agent-messenger 1.4.0 → 1.6.0

package/src/platforms/teams/credential-manager.ts

@@ -2,9 +2,11 @@ import { existsSync } from 'node:fs'
 import { mkdir, readFile, rm, writeFile } from 'node:fs/promises'
 import { homedir } from 'node:os'
 import { join } from 'node:path'
-import type { TeamsConfig } from './types'
+import type { TeamsAccount, TeamsAccountType, TeamsConfig, TeamsConfigLegacy } from './types'
 
 export class TeamsCredentialManager {
+  static accountOverride?: TeamsAccountType
+
   private configDir: string
   private credentialsPath: string
 
@@ -20,7 +22,8 @@ export class TeamsCredentialManager {
 
     try {
       const content = await readFile(this.credentialsPath, 'utf-8')
-      return JSON.parse(content) as TeamsConfig
+      const raw = JSON.parse(content)
+      return this.migrateIfNeeded(raw)
     } catch {
       return null
     }
@@ -31,49 +34,115 @@ export class TeamsCredentialManager {
     await writeFile(this.credentialsPath, JSON.stringify(config, null, 2), { mode: 0o600 })
   }
 
+  private migrateIfNeeded(raw: TeamsConfig | TeamsConfigLegacy): TeamsConfig {
+    if ('accounts' in raw && raw.accounts) {
+      return raw as TeamsConfig
+    }
+
+    const legacy = raw as TeamsConfigLegacy
+    const account: TeamsAccount = {
+      token: legacy.token,
+      token_expires_at: legacy.token_expires_at,
+      account_type: 'work',
+      current_team: legacy.current_team,
+      teams: legacy.teams,
+    }
+    return {
+      current_account: 'work',
+      accounts: { work: account },
+    }
+  }
+
+  private resolveAccountKey(config: TeamsConfig): string | null {
+    return TeamsCredentialManager.accountOverride ?? config.current_account
+  }
+
+  async getCurrentAccount(): Promise<TeamsAccount | null> {
+    const config = await this.loadConfig()
+    if (!config) return null
+    const key = this.resolveAccountKey(config)
+    if (!key) return null
+    return config.accounts[key] ?? null
+  }
+
+  private resolveCurrentAccount(config: TeamsConfig): TeamsAccount | null {
+    const key = this.resolveAccountKey(config)
+    if (!key) return null
+    return config.accounts[key] ?? null
+  }
+
   async getToken(): Promise<string | null> {
     const config = await this.loadConfig()
-    return config?.token ?? null
+    if (!config) return null
+    return this.resolveCurrentAccount(config)?.token ?? null
   }
 
-  async setToken(token: string, expiresAt?: string): Promise<void> {
+  async getTokenWithExpiry(): Promise<{ token: string; tokenExpiresAt?: string } | null> {
+    const config = await this.loadConfig()
+    if (!config) return null
+    const account = this.resolveCurrentAccount(config)
+    if (!account?.token) return null
+    return { token: account.token, tokenExpiresAt: account.token_expires_at }
+  }
+
+  async setToken(token: string, accountType: TeamsAccountType, expiresAt?: string): Promise<void> {
     let config = await this.loadConfig()
     if (!config) {
-      config = {
-        token,
-        current_team: null,
-        teams: {},
-      }
+      config = { current_account: accountType, accounts: {} }
     }
-    config.token = token
-    if (expiresAt !== undefined) {
-      config.token_expires_at = expiresAt
+    const existing = config.accounts[accountType]
+    config.accounts[accountType] = {
+      token,
+      token_expires_at: expiresAt,
+      account_type: accountType,
+      user_name: existing?.user_name,
+      current_team: existing?.current_team ?? null,
+      teams: existing?.teams ?? {},
+    }
+    if (!config.current_account) {
+      config.current_account = accountType
     }
     await this.saveConfig(config)
   }
 
   async getCurrentTeam(): Promise<{ team_id: string; team_name: string } | null> {
     const config = await this.loadConfig()
-    if (!config?.current_team) {
-      return null
-    }
-    return config.teams[config.current_team] ?? null
+    if (!config) return null
+    const account = this.resolveCurrentAccount(config)
+    if (!account?.current_team) return null
+    return account.teams[account.current_team] ?? null
   }
 
   async setCurrentTeam(teamId: string, teamName: string): Promise<void> {
-    let config = await this.loadConfig()
-    if (!config) {
-      config = {
-        token: '',
-        current_team: null,
-        teams: {},
-      }
-    }
-    config.current_team = teamId
-    config.teams[teamId] = { team_id: teamId, team_name: teamName }
+    const config = await this.loadConfig()
+    if (!config) return
+    const account = this.resolveCurrentAccount(config)
+    if (!account) return
+    account.current_team = teamId
+    account.teams[teamId] = { team_id: teamId, team_name: teamName }
+    await this.saveConfig(config)
+  }
+
+  async getCurrentAccountType(): Promise<TeamsAccountType | null> {
+    const config = await this.loadConfig()
+    if (!config) return null
+    const key = this.resolveAccountKey(config)
+    return (key as TeamsAccountType) ?? null
+  }
+
+  async setCurrentAccount(accountType: TeamsAccountType): Promise<void> {
+    const config = await this.loadConfig()
+    if (!config) return
+    if (!config.accounts[accountType]) return
+    config.current_account = accountType
     await this.saveConfig(config)
   }
 
+  async getAccounts(): Promise<Record<string, TeamsAccount>> {
+    const config = await this.loadConfig()
+    return config?.accounts ?? {}
+  }
+
   async clearCredentials(): Promise<void> {
     if (existsSync(this.credentialsPath)) {
       await rm(this.credentialsPath)
@@ -82,11 +151,17 @@ export class TeamsCredentialManager {
 
   async isTokenExpired(): Promise<boolean> {
     const config = await this.loadConfig()
-    if (!config?.token_expires_at) {
-      return true
-    }
+    if (!config) return true
+    const account = this.resolveCurrentAccount(config)
+    if (!account?.token_expires_at) return true
+    return new Date(account.token_expires_at).getTime() <= Date.now()
+  }
 
-    const expiresAt = new Date(config.token_expires_at)
-    return expiresAt.getTime() <= Date.now()
+  async isAccountTokenExpired(accountType: TeamsAccountType): Promise<boolean> {
+    const config = await this.loadConfig()
+    if (!config) return true
+    const account = config.accounts[accountType]
+    if (!account?.token_expires_at) return true
+    return new Date(account.token_expires_at).getTime() <= Date.now()
   }
 }

package/src/platforms/teams/ensure-auth.test.ts

@@ -5,7 +5,6 @@ import { ensureTeamsAuth } from './ensure-auth'
 import { TeamsTokenExtractor } from './token-extractor'
 
 let loadConfigSpy: ReturnType<typeof spyOn>
-let isTokenExpiredSpy: ReturnType<typeof spyOn>
 let extractSpy: ReturnType<typeof spyOn>
 let testAuthSpy: ReturnType<typeof spyOn>
 let listTeamsSpy: ReturnType<typeof spyOn>
@@ -14,11 +13,9 @@ let saveConfigSpy: ReturnType<typeof spyOn>
 beforeEach(() => {
   loadConfigSpy = spyOn(TeamsCredentialManager.prototype, 'loadConfig').mockResolvedValue(null)
 
-  isTokenExpiredSpy = spyOn(TeamsCredentialManager.prototype, 'isTokenExpired').mockResolvedValue(true)
-
-  extractSpy = spyOn(TeamsTokenExtractor.prototype, 'extract').mockResolvedValue({
-    token: 'test-teams-token',
-  })
+  extractSpy = spyOn(TeamsTokenExtractor.prototype, 'extract').mockResolvedValue([
+    { token: 'test-teams-token', accountType: 'work' },
+  ])
 
   testAuthSpy = spyOn(TeamsClient.prototype, 'testAuth').mockResolvedValue({
     id: 'user-123',
@@ -35,7 +32,6 @@ beforeEach(() => {
 
 afterEach(() => {
   loadConfigSpy?.mockRestore()
-  isTokenExpiredSpy?.mockRestore()
   extractSpy?.mockRestore()
   testAuthSpy?.mockRestore()
   listTeamsSpy?.mockRestore()
@@ -46,11 +42,17 @@ describe('ensureTeamsAuth', () => {
   test('skips extraction when token exists and not expired', async () => {
     // given
     loadConfigSpy.mockResolvedValue({
-      token: 'existing-token',
-      current_team: 'team-1',
-      teams: { 'team-1': { team_id: 'team-1', team_name: 'Team One' } },
+      current_account: 'work',
+      accounts: {
+        work: {
+          token: 'existing-token',
+          token_expires_at: new Date(Date.now() + 3600000).toISOString(),
+          account_type: 'work',
+          current_team: 'team-1',
+          teams: { 'team-1': { team_id: 'team-1', team_name: 'Team 1' } },
+        },
+      },
     })
-    isTokenExpiredSpy.mockResolvedValue(false)
 
     // when
     await ensureTeamsAuth()
@@ -71,12 +73,17 @@ describe('ensureTeamsAuth', () => {
     expect(testAuthSpy).toHaveBeenCalled()
     expect(saveConfigSpy).toHaveBeenCalledWith(
       expect.objectContaining({
-        token: 'test-teams-token',
-        current_team: 'team-1',
-        teams: {
-          'team-1': { team_id: 'team-1', team_name: 'Team One' },
-          'team-2': { team_id: 'team-2', team_name: 'Team Two' },
-        },
+        current_account: 'work',
+        accounts: expect.objectContaining({
+          work: expect.objectContaining({
+            token: 'test-teams-token',
+            current_team: 'team-1',
+            teams: {
+              'team-1': { team_id: 'team-1', team_name: 'Team One' },
+              'team-2': { team_id: 'team-2', team_name: 'Team Two' },
+            },
+          }),
+        }),
       }),
     )
   })
@@ -84,19 +91,31 @@ describe('ensureTeamsAuth', () => {
   test('re-extracts when token is expired', async () => {
     // given
     loadConfigSpy.mockResolvedValue({
-      token: 'expired-token',
-      current_team: 'team-1',
-      teams: { 'team-1': { team_id: 'team-1', team_name: 'Team One' } },
-      token_expires_at: new Date(Date.now() - 3600000).toISOString(),
+      current_account: 'work',
+      accounts: {
+        work: {
+          token: 'expired-token',
+          token_expires_at: new Date(Date.now() - 3600000).toISOString(),
+          account_type: 'work',
+          current_team: 'team-1',
+          teams: { 'team-1': { team_id: 'team-1', team_name: 'Team One' } },
+        },
+      },
     })
-    isTokenExpiredSpy.mockResolvedValue(true)
 
     // when
     await ensureTeamsAuth()
 
     // then
     expect(extractSpy).toHaveBeenCalled()
-    expect(saveConfigSpy).toHaveBeenCalledWith(expect.objectContaining({ token: 'test-teams-token' }))
+    expect(saveConfigSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        current_account: 'work',
+        accounts: expect.objectContaining({
+          work: expect.objectContaining({ token: 'test-teams-token' }),
+        }),
+      }),
+    )
   })
 
   test('sets first team as current', async () => {
@@ -104,7 +123,13 @@ describe('ensureTeamsAuth', () => {
     await ensureTeamsAuth()
 
     // then
-    expect(saveConfigSpy).toHaveBeenCalledWith(expect.objectContaining({ current_team: 'team-1' }))
+    expect(saveConfigSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        accounts: expect.objectContaining({
+          work: expect.objectContaining({ current_team: 'team-1' }),
+        }),
+      }),
+    )
   })
 
   test('saves token_expires_at', async () => {
@@ -115,14 +140,14 @@ describe('ensureTeamsAuth', () => {
 
     // then
     const savedConfig = saveConfigSpy.mock.calls[0][0]
-    const expiresAt = new Date(savedConfig.token_expires_at).getTime()
+    const expiresAt = new Date(savedConfig.accounts.work.token_expires_at).getTime()
     expect(expiresAt).toBeGreaterThanOrEqual(before + 60 * 60 * 1000 - 1)
     expect(expiresAt).toBeLessThanOrEqual(after + 60 * 60 * 1000 + 1)
   })
 
   test('does not save when extraction returns null', async () => {
     // given
-    extractSpy.mockResolvedValue(null)
+    extractSpy.mockResolvedValue([])
 
     // when
     await ensureTeamsAuth()
@@ -164,4 +189,78 @@ describe('ensureTeamsAuth', () => {
     // then
     expect(saveConfigSpy).not.toHaveBeenCalled()
   })
+
+  test('extracts and saves multiple accounts', async () => {
+    // given
+    extractSpy.mockResolvedValue([
+      { token: 'work-token', accountType: 'work' },
+      { token: 'personal-token', accountType: 'personal' },
+    ])
+
+    testAuthSpy
+      .mockResolvedValueOnce({ id: 'user-1', displayName: 'Work User' })
+      .mockResolvedValueOnce({ id: 'user-2', displayName: 'Personal User' })
+
+    listTeamsSpy
+      .mockResolvedValueOnce([{ id: 'team-w', name: 'Work Team' }])
+      .mockResolvedValueOnce([{ id: 'team-p', name: 'Personal Team' }])
+
+    // when
+    await ensureTeamsAuth()
+
+    // then
+    expect(saveConfigSpy).toHaveBeenCalledWith(
+      expect.objectContaining({
+        current_account: 'work',
+        accounts: expect.objectContaining({
+          work: expect.objectContaining({ token: 'work-token', current_team: 'team-w' }),
+          personal: expect.objectContaining({ token: 'personal-token', current_team: 'team-p' }),
+        }),
+      }),
+    )
+  })
+
+  test('skips failed account but saves successful ones', async () => {
+    // given
+    extractSpy.mockResolvedValue([
+      { token: 'work-token', accountType: 'work' },
+      { token: 'bad-token', accountType: 'personal' },
+    ])
+
+    testAuthSpy
+      .mockResolvedValueOnce({ id: 'user-1', displayName: 'Work User' })
+      .mockRejectedValueOnce(new Error('401 Unauthorized'))
+
+    listTeamsSpy.mockResolvedValueOnce([{ id: 'team-w', name: 'Work Team' }])
+
+    // when
+    await ensureTeamsAuth()
+
+    // then
+    const savedConfig = saveConfigSpy.mock.calls[0][0]
+    expect(savedConfig.accounts.work).toBeDefined()
+    expect(savedConfig.accounts.personal).toBeUndefined()
+  })
+
+  test('re-extracts when token is empty string', async () => {
+    // given
+    loadConfigSpy.mockResolvedValue({
+      current_account: 'work',
+      accounts: {
+        work: {
+          token: '',
+          token_expires_at: new Date(Date.now() + 3600000).toISOString(),
+          account_type: 'work',
+          current_team: 'team-1',
+          teams: { 'team-1': { team_id: 'team-1', team_name: 'Team One' } },
+        },
+      },
+    })
+
+    // when
+    await ensureTeamsAuth()
+
+    // then
+    expect(extractSpy).toHaveBeenCalled()
+  })
 })

package/src/platforms/teams/ensure-auth.ts

@@ -1,34 +1,66 @@
 import { TeamsClient } from './client'
 import { TeamsCredentialManager } from './credential-manager'
 import { TeamsTokenExtractor } from './token-extractor'
+import type { TeamsAccount, TeamsConfig } from './types'
 
 export async function ensureTeamsAuth(): Promise<void> {
   try {
     const credManager = new TeamsCredentialManager()
     const config = await credManager.loadConfig()
 
-    if (config?.token && !(await credManager.isTokenExpired())) return
+    if (config && hasValidToken(config)) return
 
     const extractor = new TeamsTokenExtractor()
     const extracted = await extractor.extract()
-    if (!extracted) return
+    if (extracted.length === 0) return
 
-    const client = new TeamsClient(extracted.token)
-    await client.testAuth()
+    const newConfig: TeamsConfig = {
+      current_account: config?.current_account ?? null,
+      accounts: { ...config?.accounts },
+    }
+
+    for (const { token, accountType } of extracted) {
+      try {
+        const client = new TeamsClient(token)
+        await client.testAuth()
+
+        const teams = await client.listTeams()
+        if (teams.length === 0) continue
+
+        const teamMap: Record<string, { team_id: string; team_name: string }> = {}
+        for (const team of teams) {
+          teamMap[team.id] = { team_id: team.id, team_name: team.name }
+        }
 
-    const teams = await client.listTeams()
-    if (teams.length === 0) return
+        const existing = newConfig.accounts[accountType]
+        const account: TeamsAccount = {
+          token,
+          token_expires_at: new Date(Date.now() + 60 * 60 * 1000).toISOString(),
+          account_type: accountType,
+          user_name: existing?.user_name,
+          current_team: existing?.current_team ?? teams[0].id,
+          teams: teamMap,
+        }
 
-    const teamMap: Record<string, { team_id: string; team_name: string }> = {}
-    for (const team of teams) {
-      teamMap[team.id] = { team_id: team.id, team_name: team.name }
+        newConfig.accounts[accountType] = account
+        if (!newConfig.current_account) {
+          newConfig.current_account = accountType
+        }
+      } catch (error) {
+        console.error(`[agent-teams] Skipping ${accountType} account: ${(error as Error).message}`)
+      }
     }
 
-    await credManager.saveConfig({
-      token: extracted.token,
-      current_team: teams[0].id,
-      teams: teamMap,
-      token_expires_at: new Date(Date.now() + 60 * 60 * 1000).toISOString(),
-    })
+    if (Object.keys(newConfig.accounts).length > 0) {
+      await credManager.saveConfig(newConfig)
+    }
   } catch {}
 }
+
+function hasValidToken(config: TeamsConfig): boolean {
+  const key = TeamsCredentialManager.accountOverride ?? config.current_account
+  if (!key) return false
+  const account = config.accounts[key]
+  if (!account?.token || !account.token_expires_at) return false
+  return new Date(account.token_expires_at).getTime() > Date.now()
+}