episoda 0.2.127 → 0.2.128

package/dist/daemon/daemon-process.js

@@ -2598,7 +2598,7 @@ var require_auth = __commonJS({
     Object.defineProperty(exports2, "__esModule", { value: true });
     exports2.getConfigDir = getConfigDir8;
     exports2.getConfigPath = getConfigPath;
-    exports2.loadConfig = loadConfig8;
+    exports2.loadConfig = loadConfig9;
     exports2.saveConfig = saveConfig2;
     exports2.validateToken = validateToken;
     var fs24 = __importStar(require("fs"));
@@ -2635,7 +2635,7 @@ var require_auth = __commonJS({
         }
       }
     }
-    async function loadConfig8(configPath) {
+    async function loadConfig9(configPath) {
       const fullPath = getConfigPath(configPath);
       if (fs24.existsSync(fullPath)) {
         try {
@@ -2815,7 +2815,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "episoda",
-      version: "0.2.126",
+      version: "0.2.127",
       description: "CLI tool for Episoda local development workflow orchestration",
       main: "dist/index.js",
       types: "dist/index.d.ts",
@@ -3199,7 +3199,7 @@ var IPCServer = class {
 };
 
 // src/daemon/daemon-process.ts
-var import_core13 = __toESM(require_dist());
+var import_core14 = __toESM(require_dist());
 
 // src/utils/update-checker.ts
 var import_child_process2 = require("child_process");
@@ -8659,6 +8659,7 @@ function generateClaudeConfig(options = {}) {
 }
 
 // src/agent/agent-manager.ts
+var import_core11 = __toESM(require_dist());
 var instance3 = null;
 function getAgentManager() {
   if (!instance3) {
@@ -8692,6 +8693,139 @@ var AgentManager = class {
       releaseLock();
     }
   }
+  readJsonFileIfExists(filePath) {
+    if (!fs19.existsSync(filePath)) return null;
+    try {
+      const content = fs19.readFileSync(filePath, "utf8");
+      return JSON.parse(content);
+    } catch (error) {
+      console.warn(`[AgentManager] Failed to parse JSON at ${filePath}:`, error instanceof Error ? error.message : error);
+      return null;
+    }
+  }
+  readCodexTokensFromPath(filePath) {
+    const data = this.readJsonFileIfExists(filePath);
+    const tokens = data?.tokens;
+    if (!tokens) return null;
+    const accessToken = tokens.access_token;
+    if (!accessToken) return null;
+    return {
+      accessToken,
+      refreshToken: tokens.refresh_token,
+      idToken: tokens.id_token,
+      accountId: tokens.account_id
+    };
+  }
+  readClaudeTokensFromPath(filePath) {
+    const data = this.readJsonFileIfExists(filePath);
+    const oauth = data?.claudeAiOauth;
+    if (!oauth) return null;
+    const accessToken = oauth.accessToken;
+    if (!accessToken) return null;
+    return {
+      accessToken,
+      refreshToken: oauth.refreshToken,
+      expiresAt: typeof oauth.expiresAt === "number" ? oauth.expiresAt : void 0,
+      scopes: Array.isArray(oauth.scopes) ? oauth.scopes : void 0
+    };
+  }
+  loadProviderTokens(provider, sessionDir, legacyDir) {
+    if (provider === "codex") {
+      const sessionAuthPath = path20.join(sessionDir, "auth.json");
+      const legacyAuthPath = path20.join(legacyDir, "auth.json");
+      return this.readCodexTokensFromPath(sessionAuthPath) || this.readCodexTokensFromPath(legacyAuthPath);
+    }
+    const sessionCredentialsPath = path20.join(sessionDir, ".credentials.json");
+    const legacyCredentialsPath = path20.join(legacyDir, ".credentials.json");
+    return this.readClaudeTokensFromPath(sessionCredentialsPath) || this.readClaudeTokensFromPath(legacyCredentialsPath);
+  }
+  applyTokensToSession(session, tokens) {
+    const currentAccess = session.credentials.oauthToken;
+    const currentRefresh = session.credentials.refreshToken;
+    const currentId = session.credentials.idToken;
+    const currentAccount = session.credentials.accountId;
+    const accessChanged = tokens.accessToken && tokens.accessToken !== currentAccess;
+    const refreshChanged = tokens.refreshToken && tokens.refreshToken !== currentRefresh;
+    const idChanged = tokens.idToken && tokens.idToken !== currentId;
+    const accountChanged = tokens.accountId && tokens.accountId !== currentAccount;
+    if (!accessChanged && !refreshChanged && !idChanged && !accountChanged) {
+      return false;
+    }
+    if (tokens.accessToken) {
+      session.credentials.oauthToken = tokens.accessToken;
+    }
+    if (tokens.refreshToken) {
+      session.credentials.refreshToken = tokens.refreshToken;
+    }
+    if (tokens.idToken) {
+      session.credentials.idToken = tokens.idToken;
+    }
+    if (tokens.accountId) {
+      session.credentials.accountId = tokens.accountId;
+    }
+    if (tokens.expiresAt) {
+      session.credentials.expiresAt = tokens.expiresAt;
+    }
+    if (tokens.scopes) {
+      session.credentials.scopes = tokens.scopes;
+    }
+    return true;
+  }
+  async getApiAuth() {
+    const envToken = process.env.EPISODA_ACCESS_TOKEN || process.env.EPISODA_SESSION_TOKEN;
+    const envApiUrl = process.env.EPISODA_API_URL;
+    if (envToken) {
+      return { apiUrl: envApiUrl || "https://episoda.dev", token: envToken };
+    }
+    try {
+      const config = await (0, import_core11.loadConfig)();
+      if (!config?.access_token) {
+        return null;
+      }
+      return {
+        apiUrl: config.api_url || "https://episoda.dev",
+        token: config.access_token
+      };
+    } catch (error) {
+      console.warn("[AgentManager] Failed to load Episoda config for credential sync:", error instanceof Error ? error.message : error);
+      return null;
+    }
+  }
+  async syncTokensToVault(provider, tokens, source) {
+    const auth = await this.getApiAuth();
+    if (!auth) {
+      console.warn("[AgentManager] Skipping credential sync - no Episoda auth token available");
+      return;
+    }
+    try {
+      const payload = {
+        provider,
+        access_token: tokens.accessToken,
+        refresh_token: tokens.refreshToken,
+        id_token: tokens.idToken,
+        account_id: tokens.accountId,
+        expires_at: tokens.expiresAt ? new Date(tokens.expiresAt).toISOString() : void 0,
+        scopes: tokens.scopes,
+        source
+      };
+      const response = await fetch(`${auth.apiUrl}/api/user/credentials/sync`, {
+        method: "POST",
+        headers: {
+          "Authorization": `Bearer ${auth.token}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(payload)
+      });
+      if (!response.ok) {
+        const errorText = await response.text();
+        console.warn(`[AgentManager] Credential sync failed (${provider}): ${response.status} ${errorText}`);
+        return;
+      }
+      console.log(`[AgentManager] Synced ${provider} credentials to vault (${source})`);
+    } catch (error) {
+      console.warn("[AgentManager] Credential sync error:", error instanceof Error ? error.message : error);
+    }
+  }
   /**
    * EP1233: Get list of MCP servers to register for a session
    * EP1251: Added GitHub MCP for consolidated MCP configuration
@@ -9114,6 +9248,19 @@ If changes are needed, explain what needs to be done.`;
       const useApiKey = !useOAuth && !!session.credentials.apiKey;
       const sessionCodexDir = path20.join(os6.homedir(), ".codex", "sessions", sessionId);
       const sessionClaudeDir = path20.join(os6.homedir(), ".claude", "sessions", sessionId);
+      const legacyCodexDir = path20.join(os6.homedir(), ".codex");
+      const legacyClaudeDir = path20.join(os6.homedir(), ".claude");
+      const sessionConfigDir = provider === "codex" ? sessionCodexDir : sessionClaudeDir;
+      const legacyConfigDir = provider === "codex" ? legacyCodexDir : legacyClaudeDir;
