agent-messenger 2.20.1 → 2.20.3

package/src/platforms/webex/commands/message.test.ts

@@ -32,6 +32,7 @@ let mockGetMessage: ReturnType<typeof spyOn>
 let mockDeleteMessage: ReturnType<typeof spyOn>
 let mockEditMessage: ReturnType<typeof spyOn>
 let mockLogin: ReturnType<typeof spyOn>
+let mockDispose: ReturnType<typeof spyOn>
 let consoleLogSpy: ReturnType<typeof spyOn>
 let consoleErrorSpy: ReturnType<typeof spyOn>
 let processExitSpy: ReturnType<typeof spyOn>
@@ -47,6 +48,7 @@ beforeEach(() => {
   mockLogin = protoSpy('login').mockImplementation(async function (this: WebexClient) {
     return this
   })
+  mockDispose = protoSpy('dispose').mockResolvedValue(undefined)
   mockSendMessage = protoSpy('sendMessage').mockResolvedValue(mockMessage)
   mockSendDirectMessage = protoSpy('sendDirectMessage').mockResolvedValue(mockMessage)
   mockListMessages = protoSpy('listMessages').mockResolvedValue([mockMessage, mockMessage2])
@@ -78,6 +80,7 @@ it('calls sendMessage with correct args and outputs result', async () => {
   expect(output).toContain('msg_123')
   expect(output).toContain('space_456')
   expect(output).toContain('user@example.com')
+  expect(mockDispose).toHaveBeenCalled()
 })
 
 it('passes markdown option when --markdown flag is set on send', async () => {
@@ -86,6 +89,14 @@ it('passes markdown option when --markdown flag is set on send', async () => {
   expect(mockSendMessage).toHaveBeenCalledWith('space_456', '**bold**', { markdown: true })
 })
 
+it('disposes the client when send fails', async () => {
+  mockSendMessage.mockRejectedValue(new WebexError('Send failed', 'send_failed'))
+
+  await sendAction('space_456', 'Hello world', { pretty: false })
+
+  expect(mockDispose).toHaveBeenCalled()
+})
+
 it('exits with code 1 when not authenticated on send', async () => {
   mockLogin.mockRejectedValue(new WebexError('No Webex credentials found.', 'no_credentials'))
 
@@ -166,6 +177,7 @@ it('calls editMessage with roomId in args and outputs result', async () => {
   const output = consoleLogSpy.mock.calls[0][0]
   expect(output).toContain('msg_123')
   expect(output).toContain('Updated message')
+  expect(mockDispose).toHaveBeenCalled()
 })
 
 it('passes markdown option to editMessage when --markdown flag is set', async () => {

package/src/platforms/webex/commands/message.ts

@@ -6,14 +6,23 @@ import { formatOutput } from '@/shared/utils/output'
 import { WebexClient } from '../client'
 import type { WebexMessage } from '../types'
 
+async function withWebexClient<T>(run: (client: WebexClient) => Promise<T>): Promise<T> {
+  const client = new WebexClient()
+  try {
+    await client.login()
+    return await run(client)
+  } finally {
+    await client.dispose()
+  }
+}
+
 export async function sendAction(
   spaceId: string,
   text: string,
   options: { markdown?: boolean; pretty?: boolean },
 ): Promise<void> {
   try {
-    const client = await new WebexClient().login()
-    const message = await client.sendMessage(spaceId, text, { markdown: options.markdown })
+    const message = await withWebexClient((client) => client.sendMessage(spaceId, text, { markdown: options.markdown }))
 
     const output = {
       id: message.id,
@@ -31,9 +40,8 @@ export async function sendAction(
 
 export async function listAction(spaceId: string, options: { limit?: number; pretty?: boolean }): Promise<void> {
   try {
-    const client = await new WebexClient().login()
     const limit = options.limit ?? 50
-    const messages = await client.listMessages(spaceId, { max: limit })
+    const messages = await withWebexClient((client) => client.listMessages(spaceId, { max: limit }))
 
     const output = messages.map((msg: WebexMessage) => ({
       id: msg.id,
@@ -51,8 +59,7 @@ export async function listAction(spaceId: string, options: { limit?: number; pre
 
 export async function getAction(messageId: string, options: { pretty?: boolean }): Promise<void> {
   try {
-    const client = await new WebexClient().login()
-    const message = await client.getMessage(messageId)
+    const message = await withWebexClient((client) => client.getMessage(messageId))
 
     const output = {
       id: message.id,
@@ -75,8 +82,7 @@ export async function deleteAction(messageId: string, options: { force?: boolean
       return process.exit(0)
     }
 
