Skip to content

chore: drop Twist branding and legacy migration code#1

Merged
amix merged 5 commits into
amix/ft.bootstrap-comms-clifrom
amix/cleanup-twist-references
May 20, 2026
Merged

chore: drop Twist branding and legacy migration code#1
amix merged 5 commits into
amix/ft.bootstrap-comms-clifrom
amix/cleanup-twist-references

Conversation

@amix

@amix amix commented May 20, 2026

Copy link
Copy Markdown
Member

Context

Comms is a hard fork of Twist with no upgrade path from twist-cli, so the v1→v2 auth migration shim, updateChannel dual-write back-compat, and every Twist / tw reference in source, docs, workflows, and skills are dead weight.

What was changed

  • Rebrand: TwistComms, twcm, twist.comcomms.todoist.com, twist-mention://comms-mention://, TWIST_INCLUDE_PRIVATE_CHANNELSCOMMS_*, TW_ACCESSIBLE/TW_SPINNERCM_*, CSS --twist-teal*--comms-teal*.
  • Identifiers: createTwistAuthProvidercreateCommsAuthProvider, attachTwist*CommandattachComms*Command, ParsedTwistUrl, TwistUrlRoute, TwistHandshake, looksLikeTwistAppUrl, test mocks.
  • File renames: skills/twist-cli/skills/comms-cli/, docs/twist-search.mddocs/comms-search.md, icons/twist-cli.{png,svg}icons/comms-cli.{png,svg}, update-twist-sdk.ymlupdate-comms-sdk.yml.
  • Drop legacy migration: delete src/lib/migrate-auth.{ts,test.ts}, remove isLegacyAuthActive / assertV2Available / legacy snapshot fallbacks from auth-provider.ts, drop LEGACY_KEYRING_ACCOUNT, drop AUTH_MIGRATION_PENDING error code, simplify postinstall.ts.
  • Drop legacy config fields: token, pendingSecureStoreClear, authMode, authScope, authUserId, authUserName at config root, plus config_version and the on-disk updateChannel alias.
  • Remove migrateLegacyChannelKey preAction in commands/update/index.ts.
  • Remove the Twist post-action release announcement step in .github/workflows/release.yml (no Comms equivalent yet).

Out of scope

Pre-existing type/test failures from the bootstrap commit (UUID strings vs numbers, namefullName, awayMode removal, etc.) are not addressed here.

Test plan

  • npm run lint:check passes
  • npm test — only pre-existing bootstrap failures remain (8 tests in away.test.ts + auth.test.ts status subcommand); no new failures from this PR
  • npm run type-check — only pre-existing bootstrap errors remain; nothing newly broken by the cleanup

🤖 Generated with Claude Code

Comms is a hard fork of Twist with no upgrade path from twist-cli, so the
v1→v2 auth migration shim, the `updateChannel` dual-write back-compat, and
every "Twist" / `tw` reference in source, docs, workflows, and skills are
dead weight.

Changes:
- Rebrand: `Twist` → `Comms`, `tw` → `cm`, `twist.com` → `comms.todoist.com`,
  `twist-mention://` → `comms-mention://`, `TWIST_INCLUDE_PRIVATE_CHANNELS`
  → `COMMS_INCLUDE_PRIVATE_CHANNELS`, `TW_ACCESSIBLE`/`TW_SPINNER` →
  `CM_ACCESSIBLE`/`CM_SPINNER`, CSS `--twist-teal*` → `--comms-teal*`.
- Identifiers: `createTwistAuthProvider` → `createCommsAuthProvider`,
  `attachTwist*Command` → `attachComms*Command`, `ParsedTwistUrl`,
  `TwistUrlRoute`, `TwistHandshake`, `looksLikeTwistAppUrl`, mocks, test
  helpers, etc.
- File renames: `skills/twist-cli/` → `skills/comms-cli/`,
  `docs/twist-search.md` → `docs/comms-search.md`, `icons/twist-cli.{png,svg}`
  → `icons/comms-cli.{png,svg}`, `.github/workflows/update-twist-sdk.yml`
  → `update-comms-sdk.yml`.
- Drop legacy migration: delete `src/lib/migrate-auth.{ts,test.ts}`,
  remove `isLegacyAuthActive` / `assertV2Available` / `readLegacyTokenSnapshot`
  / `dischargeLegacyState` from `auth-provider.ts`, drop the
  `LEGACY_KEYRING_ACCOUNT` constant, drop `AUTH_MIGRATION_PENDING` error
  code, simplify `postinstall.ts` to just update installed skills.
- Drop legacy config fields: `token`, `pendingSecureStoreClear`, `authMode`,
  `authScope`, `authUserId`, `authUserName` at config root, plus
  `config_version` and the camelCase `updateChannel` on-disk alias.
- Drop `migrateLegacyChannelKey` preAction in `commands/update/index.ts`.
- Remove the Twist post-action release announcement step in
  `.github/workflows/release.yml` (no Comms equivalent yet).

Pre-existing type/test failures noted in the bootstrap commit (UUID
strings vs numbers, `name` → `fullName`, `awayMode` removal, etc.) are
out of scope here.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@amix amix requested a review from doistbot May 20, 2026 15:01

@doistbot doistbot left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR effectively scrubs Twist branding and legacy v1→v2 migration logic to establish the new Comms identity. The comprehensive cleanup significantly reduces technical debt and streamlines the workspace for the new CLI. A few final adjustments are needed, specifically removing a missed legacy token resolution step, updating the SKILL_CONTENT reference, adjusting documentation to adhere to secrets-management standards for API tokens, and ensuring that manual-token accounts with empty IDs are still properly handled and tested in the account command.

Share FeedbackReview Logs

Comment thread docs/SPEC.md Outdated
Comment thread skills/comms-cli/SKILL.md Outdated
Comment thread src/commands/account/current.ts
Comment thread src/commands/account/account.test.ts
Comment thread README.md Outdated
- account/current: restore empty-id guard so `cm auth token` snapshots
  render as `source: "token-only"` instead of printing blank identity
  fields. `loginWithToken` still persists `{ id: '', label: '' }`.
- account.test: add regression coverage for the empty-id snapshot in
  both text and --json paths (replaces the deleted legacy-source tests).
- SKILL_CONTENT: document the new `source:"token-only"` payload variant.
- docs/SPEC: drop the dead "legacy plaintext token during auto-migration"
  step from token resolution priority.
- README: switch the manual-token example to the prompt-based flow
  (`cm auth token` with no arg) so the secret isn't visible in `ps` or
  shell history (matches the Doist secrets-management standard).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@amix amix requested a review from doistbot May 20, 2026 15:12

@doistbot doistbot left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR successfully completes a major cleanup by replacing all Twist branding with Comms equivalents and removing obsolete legacy migration logic and configuration fields. These changes significantly streamline the codebase and eliminate dead weight, making the CLI much easier to maintain. A couple of adjustments are needed before merging, specifically updating the skill documentation to reflect the new token-only source output and fully removing positional token arguments from the auth token command and tests to comply with the Secrets Management Standard.

Share FeedbackReview Logs

Comment thread skills/comms-cli/SKILL.md Outdated
Comment thread src/commands/auth/auth.test.ts Outdated
Doistbot flagged that the previous commit only updated the README — the
command itself still accepted `cm auth token <token>`, which violates the
Doist Secrets Management Standard (process lists + shell history leak the
secret).

- `cm auth token` no longer takes a positional argument; the only path is
  the hidden-input prompt or `COMMS_API_TOKEN` for non-interactive use.
- `loginWithToken()` is now zero-arg.
- Updated auth.test for the prompt-only flow.
- skills/comms-cli/SKILL.md: refresh the stale `source:"legacy"` comment to
  `source:"token-only"` to match `src/lib/skills/content.ts`.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@amix amix requested a review from doistbot May 20, 2026 15:23

@doistbot doistbot left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great cleanup that successfully transitions the project's branding from Twist to Comms while systematically removing obsolete v1 migration logic, legacy configurations, and workflow steps. Stripping out this dead weight significantly streamlines the codebase and removes unnecessary complexity from the authentication layer. To finalize the changes, a few adjustments are needed, such as regenerating the skill file to pass CI, ensuring proper test cleanup with try/finally blocks, extracting shared helpers for TTY mocks and account sentinels, and adding a quick regression test to verify positional tokens are properly rejected.

Share FeedbackReview Logs

Comment thread skills/comms-cli/SKILL.md Outdated
Comment thread src/commands/auth/auth.test.ts Outdated
Comment thread src/commands/account/current.ts Outdated
Comment thread src/commands/auth/auth.test.ts Outdated
Comment thread src/commands/auth/auth.test.ts Outdated
Rename:
- bin: `cm` → `tdc` (package.json, package-lock.json)
- env vars: `CM_ACCESSIBLE` → `TDC_ACCESSIBLE`, `CM_SPINNER` → `TDC_SPINNER`
- every code/doc/test reference to the CLI command name.

Doistbot pass 3 fixes:
- Regenerate skills/comms-cli/SKILL.md from src/lib/skills/content.ts
  (was stale at v2.41.2; now v0.1.0-alpha.1 with token-only payload).
- Move TTY/stdout cleanup in token-subcommand tests into afterEach so
  it runs even when an assertion fails mid-test.
- Extract `mockPromptAnswer` helper to deduplicate readline mocking
  across token tests.
- Add regression test that `tdc auth token <secret>` is rejected and
  never reaches `store.set`, preventing argv-based secret entry from
  regressing.

CI: each workflow now checks out `Doist/comms-sdk-typescript` as a
sibling under $GITHUB_WORKSPACE so the `file:../comms-sdk-typescript`
dep in package.json resolves on the runner. Main repo moves under
`comms-cli/` and every step gets `working-directory: comms-cli`.

Pre-existing bootstrap follow-ups (string-vs-number IDs, fullName/name,
awayMode SDK shape) still cause type-check + 8 test failures and remain
out of scope for this PR.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@amix amix requested a review from doistbot May 20, 2026 16:43

@doistbot doistbot left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR does a fantastic job scrubbing the legacy Twist branding, migration code, and configurations to fully embrace the Comms transition. The cleanup significantly lightens the codebase and successfully trims out outdated back-compat logic. There are a few adjustments needed to address workflow failures related to cross-repo checkouts and secure secret handling in PRs, as well as refining how token-only account states are centrally managed and tested. Finally, the scope of the new AI agent skill will need to be adjusted to ensure compliance with internal data access standards.

Share FeedbackReview Logs

Comment thread .github/workflows/update-comms-sdk.yml
Comment thread src/commands/account/current.ts Outdated
Comment thread src/commands/account/current.ts Outdated
Comment thread src/commands/account/account.test.ts Outdated
Comment thread .github/workflows/lint.yml Outdated
Comment thread skills/comms-cli/SKILL.md
@amix amix requested a review from scottlovegrove May 20, 2026 17:49
@amix amix marked this pull request as ready for review May 20, 2026 17:49
…s-repo checkout

Doistbot pass 4 raised three new issues; this commit addresses them.

**Manual-token handling across the account command group (P2 + P3):**
- Extract `MANUAL_TOKEN_ACCOUNT` constant and `isManualTokenAccount()`
  predicate in `auth-provider.ts` to centralise the `{ id: '', label: '' }`
  contract that `tdc auth token` writes.
- `tdc account list` now filters manual-token snapshots out of the
  rendered rows — they have no identity to display.
- `findAccountInStore` skips manual-token entries when resolving refs,
  so `tdc account use|remove <ref>` can no longer accidentally target
  the identity-less snapshot.
- `auth/token.ts` and `auth-provider.ts` now use the shared
  `MANUAL_TOKEN_ACCOUNT` constant instead of inline literals.
- Test assertion for token-only path no longer relies on a brittle
  spacing regex — asserts the regular header strings are absent.

**Revert CI cross-repo checkout (P1 security + CI failure):**
- The previous commit added `actions/checkout@v5` against
  `Doist/comms-sdk-typescript` with `secrets.GITHUB_TOKEN`. Doistbot
  flagged this as a Secrets Management Standard violation (secrets must
  not be used in `pull_request` workflows that execute untrusted PR
  code afterwards), and it also failed at runtime because the default
  `GITHUB_TOKEN` cannot access sibling private repos.
- Lint / test / skill-sync workflows are reverted to their pre-cleanup
  shape. CI will continue to fail on `npm ci` until `@doist/comms-sdk`
  is published to a private npm registry — that is a follow-up to the
  bootstrap commit, not the cleanup PR.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@amix amix merged commit b30c0a9 into amix/ft.bootstrap-comms-cli May 20, 2026
2 of 5 checks passed
@scottlovegrove scottlovegrove deleted the amix/cleanup-twist-references branch May 25, 2026 08:18
@doist-release-bot

Copy link
Copy Markdown
Contributor

🎉 This PR is included in version 1.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants