npm - @agent-team-foundation/first-tree-hub - Versions diffs - 0.6.0 → 0.6.2 - Mend

@agent-team-foundation/first-tree-hub 0.6.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/{bootstrap-BnlTKa0H.mjs → bootstrap-DW7aIpmE.mjs} +50 -133
package/dist/cli/index.mjs +319 -117
package/dist/{core-B9bH7EjM.mjs → core-RXUUKkCO.mjs} +5008 -3951
package/dist/drizzle/0018_agent_visibility.sql +13 -0
package/dist/drizzle/0019_agent_configs.sql +30 -0
package/dist/drizzle/0020_unified_user_token.sql +148 -0
package/dist/drizzle/0021_drop_agents_profile.sql +10 -0
package/dist/drizzle/meta/0018_snapshot.json +1938 -0
package/dist/drizzle/meta/_journal.json +28 -0
package/dist/feishu-BZ8pnMrQ.mjs +832 -0
package/dist/index.mjs +4 -4
package/dist/web/assets/index-BMOr9-X2.js +308 -0
package/dist/web/assets/index-CTl4pHIL.css +1 -0
package/dist/web/index.html +2 -2
package/package.json +1 -1
package/dist/feishu-Y4m2zFc3.mjs +0 -51
package/dist/web/assets/index--kyp_ZHv.css +0 -1
package/dist/web/assets/index-C_FKYVro.js +0 -310

package/dist/{bootstrap-BnlTKa0H.mjs → bootstrap-DW7aIpmE.mjs} RENAMED Viewed

@@ -1,11 +1,10 @@
 import { t as __exportAll } from "./rolldown-runtime-twds-ZHy.mjs";
-import { chmodSync, existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
+import { existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { z } from "zod";
 import { parse, stringify } from "yaml";
 import { randomBytes } from "node:crypto";
 import { homedir } from "node:os";
-import { execSync } from "node:child_process";
 //#region ../shared/dist/config/index.mjs
 /** Declare a config field with a Zod schema and optional metadata. */
 function field(schema, options) {
@@ -27,8 +26,17 @@ function optional(shape) {
 function defineConfig(shape) {
 	return shape;
 }
+/**
+* Agent config layout on disk: `~/.first-tree-hub/config/agents/<name>/agent.yaml`.
+*
+* After the unified-user-token milestone the local config no longer stores an
+* agent bearer; authentication comes from the user's member JWT in
+* `credentials.json`. The config just pins the agent UUID and its runtime so
+* the runtime knows which agent to act as (via `X-Agent-Id`) and which
+* handler to instantiate.
+*/
 const agentConfigSchema = defineConfig({
-	token: field(z.string(), { secret: true }),
+	agentId: field(z.string().min(1)),
 	runtime: field(z.string().default("claude-code")),
 	concurrency: field(z.number().int().positive().default(5)),
 	session: {
@@ -36,23 +44,10 @@ const agentConfigSchema = defineConfig({
 		max_sessions: field(z.number().int().positive().default(10))
 	}
 });
-let _config;
 /** Store the resolved config as a singleton. Called by initConfig(). */
-function setConfig(config) {
-	_config = config;
-}
-/**
-* Get the resolved config singleton.
-* Must be called after initConfig().
-*/
-function getConfig() {
-	if (_config === void 0) throw new Error("Config not initialized. Call initConfig() first.");
-	return _config;
-}
+function setConfig(config) {}
 /** Reset the config singleton. For testing only. */
-function resetConfig() {
-	_config = void 0;
-}
+function resetConfig() {}
 const clientConfigSchema = defineConfig({
 	server: { url: field(z.string(), {
 		env: "FIRST_TREE_HUB_SERVER_URL",
@@ -68,10 +63,6 @@ const clientConfigSchema = defineConfig({
 		"error"
 	]).default("info"), { env: "FIRST_TREE_HUB_LOG_LEVEL" })
 });
-/** Typed accessor for client configuration singleton. */
-function getClientConfig() {
-	return getConfig();
-}
 const DEFAULT_HOME_DIR = process.env.FIRST_TREE_HUB_HOME ?? join(homedir(), ".first-tree-hub");
 const DEFAULT_CONFIG_DIR = join(DEFAULT_HOME_DIR, "config");
 const DEFAULT_DATA_DIR = join(DEFAULT_HOME_DIR, "data");
@@ -482,113 +473,55 @@ const serverConfigSchema = defineConfig({
 //#endregion
 //#region src/core/bootstrap.ts
 var bootstrap_exports = /* @__PURE__ */ __exportAll({
-	bootstrapToken: () => bootstrapToken,
-	checkBootstrapStatus: () => checkBootstrapStatus,
+	ensureFreshAccessToken: () => ensureFreshAccessToken,
 	ensureFreshAdminToken: () => ensureFreshAdminToken,
-	getGitHubToken: () => getGitHubToken,
-	getGitHubUsername: () => getGitHubUsername,
 	loadCredentials: () => loadCredentials,
-	maskToken: () => maskToken,
-	resolveAgentToken: () => resolveAgentToken,
+	resolveAccessToken: () => resolveAccessToken,
 	resolveServerUrl: () => resolveServerUrl,
 	saveAgentConfig: () => saveAgentConfig,
 	saveCredentials: () => saveCredentials
 });
 const CREDENTIALS_PATH = join(DEFAULT_CONFIG_DIR, "credentials.json");
 /**
-* Get the current GitHub username from `gh auth status`.
-*/
-function getGitHubUsername() {
-	try {
-		const output = execSync("gh api /user --jq .login", { encoding: "utf-8" }).trim();
-		if (!output) throw new Error("Empty response");
-		return output;
-	} catch {
-		throw new Error("Failed to get GitHub username. Ensure `gh` CLI is installed and authenticated:\n  gh auth login");
-	}
-}
-/**
-* Get the GitHub auth token from `gh auth token`.
-*/
-function getGitHubToken() {
-	try {
-		const output = execSync("gh auth token", { encoding: "utf-8" }).trim();
-		if (!output) throw new Error("Empty response");
-		return output;
-	} catch {
-		throw new Error("Failed to get GitHub token. Ensure `gh` CLI is installed and authenticated:\n  gh auth login");
-	}
-}
-/**
 * Resolve Hub server URL from flag, env, or config.
+*
+* Uses resolveConfigReadonly (not the singleton getClientConfig) so CLI entry
+* points don't have to remember to call initConfig() first.
 */
 function resolveServerUrl(flagValue) {
 	if (flagValue) return flagValue;
-	if (process.env.FIRST_TREE_HUB_SERVER) return process.env.FIRST_TREE_HUB_SERVER;
-	try {
-		const config = getClientConfig();
-		if (config.server?.url) return config.server.url;
-	} catch {}
-	throw new Error("Server URL not configured.\n  Provide via: --server <url>, FIRST_TREE_HUB_SERVER env var, or\n  first-tree-hub config set -c server.url <url>");
-}
-/**
-* Bootstrap a token for an agent using GitHub identity.
-*/
-async function bootstrapToken(serverUrl, agentName, options = {}) {
-	const githubToken = getGitHubToken();
-	const body = { name: "bootstrap" };
-	if (options.type) body.type = options.type;
-	if (options.displayName) body.displayName = options.displayName;
-	if (options.delegateMention) body.delegateMention = options.delegateMention;
-	if (options.profile) body.profile = options.profile;
-	if (options.metadata) body.metadata = options.metadata;
-	const res = await fetch(`${serverUrl}/api/v1/bootstrap/${encodeURIComponent(agentName)}/token`, {
-		method: "POST",
-		headers: {
-			"X-GitHub-Token": githubToken,
-			"Content-Type": "application/json"
-		},
-		body: JSON.stringify(body)
-	});
-	if (!res.ok) {
-		const msg = (await res.json().catch(() => ({}))).error ?? `HTTP ${res.status}`;
-		throw new Error(`Bootstrap failed for "${agentName}": ${msg}`);
+	if (process.env.FIRST_TREE_HUB_SERVER_URL) return process.env.FIRST_TREE_HUB_SERVER_URL;
+	const server = resolveConfigReadonly({
+		schema: clientConfigSchema,
+		role: "client"
+	}).server;
+	if (server !== null && typeof server === "object") {
+		const url = Reflect.get(server, "url");
+		if (typeof url === "string" && url.length > 0) return url;
 	}
-	const data = await res.json();
-	const isHuman = options.type === "human";
-	if ((options.saveTo === "agent" || !options.saveTo) && !isHuman) {
-		const configDir = join(DEFAULT_CONFIG_DIR, "agents", agentName);
-		const configPath = `${configDir}/agent.yaml`;
-		mkdirSync(configDir, {
-			recursive: true,
-			mode: 448
-		});
-		writeFileSync(configPath, `token: "${data.token}"\nruntime: claude-code\n`, { mode: 384 });
-		chmodSync(configDir, 448);
-	} else if (options.saveTo && options.saveTo !== "agent") {
-		mkdirSync(dirname(options.saveTo), { recursive: true });
-		writeFileSync(options.saveTo, data.token, { mode: 384 });
-	}
-	return data;
+	throw new Error("Server URL not configured.\n  Provide via: --server <url>, FIRST_TREE_HUB_SERVER_URL env var, or\n  first-tree-hub config set -c server.url <url>");
 }
 /**
-* Resolve agent token from FIRST_TREE_HUB_TOKEN env var.
-* Throws if not set.
+* Resolve the current member access JWT from persisted credentials.
+*
+* Unified-user-token milestone: the CLI has a single credential store and a
+* single onboarding path (`first-tree-hub connect`). The legacy
+* `FIRST_TREE_HUB_TOKEN` env var is no longer read — callers get a clear
+* error pointing at `connect` instead.
 */
-function resolveAgentToken() {
-	const token = process.env.FIRST_TREE_HUB_TOKEN;
-	if (!token) throw new Error("FIRST_TREE_HUB_TOKEN environment variable is required.");
-	return token;
+function resolveAccessToken() {
+	const creds = loadCredentials();
+	if (!creds) throw new Error("No credentials found. Run `first-tree-hub connect <server-url>` to sign in.");
+	return creds.accessToken;
 }
 /**
-* Ensure the persisted access token is fresh. Call before any admin API request
-* when using persisted credentials. Returns the (possibly refreshed) access token.
+* Ensure the persisted access token is fresh. Call before any API request
+* when using persisted credentials. Returns the (possibly refreshed) access
+* token. Service-user API keys are out of scope for this milestone.
 */
-async function ensureFreshAdminToken() {
-	const envToken = process.env.FIRST_TREE_HUB_ADMIN_TOKEN;
-	if (envToken) return envToken;
+async function ensureFreshAccessToken() {
 	const creds = loadCredentials();
-	if (!creds) throw new Error("No credentials found.\n  Run: first-tree-hub connect <server-url>\n  Or set FIRST_TREE_HUB_ADMIN_TOKEN environment variable.");
+	if (!creds) throw new Error("No credentials found. Run `first-tree-hub connect <server-url>` to sign in.");
 	if (!isTokenExpired(creds.accessToken)) return creds.accessToken;
 	const res = await fetch(`${creds.serverUrl}/api/v1/auth/refresh`, {
 		method: "POST",
@@ -596,7 +529,7 @@ async function ensureFreshAdminToken() {
 		body: JSON.stringify({ refreshToken: creds.refreshToken }),
 		signal: AbortSignal.timeout(1e4)
 	});
-	if (!res.ok) throw new Error("Access token expired and refresh failed.\n  Run: first-tree-hub connect <server-url>");
+	if (!res.ok) throw new Error("Access token expired and refresh failed. Run `first-tree-hub connect <server-url>`.");
 	const data = await res.json();
 	saveCredentials({
 		...creds,
@@ -604,7 +537,8 @@ async function ensureFreshAdminToken() {
 	});
 	return data.accessToken;
 }
-/** Check if a JWT access token is expired (with 30s margin). */
+/** Back-compat alias retained so existing call sites keep compiling. */
+const ensureFreshAdminToken = ensureFreshAccessToken;
 function isTokenExpired(token) {
 	try {
 		const parts = token.split(".");
@@ -625,7 +559,7 @@ function saveCredentials(creds) {
 	writeFileSync(CREDENTIALS_PATH, JSON.stringify(creds, null, 2), { mode: 384 });
 }
 /**
-* Load persisted credentials saved by `connect` command.
+* Load persisted credentials saved by the `connect` command.
 */
 function loadCredentials() {
 	try {
@@ -637,33 +571,16 @@ function loadCredentials() {
 	}
 }
 /**
-* Check if an agent exists and is synced.
+* Write agent config (agentId + runtime) to disk.
 */
-async function checkBootstrapStatus(serverUrl, agentName) {
-	const githubToken = getGitHubToken();
-	const res = await fetch(`${serverUrl}/api/v1/bootstrap/${encodeURIComponent(agentName)}/status`, { headers: { "X-GitHub-Token": githubToken } });
-	if (!res.ok) {
-		const body = await res.json().catch(() => ({}));
-		throw new Error(body.error ?? `HTTP ${res.status}`);
-	}
-	return await res.json();
-}
-/**
-* Write agent config (token + runtime) to disk.
-* Used by `agent create`, `agent add`, bootstrap, and server-pushed provisioning.
-*/
-function saveAgentConfig(agentName, token, runtime) {
+function saveAgentConfig(agentName, agentId, runtime) {
 	const agentDir = join(DEFAULT_CONFIG_DIR, "agents", agentName);
 	mkdirSync(agentDir, {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(join(agentDir, "agent.yaml"), `token: "${token}"\nruntime: ${runtime}\n`, { mode: 384 });
+	writeFileSync(join(agentDir, "agent.yaml"), `agentId: "${agentId}"\nruntime: ${runtime}\n`, { mode: 384 });
 	return agentDir;
 }
-/** Mask a token for display: show first 6 + last 2 chars. */
-function maskToken(token) {
-	return token.length > 8 ? `${token.slice(0, 6)}***${token.slice(-2)}` : "***";
-}
 //#endregion
-export { resetConfigMeta as C, setConfigValue as E, resetConfig as S, serverConfigSchema as T, collectMissingPrompts as _, getGitHubToken as a, loadAgents as b, resolveAgentToken as c, saveCredentials as d, DEFAULT_CONFIG_DIR as f, clientConfigSchema as g, agentConfigSchema as h, ensureFreshAdminToken as i, resolveServerUrl as l, DEFAULT_HOME_DIR as m, bootstrap_exports as n, getGitHubUsername as o, DEFAULT_DATA_DIR as p, checkBootstrapStatus as r, maskToken as s, bootstrapToken as t, saveAgentConfig as u, getConfigValue as v, resolveConfigReadonly as w, readConfigFile as x, initConfig as y };
+export { setConfigValue as C, serverConfigSchema as S, loadAgents as _, resolveAccessToken as a, resetConfigMeta as b, saveCredentials as c, DEFAULT_HOME_DIR as d, agentConfigSchema as f, initConfig as g, getConfigValue as h, loadCredentials as i, DEFAULT_CONFIG_DIR as l, collectMissingPrompts as m, ensureFreshAccessToken as n, resolveServerUrl as o, clientConfigSchema as p, ensureFreshAdminToken as r, saveAgentConfig as s, bootstrap_exports as t, DEFAULT_DATA_DIR as u, readConfigFile as v, resolveConfigReadonly as x, resetConfig as y };