comisai 1.0.33 → 1.0.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +21 -4
- package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +2 -2
- package/node_modules/@comis/agent/dist/background/background-task-manager.js +61 -20
- package/node_modules/@comis/agent/dist/background/background-task-persistence.js +10 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +10 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
- package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +53 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.js +151 -0
- package/node_modules/@comis/agent/dist/background/index.d.ts +4 -0
- package/node_modules/@comis/agent/dist/background/index.js +2 -0
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +17 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +14 -2
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +23 -23
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +72 -60
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
- package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
- package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
- package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
- package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
- package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
- package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
- package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +30 -0
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +17 -1
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +1 -1
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +2 -3
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
- package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
- package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +13 -0
- package/node_modules/@comis/agent/dist/executor/pi-executor.js +71 -6
- package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
- package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/tool-deferral.js +7 -7
- package/node_modules/@comis/agent/dist/index.d.ts +17 -0
- package/node_modules/@comis/agent/dist/index.js +32 -11
- package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
- package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
- package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
- package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
- package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
- package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +1 -1
- package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
- package/node_modules/@comis/agent/package.json +1 -1
- package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
- package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
- package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
- package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
- package/node_modules/@comis/channels/package.json +1 -1
- package/node_modules/@comis/cli/dist/cli.js +2 -0
- package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
- package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
- package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
- package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
- package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
- package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
- package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
- package/node_modules/@comis/cli/dist/index.d.ts +1 -0
- package/node_modules/@comis/cli/dist/index.js +10 -4
- package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
- package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
- package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
- package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
- package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
- package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
- package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
- package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
- package/node_modules/@comis/cli/package.json +1 -1
- package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
- package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
- package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
- package/node_modules/@comis/core/dist/config/index.d.ts +3 -1
- package/node_modules/@comis/core/dist/config/index.js +2 -1
- package/node_modules/@comis/core/dist/config/loader.js +61 -0
- package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
- package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
- package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -0
- package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
- package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +7 -0
- package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
- package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +2 -0
- package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -2
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
- package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +23 -0
- package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
- package/node_modules/@comis/core/dist/config/schema-skills.d.ts +6 -8
- package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
- package/node_modules/@comis/core/dist/config/schema.d.ts +10 -0
- package/node_modules/@comis/core/dist/config/schema.js +3 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +39 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
- package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +71 -2
- package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/config.js +1 -1
- package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
- package/node_modules/@comis/core/dist/exports/domain.js +1 -0
- package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/ports.js +1 -1
- package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
- package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
- package/node_modules/@comis/core/dist/ports/index.d.ts +2 -0
- package/node_modules/@comis/core/dist/ports/index.js +1 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
- package/node_modules/@comis/core/dist/tool-metadata.d.ts +20 -0
- package/node_modules/@comis/core/package.json +1 -1
- package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
- package/node_modules/@comis/daemon/dist/daemon.js +82 -19
- package/node_modules/@comis/daemon/dist/health/watchdog.js +18 -3
- package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/index.js +5 -0
- package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
- package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
- package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
- package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
- package/node_modules/@comis/daemon/dist/wiring/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/wiring/index.js +1 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +46 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +127 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +39 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +32 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +11 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +20 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +1 -1
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +52 -19
- package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
- package/node_modules/@comis/daemon/package.json +1 -1
- package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
- package/node_modules/@comis/gateway/dist/index.js +2 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
- package/node_modules/@comis/gateway/package.json +1 -1
- package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
- package/node_modules/@comis/infra/package.json +1 -1
- package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
- package/node_modules/@comis/memory/dist/compaction.js +2 -3
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
- package/node_modules/@comis/memory/dist/index.d.ts +2 -0
- package/node_modules/@comis/memory/dist/index.js +3 -0
- package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
- package/node_modules/@comis/memory/dist/memory-api.js +1 -1
- package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
- package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
- package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
- package/node_modules/@comis/memory/dist/session-store.js +1 -1
- package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
- package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
- package/node_modules/@comis/memory/package.json +1 -1
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
- package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +1 -1
- package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/index.js +2 -0
- package/node_modules/@comis/scheduler/package.json +1 -1
- package/node_modules/@comis/shared/package.json +1 -1
- package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
- package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +130 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
- package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
- package/node_modules/@comis/skills/dist/builtin/exec-tool.js +9 -0
- package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +5 -4
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +38 -27
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +114 -1
- package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
- package/node_modules/@comis/skills/package.json +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
- package/node_modules/@comis/web/dist/index.html +1 -1
- package/node_modules/@comis/web/package.json +1 -1
- package/package.json +17 -16
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
/**
|
|
3
|
+
* OAuth TLS preflight for OpenAI Codex `auth.openai.com`.
|
|
4
|
+
*
|
|
5
|
+
* Issues a single 5-second `fetch` GET against the OAuth authorize endpoint
|
|
6
|
+
* and classifies failures as `tls-cert` (system CA bundle missing/broken;
|
|
7
|
+
* fixable via `apt install ca-certificates` etc.) or `network` (DNS,
|
|
8
|
+
* firewall, proxy — operator action required).
|
|
9
|
+
*
|
|
10
|
+
* Verbatim port of OpenClaw's provider-openai-codex-oauth-tls.ts minus the
|
|
11
|
+
* Homebrew prefix-resolution branch and minus the `note()` UI (caller decides
|
|
12
|
+
* how to surface the result; this module is pure).
|
|
13
|
+
*
|
|
14
|
+
* The probe URL uses the public OpenAI Codex client_id
|
|
15
|
+
* `app_EMoamEEZ73f0CkXaXp7hrann` (NOT a Comis-distinct value) to avoid
|
|
16
|
+
* fingerprinting in OpenAI logs.
|
|
17
|
+
*
|
|
18
|
+
* This module never logs — the caller is responsible for surfacing
|
|
19
|
+
* the result via Pino (daemon) or DoctorFinding (CLI). Per AGENTS.md §2.4
|
|
20
|
+
* no `@comis/infra` import.
|
|
21
|
+
*
|
|
22
|
+
* @module
|
|
23
|
+
*/
|
|
24
|
+
const TLS_CERT_ERROR_CODES = new Set([
|
|
25
|
+
"UNABLE_TO_GET_ISSUER_CERT_LOCALLY",
|
|
26
|
+
"UNABLE_TO_VERIFY_LEAF_SIGNATURE",
|
|
27
|
+
"CERT_HAS_EXPIRED",
|
|
28
|
+
"DEPTH_ZERO_SELF_SIGNED_CERT",
|
|
29
|
+
"SELF_SIGNED_CERT_IN_CHAIN",
|
|
30
|
+
"ERR_TLS_CERT_ALTNAME_INVALID",
|
|
31
|
+
]);
|
|
32
|
+
const TLS_CERT_ERROR_PATTERNS = [
|
|
33
|
+
/unable to get local issuer certificate/i,
|
|
34
|
+
/unable to verify the first certificate/i,
|
|
35
|
+
/self[- ]signed certificate/i,
|
|
36
|
+
/certificate has expired/i,
|
|
37
|
+
];
|
|
38
|
+
const OPENAI_AUTH_PROBE_URL = "https://auth.openai.com/oauth/authorize?response_type=code" +
|
|
39
|
+
"&client_id=app_EMoamEEZ73f0CkXaXp7hrann" +
|
|
40
|
+
"&redirect_uri=http%3A%2F%2Flocalhost%3A1455%2Fauth%2Fcallback" +
|
|
41
|
+
"&scope=openid+profile+email";
|
|
42
|
+
const DEFAULT_TIMEOUT_MS = 5000;
|
|
43
|
+
/**
|
|
44
|
+
* Issue a single TLS preflight GET against auth.openai.com/oauth/authorize.
|
|
45
|
+
*
|
|
46
|
+
* Resolves to {ok:true} on any HTTP response (302 included — that's the
|
|
47
|
+
* expected success path with redirect:"manual"). Resolves to {ok:false,
|
|
48
|
+
* kind, code?, message} on fetch error.
