@pellux/goodvibes-tui 0.19.32 → 0.19.34

package/src/runtime/cloudflare-control-plane.ts

@@ -0,0 +1,328 @@
+import { join } from 'node:path';
+import { getOrCreateCompanionToken } from '@pellux/goodvibes-sdk/platform/pairing/companion-token';
+import type { ConfigManager } from '../config/index.ts';
+
+export const CLOUDFLARE_COMPONENT_IDS = [
+  'workers',
+  'queues',
+  'zeroTrustTunnel',
+  'zeroTrustAccess',
+  'dns',
+  'kv',
+  'durableObjects',
+  'secretsStore',
+  'r2',
+] as const;
+
+export type CloudflareComponent = typeof CLOUDFLARE_COMPONENT_IDS[number];
+export type CloudflareComponentSelection = Partial<Record<CloudflareComponent, boolean>>;
+export type CloudflareBatchMode = 'off' | 'explicit' | 'eligible-by-default';
+
+export const DEFAULT_CLOUDFLARE_COMPONENT_SELECTION: Readonly<Record<CloudflareComponent, boolean>> = {
+  workers: true,
+  queues: true,
+  zeroTrustTunnel: false,
+  zeroTrustAccess: false,
+  dns: false,
+  kv: false,
+  durableObjects: false,
+  secretsStore: false,
+  r2: false,
+};
+
+export const CLOUDFLARE_COMPONENT_LABELS: Readonly<Record<CloudflareComponent, string>> = {
+  workers: 'Workers',
+  queues: 'Queues',
+  zeroTrustTunnel: 'Zero Trust Tunnel',
+  zeroTrustAccess: 'Zero Trust Access',
+  dns: 'DNS hostname',
+  kv: 'KV',
+  durableObjects: 'Durable Objects',
+  secretsStore: 'Secrets Store',
+  r2: 'R2 artifacts',
+};
+
+export interface CloudflareProvisionStep {
+  readonly name: string;
+  readonly status: 'ok' | 'skipped' | 'warning';
+  readonly message?: string;
+  readonly resourceId?: string;
+}
+
+export interface CloudflareControlPlaneStatus {
+  readonly enabled: boolean;
+  readonly ready: boolean;
+  readonly configured: Record<string, boolean>;
+  readonly config: Record<string, unknown>;
+  readonly warnings: readonly string[];
+}
+
+export interface CloudflareTokenRequirement {
+  readonly component: CloudflareComponent | 'bootstrap';
+  readonly scope: 'account' | 'zone' | 'user' | 'r2';
+  readonly permission: string;
+  readonly alternatives?: readonly string[];
+  readonly reason: string;
+}
+
+export interface CloudflareTokenRequirementsResult {
+  readonly ok: true;
+  readonly components: Readonly<Record<CloudflareComponent, boolean>>;
+  readonly permissions: readonly CloudflareTokenRequirement[];
+  readonly bootstrapToken: {
+    readonly requiredForSdkCreation: boolean;
+    readonly storeInGoodVibes: false;
+    readonly instructions: readonly string[];
+  };
+}
+
+export interface CloudflareValidateResult {
+  readonly ok: boolean;
+  readonly account?: {
+    readonly id: string;
+    readonly name: string;
+    readonly type?: string;
+  };
+  readonly tokenSource: string;
+}
+
+export interface CloudflareOperationalTokenResult {
+  readonly ok: true;
+  readonly tokenId?: string;
+  readonly tokenName: string;
+  readonly tokenSource: 'bootstrap';
+  readonly apiTokenRef?: string;
+  readonly generatedToken?: string;
+  readonly accountId: string;
+  readonly zoneId?: string;
+  readonly permissions: readonly CloudflareTokenRequirement[];
+}
+
+export interface CloudflareDiscoverResult {
+  readonly ok: true;
+  readonly tokenSource: string;
+  readonly accounts: ReadonlyArray<{ readonly id: string; readonly name: string; readonly type?: string }>;
+  readonly selectedAccount?: { readonly id: string; readonly name: string; readonly type?: string };
+  readonly zones: ReadonlyArray<{ readonly id: string; readonly name: string; readonly status?: string; readonly type?: string }>;
+  readonly selectedZone?: { readonly id: string; readonly name: string; readonly status?: string; readonly type?: string };
+  readonly workerSubdomain?: string;
+  readonly queues?: ReadonlyArray<{ readonly queue_id?: string; readonly queue_name?: string }>;
+  readonly kvNamespaces?: ReadonlyArray<{ readonly id?: string; readonly title?: string }>;
+  readonly durableObjectNamespaces?: ReadonlyArray<{ readonly id?: string; readonly name?: string; readonly class?: string }>;
+  readonly r2Buckets?: ReadonlyArray<{ readonly name?: string; readonly storage_class?: string }>;
+  readonly secretsStores?: ReadonlyArray<{ readonly id: string; readonly name: string }>;
+  readonly tunnels?: ReadonlyArray<{ readonly id?: string; readonly name?: string; readonly status?: string }>;
+  readonly accessApplications?: ReadonlyArray<{ readonly id?: string; readonly name?: string; readonly domain?: string; readonly type?: string }>;
