agent-relay 2.0.19 → 2.0.21

package/packages/cli-tester/dist/utils/credential-check.js

@@ -0,0 +1,230 @@
+/**
+ * Credential checking utilities for CLI authentication testing
+ * Verifies and parses credential files for various CLI tools
+ */
+import { readFileSync, existsSync, unlinkSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+/**
+ * Get the credential file path for a CLI
+ */
+export function getCredentialPath(cli) {
+    const home = homedir();
+    switch (cli) {
+        case 'claude':
+            return join(home, '.claude', '.credentials.json');
+        case 'codex':
+            return join(home, '.codex', 'auth.json');
+        case 'gemini':
+            return join(home, '.config', 'gcloud', 'application_default_credentials.json');
+        case 'cursor':
+            return join(home, '.cursor', 'auth.json');
+        case 'opencode':
+            return join(home, '.local', 'share', 'opencode', 'auth.json');
+        case 'droid':
+            return join(home, '.droid', 'auth.json');
+        default:
+            throw new Error(`Unknown CLI type: ${cli}`);
+    }
+}
+/**
+ * Get all config paths for a CLI (for clearing)
+ */
+export function getConfigPaths(cli) {
+    const home = homedir();
+    switch (cli) {
+        case 'claude':
+            return [
+                join(home, '.claude', '.credentials.json'),
+                join(home, '.claude', 'settings.json'),
+                join(home, '.claude', 'settings.local.json'),
+            ];
+        case 'codex':
+            return [
+                join(home, '.codex', 'auth.json'),
+                join(home, '.codex', 'config.json'),
+                join(home, '.codex', 'config.toml'),
+            ];
+        case 'gemini':
+            return [
+                join(home, '.config', 'gcloud', 'application_default_credentials.json'),
+                join(home, '.gemini', 'credentials.json'),
+                join(home, '.gemini', 'settings.json'),
+            ];
+        case 'cursor':
+            return [
+                join(home, '.cursor', 'auth.json'),
+                join(home, '.cursor', 'settings.json'),
+            ];
+        case 'opencode':
+            return [join(home, '.local', 'share', 'opencode', 'auth.json')];
+        case 'droid':
+            return [join(home, '.droid', 'auth.json')];
+        default:
+            throw new Error(`Unknown CLI type: ${cli}`);
+    }
+}
+/**
+ * Extract token info from credential data based on CLI type
+ */
+function extractTokenInfo(cli, data) {
+    let hasAccessToken = false;
+    let hasRefreshToken = false;
+    let expiresAt;
+    switch (cli) {
+        case 'claude': {
+            // Claude format: { claudeAiOauth: { accessToken, refreshToken, expiresAt } }
+            const oauth = data.claudeAiOauth;
+            if (oauth) {
+                hasAccessToken = typeof oauth.accessToken === 'string' && oauth.accessToken.length > 0;
+                hasRefreshToken = typeof oauth.refreshToken === 'string' && oauth.refreshToken.length > 0;
+                if (typeof oauth.expiresAt === 'number') {
+                    expiresAt = new Date(oauth.expiresAt);
+                }
+            }
+            break;
+        }
+        case 'codex': {
+            // Codex format: { tokens: { access_token, refresh_token, expires_at } }
+            const tokens = data.tokens;
+            if (tokens) {
+                hasAccessToken =
+                    typeof tokens.access_token === 'string' && tokens.access_token.length > 0;
+                hasRefreshToken =
+                    typeof tokens.refresh_token === 'string' && tokens.refresh_token.length > 0;
+                if (typeof tokens.expires_at === 'number') {
+                    expiresAt = new Date(tokens.expires_at * 1000); // Unix timestamp
+                }
+            }
+            break;
+        }
+        case 'gemini': {
+            // Google OAuth format: { access_token, refresh_token, expiry_date }
+            hasAccessToken =
+                typeof data.access_token === 'string' && data.access_token.length > 0;
+            hasRefreshToken =
+                typeof data.refresh_token === 'string' && data.refresh_token.length > 0;
+            if (typeof data.expiry_date === 'number') {
+                expiresAt = new Date(data.expiry_date);
+            }
+            break;
+        }
+        case 'cursor':
+        case 'opencode':
+        case 'droid': {
+            // Generic format: { accessToken, refreshToken } or { access_token, refresh_token }
+            hasAccessToken =
+                (typeof data.accessToken === 'string' && data.accessToken.length > 0) ||
+                    (typeof data.access_token === 'string' && data.access_token.length > 0);
+            hasRefreshToken =
+                (typeof data.refreshToken === 'string' && data.refreshToken.length > 0) ||
+                    (typeof data.refresh_token === 'string' && data.refresh_token.length > 0);
+            break;
+        }
+    }
+    return { hasAccessToken, hasRefreshToken, expiresAt };
+}
+/**
+ * Redact sensitive values in credential data
+ */
+function redactData(data) {
+    const redacted = {};
+    for (const [key, value] of Object.entries(data)) {
+        if (typeof value === 'string') {
+            // Redact anything that looks like a token
+            if (key.toLowerCase().includes('token') ||
+                key.toLowerCase().includes('secret') ||
+                key.toLowerCase().includes('key') ||
+                value.length > 40) {
+                redacted[key] = '[REDACTED]';
+            }
+            else {
+                redacted[key] = value;
+            }
+        }
+        else if (typeof value === 'object' && value !== null) {
+            redacted[key] = redactData(value);
+        }
+        else {
+            redacted[key] = value;
+        }
+    }
+    return redacted;
+}
+/**
+ * Check credentials for a specific CLI
+ */
+export function checkCredentials(cli) {
+    const filePath = getCredentialPath(cli);
+    const result = {
+        cli,
+        exists: false,
+        valid: false,
+        hasAccessToken: false,
+        hasRefreshToken: false,
+        filePath,
+    };
+    if (!existsSync(filePath)) {
+        return result;
+    }
+    result.exists = true;
+    try {
+        const content = readFileSync(filePath, 'utf-8');
+        const data = JSON.parse(content);
+        const tokenInfo = extractTokenInfo(cli, data);
+        result.hasAccessToken = tokenInfo.hasAccessToken;
+        result.hasRefreshToken = tokenInfo.hasRefreshToken;
+        result.expiresAt = tokenInfo.expiresAt;
+        // Valid if at least access token is present
+        result.valid = result.hasAccessToken;
+        // Include redacted data for debugging
+        result.data = redactData(data);
+    }
+    catch (err) {
+        result.error = err instanceof Error ? err.message : 'Unknown error';
+    }
+    return result;
+}
+/**
+ * Clear credentials for a specific CLI
+ */
+export function clearCredentials(cli) {
+    const paths = getConfigPaths(cli);
+    const cleared = [];
+    const errors = [];
+    for (const path of paths) {
+        if (existsSync(path)) {
+            try {
+                unlinkSync(path);
+                cleared.push(path);
+            }
+            catch (err) {
+                errors.push(`Failed to remove ${path}: ${err instanceof Error ? err.message : 'Unknown error'}`);
+            }
+        }
+    }
+    return { cleared, errors };
+}
+/**
+ * Clear all CLI credentials
+ */
+export function clearAllCredentials() {
+    const clis = ['claude', 'codex', 'gemini', 'cursor', 'opencode', 'droid'];
+    const results = {};
+    for (const cli of clis) {
+        results[cli] = clearCredentials(cli);
+    }
+    return results;
+}
+/**
+ * Check all CLI credentials
+ */
+export function checkAllCredentials() {
+    const clis = ['claude', 'codex', 'gemini', 'cursor', 'opencode', 'droid'];
+    const results = {};
+    for (const cli of clis) {
+        results[cli] = checkCredentials(cli);
+    }
+    return results;
+}
+//# sourceMappingURL=credential-check.js.map

