npm - agent-messenger - Versions diffs - 2.0.0 → 2.2.0 - Mend

agent-messenger 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/.claude-plugin/marketplace.json +14 -1
package/.claude-plugin/plugin.json +4 -2
package/.env.template +35 -17
package/README.md +37 -33
package/bun.lock +6 -6
package/dist/package.json +11 -3
package/dist/src/cli.d.ts.map +1 -1
package/dist/src/cli.js +3 -0
package/dist/src/cli.js.map +1 -1
package/dist/src/platforms/channeltalk/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/channeltalk/commands/auth.js +35 -28
package/dist/src/platforms/channeltalk/commands/auth.js.map +1 -1
package/dist/src/platforms/channeltalk/ensure-auth.js +6 -6
package/dist/src/platforms/channeltalk/ensure-auth.js.map +1 -1
package/dist/src/platforms/channeltalk/token-extractor.d.ts +23 -1
package/dist/src/platforms/channeltalk/token-extractor.d.ts.map +1 -1
package/dist/src/platforms/channeltalk/token-extractor.js +299 -29
package/dist/src/platforms/channeltalk/token-extractor.js.map +1 -1
package/dist/src/platforms/discord/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/discord/commands/auth.js +57 -49
package/dist/src/platforms/discord/commands/auth.js.map +1 -1
package/dist/src/platforms/discord/ensure-auth.js +3 -3
package/dist/src/platforms/discord/ensure-auth.js.map +1 -1
package/dist/src/platforms/discord/token-extractor.d.ts +6 -1
package/dist/src/platforms/discord/token-extractor.d.ts.map +1 -1
package/dist/src/platforms/discord/token-extractor.js +167 -14
package/dist/src/platforms/discord/token-extractor.js.map +1 -1
package/dist/src/platforms/instagram/client.d.ts +2 -0
package/dist/src/platforms/instagram/client.d.ts.map +1 -1
package/dist/src/platforms/instagram/client.js +2 -2
package/dist/src/platforms/instagram/client.js.map +1 -1
package/dist/src/platforms/instagram/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/instagram/commands/auth.js +107 -14
package/dist/src/platforms/instagram/commands/auth.js.map +1 -1
package/dist/src/platforms/instagram/ensure-auth.d.ts.map +1 -1
package/dist/src/platforms/instagram/ensure-auth.js +57 -11
package/dist/src/platforms/instagram/ensure-auth.js.map +1 -1
package/dist/src/platforms/instagram/index.d.ts +1 -0
package/dist/src/platforms/instagram/index.d.ts.map +1 -1
package/dist/src/platforms/instagram/index.js +1 -0
package/dist/src/platforms/instagram/index.js.map +1 -1
package/dist/src/platforms/instagram/token-extractor.d.ts +44 -0
package/dist/src/platforms/instagram/token-extractor.d.ts.map +1 -0
package/dist/src/platforms/instagram/token-extractor.js +407 -0
package/dist/src/platforms/instagram/token-extractor.js.map +1 -0
package/dist/src/platforms/kakaotalk/client.d.ts.map +1 -1
package/dist/src/platforms/kakaotalk/client.js +2 -1
package/dist/src/platforms/kakaotalk/client.js.map +1 -1
package/dist/src/platforms/kakaotalk/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/kakaotalk/commands/auth.js +14 -13
package/dist/src/platforms/kakaotalk/commands/auth.js.map +1 -1
package/dist/src/platforms/kakaotalk/protocol/connection.d.ts.map +1 -1
package/dist/src/platforms/kakaotalk/protocol/connection.js +2 -1
package/dist/src/platforms/kakaotalk/protocol/connection.js.map +1 -1
package/dist/src/platforms/line/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/line/commands/auth.js +6 -5
package/dist/src/platforms/line/commands/auth.js.map +1 -1
package/dist/src/platforms/slack/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/slack/commands/auth.js +11 -10
package/dist/src/platforms/slack/commands/auth.js.map +1 -1
package/dist/src/platforms/slack/token-extractor.d.ts +9 -0
package/dist/src/platforms/slack/token-extractor.d.ts.map +1 -1
package/dist/src/platforms/slack/token-extractor.js +300 -23
package/dist/src/platforms/slack/token-extractor.js.map +1 -1
package/dist/src/platforms/teams/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/teams/commands/auth.js +9 -8
package/dist/src/platforms/teams/commands/auth.js.map +1 -1
package/dist/src/platforms/teams/ensure-auth.d.ts.map +1 -1
package/dist/src/platforms/teams/ensure-auth.js +2 -1
package/dist/src/platforms/teams/ensure-auth.js.map +1 -1
package/dist/src/platforms/teams/token-extractor.d.ts +5 -0
package/dist/src/platforms/teams/token-extractor.d.ts.map +1 -1
package/dist/src/platforms/teams/token-extractor.js +161 -29
package/dist/src/platforms/teams/token-extractor.js.map +1 -1
package/dist/src/platforms/telegram/client.d.ts.map +1 -1
package/dist/src/platforms/telegram/client.js +25 -7
package/dist/src/platforms/telegram/client.js.map +1 -1
