@adversity/coding-tool-x 3.1.0 → 3.1.1

package/src/server/api/workspaces.js

@@ -3,8 +3,35 @@ const express = require('express');
 const router = express.Router();
 const fs = require('fs');
 const path = require('path');
+const { execFileSync } = require('child_process');
 const workspaceService = require('../services/workspace-service');
 
+function normalizeBranchName(branchName) {
+  if (typeof branchName !== 'string') {
+    return '';
+  }
+  return branchName.trim();
+}
+
+function validateBranchName(branchName) {
+  const normalized = normalizeBranchName(branchName);
+  if (!normalized) {
+    return { valid: false, normalized, message: '分支名不能为空' };
+  }
+  if (normalized.length > 255) {
+    return { valid: false, normalized, message: '分支名长度不能超过 255 个字符' };
+  }
+
+  try {
+    execFileSync('git', ['check-ref-format', '--branch', normalized], {
+      stdio: 'ignore'
+    });
+    return { valid: true, normalized };
+  } catch (error) {
+    return { valid: false, normalized, message: `非法分支名: ${normalized}` };
+  }
+}
+
 /**
  * GET /api/workspaces
  * 获取所有工作区列表
@@ -173,7 +200,7 @@ router.get('/:id', (req, res, next) => {
  */
 router.post('/', (req, res) => {
   try {
-    const { name, description, baseDir, projects, configTemplateId, permissionTemplate } = req.body;
+    const { name, description, baseDir, projects, configTemplateId } = req.body;
 
     if (!name || !name.trim()) {
       return res.status(400).json({
@@ -204,6 +231,30 @@ router.post('/', (req, res) => {
           message: '创建 worktree 时必须指定分支名'
         });
       }
+
+      const normalizedBranch = normalizeBranchName(proj.branch);
+      if (normalizedBranch) {
+        const branchValidation = validateBranchName(normalizedBranch);
+        if (!branchValidation.valid) {
+          return res.status(400).json({
+            success: false,
+            message: branchValidation.message
+          });
+        }
+        proj.branch = branchValidation.normalized;
+      }
+
+      const normalizedBaseBranch = normalizeBranchName(proj.baseBranch);
+      if (normalizedBaseBranch) {
+        const baseBranchValidation = validateBranchName(normalizedBaseBranch);
+        if (!baseBranchValidation.valid) {
+          return res.status(400).json({
+            success: false,
+            message: `基础分支不合法: ${baseBranchValidation.normalized}`
+          });
+        }
+        proj.baseBranch = baseBranchValidation.normalized;
+      }
     }
 
     const workspace = workspaceService.createWorkspace({
@@ -211,8 +262,7 @@ router.post('/', (req, res) => {
       description,
       baseDir,
       projects,
-      configTemplateId,
-      permissionTemplate
+      configTemplateId
     });
 
     res.json({
@@ -286,6 +336,8 @@ router.post('/:id/projects', (req, res) => {
   try {
     const { id } = req.params;
     const { sourcePath, name, createWorktree, branch, baseBranch } = req.body;
+    const normalizedBranch = normalizeBranchName(branch);
+    const normalizedBaseBranch = normalizeBranchName(baseBranch);
 
     if (!sourcePath || !sourcePath.trim()) {
       return res.status(400).json({
@@ -294,19 +346,39 @@ router.post('/:id/projects', (req, res) => {
       });
     }
 
-    if (createWorktree && (!branch || !branch.trim())) {
+    if (createWorktree && !normalizedBranch) {
       return res.status(400).json({
         success: false,
         message: '创建 worktree 时必须指定分支名'
       });
     }
 