-    const client = await new WebexClient().login()
-    await client.deleteMessage(messageId)
+    await withWebexClient((client) => client.deleteMessage(messageId))
 
     console.log(formatOutput({ deleted: messageId }, options.pretty))
   } catch (error) {
@@ -91,10 +97,11 @@ export async function editAction(
   options: { markdown?: boolean; pretty?: boolean },
 ): Promise<void> {
   try {
-    const client = await new WebexClient().login()
-    const message = await client.editMessage(messageId, spaceId, text, {
-      markdown: options.markdown,
-    })
+    const message = await withWebexClient((client) =>
+      client.editMessage(messageId, spaceId, text, {
+        markdown: options.markdown,
+      }),
+    )
 
     const output = {
       id: message.id,
@@ -116,8 +123,9 @@ export async function dmAction(
   options: { markdown?: boolean; pretty?: boolean },
 ): Promise<void> {
   try {
-    const client = await new WebexClient().login()
-    const message = await client.sendDirectMessage(email, text, { markdown: options.markdown })
+    const message = await withWebexClient((client) =>
+      client.sendDirectMessage(email, text, { markdown: options.markdown }),
+    )
 
     const output = {
       id: message.id,

package/src/platforms/webex/encryption.test.ts

@@ -1,4 +1,4 @@
-import { describe, expect, it } from 'bun:test'
+import { describe, expect, it, mock } from 'bun:test'
 
 import * as jose from 'node-jose'
 
@@ -11,12 +11,16 @@ const decodeJweHeader = (jwe: string): Record<string, unknown> => {
   return JSON.parse(json) as Record<string, unknown>
 }
 
-const createKeyring = async (keyUri: string) => {
+const createSerializedKey = async (keyUri: string) => {
   const keystore = jose.JWK.createKeyStore()
   const key = await keystore.generate('oct', 256, { alg: 'A256GCM' })
   const jwk = key.toJSON(true)
+  return JSON.stringify({ uri: keyUri, jwk })
+}
+
+const createKeyring = async (keyUri: string) => {
   const rawKeys = new Map<string, string>()
-  rawKeys.set(keyUri, JSON.stringify({ jwk }))
+  rawKeys.set(keyUri, await createSerializedKey(keyUri))
   return new WebexEncryptionService(rawKeys)
 }
 
@@ -51,4 +55,55 @@ describe('WebexEncryptionService', () => {
 
     expect(plaintext).toBe('round trip')
   })
+
+  it('getKey returns cached key without calling provider when key is present', async () => {
+    const service = await createKeyring(keyUri)
+    const provider = { fetchKey: mock(async () => null as string | null) }
+    service.setKeyProvider(provider)
+
+    const key = await service.getKey(keyUri)
+
+    expect(key).not.toBeNull()
+    expect(provider.fetchKey).not.toHaveBeenCalled()
+  })
+
+  it('getKey calls provider and returns key when key is missing', async () => {
+    const missingKeyUri = 'kms://kms-aore.wbx2.com/keys/0d7a0dfb-0464-40ce-8f3d-e65a33b61561'
+    const serializedKey = await createSerializedKey(missingKeyUri)
+    const service = new WebexEncryptionService(new Map())
+    const provider = { fetchKey: mock(async () => serializedKey) }
+    service.setKeyProvider(provider)
+
+    const key = await service.getKey(missingKeyUri)
+
+    expect(key).not.toBeNull()
+    expect(provider.fetchKey).toHaveBeenCalledWith(missingKeyUri)
+  })
+
+  it('getKey returns null when provider returns null', async () => {
+    const missingKeyUri = 'kms://kms-aore.wbx2.com/keys/13d6256d-f7f1-4b98-8102-4d3d87b2834a'
+    const service = new WebexEncryptionService(new Map())
+    const provider = { fetchKey: mock(async () => null as string | null) }
+    service.setKeyProvider(provider)
+
+    const key = await service.getKey(missingKeyUri)
+
+    expect(key).toBeNull()
+    expect(provider.fetchKey).toHaveBeenCalledWith(missingKeyUri)
+  })
+
+  it('getKey reuses provider result from raw keys after first fetch', async () => {
+    const missingKeyUri = 'kms://kms-aore.wbx2.com/keys/84afb005-5ba5-49c8-bd46-0c5d7ddf1c30'
+    const serializedKey = await createSerializedKey(missingKeyUri)
+    const service = new WebexEncryptionService(new Map())
+    const provider = { fetchKey: mock(async () => serializedKey) }
+    service.setKeyProvider(provider)
+
+    await service.getKey(missingKeyUri)
+    ;(service as unknown as { keyCache: Map<string, jose.JWK.Key> }).keyCache.clear()
+    const key = await service.getKey(missingKeyUri)
+
+    expect(key).not.toBeNull()
+    expect(provider.fetchKey).toHaveBeenCalledTimes(1)
+  })
 })

package/src/platforms/webex/encryption.ts

@@ -1,23 +1,41 @@
 import * as jose from 'node-jose'
 
+export interface WebexKeyProvider {
+  fetchKey(keyUri: string): Promise<string | null>
+  close?(): Promise<void>
+}
+
 export class WebexEncryptionService {
   private rawKeys: Map<string, string>
   private keyCache: Map<string, jose.JWK.Key> = new Map()
+  private keyProvider: WebexKeyProvider | null = null
 
   constructor(serializedKeys: Map<string, string>) {
     this.rawKeys = serializedKeys
   }
 
+  setKeyProvider(provider: WebexKeyProvider): void {
+    this.keyProvider = provider
+  }
+
+  async close(): Promise<void> {
+    await this.keyProvider?.close?.()
+  }
+
   async getKey(keyUri: string): Promise<jose.JWK.Key | null> {
     const cached = this.keyCache.get(keyUri)
     if (cached) return cached
 
-    const raw = this.rawKeys.get(keyUri)
+    let raw = this.rawKeys.get(keyUri)
+    if (!raw && this.keyProvider) {
+      raw = (await this.keyProvider.fetchKey(keyUri)) ?? undefined
+    }
     if (!raw) return null
 
     try {
       const parsed = JSON.parse(raw) as { jwk: object }
       const joseKey = await jose.JWK.asKey(parsed.jwk)
+      this.rawKeys.set(keyUri, raw)
       this.keyCache.set(keyUri, joseKey)
       return joseKey
     } catch {

package/src/platforms/webex/kms-key-provider.ts

@@ -0,0 +1,99 @@
+import { DeviceManager, KmsClient, MercurySocket, noopLogger } from 'webex-message-handler'
+import WebSocket from 'ws'
+
+interface KmsKeyProviderOptions {
+  token: string
+  logger?: { debug(message: string): void }
+}
+
+interface Registration {
+  webSocketUrl: string
+  deviceUrl: string
+  userId: string
+  encryptionServiceUrl: string
+}
+
+type HttpRequest = {
+  url: string
+  method: string
+  headers: Record<string, string>
+  body?: string
+}
+
+export class KmsKeyProvider {
+  private token: string
+  private logger?: { debug(message: string): void }
+  private mercury: MercurySocket | null = null
+  private kms: KmsClient | null = null
+  private readyPromise: Promise<void> | null = null
+
+  constructor(options: KmsKeyProviderOptions) {
+    this.token = options.token
+    this.logger = options.logger
+  }
+
+  async fetchKey(keyUri: string): Promise<string | null> {
+    try {
+      await this.ensureReady()
+      const key = await this.kms?.getKey(keyUri)
+      if (!key) return null
+      return JSON.stringify({ uri: keyUri, jwk: key.toJSON(true) })
+    } catch (error) {
+      this.logger?.debug(`Webex KMS key fetch failed: ${error instanceof Error ? error.message : String(error)}`)
+      await this.close()
+      this.readyPromise = null
+      return null
+    }
+  }
+
+  async close(): Promise<void> {
+    await this.mercury?.disconnect().catch(() => undefined)
+    this.mercury = null
+    this.kms = null
+    this.readyPromise = null
+  }
+
+  private async ensureReady(): Promise<void> {
+    this.readyPromise ??= this.initialize()
+    await this.readyPromise
+  }
+
+  private async initialize(): Promise<void> {
+    const httpDo = async (req: HttpRequest) => {
+      const res = await fetch(req.url, {
+        method: req.method,
+        headers: req.headers,
+        body: req.body,
+      })
+      return {
+        status: res.status,
+        ok: res.ok,
+        json: () => res.json(),
+        text: () => res.text(),
+      }
+    }
+    const wsFactory = (url: string) => new WebSocket(url) as never
+    const dm = new DeviceManager({ logger: noopLogger, httpDo })
+    const reg = (await dm.register(this.token)) as Registration
+    const mercury = new MercurySocket({ logger: noopLogger, wsFactory })
+    const kms = new KmsClient({
+      token: this.token,
+      deviceUrl: reg.deviceUrl,
+      userId: reg.userId,
+      encryptionServiceUrl: reg.encryptionServiceUrl,
+      logger: noopLogger,
+      httpDo,
+    })
+    mercury.on('kms:response', (data: unknown) => kms.handleKmsMessage(data))
+    await mercury.connect(reg.webSocketUrl, this.token)
+    this.mercury = mercury
+    try {
+      await kms.initialize()
+    } catch (error) {
+      await mercury.disconnect().catch(() => undefined)
+      this.mercury = null
+      throw error
+    }
+    this.kms = kms
+  }
+}

package/src/platforms/webex/markdown-to-html.ts

@@ -184,7 +184,7 @@ function isSafeUrl(url: string): boolean {
   return SAFE_URL_PATTERN.test(url.trim())
 }
 
