switchroom 0.14.60 → 0.14.62
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/switchroom.js +73 -62
- package/package.json +1 -1
- package/telegram-plugin/dist/gateway/gateway.js +2586 -2061
- package/telegram-plugin/gateway/auth-broker-client.ts +18 -8
- package/telegram-plugin/gateway/gateway.ts +401 -14
- package/telegram-plugin/gateway/microsoft-connect-flow.ts +226 -0
- package/telegram-plugin/gateway/obligation-ledger.ts +65 -2
- package/telegram-plugin/gateway/obligation-store.ts +107 -0
- package/telegram-plugin/gateway/with-deadline.ts +43 -0
- package/telegram-plugin/tests/microsoft-connect-flow.test.ts +185 -0
- package/telegram-plugin/tests/obligation-determinism.test.ts +241 -0
- package/telegram-plugin/tests/obligation-ledger.test.ts +69 -0
- package/telegram-plugin/tests/obligation-store.test.ts +117 -0
- package/telegram-plugin/tests/with-deadline.test.ts +61 -0
package/dist/cli/switchroom.js
CHANGED
|
@@ -49452,8 +49452,8 @@ var {
|
|
|
49452
49452
|
} = import__.default;
|
|
49453
49453
|
|
|
49454
49454
|
// src/build-info.ts
|
|
49455
|
-
var VERSION = "0.14.
|
|
49456
|
-
var COMMIT_SHA = "
|
|
49455
|
+
var VERSION = "0.14.62";
|
|
49456
|
+
var COMMIT_SHA = "3967bb6f";
|
|
49457
49457
|
|
|
49458
49458
|
// src/cli/agent.ts
|
|
49459
49459
|
init_source();
|
|
@@ -57732,6 +57732,69 @@ function resolveMicrosoftClientId(configClientId) {
|
|
|
57732
57732
|
return { clientId: DEFAULT_MICROSOFT_CLIENT_ID, source: "default" };
|
|
57733
57733
|
}
|
|
57734
57734
|
|
|
57735
|
+
// src/microsoft/scopes.ts
|
|
57736
|
+
var SCOPE_SET_DEFAULT = [
|
|
57737
|
+
"openid",
|
|
57738
|
+
"profile",
|
|
57739
|
+
"email",
|
|
57740
|
+
"offline_access",
|
|
57741
|
+
"User.Read",
|
|
57742
|
+
"Mail.ReadWrite",
|
|
57743
|
+
"Calendars.ReadWrite",
|
|
57744
|
+
"Files.ReadWrite.All"
|
|
57745
|
+
];
|
|
57746
|
+
var SCOPE_SET_ORG_MODE = [...SCOPE_SET_DEFAULT, "Sites.ReadWrite.All"];
|
|
57747
|
+
function selectMicrosoftScopes(orgMode) {
|
|
57748
|
+
return orgMode ? SCOPE_SET_ORG_MODE : SCOPE_SET_DEFAULT;
|
|
57749
|
+
}
|
|
57750
|
+
|
|
57751
|
+
// src/microsoft/credentials.ts
|
|
57752
|
+
init_oauth2();
|
|
57753
|
+
function buildMicrosoftCredentials(opts) {
|
|
57754
|
+
const { tokens, clientId, accountEmail, fallbackScope } = opts;
|
|
57755
|
+
const now = opts.now ?? Date.now;
|
|
57756
|
+
let tenantId = "";
|
|
57757
|
+
let accountType = "work";
|
|
57758
|
+
let homeAccountId = "";
|
|
57759
|
+
let resolvedEmail = accountEmail;
|
|
57760
|
+
if (tokens.id_token) {
|
|
57761
|
+
const claims = decodeJwtPayloadUnsafe(tokens.id_token);
|
|
57762
|
+
if (claims) {
|
|
57763
|
+
if (typeof claims.tid === "string")
|
|
57764
|
+
tenantId = claims.tid;
|
|
57765
|
+
if (tenantId)
|
|
57766
|
+
accountType = classifyAccountType(tenantId);
|
|
57767
|
+
const home2 = buildHomeAccountId(claims);
|
|
57768
|
+
if (home2)
|
|
57769
|
+
homeAccountId = home2;
|
|
57770
|
+
if (typeof claims.preferred_username === "string") {
|
|
57771
|
+
resolvedEmail = claims.preferred_username.toLowerCase();
|
|
57772
|
+
} else if (typeof claims.email === "string") {
|
|
57773
|
+
resolvedEmail = claims.email.toLowerCase();
|
|
57774
|
+
}
|
|
57775
|
+
}
|
|
57776
|
+
}
|
|
57777
|
+
const emailMismatch = accountEmail.length > 0 && resolvedEmail.toLowerCase() !== accountEmail.toLowerCase();
|
|
57778
|
+
return {
|
|
57779
|
+
credentials: {
|
|
57780
|
+
microsoftOauth: {
|
|
57781
|
+
accessToken: tokens.access_token,
|
|
57782
|
+
refreshToken: tokens.refresh_token ?? "",
|
|
57783
|
+
expiresAt: now() + tokens.expires_in * 1000,
|
|
57784
|
+
scope: tokens.scope ?? fallbackScope,
|
|
57785
|
+
clientId,
|
|
57786
|
+
accountEmail: resolvedEmail,
|
|
57787
|
+
tokenType: "Bearer",
|
|
57788
|
+
tenantId,
|
|
57789
|
+
accountType,
|
|
57790
|
+
homeAccountId
|
|
57791
|
+
}
|
|
57792
|
+
},
|
|
57793
|
+
resolvedEmail,
|
|
57794
|
+
emailMismatch
|
|
57795
|
+
};
|
|
57796
|
+
}
|
|
57797
|
+
|
|
57735
57798
|
// src/cli/auth-microsoft.ts
|
|
57736
57799
|
function registerAuthMicrosoftSubcommands(program3, authParent) {
|
|
57737
57800
|
const microsoft = authParent.command("microsoft").description("Manage Microsoft 365 accounts shared across agents (RFC #1873 \u2014 see docs/rfcs/microsoft-workspace.md)");
|
|
@@ -57838,23 +57901,6 @@ function registerList2(microsoftParent, program3) {
|
|
|
57838
57901
|
console.log();
|
|
57839
57902
|
}));
|
|
57840
57903
|
}
|
|
57841
|
-
var SCOPE_SET_DEFAULT = [
|
|
57842
|
-
"openid",
|
|
57843
|
-
"profile",
|
|
57844
|
-
"email",
|
|
57845
|
-
"offline_access",
|
|
57846
|
-
"User.Read",
|
|
57847
|
-
"Mail.ReadWrite",
|
|
57848
|
-
"Calendars.ReadWrite",
|
|
57849
|
-
"Files.ReadWrite.All"
|
|
57850
|
-
];
|
|
57851
|
-
var SCOPE_SET_ORG_MODE = [
|
|
57852
|
-
...SCOPE_SET_DEFAULT,
|
|
57853
|
-
"Sites.ReadWrite.All"
|
|
57854
|
-
];
|
|
57855
|
-
function selectMicrosoftScopes(orgMode) {
|
|
57856
|
-
return orgMode ? SCOPE_SET_ORG_MODE : SCOPE_SET_DEFAULT;
|
|
57857
|
-
}
|
|
57858
57904
|
function registerAccountAdd2(accountParent) {
|
|
57859
57905
|
accountParent.command("add <account>").description("Mint a Microsoft OAuth refresh token for <account> and register with the auth-broker. Uses desktop-loopback by default (or device-code on headless hosts); both work for personal MSA and work/school. --org-mode also requests Sites.ReadWrite.All (SharePoint).").option("--replace", "Overwrite existing credentials for <account> (default refuses if account already registered)", false).option("--org-mode", "Request the SharePoint scope (Sites.ReadWrite.All) in addition to the default set. Useful for work accounts with SharePoint document libraries. Default is OneDrive-only.", false).action(withConfigError(async (account, opts) => {
|
|
57860
57906
|
const normalizedAccount = validateAndNormalizeAccountEmail2(account);
|
|
@@ -57980,7 +58026,7 @@ function registerAccountAdd2(accountParent) {
|
|
|
57980
58026
|
if (!tokens.refresh_token) {
|
|
57981
58027
|
throw new Error("Microsoft did not return a refresh_token \u2014 ensure `offline_access` is in the consented scope set and try again.");
|
|
57982
58028
|
}
|
|
57983
|
-
const microsoftCreds =
|
|
58029
|
+
const microsoftCreds = buildMicrosoftCredentials2({
|
|
57984
58030
|
tokens,
|
|
57985
58031
|
clientId: clientIdRaw,
|
|
57986
58032
|
accountEmail: normalizedAccount,
|
|
@@ -58095,51 +58141,16 @@ function validateAgentSlugs(agents, config) {
|
|
|
58095
58141
|
function pad2(s, width) {
|
|
58096
58142
|
return s.length >= width ? s : s + " ".repeat(width - s.length);
|
|
58097
58143
|
}
|
|
58098
|
-
function
|
|
58099
|
-
const
|
|
58100
|
-
|
|
58101
|
-
let tenantId = "";
|
|
58102
|
-
let accountType = "work";
|
|
58103
|
-
let homeAccountId = "";
|
|
58104
|
-
let resolvedEmail = accountEmail;
|
|
58105
|
-
if (tokens.id_token) {
|
|
58106
|
-
const claims = decodeJwtPayloadUnsafe2(tokens.id_token);
|
|
58107
|
-
if (claims) {
|
|
58108
|
-
if (typeof claims.tid === "string")
|
|
58109
|
-
tenantId = claims.tid;
|
|
58110
|
-
if (tenantId)
|
|
58111
|
-
accountType = classifyAccountType2(tenantId);
|
|
58112
|
-
const home2 = buildHomeAccountId2(claims);
|
|
58113
|
-
if (home2)
|
|
58114
|
-
homeAccountId = home2;
|
|
58115
|
-
if (typeof claims.preferred_username === "string") {
|
|
58116
|
-
resolvedEmail = claims.preferred_username.toLowerCase();
|
|
58117
|
-
} else if (typeof claims.email === "string") {
|
|
58118
|
-
resolvedEmail = claims.email.toLowerCase();
|
|
58119
|
-
}
|
|
58120
|
-
}
|
|
58121
|
-
}
|
|
58122
|
-
if (resolvedEmail.toLowerCase() !== accountEmail.toLowerCase()) {
|
|
58144
|
+
function buildMicrosoftCredentials2(opts) {
|
|
58145
|
+
const built = buildMicrosoftCredentials(opts);
|
|
58146
|
+
if (built.emailMismatch) {
|
|
58123
58147
|
console.warn();
|
|
58124
|
-
console.warn(` \u26a0 Account argument was '${accountEmail}' but Microsoft authenticated as '${resolvedEmail}'.`);
|
|
58125
|
-
console.warn(` The broker will index by '${accountEmail}' (what you typed). If this isn't what`);
|
|
58126
|
-
console.warn(` you intended (e.g. a typo), 'switchroom auth microsoft account remove ${accountEmail}' to undo.`);
|
|
58148
|
+
console.warn(` \u26a0 Account argument was '${opts.accountEmail}' but Microsoft authenticated as '${built.resolvedEmail}'.`);
|
|
58149
|
+
console.warn(` The broker will index by '${opts.accountEmail}' (what you typed). If this isn't what`);
|
|
58150
|
+
console.warn(` you intended (e.g. a typo), 'switchroom auth microsoft account remove ${opts.accountEmail}' to undo.`);
|
|
58127
58151
|
console.warn();
|
|
58128
58152
|
}
|
|
58129
|
-
return
|
|
58130
|
-
microsoftOauth: {
|
|
58131
|
-
accessToken: tokens.access_token,
|
|
58132
|
-
refreshToken: tokens.refresh_token ?? "",
|
|
58133
|
-
expiresAt: Date.now() + tokens.expires_in * 1000,
|
|
58134
|
-
scope: tokens.scope ?? fallbackScope,
|
|
58135
|
-
clientId,
|
|
58136
|
-
accountEmail: resolvedEmail,
|
|
58137
|
-
tokenType: "Bearer",
|
|
58138
|
-
tenantId,
|
|
58139
|
-
accountType,
|
|
58140
|
-
homeAccountId
|
|
58141
|
-
}
|
|
58142
|
-
};
|
|
58153
|
+
return built.credentials;
|
|
58143
58154
|
}
|
|
58144
58155
|
async function readHiddenLine2(prompt) {
|
|
58145
58156
|
const readline = await import("node:readline");
|
package/package.json
CHANGED