
+
must_change_password: drizzle_orm_pg_core.PgColumn<{
|
|
2011
|
+
name: string;
|
|
2012
|
+
tableName: "users";
|
|
2013
|
+
dataType: "boolean";
|
|
2014
|
+
columnType: "PgBoolean";
|
|
2015
|
+
data: boolean;
|
|
2016
|
+
driverParam: boolean;
|
|
2017
|
+
notNull: true;
|
|
2018
|
+
hasDefault: true;
|
|
2019
|
+
isPrimaryKey: false;
|
|
2020
|
+
isAutoincrement: false;
|
|
2021
|
+
hasRuntimeDefault: false;
|
|
2022
|
+
enumValues: undefined;
|
|
2023
|
+
baseColumn: never;
|
|
2024
|
+
identity: undefined;
|
|
2025
|
+
generated: undefined;
|
|
2026
|
+
}, {}, {}>;
|
|
2010
2027
|
data: drizzle_orm_pg_core.PgColumn<{
|
|
2011
2028
|
name: string;
|
|
2012
2029
|
tableName: "users";
|
|
@@ -5036,6 +5053,23 @@ declare const users: drizzle_orm_sqlite_core.SQLiteTableWithColumns<{
|
|
|
5036
5053
|
identity: undefined;
|
|
5037
5054
|
generated: undefined;
|
|
5038
5055
|
}, {}, {}>;
|
|
5056
|
+
must_change_password: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5057
|
+
name: string;
|
|
5058
|
+
tableName: "users";
|
|
5059
|
+
dataType: "boolean";
|
|
5060
|
+
columnType: "SQLiteBoolean";
|
|
5061
|
+
data: boolean;
|
|
5062
|
+
driverParam: number;
|
|
5063
|
+
notNull: true;
|
|
5064
|
+
hasDefault: true;
|
|
5065
|
+
isPrimaryKey: false;
|
|
5066
|
+
isAutoincrement: false;
|
|
5067
|
+
hasRuntimeDefault: false;
|
|
5068
|
+
enumValues: undefined;
|
|
5069
|
+
baseColumn: never;
|
|
5070
|
+
identity: undefined;
|
|
5071
|
+
generated: undefined;
|
|
5072
|
+
}, {}, {}>;
|
|
5039
5073
|
data: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5040
5074
|
name: string;
|
|
5041
5075
|
tableName: "users";
|
|
@@ -52,6 +52,12 @@ interface AgorDaemonSettings {
|
|
|
52
52
|
* Required when Unix isolation is enabled (worktree_rbac or unix_user_mode).
|
|
53
53
|
* In dev mode without isolation, falls back to current process user. */
|
|
54
54
|
unix_user?: string;
|
|
55
|
+
/** Instance label for deployment identification (e.g., "staging", "prod-us-east").
|
|
56
|
+
* Displayed as a Tag in the UI navbar when set. */
|
|
57
|
+
instanceLabel?: string;
|
|
58
|
+
/** Instance description (markdown supported).
|
|
59
|
+
* Displayed as a popover around the instance label Tag. */
|
|
60
|
+
instanceDescription?: string;
|
|
55
61
|
}
|
|
56
62
|
/**
|
|
57
63
|
* UI settings
|
|
@@ -52,6 +52,12 @@ interface AgorDaemonSettings {
|
|
|
52
52
|
* Required when Unix isolation is enabled (worktree_rbac or unix_user_mode).
|
|
53
53
|
* In dev mode without isolation, falls back to current process user. */
|
|
54
54
|
unix_user?: string;
|
|
55
|
+
/** Instance label for deployment identification (e.g., "staging", "prod-us-east").
|
|
56
|
+
* Displayed as a Tag in the UI navbar when set. */
|
|
57
|
+
instanceLabel?: string;
|
|
58
|
+
/** Instance description (markdown supported).
|
|
59
|
+
* Displayed as a popover around the instance label Tag. */
|
|
60
|
+
instanceDescription?: string;
|
|
55
61
|
}
|
|
56
62
|
/**
|
|
57
63
|
* UI settings
|
|
@@ -137,6 +137,7 @@ var init_ids = __esm({
|
|
|
137
137
|
var config_exports = {};
|
|
138
138
|
__export(config_exports, {
|
|
139
139
|
AGOR_INTERNAL_ENV_VARS: () => AGOR_INTERNAL_ENV_VARS,
|
|
140
|
+
AGOR_USER_ENV_KEYS_VAR: () => AGOR_USER_ENV_KEYS_VAR,
|
|
140
141
|
BLOCKED_ENV_VARS: () => BLOCKED_ENV_VARS,
|
|
141
142
|
CredentialKey: () => CredentialKey,
|
|
142
143
|
DAEMON: () => DAEMON,
|
|
@@ -1043,6 +1044,8 @@ var users = (0, import_pg_core.pgTable)(
|
|
|
1043
1044
|
unix_username: (0, import_pg_core.text)("unix_username"),
|
|
1044
1045
|
// Onboarding state
|
|
1045
1046
|
onboarding_completed: t.bool("onboarding_completed").notNull().default(false),
|
|
1047
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
1048
|
+
must_change_password: t.bool("must_change_password").notNull().default(false),
|
|
1046
1049
|
// JSON blob for profile/preferences
|
|
1047
1050
|
data: t.json("data").$type().notNull()
|
|
1048
1051
|
},
|
|
@@ -1487,6 +1490,8 @@ var users2 = (0, import_sqlite_core.sqliteTable)(
|
|
|
1487
1490
|
unix_username: (0, import_sqlite_core.text)("unix_username"),
|
|
1488
1491
|
// Onboarding state
|
|
1489
1492
|
onboarding_completed: t2.bool("onboarding_completed").notNull().default(false),
|
|
1493
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
1494
|
+
must_change_password: t2.bool("must_change_password").notNull().default(false),
|
|
1490
1495
|
// JSON blob for profile/preferences
|
|
1491
1496
|
data: t2.json("data").$type().notNull()
|
|
1492
1497
|
},
|
|
@@ -1733,16 +1738,19 @@ async function resolveUserEnvironment(userId, db) {
|
|
|
1733
1738
|
function resolveSystemEnvironment() {
|
|
1734
1739
|
return { ...process.env };
|
|
1735
1740
|
}
|
|
1741
|
+
var AGOR_USER_ENV_KEYS_VAR = "AGOR_USER_ENV_KEYS";
|
|
1736
1742
|
async function createUserProcessEnvironment(userId, db, additionalEnv) {
|
|
1737
1743
|
const env = { ...process.env };
|
|
1738
1744
|
for (const internalVar of AGOR_INTERNAL_ENV_VARS) {
|
|
1739
1745
|
delete env[internalVar];
|
|
1740
1746
|
}
|
|
1747
|
+
const userEnvKeys = [];
|
|
1741
1748
|
if (userId && db) {
|
|
1742
1749
|
const userEnv = await resolveUserEnvironment(userId, db);
|
|
1743
1750
|
for (const [key, value] of Object.entries(userEnv)) {
|
|
1744
1751
|
if (value && value.trim() !== "") {
|
|
1745
1752
|
env[key] = value;
|
|
1753
|
+
userEnvKeys.push(key);
|
|
1746
1754
|
}
|
|
1747
1755
|
}
