comisai 1.0.34 → 1.0.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.d.ts +11 -1
- package/node_modules/@comis/agent/dist/background/auto-background-middleware.js +30 -4
- package/node_modules/@comis/agent/dist/background/background-task-manager.d.ts +22 -2
- package/node_modules/@comis/agent/dist/background/background-task-manager.js +88 -40
- package/node_modules/@comis/agent/dist/background/background-task-persistence.js +34 -4
- package/node_modules/@comis/agent/dist/background/background-task-types.d.ts +59 -3
- package/node_modules/@comis/agent/dist/background/background-task-types.js +1 -1
- package/node_modules/@comis/agent/dist/background/completion-dispatcher.d.ts +130 -0
- package/node_modules/@comis/agent/dist/background/completion-dispatcher.js +215 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.d.ts +39 -0
- package/node_modules/@comis/agent/dist/background/completion-formatter.js +77 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.d.ts +62 -0
- package/node_modules/@comis/agent/dist/background/completion-runner.js +234 -0
- package/node_modules/@comis/agent/dist/background/index.d.ts +10 -1
- package/node_modules/@comis/agent/dist/background/index.js +4 -0
- package/node_modules/@comis/agent/dist/background/session-resolver.d.ts +85 -0
- package/node_modules/@comis/agent/dist/background/session-resolver.js +78 -0
- package/node_modules/@comis/agent/dist/bootstrap/sections/messaging-sections.js +1 -0
- package/node_modules/@comis/agent/dist/bootstrap/sections/tool-descriptions.js +3 -3
- package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.d.ts +30 -2
- package/node_modules/@comis/agent/dist/bootstrap/sections/tooling-sections.js +51 -2
- package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.d.ts +22 -0
- package/node_modules/@comis/agent/dist/bootstrap/system-prompt-assembler.js +2 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.d.ts +1 -5
- package/node_modules/@comis/agent/dist/bridge/bridge-event-handlers.js +2 -14
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.d.ts +43 -2
- package/node_modules/@comis/agent/dist/bridge/bridge-metrics.js +17 -2
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.d.ts +32 -23
- package/node_modules/@comis/agent/dist/bridge/pi-event-bridge.js +145 -62
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.d.ts +6 -7
- package/node_modules/@comis/agent/dist/bridge/thinking-block-hash-invariant.js +24 -25
- package/node_modules/@comis/agent/dist/budget/cost-tracker.d.ts +1 -1
- package/node_modules/@comis/agent/dist/context-engine/constants.d.ts +5 -5
- package/node_modules/@comis/agent/dist/context-engine/constants.js +12 -12
- package/node_modules/@comis/agent/dist/context-engine/context-engine.js +13 -4
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.d.ts +1 -2
- package/node_modules/@comis/agent/dist/context-engine/dag-annotator.js +1 -2
- package/node_modules/@comis/agent/dist/context-engine/llm-compaction.js +20 -16
- package/node_modules/@comis/agent/dist/context-engine/rehydration.js +6 -6
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.d.ts +12 -12
- package/node_modules/@comis/agent/dist/context-engine/signature-replay-scrubber.js +36 -22
- package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.d.ts +10 -10
- package/node_modules/@comis/agent/dist/context-engine/signature-surrogate-guard.js +14 -14
- package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.d.ts +11 -13
- package/node_modules/@comis/agent/dist/context-engine/thinking-block-cleaner.js +14 -15
- package/node_modules/@comis/agent/dist/context-engine/types-core.d.ts +15 -0
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.d.ts +6 -6
- package/node_modules/@comis/agent/dist/executor/cache-break-detection.js +8 -8
- package/node_modules/@comis/agent/dist/executor/capability-index-context.d.ts +72 -0
- package/node_modules/@comis/agent/dist/executor/capability-index-context.js +329 -0
- package/node_modules/@comis/agent/dist/executor/drain-helper.d.ts +122 -0
- package/node_modules/@comis/agent/dist/executor/drain-helper.js +173 -0
- package/node_modules/@comis/agent/dist/executor/error-classifier.js +2 -2
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.d.ts +16 -0
- package/node_modules/@comis/agent/dist/executor/executor-context-engine-setup.js +46 -5
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.d.ts +78 -4
- package/node_modules/@comis/agent/dist/executor/executor-post-execution.js +150 -31
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.d.ts +7 -0
- package/node_modules/@comis/agent/dist/executor/executor-prompt-runner.js +26 -5
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.d.ts +7 -6
- package/node_modules/@comis/agent/dist/executor/executor-response-filter.js +9 -42
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.d.ts +18 -1
- package/node_modules/@comis/agent/dist/executor/executor-tool-assembly.js +20 -18
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/gemini-cache-injector.js +4 -4
- package/node_modules/@comis/agent/dist/executor/jit-guide-injector.d.ts +11 -2
- package/node_modules/@comis/agent/dist/executor/jit-guide-injector.js +16 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.d.ts +2 -2
- package/node_modules/@comis/agent/dist/executor/phase-filter.js +5 -7
- package/node_modules/@comis/agent/dist/executor/pi-executor.d.ts +21 -2
- package/node_modules/@comis/agent/dist/executor/pi-executor.js +96 -18
- package/node_modules/@comis/agent/dist/executor/post-batch-continuation.js +7 -7
- package/node_modules/@comis/agent/dist/executor/prompt-assembly.d.ts +9 -1
- package/node_modules/@comis/agent/dist/executor/prompt-assembly.js +15 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.d.ts +1 -1
- package/node_modules/@comis/agent/dist/executor/stream-wrappers/request-body-injector.js +1 -1
- package/node_modules/@comis/agent/dist/executor/tool-deferral.d.ts +18 -27
- package/node_modules/@comis/agent/dist/executor/tool-deferral.js +34 -43
- package/node_modules/@comis/agent/dist/index.d.ts +17 -0
- package/node_modules/@comis/agent/dist/index.js +32 -11
- package/node_modules/@comis/agent/dist/model/auth-provider.d.ts +25 -2
- package/node_modules/@comis/agent/dist/model/auth-provider.js +6 -0
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.d.ts +3 -3
- package/node_modules/@comis/agent/dist/model/compaction-model-resolver.js +3 -3
- package/node_modules/@comis/agent/dist/model/model-registry-adapter.js +1 -1
- package/node_modules/@comis/agent/dist/model/model-scanner.js +1 -1
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.d.ts +37 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-file.js +279 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.d.ts +49 -0
- package/node_modules/@comis/agent/dist/model/oauth-credential-store-selector.js +50 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.d.ts +57 -0
- package/node_modules/@comis/agent/dist/model/oauth-device-code.js +302 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.d.ts +33 -0
- package/node_modules/@comis/agent/dist/model/oauth-env.js +38 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.d.ts +41 -0
- package/node_modules/@comis/agent/dist/model/oauth-errors.js +88 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.d.ts +53 -0
- package/node_modules/@comis/agent/dist/model/oauth-identity.js +141 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.d.ts +99 -0
- package/node_modules/@comis/agent/dist/model/oauth-login-runner.js +374 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.d.ts +58 -0
- package/node_modules/@comis/agent/dist/model/oauth-tls-preflight.js +82 -0
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.d.ts +86 -16
- package/node_modules/@comis/agent/dist/model/oauth-token-manager.js +961 -66
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.d.ts +9 -4
- package/node_modules/@comis/agent/dist/model/operation-model-defaults.js +36 -9
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.d.ts +48 -0
- package/node_modules/@comis/agent/dist/model/resolve-provider-api-key.js +66 -0
- package/node_modules/@comis/agent/dist/provider/capabilities.d.ts +5 -5
- package/node_modules/@comis/agent/dist/provider/capabilities.js +10 -23
- package/node_modules/@comis/agent/dist/safety/tool-output-safety.js +3 -3
- package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.d.ts +11 -1
- package/node_modules/@comis/agent/dist/safety/tool-retry-breaker.js +19 -22
- package/node_modules/@comis/agent/dist/session/comis-session-manager.d.ts +17 -3
- package/node_modules/@comis/agent/dist/session/comis-session-manager.js +1 -1
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.d.ts +10 -0
- package/node_modules/@comis/agent/dist/spawn/narrative-caster.js +5 -1
- package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.d.ts +1 -1
- package/node_modules/@comis/agent/dist/spawn/pi-mono-adapters.js +5 -5
- package/node_modules/@comis/agent/dist/workspace/data-env.d.ts +38 -0
- package/node_modules/@comis/agent/dist/workspace/data-env.js +56 -0
- package/node_modules/@comis/agent/dist/workspace/index.d.ts +1 -0
- package/node_modules/@comis/agent/dist/workspace/index.js +1 -0
