@openchamber/web 1.9.2 → 1.9.3

package/dist/index.html

@@ -442,10 +442,10 @@
         pointer-events: none;
       }
     </style>
-    <script type="module" crossorigin src="/assets/index-BQqVuvn2.js"></script>
-    <link rel="modulepreload" crossorigin href="/assets/vendor-.bun-CjZZibdK.js">
+    <script type="module" crossorigin src="/assets/index-DEj7Q-1y.js"></script>
+    <link rel="modulepreload" crossorigin href="/assets/vendor-.bun-B34wtB0D.js">
     <link rel="stylesheet" crossorigin href="/assets/vendor--DbVqbJpV.css">
-    <link rel="stylesheet" crossorigin href="/assets/index-CH1IFYgs.css">
+    <link rel="stylesheet" crossorigin href="/assets/index-BZ8pfXBh.css">
   </head>
   <body class="h-full bg-background text-foreground">
     <div id="root" class="h-full">

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openchamber/web",
-  "version": "1.9.2",
+  "version": "1.9.3",
   "private": false,
   "type": "module",
   "main": "./server/index.js",

package/server/TERMINAL_WS_PROTOCOL.md

@@ -0,0 +1,48 @@
+# Terminal WebSocket Transport Protocol
+
+## Goal
+Use a single persistent WebSocket for terminal input and output, while keeping the legacy SSE output route and HTTP input route as compatibility fallbacks.
+
+## Scope
+- Primary full-duplex path: WebSocket (`/api/terminal/ws`)
+- Legacy output fallback: SSE (`/api/terminal/:sessionId/stream`)
+- HTTP input fallback remains: `POST /api/terminal/:sessionId/input`
+
+## Framing
+- Text frame:
+  - client -> server: terminal keystroke payload
+  - server -> client: raw PTY output chunk
+- Binary frame: control envelope
+  - Byte 0: tag (`0x01` = JSON control)
+  - Bytes 1..N: UTF-8 JSON payload
+
+## Control Messages
+- Bind active socket to terminal session:
+  - client -> server: `{"t":"b","s":"<sessionId>","v":2}`
+- Keepalive ping:
+  - client -> server: `{"t":"p","v":2}`
+  - server -> client: `{"t":"po","v":2}`
+- Server control responses:
+  - ready: `{"t":"ok","v":2}`
+  - bind ok: `{"t":"bok","s":"<sessionId>","runtime":"node|bun","ptyBackend":"...","v":2}`
+  - exit: `{"t":"x","s":"<sessionId>","exitCode":0,"signal":null}`
+  - error: `{"t":"e","c":"<code>","f":true|false}`
+
+## Multiplexing Model
+- Single shared socket per client runtime.
+- Socket has one mutable bound session.
+- Client sends a bind control when the active terminal changes.
+- Text frames always apply to the currently bound session.
+- PTY output is pushed back over the same socket as text frames.
+- Client keeps the socket primed so both stream subscription and input reuse the same transport.
+
+## Security
+- UI auth session required when UI password is enabled.
+- Origin validation enforced for cookie-authenticated browser upgrades.
+- Invalid or malformed frames are rate-limited and may close the socket.
+
+## Fallback Behavior
+- New clients prefer `capabilities.stream.ws` and reuse the same socket for input.
+- If stream WebSocket capability is unavailable, clients fall back to SSE output.
+- If terminal input cannot be sent over WebSocket, clients fall back to HTTP input.
+- The removed `/api/terminal/input-ws` path should fail with `404 Not Found`.

package/server/lib/fs/routes.js

@@ -283,6 +283,54 @@ export const registerFsRoutes = (app, dependencies) => {
     }
   });
 
