typeclaw 0.1.5 → 0.1.6

package/src/cli/channel.ts

@@ -14,6 +14,7 @@ import {
   type KakaotalkAuthResult,
 } from '@/init'
 import { runKakaotalkBootstrap } from '@/init/kakaotalk-auth'
+import { SecretsKakaoCredentialStore } from '@/secrets/kakao-store'
 
 import { c, done, errorLine } from './ui'
 
@@ -68,6 +69,44 @@ const addSub = defineCommand({
   },
 })
 
+// Only adapters with an interactive credential flow appear here. Bot tokens
+// (Discord/Slack/Telegram) are rotated by editing secrets.json or .env
+// directly — they don't need a guided CLI flow because there's no
+// passcode-on-phone equivalent. KakaoTalk is the only adapter that does, so
+// it's the only adapter that needs `reauth`.
+const REAUTHABLE_ADAPTERS = ['kakaotalk'] as const
+type ReauthableAdapter = (typeof REAUTHABLE_ADAPTERS)[number]
+
+const reauthSub = defineCommand({
+  meta: {
+    name: 'reauth',
+    description:
+      're-authenticate a channel adapter (currently only `kakaotalk`). Use after a stale-token 401 or to rotate the saved password.',
+  },
+  args: {
+    adapter: {
+      type: 'positional',
+      description: `which adapter to re-authenticate (${REAUTHABLE_ADAPTERS.join(' | ')})`,
+      required: false,
+    },
+  },
+  async run({ args }) {
+    const cwd = findAgentDir(process.cwd()) ?? process.cwd()
+
+    if (!isInitialized(cwd)) {
+      console.error(errorLine('TypeClaw config file not found. Run `typeclaw init` first, or cd into an agent folder.'))
+      process.exit(1)
+    }
+
+    const configured = await readConfiguredChannels(cwd)
+    const adapter = await resolveReauthableAdapter(args.adapter, configured)
+
+    intro(`Re-authenticating channel: ${CHANNEL_LABELS[adapter]}`)
+
+    await runReauth(cwd, adapter)
+  },
+})
+
 export const channelCommand = defineCommand({
   meta: {
     name: 'channel',
@@ -75,9 +114,162 @@ export const channelCommand = defineCommand({
   },
   subCommands: {
     add: addSub,
+    reauth: reauthSub,
   },
 })
 
