@jhizzard/termdeck 1.6.1 → 1.8.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jhizzard/termdeck",
-  "version": "1.6.1",
+  "version": "1.8.0",
   "description": "Browser-based terminal multiplexer with metadata overlays, panel flashback memory recall, and AI-aware session management",
   "bin": {
     "termdeck": "./packages/cli/src/index.js"

package/packages/cli/src/doctor.js

@@ -256,6 +256,7 @@ function parseArgv(argv) {
     json: args.includes('--json'),
     noColor: args.includes('--no-color'),
     noSchema: args.includes('--no-schema'),
+    noAgents: args.includes('--no-agents'),
   };
 }
 
@@ -547,6 +548,83 @@ function renderSchemaResult(result, c) {
   return out.join('\n');
 }
 
+// ── Sprint 70 T2: agent-CLI auth-probe section ─────────────────────────────
+//
+// Surfaces each agent adapter's `checkAuth()` verdict in `termdeck doctor` so a
+// misconfigured agent CLI is caught here instead of failing silently at panel
+// spawn. The motivating case: Google ends Gemini's OAuth serving path on
+// 2026-06-18, after which a Gemini CLI still set to `oauth-personal` stops
+// working — `checkAuth()` reports that as `wrong-mode` and this section turns
+// it into a doctor RED (exit 1) with a remediation hint.
+//
+// Only adapters that expose a `checkAuth` function participate (Gemini today;
+// forward-compatible as Codex/Grok/agy add probes). Static-only (`live:false`)
+// — no spawn / network, so the section never hangs or hits an API. The whole
+// registry require is wrapped: on any load failure the section is skipped
+// (never a crash, never a false RED). Monkey-patchable as
+// `module.exports._runAgentAuthCheck`, the same seam pattern as
+// `_runSchemaCheck`.
+async function _runAgentAuthCheck(opts = {}) {
+  let registry;
+  try {
+    registry = require(path.join(__dirname, '..', '..', 'server', 'src', 'agent-adapters'));
+  } catch (err) {
+    return {
+      skipped: true,
+      reason: `agent adapters unavailable: ${err && err.message || err}`,
+      agents: [], passed: 0, total: 0, hasGaps: false,
+    };
+  }
+  const adapters = Object.values((registry && registry.AGENT_ADAPTERS) || {})
+    .filter((a) => a && typeof a.checkAuth === 'function');
+  const agents = [];
+  for (const a of adapters) {
+    let v;
+    try {
+      // live:false → static checks only (env + settings.json); never spawns.
+      v = await a.checkAuth({ live: false, ...opts });
+    } catch (err) {
+      v = { ok: false, state: 'error', detail: `probe threw: ${err && err.message || err}`, hint: '' };
+    }
+    agents.push({
+      name: a.displayName || a.name,
+      state: v.state,
+      ok: v.ok === true,
+      detail: v.detail || '',
+      hint: v.hint || '',
+    });
+  }
+  const passed = agents.filter((x) => x.ok).length;
+  return { skipped: false, agents, passed, total: agents.length, hasGaps: passed < agents.length };
+}
+
+function renderAgentAuthResult(result, c) {
+  const out = [];
+  out.push('');
+  out.push(c.bold('Agent CLI auth'));
+  out.push('');
+  if (result.skipped) {
+    out.push(`  ${c.dim(`(skipped) ${result.reason}`)}`);
+    return out.join('\n');
+  }
+  if (!result.agents || result.agents.length === 0) {
+    out.push(`  ${c.dim('(no agent adapters expose an auth probe)')}`);
+    return out.join('\n');
+  }
+  for (const a of result.agents) {
+    if (a.ok) {
+      out.push(`  ${c.green('✓')} ${a.name}: ${a.state}`);
+    } else {
+      out.push(`  ${c.yellow('✗')} ${a.name}: ${a.state}`);
+      if (a.detail) out.push(`      ${c.dim(a.detail)}`);
+      if (a.hint) out.push(`      ${c.dim(a.hint)}`);
+    }
+  }
+  out.push('');
+  out.push(`  ${result.passed}/${result.total} agent auth checks passed`);
+  return out.join('\n');
+}
+
 async function doctor(argv) {
   const opts = parseArgv(argv);
 
