npm - @pixelbyte-software/pixcode - Versions diffs - 1.30.1 → 1.31.0 - Mend

@pixelbyte-software/pixcode 1.30.1 → 1.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

package/LICENSE +718 -718
package/README.de.md +248 -248
package/README.ja.md +240 -240
package/README.ko.md +240 -240
package/README.md +295 -285
package/README.ru.md +248 -248
package/README.tr.md +250 -250
package/README.zh-CN.md +240 -240
package/dist/api-docs.html +879 -879
package/dist/assets/index-BRRJ47XQ.css +32 -0
package/dist/assets/index-EQohwyiC.js +837 -0
package/dist/clear-cache.html +85 -85
package/dist/convert-icons.md +52 -52
package/dist/favicon.png +0 -0
package/dist/favicon.svg +7 -8
package/dist/generate-icons.js +48 -48
package/dist/icons/codex-white.svg +3 -3
package/dist/icons/codex.svg +3 -3
package/dist/icons/cursor-white.svg +11 -11
package/dist/icons/icon-128x128.png +0 -0
package/dist/icons/icon-128x128.svg +9 -12
package/dist/icons/icon-144x144.png +0 -0
package/dist/icons/icon-144x144.svg +9 -12
package/dist/icons/icon-152x152.png +0 -0
package/dist/icons/icon-152x152.svg +9 -12
package/dist/icons/icon-192x192.png +0 -0
package/dist/icons/icon-192x192.svg +9 -12
package/dist/icons/icon-384x384.png +0 -0
package/dist/icons/icon-384x384.svg +9 -12
package/dist/icons/icon-512x512.png +0 -0
package/dist/icons/icon-512x512.svg +9 -12
package/dist/icons/icon-72x72.png +0 -0
package/dist/icons/icon-72x72.svg +9 -12
package/dist/icons/icon-96x96.png +0 -0
package/dist/icons/icon-96x96.svg +9 -12
package/dist/icons/icon-template.svg +9 -12
package/dist/icons/qwen-ai-icon.png +0 -0
package/dist/index.html +59 -49
package/dist/logo.png +0 -0
package/dist/logo.svg +11 -16
package/dist/manifest.json +60 -60
package/dist/sw.js +124 -124
package/dist-server/server/cli.js +100 -97
package/dist-server/server/cli.js.map +1 -1
package/dist-server/server/daemon/manager.js +33 -33
package/dist-server/server/daemon-manager.js +62 -62
package/dist-server/server/database/db.js +114 -22
package/dist-server/server/database/db.js.map +1 -1
package/dist-server/server/database/schema.js +122 -89
package/dist-server/server/database/schema.js.map +1 -1
package/dist-server/server/gemini-cli.js +6 -1
package/dist-server/server/gemini-cli.js.map +1 -1
package/dist-server/server/index.js +234 -65
package/dist-server/server/index.js.map +1 -1
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js +29 -2
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js +22 -2
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js +2 -2
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js +14 -2
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js +132 -0
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js +87 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js +201 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js +19 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js.map +1 -0
package/dist-server/server/modules/providers/provider.registry.js +2 -0
package/dist-server/server/modules/providers/provider.registry.js.map +1 -1
package/dist-server/server/modules/providers/provider.routes.js +310 -1
package/dist-server/server/modules/providers/provider.routes.js.map +1 -1
package/dist-server/server/projects.js +197 -6
package/dist-server/server/projects.js.map +1 -1
package/dist-server/server/qwen-code-cli.js +350 -0
package/dist-server/server/qwen-code-cli.js.map +1 -0
package/dist-server/server/qwen-response-handler.js +70 -0
package/dist-server/server/qwen-response-handler.js.map +1 -0
package/dist-server/server/routes/commands.js +25 -25
package/dist-server/server/routes/git.js +17 -17
package/dist-server/server/routes/network.js +116 -0
package/dist-server/server/routes/network.js.map +1 -0
package/dist-server/server/routes/projects.js +43 -0
package/dist-server/server/routes/projects.js.map +1 -1
package/dist-server/server/routes/qwen.js +23 -0
package/dist-server/server/routes/qwen.js.map +1 -0
package/dist-server/server/routes/taskmaster.js +419 -419
package/dist-server/server/routes/telegram.js +119 -0
