@plosson/agentio 0.7.2 → 0.7.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@plosson/agentio",
-  "version": "0.7.2",
+  "version": "0.7.4",
   "description": "CLI for LLM agents to interact with communication and tracking services",
   "type": "module",
   "license": "MIT",

package/src/commands/config-import.test.ts

@@ -0,0 +1,330 @@
+import { afterEach, beforeEach, describe, expect, test } from 'bun:test';
+import { mkdir, mkdtemp, readFile, rm, writeFile } from 'fs/promises';
+import { join } from 'path';
+import { tmpdir } from 'os';
+
+/**
+ * Subprocess tests for `agentio config import` — specifically the fix
+ * that makes import preserve top-level config fields the export blob
+ * doesn't contain (server, gateway).
+ *
+ * Why subprocess: config import touches the real config-manager and
+ * credential store (file-backed, tied to homedir() at module load).
+ * Each test runs in an isolated `mkdtemp` HOME so the tests never
+ * touch the developer's real ~/.config/agentio.
+ */
+
+let tempHome = '';
+
+beforeEach(async () => {
+  tempHome = await mkdtemp(join(tmpdir(), 'agentio-config-import-test-'));
+  await mkdir(join(tempHome, '.config', 'agentio'), {
+    recursive: true,
+    mode: 0o700,
+  });
+});
+
+afterEach(async () => {
+  if (tempHome) {
+    await rm(tempHome, { recursive: true, force: true }).catch(() => {});
+    tempHome = '';
+  }
+});
+
+async function writeConfig(content: unknown): Promise<void> {
+  await writeFile(
+    join(tempHome, '.config', 'agentio', 'config.json'),
+    JSON.stringify(content, null, 2),
+    { mode: 0o600 }
+  );
+}
+
+async function readConfig(): Promise<Record<string, unknown>> {
+  const raw = await readFile(
+    join(tempHome, '.config', 'agentio', 'config.json'),
+    'utf8'
+  );
+  return JSON.parse(raw);
+}
+
+/**
+ * Extract the set of profile names for a given service from a config,
+ * tolerating both string ("p1") and object ({name: "p1"}) shapes.
+ * Profiles can be either form per the ProfileValue type.
+ */
+function profileNames(
+  config: Record<string, unknown>,
+  service: string
+): string[] {
+  const profiles = (config.profiles as Record<string, unknown[]>)?.[service];
+  if (!Array.isArray(profiles)) return [];
+  return profiles.map((p) =>
+    typeof p === 'string' ? p : (p as { name: string }).name
+  );
+}
+
+async function runCli(
+  args: string[],
+  extraEnv: Record<string, string> = {}
+): Promise<{ exitCode: number; stdout: string; stderr: string }> {
+  const proc = Bun.spawn(['bun', 'run', 'src/index.ts', ...args], {
+    stdout: 'pipe',
+    stderr: 'pipe',
+    env: { ...process.env, HOME: tempHome, ...extraEnv },
+  });
+  const exitCode = await proc.exited;
+  const stdout = await new Response(proc.stdout).text();
+  const stderr = await new Response(proc.stderr).text();
+  return { exitCode, stdout, stderr };
+}
+
+/**
+ * Helper: take a config snapshot (which becomes the "exported state"),
+ * call `config export --all`, parse the AGENTIO_KEY + AGENTIO_CONFIG
+ * vars from stdout. Returns those for use with a follow-up import.
