npm - @hellcoder/companion - Versions diffs - 0.96.0 - Mend

@hellcoder/companion 0.96.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/bin/cli.ts +168 -0
package/bin/ctl.ts +528 -0
package/bin/generate-token.ts +28 -0
package/dist/apple-touch-icon.png +0 -0
package/dist/assets/AgentsPage-DCFhrJ28.js +13 -0
package/dist/assets/CronManager-EGwLJONv.js +1 -0
package/dist/assets/IntegrationsPage-CTMRnbQS.js +1 -0
package/dist/assets/LinearOAuthSettingsPage-CgQFMIgr.js +1 -0
package/dist/assets/LinearSettingsPage-C9nok1qi.js +1 -0
package/dist/assets/Playground-BV3k0RbV.js +109 -0
package/dist/assets/PromptsPage-CFojqNKP.js +4 -0
package/dist/assets/RunsPage-DUJ1QUSa.js +1 -0
package/dist/assets/SandboxManager-CrVQ-VU_.js +8 -0
package/dist/assets/SettingsPage-D1fPCL19.js +1 -0
package/dist/assets/TailscalePage-D06cyvyC.js +1 -0
package/dist/assets/index-BhUa1e6X.css +1 -0
package/dist/assets/index-DkqeP-R9.js +134 -0
package/dist/assets/sw-register-BibwRdvC.js +1 -0
package/dist/assets/workbox-window.prod.es5-BIl4cyR9.js +2 -0
package/dist/favicon.svg +8 -0
package/dist/fonts/MesloLGSNerdFontMono-Bold.woff2 +0 -0
package/dist/fonts/MesloLGSNerdFontMono-Regular.woff2 +0 -0
package/dist/icon-192.png +0 -0
package/dist/icon-512.png +0 -0
package/dist/index.html +20 -0
package/dist/logo-codex.svg +14 -0
package/dist/logo-docker.svg +4 -0
package/dist/logo.svg +14 -0
package/dist/manifest.json +24 -0
package/dist/sw.js +2 -0
package/package.json +104 -0
package/server/agent-cron-migrator.test.ts +610 -0
package/server/agent-cron-migrator.ts +85 -0
package/server/agent-executor.test.ts +1108 -0
package/server/agent-executor.ts +346 -0
package/server/agent-store.test.ts +588 -0
package/server/agent-store.ts +185 -0
package/server/agent-types.ts +138 -0
package/server/ai-validation-settings.test.ts +128 -0
package/server/ai-validation-settings.ts +35 -0
package/server/ai-validator.test.ts +387 -0
package/server/ai-validator.ts +271 -0
package/server/auth-manager.test.ts +83 -0
package/server/auth-manager.ts +150 -0
package/server/auto-namer.test.ts +252 -0
package/server/auto-namer.ts +78 -0
package/server/backend-adapter.test.ts +38 -0
package/server/backend-adapter.ts +54 -0
package/server/cache-headers.test.ts +98 -0
package/server/cache-headers.ts +61 -0
package/server/claude-adapter.test.ts +1363 -0
package/server/claude-adapter.ts +889 -0
package/server/claude-container-auth.test.ts +44 -0
package/server/claude-container-auth.ts +30 -0
package/server/claude-protocol-contract.test.ts +71 -0
package/server/claude-protocol-drift.test.ts +78 -0
package/server/claude-session-discovery.test.ts +132 -0
package/server/claude-session-discovery.ts +157 -0
package/server/claude-session-history.test.ts +158 -0
package/server/claude-session-history.ts +410 -0
package/server/cli-launcher.test.ts +1343 -0
package/server/cli-launcher.ts +1298 -0
package/server/cli.test.ts +16 -0
package/server/codex-adapter.test.ts +5545 -0
package/server/codex-adapter.ts +3062 -0
package/server/codex-container-auth.test.ts +50 -0
package/server/codex-container-auth.ts +24 -0
package/server/codex-home.test.ts +61 -0
package/server/codex-home.ts +26 -0
package/server/codex-protocol-contract.test.ts +96 -0
package/server/codex-protocol-drift.test.ts +123 -0
package/server/codex-ws-proxy.cjs +226 -0
package/server/commands-discovery.test.ts +179 -0
package/server/commands-discovery.ts +81 -0
package/server/constants.ts +7 -0
package/server/container-manager.test.ts +1211 -0
package/server/container-manager.ts +1053 -0
package/server/cron-scheduler.test.ts +957 -0
package/server/cron-scheduler.ts +243 -0
package/server/cron-store.test.ts +422 -0
package/server/cron-store.ts +148 -0
package/server/cron-types.ts +63 -0
package/server/env-manager.test.ts +268 -0
package/server/env-manager.ts +161 -0
package/server/event-bus-types.ts +64 -0
package/server/event-bus.test.ts +244 -0
package/server/event-bus.ts +124 -0
package/server/execution-store.test.ts +307 -0
package/server/execution-store.ts +170 -0
package/server/fs-utils.ts +15 -0
package/server/git-utils.test.ts +938 -0
package/server/git-utils.ts +421 -0
package/server/github-pr.test.ts +498 -0
package/server/github-pr.ts +379 -0
package/server/image-pull-manager.test.ts +303 -0
package/server/image-pull-manager.ts +279 -0
package/server/index.ts +396 -0
package/server/linear-agent-bridge.test.ts +1157 -0
package/server/linear-agent-bridge.ts +629 -0
package/server/linear-agent.test.ts +473 -0
package/server/linear-agent.ts +479 -0
package/server/linear-cache.test.ts +136 -0
package/server/linear-cache.ts +113 -0
package/server/linear-connections.test.ts +350 -0
package/server/linear-connections.ts +231 -0
package/server/linear-credential-migration.test.ts +337 -0
package/server/linear-credential-migration.ts +63 -0
package/server/linear-oauth-connections-migration.test.ts +268 -0
package/server/linear-oauth-connections.test.ts +365 -0
package/server/linear-oauth-connections.ts +294 -0
package/server/linear-project-manager.test.ts +162 -0
package/server/linear-project-manager.ts +111 -0
package/server/linear-prompt-builder.test.ts +74 -0
package/server/linear-prompt-builder.ts +61 -0
package/server/linear-staging.test.ts +276 -0
package/server/linear-staging.ts +142 -0
package/server/logger.test.ts +393 -0
package/server/logger.ts +259 -0
package/server/metrics-collector.test.ts +413 -0
package/server/metrics-collector.ts +350 -0
package/server/metrics-types.ts +108 -0
package/server/middleware/managed-auth.test.ts +264 -0
package/server/middleware/managed-auth.ts +195 -0
package/server/novnc-proxy.test.ts +333 -0
package/server/novnc-proxy.ts +99 -0
package/server/path-resolver.test.ts +552 -0
package/server/path-resolver.ts +186 -0
package/server/paths.test.ts +31 -0
package/server/paths.ts +11 -0
package/server/pr-poller.test.ts +191 -0
package/server/pr-poller.ts +162 -0
package/server/prompt-manager.test.ts +211 -0
package/server/prompt-manager.ts +211 -0
package/server/protocol/claude-upstream/README.md +19 -0
package/server/protocol/claude-upstream/sdk.d.ts.txt +1943 -0
package/server/protocol/codex-upstream/ClientNotification.ts.txt +5 -0
package/server/protocol/codex-upstream/ClientRequest.ts.txt +60 -0
package/server/protocol/codex-upstream/README.md +18 -0
package/server/protocol/codex-upstream/ServerNotification.ts.txt +41 -0
package/server/protocol/codex-upstream/ServerRequest.ts.txt +16 -0
package/server/protocol/codex-upstream/v2/DynamicToolCallParams.ts.txt +6 -0
package/server/protocol/codex-upstream/v2/DynamicToolCallResponse.ts.txt +6 -0
package/server/protocol-monitor.ts +50 -0
package/server/recorder.test.ts +454 -0
package/server/recorder.ts +374 -0
package/server/recording-hub/compat-validator.test.ts +150 -0
package/server/recording-hub/compat-validator.ts +284 -0
package/server/recording-hub/diagnostics.test.ts +140 -0
package/server/recording-hub/diagnostics.ts +299 -0
package/server/recording-hub/hub-config.test.ts +44 -0
package/server/recording-hub/hub-config.ts +19 -0
package/server/recording-hub/hub-routes.test.ts +417 -0
package/server/recording-hub/hub-routes.ts +236 -0
package/server/recording-hub/hub-store.test.ts +262 -0
package/server/recording-hub/hub-store.ts +265 -0
package/server/recording-hub/replay-adapter.test.ts +294 -0
package/server/recording-hub/replay-adapter.ts +207 -0
package/server/relay-client.test.ts +337 -0
package/server/relay-client.ts +320 -0
package/server/replay.test.ts +200 -0
package/server/replay.ts +78 -0
package/server/routes/agent-routes.test.ts +1400 -0
package/server/routes/agent-routes.ts +409 -0
package/server/routes/cron-routes.test.ts +881 -0
package/server/routes/cron-routes.ts +103 -0
package/server/routes/env-routes.test.ts +383 -0