package/dist-server/server/routes/telegram.js.map +1 -0
package/dist-server/server/services/external-access.js +228 -0
package/dist-server/server/services/external-access.js.map +1 -0
package/dist-server/server/services/install-jobs.js +394 -0
package/dist-server/server/services/install-jobs.js.map +1 -0
package/dist-server/server/services/notification-orchestrator.js +19 -5
package/dist-server/server/services/notification-orchestrator.js.map +1 -1
package/dist-server/server/services/provider-credentials.js +154 -0
package/dist-server/server/services/provider-credentials.js.map +1 -0
package/dist-server/server/services/provider-models.js +218 -0
package/dist-server/server/services/provider-models.js.map +1 -0
package/dist-server/server/services/telegram/bot.js +259 -0
package/dist-server/server/services/telegram/bot.js.map +1 -0
package/dist-server/server/services/telegram/translations.js +160 -0
package/dist-server/server/services/telegram/translations.js.map +1 -0
package/dist-server/server/utils/port-access.js +196 -0
package/dist-server/server/utils/port-access.js.map +1 -0
package/dist-server/shared/modelConstants.js +18 -0
package/dist-server/shared/modelConstants.js.map +1 -1
package/package.json +177 -168
package/scripts/fix-node-pty.js +67 -67
package/server/claude-sdk.js +834 -834
package/server/cli.js +940 -937
package/server/constants/config.js +4 -4
package/server/cursor-cli.js +342 -342
package/server/daemon/manager.js +564 -564
package/server/daemon-manager.js +920 -920
package/server/database/db.js +696 -593
package/server/database/schema.js +138 -102
package/server/gemini-cli.js +475 -469
package/server/gemini-response-handler.js +79 -79
package/server/index.js +2730 -2557
package/server/load-env.js +34 -34
package/server/middleware/auth.js +132 -132
package/server/modules/providers/list/claude/claude-auth.provider.ts +145 -123
package/server/modules/providers/list/claude/claude-mcp.provider.ts +135 -135
package/server/modules/providers/list/claude/claude-sessions.provider.ts +306 -306
package/server/modules/providers/list/claude/claude.provider.ts +15 -15
package/server/modules/providers/list/codex/codex-auth.provider.ts +115 -100
package/server/modules/providers/list/codex/codex-mcp.provider.ts +135 -135
package/server/modules/providers/list/codex/codex-sessions.provider.ts +319 -319
package/server/modules/providers/list/codex/codex.provider.ts +15 -15
package/server/modules/providers/list/cursor/cursor-auth.provider.ts +143 -143
package/server/modules/providers/list/cursor/cursor-mcp.provider.ts +108 -108
package/server/modules/providers/list/cursor/cursor-sessions.provider.ts +421 -421
package/server/modules/providers/list/cursor/cursor.provider.ts +15 -15
package/server/modules/providers/list/gemini/gemini-auth.provider.ts +163 -151
package/server/modules/providers/list/gemini/gemini-mcp.provider.ts +110 -110
package/server/modules/providers/list/gemini/gemini-sessions.provider.ts +227 -227
package/server/modules/providers/list/gemini/gemini.provider.ts +15 -15
package/server/modules/providers/list/qwen/qwen-auth.provider.ts +145 -0
package/server/modules/providers/list/qwen/qwen-mcp.provider.ts +114 -0
package/server/modules/providers/list/qwen/qwen-sessions.provider.ts +218 -0
package/server/modules/providers/list/qwen/qwen.provider.ts +21 -0
package/server/modules/providers/provider.registry.ts +38 -36
package/server/modules/providers/provider.routes.ts +583 -217
package/server/modules/providers/services/mcp.service.ts +94 -94
package/server/modules/providers/services/provider-auth.service.ts +26 -26
package/server/modules/providers/services/sessions.service.ts +45 -45
package/server/modules/providers/shared/base/abstract.provider.ts +20 -20
package/server/modules/providers/shared/mcp/mcp.provider.ts +151 -151
package/server/modules/providers/tests/mcp.test.ts +293 -293
package/server/openai-codex.js +426 -426
package/server/projects.js +2993 -2792
package/server/qwen-code-cli.js +392 -0
package/server/qwen-response-handler.js +73 -0
