@themoltnet/legreffier 0.32.0 → 0.32.1

package/dist/index.js

@@ -8084,6 +8084,28 @@ async function writeEnvFile(opts) {
 	await writeFile(envPath, outputLines.join("\n") + "\n", "utf-8");
 }
 /**
+* Update a single managed key in an existing env file.
+* If the key exists, its value is replaced; otherwise appended.
+*/
+async function updateEnvVar(envDir, key, value) {
+	const envPath = join(envDir, "env");
+	let content;
+	try {
+		content = await readFile(envPath, "utf-8");
+	} catch {
+		content = "";
+	}
+	const line = `${key}=${q(value)}`;
+	const keyPrefix = `${key}=`;
+	const lines = content === "" ? [] : content.split("\n");
+	const index = lines.findIndex((l) => l.startsWith(keyPrefix));
+	if (index !== -1) {
+		lines[index] = line;
+		content = lines.join("\n");
+	} else content = content.endsWith("\n") ? content + line + "\n" : content + "\n" + line + "\n";
+	await writeFile(envPath, content, "utf-8");
+}
+/**
 * Resolve the human operator's git identity from global git config.
 * Must be called BEFORE GIT_CONFIG_GLOBAL is set (so it reads the
 * human's config, not the agent's).
@@ -8529,10 +8551,41 @@ async function writeTokenCache(cachePath, token, expiresAt) {
 	} catch {}
 }
 /**
-* Exchange a GitHub App JWT for an installation access token.
-* Uses a file-based cache next to the private key to avoid
-* hitting the GitHub API on every call.
+* List all installations of this GitHub App and return the one whose
+* `account.login` matches the given owner (case-insensitive).
+*
+* Uses the App JWT (not an installation token), so it works even when
+* `installation_id` is missing or stale.
 */
+async function findInstallationForOwner(opts) {
+	const privateKeyPem = await readFile(opts.privateKeyPath, "utf-8");
+	const jwt = createAppJWT(opts.appId, privateKeyPem);
+	const ownerLower = opts.owner.toLowerCase();
+	let nextUrl = "https://api.github.com/app/installations?per_page=100";
+	let pageCount = 0;
+	const MAX_PAGES = 10;
+	while (nextUrl && pageCount < MAX_PAGES) {
+		pageCount++;
+		const res = await fetch(nextUrl, { headers: {
+			Authorization: `Bearer ${jwt}`,
+			Accept: "application/vnd.github+json",
+			"X-GitHub-Api-Version": "2022-11-28"
+		} });
+		if (!res.ok) throw new Error(`GitHub API error listing installations (${res.status}): ${await res.text()}`);
+		const match = (await res.json()).find((i) => i.account?.login.toLowerCase() === ownerLower);
+		if (match) return { installationId: String(match.id) };
+		const linkHeader = res.headers.get("link");
+		nextUrl = linkHeader ? parseNextLinkHeader(linkHeader) : null;
+	}
+	return null;
+}
+function parseNextLinkHeader(header) {
+	for (const part of header.split(",")) {
+		const match = part.match(/<([^>]+)>\s*;\s*rel="next"/);
+		if (match) return match[1];
+	}
+	return null;
+}
 async function getInstallationToken(opts) {
 	const cachePath = join(dirname(opts.privateKeyPath), "gh-token-cache.json");
 	const cached = await readTokenCache(cachePath);
@@ -9554,6 +9607,62 @@ async function runPortDiaryPhase(opts) {
 	};
 }
 //#endregion
+//#region src/phases/portResolveInstallation.ts
+/**
+* Resolve the correct `installation_id` for the target owner.
+*
+* When porting a config across orgs the source `installation_id` is scoped
+* to the original account. This phase uses the App JWT to list all
+* installations and find the one matching the target owner, then updates
+* `moltnet.json` if it differs.
+*/
+async function runPortResolveInstallationPhase(opts) {
+	const { targetDir, config, currentRepo } = opts;
+	if (!currentRepo) return {
+		status: "skipped",
+		message: "unable to determine target repo — skipping installation_id resolution",
+		installationId: config.github?.installation_id ?? ""
+	};
+	if (!config.github?.app_id || !config.github?.private_key_path) return {
+		status: "skipped",
+		message: "github.app_id or private_key_path missing — cannot resolve",
+		installationId: config.github?.installation_id ?? ""
+	};
+	const targetOwner = currentRepo.split("/")[0];
+	let result;
+	try {
+		result = await findInstallationForOwner({
+			appId: config.github.app_id,
+			privateKeyPath: config.github.private_key_path,
+			owner: targetOwner
+		});
+	} catch (err) {
+		return {
+			status: "skipped",
+			message: `could not list app installations: ${err.message}`,
+			installationId: config.github?.installation_id ?? ""
+		};
+	}
+	if (!result) return {
+		status: "not-installed",
+		message: `GitHub App is not installed on ${targetOwner} — install it first`,
+		installationId: config.github?.installation_id ?? ""
+	};
+	const oldId = config.github.installation_id;
+	if (oldId === result.installationId) return {
+		status: "unchanged",
+		message: `installation_id ${oldId} already matches ${targetOwner}`,
+		installationId: oldId
+	};
+	await updateConfigSection("github", { installation_id: result.installationId }, targetDir);
+	if (opts.envPrefix) await updateEnvVar(targetDir, `${opts.envPrefix}_GITHUB_APP_INSTALLATION_ID`, result.installationId);
+	return {
+		status: "updated",
+		message: `installation_id updated: ${oldId || "(empty)"} → ${result.installationId} (${targetOwner})`,
+		installationId: result.installationId
+	};
+}
+//#endregion
 //#region src/phases/portRewrite.ts
 /**
 * Rewrite absolute paths in the ported `moltnet.json` so they point to
@@ -9777,6 +9886,16 @@ function PortApp({ name, agents, sourceDir, targetRepoDir, diaryMode, apiUrl })
 				});
 				filesWritten.push(rewriteResult.gitConfigPath);
 				filesWritten.push(join(targetDir, "env"));
+				setPhase("resolving_installation");
+				const currentRepo = detectCurrentRepo(targetRepoDir);
+				const prefix = toEnvPrefix(name);
+				const resolveResult = await runPortResolveInstallationPhase({
+					targetDir,
+					config: await readConfig(targetDir) ?? config,
+					currentRepo: currentRepo ?? void 0,
+					envPrefix: prefix
+				});
+				if (resolveResult.status === "not-installed" || resolveResult.status === "skipped") warnings.push(resolveResult.message);
 				setPhase("diary");
 				const diaryResult = await runPortDiaryPhase({
 					targetDir,
@@ -9787,14 +9906,14 @@ function PortApp({ name, agents, sourceDir, targetRepoDir, diaryMode, apiUrl })
 				const adapterOpts = {
 					repoDir: targetRepoDir,
 					agentName: name,
-					prefix: toEnvPrefix(name),
+					prefix,
 					mcpUrl: config.endpoints?.mcp ?? apiUrl.replace("://api.", "://mcp.") + "/mcp",
 					clientId: config.oauth2.client_id,
 					clientSecret: config.oauth2.client_secret,
 					appSlug: config.github?.app_slug ?? "",
 					appId: config.github?.app_id ?? "",
 					pemPath: join(targetDir, basename(config.github?.private_key_path ?? "")),
-					installationId: config.github?.installation_id ?? ""
+					installationId: resolveResult.installationId
 				};
 				for (const agentType of agents) {
 					const adapter = adapters[agentType];
@@ -9810,7 +9929,7 @@ function PortApp({ name, agents, sourceDir, targetRepoDir, diaryMode, apiUrl })
 				setPhase("verifying");
 				const verifyResult = await runPortVerifyInstallationPhase({
 					config: await readConfig(targetDir) ?? config,
-					currentRepo: detectCurrentRepo(targetRepoDir) ?? void 0
+					currentRepo: currentRepo ?? void 0
 				});
 				if (verifyResult.status !== "ok") warnings.push(verifyResult.message);
 				setSummary({
@@ -9852,6 +9971,7 @@ function PortApp({ name, agents, sourceDir, targetRepoDir, diaryMode, apiUrl })
 			validating: `Validating source .moltnet/${name}...`,
 			copying: `Copying private material...`,
 			rewriting: `Rewriting paths in moltnet.json...`,
+			resolving_installation: `Resolving GitHub App installation for target org...`,
 			diary: `Configuring diary (${diaryMode})...`,
 			agent_setup: `Installing agent files for ${agents.join(", ")}...`,
 			verifying: `Verifying GitHub App installation scope...`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@themoltnet/legreffier",
-  "version": "0.32.0",
+  "version": "0.32.1",
   "description": "LeGreffier — attribution and measured memory for AI coding agents.",
   "license": "AGPL-3.0-only",
   "type": "module",
@@ -32,10 +32,10 @@
     "typescript": "^5.3.3",
     "vite": "^8.0.0",
     "vitest": "^3.0.0",
-    "@moltnet/crypto-service": "0.1.0",
     "@moltnet/api-client": "0.1.0",
+    "@moltnet/crypto-service": "0.1.0",
     "@themoltnet/design-system": "0.5.1",
-    "@themoltnet/github-agent": "0.23.0",
+    "@themoltnet/github-agent": "0.23.1",
     "@themoltnet/sdk": "0.89.0"
   },
   "scripts": {