|
|
1748
1756
|
}
|
|
@@ -1753,6 +1761,9 @@ async function createUserProcessEnvironment(userId, db, additionalEnv) {
|
|
|
1753
1761
|
}
|
|
1754
1762
|
}
|
|
1755
1763
|
}
|
|
1764
|
+
if (userEnvKeys.length > 0) {
|
|
1765
|
+
env[AGOR_USER_ENV_KEYS_VAR] = userEnvKeys.join(",");
|
|
1766
|
+
}
|
|
1756
1767
|
return env;
|
|
1757
1768
|
}
|
|
1758
1769
|
|
|
@@ -2252,6 +2263,7 @@ var CredentialKey = /* @__PURE__ */ ((CredentialKey2) => {
|
|
|
2252
2263
|
// Annotate the CommonJS export names for ESM import in node:
|
|
2253
2264
|
0 && (module.exports = {
|
|
2254
2265
|
AGOR_INTERNAL_ENV_VARS,
|
|
2266
|
+
AGOR_USER_ENV_KEYS_VAR,
|
|
2255
2267
|
BLOCKED_ENV_VARS,
|
|
2256
2268
|
CredentialKey,
|
|
2257
2269
|
DAEMON,
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { h as RepoEnvironmentConfig } from '../repo-DbOIBw1c.cjs';
|
|
2
2
|
import { AgorConfig } from './browser.cjs';
|
|
3
3
|
export { AgorCodexSettings, AgorCredentials, AgorDaemonSettings, AgorDatabaseSettings, AgorDefaults, AgorDisplaySettings, AgorExecutionSettings, AgorOpenCodeSettings, AgorUISettings, ConfigKey, CredentialKey, DAEMON, DATABASE, ENVIRONMENT, GIT, PAGINATION, RepoReference, RepoReferenceOption, SESSION, UnknownJson, WEBSOCKET, extractSlugFromUrl, formatRepoReference, getDefaultRepoReference, getGroupedRepoReferenceOptions, getRepoReferenceOptions, isValidGitUrl, isValidSlug, parseRepoReference, resolveRepoReference } from './browser.cjs';
|
|
4
|
-
import { d as Database } from '../client-
|
|
4
|
+
import { d as Database } from '../client-Dq6QefL9.cjs';
|
|
5
5
|
import { b as UserID } from '../id-BwPJtWxW.cjs';
|
|
6
6
|
import 'drizzle-orm/libsql';
|
|
7
7
|
import 'drizzle-orm/postgres-js';
|
|
@@ -264,6 +264,11 @@ declare function resolveUserEnvironment(userId: UserID, db: Database): Promise<R
|
|
|
264
264
|
* Synchronous version - returns system env only
|
|
265
265
|
*/
|
|
266
266
|
declare function resolveSystemEnvironment(): Record<string, string>;
|
|
267
|
+
/**
|
|
268
|
+
* Special environment variable that contains comma-separated list of user-defined env var keys.
|
|
269
|
+
* Used by MCP template resolver to restrict template context to user-scoped vars only.
|
|
270
|
+
*/
|
|
271
|
+
declare const AGOR_USER_ENV_KEYS_VAR = "AGOR_USER_ENV_KEYS";
|
|
267
272
|
/**
|
|
268
273
|
* Create a clean environment for user processes (worktrees, terminals, etc.)
|
|
269
274
|
*
|
|
@@ -272,6 +277,7 @@ declare function resolveSystemEnvironment(): Record<string, string>;
|
|
|
272
277
|
* 2. Filters out Agor-internal variables (NODE_ENV, AGOR_*, etc.)
