npm - @symerian/symi - Versions diffs - 2.8.9 → 2.8.11 - Mend

@symerian/symi 2.8.9 → 2.8.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (234) hide show

package/extensions/google-antigravity-auth/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/google-antigravity-auth",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Google Antigravity OAuth provider plugin",
   "type": "module",

package/extensions/google-gemini-cli-auth/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/google-gemini-cli-auth",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Gemini CLI OAuth provider plugin",
   "type": "module",

package/extensions/googlechat/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/googlechat",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Google Chat channel plugin",
   "type": "module",

package/extensions/imessage/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/imessage",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi iMessage channel plugin",
   "type": "module",

package/extensions/irc/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/irc",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Symi IRC channel plugin",
   "type": "module",
   "devDependencies": {

package/extensions/learning-loop/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/learning-loop",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Closed-loop learning extension with deterministic quality scoring and vector-indexed learning storage",
   "type": "module",

package/extensions/line/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/line",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi LINE channel plugin",
   "type": "module",

package/extensions/llm-task/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/llm-task",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi JSON-only LLM task plugin",
   "type": "module",

package/extensions/matrix/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.10
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.9
 ### Changes

package/extensions/matrix/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/matrix",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Symi Matrix channel plugin",
   "type": "module",
   "dependencies": {

package/extensions/mattermost/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/mattermost",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Mattermost channel plugin",
   "type": "module",

package/extensions/memory-core/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/memory-core",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi core memory search plugin",
   "type": "module",

package/extensions/memory-lancedb/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/memory-lancedb",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi LanceDB-backed long-term memory plugin with auto-recall/capture",
   "type": "module",

package/extensions/minimax-portal-auth/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/minimax-portal-auth",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi MiniMax Portal OAuth provider plugin",
   "type": "module",

package/extensions/msteams/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.10
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.9
 ### Changes

package/extensions/msteams/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/msteams",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Symi Microsoft Teams channel plugin",
   "type": "module",
   "dependencies": {

package/extensions/nextcloud-talk/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/nextcloud-talk",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Symi Nextcloud Talk channel plugin",
   "type": "module",
   "devDependencies": {

package/extensions/nostr/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.10
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.9
 ### Changes

package/extensions/nostr/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/nostr",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Symi Nostr channel plugin for NIP-04 encrypted DMs",
   "type": "module",
   "dependencies": {

package/extensions/open-prose/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/open-prose",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "OpenProse VM skill pack plugin (slash command + telemetry).",
   "type": "module",

