npm - machinaos - Versions diffs - 0.0.76 → 0.0.78 - Mend

machinaos 0.0.76 → 0.0.78

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (393) hide show

package/README.md +143 -107
package/client/dist/assets/ActionBar-Du2MSFSz.js +1 -0
package/client/dist/assets/ApiKeyInput-k2LBmBjb.js +1 -0
package/client/dist/assets/ApiKeyPanel-C_bV9U0X.js +1 -0
package/client/dist/assets/ApiUsageSection-CmVfwZzL.js +1 -0
package/client/dist/assets/EmailPanel-CeKIMGu-.js +1 -0
package/client/dist/assets/OAuthPanel-KA3t3Q2K.js +1 -0
package/client/dist/assets/QrPairingPanel-NgNpJNuk.js +1 -0
package/client/dist/assets/RateLimitSection-Du5YNVIA.js +1 -0
package/client/dist/assets/StatusCard-DNLyayXc.js +1 -0
package/client/dist/assets/index-DQ0nwhec.js +257 -0
package/client/dist/assets/index-DxmbVskS.css +1 -0
package/client/dist/assets/vendor-flow-CZmBvHRo.js +1 -0
package/client/dist/assets/vendor-icons-CVrPjN2Q.js +22 -0
package/client/dist/assets/vendor-markdown-CRou3yQ5.js +62 -0
package/client/dist/assets/vendor-misc-C4VxKHs5.js +1 -0
package/client/dist/assets/vendor-query-SzWcOU0G.js +1 -0
package/client/dist/assets/vendor-radix-Dnos29jG.js +56 -0
package/client/dist/assets/vendor-react-DvWIbVx0.js +1 -0
package/client/dist/index.html +37 -3
package/client/index.html +28 -1
package/client/package.json +44 -40
package/client/src/App.tsx +2 -0
package/client/src/Dashboard.tsx +157 -45
package/client/src/ParameterPanel.tsx +3 -5
package/client/src/adapters/nodeSpecToDescription.ts +1 -0
package/client/src/assets/icons/NodeIcon.tsx +32 -0
package/client/src/assets/icons/index.ts +4 -0
package/client/src/assets/icons/stripe.svg +1 -0
package/client/src/assets/icons/themedGlyphs.ts +404 -0
package/client/src/components/AIAgentNode.tsx +77 -53
package/client/src/components/GenericNode.tsx +34 -52
package/client/src/components/OutputPanel.tsx +64 -147
package/client/src/components/ParameterRenderer.tsx +5 -3
package/client/src/components/SkillEditorModal.tsx +9 -18
package/client/src/components/SquareNode.tsx +97 -115
package/client/src/components/StartNode.tsx +32 -42
package/client/src/components/SvgFilterDefs.tsx +54 -0
package/client/src/components/TeamMonitorNode.tsx +12 -14
package/client/src/components/ToolkitNode.tsx +35 -60
package/client/src/components/TriggerNode.tsx +43 -77
package/client/src/components/__tests__/CredentialsModal.test.tsx +49 -45
package/client/src/components/credentials/CredentialsModal.tsx +98 -30
package/client/src/components/credentials/CredentialsPalette.tsx +73 -5
package/client/src/components/credentials/catalogueAdapter.ts +17 -1
package/client/src/components/credentials/panels/ApiKeyPanel.tsx +102 -37
package/client/src/components/credentials/panels/EmailPanel.tsx +7 -19
package/client/src/components/credentials/panels/OAuthPanel.tsx +5 -1
package/client/src/components/credentials/panels/QrPairingPanel.tsx +1 -3
package/client/src/components/credentials/primitives/ActionBar.tsx +7 -11
package/client/src/components/credentials/primitives/OAuthConnect.tsx +19 -28
package/client/src/components/credentials/sections/ProviderDefaultsSection.tsx +24 -3
package/client/src/components/credentials/types.ts +12 -2
package/client/src/components/credentials/useCredentialPanel.ts +43 -19
package/client/src/components/icons/AIProviderIcons.tsx +16 -0
package/client/src/components/onboarding/OnboardingWizard.tsx +23 -63
package/client/src/components/onboarding/nodeRoleClasses.ts +23 -0
package/client/src/components/onboarding/steps/CanvasStep.tsx +15 -21
package/client/src/components/onboarding/steps/ConceptsStep.tsx +2 -11
package/client/src/components/onboarding/steps/GetStartedStep.tsx +2 -10
package/client/src/components/parameterPanel/InputSection.tsx +9 -7
package/client/src/components/parameterPanel/MasterSkillEditor.tsx +84 -198
package/client/src/components/parameterPanel/MiddleSection.tsx +57 -80
package/client/src/components/parameterPanel/ToolSchemaEditor.tsx +31 -25
package/client/src/components/parameterPanel/__tests__/InputSection.test.tsx +7 -2
package/client/src/components/ui/AIResultModal.tsx +1 -1
package/client/src/components/ui/CollapsibleSection.tsx +9 -5
package/client/src/components/ui/CommandPalette.tsx +147 -0
package/client/src/components/ui/CommandPaletteHost.tsx +189 -0
package/client/src/components/ui/ComponentItem.tsx +13 -7
package/client/src/components/ui/ComponentPalette.tsx +24 -13
package/client/src/components/ui/ConsolePanel.tsx +19 -11
package/client/src/components/ui/DropCap.tsx +28 -0
package/client/src/components/ui/EditableNodeLabel.tsx +10 -2
package/client/src/components/ui/InputNodesPanel.tsx +1 -1
package/client/src/components/ui/Modal.tsx +38 -6
package/client/src/components/ui/OutputDisplayPanel.tsx +1 -1
package/client/src/components/ui/SettingsPanel.tsx +42 -13
package/client/src/components/ui/StatusBar.tsx +108 -0
package/client/src/components/ui/ThemeSwitcher.tsx +109 -0
package/client/src/components/ui/TopToolbar.tsx +42 -25
package/client/src/components/ui/WorkflowSidebar.tsx +32 -16
package/client/src/components/ui/action-button.tsx +40 -15
package/client/src/components/ui/button.tsx +24 -1
package/client/src/components/ui/dropdown-menu.tsx +24 -2
package/client/src/components/ui/input.tsx +19 -2
package/client/src/components/ui/select.tsx +15 -0
package/client/src/components/ui/textarea.tsx +15 -2
package/client/src/contexts/AuthContext.tsx +148 -109
package/client/src/contexts/ThemeContext.tsx +93 -17
package/client/src/contexts/WebSocketContext.tsx +373 -206
package/client/src/contexts/__tests__/AuthContext.test.tsx +221 -0
package/client/src/hooks/__tests__/useDragVariable.test.ts +7 -1
package/client/src/hooks/__tests__/useWorkflowOpsListener.test.ts +142 -0
package/client/src/hooks/useAppTheme.ts +209 -7
package/client/src/hooks/useAutoSkillEdges.ts +7 -2
package/client/src/hooks/useCatalogueQuery.ts +67 -1
package/client/src/hooks/useDragVariable.ts +1 -1
package/client/src/hooks/useNodeAllowlist.ts +115 -8
package/client/src/hooks/useOnboarding.ts +20 -8
package/client/src/hooks/useParameterPanel.ts +2 -1
package/client/src/hooks/useReactFlowNodes.ts +2 -1
package/client/src/hooks/useSound.ts +185 -0
package/client/src/hooks/useWorkflowManagement.ts +6 -8
package/client/src/hooks/useWorkflowOpsListener.ts +90 -0
package/client/src/index.css +65 -3
package/client/src/lib/__tests__/connectionConfig.test.ts +91 -0
package/client/src/lib/aiModelProviders.ts +8 -0
package/client/src/lib/connectionConfig.ts +107 -0
package/client/src/lib/queryPersist.ts +13 -5
package/client/src/lib/sound.ts +393 -0
package/client/src/main.tsx +20 -0
package/client/src/store/useAppStore.ts +26 -0
package/client/src/styles/canvasAnimations.ts +37 -36
package/client/src/styles/theme.ts +36 -20
package/client/src/test/setup.ts +1 -0
package/client/src/themes/atomic.css +253 -0
package/client/src/themes/base.css +373 -0
package/client/src/themes/cyber.css +890 -0
package/client/src/themes/dark.css +70 -0
package/client/src/themes/edo.css +246 -0
package/client/src/themes/greek.css +293 -0
package/client/src/themes/light.css +78 -0
package/client/src/themes/plague.css +253 -0
package/client/src/themes/renaissance.css +727 -0
package/client/src/themes/rot.css +249 -0
package/client/src/themes/steampunk.css +272 -0
package/client/src/themes/surveillance.css +289 -0
package/client/src/themes/wasteland.css +250 -0
package/client/src/types/INodeProperties.ts +5 -0
package/client/src/types/NodeTypes.ts +11 -1
package/client/src/types/__tests__/cloudEvents.test.ts +99 -0
package/client/src/types/cloudEvents.ts +78 -0
package/client/src/vite-env.d.ts +7 -0
package/client/tsconfig.json +1 -1
package/client/vite.config.js +62 -2
package/install.ps1 +1 -1
package/install.sh +1 -1
package/machina/commands/build.py +51 -7
package/machina/pyproject.toml +4 -0
package/machina/supervisor.py +12 -2
package/machina/tree.py +71 -21
package/package.json +4 -4
package/scripts/install.js +16 -1
package/server/config/ai_cli_providers.json +54 -0
package/server/config/credential_providers.json +109 -2
package/server/config/llm_defaults.json +24 -0
package/server/config/model_registry.json +338 -499
package/server/config/node_allowlist.json +16 -1
package/server/config/pricing.json +8 -0
package/server/constants.py +38 -15
package/server/core/container.py +2 -2
package/server/core/credentials_database.py +35 -2
package/server/core/logging.py +4 -3
package/server/main.py +99 -13
package/server/models/node_metadata.py +1 -0
package/server/nodejs/package.json +8 -6
package/server/nodejs/src/index.ts +22 -5
package/server/nodes/README.md +31 -4
package/server/nodes/agent/_inline.py +2 -0
package/server/nodes/agent/_specialized.py +6 -3
package/server/nodes/agent/ai_agent.py +13 -3
package/server/nodes/agent/chat_agent.py +6 -3
package/server/nodes/agent/claude_code_agent.py +287 -75
package/server/nodes/agent/codex_agent.py +239 -0
package/server/nodes/agent/deep_agent.py +3 -3
package/server/nodes/agent/rlm_agent.py +3 -3
package/server/nodes/android/__init__.py +31 -1
package/server/nodes/android/_base.py +9 -5
package/server/{services/android_service.py → nodes/android/_dispatcher.py} +2 -2
package/server/nodes/android/_handlers.py +154 -0
package/server/nodes/android/_option_loaders.py +44 -0
package/server/nodes/android/_refresh.py +127 -0
package/server/{services/android → nodes/android/_relay}/client.py +4 -4
package/server/{routers/android.py → nodes/android/_router.py} +27 -8
package/server/nodes/browser/browser.py +2 -2
package/server/nodes/code/_base.py +6 -2
package/server/nodes/code/_claude_code.py +134 -0
package/server/nodes/document/embedding_generator.py +3 -3
package/server/nodes/document/http_scraper.py +3 -3
package/server/nodes/document/vector_store.py +5 -5
package/server/nodes/email/__init__.py +11 -1
package/server/nodes/email/_filters.py +21 -0
package/server/{services/himalaya_service.py → nodes/email/_himalaya.py} +6 -10
package/server/{services/email_service.py → nodes/email/_service.py} +9 -13
package/server/nodes/email/email_read.py +1 -1
package/server/nodes/email/email_receive.py +54 -5
package/server/nodes/email/email_send.py +1 -1
package/server/nodes/filesystem/shell.py +24 -1
package/server/nodes/google/__init__.py +55 -1
package/server/{services/handlers/google_auth.py → nodes/google/_auth_helper.py} +8 -5
package/server/nodes/google/_base.py +2 -2
package/server/nodes/google/_credentials.py +5 -5
package/server/nodes/google/_filters.py +25 -0
package/server/nodes/google/_handlers.py +57 -0
package/server/{services/google_oauth.py → nodes/google/_oauth.py} +195 -162
package/server/nodes/google/_option_loaders.py +107 -0
package/server/nodes/google/_refresh.py +66 -0
package/server/nodes/google/_router.py +131 -0
package/server/nodes/google/gmail_receive.py +41 -4
package/server/nodes/groups.py +1 -0
package/server/nodes/location/_credentials.py +45 -1
package/server/{services/maps.py → nodes/location/_service.py} +18 -3
package/server/nodes/location/gmaps_create.py +4 -4
package/server/nodes/location/gmaps_locations.py +4 -4
package/server/nodes/location/gmaps_nearby_places.py +4 -4
package/server/nodes/model/_base.py +8 -3
package/server/nodes/model/_credentials.py +96 -8
package/server/nodes/model/_local_validator.py +345 -0
package/server/nodes/model/lmstudio_chat_model.py +23 -0
package/server/nodes/model/ollama_chat_model.py +25 -0
package/server/nodes/proxy/_usage.py +2 -2
package/server/nodes/proxy/proxy_config.py +14 -14
package/server/nodes/proxy/proxy_request.py +4 -4
package/server/nodes/scraper/_credentials.py +29 -1
package/server/nodes/scraper/apify_actor.py +9 -9
package/server/nodes/scraper/crawlee_scraper.py +5 -5
package/server/nodes/search/brave_search.py +4 -0
package/server/nodes/search/perplexity_search.py +9 -0
package/server/nodes/search/serper_search.py +3 -0
package/server/nodes/skill/simple_memory.py +12 -0
package/server/nodes/social/_base.py +2 -2
package/server/nodes/stripe/__init__.py +46 -0
package/server/nodes/stripe/_credentials.py +33 -0
package/server/nodes/stripe/_handlers.py +270 -0
package/server/nodes/stripe/_install.py +127 -0
package/server/nodes/stripe/_source.py +174 -0
package/server/nodes/stripe/stripe_action.py +81 -0
package/server/nodes/stripe/stripe_receive.py +92 -0
package/server/nodes/telegram/_credentials.py +52 -1
package/server/nodes/telegram/_handlers.py +19 -18
package/server/nodes/telegram/_service.py +134 -32
package/server/nodes/telegram/telegram_send.py +5 -6
package/server/nodes/text/file_handler.py +2 -2
package/server/nodes/text/text_generator.py +2 -2
package/server/nodes/tool/agent_builder.py +630 -0
package/server/nodes/tool/task_manager.py +144 -2
package/server/nodes/twitter/__init__.py +38 -1
package/server/nodes/twitter/_base.py +7 -7
package/server/nodes/twitter/_credentials.py +1 -1
package/server/nodes/twitter/_filters.py +37 -0
package/server/nodes/twitter/_handlers.py +77 -0
package/server/nodes/twitter/_oauth.py +124 -0
package/server/nodes/twitter/_refresh.py +78 -0
package/server/nodes/twitter/_router.py +29 -0
package/server/nodes/twitter/twitter_receive.py +4 -0
package/server/nodes/visuals.json +64 -19
package/server/nodes/whatsapp/__init__.py +45 -5
package/server/nodes/whatsapp/_base.py +3 -3
package/server/nodes/whatsapp/_filters.py +137 -0
package/server/nodes/whatsapp/_handlers.py +167 -0
package/server/nodes/whatsapp/_option_loaders.py +68 -0
package/server/nodes/whatsapp/_refresh.py +62 -0
package/server/nodes/whatsapp/_runtime.py +1 -1
package/server/pyproject.toml +29 -7
package/server/routers/schemas.py +2 -2
package/server/routers/webhook.py +26 -9
package/server/routers/websocket.py +149 -810
package/server/services/ai.py +89 -8
package/server/services/auth.py +220 -43
package/server/services/claude_oauth.py +126 -100
package/server/services/cli_agent/__init__.py +78 -0
package/server/services/cli_agent/_handlers.py +237 -0
package/server/services/cli_agent/config.py +112 -0
package/server/services/cli_agent/factory.py +48 -0
package/server/services/cli_agent/lockfile.py +141 -0
package/server/services/cli_agent/mcp_server.py +482 -0
package/server/services/cli_agent/protocol.py +173 -0
package/server/services/cli_agent/providers/__init__.py +9 -0
package/server/services/cli_agent/providers/anthropic_claude.py +419 -0
package/server/services/cli_agent/providers/google_gemini.py +80 -0
package/server/services/cli_agent/providers/openai_codex.py +310 -0
package/server/services/cli_agent/service.py +607 -0
package/server/services/cli_agent/session.py +618 -0
package/server/services/cli_agent/types.py +227 -0
package/server/services/cli_agent/workflow_tools.py +233 -0
package/server/services/credential_registry.py +26 -1
package/server/services/deployment/manager.py +26 -145
package/server/services/deployment/poll_registry.py +59 -0
package/server/services/event_waiter.py +76 -246
package/server/services/events/__init__.py +54 -0
package/server/services/events/cli.py +78 -0
package/server/services/events/daemon.py +163 -0
package/server/services/events/envelope.py +281 -0
package/server/services/events/lifecycle.py +99 -0
package/server/services/events/oauth_lifecycle.py +534 -0
package/server/services/events/polling.py +60 -0
package/server/services/events/push.py +36 -0
package/server/services/events/source.py +63 -0
package/server/services/events/triggers.py +118 -0
package/server/services/events/verifiers/__init__.py +25 -0
package/server/services/events/verifiers/base.py +28 -0
package/server/services/events/verifiers/github.py +25 -0
package/server/services/events/verifiers/hmac_basic.py +32 -0
package/server/services/events/verifiers/standard_webhooks.py +47 -0
package/server/services/events/verifiers/stripe.py +42 -0
package/server/services/events/webhook.py +105 -0
package/server/services/handlers/tools.py +28 -186
package/server/services/llm/config.py +7 -0
package/server/services/llm/factory.py +8 -2
package/server/services/memory/__init__.py +52 -0
package/server/services/memory/jsonl.py +80 -0
package/server/services/memory/markdown.py +65 -0
package/server/services/memory/state.py +112 -0
