@clinebot/core 0.0.20 → 0.0.22

package/src/session/runtime-oauth-token-manager.test.ts

@@ -1,137 +0,0 @@
-import { beforeEach, describe, expect, it, vi } from "vitest";
-import {
-	OAuthReauthRequiredError,
-	RuntimeOAuthTokenManager,
-} from "./runtime-oauth-token-manager";
-
-const {
-	getValidOpenAICodexCredentials,
-	getValidClineCredentials,
-	getValidOcaCredentials,
-} = vi.hoisted(() => ({
-	getValidOpenAICodexCredentials: vi.fn(),
-	getValidClineCredentials: vi.fn(),
-	getValidOcaCredentials: vi.fn(),
-}));
-
-vi.mock("../auth/codex", () => ({
-	getValidOpenAICodexCredentials,
-}));
-
-vi.mock("../auth/cline", () => ({
-	getValidClineCredentials,
-}));
-
-vi.mock("../auth/oca", () => ({
-	getValidOcaCredentials,
-}));
-
-describe("RuntimeOAuthTokenManager", () => {
-	beforeEach(() => {
-		vi.clearAllMocks();
-	});
-
-	it("refreshes and persists OpenAI Codex OAuth credentials", async () => {
-		const getProviderSettings = vi.fn().mockReturnValue({
-			provider: "openai-codex",
-			auth: {
-				accessToken: "access-old",
-				refreshToken: "refresh-old",
-				expiresAt: Date.now() - 1_000,
-				accountId: "acct-old",
-			},
-		});
-		const saveProviderSettings = vi.fn();
-
-		getValidOpenAICodexCredentials.mockResolvedValueOnce({
-			access: "access-new",
-			refresh: "refresh-new",
-			expires: 4_000_000_000_000,
-			accountId: "acct-new",
-		});
-
-		const manager = new RuntimeOAuthTokenManager({
-			providerSettingsManager: {
-				getProviderSettings,
-				saveProviderSettings,
-			} as never,
-		});
-
-		const result = await manager.resolveProviderApiKey({
-			providerId: "openai-codex",
-		});
-
-		expect(result).toMatchObject({
-			providerId: "openai-codex",
-			apiKey: "access-new",
-			accountId: "acct-new",
-			refreshed: true,
-		});
-		expect(saveProviderSettings).toHaveBeenCalledWith(
-			expect.objectContaining({
-				auth: expect.objectContaining({
-					accessToken: "access-new",
-					refreshToken: "refresh-new",
-					accountId: "acct-new",
-					expiresAt: 4_000_000_000_000,
-				}),
-			}),
-			{ setLastUsed: false, tokenSource: "oauth" },
-		);
-	});
-
-	it("throws re-auth required when refresh returns null", async () => {
-		getValidOpenAICodexCredentials.mockResolvedValueOnce(null);
-		const manager = new RuntimeOAuthTokenManager({
-			providerSettingsManager: {
-				getProviderSettings: vi.fn().mockReturnValue({
-					provider: "openai-codex",
-					auth: {
-						accessToken: "access-old",
-						refreshToken: "refresh-old",
-						expiresAt: Date.now() - 1_000,
-					},
-				}),
-				saveProviderSettings: vi.fn(),
-			} as never,
-		});
-
-		await expect(
-			manager.resolveProviderApiKey({ providerId: "openai-codex" }),
-		).rejects.toBeInstanceOf(OAuthReauthRequiredError);
-	});
-
-	it("de-duplicates concurrent refresh calls per provider", async () => {
-		const refreshBarrier = Promise.resolve().then(() => ({
-			access: "access-new",
-			refresh: "refresh-new",
-			expires: Date.now() + 60_000,
-		}));
-		getValidOpenAICodexCredentials.mockImplementationOnce(
-			async () => refreshBarrier,
-		);
-
-		const manager = new RuntimeOAuthTokenManager({
-			providerSettingsManager: {
-				getProviderSettings: vi.fn().mockReturnValue({
-					provider: "openai-codex",
-					auth: {
-						accessToken: "access-old",
-						refreshToken: "refresh-old",
-						expiresAt: Date.now() - 1_000,
-					},
-				}),
-				saveProviderSettings: vi.fn(),
-			} as never,
-		});
-
-		const [first, second] = await Promise.all([
-			manager.resolveProviderApiKey({ providerId: "openai-codex" }),
-			manager.resolveProviderApiKey({ providerId: "openai-codex" }),
-		]);
-
-		expect(first?.apiKey).toBe("access-new");