|
|
49
|
+
*
|
|
50
|
+
* Never throws.
|
|
51
|
+
*/
|
|
52
|
+
export async function runOAuthTlsPreflight(opts) {
|
|
53
|
+
const timeoutMs = opts?.timeoutMs ?? DEFAULT_TIMEOUT_MS;
|
|
54
|
+
const fetchImpl = opts?.fetchImpl ?? fetch;
|
|
55
|
+
try {
|
|
56
|
+
await fetchImpl(OPENAI_AUTH_PROBE_URL, {
|
|
57
|
+
method: "GET",
|
|
58
|
+
redirect: "manual", // a 302 IS the success signal; do not follow
|
|
59
|
+
signal: AbortSignal.timeout(timeoutMs),
|
|
60
|
+
});
|
|
61
|
+
return { ok: true };
|
|
62
|
+
}
|
|
63
|
+
catch (error) {
|
|
64
|
+
return classifyTlsPreflightError(error);
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
function classifyTlsPreflightError(error) {
|
|
68
|
+
// Inline narrowing — OpenClaw's asNullableObjectRecord helper is not
|
|
69
|
+
// exported by Comis; duplicating ~3 lines is preferred over adding a
|
|
70
|
+
// shared util (AGENTS.md §2.3 rule of three not yet met).
|
|
71
|
+
const root = (error && typeof error === "object" ? error : {});
|
|
72
|
+
const cause = (root.cause && typeof root.cause === "object" ? root.cause : {});
|
|
73
|
+
const code = typeof cause.code === "string" ? cause.code : undefined;
|
|
74
|
+
const message = typeof cause.message === "string"
|
|
75
|
+
? cause.message
|
|
76
|
+
: typeof root.message === "string"
|
|
77
|
+
? root.message
|
|
78
|
+
: String(error);
|
|
79
|
+
const isTlsCert = (code ? TLS_CERT_ERROR_CODES.has(code) : false) ||
|
|
80
|
+
TLS_CERT_ERROR_PATTERNS.some((re) => re.test(message));
|
|
81
|
+
return { ok: false, kind: isTlsCert ? "tls-cert" : "network", code, message };
|
|
82
|
+
}
|
|
@@ -1,9 +1,24 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* OAuth Token Manager: Wraps pi-ai's OAuth subsystem for Comis patterns.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
6
|
-
*
|
|
4
|
+
* Architecture:
|
|
5
|
+
* - Reads + writes credentials through OAuthCredentialStorePort (no in-memory map
|
|
6
|
+
* as source of truth; refreshed credentials persist to disk and survive restart).
|
|
7
|
+
* - Per-profile-ID file lock via withExecutionLock from @comis/scheduler — concurrent
|
|
8
|
+
* refresh attempts from multiple processes serialize; different profiles refresh
|
|
9
|
+
* in parallel.
|
|
10
|
+
* - 30s timeout wrapper around pi-ai's getOAuthApiKey to prevent indefinite hang
|
|
11
|
+
* when auth.openai.com is unreachable.
|
|
12
|
+
* - Real-refresh detection via newCredentials.refresh !== profile.refresh — the
|
|
13
|
+
* original !!newCredentials check was a no-op since pi-ai always returns truthy
|
|
14
|
+
* newCredentials.
|
|
15
|
+
* - Log events with submodule: "oauth-token-manager".
|
|
16
|
+
* - Event-bus events: auth:token_rotated (extended with profileId),
|
|
17
|
+
* auth:profile_bootstrapped, auth:refresh_failed.
|
|
18
|
+
* - Env-var bootstrap: empty store + valid OAUTH_<PROVIDER> env writes profile
|
|
19
|
+
* to store, decodes JWT identity, emits auth:profile_bootstrapped.
|
|
20
|
+
* - Env-var conflict: stored profile + different env-var refresh → WARN once
|
|
21
|
+
* per (provider, process) with hint=env-override-ignored.