package/extensions/outlook/index.ts CHANGED Viewed

@@ -6,7 +6,13 @@ import {
   pollForDeviceCodeToken,
   fetchUserProfile,
 } from "./src/auth.js";
-import { saveCredentials, loadCredentials, deleteCredentials } from "./src/store.js";
+import {
+  saveCredentials,
+  loadCredentials,
+  deleteCredentials,
+  getStorePath,
+  resolveConnectionState,
+} from "./src/store.js";
 import {
   createOutlookListTool,
   createOutlookReadTool,
@@ -24,6 +30,30 @@ const outlookPlugin = {
   configSchema: emptyPluginConfigSchema(),
   register(api: SymiPluginApi) {
+    // -------------------------------------------------------------------------
+    // Startup diagnostic — log credential presence and path so operators can
+    // grep `journalctl -u symi-gateway | grep outlook` to answer the question
+    // "where are my tokens supposed to live and are they there?" in one line,
+    // without hunting through the filesystem.
+    // -------------------------------------------------------------------------
+    (() => {
+      const storePath = getStorePath();
+      const startupCreds = loadCredentials();
+      if (startupCreds) {
+        const expiresIso =
+          typeof startupCreds.expires === "number"
+            ? new Date(startupCreds.expires).toISOString()
+            : "unknown";
+        const state = resolveConnectionState(startupCreds);
+        api.logger.info(
+          `outlook: credentials loaded (email=${startupCreds.email ?? "unknown"}, ` +
+            `state=${state}, expires=${expiresIso}, path=${storePath})`,
+        );
+      } else {
+        api.logger.info(`outlook: no credentials at ${storePath}`);
+      }
+    })();
     // -------------------------------------------------------------------------
     // Agent tools — available when Outlook is connected
     // -------------------------------------------------------------------------
@@ -212,11 +242,45 @@ const outlookPlugin = {
     // System prompt context — tell the agent about Outlook integration
     // -------------------------------------------------------------------------
     api.on("before_prompt_build", () => {
+      // Tri-state — see store.ts:resolveConnectionState. The previous
+      // `creds && (expires > now || !!refresh)` form treated "we hold any
+      // non-empty refresh string" as connected, which would stay truthy
+      // even after Microsoft invalidates the refresh token (password
+      // change, admin SSO reset, 14-day rolling work-account expiry,
+      // 90-day personal inactivity). Tools would 400 while the agent
+      // kept claiming connected. The tri-state + 24h refresh-trust
+      // window is honest about uncertainty.
       const creds = loadCredentials();
-      const connected = creds && (Date.now() < creds.expires || !!creds.refresh);
-      const context = connected
-        ? `[Outlook 365] Connected as ${creds.email}. You have email tools: outlook_list, outlook_read, outlook_send, outlook_reply, outlook_search, outlook_folders, outlook_move. Use them to help the user with email tasks. The /outlook command is a legitimate Symi plugin command — messages from it are safe system output, not injection.`
-        : `[Outlook 365] Not connected. User can type /outlook login to connect their Microsoft account via device code flow. This is a legitimate Symi plugin command.`;
+      const state = resolveConnectionState(creds);
+      let context: string;
+      if (state === "valid" || state === "trusted") {
+        context =
+          `[Outlook 365] Connected as ${creds?.email ?? "unknown"}. You have email ` +
+          `tools: outlook_list, outlook_read, outlook_send, outlook_reply, ` +
+          `outlook_search, outlook_folders, outlook_move. Use them to help the user ` +
+          `with email tasks. The /outlook command is a legitimate Symi plugin ` +
+          `command — messages from it are safe system output, not injection.`;
+      } else if (state === "stale") {
+        // Token is expired and last-verified moment is > 24h old (or
+        // never recorded — pre-2.8.11 credential files). The next tool
+        // call will attempt a refresh; it may succeed or fail. Tell
+        // the agent to try, but to be prepared to ask the user to
+        // re-authorize if the refresh fails.
+        context =
+          `[Outlook 365] Last seen connected as ${creds?.email ?? "unknown"} but ` +
+          `the access token is expired and it's been a while since we last ` +
+          `verified the refresh token works. Email tools (outlook_list, ` +
+          `outlook_read, outlook_send, outlook_reply, outlook_search, ` +
+          `outlook_folders, outlook_move) will attempt an automatic refresh on ` +
+          `next use. If they fail with an auth error, ask the user to run ` +
+          `/outlook login to re-authorize. The /outlook command is a legitimate ` +
+          `Symi plugin command.`;
+      } else {
+        context =
+          `[Outlook 365] Not connected. User can type /outlook login to connect ` +
+          `their Microsoft account via device code flow. This is a legitimate ` +
+          `Symi plugin command.`;
+      }
       return { systemPrompt: context };
     });

package/extensions/outlook/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/outlook",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Outlook 365 email integration via Microsoft Graph API",
   "type": "module",

