Skip to content

LifeOps live-validation operator lane: OWNER/AGENT OAuth grants, live connector send/read/sync, health/finance sandboxes, physical iOS/Android (carved from #8833) #11632

Description

@lalalune

Carved out of #8833 per its reopen guidance ("carve the remaining live-validation acceptance into explicit open successor issues and narrow this one to the static/code/view evidence already completed"). #8833 is being closed against the completed static/code/view/harness/doc half; this issue tracks the remaining live, account/device-backed operator lane — every row here requires artifacts an agent cannot create in CI (real OAuth grants, provider sandboxes, physical devices, interactive OS permission dialogs).

Runbook (already merged — follow these, fill the Result columns)

  • plugins/plugin-personal-assistant/docs/LIFEOPS_LIVE_VALIDATION.md — connector × OWNER/AGENT-state × env-var × skip-behavior matrix
  • plugins/plugin-personal-assistant/docs/owner-agent-validation-matrix.md — 9-state permission matrix definition
  • Evidence dir: .github/issue-evidence/8833-lifeops-live-validation/ (add a dated subdir per session, like 2026-07-02-keyless-run/)

Prerequisites to provision (item 1 of #8833)

  • OWNER Google account (Calendar + Gmail scopes) and a second AGENT Google account/grant
  • OWNER + AGENT identities for Telegram, Discord, Signal, WhatsApp, iMessage, X, Slack
  • Twilio test number + recipient allowlist
  • Health: HealthKit (iOS), Health Connect (Android), Fitbit/Oura/Strava/Withings sandboxes as applicable
  • Finance: Gmail billing corpus / CSV fixture / Plaid or PayPal sandbox
  • Physical devices: iOS/macOS (HealthKit, Family Controls, SelfControl) + Android (Health Connect, SMS default-role, Usage Access)
  • A model provider key (live states can't be driven through the planner without one — see runbook note)

Exact commands per session

# 0. Fresh checkout on develop; install
ELIZA_SKIP_ARTIFACT_SYNC=1 bun install

# 1. Put connector creds in .env (see per-connector env vars in LIFEOPS_LIVE_VALIDATION.md)

# 2. The consolidated 9-state OWNER/AGENT matrix harness (real AgentRuntime + PGLite).
#    Already green credential-free (evidence: 2026-07-02-keyless-run/owner-agent-permission-matrix.txt);
#    re-run it in the credentialed session to cover the live-grant states (expired/revoked/missing-scope):
LIFEOPS_PERMISSION_MATRIX=1 bunx vitest run \
  --config packages/test/vitest/integration.config.ts \
  plugins/plugin-personal-assistant/test/owner-agent-permission-matrix.integration.test.ts

# 3. Live connector suites — these skip cleanly without creds; with creds they go live:
TEST_LANE=post-merge bun run --cwd plugins/plugin-google test
TEST_LANE=post-merge bun run --cwd plugins/plugin-x test        # 15 skips become live
# (per-connector *.live.e2e.test.ts / *.real.test.ts live under packages/app-core/test and plugin dirs;
#  gating helpers: packages/app-core/test/helpers/{conditional-tests,live-provider}.ts)

# 4. Live views (populated states, both surfaces):
bun run dev              # complete first-run as OWNER at :2138 with a working model key
node .github/issue-evidence/8833-lifeops-live-validation/capture-views.mjs   # screenshots + video

# 5. Android on-device (device with owner Google account + SIM):
bun run --cwd packages/app build:android && # install, then capture:
bun run --cwd packages/app capture:android-emu   # or real-device adb capture
# Exercise: SMS default-role prompt, Usage Access toggle (focus/blocker), Health Connect grants

# 6. iOS/macOS on-device: HealthKit + Family Controls + SelfControl flows,
#    plus re-run live LifeOps views on a real iPhone (sim is env-gated — no Metal):
bun run --cwd packages/app capture:ios-sim   # shell-level; live views need real device

Per-state expectations (record evidence per connector)

The 9 states and expected behavior are enumerated in the runbook table (unauthenticated / OWNER ok / AGENT denied / expired-revoked / missing-scope / multi-grant-owner-wins / planned-tool / direct-handler / UI path). Invariants: owner-only actions deny non-owner; approval-required outbound routes through the approval queue (never sends silently); connector calls return typed DispatchResult.

Already done (do NOT redo — see #8833 for links)

Acceptance

Same as #8833's live half: every connector family has OWNER and AGENT evidence (or blocked with reason); OAuth/native-permission failures explicit + recoverable; approval-gated outbound validated e2e; matrix records exactly which accounts/devices/scopes/env vars/sandboxes were used; discovered bugs get linked issues.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions