groove-dev 0.17.8 → 0.18.2

package/packages/daemon/src/api.js

@@ -5,8 +5,9 @@ import express from 'express';
 import { resolve, dirname } from 'path';
 import { fileURLToPath } from 'url';
 import { existsSync, readFileSync, readdirSync, statSync, writeFileSync, mkdirSync, unlinkSync, renameSync, rmSync, createReadStream } from 'fs';
+import { spawn as cpSpawn } from 'child_process';
 import { lookup as mimeLookup } from './mimetypes.js';
-import { listProviders } from './providers/index.js';
+import { listProviders, getProvider } from './providers/index.js';
 import { validateAgentConfig } from './validate.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -351,6 +352,67 @@ export function createApi(app, daemon) {
     });
   });
 
+  // Plan chat — direct API (fast, sub-second) when API key available, CLI fallback otherwise
+  const PLAN_SYSTEM = `You are the planning assistant built into Groove's spawn panel. The user is configuring an AI agent right now — they're looking at a form with role selection, file scope, skills, integrations, effort level, and a task prompt. Your conversation will be synthesized into the agent's task prompt when they click "Generate Prompt."
+
+Your job: help them think through what the agent should do, then craft a clear plan. Be direct and practical. Don't ask how they'll feed input to agents or what tools to use — they're already inside Groove doing it. Focus on the TASK itself.
+
+What you know about the system:
+- The user is in the spawn panel, configuring an agent before launching it
+- The left panel has: role picker, directory, permissions, effort, integrations, skills, schedule
+- When done planning, "Generate Prompt" synthesizes this chat into the agent's task prompt
+- Agents are Claude Code instances with full terminal/file access in the specified directory
+- Agents can read/write files, run commands, use MCP integrations (Slack, GitHub, etc.)
+- The journalist system prevents cold starts during context rotation — agents don't lose context
+
+Keep responses concise. Help them think, don't lecture them about the system they built.`;
+
+  app.post('/api/journalist/query', async (req, res) => {
+    try {
+      const { prompt } = req.body || {};
+      if (!prompt) return res.status(400).json({ error: 'prompt is required' });
+
+      // Fast path: direct Anthropic API call (sub-second)
+      const apiKey = daemon.credentials.getKey('anthropic-api');
+      if (apiKey) {
+        const apiRes = await fetch('https://api.anthropic.com/v1/messages', {
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'x-api-key': apiKey,
+            'anthropic-version': '2023-06-01',
+          },
+          body: JSON.stringify({
+            model: 'claude-haiku-4-5-20251001',
+            max_tokens: 1024,
+            system: PLAN_SYSTEM,
+            messages: [{ role: 'user', content: prompt }],
+          }),
+        });
+        const data = await apiRes.json();
+        if (data.content?.[0]?.text) {
+          return res.json({ response: data.content[0].text, mode: 'fast' });
+        }
+        if (data.error) {
+          return res.status(400).json({ error: data.error.message || 'API error' });
+        }
+      }
+
+      // Slow path: CLI fallback for subscription auth (~10s)
+      const fullPrompt = `${PLAN_SYSTEM}\n\n${prompt}`;
+      const response = await daemon.journalist.callHeadless(fullPrompt);
+      res.json({ response, mode: 'cli' });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  // Check if Anthropic API key is configured
+  app.get('/api/anthropic-key/status', (req, res) => {
+    const hasKey = !!daemon.credentials.getKey('anthropic-api');
+    res.json({ configured: hasKey });
+  });
+
   // Trigger journalist cycle manually
   app.post('/api/journalist/cycle', async (req, res) => {
     try {
@@ -507,11 +569,13 @@ export function createApi(app, daemon) {
   // Parameterized :id routes (after specific routes above)
 
   app.post('/api/integrations/:id/authenticate', (req, res) => {
+    console.log(`[Groove:API] POST /api/integrations/${req.params.id}/authenticate`);
     try {
       const handle = daemon.integrations.authenticate(req.params.id);
+      console.log(`[Groove:API] Authenticate started, PID: ${handle.pid}`);
       res.json({ ok: true, pid: handle.pid });
-      // Auto-cleanup tracked by the handle timeout
     } catch (err) {
+      console.log(`[Groove:API] Authenticate error: ${err.message}`);
       res.status(400).json({ error: err.message });
     }
   });
@@ -720,6 +784,34 @@ export function createApi(app, daemon) {
     }
   });
 
