@axhub/genie 0.2.8 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (106) hide show
  1. package/LICENSE +21 -675
  2. package/dist/api-docs.html +2 -2
  3. package/dist/assets/App-CYCCsgwf.js +264 -0
  4. package/dist/assets/ReviewApp-0srHIXwb.js +1 -0
  5. package/dist/assets/{_basePickBy-CqJbRZ9y.js → _basePickBy-DVVb07UV.js} +1 -1
  6. package/dist/assets/{_baseUniq-BS8YH8jO.js → _baseUniq-BtbziL5G.js} +1 -1
  7. package/dist/assets/{arc-BBmKEN-S.js → arc-BsCC8yBD.js} +1 -1
  8. package/dist/assets/{architectureDiagram-2XIMDMQ5-N5lcb82R.js → architectureDiagram-2XIMDMQ5-woFp6eNI.js} +1 -1
  9. package/dist/assets/{blockDiagram-WCTKOSBZ-DTMwHuLn.js → blockDiagram-WCTKOSBZ-ya8VAc2k.js} +1 -1
  10. package/dist/assets/{c4Diagram-IC4MRINW-BTKlkXI9.js → c4Diagram-IC4MRINW-CY1dZmIZ.js} +1 -1
  11. package/dist/assets/channel-BMhScXFe.js +1 -0
  12. package/dist/assets/{chunk-4BX2VUAB-DUdoTxAc.js → chunk-4BX2VUAB-CR1lAd74.js} +1 -1
  13. package/dist/assets/{chunk-55IACEB6-Bm_92xe4.js → chunk-55IACEB6-CP98WcFC.js} +1 -1
  14. package/dist/assets/{chunk-FMBD7UC4-CGW0g62g.js → chunk-FMBD7UC4-D9c7ijAB.js} +1 -1
  15. package/dist/assets/{chunk-JSJVCQXG-DYkTH3w1.js → chunk-JSJVCQXG-DQAGYOn-.js} +1 -1
  16. package/dist/assets/{chunk-KX2RTZJC-C9oTlISU.js → chunk-KX2RTZJC-BbTXiDq7.js} +1 -1
  17. package/dist/assets/{chunk-NQ4KR5QH-CM50ygWP.js → chunk-NQ4KR5QH-BI6AX0dr.js} +1 -1
  18. package/dist/assets/{chunk-QZHKN3VN-7dzpYeNJ.js → chunk-QZHKN3VN-DB3V2Ifo.js} +1 -1
  19. package/dist/assets/{chunk-WL4C6EOR-Cm9nQrsr.js → chunk-WL4C6EOR-DhzTthv6.js} +1 -1
  20. package/dist/assets/classDiagram-VBA2DB6C-CMIxlWcT.js +1 -0
  21. package/dist/assets/classDiagram-v2-RAHNMMFH-CMIxlWcT.js +1 -0
  22. package/dist/assets/clone-BPqOt4r3.js +1 -0
  23. package/dist/assets/{cose-bilkent-S5V4N54A-Ccp_p0JZ.js → cose-bilkent-S5V4N54A-BQ09ZE2j.js} +1 -1
  24. package/dist/assets/{dagre-KLK3FWXG-fBwTLUp9.js → dagre-KLK3FWXG-Dc2ueD_R.js} +1 -1
  25. package/dist/assets/{diagram-E7M64L7V-CeNVmFUp.js → diagram-E7M64L7V-DP-LsQoL.js} +1 -1
  26. package/dist/assets/{diagram-IFDJBPK2-CtavyLGa.js → diagram-IFDJBPK2-Cg6r42cB.js} +1 -1
  27. package/dist/assets/{diagram-P4PSJMXO-CpQTjQwc.js → diagram-P4PSJMXO-aHsfoUZE.js} +1 -1
  28. package/dist/assets/{erDiagram-INFDFZHY-B8R5vwhd.js → erDiagram-INFDFZHY-qBXJ4aAz.js} +1 -1
  29. package/dist/assets/{flowDiagram-PKNHOUZH-BvkVVwIQ.js → flowDiagram-PKNHOUZH-D_13emJM.js} +1 -1
  30. package/dist/assets/{ganttDiagram-A5KZAMGK-DOu3hSNa.js → ganttDiagram-A5KZAMGK-BvIcOLwz.js} +1 -1
  31. package/dist/assets/{gitGraphDiagram-K3NZZRJ6-C7zT67YE.js → gitGraphDiagram-K3NZZRJ6-ad0vvNcU.js} +1 -1
  32. package/dist/assets/{graph-D11wiwHo.js → graph-CeJCMjan.js} +1 -1
  33. package/dist/assets/{highlighted-body-TPN3WLV5-Babpthg-.js → highlighted-body-TPN3WLV5-B_novwSz.js} +1 -1
  34. package/dist/assets/index-C514cLyb.js +2 -0
  35. package/dist/assets/index-h1DBl_g3.css +1 -0
  36. package/dist/assets/{infoDiagram-LFFYTUFH-BmA7IpQG.js → infoDiagram-LFFYTUFH-lOxAqb3m.js} +1 -1
  37. package/dist/assets/{ishikawaDiagram-PHBUUO56-BEquZd3E.js → ishikawaDiagram-PHBUUO56-DIr-51gj.js} +1 -1
  38. package/dist/assets/{journeyDiagram-4ABVD52K-BfemGz7f.js → journeyDiagram-4ABVD52K-CYcIW0ZU.js} +1 -1
  39. package/dist/assets/{kanban-definition-K7BYSVSG-CWja3mln.js → kanban-definition-K7BYSVSG-C1ZK616a.js} +1 -1
  40. package/dist/assets/{layout-BLUNf-PJ.js → layout-CI2RM-v6.js} +1 -1
  41. package/dist/assets/{linear-DukIV_Xv.js → linear-DE7bISck.js} +1 -1
  42. package/dist/assets/{mermaid-O7DHMXV3-SgtM28qI.js → mermaid-O7DHMXV3-XxAJo8EK.js} +6 -6
  43. package/dist/assets/{mindmap-definition-YRQLILUH-4UjqXITU.js → mindmap-definition-YRQLILUH-Dz6EFjmn.js} +1 -1
  44. package/dist/assets/{pieDiagram-SKSYHLDU-8AxqJd0M.js → pieDiagram-SKSYHLDU-DPpEzUed.js} +1 -1
  45. package/dist/assets/{quadrantDiagram-337W2JSQ-D60m8V8r.js → quadrantDiagram-337W2JSQ-xdoXNet7.js} +1 -1
  46. package/dist/assets/{requirementDiagram-Z7DCOOCP-zqh9jBVf.js → requirementDiagram-Z7DCOOCP-DUq8H3CL.js} +1 -1
  47. package/dist/assets/{sankeyDiagram-WA2Y5GQK-CDZILTLI.js → sankeyDiagram-WA2Y5GQK-CmqEUxRu.js} +1 -1
  48. package/dist/assets/{sequenceDiagram-2WXFIKYE-7BReFd0L.js → sequenceDiagram-2WXFIKYE-DhtXRNiH.js} +1 -1
  49. package/dist/assets/{stateDiagram-RAJIS63D-HPTVdIG4.js → stateDiagram-RAJIS63D-Dj0HOlbN.js} +1 -1
  50. package/dist/assets/stateDiagram-v2-FVOUBMTO-C9utf5gv.js +1 -0
  51. package/dist/assets/{timeline-definition-YZTLITO2-CTVllFgr.js → timeline-definition-YZTLITO2-DUuJzZB5.js} +1 -1
  52. package/dist/assets/{treemap-KZPCXAKY-BtyxboJZ.js → treemap-KZPCXAKY-DpYBQ0qr.js} +1 -1
  53. package/dist/assets/vendor-codemirror-CMHSJ_9p.js +9 -0
  54. package/dist/assets/{vendor-react-Cpt6D04s.js → vendor-react-xmA_f8ig.js} +1 -1
  55. package/dist/assets/{vennDiagram-LZ73GAT5-D96ZI6Mg.js → vennDiagram-LZ73GAT5-DpePUyOd.js} +1 -1
  56. package/dist/assets/{xychartDiagram-JWTSCODW-eRk-39YO.js → xychartDiagram-JWTSCODW-Cfp1I4_U.js} +1 -1
  57. package/dist/index.html +5 -5
  58. package/package.json +8 -7
  59. package/server/acp-runtime/client.js +129 -16
  60. package/server/acp-runtime/index.js +54 -0
  61. package/server/acp-runtime/registry.js +2 -2
  62. package/server/acp-runtime/session-store.js +79 -5
  63. package/server/cli.js +55 -10
  64. package/server/database/db.js +20 -0
  65. package/server/external-agent/service.js +24 -6
  66. package/server/external-agent/ws.js +540 -27
  67. package/server/index.js +112 -151
  68. package/server/lan-access/core.js +79 -0
  69. package/server/lan-access/state.js +102 -0
  70. package/server/middleware/auth.js +57 -14
  71. package/server/projects.js +930 -667
  72. package/server/routes/auth.js +24 -4
  73. package/server/routes/cli-auth.js +21 -25
  74. package/server/routes/codex.js +84 -298
  75. package/server/routes/commands.js +322 -407
  76. package/server/routes/lan-access.js +231 -0
  77. package/server/routes/projects.js +154 -158
  78. package/server/routes/session-core.js +160 -91
  79. package/server/routes/settings.js +113 -99
  80. package/server/session-core/eventStore.js +60 -20
  81. package/server/session-core/providerAdapters.js +75 -38
  82. package/server/session-core/runtimeState.js +8 -0
  83. package/server/session-core/sessionListMerge.js +47 -0
  84. package/shared/conversationEvents.js +174 -15
  85. package/shared/modelConstants.js +79 -99
  86. package/dist/assets/App-CTKZtqB1.js +0 -460
  87. package/dist/assets/ReviewApp-DM6BNAzR.js +0 -1
  88. package/dist/assets/channel-1oJBvF-0.js +0 -1
  89. package/dist/assets/classDiagram-VBA2DB6C-d5TeKFM4.js +0 -1
  90. package/dist/assets/classDiagram-v2-RAHNMMFH-d5TeKFM4.js +0 -1
  91. package/dist/assets/clone-CinxIlEu.js +0 -1
  92. package/dist/assets/index-DFxzgWoO.js +0 -2
  93. package/dist/assets/index-YCFGDVKw.css +0 -1
  94. package/dist/assets/stateDiagram-v2-FVOUBMTO-DTUf5_gC.js +0 -1
  95. package/dist/assets/vendor-codemirror-Dz7_EqNA.js +0 -39
  96. package/server/_legacy-providers/README.md +0 -30
  97. package/server/_legacy-providers/claude-sdk.js +0 -956
  98. package/server/_legacy-providers/gemini-cli.js +0 -368
  99. package/server/_legacy-providers/openai-codex.js +0 -705
  100. package/server/_legacy-providers/opencode-cli.js +0 -674
  101. package/server/routes/git.js +0 -1110
  102. package/server/routes/mcp-utils.js +0 -48
  103. package/server/routes/mcp.js +0 -536
  104. package/server/routes/taskmaster.js +0 -1963
  105. package/server/utils/mcp-detector.js +0 -198
  106. package/server/utils/taskmaster-websocket.js +0 -129
package/server/middleware/auth.js CHANGED
@@ -1,6 +1,8 @@
1
1
  import jwt from 'jsonwebtoken';
2
2
  import { userDb } from '../database/db.js';
3
3
  import { IS_PLATFORM } from '../constants/config.js';
4
+ import { getLanSessionVersion } from '../lan-access/state.js';
5
+ import { isLoopbackRequest } from '../lan-access/core.js';
4
6
 
5
7
  // Get JWT secret from environment or use default (for development)
6
8
  const JWT_SECRET = process.env.JWT_SECRET || 'claude-ui-dev-secret-change-in-production';
@@ -10,6 +12,37 @@ const PUBLIC_GET_ROUTE_PATTERNS = [
10
12
  /^\/api\/session-core\/providers(?:\/[^/]+)?\/?$/i,
11
13
  ];
12
14
 
15
+ const DEFAULT_TOKEN_EXPIRY = '30d';
16
+
17
+ function isSessionVersionAllowed(decodedToken, currentSessionVersion = getLanSessionVersion()) {
18
+ const expectedSessionVersion = Number.isInteger(currentSessionVersion) ? currentSessionVersion : 0;
19
+ const tokenSessionVersion = Number(decodedToken?.sessionVersion);
20
+
21
+ if (expectedSessionVersion <= 0) {
22
+ return tokenSessionVersion === 0 || Number.isNaN(tokenSessionVersion);
23
+ }
24
+
25
+ return Number.isInteger(tokenSessionVersion) && tokenSessionVersion === expectedSessionVersion;
26
+ }
27
+
28
+ function verifySignedToken(token, { expectedPurpose = null } = {}) {
29
+ const decoded = jwt.verify(token, JWT_SECRET);
30
+
31
+ if (expectedPurpose && decoded?.purpose !== expectedPurpose) {
32
+ const error = new Error('Invalid token purpose');
33
+ error.code = 'INVALID_TOKEN_PURPOSE';
34
+ throw error;
35
+ }
36
+
37
+ if (!isSessionVersionAllowed(decoded)) {
38
+ const error = new Error('Token session is no longer valid');
39
+ error.code = 'STALE_SESSION_VERSION';
40
+ throw error;
41
+ }
42
+
43
+ return decoded;
44
+ }
45
+
13
46
  // Optional API key middleware
14
47
  const validateApiKey = (req, res, next) => {
15
48
  // Skip API key validation if not configured
@@ -36,17 +69,17 @@ const authenticateToken = async (req, res, next) => {
36
69
  }
37
70
 
38
71
  // Platform mode: use single database user
39
- if (IS_PLATFORM) {
72
+ if (IS_PLATFORM || isLoopbackRequest(req)) {
40
73
  try {
41
74
  const user = userDb.getFirstUser();
42
75
  if (!user) {
43
- return res.status(500).json({ error: 'Platform mode: No user found in database' });
76
+ return res.status(500).json({ error: 'No default user found in database' });
44
77
  }
45
78
  req.user = user;
46
79
  return next();
47
80
  } catch (error) {
48
- console.error('Platform mode error:', error);
49
- return res.status(500).json({ error: 'Platform mode: Failed to fetch user' });
81
+ console.error('Local authentication bypass error:', error);
82
+ return res.status(500).json({ error: 'Failed to resolve local user' });
50
83
  }
51
84
  }
52
85
 
@@ -64,7 +97,7 @@ const authenticateToken = async (req, res, next) => {
64
97
  }
65
98
 
66
99
  try {
67
- const decoded = jwt.verify(token, JWT_SECRET);
100
+ const decoded = verifySignedToken(token);
68
101
 
69
102
  // Verify user still exists and is active
70
103
  const user = userDb.getUserById(decoded.userId);
@@ -81,21 +114,29 @@ const authenticateToken = async (req, res, next) => {
81
114
  };
82
115
 
83
116
  // Generate JWT token (never expires)
84
- const generateToken = (user) => {
117
+ const generateToken = (user, options = {}) => {
118
+ const {
119
+ expiresIn = DEFAULT_TOKEN_EXPIRY,
120
+ purpose = 'app',
121
+ sessionVersion = getLanSessionVersion(),
122
+ } = options;
123
+
85
124
  return jwt.sign(
86
- {
87
- userId: user.id,
88
- username: user.username
125
+ {
126
+ userId: user.id,
127
+ username: user.username,
128
+ purpose,
129
+ sessionVersion,
89
130
  },
90
- JWT_SECRET
91
- // No expiration - token lasts forever
131
+ JWT_SECRET,
132
+ expiresIn ? { expiresIn } : undefined
92
133
  );
93
134
  };
94
135
 
95
136
  // WebSocket authentication function
96
- const authenticateWebSocket = (token) => {
137
+ const authenticateWebSocket = (token, request = null) => {
97
138
  // Platform mode: bypass token validation, return first user
98
- if (IS_PLATFORM) {
139
+ if (IS_PLATFORM || isLoopbackRequest(request)) {
99
140
  try {
100
141
  const user = userDb.getFirstUser();
101
142
  if (user) {
@@ -114,7 +155,7 @@ const authenticateWebSocket = (token) => {
114
155
  }
115
156
 
116
157
  try {
117
- const decoded = jwt.verify(token, JWT_SECRET);
158
+ const decoded = verifySignedToken(token);
118
159
  return decoded;
119
160
  } catch (error) {
120
161
  console.error('WebSocket token verification error:', error);
@@ -127,5 +168,7 @@ export {
127
168
  authenticateToken,
128
169
  generateToken,
129
170
  authenticateWebSocket,
171
+ isSessionVersionAllowed,
172
+ verifySignedToken,
130
173
  JWT_SECRET
131
174
  };