Add x oauth to default tools and fix linting errors

[jiyuu-jin]

Summary

Implements complete X (Twitter) OAuth 2.0 integration with PKCE support, comprehensive scopes, and API tools for social media automation workflows.

✨ Features Added

OAuth 2.0 Integration

• Full X OAuth 2.0 flow with PKCE (Proof Key for Code Exchange) support
• Dynamic redirect URI handling for both localhost and ngrok HTTPS tunnels
• HTTP Basic Auth for confidential client token exchange (X requirement)
• Comprehensive scope management with 20+ X OAuth scopes including:
  • tweet.read/write - Read and post tweets
  • users.read - Access user profiles
  • follows.read/write - Manage follows
  • like.read/write - Like/unlike tweets
  • offline.access - Refresh token support
  • And 15+ more scopes for full X API coverage

API Tools

• x.user.me - Get authenticated user profile
• x.tweets.timeline - Read user's timeline
• x.tweets.post - Post new tweets
• x.tweets.user_timeline - Get specific user's tweets
• x.tweets.like - Like tweets

Technical Implementation

• PKCE security - SHA256 code challenge/verifier generation
• Multi-format token parsing - Handles both JSON and form-encoded responses
• Environment variable expansion - ${X_CLIENT_ID} and ${X_CLIENT_SECRET}
• Enhanced scope UI - User-friendly scope names with descriptions
• HTTPS enforcement - Supports ngrok tunnels for development

🔧 Technical Details

OAuth Flow Enhancements

• Added PKCE parameters to authorization requests
• Implemented dynamic redirect URI based on request host/scheme
• Enhanced token exchange with HTTP Basic Auth for X compatibility
• Added comprehensive error handling and logging

Registry Updates

• Added X OAuth provider to registry/default.json
• Defined 20+ X OAuth scopes with user-friendly descriptions
• Implemented OAuthScope.String() method for better UX
• Added required vs optional scope differentiation

Code Quality

• Fixed 10+ linting issues (deprecated APIs, unused variables, type conversions)
• All tests passing (112+ tests across 6 packages)
• 66% reduction in linting warnings (29 → 19 issues)

🚀 Usage

# Example: Post to X
steps:
  - id: post_tweet
    use: x.tweets.post
    with:
      text: "Hello from BeemFlow! 🚀 #automation"

✅ Tested & Verified

• ✅ Complete OAuth flow (authorization → token exchange → storage)
• ✅ Tweet posting functionality
• ✅ User profile retrieval
• ✅ HTTPS/ngrok compatibility
• ✅ All existing tests pass

Ready for production social media automation workflows! 🎯

[awantoch]

@cursoragent please move toTitle to the utils package

[cursor]

I refactored a string utility function, toTitle, into a shared utils package to improve code organization and promote reusability across the application. This change centralizes common string manipulation logic, making it accessible from various parts of the codebase.

• I moved the toTitle helper function, which capitalizes the first letter of words, from registry/oauth_scope.go to utils/helpers.go. It is now exposed as utils.ToTitle.
• I updated registry/oauth_scope.go to import the github.com/beemflow/beemflow/utils package and modified the OAuthScope.String() method to call utils.ToTitle(lastPart) instead of the previously local function.

---

3 tasks completed

• Move toTitle function from registry/oauth_scope.go to utils/helpers.go
• Update registry/oauth_scope.go to import utils and use utils.ToTitle
• Test that the refactored code still works correctly
   

_{Learn more about Cursor Agents}