|
|
273
278
|
* 3. Resolves and merges user-specific encrypted environment variables
|
|
274
279
|
* 4. Optionally merges additional environment variables
|
|
280
|
+
* 5. Sets AGOR_USER_ENV_KEYS with comma-separated list of user-defined var keys
|
|
275
281
|
*
|
|
276
282
|
* @param userId - User ID to resolve environment for (optional)
|
|
277
283
|
* @param db - Database instance (required if userId provided)
|
|
@@ -373,4 +379,4 @@ declare function resolveApiKey(keyName: ApiKeyName, context?: KeyResolutionConte
|
|
|
373
379
|
*/
|
|
374
380
|
declare function resolveApiKeySync(keyName: ApiKeyName): KeyResolutionResult;
|
|
375
381
|
|
|
376
|
-
export { AGOR_INTERNAL_ENV_VARS, AgorConfig, type AgorYmlSchema, type ApiKeyName, BLOCKED_ENV_VARS, ENV_VAR_CONSTRAINTS, type KeyResolutionContext, type KeyResolutionResult, type ValidationError, createUserProcessEnvironment, ensureCodexHome, expandHomePath, formatValidationError, formatValidationErrors, getAgorHome, getConfigPath, getConfigValue, getCredential, getDaemonUrl, getDaemonUser, getDefaultConfig, getEnvVarBlockReason, initConfig, isEnvVarAllowed, isValid, isWorktreeRbacEnabled, loadConfig, loadConfigSync, parseAgorYml, requireDaemonUser, resolveApiKey, resolveApiKeySync, resolveCodexHome, resolveSystemEnvironment, resolveUserEnvironment, saveConfig, setConfigValue, unsetConfigValue, validateEnvVar, withUserEnvironment, withUserEnvironmentSync, writeAgorYml };
|
|
382
|
+
export { AGOR_INTERNAL_ENV_VARS, AGOR_USER_ENV_KEYS_VAR, AgorConfig, type AgorYmlSchema, type ApiKeyName, BLOCKED_ENV_VARS, ENV_VAR_CONSTRAINTS, type KeyResolutionContext, type KeyResolutionResult, type ValidationError, createUserProcessEnvironment, ensureCodexHome, expandHomePath, formatValidationError, formatValidationErrors, getAgorHome, getConfigPath, getConfigValue, getCredential, getDaemonUrl, getDaemonUser, getDefaultConfig, getEnvVarBlockReason, initConfig, isEnvVarAllowed, isValid, isWorktreeRbacEnabled, loadConfig, loadConfigSync, parseAgorYml, requireDaemonUser, resolveApiKey, resolveApiKeySync, resolveCodexHome, resolveSystemEnvironment, resolveUserEnvironment, saveConfig, setConfigValue, unsetConfigValue, validateEnvVar, withUserEnvironment, withUserEnvironmentSync, writeAgorYml };
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { h as RepoEnvironmentConfig } from '../repo-DkEPOBbI.js';
|
|
2
2
|
import { AgorConfig } from './browser.js';
|
|
3
3
|
export { AgorCodexSettings, AgorCredentials, AgorDaemonSettings, AgorDatabaseSettings, AgorDefaults, AgorDisplaySettings, AgorExecutionSettings, AgorOpenCodeSettings, AgorUISettings, ConfigKey, CredentialKey, DAEMON, DATABASE, ENVIRONMENT, GIT, PAGINATION, RepoReference, RepoReferenceOption, SESSION, UnknownJson, WEBSOCKET, extractSlugFromUrl, formatRepoReference, getDefaultRepoReference, getGroupedRepoReferenceOptions, getRepoReferenceOptions, isValidGitUrl, isValidSlug, parseRepoReference, resolveRepoReference } from './browser.js';
|
|
4
|
-
import { d as Database } from '../client-
|
|
4
|
+
import { d as Database } from '../client-CFqfLUUF.js';
|
|
5
5
|
import { b as UserID } from '../id-BwPJtWxW.js';
|
|
6
6
|
import 'drizzle-orm/libsql';
|
|
7
7
|
import 'drizzle-orm/postgres-js';
|
|
@@ -264,6 +264,11 @@ declare function resolveUserEnvironment(userId: UserID, db: Database): Promise<R
|
|
|
264
264
|
* Synchronous version - returns system env only
|
|
265
265
|
*/
|
|
266
266
|
declare function resolveSystemEnvironment(): Record<string, string>;
|
|
267
|
+
/**
|
|
268
|
+
* Special environment variable that contains comma-separated list of user-defined env var keys.
|
|
269
|
+
* Used by MCP template resolver to restrict template context to user-scoped vars only.
|
|
270
|
+
*/
|
|
271
|
+
declare const AGOR_USER_ENV_KEYS_VAR = "AGOR_USER_ENV_KEYS";
|
|
267
272
|
/**
|
|
268
273
|
* Create a clean environment for user processes (worktrees, terminals, etc.)
|
|
269
274
|
*
|
|
@@ -272,6 +277,7 @@ declare function resolveSystemEnvironment(): Record<string, string>;
|
|
|
272
277
|
* 2. Filters out Agor-internal variables (NODE_ENV, AGOR_*, etc.)
|
|
273
278
|
* 3. Resolves and merges user-specific encrypted environment variables
|
|
274
279
|
* 4. Optionally merges additional environment variables
|
|
280
|
+
* 5. Sets AGOR_USER_ENV_KEYS with comma-separated list of user-defined var keys
|
|
275
281
|
*
|
|
276
282
|
* @param userId - User ID to resolve environment for (optional)
|
|
277
283
|
* @param db - Database instance (required if userId provided)
|
|
@@ -373,4 +379,4 @@ declare function resolveApiKey(keyName: ApiKeyName, context?: KeyResolutionConte
|
|
|
373
379
|
*/
|
|
374
380
|
declare function resolveApiKeySync(keyName: ApiKeyName): KeyResolutionResult;
|
|
375
381
|
|
|
376
|
-
export { AGOR_INTERNAL_ENV_VARS, AgorConfig, type AgorYmlSchema, type ApiKeyName, BLOCKED_ENV_VARS, ENV_VAR_CONSTRAINTS, type KeyResolutionContext, type KeyResolutionResult, type ValidationError, createUserProcessEnvironment, ensureCodexHome, expandHomePath, formatValidationError, formatValidationErrors, getAgorHome, getConfigPath, getConfigValue, getCredential, getDaemonUrl, getDaemonUser, getDefaultConfig, getEnvVarBlockReason, initConfig, isEnvVarAllowed, isValid, isWorktreeRbacEnabled, loadConfig, loadConfigSync, parseAgorYml, requireDaemonUser, resolveApiKey, resolveApiKeySync, resolveCodexHome, resolveSystemEnvironment, resolveUserEnvironment, saveConfig, setConfigValue, unsetConfigValue, validateEnvVar, withUserEnvironment, withUserEnvironmentSync, writeAgorYml };
|
|
382
|
+
export { AGOR_INTERNAL_ENV_VARS, AGOR_USER_ENV_KEYS_VAR, AgorConfig, type AgorYmlSchema, type ApiKeyName, BLOCKED_ENV_VARS, ENV_VAR_CONSTRAINTS, type KeyResolutionContext, type KeyResolutionResult, type ValidationError, createUserProcessEnvironment, ensureCodexHome, expandHomePath, formatValidationError, formatValidationErrors, getAgorHome, getConfigPath, getConfigValue, getCredential, getDaemonUrl, getDaemonUser, getDefaultConfig, getEnvVarBlockReason, initConfig, isEnvVarAllowed, isValid, isWorktreeRbacEnabled, loadConfig, loadConfigSync, parseAgorYml, requireDaemonUser, resolveApiKey, resolveApiKeySync, resolveCodexHome, resolveSystemEnvironment, resolveUserEnvironment, saveConfig, setConfigValue, unsetConfigValue, validateEnvVar, withUserEnvironment, withUserEnvironmentSync, writeAgorYml };
|
|
@@ -974,6 +974,8 @@ var users = pgTable(
|
|
|
974
974
|
unix_username: text("unix_username"),
|
|
975
975
|
// Onboarding state
|
|
976
976
|
onboarding_completed: t.bool("onboarding_completed").notNull().default(false),
|
|
977
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
978
|
+
must_change_password: t.bool("must_change_password").notNull().default(false),
|
|
977
979
|
// JSON blob for profile/preferences
|
|
978
980
|
data: t.json("data").$type().notNull()
|
|
979
981
|
},
