@desplega.ai/agent-swarm 1.86.0 → 1.87.0

package/src/tests/claude-adapter.test.ts

@@ -54,13 +54,13 @@ describe("ClaudeSession CLI argument construction", () => {
     expect(config.systemPrompt).toBe("You are a test agent");
   });
 
-  test("config with additionalArgs including --resume is accepted", () => {
+  test("config with arbitrary additionalArgs is accepted", () => {
+    // Native resume is deprecated — the adapter no longer special-cases
+    // --resume in additionalArgs. The config shape just round-trips opaquely.
     const config = makeConfig({
-      additionalArgs: ["--resume", "session-abc-123"],
-      resumeSessionId: "session-abc-123",
+      additionalArgs: ["--max-turns", "10"],
     });
-    expect(config.additionalArgs).toContain("--resume");
-    expect(config.additionalArgs).toContain("session-abc-123");
+    expect(config.additionalArgs).toEqual(["--max-turns", "10"]);
   });
 });
 
@@ -403,25 +403,3 @@ describe("createSessionMcpConfig", () => {
     expect(written.mcpServers["from-api"]).toBeDefined();
   });
 });
-
-describe("Stale session retry logic", () => {
-  test("--resume args are stripped correctly", () => {
-    const args = ["--max-turns", "10", "--resume", "session-abc", "--verbose"];
-    const freshArgs = args.filter((arg, idx, arr) => {
-      if (arg === "--resume") return false;
-      if (idx > 0 && arr[idx - 1] === "--resume") return false;
-      return true;
-    });
-    expect(freshArgs).toEqual(["--max-turns", "10", "--verbose"]);
-  });
-
-  test("args without --resume remain unchanged", () => {
-    const args = ["--max-turns", "10", "--verbose"];
-    const freshArgs = args.filter((arg, idx, arr) => {
-      if (arg === "--resume") return false;
-      if (idx > 0 && arr[idx - 1] === "--resume") return false;
-      return true;
-    });
-    expect(freshArgs).toEqual(["--max-turns", "10", "--verbose"]);
-  });
-});

package/src/tests/claude-managed-adapter.test.ts

@@ -517,71 +517,57 @@ describe("ClaudeManagedAdapter (Phase 3) — session lifecycle", () => {
     }
   });
 
-  test("resume: prefetches events.list, dedupes against live stream, skips sessions.create + user.message send", async () => {
-    // Historical events the resume path will pre-fetch via events.list.
-    const historical: Array<{ id: string }> = [{ id: "hist-1" }, { id: "hist-2" }];
-    // Live stream replays one historical event + emits one new event +
-    // status_idle.
+  test("native resume deprecated: resumeSessionId is ignored — adapter creates a fresh session", async () => {
+    // Pre-Phase-2 the adapter would have skipped sessions.create when
+    // resumeSessionId was set. Native resume is now deprecated — follow-up
+    // continuity flows via the context preamble. The adapter must ignore the
+    // field, emit a warn, and create a fresh session.
     const liveEvents: Array<Record<string, unknown>> = [
-      {
-        type: "session.status_running",
-        id: "hist-2", // duplicate from history — must be skipped
-        processed_at: "2026-01-01T00:00:00Z",
-      },
-      {
-        type: "agent.message",
-        id: "new-1",
-        processed_at: "2026-01-01T00:00:01Z",
-        content: [{ type: "text", text: "Resumed message" }],
-      },
       {
         type: "session.status_idle",
-        id: "new-2",
-        processed_at: "2026-01-01T00:00:02Z",
+        id: "evt-idle",
+        processed_at: "2026-01-01T00:00:00Z",
         stop_reason: { type: "end_turn" },
       },
     ];
 
     const spy = makeFakeClient({
-      sessionId: "sesn_resume_xyz",
-      listEvents: async function* () {
-        for (const h of historical) yield h;
-      },
+      sessionId: "sesn_fresh_after_ignored_resume",
       streamEvents: async function* () {
         for (const e of liveEvents) yield e;
       },
     });
 