package/dist/src/platforms/telegram/commands/auth.d.ts.map +1 -1
package/dist/src/platforms/telegram/commands/auth.js +6 -5
package/dist/src/platforms/telegram/commands/auth.js.map +1 -1
package/dist/src/platforms/webex/app-config.d.ts +7 -0
package/dist/src/platforms/webex/app-config.d.ts.map +1 -0
package/dist/src/platforms/webex/app-config.js +20 -0
package/dist/src/platforms/webex/app-config.js.map +1 -0
package/dist/src/platforms/webex/cli.d.ts +5 -0
package/dist/src/platforms/webex/cli.d.ts.map +1 -0
package/dist/src/platforms/webex/cli.js +32 -0
package/dist/src/platforms/webex/cli.js.map +1 -0
package/dist/src/platforms/webex/client.d.ts +55 -0
package/dist/src/platforms/webex/client.d.ts.map +1 -0
package/dist/src/platforms/webex/client.js +299 -0
package/dist/src/platforms/webex/client.js.map +1 -0
package/dist/src/platforms/webex/commands/auth.d.ts +19 -0
package/dist/src/platforms/webex/commands/auth.d.ts.map +1 -0
package/dist/src/platforms/webex/commands/auth.js +166 -0
package/dist/src/platforms/webex/commands/auth.js.map +1 -0
package/dist/src/platforms/webex/commands/index.d.ts +6 -0
package/dist/src/platforms/webex/commands/index.d.ts.map +1 -0
package/dist/src/platforms/webex/commands/index.js +6 -0
package/dist/src/platforms/webex/commands/index.js.map +1 -0
package/dist/src/platforms/webex/commands/member.d.ts +7 -0
package/dist/src/platforms/webex/commands/member.d.ts.map +1 -0
package/dist/src/platforms/webex/commands/member.js +34 -0
package/dist/src/platforms/webex/commands/member.js.map +1 -0
package/dist/src/platforms/webex/commands/message.d.ts +26 -0
package/dist/src/platforms/webex/commands/message.d.ts.map +1 -0
package/dist/src/platforms/webex/commands/message.js +153 -0
package/dist/src/platforms/webex/commands/message.js.map +1 -0
package/dist/src/platforms/webex/commands/snapshot.d.ts +9 -0
package/dist/src/platforms/webex/commands/snapshot.d.ts.map +1 -0
package/dist/src/platforms/webex/commands/snapshot.js +72 -0
package/dist/src/platforms/webex/commands/snapshot.js.map +1 -0
package/dist/src/platforms/webex/commands/space.d.ts +11 -0
package/dist/src/platforms/webex/commands/space.d.ts.map +1 -0
package/dist/src/platforms/webex/commands/space.js +59 -0
package/dist/src/platforms/webex/commands/space.js.map +1 -0
package/dist/src/platforms/webex/credential-manager.d.ts +23 -0
package/dist/src/platforms/webex/credential-manager.d.ts.map +1 -0
package/dist/src/platforms/webex/credential-manager.js +148 -0
package/dist/src/platforms/webex/credential-manager.js.map +1 -0
package/dist/src/platforms/webex/ensure-auth.d.ts +2 -0
package/dist/src/platforms/webex/ensure-auth.d.ts.map +1 -0
package/dist/src/platforms/webex/ensure-auth.js +36 -0
package/dist/src/platforms/webex/ensure-auth.js.map +1 -0
package/dist/src/platforms/webex/index.d.ts +8 -0
package/dist/src/platforms/webex/index.d.ts.map +1 -0
package/dist/src/platforms/webex/index.js +6 -0
package/dist/src/platforms/webex/index.js.map +1 -0
package/dist/src/platforms/webex/token-extractor.d.ts +28 -0
package/dist/src/platforms/webex/token-extractor.d.ts.map +1 -0
package/dist/src/platforms/webex/token-extractor.js +344 -0
package/dist/src/platforms/webex/token-extractor.js.map +1 -0
package/dist/src/platforms/webex/types.d.ts +127 -0
package/dist/src/platforms/webex/types.d.ts.map +1 -0
package/dist/src/platforms/webex/types.js +64 -0
package/dist/src/platforms/webex/types.js.map +1 -0
package/dist/src/platforms/whatsapp/client.d.ts.map +1 -1
package/dist/src/platforms/whatsapp/client.js +6 -2
package/dist/src/platforms/whatsapp/client.js.map +1 -1
package/dist/src/shared/utils/derived-key-cache.d.ts +1 -1
package/dist/src/shared/utils/derived-key-cache.d.ts.map +1 -1
package/dist/src/shared/utils/error-handler.d.ts +1 -1
package/dist/src/shared/utils/error-handler.d.ts.map +1 -1
package/dist/src/shared/utils/error-handler.js +3 -2
package/dist/src/shared/utils/error-handler.js.map +1 -1
package/dist/src/shared/utils/stderr.d.ts +5 -0
package/dist/src/shared/utils/stderr.d.ts.map +1 -0
package/dist/src/shared/utils/stderr.js +18 -0
package/dist/src/shared/utils/stderr.js.map +1 -0
package/dist/src/tui/adapters/webex-adapter.d.ts +14 -0
package/dist/src/tui/adapters/webex-adapter.d.ts.map +1 -0
package/dist/src/tui/adapters/webex-adapter.js +79 -0
package/dist/src/tui/adapters/webex-adapter.js.map +1 -0
package/dist/src/tui/app.d.ts.map +1 -1
package/dist/src/tui/app.js +2 -0
package/dist/src/tui/app.js.map +1 -1
package/docs/content/docs/cli/channeltalk.mdx +7 -7
package/docs/content/docs/cli/discord.mdx +3 -3
package/docs/content/docs/cli/instagram.mdx +28 -6