- package/node_modules/@comis/agent/dist/workspace/templates.js +5 -1
- package/node_modules/@comis/agent/package.json +1 -1
- package/node_modules/@comis/channels/dist/email/email-adapter.js +6 -6
- package/node_modules/@comis/channels/dist/email/imap-lifecycle.js +7 -7
- package/node_modules/@comis/channels/dist/index.d.ts +1 -1
- package/node_modules/@comis/channels/dist/index.js +1 -1
- package/node_modules/@comis/channels/dist/shared/channel-manager.d.ts +9 -3
- package/node_modules/@comis/channels/dist/shared/deliver-to-channel.js +12 -10
- package/node_modules/@comis/channels/dist/shared/inbound-gate.d.ts +1 -1
- package/node_modules/@comis/channels/dist/shared/inbound-gate.js +22 -7
- package/node_modules/@comis/channels/dist/shared/inbound-pipeline.d.ts +10 -3
- package/node_modules/@comis/channels/dist/shared/inbound-route.d.ts +1 -1
- package/node_modules/@comis/channels/dist/shared/inbound-route.js +13 -2
- package/node_modules/@comis/channels/dist/shared/response-filter.d.ts +11 -24
- package/node_modules/@comis/channels/dist/shared/response-filter.js +25 -53
- package/node_modules/@comis/channels/dist/telegram/telegram-adapter.js +1 -1
- package/node_modules/@comis/channels/package.json +1 -1
- package/node_modules/@comis/cli/dist/cli.js +2 -0
- package/node_modules/@comis/cli/dist/commands/agent.d.ts +3 -3
- package/node_modules/@comis/cli/dist/commands/agent.js +46 -3
- package/node_modules/@comis/cli/dist/commands/auth.d.ts +37 -0
- package/node_modules/@comis/cli/dist/commands/auth.js +433 -0
- package/node_modules/@comis/cli/dist/commands/doctor.d.ts +4 -1
- package/node_modules/@comis/cli/dist/commands/doctor.js +20 -5
- package/node_modules/@comis/cli/dist/commands/providers.d.ts +1 -2
- package/node_modules/@comis/cli/dist/commands/providers.js +5 -6
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.d.ts +39 -0
- package/node_modules/@comis/cli/dist/doctor/checks/oauth-health.js +399 -0
- package/node_modules/@comis/cli/dist/doctor/types.d.ts +19 -0
- package/node_modules/@comis/cli/dist/index.d.ts +1 -0
- package/node_modules/@comis/cli/dist/index.js +10 -4
- package/node_modules/@comis/cli/dist/output/relative-time.d.ts +23 -0
- package/node_modules/@comis/cli/dist/output/relative-time.js +36 -0
- package/node_modules/@comis/cli/dist/wizard/non-interactive.js +17 -8
- package/node_modules/@comis/cli/dist/wizard/steps/03-provider.js +2 -1
- package/node_modules/@comis/cli/dist/wizard/steps/04-credentials.js +223 -34
- package/node_modules/@comis/cli/dist/wizard/steps/10-write-config.js +14 -0
- package/node_modules/@comis/cli/dist/wizard/steps/11-daemon-start.js +3 -3
- package/node_modules/@comis/cli/dist/wizard/types.d.ts +7 -0
- package/node_modules/@comis/cli/package.json +1 -1
- package/node_modules/@comis/core/dist/bootstrap.d.ts +1 -1
- package/node_modules/@comis/core/dist/config/env-substitution.d.ts +66 -0
- package/node_modules/@comis/core/dist/config/env-substitution.js +115 -0
- package/node_modules/@comis/core/dist/config/field-metadata.js +2 -0
- package/node_modules/@comis/core/dist/config/immutable-keys.js +4 -1
- package/node_modules/@comis/core/dist/config/index.d.ts +7 -1
- package/node_modules/@comis/core/dist/config/index.js +4 -1
- package/node_modules/@comis/core/dist/config/loader.js +61 -0
- package/node_modules/@comis/core/dist/config/managed-sections.d.ts +3 -3
- package/node_modules/@comis/core/dist/config/managed-sections.js +10 -5
- package/node_modules/@comis/core/dist/config/schema-agent.d.ts +4 -792
- package/node_modules/@comis/core/dist/config/schema-agent.js +16 -1
- package/node_modules/@comis/core/dist/config/schema-approvals.d.ts +0 -14
- package/node_modules/@comis/core/dist/config/schema-auto-reply-engine.d.ts +0 -6
- package/node_modules/@comis/core/dist/config/schema-background-tasks.d.ts +1 -6
- package/node_modules/@comis/core/dist/config/schema-background-tasks.js +7 -0
- package/node_modules/@comis/core/dist/config/schema-browser.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-channel.d.ts +0 -158
- package/node_modules/@comis/core/dist/config/schema-coalescer.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-daemon.d.ts +0 -32
- package/node_modules/@comis/core/dist/config/schema-delivery.d.ts +1 -17
- package/node_modules/@comis/core/dist/config/schema-delivery.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-documentation.d.ts +0 -12
- package/node_modules/@comis/core/dist/config/schema-embedding.d.ts +0 -20
- package/node_modules/@comis/core/dist/config/schema-envelope.d.ts +0 -15
- package/node_modules/@comis/core/dist/config/schema-gateway.d.ts +0 -37
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.d.ts +0 -4
- package/node_modules/@comis/core/dist/config/schema-gemini-cache.js +0 -2
- package/node_modules/@comis/core/dist/config/schema-integrations.d.ts +0 -318
- package/node_modules/@comis/core/dist/config/schema-lifecycle-reactions.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-memory-review.d.ts +0 -7
- package/node_modules/@comis/core/dist/config/schema-memory.d.ts +0 -16
- package/node_modules/@comis/core/dist/config/schema-messages.d.ts +0 -8
- package/node_modules/@comis/core/dist/config/schema-models.d.ts +0 -15
- package/node_modules/@comis/core/dist/config/schema-notification.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-oauth.d.ts +18 -0
- package/node_modules/@comis/core/dist/config/schema-oauth.js +19 -0
- package/node_modules/@comis/core/dist/config/schema-observability.d.ts +0 -38
- package/node_modules/@comis/core/dist/config/schema-output-retention.d.ts +34 -0
- package/node_modules/@comis/core/dist/config/schema-output-retention.js +48 -0
- package/node_modules/@comis/core/dist/config/schema-plugins.d.ts +0 -8
- package/node_modules/@comis/core/dist/config/schema-providers.d.ts +0 -64
- package/node_modules/@comis/core/dist/config/schema-queue.d.ts +0 -58
- package/node_modules/@comis/core/dist/config/schema-response-prefix.d.ts +0 -2
- package/node_modules/@comis/core/dist/config/schema-retry.d.ts +0 -6
- package/node_modules/@comis/core/dist/config/schema-scheduler.d.ts +0 -39
- package/node_modules/@comis/core/dist/config/schema-secrets.d.ts +0 -3
- package/node_modules/@comis/core/dist/config/schema-security.d.ts +0 -18
- package/node_modules/@comis/core/dist/config/schema-send-policy.d.ts +0 -13
- package/node_modules/@comis/core/dist/config/schema-sender-trust-display.d.ts +0 -5
- package/node_modules/@comis/core/dist/config/schema-serializer.js +2 -0
- package/node_modules/@comis/core/dist/config/schema-skills.d.ts +0 -63
- package/node_modules/@comis/core/dist/config/schema-skills.js +3 -4
- package/node_modules/@comis/core/dist/config/schema-streaming.d.ts +0 -38
- package/node_modules/@comis/core/dist/config/schema-telegram-file-guard.d.ts +0 -3
- package/node_modules/@comis/core/dist/config/schema-tooling.d.ts +87 -0
- package/node_modules/@comis/core/dist/config/schema-tooling.js +152 -0
- package/node_modules/@comis/core/dist/config/schema-verbosity.d.ts +0 -12
- package/node_modules/@comis/core/dist/config/schema-webhooks.d.ts +0 -40
- package/node_modules/@comis/core/dist/config/schema.d.ts +50 -37
- package/node_modules/@comis/core/dist/config/schema.js +9 -0
- package/node_modules/@comis/core/dist/context/context.d.ts +0 -4
- package/node_modules/@comis/core/dist/domain/approval-request.d.ts +0 -17
- package/node_modules/@comis/core/dist/domain/background-task-origin.d.ts +29 -0
- package/node_modules/@comis/core/dist/domain/background-task-origin.js +39 -0
- package/node_modules/@comis/core/dist/domain/delivery-origin.d.ts +0 -5
- package/node_modules/@comis/core/dist/domain/execution-graph.d.ts +0 -48
- package/node_modules/@comis/core/dist/domain/memory-entry.d.ts +0 -3
- package/node_modules/@comis/core/dist/domain/model-compat.d.ts +0 -4
- package/node_modules/@comis/core/dist/domain/normalized-message.d.ts +0 -15
- package/node_modules/@comis/core/dist/domain/provider-capabilities.d.ts +0 -6
- package/node_modules/@comis/core/dist/domain/rich-message.d.ts +0 -14
- package/node_modules/@comis/core/dist/domain/subagent-context-config.d.ts +0 -22
- package/node_modules/@comis/core/dist/domain/subagent-context-types.d.ts +0 -8
- package/node_modules/@comis/core/dist/event-bus/events-agent.d.ts +31 -0
- package/node_modules/@comis/core/dist/event-bus/events-infra.d.ts +76 -2
- package/node_modules/@comis/core/dist/exports/config.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/config.js +3 -1
- package/node_modules/@comis/core/dist/exports/domain.d.ts +2 -0
- package/node_modules/@comis/core/dist/exports/domain.js +1 -0
- package/node_modules/@comis/core/dist/exports/hooks.d.ts +1 -1
- package/node_modules/@comis/core/dist/exports/ports.d.ts +2 -2
- package/node_modules/@comis/core/dist/exports/ports.js +1 -1
- package/node_modules/@comis/core/dist/ports/channel-plugin.d.ts +0 -13
- package/node_modules/@comis/core/dist/ports/delivery-queue.d.ts +23 -0
- package/node_modules/@comis/core/dist/ports/delivery-queue.js +2 -0
- package/node_modules/@comis/core/dist/ports/index.d.ts +4 -0
- package/node_modules/@comis/core/dist/ports/index.js +5 -0
