@ottocode/server 0.1.228 → 0.1.231

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ottocode/server",
-	"version": "0.1.228",
+	"version": "0.1.231",
 	"description": "HTTP API server for ottocode",
 	"type": "module",
 	"main": "./src/index.ts",
@@ -49,8 +49,8 @@
 		"typecheck": "tsc --noEmit"
 	},
 	"dependencies": {
-		"@ottocode/sdk": "0.1.228",
-		"@ottocode/database": "0.1.228",
+		"@ottocode/sdk": "0.1.231",
+		"@ottocode/database": "0.1.231",
 		"drizzle-orm": "^0.44.5",
 		"hono": "^4.9.9",
 		"zod": "^4.3.6"

package/src/index.ts

@@ -108,7 +108,6 @@ export type StandaloneAppConfig = {
 export function createStandaloneApp(_config?: StandaloneAppConfig) {
 	const honoApp = new Hono();
 
-	// Enable CORS for localhost and local network access
 	honoApp.use(
 		'*',
 		cors({
@@ -192,6 +191,7 @@ export type EmbeddedAppConfig = {
 		model?: string;
 		agent?: string;
 		toolApproval?: 'auto' | 'dangerous' | 'all';
+		fullWidthContent?: boolean;
 	};
 	/** Additional CORS origins for proxies/Tailscale (e.g., ['https://myapp.ts.net', 'https://example.com']) */
 	corsOrigins?: string[];
@@ -214,7 +214,6 @@ export function createEmbeddedApp(config: EmbeddedAppConfig = {}) {
 		await next();
 	});
 
-	// Enable CORS for localhost and local network access
 	honoApp.use(
 		'*',
 		cors({

package/src/openapi/paths/ask.ts

@@ -35,6 +35,17 @@ export const askPaths = {
 									description:
 										'Optional model override for the selected provider.',
 								},
+								reasoningText: {
+									type: 'boolean',
+									description:
+										'Enable extended thinking / reasoning for models that support it.',
+								},
+								reasoningLevel: {
+									type: 'string',
+									enum: ['minimal', 'low', 'medium', 'high', 'max', 'xhigh'],
+									description:
+										'Optional reasoning intensity override for supported providers/models.',
+								},
 								sessionId: {
 									type: 'string',
 									description: 'Send the prompt to a specific session.',

package/src/openapi/paths/config.ts

@@ -178,7 +178,12 @@ export const configPaths = {
 								agent: { type: 'string' },
 								provider: { type: 'string' },
 								model: { type: 'string' },
+								fullWidthContent: { type: 'boolean' },
 								reasoningText: { type: 'boolean' },
+								reasoningLevel: {
+									type: 'string',
+									enum: ['minimal', 'low', 'medium', 'high', 'max', 'xhigh'],
+								},
 								scope: {
 									type: 'string',
 									enum: ['global', 'local'],
@@ -204,7 +209,19 @@ export const configPaths = {
 											agent: { type: 'string' },
 											provider: { type: 'string' },
 											model: { type: 'string' },
+											fullWidthContent: { type: 'boolean' },
 											reasoningText: { type: 'boolean' },
+											reasoningLevel: {
+												type: 'string',
+												enum: [
+													'minimal',
+													'low',
+													'medium',
+													'high',
+													'max',
+													'xhigh',
+												],
+											},
 										},
 										required: ['agent', 'provider', 'model'],
 									},

package/src/openapi/paths/messages.ts

@@ -72,6 +72,12 @@ export const messagesPaths = {
 									description:
 										'Enable extended thinking / reasoning for models that support it.',
 								},
+								reasoningLevel: {
+									type: 'string',
+									enum: ['minimal', 'low', 'medium', 'high', 'max', 'xhigh'],
+									description:
+										'Reasoning intensity level for providers/models that support it.',
+								},
 							},
 						},
 					},

