npm - agent-messenger - Versions diffs - 2.8.0 → 2.10.0 - Mend

agent-messenger 2.8.0 → 2.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/src/platforms/webex/commands/snapshot.test.ts CHANGED Viewed

@@ -79,9 +79,21 @@ describe('snapshot command', () => {
     consoleSpy.mockRestore()
   })
-  test('returns spaces with id, title, type, lastActivity', async () => {
+  test('brief snapshot returns spaces with id and title only', async () => {
     await snapshotAction({})
+    expect(consoleSpy).toHaveBeenCalled()
+    const output = JSON.parse(consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0])
+    expect(output.spaces).toHaveLength(1)
+    expect(output.spaces[0].id).toBe('space-1')
+    expect(output.spaces[0].title).toBe('General')
+    expect(output.spaces[0].type).toBeUndefined()
+    expect(output.hint).toBeDefined()
+  })
+  test('full snapshot returns spaces with id, title, type, lastActivity', async () => {
+    await snapshotAction({ full: true })
     expect(consoleSpy).toHaveBeenCalled()
     const output = JSON.parse(consoleSpy.mock.calls[consoleSpy.mock.calls.length - 1][0])
     expect(output.spaces).toHaveLength(1)
@@ -89,6 +101,7 @@ describe('snapshot command', () => {
     expect(output.spaces[0].title).toBe('General')
     expect(output.spaces[0].type).toBe('group')
     expect(output.spaces[0].lastActivity).toBe('2024-01-15T00:00:00.000Z')
+    expect(output.hint).toBeUndefined()
   })
   test('filters spaces to only those in my memberships', async () => {

package/src/platforms/webex/commands/snapshot.ts CHANGED Viewed

@@ -5,7 +5,7 @@ import { formatOutput } from '@/shared/utils/output'
 import { WebexClient } from '../client'
-export async function snapshotAction(options: { pretty?: boolean }): Promise<void> {
+export async function snapshotAction(options: { full?: boolean; pretty?: boolean }): Promise<void> {
   try {
     const client = await new WebexClient().login()
@@ -15,13 +15,19 @@ export async function snapshotAction(options: { pretty?: boolean }): Promise<voi
     const allSpaces = await client.listSpaces({ max: 100 })
     const spaces = allSpaces.filter((s) => myRoomIds.has(s.id))
-    const snapshot = {
-      spaces: spaces.map((s) => ({
-        id: s.id,
-        title: s.title,
-        type: s.type,
-        lastActivity: s.lastActivity,
-      })),
+    const snapshot: Record<string, any> = {
+      spaces: options.full
+        ? spaces.map((s) => ({
+            id: s.id,
+            title: s.title,
+            type: s.type,
+            lastActivity: s.lastActivity,
+          }))
+        : spaces.map((s) => ({ id: s.id, title: s.title })),
+    }
+    if (!options.full) {
+      snapshot.hint = "Use 'message list <space>' for messages, 'space info <space>' for space details."
     }
     console.log(formatOutput(snapshot, options.pretty))
@@ -31,10 +37,12 @@ export async function snapshotAction(options: { pretty?: boolean }): Promise<voi
 }
 export const snapshotCommand = new Command('snapshot')
-  .description('Get workspace spaces overview for AI agents')
+  .description('Get workspace overview for AI agents (brief by default, use --full for comprehensive data)')
+  .option('--full', 'Include full space details (verbose)')
   .option('--pretty', 'Pretty print JSON output')
   .action(async (options) => {
     await snapshotAction({
+      full: options.full,
       pretty: options.pretty,
     })
   })

package/src/platforms/webex/credential-manager.test.ts CHANGED Viewed

@@ -291,6 +291,69 @@ describe('WebexCredentialManager', () => {
     expect(loaded?.clientSecret).toBe('my-client-secret')
   })
+  test('getToken tries refresh for expired extracted tokens', async () => {
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = mock(() =>
+      Promise.resolve(
+        new Response(
+          JSON.stringify({
+            access_token: 'refreshed-extracted-token',
+            refresh_token: 'new-refresh',
+            expires_in: 3600,
+          }),
+          { status: 200 },
+        ),
+      ),
+    ) as typeof fetch
+    await credManager.saveConfig({
+      accessToken: 'expired-extracted-token',
+      refreshToken: 'extracted-refresh',
+      expiresAt: Date.now() - 1000,
+      tokenType: 'extracted',
+    })
+    const token = await credManager.getToken()
+    expect(token).toBe('refreshed-extracted-token')
+    const config = await credManager.loadConfig()
+    expect(config?.tokenType).toBe('extracted')
+    expect(config?.accessToken).toBe('refreshed-extracted-token')
+    globalThis.fetch = originalFetch
+  })
+  test('getToken returns expired extracted token when refresh fails', async () => {
+    const originalFetch = globalThis.fetch
+    globalThis.fetch = mock(() =>
+      Promise.resolve(new Response('{"error":"invalid_grant"}', { status: 400 })),
+    ) as typeof fetch
+    await credManager.saveConfig({
+      accessToken: 'expired-extracted-token',
+      refreshToken: 'bad-refresh',
+      expiresAt: Date.now() - 1000,
+      tokenType: 'extracted',
+    })
+    const token = await credManager.getToken()
+    expect(token).toBe('expired-extracted-token')
+    globalThis.fetch = originalFetch
+  })
+  test('getToken returns non-expired extracted token without refresh', async () => {
+    await credManager.saveConfig({
+      accessToken: 'valid-extracted-token',
+      refreshToken: 'refresh',
+      expiresAt: Date.now() + 3600000,
+      tokenType: 'extracted',
+    })
+    const token = await credManager.getToken()
+    expect(token).toBe('valid-extracted-token')
+  })
   test('loadConfig backward compat — old config without clientId/clientSecret', async () => {
     // Write raw JSON without clientId/clientSecret fields
     const credPath = join(tempDir, 'webex-credentials.json')

package/src/platforms/webex/credential-manager.ts CHANGED Viewed

@@ -45,16 +45,33 @@ export class WebexCredentialManager {
     const config = await this.loadConfig()
     if (!config) return null
-    if (config.tokenType === 'manual' || config.tokenType === 'extracted') {
+    if (config.tokenType === 'manual') {
       return config.accessToken
     }
-    if (config.expiresAt < Date.now() + 5 * 60 * 1000) {
+    const isExpired = config.expiresAt > 0 && config.expiresAt < Date.now() + 5 * 60 * 1000
+    if (config.tokenType === 'extracted') {
+      if (isExpired && config.refreshToken) {
+        const builtinCreds = getWebexAppCredentials()
+        const refreshed = await this.refreshToken(config.refreshToken, builtinCreds.clientId, builtinCreds.clientSecret)
+        if (refreshed) {
+          await this.saveConfig({ ...config, ...refreshed, tokenType: 'extracted' })
+          return refreshed.accessToken
+        }
+      }
+      return config.accessToken
+    }
+    if (isExpired) {
       const builtinCreds = getWebexAppCredentials()
       const resolvedClientId = clientId ?? config.clientId ?? builtinCreds.clientId
       const resolvedClientSecret = clientSecret ?? config.clientSecret ?? builtinCreds.clientSecret
       const refreshed = await this.refreshToken(config.refreshToken, resolvedClientId, resolvedClientSecret)
-      if (refreshed) return refreshed.accessToken
+      if (refreshed) {
+        await this.saveConfig({ ...config, ...refreshed })
+        return refreshed.accessToken
+      }
       return null
     }
@@ -82,14 +99,11 @@ export class WebexCredentialManager {
         expires_in: number
       }
-      const config: WebexConfig = {
+      return {
         accessToken: data.access_token,
         refreshToken: data.refresh_token,
         expiresAt: Date.now() + data.expires_in * 1000,
-      }
-      await this.saveConfig(config)
-      return config
+      } satisfies Pick<WebexConfig, 'accessToken' | 'refreshToken' | 'expiresAt'>
     } catch {
       return null
     }

package/src/platforms/webex/encryption.test.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import { describe, expect, test } from 'bun:test'
+import * as jose from 'node-jose'
+import { WebexEncryptionService } from './encryption'
+const decodeJweHeader = (jwe: string): Record<string, unknown> => {
+  const [header = ''] = jwe.split('.')
+  const padded = header + '='.repeat((4 - (header.length % 4)) % 4)
+  const json = Buffer.from(padded, 'base64url').toString('utf8')
+  return JSON.parse(json) as Record<string, unknown>
+}
+const createKeyring = async (keyUri: string) => {
+  const keystore = jose.JWK.createKeyStore()
+  const key = await keystore.generate('oct', 256, { alg: 'A256GCM' })
+  const jwk = key.toJSON(true)
+  const rawKeys = new Map<string, string>()
+  rawKeys.set(keyUri, JSON.stringify({ jwk }))
+  return new WebexEncryptionService(rawKeys)
+}
+describe('WebexEncryptionService', () => {
+  const keyUri = 'kms://kms-aore.wbx2.com/keys/7819829b-5e0d-4139-9cad-1b6fe7aee533'
+  test('encryptText emits JWE with alg, enc, and kid JOSE headers', async () => {
+    const service = await createKeyring(keyUri)
+    const jwe = await service.encryptText(keyUri, 'hello world')
+    expect(jwe).not.toBeNull()
+    const header = decodeJweHeader(jwe as string)
+    expect(header.alg).toBe('dir')
+    expect(header.enc).toBe('A256GCM')
+    expect(header.kid).toBe(keyUri)
+  })
+  test('encryptText returns null when key is unknown', async () => {
+    const service = await createKeyring(keyUri)
+    const jwe = await service.encryptText('kms://other/keys/missing', 'hello')
+    expect(jwe).toBeNull()
+  })
+  test('decryptText round-trips plaintext encrypted by encryptText', async () => {
+    const service = await createKeyring(keyUri)
+    const jwe = await service.encryptText(keyUri, 'round trip')
+    const plaintext = await service.decryptText(keyUri, jwe as string)
+    expect(plaintext).toBe('round trip')
+  })
+})

package/src/platforms/webex/encryption.ts CHANGED Viewed

@@ -30,9 +30,11 @@ export class WebexEncryptionService {
     if (!key) return null
     try {
+      // Webex desktop/web clients auto-tombstone edit activities whose JWE is missing
+      // `kid` — they can't resolve the KMS key and treat the activity as malformed.
       return await jose.JWE.createEncrypt(
         { format: 'compact', contentAlg: 'A256GCM' },
-        { key, header: { alg: 'dir' }, reference: null },
+        { key, header: { alg: 'dir', kid: keyUri }, reference: null },
       ).final(plaintext, 'utf8')
     } catch {
       return null

package/src/platforms/webex/ensure-auth.ts CHANGED Viewed

@@ -11,7 +11,11 @@ export async function ensureWebexAuth(): Promise<void> {
       const token = await credManager.getToken(config.clientId, config.clientSecret)
       if (token) {
         const client = new WebexClient()
-        await client.login({ token })
+        await client.login({
+          token,
+          deviceUrl: config.deviceUrl,
+          tokenType: config.tokenType,
+        })
         await client.testAuth()
         return
       }
@@ -22,7 +26,11 @@ export async function ensureWebexAuth(): Promise<void> {
     if (!extracted) return
     const client = new WebexClient()
-    await client.login({ token: extracted.accessToken })
+    await client.login({
+      token: extracted.accessToken,
+      deviceUrl: extracted.deviceUrl,
+      tokenType: 'extracted',
+    })
     await client.testAuth()
     await credManager.saveConfig({