- package/node_modules/@comis/core/dist/ports/no-op-tool-capability.d.ts +30 -0
- package/node_modules/@comis/core/dist/ports/no-op-tool-capability.js +47 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.d.ts +64 -0
- package/node_modules/@comis/core/dist/ports/oauth-credential-store.js +37 -0
- package/node_modules/@comis/core/dist/ports/tool-capability.d.ts +165 -0
- package/node_modules/@comis/core/dist/ports/tool-capability.js +15 -0
- package/node_modules/@comis/core/dist/security/audit.d.ts +0 -11
- package/node_modules/@comis/core/dist/tool-metadata.d.ts +41 -1
- package/node_modules/@comis/core/dist/tool-metadata.js +1 -1
- package/node_modules/@comis/core/package.json +1 -1
- package/node_modules/@comis/daemon/bundled-skills/skill-creator/scripts/validate-skill.py +1 -1
- package/node_modules/@comis/daemon/dist/daemon-types.d.ts +23 -3
- package/node_modules/@comis/daemon/dist/daemon.js +168 -30
- package/node_modules/@comis/daemon/dist/index.d.ts +2 -0
- package/node_modules/@comis/daemon/dist/index.js +5 -0
- package/node_modules/@comis/daemon/dist/observability/channel-health-logger.js +3 -3
- package/node_modules/@comis/daemon/dist/observability/delivery-queue-logger.js +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.d.ts +22 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-handlers.js +84 -21
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.d.ts +1 -1
- package/node_modules/@comis/daemon/dist/rpc/agent-inline-workspace.js +3 -3
- package/node_modules/@comis/daemon/dist/rpc/builtin-provider-guard.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.d.ts +9 -1
- package/node_modules/@comis/daemon/dist/rpc/config-handlers.js +104 -23
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.d.ts +30 -1
- package/node_modules/@comis/daemon/dist/rpc/credential-resolver.js +74 -11
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.d.ts +8 -0
- package/node_modules/@comis/daemon/dist/rpc/mcp-handlers.js +22 -8
- package/node_modules/@comis/daemon/dist/rpc/model-handlers.d.ts +1 -1
- package/node_modules/@comis/daemon/dist/rpc/model-handlers.js +2 -2
- package/node_modules/@comis/daemon/dist/rpc/provider-handlers.js +9 -12
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.d.ts +1 -0
- package/node_modules/@comis/daemon/dist/rpc/rpc-dispatch.js +27 -2
- package/node_modules/@comis/daemon/dist/setup-docker-restart-warn.js +0 -1
- package/node_modules/@comis/daemon/dist/sub-agent-runner.d.ts +18 -0
- package/node_modules/@comis/daemon/dist/sub-agent-runner.js +41 -9
- package/node_modules/@comis/daemon/dist/wiring/index.d.ts +4 -0
- package/node_modules/@comis/daemon/dist/wiring/index.js +2 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.d.ts +21 -0
- package/node_modules/@comis/daemon/dist/wiring/oauth-preflight.js +134 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.d.ts +81 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-agents.js +164 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.d.ts +58 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-completion-runner.js +59 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.d.ts +10 -3
- package/node_modules/@comis/daemon/dist/wiring/setup-background-tasks.js +13 -7
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.d.ts +9 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-channels.js +35 -10
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.d.ts +20 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-cross-session.js +21 -16
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.d.ts +14 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-delivery.js +65 -20
- package/node_modules/@comis/daemon/dist/wiring/setup-gateway.d.ts +4 -6
- package/node_modules/@comis/daemon/dist/wiring/setup-gateway.js +3 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.d.ts +20 -5
- package/node_modules/@comis/daemon/dist/wiring/setup-heartbeat.js +11 -2
- package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.d.ts +89 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-output-retention.js +212 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-schedulers.js +4 -0
- package/node_modules/@comis/daemon/dist/wiring/setup-tools.d.ts +18 -4
- package/node_modules/@comis/daemon/dist/wiring/setup-tools.js +29 -10
- package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.d.ts +75 -0
- package/node_modules/@comis/daemon/dist/wiring/tool-capability-adapter.js +253 -0
- package/node_modules/@comis/daemon/package.json +1 -1
- package/node_modules/@comis/gateway/dist/index.d.ts +2 -0
- package/node_modules/@comis/gateway/dist/index.js +2 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.d.ts +66 -0
- package/node_modules/@comis/gateway/dist/oauth/oauth-callback-route.js +212 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.d.ts +14 -0
- package/node_modules/@comis/gateway/dist/server/hono-server.js +10 -0
- package/node_modules/@comis/gateway/dist/webhook/webhook-endpoint.d.ts +0 -4
- package/node_modules/@comis/gateway/package.json +1 -1
- package/node_modules/@comis/infra/dist/logging/log-fields.d.ts +23 -0
- package/node_modules/@comis/infra/package.json +1 -1
- package/node_modules/@comis/memory/dist/compaction.d.ts +3 -5
- package/node_modules/@comis/memory/dist/compaction.js +2 -3
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.d.ts +2 -2
- package/node_modules/@comis/memory/dist/delivery-queue-adapter.js +49 -1
- package/node_modules/@comis/memory/dist/index.d.ts +2 -0
- package/node_modules/@comis/memory/dist/index.js +3 -0
- package/node_modules/@comis/memory/dist/memory-api.d.ts +1 -1
- package/node_modules/@comis/memory/dist/memory-api.js +1 -1
- package/node_modules/@comis/memory/dist/oauth-profile-schema.d.ts +17 -0
- package/node_modules/@comis/memory/dist/oauth-profile-schema.js +33 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.d.ts +27 -0
- package/node_modules/@comis/memory/dist/oauth-profile-store-encrypted.js +144 -0
- package/node_modules/@comis/memory/dist/session-store.d.ts +1 -1
- package/node_modules/@comis/memory/dist/session-store.js +1 -1
- package/node_modules/@comis/memory/dist/sqlite-secret-store.d.ts +29 -3
- package/node_modules/@comis/memory/dist/sqlite-secret-store.js +11 -3
- package/node_modules/@comis/memory/package.json +1 -1
- package/node_modules/@comis/scheduler/dist/cron/cron-types.d.ts +0 -42
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.d.ts +13 -0
- package/node_modules/@comis/scheduler/dist/execution/execution-lock.js +1 -1
- package/node_modules/@comis/scheduler/dist/execution/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/execution/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.d.ts +29 -8
- package/node_modules/@comis/scheduler/dist/heartbeat/agent-heartbeat-source.js +20 -8
- package/node_modules/@comis/scheduler/dist/index.d.ts +2 -0
- package/node_modules/@comis/scheduler/dist/index.js +2 -0
- package/node_modules/@comis/scheduler/dist/system-events/system-event-types.d.ts +0 -3
- package/node_modules/@comis/scheduler/dist/tasks/task-types.d.ts +0 -17
- package/node_modules/@comis/scheduler/package.json +1 -1
- package/node_modules/@comis/shared/dist/index.d.ts +3 -0
- package/node_modules/@comis/shared/dist/index.js +4 -0
- package/node_modules/@comis/shared/dist/mcp-tool-name.d.ts +78 -0
- package/node_modules/@comis/shared/dist/mcp-tool-name.js +92 -0
- package/node_modules/@comis/shared/dist/silent-tokens.d.ts +38 -0
- package/node_modules/@comis/shared/dist/silent-tokens.js +51 -0
- package/node_modules/@comis/shared/dist/visible-delivery.d.ts +28 -0
- package/node_modules/@comis/shared/dist/visible-delivery.js +16 -0
- package/node_modules/@comis/shared/package.json +1 -1
- package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.d.ts +2 -13
- package/node_modules/@comis/skills/dist/bridge/mcp-tool-bridge.js +3 -21
- package/node_modules/@comis/skills/dist/bridge/schema-validator.d.ts +38 -0
- package/node_modules/@comis/skills/dist/bridge/schema-validator.js +169 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-enforcement.js +12 -0
- package/node_modules/@comis/skills/dist/bridge/tool-metadata-registry.js +133 -3
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.d.ts +32 -0
- package/node_modules/@comis/skills/dist/builtin/exec-diagnostics.js +127 -0
- package/node_modules/@comis/skills/dist/builtin/exec-security.js +38 -0
- package/node_modules/@comis/skills/dist/builtin/exec-tool.d.ts +55 -9
- package/node_modules/@comis/skills/dist/builtin/exec-tool.js +392 -19
- package/node_modules/@comis/skills/dist/builtin/file-tools/grep-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/install-detour.d.ts +67 -0
- package/node_modules/@comis/skills/dist/builtin/install-detour.js +342 -0
- package/node_modules/@comis/skills/dist/builtin/platform/admin-manage-factory.js +5 -5
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.d.ts +7 -6
- package/node_modules/@comis/skills/dist/builtin/platform/agents-manage-tool.js +40 -29
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.d.ts +4 -1
- package/node_modules/@comis/skills/dist/builtin/platform/background-tasks-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/platform/cron-tool.js +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/gateway-tool.js +6 -6