package/docs/content/docs/cli/meta.json +1 -0
package/docs/content/docs/cli/slack.mdx +2 -2
package/docs/content/docs/cli/teams.mdx +6 -4
package/docs/content/docs/cli/webex.mdx +310 -0
package/docs/content/docs/sdk/meta.json +1 -1
package/docs/content/docs/sdk/webex.mdx +260 -0
package/docs/content/docs/tui.mdx +4 -3
package/docs/src/app/page.tsx +2 -2
package/e2e/README.md +132 -8
package/e2e/channeltalk.e2e.test.ts +2 -7
package/e2e/channeltalkbot.e2e.test.ts +2 -6
package/e2e/config.ts +172 -10
package/e2e/helpers.ts +7 -0
package/e2e/instagram.e2e.test.ts +97 -0
package/e2e/kakaotalk.e2e.test.ts +74 -0
package/e2e/line.e2e.test.ts +92 -0
package/e2e/teams.e2e.test.ts +46 -1
package/e2e/telegram.e2e.test.ts +84 -0
package/e2e/webex.e2e.test.ts +190 -0
package/e2e/whatsapp.e2e.test.ts +90 -0
package/e2e/whatsappbot.e2e.test.ts +78 -0
package/package.json +11 -3
package/skills/agent-channeltalk/SKILL.md +9 -9
package/skills/agent-channeltalk/references/authentication.md +21 -18
package/skills/agent-channeltalkbot/SKILL.md +1 -1
package/skills/agent-discord/SKILL.md +5 -5
package/skills/agent-discord/references/authentication.md +8 -8
package/skills/agent-discordbot/SKILL.md +1 -1
package/skills/agent-instagram/SKILL.md +51 -9
package/skills/agent-instagram/references/authentication.md +35 -3
package/skills/agent-kakaotalk/SKILL.md +1 -1
package/skills/agent-line/SKILL.md +1 -1
package/skills/agent-slack/SKILL.md +5 -5
package/skills/agent-slack/references/authentication.md +8 -8
package/skills/agent-slackbot/SKILL.md +1 -1
package/skills/agent-teams/SKILL.md +6 -6
package/skills/agent-teams/references/authentication.md +8 -8
package/skills/agent-telegram/SKILL.md +1 -1
package/skills/agent-webex/SKILL.md +406 -0
package/skills/agent-webex/references/authentication.md +371 -0
package/skills/agent-webex/references/common-patterns.md +726 -0
package/skills/agent-webex/templates/monitor-space.sh +165 -0
package/skills/agent-webex/templates/post-message.sh +170 -0
package/skills/agent-whatsapp/SKILL.md +1 -1
package/skills/agent-whatsappbot/SKILL.md +1 -1
package/src/cli.ts +4 -0
package/src/platforms/channeltalk/commands/auth.test.ts +5 -5
package/src/platforms/channeltalk/commands/auth.ts +38 -32
package/src/platforms/channeltalk/ensure-auth.test.ts +6 -6
package/src/platforms/channeltalk/ensure-auth.ts +6 -6
package/src/platforms/channeltalk/token-extractor.test.ts +182 -15
package/src/platforms/channeltalk/token-extractor.ts +344 -30
package/src/platforms/discord/commands/auth.test.ts +3 -3
package/src/platforms/discord/commands/auth.ts +58 -54
package/src/platforms/discord/ensure-auth.test.ts +3 -3
package/src/platforms/discord/ensure-auth.ts +3 -3
package/src/platforms/discord/token-extractor.test.ts +199 -27
package/src/platforms/discord/token-extractor.ts +190 -17
package/src/platforms/instagram/client.ts +2 -2
package/src/platforms/instagram/commands/auth.ts +133 -14
package/src/platforms/instagram/ensure-auth.ts +63 -12
package/src/platforms/instagram/index.ts +1 -0
package/src/platforms/instagram/token-extractor.test.ts +424 -0
package/src/platforms/instagram/token-extractor.ts +478 -0
package/src/platforms/kakaotalk/client.ts +3 -1
package/src/platforms/kakaotalk/commands/auth.ts +14 -13
package/src/platforms/kakaotalk/protocol/connection.ts +3 -1
package/src/platforms/line/commands/auth.ts +7 -6
package/src/platforms/slack/cli.test.ts +6 -5
package/src/platforms/slack/commands/auth.test.ts +11 -7
package/src/platforms/slack/commands/auth.ts +11 -10
package/src/platforms/slack/token-extractor.test.ts +98 -1
package/src/platforms/slack/token-extractor.ts +338 -26
package/src/platforms/teams/commands/auth.ts +9 -8
package/src/platforms/teams/ensure-auth.ts +3 -1
package/src/platforms/teams/token-extractor.test.ts +136 -17
package/src/platforms/teams/token-extractor.ts +182 -31
package/src/platforms/telegram/client.test.ts +134 -0
package/src/platforms/telegram/client.ts +27 -6
package/src/platforms/telegram/commands/auth.ts +6 -5
package/src/platforms/webex/app-config.test.ts +98 -0
package/src/platforms/webex/app-config.ts +31 -0
package/src/platforms/webex/cli.test.ts +58 -0
package/src/platforms/webex/cli.ts +39 -0
package/src/platforms/webex/client.test.ts +743 -0
package/src/platforms/webex/client.ts +405 -0
package/src/platforms/webex/commands/auth.test.ts +222 -0
package/src/platforms/webex/commands/auth.ts +243 -0
package/src/platforms/webex/commands/index.ts +5 -0
package/src/platforms/webex/commands/member.test.ts +112 -0
package/src/platforms/webex/commands/member.ts +45 -0
package/src/platforms/webex/commands/message.test.ts +235 -0
package/src/platforms/webex/commands/message.ts +204 -0
package/src/platforms/webex/commands/snapshot.test.ts +105 -0
package/src/platforms/webex/commands/snapshot.ts +91 -0
package/src/platforms/webex/commands/space.test.ts +216 -0
package/src/platforms/webex/commands/space.ts +74 -0
package/src/platforms/webex/credential-manager.test.ts +314 -0
package/src/platforms/webex/credential-manager.ts +197 -0
package/src/platforms/webex/ensure-auth.test.ts +89 -0
package/src/platforms/webex/ensure-auth.ts +38 -0
package/src/platforms/webex/index.test.ts +25 -0
package/src/platforms/webex/index.ts +19 -0
package/src/platforms/webex/token-extractor.test.ts +327 -0
package/src/platforms/webex/token-extractor.ts +393 -0
package/src/platforms/webex/types.test.ts +307 -0
package/src/platforms/webex/types.ts +129 -0
package/src/platforms/whatsapp/client.ts +11 -7
package/src/shared/utils/derived-key-cache.ts +1 -1
package/src/shared/utils/error-handler.ts +4 -2
package/src/shared/utils/stderr.ts +22 -0
package/src/tui/adapters/webex-adapter.ts +103 -0
package/src/tui/app.ts +2 -0

package/src/platforms/webex/credential-manager.test.ts ADDED Viewed

@@ -0,0 +1,314 @@
+import { afterEach, beforeEach, describe, expect, mock, test } from 'bun:test'
+import { mkdtemp, rm, writeFile } from 'node:fs/promises'
+import { tmpdir } from 'node:os'
+import { join } from 'node:path'
+import { WebexCredentialManager } from './credential-manager'
+describe('WebexCredentialManager', () => {
+  let tempDir: string
+  let credManager: WebexCredentialManager
+  beforeEach(async () => {
+    tempDir = await mkdtemp(join(tmpdir(), 'webex-cred-test-'))
+    credManager = new WebexCredentialManager(tempDir)
+  })
+  afterEach(async () => {
+    await rm(tempDir, { recursive: true, force: true })
+    mock.restore()
+  })
+  test('loadConfig returns null when no file exists', async () => {
+    expect(await credManager.loadConfig()).toBeNull()
+  })
+  test('saveConfig + loadConfig round trip with OAuth tokens', async () => {
+    const config = {
+      accessToken: 'test-access-token',
+      refreshToken: 'test-refresh-token',
+      expiresAt: Date.now() + 3600000,
+    }
+    await credManager.saveConfig(config)
+    const loaded = await credManager.loadConfig()
+    expect(loaded).toEqual(config)
+  })
+  test('getToken returns accessToken when not expired', async () => {
+    await credManager.saveConfig({
+      accessToken: 'valid-token',
+      refreshToken: 'refresh',
+      expiresAt: Date.now() + 3600000, // 1 hour from now
+    })
+    const token = await credManager.getToken()
+    expect(token).toBe('valid-token')
+  })
+  test('getToken returns null when expired and no refresh available', async () => {
+    await credManager.saveConfig({
+      accessToken: 'expired-token',
+      refreshToken: 'bad-refresh',
+      expiresAt: Date.now() - 1000, // Already expired
+    })
+    const token = await credManager.getToken()
+    expect(token).toBeNull()
+  })
+  test('getToken auto-refreshes expired token', async () => {
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = mock(() =>
+      Promise.resolve(
+        new Response(
+          JSON.stringify({
+            access_token: 'new-access-token',
+            refresh_token: 'new-refresh-token',
+            expires_in: 3600,
+          }),
+          { status: 200 },
+        ),
+      ),
+    ) as typeof fetch
+    await credManager.saveConfig({
+      accessToken: 'expired-token',
+      refreshToken: 'valid-refresh',
+      expiresAt: Date.now() - 1000,
+      clientId: 'test-client-id',
+      clientSecret: 'test-client-secret',
+    })
+    const token = await credManager.getToken()
+    expect(token).toBe('new-access-token')
+    // Verify updated config was saved
+    const config = await credManager.loadConfig()
+    expect(config?.accessToken).toBe('new-access-token')
+    expect(config?.refreshToken).toBe('new-refresh-token')
+    globalThis.fetch = originalFetch
+  })
+  test('requestDeviceCode calls device authorize endpoint', async () => {
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = mock(() =>
+      Promise.resolve(
+        new Response(
+          JSON.stringify({
+            device_code: 'device-123',
+            user_code: '123456',
+            verification_uri: 'https://login-k.webex.com/verify',
+            verification_uri_complete: 'https://login-k.webex.com/verify?userCode=abc',
+            expires_in: 300,
+            interval: 2,
+          }),
+          { status: 200 },