package/packages/cli-tester/dist/utils/socket-client.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Socket client for communicating with relay-pty Unix socket
+ * Used for programmatic message injection and status queries
+ */
+export interface InjectRequest {
+    type: 'inject';
+    id: string;
+    from: string;
+    body: string;
+    priority?: number;
+}
+export interface StatusRequest {
+    type: 'status';
+}
+export interface InjectResponse {
+    type: 'inject_result';
+    id: string;
+    status: 'queued' | 'injecting' | 'delivered' | 'failed';
+    timestamp: number;
+    error?: string;
+}
+export interface StatusResponse {
+    type: 'status';
+    agent_idle: boolean;
+    queue_length: number;
+    cursor_position: {
+        row: number;
+        col: number;
+    } | null;
+    last_output_ms: number;
+}
+export type RelayPtyResponse = InjectResponse | StatusResponse;
+export declare class RelayPtyClient {
+    private socket;
+    private socketPath;
+    private responseBuffer;
+    constructor(socketPath: string);
+    /**
+     * Connect to the relay-pty socket
+     */
+    connect(): Promise<void>;
+    /**
+     * Send a request and wait for response
+     */
+    private sendRequest;
+    /**
+     * Inject a message into the CLI
+     */
+    inject(message: {
+        from: string;
+        body: string;
+        priority?: number;
+    }): Promise<InjectResponse>;
+    /**
+     * Get current status of the CLI session
+     */
+    getStatus(): Promise<StatusResponse>;
+    /**
+     * Wait for a specific message to be delivered
+     * Returns when the message reaches 'delivered' or 'failed' status
+     */
+    waitForDelivered(messageId: string, timeoutMs?: number): Promise<InjectResponse>;
+    /**
+     * Close the connection
+     */
+    close(): void;
+}
+/**
+ * Helper to create a connected client
+ */
+export declare function createClient(socketPath: string): Promise<RelayPtyClient>;
+/**
+ * Get socket path for a named session
+ */
+export declare function getSocketPath(sessionName: string): string;
+//# sourceMappingURL=socket-client.d.ts.map

