🐛 Wire authService and projectService into TDD server (#149)

## Summary

The TDD dashboard Projects and Builds tabs were showing "Not signed in"
even when the user was authenticated via `vizzly login`. This was
because the TDD command only passed `configService` to the server
manager, leaving `authService` and `projectService` undefined.

**Root cause:** In `src/commands/tdd.js:124`, only `configService` was
passed to `createServerManager()`. The HTTP server's auth and project
routers checked for these services and returned "Service unavailable"
when they were undefined.

**Changes:**
- Add `auth-service.js` - wraps auth operations (`isAuthenticated`,
`whoami`, `initiateDeviceFlow`, etc.) for the HTTP server
- Add `project-service.js` - wraps project operations (`listProjects`,
`listMappings`, `getRecentBuilds`, etc.) for the HTTP server
- Wire both services into the TDD command alongside `configService`
- Add unit tests for both new services

## Test plan

- [x] Run `vizzly login` to authenticate
- [x] Run `vizzly tdd start` 
- [x] Open http://localhost:47392 and navigate to Projects tab
- [x] Verify user is shown as signed in (not "Not signed in")
- [x] Verify project mappings load correctly
- [x] Run unit tests: `node --test tests/services/auth-service.test.js
tests/services/project-service.test.js`

Author: Robdel12

src/commands/run.js

@@ -206,6 +206,8 @@ export async function runCommand(
     });
 
     // Create server manager (functional object)
+    // Note: Unlike TDD mode, run command doesn't need authService/projectService
+    // because it has no interactive dashboard - it's a one-shot CI command
     serverManager = createServerManager(configWithVerbose, {});
 
     // Create build manager (functional object)

src/commands/tdd.js

@@ -12,8 +12,10 @@ import {
 } from '../api/index.js';
 import { VizzlyError } from '../errors/vizzly-error.js';
 import { createServerManager as defaultCreateServerManager } from '../server-manager/index.js';
+import { createAuthService as defaultCreateAuthService } from '../services/auth-service.js';
 import { createBuildObject as defaultCreateBuildObject } from '../services/build-manager.js';
 import { createConfigService as defaultCreateConfigService } from '../services/config-service.js';
+import { createProjectService as defaultCreateProjectService } from '../services/project-service.js';
 import {
   initializeDaemon as defaultInitializeDaemon,
   runTests as defaultRunTests,
@@ -47,7 +49,9 @@ export async function tddCommand(
     getBuild = defaultGetBuild,
     createServerManager = defaultCreateServerManager,
     createBuildObject = defaultCreateBuildObject,
+    createAuthService = defaultCreateAuthService,
     createConfigService = defaultCreateConfigService,
+    createProjectService = defaultCreateProjectService,
     initializeDaemon = defaultInitializeDaemon,
     runTests = defaultRunTests,
     detectBranch = defaultDetectBranch,
@@ -117,11 +121,17 @@ export async function tddCommand(
     output.startSpinner('Initializing TDD server...');
     let configWithVerbose = { ...config, verbose: globalOptions.verbose };
 
-    // Create config service for dashboard settings page
+    // Create services for dashboard tabs
     let configService = createConfigService({ workingDir: process.cwd() });
+    let authService = createAuthService();
+    let projectService = createProjectService();
 
     // Create server manager (functional object)
-    serverManager = createServerManager(configWithVerbose, { configService });
+    serverManager = createServerManager(configWithVerbose, {
+      configService,
+      authService,
+      projectService,
+    });
 
     // Create build manager (functional object that provides the interface runTests expects)
     let buildManager = {

src/services/auth-service.js

@@ -0,0 +1,131 @@
+/**
+ * Auth Service
+ * Wraps auth operations for use by the HTTP server
+ *
+ * Provides the interface expected by src/server/routers/auth.js:
+ * - isAuthenticated() - Returns boolean, false if no tokens or API call fails
+ * - whoami() - Throws if not authenticated or tokens invalid
+ * - initiateDeviceFlow() - Throws on API error
+ * - pollDeviceAuthorization(deviceCode) - Returns pending status or tokens, throws on error
+ * - completeDeviceFlow(tokens) - Saves tokens to global config
+ * - logout() - Clears local tokens, may warn if server revocation fails
+ * - authenticatedRequest(endpoint, options) - Throws 'Not authenticated' if no tokens
+ *
+ * Error handling:
+ * - isAuthenticated() never throws, returns false on any error
+ * - whoami() throws if tokens are missing/invalid (caller should check isAuthenticated first)
+ * - authenticatedRequest() throws 'Not authenticated' if no access token
+ * - Device flow methods throw on API errors (network, server errors)
+ */
+
+import { createAuthClient } from '../auth/client.js';
+import * as authOps from '../auth/operations.js';
+import { getApiUrl } from '../utils/environment-config.js';
+import {
+  clearAuthTokens,
+  getAuthTokens,
+  saveAuthTokens,
+} from '../utils/global-config.js';
+
+/**
+ * Create an auth service instance
+ * @param {Object} [options]
+ * @param {string} [options.apiUrl] - API base URL (defaults to VIZZLY_API_URL or https://app.vizzly.dev)
+ * @param {Object} [options.httpClient] - Injectable HTTP client (for testing)
+ * @param {Object} [options.tokenStore] - Injectable token store (for testing)
+ * @returns {Object} Auth service
+ */
+export function createAuthService(options = {}) {
+  let apiUrl = options.apiUrl || getApiUrl();
+
+  // Create HTTP client for API requests (uses auth client for proper auth handling)
+  // Allow injection for testing
+  let httpClient = options.httpClient || createAuthClient({ baseUrl: apiUrl });
+
+  // Create token store adapter for global config
+  // Allow injection for testing
+  let tokenStore = options.tokenStore || {
+    getTokens: getAuthTokens,
+    saveTokens: saveAuthTokens,
+    clearTokens: clearAuthTokens,
+  };
+
+  return {
+    /**
+     * Check if user is authenticated
+     * @returns {Promise<boolean>}
+     */
+    async isAuthenticated() {
+      return authOps.isAuthenticated(httpClient, tokenStore);
+    },
+
+    /**
+     * Get current user information
+     * @returns {Promise<Object>} User and organization data
+     */
+    async whoami() {
+      return authOps.whoami(httpClient, tokenStore);
+    },
+
+    /**
+     * Initiate OAuth device flow
+     * @returns {Promise<Object>} Device code info
+     */
+    async initiateDeviceFlow() {
+      return authOps.initiateDeviceFlow(httpClient);
+    },
+
+    /**
+     * Poll for device authorization
+     * @param {string} deviceCode
+     * @returns {Promise<Object>} Token data or pending status
+     */
+    async pollDeviceAuthorization(deviceCode) {
+      return authOps.pollDeviceAuthorization(httpClient, deviceCode);
+    },
+
+    /**
+     * Complete device flow and save tokens
+     * @param {Object} tokens - Token data
+     * @returns {Promise<Object>}
+     */
+    async completeDeviceFlow(tokens) {
+      return authOps.completeDeviceFlow(tokenStore, tokens);
+    },
+
+    /**
+     * Logout and revoke tokens
+     * @returns {Promise<void>}
+     */
+    async logout() {
+      return authOps.logout(httpClient, tokenStore);
+    },
+
+    /**
+     * Refresh access token
+     * @returns {Promise<Object>} New tokens
+     */
+    async refresh() {
+      return authOps.refresh(httpClient, tokenStore);
+    },
+
+    /**
+     * Make an authenticated request to the API
+     * Used by cloud-proxy router for proxying requests
+     * @param {string} endpoint - API endpoint
+     * @param {Object} options - Fetch options
+     * @returns {Promise<Object>} Response data
+     */
+    async authenticatedRequest(endpoint, options = {}) {
+      let auth = await tokenStore.getTokens();
+      if (!auth?.accessToken) {
+        throw new Error('Not authenticated');
+      }
+      return httpClient.authenticatedRequest(
+        endpoint,
+        auth.accessToken,
+        options
+      );
+    },
+  };
+}

src/services/project-service.js

@@ -0,0 +1,148 @@
+/**
+ * Project Service
+ * Wraps project operations for use by the HTTP server
+ *
+ * Provides the interface expected by src/server/routers/projects.js:
+ * - listProjects() - Returns [] if not authenticated
+ * - listMappings() - Returns [] if no mappings
+ * - getMapping(directory) - Returns null if not found
+ * - createMapping(directory, projectData) - Throws on invalid input
+ * - removeMapping(directory) - Throws on invalid directory
+ * - getRecentBuilds(projectSlug, organizationSlug, options) - Returns [] if not authenticated
+ *
+ * Error handling:
+ * - API methods (listProjects, getRecentBuilds) return empty arrays when not authenticated
+ * - Local methods (listMappings, getMapping) never require authentication
+ * - Validation errors (createMapping, removeMapping) throw with descriptive messages
+ */
+
+import { createAuthClient } from '../auth/client.js';
+import * as projectOps from '../project/operations.js';
+import { getApiUrl } from '../utils/environment-config.js';
+import {
+  deleteProjectMapping,
+  getAuthTokens,
+  getProjectMapping,
+  getProjectMappings,
+  saveProjectMapping,
+} from '../utils/global-config.js';
+
+/**
+ * Create a project service instance
+ * @param {Object} [options]
+ * @param {string} [options.apiUrl] - API base URL (defaults to VIZZLY_API_URL or https://app.vizzly.dev)
+ * @param {Object} [options.httpClient] - Injectable HTTP client (for testing)
+ * @param {Object} [options.mappingStore] - Injectable mapping store (for testing)
+ * @param {Function} [options.getAuthTokens] - Injectable token getter (for testing)
+ * @returns {Object} Project service
+ */
+export function createProjectService(options = {}) {
+  let apiUrl = options.apiUrl || getApiUrl();
+
+  // Create HTTP client once at service creation (not per-request)
+  // Allow injection for testing
+  let httpClient = options.httpClient || createAuthClient({ baseUrl: apiUrl });
+
+  // Create mapping store adapter for global config
+  // Allow injection for testing
+  let mappingStore = options.mappingStore || {
+    getMappings: getProjectMappings,
+    getMapping: getProjectMapping,
+    saveMapping: saveProjectMapping,
+    deleteMapping: deleteProjectMapping,
+  };
+
+  // Allow injection of getAuthTokens for testing
+  let tokenGetter = options.getAuthTokens || getAuthTokens;
+
+  /**
+   * Create an OAuth client with current access token
+   * @returns {Promise<Object|null>} OAuth client or null if not authenticated
+   */
+  async function createOAuthClient() {
+    let auth = await tokenGetter();
+    if (!auth?.accessToken) {
+      return null;
+    }
+
+    // Wrap authenticatedRequest to auto-inject the access token
+    return {
+      authenticatedRequest: (endpoint, fetchOptions = {}) =>
+        httpClient.authenticatedRequest(
+          endpoint,
+          auth.accessToken,
+          fetchOptions
+        ),
+    };
+  }
+
+  return {
+    /**
+     * List all projects from API
+     * Returns empty array if not authenticated (projectOps handles null oauthClient)
+     * @returns {Promise<Array>} Array of projects, empty if not authenticated
+     */
+    async listProjects() {
+      let oauthClient = await createOAuthClient();
+      // projectOps.listProjects handles null oauthClient by returning []
+      return projectOps.listProjects({ oauthClient, apiClient: null });
+    },
+
+    /**
+     * List all project mappings
+     * @returns {Promise<Array>} Array of project mappings
+     */
+    async listMappings() {
+      return projectOps.listMappings(mappingStore);
+    },
+
+    /**
+     * Get project mapping for a specific directory
+     * @param {string} directory - Directory path
+     * @returns {Promise<Object|null>} Project mapping or null
+     */
+    async getMapping(directory) {
+      return projectOps.getMapping(mappingStore, directory);
+    },
+
+    /**
+     * Create or update project mapping
+     * @param {string} directory - Directory path
+     * @param {Object} projectData - Project data
+     * @returns {Promise<Object>} Created mapping
+     */
+    async createMapping(directory, projectData) {
+      return projectOps.createMapping(mappingStore, directory, projectData);
+    },
+
+    /**
+     * Remove project mapping
+     * @param {string} directory - Directory path
+     * @returns {Promise<void>}
+     */
+    async removeMapping(directory) {
+      return projectOps.removeMapping(mappingStore, directory);
+    },
+
+    /**
+     * Get recent builds for a project
+     * Returns empty array if not authenticated (projectOps handles null oauthClient)
+     * @param {string} projectSlug - Project slug
+     * @param {string} organizationSlug - Organization slug
+     * @param {Object} options - Query options
+     * @returns {Promise<Array>} Array of builds, empty if not authenticated
+     */
+    async getRecentBuilds(projectSlug, organizationSlug, options = {}) {
+      let oauthClient = await createOAuthClient();
+      // projectOps.getRecentBuilds handles null oauthClient by returning []
+      return projectOps.getRecentBuilds({
+        oauthClient,
+        apiClient: null,
+        projectSlug,
+        organizationSlug,
+        limit: options.limit,
+        branch: options.branch,
+      });
+    },
+  };
+}