+  readonly warnings: readonly string[];
+}
+
+export interface CloudflareProvisionResult {
+  readonly ok: boolean;
+  readonly dryRun: false;
+  readonly steps: readonly CloudflareProvisionStep[];
+  readonly account?: { readonly id: string; readonly name: string };
+  readonly worker?: { readonly name: string; readonly baseUrl?: string; readonly subdomain?: string; readonly hostname?: string; readonly cron?: string };
+  readonly queues?: { readonly queueName: string; readonly queueId: string; readonly deadLetterQueueName: string; readonly deadLetterQueueId: string; readonly consumerId?: string };
+  readonly verification?: CloudflareVerifyResult;
+}
+
+export interface CloudflareVerifyResult {
+  readonly ok: boolean;
+  readonly workerHealth: {
+    readonly ok: boolean;
+    readonly status: number;
+    readonly error?: string;
+  };
+  readonly daemonBatchProxy?: {
+    readonly ok: boolean;
+    readonly status: number;
+    readonly error?: string;
+  };
+}
+
+export interface CloudflareDisableResult {
+  readonly ok: boolean;
+  readonly steps: readonly CloudflareProvisionStep[];
+}
+
+export interface CloudflareTokenRequirementsRequest {
+  readonly components?: CloudflareComponentSelection;
+  readonly includeBootstrap?: boolean;
+}
+
+export interface CloudflareOperationalTokenRequest extends CloudflareTokenRequirementsRequest {
+  readonly accountId?: string;
+  readonly zoneId?: string;
+  readonly zoneName?: string;
+  readonly bootstrapToken?: string;
+  readonly tokenName?: string;
+  readonly expiresOn?: string;
+  readonly persistConfig?: boolean;
+  readonly storeApiToken?: boolean;
+  readonly returnGeneratedToken?: boolean;
+}
+
+export interface CloudflareValidateRequest {
+  readonly accountId?: string;
+  readonly apiToken?: string;
+  readonly apiTokenRef?: string;
+}
+
+export interface CloudflareDiscoverRequest extends CloudflareValidateRequest {
+  readonly components?: CloudflareComponentSelection;
+  readonly zoneId?: string;
+  readonly zoneName?: string;
+  readonly includeResources?: boolean;
+}
+
+export interface CloudflareProvisionRequest extends CloudflareDiscoverRequest {
+  readonly workerName?: string;
+  readonly workerSubdomain?: string;
+  readonly workerHostname?: string;
+  readonly workerBaseUrl?: string;
+  readonly daemonBaseUrl?: string;
+  readonly daemonHostname?: string;
+  readonly queueName?: string;
+  readonly deadLetterQueueName?: string;
+  readonly tunnelName?: string;
+  readonly tunnelId?: string;
+  readonly tunnelServiceUrl?: string;
+  readonly kvNamespaceName?: string;
+  readonly kvNamespaceId?: string;
+  readonly durableObjectNamespaceName?: string;
+  readonly durableObjectNamespaceId?: string;
+  readonly r2BucketName?: string;
+  readonly secretsStoreName?: string;
+  readonly secretsStoreId?: string;
+  readonly workerCron?: string;
+  readonly operatorToken?: string;
+  readonly operatorTokenRef?: string;
+  readonly workerClientToken?: string;
+  readonly workerClientTokenRef?: string;
+  readonly storeApiToken?: boolean;
+  readonly storeOperatorToken?: boolean;
+  readonly storeWorkerClientToken?: boolean;
+  readonly returnGeneratedSecrets?: boolean;
+  readonly enableWorkersDev?: boolean;
+  readonly queueJobPayloads?: boolean;
+  readonly verify?: boolean;
+  readonly persistConfig?: boolean;
+  readonly batchMode?: CloudflareBatchMode;
+}
+
+export interface CloudflareVerifyRequest {
+  readonly workerBaseUrl?: string;
+  readonly workerClientToken?: string;
+  readonly workerClientTokenRef?: string;
+}
+
+export interface CloudflareDisableRequest extends CloudflareValidateRequest {
+  readonly workerName?: string;
+  readonly disableWorkerSubdomain?: boolean;
+  readonly disableCron?: boolean;
+  readonly persistConfig?: boolean;
+}
+
+export class CloudflareDaemonRouteError extends Error {
+  readonly status: number;
+  readonly code: string;
+
+  constructor(message: string, status: number, code: string) {
+    super(message);
+    this.name = 'CloudflareDaemonRouteError';
+    this.status = status;
+    this.code = code;
+  }
+}
+
+export interface CloudflareDaemonClient {
+  status(): Promise<CloudflareControlPlaneStatus>;
+  tokenRequirements(input?: CloudflareTokenRequirementsRequest): Promise<CloudflareTokenRequirementsResult>;
+  createOperationalToken(input: CloudflareOperationalTokenRequest): Promise<CloudflareOperationalTokenResult>;
+  discover(input?: CloudflareDiscoverRequest): Promise<CloudflareDiscoverResult>;
