feat: add gh-based auth status probe and refresh flow (#3)

Author: doosanofficial-ui

README.md

@@ -12,9 +12,10 @@ GitHub Copilot SDK 기반으로 Obsidian 사이드바에 Copilot CLI 수준의 
 
 - 리포지토리/문서/기본 플러그인 스캐폴드 생성 완료
 - M2 기본 UX 반영: 사이드바 채팅 뷰, 세션 생성/전환/삭제, 모의 스트리밍 응답
-- 명령 팔레트 연동 확장: `Open`, `Ask about current note`, `Apply pending changes`, `Start new chat session`
+- 명령 팔레트 연동 확장: `Open`, `Ask about current note`, `Apply pending changes`, `Start new chat session`, `Undo last applied change`, `Refresh auth status`
 - 로컬 세션/상태 저장 및 pending change 적용 기본 흐름 구현
 - M3 컨텍스트/변경 흐름 확장: 명시적 추가 컨텍스트 노트 병합, 변경 전 diff 프리뷰, discard/undo 적용
+- M1 인증 실연동 경로(Desktop): `gh auth status`/`gh copilot status` 기반 로그인/권한 상태 probe + 수동 재검증
 - 상세 요구사항: `docs/requirements.md`
 - 아키텍처 초안: `docs/architecture.md`
 - 구현 마일스톤: `docs/milestones.md`

docs/atomic-task-plan.md

@@ -91,3 +91,12 @@
 | M3-C02 | 변경 제안 diff 프리뷰 UI 추가 | Copilot CLI | `npm run smoke:run && npm run smoke:assert` |
 | M3-C03 | pending discard 및 마지막 적용 undo 구현 | Copilot CLI | `npm run verify:e2e` |
 | M3-CL01 | M3 변경의 Cloud 검증 실행 | Cloud Agent | `npm run cloud:dispatch` 후 `npm run cloud:status`에서 최신 run 확인 |
+
+## 10) Iteration 5 (M1 Auth Probe) 템플릿
+
+| ID | 목표 | 담당 | 독립 검증 기준 |
+|---|---|---|---|
+| M1-C01 | gh 기반 로그인 상태 probe 구현 | Copilot CLI | `npm run check && npm run build` |
+| M1-C02 | entitlement/no-entitlement 상태 매핑 | Copilot CLI | `npm run smoke:run && npm run smoke:assert` |
+| M1-C03 | 수동 재검증 명령/버튼 연계 | Copilot CLI | `npm run verify:e2e` |
+| M1-CL01 | M1 변경의 Cloud 검증 실행 | Cloud Agent | `npm run cloud:dispatch` 후 `npm run cloud:status`에서 최신 run 확인 |

docs/requirements.md

@@ -35,6 +35,8 @@
 - GitHub 로그인(디바이스 플로우 또는 SDK 권장 플로우)
 - Copilot entitlement 확인
 - 로그인 상태 표시: `로그인됨`, `권한 없음`, `토큰 만료`, `오프라인`
+- Desktop 환경에서 `gh auth status`/`gh copilot status` 기반 상태 probe를 지원한다.
+- 사용자가 사이드바/명령 팔레트에서 인증 상태를 수동 재검증할 수 있어야 한다.
 
 ### FR-003 컨텍스트 주입
 
@@ -54,6 +56,8 @@
 - `Ask about current note`
 - `Apply pending changes`
 - `Start new chat session`
+- `Undo last applied change`
+- `Refresh auth status`
 
 ### FR-006 세션/설정 저장
 

main.js

@@ -53,6 +53,8 @@ function defaultSettings() {
     additionalContextPaths: [],
     lastAppliedChange: null,
     authState: "logged-in",
+    authDetail: "Auth not checked yet.",
+    authCheckedAt: Date.now(),
     model: "gpt-5.3-codex",
     contextPolicy: "selection-first",
     debugLogging: false
@@ -119,6 +121,15 @@ function buildPreviewDiff(before, after) {
   }
   return out.join("\n");
 }
+function compactOutput(stdout, stderr) {
+  const joined = `${stdout}
+${stderr}`.replace(/\s+/g, " ").trim();
+  return joined.length > 0 ? joined : "(no output)";
+}
+function containsAny(source, patterns) {
+  const lowered = source.toLowerCase();
+  return patterns.some((pattern) => lowered.includes(pattern));
+}
 function normalizeSettings(raw) {
   const fallback = defaultSettings();
   if (!raw || typeof raw !== "object") {
@@ -160,6 +171,8 @@ function normalizeSettings(raw) {
     additionalContextPaths,
     lastAppliedChange,
     authState: isAuthState(source.authState) ? source.authState : fallback.authState,
+    authDetail: typeof source.authDetail === "string" && source.authDetail.trim().length > 0 ? source.authDetail : fallback.authDetail,
+    authCheckedAt: typeof source.authCheckedAt === "number" ? source.authCheckedAt : fallback.authCheckedAt,
     model: typeof source.model === "string" && source.model.trim().length > 0 ? source.model : fallback.model,
     contextPolicy: isContextPolicy(source.contextPolicy) ? source.contextPolicy : fallback.contextPolicy,
     debugLogging: Boolean(source.debugLogging)
@@ -183,7 +196,9 @@ var CopilotSidebarView = class extends import_obsidian.ItemView {
     const root = container.createDiv({ cls: "copilot-sidebar-root" });
     const header = root.createDiv({ cls: "copilot-sidebar-header" });
     const title = header.createDiv({ text: "Copilot Sidebar", cls: "copilot-sidebar-title" });
-    const authBadge = header.createDiv({ cls: "copilot-auth-badge" });
+    const authMeta = header.createDiv({ cls: "copilot-auth-meta" });
+    const authBadge = authMeta.createDiv({ cls: "copilot-auth-badge" });
+    const authDetail = authMeta.createDiv({ cls: "copilot-auth-detail" });
     const controlRow = root.createDiv({ cls: "copilot-sidebar-controls" });
     const newSessionButton = controlRow.createEl("button", {
       text: "New Session",
@@ -201,8 +216,8 @@ var CopilotSidebarView = class extends import_obsidian.ItemView {
       text: "Add Active Context",
       cls: "copilot-button"
     });
-    const authCycleButton = controlRow.createEl("button", {
-      text: "Cycle Auth",
+    const refreshAuthButton = controlRow.createEl("button", {
+      text: "Refresh Auth",
       cls: "copilot-button"
     });
     const layout = root.createDiv({ cls: "copilot-sidebar-layout" });
@@ -237,8 +252,8 @@ var CopilotSidebarView = class extends import_obsidian.ItemView {
     addContextButton.addEventListener("click", () => {
       void this.plugin.addActiveNoteToContext();
     });
-    authCycleButton.addEventListener("click", () => {
-      void this.plugin.cycleAuthState();
+    refreshAuthButton.addEventListener("click", () => {
+      void this.plugin.refreshAuthStatus("manual");
     });
     composerButton.addEventListener("click", () => {
       void this.submitComposer();
@@ -252,6 +267,7 @@ var CopilotSidebarView = class extends import_obsidian.ItemView {
     this.elements = {
       title,
       authBadge,
+      authMeta: authDetail,
       sessionList,
       contextList,
       pendingList,
@@ -275,14 +291,17 @@ var CopilotSidebarView = class extends import_obsidian.ItemView {
     this.elements.title.setText(activeSession ? activeSession.title : "Copilot Sidebar");
     this.elements.authBadge.setText(`Auth: ${snapshot.authState}`);
     this.elements.authBadge.className = `copilot-auth-badge auth-${snapshot.authState}`;
+    const checkedAt = new Date(snapshot.authCheckedAt).toLocaleTimeString();
+    const compactDetail = snapshot.authDetail.length > 180 ? `${snapshot.authDetail.slice(0, 177)}...` : snapshot.authDetail;
+    this.elements.authMeta.setText(`${compactDetail} | checked ${checkedAt}`);
     this.renderSessions(snapshot);
     this.renderContextNotes(snapshot);
     this.renderPendingChanges(snapshot);
     this.renderMessages(activeSession);
     this.renderPreview(snapshot);
     this.elements.composerButton.disabled = snapshot.isStreaming;
     this.elements.composerInput.disabled = snapshot.isStreaming;
-    this.elements.composerInput.placeholder = snapshot.authState === "logged-in" ? "Ask Copilot about this vault..." : "Auth state is not logged-in. Use Cycle Auth (mock) to simulate recovery.";
+    this.elements.composerInput.placeholder = snapshot.authState === "logged-in" ? "Ask Copilot about this vault..." : "Auth state is not logged-in. Use Refresh Auth to re-check login and entitlement.";
   }
   renderSessions(snapshot) {
     if (!this.elements) {
@@ -496,6 +515,14 @@ var CopilotSidebarPlugin = class extends import_obsidian.Plugin {
         await this.undoLastAppliedChange();
       }
     });
+    this.addCommand({
+      id: "refresh-auth-status",
+      name: "Refresh auth status",
+      callback: async () => {
+        await this.refreshAuthStatus("manual");
+      }
+    });
+    void this.refreshAuthStatus("startup");
   }
   async onunload() {
     for (const timer of this.activeStreamTimers) {
@@ -523,6 +550,8 @@ var CopilotSidebarPlugin = class extends import_obsidian.Plugin {
       additionalContextPaths: [...this.settings.additionalContextPaths],
       lastAppliedChange: this.settings.lastAppliedChange ? { ...this.settings.lastAppliedChange } : null,
       authState: this.settings.authState,
+      authDetail: this.settings.authDetail,
+      authCheckedAt: this.settings.authCheckedAt,
       model: this.settings.model,
       isStreaming: this.streaming
     };
@@ -559,8 +588,125 @@ var CopilotSidebarPlugin = class extends import_obsidian.Plugin {
     const currentIndex = AUTH_ORDER.indexOf(this.settings.authState);
     const nextIndex = currentIndex >= 0 ? (currentIndex + 1) % AUTH_ORDER.length : 0;
     this.settings.authState = AUTH_ORDER[nextIndex];
+    this.settings.authDetail = "Manual auth state override.";
+    this.settings.authCheckedAt = Date.now();
     await this.persistAndRender();
   }
+  async refreshAuthStatus(trigger = "manual") {
+    const probe = this.probeAuthStatusFromGh();
+    this.settings.authState = probe.state;
+    this.settings.authDetail = probe.detail;
+    this.settings.authCheckedAt = probe.checkedAt;
+    await this.persistAndRender();
+    if (trigger === "manual") {
+      new import_obsidian.Notice(`Auth check: ${probe.state}`);
+    }
+  }
+  probeAuthStatusFromGh() {
+    const checkedAt = Date.now();
+    const ghVersion = this.runLocalCommand("gh", ["--version"], 2500);
+    if (ghVersion.status !== 0) {
+      return {
+        state: "offline",
+        detail: "gh CLI not found. Install/authenticate GitHub CLI.",
+        checkedAt
+      };
+    }
+    const authStatus = this.runLocalCommand("gh", ["auth", "status", "-h", "github.com"], 6e3);
+    const authOutput = compactOutput(authStatus.stdout, authStatus.stderr);
+    if (authStatus.status !== 0) {
+      if (containsAny(authOutput, ["expired", "token", "not logged", "authentication"])) {
+        return {
+          state: "token-expired",
+          detail: `GitHub auth issue: ${authOutput}`,
+          checkedAt
+        };
+      }
+      return {
+        state: "offline",
+        detail: `Unable to reach GitHub auth status: ${authOutput}`,
+        checkedAt
+      };
+    }
+    const copilotStatus = this.runLocalCommand("gh", ["copilot", "status"], 6e3);
+    const copilotOutput = compactOutput(copilotStatus.stdout, copilotStatus.stderr);
+    if (copilotStatus.status === 0) {
+      return {
+        state: "logged-in",
+        detail: `GitHub login and Copilot status confirmed. ${copilotOutput}`,
+        checkedAt
+      };
+    }
+    if (containsAny(copilotOutput, ["not entitled", "not enabled", "no entitlement", "not subscribed"])) {
+      return {
+        state: "no-entitlement",
+        detail: `GitHub login ok but Copilot entitlement missing. ${copilotOutput}`,
+        checkedAt
+      };
+    }
+    if (containsAny(copilotOutput, ["token", "authentication", "not logged", "login"])) {
+      return {
+        state: "token-expired",
+        detail: `Copilot auth needs refresh. ${copilotOutput}`,
+        checkedAt
+      };
+    }
+    if (containsAny(copilotOutput, ["unknown command", "usage:"])) {
+      return {
+        state: "logged-in",
+        detail: "GitHub login detected. Copilot status command unavailable in this gh build.",
+        checkedAt
+      };
+    }
+    return {
+      state: "logged-in",
+      detail: `GitHub login detected. Copilot status inconclusive: ${copilotOutput}`,
+      checkedAt
+    };
+  }
+  runLocalCommand(command, args, timeoutMs) {
+    const dynamicRequire = this.getDynamicRequire();
+    if (!dynamicRequire) {
+      return {
+        status: -1,
+        stdout: "",
+        stderr: "dynamic require is unavailable in this runtime",
+        error: "require-unavailable"
+      };
+    }
+    try {
+      const childProcess = dynamicRequire("node:child_process");
+      const result = childProcess.spawnSync(command, args, {
+        encoding: "utf8",
+        timeout: timeoutMs
+      });
+      const error = result.error instanceof Error ? result.error.message : null;
+      return {
+        status: result.status ?? -1,
+        stdout: typeof result.stdout === "string" ? result.stdout : "",
+        stderr: typeof result.stderr === "string" ? result.stderr : "",
+        error
+      };
+    } catch (error) {
+      return {
+        status: -1,
+        stdout: "",
+        stderr: "",
+        error: error instanceof Error ? error.message : String(error)
+      };
+    }
+  }
+  getDynamicRequire() {
+    const fromGlobal = globalThis.require;
+    if (typeof fromGlobal === "function") {
+      return fromGlobal;
+    }
+    const fromWindow = globalThis.window?.require;
+    if (typeof fromWindow === "function") {
+      return fromWindow;
+    }
+    return null;
+  }
   async addActiveNoteToContext() {
     const activeFile = this.app.workspace.getActiveFile();
     if (!(activeFile instanceof import_obsidian.TFile)) {

scripts/smoke-assert.mjs

@@ -21,6 +21,7 @@ const requiredCommands = [
   "apply-pending-changes",
   "ask-about-current-note",
   "open-copilot-sidebar",
+  "refresh-auth-status",
   "start-new-chat-session",
   "undo-last-applied-change"
 ];

scripts/smoke-run.mjs

@@ -215,7 +215,9 @@ try {
     "apply-pending-changes",
     "ask-about-current-note",
     "open-copilot-sidebar",
-    "start-new-chat-session"
+    "refresh-auth-status",
+    "start-new-chat-session",
+    "undo-last-applied-change"
   ];
   for (const commandId of requiredCommands) {
     assert.ok(commandIds.includes(commandId), `missing required command: ${commandId}`);
@@ -235,16 +237,19 @@ try {
   const openCommand = plugin.__commands.find((command) => command.id === "open-copilot-sidebar");
   const startSessionCommand = plugin.__commands.find((command) => command.id === "start-new-chat-session");
   const applyCommand = plugin.__commands.find((command) => command.id === "apply-pending-changes");
+  const refreshAuthCommand = plugin.__commands.find((command) => command.id === "refresh-auth-status");
   const undoCommand = plugin.__commands.find((command) => command.id === "undo-last-applied-change");
 
   assert.ok(openCommand, "open command should exist");
   assert.ok(startSessionCommand, "start session command should exist");
   assert.ok(applyCommand, "apply command should exist");
+  assert.ok(refreshAuthCommand, "refresh auth command should exist");
   assert.ok(undoCommand, "undo command should exist");
 
   await openCommand.callback();
   await startSessionCommand.callback();
   await applyCommand.callback();
+  await refreshAuthCommand.callback();
   await undoCommand.callback();
 
   await view.onClose();