package/server/routes/agent.js +1245 -1245
package/server/routes/auth.js +134 -134
package/server/routes/codex.js +19 -19
package/server/routes/commands.js +554 -554
package/server/routes/cursor.js +52 -52
package/server/routes/gemini.js +24 -24
package/server/routes/git.js +1488 -1488
package/server/routes/mcp-utils.js +31 -31
package/server/routes/messages.js +61 -61
package/server/routes/network.js +128 -0
package/server/routes/plugins.js +307 -307
package/server/routes/projects.js +675 -627
package/server/routes/qwen.js +27 -0
package/server/routes/settings.js +286 -286
package/server/routes/taskmaster.js +1471 -1471
package/server/routes/telegram.js +125 -0
package/server/routes/user.js +123 -123
package/server/services/external-access.js +240 -0
package/server/services/install-jobs.js +410 -0
package/server/services/notification-orchestrator.js +242 -227
package/server/services/provider-credentials.js +151 -0
package/server/services/provider-models.js +225 -0
package/server/services/telegram/bot.js +280 -0
package/server/services/telegram/translations.js +170 -0
package/server/services/vapid-keys.js +35 -35
package/server/sessionManager.js +225 -225
package/server/shared/interfaces.ts +54 -54
package/server/shared/types.ts +172 -172
package/server/shared/utils.ts +193 -193
package/server/tsconfig.json +36 -36
package/server/utils/colors.js +21 -21
package/server/utils/commandParser.js +303 -303
package/server/utils/frontmatter.js +18 -18
package/server/utils/gitConfig.js +34 -34
package/server/utils/mcp-detector.js +147 -147
package/server/utils/plugin-loader.js +457 -457
package/server/utils/plugin-process-manager.js +184 -184
package/server/utils/port-access.js +209 -0
package/server/utils/runtime-paths.js +37 -37
package/server/utils/taskmaster-websocket.js +128 -128
package/server/utils/url-detection.js +71 -71
package/server/vite-daemon.js +78 -78
package/shared/modelConstants.js +117 -97
package/shared/networkHosts.js +22 -22
package/dist/assets/index-C2c9QNwK.css +0 -32
package/dist/assets/index-DyXDZED-.js +0 -1277
package/dist-server/server/routes/cli-auth.js +0 -25
package/dist-server/server/routes/cli-auth.js.map +0 -1
package/server/routes/cli-auth.js +0 -27

package/dist-server/server/index.js CHANGED Viewed

@@ -10,6 +10,15 @@ const __dirname = getModuleDir(import.meta.url);
 // Resolving the app root once keeps every repo-level lookup below aligned across both layouts.
 const APP_ROOT = findAppRoot(__dirname);
 const installMode = fs.existsSync(path.join(APP_ROOT, '.git')) ? 'git' : 'npm';
+const SERVER_VERSION = (() => {
+    try {
+        const pkgRaw = fs.readFileSync(path.join(APP_ROOT, 'package.json'), 'utf8');
+        return JSON.parse(pkgRaw).version || '0.0.0';
+    }
+    catch {
+        return '0.0.0';
+    }
+})();
 const DAEMON_COMMAND_CONTEXT = {
     appRoot: APP_ROOT,
     cliEntry: path.join(APP_ROOT, 'server', 'cli.js'),
@@ -32,6 +41,7 @@ import { queryClaudeSDK, abortClaudeSDKSession, isClaudeSDKSessionActive, getAct
 import { spawnCursor, abortCursorSession, isCursorSessionActive, getActiveCursorSessions } from './cursor-cli.js';
 import { queryCodex, abortCodexSession, isCodexSessionActive, getActiveCodexSessions } from './openai-codex.js';
 import { spawnGemini, abortGeminiSession, isGeminiSessionActive, getActiveGeminiSessions } from './gemini-cli.js';
+import { spawnQwen, abortQwenSession, isQwenSessionActive, getActiveQwenSessions } from './qwen-code-cli.js';
 import sessionManager from './sessionManager.js';
 import gitRoutes from './routes/git.js';
 import authRoutes from './routes/auth.js';
@@ -42,13 +52,19 @@ import commandsRoutes from './routes/commands.js';
 import settingsRoutes from './routes/settings.js';
 import agentRoutes from './routes/agent.js';
 import projectsRoutes, { WORKSPACES_ROOT, WORKSPACES_BASE, validateWorkspacePath, normalizeWorkspacePath, } from './routes/projects.js';
-import cliAuthRoutes from './routes/cli-auth.js';
 import userRoutes from './routes/user.js';
 import codexRoutes from './routes/codex.js';
