@adversity/coding-tool-x 3.0.5 → 3.1.0

package/src/server/api/oauth.js

@@ -0,0 +1,294 @@
+'use strict';
+
+const express = require('express');
+const router = express.Router();
+const { OAUTH_PROVIDERS, getProviderConfig } = require('../config/oauth-providers');
+const {
+  startFlow,
+  getPendingFlow,
+  completeFlow,
+  failFlow,
+  cancelFlow,
+  exchangeCodeForToken,
+  refreshToken
+} = require('../services/oauth-service');
+const {
+  startCallbackServer,
+  stopCallbackServer,
+  isServerRunning
+} = require('../services/oauth-callback-server');
+const {
+  getAllTokens,
+  getToken,
+  saveToken,
+  updateToken,
+  deleteToken
+} = require('../services/oauth-token-storage');
+
+// Track callback servers by state
+const stateToPort = new Map();
+
+// GET /api/oauth/providers - List available OAuth providers
+router.get('/providers', (req, res) => {
+  try {
+    const providers = Object.entries(OAUTH_PROVIDERS).map(([id, config]) => ({
+      id,
+      name: config.name,
+      scopes: config.scopes
+    }));
+    res.json({ providers });
+  } catch (error) {
+    console.error('Error fetching OAuth providers:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// POST /api/oauth/start - Start OAuth flow
+router.post('/start', async (req, res) => {
+  try {
+    const { provider, channelId, mode = 'browser' } = req.body;
+
+    if (!provider) {
+      return res.status(400).json({ error: 'Missing required field: provider' });
+    }
+
+    // Validate provider
+    if (!OAUTH_PROVIDERS[provider]) {
+      return res.status(400).json({ error: `Unknown provider: ${provider}` });
+    }
+
+    const providerConfig = getProviderConfig(provider);
+    const { state, authUrl } = startFlow(provider, channelId);
+    const callbackPort = providerConfig.callbackPort;
+    const callbackPath = providerConfig.callbackPath;
+
+    // Track state -> port mapping
+    stateToPort.set(state, callbackPort);
+
+    // Start callback server
+    await startCallbackServer(callbackPort, callbackPath, async (callbackData) => {
+      const { code, state: cbState, error, errorDescription } = callbackData;
+
+      if (error) {
+        failFlow(cbState, `${error}: ${errorDescription || 'Unknown error'}`);
+        return;
+      }
+
+      if (!code) {
+        failFlow(cbState, 'No authorization code received');
+        return;
+      }
+
+      // Get pending flow to retrieve code verifier
+      const flow = getPendingFlow(cbState);
+      if (!flow) {
+        console.error('OAuth callback received for unknown state:', cbState);
+        return;
+      }
+
+      try {
+        // Exchange code for token
+        const tokenResult = await exchangeCodeForToken(
+          flow.provider,
+          code,
+          flow.codeVerifier
+        );
+
+        // Calculate expiry time
+        const now = Date.now();
+        const expiresAt = tokenResult.expiresIn
+          ? now + (tokenResult.expiresIn * 1000)
+          : null;
+
+        // Save token
+        const savedToken = saveToken({
+          provider: flow.provider,
+          channelId: flow.channelId,
+          accessToken: tokenResult.accessToken,
+          refreshToken: tokenResult.refreshToken,
+          idToken: tokenResult.idToken,
+          expiresAt,
+          scope: tokenResult.scope
+        });
+
+        // Mark flow as completed
+        completeFlow(cbState, savedToken.id);
+        console.log(`OAuth flow completed for provider: ${flow.provider}, tokenId: ${savedToken.id}`);
+      } catch (err) {
+        console.error('Error exchanging code for token:', err);
+        failFlow(cbState, err.message);
+      }
+    });
+
+    // Open browser if mode is 'browser'
+    if (mode === 'browser') {
+      try {
+        const open = require('open');
+        await open(authUrl);
+      } catch (err) {
+        console.error('Failed to open browser:', err);
+        // Don't fail the request, user can still open URL manually
+      }
+    }
+
+    res.json({
+      success: true,
+      stateId: state,
+      authUrl,
+      callbackPort
+    });
+  } catch (error) {
+    console.error('Error starting OAuth flow:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// GET /api/oauth/status/:stateId - Get OAuth flow status
