switchroom 0.8.1 → 0.10.0

package/telegram-plugin/gateway/auth-line.ts

@@ -0,0 +1,123 @@
+/**
+ * Boot-card auth row formatter (RFC H §7.3).
+ *
+ * The old auth-dashboard exported `formatAccountQuotaLine` + an
+ * `AccountSummary` shape that the boot card consumed for its
+ * "Accounts (N)" section. Both source-of-truth and shape moved to
+ * the auth-broker's `list-state` response. This module reformats that
+ * response into the same one-line-per-account block the boot card
+ * used to render — visual output unchanged, data source is now the
+ * broker.
+ *
+ * Inputs: a `list-state` data shape (see
+ * `src/auth/broker/protocol.ts` → `ListStateDataSchema`) plus the
+ * caller agent's name.
+ *
+ * Output: an array of HTML-safe lines. Empty array when there's
+ * nothing to show — preserves the boot-card's silent-when-healthy
+ * default.
+ */
+
+import type { ListStateData, AccountState } from '../../src/auth/broker/client.js'
+
+export type { ListStateData, AccountState }
+
+// Local HTML-escape (mirrors the helper formerly co-located in
+// auth-dashboard.ts so we keep the same escaping discipline without
+// pulling in a heavier util).
+function escapeHtml(s: string): string {
+  return s
+    .replace(/&/g, '&')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+}
+
+/** Format a duration in ms as a short relative string ("1h 22m", "12s"). */
+function formatRelativeMs(ms: number): string {
+  if (ms <= 0) return '0s'
+  const totalSec = Math.floor(ms / 1000)
+  const days = Math.floor(totalSec / 86400)
+  const hours = Math.floor((totalSec % 86400) / 3600)
+  const mins = Math.floor((totalSec % 3600) / 60)
+  const secs = totalSec % 60
+  if (days > 0) return `${days}d ${hours}h`
+  if (hours > 0) return `${hours}h ${mins}m`
+  if (mins > 0) return `${mins}m ${secs}s`
+  return `${secs}s`
+}
+
+/**
+ * Render the per-account quota inline for one account row. Returns
+ * null when there's nothing quota-shaped to say (account is healthy
+ * and we have no reset countdown to surface).
+ */
+export function formatAuthQuotaLine(acc: AccountState, now: number = Date.now()): string | null {
+  if (acc.exhausted) {
+    const until = acc.exhausted_until
+    if (until != null && until > now) {
+      return `<i>exhausted · resets in ${formatRelativeMs(until - now)}</i>`
+    }
+    return `<i>exhausted</i>`
+  }
+  return null
+}
+
+/**
+ * Boot-card auth-row block.
+ *
+ * Strategy:
+ *   1. Determine *which* account is active for `agentName` (per-agent
+ *      override wins over fleet-active).
+ *   2. Emit one row for that account marked with `▶` plus a
+ *      best-effort quota suffix.
+ *   3. Emit one row per other account in `fallback_order` marked with
+ *      `↳` so the operator sees the rollover plan at a glance.
+ *
+ * Returns an empty array when `state` is empty (no accounts) — the
+ * boot card's silent-when-healthy contract.
+ */
+export function renderAuthLine(
+  state: ListStateData,
+  agentName: string,
+  now: number = Date.now(),
+): string[] {
+  if (!state || state.accounts.length === 0) return []
+
+  const agentEntry = state.agents.find((a) => a.name === agentName)
+  const activeLabel = agentEntry?.override ?? agentEntry?.account ?? state.active
+
+  // Stable display order: active first, then `fallback_order` minus
+  // the active label, then any remaining accounts (defensive — should
+  // be empty in steady state) in account-list order.
+  const seen = new Set<string>()
+  const order: string[] = []
+  if (activeLabel) {
+    order.push(activeLabel)
+    seen.add(activeLabel)
+  }
+  for (const label of state.fallback_order) {
+    if (!seen.has(label)) {
+      order.push(label)
+      seen.add(label)
+    }
+  }
+  for (const acc of state.accounts) {
+    if (!seen.has(acc.label)) {
+      order.push(acc.label)
+      seen.add(acc.label)
+    }
+  }
+
+  const byLabel = new Map(state.accounts.map((a) => [a.label, a]))
+  const rows: string[] = []
+  rows.push(`<b>Accounts (${state.accounts.length})</b>`)
+  for (const label of order) {
+    const acc = byLabel.get(label)
+    if (!acc) continue
+    const marker = label === activeLabel ? '▶' : '↳'
+    const labelHtml = `<code>${escapeHtml(acc.label)}</code>`
+    const quotaLine = formatAuthQuotaLine(acc, now)
+    rows.push(quotaLine ? `${marker} ${labelHtml}  ${quotaLine}` : `${marker} ${labelHtml}`)
+  }
+  return rows
+}

package/telegram-plugin/gateway/boot-card.ts

@@ -33,8 +33,8 @@
  */
 
 import type { ProbeResult, GatewayRuntimeInfo } from './boot-probes.js'
-import type { AccountSummary } from '../auth-dashboard.js'
-import { formatAccountQuotaLine } from '../auth-dashboard.js'
+import type { ListStateData } from './auth-line.js'
+import { renderAuthLine } from './auth-line.js'
 import {
   probeAccount,
   probeAgentProcess,
@@ -274,9 +274,12 @@ export interface RenderBootCardOpts {
    * silent-when-healthy contract for callers that don't pass account
    * data (tests, harnesses, gateways without the auth model).
    *
-   * Closes #708.
+   * Post-RFC H (auth-broker rewire): this carries the broker's
+   * `list-state` shape — `renderAuthLine` consumes it to emit the
+   * same one-line-per-account rows as before. Callers that pass
+   * `null`/`undefined` get no section. Closes #708.
    */
-  accounts?: ReadonlyArray<AccountSummary>
+  accounts?: ListStateData | null
   /** Probe keys for which the prior boot saw degraded/fail and this boot
    *  sees ok. Rendered as a small ✅ line above the degraded section so
    *  the user gets positive-feedback that a known issue is gone. */
@@ -380,11 +383,13 @@ export function renderBootCard(opts: RenderBootCardOpts): string {
     }
   }
 
-  // Per-account quota section (issue #708) — one line per enabled
-  // account showing 5h % / 7d % / nearest reset, with the active
-  // account marked. Renders alongside the ack line so users see
-  // headroom without running /auth or /usage.
-  const accountRows = renderAccountRows(opts.accounts, opts.now ?? new Date())
+  // Per-account auth section (issue #708, RFC H rewire) — one line
+  // per known account with the active account marked. Renders
+  // alongside the ack line so users see headroom without running
+  // /auth or /usage. Source of truth: auth-broker list-state.
+  const accountRows = opts.accounts
+    ? renderAuthLine(opts.accounts, agentName, (opts.now ?? new Date()).getTime())
+    : []
 
   const sections: string[] = [ack]
   if (degradedRows.length > 0) sections.push('', ...degradedRows)
@@ -394,31 +399,12 @@ export function renderBootCard(opts: RenderBootCardOpts): string {
 }
 
 /**
- * Render the per-account quota rows. Returns an empty array when no
- * accounts are passed — keeping the boot card's silent-when-healthy
- * default for callers that don't supply account data.
- *
- * Reuses the dashboard's `formatAccountQuotaLine` so the two surfaces
- * speak with one voice.
+ * Re-export the broker-fed auth-row renderer under its historical
+ * name so direct callers (tests, harnesses) keep working without
+ * importing two modules. New code should import `renderAuthLine`
+ * from `./auth-line.js` directly.
  */
-export function renderAccountRows(
-  accounts: ReadonlyArray<AccountSummary> | undefined,
-  now: Date,
-): string[] {
-  if (!accounts || accounts.length === 0) return []
-  const rows: string[] = []
-  rows.push(`<b>Accounts (${accounts.length})</b>`)
-  const nowMs = now.getTime()
-  for (const a of accounts) {
-    const marker = a.activeForThisAgent ? '▶' : '↳'
-    const labelHtml = `<code>${escapeHtml(a.label)}</code>`
-    // formatAccountQuotaLine returns HTML (with <i> tags) so we don't
-    // re-escape — pass it through verbatim.
-    const quotaLine = formatAccountQuotaLine(a, nowMs)
-    rows.push(quotaLine ? `${marker} ${labelHtml}  ${quotaLine}` : `${marker} ${labelHtml}`)
-  }
-  return rows
-}
+export { renderAuthLine as renderAccountRows } from './auth-line.js'
 
 // ─── Probe orchestration ─────────────────────────────────────────────────────
 
@@ -480,9 +466,9 @@ export interface RunProbesOpts {
    * during the post-settle re-render so the first paint stays fast.
    */
   loadAccounts?: () =>
-    | ReadonlyArray<AccountSummary>
+    | ListStateData
     | null
-    | Promise<ReadonlyArray<AccountSummary> | null>
+    | Promise<ListStateData | null>
   /** When true, resolve the agent PID via cgroup walk instead of MainPID
    *  (which is the tmux server pid under tmux supervisor). */
   tmuxSupervisor?: boolean
@@ -604,7 +590,7 @@ export async function startBootCard(
         // Per-account rows (issue #708). Loaded best-effort
         // alongside probes; failures are swallowed so the card still
         // renders correctly with no accounts section.
-        let accountRows: ReadonlyArray<AccountSummary> | null = null
+        let accountRows: ListStateData | null = null
         if (opts.loadAccounts) {
           try {
             accountRows = await opts.loadAccounts()

package/telegram-plugin/gateway/boot-probes.ts

@@ -861,7 +861,7 @@ export async function probeQuota(
         status: 'degraded',
         label: 'Quota',
         detail: 'no OAuth token',
-        nextStep: 'No OAuth token on disk — run `switchroom auth login <agent>` to authenticate',
+        nextStep: 'No OAuth token on disk — register a fleet account: `switchroom auth add <label> --from-oauth` then `switchroom auth use <label>` (RFC H)',
       }
     }
 
@@ -880,8 +880,8 @@ export async function probeQuota(
         label: 'Quota',
         detail: probe.reason,
         nextStep: isAuth
-          ? 'Auth rejected by Anthropic — re-authenticate with `switchroom auth login <agent>`'
-          : 'Anthropic quota probe failed — re-check after a minute; if persistent, `switchroom auth login <agent>`',
+          ? 'Auth rejected by Anthropic — broker auto-refreshes; if persistent, replace the account: `switchroom auth add <label> --from-oauth --replace`'
+          : 'Anthropic quota probe failed — re-check after a minute; broker auto-rotates per `auth.fallback_order`',
       }
     }