comisai 1.0.34 → 1.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (448) hide show
  1. package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
  2. package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +30 -4
  3. package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +22 -2
  4. package/node_modules/@comis/agent/dist/background/background-task-manager.js +88 -40
  5. package/node_modules/@comis/agent/dist/background/background-task-persistence.js +34 -4
  6. package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +59 -3
  7. package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
  8. package/node_modules/@comis/agent/dist/background/completion-dispatcher.d.ts +130 -0
  9. package/node_modules/@comis/agent/dist/background/completion-dispatcher.js +215 -0
  10. package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
  11. package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
  12. package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +62 -0
  13. package/node_modules/@comis/agent/dist/background/completion-runner.js +234 -0
  14. package/node_modules/@comis/agent/dist/background/index.d.ts +10 -1
  15. package/node_modules/@comis/agent/dist/background/index.js +4 -0
  16. package/node_modules/@comis/agent/dist/background/session-resolver.d.ts +85 -0
  17. package/node_modules/@comis/agent/dist/background/session-resolver.js +78 -0
  18. package/node_modules/@comis/agent/dist/bootstrap/sections/messaging-sections.js +1 -0
  19. package/node_modules/@comis/agent/dist/bootstrap/sections/tool-descriptions.js +3 -3
  20. package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.d.ts +30 -2
  21. package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.js +51 -2
  22. package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.d.ts +22 -0
  23. package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.js +2 -2
  24. package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.d.ts +1 -5
  25. package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.js +2 -14
  26. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +43 -2
  27. package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +17 -2
  28. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +32 -23
  29. package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +145 -62
  30. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
  31. package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
  32. package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
  33. package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
  34. package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
  35. package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
  36. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
  37. package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
  38. package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
  39. package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
  40. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
  41. package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
  42. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +10 -10
  43. package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +14 -14
  44. package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.d.ts +11 -13
  45. package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.js +14 -15
  46. package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
  47. package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
  48. package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
  49. package/node_modules/@comis/agent/dist/executor/capability-index-context.d.ts +72 -0
  50. package/node_modules/@comis/agent/dist/executor/capability-index-context.js +329 -0
  51. package/node_modules/@comis/agent/dist/executor/drain-helper.d.ts +122 -0
  52. package/node_modules/@comis/agent/dist/executor/drain-helper.js +173 -0
  53. package/node_modules/@comis/agent/dist/executor/error-classifier.js +2 -2
  54. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
  55. package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
  56. package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +78 -4
  57. package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +150 -31
  58. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.d.ts +7 -0
  59. package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +26 -5
  60. package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
  61. package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
  62. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.d.ts +18 -1
  63. package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +20 -18
  64. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
  65. package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
  66. package/node_modules/@comis/agent/dist/executor/jit-guide-injector.d.ts +11 -2
  67. package/node_modules/@comis/agent/dist/executor/jit-guide-injector.js +16 -2
  68. package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
  69. package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
  70. package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +21 -2
  71. package/node_modules/@comis/agent/dist/executor/pi-executor.js +96 -18
  72. package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
  73. package/node_modules/@comis/agent/dist/executor/prompt-assembly.d.ts +9 -1
  74. package/node_modules/@comis/agent/dist/executor/prompt-assembly.js +15 -1
  75. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
  76. package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
  77. package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +18 -27
  78. package/node_modules/@comis/agent/dist/executor/tool-deferral.js +34 -43
  79. package/node_modules/@comis/agent/dist/index.d.ts +17 -0
  80. package/node_modules/@comis/agent/dist/index.js +32 -11
  81. package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
  82. package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
  83. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
  84. package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
  85. package/node_modules/@comis/agent/dist/model/model-registry-adapter.js +1 -1
  86. package/node_modules/@comis/agent/dist/model/model-scanner.js +1 -1
  87. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
  88. package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
  89. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
  90. package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
  91. package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
  92. package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
  93. package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
  94. package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
  95. package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
  96. package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
  97. package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
  98. package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
  99. package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
  100. package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
  101. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
  102. package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
  103. package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
  104. package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
  105. package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
  106. package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
  107. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
  108. package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
  109. package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
  110. package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
  111. package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
  112. package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.d.ts +11 -1
  113. package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.js +19 -22
  114. package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +17 -3
  115. package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
  116. package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
  117. package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
  118. package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.d.ts +1 -1
  119. package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.js +5 -5
  120. package/node_modules/@comis/agent/dist/workspace/data-env.d.ts +38 -0
  121. package/node_modules/@comis/agent/dist/workspace/data-env.js +56 -0
  122. package/node_modules/@comis/agent/dist/workspace/index.d.ts +1 -0
  123. package/node_modules/@comis/agent/dist/workspace/index.js +1 -0
  124. package/node_modules/@comis/agent/dist/workspace/templates.js +5 -1
  125. package/node_modules/@comis/agent/package.json +1 -1
  126. package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
  127. package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
  128. package/node_modules/@comis/channels/dist/index.d.ts +1 -1
  129. package/node_modules/@comis/channels/dist/index.js +1 -1
  130. package/node_modules/@comis/channels/dist/shared/channel-manager.d.ts +9 -3
  131. package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
  132. package/node_modules/@comis/channels/dist/shared/inbound-gate.d.ts +1 -1
  133. package/node_modules/@comis/channels/dist/shared/inbound-gate.js +22 -7
  134. package/node_modules/@comis/channels/dist/shared/inbound-pipeline.d.ts +10 -3
  135. package/node_modules/@comis/channels/dist/shared/inbound-route.d.ts +1 -1
  136. package/node_modules/@comis/channels/dist/shared/inbound-route.js +13 -2
  137. package/node_modules/@comis/channels/dist/shared/response-filter.d.ts +11 -24
  138. package/node_modules/@comis/channels/dist/shared/response-filter.js +25 -53
  139. package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
  140. package/node_modules/@comis/channels/package.json +1 -1
  141. package/node_modules/@comis/cli/dist/cli.js +2 -0
  142. package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
  143. package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
  144. package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
  145. package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
  146. package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
  147. package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
  148. package/node_modules/@comis/cli/dist/commands/providers.d.ts +1 -2
  149. package/node_modules/@comis/cli/dist/commands/providers.js +5 -6
  150. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
  151. package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
  152. package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
  153. package/node_modules/@comis/cli/dist/index.d.ts +1 -0
  154. package/node_modules/@comis/cli/dist/index.js +10 -4
  155. package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
  156. package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
  157. package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
  158. package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
  159. package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
  160. package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
  161. package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
  162. package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
  163. package/node_modules/@comis/cli/package.json +1 -1
  164. package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
  165. package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
  166. package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
  167. package/node_modules/@comis/core/dist/config/field-metadata.js +2 -0
  168. package/node_modules/@comis/core/dist/config/immutable-keys.js +4 -1
  169. package/node_modules/@comis/core/dist/config/index.d.ts +7 -1
  170. package/node_modules/@comis/core/dist/config/index.js +4 -1
  171. package/node_modules/@comis/core/dist/config/loader.js +61 -0
  172. package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
  173. package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
  174. package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -792
  175. package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
  176. package/node_modules/@comis/core/dist/config/schema-approvals.d.ts +0 -14
  177. package/node_modules/@comis/core/dist/config/schema-auto-reply-engine.d.ts +0 -6
  178. package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +1 -6
  179. package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
  180. package/node_modules/@comis/core/dist/config/schema-browser.d.ts +0 -18
  181. package/node_modules/@comis/core/dist/config/schema-channel.d.ts +0 -158
  182. package/node_modules/@comis/core/dist/config/schema-coalescer.d.ts +0 -5
  183. package/node_modules/@comis/core/dist/config/schema-daemon.d.ts +0 -32
  184. package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +1 -17
  185. package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
  186. package/node_modules/@comis/core/dist/config/schema-documentation.d.ts +0 -12
  187. package/node_modules/@comis/core/dist/config/schema-embedding.d.ts +0 -20
  188. package/node_modules/@comis/core/dist/config/schema-envelope.d.ts +0 -15
  189. package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +0 -37
  190. package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -4
  191. package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
  192. package/node_modules/@comis/core/dist/config/schema-integrations.d.ts +0 -318
  193. package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.d.ts +0 -18
  194. package/node_modules/@comis/core/dist/config/schema-memory-review.d.ts +0 -7
  195. package/node_modules/@comis/core/dist/config/schema-memory.d.ts +0 -16
  196. package/node_modules/@comis/core/dist/config/schema-messages.d.ts +0 -8
  197. package/node_modules/@comis/core/dist/config/schema-models.d.ts +0 -15
  198. package/node_modules/@comis/core/dist/config/schema-notification.d.ts +0 -5
  199. package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +18 -0
  200. package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
  201. package/node_modules/@comis/core/dist/config/schema-observability.d.ts +0 -38
  202. package/node_modules/@comis/core/dist/config/schema-output-retention.d.ts +34 -0
  203. package/node_modules/@comis/core/dist/config/schema-output-retention.js +48 -0
  204. package/node_modules/@comis/core/dist/config/schema-plugins.d.ts +0 -8
  205. package/node_modules/@comis/core/dist/config/schema-providers.d.ts +0 -64
  206. package/node_modules/@comis/core/dist/config/schema-queue.d.ts +0 -58
  207. package/node_modules/@comis/core/dist/config/schema-response-prefix.d.ts +0 -2
  208. package/node_modules/@comis/core/dist/config/schema-retry.d.ts +0 -6
  209. package/node_modules/@comis/core/dist/config/schema-scheduler.d.ts +0 -39
  210. package/node_modules/@comis/core/dist/config/schema-secrets.d.ts +0 -3
  211. package/node_modules/@comis/core/dist/config/schema-security.d.ts +0 -18
  212. package/node_modules/@comis/core/dist/config/schema-send-policy.d.ts +0 -13
  213. package/node_modules/@comis/core/dist/config/schema-sender-trust-display.d.ts +0 -5
  214. package/node_modules/@comis/core/dist/config/schema-serializer.js +2 -0
  215. package/node_modules/@comis/core/dist/config/schema-skills.d.ts +0 -63
  216. package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
  217. package/node_modules/@comis/core/dist/config/schema-streaming.d.ts +0 -38
  218. package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.d.ts +0 -3
  219. package/node_modules/@comis/core/dist/config/schema-tooling.d.ts +87 -0
  220. package/node_modules/@comis/core/dist/config/schema-tooling.js +152 -0
  221. package/node_modules/@comis/core/dist/config/schema-verbosity.d.ts +0 -12
  222. package/node_modules/@comis/core/dist/config/schema-webhooks.d.ts +0 -40
  223. package/node_modules/@comis/core/dist/config/schema.d.ts +50 -37
  224. package/node_modules/@comis/core/dist/config/schema.js +9 -0
  225. package/node_modules/@comis/core/dist/context/context.d.ts +0 -4
  226. package/node_modules/@comis/core/dist/domain/approval-request.d.ts +0 -17
  227. package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +29 -0
  228. package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
  229. package/node_modules/@comis/core/dist/domain/delivery-origin.d.ts +0 -5
  230. package/node_modules/@comis/core/dist/domain/execution-graph.d.ts +0 -48
  231. package/node_modules/@comis/core/dist/domain/memory-entry.d.ts +0 -3
  232. package/node_modules/@comis/core/dist/domain/model-compat.d.ts +0 -4
  233. package/node_modules/@comis/core/dist/domain/normalized-message.d.ts +0 -15
  234. package/node_modules/@comis/core/dist/domain/provider-capabilities.d.ts +0 -6
  235. package/node_modules/@comis/core/dist/domain/rich-message.d.ts +0 -14
  236. package/node_modules/@comis/core/dist/domain/subagent-context-config.d.ts +0 -22
  237. package/node_modules/@comis/core/dist/domain/subagent-context-types.d.ts +0 -8
  238. package/node_modules/@comis/core/dist/event-bus/events-agent.d.ts +31 -0
  239. package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +76 -2
  240. package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
  241. package/node_modules/@comis/core/dist/exports/config.js +3 -1
  242. package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
  243. package/node_modules/@comis/core/dist/exports/domain.js +1 -0
  244. package/node_modules/@comis/core/dist/exports/hooks.d.ts +1 -1
  245. package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
  246. package/node_modules/@comis/core/dist/exports/ports.js +1 -1
  247. package/node_modules/@comis/core/dist/ports/channel-plugin.d.ts +0 -13
  248. package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
  249. package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
  250. package/node_modules/@comis/core/dist/ports/index.d.ts +4 -0
  251. package/node_modules/@comis/core/dist/ports/index.js +5 -0
  252. package/node_modules/@comis/core/dist/ports/no-op-tool-capability.d.ts +30 -0
  253. package/node_modules/@comis/core/dist/ports/no-op-tool-capability.js +47 -0
  254. package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
  255. package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
  256. package/node_modules/@comis/core/dist/ports/tool-capability.d.ts +165 -0