package/src/openapi/schemas.ts

@@ -73,6 +73,7 @@ export const schemas = {
 				additionalProperties: { type: 'integer' },
 				nullable: true,
 			},
+			isRunning: { type: 'boolean' },
 		},
 		required: ['id', 'agent', 'provider', 'model', 'projectPath', 'createdAt'],
 	},
@@ -195,7 +196,12 @@ export const schemas = {
 					agent: { type: 'string' },
 					provider: { $ref: '#/components/schemas/Provider' },
 					model: { type: 'string' },
+					fullWidthContent: { type: 'boolean' },
 					reasoningText: { type: 'boolean' },
+					reasoningLevel: {
+						type: 'string',
+						enum: ['minimal', 'low', 'medium', 'high', 'max', 'xhigh'],
+					},
 				},
 				required: ['agent', 'provider', 'model'],
 			},

package/src/routes/ask.ts

@@ -79,6 +79,14 @@ export function registerAskRoutes(app: Hono) {
 			agent: typeof body.agent === 'string' ? body.agent : undefined,
 			provider: typeof body.provider === 'string' ? body.provider : undefined,
 			model: typeof body.model === 'string' ? body.model : undefined,
+			reasoningText:
+				typeof body.reasoningText === 'boolean'
+					? body.reasoningText
+					: undefined,
+			reasoningLevel:
+				typeof body.reasoningLevel === 'string'
+					? (body.reasoningLevel as AskServerRequest['reasoningLevel'])
+					: undefined,
 			sessionId:
 				typeof body.sessionId === 'string' ? body.sessionId : undefined,
 			last: Boolean(body.last),

package/src/routes/config/defaults.ts

@@ -1,5 +1,10 @@
 import type { Hono } from 'hono';
-import { setConfig, loadConfig, type ProviderId } from '@ottocode/sdk';
+import {
+	setConfig,
+	loadConfig,
+	type ProviderId,
+	type ReasoningLevel,
+} from '@ottocode/sdk';
 import { logger } from '@ottocode/sdk';
 import { serializeError } from '../../runtime/errors/api-error.ts';
 
@@ -14,7 +19,9 @@ export function registerDefaultsRoute(app: Hono) {
 				toolApproval?: 'auto' | 'dangerous' | 'all';
 				guidedMode?: boolean;
 				reasoningText?: boolean;
+				reasoningLevel?: ReasoningLevel;
 				theme?: string;
+				fullWidthContent?: boolean;
 				scope?: 'global' | 'local';
 			}>();
 
@@ -26,7 +33,9 @@ export function registerDefaultsRoute(app: Hono) {
 				toolApproval: 'auto' | 'dangerous' | 'all';
 				guidedMode: boolean;
 				reasoningText: boolean;
+				reasoningLevel: ReasoningLevel;
 				theme: string;
+				fullWidthContent: boolean;
 			}> = {};
 
 			if (body.agent) updates.agent = body.agent;
@@ -36,7 +45,10 @@ export function registerDefaultsRoute(app: Hono) {
 			if (body.guidedMode !== undefined) updates.guidedMode = body.guidedMode;
 			if (body.reasoningText !== undefined)
 				updates.reasoningText = body.reasoningText;
+			if (body.reasoningLevel) updates.reasoningLevel = body.reasoningLevel;
 			if (body.theme) updates.theme = body.theme;
+			if (body.fullWidthContent !== undefined)
+				updates.fullWidthContent = body.fullWidthContent;
 
 			await setConfig(scope, updates, projectRoot);
 

package/src/routes/config/main.ts

@@ -61,7 +61,14 @@ export function registerMainConfigRoute(app: Hono) {
 				) as 'auto' | 'dangerous' | 'all',
 				guidedMode: cfg.defaults.guidedMode ?? false,
 				reasoningText: cfg.defaults.reasoningText ?? true,
+				reasoningLevel: cfg.defaults.reasoningLevel ?? 'high',
 				theme: cfg.defaults.theme,
+				fullWidthContent:
+					getDefault(
+						undefined,
+						embeddedConfig?.defaults?.fullWidthContent,
+						cfg.defaults.fullWidthContent,
+					) ?? false,
 			};
 
 			return c.json({

package/src/routes/config/models.ts

@@ -138,6 +138,7 @@ export function registerModelsRoutes(app: Hono) {
 					reasoningText: m.reasoningText,
 					vision: m.modalities?.input?.includes('image') ?? false,
 					attachment: m.attachment ?? false,
+					free: m.cost?.input === 0 && m.cost?.output === 0,
 				})),
 				default: getDefault(
 					embeddedConfig?.model,
@@ -205,6 +206,7 @@ export function registerModelsRoutes(app: Hono) {
 							reasoningText: m.reasoningText,
 							vision: m.modalities?.input?.includes('image') ?? false,
 							attachment: m.attachment ?? false,
+							free: m.cost?.input === 0 && m.cost?.output === 0,
 						})),
 					};
 				}

package/src/routes/mcp.ts

@@ -1,36 +1,21 @@
 import type { Hono } from 'hono';
 import {
+	COPILOT_MCP_SCOPE,
 	getMCPManager,
+	getCopilotMCPOAuthKey,
+	getStoredCopilotMCPToken,
 	initializeMCP,
+	isGitHubCopilotUrl,
 	loadMCPConfig,
 	getGlobalConfigDir,
 	MCPClientWrapper,
+	OAuthCredentialStore,
 	addMCPServerToConfig,
 	removeMCPServerFromConfig,
 } from '@ottocode/sdk';
-import {
-	authorizeCopilot,
-	pollForCopilotTokenOnce,
-	getAuth,
-	setAuth,
-} from '@ottocode/sdk';
+import { authorizeCopilot, pollForCopilotTokenOnce } from '@ottocode/sdk';
 
-const GITHUB_COPILOT_HOSTS = [
-	'api.githubcopilot.com',
-	'copilot-proxy.githubusercontent.com',
-];
-
-function isGitHubCopilotUrl(url?: string): boolean {
-	if (!url) return false;
-	try {
-		const parsed = new URL(url);
-		return GITHUB_COPILOT_HOSTS.some(
-			(h) => parsed.hostname === h || parsed.hostname.endsWith(`.${h}`),
-		);
-	} catch {
-		return false;
-	}
-}
+const copilotMCPOAuthStore = new OAuthCredentialStore();
 
 const copilotMCPSessions = new Map<
 	string,
@@ -184,13 +169,14 @@ export function registerMCPRoutes(app: Hono) {
 			);
 
 			if (isGitHubCopilotUrl(serverConfig.url) && !status?.connected) {
-				const MCP_SCOPES =
-					'repo read:org read:packages gist notifications read:project security_events';
-				const existingAuth = await getAuth('copilot');
-				const hasMCPScopes =
-					existingAuth?.type === 'oauth' && existingAuth.scopes === MCP_SCOPES;
+				const existingAuth = await getStoredCopilotMCPToken(
+					copilotMCPOAuthStore,
+					name,
+					serverConfig.scope ?? 'global',
+					projectRoot,
+				);
 
-				if (!existingAuth || existingAuth.type !== 'oauth' || !hasMCPScopes) {
+				if (!existingAuth.token || existingAuth.needsReauth) {
 					const deviceData = await authorizeCopilot({ mcp: true });
 					const sessionId = crypto.randomUUID();
 					copilotMCPSessions.set(sessionId, {
@@ -256,14 +242,13 @@ export function registerMCPRoutes(app: Hono) {
 
