feat(connector): add proxy subcommand

[hyrious]

No description provided.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ab410a57-c226-4031-a0f3-d0463fad92cd

📥 Commits

Reviewing files that changed from the base of the PR and between 1172a09 and f2d0ff5.

📒 Files selected for processing (8)

• docs/commands.md
• docs/commands.zh-CN.md
• src/application/commands/connector/index.cli.test.ts
• src/application/commands/connector/proxy.ts
• src/application/commands/connector/shared.test.ts
• src/application/commands/connector/shared.ts
• src/application/commands/telemetry-decisions.test.ts
• src/i18n/catalog.ts

💤 Files with no reviewable changes (4)

• src/i18n/catalog.ts
• src/application/commands/connector/proxy.ts
• src/application/commands/connector/shared.ts
• src/application/commands/connector/index.cli.test.ts

✅ Files skipped from review due to trivial changes (2)

• docs/commands.md
• docs/commands.zh-CN.md

🚧 Files skipped from review as they are similar to previous changes (2)

• src/application/commands/telemetry-decisions.test.ts
• src/application/commands/connector/shared.test.ts

---

Summary by CodeRabbit

• New Features

  • Added a connector proxy command to forward provider API requests with selectable identity/app options and JSON/text output.

• Documentation

  • Added English and Chinese docs and CLI help for proxy usage, input formats, identity behavior (default org applies to proxy), and output shape.

• Tests

  • Expanded tests for proxy validation, request/response normalization, telemetry, and error mappings.

• Bug Fixes

  • Connector identity now sent via headers (not URL) and improved proxy error handling and telemetry.

Walkthrough

This PR introduces the oo connector proxy subcommand, enabling direct proxying of provider API requests with organization-scoped identity. Connector identity is refactored to stop mutating URLs (removed applyConnectorIdentityToUrl) and is applied via x-oo-organization headers. The proxy command accepts a service name and request details via --data (full JSON) or split flags (--endpoint, --method, --query, --headers, --body), supports --app-id/--alias and --organization/--personal selectors, validates/normalizes inputs, calls runConnectorProxy, and returns structured JSON or localized text output. The change includes proxy response schema validation, proxy-specific error mappings (including insufficient-credit detection), CLI tests, docs (EN/ZH), i18n keys, and telemetry rules for the new command.

Possibly related PRs

• oomol-lab/oo-cli#274: The main PR’s identity refactor for connector requests (removing applyConnectorIdentityToUrl/organization URL query usage and switching org identity to x-oo-organization headers) is directly related to PR #274’s earlier addition of organization identity to connector run.
• oomol-lab/oo-cli#151: The main PR’s connector proxy telemetry/property coverage is wired into the same privacy-constrained telemetry decision framework that PR #151 modified.
• oomol-lab/oo-cli#64: Extends the existing connector command/shared execution infrastructure added in that PR by adding runConnectorProxy and CLI proxy wiring.

🚥 Pre-merge checks | ✅ 3 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No pull request description was provided by the author; the description is empty and does not contain any information about the changeset.	Add a description explaining the proxy subcommand feature, its purpose, and any key implementation details or breaking changes.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat(connector): add proxy subcommand' follows the required format and clearly describes the main change: adding a proxy subcommand to the connector CLI.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch raspy-earwig

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/application/commands/connector/proxy.ts`:
- Around line 176-186: The telemetry call in context.telemetry.recordProperties
is sending raw user input via input.serviceName which violates the "no raw user
input" rule; update the properties to avoid sending free-form values by removing
or replacing the service property: change the recorded field (currently
referenced as input.serviceName) to a safe alternative such as a boolean flag
like has_service_name (e.g., service_present: input.serviceName !== undefined)
or a bucketed/normalized enum value, and ensure the change is applied where
context.telemetry.recordProperties is invoked (referencing the recordProperties
call and the input.serviceName symbol).

In `@src/application/commands/connector/shared.test.ts`:
- Around line 299-372: The test only covers the success path for
runConnectorProxy; add negative-path tests in
src/application/commands/connector/shared.test.ts that assert the connector
proxy error mapping branches (the insufficient-credit mapping and the
message/code variants implemented around runConnectorProxy lines ~718-763).
Specifically, add tests that mock the fetcher to return: (1) a response
body/error indicating insufficient credit and assert the mapped error
type/code/message from runConnectorProxy, and (2) responses with alternative
error shapes (message-only and code+message) and assert the function normalizes
them into the expected error object/throw behavior; reference the
runConnectorProxy function and its proxy error mapping logic when adding these
assertions. Ensure each test exercises and asserts the exact mapped output
(error code/message/structure) produced by runConnectorProxy.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b9ee279f-068a-4f9f-aeac-ff3ec51b13c8

📥 Commits

Reviewing files that changed from the base of the PR and between 316d78f and aeaa4f2.

📒 Files selected for processing (12)

• contrib/skills/shared/oo/references/connector-execution.md
• docs/commands.md
• docs/commands.zh-CN.md
• src/application/commands/connector/identity.test.ts
• src/application/commands/connector/identity.ts
• src/application/commands/connector/index.cli.test.ts
• src/application/commands/connector/index.ts
• src/application/commands/connector/proxy.ts
• src/application/commands/connector/shared.test.ts
• src/application/commands/connector/shared.ts
• src/application/commands/telemetry-decisions.test.ts
• src/i18n/catalog.ts

💤 Files with no reviewable changes (1)

• src/application/commands/connector/identity.test.ts

[BlackHole1]

Did a full pass over this PR. Overall the proxy subcommand is in good shape: the telemetry decision and manifest are in sync, and the error mapping, i18n, and bilingual docs are fairly complete; I ran lint / ts-check / knip / test on the branch and everything passes.

Left 11 inline comments. Overview:

major (2)

• An invalid --method value produces a badly misleading error ("Invalid format: . Use json."), reproduced locally
• The handler's error branches, the --data path, and the default text output have no test coverage at all

question (3)

• Removing the organization query parameter is a wire-contract change (#274 deliberately introduced the dual-write two days ago); needs server-side compatibility confirmation
• connectorProxyResponseSchema's strict requirement on data.headers can discard an entire successful response
• The proxy failure path records no http_status / error_code telemetry dimensions, unlike run

minor (6): invalidPayload errors lack the field path, usage errors are gated behind the login check, text output lacks the ?? "null" fallback, the telemetry test lacks regression assertions, --help reuses run-specific wording, and three gaps in the docs

Every item was reproduced/verified on a local checkout of the branch.

[BlackHole1]

Missing Zod validation for 'method', needs to be added, needs to support case-insensitivity.

[coderabbitai]

🧹 Nitpick comments (1)

src/application/commands/connector/shared.test.ts (1)

411-598: ⚡ Quick win

Extract repeated proxy test setup into a local factory at file end.

The repeated runConnectorProxy input and fetch-context wiring across these tests makes updates error-prone. Please centralize the shared setup into one local test factory and override per-case fields.

♻️ Suggested refactor

+function createProxyRunInput(overrides: Partial<Parameters<typeof runConnectorProxy>[0]> = {}) {
+    return {
+        apiKey: "secret-1",
+        endpoint: "oomol.com",
+        proxyRequest: {
+            endpoint: "/search",
+            method: "GET" as const,
+        },
+        serviceName: "tavily",
+        ...overrides,
+    };
+}
+
+function createProxyContext(fetcher: Fetcher) {
+    return createRequestContext({ fetcher });
+}
+
 test("runConnectorProxy surfaces message and errorCode on failed proxy responses", async () => {
-    const error = await expectCliUserError(runConnectorProxy(
-        {
-            apiKey: "secret-1",
-            endpoint: "oomol.com",
-            proxyRequest: {
-                endpoint: "/search",
-                method: "GET",
-            },
-            serviceName: "tavily",
-        },
-        createRequestContext({
-            fetcher: async () => new Response(JSON.stringify({
+    const error = await expectCliUserError(runConnectorProxy(
+        createProxyRunInput(),
+        createProxyContext(async () => new Response(JSON.stringify({
                 errorCode: "invalid_input",
                 message: "bad query",
                 success: false,
             }), {
                 status: 400,
-            }),
-        }),
+            })),
     ));

