@ottocode/server 0.1.244 → 0.1.246

package/src/routes/auth.ts

@@ -4,8 +4,8 @@ import {
 	getAuth,
 	setAuth,
 	removeAuth,
-	ensureSetuWallet,
-	getSetuWallet,
+	ensureOttoRouterWallet,
+	getOttoRouterWallet,
 	importWallet,
 	loadConfig,
 	catalog,
@@ -16,8 +16,8 @@ import {
 	exchange,
 	authorizeWeb,
 	exchangeWeb,
-	authorizeOpenAI,
-	exchangeOpenAI,
+	authorizeOpenAIWeb,
+	exchangeOpenAIWeb,
 	authorizeCopilot,
 	pollForCopilotTokenOnce,
 	type ProviderId,
@@ -223,7 +223,7 @@ export function registerAuthRoutes(app: Hono) {
 			const auth = await getAllAuth(projectRoot);
 			const cfg = await loadConfig(projectRoot);
 			const onboardingComplete = await getOnboardingComplete(projectRoot);
-			const setuWallet = await getSetuWallet(projectRoot);
+			const ottorouterWallet = await getOttoRouterWallet(projectRoot);
 			const ghImportCapability = getGhImportCapability();
 
 			const providers: Record<
@@ -269,10 +269,10 @@ export function registerAuthRoutes(app: Hono) {
 
 			return c.json({
 				onboardingComplete,
-				setu: setuWallet
+				ottorouter: ottorouterWallet
 					? {
 							configured: true,
-							publicKey: setuWallet.publicKey,
+							publicKey: ottorouterWallet.publicKey,
 						}
 					: {
 							configured: false,
@@ -287,11 +287,11 @@ export function registerAuthRoutes(app: Hono) {
 		}
 	});
 
-	app.post('/v1/auth/setu/setup', async (c) => {
+	app.post('/v1/auth/ottorouter/setup', async (c) => {
 		try {
 			const projectRoot = process.cwd();
-			const existing = await getSetuWallet(projectRoot);
-			const wallet = await ensureSetuWallet(projectRoot);
+			const existing = await getOttoRouterWallet(projectRoot);
+			const wallet = await ensureOttoRouterWallet(projectRoot);
 
 			return c.json({
 				success: true,
@@ -299,13 +299,13 @@ export function registerAuthRoutes(app: Hono) {
 				isNew: !existing,
 			});
 		} catch (error) {
-			logger.error('Failed to setup Setu wallet', error);
+			logger.error('Failed to setup OttoRouter wallet', error);
 			const errorResponse = serializeError(error);
 			return c.json(errorResponse, errorResponse.error.status || 500);
 		}
 	});
 
-	app.post('/v1/auth/setu/import', async (c) => {
+	app.post('/v1/auth/ottorouter/import', async (c) => {
 		try {
 			const { privateKey } = await c.req.json<{ privateKey: string }>();
 
@@ -316,7 +316,7 @@ export function registerAuthRoutes(app: Hono) {
 			try {
 				const wallet = importWallet(privateKey);
 				await setAuth(
-					'setu',
+					'ottorouter',
 					{ type: 'wallet', secret: privateKey },
 					undefined,
 					'global',
@@ -330,19 +330,19 @@ export function registerAuthRoutes(app: Hono) {
 				return c.json({ error: 'Invalid private key format' }, 400);
 			}
 		} catch (error) {
-			logger.error('Failed to import Setu wallet', error);
+			logger.error('Failed to import OttoRouter wallet', error);
 			const errorResponse = serializeError(error);
 			return c.json(errorResponse, errorResponse.error.status || 500);
 		}
 	});
 
-	app.get('/v1/auth/setu/export', async (c) => {
+	app.get('/v1/auth/ottorouter/export', async (c) => {
 		try {
 			const projectRoot = process.cwd();
-			const wallet = await getSetuWallet(projectRoot);
+			const wallet = await getOttoRouterWallet(projectRoot);
 
 			if (!wallet) {
-				return c.json({ error: 'Setu wallet not configured' }, 404);
+				return c.json({ error: 'OttoRouter wallet not configured' }, 404);
 			}
 
 			return c.json({
@@ -351,7 +351,7 @@ export function registerAuthRoutes(app: Hono) {
 				privateKey: wallet.privateKey,
 			});
 		} catch (error) {
-			logger.error('Failed to export Setu wallet', error);
+			logger.error('Failed to export OttoRouter wallet', error);
 			const errorResponse = serializeError(error);
 			return c.json(errorResponse, errorResponse.error.status || 500);
 		}
@@ -488,45 +488,23 @@ export function registerAuthRoutes(app: Hono) {
 		try {
 			const provider = c.req.param('provider');
 			const mode = c.req.query('mode') || 'max';
+			const host = c.req.header('host') || 'localhost:3000';
+			const protocol = c.req.header('x-forwarded-proto') || 'http';
 
 			let url: string;
 			let verifier: string;
 			let callbackUrl = '';
 
 			if (provider === 'anthropic') {
-				const host = c.req.header('host') || 'localhost:3000';
-				const protocol = c.req.header('x-forwarded-proto') || 'http';
 				callbackUrl = `${protocol}://${host}/v1/auth/${provider}/oauth/callback`;
 				const result = authorizeWeb(mode as 'max' | 'console', callbackUrl);
 				url = result.url;
 				verifier = result.verifier;
 			} else if (provider === 'openai') {
-				const result = await authorizeOpenAI();
+				callbackUrl = `${protocol}://${host}/v1/auth/${provider}/oauth/callback`;
+				const result = authorizeOpenAIWeb(callbackUrl);
 				url = result.url;
 				verifier = result.verifier;
-				callbackUrl = 'localhost';
-				result
-					.waitForCallback()
-					.then(async (code) => {
-						const tokens = await exchangeOpenAI(code, verifier);
-						await setAuth(
-							'openai',
-							{
-								type: 'oauth',
-								refresh: tokens.refresh,
-								access: tokens.access,
-								expires: tokens.expires,
-								accountId: tokens.accountId,
-								idToken: tokens.idToken,
-							},
-							undefined,
-							'global',
-						);
-						result.close();
-					})
-					.catch(() => {
-						result.close();
-					});
 			} else {
 				return c.json({ error: 'OAuth not supported for this provider' }, 400);
 			}
@@ -594,8 +572,24 @@ export function registerAuthRoutes(app: Hono) {
 					'global',
 				);
 			} else if (provider === 'openai') {
-				return c.html(
-					'<html><body><h1>OpenAI uses localhost callback</h1><p>This route is not used for OpenAI. Please close this window.</p><script>setTimeout(() => window.close(), 3000);</script></body></html>',
+				const tokens = await exchangeOpenAIWeb(
+					code ?? '',
+					verifier,
+					callbackUrl,
+				);
+
+				await setAuth(
+					'openai',
+					{
+						type: 'oauth',
+						refresh: tokens.refresh,
+						access: tokens.access,
+						expires: tokens.expires,
+						accountId: tokens.accountId,
+						idToken: tokens.idToken,
+					},
+					undefined,
+					'global',
 				);
 			}
 

package/src/routes/branch.ts

@@ -1,7 +1,7 @@
 import type { Hono } from 'hono';
 import { loadConfig } from '@ottocode/sdk';
 import { getDb } from '@ottocode/database';
-import { isProviderId, logger } from '@ottocode/sdk';
+import { hasConfiguredProvider, logger } from '@ottocode/sdk';
 import {
 	createBranch,
 	listBranches,
@@ -28,7 +28,8 @@ export function registerBranchRoutes(app: Hono) {
 			}
 
 			const provider =
-				typeof body.provider === 'string' && isProviderId(body.provider)
+				typeof body.provider === 'string' &&
+				hasConfiguredProvider(cfg, body.provider)
 					? body.provider
 					: undefined;
 

package/src/routes/config/defaults.ts

@@ -2,6 +2,7 @@ import type { Hono } from 'hono';
 import {
 	setConfig,
 	loadConfig,
+	hasConfiguredProvider,
 	type ProviderId,
 	type ReasoningLevel,
 } from '@ottocode/sdk';
@@ -12,6 +13,7 @@ export function registerDefaultsRoute(app: Hono) {
 	app.patch('/v1/config/defaults', async (c) => {
 		try {
 			const projectRoot = c.req.query('project') || process.cwd();
+			const cfg = await loadConfig(projectRoot);
 			const body = await c.req.json<{
 				agent?: string;
 				provider?: string;
@@ -41,7 +43,12 @@ export function registerDefaultsRoute(app: Hono) {
 			}> = {};
 
 			if (body.agent) updates.agent = body.agent;
-			if (body.provider) updates.provider = body.provider as ProviderId;
+			if (body.provider) {
+				if (!hasConfiguredProvider(cfg, body.provider)) {
+					return c.json({ error: `Invalid provider: ${body.provider}` }, 400);
+				}
+				updates.provider = body.provider as ProviderId;
+			}
 			if (body.model) updates.model = body.model;
 			if (body.toolApproval) updates.toolApproval = body.toolApproval;
 			if (body.guidedMode !== undefined) updates.guidedMode = body.guidedMode;
@@ -62,11 +69,11 @@ export function registerDefaultsRoute(app: Hono) {
 
 			await setConfig(scope, updates, projectRoot);
 
