feat(team-mode): remote event-log adapter — Drive + LocalFolder backends (#277)

[jinhongkuan]

Closes #277.

Summary

• Implements v0 Productization §2: shifts team mode entirely off git as the inter-machine replication substrate, onto a pluggable BackendAdapter with two ship-day implementations: LocalFolderAdapter (NFS / Dropbox / syncthing) and GoogleDriveAdapter (per-team Drive folder + bundled OAuth client). Pull-only sync — no daemons, no webhooks, no Bicameral server in the loop.
• Setup wizard splits team-mode into Create / Join / LocalFolder branches. Create provisions the Drive folder and prints the literal share-text-to-teammates message. Join verifies access (404 / read-only both block) and confirms the resolved signer (default-No) before persisting. Identity confirmation surfaces the signer_email_fallback policy at the moment it matters.
• Drive integration uses Bicameral's bundled OAuth client (the same pattern gh / gcloud / cursor use; RFC 8252 native-app pattern). Scope: drive.file only. Token cache at ~/.bicameral/google-drive-token.json mode 0600.
• Colored security disclosure prints in the terminal before the browser opens, distinguishing CLI-on-machine from Bicameral-the-company. Mirrored on bicameral-ai.com/privacy in BicameralAI/bicameral#111.

Architecture

File	Purpose
events/backends/__init__.py	BackendAdapter ABC + get_backend(config) factory
events/backends/local_folder.py	sha256-idempotent LocalFolderAdapter
events/backends/google_drive.py	Drive Files API adapter; bundled client_id + client_secret; FolderNotFoundError / ReadOnlyAccessError for Join verify; create_folder for Create
events/team_adapter.py	TeamWriteAdapter accepts backend=, marks _dirty on writes, exposes flush_to_backend()
adapters/ledger.py	Refactored _read_collaboration_mode → _read_team_config(repo_path) -> dict; constructs backend, injects
handlers/sync_middleware.py	ensure_team_synced (30 s TTL pull) + flush_team_writes (post-handler push); errors swallowed at DEBUG
server.py	Wires both into dispatch (pull at top, flush in finally)
setup_wizard.py	Create/Join/LocalFolder dispatch + colored security disclosure + identity-confirm prompt at Join

Why bundled OAuth client (not operator-supplied)

Originally drafted with operator-supplied OAuth client (env var or ~/.bicameral/google-drive-client.json) per overcautious audit reading of OWASP A05. UX cost was a 5-step GCP console dance per user, killing onboarding. Pivoted to bundled-client per RFC 8252 native-app pattern (industry standard: gh, gcloud, cursor, every dev-tool OAuth client). Justification + threat-model in docs/google-oauth-verification-submission.md.

The client_secret in source is not a confidentiality boundary — it's a shared identifier. The actual security model is the consent screen + Google's verified-app badge + the open-source CLI auditability. (GitHub secret-scanning push protection flagged the secret on push; deliberately unblocked.)

Security model (mirrored at bicameral-ai.com/privacy)

• Decision data flows your-CLI ↔ Google directly. Bicameral the company does NOT receive copies. No Bicameral server in the loop.
• drive.file scope limits the CLI on the user's machine to files it creates in the team folder. Rest of user's Drive is invisible to the CLI; Google enforces server-side.
• What we DO see (as OAuth app publisher): aggregate API request counts + per-user OAuth consent records. Not contents.
• Trust dependency: same as any OAuth tool you install. Mitigated by source visibility.

Test plan

• pytest tests/test_backends_local_folder.py tests/test_backends_google_drive_unit.py tests/test_team_adapter_with_backend.py tests/test_team_round_trip_local_folder.py tests/test_sync_middleware_team.py tests/test_setup_wizard_team_backend.py — 53 pass, 1 platform-skip
• pytest tests/test_team_event_replay.py tests/test_event_writer.py — adjacent regression, 15 pass + 1 platform-skip
• ruff check events/ adapters/ledger.py handlers/sync_middleware.py setup_wizard.py tests/test_*team*.py tests/test_backends_*.py tests/test_sync_middleware_team.py — clean
• Dogfood end-to-end against the real GCP project (test user: jin@bicameral-ai.com): run bicameral-mcp setup → team → Create, complete browser OAuth, verify folder is created in Drive
• Submit OAuth consent screen for verification per docs/google-oauth-verification-submission.md so non-test-user flows don't see the unverified-app warning
• (After verification clears) repeat dogfood with a non-test-user account

Out of scope (separate issues)

• S3 / Dropbox / Box adapters (interface designed for them; bodies are P1 follow-ups)
• Real-time push, webhooks, polling daemons (explicitly rejected by v0 §2)
• Multi-folder-per-repo orchestration
• Encryption at rest beyond what the backend provides

Companion PRs

• BicameralAI/bicameral#111 — privacy page rewrite mirroring the corrected CLI disclosure

🤖 Generated with Claude Code

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 792becb0-34ff-42f0-af1c-6d05281a356e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 277-remote-event-log-adapter

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}