 import geminiRoutes from './routes/gemini.js';
+import qwenRoutes from './routes/qwen.js';
 import pluginsRoutes from './routes/plugins.js';
 import messagesRoutes from './routes/messages.js';
 import providerRoutes from './modules/providers/provider.routes.js';
+import networkRoutes from './routes/network.js';
+import telegramRoutes from './routes/telegram.js';
+import { restoreBotFromConfig } from './services/telegram/bot.js';
+import { ensurePortOpen } from './utils/port-access.js';
+import { applyAllStoredCredentialsToEnv, applyProviderCredentialsToEnv, listProviderCredentialSummaries, PROVIDER_ENV_VARS, setProviderCredentials, } from './services/provider-credentials.js';
+import { primeCliBinPath } from './services/install-jobs.js';
 import { startEnabledPluginServers, stopAllPlugins, getPluginPort } from './utils/plugin-process-manager.js';
 import { initializeDatabase, sessionNamesDb, applyCustomSessionNames } from './database/db.js';
 import { configureWebPush } from './services/vapid-keys.js';
@@ -56,7 +72,7 @@ import { validateApiKey, authenticateToken, authenticateWebSocket } from './midd
 import { IS_PLATFORM } from './constants/config.js';
 import { getConnectableHost } from '../shared/networkHosts.js';
 import { buildDaemonCliCommand, handleDaemonCommand } from './daemon-manager.js';
-const VALID_PROVIDERS = ['claude', 'codex', 'cursor', 'gemini'];
+const VALID_PROVIDERS = ['claude', 'codex', 'cursor', 'gemini', 'qwen'];
 // File system watchers for provider project/session folders
 const PROVIDER_WATCH_PATHS = [
     { provider: 'claude', rootPath: path.join(os.homedir(), '.claude', 'projects') },
@@ -65,6 +81,10 @@ const PROVIDER_WATCH_PATHS = [
     { provider: 'gemini', rootPath: path.join(os.homedir(), '.gemini', 'projects') },
     { provider: 'gemini_sessions', rootPath: path.join(os.homedir(), '.gemini', 'sessions') },
     { provider: 'gemini_cli', rootPath: path.join(os.homedir(), '.gemini', 'tmp') },
+    // Qwen Code is a Gemini-CLI fork so its on-disk layout mirrors ~/.gemini/.
+    { provider: 'qwen', rootPath: path.join(os.homedir(), '.qwen', 'projects') },
+    { provider: 'qwen_sessions', rootPath: path.join(os.homedir(), '.qwen', 'sessions') },
+    { provider: 'qwen_cli', rootPath: path.join(os.homedir(), '.qwen', 'tmp') },
 ];
 const WATCHER_IGNORED_PATTERNS = [
     '**/node_modules/**',
@@ -244,7 +264,8 @@ app.get('/health', (req, res) => {
     res.json({
         status: 'ok',
         timestamp: new Date().toISOString(),
-        installMode
+        installMode,
+        version: SERVER_VERSION
     });
 });
 // Optional API key validation (if configured)
@@ -271,12 +292,18 @@ app.use('/api/user', authenticateToken, userRoutes);
 app.use('/api/codex', authenticateToken, codexRoutes);
 // Gemini API Routes (protected)
 app.use('/api/gemini', authenticateToken, geminiRoutes);
+// Qwen Code API Routes (protected)
+app.use('/api/qwen', authenticateToken, qwenRoutes);
 // Plugins API Routes (protected)
 app.use('/api/plugins', authenticateToken, pluginsRoutes);
 // Unified session messages route (protected)
 app.use('/api/sessions', authenticateToken, messagesRoutes);
 // Unified provider MCP routes (protected)
 app.use('/api/providers', authenticateToken, providerRoutes);
+// Network discovery / QR endpoints (protected)
+app.use('/api/network', authenticateToken, networkRoutes);
+// Telegram integration (protected)
+app.use('/api/telegram', authenticateToken, telegramRoutes);
 // Agent API Routes (uses API key authentication)
 app.use('/api/agent', agentRoutes);
 // Serve public files (like api-docs.html)
@@ -300,70 +327,122 @@ app.use(express.static(path.join(APP_ROOT, 'dist'), {
 // API Routes (protected)
 // /api/config endpoint removed - no longer needed
 // Frontend now uses window.location for WebSocket URLs
-// System update endpoint
+// System update endpoint — streams live output via Server-Sent Events so the
+// UI sees npm/git progress in real time instead of waiting ~2 minutes for the
+// buffered response.
