@linzumi/cli 0.0.20-beta → 0.0.22-beta

package/src/authCache.ts

@@ -1,157 +0,0 @@
-/*
-- Date: 2026-04-24
-  Spec: plans/2026-04-24-local-codex-channel-thread-binding-spec.md
-  Relationship: Stores scoped local-runner OAuth tokens so users can log in
-  once and then start local Codex runners without pasting tokens repeatedly.
-*/
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
-import { homedir } from "node:os";
-import { dirname, join } from "node:path";
-import { kandanHttpBaseUrl } from "./oauth";
-
-export type CachedLocalRunnerToken = {
-  readonly accessToken: string;
-  readonly kandanBaseUrl: string;
-  readonly issuedAt: string;
-  readonly expiresAt?: string | undefined;
-};
-
-type AuthFile = {
-  readonly version: 1;
-  readonly local_codex_runner?: Record<string, CachedTokenJson> | undefined;
-};
-
-type CachedTokenJson = {
-  readonly access_token: string;
-  readonly issued_at: string;
-  readonly expires_at?: string | undefined;
-};
-
-export function defaultAuthFilePath(): string {
-  const base = process.env.KANDAN_HOME ?? join(homedir(), ".kandan");
-  return join(base, "auth.json");
-}
-
-export function readCachedLocalRunnerToken(
-  kandanUrl: string,
-  authFilePath: string = defaultAuthFilePath(),
-): CachedLocalRunnerToken | undefined {
-  if (!existsSync(authFilePath)) {
-    return undefined;
-  }
-
-  const authFile = parseAuthFile(readFileSync(authFilePath, "utf8"));
-  const kandanBaseUrl = kandanHttpBaseUrl(kandanUrl);
-  const entry = authFile.local_codex_runner?.[kandanBaseUrl];
-
-  if (entry === undefined || entry.access_token.trim() === "") {
-    return undefined;
-  }
-
-  if (entry.expires_at !== undefined && Date.parse(entry.expires_at) <= Date.now()) {
-    return undefined;
-  }
-
-  return {
-    accessToken: entry.access_token,
-    kandanBaseUrl,
-    issuedAt: entry.issued_at,
-    expiresAt: entry.expires_at,
-  };
-}
-
-export function writeCachedLocalRunnerToken(args: {
-  readonly kandanUrl: string;
-  readonly accessToken: string;
-  readonly expiresInSeconds?: number | undefined;
-  readonly authFilePath?: string | undefined;
-}): CachedLocalRunnerToken {
-  const authFilePath = args.authFilePath ?? defaultAuthFilePath();
-  const existing = existsSync(authFilePath)
-    ? parseAuthFile(readFileSync(authFilePath, "utf8"))
-    : { version: 1 as const };
-  const kandanBaseUrl = kandanHttpBaseUrl(args.kandanUrl);
-  const issuedAt = new Date();
-  const expiresAt =
-    args.expiresInSeconds === undefined
-      ? undefined
-      : new Date(issuedAt.getTime() + args.expiresInSeconds * 1000).toISOString();
-  const next: AuthFile = {
-    ...existing,
-    version: 1,
-    local_codex_runner: {
-      ...(existing.local_codex_runner ?? {}),
-      [kandanBaseUrl]: {
-        access_token: args.accessToken,
-        issued_at: issuedAt.toISOString(),
-        expires_at: expiresAt,
-      },
-    },
-  };
-
-  mkdirSync(dirname(authFilePath), { recursive: true });
-  writeFileSync(authFilePath, `${JSON.stringify(next, null, 2)}\n`, "utf8");
-
-  return {
-    accessToken: args.accessToken,
-    kandanBaseUrl,
-    issuedAt: issuedAt.toISOString(),
-    expiresAt,
-  };
-}
-
-function parseAuthFile(text: string): AuthFile {
-  const parsed: unknown = JSON.parse(text);
-
-  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
-    throw new Error("Kandan auth cache must contain a JSON object");
-  }
-
-  const value = parsed as Record<string, unknown>;
-  const localRunner = value.local_codex_runner;
-
-  if (
-    localRunner !== undefined &&
-    (typeof localRunner !== "object" || localRunner === null || Array.isArray(localRunner))
-  ) {
-    throw new Error("Kandan auth cache local_codex_runner must be an object");
-  }
-
-  return {
-    version: 1,
-    local_codex_runner: normalizeLocalRunnerCache(localRunner),
-  };
-}
-
-function normalizeLocalRunnerCache(value: unknown): Record<string, CachedTokenJson> | undefined {
-  if (typeof value !== "object" || value === null || Array.isArray(value)) {
-    return undefined;
-  }
-
-  return Object.fromEntries(
-    Object.entries(value).flatMap(([key, entry]) => {
-      if (typeof entry !== "object" || entry === null || Array.isArray(entry)) {
-        return [];
-      }
-
-      const token = (entry as Record<string, unknown>).access_token;
-      const issuedAt = (entry as Record<string, unknown>).issued_at;
-      const expiresAt = (entry as Record<string, unknown>).expires_at;
-
-      if (typeof token !== "string" || typeof issuedAt !== "string") {
-        return [];
-      }
-
-      return [
-        [
-          key,
-          {
-            access_token: token,
-            issued_at: issuedAt,
-            expires_at: typeof expiresAt === "string" ? expiresAt : undefined,
-          },
-        ],
-      ];
-    }),
-  );
-}

