npm - codeam-cli - Versions diffs - 2.26.14 → 2.26.16 - Mend

codeam-cli 2.26.14 → 2.26.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,25 @@ All notable changes to `codeam-cli` are documented here.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.26.15] — 2026-06-05
+### Fixed
+- **cli:** Refuse to link Codex when local auth.json is already expired (#258)
+## [2.26.14] — 2026-06-04
+### Chore
+- **deps:** Bump actions/setup-node from 4 to 6 (#246)
+- **deps:** Bump actions/checkout from 4 to 6 (#247)
+- **deps:** Bump org.jetbrains.kotlin.jvm in /apps/jetbrains-plugin (#248)
+- **cli:** Bump which 2.0.2 → 5.0.0 (#251)
+### Fixed
+- **cli:** Drop redundant install from agent setup_commands + warn agent (#256)
 ## [2.26.13] — 2026-06-04
 ### Added

package/dist/index.js CHANGED Viewed

@@ -486,7 +486,7 @@ var import_qrcode_terminal = __toESM(require("qrcode-terminal"));
 // package.json
 var package_default = {
   name: "codeam-cli",
-  version: "2.26.14",
+  version: "2.26.16",
   description: "Workflow-continuity bridge for AI coding agents. Wrap Claude Code or Codex in a PTY and supervise, approve, and redirect the session from any device \u2014 async. The terminal companion for CodeAgent Mobile.",
   type: "commonjs",
   main: "dist/index.js",
@@ -787,6 +787,21 @@ async function postLinkCredential(input) {
     };
   }
 }
+async function postLinkErrorSignal(input) {
+  try {
+    await _transport.postJsonAuthed(
+      `${API_BASE}/api/plugin/agents/${input.agentId}/link-error`,
+      {
+        sessionId: input.sessionId,
+        pluginId: input.pluginId,
+        code: input.code,
+        reason: input.reason
+      },
+      input.pluginAuthToken
+    );
+  } catch {
+  }
+}
 async function postAiResult(input) {
   const body = {
     sessionId: input.sessionId,
@@ -5843,7 +5858,7 @@ function readAnonId() {
 }
 function superProperties() {
   return {
-    cliVersion: true ? "2.26.14" : "0.0.0-dev",
+    cliVersion: true ? "2.26.16" : "0.0.0-dev",
     nodeVersion: process.version,
     platform: process.platform,
     arch: process.arch,
@@ -10888,6 +10903,40 @@ async function extractLocalCodexToken() {
 function codexCredentialsPaths() {
   return [codexCredentialsPath()];
 }
+function validateLocalCodexToken(credential) {
+  let parsed;
+  try {
+    parsed = JSON.parse(credential);
+  } catch {
+    return { status: "unknown" };
+  }
+  const directExp = typeof parsed.expires_at === "number" ? parsed.expires_at : typeof parsed.tokens?.expires_at === "number" ? parsed.tokens.expires_at : void 0;
+  const jwtExp = decodeJwtExp(parsed.tokens?.id_token);
+  const exp = directExp ?? jwtExp;
+  if (exp === void 0) return { status: "unknown" };
+  const expiresAt = exp < 1e12 ? exp * 1e3 : exp;
+  if (Date.now() >= expiresAt) {
+    return {
+      status: "expired",
+      reason: "Codex OAuth access token expired",
+      expiresAt
+    };
+  }
+  return { status: "valid", expiresAt };
+}
+function decodeJwtExp(jwt) {
+  if (!jwt) return void 0;
+  const parts = jwt.split(".");
+  if (parts.length !== 3) return void 0;
+  try {
+    const base64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+    const padded = base64 + "===".slice((base64.length + 3) % 4);
+    const payload = JSON.parse(Buffer.from(padded, "base64").toString("utf8"));
+    return typeof payload.exp === "number" ? payload.exp : void 0;
+  } catch {
+    return void 0;
+  }
+}
 // src/agents/codex/link.ts
 function codexCredentialLocator() {
@@ -10896,7 +10945,11 @@ function codexCredentialLocator() {
     vendor: "OpenAI",
     hint: "~/.codex/auth.json",
     watchPaths: codexCredentialsPaths,
-    extract: extractLocalCodexToken
+    extract: extractLocalCodexToken,