 app.post('/api/system/update', authenticateToken, async (req, res) => {
-    try {
-        // Get the project root directory (parent of server directory)
-        const projectRoot = APP_ROOT;
-        console.log('Starting system update from directory:', projectRoot);
-        // Platform deployments use their own update workflow from the project root.
-        const updateCommand = IS_PLATFORM
-            // In platform, husky and dev dependencies are not needed
-            ? 'npm run update:platform'
-            : installMode === 'git'
-                ? 'git checkout main && git pull && npm install'
-                : 'npm install -g @pixelbyte-software/pixcode@latest';
-        const updateCwd = IS_PLATFORM || installMode === 'git'
-            ? projectRoot
-            : os.homedir();
-        const child = spawn('sh', ['-c', updateCommand], {
-            cwd: updateCwd,
-            env: process.env
-        });
-        let output = '';
-        let errorOutput = '';
-        child.stdout.on('data', (data) => {
-            const text = data.toString();
-            output += text;
-            console.log('Update output:', text);
-        });
-        child.stderr.on('data', (data) => {
-            const text = data.toString();
-            errorOutput += text;
-            console.error('Update error:', text);
-        });
-        child.on('close', (code) => {
-            if (code === 0) {
-                res.json({
-                    success: true,
-                    output: output || 'Update completed successfully',
-                    message: 'Update completed. Please restart the server to apply changes.'
-                });
-            }
-            else {
-                res.status(500).json({
-                    success: false,
-                    error: 'Update command failed',
-                    output: output,
-                    errorOutput: errorOutput
-                });
+    const projectRoot = APP_ROOT;
+    console.log('Starting system update from directory:', projectRoot);
+    const updateCommand = IS_PLATFORM
+        ? 'npm run update:platform'
+        : installMode === 'git'
+            ? 'git checkout main && git pull && npm install'
+            : 'npm install -g @pixelbyte-software/pixcode@latest';
+    const updateCwd = IS_PLATFORM || installMode === 'git'
+        ? projectRoot
+        : os.homedir();
+    res.setHeader('Content-Type', 'text/event-stream');
+    res.setHeader('Cache-Control', 'no-cache, no-transform');
+    res.setHeader('Connection', 'keep-alive');
+    res.setHeader('X-Accel-Buffering', 'no');
+    if (typeof res.flushHeaders === 'function') {
+        res.flushHeaders();
+    }
+    // Single-source end guard. When spawn() fails with ENOENT both the
+    // 'error' and 'close' handlers can fire on the child, and before this
+    // guard both would try to write a `done` event + call res.end(), which
+    // crashed the process with ERR_HTTP_HEADERS_SENT.
+    let ended = false;
+    const endStream = () => {
+        if (ended)
+            return;
+        ended = true;
+        clearInterval(heartbeat);
+        res.end();
+    };
+    const send = (event, payload) => {
+        if (ended)
+            return;
+        res.write(`event: ${event}\n`);
+        res.write(`data: ${JSON.stringify(payload)}\n\n`);
+    };
+    // Heartbeat keeps intermediate proxies from closing an idle connection
+    // during long npm installs. Declared before spawn so the handlers below
+    // can reference it, and guarded against writes after end.