  257. package/node_modules/@comis/core/dist/ports/tool-capability.js +15 -0
  258. package/node_modules/@comis/core/dist/security/audit.d.ts +0 -11
  259. package/node_modules/@comis/core/dist/tool-metadata.d.ts +41 -1
  260. package/node_modules/@comis/core/dist/tool-metadata.js +1 -1
  261. package/node_modules/@comis/core/package.json +1 -1
  262. package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +1 -1
  263. package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
  264. package/node_modules/@comis/daemon/dist/daemon.js +168 -30
  265. package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
  266. package/node_modules/@comis/daemon/dist/index.js +5 -0
  267. package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
  268. package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
  269. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
  270. package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
  271. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.d.ts +1 -1
  272. package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +3 -3
  273. package/node_modules/@comis/daemon/dist/rpc/builtin-provider-guard.js +2 -2
  274. package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
  275. package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
  276. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
  277. package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
  278. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
  279. package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
  280. package/node_modules/@comis/daemon/dist/rpc/model-handlers.d.ts +1 -1
  281. package/node_modules/@comis/daemon/dist/rpc/model-handlers.js +2 -2
  282. package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
  283. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
  284. package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
  285. package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
  286. package/node_modules/@comis/daemon/dist/sub-agent-runner.d.ts +18 -0
  287. package/node_modules/@comis/daemon/dist/sub-agent-runner.js +41 -9
  288. package/node_modules/@comis/daemon/dist/wiring/index.d.ts +4 -0
  289. package/node_modules/@comis/daemon/dist/wiring/index.js +2 -0
  290. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
  291. package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
  292. package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +81 -2
  293. package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +164 -3
  294. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +58 -0
  295. package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +59 -0
  296. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
  297. package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +13 -7
  298. package/node_modules/@comis/daemon/dist/wiring/setup-channels.d.ts +9 -2
  299. package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +35 -10
  300. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.d.ts +20 -5
  301. package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +21 -16
  302. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
  303. package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +65 -20
  304. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.d.ts +4 -6
  305. package/node_modules/@comis/daemon/dist/wiring/setup-gateway.js +3 -5
  306. package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.d.ts +20 -5
  307. package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.js +11 -2
  308. package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.d.ts +89 -0
  309. package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.js +212 -0
  310. package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
  311. package/node_modules/@comis/daemon/dist/wiring/setup-tools.d.ts +18 -4
  312. package/node_modules/@comis/daemon/dist/wiring/setup-tools.js +29 -10
  313. package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.d.ts +75 -0
  314. package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.js +253 -0
  315. package/node_modules/@comis/daemon/package.json +1 -1
  316. package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
  317. package/node_modules/@comis/gateway/dist/index.js +2 -0
  318. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
  319. package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
  320. package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
  321. package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
  322. package/node_modules/@comis/gateway/dist/webhook/webhook-endpoint.d.ts +0 -4
  323. package/node_modules/@comis/gateway/package.json +1 -1
  324. package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
  325. package/node_modules/@comis/infra/package.json +1 -1
  326. package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
  327. package/node_modules/@comis/memory/dist/compaction.js +2 -3
  328. package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
  329. package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
  330. package/node_modules/@comis/memory/dist/index.d.ts +2 -0
  331. package/node_modules/@comis/memory/dist/index.js +3 -0
  332. package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
  333. package/node_modules/@comis/memory/dist/memory-api.js +1 -1
  334. package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
  335. package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
  336. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
  337. package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
  338. package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
  339. package/node_modules/@comis/memory/dist/session-store.js +1 -1
  340. package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
  341. package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
  342. package/node_modules/@comis/memory/package.json +1 -1
  343. package/node_modules/@comis/scheduler/dist/cron/cron-types.d.ts +0 -42
  344. package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
  345. package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
  346. package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
  347. package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
  348. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.d.ts +29 -8
  349. package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +20 -8
  350. package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
  351. package/node_modules/@comis/scheduler/dist/index.js +2 -0
  352. package/node_modules/@comis/scheduler/dist/system-events/system-event-types.d.ts +0 -3
  353. package/node_modules/@comis/scheduler/dist/tasks/task-types.d.ts +0 -17
  354. package/node_modules/@comis/scheduler/package.json +1 -1
  355. package/node_modules/@comis/shared/dist/index.d.ts +3 -0
  356. package/node_modules/@comis/shared/dist/index.js +4 -0
  357. package/node_modules/@comis/shared/dist/mcp-tool-name.d.ts +78 -0
  358. package/node_modules/@comis/shared/dist/mcp-tool-name.js +92 -0
  359. package/node_modules/@comis/shared/dist/silent-tokens.d.ts +38 -0
  360. package/node_modules/@comis/shared/dist/silent-tokens.js +51 -0
  361. package/node_modules/@comis/shared/dist/visible-delivery.d.ts +28 -0
  362. package/node_modules/@comis/shared/dist/visible-delivery.js +16 -0
  363. package/node_modules/@comis/shared/package.json +1 -1
  364. package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.d.ts +2 -13
  365. package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.js +3 -21
  366. package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
  367. package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
  368. package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
  369. package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +133 -3
  370. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
  371. package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
  372. package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
  373. package/node_modules/@comis/skills/dist/builtin/exec-tool.d.ts +55 -9
  374. package/node_modules/@comis/skills/dist/builtin/exec-tool.js +392 -19
  375. package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
  376. package/node_modules/@comis/skills/dist/builtin/install-detour.d.ts +67 -0
  377. package/node_modules/@comis/skills/dist/builtin/install-detour.js +342 -0
  378. package/node_modules/@comis/skills/dist/builtin/platform/admin-manage-factory.js +5 -5
  379. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +7 -6
  380. package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +40 -29
  381. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
  382. package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
  383. package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
  384. package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
  385. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
  386. package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
  387. package/node_modules/@comis/skills/dist/builtin/platform/message-tool.js +18 -0
  388. package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.d.ts +18 -1
  389. package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.js +18 -2
  390. package/node_modules/@comis/skills/dist/builtin/platform/models-manage-tool.js +3 -3