 		if (isGitHubCopilotUrl(serverConfig.url)) {
 			try {
-				const MCP_SCOPES =
-					'repo read:org read:packages gist notifications read:project security_events';
-				const existingAuth = await getAuth('copilot');
-				if (
-					existingAuth?.type === 'oauth' &&
-					existingAuth.refresh &&
-					existingAuth.scopes === MCP_SCOPES
-				) {
+				const existingAuth = await getStoredCopilotMCPToken(
+					copilotMCPOAuthStore,
+					name,
+					serverConfig.scope ?? 'global',
+					projectRoot,
+				);
+				if (existingAuth.token && !existingAuth.needsReauth) {
 					return c.json({
 						ok: true,
 						name,
@@ -334,29 +319,31 @@ export function registerMCPRoutes(app: Hono) {
 				const result = await pollForCopilotTokenOnce(session.deviceCode);
 				if (result.status === 'complete') {
 					copilotMCPSessions.delete(sessionId);
-					await setAuth(
-						'copilot',
-						{
-							type: 'oauth',
-							refresh: result.accessToken,
-							access: result.accessToken,
-							expires: 0,
-							scopes:
-								'repo read:org read:packages gist notifications read:project security_events',
-						},
-						undefined,
-						'global',
-					);
 					const projectRoot = process.cwd();
 					const config = await loadMCPConfig(projectRoot, getGlobalConfigDir());
 					const serverConfig = config.servers.find((s) => s.name === name);
+					if (!serverConfig) {
+						return c.json(
+							{ ok: false, error: `Server "${name}" not found` },
+							404,
+						);
+					}
+					await copilotMCPOAuthStore.saveTokens(
+						getCopilotMCPOAuthKey(
+							name,
+							serverConfig.scope ?? 'global',
+							projectRoot,
+						),
+						{
+							access_token: result.accessToken,
+							scope: COPILOT_MCP_SCOPE,
+						},
+					);
 					let mcpMgr = getMCPManager();
-					if (serverConfig) {
-						if (!mcpMgr) {
-							mcpMgr = await initializeMCP({ servers: [] }, projectRoot);
-						}
-						await mcpMgr.restartServer(serverConfig);
+					if (!mcpMgr) {
+						mcpMgr = await initializeMCP({ servers: [] }, projectRoot);
 					}
+					await mcpMgr.restartServer(serverConfig);
 					mcpMgr = getMCPManager();
 					const status = mcpMgr
 						? (await mcpMgr.getStatusAsync()).find((s) => s.name === name)
@@ -421,8 +408,13 @@ export function registerMCPRoutes(app: Hono) {
 
 		if (serverConfig && isGitHubCopilotUrl(serverConfig.url)) {
 			try {
-				const auth = await getAuth('copilot');
-				const authenticated = auth?.type === 'oauth' && !!auth.refresh;
+				const auth = await getStoredCopilotMCPToken(
+					copilotMCPOAuthStore,
+					name,
+					serverConfig.scope ?? 'global',
+					projectRoot,
+				);
+				const authenticated = !!auth.token && !auth.needsReauth;
 				return c.json({ authenticated, authType: 'copilot-device' });
 			} catch {
 				return c.json({ authenticated: false, authType: 'copilot-device' });
@@ -450,10 +442,22 @@ export function registerMCPRoutes(app: Hono) {
 
 		if (serverConfig && isGitHubCopilotUrl(serverConfig.url)) {
 			try {
-				const { removeAuth } = await import('@ottocode/sdk');
-				await removeAuth('copilot');
+				const key = getCopilotMCPOAuthKey(
+					name,
+					serverConfig.scope ?? 'global',
+					projectRoot,
+				);
+				await copilotMCPOAuthStore.clearServer(key);
+				if (key !== name) {
+					await copilotMCPOAuthStore.clearServer(name);
+				}
 				const manager = getMCPManager();
 				if (manager) {
+					await manager.clearAuthData(
+						name,
+						serverConfig.scope ?? 'global',
+						projectRoot,
+					);
 					await manager.stopServer(name);
 				}
 				return c.json({ ok: true, name });

package/src/routes/session-messages.ts

@@ -1,5 +1,5 @@
 import type { Hono } from 'hono';
-import { loadConfig } from '@ottocode/sdk';
+import { loadConfig, type ReasoningLevel } from '@ottocode/sdk';
 import { getDb } from '@ottocode/database';
 import { messages, messageParts, sessions } from '@ottocode/database/schema';
 import { eq, inArray } from 'drizzle-orm';
@@ -124,6 +124,10 @@ export function registerSessionMessagesRoutes(app: Hono) {
 
 			const reasoning =
 				body?.reasoningText ?? cfg.defaults.reasoningText ?? false;
+			const reasoningLevel =
+				(body?.reasoningLevel as ReasoningLevel | undefined) ??
+				cfg.defaults.reasoningLevel ??
+				'high';
 
 			// Validate model capabilities if tools are allowed for this agent
 			const wantsToolCalls = true; // agent toolset may be non-empty
@@ -158,6 +162,7 @@ export function registerSessionMessagesRoutes(app: Hono) {
 				oneShot: Boolean(body?.oneShot),
 				userContext,
 				reasoningText: reasoning,
+				reasoningLevel,
 				images,
 				files,
 			});

package/src/routes/session-stream.ts

@@ -1,3 +1,4 @@
+import type { Context } from 'hono';
 import type { Hono } from 'hono';
 import { subscribe } from '../events/bus.ts';
 import type { OttoEvent } from '../events/types.ts';
@@ -8,54 +9,54 @@ function safeStringify(obj: unknown): string {
 	);
 }
 
-export function registerSessionStreamRoute(app: Hono) {
-	app.get('/v1/sessions/:id/stream', async (c) => {
-		const sessionId = c.req.param('id');
-		const headers = new Headers({
-			'Content-Type': 'text/event-stream',
-			'Cache-Control': 'no-cache, no-transform',
-			Connection: 'keep-alive',
-		});
-
-		const encoder = new TextEncoder();
+function handleSessionStream(c: Context) {
+	const sessionId = c.req.param('id');
+	const headers = new Headers({
+		'Content-Type': 'text/event-stream',
+		'Cache-Control': 'no-cache, no-transform',
+		Connection: 'keep-alive',
+	});
 
-		const stream = new ReadableStream<Uint8Array>({
-			start(controller) {
-				const write = (evt: OttoEvent) => {
-					let line: string;
-					try {
-						line =
-							`event: ${evt.type}\n` +
-							`data: ${safeStringify(evt.payload ?? {})}\n\n`;
-					} catch {
-						line = `event: ${evt.type}\ndata: {}\n\n`;
-					}
-					controller.enqueue(encoder.encode(line));
-				};
-				const unsubscribe = subscribe(sessionId, write);
-				// Initial ping
-				controller.enqueue(encoder.encode(`: connected ${sessionId}\n\n`));
-				// Heartbeat every 5s to prevent idle timeout (Bun default is 10s)
-				const hb = setInterval(() => {
-					try {
-						controller.enqueue(encoder.encode(`: hb ${Date.now()}\n\n`));
-					} catch {
-						// Controller might be closed
-						clearInterval(hb);
-					}
-				}, 5000);
+	const encoder = new TextEncoder();
 
-				const signal = c.req.raw?.signal as AbortSignal | undefined;
-				signal?.addEventListener('abort', () => {
+	const stream = new ReadableStream<Uint8Array>({
+		start(controller) {
+			const write = (evt: OttoEvent) => {
+				let line: string;
+				try {
+					line =
+						`event: ${evt.type}\n` +
+						`data: ${safeStringify(evt.payload ?? {})}\n\n`;
+				} catch {
+					line = `event: ${evt.type}\ndata: {}\n\n`;
+				}
+				controller.enqueue(encoder.encode(line));
+			};
+			const unsubscribe = subscribe(sessionId, write);
+			controller.enqueue(encoder.encode(`: connected ${sessionId}\n\n`));
+			const hb = setInterval(() => {
+				try {
+					controller.enqueue(encoder.encode(`: hb ${Date.now()}\n\n`));
+				} catch {
 					clearInterval(hb);
-					unsubscribe();
-					try {
-						controller.close();
-					} catch {}
-				});
-			},
-		});
+				}
+			}, 5000);
 
-		return new Response(stream, { headers });
+			const signal = c.req.raw?.signal as AbortSignal | undefined;
+			signal?.addEventListener('abort', () => {
+				clearInterval(hb);
+				unsubscribe();
+				try {
+					controller.close();
+				} catch {}
+			});
+		},
 	});
+
+	return new Response(stream, { headers });
+}
+
+export function registerSessionStreamRoute(app: Hono) {
+	app.get('/v1/sessions/:id/stream', handleSessionStream);
+	app.post('/v1/sessions/:id/stream', handleSessionStream);
 }

