npm - @openparachute/agent - Versions diffs - 0.1.0 - Mend

@openparachute/agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (501) hide show

package/.claude/scheduled_tasks.lock +1 -0
package/.claude/settings.json +5 -0
package/.claude/skills/add-atomic-chat-tool/SKILL.md +243 -0
package/.claude/skills/add-atomic-chat-tool/atomic-chat-mcp-stdio.ts +229 -0
package/.claude/skills/add-codex/SKILL.md +161 -0
package/.claude/skills/add-dashboard/SKILL.md +138 -0
package/.claude/skills/add-dashboard/resources/dashboard-pusher.ts +495 -0
package/.claude/skills/add-emacs/SKILL.md +296 -0
package/.claude/skills/add-gcal-tool/SKILL.md +210 -0
package/.claude/skills/add-gchat/REMOVE.md +6 -0
package/.claude/skills/add-gchat/SKILL.md +92 -0
package/.claude/skills/add-gchat/VERIFY.md +3 -0
package/.claude/skills/add-github/REMOVE.md +6 -0
package/.claude/skills/add-github/SKILL.md +148 -0
package/.claude/skills/add-github/VERIFY.md +3 -0
package/.claude/skills/add-gmail-tool/SKILL.md +229 -0
package/.claude/skills/add-imessage/REMOVE.md +6 -0
package/.claude/skills/add-imessage/SKILL.md +113 -0
package/.claude/skills/add-imessage/VERIFY.md +3 -0
package/.claude/skills/add-karpathy-llm-wiki/SKILL.md +110 -0
package/.claude/skills/add-karpathy-llm-wiki/llm-wiki.md +75 -0
package/.claude/skills/add-linear/REMOVE.md +6 -0
package/.claude/skills/add-linear/SKILL.md +168 -0
package/.claude/skills/add-linear/VERIFY.md +3 -0
package/.claude/skills/add-macos-statusbar/SKILL.md +133 -0
package/.claude/skills/add-macos-statusbar/add/src/statusbar.swift +147 -0
package/.claude/skills/add-matrix/REMOVE.md +6 -0
package/.claude/skills/add-matrix/SKILL.md +148 -0
package/.claude/skills/add-matrix/VERIFY.md +3 -0
package/.claude/skills/add-ollama-provider/SKILL.md +179 -0
package/.claude/skills/add-ollama-tool/SKILL.md +193 -0
package/.claude/skills/add-opencode/SKILL.md +229 -0
package/.claude/skills/add-parallel/SKILL.md +290 -0
package/.claude/skills/add-resend/REMOVE.md +6 -0
package/.claude/skills/add-resend/SKILL.md +93 -0
package/.claude/skills/add-resend/VERIFY.md +3 -0
package/.claude/skills/add-signal/REMOVE.md +13 -0
package/.claude/skills/add-signal/SKILL.md +318 -0
package/.claude/skills/add-signal/VERIFY.md +5 -0
package/.claude/skills/add-slack/REMOVE.md +6 -0
package/.claude/skills/add-slack/SKILL.md +112 -0
package/.claude/skills/add-slack/VERIFY.md +3 -0
package/.claude/skills/add-teams/REMOVE.md +6 -0
package/.claude/skills/add-teams/SKILL.md +207 -0
package/.claude/skills/add-teams/VERIFY.md +3 -0
package/.claude/skills/add-vercel/SKILL.md +147 -0
package/.claude/skills/add-vercel/container-skills/vercel-cli/SKILL.md +103 -0
package/.claude/skills/add-webex/REMOVE.md +6 -0
package/.claude/skills/add-webex/SKILL.md +88 -0
package/.claude/skills/add-webex/VERIFY.md +3 -0
package/.claude/skills/add-wechat/REMOVE.md +49 -0
package/.claude/skills/add-wechat/SKILL.md +170 -0
package/.claude/skills/add-wechat/scripts/wire-dm.ts +172 -0
package/.claude/skills/add-whatsapp/SKILL.md +264 -0
package/.claude/skills/add-whatsapp-cloud/REMOVE.md +6 -0
package/.claude/skills/add-whatsapp-cloud/SKILL.md +95 -0
package/.claude/skills/add-whatsapp-cloud/VERIFY.md +3 -0
package/.claude/skills/claw/SKILL.md +131 -0
package/.claude/skills/claw/scripts/claw +374 -0
package/.claude/skills/convert-to-apple-container/SKILL.md +212 -0
package/.claude/skills/customize/SKILL.md +110 -0
package/.claude/skills/debug/SKILL.md +349 -0
package/.claude/skills/get-qodo-rules/SKILL.md +122 -0
package/.claude/skills/get-qodo-rules/references/output-format.md +41 -0
package/.claude/skills/get-qodo-rules/references/pagination.md +33 -0
package/.claude/skills/get-qodo-rules/references/repository-scope.md +26 -0
package/.claude/skills/init-first-agent/SKILL.md +120 -0
package/.claude/skills/init-onecli/SKILL.md +270 -0
package/.claude/skills/manage-channels/SKILL.md +87 -0
package/.claude/skills/manage-mounts/SKILL.md +47 -0
package/.claude/skills/migrate-from-openclaw/MIGRATE_CRONS.md +100 -0
package/.claude/skills/migrate-from-openclaw/SKILL.md +447 -0
package/.claude/skills/migrate-from-openclaw/scripts/discover-openclaw.ts +734 -0
package/.claude/skills/migrate-from-openclaw/scripts/extract-channel-credentials.ts +476 -0
package/.claude/skills/migrate-nanoclaw/SKILL.md +484 -0
package/.claude/skills/migrate-nanoclaw/diagnostics.md +51 -0
package/.claude/skills/qodo-pr-resolver/SKILL.md +326 -0
package/.claude/skills/qodo-pr-resolver/resources/providers.md +329 -0
package/.claude/skills/update-nanoclaw/SKILL.md +243 -0
package/.claude/skills/update-nanoclaw/diagnostics.md +48 -0
package/.claude/skills/update-skills/SKILL.md +130 -0
package/.claude/skills/use-native-credential-proxy/SKILL.md +167 -0
package/.claude/skills/x-integration/SKILL.md +417 -0
package/.claude/skills/x-integration/agent.ts +243 -0
package/.claude/skills/x-integration/host.ts +155 -0
package/.claude/skills/x-integration/lib/browser.ts +148 -0
package/.claude/skills/x-integration/lib/config.ts +62 -0
package/.claude/skills/x-integration/scripts/like.ts +56 -0
package/.claude/skills/x-integration/scripts/post.ts +66 -0
package/.claude/skills/x-integration/scripts/quote.ts +80 -0
