npm - @autohq/cli - Versions diffs - 0.1.104 → 0.1.106 - Mend

@autohq/cli 0.1.104 → 0.1.106

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/agent-bridge.js CHANGED Viewed

@@ -19873,7 +19873,14 @@ var ProviderGrantSchema = external_exports.object({
   providerResourceSelection: ProviderResourceSelectionSchema.default({
     kind: "all"
   }),
-  status: ProviderGrantStatusSchema
+  status: ProviderGrantStatusSchema,
+  /**
+   * Scopes the server's current configuration requests that this grant has
+   * not granted. Computed at read time against the deployed scope list, never
+   * stored; present and non-empty only when a re-consent (`auto connect
+   * <provider>`) is needed to pick up scopes added since the install.
+   */
+  missingScopes: external_exports.array(external_exports.string().trim().min(1)).optional()
 });
 var ProjectProviderAccessSchema = external_exports.object({
   providerGrantId: ProviderGrantIdSchema,
@@ -21630,7 +21637,14 @@ var SessionPresenceIdentitySchema = external_exports.object({
   // the presence icon endpoint.
   avatarSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional(),
   avatarUrl: external_exports.string().trim().min(1).optional(),
-  appliedIconSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional()
+  appliedIconSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional(),
+  /**
+   * Scopes the current agent-app scope set requests that this realized
+   * identity's install never granted. Computed at read time; non-empty means
+   * the install predates a scope addition and `auto sessions connect
+   * <session> --reconnect` refreshes it.
+   */
+  missingScopes: external_exports.array(external_exports.string().trim().min(1)).optional()
 });
 var SessionPresenceResponseSchema = external_exports.object({
   session: ResourceNameSchema,
@@ -21848,6 +21862,14 @@ var ProjectApplyAssetsSchema = external_exports.record(
   }),
   ProjectApplyAssetSchema
 );
+var AvatarAssetUploadRequestSchema = ProjectApplyAssetSchema.omit({
+  sha256: true
+});
+var AvatarAssetUploadResponseSchema = external_exports.object({
+  sha256: external_exports.string().regex(/^[a-f0-9]{64}$/),
+  contentType: external_exports.enum(AVATAR_ASSET_CONTENT_TYPES),
+  sizeBytes: external_exports.number().int().positive()
+});
 var ProjectApplyRequestSchema = external_exports.object({
   delete: external_exports.array(ProjectDeleteResourceSchema).default([]),
   dryRun: external_exports.boolean().default(false),
@@ -26183,7 +26205,7 @@ Object.assign(lookup, {
 // package.json
 var package_default = {
   name: "@autohq/cli",
-  version: "0.1.104",
+  version: "0.1.106",
   license: "SEE LICENSE IN README.md",
   publishConfig: {
     access: "public"

package/dist/index.js CHANGED Viewed

@@ -15410,7 +15410,14 @@ var init_provider_grants = __esm({
       providerResourceSelection: ProviderResourceSelectionSchema.default({
         kind: "all"
       }),
-      status: ProviderGrantStatusSchema
+      status: ProviderGrantStatusSchema,
+      /**
+       * Scopes the server's current configuration requests that this grant has
+       * not granted. Computed at read time against the deployed scope list, never
+       * stored; present and non-empty only when a re-consent (`auto connect
+       * <provider>`) is needed to pick up scopes added since the install.
+       */
+      missingScopes: external_exports.array(external_exports.string().trim().min(1)).optional()
     });
     ProjectProviderAccessSchema = external_exports.object({
       providerGrantId: ProviderGrantIdSchema,
@@ -17572,7 +17579,14 @@ var init_sessions = __esm({
       // the presence icon endpoint.
       avatarSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional(),
       avatarUrl: external_exports.string().trim().min(1).optional(),
-      appliedIconSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional()
+      appliedIconSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional(),
+      /**
+       * Scopes the current agent-app scope set requests that this realized
+       * identity's install never granted. Computed at read time; non-empty means
+       * the install predates a scope addition and `auto sessions connect
+       * <session> --reconnect` refreshes it.