  391. package/node_modules/@comis/skills/dist/builtin/process-registry.d.ts +14 -0
  392. package/node_modules/@comis/skills/dist/builtin/process-tool.d.ts +24 -4
  393. package/node_modules/@comis/skills/dist/builtin/process-tool.js +25 -7
  394. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
  395. package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +123 -1
  396. package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
  397. package/node_modules/@comis/skills/dist/index.d.ts +4 -1
  398. package/node_modules/@comis/skills/dist/index.js +3 -1
  399. package/node_modules/@comis/skills/dist/manifest/capability-parser.d.ts +44 -0
  400. package/node_modules/@comis/skills/dist/manifest/capability-parser.js +68 -0
  401. package/node_modules/@comis/skills/dist/manifest/schema.d.ts +44 -37
  402. package/node_modules/@comis/skills/dist/manifest/schema.js +35 -0
  403. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
  404. package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
  405. package/node_modules/@comis/skills/dist/registry/discovery.d.ts +8 -0
  406. package/node_modules/@comis/skills/dist/registry/discovery.js +10 -3
  407. package/node_modules/@comis/skills/dist/registry/skill-registry.d.ts +45 -1
  408. package/node_modules/@comis/skills/dist/registry/skill-registry.js +70 -7
  409. package/node_modules/@comis/skills/package.json +1 -1
  410. package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
  411. package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
  412. package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
  413. package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
  414. package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
  415. package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
  416. package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
  417. package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
  418. package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
  419. package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
  420. package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
  421. package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
  422. package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
  423. package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
  424. package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
  425. package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
  426. package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
  427. package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
  428. package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
  429. package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
  430. package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
  431. package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
  432. package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
  433. package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
  434. package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
  435. package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
  436. package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
  437. package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
  438. package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
  439. package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
  440. package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
  441. package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
  442. package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
  443. package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
  444. package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
  445. package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
  446. package/node_modules/@comis/web/dist/index.html +1 -1
  447. package/node_modules/@comis/web/package.json +1 -1
  448. package/package.json +25 -24
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@comis/channels",
3
3
  "private": true,
4
- "version": "1.0.34",
4
+ "version": "1.0.37",
5
5
  "author": "Moshe Anconina",
6
6
  "license": "Apache-2.0",
7
7
  "description": "Chat platform adapters — Discord, Telegram, Slack, WhatsApp, Signal, iMessage, IRC, LINE",
@@ -12,6 +12,7 @@
12
12
  import { createRequire } from "node:module";
13
13
  import { Command } from "commander";
14
14
  import { registerAgentCommand } from "./commands/agent.js";
15
+ import { registerAuthCommand } from "./commands/auth.js";
15
16
  import { registerChannelCommand } from "./commands/channel.js";
16
17
  import { registerConfigCommand } from "./commands/config.js";
17
18
  import { registerDaemonCommand } from "./commands/daemon.js";
@@ -38,6 +39,7 @@ program.name("comis").description("Comis AI agent management CLI").version(cliPk
38
39
  registerDaemonCommand(program);
39
40
  registerConfigCommand(program);
40
41
  registerAgentCommand(program);
42
+ registerAuthCommand(program);
41
43
  registerChannelCommand(program);
42
44
  registerMemoryCommand(program);
43
45
  registerSecurityCommand(program);
@@ -1,8 +1,8 @@
1
1
  /**
2
- * Agent management commands: list, create, configure, delete, models.
2
+ * Agent management commands: list, create, configure, delete, models, set-oauth-profile.
3
3
  *
4
- * Provides `comis agent [list|create|configure|delete|models]` subcommands
5
- * for managing agent configurations via the daemon RPC interface.
4
+ * Provides `comis agent [list|create|configure|delete|models|set-oauth-profile]`
5
+ * subcommands for managing agent configurations via the daemon RPC interface.
6
6
  *
7
7
  * @module
8
8
  */
@@ -1,12 +1,13 @@
1
1
  // SPDX-License-Identifier: Apache-2.0
2
2
  /**
3
- * Agent management commands: list, create, configure, delete, models.
3
+ * Agent management commands: list, create, configure, delete, models, set-oauth-profile.
4
4
  *
5
- * Provides `comis agent [list|create|configure|delete|models]` subcommands
6
- * for managing agent configurations via the daemon RPC interface.
5
+ * Provides `comis agent [list|create|configure|delete|models|set-oauth-profile]`
6
+ * subcommands for managing agent configurations via the daemon RPC interface.
7
7
  *
8
8
  * @module
9
9
  */
10
+ import { validateProfileId } from "@comis/core";
10
11
  import { ensureWorkspace, resolveWorkspaceDir } from "@comis/agent";
11
12
  import chalk from "chalk";
12
13
  import { withClient } from "../client/rpc-client.js";
@@ -127,6 +128,48 @@ export function registerAgentCommand(program) {
127
128
  process.exit(1);
128
129
  }
129
130
  });
131
+ // agent set-oauth-profile <agentId> <profileId>
132
+ //
133
+ // Pin a per-agent OAuth profile preference. The provider is derived from
134
+ // the profile-id's `<provider>:<identity>` portion — there is NO separate
135
+ // --provider flag (single-source-of-truth). Validation runs client-side
136
+ // via validateProfileId; the daemon's agents.update handler additionally
137
+ // rejects unknown profile IDs via OAuthCredentialStore.has(). Daemon
138
+ // errors substring-matching "not found" are surfaced verbatim with
139
+ // exit 1; format violations exit 2.
140
+ agent
141
+ .command("set-oauth-profile <agentId> <profileId>")
142
+ .description("Set the OAuth profile preference for an agent (provider derived from profile-id)")
143
+ .action(async (agentId, profileId) => {
144
+ const validated = validateProfileId(profileId);
145
+ if (!validated.ok) {
146
+ error(`Invalid profile ID: ${validated.error.message}. Expected format: <provider>:<identity>.`);
147
+ process.exit(2);
148
+ }
149
+ const { provider } = validated.value;
150
+ try {
151
+ await withSpinner(`Setting OAuth profile for "${agentId}"...`, () => withClient(async (client) => {
152
+ return await client.call("agents.update", {
153
+ agentId,
154
+ config: { oauthProfiles: { [provider]: profileId } },
155
+ });
156
+ }));
157
+ success(`Set agent ${agentId} oauthProfiles[${provider}] = ${profileId}`);
158
+ }
159
+ catch (err) {
160
+ const msg = err instanceof Error ? err.message : String(err);
161
+ // The daemon's PROFILE_NOT_FOUND surfaces with "not found" in the
162
+ // message. Substring-match to surface as exit 1 with the daemon's
163
+ // actionable wording (which already names the profile and references
164
+ // `comis auth list`).
165
+ if (msg.includes("not found")) {
166
+ error(msg);
167
+ process.exit(1);
168
+ }
169
+ error(`Failed to set oauth profile: ${msg}`);
170
+ process.exit(1);
171
+ }
172
+ });
130
173
  // agent delete <name>
131
174
  agent
132
175
  .command("delete <name>")
@@ -0,0 +1,37 @@
1
+ /**
2
+ * `comis auth` CLI command tree.
3
+ *
4
+ * Four subcommands operating directly against the OAuthCredentialStorePort
5
+ * (no daemon RPC — store is the IPC primitive between CLI and daemon, with
6
+ * the daemon picking up changes via the chokidar watcher):
7
+ *
8
+ * - `comis auth login` — interactive OAuth login (browser + manual paste).
9
+ * Accepts `--profile <id>` to override the storage
10
+ * key; the user-supplied id replaces the
11
+ * JWT-derived `<provider>:<email>` while the
12
+ * identity fields on the persisted profile remain
13
+ * JWT-derived. Provider portion of `--profile` must
14
+ * equal `--provider` or the command exits 2.
