…hemaToTypeScript

Address CodeRabbit review feedback:
- Escape quotes, backslashes, and newlines in const/enum string values
- Quote property keys that aren't valid JS identifiers (hyphens, spaces, leading digits)
- 3 new test cases covering both fixes

Remove 402 lines of dead code from the AST pipeline:

- Delete analyzeWorkbench() + parseConfigObject() — only imported by
  the dead workbench.ts file, never used in production
- Delete checkFunctionUsage() — exported but never imported anywhere
- Delete checkRouteConflicts() — exported but never imported anywhere
- Delete WorkbenchAnalysis interface — only used by dead code
- Remove WorkbenchConfig import from ast.ts (no longer needed)
- Delete packages/cli/src/cmd/build/workbench.ts entirely — the whole
  file was dead code (getWorkbench, generateWorkbenchMainTsx, etc.
  are superseded by vite/workbench-generator.ts)
- Remove analyzeWorkbench tests from ast.test.ts (testing dead code)

ast.ts: 3,526 → 3,124 lines (402 lines removed, cumulative with
previous findCreateAppEndPosition deletion)

The lifecycle generator now uses TypeScript's own type checker to
extract the setup() return type instead of walking AST literals and
guessing types from values. This handles:

- Inline setup in createApp({ setup: () => ... })
- Exported setup functions (function decl or const arrow)
- Shorthand property: createApp({ setup })
- Variable references: setup: () => someVar
- Async functions (Promise unwrapping)
- Any pattern TypeScript itself can resolve

Also extract getDevmodeDeploymentId into ids.ts (pure hash, not AST).

ast.ts consumers remaining: only parseRoute (route-discovery.ts)

…iscovery + app-router-detector

createRouter() no longer wraps Hono methods — it's now just `new Hono()`
with Agentuity's Env type. This preserves Hono's full Schema type inference
chain, enabling `typeof router` to encode all route types.

The routeId lookup (for OTel spans) and returnResponse auto-conversion that
createRouter previously did will move to entry-file middleware in a follow-up.

agent-discovery.ts: rewritten to import() agent files at build time instead
of AST-parsing with acorn-loose. The agent instance already knows its own
metadata, schemas, and evals. Schemas are now extracted as JSON Schema
strings via toJSONSchema() instead of Zod source strings via astring.

app-router-detector.ts: rewritten to use TypeScript's compiler API instead
of acorn-loose. Detects createApp({ router }) patterns for explicit routing.

Both rewrites eliminate acorn-loose/astring usage from their respective files.
Only ast.ts itself still imports acorn-loose (for parseRoute, used by
route-discovery.ts).

Tests: 18 agent-discovery tests, 8 app-router-detector tests, 8 lifecycle
tests, dev-registry-generation tests all pass. Runtime: 665 tests pass.

- Delete ast.ts (3,120 lines) — entire acorn-loose + astring AST pipeline
- Delete route-migration.ts (793 lines) — file-based routing migration
- Delete api-mount-path.ts (87 lines) — file-based path computation
- Remove acorn-loose + astring from package.json
- Remove file-based routing fallback from entry-generator.ts
- Remove migration prompts from dev/index.ts and vite-bundler.ts
- Remove src/api/ directory watcher from file-watcher.ts
- Remove migrateRoutes CLI option
- Delete 15 test files testing deleted AST/file-based routing code
- Rewrite route-discovery + dev-registry tests for new architecture

Net: -13,073 lines deleted, +199 lines added

- Import toForwardSlash from normalize-path.ts instead of duplicating
- Replace existsSync with Bun.file().exists() in lifecycle-generator,
  app-router-detector, and agent-discovery
- Import toJSONSchema from @agentuity/schema public entry point (resolved
  from user's node_modules) instead of reaching into src/ internals
- Remove createAgent substring gate — check exported value shape instead,
  supporting re-exported agents
- Default createRouter S generic to BlankSchema ({}) to match Hono 4.7.13

