@agent-relay/wrapper 0.1.0

package/src/__fixtures__/codex-outputs.ts

@@ -0,0 +1,99 @@
+/**
+ * Codex CLI output fixtures for parser regression testing.
+ *
+ * Codex (OpenAI) has its own output formatting patterns.
+ */
+
+import type { OutputFixture } from './claude-outputs.js';
+
+export const codexOutputFixtures: OutputFixture[] = [
+  // =====================================================================
+  // Basic Codex output
+  // =====================================================================
+  {
+    name: 'codex-basic-relay',
+    description: 'Basic relay command from Codex',
+    input: `I'll help you with that task.
+
+->relay:Lead Task analysis complete. Ready for review.
+
+Let me know if you need anything else.
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'Task analysis complete. Ready for review.' },
+    ],
+    expectedOutputContains: ['help you with that task', 'Let me know'],
+  },
+  {
+    name: 'codex-with-code-output',
+    description: 'Codex output with code blocks',
+    input: `Here's the fix:
+
+\`\`\`python
+def authenticate(user, password):
+    # ->relay:Agent This is in code, ignore
+    return check_credentials(user, password)
+\`\`\`
+
+->relay:Lead Code fix implemented. Please review.
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'Code fix implemented. Please review.' },
+    ],
+    expectedOutputContains: ['->relay:Agent This is in code'],
+  },
+
+  // =====================================================================
+  // Codex multi-line messages
+  // =====================================================================
+  {
+    name: 'codex-fenced-message',
+    description: 'Codex sending fenced multi-line message',
+    input: `->relay:Lead <<<
+Code review complete. Issues found:
+
+1. Missing error handling in auth.py:45
+2. SQL injection risk in query.py:120
+3. Unused import in utils.py:3
+
+Priority: Fix items 1 and 2 immediately.
+>>>
+
+I've documented all issues above.
+`,
+    expectedCommands: [
+      {
+        to: 'Lead',
+        body: `Code review complete. Issues found:
+
+1. Missing error handling in auth.py:45
+2. SQL injection risk in query.py:120
+3. Unused import in utils.py:3
+
+Priority: Fix items 1 and 2 immediately.`,
+      },
+    ],
+  },
+
+  // =====================================================================
+  // Codex with tool use
+  // =====================================================================
+  {
+    name: 'codex-after-tool-use',
+    description: 'Relay command after Codex tool execution',
+    input: `Running: git status
+
+On branch main
+Changes not staged for commit:
+  modified:   src/auth.ts
+
+->relay:Lead Git status shows 1 modified file: src/auth.ts
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'Git status shows 1 modified file: src/auth.ts' },
+    ],
+    expectedOutputContains: ['Running: git status', 'On branch main'],
+  },
+];
+
+export default codexOutputFixtures;