-		expect(second?.apiKey).toBe("access-new");
-		expect(getValidOpenAICodexCredentials).toHaveBeenCalledTimes(1);
-	});
-});

package/src/session/runtime-oauth-token-manager.ts

@@ -1,272 +0,0 @@
-import type { LlmsProviders } from "@clinebot/llms";
-import {
-	type ITelemetryService,
-	isOAuthProviderId,
-	type OAuthProviderId,
-} from "@clinebot/shared";
-import {
-	type ClineOAuthCredentials,
-	getValidClineCredentials,
-} from "../auth/cline";
-import { getValidOpenAICodexCredentials } from "../auth/codex";
-import { getValidOcaCredentials } from "../auth/oca";
-import { decodeJwtPayload } from "../auth/utils";
-import { ProviderSettingsManager } from "../storage/provider-settings-manager";
-
-const DEFAULT_CLINE_API_BASE_URL = "https://api.cline.bot";
-const WORKOS_TOKEN_PREFIX = "workos:";
-
-type ManagedOAuthProviderId = OAuthProviderId;
-
-function toStoredAccessToken(
-	providerId: ManagedOAuthProviderId,
-	accessToken: string,
-): string {
-	if (providerId === "cline") {
-		return `${WORKOS_TOKEN_PREFIX}${accessToken}`;
-	}
-	return accessToken;
-}
-
-function fromStoredAccessToken(
-	providerId: ManagedOAuthProviderId,
-	accessToken: string,
-): string {
-	if (
-		providerId === "cline" &&
-		accessToken.toLowerCase().startsWith(WORKOS_TOKEN_PREFIX)
-	) {
-		return accessToken.slice(WORKOS_TOKEN_PREFIX.length);
-	}
-	return accessToken;
-}
-
-function readExpiryFromToken(accessToken: string): number | null {
-	const payload = decodeJwtPayload(accessToken);
-	const exp = payload?.exp;
-	if (typeof exp === "number" && exp > 0) {
-		return exp * 1000;
-	}
-	return null;
-}
-
-function deriveCredentialExpiry(
-	settings: LlmsProviders.ProviderSettings,
-	normalizedAccessToken: string,
-): number {
-	const explicitExpiry = (
-		settings.auth as
-			| (LlmsProviders.ProviderSettings["auth"] & { expiresAt?: number })
-			| undefined
-	)?.expiresAt;
-	if (
-		typeof explicitExpiry === "number" &&
-		Number.isFinite(explicitExpiry) &&
-		explicitExpiry > 0
-	) {
-		return explicitExpiry;
-	}
-
-	const jwtExpiry = readExpiryFromToken(normalizedAccessToken);
-	if (jwtExpiry) {
-		return jwtExpiry;
-	}
-
-	// Unknown expiry should trigger refresh on next resolution.
-	return Date.now() - 1;
-}
-
-function toCredentials(
-	providerId: ManagedOAuthProviderId,
-	settings: LlmsProviders.ProviderSettings,
-): ClineOAuthCredentials | null {
-	const rawAccess = settings.auth?.accessToken?.trim();
-	const refreshToken = settings.auth?.refreshToken?.trim();
-	if (!rawAccess || !refreshToken) {
-		return null;
-	}
-	const access = fromStoredAccessToken(providerId, rawAccess);
-	if (!access) {
-		return null;
-	}
-
-	return {
-		access,
-		refresh: refreshToken,
-		expires: deriveCredentialExpiry(settings, access),
-		accountId: settings.auth?.accountId,
-	};
-}
-
-function authSettingsEqual(
-	a: LlmsProviders.ProviderSettings["auth"] | undefined,
-	b: LlmsProviders.ProviderSettings["auth"] | undefined,
-): boolean {
-	const aExpiry = (
-		a as
-			| (LlmsProviders.ProviderSettings["auth"] & { expiresAt?: number })
-			| undefined
-	)?.expiresAt;
-	const bExpiry = (
-		b as
-			| (LlmsProviders.ProviderSettings["auth"] & { expiresAt?: number })
-			| undefined
-	)?.expiresAt;
-	return (
-		a?.accessToken === b?.accessToken &&
-		a?.refreshToken === b?.refreshToken &&
-		a?.accountId === b?.accountId &&
-		aExpiry === bExpiry
-	);
-}
-
-export class OAuthReauthRequiredError extends Error {
-	public readonly providerId: ManagedOAuthProviderId;
-
-	constructor(providerId: ManagedOAuthProviderId) {
-		super(
-			`OAuth credentials for provider "${providerId}" are no longer valid. Re-run authentication for this provider.`,
-		);