package/server/routes/env-routes.ts +95 -0
package/server/routes/fs-routes.test.ts +1198 -0
package/server/routes/fs-routes.ts +605 -0
package/server/routes/git-routes.test.ts +813 -0
package/server/routes/git-routes.ts +97 -0
package/server/routes/linear-agent-routes.test.ts +721 -0
package/server/routes/linear-agent-routes.ts +304 -0
package/server/routes/linear-connection-routes.test.ts +927 -0
package/server/routes/linear-connection-routes.ts +244 -0
package/server/routes/linear-oauth-connection-routes.test.ts +406 -0
package/server/routes/linear-oauth-connection-routes.ts +129 -0
package/server/routes/linear-routes.test.ts +1510 -0
package/server/routes/linear-routes.ts +953 -0
package/server/routes/metrics-routes.test.ts +103 -0
package/server/routes/metrics-routes.ts +13 -0
package/server/routes/prompt-routes.ts +67 -0
package/server/routes/sandbox-routes.test.ts +513 -0
package/server/routes/sandbox-routes.ts +127 -0
package/server/routes/settings-routes.ts +270 -0
package/server/routes/skills-routes.test.ts +690 -0
package/server/routes/skills-routes.ts +100 -0
package/server/routes/system-routes.test.ts +637 -0
package/server/routes/system-routes.ts +228 -0
package/server/routes/tailscale-routes.test.ts +176 -0
package/server/routes/tailscale-routes.ts +22 -0
package/server/routes.test.ts +4655 -0
package/server/routes.ts +1277 -0
package/server/sandbox-manager.test.ts +378 -0
package/server/sandbox-manager.ts +168 -0
package/server/service.test.ts +1419 -0
package/server/service.ts +718 -0
package/server/session-creation-service.test.ts +661 -0
package/server/session-creation-service.ts +473 -0
package/server/session-git-info.ts +104 -0
package/server/session-linear-issues.test.ts +118 -0
package/server/session-linear-issues.ts +88 -0
package/server/session-names.test.ts +94 -0
package/server/session-names.ts +67 -0
package/server/session-orchestrator.test.ts +1784 -0
package/server/session-orchestrator.ts +973 -0
package/server/session-state-machine.test.ts +606 -0
package/server/session-state-machine.ts +207 -0
package/server/session-store.test.ts +290 -0
package/server/session-store.ts +146 -0
package/server/session-types.ts +509 -0
package/server/settings-manager.test.ts +275 -0
package/server/settings-manager.ts +173 -0
package/server/tailscale-manager.test.ts +553 -0
package/server/tailscale-manager.ts +451 -0
package/server/terminal-manager.ts +240 -0
package/server/update-checker.test.ts +306 -0
package/server/update-checker.ts +197 -0
package/server/usage-limits.test.ts +536 -0
package/server/usage-limits.ts +225 -0
package/server/worktree-tracker.test.ts +243 -0
package/server/worktree-tracker.ts +84 -0
package/server/ws-auth.test.ts +59 -0
package/server/ws-auth.ts +41 -0
package/server/ws-bridge-browser-ingest.test.ts +272 -0
package/server/ws-bridge-browser-ingest.ts +72 -0
package/server/ws-bridge-browser.ts +112 -0
package/server/ws-bridge-cli-ingest.test.ts +302 -0
package/server/ws-bridge-cli-ingest.ts +81 -0
package/server/ws-bridge-codex.test.ts +1837 -0
package/server/ws-bridge-codex.ts +266 -0
package/server/ws-bridge-controls.test.ts +124 -0
package/server/ws-bridge-controls.ts +20 -0
package/server/ws-bridge-persist.test.ts +296 -0
package/server/ws-bridge-persist.ts +66 -0
package/server/ws-bridge-publish.test.ts +234 -0
package/server/ws-bridge-publish.ts +79 -0
package/server/ws-bridge-replay.test.ts +44 -0
package/server/ws-bridge-replay.ts +61 -0
package/server/ws-bridge-types.ts +106 -0
package/server/ws-bridge.test.ts +4777 -0
package/server/ws-bridge.ts +1279 -0

package/server/linear-credential-migration.test.ts ADDED Viewed

@@ -0,0 +1,337 @@
+// Tests for the Linear OAuth credential migration module.
+// Verifies the one-time migration of global Linear OAuth credentials
+// from settings.json to the first eligible agent (has linear trigger
+// enabled but no per-agent oauthClientId yet).
