@mmmbuto/nexuscli 0.5.0

package/lib/server/db/migrations/003_message_engine_tracking.sql

@@ -0,0 +1,18 @@
+-- ============================================================
+-- MIGRATION 003: Add engine tracking to messages
+-- Enables context bridging between Claude/Codex engines
+-- ============================================================
+
+-- Add engine column to messages table
+ALTER TABLE messages ADD COLUMN engine TEXT DEFAULT 'claude';
+
+-- Index for filtering by engine
+CREATE INDEX IF NOT EXISTS idx_messages_engine ON messages(engine);
+
+-- Composite index for conversation + engine queries
+CREATE INDEX IF NOT EXISTS idx_messages_conversation_engine ON messages(conversation_id, engine);
+
+-- ============================================================
+-- BACKFILL: Set engine based on metadata or default to claude
+-- ============================================================
+UPDATE messages SET engine = 'claude' WHERE engine IS NULL;

package/lib/server/db/migrations/004_performance_indexes.sql

@@ -0,0 +1,16 @@
+-- Migration 004: Performance indexes for chat list optimization
+-- Created: 2025-11-22
+--
+-- Adds indexes to improve:
+-- - Workspace filtering (sessions.workspace_path)
+-- - Conversation listing (conversations.updated_at)
+-- - Session-conversation joins
+
+-- Index for workspace filtering
+CREATE INDEX IF NOT EXISTS idx_sessions_workspace_path ON sessions(workspace_path);
+
+-- Index for conversation sorting (updated_at DESC)
+CREATE INDEX IF NOT EXISTS idx_conversations_updated_at ON conversations(updated_at DESC);
+
+-- Composite index for session-conversation joins
+CREATE INDEX IF NOT EXISTS idx_sessions_id_workspace ON sessions(id, workspace_path);

package/lib/server/db.js

@@ -0,0 +1,2 @@
+// Re-export adapter as main db module
+module.exports = require('./db/adapter');