-		this.name = "OAuthReauthRequiredError";
-		this.providerId = providerId;
-	}
-}
-
-export type RuntimeOAuthResolution = {
-	providerId: ManagedOAuthProviderId;
-	apiKey: string;
-	accountId?: string;
-	refreshed: boolean;
-};
-
-export class RuntimeOAuthTokenManager {
-	private readonly providerSettingsManager: ProviderSettingsManager;
-	private readonly telemetry?: ITelemetryService;
-	private readonly refreshInFlight = new Map<
-		ManagedOAuthProviderId,
-		Promise<RuntimeOAuthResolution | null>
-	>();
-
-	constructor(options?: {
-		providerSettingsManager?: ProviderSettingsManager;
-		telemetry?: ITelemetryService;
-	}) {
-		this.providerSettingsManager =
-			options?.providerSettingsManager ?? new ProviderSettingsManager();
-		this.telemetry = options?.telemetry;
-	}
-
-	public async resolveProviderApiKey(input: {
-		providerId: string;
-		forceRefresh?: boolean;
-	}): Promise<RuntimeOAuthResolution | null> {
-		if (!isOAuthProviderId(input.providerId)) {
-			return null;
-		}
-		return this.resolveWithSingleFlight(input.providerId, input.forceRefresh);
-	}
-
-	private async resolveWithSingleFlight(
-		providerId: ManagedOAuthProviderId,
-		forceRefresh = false,
-	): Promise<RuntimeOAuthResolution | null> {
-		const currentInFlight = this.refreshInFlight.get(providerId);
-		if (currentInFlight) {
-			return currentInFlight;
-		}
-		const pending = this.resolveProviderApiKeyInternal(providerId, forceRefresh)
-			.catch((error) => {
-				throw error;
-			})
-			.finally(() => {
-				this.refreshInFlight.delete(providerId);
-			});
-		this.refreshInFlight.set(providerId, pending);
-		return pending;
-	}
-
-	private async resolveProviderApiKeyInternal(
-		providerId: ManagedOAuthProviderId,
-		forceRefresh: boolean,
-	): Promise<RuntimeOAuthResolution | null> {
-		const settings =
-			this.providerSettingsManager.getProviderSettings(providerId);
-		if (!settings) {
-			return null;
-		}
-
-		const currentCredentials = toCredentials(providerId, settings);
-		if (!currentCredentials) {
-			return null;
-		}
-
-		const nextCredentials = await this.resolveCredentials(
-			providerId,
-			settings,
-			currentCredentials,
-			forceRefresh,
-		);
-		if (!nextCredentials) {
-			throw new OAuthReauthRequiredError(providerId);
-		}
-
-		const persistedAccessToken = toStoredAccessToken(
-			providerId,
-			nextCredentials.access,
-		);
-		const nextAuth = {
-			...(settings.auth ?? {}),
-			accessToken: persistedAccessToken,
-			refreshToken: nextCredentials.refresh,
-			accountId: nextCredentials.accountId,
-		} as LlmsProviders.ProviderSettings["auth"] & { expiresAt?: number };
-		nextAuth.expiresAt = nextCredentials.expires;
-		const nextSettings: LlmsProviders.ProviderSettings = {
-			...settings,
-			auth: nextAuth,
-		};
-		const wasRefreshed = !authSettingsEqual(settings.auth, nextSettings.auth);
-		if (wasRefreshed) {
-			this.providerSettingsManager.saveProviderSettings(nextSettings, {
-				setLastUsed: false,
-				tokenSource: "oauth",
-			});
-		}
-
-		return {
-			providerId,
-			apiKey: persistedAccessToken,
-			accountId: nextCredentials.accountId,
-			refreshed: wasRefreshed,
-		};
-	}
-
-	private async resolveCredentials(
-		providerId: ManagedOAuthProviderId,
-		settings: LlmsProviders.ProviderSettings,
-		currentCredentials: ClineOAuthCredentials,
-		forceRefresh: boolean,
-	): Promise<ClineOAuthCredentials | null> {
-		if (providerId === "cline") {
-			return getValidClineCredentials(
-				currentCredentials,
-				{
-					apiBaseUrl: settings.baseUrl?.trim() || DEFAULT_CLINE_API_BASE_URL,
-					telemetry: this.telemetry,
-				},
-				{ forceRefresh },
-			);
-		}
-		if (providerId === "oca") {
-			return getValidOcaCredentials(
