patchwork-os 0.2.0-alpha.0 → 0.2.0-alpha.11

package/dist/connectors/gmail.js

@@ -0,0 +1,304 @@
+/**
+ * Gmail OAuth 2.0 connector.
+ *
+ * Handles:
+ *   GET  /connections/gmail/auth      — redirect to Google consent screen
+ *   GET  /connections/gmail/callback  — exchange code for tokens, store locally
+ *   POST /connections/gmail/test      — verify stored token works
+ *   DELETE /connections/gmail         — revoke + delete stored token
+ *   GET  /connections                 — list connector statuses
+ *
+ * Tokens stored at ~/.patchwork/tokens/gmail.json (mode 0600, never leaves machine).
+ * Client credentials read from env: GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET.
+ */
+import crypto from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync, } from "node:fs";
+import { homedir } from "node:os";
+import path from "node:path";
+const SCOPES = ["https://www.googleapis.com/auth/gmail.readonly"];
+const REDIRECT_URI = "http://localhost:3100/connections/gmail/callback";
+const TOKEN_PATH = path.join(homedir(), ".patchwork", "tokens", "gmail.json");
+function clientId() {
+    return process.env.GMAIL_CLIENT_ID ?? "";
+}
+function clientSecret() {
+    return process.env.GMAIL_CLIENT_SECRET ?? "";
+}
+function isConfigured() {
+    return Boolean(clientId() && clientSecret());
+}
+// ── Token storage ─────────────────────────────────────────────────────────────
+export function loadTokens() {
+    if (!existsSync(TOKEN_PATH))
+        return null;
+    try {
+        return JSON.parse(readFileSync(TOKEN_PATH, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+function saveTokens(tokens) {
+    mkdirSync(path.dirname(TOKEN_PATH), { recursive: true, mode: 0o700 });
+    writeFileSync(TOKEN_PATH, JSON.stringify(tokens, null, 2), { mode: 0o600 });
+}
+function deleteTokens() {
+    if (existsSync(TOKEN_PATH))
+        unlinkSync(TOKEN_PATH);
+}
+// ── OAuth helpers ─────────────────────────────────────────────────────────────
+function buildAuthUrl(state) {
+    const params = new URLSearchParams({
+        client_id: clientId(),
+        redirect_uri: REDIRECT_URI,
+        response_type: "code",
+        scope: SCOPES.join(" "),
+        access_type: "offline",
+        prompt: "consent",
+        state,
+    });
+    return `https://accounts.google.com/o/oauth2/v2/auth?${params.toString()}`;
+}
+async function exchangeCode(code) {
+    const res = await fetch("https://oauth2.googleapis.com/token", {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            code,
+            client_id: clientId(),
+            client_secret: clientSecret(),
+            redirect_uri: REDIRECT_URI,
+            grant_type: "authorization_code",
+        }).toString(),
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Token exchange failed: ${res.status} ${body}`);
+    }
+    const json = (await res.json());
+    return {
+        access_token: json.access_token,
+        refresh_token: json.refresh_token,
+        expiry_date: json.expires_in
+            ? Date.now() + json.expires_in * 1000
+            : undefined,
+        token_type: json.token_type,
+        scope: json.scope,
+    };
+}
+async function refreshAccessToken(tokens) {
+    if (!tokens.refresh_token)
+        throw new Error("No refresh token available");
+    const res = await fetch("https://oauth2.googleapis.com/token", {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            refresh_token: tokens.refresh_token,
+            client_id: clientId(),
+            client_secret: clientSecret(),
+            grant_type: "refresh_token",
+        }).toString(),
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Token refresh failed: ${res.status} ${body}`);
+    }
+    const json = (await res.json());
+    const updated = {
+        ...tokens,
+        access_token: json.access_token,
+        expiry_date: json.expires_in
+            ? Date.now() + json.expires_in * 1000
+            : tokens.expiry_date,
+    };
+    saveTokens(updated);
+    return updated;
+}
+/** Returns a valid access token, refreshing if needed. */
+export async function getValidAccessToken() {
+    let tokens = loadTokens();
+    if (!tokens)
+        throw new Error("Gmail not connected");
+    const bufferMs = 60_000;
+    if (tokens.expiry_date && Date.now() > tokens.expiry_date - bufferMs) {
+        tokens = await refreshAccessToken(tokens);
+    }
+    return tokens.access_token;
+}
+async function revokeToken(token) {
+    await fetch(`https://oauth2.googleapis.com/revoke?token=${encodeURIComponent(token)}`, { method: "POST" }).catch(() => { });
