@openparachute/agent 0.1.1 → 0.2.0

package/src/db/migrations/026-user-dms-bot-id.test.ts

@@ -1,116 +0,0 @@
-/**
- * Coverage for migration 026 — user_dms PK extension to include `bot_id`.
- *
- * Strategy: skip 026 via `applyMigrationsExcept`, seed pre-026 rows
- * against the legacy 2-column PK, run the migration, assert that:
- *
- *   - rows survive the rebuild and land at `bot_id = ''` (the
- *     configurable channel-default slot)
- *   - PK now permits a second `(user, channel)` row keyed on a real bot
- *     id (the multi-bot case the legacy schema couldn't represent)
- *   - the legacy `user_dms_legacy` scaffold is gone
- */
-import { afterEach, beforeEach, describe, expect, it } from 'vitest';
-
-import { closeDb, getDb } from '../index.js';
-import { migration026 } from './026-user-dms-bot-id.js';
-import { applyMigrationsExcept } from './_test-helpers.js';
-
-function applyAllExcept026(): void {
-  applyMigrationsExcept([migration026]);
-}
-
-function seedUser(id: string, kind: string): void {
-  getDb()
-    .prepare(`INSERT INTO users (id, kind, display_name, created_at) VALUES (?, ?, NULL, datetime('now'))`)
-    .run(id, kind);
-}
-
-function seedMessagingGroup(id: string, channelType: string, platformId: string): void {
-  getDb()
-    .prepare(
-      `INSERT INTO messaging_groups (id, channel_type, platform_id, name, is_group, unknown_sender_policy, created_at)
-       VALUES (?, ?, ?, NULL, 0, 'strict', datetime('now'))`,
-    )
-    .run(id, channelType, platformId);
-}
-
-function seedLegacyUserDm(userId: string, channelType: string, mgId: string): void {
-  // Pre-026: PK is (user_id, channel_type). Schema has no bot_id.
-  getDb()
-    .prepare(
-      `INSERT INTO user_dms (user_id, channel_type, messaging_group_id, resolved_at)
-       VALUES (?, ?, ?, datetime('now'))`,
-    )
-    .run(userId, channelType, mgId);
-}
-
-beforeEach(() => {
-  applyAllExcept026();
-});
-
-afterEach(() => {
-  closeDb();
-});
-
-describe('migration 026 — user_dms.bot_id PK extension', () => {
-  it('preserves legacy rows under bot_id = ""', () => {
-    seedUser('telegram:1190596288', 'telegram');
-    seedMessagingGroup('mg-1', 'telegram', 'telegram:8792496425:1190596288');
-    seedLegacyUserDm('telegram:1190596288', 'telegram', 'mg-1');
-
-    migration026.up(getDb());
-
-    const rows = getDb().prepare(`SELECT user_id, channel_type, bot_id, messaging_group_id FROM user_dms`).all() as {
-      user_id: string;
-      channel_type: string;
-      bot_id: string;
-      messaging_group_id: string;
-    }[];
-    expect(rows).toEqual([
-      {
-        user_id: 'telegram:1190596288',
-        channel_type: 'telegram',
-        bot_id: '',
-        messaging_group_id: 'mg-1',
-      },
-    ]);
-  });
-
-  it('PK now allows a second row for the same (user, channel) under a different bot', () => {
-    seedUser('telegram:1190596288', 'telegram');
-    seedMessagingGroup('mg-primary', 'telegram', 'telegram:primary-bot:1190596288');
-    seedMessagingGroup('mg-secondary', 'telegram', 'telegram:secondary-bot:1190596288');
-    seedLegacyUserDm('telegram:1190596288', 'telegram', 'mg-primary');
-
-    migration026.up(getDb());
-
-    // The legacy row landed under bot_id=''. A bot-pinned write under a
-    // real bot id must succeed (the legacy schema would have rejected
-    // this on the 2-column PK).
-    getDb()
-      .prepare(
-        `INSERT INTO user_dms (user_id, channel_type, bot_id, messaging_group_id, resolved_at)
-         VALUES (?, ?, ?, ?, datetime('now'))`,
-      )
-      .run('telegram:1190596288', 'telegram', 'secondary-bot', 'mg-secondary');
-
-    const count = getDb()
-      .prepare(`SELECT COUNT(*) AS n FROM user_dms WHERE user_id = ? AND channel_type = ?`)
-      .get('telegram:1190596288', 'telegram') as { n: number };
-    expect(count.n).toBe(2);
-  });
-
-  it('drops the legacy rebuild scaffold', () => {
-    seedUser('telegram:1', 'telegram');
-    seedMessagingGroup('mg-1', 'telegram', 'telegram:b:1');
-    seedLegacyUserDm('telegram:1', 'telegram', 'mg-1');
-
-    migration026.up(getDb());
-
-    const tables = getDb()
-      .prepare(`SELECT name FROM sqlite_master WHERE type='table' AND name LIKE 'user_dms%'`)
-      .all() as { name: string }[];
-    expect(tables.map((t) => t.name).sort()).toEqual(['user_dms']);
-  });
-});

package/src/db/migrations/026-user-dms-bot-id.ts

@@ -1,54 +0,0 @@
-/**
- * Extend `user_dms` PK to include `bot_id` so the cache disambiguates
- * approvals on multi-bot installs (paraclaw#67 follow-up — Proposal C).
- *
- * Before:  PRIMARY KEY (user_id, channel_type)
- * After:   PRIMARY KEY (user_id, channel_type, bot_id)   -- bot_id NOT NULL DEFAULT ''
- *
- * Why the column instead of a sibling table: the cache's purpose is
- * "given an approver and a channel + bot, what messaging_group do I
- * deliver to?" — a key extension is the honest representation. A
- * sibling table would force every reader to do an existence check
- * across both tables to find the right row.
- *
- * Backfill: every legacy row migrates with `bot_id = ''`. The empty
- * string is the configurable system-default slot — a settings UI lets
- * the operator point it at a specific bot's DM, and the resolver falls
- * through to it when an exact `(user, channel, originBotId)` cache miss
- * cold-resolves into a "bots can't DM first" failure (Telegram). See
- * `pickApprovalDelivery` in `src/modules/approvals/primitive.ts`.
- *
- * Idempotency: schema_version gate; uses the rename-rebuild dance
- * because SQLite can't add a column to an existing PK. Sets
- * `disableForeignKeys: true` for the same reason 025 does — the
- * runner toggles `PRAGMA foreign_keys = OFF` connection-scope so
- * pre-existing orphan rows in referencing tables don't fail the
- * commit-time deferred check.
- */
-import type { Database } from '../connection.js';
-import type { Migration } from './index.js';
-
-export const migration026: Migration = {
-  version: 26,
-  name: 'user-dms-bot-id',
-  disableForeignKeys: true,
-  up(db: Database) {
-    db.exec(`
-      CREATE TABLE user_dms_new (
-        user_id            TEXT NOT NULL REFERENCES users(id),
-        channel_type       TEXT NOT NULL,
-        bot_id             TEXT NOT NULL DEFAULT '',
-        messaging_group_id TEXT NOT NULL REFERENCES messaging_groups(id),
-        resolved_at        TEXT NOT NULL,
-        PRIMARY KEY (user_id, channel_type, bot_id)
-      );
-
-      INSERT INTO user_dms_new (user_id, channel_type, bot_id, messaging_group_id, resolved_at)
-        SELECT user_id, channel_type, '', messaging_group_id, resolved_at
-          FROM user_dms;
-
-      DROP TABLE user_dms;
-      ALTER TABLE user_dms_new RENAME TO user_dms;
-    `);
-  },
-};

package/src/db/migrations/027-provider-credentials.ts

@@ -1,41 +0,0 @@
-/**
- * `provider_credentials` — agent-provider credential source per-install
- * (Phase 1) with room for per-agent-group overrides (Phase 2).
- *
- *   source = 'claude_setup_token' | 'anthropic_api_key' | 'external_server'
- *
- * Phase 1 has exactly one row, keyed by the sentinel id `'__default__'`.
- * Phase 2 adds real `agent_group_id` rows alongside the sentinel; the
- * resolver picks the real row for that group when present and falls back
- * to the sentinel. This is why the PK is the column itself, not a
- * composite — sentinel-vs-real-id occupies the same slot.
- *
- * `api_key_encrypted` (AES-GCM) holds the single secret string for every
- * source: the Claude setup token (`sk-ant-oat01-...`), the Anthropic API
- * key, or the external-server API key. Source discriminates how the
- * spawn envelope translates that secret — see `spawn.ts`.
- */
-import type { Database } from '../connection.js';
-import type { Migration } from './index.js';
-
-export const migration027: Migration = {
-  version: 27,
-  name: 'provider-credentials',
-  up(db: Database) {
-    db.exec(`
-      CREATE TABLE provider_credentials (
-        -- Sentinel id '__default__' for the install-wide row; real
-        -- agent_group_id values land here in Phase 2 to override.
-        agent_group_id    TEXT PRIMARY KEY,
-        source            TEXT NOT NULL CHECK (source IN ('claude_setup_token','anthropic_api_key','external_server')),
-        -- The single encrypted secret per row. Plaintext is whichever
-        -- token/key the operator pasted; spawn.ts threads it into the
-        -- right env var for the active source.
-        api_key_encrypted TEXT,
-        -- external_server only.
-        server_url        TEXT,
-        updated_at        TEXT NOT NULL
-      );
-    `);
-  },
-};

package/src/db/migrations/_test-helpers.ts

@@ -1,41 +0,0 @@
-/**
- * Helpers for migration tests. Lives next to migrations so the import path
- * stays one directory deep, and the underscore prefix signals "not a real
- * migration" — the barrel index doesn't import it.
- */
-import { initTestDb, runMigrations } from '../index.js';
-import type { Database } from '../connection.js';
-import type { Migration } from './index.js';
-
-/**
- * Build a fresh in-memory test DB and run every migration in the barrel
- * EXCEPT the ones listed.
- *
- * Implementation: pre-record each skip migration's `name` in
- * `schema_version` so `runMigrations()` treats it as already-applied
- * (skip detection is keyed on `name`, not `version`). The `version`
- * column is auto-assigned via `MAX+1` at insert time, so reusing each
- * skipped migration's own version here is collision-free — the unique
- * index on `name` blocks any duplicate-skip first.
- *
- * Replaces the older sentinel-version trick (e.g. inserting at version
- * 9998/9999) which encoded the migration name as a magic string and
- * silently rotted if the migration was renamed.
- */
-export function applyMigrationsExcept(skip: Migration[]): Database {
-  const db = initTestDb();
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS schema_version (
-      version INTEGER PRIMARY KEY,
-      name    TEXT NOT NULL,
-      applied TEXT NOT NULL
-    );
-    CREATE UNIQUE INDEX IF NOT EXISTS idx_schema_version_name ON schema_version(name);
-  `);
-  const stmt = db.prepare('INSERT INTO schema_version (version, name, applied) VALUES (?, ?, ?)');
-  for (const m of skip) {
-    stmt.run(m.version, m.name, '2026-01-01');
-  }
-  runMigrations(db);
-  return db;
-}

package/src/db/migrations/index.ts

@@ -1,127 +0,0 @@
-import type { Database } from '../connection.js';
-
-import { log } from '../../log.js';
-import { migration001 } from './001-initial.js';
-import { migration002 } from './002-chat-sdk-state.js';
-import { moduleAgentToAgentDestinations } from './module-agent-to-agent-destinations.js';
-import { migration008 } from './008-dropped-messages.js';
-import { migration009 } from './009-drop-pending-credentials.js';
-import { migration010 } from './010-engage-modes.js';
-import { migration011 } from './011-pending-sender-approvals.js';
-import { migration012 } from './012-channel-registration.js';
-import { migration013 } from './013-approval-render-metadata.js';
-import { migration014 } from './014-secrets.js';
-import { migration015 } from './015-secrets-drop-host-pattern.js';
-import { migration016 } from './016-secret-assignments.js';
-import { migration017 } from './017-agent-activity.js';
-import { migration018 } from './018-oauth-app-configs.js';
-import { migration019 } from './019-oauth-app-connections.js';
-import { migration020 } from './020-agent-app-connections.js';
-import { migration021 } from './021-pending-oauth-states.js';
-import { migration022 } from './022-app-connections-provider.js';
-import { migration023 } from './023-agent-group-secret-mode.js';
-import { migration024 } from './024-collapse-approvals.js';
-import { migration025 } from './025-secret-mode-check.js';
-import { migration026 } from './026-user-dms-bot-id.js';
-import { migration027 } from './027-provider-credentials.js';
-import { moduleApprovalsPendingApprovals } from './module-approvals-pending-approvals.js';
-import { moduleApprovalsTitleOptions } from './module-approvals-title-options.js';
-
-export interface Migration {
-  version: number;
-  name: string;
-  up: (db: Database) => void;
-  /**
-   * Set true for migrations that recreate a parent table (the SQLite
-   * "build new + copy + drop + rename" dance). The runner toggles
-   * `PRAGMA foreign_keys = OFF` connection-scope BEFORE entering the
-   * wrapping transaction and re-enables it after.
-   *
-   * `PRAGMA defer_foreign_keys = TRUE` is NOT enough — it only delays
-   * the FK check to commit-time, where any pre-existing orphan row in a
-   * referencing table (e.g. a dangling `sessions.agent_group_id` left
-   * over from pre-FK-enforcement days) will still fail the migration on
-   * a real install. SQLite forbids changing `foreign_keys` mid-txn, so
-   * the toggle has to live in the runner, not the migration body.
-   *
-   * Migrations setting this MUST NOT introduce new orphan rows; the
-   * fix-existing-orphans question is separate (and out of scope for a
-   * schema-shape migration like 025).
-   */
-  disableForeignKeys?: boolean;
-}
-
-const migrations: Migration[] = [
-  migration001,
-  migration002,
-  moduleApprovalsPendingApprovals,
-  moduleAgentToAgentDestinations,
-  moduleApprovalsTitleOptions,
-  migration008,
-  migration009,
-  migration010,
-  migration011,
-  migration012,
-  migration013,
-  migration014,
-  migration015,
-  migration016,
-  migration017,
-  migration018,
-  migration019,
-  migration020,
-  migration021,
-  migration022,
-  migration023,
-  migration024,
-  migration025,
-  migration026,
-  migration027,
-];
-
-export function runMigrations(db: Database): void {
-  db.exec(`
-    CREATE TABLE IF NOT EXISTS schema_version (
-      version INTEGER PRIMARY KEY,
-      name    TEXT NOT NULL,
-      applied TEXT NOT NULL
-    );
-    CREATE UNIQUE INDEX IF NOT EXISTS idx_schema_version_name ON schema_version(name);
-  `);
-
-  // Uniqueness is keyed on `name`, not `version`. This lets module
-  // migrations (added later by install skills) pick arbitrary version
-  // numbers without coordinating across modules. `version` stays on
-  // the Migration object as an ordering hint within the barrel array;
-  // the stored `version` column is auto-assigned at insert time as an
-  // applied-order number.
-  const applied = new Set<string>(
-    (db.prepare('SELECT name FROM schema_version').all() as { name: string }[]).map((r) => r.name),
-  );
-  const pending = migrations.filter((m) => !applied.has(m.name));
-  if (pending.length === 0) return;
-
-  log.info('Running migrations', { count: pending.length });
-
-  for (const m of pending) {
-    if (m.disableForeignKeys) db.exec('PRAGMA foreign_keys = OFF');
-    try {
-      db.transaction(() => {
-        m.up(db);
-        const next = (
-          db.prepare('SELECT COALESCE(MAX(version), 0) + 1 AS v FROM schema_version').get() as {
-            v: number;
-          }
-        ).v;
-        db.prepare('INSERT INTO schema_version (version, name, applied) VALUES (?, ?, ?)').run(
-          next,
-          m.name,
-          new Date().toISOString(),
-        );
-      })();
-    } finally {
-      if (m.disableForeignKeys) db.exec('PRAGMA foreign_keys = ON');
-    }
-    log.info('Migration applied', { name: m.name });
-  }
-}

package/src/db/migrations/module-agent-to-agent-destinations.ts

@@ -1,84 +0,0 @@
-import type { Database } from '../connection.js';
-
-import type { Migration } from './index.js';
-
-/**
- * Agent destinations: per-agent named map of allowed message targets.
- *
- * This table is BOTH the routing map and the ACL. A row exists iff the
- * source agent is permitted to send to the target. No row = unauthorized.
- *
- * target_type: 'channel' references messaging_groups(id)
- * target_type: 'agent'   references agent_groups(id)
- *
- * Names are scoped per source agent — worker-1 may call the admin "parent"
- * while admin calls the child "worker-1". The (agent_group_id, local_name)
- * PK enforces uniqueness within a single agent's namespace only.
- */
-// Retains the original `name` ('agent-destinations') so existing DBs that
-// already recorded this migration under that name don't re-run it. The
-// module- prefix lives on the filename / export identifier only.
-export const moduleAgentToAgentDestinations: Migration = {
-  version: 4,
-  name: 'agent-destinations',
-  up(db: Database) {
-    db.exec(`
-      CREATE TABLE agent_destinations (
-        agent_group_id  TEXT NOT NULL REFERENCES agent_groups(id),
-        local_name      TEXT NOT NULL,
-        target_type     TEXT NOT NULL,
-        target_id       TEXT NOT NULL,
-        created_at      TEXT NOT NULL,
-        PRIMARY KEY (agent_group_id, local_name)
-      );
-      CREATE INDEX idx_agent_dest_target ON agent_destinations(target_type, target_id);
-    `);
-
-    // Backfill from existing messaging_group_agents wirings.
-    // For each wired (agent, messaging_group), create a destination row
-    // using the messaging group's name (normalized) as the local name.
-    // Collisions get a -2, -3 suffix within each agent's namespace.
-    const rows = db
-      .prepare(
-        `SELECT mga.agent_group_id, mga.messaging_group_id, mg.channel_type, mg.name
-         FROM messaging_group_agents mga
-         JOIN messaging_groups mg ON mg.id = mga.messaging_group_id`,
-      )
-      .all() as Array<{
-      agent_group_id: string;
-      messaging_group_id: string;
-      channel_type: string;
-      name: string | null;
-    }>;
-
-    const takenByAgent = new Map<string, Set<string>>();
-    const insert = db.prepare(
-      `INSERT INTO agent_destinations (agent_group_id, local_name, target_type, target_id, created_at)
-       VALUES (?, ?, 'channel', ?, ?)`,
-    );
-    const now = new Date().toISOString();
-
-    for (const row of rows) {
-      const base = normalizeName(row.name || `${row.channel_type}-${row.messaging_group_id.slice(0, 8)}`);
-      const taken = takenByAgent.get(row.agent_group_id) ?? new Set<string>();
-      let localName = base;
-      let suffix = 2;
-      while (taken.has(localName)) {
-        localName = `${base}-${suffix}`;
-        suffix++;
-      }
-      taken.add(localName);
-      takenByAgent.set(row.agent_group_id, taken);
-      insert.run(row.agent_group_id, localName, row.messaging_group_id, now);
-    }
-  },
-};
-
-function normalizeName(name: string): string {
-  return (
-    name
-      .toLowerCase()
-      .replace(/[^a-z0-9]+/g, '-')
-      .replace(/^-+|-+$/g, '') || 'unnamed'
-  );
-}

package/src/db/migrations/module-approvals-pending-approvals.ts

@@ -1,42 +0,0 @@
-import type { Migration } from './index.js';
-
-/**
- * `pending_approvals` table — host-side records for any approval-requiring
- * request. Used by `install_packages` / `add_mcp_server` (session-bound,
- * `session_id` set, status stays at default 'pending' until handled).
- *
- * The non-session columns (`agent_group_id`, `channel_type`, `platform_id`,
- * `platform_message_id`, `expires_at`, `status`) let the host edit the admin
- * card when a request expires and sweep stale rows on startup. They also
- * leave room for non-session-bound approvals to share the same table.
- */
-// Retains the original `name` ('pending-approvals') so existing DBs that
-// already recorded this migration under that name don't re-run it. The
-// module- prefix lives on the filename / export identifier only.
-export const moduleApprovalsPendingApprovals: Migration = {
-  version: 3,
-  name: 'pending-approvals',
-  up(db) {
-    db.exec(`
-      CREATE TABLE pending_approvals (
-        approval_id         TEXT PRIMARY KEY,
-        session_id          TEXT REFERENCES sessions(id),
-        request_id          TEXT NOT NULL,
-        action              TEXT NOT NULL,
-        payload             TEXT NOT NULL,
-        created_at          TEXT NOT NULL,
-        agent_group_id      TEXT REFERENCES agent_groups(id),
-        channel_type        TEXT,
-        platform_id         TEXT,
-        platform_message_id TEXT,
-        expires_at          TEXT,
-        status              TEXT NOT NULL DEFAULT 'pending',
-        title               TEXT NOT NULL DEFAULT '',
-        options_json        TEXT NOT NULL DEFAULT '[]'
-      );
-
-      CREATE INDEX idx_pending_approvals_action_status
-        ON pending_approvals(action, status);
-    `);
-  },
-};

package/src/db/migrations/module-approvals-title-options.ts

@@ -1,40 +0,0 @@
-import type { Migration } from './index.js';
-
-/**
- * Retroactive schema fix: earlier migration 003 was edited after it had
- * already been applied in the wild, adding `title` and `options_json`
- * columns to its CREATE TABLE statement. Installs that ran 003 before the
- * edit don't have those columns, and `createPendingApproval` (which
- * inserts into both) fails with "no such column" at runtime.
- *
- * This migration adds the missing columns via ALTER TABLE so old installs
- * catch up. On a fresh install that runs 003 at its current definition,
- * the ALTER statements will fail harmlessly (column already exists) and
- * we swallow the error per-column.
- */
-// Retains the original `name` ('pending-approvals-title-options') so
-// existing DBs that already recorded this migration don't re-run it. The
-// module- prefix lives on the filename / export identifier only.
-export const moduleApprovalsTitleOptions: Migration = {
-  version: 7,
-  name: 'pending-approvals-title-options',
-  up(db) {
-    const addIfMissing = (col: string, sql: string): void => {
-      try {
-        db.exec(sql);
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        if (msg.includes('duplicate column') || msg.includes('already exists')) {
-          // Fresh install — column already added by the current 003
-          // definition. Nothing to do.
-          return;
-        }
-        throw err;
-      }
-      void col;
-    };
-
-    addIfMissing('title', `ALTER TABLE pending_approvals ADD COLUMN title TEXT NOT NULL DEFAULT ''`);
-    addIfMissing('options_json', `ALTER TABLE pending_approvals ADD COLUMN options_json TEXT NOT NULL DEFAULT '[]'`);
-  },
-};