@co0ontty/wand 1.15.1 → 1.17.4

package/dist/server.js

@@ -14,10 +14,12 @@ import { ensureAvatarSeed, getAvatarSvg } from "./avatar.js";
 import { createSession, revokeSession, setAuthStorage, validateSession } from "./auth.js";
 import { ensureCertificates } from "./cert.js";
 import { isExecutionMode, normalizeCardDefaults, resolveConfigDir, saveConfig } from "./config.js";
+import { getCachedModels, refreshModels } from "./models.js";
 import { ProcessManager } from "./process-manager.js";
 import { StructuredSessionManager } from "./structured-session-manager.js";
 import { generatePwaManifest, generateServiceWorker } from "./pwa.js";
 import { getErrorMessage, registerClaudeHistoryRoutes, registerSessionRoutes } from "./server-session-routes.js";
+import { registerUploadRoutes } from "./upload-routes.js";
 import { resolveDatabasePath, WandStorage } from "./storage.js";
 import { renderApp } from "./web-ui/index.js";
 import { WsBroadcastManager } from "./ws-broadcast.js";
@@ -488,9 +490,10 @@ export async function startServer(config, configPath) {
     app.use(express.json({ limit: "1mb" }));
     app.use(compression({ threshold: 1024 }));
     const vendorCacheOpts = { maxAge: "7d", immutable: true };
-    app.use("/vendor/xterm", express.static(path.join(nodeModulesDir, "@xterm", "xterm"), vendorCacheOpts));
-    app.use("/vendor/xterm-addon-fit", express.static(path.join(nodeModulesDir, "@xterm", "addon-fit"), vendorCacheOpts));
-    app.use("/vendor/xterm-addon-serialize", express.static(path.join(nodeModulesDir, "@xterm", "addon-serialize"), vendorCacheOpts));
+    const contentDir = existsSync(path.join(SERVER_MODULE_DIR, "web-ui", "content"))
+        ? path.join(SERVER_MODULE_DIR, "web-ui", "content")
+        : path.join(RUNTIME_ROOT_DIR, "src", "web-ui", "content");
+    app.use("/vendor/wterm", express.static(path.join(contentDir, "vendor", "wterm"), vendorCacheOpts));
     // ── Web UI and PWA endpoints ──
     app.get("/", (_req, res) => {
         res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
@@ -694,6 +697,10 @@ export async function startServer(config, configPath) {
             hasCert: existsSync(certPaths.keyPath) && existsSync(certPaths.certPath),
             updateAvailable: cachedUpdateInfo?.updateAvailable ?? false,
             latestVersion: cachedUpdateInfo?.latest ?? null,
+            autoUpdate: {
+                web: storage.getConfigValue("autoUpdateWeb") === "true",
+                apk: storage.getConfigValue("autoUpdateApk") === "true",
+            },
             androidApk: {
                 enabled: config.android?.enabled === true,
                 apkDir,
@@ -745,7 +752,7 @@ export async function startServer(config, configPath) {
     });
     app.post("/api/settings/config", async (req, res) => {
         const body = req.body;
-        const allowedFields = ["host", "port", "https", "defaultMode", "defaultCwd", "shell", "language"];
+        const allowedFields = ["host", "port", "https", "defaultMode", "defaultCwd", "shell", "language", "defaultModel"];
         let changed = false;
         for (const field of allowedFields) {
             if (field in body && body[field] !== undefined) {
@@ -779,6 +786,9 @@ export async function startServer(config, configPath) {
                 else if (field === "language") {
                     config.language = typeof body.language === "string" ? body.language.trim() : "";
                 }
+                else if (field === "defaultModel") {
+                    config.defaultModel = typeof body.defaultModel === "string" ? body.defaultModel.trim() : "";
+                }
                 changed = true;
             }
         }
@@ -802,6 +812,29 @@ export async function startServer(config, configPath) {
             res.status(500).json({ error: getErrorMessage(error, "保存配置失败。") });
         }
     });
+    app.get("/api/models", (_req, res) => {
+        const cached = getCachedModels();
+        res.json({
+            models: cached.models,
+            claudeVersion: cached.claudeVersion,
+            refreshedAt: cached.refreshedAt,
+            defaultModel: config.defaultModel ?? "",
+        });
+    });
+    app.post("/api/models/refresh", async (_req, res) => {
+        try {
+            const refreshed = await refreshModels();
+            res.json({
+                models: refreshed.models,
+                claudeVersion: refreshed.claudeVersion,
+                refreshedAt: refreshed.refreshedAt,
+                defaultModel: config.defaultModel ?? "",
+            });
+        }
+        catch (error) {
+            res.status(500).json({ error: getErrorMessage(error, "刷新模型列表失败。") });
+        }
+    });
     app.post("/api/settings/upload-cert", async (req, res) => {
         const { key, cert } = req.body;
         if (!key || !cert) {
@@ -857,6 +890,7 @@ export async function startServer(config, configPath) {
     });
     registerSessionRoutes(app, processes, structuredSessions, storage, config.defaultMode);
     registerClaudeHistoryRoutes(app, processes, storage);
+    registerUploadRoutes(app, processes);
     // ── Path suggestion ──
     app.get("/api/path-suggestions", async (req, res) => {
         const query = typeof req.query.q === "string" ? req.query.q : "";
@@ -872,10 +906,9 @@ export async function startServer(config, configPath) {
     app.get("/api/directory", async (req, res) => {