+  app.get('/api/fs/stat', async (req, res) => {
+    const filePath = typeof req.query.path === 'string' ? req.query.path.trim() : '';
+    if (!filePath) {
+      return res.status(400).json({ error: 'Path is required' });
+    }
+
+    try {
+      const resolved = await resolveWorkspacePathFromContext({
+        req,
+        targetPath: filePath,
+        resolveProjectDirectory,
+        path,
+        os,
+        normalizeDirectoryPath,
+        openchamberUserConfigRoot,
+      });
+      if (!resolved.ok) {
+        return res.status(400).json({ error: resolved.error });
+      }
+
+      const [canonicalPath, canonicalBase] = await Promise.all([
+        fsPromises.realpath(resolved.resolved),
+        fsPromises.realpath(resolved.base).catch(() => path.resolve(resolved.base)),
+      ]);
+
+      if (!isPathWithinRoot(canonicalPath, canonicalBase, path, os)) {
+        return res.status(403).json({ error: 'Access to file denied' });
+      }
+
+      const stats = await fsPromises.stat(canonicalPath);
+      if (!stats.isFile()) {
+        return res.status(400).json({ error: 'Specified path is not a file' });
+      }
+
+      return res.json({ path: canonicalPath, isFile: true, size: stats.size });
+    } catch (error) {
+      const err = error;
+      if (err && typeof err === 'object' && err.code === 'ENOENT') {
+        return res.status(404).json({ error: 'File not found' });
+      }
+      if (err && typeof err === 'object' && err.code === 'EACCES') {
+        return res.status(403).json({ error: 'Access to file denied' });
+      }
+      console.error('Failed to stat file:', error);
+      return res.status(500).json({ error: (error && error.message) || 'Failed to stat file' });
+    }
+  });
+
   app.get('/api/fs/read', async (req, res) => {
     const filePath = typeof req.query.path === 'string' ? req.query.path.trim() : '';
     if (!filePath) {

package/server/lib/opencode/proxy.js

@@ -1,6 +1,11 @@
-import express from 'express';
 import { createProxyMiddleware } from 'http-proxy-middleware';
 
+import {
+  applyForwardProxyResponseHeaders,
+  collectForwardProxyHeaders,
+  shouldForwardProxyResponseHeader,
+} from '../../proxy-headers.js';
+
 export const registerOpenCodeProxy = (app, deps) => {
   const {
     fs,
@@ -25,6 +30,91 @@ export const registerOpenCodeProxy = (app, deps) => {
   }
   app.set('opencodeProxyConfigured', true);
 
+  const isAbortError = (error) => error?.name === 'AbortError';
+
+  const forwardSseRequest = async (req, res) => {
+    const abortController = new AbortController();
+    const closeUpstream = () => abortController.abort();
+    let upstream = null;
+    let reader = null;
+
+    req.on('close', closeUpstream);
+
+    try {
+      const requestUrl = typeof req.originalUrl === 'string' && req.originalUrl.length > 0
+        ? req.originalUrl
+        : (typeof req.url === 'string' ? req.url : '');
+      const upstreamPath = requestUrl.startsWith('/api') ? requestUrl.slice(4) || '/' : requestUrl;
+      const headers = collectForwardProxyHeaders(req.headers, getOpenCodeAuthHeaders());
+      headers.accept ??= 'text/event-stream';
+      headers['cache-control'] ??= 'no-cache';
+
+      upstream = await fetch(buildOpenCodeUrl(upstreamPath, ''), {
+        method: 'GET',
+        headers,
+        signal: abortController.signal,
+      });
+
+      res.status(upstream.status);
+      applyForwardProxyResponseHeaders(upstream.headers, res);
+
+      const contentType = upstream.headers.get('content-type') || 'text/event-stream';
+      const isEventStream = contentType.toLowerCase().includes('text/event-stream');
+
+      if (!upstream.body) {
+        res.end(await upstream.text().catch(() => ''));
+        return;
+      }
+
+      if (!isEventStream) {
+        res.end(await upstream.text());
+        return;
+      }
+
+      res.setHeader('Content-Type', contentType);
+      res.setHeader('Cache-Control', 'no-cache');
+      res.setHeader('Connection', 'keep-alive');
+      res.setHeader('X-Accel-Buffering', 'no');
+      if (typeof res.flushHeaders === 'function') {
+        res.flushHeaders();
+      }
+
+      reader = upstream.body.getReader();
+      while (!abortController.signal.aborted) {
+        const { done, value } = await reader.read();
+        if (done) {
+          break;
+        }
+        if (value && value.length > 0) {
+          res.write(value);
+        }
+      }
+
+      res.end();
+    } catch (error) {
+      if (isAbortError(error)) {
+        return;
+      }
+      console.error('[proxy] OpenCode SSE proxy error:', error?.message ?? error);
+      if (!res.headersSent) {
+        res.status(503).json({ error: 'OpenCode service unavailable' });
+      } else {
+        res.end();
+      }
+    } finally {
+      req.off('close', closeUpstream);
+      try {
+        if (reader) {
+          await reader.cancel();
+          reader.releaseLock();
+        } else if (upstream?.body && !upstream.body.locked) {
+          await upstream.body.cancel();
+        }
+      } catch {
+      }
+    }
+  };
+
   // Ensure API prefix is detected before proxying
   app.use('/api', (_req, _res, next) => {
     ensureOpenCodeApiPrefix();
@@ -138,7 +228,10 @@ export const registerOpenCodeProxy = (app, deps) => {
     });
   }
 
-  // http-proxy-middleware handles SSE, large bodies, timeouts correctly
+  app.get('/api/global/event', forwardSseRequest);
+  app.get('/api/event', forwardSseRequest);
+
+  // Generic proxy for non-SSE OpenCode API routes.
   const apiProxy = createProxyMiddleware({
     target: `http://127.0.0.1:${runtime.openCodePort || 3902}`,
     changeOrigin: true,
@@ -155,6 +248,17 @@ export const registerOpenCodeProxy = (app, deps) => {
         if (authHeaders.Authorization) {
           proxyReq.setHeader('Authorization', authHeaders.Authorization);
         }
+
+        // Defensive: request identity encoding from upstream OpenCode.
+        // This avoids compressed-body/header mismatches in multi-proxy setups.
+        proxyReq.setHeader('accept-encoding', 'identity');
+      },
+      proxyRes: (proxyRes) => {
+        for (const key of Object.keys(proxyRes.headers || {})) {
+          if (!shouldForwardProxyResponseHeader(key)) {
+            delete proxyRes.headers[key];
+          }
+        }
       },
       error: (err, _req, res) => {
         console.error('[proxy] OpenCode proxy error:', err.message);

package/server/lib/quota/DOCUMENTATION.md

@@ -29,6 +29,7 @@ These provider IDs are currently dispatchable via `fetchQuotaForProvider(provide
 | `minimax-coding-plan` | MiniMax Coding Plan (minimax.io) | `providers/minimax-coding-plan.js` | `minimax-coding-plan` |
 | `minimax-cn-coding-plan` | MiniMax Coding Plan (minimaxi.com) | `providers/minimax-cn-coding-plan.js` | `minimax-cn-coding-plan` |
 | `ollama-cloud` | Ollama Cloud | `providers/ollama-cloud.js` | Cookie file at `~/.config/ollama-quota/cookie` (raw session cookie string) |
+| `zhipuai-coding-plan` | ZhipuAI | `providers/zhipuai.js` | `zhipuai-coding-plan`, `zhipuai`, `zhipu` |
 
 ## Internal-only provider module
 - `providers/openai.js` exists for logic parity/reuse but is intentionally not registered for dispatcher ID routing.

package/server/lib/quota/index.js

@@ -20,5 +20,6 @@ export {
   fetchNanoGptQuota,
   fetchMinimaxCodingPlanQuota,
   fetchMinimaxCnCodingPlanQuota,
-  fetchOllamaCloudQuota
+  fetchOllamaCloudQuota,
+  fetchZhipuaiQuota
 } from './providers/index.js';

package/server/lib/quota/providers/copilot.js

@@ -18,7 +18,7 @@ const buildCopilotWindows = (payload) => {
     const entitlement = toNumber(snapshot.entitlement);
     const remaining = toNumber(snapshot.remaining);
     const usedPercent = entitlement && remaining !== null
-      ? Math.max(0, Math.min(100, 100 - (remaining / entitlement) * 100))
+      ? Math.max(0, 100 - (remaining / entitlement) * 100)
       : null;
     const valueLabel = entitlement !== null && remaining !== null
       ? `${remaining.toFixed(0)} / ${entitlement.toFixed(0)} left`