package/src/__fixtures__/gemini-outputs.ts

@@ -0,0 +1,151 @@
+/**
+ * Gemini CLI output fixtures for parser regression testing.
+ *
+ * Gemini has unique characteristics:
+ * - Uses sparkle character (✦) as output prefix
+ * - Can drop into shell mode ($ prompt)
+ * - Has specific keyword interpretation issues
+ */
+
+import type { OutputFixture } from './claude-outputs.js';
+
+/**
+ * Gemini-specific characters and patterns
+ */
+export const GEMINI = {
+  SPARKLE: '✦',
+  SHELL_PROMPT: '$',
+};
+
+export const geminiOutputFixtures: OutputFixture[] = [
+  // =====================================================================
+  // Sparkle prefix handling
+  // =====================================================================
+  {
+    name: 'gemini-sparkle-prefix',
+    description: 'Relay command with Gemini sparkle prefix',
+    input: `${GEMINI.SPARKLE} ->relay:Lead STATUS: Ready for task
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'STATUS: Ready for task' },
+    ],
+  },
+  {
+    name: 'gemini-sparkle-with-space',
+    description: 'Sparkle with extra spacing',
+    input: `${GEMINI.SPARKLE}  ->relay:Lead Message with extra space
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'Message with extra space' },
+    ],
+  },
+  {
+    name: 'gemini-multiple-sparkle-lines',
+    description: 'Multiple lines with sparkle prefix',
+    input: `${GEMINI.SPARKLE} Processing your request...
+${GEMINI.SPARKLE} ->relay:Lead Task complete
+${GEMINI.SPARKLE} Ready for next task.
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'Task complete' },
+    ],
+    expectedOutputContains: ['Processing your request', 'Ready for next task'],
+  },
+
+  // =====================================================================
+  // Shell mode detection
+  // =====================================================================
+  {
+    name: 'gemini-shell-mode-output',
+    description: 'Output that includes shell prompt',
+    input: `${GEMINI.SPARKLE} Let me run that command for you.
+$ ls -la
+total 48
+drwxr-xr-x  5 user user 4096 Jan 23 10:00 .
+${GEMINI.SPARKLE} ->relay:Lead Command executed successfully
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'Command executed successfully' },
+    ],
+    expectedOutputContains: ['$ ls -la', 'total 48'],
+  },
+
+  // =====================================================================
+  // Gemini-specific edge cases
+  // =====================================================================
+  {
+    name: 'gemini-fenced-with-sparkle',
+    description: 'Fenced message with sparkle prefix',
+    input: `${GEMINI.SPARKLE} ->relay:Lead <<<
+Here's my detailed analysis:
+
+The issue is in the authentication flow.
+Consider these changes:
+1. Update token validation
+2. Add refresh logic
+>>>
+`,
+    expectedCommands: [
+      {
+        to: 'Lead',
+        body: `Here's my detailed analysis:
+
+The issue is in the authentication flow.
+Consider these changes:
+1. Update token validation
+2. Add refresh logic`,
+      },
+    ],
+  },
+  {
+    name: 'gemini-mixed-output',
+    description: 'Mix of sparkle and non-sparkle output',
+    input: `Processing...
+${GEMINI.SPARKLE} Analyzing the codebase
+${GEMINI.SPARKLE} Found 3 issues
+->relay:Lead Analysis complete with 3 issues found
+${GEMINI.SPARKLE} Done!
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'Analysis complete with 3 issues found' },
+    ],
+  },
+
+  // =====================================================================
+  // Complex Gemini scenarios
+  // =====================================================================
+  {
+    name: 'gemini-code-execution-output',
+    description: 'Gemini executing code with relay after',
+    input: `${GEMINI.SPARKLE} I'll run the tests for you.
+
+$ npm test
+
+> project@1.0.0 test
+> vitest run
+
+ ✓ src/auth.test.ts (5 tests)
+ ✓ src/api.test.ts (12 tests)
+
+Test Files  2 passed
+Tests       17 passed
+
+${GEMINI.SPARKLE} ->relay:Lead Tests passed: 17/17. Build is green.
+`,
+    expectedCommands: [
+      { to: 'Lead', body: 'Tests passed: 17/17. Build is green.' },
+    ],
+    expectedOutputContains: ['npm test', '17 passed'],
+  },
+  {
+    name: 'gemini-broadcast',
+    description: 'Gemini sending broadcast message',
+    input: `${GEMINI.SPARKLE} ->relay:* All agents: deployment starting in 5 minutes
+`,
+    expectedCommands: [
+      { to: '*', body: 'All agents: deployment starting in 5 minutes' },
+    ],
+  },
+];
+
+export default geminiOutputFixtures;

package/src/__fixtures__/index.ts

@@ -0,0 +1,47 @@
+/**
+ * Parser regression test fixtures
+ *
+ * This module exports CLI output fixtures for testing the parser
+ * against real-world terminal output patterns.
+ *
+ * To add new fixtures:
+ * 1. Capture the problematic output from a real CLI session
+ * 2. Add it to the appropriate CLI-specific fixture file
+ * 3. Run tests to ensure parser handles it correctly
+ *
+ * When a parser bug is fixed, add a regression test fixture
+ * to prevent the bug from recurring.
+ */
+
+export { claudeOutputFixtures, type OutputFixture, ANSI } from './claude-outputs.js';
+export { geminiOutputFixtures, GEMINI } from './gemini-outputs.js';
+export { codexOutputFixtures } from './codex-outputs.js';
+
+import { claudeOutputFixtures } from './claude-outputs.js';
+import { geminiOutputFixtures } from './gemini-outputs.js';
+import { codexOutputFixtures } from './codex-outputs.js';
+
+/**
+ * All fixtures combined for comprehensive testing
+ */
+export const allFixtures = [
+  ...claudeOutputFixtures.map(f => ({ ...f, cli: 'claude' as const })),
+  ...geminiOutputFixtures.map(f => ({ ...f, cli: 'gemini' as const })),
+  ...codexOutputFixtures.map(f => ({ ...f, cli: 'codex' as const })),
+];
+
+/**
+ * Get fixtures by CLI type
+ */
+export function getFixturesByCli(cli: 'claude' | 'gemini' | 'codex') {
+  switch (cli) {
+    case 'claude':
+      return claudeOutputFixtures;
+    case 'gemini':
+      return geminiOutputFixtures;
+    case 'codex':
+      return codexOutputFixtures;
+    default:
+      return [];
+  }
+}

package/src/auth-detection.ts

@@ -0,0 +1,244 @@
+/**
+ * Auth Revocation Detection
+ *
+ * Detects when an AI CLI's authentication has been revoked.
+ * This can happen when:
+ * 1. User authenticates the same provider elsewhere (limited sessions)
+ * 2. Token expires or is invalidated
+ * 3. OAuth refresh fails
+ */
+
+/**
+ * Patterns that indicate authentication has been revoked or expired.
+ * These are typically output by Claude CLI, Codex, etc. when auth fails.
+ */
+export const AUTH_REVOCATION_PATTERNS: RegExp[] = [
+  // Session/token expiration
+  /session\s+(has\s+)?expired/i,
+  /token\s+(has\s+)?expired/i,
+  /credentials?\s+(have\s+)?expired/i,
+
+  // Login required
+  /please\s+log\s*in\s+again/i,
+  /login\s+required/i,
+  /authentication\s+required/i,
+  /must\s+(be\s+)?log(ged)?\s*in/i,
+  /you\s+need\s+to\s+log\s*in/i,
+
+  // Unauthorized
+  /\bunauthorized\b/i,
+  /not\s+authorized/i,
+  /access\s+denied/i,
+
+  // Invalid credentials
+  /invalid\s+credentials?/i,
+  /invalid\s+token/i,
+  /invalid\s+session/i,
+  /not\s+authenticated/i,
+
+  // OAuth specific
+  /oauth\s+error.*401/i,
+  /oauth\s+error.*403/i,
+  /oauth\s+token\s+(has\s+)?expired/i,
+  /refresh\s+token\s+(is\s+)?invalid/i,
+  /failed\s+to\s+refresh/i,
+  /please\s+obtain\s+a\s+new\s+token/i,
+
+  // API errors that indicate auth issues
+  /api\s+error.*401/i,
+  /api\s+error.*403/i,
+  /http\s+401/i,
+  /http\s+403/i,
+
+  // Claude-specific patterns
+  /your\s+api\s+key\s+is\s+invalid/i,
+  /api\s+key\s+not\s+found/i,
+  /signed\s+out/i,
+  /session\s+revoked/i,
+];
+
+/**
+ * Patterns that should NOT trigger auth revocation detection.
+ * These are false positives that might match auth patterns but aren't actual auth errors.
+ */
+export const AUTH_FALSE_POSITIVE_PATTERNS: RegExp[] = [
+  // Documentation or help text
+  /how\s+to\s+log\s*in/i,
+  /login\s+instructions/i,
+  /authentication\s+guide/i,
+
+  // Code comments or strings
+  /\/\/.*unauthorized/i,
+  /\/\*.*unauthorized.*\*\//i,
+  /".*unauthorized.*"/i,
+  /'.*unauthorized.*'/i,
+
+  // Error handling code
+  /catch.*unauthorized/i,
+  /handle.*auth.*error/i,
+  /if.*session.*expired/i,
+
+  // Instructional content
+  /you\s+should\s+log\s*in/i,
+  /make\s+sure\s+you('re)?\s+logged\s*in/i,
+];
+
+export interface AuthRevocationResult {
+  detected: boolean;
+  pattern?: string;
+  confidence: 'high' | 'medium' | 'low';
+  message?: string;
+}
+
+/**
+ * Detect if output indicates authentication has been revoked.
+ *
+ * @param output - The CLI output to analyze
+ * @param recentOutputOnly - If true, only check the last ~500 chars (for real-time detection)
+ * @returns Detection result with confidence level
+ */
+export function detectAuthRevocation(
+  output: string,
+  recentOutputOnly = false
+): AuthRevocationResult {
+  // If checking recent output only, truncate to last 500 chars
+  const textToCheck = recentOutputOnly ? output.slice(-500) : output;
+
+  // First check for false positives
+  for (const falsePositive of AUTH_FALSE_POSITIVE_PATTERNS) {
+    if (falsePositive.test(textToCheck)) {
+      return { detected: false, confidence: 'low' };
+    }
+  }
+
+  // Check each auth revocation pattern
+  for (const pattern of AUTH_REVOCATION_PATTERNS) {
+    const match = textToCheck.match(pattern);
+    if (match) {
+      // Determine confidence based on pattern specificity
+      const confidence = getConfidenceLevel(pattern, match[0]);
+
+      return {
+        detected: true,
+        pattern: pattern.source,
+        confidence,
+        message: match[0],
+      };
+    }
+  }
+
+  return { detected: false, confidence: 'low' };
+}
+
+/**
+ * Determine confidence level based on the matched pattern.
+ */
+function getConfidenceLevel(
+  pattern: RegExp,
+  _matchedText: string
+): 'high' | 'medium' | 'low' {
+  const patternStr = pattern.source.toLowerCase();
+
+  // High confidence: Explicit auth failure messages
+  if (
+    patternStr.includes('session') && patternStr.includes('expired') ||
+    patternStr.includes('please') && patternStr.includes('log') ||
+    patternStr.includes('authentication required') ||
+    patternStr.includes('token') && patternStr.includes('expired') ||
+    patternStr.includes('oauth') && patternStr.includes('expired') ||
+    patternStr.includes('authentication_error') ||
+    patternStr.includes('signed out') ||
+    patternStr.includes('session revoked') ||
+    patternStr.includes('obtain') && patternStr.includes('token')
+  ) {
+    return 'high';
+  }
+
+  // Medium confidence: General auth errors
+  if (
+    patternStr.includes('unauthorized') ||
+    patternStr.includes('401') ||
+    patternStr.includes('403') ||
+    patternStr.includes('invalid') && patternStr.includes('credentials')
+  ) {
+    return 'medium';
+  }
+
+  // Low confidence: Could be related to other errors
+  return 'low';
+}
+
+/**
+ * Check if the given text looks like an auth-related CLI prompt
+ * that's waiting for user action (not an error, but a request to auth).
+ */
+export function isAuthPrompt(text: string): boolean {
+  const authPromptPatterns = [
+    /open\s+this\s+url/i,
+    /visit\s+.*to\s+authorize/i,
+    /enter\s+your\s+api\s+key/i,
+    /paste\s+your\s+token/i,
+    /waiting\s+for\s+authorization/i,
+    /complete\s+login\s+in\s+browser/i,
+  ];
+
+  return authPromptPatterns.some(pattern => pattern.test(text));
+}
+
+/**
+ * Provider-specific auth detection configuration.
+ * Different AI CLIs may have different error messages.
+ */
+export const PROVIDER_AUTH_PATTERNS: Record<string, RegExp[]> = {
+  claude: [
+    /claude.*session.*expired/i,
+    /anthropic.*unauthorized/i,
+    /claude.*not\s+authenticated/i,
+    /please\s+run\s+claude\s+login/i,
+    /please\s+run\s+\/login/i,
+    /authentication_error/i,
+  ],
+  codex: [
+    /codex.*session.*expired/i,
+    /openai.*unauthorized/i,
+    /codex.*not\s+authenticated/i,
+  ],
+  gemini: [
+    /gemini.*session.*expired/i,
+    /google.*unauthorized/i,
+    /gemini.*not\s+authenticated/i,
+  ],
+};
+
+/**
+ * Detect auth revocation for a specific provider.
+ * Uses provider-specific patterns in addition to general patterns.
+ */
+export function detectProviderAuthRevocation(
+  output: string,
+  provider: string
+): AuthRevocationResult {
+  // First check general patterns
+  const generalResult = detectAuthRevocation(output, true);
+  if (generalResult.detected && generalResult.confidence === 'high') {
+    return generalResult;
+  }
+
+  // Check provider-specific patterns
+  const providerPatterns = PROVIDER_AUTH_PATTERNS[provider.toLowerCase()];
+  if (providerPatterns) {
+    for (const pattern of providerPatterns) {
+      const match = output.match(pattern);
+      if (match) {
+        return {
+          detected: true,
+          pattern: pattern.source,
+          confidence: 'high',
+          message: match[0],
+        };
+      }
+    }
+  }
+
+  return generalResult;
+}