npm - assistme - Versions diffs - 0.1.3 → 0.1.5 - Mend

assistme 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/{chunk-H5BZPIOY.js → chunk-QXT7DH44.js} +114 -189
package/dist/index.js +7 -14
package/dist/{supabase-DTKGPEER.js → supabase-QU7MFNDI.js} +3 -5
package/package.json +1 -1
package/src/agent/processor.test.ts +2 -3
package/src/agent/processor.ts +1 -7
package/src/agent/session.test.ts +11 -11
package/src/agent/session.ts +6 -5
package/src/db/supabase.ts +139 -320

package/dist/{chunk-H5BZPIOY.js → chunk-QXT7DH44.js} RENAMED Viewed

@@ -1,5 +1,6 @@
 // src/db/supabase.ts
 import { createClient } from "@supabase/supabase-js";
+import { createHash } from "crypto";
 // src/utils/config.ts
 import Conf from "conf";
@@ -137,22 +138,6 @@ function writeAuthStore(data) {
   ensureAuthDir();
   writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 384 });
 }
-var fileStorage = {
-  getItem(key) {
-    const store = readAuthStore();
-    return store[key] ?? null;
-  },
-  setItem(key, value) {
-    const store = readAuthStore();
-    store[key] = value;
-    writeAuthStore(store);
-  },
-  removeItem(key) {
-    const store = readAuthStore();
-    delete store[key];
-    writeAuthStore(store);
-  }
-};
 var supabase = null;
 function getSupabase() {
   if (!supabase) {
@@ -163,230 +148,171 @@ function getSupabase() {
       );
     }
     supabase = createClient(config2.supabaseUrl, config2.supabaseAnonKey, {
-      auth: {
-        storage: fileStorage,
-        autoRefreshToken: true,
-        persistSession: true
-      }
+      auth: { persistSession: false }
     });
   }
   return supabase;
 }
-async function exchangeCliToken(cliToken) {
-  const config2 = getConfig();
-  const exchangeUrl = `${config2.supabaseUrl}/functions/v1/cli-token-exchange`;
-  const res = await fetch(exchangeUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      apikey: config2.supabaseAnonKey
-    },
-    body: JSON.stringify({ token: cliToken })
-  });
-  if (!res.ok) {
-    const body = await res.json().catch(() => ({ error: res.statusText }));
-    throw new Error(body.error || `Token exchange failed (${res.status})`);
-  }
-  const data = await res.json();
-  if (!data.access_token || !data.refresh_token) {
-    throw new Error("Token exchange returned incomplete session");
+function hashToken(token) {
+  return createHash("sha256").update(token).digest("hex");
+}
+function getTokenHash() {
+  const store = readAuthStore();
+  const token = store["mcp_token"];
+  if (!token || !token.startsWith("am_")) {
+    throw new Error("Not authenticated. Run `assistme login`.");
   }
-  return data;
+  return hashToken(token);
 }
-async function loginWithToken(cliToken) {
-  if (!cliToken.startsWith("am_")) {
+async function loginWithToken(mcpToken) {
+  if (!mcpToken.startsWith("am_")) {
     throw new Error(
       "Invalid token format. Use an am_ token from the web page."
     );
   }
-  const sessionTokens = await exchangeCliToken(cliToken);
-  const store = readAuthStore();
-  store["cli_token"] = cliToken;
-  writeAuthStore(store);
+  const hash = hashToken(mcpToken);
   const sb = getSupabase();
-  const { data, error } = await sb.auth.setSession({
-    access_token: sessionTokens.access_token,
-    refresh_token: sessionTokens.refresh_token
+  const { data, error } = await sb.rpc("validate_mcp_token", {
+    p_token_hash: hash
   });
-  if (error) throw new Error(`Login failed: ${error.message}`);
-  if (!data.user) throw new Error("Login failed: no user returned");
-  return data.user.id;
-}
-async function refreshWithCliToken() {
+  if (error) throw new Error(`Token validation failed: ${error.message}`);
+  if (!data || data.length === 0) throw new Error("Invalid or expired token");
   const store = readAuthStore();
-  const cliToken = store["cli_token"];
-  if (!cliToken || !cliToken.startsWith("am_")) return null;
-  try {
-    const sessionTokens = await exchangeCliToken(cliToken);
-    const sb = getSupabase();
-    const { data, error } = await sb.auth.setSession({
-      access_token: sessionTokens.access_token,
-      refresh_token: sessionTokens.refresh_token
-    });
-    if (error || !data.user) return null;
-    return data.user.id;
-  } catch {
-    return null;
-  }
-}
-async function getSession() {
-  const sb = getSupabase();
-  const { data } = await sb.auth.getSession();
-  return data.session;
+  store["mcp_token"] = mcpToken;
+  writeAuthStore(store);
+  return data[0].out_user_id;
 }
 async function getCurrentUserId() {
+  const hash = getTokenHash();
   const sb = getSupabase();
-  const { data, error } = await sb.auth.getUser();
-  if (error || !data.user) {
-    const refreshed = await refreshWithCliToken();
-    if (refreshed) return refreshed;
-    throw new Error("Not authenticated. Run `assistme login`.");
+  const { data, error } = await sb.rpc("validate_mcp_token", {
+    p_token_hash: hash
+  });
+  if (error || !data || data.length === 0) {
+    throw new Error("Token expired or revoked. Run `assistme login`.");
   }
-  return data.user.id;
+  return data[0].out_user_id;
 }
 async function logout() {
-  const sb = getSupabase();
-  await sb.auth.signOut();
   try {
     writeAuthStore({});
   } catch {
   }
 }
-async function createSession(userId, sessionName, workspacePath, version) {
+async function createSession(_userId, sessionName, workspacePath, version) {
   const sb = getSupabase();
-  const { data, error } = await sb.from("agent_sessions").insert({
-    user_id: userId,
-    session_name: sessionName,
-    status: "online",
-    workspace_path: workspacePath,
-    agent_version: version,
-    metadata: { model: getConfig().model }
-  }).select().single();
+  const { data, error } = await sb.rpc("mcp_create_session", {
+    p_token_hash: getTokenHash(),
+    p_session_name: sessionName,
+    p_workspace_path: workspacePath,
+    p_version: version,
+    p_model: getConfig().model || null
+  });
   if (error) throw new Error(`Failed to create session: ${error.message}`);
   return data;
 }
 async function updateHeartbeat(sessionId) {
   const sb = getSupabase();
-  const { error } = await sb.from("agent_sessions").update({ last_heartbeat_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", sessionId);
+  const { error } = await sb.rpc("mcp_heartbeat", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId
+  });
   if (error) log.warn(`Heartbeat update failed: ${error.message}`);
 }
 async function endSession(sessionId) {
   const sb = getSupabase();
-  const { error } = await sb.from("agent_sessions").update({
-    status: "offline",
-    ended_at: (/* @__PURE__ */ new Date()).toISOString()
-  }).eq("id", sessionId);
+  const { error } = await sb.rpc("mcp_end_session", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId
+  });
   if (error) log.error(`Failed to end session: ${error.message}`);
 }
 async function setSessionBusy(sessionId, busy) {
   const sb = getSupabase();
-  await sb.from("agent_sessions").update({ status: busy ? "busy" : "online" }).eq("id", sessionId);
+  await sb.rpc("mcp_set_session_busy", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId,
+    p_busy: busy
+  });
 }
-async function getOrCreateCliConversation(userId, sessionId) {
+async function getOrCreateCliConversation(_userId, _sessionId) {