15
+ * - `comis auth list` — list stored profiles in a 5-column table; supports
16
+ * `--provider <id>` filter — pure client-side string
17
+ * match, no validation against pi-ai's known list.
18
+ * - `comis auth logout` — remove a profile by ID
19
+ * - `comis auth status` — per-provider summary (count + nextExpiry); supports
20
+ * `--provider <id>` filter with the same semantics
21
+ * as `auth list`.
22
+ *
23
+ * Only `--provider openai-codex` is supported for `auth login` today. Other
24
+ * providers ship later. The `--provider` filter on `list` / `status` is
25
+ * unconstrained because the filter is purely cosmetic.
26
+ *
27
+ * All commands run in the CLI process; the local OAuth callback server
28
+ * (pi-ai's hardcoded localhost:1455) binds to the user's interactive
29
+ * machine — daemon may be on a remote host.
30
+ *
31
+ * @module
32
+ */
33
+ import type { Command } from "commander";
34
+ /**
35
+ * Register the `auth` command group on the program.
36
+ */
37
+ export declare function registerAuthCommand(program: Command): void;
@@ -0,0 +1,433 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ /**
3
+ * `comis auth` CLI command tree.
4
+ *
5
+ * Four subcommands operating directly against the OAuthCredentialStorePort
6
+ * (no daemon RPC — store is the IPC primitive between CLI and daemon, with
7
+ * the daemon picking up changes via the chokidar watcher):
8
+ *
9
+ * - `comis auth login` — interactive OAuth login (browser + manual paste).
10
+ * Accepts `--profile <id>` to override the storage
11
+ * key; the user-supplied id replaces the
12
+ * JWT-derived `<provider>:<email>` while the
13
+ * identity fields on the persisted profile remain
14
+ * JWT-derived. Provider portion of `--profile` must
15
+ * equal `--provider` or the command exits 2.
16
+ * - `comis auth list` — list stored profiles in a 5-column table; supports
17
+ * `--provider <id>` filter — pure client-side string
18
+ * match, no validation against pi-ai's known list.
19
+ * - `comis auth logout` — remove a profile by ID
20
+ * - `comis auth status` — per-provider summary (count + nextExpiry); supports
21
+ * `--provider <id>` filter with the same semantics
22
+ * as `auth list`.
23
+ *
24
+ * Only `--provider openai-codex` is supported for `auth login` today. Other
25
+ * providers ship later. The `--provider` filter on `list` / `status` is
26
+ * unconstrained because the filter is purely cosmetic.
27
+ *
28
+ * All commands run in the CLI process; the local OAuth callback server
29
+ * (pi-ai's hardcoded localhost:1455) binds to the user's interactive
30
+ * machine — daemon may be on a remote host.
31
+ *
32
+ * @module
33
+ */
34
+ import { homedir } from "node:os";
35
+ import open from "open";
36
+ import { loadConfigFile, validateConfig, safePath, validateProfileId, } from "@comis/core";
37
+ import { selectOAuthCredentialStore, loginOpenAICodexOAuth, isRemoteEnvironment, redactEmailForLog, } from "@comis/agent";
38
+ import { createLogger } from "@comis/infra";
39
+ import { error, info, success } from "../output/format.js";
40
+ import { renderTable } from "../output/table.js";
41
+ import { formatRelativeExpiry } from "../output/relative-time.js";
42
+ import { createClackAdapter } from "../wizard/clack-adapter.js";
43
+ const PROVIDER_OPENAI_CODEX = "openai-codex";
44
+ const ACTIVE_THRESHOLD_MS = 5 * 60_000; // 5 minutes — match status logic
45
+ // ---------------------------------------------------------------------------
46
+ // OAuthError discrimination helpers.
47
+ //
48
+ // `exitOnOAuthError` translates a structured OAuthError into stderr output +
49
+ // exit code 1; `isOAuthError` is a defensive type guard so the catch blocks
50
+ // can route OAuthError values through the structured handler while letting
51
+ // generic JS errors fall through to the existing `Failed to ${verb}: ${msg}`
52
+ // pattern.
53
+ //
54
+ // Per CLAUDE.md "Logging" — CLI uses `format.ts` (stderr/stdout) NOT Pino;
55
+ // this is the documented exception. The literal "Re-authenticate with: comis
56
+ // auth login --provider <providerId>" line is the acceptance literal the
57
+ // integration test grep-asserts (test/integration/oauth-refresh-token-reused.test.ts).
58
+ // ---------------------------------------------------------------------------
59
+ /**
60
+ * Translate a structured OAuthError into stderr output + exit code 1.
61
+ *
62
+ * When `errorKind === "refresh_token_reused"`, the CLI prints the canonical
63
+ * re-login command with exit code 1. Other errorKinds (invalid_grant, etc.)
64
+ * get tailored messages; unknown OAuthErrors fall through to the generic
65
+ * shape.
66
+ *
67
+ * Returns `never` — always exits the process.
68
+ */
69
+ function exitOnOAuthError(err) {
70
+ if (err.errorKind === "refresh_token_reused") {
71
+ error("Refresh token was reused. The OpenAI account has been auto-locked for security.");
72
+ info(`Re-authenticate with: comis auth login --provider ${err.providerId}`);
73
+ process.exit(1);
74
+ }
75
+ if (err.errorKind === "invalid_grant") {
76
+ const profileSlug = err.profileId ?? "unknown";
77
+ error(`Refresh token was rejected by OpenAI (invalid_grant) for profile "${profileSlug}".`);
78
+ info(`Re-authenticate with: comis auth login --provider ${err.providerId}`);
79
+ process.exit(1);
80
+ }
81
+ error(`OAuthError (${err.code}): ${err.message}`);
82
+ if (err.hint)
83
+ info(err.hint);
84
+ process.exit(1);
85
+ }
86
+ /**
87
+ * Type guard: detect an OAuthError shape on a caught unknown value.
88
+ * Distinguishes the structured error from generic JS errors so the CLI can
89
+ * route through `exitOnOAuthError` (above). Match against the 5 known
90
+ * `OAuthError.code` values to avoid false positives on third-party errors
91
+ * that happen to carry `code`/`providerId`/`message` keys.
92
+ */
93
+ function isOAuthError(value) {
94
+ if (!value || typeof value !== "object")
95
+ return false;
96
+ const v = value;
97
+ return (typeof v.code === "string" &&
98
+ typeof v.message === "string" &&
99
+ typeof v.providerId === "string" &&
100
+ [
101
+ "NO_PROVIDER",
102
+ "NO_CREDENTIALS",
103
+ "REFRESH_FAILED",
104
+ "STORE_FAILED",
105
+ "PROFILE_NOT_FOUND",
106
+ ].includes(v.code));
107
+ }
108
+ // Module-scoped logger. The CLI process runs short-lived commands; one
109
+ // logger instance is shared across all 4 subcommands. Per CLAUDE.md, every
110
+ // log call also sets `submodule: "auth-cli"` for filterability.
111
+ const logger = createLogger({ name: "auth-cli" });
112
+ // ---------------------------------------------------------------------------
113
+ // Internal: open the OAuth credential store using the same selector the
114
+ // daemon uses. Reads appConfig.oauth.storage from the user's config file
115
+ // with safe defaults when no config exists (e.g., daemon never set up).
116
+ //
117
+ // Both loadConfigFile and validateConfig are Result-typed (per @comis/core),
118
+ // so this function never throws — config errors fall through to the file
119
+ // adapter default, which is the safe operator-friendly behavior for a
120
+ // freshly-installed CLI.
121
+ // ---------------------------------------------------------------------------
122
+ function openOAuthStoreFromConfig() {
123
+ const dataDir = safePath(homedir(), ".comis");
124
+ // eslint-disable-next-line no-restricted-syntax -- CLI bootstrap before SecretManager
125
+ const envPaths = process.env.COMIS_CONFIG_PATHS;
126
+ const configPath = envPaths?.split(",")[0] ?? safePath(homedir(), ".comis", "config.yaml");
127
+ const loadResult = loadConfigFile(configPath);
128
+ if (!loadResult.ok) {
129
+ // No config file → default to file storage (the file adapter creates
130
+ // ~/.comis/auth-profiles.json on first set).
131
+ return selectOAuthCredentialStore({ storage: "file", dataDir });
132
+ }
133
+ const validateResult = validateConfig(loadResult.value);
134
+ if (!validateResult.ok) {
135
+ // Invalid config — fail fast with a clear hint pointing at the daemon
136
+ // bootstrap message that surfaces the same Zod issue.
137
+ error(`Failed to load config: ${validateResult.error.message}. ` +
138
+ "Hint: run `comis configure` or fix the YAML at " +
139
+ `${configPath} before retrying.`);
140
+ process.exit(1);
141
+ }
142
+ const storage = validateResult.value.oauth.storage;
143
+ if (storage === "encrypted") {
144
+ // Encrypted-mode bootstrap from CLI requires SECRETS_MASTER_KEY + the
145
+ // secrets DB. The CLI does NOT spin up the SecretsCrypto/secretsDb
146
+ // here — surface a fail-fast error pointing at the daemon's
147
+ // encrypted-mode path. Operators with encrypted storage must run
148
+ // `comis auth login` from the daemon host (where SECRETS_MASTER_KEY
149
+ // is exported), or switch to file storage.
150
+ error("OAuth storage mode is 'encrypted' but the CLI cannot bootstrap the encrypted store. " +
151
+ "Hint: Either (1) export SECRETS_MASTER_KEY in this shell and rerun, or (2) change " +
152
+ "appConfig.oauth.storage to 'file' for `comis auth login` flows.");
153
+ process.exit(1);
154
+ }
155
+ return selectOAuthCredentialStore({ storage: "file", dataDir });
156
+ }
157
+ // ---------------------------------------------------------------------------
158
+ // Internal: build a status string from an absolute expiry timestamp.
159
+ // ---------------------------------------------------------------------------
160
+ function profileStatus(expiresAtMs) {
161
+ return expiresAtMs - Date.now() > ACTIVE_THRESHOLD_MS ? "active" : "expired";
162
+ }
163
+ // ---------------------------------------------------------------------------
164
+ // Public boundary
165
+ // ---------------------------------------------------------------------------
166
+ /**
167
+ * Register the `auth` command group on the program.
168
+ */
169
+ export function registerAuthCommand(program) {
170
+ const auth = program
171
+ .command("auth")
172
+ .description("OAuth authentication management");
173
+ // -------------------------------------------------------------------------
174
+ // login
175
+ // -------------------------------------------------------------------------
176
+ auth
177
+ .command("login")
178
+ .description("Log in to an OAuth-enabled provider")
179
+ .requiredOption("--provider <id>", "OAuth provider id (must be 'openai-codex')")
180
+ .option("--remote", "Force remote/headless mode (no browser)")
181
+ .option("--local", "Force local/desktop mode (try to open browser)")
182
+ .option("--profile <id>", "Override the auto-derived profile ID (provider portion must match --provider)")
183
+ .option("--method <method>", "Login method: 'browser' (default) or 'device-code' (SSH/no-clipboard)")
184
+ .action(async (opts) => {
185
+ // Provider must be openai-codex.
186
+ if (opts.provider !== PROVIDER_OPENAI_CODEX) {
187
+ error("--provider must be 'openai-codex' (other providers ship later)");
188
+ process.exit(2);
189
+ }
190
+ // Validate --profile override when supplied.
191
+ // The user-supplied id becomes the storage key; the provider portion
192
+ // MUST match --provider (defense against accidentally writing an
193
+ // anthropic profile under an openai-codex login flow).
194
+ if (opts.profile) {
195
+ const validated = validateProfileId(opts.profile);
196
+ if (!validated.ok) {
197
+ error(`Invalid --profile value: ${validated.error.message}. Expected format: <provider>:<identity>.`);
198
+ process.exit(2);
199
+ }
200
+ if (validated.value.provider !== opts.provider) {
201
+ error(`--profile provider portion ("${validated.value.provider}") must match --provider value ("${opts.provider}") — provider mismatch.`);
202
+ process.exit(2);
203
+ }
204
+ }
205
+ // Validate --method flag.
206
+ // Defense-in-depth: any value other than "device-code" silently
207
+ // maps to "browser" — the CLI never crashes on an unknown method,
208
+ // it falls back to the safe default.
209
+ const method = opts.method === "device-code" ? "device-code" : "browser";
210
+ if (method === "device-code" && opts.provider !== PROVIDER_OPENAI_CODEX) {
211
+ error("--method device-code is only supported with --provider openai-codex " +
212
+ "(other providers do not support device-code today)");
213
+ process.exit(2);
214
+ }
215
+ try {
216
+ const store = openOAuthStoreFromConfig();
217
+ const isRemote = isRemoteEnvironment({
218
+ env: process.env,
219
+ force: opts.remote ? "remote" : opts.local ? "local" : undefined,
220
+ });
221
+ const prompter = createClackAdapter();
222
+ const result = await loginOpenAICodexOAuth({
223
+ prompter,
224
+ isRemote,
225
+ openUrl: open,
226
+ logger,
227
+ method,
228
+ });
229
+ if (!result.ok) {
230
+ error(result.error.message);
231
+ if (result.error.hint)
232
+ info(result.error.hint);
233
+ process.exit(1);
234
+ }
235
+ const v = result.value;
236
+ // When --profile is set, override the storage key.
237
+ // email/accountId/displayName remain JWT-derived (preserved on the
238
+ // profile object) so the operator can still identify which upstream
239
+ // account backs the alias.
240
+ const finalProfileId = opts.profile ?? v.profileId;
241
+ const profile = {
242
+ provider: PROVIDER_OPENAI_CODEX,
243
+ profileId: finalProfileId,
244
+ access: v.access,
245
+ refresh: v.refresh,
246
+ expires: v.expires,
247
+ accountId: v.accountId,
248
+ email: v.email,
249
+ displayName: v.displayName,
250
+ version: 1,
251
+ };
252
+ const writeResult = await store.set(finalProfileId, profile);
253
+ if (!writeResult.ok) {
254
+ error(`Failed to persist OAuth profile: ${writeResult.error.message}`);
255
+ process.exit(1);
256
+ }
257
+ // Silent overwrite policy; INFO-log records every login write.
258
+ logger.info({
259
+ provider: PROVIDER_OPENAI_CODEX,
260
+ profileId: finalProfileId,
261
+ identity: redactEmailForLog(v.email) ?? `id-${v.accountId ?? "<unknown>"}`,
262
+ action: "login",
263
+ submodule: "auth-cli",
264
+ }, "OAuth profile written by CLI");
265
+ success(`Logged in as ${v.email ?? v.displayName ?? v.profileId} (profile: ${finalProfileId})`);
266
+ }
267
+ catch (err) {
268
+ // Structured OAuthError values route through `exitOnOAuthError`
269
+ // for the canonical re-login hint; generic errors fall through to
270
+ // the existing pattern.
271
+ if (isOAuthError(err)) {
272
+ exitOnOAuthError(err);
273
+ }
274
+ const msg = err instanceof Error ? err.message : String(err);
275
+ error(`Failed to log in: ${msg}`);
276
+ process.exit(1);
277
+ }
278
+ });
279
+ // -------------------------------------------------------------------------
280
+ // list
281
+ // -------------------------------------------------------------------------
282
+ auth
283
+ .command("list")
284
+ .description("List stored OAuth profiles")
285
+ .option("--provider <id>", "Filter to one provider")
286
+ .action(async (opts) => {
287
+ try {
288
+ const store = openOAuthStoreFromConfig();
289
+ const listResult = await store.list();
290
+ if (!listResult.ok) {
291
+ error(`Failed to list OAuth profiles: ${listResult.error.message}`);
292
+ process.exit(1);
293
+ }
294
+ const profiles = listResult.value;
295
+ // Client-side string-match filter; we explicitly opt OUT of
296
+ // validating the provider value against pi-ai's known list (the
297
+ // filter is purely an in-memory display sieve).
298
+ const filtered = opts.provider
299
+ ? profiles.filter((p) => p.provider === opts.provider)
300
+ : profiles;
301
+ if (filtered.length === 0) {
302
+ if (opts.provider) {
303
+ info(`No OAuth profiles stored for provider "${opts.provider}".`);
304
+ }
305
+ else {
306
+ info("No OAuth profiles stored.");
307
+ }
308
+ return;
309
+ }
310
+ renderTable(["Provider", "ProfileId", "Identity", "ExpiresIn", "Status"], filtered.map((p) => [
311
+ p.provider,
312
+ p.profileId,
313
+ p.email ?? p.profileId.split(":")[1] ?? "—",
314
+ formatRelativeExpiry(p.expires),
315
+ profileStatus(p.expires),
316
+ ]));
317
+ }
318
+ catch (err) {
319
+ // Structured OAuthError gets the re-login hint.
320
+ if (isOAuthError(err)) {
321
+ exitOnOAuthError(err);
322
+ }
323
+ const msg = err instanceof Error ? err.message : String(err);
324
+ error(`Failed to list profiles: ${msg}`);
325
+ process.exit(1);
326
+ }
327
+ });
328
+ // -------------------------------------------------------------------------
329
+ // logout
330
+ // -------------------------------------------------------------------------
331
+ auth
332
+ .command("logout")
333
+ .description("Remove a stored OAuth profile")
334
+ .requiredOption("--profile <id>", "Profile ID to remove (e.g., openai-codex:user@example.com)")
335
+ .action(async (opts) => {
336
+ try {
337
+ const store = openOAuthStoreFromConfig();
338
+ const has = await store.has(opts.profile);
339
+ if (!has.ok) {
340
+ error(`Failed to check profile existence: ${has.error.message}`);
341
+ process.exit(1);
342
+ }
343
+ if (!has.value) {
344
+ error(`profile ${opts.profile} not found`);
345
+ process.exit(1);
346
+ }
347
+ const delResult = await store.delete(opts.profile);
348
+ if (!delResult.ok) {
349
+ error(`Failed to remove profile: ${delResult.error.message}`);
350
+ process.exit(1);
351
+ }
352
+ logger.info({
353
+ profileId: opts.profile,
354
+ action: "logout",
355
+ submodule: "auth-cli",
356
+ }, "OAuth profile removed by CLI");
357
+ success(`Logged out of ${opts.profile}`);
358
+ }
359
+ catch (err) {
360
+ // Structured OAuthError gets the re-login hint.
361
+ if (isOAuthError(err)) {
362
+ exitOnOAuthError(err);
363
+ }
364
+ const msg = err instanceof Error ? err.message : String(err);
365
+ error(`Failed to log out: ${msg}`);
366
+ process.exit(1);
367
+ }
368
+ });
369
+ // -------------------------------------------------------------------------
370
+ // status
371
+ // -------------------------------------------------------------------------
372
+ auth
373
+ .command("status")
374
+ .description("Show per-provider OAuth status")
375
+ .option("--provider <id>", "Filter to one provider")
376
+ .action(async (opts) => {
377
+ try {
378
+ const store = openOAuthStoreFromConfig();
379
+ const listResult = await store.list();
380
+ if (!listResult.ok) {
381
+ error(`Failed to read OAuth status: ${listResult.error.message}`);
382
+ process.exit(1);
383
+ }
384
+ const profiles = listResult.value;
385
+ if (profiles.length === 0) {
386
+ // Empty store — even with --provider filter, the operator's
387
+ // intended diagnostic is the same: nothing here, optionally for
388
+ // the named provider.
389
+ if (opts.provider) {
390
+ info(`No OAuth profiles stored for provider "${opts.provider}".`);
391
+ }
392
+ else {
393
+ info("No OAuth profiles stored.");
394
+ }
395
+ return;
396
+ }
397
+ // Group by provider.