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import type { AgentConfig } from "./agent-types.js";
+// ─── Mocks ──────────────────────────────────────────────────────────────────
+// Mock the agent store: listAgents and updateAgent
+vi.mock("./agent-store.js", () => ({
+  listAgents: vi.fn(() => []),
+  updateAgent: vi.fn(() => null),
+}));
+// Mock the settings manager: getSettings and updateSettings
+vi.mock("./settings-manager.js", () => ({
+  getSettings: vi.fn(() => ({
+    linearOAuthClientId: "",
+    linearOAuthClientSecret: "",
+    linearOAuthWebhookSecret: "",
+    linearOAuthAccessToken: "",
+    linearOAuthRefreshToken: "",
+  })),
+  updateSettings: vi.fn(),
+}));
+import { migrateLinearCredentialsToAgents } from "./linear-credential-migration.js";
+import * as agentStore from "./agent-store.js";
+import { getSettings, updateSettings } from "./settings-manager.js";
+// ─── Helpers ────────────────────────────────────────────────────────────────
+/** Build a minimal AgentConfig for testing with optional overrides. */
+function makeAgent(overrides: Partial<AgentConfig> = {}): AgentConfig {
+  return {
+    id: "test-agent",
+    version: 1,
+    name: "Test Agent",
+    description: "",
+    backendType: "claude",
+    model: "claude-sonnet-4-6",
+    permissionMode: "default",
+    cwd: "/tmp",
+    prompt: "do stuff",
+    enabled: true,
+    createdAt: Date.now(),
+    updatedAt: Date.now(),
+    totalRuns: 0,
+    consecutiveFailures: 0,
+    ...overrides,
+  };
+}
+// ─── Tests ──────────────────────────────────────────────────────────────────
+beforeEach(() => {
+  vi.clearAllMocks();
+});
+describe("migrateLinearCredentialsToAgents", () => {
+  // When no global OAuth client ID exists in settings, the function should
+  // return early without even querying for agents.
+  it("does nothing when no global OAuth credentials exist", () => {
+    vi.mocked(getSettings).mockReturnValue({
+      linearOAuthClientId: "",
+      linearOAuthClientSecret: "",
+      linearOAuthWebhookSecret: "",
+      linearOAuthAccessToken: "",
+      linearOAuthRefreshToken: "",
+    } as ReturnType<typeof getSettings>);
+    migrateLinearCredentialsToAgents();
+    // Should not attempt to list agents when there are no credentials to migrate
+    expect(agentStore.listAgents).not.toHaveBeenCalled();
+    expect(agentStore.updateAgent).not.toHaveBeenCalled();
+    expect(updateSettings).not.toHaveBeenCalled();
+  });
+  // When global credentials exist but no agent has linear enabled without
+  // existing oauthClientId, the function should log a message and return
+  // without modifying anything.
+  it("does nothing when no eligible agent is found", () => {
+    vi.mocked(getSettings).mockReturnValue({
+      linearOAuthClientId: "client-id-123",
+      linearOAuthClientSecret: "secret-456",
+      linearOAuthWebhookSecret: "webhook-789",
+      linearOAuthAccessToken: "access-token",
+      linearOAuthRefreshToken: "refresh-token",
+    } as ReturnType<typeof getSettings>);
+    // Agent has linear enabled but already has its own oauthClientId
+    const agentWithCreds = makeAgent({
+      id: "already-configured",
+      name: "Already Configured",
+      triggers: {
+        linear: {
+          enabled: true,
+          oauthClientId: "existing-client-id",
+        },
+      },
+    });
+    vi.mocked(agentStore.listAgents).mockReturnValue([agentWithCreds]);
+    const consoleSpy = vi.spyOn(console, "log").mockImplementation(() => {});
+    migrateLinearCredentialsToAgents();
+    // Should have listed agents to search for eligible ones
+    expect(agentStore.listAgents).toHaveBeenCalled();
+    // But should not have updated any agent or cleared settings
+    expect(agentStore.updateAgent).not.toHaveBeenCalled();
+    expect(updateSettings).not.toHaveBeenCalled();
+    // Should log a staging message
+    expect(consoleSpy).toHaveBeenCalledWith(
+      expect.stringContaining("no Linear agent found to migrate to"),
+    );
+    consoleSpy.mockRestore();
+  });
+  // Happy path: global credentials exist and there is exactly one eligible
+  // agent (linear enabled, no oauthClientId). The function should copy all
+  // credentials to the agent and then clear the global settings.
+  it("migrates credentials to the first eligible agent", () => {
+    const globalCreds = {
+      linearOAuthClientId: "client-id-123",
+      linearOAuthClientSecret: "secret-456",
+      linearOAuthWebhookSecret: "webhook-789",
+      linearOAuthAccessToken: "access-token",
+      linearOAuthRefreshToken: "refresh-token",
+    };
+    vi.mocked(getSettings).mockReturnValue(
+      globalCreds as ReturnType<typeof getSettings>,
+    );
+    const eligibleAgent = makeAgent({
+      id: "linear-agent",
+      name: "My Linear Agent",
+      triggers: {
+        linear: {
+          enabled: true,
+          // No oauthClientId — eligible for migration
+        },
+      },
+    });
+    vi.mocked(agentStore.listAgents).mockReturnValue([eligibleAgent]);
+    vi.mocked(agentStore.updateAgent).mockReturnValue(eligibleAgent);
+    const consoleSpy = vi.spyOn(console, "log").mockImplementation(() => {});
+    migrateLinearCredentialsToAgents();
+    // Should copy all global credentials to the agent's linear trigger config
+    expect(agentStore.updateAgent).toHaveBeenCalledWith("linear-agent", {
+      triggers: {
+        linear: {
+          enabled: true,
+          oauthClientId: "client-id-123",
+          oauthClientSecret: "secret-456",
+          webhookSecret: "webhook-789",
+          accessToken: "access-token",
+          refreshToken: "refresh-token",
+        },
+      },
+    });
+    // Should clear global credentials after successful migration
+    expect(updateSettings).toHaveBeenCalledWith({
+      linearOAuthClientId: "",
+      linearOAuthClientSecret: "",
+      linearOAuthWebhookSecret: "",
+      linearOAuthAccessToken: "",
+      linearOAuthRefreshToken: "",
+    });
+    // Should log success with agent name and ID
+    expect(consoleSpy).toHaveBeenCalledWith(
+      expect.stringContaining('Migrated global OAuth credentials to agent "My Linear Agent"'),
+    );
+    consoleSpy.mockRestore();
+  });
+  // When multiple agents have linear enabled, but the first one already has
+  // its own oauthClientId, the migration should skip it and migrate to the
+  // second agent that lacks credentials.
+  it("skips agents that already have oauthClientId and migrates to the next eligible one", () => {
+    vi.mocked(getSettings).mockReturnValue({
+      linearOAuthClientId: "global-client",
+      linearOAuthClientSecret: "global-secret",
+      linearOAuthWebhookSecret: "global-webhook",
+      linearOAuthAccessToken: "global-access",
+      linearOAuthRefreshToken: "global-refresh",
+    } as ReturnType<typeof getSettings>);
+    const agentWithCreds = makeAgent({
+      id: "agent-with-creds",
+      name: "Agent With Creds",
+      triggers: {
+        linear: {
+          enabled: true,
+          oauthClientId: "already-has-one",
+        },
+      },
+    });
+    const agentWithoutCreds = makeAgent({
+      id: "agent-without-creds",
+      name: "Agent Without Creds",
+      triggers: {
+        linear: {
+          enabled: true,
+          // No oauthClientId — this one should receive the migration
+        },
+      },
+    });
+    vi.mocked(agentStore.listAgents).mockReturnValue([
+      agentWithCreds,
+      agentWithoutCreds,
+    ]);
+    vi.mocked(agentStore.updateAgent).mockReturnValue(agentWithoutCreds);
+    const consoleSpy = vi.spyOn(console, "log").mockImplementation(() => {});
+    migrateLinearCredentialsToAgents();
+    // Should migrate to the second agent (the one without existing credentials)
+    expect(agentStore.updateAgent).toHaveBeenCalledWith(
+      "agent-without-creds",
+      expect.objectContaining({
+        triggers: expect.objectContaining({
+          linear: expect.objectContaining({
+            oauthClientId: "global-client",
+          }),
+        }),
+      }),
+    );
+    // Should clear global settings after migration
+    expect(updateSettings).toHaveBeenCalled();
+    consoleSpy.mockRestore();
+  });
+  // An agent exists but its linear trigger is not enabled (enabled: false).
+  // It should not be considered eligible for migration.