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.d.ts +1 -1
- package/node_modules/@comis/skills/dist/builtin/platform/mcp-manage-tool.js +9 -9
- package/node_modules/@comis/skills/dist/builtin/platform/message-tool.js +18 -0
- package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.d.ts +18 -1
- package/node_modules/@comis/skills/dist/builtin/platform/messaging-factory.js +18 -2
- package/node_modules/@comis/skills/dist/builtin/platform/models-manage-tool.js +3 -3
- package/node_modules/@comis/skills/dist/builtin/process-registry.d.ts +14 -0
- package/node_modules/@comis/skills/dist/builtin/process-tool.d.ts +24 -4
- package/node_modules/@comis/skills/dist/builtin/process-tool.js +25 -7
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.d.ts +11 -0
- package/node_modules/@comis/skills/dist/builtin/sandbox/bwrap-provider.js +123 -1
- package/node_modules/@comis/skills/dist/builtin/sandbox/detect-provider.js +40 -15
- package/node_modules/@comis/skills/dist/index.d.ts +4 -1
- package/node_modules/@comis/skills/dist/index.js +3 -1
- package/node_modules/@comis/skills/dist/manifest/capability-parser.d.ts +44 -0
- package/node_modules/@comis/skills/dist/manifest/capability-parser.js +68 -0
- package/node_modules/@comis/skills/dist/manifest/schema.d.ts +44 -37
- package/node_modules/@comis/skills/dist/manifest/schema.js +35 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.d.ts +7 -0
- package/node_modules/@comis/skills/dist/media/ssrf-fetcher.js +9 -2
- package/node_modules/@comis/skills/dist/registry/discovery.d.ts +8 -0
- package/node_modules/@comis/skills/dist/registry/discovery.js +10 -3
- package/node_modules/@comis/skills/dist/registry/skill-registry.d.ts +45 -1
- package/node_modules/@comis/skills/dist/registry/skill-registry.js +70 -7
- package/node_modules/@comis/skills/package.json +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-detail-71BSbSfD.js → agent-detail-q8t1NB7w.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-editor-CTSDZhwT.js → agent-editor-B46io5gv.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{agent-list-BEhni2ea.js → agent-list-DQ6g2Rcx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{billing-view-DVP1IvVs.js → billing-view-IWPR8LgF.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-detail-N_YK74xC.js → channel-detail-DlNNZuuC.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{channel-list-DRk6ZJaF.js → channel-list-DhGwxiMc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{chat-console-Dm-GtSf9.js → chat-console-Nv6fM3Rc.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{config-editor-CIferYX6.js → config-editor-BYKuJF76.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-dag-browser-CL84rXXM.js → context-dag-browser-ClNEtzYE.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{context-engine-B1HOTEZv.js → context-engine-BZJ6HChd.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{delivery-view-Y6JKYVFw.js → delivery-view-Cb7I3vGu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{diagnostics-view-DWV1UQjz.js → diagnostics-view-9u9Lyu5a.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-chat-message-DfSERzzg.js → ic-chat-message-BFt3cVpx.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-connection-dot-CXyhlJup.js → ic-connection-dot-y77LZ3Gu.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{ic-tool-call-DNmwTjek.js → ic-tool-call-qt6w1NQl.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{index-CBr0Tm9_.js → index-8Tg9oc-C.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{mcp-management-BaH2-vox.js → mcp-management-69dtH_kY.js} +2 -2
- package/node_modules/@comis/web/dist/assets/{media-config-CZLshJoN.js → media-config-BdjLj5c1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{media-test-C9NUWgo_.js → media-test-DuPqrixi.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{memory-inspector-D_fmTcRN.js → memory-inspector-B-Pepbq-.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{message-center-BBFlNCZn.js → message-center-B7l0yNYY.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{models-BytGLm99.js → models-JHFHuv5S.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{observe-view-VXtHqaqq.js → observe-view-r8mqhy4O.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-builder-CfXczlfJ.js → pipeline-builder-XjkiZRcR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-CPmXFnbe.js → pipeline-history-CZqJv_Hj.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-history-detail-DcueTMs9.js → pipeline-history-detail-BEFGMoDy.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-list-B-xG5WZh.js → pipeline-list-B6q5LvO1.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{pipeline-monitor-pnIOYaSY.js → pipeline-monitor-BNomXjVL.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{scheduler-BtUIFHhA.js → scheduler-BJEjcGKA.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{security-C8mWRq2y.js → security-2G1jhBfV.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-detail-DgdkO5ka.js → session-detail-DmVPzFBR.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{session-list-DcylcfTn.js → session-list-CsqMQoHs.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{setup-wizard-BP5yjsuL.js → setup-wizard-CAdM-gSP.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{skills-DXt1bX8Z.js → skills-2ODqKaWr.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{subagents-C7YbUHXY.js → subagents-BFlwfTbD.js} +1 -1
- package/node_modules/@comis/web/dist/assets/{workspace-manager-DP6pW4wa.js → workspace-manager--CbOx_dI.js} +1 -1
- package/node_modules/@comis/web/dist/index.html +1 -1
- package/node_modules/@comis/web/package.json +1 -1
- package/package.json +25 -24
|
@@ -5,8 +5,7 @@
|
|
|
5
5
|
* Provides `comis providers list` for browsing available providers from
|
|
6
6
|
* the live pi-ai catalog (with daemon RPC + local fallback). Status
|
|
7
7
|
* column indicates whether a provider's API key is resolvable from the
|
|
8
|
-
* env (mirrors credential-resolver.ts Source B semantics
|
|
9
|
-
* 260501-2pz).
|
|
8
|
+
* env (mirrors credential-resolver.ts Source B semantics).
|
|
10
9
|
*
|
|
11
10
|
* Mirrors `commands/models.ts` shape -- RPC-first, local catalog
|
|
12
11
|
* fallback, `--format` flag, no `set` subcommand (provider switching
|
|
@@ -64,9 +63,9 @@ async function getModelCount(provider) {
|
|
|
64
63
|
* - `configured` : pi-ai's `getEnvApiKey` resolves a non-empty key
|
|
65
64
|
* - `missing key` : no env key found
|
|
66
65
|
*
|
|
67
|
-
* Mirrors `credential-resolver.ts` Source B semantics
|
|
68
|
-
*
|
|
69
|
-
*
|
|
66
|
+
* Mirrors `credential-resolver.ts` Source B semantics. Status reflects
|
|
67
|
+
* only env-key presence; it does NOT include the key value itself
|
|
68
|
+
* (information-disclosure threat).
|
|
70
69
|
*/
|
|
71
70
|
function getProviderStatus(provider) {
|
|
72
71
|
if (KEYLESS_PROVIDERS.has(provider))
|
|
@@ -99,7 +98,7 @@ export function registerProvidersCommand(program) {
|
|
|
99
98
|
}
|
|
100
99
|
// Sequentially fetch model counts. With ~11-23 providers this
|
|
101
100
|
// is acceptable (single-digit RPC roundtrips). N+1 batching is
|
|
102
|
-
// a v1.5 enhancement (
|
|
101
|
+
// a v1.5 enhancement (DoS disposition: accept).
|
|
103
102
|
const rows = [];
|
|
104
103
|
for (const id of ids) {
|
|
105
104
|
const modelCount = await getModelCount(id);
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* OAuth health check for `comis doctor`.
|
|
3
|
+
*
|
|
4
|
+
* Per-profile diagnostics: JWT decode → expiry + numeric `secsUntilExpiry`;
|
|
5
|
+
* flag profiles expiring < 7 days as warn, expired as fail; surface
|
|
6
|
+
* schema-version mismatch from the file adapter's hard-fail verbatim
|
|
7
|
+
* (`port.list()` returns `err()` whose message already contains the version
|
|
8
|
+
* + remediation hint). Environmental sub-checks: ca-certificates bundle
|
|
9
|
+
* existence with distro-aware install hint, HTTPS_PROXY env-var heuristic
|
|
10
|
+
* (Node's built-in fetch ignores HTTPS_PROXY by default), TLS preflight
|
|
11
|
+
* against `auth.openai.com` (delegates to `runOAuthTlsPreflight`).
|
|
12
|
+
*
|
|
13
|
+
* Optional `--refresh-test` flag (default OFF): exercises a real OAuth
|
|
14
|
+
* refresh against the provider; rotates the refresh token at OpenAI's end
|
|
15
|
+
* as a side effect (--help warns the operator). Doctor does NOT persist
|
|
16
|
+
* the new credentials; the success suggestion warns the stored token is
|
|
17
|
+
* now stale.
|
|
18
|
+
*
|
|
19
|
+
* Storage mode handling: the CLI process cannot bootstrap the encrypted
|
|
20
|
+
* secrets store without `SECRETS_MASTER_KEY`, so when
|
|
21
|
+
* `appConfig.oauth.storage === "encrypted"` the per-profile sub-check
|
|
22
|
+
* returns a single skip finding pointing the operator at the daemon host.
|
|
23
|
+
*
|
|
24
|
+
* NEVER prints `profile.access` or `profile.refresh` in any DoctorFinding
|
|
25
|
+
* field. Identity labels go through `redactEmailForLog`. The token-leakage
|
|
26
|
+
* test in oauth-health.test.ts asserts no `TEST_LEAK_SENTINEL` substring
|
|
27
|
+
* leakage.
|
|
28
|
+
*
|
|
29
|
+
* @module
|
|
30
|
+
*/
|
|
31
|
+
import type { DoctorCheck } from "../types.js";
|
|
32
|
+
/**
|
|
33
|
+
* Doctor check: OAuth subsystem health.
|
|
34
|
+
*
|
|
35
|
+
* Returns 4 baseline sub-checks (per-profile expiry × N + ca-certificates +
|
|
36
|
+
* HTTPS_PROXY + TLS preflight); +N when `context.refreshTest === true`.
|
|
37
|
+
* Never throws — every failure path returns a finding.
|
|
38
|
+
*/
|
|
39
|
+
export declare const oauthHealthCheck: DoctorCheck;
|
|
@@ -0,0 +1,399 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
/**
|
|
3
|
+
* OAuth health check for `comis doctor`.
|
|
4
|
+
*
|
|
5
|
+
* Per-profile diagnostics: JWT decode → expiry + numeric `secsUntilExpiry`;
|
|
6
|
+
* flag profiles expiring < 7 days as warn, expired as fail; surface
|
|
7
|
+
* schema-version mismatch from the file adapter's hard-fail verbatim
|
|
8
|
+
* (`port.list()` returns `err()` whose message already contains the version
|
|
9
|
+
* + remediation hint). Environmental sub-checks: ca-certificates bundle
|
|
10
|
+
* existence with distro-aware install hint, HTTPS_PROXY env-var heuristic
|
|
11
|
+
* (Node's built-in fetch ignores HTTPS_PROXY by default), TLS preflight
|
|
12
|
+
* against `auth.openai.com` (delegates to `runOAuthTlsPreflight`).
|
|
13
|
+
*
|
|
14
|
+
* Optional `--refresh-test` flag (default OFF): exercises a real OAuth
|
|
15
|
+
* refresh against the provider; rotates the refresh token at OpenAI's end
|
|
16
|
+
* as a side effect (--help warns the operator). Doctor does NOT persist
|
|
17
|
+
* the new credentials; the success suggestion warns the stored token is
|
|
18
|
+
* now stale.
|
|
19
|
+
*
|
|
20
|
+
* Storage mode handling: the CLI process cannot bootstrap the encrypted
|
|
21
|
+
* secrets store without `SECRETS_MASTER_KEY`, so when
|
|
22
|
+
* `appConfig.oauth.storage === "encrypted"` the per-profile sub-check
|
|
23
|
+
* returns a single skip finding pointing the operator at the daemon host.
|
|
24
|
+
*
|
|
25
|
+
* NEVER prints `profile.access` or `profile.refresh` in any DoctorFinding
|
|
26
|
+
* field. Identity labels go through `redactEmailForLog`. The token-leakage
|
|
27
|
+
* test in oauth-health.test.ts asserts no `TEST_LEAK_SENTINEL` substring
|
|
28
|
+
* leakage.
|
|
29
|
+
*
|
|
30
|
+
* @module
|
|
31
|
+
*/
|
|
32
|
+
import { stat, readFile } from "node:fs/promises";
|
|
33
|
+
import { selectOAuthCredentialStore, redactEmailForLog, runOAuthTlsPreflight, rewriteOAuthError, } from "@comis/agent";
|
|
34
|
+
import { formatRelativeExpiry } from "../../output/relative-time.js";
|
|
35
|
+
const CATEGORY = "oauth";
|
|
36
|
+
const NEAR_EXPIRY_THRESHOLD_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
|
|
37
|
+
const REFRESH_TEST_TIMEOUT_MS = 10_000;
|
|
38
|
+
const TLS_PREFLIGHT_TIMEOUT_MS = 5_000;
|
|
39
|
+
// Public OpenAI Codex client_id — same value pi-ai uses; using our own
|
|
40
|
+
// would fingerprint Comis traffic in OpenAI's logs.
|
|
41
|
+
const OPENAI_CODEX_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
|
|
42
|
+
const OPENAI_TOKEN_URL = "https://auth.openai.com/oauth/token";
|
|
43
|
+
const CA_BUNDLE_PATHS = [
|
|
44
|
+
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu
|
|
45
|
+
"/etc/ssl/cert.pem", // Alpine, macOS, FreeBSD
|
|
46
|
+
"/etc/pki/tls/certs/ca-bundle.crt", // RHEL/CentOS/Fedora
|
|
47
|
+
"/etc/ssl/ca-bundle.pem", // openSUSE
|
|
48
|
+
];
|
|
49
|
+
/**
|
|
50
|
+
* Doctor check: OAuth subsystem health.
|
|
51
|
+
*
|
|
52
|
+
* Returns 4 baseline sub-checks (per-profile expiry × N + ca-certificates +
|
|
53
|
+
* HTTPS_PROXY + TLS preflight); +N when `context.refreshTest === true`.
|
|
54
|
+
* Never throws — every failure path returns a finding.
|
|
55
|
+
*/
|
|
56
|
+
export const oauthHealthCheck = {
|
|
57
|
+
id: "oauth-health",
|
|
58
|
+
name: "OAuth",
|
|
59
|
+
run: async (context) => {
|
|
60
|
+
const findings = [];
|
|
61
|
+
// Sub-check 1: schema integrity + per-profile expiry (uses port.list())
|
|
62
|
+
findings.push(...(await checkProfiles(context)));
|
|
63
|
+
// Sub-check 2: ca-certificates bundle on disk
|
|
64
|
+
findings.push(await checkCaBundle());
|
|
65
|
+
// Sub-check 3: HTTPS_PROXY env-var heuristic
|
|
66
|
+
findings.push(checkHttpsProxyHeuristic());
|
|
67
|
+
// Sub-check 4: TLS preflight against auth.openai.com
|
|
68
|
+
findings.push(await checkTlsPreflight());
|
|
69
|
+
return findings;
|
|
70
|
+
},
|
|
71
|
+
};
|
|
72
|
+
// ---------------------------------------------------------------------------
|
|
73
|
+
// Sub-check: per-profile expiry + schema-mismatch surfacing
|
|
74
|
+
// ---------------------------------------------------------------------------
|
|
75
|
+
async function checkProfiles(context) {
|
|
76
|
+
const findings = [];
|
|
77
|
+
const storage = (context.config?.oauth?.storage ?? "file");
|
|
78
|
+
if (storage === "encrypted") {
|
|
79
|
+
// CLI cannot bootstrap encrypted store without SECRETS_MASTER_KEY.
|
|
80
|
+
// Surface as skip + operator hint (doctor reads only the active store,
|
|
81
|
+
// does not cross-check inactive).
|
|
82
|
+
return [
|
|
83
|
+
{
|
|
84
|
+
category: CATEGORY,
|
|
85
|
+
check: "Profile store",
|
|
86
|
+
status: "skip",
|
|
87
|
+
message: "OAuth storage mode is 'encrypted' — doctor cannot read profiles from CLI",
|
|
88
|
+
suggestion: "Run doctor on the daemon host (with SECRETS_MASTER_KEY set), " +
|
|
89
|
+
"or set oauth.storage to 'file' to use the plaintext file backend.",
|
|
90
|
+
repairable: false,
|
|
91
|
+
},
|
|
92
|
+
];
|
|
93
|
+
}
|
|
94
|
+
// Open the store using the same selector daemon + auth CLI use.
|
|
95
|
+
let store;
|
|
96
|
+
try {
|
|
97
|
+
store = selectOAuthCredentialStore({
|
|
98
|
+
storage: "file",
|
|
99
|
+
dataDir: context.dataDir,
|
|
100
|
+
});
|
|
101
|
+
}
|
|
102
|
+
catch (e) {
|
|
103
|
+
return [
|
|
104
|
+
{
|
|
105
|
+
category: CATEGORY,
|
|
106
|
+
check: "Profile store",
|
|
107
|
+
status: "fail",
|
|
108
|
+
message: `Failed to open OAuth store: ${e instanceof Error ? e.message : String(e)}`,
|
|
109
|
+
repairable: false,
|
|
110
|
+
},
|
|
111
|
+
];
|
|
112
|
+
}
|
|
113
|
+
// port.list() returns err() with the version-mismatch hint baked into
|
|
114
|
+
// the error message — surface verbatim. NO migration logic.
|
|
115
|
+
const listResult = await store.list();
|
|
116
|
+
if (!listResult.ok) {
|
|
117
|
+
findings.push({
|
|
118
|
+
category: CATEGORY,
|
|
119
|
+
check: "Profile schema",
|
|
120
|
+
status: "fail",
|
|
121
|
+
message: listResult.error.message, // e.g. "version mismatch: ... Hint: delete X and re-run comis auth login"
|
|
122
|
+
repairable: false,
|
|
123
|
+
});
|
|
124
|
+
return findings; // can't iterate profiles after schema-mismatch
|
|
125
|
+
}
|
|
126
|
+
if (listResult.value.length === 0) {
|
|
127
|
+
findings.push({
|
|
128
|
+
category: CATEGORY,
|
|
129
|
+
check: "Profile inventory",
|
|
130
|
+
status: "skip",
|
|
131
|
+
message: "No OAuth profiles stored",
|
|
132
|
+
repairable: false,
|
|
133
|
+
});
|
|
134
|
+
return findings;
|
|
135
|
+
}
|
|
136
|
+
// Per-profile expiry + identity reporting; +refresh-test when opted in.