+}
+async function fetchUserEmail(accessToken) {
+    const res = await fetch("https://gmail.googleapis.com/gmail/v1/users/me/profile", { headers: { Authorization: `Bearer ${accessToken}` } });
+    if (!res.ok)
+        return "";
+    const json = (await res.json());
+    return json.emailAddress ?? "";
+}
+// ── State map (in-memory CSRF protection) ────────────────────────────────────
+const pendingStates = new Set();
+function generateState() {
+    const state = crypto.randomBytes(32).toString("hex");
+    pendingStates.add(state);
+    setTimeout(() => pendingStates.delete(state), 10 * 60 * 1000); // 10 min TTL
+    return state;
+}
+export async function handleConnectionsList() {
+    const tokens = loadTokens();
+    const { getStatus: getGitHubStatus } = await import("./github.js");
+    const { getStatus: getSentryStatus } = await import("./sentry.js");
+    const { getStatus: getLinearStatus } = await import("./linear.js");
+    const { getStatus: getCalendarStatus } = await import("./googleCalendar.js");
+    const { isConnected: isSlackConnected, getProfile: getSlackProfile } = await import("./slack.js");
+    const gh = getGitHubStatus();
+    const sentry = getSentryStatus();
+    const linear = getLinearStatus();
+    const calendar = getCalendarStatus();
+    const slackConnected = isSlackConnected();
+    const slackProfile = getSlackProfile();
+    const connectors = [
+        {
+            id: "gmail",
+            status: tokens ? "connected" : "disconnected",
+            lastSync: tokens ? new Date().toISOString() : undefined,
+        },
+        {
+            id: "github",
+            status: gh.connected ? "connected" : "disconnected",
+            lastSync: gh.connected ? new Date().toISOString() : undefined,
+        },
+        {
+            id: "sentry",
+            status: sentry.status,
+            lastSync: sentry.lastSync,
+        },
+        {
+            id: "linear",
+            status: linear.status,
+            lastSync: linear.lastSync,
+        },
+        {
+            id: "google-calendar",
+            status: calendar.status,
+            lastSync: calendar.lastSync,
+        },
+        {
+            id: "slack",
+            status: slackConnected ? "connected" : "disconnected",
+            lastSync: slackConnected && slackProfile ? new Date().toISOString() : undefined,
+        },
+    ];
+    return {
+        status: 200,
+        contentType: "application/json",
+        body: JSON.stringify({ connectors }),
+    };
+}
+export function handleGmailAuthRedirect() {
+    if (!isConfigured()) {
+        return {
+            status: 503,
+            contentType: "application/json",
+            body: JSON.stringify({
+                error: "Gmail connector not configured. Set GMAIL_CLIENT_ID and GMAIL_CLIENT_SECRET.",
+            }),
+        };
+    }
+    const state = generateState();
+    const url = buildAuthUrl(state);
+    return { status: 302, redirect: url, body: "" };
+}
+export async function handleGmailCallback(code, state, error) {
+    if (error) {
+        return {
+            status: 400,
+            contentType: "text/html",
+            body: callbackHtml("Connection cancelled", `Google returned: ${error}`, false),
+        };
+    }
+    if (!code || !state || !pendingStates.has(state)) {
+        return {
+            status: 400,
+            contentType: "text/html",
+            body: callbackHtml("Invalid request", "Missing or expired state.", false),
+        };
+    }
+    pendingStates.delete(state);
+    try {
+        const tokens = await exchangeCode(code);
+        saveTokens(tokens);
+        const email = await fetchUserEmail(tokens.access_token);
+        return {
+            status: 200,
+            contentType: "text/html",
+            body: callbackHtml("Gmail connected", `Connected${email ? ` as ${email}` : ""}. You can close this tab.`, true),
+        };
+    }
+    catch (err) {
+        return {
+            status: 500,
+            contentType: "text/html",
+            body: callbackHtml("Connection failed", err instanceof Error ? err.message : String(err), false),
+        };
+    }
+}
+export async function handleGmailTest() {
+    try {
+        const token = await getValidAccessToken();
+        const email = await fetchUserEmail(token);
+        return {
+            status: 200,
+            contentType: "application/json",
+            body: JSON.stringify({ ok: true, email }),
+        };
+    }
+    catch (err) {