+ */
+async function exportCurrentConfig(): Promise<{
+  key: string;
+  blob: string;
+}> {
+  const res = await runCli(['config', 'export', '--all']);
+  if (res.exitCode !== 0) {
+    throw new Error(
+      `export failed: exit ${res.exitCode}\nstdout: ${res.stdout}\nstderr: ${res.stderr}`
+    );
+  }
+  const keyMatch = res.stdout.match(/AGENTIO_KEY=(\S+)/);
+  const configMatch = res.stdout.match(/AGENTIO_CONFIG=(\S+)/);
+  if (!keyMatch || !configMatch) {
+    throw new Error(
+      `could not parse export output:\nstdout: ${res.stdout}`
+    );
+  }
+  return { key: keyMatch[1], blob: configMatch[1] };
+}
+
+interface ServerStateLike {
+  apiKey: string;
+  tokens: Array<Record<string, unknown>>;
+  clients: Array<Record<string, unknown>>;
+}
+
+const SAMPLE_SERVER: ServerStateLike = {
+  apiKey: 'srv_preserved_key_for_test_xxxx',
+  tokens: [
+    {
+      token: 'preserved-bearer-token-value',
+      clientId: 'cli_preserved_x',
+      scope: 'mcp',
+      issuedAt: 1700000000000,
+      // Far in the future so findToken doesn't treat it as expired.
+      expiresAt: Number.MAX_SAFE_INTEGER,
+    },
+  ],
+  clients: [
+    {
+      clientId: 'cli_preserved_x',
+      clientName: 'Preserved Test Client',
+      redirectUris: ['http://localhost/cb'],
+      createdAt: 1700000000000,
+    },
+  ],
+};
+
+const SAMPLE_GATEWAY = {
+  apiKey: 'gw_preserved_gateway_key',
+  server: { port: 7890, host: '0.0.0.0' },
+};
+
+/* ------------------------------------------------------------------ */
+/* replace mode preserves config.server                               */
+/* ------------------------------------------------------------------ */
+
+describe('config import (replace mode) — preserves config.server', () => {
+  test('preserves apiKey, tokens, and clients across import', async () => {
+    // 1. Seed: existing config with profiles + server.*
+    await writeConfig({
+      profiles: { gmail: [{ name: 'work' }] },
+      server: SAMPLE_SERVER,
+    });
+
+    // 2. Snapshot the current state via export.
+    const { key, blob } = await exportCurrentConfig();
+
+    // 3. Mutate the saved config (different profiles) but keep server.*
+    //    so we can assert the IMPORT preserves the still-current
+    //    server, not just whatever was at export time.
+    await writeConfig({
+      profiles: { gchat: [{ name: 'irrelevant' }] },
+      server: SAMPLE_SERVER,
+    });
+
+    // 4. Run import — replace mode (no --merge).
+    const importRes = await runCli(['config', 'import'], {
+      AGENTIO_KEY: key,
+      AGENTIO_CONFIG: blob,
+    });
+    expect(importRes.exitCode).toBe(0);
+
+    // 5. Assert: profiles came from the export, server.* preserved.
+    const final = await readConfig();
+    expect(profileNames(final, 'gmail')).toEqual(['work']);
+    expect(profileNames(final, 'gchat')).toEqual([]);
+
+    const server = final.server as Record<string, unknown>;
+    expect(server).toBeDefined();
+    expect(server.apiKey).toBe(SAMPLE_SERVER.apiKey);
+    expect(server.tokens).toEqual(SAMPLE_SERVER.tokens);
+    expect(server.clients).toEqual(SAMPLE_SERVER.clients);
+  });
+
+  test('preserves config.gateway across import', async () => {
+    await writeConfig({
+      profiles: { rss: [{ name: 'feeds' }] },
+      gateway: SAMPLE_GATEWAY,
+    });
+    const { key, blob } = await exportCurrentConfig();
+
+    await writeConfig({
+      profiles: {},
+      gateway: SAMPLE_GATEWAY,
+    });
+    const importRes = await runCli(['config', 'import'], {
+      AGENTIO_KEY: key,
+      AGENTIO_CONFIG: blob,
+    });
+    expect(importRes.exitCode).toBe(0);
+
+    const final = await readConfig();
+    expect(final.gateway).toEqual(SAMPLE_GATEWAY);
+    expect(profileNames(final, 'rss')).toEqual(['feeds']);
+  });
+
+  test('preserves both server and gateway in the same config', async () => {
+    await writeConfig({
+      profiles: { gmail: [{ name: 'p1' }] },
+      server: SAMPLE_SERVER,
+      gateway: SAMPLE_GATEWAY,
+    });
+    const { key, blob } = await exportCurrentConfig();
+
+    await writeConfig({
+      profiles: {},
+      server: SAMPLE_SERVER,
+      gateway: SAMPLE_GATEWAY,
+    });
+    const importRes = await runCli(['config', 'import'], {
+      AGENTIO_KEY: key,
+      AGENTIO_CONFIG: blob,
+    });
+    expect(importRes.exitCode).toBe(0);
+
+    const final = await readConfig();
+    expect(final.server).toEqual(SAMPLE_SERVER);
+    expect(final.gateway).toEqual(SAMPLE_GATEWAY);
+  });
+
+  test('replace still REPLACES profiles (not merge)', async () => {
+    await writeConfig({
+      profiles: { gmail: [{ name: 'p1' }] },
+      server: SAMPLE_SERVER,
+    });
+    const { key, blob } = await exportCurrentConfig();
+
+    // Change current profiles to something completely different — the
+    // import should overwrite this with the exported {gmail:[p1]}, NOT
+    // accumulate.
+    await writeConfig({
+      profiles: { jira: [{ name: 'tickets' }] },
+      server: SAMPLE_SERVER,
+    });
+    const importRes = await runCli(['config', 'import'], {
+      AGENTIO_KEY: key,
+      AGENTIO_CONFIG: blob,
+    });
+    expect(importRes.exitCode).toBe(0);
+
+    const final = await readConfig();
+    expect(profileNames(final, 'gmail')).toEqual(['p1']);
+    // jira is gone — replace, not merge.
+    expect(profileNames(final, 'jira')).toEqual([]);
+  });
+
+  test('replace replaces env vars too', async () => {
+    await writeConfig({
+      profiles: { gmail: [{ name: 'p1' }] },
+      env: { OLD_VAR: 'old' },
+      server: SAMPLE_SERVER,
+    });
+    const { key, blob } = await exportCurrentConfig();
+
+    // Mutate to new env, then import the snapshot — env should revert
+    // to the snapshot's env.
+    await writeConfig({
+      profiles: {},
+      env: { NEW_VAR: 'new' },
+      server: SAMPLE_SERVER,
+    });
+    const importRes = await runCli(['config', 'import'], {
+      AGENTIO_KEY: key,
+      AGENTIO_CONFIG: blob,
+    });
+    expect(importRes.exitCode).toBe(0);
+
+    const final = await readConfig();
+    const env = final.env as Record<string, unknown>;
+    expect(env).toBeDefined();
+    expect(env.OLD_VAR).toBe('old');
+    expect(env.NEW_VAR).toBeUndefined();
+  });
+});
+
+/* ------------------------------------------------------------------ */
+/* merge mode keeps working                                            */
+/* ------------------------------------------------------------------ */
+
+describe('config import (merge mode) — preserves server + adds profiles', () => {
+  test('--merge adds new profiles without removing existing ones', async () => {
+    await writeConfig({
+      profiles: { gmail: [{ name: 'p1' }] },
+      server: SAMPLE_SERVER,
+    });
+    const { key, blob } = await exportCurrentConfig();
+
+    await writeConfig({
+      profiles: { jira: [{ name: 'tickets' }] },
+      server: SAMPLE_SERVER,
+    });
+    const importRes = await runCli(['config', 'import', '--merge'], {
+      AGENTIO_KEY: key,
+      AGENTIO_CONFIG: blob,
+    });
+    expect(importRes.exitCode).toBe(0);
+
+    const final = await readConfig();
+    // Both original (jira) and imported (gmail) profiles present.