+      if (useOAuth) {
+        const existingTokens = this.loadProviderTokens(provider, sessionConfigDir, legacyConfigDir);
+        if (existingTokens) {
+          const updated = this.applyTokensToSession(session, existingTokens);
+          if (updated) {
+            await this.syncTokensToVault(provider, existingTokens, "preflight");
+          }
+        }
+      }
       if (provider === "codex") {
         await this.withConfigLock(async () => {
           fs19.mkdirSync(sessionCodexDir, { recursive: true });
@@ -9374,6 +9521,17 @@ If changes are needed, explain what needs to be done.`;
         console.log(`[AgentManager] EP1191: ${provider} CLI exited for session ${sessionId}: code=${code}, signal=${signal}, duration=${duration}ms, stdoutEvents=${stdoutEventCount}, chunksSent=${chunksSent}`);
         this.processes.delete(sessionId);
         this.removePidFile(sessionId);
+        if (useOAuth) {
+          void (async () => {
+            const updatedTokens = this.loadProviderTokens(provider, sessionConfigDir, legacyConfigDir);
+            if (updatedTokens) {
+              const updated = this.applyTokensToSession(session, updatedTokens);
+              if (updated) {
+                await this.syncTokensToVault(provider, updatedTokens, "post-exit");
+              }
+            }
+          })();
+        }
         if (code === 0) {
           session.status = "stopped";
           onComplete(extractedSessionId || session.agentSessionId || session.claudeSessionId);
@@ -9798,7 +9956,7 @@ var AgentCommandQueue = class {
 
 // src/utils/dev-server.ts
 var import_child_process13 = require("child_process");
-var import_core11 = __toESM(require_dist());
+var import_core12 = __toESM(require_dist());
 var fs20 = __toESM(require("fs"));
 var path21 = __toESM(require("path"));
 var MAX_RESTART_ATTEMPTS = 5;
@@ -9808,7 +9966,7 @@ var MAX_LOG_SIZE_BYTES = 5 * 1024 * 1024;
 var NODE_MEMORY_LIMIT_MB = 2048;
 var activeServers = /* @__PURE__ */ new Map();
 function getLogsDir() {
-  const logsDir = path21.join((0, import_core11.getConfigDir)(), "logs");
+  const logsDir = path21.join((0, import_core12.getConfigDir)(), "logs");
   if (!fs20.existsSync(logsDir)) {
     fs20.mkdirSync(logsDir, { recursive: true });
   }
@@ -10009,7 +10167,7 @@ async function startDevServer(projectPath, port = 3e3, moduleUid = "default", op
   console.log(`[DevServer] EP932: Starting dev server for ${moduleUid} on port ${port} (auto-restart: ${autoRestart})...`);
   let injectedEnvVars = {};
   try {
-    const config = await (0, import_core11.loadConfig)();
+    const config = await (0, import_core12.loadConfig)();
     if (config?.access_token && config?.project_id) {
       const apiUrl = config.api_url || "https://episoda.dev";
       const result = await fetchEnvVarsWithCache(apiUrl, config.access_token, {
@@ -10129,7 +10287,7 @@ function getDevServerStatus() {
 var path22 = __toESM(require("path"));
 var fs21 = __toESM(require("fs"));
 var os7 = __toESM(require("os"));
-var import_core12 = __toESM(require_dist());
+var import_core13 = __toESM(require_dist());
 function getEpisodaRoot2() {
   if (process.env.EPISODA_ROOT) {
     return process.env.EPISODA_ROOT;
@@ -10149,7 +10307,7 @@ function getWorktreeInfo(moduleUid, workspaceSlug, projectSlug) {
   };
 }
 async function getWorktreeInfoForModule(moduleUid) {
-  const config = await (0, import_core12.loadConfig)();
+  const config = await (0, import_core13.loadConfig)();
   if (config?.workspace_slug && config?.project_slug) {
     return getWorktreeInfo(moduleUid, config.workspace_slug, config.project_slug);
   }
@@ -10331,7 +10489,7 @@ async function ensureValidToken(config, bufferMs = 5 * 60 * 1e3) {
       refresh_token: tokenResponse.refresh_token || config.refresh_token,
       expires_at: now + tokenResponse.expires_in * 1e3
