npm - agent-control-plane - Versions diffs - 0.1.0 → 0.1.2 - Mend

agent-control-plane 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/README.md +1 -1
package/package.json +5 -5
package/tools/bin/check-skill-contracts.sh +1 -1
package/tools/tests/test-agent-control-plane-npm-cli.sh +2 -1
package/tools/tests/test-package-public-metadata.sh +3 -3
package/tools/tests/test-public-repo-docs.sh +4 -2
package/tools/tests/test-vendored-codex-quota-claude-oauth-only.sh +38 -0
package/tools/vendor/codex-quota/README.md +8 -16
package/tools/vendor/codex-quota/lib/claude-accounts.js +2 -68
package/tools/vendor/codex-quota/lib/claude-usage.js +76 -667
package/tools/vendor/codex-quota/lib/display.js +6 -14
package/tools/vendor/codex-quota/lib/handlers.js +32 -117
package/tools/vendor/codex-quota/lib/sync.js +9 -14

package/tools/vendor/codex-quota/lib/display.js CHANGED Viewed

@@ -553,7 +553,7 @@ Usage:
 Commands:
   quota [label]     Check Claude usage (default command)
-  add [label]       Add a Claude credential (via OAuth or manual entry)
+  add [label]       Add a Claude credential via OAuth
   reauth <label>    Re-authenticate an existing Claude account via OAuth
   switch <label>    Switch Claude Code, OpenCode, and pi credentials
   sync              Sync activeLabel to Claude Code, OpenCode, and pi
@@ -564,14 +564,13 @@ Options:
   --json            Output result in JSON format
   --dry-run         Preview sync without writing files
   --oauth           Use OAuth browser authentication (recommended)
-  --manual          Use manual token entry
   --no-browser      Print OAuth URL instead of opening browser
   --help, -h        Show this help
 Examples:
   ${PRIMARY_CMD} claude                   Check Claude usage
   ${PRIMARY_CMD} claude quota work        Check Claude usage for "work"
-  ${PRIMARY_CMD} claude add               Add Claude credential (prompts for method)
+  ${PRIMARY_CMD} claude add               Add Claude credential via OAuth
   ${PRIMARY_CMD} claude add work --oauth  Add via OAuth browser flow
   ${PRIMARY_CMD} claude reauth work       Re-authenticate "work" account
   ${PRIMARY_CMD} claude switch work       Switch Claude Code/OpenCode/pi to "work"
@@ -582,7 +581,7 @@ Examples:
 Notes:
   - switch and sync update activeLabel in ~/.claude-accounts.json when available
-  - session-key-only accounts cannot be synced (OAuth required)
+  - Claude accounts are OAuth-only in the bundled public package
 `);
 }
@@ -598,8 +597,6 @@ Arguments:
 Options:
   --oauth           Use OAuth browser authentication (recommended)
                     Opens browser for secure authentication
-  --manual          Use manual token entry
-                    Paste sessionKey or OAuth token directly
   --no-browser      Print OAuth URL instead of opening browser
                     Use this in headless/SSH environments
   --json            Output result in JSON format
@@ -608,18 +605,14 @@ Options:
 Description:
   Adds a Claude credential to ~/.claude-accounts.json.
-  OAuth flow (recommended):
+  OAuth flow:
     1. Opens browser for authentication at claude.ai
     2. User copies code#state from browser
     3. Tool exchanges code for tokens automatically
-  Manual flow:
-    Prompts for sessionKey or OAuth token (one is required).
 Examples:
-  ${PRIMARY_CMD} claude add                       Interactive (prompts for method)
+  ${PRIMARY_CMD} claude add                       Interactive OAuth flow
   ${PRIMARY_CMD} claude add work --oauth          OAuth browser flow
-  ${PRIMARY_CMD} claude add work --manual         Manual token entry
 	  ${PRIMARY_CMD} claude add work --oauth --no-browser  OAuth without opening browser
 	  ${PRIMARY_CMD} claude add work --json           JSON output for scripting
 `);
@@ -787,8 +780,7 @@ Options:
 Description:
   Displays usage statistics for Claude accounts. Tokens are refreshed when
-  available. Uses OAuth credentials when possible and falls back to legacy
-  session credentials.
+  available. Uses OAuth credentials only.
   OAuth-based accounts are checked for divergence in Claude CLI stores.
   Use --local to suppress harness checks and only use stored account files.

package/tools/vendor/codex-quota/lib/handlers.js CHANGED Viewed

@@ -71,7 +71,6 @@ import {
 	getClaudeLabels,
 	getClaudeActiveLabelInfo,
 	readClaudeActiveStoreContainer,
-	findClaudeSessionKey,
 } from "./claude-accounts.js";
 import {
 	updateOpencodeAuth,
@@ -92,9 +91,7 @@ import {
 	loadClaudeOAuthFromOpenCode,
 	loadClaudeOAuthFromEnv,
 	loadAllClaudeOAuthAccounts,
-	fetchClaudeOAuthUsage,
 	fetchClaudeOAuthUsageForAccount,
-	fetchClaudeUsage,
 	deduplicateClaudeOAuthAccounts,
 	deduplicateClaudeResultsByUsage,
 } from "./claude-usage.js";
@@ -832,7 +829,7 @@ export async function handleClaudeList(flags) {
 			accounts: claudeAccounts.map(account => ({
 				label: account.label,
 				source: account.source,
-				hasSessionKey: Boolean(account.sessionKey ?? findClaudeSessionKey(account.cookies)),
+				authType: account.oauthToken ? "oauth" : "unsupported",
 				hasOauthToken: Boolean(account.oauthToken),
 				orgId: account.orgId ?? null,
 				isActive: activeLabel !== null && account.label === activeLabel,
@@ -873,14 +870,7 @@ export async function handleClaudeList(flags) {
 		const isActive = activeLabel !== null && account.label === activeLabel;
 		const marker = isActive ? "*" : " ";
 		const statusText = isActive ? " [active]" : "";
-		const authParts = [];
-		if (account.sessionKey ?? findClaudeSessionKey(account.cookies)) {
-			authParts.push("sessionKey");
-		}
-		if (account.oauthToken) {
-			authParts.push("oauthToken");
-		}
-		const authDisplay = authParts.length ? authParts.join("+") : "unknown";
+		const authDisplay = account.oauthToken ? "oauthToken" : "unsupported";
 		claudeLines.push(`${marker} ${account.label}${statusText}`);
 		claudeLines.push(`  Auth: ${authDisplay} | ${shortenPath(account.source)}`);
 		if (i < claudeAccounts.length - 1) {
@@ -1428,6 +1418,9 @@ export async function handleClaudeAdd(args, flags) {
 		if (flags.oauth && flags.manual) {
 			throw new Error("Cannot use both --oauth and --manual flags. Choose one authentication method.");
 		}
+		if (flags.manual) {
+			throw new Error("Manual Claude credential entry is no longer supported. Use OAuth authentication instead.");
+		}
 		const existingAccounts = loadClaudeAccounts();
 		const existingLabels = new Set(existingAccounts.map(a => a.label));
@@ -1446,74 +1439,18 @@ export async function handleClaudeAdd(args, flags) {
 			throw new Error(`Label "${label}" already exists. Choose a different label.`);
 		}
-		// Determine authentication method
-		let useOAuth = flags.oauth;
-		if (!flags.oauth && !flags.manual) {
-			// Prompt for choice
-			console.log("\nChoose authentication method:");
-			console.log("  [1] OAuth (recommended) - Authenticate via browser");
-			console.log("  [2] Manual - Paste sessionKey/token directly\n");
-			const choice = (await promptInput("Enter choice (1 or 2): ")).trim();
-			useOAuth = choice === "1";
-		}
 		let newAccount;
 		let viaMethod;
-		if (useOAuth) {
-			// OAuth browser flow
-			const tokens = await handleClaudeOAuthFlow({ noBrowser: flags.noBrowser });
-			newAccount = {
-				label,
-				sessionKey: null,
-				oauthToken: tokens.accessToken,
-				oauthRefreshToken: tokens.refreshToken,
-				oauthExpiresAt: tokens.expiresAt,
-				oauthScopes: tokens.scopes,
-				cfClearance: null,
-				orgId: null,
-			};
-			viaMethod = "via OAuth";
-		} else {
-			// Manual entry flow
-			console.log("\nPaste your Claude sessionKey or OAuth token.");
-			const sessionKeyInput = await promptInput("sessionKey (sk-ant-...): ", { allowEmpty: true });
-			const oauthTokenInput = await promptInput("oauthToken (optional): ", { allowEmpty: true });
-			const cfClearanceInput = await promptInput("cfClearance (optional): ", { allowEmpty: true });
-			const orgIdInput = await promptInput("orgId (optional): ", { allowEmpty: true });
-			let parsedInput = null;
-			if (sessionKeyInput && sessionKeyInput.trim().startsWith("{")) {
-				try {
-					parsedInput = JSON.parse(sessionKeyInput);
-				} catch {
-					parsedInput = null;
-				}
-			}
-			const sessionKey = findClaudeSessionKey(parsedInput ?? sessionKeyInput) ?? null;
-			const oauthToken = oauthTokenInput?.trim()
-				|| parsedInput?.claudeAiOauth?.accessToken
-				|| parsedInput?.claude_ai_oauth?.accessToken
-				|| parsedInput?.accessToken
-				|| parsedInput?.access_token
-				|| null;
-			const cfClearance = cfClearanceInput?.trim() || null;
-			const orgId = orgIdInput?.trim() || null;
-			if (!sessionKey && !oauthToken) {
-				throw new Error("Provide at least a sessionKey or an OAuth token.");
-			}
-			newAccount = {
-				label,
-				sessionKey,
-				oauthToken,
-				cfClearance,
-				orgId,
-			};
-			viaMethod = "";
-		}
+		const tokens = await handleClaudeOAuthFlow({ noBrowser: flags.noBrowser });
+		newAccount = {
+			label,
+			oauthToken: tokens.accessToken,
+			oauthRefreshToken: tokens.refreshToken,
+			oauthExpiresAt: tokens.expiresAt,
+			oauthScopes: tokens.scopes,
+			orgId: null,
+		};
+		viaMethod = "via OAuth";
 		const { path: targetPath, container } = readClaudeActiveStoreContainer();
 		const accounts = [...container.accounts, newAccount];
@@ -1521,11 +1458,11 @@ export async function handleClaudeAdd(args, flags) {
 		if (flags.json) {
 			console.log(JSON.stringify({
-				success: true,
-				label,
-				method: useOAuth ? "oauth" : "manual",
-				source: targetPath,
-			}, null, 2));
+					success: true,
+					label,
+					method: "oauth",
+					source: targetPath,
+				}, null, 2));
 			return;
 		}
@@ -1887,42 +1824,21 @@ export async function handleQuota(args, flags, scope = "all") {
 				filteredOauthAccounts.map(account => fetchClaudeOAuthUsageForAccount(account))
 			);
 			claudeResults = deduplicateClaudeResultsByUsage(rawResults);
-		} else {
-			const claudeAccounts = loadClaudeAccounts();
-			const filteredClaudeAccounts = wantsClaudeLabel
-				? claudeAccounts.filter(account => account.label === labelFilter)
-				: claudeAccounts;
-			if (filteredClaudeAccounts.length) {
-				const rawResults = await Promise.all(
-					filteredClaudeAccounts.map(account => fetchClaudeUsageForCredentials(account))
-				);
-				claudeResults = deduplicateClaudeResultsByUsage(rawResults);
-			} else if (wantsClaudeLabel) {
-				const availableLabels = new Set([
-					...oauthAccounts.map(account => account.label),
-					...claudeAccounts.map(account => account.label),
-				]);
-				const labelList = Array.from(availableLabels);
-				if (flags.json) {
-					console.log(JSON.stringify({
-						success: false,
-						error: `Claude account "${labelFilter}" not found`,
-						availableLabels: labelList,
-					}, null, 2));
-				} else {
-					console.error(colorize(`Claude account "${labelFilter}" not found.`, RED));
-					if (labelList.length) {
-						console.error(`Available: ${labelList.join(", ")}`);
-					}
-				}
-				process.exit(1);
+		} else if (wantsClaudeLabel) {
+			const labelList = Array.from(new Set(oauthAccounts.map(account => account.label)));
+			if (flags.json) {
+				console.log(JSON.stringify({
+					success: false,
+					error: `Claude account "${labelFilter}" not found`,
+					availableLabels: labelList,
+				}, null, 2));
 			} else {
-				const legacyResult = await fetchClaudeUsage();
-				if (legacyResult.success || legacyResult.usage) {
-					claudeResults = [legacyResult];
+				console.error(colorize(`Claude account "${labelFilter}" not found.`, RED));
+				if (labelList.length) {
+					console.error(`Available: ${labelList.join(", ")}`);
 				}
 			}
+			process.exit(1);
 		}
 	}
@@ -2057,4 +1973,3 @@ export async function handleQuota(args, flags, scope = "all") {
 		}
 	}
 }

package/tools/vendor/codex-quota/lib/sync.js CHANGED Viewed

@@ -29,7 +29,6 @@ import {
 	getClaudeLabels,
 	readClaudeActiveStoreContainer,
 	getClaudeActiveLabelInfo,
-	findClaudeSessionKey,
 	loadClaudeAccountsFromFile,
 } from "./claude-accounts.js";
 import {
@@ -652,16 +651,14 @@ export async function maybeImportClaudeOauthStores(options = {}) {
 				console.error(colorize(`Skipping: label "${label}" already exists.`, YELLOW));
 				continue;
 			}
-			const newAccount = {
-				label,
-				sessionKey: null,
-				oauthToken: store.tokens.access,
-				oauthRefreshToken: store.tokens.refresh ?? null,
-				oauthExpiresAt: store.tokens.expires ?? null,
-				oauthScopes: store.tokens.scopes ?? null,
-				cfClearance: null,
-				orgId: null,
-			};
+				const newAccount = {
+					label,
+					oauthToken: store.tokens.access,
+					oauthRefreshToken: store.tokens.refresh ?? null,
+					oauthExpiresAt: store.tokens.expires ?? null,
+					oauthScopes: store.tokens.scopes ?? null,
+					orgId: null,
+				};
 			container.accounts.push(newAccount);
 			managedAccounts.push(normalizeClaudeAccount(newAccount, targetPath));
 			existingLabels.add(label);
@@ -1430,9 +1427,7 @@ export async function handleClaudeSync(args, flags) {
 /**
  * Handle Claude add subcommand - add a Claude credential interactively
- * Supports two authentication methods:
- *   - OAuth browser flow (--oauth): Opens browser for authentication
- *   - Manual entry (--manual): Paste sessionKey/token directly
+ * Uses OAuth browser flow for authentication.
  * @param {string[]} args - Non-flag arguments (optional label)
  * @param {{ json: boolean, noBrowser: boolean, oauth: boolean, manual: boolean }} flags - Parsed flags
  */