package/lib/server/lib/cli-wrapper.js

@@ -0,0 +1,164 @@
+const pty = require('./pty-adapter');
+const OutputParser = require('./output-parser');
+
+/**
+ * CLI Wrapper - Generic CLI tool execution (adapted from NexusChat claude-wrapper)
+ * Spawns PTY processes for any CLI tool (bash, git, docker, python, etc.)
+ * Streams output via SSE
+ */
+class CliWrapper {
+  constructor(options = {}) {
+    this.workspaceDir = options.workspaceDir || process.cwd();
+    this.activeJobs = new Map();
+  }
+
+  /**
+   * Execute command via PTY
+   * @param {Object} params - { jobId, tool, command, workingDir, timeout, onStatus }
+   * @returns {Promise<Object>} - { exitCode, stdout, stderr, duration }
+   */
+  async execute({ jobId, tool = 'bash', command, workingDir, timeout = 30000, onStatus }) {
+    return new Promise((resolve, reject) => {
+      const parser = new OutputParser();
+      const startTime = Date.now();
+
+      // Determine shell command
+      let shellCmd = '/bin/bash';
+      let args = ['-c', command];
+
+      // Tool-specific handling
+      if (tool === 'bash') {
+        shellCmd = '/bin/bash';
+        args = ['-c', command];
+      } else if (tool === 'python') {
+        shellCmd = '/usr/bin/python3';
+        args = ['-c', command];
+      } else if (tool === 'node') {
+        shellCmd = '/usr/bin/node';
+        args = ['-e', command];
+      } else {
+        // Generic: assume tool is in PATH
+        shellCmd = tool;
+        args = command.split(' ');
+      }
+
+      console.log(`[CliWrapper] Executing: ${tool} - ${command.substring(0, 50)}...`);
+      console.log(`[CliWrapper] Working dir: ${workingDir || this.workspaceDir}`);
+
+      // Spawn PTY process
+      let ptyProcess;
+      try {
+        ptyProcess = pty.spawn(shellCmd, args, {
+        name: 'xterm-color',
+        cols: 80,
+        rows: 30,
+        cwd: workingDir || this.workspaceDir,
+        env: process.env,
+      });
+      } catch (err) {
+        return reject(err);
+      }
+
+      this.activeJobs.set(jobId, ptyProcess);
+
+      let stdout = '';
+      let stderr = '';
+
+      // Handle timeout
+      const timer = setTimeout(() => {
+        console.log(`[CliWrapper] Job ${jobId} timeout`);
+        ptyProcess.kill('SIGTERM');
+
+        if (onStatus) {
+          onStatus({
+            type: 'error',
+            error: 'Command timeout exceeded',
+            timeout
+          });
+        }
+      }, timeout);
+
+      // Handle process errors
+      if (typeof ptyProcess.on === 'function') {
+        ptyProcess.on('error', (err) => {
+          console.error('[CliWrapper] Spawn error:', err);
+          reject(err);
+        });
+      } else if (typeof ptyProcess.onError === 'function') {
+        ptyProcess.onError((err) => {
+          console.error('[CliWrapper] Spawn error:', err);
+          reject(err);
+        });
+      }
+
+      // Handle output
+      ptyProcess.onData((data) => {
+        stdout += data;
+
+        // Parse output and emit status events
+        if (onStatus) {
+          try {
+            const events = parser.parse(data);
+            events.forEach(event => {
+              onStatus(event);
+            });
+          } catch (parseError) {
+            console.error('[CliWrapper] Parser error:', parseError);
+          }
+        }
+      });
+
+      // Handle exit
+      ptyProcess.onExit(({ exitCode }) => {
+        clearTimeout(timer);
+        this.activeJobs.delete(jobId);
+
+        const duration = Date.now() - startTime;
+
+        // Clean ANSI escape codes
+        const cleanStdout = stdout
+          .replace(/\x1B\[[0-9;]*[a-zA-Z]/g, '')  // ANSI codes
+          .replace(/\x1B\[\?[0-9;]*[a-zA-Z]/g, '') // Private modes
+          .trim();
+
+        console.log(`[CliWrapper] Job ${jobId} exit: ${exitCode} (${duration}ms)`);
+
+        if (exitCode !== 0) {
+          // Extract stderr (if any)
+          stderr = cleanStdout; // In PTY mode, stderr is mixed with stdout
+        }
+
+        resolve({
+          exitCode,
+          stdout: cleanStdout,
+          stderr,
+          duration
+        });
+      });
+    });
+  }
+
+  /**
+   * Kill running job
+   * @param {string} jobId - Job ID
+   */
+  kill(jobId) {
+    const ptyProcess = this.activeJobs.get(jobId);
+    if (ptyProcess) {
+      ptyProcess.kill('SIGTERM');
+      this.activeJobs.delete(jobId);
+      console.log(`[CliWrapper] Killed job ${jobId}`);
+      return true;
+    }
+    return false;
+  }
+
+  /**
+   * Get active job count
+   */
+  getActiveJobCount() {
+    return this.activeJobs.size;
+  }
+}
+
+module.exports = CliWrapper;

package/lib/server/lib/output-parser.js

@@ -0,0 +1,132 @@
+/**
+ * OutputParser - Parse CLI stdout/stderr into structured events
+ * Adapted from NexusChat output-parser.js
+ */
+class OutputParser {
+  constructor() {
+    this.state = 'idle';
+    this.buffer = '';
+    this.lineBuffer = '';
+  }
+
+  /**
+   * Regex patterns for detecting CLI output markers
+   */
+  static PATTERNS = {
+    // Tool execution patterns (generic)
+    toolExecution: /(?:Running|Executing)\s+(\w+)(?:\s+(?:command|tool))?:\s*(.+)/i,
+
+    // Common CLI patterns
+    errorPattern: /(?:Error|ERROR|Failed|FAILED|Exception):\s*(.+)/i,
+    warningPattern: /(?:Warning|WARNING|warn):\s*(.+)/i,
+
+    // ANSI escape codes
+    ansiCodes: /\x1B\[[0-9;]*[a-zA-Z]/g,
+    ansiPrivate: /\x1B\[\?[0-9;]*[a-zA-Z]/g,
+  };
+
+  /**
+   * Parse chunk of stdout and return array of events
+   * @param {string} chunk - Raw stdout chunk from PTY
+   * @returns {Array} Array of event objects
+   */
+  parse(chunk) {
+    const events = [];
+
+    // Add to buffer
+    this.buffer += chunk;
+    this.lineBuffer += chunk;
+
+    // Process line by line
+    const lines = this.lineBuffer.split('\n');
+    this.lineBuffer = lines.pop(); // Keep incomplete line
+
+    for (const line of lines) {
+      const lineEvents = this.parseLine(line);
+      events.push(...lineEvents);
+    }
+
+    // Also emit raw output chunks
+    const cleanChunk = this.cleanAnsi(chunk);
+    if (cleanChunk && cleanChunk.trim()) {
+      events.push({
+        type: 'output_chunk',
+        stream: 'stdout',
+        text: cleanChunk,
+        isIncremental: true,
+      });
+    }
+
+    return events;
+  }
+
+  /**
+   * Parse single line
+   * @param {string} line - Single line of output
+   * @returns {Array} Events from this line
+   */
+  parseLine(line) {
+    const events = [];
+    const cleanLine = this.cleanAnsi(line);
+
+    // Check for tool execution
+    const toolMatch = cleanLine.match(OutputParser.PATTERNS.toolExecution);
+    if (toolMatch) {
+      const [, tool, command] = toolMatch;
+      events.push({
+        type: 'status',
+        category: 'tool',
+        tool,
+        message: `${tool}: ${command.substring(0, 60)}${command.length > 60 ? '...' : ''}`,
+        icon: '🔧',
+        timestamp: new Date().toISOString(),
+      });
+    }
+
+    // Check for errors
+    if (OutputParser.PATTERNS.errorPattern.test(cleanLine)) {
+      const [, errorMsg] = cleanLine.match(OutputParser.PATTERNS.errorPattern);
+      events.push({
+        type: 'status',
+        category: 'warning',
+        message: `Error: ${errorMsg}`,
+        icon: '⚠️',
+        timestamp: new Date().toISOString(),
+      });
+    }
+
+    // Check for warnings
+    if (OutputParser.PATTERNS.warningPattern.test(cleanLine)) {
+      const [, warnMsg] = cleanLine.match(OutputParser.PATTERNS.warningPattern);
+      events.push({
+        type: 'status',
+        category: 'warning',
+        message: `Warning: ${warnMsg}`,
+        icon: '⚠️',
+        timestamp: new Date().toISOString(),
+      });
+    }
+
+    return events;
+  }
+
+  /**
+   * Clean ANSI escape codes from text
+   */
+  cleanAnsi(text) {
+    return text
+      .replace(OutputParser.PATTERNS.ansiCodes, '')
+      .replace(OutputParser.PATTERNS.ansiPrivate, '');
+  }
+
+  /**
+   * Reset parser state
+   */
+  reset() {
+    this.state = 'idle';
+    this.buffer = '';
+    this.lineBuffer = '';
+  }
+}
+
+module.exports = OutputParser;