package/.claude/skills/x-integration/scripts/reply.ts +74 -0
package/.claude/skills/x-integration/scripts/retweet.ts +62 -0
package/.claude/skills/x-integration/scripts/setup.ts +87 -0
package/.github/CODEOWNERS +10 -0
package/.github/PULL_REQUEST_TEMPLATE.md +18 -0
package/.github/workflows/bump-version.yml +35 -0
package/.github/workflows/ci.yml +39 -0
package/.github/workflows/label-pr.yml +40 -0
package/.github/workflows/update-tokens.yml +43 -0
package/.husky/pre-commit +1 -0
package/.mcp.json +3 -0
package/.nvmrc +1 -0
package/.parachute/module.json +14 -0
package/.prettierrc +4 -0
package/CHANGELOG.md +215 -0
package/CLAUDE.md +307 -0
package/CODE_OF_CONDUCT.md +128 -0
package/CONTRIBUTING.md +159 -0
package/CONTRIBUTORS.md +26 -0
package/LICENSE +21 -0
package/README.md +190 -0
package/README_ja.md +194 -0
package/README_zh.md +194 -0
package/assets/nanoclaw-favicon.png +0 -0
package/assets/nanoclaw-icon.png +0 -0
package/assets/nanoclaw-logo-dark.png +0 -0
package/assets/nanoclaw-logo.png +0 -0
package/assets/nanoclaw-profile.jpeg +0 -0
package/assets/nanoclaw-sales.png +0 -0
package/assets/social-preview.jpg +0 -0
package/config-examples/mount-allowlist.json +25 -0
package/container/.dockerignore +2 -0
package/container/CLAUDE.md +21 -0
package/container/Dockerfile +121 -0
package/container/agent-runner/bun.lock +243 -0
package/container/agent-runner/package.json +22 -0
package/container/agent-runner/scripts/sdk-signal-probe.ts +169 -0
package/container/agent-runner/src/config.ts +55 -0
package/container/agent-runner/src/db/connection.ts +267 -0
package/container/agent-runner/src/db/index.ts +20 -0
package/container/agent-runner/src/db/messages-in.ts +138 -0
package/container/agent-runner/src/db/messages-out.ts +143 -0
package/container/agent-runner/src/db/session-routing.ts +30 -0
package/container/agent-runner/src/db/session-state.test.ts +100 -0
package/container/agent-runner/src/db/session-state.ts +79 -0
package/container/agent-runner/src/destinations.ts +135 -0
package/container/agent-runner/src/formatter.test.ts +167 -0
package/container/agent-runner/src/formatter.ts +260 -0
package/container/agent-runner/src/index.ts +110 -0
package/container/agent-runner/src/integration.test.ts +121 -0
package/container/agent-runner/src/mcp-tools/agents.instructions.md +26 -0
package/container/agent-runner/src/mcp-tools/agents.ts +66 -0
package/container/agent-runner/src/mcp-tools/core.instructions.md +27 -0
package/container/agent-runner/src/mcp-tools/core.ts +262 -0
package/container/agent-runner/src/mcp-tools/index.ts +22 -0
package/container/agent-runner/src/mcp-tools/interactive.instructions.md +22 -0
package/container/agent-runner/src/mcp-tools/interactive.ts +169 -0
package/container/agent-runner/src/mcp-tools/scheduling.instructions.md +40 -0
package/container/agent-runner/src/mcp-tools/scheduling.ts +299 -0
package/container/agent-runner/src/mcp-tools/self-mod.instructions.md +25 -0
package/container/agent-runner/src/mcp-tools/self-mod.ts +120 -0
package/container/agent-runner/src/mcp-tools/server.ts +54 -0
package/container/agent-runner/src/mcp-tools/types.ts +6 -0
package/container/agent-runner/src/poll-loop.test.ts +248 -0
package/container/agent-runner/src/poll-loop.ts +437 -0
package/container/agent-runner/src/providers/claude.ts +379 -0
package/container/agent-runner/src/providers/factory.test.ts +19 -0
package/container/agent-runner/src/providers/factory.ts +13 -0
package/container/agent-runner/src/providers/index.ts +6 -0
package/container/agent-runner/src/providers/mock.ts +77 -0
package/container/agent-runner/src/providers/provider-registry.ts +33 -0
package/container/agent-runner/src/providers/types.ts +82 -0
package/container/agent-runner/src/scheduling/task-script.ts +121 -0
package/container/agent-runner/src/timezone.test.ts +93 -0
package/container/agent-runner/src/timezone.ts +107 -0
package/container/agent-runner/tsconfig.json +14 -0
package/container/build.sh +48 -0
package/container/entrypoint.sh +16 -0
package/container/skills/agent-browser/SKILL.md +159 -0
package/container/skills/frontend-engineer/SKILL.md +157 -0
package/container/skills/self-customize/SKILL.md +87 -0
package/container/skills/slack-formatting/SKILL.md +94 -0
package/container/skills/vercel-cli/SKILL.md +111 -0
package/container/skills/welcome/SKILL.md +85 -0
package/docs/APPLE-CONTAINER-NETWORKING.md +90 -0
package/docs/BRANCH-FORK-MAINTENANCE.md +81 -0
package/docs/README.md +25 -0
package/docs/SDK_DEEP_DIVE.md +643 -0
package/docs/SECURITY.md +162 -0
package/docs/agent-runner-details.md +749 -0
package/docs/api-details.md +365 -0
package/docs/architecture-diagram.html +422 -0
package/docs/architecture-diagram.md +215 -0
package/docs/architecture.md +751 -0
package/docs/audit/2026-04-30-channel-endpoint-audit.md +36 -0
package/docs/build-and-runtime.md +80 -0
package/docs/cross-mount-stress/README.md +112 -0
package/docs/cross-mount-stress/container-writer-retry.mjs +55 -0
package/docs/cross-mount-stress/container-writer-slow.mjs +42 -0
package/docs/cross-mount-stress/container-writer.mjs +47 -0
package/docs/cross-mount-stress/host-writer-retry.mjs +55 -0
package/docs/cross-mount-stress/host-writer-slow.mjs +43 -0
package/docs/cross-mount-stress/host-writer.mjs +47 -0
package/docs/db-central.md +316 -0
package/docs/db-session.md +183 -0
package/docs/db.md +119 -0
package/docs/design/2026-04-29-vault-management-ui.md +231 -0
package/docs/design/2026-04-30-channel-wiring-rework.md +234 -0
package/docs/design/2026-05-01-channel-wiring-approvals-deep-dive.md +272 -0
package/docs/design/2026-05-02-channel-policy-and-approval-routing.md +250 -0
package/docs/docker-sandboxes.md +359 -0
package/docs/isolation-model.md +88 -0
package/docs/ollama.md +79 -0
package/docs/parachute-integration.md +109 -0
package/docs/post-night-rebirth-reflections.md +151 -0
package/eslint.config.js +32 -0
package/package.json +54 -0
package/pnpm-workspace.yaml +8 -0
package/repo-tokens/README.md +113 -0
package/repo-tokens/action.yml +186 -0
package/repo-tokens/badge.svg +23 -0
package/repo-tokens/examples/green.svg +14 -0
package/repo-tokens/examples/red.svg +14 -0
package/repo-tokens/examples/yellow-green.svg +14 -0
package/repo-tokens/examples/yellow.svg +14 -0
package/scripts/chat.ts +101 -0
package/scripts/cleanup-sessions.sh +150 -0
package/scripts/init-cli-agent.ts +171 -0
package/scripts/init-first-agent.ts +377 -0
package/scripts/parachute.ts +158 -0
package/scripts/run-migrations.ts +105 -0
package/scripts/sanity-live-poll.ts +95 -0
package/scripts/seed-discord.ts +79 -0
package/scripts/test-v2-agent.ts +106 -0
package/scripts/test-v2-channel-e2e.ts +265 -0
package/scripts/test-v2-host.ts +184 -0
package/src/channels/adapter.ts +214 -0
package/src/channels/ask-question.ts +46 -0
package/src/channels/channel-registry.test.ts +421 -0
package/src/channels/channel-registry.ts +313 -0
package/src/channels/chat-sdk-bridge.test.ts +84 -0
package/src/channels/chat-sdk-bridge.ts +652 -0
package/src/channels/cli.ts +276 -0
package/src/channels/discord.ts +90 -0
package/src/channels/index.ts +17 -0
package/src/channels/telegram-markdown-sanitize.test.ts +78 -0
package/src/channels/telegram-markdown-sanitize.ts +55 -0
package/src/channels/telegram-pairing.test.ts +254 -0
package/src/channels/telegram-pairing.ts +339 -0
package/src/channels/telegram.ts +279 -0
package/src/channels/trust-hint.test.ts +48 -0
package/src/channels/trust-hint.ts +75 -0
package/src/claude-md-compose.migrate.test.ts +64 -0
package/src/claude-md-compose.ts +205 -0
package/src/command-gate.ts +63 -0
package/src/config.test.ts +93 -0
package/src/config.ts +108 -0
package/src/container-config.ts +167 -0
package/src/container-runner.test.ts +32 -0
package/src/container-runner.ts +576 -0
package/src/container-runtime.test.ts +169 -0
package/src/container-runtime.ts +92 -0
package/src/db/_bun-sqlite-shim.ts +88 -0
package/src/db/agent-activity.test.ts +155 -0
package/src/db/agent-activity.ts +121 -0
package/src/db/agent-groups.ts +77 -0
package/src/db/connection.migrate.test.ts +143 -0
package/src/db/connection.ts +224 -0
package/src/db/db-v2.test.ts +440 -0
package/src/db/dropped-messages.ts +44 -0
package/src/db/index.ts +40 -0
package/src/db/messaging-groups.ts +252 -0
package/src/db/migrations/001-initial.ts +112 -0
package/src/db/migrations/002-chat-sdk-state.ts +36 -0
package/src/db/migrations/008-dropped-messages.ts +27 -0
package/src/db/migrations/009-drop-pending-credentials.ts +13 -0
package/src/db/migrations/010-engage-modes.ts +103 -0
package/src/db/migrations/011-pending-sender-approvals.ts +40 -0
package/src/db/migrations/012-channel-registration.ts +48 -0
package/src/db/migrations/013-approval-render-metadata.ts +27 -0
package/src/db/migrations/014-secrets.ts +44 -0
package/src/db/migrations/015-secrets-drop-host-pattern.ts +18 -0
package/src/db/migrations/016-secret-assignments.ts +30 -0
package/src/db/migrations/017-agent-activity.ts +40 -0
package/src/db/migrations/018-oauth-app-configs.ts +34 -0
package/src/db/migrations/019-oauth-app-connections.ts +48 -0
package/src/db/migrations/020-agent-app-connections.ts +28 -0
package/src/db/migrations/021-pending-oauth-states.ts +35 -0
package/src/db/migrations/022-app-connections-provider.ts +25 -0
package/src/db/migrations/023-agent-group-secret-mode.test.ts +124 -0
package/src/db/migrations/023-agent-group-secret-mode.ts +65 -0
package/src/db/migrations/024-collapse-approvals.test.ts +249 -0
package/src/db/migrations/024-collapse-approvals.ts +182 -0
package/src/db/migrations/025-secret-mode-check.test.ts +155 -0
package/src/db/migrations/025-secret-mode-check.ts +49 -0
package/src/db/migrations/026-user-dms-bot-id.test.ts +116 -0
package/src/db/migrations/026-user-dms-bot-id.ts +54 -0
package/src/db/migrations/027-provider-credentials.ts +41 -0
package/src/db/migrations/_test-helpers.ts +41 -0
package/src/db/migrations/index.ts +127 -0
package/src/db/migrations/module-agent-to-agent-destinations.ts +84 -0
package/src/db/migrations/module-approvals-pending-approvals.ts +42 -0
package/src/db/migrations/module-approvals-title-options.ts +40 -0
package/src/db/schema.ts +258 -0
package/src/db/session-db.test.ts +93 -0
package/src/db/session-db.ts +325 -0
package/src/db/sessions.ts +241 -0
package/src/delivery.test.ts +148 -0
package/src/delivery.ts +445 -0
package/src/env.ts +74 -0
package/src/group-folder.test.ts +35 -0
package/src/group-folder.ts +44 -0
package/src/group-init.ts +92 -0
package/src/host-core.test.ts +456 -0
package/src/host-sweep.test.ts +146 -0
package/src/host-sweep.ts +287 -0
package/src/index.ts +227 -0
package/src/install-slug.ts +33 -0
package/src/log.test.ts +81 -0
package/src/log.ts +117 -0
package/src/mcp/http.ts +72 -0
package/src/mcp/server.ts +92 -0
package/src/mcp/stdio.ts +51 -0
package/src/mcp/tools/activity.ts +88 -0
package/src/mcp/tools/agent-groups.ts +183 -0
package/src/mcp/tools/approvals.ts +122 -0
package/src/mcp/tools/channels.ts +199 -0
package/src/mcp/tools/index.ts +27 -0
package/src/mcp/tools/oauth.ts +48 -0
package/src/mcp/tools/secrets.ts +169 -0
package/src/mcp/tools/sessions.ts +135 -0
package/src/mcp/types.ts +51 -0
package/src/modules/agent-to-agent/agent-route.test.ts +46 -0
package/src/modules/agent-to-agent/agent-route.ts +223 -0
package/src/modules/agent-to-agent/create-agent.ts +127 -0
package/src/modules/agent-to-agent/db/agent-destinations.ts +135 -0
package/src/modules/agent-to-agent/index.ts +22 -0
package/src/modules/agent-to-agent/write-destinations.ts +59 -0
package/src/modules/approvals/agent.md +45 -0
package/src/modules/approvals/index.ts +21 -0
package/src/modules/approvals/picks.test.ts +291 -0
package/src/modules/approvals/primitive.ts +279 -0
package/src/modules/approvals/project.md +27 -0
package/src/modules/approvals/response-handler.ts +87 -0
package/src/modules/index.ts +24 -0
package/src/modules/interactive/agent.md +21 -0
package/src/modules/interactive/index.ts +69 -0
package/src/modules/interactive/project.md +12 -0
package/src/modules/mount-security/index.ts +448 -0
package/src/modules/mount-security/migrate.test.ts +91 -0
package/src/modules/permissions/access.ts +28 -0
package/src/modules/permissions/channel-approval.test.ts +389 -0
package/src/modules/permissions/channel-approval.ts +188 -0
package/src/modules/permissions/db/agent-group-members.ts +44 -0
package/src/modules/permissions/db/pending-channel-approvals.test.ts +86 -0
package/src/modules/permissions/db/pending-channel-approvals.ts +66 -0
package/src/modules/permissions/db/pending-sender-approvals.ts +60 -0
package/src/modules/permissions/db/user-dms.ts +58 -0
package/src/modules/permissions/db/user-roles.ts +85 -0
package/src/modules/permissions/db/users.ts +38 -0
package/src/modules/permissions/index.ts +421 -0
package/src/modules/permissions/permissions.test.ts +358 -0
package/src/modules/permissions/sender-approval.test.ts +470 -0
package/src/modules/permissions/sender-approval.ts +165 -0
package/src/modules/permissions/user-dm.ts +200 -0
package/src/modules/provider-credentials/db.ts +121 -0
package/src/modules/provider-credentials/index.ts +12 -0
package/src/modules/provider-credentials/spawn.test.ts +206 -0
package/src/modules/provider-credentials/spawn.ts +114 -0
package/src/modules/scheduling/actions.ts +113 -0
package/src/modules/scheduling/db.test.ts +282 -0
package/src/modules/scheduling/db.ts +148 -0
package/src/modules/scheduling/index.ts +34 -0
package/src/modules/scheduling/recurrence.test.ts +98 -0
package/src/modules/scheduling/recurrence.ts +54 -0
package/src/modules/self-mod/agent.md +30 -0
package/src/modules/self-mod/apply.ts +85 -0
package/src/modules/self-mod/index.ts +30 -0
package/src/modules/self-mod/project.md +39 -0
package/src/modules/self-mod/request.ts +91 -0
package/src/modules/typing/index.ts +165 -0
package/src/oauth/agent-app-connections.ts +103 -0
package/src/oauth/app-configs.test.ts +64 -0
package/src/oauth/app-configs.ts +114 -0
package/src/oauth/app-connections.test.ts +109 -0
package/src/oauth/app-connections.ts +178 -0
package/src/oauth/crypto.ts +56 -0
package/src/oauth/flow.ts +104 -0
package/src/oauth/providers/google.test.ts +38 -0
package/src/oauth/providers/google.ts +46 -0
package/src/oauth/providers/index.ts +48 -0
package/src/oauth/state-store.test.ts +54 -0
package/src/oauth/state-store.ts +93 -0
package/src/parachute/README.md +27 -0
package/src/parachute/create-agent.test.ts +83 -0
package/src/parachute/create-agent.ts +122 -0
package/src/parachute/group-status.test.ts +165 -0
package/src/parachute/group-status.ts +136 -0
package/src/parachute/types.ts +41 -0
package/src/parachute/vault-mcp.test.ts +251 -0
package/src/parachute/vault-mcp.ts +232 -0
package/src/platform-id.test.ts +104 -0
package/src/platform-id.ts +109 -0
package/src/providers/index.ts +6 -0
package/src/providers/provider-container-registry.ts +58 -0
package/src/response-registry.ts +45 -0
package/src/router.ts +530 -0
package/src/secrets/crypto.test.ts +45 -0
package/src/secrets/crypto.ts +55 -0
package/src/secrets/index.ts +355 -0
package/src/secrets/master-key.ts +70 -0
package/src/secrets/secrets.test.ts +354 -0
package/src/session-manager.migrate.test.ts +59 -0
package/src/session-manager.ts +433 -0
package/src/startup-bootstrap.test.ts +226 -0
package/src/startup-bootstrap.ts +207 -0
package/src/state-sqlite.ts +182 -0
package/src/timezone.test.ts +64 -0
package/src/timezone.ts +37 -0
package/src/types.ts +230 -0
package/src/web/auth.test.ts +335 -0
package/src/web/auth.ts +214 -0
package/src/web/discord-validate.test.ts +77 -0
package/src/web/discord-validate.ts +88 -0