+       */
+      missingScopes: external_exports.array(external_exports.string().trim().min(1)).optional()
     });
     SessionPresenceResponseSchema = external_exports.object({
       session: ResourceNameSchema,
@@ -17628,7 +17642,7 @@ var init_sessions = __esm({
 });
 // ../../packages/schemas/src/project-resources.ts
-var EnvironmentApplyDocumentSchema, ProfileApplyDocumentSchema, ToolApplyDocumentSchema, SessionApplyDocumentSchema, ProjectApplyResourceSchema, PROJECT_RESOURCE_KINDS, ProjectDeleteResourceSchema, AVATAR_ASSET_CONTENT_TYPES, MAX_AVATAR_ASSET_BASE64_LENGTH, ProjectApplyAssetSchema, ProjectApplyAssetsSchema, ProjectApplyRequestSchema, ProjectApplySystemConfigSchema, ProjectAppliedResourceSchema, ProjectApplyDiagnosticSchema, ProjectApplyResponseSchema;
+var EnvironmentApplyDocumentSchema, ProfileApplyDocumentSchema, ToolApplyDocumentSchema, SessionApplyDocumentSchema, ProjectApplyResourceSchema, PROJECT_RESOURCE_KINDS, ProjectDeleteResourceSchema, AVATAR_ASSET_CONTENT_TYPES, MAX_AVATAR_ASSET_BASE64_LENGTH, ProjectApplyAssetSchema, ProjectApplyAssetsSchema, AvatarAssetUploadRequestSchema, AvatarAssetUploadResponseSchema, ProjectApplyRequestSchema, ProjectApplySystemConfigSchema, ProjectAppliedResourceSchema, ProjectApplyDiagnosticSchema, ProjectApplyResponseSchema;
 var init_project_resources = __esm({
   "../../packages/schemas/src/project-resources.ts"() {
     "use strict";
@@ -17678,6 +17692,14 @@ var init_project_resources = __esm({
       }),
       ProjectApplyAssetSchema
     );
+    AvatarAssetUploadRequestSchema = ProjectApplyAssetSchema.omit({
+      sha256: true
+    });
+    AvatarAssetUploadResponseSchema = external_exports.object({
+      sha256: external_exports.string().regex(/^[a-f0-9]{64}$/),
+      contentType: external_exports.enum(AVATAR_ASSET_CONTENT_TYPES),
+      sizeBytes: external_exports.number().int().positive()
+    });
     ProjectApplyRequestSchema = external_exports.object({
       delete: external_exports.array(ProjectDeleteResourceSchema).default([]),
       dryRun: external_exports.boolean().default(false),
@@ -18489,7 +18511,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "@autohq/cli",
-      version: "0.1.104",
+      version: "0.1.106",
       license: "SEE LICENSE IN README.md",
       publishConfig: {
         access: "public"
@@ -18920,6 +18942,8 @@ function createResourceApi(context) {
   });
   return {
     applyEnvironmentResource: environments.apply,
+    hasAvatarAsset: (request, options) => hasAvatarAsset(context, request, options ?? {}),
+    uploadAvatarAsset: (request, options) => uploadAvatarAsset(context, request, options ?? {}),
     applyProjectResources: (request, options) => applyProjectResources(
       context,
       request,
@@ -18945,6 +18969,58 @@ function createResourceApi(context) {
     updateProjectServiceAccount: (request, options) => updateProjectServiceAccount(context, request, options ?? {})
   };
 }
+async function hasAvatarAsset(context, request, options) {
+  const response = await context.authenticatedFetch(
+    context.apiUrl(
+      apiPath(`/avatars/${encodeURIComponent(request.sha256)}`),
+      options.apiBaseUrl
+    ),
+    { method: "HEAD" },
+    options.apiBaseUrl
+  );
+  if (response.ok) {
+    return true;
+  }
+  if (response.status === 404) {
+    return false;
+  }
+  throw new Error(await responseErrorMessage(response));
+}
+async function uploadAvatarAsset(context, request, options) {
+  const path2 = await avatarAssetUploadPath(context, request.sha256);
+  const response = await context.authenticatedFetch(
+    context.apiUrl(path2, options.apiBaseUrl),
+    {
+      method: "PUT",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({
+        contentType: request.contentType,
+        dataBase64: request.dataBase64
+      })
+    },
+    options.apiBaseUrl
+  );
+  if (response.status === 404) {
+    throw new AvatarAssetUploadUnsupportedError(
+      await responseErrorMessage(response)
+    );
+  }
+  if (!response.ok) {
+    throw new Error(await responseErrorMessage(response));
+  }
+  return AvatarAssetUploadResponseSchema.parse(await response.json());
+}
+async function avatarAssetUploadPath(context, sha256) {
+  const subpath = `/avatar-assets/${encodeURIComponent(sha256)}`;
+  try {
+    return projectApiPath(await context.activeProject(), subpath);
