@autohq/cli 0.1.105 → 0.1.107

package/dist/agent-bridge.js

@@ -19873,7 +19873,14 @@ var ProviderGrantSchema = external_exports.object({
   providerResourceSelection: ProviderResourceSelectionSchema.default({
     kind: "all"
   }),
-  status: ProviderGrantStatusSchema
+  status: ProviderGrantStatusSchema,
+  /**
+   * Scopes the server's current configuration requests that this grant has
+   * not granted. Computed at read time against the deployed scope list, never
+   * stored; present and non-empty only when a re-consent (`auto connect
+   * <provider>`) is needed to pick up scopes added since the install.
+   */
+  missingScopes: external_exports.array(external_exports.string().trim().min(1)).optional()
 });
 var ProjectProviderAccessSchema = external_exports.object({
   providerGrantId: ProviderGrantIdSchema,
@@ -20836,7 +20843,8 @@ var SecretAesGcmAuthTagSchema = external_exports.string().trim().regex(/^[A-Za-z
 var SecretEnvValueSchema = external_exports.union([
   external_exports.string(),
   external_exports.object({
-    $secret: ResourceNameSchema
+    $secret: ResourceNameSchema,
+    optional: external_exports.boolean().optional()
   })
 ]);
 var SecretEnvSchema = external_exports.record(
@@ -21630,7 +21638,14 @@ var SessionPresenceIdentitySchema = external_exports.object({
   // the presence icon endpoint.
   avatarSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional(),
   avatarUrl: external_exports.string().trim().min(1).optional(),
-  appliedIconSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional()
+  appliedIconSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional(),
+  /**
+   * Scopes the current agent-app scope set requests that this realized
+   * identity's install never granted. Computed at read time; non-empty means
+   * the install predates a scope addition and `auto sessions connect
+   * <session> --reconnect` refreshes it.
+   */
+  missingScopes: external_exports.array(external_exports.string().trim().min(1)).optional()
 });
 var SessionPresenceResponseSchema = external_exports.object({
   session: ResourceNameSchema,
@@ -26191,7 +26206,7 @@ Object.assign(lookup, {
 // package.json
 var package_default = {
   name: "@autohq/cli",
-  version: "0.1.105",
+  version: "0.1.107",
   license: "SEE LICENSE IN README.md",
   publishConfig: {
     access: "public"

package/dist/index.js

@@ -15410,7 +15410,14 @@ var init_provider_grants = __esm({
       providerResourceSelection: ProviderResourceSelectionSchema.default({
         kind: "all"
       }),
-      status: ProviderGrantStatusSchema
+      status: ProviderGrantStatusSchema,
+      /**
+       * Scopes the server's current configuration requests that this grant has
+       * not granted. Computed at read time against the deployed scope list, never
+       * stored; present and non-empty only when a re-consent (`auto connect
+       * <provider>`) is needed to pick up scopes added since the install.
+       */
+      missingScopes: external_exports.array(external_exports.string().trim().min(1)).optional()
     });
     ProjectProviderAccessSchema = external_exports.object({
       providerGrantId: ProviderGrantIdSchema,
@@ -16524,7 +16531,8 @@ var init_secrets = __esm({
     SecretEnvValueSchema = external_exports.union([
       external_exports.string(),
       external_exports.object({
-        $secret: ResourceNameSchema
+        $secret: ResourceNameSchema,
+        optional: external_exports.boolean().optional()
       })
     ]);
     SecretEnvSchema = external_exports.record(
@@ -17572,7 +17580,14 @@ var init_sessions = __esm({
       // the presence icon endpoint.
       avatarSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional(),
       avatarUrl: external_exports.string().trim().min(1).optional(),
-      appliedIconSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional()
+      appliedIconSha256: external_exports.string().regex(SHA256_HEX_PATTERN).optional(),
+      /**
+       * Scopes the current agent-app scope set requests that this realized
+       * identity's install never granted. Computed at read time; non-empty means
+       * the install predates a scope addition and `auto sessions connect
+       * <session> --reconnect` refreshes it.
+       */
+      missingScopes: external_exports.array(external_exports.string().trim().min(1)).optional()
     });
     SessionPresenceResponseSchema = external_exports.object({
       session: ResourceNameSchema,
@@ -18497,7 +18512,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "@autohq/cli",
-      version: "0.1.105",
+      version: "0.1.107",
       license: "SEE LICENSE IN README.md",
       publishConfig: {
         access: "public"
@@ -29431,7 +29446,7 @@ function connectionRows(connections, style) {
       provider: connection.provider,
       account: connection.externalAccount.loginOrName,
       grant: grant.name,
-      status: grant.status,
+      status: stale(grant) ? "reconnect needed" : grant.status,
       projects: projectSummary({
         ...connection,
         projectAccess: connection.projectAccess.filter(
@@ -29473,7 +29488,23 @@ function connectionRows(connections, style) {
     grantStatusStyle(style, row.status)(row.status.padEnd(widths.status)),
     style.dim(row.projects)
   ].join("  ");
-  return [style.heading(headerLine), ...rows.map(format)];
+  return [
+    style.heading(headerLine),
+    ...rows.map(format),
+    ...staleGrantNotices(connections, style)
+  ];
+}
+function staleGrantNotices(connections, style) {
+  return connections.flatMap(
+    (connection) => connection.grants.filter(stale).map(
+      (grant) => style.warn(
+        `grant ${grant.name}: installed before scopes ${(grant.missingScopes ?? []).join(", ")} were added \u2014 re-run \`auto connect ${connection.provider}\` to re-consent`
+      )
+    )
+  );
+}
+function stale(grant) {
+  return grant.status === "active" && (grant.missingScopes?.length ?? 0) > 0;
 }
 function providerRows(providers, style) {
   if (providers.length === 0) {
@@ -29514,6 +29545,8 @@ function grantStatusStyle(style, status) {
   switch (status) {
     case "active":
       return style.success;
+    case "reconnect needed":
+      return style.warn;
     case "error":
       return style.error;
     case "revoked":
@@ -32184,6 +32217,10 @@ async function connectSessionPresence2(input) {
   input.writeOutput(result.message);
   for (const identity2 of result.realized) {
     input.writeOutput(realizedIdentityLine(input.session, identity2));
+    const staleNotice = staleScopesLine(input.session, identity2);
+    if (staleNotice) {
+      input.writeOutput(staleNotice);
+    }
   }
   if (result.pending.length === 0) {
     await promptForIconUploads(input, options);
@@ -32262,6 +32299,12 @@ function realizedIdentityLine(session, identity2) {
   const handle = identity2.botUsername ? `persona/@${identity2.botUsername}` : `bot/${identity2.botUserId ?? ""}`;
   return `connected session/${session} workspace/${identity2.workspace} ${handle}`;
 }
+function staleScopesLine(session, identity2) {
+  if (!identity2.missingScopes?.length) {
+    return void 0;
+  }
+  return `  workspace "${identity2.workspace}" was installed before scopes ${identity2.missingScopes.join(", ")} were added; refresh with \`auto sessions connect ${session} --reconnect\``;
+}
 function manualGuidance(input) {
   if (input.allTelegram) {
     return `Open each creation link and confirm the new bot in Telegram; Auto provisions it automatically. Re-run \`auto sessions connect ${input.session}\` (or check presence) to see it realize.`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@autohq/cli",
-  "version": "0.1.105",
+  "version": "0.1.107",
   "license": "SEE LICENSE IN README.md",
   "publishConfig": {
     "access": "public"