+        return {
+            status: 400,
+            contentType: "application/json",
+            body: JSON.stringify({
+                ok: false,
+                error: err instanceof Error ? err.message : String(err),
+            }),
+        };
+    }
+}
+export async function handleGmailDisconnect() {
+    const tokens = loadTokens();
+    if (tokens?.access_token) {
+        await revokeToken(tokens.access_token);
+    }
+    deleteTokens();
+    return {
+        status: 200,
+        contentType: "application/json",
+        body: JSON.stringify({ ok: true }),
+    };
+}
+// ── Callback HTML ─────────────────────────────────────────────────────────────
+function callbackHtml(title, message, success) {
+    const color = success ? "#b8ff57" : "#ff5555";
+    return `<!DOCTYPE html><html lang="en"><head><meta charset="utf-8">
+<title>${title} — Patchwork OS</title>
+<style>
+  body { background: #040406; color: #e0e0e0; font-family: system-ui, sans-serif;
+    display: flex; align-items: center; justify-content: center; min-height: 100vh; margin: 0; }
+  .card { background: #0d0d14; border: 1px solid #1e1e2e; border-radius: 8px;
+    padding: 40px 48px; max-width: 420px; text-align: center; }
+  h1 { color: ${color}; font-size: 1.4rem; margin-bottom: 12px; }
+  p { color: #888; line-height: 1.6; }
+  a { color: ${color}; text-decoration: none; font-size: 0.9rem; }
+</style>
+</head>
+<body><div class="card">
+  <h1>${title}</h1>
+  <p>${message}</p>
+  <br><a href="javascript:window.close()">Close this tab</a>
+</div>
+<script>
+  // Notify the opener tab that auth completed so it can poll.
+  if (window.opener) { try { window.opener.postMessage('patchwork:gmail:connected', 'http://localhost:3100'); } catch(_) {} }
+</script>
+</body></html>`;
+}
+//# sourceMappingURL=gmail.js.map

package/dist/connectors/gmail.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gmail.js","sourceRoot":"","sources":["../../src/connectors/gmail.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,UAAU,EACV,aAAa,GACd,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,MAAM,MAAM,GAAG,CAAC,gDAAgD,CAAC,CAAC;AAClE,MAAM,YAAY,GAAG,kDAAkD,CAAC;AACxE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;AAiB9E,SAAS,QAAQ;IACf,OAAO,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;AAC3C,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;AAC/C,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,OAAO,CAAC,QAAQ,EAAE,IAAI,YAAY,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,iFAAiF;AAEjF,MAAM,UAAU,UAAU;IACxB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IACzC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAgB,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,UAAU,CAAC,MAAmB;IACrC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,SAAS,YAAY;IACnB,IAAI,UAAU,CAAC,UAAU,CAAC;QAAE,UAAU,CAAC,UAAU,CAAC,CAAC;AACrD,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CAAC,KAAa;IACjC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,QAAQ,EAAE;QACrB,YAAY,EAAE,YAAY;QAC1B,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;QACvB,WAAW,EAAE,SAAS;QACtB,MAAM,EAAE,SAAS;QACjB,KAAK;KACN,CAAC,CAAC;IACH,OAAO,gDAAgD,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;AAC7E,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,IAAY;IACtC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,IAAI;YACJ,SAAS,EAAE,QAAQ,EAAE;YACrB,aAAa,EAAE,YAAY,EAAE;YAC7B,YAAY,EAAE,YAAY;YAC1B,UAAU,EAAE,oBAAoB;SACjC,CAAC,CAAC,QAAQ,EAAE;KACd,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAM7B,CAAC;IACF,OAAO;QACL,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,WAAW,EAAE,IAAI,CAAC,UAAU;YAC1B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;YACrC,CAAC,CAAC,SAAS;QACb,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;KAClB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,MAAmB;IACnD,IAAI,CAAC,MAAM,CAAC,aAAa;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACzE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;QAC7D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,QAAQ,EAAE;YACrB,aAAa,EAAE,YAAY,EAAE;YAC7B,UAAU,EAAE,eAAe;SAC5B,CAAC,CAAC,QAAQ,EAAE;KACd,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IACF,MAAM,OAAO,GAAgB;QAC3B,GAAG,MAAM;QACT,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,WAAW,EAAE,IAAI,CAAC,UAAU;YAC1B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;YACrC,CAAC,CAAC,MAAM,CAAC,WAAW;KACvB,CAAC;IACF,UAAU,CAAC,OAAO,CAAC,CAAC;IACpB,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,0DAA0D;AAC1D,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