+router.get('/status/:stateId', (req, res) => {
+  try {
+    const { stateId } = req.params;
+    const flow = getPendingFlow(stateId);
+
+    if (!flow) {
+      return res.status(404).json({
+        status: 'not_found',
+        error: 'OAuth flow not found or expired'
+      });
+    }
+
+    const response = {
+      status: flow.status
+    };
+
+    if (flow.status === 'completed' && flow.tokenId) {
+      response.tokenId = flow.tokenId;
+    }
+
+    if (flow.status === 'failed' && flow.error) {
+      response.error = flow.error;
+    }
+
+    res.json(response);
+  } catch (error) {
+    console.error('Error fetching OAuth status:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// POST /api/oauth/cancel/:stateId - Cancel OAuth flow
+router.post('/cancel/:stateId', (req, res) => {
+  try {
+    const { stateId } = req.params;
+
+    // Get port for this state
+    const port = stateToPort.get(stateId);
+
+    // Stop callback server if running
+    if (port && isServerRunning(port)) {
+      stopCallbackServer(port);
+    }
+
+    // Cancel the flow
+    cancelFlow(stateId);
+
+    // Clean up state -> port mapping
+    stateToPort.delete(stateId);
+
+    res.json({ success: true });
+  } catch (error) {
+    console.error('Error cancelling OAuth flow:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// GET /api/oauth/tokens - List all tokens (masked)
+router.get('/tokens', (req, res) => {
+  try {
+    const tokens = getAllTokens();
+    res.json({ tokens });
+  } catch (error) {
+    console.error('Error fetching OAuth tokens:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// GET /api/oauth/tokens/:tokenId - Get single token (masked)
+router.get('/tokens/:tokenId', (req, res) => {
+  try {
+    const token = getToken(req.params.tokenId);
+    if (!token) {
+      return res.status(404).json({ error: 'Token not found' });
+    }
+    // Return masked token info
+    const masked = {
+      ...token,
+      accessToken: token.accessToken ? token.accessToken.substring(0, 8) + '...' : null,
+      refreshToken: token.refreshToken ? token.refreshToken.substring(0, 8) + '...' : null
+    };
+    res.json(masked);
+  } catch (error) {
+    console.error('Error fetching OAuth token:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// DELETE /api/oauth/tokens/:tokenId - Delete a token
+router.delete('/tokens/:tokenId', (req, res) => {
+  try {
+    const { tokenId } = req.params;
+    const result = deleteToken(tokenId);
+    res.json(result);
+  } catch (error) {
+    if (error.message === 'Token not found') {
+      return res.status(404).json({ error: 'Token not found' });
+    }
+    console.error('Error deleting OAuth token:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// POST /api/oauth/refresh/:tokenId - Refresh a token
+router.post('/refresh/:tokenId', async (req, res) => {
+  try {
+    const { tokenId } = req.params;
+    const token = getToken(tokenId);
+
+    if (!token) {
+      return res.status(404).json({ error: 'Token not found' });
+    }
+
+    if (!token.refreshToken) {
+      return res.status(400).json({ error: 'Token does not have a refresh token' });
+    }
+
+    // Refresh the token
+    const refreshResult = await refreshToken(token.provider, token.refreshToken);
+
+    // Calculate new expiry time
+    const now = Date.now();
+    const expiresAt = refreshResult.expiresIn
+      ? now + (refreshResult.expiresIn * 1000)
+      : null;
+
+    // Update token in storage
+    const updatedToken = updateToken(tokenId, {
+      accessToken: refreshResult.accessToken,
+      refreshToken: refreshResult.refreshToken || token.refreshToken,
+      expiresAt,
+      scope: refreshResult.scope || token.scope
+    });
+
+    res.json({
+      success: true,
+      expiresAt: updatedToken.expiresAt
+    });
+  } catch (error) {
+    if (error.message === 'Token not found') {
+      return res.status(404).json({ error: 'Token not found' });
+    }
+    console.error('Error refreshing OAuth token:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+module.exports = router;

package/src/server/api/permissions.js

@@ -30,16 +30,16 @@ const permissionTemplatesService = require('../services/permission-templates-ser
 const router = express.Router();
 
 // Claude Code 设置文件路径
-function getClaudeSettingsPath(projectPath, isLocal = false) {
+function getClaudeSettingsPath(projectPath) {
   if (projectPath) {
-    return path.join(projectPath, '.claude', isLocal ? 'settings.local.json' : 'settings.json');
+    return path.join(projectPath, '.claude', 'settings.json');
   }
   return path.join(os.homedir(), '.claude', 'settings.json');
 }
 
 // 读取 Claude Code settings.json
-function readClaudeSettings(projectPath, isLocal = false) {
-  const settingsPath = getClaudeSettingsPath(projectPath, isLocal);
+function readClaudeSettings(projectPath) {
+  const settingsPath = getClaudeSettingsPath(projectPath);
   try {
     if (fs.existsSync(settingsPath)) {
       const content = fs.readFileSync(settingsPath, 'utf-8');
@@ -52,15 +52,29 @@ function readClaudeSettings(projectPath, isLocal = false) {
 }
 
 // 保存 Claude Code settings.json
-function saveClaudeSettings(projectPath, settings, isLocal = false) {
-  const settingsPath = getClaudeSettingsPath(projectPath, isLocal);
+function saveClaudeSettings(projectPath, settings) {
+  const settingsPath = getClaudeSettingsPath(projectPath);
   const settingsDir = path.dirname(settingsPath);
 
-  if (!fs.existsSync(settingsDir)) {
-    fs.mkdirSync(settingsDir, { recursive: true });
-  }
+  try {
+    // 确保目录存在
+    if (!fs.existsSync(settingsDir)) {
+      fs.mkdirSync(settingsDir, { recursive: true });
+    }
 
-  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2), 'utf-8');
+    // 写入文件
+    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2), 'utf-8');
+
+    // 验证文件已创建
+    if (!fs.existsSync(settingsPath)) {
+      throw new Error('文件写入后验证失败，文件未被创建');
+    }
+
+    return { success: true, path: settingsPath };
+  } catch (err) {
+    console.error('[Permissions API] Error saving Claude settings:', err);
+    throw new Error(`保存配置文件失败: ${err.message}`);
+  }
 }
 
 // 全局 all-allow 状态（内存中）
@@ -117,11 +131,11 @@ router.get('/', (req, res) => {
 /**
  * 保存项目的命令执行权限设置
  * POST /api/permissions
- * Body: { projectPath, settings: { allow, deny }, isLocal }
+ * Body: { projectPath, settings: { allow, deny } }
  */
 router.post('/', (req, res) => {
   try {
-    const { projectPath, settings: newPermissions, isLocal = false } = req.body;
+    const { projectPath, settings: newPermissions } = req.body;
 
     if (!projectPath) {
       return res.status(400).json({
@@ -138,7 +152,7 @@ router.post('/', (req, res) => {
     }
 
     // 读取现有设置
-    const settings = readClaudeSettings(projectPath, isLocal);
+    const settings = readClaudeSettings(projectPath);
 
     // 更新权限设置（使用 Claude Code 的标准格式）
     settings.permissions = {
@@ -147,12 +161,13 @@ router.post('/', (req, res) => {
     };
 
     // 保存设置
-    saveClaudeSettings(projectPath, settings, isLocal);
+    const saveResult = saveClaudeSettings(projectPath, settings);
 
     res.json({
       success: true,
       message: '权限设置已保存',
-      savedTo: isLocal ? '.claude/settings.local.json' : '.claude/settings.json'
+      savedTo: '.claude/settings.json',
+      fullPath: saveResult.path
     });
   } catch (err) {
     console.error('[Permissions API] Save permissions error:', err);

