crewx 0.8.8-rc.2 → 0.8.8-rc.21

package/dist-server/common/limits/defaults.js

@@ -5,9 +5,11 @@ exports.FREE_TIER_LIMITS = {
     tier: 'FREE',
     workspaces: 3,
     agentsPerWorkspace: 10,
+    apiTokens: 3,
 };
 exports.UNLIMITED_LIMITS = {
     tier: 'ENTERPRISE',
     workspaces: -1,
     agentsPerWorkspace: -1,
+    apiTokens: -1,
 };

package/dist-server/domain/auth/auth.module.js

@@ -15,12 +15,13 @@ const mcp_constants_js_1 = require("../mcp/mcp.constants.js");
 const auth_constants_js_1 = require("./auth.constants.js");
 const auth_controller_js_1 = require("./auth.controller.js");
 const base_auth_guard_js_1 = require("./guards/base-auth.guard.js");
+const token_module_js_1 = require("../token/token.module.js");
 let AuthModule = class AuthModule {
 };
 exports.AuthModule = AuthModule;
 exports.AuthModule = AuthModule = __decorate([
     (0, common_1.Module)({
-        imports: [mcp_module_js_1.McpModule],
+        imports: [mcp_module_js_1.McpModule, token_module_js_1.TokenModule],
         controllers: [auth_controller_js_1.AuthController],
         providers: [
             {

package/dist-server/domain/auth/guards/base-auth.guard.js

@@ -15,18 +15,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.BaseAuthGuard = void 0;
 const common_1 = require("@nestjs/common");
 const core_1 = require("@nestjs/core");
-const mcp_constants_js_1 = require("../../mcp/mcp.constants.js");
 const public_decorator_js_1 = require("../decorators/public.decorator.js");
 const ip_utils_js_1 = require("../utils/ip.utils.js");
 const session_store_js_1 = require("../session-store.js");
+const token_service_js_1 = require("../../token/token.service.js");
 let BaseAuthGuard = class BaseAuthGuard {
     reflector;
-    mcpToken;
-    constructor(reflector, mcpToken) {
+    tokenService;
+    constructor(reflector, tokenService) {
         this.reflector = reflector;
-        this.mcpToken = mcpToken;
+        this.tokenService = tokenService;
     }
-    canActivate(context) {
+    async canActivate(context) {
         const isPublic = this.reflector.getAllAndOverride(public_decorator_js_1.IS_PUBLIC_KEY, [
             context.getHandler(),
             context.getClass(),
@@ -34,33 +34,55 @@ let BaseAuthGuard = class BaseAuthGuard {
         if (isPublic)
             return true;
         const req = context.switchToHttp().getRequest();
+        // Bearer header present → validate with TokenService (no localhost exception)
+        const rawToken = (0, ip_utils_js_1.extractBearerToken)(req);
+        if (rawToken) {
+            const claims = await this.tokenService.validateToken(rawToken);
+            if (!claims)
+                throw new common_1.UnauthorizedException('Invalid token');
+            req.tokenClaims = claims;
+            return true;
+        }
+        // localhost bypass (DNS rebinding defense: Host header must also be local)
+        // CSRF not required for loopback — cross-origin CSRF to localhost is blocked by the browser.
         if (this.isLocalRequest(req))
             return true;
-        return this.validateToken(req);
+        // External access → session first (throws 401 if missing/invalid)
+        this.validateWebSession(req);
+        // CSRF Double Submit only on unsafe methods (state-changing)
+        if (this.requiresCsrf(req)) {
+            const csrfHeader = req.headers['x-csrf-token'];
+            const csrfCookie = req.cookies?.['crewx_csrf'];
+            if (!csrfHeader || csrfHeader !== csrfCookie) {
+                throw new common_1.ForbiddenException('CSRF token mismatch');
+            }
+        }
+        return true;
     }
     isLocalRequest(req) {
         const ip = req.socket?.remoteAddress;
         if (!(0, ip_utils_js_1.isLoopback)(ip))
             return false;
-        // DNS rebinding defense: Host header must also be local
         const host = (req.headers['host'] ?? '').split(':')[0];
         return host === 'localhost' || host === '127.0.0.1' || host === '[::1]';
     }
-    validateToken(req) {
+    requiresCsrf(req) {
+        const method = (req.method ?? 'GET').toUpperCase();
+        return !['GET', 'HEAD', 'OPTIONS'].includes(method);
+    }
+    validateWebSession(req) {
         const cookieSessionId = req.cookies?.['crewx_token'];
-        const bearerToken = (0, ip_utils_js_1.extractBearerToken)(req);
         if (cookieSessionId && (0, session_store_js_1.validateSession)(cookieSessionId)) {
             return true;
         }
-        if (bearerToken && (0, ip_utils_js_1.safeCompare)(bearerToken, this.mcpToken.token)) {
-            return true;
-        }
         throw new common_1.UnauthorizedException('Authentication required');
     }
 };
 exports.BaseAuthGuard = BaseAuthGuard;
 exports.BaseAuthGuard = BaseAuthGuard = __decorate([
     (0, common_1.Injectable)(),
-    __param(1, (0, common_1.Inject)(mcp_constants_js_1.MCP_TOKEN)),
-    __metadata("design:paramtypes", [core_1.Reflector, Object])
+    __param(0, (0, common_1.Inject)(core_1.Reflector)),
+    __param(1, (0, common_1.Inject)(token_service_js_1.TokenService)),
+    __metadata("design:paramtypes", [core_1.Reflector,
+        token_service_js_1.TokenService])
 ], BaseAuthGuard);

package/dist-server/domain/doc/doc.controller.js

@@ -15,6 +15,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.DocController = void 0;
 const common_1 = require("@nestjs/common");
 const swagger_1 = require("@nestjs/swagger");
+const fs_1 = require("fs");
 const doc_service_js_1 = require("./doc.service.js");
 const doc_dto_js_1 = require("./dto/doc.dto.js");
 let DocController = class DocController {
@@ -42,6 +43,17 @@ let DocController = class DocController {
         const data = this.docService.getImplStatus();
         return { success: true, data };
     }
+    // DOC.IMAGE: Serve document image file
+    serveImage(filePath, res) {
+        const { absPath, mime } = this.docService.getDocImagePath(filePath);
+        const stat = (0, fs_1.statSync)(absPath);
+        res.set({
+            'Content-Type': mime,
+            'Content-Length': stat.size,
+            'Cache-Control': 'public, max-age=3600',
+        });
+        (0, fs_1.createReadStream)(absPath).pipe(res);
+    }
     // DOC.SAVE: Save document content
     async saveContent(body) {
         const data = await this.docService.saveContent(body.path, body.content, body.mtime);
@@ -80,6 +92,15 @@ __decorate([
     __metadata("design:paramtypes", []),
     __metadata("design:returntype", void 0)
 ], DocController.prototype, "getImplStatus", null);
+__decorate([
+    (0, swagger_1.ApiOperation)({ operationId: 'DOC.IMAGE', summary: 'Serve a document image (png/jpg/jpeg/gif/webp)' }),
+    (0, common_1.Get)('image'),
+    __param(0, (0, common_1.Query)('path')),
+    __param(1, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", void 0)
+], DocController.prototype, "serveImage", null);
 __decorate([
     (0, swagger_1.ApiOperation)({ operationId: 'DOC.SAVE', summary: 'Save document content' }),
     (0, common_1.Put)('content'),

package/dist-server/domain/doc/doc.service.js

@@ -14,6 +14,7 @@ const node_crypto_1 = require("node:crypto");
 const doc_1 = require("@crewx/doc");
 const knowledge_core_1 = require("@crewx/knowledge-core");
 const workspace_context_store_js_1 = require("../../common/workspace-context.store.js");
+const image_constants_js_1 = require("./image-constants.js");
 // Screen ID → page directory mapping for code existence check
 const SCREEN_CODE_PATHS = {
     NAVUI: 'src/ui/components/layout',
@@ -94,8 +95,11 @@ let DocService = class DocService {
                     children.push(child);
                 }
             }
-            else if (entry.isFile() && entry.name.endsWith('.md')) {
-                children.push(this.fileNode(entryAbs));
+            else if (entry.isFile()) {
+                const ext = entry.name.split('.').pop()?.toLowerCase() ?? '';
+                if (entry.name.endsWith('.md') || image_constants_js_1.IMAGE_EXTENSIONS.has(ext)) {
+                    children.push(this.fileNode(entryAbs));
+                }
             }
         }
         return { name, path: rel, type: 'dir', children };
@@ -301,10 +305,11 @@ let DocService = class DocService {
     }
     // ── Path validation ───────────────────────────────────────
     /**
-     * Prevent path traversal attacks by rejecting paths containing '..'.
-     * Also ensures the resolved path stays within the project root.
+     * Validates traversal and boundary only — does NOT check existence.
+     * Fix: use `rootCmp + '/'` prefix (or exact match) to reject sibling dirs
+     * like /home/u/proj-secret that share the root as a string prefix.
      */
-    validatePath(filePath) {
+    validatePathBoundary(filePath) {
         if (filePath.includes('..')) {
             throw new common_1.BadRequestException('Path traversal is not allowed');
         }
@@ -314,13 +319,38 @@ let DocService = class DocService {
         // projectRoot may already be normalized (c:/…). Naive startsWith fails.
         const absCmp = abs.replace(/\\/g, '/').toLowerCase();
         const rootCmp = this.projectRoot.replace(/\\/g, '/').toLowerCase();
-        if (!absCmp.startsWith(rootCmp)) {
+        if (absCmp !== rootCmp && !absCmp.startsWith(rootCmp + '/')) {
             throw new common_1.BadRequestException('Path is outside project root');
         }
+    }
+    /**
+     * Prevent path traversal attacks by rejecting paths containing '..'.
+     * Also ensures the resolved path stays within the project root.
+     */
+    validatePath(filePath) {
+        this.validatePathBoundary(filePath);
+        const abs = (0, path_1.resolve)(this.projectRoot, filePath);
         if (!(0, fs_1.existsSync)(abs)) {
             throw new common_1.BadRequestException(`File not found: ${filePath}`);
         }
     }
+    /**
+     * DOC.IMAGE: Validate an image path and return its absolute filesystem path.
+     * Enforces extension whitelist before existence check to prevent info leakage.
+     * Missing images throw 404 (not 400) to match spec and prevent probing.
+     */
+    getDocImagePath(filePath) {
+        const ext = filePath.split('.').pop()?.toLowerCase() ?? '';
+        if (!image_constants_js_1.IMAGE_EXTENSIONS.has(ext)) {
+            throw new common_1.NotFoundException('Not found');
+        }
+        this.validatePathBoundary(filePath);
+        const abs = (0, path_1.resolve)(this.projectRoot, filePath);
+        if (!(0, fs_1.existsSync)(abs)) {
+            throw new common_1.NotFoundException('Not found');
+        }
+        return { absPath: abs, mime: image_constants_js_1.EXT_MIME[ext] };
+    }
     validateEditable(filePath) {
         const lower = filePath.toLowerCase();
         if (!lower.endsWith('.md')) {

package/dist-server/domain/doc/image-constants.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EXT_MIME = exports.IMAGE_EXTENSIONS = void 0;
+exports.IMAGE_EXTENSIONS = new Set(['png', 'jpg', 'jpeg', 'gif', 'webp']);
+exports.EXT_MIME = {
+    png: 'image/png',
+    jpg: 'image/jpeg',
+    jpeg: 'image/jpeg',
+    gif: 'image/gif',
+    webp: 'image/webp',
+};

package/dist-server/domain/events/events.module.js

@@ -0,0 +1,31 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventsModule = void 0;
+const common_1 = require("@nestjs/common");
+const workspace_events_controller_js_1 = require("./workspace-events.controller.js");
+const workspace_events_test_controller_js_1 = require("./workspace-events-test.controller.js");
+const workspace_event_bus_js_1 = require("./workspace-event.bus.js");
+/**
+ * EventsModule — workspace SSE event bus + streaming endpoint.
+ *
+ * WorkspaceEventBus is exported so CrewxModule can import it and wire
+ * SDK event subscriptions without a circular dependency:
+ *   EventsModule → (no CrewxModule dependency)
+ *   CrewxModule  → imports EventsModule for WorkspaceEventBus
+ */
+let EventsModule = class EventsModule {
+};
+exports.EventsModule = EventsModule;
+exports.EventsModule = EventsModule = __decorate([
+    (0, common_1.Module)({
+        controllers: [workspace_events_controller_js_1.WorkspaceEventsController, workspace_events_test_controller_js_1.WorkspaceEventsTestController],
+        providers: [workspace_event_bus_js_1.WorkspaceEventBus],
+        exports: [workspace_event_bus_js_1.WorkspaceEventBus],
+    })
+], EventsModule);