|
|
@@ -1418,6 +1420,8 @@ var users2 = sqliteTable(
|
|
|
1418
1420
|
unix_username: text2("unix_username"),
|
|
1419
1421
|
// Onboarding state
|
|
1420
1422
|
onboarding_completed: t2.bool("onboarding_completed").notNull().default(false),
|
|
1423
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
1424
|
+
must_change_password: t2.bool("must_change_password").notNull().default(false),
|
|
1421
1425
|
// JSON blob for profile/preferences
|
|
1422
1426
|
data: t2.json("data").$type().notNull()
|
|
1423
1427
|
},
|
|
@@ -1664,16 +1668,19 @@ async function resolveUserEnvironment(userId, db) {
|
|
|
1664
1668
|
function resolveSystemEnvironment() {
|
|
1665
1669
|
return { ...process.env };
|
|
1666
1670
|
}
|
|
1671
|
+
var AGOR_USER_ENV_KEYS_VAR = "AGOR_USER_ENV_KEYS";
|
|
1667
1672
|
async function createUserProcessEnvironment(userId, db, additionalEnv) {
|
|
1668
1673
|
const env = { ...process.env };
|
|
1669
1674
|
for (const internalVar of AGOR_INTERNAL_ENV_VARS) {
|
|
1670
1675
|
delete env[internalVar];
|
|
1671
1676
|
}
|
|
1677
|
+
const userEnvKeys = [];
|
|
1672
1678
|
if (userId && db) {
|
|
1673
1679
|
const userEnv = await resolveUserEnvironment(userId, db);
|
|
1674
1680
|
for (const [key, value] of Object.entries(userEnv)) {
|
|
1675
1681
|
if (value && value.trim() !== "") {
|
|
1676
1682
|
env[key] = value;
|
|
1683
|
+
userEnvKeys.push(key);
|
|
1677
1684
|
}
|
|
1678
1685
|
}
|
|
1679
1686
|
}
|
|
@@ -1684,6 +1691,9 @@ async function createUserProcessEnvironment(userId, db, additionalEnv) {
|
|
|
1684
1691
|
}
|
|
1685
1692
|
}
|
|
1686
1693
|
}
|
|
1694
|
+
if (userEnvKeys.length > 0) {
|
|
1695
|
+
env[AGOR_USER_ENV_KEYS_VAR] = userEnvKeys.join(",");
|
|
1696
|
+
}
|
|
1687
1697
|
return env;
|
|
1688
1698
|
}
|
|
1689
1699
|
|
|
@@ -2182,6 +2192,7 @@ var CredentialKey = /* @__PURE__ */ ((CredentialKey2) => {
|
|
|
2182
2192
|
})(CredentialKey || {});
|
|
2183
2193
|
export {
|
|
2184
2194
|
AGOR_INTERNAL_ENV_VARS,
|
|
2195
|
+
AGOR_USER_ENV_KEYS_VAR,
|
|
2185
2196
|
BLOCKED_ENV_VARS,
|
|
2186
2197
|
CredentialKey,
|
|
2187
2198
|
DAEMON,
|
package/dist/core/db/index.cjs
CHANGED
|
@@ -829,6 +829,8 @@ var users = (0, import_pg_core.pgTable)(
|
|
|
829
829
|
unix_username: (0, import_pg_core.text)("unix_username"),
|
|
830
830
|
// Onboarding state
|
|
831
831
|
onboarding_completed: t.bool("onboarding_completed").notNull().default(false),
|
|
832
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
833
|
+
must_change_password: t.bool("must_change_password").notNull().default(false),
|
|
832
834
|
// JSON blob for profile/preferences
|
|
833
835
|
data: t.json("data").$type().notNull()
|
|
834
836
|
},
|
|
@@ -1273,6 +1275,8 @@ var users2 = (0, import_sqlite_core.sqliteTable)(
|
|
|
1273
1275
|
unix_username: (0, import_sqlite_core.text)("unix_username"),
|
|
1274
1276
|
// Onboarding state
|
|
1275
1277
|
onboarding_completed: t2.bool("onboarding_completed").notNull().default(false),