+  validate(input?: CloudflareValidateRequest): Promise<CloudflareValidateResult>;
+  provision(input: CloudflareProvisionRequest): Promise<CloudflareProvisionResult>;
+  verify(input?: CloudflareVerifyRequest): Promise<CloudflareVerifyResult>;
+  disable(input?: CloudflareDisableRequest): Promise<CloudflareDisableResult>;
+}
+
+export interface CloudflareDaemonClientOptions {
+  readonly configManager: Pick<ConfigManager, 'get'>;
+  readonly homeDirectory: string;
+}
+
+function connectHostForBindHost(host: string): string {
+  if (host === '0.0.0.0' || host === '::' || host.trim().length === 0) return '127.0.0.1';
+  return host;
+}
+
+function hostForUrl(host: string): string {
+  return host.includes(':') && !host.startsWith('[') ? `[${host}]` : host;
+}
+
+export function resolveCloudflareDaemonBaseUrl(configManager: Pick<ConfigManager, 'get'>): string {
+  const configuredBaseUrl = String(configManager.get('controlPlane.baseUrl' as never) ?? '').trim();
+  if (configuredBaseUrl) return configuredBaseUrl.replace(/\/+$/, '');
+  const host = hostForUrl(connectHostForBindHost(String(configManager.get('controlPlane.host' as never) ?? '127.0.0.1')));
+  const portValue = Number(configManager.get('controlPlane.port' as never) ?? 3421);
+  const port = Number.isFinite(portValue) && portValue > 0 ? portValue : 3421;
+  return `http://${host}:${port}`;
+}
+
+export function buildDefaultCloudflareDaemonBaseUrl(configManager: Pick<ConfigManager, 'get'>): string {
+  return resolveCloudflareDaemonBaseUrl(configManager);
+}
+
+function readDaemonToken(homeDirectory: string): string {
+  const daemonHomeDir = join(homeDirectory, '.goodvibes', 'daemon');
+  return getOrCreateCompanionToken('tui', { daemonHomeDir }).token;
+}
+
+async function readJsonResponse<T>(response: Response): Promise<T> {
+  const text = await response.text();
+  const body = text.trim().length > 0 ? JSON.parse(text) as unknown : {};
+  if (!response.ok) {
+    const record = body && typeof body === 'object' ? body as Record<string, unknown> : {};
+    const message = typeof record.error === 'string' ? record.error : `Cloudflare daemon route failed with HTTP ${response.status}`;
+    const code = typeof record.code === 'string' ? record.code : 'CLOUDFLARE_DAEMON_ROUTE_ERROR';
+    throw new CloudflareDaemonRouteError(message, response.status, code);
+  }
+  return body as T;
+}
+
+export function createCloudflareDaemonClient(options: CloudflareDaemonClientOptions): CloudflareDaemonClient {
+  const baseUrl = resolveCloudflareDaemonBaseUrl(options.configManager);
+  const token = readDaemonToken(options.homeDirectory);
+
+  const requestJson = async <T>(path: string, init: RequestInit = {}): Promise<T> => {
+    const headers = new Headers(init.headers);
+    headers.set('Authorization', `Bearer ${token}`);
+    if (init.body !== undefined) headers.set('Content-Type', 'application/json');
+    const response = await fetch(`${baseUrl}${path}`, { ...init, headers });
+    return await readJsonResponse<T>(response);
+  };
+
+  const postJson = <T>(path: string, body: unknown): Promise<T> => requestJson<T>(path, {
+    method: 'POST',
+    body: JSON.stringify(body ?? {}),
+  });
+
+  return {
+    status: () => requestJson<CloudflareControlPlaneStatus>('/api/cloudflare/status'),
+    tokenRequirements: (input = {}) => postJson<CloudflareTokenRequirementsResult>('/api/cloudflare/token/requirements', input),
+    createOperationalToken: (input) => postJson<CloudflareOperationalTokenResult>('/api/cloudflare/token/create', input),
+    discover: (input = {}) => postJson<CloudflareDiscoverResult>('/api/cloudflare/discover', input),
+    validate: (input = {}) => postJson<CloudflareValidateResult>('/api/cloudflare/validate', input),
+    provision: (input) => postJson<CloudflareProvisionResult>('/api/cloudflare/provision', input),
+    verify: (input = {}) => postJson<CloudflareVerifyResult>('/api/cloudflare/verify', input),
+    disable: (input = {}) => postJson<CloudflareDisableResult>('/api/cloudflare/disable', input),
+  };
+}
+
+export function normalizeCloudflareComponents(selection: CloudflareComponentSelection | undefined): Record<CloudflareComponent, boolean> {
+  const result: Record<CloudflareComponent, boolean> = { ...DEFAULT_CLOUDFLARE_COMPONENT_SELECTION };
+  for (const component of CLOUDFLARE_COMPONENT_IDS) {
+    if (typeof selection?.[component] === 'boolean') result[component] = selection[component] === true;
+  }
+  return result;
+}

package/src/runtime/onboarding/derivation.ts

@@ -238,6 +238,15 @@ function hasExternalIntegrations(snapshot: OnboardingSnapshotState): boolean {
     || countConfiguredSurfaceKinds(snapshot) > 0;
 }
 
+function hasCloudflareBatch(snapshot: OnboardingSnapshotState): boolean {
+  return snapshot.config.cloudflare.enabled
+    || snapshot.config.batch.queueBackend === 'cloudflare'
+    || snapshot.config.batch.mode !== 'off'
+    || snapshot.config.cloudflare.accountId.trim().length > 0
+    || snapshot.config.cloudflare.apiTokenRef.trim().length > 0
+    || snapshot.config.cloudflare.workerBaseUrl.trim().length > 0;
+}
+
 function describeLocalTuiOnly(snapshot: OnboardingSnapshotState): string {
   if (!hasAnyServerEnabled(snapshot)) {
     return 'Use GoodVibes only in this terminal. No browser access, background service, HTTP listener, external app surface, or network setup.';
@@ -278,6 +287,14 @@ function describeExternalIntegrations(snapshot: OnboardingSnapshotState): string
   return `Review and configure ${integrationCount} detected external app, service, or surface integration signal(s).`;
 }
 
+function describeCloudflareBatch(snapshot: OnboardingSnapshotState): string {
+  if (hasCloudflareBatch(snapshot)) {
+    return 'Review Cloudflare Workers/Queues batch processing, token storage, and optional remote daemon provisioning settings.';
+  }
+
+  return 'Optionally configure Cloudflare Workers and Queues for explicit or eligible background batch jobs. Immediate local daemon behavior stays the default unless enabled.';
+}
+
 function getAcknowledgementAccepted(
   snapshot: OnboardingSnapshotState,
   target: OnboardingAcknowledgementTarget,
@@ -346,6 +363,12 @@ export function deriveStep1Capabilities(
       selected: hasExternalIntegrations(snapshot),
       detail: describeExternalIntegrations(snapshot),
     },
+    {
+      id: 'cloudflare-batch',
+      label: 'Use Cloudflare for batch or remote daemon work',
+      selected: hasCloudflareBatch(snapshot),
+      detail: describeCloudflareBatch(snapshot),
+    },
   ];
 }
 
@@ -360,6 +383,7 @@ export function deriveStep1CapabilityFlags(
   readonly httpListener: boolean;
   readonly web: boolean;
   readonly surfaces: boolean;
+  readonly cloudflare: boolean;
 } {
   return {
     providers: hasConfiguredProviderState(snapshot) || hasCustomizedProviderRouting(snapshot),
@@ -372,6 +396,7 @@ export function deriveStep1CapabilityFlags(
     httpListener: snapshot.bindSettings.httpListenerEnabled,
     web: snapshot.bindSettings.web.enabled,
     surfaces: countConfiguredSurfaceKinds(snapshot) > 0,
+    cloudflare: hasCloudflareBatch(snapshot),
   };
 }
 

package/src/runtime/onboarding/snapshot.ts

@@ -41,6 +41,8 @@ function buildConfigSnapshot(
     surfaces: config.getCategory('surfaces'),
     service: config.getCategory('service'),
     featureFlags: config.getCategory('featureFlags'),
+    batch: config.getCategory('batch'),
+    cloudflare: config.getCategory('cloudflare'),
   };
 }
 

package/src/runtime/onboarding/types.ts

@@ -47,6 +47,8 @@ export interface OnboardingConfigSnapshot {
   readonly surfaces: GoodVibesConfig['surfaces'];
   readonly service: GoodVibesConfig['service'];
   readonly featureFlags: GoodVibesConfig['featureFlags'];
+  readonly batch: GoodVibesConfig['batch'];
+  readonly cloudflare: GoodVibesConfig['cloudflare'];
 }
 
 export interface OnboardingProviderRoutingSnapshot {
@@ -196,7 +198,8 @@ export type OnboardingStep1CapabilityId =
   | 'browser-access'
   | 'network-access'
   | 'webhook-events'
-  | 'external-integrations';
+  | 'external-integrations'
+  | 'cloudflare-batch';
 
 export interface OnboardingStep1CapabilityItem {
   readonly id: OnboardingStep1CapabilityId;
@@ -214,6 +217,7 @@ export interface OnboardingStep1CapabilityFlags {
   readonly httpListener: boolean;
   readonly web: boolean;
   readonly surfaces: boolean;
+  readonly cloudflare: boolean;
 }
 
 export interface OnboardingAcknowledgementState {

package/src/shell/ui-openers.ts

@@ -111,6 +111,22 @@ export function wireShellUiOpeners(options: WireShellUiOpenersOptions): void {
     return new Set(results.filter((v): v is string => v !== null));
   }
 
+  const getCurrentModelForPickerTarget = (): string => {
+    const target = input.modelPicker.target;
+    if (target === 'helper') return String(configManager.get('helper.globalModel') || runtime.model);
+    if (target === 'tool') return String(configManager.get('tools.llmModel') || runtime.model);
+    if (target === 'tts') return String(configManager.get('tts.llmModel') || runtime.model);
+    return runtime.model;
+  };
+
+  const getCurrentProviderForPickerTarget = (): string => {
+    const target = input.modelPicker.target;
+    if (target === 'helper') return String(configManager.get('helper.globalProvider') || runtime.provider);
+    if (target === 'tool') return String(configManager.get('tools.llmProvider') || runtime.provider);
+    if (target === 'tts') return String(configManager.get('tts.llmProvider') || runtime.provider);
+    return runtime.provider;
+  };
+
   commandContext.openModelPicker = () => {
     void (async () => {
       const models = providerRegistry.getSelectableModels();
@@ -124,7 +140,7 @@ export function wireShellUiOpeners(options: WireShellUiOpenersOptions): void {
       });
       void input.modelPicker.loadRecentModels().catch(() => {}); // best-effort: prefetch for UI, failure is non-visible
       input.modalOpened('modelPicker');
-      input.modelPicker.openAllModels(models, runtime.model);
+      input.modelPicker.openAllModels(models, getCurrentModelForPickerTarget());
       render();
     })().catch((error: unknown) => {
       commandContext.print?.(`Model picker failed to open: ${error instanceof Error ? error.message : String(error)}`);
@@ -132,6 +148,9 @@ export function wireShellUiOpeners(options: WireShellUiOpenersOptions): void {
     });
   };
 
+  commandContext.openModelPickerWithTarget = (target) => input.openModelPickerWithTarget(target);
+  commandContext.openProviderModelPickerWithTarget = (target) => input.openProviderModelPickerWithTarget(target);
+
   commandContext.openProviderPicker = () => {
     void (async () => {
       const providers = [...new Set(providerRegistry.listModels().map((model) => model.provider))];
@@ -140,7 +159,7 @@ export function wireShellUiOpeners(options: WireShellUiOpenersOptions): void {
       const secretProviderIds = await resolveSecretProviderIds();
       input.modelPicker.configuredViaMap = buildConfiguredViaMap(providers, configuredIds, subscriptionManager, secretProviderIds);
       input.modalOpened('modelPicker');
-      input.modelPicker.openProviders(providers, runtime.provider);
+      input.modelPicker.openProviders(providers, getCurrentProviderForPickerTarget());
       render();
     })().catch((error: unknown) => {
       commandContext.print?.(`Provider picker failed to open: ${error instanceof Error ? error.message : String(error)}`);

package/src/version.ts

@@ -6,7 +6,7 @@ import { join } from 'node:path';
 // The prebuild script updates the fallback value before compilation.
 // Uses import.meta.dir (Bun) to locate package.json relative to this file,
 // which is correct regardless of the process working directory.
-let _version = '0.19.32';
+let _version = '0.19.34';
 try {
   const pkg = JSON.parse(readFileSync(join(import.meta.dir, '..', 'package.json'), 'utf-8'));
   _version = pkg.version ?? _version;