|
|
7
22
|
*
|
|
8
23
|
* Supported OAuth providers (via pi-ai built-in):
|
|
9
24
|
* - Anthropic (Claude Pro/Max)
|
|
@@ -16,45 +31,100 @@
|
|
|
16
31
|
*/
|
|
17
32
|
import type { Result } from "@comis/shared";
|
|
18
33
|
import type { SecretManager } from "@comis/core";
|
|
19
|
-
import { TypedEventBus } from "@comis/core";
|
|
34
|
+
import { TypedEventBus, type OAuthCredentialStorePort } from "@comis/core";
|
|
35
|
+
import type { ComisLogger } from "@comis/infra";
|
|
20
36
|
import type { OAuthCredentials } from "@mariozechner/pi-ai";
|
|
21
|
-
/**
|
|
37
|
+
/**
|
|
38
|
+
* Error codes returned by OAuthTokenManager operations.
|
|
39
|
+
*
|
|
40
|
+
* Extended with `errorKind`, `profileId`, `hint` (all optional) so CLI
|
|
41
|
+
* consumers can pattern-match on `errorKind === "refresh_token_reused"`
|
|
42
|
+
* without breaking existing consumers that only read `code` + `message` +
|
|
43
|
+
* `providerId`.
|
|
44
|
+
*/
|
|
22
45
|
export interface OAuthError {
|
|
23
|
-
code: "NO_PROVIDER" | "NO_CREDENTIALS" | "REFRESH_FAILED" | "STORE_FAILED";
|
|
46
|
+
code: "NO_PROVIDER" | "NO_CREDENTIALS" | "REFRESH_FAILED" | "STORE_FAILED" | "PROFILE_NOT_FOUND";
|
|
24
47
|
message: string;
|
|
25
48
|
providerId: string;
|
|
49
|
+
/** Free-form classification (e.g. "refresh_token_reused", "invalid_grant", "timeout"). */
|
|
50
|
+
errorKind?: string;
|
|
51
|
+
/** Profile that failed (mirrors auth:refresh_failed event payload field). */
|
|
52
|
+
profileId?: string;
|
|
53
|
+
/** Operator action recommendation; mirrors the WARN log `hint` field. */
|
|
54
|
+
hint?: string;
|
|
26
55
|
}
|
|
27
56
|
/** Dependencies injected into the OAuth token manager factory. */
|
|
28
57
|
export interface OAuthTokenManagerDeps {
|
|
29
|
-
/** SecretManager for
|
|
58
|
+
/** SecretManager for env-var bootstrap and conflict detection. */
|
|
30
59
|
secretManager: SecretManager;
|
|
31
|
-
/** EventBus for emitting auth:token_rotated
|
|
60
|
+
/** EventBus for emitting auth events (3 typed events: token_rotated, profile_bootstrapped, refresh_failed). */
|
|
32
61
|
eventBus: TypedEventBus;
|
|
62
|
+
/** Credential store for persistent refresh — REQUIRED. */
|
|
63
|
+
credentialStore: OAuthCredentialStorePort;
|
|
64
|
+
/** Logger for log events — REQUIRED. */
|
|
65
|
+
logger: ComisLogger;
|
|
66
|
+
/** Data directory for lock-file path resolution — REQUIRED. */
|
|
67
|
+
dataDir: string;
|
|
33
68
|
/** Prefix for SecretManager key names (default: "OAUTH_"). */
|
|
34
69
|
keyPrefix?: string;
|
|
70
|
+
/**
|
|
71
|
+
* Absolute path to auth-profiles.json. When set, the manager registers a
|
|
72
|
+
* chokidar watcher on this path and invalidates its in-memory cache when
|
|
73
|
+
* the file changes externally (e.g. CLI auth login). When undefined
|
|
74
|
+
* (encrypted-store mode), no watcher is registered.
|
|
75
|
+
*/
|
|
76
|
+
watchPath?: string;
|
|
77
|
+
/**
|
|
78
|
+
* Getter for the agent's oauthProfiles map (Record<provider, profileId>).
|
|
79
|
+
* Called fresh on every getApiKey() invocation (no caching). Fallback when callers
|
|
80
|
+
* do not pass agentContext directly (e.g., env-var bootstrap path).
|
|
81
|
+
*
|
|
82
|
+
* The fresh-on-every-call contract is required: agents_manage update mutates
|
|
83
|
+
* the in-memory PerAgentConfig in place; the getter re-reads through that
|
|
84
|
+
* parent reference so the resolver observes the new value without restart.
|
|
85
|
+
*/
|
|
86
|
+
getAgentOauthProfiles?: () => Record<string, string> | undefined;
|
|
35
87
|
}
|
|
36
88
|
/** OAuth token manager interface for credential lifecycle. */
|
|
37
89
|
export interface OAuthTokenManager {
|
|
38
90
|
/**
|
|
39
91
|
* Get a valid API key for an OAuth provider. Auto-refreshes if token is
|
|
40
|
-
* expired or near-expiry.
|
|
41
|
-
*
|
|
92
|
+
* expired or near-expiry. Dual-surface signature with optional agentContext
|
|
93
|
+
* for per-agent profile preference; the resolver chain (agent-config →
|
|
94
|
+
* lastGood → first available) hard-fails on configured-but-missing.
|
|
95
|
+
*
|
|
96
|
+
* @param providerId - OAuth provider id (e.g., "openai-codex")
|
|
97
|
+
* @param agentContext - Optional agent context for per-agent profile preference.
|
|
98
|
+
* When set, agentContext.oauthProfiles[providerId] is consulted as the
|
|
99
|
+
* primary resolver source. Falls back to deps.getAgentOauthProfiles?.()
|
|
100
|
+
* when not provided.
|
|
42
101
|
*/
|
|
43
|
-
getApiKey(providerId: string
|
|
44
|
-
|
|
102
|
+
getApiKey(providerId: string, agentContext?: {
|
|
103
|
+
oauthProfiles?: Record<string, string>;
|
|
104
|
+
}): Promise<Result<string, OAuthError>>;
|
|
105
|
+
/** Check if credentials for a provider exist (in cache, store, or env-var). */
|
|
45
106
|
hasCredentials(providerId: string): boolean;
|
|
46
107
|
/** Store credentials for a provider (e.g., after a login flow completes). */
|
|
47
108
|
storeCredentials(providerId: string, creds: OAuthCredentials): void;
|
|
48
109
|
/** Get the list of pi-ai built-in OAuth provider IDs. */
|
|
49
110
|
getSupportedProviders(): string[];
|
|
111
|
+
/**
|
|
112
|
+
* Close the file watcher and clear the debounce timer.
|
|
113
|
+
* No-op when watchPath was undefined at construction. Idempotent.
|
|
114
|
+
*/
|
|
115
|
+
dispose(): Promise<void>;
|
|
50
116
|
}
|
|
51
117
|
/**
|
|
52
118
|
* Create an OAuth token manager wrapping pi-ai's OAuth subsystem.
|
|
53
119
|
*
|
|
54
|
-
*
|
|
55
|
-
*
|
|
56
|
-
*
|
|
120
|
+
* Architecture:
|
|
121
|
+
* 1. Resolve candidate profileId (env-var seed JWT > stored list > env-bootstrap sentinel).
|
|
122
|
+
* 2. Acquire per-profile lock via withExecutionLock.
|
|
123
|
+
* 3. Inside lock: TOCTOU re-read profile, run pi-ai with 30s timeout.
|
|
124
|
+
* 4. Detect real refresh by comparing newCredentials.refresh !== profile.refresh.
|
|
125
|
+
* 5. If refreshed, persist via credentialStore.set, then emit auth:token_rotated.
|
|
126
|
+
* 6. Release lock.
|
|
57
127
|
*
|
|
58
|
-
* @param deps - SecretManager, EventBus,
|
|
128
|
+
* @param deps - SecretManager, EventBus, CredentialStore, Logger, dataDir, optional keyPrefix
|
|
59
129
|
*/
|
|
60
130
|
export declare function createOAuthTokenManager(deps: OAuthTokenManagerDeps): OAuthTokenManager;
|