+  it("skips agents without linear trigger enabled", () => {
+    vi.mocked(getSettings).mockReturnValue({
+      linearOAuthClientId: "client-id",
+      linearOAuthClientSecret: "secret",
+      linearOAuthWebhookSecret: "webhook",
+      linearOAuthAccessToken: "access",
+      linearOAuthRefreshToken: "refresh",
+    } as ReturnType<typeof getSettings>);
+    const disabledLinearAgent = makeAgent({
+      id: "disabled-linear",
+      name: "Disabled Linear Agent",
+      triggers: {
+        linear: {
+          enabled: false,
+          // No oauthClientId, but linear is disabled so it shouldn't qualify
+        },
+      },
+    });
+    // Also test an agent with no triggers at all
+    const noTriggersAgent = makeAgent({
+      id: "no-triggers",
+      name: "No Triggers Agent",
+      // No triggers property
+    });
+    vi.mocked(agentStore.listAgents).mockReturnValue([
+      disabledLinearAgent,
+      noTriggersAgent,
+    ]);
+    const consoleSpy = vi.spyOn(console, "log").mockImplementation(() => {});
+    migrateLinearCredentialsToAgents();
+    // Neither agent should receive credentials
+    expect(agentStore.updateAgent).not.toHaveBeenCalled();
+    expect(updateSettings).not.toHaveBeenCalled();
+    // Should log the "no agent found" message
+    expect(consoleSpy).toHaveBeenCalledWith(
+      expect.stringContaining("no Linear agent found to migrate to"),
+    );
+    consoleSpy.mockRestore();
+  });
+  // If updateAgent returns null (store failure), the global credentials
+  // must NOT be cleared — otherwise the user's credentials are silently lost.
+  it("does NOT clear global credentials when updateAgent fails during migration", () => {
+    vi.mocked(getSettings).mockReturnValue({
+      linearOAuthClientId: "client-id",
+      linearOAuthClientSecret: "secret",
+      linearOAuthWebhookSecret: "webhook",
+      linearOAuthAccessToken: "access",
+      linearOAuthRefreshToken: "refresh",
+    } as ReturnType<typeof getSettings>);
+    const eligible = makeAgent({
+      id: "linear-agent",
+      name: "Linear Agent",
+      triggers: { linear: { enabled: true } },
+    });
+    vi.mocked(agentStore.listAgents).mockReturnValue([eligible]);
+    // Simulate a store failure
+    vi.mocked(agentStore.updateAgent).mockReturnValue(null);
+    const consoleErrorSpy = vi.spyOn(console, "error").mockImplementation(() => {});
+    migrateLinearCredentialsToAgents();
+    expect(agentStore.updateAgent).toHaveBeenCalled();
+    // Credentials must NOT be cleared if the agent write failed
+    expect(updateSettings).not.toHaveBeenCalled();
+    // Should log an error about the failure
+    expect(consoleErrorSpy).toHaveBeenCalledWith(
+      expect.stringContaining("Failed to write credentials to agent"),
+    );
+    consoleErrorSpy.mockRestore();
+  });
+});

package/server/linear-credential-migration.ts ADDED Viewed

@@ -0,0 +1,63 @@
+// Linear OAuth Credential Migration
+// One-time migration: copies global Linear OAuth credentials from settings.json
+// to the first Linear agent that doesn't have per-agent credentials.
+// This runs on server startup to handle the transition from global to per-agent storage.
+import * as agentStore from "./agent-store.js";
+import { getSettings, updateSettings } from "./settings-manager.js";
+/** Migrate global Linear OAuth credentials to the first eligible agent.
+ *  This is a one-time operation: once credentials are moved, global fields are cleared. */
+export function migrateLinearCredentialsToAgents(): void {
+  const settings = getSettings();
+  // Nothing to migrate if no global OAuth client ID
+  if (!settings.linearOAuthClientId.trim()) return;
+  const agents = agentStore.listAgents();
+  const linearAgent = agents.find(
+    (a) => a.triggers?.linear?.enabled && !a.triggers.linear.oauthClientId
+  );
+  if (!linearAgent) {
+    console.log(
+      "[linear-migration] Global OAuth credentials exist but no Linear agent found to migrate to. Credentials will remain in global settings as staging."