+  // Browse absolute paths (for directory picker in agent config)
+  // Dirs only, localhost-only, no file content exposed
+  app.get('/api/browse-system', (req, res) => {
+    const absPath = req.query.path || process.env.HOME || '/';
+    if (absPath.includes('\0')) return res.status(400).json({ error: 'Invalid path' });
+    if (!existsSync(absPath)) return res.status(404).json({ error: 'Not found' });
+
+    try {
+      const entries = readdirSync(absPath, { withFileTypes: true })
+        .filter((e) => e.isDirectory() && !e.name.startsWith('.') && e.name !== 'node_modules')
+        .sort((a, b) => a.name.localeCompare(b.name))
+        .map((e) => {
+          const full = resolve(absPath, e.name);
+          let hasChildren = false;
+          try {
+            hasChildren = readdirSync(full, { withFileTypes: true })
+              .some((c) => c.isDirectory() && !c.name.startsWith('.') && c.name !== 'node_modules');
+          } catch { /* unreadable */ }
+          return { name: e.name, path: full, hasChildren };
+        });
+
+      const parent = absPath === '/' ? null : resolve(absPath, '..');
+      res.json({ current: absPath, parent, dirs: entries });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+
   // --- File Editor API ---
 
   const LANG_MAP = {
@@ -740,6 +832,11 @@ export function createApi(app, daemon) {
 
   const IGNORED_NAMES = new Set(['.git', 'node_modules', '.DS_Store', '.groove', '__pycache__', '.next', '.cache', 'dist', 'coverage']);
 
+  // Editor root directory — defaults to projectDir but can be changed at runtime
+  let editorRootDir = daemon.projectDir;
+
+  function getEditorRoot() { return editorRootDir; }
+
   function validateFilePath(relPath, projectDir) {
     if (!relPath || typeof relPath !== 'string') return { error: 'path is required' };
     if (relPath.startsWith('/') || relPath.includes('..') || relPath.includes('\0')) {
@@ -750,6 +847,27 @@ export function createApi(app, daemon) {
     return { fullPath };
   }
 
+  // Get/set the editor working directory
+  app.get('/api/files/root', (req, res) => {
+    res.json({ root: editorRootDir });
+  });
+
+  app.post('/api/files/root', (req, res) => {
+    const { root } = req.body || {};
+    if (!root || typeof root !== 'string') return res.status(400).json({ error: 'root path is required' });
+    // Must be absolute and exist
+    if (!root.startsWith('/')) return res.status(400).json({ error: 'root must be an absolute path' });
+    if (root.includes('\0') || root.includes('..')) return res.status(400).json({ error: 'Invalid path' });
+    if (!existsSync(root)) return res.status(404).json({ error: 'Directory not found' });
+    try {
+      const stat = statSync(root);
+      if (!stat.isDirectory()) return res.status(400).json({ error: 'Path is not a directory' });
+    } catch { return res.status(400).json({ error: 'Cannot access directory' }); }
+    editorRootDir = root;
+    daemon.audit.log('editor.root.set', { root });
+    res.json({ ok: true, root: editorRootDir });
+  });
+
   // File tree — returns dirs + files for a given path
   app.get('/api/files/tree', (req, res) => {
     const relPath = req.query.path || '';
@@ -759,8 +877,9 @@ export function createApi(app, daemon) {
       return res.status(400).json({ error: 'Invalid path' });
     }
 
