npm - groove-dev - Versions diffs - 0.17.8 → 0.18.2 - Mend

groove-dev 0.17.8 → 0.18.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/node_modules/@groove-dev/daemon/src/integrations.js CHANGED Viewed

@@ -380,10 +380,8 @@ export class IntegrationStore {
     if (!entry) throw new Error(`Integration not found: ${integrationId}`);
     if (entry.authType !== 'oauth-google') throw new Error('Integration does not use OAuth');
-    // Check if user has provided their own Google OAuth client (stored globally)
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
       throw new Error('Google OAuth not configured. Set up your Google Cloud project first.');
     }
@@ -392,7 +390,7 @@ export class IntegrationStore {
     const scopes = entry.oauthScopes || [];
     const params = new URLSearchParams({
-      client_id: clientId,
+      client_id: creds.clientId,
       redirect_uri: redirectUri,
       response_type: 'code',
       scope: scopes.join(' '),
@@ -408,11 +406,11 @@ export class IntegrationStore {
    * Handle OAuth callback — exchange code for tokens.
    */
   async handleOAuthCallback(code, integrationId) {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
       throw new Error('Google OAuth credentials not found');
     }
+    const { clientId, clientSecret } = creds;
     const port = this.daemon.port || 31415;
     const redirectUri = `http://localhost:${port}/api/integrations/oauth/callback`;
@@ -451,10 +449,32 @@ export class IntegrationStore {
   /**
    * Check if Google OAuth is configured (user has set up their Cloud project).
    */
+  /**
+   * Get Google OAuth credentials from user config OR bundled defaults.
+   * User-configured credentials take priority over bundled defaults.
+   */
+  _getGoogleOAuthCredentials() {
+    // 1. Check user-configured credentials (encrypted store)
+    let clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
+    let clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
+    if (clientId && clientSecret) return { clientId, clientSecret, source: 'user' };
+    // 2. Check bundled defaults (shipped with Groove)
+    try {
+      const defaultsPath = resolve(__dirname, '../google-oauth.json');
+      if (existsSync(defaultsPath)) {
+        const defaults = JSON.parse(readFileSync(defaultsPath, 'utf8'));
+        if (defaults.client_id && defaults.client_secret) {
+          return { clientId: defaults.client_id, clientSecret: defaults.client_secret, source: 'bundled' };
+        }
+      }
+    } catch { /* no bundled defaults */ }
+    return null;
+  }
   isGoogleOAuthConfigured() {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    return !!(clientId && clientSecret);
+    return !!this._getGoogleOAuthCredentials();
   }
   /**
@@ -467,14 +487,18 @@ export class IntegrationStore {
     const entry = this.registry.find((s) => s.id === integrationId);
     if (!entry) throw new Error(`Integration not found: ${integrationId}`);
+    console.log(`[Groove:Integrations] authenticate(${integrationId}) — authType: ${entry.authType}`);
     // For google-autoauth integrations, write the gcp-oauth.keys.json file
     // that the MCP server expects before it can start the OAuth browser flow
     if (entry.authType === 'google-autoauth') {
+      console.log(`[Groove:Integrations] Writing gcp-oauth.keys.json for ${integrationId}`);
       this._writeGoogleOAuthKeys(entry);
     }
     const command = entry.command || 'npx';
     const args = entry.args || ['-y', entry.npmPackage];
+    console.log(`[Groove:Integrations] Spawning: ${command} ${args.join(' ')}`);
     // Build env with any configured credentials
     const env = {};
@@ -491,6 +515,8 @@ export class IntegrationStore {
       detached: false,
     });
+    console.log(`[Groove:Integrations] Process spawned, PID: ${proc.pid}`);
     // Send MCP handshake to initialize the server — this triggers auth
     const initMsg = JSON.stringify({
       jsonrpc: '2.0', id: 1, method: 'initialize',
@@ -507,28 +533,38 @@ export class IntegrationStore {
       jsonrpc: '2.0', method: 'notifications/initialized',
     });
-    // Wait a moment for npx to download + start, then send handshake
     proc.stdout.on('data', (chunk) => {
       const text = chunk.toString();
+      console.log(`[Groove:Integrations] MCP stdout: ${text.slice(0, 200)}`);
       // After initialize response, send initialized notification + tools/list
       if (text.includes('"id":1') || text.includes('"id": 1')) {
+        console.log('[Groove:Integrations] Got initialize response, sending initialized + tools/list');
         proc.stdin.write(initializedNotif + '\n');
         setTimeout(() => proc.stdin.write(listToolsMsg + '\n'), 500);
       }
     });
+    proc.on('error', (err) => {
+      console.log(`[Groove:Integrations] Process error: ${err.message}`);
+    });
+    proc.on('exit', (code, signal) => {
+      console.log(`[Groove:Integrations] Process exited: code=${code} signal=${signal}`);
+      clearTimeout(timeout);
+    });
     // Send initialize after a brief delay for npx startup
     setTimeout(() => {
-      try { proc.stdin.write(initMsg + '\n'); } catch { /* process may have exited */ }
+      console.log('[Groove:Integrations] Sending MCP initialize message');
+      try { proc.stdin.write(initMsg + '\n'); } catch (e) { console.log('[Groove:Integrations] stdin write failed:', e.message); }
     }, 3000);
-    // Auto-kill after 2 minutes (auth should complete well before that)
+    // Auto-kill after 2 minutes
     const timeout = setTimeout(() => {
+      console.log('[Groove:Integrations] Auth timeout — killing process');
       try { proc.kill('SIGTERM'); } catch { /* ignore */ }
     }, 120_000);
-    proc.on('exit', () => clearTimeout(timeout));
     this.daemon.audit.log('integration.authenticate', { id: integrationId });
     return {
@@ -543,11 +579,11 @@ export class IntegrationStore {
    * before they can open the browser for user consent.
    */
   _writeGoogleOAuthKeys(entry) {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
-      throw new Error('Google OAuth not configured. Click "Sign in with Google" to set up your Google Cloud credentials first.');
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
+      throw new Error('Google OAuth not configured. Set up your Google Cloud credentials first.');
     }
+    const { clientId, clientSecret } = creds;
     const keysContent = JSON.stringify({
       installed: {
@@ -567,6 +603,9 @@ export class IntegrationStore {
       mkdirSync(dirPath, { recursive: true });
       const keysPath = resolve(dirPath, 'gcp-oauth.keys.json');
       writeFileSync(keysPath, keysContent, { mode: 0o600 });
+      console.log(`[Groove:Integrations] Wrote OAuth keys to: ${keysPath}`);
+    } else {
+      console.log(`[Groove:Integrations] WARNING: No oauthKeysDir for ${entry.id}`);
     }
   }