package/packages/cli-tester/dist/utils/socket-client.js

@@ -0,0 +1,153 @@
+/**
+ * Socket client for communicating with relay-pty Unix socket
+ * Used for programmatic message injection and status queries
+ */
+import { createConnection } from 'node:net';
+export class RelayPtyClient {
+    socket = null;
+    socketPath;
+    responseBuffer = '';
+    constructor(socketPath) {
+        this.socketPath = socketPath;
+    }
+    /**
+     * Connect to the relay-pty socket
+     */
+    async connect() {
+        return new Promise((resolve, reject) => {
+            this.socket = createConnection(this.socketPath, () => {
+                resolve();
+            });
+            this.socket.on('error', (err) => {
+                reject(new Error(`Failed to connect to ${this.socketPath}: ${err.message}`));
+            });
+            this.socket.on('data', (data) => {
+                this.responseBuffer += data.toString();
+            });
+        });
+    }
+    /**
+     * Send a request and wait for response
+     */
+    async sendRequest(request) {
+        if (!this.socket) {
+            throw new Error('Not connected. Call connect() first.');
+        }
+        return new Promise((resolve, reject) => {
+            const timeout = setTimeout(() => {
+                reject(new Error('Request timed out'));
+            }, 10000);
+            // Clear buffer before sending
+            this.responseBuffer = '';
+            // Set up response handler
+            const checkResponse = () => {
+                const lines = this.responseBuffer.split('\n');
+                for (const line of lines) {
+                    if (line.trim()) {
+                        try {
+                            const response = JSON.parse(line);
+                            clearTimeout(timeout);
+                            resolve(response);
+                            return;
+                        }
+                        catch {
+                            // Not valid JSON yet, keep waiting
+                        }
+                    }
+                }
+                // Keep checking
+                setTimeout(checkResponse, 50);
+            };
+            // Send request
+            const requestStr = JSON.stringify(request) + '\n';
+            this.socket.write(requestStr, (err) => {
+                if (err) {
+                    clearTimeout(timeout);
+                    reject(err);
+                }
+                else {
+                    checkResponse();
+                }
+            });
+        });
+    }
+    /**
+     * Inject a message into the CLI
+     */
+    async inject(message) {
+        const request = {
+            type: 'inject',
+            id: `ts-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+            from: message.from,
+            body: message.body,
+            priority: message.priority ?? 0,
+        };
+        return this.sendRequest(request);
+    }
+    /**
+     * Get current status of the CLI session
+     */
+    async getStatus() {
+        const request = { type: 'status' };
+        return this.sendRequest(request);
+    }
+    /**
+     * Wait for a specific message to be delivered
+     * Returns when the message reaches 'delivered' or 'failed' status
+     */
+    async waitForDelivered(messageId, timeoutMs = 30000) {
+        const startTime = Date.now();
+        return new Promise((resolve, reject) => {
+            const checkBuffer = () => {
+                if (Date.now() - startTime > timeoutMs) {
+                    reject(new Error(`Timeout waiting for message ${messageId} to be delivered`));
+                    return;
+                }
+                const lines = this.responseBuffer.split('\n');
+                for (const line of lines) {
+                    if (line.trim()) {
+                        try {
+                            const response = JSON.parse(line);
+                            if (response.type === 'inject_result' &&
+                                response.id === messageId &&
+                                (response.status === 'delivered' || response.status === 'failed')) {
+                                resolve(response);
+                                return;
+                            }
+                        }
+                        catch {
+                            // Not valid JSON, skip
+                        }
+                    }
+                }
+                // Keep checking
+                setTimeout(checkBuffer, 100);
+            };
+            checkBuffer();
+        });
+    }
+    /**
+     * Close the connection
+     */
+    close() {
+        if (this.socket) {
+            this.socket.destroy();
+            this.socket = null;
+        }
+    }
+}
+/**
+ * Helper to create a connected client
+ */
+export async function createClient(socketPath) {
+    const client = new RelayPtyClient(socketPath);
+    await client.connect();
+    return client;
+}
+/**
+ * Get socket path for a named session
+ */
+export function getSocketPath(sessionName) {
+    return `/tmp/relay-pty-${sessionName}.sock`;
+}
+//# sourceMappingURL=socket-client.js.map