package/server/lib/quota/providers/index.js

@@ -19,6 +19,7 @@ import * as zai from './zai.js';
 import * as minimaxCodingPlan from './minimax-coding-plan.js';
 import * as minimaxCnCodingPlan from './minimax-cn-coding-plan.js';
 import * as ollamaCloud from './ollama-cloud.js';
+import * as zhipuai from './zhipuai.js';
 
 const registry = {
   claude: {
@@ -92,6 +93,12 @@ const registry = {
     providerName: ollamaCloud.providerName,
     isConfigured: ollamaCloud.isConfigured,
     fetchQuota: ollamaCloud.fetchQuota
+  },
+  'zhipuai-coding-plan': {
+    providerId: zhipuai.providerId,
+    providerName: zhipuai.providerName,
+    isConfigured: zhipuai.isConfigured,
+    fetchQuota: zhipuai.fetchQuota
   }
 };
 
@@ -150,3 +157,4 @@ export const fetchNanoGptQuota = nanogpt.fetchQuota;
 export const fetchMinimaxCodingPlanQuota = minimaxCodingPlan.fetchQuota;
 export const fetchMinimaxCnCodingPlanQuota = minimaxCnCodingPlan.fetchQuota;
 export const fetchOllamaCloudQuota = ollamaCloud.fetchQuota;
+export const fetchZhipuaiQuota = zhipuai.fetchQuota;

package/server/lib/quota/providers/minimax-cn-coding-plan.js

@@ -1,15 +1,141 @@
-// MiniMax Coding Plan Provider
-import { createMiniMaxCodingPlanProvider } from './minimax-shared.js';
-
-const provider = createMiniMaxCodingPlanProvider({
-  providerId: 'minimax-cn-coding-plan',
-  providerName: 'MiniMax Coding Plan (minimaxi.com)',
-  aliases: ['minimax-cn-coding-plan'],
-  endpoint: 'https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains',
-});
-
-export const providerId = provider.providerId;
-export const providerName = provider.providerName;
-export const aliases = provider.aliases;
-export const isConfigured = provider.isConfigured;
-export const fetchQuota = provider.fetchQuota;
+// MiniMax Coding Plan Provider (minimaxi.com)
+import { readAuthFile } from '../../opencode/auth.js';
+import {
+  getAuthEntry,
+  normalizeAuthEntry,
+  buildResult,
+  toUsageWindow,
+  toNumber,
+  toTimestamp,
+} from '../utils/index.js';
+
+export const providerId = 'minimax-cn-coding-plan';
+export const providerName = 'MiniMax Coding Plan (minimaxi.com)';
+export const aliases = ['minimax-cn-coding-plan'];
+
+export const isConfigured = () => {
+  const auth = readAuthFile();
+  const entry = normalizeAuthEntry(getAuthEntry(auth, aliases));
+  return Boolean(entry?.key || entry?.token);
+};
+
+export const fetchQuota = async () => {
+  const auth = readAuthFile();
+  const entry = normalizeAuthEntry(getAuthEntry(auth, aliases));
+  const apiKey = entry?.key ?? entry?.token;
+
+  if (!apiKey) {
+    return buildResult({
+      providerId,
+      providerName,
+      ok: false,
+      configured: false,
+      error: 'Not configured',
+    });
+  }
+
+  try {
+    const response = await fetch(
+      'https://www.minimaxi.com/v1/api/openplatform/coding_plan/remains',
+      {
+        method: 'GET',
+        headers: {
+          Authorization: `Bearer ${apiKey}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    );
+
+    if (!response.ok) {
+      return buildResult({
+        providerId,
+        providerName,
+        ok: false,
+        configured: true,
+        error: `API error: ${response.status}`,
+      });
+    }
+
+    const payload = await response.json();
+    const baseResp = payload?.base_resp;
+    if (baseResp && baseResp.status_code !== 0) {
+      return buildResult({
+        providerId,
+        providerName,
+        ok: false,
+        configured: true,
+        error: baseResp.status_msg || `API error: ${baseResp.status_code}`,
+      });
+    }
+
+    const firstModel = payload?.model_remains?.[0];
+    if (!firstModel) {
+      return buildResult({
+        providerId,
+        providerName,
+        ok: false,
+        configured: true,
+        error: 'No model quota data available',
+      });
+    }
+
+    const intervalTotal = toNumber(firstModel.current_interval_total_count);
+    const intervalUsage = toNumber(firstModel.current_interval_usage_count);
+    const intervalStartAt = toTimestamp(firstModel.start_time);
+    const intervalResetAt = toTimestamp(firstModel.end_time);
+    const weeklyTotal = toNumber(firstModel.current_weekly_total_count);
+    const weeklyUsage = toNumber(firstModel.current_weekly_usage_count);
+    const weeklyStartAt = toTimestamp(firstModel.weekly_start_time);
+    const weeklyResetAt = toTimestamp(firstModel.weekly_end_time);
+
+    // For minimaxi.com: usage_count represents USED credits
+    const intervalUsed = intervalUsage;
+    const weeklyUsed = weeklyUsage;
+
+    const intervalUsedPercent =
+      intervalTotal > 0 && intervalUsed != null
+        ? Math.max(0, Math.min(100, (intervalUsed / intervalTotal) * 100))
+        : null;
+    const intervalWindowSeconds =
+      intervalStartAt && intervalResetAt && intervalResetAt > intervalStartAt
+        ? Math.floor((intervalResetAt - intervalStartAt) / 1000)
+        : null;
+    const weeklyUsedPercent =
+      weeklyTotal > 0 && weeklyUsed != null
+        ? Math.max(0, Math.min(100, (weeklyUsed / weeklyTotal) * 100))
+        : null;
+    const weeklyWindowSeconds =
+      weeklyStartAt && weeklyResetAt && weeklyResetAt > weeklyStartAt
+        ? Math.floor((weeklyResetAt - weeklyStartAt) / 1000)
+        : null;
+
+    const windows = {
+      '5h': toUsageWindow({
+        usedPercent: intervalUsedPercent,
+        windowSeconds: intervalWindowSeconds,
+        resetAt: intervalResetAt,
+      }),
+      weekly: toUsageWindow({
+        usedPercent: weeklyUsedPercent,
+        windowSeconds: weeklyWindowSeconds,
+        resetAt: weeklyResetAt,
+      }),
+    };
+
+    return buildResult({
+      providerId,
+      providerName,
+      ok: true,
+      configured: true,
+      usage: { windows },
+    });
+  } catch (error) {
+    return buildResult({
+      providerId,
+      providerName,
+      ok: false,
+      configured: true,
+      error: error instanceof Error ? error.message : 'Request failed',
+    });
+  }
+};