+async function resolveReauthableAdapter(
+  requested: string | undefined,
+  configured: Set<ChannelKind>,
+): Promise<ReauthableAdapter> {
+  if (requested !== undefined) {
+    if (!isReauthableAdapter(requested)) {
+      console.error(
+        errorLine(`Adapter "${requested}" does not support reauth. Supported: ${REAUTHABLE_ADAPTERS.join(', ')}.`),
+      )
+      process.exit(1)
+    }
+    if (!configured.has(requested)) {
+      console.error(
+        errorLine(
+          `${CHANNEL_LABELS[requested]} ("${requested}") is not configured in typeclaw.json. Run \`typeclaw channel add ${requested}\` first.`,
+        ),
+      )
+      process.exit(1)
+    }
+    return requested
+  }
+
+  const available = REAUTHABLE_ADAPTERS.filter((kind) => configured.has(kind))
+  if (available.length === 0) {
+    console.error(
+      errorLine(
+        `No reauth-capable channels are configured. Run \`typeclaw channel add ${REAUTHABLE_ADAPTERS[0]}\` first.`,
+      ),
+    )
+    process.exit(1)
+  }
+  if (available.length === 1) return available[0]!
+
+  const selected = await select<ReauthableAdapter>({
+    message: 'Pick a channel to re-authenticate',
+    options: available.map((kind) => ({ value: kind, label: CHANNEL_LABELS[kind] })),
+    initialValue: available[0],
+  })
+  if (isCancel(selected)) {
+    cancel('Aborted.')
+    process.exit(0)
+  }
+  return selected
+}
+
+function isReauthableAdapter(value: string): value is ReauthableAdapter {
+  return (REAUTHABLE_ADAPTERS as ReadonlyArray<string>).includes(value)
+}
+
+async function runReauth(cwd: string, adapter: ReauthableAdapter): Promise<void> {
+  switch (adapter) {
+    case 'kakaotalk':
+      await runKakaotalkReauth(cwd)
+      return
+  }
+}
+
+async function runKakaotalkReauth(cwd: string): Promise<void> {
+  const existingEmail = await readExistingKakaotalkEmail(cwd)
+  const creds = await promptKakaotalkCredentials({ defaultEmail: existingEmail })
+
+  const s = spinner()
+  s.start('Logging in to KakaoTalk...')
+  const result = await runKakaotalkBootstrap({
+    email: creds.email,
+    password: creds.password,
+    agentDir: cwd,
+    callbacks: {
+      onPasscode: (code) => log.info(`Confirm this passcode on your phone: ${code}`),
+    },
+  })
+  if (!result.ok) {
+    s.stop(`KakaoTalk login failed: ${result.reason}`)
+    process.exit(1)
+  }
+  s.stop('KakaoTalk credentials refreshed in secrets.json.')
+
+  await maybePromptReauthRefresh(cwd, 'kakaotalk')
+}
+
+async function readExistingKakaotalkEmail(cwd: string): Promise<string | undefined> {
+  try {
+    const store = new SecretsKakaoCredentialStore({ mode: 'host', secretsPath: `${cwd}/secrets.json` })
+    const account = await store.getAccountWithRenewalFields()
+    return account?.email ?? undefined
+  } catch {
+    // First-time reauth or a brand-new agent dir: no account yet, prompt from scratch.
+    return undefined
+  }
+}
+
+// The renewed tokens are already on disk via secrets.json. What still needs
+// to happen depends on the running adapter's state:
+//   - Container NOT running → nothing to do; next `typeclaw start` picks them up.
+//   - Container running, adapter previously 401'd → `typeclaw reload` re-runs
+//     startAdapter, which loads the fresh tokens.
+//   - Container running, adapter currently live (e.g. proactive rotation) →
+//     reload will report `restart-required` because tokens are captured at
+//     start time; `typeclaw restart` is needed to actually pick them up.
+// We can't reliably distinguish the last two cases from outside the container
+// without calling reload first, so the next-step hints surface both paths.
+async function maybePromptReauthRefresh(cwd: string, adapter: ReauthableAdapter): Promise<void> {
+  const label = CHANNEL_LABELS[adapter]
+  const current = await status({ cwd }).catch(() => null)
+  if (current === null || current.kind !== 'running') {
+    done({
+      title: c.green(`${label} re-authenticated.`),
+      hints: [
+        { label: 'Start the agent:', command: 'typeclaw start' },
+        { label: 'Then check status:', command: 'typeclaw status' },
+      ],
+    })
+    return
+  }
+
+  const restartNow = await confirm({
+    message:
+      'The agent container is running. Restart it now so the adapter picks up the fresh credentials (recommended)?',
+    initialValue: true,
+  })
+  if (isCancel(restartNow) || !restartNow) {
+    done({
+      title: c.green(`${label} re-authenticated.`),
+      hints: [
+        { label: 'Try a live reload first:', command: 'typeclaw reload' },
+        { label: 'If reload reports restart-required:', command: 'typeclaw restart' },
+      ],
+    })
+    return
+  }
+
+  const stopped = await stop({ cwd })
+  if (!stopped.ok) {
+    console.error(errorLine(`Restart failed during stop: ${stopped.reason}`))
+    process.exit(1)
+  }
+  const started = await start({ cwd, preferredHostPort: config.port, cliEntry: process.argv[1] })
+  if (!started.ok) {
+    console.error(errorLine(`Restart failed during start: ${started.reason}`))
+    process.exit(1)
+  }
+  done({
+    title: c.green(
+      `${label} re-authenticated. Restarted ${started.plan.containerName} on host port ${started.hostPort}.`,
+    ),
+    hints: [
+      { label: 'Attach TUI:', command: 'typeclaw tui' },
+      { label: 'Follow logs:', command: 'typeclaw logs -f' },
+    ],
+  })
+}
+
 function validateAdapterArg(adapter: string, configured: Set<ChannelKind>): ChannelKind {
   if (!isChannelKind(adapter)) {
     console.error(errorLine(`Unknown adapter "${adapter}". Expected one of: ${CHANNEL_KINDS.join(', ')}.`))
@@ -86,7 +278,7 @@ function validateAdapterArg(adapter: string, configured: Set<ChannelKind>): Chan
   if (configured.has(adapter)) {
     console.error(
       errorLine(
-        `${CHANNEL_LABELS[adapter]} ("${adapter}") is already configured in typeclaw.json. Edit the file directly to change its allow list.`,
+        `${CHANNEL_LABELS[adapter]} ("${adapter}") is already configured in typeclaw.json. Edit the file directly to change its configuration.`,
       ),
     )
     process.exit(1)
@@ -282,20 +474,24 @@ async function promptTelegramToken(): Promise<string> {
   return token
 }
 