package/dist-server/domain/events/server-conversation.plugin.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ServerConversationPlugin = void 0;
+const plugins_1 = require("@crewx/sdk/plugins");
+/**
+ * ServerConversationPlugin — extends ConversationPlugin to emit workspace SSE events
+ * immediately after conversation persistence (afterUserMessage / afterAssistantMessage hooks).
+ *
+ * wsId strategy: captured from crewx.workspaceId in attach() (option a).
+ * TaskEndEvent carries no workspaceId, so we must capture it at attach time.
+ * Each plugin instance is bound to exactly one Crewx instance, so wsId is stable.
+ *
+ * Phase 1 note: messageId from hook = threadId (thread PK, not per-message row).
+ * SSE payload uses taskId = e.traceId for per-task identity. Per-message IDs are Phase 2.
+ */
+class ServerConversationPlugin extends plugins_1.ConversationPlugin {
+    bus;
+    wsId = null;
+    constructor(bus) {
+        super();
+        this.bus = bus;
+    }
+    attach(crewx) {
+        this.wsId = crewx.workspaceId;
+        super.attach(crewx);
+    }
+    async afterUserMessage(threadId, _messageId, created, e) {
+        const wsId = e.workspaceId;
+        if (!wsId)
+            return;
+        if (created) {
+            this.bus.emit(wsId, { type: 'thread.created', data: { threadId } });
+        }
+        this.bus.emit(wsId, { type: 'message.created', data: { threadId, taskId: e.traceId } });
+        this.bus.emit(wsId, { type: 'thread.updated', data: { threadId, updatedAt: e.timestamp.toISOString() } });
+    }
+    async afterAssistantMessage(threadId, _messageId, e) {
+        const wsId = this.wsId;
+        if (!wsId)
+            return;
+        this.bus.emit(wsId, { type: 'message.created', data: { threadId, taskId: e.traceId } });
+        this.bus.emit(wsId, { type: 'thread.updated', data: { threadId, updatedAt: e.timestamp.toISOString() } });
+    }
+}
+exports.ServerConversationPlugin = ServerConversationPlugin;

package/dist-server/domain/events/workspace-event.bus.js

@@ -0,0 +1,32 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WorkspaceEventBus = void 0;
+const common_1 = require("@nestjs/common");
+const rxjs_1 = require("rxjs");
+const operators_1 = require("rxjs/operators");
+/**
+ * WorkspaceEventBus — singleton RxJS Subject that fan-outs workspace events.
+ *
+ * All workspace SSE events flow through this single Subject.
+ * Subscribers use for(wsId) to receive only their workspace's events.
+ */
+let WorkspaceEventBus = class WorkspaceEventBus {
+    subject = new rxjs_1.Subject();
+    emit(wsId, event) {
+        this.subject.next({ wsId, event });
+    }
+    /** Returns an Observable filtered to a single workspace's events. */
+    for(wsId) {
+        return this.subject.pipe((0, operators_1.filter)((envelope) => envelope.wsId === wsId), (0, operators_1.map)((envelope) => envelope.event));
+    }
+};
+exports.WorkspaceEventBus = WorkspaceEventBus;
+exports.WorkspaceEventBus = WorkspaceEventBus = __decorate([
+    (0, common_1.Injectable)()
+], WorkspaceEventBus);

package/dist-server/domain/events/workspace-event.types.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WORKSPACE_EVENT_TYPES = void 0;
+/** SSOT: all workspace SSE event types. Value = SSE event name = addEventListener key. */
+exports.WORKSPACE_EVENT_TYPES = [
+    'task.created',
+    'task.updated',
+    'task.logged',
+    'thread.created',
+    'thread.updated',
+    'message.created',
+];

