npm - create-byan-agent - Versions diffs - 2.14.1 → 2.16.1 - Mend

create-byan-agent 2.14.1 → 2.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/install/GUIDE-INSTALLATION-BYAN-SIMPLE.md +40 -0
package/install/bin/create-byan-agent-v2.js +9 -0
package/install/lib/mcp-extensions/gdrive.js +256 -0
package/install/lib/mcp-extensions/index.js +147 -0
package/install/package.json +1 -1
package/install/packages/platform-config/lib/mcp-config.js +107 -8
package/install/templates/.claude/agents/bmad-byan.md +1 -1
package/install/templates/.claude/hooks/fd-phase-guard.js +35 -1
package/install/templates/.claude/skills/byan-byan/SKILL.md +72 -14
package/install/templates/_byan/agents/byan.md +1 -1
package/install/templates/_byan/mcp/byan-mcp-server/lib/fd-state.js +59 -7
package/install/templates/_byan/mcp/byan-mcp-server/server.js +16 -4
package/install/templates/_byan/workflows/byan/feature-workflow.md +145 -20
package/package.json +1 -1
package/update-byan-agent/__tests__/migrate-mcp-config.test.js +74 -24
package/update-byan-agent/lib/migrate-mcp-config.js +33 -27

package/update-byan-agent/__tests__/migrate-mcp-config.test.js CHANGED Viewed

@@ -13,6 +13,7 @@ const fs   = require('fs-extra');
 // Module under test (loaded once; all I/O goes to tmpdir per test)
 const { runMigration } = require('../lib/migrate-mcp-config');
+const { mcpConfig: { TOKEN_PLACEHOLDER } } = require('byan-platform-config');
 // ──────────────────────────────────────────────────────────────────────────────
 // Helpers
@@ -69,16 +70,16 @@ test('returns no-byan-server if .mcp.json has other servers but no byan entry',
 });
 // ──────────────────────────────────────────────────────────────────────────────
-// Test 3 — byan entry already has token and URL without /api suffix → already-ok
+// Test 3 — byan entry already has placeholder + clean URL → already-ok
 // ──────────────────────────────────────────────────────────────────────────────
-test('returns already-ok if byan entry has token and no /api suffix', async () => {
+test('returns already-ok if byan entry has no BYAN_API_TOKEN (token belongs in .env / settings.local.json)', async () => {
   const dir = await makeTmp();
   await writeMcp(dir, {
     mcpServers: {
       byan: {
         command: 'node',
         args:    ['_byan/mcp/byan-mcp-server/server.js'],
-        env:     { BYAN_API_URL: 'https://api.byan.io', BYAN_API_TOKEN: 'byan_tok' },
+        env:     { BYAN_API_URL: 'https://api.byan.io' },
       },
     },
   });
@@ -91,7 +92,7 @@ test('returns already-ok if byan entry has token and no /api suffix', async () =
 // ──────────────────────────────────────────────────────────────────────────────
 // Test 4 — needs token but .env + settings.local.json both empty → no-token-available
 // ──────────────────────────────────────────────────────────────────────────────
-test('returns no-token-available if .mcp.json needs token but sources are empty', async () => {
+test('returns already-ok if .mcp.json has no BYAN_API_TOKEN (token absence is now the desired state)', async () => {
   const dir = await makeTmp();
   await writeMcp(dir, {
     mcpServers: {
@@ -99,23 +100,19 @@ test('returns no-token-available if .mcp.json needs token but sources are empty'
         command: 'node',
         args:    ['_byan/mcp/byan-mcp-server/server.js'],
         env:     { BYAN_API_URL: 'https://api.byan.io' },
-        // no BYAN_API_TOKEN
       },
     },
   });
