orch-code 0.1.2 → 0.1.4

package/CHANGELOG.md

@@ -2,6 +2,12 @@
 
 All notable changes to this project will be documented in this file.
 
+## v0.1.4 - 2026-04-03
+
+- feat: add live probe mode for doctor
+## v0.1.3 - 2026-04-03
+
+- ci: harden npm install and release flow
 ## v0.1.2 - 2026-04-03
 
 - fix: send instructions for OpenAI account chat

package/README.md

@@ -247,6 +247,9 @@ go run . <command>
 
 `npm i -g orch-code` becomes zero-Go for end users once GitHub Releases and npm publish are both live.
 
+Canonical GitHub repo:
+- `https://github.com/beydemirfurkan/orch`
+
 Repo automation now expects:
 - GitHub Actions secret: `NPM_TOKEN`
 - a git tag in the form `vX.Y.Z`
@@ -276,7 +279,13 @@ The release workflow will:
 - verify the tag matches package metadata
 - build darwin/linux/windows binaries with GoReleaser
 - publish a GitHub Release with raw binary assets
-- publish the npm package
+- publish the npm package if that version is not already on npm
+- run clean install smoke tests on macOS and Linux using `npm install -g orch-code`
+
+Recommended publish path:
+- treat tag push as the canonical release path
+- avoid manual `npm publish` during normal releases
+- keep manual npm publish only as a recovery path if CI is unavailable
 
 `release:prepare` updates these files together:
 - `package.json`
@@ -324,8 +333,11 @@ Validate runtime readiness:
 
 ```bash
 ./orch doctor
+./orch doctor --probe
 ```
 
