nexus-agents 2.77.3 → 2.77.5

package/dist/{chunk-VEF6DCQU.js → chunk-MV4R2ZIJ.js}

@@ -2762,6 +2762,193 @@ function createCliDetectionCache(config) {
   return new CliDetectionCache(config);
 }
 
+// src/cli/cli-auth-probe.ts
+import { execFile as execFile2 } from "child_process";
+import { promisify as promisify2 } from "util";
+import { existsSync, readFileSync } from "fs";
+import { homedir } from "os";
+import { join as join3 } from "path";
+var execFileAsync = promisify2(execFile2);
+var HOME = homedir();
+function claudeNeedsLogin(reason) {
+  return {
+    cli: "claude",
+    state: "needs-login",
+    reason,
+    fixCommand: "claude /login",
+    envFallback: "ANTHROPIC_API_KEY",
+    fixUrl: "https://console.anthropic.com/account/keys"
+  };
+}
+function probeClaude() {
+  if (process.env["ANTHROPIC_API_KEY"] !== void 0 && process.env["ANTHROPIC_API_KEY"] !== "") {
+    return { cli: "claude", state: "authenticated", via: "env-var" };
+  }
+  const credPath = join3(HOME, ".claude", ".credentials.json");
+  if (!existsSync(credPath)) {
+    return claudeNeedsLogin(
+      "No credentials at ~/.claude/.credentials.json and ANTHROPIC_API_KEY is not set"
+    );
+  }
+  try {
+    const parsed = JSON.parse(readFileSync(credPath, "utf-8"));
+    if (!isClaudeCredsShape(parsed)) {
+      return claudeNeedsLogin(
+        "Credentials file present but not in expected shape (missing claudeAiOauth.accessToken)"
+      );
+    }
+    const expiresAt = parsed.claudeAiOauth.expiresAt;
+    if (typeof expiresAt === "number" && expiresAt < Date.now()) {
+      return claudeNeedsLogin(`OAuth token expired ${new Date(expiresAt).toISOString()}`);
+    }
+    return {
+      cli: "claude",
+      state: "authenticated",
+      via: "cli-credentials",
+      ...typeof expiresAt === "number" ? { meta: { expiresAt } } : {}
+    };
+  } catch (e) {
+    return {
+      cli: "claude",
+      state: "error",
+      reason: `Failed to read claude credentials: ${e instanceof Error ? e.message : String(e)}`
+    };
+  }
+}
+function codexNeedsLogin(reason) {
+  return {
+    cli: "codex",
+    state: "needs-login",
+    reason,
+    fixCommand: "codex login",
+    envFallback: "OPENAI_API_KEY",
+    fixUrl: "https://platform.openai.com/api-keys"
+  };
+}
+function classifyCodexStdout(stdout) {
+  if (/not logged/i.test(stdout) || /no.*token/i.test(stdout)) {
+    return codexNeedsLogin(stdout.trim().split("\n")[0] ?? "Not logged in");
+  }
+  return { cli: "codex", state: "authenticated", via: "cli-credentials" };
+}
+async function probeCodex() {
+  if (process.env["OPENAI_API_KEY"] !== void 0 && process.env["OPENAI_API_KEY"] !== "") {
+    return { cli: "codex", state: "authenticated", via: "env-var" };
+  }
+  try {
+    const { stdout } = await execFileAsync("codex", ["login", "status"], {
+      timeout: CLI_SUBPROCESS_TIMEOUTS.spawnMs
+    });
+    return classifyCodexStdout(stdout);
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    if (/ENOENT|not found/i.test(msg)) {
+      return { cli: "codex", state: "not-installed", reason: "codex binary not on PATH" };
+    }
+    return codexNeedsLogin("Not logged in (codex login status returned non-zero)");
+  }
+}
+function geminiNeedsLogin(reason) {
+  return {
+    cli: "gemini",
+    state: "needs-login",
+    reason,
+    fixCommand: "gemini",
+    envFallback: "GOOGLE_AI_API_KEY",
+    fixUrl: "https://aistudio.google.com/apikey"
+  };
+}
+function classifyGeminiCreds(parsed) {
+  if (!isGeminiCredsShape(parsed)) {
+    return geminiNeedsLogin("OAuth credentials file present but not in expected shape");
+  }
+  if (typeof parsed.expiry_date === "number" && parsed.expiry_date < Date.now()) {
+    return geminiNeedsLogin(
+      `OAuth access token expired ${new Date(parsed.expiry_date).toISOString()} (refresh may still work)`
+    );
+  }
+  return {
+    cli: "gemini",
+    state: "authenticated",
+    via: "cli-credentials",
+    ...typeof parsed.expiry_date === "number" ? { meta: { expiresAt: parsed.expiry_date } } : {}
+  };
+}
+function probeGemini() {
+  const env = process.env["GOOGLE_AI_API_KEY"] ?? process.env["GEMINI_API_KEY"];
+  if (env !== void 0 && env !== "") {
+    return { cli: "gemini", state: "authenticated", via: "env-var" };
+  }
+  const credPath = join3(HOME, ".gemini", "oauth_creds.json");
+  if (!existsSync(credPath)) {
+    return geminiNeedsLogin(
+      "No OAuth credentials at ~/.gemini/oauth_creds.json and GOOGLE_AI_API_KEY/GEMINI_API_KEY are not set"
+    );
+  }
+  try {
+    return classifyGeminiCreds(JSON.parse(readFileSync(credPath, "utf-8")));
+  } catch (e) {
+    return {
+      cli: "gemini",
+      state: "error",
+      reason: `Failed to read gemini credentials: ${e instanceof Error ? e.message : String(e)}`
+    };
+  }
+}
+async function probeOpencode() {
+  try {
+    const { stdout } = await execFileAsync("opencode", ["auth", "list"], {
+      timeout: CLI_SUBPROCESS_TIMEOUTS.spawnMs
+    });
+    if (/0 credentials/i.test(stdout)) {
+      return {
+        cli: "opencode",
+        state: "needs-login",
+        reason: "No providers configured in opencode",
+        fixCommand: "opencode auth login",
+        fixUrl: "https://opencode.ai/docs/config"
+      };
+    }
+    return { cli: "opencode", state: "authenticated", via: "cli-credentials" };
+  } catch (e) {
+    const msg = e instanceof Error ? e.message : String(e);
+    if (/ENOENT|not found/i.test(msg)) {
+      return { cli: "opencode", state: "not-installed", reason: "opencode binary not on PATH" };
+    }
+    return {
+      cli: "opencode",
+      state: "error",
+      reason: msg.split("\n")[0] ?? "opencode auth list failed"
+    };
+  }
+}
+function isClaudeCredsShape(v) {
+  if (typeof v !== "object" || v === null) return false;
+  const oauth = v.claudeAiOauth;
+  if (typeof oauth !== "object" || oauth === null) return false;
+  return typeof oauth.accessToken === "string";
+}
+function isGeminiCredsShape(v) {
+  if (typeof v !== "object" || v === null) return false;
+  return typeof v.access_token === "string";
+}
+async function probeCli(cli) {
+  switch (cli) {
+    case "claude":
+      return Promise.resolve(probeClaude());
+    case "codex":
+      return probeCodex();
+    case "gemini":
+      return Promise.resolve(probeGemini());
+    case "opencode":
+      return probeOpencode();
+  }
+}
+async function probeAllClis() {
+  const clis = ["claude", "gemini", "codex", "opencode"];
+  return Promise.all(clis.map((c) => probeCli(c)));
+}
+
 // src/cli-adapters/factory.ts
 function createCliAdapter(config) {
   const options = {
@@ -2807,11 +2994,22 @@ async function isCliAvailable(cli, cache) {
   }
   try {
     const adapter = createCliAdapter({ cli });
-    const health = await adapter.healthCheck();
+    const [health, auth] = await Promise.all([adapter.healthCheck(), probeCli(cli)]);
+    const available = health.healthy && auth.state === "authenticated";
     if (cache !== void 0) {
-      cache.set(cli, CliDetectionCache.fromHealthStatus(health));
+      if (available) {
+        cache.set(cli, CliDetectionCache.fromHealthStatus(health));
+      } else {
+        cache.set(cli, {
+          healthy: false,
+          version: health.version,
+          versionStatus: health.versionStatus,
+          checkedAt: /* @__PURE__ */ new Date(),
+          message: auth.state === "authenticated" ? health.message : `auth: ${auth.state}` + ("reason" in auth ? ` (${auth.reason})` : "")
+        });
+      }
     }
-    return health.healthy;
+    return available;
   } catch {
     if (cache !== void 0) {
       cache.set(cli, {
@@ -2864,9 +3062,11 @@ export {
   DEFAULT_CACHE_CONFIG,
   CliDetectionCache,
   createCliDetectionCache,
+  probeCli,
+  probeAllClis,
   createCliAdapter,
   createAllAdapters,
   isCliAvailable,
   getAvailableClis
 };
-//# sourceMappingURL=chunk-VEF6DCQU.js.map
+//# sourceMappingURL=chunk-MV4R2ZIJ.js.map