npm - @hellcoder/companion - Versions diffs - 0.96.0 - Mend

@hellcoder/companion 0.96.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/bin/cli.ts +168 -0
package/bin/ctl.ts +528 -0
package/bin/generate-token.ts +28 -0
package/dist/apple-touch-icon.png +0 -0
package/dist/assets/AgentsPage-DCFhrJ28.js +13 -0
package/dist/assets/CronManager-EGwLJONv.js +1 -0
package/dist/assets/IntegrationsPage-CTMRnbQS.js +1 -0
package/dist/assets/LinearOAuthSettingsPage-CgQFMIgr.js +1 -0
package/dist/assets/LinearSettingsPage-C9nok1qi.js +1 -0
package/dist/assets/Playground-BV3k0RbV.js +109 -0
package/dist/assets/PromptsPage-CFojqNKP.js +4 -0
package/dist/assets/RunsPage-DUJ1QUSa.js +1 -0
package/dist/assets/SandboxManager-CrVQ-VU_.js +8 -0
package/dist/assets/SettingsPage-D1fPCL19.js +1 -0
package/dist/assets/TailscalePage-D06cyvyC.js +1 -0
package/dist/assets/index-BhUa1e6X.css +1 -0
package/dist/assets/index-DkqeP-R9.js +134 -0
package/dist/assets/sw-register-BibwRdvC.js +1 -0
package/dist/assets/workbox-window.prod.es5-BIl4cyR9.js +2 -0
package/dist/favicon.svg +8 -0
package/dist/fonts/MesloLGSNerdFontMono-Bold.woff2 +0 -0
package/dist/fonts/MesloLGSNerdFontMono-Regular.woff2 +0 -0
package/dist/icon-192.png +0 -0
package/dist/icon-512.png +0 -0
package/dist/index.html +20 -0
package/dist/logo-codex.svg +14 -0
package/dist/logo-docker.svg +4 -0
package/dist/logo.svg +14 -0
package/dist/manifest.json +24 -0
package/dist/sw.js +2 -0
package/package.json +104 -0
package/server/agent-cron-migrator.test.ts +610 -0
package/server/agent-cron-migrator.ts +85 -0
package/server/agent-executor.test.ts +1108 -0
package/server/agent-executor.ts +346 -0
package/server/agent-store.test.ts +588 -0
package/server/agent-store.ts +185 -0
package/server/agent-types.ts +138 -0
package/server/ai-validation-settings.test.ts +128 -0
package/server/ai-validation-settings.ts +35 -0
package/server/ai-validator.test.ts +387 -0
package/server/ai-validator.ts +271 -0
package/server/auth-manager.test.ts +83 -0
package/server/auth-manager.ts +150 -0
package/server/auto-namer.test.ts +252 -0
package/server/auto-namer.ts +78 -0
package/server/backend-adapter.test.ts +38 -0
package/server/backend-adapter.ts +54 -0
package/server/cache-headers.test.ts +98 -0
package/server/cache-headers.ts +61 -0
package/server/claude-adapter.test.ts +1363 -0
package/server/claude-adapter.ts +889 -0
package/server/claude-container-auth.test.ts +44 -0
package/server/claude-container-auth.ts +30 -0
package/server/claude-protocol-contract.test.ts +71 -0
package/server/claude-protocol-drift.test.ts +78 -0
package/server/claude-session-discovery.test.ts +132 -0
package/server/claude-session-discovery.ts +157 -0
package/server/claude-session-history.test.ts +158 -0
package/server/claude-session-history.ts +410 -0
package/server/cli-launcher.test.ts +1343 -0
package/server/cli-launcher.ts +1298 -0
package/server/cli.test.ts +16 -0
package/server/codex-adapter.test.ts +5545 -0
package/server/codex-adapter.ts +3062 -0
package/server/codex-container-auth.test.ts +50 -0
package/server/codex-container-auth.ts +24 -0
package/server/codex-home.test.ts +61 -0
package/server/codex-home.ts +26 -0
package/server/codex-protocol-contract.test.ts +96 -0
package/server/codex-protocol-drift.test.ts +123 -0
package/server/codex-ws-proxy.cjs +226 -0
package/server/commands-discovery.test.ts +179 -0
package/server/commands-discovery.ts +81 -0
package/server/constants.ts +7 -0
package/server/container-manager.test.ts +1211 -0
package/server/container-manager.ts +1053 -0
package/server/cron-scheduler.test.ts +957 -0
package/server/cron-scheduler.ts +243 -0
package/server/cron-store.test.ts +422 -0
package/server/cron-store.ts +148 -0
package/server/cron-types.ts +63 -0
package/server/env-manager.test.ts +268 -0
package/server/env-manager.ts +161 -0
package/server/event-bus-types.ts +64 -0
package/server/event-bus.test.ts +244 -0
package/server/event-bus.ts +124 -0
package/server/execution-store.test.ts +307 -0
package/server/execution-store.ts +170 -0
package/server/fs-utils.ts +15 -0
package/server/git-utils.test.ts +938 -0
package/server/git-utils.ts +421 -0
package/server/github-pr.test.ts +498 -0
package/server/github-pr.ts +379 -0
package/server/image-pull-manager.test.ts +303 -0
package/server/image-pull-manager.ts +279 -0
package/server/index.ts +396 -0
package/server/linear-agent-bridge.test.ts +1157 -0
package/server/linear-agent-bridge.ts +629 -0
package/server/linear-agent.test.ts +473 -0
package/server/linear-agent.ts +479 -0
package/server/linear-cache.test.ts +136 -0
package/server/linear-cache.ts +113 -0
package/server/linear-connections.test.ts +350 -0
package/server/linear-connections.ts +231 -0
package/server/linear-credential-migration.test.ts +337 -0
package/server/linear-credential-migration.ts +63 -0
package/server/linear-oauth-connections-migration.test.ts +268 -0
package/server/linear-oauth-connections.test.ts +365 -0
package/server/linear-oauth-connections.ts +294 -0
package/server/linear-project-manager.test.ts +162 -0
package/server/linear-project-manager.ts +111 -0
package/server/linear-prompt-builder.test.ts +74 -0
package/server/linear-prompt-builder.ts +61 -0
package/server/linear-staging.test.ts +276 -0
package/server/linear-staging.ts +142 -0
package/server/logger.test.ts +393 -0
package/server/logger.ts +259 -0
package/server/metrics-collector.test.ts +413 -0
package/server/metrics-collector.ts +350 -0
package/server/metrics-types.ts +108 -0
package/server/middleware/managed-auth.test.ts +264 -0
package/server/middleware/managed-auth.ts +195 -0
package/server/novnc-proxy.test.ts +333 -0
package/server/novnc-proxy.ts +99 -0
package/server/path-resolver.test.ts +552 -0
package/server/path-resolver.ts +186 -0
package/server/paths.test.ts +31 -0
package/server/paths.ts +11 -0
package/server/pr-poller.test.ts +191 -0
package/server/pr-poller.ts +162 -0
package/server/prompt-manager.test.ts +211 -0
package/server/prompt-manager.ts +211 -0
package/server/protocol/claude-upstream/README.md +19 -0
package/server/protocol/claude-upstream/sdk.d.ts.txt +1943 -0
package/server/protocol/codex-upstream/ClientNotification.ts.txt +5 -0
package/server/protocol/codex-upstream/ClientRequest.ts.txt +60 -0
package/server/protocol/codex-upstream/README.md +18 -0
package/server/protocol/codex-upstream/ServerNotification.ts.txt +41 -0
package/server/protocol/codex-upstream/ServerRequest.ts.txt +16 -0
package/server/protocol/codex-upstream/v2/DynamicToolCallParams.ts.txt +6 -0
package/server/protocol/codex-upstream/v2/DynamicToolCallResponse.ts.txt +6 -0
package/server/protocol-monitor.ts +50 -0
package/server/recorder.test.ts +454 -0
package/server/recorder.ts +374 -0
package/server/recording-hub/compat-validator.test.ts +150 -0
package/server/recording-hub/compat-validator.ts +284 -0
package/server/recording-hub/diagnostics.test.ts +140 -0
package/server/recording-hub/diagnostics.ts +299 -0
package/server/recording-hub/hub-config.test.ts +44 -0
package/server/recording-hub/hub-config.ts +19 -0
package/server/recording-hub/hub-routes.test.ts +417 -0
package/server/recording-hub/hub-routes.ts +236 -0
package/server/recording-hub/hub-store.test.ts +262 -0
package/server/recording-hub/hub-store.ts +265 -0
package/server/recording-hub/replay-adapter.test.ts +294 -0
package/server/recording-hub/replay-adapter.ts +207 -0
package/server/relay-client.test.ts +337 -0
package/server/relay-client.ts +320 -0
package/server/replay.test.ts +200 -0
package/server/replay.ts +78 -0
package/server/routes/agent-routes.test.ts +1400 -0
package/server/routes/agent-routes.ts +409 -0
package/server/routes/cron-routes.test.ts +881 -0
package/server/routes/cron-routes.ts +103 -0
package/server/routes/env-routes.test.ts +383 -0
package/server/routes/env-routes.ts +95 -0
package/server/routes/fs-routes.test.ts +1198 -0
package/server/routes/fs-routes.ts +605 -0
package/server/routes/git-routes.test.ts +813 -0
package/server/routes/git-routes.ts +97 -0
package/server/routes/linear-agent-routes.test.ts +721 -0
package/server/routes/linear-agent-routes.ts +304 -0
package/server/routes/linear-connection-routes.test.ts +927 -0
package/server/routes/linear-connection-routes.ts +244 -0
package/server/routes/linear-oauth-connection-routes.test.ts +406 -0
package/server/routes/linear-oauth-connection-routes.ts +129 -0
package/server/routes/linear-routes.test.ts +1510 -0
package/server/routes/linear-routes.ts +953 -0
package/server/routes/metrics-routes.test.ts +103 -0
package/server/routes/metrics-routes.ts +13 -0
package/server/routes/prompt-routes.ts +67 -0
package/server/routes/sandbox-routes.test.ts +513 -0
package/server/routes/sandbox-routes.ts +127 -0
package/server/routes/settings-routes.ts +270 -0
package/server/routes/skills-routes.test.ts +690 -0
package/server/routes/skills-routes.ts +100 -0
package/server/routes/system-routes.test.ts +637 -0
package/server/routes/system-routes.ts +228 -0
package/server/routes/tailscale-routes.test.ts +176 -0
package/server/routes/tailscale-routes.ts +22 -0
package/server/routes.test.ts +4655 -0
package/server/routes.ts +1277 -0
package/server/sandbox-manager.test.ts +378 -0
package/server/sandbox-manager.ts +168 -0
package/server/service.test.ts +1419 -0
package/server/service.ts +718 -0
package/server/session-creation-service.test.ts +661 -0
package/server/session-creation-service.ts +473 -0
package/server/session-git-info.ts +104 -0
package/server/session-linear-issues.test.ts +118 -0
package/server/session-linear-issues.ts +88 -0
package/server/session-names.test.ts +94 -0
package/server/session-names.ts +67 -0
package/server/session-orchestrator.test.ts +1784 -0
package/server/session-orchestrator.ts +973 -0
package/server/session-state-machine.test.ts +606 -0
package/server/session-state-machine.ts +207 -0
package/server/session-store.test.ts +290 -0
package/server/session-store.ts +146 -0
package/server/session-types.ts +509 -0
package/server/settings-manager.test.ts +275 -0
package/server/settings-manager.ts +173 -0
package/server/tailscale-manager.test.ts +553 -0
package/server/tailscale-manager.ts +451 -0
package/server/terminal-manager.ts +240 -0
package/server/update-checker.test.ts +306 -0
package/server/update-checker.ts +197 -0
package/server/usage-limits.test.ts +536 -0
package/server/usage-limits.ts +225 -0
package/server/worktree-tracker.test.ts +243 -0
package/server/worktree-tracker.ts +84 -0
package/server/ws-auth.test.ts +59 -0
package/server/ws-auth.ts +41 -0
package/server/ws-bridge-browser-ingest.test.ts +272 -0
package/server/ws-bridge-browser-ingest.ts +72 -0
package/server/ws-bridge-browser.ts +112 -0
package/server/ws-bridge-cli-ingest.test.ts +302 -0
package/server/ws-bridge-cli-ingest.ts +81 -0
package/server/ws-bridge-codex.test.ts +1837 -0
package/server/ws-bridge-codex.ts +266 -0
package/server/ws-bridge-controls.test.ts +124 -0
package/server/ws-bridge-controls.ts +20 -0
package/server/ws-bridge-persist.test.ts +296 -0
package/server/ws-bridge-persist.ts +66 -0
package/server/ws-bridge-publish.test.ts +234 -0
package/server/ws-bridge-publish.ts +79 -0
package/server/ws-bridge-replay.test.ts +44 -0
package/server/ws-bridge-replay.ts +61 -0
package/server/ws-bridge-types.ts +106 -0
package/server/ws-bridge.test.ts +4777 -0
package/server/ws-bridge.ts +1279 -0

package/server/routes/linear-agent-routes.ts ADDED Viewed

@@ -0,0 +1,304 @@
+// ─── Linear Agent Interaction SDK Routes ─────────────────────────────────────
+// Webhook endpoint for AgentSessionEvent + OAuth callback for app installation.
+// The webhook route and OAuth callback are registered BEFORE auth middleware —
+// Linear handles its own signature verification via HMAC-SHA256 and the OAuth
+// callback is a redirect from Linear's authorization flow (no auth token in URL).
+import type { Hono } from "hono";
+import type { LinearAgentBridge } from "../linear-agent-bridge.js";
+import * as linearAgent from "../linear-agent.js";
+import type { AgentSessionEventPayload } from "../linear-agent.js";
+import * as agentStore from "../agent-store.js";
+import * as staging from "../linear-staging.js";
+import { getSettings, updateSettings } from "../settings-manager.js";
+import { findOAuthConnectionByClientId } from "../linear-oauth-connections.js";
+function sanitizeLogField(value: string | undefined): string {
+  return (value || "unknown").replace(/[\r\n\t]/g, "_").slice(0, 128);
+}
+/**
+ * Register the Linear Agent SDK pre-auth routes (before auth middleware).
+ * Includes the webhook (HMAC-SHA256 verified) and the OAuth callback
+ * (redirect from Linear — user has no auth token in the URL).
+ */
+export function registerLinearAgentWebhookRoute(
+  api: Hono,
+  bridge: LinearAgentBridge,
+): void {
+  // Webhook endpoint — verified via HMAC-SHA256 signature (per-agent lookup)
+  api.post("/linear/agent-webhook", async (c) => {
+    const rawBody = await c.req.text();
+    const signature = c.req.header("linear-signature") ?? c.req.header("x-linear-signature");
+    // Parse payload first to extract oauthClientId for agent lookup
+    let payload: AgentSessionEventPayload;
+    try {
+      payload = JSON.parse(rawBody) as AgentSessionEventPayload;
+    } catch {
+      return c.json({ error: "Invalid JSON" }, 400);
+    }
+    // Only handle AgentSessionEvent
+    if (payload.type !== "AgentSessionEvent") {
+      return c.json({ ok: true, ignored: true });
+    }
+    const action = sanitizeLogField(payload.action);
+    const oauthClientId = sanitizeLogField(payload.oauthClientId);
+    const linearSessionId = sanitizeLogField(payload.agentSession?.id);
+    // Look up credentials: first try OAuth connection (new model), then inline (legacy)
+    const oauthConn = payload.oauthClientId ? findOAuthConnectionByClientId(payload.oauthClientId) : null;
+    let webhookSecret: string;
+    let agent: ReturnType<typeof agentStore.listAgents>[number] | undefined;
+    if (oauthConn) {
+      // New model: find agent referencing this connection
+      webhookSecret = oauthConn.webhookSecret;
+      agent = agentStore.listAgents().find(
+        (a) => a.enabled && a.triggers?.linear?.enabled
+          && a.triggers.linear.oauthConnectionId === oauthConn.id,
+      );
+    } else {
+      // Legacy: find agent by inline oauthClientId
+      agent = agentStore.listAgents().find(
+        (a) => a.enabled && a.triggers?.linear?.enabled
+          && a.triggers.linear.oauthClientId === payload.oauthClientId,
+      );
+      webhookSecret = agent?.triggers?.linear?.webhookSecret || "";
+    }
+    if (!agent) {
+      console.error(
+        `[linear-agent-routes] No agent found for oauthClientId: ${oauthClientId} action=${action} sessionId=${linearSessionId}`,
+      );
+      return c.json({ error: "No agent configured for this OAuth client" }, 404);
+    }
+    if (!linearAgent.verifyWebhookSignature(webhookSecret, rawBody, signature ?? null)) {
+      console.warn(
+        `[linear-agent-routes] Invalid webhook signature for oauthClientId: ${oauthClientId} action=${action} sessionId=${linearSessionId} agentId=${agent.id} signature=${signature ? "present" : "missing"}`,
+      );
+      return c.json({ error: "Invalid signature" }, 401);
+    }
+    console.log(
+      `[linear-agent-routes] Accepted AgentSessionEvent action=${action} sessionId=${linearSessionId} oauthClientId=${oauthClientId} agentId=${agent.id}`,
+    );
+    // Dispatch asynchronously — must return 200 within 5s
+    bridge.handleEvent(payload).catch((err) => {
+      console.error("[linear-agent-routes] Error handling event:", err);
+    });
+    return c.json({ ok: true });
+  });
+  // OAuth callback — redirect from Linear after authorization.
+  // Pre-auth because the browser lands here from Linear with no Companion auth token.
+  // Protected by the OAuth `state` nonce (CSRF prevention).
+  api.get("/linear/oauth/callback", async (c) => {
+    const code = c.req.query("code");
+    const state = c.req.query("state");
+    const error = c.req.query("error");
+    if (error) {
+      return c.redirect(`/#/settings/linear?oauth_error=${encodeURIComponent(error)}`);
+    }
+    if (!code) {
+      return c.redirect("/#/settings/linear?oauth_error=no_code");
+    }
+    // Validate the state nonce to prevent CSRF
+    const stateResult = linearAgent.validateOAuthState(state);
+    if (!stateResult.valid) {
+      return c.redirect("/#/settings/linear?oauth_error=invalid_state");
+    }
+    // Determine redirect target — validate returnTo is a safe relative hash-router path
+    // to prevent open redirects (state passes through the browser and could be tampered with)
+    const rawReturnTo = stateResult.returnTo;
+    const redirectBase = (rawReturnTo && /^\/?#\//.test(rawReturnTo)) ? rawReturnTo : "/#/settings/linear";
+    // Build redirect URI (must match what was sent in the authorize request)
+    const settings = getSettings();
+    const baseUrl = settings.publicUrl || `http://localhost:${process.env.PORT || 3456}`;
+    const redirectUri = `${baseUrl}/api/linear/oauth/callback`;
+    // Determine which credentials to use for token exchange:
+    // 1. OAuth connection (new model) — connectionId in state
+    // 2. Staging slot (wizard flow) — stagingId in state
+    // 3. Global settings (legacy fallback)
+    const { getOAuthConnection, updateOAuthConnection } = await import("../linear-oauth-connections.js");
+    const oauthConnection = stateResult.connectionId ? getOAuthConnection(stateResult.connectionId) : null;
+    const stagingSlot = stateResult.stagingId ? staging.getSlot(stateResult.stagingId) : null;
+    // If a connectionId was in the state but the connection is gone, fail
+    if (stateResult.connectionId && !oauthConnection) {
+      return c.redirect(`${redirectBase}?oauth_error=${encodeURIComponent("connection_not_found")}`);
+    }
+    // If a stagingId was in the state but the slot is gone (expired/deleted), don't silently
+    // fall back to global settings — that would use the wrong OAuth app's credentials
+    if (stateResult.stagingId && !stagingSlot) {
+      return c.redirect(`${redirectBase}?oauth_error=${encodeURIComponent("staging_slot_expired")}`);
+    }
+    const clientId = oauthConnection?.oauthClientId || stagingSlot?.clientId || settings.linearOAuthClientId;
+    const clientSecret = oauthConnection?.oauthClientSecret || stagingSlot?.clientSecret || settings.linearOAuthClientSecret;
+    const tokens = await linearAgent.exchangeCodeForTokens(
+      { clientId, clientSecret },
+      code,
+      redirectUri,
+    );
+    if (!tokens) {
+      return c.redirect(`${redirectBase}?oauth_error=token_exchange_failed`);
+    }
+    // Persist tokens to the appropriate store
+    if (stateResult.connectionId && oauthConnection) {
+      // New model: store tokens directly in the OAuth connection
+      updateOAuthConnection(stateResult.connectionId, {
+        accessToken: tokens.accessToken,
+        refreshToken: tokens.refreshToken,
+        status: "connected",
+      });
+    } else if (stateResult.stagingId) {
+      staging.updateSlotTokens(stateResult.stagingId, tokens);
+    } else {
+      updateSettings({
+        linearOAuthAccessToken: tokens.accessToken,
+        linearOAuthRefreshToken: tokens.refreshToken,
+      });
+    }
+    console.log("[linear-agent-routes] OAuth tokens obtained successfully");
+    return c.redirect(`${redirectBase}?oauth_success=true`);
+  });
+}
+/**
+ * Register protected Linear Agent SDK routes (after auth middleware).
+ * Status + authorize URL + disconnect + staging slot endpoints.
+ */
+export function registerLinearAgentProtectedRoutes(api: Hono): void {
+  // ── Staging slot CRUD ──────────────────────────────────────────────────
+  // Create a staging slot for the wizard flow
+  api.post("/linear/oauth/staging", async (c) => {
+    const body = await c.req.json() as {
+      clientId?: string;
+      clientSecret?: string;
+      webhookSecret?: string;
+    };
+    const clientId = (body.clientId || "").trim();
+    const clientSecret = (body.clientSecret || "").trim();
+    const webhookSecret = (body.webhookSecret || "").trim();
+    if (!clientId || !clientSecret || !webhookSecret) {
+      return c.json({ error: "clientId, clientSecret, and webhookSecret are required" }, 400);
+    }
+    const stagingId = staging.createSlot({ clientId, clientSecret, webhookSecret });
+    return c.json({ stagingId });
+  });
+  // Check staging slot status
+  api.get("/linear/oauth/staging/:id/status", (c) => {
+    const id = c.req.param("id");
+    const slot = staging.getSlot(id);
+    if (!slot) {
+      return c.json({ exists: false, hasAccessToken: false, hasClientId: false, hasClientSecret: false });
+    }
+    return c.json({
+      exists: true,
+      hasAccessToken: !!slot.accessToken,
+      hasClientId: !!slot.clientId,
+      hasClientSecret: !!slot.clientSecret,
+    });
+  });
+  // Delete a staging slot
+  api.delete("/linear/oauth/staging/:id", (c) => {
+    const id = c.req.param("id");
+    staging.deleteSlot(id);
+    return c.json({ ok: true });
+  });
+  // ── OAuth flow endpoints ───────────────────────────────────────────────
+  // Get OAuth authorize URL for installing the app
+  api.get("/linear/oauth/authorize-url", (c) => {
+    const settings = getSettings();
+    const baseUrl = settings.publicUrl || `http://localhost:${process.env.PORT || 3456}`;
+    const redirectUri = `${baseUrl}/api/linear/oauth/callback`;
+    const returnTo = c.req.query("returnTo");
+    const stagingId = c.req.query("stagingId");
+    // Validate returnTo is a safe relative hash-router path to prevent open redirects
+    const safeReturnTo = returnTo && /^\/?#\//.test(returnTo) ? returnTo : undefined;
+    // Use staging slot's clientId if provided, fall back to global settings
+    const slot = stagingId ? staging.getSlot(stagingId) : null;
+    // If a stagingId was provided but the slot is expired/missing, fail early
+    // rather than generating a URL that will fail at callback time
+    if (stagingId && !slot) {
+      return c.json({ error: "Staging slot expired or not found" }, 404);
+    }
+    const clientId = slot?.clientId || settings.linearOAuthClientId;
+    const result = linearAgent.getOAuthAuthorizeUrl(clientId, redirectUri, {
+      returnTo: safeReturnTo,
+      stagingId,
+    });
+    if (!result) {
+      return c.json({ error: "OAuth client ID not configured" }, 400);
+    }
+    return c.json({ url: result.url });
+  });
+  // Check OAuth configuration status (global or staging slot)
+  api.get("/linear/oauth/status", (c) => {
+    const stagingId = c.req.query("stagingId");
+    if (stagingId) {
+      const slot = staging.getSlot(stagingId);
+      return c.json({
+        configured: !!(slot?.clientId && slot?.clientSecret && slot?.accessToken),
+        hasClientId: !!slot?.clientId,
+        hasClientSecret: !!slot?.clientSecret,
+        hasWebhookSecret: !!slot?.webhookSecret,
+        hasAccessToken: !!slot?.accessToken,
+      });
+    }
+    const settings = getSettings();
+    return c.json({
+      configured: linearAgent.isLinearOAuthConfigured({
+        clientId: settings.linearOAuthClientId,
+        clientSecret: settings.linearOAuthClientSecret,
+        accessToken: settings.linearOAuthAccessToken,
+      }),
+      hasClientId: !!settings.linearOAuthClientId.trim(),
+      hasClientSecret: !!settings.linearOAuthClientSecret.trim(),
+      hasWebhookSecret: !!settings.linearOAuthWebhookSecret.trim(),
+      hasAccessToken: !!settings.linearOAuthAccessToken.trim(),
+    });
+  });
+  // Disconnect OAuth (clear tokens)
+  api.post("/linear/oauth/disconnect", (c) => {
+    updateSettings({
+      linearOAuthAccessToken: "",
+      linearOAuthRefreshToken: "",
+    });
+    return c.json({ ok: true });
+  });
+}