@vellumai/assistant 0.4.46 → 0.4.48

package/src/watcher/providers/google-calendar.ts

@@ -11,7 +11,9 @@ import {
   listEvents,
 } from "../../config/bundled-skills/google-calendar/calendar-client.js";
 import type { CalendarEvent } from "../../config/bundled-skills/google-calendar/types.js";
-import { withValidToken } from "../../security/token-manager.js";
+import type { OAuthConnection } from "../../oauth/connection.js";
+import { resolveOAuthConnection } from "../../oauth/connection-resolver.js";
+import { GOOGLE_CALENDAR_BASE_URL } from "../../oauth/provider-base-urls.js";
 import { getLogger } from "../../util/logger.js";
 import type {
   FetchResult,
@@ -21,8 +23,6 @@ import type {
 
 const log = getLogger("watcher:google-calendar");
 
-const CALENDAR_API_BASE = "https://www.googleapis.com/calendar/v3";
-
 /** The credential service — calendar shares OAuth tokens with Gmail. */
 const CREDENTIAL_SERVICE = "integration:gmail";
 
@@ -69,7 +69,7 @@ interface SyncResponse {
  * Returns all accumulated events and the final nextSyncToken.
  */
 async function incrementalSync(
-  token: string,
+  connection: OAuthConnection,
   syncToken: string,
 ): Promise<SyncResponse> {
   let allItems: CalendarEvent[] = [];
@@ -77,27 +77,32 @@ async function incrementalSync(
   let nextSyncToken: string | undefined;
 
   do {
-    const params = new URLSearchParams({ syncToken });
-    if (pageToken) params.set("pageToken", pageToken);
-    const url = `${CALENDAR_API_BASE}/calendars/primary/events?${params}`;
-    const resp = await fetch(url, {
-      headers: { Authorization: `Bearer ${token}` },
+    const query: Record<string, string> = { syncToken };
+    if (pageToken) query.pageToken = pageToken;
+
+    const resp = await connection.request({
+      method: "GET",
+      path: "/calendars/primary/events",
+      query,
+      baseUrl: GOOGLE_CALENDAR_BASE_URL,
     });
 
-    if (!resp.ok) {
-      const body = await resp.text().catch(() => "");
+    if (resp.status < 200 || resp.status >= 300) {
+      const bodyStr =
+        typeof resp.body === "string"
+          ? resp.body
+          : JSON.stringify(resp.body ?? "");
       if (resp.status === 410) {
-        throw new SyncTokenExpiredError(body);
+        throw new SyncTokenExpiredError(bodyStr);
       }
-      // Throw CalendarApiError so withValidToken can detect 401s via the status property
       throw new CalendarApiError(
         resp.status,
-        resp.statusText,
-        `Calendar Sync API ${resp.status}: ${body}`,
+        "",
+        `Calendar Sync API ${resp.status}: ${bodyStr}`,
       );
     }
 
-    const page = (await resp.json()) as SyncResponse;
+    const page = resp.body as SyncResponse;
     if (page.items) allItems = allItems.concat(page.items);
     pageToken = page.nextPageToken;
     nextSyncToken = page.nextSyncToken;
@@ -119,16 +124,48 @@ export const googleCalendarProvider: WatcherProvider = {
   requiredCredentialService: CREDENTIAL_SERVICE,
 
   async getInitialWatermark(credentialService: string): Promise<string> {
-    return withValidToken(credentialService, async (token) => {
-      // Do a full sync with a narrow window to get the initial syncToken.
-      // The API may paginate even for small result sets, so follow nextPageToken
-      // until we reach the final page that carries the nextSyncToken.
+    const connection = resolveOAuthConnection(credentialService);
+
+    // Do a full sync with a narrow window to get the initial syncToken.
+    // The API may paginate even for small result sets, so follow nextPageToken
+    // until we reach the final page that carries the nextSyncToken.
+    const now = new Date().toISOString();
+    let pageToken: string | undefined;
+    let syncToken: string | undefined;
+
+    do {
+      const result = await listEvents(connection, "primary", {
+        timeMin: now,
+        maxResults: 250,
+        singleEvents: true,
+        pageToken,
+      });
+      syncToken = result.nextSyncToken;
+      pageToken = result.nextPageToken;
+    } while (pageToken && !syncToken);
+
+    if (!syncToken) {
+      throw new Error("Calendar API did not return a syncToken");
+    }
+    return syncToken;
+  },
+
+  async fetchNew(
+    credentialService: string,
+    watermark: string | null,
+    _config: Record<string, unknown>,
+    _watcherKey: string,
+  ): Promise<FetchResult> {
+    const connection = resolveOAuthConnection(credentialService);
+
+    if (!watermark) {
+      // No watermark — paginate through to get the initial syncToken, return no items
       const now = new Date().toISOString();
       let pageToken: string | undefined;
       let syncToken: string | undefined;
 
       do {
-        const result = await listEvents(token, "primary", {
+        const result = await listEvents(connection, "primary", {
           timeMin: now,
           maxResults: 250,
           singleEvents: true,
@@ -138,82 +175,52 @@ export const googleCalendarProvider: WatcherProvider = {
         pageToken = result.nextPageToken;
       } while (pageToken && !syncToken);
 
-      if (!syncToken) {
-        throw new Error("Calendar API did not return a syncToken");
+      return { items: [], watermark: syncToken ?? "" };
+    }
+
+    try {
+      const syncResp = await incrementalSync(connection, watermark);
+      const newWatermark = syncResp.nextSyncToken ?? watermark;
+
+      if (!syncResp.items || syncResp.items.length === 0) {
+        return { items: [], watermark: newWatermark };
       }
-      return syncToken;
-    });
-  },
 
-  async fetchNew(
-    credentialService: string,
-    watermark: string | null,
-    _config: Record<string, unknown>,
-    _watcherKey: string,
-  ): Promise<FetchResult> {
-    return withValidToken(credentialService, async (token) => {
-      if (!watermark) {
-        // No watermark — paginate through to get the initial syncToken, return no items
-        const now = new Date().toISOString();
-        let pageToken: string | undefined;
-        let syncToken: string | undefined;
-
-        do {
-          const result = await listEvents(token, "primary", {
-            timeMin: now,
-            maxResults: 250,
-            singleEvents: true,
-            pageToken,
-          });
-          syncToken = result.nextSyncToken;
-          pageToken = result.nextPageToken;
-        } while (pageToken && !syncToken);
-
-        return { items: [], watermark: syncToken ?? "" };
+      // Convert events to watcher items, distinguishing new vs updated
+      const items: WatcherItem[] = [];
+      for (const event of syncResp.items) {
+        if (event.status === "cancelled") continue;
+
+        const eventType =
+          event.created === event.updated
+            ? "new_calendar_event"
+            : "updated_calendar_event";
+        items.push(eventToItem(event, eventType));
       }
 
-      try {
-        const syncResp = await incrementalSync(token, watermark);
-        const newWatermark = syncResp.nextSyncToken ?? watermark;
-
-        if (!syncResp.items || syncResp.items.length === 0) {
-          return { items: [], watermark: newWatermark };
-        }
-
-        // Convert events to watcher items, distinguishing new vs updated
-        const items: WatcherItem[] = [];
-        for (const event of syncResp.items) {
-          if (event.status === "cancelled") continue;
-
-          const eventType =
-            event.created === event.updated
-              ? "new_calendar_event"
-              : "updated_calendar_event";
-          items.push(eventToItem(event, eventType));
-        }
-
-        log.info(
-          { count: items.length, watermark: newWatermark },
-          "Calendar: fetched event changes",
-        );
-        return { items, watermark: newWatermark };
-      } catch (err) {
-        if (err instanceof SyncTokenExpiredError) {
-          log.warn("Calendar syncToken expired, falling back to recent events");
-          return fallbackFetch(token);
-        }
-        throw err;
+      log.info(
+        { count: items.length, watermark: newWatermark },
+        "Calendar: fetched event changes",
+      );
+      return { items, watermark: newWatermark };
+    } catch (err) {
+      if (err instanceof SyncTokenExpiredError) {
+        log.warn("Calendar syncToken expired, falling back to recent events");
+        return fallbackFetch(connection);
       }
-    });
+      throw err;
+    }
   },
 };
 
 /**
  * Fallback when syncToken expires: list upcoming events from today.
  */
-async function fallbackFetch(token: string): Promise<FetchResult> {
+async function fallbackFetch(
+  connection: OAuthConnection,
+): Promise<FetchResult> {
   const now = new Date().toISOString();
-  const result = await listEvents(token, "primary", {
+  const result = await listEvents(connection, "primary", {
     timeMin: now,
     maxResults: 25,
     singleEvents: true,
@@ -229,7 +236,7 @@ async function fallbackFetch(token: string): Promise<FetchResult> {
   let syncToken: string | undefined;
 
   do {
-    const syncResult = await listEvents(token, "primary", {
+    const syncResult = await listEvents(connection, "primary", {
       timeMin: now,
       maxResults: 250,
       singleEvents: true,

package/src/watcher/providers/linear.ts

@@ -13,7 +13,8 @@
  * and issues.
  */
 
-import { withValidToken } from "../../security/token-manager.js";
+import type { OAuthConnection } from "../../oauth/connection.js";
+import { resolveOAuthConnection } from "../../oauth/connection-resolver.js";
 import { getLogger } from "../../util/logger.js";
 import { truncate } from "../../util/truncate.js";
 import type {
@@ -24,8 +25,6 @@ import type {
 
 const log = getLogger("watcher:linear");
 
-const LINEAR_GRAPHQL_URL = "https://api.linear.app/graphql";
-
 // ── GraphQL response types ────────────────────────────────────────────────────
 
 interface LinearNotification {
@@ -89,27 +88,23 @@ interface LinearViewer {
 // ── GraphQL helpers ───────────────────────────────────────────────────────────
 
 async function graphql<T>(
-  token: string,
+  connection: OAuthConnection,
   query: string,
   variables?: Record<string, unknown>,
 ): Promise<T> {
-  const resp = await fetch(LINEAR_GRAPHQL_URL, {
+  const resp = await connection.request({
     method: "POST",
-    headers: {
-      // Linear accepts both personal API keys and OAuth tokens; the Bearer scheme
-      // is required for all token types per Linear's API docs.
-      Authorization: `Bearer ${token}`,
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({ query, variables }),
+    path: "/graphql",
+    body: { query, variables },
   });
 
-  if (!resp.ok) {
-    const body = await resp.text().catch(() => "");
+  if (resp.status >= 400) {
+    const body =
+      typeof resp.body === "string" ? resp.body : JSON.stringify(resp.body);
     throw new Error(`Linear API ${resp.status}: ${body}`);
   }
 
-  const result = (await resp.json()) as {
+  const result = resp.body as {
     data?: T;
     errors?: Array<{ message: string }>;
   };
@@ -128,9 +123,9 @@ async function graphql<T>(
 }
 
 /** Fetch the authenticated user's ID and name. */
-async function fetchViewer(token: string): Promise<LinearViewer> {
+async function fetchViewer(connection: OAuthConnection): Promise<LinearViewer> {
   const data = await graphql<{ viewer: LinearViewer }>(
-    token,
+    connection,
     `
       query {
         viewer {
@@ -150,7 +145,7 @@ async function fetchViewer(token: string): Promise<LinearViewer> {
  * between polls.
  */
 async function fetchNotifications(
-  token: string,
+  connection: OAuthConnection,
   since: string,
 ): Promise<LinearNotification[]> {
   const allNodes: LinearNotification[] = [];
@@ -165,7 +160,7 @@ async function fetchNotifications(
 
   do {
     const data: NotificationsResponse = await graphql<NotificationsResponse>(
-      token,
+      connection,
       `
         query FetchNotifications($after: DateTime, $cursor: String) {
           notifications(
@@ -242,7 +237,7 @@ async function fetchNotifications(
  * `pageInfo.hasNextPage` is false so updates beyond the first 50 aren't skipped.
  */
 async function fetchAssignedIssueUpdates(
-  token: string,
+  connection: OAuthConnection,
   viewerId: string,
   since: string,
 ): Promise<LinearIssue[]> {
@@ -258,7 +253,7 @@ async function fetchAssignedIssueUpdates(
 
   do {
     const data: IssuesResponse = await graphql<IssuesResponse>(
-      token,
+      connection,
       `
         query FetchAssignedIssues(
           $assigneeId: ID
@@ -319,7 +314,7 @@ async function fetchAssignedIssueUpdates(
  * complete set — needed for accurate eviction and reassignment detection.
  */
 async function fetchAllAssignedIssueIds(
-  token: string,
+  connection: OAuthConnection,
   viewerId: string,
 ): Promise<Set<string>> {
   const ids = new Set<string>();
@@ -334,7 +329,7 @@ async function fetchAllAssignedIssueIds(
 
   do {
     const data: IdsResponse = await graphql<IdsResponse>(
-      token,
+      connection,
       `
         query FetchAllAssignedIssueIds($assigneeId: ID, $cursor: String) {
           issues(
@@ -517,87 +512,86 @@ export const linearProvider: WatcherProvider = {
     _config: Record<string, unknown>,
     watcherKey: string,
   ): Promise<FetchResult> {
-    return withValidToken(credentialService, async (token) => {
-      const since = watermark ?? new Date().toISOString();
+    const connection = resolveOAuthConnection(credentialService);
+    const since = watermark ?? new Date().toISOString();
 
-      // Resolve the authenticated viewer's ID once per poll for the assigned-issues query
-      const viewer = await fetchViewer(token);
+    // Resolve the authenticated viewer's ID once per poll for the assigned-issues query
+    const viewer = await fetchViewer(connection);
 
-      // Fetch notifications (assignments, mentions, status changes via notification feed)
-      const notifications = await fetchNotifications(token, since);
+    // Fetch notifications (assignments, mentions, status changes via notification feed)
+    const notifications = await fetchNotifications(connection, since);
 
-      // Only surface notification types that warrant attention
-      const relevantTypes = new Set([
-        "issueAssignedToYou",
-        "issueMentionedYou",
-        "issueCommentMentionedYou",
-        "issueStatusChanged",
-      ]);
+    // Only surface notification types that warrant attention
+    const relevantTypes = new Set([
+      "issueAssignedToYou",
+      "issueMentionedYou",
+      "issueCommentMentionedYou",
+      "issueStatusChanged",
+    ]);
 
-      const items: WatcherItem[] = [];
+    const items: WatcherItem[] = [];
 
-      for (const n of notifications) {
-        if (!relevantTypes.has(n.type)) continue;
-        items.push(notificationToItem(n));
-      }
+    for (const n of notifications) {
+      if (!relevantTypes.has(n.type)) continue;
+      items.push(notificationToItem(n));
+    }
 
-      // Fetch the complete set of currently assigned issue IDs (no updatedAt
-      // filter) so we can accurately evict stale cache entries and guard against
-      // false-positive status change events on reassignment.
-      const currentAssignedIds = await fetchAllAssignedIssueIds(
-        token,
-        viewer.id,
-      );
-      const previousAssignedIds = lastSeenAssignedIdsByWatcher.get(watcherKey);
-
-      // Also poll assigned issues directly for status changes not covered by
-      // notifications (e.g., bulk team updates). We only emit an event when the
-      // state ID differs from what we recorded on the previous poll — any other
-      // field update (title, description, etc.) does not constitute a status change.
-      // On first sight of an issue we seed the map without emitting, so we don't
-      // fire false-positive events after a daemon restart.
-      const assignedIssues = await fetchAssignedIssueUpdates(
-        token,
-        viewer.id,
-        since,
-      );
-      const stateCache = getStateCache(watcherKey);
-      for (const issue of assignedIssues) {
-        const previousStateId = stateCache.get(issue.id);
-        // Only emit a status change if: (1) we have a cached state that differs,
-        // AND (2) the issue was also assigned in the previous poll. Condition (2)
-        // prevents false-positive events when an issue is unassigned, changes
-        // state while unassigned, and is then reassigned.
-        const wasPreviouslySeen = previousAssignedIds?.has(issue.id) ?? false;
-        if (
-          previousStateId !== undefined &&
-          previousStateId !== issue.state.id &&
-          wasPreviouslySeen
-        ) {
-          items.push(issueToStatusChangeItem(issue, previousStateId));
-        }
-        stateCache.set(issue.id, issue.state.id);
+    // Fetch the complete set of currently assigned issue IDs (no updatedAt
+    // filter) so we can accurately evict stale cache entries and guard against
+    // false-positive status change events on reassignment.
+    const currentAssignedIds = await fetchAllAssignedIssueIds(
+      connection,
+      viewer.id,
+    );
+    const previousAssignedIds = lastSeenAssignedIdsByWatcher.get(watcherKey);
+
+    // Also poll assigned issues directly for status changes not covered by
+    // notifications (e.g., bulk team updates). We only emit an event when the
+    // state ID differs from what we recorded on the previous poll — any other
+    // field update (title, description, etc.) does not constitute a status change.
+    // On first sight of an issue we seed the map without emitting, so we don't
+    // fire false-positive events after a daemon restart.
+    const assignedIssues = await fetchAssignedIssueUpdates(
+      connection,
+      viewer.id,
+      since,
+    );
+    const stateCache = getStateCache(watcherKey);
+    for (const issue of assignedIssues) {
+      const previousStateId = stateCache.get(issue.id);
+      // Only emit a status change if: (1) we have a cached state that differs,
+      // AND (2) the issue was also assigned in the previous poll. Condition (2)
+      // prevents false-positive events when an issue is unassigned, changes
+      // state while unassigned, and is then reassigned.
+      const wasPreviouslySeen = previousAssignedIds?.has(issue.id) ?? false;
+      if (
+        previousStateId !== undefined &&
+        previousStateId !== issue.state.id &&
+        wasPreviouslySeen
+      ) {
+        items.push(issueToStatusChangeItem(issue, previousStateId));
       }
+      stateCache.set(issue.id, issue.state.id);
+    }
 
-      // Evict cached state for issues that left the assigned set so stale
-      // entries don't accumulate and don't cause false-positive events if the
-      // issue is later reassigned.
-      if (previousAssignedIds) {
-        for (const id of previousAssignedIds) {
-          if (!currentAssignedIds.has(id)) {
-            stateCache.delete(id);
-          }
+    // Evict cached state for issues that left the assigned set so stale
+    // entries don't accumulate and don't cause false-positive events if the
+    // issue is later reassigned.
+    if (previousAssignedIds) {
+      for (const id of previousAssignedIds) {
+        if (!currentAssignedIds.has(id)) {
+          stateCache.delete(id);
         }
       }
-      lastSeenAssignedIdsByWatcher.set(watcherKey, currentAssignedIds);
+    }
+    lastSeenAssignedIdsByWatcher.set(watcherKey, currentAssignedIds);
 
-      const newWatermark = new Date().toISOString();
-      log.info(
-        { count: items.length, viewer: viewer.name, watermark: newWatermark },
-        "Linear: fetched new notifications",
-      );
+    const newWatermark = new Date().toISOString();
+    log.info(
+      { count: items.length, viewer: viewer.name, watermark: newWatermark },
+      "Linear: fetched new notifications",
+    );
 
-      return { items, watermark: newWatermark };
-    });
+    return { items, watermark: newWatermark };
   },
 };