-    const fullPath = relPath ? resolve(daemon.projectDir, relPath) : daemon.projectDir;
-    if (!fullPath.startsWith(daemon.projectDir)) {
+    const rootDir = getEditorRoot();
+    const fullPath = relPath ? resolve(rootDir, relPath) : rootDir;
+    if (!fullPath.startsWith(rootDir)) {
       return res.status(400).json({ error: 'Path outside project' });
     }
     if (!existsSync(fullPath)) {
@@ -810,7 +929,7 @@ export function createApi(app, daemon) {
 
   // Read file contents
   app.get('/api/files/read', (req, res) => {
-    const result = validateFilePath(req.query.path, daemon.projectDir);
+    const result = validateFilePath(req.query.path, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (!existsSync(result.fullPath)) {
@@ -846,7 +965,7 @@ export function createApi(app, daemon) {
   // Write file contents
   app.post('/api/files/write', (req, res) => {
     const { path: relPath, content } = req.body;
-    const result = validateFilePath(relPath, daemon.projectDir);
+    const result = validateFilePath(relPath, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (typeof content !== 'string') {
@@ -868,7 +987,7 @@ export function createApi(app, daemon) {
   // Create a new file
   app.post('/api/files/create', (req, res) => {
     const { path: relPath, content = '' } = req.body;
-    const result = validateFilePath(relPath, daemon.projectDir);
+    const result = validateFilePath(relPath, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (existsSync(result.fullPath)) {
@@ -893,7 +1012,7 @@ export function createApi(app, daemon) {
   // Create a new directory
   app.post('/api/files/mkdir', (req, res) => {
     const { path: relPath } = req.body;
-    const result = validateFilePath(relPath, daemon.projectDir);
+    const result = validateFilePath(relPath, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (existsSync(result.fullPath)) {
@@ -912,7 +1031,7 @@ export function createApi(app, daemon) {
   // Delete a file or directory
   app.delete('/api/files/delete', (req, res) => {
     const relPath = req.query.path || req.body?.path;
-    const result = validateFilePath(relPath, daemon.projectDir);
+    const result = validateFilePath(relPath, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (!existsSync(result.fullPath)) {
@@ -936,9 +1055,9 @@ export function createApi(app, daemon) {
   // Rename / move a file or directory
   app.post('/api/files/rename', (req, res) => {
     const { oldPath, newPath } = req.body;
-    const oldResult = validateFilePath(oldPath, daemon.projectDir);
+    const oldResult = validateFilePath(oldPath, getEditorRoot());
     if (oldResult.error) return res.status(400).json({ error: oldResult.error });
-    const newResult = validateFilePath(newPath, daemon.projectDir);
+    const newResult = validateFilePath(newPath, getEditorRoot());
     if (newResult.error) return res.status(400).json({ error: newResult.error });
 
     if (!existsSync(oldResult.fullPath)) {
@@ -962,7 +1081,7 @@ export function createApi(app, daemon) {
 
   // Serve raw file (images, video, etc.)
   app.get('/api/files/raw', (req, res) => {
-    const result = validateFilePath(req.query.path, daemon.projectDir);
+    const result = validateFilePath(req.query.path, getEditorRoot());
     if (result.error) return res.status(400).json({ error: result.error });
 
     if (!existsSync(result.fullPath)) {
@@ -1033,9 +1152,25 @@ export function createApi(app, daemon) {
 
   // --- Recommended Team (from planner) ---
 
+  // Find recommended-team.json — check all agent working dirs, then daemon's grooveDir
+  function findRecommendedTeam() {
+    // Check agent working dirs first (planner may have written there)
+    const agents = daemon.registry.getAll();
+    for (const agent of agents) {
+      if (agent.workingDir) {
+        const p = resolve(agent.workingDir, '.groove', 'recommended-team.json');
+        if (existsSync(p)) return p;
+      }
+    }
+    // Fallback to daemon's .groove dir
+    const p = resolve(daemon.grooveDir, 'recommended-team.json');
+    if (existsSync(p)) return p;
+    return null;
+  }
+
   app.get('/api/recommended-team', (req, res) => {
-    const teamPath = resolve(daemon.grooveDir, 'recommended-team.json');
-    if (!existsSync(teamPath)) {
+    const teamPath = findRecommendedTeam();
+    if (!teamPath) {
       return res.json({ exists: false, agents: [] });
     }
     try {
@@ -1047,8 +1182,8 @@ export function createApi(app, daemon) {
   });
 
