@mmmbuto/nexuscli 0.5.0

package/lib/server/routes/auth.js

@@ -0,0 +1,168 @@
+const express = require('express');
+const rateLimit = require('express-rate-limit');
+const bcrypt = require('bcryptjs');
+const User = require('../models/User');
+const { generateToken, authMiddleware } = require('../middleware/auth');
+const { getConfig } = require('../../config/manager');
+
+const router = express.Router();
+
+/**
+ * Check config user (admin from init)
+ * Returns user object compatible with DB user structure
+ */
+function findConfigUser(username) {
+  const config = getConfig();
+  if (config.auth && config.auth.user === username) {
+    return {
+      id: 'config-admin',
+      username: config.auth.user,
+      password_hash: config.auth.pass_hash,
+      role: 'admin',
+      is_locked: false,
+      failed_attempts: 0,
+      created_at: Date.now()
+    };
+  }
+  return null;
+}
+
+/**
+ * Verify password for config user
+ */
+function verifyConfigPassword(passHash, password) {
+  return bcrypt.compareSync(password, passHash);
+}
+
+// Rate limiter: max 5 login attempts per 15 minutes per IP
+const loginLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 10,
+  message: {
+    error: 'Too many login attempts, please try again later',
+    retry_after: 15 * 60
+  },
+  standardHeaders: true,
+  legacyHeaders: false
+});
+
+// POST /api/v1/auth/login
+router.post('/login', loginLimiter, async (req, res) => {
+  try {
+    const { username, password } = req.body;
+    const ipAddress = req.ip || req.connection.remoteAddress;
+
+    if (!username || !password) {
+      return res.status(400).json({ error: 'Username and password required' });
+    }
+
+    // Check IP rate limiting (additional layer)
+    const recentAttempts = User.getRecentLoginAttempts(ipAddress);
+    if (recentAttempts > 20) {
+      return res.status(429).json({
+        error: 'Too many failed attempts from this IP',
+        retry_after: 15 * 60
+      });
+    }
+
+    // First check config user (admin from init)
+    let user = findConfigUser(username);
+    let isConfigUser = !!user;
+
+    // If not config user, check database
+    if (!user) {
+      user = User.findByUsername(username);
+    }
+
+    if (!user) {
+      // Log failed attempt even for non-existent user
+      User.logLoginAttempt(ipAddress, username, false);
+      return res.status(401).json({ error: 'Invalid credentials' });
+    }
+
+    // Check if account is locked (only for DB users)
+    if (!isConfigUser && User.isAccountLocked(user)) {
+      User.logLoginAttempt(ipAddress, username, false);
+      const remainingMs = user.locked_until - Date.now();
+      return res.status(403).json({
+        error: 'Account locked due to failed login attempts',
+        locked_until: user.locked_until,
+        retry_after: Math.ceil(remainingMs / 1000)
+      });
+    }
+
+    // Verify password
+    let isValid;
+    if (isConfigUser) {
+      isValid = verifyConfigPassword(user.password_hash, password);
+    } else {
+      isValid = User.verifyPassword(user, password);
+    }
+
+    if (!isValid) {
+      User.logLoginAttempt(ipAddress, username, false);
+      if (!isConfigUser) {
+        User.incrementFailedAttempts(user.id);
+      }
+      return res.status(401).json({ error: 'Invalid credentials' });
+    }
+
+    // Success
+    User.logLoginAttempt(ipAddress, username, true);
+    if (!isConfigUser) {
+      User.resetFailedAttempts(user.id);
+      User.updateLastLogin(user.id);
+    }
+
+    const token = generateToken(user);
+
+    res.json({
+      token,
+      user: {
+        id: user.id,
+        username: user.username,
+        role: user.role
+      }
+    });
+  } catch (error) {
+    console.error('Login error:', error);
+    res.status(500).json({ error: 'Internal server error' });
+  }
+});
+
+// GET /api/v1/auth/me
+router.get('/me', authMiddleware, (req, res) => {
+  // Config user is already validated by authMiddleware
+  // Just return the user info from req.user
+  if (req.user.id === 'config-admin') {
+    const config = getConfig();
+    return res.json({
+      id: req.user.id,
+      username: req.user.username,
+      role: req.user.role,
+      created_at: Date.now(),
+      last_login: null
+    });
+  }
+
+  const user = User.findById(req.user.id);
+  if (!user) {
+    return res.status(404).json({ error: 'User not found' });
+  }
+
+  res.json({
+    id: user.id,
+    username: user.username,
+    role: user.role,
+    created_at: user.created_at,
+    last_login: user.last_login
+  });
+});
+
+// POST /api/v1/auth/logout
+router.post('/logout', authMiddleware, (req, res) => {
+  // With JWT, logout is handled client-side by removing token
+  res.json({ message: 'Logged out successfully' });
+});
+
+module.exports = router;

package/lib/server/routes/chat.js

@@ -0,0 +1,206 @@
+const express = require('express');
+const ClaudeWrapper = require('../services/claude-wrapper');
+const Message = require('../models/Message');
+const Conversation = require('../models/Conversation');
+const { prepare } = require('../db');
+const { v4: uuidv4 } = require('uuid');
+const HistorySync = require('../services/history-sync');
+const sessionManager = require('../services/session-manager');
+const SummaryGenerator = require('../services/summary-generator');
+const contextBridge = require('../services/context-bridge');
+const { invalidateConversations } = require('../services/cache');
+
+const router = express.Router();
+const claudeWrapper = new ClaudeWrapper();
+const historySync = new HistorySync();
+const summaryGenerator = new SummaryGenerator();
+
+/**
+ * POST /api/v1/chat
+ * Send message to Claude Code CLI with SSE streaming
+ *
+ * Request body:
+ * {
+ *   "conversationId": "uuid" (optional for new chat)
+ *   "message": "user prompt",
+ *   "model": "sonnet" (optional),
+ *   "workspace": "/path" (optional for new chat)
+ * }
+ *
+ * Response: SSE stream
+ * - Status events (tool use, file ops, thinking)
+ * - Final message text and sessionId
+ */
+router.post('/', async (req, res) => {
+  try {
+    console.log('[Chat] === NEW CHAT REQUEST ===');
+    console.log('[Chat] Body:', JSON.stringify(req.body, null, 2));
+
+    const { conversationId, message, model = 'sonnet', workspace } = req.body;
+
+    console.log(`[Chat] conversationId: ${conversationId}`);
+    console.log(`[Chat] message: ${message?.substring(0, 100)}`);
+    console.log(`[Chat] model: ${model}`);
+    console.log(`[Chat] workspace: ${workspace}`);
+
+    if (!message) {
+      console.log('[Chat] ERROR: message required');
+      return res.status(400).json({ error: 'message required' });
+    }
+
+    // Resolve workspace path
+    const workspacePath = workspace || process.cwd();
+
+    // Use SessionManager for session sync pattern
+    // conversationId → sessionId (per engine)
+    const frontendConversationId = conversationId || uuidv4();
+    const { sessionId, isNew: isNewSession } = await sessionManager.getOrCreateSession(
+      frontendConversationId,
+      'claude',
+      workspacePath
+    );
+
+    console.log(`[Chat] Session resolved: ${sessionId} (new: ${isNewSession})`);
+    const isNewChat = isNewSession;
+
+    // Set up SSE
+    res.setHeader('Content-Type', 'text/event-stream');
+    res.setHeader('Cache-Control', 'no-cache');
+    res.setHeader('Connection', 'keep-alive');
+
+    // Send initial event
+    res.write(`data: ${JSON.stringify({ type: 'message_start', messageId: `user-${Date.now()}`, sessionId })}\n\n`);
+
+    // Use optimized ContextBridge for token-aware context building
+    const lastEngine = Message.getLastEngine(sessionId);
+    const contextResult = await contextBridge.buildContext({
+      sessionId,
+      fromEngine: lastEngine,
+      toEngine: 'claude',
+      userMessage: message
+    });
+
+    const promptWithContext = contextResult.prompt;
+    const isEngineBridge = contextResult.isEngineBridge;
+
+    console.log(`[Chat] Context: ${contextResult.contextTokens} tokens from ${contextResult.contextSource}, total: ${contextResult.totalTokens}`);
+
+    // Notify frontend about engine switch
+    if (isEngineBridge) {
+      res.write(`data: ${JSON.stringify({
+        type: 'status',
+        category: 'engine_switch',
+        message: `Continuing conversation from ${lastEngine}`
+      })}\n\n`);
+    }
+
+    try {
+      // Save user message to database with engine tracking
+      try {
+        const userMessage = Message.create(
+          sessionId,
+          'user',
+          message,
+          { workspace: workspacePath },
+          Date.now(),
+          'claude'  // Engine tracking for context bridging
+        );
+        console.log(`[Chat] Saved user message: ${userMessage.id} (engine: claude)`);
+
+      } catch (msgErr) {
+        console.warn('[Chat] Failed to save user message:', msgErr.message);
+      }
+
+      // Call Claude Code wrapper with workspace path for --cwd
+      const result = await claudeWrapper.sendMessage({
+        prompt: promptWithContext,
+        conversationId: sessionId,
+        model,
+        workspacePath,  // Pass workspace for Claude CLI --cwd
+        onStatus: (event) => {
+          // Stream status events to client
+          res.write(`data: ${JSON.stringify(event)}\n\n`);
+        }
+      });
+
+      // Save assistant response to database with engine tracking
+      try {
+        const assistantMessage = Message.create(
+          sessionId,
+          'assistant',
+          result.text,
+          { usage: result.usage, model },
+          Date.now(),
+          'claude'  // Engine tracking for context bridging
+        );
+        console.log(`[Chat] Saved assistant message: ${assistantMessage.id} (engine: claude)`);
+      } catch (msgErr) {
+        console.warn('[Chat] Failed to save assistant message:', msgErr.message);
+      }
+
+      // Sync from history after new session to persist in DB
+      if (isNewChat) {
+        try {
+          await historySync.sync(true);
+          invalidateConversations(); // Clear cache for fresh sidebar
+          res.write(`data: ${JSON.stringify({
+            type: 'session_created',
+            sessionId
+          })}\n\n`);
+        } catch (syncErr) {
+          console.warn('[Chat] History sync failed after new chat:', syncErr.message);
+        }
+
+        // Generate AI title in background (fire-and-forget)
+        // Don't await - user shouldn't wait for title generation
+        summaryGenerator.generateTitle(message, result.text)
+          .then(title => {
+            sessionManager.updateSessionTitle(sessionId, title);
+            console.log(`[Chat] AI-generated title: ${title}`);
+          })
+          .catch(err => {
+            console.warn('[Chat] Title generation failed, using fallback:', err.message);
+            // Fallback: use truncated first message
+            const fallbackTitle = sessionManager.extractTitle(message);
+            sessionManager.updateSessionTitle(sessionId, fallbackTitle);
+          });
+      }
+
+      // Smart auto-summary: trigger based on message count and engine bridging
+      if (contextBridge.shouldTriggerSummary(sessionId, isEngineBridge)) {
+        contextBridge.triggerSummaryGeneration(sessionId, '[Chat]');
+      }
+
+      // Send completion event
+      res.write(`data: ${JSON.stringify({
+        type: 'message_done',
+        messageId: `assistant-${Date.now()}`,
+        content: result.text,
+        usage: result.usage,
+        sessionId
+      })}\n\n`);
+
+      res.end();
+
+    } catch (error) {
+      console.error('[Chat] Error:', error);
+
+      // Send error event
+      res.write(`data: ${JSON.stringify({
+        type: 'error',
+        error: error.message
+      })}\n\n`);
+
+      res.end();
+    }
+
+  } catch (error) {
+    console.error('[Chat] Request error:', error);
+
+    if (!res.headersSent) {
+      res.status(500).json({ error: error.message });
+    }
+  }
+});
+
+module.exports = router;

package/lib/server/routes/codex.js

@@ -0,0 +1,205 @@
+const express = require('express');
+const CodexWrapper = require('../services/codex-wrapper');
+const Message = require('../models/Message');
+const { prepare } = require('../db');
+const { v4: uuidv4 } = require('uuid');
+const sessionManager = require('../services/session-manager');
+const contextBridge = require('../services/context-bridge');
+
+const router = express.Router();
+const codexWrapper = new CodexWrapper();
+
+/**
+ * POST /api/v1/codex
+ * Send message to Codex CLI with SSE streaming
+ *
+ * Request body:
+ * {
+ *   "conversationId": "uuid" (optional for new chat)
+ *   "message": "user prompt",
+ *   "model": "gpt-5.1-codex-max" (optional),
+ *   "reasoningEffort": "medium" (optional: low, medium, high, xhigh)
+ *   "workspace": "/path" (optional for new chat)
+ * }
+ *
+ * Response: SSE stream
+ * - Status events (tool use, reasoning)
+ * - Final message text and threadId
+ */
+router.post('/', async (req, res) => {
+  try {
+    console.log('[Codex] === NEW CODEX REQUEST ===');
+    console.log('[Codex] Body:', JSON.stringify(req.body, null, 2));
+
+    const { conversationId, message, model = 'gpt-5.1-codex-max', reasoningEffort, workspace } = req.body;
+
+    console.log(`[Codex] conversationId: ${conversationId}`);
+    console.log(`[Codex] message: ${message?.substring(0, 100)}`);
+    console.log(`[Codex] model: ${model}`);
+    console.log(`[Codex] reasoningEffort: ${reasoningEffort}`);
+    console.log(`[Codex] workspace: ${workspace}`);
+
+    if (!message) {
+      console.log('[Codex] ERROR: message required');
+      return res.status(400).json({ error: 'message required' });
+    }
+
+    // Check if Codex CLI is available
+    const isAvailable = await codexWrapper.isAvailable();
+    if (!isAvailable) {
+      return res.status(503).json({ error: 'Codex CLI not available' });
+    }
+
+    const hasExec = await codexWrapper.hasExecSupport();
+    if (!hasExec) {
+      return res.status(503).json({ error: 'Codex CLI does not support exec subcommand. Please update to 0.62.1+' });
+    }
+
+    // Resolve workspace path
+    const workspacePath = workspace || process.cwd();
+
+    // Use SessionManager for session sync pattern
+    // conversationId → sessionId (per engine)
+    const frontendConversationId = conversationId || uuidv4();
+    const { sessionId, isNew: isNewSession } = await sessionManager.getOrCreateSession(
+      frontendConversationId,
+      'codex',
+      workspacePath
+    );
+
+    console.log(`[Codex] Session resolved: ${sessionId} (new: ${isNewSession})`);
+    const isNewChat = isNewSession;
+
+    // Set up SSE
+    res.setHeader('Content-Type', 'text/event-stream');
+    res.setHeader('Cache-Control', 'no-cache');
+    res.setHeader('Connection', 'keep-alive');
+
+    // Send initial event
+    res.write(`data: ${JSON.stringify({ type: 'message_start', messageId: `user-${Date.now()}`, sessionId })}\n\n`);
+
+    // Use optimized ContextBridge for token-aware context building
+    // Note: Codex uses codeOnly mode for better code-focused context
+    const lastEngine = Message.getLastEngine(sessionId);
+    const contextResult = await contextBridge.buildContext({
+      sessionId,
+      fromEngine: lastEngine,
+      toEngine: 'codex',
+      userMessage: message
+    });
+
+    const promptWithContext = contextResult.prompt;
+    const isEngineBridge = contextResult.isEngineBridge;
+
+    console.log(`[Codex] Context: ${contextResult.contextTokens} tokens from ${contextResult.contextSource}, total: ${contextResult.totalTokens}`);
+
+    // Notify frontend about engine switch
+    if (isEngineBridge) {
+      res.write(`data: ${JSON.stringify({
+        type: 'status',
+        category: 'engine_switch',
+        message: `Continuing conversation from ${lastEngine}`
+      })}\n\n`);
+    }
+
+    try {
+      // Save user message to database with engine tracking
+      try {
+        const userMessage = Message.create(
+          sessionId,
+          'user',
+          message,
+          { workspace: workspacePath },
+          Date.now(),
+          'codex'  // Engine tracking for context bridging
+        );
+        console.log(`[Codex] Saved user message: ${userMessage.id} (engine: codex)`);
+      } catch (msgErr) {
+        console.warn('[Codex] Failed to save user message:', msgErr.message);
+      }
+
+      // Call Codex wrapper with workspace path
+      const result = await codexWrapper.sendMessage({
+        prompt: promptWithContext,
+        model,
+        sessionId,
+        reasoningEffort,
+        workspacePath,
+        onStatus: (event) => {
+          // Stream status events to client
+          res.write(`data: ${JSON.stringify(event)}\n\n`);
+        }
+      });
+
+      // Save assistant response to database with engine tracking
+      try {
+        const assistantMessage = Message.create(
+          sessionId,
+          'assistant',
+          result.text,
+          { usage: result.usage, model },
+          Date.now(),
+          'codex'  // Engine tracking for context bridging
+        );
+        console.log(`[Codex] Saved assistant message: ${assistantMessage.id} (engine: codex)`);
+      } catch (msgErr) {
+        console.warn('[Codex] Failed to save assistant message:', msgErr.message);
+      }
+
+      // Smart auto-summary: trigger based on message count and engine bridging
+      if (contextBridge.shouldTriggerSummary(sessionId, isEngineBridge)) {
+        contextBridge.triggerSummaryGeneration(sessionId, '[Codex]');
+      }
+
+      // Send completion event
+      res.write(`data: ${JSON.stringify({
+        type: 'message_done',
+        messageId: `assistant-${Date.now()}`,
+        content: result.text,
+        usage: result.usage,
+        sessionId
+      })}\n\n`);
+
+      res.end();
+
+    } catch (error) {
+      console.error('[Codex] Error:', error);
+
+      // Send error event
+      res.write(`data: ${JSON.stringify({
+        type: 'error',
+        error: error.message
+      })}\n\n`);
+
+      res.end();
+    }
+
+  } catch (error) {
+    console.error('[Codex] Request error:', error);
+
+    if (!res.headersSent) {
+      res.status(500).json({ error: error.message });
+    }
+  }
+});
+
+/**
+ * GET /api/v1/codex/status
+ * Check Codex CLI availability
+ */
+router.get('/status', async (req, res) => {
+  try {
+    const isAvailable = await codexWrapper.isAvailable();
+    const hasExec = isAvailable ? await codexWrapper.hasExecSupport() : false;
+
+    res.json({
+      available: isAvailable,
+      execSupport: hasExec,
+      timestamp: new Date().toISOString()
+    });
+  } catch (error) {
+    res.status(500).json({ error: error.message });
+  }
+});
+
+module.exports = router;