+        ),
+      ),
+    ) as typeof fetch
+    const result = await credManager.requestDeviceCode('test-client-id')
+    expect(result.deviceCode).toBe('device-123')
+    expect(result.userCode).toBe('123456')
+    expect(result.verificationUri).toBe('https://login-k.webex.com/verify')
+    expect(result.interval).toBe(2)
+    globalThis.fetch = originalFetch
+  })
+  test('requestDeviceCode throws on failure', async () => {
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = mock(() =>
+      Promise.resolve(new Response('{"error":"invalid_client"}', { status: 400 })),
+    ) as typeof fetch
+    await expect(credManager.requestDeviceCode('test-client-id')).rejects.toThrow('Device authorization failed')
+    globalThis.fetch = originalFetch
+  })
+  test('pollDeviceToken polls until authorized', async () => {
+    const originalFetch = globalThis.fetch
+    let callCount = 0
+    globalThis.fetch = mock(() => {
+      callCount++
+      if (callCount <= 2) {
+        return Promise.resolve(new Response('', { status: 428 }))
+      }
+      return Promise.resolve(
+        new Response(
+          JSON.stringify({
+            access_token: 'device-access-token',
+            refresh_token: 'device-refresh-token',
+            expires_in: 3600,
+          }),
+          { status: 200 },
+        ),
+      )
+    }) as typeof fetch
+    const config = await credManager.pollDeviceToken('device-123', 0.01, 30, 'test-client-id', 'test-client-secret')
+    expect(config.accessToken).toBe('device-access-token')
+    expect(config.refreshToken).toBe('device-refresh-token')
+    globalThis.fetch = originalFetch
+  })
+  test('clearCredentials removes the file', async () => {
+    await credManager.saveConfig({
+      accessToken: 'token',
+      refreshToken: 'refresh',
+      expiresAt: Date.now() + 3600000,
+    })
+    await credManager.clearCredentials()
+    expect(await credManager.loadConfig()).toBeNull()
+  })
+  test('clearCredentials does nothing when no file', async () => {
+    await credManager.clearCredentials() // Should not throw
+  })
+  test('credentials file has 0o600 permissions', async () => {
+    await credManager.saveConfig({
+      accessToken: 'token',
+      refreshToken: 'refresh',
+      expiresAt: Date.now() + 3600000,
+    })
+    const { stat } = await import('node:fs/promises')
+    const credPath = join(tempDir, 'webex-credentials.json')
+    const stats = await stat(credPath)
+    const mode = stats.mode & 0o777
+    expect(mode).toBe(0o600)
+  })
+  test('pollDeviceToken with undefined clientSecret uses empty Basic auth', async () => {
+    const originalFetch = globalThis.fetch
+    let capturedAuth: string | null = null
+    globalThis.fetch = mock((url: string, init?: RequestInit) => {
+      capturedAuth = (init?.headers as Record<string, string>)?.Authorization ?? null
+      return Promise.resolve(
+        new Response(
+          JSON.stringify({
+            access_token: 'token',
+            refresh_token: 'refresh',
+            expires_in: 3600,
+          }),
+          { status: 200 },
+        ),
+      )
+    }) as typeof fetch
+    await credManager.pollDeviceToken('device-123', 0.01, 30, 'test-client-id')
+    expect(capturedAuth).toBe(`Basic ${btoa('test-client-id:')}`)
+    globalThis.fetch = originalFetch
+  })
+  test('pollDeviceToken does not auto-save config', async () => {
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = mock(() =>
+      Promise.resolve(
+        new Response(
+          JSON.stringify({
+            access_token: 'token',
+            refresh_token: 'refresh',
+            expires_in: 3600,
+          }),
+          { status: 200 },
+        ),
+      ),
+    ) as typeof fetch
+    await credManager.pollDeviceToken('device-123', 0.01, 30, 'test-client-id', 'test-client-secret')
+    const loaded = await credManager.loadConfig()
+    expect(loaded).toBeNull()
+    globalThis.fetch = originalFetch
+  })
+  test('getToken returns null when expired and no client credentials available', async () => {
+    await credManager.saveConfig({
+      accessToken: 'expired-token',
+      refreshToken: 'valid-refresh',
+      expiresAt: Date.now() - 1000,
+    })
+    const token = await credManager.getToken()
+    expect(token).toBeNull()
+  })
+  test('getToken returns manual token without attempting refresh', async () => {
+    await credManager.saveConfig({
+      accessToken: 'my-bot-token',
+      refreshToken: '',
+      expiresAt: 0,
+      tokenType: 'manual',
+    })
+    const token = await credManager.getToken()
+    expect(token).toBe('my-bot-token')