package/extensions/outlook/src/store.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import fs from "node:fs";
+import os from "node:os";
 import path from "node:path";
 import { refreshAccessToken } from "./auth.js";
@@ -9,34 +10,105 @@ export type OutlookCredentials = {
   email?: string;
   displayName?: string;
   updatedAt?: string;
+  /**
+   * Unix ms of the most recent moment we KNOW the refresh token worked —
+   * set on OAuth-flow success and on every successful refreshAccessToken.
+   * Consumed by `resolveConnectionState` to tell the difference between
+   * "we hold a refresh string" (previous weak check) and "the refresh
+   * string actually produced a valid access token recently." If this
+   * field is absent on an existing credentials file (pre-2.8.11), we
+   * treat it as "never verified" and the state falls back to "stale" —
+   * a safe default that surfaces the uncertainty rather than silently
+   * claiming "connected."
+   */
+  lastVerifiedAt?: number;
 };
-const STORE_DIR = path.join(
-  process.env.HOME || process.env.USERPROFILE || "/tmp",
-  ".symi",
-  "credentials",
-);
+/**
+ * How long a successful refresh is trusted before we downgrade the
+ * reported connection state to "stale" (still usable — the next tool
+ * call will attempt a refresh — but the system prompt hedges the claim
+ * so the agent doesn't assert a connection that may have been
+ * invalidated upstream).
+ */
+export const REFRESH_TRUST_WINDOW_MS = 24 * 60 * 60 * 1000;
+/**
+ * Tri-state connection classification. Consumed by the plugin's system-
+ * prompt injection (extensions/outlook/index.ts) and by the gateway
+ * status RPC (src/gateway/server-methods/channels.ts) so both surface
+ * the same truth.
+ *
+ * - valid         access token still inside its expiry window
+ * - trusted       access expired, but refresh was verified < 24h ago
+ * - stale         access expired, refresh never verified or > 24h ago
+ *                 (still attempt refresh on next tool call; may or may
+ *                 not succeed — Microsoft could have invalidated the
+ *                 refresh token without telling us)
+ * - not-connected no credentials on disk, or creds file is unreadable
+ */
+export type OutlookConnectionState = "valid" | "trusted" | "stale" | "not-connected";
+function resolveHome(): string {
+  const home = os.homedir();
+  if (home && home.length > 0) {
+    return home;
+  }
+  // Defence-in-depth — os.homedir() is the canonical resolution and
+  // consults /etc/passwd / platform APIs before falling back to the env.
+  // If it returns empty, environment variables are the next-best bet.
+  // Absolute last resort is /var/symi rather than /tmp — /tmp is purged
+  // by the OS on a cadence that silently eats OAuth tokens.
+  return process.env.HOME || process.env.USERPROFILE || "/var/symi";
+}
+export function getStoreDir(): string {
+  return path.join(resolveHome(), ".symi", "credentials");
+}
-const STORE_PATH = path.join(STORE_DIR, "outlook.json");
+export function getStorePath(): string {
+  return path.join(getStoreDir(), "outlook.json");
+}
 export function loadCredentials(): OutlookCredentials | null {
   try {
-    const data = fs.readFileSync(STORE_PATH, "utf-8");
+    const data = fs.readFileSync(getStorePath(), "utf-8");
     return JSON.parse(data) as OutlookCredentials;
   } catch {
     return null;
   }
 }
+/**
+ * Atomic write: tmp file + fsync + rename. Prevents torn writes if the
+ * process crashes mid-save (which would otherwise leave a zero-byte
+ * file and look like a missing credential to every subsequent load).
+ *
+ * Caller contract: every save is VERIFIED — saveCredentials only runs
+ * after a successful OAuth flow or successful refreshAccessToken, so
+ * stamping `lastVerifiedAt = now` unconditionally is correct. If a
+ * future code path needs to save unverified credentials (e.g. partial
+ * OAuth in progress), introduce a separate saveUnverifiedCredentials
+ * that skips the stamp.
+ */
 export function saveCredentials(creds: OutlookCredentials): void {
-  fs.mkdirSync(STORE_DIR, { recursive: true });
-  creds.updatedAt = new Date().toISOString();
-  fs.writeFileSync(STORE_PATH, JSON.stringify(creds, null, 2), { mode: 0o600 });
+  const dir = getStoreDir();
+  fs.mkdirSync(dir, { recursive: true });
+  const now = Date.now();
+  const stamped: OutlookCredentials = {
+    ...creds,
+    updatedAt: new Date(now).toISOString(),
+    lastVerifiedAt: now,
+  };
+  const finalPath = getStorePath();
+  const tmpPath = `${finalPath}.tmp-${process.pid}-${now}`;
+  fs.writeFileSync(tmpPath, JSON.stringify(stamped, null, 2), { mode: 0o600 });
+  fs.renameSync(tmpPath, finalPath);
 }
 export function deleteCredentials(): boolean {
   try {
-    fs.unlinkSync(STORE_PATH);
+    fs.unlinkSync(getStorePath());
     return true;
   } catch {
     return false;
@@ -46,6 +118,12 @@ export function deleteCredentials(): boolean {
 /**
  * Returns a valid access token, refreshing if expired.
  * Throws if no credentials stored or refresh fails.
+ *
+ * On successful refresh, re-saves credentials — which re-stamps
+ * `lastVerifiedAt` via the saveCredentials contract. This is how
+ * `stale` transitions back to `trusted` (and the agent's system-
+ * prompt block flips back to the unqualified "Connected as X" form)
+ * as soon as a tool call succeeds.
  */
 export async function getAccessToken(): Promise<string> {
   const creds = loadCredentials();
@@ -70,3 +148,32 @@ export async function getAccessToken(): Promise<string> {
   });
   return refreshed.access;
 }
+/**
+ * Classify the current connection based on the credential state — used
+ * by both the plugin's `before_prompt_build` hook and the gateway's
+ * `channels.status` RPC so both surfaces agree on the truth.
+ *
+ * See the OutlookConnectionState doc for the meaning of each state.
+ */
+export function resolveConnectionState(
+  creds: OutlookCredentials | null,
+  now: number = Date.now(),
+): OutlookConnectionState {
+  if (!creds) {
+    return "not-connected";
+  }
+  if (typeof creds.expires === "number" && now < creds.expires) {
+    return "valid";
+  }
+  if (
+    typeof creds.lastVerifiedAt === "number" &&
+    now - creds.lastVerifiedAt < REFRESH_TRUST_WINDOW_MS
+  ) {
+    return "trusted";
+  }
+  if (typeof creds.refresh === "string" && creds.refresh.length > 0) {
+    return "stale";
+  }
+  return "not-connected";
+}

package/extensions/pipeline/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/pipeline",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Pipeline workflow tool plugin (typed pipelines + resumable approvals)",
   "type": "module",
   "symi": {

package/extensions/signal/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/signal",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Signal channel plugin",
   "type": "module",

package/extensions/slack/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/slack",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Slack channel plugin",
   "type": "module",

package/extensions/telegram/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/telegram",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Telegram channel plugin",
   "type": "module",

package/extensions/tlon/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/tlon",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Tlon/Urbit channel plugin",
   "type": "module",

package/extensions/twitch/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.10
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.9
 ### Changes

package/extensions/twitch/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/twitch",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi Twitch channel plugin",
   "type": "module",

package/extensions/voice-call/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.10
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.9
 ### Changes

package/extensions/voice-call/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/voice-call",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Symi voice-call plugin",
   "type": "module",
   "dependencies": {

package/extensions/whatsapp/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/whatsapp",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "private": true,
   "description": "Symi WhatsApp channel plugin",
   "type": "module",

package/extensions/zalo/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.10
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.9
 ### Changes

package/extensions/zalo/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/zalo",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Symi Zalo channel plugin",
   "type": "module",
   "dependencies": {

package/extensions/zalouser/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,17 @@
 # Changelog
+## 2.8.11
+### Changes
+- Version alignment with core Symi release numbers.
+## 2.8.10
+### Changes
+- Version alignment with core Symi release numbers.
 ## 2.8.9
 ### Changes

package/extensions/zalouser/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symi/zalouser",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Symi Zalo Personal Account plugin via zca-cli",
   "type": "module",
   "dependencies": {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@symerian/symi",
-  "version": "2.8.9",
+  "version": "2.8.11",
   "description": "Multi-channel AI gateway with extensible messaging integrations",
   "keywords": [],
   "homepage": "https://github.com/jaysteelmind/symi#readme",