package/server/services/memory/vector_store.py +40 -0
package/server/services/model_registry.py +76 -0
package/server/services/node_allowlist.py +71 -15
package/server/services/node_executor.py +2 -2
package/server/services/node_output_schemas.py +21 -10
package/server/services/node_spec.py +1 -1
package/server/services/oauth_utils.py +1 -1
package/server/services/plugin/__init__.py +2 -0
package/server/services/plugin/base.py +44 -2
package/server/services/plugin/credential.py +288 -1
package/server/services/plugin/deps.py +105 -0
package/server/services/plugin/edge_walker.py +12 -4
package/server/services/plugin/oauth.py +381 -0
package/server/services/plugin/polling.py +247 -0
package/server/services/plugin/registry.py +145 -0
package/server/services/plugin/singleton.py +65 -0
package/server/services/plugin/ws.py +81 -0
package/server/services/process_service.py +31 -2
package/server/services/status_broadcaster.py +155 -238
package/server/services/temporal/workflow.py +7 -7
package/server/services/workflow.py +21 -3
package/server/services/ws_handler_registry.py +111 -28
package/server/skills/GUIDE.md +16 -1
package/server/skills/assistant/agent-builder-skill/SKILL.md +166 -0
package/server/skills/payments_agent/stripe-skill/SKILL.md +306 -0
package/server/tests/credentials/test_auth_service.py +16 -9
package/server/tests/credentials/test_credential_broadcasts.py +219 -0
package/server/tests/credentials/test_google_oauth.py +6 -6
package/server/tests/credentials/test_oauth_utils.py +1 -1
package/server/tests/credentials/test_twitter_oauth.py +2 -2
package/server/tests/credentials/test_websocket_handlers.py +44 -20
package/server/tests/llm/test_factory.py +1 -0
package/server/tests/llm/test_wiring.py +5 -1
package/server/tests/nodes/_compat.py +24 -24
package/server/tests/nodes/test_agent_builder.py +439 -0
package/server/tests/nodes/test_ai_tools.py +18 -14
package/server/tests/nodes/test_code_fs_process.py +17 -8
package/server/tests/nodes/test_email.py +10 -9
package/server/tests/nodes/test_google_workspace.py +2 -2
package/server/tests/nodes/test_specialized_agents.py +100 -53
package/server/tests/nodes/test_stripe_plugin.py +293 -0
package/server/tests/nodes/test_telegram_social.py +4 -4
package/server/tests/nodes/test_twitter.py +1 -1
package/server/tests/nodes/test_web_automation.py +2 -2
package/server/tests/nodes/test_whatsapp.py +9 -9
package/server/tests/services/cli_agent/__init__.py +0 -0
package/server/tests/services/cli_agent/test_mcp_server.py +432 -0
package/server/tests/services/cli_agent/test_providers.py +358 -0
package/server/tests/services/cli_agent/test_service.py +298 -0
package/server/tests/services/memory/__init__.py +0 -0
package/server/tests/services/memory/test_jsonl.py +188 -0
package/server/tests/services/test_events.py +333 -0
package/server/tests/test_node_spec.py +56 -16
package/server/tests/test_plugin_helpers.py +116 -0
package/server/tests/test_plugin_self_containment.py +486 -0
package/server/tests/test_status_broadcasts.py +425 -0
package/workflows/{AI Assistant_workflow-1777421105154-0m4snkzjf.json → AI Assistant_workflow-1778504793388-ou1m1tz2x.json } +70 -266
package/workflows/{AI Employee_workflow-1777720598005-u4cm858dv.json → AI Employee_example_workflow-1777720598005-u4cm858dv.json } +112 -112
package/workflows/Claude Assistant_workflow-1778380124051-mdibn807c.json +709 -0
package/client/dist/assets/ActionBar-vzPpSR77.js +0 -1
package/client/dist/assets/ApiKeyInput-Ds7AKFe8.js +0 -1
package/client/dist/assets/ApiKeyPanel-gfblELep.js +0 -1
package/client/dist/assets/ApiUsageSection-BMNWTe2r.js +0 -1
package/client/dist/assets/EmailPanel-B1Om64p5.js +0 -1
package/client/dist/assets/OAuthPanel-CXyQYGBz.js +0 -1
package/client/dist/assets/QrPairingPanel-BgNuI1we.js +0 -1
package/client/dist/assets/RateLimitSection-YYK8sx1T.js +0 -1
package/client/dist/assets/StatusCard-DuYA5hJR.js +0 -1
package/client/dist/assets/index-D9tZfgvi.js +0 -363
package/client/dist/assets/index-al7snTkG.css +0 -1
package/client/src/components/credentials/providers.tsx +0 -177
package/server/routers/google.py +0 -277
package/server/routers/maps.py +0 -142
package/server/routers/twitter.py +0 -365
package/server/services/claude_code_service.py +0 -106
package/server/services/memory.py +0 -159
package/server/services/node_option_loaders/__init__.py +0 -77
package/server/services/node_option_loaders/android_loaders.py +0 -55
package/server/services/node_option_loaders/google_loaders.py +0 -97
package/server/services/node_option_loaders/whatsapp_loaders.py +0 -69
package/server/services/twitter_oauth.py +0 -411
package/server/services/websocket_client.py +0 -29
/package/server/{services/android → nodes/android/_relay}/__init__.py +0 -0
/package/server/{services/android → nodes/android/_relay}/broadcaster.py +0 -0
/package/server/{services/android → nodes/android/_relay}/manager.py +0 -0
/package/server/{services/android → nodes/android/_relay}/protocol.py +0 -0
/package/server/{services/browser_service.py → nodes/browser/_service.py} +0 -0
/package/server/{services/whatsapp_service.py → nodes/whatsapp/_service.py} +0 -0
/package/server/skills/{task_agent → assistant}/write-todos-skill/SKILL.md +0 -0

package/server/{services/google_oauth.py → nodes/google/_oauth.py} RENAMED Viewed

@@ -1,25 +1,30 @@
+"""Google Workspace OAuth 2.0 (composition pattern -- Wave 11.I, S.2).