+  })
+  test('getToken uses stored clientId/clientSecret for refresh', async () => {
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = mock(() =>
+      Promise.resolve(
+        new Response(
+          JSON.stringify({
+            access_token: 'refreshed-token',
+            refresh_token: 'new-refresh',
+            expires_in: 3600,
+          }),
+          { status: 200 },
+        ),
+      ),
+    ) as typeof fetch
+    await credManager.saveConfig({
+      accessToken: 'expired-token',
+      refreshToken: 'valid-refresh',
+      expiresAt: Date.now() - 1000,
+      clientId: 'stored-client-id',
+      clientSecret: 'stored-client-secret',
+    })
+    const token = await credManager.getToken()
+    expect(token).toBe('refreshed-token')
+    globalThis.fetch = originalFetch
+  })
+  test('saveConfig persists clientId and clientSecret', async () => {
+    await credManager.saveConfig({
+      accessToken: 'token',
+      refreshToken: 'refresh',
+      expiresAt: Date.now() + 3600000,
+      clientId: 'my-client-id',
+      clientSecret: 'my-client-secret',
+    })
+    const loaded = await credManager.loadConfig()
+    expect(loaded?.clientId).toBe('my-client-id')
+    expect(loaded?.clientSecret).toBe('my-client-secret')
+  })
+  test('loadConfig backward compat — old config without clientId/clientSecret', async () => {
+    // Write raw JSON without clientId/clientSecret fields
+    const credPath = join(tempDir, 'webex-credentials.json')
+    await writeFile(
+      credPath,
+      JSON.stringify({
+        accessToken: 'old-token',
+        refreshToken: 'old-refresh',
+        expiresAt: Date.now() + 3600000,
+      }),
+      'utf-8',
+    )
+    const loaded = await credManager.loadConfig()
+    expect(loaded).not.toBeNull()
+    expect(loaded?.accessToken).toBe('old-token')
+    expect(loaded?.clientId).toBeUndefined()
+    expect(loaded?.clientSecret).toBeUndefined()
+  })
+})

package/src/platforms/webex/credential-manager.ts ADDED Viewed

@@ -0,0 +1,197 @@
+import { existsSync } from 'node:fs'
+import { mkdir, readFile, rename, rm, writeFile } from 'node:fs/promises'
+import { homedir } from 'node:os'
+import { join } from 'node:path'
+import { getWebexAppCredentials } from './app-config'
+import type { WebexConfig } from './types'
+import { WebexConfigSchema } from './types'
+const OAUTH_DEVICE_AUTHORIZE_URL = 'https://webexapis.com/v1/device/authorize'
+const OAUTH_DEVICE_TOKEN_URL = 'https://webexapis.com/v1/device/token'
+const OAUTH_TOKEN_URL = 'https://webexapis.com/v1/access_token'
+const OAUTH_SCOPES = 'spark:all'
+export { OAUTH_SCOPES }
+export class WebexCredentialManager {
+  private configDir: string
+  private credentialsPath: string
+  constructor(configDir?: string) {
+    this.configDir = configDir ?? join(homedir(), '.config', 'agent-messenger')
+    this.credentialsPath = join(this.configDir, 'webex-credentials.json')
+  }
+  async loadConfig(): Promise<WebexConfig | null> {
+    if (!existsSync(this.credentialsPath)) return null
+    const content = await readFile(this.credentialsPath, 'utf-8')
+    const result = WebexConfigSchema.safeParse(JSON.parse(content))
+    if (!result.success) return null
+    return result.data
+  }
+  async saveConfig(config: WebexConfig): Promise<void> {
+    await mkdir(this.configDir, { recursive: true })
+    const tmpPath = `${this.credentialsPath}.tmp`
+    await writeFile(tmpPath, JSON.stringify(config, null, 2), {
+      encoding: 'utf-8',
+      mode: 0o600,
+    })
+    await rename(tmpPath, this.credentialsPath)
+  }
+  async getToken(clientId?: string, clientSecret?: string): Promise<string | null> {
+    const config = await this.loadConfig()
+    if (!config) return null
+    if (config.tokenType === 'manual' || config.tokenType === 'extracted') {
+      return config.accessToken
+    }
+    if (config.expiresAt < Date.now() + 5 * 60 * 1000) {
+      const builtinCreds = getWebexAppCredentials()
+      const resolvedClientId = clientId ?? config.clientId ?? builtinCreds.clientId
+      const resolvedClientSecret = clientSecret ?? config.clientSecret ?? builtinCreds.clientSecret
+      const refreshed = await this.refreshToken(config.refreshToken, resolvedClientId, resolvedClientSecret)
+      if (refreshed) return refreshed.accessToken
+      return null
+    }
+    return config.accessToken
+  }
+  async refreshToken(refreshToken: string, clientId: string, clientSecret: string): Promise<WebexConfig | null> {
+    try {
+      const response = await fetch(OAUTH_TOKEN_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+          grant_type: 'refresh_token',
+          client_id: clientId,
+          client_secret: clientSecret,
+          refresh_token: refreshToken,
+        }),
+      })
+      if (!response.ok) return null
+      const data = (await response.json()) as {
+        access_token: string
+        refresh_token: string
+        expires_in: number
+      }
+      const config: WebexConfig = {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresAt: Date.now() + data.expires_in * 1000,
+      }
+      await this.saveConfig(config)
+      return config
+    } catch {
+      return null
+    }
+  }
+  async requestDeviceCode(clientId: string, scopes?: string): Promise<{
+    deviceCode: string
+    userCode: string
+    verificationUri: string
+    verificationUriComplete: string
+    expiresIn: number
+    interval: number
+  }> {
+    const response = await fetch(OAUTH_DEVICE_AUTHORIZE_URL, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: new URLSearchParams({
+        client_id: clientId,
+        scope: scopes ?? OAUTH_SCOPES,
+      }),
+    })
+    if (!response.ok) {
+      const errorBody = await response.text()
+      throw new Error(`Device authorization failed: ${response.status} ${errorBody}`)
+    }
+    const data = (await response.json()) as {
+      device_code: string
+      user_code: string
+      verification_uri: string
+      verification_uri_complete: string
+      expires_in: number
+      interval: number
+    }
+    return {
+      deviceCode: data.device_code,
+      userCode: data.user_code,
+      verificationUri: data.verification_uri,
+      verificationUriComplete: data.verification_uri_complete,
+      expiresIn: data.expires_in,
+      interval: data.interval,
+    }
+  }
+  async pollDeviceToken(deviceCode: string, interval: number, expiresIn: number, clientId: string, clientSecret?: string): Promise<WebexConfig> {
+    const basicAuth = btoa(`${clientId}:${clientSecret ?? ''}`)
+    const deadline = Date.now() + expiresIn * 1000
+    while (Date.now() < deadline) {
+      await new Promise((resolve) => setTimeout(resolve, interval * 1000))
+      const response = await fetch(OAUTH_DEVICE_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+          Authorization: `Basic ${basicAuth}`,
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+          grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+          device_code: deviceCode,
+          client_id: clientId,
+        }),
+      })
+      if (response.ok) {
+        const data = (await response.json()) as {
+          access_token: string
+          refresh_token: string
+          expires_in: number
+        }
+        const config: WebexConfig = {
+          accessToken: data.access_token,
+          refreshToken: data.refresh_token,
+          expiresAt: Date.now() + data.expires_in * 1000,
+        }
+        return config
+      }
+      if (response.status === 428) continue
+      const errorBody = (await response.json().catch(() => null)) as {
+        errors?: Array<{ description: string }>
+      } | null
+      const errorDesc = errorBody?.errors?.[0]?.description ?? ''
+      if (errorDesc.includes('authorization_pending') || errorDesc.includes('slow_down')) {
+        continue
+      }
+      throw new Error(`Device token exchange failed: ${response.status} ${errorDesc}`)
+    }
+    throw new Error('Device authorization timed out')
+  }
+  async clearCredentials(): Promise<void> {
+    if (existsSync(this.credentialsPath)) {
+      await rm(this.credentialsPath)
+    }
+  }
+}

package/src/platforms/webex/ensure-auth.test.ts ADDED Viewed

@@ -0,0 +1,89 @@
+import { afterEach, beforeEach, describe, expect, spyOn, test } from 'bun:test'
+import { WebexClient } from './client'
+import { WebexCredentialManager } from './credential-manager'
+import { ensureWebexAuth } from './ensure-auth'
+import { WebexTokenExtractor } from './token-extractor'
+let loadConfigSpy: ReturnType<typeof spyOn>
+let getTokenSpy: ReturnType<typeof spyOn>
+let loginSpy: ReturnType<typeof spyOn>
+let testAuthSpy: ReturnType<typeof spyOn>
+let extractSpy: ReturnType<typeof spyOn>
+beforeEach(() => {
+  loadConfigSpy = spyOn(WebexCredentialManager.prototype, 'loadConfig').mockResolvedValue(null)
+  getTokenSpy = spyOn(WebexCredentialManager.prototype, 'getToken').mockResolvedValue(null)
+  loginSpy = spyOn(WebexClient.prototype, 'login').mockResolvedValue({} as WebexClient)
+  testAuthSpy = spyOn(WebexClient.prototype, 'testAuth').mockResolvedValue({
+    id: 'user-123',
+    displayName: 'Test User',