|
|
1278
|
+
// Force password change flag (admin-settable, auto-cleared on password change)
|
|
1279
|
+
must_change_password: t2.bool("must_change_password").notNull().default(false),
|
|
1276
1280
|
// JSON blob for profile/preferences
|
|
1277
1281
|
data: t2.json("data").$type().notNull()
|
|
1278
1282
|
},
|
|
@@ -4632,6 +4636,7 @@ var UsersRepository = class {
|
|
|
4632
4636
|
role: row.role,
|
|
4633
4637
|
unix_username: row.unix_username ?? void 0,
|
|
4634
4638
|
onboarding_completed: row.onboarding_completed,
|
|
4639
|
+
must_change_password: row.must_change_password,
|
|
4635
4640
|
avatar: row.data.avatar,
|
|
4636
4641
|
preferences: row.data.preferences,
|
|
4637
4642
|
// Convert encrypted keys to boolean flags (true = key exists, false/undefined = no key)
|
|
@@ -5279,6 +5284,7 @@ async function createUser(db, data) {
|
|
|
5279
5284
|
avatar: userData.avatar,
|
|
5280
5285
|
preferences: userData.preferences,
|
|
5281
5286
|
onboarding_completed: !!row.onboarding_completed,
|
|
5287
|
+
must_change_password: !!row.must_change_password,
|
|
5282
5288
|
created_at: row.created_at,
|
|
5283
5289
|
updated_at: row.updated_at ?? void 0
|
|
5284
5290
|
};
|
|
@@ -5303,6 +5309,7 @@ async function getUserByEmail(db, email) {
|
|
|
5303
5309
|
avatar: userData.avatar,
|
|
5304
5310
|
preferences: userData.preferences,
|
|
5305
5311
|
onboarding_completed: !!row.onboarding_completed,
|
|
5312
|
+
must_change_password: !!row.must_change_password,
|
|
5306
5313
|
created_at: row.created_at,
|
|
5307
5314
|
updated_at: row.updated_at ?? void 0
|
|
5308
5315
|
};
|
package/dist/core/db/index.d.cts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { SQL } from 'drizzle-orm';
|
|
2
2
|
export { SQL, and, asc, desc, eq, inArray, like, or, sql } from 'drizzle-orm';
|
|
3
3
|
import bcryptjs from 'bcryptjs';
|
|
4
|
-
import { d as Database, w as sqliteSchema, x as postgresSchema } from '../client-
|
|
5
|
-
export { v as BoardCommentInsert, u as BoardCommentRow, k as BoardInsert, t as BoardObjectInsert, s as BoardObjectRow, B as BoardRow, e as DEFAULT_DB_PATH, a as DatabaseConnectionError, D as DbConfig, p as MCPServerInsert, o as MCPServerRow, j as MessageInsert, M as MessageRow, l as RepoInsert, R as RepoRow, h as SessionInsert, r as SessionMCPServerInsert, q as SessionMCPServerRow, S as SessionRow, i as TaskInsert, T as TaskRow, n as UserInsert, U as UserRow, m as WorktreeInsert, W as WorktreeRow, c as createDatabase, b as createDatabaseAsync, f as createLocalDatabase, g as getDatabaseUrl } from '../client-
|
|
4
|
+
import { d as Database, w as sqliteSchema, x as postgresSchema } from '../client-Dq6QefL9.cjs';
|
|
5
|
+