As per coding guidelines, "In test files, extract repeated setup (mock, stub, or setup objects) into a local factory function at the bottom of the file."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/application/commands/connector/shared.test.ts` around lines 411 - 598,
Extract the repeated test setup for runConnectorProxy into a single local
factory function (e.g., makeProxyTestInputs or buildProxyTestCtx) placed at the
bottom of the file; this factory should return the common input object (apiKey,
endpoint, proxyRequest.endpoint/method, serviceName) and a createRequestContext
wrapper that accepts a custom fetcher for each test to override the response or
thrown error (used in tests calling runConnectorProxy, createRequestContext,
expectCliUserError, and createFailedToOpenSocketError); update each test to call
the factory and only supply the differing fields (fetcher behavior and any
per-test input like errorCode or status) so shared wiring is centralized and
easy to maintain.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/application/commands/connector/shared.test.ts`:
- Around line 411-598: Extract the repeated test setup for runConnectorProxy
into a single local factory function (e.g., makeProxyTestInputs or
buildProxyTestCtx) placed at the bottom of the file; this factory should return
the common input object (apiKey, endpoint, proxyRequest.endpoint/method,
serviceName) and a createRequestContext wrapper that accepts a custom fetcher
for each test to override the response or thrown error (used in tests calling
runConnectorProxy, createRequestContext, expectCliUserError, and
createFailedToOpenSocketError); update each test to call the factory and only
supply the differing fields (fetcher behavior and any per-test input like
errorCode or status) so shared wiring is centralized and easy to maintain.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: cf8117a8-a0e8-42b8-a7bc-11e540697771

📥 Commits

Reviewing files that changed from the base of the PR and between aeaa4f2 and 94295a1.

📒 Files selected for processing (10)

• docs/commands.md
• docs/commands.zh-CN.md
• src/application/commands/connector/index.cli.test.ts
• src/application/commands/connector/proxy.ts
• src/application/commands/connector/run.ts
• src/application/commands/connector/shared.test.ts
• src/application/commands/connector/shared.ts
• src/application/commands/connector/telemetry.ts
• src/application/commands/telemetry-decisions.test.ts
• src/i18n/catalog.ts

✅ Files skipped from review due to trivial changes (3)

• src/application/commands/connector/telemetry.ts
• docs/commands.md
• docs/commands.zh-CN.md

🚧 Files skipped from review as they are similar to previous changes (3)

• src/application/commands/telemetry-decisions.test.ts
• src/application/commands/connector/index.cli.test.ts
• src/application/commands/connector/proxy.ts

[hyrious]

Handled the latest follow-up in 1172a09.

• Added Zod-level proxy method normalization/validation: method values are trimmed, uppercased, then validated against GET/POST/PUT/PATCH/DELETE, so --method get and --data {"method":"get"} normalize to GET while invalid values still fail through the proxy payload validator.
• Added CLI coverage for case-insensitive method normalization and kept a negative invalid-method test using TRACE.
• Updated EN/ZH command docs to state that method values are case-insensitive.
• Addressed the CodeRabbit nit by extracting repeated runConnectorProxy test setup into local helpers.

Validated locally with bun run lint:fix, bun run ts-check, targeted connector/telemetry tests, and full bun run test (1322 pass / 9 skip / 0 fail).

[hyrious]

Updated per latest direction in f2d0ff5: removed the proxy CLI app selector surface for this PR.

• Removed --app-id / --alias from oo connector proxy options and input schema.
• Removed proxy selector validation, i18n keys, docs, telemetry dimensions, and selector header forwarding.
• Removed proxy selector coverage from tests; proxy tests now only cover default connected app behavior plus identity selection.

Validation: bun run lint:fix, bun run ts-check, targeted connector/telemetry tests, and full bun run test all pass (1322 pass / 9 skip / 0 fail).

[hyrious]

Manual proxy smoke test after removing app selectors:

• ./oo connector proxy hackernews --endpoint https://hacker-news.firebaseio.com/v0/item/8863.json --method get --json returned HTTP 200 with the expected HN story payload.
• ./oo connector proxy gist --endpoint /gists/public --method get --query {"per_page":1} --json returned HTTP 200 with a public gist list response.

Both calls used only the default connected app selection; no CLI app selector parameters were involved.