npm - @symerian/symi - Versions diffs - 2.8.10 → 2.8.12 - Mend

@symerian/symi 2.8.10 → 2.8.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (177) hide show

package/extensions/outlook/src/store.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import fs from "node:fs";
+import os from "node:os";
 import path from "node:path";
 import { refreshAccessToken } from "./auth.js";
@@ -9,34 +10,105 @@ export type OutlookCredentials = {
   email?: string;
   displayName?: string;
   updatedAt?: string;
+  /**
+   * Unix ms of the most recent moment we KNOW the refresh token worked —
+   * set on OAuth-flow success and on every successful refreshAccessToken.
+   * Consumed by `resolveConnectionState` to tell the difference between
+   * "we hold a refresh string" (previous weak check) and "the refresh
+   * string actually produced a valid access token recently." If this
+   * field is absent on an existing credentials file (pre-2.8.11), we
+   * treat it as "never verified" and the state falls back to "stale" —
+   * a safe default that surfaces the uncertainty rather than silently
+   * claiming "connected."
+   */
+  lastVerifiedAt?: number;
 };
-const STORE_DIR = path.join(
-  process.env.HOME || process.env.USERPROFILE || "/tmp",
-  ".symi",
-  "credentials",
-);
+/**
+ * How long a successful refresh is trusted before we downgrade the
+ * reported connection state to "stale" (still usable — the next tool
+ * call will attempt a refresh — but the system prompt hedges the claim
+ * so the agent doesn't assert a connection that may have been
+ * invalidated upstream).
+ */
+export const REFRESH_TRUST_WINDOW_MS = 24 * 60 * 60 * 1000;
+/**
+ * Tri-state connection classification. Consumed by the plugin's system-
+ * prompt injection (extensions/outlook/index.ts) and by the gateway
+ * status RPC (src/gateway/server-methods/channels.ts) so both surface
+ * the same truth.
+ *
+ * - valid         access token still inside its expiry window
+ * - trusted       access expired, but refresh was verified < 24h ago
+ * - stale         access expired, refresh never verified or > 24h ago
+ *                 (still attempt refresh on next tool call; may or may
+ *                 not succeed — Microsoft could have invalidated the
+ *                 refresh token without telling us)
+ * - not-connected no credentials on disk, or creds file is unreadable
+ */
+export type OutlookConnectionState = "valid" | "trusted" | "stale" | "not-connected";
+function resolveHome(): string {
+  const home = os.homedir();
+  if (home && home.length > 0) {
+    return home;
+  }
+  // Defence-in-depth — os.homedir() is the canonical resolution and
+  // consults /etc/passwd / platform APIs before falling back to the env.
+  // If it returns empty, environment variables are the next-best bet.
+  // Absolute last resort is /var/symi rather than /tmp — /tmp is purged
+  // by the OS on a cadence that silently eats OAuth tokens.
+  return process.env.HOME || process.env.USERPROFILE || "/var/symi";
+}
+export function getStoreDir(): string {
+  return path.join(resolveHome(), ".symi", "credentials");
+}
-const STORE_PATH = path.join(STORE_DIR, "outlook.json");
+export function getStorePath(): string {
+  return path.join(getStoreDir(), "outlook.json");
+}
 export function loadCredentials(): OutlookCredentials | null {
   try {
-    const data = fs.readFileSync(STORE_PATH, "utf-8");
+    const data = fs.readFileSync(getStorePath(), "utf-8");
     return JSON.parse(data) as OutlookCredentials;
   } catch {
     return null;
   }
 }
+/**
+ * Atomic write: tmp file + fsync + rename. Prevents torn writes if the
+ * process crashes mid-save (which would otherwise leave a zero-byte
+ * file and look like a missing credential to every subsequent load).
+ *
+ * Caller contract: every save is VERIFIED — saveCredentials only runs
+ * after a successful OAuth flow or successful refreshAccessToken, so
+ * stamping `lastVerifiedAt = now` unconditionally is correct. If a
+ * future code path needs to save unverified credentials (e.g. partial
+ * OAuth in progress), introduce a separate saveUnverifiedCredentials
+ * that skips the stamp.
+ */
 export function saveCredentials(creds: OutlookCredentials): void {
-  fs.mkdirSync(STORE_DIR, { recursive: true });
-  creds.updatedAt = new Date().toISOString();
-  fs.writeFileSync(STORE_PATH, JSON.stringify(creds, null, 2), { mode: 0o600 });
+  const dir = getStoreDir();
+  fs.mkdirSync(dir, { recursive: true });
+  const now = Date.now();
+  const stamped: OutlookCredentials = {
+    ...creds,
+    updatedAt: new Date(now).toISOString(),
+    lastVerifiedAt: now,
+  };
+  const finalPath = getStorePath();
+  const tmpPath = `${finalPath}.tmp-${process.pid}-${now}`;
+  fs.writeFileSync(tmpPath, JSON.stringify(stamped, null, 2), { mode: 0o600 });
+  fs.renameSync(tmpPath, finalPath);
 }
 export function deleteCredentials(): boolean {
   try {
-    fs.unlinkSync(STORE_PATH);
+    fs.unlinkSync(getStorePath());
     return true;
   } catch {
     return false;
@@ -46,6 +118,12 @@ export function deleteCredentials(): boolean {
 /**
  * Returns a valid access token, refreshing if expired.
  * Throws if no credentials stored or refresh fails.
+ *
+ * On successful refresh, re-saves credentials — which re-stamps
+ * `lastVerifiedAt` via the saveCredentials contract. This is how
+ * `stale` transitions back to `trusted` (and the agent's system-
+ * prompt block flips back to the unqualified "Connected as X" form)
+ * as soon as a tool call succeeds.
  */
 export async function getAccessToken(): Promise<string> {
   const creds = loadCredentials();
@@ -70,3 +148,32 @@ export async function getAccessToken(): Promise<string> {
   });
   return refreshed.access;
 }
+/**
+ * Classify the current connection based on the credential state — used
+ * by both the plugin's `before_prompt_build` hook and the gateway's
+ * `channels.status` RPC so both surfaces agree on the truth.
+ *
+ * See the OutlookConnectionState doc for the meaning of each state.
+ */
+export function resolveConnectionState(
+  creds: OutlookCredentials | null,
+  now: number = Date.now(),
+): OutlookConnectionState {
+  if (!creds) {
+    return "not-connected";
+  }
+  if (typeof creds.expires === "number" && now < creds.expires) {
+    return "valid";
+  }
+  if (
+    typeof creds.lastVerifiedAt === "number" &&
+    now - creds.lastVerifiedAt < REFRESH_TRUST_WINDOW_MS
+  ) {
+    return "trusted";
+  }
+  if (typeof creds.refresh === "string" && creds.refresh.length > 0) {
+    return "stale";
+  }
+  return "not-connected";
+}

package/extensions/pipeline/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/pipeline",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "description": "Pipeline workflow tool plugin (typed pipelines + resumable approvals)",
   "type": "module",
   "symi": {

package/extensions/signal/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/signal",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "private": true,
   "description": "Symi Signal channel plugin",
   "type": "module",

package/extensions/slack/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/slack",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "private": true,
   "description": "Symi Slack channel plugin",
   "type": "module",

package/extensions/telegram/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/telegram",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "private": true,
   "description": "Symi Telegram channel plugin",
   "type": "module",

package/extensions/tlon/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/tlon",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "private": true,
   "description": "Symi Tlon/Urbit channel plugin",
   "type": "module",

package/extensions/twitch/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.12
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.10
 ### Changes

package/extensions/twitch/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/twitch",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "private": true,
   "description": "Symi Twitch channel plugin",
   "type": "module",

package/extensions/voice-call/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.12
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.10
 ### Changes

package/extensions/voice-call/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/voice-call",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "description": "Symi voice-call plugin",
   "type": "module",
   "dependencies": {

package/extensions/whatsapp/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/whatsapp",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "private": true,
   "description": "Symi WhatsApp channel plugin",
   "type": "module",

package/extensions/zalo/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.12
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.10
 ### Changes

package/extensions/zalo/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/zalo",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "description": "Symi Zalo channel plugin",
   "type": "module",
   "dependencies": {

package/extensions/zalouser/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.12
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.10
 ### Changes

package/extensions/zalouser/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/zalouser",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "description": "Symi Zalo Personal Account plugin via zca-cli",
   "type": "module",
   "dependencies": {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symerian/symi",
-  "version": "2.8.10",
+  "version": "2.8.12",
   "description": "Multi-channel AI gateway with extensible messaging integrations",
   "keywords": [],
   "homepage": "https://github.com/jaysteelmind/symi#readme",