package/dist-server/domain/events/workspace-events-test.controller.js

@@ -0,0 +1,83 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WorkspaceEventsTestController = void 0;
+const common_1 = require("@nestjs/common");
+const class_validator_1 = require("class-validator");
+const workspace_decorator_js_1 = require("../../common/decorators/workspace.decorator.js");
+const workspace_event_bus_js_1 = require("./workspace-event.bus.js");
+const workspace_event_types_js_1 = require("./workspace-event.types.js");
+function makeDefaultData(type) {
+    const now = new Date().toISOString();
+    const taskId = `tsk_test_${Date.now()}`;
+    const threadId = `thr_test_${Date.now()}`;
+    switch (type) {
+        case 'task.created':
+            return { taskId, threadId, agent: 'test_agent', status: 'running', updatedAt: now };
+        case 'task.updated':
+            return { taskId, threadId, agent: 'test_agent', status: 'success', costUsd: 0.001, updatedAt: now };
+        case 'task.logged':
+            return { taskId, threadId };
+        case 'thread.created':
+            return { threadId };
+        case 'thread.updated':
+            return { threadId, updatedAt: now };
+        case 'message.created':
+            return { threadId, taskId };
+    }
+}
+class TestEmitBody {
+    type;
+    data;
+}
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsIn)(workspace_event_types_js_1.WORKSPACE_EVENT_TYPES),
+    __metadata("design:type", String)
+], TestEmitBody.prototype, "type", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsObject)(),
+    __metadata("design:type", Object)
+], TestEmitBody.prototype, "data", void 0);
+/** POST /api/v1/ws/:slug/test/emit — manually push a test event into the workspace SSE bus. Dev only. */
+let WorkspaceEventsTestController = class WorkspaceEventsTestController {
+    bus;
+    constructor(bus) {
+        this.bus = bus;
+    }
+    emit(body, ws) {
+        if (!workspace_event_types_js_1.WORKSPACE_EVENT_TYPES.includes(body.type)) {
+            return { success: false, error: `Unknown event type: ${body.type}` };
+        }
+        const data = body.data ?? makeDefaultData(body.type);
+        const event = { type: body.type, data };
+        this.bus.emit(ws.id, event);
+        return { success: true, wsId: ws.id, event };
+    }
+};
+exports.WorkspaceEventsTestController = WorkspaceEventsTestController;
+__decorate([
+    (0, common_1.Post)('emit'),
+    (0, common_1.HttpCode)(200),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, workspace_decorator_js_1.Workspace)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [TestEmitBody, Object]),
+    __metadata("design:returntype", void 0)
+], WorkspaceEventsTestController.prototype, "emit", null);
+exports.WorkspaceEventsTestController = WorkspaceEventsTestController = __decorate([
+    (0, common_1.Controller)('ws/:slug/test'),
+    __metadata("design:paramtypes", [workspace_event_bus_js_1.WorkspaceEventBus])
+], WorkspaceEventsTestController);

package/dist-server/domain/events/workspace-events.controller.js

@@ -0,0 +1,47 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WorkspaceEventsController = void 0;
+const common_1 = require("@nestjs/common");
+const throttler_1 = require("@nestjs/throttler");
+const rxjs_1 = require("rxjs");
+const operators_1 = require("rxjs/operators");
+const workspace_event_bus_js_1 = require("./workspace-event.bus.js");
+const workspace_decorator_js_1 = require("../../common/decorators/workspace.decorator.js");
+const KEEPALIVE_INTERVAL_MS = 15_000;
+let WorkspaceEventsController = class WorkspaceEventsController {
+    bus;
+    constructor(bus) {
+        this.bus = bus;
+    }
+    /** GET /api/v1/ws/:slug/events — workspace-scoped SSE stream. */
+    stream(ws) {
+        const events$ = this.bus.for(ws.id).pipe((0, operators_1.map)((event) => ({ type: event.type, data: event.data })));
+        const ping$ = (0, rxjs_1.interval)(KEEPALIVE_INTERVAL_MS).pipe((0, operators_1.map)(() => ({ type: 'ping', data: {} })));
+        return (0, rxjs_1.merge)(events$, ping$);
+    }
+};
+exports.WorkspaceEventsController = WorkspaceEventsController;
+__decorate([
+    (0, throttler_1.SkipThrottle)(),
+    (0, common_1.Sse)(),
+    __param(0, (0, workspace_decorator_js_1.Workspace)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", rxjs_1.Observable)
+], WorkspaceEventsController.prototype, "stream", null);
+exports.WorkspaceEventsController = WorkspaceEventsController = __decorate([
+    (0, common_1.Controller)('ws/:slug/events'),
+    __metadata("design:paramtypes", [workspace_event_bus_js_1.WorkspaceEventBus])
+], WorkspaceEventsController);

package/dist-server/domain/mcp/browser-session.store.js

@@ -23,6 +23,7 @@ let BrowserSessionStore = BrowserSessionStore_1 = class BrowserSessionStore {
     logger = new common_1.Logger(BrowserSessionStore_1.name);
     sessions = new Map();
     sweepTimer;
+    sseDisconnectListeners = new Map();
     constructor() {
         this.sweepTimer = setInterval(() => this.sweep(), SWEEP_INTERVAL_MS);
         this.sweepTimer.unref();
@@ -33,6 +34,7 @@ let BrowserSessionStore = BrowserSessionStore_1 = class BrowserSessionStore {
             this.destroySession(session);
         }
         this.sessions.clear();
+        this.sseDisconnectListeners.clear();
     }
     create(clientType) {
         const id = SESSION_PREFIX + (0, crypto_1.randomBytes)(SESSION_ID_BYTES).toString('hex');
@@ -100,6 +102,7 @@ let BrowserSessionStore = BrowserSessionStore_1 = class BrowserSessionStore {
             this.logger.debug(`SSE disconnected for session: ${sessionId}`);
             this.cleanupSse(session);
             this.rejectAllPending(session, new Error('SSE connection closed'));
+            this.fireSseDisconnectListeners(sessionId);
         });
         return true;
     }
@@ -117,6 +120,41 @@ let BrowserSessionStore = BrowserSessionStore_1 = class BrowserSessionStore {
         this.logger.debug(`Tools registered (${mode}) for session ${sessionId}: ${tools.map((t) => t.name).join(', ')}`);
         return true;
     }
+    /** Returns the most recently created browser session with an active SSE stream. */
+    getLatestBrowserSession() {
+        let latest;
+        for (const session of this.sessions.values()) {
+            if (session.clientType === 'browser' &&
+                session.sseResponse &&
+                !session.sseResponse.writableEnded) {
+                if (!latest || session.createdAt > latest.createdAt) {
+                    latest = session;
+                }
+            }
+        }
+        return latest;
+    }
+    /** Push a fire-and-forget JSON-RPC notification to a session's SSE stream. */
+    pushNotification(sessionId, payload) {
+        const session = this.sessions.get(sessionId);
+        if (!session?.sseResponse || session.sseResponse.writableEnded)
+            return false;
+        session.sseResponse.write(`data: ${JSON.stringify(payload)}\n\n`);
+        session.lastActivity = Date.now();
+        return true;
+    }
+    /** Register a callback that fires when the SSE connection for sessionId closes. Returns an unregister fn. */
+    onSseDisconnect(sessionId, cb) {
+        let listeners = this.sseDisconnectListeners.get(sessionId);
+        if (!listeners) {
+            listeners = new Set();
+            this.sseDisconnectListeners.set(sessionId, listeners);
+        }
+        listeners.add(cb);
+        return () => {
+            this.sseDisconnectListeners.get(sessionId)?.delete(cb);
+        };
+    }
     getRegisteredTools(sessionId) {
         const session = this.sessions.get(sessionId);
         if (!session)
@@ -204,6 +242,18 @@ let BrowserSessionStore = BrowserSessionStore_1 = class BrowserSessionStore {
         pending.reject(error);
         return true;
     }
+    fireSseDisconnectListeners(sessionId) {
+        const listeners = this.sseDisconnectListeners.get(sessionId);
+        if (!listeners)
+            return;
+        for (const cb of listeners) {
+            try {
+                cb();
+            }
+            catch { }
+        }
+        this.sseDisconnectListeners.delete(sessionId);
+    }
     cleanupSse(session) {
         if (session.keepaliveTimer) {
             clearInterval(session.keepaliveTimer);

package/dist-server/domain/mcp/chromex-blacklist.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CHROMEX_BLACKLIST_DOMAINS = void 0;
+exports.isBlacklisted = isBlacklisted;
+exports.CHROMEX_BLACKLIST_DOMAINS = [
+    // 금융
+    'kbanknow.com', 'mybank.wooribank.com', 'banking.shinhan.com',
+    'mybanking.kbstar.com', 'ibs.kbstar.com', 'ib.hana.co.kr',
+    // 이메일
+    'mail.google.com', 'outlook.live.com', 'mail.naver.com',
+    // 인증
+    'accounts.google.com', 'nid.naver.com', 'auth.kakao.com',
+];
+function isBlacklisted(url) {
+    try {
+        let hostname = new URL(url).hostname.toLowerCase();
+        if (hostname.endsWith('.'))
+            hostname = hostname.slice(0, -1);
+        // normalize via URL constructor to handle IDN/punycode bypass attempts
+        hostname = new URL(`https://${hostname}`).hostname;
+        return exports.CHROMEX_BLACKLIST_DOMAINS.some((domain) => hostname === domain || hostname.endsWith(`.${domain}`));
+    }
+    catch {
+        return true; // fail-close on parse error
+    }
+}