feat: join request claim secrets, onboarding API, and company branding

Add secure claim secret flow for agent join requests with timing-safe comparison, expiry, and one-time use. Expose machine-readable onboarding manifests and skill index API endpoints. Add company brand color with hex validation, pattern icon generation, and settings page integration. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 16:33:20 -06:00
parent 9e89ca4a9e
commit e2c5b6698c
19 changed files with 6144 additions and 28 deletions
--- a/packages/db/src/schema/companies.ts
+++ b/packages/db/src/schema/companies.ts
@@ -14,6 +14,7 @@ export const companies = pgTable(
    requireBoardApprovalForNewAgents: boolean("require_board_approval_for_new_agents")
      .notNull()
      .default(true),
+    brandColor: text("brand_color"),
    createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
    updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(),
  },
--- a/packages/db/src/schema/join_requests.ts
+++ b/packages/db/src/schema/join_requests.ts
@@ -18,6 +18,9 @@ export const joinRequests = pgTable(
    adapterType: text("adapter_type"),
    capabilities: text("capabilities"),
    agentDefaultsPayload: jsonb("agent_defaults_payload").$type<Record<string, unknown> | null>(),
+    claimSecretHash: text("claim_secret_hash"),
+    claimSecretExpiresAt: timestamp("claim_secret_expires_at", { withTimezone: true }),
+    claimSecretConsumedAt: timestamp("claim_secret_consumed_at", { withTimezone: true }),
    createdAgentId: uuid("created_agent_id").references(() => agents.id),
    approvedByUserId: text("approved_by_user_id"),
    approvedAt: timestamp("approved_at", { withTimezone: true }),