@openparachute/agent 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/scheduled_tasks.lock +1 -0
- package/.claude/settings.json +5 -0
- package/.claude/skills/add-atomic-chat-tool/SKILL.md +243 -0
- package/.claude/skills/add-atomic-chat-tool/atomic-chat-mcp-stdio.ts +229 -0
- package/.claude/skills/add-codex/SKILL.md +161 -0
- package/.claude/skills/add-dashboard/SKILL.md +138 -0
- package/.claude/skills/add-dashboard/resources/dashboard-pusher.ts +495 -0
- package/.claude/skills/add-emacs/SKILL.md +296 -0
- package/.claude/skills/add-gcal-tool/SKILL.md +210 -0
- package/.claude/skills/add-gchat/REMOVE.md +6 -0
- package/.claude/skills/add-gchat/SKILL.md +92 -0
- package/.claude/skills/add-gchat/VERIFY.md +3 -0
- package/.claude/skills/add-github/REMOVE.md +6 -0
- package/.claude/skills/add-github/SKILL.md +148 -0
- package/.claude/skills/add-github/VERIFY.md +3 -0
- package/.claude/skills/add-gmail-tool/SKILL.md +229 -0
- package/.claude/skills/add-imessage/REMOVE.md +6 -0
- package/.claude/skills/add-imessage/SKILL.md +113 -0
- package/.claude/skills/add-imessage/VERIFY.md +3 -0
- package/.claude/skills/add-karpathy-llm-wiki/SKILL.md +110 -0
- package/.claude/skills/add-karpathy-llm-wiki/llm-wiki.md +75 -0
- package/.claude/skills/add-linear/REMOVE.md +6 -0
- package/.claude/skills/add-linear/SKILL.md +168 -0
- package/.claude/skills/add-linear/VERIFY.md +3 -0
- package/.claude/skills/add-macos-statusbar/SKILL.md +133 -0
- package/.claude/skills/add-macos-statusbar/add/src/statusbar.swift +147 -0
- package/.claude/skills/add-matrix/REMOVE.md +6 -0
- package/.claude/skills/add-matrix/SKILL.md +148 -0
- package/.claude/skills/add-matrix/VERIFY.md +3 -0
- package/.claude/skills/add-ollama-provider/SKILL.md +179 -0
- package/.claude/skills/add-ollama-tool/SKILL.md +193 -0
- package/.claude/skills/add-opencode/SKILL.md +229 -0
- package/.claude/skills/add-parallel/SKILL.md +290 -0
- package/.claude/skills/add-resend/REMOVE.md +6 -0
- package/.claude/skills/add-resend/SKILL.md +93 -0
- package/.claude/skills/add-resend/VERIFY.md +3 -0
- package/.claude/skills/add-signal/REMOVE.md +13 -0
- package/.claude/skills/add-signal/SKILL.md +318 -0
- package/.claude/skills/add-signal/VERIFY.md +5 -0
- package/.claude/skills/add-slack/REMOVE.md +6 -0
- package/.claude/skills/add-slack/SKILL.md +112 -0
- package/.claude/skills/add-slack/VERIFY.md +3 -0
- package/.claude/skills/add-teams/REMOVE.md +6 -0
- package/.claude/skills/add-teams/SKILL.md +207 -0
- package/.claude/skills/add-teams/VERIFY.md +3 -0
- package/.claude/skills/add-vercel/SKILL.md +147 -0
- package/.claude/skills/add-vercel/container-skills/vercel-cli/SKILL.md +103 -0
- package/.claude/skills/add-webex/REMOVE.md +6 -0
- package/.claude/skills/add-webex/SKILL.md +88 -0
- package/.claude/skills/add-webex/VERIFY.md +3 -0
- package/.claude/skills/add-wechat/REMOVE.md +49 -0
- package/.claude/skills/add-wechat/SKILL.md +170 -0
- package/.claude/skills/add-wechat/scripts/wire-dm.ts +172 -0
- package/.claude/skills/add-whatsapp/SKILL.md +264 -0
- package/.claude/skills/add-whatsapp-cloud/REMOVE.md +6 -0
- package/.claude/skills/add-whatsapp-cloud/SKILL.md +95 -0
- package/.claude/skills/add-whatsapp-cloud/VERIFY.md +3 -0
- package/.claude/skills/claw/SKILL.md +131 -0
- package/.claude/skills/claw/scripts/claw +374 -0
- package/.claude/skills/convert-to-apple-container/SKILL.md +212 -0
- package/.claude/skills/customize/SKILL.md +110 -0
- package/.claude/skills/debug/SKILL.md +349 -0
- package/.claude/skills/get-qodo-rules/SKILL.md +122 -0
- package/.claude/skills/get-qodo-rules/references/output-format.md +41 -0
- package/.claude/skills/get-qodo-rules/references/pagination.md +33 -0
- package/.claude/skills/get-qodo-rules/references/repository-scope.md +26 -0
- package/.claude/skills/init-first-agent/SKILL.md +120 -0
- package/.claude/skills/init-onecli/SKILL.md +270 -0
- package/.claude/skills/manage-channels/SKILL.md +87 -0
- package/.claude/skills/manage-mounts/SKILL.md +47 -0
- package/.claude/skills/migrate-from-openclaw/MIGRATE_CRONS.md +100 -0
- package/.claude/skills/migrate-from-openclaw/SKILL.md +447 -0
- package/.claude/skills/migrate-from-openclaw/scripts/discover-openclaw.ts +734 -0
- package/.claude/skills/migrate-from-openclaw/scripts/extract-channel-credentials.ts +476 -0
- package/.claude/skills/migrate-nanoclaw/SKILL.md +484 -0
- package/.claude/skills/migrate-nanoclaw/diagnostics.md +51 -0
- package/.claude/skills/qodo-pr-resolver/SKILL.md +326 -0
- package/.claude/skills/qodo-pr-resolver/resources/providers.md +329 -0
- package/.claude/skills/update-nanoclaw/SKILL.md +243 -0
- package/.claude/skills/update-nanoclaw/diagnostics.md +48 -0
- package/.claude/skills/update-skills/SKILL.md +130 -0
- package/.claude/skills/use-native-credential-proxy/SKILL.md +167 -0
- package/.claude/skills/x-integration/SKILL.md +417 -0
- package/.claude/skills/x-integration/agent.ts +243 -0
- package/.claude/skills/x-integration/host.ts +155 -0
- package/.claude/skills/x-integration/lib/browser.ts +148 -0
- package/.claude/skills/x-integration/lib/config.ts +62 -0
- package/.claude/skills/x-integration/scripts/like.ts +56 -0
- package/.claude/skills/x-integration/scripts/post.ts +66 -0
- package/.claude/skills/x-integration/scripts/quote.ts +80 -0
- package/.claude/skills/x-integration/scripts/reply.ts +74 -0
- package/.claude/skills/x-integration/scripts/retweet.ts +62 -0
- package/.claude/skills/x-integration/scripts/setup.ts +87 -0
- package/.github/CODEOWNERS +10 -0
- package/.github/PULL_REQUEST_TEMPLATE.md +18 -0
- package/.github/workflows/bump-version.yml +35 -0
- package/.github/workflows/ci.yml +39 -0
- package/.github/workflows/label-pr.yml +40 -0
- package/.github/workflows/update-tokens.yml +43 -0
- package/.husky/pre-commit +1 -0
- package/.mcp.json +3 -0
- package/.nvmrc +1 -0
- package/.parachute/module.json +14 -0
- package/.prettierrc +4 -0
- package/CHANGELOG.md +215 -0
- package/CLAUDE.md +307 -0
- package/CODE_OF_CONDUCT.md +128 -0
- package/CONTRIBUTING.md +159 -0
- package/CONTRIBUTORS.md +26 -0
- package/LICENSE +21 -0
- package/README.md +190 -0
- package/README_ja.md +194 -0
- package/README_zh.md +194 -0
- package/assets/nanoclaw-favicon.png +0 -0
- package/assets/nanoclaw-icon.png +0 -0
- package/assets/nanoclaw-logo-dark.png +0 -0
- package/assets/nanoclaw-logo.png +0 -0
- package/assets/nanoclaw-profile.jpeg +0 -0
- package/assets/nanoclaw-sales.png +0 -0
- package/assets/social-preview.jpg +0 -0
- package/config-examples/mount-allowlist.json +25 -0
- package/container/.dockerignore +2 -0
- package/container/CLAUDE.md +21 -0
- package/container/Dockerfile +121 -0
- package/container/agent-runner/bun.lock +243 -0
- package/container/agent-runner/package.json +22 -0
- package/container/agent-runner/scripts/sdk-signal-probe.ts +169 -0
- package/container/agent-runner/src/config.ts +55 -0
- package/container/agent-runner/src/db/connection.ts +267 -0
- package/container/agent-runner/src/db/index.ts +20 -0
- package/container/agent-runner/src/db/messages-in.ts +138 -0
- package/container/agent-runner/src/db/messages-out.ts +143 -0
- package/container/agent-runner/src/db/session-routing.ts +30 -0
- package/container/agent-runner/src/db/session-state.test.ts +100 -0
- package/container/agent-runner/src/db/session-state.ts +79 -0
- package/container/agent-runner/src/destinations.ts +135 -0
- package/container/agent-runner/src/formatter.test.ts +167 -0
- package/container/agent-runner/src/formatter.ts +260 -0
- package/container/agent-runner/src/index.ts +110 -0
- package/container/agent-runner/src/integration.test.ts +121 -0
- package/container/agent-runner/src/mcp-tools/agents.instructions.md +26 -0
- package/container/agent-runner/src/mcp-tools/agents.ts +66 -0
- package/container/agent-runner/src/mcp-tools/core.instructions.md +27 -0
- package/container/agent-runner/src/mcp-tools/core.ts +262 -0
- package/container/agent-runner/src/mcp-tools/index.ts +22 -0
- package/container/agent-runner/src/mcp-tools/interactive.instructions.md +22 -0
- package/container/agent-runner/src/mcp-tools/interactive.ts +169 -0
- package/container/agent-runner/src/mcp-tools/scheduling.instructions.md +40 -0
- package/container/agent-runner/src/mcp-tools/scheduling.ts +299 -0
- package/container/agent-runner/src/mcp-tools/self-mod.instructions.md +25 -0
- package/container/agent-runner/src/mcp-tools/self-mod.ts +120 -0
- package/container/agent-runner/src/mcp-tools/server.ts +54 -0
- package/container/agent-runner/src/mcp-tools/types.ts +6 -0
- package/container/agent-runner/src/poll-loop.test.ts +248 -0
- package/container/agent-runner/src/poll-loop.ts +437 -0
- package/container/agent-runner/src/providers/claude.ts +379 -0
- package/container/agent-runner/src/providers/factory.test.ts +19 -0
- package/container/agent-runner/src/providers/factory.ts +13 -0
- package/container/agent-runner/src/providers/index.ts +6 -0
- package/container/agent-runner/src/providers/mock.ts +77 -0
- package/container/agent-runner/src/providers/provider-registry.ts +33 -0
- package/container/agent-runner/src/providers/types.ts +82 -0
- package/container/agent-runner/src/scheduling/task-script.ts +121 -0
- package/container/agent-runner/src/timezone.test.ts +93 -0
- package/container/agent-runner/src/timezone.ts +107 -0
- package/container/agent-runner/tsconfig.json +14 -0
- package/container/build.sh +48 -0
- package/container/entrypoint.sh +16 -0
- package/container/skills/agent-browser/SKILL.md +159 -0
- package/container/skills/frontend-engineer/SKILL.md +157 -0
- package/container/skills/self-customize/SKILL.md +87 -0
- package/container/skills/slack-formatting/SKILL.md +94 -0
- package/container/skills/vercel-cli/SKILL.md +111 -0
- package/container/skills/welcome/SKILL.md +85 -0
- package/docs/APPLE-CONTAINER-NETWORKING.md +90 -0
- package/docs/BRANCH-FORK-MAINTENANCE.md +81 -0
- package/docs/README.md +25 -0
- package/docs/SDK_DEEP_DIVE.md +643 -0
- package/docs/SECURITY.md +162 -0
- package/docs/agent-runner-details.md +749 -0
- package/docs/api-details.md +365 -0
- package/docs/architecture-diagram.html +422 -0
- package/docs/architecture-diagram.md +215 -0
- package/docs/architecture.md +751 -0
- package/docs/audit/2026-04-30-channel-endpoint-audit.md +36 -0
- package/docs/build-and-runtime.md +80 -0
- package/docs/cross-mount-stress/README.md +112 -0
- package/docs/cross-mount-stress/container-writer-retry.mjs +55 -0
- package/docs/cross-mount-stress/container-writer-slow.mjs +42 -0
- package/docs/cross-mount-stress/container-writer.mjs +47 -0
- package/docs/cross-mount-stress/host-writer-retry.mjs +55 -0
- package/docs/cross-mount-stress/host-writer-slow.mjs +43 -0
- package/docs/cross-mount-stress/host-writer.mjs +47 -0
- package/docs/db-central.md +316 -0
- package/docs/db-session.md +183 -0
- package/docs/db.md +119 -0
- package/docs/design/2026-04-29-vault-management-ui.md +231 -0
- package/docs/design/2026-04-30-channel-wiring-rework.md +234 -0
- package/docs/design/2026-05-01-channel-wiring-approvals-deep-dive.md +272 -0
- package/docs/design/2026-05-02-channel-policy-and-approval-routing.md +250 -0
- package/docs/docker-sandboxes.md +359 -0
- package/docs/isolation-model.md +88 -0
- package/docs/ollama.md +79 -0
- package/docs/parachute-integration.md +109 -0
- package/docs/post-night-rebirth-reflections.md +151 -0
- package/eslint.config.js +32 -0
- package/package.json +54 -0
- package/pnpm-workspace.yaml +8 -0
- package/repo-tokens/README.md +113 -0
- package/repo-tokens/action.yml +186 -0
- package/repo-tokens/badge.svg +23 -0
- package/repo-tokens/examples/green.svg +14 -0
- package/repo-tokens/examples/red.svg +14 -0
- package/repo-tokens/examples/yellow-green.svg +14 -0
- package/repo-tokens/examples/yellow.svg +14 -0
- package/scripts/chat.ts +101 -0
- package/scripts/cleanup-sessions.sh +150 -0
- package/scripts/init-cli-agent.ts +171 -0
- package/scripts/init-first-agent.ts +377 -0
- package/scripts/parachute.ts +158 -0
- package/scripts/run-migrations.ts +105 -0
- package/scripts/sanity-live-poll.ts +95 -0
- package/scripts/seed-discord.ts +79 -0
- package/scripts/test-v2-agent.ts +106 -0
- package/scripts/test-v2-channel-e2e.ts +265 -0
- package/scripts/test-v2-host.ts +184 -0
- package/src/channels/adapter.ts +214 -0
- package/src/channels/ask-question.ts +46 -0
- package/src/channels/channel-registry.test.ts +421 -0
- package/src/channels/channel-registry.ts +313 -0
- package/src/channels/chat-sdk-bridge.test.ts +84 -0
- package/src/channels/chat-sdk-bridge.ts +652 -0
- package/src/channels/cli.ts +276 -0
- package/src/channels/discord.ts +90 -0
- package/src/channels/index.ts +17 -0
- package/src/channels/telegram-markdown-sanitize.test.ts +78 -0
- package/src/channels/telegram-markdown-sanitize.ts +55 -0
- package/src/channels/telegram-pairing.test.ts +254 -0
- package/src/channels/telegram-pairing.ts +339 -0
- package/src/channels/telegram.ts +279 -0
- package/src/channels/trust-hint.test.ts +48 -0
- package/src/channels/trust-hint.ts +75 -0
- package/src/claude-md-compose.migrate.test.ts +64 -0
- package/src/claude-md-compose.ts +205 -0
- package/src/command-gate.ts +63 -0
- package/src/config.test.ts +93 -0
- package/src/config.ts +108 -0
- package/src/container-config.ts +167 -0
- package/src/container-runner.test.ts +32 -0
- package/src/container-runner.ts +576 -0
- package/src/container-runtime.test.ts +169 -0
- package/src/container-runtime.ts +92 -0
- package/src/db/_bun-sqlite-shim.ts +88 -0
- package/src/db/agent-activity.test.ts +155 -0
- package/src/db/agent-activity.ts +121 -0
- package/src/db/agent-groups.ts +77 -0
- package/src/db/connection.migrate.test.ts +143 -0
- package/src/db/connection.ts +224 -0
- package/src/db/db-v2.test.ts +440 -0
- package/src/db/dropped-messages.ts +44 -0
- package/src/db/index.ts +40 -0
- package/src/db/messaging-groups.ts +252 -0
- package/src/db/migrations/001-initial.ts +112 -0
- package/src/db/migrations/002-chat-sdk-state.ts +36 -0
- package/src/db/migrations/008-dropped-messages.ts +27 -0
- package/src/db/migrations/009-drop-pending-credentials.ts +13 -0
- package/src/db/migrations/010-engage-modes.ts +103 -0
- package/src/db/migrations/011-pending-sender-approvals.ts +40 -0
- package/src/db/migrations/012-channel-registration.ts +48 -0
- package/src/db/migrations/013-approval-render-metadata.ts +27 -0
- package/src/db/migrations/014-secrets.ts +44 -0
- package/src/db/migrations/015-secrets-drop-host-pattern.ts +18 -0
- package/src/db/migrations/016-secret-assignments.ts +30 -0
- package/src/db/migrations/017-agent-activity.ts +40 -0
- package/src/db/migrations/018-oauth-app-configs.ts +34 -0
- package/src/db/migrations/019-oauth-app-connections.ts +48 -0
- package/src/db/migrations/020-agent-app-connections.ts +28 -0
- package/src/db/migrations/021-pending-oauth-states.ts +35 -0
- package/src/db/migrations/022-app-connections-provider.ts +25 -0
- package/src/db/migrations/023-agent-group-secret-mode.test.ts +124 -0
- package/src/db/migrations/023-agent-group-secret-mode.ts +65 -0
- package/src/db/migrations/024-collapse-approvals.test.ts +249 -0
- package/src/db/migrations/024-collapse-approvals.ts +182 -0
- package/src/db/migrations/025-secret-mode-check.test.ts +155 -0
- package/src/db/migrations/025-secret-mode-check.ts +49 -0
- package/src/db/migrations/026-user-dms-bot-id.test.ts +116 -0
- package/src/db/migrations/026-user-dms-bot-id.ts +54 -0
- package/src/db/migrations/027-provider-credentials.ts +41 -0
- package/src/db/migrations/_test-helpers.ts +41 -0
- package/src/db/migrations/index.ts +127 -0
- package/src/db/migrations/module-agent-to-agent-destinations.ts +84 -0
- package/src/db/migrations/module-approvals-pending-approvals.ts +42 -0
- package/src/db/migrations/module-approvals-title-options.ts +40 -0
- package/src/db/schema.ts +258 -0
- package/src/db/session-db.test.ts +93 -0
- package/src/db/session-db.ts +325 -0
- package/src/db/sessions.ts +241 -0
- package/src/delivery.test.ts +148 -0
- package/src/delivery.ts +445 -0
- package/src/env.ts +74 -0
- package/src/group-folder.test.ts +35 -0
- package/src/group-folder.ts +44 -0
- package/src/group-init.ts +92 -0
- package/src/host-core.test.ts +456 -0
- package/src/host-sweep.test.ts +146 -0
- package/src/host-sweep.ts +287 -0
- package/src/index.ts +227 -0
- package/src/install-slug.ts +33 -0
- package/src/log.test.ts +81 -0
- package/src/log.ts +117 -0
- package/src/mcp/http.ts +72 -0
- package/src/mcp/server.ts +92 -0
- package/src/mcp/stdio.ts +51 -0
- package/src/mcp/tools/activity.ts +88 -0
- package/src/mcp/tools/agent-groups.ts +183 -0
- package/src/mcp/tools/approvals.ts +122 -0
- package/src/mcp/tools/channels.ts +199 -0
- package/src/mcp/tools/index.ts +27 -0
- package/src/mcp/tools/oauth.ts +48 -0
- package/src/mcp/tools/secrets.ts +169 -0
- package/src/mcp/tools/sessions.ts +135 -0
- package/src/mcp/types.ts +51 -0
- package/src/modules/agent-to-agent/agent-route.test.ts +46 -0
- package/src/modules/agent-to-agent/agent-route.ts +223 -0
- package/src/modules/agent-to-agent/create-agent.ts +127 -0
- package/src/modules/agent-to-agent/db/agent-destinations.ts +135 -0
- package/src/modules/agent-to-agent/index.ts +22 -0
- package/src/modules/agent-to-agent/write-destinations.ts +59 -0
- package/src/modules/approvals/agent.md +45 -0
- package/src/modules/approvals/index.ts +21 -0
- package/src/modules/approvals/picks.test.ts +291 -0
- package/src/modules/approvals/primitive.ts +279 -0
- package/src/modules/approvals/project.md +27 -0
- package/src/modules/approvals/response-handler.ts +87 -0
- package/src/modules/index.ts +24 -0
- package/src/modules/interactive/agent.md +21 -0
- package/src/modules/interactive/index.ts +69 -0
- package/src/modules/interactive/project.md +12 -0
- package/src/modules/mount-security/index.ts +448 -0
- package/src/modules/mount-security/migrate.test.ts +91 -0
- package/src/modules/permissions/access.ts +28 -0
- package/src/modules/permissions/channel-approval.test.ts +389 -0
- package/src/modules/permissions/channel-approval.ts +188 -0
- package/src/modules/permissions/db/agent-group-members.ts +44 -0
- package/src/modules/permissions/db/pending-channel-approvals.test.ts +86 -0
- package/src/modules/permissions/db/pending-channel-approvals.ts +66 -0
- package/src/modules/permissions/db/pending-sender-approvals.ts +60 -0
- package/src/modules/permissions/db/user-dms.ts +58 -0
- package/src/modules/permissions/db/user-roles.ts +85 -0
- package/src/modules/permissions/db/users.ts +38 -0
- package/src/modules/permissions/index.ts +421 -0
- package/src/modules/permissions/permissions.test.ts +358 -0
- package/src/modules/permissions/sender-approval.test.ts +470 -0
- package/src/modules/permissions/sender-approval.ts +165 -0
- package/src/modules/permissions/user-dm.ts +200 -0
- package/src/modules/provider-credentials/db.ts +121 -0
- package/src/modules/provider-credentials/index.ts +12 -0
- package/src/modules/provider-credentials/spawn.test.ts +206 -0
- package/src/modules/provider-credentials/spawn.ts +114 -0
- package/src/modules/scheduling/actions.ts +113 -0
- package/src/modules/scheduling/db.test.ts +282 -0
- package/src/modules/scheduling/db.ts +148 -0
- package/src/modules/scheduling/index.ts +34 -0
- package/src/modules/scheduling/recurrence.test.ts +98 -0
- package/src/modules/scheduling/recurrence.ts +54 -0
- package/src/modules/self-mod/agent.md +30 -0
- package/src/modules/self-mod/apply.ts +85 -0
- package/src/modules/self-mod/index.ts +30 -0
- package/src/modules/self-mod/project.md +39 -0
- package/src/modules/self-mod/request.ts +91 -0
- package/src/modules/typing/index.ts +165 -0
- package/src/oauth/agent-app-connections.ts +103 -0
- package/src/oauth/app-configs.test.ts +64 -0
- package/src/oauth/app-configs.ts +114 -0
- package/src/oauth/app-connections.test.ts +109 -0
- package/src/oauth/app-connections.ts +178 -0
- package/src/oauth/crypto.ts +56 -0
- package/src/oauth/flow.ts +104 -0
- package/src/oauth/providers/google.test.ts +38 -0
- package/src/oauth/providers/google.ts +46 -0
- package/src/oauth/providers/index.ts +48 -0
- package/src/oauth/state-store.test.ts +54 -0
- package/src/oauth/state-store.ts +93 -0
- package/src/parachute/README.md +27 -0
- package/src/parachute/create-agent.test.ts +83 -0
- package/src/parachute/create-agent.ts +122 -0
- package/src/parachute/group-status.test.ts +165 -0
- package/src/parachute/group-status.ts +136 -0
- package/src/parachute/types.ts +41 -0
- package/src/parachute/vault-mcp.test.ts +251 -0
- package/src/parachute/vault-mcp.ts +232 -0
- package/src/platform-id.test.ts +104 -0
- package/src/platform-id.ts +109 -0
- package/src/providers/index.ts +6 -0
- package/src/providers/provider-container-registry.ts +58 -0
- package/src/response-registry.ts +45 -0
- package/src/router.ts +530 -0
- package/src/secrets/crypto.test.ts +45 -0
- package/src/secrets/crypto.ts +55 -0
- package/src/secrets/index.ts +355 -0
- package/src/secrets/master-key.ts +70 -0
- package/src/secrets/secrets.test.ts +354 -0
- package/src/session-manager.migrate.test.ts +59 -0
- package/src/session-manager.ts +433 -0
- package/src/startup-bootstrap.test.ts +226 -0
- package/src/startup-bootstrap.ts +207 -0
- package/src/state-sqlite.ts +182 -0
- package/src/timezone.test.ts +64 -0
- package/src/timezone.ts +37 -0
- package/src/types.ts +230 -0
- package/src/web/auth.test.ts +335 -0
- package/src/web/auth.ts +214 -0
- package/src/web/discord-validate.test.ts +77 -0
- package/src/web/discord-validate.ts +88 -0
- package/src/web/hub-discovery.test.ts +98 -0
- package/src/web/hub-discovery.ts +69 -0
- package/src/web/routes/activity.ts +106 -0
- package/src/web/routes/agent-provider.test.ts +282 -0
- package/src/web/routes/agent-provider.ts +309 -0
- package/src/web/routes/approvals.ts +185 -0
- package/src/web/routes/apps.ts +434 -0
- package/src/web/routes/channels-mg-detail.test.ts +324 -0
- package/src/web/routes/channels-mga-detail.test.ts +425 -0
- package/src/web/routes/channels.ts +489 -0
- package/src/web/routes/oauth-providers.ts +42 -0
- package/src/web/routes/secrets.test.ts +175 -0
- package/src/web/routes/secrets.ts +282 -0
- package/src/web/routes/sessions.ts +123 -0
- package/src/web/routes/settings.test.ts +106 -0
- package/src/web/routes/settings.ts +247 -0
- package/src/web/routes/setup-status.ts +205 -0
- package/src/web/routes/vaults.test.ts +389 -0
- package/src/web/routes/vaults.ts +225 -0
- package/src/web/server-version.test.ts +16 -0
- package/src/web/server.ts +1003 -0
- package/src/web/services-manifest.test.ts +120 -0
- package/src/web/services-manifest.ts +61 -0
- package/src/web/static-serve.test.ts +255 -0
- package/src/web/static-serve.ts +104 -0
- package/src/web/telegram-validate.test.ts +116 -0
- package/src/web/telegram-validate.ts +107 -0
- package/src/web/vault-proxy.test.ts +214 -0
- package/src/web/vault-proxy.ts +120 -0
- package/src/web/wire-channel.ts +181 -0
- package/src/webhook-server.ts +134 -0
- package/tsconfig.json +21 -0
- package/vitest.config.ts +18 -0
- package/web/README.md +63 -0
- package/web/ui/index.html +13 -0
- package/web/ui/package.json +35 -0
- package/web/ui/pnpm-lock.yaml +2164 -0
- package/web/ui/scripts/verify-base.mjs +31 -0
- package/web/ui/src/App.tsx +88 -0
- package/web/ui/src/components/ActivityFeed.tsx +444 -0
- package/web/ui/src/components/AgentGroupPicker.tsx +263 -0
- package/web/ui/src/components/AgentProviderCards.tsx +220 -0
- package/web/ui/src/components/CredentialForm.tsx +214 -0
- package/web/ui/src/components/ScopeGrants.tsx +74 -0
- package/web/ui/src/components/StatusDot.tsx +43 -0
- package/web/ui/src/components/VaultPicker.tsx +127 -0
- package/web/ui/src/components/setup/AdapterInstallStep.tsx +178 -0
- package/web/ui/src/components/setup/AgentGroupStep.tsx +43 -0
- package/web/ui/src/components/setup/ChannelPickStep.tsx +74 -0
- package/web/ui/src/components/setup/DoneStep.tsx +49 -0
- package/web/ui/src/components/setup/PrereqStep.tsx +129 -0
- package/web/ui/src/components/setup/TestConnectionStep.tsx +108 -0
- package/web/ui/src/components/setup/TestMessageStep.tsx +104 -0
- package/web/ui/src/components/setup/WireChannelStep.tsx +166 -0
- package/web/ui/src/components/setup/types.ts +105 -0
- package/web/ui/src/lib/api.test.ts +410 -0
- package/web/ui/src/lib/api.ts +1210 -0
- package/web/ui/src/lib/auth.test.ts +139 -0
- package/web/ui/src/lib/auth.ts +348 -0
- package/web/ui/src/lib/channel-adapters.ts +136 -0
- package/web/ui/src/main.tsx +19 -0
- package/web/ui/src/routes/ApprovalsList.tsx +294 -0
- package/web/ui/src/routes/Apps.tsx +613 -0
- package/web/ui/src/routes/ChannelWireDetail.test.tsx +233 -0
- package/web/ui/src/routes/ChannelWireDetail.tsx +403 -0
- package/web/ui/src/routes/ChannelsList.tsx +158 -0
- package/web/ui/src/routes/GroupDetail.tsx +755 -0
- package/web/ui/src/routes/GroupList.tsx +187 -0
- package/web/ui/src/routes/MessagingGroupDetail.test.tsx +233 -0
- package/web/ui/src/routes/MessagingGroupDetail.tsx +306 -0
- package/web/ui/src/routes/NewGroupWizard.tsx +390 -0
- package/web/ui/src/routes/OAuthCallback.tsx +56 -0
- package/web/ui/src/routes/SecretsList.tsx +921 -0
- package/web/ui/src/routes/SessionsList.tsx +220 -0
- package/web/ui/src/routes/SettingsAgentProvider.tsx +109 -0
- package/web/ui/src/routes/SettingsApprovals.tsx +234 -0
- package/web/ui/src/routes/SetupWizard.tsx +219 -0
- package/web/ui/src/routes/VaultDetail.test.tsx +361 -0
- package/web/ui/src/routes/VaultDetail.tsx +960 -0
- package/web/ui/src/routes/VaultsList.tsx +295 -0
- package/web/ui/src/routes/WireChannelPage.tsx +413 -0
- package/web/ui/src/styles.css +608 -0
- package/web/ui/src/test/setup.ts +23 -0
- package/web/ui/src/vite-env.d.ts +10 -0
- package/web/ui/tsconfig.json +20 -0
- package/web/ui/vite.config.ts +34 -0
- package/web/ui/vitest.config.ts +25 -0
|
@@ -0,0 +1,219 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Setup wizard orchestrator (paraclaw#27 phase 1).
|
|
3
|
+
*
|
|
4
|
+
* Mounts at /setup. Renders the active step and a step indicator. State
|
|
5
|
+
* lives in localStorage under SETUP_STORAGE_KEY so a tab close mid-install
|
|
6
|
+
* survives — the bot token is the one thing we never persist (handled in
|
|
7
|
+
* the credentials step itself).
|
|
8
|
+
*
|
|
9
|
+
* Step navigation:
|
|
10
|
+
* - The step indicator shows all 9 steps; the user can click any step at
|
|
11
|
+
* or before `furthestStep` to revisit it.
|
|
12
|
+
* - `next()` advances and stamps furthestStep monotonically.
|
|
13
|
+
* - `goto()` lets a step jump (e.g. credentials → install).
|
|
14
|
+
* - `back()` is purely visual — no state mutation.
|
|
15
|
+
*
|
|
16
|
+
* The orchestrator does NOT do smart-resume on its own. Each step renders
|
|
17
|
+
* its current state from the server (PrereqStep polls /setup/status,
|
|
18
|
+
* AdapterInstallStep polls the in-flight task, etc.) so the UI is always
|
|
19
|
+
* faithful to the actual filesystem rather than what we think happened.
|
|
20
|
+
*/
|
|
21
|
+
import { useCallback, useEffect, useMemo, useState, type ReactElement } from 'react';
|
|
22
|
+
import { Link } from 'react-router-dom';
|
|
23
|
+
import { AdapterInstallStep } from '../components/setup/AdapterInstallStep.tsx';
|
|
24
|
+
import { AgentGroupStep } from '../components/setup/AgentGroupStep.tsx';
|
|
25
|
+
import { ChannelPickStep } from '../components/setup/ChannelPickStep.tsx';
|
|
26
|
+
import { DoneStep } from '../components/setup/DoneStep.tsx';
|
|
27
|
+
import { PrereqStep } from '../components/setup/PrereqStep.tsx';
|
|
28
|
+
import { TestConnectionStep } from '../components/setup/TestConnectionStep.tsx';
|
|
29
|
+
import { TestMessageStep } from '../components/setup/TestMessageStep.tsx';
|
|
30
|
+
import { WireChannelStep } from '../components/setup/WireChannelStep.tsx';
|
|
31
|
+
import {
|
|
32
|
+
ADAPTER_LABELS,
|
|
33
|
+
DEFAULT_SETUP_STATE,
|
|
34
|
+
SETUP_STEPS,
|
|
35
|
+
SETUP_STORAGE_KEY,
|
|
36
|
+
type SetupState,
|
|
37
|
+
type SetupStepKey,
|
|
38
|
+
type StepProps,
|
|
39
|
+
} from '../components/setup/types.ts';
|
|
40
|
+
|
|
41
|
+
function loadState(): SetupState {
|
|
42
|
+
try {
|
|
43
|
+
const raw = localStorage.getItem(SETUP_STORAGE_KEY);
|
|
44
|
+
if (!raw) return { ...DEFAULT_SETUP_STATE };
|
|
45
|
+
const parsed = JSON.parse(raw) as Partial<SetupState>;
|
|
46
|
+
return { ...DEFAULT_SETUP_STATE, ...parsed };
|
|
47
|
+
} catch {
|
|
48
|
+
return { ...DEFAULT_SETUP_STATE };
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
function saveState(state: SetupState): void {
|
|
53
|
+
try {
|
|
54
|
+
localStorage.setItem(SETUP_STORAGE_KEY, JSON.stringify(state));
|
|
55
|
+
} catch {
|
|
56
|
+
// Quota exceeded / private browsing; non-fatal.
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
const STEP_INDEX: Record<SetupStepKey, number> = SETUP_STEPS.reduce(
|
|
61
|
+
(acc, s, i) => {
|
|
62
|
+
acc[s.key] = i;
|
|
63
|
+
return acc;
|
|
64
|
+
},
|
|
65
|
+
{} as Record<SetupStepKey, number>,
|
|
66
|
+
);
|
|
67
|
+
|
|
68
|
+
export function SetupWizard() {
|
|
69
|
+
const [state, setState] = useState<SetupState>(() => loadState());
|
|
70
|
+
|
|
71
|
+
useEffect(() => {
|
|
72
|
+
saveState(state);
|
|
73
|
+
}, [state]);
|
|
74
|
+
|
|
75
|
+
const patchState = useCallback((patch: Partial<SetupState>) => {
|
|
76
|
+
setState((prev) => ({ ...prev, ...patch }));
|
|
77
|
+
}, []);
|
|
78
|
+
|
|
79
|
+
const goto = useCallback((step: SetupStepKey) => {
|
|
80
|
+
setState((prev) => {
|
|
81
|
+
const stepIdx = STEP_INDEX[step];
|
|
82
|
+
const furthestIdx = STEP_INDEX[prev.furthestStep];
|
|
83
|
+
return {
|
|
84
|
+
...prev,
|
|
85
|
+
currentStep: step,
|
|
86
|
+
furthestStep: stepIdx > furthestIdx ? step : prev.furthestStep,
|
|
87
|
+
};
|
|
88
|
+
});
|
|
89
|
+
}, []);
|
|
90
|
+
|
|
91
|
+
const next = useCallback(() => {
|
|
92
|
+
setState((prev) => {
|
|
93
|
+
const idx = STEP_INDEX[prev.currentStep];
|
|
94
|
+
const nextIdx = Math.min(idx + 1, SETUP_STEPS.length - 1);
|
|
95
|
+
const nextStep = SETUP_STEPS[nextIdx].key;
|
|
96
|
+
const furthestIdx = STEP_INDEX[prev.furthestStep];
|
|
97
|
+
return {
|
|
98
|
+
...prev,
|
|
99
|
+
currentStep: nextStep,
|
|
100
|
+
furthestStep: nextIdx > furthestIdx ? nextStep : prev.furthestStep,
|
|
101
|
+
};
|
|
102
|
+
});
|
|
103
|
+
}, []);
|
|
104
|
+
|
|
105
|
+
const back = useCallback(() => {
|
|
106
|
+
setState((prev) => {
|
|
107
|
+
const idx = STEP_INDEX[prev.currentStep];
|
|
108
|
+
const prevStep = SETUP_STEPS[Math.max(idx - 1, 0)].key;
|
|
109
|
+
return { ...prev, currentStep: prevStep };
|
|
110
|
+
});
|
|
111
|
+
}, []);
|
|
112
|
+
|
|
113
|
+
const stepProps: StepProps = useMemo(
|
|
114
|
+
() => ({ state, patchState, next, back, goto }),
|
|
115
|
+
[state, patchState, next, back, goto],
|
|
116
|
+
);
|
|
117
|
+
|
|
118
|
+
const onReset = () => {
|
|
119
|
+
if (
|
|
120
|
+
!confirm(
|
|
121
|
+
'Reset wizard state? This clears local progress (bot user id, agent group folder, etc.) but does NOT undo backend changes (installed adapters, agent groups, saved secrets).',
|
|
122
|
+
)
|
|
123
|
+
)
|
|
124
|
+
return;
|
|
125
|
+
localStorage.removeItem(SETUP_STORAGE_KEY);
|
|
126
|
+
setState({ ...DEFAULT_SETUP_STATE });
|
|
127
|
+
};
|
|
128
|
+
|
|
129
|
+
return (
|
|
130
|
+
<div>
|
|
131
|
+
<Link to="/" className="muted">
|
|
132
|
+
← Skip setup, view groups
|
|
133
|
+
</Link>
|
|
134
|
+
<h2 style={{ marginTop: '0.5rem' }}>
|
|
135
|
+
Set up parachute-agent
|
|
136
|
+
{state.adapter && (
|
|
137
|
+
<span className="dim" style={{ fontSize: '0.7em', marginLeft: '0.5rem' }}>
|
|
138
|
+
· {ADAPTER_LABELS[state.adapter]}
|
|
139
|
+
</span>
|
|
140
|
+
)}
|
|
141
|
+
</h2>
|
|
142
|
+
<p className="muted" style={{ marginTop: '-0.5rem' }}>
|
|
143
|
+
Fresh install? Walk these steps to land your first agent. You can re-open this wizard any time at <code>/agent/setup</code>.
|
|
144
|
+
</p>
|
|
145
|
+
<SetupStepIndicator current={state.currentStep} furthest={state.furthestStep} onJump={goto} />
|
|
146
|
+
|
|
147
|
+
<div className="section">{renderStep(state.currentStep, stepProps)}</div>
|
|
148
|
+
|
|
149
|
+
<div className="actions" style={{ marginTop: '1rem' }}>
|
|
150
|
+
<button className="secondary" onClick={onReset}>
|
|
151
|
+
Reset wizard
|
|
152
|
+
</button>
|
|
153
|
+
</div>
|
|
154
|
+
</div>
|
|
155
|
+
);
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
function renderStep(step: SetupStepKey, props: StepProps): ReactElement {
|
|
159
|
+
switch (step) {
|
|
160
|
+
case 'prereqs':
|
|
161
|
+
return <PrereqStep {...props} />;
|
|
162
|
+
case 'channel-pick':
|
|
163
|
+
return <ChannelPickStep {...props} />;
|
|
164
|
+
case 'install':
|
|
165
|
+
return <AdapterInstallStep {...props} />;
|
|
166
|
+
case 'test-connection':
|
|
167
|
+
return <TestConnectionStep {...props} />;
|
|
168
|
+
case 'agent-group':
|
|
169
|
+
return <AgentGroupStep {...props} />;
|
|
170
|
+
case 'wire-channel':
|
|
171
|
+
return <WireChannelStep {...props} />;
|
|
172
|
+
case 'test-message':
|
|
173
|
+
return <TestMessageStep {...props} />;
|
|
174
|
+
case 'done':
|
|
175
|
+
return <DoneStep {...props} />;
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
function SetupStepIndicator({
|
|
180
|
+
current,
|
|
181
|
+
furthest,
|
|
182
|
+
onJump,
|
|
183
|
+
}: {
|
|
184
|
+
current: SetupStepKey;
|
|
185
|
+
furthest: SetupStepKey;
|
|
186
|
+
onJump: (step: SetupStepKey) => void;
|
|
187
|
+
}) {
|
|
188
|
+
const furthestIdx = STEP_INDEX[furthest];
|
|
189
|
+
return (
|
|
190
|
+
<ol className="wizard-steps">
|
|
191
|
+
{SETUP_STEPS.map((s, i) => {
|
|
192
|
+
const reachable = i <= furthestIdx;
|
|
193
|
+
const isCurrent = s.key === current;
|
|
194
|
+
return (
|
|
195
|
+
<li key={s.key} className={`wizard-step${isCurrent ? ' active' : ''}`}>
|
|
196
|
+
{reachable ? (
|
|
197
|
+
<button
|
|
198
|
+
type="button"
|
|
199
|
+
onClick={() => onJump(s.key)}
|
|
200
|
+
style={{
|
|
201
|
+
background: 'transparent',
|
|
202
|
+
border: 0,
|
|
203
|
+
padding: 0,
|
|
204
|
+
color: 'inherit',
|
|
205
|
+
font: 'inherit',
|
|
206
|
+
cursor: 'pointer',
|
|
207
|
+
}}
|
|
208
|
+
>
|
|
209
|
+
{s.label}
|
|
210
|
+
</button>
|
|
211
|
+
) : (
|
|
212
|
+
<span style={{ opacity: 0.6 }}>{s.label}</span>
|
|
213
|
+
)}
|
|
214
|
+
</li>
|
|
215
|
+
);
|
|
216
|
+
})}
|
|
217
|
+
</ol>
|
|
218
|
+
);
|
|
219
|
+
}
|
|
@@ -0,0 +1,361 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* VaultDetail tests cover the four behavior contracts the design doc calls
|
|
3
|
+
* out as inviolable:
|
|
4
|
+
* 1. Mint flow: form submit → mintVaultToken called with form values →
|
|
5
|
+
* plaintext shown once in the copy-card → "Copy" button writes to
|
|
6
|
+
* clipboard.
|
|
7
|
+
* 2. Revoke: confirm-modal copy says "one-way", DELETE only fires on
|
|
8
|
+
* explicit confirm.
|
|
9
|
+
* 3. Detach modal: two-button shape (Keep / Detach + revoke), and the
|
|
10
|
+
* "Detach + revoke" button passes `revokeToken: true`.
|
|
11
|
+
* 4. Auth fallback: a 401/403 from listVaultTokens renders the
|
|
12
|
+
* auth-gate "Grant access" button, and clicking it triggers
|
|
13
|
+
* beginLogin with the narrow per-vault admin scope appended.
|
|
14
|
+
*
|
|
15
|
+
* Tests stub the api module so we don't need a live server or real
|
|
16
|
+
* localStorage-seeded auth state. The auth module is mocked too, so we
|
|
17
|
+
* can assert beginLogin was called with the right scopes without the
|
|
18
|
+
* real implementation trying to navigate the jsdom window.
|
|
19
|
+
*/
|
|
20
|
+
import { render, screen, waitFor } from '@testing-library/react';
|
|
21
|
+
import userEvent from '@testing-library/user-event';
|
|
22
|
+
import { MemoryRouter, Route, Routes } from 'react-router-dom';
|
|
23
|
+
import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
|
|
24
|
+
|
|
25
|
+
import * as api from '../lib/api.ts';
|
|
26
|
+
import * as auth from '../lib/auth.ts';
|
|
27
|
+
import { VaultDetail } from './VaultDetail.tsx';
|
|
28
|
+
|
|
29
|
+
vi.mock('../lib/api.ts', async () => {
|
|
30
|
+
const actual = await vi.importActual<typeof api>('../lib/api.ts');
|
|
31
|
+
return {
|
|
32
|
+
...actual,
|
|
33
|
+
getVaultDetail: vi.fn(),
|
|
34
|
+
listVaultTokens: vi.fn(),
|
|
35
|
+
mintVaultToken: vi.fn(),
|
|
36
|
+
revokeVaultToken: vi.fn(),
|
|
37
|
+
detachVault: vi.fn(),
|
|
38
|
+
};
|
|
39
|
+
});
|
|
40
|
+
|
|
41
|
+
vi.mock('../lib/auth.ts', async () => {
|
|
42
|
+
const actual = await vi.importActual<typeof auth>('../lib/auth.ts');
|
|
43
|
+
return {
|
|
44
|
+
...actual,
|
|
45
|
+
beginLogin: vi.fn(),
|
|
46
|
+
};
|
|
47
|
+
});
|
|
48
|
+
|
|
49
|
+
function renderAt(path: string) {
|
|
50
|
+
return render(
|
|
51
|
+
<MemoryRouter initialEntries={[path]}>
|
|
52
|
+
<Routes>
|
|
53
|
+
<Route path="/vaults/:name" element={<VaultDetail />} />
|
|
54
|
+
</Routes>
|
|
55
|
+
</MemoryRouter>,
|
|
56
|
+
);
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
const sampleDetail: api.VaultDetail = {
|
|
60
|
+
vault: { name: 'work', url: 'https://hub.example/vault/work', version: '0.4.7' },
|
|
61
|
+
attachedGroups: [
|
|
62
|
+
{
|
|
63
|
+
folder: 'research',
|
|
64
|
+
mcpName: 'parachute-vault',
|
|
65
|
+
scope: 'vault:read',
|
|
66
|
+
tokenLabel: 'claw-research',
|
|
67
|
+
attachedAt: '2026-04-20T10:00:00Z',
|
|
68
|
+
},
|
|
69
|
+
],
|
|
70
|
+
};
|
|
71
|
+
|
|
72
|
+
const sampleTokens: api.VaultToken[] = [
|
|
73
|
+
{
|
|
74
|
+
id: 't_abc',
|
|
75
|
+
label: 'claw-research',
|
|
76
|
+
scopes: ['vault:read'],
|
|
77
|
+
created_at: '2026-04-20T10:00:00Z',
|
|
78
|
+
last_used_at: '2026-04-28T10:00:00Z',
|
|
79
|
+
attachedTo: [{ folder: 'research', scope: 'vault:read' }],
|
|
80
|
+
},
|
|
81
|
+
];
|
|
82
|
+
|
|
83
|
+
beforeEach(() => {
|
|
84
|
+
vi.mocked(api.getVaultDetail).mockResolvedValue(sampleDetail);
|
|
85
|
+
vi.mocked(api.listVaultTokens).mockResolvedValue(sampleTokens);
|
|
86
|
+
});
|
|
87
|
+
|
|
88
|
+
afterEach(() => {
|
|
89
|
+
vi.clearAllMocks();
|
|
90
|
+
});
|
|
91
|
+
|
|
92
|
+
describe('VaultDetail — mint flow', () => {
|
|
93
|
+
it('mints a token, renders plaintext once, copies on click', async () => {
|
|
94
|
+
const minted: api.MintedVaultToken = {
|
|
95
|
+
token: 'pvt_super_secret_plaintext',
|
|
96
|
+
id: 't_new',
|
|
97
|
+
label: 'claw-new',
|
|
98
|
+
scopes: ['vault:read'],
|
|
99
|
+
created_at: '2026-04-29T10:00:00Z',
|
|
100
|
+
};
|
|
101
|
+
vi.mocked(api.mintVaultToken).mockResolvedValue(minted);
|
|
102
|
+
|
|
103
|
+
// userEvent.setup() installs its own navigator.clipboard mock; reading
|
|
104
|
+
// back via readText() is the canonical way to assert what got copied.
|
|
105
|
+
const user = userEvent.setup();
|
|
106
|
+
renderAt('/vaults/work');
|
|
107
|
+
|
|
108
|
+
await waitFor(() => {
|
|
109
|
+
expect(screen.getByText('Mint new token')).toBeInTheDocument();
|
|
110
|
+
});
|
|
111
|
+
|
|
112
|
+
const labelInput = screen.getByLabelText('Label') as HTMLInputElement;
|
|
113
|
+
await user.clear(labelInput);
|
|
114
|
+
await user.type(labelInput, 'claw-new');
|
|
115
|
+
|
|
116
|
+
await user.click(screen.getByRole('button', { name: 'Mint token' }));
|
|
117
|
+
|
|
118
|
+
await waitFor(() => {
|
|
119
|
+
expect(api.mintVaultToken).toHaveBeenCalledWith('work', {
|
|
120
|
+
label: 'claw-new',
|
|
121
|
+
scopes: ['vault:read'],
|
|
122
|
+
expires_at: null,
|
|
123
|
+
});
|
|
124
|
+
});
|
|
125
|
+
|
|
126
|
+
// Plaintext appears once in the copy-card
|
|
127
|
+
await waitFor(() => {
|
|
128
|
+
expect(screen.getByDisplayValue('pvt_super_secret_plaintext')).toBeInTheDocument();
|
|
129
|
+
});
|
|
130
|
+
|
|
131
|
+
await user.click(screen.getByRole('button', { name: 'Copy to clipboard' }));
|
|
132
|
+
await waitFor(() => {
|
|
133
|
+
expect(screen.getByRole('button', { name: 'Copied ✓' })).toBeInTheDocument();
|
|
134
|
+
});
|
|
135
|
+
expect(await navigator.clipboard.readText()).toBe('pvt_super_secret_plaintext');
|
|
136
|
+
});
|
|
137
|
+
});
|
|
138
|
+
|
|
139
|
+
describe('VaultDetail — dismiss without copying', () => {
|
|
140
|
+
it('renders the warn-banner when the operator closes the card without copying', async () => {
|
|
141
|
+
const minted: api.MintedVaultToken = {
|
|
142
|
+
token: 'pvt_uncopied_secret',
|
|
143
|
+
id: 't_unc',
|
|
144
|
+
label: 'claw-uncopied',
|
|
145
|
+
scopes: ['vault:read'],
|
|
146
|
+
created_at: '2026-04-29T10:00:00Z',
|
|
147
|
+
};
|
|
148
|
+
vi.mocked(api.mintVaultToken).mockResolvedValue(minted);
|
|
149
|
+
|
|
150
|
+
const user = userEvent.setup();
|
|
151
|
+
renderAt('/vaults/work');
|
|
152
|
+
|
|
153
|
+
await waitFor(() => {
|
|
154
|
+
expect(screen.getByText('Mint new token')).toBeInTheDocument();
|
|
155
|
+
});
|
|
156
|
+
|
|
157
|
+
const labelInput = screen.getByLabelText('Label') as HTMLInputElement;
|
|
158
|
+
await user.clear(labelInput);
|
|
159
|
+
await user.type(labelInput, 'claw-uncopied');
|
|
160
|
+
await user.click(screen.getByRole('button', { name: 'Mint token' }));
|
|
161
|
+
|
|
162
|
+
// Plaintext appears in the copy-card
|
|
163
|
+
await waitFor(() => {
|
|
164
|
+
expect(screen.getByDisplayValue('pvt_uncopied_secret')).toBeInTheDocument();
|
|
165
|
+
});
|
|
166
|
+
|
|
167
|
+
// Operator closes the card WITHOUT clicking Copy.
|
|
168
|
+
await user.click(screen.getByRole('button', { name: 'Close without copying' }));
|
|
169
|
+
|
|
170
|
+
// Warn-banner appears, naming the token by label, with both inline
|
|
171
|
+
// Revoke and Dismiss CTAs.
|
|
172
|
+
await waitFor(() => {
|
|
173
|
+
expect(
|
|
174
|
+
screen.getByText(/was minted but you didn't copy the plaintext/),
|
|
175
|
+
).toBeInTheDocument();
|
|
176
|
+
});
|
|
177
|
+
expect(screen.getByRole('button', { name: 'Revoke claw-uncopied' })).toBeInTheDocument();
|
|
178
|
+
expect(screen.getByRole('button', { name: 'Dismiss' })).toBeInTheDocument();
|
|
179
|
+
|
|
180
|
+
// Plaintext is gone from the DOM — vault stored only a hash.
|
|
181
|
+
expect(screen.queryByDisplayValue('pvt_uncopied_secret')).not.toBeInTheDocument();
|
|
182
|
+
});
|
|
183
|
+
|
|
184
|
+
it('disables the inline Revoke button when the token is not in the live list (paraclaw#62)', async () => {
|
|
185
|
+
// Race / id-mismatch path: operator dismisses without copying, but the
|
|
186
|
+
// post-mint reload returns a tokens list that doesn't include the new
|
|
187
|
+
// id (vault hiccup, server-side rename, etc.). The CTA must visibly
|
|
188
|
+
// disable rather than silently no-op on click.
|
|
189
|
+
const minted: api.MintedVaultToken = {
|
|
190
|
+
token: 'pvt_lost_secret',
|
|
191
|
+
id: 't_lost',
|
|
192
|
+
label: 'claw-lost',
|
|
193
|
+
scopes: ['vault:read'],
|
|
194
|
+
created_at: '2026-04-30T10:00:00Z',
|
|
195
|
+
};
|
|
196
|
+
vi.mocked(api.mintVaultToken).mockResolvedValue(minted);
|
|
197
|
+
// First call (initial render) returns the seeded sampleTokens; every
|
|
198
|
+
// subsequent call (the post-mint reload) returns an empty list, so the
|
|
199
|
+
// banner's `live` lookup misses.
|
|
200
|
+
vi.mocked(api.listVaultTokens)
|
|
201
|
+
.mockReset()
|
|
202
|
+
.mockResolvedValueOnce(sampleTokens)
|
|
203
|
+
.mockResolvedValue([]);
|
|
204
|
+
|
|
205
|
+
const user = userEvent.setup();
|
|
206
|
+
renderAt('/vaults/work');
|
|
207
|
+
|
|
208
|
+
await waitFor(() => {
|
|
209
|
+
expect(screen.getByText('Mint new token')).toBeInTheDocument();
|
|
210
|
+
});
|
|
211
|
+
|
|
212
|
+
const labelInput = screen.getByLabelText('Label') as HTMLInputElement;
|
|
213
|
+
await user.clear(labelInput);
|
|
214
|
+
await user.type(labelInput, 'claw-lost');
|
|
215
|
+
await user.click(screen.getByRole('button', { name: 'Mint token' }));
|
|
216
|
+
|
|
217
|
+
await waitFor(() => {
|
|
218
|
+
expect(screen.getByDisplayValue('pvt_lost_secret')).toBeInTheDocument();
|
|
219
|
+
});
|
|
220
|
+
await user.click(screen.getByRole('button', { name: 'Close without copying' }));
|
|
221
|
+
|
|
222
|
+
// Wait for the post-dismiss reload to settle so the empty tokens list
|
|
223
|
+
// is reflected in `state.tokens`.
|
|
224
|
+
await waitFor(() => {
|
|
225
|
+
expect(screen.queryByText(/Tokens \(1\)/)).not.toBeInTheDocument();
|
|
226
|
+
});
|
|
227
|
+
|
|
228
|
+
const revokeBtn = screen.getByRole('button', { name: 'Revoke claw-lost' });
|
|
229
|
+
expect(revokeBtn).toBeDisabled();
|
|
230
|
+
expect(revokeBtn).toHaveAttribute(
|
|
231
|
+
'title',
|
|
232
|
+
'Token no longer in current list — see tokens table below',
|
|
233
|
+
);
|
|
234
|
+
});
|
|
235
|
+
});
|
|
236
|
+
|
|
237
|
+
describe('VaultDetail — revoke modal', () => {
|
|
238
|
+
it('opens confirm modal with one-way copy and only revokes on explicit click', async () => {
|
|
239
|
+
vi.mocked(api.revokeVaultToken).mockResolvedValue(undefined);
|
|
240
|
+
|
|
241
|
+
const user = userEvent.setup();
|
|
242
|
+
renderAt('/vaults/work');
|
|
243
|
+
|
|
244
|
+
await waitFor(() => {
|
|
245
|
+
expect(screen.getByText(/Tokens \(1\)/)).toBeInTheDocument();
|
|
246
|
+
});
|
|
247
|
+
|
|
248
|
+
await user.click(screen.getByRole('button', { name: 'Revoke' }));
|
|
249
|
+
expect(screen.getByText(/one-way/i)).toBeInTheDocument();
|
|
250
|
+
expect(api.revokeVaultToken).not.toHaveBeenCalled();
|
|
251
|
+
|
|
252
|
+
await user.click(screen.getByRole('button', { name: 'Revoke token' }));
|
|
253
|
+
await waitFor(() => {
|
|
254
|
+
expect(api.revokeVaultToken).toHaveBeenCalledWith('work', 't_abc');
|
|
255
|
+
});
|
|
256
|
+
});
|
|
257
|
+
});
|
|
258
|
+
|
|
259
|
+
describe('VaultDetail — detach modal', () => {
|
|
260
|
+
it('exposes Keep + Detach+revoke buttons; Detach+revoke passes revokeToken=true', async () => {
|
|
261
|
+
vi.mocked(api.detachVault).mockResolvedValue({
|
|
262
|
+
group: {
|
|
263
|
+
id: 'g1',
|
|
264
|
+
name: 'research',
|
|
265
|
+
folder: 'research',
|
|
266
|
+
agent_provider: null,
|
|
267
|
+
created_at: '2026-04-20T10:00:00Z',
|
|
268
|
+
vault: null,
|
|
269
|
+
status: null,
|
|
270
|
+
},
|
|
271
|
+
revokedTokenId: 't_abc',
|
|
272
|
+
revokeError: null,
|
|
273
|
+
});
|
|
274
|
+
|
|
275
|
+
const user = userEvent.setup();
|
|
276
|
+
renderAt('/vaults/work');
|
|
277
|
+
|
|
278
|
+
await waitFor(() => {
|
|
279
|
+
expect(screen.getByText(/Attached groups \(1\)/)).toBeInTheDocument();
|
|
280
|
+
});
|
|
281
|
+
|
|
282
|
+
await user.click(screen.getByRole('button', { name: 'Detach…' }));
|
|
283
|
+
|
|
284
|
+
expect(screen.getByRole('button', { name: 'Keep token' })).toBeInTheDocument();
|
|
285
|
+
expect(screen.getByRole('button', { name: 'Detach + revoke' })).toBeInTheDocument();
|
|
286
|
+
|
|
287
|
+
await user.click(screen.getByRole('button', { name: 'Detach + revoke' }));
|
|
288
|
+
|
|
289
|
+
await waitFor(() => {
|
|
290
|
+
expect(api.detachVault).toHaveBeenCalledWith('research', {
|
|
291
|
+
mcpName: 'parachute-vault',
|
|
292
|
+
revokeToken: true,
|
|
293
|
+
authExtraScopes: ['vault:work:admin'],
|
|
294
|
+
});
|
|
295
|
+
});
|
|
296
|
+
});
|
|
297
|
+
|
|
298
|
+
it('Keep token detaches without revoke', async () => {
|
|
299
|
+
vi.mocked(api.detachVault).mockResolvedValue({
|
|
300
|
+
group: {
|
|
301
|
+
id: 'g1',
|
|
302
|
+
name: 'research',
|
|
303
|
+
folder: 'research',
|
|
304
|
+
agent_provider: null,
|
|
305
|
+
created_at: '2026-04-20T10:00:00Z',
|
|
306
|
+
vault: null,
|
|
307
|
+
status: null,
|
|
308
|
+
},
|
|
309
|
+
revokedTokenId: null,
|
|
310
|
+
revokeError: null,
|
|
311
|
+
});
|
|
312
|
+
|
|
313
|
+
const user = userEvent.setup();
|
|
314
|
+
renderAt('/vaults/work');
|
|
315
|
+
|
|
316
|
+
await waitFor(() => {
|
|
317
|
+
expect(screen.getByText(/Attached groups \(1\)/)).toBeInTheDocument();
|
|
318
|
+
});
|
|
319
|
+
await user.click(screen.getByRole('button', { name: 'Detach…' }));
|
|
320
|
+
await user.click(screen.getByRole('button', { name: 'Keep token' }));
|
|
321
|
+
|
|
322
|
+
await waitFor(() => {
|
|
323
|
+
expect(api.detachVault).toHaveBeenCalledWith('research', {
|
|
324
|
+
mcpName: 'parachute-vault',
|
|
325
|
+
revokeToken: false,
|
|
326
|
+
authExtraScopes: undefined,
|
|
327
|
+
});
|
|
328
|
+
});
|
|
329
|
+
});
|
|
330
|
+
});
|
|
331
|
+
|
|
332
|
+
describe('VaultDetail — auth fallback', () => {
|
|
333
|
+
it('renders Grant access on 403 and triggers beginLogin with narrow scope', async () => {
|
|
334
|
+
vi.mocked(api.listVaultTokens).mockRejectedValue(
|
|
335
|
+
new api.HttpError(403, 'missing vault:work:admin'),
|
|
336
|
+
);
|
|
337
|
+
|
|
338
|
+
const user = userEvent.setup();
|
|
339
|
+
renderAt('/vaults/work');
|
|
340
|
+
|
|
341
|
+
await waitFor(() => {
|
|
342
|
+
expect(screen.getByText('Additional consent required')).toBeInTheDocument();
|
|
343
|
+
});
|
|
344
|
+
expect(screen.getByText(/missing vault:work:admin/)).toBeInTheDocument();
|
|
345
|
+
|
|
346
|
+
await user.click(screen.getByRole('button', { name: 'Grant access' }));
|
|
347
|
+
expect(auth.beginLogin).toHaveBeenCalledWith(['vault:work:admin']);
|
|
348
|
+
});
|
|
349
|
+
|
|
350
|
+
it('renders Grant access on 401 too', async () => {
|
|
351
|
+
vi.mocked(api.listVaultTokens).mockRejectedValue(
|
|
352
|
+
new api.HttpError(401, 'unauthorized'),
|
|
353
|
+
);
|
|
354
|
+
|
|
355
|
+
renderAt('/vaults/work');
|
|
356
|
+
|
|
357
|
+
await waitFor(() => {
|
|
358
|
+
expect(screen.getByText('Additional consent required')).toBeInTheDocument();
|
|
359
|
+
});
|
|
360
|
+
});
|
|
361
|
+
});
|