ai-agent 0.13.4

Idiomatic agent sdk inspired by the claude code source leak
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318

//! Trusted device token source for bridge (remote-control) sessions.
//!
//! Translated from openclaudecode/src/bridge/trustedDevice.ts
//!
//! Bridge sessions have SecurityTier=ELEVATED on the server (CCR v2).
//! The server gates ConnectBridgeWorker on its own flag, this CLI-side
//! flag controls whether the CLI sends X-Trusted-Device-Token at all.

use crate::constants::env::ai;
use std::sync::{Arc, RwLock};

use reqwest;

// =============================================================================
// CONSTANTS
// =============================================================================

const TRUSTED_DEVICE_GATE: &str = "tengu_sessions_elevated_auth_enforcement";
const ENROLLMENT_TIMEOUT_MS: u64 = 10_000;

// =============================================================================
// STORAGE TRAIT (for dependency injection)
// =============================================================================

/// Trait for secure storage operations.
pub trait SecureStorage: Send + Sync {
    fn read(&self) -> Option<StorageData>;
    fn update(&self, data: &StorageData) -> Result<(), String>;
}

#[derive(Clone, Default)]
pub struct StorageData {
    pub trusted_device_token: Option<String>,
    pub device_id: Option<String>,
    // Add other fields as needed
}

// =============================================================================
// STATE
// =============================================================================

/// Gate check function type.
pub type GateFn = Box<dyn Fn(&str) -> bool + Send + Sync>;

/// Auth token getter function type.
pub type AuthTokenGetterFn = Box<dyn Fn() -> Option<String> + Send + Sync>;

/// Base URL getter function type.
pub type BaseUrlGetterFn = Box<dyn Fn() -> String + Send + Sync>;

static GATE_GETTER: std::sync::OnceLock<GateFn> = std::sync::OnceLock::new();
static AUTH_TOKEN_GETTER: std::sync::OnceLock<AuthTokenGetterFn> = std::sync::OnceLock::new();
static BASE_URL_GETTER: std::sync::OnceLock<BaseUrlGetterFn> = std::sync::OnceLock::new();
static STORAGE: std::sync::OnceLock<Arc<dyn SecureStorage>> = std::sync::OnceLock::new();

// Cached token storage
static CACHED_TOKEN: std::sync::OnceLock<RwLock<Option<String>>> = std::sync::OnceLock::new();

// =============================================================================
// INITIALIZATION
// =============================================================================

/// Register the gate check function.
pub fn register_gate_check(gate: impl Fn(&str) -> bool + Send + Sync + 'static) {
    let _ = GATE_GETTER.set(Box::new(gate));
}

/// Register the auth token getter function.
pub fn register_auth_token_getter(getter: impl Fn() -> Option<String> + Send + Sync + 'static) {
    let _ = AUTH_TOKEN_GETTER.set(Box::new(getter));
}

/// Register the base URL getter function.
pub fn register_base_url_getter(getter: impl Fn() -> String + Send + Sync + 'static) {
    let _ = BASE_URL_GETTER.set(Box::new(getter));
}

/// Register the secure storage implementation.
pub fn register_secure_storage(storage: Arc<dyn SecureStorage>) {
    let _ = STORAGE.set(storage);
}

// =============================================================================
// GATE CHECK
// =============================================================================

fn is_gate_enabled() -> bool {
    GATE_GETTER
        .get()
        .map(|gate| gate(TRUSTED_DEVICE_GATE))
        // Default to false if not set
        .unwrap_or(false)
}

// =============================================================================
// TOKEN READ/WRITE
// =============================================================================

/// Get the stored trusted device token.
/// Uses env var override for testing/canary, falls back to secure storage.
/// Memoized for performance.
pub fn get_trusted_device_token() -> Option<String> {
    // Check env var first
    if let Ok(env_token) = std::env::var(ai::CLAUDE_TRUSTED_DEVICE_TOKEN) {
        if !env_token.is_empty() {
            return Some(env_token);
        }
    }

    if !is_gate_enabled() {
        return None;
    }

    // Use cached token if available
    if let Some(cached) = CACHED_TOKEN.get() {
        if let Ok(token) = cached.read() {
            return token.clone();
        }
    }

    // Read from storage
    let token = STORAGE
        .get()
        .and_then(|s| s.read())
        .and_then(|data| data.trusted_device_token);

    // Cache it
    if let Some(ref t) = token {
        if let Some(cache) = CACHED_TOKEN.get() {
            if let Ok(mut guard) = cache.write() {
                *guard = Some(t.clone());
            }
        }
    }

    token
}

/// Clear the cached trusted device token.
pub fn clear_trusted_device_token_cache() {
    if let Some(cache) = CACHED_TOKEN.get() {
        if let Ok(mut guard) = cache.write() {
            *guard = None;
        }
    }
}

/// Clear the stored trusted device token from secure storage and the cache.
/// Called before enrollTrustedDevice during /login so a stale token from the
/// previous account isn't sent while enrollment is in-flight.
pub fn clear_trusted_device_token() {
    if !is_gate_enabled() {
        return;
    }

    if let Some(storage) = STORAGE.get() {
        if let Some(mut data) = storage.read() {
            data.trusted_device_token = None;
            let _ = storage.update(&data);
        }
    }

    clear_trusted_device_token_cache();
}

/// Enroll this device via POST /auth/trusted_devices and persist the token
/// to storage. Best-effort โ€” returns on failure so callers don't block.
pub async fn enroll_trusted_device() {
    // Check gate
    if !is_gate_enabled() {
        log_debug("[trusted-device] Gate is off, skipping enrollment");
        return;
    }

    // Check env var override
    if std::env::var(ai::CLAUDE_TRUSTED_DEVICE_TOKEN).is_ok() {
        log_debug(
            "[trusted-device] CLAUDE_TRUSTED_DEVICE_TOKEN env var is set, skipping enrollment",
        );
        return;
    }

    // Get access token
    let access_token = match AUTH_TOKEN_GETTER.get() {
        Some(getter) => getter(),
        None => {
            log_debug("[trusted-device] No auth token getter registered, skipping enrollment");
            return;
        }
    };

    let access_token = match access_token {
        Some(t) => t,
        None => {
            log_debug("[trusted-device] No OAuth token, skipping enrollment");
            return;
        }
    };

    // Get base URL
    let base_url = match BASE_URL_GETTER.get() {
        Some(getter) => getter(),
        None => {
            log_debug("[trusted-device] No base URL getter registered, skipping enrollment");
            return;
        }
    };

    let client = reqwest::Client::new();

    let hostname = hostname::get()
        .map(|h| h.to_string_lossy().into_owned())
        .unwrap_or_else(|_| "unknown".to_string());

    let platform = std::env::consts::OS;
    let display_name = format!("Claude Code on {} ยท {}", hostname, platform);

    match client
        .post(&format!("{}/api/auth/trusted_devices", base_url))
        .header("Authorization", format!("Bearer {}", access_token))
        .header("Content-Type", "application/json")
        .timeout(std::time::Duration::from_millis(ENROLLMENT_TIMEOUT_MS))
        .json(&serde_json::json!({ "display_name": display_name }))
        .send()
        .await
    {
        Ok(response) => {
            if response.status() != 200 && response.status() != 201 {
                log_debug(&format!(
                    "[trusted-device] Enrollment failed {}",
                    response.status()
                ));
                return;
            }

            // Parse response
            match response.json::<serde_json::Value>().await {
                Ok(data) => {
                    let token = data.get("device_token").and_then(|v| v.as_str());
                    let device_id = data.get("device_id").and_then(|v| v.as_str());

                    match token {
                        Some(token) => {
                            // Persist to storage
                            if let Some(storage) = STORAGE.get() {
                                if let Some(mut data) = storage.read() {
                                    data.trusted_device_token = Some(token.to_string());
                                    if let Some(id) = device_id {
                                        data.device_id = Some(id.to_string());
                                    }
                                    match storage.update(&data) {
                                        Ok(_) => {
                                            clear_trusted_device_token_cache();
                                            log_debug(&format!(
                                                "[trusted-device] Enrolled device_id={}",
                                                device_id.unwrap_or("unknown")
                                            ));
                                        }
                                        Err(e) => {
                                            log_debug(&format!(
                                                "[trusted-device] Storage write failed: {}",
                                                e
                                            ));
                                        }
                                    }
                                }
                            }
                        }
                        None => {
                            log_debug(
                                "[trusted-device] Enrollment response missing device_token field",
                            );
                        }
                    }
                }
                Err(e) => {
                    log_debug(&format!("[trusted-device] Failed to parse response: {}", e));
                }
            }
        }
        Err(e) => {
            log_debug(&format!(
                "[trusted-device] Enrollment request failed: {}",
                e
            ));
        }
    }
}

// =============================================================================
// DEBUG LOGGING
// =============================================================================

fn log_debug(msg: &str) {
    // Simple debug logging - could be replaced with proper logging
    eprintln!("{}", msg);
}

// =============================================================================
// TESTS
// =============================================================================

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_token_returns_none_when_gate_disabled() {
        // By default gate returns false, so token should be None
        assert_eq!(get_trusted_device_token(), None);
    }

    #[test]
    fn test_clear_token_cache() {
        clear_trusted_device_token_cache();
        // Should not panic
    }
}