ei-tui 0.1.20 → 0.1.22

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ei-tui",
-  "version": "0.1.20",
+  "version": "0.1.22",
   "author": "Flare576",
   "repository": {
     "type": "git",

package/src/core/orchestrators/human-extraction.ts

@@ -49,7 +49,13 @@ export function queueFactScan(context: ExtractionContext, state: StateManager, o
   const { chunks } = chunkExtractionContext(context, getExtractionMaxTokens(state));
   
   if (chunks.length === 0) return 0;
-  
+
+  // Pre-mark messages before enqueuing — prevents duplicate scans if the
+  // queue check fires again during LLM latency (100ms loop × 5s call = 50 dupes)
+  for (const chunk of chunks) {
+    state.messages_markExtracted(chunk.personaId, chunk.messages_analyze.map(m => m.id), "f");
+  }
+
   for (const chunk of chunks) {
     const prompt = buildHumanFactScanPrompt({
       persona_name: chunk.personaDisplayName,
@@ -73,7 +79,7 @@ export function queueFactScan(context: ExtractionContext, state: StateManager, o
       },
     });
   }
-  
+
   return chunks.length;
 }
 
@@ -113,7 +119,13 @@ export function queueTopicScan(context: ExtractionContext, state: StateManager,
   const { chunks } = chunkExtractionContext(context, getExtractionMaxTokens(state));
   
   if (chunks.length === 0) return 0;
-  
+
+  // Pre-mark messages before enqueuing — prevents duplicate scans if the
+  // queue check fires again during LLM latency (100ms loop × 5s call = 50 dupes)
+  for (const chunk of chunks) {
+    state.messages_markExtracted(chunk.personaId, chunk.messages_analyze.map(m => m.id), "p");
+  }
+
   for (const chunk of chunks) {
     const prompt = buildHumanTopicScanPrompt({
       persona_name: chunk.personaDisplayName,
@@ -137,7 +149,7 @@ export function queueTopicScan(context: ExtractionContext, state: StateManager,
       },
     });
   }
-  
+
   return chunks.length;
 }
 
@@ -145,8 +157,12 @@ export function queuePersonScan(context: ExtractionContext, state: StateManager,
   const { chunks } = chunkExtractionContext(context, getExtractionMaxTokens(state));
   
   if (chunks.length === 0) return 0;
-  
 
+  // Pre-mark messages before enqueuing — prevents duplicate scans if the
+  // queue check fires again during LLM latency (100ms loop × 5s call = 50 dupes)
+  for (const chunk of chunks) {
+    state.messages_markExtracted(chunk.personaId, chunk.messages_analyze.map(m => m.id), "o");
+  }
 
   for (const chunk of chunks) {
     const prompt = buildHumanPersonScanPrompt({
@@ -171,7 +187,7 @@ export function queuePersonScan(context: ExtractionContext, state: StateManager,
       },
     });
   }
-  
+
   return chunks.length;
 }
 

package/src/core/processor.ts

@@ -509,6 +509,66 @@ export class Processor {
         max_calls_per_interaction: 3,
       });
     }
+
+    // --- Spotify provider ---
+    if (!this.stateManager.tools_getProviderById("spotify")) {
+      const spotifyProvider: ToolProvider = {
+        id: "spotify",
+        name: "spotify",
+        display_name: "Spotify",
+        description:
+          "Access your Spotify playback and music library. Connect via Settings → Tool Kits → Spotify.",
+        builtin: true,
+        config: { spotify_refresh_token: "" },
+        enabled: false,
+        created_at: now,
+      };
+      this.stateManager.tools_addProvider(spotifyProvider);
+    }
+
+    // get_currently_playing
+    if (!this.stateManager.tools_getByName("get_currently_playing")) {
+      this.stateManager.tools_add({
+        id: crypto.randomUUID(),
+        provider_id: "spotify",
+        name: "get_currently_playing",
+        display_name: "Currently Playing",
+        description:
+          "Get the song currently playing on the user's Spotify. Returns artist, title, album, playback state, and progress. Returns nothing_playing if nothing is active.",
+        input_schema: {
+          type: "object",
+          properties: {},
+          required: [],
+        },
+        runtime: "any",
+        builtin: true,
+        enabled: true,
+        created_at: now,
+        max_calls_per_interaction: 3,
+      });
+    }
+
+    // get_liked_songs
+    if (!this.stateManager.tools_getByName("get_liked_songs")) {
+      this.stateManager.tools_add({
+        id: crypto.randomUUID(),
+        provider_id: "spotify",
+        name: "get_liked_songs",
+        display_name: "Liked Songs",
+        description:
+          "Get the user's full Spotify liked songs library. Returns an array of { artist, title, added_at }. Results are cached for 30 minutes. Ask the user before calling — it may return thousands of tracks.",
+        input_schema: {
+          type: "object",
+          properties: {},
+          required: [],
+        },
+        runtime: "any",
+        builtin: true,
+        enabled: true,
+        created_at: now,
+        max_calls_per_interaction: 1,
+      });
+    }
   }
 
   async stop(): Promise<void> {
@@ -661,6 +721,14 @@ const toolNextSteps = new Set([
                 rawMessageFetcher: (pName) => this.stateManager.messages_get(pName),
                 tools: tools.length > 0 ? tools : undefined,
                 onEnqueue: (req) => this.stateManager.queue_enqueue(req),
+                onProviderConfigUpdate: (providerId, updates) => {
+                  const provider = this.stateManager.tools_getProviderById(providerId);
+                  if (provider) {
+                    this.stateManager.tools_updateProvider(providerId, {
+                      config: { ...provider.config, ...updates },
+                    });
+                  }
+                },
               }
             );
 

package/src/core/queue-processor.ts

@@ -35,6 +35,11 @@ export interface QueueProcessorStartOptions {
    * Injected by Processor pointing to stateManager.queue_enqueue.
    */
   onEnqueue?: EnqueueCallback;
+  /**
+   * Called when a tool executor updates its provider config (e.g. Spotify refresh token rotation).
+   * Injected by Processor to persist the updated config back to storage.
+   */
+  onProviderConfigUpdate?: (providerId: string, updates: Record<string, string>) => void;
 }
 
 export class QueueProcessor {
@@ -46,6 +51,7 @@ export class QueueProcessor {
   private currentRawMessageFetcher: RawMessageFetcher | undefined;
   private currentTools: ToolDefinition[] | undefined;
   private currentOnEnqueue: EnqueueCallback | undefined;
+  private currentOnProviderConfigUpdate: ((providerId: string, updates: Record<string, string>) => void) | undefined;
 
   getState(): QueueProcessorState {
     return this.state;
@@ -63,6 +69,7 @@ export class QueueProcessor {
     this.currentRawMessageFetcher = options?.rawMessageFetcher;
     this.currentTools = options?.tools;
     this.currentOnEnqueue = options?.onEnqueue;
+    this.currentOnProviderConfigUpdate = options?.onProviderConfigUpdate;
     this.abortController = new AbortController();
 
     this.processRequest(request)
@@ -95,6 +102,7 @@ export class QueueProcessor {
       this.currentRawMessageFetcher = undefined;
       this.currentTools = undefined;
       this.currentOnEnqueue = undefined;
+      this.currentOnProviderConfigUpdate = undefined;
       this.abortController = null;
     });
   }
@@ -182,7 +190,7 @@ export class QueueProcessor {
             appendedHistory.push(assistantMessage as unknown as LLMHistoryMessage);
           }
 
-          const { results } = await executeToolCalls(toolCalls, activeTools, callCounts, totalCalls);
+          const { results } = await executeToolCalls(toolCalls, activeTools, callCounts, totalCalls, this.currentOnProviderConfigUpdate);
           for (const result of results) {
             appendedHistory.push({
               role: "tool",
@@ -226,7 +234,7 @@ export class QueueProcessor {
       // LLM stopped — parse and return.
       // If JSON parse fails, attempt a single reformat pass: treat the prose as
       // a tool result and ask the same model to convert it to the required JSON shape.
-      const firstAttempt = this.handleResponseType(request, content ?? "", finishReason);
+      const firstAttempt = await this.handleResponseType(request, content ?? "", finishReason);
       if (!firstAttempt.success && content) {
         console.log(`[QueueProcessor] HandleToolContinuation: JSON parse failed — attempting reformat pass`);
         const reformatResult = await this.attemptReformat(request, messages, content);
@@ -275,7 +283,7 @@ export class QueueProcessor {
 
       const callCounts = new Map<string, number>();
       const totalCalls = { count: 0 };
-      const { results } = await executeToolCalls(toolCalls, activeTools, callCounts, totalCalls);
+      const { results } = await executeToolCalls(toolCalls, activeTools, callCounts, totalCalls, this.currentOnProviderConfigUpdate);
 
       for (const result of results) {
         toolHistory.push({
@@ -338,11 +346,11 @@ export class QueueProcessor {
     return this.handleResponseType(request, content ?? "", finishReason);
   }
 
