openclacky 1.2.7 → 1.2.9

data/lib/clacky/server/http_server.rb

@@ -370,6 +370,11 @@ module Clacky
           30
         elsif path.end_with?("/benchmark")
           20
+        elsif path == "/api/media/image"
+          # Image generation routes through OpenRouter (chat completions
+          # with modalities:["image"]); end-to-end latency is commonly
+          # 20-60s and can exceed 2 minutes for or-gpt-image-2 under load.
+          300
         else
           10
         end
@@ -399,6 +404,7 @@ module Clacky
         when ["PATCH",  "/api/config/settings"]  then api_update_settings(req, res)
         when ["POST",   "/api/config/models"] then api_add_model(req, res)
         when ["POST",   "/api/config/test"]   then api_test_config(req, res)
+        when ["GET",    "/api/config/media"]  then api_get_media_config(res)
         when ["GET",    "/api/providers"]     then api_list_providers(res)
         when ["GET",    "/api/onboard/status"]    then api_onboard_status(res)
         when ["GET",    "/api/browser/status"]    then api_browser_status(res)
@@ -430,14 +436,16 @@ module Clacky
         when ["POST",   "/api/upload"]            then api_upload_file(req, res)
         when ["POST",   "/api/file-action"]       then api_file_action(req, res)
         when ["GET",    "/api/local-image"]       then api_serve_local_image(req, res)
+        when ["POST",   "/api/media/image"]       then api_media_image(req, res)
+        when ["GET",    "/api/media/types"]       then api_media_types(res)
         when ["GET",    "/api/version"]           then api_get_version(res)
         when ["POST",   "/api/version/upgrade"]   then api_upgrade_version(req, res)
         when ["POST",   "/api/restart"]           then api_restart(req, res)
         when ["GET",    "/api/billing/summary"]   then api_billing_summary(req, res)
         when ["GET",    "/api/billing/daily"]     then api_billing_daily(req, res)
         when ["GET",    "/api/billing/records"]   then api_billing_records(req, res)
-        when ["DELETE", "/api/billing/clear"]     then api_billing_clear(req, res)
-        when ["PATCH",  "/api/sessions/:id/model"] then api_switch_session_model(req, res)
+        when ["GET",    "/api/billing/sessions"]  then api_billing_sessions(req, res)
+        when ["DELETE", "/api/billing/clear"]     then api_billing_clear(req, res)        when ["PATCH",  "/api/sessions/:id/model"] then api_switch_session_model(req, res)
         when ["PATCH",  "/api/sessions/:id/working_dir"] then api_change_session_working_dir(req, res)
         else
           if method == "POST" && path.match?(%r{^/api/channels/[^/]+/send$})
@@ -523,6 +531,9 @@ module Clacky
           elsif method == "DELETE" && path.match?(%r{^/api/config/models/[^/]+$})
             id = path.sub("/api/config/models/", "")
             api_delete_model(id, res)
+          elsif method == "PATCH" && path.match?(%r{^/api/config/media/(image|video|audio)$})
+            kind = path.sub("/api/config/media/", "")
+            api_update_media_config(kind, req, res)
           elsif method == "POST" && path.match?(%r{^/api/cron-tasks/[^/]+/run$})
             name = URI.decode_www_form_component(path.sub("/api/cron-tasks/", "").sub("/run", ""))
             api_run_cron_task(name, res)
@@ -697,6 +708,158 @@ module Clacky
         json_response(res, 500, { ok: false, error: e.message })
       end
 