   app.post('/api/recommended-team/launch', async (req, res) => {
-    const teamPath = resolve(daemon.grooveDir, 'recommended-team.json');
-    if (!existsSync(teamPath)) {
+    const teamPath = findRecommendedTeam();
+    if (!teamPath) {
       return res.status(404).json({ error: 'No recommended team found. Run a planner first.' });
     }
     try {
@@ -1057,8 +1192,24 @@ export function createApi(app, daemon) {
         return res.status(400).json({ error: 'Recommended team is empty' });
       }
 
+      const defaultDir = daemon.config?.defaultWorkingDir || undefined;
+
+      // Separate phase 1 (builders) and phase 2 (QC/finisher)
+      const phase1 = agents.filter((a) => !a.phase || a.phase === 1);
+      let phase2 = agents.filter((a) => a.phase === 2);
+
+      // Safety net: if planner forgot the QC agent, auto-add one
+      if (phase2.length === 0 && phase1.length >= 2) {
+        phase2 = [{
+          role: 'fullstack', phase: 2, scope: [],
+          prompt: 'QC Senior Dev: All builder agents have completed. Audit their changes for correctness, fix any issues, run tests, build the project, commit all changes, and launch. Output the localhost URL where the app can be accessed.',
+        }];
+      }
+
+      // Spawn phase 1 agents immediately
       const spawned = [];
-      for (const config of agents) {
+      const phase1Ids = [];
+      for (const config of phase1) {
         const validated = validateAgentConfig({
           role: config.role,
           scope: config.scope || [],
@@ -1066,19 +1217,59 @@ export function createApi(app, daemon) {
           provider: config.provider || 'claude-code',
           model: config.model || 'auto',
           permission: config.permission || 'auto',
-          workingDir: config.workingDir || undefined,
+          workingDir: config.workingDir || defaultDir,
+          name: config.name || undefined,
         });
         const agent = await daemon.processes.spawn(validated);
         spawned.push({ id: agent.id, name: agent.name, role: agent.role });
+        phase1Ids.push(agent.id);
+      }
+
+      // If there are phase 2 agents, register them for auto-spawn on phase 1 completion
+      if (phase2.length > 0 && phase1Ids.length > 0) {
+        daemon._pendingPhase2 = daemon._pendingPhase2 || [];
+        daemon._pendingPhase2.push({
+          waitFor: phase1Ids,
+          agents: phase2.map((c) => ({
+            role: c.role, scope: c.scope || [], prompt: c.prompt || '',
+            provider: c.provider || 'claude-code', model: c.model || 'auto',
+            permission: c.permission || 'auto',
+            workingDir: c.workingDir || defaultDir,
+            name: c.name || undefined,
+          })),
+        });
       }
 
-      daemon.audit.log('team.launch', { count: spawned.length, agents: spawned.map((a) => a.role) });
-      res.json({ launched: spawned.length, agents: spawned });
+      daemon.audit.log('team.launch', {
+        phase1: spawned.length, phase2Pending: phase2.length,
+        agents: spawned.map((a) => a.role),
+      });
+      res.json({ launched: spawned.length, phase2Pending: phase2.length, agents: spawned });
     } catch (err) {
       res.status(500).json({ error: err.message });
     }
   });
 