+  } catch (error51) {
+    if (context.shouldTryProjectInferredAuth()) {
+      return apiPath(`/project${subpath}`);
+    }
+    throw error51;
+  }
+}
 async function listProjectServiceAccounts(context, options) {
   const project = await context.activeProject();
   const response = await context.authenticatedFetch(
@@ -19249,13 +19325,15 @@ async function listProjectResources(context, endpoint, options) {
   }
   return await response.json();
 }
-var SlackConfigTokenRequiredError;
+var AvatarAssetUploadUnsupportedError, SlackConfigTokenRequiredError;
 var init_resources2 = __esm({
   "src/lib/api/resources.ts"() {
     "use strict";
     init_src();
     init_errors3();
     init_paths();
+    AvatarAssetUploadUnsupportedError = class extends Error {
+    };
     SlackConfigTokenRequiredError = class extends Error {
       workspace;
       constructor(message, workspace) {
@@ -20935,6 +21013,98 @@ var init_connect = __esm({
   }
 });
+// src/commands/apply/assets.ts
+async function resolveApplyAssets(input) {
+  const entries = Object.entries(input.request.assets);
+  if (entries.length === 0) {
+    return { resources: input.request.resources, assets: {} };
+  }
+  const probes = await Promise.all(
+    entries.map(async ([path2, asset]) => ({
+      path: path2,
+      asset,
+      stored: await input.client.hasAvatarAsset(
+        { sha256: asset.sha256 },
+        { apiBaseUrl: input.apiBaseUrl }
+      )
+    }))
+  );
+  const inline2 = {};
+  for (const probe of probes) {
+    if (probe.stored) {
+      continue;
+    }
+    if (input.dryRun) {
+      inline2[probe.path] = probe.asset;
+      continue;
+    }
+    if (!await uploadAvatarAsset2(input.client, probe.asset, input.apiBaseUrl)) {
+      inline2[probe.path] = probe.asset;
+    }
+  }
+  const resources = input.request.resources.map(
+    (resource) => stampAvatarSha256(resource, input.request.assets)
+  );
+  return { resources, assets: inline2 };
+}
+function assertApplyRequestBodySize(input) {
+  const bytes = Buffer.byteLength(input.body, "utf8");
+  if (bytes <= MAX_APPLY_REQUEST_BODY_BYTES) {
+    return;
+  }
+  const paths = Object.keys(input.assets);
+  const assetDetail = paths.length > 0 ? ` ${paths.length} avatar asset(s) are not yet stored on the server, so their bytes must ride this request: ${paths.join(", ")}. Apply the sessions referencing them in smaller batches (auto apply -f <file> --no-prune) or shrink the image files.` : "";
+  throw new Error(
+    `Apply request body is ${formatMegabytes(bytes)}MB, over the ~4.5MB server request limit.${assetDetail}`
+  );
+}
+async function uploadAvatarAsset2(client, asset, apiBaseUrl) {
+  try {
+    await client.uploadAvatarAsset(asset, { apiBaseUrl });
+    return true;
+  } catch (error51) {
+    if (error51 instanceof AvatarAssetUploadUnsupportedError) {
+      return false;
+    }
+    throw error51;
+  }
+}
+function stampAvatarSha256(resource, assets) {
+  if (resource.kind !== "session") {
+    return resource;
+  }
+  const identity2 = resource.spec.identity;
+  const avatar = identity2?.avatar;
+  if (!identity2 || !avatar) {
+    return resource;
+  }
+  const asset = assets[avatar.asset];
+  if (!asset) {
+    return resource;
+  }
+  return {
+    ...resource,
+    spec: {
+      ...resource.spec,
+      identity: {
+        ...identity2,
+        avatar: { asset: avatar.asset, sha256: asset.sha256 }
+      }
+    }
+  };
+}
+function formatMegabytes(bytes) {
+  return (bytes / (1024 * 1024)).toFixed(1);
+}
+var MAX_APPLY_REQUEST_BODY_BYTES;
+var init_assets = __esm({
+  "src/commands/apply/assets.ts"() {
+    "use strict";
+    init_resources2();
+    MAX_APPLY_REQUEST_BODY_BYTES = 4 * 1024 * 1024;
+  }
+});
 // src/commands/apply/files.ts
 import { createHash as createHash2 } from "crypto";
 import {
@@ -21279,16 +21449,27 @@ async function applyResource(input) {
 }
 async function applyProjectInput(input) {
   const style = input.style ?? plainStyle;
-  const response = await input.client.applyProjectResources(
-    {
-      ...input.request.delete.length > 0 ? { delete: input.request.delete } : {},
-      dryRun: input.commandOptions.dryRun ?? input.request.dryRun,
-      prune: input.commandOptions.prune ?? input.request.prune,
-      resources: input.request.resources,
-      ...Object.keys(input.request.assets).length > 0 ? { assets: input.request.assets } : {}
-    },
-    { apiBaseUrl: input.commandOptions.apiBaseUrl }
-  );
+  const dryRun = input.commandOptions.dryRun ?? input.request.dryRun;
+  const resolved = await resolveApplyAssets({
+    client: input.client,
+    request: input.request,
+    apiBaseUrl: input.commandOptions.apiBaseUrl,
+    dryRun
+  });
+  const request = {
+    ...input.request.delete.length > 0 ? { delete: input.request.delete } : {},
+    dryRun,
+    prune: input.commandOptions.prune ?? input.request.prune,
+    resources: resolved.resources,
+    ...Object.keys(resolved.assets).length > 0 ? { assets: resolved.assets } : {}
+  };
+  assertApplyRequestBodySize({
+    body: JSON.stringify(request),
+    assets: resolved.assets
+  });
+  const response = await input.client.applyProjectResources(request, {
+    apiBaseUrl: input.commandOptions.apiBaseUrl
+  });
   const resources = response.resources.map((resource, index) => ({
     kind: appliedResourceKind(input.request, response, index),
     resource
@@ -21391,6 +21572,7 @@ var init_actions = __esm({
     "use strict";
     init_style();
     init_connect();
+    init_assets();
     init_files();
   }
 });
@@ -29263,7 +29445,7 @@ function connectionRows(connections, style) {
       provider: connection.provider,
       account: connection.externalAccount.loginOrName,
       grant: grant.name,
-      status: grant.status,
+      status: stale(grant) ? "reconnect needed" : grant.status,
       projects: projectSummary({
         ...connection,
         projectAccess: connection.projectAccess.filter(
@@ -29305,7 +29487,23 @@ function connectionRows(connections, style) {
     grantStatusStyle(style, row.status)(row.status.padEnd(widths.status)),
     style.dim(row.projects)
   ].join("  ");
-  return [style.heading(headerLine), ...rows.map(format)];
+  return [
+    style.heading(headerLine),
+    ...rows.map(format),
+    ...staleGrantNotices(connections, style)
+  ];
+}
+function staleGrantNotices(connections, style) {
+  return connections.flatMap(
+    (connection) => connection.grants.filter(stale).map(
+      (grant) => style.warn(
+        `grant ${grant.name}: installed before scopes ${(grant.missingScopes ?? []).join(", ")} were added \u2014 re-run \`auto connect ${connection.provider}\` to re-consent`
+      )
+    )
+  );
+}
+function stale(grant) {
+  return grant.status === "active" && (grant.missingScopes?.length ?? 0) > 0;
 }
 function providerRows(providers, style) {
   if (providers.length === 0) {
@@ -29346,6 +29544,8 @@ function grantStatusStyle(style, status) {
   switch (status) {
     case "active":
       return style.success;
+    case "reconnect needed":
+      return style.warn;
     case "error":
       return style.error;
     case "revoked":
@@ -32016,6 +32216,10 @@ async function connectSessionPresence2(input) {
   input.writeOutput(result.message);
   for (const identity2 of result.realized) {
     input.writeOutput(realizedIdentityLine(input.session, identity2));
+    const staleNotice = staleScopesLine(input.session, identity2);
+    if (staleNotice) {
+      input.writeOutput(staleNotice);
+    }
   }
   if (result.pending.length === 0) {
     await promptForIconUploads(input, options);
@@ -32094,6 +32298,12 @@ function realizedIdentityLine(session, identity2) {
   const handle = identity2.botUsername ? `persona/@${identity2.botUsername}` : `bot/${identity2.botUserId ?? ""}`;
   return `connected session/${session} workspace/${identity2.workspace} ${handle}`;
 }
+function staleScopesLine(session, identity2) {
+  if (!identity2.missingScopes?.length) {
+    return void 0;
+  }
+  return `  workspace "${identity2.workspace}" was installed before scopes ${identity2.missingScopes.join(", ")} were added; refresh with \`auto sessions connect ${session} --reconnect\``;
+}
 function manualGuidance(input) {
   if (input.allTelegram) {
     return `Open each creation link and confirm the new bot in Telegram; Auto provisions it automatically. Re-run \`auto sessions connect ${input.session}\` (or check presence) to see it realize.`;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@autohq/cli",
-  "version": "0.1.104",
+  "version": "0.1.106",
   "license": "SEE LICENSE IN README.md",
   "publishConfig": {
     "access": "public"