Commit Graph

36 Commits

Author SHA1 Message Date
Tink bot 814b2a635f feat(veans): install agent hooks during init instead of just printing
Adds a final step to bootstrap.Init that offers to wire `veans prime`
into Claude Code and OpenCode automatically. Per-agent yes/no prompts
default to "yes" for Claude Code and "no" for OpenCode; --install-claude
/ --install-opencode flags skip the prompt for scripted contexts;
--no-hooks falls back to the previous behaviour of just printing the
snippets.

Claude Code:
  - Writes/merges .claude/settings.json
  - JSON merge preserves existing keys (model, permissions, other hooks)
    and only appends a `veans prime` command entry under SessionStart
    and PreCompact if one isn't already there
  - Idempotent: re-running reports "Already configured" without
    duplicating entries

OpenCode:
  - Writes .opencode/plugin/veans-prime.ts with the standard handler
    skeleton
  - Existing files are left alone (no TS-merge story for v0)

Failures during hook install are non-fatal: the repo is already
configured, so the user gets a warning + the printed snippets as a
fallback path.

Unit tests cover the merge logic (fresh file, idempotent rerun,
preserving user's other hooks/keys), the install actions
("Wrote"/"Updated"/"Already configured"), and the offer flow
(flags-bypass-prompt vs prompt-when-unset vs no-hooks).
2026-05-27 08:21:57 +00:00
Tink bot 1bc3afa430 feat(veans): match existing bucket titles via case-insensitive alias table 2026-05-27 08:21:57 +00:00
Tink bot 4ac89741e3 feat(veans): reuse owned bot or prompt for fresh name on collision 2026-05-27 08:21:57 +00:00
Tink bot cd7cc113a1 docs(veans): AGENTS.md cheat sheet for coding agents
Captures the non-obvious things an agent will hit working on this
submodule:

- Wire-format quirks (view_kind/bucket_configuration_mode are JSON
  strings; Task.BucketID is always 0 in GET — use ?expand=buckets and
  CurrentBucketID; POST /tasks doesn't move buckets, use the dedicated
  bucket-tasks endpoint; bot creation is at /user/bots; APIToken
  expires_at is required, use FarFuture for "no expiry").
- Permission discovery via /routes (group names are path-derived; use
  PermissionsForBot at runtime instead of hard-coding).
- OAuth shape (PKCE/S256 mandatory, no client registration, JSON-only
  token exchange, loopback redirect via 127.0.0.1:0, Shutdown uses
  context.WithoutCancel to drain on outer cancel).
- Credential chain order + per-test HOME/XDG override.
- Identifier validation (runelength only) + base-36 timestamp suffix
  trick for unique e2e identifiers.
- mage Aliases map (without it, `mage test` rejects the namespace).
- License-header enforcement via local .golangci.yml + code-header-
  template.txt copy.
- Things to actively avoid: bare exec.Command, committing the built
  binary, stdout from `prime` outside a configured workspace.

CLAUDE.md is a symlink to AGENTS.md so Claude Code picks it up via
either name.
2026-05-27 08:21:57 +00:00
Tink bot 632579b304 ci(veans): add fast veans-test job for unit tests 2026-05-27 08:21:57 +00:00
Tink bot c1d5272afe feat(veans): switch OAuth handshake to a loopback HTTP server 2026-05-27 08:21:57 +00:00
Tink bot b18762171d feat(veans): add browser launcher helpers for OAuth flow 2026-05-27 08:21:57 +00:00
Tink bot 952ad89a8b chore(veans): apply veans golangci pass across sources 2026-05-27 08:21:57 +00:00
Tink bot 8ef796f016 chore(veans): add veans-local golangci config 2026-05-27 08:21:57 +00:00
Tink bot 35aa486eb5 feat(veans): use OAuth 2.0 Authorization Code + PKCE as default auth
Vikunja's built-in OAuth server (Vikunja 2.3+) does not require client
registration and accepts arbitrary client_ids — it just enforces PKCE
(S256) and constrains redirect URIs to the vikunja- scheme. Earlier I
deferred OAuth on the assumption it needed a registered client; that
was wrong, and the docs make the path much smoother than POST /login.

The custom-scheme constraint (no http:// loopback) is side-stepped by
manual paste-back: veans prints the authorize URL, the user signs in,
their browser fails to open vikunja-veans-cli://callback?code=... and
shows an error, the user copies the URL from the address bar and
pastes it back. CLI extracts code + state, verifies state for CSRF,
exchanges via POST /api/v1/oauth/token (JSON body — Vikunja rejects
form-encoded), and returns the access token.

Resolution order in AcquireHumanToken:
  1. --token (paste-in JWT or personal API token; SSO/OIDC users)
  2. --use-password / --username + --password (POST /login)
  3. OAuth flow (interactive default)

login command supports the same --use-password / --token escape hatches
for token rotation on instances with OAuth disabled.

Includes unit tests for the PKCE generator (verifier shape per RFC 7636,
challenge = SHA256(verifier) base64url-no-pad), authorize-URL
construction, and the lenient callback parser (full URL / query-only /
bare code).
2026-05-27 08:21:57 +00:00
Tink bot d0c77ad6fe docs(veans): add README with quick-start guide 2026-05-27 08:21:57 +00:00
Tink bot 4c3d449a35 test(veans): add e2e suite covering init, tasks, claim, prime flows 2026-05-27 08:21:57 +00:00
Tink bot 3a7bcb2a50 chore(veans): gitignore built binary 2026-05-27 08:21:57 +00:00
Tink bot df7a60d137 feat(veans): add login command for token rotation 2026-05-27 08:21:57 +00:00
Tink bot 2e2393121b feat(veans): add api passthrough command 2026-05-27 08:21:57 +00:00
Tink bot e8cdfcf023 feat(veans): add prime command for agent prompt injection 2026-05-27 08:21:57 +00:00
Tink bot b9551d55ba feat(veans): add claim command for assigning and bucket transition 2026-05-27 08:21:57 +00:00
Tink bot 6ebe25bfbc feat(veans): add update command with description and status transitions 2026-05-27 08:21:57 +00:00
Tink bot 6b756d92c3 feat(veans): add create command with labels and relations 2026-05-27 08:21:57 +00:00
Tink bot 2425d9923e feat(veans): add label get-or-create helper 2026-05-27 08:21:57 +00:00
Tink bot e88427ca3c feat(veans): add show command with PROJ-NN/#NN ID resolver 2026-05-27 08:21:57 +00:00
Tink bot 5e80c17281 feat(veans): add list command with filters and JSON output 2026-05-27 08:21:57 +00:00
Tink bot 081373bb48 feat(veans): add shared command runtime and git branch helper 2026-05-27 08:21:57 +00:00
Tink bot 81f4845a6b feat(veans): wire init cobra command 2026-05-27 08:21:57 +00:00
Tink bot 37b6ff538b feat(veans): orchestrate init bootstrap from probe to config write 2026-05-27 08:21:57 +00:00
Tink bot d2c3f3244d feat(veans): discover /routes for permission-group negotiation 2026-05-27 08:21:57 +00:00
Tink bot 1f5abaa6fb feat(veans): require APIToken.ExpiresAt with FarFuture sentinel 2026-05-27 08:21:57 +00:00
Tink bot 6b48a37710 feat(veans): add canonical status to bucket-title mapping 2026-05-27 08:21:57 +00:00
Tink bot 36fb0f0ace feat(veans): add .veans.yml schema and config helpers 2026-05-27 08:21:57 +00:00
Tink bot 878233f758 feat(veans): add transient human auth flow 2026-05-27 08:21:57 +00:00
Tink bot f05fc60777 feat(veans): add credential store with keychain, env, and file backends 2026-05-27 08:21:57 +00:00
Tink bot 4b6b8fca78 chore(veans): add magefile build and lint targets 2026-05-27 08:21:57 +00:00
Tink bot 3eec756863 feat(veans): add cobra root and version subcommand 2026-05-27 08:21:57 +00:00
Tink bot 87c312fb2b feat(veans): add JSON HTTP client and wire types 2026-05-27 08:21:57 +00:00
Tink bot e4c4837805 feat(veans): add stable error envelope and code constants 2026-05-27 08:21:57 +00:00
Tink bot 3d0039df2d feat(veans): scaffold Go module 2026-05-27 08:21:57 +00:00