+    emails: ['test@example.com'],
+    type: 'person',
+  })
+  extractSpy = spyOn(WebexTokenExtractor.prototype, 'extract').mockResolvedValue(null)
+})
+afterEach(() => {
+  loadConfigSpy?.mockRestore()
+  getTokenSpy?.mockRestore()
+  loginSpy?.mockRestore()
+  testAuthSpy?.mockRestore()
+  extractSpy?.mockRestore()
+})
+describe('ensureWebexAuth', () => {
+  test('does nothing when no config stored', async () => {
+    // given
+    loadConfigSpy.mockResolvedValue(null)
+    // when
+    await ensureWebexAuth()
+    // then
+    expect(getTokenSpy).not.toHaveBeenCalled()
+    expect(testAuthSpy).not.toHaveBeenCalled()
+  })
+  test('validates token when stored', async () => {
+    // given
+    loadConfigSpy.mockResolvedValue({
+      accessToken: 'test-webex-token',
+      refreshToken: 'refresh',
+      expiresAt: Date.now() + 3600000,
+      clientId: 'stored-id',
+      clientSecret: 'stored-secret',
+    })
+    getTokenSpy.mockResolvedValue('test-webex-token')
+    // when
+    await ensureWebexAuth()
+    // then
+    expect(getTokenSpy).toHaveBeenCalledWith('stored-id', 'stored-secret')
+    expect(loginSpy).toHaveBeenCalledWith({ token: 'test-webex-token' })
+    expect(testAuthSpy).toHaveBeenCalled()
+  })
+  test('does not throw when token validation fails', async () => {
+    // given
+    loadConfigSpy.mockResolvedValue({
+      accessToken: 'invalid-token',
+      refreshToken: 'refresh',
+      expiresAt: Date.now() + 3600000,
+    })
+    getTokenSpy.mockResolvedValue('invalid-token')
+    testAuthSpy.mockRejectedValue(new Error('401 Unauthorized'))
+    // when / then
+    await expect(ensureWebexAuth()).resolves.toBeUndefined()
+  })
+  test('does not throw when credential manager fails', async () => {
+    // given
+    getTokenSpy.mockRejectedValue(new Error('Disk read error'))
+    // when / then
+    await expect(ensureWebexAuth()).resolves.toBeUndefined()
+  })
+})

package/src/platforms/webex/ensure-auth.ts ADDED Viewed

@@ -0,0 +1,38 @@
+import { WebexClient } from './client'
+import { WebexCredentialManager } from './credential-manager'
+import { WebexTokenExtractor } from './token-extractor'
+export async function ensureWebexAuth(): Promise<void> {
+  try {
+    const credManager = new WebexCredentialManager()
+    const config = await credManager.loadConfig()
+    if (config) {
+      const token = await credManager.getToken(config.clientId, config.clientSecret)
+      if (token) {
+        const client = new WebexClient()
+        await client.login({ token })
+        await client.testAuth()
+        return
+      }
+    }
+    const extractor = new WebexTokenExtractor()
+    const extracted = await extractor.extract()
+    if (!extracted) return
+    const client = new WebexClient()
+    await client.login({ token: extracted.accessToken })
+    await client.testAuth()
+    await credManager.saveConfig({
+      accessToken: extracted.accessToken,
+      refreshToken: extracted.refreshToken ?? '',
+      expiresAt: extracted.expiresAt ?? 0,
+      tokenType: 'extracted',
+      deviceUrl: extracted.deviceUrl,
+    })
+  } catch {
+    // Intentionally silent — best-effort preflight that should not block commands
+  }
+}

package/src/platforms/webex/index.test.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { describe, expect, test } from 'bun:test'
+import * as webex from './index'
+describe('webex barrel exports', () => {
+  test('exports WebexClient', () => {
+    expect(webex.WebexClient).toBeDefined()
+  })
+  test('exports WebexCredentialManager', () => {
+    expect(webex.WebexCredentialManager).toBeDefined()
+  })
+  test('exports WebexError', () => {
+    expect(webex.WebexError).toBeDefined()
+  })
+  test('exports Zod schemas', () => {
+    expect(webex.WebexSpaceSchema).toBeDefined()
+    expect(webex.WebexMessageSchema).toBeDefined()
+    expect(webex.WebexPersonSchema).toBeDefined()
+    expect(webex.WebexMembershipSchema).toBeDefined()
+    expect(webex.WebexConfigSchema).toBeDefined()
+  })
+})

package/src/platforms/webex/index.ts ADDED Viewed

@@ -0,0 +1,19 @@
+export { WebexClient } from './client'
+export { WebexCredentialManager } from './credential-manager'
+export { WebexTokenExtractor } from './token-extractor'
+export type { ExtractedWebexToken } from './token-extractor'
+export { WebexError } from './types'
+export type {
+  WebexConfig,
+  WebexMembership,
+  WebexMessage,
+  WebexPerson,
+  WebexSpace,
+} from './types'
+export {
+  WebexConfigSchema,
+  WebexMembershipSchema,
+  WebexMessageSchema,
+  WebexPersonSchema,
+  WebexSpaceSchema,
+} from './types'