- Migrate integration-suite, e2e-web, svelte-web, auth-package-app,
  webrtc-test, nextjs-app, tanstack-start, vite-rsc-app to explicit
  createApp({ router }) pattern
- Create combined router.ts files for apps with multiple route files
- Expose agent.evals on AgentRunner (was missing, breaking eval discovery)
- Deduplicate agents by name (re-exported agents from index.ts)
- Update route-metadata-nested tests for explicit routing

…#1168)

…estart loop

- Runtime: createApp() returns fetch/port/hostname for bun --hot to
  hot-swap the server's request handler without process restart
- Runtime: skip Bun.serve() in dev mode (bun --hot manages server
  via default export)
- Runtime: add idempotent OTel re-registration guard for hot reloads
- Runtime: pass cors/compression config directly to middleware instead
  of lazy global lookup via getAppConfig()
- Runtime: remove getAppState/getAppConfig/setAppConfig globals
  (config passed directly, app state was always {})
- Runtime: add typed _globals.ts for Symbol.for() state and globals.d.ts
  for string-keyed globalThis properties, eliminating unsafe casts
- Runtime: use Symbol.for() pattern in _process-protection.ts
- Runtime: guard one-time log messages (server started, local services)
  to prevent reprinting on hot reloads
- Runtime: downgrade internal port messages to debug level
- CLI: use bun --hot --no-clear-screen for backend subprocess
- CLI: remove file-watcher.ts usage, restart loop, stopBunServer,
  cleanupForRestart — bun --hot handles all backend HMR
- CLI: run 'Preparing dev server' once at startup instead of on
  every file change (~490 lines removed from dev/index.ts)

In production mode, startServer() already calls Bun.serve() on the
configured port. Bun v1.2+ also auto-serves when the default export
has fetch + port properties (added in c98ce19 for --hot support),
causing a second bind attempt and EADDRINUSE.

Strip fetch/port/hostname from the returned AppResult in production
so only the explicit Bun.serve() is active. Dev mode keeps them for
bun --hot auto-serve.

Resolve conflicts:
- modify/delete: keep v2's deletions of generated files (app.ts, routes.ts),
  ast.ts, and route-migration.ts — superseded by v2's import-based architecture
- agent-discovery.ts: keep v2's import-based version, port duplicate eval name
  detection from main (cab51e2)
- dev/index.ts: keep v2's bun --hot version — main's file-watcher restart loop
  fixes (5b7f9b8) don't apply since v2 removed the restart loop

Auto-merged from main:
- Gateway URL fallback update (agentuity.ai → catalyst.agentuity.cloud)
- Windows path fix for AI SDK patches (buildPatchFilter)
- Task status aliases, sandbox events, OIDC commands, monitoring
- Coder TUI updates, API reference docs, various CLI fixes

Bun --hot creates the server from the default export's properties.
Without the websocket handler, WebSocket upgrades fail with:
'To enable websocket support, set the "websocket" object in Bun.serve({})'

Add websocket from hono/bun to the AppResult (and strip it in
production alongside fetch/port/hostname).

json5 was not declared as a dependency in cli/package.json, causing
a type error. Use the existing parseJSONC utility (from utils/jsonc)
which handles tsconfig.json comments and trailing commas.

## @agentuity/migrate package (new)

A CLI tool to migrate v1 projects to v2:
- `npx @agentuity/migrate` — guided migration with codemods
- Deletes `src/generated/` directory
- Removes `bootstrapRuntimeEnv()` call from app.ts
- Transforms routes from createRouter() mutable style to new Hono<Env>() chained
- Generates src/api/index.ts and src/agent/index.ts barrels
- Adds migration comments for setup/shutdown lifecycle
- Guides on agentuity.config.ts deprecation
- Detects frontend using removed APIs (createClient, useAPI, RPCRouteRegistry)
- Runs bun install and typecheck post-migration