+  // Clean up stale artifacts (old plans, recommended teams, etc.)
+  app.post('/api/cleanup', (req, res) => {
+    let cleaned = 0;
+    // Clean recommended-team.json from all known locations
+    const locations = [resolve(daemon.grooveDir, 'recommended-team.json')];
+    for (const agent of daemon.registry.getAll()) {
+      if (agent.workingDir) {
+        locations.push(resolve(agent.workingDir, '.groove', 'recommended-team.json'));
+      }
+    }
+    const defaultDir = daemon.config?.defaultWorkingDir;
+    if (defaultDir) locations.push(resolve(defaultDir, '.groove', 'recommended-team.json'));
+
+    for (const p of locations) {
+      if (existsSync(p)) { try { unlinkSync(p); cleaned++; } catch { /* */ } }
+    }
+    daemon.audit.log('cleanup', { cleaned });
+    res.json({ ok: true, cleaned });
+  });
+
   // --- Command Center Dashboard ---
 
   app.get('/api/dashboard', (req, res) => {
@@ -1259,7 +1450,7 @@ export function createApi(app, daemon) {
   app.patch('/api/config', async (req, res) => {
     const ALLOWED_KEYS = [
       'port', 'journalistInterval', 'rotationThreshold', 'autoRotation',
-      'qcThreshold', 'maxAgents', 'defaultProvider',
+      'qcThreshold', 'maxAgents', 'defaultProvider', 'defaultWorkingDir',
     ];
     for (const key of Object.keys(req.body)) {
       if (!ALLOWED_KEYS.includes(key)) {

package/packages/daemon/src/index.js

@@ -5,7 +5,7 @@ import { createServer as createHttpServer } from 'http';
 import { createServer as createNetServer } from 'net';
 import { execFileSync } from 'child_process';
 import { resolve } from 'path';
-import { readFileSync, writeFileSync, unlinkSync, existsSync, mkdirSync } from 'fs';
+import { readFileSync, writeFileSync, unlinkSync, existsSync, mkdirSync, readdirSync, statSync } from 'fs';
 import express from 'express';
 import { WebSocketServer } from 'ws';
 import { Registry } from './registry.js';
@@ -247,6 +247,15 @@ export class Daemon {
       tester.listen(port, bindHost);
     }).catch(() => false);
 
+    if (!(await checkPort(this.port))) {
+      // Wait for port release (e.g., after groove stop)
+      let retries = 5;
+      while (retries > 0 && !(await checkPort(this.port))) {
+        await new Promise((r) => setTimeout(r, 1000));
+        retries--;
+      }
+    }
+
     if (!(await checkPort(this.port))) {
       const originalPort = this.port;
       // Try next 10 ports
@@ -281,6 +290,7 @@ export class Daemon {
         this.journalist.start();
         this.rotator.start();
         this.scheduler.start();
+        this._startGarbageCollector();
 
         // Scan codebase for workspace/structure awareness
         this.indexer.scan();
@@ -290,6 +300,62 @@ export class Daemon {
     });
   }
 
+  _startGarbageCollector() {
+    // Run once on startup, then every 24 hours
+    this._gc();
+    this._gcInterval = setInterval(() => this._gc(), 24 * 60 * 60 * 1000);
+  }
+
+  _gc() {
+    const { grooveDir } = this;
+    let cleaned = 0;
+
+    try {
+      // 1. Clean old log files (>7 days, agent no longer exists)
+      const logsDir = resolve(grooveDir, 'logs');
+      if (existsSync(logsDir)) {
+        const now = Date.now();
+        const sevenDays = 7 * 24 * 60 * 60 * 1000;
+        for (const file of readdirSync(logsDir)) {
+          const p = resolve(logsDir, file);
+          try {
+            const age = now - statSync(p).mtimeMs;
+            if (age > sevenDays) { unlinkSync(p); cleaned++; }
+          } catch { /* skip */ }
+        }
+      }
+
+      // 2. Clean stale recommended-team.json from daemon dir (not working dirs — those are user-managed)
+      //    Only clean if no planner agent is currently running
+      const hasPlanner = this.registry.getAll().some((a) => a.role === 'planner' && (a.status === 'running' || a.status === 'starting'));
+      if (!hasPlanner) {
+        const teamFile = resolve(grooveDir, 'recommended-team.json');
+        if (existsSync(teamFile)) {
+          try {
+            const age = Date.now() - statSync(teamFile).mtimeMs;
+            if (age > 24 * 60 * 60 * 1000) { unlinkSync(teamFile); cleaned++; } // >24h old
+          } catch { /* skip */ }
+        }
+      }
+
+      // 3. Prune audit log (keep last 1000 lines)
+      const auditFile = resolve(grooveDir, 'audit.log');
+      if (existsSync(auditFile)) {
+        try {
+          const lines = readFileSync(auditFile, 'utf8').split('\n');
+          if (lines.length > 1000) {
+            writeFileSync(auditFile, lines.slice(-1000).join('\n'));
+            cleaned++;
+          }
+        } catch { /* skip */ }
+      }
+
+      if (cleaned > 0) {
+        this.audit.log('gc.run', { cleaned });
+      }
+    } catch { /* gc should never crash the daemon */ }
+  }
+
   async stop() {
     // Persist state before shutdown
     this.state.set('agents', this.registry.getAll());
@@ -299,6 +365,7 @@ export class Daemon {
     this.journalist.stop();
     this.rotator.stop();
     this.scheduler.stop();
+    if (this._gcInterval) clearInterval(this._gcInterval);
 
