Static token for DEV env (#251)

* Static token for DEV env

* Clean up

Author: maximbilan

internal/app/therapy.go

@@ -26,6 +26,7 @@ type therapyConfig struct {
 	sessionID string
 	locale    string
 	ctx       context.Context
+	token     string
 }
 
 // Start therapy session
@@ -69,13 +70,19 @@ func relayTherapyMessage(text string, session *Session) {
 
 // Build an HTTP client configured with ID token authentication for therapy session calls
 func buildTherapyHTTPClient(ctx context.Context, targetURL string) (*http.Client, error) {
-    client, err := idtoken.NewClient(ctx, targetURL)
-    if err != nil {
-        return nil, fmt.Errorf("failed to create ID token client: %w", err)
-    }
-    // Set timeout on the client
-    client.Timeout = 120 * time.Second
-    return client, nil
+	// Local development path: plain HTTP client; per-request header is set using cfg.token
+	if os.Getenv("CLOUD") == "false" {
+		return &http.Client{Timeout: 120 * time.Second}, nil
+	}
+
+	// Cloud path (default): use Google ID token auth
+	client, err := idtoken.NewClient(ctx, targetURL)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create ID token client: %w", err)
+	}
+	// Set timeout on the client
+	client.Timeout = 120 * time.Second
+	return client, nil
 }
 
 // Build configuration from environment and session; ensures a session ID exists
@@ -94,13 +101,18 @@ func buildTherapyConfig(session *Session) *therapyConfig {
 	userID := session.User.ID
 	sessionID := *session.User.TherapySessionId
 	locale := session.Locale().String()
+	var token string
+	if os.Getenv("CLOUD") == "false" {
+		token = strings.TrimSpace(os.Getenv("CAPY_AGENT_TOKEN"))
+	}
 
 	return &therapyConfig{
 		baseURL:   baseURL,
 		userID:    userID,
 		sessionID: sessionID,
 		locale:    locale,
 		ctx:       context.Background(),
+		token:     token,
 	}
 }
 
@@ -121,6 +133,9 @@ func initTherapySession(client *http.Client, cfg *therapyConfig) bool {
 	}
 	// ID token client automatically adds Authorization header
 	req.Header.Set("Content-Type", "application/json")
+	if cfg.token != "" {
+		req.Header.Set("Authorization", "Bearer "+cfg.token)
+	}
 
 	resp, err := client.Do(req)
 	if err != nil {
@@ -166,6 +181,9 @@ func sendTherapyMessage(client *http.Client, cfg *therapyConfig, text string) *s
 		return nil
 	}
 	req.Header.Set("Content-Type", "application/json")
+	if cfg.token != "" {
+		req.Header.Set("Authorization", "Bearer "+cfg.token)
+	}
 
 	resp, err := client.Do(req)
 	if err != nil {

internal/app/therapy_test.go

@@ -1,15 +1,15 @@
 package app
 
 import (
-    "context"
-    "net/http"
-    "net/http/httptest"
-    "testing"
-    "time"
+	"context"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
 
-    "strings"
+	"strings"
 
-    "github.com/capymind/internal/database"
+	"github.com/capymind/internal/database"
 )
 
 func TestStartTherapySession(t *testing.T) {
@@ -54,7 +54,7 @@ func TestEndTherapySession(t *testing.T) {
 
 func TestRelayTherapyMessage(t *testing.T) {
 	// Create a fake therapy session backend implementing both init and run endpoints
-    ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		switch {
 		case r.Method == http.MethodPost && strings.HasPrefix(r.URL.Path, "/apps/capymind_agent/users/u1/sessions/"):
 			// Session init endpoint
@@ -63,24 +63,24 @@ func TestRelayTherapyMessage(t *testing.T) {
 			return
 		case r.Method == http.MethodPost && r.URL.Path == "/run_sse":
 			// Message sending endpoint
-            w.Header().Set("Content-Type", "text/event-stream")
-            w.WriteHeader(http.StatusOK)
-            _, _ = w.Write([]byte("data: {\"content\":{\"parts\":[{\"text\":\"Hello, I'm here for you.\"}],\"role\":\"model\"}}\n\n"))
+			w.Header().Set("Content-Type", "text/event-stream")
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write([]byte("data: {\"content\":{\"parts\":[{\"text\":\"Hello, I'm here for you.\"}],\"role\":\"model\"}}\n\n"))
 			return
 		default:
 			http.NotFound(w, r)
 			return
 		}
 	}))
 	defer ts.Close()
-    t.Setenv("CAPY_THERAPY_SESSION_URL", ts.URL)
+	t.Setenv("CAPY_THERAPY_SESSION_URL", ts.URL)
 
-    // Inject simple HTTP client without Google auth for tests
-    originalBuilder := newTherapyHTTPClient
-    newTherapyHTTPClient = func(ctx context.Context, targetURL string) (*http.Client, error) {
-        return &http.Client{Timeout: 5 * time.Second}, nil
-    }
-    defer func() { newTherapyHTTPClient = originalBuilder }()
+	// Inject simple HTTP client without Google auth for tests
+	originalBuilder := newTherapyHTTPClient
+	newTherapyHTTPClient = func(ctx context.Context, targetURL string) (*http.Client, error) {
+		return &http.Client{Timeout: 5 * time.Second}, nil
+	}
+	defer func() { newTherapyHTTPClient = originalBuilder }()
 
 	ctx := context.Background()
 	locale := "en"
@@ -89,7 +89,7 @@ func TestRelayTherapyMessage(t *testing.T) {
 
 	relayTherapyMessage("hi", session)
 
-    if len(session.Job.Output) == 0 {
+	if len(session.Job.Output) == 0 {
 		t.Fatalf("expected at least one output")
 	}
 	if session.Job.Output[0].TextID != "Hello, I'm here for you." {
@@ -113,30 +113,30 @@ func TestHandleSession_AutoEndWhenExpired(t *testing.T) {
 
 func TestHandleSession_ForwardDuringActive(t *testing.T) {
 	// Fake backend implementing both init and run endpoints
-    ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		switch {
 		case r.Method == http.MethodPost && strings.HasPrefix(r.URL.Path, "/apps/capymind_agent/users/u1/sessions/"):
 			w.WriteHeader(http.StatusOK)
 			_, _ = w.Write([]byte(`{"ok":true}`))
 			return
 		case r.Method == http.MethodPost && r.URL.Path == "/run_sse":
-            w.Header().Set("Content-Type", "text/event-stream")
-            w.WriteHeader(http.StatusOK)
-            _, _ = w.Write([]byte("data: {\"content\":{\"parts\":[{\"text\":\"Therapist reply\"}],\"role\":\"model\"}}\n\n"))
+			w.Header().Set("Content-Type", "text/event-stream")
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write([]byte("data: {\"content\":{\"parts\":[{\"text\":\"Therapist reply\"}],\"role\":\"model\"}}\n\n"))
 			return
 		default:
 			http.NotFound(w, r)
 			return
 		}
 	}))
 	defer ts.Close()
-    t.Setenv("CAPY_THERAPY_SESSION_URL", ts.URL)
+	t.Setenv("CAPY_THERAPY_SESSION_URL", ts.URL)
 
-    originalBuilder := newTherapyHTTPClient
-    newTherapyHTTPClient = func(ctx context.Context, targetURL string) (*http.Client, error) {
-        return &http.Client{Timeout: 5 * time.Second}, nil
-    }
-    defer func() { newTherapyHTTPClient = originalBuilder }()
+	originalBuilder := newTherapyHTTPClient
+	newTherapyHTTPClient = func(ctx context.Context, targetURL string) (*http.Client, error) {
+		return &http.Client{Timeout: 5 * time.Second}, nil
+	}
+	defer func() { newTherapyHTTPClient = originalBuilder }()
 
 	ctx := context.Background()
 	future := time.Now().Add(5 * time.Minute)
@@ -154,45 +154,45 @@ func TestHandleSession_ForwardDuringActive(t *testing.T) {
 }
 
 func TestRelayTherapyMessage_ExistingSessionContinues(t *testing.T) {
-    // Fake backend: init returns 400 Session already exists; run_sse returns a reply
-    ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-        switch {
-        case r.Method == http.MethodPost && strings.HasPrefix(r.URL.Path, "/apps/capymind_agent/users/u1/sessions/"):
-            w.WriteHeader(http.StatusBadRequest)
-            _, _ = w.Write([]byte(`{"detail":"Session already exists: abc-123"}`))
-            return
-        case r.Method == http.MethodPost && r.URL.Path == "/run_sse":
-            w.Header().Set("Content-Type", "text/event-stream")
-            w.WriteHeader(http.StatusOK)
-            _, _ = w.Write([]byte("data: {\"content\":{\"parts\":[{\"text\":\"Hello again\"}],\"role\":\"model\"}}\n\n"))
-            return
-        default:
-            http.NotFound(w, r)
-            return
-        }
-    }))
-    defer ts.Close()
-    t.Setenv("CAPY_THERAPY_SESSION_URL", ts.URL)
-
-    originalBuilder := newTherapyHTTPClient
-    newTherapyHTTPClient = func(ctx context.Context, targetURL string) (*http.Client, error) {
-        return &http.Client{Timeout: 5 * time.Second}, nil
-    }
-    defer func() { newTherapyHTTPClient = originalBuilder }()
-
-    ctx := context.Background()
-    locale := "en"
-    user := &database.User{ID: "u1", Locale: &locale}
-    session := createSession(&Job{Command: None}, user, nil, &ctx)
-
-    relayTherapyMessage("hi", session)
-
-    if len(session.Job.Output) == 0 {
-        t.Fatalf("expected at least one output")
-    }
-    if session.Job.Output[0].TextID != "Hello again" {
-        t.Fatalf("unexpected relay text: %s", session.Job.Output[0].TextID)
-    }
+	// Fake backend: init returns 400 Session already exists; run_sse returns a reply
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch {
+		case r.Method == http.MethodPost && strings.HasPrefix(r.URL.Path, "/apps/capymind_agent/users/u1/sessions/"):
+			w.WriteHeader(http.StatusBadRequest)
+			_, _ = w.Write([]byte(`{"detail":"Session already exists: abc-123"}`))
+			return
+		case r.Method == http.MethodPost && r.URL.Path == "/run_sse":
+			w.Header().Set("Content-Type", "text/event-stream")
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write([]byte("data: {\"content\":{\"parts\":[{\"text\":\"Hello again\"}],\"role\":\"model\"}}\n\n"))
+			return
+		default:
+			http.NotFound(w, r)
+			return
+		}
+	}))
+	defer ts.Close()
+	t.Setenv("CAPY_THERAPY_SESSION_URL", ts.URL)
+
+	originalBuilder := newTherapyHTTPClient
+	newTherapyHTTPClient = func(ctx context.Context, targetURL string) (*http.Client, error) {
+		return &http.Client{Timeout: 5 * time.Second}, nil
+	}
+	defer func() { newTherapyHTTPClient = originalBuilder }()
+
+	ctx := context.Background()
+	locale := "en"
+	user := &database.User{ID: "u1", Locale: &locale}
+	session := createSession(&Job{Command: None}, user, nil, &ctx)
+
+	relayTherapyMessage("hi", session)
+
+	if len(session.Job.Output) == 0 {
+		t.Fatalf("expected at least one output")
+	}
+	if session.Job.Output[0].TextID != "Hello again" {
+		t.Fatalf("unexpected relay text: %s", session.Job.Output[0].TextID)
+	}
 }
 
 func TestHandleSession_EndOnOtherCommand(t *testing.T) {

scripts/generate_agent_token.sh

@@ -1,18 +1,3 @@
 #!/bin/bash
 
-SERVICE_ACCOUNT=$CAPY_SERVICE_ACCOUNT
-PROJECT_ID=$CAPY_PROJECT_ID
-
-gcloud iam service-accounts add-iam-policy-binding $SERVICE_ACCOUNT \
-  --role=roles/iam.serviceAccountTokenCreator \
-  --member=serviceAccount:$SERVICE_ACCOUNT \
-  --project=$PROJECT_ID
-
-gcloud iam service-accounts keys create key.json \
-  --iam-account=$SERVICE_ACCOUNT
-
-# Activate the service account
-gcloud auth activate-service-account --key-file=key.json
-
-# Generate the identity token
 gcloud auth print-identity-token