@desplega.ai/agent-swarm 1.73.0 → 1.73.2

package/openapi.json

@@ -2,7 +2,7 @@
   "openapi": "3.1.0",
   "info": {
     "title": "Agent Swarm API",
-    "version": "1.72.1",
+    "version": "1.73.2",
     "description": "Multi-agent orchestration API for Claude Code, Codex, and Gemini CLI. Enables task distribution, agent communication, and service discovery.\n\nMCP tools are documented separately in [MCP.md](./MCP.md)."
   },
   "servers": [

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@desplega.ai/agent-swarm",
-  "version": "1.73.0",
+  "version": "1.73.2",
   "description": "Multi-agent orchestration for Claude Code, Codex, Gemini CLI, and other AI coding assistants",
   "license": "MIT",
   "author": "desplega.sh <contact@desplega.sh>",

package/src/oauth/ensure-token.ts

@@ -26,11 +26,35 @@ function getOAuthConfig(provider: string): OAuthProviderConfig | null {
  * If the token is expiring soon, attempt to refresh it.
  * Call this before any API interaction with an OAuth-protected service.
  *
+ * Reactive variant — never throws. Refresh failures are logged so a single
+ * dead-token incident doesn't tear down an unrelated request path. Use
+ * {@link ensureTokenOrThrow} from keepalive contexts where you want a dead
+ * refresh token to surface as an alert.
+ *
  * @param bufferMs - How far ahead to check for expiry. Default 5 min (reactive use).
  *                   Keepalive callers should pass a larger value (e.g. 13h) to force
  *                   a proactive refresh well before the token actually expires.
  */
 export async function ensureToken(provider: string, bufferMs?: number): Promise<void> {
+  try {
+    await ensureTokenOrThrow(provider, bufferMs);
+  } catch (err) {
+    console.error(
+      `[OAuth] Failed to refresh ${provider} token:`,
+      err instanceof Error ? err.message : err,
+    );
+  }
+}
+
+/**
+ * Strict variant of {@link ensureToken}: throws on refresh failure of a
+ * configured provider so callers (keepalive, alerting) can react.
+ *
+ * Stays silent (no throw) when the provider isn't configured or no refresh
+ * token is stored — those are "not connected" states, not failures, and
+ * shouldn't page anyone.
+ */
+export async function ensureTokenOrThrow(provider: string, bufferMs?: number): Promise<void> {
   if (!isTokenExpiringSoon(provider, bufferMs)) return;
 
   const config = getOAuthConfig(provider);
@@ -42,13 +66,6 @@ export async function ensureToken(provider: string, bufferMs?: number): Promise<
     return;
   }
 
-  try {
-    await refreshAccessToken(config, tokens.refreshToken);
-    console.log(`[OAuth] ${provider} token refreshed successfully`);
-  } catch (err) {
-    console.error(
-      `[OAuth] Failed to refresh ${provider} token:`,
-      err instanceof Error ? err.message : err,
-    );
-  }
+  await refreshAccessToken(config, tokens.refreshToken);
+  console.log(`[OAuth] ${provider} token refreshed successfully`);
 }

package/src/oauth/keepalive.ts

@@ -1,26 +1,36 @@
-import { ensureToken } from "./ensure-token";
+import { ensureTokenOrThrow } from "./ensure-token";
 
 const TWELVE_HOURS_MS = 12 * 60 * 60 * 1000;
 const THIRTEEN_HOURS_MS = 13 * 60 * 60 * 1000;
 const SLACK_ALERTS_CHANNEL = process.env.SLACK_ALERTS_CHANNEL || "C08JCRURPBV";
 
+const KEEPALIVE_PROVIDERS = ["linear", "jira"] as const;
+
 let keepaliveInterval: ReturnType<typeof setInterval> | null = null;
 
 /**
  * Proactively refresh OAuth tokens on a schedule to prevent expiry.
  * If refresh fails, posts a Slack notification so someone can re-auth manually.
+ *
+ * Why both Linear and Jira: Atlassian rotates refresh tokens and expires them
+ * after 90 days of inactivity, so a swarm that doesn't touch Jira for a long
+ * stretch will silently lose the ability to refresh. Touching the token every
+ * 12h keeps the refresh token alive and surfaces a dead one as an alert
+ * instead of a runtime 401.
  */
 async function runKeepalive(): Promise<void> {
-  console.log("[OAuth Keepalive] Running scheduled token refresh for linear...");
-  try {
-    await ensureToken("linear", THIRTEEN_HOURS_MS);
-    console.log("[OAuth Keepalive] linear token check completed successfully");
-  } catch (err) {
-    const message = err instanceof Error ? err.message : String(err);
-    console.error(`[OAuth Keepalive] Failed to refresh linear token: ${message}`);
-    await notifySlack(
-      `⚠️ *OAuth Keepalive Failed*\nProvider: \`linear\`\nError: ${message}\n\nManual re-authorization may be required.`,
-    );
+  for (const provider of KEEPALIVE_PROVIDERS) {
+    console.log(`[OAuth Keepalive] Running scheduled token refresh for ${provider}...`);
+    try {
+      await ensureTokenOrThrow(provider, THIRTEEN_HOURS_MS);
+      console.log(`[OAuth Keepalive] ${provider} token check completed successfully`);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error(`[OAuth Keepalive] Failed to refresh ${provider} token: ${message}`);
+      await notifySlack(
+        `⚠️ *OAuth Keepalive Failed*\nProvider: \`${provider}\`\nError: ${message}\n\nManual re-authorization may be required.`,
+      );
+    }
   }
 }
 

package/src/slack/blocks.ts

@@ -349,12 +349,10 @@ function renderTree(root: TreeNode): string {
   const visibleChildren = root.children.slice(0, MAX_VISIBLE_CHILDREN);
   const hiddenCount = root.children.length - visibleChildren.length;
 
-  for (let i = 0; i < visibleChildren.length; i++) {
-    const child = visibleChildren[i] as TreeNode;
-    const isLast = i === visibleChildren.length - 1 && hiddenCount === 0;
-    const prefix = isLast ? "└ " : "├ ";
-    const continuationPrefix = isLast ? "    " : "│   ";
+  const prefix = "↳ ";
+  const continuationPrefix = "   ";
 
+  for (const child of visibleChildren) {
     lines.push(`${prefix}${renderNodeLine(child)}`);
 
     for (const detail of renderChildDetail(child, continuationPrefix)) {
@@ -363,7 +361,7 @@ function renderTree(root: TreeNode): string {
   }
 
   if (hiddenCount > 0) {
-    lines.push(`└ _and ${hiddenCount} more..._`);
+    lines.push(`↳ _and ${hiddenCount} more..._`);
   }
 
   return lines.join("\n");

package/src/tests/ensure-token.test.ts

@@ -7,7 +7,7 @@ import {
   storeOAuthTokens,
   upsertOAuthApp,
 } from "../be/db-queries/oauth";
-import { ensureToken } from "../oauth/ensure-token";
+import { ensureToken, ensureTokenOrThrow } from "../oauth/ensure-token";
 
 const TEST_DB_PATH = "./test-ensure-token.sqlite";
 
@@ -202,3 +202,35 @@ describe("ensureToken", () => {
     expect(fetchSpy).not.toHaveBeenCalled();
   });
 });
+
+describe("ensureTokenOrThrow", () => {
+  test("throws when refresh fails for a configured provider (so keepalive can alert)", async () => {
+    storeOAuthTokens("test-provider", {
+      accessToken: "old-token",
+      refreshToken: "refresh-token",
+      expiresAt: new Date(Date.now() + 60 * 1000).toISOString(),
+    });
+
+    globalThis.fetch = mock(() =>
+      Promise.resolve(
+        new Response('{"error":"invalid_grant"}', {
+          status: 400,
+          headers: { "Content-Type": "application/json" },
+        }),
+      ),
+    );
+
+    await expect(ensureTokenOrThrow("test-provider")).rejects.toThrow(/Token refresh failed/);
+  });
+
+  test("stays silent (no throw) when no refresh token is stored", async () => {
+    deleteOAuthTokens("test-provider");
+
+    // "Not connected" should not page anyone
+    await expect(ensureTokenOrThrow("test-provider")).resolves.toBeUndefined();
+  });
+
+  test("stays silent (no throw) when provider is not configured", async () => {
+    await expect(ensureTokenOrThrow("nonexistent-provider")).resolves.toBeUndefined();
+  });
+});

package/src/tests/slack-blocks.test.ts

@@ -616,14 +616,14 @@ describe("buildTreeBlocks", () => {
 
     // Root line
     expect(lines[0]).toContain("⏳ *Lead*");
-    // Worker1 line with ├ prefix
-    expect(lines[1]).toMatch(/^├ ⏳ \*Worker1\*/);
-    // Worker1 progress indented under continuation
-    expect(lines[2]).toMatch(/^│ {3}Fetching data\.\.\.$/);
-    // Worker2 line with └ prefix (last child)
-    expect(lines[3]).toMatch(/^└ ⏳ \*Worker2\*/);
+    // Worker1 line with ↳ prefix
+    expect(lines[1]).toMatch(/^↳ ⏳ \*Worker1\*/);
+    // Worker1 progress indented under continuation (3 spaces, aligned under ↳ )
+    expect(lines[2]).toMatch(/^ {3}Fetching data\.\.\.$/);
+    // Worker2 line with ↳ prefix
+    expect(lines[3]).toMatch(/^↳ ⏳ \*Worker2\*/);
     // Worker2 progress indented
-    expect(lines[4]).toMatch(/^ {4}Compiling\.\.\.$/);
+    expect(lines[4]).toMatch(/^ {3}Compiling\.\.\.$/);
   });
 
   test("max children collapse (9+ children -> 8 shown + 'and 1 more...')", () => {
@@ -654,8 +654,8 @@ describe("buildTreeBlocks", () => {
     expect(text).toContain("*Worker8*");
     expect(text).not.toContain("*Worker9*");
     expect(text).toContain("and 1 more...");
-    // The "and N more..." line uses └ prefix
-    expect(lines[lines.length - 1]).toContain("└ _and 1 more..._");
+    // The "and N more..." line uses ↳ prefix
+    expect(lines[lines.length - 1]).toContain("↳ _and 1 more..._");
   });
 
   test("max children collapse with many hidden", () => {
@@ -837,7 +837,7 @@ describe("buildTreeBlocks", () => {
     expect(blocks.length).toBe(1);
   });
 
-  test("tree connectors: ├ for non-last, └ for last child", () => {
+  test("tree indent: all children use ↳ prefix", () => {
     const root: TreeNode = {
       taskId: makeTaskId("nnnn0001"),
       agentName: "Lead",
@@ -867,10 +867,10 @@ describe("buildTreeBlocks", () => {
     const blocks = buildTreeBlocks([root]);
     const lines = blocks[0].text.text.split("\n");
 
-    // First two children use ├, last uses └
-    expect(lines[1]).toMatch(/^├ /);
-    expect(lines[2]).toMatch(/^├ /);
-    expect(lines[3]).toMatch(/^└ /);
+    // All children use ↳ (no branching distinction in proportional fonts)
+    expect(lines[1]).toMatch(/^↳ /);
+    expect(lines[2]).toMatch(/^↳ /);
+    expect(lines[3]).toMatch(/^↳ /);
   });
 
   test("completed root with output (no slackReplySent, no children)", () => {