mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-16 14:32:34 +00:00
Adds a third "Hermes Cloud" gateway mode to the desktop app: one portal
sign-in auto-discovers the agents on your account and connects to any of
them with no second interactive prompt.
- Electron: widen connection mode to 'local' | 'remote' | 'cloud', routed
through a centralized modeIsRemoteLike() so every resolution site treats
cloud exactly like remote; portal discovery (GET /api/agents over the
OAuth partition), Privy-cookie liveness, multi-org picker (NAS 409), and a
silent per-agent /oauth cascade (load protected root, not /login).
- Persist a cloudOrg on the cloud block; unselect cloud on mode switch.
- Renderer: Hermes Cloud ModeCard + agent picker (signed-out/loading/empty/
list), org picker, Change-org, connected-highlight + Connected pill.
- i18n (en + zh full; ja/zh-hant inherit via defineLocale), Cloud icon.
- IPC: hermes☁️{status,login,logout,discover,agent-sign-in}.
Salvage of #55402 onto current main: the original branch predates the
desktop electron .cjs -> .ts migration (39d09453f), so the electron half
was re-authored against the .ts files. Authorship preserved.
cloud-auto-discovery Phases 3 + 4.
111 lines
4 KiB
TypeScript
111 lines
4 KiB
TypeScript
import { describe, expect, it } from 'vitest'
|
|
|
|
import type { DesktopConnectionConfig } from '@/global'
|
|
|
|
import { deriveProviderShape, isRemoteReauthFailure, signInLabel } from './boot-failure-reauth'
|
|
|
|
function config(overrides: Partial<DesktopConnectionConfig> = {}): DesktopConnectionConfig {
|
|
return {
|
|
envOverride: false,
|
|
mode: 'remote',
|
|
profile: null,
|
|
remoteAuthMode: 'oauth',
|
|
remoteOauthConnected: false,
|
|
remoteTokenPreview: null,
|
|
remoteTokenSet: false,
|
|
remoteUrl: 'https://box:9119',
|
|
cloudOrg: '',
|
|
...overrides
|
|
}
|
|
}
|
|
|
|
describe('isRemoteReauthFailure', () => {
|
|
it('true for a remote, gated, disconnected gateway with a URL', () => {
|
|
expect(isRemoteReauthFailure(config())).toBe(true)
|
|
})
|
|
|
|
it('false when the oauth session is still connected', () => {
|
|
expect(isRemoteReauthFailure(config({ remoteOauthConnected: true }))).toBe(false)
|
|
})
|
|
|
|
it('false for a local gateway', () => {
|
|
expect(isRemoteReauthFailure(config({ mode: 'local' }))).toBe(false)
|
|
})
|
|
|
|
it('true for a cloud connection with a lapsed session (cloud resolves to remote oauth)', () => {
|
|
// A 'cloud' connection is a remote oauth backend under the hood (Q6), so a
|
|
// lapsed cloud session is the same reauth failure as a lapsed remote one.
|
|
expect(isRemoteReauthFailure(config({ mode: 'cloud' }))).toBe(true)
|
|
})
|
|
|
|
it('false for a connected cloud session', () => {
|
|
expect(isRemoteReauthFailure(config({ mode: 'cloud', remoteOauthConnected: true }))).toBe(false)
|
|
})
|
|
|
|
it('false for a token (non-gated) remote gateway', () => {
|
|
expect(isRemoteReauthFailure(config({ remoteAuthMode: 'token' }))).toBe(false)
|
|
})
|
|
|
|
it('false when there is no remote URL to sign in against', () => {
|
|
expect(isRemoteReauthFailure(config({ remoteUrl: '' }))).toBe(false)
|
|
})
|
|
|
|
it('false for null/undefined config', () => {
|
|
expect(isRemoteReauthFailure(null)).toBe(false)
|
|
expect(isRemoteReauthFailure(undefined)).toBe(false)
|
|
})
|
|
})
|
|
|
|
describe('deriveProviderShape', () => {
|
|
it('generic copy when there are no providers', () => {
|
|
expect(deriveProviderShape([])).toEqual({ isPassword: false, providerLabel: 'your identity provider' })
|
|
expect(deriveProviderShape(null)).toEqual({ isPassword: false, providerLabel: 'your identity provider' })
|
|
})
|
|
|
|
it('password shape when the sole provider supports password', () => {
|
|
expect(
|
|
deriveProviderShape([{ name: 'basic', displayName: 'Username & Password', supportsPassword: true }])
|
|
).toEqual({ isPassword: true, providerLabel: 'Username & Password' })
|
|
})
|
|
|
|
it('OAuth shape when the provider is a redirect IDP', () => {
|
|
expect(deriveProviderShape([{ name: 'nous', displayName: 'Nous Research', supportsPassword: false }])).toEqual({
|
|
isPassword: false,
|
|
providerLabel: 'Nous Research'
|
|
})
|
|
})
|
|
|
|
it('mixed deployment keeps generic OAuth copy (not every provider is password)', () => {
|
|
const shape = deriveProviderShape([
|
|
{ name: 'basic', displayName: 'Username & Password', supportsPassword: true },
|
|
{ name: 'nous', displayName: 'Nous Research', supportsPassword: false }
|
|
])
|
|
|
|
expect(shape.isPassword).toBe(false)
|
|
expect(shape.providerLabel).toBe('Username & Password / Nous Research')
|
|
})
|
|
|
|
it('falls back to name when displayName is empty', () => {
|
|
expect(deriveProviderShape([{ name: 'basic', displayName: '', supportsPassword: true }]).providerLabel).toBe(
|
|
'basic'
|
|
)
|
|
})
|
|
})
|
|
|
|
describe('signInLabel', () => {
|
|
it('password gateway gets the plain "Sign in to remote gateway" copy', () => {
|
|
expect(signInLabel({ url: 'x', isPassword: true, providerLabel: 'Username & Password' })).toBe(
|
|
'Sign in to remote gateway'
|
|
)
|
|
})
|
|
|
|
it('OAuth gateway names the provider', () => {
|
|
expect(signInLabel({ url: 'x', isPassword: false, providerLabel: 'Nous Research' })).toBe(
|
|
'Sign in with Nous Research'
|
|
)
|
|
})
|
|
|
|
it('null reauth falls back to the generic provider phrase', () => {
|
|
expect(signInLabel(null)).toBe('Sign in with your identity provider')
|
|
})
|
|
})
|