-  // no .env, no settings.local.json
   const result = await runMigration(dir);
   expect(result.migrated).toBe(false);
-  expect(result.reason).toBe('no-token-available');
-  expect(typeof result.hint).toBe('string');
-  expect(result.hint.length).toBeGreaterThan(0);
+  expect(result.reason).toBe('already-ok');
   await fs.remove(dir);
 });
 // ──────────────────────────────────────────────────────────────────────────────
 // Test 5 — migrates successfully: token from .env
 // ──────────────────────────────────────────────────────────────────────────────
-test('migrates: token from .env → .mcp.json env.BYAN_API_TOKEN', async () => {
+test('with token already absent in .mcp.json + .env populated: no-op (already-ok), .env preserved untouched', async () => {
   const dir = await makeTmp();
   await writeMcp(dir, {
     mcpServers: {
@@ -129,19 +126,18 @@ test('migrates: token from .env → .mcp.json env.BYAN_API_TOKEN', async () => {
   await writeDotenv(dir, 'BYAN_API_TOKEN=byan_from_dotenv\n');
   const result = await runMigration(dir);
-  expect(result.migrated).toBe(true);
-  expect(result.reason).toBe('healed');
-  expect(result.changes.length).toBeGreaterThanOrEqual(1);
+  expect(result.migrated).toBe(false);
+  expect(result.reason).toBe('already-ok');
-  const written = await readMcp(dir);
-  expect(written.mcpServers.byan.env.BYAN_API_TOKEN).toBe('byan_from_dotenv');
+  const dotenvAfter = await fs.readFile(path.join(dir, '.env'), 'utf8');
+  expect(dotenvAfter).toBe('BYAN_API_TOKEN=byan_from_dotenv\n');
   await fs.remove(dir);
 });
 // ──────────────────────────────────────────────────────────────────────────────
 // Test 6 — migrates successfully: token from .claude/settings.local.json fallback
 // ──────────────────────────────────────────────────────────────────────────────
-test('migrates: token from settings.local.json fallback', async () => {
+test('with token in settings.local.json + absent from .mcp.json: no-op (already-ok), settings preserved', async () => {
   const dir = await makeTmp();
   await writeMcp(dir, {
     mcpServers: {
@@ -152,22 +148,20 @@ test('migrates: token from settings.local.json fallback', async () => {
       },
     },
   });
-  // no .env, token in settings.local.json
   await writeSettingsLocal(dir, { env: { BYAN_API_TOKEN: 'byan_from_settings' } });
   const result = await runMigration(dir);
-  expect(result.migrated).toBe(true);
-  expect(result.reason).toBe('healed');
-  const written = await readMcp(dir);
-  expect(written.mcpServers.byan.env.BYAN_API_TOKEN).toBe('byan_from_settings');
+  expect(result.migrated).toBe(false);
+  expect(result.reason).toBe('already-ok');
+  const settings = await fs.readJson(path.join(dir, '.claude', 'settings.local.json'));
+  expect(settings.env.BYAN_API_TOKEN).toBe('byan_from_settings');
   await fs.remove(dir);
 });
 // ──────────────────────────────────────────────────────────────────────────────
 // Test 7 — strips /api suffix from BYAN_API_URL
 // ──────────────────────────────────────────────────────────────────────────────
-test('strips /api suffix from BYAN_API_URL', async () => {
+test('strips /api suffix and extracts clear token to .env (token removed from .mcp.json)', async () => {
   const dir = await makeTmp();
   await writeMcp(dir, {
     mcpServers: {
@@ -184,7 +178,60 @@ test('strips /api suffix from BYAN_API_URL', async () => {
   const written = await readMcp(dir);
   expect(written.mcpServers.byan.env.BYAN_API_URL).toBe('https://api.byan.io');
-  expect(written.mcpServers.byan.env.BYAN_API_TOKEN).toBe('byan_tok');
+  expect(written.mcpServers.byan.env.BYAN_API_TOKEN).toBeUndefined();
+  const dotenvContent = await fs.readFile(path.join(dir, '.env'), 'utf8');
+  expect(dotenvContent).toContain('BYAN_API_TOKEN=byan_tok');
+  const raw = await fs.readFile(path.join(dir, '.mcp.json'), 'utf8');
+  expect(raw).not.toContain('byan_tok');
+  await fs.remove(dir);
+});
+test('extracts clear token from .mcp.json into .env and removes it from .mcp.json (security migration)', async () => {
+  const dir = await makeTmp();
+  await writeMcp(dir, {
+    mcpServers: {
+      byan: {
+        command: 'node',
+        args:    ['_byan/mcp/byan-mcp-server/server.js'],
+        env:     { BYAN_API_URL: 'https://api.byan.io', BYAN_API_TOKEN: 'byan_leaked_in_clear' },
+      },
+    },
+  });
+  const result = await runMigration(dir);
+  expect(result.migrated).toBe(true);
+  expect(result.reason).toBe('healed');
+  expect(result.changes.some((c) => /extracted/i.test(c))).toBe(true);
+  const written = await readMcp(dir);
+  expect(written.mcpServers.byan.env.BYAN_API_TOKEN).toBeUndefined();
+  const raw = await fs.readFile(path.join(dir, '.mcp.json'), 'utf8');
+  expect(raw).not.toContain('byan_leaked_in_clear');
+  const dotenvContent = await fs.readFile(path.join(dir, '.env'), 'utf8');
+  expect(dotenvContent).toContain('BYAN_API_TOKEN=byan_leaked_in_clear');
+  await fs.remove(dir);
+});
+test('removes ${BYAN_API_TOKEN} placeholder from .mcp.json (no value to extract)', async () => {
+  const dir = await makeTmp();
+  await writeMcp(dir, {
+    mcpServers: {
+      byan: {
+        command: 'node',
+        args:    ['_byan/mcp/byan-mcp-server/server.js'],
+        env:     { BYAN_API_URL: 'https://api.byan.io', BYAN_API_TOKEN: TOKEN_PLACEHOLDER },
+      },
+    },
+  });
+  const result = await runMigration(dir);
+  expect(result.migrated).toBe(true);
+  expect(result.reason).toBe('healed');
+  const written = await readMcp(dir);
+  expect(written.mcpServers.byan.env.BYAN_API_TOKEN).toBeUndefined();
   await fs.remove(dir);
 });
@@ -215,6 +262,9 @@ test('dry-run: does not write .mcp.json but returns changes', async () => {
   const afterMcp = await readMcp(dir);
   expect(afterMcp.mcpServers.byan.env.BYAN_API_URL).toBe('https://api.byan.io/api');
   expect(afterMcp.mcpServers.byan.env.BYAN_API_TOKEN).toBeUndefined();
+  // .env must NOT have been touched on dry-run either
+  const dotenvAfter = await fs.readFile(path.join(dir, '.env'), 'utf8');
+  expect(dotenvAfter).toBe('BYAN_API_TOKEN=byan_dryrun_tok\n');
   await fs.remove(dir);
 });

package/update-byan-agent/lib/migrate-mcp-config.js CHANGED Viewed

@@ -1,16 +1,20 @@
 /**
  * migrate-mcp-config — self-healing migration for pre-fix BYAN installs.
  *
- * Injects BYAN_API_TOKEN into .mcp.json env block if absent, and strips the
- * legacy /api suffix from BYAN_API_URL. Uses byan-platform-config primitives
- * exclusively; no duplicated logic here.
+ * Heals three drift cases on .mcp.json:
+ *   1. token missing       → injects ${BYAN_API_TOKEN} placeholder
+ *   2. url has /api suffix → strips it
+ *   3. token in clear      → extracts to .env and replaces with placeholder
+ *                            (security fix from BYAN >=2.16.0)
+ *
+ * Uses byan-platform-config primitives exclusively; no duplicated logic here.