+Composes around ``google_auth_oauthlib.flow.Flow`` rather than
+subclassing :class:`services.plugin.oauth.OAuth2PKCEClient`. The Flow
+library handles the PKCE flow, scope handling, and offline-access
+mechanics that Google's token endpoint expects -- hand-rolling those
+would lose the ``OAUTHLIB_RELAX_TOKEN_SCOPE=1`` workaround for
+oauthlib upstream issue #562.
+What we DO share with the Twitter (subclass) path:
+* :class:`OAuthStateStore` from :mod:`services.plugin.oauth` --
+  identical TTL + cleanup contract, deduplicates the state dict +
+  ``cleanup_expired_states`` helper that pre-S lived here too.
+* The async method shape (``async exchange_code``,
+  ``async fetch_user_info``, ``async refresh_access_token``,
+  ``async revoke_token``) consumed by
+  :func:`services.events.oauth_lifecycle.make_oauth_lifecycle_handlers`
+  and :func:`make_oauth_callback_router`. Sync calls into Flow /
+  Credentials wrap through ``asyncio.to_thread``.
 """
-Google Workspace OAuth 2.0 using google-auth-oauthlib library.
-Unified OAuth for all Google services:
-- Gmail (send, search, read emails)
-- Google Calendar (create, list, update, delete events)
-- Google Drive (upload, download, list, share files)
-- Google Sheets (read, write, append data)
-- Google Tasks (create, list, complete tasks)
-- Google Contacts (create, list, search contacts)
-Two access modes:
-1. Owner Mode - Your own Google account (Credentials Modal)
-2. Customer Mode - Customer's Google account (database storage)
-API endpoints loaded from config/google_apis.json
-Docs: https://developers.google.com/identity/protocols/oauth2
-"""
+from __future__ import annotations
+import asyncio
 import json
 import os
-import time
 import warnings
 from pathlib import Path
 from typing import Any, Dict, List, Optional
@@ -44,19 +49,28 @@ os.environ.setdefault("OAUTHLIB_RELAX_TOKEN_SCOPE", "1")
 # errors, deprecation notices) keeps surfacing.
 warnings.filterwarnings("ignore", message=r"Scope has changed.*")
+import httpx
 from google.auth.transport.requests import Request
 from google.oauth2.credentials import Credentials
 from google_auth_oauthlib.flow import Flow
 from googleapiclient.discovery import build
 from core.logging import get_logger
+from services.plugin.oauth import OAuthStateStore
 logger = get_logger(__name__)
-# Load Google API config from JSON
-_config_path = Path(__file__).parent.parent / "config" / "google_apis.json"
+# ============================================================================
+# Config loaders (consumed by _auth_helper, oauth_utils, _credentials, tests)
+# ============================================================================
+# Walk up two parents from server/nodes/google/_oauth.py -> server/, then
+# into config/google_apis.json.
+_config_path = Path(__file__).resolve().parents[2] / "config" / "google_apis.json"
 _google_config: Dict[str, Any] = {}
 def _load_config() -> Dict[str, Any]:
     """Load Google API config from JSON file."""
     global _google_config
@@ -70,33 +84,53 @@ def _load_config() -> Dict[str, Any]:
             _google_config = _get_default_config()
     return _google_config
 def _get_default_config() -> Dict[str, Any]:
-    """Return default config if JSON fails to load."""
+    """Default config if JSON load fails."""
     return {
         "oauth": {
             "auth_uri": "https://accounts.google.com/o/oauth2/auth",
             "token_uri": "https://oauth2.googleapis.com/token",
             "revoke_uri": "https://oauth2.googleapis.com/revoke",
-            "userinfo_uri": "https://www.googleapis.com/oauth2/v2/userinfo"
+            "userinfo_uri": "https://www.googleapis.com/oauth2/v2/userinfo",
         },
         "scopes": {
-            "userinfo": ["openid", "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"],
-            "gmail": ["https://www.googleapis.com/auth/gmail.send", "https://www.googleapis.com/auth/gmail.readonly", "https://www.googleapis.com/auth/gmail.modify"],
-            "calendar": ["https://www.googleapis.com/auth/calendar", "https://www.googleapis.com/auth/calendar.events"],
-            "drive": ["https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/drive.file"],
+            "userinfo": [
+                "openid",
+                "https://www.googleapis.com/auth/userinfo.email",
+                "https://www.googleapis.com/auth/userinfo.profile",
+            ],
+            "gmail": [
+                "https://www.googleapis.com/auth/gmail.send",
+                "https://www.googleapis.com/auth/gmail.readonly",
+                "https://www.googleapis.com/auth/gmail.modify",
+            ],
+            "calendar": [
+                "https://www.googleapis.com/auth/calendar",
+                "https://www.googleapis.com/auth/calendar.events",
+            ],
+            "drive": [
+                "https://www.googleapis.com/auth/drive",
+                "https://www.googleapis.com/auth/drive.file",
+            ],
             "sheets": ["https://www.googleapis.com/auth/spreadsheets"],
             "tasks": ["https://www.googleapis.com/auth/tasks"],
-            "contacts": ["https://www.googleapis.com/auth/contacts", "https://www.googleapis.com/auth/contacts.readonly"]
-        }
+            "contacts": [
+                "https://www.googleapis.com/auth/contacts",
+                "https://www.googleapis.com/auth/contacts.readonly",
+            ],
+        },
     }
 def get_oauth_endpoints() -> Dict[str, str]:
-    """Get OAuth endpoint URLs from config."""
+    """OAuth endpoint URLs from config."""
     config = _load_config()
     return config.get("oauth", _get_default_config()["oauth"])
 def get_callback_paths() -> Dict[str, str]:
-    """Get OAuth callback paths from config."""
+    """OAuth callback paths from config."""
     config = _load_config()
     oauth = config.get("oauth", {})
     return {
@@ -106,63 +140,70 @@ def get_callback_paths() -> Dict[str, str]:
 def get_service_config(service: str) -> Dict[str, Any]:
-    """Get service-specific config (base_url, version, etc.)."""
+    """Service-specific config (base_url, version, etc.)."""
     config = _load_config()
     return config.get("services", {}).get(service, {})
 def get_all_scopes() -> List[str]:
-    """Get combined scopes for all Google Workspace services."""
+    """Combined scopes for all Google Workspace services."""
     config = _load_config()
     scopes_config = config.get("scopes", _get_default_config()["scopes"])
     all_scopes = []
     for scope_list in scopes_config.values():
         all_scopes.extend(scope_list)
-    return list(dict.fromkeys(all_scopes))  # Remove duplicates, preserve order
+    return list(dict.fromkeys(all_scopes))  # dedupe, preserve order
 def get_scopes_for_services(services: List[str]) -> List[str]:
-    """Get scopes for specific services only."""
+    """Scopes for specific services only."""
     config = _load_config()
     scopes_config = config.get("scopes", _get_default_config()["scopes"])
-    scopes = []
-    # Always include userinfo
-    scopes.extend(scopes_config.get("userinfo", []))
+    scopes = list(scopes_config.get("userinfo", []))
     for service in services:
         scopes.extend(scopes_config.get(service, []))
     return list(dict.fromkeys(scopes))
-# Combined scopes for all services (loaded from config)
 GOOGLE_WORKSPACE_SCOPES = get_all_scopes()
+DEFAULT_SCOPES = GOOGLE_WORKSPACE_SCOPES  # legacy alias
-# Legacy alias for backward compatibility
-DEFAULT_SCOPES = GOOGLE_WORKSPACE_SCOPES
-# In-memory state store (use Redis in production)
-_oauth_states: Dict[str, Dict[str, Any]] = {}
+# ============================================================================
+# GoogleOAuth (composition wrapper)
+# ============================================================================
 class GoogleOAuth:
-    """Google Workspace OAuth 2.0 using google-auth-oauthlib Flow.
+    """Google Workspace OAuth 2.0 client (composition wrapper).
+    Conforms to the duck-typed protocol consumed by
+    :func:`services.events.oauth_lifecycle.make_oauth_lifecycle_handlers`
+    and :func:`make_oauth_callback_router`: shared :class:`OAuthStateStore`,
+    async ``exchange_code`` / ``fetch_user_info`` /
+    ``refresh_access_token`` / ``revoke_token``.
-    Provides unified OAuth for all Google Workspace services.
-    API endpoints loaded from config/google_apis.json for easy updates.
+    Internally, ``Flow.from_client_config`` does the PKCE dance and
+    Flow.fetch_token does the token exchange under the
+    ``OAUTHLIB_RELAX_TOKEN_SCOPE=1`` env var.
     """
+    # Plugin-scoped state store -- isolated from Twitter's instance.
+    state_store = OAuthStateStore()
     def __init__(
         self,
         client_id: str,
         client_secret: str,
         redirect_uri: str,
         scopes: Optional[List[str]] = None,
-    ):
+    ) -> None:
         self.client_id = client_id
         self.client_secret = client_secret
         self.redirect_uri = redirect_uri
         self.scopes = scopes or GOOGLE_WORKSPACE_SCOPES
-        # Get OAuth endpoints from config
         oauth_endpoints = get_oauth_endpoints()
-        # Build client config in Google's format
         self.client_config = {
             "web": {
                 "client_id": client_id,
@@ -173,91 +214,50 @@ class GoogleOAuth:
             }
         }
         self.token_uri = oauth_endpoints["token_uri"]
+        self.revoke_uri = oauth_endpoints.get(
+            "revoke_uri", "https://oauth2.googleapis.com/revoke",
+        )
     def generate_authorization_url(
-        self,
-        state_data: Optional[Dict[str, Any]] = None,
+        self, *, state_data: Optional[Dict[str, Any]] = None,
     ) -> Dict[str, str]:
-        """
-        Generate OAuth authorization URL.
-        Args:
-            state_data: Optional data (customer_id, mode, redirect_after)
-        Returns:
-            Dict with url and state
-        """
-        # Create Flow from client config
+        """Build the Google authorization URL + register state."""
         flow = Flow.from_client_config(
-            self.client_config,
-            scopes=self.scopes,
-            redirect_uri=self.redirect_uri,
+            self.client_config, scopes=self.scopes, redirect_uri=self.redirect_uri,
         )
-        # Generate authorization URL with offline access for refresh tokens
         authorization_url, state = flow.authorization_url(
             access_type="offline",
             include_granted_scopes="true",
-            prompt="consent",  # Force consent to get refresh token
+            prompt="consent",  # force consent to get refresh token
         )
-        # Store state data for callback verification
-        # PKCE: google-auth-oauthlib auto-generates code_verifier; save it
-        # so exchange_code() can restore it on the new Flow instance.
-        _oauth_states[state] = {
-            "created_at": time.time(),
+        self.state_store.put(state, {
             "data": state_data or {"mode": "owner"},
             "redirect_uri": self.redirect_uri,
             "code_verifier": getattr(flow, "code_verifier", None),
-        }
-        logger.info("Generated Google OAuth URL", state=state[:8])
-        return {
-            "url": authorization_url,
-            "state": state,
-        }
-    def exchange_code(self, code: str, state: str) -> Dict[str, Any]:
-        """
-        Exchange authorization code for credentials.
+        })
+        return {"url": authorization_url, "state": state}
-        Args:
-            code: Authorization code from callback
-            state: State for verification
-        Returns:
-            Dict with tokens and user info
-        """
-        # Verify state
-        oauth_state = _oauth_states.pop(state, None)
-        if not oauth_state:
+    async def exchange_code(self, code: str, state: str) -> Dict[str, Any]:
+        """Exchange an auth code for credentials (async wrapper)."""
+        record = self.state_store.take(state)
+        if not record:
             return {"success": False, "error": "Invalid or expired state"}
-        state_data = oauth_state.get("data", {})
+        state_data = record.get("data", {})
+        code_verifier = record.get("code_verifier")
-        try:
-            # Create Flow and fetch token
+        def _exchange_sync() -> Dict[str, Any]:
             flow = Flow.from_client_config(
                 self.client_config,
                 scopes=self.scopes,
                 redirect_uri=self.redirect_uri,
                 state=state,
             )
-            # PKCE: restore code_verifier so token exchange includes it
-            code_verifier = oauth_state.get("code_verifier")
             if code_verifier:
                 flow.code_verifier = code_verifier
             flow.fetch_token(code=code)
-            # Get credentials from flow
             creds = flow.credentials
-            # Get user info
-            user_info = self._get_user_info(creds)
-            logger.info("Google OAuth successful", email=user_info.get("email", "")[:20])
+            user_info = self._get_user_info_sync(creds)
             return {
                 "success": True,
                 "access_token": creds.token,
@@ -267,30 +267,85 @@ class GoogleOAuth:
                 "client_id": creds.client_id,
                 "client_secret": creds.client_secret,
                 "scopes": list(creds.scopes) if creds.scopes else self.scopes,
+                "scope": " ".join(creds.scopes) if creds.scopes else "",
                 "state_data": state_data,
                 "email": user_info.get("email"),
                 "name": user_info.get("name"),
                 "picture": user_info.get("picture"),
             }
-        except Exception as e:
-            logger.error("Token exchange failed", error=str(e))
-            return {"success": False, "error": str(e)}
+        try:
+            return await asyncio.to_thread(_exchange_sync)
+        except Exception as exc:  # noqa: BLE001
+            logger.error(f"[google] Token exchange failed: {exc}")
+            return {"success": False, "error": str(exc)}
+    async def fetch_user_info(self, access_token: str) -> Dict[str, Any]:
+        """Build credentials from an access token + fetch user info."""
+        creds = self.build_credentials(
+            access_token=access_token,
+            refresh_token="",  # not needed for a single read
+            client_id=self.client_id,
+            client_secret=self.client_secret,
+            token_uri=self.token_uri,
+            scopes=self.scopes,
+        )
+        try:
+            info = await asyncio.to_thread(self._get_user_info_sync, creds)
+        except Exception as exc:  # noqa: BLE001
+            return {"success": False, "error": str(exc)}
+        if not info:
+            return {"success": False, "error": "Failed to read user info"}
+        return {"success": True, **info}
+    async def refresh_access_token(self, refresh_token: str) -> Dict[str, Any]:
+        """Async wrapper around :meth:`refresh_credentials`."""
+        return await asyncio.to_thread(
+            self.refresh_credentials,
+            refresh_token, self.client_id, self.client_secret, self.token_uri,
+        )
+    async def revoke_token(
+        self, token: str, token_type: str = "access_token",
+    ) -> Dict[str, Any]:
+        """Best-effort token revocation via Google's revoke endpoint."""
+        try:
+            async with httpx.AsyncClient(timeout=15.0) as client:
+                response = await client.post(
+                    self.revoke_uri,
+                    data={"token": token},
+                    headers={"Content-Type": "application/x-www-form-urlencoded"},
+                )
+        except httpx.HTTPError as exc:
+            logger.warning(f"[google] revoke_token network error: {exc}")
+            return {"success": False, "error": str(exc)}
+        if response.status_code == 200:
+            return {"success": True}
+        return {
+            "success": False,
+            "error": (response.json() if response.text else {}).get(
+                "error_description", "Revocation failed",
+            ),
+        }
+    # ---- internal helpers ----------------------------------------------
-    def _get_user_info(self, creds: Credentials) -> Dict[str, Any]:
-        """Get user info using credentials."""
+    def _get_user_info_sync(self, creds: Credentials) -> Dict[str, Any]:
+        """Sync user-info read; called inside ``asyncio.to_thread``."""
         try:
             service = build("oauth2", "v2", credentials=creds)
-            user_info = service.userinfo().get().execute()
+            info = service.userinfo().get().execute()
             return {
-                "email": user_info.get("email"),
-                "name": user_info.get("name"),
-                "picture": user_info.get("picture"),
+                "email": info.get("email"),
+                "name": info.get("name"),
+                "picture": info.get("picture"),
             }
-        except Exception as e:
-            logger.error("Failed to get user info", error=str(e))
+        except Exception as exc:  # noqa: BLE001
+            logger.error(f"[google] Failed to get user info: {exc}")
             return {}
+    # ---- statics: kept for _auth_helper.py + other consumers ----------
     @staticmethod
     def refresh_credentials(
         refresh_token: str,
@@ -298,21 +353,9 @@ class GoogleOAuth:
         client_secret: str,
         token_uri: Optional[str] = None,
     ) -> Dict[str, Any]:
-        """
-        Refresh expired credentials.
-        Args:
-            refresh_token: The refresh token
-            client_id: OAuth client ID
-            client_secret: OAuth client secret
-            token_uri: Token endpoint (loaded from config if not provided)
-        Returns:
-            Dict with new access_token
-        """
+        """Refresh expired credentials. Returns ``{success, access_token, ...}``."""
         if not token_uri:
             token_uri = get_oauth_endpoints()["token_uri"]
         try:
             creds = Credentials(
                 token=None,
@@ -322,15 +365,14 @@ class GoogleOAuth:
                 client_secret=client_secret,
             )
             creds.refresh(Request())
             return {
                 "success": True,
                 "access_token": creds.token,
                 "expires_in": 3600,
             }
-        except Exception as e:
-            logger.error("Token refresh failed", error=str(e))
-            return {"success": False, "error": str(e), "needs_reauth": True}
+        except Exception as exc:  # noqa: BLE001
+            logger.error(f"[google] Token refresh failed: {exc}")
+            return {"success": False, "error": str(exc), "needs_reauth": True}
     @staticmethod
     def build_credentials(
@@ -341,14 +383,9 @@ class GoogleOAuth:
         token_uri: Optional[str] = None,
         scopes: Optional[List[str]] = None,
     ) -> Credentials:
-        """
-        Build Credentials object from stored tokens.
-        Use this to create credentials for Google API calls.
-        """
+        """Build Credentials object from stored tokens (used by _auth_helper)."""
         if not token_uri:
             token_uri = get_oauth_endpoints()["token_uri"]
         return Credentials(
             token=access_token,
             refresh_token=refresh_token,
@@ -358,53 +395,49 @@ class GoogleOAuth:
             scopes=scopes or GOOGLE_WORKSPACE_SCOPES,
         )
-    # Service builders for each Google API
     @staticmethod
     def build_gmail_service(creds: Credentials):
-        """Build Gmail API service from credentials."""
         return build("gmail", "v1", credentials=creds)
     @staticmethod
     def build_calendar_service(creds: Credentials):
-        """Build Calendar API service from credentials."""
         return build("calendar", "v3", credentials=creds)
     @staticmethod
     def build_drive_service(creds: Credentials):
-        """Build Drive API service from credentials."""
         return build("drive", "v3", credentials=creds)
     @staticmethod
     def build_sheets_service(creds: Credentials):
-        """Build Sheets API service from credentials."""
         return build("sheets", "v4", credentials=creds)
     @staticmethod
     def build_tasks_service(creds: Credentials):
-        """Build Tasks API service from credentials."""
         return build("tasks", "v1", credentials=creds)
     @staticmethod
     def build_people_service(creds: Credentials):
-        """Build People API service (Contacts) from credentials."""
         return build("people", "v1", credentials=creds)
-# Backward compatibility alias
+# Legacy alias.
 GmailOAuth = GoogleOAuth
-def cleanup_expired_states(max_age_seconds: int = 600):
-    """Remove expired OAuth states."""
-    current_time = time.time()
-    expired = [
-        state for state, data in _oauth_states.items()
-        if current_time - data["created_at"] > max_age_seconds
-    ]
-    for state in expired:
-        _oauth_states.pop(state, None)
+# Module-level alias to the state store's backing dict so the contract
+# tests in tests/credentials/test_google_oauth.py can ``_oauth_states.clear()``.
+# Same trick the Twitter migration uses.
+_oauth_states = GoogleOAuth.state_store._states
-def get_pending_state(state: str) -> Optional[Dict[str, Any]]:
-    """Get pending state without removing it."""
-    return _oauth_states.get(state)
+__all__ = [
+    "GoogleOAuth",
+    "GmailOAuth",
+    "GOOGLE_WORKSPACE_SCOPES",
+    "DEFAULT_SCOPES",
+    "get_oauth_endpoints",
+    "get_callback_paths",
+    "get_service_config",
+    "get_all_scopes",
+    "get_scopes_for_services",
+]

package/server/nodes/google/_option_loaders.py ADDED Viewed

@@ -0,0 +1,107 @@
+"""Google Workspace ``loadOptionsMethod`` loaders.
+Wave 11.I, milestone M.2. Each function is registered with
+``services.ws_handler_registry.register_option_loader`` from
+``__init__.py``.
+Reuses :func:`._auth_helper.get_google_credentials` so the OAuth dance
+is identical to the workflow-execution path. ``params`` may carry
+``account_mode`` / ``customer_id`` (multi-tenant customer mode) -- the
+auth helper falls back to owner tokens otherwise.
+"""
+from __future__ import annotations
+import asyncio
+from typing import Any, Dict, List
+from googleapiclient.discovery import build
+from ._auth_helper import get_google_credentials
+async def _google_service(api: str, version: str, params: Dict[str, Any]):
+    """Build a googleapiclient service under the right OAuth credentials."""
+    creds = await get_google_credentials(params, {})
+    loop = asyncio.get_event_loop()
+    return await loop.run_in_executor(
+        None, lambda: build(api, version, credentials=creds)
+    )
+async def load_gmail_labels(params: Dict[str, Any]) -> List[Dict[str, Any]]:
+    """Gmail labels for the label-filter selector on gmailReceive and
+    gmail (search)."""
+    service = await _google_service("gmail", "v1", params)
+    loop = asyncio.get_event_loop()
+    response = await loop.run_in_executor(
+        None, lambda: service.users().labels().list(userId="me").execute()
+    )
+    labels = response.get("labels", [])
+    # Stable sort: system labels alphabetical first, then user labels.
+    labels.sort(
+        key=lambda label: (
+            label.get("type") != "system",
+            (label.get("name") or "").lower(),
+        )
+    )
+    return [
+        {"value": label["id"], "label": label.get("name") or label["id"]}
+        for label in labels
+    ]
+async def load_calendar_list(params: Dict[str, Any]) -> List[Dict[str, Any]]:
+    """Calendar list for the calendarId picker on calendar CRUD."""
+    service = await _google_service("calendar", "v3", params)
+    loop = asyncio.get_event_loop()
+    response = await loop.run_in_executor(
+        None, lambda: service.calendarList().list().execute()
+    )
+    entries = response.get("items", [])
+    # Primary first, rest alphabetised.
+    entries.sort(
+        key=lambda c: (not c.get("primary", False), (c.get("summary") or "").lower())
+    )
+    return [
+        {
+            "value": c.get("id", ""),
+            "label": c.get("summary") or c.get("id", ""),
+            "description": "Primary" if c.get("primary") else c.get("description", ""),
+        }
+        for c in entries
+    ]
+async def load_drive_folders(params: Dict[str, Any]) -> List[Dict[str, Any]]:
+    """Drive folders for the folderId picker on drive upload/list."""
+    service = await _google_service("drive", "v3", params)
+    loop = asyncio.get_event_loop()
+    query = "mimeType='application/vnd.google-apps.folder' and trashed=false"
+    response = await loop.run_in_executor(
+        None,
+        lambda: service.files()
+        .list(q=query, fields="files(id, name, parents)", pageSize=200)
+        .execute(),
+    )
+    folders = response.get("files", [])
+    folders.sort(key=lambda f: (f.get("name") or "").lower())
+    return [
+        {"value": f.get("id", ""), "label": f.get("name") or f.get("id", "")}
+        for f in folders
+    ]
+async def load_tasklists(params: Dict[str, Any]) -> List[Dict[str, Any]]:
+    """Task lists for the tasklistId picker on tasks CRUD."""
+    service = await _google_service("tasks", "v1", params)
+    loop = asyncio.get_event_loop()
+    response = await loop.run_in_executor(
+        None, lambda: service.tasklists().list().execute()
+    )
+    lists = response.get("items", [])
+    lists.sort(key=lambda label: (label.get("title") or "").lower())
+    return [
+        {"value": label.get("id", ""), "label": label.get("title") or label.get("id", "")}
+        for label in lists
+    ]