package/src/web/hub-discovery.test.ts +98 -0
package/src/web/hub-discovery.ts +69 -0
package/src/web/routes/activity.ts +106 -0
package/src/web/routes/agent-provider.test.ts +282 -0
package/src/web/routes/agent-provider.ts +309 -0
package/src/web/routes/approvals.ts +185 -0
package/src/web/routes/apps.ts +434 -0
package/src/web/routes/channels-mg-detail.test.ts +324 -0
package/src/web/routes/channels-mga-detail.test.ts +425 -0
package/src/web/routes/channels.ts +489 -0
package/src/web/routes/oauth-providers.ts +42 -0
package/src/web/routes/secrets.test.ts +175 -0
package/src/web/routes/secrets.ts +282 -0
package/src/web/routes/sessions.ts +123 -0
package/src/web/routes/settings.test.ts +106 -0
package/src/web/routes/settings.ts +247 -0
package/src/web/routes/setup-status.ts +205 -0
package/src/web/routes/vaults.test.ts +389 -0
package/src/web/routes/vaults.ts +225 -0
package/src/web/server-version.test.ts +16 -0
package/src/web/server.ts +1003 -0
package/src/web/services-manifest.test.ts +120 -0
package/src/web/services-manifest.ts +61 -0
package/src/web/static-serve.test.ts +255 -0
package/src/web/static-serve.ts +104 -0
package/src/web/telegram-validate.test.ts +116 -0
package/src/web/telegram-validate.ts +107 -0
package/src/web/vault-proxy.test.ts +214 -0
package/src/web/vault-proxy.ts +120 -0
package/src/web/wire-channel.ts +181 -0
package/src/webhook-server.ts +134 -0
package/tsconfig.json +21 -0
package/vitest.config.ts +18 -0
package/web/README.md +63 -0
package/web/ui/index.html +13 -0
package/web/ui/package.json +35 -0
package/web/ui/pnpm-lock.yaml +2164 -0
package/web/ui/scripts/verify-base.mjs +31 -0
package/web/ui/src/App.tsx +88 -0
package/web/ui/src/components/ActivityFeed.tsx +444 -0
package/web/ui/src/components/AgentGroupPicker.tsx +263 -0
package/web/ui/src/components/AgentProviderCards.tsx +220 -0
package/web/ui/src/components/CredentialForm.tsx +214 -0
package/web/ui/src/components/ScopeGrants.tsx +74 -0
package/web/ui/src/components/StatusDot.tsx +43 -0
package/web/ui/src/components/VaultPicker.tsx +127 -0
package/web/ui/src/components/setup/AdapterInstallStep.tsx +178 -0
package/web/ui/src/components/setup/AgentGroupStep.tsx +43 -0
package/web/ui/src/components/setup/ChannelPickStep.tsx +74 -0
package/web/ui/src/components/setup/DoneStep.tsx +49 -0
package/web/ui/src/components/setup/PrereqStep.tsx +129 -0
package/web/ui/src/components/setup/TestConnectionStep.tsx +108 -0
package/web/ui/src/components/setup/TestMessageStep.tsx +104 -0
package/web/ui/src/components/setup/WireChannelStep.tsx +166 -0
package/web/ui/src/components/setup/types.ts +105 -0
package/web/ui/src/lib/api.test.ts +410 -0
package/web/ui/src/lib/api.ts +1210 -0
package/web/ui/src/lib/auth.test.ts +139 -0
package/web/ui/src/lib/auth.ts +348 -0
package/web/ui/src/lib/channel-adapters.ts +136 -0
package/web/ui/src/main.tsx +19 -0
package/web/ui/src/routes/ApprovalsList.tsx +294 -0
package/web/ui/src/routes/Apps.tsx +613 -0
package/web/ui/src/routes/ChannelWireDetail.test.tsx +233 -0
package/web/ui/src/routes/ChannelWireDetail.tsx +403 -0
package/web/ui/src/routes/ChannelsList.tsx +158 -0
package/web/ui/src/routes/GroupDetail.tsx +755 -0
package/web/ui/src/routes/GroupList.tsx +187 -0
package/web/ui/src/routes/MessagingGroupDetail.test.tsx +233 -0
package/web/ui/src/routes/MessagingGroupDetail.tsx +306 -0
package/web/ui/src/routes/NewGroupWizard.tsx +390 -0
package/web/ui/src/routes/OAuthCallback.tsx +56 -0
package/web/ui/src/routes/SecretsList.tsx +921 -0
package/web/ui/src/routes/SessionsList.tsx +220 -0
package/web/ui/src/routes/SettingsAgentProvider.tsx +109 -0
package/web/ui/src/routes/SettingsApprovals.tsx +234 -0
package/web/ui/src/routes/SetupWizard.tsx +219 -0
package/web/ui/src/routes/VaultDetail.test.tsx +361 -0
package/web/ui/src/routes/VaultDetail.tsx +960 -0
package/web/ui/src/routes/VaultsList.tsx +295 -0
package/web/ui/src/routes/WireChannelPage.tsx +413 -0
package/web/ui/src/styles.css +608 -0
package/web/ui/src/test/setup.ts +23 -0
package/web/ui/src/vite-env.d.ts +10 -0
package/web/ui/tsconfig.json +20 -0
package/web/ui/vite.config.ts +34 -0
package/web/ui/vitest.config.ts +25 -0

package/web/ui/src/routes/Apps.tsx ADDED Viewed

@@ -0,0 +1,613 @@
+/**
+ * `/agent/apps` — OAuth integrations management.
+ *
+ * Two stacked sections per the audit-refined brief:
+ *   1. **App configs** — per-provider OAuth client (paste client_id + client_secret).
+ *      One row per *supported* provider, regardless of whether it's been
+ *      configured yet. The CTA flips between "Add" and "Replace secret".
+ *   2. **Connections** — the user grants. Each row shows account_email +
+ *      label + scopes_granted + status + agentGroupCount + delete.
+ *
+ * Add-flow: clicking "Connect with X" on a provider that has no app_config
+ * yet routes through the App-config form first; once saved, the same button
+ * proceeds to authorize.
+ *
+ * Callback handling: the server's OAuth callback redirects back to
+ * `?connected=<id>`. We read that on mount, refetch, and highlight the
+ * matching row briefly. The query param is then stripped from the URL so a
+ * page refresh doesn't re-trigger the highlight.