+    );
+    return;
+  }
+  // Copy credentials to the agent
+  const triggers = linearAgent.triggers!;
+  const updated = agentStore.updateAgent(linearAgent.id, {
+    triggers: {
+      ...triggers,
+      linear: {
+        enabled: true,
+        ...triggers.linear,
+        oauthClientId: settings.linearOAuthClientId,
+        oauthClientSecret: settings.linearOAuthClientSecret,
+        webhookSecret: settings.linearOAuthWebhookSecret,
+        accessToken: settings.linearOAuthAccessToken,
+        refreshToken: settings.linearOAuthRefreshToken,
+      },
+    },
+  });
+  // Only clear global credentials after a confirmed successful write
+  if (!updated) {
+    console.error("[linear-migration] Failed to write credentials to agent — global credentials preserved");
+    return;
+  }
+  updateSettings({
+    linearOAuthClientId: "",
+    linearOAuthClientSecret: "",
+    linearOAuthWebhookSecret: "",
+    linearOAuthAccessToken: "",
+    linearOAuthRefreshToken: "",
+  });
+  console.log(
+    `[linear-migration] Migrated global OAuth credentials to agent "${linearAgent.name}" (${linearAgent.id})`
+  );
+}

package/server/linear-oauth-connections-migration.test.ts ADDED Viewed

@@ -0,0 +1,268 @@
+/**
+ * Tests for the migrateFromAgents() auto-migration in linear-oauth-connections.ts.
+ *
+ * Validates:
+ * - Agents with inline OAuth credentials get migrated to standalone connections
+ * - Global settings with OAuth credentials get migrated
+ * - Deduplication by oauthClientId (multiple agents sharing the same app)
+ * - Agents get updated with oauthConnectionId after migration
+ * - No migration when connections already exist
+ * - Agents without oauthClientId are skipped
+ * - Status correctly derived from accessToken presence
+ * - Migrated connections persist to disk
+ *
+ * Uses the exported `migrateFromAgents(deps)` with injected dependencies
+ * instead of relying on `require()` interception.
+ */
+import { vi, describe, it, expect, beforeEach, afterAll } from "vitest";
+import { mkdirSync, rmSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import {
+  listOAuthConnections,
+  createOAuthConnection,
+  migrateFromAgents,
+  _resetForTest,
+} from "./linear-oauth-connections.js";
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+const TEST_DIR = join(tmpdir(), `companion-oauth-migration-test-${Date.now()}`);
+const TEST_FILE = join(TEST_DIR, "linear-oauth-connections.json");
+const mockUpdateAgent = vi.fn();
+function makeDeps(
+  agents: Array<Record<string, unknown>> = [],
+  settings: Record<string, string> = {},
+) {
+  return {
+    listAgents: () => agents as Array<{ id: string; name: string; triggers?: { linear?: Record<string, unknown> } }>,
+    updateAgent: mockUpdateAgent as (id: string, patch: Record<string, unknown>) => void,
+    getSettings: () => ({
+      linearOAuthClientId: "",
+      linearOAuthClientSecret: "",
+      linearOAuthWebhookSecret: "",
+      linearOAuthAccessToken: "",
+      linearOAuthRefreshToken: "",
+      ...settings,
+    }),
+  };
+}
+beforeEach(() => {
+  vi.clearAllMocks();
+  _resetForTest(TEST_FILE);
+  if (existsSync(TEST_DIR)) {
+    rmSync(TEST_DIR, { recursive: true });
+  }
+  mkdirSync(TEST_DIR, { recursive: true });
+});
+afterAll(() => {
+  if (existsSync(TEST_DIR)) {
+    rmSync(TEST_DIR, { recursive: true });
+  }
+});
+// =============================================================================
+// Tests
+// =============================================================================
+describe("migrateFromAgents", () => {
+  it("migrates agents with inline OAuth credentials to standalone connections", () => {
+    const deps = makeDeps([
+      {
+        id: "agent-1",
+        name: "Linear Bot",
+        triggers: {
+          linear: {
+            enabled: true,
+            oauthClientId: "inline-cid",
+            oauthClientSecret: "inline-csec",
+            webhookSecret: "inline-wsec",
+            accessToken: "inline-tok",
+            refreshToken: "inline-ref",
+          },
+        },
+      },
+    ]);
+    migrateFromAgents(deps);
+    const conns = listOAuthConnections();
+    expect(conns).toHaveLength(1);
+    expect(conns[0].oauthClientId).toBe("inline-cid");
+    expect(conns[0].oauthClientSecret).toBe("inline-csec");
+    expect(conns[0].webhookSecret).toBe("inline-wsec");
+    expect(conns[0].accessToken).toBe("inline-tok");
+    expect(conns[0].status).toBe("connected");
+    expect(conns[0].name).toBe("Linear Bot OAuth App");