     };
-    await (0, import_core13.saveConfig)(updatedConfig);
+    await (0, import_core14.saveConfig)(updatedConfig);
     console.log("[Daemon] EP904: Access token refreshed successfully");
     return updatedConfig;
   } catch (error) {
@@ -10340,7 +10498,7 @@ async function ensureValidToken(config, bufferMs = 5 * 60 * 1e3) {
   }
 }
 async function fetchWithAuth(url, options = {}, retryOnUnauthorized = true) {
-  let config = await (0, import_core13.loadConfig)();
+  let config = await (0, import_core14.loadConfig)();
   if (!config?.access_token) {
     throw new Error("No access token configured");
   }
@@ -10367,7 +10525,7 @@ async function fetchWithAuth(url, options = {}, retryOnUnauthorized = true) {
 }
 async function fetchEnvVars2() {
   try {
-    const config = await (0, import_core13.loadConfig)();
+    const config = await (0, import_core14.loadConfig)();
     if (!config?.project_id) {
       console.warn("[Daemon] EP973: No project_id in config, cannot fetch env vars");
       return {};
@@ -10478,7 +10636,7 @@ var Daemon = class _Daemon {
     console.log("[Daemon] Starting Episoda daemon...");
     this.machineId = await getMachineId();
     console.log(`[Daemon] Machine ID: ${this.machineId}`);
-    const config = await (0, import_core13.loadConfig)();
+    const config = await (0, import_core14.loadConfig)();
     if (config?.machine_uuid || config?.device_id) {
       this.machineUuid = config.machine_uuid || config.device_id || null;
       console.log(`[Daemon] Loaded cached Machine UUID: ${this.machineUuid}`);
@@ -10729,7 +10887,7 @@ var Daemon = class _Daemon {
       };
     });
     this.ipcServer.on("verify-server-connection", async () => {
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (!config?.access_token || !config?.api_url) {
         return {
           verified: false,
@@ -10918,7 +11076,7 @@ var Daemon = class _Daemon {
       console.warn(`[Daemon] Stale connection detected for ${projectPath}, forcing reconnection`);
       await this.disconnectProject(projectPath);
     }
-    const config = await (0, import_core13.loadConfig)();
+    const config = await (0, import_core14.loadConfig)();
     if (!config || !config.access_token) {
       throw new Error("No access token found. Please run: episoda auth");
     }
@@ -10939,8 +11097,8 @@ var Daemon = class _Daemon {
       wsUrl = `${wsProtocol}//${wsHostname}:${wsPort}`;
     }
     console.log(`[Daemon] Connecting to ${wsUrl} for project ${projectId}...`);
-    const client = new import_core13.EpisodaClient();
-    const gitExecutor = new import_core13.GitExecutor();
+    const client = new import_core14.EpisodaClient();
+    const gitExecutor = new import_core14.GitExecutor();
     const connection = {
       projectId,
       projectPath,
@@ -11142,7 +11300,7 @@ var Daemon = class _Daemon {
               port = allocatePort(cmd.moduleUid);
             }
             console.log(`[Daemon] EP1115: Using port ${port} for ${cmd.moduleUid} (mode: ${modeConfig.mode})`);
-            const devConfig = await (0, import_core13.loadConfig)();
+            const devConfig = await (0, import_core14.loadConfig)();
             const customCommand = devConfig?.project_settings?.worktree_dev_server_script;
             const startResult = await previewManager.startPreview({
               moduleUid: cmd.moduleUid,
@@ -11833,7 +11991,7 @@ var Daemon = class _Daemon {
    */
   async cacheMachineUuid(machineUuid) {
     try {
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (!config) {
         console.warn("[Daemon] Cannot cache machine UUID - no config found");
         return;
@@ -11849,7 +12007,7 @@ var Daemon = class _Daemon {
         // Backward compatibility
         machine_id: this.machineId
       };
