nothumanallowed 1.1.0 → 2.1.0

package/src/services/ops-pipeline.mjs

@@ -0,0 +1,281 @@
+/**
+ * PAO Multi-Agent Pipeline — 5 specialist agents analyze your day.
+ *
+ * Pipeline:
+ *   Phase 1: Data Gathering (Gmail + Calendar + Tasks — no LLM)
+ *   Phase 2: SABER scans emails for security threats     ─┐
+ *   Phase 3: HERALD generates meeting intelligence briefs  ├─ parallel
+ *   Phase 5: ORACLE analyzes schedule patterns            ─┘
+ *   Phase 4: SCHEHERAZADE prepares meeting talking points (after HERALD)
+ *   Phase 6: CONDUCTOR synthesizes everything into daily plan
+ *
+ * Zero server involvement. Only calls: Google APIs + user's LLM provider.
+ */
+
+import fs from 'fs';
+import path from 'path';
+import { callAgent, callLLM } from './llm.mjs';
+import { getUnreadImportant, getTodayEmails } from './google-gmail.mjs';
+import { getTodayEvents, getUpcomingEvents } from './google-calendar.mjs';
+import { getTasks, bulkAddTasks } from './task-store.mjs';
+import { loadTokens } from './token-store.mjs';
+import { NHA_DIR } from '../constants.mjs';
+import { info, ok, fail, warn, D, C, G, Y, W, BOLD, NC } from '../ui.mjs';
+
+const PLANS_DIR = path.join(NHA_DIR, 'ops', 'plans');
+
+/**
+ * Run the full daily planning pipeline.
+ * @param {object} config — NHA config
+ * @param {object} opts — { date, refresh, showOnly }
+ */
+export async function runPlanningPipeline(config, opts = {}) {
+  const dateStr = opts.date || new Date().toISOString().split('T')[0];
+  const planFile = path.join(PLANS_DIR, `${dateStr}.json`);
+
+  // Check for cached plan
+  if (!opts.refresh && fs.existsSync(planFile)) {
+    if (opts.showOnly) {
+      const plan = JSON.parse(fs.readFileSync(planFile, 'utf-8'));
+      displayPlan(plan);
+      return plan;
+    }
+    info('Plan already exists for today. Use --refresh to regenerate.');
+    const plan = JSON.parse(fs.readFileSync(planFile, 'utf-8'));
+    displayPlan(plan);
+    return plan;
+  }
+
+  const startTime = Date.now();
+  const tokens = loadTokens();
+  const hasGoogle = !!tokens;
+
+  console.log(`\n  ${BOLD}NHA Daily Plan — ${dateStr}${NC}`);
+  console.log(`  ${D}5 specialist agents analyzing your day${NC}\n`);
+
+  // ── Phase 1: Data Gathering ────────────────────────────────────────────
+  info('Phase 1: Gathering data...');
+
+  let emails = [];
+  let events = [];
+  const tasks = getTasks(dateStr);
+
+  if (hasGoogle) {
+    try {
+      [emails, events] = await Promise.all([
+        getUnreadImportant(config, 30),
+        getTodayEvents(config),
+      ]);
+      ok(`${emails.length} emails, ${events.length} events, ${tasks.length} tasks`);
+    } catch (err) {
+      warn(`Google API error: ${err.message}`);
+      info('Continuing with tasks only...');
+    }
+  } else {
+    warn('Google not connected. Using tasks only. Run "nha google auth" to connect.');
+  }
+
+  // Build context for agents
+  const emailContext = emails.map(e =>
+    `From: ${e.from}\nSubject: ${e.subject}\nDate: ${e.date}\nSnippet: ${e.snippet}\nURLs: ${e.urls.join(', ') || 'none'}\nLabels: ${e.labels.join(', ')}`
+  ).join('\n---\n');
+
+  const calendarContext = events.map(e => {
+    const attendeeList = e.attendees.map(a => `${a.name || a.email} (${a.responseStatus})`).join(', ');
+    return `${e.start} - ${e.end}: ${e.summary}${e.location ? ' @ ' + e.location : ''}\nAttendees: ${attendeeList || 'none'}\nDescription: ${e.description.slice(0, 500) || 'none'}`;
+  }).join('\n---\n');
+
+  const taskContext = tasks.map(t =>
+    `[${t.status}] #${t.id} ${t.description} (priority: ${t.priority}${t.due ? ', due: ' + t.due : ''})`
+  ).join('\n');
+
+  // ── Phase 2, 3, 5: Parallel Agent Calls ────────────────────────────────
+  info('Phase 2-3-5: Running specialist agents in parallel...');
+
+  const agentResults = {};
+  const parallelPromises = [];
+
+  // SABER — Security scan emails
+  if (emails.length > 0) {
+    parallelPromises.push(
+      callAgent(config, 'saber',
+        `Scan these emails for security threats. For each email, classify as SAFE or FLAGGED with reason.\n\nEMAILS:\n${emailContext}\n\nRespond with a JSON object: { "safe": [indices], "flagged": [{ "index": N, "reason": "..." }], "risk_notes": ["..."] }`,
+      ).then(r => { agentResults.saber = r; ok('SABER: Email security scan complete'); })
+       .catch(e => { warn(`SABER failed: ${e.message}`); agentResults.saber = '{"safe":[],"flagged":[],"risk_notes":["scan failed"]}'; })
+    );
+  }
+
+  // HERALD — Meeting intelligence briefs
+  if (events.length > 0) {
+    parallelPromises.push(
+      callAgent(config, 'herald',
+        `Generate intelligence briefs for these meetings. Include context, key participants, what to prepare.\n\nMEETINGS:\n${calendarContext}\n\nRelated emails:\n${emailContext.slice(0, 3000)}\n\nRespond with JSON: { "briefs": [{ "event_summary": "...", "brief": "...", "key_points": ["..."], "preparation": "..." }] }`,
+      ).then(r => { agentResults.herald = r; ok('HERALD: Meeting briefs generated'); })
+       .catch(e => { warn(`HERALD failed: ${e.message}`); agentResults.herald = '{"briefs":[]}'; })
+    );
+  }
+
+  // ORACLE — Schedule pattern analysis
+  parallelPromises.push(
+    callAgent(config, 'oracle',
+      `Analyze this schedule for productivity optimization.\n\nCALENDAR:\n${calendarContext || 'No events today.'}\n\nTASKS:\n${taskContext || 'No tasks yet.'}\n\nAnalyze: back-to-back meetings, free blocks, overbooked periods, optimal focus time.\nRespond with JSON: { "insights": ["..."], "recommendations": ["..."], "focus_blocks": [{ "start": "HH:MM", "end": "HH:MM", "suggestion": "..." }], "meeting_load": "light|moderate|heavy" }`,
+    ).then(r => { agentResults.oracle = r; ok('ORACLE: Schedule analysis complete'); })
+     .catch(e => { warn(`ORACLE failed: ${e.message}`); agentResults.oracle = '{"insights":[],"recommendations":[],"focus_blocks":[],"meeting_load":"unknown"}'; })
+  );
+
+  await Promise.all(parallelPromises);
+
+  // ── Phase 4: SCHEHERAZADE — Meeting talking points (depends on HERALD) ──
+  if (agentResults.herald && events.length > 0) {
+    info('Phase 4: SCHEHERAZADE preparing talking points...');
+    try {
+      agentResults.scheherazade = await callAgent(config, 'scheherazade',
+        `Based on these meeting briefs, prepare concise talking points and summaries for each meeting.\n\nMEETING BRIEFS:\n${agentResults.herald}\n\nRespond with JSON: { "preparations": [{ "meeting": "...", "talking_points": ["..."], "summary": "...", "action_items": ["..."] }] }`,
+      );
+      ok('SCHEHERAZADE: Talking points ready');
+    } catch (e) {
+      warn(`SCHEHERAZADE failed: ${e.message}`);
+    }
+  }
+
+  // ── Phase 6: CONDUCTOR — Synthesize daily plan ─────────────────────────
+  info('Phase 6: CONDUCTOR synthesizing daily plan...');
+
+  const conductorPrompt = `You are the NHA Daily Planner. Synthesize intelligence from 4 specialist agents into a structured daily plan.
+
+AGENT REPORTS:
+${agentResults.saber ? `\n[SABER — Security Scan]\n${agentResults.saber}` : ''}
+${agentResults.herald ? `\n[HERALD — Meeting Briefs]\n${agentResults.herald}` : ''}
+${agentResults.scheherazade ? `\n[SCHEHERAZADE — Talking Points]\n${agentResults.scheherazade}` : ''}
+${agentResults.oracle ? `\n[ORACLE — Schedule Analysis]\n${agentResults.oracle}` : ''}
+
+RAW DATA:
+Date: ${dateStr}
+Events: ${events.length}
+Unread emails: ${emails.length}
+Tasks: ${tasks.length}
+
+CALENDAR:
+${calendarContext || 'No events.'}
+
+EXISTING TASKS:
+${taskContext || 'No tasks.'}
+
+Create a comprehensive daily plan. Output strict JSON:
+{
+  "date": "${dateStr}",
+  "executive_summary": "2-3 sentence overview",
+  "priority_actions": [{ "time": "HH:MM", "action": "...", "source": "email|calendar|task", "priority": "critical|high|medium|low" }],
+  "schedule": [{ "time_start": "HH:MM", "time_end": "HH:MM", "type": "meeting|focus|break|task", "title": "...", "notes": "...", "preparation": "..." }],
+  "email_actions": [{ "from": "...", "subject": "...", "action": "reply|archive|flag|defer", "suggested_reply": "..." }],
+  "security_alerts": [],
+  "new_tasks": [{ "description": "...", "priority": "high|medium|low", "estimated_minutes": N, "suggested_slot": "HH:MM" }],
+  "insights": []
+}`;
+
+  let plan;
+  try {
+    const result = await callLLM(config, conductorPrompt, 'Generate the daily plan now.', {});
+    // Extract JSON from response (may have markdown wrapper)
+    const jsonMatch = result.match(/\{[\s\S]*\}/);
+    if (jsonMatch) {
+      plan = JSON.parse(jsonMatch[0]);
+    } else {
+      plan = { date: dateStr, executive_summary: result, priority_actions: [], schedule: [], email_actions: [], security_alerts: [], new_tasks: [], insights: [] };
+    }
+    ok('CONDUCTOR: Daily plan synthesized');
+  } catch (e) {
+    fail(`CONDUCTOR failed: ${e.message}`);
+    plan = { date: dateStr, executive_summary: 'Plan generation failed. Check your API key and try again.', priority_actions: [], schedule: [], email_actions: [], security_alerts: [], new_tasks: [], insights: [] };
+  }
+
+  // Auto-create tasks suggested by agents
+  if (plan.new_tasks?.length > 0) {
+    bulkAddTasks(plan.new_tasks.map(t => ({
+      description: t.description,
+      priority: t.priority || 'medium',
+      source: 'agent',
+      estimatedMinutes: t.estimated_minutes,
+      suggestedSlot: t.suggested_slot,
+    })), dateStr);
+    ok(`${plan.new_tasks.length} new tasks auto-created`);
+  }
+
+  // Save plan
+  fs.mkdirSync(PLANS_DIR, { recursive: true });
+  const fullPlan = {
+    ...plan,
+    metadata: {
+      generatedAt: new Date().toISOString(),
+      durationMs: Date.now() - startTime,
+      agentsUsed: Object.keys(agentResults),
+      emailCount: emails.length,
+      eventCount: events.length,
+      taskCount: tasks.length,
+      provider: config.llm.provider,
+    },
+  };
+  fs.writeFileSync(planFile, JSON.stringify(fullPlan, null, 2) + '\n', { mode: 0o600 });
+
+  const elapsed = ((Date.now() - startTime) / 1000).toFixed(1);
+  console.log(`\n  ${D}Generated in ${elapsed}s by ${Object.keys(agentResults).length + 1} agents${NC}\n`);
+
+  displayPlan(fullPlan);
+  return fullPlan;
+}
+
+// ── Plan Display ───────────────────────────────────────────────────────────
+
+function displayPlan(plan) {
+  console.log(`  ${BOLD}${C}Executive Summary${NC}`);
+  console.log(`  ${plan.executive_summary || 'No summary available.'}\n`);
+
+  if (plan.priority_actions?.length > 0) {
+    console.log(`  ${BOLD}${Y}Priority Actions${NC}`);
+    for (const a of plan.priority_actions) {
+      const icon = a.priority === 'critical' ? '\x1b[0;31m!!\x1b[0m' : a.priority === 'high' ? '\x1b[1;33m!\x1b[0m' : '\x1b[2m·\x1b[0m';
+      console.log(`  ${icon} ${a.time || ''} ${a.action} ${D}(${a.source})${NC}`);
+    }
+    console.log('');
+  }
+
+  if (plan.schedule?.length > 0) {
+    console.log(`  ${BOLD}${G}Schedule${NC}`);
+    for (const s of plan.schedule) {
+      const typeIcon = s.type === 'meeting' ? '\x1b[0;36m●\x1b[0m' : s.type === 'focus' ? '\x1b[0;32m◆\x1b[0m' : s.type === 'break' ? '\x1b[2m○\x1b[0m' : '\x1b[0;33m■\x1b[0m';
+      console.log(`  ${typeIcon} ${s.time_start}-${s.time_end}  ${s.title}`);
+      if (s.preparation) console.log(`    ${D}Prep: ${s.preparation}${NC}`);
+    }
+    console.log('');
+  }
+
+  if (plan.email_actions?.length > 0) {
+    console.log(`  ${BOLD}Email Actions${NC}`);
+    for (const e of plan.email_actions) {
+      const actionColor = e.action === 'reply' ? G : e.action === 'flag' ? Y : D;
+      console.log(`  ${actionColor}[${e.action}]${NC} ${e.subject} ${D}from ${e.from}${NC}`);
+    }
+    console.log('');
+  }
+
+  if (plan.security_alerts?.length > 0) {
+    console.log(`  ${BOLD}\x1b[0;31mSecurity Alerts${NC}`);
+    for (const a of plan.security_alerts) {
+      console.log(`  \x1b[0;31m!\x1b[0m ${typeof a === 'string' ? a : a.message || JSON.stringify(a)}`);
+    }
+    console.log('');
+  }
+
+  if (plan.insights?.length > 0) {
+    console.log(`  ${BOLD}${D}Insights${NC}`);
+    for (const i of plan.insights) {
+      console.log(`  ${D}→ ${typeof i === 'string' ? i : i.message || JSON.stringify(i)}${NC}`);
+    }
+    console.log('');
+  }
+
+  if (plan.metadata) {
+    console.log(`  ${D}Plan saved to ~/.nha/ops/plans/${plan.date}.json${NC}`);
+    console.log(`  ${D}Agents: ${plan.metadata.agentsUsed?.join(', ') || 'conductor'}${NC}\n`);
+  }
+}

package/src/services/task-store.mjs

@@ -0,0 +1,156 @@
+/**
+ * Local task management — JSON files per day at ~/.nha/ops/tasks/.
+ * Zero dependencies.
+ */
+
+import fs from 'fs';
+import path from 'path';
+import { NHA_DIR } from '../constants.mjs';
+
+const TASKS_DIR = path.join(NHA_DIR, 'ops', 'tasks');
+
+function todayStr() {
+  return new Date().toISOString().split('T')[0];
+}
+
+function taskFile(date) {
+  return path.join(TASKS_DIR, `${date || todayStr()}.json`);
+}
+
+function loadDay(date) {
+  const file = taskFile(date);
+  if (!fs.existsSync(file)) return { tasks: [], version: 1 };
+  try { return JSON.parse(fs.readFileSync(file, 'utf-8')); }
+  catch { return { tasks: [], version: 1 }; }
+}
+
+function saveDay(date, data) {
+  fs.mkdirSync(TASKS_DIR, { recursive: true });
+  fs.writeFileSync(taskFile(date), JSON.stringify(data, null, 2) + '\n', { mode: 0o600 });
+}
+
+/**
+ * Get all tasks for a date.
+ * @param {string} [date] — YYYY-MM-DD (default: today)
+ * @returns {Array} tasks
+ */
+export function getTasks(date) {
+  return loadDay(date).tasks;
+}
+
+/**
+ * Add a new task.
+ * @param {object} task — { description, priority?, due?, source?, sourceRef? }
+ * @param {string} [date]
+ * @returns {object} the created task
+ */
+export function addTask(task, date) {
+  const data = loadDay(date);
+  const id = data.tasks.length > 0 ? Math.max(...data.tasks.map(t => t.id)) + 1 : 1;
+  const newTask = {
+    id,
+    description: task.description,
+    priority: task.priority || 'medium',
+    status: 'pending',
+    due: task.due || null,
+    source: task.source || 'manual',
+    sourceRef: task.sourceRef || null,
+    createdAt: new Date().toISOString(),
+    completedAt: null,
+    estimatedMinutes: task.estimatedMinutes || null,
+    suggestedSlot: task.suggestedSlot || null,
+  };
+  data.tasks.push(newTask);
+  saveDay(date, data);
+  return newTask;
+}
+
+/**
+ * Mark a task as done.
+ * @param {number} taskId
+ * @param {string} [date]
+ * @returns {boolean} success
+ */
+export function completeTask(taskId, date) {
+  const data = loadDay(date);
+  const task = data.tasks.find(t => t.id === taskId);
+  if (!task) return false;
+  task.status = 'done';
+  task.completedAt = new Date().toISOString();
+  saveDay(date, data);
+  return true;
+}
+
+/**
+ * Edit a task description.
+ */
+export function editTask(taskId, description, date) {
+  const data = loadDay(date);
+  const task = data.tasks.find(t => t.id === taskId);
+  if (!task) return false;
+  task.description = description;
+  saveDay(date, data);
+  return true;
+}
+
+/**
+ * Move a task to another date.
+ */
+export function moveTask(taskId, fromDate, toDate) {
+  const fromData = loadDay(fromDate);
+  const idx = fromData.tasks.findIndex(t => t.id === taskId);
+  if (idx === -1) return false;
+
+  const [task] = fromData.tasks.splice(idx, 1);
+  task.status = 'pending'; // reset status on move
+  task.completedAt = null;
+  saveDay(fromDate, fromData);
+
+  const toData = loadDay(toDate);
+  task.id = toData.tasks.length > 0 ? Math.max(...toData.tasks.map(t => t.id)) + 1 : 1;
+  toData.tasks.push(task);
+  saveDay(toDate, toData);
+  return true;
+}
+
+/**
+ * Get tasks for the week (Mon-Sun).
+ */
+export function getWeekTasks() {
+  const now = new Date();
+  const monday = new Date(now);
+  monday.setDate(now.getDate() - ((now.getDay() + 6) % 7));
+
+  const week = [];
+  for (let i = 0; i < 7; i++) {
+    const d = new Date(monday);
+    d.setDate(monday.getDate() + i);
+    const dateStr = d.toISOString().split('T')[0];
+    const tasks = getTasks(dateStr);
+    week.push({ date: dateStr, day: d.toLocaleDateString('en', { weekday: 'short' }), tasks });
+  }
+  return week;
+}
+
+/**
+ * Bulk add tasks (from agent pipeline).
+ * @param {Array<{description, priority, due, source, estimatedMinutes, suggestedSlot}>} tasks
+ * @param {string} [date]
+ */
+export function bulkAddTasks(tasks, date) {
+  for (const t of tasks) {
+    addTask(t, date);
+  }
+}
+
+/**
+ * Get daily stats.
+ */
+export function getDayStats(date) {
+  const tasks = getTasks(date);
+  const total = tasks.length;
+  const done = tasks.filter(t => t.status === 'done').length;
+  const pending = tasks.filter(t => t.status === 'pending').length;
+  const high = tasks.filter(t => t.priority === 'high' || t.priority === 'critical').length;
+  return { total, done, pending, high, completionRate: total > 0 ? Math.round(done / total * 100) : 0 };
+}

package/src/services/token-store.mjs

@@ -0,0 +1,145 @@
+/**
+ * Encrypted token storage — AES-256-GCM with machine-derived key.
+ * Stores OAuth tokens at ~/.nha/ops/tokens.enc
+ * Zero dependencies — uses Node.js native crypto.
+ */
+
+import crypto from 'crypto';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { NHA_DIR } from '../constants.mjs';
+
+const OPS_DIR = path.join(NHA_DIR, 'ops');
+const TOKENS_FILE = path.join(OPS_DIR, 'tokens.enc');
+
+/** Derive encryption key from machine-specific fingerprint */
+function deriveKey() {
+  const fingerprint = os.hostname() + os.userInfo().username + os.homedir();
+  return crypto.createHash('sha256').update(fingerprint).digest();
+}
+
+/** Encrypt JSON data with AES-256-GCM */
+function encrypt(data) {
+  const key = deriveKey();
+  const iv = crypto.randomBytes(16);
+  const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+  const plaintext = JSON.stringify(data);
+  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return {
+    iv: iv.toString('base64'),
+    tag: tag.toString('base64'),
+    ciphertext: encrypted.toString('base64'),
+  };
+}
+
+/** Decrypt AES-256-GCM data back to JSON */
+function decrypt(envelope) {
+  const key = deriveKey();
+  const iv = Buffer.from(envelope.iv, 'base64');
+  const tag = Buffer.from(envelope.tag, 'base64');
+  const ciphertext = Buffer.from(envelope.ciphertext, 'base64');
+  const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
+  decipher.setAuthTag(tag);
+  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+  return JSON.parse(decrypted.toString('utf-8'));
+}
+
+/**
+ * Save OAuth tokens (encrypted).
+ * @param {object} tokens — { access_token, refresh_token, expires_at, scope, email }
+ */
+export function saveTokens(tokens) {
+  fs.mkdirSync(OPS_DIR, { recursive: true });
+  const envelope = encrypt(tokens);
+  fs.writeFileSync(TOKENS_FILE, JSON.stringify(envelope, null, 2), { mode: 0o600 });
+}
+
+/**
+ * Load OAuth tokens (decrypted).
+ * @returns {object|null} tokens or null if not stored
+ */
+export function loadTokens() {
+  if (!fs.existsSync(TOKENS_FILE)) return null;
+  try {
+    const envelope = JSON.parse(fs.readFileSync(TOKENS_FILE, 'utf-8'));
+    return decrypt(envelope);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Delete stored tokens.
+ */
+export function deleteTokens() {
+  if (fs.existsSync(TOKENS_FILE)) fs.rmSync(TOKENS_FILE);
+}
+
+/**
+ * Check if access token is expired (with 5-minute buffer).
+ * @param {object} tokens
+ * @returns {boolean}
+ */
+export function isExpired(tokens) {
+  if (!tokens?.expires_at) return true;
+  return Date.now() >= tokens.expires_at - 300_000;
+}
+
+/**
+ * Refresh access token using refresh_token.
+ * @param {string} clientId
+ * @param {string} clientSecret
+ * @param {string} refreshToken
+ * @returns {Promise<object>} new token set
+ */
+export async function refreshAccessToken(clientId, clientSecret, refreshToken) {
+  const params = new URLSearchParams({
+    client_id: clientId,
+    client_secret: clientSecret,
+    refresh_token: refreshToken,
+    grant_type: 'refresh_token',
+  });
+
+  const res = await fetch('https://oauth2.googleapis.com/token', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: params.toString(),
+  });
+
+  if (!res.ok) {
+    const err = await res.text();
+    throw new Error(`Token refresh failed: ${err}`);
+  }
+
+  const data = await res.json();
+  return {
+    access_token: data.access_token,
+    refresh_token: refreshToken, // Google doesn't always return a new refresh token
+    expires_at: Date.now() + (data.expires_in * 1000),
+    scope: data.scope,
+  };
+}
+
+/**
+ * Get a valid access token — refreshes automatically if expired.
+ * @param {object} config — NHA config with google.clientId etc.
+ * @returns {Promise<string>} access_token
+ */
+export async function getAccessToken(config) {
+  let tokens = loadTokens();
+  if (!tokens) throw new Error('Not authenticated. Run: nha google auth');
+
+  if (isExpired(tokens)) {
+    const clientId = config.google?.clientId;
+    const clientSecret = config.google?.clientSecret || '';
+    if (!clientId) throw new Error('Google client ID not configured');
+
+    tokens = await refreshAccessToken(clientId, clientSecret, tokens.refresh_token);
+    tokens.email = loadTokens()?.email; // preserve email
+    saveTokens(tokens);
+  }
+
+  return tokens.access_token;
+}