   const sb = getSupabase();
-  const { data: existing } = await sb.from("conversations").select("id").eq("agent", "cli").eq("created_by", userId).order("created_at", { ascending: false }).limit(1);
-  if (existing && existing.length > 0) {
-    return existing[0].id;
-  }
-  const { data: conv, error: convErr } = await sb.from("conversations").insert({
-    conversation_type: "direct",
-    agent: "cli",
-    created_by: userId
-  }).select("id").single();
-  if (convErr || !conv) {
-    throw new Error(`Failed to create conversation: ${convErr?.message}`);
-  }
-  await sb.from("conversation_participants").insert([
-    { conversation_id: conv.id, user_id: userId, role: "member" },
-    { conversation_id: conv.id, user_id: CLI_AGENT_ID, role: "member" }
-  ]);
-  return conv.id;
+  const { data, error } = await sb.rpc("mcp_get_or_create_conversation", {
+    p_token_hash: getTokenHash()
+  });
+  if (error) throw new Error(`Failed to get conversation: ${error.message}`);
+  return data;
 }
-async function createTask(conversationId, userId, sessionId, prompt) {
+async function createTask(conversationId, _userId, sessionId, prompt) {
   const sb = getSupabase();
-  const { data: rpcResult, error: rpcError } = await sb.rpc(
-    "create_task_pair",
-    {
-      p_conversation_id: conversationId,
-      p_user_id: userId,
-      p_agent_id: CLI_AGENT_ID,
-      p_session_id: sessionId,
-      p_prompt: prompt
-    }
-  );
-  if (!rpcError && rpcResult) {
-    return { ...rpcResult, prompt };
-  }
-  if (rpcError) {
-    log.debug(`create_task_pair RPC unavailable, using fallback: ${rpcError.message}`);
-  }
-  const { error: userErr } = await sb.from("conversation_messages").insert({
-    conversation_id: conversationId,
-    sender_id: userId,
-    role: "user",
-    content: prompt
+  const { data, error } = await sb.rpc("mcp_create_task", {
+    p_token_hash: getTokenHash(),
+    p_conversation_id: conversationId,
+    p_session_id: sessionId,
+    p_prompt: prompt
   });
-  if (userErr) throw new Error(`Failed to create user message: ${userErr.message}`);
-  const { data, error } = await sb.from("conversation_messages").insert({
-    conversation_id: conversationId,
-    sender_id: CLI_AGENT_ID,
-    role: "assistant",
-    content: "",
-    status: "pending",
-    session_id: sessionId,
-    metadata: { prompt }
-  }).select().single();
   if (error) throw new Error(`Failed to create task: ${error.message}`);
   return { ...data, prompt };
 }
 async function pollPendingTasks(sessionId) {
   const sb = getSupabase();
-  const { data, error } = await sb.from("conversation_messages").select("*").eq("session_id", sessionId).eq("status", "pending").order("created_at", { ascending: true }).limit(1);
+  const { data, error } = await sb.rpc("mcp_poll_tasks", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId
+  });
   if (error) {
     log.warn(`Task poll failed: ${error.message}`);
     return [];
   }
-  return (data || []).map((row) => ({
+  const rows = data || [];
+  return rows.map((row) => ({
     ...row,
     prompt: row.metadata?.prompt || row.content || ""
   }));
 }
+async function pollAndClaimTask(sessionId) {
+  const sb = getSupabase();
+  const { data, error } = await sb.rpc("mcp_poll_and_claim_task", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId
+  });
+  if (error) {
+    log.warn(`Poll-and-claim failed: ${error.message}`);
+    return null;
+  }
+  if (!data) return null;
+  const row = data;
+  return {
+    ...row,
+    prompt: row.metadata?.prompt || row.content || ""
+  };
+}
 async function claimTask(messageId) {
   const sb = getSupabase();
-  const { error } = await sb.from("conversation_messages").update({
-    status: "running",
-    metadata: { started_at: (/* @__PURE__ */ new Date()).toISOString() }
-  }).eq("id", messageId).eq("status", "pending");
+  const { data, error } = await sb.rpc("mcp_claim_task", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId
+  });
   if (error) throw new Error(`Failed to claim task: ${error.message}`);
+  return data;
 }
 async function completeTask(messageId, resultSummary, tokenUsage) {
   const sb = getSupabase();
-  const { data: current } = await sb.from("conversation_messages").select("metadata").eq("id", messageId).single();
-  const existingMeta = current?.metadata || {};
-  const { error } = await sb.from("conversation_messages").update({
-    content: resultSummary,
-    status: "completed",
-    metadata: {
-      ...existingMeta,
-      completed_at: (/* @__PURE__ */ new Date()).toISOString(),
-      token_usage: tokenUsage || null
-    }
-  }).eq("id", messageId);
+  const { error } = await sb.rpc("mcp_complete_task", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+    p_result: resultSummary,
+    p_token_usage: tokenUsage || null
+  });
   if (error) throw new Error(`Failed to complete task: ${error.message}`);
 }
 async function failTask(messageId, errorMessage) {
   const sb = getSupabase();
-  const { data: current } = await sb.from("conversation_messages").select("metadata").eq("id", messageId).single();
-  const existingMeta = current?.metadata || {};
-  const { error } = await sb.from("conversation_messages").update({
-    status: "failed",
-    content: errorMessage,
-    metadata: {
-      ...existingMeta,
-      completed_at: (/* @__PURE__ */ new Date()).toISOString(),
-      error_message: errorMessage
-    }
-  }).eq("id", messageId);
+  const { error } = await sb.rpc("mcp_fail_task", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+    p_error: errorMessage
+  });
   if (error) log.error(`Failed to update task status: ${error.message}`);
 }
 var eventSequence = 0;
@@ -396,26 +322,26 @@ function resetEventSequence() {
 async function emitEvent(messageId, eventType, eventData) {
   const sb = getSupabase();
   eventSequence++;
-  const { error } = await sb.from("message_events").insert({
-    message_id: messageId,
-    event_type: eventType,
-    event_data: eventData,
-    sequence_number: eventSequence
+  const { error } = await sb.rpc("mcp_emit_event", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+    p_event_type: eventType,
+    p_event_data: eventData,
+    p_seq: eventSequence
   });
   if (error) log.warn(`Failed to emit event: ${error.message}`);
 }
 async function emitEvents(messageId, events) {
   const sb = getSupabase();
-  const rows = events.map((e) => {
+  const eventsJson = events.map((e) => {
     eventSequence++;
-    return {
-      message_id: messageId,
-      event_type: e.type,
-      event_data: e.data,
-      sequence_number: eventSequence
-    };
+    return { type: e.type, data: e.data, seq: eventSequence };
+  });
+  const { error } = await sb.rpc("mcp_emit_events", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+    p_events: eventsJson
   });
-  const { error } = await sb.from("message_events").insert(rows);
   if (error) log.warn(`Failed to emit events batch: ${error.message}`);
 }
@@ -432,8 +358,6 @@ export {
   DAYBOX_AGENT_ID,
   getSupabase,
   loginWithToken,
-  refreshWithCliToken,
-  getSession,
   getCurrentUserId,
   logout,
   createSession,
@@ -443,6 +367,7 @@ export {
   getOrCreateCliConversation,
   createTask,
   pollPendingTasks,
+  pollAndClaimTask,
   claimTask,
   completeTask,
   failTask,