## agentuity.config.ts deprecation

- New app-config-extractor.ts extracts analytics/workbench from createApp()
- config-loader.ts emits deprecation warning when loading agentuity.config.ts
- getWorkbenchConfig() now prefers runtime config from createApp()
- dev/index.ts and vite-builder.ts use loadRuntimeConfig()

Config consolidation in v2:
- Runtime config (analytics, workbench, cors, etc.) → createApp() only
- Vite config (plugins, define, render, bundle) → vite.config.ts
- agentuity.config.ts → deprecated, delete entirely

## Documentation

- Updated migration-guide.mdx with v1→v2 tab
- Includes automated migration instructions and manual steps
- Covers all breaking changes and troubleshooting

This commit consolidates several v2 improvements:

### bun-dev-server error diagnostics
- Add app.ts validation to detect v1 pattern (destructuring without export default)
- Capture Bun stderr/stdout and show in error messages
- Add port cleanup with ensurePortAvailable() to kill orphan processes
- Warn before starting if app.ts has common issues
- Export validation functions for testing

### Process manager for dev mode
- New ProcessManager class to track all spawned processes/servers
- Ordered cleanup (LIFO for processes)
- Force kill fallback after timeout
- Integrated into dev/index.ts for cleanup on failure/shutdown

### Remove agentuity.config.ts support
- Deleted loadAgentuityConfig from config-loader.ts
- getWorkbenchConfig now only takes (dev, runtimeConfig) - no config file fallback
- Users must use vite.config.ts for Vite config
- Users must use createApp() for runtime config (workbench, analytics)

### Remove auto-adding React plugin
- Vite no longer auto-adds @vitejs/plugin-react
- Users must configure frontend framework in vite.config.ts

### Deprecate @agentuity/react
- Added deprecation notice to README.md and package.json
- @agentuity/auth no longer depends on @agentuity/react
- AuthProvider now accepts callback props instead of relying on AgentuityProvider

### Migrate tool updates
- Detect missing vite.config.ts when frontend exists
- Detect deprecated @agentuity/react API usage
- Detect agentuity.config.ts and suggest migration

Tests: Updated workbench tests, removed define-config test (obsolete), added process-manager tests

Tests verify:
- publicDir is set correctly in dev mode config
- Public files are served at root paths in dev
- Public files maintain directory structure
- Various file types are handled correctly
- Edge cases (empty folder, hidden files, subdirectories)
- Integration with vite-builder functions

Add tests for dev server orchestration covering:

- dev-lock.test.ts: Lockfile management, orphan process cleanup,
  edge cases for corrupted/missing lockfiles

- ws-proxy.test.ts: Front-door TCP proxy routing decisions,
  error handling, URL parsing, query strings

- dev-server-integration.test.ts: Full lifecycle testing,
  crash recovery, hot reload validation, error resilience

All 60 tests pass covering:
- Startup/shutdown with port cleanup
- Hot reload behavior (Bun --hot, Vite HMR)
- Crash recovery (SIGTERM/SIGKILL escalation)
- WS proxy routing (HTTP→Vite, WS upgrade→Bun)
- Error resilience (TypeScript errors, v1 patterns)

Merge main (1.0.54) into v2 branch.

Resolution strategy:
- Deleted files (v2): Kept v2's removal of src/generated/*, ast.ts, route-migration.ts
- Dev server files: Kept v2's no-bundle architecture with bun --hot
- Package versions: Took main's higher versions
- New features from main: Accepted (oauth, sandbox jobs, service packages)
- API docs: Took main's updated documentation

Key changes merged from main:
- New standalone service packages (@agentuity/db, @agentuity/email, etc.)
- OAuth service support
- Sandbox job commands
- Updated CLI commands for all cloud services
- API reference documentation updates

Since React is no longer auto-added by the CLI, each project with a
frontend needs its own vite.config.ts with the appropriate plugins.

