@exreve/exk 1.0.25 → 1.0.27

package/dist/index.js

@@ -16,6 +16,7 @@ import { startApp, stopApp, restartApp, getAppStatuses, getAppLogs } from './app
 import { spawn, execSync } from 'child_process';
 import readline from 'readline';
 import { fileURLToPath } from 'url';
+import { createHash } from 'crypto';
 // ============ Constants ============
 const CONFIG_DIR = path.join(os.homedir(), '.talk-to-code');
 const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
@@ -65,6 +66,33 @@ async function fetchAiConfig(authToken) {
     }
 }
 const AI_CONFIG_FILE = path.join(CONFIG_DIR, 'ai-config.json');
+const PROXY_CONFIG_FILE = path.join(CONFIG_DIR, 'proxy.json');
+/** Read proxy toggle state from disk */
+async function readProxyConfig() {
+    try {
+        const raw = await fs.readFile(PROXY_CONFIG_FILE, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return { enabled: false };
+    }
+}
+/** Write proxy toggle state to disk */
+async function writeProxyConfig(cfg) {
+    await fs.mkdir(CONFIG_DIR, { recursive: true });
+    await fs.writeFile(PROXY_CONFIG_FILE, JSON.stringify(cfg, null, 2));
+}
+/** Get the proxy URL from ai-config.json (saved from backend) */
+function getProxyUrl() {
+    try {
+        const raw = fsSync.readFileSync(AI_CONFIG_FILE, 'utf-8');
+        const j = JSON.parse(raw);
+        return typeof j.proxy === 'string' ? j.proxy.trim() : '';
+    }
+    catch {
+        return '';
+    }
+}
 /** True if ai-config.json has a model API key (not read from host ANTHROPIC_* env). */
 function hasAiCredentials() {
     try {
@@ -199,24 +227,97 @@ function getCliVersion() {
         return '0.0.0';
     }
 }
-// ============ Update Helpers ============
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-let isUpdating = false;
-/** Check if a newer version is available on npm */
-async function checkForNpmUpdate() {
+const CURRENT_FILE = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(CURRENT_FILE);
+function getCliHash() {
+    return createHash('sha256').update(fsSync.readFileSync(CURRENT_FILE)).digest('hex');
+}
+async function checkForUpdate() {
     try {
-        const currentVersion = getCliVersion();
-        const latestVersion = execSync('npm view @exreve/exk version', { encoding: 'utf-8', timeout: 10000 }).trim();
-        return {
-            updateAvailable: currentVersion !== latestVersion,
-            currentVersion,
-            latestVersion
-        };
+        const config = await readConfig();
+        const res = await fetch(`${config.apiUrl}/update/check`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ hash: getCliHash(), platform: os.platform() })
+        });
+        if (!res.ok)
+            return null;
+        return await res.json();
     }
     catch {
         return null;
     }
 }
+async function replaceSelf(tarballBuffer) {
+    const extractDir = path.join(os.tmpdir(), `ttc-update-${Date.now()}`);
+    await fs.mkdir(extractDir, { recursive: true });
+    const tarPath = path.join(extractDir, 'ttc-cli.tar.gz');
+    await fs.writeFile(tarPath, tarballBuffer);
+    execSync(`tar -xzf "${tarPath}" -C "${extractDir}"`);
+    await fs.unlink(tarPath);
+    // Preserve user config/token files (never overwrite on update)
+    const preserveFiles = ['device-config.json', 'device-id.json', 'config.json'];
+    const preserved = {};
+    for (const f of preserveFiles) {
+        try {
+            preserved[f] = await fs.readFile(path.join(CONFIG_DIR, f));
+        }
+        catch {
+            /* file may not exist */
+        }
+    }
+    // Replace cli/ and shared/ in CONFIG_DIR
+    const cliDest = path.join(CONFIG_DIR, 'cli');
+    const sharedDest = path.join(CONFIG_DIR, 'shared');
+    await fs.rm(cliDest, { recursive: true, force: true });
+    await fs.rm(sharedDest, { recursive: true, force: true });
+    await fs.cp(path.join(extractDir, 'cli'), cliDest, { recursive: true });
+    await fs.cp(path.join(extractDir, 'shared'), sharedDest, { recursive: true });
+    // Update package.json and npm install
+    await fs.copyFile(path.join(extractDir, 'package.json'), path.join(CONFIG_DIR, 'package.json'));
+    await fs.rm(extractDir, { recursive: true, force: true });
+    // Restore preserved config
+    for (const f of preserveFiles) {
+        if (preserved[f])
+            await fs.writeFile(path.join(CONFIG_DIR, f), preserved[f]);
+    }
+    console.log('✓ CLI updated');
+    const npmPaths = [path.join(os.homedir(), '.nvm/versions/node/v22/bin/npm'), path.join(os.homedir(), '.nvm/versions/node/v20/bin/npm')];