-      await (0, import_core13.saveConfig)(updatedConfig);
+      await (0, import_core14.saveConfig)(updatedConfig);
       console.log(`[Daemon] Cached machine UUID to config: ${machineUuid}`);
     } catch (error) {
       console.warn("[Daemon] Failed to cache machine UUID:", error instanceof Error ? error.message : error);
@@ -11863,7 +12021,7 @@ var Daemon = class _Daemon {
    */
   async syncProjectSettings(projectId) {
     try {
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (!config) return;
       const apiUrl = config.api_url || "https://episoda.dev";
       const response = await fetchWithAuth(`${apiUrl}/api/projects/${projectId}/settings`);
@@ -11897,7 +12055,7 @@ var Daemon = class _Daemon {
             cached_at: Date.now()
           }
         };
-        await (0, import_core13.saveConfig)(updatedConfig);
+        await (0, import_core14.saveConfig)(updatedConfig);
         console.log(`[Daemon] EP973: Project settings synced (slugs: ${projectSlug}/${workspaceSlug})`);
       }
     } catch (error) {
@@ -11917,7 +12075,7 @@ var Daemon = class _Daemon {
         console.warn("[Daemon] EP995: Cannot sync project path - machineUuid not available");
         return;
       }
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (!config) return;
       const apiUrl = config.api_url || "https://episoda.dev";
       const response = await fetchWithAuth(`${apiUrl}/api/account/machines/${this.machineUuid}`, {
@@ -11950,7 +12108,7 @@ var Daemon = class _Daemon {
    */
   async updateModuleWorktreeStatus(moduleUid, status, worktreePath, errorMessage) {
     try {
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (!config) return;
       const apiUrl = config.api_url || "https://episoda.dev";
       const body = {
@@ -12005,7 +12163,7 @@ var Daemon = class _Daemon {
         console.log("[Daemon] EP1003: Cannot reconcile - machineUuid not available yet");
         return;
       }
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (!config) return;
       const apiUrl = config.api_url || "https://episoda.dev";
       const controller = new AbortController();
@@ -12206,7 +12364,7 @@ var Daemon = class _Daemon {
     try {
       const envVars = await fetchEnvVars2();
       console.log(`[Daemon] EP1002: Fetched ${Object.keys(envVars).length} env vars for ${moduleUid}`);
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       const setupConfig = config?.project_settings;
       await this.runWorktreeSetupSync(
         moduleUid,
@@ -12430,7 +12588,7 @@ var Daemon = class _Daemon {
       }
       this.healthCheckInProgress = true;
       try {
-        const config = await (0, import_core13.loadConfig)();
+        const config = await (0, import_core14.loadConfig)();
         if (config?.access_token) {
           await this.performHealthChecks(config);
         }
@@ -12512,7 +12670,7 @@ var Daemon = class _Daemon {
       }
       console.log(`[Daemon] EP1042: Checking ${entries.length} registered dev server(s)...`);
       const activeModuleUids = [];
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (config?.access_token) {
         const apiUrl = config.api_url || "https://episoda.dev";
         try {
@@ -12648,7 +12806,7 @@ var Daemon = class _Daemon {
    */
   async fetchActiveModuleUids(projectId) {
     try {
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (!config?.access_token || !config?.api_url) {
         return null;
       }
@@ -12762,7 +12920,7 @@ var Daemon = class _Daemon {
   async restartTunnel(moduleUid, port) {
     const previewManager = getPreviewManager();
     try {
-      const config = await (0, import_core13.loadConfig)();
+      const config = await (0, import_core14.loadConfig)();
       if (!config?.access_token) {
         console.error(`[Daemon] EP833: No access token for tunnel restart`);
         return;