-  private handleResponseType(
+  private async handleResponseType(
     request: LLMRequest,
     content: string,
     finishReason: string | null
-  ): LLMResponse {
+  ): Promise<LLMResponse> {
     const cleanedContent = cleanResponseContent(content);
     switch (request.type) {
       case "json" as LLMRequestType:
@@ -359,11 +367,11 @@ export class QueueProcessor {
     }
   }
 
-  private handleJSONResponse(
+  private async handleJSONResponse(
     request: LLMRequest,
     content: string,
     finishReason: string | null
-  ): LLMResponse {
+  ): Promise<LLMResponse> {
     try {
       const parsed = parseJSONResponse(content);
       return {
@@ -377,6 +385,8 @@ export class QueueProcessor {
       console.warn(
         `[QueueProcessor] JSON parse failed for ${request.next_step}. Payload:\n${content}`
       );
+      const reformatResult = await this.attemptJSONReformat(request, content);
+      if (reformatResult) return reformatResult;
       return {
         request,
         success: false,
@@ -444,4 +454,59 @@ export class QueueProcessor {
     }
   }
 
+  /**
+   * When any JSON request gets back content that won't parse, attempt a single
+   * synchronous reformat pass before falling into the backoff retry loop.
+   *
+   * The system prompt already contains the full JSON schema for this request type
+   * (field names, type-specific extras like `category`, `relationship`, `strength`,
+   * etc.), so we don't need to repeat any of that here — just hand the model its
+   * own output and ask it to clean it up.
+   *
+   * Returns null if the reformat attempt also fails — caller falls through to normal
+   * failure path (backoff retry).
+   */
+  private async attemptJSONReformat(
+    request: LLMRequest,
+    malformedContent: string
+  ): Promise<LLMResponse | null> {
+    const reformatUserPrompt =
+      `An earlier version of you responded with the following content, but it could not ` +
+      `be parsed as valid JSON. Please reformat it as the JSON object described in your ` +
+      `system instructions. Respond with ONLY the JSON object, or \`{}\` if no changes ` +
+      `are needed.\n\n---\n${malformedContent}\n---`;
+
+    try {
+      const { content: reformatContent, finishReason: reformatReason } = await callLLMRaw(
+        request.system,
+        reformatUserPrompt,
+        [], // no message history needed — schema is already in the system prompt
+        request.model,
+        { signal: this.abortController?.signal },
+        this.currentAccounts
+      );
+
+      if (!reformatContent) return null;
+
+      const cleaned = cleanResponseContent(reformatContent);
+      try {
+        const parsed = parseJSONResponse(cleaned);
+        console.log(`[QueueProcessor] JSON reformat pass succeeded for ${request.next_step} — saved a retry`);
+        return {
+          request,
+          success: true,
+          content: cleaned,
+          parsed,
+          finish_reason: reformatReason ?? undefined,
+        };
+      } catch {
+        console.warn(`[QueueProcessor] JSON reformat pass also failed for ${request.next_step} — falling through to retry`);
+        return null;
+      }
+    } catch (err) {
+      console.warn(`[QueueProcessor] JSON reformat LLM call failed for ${request.next_step}: ${err instanceof Error ? err.message : String(err)}`);
+      return null;
+    }
+  }
+
 }

package/src/core/tools/builtin/currently-playing.ts

@@ -0,0 +1,75 @@
+/**
+ * get_currently_playing builtin tool
+ *
+ * Hits GET /me/player/currently-playing — no cache, always real-time.
+ * Config: { spotify_refresh_token: "<token>" } from the spotify provider.
+ * runtime: "any" (works in Web + TUI)
+ */
+import type { ToolExecutor } from "../types.js";
+import { getSpotifyAccessToken, notAuthenticatedError } from "./spotify-auth.js";
+
+interface SpotifyCurrentlyPlayingResponse {
+  is_playing: boolean;
+  progress_ms: number | null;
+  item: {
+    name: string;
+    duration_ms: number;
+    artists: Array<{ name: string }>;
+    album: { name: string };
+  } | null;
+}
+
+export const currentlyPlayingExecutor: ToolExecutor = {
+  name: "get_currently_playing",
+
+  async execute(_args: Record<string, unknown>, config?: Record<string, string>, onConfigUpdate?: (updates: Record<string, string>) => void): Promise<string> {
+    const refreshToken = config?.spotify_refresh_token?.trim();
+    if (!refreshToken) {
+      return notAuthenticatedError("get_currently_playing");
+    }
+
+    let accessToken: string;
+    try {
+      accessToken = await getSpotifyAccessToken(refreshToken, (newToken) => {
+        onConfigUpdate?.({ spotify_refresh_token: newToken });
+      });
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      // If token refresh fails, the refresh token is likely revoked
+      return JSON.stringify({
+        error: "token_refresh_failed",
+        message: msg,
+      });
+    }
+
+    const response = await fetch("https://api.spotify.com/v1/me/player/currently-playing", {
+      headers: { Authorization: `Bearer ${accessToken}` },
+    });
+
+    // 204 = nothing playing
+    if (response.status === 204 || response.status === 200 && !response.headers.get("content-type")?.includes("json")) {
+      return JSON.stringify({ nothing_playing: true });
+    }
+
+    if (!response.ok) {
+      throw new Error(`Spotify API error (${response.status}): ${await response.text()}`);
+    }
+
+    const data = (await response.json()) as SpotifyCurrentlyPlayingResponse;
+
+    if (!data.item) {
+      return JSON.stringify({ nothing_playing: true });
+    }
+
+    const result = {
+      artist: data.item.artists.map((a) => a.name).join(", "),
+      title: data.item.name,
+      album: data.item.album.name,
+      is_playing: data.is_playing,
+      progress_ms: data.progress_ms ?? 0,
+      duration_ms: data.item.duration_ms,
+    };
+    return JSON.stringify(result);
+  },
+
+};