|
|
137
|
+
for (const profile of listResult.value) {
|
|
138
|
+
findings.push(profileExpiryFinding(profile));
|
|
139
|
+
if (context.refreshTest === true) {
|
|
140
|
+
findings.push(await refreshTestFinding(profile));
|
|
141
|
+
}
|
|
142
|
+
}
|
|
143
|
+
return findings;
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Build a DoctorFinding for a single profile's expiry status.
|
|
147
|
+
*
|
|
148
|
+
* Status ladder:
|
|
149
|
+
* - msUntilExpiry <= 0 → fail (re-login required)
|
|
150
|
+
* - msUntilExpiry < 7d → warn (refresh proactively)
|
|
151
|
+
* - else → pass
|
|
152
|
+
*
|
|
153
|
+
* Always populates the literal numeric field `secsUntilExpiry`.
|
|
154
|
+
* Sign is preserved (negative for already-expired) so consumers can
|
|
155
|
+
* distinguish "expired 1h ago" from "expired 30d ago" without parsing
|
|
156
|
+
* the human-readable message.
|
|
157
|
+
*/
|
|
158
|
+
function profileExpiryFinding(profile) {
|
|
159
|
+
const msUntilExpiry = profile.expires - Date.now();
|
|
160
|
+
const secsUntilExpiry = Math.floor(msUntilExpiry / 1000);
|
|
161
|
+
const identityLabel = redactEmailForLog(profile.email) ?? profile.profileId;
|
|
162
|
+
// CRITICAL: NEVER include profile.access or profile.refresh in any
|
|
163
|
+
// DoctorFinding field. Use only profileId, redacted email, and the
|
|
164
|
+
// expiry timestamp.
|
|
165
|
+
if (msUntilExpiry <= 0) {
|
|
166
|
+
return {
|
|
167
|
+
category: CATEGORY,
|
|
168
|
+
check: `Profile ${profile.profileId}`,
|
|
169
|
+
status: "fail",
|
|
170
|
+
message: `Profile ${profile.profileId} (${identityLabel}) expired ${formatRelativeExpiry(profile.expires)}`,
|
|
171
|
+
suggestion: `Re-authenticate: comis auth login --provider ${profile.provider}`,
|
|
172
|
+
repairable: false,
|
|
173
|
+
secsUntilExpiry,
|
|
174
|
+
};
|
|
175
|
+
}
|
|
176
|
+
if (msUntilExpiry < NEAR_EXPIRY_THRESHOLD_MS) {
|
|
177
|
+
return {
|
|
178
|
+
category: CATEGORY,
|
|
179
|
+
check: `Profile ${profile.profileId}`,
|
|
180
|
+
status: "warn",
|
|
181
|
+
message: `Profile ${profile.profileId} (${identityLabel}) expires in ${formatRelativeExpiry(profile.expires)}`,
|
|
182
|
+
suggestion: `Refresh proactively: comis auth login --provider ${profile.provider}`,
|
|
183
|
+
repairable: false,
|
|
184
|
+
secsUntilExpiry,
|
|
185
|
+
};
|
|
186
|
+
}
|
|
187
|
+
return {
|
|
188
|
+
category: CATEGORY,
|
|
189
|
+
check: `Profile ${profile.profileId}`,
|
|
190
|
+
status: "pass",
|
|
191
|
+
message: `Profile ${profile.profileId} (${identityLabel}) expires in ${formatRelativeExpiry(profile.expires)}`,
|
|
192
|
+
repairable: false,
|
|
193
|
+
secsUntilExpiry,
|
|
194
|
+
};
|
|
195
|
+
}
|
|
196
|
+
/**
|
|
197
|
+
* Run a real OAuth refresh against `auth.openai.com` per profile.
|
|
198
|
+
*
|
|
199
|
+
* Opt-in only (gated by `--refresh-test` flag); --help text in
|
|
200
|
+
* `commands/doctor.ts` warns operator. Doctor does NOT persist the new
|
|
201
|
+
* tokens — subsequent LLM calls will hit refresh_token_reused on the
|
|
202
|
+
* stored (now-stale) token.
|
|
203
|
+
*
|
|
204
|
+
* Duplicates ~30 LoC of refresh-POST machinery from
|
|
205
|
+
* `refreshOpenAICodexTokenLocal`. Per AGENTS.md §2.3 rule of three, two
|
|
206
|
+
* call-sites is below the extraction threshold — duplicate over premature
|
|
207
|
+
* abstraction.
|
|
208
|
+
*
|
|
209
|
+
* NEVER prints `profile.refresh` in any returned finding.
|
|
210
|
+
*/
|
|
211
|
+
async function refreshTestFinding(profile) {
|
|
212
|
+
const identityLabel = redactEmailForLog(profile.email) ?? profile.profileId;
|
|
213
|
+
const body = new URLSearchParams({
|
|
214
|
+
grant_type: "refresh_token",
|
|
215
|
+
refresh_token: profile.refresh,
|
|
216
|
+
client_id: OPENAI_CODEX_CLIENT_ID,
|
|
217
|
+
});
|
|
218
|
+
try {
|
|
219
|
+
const response = await fetch(OPENAI_TOKEN_URL, {
|
|
220
|
+
method: "POST",
|
|
221
|
+
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
222
|
+
body,
|
|
223
|
+
signal: AbortSignal.timeout(REFRESH_TEST_TIMEOUT_MS),
|
|
224
|
+
});
|
|
225
|
+
if (!response.ok) {
|
|
226
|
+
const text = await response.text().catch(() => "");
|
|
227
|
+
let parsed = {};
|
|
228
|
+
try {
|
|
229
|
+
parsed = JSON.parse(text);
|
|
230
|
+
}
|
|
231
|
+
catch {
|
|
232
|
+
// Body wasn't JSON — fall back to status code.
|
|
233
|
+
}
|
|
234
|
+
const classifyMessage = parsed.error_description ?? parsed.error ?? `HTTP ${response.status}`;
|
|
235
|
+
const rewritten = rewriteOAuthError(new Error(classifyMessage));
|
|
236
|
+
return {
|
|
237
|
+
category: CATEGORY,
|
|
238
|
+
check: `Profile ${profile.profileId} refresh test`,
|
|
239
|
+
status: "fail",
|
|
240
|
+
message: `Refresh test for ${identityLabel} failed (${rewritten.errorKind}): ${rewritten.userMessage}`,
|
|
241
|
+
suggestion: rewritten.hint,
|
|
242
|
+
repairable: false,
|
|
243
|
+
};
|
|
244
|
+
}
|
|
245
|
+
// Success: token rotated at OpenAI's end. We are NOT persisting —
|
|
246
|
+
// surface the side effect explicitly.