+      # POST /api/media/image
+      # Body: { "prompt": "...", "aspect_ratio": "landscape|square|portrait",
+      #         "output_dir": "<absolute path, optional>" }
+      # Routes to the model configured with type=image in agent_config.
+      def api_media_image(req, res)
+        body = parse_json_body(req)
+        return json_response(res, 400, { error: "Invalid JSON" }) unless body
+
+        prompt = body["prompt"].to_s
+        if prompt.strip.empty?
+          return json_response(res, 422, { error: "prompt is required" })
+        end
+
+        aspect_ratio = body["aspect_ratio"].to_s
+        aspect_ratio = "landscape" if aspect_ratio.empty?
+        output_dir   = body["output_dir"].to_s
+        output_dir   = @agent_config.default_working_dir || Dir.pwd if output_dir.empty?
+
+        result = Clacky::Media::Generator.new(@agent_config).generate_image(
+          prompt: prompt,
+          aspect_ratio: aspect_ratio,
+          output_dir: output_dir
+        )
+        if result["success"]
+          log_media_usage(result, prompt: prompt)
+        end
+        status = result["success"] ? 200 : 422
+        json_response(res, status, result)
+      rescue StandardError => e
+        json_response(res, 500, { error: e.message })
+      end
+
+      private def log_media_usage(result, prompt:)
+        usage = result["usage"]
+        cost  = result["cost_usd"]
+        return if usage.nil? && cost.nil?
+
+        parts = []
+        parts << "model=#{result["model"]}"
+        parts << "provider=#{result["provider"]}"
+        if usage.is_a?(Hash)
+          parts << "prompt_tokens=#{usage["prompt_tokens"]}"
+          parts << "completion_tokens=#{usage["completion_tokens"]}"
+          parts << "cache_read=#{usage["cache_read_tokens"]}" if usage["cache_read_tokens"].to_i > 0
+          parts << "cache_write=#{usage["cache_write_tokens"]}" if usage["cache_write_tokens"].to_i > 0
+        end
+        parts << format("cost_usd=%.6f", cost.to_f) if cost
+        parts << "prompt=#{prompt[0, 60].inspect}"
+        Clacky::Logger.info("[Media] image generated #{parts.join(" ")}")
+      end
+
+      # GET /api/media/types
+      # Returns which media types are configured in agent_config.models.
+      # Used by the media-gen skill to decide whether to surface generation
+      # capabilities to the user.
+      def api_media_types(res)
+        out = {}
+        Clacky::Providers::MEDIA_KINDS.each do |t|
+          state = @agent_config.media_state(t)
+          out[t] =
+            if state["configured"]
+              {
+                configured: true,
+                model:      state["model"],
+                base_url:   state["base_url"],
+                source:     state["source"]
+              }
+            else
+              { configured: false, source: "off" }
+            end
+        end
+        json_response(res, 200, out)
+      end
+
+      # GET /api/config/media
+      # Used by the Settings UI to render the tri-state media controls.
+      # Per-kind payload mirrors AgentConfig#media_state.
+      def api_get_media_config(res)
+        out = {}
+        Clacky::Providers::MEDIA_KINDS.each do |t|
+          state = @agent_config.media_state(t)
+          entry = @agent_config.find_model_by_type(t)
+          out[t] = {
+            source:     state["source"],
+            model:      state["model"],
+            base_url:   state["base_url"],
+            api_key_masked: entry ? mask_api_key(entry["api_key"]) : nil,
+            provider:   state["provider"],
+            available:  state["available"],
+            configured: state["configured"]
+          }
+        end
+
+        # Surface what the current default model can offer, even when the
+        # user is currently in "off" — the UI uses this to render the
+        # auto-mode preview ("Auto would use X").
+        default = @agent_config.find_model_by_type("default")
+        provider_id = default && Clacky::Providers.resolve_provider(
+          base_url: default["base_url"],
+          api_key:  default["api_key"]
+        )
+        defaults = {}
+        Clacky::Providers::MEDIA_KINDS.each do |t|
+          defaults[t] = {
+            provider:  provider_id,
+            model:     provider_id ? Clacky::Providers.default_media_model(provider_id, t) : nil,
+            available: provider_id ? Clacky::Providers.media_models(provider_id, t) : []
+          }
+        end
+
+        json_response(res, 200, { media: out, default_provider: defaults })
+      end
+
+      # PATCH /api/config/media/:kind
+      # Body: { source: "off"|"auto"|"custom", model?, base_url?, api_key?,
+      #         anthropic_format? }
+      # off / auto — remove any custom entry; "auto" lets the virtual
+      # derivation in AgentConfig#find_model_by_type take over.
+      # custom — replace any existing custom entry with the supplied fields.
+      def api_update_media_config(kind, req, res)
+        body = parse_json_body(req) || {}
+        source = body["source"].to_s
+        unless %w[off auto custom].include?(source)
+          return json_response(res, 422, { error: "invalid source" })
+        end
+
+        @agent_config.models.reject! { |m| m["type"] == kind }
+
+        if source == "custom"
+          model    = body["model"].to_s.strip
+          base_url = body["base_url"].to_s.strip
+          api_key  = body["api_key"].to_s
+          if model.empty? || base_url.empty? || api_key.empty? || api_key.include?("****")
+            return json_response(res, 422, { error: "model, base_url, api_key are required" })
+          end
+
+          @agent_config.models << {
+            "id"               => SecureRandom.uuid,
+            "model"            => model,
+            "base_url"         => base_url,
+            "api_key"          => api_key,
+            "anthropic_format" => body["anthropic_format"] || false,
+            "type"             => kind
+          }
+        end
+
+        @agent_config.save
+        json_response(res, 200, { ok: true, state: @agent_config.media_state(kind) })
+      rescue => e
+        json_response(res, 422, { error: e.message })
+      end
+
       # POST /api/onboard/complete
       # Called after key setup is done (soul_setup is optional/skipped).
       # Creates the default session if none exists yet, returns it.
@@ -1170,8 +1333,27 @@ module Clacky
         })
       end
 
-      # DELETE /api/billing/clear
-      # Clears billing records
+      # GET /api/billing/sessions
+      # Returns session-level billing summary
+      # Query params: period (day|week|month|year|all, default: month), model, limit
+      def api_billing_sessions(req, res)
+        require_relative "../billing/billing_store"
+
+        query = URI.decode_www_form(req.query_string.to_s).to_h
+        period = (query["period"] || "month").to_sym
+        model = query["model"]
+        limit = [(query["limit"] || "50").to_i, 200].min
+
+        store = Clacky::Billing::BillingStore.new
+        sessions = store.session_summary(period: period, model: model, limit: limit)
+
+        json_response(res, 200, {
+          sessions: sessions,
+          count: sessions.size
+        })
+      end
+
+      # DELETE /api/billing/clear      # Clears billing records
       # Query params: scope (today|all, default: today)
       def api_billing_clear(req, res)
         require_relative "../billing/billing_store"
@@ -1595,7 +1777,7 @@ module Clacky
       # Returns current config and running status for all supported platforms.
       # POST /api/tool/browser
       # Executes a browser tool action via the shared BrowserManager daemon.
-      # Used by skill scripts (e.g. feishu_setup.rb) to reuse the server's
+      # Used by skill scripts to reuse the server's
       # existing Chrome connection without spawning a second MCP daemon.
       #
       # Request body: JSON with same params as the browser tool
@@ -3266,8 +3448,13 @@ module Clacky
             type:             m["type"]
           }
         end
-        # Filter out auto-injected models (like lite) from UI display
-        models.reject! { |m| @agent_config.models[m[:index]]["auto_injected"] }
+        # Filter out auto-injected models (lite, derived media) AND media
+        # entries (image/video/audio) — those are managed via the dedicated
+        # media-config UI, not the chat-model card list.
+        models.reject! do |m|
+          raw = @agent_config.models[m[:index]]
+          raw["auto_injected"] || Clacky::Providers::MEDIA_KINDS.include?(raw["type"].to_s)
+        end
         json_response(res, 200, {
           models: models,
           current_index: @agent_config.current_model_index,
@@ -3487,29 +3674,51 @@ module Clacky
         return json_response(res, 400, { error: "Invalid JSON" }) unless body
 
         api_key = body["api_key"].to_s
-        # If masked, use the stored key from the matching model (by index or current)
         if api_key.include?("****")
           idx = body["index"]&.to_i || @agent_config.current_model_index
           api_key = @agent_config.models.dig(idx, "api_key").to_s
         end
 
-        begin
-          model = body["model"].to_s
-          test_client = Clacky::Client.new(
-            api_key,
-            base_url:         body["base_url"].to_s,
-            model:            model,
-            anthropic_format: body["anthropic_format"] || false
-          )
-          result = test_client.test_connection(model: model)
-          if result[:success]
-            json_response(res, 200, { ok: true, message: "Connected successfully" })
-          else
-            json_response(res, 200, { ok: false, message: result[:error].to_s })
-          end
-        rescue => e
-          json_response(res, 200, { ok: false, message: e.message })
+        model            = body["model"].to_s
+        base_url         = body["base_url"].to_s
+        anthropic_format = body["anthropic_format"] || false
+
+        result, used_base_url = try_test_with_base_url(api_key, base_url, model, anthropic_format)
+
+        if result[:success] && used_base_url != base_url
+          json_response(res, 200, {
+            ok:                  true,
+            message:             "Connected (auto-corrected base_url to add /v1)",
+            effective_base_url:  used_base_url
+          })
+        elsif result[:success]
+          json_response(res, 200, { ok: true, message: "Connected successfully" })
+        else
+          json_response(res, 200, { ok: false, message: result[:error].to_s })
         end
+      rescue => e
+        json_response(res, 200, { ok: false, message: e.message })
+      end
+
+      private def try_test_with_base_url(api_key, base_url, model, anthropic_format)
+        result = run_test_connection(api_key, base_url, model, anthropic_format)
+        return [result, base_url] if result[:success]
+        return [result, base_url] unless result[:status] == 404
+        return [result, base_url] if base_url.match?(%r{/v\d+/?\z})
+
+        candidate = "#{base_url.chomp("/")}/v1"
+        retried   = run_test_connection(api_key, candidate, model, anthropic_format)
+        retried[:success] ? [retried, candidate] : [result, base_url]
+      end
+
+      private def run_test_connection(api_key, base_url, model, anthropic_format)
+        client = Clacky::Client.new(
+          api_key,
+          base_url:         base_url,
+          model:            model,
+          anthropic_format: anthropic_format
+        )
+        client.test_connection(model: model)
       end
 
       # GET /api/providers — return built-in provider presets for quick setup
@@ -4386,7 +4595,9 @@ module Clacky
       # @param working_dir [String] working directory for the agent
       # @param permission_mode [Symbol] :confirm_all (default, human present) or
       #   :auto_approve (unattended — suppresses request_user_feedback waits)
-      def build_session(name:, working_dir:, permission_mode: :confirm_all, profile: "general", source: :manual, model_id: nil)
+      def build_session(name:, working_dir: nil, permission_mode: :confirm_all, profile: "general", source: :manual, model_id: nil)
+        working_dir ||= default_working_dir
+        FileUtils.mkdir_p(working_dir) unless Dir.exist?(working_dir)
         session_id = Clacky::SessionManager.generate_id
         @registry.create(session_id: session_id)
 

data/lib/clacky/server/scheduler.rb

@@ -223,11 +223,8 @@ module Clacky
         prompt    = read_task(task_name)
         name      = "⏰ #{schedule["name"]} #{Time.now.strftime("%H:%M")}"
 
-        working_dir = File.expand_path("~/clacky_workspace")
-        FileUtils.mkdir_p(working_dir)
-
         # Scheduled tasks run unattended — use auto_approve so request_user_feedback doesn't block.
-        session_id = @session_builder.call(name: name, working_dir: working_dir, permission_mode: :auto_approve, source: :cron)
+        session_id = @session_builder.call(name: name, permission_mode: :auto_approve, source: :cron)
 
         Clacky::Logger.info("scheduler_task_fired", task: task_name, session: session_id)
 

data/lib/clacky/shell_hook_loader.rb

@@ -0,0 +1,181 @@
+# frozen_string_literal: true
+
+require "json"
+require "open3"
+require "timeout"
+require "yaml"
+require "fileutils"
+
+module Clacky
+  # Loads declarative, shell-based hooks from ~/.clacky/hooks.yml and registers
+  # them on a HookManager. Each hook runs an external command rather than Ruby in
+  # the agent process, which keeps user-authored hooks sandboxed and safe.
+  #
+  # hooks.yml format:
+  #   hooks:
+  #     before_tool_use:
+  #       - name: guard            # optional label for logs
+  #         command: "~/.clacky/hook-scripts/guard.sh"
+  #         timeout: 10            # optional, seconds (default 10)
+  #     on_complete:
+  #       - command: "notify-send done"
+  #
+  # Runtime contract (per invocation):
+  #   - The event payload is passed to the command as JSON on STDIN.
+  #   - exit 0  → allow (default).
+  #   - exit 2  → deny; STDOUT becomes the denial reason. Only meaningful for
+  #               before_tool_use, which the agent checks for {action: :deny}.
+  #   - any other exit / timeout / crash → logged, treated as allow (a broken
+  #     hook must never wedge the agent).
+  class ShellHookLoader
+    DEFAULT_PATH    = File.expand_path("~/.clacky/hooks.yml")
+    DEFAULT_TIMEOUT = 10
+    DENY_EXIT_CODE  = 2
+
+    Result = Struct.new(:registered, :skipped, keyword_init: true)
+
+    def self.load_into(hook_manager, path: DEFAULT_PATH)
+      new(path: path).load_into(hook_manager)
+    end
+
+    # Create a starter hooks.yml plus an example guard script. Idempotent-ish:
+    # raises if hooks.yml already exists so we never clobber user config.
+    # @return [String] path to the created hooks.yml
+    def self.scaffold(path: DEFAULT_PATH)
+      raise ArgumentError, "hooks file already exists: #{path}" if File.exist?(path)
+
+      dir = File.dirname(path)
+      scripts_dir = File.join(dir, "hook-scripts")
+      FileUtils.mkdir_p(scripts_dir)
+
+      guard = File.join(scripts_dir, "deny-example.sh")
+      File.write(guard, <<~SH)
+        #!/usr/bin/env bash
+        # Example before_tool_use hook.
+        # Reads the event JSON on STDIN; exit 2 to DENY, exit 0 to ALLOW.
+        # STDOUT on exit 2 becomes the denial reason shown to the agent.
+        payload="$(cat)"
+        # Example: deny any terminal command containing "rm -rf /"
+        if echo "$payload" | grep -q 'rm -rf /'; then
+          echo "blocked dangerous command"
+          exit 2
+        fi
+        exit 0
+      SH
+      FileUtils.chmod("+x", guard)
+
+      File.write(path, <<~YAML)
+        # Declarative shell hooks. Each command receives the event payload as JSON
+        # on STDIN. For before_tool_use: exit 2 = deny (STDOUT = reason), exit 0 = allow.
+        # Events: #{HookManager::HOOK_EVENTS.join(", ")}
+        hooks:
+          before_tool_use:
+            - name: deny-example
+              command: "#{guard}"
+              timeout: 10
+        #  on_complete:
+        #    - command: "echo task finished"
+      YAML
+
+      path
+    end
+
+    def initialize(path: DEFAULT_PATH)
+      @path = path
+    end
+
+    # @return [Result] counts of registered hooks and skipped (with reasons)
+    def load_into(hook_manager)
+      result = Result.new(registered: [], skipped: [])
+      return result unless File.exist?(@path)
+
+      doc = YAMLCompat.load_file(@path) || {}
+      events = doc["hooks"] || {}
+
+      events.each do |event_name, specs|
+        event = event_name.to_sym
+        Array(specs).each do |spec|
+          register_one(hook_manager, event, spec, result)
+        end
+      end
+
+      result
+    rescue StandardError => e
+      Clacky::Logger.error("[ShellHookLoader] Failed to load #{@path}: #{e.message}")
+      result
+    end
+
+    private def register_one(hook_manager, event, spec, result)
+      command = spec["command"].to_s.strip
+      name    = spec["name"] || command
+      timeout = (spec["timeout"] || DEFAULT_TIMEOUT).to_i
+
+      if command.empty?
+        result.skipped << [name, "missing command"]
+        return
+      end
+
+      unless HookManager::HOOK_EVENTS.include?(event)
+        result.skipped << [name, "unknown event: #{event}"]
+        return
+      end
+
+      hook_manager.add(event) do |*args|
+        run_command(event, command, timeout, args)
+      end
+      result.registered << [event, name]
+    end
+
+    private def run_command(event, command, timeout, args)
+      payload = JSON.generate(build_payload(event, args))
+
+      out = +""
+      status = nil
+      Open3.popen3(command) do |stdin, stdout, _stderr, wait_thr|
+        stdin.write(payload)
+        stdin.close
+        if wait_thr.join(timeout)
+          out = stdout.read
+          status = wait_thr.value
+        else
+          Process.kill("TERM", wait_thr.pid) rescue nil
+          raise Timeout::Error
+        end
+      end
+
+      if status&.exitstatus == DENY_EXIT_CODE
+        { action: :deny, reason: out.strip.empty? ? "Denied by hook" : out.strip }
+      else
+        { action: :allow }
+      end
+    rescue Timeout::Error
+      Clacky::Logger.warn("[ShellHookLoader] Hook '#{command}' timed out after #{timeout}s — allowing")
+      { action: :allow }
+    rescue StandardError => e
+      Clacky::Logger.warn("[ShellHookLoader] Hook '#{command}' failed: #{e.message} — allowing")
+      { action: :allow }
+    end
+
+    # Normalize the positional trigger args of each event into a JSON-serializable hash.
+    private def build_payload(event, args)
+      base = { event: event.to_s }
+
+      case event
+      when :before_tool_use, :after_tool_use, :on_tool_error
+        base[:tool] = args[0]
+        base[:result] = args[1] if args.length > 1 && event == :after_tool_use
+        base[:error] = args[1].to_s if event == :on_tool_error && args[1]
+      when :on_start
+        base[:user_input] = args[0].to_s
+      when :on_iteration
+        base[:iteration] = args[0]
+      when :on_complete
+        base[:result] = args[0]
+      when :session_rollback
+        base[:info] = args[0]
+      end
+
+      base
+    end
+  end
+end

data/lib/clacky/telemetry.rb

@@ -23,6 +23,11 @@ module Clacky
   #   POST /api/v1/telemetry/startup
   #   POST /api/v1/telemetry/task
   module Telemetry
+    LAUNCH_SOURCES = {
+      "installer" => "installer",
+      nil         => "cli"
+    }.freeze
+
     class << self
       # Called on every CLI startup (agent and server mode).
       # No local dedup — the server deduplicates by device_hash for unique
@@ -32,11 +37,12 @@ module Clacky
 
         brand = Clacky::BrandConfig.load
         payload = {
-          device_id:    resolve_device_id(brand),
-          version:      Clacky::VERSION,
-          os:           RbConfig::CONFIG["host_os"],
-          ruby_version: RUBY_VERSION,
-          brand:        brand.branded? ? brand.package_name : nil
+          device_id:     resolve_device_id(brand),
+          version:       Clacky::VERSION,
+          os:            RbConfig::CONFIG["host_os"],
+          ruby_version:  RUBY_VERSION,
+          brand:         brand.branded? ? brand.package_name : nil,
+          launch_source: LAUNCH_SOURCES.fetch(ENV["CLACKY_LAUNCHED_BY"], "cli")
         }.compact
 
         fire_and_forget("/api/v1/telemetry/startup", payload)

data/lib/clacky/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clacky
-  VERSION = "1.2.7"
+  VERSION = "1.2.9"
 end