-    const adapter = new ClaudeManagedAdapter({ client: spy.client });
-    const session = await adapter.createSession(
-      tConfig({
-        logFile: join(tmpLogDir, "resume.log"),
-        resumeSessionId: "sesn_resume_xyz",
-      }),
-    );
-    const emitted: ProviderEvent[] = [];
-    session.onEvent((e) => emitted.push(e));
-    await session.waitForCompletion();
-
-    // No sessions.create call — pure resume.
-    expect(spy.created).toHaveLength(0);
-    // No user.message send — resume reattaches to an in-flight prompt.
-    expect(spy.sent).toHaveLength(0);
-
-    // The duplicate `hist-2` event was filtered, but `new-1`'s message did
-    // make it through.
-    const messages = emitted.filter((e) => e.type === "message");
-    expect(messages).toHaveLength(1);
-    if (messages[0]?.type === "message") {
-      expect(messages[0].content).toBe("Resumed message");
-    }
-
-    // session_init still fires with the resume's sessionId.
-    const sessionInit = emitted.find((e) => e.type === "session_init");
-    if (sessionInit?.type === "session_init") {
-      expect(sessionInit.sessionId).toBe("sesn_resume_xyz");
-      expect(sessionInit.provider).toBe("claude-managed");
-      expect(sessionInit.providerMeta).toEqual({ managed: true });
+    const originalWarn = console.warn;
+    const warnCalls: string[] = [];
+    console.warn = (msg: unknown) => {
+      warnCalls.push(String(msg));
+    };
+    try {
+      const adapter = new ClaudeManagedAdapter({ client: spy.client });
+      const session = await adapter.createSession(
+        tConfig({
+          logFile: join(tmpLogDir, "resume-ignored.log"),
+          resumeSessionId: "sesn_should_be_ignored",
+        }),
+      );
+      const emitted: ProviderEvent[] = [];
+      session.onEvent((e) => emitted.push(e));
+      await session.waitForCompletion();
+
+      // Adapter still calls sessions.create — resume is ignored.
+      expect(spy.created).toHaveLength(1);
+      // And still sends the user.message — fresh sessions need the prompt.
+      expect(spy.sent).toHaveLength(1);
+      // The warn fired so operators can spot the misuse in logs.
+      expect(warnCalls.some((m) => m.includes("resumeSessionId ignored"))).toBe(true);
+      // session_init carries the FRESH session id, not the requested one.
+      const sessionInit = emitted.find((e) => e.type === "session_init");
+      if (sessionInit?.type === "session_init") {
+        expect(sessionInit.sessionId).toBe("sesn_fresh_after_ignored_resume");
+      }
+    } finally {
+      console.warn = originalWarn;
     }
   });
 

package/src/tests/codex-adapter.test.ts

@@ -611,42 +611,17 @@ describe("CodexSession event mapping", () => {
 });
 