Added vite.config.ts for:
- apps/docs (React + Tailwind + MDX + TanStack Router)
- apps/testing/e2e-web (React)
- apps/testing/cloud-deployment (React)
- apps/testing/integration-suite (React)
- apps/testing/auth-package-app (React)
- apps/testing/oauth (React)
- apps/testing/webrtc-test (React)
- apps/testing/svelte-web (Svelte - pending investigation for CLI build)

Updated vite-builder.ts to properly merge user vite.config.ts:
- User plugins now come FIRST (important for framework plugins like Svelte)
- User config values are preserved unless overridden by Agentuity-specific needs
- Removed mergeConfig in favor of explicit spread to avoid array merge issues

Note: Svelte builds work with vite v8.0.1 building client environment for production...
�[2K
transforming...✓ 1 modules transformed. but fail when built
through the CLI. This requires further investigation into how the
Svelte plugin interacts with the CLI's build process.

…lity

## Problem
Svelte 5 builds failed when invoked through CLI's programmatic viteBuild()
call, but worked correctly with `bunx vite build`. The error showed the
Svelte compile plugin receiving already-compiled JavaScript instead of
Svelte source code.

## Root Cause
Bun's module loading system has issues with Vite's plugin pipeline when
importing Vite and calling build() programmatically. Certain plugins like
@sveltejs/vite-plugin-svelte receive already-compiled code, possibly due to
module state caching or transformation order issues.

## Solution
For client builds, spawn `bun x vite build` as a subprocess instead of
importing Vite and calling build() programmatically. This gives Vite complete
control over its module loading and plugin execution, avoiding Bun's
module system entirely.

Workbench builds continue using programmatic viteBuild() since those use
our own React plugin without external framework plugins.

## Additional Changes
- Updated vite.config.ts for all test projects to include root and input
  path (required when spawning vite as subprocess)
- Updated svelte-web agentuity.config.ts to v2 format (removed plugins)
- Removed temporary svelte.config.js that was added during debugging

## Testing
All test projects now build successfully:
- apps/testing/e2e-web (React)
- apps/testing/svelte-web (Svelte 5)
- apps/testing/cloud-deployment (React)
- apps/testing/integration-suite (React)
- apps/testing/auth-package-app (React)
- apps/testing/oauth (React)
- apps/testing/webrtc-test (React)

The migrate package was missing from the root tsconfig.json references,
causing it to not be built during CI builds.

The evals package depends on @agentuity/runtime and @agentuity/schema
but was missing the TypeScript project references, causing build failures.

Since the CLI now spawns vite as a subprocess for client builds,
projects need a vite.config.ts file with the proper input path.

Added:
- templates/_base/vite.config.ts with React plugin and input path
- vite and @vitejs/plugin-react to devDependencies in package.json

When vite.config.ts sets root='.' and input='src/web/index.html',
vite outputs the HTML at client/src/web/index.html instead of
client/index.html. The runtime now checks both locations.

This fixes cloud deployment tests that were failing because
the analytics beacon injection couldn't find the HTML file.

Main added new files in areas v3 deleted (runtime, vite pipeline,
templates, dev process-manager). These weren't caught by modify/delete
conflict resolution since they were new additions on main.

Removed:
- runtime: bootstrap.ts, globals, handlers, version-check, tests
- cli: vite/ws-proxy.ts, dev/process-manager.ts
- templates: leaked _base and default files

- Restore telemetry/logger.ts to pre-merge version (main added
  _globals import from runtime which we deleted)
- Remove dev test files brought back by main (dev-lock, dev-server-integration,
  process-manager, ws-proxy)

Build: clean. Tests: 621 pass, 3 fail (coder-related pre-existing).

…t warnings

- Add hono, local, stream to root tsconfig.json references (fixes missing dist/ in smoke test)
- Switch stream package from tsgo to tsc for consistency with root tsc --build
- Remove dead scaffold files in e2e-web and integration-suite (referenced non-existent modules)
- Fix lint warnings: unused constructor, unused variables/parameters

- AGENTS.md: add try/catch/finally to handleSubmit example
- agent-pulse: remove raw error details from API response
- streaming: validate model type at runtime instead of type assertion
- vector-storage: return 400 on invalid JSON body
- vector-storage: return 503 when vector service unavailable

The staggered ports (3000/3001/3002) and agent ports (3500/3501/3502)
were from the old v2 architecture with separate agent runtime servers.
In v3, apps are plain framework apps running sequentially, so they
all use the default port 3000.

- Next.js dev: 3001 → 3000
- Playwright config: all baseURLs → localhost:3000
- Test script: all wait/cleanup on port 3000 only

The wildcard export ("./*") works in workspace mode but fails when
packages are installed from tarballs (CI smoke test). Add explicit
exports and typesVersions entries for all 24 service directories
(apikey, auth, coder, db, email, eval, keyvalue, machine, monitoring,
oauth, org, project, queue, region, sandbox, schedule, session,
storage, stream, task, thread, user, vector, webhook, workflow).

Keeps the wildcard as a fallback for any future services.

Fixes: oauth test "Cannot find module '@agentuity/core/oauth'"

The previous tanstack-start was a plain Vite+React app with no actual
TanStack Start setup (missing @tanstack/react-start, router plugin,
app.config, __root.tsx, routeTree).

Replaced with a proper TanStack Start app created via @tanstack/cli:
- File-based routing with router plugin + auto-generated routeTree
- SSR with @tanstack/react-start
- Tailwind CSS v4
- Proper vite.config.ts with tanstackStart() plugin

Also updated Playwright e2e tests to match actual app content instead
of speculative echo demo UI that never existed.

- biome: exclude routeTree.gen.ts from linting (auto-generated)
- Suppress dangerouslySetInnerHTML warning in __root.tsx (SSR pattern)

- Add @agentuity/core and @agentuity/react to tanstack-start app
- Switch test script from 'bun run dev' to 'agentuity dev' (local CLI)
  so tests exercise the actual Agentuity developer experience with
  AI Gateway env injection
- Add test credentials setup to framework-demo-test CI job
  (same pattern as build, sandbox-cli, queue-cli jobs)

Add a server-side AI SDK call to exercise the Agentuity AI Gateway
integration end-to-end:

- Server function using 'use server' directive for TanStack Start RPC
- Calls generateText() with @ai-sdk/openai through the gateway
- Simple translate UI: text input, language select, translate button
- Playwright test verifies the full flow (submit → AI response)

When running via 'agentuity dev', OPENAI_API_KEY and OPENAI_BASE_URL
are auto-injected so the AI SDK routes through the Agentuity gateway
without needing separate provider API keys.

Restyle the TanStack Start test app to match the original Agentuity
template dark theme:
- Dark background with Agentuity brand cyan accent colors
- Same Agentuity logo SVG, font styling, and layout
- Translation form with inline language/model selects (not dropdowns)
- Glowing translate button with cyan/blue/purple gradient
- Results with token count, model, and language metadata
- Loading ellipsis animation on the translate button
- 'How it works' section with green checkmark list

Removed TanStack template components (Header, Footer, ThemeToggle)
and light theme CSS in favor of the Agentuity dark theme.

The shellComponent renders the <html>/<head>/<body> document wrapper
which includes <HeadContent /> — responsible for injecting the CSS
link tag. Without it, the stylesheet never loads.

Replace raw OpenAI SDK usage with the Vercel AI SDK pattern
(ai + @ai-sdk/openai) across all framework scaffolding templates:

- generateText() instead of openai.chat.completions.create()
- Cleaner API: destructure { text } directly
- Consistent with the TanStack Start test app pattern
- Dependencies: 'openai' → ['ai', '@ai-sdk/openai']

Updated frameworks: Next.js, Nuxt, Remix, SvelteKit, Astro, Hono,
Vite+React

Split the 619-line frameworks.ts into three focused files:
- frameworks.ts (223 lines) — types + catalog configuration
- frameworks-ai-examples.ts (166 lines) — AI SDK example generators
- frameworks-landing-pages.ts (267 lines) — Agentuity-branded landing pages

The landing pages replace the old brandSnippet approach (which just
created a floating badge component that was never auto-injected).
Now each framework's default page is replaced with a full
Agentuity-branded dark theme welcome page featuring:
- Agentuity logo + 'Welcome to Agentuity' heading
- Framework name + 'AI Gateway' subtitle
- Getting started steps with framework-specific file paths
- 'Powered by Agentuity' badge

Updated: scaffold.ts brandSnippet → landingPage

The dev command's injectGatewayEnv() requires AGENTUITY_SDK_KEY to be
set in order to inject OPENAI_API_KEY/OPENAI_BASE_URL for AI Gateway
routing. But it only checked process.env, never loading from the
project's .env/.env.development/.env.local files where the key is
typically stored after 'agentuity project import'.

Now calls loadProjectSDKKey() to read from .env files before
injecting gateway env vars, matching how other CLI commands resolve
the SDK key.

The dev command now resolves the SDK key in this order:
1. AGENTUITY_SDK_KEY in process.env
2. AGENTUITY_SDK_KEY in project .env files
3. CLI auth api_key from the user's configured profile

When falling back to the auth key (#3), shows a warning:
  'No linked Agentuity project found. Using your auth key for AI Gateway.'
  'Run agentuity project import to link this project for full functionality.'

This lets authenticated users use agentuity dev with AI Gateway
routing immediately, without needing to create/link a project first.

New script scripts/test-dev.sh that starts each framework testing app
through the Agentuity CLI dev command and verifies it responds on
port 3000. Exercises framework detection, AI Gateway env injection,
and SDK key resolution.

Tests: tanstack-start, nextjs-app, vite-react-app
Usage: bun run test:dev (all) or bash scripts/test-dev.sh --app tanstack-start

Update framework testing apps so 'bun run dev' runs through
agentuity dev, which handles framework detection and AI Gateway
env injection automatically:

- tanstack-start: dev → agentuity dev --script dev:start
- nextjs-app: dev → agentuity dev --script dev:start
- vite-react-app: dev → agentuity dev --script dev:start

Each app keeps its framework command as dev:start, and the dev
script wraps it via the CLI. Added @agentuity/cli as workspace
devDependency so the bin is available in bun run scripts.

Simplified test-framework-demos.sh and test-dev.sh to just use
'bun run dev' since the scripts now handle the CLI wrapping.

The dev command now:
1. Loads the CLI profile config to get overrides.transport_url and
   overrides.catalyst_url, injecting them into the child env so the
   gateway URL resolves correctly (was falling back to default URL
   even when the profile had region-specific URLs configured)
2. Shows visible status: 'AI Gateway: routing LLM requests through
   Agentuity' when injection succeeds, or a warning if no API keys
   are available
3. Returns boolean from injectGatewayEnv for status reporting

TanStack Start uses createFileRoute with a server.handlers property
for API endpoints, not the 'use server' module directive pattern.

Replaced:
- src/server/translate.ts ('use server' module) → src/routes/api/translate.ts (server route)
- src/server/debug.ts ('use server' module) → src/routes/api/debug-env.ts (server route)

Both now use createFileRoute('/api/...') with server.handlers.POST/GET
which is the correct TanStack Start server route pattern.

Frontend calls /api/translate and /api/debug-env via fetch().

AI Gateway env injection confirmed working. Remove the temporary
debug-env API route and server environment debug panel from the UI.

Use colorPrimary + bullet instead of muted text so the
'agentuity project import' command stands out in the terminal.

colorPrimary was just white text on dark terminals — barely visible.
Switch to colorInfo (cyan) + bold for the 'agentuity project import'
command, and use arrow instead of bullet for visual hierarchy.

The framework's own output (e.g. 'VITE v7.3.2 ready in 731 ms')
already shows what's running. No need to duplicate with
'Starting dev server (vite) on port 3000' and '$ bun run dev:start'.