@digitalpresence/cliclaw-auth 0.1.0 → 0.2.0

package/src/oauth-client-manager.ts

@@ -58,6 +58,15 @@ export class OAuthClientManager {
   }
 
   listAccounts(): string[] {
-    return this.tokenStore.list();
+    const keys = this.tokenStore.list();
+    // Include both raw keys and bare account names (from integration:account format)
+    const accounts = new Set(keys);
+    for (const key of keys) {
+      const colonIdx = key.indexOf(":");
+      if (colonIdx !== -1) {
+        accounts.add(key.slice(colonIdx + 1));
+      }
+    }
+    return [...accounts];
   }
 }

package/src/scoped-client-manager.ts

@@ -1,7 +1,6 @@
 import { google } from "googleapis";
 import { OAuthClientManager } from "./oauth-client-manager.js";
 import { TokenStore } from "./token-store.js";
-import type { AgentPermission } from "./agent-store.js";
 
 type OAuth2Client = InstanceType<typeof google.auth.OAuth2>;
 
@@ -23,18 +22,16 @@ function parseAccountKey(key: string): { integration: string; account: string }
 export class ScopedClientManager {
   constructor(
     private inner: OAuthClientManager,
-    private permissions: AgentPermission[],
+    private integrations: string[],
   ) {}
 
-  private hasPermission(integration: string, account: string): boolean {
-    return this.permissions.some(
-      (p) => p.integration === integration && p.account === account,
-    );
+  private hasPermission(integration: string): boolean {
+    return this.integrations.includes(integration);
   }
 
   getClient(accountKey: string): OAuth2Client {
     const { integration, account } = parseAccountKey(accountKey);
-    if (!this.hasPermission(integration, account)) {
+    if (!this.hasPermission(integration)) {
       throw new PermissionDeniedError(integration, account);
     }
     return this.inner.getClient(accountKey);
@@ -42,8 +39,8 @@ export class ScopedClientManager {
 
   listAccounts(): string[] {
     return this.inner.listAccounts().filter((key) => {
-      const { integration, account } = parseAccountKey(key);
-      return this.hasPermission(integration, account);
+      const { integration } = parseAccountKey(key);
+      return this.hasPermission(integration);
     });
   }
 
@@ -57,7 +54,7 @@ export class ScopedClientManager {
 
   setCredentials(account: string, tokens: Parameters<OAuth2Client["setCredentials"]>[0]): OAuth2Client {
     const { integration, account: acct } = parseAccountKey(account);
-    if (!this.hasPermission(integration, acct)) {
+    if (!this.hasPermission(integration)) {
       throw new PermissionDeniedError(integration, acct);
     }
     return this.inner.setCredentials(account, tokens);

package/src/token-store.ts

@@ -30,7 +30,15 @@ export class TokenStore {
 
   get(account: string): Credentials | null {
     const data = this.load();
-    return data[account] ?? null;
+    if (data[account]) return data[account];
+    // Fall back to integration:account key format (portal token injection)
+    for (const key of Object.keys(data)) {
+      const colonIdx = key.indexOf(":");
+      if (colonIdx !== -1 && key.slice(colonIdx + 1) === account) {
+        return data[key];
+      }
+    }
+    return null;
   }
 
   set(account: string, tokens: Credentials): void {
@@ -45,10 +53,21 @@ export class TokenStore {
 
   delete(account: string): boolean {
     const data = this.load();
-    if (!(account in data)) return false;
-    delete data[account];
-    this.save(data);
-    return true;
+    if (account in data) {
+      delete data[account];
+      this.save(data);
+      return true;
+    }
+    // Try integration:account key format
+    for (const key of Object.keys(data)) {
+      const colonIdx = key.indexOf(":");
+      if (colonIdx !== -1 && key.slice(colonIdx + 1) === account) {
+        delete data[key];
+        this.save(data);
+        return true;
+      }
+    }
+    return false;
   }
 
   list(): string[] {