+`--probe` runs a small live OpenAI chat check, which is useful for validating account-mode OAuth auth beyond local token shape checks.
+
 Generate a structured plan only:
 
 ```bash

package/cmd/doctor.go

@@ -9,10 +9,13 @@ import (
 
 	"github.com/furkanbeydemir/orch/internal/auth"
 	"github.com/furkanbeydemir/orch/internal/config"
+	"github.com/furkanbeydemir/orch/internal/providers"
 	"github.com/furkanbeydemir/orch/internal/providers/openai"
 	"github.com/spf13/cobra"
 )
 
+var doctorProbeFlag bool
+
 var doctorCmd = &cobra.Command{
 	Use:   "doctor",
 	Short: "Validate Orch runtime readiness",
@@ -21,6 +24,7 @@ var doctorCmd = &cobra.Command{
 
 func init() {
 	rootCmd.AddCommand(doctorCmd)
+	doctorCmd.Flags().BoolVar(&doctorProbeFlag, "probe", false, "Run a live provider chat probe")
 }
 
 func runDoctor(cmd *cobra.Command, args []string) error {
@@ -85,8 +89,8 @@ func runDoctor(cmd *cobra.Command, args []string) error {
 	})
 
 	checks = append(checks, check{
-		name: "openai.account_refresh",
-		ok:   authMode != "account" || accountToken != "" || !storedAccount || storedRefresh || (storedCred != nil && storedCred.ExpiresAt.IsZero()) || time.Now().UTC().Before(storedCred.ExpiresAt),
+		name:   "openai.account_refresh",
+		ok:     authMode != "account" || accountToken != "" || !storedAccount || storedRefresh || (storedCred != nil && storedCred.ExpiresAt.IsZero()) || time.Now().UTC().Before(storedCred.ExpiresAt),
 		detail: fmt.Sprintf("required_when_expired=%t", authMode == "account" && accountToken == ""),
 	})
 
@@ -95,30 +99,27 @@ func runDoctor(cmd *cobra.Command, args []string) error {
 	checks = append(checks, check{name: "openai.model.reviewer", ok: strings.TrimSpace(cfg.Provider.OpenAI.Models.Reviewer) != "", detail: cfg.Provider.OpenAI.Models.Reviewer})
 
 	if cfg.Provider.Flags.OpenAIEnabled && defaultProvider == "openai" {
-		client := openai.New(cfg.Provider.OpenAI)
-		client.SetTokenResolver(func(ctx context.Context) (string, error) {
-			_ = ctx
-			if authMode == "api_key" {
-				if storedCred != nil && strings.TrimSpace(storedCred.Key) != "" {
-					return strings.TrimSpace(storedCred.Key), nil
-				}
-				return "", nil
-			}
-			resolved, resolveErr := auth.ResolveAccountAccessToken(cwd, "openai")
-			if resolveErr != nil {
-				return "", resolveErr
-			}
-			return resolved, nil
-		})
+		client := newDoctorOpenAIClient(cwd, cfg.Provider.OpenAI, authMode, storedCred)
 
 		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 		defer cancel()
 		validateErr := client.Validate(ctx)
 		checks = append(checks, check{
-			name:   "openai.auth",
+			name:   "openai.auth.local",
 			ok:     validateErr == nil,
 			detail: errDetail(validateErr, "ok"),
 		})
+
+		if doctorProbeFlag {
+			probeCtx, probeCancel := context.WithTimeout(context.Background(), doctorProbeTimeout(cfg.Provider.OpenAI.TimeoutSeconds))
+			defer probeCancel()
+			probeErr := runOpenAIProbe(probeCtx, client, cfg.Provider.OpenAI.Models.Coder)
+			checks = append(checks, check{
+				name:   "openai.auth.probe",
+				ok:     probeErr == nil,
+				detail: errDetail(probeErr, "ok"),
+			})
+		}
 	}
 
 	failed := 0
@@ -147,3 +148,44 @@ func errDetail(err error, fallback string) string {
 	}
 	return err.Error()
 }
+
+func newDoctorOpenAIClient(cwd string, cfg config.OpenAIProviderConfig, authMode string, storedCred *auth.Credential) *openai.Client {
+	client := openai.New(cfg)
+	client.SetTokenResolver(func(ctx context.Context) (string, error) {
+		_ = ctx
+		if authMode == "api_key" {
+			if storedCred != nil && strings.TrimSpace(storedCred.Key) != "" {
+				return strings.TrimSpace(storedCred.Key), nil
+			}
+			return "", nil
+		}
+		resolved, resolveErr := auth.ResolveAccountAccessToken(cwd, "openai")
+		if resolveErr != nil {
+			return "", resolveErr
+		}
+		return resolved, nil
+	})
+	return client
+}
+
+func runOpenAIProbe(ctx context.Context, client *openai.Client, model string) error {
+	_, err := client.Chat(ctx, providers.ChatRequest{
+		Role:            providers.RoleCoder,
+		Model:           strings.TrimSpace(model),
+		SystemPrompt:    "Reply with OK only.",
+		UserPrompt:      "ping",
+		ReasoningEffort: "low",
+	})
+	return err
+}
+
+func doctorProbeTimeout(timeoutSeconds int) time.Duration {
+	if timeoutSeconds <= 0 {
+		return 20 * time.Second
+	}
+	timeout := time.Duration(timeoutSeconds) * time.Second
+	if timeout > 20*time.Second {
+		return 20 * time.Second
+	}
+	return timeout
+}

package/cmd/provider_model_doctor_test.go

@@ -1,7 +1,11 @@
 package cmd
 
 import (
+	"encoding/base64"
 	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
 
@@ -56,6 +60,76 @@ func TestDoctorFailsWithoutAPIKey(t *testing.T) {
 	}
 }
 
+func TestDoctorProbeAccountModeSucceeds(t *testing.T) {
+	repoRoot := t.TempDir()
+	t.Chdir(repoRoot)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path != "/codex/responses" {
+			t.Fatalf("unexpected path: %s", r.URL.Path)
+		}
+		if got := r.Header.Get("ChatGPT-Account-Id"); got != "acc-123" {
+			t.Fatalf("unexpected account header: %s", got)
+		}
+		w.Header().Set("Content-Type", "application/json")
+		_, _ = w.Write([]byte(`{"output_text":"OK","status":"completed","usage":{"input_tokens":1,"output_tokens":1,"total_tokens":2}}`))
+	}))
+	defer server.Close()
+
+	if err := config.EnsureOrchDir(repoRoot); err != nil {
+		t.Fatalf("ensure orch dir: %v", err)
+	}
+	cfg := config.DefaultConfig()
+	cfg.Provider.OpenAI.AuthMode = "account"
+	cfg.Provider.OpenAI.BaseURL = server.URL
+	cfg.Provider.OpenAI.TimeoutSeconds = 5
+	if err := config.Save(repoRoot, cfg); err != nil {
+		t.Fatalf("save config: %v", err)
+	}
+
+	t.Setenv("OPENAI_ACCOUNT_TOKEN", testDoctorAccountToken("acc-123"))
+	doctorProbeFlag = true
+	defer func() { doctorProbeFlag = false }()
+
+	if err := runDoctor(nil, nil); err != nil {
+		t.Fatalf("expected doctor probe to succeed: %v", err)
+	}
+}
+
+func TestDoctorProbeAccountModeFailsWhenProviderRejects(t *testing.T) {
+	repoRoot := t.TempDir()
+	t.Chdir(repoRoot)
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusUnauthorized)
+		_, _ = w.Write([]byte(`{"error":"unauthorized"}`))
+	}))
+	defer server.Close()
+
+	if err := config.EnsureOrchDir(repoRoot); err != nil {
+		t.Fatalf("ensure orch dir: %v", err)
+	}
+	cfg := config.DefaultConfig()
+	cfg.Provider.OpenAI.AuthMode = "account"
+	cfg.Provider.OpenAI.BaseURL = server.URL
+	cfg.Provider.OpenAI.TimeoutSeconds = 5
+	if err := config.Save(repoRoot, cfg); err != nil {
+		t.Fatalf("save config: %v", err)
+	}
+
+	t.Setenv("OPENAI_ACCOUNT_TOKEN", testDoctorAccountToken("acc-123"))
+	doctorProbeFlag = true
+	defer func() { doctorProbeFlag = false }()
+
+	err := runDoctor(nil, nil)
+	if err == nil {
+		t.Fatalf("expected doctor probe failure")
+	}
+	if !strings.Contains(err.Error(), "doctor failed") {
+		t.Fatalf("unexpected doctor error: %v", err)
+	}
+}
+
 func TestProviderListJSONOutput(t *testing.T) {
 	repoRoot := t.TempDir()
 	t.Chdir(repoRoot)
@@ -89,3 +163,10 @@ func TestProviderListJSONOutput(t *testing.T) {
 		t.Fatalf("expected openai in all providers, got: %#v", all)
 	}
 }
+
+func testDoctorAccountToken(accountID string) string {
+	header := base64.RawURLEncoding.EncodeToString([]byte(`{"alg":"none"}`))
+	payload := fmt.Sprintf(`{"https://api.openai.com/auth":{"chatgpt_account_id":"%s"}}`, accountID)
+	body := base64.RawURLEncoding.EncodeToString([]byte(payload))
+	return header + "." + body + ".sig"
+}

package/cmd/version.go

@@ -1,4 +1,4 @@
 package cmd
 
 // version is overridden in release builds via GoReleaser ldflags.
-var version = "0.1.2"
+var version = "0.1.4"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "orch-code",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "Local-first control plane for deterministic AI coding",
   "license": "MIT",
   "bin": {
@@ -29,12 +29,12 @@
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/furkanbeydemir/orch.git"
+    "url": "git+https://github.com/beydemirfurkan/orch.git"
   },
   "bugs": {
-    "url": "https://github.com/furkanbeydemir/orch/issues"
+    "url": "https://github.com/beydemirfurkan/orch/issues"
   },
-  "homepage": "https://github.com/furkanbeydemir/orch#readme",
+  "homepage": "https://github.com/beydemirfurkan/orch#readme",
   "engines": {
     "node": ">=18"
   }

package/scripts/check-npm-published.js

@@ -0,0 +1,33 @@
+#!/usr/bin/env node
+
+const https = require('node:https');
+const path = require('node:path');
+
+const packageRoot = path.resolve(__dirname, '..');
+const pkg = require(path.join(packageRoot, 'package.json'));
+
+const version = process.argv[2] || pkg.version;
+const encodedName = encodeURIComponent(pkg.name);
+const url = `https://registry.npmjs.org/${encodedName}/${encodeURIComponent(version)}`;
+
+https
+  .get(url, (response) => {
+    response.resume();
+
+    if (response.statusCode === 200) {
+      console.log('true');
+      process.exit(0);
+    }
+
+    if (response.statusCode === 404) {
+      console.log('false');
+      process.exit(0);
+    }
+
+    console.error(`[orch] unexpected npm registry status: ${response.statusCode || 'unknown'}`);
+    process.exit(1);
+  })
+  .on('error', (error) => {
+    console.error(`[orch] failed to query npm registry: ${error.message}`);
+    process.exit(1);
+  });

package/scripts/postinstall.js

@@ -45,7 +45,7 @@ function main() {
 
 async function install() {
   const assetName = resolveAssetName();
-  const baseUrl = process.env.ORCH_BINARY_BASE_URL || `https://github.com/furkanbeydemir/orch/releases/download/v${pkg.version}`;
+  const baseUrl = process.env.ORCH_BINARY_BASE_URL || `https://github.com/beydemirfurkan/orch/releases/download/v${pkg.version}`;
   const assetUrl = `${baseUrl}/${assetName}`;
 
   try {