+ */
+import { useCallback, useEffect, useMemo, useRef, useState } from 'react';
+import { useSearchParams } from 'react-router-dom';
+import { formatRelative } from '../components/StatusDot.tsx';
+import {
+  type AppConfigView,
+  type AppConnectionView,
+  type PutAppConfigInput,
+  authorizeApp,
+  deleteAppConnection,
+  getAppConfig,
+  listAppConnections,
+  putAppConfig,
+} from '../lib/api.ts';
+/**
+ * Providers the UI knows about. Keep this list small — adding a provider is
+ * an explicit decision (the OAuth scopes, the userinfo shape, the icon, all
+ * vary). PR3 ships with Google as the seed; subsequent PRs add more.
+ */
+const SUPPORTED_PROVIDERS: ProviderMeta[] = [
+  {
+    id: 'google',
+    label: 'Google',
+    description: 'Gmail, Calendar, Drive — depending on the scopes you grant.',
+    defaultScopes: ['openid', 'email', 'profile'],
+    docsUrl: 'https://console.cloud.google.com/apis/credentials',
+  },
+];
+interface ProviderMeta {
+  id: string;
+  label: string;
+  description: string;
+  defaultScopes: string[];
+  /** Where the human goes to register an OAuth app for this provider. */
+  docsUrl: string;
+}
+export function Apps() {
+  const [searchParams, setSearchParams] = useSearchParams();
+  const justConnectedId = searchParams.get('connected');
+  // Configs are keyed by provider id; null = explicitly "no config yet"
+  // (404 from server), undefined = not yet loaded.
+  const [configs, setConfigs] = useState<Record<string, AppConfigView | null | undefined>>({});
+  const [connections, setConnections] = useState<AppConnectionView[] | null>(null);
+  const [error, setError] = useState<string | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [flash, setFlash] = useState<{ kind: 'ok' | 'error'; text: string } | null>(null);
+  const [editingProvider, setEditingProvider] = useState<string | null>(null);
+  // Tracks the provider the user clicked Connect on when no config existed yet.
+  // After they save the config, we auto-resume the OAuth handoff for that
+  // provider so they don't have to re-click Connect.
+  const [pendingConnectProvider, setPendingConnectProvider] = useState<string | null>(null);
+  const reload = useCallback(async (signal: { cancelled: boolean }) => {
+    try {
+      const [conns, ...cfgs] = await Promise.all([
+        listAppConnections(),
+        ...SUPPORTED_PROVIDERS.map((p) => getAppConfig(p.id)),
+      ]);
+      if (signal.cancelled) return;
+      const cfgMap: Record<string, AppConfigView | null> = {};
+      SUPPORTED_PROVIDERS.forEach((p, i) => {
+        cfgMap[p.id] = cfgs[i];
+      });
+      setConfigs(cfgMap);
+      setConnections(conns);
+      setError(null);
+    } catch (err) {
+      if (signal.cancelled) return;
+      setError(err instanceof Error ? err.message : String(err));
+    } finally {
+      if (!signal.cancelled) setLoading(false);
+    }
+  }, []);
+  useEffect(() => {
+    const signal = { cancelled: false };
+    void reload(signal);
+    return () => {
+      signal.cancelled = true;
+    };
+  }, [reload]);
+  // Convenience for the Retry button — same call shape, throwaway signal.
+  const reloadNow = useCallback(() => {
+    void reload({ cancelled: false });
+  }, [reload]);
+  // Strip the `?connected=` param after we've consumed it for the highlight,
+  // so a refresh doesn't re-trigger the green flash. Kept replace:true to
+  // avoid leaving a redundant entry in the back-stack.
+  useEffect(() => {
+    if (!justConnectedId) return;
+    const t = setTimeout(() => {
+      setSearchParams(
+        (prev) => {
+          const p = new URLSearchParams(prev);
+          p.delete('connected');
+          return p;
+        },
+        { replace: true },
+      );
+    }, 4_000);
+    return () => clearTimeout(t);
+  }, [justConnectedId, setSearchParams]);
+  const authorizeAndRedirect = async (provider: string) => {
+    setFlash(null);
+    try {
+      const { redirectUrl } = await authorizeApp(provider);
+      window.location.href = redirectUrl;
+    } catch (err) {
+      setFlash({ kind: 'error', text: err instanceof Error ? err.message : String(err) });
+    }
+  };
+  const onConnect = async (provider: string) => {
+    const cfg = configs[provider];
+    if (!cfg) {
+      // No app_config yet — record the user's intent so we can auto-resume
+      // the OAuth handoff after they save the config (handled in onSaved).
+      setPendingConnectProvider(provider);
+      setEditingProvider(provider);
+      setFlash({ kind: 'ok', text: `Configure ${providerLabel(provider)} OAuth client first.` });
+      return;
+    }
+    await authorizeAndRedirect(provider);
+  };
+  const onDeleteConnection = async (conn: AppConnectionView) => {
+    if (
+      !window.confirm(
+        `Remove connection ${conn.label}? The agent groups it's assigned to (${conn.agentGroupCount}) will lose access immediately.`,
+      )
+    ) {
+      return;
+    }
+    setFlash(null);
+    try {
+      await deleteAppConnection(conn.id);
+      setFlash({ kind: 'ok', text: `Removed ${conn.label}.` });
+      reloadNow();
+    } catch (err) {
+      setFlash({ kind: 'error', text: err instanceof Error ? err.message : String(err) });
+    }
+  };
+  if (loading && connections === null) {
+    return (
+      <div>
+        <h2>Apps</h2>
+        <div className="section">
+          <div className="skeleton skeleton-line" style={{ width: '40%' }} />
+          <div className="skeleton skeleton-line" />
+          <div className="skeleton skeleton-line" style={{ width: '70%' }} />
+        </div>
+      </div>
+    );
+  }
+  return (
+    <div>
+      <h2>Apps</h2>
+      <p className="muted" style={{ marginTop: '-0.5rem' }}>
+        OAuth integrations — configure a provider once, then grant the agent access via "Connect".
+      </p>
+      {error && (
+        <div className="error-banner">
+          {error}
+          <button className="secondary" onClick={reloadNow} style={{ marginLeft: '0.6rem' }}>
+            Retry
+          </button>
+        </div>
+      )}
+      {flash && <div className={flash.kind === 'ok' ? 'status-banner' : 'error-banner'}>{flash.text}</div>}
+      <div className="section">
+        <h3>App configs</h3>
+        <p className="muted" style={{ marginTop: 0 }}>
+          One OAuth client per provider, shared across all your agent groups. Paste the client_id and
+          client_secret you registered with the provider.