package/server/lib/quota/providers/minimax-coding-plan.js

@@ -1,15 +1,139 @@
-// MiniMax Coding Plan Provider
-import { createMiniMaxCodingPlanProvider } from './minimax-shared.js';
-
-const provider = createMiniMaxCodingPlanProvider({
-  providerId: 'minimax-coding-plan',
-  providerName: 'MiniMax Coding Plan (minimax.io)',
-  aliases: ['minimax-coding-plan'],
-  endpoint: 'https://www.minimax.io/v1/api/openplatform/coding_plan/remains',
-});
-
-export const providerId = provider.providerId;
-export const providerName = provider.providerName;
-export const aliases = provider.aliases;
-export const isConfigured = provider.isConfigured;
-export const fetchQuota = provider.fetchQuota;
+import { readAuthFile } from '../../opencode/auth.js';
+import {
+  getAuthEntry,
+  normalizeAuthEntry,
+  buildResult,
+  toUsageWindow,
+  toNumber,
+  toTimestamp,
+} from '../utils/index.js';
+
+export const providerId = 'minimax-coding-plan';
+export const providerName = 'MiniMax Coding Plan (minimax.io)';
+export const aliases = ['minimax-coding-plan'];
+
+export const isConfigured = () => {
+  const auth = readAuthFile();
+  const entry = normalizeAuthEntry(getAuthEntry(auth, aliases));
+  return Boolean(entry?.key || entry?.token);
+};
+
+export const fetchQuota = async () => {
+  const auth = readAuthFile();
+  const entry = normalizeAuthEntry(getAuthEntry(auth, aliases));
+  const apiKey = entry?.key ?? entry?.token;
+
+  if (!apiKey) {
+    return buildResult({
+      providerId,
+      providerName,
+      ok: false,
+      configured: false,
+      error: 'Not configured',
+    });
+  }
+
+  try {
+    const response = await fetch(
+      'https://api.minimax.io/v1/api/openplatform/coding_plan/remains',
+      {
+        method: 'GET',
+        headers: {
+          Authorization: `Bearer ${apiKey}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    );
+
+    if (!response.ok) {
+      return buildResult({
+        providerId,
+        providerName,
+        ok: false,
+        configured: true,
+        error: `API error: ${response.status}`,
+      });
+    }
+
+    const payload = await response.json();
+    const baseResp = payload?.base_resp;
+    if (baseResp && baseResp.status_code !== 0) {
+      return buildResult({
+        providerId,
+        providerName,
+        ok: false,
+        configured: true,
+        error: baseResp.status_msg || `API error: ${baseResp.status_code}`,
+      });
+    }
+
+    const firstModel = payload?.model_remains?.[0];
+    if (!firstModel) {
+      return buildResult({
+        providerId,
+        providerName,
+        ok: false,
+        configured: true,
+        error: 'No model quota data available',
+      });
+    }
+
+    const intervalTotal = toNumber(firstModel.current_interval_total_count);
+    const intervalUsage = toNumber(firstModel.current_interval_usage_count);
+    const intervalStartAt = toTimestamp(firstModel.start_time);
+    const intervalResetAt = toTimestamp(firstModel.end_time);
+    const weeklyTotal = toNumber(firstModel.current_weekly_total_count);
+    const weeklyUsage = toNumber(firstModel.current_weekly_usage_count);
+    const weeklyStartAt = toTimestamp(firstModel.weekly_start_time);
+    const weeklyResetAt = toTimestamp(firstModel.weekly_end_time);
+
+    const intervalUsed = intervalUsage;
+    const weeklyUsed = weeklyUsage;
+
+    const intervalUsedPercent =
+      intervalTotal > 0 && intervalUsed !== null
+        ? Math.max(0, Math.min(100, (intervalUsed / intervalTotal) * 100))
+        : null;
+    const intervalWindowSeconds =
+      intervalStartAt && intervalResetAt && intervalResetAt > intervalStartAt
+        ? Math.floor((intervalResetAt - intervalStartAt) / 1000)
+        : null;
+    const weeklyUsedPercent =
+      weeklyTotal > 0 && weeklyUsed !== null
+        ? Math.max(0, Math.min(100, (weeklyUsed / weeklyTotal) * 100))
+        : null;
+    const weeklyWindowSeconds =
+      weeklyStartAt && weeklyResetAt && weeklyResetAt > weeklyStartAt
+        ? Math.floor((weeklyResetAt - weeklyStartAt) / 1000)
+        : null;
+
+    const windows = {
+      '5h': toUsageWindow({
+        usedPercent: intervalUsedPercent,
+        windowSeconds: intervalWindowSeconds,
+        resetAt: intervalResetAt,
+      }),
+      weekly: toUsageWindow({
+        usedPercent: weeklyUsedPercent,
+        windowSeconds: weeklyWindowSeconds,
+        resetAt: weeklyResetAt,
+      }),
+    };
+
+    return buildResult({
+      providerId,
+      providerName,
+      ok: true,
+      configured: true,
+      usage: { windows },
+    });
+  } catch (error) {
+    return buildResult({
+      providerId,
+      providerName,
+      ok: false,
+      configured: true,
+      error: error instanceof Error ? error.message : 'Request failed',
+    });
+  }
+};