Files
wehub-resource-sync 426e9eeabd
Voice Workbench / headless workbench (mocked backends) (push) Has been cancelled
Voice Workbench / real acoustic lane (nightly, provisioned only) (push) Has been cancelled
ci / test (push) Has been cancelled
ci / lint-and-format (push) Has been cancelled
ci / build (push) Has been cancelled
ci / dev-startup (push) Has been cancelled
gitleaks / gitleaks (push) Has been cancelled
Markdown Links / Relative Markdown Links (push) Has been cancelled
Quality (Extended) / Homepage Build (PR smoke) (push) Has been cancelled
Quality (Extended) / Comment-only diff guard (push) Has been cancelled
Quality (Extended) / Format + Type Safety Ratchet (push) Has been cancelled
Quality (Extended) / Develop Gate (secret scan + UI determinism) (push) Has been cancelled
Quality (Extended) / Develop Gate (lint) (push) Has been cancelled
Chat shell gestures / Chat shell gesture + parity e2e (push) Has been cancelled
Cloud Gateway Discord / Test (push) Has been cancelled
Benchmark Bridge Tests / benchmark (bunx @biomejs/biome check packages/lifeops-bench/src, benchmark-lint) (push) Has been cancelled
Benchmark Bridge Tests / benchmark (bunx vitest run --config packages/lifeops-bench/vitest.config.ts --root packages/lifeops-bench --passWithNoTests, benchmark-tests) (push) Has been cancelled
Build Agent Image / build-and-push (push) Has been cancelled
Dev Smoke / bun run dev onboarding chat (push) Has been cancelled
Dev Smoke / Vite HMR dependency-level smoke (push) Has been cancelled
Electrobun Submodule Guard / electrobun gitlink is fetchable (push) Has been cancelled
Publish @elizaos/example-code / check_npm (push) Has been cancelled
Publish @elizaos/example-code / publish_npm (push) Has been cancelled
Publish @elizaos/plugin-elizacloud / verify_version (push) Has been cancelled
Publish @elizaos/plugin-elizacloud / publish_npm (push) Has been cancelled
Sandbox Live Smoke / Sandbox live smoke (push) Has been cancelled
Snap Build & Test / Build Snap (amd64) (push) Has been cancelled
Snap Build & Test / Build Snap (arm64) (push) Has been cancelled
Test Packaging / elizaos CLI global-install smoke (node + bun) (push) Has been cancelled
Cloud Gateway Webhook / Test (push) Has been cancelled
Cloud Tests / lint-and-types (push) Has been cancelled
Cloud Tests / unit-tests (push) Has been cancelled
Cloud Tests / integration-tests (push) Has been cancelled
Cloud Tests / e2e-tests (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Deploy Apps Worker (Product 2) / Determine environment (push) Has been cancelled
Deploy Apps Worker (Product 2) / Deploy apps worker to apps-control host (${{ needs.determine-env.outputs.environment }}) (push) Has been cancelled
Deploy Eliza Provisioning Worker / Determine environment (push) Has been cancelled
Deploy Eliza Provisioning Worker / Deploy worker to Hetzner host (${{ needs.determine-env.outputs.environment }} @ ${{ needs.determine-env.outputs.deployment_sha }}) (push) Has been cancelled
Dev Smoke / Classify changed paths (push) Has been cancelled
supply-chain / sbom (push) Has been cancelled
supply-chain / vulnerability-scan (push) Has been cancelled
Build, Push & Deploy to Phala Cloud / build-and-push (push) Has been cancelled
Test Packaging / Validate Packaging Configs (push) Has been cancelled
Test Packaging / Build & Test PyPI Package (push) Has been cancelled
Test Packaging / PyPI on Python ${{ matrix.python }} (push) Has been cancelled
Test Packaging / Pack & Test JS Tarballs (push) Has been cancelled
UI Fixture E2E / ui-fixture-e2e (push) Has been cancelled
UI Fixture E2E / fixture-e2e (push) Has been cancelled
UI Story Gate / story-gate (push) Has been cancelled
vault-ci / test (macos-latest) (push) Has been cancelled
vault-ci / test (ubuntu-latest) (push) Has been cancelled
vault-ci / test (windows-latest) (push) Has been cancelled
vault-ci / app-core wiring tests (push) Has been cancelled
verify-patches / verify patches/CHECKSUMS.sha256 (push) Has been cancelled
Voice Benchmark Smoke / voice-emotion fixture smoke (push) Has been cancelled
Voice Benchmark Smoke / voiceagentbench fixture smoke (push) Has been cancelled
Voice Benchmark Smoke / voicebench-quality unit smoke (push) Has been cancelled
Voice Benchmark Smoke / voicebench TypeScript unit (no audio) (push) Has been cancelled
Voice Benchmark Smoke / voice bench smoke summary (push) Has been cancelled
Windows CI / windows ([bun run --cwd packages/app-core test bun run --cwd packages/elizaos test bun run --cwd packages/cloud/shared test], app-and-cli) (push) Has been cancelled
Windows CI / windows ([bun run --cwd packages/scenario-runner test bun run --cwd packages/vault test bun run --cwd packages/security test bun run --cwd plugins/plugin-coding-tools test], framework-packages) (push) Has been cancelled
Windows CI / windows ([bun run --cwd plugins/plugin-elizacloud test bun run --cwd plugins/plugin-discord test bun run --cwd plugins/plugin-anthropic test bun run --cwd plugins/plugin-openai test bun run --cwd plugins/plugin-app-control test bun run --cwd plugins/pl… (push) Has been cancelled
Windows CI / windows ([node packages/scripts/run-turbo.mjs run build --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/agent --concurrency=4 node packages/scripts/run-bash-linux-only.mjs scripts/verify-riscv64-buildpaths.sh node packages/scripts/run… (push) Has been cancelled
Windows CI / windows ([node packages/scripts/run-turbo.mjs run typecheck --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/cloud-shared --concurrency=4 bun run --cwd packages/core test bun run --cwd packages/shared test], core-runtime, 75) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:43:05 +08:00

137 lines
4.7 KiB
JavaScript

/**
* Interactive credential flows the console can drive end-to-end: the Eliza
* Cloud device-code login and a Google OAuth loopback flow. Everything else
* in the catalog is paste-a-token.
*
* Cloud login speaks the same protocol as ElizaCloudClient.startCliLogin /
* waitForCliLogin in packages/cloud/sdk/src/client.ts (POST
* /api/auth/cli-session, then poll /api/auth/cli-session/:id until
* `authenticated`), reimplemented over bare fetch so the console keeps zero
* workspace imports and works in a half-built checkout — protocol drift there
* is an API-versioning event, not a refactor hazard.
*
* The Google flow leans on the console being an HTTP server already: the
* redirect URI is the console's own /oauth/google/callback route, so no
* second loopback listener is needed. It requests offline access and returns
* a refresh token (GOOGLE_OAUTH_REFRESH_TOKEN) plus a fresh calendar access
* token (GOOGLE_CALENDAR_ACCESS_TOKEN) — the two vars the live suites gate on.
*/
import crypto from "node:crypto";
export const DEFAULT_CLOUD_BASE_URL = "https://elizacloud.ai";
const GOOGLE_AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth";
const GOOGLE_TOKEN_URL = "https://oauth2.googleapis.com/token";
const GOOGLE_SCOPES = [
"https://www.googleapis.com/auth/calendar",
"https://www.googleapis.com/auth/userinfo.email",
].join(" ");
/** Pending interactive flows keyed by opaque state token. */
const pendingFlows = new Map();
export async function startCloudLogin({
baseUrl = DEFAULT_CLOUD_BASE_URL,
} = {}) {
const response = await fetch(`${baseUrl}/api/auth/cli-session`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ client: "eliza-test-console" }),
});
if (!response.ok) {
throw new Error(`cloud cli-session failed: HTTP ${response.status}`);
}
const { sessionId, browserUrl } = await response.json();
return { sessionId, browserUrl };
}
export async function pollCloudLogin({
sessionId,
baseUrl = DEFAULT_CLOUD_BASE_URL,
}) {
const response = await fetch(`${baseUrl}/api/auth/cli-session/${sessionId}`);
if (!response.ok) {
throw new Error(`cloud cli-session poll failed: HTTP ${response.status}`);
}
return response.json();
}
export function startGoogleFlow({ clientId, clientSecret, redirectUri }) {
const state = crypto.randomBytes(24).toString("hex");
pendingFlows.set(state, {
provider: "google",
clientId,
clientSecret,
redirectUri,
createdAt: Date.now(),
result: null,
});
// Flows are single-use and short-lived; sweep anything older than 10 min.
for (const [key, flow] of pendingFlows) {
if (Date.now() - flow.createdAt > 600_000) pendingFlows.delete(key);
}
const url = new URL(GOOGLE_AUTH_URL);
url.searchParams.set("client_id", clientId);
url.searchParams.set("redirect_uri", redirectUri);
url.searchParams.set("response_type", "code");
url.searchParams.set("scope", GOOGLE_SCOPES);
url.searchParams.set("access_type", "offline");
url.searchParams.set("prompt", "consent");
url.searchParams.set("state", state);
return { authorizeUrl: url.toString(), state };
}
export async function completeGoogleFlow({ state, code }) {
const flow = pendingFlows.get(state);
if (!flow) throw new Error("unknown or expired OAuth state");
pendingFlows.delete(state);
const body = new URLSearchParams({
client_id: flow.clientId,
client_secret: flow.clientSecret,
code,
grant_type: "authorization_code",
redirect_uri: flow.redirectUri,
});
const response = await fetch(GOOGLE_TOKEN_URL, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: body.toString(),
});
const payload = await response.json();
if (!response.ok || !payload.access_token) {
throw new Error(
`google token exchange failed: HTTP ${response.status} ${JSON.stringify(payload).slice(0, 300)}`,
);
}
return {
refreshToken: payload.refresh_token ?? null,
accessToken: payload.access_token,
expiresIn: payload.expires_in,
};
}
/** Mint a fresh access token from a saved refresh token. */
export async function refreshGoogleAccessToken({
clientId,
clientSecret,
refreshToken,
}) {
const body = new URLSearchParams({
client_id: clientId,
client_secret: clientSecret,
refresh_token: refreshToken,
grant_type: "refresh_token",
});
const response = await fetch(GOOGLE_TOKEN_URL, {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: body.toString(),
});
const payload = await response.json();
if (!response.ok || !payload.access_token) {
throw new Error(`google refresh failed: HTTP ${response.status}`);
}
return { accessToken: payload.access_token, expiresIn: payload.expires_in };
}