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,5 @@
 #!/usr/bin/env node
 import {
-  claimTask,
   clearConfig,
   completeTask,
   createSession,
@@ -17,14 +16,14 @@ import {
   loginWithToken,
   logout,
   newCorrelationId,
-  pollPendingTasks,
+  pollAndClaimTask,
   resetEventSequence,
   setConfig,
   setCorrelationId,
   setLogLevel,
   setSessionBusy,
   updateHeartbeat
-} from "./chunk-H5BZPIOY.js";
+} from "./chunk-QXT7DH44.js";
 // src/index.ts
 import { Command } from "commander";
@@ -277,12 +276,11 @@ var SessionManager = class {
       return;
     }
     try {
-      const tasks = await pollPendingTasks(this.session.id);
+      const task = await pollAndClaimTask(this.session.id);
       this.consecutivePollFailures = 0;
-      if (tasks.length > 0) {
+      if (task) {
         this.processing = true;
-        const task = tasks[0];
-        log.info(`New task received: ${task.id}`);
+        log.info(`New task claimed: ${task.id}`);
         log.agent(`Task from conversation: ${task.conversation_id}`);
         await setSessionBusy(this.session.id, true);
         try {
@@ -2449,11 +2447,6 @@ var TaskProcessor = class {
     const toolCallRecords = [];
     const usedSkillNames = [];
     try {
-      await withRetry(() => claimTask(task.id), {
-        maxRetries: 2,
-        baseDelayMs: 300,
-        label: "claimTask"
-      });
       await emitEvent(task.id, "status_change", { status: "running" });
       let systemPrompt = BASE_SYSTEM_PROMPT.replace(
         "{workspace_path}",
@@ -3087,7 +3080,7 @@ program.command("start", { isDefault: true }).description("Start the agent and l
       }
       log.agent(`Processing: "${input}"`);
       try {
-        const { createTask: createTask2 } = await import("./supabase-DTKGPEER.js");
+        const { createTask: createTask2 } = await import("./supabase-QU7MFNDI.js");
         const session = sessionManager.getSession();
         const conversationId = sessionManager.getConversationId();
         if (session && conversationId) {
@@ -3116,7 +3109,7 @@ program.command("start", { isDefault: true }).description("Start the agent and l
 program.command("status").description("Check the status of the current agent session").action(async () => {
   try {
     const userId = await getCurrentUserId();
-    const { getSupabase: getSupabase2 } = await import("./supabase-DTKGPEER.js");
+    const { getSupabase: getSupabase2 } = await import("./supabase-QU7MFNDI.js");
     const sb = getSupabase2();
     const { data: sessions } = await sb.from("agent_sessions").select("*").eq("user_id", userId).in("status", ["online", "busy"]).order("started_at", { ascending: false }).limit(5);
     if (!sessions || sessions.length === 0) {