|
|
247
|
+
return {
|
|
248
|
+
category: CATEGORY,
|
|
249
|
+
check: `Profile ${profile.profileId} refresh test`,
|
|
250
|
+
status: "pass",
|
|
251
|
+
message: `Refresh test for ${identityLabel} succeeded`,
|
|
252
|
+
suggestion: "WARNING: refresh token at OpenAI was rotated. The stored token " +
|
|
253
|
+
"is now stale; the next LLM call will trigger a real refresh.",
|
|
254
|
+
repairable: false,
|
|
255
|
+
};
|
|
256
|
+
}
|
|
257
|
+
catch (e) {
|
|
258
|
+
return {
|
|
259
|
+
category: CATEGORY,
|
|
260
|
+
check: `Profile ${profile.profileId} refresh test`,
|
|
261
|
+
status: "fail",
|
|
262
|
+
message: `Refresh test for ${identityLabel} threw: ${e instanceof Error ? e.message : String(e)}`,
|
|
263
|
+
suggestion: "Check network reachability to auth.openai.com and retry without " +
|
|
264
|
+
"--refresh-test for a pure-local check.",
|
|
265
|
+
repairable: false,
|
|
266
|
+
};
|
|
267
|
+
}
|
|
268
|
+
}
|
|
269
|
+
// ---------------------------------------------------------------------------
|
|
270
|
+
// Sub-check: ca-certificates bundle existence + distro-aware install hint
|
|
271
|
+
// ---------------------------------------------------------------------------
|
|
272
|
+
async function checkCaBundle() {
|
|
273
|
+
for (const p of CA_BUNDLE_PATHS) {
|
|
274
|
+
try {
|
|
275
|
+
await stat(p);
|
|
276
|
+
return {
|
|
277
|
+
category: CATEGORY,
|
|
278
|
+
check: "ca-certificates",
|
|
279
|
+
status: "pass",
|
|
280
|
+
message: `CA bundle present at ${p}`,
|
|
281
|
+
repairable: false,
|
|
282
|
+
};
|
|
283
|
+
}
|
|
284
|
+
catch {
|
|
285
|
+
// Try next path
|
|
286
|
+
}
|
|
287
|
+
}
|
|
288
|
+
const os = await readOsRelease();
|
|
289
|
+
return {
|
|
290
|
+
category: CATEGORY,
|
|
291
|
+
check: "ca-certificates",
|
|
292
|
+
status: "fail",
|
|
293
|
+
message: "No system CA bundle found at any standard location -- TLS verification will fail",
|
|
294
|
+
suggestion: caCertificatesInstallHint(os),
|
|
295
|
+
repairable: false,
|
|
296
|
+
};
|
|
297
|
+
}
|
|
298
|
+
async function readOsRelease(path = "/etc/os-release") {
|
|
299
|
+
try {
|
|
300
|
+
const text = await readFile(path, "utf-8");
|
|
301
|
+
const map = new Map();
|
|
302
|
+
for (const line of text.split("\n")) {
|
|
303
|
+
const m = line.match(/^([A-Z_]+)=(.*)$/);
|
|
304
|
+
if (m)
|
|
305
|
+
map.set(m[1], m[2].replace(/^"|"$/g, ""));
|
|
306
|
+
}
|
|
307
|
+
const id = map.get("ID") ?? "";
|
|
308
|
+
const idLike = (map.get("ID_LIKE") ?? "").split(/\s+/).filter(Boolean);
|
|
309
|
+
return { id, idLike };
|
|
310
|
+
}
|
|
311
|
+
catch {
|
|
312
|
+
return null;
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
function caCertificatesInstallHint(os) {
|
|
316
|
+
if (!os) {
|
|
317
|
+
return "Install ca-certificates via your distro's package manager and retry";
|
|
318
|
+
}
|
|
319
|
+
const idChain = [os.id, ...os.idLike];
|
|
320
|
+
if (idChain.includes("alpine")) {
|
|
321
|
+
return "apk add ca-certificates && update-ca-certificates";
|
|
322
|
+
}
|
|
323
|
+
if (idChain.includes("debian") || idChain.includes("ubuntu")) {
|
|
324
|
+
return "sudo apt-get install -y ca-certificates && sudo update-ca-certificates";
|
|
325
|
+
}
|
|
326
|
+
if (idChain.includes("fedora") ||
|
|
327
|
+
idChain.includes("rhel") ||
|
|
328
|
+
idChain.includes("centos")) {
|
|
329
|
+
return "sudo dnf install -y ca-certificates && sudo update-ca-trust";
|
|
330
|
+
}
|
|
331
|
+
if (idChain.includes("arch")) {
|
|
332
|
+
return "sudo pacman -S ca-certificates && sudo trust extract-compat";
|
|
333
|
+
}
|
|
334
|
+
if (idChain.includes("suse") || idChain.includes("opensuse")) {
|
|
335
|
+
return "sudo zypper install ca-certificates && sudo update-ca-certificates";
|
|
336
|
+
}
|
|
337
|
+
return "Install ca-certificates via your distro's package manager and retry";
|
|
338
|
+
}
|
|
339
|
+
// ---------------------------------------------------------------------------
|
|
340
|
+
// Sub-check: HTTPS_PROXY env-var heuristic
|
|
341
|
+
// ---------------------------------------------------------------------------
|
|
342
|
+
function checkHttpsProxyHeuristic() {
|
|
343
|
+
// eslint-disable-next-line no-restricted-syntax -- CLI bootstrap before SecretManager
|
|
344
|
+
const httpsProxy = process.env["HTTPS_PROXY"] ?? process.env["https_proxy"];
|
|
345
|
+
if (!httpsProxy) {
|
|
346
|
+
return {
|
|
347
|
+
category: CATEGORY,
|
|
348
|
+
check: "HTTPS_PROXY",
|
|
349
|
+
status: "pass",
|
|
350
|
+
message: "HTTPS_PROXY not set (no proxy expected)",
|
|
351
|
+
repairable: false,
|
|
352
|
+
};
|
|
353
|
+
}
|
|
354
|
+
return {
|
|
355
|
+
category: CATEGORY,
|
|
356
|
+
check: "HTTPS_PROXY",
|
|
357
|
+
status: "warn",
|
|
358
|
+
message: `HTTPS_PROXY is set (${httpsProxy}) but Node's built-in fetch ignores it by default`,
|
|
359
|
+
suggestion: "Either install undici and call setGlobalDispatcher(new EnvHttpProxyAgent()) at startup, " +
|
|
360
|
+
"or rely on a system-wide proxy. See docs/operations/proxy.md.",
|
|
361
|
+
repairable: false,
|
|
362
|
+
};
|
|
363
|
+
}
|
|
364
|
+
// ---------------------------------------------------------------------------
|
|
365
|
+
// Sub-check: TLS preflight
|
|
366
|
+
// ---------------------------------------------------------------------------
|
|
367
|
+
async function checkTlsPreflight() {
|
|
368
|
+
const result = await runOAuthTlsPreflight({
|
|
369
|
+
timeoutMs: TLS_PREFLIGHT_TIMEOUT_MS,
|
|
370
|
+
});
|
|
371
|
+
if (result.ok) {
|
|
372
|
+
return {
|
|
373
|
+
category: CATEGORY,
|
|
374
|
+
check: "TLS preflight",
|
|
375
|
+
status: "pass",
|
|
376
|
+
message: "TLS handshake to auth.openai.com succeeded",
|
|
377
|
+
repairable: false,
|
|
378
|
+
};
|
|
379
|
+
}
|
|
380
|
+
if (result.kind === "tls-cert") {
|
|
381
|
+
return {
|
|
382
|
+
category: CATEGORY,
|
|
383
|
+
check: "TLS preflight",
|
|
384
|
+
status: "fail",
|
|
385
|
+
message: `TLS certificate validation failed: ${result.code ?? "unknown"} (${result.message})`,
|
|
386
|
+
suggestion: caCertificatesInstallHint(await readOsRelease()),
|
|
387
|
+
repairable: false,
|
|
388
|
+
};
|
|
389
|
+
}
|
|
390
|
+
return {
|
|
391
|
+
category: CATEGORY,
|
|
392
|
+
check: "TLS preflight",
|
|
393
|
+
status: "warn",
|
|
394
|
+
message: `Network probe to auth.openai.com failed: ${result.message}`,
|
|
395
|
+
suggestion: "Verify DNS, firewall, and proxy settings. Doctor cannot distinguish " +
|
|
396
|
+
"transient failures from persistent network failures.",
|
|
397
|
+
repairable: false,
|
|
398
|
+
};
|
|
399
|
+
}
|
|
@@ -23,6 +23,17 @@ export interface DoctorFinding {
|
|
|
23
23
|
readonly message: string;
|
|
24
24
|
readonly suggestion?: string;
|
|
25
25
|
readonly repairable: boolean;
|
|
26
|
+
/**
|
|
27
|
+
* Numeric seconds until profile expiry.
|
|
28
|
+
*
|
|
29
|
+
* Exposed as a structured numeric so JSON-format consumers (log
|
|
30
|
+
* aggregators, dashboards) can compare it against thresholds without
|
|
31
|
+
* parsing the human-readable `message` string. Only `oauth-health.ts`
|
|
32
|
+
* `profileExpiryFinding` populates this; all other doctor-check findings
|
|
33
|
+
* leave it undefined. Value is `Math.floor(msUntilExpiry / 1000)`
|
|
34
|
+
* (negative for already-expired profiles to preserve sign-of-direction).
|
|
35
|
+
*/
|
|
36
|
+
readonly secsUntilExpiry?: number;
|
|
26
37
|
}
|
|
27
38
|
/**
|
|
28
39
|
* A doctor check that can be executed against a diagnostic context.
|
|
@@ -47,6 +58,14 @@ export interface DoctorContext {
|
|
|
47
58
|
readonly dataDir: string;
|
|
48
59
|
readonly daemonPidFile: string;
|
|
49
60
|
readonly gatewayUrl?: string;
|
|
61
|
+
/**
|
|
62
|
+
* Opt-in refresh-test toggle from the `--refresh-test` flag on
|
|
63
|
+
* `comis doctor`. When true, the OAuth health check performs a real
|
|
64
|
+
* refresh against the provider per profile -- a side effect that rotates
|
|
65
|
+
* the refresh token at OpenAI's end (default OFF; --help warns the
|
|
66
|
+
* operator).
|
|
67
|
+
*/
|
|
68
|
+
readonly refreshTest?: boolean;
|
|
50
69
|
}
|
|
51
70
|
/**
|
|
52
71
|
* Aggregated result of running all doctor checks.
|
|
@@ -21,3 +21,4 @@ export { registerResetCommand } from "./commands/reset.js";
|
|
|
21
21
|
export { registerSignalSetupCommand } from "./commands/signal-setup.js";
|
|
22
22
|
export { registerSecretsCommand } from "./commands/secrets.js";
|
|
23
23
|
export { registerUninstallCommand } from "./commands/uninstall.js";
|
|
24
|
+
export { credentialsStep } from "./wizard/steps/04-credentials.js";
|
|
@@ -25,10 +25,16 @@ export { registerResetCommand } from "./commands/reset.js";
|
|
|
25
25
|
export { registerSignalSetupCommand } from "./commands/signal-setup.js";
|
|
26
26
|
export { registerSecretsCommand } from "./commands/secrets.js";
|
|
27
27
|
export { registerUninstallCommand } from "./commands/uninstall.js";
|
|
28
|
+
// Wizard steps — exported for integration tests in
|
|
29
|
+
// test/integration/oauth-login.test.ts which dynamically imports
|
|
30
|
+
// `credentialsStep` to drive the wizard-state assertion end-to-end
|
|
31
|
+
// against the mock OAuth server.
|
|
32
|
+
export { credentialsStep } from "./wizard/steps/04-credentials.js";
|
|
28
33
|
// ── Dead Export Audit ─────────────────────────────────────────────────
|
|
29
|
-
// Total exports:
|
|
30
|
-
// Exports with external consumers:
|
|
34
|
+
// Total exports: 30 (29 value, 1 type)
|
|
35
|
+
// Exports with external consumers: 2
|
|
31
36
|
// - withClient (test/integration/env-vars-unit.test.ts, test/integration/env-vars-daemon.test.ts)
|
|
37
|
+
// - credentialsStep (consumed by test/integration/oauth-login.test.ts)
|
|
32
38
|
// Exports with zero external consumers: 28
|
|
33
39
|
// All register* command exports and output utilities are consumed only by the CLI's
|
|
34
40
|
// own main.ts binary (not importable as @comis/cli by other packages).
|
|
@@ -37,7 +43,7 @@ export { registerUninstallCommand } from "./commands/uninstall.js";
|
|
|
37
43
|
// Types (1):
|
|
38
44
|
// RpcClient
|
|
39
45
|
//
|
|
40
|
-
// Values (
|
|
46
|
+
// Values (29):
|
|
41
47
|
// createRpcClient, withClient, success, error, warn, info, json,
|
|
42
48
|
// renderTable, renderKeyValue, withSpinner, registerDaemonCommand,
|
|
43
49
|
// registerConfigCommand, registerAgentCommand, registerChannelCommand,
|
|
@@ -45,4 +51,4 @@ export { registerUninstallCommand } from "./commands/uninstall.js";
|
|
|
45
51
|
// registerInitCommand, registerConfigureCommand, registerStatusCommand,
|
|
46
52
|
// registerHealthCommand, registerModelsCommand, registerPm2Command,
|
|
47
53
|
// registerSessionsCommand, registerResetCommand, registerSignalSetupCommand,
|
|
48
|
-
// registerSecretsCommand
|
|
54
|
+
// registerSecretsCommand, credentialsStep
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Relative-time formatter for OAuth expiry rendering.
|
|
3
|
+
*
|
|
4
|
+
* Produces compact strings like "5m", "27d", or "expired" for UI tables.
|
|
5
|
+
* Used by `comis auth list` (expiresIn column) and `comis auth status`
|
|
6
|
+
* (per-provider nextExpiry field).
|
|
7
|
+
*
|
|
8
|
+
* Branches:
|
|
9
|
+
* - delta <= 0 → "expired"
|
|
10
|
+
* - delta < 1h → "<m>m" (e.g., "5m", "32m")
|
|
11
|
+
* - 1h <= delta < 1d → "<h>h"
|
|
12
|
+
* - delta >= 1d → "<d>d"
|
|
13
|
+
*
|
|
14
|
+
* @module
|
|
15
|
+
*/
|
|
16
|
+
/**
|
|
17
|
+
* Format the time-until-expiry for an absolute epoch-ms expiry timestamp.
|
|
18
|
+
*
|
|
19
|
+
* @param expiresAtMs - Absolute epoch-ms when the credential expires
|
|
20
|
+
* @param now - Reference "now" (defaulted to Date.now() — overridable for tests)
|
|
21
|
+
* @returns "expired" | "<n>m" | "<n>h" | "<n>d"
|
|
22
|
+
*/
|
|
23
|
+
export declare function formatRelativeExpiry(expiresAtMs: number, now?: number): string;
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
/**
|
|
3
|
+
* Relative-time formatter for OAuth expiry rendering.
|
|
4
|
+
*
|
|
5
|
+
* Produces compact strings like "5m", "27d", or "expired" for UI tables.
|
|
6
|
+
* Used by `comis auth list` (expiresIn column) and `comis auth status`
|
|
7
|
+
* (per-provider nextExpiry field).
|
|
8
|
+
*
|
|
9
|
+
* Branches:
|
|
10
|
+
* - delta <= 0 → "expired"
|
|
11
|
+
* - delta < 1h → "<m>m" (e.g., "5m", "32m")
|
|
12
|
+
* - 1h <= delta < 1d → "<h>h"
|
|
13
|
+
* - delta >= 1d → "<d>d"
|
|
14
|
+
*
|
|
15
|
+
* @module
|
|
16
|
+
*/
|
|
17
|
+
const MS_PER_MIN = 60_000;
|
|
18
|
+
const MS_PER_HOUR = 60 * MS_PER_MIN;
|
|
19
|
+
const MS_PER_DAY = 24 * MS_PER_HOUR;
|
|
20
|
+
/**
|
|
21
|
+
* Format the time-until-expiry for an absolute epoch-ms expiry timestamp.
|
|
22
|
+
*
|
|
23
|
+
* @param expiresAtMs - Absolute epoch-ms when the credential expires
|
|
24
|
+
* @param now - Reference "now" (defaulted to Date.now() — overridable for tests)
|
|
25
|
+
* @returns "expired" | "<n>m" | "<n>h" | "<n>d"
|
|
26
|
+
*/
|
|
27
|
+
export function formatRelativeExpiry(expiresAtMs, now = Date.now()) {
|
|
28
|
+
const delta = expiresAtMs - now;
|
|
29
|
+
if (delta <= 0)
|
|
30
|
+
return "expired";
|
|
31
|
+
if (delta < MS_PER_HOUR)
|
|
32
|
+
return `${Math.floor(delta / MS_PER_MIN)}m`;
|
|
33
|
+
if (delta < MS_PER_DAY)
|
|
34
|
+
return `${Math.floor(delta / MS_PER_HOUR)}h`;
|
|
35
|
+
return `${Math.floor(delta / MS_PER_DAY)}d`;
|
|
36
|
+
}
|
|
@@ -56,12 +56,21 @@ export function validateNonInteractiveOptions(opts) {
|
|
|
56
56
|
if (!opts.provider || opts.provider.trim().length === 0) {
|
|
57
57
|
throw new NonInteractiveError("--provider is required in non-interactive mode", "provider");
|
|
58
58
|
}
|
|
59
|
+
// openai-codex requires interactive OAuth login (browser callback,
|
|
60
|
+
// device-code prompt, or manual paste). Non-interactive mode has no
|
|
61
|
+
// way to drive the OAuth flow, so reject up front with a clear hint
|
|
62
|
+
// pointing at `comis auth login --method device-code`. Placed BEFORE
|
|
63
|
+
// the soft "unknown provider" warning so the literal error fires
|
|
64
|
+
// even though openai-codex IS in the pi-ai catalog.
|
|
65
|
+
if (opts.provider === "openai-codex") {
|
|
66
|
+
throw new NonInteractiveError("openai-codex requires interactive login; run `comis init` interactively or run `comis auth login --provider openai-codex --method device-code` separately.", "provider");
|
|
67
|
+
}
|
|
59
68
|
// Soft validation: warn for unknown providers but do not throw.
|
|
60
|
-
// Daemon-side guards (
|
|
61
|
-
//
|
|
62
|
-
//
|
|
63
|
-
//
|
|
64
|
-
//
|
|
69
|
+
// Daemon-side guards (credential-resolver, builtin-provider-guard)
|
|
70
|
+
// catch genuinely-invalid providers downstream when the agent
|
|
71
|
+
// attempts to use the config. This loosening enables forward compat
|
|
72
|
+
// when a new pi-ai version adds a provider before comis releases.
|
|
73
|
+
// The "custom" provider is always allowed (synthetic).
|
|
65
74
|
if (opts.provider !== "custom") {
|
|
66
75
|
try {
|
|
67
76
|
const catalog = createModelCatalog();
|
|
@@ -160,9 +169,9 @@ export function buildNonInteractiveState(opts) {
|
|
|
160
169
|
};
|
|
161
170
|
// Model selection -- delegate to daemon when not specified.
|
|
162
171
|
// The literal "default" is resolved at agent-execution time via the
|
|
163
|
-
// pi-ai catalog (builtin-provider-guard.ts:45 baseUrl pattern).
|
|
164
|
-
//
|
|
165
|
-
//
|
|
172
|
+
// pi-ai catalog (builtin-provider-guard.ts:45 baseUrl pattern). The
|
|
173
|
+
// previous hardcoded provider->model map was removed -- the daemon
|
|
174
|
+
// decides at runtime.
|
|
166
175
|
const model = opts.model ?? "default";
|
|
167
176
|
// Channel configs
|
|
168
177
|
const channels = [];
|
|
@@ -37,7 +37,8 @@ import { loadProvidersWithFallback } from "../../client/provider-list.js";
|
|
|
37
37
|
*/
|
|
38
38
|
const PROVIDER_UI_HINTS = {
|
|
39
39
|
anthropic: { label: "Anthropic (Claude)", hint: "Recommended for agents", category: "recommended" },
|
|
40
|
-
openai: { label: "OpenAI (GPT)", hint: "GPT-4o, o1, o3
|
|
40
|
+
openai: { label: "OpenAI (GPT)", hint: "GPT-4o, o1, o3 — API key (pay per token)", category: "recommended" },
|
|
41
|
+
"openai-codex": { label: "OpenAI Codex", hint: "ChatGPT/Codex subscription — OAuth login", category: "recommended" },
|
|
41
42
|
google: { label: "Google (Gemini)", hint: "Gemini models", category: "other" },
|
|
42
43
|
groq: { label: "Groq", hint: "Fast inference (Llama, Mixtral)", category: "other" },
|
|
43
44
|
mistral: { label: "Mistral", hint: "Mistral models", category: "other" },
|