+    expect(profileNames(final, 'jira')).toContain('tickets');
+    expect(profileNames(final, 'gmail')).toContain('p1');
+  });
+
+  test('--merge preserves config.server (matching replace behavior)', async () => {
+    await writeConfig({
+      profiles: { gmail: [{ name: 'p1' }] },
+      server: SAMPLE_SERVER,
+    });
+    const { key, blob } = await exportCurrentConfig();
+
+    await writeConfig({
+      profiles: {},
+      server: SAMPLE_SERVER,
+    });
+    const importRes = await runCli(['config', 'import', '--merge'], {
+      AGENTIO_KEY: key,
+      AGENTIO_CONFIG: blob,
+    });
+    expect(importRes.exitCode).toBe(0);
+
+    const final = await readConfig();
+    expect(final.server).toEqual(SAMPLE_SERVER);
+  });
+});

package/src/commands/config.ts

@@ -342,8 +342,27 @@ export function registerConfigCommands(program: Command): void {
           await setAllCredentials(currentCredentials);
           console.log('Configuration merged successfully');
         } else {
-          // Replace existing config
-          await saveConfig(exportData.config);
+          // Replace profiles + env from the export, but PRESERVE any
+          // other top-level fields (config.server, config.gateway, …).
+          // The export blob only contains `{profiles, env}` by
+          // construction; everything else in the existing config is
+          // per-machine state (server.apiKey, server.tokens,
+          // gateway.apiKey, …) that the import has no business
+          // destroying.
+          //
+          // This matters in particular for the teleport flow: a remote
+          // container's `agentio config import` on restart would
+          // otherwise wipe `config.server.tokens`, invalidating any
+          // bearer Claude Desktop / Claude Code had been using.
+          const currentConfig = await loadConfig();
+          const newConfig: Config = {
+            ...currentConfig,
+            profiles: exportData.config.profiles,
+            ...(exportData.config.env !== undefined
+              ? { env: exportData.config.env }
+              : {}),
+          };
+          await saveConfig(newConfig);
           await setAllCredentials(exportData.credentials);
           console.log('Configuration imported successfully');
         }

package/src/commands/mcp.ts

@@ -10,6 +10,7 @@ import {
   startMcpServer,
   type ServiceProfilePair,
 } from '../mcp/server';
+import { registerTeleportCommand } from './teleport';
 
 const MCP_JSON = '.mcp.json';
 
@@ -144,4 +145,8 @@ export function registerMcpCommands(program: Command): void {
         handleError(error);
       }
     });
+
+  // teleport subcommand — `agentio mcp teleport <name>`. Lives here
+  // (not at the top level) so all MCP-related commands are grouped.
+  registerTeleportCommand(mcp);
 }

package/src/commands/server-tokens.test.ts

@@ -0,0 +1,269 @@
+import { afterEach, beforeEach, describe, expect, test } from 'bun:test';
+import { mkdtemp, readFile, rm, writeFile, mkdir } from 'fs/promises';
+import { join } from 'path';
+import { tmpdir } from 'os';
+
+/**
+ * Subprocess tests for `agentio server tokens list|revoke|clear`. They
+ * seed config.json directly with a known set of tokens so we can avoid
+ * spinning up a real OAuth flow per test.
+ */
+
+let tempHome = '';
+
+beforeEach(async () => {
+  tempHome = await mkdtemp(join(tmpdir(), 'agentio-tokens-test-'));
+  await mkdir(join(tempHome, '.config', 'agentio'), {
+    recursive: true,
+    mode: 0o700,
+  });
+});
+
+afterEach(async () => {
+  if (tempHome) {
+    await rm(tempHome, { recursive: true, force: true }).catch(() => {});
+    tempHome = '';
+  }
+});
+
+interface Token {
+  token: string;
+  clientId: string;
+  scope: string;
+  issuedAt: number;
+  expiresAt: number;
+}
+
+async function seedTokens(tokens: Token[]): Promise<void> {
+  const cfg = {
+    profiles: {},
+    server: {
+      apiKey: 'srv_test_key_for_seeded_tests',
+      tokens,
+    },
+  };
+  await writeFile(
+    join(tempHome, '.config', 'agentio', 'config.json'),
+    JSON.stringify(cfg, null, 2),
+    { mode: 0o600 }
+  );
+}
+
+async function readTokensFromConfig(): Promise<Token[]> {
+  const raw = await readFile(
+    join(tempHome, '.config', 'agentio', 'config.json'),
+    'utf8'
+  );
+  const cfg = JSON.parse(raw);
+  return cfg.server?.tokens ?? [];
+}
+
+async function runCli(
+  args: string[]
+): Promise<{ exitCode: number; stdout: string; stderr: string }> {
+  const proc = Bun.spawn(['bun', 'run', 'src/index.ts', ...args], {
+    stdout: 'pipe',
+    stderr: 'pipe',
+    env: { ...process.env, HOME: tempHome },
+  });
+  const exitCode = await proc.exited;
+  const stdout = await new Response(proc.stdout).text();
+  const stderr = await new Response(proc.stderr).text();
+  return { exitCode, stdout, stderr };
+}
+
+// Generated lazily so the timestamps are always current — `expiresAt` is
+// relative to "now" at the moment the test runs, not a hardcoded epoch.
+function makeSampleTokens(): Token[] {
+  const now = Date.now();
+  const day = 24 * 60 * 60 * 1000;
+  return [
+    {
+      token: 'aaaaaaaaaaaa1111111111111111111111111111111',
+      clientId: 'cli_first',
+      scope: 'gchat:default',
+      issuedAt: now,
+      expiresAt: now + 30 * day,
+    },
+    {
+      token: 'bbbbbbbbbbbb2222222222222222222222222222222',
+      clientId: 'cli_second',
+      scope: 'gmail:work,slack:team',
+      issuedAt: now,
+      expiresAt: now + 30 * day,
+    },
+    {
+      token: 'cccccccccccc3333333333333333333333333333333',
+      clientId: 'cli_third',
+      scope: '',
+      issuedAt: now - 60 * day,
+      // Already expired (issued 60 days ago, expired 30 days ago).
+      expiresAt: now - 30 * day,
+    },
+  ];
+}
+
+/* ------------------------------------------------------------------ */
+/* tokens list                                                        */
+/* ------------------------------------------------------------------ */
+
+describe('agentio server tokens list', () => {
+  test('reports "no tokens" when none are issued', async () => {
+    await seedTokens([]);
+    const { exitCode, stdout } = await runCli(['server', 'tokens', 'list']);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('No tokens issued yet');
+  });
+
+  test('reports each token with id prefix, client, scope, dates', async () => {
+    await seedTokens(makeSampleTokens());
+    const { exitCode, stdout } = await runCli(['server', 'tokens', 'list']);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('3 token(s) issued');
+    expect(stdout).toContain('aaaaaaaaaaaa');
+    expect(stdout).toContain('bbbbbbbbbbbb');
+    expect(stdout).toContain('cccccccccccc');
+    expect(stdout).toContain('cli_first');
+    expect(stdout).toContain('cli_second');
+    expect(stdout).toContain('cli_third');
+    expect(stdout).toContain('gchat:default');
+    expect(stdout).toContain('gmail:work,slack:team');
+  });
+
+  test('marks expired tokens with (EXPIRED)', async () => {
+    await seedTokens(makeSampleTokens());
+    const { stdout } = await runCli(['server', 'tokens', 'list']);
+    // Only the third sample token is expired.