package/lib/server/lib/pty-adapter.js

@@ -0,0 +1,57 @@
+/**
+ * PTY Adapter for NexusCLI (Termux)
+ * Provides node-pty-like interface using child_process.spawn
+ * Termux-only: no native node-pty compilation needed
+ */
+
+const { spawn: cpSpawn } = require('child_process');
+
+/**
+ * Spawn a process with node-pty-like interface
+ * @param {string} command - Command to spawn
+ * @param {string[]} args - Arguments
+ * @param {Object} options - Spawn options (cwd, env)
+ * @returns {Object} PTY-like interface with onData, onExit, kill
+ */
+function spawn(command, args, options = {}) {
+  const proc = cpSpawn(command, args, {
+    cwd: options.cwd,
+    env: options.env,
+    shell: false,
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+
+  const dataHandlers = [];
+  const exitHandlers = [];
+  const errorHandlers = [];
+
+  proc.stdout.on('data', (buf) => {
+    const data = buf.toString();
+    dataHandlers.forEach((fn) => fn(data));
+  });
+
+  proc.stderr.on('data', (buf) => {
+    const data = buf.toString();
+    dataHandlers.forEach((fn) => fn(data));
+  });
+
+  proc.on('close', (code) => {
+    exitHandlers.forEach((fn) => fn({ exitCode: code ?? 0 }));
+  });
+
+  proc.on('error', (err) => {
+    console.error('[PTY-Adapter] Error:', err.message);
+    errorHandlers.forEach((fn) => fn(err));
+  });
+
+  return {
+    onData: (fn) => dataHandlers.push(fn),
+    onExit: (fn) => exitHandlers.push(fn),
+    onError: (fn) => errorHandlers.push(fn),
+    write: (data) => proc.stdin?.writable && proc.stdin.write(data),
+    kill: (signal = 'SIGTERM') => proc.kill(signal),
+    pid: proc.pid,
+  };
+}
+
+module.exports = { spawn };

package/lib/server/middleware/auth.js

@@ -0,0 +1,103 @@
+const jwt = require('jsonwebtoken');
+const User = require('../models/User');
+const { getConfig } = require('../../config/manager');
+
+const JWT_SECRET = process.env.JWT_SECRET || 'nexuscli-secret-change-in-production';
+
+/**
+ * Get config user (admin from init) by id
+ */
+function findConfigUserById(id) {
+  if (id !== 'config-admin') return null;
+
+  const config = getConfig();
+  if (config.auth && config.auth.user) {
+    return {
+      id: 'config-admin',
+      username: config.auth.user,
+      role: 'admin',
+      is_locked: false,
+      created_at: Date.now()
+    };
+  }
+  return null;
+}
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || '7d';
+
+function generateToken(user) {
+  return jwt.sign(
+    {
+      id: user.id,
+      username: user.username,
+      role: user.role
+    },
+    JWT_SECRET,
+    { expiresIn: JWT_EXPIRES_IN }
+  );
+}
+
+function verifyToken(token) {
+  try {
+    return jwt.verify(token, JWT_SECRET);
+  } catch (err) {
+    return null;
+  }
+}
+
+function authMiddleware(req, res, next) {
+  const authHeader = req.headers.authorization;
+
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    return res.status(401).json({ error: 'No token provided' });
+  }
+
+  const token = authHeader.substring(7);
+  const decoded = verifyToken(token);
+
+  if (!decoded) {
+    return res.status(401).json({ error: 'Invalid or expired token' });
+  }
+
+  // Verify user still exists - check config user first, then database
+  let user = findConfigUserById(decoded.id);
+  let isConfigUser = !!user;
+
+  if (!user) {
+    user = User.findById(decoded.id);
+  }
+
+  if (!user) {
+    return res.status(401).json({ error: 'User not found' });
+  }
+
+  // Check if account is locked (only for DB users)
+  if (!isConfigUser && User.isAccountLocked(user)) {
+    return res.status(403).json({
+      error: 'Account locked',
+      locked_until: user.locked_until
+    });
+  }
+
+  req.user = {
+    id: user.id,
+    username: user.username,
+    role: user.role
+  };
+
+  next();
+}
+
+function adminOnly(req, res, next) {
+  if (req.user.role !== 'admin') {
+    return res.status(403).json({ error: 'Admin access required' });
+  }
+  next();
+}
+
+module.exports = {
+  generateToken,
+  verifyToken,
+  authMiddleware,
+  adminOnly,
+  JWT_SECRET
+};