398
+ const byProvider = new Map();
399
+ for (const p of profiles) {
400
+ const arr = byProvider.get(p.provider) ?? [];
401
+ arr.push(p);
402
+ byProvider.set(p.provider, arr);
403
+ }
404
+ // Empty filter case: store has profiles, but none for the requested
405
+ // provider. Print provider-specific empty-state and exit 0 (the
406
+ // standard `return` here, since a missing provider in a populated
407
+ // store is not an error).
408
+ if (opts.provider && !byProvider.has(opts.provider)) {
409
+ info(`No OAuth profiles stored for provider "${opts.provider}".`);
410
+ return;
411
+ }
412
+ for (const [provider, group] of byProvider) {
413
+ // Skip non-matching groups when filter is set.
414
+ if (opts.provider && provider !== opts.provider)
415
+ continue;
416
+ info(`${provider} (${group.length} profile${group.length !== 1 ? "s" : ""})`);
417
+ for (const p of group) {
418
+ const identity = p.email ?? p.profileId.split(":")[1] ?? "—";
419
+ info(` ${p.profileId} — expires in ${formatRelativeExpiry(p.expires)} (${profileStatus(p.expires)}) — identity: ${identity}`);
420
+ }
421
+ }
422
+ }
423
+ catch (err) {
424
+ // Structured OAuthError gets the re-login hint.
425
+ if (isOAuthError(err)) {
426
+ exitOnOAuthError(err);
427
+ }
428
+ const msg = err instanceof Error ? err.message : String(err);
429
+ error(`Failed to check OAuth status: ${msg}`);
430
+ process.exit(1);
431
+ }
432
+ });
433
+ }
@@ -12,8 +12,11 @@ import type { Command } from "commander";
12
12
  * Register the `doctor` command on the program.
13
13
  *
14
14
  * Provides:
15
- * - `comis doctor` -- run 5 health check categories
15
+ * - `comis doctor` -- run 6 health check categories (config, daemon, gateway,
16
+ * channel, workspace, OAuth)
16
17
  * - `comis doctor --repair` -- auto-fix repairable issues
18
+ * - `comis doctor --refresh-test` -- opt-in refresh probe per profile.
19
+ * WARNING: rotates the refresh token at OpenAI.
17
20
  *
18
21
  * @param program - The root Commander program
19
22
  */
@@ -20,16 +20,18 @@ import { daemonHealthCheck } from "../doctor/checks/daemon-health.js";
20
20
  import { gatewayHealthCheck } from "../doctor/checks/gateway-health.js";
21
21
  import { channelHealthCheck } from "../doctor/checks/channel-health.js";
22
22
  import { workspaceHealthCheck } from "../doctor/checks/workspace-health.js";
23
+ import { oauthHealthCheck } from "../doctor/checks/oauth-health.js";
23
24
  import { repairConfig } from "../doctor/repairs/repair-config.js";
24
25
  import { repairDaemon } from "../doctor/repairs/repair-daemon.js";
25
26
  import { repairWorkspace } from "../doctor/repairs/repair-workspace.js";
26
- /** All doctor checks in execution order (5 categories). */
27
+ /** All doctor checks in execution order (6 categories). */
27
28
  const ALL_CHECKS = [
28
29
  configHealthCheck,
29
30
  daemonHealthCheck,
30
31
  gatewayHealthCheck,
31
32
  channelHealthCheck,
32
33
  workspaceHealthCheck,
34
+ oauthHealthCheck,
33
35
  ];
34
36
  /**
35
37
  * Resolve default config paths from COMIS_CONFIG_PATHS env var or standard locations.
@@ -99,21 +101,30 @@ function buildDoctorContext(configPaths) {
99
101
  * Register the `doctor` command on the program.
100
102
  *
101
103
  * Provides:
102
- * - `comis doctor` -- run 5 health check categories
104
+ * - `comis doctor` -- run 6 health check categories (config, daemon, gateway,
105
+ * channel, workspace, OAuth)
103
106
  * - `comis doctor --repair` -- auto-fix repairable issues
107
+ * - `comis doctor --refresh-test` -- opt-in refresh probe per profile.
108
+ * WARNING: rotates the refresh token at OpenAI.
104
109
  *
105
110
  * @param program - The root Commander program
106
111
  */
107
112
  export function registerDoctorCommand(program) {
108
113
  program
109
114
  .command("doctor")
110
- .description("Diagnose configuration, daemon, gateway, channel, and workspace health")
115
+ .description("Diagnose configuration, daemon, gateway, channel, workspace, and OAuth health")
111
116
  .option("--repair", "Auto-fix repairable issues")
112
117
  .option("-c, --config <paths...>", "Config file paths to check")
113
118
  .option("--format <format>", 'Output format: "table" or "json"', "table")
119
+ .option("--refresh-test", "Run a real OAuth refresh against the provider per profile. " +
120
+ "WARNING: rotates the refresh token at OpenAI; the stored token will " +
121
+ "be stale after this check. Default: OFF (opt-in).")
114
122
  .action(async (options) => {
115
123
  const configPaths = options.config ?? resolveDefaultConfigPaths();
116
- const context = buildDoctorContext(configPaths);
124
+ const context = {
125
+ ...buildDoctorContext(configPaths),
126
+ refreshTest: options.refreshTest,
127
+ };
117
128
  const result = await withSpinner("Running diagnostics...", () => runDoctorChecks(ALL_CHECKS, context));
118
129
  // Render results
119
130
  if (options.format === "json") {
@@ -156,7 +167,11 @@ export function registerDoctorCommand(program) {
156
167
  }
157
168
  // Re-run diagnostics after repairs
158
169
  info("Re-running diagnostics...");
159
- const rerunResult = await withSpinner("Verifying repairs...", () => runDoctorChecks(ALL_CHECKS, buildDoctorContext(configPaths)));
170
+ const rerunContext = {
171
+ ...buildDoctorContext(configPaths),
172
+ refreshTest: options.refreshTest,
173
+ };
174
+ const rerunResult = await withSpinner("Verifying repairs...", () => runDoctorChecks(ALL_CHECKS, rerunContext));
160
175
  if (options.format === "json") {
161
176
  renderDoctorJson(rerunResult);
162
177
  }
@@ -4,8 +4,7 @@
4
4
  * Provides `comis providers list` for browsing available providers from
5
5
  * the live pi-ai catalog (with daemon RPC + local fallback). Status
6
6
  * column indicates whether a provider's API key is resolvable from the
7
- * env (mirrors credential-resolver.ts Source B semantics from
8
- * 260501-2pz).
7
+ * env (mirrors credential-resolver.ts Source B semantics).
9
8
  *
10
9
  * Mirrors `commands/models.ts` shape -- RPC-first, local catalog
11
10
  * fallback, `--format` flag, no `set` subcommand (provider switching