+    const lines = stdout.split('\n');
+    const thirdLine = lines.find((l) => l.includes('cccccccccccc'));
+    expect(thirdLine).toBeDefined();
+    expect(thirdLine).toContain('EXPIRED');
+    const firstLine = lines.find((l) => l.includes('aaaaaaaaaaaa'));
+    expect(firstLine).not.toContain('EXPIRED');
+  });
+});
+
+/* ------------------------------------------------------------------ */
+/* tokens revoke                                                      */
+/* ------------------------------------------------------------------ */
+
+describe('agentio server tokens revoke', () => {
+  test('revokes a token by 12-char prefix and persists', async () => {
+    await seedTokens(makeSampleTokens());
+    const { exitCode, stdout } = await runCli([
+      'server',
+      'tokens',
+      'revoke',
+      'aaaaaaaaaaaa',
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Revoked token aaaaaaaaaaaa');
+    const remaining = await readTokensFromConfig();
+    expect(remaining).toHaveLength(2);
+    expect(remaining.map((t) => t.clientId)).toEqual([
+      'cli_second',
+      'cli_third',
+    ]);
+  });
+
+  test('revokes a token by full opaque value', async () => {
+    const samples = makeSampleTokens();
+    await seedTokens(samples);
+    const full = samples[1].token;
+    const { exitCode } = await runCli(['server', 'tokens', 'revoke', full]);
+    expect(exitCode).toBe(0);
+    const remaining = await readTokensFromConfig();
+    expect(remaining).toHaveLength(2);
+    expect(remaining.map((t) => t.clientId)).toEqual([
+      'cli_first',
+      'cli_third',
+    ]);
+  });
+
+  test('non-matching id → non-zero exit, NOT_FOUND error', async () => {
+    await seedTokens(makeSampleTokens());
+    const { exitCode, stderr } = await runCli([
+      'server',
+      'tokens',
+      'revoke',
+      'nope_does_not_exist',
+    ]);
+    expect(exitCode).not.toBe(0);
+    expect(stderr).toContain('No token found matching');
+    // Persisted state must not have changed.
+    const remaining = await readTokensFromConfig();
+    expect(remaining).toHaveLength(3);
+  });
+
+  test('ambiguous prefix → non-zero exit, INVALID_PARAMS error', async () => {
+    // Both seeded tokens that start with the same letter would collide.
+    const samples = makeSampleTokens();
+    await seedTokens([
+      { ...samples[0], token: 'shared_prefix_111111111111111111111111111111' },
+      { ...samples[1], token: 'shared_prefix_222222222222222222222222222222' },
+    ]);
+    const { exitCode, stderr } = await runCli([
+      'server',
+      'tokens',
+      'revoke',
+      'shared_prefix',
+    ]);
+    expect(exitCode).not.toBe(0);
+    expect(stderr).toContain('Ambiguous prefix');
+    const remaining = await readTokensFromConfig();
+    expect(remaining).toHaveLength(2);
+  });
+
+  test('preserves apiKey and other server fields when revoking', async () => {
+    await seedTokens(makeSampleTokens());
+    await runCli(['server', 'tokens', 'revoke', 'aaaaaaaaaaaa']);
+    const raw = await readFile(
+      join(tempHome, '.config', 'agentio', 'config.json'),
+      'utf8'
+    );
+    const cfg = JSON.parse(raw);
+    expect(cfg.server.apiKey).toBe('srv_test_key_for_seeded_tests');
+  });
+});
+
+/* ------------------------------------------------------------------ */
+/* tokens clear                                                       */
+/* ------------------------------------------------------------------ */
+
+describe('agentio server tokens clear', () => {
+  test('removes all tokens and reports the count', async () => {
+    await seedTokens(makeSampleTokens());
+    const { exitCode, stdout } = await runCli([
+      'server',
+      'tokens',
+      'clear',
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Cleared 3 token(s)');
+    const remaining = await readTokensFromConfig();
+    expect(remaining).toHaveLength(0);
+  });
+
+  test('clear on an empty list reports 0 tokens', async () => {
+    await seedTokens([]);
+    const { exitCode, stdout } = await runCli([
+      'server',
+      'tokens',
+      'clear',
+    ]);
+    expect(exitCode).toBe(0);
+    expect(stdout).toContain('Cleared 0 token(s)');
+  });
+
+  test('clear preserves apiKey and other server fields', async () => {
+    await seedTokens(makeSampleTokens());
+    await runCli(['server', 'tokens', 'clear']);
+    const raw = await readFile(
+      join(tempHome, '.config', 'agentio', 'config.json'),
+      'utf8'
+    );
+    const cfg = JSON.parse(raw);
+    expect(cfg.server.apiKey).toBe('srv_test_key_for_seeded_tests');
+    expect(cfg.server.tokens).toEqual([]);
+  });
+});