package/src/core/tools/builtin/pkce.ts

@@ -0,0 +1,91 @@
+/**
+ * PKCE helpers — shared by Web (SpotifyAuthButton) and TUI (spotify-auth command).
+ *
+ * Uses the Web Crypto API (available in both browser and Bun/Node >= 19).
+ * All functions are synchronous except generateChallenge which needs crypto.subtle.
+ */
+
+/** Generate a random code verifier (128 chars, URL-safe base64). */
+export function generateVerifier(): string {
+  const array = new Uint8Array(96); // 96 bytes → 128 chars base64url
+  crypto.getRandomValues(array);
+  return base64url(array);
+}
+
+/** Derive the PKCE code challenge (SHA-256 of verifier, base64url). */
+export async function generateChallenge(verifier: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  return base64url(new Uint8Array(digest));
+}
+
+/** Exchange an authorization code for tokens (used by both Web and TUI). */
+export async function exchangeCode(params: {
+  code: string;
+  verifier: string;
+  redirectUri: string;
+  clientId: string;
+}): Promise<{ access_token: string; refresh_token: string; expires_in: number }> {
+  const { code, verifier, redirectUri, clientId } = params;
+
+  const body = new URLSearchParams({
+    grant_type: "authorization_code",
+    code,
+    redirect_uri: redirectUri,
+    client_id: clientId,
+    code_verifier: verifier,
+  });
+
+  const response = await fetch("https://accounts.spotify.com/api/token", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(`Spotify token exchange failed (${response.status}): ${text}`);
+  }
+
+  return response.json() as Promise<{
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+  }>;
+}
+
+/** Build the Spotify authorization URL. */
+export function buildAuthUrl(params: {
+  clientId: string;
+  redirectUri: string;
+  scopes: string[];
+  challenge: string;
+  state?: string;
+}): string {
+  const { clientId, redirectUri, scopes, challenge, state } = params;
+  const url = new URL("https://accounts.spotify.com/authorize");
+  url.searchParams.set("client_id", clientId);
+  url.searchParams.set("response_type", "code");
+  url.searchParams.set("redirect_uri", redirectUri);
+  url.searchParams.set("scope", scopes.join(" "));
+  url.searchParams.set("code_challenge", challenge);
+  url.searchParams.set("code_challenge_method", "S256");
+  if (state) url.searchParams.set("state", state);
+  return url.toString();
+}
+
+// ---------------------------------------------------------------------------
+// Internal helpers
+// ---------------------------------------------------------------------------
+
+function base64url(buffer: Uint8Array): string {
+  // btoa works in browser; Buffer works in Node/Bun
+  let binary: string;
+  if (typeof btoa === "function") {
+    binary = String.fromCharCode(...buffer);
+    return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+  // Node/Bun fallback
+  return Buffer.from(buffer).toString("base64url");
+}

package/src/core/tools/builtin/spotify-auth.ts

@@ -0,0 +1,90 @@
+/**
+ * Spotify token refresh — shared helper for both Spotify tool executors.
+ *
+ * Caches the current access token in module scope so multiple tool calls
+ * within the same session don't each trigger a refresh round-trip.
+ *
+ * The refresh token is read from the ToolProvider config at call time,
+ * so it always reflects the latest stored value.
+ */
+
+export const SPOTIFY_CLIENT_ID = "41a10178f66946f78d4a1e265606ba36";
+export const SPOTIFY_SCOPES = ["user-read-currently-playing", "user-library-read"];
+
+// Web redirect URI (hosted)
+export const SPOTIFY_WEB_REDIRECT_URI = "https://ei.flare576.com/callback/spotify";
+// TUI redirect URI (fixed port — Spotify rejected bare 127.0.0.1)
+export const SPOTIFY_TUI_REDIRECT_URI = "http://127.0.0.1:4242";
+export const SPOTIFY_TUI_PORT = 4242;
+
+interface CachedToken {
+  token: string;
+  expires_at: number; // Date.now() ms
+}
+
+let cachedToken: CachedToken | null = null;
+
+/**
+ * Get a valid Spotify access token, refreshing if needed.
+ * @param refreshToken - The stored refresh token from provider config
+ * @param onTokenRotated - Called with the new refresh token if Spotify rotates it
+ */
+export async function getSpotifyAccessToken(
+  refreshToken: string,
+  onTokenRotated?: (newRefreshToken: string) => void
+): Promise<string> {
+  // Return cached token if still valid (60s buffer)
+  if (cachedToken && Date.now() < cachedToken.expires_at - 60_000) {
+    return cachedToken.token;
+  }
+
+  const body = new URLSearchParams({
+    grant_type: "refresh_token",
+    refresh_token: refreshToken,
+    client_id: SPOTIFY_CLIENT_ID,
+  });
+
+  const response = await fetch("https://accounts.spotify.com/api/token", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString(),
+  });
+
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(`Spotify token refresh failed (${response.status}): ${text}`);
+  }
+
+  const data = (await response.json()) as {
+    access_token: string;
+    expires_in: number;
+    refresh_token?: string; // Spotify may rotate the refresh token
+  };
+
+  cachedToken = {
+    token: data.access_token,
+    expires_at: Date.now() + data.expires_in * 1000,
+  };
+
+  // Spotify may rotate the refresh token — persist the new one if provided
+  if (data.refresh_token && data.refresh_token !== refreshToken) {
+    onTokenRotated?.(data.refresh_token);
+  }
+
+  return cachedToken.token;
+}
+
+/** Clear the cached token (call if refresh token changes). */
+export function clearTokenCache(): void {
+  cachedToken = null;
+}
+
+/** Return a structured "not authenticated" error for the LLM to relay to the user. */
+export function notAuthenticatedError(tool: string): string {
+  return JSON.stringify({
+    error: "not_authenticated",
+    tool,
+    message:
+      "Spotify is not connected. In the web app: Settings → Tool Kits → Spotify → Connect Spotify. In the TUI: /auth spotify",
+  });
+}

package/src/core/tools/builtin/spotify-liked-songs.ts

@@ -0,0 +1,108 @@
+/**
+ * get_liked_songs builtin tool
+ *
+ * Paginates GET /me/tracks until exhausted, caches in memory for 30 minutes.
+ * Returns a flat array of { artist, title, added_at } — the LLM filters/summarizes.
+ * Config: { spotify_refresh_token: "<token>" } from the spotify provider.
+ * runtime: "any" (works in Web + TUI)
+ */
+import type { ToolExecutor } from "../types.js";
+import { getSpotifyAccessToken, notAuthenticatedError } from "./spotify-auth.js";
+
+interface SpotifyTrack {
+  artist: string;
+  title: string;
+  added_at: string;
+}
+
+interface LikedSongsCache {
+  tracks: SpotifyTrack[];
+  fetched_at: number; // Date.now() ms
+}
+
+interface SpotifyTracksPage {
+  items: Array<{
+    added_at: string;
+    track: {
+      name: string;
+      artists: Array<{ name: string }>;
+    } | null;
+  }>;
+  next: string | null;
+}
+
+const CACHE_TTL_MS = 30 * 60 * 1000; // 30 minutes
+
+let likedSongsCache: LikedSongsCache | null = null;
+
+/** Clear the in-memory liked songs cache (call on Spotify reconnect/disconnect). */
+export function clearLikedSongsCache(): void {
+  likedSongsCache = null;
+}
+
+/** Fetch all liked songs from Spotify, paginating 50 at a time. */
+async function fetchAllLikedSongs(accessToken: string): Promise<SpotifyTrack[]> {
+  const tracks: SpotifyTrack[] = [];
+  let url: string | null = "https://api.spotify.com/v1/me/tracks?limit=50&market=from_token";
+
+  while (url) {
+    const response = await fetch(url, {
+      headers: { Authorization: `Bearer ${accessToken}` },
+    });
+
+    if (!response.ok) {
+      throw new Error(`Spotify liked songs API error (${response.status}): ${await response.text()}`);
+    }
+
+    const page = (await response.json()) as SpotifyTracksPage;
+
+    for (const item of page.items) {
+      if (!item.track) continue; // local files etc. may have null track
+      tracks.push({
+        artist: item.track.artists.map((a) => a.name).join(", "),
+        title: item.track.name,
+        added_at: item.added_at,
+      });
+    }
+
+    url = page.next;
+  }
+
+  return tracks;
+}
+
+export const likedSongsExecutor: ToolExecutor = {
+  name: "get_liked_songs",
+
+  async execute(_args: Record<string, unknown>, config?: Record<string, string>, onConfigUpdate?: (updates: Record<string, string>) => void): Promise<string> {
+    const refreshToken = config?.spotify_refresh_token?.trim();
+    if (!refreshToken) {
+      return notAuthenticatedError("get_liked_songs");
+    }
+
+    // Return cached result if still fresh
+    if (likedSongsCache && Date.now() < likedSongsCache.fetched_at + CACHE_TTL_MS) {
+      return JSON.stringify({ tracks: likedSongsCache.tracks, cached: true });
+    }
+
+    let accessToken: string;
+    try {
+      accessToken = await getSpotifyAccessToken(refreshToken, (newToken) => {
+        onConfigUpdate?.({ spotify_refresh_token: newToken });
+      });
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      return JSON.stringify({
+        error: "token_refresh_failed",
+        message: msg,
+      });
+    }
+
+    const tracks = await fetchAllLikedSongs(accessToken);
+
+    likedSongsCache = { tracks, fetched_at: Date.now() };
+    console.log(`[get_liked_songs] fetched and cached ${tracks.length} tracks`);
+
+    return JSON.stringify({ tracks, cached: false });
+  },
+};

package/src/core/tools/index.ts

@@ -9,6 +9,9 @@
 import type { ToolDefinition } from "../types.js";
 import type { ToolCall, ToolResult, ToolExecutor } from "./types.js";
 import { tavilyWebSearchExecutor, tavilyNewsSearchExecutor } from "./builtin/web-search.js";
+import { currentlyPlayingExecutor } from "./builtin/currently-playing.js";
+import { likedSongsExecutor } from "./builtin/spotify-liked-songs.js";
+// file-read and list-directory are Node-only — imported lazily via registerFileReadExecutor() to avoid
 // file-read and list-directory are Node-only — imported lazily via registerFileReadExecutor() to avoid
 
 /** Hard upper limit on total tool calls per interaction, regardless of individual limits. */
@@ -32,6 +35,8 @@ export function registerExecutor(executor: ToolExecutor): void {
 // because it requires Processor.searchHumanData injection.
 registerExecutor(tavilyWebSearchExecutor);
 registerExecutor(tavilyNewsSearchExecutor);
+registerExecutor(currentlyPlayingExecutor);
+registerExecutor(likedSongsExecutor);
 // file_read and list_directory are registered lazily via registerFileReadExecutor() — Node/TUI only.
 
 /**
@@ -92,7 +97,8 @@ export async function executeToolCalls(
   calls: ToolCall[],
   tools: ToolDefinition[],
   callCounts: Map<string, number>,
-  totalCalls: { count: number }
+  totalCalls: { count: number },
+  onProviderConfigUpdate?: (providerId: string, updates: Record<string, string>) => void
 ): Promise<{ results: ToolResult[]; exhaustedToolNames: Set<string> }> {
   const results: ToolResult[] = [];
   const exhaustedToolNames = new Set<string>();
@@ -154,7 +160,10 @@ export async function executeToolCalls(
 
     try {
       console.log(`[Tools] Executing ${call.name} (call ${newCount}/${maxCalls})`);
-      const result = await executor.execute(call.arguments, definition.config);
+      const onConfigUpdate = onProviderConfigUpdate && definition.provider_id
+        ? (updates: Record<string, string>) => onProviderConfigUpdate(definition.provider_id, updates)
+        : undefined;
+      const result = await executor.execute(call.arguments, definition.config, onConfigUpdate);
       results.push({
         tool_call_id: call.id,
         name: call.name,

package/src/core/tools/types.ts

@@ -23,5 +23,9 @@ export interface ToolExecutor {
   /** Tool machine name — must match ToolDefinition.name exactly. */
   name: string;
   /** Execute the tool. Returns a result string (JSON or plain text). Throws on unrecoverable error. */
-  execute(args: Record<string, unknown>, config?: Record<string, string>): Promise<string>;
+  execute(
+    args: Record<string, unknown>,
+    config?: Record<string, string>,
+    onConfigUpdate?: (updates: Record<string, string>) => void
+  ): Promise<string>;
 }

package/tui/src/commands/auth.ts

@@ -0,0 +1,26 @@
+import type { Command } from "./registry.js";
+import { runSpotifyAuth } from "./spotify-auth.js";
+
+export const authCommand: Command = {
+  name: "auth",
+  aliases: [],
+  description: "Authenticate with a service (e.g. /auth spotify)",
+  usage: "/auth <service>  — supported: spotify",
+
+  async execute(args, ctx) {
+    const service = args[0]?.toLowerCase();
+
+    if (!service) {
+      ctx.showNotification("Usage: /auth <service>  (supported: spotify)", "error");
+      return;
+    }
+
+    switch (service) {
+      case "spotify":
+        await runSpotifyAuth(ctx);
+        break;
+      default:
+        ctx.showNotification(`Unknown service: ${service}. Supported: spotify`, "error");
+    }
+  },
+};

package/tui/src/commands/spotify-auth.ts

@@ -0,0 +1,169 @@
+/**
+ * Spotify PKCE auth flow for TUI.
+ *
+ * Spins up a temporary Bun HTTP server on port 4242, opens the Spotify
+ * authorization URL in the user's browser, waits for the redirect, then
+ * exchanges the auth code for tokens and stores the refresh token via
+ * ctx.ei.updateToolProvider().
+ */
+import type { CommandContext } from "./registry.js";
+import { logger } from "../util/logger.js";
+import {
+  generateVerifier,
+  generateChallenge,
+  exchangeCode,
+  buildAuthUrl,
+} from "../../../src/core/tools/builtin/pkce.js";
+import {
+  SPOTIFY_CLIENT_ID,
+  SPOTIFY_SCOPES,
+  SPOTIFY_TUI_REDIRECT_URI,
+  SPOTIFY_TUI_PORT,
+  clearTokenCache,
+} from "../../../src/core/tools/builtin/spotify-auth.js";
+import { clearLikedSongsCache } from "../../../src/core/tools/builtin/spotify-liked-songs.js";
+
+export async function runSpotifyAuth(ctx: CommandContext): Promise<void> {
+  logger.info("[spotify-auth] runSpotifyAuth() called");
+  ctx.showNotification("Starting Spotify auth — opening browser…", "info");
+
+  const verifier = generateVerifier();
+  const challenge = await generateChallenge(verifier);
+  logger.info("[spotify-auth] PKCE verifier + challenge generated");
+
+  const authUrl = buildAuthUrl({
+    clientId: SPOTIFY_CLIENT_ID,
+    redirectUri: SPOTIFY_TUI_REDIRECT_URI,
+    scopes: SPOTIFY_SCOPES,
+    challenge,
+  });
+  logger.info("[spotify-auth] Auth URL built", { redirectUri: SPOTIFY_TUI_REDIRECT_URI });
+
+  // Start the local server FIRST, then open the browser so the server
+  // is already listening when Spotify redirects back.
+  logger.info("[spotify-auth] Starting local HTTP server on port", SPOTIFY_TUI_PORT);
+  const codePromise = waitForAuthCode(ctx);
+
+  // Give the server a tick to bind its port before opening the browser
+  await new Promise<void>((r) => setTimeout(r, 50));
+  logger.info("[spotify-auth] Server should be up — opening browser now");
+
+  // Open the authorization URL in the user's default browser
+  const openCmd = process.platform === "darwin"
+    ? "open"
+    : process.platform === "win32"
+    ? "cmd /c start"
+    : "xdg-open";
+
+  logger.info("[spotify-auth] Spawning browser with", { openCmd });
+  Bun.spawn([openCmd, authUrl], { stdio: ["ignore", "ignore", "ignore"] });
+  logger.info("[spotify-auth] Browser spawned — awaiting OAuth callback…");
+
+  const code = await codePromise;
+  logger.info("[spotify-auth] codePromise resolved", { gotCode: !!code });
+
+  if (!code) return; // user cancelled or error already shown
+
+  ctx.showNotification("Exchanging auth code for tokens…", "info");
+
+  try {
+    logger.info("[spotify-auth] Exchanging code for tokens");
+    const tokens = await exchangeCode({
+      code,
+      verifier,
+      redirectUri: SPOTIFY_TUI_REDIRECT_URI,
+      clientId: SPOTIFY_CLIENT_ID,
+    });
+    logger.info("[spotify-auth] Token exchange succeeded — storing refresh token");
+
+    clearTokenCache();
+    clearLikedSongsCache();
+    await ctx.ei.updateToolProvider("spotify", {
+      config: { spotify_refresh_token: tokens.refresh_token },
+      enabled: true,
+    });
+    logger.info("[spotify-auth] Refresh token stored — done!");
+
+    ctx.showNotification("✓ Spotify connected successfully!", "info");
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    logger.error("[spotify-auth] Token exchange failed", { msg });
+    ctx.showNotification(`Spotify auth failed: ${msg}`, "error");
+  }
+}
+
+/** Spin up a one-shot HTTP server on SPOTIFY_TUI_PORT and return the auth code. */
+async function waitForAuthCode(ctx: CommandContext): Promise<string | null> {
+  return new Promise<string | null>((resolve) => {
+    const TIMEOUT_MS = 120_000; // 2 minutes
+
+    let resolved = false;
+    let server: ReturnType<typeof Bun.serve> | null = null;
+
+    const finish = (code: string | null) => {
+      if (resolved) return;
+      resolved = true;
+      logger.info("[spotify-auth] finish() called", { gotCode: !!code });
+      try { server?.stop(true); } catch { /* ignore */ }
+      clearTimeout(timer);
+      resolve(code);
+    };
+
+    const timer = setTimeout(() => {
+      logger.warn("[spotify-auth] Timed out waiting for callback");
+      ctx.showNotification("Spotify auth timed out (2 min)", "error");
+      finish(null);
+    }, TIMEOUT_MS);
+
+    try {
+      server = Bun.serve({
+        port: SPOTIFY_TUI_PORT,
+        hostname: "127.0.0.1", // explicit IPv4 — macOS 'localhost' resolves to ::1 (IPv6)
+        fetch(req) {
+          const url = new URL(req.url);
+          logger.info("[spotify-auth] Incoming request", { method: req.method, path: url.pathname });
+
+          if (url.pathname !== "/") {
+            return new Response("Not found", { status: 404 });
+          }
+
+          const code = url.searchParams.get("code");
+          const error = url.searchParams.get("error");
+          logger.info("[spotify-auth] Callback params", { hasCode: !!code, error });
+
+          if (error || !code) {
+            const msg = error ?? "no code in callback";
+            logger.error("[spotify-auth] Auth denied or missing code", { msg });
+            ctx.showNotification(`Spotify denied auth: ${msg}`, "error");
+            finish(null);
+            return new Response(
+              "<html><body><h2>Auth failed — return to your terminal.</h2></body></html>",
+              { headers: { "Content-Type": "text/html" } }
+            );
+          }
+
+          const resp = new Response(
+            "<html><head><meta charset=\"utf-8\"></head><body><h2>✓ Spotify connected! You can close this tab.</h2><p>Be sure to <strong>enable</strong> the tool for a persona!</p></body></html>",
+            { headers: { "Content-Type": "text/html; charset=utf-8" } }
+          );
+          // Defer finish() so the response flushes before the server stops
+          setTimeout(() => finish(code), 0);
+          return resp;
+        },
+        error(err) {
+          logger.error("[spotify-auth] Bun.serve error handler", { msg: err.message });
+          ctx.showNotification(`Local auth server error: ${err.message}`, "error");
+          finish(null);
+          return new Response("Internal Server Error", { status: 500 });
+        },
+      });
+      logger.info("[spotify-auth] Bun.serve started", { port: server.port, hostname: server.hostname });
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      logger.error("[spotify-auth] Bun.serve failed to start", { msg });
+      ctx.showNotification(`Failed to start local auth server: ${msg}`, "error");
+      clearTimeout(timer);
+      resolve(null);
+    }
+  });
+}

package/tui/src/components/PromptInput.tsx

@@ -24,6 +24,7 @@ import { setSyncCommand } from "../commands/setsync";
 import { queueCommand } from "../commands/queue";
 import { dlqCommand } from "../commands/dlq";
 import { toolsCommand } from "../commands/tools";
+import { authCommand } from '../commands/auth';
 import { useOverlay } from "../context/overlay";
 import { CommandSuggest } from "./CommandSuggest";
 import { useKeyboard } from "@opentui/solid";
@@ -62,6 +63,7 @@ export function PromptInput() {
   registerCommand(queueCommand);
   registerCommand(dlqCommand);
   registerCommand(toolsCommand);
+  registerCommand(authCommand);
 
   let textareaRef: TextareaRenderable | undefined;