obol-ai 0.1.5 → 0.1.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "obol-ai",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Self-evolving AI assistant that learns, remembers, and acts on its own. Persistent vector memory, self-rewriting personality, proactive heartbeats.",
   "main": "src/index.js",
   "bin": {

package/src/claude.js

@@ -47,6 +47,8 @@ function createAnthropicClient(anthropicConfig, { useOAuth = true } = {}) {
   throw new Error('No Anthropic credentials configured. Run: obol config');
 }
 
+let _refreshPromise = null;
+
 async function ensureFreshToken(anthropicConfig) {
   if (!anthropicConfig.oauth?.accessToken) return;
   if (!isExpired(anthropicConfig.oauth)) return;
@@ -60,27 +62,56 @@ async function ensureFreshToken(anthropicConfig) {
     throw err;
   }
 
-  try {
-    const tokens = await refreshTokens(anthropicConfig.oauth.refreshToken);
-    anthropicConfig.oauth.accessToken = tokens.accessToken;
-    anthropicConfig.oauth.refreshToken = tokens.refreshToken;
-    anthropicConfig.oauth.expires = tokens.expires;
-    delete anthropicConfig._oauthFailed;
-
-    const config = loadConfig({ resolve: false });
-    if (config) {
-      config.anthropic.oauth = anthropicConfig.oauth;
-      saveConfig(config);
-    }
-  } catch (e) {
-    if (anthropicConfig.apiKey) {
-      console.warn('[oauth] Token refresh failed, falling back to API key:', e.message);
-      anthropicConfig._oauthFailed = true;
-    } else {
-      const err = new Error(`OAuth token expired and refresh failed. Re-authenticate with: obol config → Anthropic → OAuth. (${e.message})`);
-      err.isOAuthExpiry = true;
-      throw err;
+  if (_refreshPromise) {
+    try {
+      await _refreshPromise;
+    } catch {}
+    if (!isExpired(anthropicConfig.oauth)) return;
+    if (anthropicConfig._oauthFailed) return;
+  }
+
+  _refreshPromise = (async () => {
+    try {
+      const tokens = await refreshTokens(anthropicConfig.oauth.refreshToken);
+      console.log('[oauth] Refresh succeeded, new refresh token:', !!tokens.refreshToken);
+      anthropicConfig.oauth.accessToken = tokens.accessToken;
+      if (tokens.refreshToken) anthropicConfig.oauth.refreshToken = tokens.refreshToken;
+      anthropicConfig.oauth.expires = tokens.expires;
+      delete anthropicConfig._oauthFailed;
+
+      const config = loadConfig({ resolve: false });
+      if (config) {
+        config.anthropic.oauth = anthropicConfig.oauth;
+        saveConfig(config);
+      }
+    } catch (e) {
+      console.warn('[oauth] Refresh failed, checking disk for updated tokens:', e.message);
+      const diskConfig = loadConfig({ resolve: false });
+      if (diskConfig?.anthropic?.oauth?.accessToken &&
+          diskConfig.anthropic.oauth.accessToken !== anthropicConfig.oauth.accessToken &&
+          !isExpired(diskConfig.anthropic.oauth)) {
+        anthropicConfig.oauth.accessToken = diskConfig.anthropic.oauth.accessToken;
+        anthropicConfig.oauth.refreshToken = diskConfig.anthropic.oauth.refreshToken;
+        anthropicConfig.oauth.expires = diskConfig.anthropic.oauth.expires;
+        delete anthropicConfig._oauthFailed;
+        return;
+      }
+
+      if (anthropicConfig.apiKey) {
+        console.warn('[oauth] Token refresh failed, falling back to API key:', e.message);
+        anthropicConfig._oauthFailed = true;
+      } else {
+        const err = new Error(`OAuth token expired and refresh failed: ${e.message}`);
+        err.isOAuthExpiry = true;
+        throw err;
+      }
     }
+  })();
+
+  try {
+    await _refreshPromise;
+  } finally {
+    _refreshPromise = null;
   }
 }
 

package/src/cli/config.js

@@ -1,5 +1,6 @@
 const inquirer = require('inquirer');
 const { loadConfig, saveConfig, CONFIG_FILE, ensureUserDir, getUserDir } = require('../config');
+const { generatePKCE, buildAuthorizationUrl, exchangeCodeForTokens } = require('../oauth');
 const { spawnSync } = require('child_process');
 const fs = require('fs');
 
@@ -8,8 +9,9 @@ const SECTIONS = [
     name: 'Anthropic',
     fields: [
       { key: 'anthropic.apiKey', label: 'API Key', secret: true },
-      { key: 'anthropic.oauth.accessToken', label: 'OAuth Access Token', secret: true },
-      { key: 'anthropic.oauth.refreshToken', label: 'OAuth Refresh Token', secret: true },
+      { key: '_oauth_flow', label: 'Set up / reset OAuth', custom: 'oauth' },
+      { key: 'anthropic.oauth.accessToken', label: 'OAuth Access Token (manual)', secret: true },
+      { key: 'anthropic.oauth.refreshToken', label: 'OAuth Refresh Token (manual)', secret: true },
     ],
   },
   {
@@ -266,6 +268,59 @@ async function manageUsers(cfg) {
   }
 }
 
+async function runOAuthFlow(cfg) {
+  console.log('\n  Starting OAuth flow with Anthropic...\n');
+
+  const { verifier, challenge } = await generatePKCE();
+  const authUrl = buildAuthorizationUrl(challenge, verifier);
+
+  console.log('  1. Open this URL in your browser:\n');
+  console.log(`  ${authUrl}\n`);
+  console.log('  2. Authorize the app, then copy the FULL redirect URL from your browser.\n');
+  console.log('     It will look like: https://console.anthropic.com/oauth/code/callback?code=XXXXX#STATE\n');
+
+  const { callbackInput } = await inquirer.prompt([{
+    type: 'input',
+    name: 'callbackInput',
+    message: 'Paste the full callback URL or just the code:',
+    validate: (v) => v.trim().length > 0 ? true : 'Required',
+  }]);
+
+  try {
+    const input = callbackInput.trim();
+    let code, state;
+
+    if (input.includes('code=')) {
+      const url = new URL(input);
+      code = url.searchParams.get('code');
+      state = url.hash?.replace('#', '') || verifier;
+    } else if (input.includes('#')) {
+      [code, state] = input.split('#');
+    } else {
+      code = input;
+      state = verifier;
+    }
+
+    if (!code) {
+      console.log('  No code found\n');
+      return;
+    }
+
+    console.log('  Exchanging code for tokens...');
+    const tokens = await exchangeCodeForTokens(code, state, verifier);
+
+    setNestedValue(cfg, 'anthropic.oauth.accessToken', tokens.accessToken);
+    setNestedValue(cfg, 'anthropic.oauth.refreshToken', tokens.refreshToken);
+    setNestedValue(cfg, 'anthropic.oauth.expires', tokens.expires);
+    saveConfig(cfg);
+
+    console.log('  OAuth configured with access + refresh token');
+    console.log(`  Token expires: ${new Date(tokens.expires).toISOString()}\n`);
+  } catch (e) {
+    console.log(`  OAuth flow failed: ${e.message}\n`);
+  }
+}
+
 async function config() {
   const cfg = loadConfig({ resolve: false });
   if (!cfg) {
@@ -301,6 +356,20 @@ async function config() {
 
     const fields = sec.fields;
     const fieldChoices = fields.map(f => {
+      if (f.custom) {
+        const hasOAuth = !!getNestedValue(cfg, 'anthropic.oauth.accessToken');
+        const hasRefresh = !!getNestedValue(cfg, 'anthropic.oauth.refreshToken');
+        const expires = getNestedValue(cfg, 'anthropic.oauth.expires');
+        const expired = expires && Date.now() >= expires;
+        let status = '';
+        if (hasOAuth && hasRefresh && !expired) status = ' ✅';
+        else if (hasOAuth && expired) status = ' ⚠️  expired';
+        else if (hasOAuth && !hasRefresh) status = ' ⚠️  no refresh token';
+        return {
+          name: `${f.label}${status}`,
+          value: f,
+        };
+      }
       const val = getNestedValue(cfg, f.key);
       return {
         name: `${f.label}: ${formatValue(val, f.secret)}`,
@@ -317,6 +386,11 @@ async function config() {
 
     if (!field) continue;
 
+    if (field.custom === 'oauth') {
+      await runOAuthFlow(cfg);
+      continue;
+    }
+
     const currentVal = getNestedValue(cfg, field.key);
 
     if (field.type === 'boolean') {

package/src/cli/init.js

@@ -389,15 +389,9 @@ async function setupAnthropicOAuth() {
   const input = callbackInput.trim();
 
   if (input.includes('sk-ant-oat')) {
-    console.log('  ✅ OAuth token detected — using directly');
-    console.log('  ⚠️  No refresh token — you\'ll need to re-auth when it expires\n');
-    return {
-      oauth: {
-        accessToken: input,
-        refreshToken: null,
-        expires: Date.now() + 60 * 60 * 1000,
-      },
-    };
+    console.log('  That\'s a raw token, not a callback URL.');
+    console.log('  Paste the full URL from your browser after authorizing.\n');
+    return await setupAnthropicOAuth();
   }
 
   let code, state;

package/src/oauth.js

@@ -82,10 +82,11 @@ async function refreshTokens(refreshToken) {
   }
 
   const data = await res.json();
+  console.log(`[oauth] Refresh response: expires_in=${data.expires_in}, has_refresh=${!!data.refresh_token}`);
   return {
     accessToken: data.access_token,
-    refreshToken: data.refresh_token,
-    expires: Date.now() + data.expires_in * 1000 - REFRESH_BUFFER_MS,
+    refreshToken: data.refresh_token || null,
+    expires: Date.now() + (data.expires_in || 3600) * 1000 - REFRESH_BUFFER_MS,
   };
 }
 

package/src/telegram.js

@@ -392,7 +392,8 @@ function createBot(telegramConfig, config) {
       stopTyping();
       console.error('Message handling error:', e.message);
       if (e.isOAuthExpiry) {
-        await ctx.reply('OAuth token expired. Run `obol config` → Anthropic → re-authenticate OAuth.').catch(() => {});
+        console.error('[oauth] Full error:', e.stack || e.message);
+        await ctx.reply(`OAuth error: ${e.message}\n\nRun \`obol config\` → Anthropic → re-authenticate OAuth.`).catch(() => {});
       } else if (e.status === 401 || e.message?.includes('401')) {
         await ctx.reply('API key invalid or expired. Run `obol config` to update.').catch(() => {});
       } else if (e.status === 429 || e.message?.includes('rate')) {