-				currentCredentials,
-				{ forceRefresh, telemetry: this.telemetry },
-				{ mode: settings.oca?.mode, telemetry: this.telemetry },
-			);
-		}
-		return getValidOpenAICodexCredentials(currentCredentials, {
-			forceRefresh,
-			telemetry: this.telemetry,
-		});
-	}
-}

package/src/session/session-agent-events.ts

@@ -1,159 +0,0 @@
-import type { AgentEvent } from "@clinebot/agents";
-import {
-	captureConversationTurnEvent,
-	captureDiffEditFailure,
-	captureProviderApiError,
-	captureSkillUsed,
-	captureTokenUsage,
-	captureToolUsage,
-} from "../telemetry/core-events";
-import type { CoreSessionConfig } from "../types/config";
-import type { CoreSessionEvent } from "../types/events";
-import type { SessionAccumulatedUsage } from "./session-manager";
-import { serializeAgentEvent } from "./utils/helpers";
-import type { ActiveSession } from "./utils/types";
-import { accumulateUsageTotals } from "./utils/usage";
-
-export function extractSkillNameFromToolInput(
-	input: unknown,
-): string | undefined {
-	if (!input || typeof input !== "object") return undefined;
-	const record = input as Record<string, unknown>;
-	const skillName = record.skill ?? record.skill_name ?? record.skillName;
-	if (typeof skillName !== "string") return undefined;
-	const trimmed = skillName.trim();
-	return trimmed.length > 0 ? trimmed : undefined;
-}
-
-export interface AgentEventContext {
-	sessionId: string;
-	config: CoreSessionConfig;
-	liveSession: ActiveSession | undefined;
-	usageBySession: Map<string, SessionAccumulatedUsage>;
-	persistMessages: (
-		sessionId: string,
-		messages: unknown[],
-		systemPrompt?: string,
-	) => void;
-	emit: (event: CoreSessionEvent) => void;
-}
-
-export function handleAgentEvent(
-	ctx: AgentEventContext,
-	event: AgentEvent,
-): void {
-	const { sessionId, config, liveSession, emit } = ctx;
-	const telemetry = config.telemetry;
-
-	if (
-		event.type === "content_start" &&
-		event.contentType === "tool" &&
-		event.toolName === "skills"
-	) {
-		const skillName = extractSkillNameFromToolInput(event.input);
-		if (skillName) {
-			captureSkillUsed(telemetry, {
-				ulid: sessionId,
-				skillName,
-				skillSource: "project",
-				skillsAvailableGlobal: 0,
-				skillsAvailableProject: 0,
-				provider: config.providerId,
-				modelId: config.modelId,
-			});
-		}
-	}
-
-	if (event.type === "content_end" && event.contentType === "tool") {
-		const toolName = event.toolName ?? "unknown";
-		const success = !event.error;
-		captureToolUsage(telemetry, {
-			ulid: sessionId,
-			tool: toolName,
-			autoApproved: undefined,
-			success,
-			modelId: config.modelId,
-			provider: config.providerId,
-			isNativeToolCall: false,
-		});
-		if (!success && (toolName === "editor" || toolName === "apply_patch")) {
-			captureDiffEditFailure(telemetry, {
-				ulid: sessionId,
-				modelId: config.modelId,
-				provider: config.providerId,
-				errorType: event.error,
-				isNativeToolCall: false,
-			});
-		}
-	}
-
-	if (event.type === "notice" && event.reason === "api_error") {
-		captureProviderApiError(telemetry, {
-			ulid: sessionId,
-			model: config.modelId,
-			provider: config.providerId,
-			errorMessage: event.message,
-		});
-	}
-
-	if (event.type === "error") {
-		captureProviderApiError(telemetry, {
-			ulid: sessionId,
-			model: config.modelId,
-			provider: config.providerId,
-			errorMessage: event.error?.message ?? "unknown error",
-		});
-	}
-
-	if (event.type === "usage" && liveSession?.turnUsageBaseline) {
-		ctx.usageBySession.set(
-			sessionId,
-			accumulateUsageTotals(liveSession.turnUsageBaseline, {
-				inputTokens: event.totalInputTokens,
-				outputTokens: event.totalOutputTokens,