-			const cfg = await loadConfig(projectRoot);
+			const nextCfg = await loadConfig(projectRoot);
 
 			return c.json({
 				success: true,
-				defaults: cfg.defaults,
+				defaults: nextCfg.defaults,
 			});
 		} catch (error) {
 			logger.error('Failed to update defaults', error);

package/src/routes/config/main.ts

@@ -7,6 +7,7 @@ import {
 	discoverAllAgents,
 	getAuthorizedProviders,
 	getDefault,
+	getProviderDetails,
 } from './utils.ts';
 
 export function registerMainConfigRoute(app: Hono) {
@@ -37,6 +38,7 @@ export function registerMainConfigRoute(app: Hono) {
 				embeddedConfig,
 				cfg,
 			);
+			const providerDetails = await getProviderDetails(embeddedConfig, cfg);
 
 			const defaults = {
 				agent: getDefault(
@@ -80,6 +82,7 @@ export function registerMainConfigRoute(app: Hono) {
 			return c.json({
 				agents: allAgents,
 				providers: authorizedProviders,
+				providerDetails,
 				defaults,
 			});
 		} catch (error) {

package/src/routes/config/models.ts

@@ -1,10 +1,15 @@
 import type { Hono } from 'hono';
 import {
+	discoverOllamaModels,
 	loadConfig,
 	catalog,
+	getConfiguredProviderModels,
+	getProviderDefinition,
+	providerAllowsAnyModel,
 	getAuth,
 	logger,
 	readEnvKey,
+	type ModelInfo,
 	type ProviderId,
 	filterModelsForAuthType,
 } from '@ottocode/sdk';
@@ -79,6 +84,49 @@ async function getAuthorizedCopilotModels(
 	return successful ? merged : null;
 }
 
+async function discoverProviderModels(args: {
+	provider: ProviderId;
+	providerDefinition: NonNullable<ReturnType<typeof getProviderDefinition>>;
+	projectRoot: string;
+}): Promise<ModelInfo[] | undefined> {
+	const { provider, providerDefinition, projectRoot } = args;
+	if (
+		providerDefinition.compatibility !== 'ollama' ||
+		!providerDefinition.baseURL
+	) {
+		return undefined;
+	}
+
+	try {
+		const auth = await getAuth(provider, projectRoot);
+		const apiKey =
+			auth?.type === 'api'
+				? auth.key
+				: (readEnvKey(provider) ?? providerDefinition.apiKey);
+		const discovered = await discoverOllamaModels({
+			baseURL: providerDefinition.baseURL,
+			apiKey,
+			includeDetails: false,
+		});
+		return discovered.models;
+	} catch (error) {
+		logger.warn('Failed to discover Ollama models', {
+			provider,
+			error: error instanceof Error ? error.message : String(error),
+		});
+		return [];
+	}
+}
+
+function shouldLazyLoadProviderModels(
+	providerDefinition: NonNullable<ReturnType<typeof getProviderDefinition>>,
+): boolean {
+	return (
+		providerDefinition.compatibility === 'ollama' ||
+		providerDefinition.source === 'custom'
+	);
+}
+
 export function registerModelsRoutes(app: Hono) {
 	app.get('/v1/config/providers/:provider/models', async (c) => {
 		try {
@@ -103,8 +151,9 @@ export function registerModelsRoutes(app: Hono) {
 				return c.json({ error: 'Provider not authorized' }, 403);
 			}
 