package/src/routes/sessions.ts

@@ -15,6 +15,7 @@ import { resolveAgentConfig } from '../runtime/agent/registry.ts';
 import { createSession as createSessionRow } from '../runtime/session/manager.ts';
 import { serializeError } from '../runtime/errors/api-error.ts';
 import { logger } from '@ottocode/sdk';
+import { getRunnerState } from '../runtime/session/queue.ts';
 
 export function registerSessionsRoutes(app: Hono) {
 	// List sessions
@@ -53,7 +54,9 @@ export function registerSessionsRoutes(app: Hono) {
 				} catch {}
 			}
 			const { toolCountsJson: _toolCountsJson, ...rest } = r;
-			return counts ? { ...rest, toolCounts: counts } : rest;
+			const isRunning = getRunnerState(r.id)?.running ?? false;
+			const base = counts ? { ...rest, toolCounts: counts } : rest;
+			return { ...base, isRunning };
 		});
 		return c.json({
 			items: normalized,

package/src/routes/terminals.ts

@@ -1,3 +1,4 @@
+import type { Context } from 'hono';
 import type { Hono } from 'hono';
 import { streamSSE } from 'hono/streaming';
 import type { TerminalManager } from '@ottocode/sdk';
@@ -77,7 +78,7 @@ export function registerTerminalsRoutes(
 		return c.json({ terminal: terminal.toJSON() });
 	});
 
-	app.get('/v1/terminals/:id/output', async (c) => {
+	const handleTerminalOutput = async (c: Context) => {
 		const id = c.req.param('id');
 		logger.debug('SSE client connecting to terminal', { id });
 		const terminal = terminalManager.get(id);
@@ -91,7 +92,6 @@ export function registerTerminalsRoutes(
 
 		return streamSSE(c, async (stream) => {
 			logger.debug('SSE stream started for terminal', { id });
-			// Send historical buffer first (unless skipHistory is set)
 			const skipHistory = c.req.query('skipHistory') === 'true';
 			if (!skipHistory) {
 				const history = activeTerminal.read();
@@ -121,10 +121,19 @@ export function registerTerminalsRoutes(
 			let resolveStream: (() => void) | null = null;
 			let finished = false;
 
+			const hb = setInterval(async () => {
+				try {
+					await stream.write(`: hb ${Date.now()}\n\n`);
+				} catch {
+					clearInterval(hb);
+				}
+			}, 15000);
+
 			function cleanup() {
 				activeTerminal.removeDataListener(onData);
 				activeTerminal.removeExitListener(onExit);
 				c.req.raw.signal.removeEventListener('abort', onAbort);
+				clearInterval(hb);
 			}
 
 			function finish() {
@@ -168,7 +177,10 @@ export function registerTerminalsRoutes(
 
 			await waitForClose;
 		});
-	});
+	};
+
+	app.get('/v1/terminals/:id/output', handleTerminalOutput);
+	app.post('/v1/terminals/:id/output', handleTerminalOutput);
 
 	app.post('/v1/terminals/:id/input', async (c) => {
 		const id = c.req.param('id');

package/src/routes/tunnel.ts

@@ -1,4 +1,5 @@
 import type { Hono } from 'hono';
+import type { Context } from 'hono';
 import { streamSSE } from 'hono/streaming';
 import {
 	OttoTunnel,
@@ -159,8 +160,8 @@ export function registerTunnelRoutes(app: Hono) {
 		}
 	});
 
-	app.get('/v1/tunnel/stream', async (c) => {
-		return streamSSE(c, async (stream) => {
+	const handleTunnelStream = async (c: Context) => {
+		return streamSSE(c as Context, async (stream) => {
 			const sendEvent = async (data: Record<string, unknown>) => {
 				try {
 					await stream.write(`data: ${JSON.stringify(data)}\n\n`);
@@ -202,7 +203,10 @@ export function registerTunnelRoutes(app: Hono) {
 
 			clearInterval(interval);
 		});
-	});
+	};
+
+	app.get('/v1/tunnel/stream', handleTunnelStream);
+	app.post('/v1/tunnel/stream', handleTunnelStream);
 }
 
 export function stopActiveTunnel() {