+        </p>
+        <ul className="app-config-list">
+          {SUPPORTED_PROVIDERS.map((provider) => (
+            <AppConfigRow
+              key={provider.id}
+              provider={provider}
+              config={configs[provider.id] ?? null}
+              loading={configs[provider.id] === undefined}
+              editing={editingProvider === provider.id}
+              onEdit={() => setEditingProvider(provider.id)}
+              onCancel={() => {
+                setEditingProvider(null);
+                setPendingConnectProvider(null);
+              }}
+              onSaved={async (saved) => {
+                setConfigs((prev) => ({ ...prev, [provider.id]: saved }));
+                setEditingProvider(null);
+                if (pendingConnectProvider === provider.id && saved.hasSecret) {
+                  // The user clicked Connect first; resume the OAuth handoff
+                  // automatically now that the config is in place.
+                  setPendingConnectProvider(null);
+                  await authorizeAndRedirect(provider.id);
+                } else {
+                  setPendingConnectProvider(null);
+                  setFlash({ kind: 'ok', text: `${provider.label} OAuth client saved.` });
+                }
+              }}
+            />
+          ))}
+        </ul>
+      </div>
+      <div className="section">
+        <h3>Connections</h3>
+        {connections && connections.length > 0 ? (
+          <ConnectionsTable
+            connections={connections}
+            justConnectedId={justConnectedId}
+            onConnect={onConnect}
+            onDelete={onDeleteConnection}
+            configs={configs}
+          />
+        ) : (
+          <ConnectionsEmpty
+            providers={SUPPORTED_PROVIDERS}
+            configs={configs}
+            onConnect={onConnect}
+          />
+        )}
+      </div>
+    </div>
+  );
+}
+// --- App config row ---
+function AppConfigRow({
+  provider,
+  config,
+  loading,
+  editing,
+  onEdit,
+  onCancel,
+  onSaved,
+}: {
+  provider: ProviderMeta;
+  config: AppConfigView | null;
+  loading: boolean;
+  editing: boolean;
+  onEdit: () => void;
+  onCancel: () => void;
+  onSaved: (saved: AppConfigView) => Promise<void>;
+}) {
+  if (editing) {
+    return (
+      <li className="app-config-row app-config-row-editing">
+        <AppConfigForm
+          provider={provider}
+          existing={config}
+          onCancel={onCancel}
+          onSaved={onSaved}
+        />
+      </li>
+    );
+  }
+  return (
+    <li className="app-config-row">
+      <div className="app-config-head">
+        <div>
+          <strong>{provider.label}</strong>
+          {loading ? (
+            <span className="dim"> · loading…</span>
+          ) : config ? (
+            <span className="tag" style={{ marginLeft: '0.5rem' }}>
+              configured
+            </span>
+          ) : (
+            <span className="tag muted" style={{ marginLeft: '0.5rem' }}>
+              not configured
+            </span>
+          )}
+        </div>
+        <button className="secondary" onClick={onEdit} disabled={loading}>
+          {config ? 'Replace secret' : 'Add config'}
+        </button>
+      </div>
+      <p className="dim app-config-blurb">{provider.description}</p>
+      {config && (
+        <div className="kv app-config-kv">
+          <div>client_id</div>
+          <div>
+            <code className="app-config-clientid">{config.client_id}</code>
+          </div>
+          <div>scopes</div>
+          <div>
+            {config.scopes_default.length > 0
+              ? config.scopes_default.map((s) => (
+                  <code key={s} className="app-scope-tag">
+                    {s}
+                  </code>
+                ))
+              : <em className="dim">none</em>}
+          </div>
+          <div>secret</div>
+          <div>
+            {config.hasSecret ? (
+              <span className="tag muted">stored</span>
+            ) : (
+              <span className="tag warn">missing — add a secret to enable Connect</span>
+            )}
+          </div>
+        </div>
+      )}
+    </li>
+  );
+}
+function AppConfigForm({
+  provider,
+  existing,
+  onCancel,
+  onSaved,
+}: {
+  provider: ProviderMeta;
+  existing: AppConfigView | null;
+  onCancel: () => void;
+  onSaved: (saved: AppConfigView) => Promise<void>;
+}) {
+  const [clientId, setClientId] = useState(existing?.client_id ?? '');
+  const [clientSecret, setClientSecret] = useState('');
+  const [scopesText, setScopesText] = useState(
+    (existing?.scopes_default ?? provider.defaultScopes).join(' '),
+  );
+  const [submitting, setSubmitting] = useState(false);
+  const [err, setErr] = useState<string | null>(null);
+  const onSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    if (!clientId.trim() || !clientSecret.trim()) {
+      setErr('Both client_id and client_secret are required.');
+      return;
+    }
+    setSubmitting(true);
+    setErr(null);
+    try {
+      const input: PutAppConfigInput = {
+        client_id: clientId.trim(),
+        client_secret: clientSecret,
+        scopes_default: scopesText.split(/\s+/).filter(Boolean),
+      };
+      const saved = await putAppConfig(provider.id, input);
+      await onSaved(saved);
+    } catch (e2) {
+      setErr(e2 instanceof Error ? e2.message : String(e2));
+    } finally {
+      setSubmitting(false);
+    }
+  };
+  return (
+    <form onSubmit={onSubmit} className="app-config-form">
+      <div className="app-config-head">
+        <strong>{provider.label} OAuth client</strong>
+        <a href={provider.docsUrl} target="_blank" rel="noreferrer" className="dim">
+          Where do I get this? ↗
+        </a>
+      </div>
+      {err && <div className="error-banner">{err}</div>}
+      <div className="row">
+        <label htmlFor={`cid-${provider.id}`}>client_id</label>
+        <input
+          id={`cid-${provider.id}`}
+          type="text"
+          value={clientId}
+          onChange={(e) => setClientId(e.target.value)}
+          disabled={submitting}
+          autoComplete="off"
+        />
+      </div>
+      <div className="row">
+        <label htmlFor={`cs-${provider.id}`}>
+          client_secret {existing?.hasSecret && <span className="dim">(replacing existing)</span>}
+        </label>
+        <input
+          id={`cs-${provider.id}`}
+          type="password"
+          value={clientSecret}
+          onChange={(e) => setClientSecret(e.target.value)}
+          disabled={submitting}
+          autoComplete="new-password"
+          placeholder={existing?.hasSecret ? 'paste new secret to rotate' : 'paste from provider'}
+        />
+      </div>
+      <div className="row">
+        <label htmlFor={`scopes-${provider.id}`}>default scopes</label>
+        <input
+          id={`scopes-${provider.id}`}
+          type="text"
+          value={scopesText}
+          onChange={(e) => setScopesText(e.target.value)}
+          disabled={submitting}
+          placeholder={provider.defaultScopes.join(' ')}
+        />
+        <p className="dim">Space-separated. Each Connect can later add more, but never less.</p>
+      </div>
+      <div className="actions">
+        <button type="submit" disabled={submitting}>
+          {submitting ? 'Saving…' : 'Save'}
+        </button>
+        <button type="button" className="secondary" onClick={onCancel} disabled={submitting}>
+          Cancel
+        </button>
+      </div>
+    </form>
+  );
+}
+// --- Connections ---
+function ConnectionsTable({
+  connections,
+  justConnectedId,
+  onConnect,
+  onDelete,
+  configs,
+}: {
+  connections: AppConnectionView[];
+  justConnectedId: string | null;
+  onConnect: (provider: string) => void | Promise<void>;
+  onDelete: (conn: AppConnectionView) => void | Promise<void>;
+  configs: Record<string, AppConfigView | null | undefined>;
+}) {
+  // Group by provider so each block has a "+ Connect another <provider>"
+  // row at the bottom — UX is clearer than a flat list when the user has
+  // multiple Google accounts (which is the common case for power users).
+  const byProvider = useMemo(() => {
+    const m = new Map<string, AppConnectionView[]>();
+    for (const c of connections) {
+      const arr = m.get(c.provider) ?? [];
+      arr.push(c);
+      m.set(c.provider, arr);
+    }
+    return m;
+  }, [connections]);
+  return (
+    <div className="connections-list">
+      {Array.from(byProvider.entries()).map(([provider, items]) => {
+        const cfg = configs[provider];
+        const canConnect = cfg && cfg.hasSecret;
+        return (
+          <div key={provider} className="connections-group">
+            <div className="connections-group-head">
+              <strong>{providerLabel(provider)}</strong>
+              <button
+                className="secondary"
+                onClick={() => void onConnect(provider)}
+                disabled={!canConnect}
+                title={canConnect ? undefined : 'Add a config + secret first'}
+              >
+                + Connect another
+              </button>
+            </div>
+            <ul className="connections-rows">
+              {items.map((conn) => (
+                <ConnectionRow
+                  key={conn.id}
+                  conn={conn}
+                  highlighted={conn.id === justConnectedId}
+                  onDelete={() => void onDelete(conn)}
+                />
+              ))}
+            </ul>
+          </div>
+        );
+      })}
+    </div>
+  );
+}
+function ConnectionRow({
+  conn,
+  highlighted,
+  onDelete,
+}: {
+  conn: AppConnectionView;
+  highlighted: boolean;
+  onDelete: () => void;
+}) {
+  // Briefly scroll the highlighted row into view so the user lands on it
+  // after the OAuth round-trip without having to hunt.
+  const ref = useRef<HTMLLIElement | null>(null);
+  useEffect(() => {
+    if (highlighted && ref.current) {
+      ref.current.scrollIntoView({ behavior: 'smooth', block: 'center' });
+    }
+  }, [highlighted]);
+  return (
+    <li ref={ref} className={`connection-row${highlighted ? ' connection-row-flash' : ''}`}>
+      <div className="connection-row-main">
+        <div className="connection-label">
+          {conn.label}
+          <ConnectionStatusTag status={conn.status} />
+        </div>
+        <div className="dim connection-meta">
+          {conn.account_email && <span>{conn.account_email}</span>}
+          {conn.account_email && <span> · </span>}
+          {conn.expires_at ? (
+            <span title={new Date(conn.expires_at).toLocaleString()}>
+              expires {formatRelative(conn.expires_at)}
+            </span>
+          ) : (
+            <span>no expiry</span>
+          )}
+          <span> · </span>
+          <span>
+            {conn.agentGroupCount === 0
+              ? 'unassigned'
+              : `assigned to ${conn.agentGroupCount} agent${conn.agentGroupCount === 1 ? '' : 's'}`}
+          </span>
+        </div>
+        {conn.scopes_granted.length > 0 && (
+          <div className="connection-scopes">
+            {conn.scopes_granted.map((s) => (
+              <code key={s} className="app-scope-tag">
+                {s}
+              </code>
+            ))}
+          </div>
+        )}
+      </div>
+      <button className="danger" onClick={onDelete}>
+        Remove
+      </button>
+    </li>
+  );
+}
+function ConnectionStatusTag({ status }: { status: AppConnectionView['status'] }) {
+  switch (status) {
+    case 'active':
+      return <span className="tag" style={{ marginLeft: '0.5rem' }}>active</span>;
+    case 'expired':
+      return <span className="tag warn" style={{ marginLeft: '0.5rem' }}>expired</span>;
+    case 'revoked':
+      return <span className="tag error" style={{ marginLeft: '0.5rem' }}>revoked</span>;
+  }
+}
+function ConnectionsEmpty({
+  providers,
+  configs,
+  onConnect,
+}: {
+  providers: ProviderMeta[];
+  configs: Record<string, AppConfigView | null | undefined>;
+  onConnect: (provider: string) => void | Promise<void>;
+}) {
+  return (
+    <div className="empty-rich">
+      <p className="empty-headline">No connections yet.</p>
+      <p className="muted" style={{ marginTop: 0 }}>
+        Configure a provider above, then click Connect to grant the agent access via OAuth.
+      </p>
+      <div className="connect-cta-row">
+        {providers.map((p) => {
+          const cfg = configs[p.id];
+          const ready = cfg && cfg.hasSecret;
+          return (
+            <button
+              key={p.id}
+              onClick={() => void onConnect(p.id)}
+              disabled={!ready}
+              title={ready ? undefined : 'Add this provider in App configs first'}
+            >
+              Connect with {p.label}
+            </button>
+          );
+        })}
+      </div>
+    </div>
+  );
+}
+function providerLabel(id: string): string {
+  const known = SUPPORTED_PROVIDERS.find((p) => p.id === id);
+  return known?.label ?? id;
+}