@geekbeer/minion 2.16.5 → 2.25.0

package/routes/auth.js

@@ -1,272 +1,16 @@
 /**
- * Authentication management endpoints
+ * LLM authentication status endpoint
  *
- * Provides guided LLM authentication flow for non-engineer users.
- * Uses tmux to run `claude auth login` in a named session that can be:
- *   - Observed from the terminal: `tmux attach -t claude-auth`
- *   - Controlled via `tmux send-keys` for reliable key input
- *   - Read via `tmux capture-pane` for output extraction
+ * Reports which LLM services are authenticated on this minion.
+ * Authentication itself is the user's responsibility — they should
+ * use the terminal (VNC or ttyd) to run their LLM CLI's login command.
  *
- * Flow:
- * 1. POST /api/auth/start  - Start tmux session, navigate menus, extract OAuth URL
- * 2. User opens URL in their browser, authenticates, receives a code
- * 3. POST /api/auth/code   - Submit the code to the tmux session
- * 4. GET  /api/auth/status  - Poll for authentication completion
+ * Endpoints:
+ *   GET  /api/auth/status  - Get LLM authentication status
  */
 
-const { execSync, exec } = require('child_process')
-const fs = require('fs')
-const path = require('path')
 const { verifyToken } = require('../lib/auth')
-const { getLlmServices, clearLlmCache } = require('../lib/llm-checker')
-const { config } = require('../config')
-
-const TMUX_SESSION = 'claude-auth'
-
-let authInProgress = false
-let authLockTimer = null
-
-/**
- * Release the auth lock and clean up
- */
-function releaseAuthLock() {
-  authInProgress = false
-  if (authLockTimer) {
-    clearTimeout(authLockTimer)
-    authLockTimer = null
-  }
-  // Kill tmux session if still running
-  try { execSync(`tmux kill-session -t ${TMUX_SESSION} 2>/dev/null`) } catch {}
-}
-
-/** Strip ANSI escape sequences for readable logging */
-function stripAnsi(str) {
-  return str.replace(/\x1b\[[0-9;]*[a-zA-Z]|\x1b\][^\x07]*\x07|\x1b\[\?[0-9;]*[a-zA-Z]/g, '')
-}
-
-/**
- * Capture the current tmux pane content
- */
-function captureTmuxPane() {
-  try {
-    return execSync(
-      `tmux capture-pane -t ${TMUX_SESSION} -p -J -S -50`,
-      { encoding: 'utf-8', timeout: 5000 }
-    )
-  } catch {
-    return ''
-  }
-}
-
-/**
- * Check if the tmux session exists
- */
-function tmuxSessionExists() {
-  try {
-    execSync(`tmux has-session -t ${TMUX_SESSION} 2>/dev/null`)
-    return true
-  } catch {
-    return false
-  }
-}
-
-/**
- * Extract OAuth URL from tmux pane content
- */
-function extractUrlFromPane(content) {
-  const urlMatch = content.match(/(https:\/\/[^\s]+)/)
-  return urlMatch ? urlMatch[1] : null
-}
-
-/**
- * Start Claude Code login in a tmux session.
- *
- * Interactive flow:
- *   1. Theme selection  → send Enter (accept default)
- *   2. Login method     → send Enter (accept default = Subscription)
- *   3. OAuth URL output → capture and return
- *
- * Uses content-based polling instead of fixed timers so that first-run
- * CLI initialization delays don't cause Enter keys to be lost.
- *
- * Returns a promise that resolves with the OAuth URL.
- * The tmux session stays alive for code submission.
- */
-function startClaudeAuth() {
-  return new Promise((resolve, reject) => {
-    // Kill any leftover session
-    try { execSync(`tmux kill-session -t ${TMUX_SESSION} 2>/dev/null`) } catch {}
-
-    console.log('[Auth] Creating tmux session for claude auth login')