+    const npmBin = npmPaths.find(p => fsSync.existsSync(p)) || 'npm';
+    try {
+        execSync(`"${npmBin}" install --omit=dev`, { cwd: CONFIG_DIR, stdio: 'inherit' });
+        console.log('✓ Dependencies updated');
+    }
+    catch {
+        console.warn('⚠ npm install failed');
+    }
+}
+async function selfUpdate(force = false) {
+    const info = await checkForUpdate();
+    if (!info || !info.updateAvailable) {
+        console.log('✓ Already up to date');
+        return;
+    }
+    console.log('📦 Update available!');
+    if (!force && process.stdin.isTTY) {
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+        const answer = await new Promise(r => rl.question('Update now? [Y/n] ', a => { rl.close(); r(a.trim()); }));
+        if (answer.toLowerCase().startsWith('n'))
+            return;
+    }
+    if (!info.downloadUrl || !info.hash)
+        return;
+    console.log('Downloading...');
+    const res = await fetch(info.downloadUrl);
+    if (!res.ok)
+        throw new Error('Download failed');
+    const bundle = Buffer.from(await res.arrayBuffer());
+    if (createHash('sha256').update(bundle).digest('hex') !== info.hash) {
+        throw new Error('Hash mismatch');
+    }
+    await replaceSelf(bundle);
+    process.exit(0);
+}
 // ============ Commands ============
 async function registerDevice(name, email) {
     try {
@@ -516,9 +617,9 @@ async function runDaemon(foreground = false, email) {
     const ipAddress = getLocalIpAddress();
     const hostname = getHostname();
     // Silent update check on startup
-    checkForNpmUpdate().then(info => {
+    checkForUpdate().then(info => {
         if (info?.updateAvailable)
-            console.log(`📦 Update available: ${info.currentVersion} → ${info.latestVersion} (run "exk update")`);
+            console.log('📦 Update available: run "ttc update"');
     }).catch(() => { });
     if (foreground)
         console.log('=== TalkToCode CLI (Foreground) ===');
@@ -1263,6 +1364,7 @@ async function runDaemon(foreground = false, email) {
                         projectPath,
                         promptId: capturedPromptId,
                         model: model, // Pass the model from the session
+                        attachments: data.attachments, // Pass attachments from frontend
                         onStatusUpdate: (status) => {
                             // Emit status update from CLI (CLI is source of truth)
                             // Use captured promptId to ensure correct prompt is updated
@@ -1642,13 +1744,10 @@ async function runDaemon(foreground = false, email) {
             // ========== Version & Update Handlers ==========
             // Respond with CLI version info
             socket.on('version:info', (_data, callback) => {
-                if (isUpdating) {
-                    callback({ success: false, error: 'Update in progress' });
-                    return;
-                }
                 callback({
                     success: true,
                     version: getCliVersion(),
+                    hash: getCliHash(),
                     date: new Date().toISOString(),
                     nodeVersion: process.version,
                     platform: os.platform(),
@@ -1657,10 +1756,6 @@ async function runDaemon(foreground = false, email) {
             });
             // Force update: npm update -g @exreve/exk then restart PM2
             socket.on('force-update', (_data, callback) => {
-                if (isUpdating) {
-                    callback?.({ success: false, error: 'Update already in progress' });
-                    return;
-                }
                 if (foreground) {
                     console.log('[force-update] Received force update command from server');
                 }
@@ -1701,7 +1796,67 @@ async function runDaemon(foreground = false, email) {
                     }
                 });
             });
+            // ========== update:start handler (legacy compatibility) ==========
+            socket.on('update:start', (_data, callback) => {
+                // Use npm-based self-update
+                if (foreground) {
+                    console.log('[update:start] Starting npm self-update...');
+                }
+                callback?.({ success: true, message: 'Update started via npm' });
+                const npmPaths = [
+                    path.join(os.homedir(), '.nvm/versions/node/v22/bin/npm'),
+                    path.join(os.homedir(), '.nvm/versions/node/v20/bin/npm')
+                ];
+                const npmBin = npmPaths.find(p => fsSync.existsSync(p)) || 'npm';
+                const updateProcess = spawn(npmBin, ['update', '-g', '@exreve/exk'], {
+                    stdio: 'pipe',
+                    detached: true
+                });
+                updateProcess.on('close', () => {
+                    setTimeout(() => {
+                        try {
+                            execSync('pm2 restart cli', { stdio: 'inherit' });
+                        }
+                        catch {
+                            process.exit(0);
+                        }
+                    }, 2000);
+                });
+            });
             // Cloudflared handlers
+            // Proxy toggle handler
+            socket.on('proxy:toggle:request', async (data, callback) => {
+                try {
+                    const { enable } = data;
+                    const proxyUrl = getProxyUrl();
+                    if (enable && !proxyUrl) {
+                        callback?.({ success: false, enabled: false });
+                        return;
+                    }
+                    await writeProxyConfig({ enabled: enable });
+                    if (foreground) {
+                        console.log(`[CLI] Proxy ${enable ? 'enabled' : 'disabled'}${proxyUrl ? `: ${proxyUrl}` : ''}`);
+                    }
+                    else {
+                        console.log(`Proxy ${enable ? 'enabled' : 'disabled'}`);
+                    }
+                    callback?.({ success: true, enabled: enable, proxyUrl: enable ? proxyUrl : undefined });
+                }
+                catch (error) {
+                    callback?.({ success: false, enabled: false });
+                }
+            });
+            // Proxy status handler
+            socket.on('proxy:status:request', async (_data, callback) => {
+                try {
+                    const proxyConfig = await readProxyConfig();
+                    const proxyUrl = getProxyUrl();
+                    callback?.({ enabled: proxyConfig.enabled, proxyUrl: proxyConfig.enabled ? proxyUrl : undefined });
+                }
+                catch {
+                    callback?.({ enabled: false });
+                }
+            });
             socket.on('cloudflared:check:request', async () => {
                 try {
                     let installed = false;
@@ -2211,7 +2366,7 @@ async function runDaemon(foreground = false, email) {
                     const { name, image, ports = [], env = {}, runAsRoot = false } = data;
                     // Get CLI directory path (where this script is running from)
                     // Use the same pattern as elsewhere in the file
-                    const cliDir = __dirname;
+                    const cliDir = path.dirname(CURRENT_FILE);
                     // Build docker run command
                     let cmd = `${runtime} run -d --name ${name}`;
                     // Security: Running as root INSIDE container is safe - it's still isolated from host
@@ -2685,4 +2840,37 @@ program
         process.exit(1);
     });
 });
+// Enable proxy command
+program
+    .command('enable')
+    .description('Enable a feature (e.g. proxy)')
+    .argument('<feature>', 'Feature to enable (proxy)')
+    .action(async (feature) => {
+    if (feature !== 'proxy') {
+        console.error(`Unknown feature: ${feature}. Available: proxy`);
+        process.exit(1);
+    }
+    const proxyUrl = getProxyUrl();
+    if (!proxyUrl) {
+        console.log('No proxy URL configured. Run "exk daemon" first to sync config from server.');
+        process.exit(1);
+    }
+    await writeProxyConfig({ enabled: true });
+    console.log(`Proxy enabled: ${proxyUrl}`);
+    process.exit(0);
+});
+// Disable proxy command
+program
+    .command('disable')
+    .description('Disable a feature (e.g. proxy)')
+    .argument('<feature>', 'Feature to disable (proxy)')
+    .action(async (feature) => {
+    if (feature !== 'proxy') {
+        console.error(`Unknown feature: ${feature}. Available: proxy`);
+        process.exit(1);
+    }
+    await writeProxyConfig({ enabled: false });
+    console.log('Proxy disabled');
+    process.exit(0);
+});
 program.parse();

package/dist/moduleMcpServer.js

@@ -3,9 +3,13 @@
  *
  * Exposes enabled modules as MCP tools to the agent.
  * This allows the agent to interact with modules like user-choice through standard tool calls.
+ * Also provides built-in tools like analyze_image for vision capabilities.
  */
 import { createSdkMcpServer, tool } from '@anthropic-ai/claude-agent-sdk';
 import { z } from 'zod';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
 /**
  * Create a tool for the user-choice module
  */
@@ -15,7 +19,7 @@ function createUserChoiceTool(onChoiceRequest) {
         options: z.array(z.object({ label: z.string(), value: z.string() })),
         timeout: z.number().optional()
     };
-    return tool('user_choice_request', 'Present a choice modal to the user and wait for their selection. Use this whenever you need a decision, confirmation, or preference from the user. The AskUserQuestion tool is disabled — this is your only way to get interactive user input. Always use this before proceeding with ambiguous tasks or destructive actions.', schema, async (args, _extra) => {
+    return tool('user_choice_request', 'Request user input when making decisions. Use this when you need the user to choose between options or provide input on a decision. This tool will present a modal to the user with your question and wait for their response.', schema, async (args, _extra) => {
         if (!onChoiceRequest) {
             return {
                 content: [
@@ -67,6 +71,74 @@ function createUserChoiceTool(onChoiceRequest) {
         }
     });
 }
+/**
+ * Convert a file to a data URI for vision API consumption
+ */
+function fileToDataUri(filePath) {
+    try {
+        const buf = fs.readFileSync(filePath);
+        const ext = path.extname(filePath).toLowerCase().replace('.', '');
+        const mimeMap = {
+            png: 'image/png', jpg: 'image/jpeg', jpeg: 'image/jpeg',
+            gif: 'image/gif', webp: 'image/webp', bmp: 'image/bmp',
+            svg: 'image/svg+xml',
+        };
+        const mime = mimeMap[ext] || 'application/octet-stream';
+        return `data:${mime};base64,${buf.toString('base64')}`;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Create the analyze_image tool for vision capabilities via OpenRouter
+ */
+function createAnalyzeImageTool(attachmentDir) {
+    const workDir = attachmentDir || os.tmpdir();
+    return tool('analyze_image', 'Analyze one or more image files using a vision model. Pass the path to an image file and a question. Returns a detailed text answer about the image content.', {
+        image_path: z.string().describe('Path to the image file to analyze (can be relative to working directory, e.g. "attachments/photo.jpg")'),
+        question: z.string().describe('Question or instruction about the image. Be specific about what you want to know.'),
+    }, async (args) => {
+        const apiKey = process.env.OPENROUTER_API_KEY || '';
+        if (!apiKey) {
+            return { content: [{ type: 'text', text: 'Error: OPENROUTER_API_KEY not configured.' }], isError: true };
+        }
+        try {
+            // Resolve relative paths against the attachment dir
+            const imagePath = path.resolve(workDir, args.image_path);
+            if (!fs.existsSync(imagePath)) {
+                return { content: [{ type: 'text', text: `Error: Image file not found: ${args.image_path}` }], isError: true };
+            }
+            const dataUri = fileToDataUri(imagePath);
+            if (!dataUri) {
+                return { content: [{ type: 'text', text: `Error: Could not read image file: ${args.image_path}` }], isError: true };
+            }
+            const OPENROUTER_ENDPOINT = 'https://openrouter.ai/api/v1/chat/completions';
+            const OPENROUTER_MODEL = 'qwen/qwen3.5-27b';
+            const res = await fetch(OPENROUTER_ENDPOINT, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${apiKey}` },
+                body: JSON.stringify({
+                    model: OPENROUTER_MODEL,
+                    messages: [{ role: 'user', content: [
+                                { type: 'text', text: args.question },
+                                { type: 'image_url', image_url: { url: dataUri } },
+                            ] }],
+                }),
+                signal: AbortSignal.timeout(60_000),
+            });
+            const raw = await res.text();
+            if (!res.ok) {
+                return { content: [{ type: 'text', text: `Error from vision API (${res.status}): ${raw.slice(0, 500)}` }], isError: true };
+            }
+            const parsed = JSON.parse(raw);
+            return { content: [{ type: 'text', text: parsed.choices?.[0]?.message?.content || raw }] };
+        }
+        catch (error) {
+            return { content: [{ type: 'text', text: `Error analyzing image: ${error.message}` }], isError: true };
+        }
+    });
+}
 /**
  * Get available tools based on enabled modules
  */
@@ -76,6 +148,10 @@ function getModuleTools(config) {
     if (config.enabledModules.includes('user-choice')) {
         tools.push(createUserChoiceTool(config.onChoiceRequest));
     }
+    // Always add analyze_image tool if attachmentDir is provided (i.e. there are attachments)
+    if (config.attachmentDir) {
+        tools.push(createAnalyzeImageTool(config.attachmentDir));
+    }
     // Add more module tools here as they are implemented
     return tools;
 }
@@ -91,25 +167,3 @@ export function createModuleMcpServer(config) {
     });
     return server;
 }
-/**
- * Get a system prompt hint describing available module tools.
- * This ensures the model knows about custom MCP tools upfront without
- * having to discover them through the MCP tool-listing mechanism.
- */
-export function getModuleToolHint(enabledModules) {
-    if (enabledModules.length === 0)
-        return null;
-    const toolDescriptions = [];
-    if (enabledModules.includes('user-choice')) {
-        toolDescriptions.push(`- user_choice_request(question: str, options: [{label: str, value: str}], timeout?: int): Present a modal to the remote user with a question and clickable options. Returns the user's selection.
-  IMPORTANT: The built-in AskUserQuestion tool is DISABLED. Whenever you need user input, decisions, or confirmations, you MUST use user_choice_request instead.
-  Always call this tool when:
-  - There are multiple valid approaches and you need the user to pick one
-  - You need explicit confirmation before a destructive or significant action
-  - The user's preference matters for how to proceed`);
-    }
-    // Add more module tool descriptions here as they are implemented
-    if (toolDescriptions.length === 0)
-        return null;
-    return `You have access to the following custom MCP tools:\n${toolDescriptions.join('\n')}\n\nThese tools are your ONLY way to interact with the user (AskUserQuestion is disabled). Call them directly — do NOT ask the user to type responses in chat.`;
-}