nightytidy 0.2.2 → 0.2.3

package/README.md

@@ -38,10 +38,10 @@ The agent runs locally at `127.0.0.1:48372`. The web app connects to it via WebS
 
 ### Desktop GUI (local)
 
-A Chrome app-mode window for fully local use — no account needed:
+A Chrome app-mode window for fully local use — no account needed. Clone the repo and run:
 
 ```bash
-npx nightytidy gui
+npm run gui
 ```
 
 From there:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nightytidy",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "Automated overnight codebase improvement through Claude Code",
   "license": "MIT",
   "author": "Dorian Spitz",

package/src/agent/firebase-auth.js

@@ -1,6 +1,8 @@
 import { debug, info, warn } from '../logger.js';
 
 const REFRESH_BUFFER_MS = 15 * 60_000; // Request refresh 15 min before expiry
+const MAX_BACKOFF_MS = 4 * 60_000;     // Cap retry backoff at 4 minutes
+const MAX_QUEUED_WEBHOOKS = 200;       // Prevent unbounded queue growth
 
 export class FirebaseAuth {
   constructor(configDir) {
@@ -8,6 +10,26 @@ export class FirebaseAuth {
     this.token = null;
     this.expiresAt = null;
     this._refreshRequested = false;
+    this._refreshAttempts = 0;
+    this._refreshTimer = null;
+    this._pendingWebhooks = [];
+    this._replayCallback = null;
+  }
+
+  /**
+   * Parse the `exp` claim from a Firebase ID token (standard JWT).
+   * Returns expiry as milliseconds since epoch, or null on failure.
+   * No crypto needed — we only read the unverified payload for timing.
+   */
+  static parseJwtExpiry(token) {
+    try {
+      const parts = token.split('.');
+      if (parts.length !== 3) return null;
+      const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
+      return typeof payload.exp === 'number' ? payload.exp * 1000 : null;
+    } catch {
+      return null;
+    }
   }
 
   isAuthenticated() {
@@ -19,11 +41,24 @@ export class FirebaseAuth {
     return this.token;
   }
 
-  setToken(token, expiresAt) {
+  /**
+   * Store a Firebase ID token. Expiry is parsed from the JWT's `exp` claim
+   * rather than assuming 1 hour from now — the token may have been minted
+   * well before the agent received it.
+   */
+  setToken(token) {
+    const jwtExpiry = FirebaseAuth.parseJwtExpiry(token);
     this.token = token;
-    this.expiresAt = expiresAt;
+    this.expiresAt = jwtExpiry || (Date.now() + 3600_000);
     this._refreshRequested = false;
-    debug('Firebase auth token updated');
+    this._refreshAttempts = 0;
+    if (this._refreshTimer) {
+      clearTimeout(this._refreshTimer);
+      this._refreshTimer = null;
+    }
+    const remainMin = Math.round((this.expiresAt - Date.now()) / 60_000);
+    debug(`Firebase auth token updated (expires in ${remainMin}m)`);
+    this._replayQueue();
   }
 
   getAuthHeader() {
@@ -34,7 +69,8 @@ export class FirebaseAuth {
 
   /**
    * Returns true if the token is within REFRESH_BUFFER_MS of expiry
-   * and a refresh has not already been requested.
+   * and a refresh has not already been requested (or the retry timer
+   * has reset the flag).
    */
   needsRefresh() {
     if (!this.token || !this.expiresAt) return false;
@@ -43,12 +79,53 @@ export class FirebaseAuth {
   }
 
   /**
-   * Mark that a refresh has been requested so we don't spam requests.
-   * Cleared when setToken() is called with a new token.
+   * Mark that a refresh has been requested. Starts a backoff timer
+   * that resets the flag so needsRefresh() can fire again if the
+   * web app doesn't respond.
    */
   markRefreshRequested() {
     this._refreshRequested = true;
-    debug('Firebase auth token refresh requested');
+    this._refreshAttempts++;
+    const backoff = Math.min(30_000 * Math.pow(2, this._refreshAttempts - 1), MAX_BACKOFF_MS);
+    debug(`Firebase auth refresh requested (attempt ${this._refreshAttempts}, retry in ${backoff / 1000}s)`);
+    if (this._refreshTimer) clearTimeout(this._refreshTimer);
+    this._refreshTimer = setTimeout(() => {
+      this._refreshRequested = false;
+      this._refreshTimer = null;
+      debug('Firebase auth refresh request expired — will retry on next check');
+    }, backoff);
+  }
+
+  /**
+   * Register a callback that fires when a fresh token arrives,
+   * receiving the array of queued webhook payloads to replay.
+   */
+  onTokenRefresh(callback) {
+    this._replayCallback = callback;
+  }
+
+  /**
+   * Queue a webhook payload for replay when a fresh token arrives.
+   * Called by index.js when a webhook can't be sent due to expired auth.
+   */
+  queueWebhook(event, data) {
+    this._pendingWebhooks.push({ event, data, queuedAt: Date.now() });
+    if (this._pendingWebhooks.length > MAX_QUEUED_WEBHOOKS) {
+      this._pendingWebhooks.shift(); // drop oldest
+    }
+    debug(`Queued webhook ${event} for replay (${this._pendingWebhooks.length} pending)`);
+  }
+
+  /**
+   * Drain the queue and replay through the registered callback.
+   * Called automatically by setToken() when a fresh token arrives.
+   */
+  _replayQueue() {
+    if (this._pendingWebhooks.length === 0 || !this._replayCallback) return;
+    const queue = [...this._pendingWebhooks];
+    this._pendingWebhooks = [];
+    info(`Replaying ${queue.length} queued webhook(s) with fresh token`);
+    this._replayCallback(queue);
   }
 
   // Full OAuth flow will be implemented in integration phase

package/src/agent/index.js

@@ -1,6 +1,7 @@
 // src/agent/index.js
 import fs from 'node:fs';
 import path from 'node:path';
+import { fileURLToPath } from 'node:url';
 import { info, warn, debug } from '../logger.js';
 import { getConfigDir, readConfig, writeConfig, ensureConfigDir } from './config.js';
 import { ProjectManager } from './project-manager.js';
@@ -12,6 +13,13 @@ import { CliBridge } from './cli-bridge.js';
 import { AgentGit } from './git-integration.js';
 import { FirebaseAuth } from './firebase-auth.js';
 
+const FIREBASE_WEBHOOK_URL = 'https://webhookingest-24h6taciuq-uc.a.run.app';
+
+// Read version from package.json so it stays in sync with npm
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, '..', '..', 'package.json'), 'utf-8'));
+const AGENT_VERSION = pkg.version;
+
 export async function startAgent() {
   const configDir = getConfigDir();
   ensureConfigDir(configDir);
@@ -27,9 +35,44 @@ export async function startAgent() {
   const firebaseAuth = new FirebaseAuth(configDir);
   const webhookDispatcher = new WebhookDispatcher({
     machine: config.machine,
-    version: '1.0.0',
+    version: AGENT_VERSION,
+  });
+
+  // Wire up webhook queue replay: when a fresh token arrives,
+  // re-dispatch any webhooks that failed due to expired auth.
+  firebaseAuth.onTokenRefresh((queue) => {
+    for (const { event, data } of queue) {
+      webhookDispatcher.dispatch(event, data, [{
+        url: FIREBASE_WEBHOOK_URL,
+        label: 'nightytidy.com',
+        headers: firebaseAuth.getAuthHeader(),
+      }]);
+    }
   });
 
+  /**
+   * Dispatch a webhook to user endpoints + Firestore.
+   * If not authenticated, queues the Firestore payload for replay when a fresh token arrives.
+   * User webhooks (Slack/Discord) are always sent immediately.
+   */
+  function dispatchWithQueue(event, data, projectWebhooks) {
+    const userEndpoints = [...(projectWebhooks || [])];
+    if (firebaseAuth.isAuthenticated()) {
+      userEndpoints.push({
+        url: FIREBASE_WEBHOOK_URL,
+        label: 'nightytidy.com',
+        headers: firebaseAuth.getAuthHeader(),
+      });
+      webhookDispatcher.dispatch(event, data, userEndpoints);
+    } else {
+      if (userEndpoints.length > 0) {
+        webhookDispatcher.dispatch(event, data, userEndpoints);
+      }
+      firebaseAuth.queueWebhook(event, data);
+      warn(`Firebase webhook queued (not authenticated) — will replay when token arrives`);
+    }
+  }
+
   // Track the active CLI bridge so stop-run can kill it
   let activeBridge = null;
   let pauseRequested = false;
@@ -267,7 +310,7 @@ export async function startAgent() {
 
       case 'auth-refresh': {
         if (msg.token && typeof msg.token === 'string') {
-          firebaseAuth.setToken(msg.token, Date.now() + 3600_000);
+          firebaseAuth.setToken(msg.token);
           info('Firebase auth token refreshed by web app');
           reply({ type: 'auth-refresh-ack' });
         } else {
@@ -323,16 +366,10 @@ export async function startAgent() {
         }
         runQueue.clearInterrupted();
         // Notify Firestore
-        if (firebaseAuth.isAuthenticated()) {
-          webhookDispatcher.dispatch('run_failed', {
-            projectId: interrupted.projectId,
-            run: { id: interrupted.id },
-          }, [{
-            url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-            label: 'nightytidy.com',
-            headers: firebaseAuth.getAuthHeader(),
-          }]);
-        }
+        dispatchWithQueue('run_failed', {
+          projectId: interrupted.projectId,
+          run: { id: interrupted.id },
+        }, []);
         reply({ type: 'interrupted-discarded', runId: interrupted.id });
         break;
       }
@@ -380,10 +417,10 @@ export async function startAgent() {
   const wsServer = new AgentWebSocketServer({
     port: config.port,
     token: config.token,
+    version: AGENT_VERSION,
     onCommand: handleCommand,
     onAuthCallback: ({ token }) => {
-      // Firebase ID tokens expire after 1 hour
-      firebaseAuth.setToken(token, Date.now() + 3600_000);
+      firebaseAuth.setToken(token);
       info('Firebase auth token received from web app');
     },
   });
@@ -500,15 +537,7 @@ export async function startAgent() {
     });
 
     // Send run_started webhook so Firestore run doc is created immediately
-    const startEndpoints = [...(project.webhooks || [])];
-    if (firebaseAuth.isAuthenticated()) {
-      startEndpoints.push({
-        url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-        label: 'nightytidy.com',
-        headers: firebaseAuth.getAuthHeader(),
-      });
-    }
-    webhookDispatcher.dispatch('run_started', {
+    dispatchWithQueue('run_started', {
       project: project.name,
       projectId: project.id,
       run: {
@@ -518,7 +547,7 @@ export async function startAgent() {
         gitBranch: initResult.parsed?.runBranch || '',
         gitTag: initResult.parsed?.tagName || '',
       },
-    }, startEndpoints);
+    }, project.webhooks);
 
     startHeartbeat(run.id, project.id);
 
@@ -598,20 +627,12 @@ export async function startAgent() {
         });
 
         requestTokenRefreshIfNeeded();
-        const endpoints = [...(project.webhooks || [])];
-        if (firebaseAuth.isAuthenticated()) {
-          endpoints.push({
-            url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-            label: 'nightytidy.com',
-            headers: firebaseAuth.getAuthHeader(),
-          });
-        }
-        webhookDispatcher.dispatch('step_completed', {
+        dispatchWithQueue('step_completed', {
           project: project.name,
           projectId: project.id,
           step: stepData,
           run: { id: run.id, progress: `${stepIndex + 1}/${totalSteps}`, costSoFar: stepData.cost, elapsedMs: stepData.duration },
-        }, endpoints);
+        }, project.webhooks);
         stepIndex++;
       } else {
         const errorType = stepParsed.errorType;
@@ -654,20 +675,12 @@ export async function startAgent() {
         });
 
         requestTokenRefreshIfNeeded();
-        const endpoints = [...(project.webhooks || [])];
-        if (firebaseAuth.isAuthenticated()) {
-          endpoints.push({
-            url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-            label: 'nightytidy.com',
-            headers: firebaseAuth.getAuthHeader(),
-          });
-        }
-        webhookDispatcher.dispatch('step_failed', {
+        dispatchWithQueue('step_failed', {
           project: project.name,
           projectId: project.id,
           step: { number: stepNum, name: stepParsed.name || `Step ${stepNum}`, status: 'failed', duration: stepParsed.duration || 0, cost: stepParsed.costUSD || 0 },
           run: { id: run.id },
-        }, endpoints);
+        }, project.webhooks);
         stepIndex++;
       }
     }
@@ -686,19 +699,11 @@ export async function startAgent() {
     wsServer.broadcast({ type: 'run-completed', runId: run.id, results: {} });
 
     requestTokenRefreshIfNeeded();
-    const completionEndpoints = [...(project.webhooks || [])];
-    if (firebaseAuth.isAuthenticated()) {
-      completionEndpoints.push({
-        url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-        label: 'nightytidy.com',
-        headers: firebaseAuth.getAuthHeader(),
-      });
-    }
-    webhookDispatcher.dispatch('run_completed', {
+    dispatchWithQueue('run_completed', {
       project: project.name,
       projectId: project.id,
       run: { id: run.id, totalSteps, completedSteps: run.steps.length, elapsedMs: Date.now() - run.startedAt },
-    }, completionEndpoints);
+    }, project.webhooks);
 
     activeBridge = null;
     runQueue.completeCurrent({ success: true });
@@ -793,17 +798,11 @@ export async function startAgent() {
 
     // Notify Firestore the run is active again (use run_resumed, NOT run_started
     // which would reset completedSteps/totalCost counters to 0)
-    if (firebaseAuth.isAuthenticated()) {
-      webhookDispatcher.dispatch('run_resumed', {
-        project: project.name,
-        projectId: project.id,
-        run: { id: interrupted.id, startedAt: interrupted.startedAt },
-      }, [{
-        url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-        label: 'nightytidy.com',
-        headers: firebaseAuth.getAuthHeader(),
-      }]);
-    }
+    dispatchWithQueue('run_resumed', {
+      project: project.name,
+      projectId: project.id,
+      run: { id: interrupted.id, startedAt: interrupted.startedAt },
+    }, project.webhooks);
 
     // Run remaining steps (reuse the same step loop pattern)
     for (const stepNum of remainingSteps) {
@@ -856,14 +855,10 @@ export async function startAgent() {
         wsServer.broadcast({ type: 'step-completed', runId: interrupted.id, step: stepData, cost: stepData.cost });
 
         requestTokenRefreshIfNeeded();
-        const endpoints = [...(project.webhooks || [])];
-        if (firebaseAuth.isAuthenticated()) {
-          endpoints.push({ url: 'https://webhookingest-24h6taciuq-uc.a.run.app', label: 'nightytidy.com', headers: firebaseAuth.getAuthHeader() });
-        }
-        webhookDispatcher.dispatch('step_completed', {
+        dispatchWithQueue('step_completed', {
           project: project.name, projectId: project.id, step: stepData,
           run: { id: interrupted.id, costSoFar: stepData.cost, elapsedMs: stepData.duration },
-        }, endpoints);
+        }, project.webhooks);
       } else if (stepParsed.errorType === 'rate_limit') {
         const waitMs = stepParsed.retryAfterMs || 120000;
         info(`  ⏸ Rate limited — waiting ${Math.round(waitMs / 1000)}s`);
@@ -902,12 +897,10 @@ export async function startAgent() {
     wsServer.broadcast({ type: 'run-completed', runId: interrupted.id, results: {} });
 
     requestTokenRefreshIfNeeded();
-    if (firebaseAuth.isAuthenticated()) {
-      webhookDispatcher.dispatch('run_completed', {
-        project: project.name, projectId: project.id,
-        run: { id: interrupted.id, totalSteps: interrupted.steps.length, completedSteps: runProgress.completedCount, elapsedMs: Date.now() - interrupted.startedAt },
-      }, [{ url: 'https://webhookingest-24h6taciuq-uc.a.run.app', label: 'nightytidy.com', headers: firebaseAuth.getAuthHeader() }]);
-    }
+    dispatchWithQueue('run_completed', {
+      project: project.name, projectId: project.id,
+      run: { id: interrupted.id, totalSteps: interrupted.steps.length, completedSteps: runProgress.completedCount, elapsedMs: Date.now() - interrupted.startedAt },
+    }, project.webhooks);
 
     activeBridge = null;
     runQueue.completeCurrent({ success: true });
@@ -937,12 +930,10 @@ export async function startAgent() {
     wsServer.broadcast({ type: 'run-completed', runId: interrupted.id, status: 'completed', results: {} });
 
     requestTokenRefreshIfNeeded();
-    if (firebaseAuth.isAuthenticated()) {
-      webhookDispatcher.dispatch('run_completed', {
-        project: project.name, projectId: project.id,
-        run: { id: interrupted.id, totalSteps: interrupted.steps.length, completedSteps: interrupted.lastProgress?.completedCount || 0, elapsedMs: Date.now() - interrupted.startedAt },
-      }, [{ url: 'https://webhookingest-24h6taciuq-uc.a.run.app', label: 'nightytidy.com', headers: firebaseAuth.getAuthHeader() }]);
-    }
+    dispatchWithQueue('run_completed', {
+      project: project.name, projectId: project.id,
+      run: { id: interrupted.id, totalSteps: interrupted.steps.length, completedSteps: interrupted.lastProgress?.completedCount || 0, elapsedMs: Date.now() - interrupted.startedAt },
+    }, project.webhooks);
 
     activeBridge = null;
     runQueue.completeCurrent({ success: true });
@@ -960,15 +951,14 @@ export async function startAgent() {
     currentProjectId = projectId;
     heartbeatInterval = setInterval(() => {
       if (!firebaseAuth.isAuthenticated()) return;
-      const endpoints = [{
-        url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-        label: 'nightytidy.com',
-        headers: firebaseAuth.getAuthHeader(),
-      }];
       webhookDispatcher.dispatch('heartbeat', {
         projectId: currentProjectId,
         run: { id: currentRunId },
-      }, endpoints);
+      }, [{
+        url: FIREBASE_WEBHOOK_URL,
+        label: 'nightytidy.com',
+        headers: firebaseAuth.getAuthHeader(),
+      }]);
     }, 60_000);
   }
 
@@ -990,22 +980,15 @@ export async function startAgent() {
       runQueue.markInterrupted(runProgress);
 
       // Best-effort: notify Firestore (may not complete before exit)
-      if (firebaseAuth.isAuthenticated()) {
-        const endpoints = [{
-          url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-          label: 'nightytidy.com',
-          headers: firebaseAuth.getAuthHeader(),
-        }];
-        webhookDispatcher.dispatch('run_interrupted', {
-          projectId: current.projectId,
-          run: {
-            id: current.id,
-            completedSteps: runProgress.completedCount,
-            failedSteps: runProgress.failedCount,
-            totalCost: runProgress.totalCost,
-          },
-        }, endpoints);
-      }
+      dispatchWithQueue('run_interrupted', {
+        projectId: current.projectId,
+        run: {
+          id: current.id,
+          completedSteps: runProgress.completedCount,
+          failedSteps: runProgress.failedCount,
+          totalCost: runProgress.totalCost,
+        },
+      }, []);
 
       // Notify connected clients
       wsServer.broadcast({
@@ -1058,8 +1041,8 @@ export async function startAgent() {
 
     // Best-effort: notify Firestore that this run is interrupted
     // (in case the shutdown webhook didn't make it)
-    if (firebaseAuth.isAuthenticated() && proj) {
-      webhookDispatcher.dispatch('run_interrupted', {
+    if (proj) {
+      dispatchWithQueue('run_interrupted', {
         projectId: proj.id,
         run: {
           id: interrupted.id,
@@ -1067,11 +1050,7 @@ export async function startAgent() {
           failedSteps: progress.failedCount || 0,
           totalCost: progress.totalCost || 0,
         },
-      }, [{
-        url: 'https://webhookingest-24h6taciuq-uc.a.run.app',
-        label: 'nightytidy.com',
-        headers: firebaseAuth.getAuthHeader(),
-      }]);
+      }, []);
     }
   }
 
@@ -1084,7 +1063,7 @@ export async function startAgent() {
   }
 
   // Print startup info
-  console.log(`\nNightyTidy Agent v1.0.0`);
+  console.log(`\nNightyTidy Agent v${AGENT_VERSION}`);
   console.log(`WebSocket: ws://127.0.0.1:${actualPort}`);
   console.log(`Token: ${config.token.slice(0, 6)}...(see ~/.nightytidy/config.json)`);
   if (interrupted) {

package/src/agent/websocket-server.js

@@ -6,8 +6,9 @@ import { info, debug, warn } from '../logger.js';
 const RATE_LIMIT_PER_SEC = 10;
 
 export class AgentWebSocketServer {
-  constructor({ port, token, onCommand, onAuthCallback }) {
+  constructor({ port, token, onCommand, onAuthCallback, version }) {
     this.port = port;
+    this.version = version || '0.0.0';
     this.token = token;
     this.onCommand = onCommand || (() => {});
     this.onAuthCallback = onAuthCallback || (() => {});
@@ -130,7 +131,7 @@ export class AgentWebSocketServer {
               ws.send(JSON.stringify({
                 type: 'connected',
                 machine: process.env.COMPUTERNAME || os.hostname(),
-                version: '1.0.0',
+                version: this.version,
                 startedAt: this.startedAt,
               }));
               debug('Client authenticated');