+    // Agent should be updated with oauthConnectionId
+    expect(mockUpdateAgent).toHaveBeenCalledWith(
+      "agent-1",
+      expect.objectContaining({
+        triggers: expect.objectContaining({
+          linear: expect.objectContaining({
+            oauthConnectionId: conns[0].id,
+          }),
+        }),
+      }),
+    );
+  });
+  it("deduplicates by oauthClientId when multiple agents share the same app", () => {
+    const deps = makeDeps([
+      {
+        id: "agent-1",
+        name: "Bot A",
+        triggers: {
+          linear: {
+            enabled: true,
+            oauthClientId: "shared-cid",
+            oauthClientSecret: "csec",
+            webhookSecret: "wsec",
+            accessToken: "tok",
+          },
+        },
+      },
+      {
+        id: "agent-2",
+        name: "Bot B",
+        triggers: {
+          linear: {
+            enabled: true,
+            oauthClientId: "shared-cid", // same clientId
+            oauthClientSecret: "csec",
+            webhookSecret: "wsec",
+            accessToken: "tok",
+          },
+        },
+      },
+    ]);
+    migrateFromAgents(deps);
+    const conns = listOAuthConnections();
+    // Should create only one connection (deduplication)
+    expect(conns).toHaveLength(1);
+    // Both agents should be updated with the same connection ID
+    expect(mockUpdateAgent).toHaveBeenCalledTimes(2);
+    expect(mockUpdateAgent).toHaveBeenCalledWith("agent-1", expect.anything());
+    expect(mockUpdateAgent).toHaveBeenCalledWith("agent-2", expect.anything());
+  });
+  it("migrates from global settings when no agent credentials exist", () => {
+    const deps = makeDeps([], {
+      linearOAuthClientId: "settings-cid",
+      linearOAuthClientSecret: "settings-csec",
+      linearOAuthWebhookSecret: "settings-wsec",
+      linearOAuthAccessToken: "settings-tok",
+      linearOAuthRefreshToken: "settings-ref",
+    });
+    migrateFromAgents(deps);
+    const conns = listOAuthConnections();
+    expect(conns).toHaveLength(1);
+    expect(conns[0].name).toBe("Default OAuth App");
+    expect(conns[0].oauthClientId).toBe("settings-cid");
+    expect(conns[0].status).toBe("connected");
+  });
+  it("skips migration when connections already exist", () => {
+    // Pre-create a connection
+    createOAuthConnection({
+      name: "Existing",
+      oauthClientId: "existing-cid",
+      oauthClientSecret: "csec",
+      webhookSecret: "wsec",
+    });
+    const deps = makeDeps([
+      {
+        id: "agent-1",
+        name: "Bot",
+        triggers: {
+          linear: {
+            enabled: true,
+            oauthClientId: "new-cid",
+            oauthClientSecret: "csec",
+          },
+        },
+      },
+    ]);
+    migrateFromAgents(deps);
+    const conns = listOAuthConnections();
+    // Should NOT create additional connections
+    expect(conns).toHaveLength(1);
+    expect(conns[0].oauthClientId).toBe("existing-cid");
+    expect(mockUpdateAgent).not.toHaveBeenCalled();
+  });
+  it("skips agents without oauthClientId", () => {
+    const deps = makeDeps([
+      {
+        id: "agent-1",
+        name: "No OAuth",
+        triggers: { linear: { enabled: true } },
+      },
+    ]);
+    migrateFromAgents(deps);
+    expect(listOAuthConnections()).toHaveLength(0);
+  });
+  it("sets status to disconnected when agent has no accessToken", () => {
+    const deps = makeDeps([
+      {
+        id: "agent-1",
+        name: "Unconnected Bot",
+        triggers: {
+          linear: {
+            enabled: true,
+            oauthClientId: "cid",
+            oauthClientSecret: "csec",
+          },
+        },
+      },
+    ]);
+    migrateFromAgents(deps);
+    const conns = listOAuthConnections();
+    expect(conns).toHaveLength(1);
+    expect(conns[0].status).toBe("disconnected");
+  });
+  it("persists migrated connections to disk", () => {
+    const deps = makeDeps([
+      {
+        id: "agent-1",
+        name: "Persist Test",
+        triggers: {
+          linear: {
+            enabled: true,
+            oauthClientId: "persist-cid",
+            oauthClientSecret: "csec",
+            webhookSecret: "wsec",
+          },
+        },
+      },
+    ]);
+    migrateFromAgents(deps);
+    expect(existsSync(TEST_FILE)).toBe(true);
+    // Reload from disk and verify
+    _resetForTest(TEST_FILE);
+    const conns = listOAuthConnections();
+    expect(conns).toHaveLength(1);
+    expect(conns[0].oauthClientId).toBe("persist-cid");
+  });
+});