-			const providerCatalog = catalog[provider];
-			if (!providerCatalog) {
+			const providerCatalog = catalog[provider as keyof typeof catalog];
+			const providerDefinition = getProviderDefinition(cfg, provider);
+			if (!providerDefinition) {
 				logger.warn('Provider not found in catalog', { provider });
 				return c.json({ error: 'Provider not found' }, 404);
 			}
@@ -114,11 +163,21 @@ export function registerModelsRoutes(app: Hono) {
 				provider,
 				projectRoot,
 			);
-			const filteredModels = filterModelsForAuthType(
+			const discoveredModels = await discoverProviderModels({
 				provider,
-				providerCatalog.models,
-				authType,
-			);
+				providerDefinition,
+				projectRoot,
+			});
+			const filteredModels =
+				providerDefinition.compatibility === 'ollama'
+					? (discoveredModels ?? [])
+					: providerCatalog
+						? filterModelsForAuthType(
+								provider,
+								providerCatalog.models,
+								authType,
+							)
+						: getConfiguredProviderModels(cfg, provider);
 			const copilotAllowedModels =
 				provider === 'copilot'
 					? await getAuthorizedCopilotModels(projectRoot)
@@ -145,6 +204,8 @@ export function registerModelsRoutes(app: Hono) {
 					embeddedConfig?.defaults?.model,
 					cfg.defaults.model,
 				),
+				allowAnyModel: providerAllowsAnyModel(cfg, provider),
+				label: providerDefinition.label,
 			});
 		} catch (error) {
 			logger.error('Failed to get provider models', error);
@@ -184,21 +245,30 @@ export function registerModelsRoutes(app: Hono) {
 			> = {};
 
 			for (const provider of authorizedProviders) {
-				const providerCatalog = catalog[provider];
-				if (providerCatalog) {
+				const providerCatalog = catalog[provider as keyof typeof catalog];
+				const providerDefinition = getProviderDefinition(cfg, provider);
+				if (providerDefinition) {
+					const dynamicModels =
+						shouldLazyLoadProviderModels(providerDefinition);
 					const authType = await getAuthTypeForProvider(
 						embeddedConfig,
 						provider,
 						projectRoot,
 					);
-					const filteredModels = filterModelsForAuthType(
-						provider,
-						providerCatalog.models,
-						authType,
-					);
+					const filteredModels = dynamicModels
+						? getConfiguredProviderModels(cfg, provider)
+						: providerCatalog
+							? filterModelsForAuthType(
+									provider,
+									providerCatalog.models,
+									authType,
+								)
+							: getConfiguredProviderModels(cfg, provider);
 					modelsMap[provider] = {
-						label: providerCatalog.label || provider,
+						label: providerDefinition.label,
 						authType,
+						allowAnyModel: providerDefinition.allowAnyModel,
+						dynamicModels,
 						models: filteredModels.map((m) => ({
 							id: m.id,
 							label: m.label || m.id,

package/src/routes/config/providers.ts

@@ -1,10 +1,36 @@
 import type { Hono } from 'hono';
-import { loadConfig } from '@ottocode/sdk';
-import type { ProviderId } from '@ottocode/sdk';
+import {
+	loadConfig,
+	removeProviderSettings,
+	writeProviderSettings,
+	isBuiltInProviderId,
+	type ProviderCompatibility,
+	type ProviderPromptFamily,
+	type ProviderId,
+	type ProviderSettingsEntry,
+} from '@ottocode/sdk';
 import type { EmbeddedAppConfig } from '../../index.ts';
 import { logger } from '@ottocode/sdk';
 import { serializeError } from '../../runtime/errors/api-error.ts';
-import { getAuthorizedProviders, getDefault } from './utils.ts';
+import {
+	getAuthorizedProviders,
+	getDefault,
+	getProviderDetails,
+} from './utils.ts';
+
+type ProviderMutationBody = {
+	enabled?: boolean;
+	custom?: boolean;
+	label?: string;
+	compatibility?: ProviderCompatibility;
+	family?: ProviderPromptFamily;
+	baseURL?: string | null;
+	apiKey?: string | null;
+	apiKeyEnv?: string | null;
+	models?: string[];
+	allowAnyModel?: boolean;
+	scope?: 'global' | 'local';
+};
 
 export function registerProvidersRoute(app: Hono) {
 	app.get('/v1/config/providers', async (c) => {
@@ -15,7 +41,7 @@ export function registerProvidersRoute(app: Hono) {
 				}
 			).get('embeddedConfig');
 
-			if (embeddedConfig) {
+			if (embeddedConfig && Object.keys(embeddedConfig).length > 0) {
 				const providers = embeddedConfig.auth
 					? (Object.keys(embeddedConfig.auth) as ProviderId[])
 					: embeddedConfig.provider
@@ -24,6 +50,17 @@ export function registerProvidersRoute(app: Hono) {
 
 				return c.json({
 					providers,
+					details: providers.map((provider) => ({
+						id: provider,
+						label: provider,
+						source: 'built-in',
+						enabled: true,
+						authorized: true,
+						custom: false,
+						hasApiKey: false,
+						allowAnyModel: false,
+						modelCount: 0,
+					})),
 					default: getDefault(
 						embeddedConfig.provider,
 						embeddedConfig.defaults?.provider,
@@ -36,9 +73,11 @@ export function registerProvidersRoute(app: Hono) {
 			const cfg = await loadConfig(projectRoot);
 
 			const authorizedProviders = await getAuthorizedProviders(undefined, cfg);
+			const details = await getProviderDetails(undefined, cfg);
 
 			return c.json({
 				providers: authorizedProviders,
+				details,
 				default: cfg.defaults.provider,
 			});
 		} catch (error) {
@@ -47,4 +86,98 @@ export function registerProvidersRoute(app: Hono) {
 			return c.json(errorResponse, errorResponse.error.status || 500);
 		}
 	});
+
+	app.put('/v1/config/providers/:provider', async (c) => {
+		try {
+			const embeddedConfig = (
+				c as unknown as {
+					get: (key: 'embeddedConfig') => EmbeddedAppConfig | undefined;
+				}
+			).get('embeddedConfig');
+			if (embeddedConfig && Object.keys(embeddedConfig).length > 0) {
+				return c.json({ error: 'Embedded config cannot be modified' }, 400);
+			}
+
+			const projectRoot = c.req.query('project') || process.cwd();
+			const provider = c.req.param('provider').trim();
+			const body = await c.req.json<ProviderMutationBody>();
+			const scope = body.scope || 'local';
+			if (!provider) return c.json({ error: 'Provider is required' }, 400);
+
+			const updates: ProviderSettingsEntry = {
+				enabled: body.enabled ?? true,
+				custom: isBuiltInProviderId(provider)
+					? body.custom
+					: (body.custom ?? true),
+			};
+
+			if (body.label !== undefined)
+				updates.label = body.label.trim() || undefined;
+			if (body.compatibility !== undefined) {
+				updates.compatibility = body.compatibility;
+			}
+			if (body.family !== undefined) updates.family = body.family;
+			if (body.baseURL !== undefined) {
+				updates.baseURL = body.baseURL?.trim() || undefined;
+			}
+			if (body.apiKey !== undefined)
+				updates.apiKey = body.apiKey?.trim() || undefined;
+			if (body.apiKeyEnv !== undefined) {
+				updates.apiKeyEnv = body.apiKeyEnv?.trim() || undefined;
+			}
+			if (body.models !== undefined) {
+				updates.models = body.models
+					.map((model) => model.trim())
+					.filter(Boolean);
+			}
+			if (body.allowAnyModel !== undefined) {
+				updates.allowAnyModel = body.allowAnyModel;
+			}
+
+			if (!isBuiltInProviderId(provider) && !updates.compatibility) {
+				return c.json({ error: 'Custom providers require compatibility' }, 400);
+			}
+
+			await writeProviderSettings(scope, provider, updates, projectRoot);
+			const cfg = await loadConfig(projectRoot);
+			const details = await getProviderDetails(undefined, cfg);
+			return c.json({
+				success: true,
+				provider,
+				details,
+			});
+		} catch (error) {
+			logger.error('Failed to update provider settings', error);
+			const errorResponse = serializeError(error);
+			return c.json(errorResponse, errorResponse.error.status || 500);
+		}
+	});
+
+	app.delete('/v1/config/providers/:provider', async (c) => {
+		try {
+			const embeddedConfig = (
+				c as unknown as {
+					get: (key: 'embeddedConfig') => EmbeddedAppConfig | undefined;
+				}
+			).get('embeddedConfig');
+			if (embeddedConfig && Object.keys(embeddedConfig).length > 0) {
+				return c.json({ error: 'Embedded config cannot be modified' }, 400);
+			}
+
+			const projectRoot = c.req.query('project') || process.cwd();
+			const provider = c.req.param('provider').trim();
+			const scope =
+				(c.req.query('scope') as 'global' | 'local' | undefined) || 'local';
+			if (!provider) return c.json({ error: 'Provider is required' }, 400);
+
+			await removeProviderSettings(scope, provider, projectRoot);
+			const cfg = await loadConfig(projectRoot);
+			const details = await getProviderDetails(undefined, cfg);
+			return c.json({ success: true, provider, details });
+		} catch (error) {
+			logger.error('Failed to remove provider settings', error);
+			const errorResponse = serializeError(error);
+			return c.json(errorResponse, errorResponse.error.status || 500);
+		}
+	});
 }