  */
 const chalk = require('chalk');
 const ora = require('ora');
 const {
-  mcpConfig: { readMcpConfig, ensureMcpConfig },
-  envConfig:  { readEnvToken },
+  mcpConfig: { readMcpConfig, ensureMcpConfig, TOKEN_PLACEHOLDER },
+  envConfig:  { readEnvToken, updateDotenv },
   urlUtils:   { stripApiSuffix },
 } = require('byan-platform-config');
@@ -65,32 +69,27 @@ async function runMigration(projectRoot, { dryRun = false, verbose = false } = {
   stopSpinner(chalk.gray('.mcp.json lu'), true);
   // 3. Diagnose
-  const tokenMissing   = !byan.env || !byan.env.BYAN_API_TOKEN;
-  const urlHasApiSuffix = /\/api\/?$/.test(byan.env && byan.env.BYAN_API_URL || '');
+  const currentToken      = (byan.env && byan.env.BYAN_API_TOKEN) || '';
+  const tokenIsPlaceholder = currentToken === TOKEN_PLACEHOLDER;
+  const tokenInClear      = !!currentToken && !tokenIsPlaceholder;
+  const tokenIsLegacy     = !!currentToken; // any non-empty value is legacy: token must not live in .mcp.json
+  const urlHasApiSuffix   = /\/api\/?$/.test(byan.env && byan.env.BYAN_API_URL || '');
   // 4. Nothing to do?
-  if (!tokenMissing && !urlHasApiSuffix) {
-    log(chalk.green('  .mcp.json est deja a jour (token present, URL correcte)'));
+  if (!tokenIsLegacy && !urlHasApiSuffix) {
+    log(chalk.green('  .mcp.json est deja a jour (token absent du fichier, URL correcte)'));
     return { migrated: false, reason: 'already-ok' };
   }
   const changes = [];
-  // 5. Resolve token
-  let token = byan.env && byan.env.BYAN_API_TOKEN; // may already exist (url-only fix)
-  if (tokenMissing) {
-    startSpinner('Recherche BYAN_API_TOKEN (.env / settings.local.json)...');
-    token = await readEnvToken(projectRoot);
-    if (!token) {
-      stopSpinner(chalk.yellow('Token introuvable'), false);
-      return {
-        migrated: false,
-        reason:   'no-token-available',
-        hint:     'Re-run npx create-byan-agent to prompt for a token',
-      };
-    }
-    stopSpinner(chalk.green('Token trouve'), true);
-    changes.push('BYAN_API_TOKEN injected into .mcp.json env');
+  let extractedClearToken = null;
+  // 5. Detect a clear-text token to relocate to .env
+  if (tokenInClear) {
+    extractedClearToken = currentToken;
+    changes.push('BYAN_API_TOKEN extracted from .mcp.json (clear) into .env, removed from .mcp.json');
+  } else if (tokenIsPlaceholder) {
+    changes.push('BYAN_API_TOKEN placeholder removed from .mcp.json (token now resolved via settings.local.json env)');
   }
   // 6. Resolve URL
@@ -108,9 +107,16 @@ async function runMigration(projectRoot, { dryRun = false, verbose = false } = {
     return { migrated: false, reason: 'dry-run', changes };
   }
-  // 8. Apply via ensureMcpConfig
+  // 8. Apply
   startSpinner('Application de la migration...');
-  await ensureMcpConfig(projectRoot, { apiUrl: cleanUrl || existingUrl, token });
+  if (extractedClearToken) {
+    const existingDotenvToken = await readEnvToken(projectRoot);
+    if (!existingDotenvToken || existingDotenvToken !== extractedClearToken) {
+      await updateDotenv(projectRoot, { BYAN_API_TOKEN: extractedClearToken });
+    }
+  }
+  // ensureMcpConfig always strips BYAN_API_TOKEN from .mcp.json (security)
+  await ensureMcpConfig(projectRoot, { apiUrl: cleanUrl || existingUrl });
   stopSpinner(chalk.green('.mcp.json migre avec succes'), true);
   // 9. Return result