package/node_modules/@groove-dev/daemon/src/process.js CHANGED Viewed

@@ -2,9 +2,10 @@
 // FSL-1.1-Apache-2.0 — see LICENSE
 import { spawn as cpSpawn } from 'child_process';
-import { createWriteStream, mkdirSync, chmodSync } from 'fs';
+import { createWriteStream, mkdirSync, chmodSync, existsSync, readFileSync, unlinkSync } from 'fs';
 import { resolve } from 'path';
 import { getProvider } from './providers/index.js';
+import { validateAgentConfig } from './validate.js';
 // Role-specific prompt prefixes — applied during spawn regardless of entry point
 // (SpawnPanel, chat continue, CLI, API) for consistency
@@ -58,11 +59,15 @@ Do NOT write code unless explicitly asked. Use your MCP tools (database queries,
 Do NOT write code unless explicitly asked. Use your MCP tools to interact with Home Assistant.
 `,
-  planner: `You are a planning and architecture agent. Research, analyze, and create plans — do NOT implement code unless explicitly asked. Focus on:
+  planner: `You are a PLANNING ONLY agent. You create plans. You do NOT write code, edit files, or run commands.
+ABSOLUTE RULE: Never use the Edit, Write, or Bash tools to modify source code. You ONLY use Read, Glob, and Grep to understand the codebase, then output a written plan. If the user says "build this" or "redesign this", create a PLAN for how other agents should build it — do NOT build it yourself.
+Focus on:
 - Understanding requirements
-- Exploring the codebase
+- Exploring the codebase to understand current architecture
 - Identifying approaches and trade-offs
-- Writing structured plans
+- Writing structured plans with agent assignments
 After completing your plan, you MUST do two things:
@@ -70,15 +75,25 @@ After completing your plan, you MUST do two things:
 2. Save a machine-readable team config to .groove/recommended-team.json using this EXACT format:
 [
-  { "role": "fullstack", "scope": [], "prompt": "Set up project infrastructure: package.json, tsconfig, vite config, dependencies. Once all other agents finish, audit and QC their work, fix any issues, then launch the dev server. Output the localhost URL where the app can be accessed." },
-  { "role": "backend", "scope": ["src/api/**", "src/server/**", "src/db/**", "src/lib/**"], "workingDir": "packages/backend", "prompt": "Build the backend: [specific tasks from your plan]" },
-  { "role": "frontend", "scope": ["src/components/**", "src/views/**", "src/pages/**", "src/styles/**"], "workingDir": "packages/frontend", "prompt": "Build the frontend: [specific tasks from your plan]" }
+  { "role": "frontend", "phase": 1, "scope": ["src/components/**", "src/views/**"], "prompt": "Build the frontend: [specific tasks]" },
+  { "role": "backend", "phase": 1, "scope": ["src/api/**", "src/server/**"], "prompt": "Build the backend: [specific tasks]" },
+  { "role": "fullstack", "phase": 2, "scope": [], "prompt": "QC Senior Dev: Audit all changes from phase 1 agents. Verify correctness, fix issues, run tests, build the project, commit, and launch. Output the localhost URL." }
 ]
-Include only the agents needed. Set appropriate scopes for each role. Write detailed prompts based on your plan so each agent knows exactly what to build.
-If the project is a monorepo or has distinct subdirectories (e.g. packages/, apps/), set "workingDir" to the relative path for each agent so it spawns inside its subdirectory. Omit workingDir for agents that need full project access (like fullstack or planner).
+MANDATORY RULES — NEVER SKIP THESE:
+1. The LAST entry in the array MUST be: { "role": "fullstack", "phase": 2, ... }
+   This is the QC Senior Dev. It auto-spawns after all other agents finish.
+   Its prompt: audit changes, fix issues, run tests, build, commit, launch.
+   NEVER omit this agent. Every team needs a QC.
+2. ALL other agents are phase: 1 — they run in parallel.
+3. Do NOT tell any agent to "wait for" another agent. Phase 2 handles sequencing automatically.
+4. Set appropriate scopes. Write detailed prompts so each agent knows exactly what to build.
-Always include a fullstack agent. Its job: set up infrastructure first, then after all other agents finish, audit their work, fix issues, build the project, launch the dev server, and output the localhost URL so the user can immediately see the result. Include testing/devops only if the project needs them.
+5. If the project is a monorepo, set "workingDir" for agents that need specific subdirectories.
 IMPORTANT: Do not use markdown formatting like ** or ### in your output. Write in plain text with clean formatting. Use line breaks, dashes, and indentation for structure.
@@ -105,6 +120,17 @@ export class ProcessManager {
   async spawn(config) {
     const { registry, locks, introducer } = this.daemon;
+    // Clean stale recommended-team.json when spawning a new planner
+    if (config.role === 'planner') {
+      const dirs = [this.daemon.grooveDir];
+      if (config.workingDir) dirs.push(resolve(config.workingDir, '.groove'));
+      if (this.daemon.config?.defaultWorkingDir) dirs.push(resolve(this.daemon.config.defaultWorkingDir, '.groove'));
+      for (const dir of dirs) {
+        const p = resolve(dir, 'recommended-team.json');
+        if (existsSync(p)) try { unlinkSync(p); } catch { /* */ }
+      }
+    }
     // Validate provider exists and is installed
     const provider = getProvider(config.provider || 'claude-code');
     if (!provider) {
@@ -325,6 +351,9 @@ For normal file edits within your scope, proceed without review.
       if (finalStatus === 'completed' && this.daemon.journalist) {
         this.daemon.journalist.cycle().catch(() => {});
       }
+      // Phase 2 auto-spawn: check if all phase 1 agents for a team are done
+      this._checkPhase2(agent.id);
     });
     proc.on('error', (err) => {
@@ -338,6 +367,49 @@ For normal file edits within your scope, proceed without review.
     return agent;
   }
+  /**
+   * Check if a completed/crashed agent was the last phase 1 agent in a team.
+   * If so, auto-spawn the phase 2 (QC/finisher) agents.
+   */
+  _checkPhase2(completedAgentId) {
+    const pending = this.daemon._pendingPhase2;
+    if (!pending || pending.length === 0) return;
+    const registry = this.daemon.registry;
+    for (let i = pending.length - 1; i >= 0; i--) {
+      const group = pending[i];
+      if (!group.waitFor.includes(completedAgentId)) continue;
+      // Check if ALL phase 1 agents in this group are done
+      const allDone = group.waitFor.every((id) => {
+        const a = registry.get(id);
+        return !a || a.status === 'completed' || a.status === 'crashed' || a.status === 'stopped' || a.status === 'killed';
+      });
+      if (allDone) {
+        // Remove from pending
+        pending.splice(i, 1);
+        // Auto-spawn phase 2 agents
+        for (const config of group.agents) {
+          try {
+            const validated = validateAgentConfig(config);
+            this.spawn(validated).then((agent) => {
+              this.daemon.broadcast({
+                type: 'phase2:spawned',
+                agentId: agent.id,
+                name: agent.name,
+                role: agent.role,
+              });
+              this.daemon.audit.log('phase2.autoSpawn', { id: agent.id, name: agent.name, role: agent.role });
+            }).catch(() => {});
+          } catch { /* skip invalid configs */ }
+        }
+      }
+    }
+  }
   /**
    * Resume a completed agent's session with a new message.
    * Uses --resume SESSION_ID for zero cold-start continuation.
@@ -390,7 +462,7 @@ For normal file edits within your scope, proceed without review.
       model: config.model,
       prompt: config.prompt,
       permission: config.permission,
-      workingDir: config.workingDir,
+      workingDir: config.workingDir || this.daemon.config?.defaultWorkingDir || undefined,
       name: config.name,
     });

package/node_modules/@groove-dev/daemon/src/providers/claude-code.js CHANGED Viewed

@@ -48,6 +48,10 @@ export class ClaudeCodeProvider extends Provider {
       args.push('--model', agent.model);
     }
+    if (agent.effort) {
+      args.push('--effort', agent.effort);
+    }
     // Pass the initial prompt as positional arg (includes GROOVE context)
     const fullPrompt = this.buildFullPrompt(agent);
     if (fullPrompt) {

package/node_modules/@groove-dev/daemon/src/registry.js CHANGED Viewed

@@ -50,7 +50,7 @@ export class Registry extends EventEmitter {
     if (!agent) return null;
     // Only allow known fields to prevent prototype pollution
-    const SAFE_FIELDS = ['status', 'pid', 'tokensUsed', 'contextUsage', 'lastActivity', 'model', 'name', 'routingMode', 'routingReason', 'sessionId', 'skills', 'integrations'];
+    const SAFE_FIELDS = ['status', 'pid', 'tokensUsed', 'contextUsage', 'lastActivity', 'model', 'name', 'routingMode', 'routingReason', 'sessionId', 'skills', 'integrations', 'workingDir', 'effort'];
     for (const key of Object.keys(updates)) {
       if (SAFE_FIELDS.includes(key)) {
         agent[key] = updates[key];

package/node_modules/@groove-dev/gui/.groove/audit.log ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"t":"2026-04-08T02:20:01.108Z","action":"credential.set","provider":"anthropic-api"}

package/node_modules/@groove-dev/gui/.groove/codebase-index.json ADDED Viewed

@@ -0,0 +1,64 @@
+{
+  "projectName": "gui",
+  "scannedAt": "2026-04-08T01:26:36.485Z",
+  "stats": {
+    "totalFiles": 32,
+    "totalDirs": 5,
+    "treeDepth": 4
+  },
+  "workspaces": [],
+  "keyFiles": [
+    "package.json"
+  ],
+  "tree": [
+    {
+      "path": ".",
+      "depth": 0,
+      "dirs": 2,
+      "files": 3,
+      "children": [
+        "public",
+        "src"
+      ]
+    },
+    {
+      "path": "public",
+      "depth": 1,
+      "dirs": 0,
+      "files": 3,
+      "children": []
+    },
+    {
+      "path": "src",
+      "depth": 1,
+      "dirs": 3,
+      "files": 3,
+      "children": [
+        "components",
+        "stores",
+        "views"
+      ]
+    },
+    {
+      "path": "src/components",
+      "depth": 2,
+      "dirs": 0,
+      "files": 15,
+      "children": []
+    },
+    {
+      "path": "src/stores",
+      "depth": 2,
+      "dirs": 0,
+      "files": 1,
+      "children": []
+    },
+    {
+      "path": "src/views",
+      "depth": 2,
+      "dirs": 0,
+      "files": 7,
+      "children": []
+    }
+  ]
+}

package/node_modules/@groove-dev/gui/.groove/config.json ADDED Viewed

@@ -0,0 +1,10 @@
+{
+  "version": "0.1.0",
+  "port": 31415,
+  "journalistInterval": 120,
+  "rotationThreshold": 0.75,
+  "autoRotation": true,
+  "qcThreshold": 4,
+  "maxAgents": 10,
+  "defaultProvider": "claude-code"
+}

package/node_modules/@groove-dev/gui/.groove/coordination.md ADDED Viewed

@@ -0,0 +1,5 @@
+# GROOVE Coordination
+*Agents write their intent here before shared/destructive actions.*
+<!-- No active operations -->

package/node_modules/@groove-dev/gui/.groove/credentials.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "anthropic-api": {
+    "key": "bee44e798e85b64b04e5198bd44074f0:a0de1b79cca1a00842ca83193e383128:fb7b942b82313c940f802fd2c54f5945756ce6b65dae652b1534acd38d9cca19cdfaad8eee267f56e11f2c2ec6cd8db16c4a4139ddfe0777517437a3a4b5beb53e89210e31c1cfc1f964bba8b26ca75b93f62d36ea1dbc19d3910a91c8a976a2c4369b233a5d00f799e33ebd",
+    "setAt": "2026-04-08T02:20:01.107Z"
+  }
+}

package/node_modules/@groove-dev/gui/.groove/daemon.port ADDED Viewed

	@@ -0,0 +1 @@
1	+ 31416

package/node_modules/@groove-dev/gui/.groove/federation/identity.key ADDED Viewed

@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIDgv9qJFjRft4Jh4sUoIe1GtmtckzOSsVvbi8WNRdSwf
+-----END PRIVATE KEY-----

package/node_modules/@groove-dev/gui/.groove/federation/identity.pub ADDED Viewed

@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VwAyEAHZ3D0IChsPmavZorg3hwhdMZN4W3Q0geH9TR5NVMnI0=
+-----END PUBLIC KEY-----

package/node_modules/@groove-dev/gui/.groove/integrations/package.json ADDED Viewed

@@ -0,0 +1,6 @@
+{
+  "name": "groove-integrations",
+  "version": "1.0.0",
+  "private": true,
+  "description": "MCP server packages managed by Groove"
+}

package/node_modules/@groove-dev/gui/.groove/state.json ADDED Viewed

@@ -0,0 +1,3 @@
+{
+  "agents": []
+}