-				totalCost: event.totalCost,
-			}),
-		);
-		captureConversationTurnEvent(telemetry, {
-			ulid: sessionId,
-			provider: config.providerId,
-			model: config.modelId,
-			source: "assistant",
-			mode: config.mode,
-			tokensIn: event.inputTokens,
-			tokensOut: event.outputTokens,
-			cacheWriteTokens: event.cacheWriteTokens,
-			cacheReadTokens: event.cacheReadTokens,
-			totalCost: event.cost,
-			isNativeToolCall: false,
-		});
-		captureTokenUsage(telemetry, {
-			ulid: sessionId,
-			tokensIn: event.inputTokens,
-			tokensOut: event.outputTokens,
-			model: config.modelId,
-		});
-	}
-
-	if (event.type === "iteration_end") {
-		ctx.persistMessages(
-			sessionId,
-			liveSession?.agent.getMessages() ?? [],
-			liveSession?.config.systemPrompt,
-		);
-	}
-
-	emit({
-		type: "agent_event",
-		payload: { sessionId, event },
-	});
-	emit({
-		type: "chunk",
-		payload: {
-			sessionId,
-			stream: "agent",
-			chunk: serializeAgentEvent(event),
-			ts: Date.now(),
-		},
-	});
-}

package/src/session/session-artifacts.ts

@@ -1,106 +0,0 @@
-import {
-	existsSync,
-	mkdirSync,
-	readdirSync,
-	rmdirSync,
-	unlinkSync,
-} from "node:fs";
-import { dirname, join } from "node:path";
-
-export function nowIso(): string {
-	return new Date().toISOString();
-}
-
-export function unlinkIfExists(path: string | null | undefined): void {
-	if (!path || !existsSync(path)) {
-		return;
-	}
-	try {
-		unlinkSync(path);
-	} catch {
-		// Best effort cleanup.
-	}
-}
-
-export interface SessionArtifactPaths {
-	transcriptPath: string;
-	hookPath: string;
-	messagesPath: string;
-}
-
-export class SessionArtifacts {
-	constructor(private readonly ensureSessionsDir: () => string) {}
-
-	public sessionArtifactsDir(sessionId: string): string {
-		return join(this.ensureSessionsDir(), sessionId);
-	}
-
-	public ensureSessionArtifactsDir(sessionId: string): string {
-		const dir = this.sessionArtifactsDir(sessionId);
-		if (!existsSync(dir)) {
-			mkdirSync(dir, { recursive: true });
-		}
-		return dir;
-	}
-
-	public sessionTranscriptPath(sessionId: string): string {
-		return join(this.ensureSessionArtifactsDir(sessionId), `${sessionId}.log`);
-	}
-
-	public sessionHookPath(sessionId: string): string {
-		return join(
-			this.ensureSessionArtifactsDir(sessionId),
-			`${sessionId}.hooks.jsonl`,
-		);
-	}
-
-	public sessionMessagesPath(sessionId: string): string {
-		return join(
-			this.ensureSessionArtifactsDir(sessionId),
-			`${sessionId}.messages.json`,
-		);
-	}
-
-	public sessionManifestPath(sessionId: string, ensureDir = true): string {
-		const base = ensureDir
-			? this.ensureSessionArtifactsDir(sessionId)
-			: this.sessionArtifactsDir(sessionId);
-		return join(base, `${sessionId}.json`);
-	}
-
-	public removeSessionDirIfEmpty(sessionId: string): void {
-		let dir = this.sessionArtifactsDir(sessionId);
-		const sessionsDir = this.ensureSessionsDir();
-		while (dir.startsWith(sessionsDir) && dir !== sessionsDir) {
-			if (!existsSync(dir)) {
-				dir = dirname(dir);
-				continue;
-			}
-			try {
-				if (readdirSync(dir).length > 0) {
-					break;
-				}
-				rmdirSync(dir);
-			} catch {
-				// Best-effort cleanup.
-				break;
-			}
-			dir = dirname(dir);
-		}
-	}
-
-	public subagentArtifactPaths(
-		sessionId: string,
-		subAgentId: string,
-		activeTeamTaskSessionId?: string,
-	): SessionArtifactPaths {
-		void subAgentId;
-		void activeTeamTaskSessionId;
-		const dir = this.ensureSessionArtifactsDir(sessionId);
-		return {
-			transcriptPath: join(dir, `${sessionId}.log`),
-			hookPath: join(dir, `${sessionId}.hooks.jsonl`),
-			messagesPath: join(dir, `${sessionId}.messages.json`),
-		};
-	}
-}