-function escapeHtml(value: string): string {
+export function escapeHtml(value: string): string {
   return value
     .replaceAll('&', '&')
     .replaceAll('<', '&lt;')

package/src/platforms/webex/typings/webex-message-handler.d.ts

@@ -0,0 +1,45 @@
+export {}
+
+declare module 'webex-message-handler' {
+  import type * as jose from 'node-jose'
+
+  type Logger = Record<string, (...args: unknown[]) => void>
+  type HttpRequest = { url: string; method: string; headers: Record<string, string>; body?: string }
+  type HttpResponse = { status: number; ok: boolean; json(): Promise<unknown>; text(): Promise<string> }
+  type HttpDo = (req: HttpRequest) => Promise<HttpResponse>
+
+  export const noopLogger: Logger
+  export const consoleLogger: Logger
+
+  export class DeviceManager {
+    constructor(options: { logger: Logger; httpDo: HttpDo })
+    register(token: string): Promise<{
+      webSocketUrl: string
+      deviceUrl: string
+      userId: string
+      services: unknown
+      encryptionServiceUrl: string
+    }>
+  }
+
+  export class MercurySocket {
+    constructor(options: { logger: Logger; wsFactory: (url: string) => unknown })
+    on(event: 'kms:response', handler: (data: unknown) => void): void
+    connect(webSocketUrl: string, token: string): Promise<void>
+    disconnect(): Promise<void>
+  }
+
+  export class KmsClient {
+    constructor(options: {
+      token: string
+      deviceUrl: string
+      userId: string
+      encryptionServiceUrl: string
+      logger: Logger
+      httpDo: HttpDo
+    })
+    initialize(): Promise<void>
+    getKey(keyUri: string): Promise<jose.JWK.Key | null>
+    handleKmsMessage(data: unknown): void
+  }
+}

package/src/tui/adapters/line-adapter.ts

@@ -1,5 +1,7 @@
 import { LineClient } from '@/platforms/line/client'
 import { LineCredentialManager } from '@/platforms/line/credential-manager'
+import { LineListener } from '@/platforms/line/listener'
+import type { LinePushMessageEvent } from '@/platforms/line/types'
 
 import type { AuthHint, AuthIO, PlatformAdapter, UnifiedChannel, UnifiedMessage, Workspace } from './types'
 
@@ -7,6 +9,7 @@ export class LineAdapter implements PlatformAdapter {
   readonly name = 'LINE'
 
   private client: LineClient | null = null
+  private listener: LineListener | null = null
   private credManager = new LineCredentialManager()
   private currentAccount: Workspace | null = null
 
@@ -48,6 +51,28 @@ export class LineAdapter implements PlatformAdapter {
     await client.sendMessage(channelId, text)
   }
 
+  async startListening(onMessage: (msg: UnifiedMessage) => void): Promise<void> {
+    const client = this.ensureClient()
+    const listener = new LineListener(client)
+    await listener.start()
+    listener.on('message', (event: LinePushMessageEvent) => {
+      if (event.text === null) return
+      onMessage({
+        id: event.message_id,
+        channelId: event.chat_id,
+        author: event.author_id || 'unknown',
+        content: event.text,
+        timestamp: event.sent_at,
+      })
+    })
+    this.listener = listener
+  }
+
+  stopListening(): void {
+    this.listener?.stop()
+    this.listener = null
+  }
+
   async getWorkspaces(): Promise<Workspace[]> {
     const accounts = await this.credManager.listAccounts()
     return accounts.map((acct) => ({
@@ -62,6 +87,9 @@ export class LineAdapter implements PlatformAdapter {
 
     const client = new LineClient()
     await client.login(creds)
+    // Persist the selected account so the listener's credential-less reconnects
+    // resolve this account instead of a stale current_account.
+    await this.credManager.setCurrentAccount(accountId)
     this.client = client
     this.currentAccount = { id: creds.account_id, name: creds.display_name ?? creds.account_id }
   }

package/src/tui/app.ts

@@ -647,6 +647,10 @@ export async function createApp(): Promise<void> {
         const ws = p.workspaces[selectedIndex]
         try {
           await p.adapter.switchWorkspace?.(ws.id)
+          if (p.listening) {
+            p.adapter.stopListening?.()
+            p.listening = false
+          }
           p.channels = null
           renderHeader()
         } catch {}
@@ -744,6 +748,10 @@ export async function createApp(): Promise<void> {
           p.adapter
             .switchWorkspace(workspace.id)
             .then(() => {
+              if (p.listening) {
+                p.adapter.stopListening?.()
+                p.listening = false
+              }
               p.channels = null
               p.workspaces = null
               renderHeader()