-async function promptKakaotalkCredentials(): Promise<{ email: string; password: string }> {
+async function promptKakaotalkCredentials(
+  opts: { defaultEmail?: string } = {},
+): Promise<{ email: string; password: string }> {
   note(
     [
       'KakaoTalk authentication uses a personal account, registered as a',
       'tablet sub-device. Messages will be sent and received under this',
       'account. Use a non-primary account if possible.',
       '',
-      'After you submit the password, KakaoTalk may ask you to confirm a',
-      'passcode on your phone. Watch the screen for the code.',
+      'On reauth, the existing device_uuid is preserved automatically, so',
+      'subsequent logins for the same account typically skip the phone',
+      'passcode confirmation.',
     ].join('\n'),
     'About to log in to KakaoTalk',
   )
   const email = await text({
     message: 'KakaoTalk email',
+    ...(opts.defaultEmail !== undefined ? { initialValue: opts.defaultEmail, placeholder: opts.defaultEmail } : {}),
     validate: (value) => (value && value.length > 0 ? undefined : 'Email is required'),
   })
   if (isCancel(email)) {

package/src/cli/compose-usage.ts

@@ -0,0 +1,182 @@
+import { styleText } from 'node:util'
+
+import type { ComposeUsageResult } from '@/compose'
+import type { UsageReport, UsageTotals } from '@/usage'
+import { formatCacheHitRate, formatCost, formatTokens } from '@/usage/format'
+
+export type FormatComposeUsageOptions = {
+  useColor?: boolean
+}
+
+type ColorFn = (s: string) => string
+type Palette = {
+  bold: ColorFn
+  dim: ColorFn
+  cyan: ColorFn
+  yellow: ColorFn
+  red: ColorFn
+}
+
+const identity: ColorFn = (s) => s
+const NO_PALETTE: Palette = { bold: identity, dim: identity, cyan: identity, yellow: identity, red: identity }
+const COLOR_PALETTE: Palette = {
+  bold: (s) => styleText('bold', s),
+  dim: (s) => styleText('dim', s),
+  cyan: (s) => styleText('cyan', s),
+  yellow: (s) => styleText('yellow', s),
+  red: (s) => styleText('red', s),
+}
+
+export function formatComposeUsage(result: ComposeUsageResult, opts: FormatComposeUsageOptions = {}): string {
+  const p: Palette = opts.useColor ? COLOR_PALETTE : NO_PALETTE
+
+  if (result.agents.length === 0) {
+    return p.dim(`No typeclaw agents in ${result.rootCwd}.`)
+  }
+
+  const sections: string[] = []
+  sections.push(`${p.bold('USAGE')} ${p.dim(`— ${result.rootCwd}`)}`)
+  sections.push(rangeLine(result.range, p))
+  sections.push('')
+  sections.push(renderTable(result, p))
+
+  const warnings = collectWarnings(result)
+  if (warnings.length > 0) {
+    sections.push('')
+    sections.push(p.yellow(`${warnings.length} warning(s):`))
+    for (const w of warnings) sections.push(`  - ${w}`)
+  }
+
+  return sections.join('\n')
+}
+
+export function formatComposeUsageJson(result: ComposeUsageResult): string {
+  return JSON.stringify(result, null, 2)
+}
+
+function rangeLine(range: ComposeUsageResult['range'], p: Palette): string {
+  if (range.since === null && range.until === null) return p.dim('Range: all time')
+  const since = range.since !== null ? new Date(range.since).toISOString() : '—'
+  const until = range.until !== null ? new Date(range.until).toISOString() : '—'
+  return p.dim(`Range: ${since} → ${until}`)
+}
+
+type Row = {
+  label: string
+  ok: boolean
+  reason: string | null
+  totals: UsageTotals
+}
+
+function renderTable(result: ComposeUsageResult, p: Palette): string {
+  const rows: Row[] = result.results.map((r) => {
+    if (!r.ok) {
+      return { label: r.name, ok: false, reason: r.reason, totals: emptyTotals() }
+    }
+    return { label: r.name, ok: true, reason: null, totals: totalsFrom(r.data) }
+  })
+
+  const total = sumTotals(rows.filter((r) => r.ok).map((r) => r.totals))
+  const headers = ['Agent', 'Sessions', 'Msgs', 'In', 'Out', 'Cache %', 'Cost']
+
+  const dataCells = rows.map((r) => {
+    if (!r.ok) {
+      return [p.red(r.label), p.red(`error: ${r.reason ?? 'unknown'}`), '', '', '', '', '']
+    }
+    return [
+      p.bold(r.label),
+      String(sessionCountFor(r, result)),
+      String(r.totals.messageCount),
+      formatTokens(r.totals.input),
+      formatTokens(r.totals.output),
+      formatCacheHitRate(r.totals.input, r.totals.cacheRead),
+      formatCost(r.totals.cost),
+    ]
+  })
+
+  const totalSessions = result.results.reduce((acc, r) => acc + (r.ok ? r.data.aggregation.bySession.length : 0), 0)
+  const totalCells = [
+    'Total',
+    String(totalSessions),
+    String(total.messageCount),
+    formatTokens(total.input),
+    formatTokens(total.output),
+    formatCacheHitRate(total.input, total.cacheRead),
+    formatCost(total.cost),
+  ]
+
+  return alignTable([headers, ...dataCells, totalCells], p, { totalRowIdx: dataCells.length + 1 })
+}
+
+function sessionCountFor(row: Row, result: ComposeUsageResult): number {
+  const match = result.results.find((r) => r.name === row.label)
+  if (match === undefined || !match.ok) return 0
+  return match.data.aggregation.bySession.length
+}
+
+function collectWarnings(result: ComposeUsageResult): string[] {
+  const out: string[] = []
+  for (const r of result.results) {
+    if (!r.ok) continue
+    for (const w of r.data.warnings) out.push(`[${r.name}] ${w}`)
+  }
+  return out
+}
+
+function totalsFrom(report: UsageReport): UsageTotals {
+  return report.aggregation.total
+}
+
+function emptyTotals(): UsageTotals {
+  return { messageCount: 0, input: 0, output: 0, cacheRead: 0, cacheWrite: 0, totalTokens: 0, cost: 0 }
+}
+
+function sumTotals(parts: UsageTotals[]): UsageTotals {
+  const acc = emptyTotals()
+  for (const t of parts) {
+    acc.messageCount += t.messageCount
+    acc.input += t.input
+    acc.output += t.output
+    acc.cacheRead += t.cacheRead
+    acc.cacheWrite += t.cacheWrite
+    acc.totalTokens += t.totalTokens
+    acc.cost += t.cost
+  }
+  return acc
+}
+
+function alignTable(table: string[][], p: Palette, opts: { totalRowIdx: number }): string {
+  const widths = computeNaturalWidths(table)
+  return table
+    .map((row, idx) => {
+      const cells = row.map((cell, c) => {
+        const pad = widths[c]! - stripAnsi(cell).length
+        return c === 0 ? cell + ' '.repeat(pad) : ' '.repeat(pad) + cell
+      })
+      const line = cells.join('  ')
+      if (idx === 0) return p.cyan(line)
+      if (idx === opts.totalRowIdx) return p.yellow(p.bold(line))
+      return line
+    })
+    .join('\n')
+}
+
+function computeNaturalWidths(table: string[][]): number[] {
+  const cols = table[0]?.length ?? 0
+  const widths: number[] = []
+  for (let c = 0; c < cols; c++) {
+    let w = 0
+    for (const row of table) {
+      const cell = row[c] ?? ''
+      const visible = stripAnsi(cell).length
+      if (visible > w) w = visible
+    }
+    widths.push(w)
+  }
+  return widths
+}
+
+function stripAnsi(s: string): string {
+  // eslint-disable-next-line no-control-regex
+  return s.replace(/\u001b\[[0-9;]*m/g, '')
+}

package/src/cli/compose.ts

@@ -7,6 +7,7 @@ import {
   composeStart,
   composeStatus,
   composeStop,
+  composeUsage,
   type AgentResult,
   type ComposeDoctorReport,
 } from '@/compose'
@@ -14,7 +15,9 @@ import { config } from '@/config'
 import { formatJson, formatReport } from '@/doctor'
 
 import { formatComposeStatus } from './compose-status'
+import { formatComposeUsage, formatComposeUsageJson } from './compose-usage'
 import { c, spinner } from './ui'
+import { parseSince, parseUntil } from './usage-args'
 
 const startSub = defineCommand({
   meta: { name: 'start', description: 'start every agent in immediate subdirectories of cwd' },
@@ -166,6 +169,35 @@ const logsSub = defineCommand({
   },
 })
 
+const usageSub = defineCommand({
+  meta: {
+    name: 'usage',
+    description: 'report LLM token usage and cost across every agent in immediate subdirectories of cwd',
+  },
+  args: {
+    json: { type: 'boolean', description: 'emit the usage report as JSON', default: false },
+    since: { type: 'string', description: "ISO date or relative duration ('today', '7d', '30d')" },
+    until: { type: 'string', description: 'ISO date upper bound (exclusive)' },
+  },
+  async run({ args }) {
+    const since = parseSince(args.since, 'typeclaw compose usage')
+    const until = parseUntil(args.until, 'typeclaw compose usage')
+    const result = await composeUsage({
+      rootCwd: process.cwd(),
+      ...(since !== undefined ? { since } : {}),
+      ...(until !== undefined ? { until } : {}),
+    })
+    if (args.json) {
+      process.stdout.write(`${formatComposeUsageJson(result)}\n`)
+      return
+    }
+    const useColor = Boolean(process.stdout.isTTY) && process.env.NO_COLOR === undefined
+    process.stdout.write(`${formatComposeUsage(result, { useColor })}\n`)
+    const anyFailed = result.results.some((r) => !r.ok)
+    if (anyFailed) process.exit(1)
+  },
+})
+
 const doctorSub = defineCommand({
   meta: { name: 'doctor', description: 'diagnose every agent in immediate subdirectories of cwd' },
   args: {
@@ -212,6 +244,7 @@ export const composeCommand = defineCommand({
     restart: restartSub,
     status: statusSub,
     logs: logsSub,
+    usage: usageSub,
     doctor: doctorSub,
   },
 })

package/src/cli/hostd.ts

@@ -3,6 +3,7 @@ import { defineCommand } from 'citty'
 import { loadConfigSync, validateConfig, type Config, type ValidateConfigResult } from '@/config'
 import { start, stop, type StartOptions, type StartResult, type StopResult } from '@/container'
 import { startDaemon, type DaemonLogEvent, type RestartPreflight } from '@/hostd/daemon'
+import { createKakaoRenewalManager } from '@/hostd/kakao-renewal-manager'
 import { createPortbrokerManager } from '@/hostd/portbroker-manager'
 import type { SupervisorLogEvent, SupervisorRestart } from '@/hostd/supervisor'
 import { computeSourceVersion, resolveSrcRoot, UNVERSIONED_SENTINEL } from '@/hostd/version'
@@ -22,19 +23,35 @@ export const hostdCommand = defineCommand({
       onLog: (msg) => writeLogLine(msg),
     })
 
+    const hostdRestart = buildHostdRestart(cliEntry, defaultRestartDeps, version)
+    const kakaoRenewal = createKakaoRenewalManager({
+      onLog: (event) => writeLogLine(formatLog(event)),
+      onRenewalOk: async ({ containerName, cwd }) => {
+        // Restart the container so the in-memory KakaoTalk LOCO client picks
+        // up the renewed tokens from secrets.json. Without this, the cron
+        // would write fresh tokens but the running adapter would keep using
+        // the old token in its closure and still 401 at the ~7-day wall.
+        const result = await hostdRestart({ containerName, cwd })
+        if (!result.ok) throw new Error(result.reason)
+      },
+      shouldRenew: ({ cwd }) => kakaoChannelConfigured(cwd),
+    })
+
     const daemon = await startDaemon({
       onLog: (e) => writeLogLine(formatLog(e)),
       version,
       onShutdown: () => process.exit(0),
       portbroker,
+      kakaoRenewal,
       restartPreflight: buildHostdRestartPreflight(cliEntry, version),
-      restart: buildHostdRestart(cliEntry, defaultRestartDeps, version),
+      restart: hostdRestart,
     })
 
     const shutdown = (): void => {
       void daemon
         .stop()
         .then(() => portbroker.drain())
+        .then(() => kakaoRenewal.drain())
         .then(() => process.exit(0))
     }
     process.on('SIGTERM', shutdown)
@@ -135,6 +152,37 @@ function formatLog(event: DaemonLogEvent | SupervisorLogEvent): string {
       return formatPortForwardEvent(event.event)
     case 'tailscale-serve-event':
       return formatTailscaleServeEvent(event.event)
+    case 'kakao-renewal-tick-start':
+      return `[hostd] kakao renewal tick started for ${event.containerName}`
+    case 'kakao-renewal-tick-skipped':
+      return `[hostd] kakao renewal skipped for ${event.containerName}: ${event.reason}${event.ageMs !== undefined ? ` (age=${Math.round(event.ageMs / 1000 / 60 / 60)}h)` : ''}`
+    case 'kakao-renewal-tick-ok':
+      return `[hostd] kakao renewal OK for ${event.containerName} account=${event.accountId} (was last updated ${event.previousUpdatedAt})`
+    case 'kakao-renewal-tick-reauth-required':
+      return `[hostd] kakao renewal REAUTH REQUIRED for ${event.containerName} account=${event.accountId} reason=${event.reason} — ${event.message}`
+    case 'kakao-renewal-tick-transient-failure':
+      return `[hostd] kakao renewal transient failure for ${event.containerName} account=${event.accountId}: ${event.reason}`
+    case 'kakao-renewal-tick-error':
+      return `[hostd] kakao renewal ERROR for ${event.containerName}: ${event.error}`
+    case 'kakao-renewal-restart-scheduled':
+      return `[hostd] kakao renewal scheduled container restart for ${event.containerName} account=${event.accountId}`
+    case 'kakao-renewal-restart-failed':
+      return `[hostd] kakao renewal container restart FAILED for ${event.containerName} account=${event.accountId}: ${event.reason}`
+  }
+}
+
+// Reads the agent's typeclaw.json to decide whether the kakao renewal cron
+// should run for this container. Without this, every typeclaw agent on the
+// host gets a daily `no_account` skip event from the renewal manager — log
+// spam for non-kakao agents. Returns false on read/parse errors so the
+// renewal cron stays silent for agents we can't classify; the kakao adapter
+// itself would surface the real config issue on its next start.
+function kakaoChannelConfigured(cwd: string): boolean {
+  try {
+    const cfg = loadConfigSync(cwd)
+    return cfg.channels?.kakaotalk !== undefined
+  } catch {
+    return false
   }
 }
 

package/src/cli/index.ts

@@ -23,7 +23,11 @@ const main = defineCommand({
     shell: () => import('./shell').then((m) => m.shellCommand),
     compose: () => import('./compose').then((m) => m.composeCommand),
     channel: () => import('./channel').then((m) => m.channelCommand),
+    role: () => import('./role').then((m) => m.roleCommand),
+    provider: () => import('./provider').then((m) => m.providerCommand),
+    model: () => import('./model').then((m) => m.modelCommand),
     doctor: () => import('./doctor').then((m) => m.doctorCommand),
+    usage: () => import('./usage').then((m) => m.usageCommand),
     _hostd: () => import('./hostd').then((m) => m.hostdCommand),
   },
 })