export { v as BoardCommentInsert, u as BoardCommentRow, k as BoardInsert, t as BoardObjectInsert, s as BoardObjectRow, B as BoardRow, e as DEFAULT_DB_PATH, a as DatabaseConnectionError, D as DbConfig, p as MCPServerInsert, o as MCPServerRow, j as MessageInsert, M as MessageRow, l as RepoInsert, R as RepoRow, h as SessionInsert, r as SessionMCPServerInsert, q as SessionMCPServerRow, S as SessionRow, i as TaskInsert, T as TaskRow, n as UserInsert, U as UserRow, m as WorktreeInsert, W as WorktreeRow, c as createDatabase, b as createDatabaseAsync, f as createLocalDatabase, g as getDatabaseUrl } from '../client-Dq6QefL9.cjs';
|
|
6
6
|
import { LibSQLDatabase } from 'drizzle-orm/libsql';
|
|
7
7
|
import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
|
|
8
8
|
import { PgTable } from 'drizzle-orm/pg-core';
|
|
@@ -17,7 +17,7 @@ import { e as Message } from '../message-BFjPtffm.cjs';
|
|
|
17
17
|
import { b as Repo, d as Worktree } from '../repo-DbOIBw1c.cjs';
|
|
18
18
|
import { f as Session, P as PermissionMode, c as CodexSandboxMode, d as CodexApprovalPolicy } from '../session-DE9tT7Cm.cjs';
|
|
19
19
|
import { c as Task } from '../task-D5cWUcAY.cjs';
|
|
20
|
-
import { d as User } from '../user-
|
|
20
|
+
import { d as User } from '../user-RShA3iU6.cjs';
|
|
21
21
|
import '../context-ByxGjp5l.cjs';
|
|
22
22
|
|
|
23
23
|
/**
|
|
@@ -5173,6 +5173,23 @@ declare const users: drizzle_orm_pg_core.PgTableWithColumns<{
|
|
|
5173
5173
|
identity: undefined;
|
|
5174
5174
|
generated: undefined;
|
|
5175
5175
|
}, {}, {}>;
|
|
5176
|
+
must_change_password: drizzle_orm_pg_core.PgColumn<{
|
|
5177
|
+
name: string;
|
|
5178
|
+
tableName: "users";
|
|
5179
|
+
dataType: "boolean";
|
|
5180
|
+
columnType: "PgBoolean";
|
|
5181
|
+
data: boolean;
|
|
5182
|
+
driverParam: boolean;
|
|
5183
|
+
notNull: true;
|
|
5184
|
+
hasDefault: true;
|
|
5185
|
+
isPrimaryKey: false;
|
|
5186
|
+
isAutoincrement: false;
|
|
5187
|
+
hasRuntimeDefault: false;
|
|
5188
|
+
enumValues: undefined;
|
|
5189
|
+
baseColumn: never;
|
|
5190
|
+
identity: undefined;
|
|
5191
|
+
generated: undefined;
|
|
5192
|
+
}, {}, {}>;
|
|
5176
5193
|
data: drizzle_orm_pg_core.PgColumn<{
|
|
5177
5194
|
name: string;
|
|
5178
5195
|
tableName: "users";
|
|
@@ -5486,6 +5503,23 @@ declare const users: drizzle_orm_pg_core.PgTableWithColumns<{
|
|
|
5486
5503
|
identity: undefined;
|
|
5487
5504
|
generated: undefined;
|
|
5488
5505
|
}, {}, {}>;
|
|
5506
|
+
must_change_password: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5507
|
+
name: string;
|
|
5508
|
+
tableName: "users";
|
|
5509
|
+
dataType: "boolean";
|
|
5510
|
+
columnType: "SQLiteBoolean";
|
|
5511
|
+
data: boolean;
|
|
5512
|
+
driverParam: number;
|
|
5513
|
+
notNull: true;
|
|
5514
|
+
hasDefault: true;
|
|
5515
|
+
isPrimaryKey: false;
|
|
5516
|
+
isAutoincrement: false;
|
|
5517
|
+
hasRuntimeDefault: false;
|
|
5518
|
+
enumValues: undefined;
|
|
5519
|
+
baseColumn: never;
|
|
5520
|
+
identity: undefined;
|
|
5521
|
+
generated: undefined;
|
|
5522
|
+
}, {}, {}>;
|
|
5489
5523
|
data: drizzle_orm_sqlite_core.SQLiteColumn<{
|
|
5490
5524
|
name: string;
|
|
5491
5525
|
tableName: "users";
|