     // Clean up file watchers and terminal sessions
     this.fileWatcher.unwatchAll();

package/packages/daemon/src/integrations.js

@@ -380,10 +380,8 @@ export class IntegrationStore {
     if (!entry) throw new Error(`Integration not found: ${integrationId}`);
     if (entry.authType !== 'oauth-google') throw new Error('Integration does not use OAuth');
 
-    // Check if user has provided their own Google OAuth client (stored globally)
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
       throw new Error('Google OAuth not configured. Set up your Google Cloud project first.');
     }
 
@@ -392,7 +390,7 @@ export class IntegrationStore {
     const scopes = entry.oauthScopes || [];
 
     const params = new URLSearchParams({
-      client_id: clientId,
+      client_id: creds.clientId,
       redirect_uri: redirectUri,
       response_type: 'code',
       scope: scopes.join(' '),
@@ -408,11 +406,11 @@ export class IntegrationStore {
    * Handle OAuth callback — exchange code for tokens.
    */
   async handleOAuthCallback(code, integrationId) {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
       throw new Error('Google OAuth credentials not found');
     }
+    const { clientId, clientSecret } = creds;
 
     const port = this.daemon.port || 31415;
     const redirectUri = `http://localhost:${port}/api/integrations/oauth/callback`;
@@ -451,10 +449,32 @@ export class IntegrationStore {
   /**
    * Check if Google OAuth is configured (user has set up their Cloud project).
    */
+  /**
+   * Get Google OAuth credentials from user config OR bundled defaults.
+   * User-configured credentials take priority over bundled defaults.
+   */
+  _getGoogleOAuthCredentials() {
+    // 1. Check user-configured credentials (encrypted store)
+    let clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
+    let clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
+    if (clientId && clientSecret) return { clientId, clientSecret, source: 'user' };
+
+    // 2. Check bundled defaults (shipped with Groove)
+    try {
+      const defaultsPath = resolve(__dirname, '../google-oauth.json');
+      if (existsSync(defaultsPath)) {
+        const defaults = JSON.parse(readFileSync(defaultsPath, 'utf8'));
+        if (defaults.client_id && defaults.client_secret) {
+          return { clientId: defaults.client_id, clientSecret: defaults.client_secret, source: 'bundled' };
+        }
+      }
+    } catch { /* no bundled defaults */ }
+
+    return null;
+  }
+
   isGoogleOAuthConfigured() {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    return !!(clientId && clientSecret);
+    return !!this._getGoogleOAuthCredentials();
   }
 
   /**
@@ -467,14 +487,18 @@ export class IntegrationStore {
     const entry = this.registry.find((s) => s.id === integrationId);
     if (!entry) throw new Error(`Integration not found: ${integrationId}`);
 
+    console.log(`[Groove:Integrations] authenticate(${integrationId}) — authType: ${entry.authType}`);
+
     // For google-autoauth integrations, write the gcp-oauth.keys.json file
     // that the MCP server expects before it can start the OAuth browser flow
     if (entry.authType === 'google-autoauth') {
+      console.log(`[Groove:Integrations] Writing gcp-oauth.keys.json for ${integrationId}`);
       this._writeGoogleOAuthKeys(entry);
     }
 
     const command = entry.command || 'npx';
     const args = entry.args || ['-y', entry.npmPackage];
+    console.log(`[Groove:Integrations] Spawning: ${command} ${args.join(' ')}`);
 
     // Build env with any configured credentials
     const env = {};
@@ -491,6 +515,8 @@ export class IntegrationStore {
       detached: false,
     });
 
+    console.log(`[Groove:Integrations] Process spawned, PID: ${proc.pid}`);
+
     // Send MCP handshake to initialize the server — this triggers auth
     const initMsg = JSON.stringify({
       jsonrpc: '2.0', id: 1, method: 'initialize',
@@ -507,28 +533,38 @@ export class IntegrationStore {
       jsonrpc: '2.0', method: 'notifications/initialized',
     });
 
-    // Wait a moment for npx to download + start, then send handshake
     proc.stdout.on('data', (chunk) => {
       const text = chunk.toString();
+      console.log(`[Groove:Integrations] MCP stdout: ${text.slice(0, 200)}`);
       // After initialize response, send initialized notification + tools/list
       if (text.includes('"id":1') || text.includes('"id": 1')) {
+        console.log('[Groove:Integrations] Got initialize response, sending initialized + tools/list');
         proc.stdin.write(initializedNotif + '\n');
         setTimeout(() => proc.stdin.write(listToolsMsg + '\n'), 500);
       }
     });
 
+    proc.on('error', (err) => {
+      console.log(`[Groove:Integrations] Process error: ${err.message}`);
+    });
+
+    proc.on('exit', (code, signal) => {
+      console.log(`[Groove:Integrations] Process exited: code=${code} signal=${signal}`);
+      clearTimeout(timeout);
+    });
+
     // Send initialize after a brief delay for npx startup
     setTimeout(() => {
-      try { proc.stdin.write(initMsg + '\n'); } catch { /* process may have exited */ }
+      console.log('[Groove:Integrations] Sending MCP initialize message');
+      try { proc.stdin.write(initMsg + '\n'); } catch (e) { console.log('[Groove:Integrations] stdin write failed:', e.message); }
     }, 3000);
 
-    // Auto-kill after 2 minutes (auth should complete well before that)
+    // Auto-kill after 2 minutes
     const timeout = setTimeout(() => {
+      console.log('[Groove:Integrations] Auth timeout — killing process');
       try { proc.kill('SIGTERM'); } catch { /* ignore */ }
     }, 120_000);
 
-    proc.on('exit', () => clearTimeout(timeout));
-
     this.daemon.audit.log('integration.authenticate', { id: integrationId });
 
     return {
@@ -543,11 +579,11 @@ export class IntegrationStore {
    * before they can open the browser for user consent.
    */
   _writeGoogleOAuthKeys(entry) {
-    const clientId = this.getCredential('google-oauth', 'GOOGLE_CLIENT_ID');
-    const clientSecret = this.getCredential('google-oauth', 'GOOGLE_CLIENT_SECRET');
-    if (!clientId || !clientSecret) {
-      throw new Error('Google OAuth not configured. Click "Sign in with Google" to set up your Google Cloud credentials first.');
+    const creds = this._getGoogleOAuthCredentials();
+    if (!creds) {
+      throw new Error('Google OAuth not configured. Set up your Google Cloud credentials first.');
     }
+    const { clientId, clientSecret } = creds;
 
     const keysContent = JSON.stringify({
       installed: {
@@ -567,6 +603,9 @@ export class IntegrationStore {
       mkdirSync(dirPath, { recursive: true });
       const keysPath = resolve(dirPath, 'gcp-oauth.keys.json');
       writeFileSync(keysPath, keysContent, { mode: 0o600 });
+      console.log(`[Groove:Integrations] Wrote OAuth keys to: ${keysPath}`);
+    } else {
+      console.log(`[Groove:Integrations] WARNING: No oauthKeysDir for ${entry.id}`);
     }
   }