,IAAI,MAAM,GAAG,UAAU,EAAE,CAAC;IAC1B,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC;IACxB,IAAI,MAAM,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,WAAW,GAAG,QAAQ,EAAE,CAAC;QACrE,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,MAAM,CAAC,YAAY,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,KAAa;IACtC,MAAM,KAAK,CACT,8CAA8C,kBAAkB,CAAC,KAAK,CAAC,EAAE,EACzE,EAAE,MAAM,EAAE,MAAM,EAAE,CACnB,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;AACpB,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,WAAmB;IAC/C,MAAM,GAAG,GAAG,MAAM,KAAK,CACrB,wDAAwD,EACxD,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE,EAAE,CACxD,CAAC;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA8B,CAAC;IAC7D,OAAO,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,gFAAgF;AAEhF,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;AAExC,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrD,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACzB,UAAU,CAAC,GAAG,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,aAAa;IAC5E,OAAO,KAAK,CAAC;AACf,CAAC;AAWD,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnE,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnE,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IACnE,MAAM,EAAE,SAAS,EAAE,iBAAiB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC7E,MAAM,EAAE,WAAW,EAAE,gBAAgB,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;IAClG,MAAM,EAAE,GAAG,eAAe,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,MAAM,GAAG,eAAe,EAAE,CAAC;IACjC,MAAM,QAAQ,GAAG,iBAAiB,EAAE,CAAC;IACrC,MAAM,cAAc,GAAG,gBAAgB,EAAE,CAAC;IAC1C,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IACvC,MAAM,UAAU,GAAsB;QACpC;YACE,EAAE,EAAE,OAAO;YACX,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc;YAC7C,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;SACxD;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,MAAM,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc;YACnD,QAAQ,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;SAC9D;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B;QACD;YACE,EAAE,EAAE,QAAQ;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B;QACD;YACE,EAAE,EAAE,iBAAiB;YACrB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,QAAQ,EAAE,QAAQ,CAAC,QAAQ;SAC5B;QACD;YACE,EAAE,EAAE,OAAO;YACX,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,cAAc;YACrD,QAAQ,EAAE,cAAc,IAAI,YAAY,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,SAAS;SAChF;KACF,CAAC;IACF,OAAO;QACL,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,kBAAkB;QAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,CAAC;KACrC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;QACpB,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,KAAK,EACH,8EAA8E;aACjF,CAAC;SACH,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IAChC,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,IAAmB,EACnB,KAAoB,EACpB,KAAoB;IAEpB,IAAI,KAAK,EAAE,CAAC;QACV,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,YAAY,CAChB,sBAAsB,EACtB,oBAAoB,KAAK,EAAE,EAC3B,KAAK,CACN;SACF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,YAAY,CAAC,iBAAiB,EAAE,2BAA2B,EAAE,KAAK,CAAC;SAC1E,CAAC;IACJ,CAAC;IACD,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,CAAC;QACxC,UAAU,CAAC,MAAM,CAAC,CAAC;QACnB,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QACxD,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,YAAY,CAChB,iBAAiB,EACjB,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,2BAA2B,EAClE,IAAI,CACL;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,WAAW;YACxB,IAAI,EAAE,YAAY,CAChB,mBAAmB,EACnB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAChD,KAAK,CACN;SACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,mBAAmB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;SAC1C,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE,GAAG;YACX,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;aACxD,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,MAAM,EAAE,YAAY,EAAE,CAAC;QACzB,MAAM,WAAW,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzC,CAAC;IACD,YAAY,EAAE,CAAC;IACf,OAAO;QACL,MAAM,EAAE,GAAG;QACX,WAAW,EAAE,kBAAkB;QAC/B,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;KACnC,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CACnB,KAAa,EACb,OAAe,EACf,OAAgB;IAEhB,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9C,OAAO;SACA,KAAK;;;;;;gBAME,KAAK;;eAEN,KAAK;;;;QAIZ,KAAK;OACN,OAAO;;;;;;;eAOC,CAAC;AAChB,CAAC"}

package/dist/connectors/googleCalendar.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Google Calendar OAuth 2.0 connector.
+ *
+ * Handles:
+ *   GET  /connections/google-calendar/auth      — redirect to Google consent screen
+ *   GET  /connections/google-calendar/callback  — exchange code for tokens, store locally
+ *   POST /connections/google-calendar/test      — verify stored token works
+ *   DELETE /connections/google-calendar         — revoke + delete stored token
+ *
+ * Tokens stored at ~/.patchwork/tokens/google-calendar.json (mode 0600).
+ * Client credentials read from env: GOOGLE_CALENDAR_CLIENT_ID, GOOGLE_CALENDAR_CLIENT_SECRET
+ */
+export interface CalendarTokens {
+    access_token: string;
+    refresh_token?: string;
+    expiry_date?: number;
+    token_type?: string;
+    scope?: string;
+    calendar_id: string;
+    connected_at: string;
+}
+export interface ConnectorStatus {
+    id: string;
+    status: "connected" | "disconnected";
+    lastSync?: string;
+    calendarId?: string;
+}
+export interface CalendarEvent {
+    id: string;
+    summary: string;
+    description?: string;
+    start: string;
+    end: string;
+    allDay: boolean;
+    location?: string;
+    htmlLink: string;
+    attendees?: string[];
+}
+export interface ConnectorHandlerResult {
+    status: number;
+    body: string;
+    contentType?: string;
+    redirect?: string;
+}
+export declare function loadTokens(): CalendarTokens | null;
+export declare function getStatus(): ConnectorStatus;
+/** Returns a valid access token, refreshing if needed. */
+export declare function getValidAccessToken(): Promise<string>;
+export declare function listEvents(opts?: {
+    daysAhead?: number;
+    maxResults?: number;
+    calendarId?: string;
+}, signal?: AbortSignal): Promise<CalendarEvent[]>;
+export declare function handleCalendarAuthRedirect(): ConnectorHandlerResult;
+export declare function handleCalendarCallback(code: string | null, state: string | null, error: string | null): Promise<ConnectorHandlerResult>;
+export declare function handleCalendarTest(): Promise<ConnectorHandlerResult>;
+export declare function handleCalendarDisconnect(): Promise<ConnectorHandlerResult>;

package/dist/connectors/googleCalendar.js

@@ -0,0 +1,308 @@
+/**
+ * Google Calendar OAuth 2.0 connector.
+ *
+ * Handles:
+ *   GET  /connections/google-calendar/auth      — redirect to Google consent screen
+ *   GET  /connections/google-calendar/callback  — exchange code for tokens, store locally
+ *   POST /connections/google-calendar/test      — verify stored token works
+ *   DELETE /connections/google-calendar         — revoke + delete stored token
+ *
+ * Tokens stored at ~/.patchwork/tokens/google-calendar.json (mode 0600).
+ * Client credentials read from env: GOOGLE_CALENDAR_CLIENT_ID, GOOGLE_CALENDAR_CLIENT_SECRET
+ */
+import crypto from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync, } from "node:fs";
+import { homedir } from "node:os";
+import path from "node:path";
+const SCOPES = ["https://www.googleapis.com/auth/calendar.readonly"];
+const REDIRECT_URI = process.env.PATCHWORK_DASHBOARD_URL
+    ? `${process.env.PATCHWORK_DASHBOARD_URL}/connections/google-calendar/callback`
+    : "http://localhost:3200/connections/google-calendar/callback";
+const CALENDAR_API = "https://www.googleapis.com/calendar/v3";
+const TOKEN_PATH = path.join(homedir(), ".patchwork", "tokens", "google-calendar.json");
+function clientId() {
+    return process.env.GOOGLE_CALENDAR_CLIENT_ID ?? "";
+}
+function clientSecret() {
+    return process.env.GOOGLE_CALENDAR_CLIENT_SECRET ?? "";
+}
+function isConfigured() {
+    return Boolean(clientId() && clientSecret());
+}
+// ── Token storage ─────────────────────────────────────────────────────────────
+export function loadTokens() {
+    if (!existsSync(TOKEN_PATH))
+        return null;
+    try {
+        return JSON.parse(readFileSync(TOKEN_PATH, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+function saveTokens(tokens) {
+    mkdirSync(path.dirname(TOKEN_PATH), { recursive: true, mode: 0o700 });
+    writeFileSync(TOKEN_PATH, JSON.stringify(tokens, null, 2), { mode: 0o600 });
+}
+function deleteTokens() {
+    if (existsSync(TOKEN_PATH))
+        unlinkSync(TOKEN_PATH);
+}
+export function getStatus() {
+    const tokens = loadTokens();
+    return {
+        id: "google-calendar",
+        status: tokens ? "connected" : "disconnected",
+        lastSync: tokens?.connected_at,
+        calendarId: tokens?.calendar_id,
+    };
+}
+// ── OAuth helpers ─────────────────────────────────────────────────────────────
+function buildAuthUrl(state) {
+    const params = new URLSearchParams({
+        client_id: clientId(),
+        redirect_uri: REDIRECT_URI,
+        response_type: "code",
+        scope: SCOPES.join(" "),
+        access_type: "offline",
+        prompt: "consent",
+        state,
+    });
+    return `https://accounts.google.com/o/oauth2/v2/auth?${params.toString()}`;
+}
+async function exchangeCode(code) {
+    const res = await fetch("https://oauth2.googleapis.com/token", {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            code,
+            client_id: clientId(),
+            client_secret: clientSecret(),
+            redirect_uri: REDIRECT_URI,
+            grant_type: "authorization_code",
+        }).toString(),
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Token exchange failed: ${res.status} ${body}`);
+    }
+    const json = (await res.json());
+    return {
+        access_token: json.access_token,
+        refresh_token: json.refresh_token,
+        expiry_date: json.expires_in
+            ? Date.now() + json.expires_in * 1000
+            : undefined,
+        token_type: json.token_type,
+        scope: json.scope,
+    };
+}
+async function refreshAccessToken(tokens) {
+    if (!tokens.refresh_token)
+        throw new Error("No refresh token available");
+    const res = await fetch("https://oauth2.googleapis.com/token", {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            refresh_token: tokens.refresh_token,
+            client_id: clientId(),
+            client_secret: clientSecret(),
+            grant_type: "refresh_token",
+        }).toString(),
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Token refresh failed: ${res.status} ${body}`);
+    }
+    const json = (await res.json());
+    const updated = {
+        ...tokens,
+        access_token: json.access_token,
+        expiry_date: json.expires_in
+            ? Date.now() + json.expires_in * 1000
+            : tokens.expiry_date,
+    };
+    saveTokens(updated);
+    return updated;
+}
+/** Returns a valid access token, refreshing if needed. */
+export async function getValidAccessToken() {
+    let tokens = loadTokens();
+    if (!tokens)
+        throw new Error("Google Calendar not connected");
+    const bufferMs = 60_000;
+    if (tokens.expiry_date && Date.now() > tokens.expiry_date - bufferMs) {
+        tokens = await refreshAccessToken(tokens);
+    }
+    return tokens.access_token;
+}
+async function revokeToken(token) {
+    await fetch(`https://oauth2.googleapis.com/revoke?token=${encodeURIComponent(token)}`, { method: "POST" }).catch(() => { });
+}
+// ── State map (in-memory CSRF protection) ────────────────────────────────────
+const pendingStates = new Set();
+function generateState() {
+    const state = crypto.randomBytes(32).toString("hex");
+    pendingStates.add(state);
+    setTimeout(() => pendingStates.delete(state), 10 * 60 * 1000);
+    return state;
+}
+// ── API helpers ───────────────────────────────────────────────────────────────
+async function calendarGet(endpoint, accessToken, params = {}, signal) {
+    const qs = new URLSearchParams(params);
+    const res = await fetch(`${CALENDAR_API}${endpoint}?${qs}`, {
+        headers: { Authorization: `Bearer ${accessToken}` },
+        signal,
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Google Calendar API error ${res.status}: ${body.slice(0, 200)}`);
+    }
+    return res.json();
+}
+async function fetchCalendarSummary(accessToken, calendarId) {
+    const data = (await calendarGet(`/calendars/${encodeURIComponent(calendarId)}`, accessToken));
+    return data.summary ?? calendarId;
+}
+// ── Event fetching ────────────────────────────────────────────────────────────
+export async function listEvents(opts = {}, signal) {
+    const accessToken = await getValidAccessToken();
+    const tokens = loadTokens();
+    const calendarId = opts.calendarId ?? tokens.calendar_id ?? "primary";
+    const daysAhead = Math.min(opts.daysAhead ?? 7, 30);
+    const maxResults = Math.min(opts.maxResults ?? 20, 50);
+    const now = new Date();
+    const end = new Date(now.getTime() + daysAhead * 24 * 60 * 60 * 1000);
+    const data = (await calendarGet(`/calendars/${encodeURIComponent(calendarId)}/events`, accessToken, {
+        timeMin: now.toISOString(),
+        timeMax: end.toISOString(),
+        maxResults: String(maxResults),
+        singleEvents: "true",
+        orderBy: "startTime",
+    }, signal));
+    return (data.items ?? []).map((item) => {
+        const startRaw = item.start?.dateTime ?? item.start?.date ?? "";
+        const endRaw = item.end?.dateTime ?? item.end?.date ?? "";
+        const allDay = !item.start?.dateTime;
+        return {
+            id: item.id,
+            summary: item.summary ?? "(no title)",
+            description: item.description,
+            start: startRaw,
+            end: endRaw,
+            allDay,
+            location: item.location,
+            htmlLink: item.htmlLink ?? "",
+            attendees: (item.attendees ?? [])
+                .map((a) => a.displayName ?? a.email ?? "")
+                .filter(Boolean),
+        };
+    });
+}
+// ── HTTP handlers ─────────────────────────────────────────────────────────────
+export function handleCalendarAuthRedirect() {
+    if (!isConfigured()) {
+        return {
+            status: 400,
+            contentType: "application/json",
+            body: JSON.stringify({
+                ok: false,
+                error: "GOOGLE_CALENDAR_CLIENT_ID and GOOGLE_CALENDAR_CLIENT_SECRET env vars not set",
+            }),
+        };
+    }
+    const state = generateState();
+    return { status: 302, body: "", redirect: buildAuthUrl(state) };
+}
+export async function handleCalendarCallback(code, state, error) {
+    if (error) {
+        return {
+            status: 400,
+            contentType: "application/json",
+            body: JSON.stringify({ ok: false, error }),
+        };
+    }
+    if (!code || !state || !pendingStates.has(state)) {
+        return {
+            status: 400,
+            contentType: "application/json",
+            body: JSON.stringify({ ok: false, error: "Invalid OAuth state" }),
+        };
+    }
+    pendingStates.delete(state);
+    try {
+        const oauthTokens = await exchangeCode(code);
+        // Default to "primary" calendar; user can update later
+        const calId = "primary";
+        const summary = await fetchCalendarSummary(oauthTokens.access_token, calId);
+        const tokens = {
+            ...oauthTokens,
+            calendar_id: calId,
+            connected_at: new Date().toISOString(),
+        };
+        saveTokens(tokens);
+        return {
+            status: 200,
+            contentType: "application/json",
+            body: JSON.stringify({ ok: true, calendarId: calId, summary }),
+        };
+    }
+    catch (err) {
+        return {
+            status: 400,
+            contentType: "application/json",
+            body: JSON.stringify({
+                ok: false,
+                error: err instanceof Error ? err.message : String(err),
+            }),
+        };
+    }
+}
+export async function handleCalendarTest() {
+    const tokens = loadTokens();
+    if (!tokens) {
+        return {
+            status: 400,
+            contentType: "application/json",
+            body: JSON.stringify({
+                ok: false,
+                error: "Google Calendar not connected",
+            }),
+        };
+    }
+    try {
+        const accessToken = await getValidAccessToken();
+        const summary = await fetchCalendarSummary(accessToken, tokens.calendar_id);
+        return {
+            status: 200,
+            contentType: "application/json",
+            body: JSON.stringify({
+                ok: true,
+                calendarId: tokens.calendar_id,
+                summary,
+            }),
+        };
+    }
+    catch (err) {
+        return {
+            status: 400,
+            contentType: "application/json",
+            body: JSON.stringify({
+                ok: false,
+                error: err instanceof Error ? err.message : String(err),
+            }),
+        };
+    }
+}
+export async function handleCalendarDisconnect() {
+    const tokens = loadTokens();
+    if (tokens?.access_token)
+        await revokeToken(tokens.access_token);
+    deleteTokens();
+    return {
+        status: 200,
+        contentType: "application/json",
+        body: JSON.stringify({ ok: true }),
+    };
+}
+//# sourceMappingURL=googleCalendar.js.map