package/src/platforms/webex/token-extractor.test.ts CHANGED Viewed

@@ -216,12 +216,41 @@ describe('WebexTokenExtractor', () => {
       expect(result).not.toBeNull()
     })
-    test('returns first valid token and stops scanning', async () => {
+    test('prefers token with latest expiry across profiles', async () => {
       const dir1 = createLevelDBDir(tempDir, 'Default')
       const dir2 = createLevelDBDir(tempDir, 'Profile 1')
-      const token1 = makeWebexStorageJson({ accessToken: 'first-valid-token-longer-than-twenty-chars' })
-      const token2 = makeWebexStorageJson({ accessToken: 'second-valid-token-longer-than-twenty-chars' })
+      const expiredToken = makeWebexStorageJson({
+        accessToken: 'expired-token-longer-than-twenty-chars-xx',
+        expires: Date.now() - 3600000,
+      })
+      const freshToken = makeWebexStorageJson({
+        accessToken: 'fresh-token-longer-than-twenty-chars-xxx',
+        expires: Date.now() + 3600000,
+      })
+      writeFileSync(join(dir1, '000003.log'), expiredToken)
+      writeFileSync(join(dir2, '000003.log'), freshToken)
+      const extractor = new WebexTokenExtractor('darwin', undefined, tempDir)
+      const result = await extractor.extract()
+      expect(result!.accessToken).toBe('fresh-token-longer-than-twenty-chars-xxx')
+    })
+    test('returns first token when all have same expiry', async () => {
+      const dir1 = createLevelDBDir(tempDir, 'Default')
+      const dir2 = createLevelDBDir(tempDir, 'Profile 1')
+      const expires = Date.now() + 3600000
+      const token1 = makeWebexStorageJson({
+        accessToken: 'first-valid-token-longer-than-twenty-chars',
+        expires,
+      })
+      const token2 = makeWebexStorageJson({
+        accessToken: 'second-valid-token-longer-than-twenty-chars',
+        expires,
+      })
       writeFileSync(join(dir1, '000003.log'), token1)
       writeFileSync(join(dir2, '000003.log'), token2)

package/src/platforms/webex/token-extractor.ts CHANGED Viewed

@@ -160,25 +160,46 @@ export class WebexTokenExtractor {
       return null
     }
+    let best: { token: ExtractedWebexToken; source: string } | null = null
     for (const leveldbDir of profileDirs) {
       this.debug(`Scanning: ${leveldbDir}`)
       const result = (await this.scanViaClassicLevelCopy(leveldbDir)) ?? this.scanRawFiles(leveldbDir)
       if (result?.token) {
-        this.debug(`Found token in: ${leveldbDir}`)
         const token = result.token
         if (result.encryptionKeys.size > 0) {
           token.encryptionKeys = result.encryptionKeys
         }
-        return token
+        this.debug(
+          `Found token in: ${leveldbDir} (expires: ${token.expiresAt ? new Date(token.expiresAt).toISOString() : 'unknown'}, length: ${token.accessToken.length})`,
+        )
+        if (!best || this.isTokenFresher(token, best.token)) {
+          best = { token, source: leveldbDir }
+        }
       }
     }
-    this.debug('No Webex tokens found in any browser profile')
-    return null
+    if (!best) {
+      this.debug('No Webex tokens found in any browser profile')
+      return null
+    }
+    this.debug(`Selected token from: ${best.source}`)
+    return best.token
+  }
+  private isTokenFresher(candidate: ExtractedWebexToken, current: ExtractedWebexToken): boolean {
+    const candidateExpiry = candidate.expiresAt ?? 0
+    const currentExpiry = current.expiresAt ?? 0
+    if (candidateExpiry > 0 && currentExpiry > 0) {
+      return candidateExpiry > currentExpiry
+    }
+    if (candidateExpiry > 0 && currentExpiry === 0) return true
+    return false
   }
   private async scanViaClassicLevelCopy(dbPath: string): Promise<ScanResult | null> {