         const q = typeof req.query.q === "string" ? req.query.q : "";
         const includeGitStatus = req.query.gitStatus === "true";
-        const targetPath = path.resolve(process.cwd(), q);
-        const allowedBase = process.cwd();
-        if (!isPathWithinBase(targetPath, allowedBase)) {
-            res.status(403).json({ error: "访问被拒绝：路径必须在项目目录内。" });
+        const targetPath = path.resolve(q || config.defaultCwd);
+        if (isBlockedFolderPath(targetPath)) {
+            res.status(403).json({ error: "访问被拒绝：无法访问系统敏感目录。" });
             return;
         }
         try {
@@ -911,8 +944,7 @@ export async function startServer(config, configPath) {
             return;
         }
         const resolvedPath = path.resolve(filePath);
-        const allowedBase = process.cwd();
-        if (!isPathWithinBase(resolvedPath, allowedBase)) {
+        if (isBlockedFolderPath(resolvedPath)) {
             res.status(403).json({ error: "Access denied" });
             return;
         }
@@ -1128,9 +1160,12 @@ export async function startServer(config, configPath) {
         }
         const initialInput = body.initialInput?.trim();
         try {
+            const rawModel = typeof body.model === "string" ? body.model.trim() : "";
+            const effectiveModel = rawModel || (config.defaultModel ?? "").trim() || undefined;
             const snapshot = processes.start(body.command, body.cwd, normalizeMode(body.mode, config.defaultMode), initialInput || undefined, {
                 worktreeEnabled: body.worktreeEnabled === true,
                 provider: body.provider,
+                model: effectiveModel,
             });
             res.status(201).json(snapshot);
         }
@@ -1207,17 +1242,80 @@ export async function startServer(config, configPath) {
     }
     // Start configured background sessions after the server is already reachable.
     processes.runStartupCommands();
-    // Background update check on startup
-    checkNpmLatestVersion().then((info) => {
+    // ── Auto-update endpoints ──
+    app.get("/api/auto-update", (_req, res) => {
+        const web = storage.getConfigValue("autoUpdateWeb") === "true";
+        const apk = storage.getConfigValue("autoUpdateApk") === "true";
+        res.json({ web, apk });
+    });
+    app.post("/api/auto-update", express.json(), (req, res) => {
+        const { web, apk } = req.body;
+        if (typeof web === "boolean") {
+            storage.setConfigValue("autoUpdateWeb", String(web));
+        }
+        if (typeof apk === "boolean") {
+            storage.setConfigValue("autoUpdateApk", String(apk));
+        }
+        res.json({
+            web: storage.getConfigValue("autoUpdateWeb") === "true",
+            apk: storage.getConfigValue("autoUpdateApk") === "true",
+        });
+    });
+    // ── Auto-update logic ──
+    async function performAutoUpdate() {
+        const info = await checkNpmLatestVersion(true);
         cachedUpdateInfo = info;
-        if (info.updateAvailable) {
+        if (!info.updateAvailable)
+            return;
+        const autoEnabled = storage.getConfigValue("autoUpdateWeb") === "true";
+        if (!autoEnabled) {
+            // Not auto-updating, just notify
             process.stdout.write(`[wand] 发现新版本 ${info.latest}（当前 ${info.current}）。运行 npm install -g ${PKG_NAME}@latest 进行更新。\n`);
-            // Broadcast update notification to all connected WS clients
             wsManager.emitEvent({
                 type: "notification",
                 sessionId: "__system__",
                 data: { kind: "update", current: info.current, latest: info.latest },
             });
+            return;
+        }
+        // Auto-update: install and restart
+        process.stdout.write(`[wand] 自动更新：正在从 ${info.current} 更新到 ${info.latest}...\n`);
+        wsManager.emitEvent({
+            type: "notification",
+            sessionId: "__system__",
+            data: { kind: "auto-update-start", current: info.current, latest: info.latest },
+        });
+        try {
+            await execAsync(`npm install -g ${PKG_NAME}@latest`, { timeout: 120000 });
+            process.stdout.write(`[wand] 自动更新完成，正在重启...\n`);
+            wsManager.emitEvent({
+                type: "notification",
+                sessionId: "__system__",
+                data: { kind: "auto-update-restart", current: info.current, latest: info.latest },
+            });
+            // Restart after a brief delay
+            setTimeout(() => {
+                wss.clients.forEach((client) => client.close());
+                server.close(() => {
+                    spawn(process.execPath, process.argv.slice(1), {
+                        detached: true,
+                        stdio: "inherit",
+                        cwd: process.cwd(),
+                        env: process.env,
+                    }).unref();
+                    process.exit(0);
+                });
+                setTimeout(() => process.exit(0), 5000);
+            }, 1000);
+        }
+        catch (error) {
+            process.stdout.write(`[wand] 自动更新失败: ${getErrorMessage(error, "未知错误")}\n`);
         }
-    }).catch(() => { });
+    }
+    // Background update check on startup
+    performAutoUpdate().catch(() => { });
+    // Periodic update check (every 30 minutes)
+    setInterval(() => {
+        performAutoUpdate().catch(() => { });
+    }, 30 * 60 * 1000);
 }

package/dist/structured-session-manager.d.ts

@@ -6,6 +6,8 @@ interface CreateStructuredSessionOptions {
     prompt?: string;
     runner?: SessionRunner;
     worktreeEnabled?: boolean;
+    /** 用户指定的 Claude 模型（别名或完整 ID）。留空则 spawn 时不加 --model。 */
+    model?: string;
 }
 export declare class StructuredSessionManager {
     private readonly storage;
@@ -25,6 +27,8 @@ export declare class StructuredSessionManager {
     approvePermission(sessionId: string): SessionSnapshot;
     /** Deny a pending permission request. */
     denyPermission(sessionId: string): SessionSnapshot;
+    /** Update the selected model for a structured session. Takes effect on the next spawn. */
+    setSessionModel(sessionId: string, model: string | null): SessionSnapshot;
     /** Toggle auto-approve for the session. */
     toggleAutoApprove(sessionId: string): SessionSnapshot;
     /** Resolve a specific escalation by requestId. */

package/dist/structured-session-manager.js

@@ -73,11 +73,12 @@ export class StructuredSessionManager {
                 structuredState: {
                     provider: snapshot.structuredState?.provider ?? snapshot.provider ?? "claude",
                     runner: snapshot.runner ?? "claude-cli-print",
-                    model: snapshot.structuredState?.model,
+                    model: snapshot.structuredState?.model ?? snapshot.selectedModel ?? undefined,
                     lastError: snapshot.structuredState?.lastError ?? null,
                     inFlight: false,
                     activeRequestId: null,
                 },
+                selectedModel: snapshot.selectedModel ?? null,
             };
             this.sessions.set(restored.id, restored);
             this.storage.saveSession(restored);
@@ -112,6 +113,7 @@ export class StructuredSessionManager {
         const worktreeSetup = options.worktreeEnabled
             ? prepareSessionWorktree({ cwd: options.cwd, sessionId: id })
             : null;
+        const selectedModel = options.model?.trim() || null;
         const snapshot = {
             id,
             sessionKind: "structured",
@@ -135,6 +137,7 @@ export class StructuredSessionManager {
             structuredState: {
                 provider: "claude",
                 runner: options.runner ?? "claude-cli-print",
+                model: selectedModel ?? undefined,
                 inFlight: false,
                 activeRequestId: null,
                 lastError: null,
@@ -142,6 +145,7 @@ export class StructuredSessionManager {
             autoRecovered: false,
             autoApprovePermissions: shouldAutoApproveForMode(options.mode),
             approvalStats: { tool: 0, command: 0, file: 0, total: 0 },
+            selectedModel,
         };
         this.sessions.set(id, snapshot);
         this.storage.saveSession(snapshot);
@@ -262,6 +266,27 @@ export class StructuredSessionManager {
     denyPermission(sessionId) {
         return this.resolvePermission(sessionId, false);
     }
+    /** Update the selected model for a structured session. Takes effect on the next spawn. */
+    setSessionModel(sessionId, model) {
+        const session = this.requireSession(sessionId);
+        const normalized = model?.trim() || null;
+        const updated = {
+            ...session,
+            selectedModel: normalized,
+            structuredState: {
+                ...(session.structuredState ?? { provider: "claude", runner: "claude-cli-print", inFlight: false, activeRequestId: null, lastError: null }),
+                model: normalized ?? undefined,
+            },
+        };
+        this.sessions.set(sessionId, updated);
+        this.storage.saveSession(updated);
+        this.emit({
+            type: "status",
+            sessionId,
+            data: { sessionKind: "structured", selectedModel: normalized, structuredState: updated.structuredState },
+        });
+        return updated;
+    }
     /** Toggle auto-approve for the session. */
     toggleAutoApprove(sessionId) {
         const session = this.requireSession(sessionId);
@@ -500,6 +525,10 @@ export class StructuredSessionManager {
                     ? "请使用中文回复。所有解释、注释和对话文本都使用中文。"
                     : `Please respond in ${language}. Use ${language} for all your explanations, comments, and conversational text.`);
             }
+            const modelChoice = session.selectedModel?.trim();
+            if (modelChoice && modelChoice !== "default") {
+                args.push("--model", modelChoice);
+            }
             if (session.claudeSessionId) {
                 args.push("--resume", session.claudeSessionId);
             }

package/dist/types.d.ts

@@ -86,6 +86,18 @@ export interface WandConfig {
     android?: AndroidApkConfig;
     /** Default expand/collapse state for card types in structured chat view */
     cardDefaults?: CardExpandDefaults;
+    /** 新建会话时默认使用的 Claude 模型（别名或完整 ID）。留空则不传 --model，由 claude 自行决定。 */
+    defaultModel?: string;
+}
+export interface ClaudeModelInfo {
+    /** 传给 --model 的值（别名或完整模型 ID） */
+    id: string;
+    /** UI 显示的友好标签 */
+    label: string;
+    /** 可选备注：例如 "当前默认"、"最新" */
+    note?: string;
+    /** 是否为别名（opus/sonnet 等）；完整 ID 为 false */
+    alias?: boolean;
 }
 interface WorktreeInfo {
     branch: string;
@@ -130,6 +142,8 @@ export interface CommandRequest {
     mode?: ExecutionMode;
     initialInput?: string;
     worktreeEnabled?: boolean;
+    /** Claude 模型（别名或完整 ID）。仅对 claude provider 生效。留空则回落到 config.defaultModel。 */
+    model?: string;
 }
 export interface InputRequest {
     input?: string;
@@ -273,6 +287,8 @@ export interface SessionSnapshot {
     summary?: string;
     /** 当前正在执行的任务标题（用于会话列表展示） */
     currentTaskTitle?: string;
+    /** 用户为此会话选定的 Claude 模型（别名或完整 ID）。结构化会话下次 spawn 时使用；PTY 会话仅用于展示。 */
+    selectedModel?: string | null;
 }
 export type SessionLifecycleState = "initializing" | "running" | "idle" | "thinking" | "waiting-input" | "archived";
 export interface SessionLifecycle {

package/dist/upload-routes.d.ts

@@ -0,0 +1,3 @@
+import type { Express } from "express";
+import type { ProcessManager } from "./process-manager.js";
+export declare function registerUploadRoutes(app: Express, processes: ProcessManager): void;

package/dist/upload-routes.js

@@ -0,0 +1,53 @@
+import { mkdirSync, existsSync } from "node:fs";
+import path from "node:path";
+import { randomBytes } from "node:crypto";
+import multer from "multer";
+const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10 MB
+const MAX_FILES = 5;
+function sanitizeFilename(name) {
+    return name.replace(/[^a-zA-Z0-9._-]/g, "_").slice(0, 200);
+}
+export function registerUploadRoutes(app, processes) {
+    const storage = multer.diskStorage({
+        destination(_req, _file, cb) {
+            const sessionId = _req.params?.id;
+            const session = sessionId ? processes.get(sessionId) : null;
+            const cwd = session?.cwd || "/tmp";
+            const uploadDir = path.join(cwd, ".wand-uploads");
+            if (!existsSync(uploadDir)) {
+                mkdirSync(uploadDir, { recursive: true });
+            }
+            cb(null, uploadDir);
+        },
+        filename(_req, file, cb) {
+            const ts = Date.now();
+            const rand = randomBytes(4).toString("hex");
+            const safe = sanitizeFilename(file.originalname);
+            cb(null, `${ts}-${rand}-${safe}`);
+        },
+    });
+    const upload = multer({
+        storage,
+        limits: { fileSize: MAX_FILE_SIZE, files: MAX_FILES },
+    });
+    app.post("/api/sessions/:id/upload", upload.array("files", MAX_FILES), (req, res) => {
+        const sessionId = req.params.id;
+        const session = processes.get(sessionId);
+        if (!session) {
+            res.status(404).json({ error: "会话不存在。" });
+            return;
+        }
+        const files = req.files || [];
+        if (files.length === 0) {
+            res.status(400).json({ error: "未收到文件。" });
+            return;
+        }
+        const result = files.map((f) => ({
+            originalName: f.originalname,
+            savedPath: f.path,
+            size: f.size,
+            mimeType: f.mimetype,
+        }));
+        res.json({ files: result });
+    });
+}