package/dist/{supabase-DTKGPEER.js → supabase-QU7MFNDI.js} RENAMED Viewed

@@ -11,16 +11,15 @@ import {
   failTask,
   getCurrentUserId,
   getOrCreateCliConversation,
-  getSession,
   getSupabase,
   loginWithToken,
   logout,
+  pollAndClaimTask,
   pollPendingTasks,
-  refreshWithCliToken,
   resetEventSequence,
   setSessionBusy,
   updateHeartbeat
-} from "./chunk-H5BZPIOY.js";
+} from "./chunk-QXT7DH44.js";
 export {
   CLI_AGENT_ID,
   DAYBOX_AGENT_ID,
@@ -34,12 +33,11 @@ export {
   failTask,
   getCurrentUserId,
   getOrCreateCliConversation,
-  getSession,
   getSupabase,
   loginWithToken,
   logout,
+  pollAndClaimTask,
   pollPendingTasks,
-  refreshWithCliToken,
   resetEventSequence,
   setSessionBusy,
   updateHeartbeat

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "assistme",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "AssistMe CLI Agent - AI-powered assistant that controls your real browser",
   "type": "module",
   "main": "dist/index.js",

package/src/agent/processor.test.ts CHANGED Viewed

@@ -19,7 +19,6 @@ vi.mock("@anthropic-ai/claude-agent-sdk", () => ({
 // Mock Supabase DB functions
 const mockDbFns = {
-  claimTask: vi.fn().mockResolvedValue(undefined),
   completeTask: vi.fn().mockResolvedValue(undefined),
   failTask: vi.fn().mockResolvedValue(undefined),
   emitEvent: vi.fn().mockResolvedValue(undefined),
@@ -130,7 +129,7 @@ describe("TaskProcessor", () => {
     await processor.processTask(makeTask("say hello"));
-    expect(mockDbFns.claimTask).toHaveBeenCalledWith("task-001");
+    // Task is already claimed by pollAndClaimTask in session.ts, not processor
     expect(mockDbFns.completeTask).toHaveBeenCalledWith(
       "task-001",
       expect.stringContaining("Hello!")
@@ -196,7 +195,7 @@ describe("TaskProcessor", () => {
   });
   it("handles task failure gracefully", async () => {
-    mockDbFns.claimTask.mockRejectedValueOnce(new Error("DB error"));
+    mockDbFns.emitEvent.mockRejectedValueOnce(new Error("DB error"));
     await processor.processTask(makeTask("will fail"));

package/src/agent/processor.ts CHANGED Viewed

@@ -5,7 +5,6 @@ import {
 } from "@anthropic-ai/claude-agent-sdk";
 import {
   AgentTask,
-  claimTask,
   completeTask,
   failTask,
   emitEvent,
@@ -108,12 +107,7 @@ export class TaskProcessor {
     const usedSkillNames: string[] = [];
     try {
-      // Claim the task (with retry for transient DB failures)
-      await withRetry(() => claimTask(task.id), {
-        maxRetries: 2,
-        baseDelayMs: 300,
-        label: "claimTask",
-      });
+      // Task is already claimed atomically by pollAndClaimTask in session.ts
       await emitEvent(task.id, "status_change", { status: "running" });
       // Build system prompt with memories + skills

package/src/agent/session.test.ts CHANGED Viewed

@@ -30,7 +30,7 @@ const mockCreateSession = vi.fn().mockResolvedValue(mockSession);
 const mockUpdateHeartbeat = vi.fn().mockResolvedValue(undefined);
 const mockEndSession = vi.fn().mockResolvedValue(undefined);
 const mockSetSessionBusy = vi.fn().mockResolvedValue(undefined);
-const mockPollPendingTasks = vi.fn().mockResolvedValue([]);
+const mockPollAndClaimTask = vi.fn().mockResolvedValue(null);
 const mockGetOrCreateCliConversation = vi.fn().mockResolvedValue("conv-001");
 vi.mock("../db/supabase.js", () => ({
@@ -38,7 +38,7 @@ vi.mock("../db/supabase.js", () => ({
   updateHeartbeat: (...args: any[]) => mockUpdateHeartbeat(...args),
   endSession: (...args: any[]) => mockEndSession(...args),
   setSessionBusy: (...args: any[]) => mockSetSessionBusy(...args),
-  pollPendingTasks: (...args: any[]) => mockPollPendingTasks(...args),
+  pollAndClaimTask: (...args: any[]) => mockPollAndClaimTask(...args),
   createTask: vi.fn().mockResolvedValue({ id: "task-001", prompt: "test" }),
   getOrCreateCliConversation: (...args: any[]) => mockGetOrCreateCliConversation(...args),
   getSupabase: vi.fn().mockReturnValue({ from: vi.fn().mockReturnValue(chain) }),
@@ -79,7 +79,7 @@ describe("SessionManager", () => {
     mockUpdateHeartbeat.mockResolvedValue(undefined);
     mockEndSession.mockResolvedValue(undefined);
     mockSetSessionBusy.mockResolvedValue(undefined);
-    mockPollPendingTasks.mockResolvedValue([]);
+    mockPollAndClaimTask.mockResolvedValue(null);
     vi.useFakeTimers({ shouldAdvanceTime: true });
     manager = new SessionManager();
   });
@@ -117,12 +117,12 @@ describe("SessionManager", () => {
     await vi.advanceTimersByTimeAsync(3_000);
-    expect(mockPollPendingTasks).toHaveBeenCalledWith("sess-001");
+    expect(mockPollAndClaimTask).toHaveBeenCalledWith("sess-001");
   });
-  it("processes tasks when polled", async () => {
+  it("processes tasks when polled and claimed atomically", async () => {
     const task = { id: "task-001", conversation_id: "conv-001", prompt: "hello" };
-    mockPollPendingTasks.mockResolvedValueOnce([task]);
+    mockPollAndClaimTask.mockResolvedValueOnce(task);
     await manager.start("user-123", onTask);
     await vi.advanceTimersByTimeAsync(3_000);
@@ -133,24 +133,24 @@ describe("SessionManager", () => {
   });
   it("applies exponential backoff on poll failures", async () => {
-    mockPollPendingTasks
+    mockPollAndClaimTask
       .mockRejectedValueOnce(new Error("Network error"))
       .mockRejectedValueOnce(new Error("Network error"))
-      .mockResolvedValue([]);
+      .mockResolvedValue(null);
     await manager.start("user-123", onTask);
     // First poll at ~2s base interval
     await vi.advanceTimersByTimeAsync(3_000);
-    expect(mockPollPendingTasks).toHaveBeenCalledTimes(1);
+    expect(mockPollAndClaimTask).toHaveBeenCalledTimes(1);
     // After first failure: backoff = 2s * 2^1 = 4s → fires at ~6s total
     await vi.advanceTimersByTimeAsync(4_000);
-    expect(mockPollPendingTasks).toHaveBeenCalledTimes(2);
+    expect(mockPollAndClaimTask).toHaveBeenCalledTimes(2);
     // After second failure: backoff = 2s * 2^2 = 8s → fires at ~14s total
     await vi.advanceTimersByTimeAsync(8_500);
-    expect(mockPollPendingTasks).toHaveBeenCalledTimes(3);
+    expect(mockPollAndClaimTask).toHaveBeenCalledTimes(3);
     // Third call succeeds, so backoff resets. Next poll at 2s would be at ~16s
     // We don't advance that far, so only 3 calls total.
   });

package/src/agent/session.ts CHANGED Viewed

@@ -3,7 +3,7 @@ import {
   updateHeartbeat,
   endSession,
   setSessionBusy,
-  pollPendingTasks,
+  pollAndClaimTask,
   createTask,
   getOrCreateCliConversation,
   getSupabase,
@@ -145,14 +145,15 @@ export class SessionManager {
     }
     try {
-      const tasks = await pollPendingTasks(this.session.id);
+      // Atomic poll + claim: if a pending task exists, it's claimed in one DB call.
+      // FOR UPDATE SKIP LOCKED ensures no two CLIs grab the same task.
+      const task = await pollAndClaimTask(this.session.id);
       // Reset backoff on success
       this.consecutivePollFailures = 0;
-      if (tasks.length > 0) {
+      if (task) {
         this.processing = true;
-        const task = tasks[0];
-        log.info(`New task received: ${task.id}`);
+        log.info(`New task claimed: ${task.id}`);
         log.agent(`Task from conversation: ${task.conversation_id}`);
         await setSessionBusy(this.session.id, true);

package/src/db/supabase.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { createClient, SupabaseClient } from "@supabase/supabase-js";
+import { createHash } from "crypto";
 import { getConfig } from "../utils/config.js";
 import { log } from "../utils/logger.js";
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
@@ -10,8 +11,7 @@ import { homedir } from "os";
 export const CLI_AGENT_ID = "00000000-0000-0000-0000-000000000001";
 export const DAYBOX_AGENT_ID = "00000000-0000-0000-0000-000000000002";
-// ── File-Based Storage Adapter ─────────────────────────────────────
-// Node.js has no localStorage, so we persist Supabase auth tokens to disk.
+// ── Auth Store (persists am_ token to disk) ──────────────────────────
 const AUTH_DIR = join(homedir(), ".config", "assistme");
 const AUTH_FILE = join(AUTH_DIR, "auth.json");
@@ -38,28 +38,7 @@ function writeAuthStore(data: Record<string, string>) {
   writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 0o600 });
 }
-/**
- * Custom storage adapter for Supabase client.
- * Persists auth sessions to ~/.config/assistme/auth.json
- */
-const fileStorage = {
-  getItem(key: string): string | null {
-    const store = readAuthStore();
-    return store[key] ?? null;
-  },
-  setItem(key: string, value: string): void {
-    const store = readAuthStore();
-    store[key] = value;
-    writeAuthStore(store);
-  },
-  removeItem(key: string): void {
-    const store = readAuthStore();
-    delete store[key];
-    writeAuthStore(store);
-  },
-};
-// ── Supabase Client ────────────────────────────────────────────────
+// ── Supabase Client (anon key only, no auth session) ────────────────
 let supabase: SupabaseClient | null = null;
@@ -72,122 +51,72 @@ export function getSupabase(): SupabaseClient {
       );
     }
     supabase = createClient(config.supabaseUrl, config.supabaseAnonKey, {
-      auth: {
-        storage: fileStorage,
-        autoRefreshToken: true,
-        persistSession: true,
-      },
+      auth: { persistSession: false },
     });
   }
   return supabase;
 }
-// ── Auth: Token-Based Login ────────────────────────────────────────
-/**
- * Exchange an am_ CLI token for a Supabase session via the Edge Function.
- */
-async function exchangeCliToken(
-  cliToken: string
-): Promise<{ access_token: string; refresh_token: string }> {
-  const config = getConfig();
-  const exchangeUrl = `${config.supabaseUrl}/functions/v1/cli-token-exchange`;
-  const res = await fetch(exchangeUrl, {
-    method: "POST",
-    headers: {
-      "Content-Type": "application/json",
-      apikey: config.supabaseAnonKey,
-    },
-    body: JSON.stringify({ token: cliToken }),
-  });
+// ── Token Hash ──────────────────────────────────────────────────────
-  if (!res.ok) {
-    const body = await res.json().catch(() => ({ error: res.statusText }));
-    throw new Error(body.error || `Token exchange failed (${res.status})`);
-  }
+function hashToken(token: string): string {
+  return createHash("sha256").update(token).digest("hex");
+}
-  const data = await res.json();
-  if (!data.access_token || !data.refresh_token) {
-    throw new Error("Token exchange returned incomplete session");
+/** Get stored token hash (computed from persisted am_ token). */
+function getTokenHash(): string {
+  const store = readAuthStore();
+  const token = store["mcp_token"];
+  if (!token || !token.startsWith("am_")) {
+    throw new Error("Not authenticated. Run `assistme login`.");
   }
-  return data;
+  return hashToken(token);
 }
+// ── Auth ─────────────────────────────────────────────────────────────
 /**
- * Login using an am_ CLI token (exchanged via Edge Function for a Supabase session).
+ * Login using an am_ MCP token.
+ * Validates against DB via validate_mcp_token RPC, stores locally.
  */
-export async function loginWithToken(cliToken: string): Promise<string> {
-  if (!cliToken.startsWith("am_")) {
+export async function loginWithToken(mcpToken: string): Promise<string> {
+  if (!mcpToken.startsWith("am_")) {
     throw new Error(
       "Invalid token format. Use an am_ token from the web page."
     );
   }
-  const sessionTokens = await exchangeCliToken(cliToken);
-  // Persist the CLI token so we can re-authenticate later
-  const store = readAuthStore();
-  store["cli_token"] = cliToken;
-  writeAuthStore(store);
+  const hash = hashToken(mcpToken);
   const sb = getSupabase();
-  const { data, error } = await sb.auth.setSession({
-    access_token: sessionTokens.access_token,
-    refresh_token: sessionTokens.refresh_token,
+  const { data, error } = await sb.rpc("validate_mcp_token", {
+    p_token_hash: hash,
   });
-  if (error) throw new Error(`Login failed: ${error.message}`);
-  if (!data.user) throw new Error("Login failed: no user returned");
+  if (error) throw new Error(`Token validation failed: ${error.message}`);
+  if (!data || data.length === 0) throw new Error("Invalid or expired token");
-  return data.user.id;
-}
-/**
- * Re-authenticate using the stored CLI token (am_).
- * Called automatically when the Supabase session has expired.
- */
-export async function refreshWithCliToken(): Promise<string | null> {
+  // Persist token
   const store = readAuthStore();
-  const cliToken = store["cli_token"];
-  if (!cliToken || !cliToken.startsWith("am_")) return null;
-  try {
-    const sessionTokens = await exchangeCliToken(cliToken);
-    const sb = getSupabase();
-    const { data, error } = await sb.auth.setSession({
-      access_token: sessionTokens.access_token,
-      refresh_token: sessionTokens.refresh_token,
-    });
-    if (error || !data.user) return null;
-    return data.user.id;
-  } catch {
-    return null;
-  }
-}
+  store["mcp_token"] = mcpToken;
+  writeAuthStore(store);
-export async function getSession() {
-  const sb = getSupabase();
-  const { data } = await sb.auth.getSession();
-  return data.session;
+  return data[0].out_user_id;
 }
 export async function getCurrentUserId(): Promise<string> {
+  const hash = getTokenHash();
   const sb = getSupabase();
-  const { data, error } = await sb.auth.getUser();
-  if (error || !data.user) {
-    // Try auto-refresh with stored CLI token
-    const refreshed = await refreshWithCliToken();
-    if (refreshed) return refreshed;
-    throw new Error("Not authenticated. Run `assistme login`.");
+  const { data, error } = await sb.rpc("validate_mcp_token", {
+    p_token_hash: hash,
+  });
+  if (error || !data || data.length === 0) {
+    throw new Error("Token expired or revoked. Run `assistme login`.");
   }
-  return data.user.id;
+  return data[0].out_user_id;
 }
 export async function logout(): Promise<void> {
-  const sb = getSupabase();
-  await sb.auth.signOut();
-  // Also clear the file
   try {
     writeAuthStore({});
   } catch {
@@ -211,24 +140,19 @@ export interface AgentSession {
 }
 export async function createSession(
-  userId: string,
+  _userId: string,
   sessionName: string,
   workspacePath: string,
   version: string
 ): Promise<AgentSession> {
   const sb = getSupabase();
-  const { data, error } = await sb
-    .from("agent_sessions")
-    .insert({
-      user_id: userId,
-      session_name: sessionName,
-      status: "online",
-      workspace_path: workspacePath,
-      agent_version: version,
-      metadata: { model: getConfig().model },
-    })
-    .select()
-    .single();
+  const { data, error } = await sb.rpc("mcp_create_session", {
+    p_token_hash: getTokenHash(),
+    p_session_name: sessionName,
+    p_workspace_path: workspacePath,
+    p_version: version,
+    p_model: getConfig().model || null,
+  });
   if (error) throw new Error(`Failed to create session: ${error.message}`);
   return data as AgentSession;
@@ -236,24 +160,19 @@ export async function createSession(
 export async function updateHeartbeat(sessionId: string): Promise<void> {
   const sb = getSupabase();
-  const { error } = await sb
-    .from("agent_sessions")
-    .update({ last_heartbeat_at: new Date().toISOString() })
-    .eq("id", sessionId);
+  const { error } = await sb.rpc("mcp_heartbeat", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId,
+  });
   if (error) log.warn(`Heartbeat update failed: ${error.message}`);
 }
 export async function endSession(sessionId: string): Promise<void> {
   const sb = getSupabase();
-  const { error } = await sb
-    .from("agent_sessions")
-    .update({
-      status: "offline",
-      ended_at: new Date().toISOString(),
-    })
-    .eq("id", sessionId);
+  const { error } = await sb.rpc("mcp_end_session", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId,
+  });
   if (error) log.error(`Failed to end session: ${error.message}`);
 }
@@ -262,64 +181,28 @@ export async function setSessionBusy(
   busy: boolean
 ): Promise<void> {
   const sb = getSupabase();
-  await sb
-    .from("agent_sessions")
-    .update({ status: busy ? "busy" : "online" })
-    .eq("id", sessionId);
+  await sb.rpc("mcp_set_session_busy", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId,
+    p_busy: busy,
+  });
 }
 // ── Conversation Management ─────────────────────────────────────────
-/**
- * Find or create a CLI conversation for a given session.
- * Each agent session gets one conversation.
- */
 export async function getOrCreateCliConversation(
-  userId: string,
-  sessionId: string
+  _userId: string,
+  _sessionId: string
 ): Promise<string> {
   const sb = getSupabase();
-  // Check if a CLI conversation already exists for this user's current session
-  // by looking for conversations where the agent is 'cli' and user is participant
-  const { data: existing } = await sb
-    .from("conversations")
-    .select("id")
-    .eq("agent", "cli")
-    .eq("created_by", userId)
-    .order("created_at", { ascending: false })
-    .limit(1);
-  if (existing && existing.length > 0) {
-    return existing[0].id;
-  }
-  // Create new conversation
-  const { data: conv, error: convErr } = await sb
-    .from("conversations")
-    .insert({
-      conversation_type: "direct",
-      agent: "cli",
-      created_by: userId,
-    })
-    .select("id")
-    .single();
-  if (convErr || !conv) {
-    throw new Error(`Failed to create conversation: ${convErr?.message}`);
-  }
-  // Add participants: user + CLI agent
-  await sb.from("conversation_participants").insert([
-    { conversation_id: conv.id, user_id: userId, role: "member" },
-    { conversation_id: conv.id, user_id: CLI_AGENT_ID, role: "member" },
-  ]);
-  return conv.id;
+  const { data, error } = await sb.rpc("mcp_get_or_create_conversation", {
+    p_token_hash: getTokenHash(),
+  });
+  if (error) throw new Error(`Failed to get conversation: ${error.message}`);
+  return data as string;
 }
 // ── Message / Task Management ────────────────────────────────────────
-// A "task" is now an assistant message in conversation_messages with a status.
 export interface ConversationMessage {
   id: string;
@@ -334,115 +217,88 @@ export interface ConversationMessage {
   metadata: Record<string, unknown>;
   created_at: string;
   updated_at: string;
-  /** The original user prompt (stored in metadata for assistant messages) */
   prompt: string;
 }
-// Keep AgentTask as an alias for backward compatibility with processor.ts
 export type AgentTask = ConversationMessage;
-/**
- * Create a user prompt + pending assistant message pair atomically.
- * Uses a PG function for transactional safety. Falls back to sequential
- * inserts if the function doesn't exist yet.
- * Returns the assistant message (the "task" to process).
- */
 export async function createTask(
   conversationId: string,
-  userId: string,
+  _userId: string,
   sessionId: string,
   prompt: string
 ): Promise<ConversationMessage> {
   const sb = getSupabase();
-  // Try atomic RPC first
-  const { data: rpcResult, error: rpcError } = await sb.rpc(
-    "create_task_pair",
-    {
-      p_conversation_id: conversationId,
-      p_user_id: userId,
-      p_agent_id: CLI_AGENT_ID,
-      p_session_id: sessionId,
-      p_prompt: prompt,
-    }
-  );
-  if (!rpcError && rpcResult) {
-    return { ...rpcResult, prompt } as ConversationMessage;
-  }
-  // Fallback: sequential inserts (for environments without the PG function)
-  if (rpcError) {
-    log.debug(`create_task_pair RPC unavailable, using fallback: ${rpcError.message}`);
-  }
-  // Insert user message
-  const { error: userErr } = await sb.from("conversation_messages").insert({
-    conversation_id: conversationId,
-    sender_id: userId,
-    role: "user",
-    content: prompt,
+  const { data, error } = await sb.rpc("mcp_create_task", {
+    p_token_hash: getTokenHash(),
+    p_conversation_id: conversationId,
+    p_session_id: sessionId,
+    p_prompt: prompt,
   });
-  if (userErr) throw new Error(`Failed to create user message: ${userErr.message}`);
-  // Insert assistant placeholder (the "task")
-  const { data, error } = await sb
-    .from("conversation_messages")
-    .insert({
-      conversation_id: conversationId,
-      sender_id: CLI_AGENT_ID,
-      role: "assistant",
-      content: "",
-      status: "pending",
-      session_id: sessionId,
-      metadata: { prompt },
-    })
-    .select()
-    .single();
   if (error) throw new Error(`Failed to create task: ${error.message}`);
   return { ...data, prompt } as ConversationMessage;
 }
-/**
- * Poll for pending assistant messages assigned to this session.
- */
 export async function pollPendingTasks(
   sessionId: string
 ): Promise<ConversationMessage[]> {
   const sb = getSupabase();
-  const { data, error } = await sb
-    .from("conversation_messages")
-    .select("*")
-    .eq("session_id", sessionId)
-    .eq("status", "pending")
-    .order("created_at", { ascending: true })
-    .limit(1);
+  const { data, error } = await sb.rpc("mcp_poll_tasks", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId,
+  });
   if (error) {
     log.warn(`Task poll failed: ${error.message}`);
     return [];
   }
-  // Extract prompt from metadata for backward compat with processor
-  return (data || []).map((row: Record<string, unknown>) => ({
+  const rows = (data || []) as Record<string, unknown>[];
+  return rows.map((row) => ({
     ...row,
-    prompt: (row.metadata as Record<string, unknown>)?.prompt || row.content || "",
+    prompt:
+      (row.metadata as Record<string, unknown>)?.prompt || row.content || "",
   })) as ConversationMessage[];
 }
-export async function claimTask(messageId: string): Promise<void> {
+/**
+ * Atomically poll ONE pending task and claim it in a single DB call.
+ * Uses FOR UPDATE SKIP LOCKED — concurrent CLIs will never grab the same task.
+ * Returns null if no pending task exists.
+ */
+export async function pollAndClaimTask(
+  sessionId: string
+): Promise<ConversationMessage | null> {
   const sb = getSupabase();
-  const { error } = await sb
-    .from("conversation_messages")
-    .update({
-      status: "running",
-      metadata: { started_at: new Date().toISOString() },
-    })
-    .eq("id", messageId)
-    .eq("status", "pending");
+  const { data, error } = await sb.rpc("mcp_poll_and_claim_task", {
+    p_token_hash: getTokenHash(),
+    p_session_id: sessionId,
+  });
+  if (error) {
+    log.warn(`Poll-and-claim failed: ${error.message}`);
+    return null;
+  }
+  if (!data) return null;
+  const row = data as Record<string, unknown>;
+  return {
+    ...row,
+    prompt:
+      (row.metadata as Record<string, unknown>)?.prompt || row.content || "",
+  } as ConversationMessage;
+}
+export async function claimTask(messageId: string): Promise<boolean> {
+  const sb = getSupabase();
+  const { data, error } = await sb.rpc("mcp_claim_task", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+  });
   if (error) throw new Error(`Failed to claim task: ${error.message}`);
+  return data as boolean;
 }
 export async function completeTask(
@@ -451,29 +307,12 @@ export async function completeTask(
   tokenUsage?: Record<string, number>
 ): Promise<void> {
   const sb = getSupabase();
-  // Fetch current metadata to merge
-  const { data: current } = await sb
-    .from("conversation_messages")
-    .select("metadata")
-    .eq("id", messageId)
-    .single();
-  const existingMeta = (current?.metadata as Record<string, unknown>) || {};
-  const { error } = await sb
-    .from("conversation_messages")
-    .update({
-      content: resultSummary,
-      status: "completed",
-      metadata: {
-        ...existingMeta,
-        completed_at: new Date().toISOString(),
-        token_usage: tokenUsage || null,
-      },
-    })
-    .eq("id", messageId);
+  const { error } = await sb.rpc("mcp_complete_task", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+    p_result: resultSummary,
+    p_token_usage: tokenUsage || null,
+  });
   if (error) throw new Error(`Failed to complete task: ${error.message}`);
 }
@@ -482,28 +321,11 @@ export async function failTask(
   errorMessage: string
 ): Promise<void> {
   const sb = getSupabase();
-  const { data: current } = await sb
-    .from("conversation_messages")
-    .select("metadata")
-    .eq("id", messageId)
-    .single();
-  const existingMeta = (current?.metadata as Record<string, unknown>) || {};
-  const { error } = await sb
-    .from("conversation_messages")
-    .update({
-      status: "failed",
-      content: errorMessage,
-      metadata: {
-        ...existingMeta,
-        completed_at: new Date().toISOString(),
-        error_message: errorMessage,
-      },
-    })
-    .eq("id", messageId);
+  const { error } = await sb.rpc("mcp_fail_task", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+    p_error: errorMessage,
+  });
   if (error) log.error(`Failed to update task status: ${error.message}`);
 }
@@ -531,32 +353,29 @@ export async function emitEvent(
 ): Promise<void> {
   const sb = getSupabase();
   eventSequence++;
-  const { error } = await sb.from("message_events").insert({
-    message_id: messageId,
-    event_type: eventType,
-    event_data: eventData,
-    sequence_number: eventSequence,
+  const { error } = await sb.rpc("mcp_emit_event", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+    p_event_type: eventType,
+    p_event_data: eventData,
+    p_seq: eventSequence,
   });
   if (error) log.warn(`Failed to emit event: ${error.message}`);
 }
-// Batch emit for efficiency
 export async function emitEvents(
   messageId: string,
   events: Array<{ type: EventType; data: Record<string, unknown> }>
 ): Promise<void> {
   const sb = getSupabase();
-  const rows = events.map((e) => {
+  const eventsJson = events.map((e) => {
     eventSequence++;
-    return {
-      message_id: messageId,
-      event_type: e.type,
-      event_data: e.data,
-      sequence_number: eventSequence,
-    };
+    return { type: e.type, data: e.data, seq: eventSequence };
+  });
+  const { error } = await sb.rpc("mcp_emit_events", {
+    p_token_hash: getTokenHash(),
+    p_message_id: messageId,
+    p_events: eventsJson,
   });
-  const { error } = await sb.from("message_events").insert(rows);
   if (error) log.warn(`Failed to emit events batch: ${error.message}`);
 }