@@ -586,6 +664,22 @@ async function doctor(argv) {
     }
   }
 
+  // Sprint 70 T2: agent-CLI auth probe (skippable for tests / hosts without
+  // agent CLIs). Static-only by default — no spawn / network.
+  let agents = null;
+  if (!opts.noAgents) {
+    try {
+      agents = await module.exports._runAgentAuthCheck();
+    } catch (err) {
+      agents = {
+        skipped: false,
+        agents: [{ name: 'agent auth', state: 'error', ok: false,
+          detail: `unexpected error: ${err && err.message || err}`, hint: '' }],
+        passed: 0, total: 1, hasGaps: true,
+      };
+    }
+  }
+
   // Exit-code priority: any network failure → 2; any update available OR
   // schema gap → 1; else 0. Computed after all rows resolve so a single
   // transient failure doesn't mask real updates in stdout. A schema connect
@@ -600,10 +694,12 @@ async function doctor(argv) {
   }
   if (schema && schema.connectError && exitCode < 2) exitCode = 2;
   if (schema && !schema.skipped && schema.hasGaps && exitCode < 1) exitCode = 1;
+  if (agents && !agents.skipped && agents.hasGaps && exitCode < 1) exitCode = 1;
 
   if (opts.json) {
     const payload = { exitCode, rows };
     if (schema) payload.schema = schema;
+    if (agents) payload.agents = agents;
     process.stdout.write(JSON.stringify(payload, null, 2) + '\n');
     return exitCode;
   }
@@ -615,6 +711,9 @@ async function doctor(argv) {
   if (schema) {
     process.stdout.write(renderSchemaResult(schema, c) + '\n');
   }
+  if (agents) {
+    process.stdout.write(renderAgentAuthResult(agents, c) + '\n');
+  }
   return exitCode;
 }
 
@@ -625,5 +724,6 @@ module.exports._compareSemver = _compareSemver;
 module.exports._detectMnestraVersion = _detectMnestraVersion;
 module.exports._selectHybridSearchRpcNames = _selectHybridSearchRpcNames;
 module.exports._runSchemaCheck = _runSchemaCheck;
+module.exports._runAgentAuthCheck = _runAgentAuthCheck;
 module.exports.STACK_PACKAGES = STACK_PACKAGES;
 module.exports.STATUS = STATUS;

package/packages/cli/src/init-mnestra.js

@@ -597,7 +597,39 @@ function refreshBundledHookIfNewer(opts = {}) {
   }
   const installed = readVersion(HOOK_DEST);
   if (installed !== null && installed >= bundled) {
-    return { status: 'up-to-date', installed, bundled };
+    // Sprint 67 T1 — content-drift gate. Stamp-equal does NOT prove content-
+    // equal. Sprints 62/63/64 each grew the v2-stamped session-end body
+    // without bumping to v3; the daily-driver sat on the Sprint-51.7-era v2
+    // body for ~2 weeks (May 4 → May 19, 2026) because this early-return
+    // fired before any bytes were compared. Compare bytes; if they differ
+    // AND the installed file is TermDeck-managed (same trust signal that
+    // gates the unsigned-installed safety branch below), refresh with a
+    // backup. Hand-edited user files (no TermDeck markers) are still
+    // preserved — drift in that case is the user's intent.
+    let identical = false;
+    try {
+      identical = fs.readFileSync(HOOK_SOURCE).equals(fs.readFileSync(HOOK_DEST));
+    } catch (_) {
+      // Best-effort: a transient read error shouldn't trigger an overwrite.
+      // Treat as identical so we exit through the safe up-to-date path.
+      identical = true;
+    }
+    if (identical) return { status: 'up-to-date', installed, bundled };
+    if (!looksTermdeckManaged(HOOK_DEST)) {
+      return {
+        status: 'custom-hook-preserved-content-drift',
+        message: 'installed hook is stamp-equal to bundled but bytes differ and the file lacks TermDeck-managed markers; keeping as-is.',
+        installed,
+        bundled,
+      };
+    }
+    if (dryRun) return { status: 'would-refresh-content-drift', from: installed, to: bundled };
+    const dStamp = new Date().toISOString().replace(/[-:T.Z]/g, '').slice(0, 14);
+    const dBackup = `${HOOK_DEST}.bak.${dStamp}`;
+    try { fs.copyFileSync(HOOK_DEST, dBackup); } catch (_) { /* best-effort */ }
+    fs.copyFileSync(HOOK_SOURCE, HOOK_DEST);
+    fs.chmodSync(HOOK_DEST, 0o644);
+    return { status: 'refreshed-content-drift', from: installed, to: bundled, backup: dBackup };
   }
   // Sprint 51.6 T4-CODEX audit 20:23 ET safety gate: an unsigned installed
   // hook gets refreshed ONLY if it looks TermDeck-managed (carries one of
@@ -625,11 +657,11 @@ function refreshBundledHookIfNewer(opts = {}) {
 // DB-side failures (Class A schema drift, network blips, partial state)
 // cannot strand the hook upgrade. Joshua's 2026-05-03 Phase B run threw at
 // `applyMigrations()` on `001_mnestra_tables.sql` (the `match_memories`
-// CREATE OR REPLACE return-type drift on petvetbid — existing function had
+// CREATE OR REPLACE return-type drift on the daily-driver project — existing function had
 // columns in a different order, Postgres rejected with "cannot change return
 // type of existing function"). Outer catch at the old call site fired and
 // returned exit 5; the refresh at the old wire-up never ran. Brad's
-// jizzard-brain reproduced the same symptom under v1.0.2.
+// peer install reproduced the same symptom under v1.0.2.
 //
 // Hook refresh is a LOCAL filesystem operation. It has no dependency on DB
 // success, so it should run as part of the initial local-setup phase next
@@ -660,7 +692,7 @@ function refreshBundledHookIfNewer(opts = {}) {
 // v1.0.0/v1.0.1) gets the v2 hook FILE post-1.0.3, but the file is still
 // wired under `Stop`. The v2 hook does not gate on event type, so it
 // fires every assistant turn and writes N `session_summary` rows in
-// `memory_items` per session (Brad's 2026-05-04 jizzard-brain repro).
+// `memory_items` per session (Brad's 2026-05-04 peer install repro).
 //
 // `_mergeSessionEndHookEntry` is a 1:1 hoist of the same-named function
 // in `packages/stack-installer/src/index.js:451`. We can't `require()`
@@ -965,6 +997,12 @@ function runHookRefresh({ dryRun = false } = {}) {
       ok(`installed v${r.bundled} (no prior copy)`);
     } else if (r.status === 'would-install') {
       ok(`would-install v${r.bundled} (dry-run, no prior copy)`);
+    } else if (r.status === 'refreshed-content-drift') {
+      ok(`refreshed v${r.from} → v${r.to} (content-drift; backup: ${path.basename(r.backup)})`);
+    } else if (r.status === 'would-refresh-content-drift') {
+      ok(`would-refresh v${r.from} → v${r.to} (content-drift; dry-run)`);
+    } else if (r.status === 'custom-hook-preserved-content-drift') {
+      ok(`custom-hook-preserved (bytes differ from bundled but no TermDeck markers; keeping as-is)`);
     } else if (r.status === 'up-to-date') {
       ok(`up-to-date (v${r.installed})`);
     } else {
@@ -998,6 +1036,12 @@ function runHookRefresh({ dryRun = false } = {}) {
       ok(`installed v${r.bundled} (no prior copy)`);
     } else if (r.status === 'would-install') {
       ok(`would-install v${r.bundled} (dry-run, no prior copy)`);
+    } else if (r.status === 'refreshed-content-drift') {
+      ok(`refreshed v${r.from} → v${r.to} (content-drift; backup: ${path.basename(r.backup)})`);
+    } else if (r.status === 'would-refresh-content-drift') {
+      ok(`would-refresh v${r.from} → v${r.to} (content-drift; dry-run)`);
+    } else if (r.status === 'custom-hook-preserved-content-drift') {
+      ok(`custom-hook-preserved (bytes differ from bundled but no TermDeck markers; keeping as-is)`);
     } else if (r.status === 'up-to-date') {
       ok(`up-to-date (v${r.installed})`);
     } else {
@@ -1083,7 +1127,7 @@ async function main(argv) {
   // DB phase. Hook refresh is local FS work; coupling it downstream of pg
   // connect + 17-migration replay (the old wire-up at line 677 in v1.0.2)
   // meant ANY DB-side error (Joshua's mig-001 `match_memories` return-type
-  // drift, Brad's same on jizzard-brain) silently skipped the upgrade. With
+  // drift, Brad's same on peer install) silently skipped the upgrade. With
   // refresh here, the user always lands the bundled hook even when the DB
   // phase later fails — decoupled concerns, idempotent re-runs, and the
   // helper handles its own try/catch internally so a refresh failure never
@@ -1098,7 +1142,7 @@ async function main(argv) {
   // and writes N session_summary rows in memory_items per session. This
   // migration is idempotent and runs alongside the file refresh so the
   // wire-up + wiring stay in lockstep on every wizard pass. Brad's
-  // 2026-05-04 jizzard-brain repro is the canonical fixture for this
+  // 2026-05-04 peer install repro is the canonical fixture for this
   // class of bug (INSTALLER-PITFALLS.md ledger #16).
   runSettingsJsonMigration({ dryRun: flags.dryRun });
 

package/packages/cli/src/init-rumen.js

@@ -331,7 +331,7 @@ async function applyRumenTables(secrets, dryRun) {
 // up front. Idempotent: a re-run on an up-to-date project reports
 // "install up to date" and applies nothing.
 //
-// Brad's 2026-05-02 jizzard-brain report (INSTALLER-PITFALLS.md ledger #13)
+// Brad's 2026-05-02 peer install report (INSTALLER-PITFALLS.md ledger #13)
 // is the originating motivation: he upgraded npm packages but his database
 // stayed frozen at first-kickstart because no installer code path diffed an
 // existing install against the bundled migration set. After v1.0.1 ships,
@@ -391,7 +391,7 @@ const FUNCTIONS_WITH_VERSION_PLACEHOLDER = new Set(['rumen-tick']);
 
 // Sprint 51.6 T3 — `projectRef` is required and passed explicitly to every
 // `supabase functions deploy` invocation as `--project-ref <ref>`. Brad's
-// 2026-05-03 jizzard-brain install hit Bug C: `supabase link --project-ref`
+// 2026-05-03 peer install install hit Bug C: `supabase link --project-ref`
 // runs successfully (audit-upgrade probes confirm the link is live), but a
 // few subprocess calls later `supabase functions deploy` errors with
 // `Cannot find project ref. Have you run supabase link?` because the link
@@ -577,7 +577,7 @@ function vaultSqlEditorUrl(projectRef, secretName, secretValue) {
 //   - graph_inference_service_role_key  (used by 003_graph_inference_schedule.sql)
 //
 // Both keys hold the same value (`secrets.SUPABASE_SERVICE_ROLE_KEY`). Brad's
-// 2026-05-02 recovery on jizzard-brain literally cloned rumen → graph_inference
+// 2026-05-02 recovery on peer install literally cloned rumen → graph_inference
 // in vault.
 //
 // Strategy: