@otto-assistant/bridge 0.4.96 → 0.4.100

package/src/{anthropic-auth-plugin.test.ts → anthropic-auth-state.test.ts}

@@ -1,10 +1,11 @@
-// Tests for Anthropic OAuth multi-account persistence and rotation.
+// Tests Anthropic OAuth account persistence, deduplication, and rotation.
 
 import { mkdtemp, readFile, rm, mkdir, writeFile } from 'node:fs/promises'
 import { tmpdir } from 'node:os'
 import path from 'node:path'
 import { afterEach, beforeEach, describe, expect, test } from 'vitest'
 import {
+  accountLabel,
   authFilePath,
   loadAccountStore,
   rememberAnthropicOAuth,
@@ -60,6 +61,27 @@ describe('rememberAnthropicOAuth', () => {
       expires: 3,
     })
   })
+
+  test('deduplicates new tokens by email or account ID', async () => {
+    await rememberAnthropicOAuth(firstAccount, {
+      email: 'user@example.com',
+      accountId: 'usr_123',
+    })
+    await rememberAnthropicOAuth(secondAccount, {
+      email: 'User@example.com',
+      accountId: 'usr_123',
+    })
+
+    const store = await loadAccountStore()
+    expect(store.accounts).toHaveLength(1)
+    expect(store.accounts[0]).toMatchObject({
+      refresh: 'refresh-second',
+      access: 'access-second',
+      email: 'user@example.com',
+      accountId: 'usr_123',
+    })
+    expect(accountLabel(store.accounts[0]!)).toBe('user@example.com')
+  })
 })
 
 describe('rotateAnthropicAccount', () => {

package/src/anthropic-auth-state.ts

@@ -2,6 +2,10 @@ import type { Plugin } from '@opencode-ai/plugin'
 import * as fs from 'node:fs/promises'
 import { homedir } from 'node:os'
 import path from 'node:path'
+import {
+  normalizeAnthropicAccountIdentity,
+  type AnthropicAccountIdentity,
+} from './anthropic-account-identity.js'
 
 const AUTH_LOCK_STALE_MS = 30_000
 const AUTH_LOCK_RETRY_MS = 100
@@ -14,6 +18,8 @@ export type OAuthStored = {
 }
 
 type AccountRecord = OAuthStored & {
+  email?: string
+  accountId?: string
   addedAt: number
   lastUsed: number
 }
@@ -114,6 +120,8 @@ export function normalizeAccountStore(
           typeof account.refresh === 'string' &&
           typeof account.access === 'string' &&
           typeof account.expires === 'number' &&
+          (typeof account.email === 'undefined' || typeof account.email === 'string') &&
+          (typeof account.accountId === 'undefined' || typeof account.accountId === 'string') &&
           typeof account.addedAt === 'number' &&
           typeof account.lastUsed === 'number',
       )
@@ -135,8 +143,13 @@ export async function saveAccountStore(store: AccountStore) {
 
 /** Short label for an account: first 8 + last 4 chars of refresh token. */
 export function accountLabel(account: OAuthStored, index?: number): string {
+  const accountWithIdentity = account as OAuthStored & AnthropicAccountIdentity
+  const identity = accountWithIdentity.email || accountWithIdentity.accountId
   const r = account.refresh
   const short = r.length > 12 ? `${r.slice(0, 8)}...${r.slice(-4)}` : r
+  if (identity) {
+    return index !== undefined ? `#${index + 1} (${identity})` : identity
+  }
   return index !== undefined ? `#${index + 1} (${short})` : short
 }
 
@@ -162,14 +175,29 @@ function findCurrentAccountIndex(store: AccountStore, auth: OAuthStored) {
 }
 
 export function upsertAccount(store: AccountStore, auth: OAuthStored, now = Date.now()) {
+  const authWithIdentity = auth as OAuthStored & AnthropicAccountIdentity
+  const identity = normalizeAnthropicAccountIdentity({
+    email: authWithIdentity.email,
+    accountId: authWithIdentity.accountId,
+  })
   const index = store.accounts.findIndex((account) => {
-    return account.refresh === auth.refresh || account.access === auth.access
+    if (account.refresh === auth.refresh || account.access === auth.access) {
+      return true
+    }
+    if (identity?.accountId && account.accountId === identity.accountId) {
+      return true
+    }
+    if (identity?.email && account.email === identity.email) {
+      return true
+    }
+    return false
   })
   const nextAccount: AccountRecord = {
     type: 'oauth',
     refresh: auth.refresh,
     access: auth.access,
     expires: auth.expires,
+    ...identity,
     addedAt: now,
     lastUsed: now,
   }
@@ -186,15 +214,20 @@ export function upsertAccount(store: AccountStore, auth: OAuthStored, now = Date
     ...existing,
     ...nextAccount,
     addedAt: existing.addedAt,
+    email: nextAccount.email || existing.email,
+    accountId: nextAccount.accountId || existing.accountId,
   }
   store.activeIndex = index
   return index
 }
 
-export async function rememberAnthropicOAuth(auth: OAuthStored) {
+export async function rememberAnthropicOAuth(
+  auth: OAuthStored,
+  identity?: AnthropicAccountIdentity,
+) {
   await withAuthStateLock(async () => {
     const store = await loadAccountStore()
-    upsertAccount(store, auth)
+    upsertAccount(store, { ...auth, ...normalizeAnthropicAccountIdentity(identity) })
     await saveAccountStore(store)
   })
 }

package/src/cli-parsing.test.ts

@@ -27,8 +27,8 @@ function createCliForIdParsing() {
     .option('-g, --guild <guildId>', 'Discord guild/server ID')
 
   cli.command('task delete <id>', 'Delete task')
-  cli.command('anthropic-accounts list', 'List stored Anthropic accounts').hidden()
-  cli.command('anthropic-accounts remove <index>', 'Remove stored Anthropic account').hidden()
+  cli.command('anthropic-accounts list', 'List stored Anthropic accounts')
+  cli.command('anthropic-accounts remove <indexOrEmail>', 'Remove stored Anthropic account')
 
   return cli
 }
@@ -163,19 +163,26 @@ describe('goke CLI ID parsing', () => {
     expect(typeof result.args[0]).toBe('string')
   })
 
-  test('hidden anthropic account commands still parse', () => {
+  test('anthropic account remove parses index and email as strings', () => {
     const cli = createCliForIdParsing()
 
-    const result = cli.parse(
+    const indexResult = cli.parse(
       ['node', 'kimaki', 'anthropic-accounts', 'remove', '2'],
       { run: false },
     )
 
-    expect(result.args[0]).toBe('2')
-    expect(typeof result.args[0]).toBe('string')
+    const emailResult = cli.parse(
+      ['node', 'kimaki', 'anthropic-accounts', 'remove', 'user@example.com'],
+      { run: false },
+    )
+
+    expect(indexResult.args[0]).toBe('2')
+    expect(typeof indexResult.args[0]).toBe('string')
+    expect(emailResult.args[0]).toBe('user@example.com')
+    expect(typeof emailResult.args[0]).toBe('string')
   })
 
-  test('hidden anthropic account commands are excluded from help output', () => {
+  test('anthropic account commands are included in help output', () => {
     const stdout = {
       text: '',
       write(data: string | Uint8Array) {
@@ -185,11 +192,11 @@ describe('goke CLI ID parsing', () => {
 
     const cli = goke('kimaki', { stdout: stdout as never })
     cli.command('send', 'Send a message')
-    cli.command('anthropic-accounts list', 'List stored Anthropic accounts').hidden()
+    cli.command('anthropic-accounts list', 'List stored Anthropic accounts')
     cli.help()
     cli.parse(['node', 'kimaki', '--help'], { run: false })
 
     expect(stdout.text).toContain('send')
-    expect(stdout.text).not.toContain('anthropic-accounts')
+    expect(stdout.text).toContain('anthropic-accounts')
   })
 })

package/src/cli-send-thread.e2e.test.ts

@@ -339,14 +339,13 @@ describe('kimaki send --channel thread creation', () => {
         })
 
         const allContent = botReplies.map((m) => {
-          return m.content.slice(0, 200)
+          return m.content
         })
-        expect(allContent).toMatchInlineSnapshot(`
-          [
-            "✗ opencode session error: Command not found: "hello-test". Available commands: init, review, goke, security-review, jitter, proxyman, gitchamber, event-sourcing-state, usecomputer, spiceflow, batch, x",
-            "✗ OpenCode API error: Command not found: "hello-test". Available commands: init, review, goke, security-review, jitter, proxyman, gitchamber, event-sourcing-state, usecomputer, spiceflow, batch, x-art",
-          ]
-        `)
+        expect(
+          allContent.some((content) => {
+            return content.includes('Command not found: "hello-test"')
+          }),
+        ).toBe(true)
       } finally {
         store.setState({ registeredUserCommands: prevCommands })
       }

package/src/cli.ts

@@ -141,7 +141,7 @@ const cliLogger = createLogger(LogPrefix.CLI)
 // These are hardcoded because they're deploy-time constants for the gateway infrastructure.
 const KIMAKI_GATEWAY_PROXY_URL =
   process.env.KIMAKI_GATEWAY_PROXY_URL ||
-  'wss://discord-gateway.kimaki.xyz'
+  'wss://discord-gateway.kimaki.dev'
 
 const KIMAKI_GATEWAY_PROXY_REST_BASE_URL = getGatewayProxyRestBaseUrl({
   gatewayUrl: KIMAKI_GATEWAY_PROXY_URL,
@@ -1024,7 +1024,8 @@ async function resolveCredentials({
           options: [
             {
               value: 'gateway' as const,
-              label: 'Gateway (pre-built Kimaki bot — no setup needed)',
+              disabled: true,
+              label: 'Gateway (pre-built Kimaki bot, currently disabled because of Discord verification process. will be re-enabled soon)',
             },
             {
               value: 'self_hosted' as const,
@@ -3168,7 +3169,6 @@ cli
     'anthropic-accounts list',
     'List stored Anthropic OAuth accounts used for automatic rotation',
   )
-  .hidden()
   .action(async () => {
     const store = await loadAccountStore()
     console.log(`Store: ${accountsFilePath()}`)
@@ -3187,19 +3187,37 @@ cli
 
 cli
   .command(
-    'anthropic-accounts remove <index>',
-    'Remove a stored Anthropic OAuth account from the rotation pool',
+    'anthropic-accounts remove <indexOrEmail>',
+    'Remove a stored Anthropic OAuth account from the rotation pool by index or email',
   )
-  .hidden()
-  .action(async (index: string) => {
-    const value = Number(index)
-    if (!Number.isInteger(value) || value < 1) {
-      cliLogger.error('Usage: kimaki anthropic-accounts remove <index>')
+  .action(async (indexOrEmail: string) => {
+    const value = Number(indexOrEmail)
+    const store = await loadAccountStore()
+    const resolvedIndex = (() => {
+      if (Number.isInteger(value) && value >= 1) {
+        return value - 1
+      }
+      const email = indexOrEmail.trim().toLowerCase()
+      if (!email) {
+        return -1
+      }
+      return store.accounts.findIndex((account) => {
+        return account.email?.toLowerCase() === email
+      })
+    })()
+
+    if (resolvedIndex < 0) {
+      cliLogger.error(
+        'Usage: kimaki anthropic-accounts remove <index-or-email>',
+      )
       process.exit(EXIT_NO_RESTART)
     }
 
-    await removeAccount(value - 1)
-    cliLogger.log(`Removed Anthropic account ${value}`)
+    const removed = store.accounts[resolvedIndex]
+    await removeAccount(resolvedIndex)
+    cliLogger.log(
+      `Removed Anthropic account ${removed ? accountLabel(removed, resolvedIndex) : indexOrEmail}`,
+    )
     process.exit(0)
   })
 
@@ -3774,7 +3792,7 @@ cli
         port,
         tunnelId: options.tunnelId,
         localHost: options.host,
-        baseDomain: 'kimaki.xyz',
+        baseDomain: 'kimaki.dev',
         serverUrl: options.server,
         command: command.length > 0 ? command : undefined,
         kill: options.kill,

package/src/commands/screenshare.test.ts

@@ -17,12 +17,12 @@ describe('screenshare security defaults', () => {
 
   test('builds a secure noVNC URL', () => {
     const url = new URL(
-      buildNoVncUrl({ tunnelHost: '0123456789abcdef-tunnel.kimaki.xyz' }),
+      buildNoVncUrl({ tunnelHost: '0123456789abcdef-tunnel.kimaki.dev' }),
     )
 
     expect(url.origin).toBe('https://novnc.com')
     expect(url.searchParams.get('host')).toBe(
-      '0123456789abcdef-tunnel.kimaki.xyz',
+      '0123456789abcdef-tunnel.kimaki.dev',
     )
     expect(url.searchParams.get('port')).toBe('443')
     expect(url.searchParams.get('encrypt')).toBe('1')

package/src/commands/screenshare.ts

@@ -40,7 +40,7 @@ const activeSessions = new Map<string, ScreenshareSession>()
 const VNC_PORT = 5900
 const MAX_SESSION_MINUTES = 30
 const MAX_SESSION_MS = MAX_SESSION_MINUTES * 60 * 1000
-const TUNNEL_BASE_DOMAIN = 'kimaki.xyz'
+const TUNNEL_BASE_DOMAIN = 'kimaki.dev'
 const SCREENSHARE_TUNNEL_ID_BYTES = 16
 
 // Public noVNC client — we point it at our tunnel URL

package/src/commands/vscode.ts

@@ -0,0 +1,342 @@
+import crypto from 'node:crypto'
+import { spawn, type ChildProcess } from 'node:child_process'
+import net from 'node:net'
+import {
+  ChannelType,
+  MessageFlags,
+  type TextChannel,
+  type ThreadChannel,
+} from 'discord.js'
+import { TunnelClient } from 'traforo/client'
+import type { CommandContext } from './types.js'
+import {
+  resolveWorkingDirectory,
+  SILENT_MESSAGE_FLAGS,
+} from '../discord-utils.js'
+import { createLogger } from '../logger.js'
+
+const logger = createLogger('VSCODE')
+const SECURE_REPLY_FLAGS = MessageFlags.Ephemeral | SILENT_MESSAGE_FLAGS
+const MAX_SESSION_MINUTES = 30
+const MAX_SESSION_MS = MAX_SESSION_MINUTES * 60 * 1000
+const TUNNEL_BASE_DOMAIN = 'kimaki.dev'
+const TUNNEL_ID_BYTES = 16
+const READY_TIMEOUT_MS = 60_000
+const LOCAL_HOST = '127.0.0.1'
+
+export type VscodeSession = {
+  coderaftProcess: ChildProcess
+  tunnelClient: TunnelClient
+  url: string
+  workingDirectory: string
+  startedBy: string
+  startedAt: number
+  timeoutTimer: ReturnType<typeof setTimeout>
+}
+
+const activeSessions = new Map<string, VscodeSession>()
+
+export function createVscodeTunnelId(): string {
+  return crypto.randomBytes(TUNNEL_ID_BYTES).toString('hex')
+}
+
+export function buildCoderaftArgs({
+  port,
+  workingDirectory,
+}: {
+  port: number
+  workingDirectory: string
+}): string[] {
+  return [
+    'coderaft',
+    '--port',
+    String(port),
+    '--host',
+    LOCAL_HOST,
+    '--without-connection-token',
+    '--disable-workspace-trust',
+    '--default-folder',
+    workingDirectory,
+  ]
+}
+
+function createPortWaiter({
+  port,
+  process: proc,
+  timeoutMs,
+}: {
+  port: number
+  process: ChildProcess
+  timeoutMs: number
+}): Promise<void> {
+  return new Promise((resolve, reject) => {
+    const maxAttempts = Math.ceil(timeoutMs / 100)
+    let attempts = 0
+
+    const check = (): void => {
+      if (proc.exitCode !== null) {
+        reject(new Error(`coderaft exited with code ${proc.exitCode} before becoming ready`))
+        return
+      }
+
+      const socket = net.createConnection(port, LOCAL_HOST)
+      socket.on('connect', () => {
+        socket.destroy()
+        resolve()
+      })
+      socket.on('error', () => {
+        socket.destroy()
+        attempts += 1
+        if (attempts >= maxAttempts) {
+          reject(new Error(`Port ${port} not reachable after ${timeoutMs}ms`))
+          return
+        }
+        setTimeout(check, 100)
+      })
+    }
+
+    check()
+  })
+}
+
+function getAvailablePort(): Promise<number> {
+  return new Promise((resolve, reject) => {
+    const server = net.createServer()
+    server.on('error', reject)
+    server.listen(0, LOCAL_HOST, () => {
+      const address = server.address()
+      if (!address || typeof address === 'string') {
+        server.close(() => {
+          reject(new Error('Failed to resolve an available port'))
+        })
+        return
+      }
+      const port = address.port
+      server.close((error) => {
+        if (error) {
+          reject(error)
+          return
+        }
+        resolve(port)
+      })
+    })
+  })
+}
+
+function cleanupSession(session: VscodeSession): void {
+  clearTimeout(session.timeoutTimer)
+  try {
+    session.tunnelClient.close()
+  } catch {}
+  if (session.coderaftProcess.exitCode === null) {
+    try {
+      session.coderaftProcess.kill('SIGTERM')
+    } catch {}
+  }
+}
+
+export function getActiveVscodeSession({ sessionKey }: { sessionKey: string }): VscodeSession | undefined {
+  return activeSessions.get(sessionKey)
+}
+
+export function stopVscode({ sessionKey }: { sessionKey: string }): boolean {
+  const session = activeSessions.get(sessionKey)
+  if (!session) {
+    return false
+  }
+
+  activeSessions.delete(sessionKey)
+  cleanupSession(session)
+  logger.log(`VS Code stopped (key: ${sessionKey})`)
+  return true
+}
+
+export async function startVscode({
+  sessionKey,
+  startedBy,
+  workingDirectory,
+}: {
+  sessionKey: string
+  startedBy: string
+  workingDirectory: string
+}): Promise<VscodeSession> {
+  const existing = activeSessions.get(sessionKey)
+  if (existing) {
+    return existing
+  }
+
+  const port = await getAvailablePort()
+  const tunnelId = createVscodeTunnelId()
+  const args = buildCoderaftArgs({
+    port,
+    workingDirectory,
+  })
+  const coderaftProcess = spawn('bunx', args, {
+    cwd: workingDirectory,
+    stdio: ['ignore', 'pipe', 'pipe'],
+    env: {
+      ...process.env,
+      PORT: String(port),
+    },
+  })
+
+  coderaftProcess.stdout?.on('data', (data: Buffer) => {
+    logger.log(data.toString().trim())
+  })
+  coderaftProcess.stderr?.on('data', (data: Buffer) => {
+    logger.error(data.toString().trim())
+  })
+
+  try {
+    await createPortWaiter({
+      port,
+      process: coderaftProcess,
+      timeoutMs: READY_TIMEOUT_MS,
+    })
+  } catch (error) {
+    if (coderaftProcess.exitCode === null) {
+      coderaftProcess.kill('SIGTERM')
+    }
+    throw error
+  }
+
+  const tunnelClient = new TunnelClient({
+    localPort: port,
+    localHost: LOCAL_HOST,
+    tunnelId,
+    baseDomain: TUNNEL_BASE_DOMAIN,
+  })
+
+  try {
+    await Promise.race([
+      tunnelClient.connect(),
+      new Promise<never>((_, reject) => {
+        setTimeout(() => {
+          reject(new Error('Tunnel connection timed out after 15s'))
+        }, 15_000)
+      }),
+    ])
+  } catch (error) {
+    tunnelClient.close()
+    if (coderaftProcess.exitCode === null) {
+      coderaftProcess.kill('SIGTERM')
+    }
+    throw error
+  }
+
+  const url = tunnelClient.url
+
+  const timeoutTimer = setTimeout(() => {
+    logger.log(`VS Code auto-stopped after ${MAX_SESSION_MINUTES} minutes (key: ${sessionKey})`)
+    stopVscode({ sessionKey })
+  }, MAX_SESSION_MS)
+  timeoutTimer.unref()
+
+  const session: VscodeSession = {
+    coderaftProcess,
+    tunnelClient,
+    url,
+    workingDirectory,
+    startedBy,
+    startedAt: Date.now(),
+    timeoutTimer,
+  }
+
+  coderaftProcess.once('exit', (code, signal) => {
+    const current = activeSessions.get(sessionKey)
+    if (current !== session) {
+      return
+    }
+    logger.log(`VS Code process exited (key: ${sessionKey}, code: ${code}, signal: ${signal ?? 'none'})`)
+    stopVscode({ sessionKey })
+  })
+
+  activeSessions.set(sessionKey, session)
+  logger.log(`VS Code started by ${startedBy}: ${url}`)
+  return session
+}
+
+export async function handleVscodeCommand({
+  command,
+}: CommandContext): Promise<void> {
+  const channel = command.channel
+  if (!channel) {
+    await command.reply({
+      content: 'This command can only be used in a channel.',
+      flags: SECURE_REPLY_FLAGS,
+    })
+    return
+  }
+
+  const isThread = [
+    ChannelType.PublicThread,
+    ChannelType.PrivateThread,
+    ChannelType.AnnouncementThread,
+  ].includes(channel.type)
+  const isTextChannel = channel.type === ChannelType.GuildText
+  if (!isThread && !isTextChannel) {
+    await command.reply({
+      content: 'This command can only be used in a text channel or thread.',
+      flags: SECURE_REPLY_FLAGS,
+    })
+    return
+  }
+
+  const resolved = await resolveWorkingDirectory({
+    channel: channel as TextChannel | ThreadChannel,
+  })
+  if (!resolved) {
+    await command.reply({
+      content: 'Could not determine project directory for this channel.',
+      flags: SECURE_REPLY_FLAGS,
+    })
+    return
+  }
+
+  await command.deferReply({ flags: SECURE_REPLY_FLAGS })
+
+  const sessionKey = channel.id
+  const existing = getActiveVscodeSession({ sessionKey })
+  if (existing) {
+    await command.editReply({
+      content:
+        `VS Code is already running for this thread. ` +
+        `This unique tunnel auto-stops after ${MAX_SESSION_MINUTES} minutes from startup.\n` +
+        `${existing.url}`,
+    })
+    return
+  }
+
+  try {
+    const session = await startVscode({
+      sessionKey,
+      startedBy: command.user.tag,
+      workingDirectory: resolved.workingDirectory,
+    })
+    await command.editReply({
+      content:
+        `VS Code started for \`${session.workingDirectory}\`. ` +
+        `This unique tunnel auto-stops after ${MAX_SESSION_MINUTES} minutes, so open it before it expires.\n` +
+        `${session.url}`,
+    })
+  } catch (error) {
+    logger.error('Failed to start VS Code:', error)
+    await command.editReply({
+      content: `Failed to start VS Code: ${error instanceof Error ? error.message : String(error)}`,
+    })
+  }
+}
+
+export function cleanupAllVscodeSessions(): void {
+  for (const sessionKey of activeSessions.keys()) {
+    stopVscode({ sessionKey })
+  }
+}
+
+function onProcessExit(): void {
+  cleanupAllVscodeSessions()
+}
+
+process.on('SIGINT', onProcessExit)
+process.on('SIGTERM', onProcessExit)
+process.on('exit', onProcessExit)

package/src/db.ts

@@ -235,6 +235,7 @@ async function migrateSchema(prisma: PrismaClient): Promise<void> {
   // Also fix NULL worktree status rows that predate the required enum.
   const defensiveMigrations = [
     "UPDATE bot_tokens SET bot_mode = 'self_hosted' WHERE bot_mode = 'self-hosted'",
+    "UPDATE bot_tokens SET proxy_url = REPLACE(proxy_url, 'discord-gateway.kimaki.xyz', 'discord-gateway.kimaki.dev') WHERE bot_mode = 'gateway' AND proxy_url LIKE '%discord-gateway.kimaki.xyz%'",
     "UPDATE thread_worktrees SET status = 'pending' WHERE status IS NULL",
   ]
   for (const stmt of defensiveMigrations) {