package/packages/cli-tester/docker/entrypoint.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+# CLI Tester Container Entrypoint
+# Simplified entrypoint for CLI authentication testing
+
+set -e
+
+# Ensure config directories exist with correct permissions
+mkdir -p ~/.claude ~/.codex ~/.gemini ~/.cursor ~/.config ~/.local/share/opencode 2>/dev/null || true
+
+echo "========================================"
+echo "  CLI Auth Tester Environment"
+echo "========================================"
+echo ""
+
+# Show available CLIs
+echo "Available CLI tools:"
+for cli in claude codex gemini opencode droid copilot; do
+    if command -v $cli &> /dev/null; then
+        version=$($cli --version 2>/dev/null | head -n1 || echo "installed")
+        echo "  ✓ $cli ($version)"
+    else
+        echo "  ✗ $cli (not installed)"
+    fi
+done
+# Cursor installs as 'agent'
+if command -v agent &> /dev/null; then
+    version=$(agent --version 2>/dev/null | head -n1 || echo "installed")
+    echo "  ✓ cursor/agent ($version)"
+else
+    echo "  ✗ cursor/agent (not installed)"
+fi
+echo ""
+
+# Show relay-pty status
+if command -v relay-pty &> /dev/null; then
+    echo "relay-pty: ✓ available"
+else
+    echo "relay-pty: ✗ not found"
+fi
+echo ""
+
+# Show usage
+echo "Quick Start:"
+echo "  test-cli.sh claude      # Test Claude CLI with relay-pty"
+echo "  test-cli.sh codex       # Test Codex CLI with relay-pty"
+echo "  verify-auth.sh claude   # Check if credentials exist"
+echo "  clear-auth.sh claude    # Clear credentials for fresh test"
+echo ""
+echo "For debugging:"
+echo "  DEBUG=1 test-cli.sh cursor  # Verbose output"
+echo ""
+
+# Execute the provided command or drop into shell
+if [ $# -gt 0 ]; then
+    exec "$@"
+else
+    exec /bin/bash
+fi

package/packages/cli-tester/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "@agent-relay/cli-tester",
+  "version": "2.0.21",
+  "description": "Manual interactive testing for CLI authentication flows",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "start": "./scripts/start.sh",
+    "start:clean": "./scripts/start.sh --clean",
+    "start:daemon": "./scripts/start.sh --daemon",
+    "docker:build": "docker compose -f docker/docker-compose.yml build",
+    "docker:up": "docker compose -f docker/docker-compose.yml up",
+    "docker:up:daemon": "docker compose -f docker/docker-compose.yml --profile daemon up",
+    "docker:down": "docker compose -f docker/docker-compose.yml down",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "keywords": [
+    "cli",
+    "testing",
+    "authentication",
+    "relay-pty"
+  ],
+  "author": "Agent Workforce",
+  "license": "Apache-2.0",
+  "devDependencies": {
+    "typescript": "^5.3.3",
+    "vitest": "^1.2.0"
+  }
+}

package/packages/cli-tester/scripts/clear-auth.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+# Clear CLI credentials for fresh testing
+# Usage: ./clear-auth.sh <cli|all>
+# Example: ./clear-auth.sh claude
+#          ./clear-auth.sh all
+
+CLI=${1:-}
+
+if [ -z "$CLI" ]; then
+    echo "Usage: ./clear-auth.sh <cli|all>"
+    echo ""
+    echo "Options:"
+    echo "  claude   - Clear Claude credentials"
+    echo "  codex    - Clear Codex credentials"
+    echo "  gemini   - Clear Gemini credentials"
+    echo "  cursor   - Clear Cursor credentials"
+    echo "  opencode - Clear OpenCode credentials"
+    echo "  droid    - Clear Droid credentials"
+    echo "  copilot  - Clear GitHub Copilot credentials"
+    echo "  all      - Clear all credentials"
+    exit 1
+fi
+
+clear_cli() {
+    local cli=$1
+    local dir=""
+    local files=()
+
+    case $cli in
+        claude)
+            dir="$HOME/.claude"
+            files=(".credentials.json" "settings.json" "settings.local.json")
+            ;;
+        codex)
+            dir="$HOME/.codex"
+            files=("auth.json" "config.json" "config.toml")
+            ;;
+        gemini)
+            dir="$HOME/.gemini"
+            files=("credentials.json" "settings.json")
+            # Also check gcloud location
+            if [ -f "$HOME/.config/gcloud/application_default_credentials.json" ]; then
+                echo "  Removing: $HOME/.config/gcloud/application_default_credentials.json"
+                rm -f "$HOME/.config/gcloud/application_default_credentials.json"
+            fi
+            ;;
+        cursor|agent)
+            # Cursor CLI installs as 'agent', credentials in ~/.cursor/
+            dir="$HOME/.cursor"
+            files=("auth.json" "settings.json")
+            ;;
+        opencode)
+            dir="$HOME/.local/share/opencode"
+            files=("auth.json")
+            ;;
+        droid)
+            dir="$HOME/.droid"
+            files=("auth.json")
+            ;;
+        copilot)
+            # GitHub Copilot uses gh CLI auth - stored in ~/.config/gh/
+            dir="$HOME/.config/gh"
+            files=("hosts.yml" "config.yml")
+            ;;
+        *)
+            echo "Unknown CLI: $cli"
+            return 1
+            ;;
+    esac
+
+    echo "Clearing credentials for: $cli"
+
+    if [ -d "$dir" ]; then
+        for file in "${files[@]}"; do
+            if [ -f "$dir/$file" ]; then
+                echo "  Removing: $dir/$file"
+                rm -f "$dir/$file"
+            fi
+        done
+        echo "  ✓ Done"
+    else
+        echo "  (no config directory found)"
+    fi
+}
+
+echo "========================================"
+echo "  Clearing CLI Credentials"
+echo "========================================"
+echo ""
+
+if [ "$CLI" = "all" ]; then
+    for c in claude codex gemini cursor opencode droid copilot; do
+        clear_cli "$c"
+        echo ""
+    done
+else
+    clear_cli "$CLI"
+fi
+
+echo ""
+echo "Credentials cleared. Run test-cli.sh to test fresh authentication."

package/packages/cli-tester/scripts/inject-message.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# Send a message to a CLI via relay-pty socket
+# Usage: ./inject-message.sh <session-name> <message>
+# Example: ./inject-message.sh test-claude "What is 2+2?"
+
+NAME=${1:-test-claude}
+MESSAGE=${2:-"Test message from inject script"}
+SOCKET="/tmp/relay-pty-${NAME}.sock"
+
+if [ ! -S "$SOCKET" ]; then
+    echo "Error: Socket not found: $SOCKET"
+    echo ""
+    echo "Make sure relay-pty is running with --name ${NAME}"
+    echo "Run: test-cli.sh ${NAME#test-}"
+    exit 1
+fi
+
+# Generate unique message ID
+MSG_ID="manual-$(date +%s)-$RANDOM"
+
+echo "Sending message to $NAME..."
+echo "  Socket: $SOCKET"
+echo "  Message ID: $MSG_ID"
+echo "  Body: $MESSAGE"
+echo ""
+
+# Build JSON request
+REQUEST=$(cat <<EOF
+{"type":"inject","id":"$MSG_ID","from":"Tester","body":"$MESSAGE","priority":0}
+EOF
+)
+
+# Send request and read response
+# nc -U connects to Unix socket, -q 1 waits 1 second for response
+echo "$REQUEST" | nc -U "$SOCKET" -q 2 | while read -r line; do
+    if [ -n "$line" ]; then
+        echo "Response: $line" | jq '.' 2>/dev/null || echo "Response: $line"
+    fi
+done
+
+echo ""
+echo "Message sent. Check the CLI session to see if it was delivered."