package/src/server/codex-proxy-server.js

@@ -10,7 +10,7 @@ const DEFAULT_CONFIG = require('../config/default');
 const { resolvePricing } = require('./utils/pricing');
 const { recordRequest: recordCodexRequest } = require('./services/codex-statistics-service');
 const { saveProxyStartTime, clearProxyStartTime, getProxyStartTime, getProxyRuntime } = require('./services/proxy-runtime');
-const { getEnabledChannels, writeCodexConfigForMultiChannel } = require('./services/codex-channels');
+const { getEnabledChannels, writeCodexConfigForMultiChannel, getEffectiveApiKey } = require('./services/codex-channels');
 const { CLAUDE_MODEL_PRICING } = require('../config/model-pricing');
 
 let proxyServer = null;
@@ -20,6 +20,10 @@ let currentPort = null;
 // 用于存储每个请求的元数据
 const requestMetadata = new Map();
 
+// 用于缓存已打印过的模型重定向规则，避免重复打印
+// 格式: { channelId: { "originalModel": "redirectedModel", ... } }
+const printedRedirectCache = new Map();
+
 // OpenAI 模型定价（每百万 tokens 的价格，单位：美元）
 // Claude 模型使用 config/model-pricing.js 中的集中定价
 const PRICING = {
@@ -253,7 +257,8 @@ async function startCodexProxyServer(options = {}) {
       });
 
       proxyReq.removeHeader('authorization');
-      proxyReq.setHeader('authorization', `Bearer ${activeChannel.apiKey}`);
+      const effectiveKey = getEffectiveApiKey(activeChannel);
+      proxyReq.setHeader('authorization', `Bearer ${effectiveKey}`);
       proxyReq.setHeader('openai-beta', 'responses=experimental');
       if (!proxyReq.getHeader('content-type')) {
         proxyReq.setHeader('content-type', 'application/json');
@@ -283,7 +288,14 @@ async function startCodexProxyServer(options = {}) {
             req.body.model = redirectedModel;
             // 更新 rawBody 以匹配修改后的 body
             req.rawBody = Buffer.from(JSON.stringify(req.body));
-            console.log(`[Codex Model Redirect] ${originalModel} → ${redirectedModel} (channel: ${channel.name})`);
+
+            // 只在重定向规则变化时打印日志（避免每次请求都打印）
+            const cachedRedirects = printedRedirectCache.get(channel.id) || {};
+            if (cachedRedirects[originalModel] !== redirectedModel) {
+              cachedRedirects[originalModel] = redirectedModel;
+              printedRedirectCache.set(channel.id, cachedRedirects);
+              console.log(`[Codex Model Redirect] ${originalModel} → ${redirectedModel} (channel: ${channel.name})`);
+            }
           }
         }
 
@@ -648,8 +660,22 @@ function getCodexProxyStatus() {
   };
 }
 
+/**
+ * 清除指定渠道的模型重定向日志缓存
+ * 用于在渠道配置更新后触发重新打印日志
+ * @param {string} channelId - 渠道 ID
+ */
+function clearCodexRedirectCache(channelId) {
+  if (channelId) {
+    printedRedirectCache.delete(channelId);
+  } else {
+    printedRedirectCache.clear();
+  }
+}
+
 module.exports = {
   startCodexProxyServer,
   stopCodexProxyServer,
-  getCodexProxyStatus
+  getCodexProxyStatus,
+  clearCodexRedirectCache
 };

package/src/server/config/oauth-providers.js

@@ -0,0 +1,68 @@
+'use strict';
+
+const OAUTH_PROVIDERS = {
+  claude: {
+    name: 'Claude Pro',
+    authUrl: 'https://claude.ai/oauth/authorize',
+    tokenUrl: 'https://console.anthropic.com/v1/oauth/token',
+    clientId: '9d1c250a-e61b-44d9-88ed-5944d1962f5e',
+    redirectUri: 'http://localhost:54545/callback',
+    scopes: ['org:create_api_key', 'user:profile', 'user:inference'],
+    authType: 'pkce',
+    callbackPort: 54545,
+    callbackPath: '/callback'
+  },
+
+  codex: {
+    name: 'OpenAI Codex',
+    authUrl: 'https://auth.openai.com/oauth/authorize',
+    tokenUrl: 'https://auth.openai.com/oauth/token',
+    clientId: 'app_EMoamEEZ73f0CkXaXp7hrann',
+    redirectUri: 'http://localhost:1455/auth/callback',
+    scopes: ['openid', 'profile', 'email', 'offline_access'],
+    authType: 'pkce',
+    extraParams: {
+      codex_cli_simplified_flow: 'true',
+      originator: 'ctx'
+    },
+    tokenContentType: 'application/x-www-form-urlencoded',
+    callbackPort: 1455,
+    callbackPath: '/auth/callback'
+  },
+
+  gemini: {
+    name: 'Google Gemini',
+    authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
+    tokenUrl: 'https://oauth2.googleapis.com/token',
+    clientId: '681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com',
+    clientSecret: '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',
+    redirectUri: 'http://localhost:51121/callback',
+    scopes: [
+      'https://www.googleapis.com/auth/cloud-platform',
+      'https://www.googleapis.com/auth/userinfo.email',
+      'https://www.googleapis.com/auth/userinfo.profile',
+      'https://www.googleapis.com/auth/cclog',
+      'https://www.googleapis.com/auth/experimentsandconfigs'
+    ],
+    authType: 'standard',
+    extraParams: {
+      access_type: 'offline',
+      prompt: 'consent'
+    },
+    callbackPort: 51121,
+    callbackPath: '/callback'
+  }
+};
+
+function getProviderConfig(provider) {
+  const config = OAUTH_PROVIDERS[provider];
+  if (!config) {
+    throw new Error(`Unknown OAuth provider: ${provider}`);
+  }
+  return { ...config };
+}
+
+module.exports = {
+  OAUTH_PROVIDERS,
+  getProviderConfig
+};

package/src/server/gemini-proxy-server.js

@@ -10,6 +10,7 @@ const DEFAULT_CONFIG = require('../config/default');
 const { resolvePricing } = require('./utils/pricing');
 const { recordRequest: recordGeminiRequest } = require('./services/gemini-statistics-service');
 const { saveProxyStartTime, clearProxyStartTime, getProxyStartTime, getProxyRuntime } = require('./services/proxy-runtime');
+const { getEffectiveApiKey } = require('./services/gemini-channels');
 
 let proxyServer = null;
 let proxyApp = null;
@@ -18,6 +19,10 @@ let currentPort = null;
 // 用于存储每个请求的元数据
 const requestMetadata = new Map();
 
+// 用于缓存已打印过的模型重定向规则，避免重复打印
+// 格式: { channelId: { "originalModel": "redirectedModel", ... } }
+const printedGeminiRedirectCache = new Map();
+
 // Gemini 模型定价（每百万 tokens 的价格，单位：美元）
 const PRICING = {
   'gemini-2.5-pro': { input: 1.25, output: 5 },
@@ -47,6 +52,27 @@ function resolveGeminiTarget(baseUrl = '', requestPath = '') {
   return target;
 }
 
+/**
+ * 应用模型重定向（精确匹配）
+ * @param {string} originalModel - 原始模型名称
+ * @param {object} channel - 渠道对象，包含 modelRedirects 数组
+ * @returns {string} 重定向后的模型名称
+ */
+function redirectModel(originalModel, channel) {
+  if (!originalModel) return originalModel;
+
+  const modelRedirects = channel?.modelRedirects;
+  if (Array.isArray(modelRedirects) && modelRedirects.length > 0) {
+    for (const rule of modelRedirects) {
+      if (rule.from && rule.to && rule.from === originalModel) {
+        return rule.to;
+      }
+    }
+  }
+
+  return originalModel;
+}
+
 /**
  * 计算请求成本
  */
@@ -127,7 +153,8 @@ async function startGeminiProxyServer(options = {}) {
 
       proxyReq.removeHeader('authorization');
       proxyReq.removeHeader('x-goog-api-key');
-      proxyReq.setHeader('authorization', `Bearer ${activeChannel.apiKey}`);
+      const effectiveKey = getEffectiveApiKey(activeChannel);
+      proxyReq.setHeader('authorization', `Bearer ${effectiveKey}`);
       if (!proxyReq.getHeader('content-type')) {
         proxyReq.setHeader('content-type', 'application/json');
       }
@@ -153,6 +180,27 @@ async function startGeminiProxyServer(options = {}) {
 
         broadcastSchedulerState('gemini', getSchedulerState('gemini'));
 
+        // 从 URL 中提取模型名称并应用重定向
+        // URL 格式: /models/gemini-2.5-pro:generateContent 或 /v1/models/gemini-2.5-pro:generateContent
+        const urlMatch = req.url.match(/\/models\/([\w.-]+)(:[^?]*)?/);
+        if (urlMatch) {
+          const originalModel = urlMatch[1];
+          const redirectedModel = redirectModel(originalModel, channel);
+
+          if (redirectedModel !== originalModel) {
+            // 替换 URL 中的模型名称
+            req.url = req.url.replace(`/models/${originalModel}`, `/models/${redirectedModel}`);
+
+            // 只在重定向规则变化时打印日志（避免每次请求都打印）
+            const cachedRedirects = printedGeminiRedirectCache.get(channel.id) || {};
+            if (cachedRedirects[originalModel] !== redirectedModel) {
+              cachedRedirects[originalModel] = redirectedModel;
+              printedGeminiRedirectCache.set(channel.id, cachedRedirects);
+              console.log(`[Gemini Model Redirect] ${originalModel} → ${redirectedModel} (channel: ${channel.name})`);
+            }
+          }
+        }
+
         const target = resolveGeminiTarget(channel.baseUrl, req.url);
 
         proxy.web(req, res, {
@@ -511,8 +559,22 @@ function getGeminiProxyStatus() {
   };
 }
 
+/**
+ * 清除指定渠道的模型重定向日志缓存
+ * 用于在渠道配置更新后触发重新打印日志
+ * @param {string} channelId - 渠道 ID
+ */
+function clearGeminiRedirectCache(channelId) {
+  if (channelId) {
+    printedGeminiRedirectCache.delete(channelId);
+  } else {
+    printedGeminiRedirectCache.clear();
+  }
+}
+
 module.exports = {
   startGeminiProxyServer,
   stopGeminiProxyServer,
-  getGeminiProxyStatus
+  getGeminiProxyStatus,
+  clearGeminiRedirectCache
 };

package/src/server/index.js

@@ -14,7 +14,7 @@ const { startProxyServer } = require('./proxy-server');
 const { startCodexProxyServer } = require('./codex-proxy-server');
 const { startGeminiProxyServer } = require('./gemini-proxy-server');
 
-async function startServer(port) {
+async function startServer(port, host = '127.0.0.1') {
   const config = loadConfig();
   // 使用配置的端口，如果没有传入参数
   if (!port) {
@@ -154,6 +154,12 @@ async function startServer(port) {
   // 配置同步 API
   app.use('/api/config-sync', require('./api/config-sync'));
 
+  // OAuth API
+  app.use('/api/oauth', require('./api/oauth'));
+
+  // 配置注册表 API (集中管理 skills/commands/agents/rules 的启用/禁用)
+  app.use('/api/config-registry', require('./api/config-registry'));
+
   // 健康检查 API
   app.use('/api/health-check', require('./api/health-check')(config));
 
@@ -167,9 +173,15 @@ async function startServer(port) {
   }
 
   // Start server
-  const server = app.listen(port, () => {
+  const server = app.listen(port, host, () => {
     console.log(`\n🚀 Coding-Tool Web UI running at:`);
-    console.log(`   http://localhost:${port}`);
+    if (host === '0.0.0.0') {
+      console.log(chalk.yellow(`   ⚠️  警告: 服务正在监听所有网络接口 (LAN 可访问)`));
+      console.log(`   http://localhost:${port}`);
+      console.log(chalk.gray(`   http://<your-ip>:${port} (LAN 访问)`));
+    } else {
+      console.log(`   http://localhost:${port}`);
+    }
 
     // 附加 WebSocket 服务器到同一个端口
     attachWebSocketServer(server);