+    if (normalizedBranch) {
+      const branchValidation = validateBranchName(normalizedBranch);
+      if (!branchValidation.valid) {
+        return res.status(400).json({
+          success: false,
+          message: branchValidation.message
+        });
+      }
+    }
+
+    if (normalizedBaseBranch) {
+      const baseBranchValidation = validateBranchName(normalizedBaseBranch);
+      if (!baseBranchValidation.valid) {
+        return res.status(400).json({
+          success: false,
+          message: `基础分支不合法: ${baseBranchValidation.normalized}`
+        });
+      }
+    }
+
     const workspace = workspaceService.addProjectToWorkspace(id, {
       sourcePath,
       name,
       createWorktree,
-      branch,
-      baseBranch
+      branch: normalizedBranch || branch,
+      baseBranch: normalizedBaseBranch || baseBranch
     });
 
     res.json({

package/src/server/codex-proxy-server.js

@@ -230,7 +230,7 @@ async function startCodexProxyServer(options = {}) {
 
   try {
     const config = loadConfig();
-    const port = config.ports?.codexProxy || 10089;
+    const port = config.ports?.codexProxy || 20089;
     currentPort = port;
 
     proxyApp = express();
@@ -257,7 +257,7 @@ async function startCodexProxyServer(options = {}) {
       });
 
       proxyReq.removeHeader('authorization');
-      const effectiveKey = getEffectiveApiKey(activeChannel);
+      const effectiveKey = req.effectiveApiKey;
       proxyReq.setHeader('authorization', `Bearer ${effectiveKey}`);
       proxyReq.setHeader('openai-beta', 'responses=experimental');
       if (!proxyReq.getHeader('content-type')) {
@@ -279,6 +279,33 @@ async function startCodexProxyServer(options = {}) {
         const channel = await allocateChannel({ source: 'codex', enableSessionBinding: false });
         req.selectedChannel = channel;
 
+        const release = (() => {
+          let released = false;
+          return () => {
+            if (released) return;
+            released = true;
+            releaseChannel(channel.id, 'codex');
+            broadcastSchedulerState('codex', getSchedulerState('codex'));
+          };
+        })();
+
+        res.on('close', release);
+        res.on('error', release);
+
+        broadcastSchedulerState('codex', getSchedulerState('codex'));
+
+        const effectiveKey = getEffectiveApiKey(channel);
+        if (!effectiveKey) {
+          release();
+          return res.status(401).json({
+            error: {
+              message: 'API key not configured or expired. Please update your channel key.',
+              type: 'authentication_error'
+            }
+          });
+        }
+        req.effectiveApiKey = effectiveKey;
+
         // 应用模型重定向（当 proxy 开启时）
         if (req.body && req.body.model) {
           const originalModel = req.body.model;
@@ -299,21 +326,6 @@ async function startCodexProxyServer(options = {}) {
           }
         }
 
-        const release = (() => {
-          let released = false;
-          return () => {
-            if (released) return;
-            released = true;
-            releaseChannel(channel.id, 'codex');
-            broadcastSchedulerState('codex', getSchedulerState('codex'));
-          };
-        })();
-
-        res.on('close', release);
-        res.on('error', release);
-
-        broadcastSchedulerState('codex', getSchedulerState('codex'));
-
         const target = resolveCodexTarget(channel.baseUrl, req.url);
 
         proxy.web(req, res, {
@@ -654,7 +666,7 @@ function getCodexProxyStatus() {
   return {
     running: !!proxyServer,
     port: currentPort,
-    defaultPort: config.ports?.codexProxy || 10089,
+    defaultPort: config.ports?.codexProxy || 20089,
     startTime,
     runtime
   };

package/src/server/dev-server.js

@@ -11,7 +11,7 @@ const { loadConfig } = require('../config/loader');
 const chalk = require('chalk');
 
 const config = loadConfig();
-const port = config.ports?.webUI || 10099;
+const port = config.ports?.webUI || 19999;
 
 console.log(chalk.cyan('\n🔧 开发模式：启动后端 API 服务器...\n'));
 

package/src/server/gemini-proxy-server.js

@@ -126,7 +126,7 @@ async function startGeminiProxyServer(options = {}) {
 
   try {
     const config = loadConfig();
-    const port = config.ports?.geminiProxy || 10090;
+    const port = config.ports?.geminiProxy || 20090;
     currentPort = port;
 
     proxyApp = express();
@@ -153,7 +153,7 @@ async function startGeminiProxyServer(options = {}) {
 
       proxyReq.removeHeader('authorization');
       proxyReq.removeHeader('x-goog-api-key');
-      const effectiveKey = getEffectiveApiKey(activeChannel);
+      const effectiveKey = req.effectiveApiKey;
       proxyReq.setHeader('authorization', `Bearer ${effectiveKey}`);
       if (!proxyReq.getHeader('content-type')) {
         proxyReq.setHeader('content-type', 'application/json');
@@ -180,6 +180,18 @@ async function startGeminiProxyServer(options = {}) {
 
         broadcastSchedulerState('gemini', getSchedulerState('gemini'));
 
+        const effectiveKey = getEffectiveApiKey(channel);
+        if (!effectiveKey) {
+          release();
+          return res.status(401).json({
+            error: {
+              message: 'API key not configured or expired. Please update your channel key.',
+              type: 'authentication_error'
+            }
+          });
+        }
+        req.effectiveApiKey = effectiveKey;
+
         // 从 URL 中提取模型名称并应用重定向
         // URL 格式: /models/gemini-2.5-pro:generateContent 或 /v1/models/gemini-2.5-pro:generateContent
         const urlMatch = req.url.match(/\/models\/([\w.-]+)(:[^?]*)?/);
@@ -553,7 +565,7 @@ function getGeminiProxyStatus() {
   return {
     running: !!proxyServer,
     port: currentPort,
-    defaultPort: config.ports?.geminiProxy || 10090,
+    defaultPort: config.ports?.geminiProxy || 20090,
     startTime,
     runtime
   };

package/src/server/index.js

@@ -3,6 +3,7 @@ const path = require('path');
 const chalk = require('chalk');
 const inquirer = require('inquirer');
 const { loadConfig } = require('../config/loader');
+const { ensureStorageDirMigrated } = require('../config/paths');
 const { startWebSocketServer: attachWebSocketServer } = require('./websocket-server');
 const { isPortInUse, killProcessByPort, waitForPortRelease } = require('../utils/port-helper');
 const { isProxyConfig } = require('./services/settings-manager');
@@ -10,41 +11,71 @@ const {
   isProxyConfig: isCodexProxyConfig,
   setProxyConfig: setCodexProxyConfig
 } = require('./services/codex-settings-manager');
+const { setProxyConfig: setOpenCodeProxyConfig } = require('./services/opencode-settings-manager');
 const { startProxyServer } = require('./proxy-server');
 const { startCodexProxyServer } = require('./codex-proxy-server');
 const { startGeminiProxyServer } = require('./gemini-proxy-server');
+const { startOpenCodeProxyServer } = require('./opencode-proxy-server');
+const { createRemoteMutationGuard, createRemoteRouteGuard } = require('./services/network-access');
 
-async function startServer(port, host = '127.0.0.1') {
+function isInteractivePortConflictMode(options = {}) {
+  if (options.interactive === false) {
+    return false;
+  }
+  if (process.argv.includes('--daemon')) {
+    return false;
+  }
+  return Boolean(process.stdin && process.stdin.isTTY && process.stdout && process.stdout.isTTY);
+}
+
+function printPortConflictHelp(port) {
+  console.log(chalk.yellow('\n💡 解决方案:'));
+  console.log(chalk.gray('   1. 运行 ctx 命令，选择"配置端口"修改端口'));
+  console.log(chalk.gray(`   2. 或手动关闭占用端口 ${port} 的程序\n`));
+}
+
+async function startServer(port, host = '127.0.0.1', options = {}) {
+  ensureStorageDirMigrated();
   const config = loadConfig();
   // 使用配置的端口，如果没有传入参数
   if (!port) {
-    port = config.ports?.webUI || 10099;
+    port = config.ports?.webUI || 19999;
   }
 
   // 检查端口是否被占用
-  const portInUse = await isPortInUse(port);
+  const portInUse = await isPortInUse(port, host);
   if (portInUse) {
     console.log(chalk.yellow(`\n⚠️  端口 ${port} 已被占用\n`));
 