 describe("CodexAdapter.canResume", () => {
-  test("returns false for empty / non-string session ids", async () => {
+  // Native resume is deprecated. The runner no longer threads resumeSessionId
+  // to adapters; canResume returns false unconditionally so any stray caller
+  // gets a fresh-session start. Follow-up continuity flows via the context
+  // preamble (see src/commands/context-preamble.ts).
+  test("always returns false now that native resume is deprecated", async () => {
     const adapter = new CodexAdapter({ bypassSubprocess: true });
     expect(await adapter.canResume("")).toBe(false);
+    expect(await adapter.canResume("thread-anything")).toBe(false);
     // @ts-expect-error: deliberate runtime check for non-string input
     expect(await adapter.canResume(undefined)).toBe(false);
   });
-
-  test("returns true when resumeThread succeeds and false when it throws", async () => {
-    const sdk = await import("@openai/codex-sdk");
-    const originalResume = (
-      sdk.Codex.prototype as unknown as { resumeThread: (...args: unknown[]) => unknown }
-    ).resumeThread;
-
-    try {
-      // Success path
-      (
-        sdk.Codex.prototype as unknown as { resumeThread: (...args: unknown[]) => unknown }
-      ).resumeThread = function resumeThread(): unknown {
-        return { id: "thread-resumed" };
-      };
-      const adapter = new CodexAdapter({ bypassSubprocess: true });
-      expect(await adapter.canResume("thread-resumed")).toBe(true);
-
-      // Failure path
-      (
-        sdk.Codex.prototype as unknown as { resumeThread: (...args: unknown[]) => unknown }
-      ).resumeThread = function resumeThread(): unknown {
-        throw new Error("not found");
-      };
-      expect(await adapter.canResume("thread-missing")).toBe(false);
-    } finally {
-      (
-        sdk.Codex.prototype as unknown as { resumeThread: (...args: unknown[]) => unknown }
-      ).resumeThread = originalResume;
-    }
-  });
 });
 
 describe("writeCodexAgentsMd round-trip", () => {

package/src/tests/codex-oauth.test.ts

@@ -11,6 +11,7 @@ import {
   createState,
   decodeJwt,
   exchangeAuthorizationCode,
+  extractChatgptUserId,
   getAccountId,
   JWT_CLAIM_PATH,
   parseAuthorizationInput,
@@ -125,6 +126,22 @@ describe("decodeJwt", () => {
     expect(decodeJwt("not-a-jwt")).toBeNull();
     expect(decodeJwt("a.b")).toBeNull();
   });
+
+  it("handles base64url-encoded payload containing URL-safe '-' chars", () => {
+    // Real JWTs use base64url (RFC 7515): '-' replaces '+', '_' replaces '/'.
+    // atob() throws on these chars; decodeJwt() must normalize before calling atob().
+    // This payload encodes {"https://api.openai.com/auth":{"chatgpt_user_id":"user-abc>def"}}
+    // The '>' in the user_id forces a '+' → '-' substitution when base64url-encoded.
+    const b64urlPayload =
+      "eyJodHRwczovL2FwaS5vcGVuYWkuY29tL2F1dGgiOnsiY2hhdGdwdF91c2VyX2lkIjoidXNlci1hYmM-ZGVmIn19";
+    expect(b64urlPayload).toContain("-"); // sanity: this test actually exercises the fix
+    const token = `header.${b64urlPayload}.signature`;
+    const decoded = decodeJwt(token);
+    expect(decoded).not.toBeNull();
+    expect(
+      (decoded?.["https://api.openai.com/auth"] as Record<string, unknown>)?.chatgpt_user_id,
+    ).toBe("user-abc>def");
+  });
 });
 
 describe("getAccountId", () => {
@@ -150,6 +167,77 @@ describe("getAccountId", () => {
   });
 });
 
+describe("extractChatgptUserId", () => {
+  it("extracts chatgpt_user_id from JWT auth namespace", () => {
+    const payload = {
+      "https://api.openai.com/auth": {
+        chatgpt_account_id: "acc-team-abc",
+        chatgpt_user_id: "user-zzz-12345",
+      },
+    };
+    const token = `header.${btoa(JSON.stringify(payload))}.signature`;
+    expect(extractChatgptUserId(token)).toBe("user-zzz-12345");
+  });
+
+  it("returns null when chatgpt_user_id is absent", () => {
+    const payload = { "https://api.openai.com/auth": { chatgpt_account_id: "acc-only" } };
+    const token = `header.${btoa(JSON.stringify(payload))}.signature`;
+    expect(extractChatgptUserId(token)).toBeNull();
+  });
+
+  it("returns null when the entire OpenAI auth namespace is absent", () => {
+    const payload = { sub: "user-from-some-other-claim" };
+    const token = `header.${btoa(JSON.stringify(payload))}.signature`;
+    expect(extractChatgptUserId(token)).toBeNull();
+  });
+
+  it("returns null when chatgpt_user_id is empty string", () => {
+    const payload = { "https://api.openai.com/auth": { chatgpt_user_id: "" } };
+    const token = `header.${btoa(JSON.stringify(payload))}.signature`;
+    expect(extractChatgptUserId(token)).toBeNull();
+  });
+
+  it("returns null when JWT is malformed", () => {
+    expect(extractChatgptUserId("not.a.jwt-payload")).toBeNull();
+    expect(extractChatgptUserId("only-two.parts")).toBeNull();
+    expect(extractChatgptUserId("")).toBeNull();
+  });
+
+  it("is independent of chatgpt_account_id (slot-unique-vs-account-shared invariant)", () => {
+    const payloadA = {
+      "https://api.openai.com/auth": {
+        chatgpt_account_id: "team-shared-id",
+        chatgpt_user_id: "user-daniel-001",
+      },
+    };
+    const payloadB = {
+      "https://api.openai.com/auth": {
+        chatgpt_account_id: "team-shared-id",
+        chatgpt_user_id: "user-lorenzo-002",
+      },
+    };
+    const tokenA = `h.${btoa(JSON.stringify(payloadA))}.s`;
+    const tokenB = `h.${btoa(JSON.stringify(payloadB))}.s`;
+    expect(extractChatgptUserId(tokenA)).toBe("user-daniel-001");
+    expect(extractChatgptUserId(tokenB)).toBe("user-lorenzo-002");
+    expect(extractChatgptUserId(tokenA)).not.toBe(extractChatgptUserId(tokenB));
+  });
+
+  it("extracts user_id from a base64url-encoded JWT payload containing '-' chars", () => {
+    // Regression: decodeJwt() previously called atob() on raw base64url segments.
+    // atob() throws on '-' or '_' (base64url chars not in standard base64 alphabet),
+    // causing extractChatgptUserId() to silently return null and fall back to account_id,
+    // reintroducing the slot-collision bug this PR fixes.
+    // This payload is base64url-encoded (contains '-') and decodes to:
+    // {"https://api.openai.com/auth":{"chatgpt_user_id":"user-abc>def"}}
+    const b64urlPayload =
+      "eyJodHRwczovL2FwaS5vcGVuYWkuY29tL2F1dGgiOnsiY2hhdGdwdF91c2VyX2lkIjoidXNlci1hYmM-ZGVmIn19";
+    expect(b64urlPayload).toContain("-"); // sanity: payload actually has base64url chars
+    const token = `header.${b64urlPayload}.signature`;
+    expect(extractChatgptUserId(token)).toBe("user-abc>def");
+  });
+});
+
 describe("exchangeAuthorizationCode", () => {
   afterEach(() => {
     resetFetchForTesting();
@@ -283,18 +371,76 @@ describe("authJsonToCredentials", () => {
 });
 
 describe("authJsonToCredentialSelection", () => {
-  it("maps chatgpt auth.json to CODEX_OAUTH tracking info", () => {
+  function tokenFor(payload: Record<string, unknown>): string {
+    return `header.${btoa(JSON.stringify(payload))}.signature`;
+  }
+
+  it("derives keySuffix from chatgpt_user_id when present", () => {
+    const userId = "user-MYUYWj0C9zVPo6TX2NjodCyi";
+    const access = tokenFor({
+      "https://api.openai.com/auth": {
+        chatgpt_account_id: "3a730921-cc80-4759-8fdd-242d8e80c847",
+        chatgpt_user_id: userId,
+      },
+    });
     const creds: CodexOAuthCredentials = {
-      access: "at_123",
+      access,
       refresh: "rt_456",
       expires: Date.now() + 3600000,
-      accountId: "c724a178-3621-41bb-bdb5-7b6ca848c965",
+      accountId: "3a730921-cc80-4759-8fdd-242d8e80c847",
     };
 
     const selection = authJsonToCredentialSelection(credentialsToAuthJson(creds));
     expect(selection.keyType).toBe("CODEX_OAUTH");
     expect(selection.index).toBe(0);
     expect(selection.total).toBe(1);
+    expect(selection.keySuffix).toBe(userId.slice(-5));
+    expect(selection.selected).toBe(creds.accountId);
+  });
+
+  it("two slots on the same account get distinct suffixes when user_ids differ", () => {
+    const userIdDaniel = "user-MYUYWj0C9zVPo6TX2NjodCyi";
+    const userIdLorenzo = "user-5M89tz8tAYHIaByagMVd3Ove";
+    const sharedAccountId = "3a730921-cc80-4759-8fdd-242d8e80c847";
+
+    const makeCredsForUser = (userId: string): CodexOAuthCredentials => ({
+      access: tokenFor({
+        "https://api.openai.com/auth": {
+          chatgpt_account_id: sharedAccountId,
+          chatgpt_user_id: userId,
+        },
+      }),
+      refresh: "rt_x",
+      expires: Date.now() + 3600000,
+      accountId: sharedAccountId,
+    });
+
+    const selDaniel = authJsonToCredentialSelection(
+      credentialsToAuthJson(makeCredsForUser(userIdDaniel)),
+      0,
+      2,
+    );
+    const selLorenzo = authJsonToCredentialSelection(
+      credentialsToAuthJson(makeCredsForUser(userIdLorenzo)),
+      1,
+      2,
+    );
+
+    expect(selDaniel.keySuffix).toBe(userIdDaniel.slice(-5));
+    expect(selLorenzo.keySuffix).toBe(userIdLorenzo.slice(-5));
+    expect(selDaniel.keySuffix).not.toBe(selLorenzo.keySuffix);
+  });
+
+  it("falls back to account_id suffix when JWT lacks chatgpt_user_id", () => {
+    const creds: CodexOAuthCredentials = {
+      access: "at_no_user_id_claim",
+      refresh: "rt_456",
+      expires: Date.now() + 3600000,
+      accountId: "c724a178-3621-41bb-bdb5-7b6ca848c965",
+    };
+
+    const selection = authJsonToCredentialSelection(credentialsToAuthJson(creds));
+    expect(selection.keyType).toBe("CODEX_OAUTH");
     expect(selection.keySuffix).toBe("8c965");
     expect(selection.selected).toBe(creds.accountId);
   });

package/src/tests/codex-pool.test.ts

@@ -37,9 +37,19 @@ const MOCK_API_URL = "http://localhost:3013";
 const MOCK_API_KEY = "test-api-key";
 const FUTURE = Date.now() + 3_600_000;
 
+function makeJwt(userId: string, accountId: string): string {
+  const payload = {
+    "https://api.openai.com/auth": {
+      chatgpt_account_id: accountId,
+      chatgpt_user_id: userId,
+    },
+  };
+  return `header.${btoa(JSON.stringify(payload))}.signature`;
+}
+
 function makeCreds(suffix: string): CodexOAuthCredentials {
   return {
-    access: `at_${suffix}`,
+    access: makeJwt(`user-${suffix}`, `acc-${suffix}`),
     refresh: `rt_${suffix}`,
     expires: FUTURE,
     accountId: `acc-${suffix}`,
@@ -166,8 +176,9 @@ describe("Scenario 1 — 3-slot round-trip with availability filter", () => {
     expect(sel.index).toBe(selectedSlot);
     expect(sel.total).toBe(3);
     expect(sel.keyType).toBe("CODEX_OAUTH");
-    // keySuffix is derived from accountId.
-    expect(slotEntry.creds.accountId.endsWith(sel.keySuffix)).toBe(true);
+    // keySuffix is derived from chatgpt_user_id (slot-unique), not accountId.
+    const expectedUserId = `user-slot${selectedSlot}`;
+    expect(sel.keySuffix).toBe(expectedUserId.slice(-5));
   });
 });