@desplega.ai/agent-swarm 1.63.0 → 1.64.0

package/src/telemetry.ts

@@ -0,0 +1,109 @@
+/**
+ * Anonymized telemetry for agent-swarm.
+ *
+ * - Opt-out via ANONYMIZED_TELEMETRY=false
+ * - Fire-and-forget: never throws, never blocks
+ * - No external dependencies (uses global fetch + node:crypto)
+ * - Importable from both API server and workers
+ */
+import { randomUUID } from "node:crypto";
+
+const TELEMETRY_ENDPOINT = "https://proxy.desplega.sh/v1/events";
+const PRODUCT = "agent-swarm";
+const TIMEOUT_MS = 5_000;
+
+let installationId: string | null = null;
+let source = "unknown";
+
+function isEnabled(): boolean {
+  return process.env.ANONYMIZED_TELEMETRY !== "false";
+}
+
+/**
+ * Initialize telemetry. Call once at startup.
+ * @param sourceId - "api-server" or "worker"
+ * @param getConfig - reads a key from swarm_config (global scope)
+ * @param setConfig - writes a key to swarm_config (global scope)
+ */
+export async function initTelemetry(
+  sourceId: string,
+  getConfig: (key: string) => Promise<string | undefined> | string | undefined,
+  setConfig: (key: string, value: string) => Promise<void> | void,
+): Promise<void> {
+  if (!isEnabled()) return;
+  source = sourceId;
+  try {
+    const existing = await getConfig("telemetry_installation_id");
+    if (existing) {
+      installationId = existing;
+    } else {
+      installationId = `install_${randomUUID().replace(/-/g, "").slice(0, 16)}`;
+      await setConfig("telemetry_installation_id", installationId);
+    }
+  } catch {
+    // Config access failed — generate ephemeral ID so telemetry still works this session
+    installationId = `ephemeral_${randomUUID().replace(/-/g, "").slice(0, 16)}`;
+  }
+}
+
+interface TrackOptions {
+  event: string;
+  properties?: Record<string, unknown>;
+  metadata?: Record<string, unknown>;
+}
+
+/** Fire-and-forget telemetry event. Never throws, never blocks. */
+export function track(options: TrackOptions): void {
+  if (!isEnabled() || !installationId) return;
+  try {
+    const payload = {
+      product: PRODUCT,
+      event: options.event,
+      occurred_at: new Date().toISOString(),
+      source,
+      actor_mode: "anonymous" as const,
+      actor_anonymous_id: installationId,
+      properties: options.properties ?? {},
+      metadata: {
+        transport: "https",
+        schema_version: 1,
+        environment: process.env.NODE_ENV ?? "production",
+        ...options.metadata,
+      },
+    };
+    fetch(TELEMETRY_ENDPOINT, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload),
+      signal: AbortSignal.timeout(TIMEOUT_MS),
+    }).catch(() => {});
+  } catch {
+    // Never throw
+  }
+}
+
+export const telemetry = {
+  taskEvent(
+    event: string,
+    props: {
+      taskId: string;
+      source?: string;
+      tags?: string[];
+      durationMs?: number;
+      hasParent?: boolean;
+      agentId?: string;
+      priority?: number;
+      [k: string]: unknown;
+    },
+  ): void {
+    track({ event: `task.${event}`, properties: props });
+  },
+
+  server(event: string, props?: Record<string, unknown>): void {
+    track({ event: `server.${event}`, properties: props ?? {} });
+  },
+
+  session(event: string, props: { agentId: string; taskId?: string; [k: string]: unknown }): void {
+    track({ event: `session.${event}`, properties: props });
+  },
+};

package/src/tests/codex-login.test.ts

@@ -0,0 +1,155 @@
+import { describe, expect, it, mock } from "bun:test";
+
+import { resolveCodexLoginConfig, runCodexLogin } from "../commands/codex-login.js";
+
+describe("resolveCodexLoginConfig", () => {
+  it("uses defaults without prompts when not interactive", async () => {
+    const promptText = mock(async () => {
+      throw new Error("should not prompt for text");
+    });
+    const promptSecret = mock(async () => {
+      throw new Error("should not prompt for secret");
+    });
+
+    const result = await resolveCodexLoginConfig([], {
+      env: {},
+      isInteractive: false,
+      promptText,
+      promptSecret,
+    });
+
+    expect(result).toEqual({
+      apiUrl: "http://localhost:3013",
+      apiKey: "123123",
+    });
+    expect(promptText).not.toHaveBeenCalled();
+    expect(promptSecret).not.toHaveBeenCalled();
+  });
+
+  it("prompts for api url and api key in interactive mode", async () => {
+    const promptText = mock(async () => "https://swarm.example.com");
+    const promptSecret = mock(async () => "super-secret");
+
+    const result = await resolveCodexLoginConfig([], {
+      env: {},
+      isInteractive: true,
+      promptText,
+      promptSecret,
+    });
+
+    expect(result).toEqual({
+      apiUrl: "https://swarm.example.com",
+      apiKey: "super-secret",
+    });
+    expect(promptText).toHaveBeenCalledWith("Swarm API URL", "http://localhost:3013");
+    expect(promptSecret).toHaveBeenCalledWith(
+      "Swarm API key",
+      "123123",
+      "Press Enter to use the default local API key",
+    );
+  });
+
+  it("uses environment defaults when interactive prompts are left blank", async () => {
+    const promptText = mock(async () => "");
+    const promptSecret = mock(async () => "");
+
+    const result = await resolveCodexLoginConfig([], {
+      env: {
+        MCP_BASE_URL: "https://env.example.com",
+        API_KEY: "env-secret",
+      },
+      isInteractive: true,
+      promptText,
+      promptSecret,
+    });
+
+    expect(result).toEqual({
+      apiUrl: "https://env.example.com",
+      apiKey: "env-secret",
+    });
+    expect(promptSecret).toHaveBeenCalledWith(
+      "Swarm API key",
+      "env-secret",
+      "Press Enter to use API_KEY from the environment",
+    );
+  });
+
+  it("does not prompt when flags are provided", async () => {
+    const promptText = mock(async () => {
+      throw new Error("should not prompt for text");
+    });
+    const promptSecret = mock(async () => {
+      throw new Error("should not prompt for secret");
+    });
+
+    const result = await resolveCodexLoginConfig(
+      ["--api-url", "https://flag.example.com", "--api-key", "flag-secret"],
+      {
+        env: {
+          MCP_BASE_URL: "https://env.example.com",
+          API_KEY: "env-secret",
+        },
+        isInteractive: true,
+        promptText,
+        promptSecret,
+      },
+    );
+
+    expect(result).toEqual({
+      apiUrl: "https://flag.example.com",
+      apiKey: "flag-secret",
+    });
+    expect(promptText).not.toHaveBeenCalled();
+    expect(promptSecret).not.toHaveBeenCalled();
+  });
+
+  it("prompts only for the missing value when one flag is provided", async () => {
+    const promptText = mock(async () => {
+      throw new Error("should not prompt for api url");
+    });
+    const promptSecret = mock(async () => "prompted-secret");
+
+    const result = await resolveCodexLoginConfig(["--api-url", "https://flag.example.com"], {
+      env: {},
+      isInteractive: true,
+      promptText,
+      promptSecret,
+    });
+
+    expect(result).toEqual({
+      apiUrl: "https://flag.example.com",
+      apiKey: "prompted-secret",
+    });
+    expect(promptText).not.toHaveBeenCalled();
+    expect(promptSecret).toHaveBeenCalledTimes(1);
+  });
+});
+
+describe("runCodexLogin", () => {
+  it("handles prompt cancellation cleanly before starting OAuth", async () => {
+    const error = mock(() => {});
+    const exit = mock(() => {});
+    const login = mock(async () => {
+      throw new Error("should not start oauth");
+    });
+    const store = mock(async () => {
+      throw new Error("should not store");
+    });
+
+    await runCodexLogin([], {
+      resolveConfig: async () => {
+        throw new Error("Aborted");
+      },
+      login,
+      store,
+      log: () => {},
+      error,
+      exit,
+    });
+
+    expect(error).toHaveBeenCalledWith("\nError: Aborted");
+    expect(exit).toHaveBeenCalledWith(1);
+    expect(login).not.toHaveBeenCalled();
+    expect(store).not.toHaveBeenCalled();
+  });
+});

package/src/tests/codex-oauth-storage.test.ts

@@ -0,0 +1,306 @@
+import { afterEach, describe, expect, it } from "bun:test";
+import { resetFetchForTesting, setFetchForTesting } from "../providers/codex-oauth/flow.js";
+import {
+  deleteCodexOAuth,
+  getValidCodexOAuth,
+  loadCodexOAuth,
+  storeCodexOAuth,
+} from "../providers/codex-oauth/storage.js";
+import type { CodexOAuthCredentials } from "../providers/codex-oauth/types.js";
+
+const MOCK_API_URL = "http://localhost:3013";
+const MOCK_API_KEY = "test-api-key";
+
+const mockCreds: CodexOAuthCredentials = {
+  access: "at_test123",
+  refresh: "rt_test456",
+  expires: Date.now() + 3600000,
+  accountId: "acc-test-789",
+};
+
+describe("storeCodexOAuth", () => {
+  const originalFetch = globalThis.fetch;
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+  });
+
+  it("sends correct PUT request with isSecret: true", async () => {
+    let capturedBody: unknown = null;
+    globalThis.fetch = async (_url: string | URL | Request, init?: RequestInit) => {
+      capturedBody = JSON.parse(init?.body as string);
+      return new Response(
+        JSON.stringify({ id: "cfg-1", key: "codex_oauth", scope: "global", value: "stored" }),
+        { status: 200, headers: { "Content-Type": "application/json" } },
+      );
+    };
+
+    await storeCodexOAuth(MOCK_API_URL, MOCK_API_KEY, mockCreds);
+
+    expect(capturedBody).not.toBeNull();
+    const body = capturedBody as Record<string, unknown>;
+    expect(body.scope).toBe("global");
+    expect(body.key).toBe("codex_oauth");
+    expect(body.isSecret).toBe(true);
+    expect(JSON.parse(body.value as string)).toEqual(mockCreds);
+  });
+
+  it("throws on HTTP error", async () => {
+    globalThis.fetch = async () => new Response("Server Error", { status: 500 });
+
+    await expect(storeCodexOAuth(MOCK_API_URL, MOCK_API_KEY, mockCreds)).rejects.toThrow(
+      "Failed to store codex_oauth config",
+    );
+  });
+});
+
+describe("loadCodexOAuth", () => {
+  const originalFetch = globalThis.fetch;
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+  });
+
+  it("parses config response correctly", async () => {
+    globalThis.fetch = async () =>
+      new Response(
+        JSON.stringify({
+          configs: [
+            {
+              id: "cfg-1",
+              key: "codex_oauth",
+              value: JSON.stringify(mockCreds),
+              scope: "global",
+            },
+          ],
+        }),
+        { status: 200, headers: { "Content-Type": "application/json" } },
+      );
+
+    const result = await loadCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).not.toBeNull();
+    expect(result!.access).toBe(mockCreds.access);
+    expect(result!.refresh).toBe(mockCreds.refresh);
+    expect(result!.accountId).toBe(mockCreds.accountId);
+  });
+
+  it("returns null when no config found", async () => {
+    globalThis.fetch = async () =>
+      new Response(JSON.stringify({ configs: [] }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      });
+
+    const result = await loadCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).toBeNull();
+  });
+
+  it("returns null on HTTP error", async () => {
+    globalThis.fetch = async () => new Response("Not Found", { status: 404 });
+
+    const result = await loadCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).toBeNull();
+  });
+
+  it("returns null on network error", async () => {
+    globalThis.fetch = async () => {
+      throw new Error("ConnectionRefused");
+    };
+
+    const result = await loadCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).toBeNull();
+  });
+
+  it("returns null on invalid JSON value", async () => {
+    globalThis.fetch = async () =>
+      new Response(
+        JSON.stringify({
+          configs: [{ id: "cfg-1", key: "codex_oauth", value: "not-json", scope: "global" }],
+        }),
+        { status: 200, headers: { "Content-Type": "application/json" } },
+      );
+
+    const result = await loadCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).toBeNull();
+  });
+});
+
+describe("deleteCodexOAuth", () => {
+  const originalFetch = globalThis.fetch;
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+  });
+
+  it("sends DELETE request for the config entry", async () => {
+    let deleteUrl = "";
+    globalThis.fetch = async (url: string | URL | Request, init?: RequestInit) => {
+      const urlStr = typeof url === "string" ? url : url.toString();
+      const method = init?.method || "GET";
+
+      if (method === "DELETE") {
+        deleteUrl = urlStr;
+      }
+
+      if (urlStr.includes("config/resolved")) {
+        return new Response(
+          JSON.stringify({
+            configs: [{ id: "cfg-123", key: "codex_oauth", value: "{}", scope: "global" }],
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        );
+      }
+
+      return new Response(JSON.stringify({ success: true }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      });
+    };
+
+    await deleteCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(deleteUrl).toContain("cfg-123");
+  });
+
+  it("does nothing when no config found", async () => {
+    let deleteCalled = false;
+    globalThis.fetch = async (url: string | URL | Request, init?: RequestInit) => {
+      const method = init?.method || "GET";
+      if (method === "DELETE") {
+        deleteCalled = true;
+      }
+      return new Response(JSON.stringify({ configs: [] }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      });
+    };
+
+    await deleteCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(deleteCalled).toBe(false);
+  });
+});
+
+describe("getValidCodexOAuth", () => {
+  const originalFetch = globalThis.fetch;
+
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+    resetFetchForTesting();
+  });
+
+  it("returns cached credentials when not expired", async () => {
+    globalThis.fetch = async () =>
+      new Response(
+        JSON.stringify({
+          configs: [
+            {
+              id: "cfg-1",
+              key: "codex_oauth",
+              value: JSON.stringify({ ...mockCreds, expires: Date.now() + 3600000 }),
+              scope: "global",
+            },
+          ],
+        }),
+        { status: 200, headers: { "Content-Type": "application/json" } },
+      );
+
+    const result = await getValidCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).not.toBeNull();
+    expect(result!.access).toBe(mockCreds.access);
+  });
+
+  it("refreshes expired tokens and re-stores", async () => {
+    let putCalled = false;
+    const expiredCreds = { ...mockCreds, expires: Date.now() - 1000 };
+
+    globalThis.fetch = async (url: string | URL | Request, init?: RequestInit) => {
+      const urlStr = typeof url === "string" ? url : url.toString();
+      const method = init?.method || "GET";
+
+      if (method === "GET" && urlStr.includes("config/resolved")) {
+        return new Response(
+          JSON.stringify({
+            configs: [
+              {
+                id: "cfg-1",
+                key: "codex_oauth",
+                value: JSON.stringify(expiredCreds),
+                scope: "global",
+              },
+            ],
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        );
+      }
+
+      if (method === "PUT") {
+        putCalled = true;
+        return new Response(JSON.stringify({ id: "cfg-1", key: "codex_oauth", scope: "global" }), {
+          status: 200,
+          headers: { "Content-Type": "application/json" },
+        });
+      }
+
+      return new Response("Not Found", { status: 404 });
+    };
+
+    setFetchForTesting(
+      async () =>
+        new Response(
+          JSON.stringify({
+            access_token: "at_refreshed",
+            refresh_token: "rt_refreshed",
+            expires_in: 3600,
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        ),
+    );
+
+    const result = await getValidCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).not.toBeNull();
+    expect(result!.access).toBe("at_refreshed");
+    expect(result!.refresh).toBe("rt_refreshed");
+    expect(putCalled).toBe(true);
+  });
+
+  it("returns null when refresh fails", async () => {
+    const expiredCreds = { ...mockCreds, expires: Date.now() - 1000 };
+
+    globalThis.fetch = async (url: string | URL | Request) => {
+      const urlStr = typeof url === "string" ? url : url.toString();
+
+      if (urlStr.includes("config/resolved")) {
+        return new Response(
+          JSON.stringify({
+            configs: [
+              {
+                id: "cfg-1",
+                key: "codex_oauth",
+                value: JSON.stringify(expiredCreds),
+                scope: "global",
+              },
+            ],
+          }),
+          { status: 200, headers: { "Content-Type": "application/json" } },
+        );
+      }
+
+      return new Response("Not Found", { status: 404 });
+    };
+
+    setFetchForTesting(() => new Response("Unauthorized", { status: 401 }));
+
+    const result = await getValidCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).toBeNull();
+  });
+
+  it("returns null when no credentials stored", async () => {
+    globalThis.fetch = async () =>
+      new Response(JSON.stringify({ configs: [] }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      });
+
+    const result = await getValidCodexOAuth(MOCK_API_URL, MOCK_API_KEY);
+    expect(result).toBeNull();
+  });
+});