package/src/authResolution.ts

@@ -1,77 +0,0 @@
-/*
-- Date: 2026-04-24
-  Spec: plans/2026-04-24-local-codex-channel-thread-binding-spec.md
-  Relationship: Implements the one-command runner auth behavior: use an
-  explicit token when supplied, validate cached scoped runner auth, and fall
-  back to the OAuth flow when cached auth is missing or rejected.
-*/
-import { readCachedLocalRunnerToken, writeCachedLocalRunnerToken } from "./authCache";
-import { acquireLocalRunnerTokenDetails, validateLocalRunnerToken } from "./oauth";
-
-export type LocalRunnerTokenResolutionArgs = {
-  readonly kandanUrl: string;
-  readonly explicitToken?: string | undefined;
-  readonly workspaceSlug?: string | undefined;
-  readonly channelSlug?: string | undefined;
-  readonly onboarding?: "start" | undefined;
-  readonly authFilePath?: string | undefined;
-  readonly callbackHost?: string | undefined;
-  readonly reportRejectedCachedToken?: (() => void) | undefined;
-};
-
-type LocalRunnerTokenResolutionDeps = {
-  readonly readCachedToken: typeof readCachedLocalRunnerToken;
-  readonly validateToken: typeof validateLocalRunnerToken;
-  readonly acquireAndCacheToken: (args: LocalRunnerTokenResolutionArgs) => Promise<string>;
-};
-
-export async function resolveLocalRunnerToken(
-  args: LocalRunnerTokenResolutionArgs,
-  deps: LocalRunnerTokenResolutionDeps = {
-    readCachedToken: readCachedLocalRunnerToken,
-    validateToken: validateLocalRunnerToken,
-    acquireAndCacheToken,
-  },
-): Promise<string> {
-  if (args.explicitToken !== undefined) {
-    return args.explicitToken;
-  }
-
-  const cached = deps.readCachedToken(args.kandanUrl, args.authFilePath);
-
-  if (cached !== undefined) {
-    const cachedTokenIsUsable = await deps.validateToken({
-      kandanUrl: args.kandanUrl,
-      accessToken: cached.accessToken,
-      workspaceSlug: args.workspaceSlug,
-      channelSlug: args.channelSlug,
-    });
-
-    if (cachedTokenIsUsable) {
-      return cached.accessToken;
-    }
-
-    args.reportRejectedCachedToken?.();
-  }
-
-  return await deps.acquireAndCacheToken(args);
-}
-
-async function acquireAndCacheToken(args: LocalRunnerTokenResolutionArgs): Promise<string> {
-  const token = await acquireLocalRunnerTokenDetails({
-    kandanUrl: args.kandanUrl,
-    workspaceSlug: args.workspaceSlug,
-    channelSlug: args.channelSlug,
-    onboarding: args.onboarding,
-    callbackHost: args.callbackHost,
-  });
-
-  writeCachedLocalRunnerToken({
-    kandanUrl: args.kandanUrl,
-    accessToken: token.accessToken,
-    expiresInSeconds: token.expiresInSeconds,
-    authFilePath: args.authFilePath,
-  });
-
-  return token.accessToken;
-}

package/src/boundedCache.ts

@@ -1,57 +0,0 @@
-/*
-- Date: 2026-04-26
-  Spec: kandan/server_v2/plans/2026-04-26-local-codex-driver-worldclass-spec.md
-  Relationship: Provides bounded in-memory registries for local Codex runner
-  state so long turns keep O(1) keyed lookup while retaining deterministic
-  eviction order for transcript reconciliation.
-*/
-
-export type BoundedCache<TValue> = {
-  readonly limit: number;
-  readonly values: Map<string, TValue>;
-};
-
-export function createBoundedCache<TValue>(limit: number): BoundedCache<TValue> {
-  if (!Number.isInteger(limit) || limit <= 0) {
-    throw new Error(`invalid bounded cache limit: ${limit}`);
-  }
-
-  return {
-    limit,
-    values: new Map(),
-  };
-}
-
-export function getBoundedCacheValue<TValue>(
-  cache: BoundedCache<TValue>,
-  key: string,
-): TValue | undefined {
-  return cache.values.get(key);
-}
-
-export function rememberBoundedCacheValue<TValue>(
-  cache: BoundedCache<TValue>,
-  key: string,
-  value: TValue,
-): void {
-  cache.values.set(key, value);
-
-  while (cache.values.size > cache.limit) {
-    const evicted = cache.values.keys().next().value;
-
-    if (evicted !== undefined) {
-      cache.values.delete(evicted);
-    }
-  }
-}
-
-export function forgetBoundedCacheValue<TValue>(
-  cache: BoundedCache<TValue>,
-  key: string,
-): void {
-  cache.values.delete(key);
-}
-
-export function boundedCacheValues<TValue>(cache: BoundedCache<TValue>): TValue[] {
-  return [...cache.values.values()];
-}