-    // 询问用户是否关闭占用端口的进程
-    const { shouldKill } = await inquirer.prompt([
-      {
-        type: 'list',
-        name: 'shouldKill',
-        message: '是否关闭占用该端口的进程并启动服务？',
-        choices: [
-          { name: '是，关闭进程并启动', value: true },
-          { name: '否，取消启动', value: false }
-        ],
-        default: 0 // 默认选择"是"
-      }
-    ]);
+    const interactiveMode = isInteractivePortConflictMode(options);
+    let shouldKill = false;
+
+    if (options.forceKillPort === true) {
+      shouldKill = true;
+    } else if (interactiveMode) {
+      // 询问用户是否关闭占用端口的进程
+      const answer = await inquirer.prompt([
+        {
+          type: 'list',
+          name: 'shouldKill',
+          message: '是否关闭占用该端口的进程并启动服务？',
+          choices: [
+            { name: '是，关闭进程并启动', value: true },
+            { name: '否，取消启动', value: false }
+          ],
+          default: 0 // 默认选择"是"
+        }
+      ]);
+      shouldKill = answer.shouldKill;
+    } else {
+      console.error(chalk.red('❌ 当前为非交互模式，无法确认端口清理操作，已取消启动。'));
+      printPortConflictHelp(port);
+      process.exit(1);
+    }
 
     if (!shouldKill) {
       console.log(chalk.gray('\n已取消启动'));
-      console.log(chalk.yellow('\n💡 解决方案:'));
-      console.log(chalk.gray('   1. 运行 ctx 命令，选择"配置端口"修改端口'));
-      console.log(chalk.gray(`   2. 或手动关闭占用端口 ${port} 的程序\n`));
+      printPortConflictHelp(port);
       process.exit(0);
     }
 
@@ -60,7 +91,7 @@ async function startServer(port, host = '127.0.0.1') {
 
     // 等待端口释放
     console.log(chalk.cyan('等待端口释放...'));
-    const released = await waitForPortRelease(port);
+    const released = await waitForPortRelease(port, 3000, host);
 
     if (!released) {
       console.error(chalk.red('\n❌ 端口释放超时'));
@@ -72,6 +103,9 @@ async function startServer(port, host = '127.0.0.1') {
   }
 
   const app = express();
+  const lanMode = host === '0.0.0.0';
+  const allowRemoteMutation = process.env.CC_TOOL_ALLOW_REMOTE_WRITE === 'true';
+  const allowRemoteTerminal = process.env.CC_TOOL_ALLOW_REMOTE_TERMINAL === 'true';
 
   // Middleware
   app.use(express.json({ limit: '100mb' }));
@@ -88,6 +122,20 @@ async function startServer(port, host = '127.0.0.1') {
     next();
   });
 
+  if (lanMode) {
+    app.use('/api', createRemoteMutationGuard({
+      enabled: true,
+      allowRemoteMutation,
+      message: '出于安全考虑，LAN 模式默认仅允许本机执行写操作。可设置 CC_TOOL_ALLOW_REMOTE_WRITE=true 覆盖。'
+    }));
+
+    app.use('/api/terminal', createRemoteRouteGuard({
+      enabled: true,
+      allowRemoteAccess: allowRemoteTerminal,
+      message: '出于安全考虑，Web 终端仅允许本机访问。可设置 CC_TOOL_ALLOW_REMOTE_TERMINAL=true 覆盖。'
+    }));
+  }
+
   // API Routes
   app.use('/api/projects', require('./api/projects')(config));
   app.use('/api/sessions', require('./api/sessions')(config));
@@ -103,6 +151,13 @@ async function startServer(port, host = '127.0.0.1') {
   app.use('/api/gemini/channels', require('./api/gemini-channels')(config));
   app.use('/api/gemini/proxy', require('./api/gemini-proxy'));
 
+  // OpenCode API Routes
+  app.use('/api/opencode/projects', require('./api/opencode-projects')(config));
+  app.use('/api/opencode/sessions', require('./api/opencode-sessions')(config));
+  app.use('/api/opencode/channels', require('./api/opencode-channels')(config));
+  app.use('/api/opencode/proxy', require('./api/opencode-proxy'));
+  app.use('/api/opencode/statistics', require('./api/opencode-statistics'));
+
   // 会话格式转换 API
   app.use('/api/convert', require('./api/convert'));
 
@@ -145,18 +200,12 @@ async function startServer(port, host = '127.0.0.1') {
   // 配置模板 API
   app.use('/api/config-templates', require('./api/config-templates'));
 
-  // 命令执行权限 API
-  app.use('/api/permissions', require('./api/permissions'));
-
   // 配置导出/导入 API
   app.use('/api/config-export', require('./api/config-export'));
 
   // 配置同步 API
   app.use('/api/config-sync', require('./api/config-sync'));
 
-  // OAuth API
-  app.use('/api/oauth', require('./api/oauth'));
-
   // 配置注册表 API (集中管理 skills/commands/agents/rules 的启用/禁用)
   app.use('/api/config-registry', require('./api/config-registry'));
 
@@ -172,38 +221,56 @@ async function startServer(port, host = '127.0.0.1') {
     });
   }
 
-  // Start server
-  const server = app.listen(port, host, () => {
-    console.log(`\n🚀 Coding-Tool Web UI running at:`);
-    if (host === '0.0.0.0') {
-      console.log(chalk.yellow(`   ⚠️  警告: 服务正在监听所有网络接口 (LAN 可访问)`));
-      console.log(`   http://localhost:${port}`);
-      console.log(chalk.gray(`   http://<your-ip>:${port} (LAN 访问)`));
-    } else {
-      console.log(`   http://localhost:${port}`);
-    }
+  // Start server（确保监听成功后才返回，避免命令误报“已启动”）
+  const server = app.listen(port, host);
+  await new Promise((resolve) => {
+    const onListening = () => {
+      server.off('error', onError);
+      resolve();
+    };
+
+    const onError = (err) => {
+      server.off('listening', onListening);
+      if (err.code === 'EADDRINUSE') {
+        console.error(chalk.red(`\n❌ 端口 ${port} 已被占用`));
+        console.error(chalk.yellow('\n💡 解决方案:'));
+        console.error(chalk.gray('   1. 运行 ctx 命令，选择"配置端口"修改端口'));
+        console.error(chalk.gray(`   2. 或关闭占用端口 ${port} 的程序\n`));
+      } else {
+        console.error(chalk.red(`\n❌ 启动服务器失败: ${err.message}\n`));
+      }
+      process.exit(1);
+    };
 
-    // 附加 WebSocket 服务器到同一个端口
-    attachWebSocketServer(server);
-    console.log(`   ws://localhost:${port}/ws\n`);
+    server.once('listening', onListening);
+    server.once('error', onError);
+  });
 
-    // 自动恢复代理状态
-    autoRestoreProxies();
+  console.log(`\n🚀 Coding-Tool Web UI running at:`);
+  if (host === '0.0.0.0') {
+    console.log(chalk.yellow(`   ⚠️  警告: 服务正在监听所有网络接口 (LAN 可访问)`));
+    console.log(`   http://localhost:${port}`);
+    console.log(chalk.gray(`   http://<your-ip>:${port} (LAN 访问)`));
+  } else {
+    console.log(`   http://localhost:${port}`);
+  }
 
-    // 启动时执行健康检查
-    performStartupHealthCheck();
-  });
+  // 附加 WebSocket 服务器到同一个端口
+  attachWebSocketServer(server, { host, allowRemoteTerminal });
+  console.log(`   ws://localhost:${port}/ws\n`);
 
-  // 监听端口占用错误
-  server.on('error', (err) => {
-    if (err.code === 'EADDRINUSE') {
-      console.error(chalk.red(`\n❌ 端口 ${port} 已被占用`));
-      console.error(chalk.yellow('\n💡 解决方案:'));
-      console.error(chalk.gray('   1. 运行 ctx 命令，选择"配置端口"修改端口'));
-      console.error(chalk.gray(`   2. 或关闭占用端口 ${port} 的程序\n`));
-      process.exit(1);
-    }
-  });
+  if (host === '0.0.0.0' && !allowRemoteMutation) {
+    console.log(chalk.yellow('   🔒 已启用 LAN 安全保护：远程写操作默认禁用'));
+  }
+  if (host === '0.0.0.0' && !allowRemoteTerminal) {
+    console.log(chalk.yellow('   🔒 已启用 LAN 安全保护：远程 Web 终端默认禁用'));
+  }
+
+  // 自动恢复代理状态
+  autoRestoreProxies();
+
+  // 启动时执行健康检查
+  performStartupHealthCheck();
 
   return server;
 }
@@ -215,13 +282,13 @@ function autoRestoreProxies() {
   const fs = require('fs');
   const path = require('path');
 
-  const ccToolDir = path.join(os.homedir(), '.claude', 'cc-tool');
+  const ccToolDir = path.join(os.homedir(), '.cc-tool');
 
   // 检查 Claude 代理状态文件
   const claudeActiveFile = path.join(ccToolDir, 'active-channel.json');
   if (fs.existsSync(claudeActiveFile)) {
     console.log(chalk.cyan('\n🔄 检测到 Claude 代理状态文件，正在自动启动...'));
-    const proxyPort = config.ports?.proxy || 10088;
+    const proxyPort = config.ports?.proxy || 20088;
     startProxyServer(proxyPort)
       .then(() => {
         console.log(chalk.green(`✅ Claude 代理已自动启动，端口: ${proxyPort}`));
@@ -235,7 +302,7 @@ function autoRestoreProxies() {
   const codexActiveFile = path.join(ccToolDir, 'codex-active-channel.json');
   if (fs.existsSync(codexActiveFile)) {
     console.log(chalk.cyan('\n🔄 检测到 Codex 代理状态文件，正在自动启动...'));
-    const codexProxyPort = config.ports?.codexProxy || 10089;
+    const codexProxyPort = config.ports?.codexProxy || 20089;
     startCodexProxyServer(codexProxyPort)
       .then((result) => {
         const port = result?.port || codexProxyPort;
@@ -260,7 +327,7 @@ function autoRestoreProxies() {
   const geminiActiveFile = path.join(ccToolDir, 'gemini-active-channel.json');
   if (fs.existsSync(geminiActiveFile)) {
     console.log(chalk.cyan('\n🔄 检测到 Gemini 代理状态文件，正在自动启动...'));
-    const geminiProxyPort = config.ports?.geminiProxy || 10090;
+    const geminiProxyPort = config.ports?.geminiProxy || 20090;
     startGeminiProxyServer(geminiProxyPort)
       .then((result) => {
         if (result.success) {
@@ -275,6 +342,46 @@ function autoRestoreProxies() {
   } else {
     console.log(chalk.gray('\n💡 提示: 如需使用 Gemini 代理，请在前端界面激活 Gemini 渠道'));
   }
+
+  // 检查 OpenCode 代理状态文件
+  const opencodeActiveFile = path.join(ccToolDir, 'opencode-active-channel.json');
+  if (fs.existsSync(opencodeActiveFile)) {
+    console.log(chalk.cyan('\n🔄 检测到 OpenCode 代理状态文件，正在自动启动...'));
+    const opencodeProxyPort = config.ports?.opencodeProxy || 20091;
+    startOpenCodeProxyServer(opencodeProxyPort)
+      .then((result) => {
+        if (result.success) {
+          console.log(chalk.green(`✅ OpenCode 代理已自动启动，端口: ${result.port}`));
+          try {
+            const { getEnabledChannels: getEnabledOpenCodeChannels } = require('./services/opencode-channels');
+            const enabledChs = getEnabledOpenCodeChannels();
+            const allModels = [];
+            const seen = new Set();
+            enabledChs.forEach((ch) => {
+              [ch.model, ch.speedTestModel].forEach((m) => {
+                if (typeof m === 'string' && m.trim() && !seen.has(m.trim().toLowerCase())) {
+                  seen.add(m.trim().toLowerCase());
+                  allModels.push(m.trim());
+                }
+              });
+            });
+            const firstChannel = enabledChs[0];
+            const activeModel = firstChannel && (firstChannel.model || firstChannel.speedTestModel) || null;
+            const cfgResult = setOpenCodeProxyConfig(result.port, { model: activeModel, models: allModels });
+            if (cfgResult?.success) {
+              console.log(chalk.gray('   已同步 OpenCode 配置文件'));
+            }
+          } catch (err) {
+            console.error(chalk.red(`❌ OpenCode 代理配置同步失败: ${err.message}`));
+          }
+        } else {
+          console.error(chalk.red(`❌ OpenCode 代理启动失败: ${result.error || 'Unknown error'}`));
+        }
+      })
+      .catch((err) => {
+        console.error(chalk.red(`❌ OpenCode 代理启动失败: ${err.message}`));
+      });
+  }
 }
 
 // 启动时执行健康检查