@mmmbuto/nexuscli 0.9.3 → 0.9.5

package/frontend/dist/index.html

@@ -59,8 +59,8 @@
 
     <!-- Prevent Scaling on iOS -->
     <meta name="format-detection" content="telephone=no" />
-    <script type="module" crossorigin src="/assets/index-x6Jl2qtq.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-Ci39i_2l.css">
+    <script type="module" crossorigin src="/assets/index-CvOYN8ds.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-BAfxoAUN.css">
   </head>
   <body>
     <div id="root"></div>

package/frontend/dist/sw.js

@@ -1,5 +1,5 @@
 // NexusCLI Service Worker
-const CACHE_VERSION = 'nexuscli-v1766174198487';
+const CACHE_VERSION = 'nexuscli-v1766701518522';
 const STATIC_CACHE = `${CACHE_VERSION}-static`;
 const DYNAMIC_CACHE = `${CACHE_VERSION}-dynamic`;
 

package/lib/config/models.js

@@ -80,11 +80,21 @@ function getCliTools() {
       enabled: true,
       endpoint: '/api/v1/codex',
       models: [
+        {
+          id: 'gpt-5.2-codex',
+          name: 'gpt-5.2-codex',
+          label: 'GPT-5.2 Codex',
+          description: '🤖 Latest frontier agentic coding model',
+          category: 'codex',
+          reasoningEfforts: ['low', 'medium', 'high', 'xhigh'],
+          defaultReasoning: 'xhigh',
+          default: true
+        },
         {
           id: 'gpt-5.2',
           name: 'gpt-5.2',
           label: 'GPT-5.2',
-          description: '🧠 Next Gen Reasoning',
+          description: '🧠 Latest frontier model',
           category: 'codex',
           reasoningEfforts: ['low', 'medium', 'high', 'xhigh'],
           defaultReasoning: 'xhigh'
@@ -93,11 +103,10 @@ function getCliTools() {
           id: 'gpt-5.1-codex-max',
           name: 'gpt-5.1-codex-max',
           label: 'GPT-5.1 Codex Max',
-          description: '💎 Extra High reasoning (best)',
+          description: '💎 Deep and fast reasoning',
           category: 'codex',
           reasoningEfforts: ['low', 'medium', 'high', 'xhigh'],
-          defaultReasoning: 'xhigh',
-          default: true
+          defaultReasoning: 'xhigh'
         },
         {
           id: 'gpt-5.1-codex',

package/lib/server/middleware/rate-limit.js

@@ -0,0 +1,63 @@
+/**
+ * Rate Limiting Middleware for Chat Endpoints
+ *
+ * Protects AI chat endpoints from abuse by limiting requests per user.
+ * Uses express-rate-limit with user-based keying via JWT.
+ */
+
+const rateLimit = require('express-rate-limit');
+
+/**
+ * Chat endpoints rate limiter
+ * - 10 requests per minute per user
+ * - Applies to: /api/v1/chat, /api/v1/codex, /api/v1/gemini
+ */
+const chatRateLimiter = rateLimit({
+  windowMs: 60 * 1000, // 1 minute window
+  max: 10, // 10 requests per window
+  standardHeaders: true, // Return rate limit info in headers
+  legacyHeaders: false,
+
+  // Key by user ID from JWT (set by authMiddleware)
+  keyGenerator: (req) => {
+    return req.user?.id || req.ip;
+  },
+
+  // Custom error response
+  handler: (req, res) => {
+    res.status(429).json({
+      error: 'Too many requests',
+      message: 'Rate limit exceeded. Please wait before sending more messages.',
+      retryAfter: Math.ceil(req.rateLimit.resetTime / 1000)
+    });
+  },
+
+  // Skip rate limiting for interrupt endpoints
+  skip: (req) => {
+    return req.path.endsWith('/interrupt');
+  }
+});
+
+/**
+ * General API rate limiter (for non-chat endpoints)
+ * - 60 requests per minute per IP
+ */
+const apiRateLimiter = rateLimit({
+  windowMs: 60 * 1000,
+  max: 60,
+  standardHeaders: true,
+  legacyHeaders: false,
+  keyGenerator: (req) => req.user?.id || req.ip,
+  handler: (req, res) => {
+    res.status(429).json({
+      error: 'Too many requests',
+      message: 'API rate limit exceeded.',
+      retryAfter: Math.ceil(req.rateLimit.resetTime / 1000)
+    });
+  }
+});
+
+module.exports = {
+  chatRateLimiter,
+  apiRateLimiter
+};

package/lib/server/server.js

@@ -12,6 +12,7 @@ const pkg = require('../../package.json');
 
 // Import middleware
 const { authMiddleware } = require('./middleware/auth');
+const { chatRateLimiter } = require('./middleware/rate-limit');
 
 // Import routes
 const authRouter = require('./routes/auth');
@@ -74,9 +75,9 @@ app.use('/api/v1/sessions', authMiddleware, sessionsRouter);
 app.use('/api/v1/conversations', authMiddleware, conversationsRouter);
 app.use('/api/v1/conversations', authMiddleware, messagesRouter);
 app.use('/api/v1/jobs', authMiddleware, jobsRouter);
-app.use('/api/v1/chat', authMiddleware, chatRouter);
-app.use('/api/v1/codex', authMiddleware, codexRouter);
-app.use('/api/v1/gemini', authMiddleware, geminiRouter);
+app.use('/api/v1/chat', authMiddleware, chatRateLimiter, chatRouter);
+app.use('/api/v1/codex', authMiddleware, chatRateLimiter, codexRouter);
+app.use('/api/v1/gemini', authMiddleware, chatRateLimiter, geminiRouter);
 app.use('/api/v1/upload', authMiddleware, uploadRouter); // File upload
 
 // STT routes

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mmmbuto/nexuscli",
-  "version": "0.9.3",
+  "version": "0.9.5",
   "description": "NexusCLI - TRI CLI Control Plane (Claude/Codex/Gemini)",
   "main": "lib/server/server.js",
   "bin": {

package/lib/server/lib/cli-wrapper.js

@@ -1,164 +0,0 @@
-const pty = require('./pty-adapter');
-const OutputParser = require('./output-parser');
-
-/**
- * CLI Wrapper - Generic CLI tool execution (adapted from NexusChat claude-wrapper)
- * Spawns PTY processes for any CLI tool (bash, git, docker, python, etc.)
- * Streams output via SSE
- */
-class CliWrapper {
-  constructor(options = {}) {
-    this.workspaceDir = options.workspaceDir || process.cwd();
-    this.activeJobs = new Map();
-  }
-
-  /**
-   * Execute command via PTY
-   * @param {Object} params - { jobId, tool, command, workingDir, timeout, onStatus }
-   * @returns {Promise<Object>} - { exitCode, stdout, stderr, duration }
-   */
-  async execute({ jobId, tool = 'bash', command, workingDir, timeout = 30000, onStatus }) {
-    return new Promise((resolve, reject) => {
-      const parser = new OutputParser();
-      const startTime = Date.now();
-
-      // Determine shell command
-      let shellCmd = '/bin/bash';
-      let args = ['-c', command];
-
-      // Tool-specific handling
-      if (tool === 'bash') {
-        shellCmd = '/bin/bash';
-        args = ['-c', command];
-      } else if (tool === 'python') {
-        shellCmd = '/usr/bin/python3';
-        args = ['-c', command];
-      } else if (tool === 'node') {
-        shellCmd = '/usr/bin/node';
-        args = ['-e', command];
-      } else {
-        // Generic: assume tool is in PATH
-        shellCmd = tool;
-        args = command.split(' ');
-      }
-
-      console.log(`[CliWrapper] Executing: ${tool} - ${command.substring(0, 50)}...`);
-      console.log(`[CliWrapper] Working dir: ${workingDir || this.workspaceDir}`);
-
-      // Spawn PTY process
-      let ptyProcess;
-      try {
-        ptyProcess = pty.spawn(shellCmd, args, {
-        name: 'xterm-color',
-        cols: 80,
-        rows: 30,
-        cwd: workingDir || this.workspaceDir,
-        env: process.env,
-      });
-      } catch (err) {
-        return reject(err);
-      }
-
-      this.activeJobs.set(jobId, ptyProcess);
-
-      let stdout = '';
-      let stderr = '';
-
-      // Handle timeout
-      const timer = setTimeout(() => {
-        console.log(`[CliWrapper] Job ${jobId} timeout`);
-        ptyProcess.kill('SIGTERM');
-
-        if (onStatus) {
-          onStatus({
-            type: 'error',
-            error: 'Command timeout exceeded',
-            timeout
-          });
-        }
-      }, timeout);
-
-      // Handle process errors
-      if (typeof ptyProcess.on === 'function') {
-        ptyProcess.on('error', (err) => {
-          console.error('[CliWrapper] Spawn error:', err);
-          reject(err);
-        });
-      } else if (typeof ptyProcess.onError === 'function') {
-        ptyProcess.onError((err) => {
-          console.error('[CliWrapper] Spawn error:', err);
-          reject(err);
-        });
-      }
-
-      // Handle output
-      ptyProcess.onData((data) => {
-        stdout += data;
-
-        // Parse output and emit status events
-        if (onStatus) {
-          try {
-            const events = parser.parse(data);
-            events.forEach(event => {
-              onStatus(event);
-            });
-          } catch (parseError) {
-            console.error('[CliWrapper] Parser error:', parseError);
-          }
-        }
-      });
-
-      // Handle exit
-      ptyProcess.onExit(({ exitCode }) => {
-        clearTimeout(timer);
-        this.activeJobs.delete(jobId);
-
-        const duration = Date.now() - startTime;
-
-        // Clean ANSI escape codes
-        const cleanStdout = stdout
-          .replace(/\x1B\[[0-9;]*[a-zA-Z]/g, '')  // ANSI codes
-          .replace(/\x1B\[\?[0-9;]*[a-zA-Z]/g, '') // Private modes
-          .trim();
-
-        console.log(`[CliWrapper] Job ${jobId} exit: ${exitCode} (${duration}ms)`);
-
-        if (exitCode !== 0) {
-          // Extract stderr (if any)
-          stderr = cleanStdout; // In PTY mode, stderr is mixed with stdout
-        }
-
-        resolve({
-          exitCode,
-          stdout: cleanStdout,
-          stderr,
-          duration
-        });
-      });
-    });
-  }
-
-  /**
-   * Kill running job
-   * @param {string} jobId - Job ID
-   */
-  kill(jobId) {
-    const ptyProcess = this.activeJobs.get(jobId);
-    if (ptyProcess) {
-      ptyProcess.kill('SIGTERM');
-      this.activeJobs.delete(jobId);
-      console.log(`[CliWrapper] Killed job ${jobId}`);
-      return true;
-    }
-    return false;
-  }
-
-  /**
-   * Get active job count
-   */
-  getActiveJobCount() {
-    return this.activeJobs.size;
-  }
-}
-
-module.exports = CliWrapper;

package/lib/server/lib/output-parser.js

@@ -1,132 +0,0 @@
-/**
- * OutputParser - Parse CLI stdout/stderr into structured events
- * Adapted from NexusChat output-parser.js
- */
-class OutputParser {
-  constructor() {
-    this.state = 'idle';
-    this.buffer = '';
-    this.lineBuffer = '';
-  }
-
-  /**
-   * Regex patterns for detecting CLI output markers
-   */
-  static PATTERNS = {
-    // Tool execution patterns (generic)
-    toolExecution: /(?:Running|Executing)\s+(\w+)(?:\s+(?:command|tool))?:\s*(.+)/i,
-
-    // Common CLI patterns
-    errorPattern: /(?:Error|ERROR|Failed|FAILED|Exception):\s*(.+)/i,
-    warningPattern: /(?:Warning|WARNING|warn):\s*(.+)/i,
-
-    // ANSI escape codes
-    ansiCodes: /\x1B\[[0-9;]*[a-zA-Z]/g,
-    ansiPrivate: /\x1B\[\?[0-9;]*[a-zA-Z]/g,
-  };
-
-  /**
-   * Parse chunk of stdout and return array of events
-   * @param {string} chunk - Raw stdout chunk from PTY
-   * @returns {Array} Array of event objects
-   */
-  parse(chunk) {
-    const events = [];
-
-    // Add to buffer
-    this.buffer += chunk;
-    this.lineBuffer += chunk;
-
-    // Process line by line
-    const lines = this.lineBuffer.split('\n');
-    this.lineBuffer = lines.pop(); // Keep incomplete line
-
-    for (const line of lines) {
-      const lineEvents = this.parseLine(line);
-      events.push(...lineEvents);
-    }
-
-    // Also emit raw output chunks
-    const cleanChunk = this.cleanAnsi(chunk);
-    if (cleanChunk && cleanChunk.trim()) {
-      events.push({
-        type: 'output_chunk',
-        stream: 'stdout',
-        text: cleanChunk,
-        isIncremental: true,
-      });
-    }
-
-    return events;
-  }
-
-  /**
-   * Parse single line
-   * @param {string} line - Single line of output
-   * @returns {Array} Events from this line
-   */
-  parseLine(line) {
-    const events = [];
-    const cleanLine = this.cleanAnsi(line);
-
-    // Check for tool execution
-    const toolMatch = cleanLine.match(OutputParser.PATTERNS.toolExecution);
-    if (toolMatch) {
-      const [, tool, command] = toolMatch;
-      events.push({
-        type: 'status',
-        category: 'tool',
-        tool,
-        message: `${tool}: ${command.substring(0, 60)}${command.length > 60 ? '...' : ''}`,
-        icon: '🔧',
-        timestamp: new Date().toISOString(),
-      });
-    }
-
-    // Check for errors
-    if (OutputParser.PATTERNS.errorPattern.test(cleanLine)) {
-      const [, errorMsg] = cleanLine.match(OutputParser.PATTERNS.errorPattern);
-      events.push({
-        type: 'status',
-        category: 'warning',
-        message: `Error: ${errorMsg}`,
-        icon: '⚠️',
-        timestamp: new Date().toISOString(),
-      });
-    }
-
-    // Check for warnings
-    if (OutputParser.PATTERNS.warningPattern.test(cleanLine)) {
-      const [, warnMsg] = cleanLine.match(OutputParser.PATTERNS.warningPattern);
-      events.push({
-        type: 'status',
-        category: 'warning',
-        message: `Warning: ${warnMsg}`,
-        icon: '⚠️',
-        timestamp: new Date().toISOString(),
-      });
-    }
-
-    return events;
-  }
-
-  /**
-   * Clean ANSI escape codes from text
-   */
-  cleanAnsi(text) {
-    return text
-      .replace(OutputParser.PATTERNS.ansiCodes, '')
-      .replace(OutputParser.PATTERNS.ansiPrivate, '');
-  }
-
-  /**
-   * Reset parser state
-   */
-  reset() {
-    this.state = 'idle';
-    this.buffer = '';
-    this.lineBuffer = '';
-  }
-}
-
-module.exports = OutputParser;

package/lib/server/lib/pty-adapter.js

@@ -1,81 +0,0 @@
-/**
- * PTY Adapter for NexusCLI (Termux)
- * Provides node-pty-like interface using child_process.spawn
- * Termux-only: no native node-pty compilation needed
- *
- * @version 0.5.0 - Added stdin support for interrupt (ESC key)
- */
-
-const { spawn: cpSpawn } = require('child_process');
-
-/**
- * Spawn a process with node-pty-like interface
- * @param {string} command - Command to spawn
- * @param {string[]} args - Arguments
- * @param {Object} options - Spawn options (cwd, env)
- * @returns {Object} PTY-like interface with onData, onExit, kill
- */
-function spawn(command, args, options = {}) {
-  const proc = cpSpawn(command, args, {
-    cwd: options.cwd,
-    env: options.env,
-    shell: false,
-    stdio: ['pipe', 'pipe', 'pipe'],  // stdin enabled for interrupt support
-  });
-
-  const dataHandlers = [];
-  const exitHandlers = [];
-  const errorHandlers = [];
-
-  proc.stdout.on('data', (buf) => {
-    const data = buf.toString();
-    console.log('[PTY-Adapter] stdout:', data.substring(0, 200));
-    dataHandlers.forEach((fn) => fn(data));
-  });
-
-  proc.stderr.on('data', (buf) => {
-    const data = buf.toString();
-    console.log('[PTY-Adapter] stderr:', data.substring(0, 200));
-    dataHandlers.forEach((fn) => fn(data));
-  });
-
-  proc.on('close', (code) => {
-    exitHandlers.forEach((fn) => fn({ exitCode: code ?? 0 }));
-  });
-
-  proc.on('error', (err) => {
-    console.error('[PTY-Adapter] Error:', err.message);
-    errorHandlers.forEach((fn) => fn(err));
-  });
-
-  return {
-    onData: (fn) => dataHandlers.push(fn),
-    onExit: (fn) => exitHandlers.push(fn),
-    onError: (fn) => errorHandlers.push(fn),
-    write: (data) => proc.stdin?.writable && proc.stdin.write(data),
-    /**
-     * Send ESC key (0x1B) to interrupt CLI
-     * Used to gracefully stop Claude/Gemini CLI execution
-     * @returns {boolean} true if ESC was sent successfully
-     */
-    sendEsc: () => {
-      if (proc.stdin?.writable) {
-        proc.stdin.write('\x1B');
-        return true;
-      }
-      return false;
-    },
-    kill: (signal = 'SIGTERM') => proc.kill(signal),
-    pid: proc.pid,
-  };
-}
-
-/**
- * Check if native PTY is available
- * Always returns false on Termux (we use spawn adapter)
- */
-function isPtyAvailable() {
-  return false;
-}
-
-module.exports = { spawn, isPtyAvailable };