-
-    // Extend PATH to include common CLI installation locations
-    // (systemd provides a minimal PATH that excludes ~/.local/bin where claude is installed)
-    const additionalPaths = [
-      path.join(config.HOME_DIR, '.local', 'bin'),
-      path.join(config.HOME_DIR, 'bin'),
-      path.join(config.HOME_DIR, '.npm-global', 'bin'),
-      path.join(config.HOME_DIR, '.claude', 'bin'),
-      '/usr/local/bin',
-    ]
-    const extendedPath = [...additionalPaths, process.env.PATH || '/usr/bin:/bin'].join(':')
-
-    try {
-      // Start claude auth login in a new tmux session
-      // Use inline env vars in the shell command for compatibility with all tmux versions
-      // (tmux -e flag requires tmux 3.2+)
-      // CLAUDECODE='' prevents the nesting check
-      execSync(
-        `tmux new-session -d -s ${TMUX_SESSION} -x 500 -y 40 'export HOME="${config.HOME_DIR}" PATH="${extendedPath}"; CLAUDECODE="" claude auth login'`,
-        { timeout: 5000 }
-      )
-      // Keep pane alive after command exits so we can capture error output
-      execSync(`tmux set-option -t ${TMUX_SESSION} remain-on-exit on`)
-    } catch (err) {
-      reject(new Error(`Failed to create tmux session: ${err.message}`))
-      return
-    }
-
-    console.log('[Auth] tmux session created, polling for menus...')
-
-    // State machine for menu navigation
-    // 'wait_theme'  → waiting for theme selection menu to appear
-    // 'wait_login'  → Enter sent for theme, waiting for login method menu
-    // 'wait_url'    → Enter sent for login method, waiting for OAuth URL
-    let stage = 'wait_theme'
-    let resolved = false
-    let lastContent = ''
-
-    const pollInterval = setInterval(() => {
-      if (resolved) return
-
-      // Check if the process inside the pane has exited (remain-on-exit keeps pane alive)
-      let paneDead = false
-      try {
-        const deadFlag = execSync(
-          `tmux list-panes -t ${TMUX_SESSION} -F '#{pane_dead}'`,
-          { encoding: 'utf-8', timeout: 3000 }
-        ).trim()
-        paneDead = deadFlag === '1'
-      } catch {
-        // Session itself is gone
-        resolved = true
-        clearInterval(pollInterval)
-        reject(new Error('Auth session ended unexpectedly'))
-        return
-      }
-
-      const content = captureTmuxPane()
-      const clean = stripAnsi(content)
-
-      // If process exited, capture output for diagnostics and report error
-      if (paneDead) {
-        resolved = true
-        clearInterval(pollInterval)
-        console.error(`[Auth] Process exited. Pane output:\n${clean.slice(0, 1000)}`)
-        try { execSync(`tmux kill-session -t ${TMUX_SESSION} 2>/dev/null`) } catch {}
-        reject(new Error(`Auth process exited. Output: ${clean.slice(0, 300) || '(none)'}`))
-        return
-      }
-
-      // Check for URL at any stage
-      const url = extractUrlFromPane(content)
-      if (url) {
-        resolved = true
-        clearInterval(pollInterval)
-        console.log(`[Auth] URL found: ${url}`)
-        resolve(url)
-        return
-      }
-
-      if (stage === 'wait_theme') {
-        // Detect theme selection menu: look for "text style" or menu indicators
-        if (clean.match(/text\s*style|theme|dark|light/i) && clean.length > 20) {
-          console.log('[Auth] Theme menu detected, sending Enter #1')
-          try { execSync(`tmux send-keys -t ${TMUX_SESSION} Enter`) } catch {}
-          stage = 'wait_login'
-          lastContent = clean
-        }
-      } else if (stage === 'wait_login') {
-        // Detect login method menu: look for "login" or "subscription" or content change
-        if (clean !== lastContent && (
-          clean.match(/login\s*method|subscription|account|how.*login/i) ||
-          clean.match(/anthropic|console|api\s*key/i) ||
-          // Content changed significantly after Enter — likely new menu
-          clean.length > lastContent.length + 10
-        )) {
-          console.log('[Auth] Login method menu detected, sending Enter #2')
-          try { execSync(`tmux send-keys -t ${TMUX_SESSION} Enter`) } catch {}
-          stage = 'wait_url'
-        }
-      }
-      // stage === 'wait_url': just keep polling for URL (handled above)
-
-    }, 1000)
-
-    // Timeout after 60 seconds (longer for first-run initialization)
-    setTimeout(() => {
-      if (!resolved) {
-        resolved = true
-        clearInterval(pollInterval)
-        const content = captureTmuxPane()
-        const clean = stripAnsi(content).trim()
-        console.error(`[Auth] Timed out at stage=${stage}. Pane content: ${clean.slice(0, 500)}`)
-        reject(new Error(
-          `Timed out waiting for auth URL (stage: ${stage}). Output: ${clean.slice(0, 300) || '(none)'}`
-        ))
-      }
-    }, 60000)
-  })
-}
-
-/**
- * Submit an auth code to the running tmux session.
- * Types the code and presses Enter.
- */
-function submitAuthCode(code) {
-  if (!tmuxSessionExists()) {
-    return { success: false, error: 'No auth session running' }
-  }
-
-  // Check if the process inside the pane is still alive
-  // (remain-on-exit keeps the session but the process may have exited)
-  try {
-    const deadFlag = execSync(
-      `tmux list-panes -t ${TMUX_SESSION} -F '#{pane_dead}'`,
-      { encoding: 'utf-8', timeout: 3000 }
-    ).trim()
-    if (deadFlag === '1') {
-      const content = captureTmuxPane()
-      const clean = stripAnsi(content).trim()
-      console.error(`[Auth] Cannot submit code: auth process already exited. Pane output:\n${clean.slice(0, 500)}`)
-      try { execSync(`tmux kill-session -t ${TMUX_SESSION} 2>/dev/null`) } catch {}
-      return { success: false, error: `Auth process already exited. Output: ${clean.slice(0, 200) || '(none)'}` }
-    }
-  } catch {
-    return { success: false, error: 'No auth session running' }
-  }
-
-  try {
-    console.log('[Auth] Submitting auth code to tmux session')
-    // Use send-keys with -l (literal) to avoid interpreting special chars
-    execSync(`tmux send-keys -t ${TMUX_SESSION} -l '${code.replace(/'/g, "'\\''")}'`)
-    execSync(`tmux send-keys -t ${TMUX_SESSION} Enter`)
-
-    // Log pane content after submission for diagnostics
-    setTimeout(() => {
-      try {
-        const content = captureTmuxPane()
-        const clean = stripAnsi(content).trim()
-        console.log(`[Auth] Pane content after code submission:\n${clean.slice(0, 500)}`)
-      } catch {}
-    }, 3000)
-
-    return { success: true }
-  } catch (err) {
-    console.error(`[Auth] Failed to send code: ${err.message}`)
-    return { success: false, error: 'Failed to submit code to auth session' }
-  }
-}
+const { getLlmServices, isLlmCommandConfigured } = require('../lib/llm-checker')
 
 /**
  * Register auth routes as Fastify plugin
@@ -274,163 +18,19 @@ function submitAuthCode(code) {
  */
 async function authRoutes(fastify) {
 
-  // Start LLM authentication flow
-  fastify.post('/api/auth/start', async (request, reply) => {
-    if (!verifyToken(request)) {
-      reply.code(401)
-      return { success: false, error: 'Unauthorized' }
-    }
-
-    const { service } = request.body || {}
-    const targetService = service || 'claude'
-
-    if (targetService !== 'claude') {
-      reply.code(400)
-      return { success: false, error: `Unsupported service: ${targetService}` }
-    }
-
-    // Check if already authenticated
-    const services = getLlmServices()
-    const claude = services.find(s => s.name === 'claude')
-    if (claude && claude.authenticated) {
-      return { success: true, already_authenticated: true }
-    }
-
-    // Clean up any previous auth session and start fresh
-    if (authInProgress) {
-      console.log('[Auth] Cleaning up previous auth session')
-      releaseAuthLock()
-    }
-
-    authInProgress = true
-    // Safety timeout — release lock after 5 minutes
-    authLockTimer = setTimeout(releaseAuthLock, 300000)
-
-    console.log('[Auth] Starting Claude Code authentication flow')
-
-    try {
-      const authUrl = await startClaudeAuth()
-      console.log('[Auth] Auth URL obtained successfully')
-      return { success: true, auth_url: authUrl }
-    } catch (err) {
-      console.error(`[Auth] Failed: ${err.message}`)
-      releaseAuthLock()
-      return {
-        success: false,
-        error: err.message,
-        fallback: 'Open Terminal and run: claude auth login',
-      }
-    }
-  })
-
-  // Submit auth code to running session
-  fastify.post('/api/auth/code', async (request, reply) => {
-    if (!verifyToken(request)) {
-      reply.code(401)
-      return { success: false, error: 'Unauthorized' }
-    }
-
-    const { code } = request.body || {}
-    if (!code || typeof code !== 'string') {
-      reply.code(400)
-      return { success: false, error: 'Missing auth code' }
-    }
-
-    const result = submitAuthCode(code.trim())
-    if (!result.success) {
-      reply.code(409)
-    }
-    return result
-  })
-
-  // Logout from LLM service
-  fastify.post('/api/auth/logout', async (request, reply) => {
-    if (!verifyToken(request)) {
-      reply.code(401)
-      return { success: false, error: 'Unauthorized' }
-    }
-
-    const { service } = request.body || {}
-    const targetService = service || 'claude'
-
-    if (targetService !== 'claude') {
-      reply.code(400)
-      return { success: false, error: `Unsupported service: ${targetService}` }
-    }
-
-    // Delete credential files directly (more reliable than CLI which may be interactive)
-    const credPaths = [
-      path.join(config.HOME_DIR, '.claude', '.credentials.json'),
-      path.join(config.HOME_DIR, '.claude', 'credentials.json'),
-    ]
-
-    let deleted = 0
-    for (const p of credPaths) {
-      try {
-        if (fs.existsSync(p)) {
-          fs.unlinkSync(p)
-          console.log(`[Auth] Deleted: ${p}`)
-          deleted++
-        }
-      } catch (err) {
-        console.error(`[Auth] Failed to delete ${p}: ${err.message}`)
-      }
-    }
-
-    // Clear cached LLM status so next check reflects the change
-    clearLlmCache()
-
-    console.log(`[Auth] Logout completed (${deleted} credential files removed)`)
-    return { success: true }
-  })
-
-  // Get current LLM authentication status (for polling)
+  // Get current LLM authentication status
   fastify.get('/api/auth/status', async (request, reply) => {
     if (!verifyToken(request)) {
       reply.code(401)
       return { success: false, error: 'Unauthorized' }
     }
 
-    // During active auth flow, bypass cache so credential changes are detected immediately
-    if (authInProgress) {
-      clearLlmCache()
-
-      // List all files in ~/.claude/ for diagnostics
-      const claudeDir = path.join(config.HOME_DIR, '.claude')
-      try {
-        if (fs.existsSync(claudeDir)) {
-          const listFiles = (dir, prefix = '') => {
-            const entries = fs.readdirSync(dir, { withFileTypes: true })
-            for (const e of entries) {
-              const rel = prefix ? `${prefix}/${e.name}` : e.name
-              if (e.isDirectory()) listFiles(path.join(dir, e.name), rel)
-              else console.log(`[Auth] ~/.claude/${rel}`)
-            }
-          }
-          listFiles(claudeDir)
-        } else {
-          console.log(`[Auth] ~/.claude/ directory does not exist`)
-        }
-      } catch (err) {
-        console.log(`[Auth] Failed to list ~/.claude/: ${err.message}`)
-      }
-    }
-
     const services = getLlmServices()
 
-    // Auto-release auth lock when Claude is now authenticated
-    if (authInProgress) {
-      const claude = services.find(s => s.name === 'claude')
-      if (claude && claude.authenticated) {
-        console.log('[Auth] Authentication detected, releasing auth lock')
-        releaseAuthLock()
-      }
-    }
-
     return {
       success: true,
       services,
-      auth_in_progress: authInProgress,
+      llm_command_configured: isLlmCommandConfigured(),
     }
   })
 }

package/routes/chat.js

@@ -1,14 +1,17 @@
 /**
  * Chat endpoints
  *
- * Provides streaming chat with Claude Code CLI using `--resume` sessions.
+ * Provides streaming chat with the configured LLM CLI using `--resume` sessions.
  * Messages are sent via POST with SSE response for real-time streaming.
  * Session state is persisted to local JSON via chat-store.js.
  *
+ * Requires LLM_COMMAND to be configured in minion.env.
+ *
  * Endpoints:
  *   POST   /api/chat          - Send message, get SSE stream
  *   GET    /api/chat/session   - Get active session (messages + session_id)
  *   POST   /api/chat/clear     - Clear session and start fresh
+ *   POST   /api/chat/abort     - Kill the active LLM CLI process
  */
 
 const { spawn } = require('child_process')
@@ -18,6 +21,9 @@ const { verifyToken } = require('../lib/auth')
 const { config } = require('../config')
 const chatStore = require('../chat-store')
 
+/** @type {import('child_process').ChildProcess | null} */
+let activeChatChild = null
+
 /**
  * Register chat routes as Fastify plugin
  * @param {import('fastify').FastifyInstance} fastify
@@ -60,7 +66,7 @@ async function chatRoutes(fastify) {
     reply.raw.flushHeaders()
 
     try {
-      await streamClaudeResponse(reply.raw, prompt, currentSessionId)
+      await streamLlmResponse(reply.raw, prompt, currentSessionId)
     } catch (err) {
       console.error('[Chat] stream error:', err.message)
       const errorEvent = JSON.stringify({ type: 'error', error: err.message })
@@ -103,6 +109,33 @@ async function chatRoutes(fastify) {
     await chatStore.clear()
     return { success: true }
   })
+
+  // POST /api/chat/abort - Kill the active Claude CLI process
+  fastify.post('/api/chat/abort', async (request, reply) => {
+    if (!verifyToken(request)) {
+      reply.code(401)
+      return { success: false, error: 'Unauthorized' }
+    }
+
+    if (!activeChatChild) {
+      return { success: false, error: 'No active chat process' }
+    }
+
+    console.log(`[Chat] Aborting active chat process PID: ${activeChatChild.pid}`)
+    activeChatChild.kill('SIGTERM')
+
+    // Give it 2s to terminate gracefully, then force kill
+    const pid = activeChatChild.pid
+    setTimeout(() => {
+      try {
+        if (activeChatChild && activeChatChild.pid === pid) {
+          activeChatChild.kill('SIGKILL')
+        }
+      } catch { /* already dead */ }
+    }, 2000)
+
+    return { success: true }
+  })
 }
 
 /**
@@ -165,13 +198,30 @@ function buildContextPrefix(message, context) {
 }
 
 /**
- * Stream Claude Code CLI output as SSE events.
+ * Extract binary name from LLM_COMMAND template.
+ * e.g., "claude -p '{prompt}'" → "claude"
+ */
+function getLlmBinary() {
+  const cmd = config.LLM_COMMAND
+  if (!cmd) return null
+  return cmd.split(/\s+/)[0]
+}
+
+/**
+ * Stream LLM CLI output as SSE events.
  * Uses --resume to continue existing sessions.
+ * Note: Chat-specific flags (--output-format stream-json, --resume, etc.)
+ * are Claude Code CLI features. Other LLM CLIs may not support them.
  */
-function streamClaudeResponse(res, prompt, sessionId) {
+function streamLlmResponse(res, prompt, sessionId) {
   return new Promise((resolve, reject) => {
-    const claudePath = path.join(config.HOME_DIR, '.local', 'bin', 'claude')
-    const claudeBin = fs.existsSync(claudePath) ? claudePath : 'claude'
+    const binaryName = getLlmBinary()
+    if (!binaryName) {
+      reject(new Error('LLM_COMMAND is not configured. Set LLM_COMMAND in minion.env'))
+      return
+    }
+    const binaryPath = path.join(config.HOME_DIR, '.local', 'bin', binaryName)
+    const binary = fs.existsSync(binaryPath) ? binaryPath : binaryName
 
     const extendedPath = [
       `${config.HOME_DIR}/bin`,
@@ -183,12 +233,12 @@ function streamClaudeResponse(res, prompt, sessionId) {
       '/bin',
     ].join(':')
 
-    // Build CLI args
+    // Build CLI args (no --max-turns: allow unlimited turns for task completion)
     const args = [
       '-p',
       '--verbose',
+      '--model', 'sonnet',
       '--output-format', 'stream-json',
-      '--max-turns', '10',
     ]
 
     // Resume existing session
@@ -198,12 +248,12 @@ function streamClaudeResponse(res, prompt, sessionId) {
 
     args.push(prompt)
 
-    console.log(`[Chat] spawning: ${claudeBin} ${sessionId ? `--resume ${sessionId}` : '(new session)'} (cwd: ${config.HOME_DIR})`)
+    console.log(`[Chat] spawning: ${binary} ${sessionId ? `--resume ${sessionId}` : '(new session)'} (cwd: ${config.HOME_DIR})`)
 
-    const child = spawn(claudeBin, args, {
+    const child = spawn(binary, args, {
       cwd: config.HOME_DIR,
       stdio: ['pipe', 'pipe', 'pipe'],
-      timeout: 300000, // 5 min
+      timeout: 600000, // 10 min
       env: {
         ...process.env,
         HOME: config.HOME_DIR,
@@ -212,6 +262,9 @@ function streamClaudeResponse(res, prompt, sessionId) {
       },
     })
 
+    // Track active child process for abort
+    activeChatChild = child
+
     // Close stdin immediately so CLI doesn't wait for input
     child.stdin.end()
 
@@ -239,6 +292,16 @@ function streamClaudeResponse(res, prompt, sessionId) {
             console.log(`[Chat] session_id: ${resolvedSessionId}`)
           }
 
+          // tool_use events — forward to frontend for progress display
+          if (parsed.type === 'content_block_start' && parsed.content_block?.type === 'tool_use') {
+            const event = JSON.stringify({ type: 'tool_start', tool: parsed.content_block.name || 'unknown' })
+            res.write(`data: ${event}\n\n`)
+          }
+          if (parsed.type === 'content_block_stop') {
+            const event = JSON.stringify({ type: 'tool_end' })
+            res.write(`data: ${event}\n\n`)
+          }
+
           // assistant message content blocks
           if (parsed.type === 'assistant' && parsed.message) {
             for (const block of (parsed.message.content || [])) {
@@ -263,11 +326,6 @@ function streamClaudeResponse(res, prompt, sessionId) {
               res.write(`data: ${event}\n\n`)
               fullResponse = resultText
             }
-            // If max turns was reached, notify frontend
-            if (parsed.subtype === 'error_max_turns' && !resultText) {
-              const event = JSON.stringify({ type: 'error', error: 'Max turns reached — response may be incomplete' })
-              res.write(`data: ${event}\n\n`)
-            }
           }
         } catch {
           // Non-JSON line — ignore
@@ -283,6 +341,8 @@ function streamClaudeResponse(res, prompt, sessionId) {
     })
 
     child.on('close', async (code) => {
+      activeChatChild = null
+
       // Store messages in chat-store
       if (resolvedSessionId) {
         // If this was a new session, also store the user message now
@@ -312,6 +372,7 @@ function streamClaudeResponse(res, prompt, sessionId) {
     })
 
     child.on('error', (err) => {
+      activeChatChild = null
       console.error(`[Chat] spawn error: ${err.message}`)
       const errorEvent = JSON.stringify({ type: 'error', error: `Failed to start Claude CLI: ${err.message}` })
       res.write(`data: ${errorEvent}\n\n`)