+    validate: (token) => {
+      const result = validateLocalCodexToken(token.credential);
+      return { status: result.status, reason: result.reason };
+    }
   };
 }
 function codexLoginLauncher() {
@@ -15907,6 +15960,7 @@ async function link(args2 = []) {
   installSpin.stop(`${ctx.displayName} is installed`);
   const existing = await ctx.locator.extract();
   if (existing) {
+    if (await refuseIfStale(ctx, paired, pluginId, existing)) return;
     showInfo(`Found existing ${ctx.displayName} credentials at ${import_picocolors2.default.bold(existing.source)}.`);
     await uploadAndSucceed(ctx, paired, pluginId, existing);
     return;
@@ -15923,8 +15977,36 @@ async function link(args2 = []) {
   console.log("");
   const captured = await captureFreshCredentials(ctx);
   console.log("");
+  if (await refuseIfStale(ctx, paired, pluginId, captured)) return;
   await uploadAndSucceed(ctx, paired, pluginId, captured);
 }
+async function refuseIfStale(ctx, paired, pluginId, token) {
+  const verdict = ctx.locator.validate?.(token);
+  if (!verdict || verdict.status !== "expired") return false;
+  const reason = verdict.reason ?? "Token expired";
+  if (paired.pluginAuthToken) {
+    await postLinkErrorSignal({
+      agentId: ctx.locator.publicId,
+      sessionId: paired.sessionId,
+      pluginId,
+      pluginAuthToken: paired.pluginAuthToken,
+      code: "credentials_expired",
+      reason
+    });
+  }
+  showError(
+    `Your local ${ctx.displayName} credentials at ${import_picocolors2.default.bold(ctx.locator.hint)} are already expired:
+   ${reason}
+Uploading them would land a dead snapshot in the vault \u2014 every codespace bootstrapped from it would immediately return 401.
+Run on your machine, then re-link:
+   ${import_picocolors2.default.cyan(`${ctx.binary} logout`)}
+   ${import_picocolors2.default.cyan(`${ctx.binary} login`)}
+   ${import_picocolors2.default.cyan(`codeam link ${ctx.locator.publicId}`)}`
+  );
+  process.exit(1);
+}
 async function captureFreshCredentials(ctx) {
   const isWin = ctx.runtime.os.id === "win32";
   const watcher = import_chokidar.default.watch(ctx.locator.watchPaths(), {
@@ -20257,7 +20339,7 @@ function checkChokidar() {
 }
 async function doctor(args2 = []) {
   const json = args2.includes("--json");
-  const cliVersion = true ? "2.26.14" : "0.0.0-dev";
+  const cliVersion = true ? "2.26.16" : "0.0.0-dev";
   const apiBase = resolveApiBaseUrl();
   const diagnosticId = (0, import_node_crypto6.randomUUID)();
   log.info("doctor", `run id=${diagnosticId} cli=${cliVersion}`);
@@ -20456,7 +20538,7 @@ async function completion(args2) {
 // src/commands/version.ts
 var import_picocolors13 = __toESM(require("picocolors"));
 function version2() {
-  const v = true ? "2.26.14" : "unknown";
+  const v = true ? "2.26.16" : "unknown";
   console.log(`${import_picocolors13.default.bold("codeam-cli")} ${import_picocolors13.default.cyan(v)}`);
 }
@@ -20684,7 +20766,7 @@ function checkForUpdates() {
   if (process.env.CODEAM_DISABLE_UPDATE_CHECK === "1") return;
   if (process.env.CI) return;
   if (!process.stdout.isTTY) return;
-  const current = true ? "2.26.14" : null;
+  const current = true ? "2.26.16" : null;
   if (!current) return;
   const cache = readCache();
   const fresh = cache && Date.now() - cache.fetchedAt < TTL_MS;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codeam-cli",
-  "version": "2.26.14",
+  "version": "2.26.16",
   "description": "Workflow-continuity bridge for AI coding agents. Wrap Claude Code or Codex in a PTY and supervise, approve, and redirect the session from any device — async. The terminal companion for CodeAgent Mobile.",
   "type": "commonjs",
   "main": "dist/index.js",