+    const heartbeat = setInterval(() => {
+        if (ended)
+            return;
+        res.write(': ping\n\n');
+    }, 15000);
+    send('log', { stream: 'meta', chunk: `Running: ${updateCommand}\n` });
+    // Cross-platform shell invocation. Using { shell: true } delegates to
+    // cmd.exe on Windows and /bin/sh on POSIX, so the endpoint no longer
+    // fails with `spawn sh ENOENT` on Windows installs.
+    const child = spawn(updateCommand, {
+        cwd: updateCwd,
+        env: process.env,
+        shell: true,
+    });
+    let clientAborted = false;
+    req.on('close', () => {
+        if (!res.writableEnded) {
+            clientAborted = true;
+            try {
+                child.kill();
             }
-        });
-        child.on('error', (error) => {
-            console.error('Update process error:', error);
-            res.status(500).json({
+            catch { /* noop */ }
+        }
+    });
+    child.stdout?.on('data', (data) => {
+        send('log', { stream: 'stdout', chunk: data.toString() });
+    });
+    child.stderr?.on('data', (data) => {
+        send('log', { stream: 'stderr', chunk: data.toString() });
+    });
+    child.on('error', (error) => {
+        if (ended)
+            return;
+        console.error('Update process error:', error);
+        send('done', { success: false, error: error.message });
+        endStream();
+    });
+    child.on('close', (code) => {
+        if (ended)
+            return;
+        if (clientAborted) {
+            endStream();
+            return;
+        }
+        if (code === 0) {
+            send('done', {
+                success: true,
+                version: SERVER_VERSION,
+                message: 'Update completed. Restart the server to apply changes.',
+            });
+        }
+        else {
+            send('done', {
                 success: false,
-                error: error.message
+                error: `Update command exited with code ${code}`,
             });
-        });
-    }
-    catch (error) {
-        console.error('System update error:', error);
-        res.status(500).json({
-            success: false,
-            error: error.message
-        });
-    }
+        }
+        endStream();
+    });
+});
+// Restart endpoint — exits the current process so an external wrapper
+// (systemd/pm2/daemon manager) can bring the server back on the new code.
+// Foreground installs without a wrapper will simply stop; the UI reports this.
+app.post('/api/system/restart', authenticateToken, (req, res) => {
+    res.json({
+        success: true,
+        version: SERVER_VERSION,
+        message: 'Server is shutting down for restart. Reconnecting...'
+    });
+    // Give the response time to flush before we exit.
+    setTimeout(() => {
+        console.log('Restart requested via /api/system/restart — exiting process.');
+        process.exit(0);
+    }, 250);
 });
 app.get('/api/projects', authenticateToken, async (req, res) => {
     try {
@@ -1318,6 +1397,13 @@ function handleChatConnection(ws, request) {
                 console.log('🤖 Model:', data.options?.model || 'default');
                 await spawnGemini(data.command, data.options, writer);
             }
+            else if (data.type === 'qwen-command') {
+                console.log('[DEBUG] Qwen Code message:', data.command || '[Continue/Resume]');
+                console.log('📁 Project:', data.options?.projectPath || data.options?.cwd || 'Unknown');
+                console.log('🔄 Session:', data.options?.sessionId ? 'Resume' : 'New');
+                console.log('🤖 Model:', data.options?.model || 'default');
+                await spawnQwen(data.command, data.options, writer);
+            }
             else if (data.type === 'cursor-resume') {
                 // Backward compatibility: treat as cursor-command with resume and no prompt
                 console.log('[DEBUG] Cursor resume session (compat):', data.sessionId);
@@ -1340,6 +1426,9 @@ function handleChatConnection(ws, request) {
                 else if (provider === 'gemini') {
                     success = abortGeminiSession(data.sessionId);
                 }
+                else if (provider === 'qwen') {
+                    success = abortQwenSession(data.sessionId);
+                }
                 else {
                     // Use Claude Agents SDK
                     success = await abortClaudeSDKSession(data.sessionId);
@@ -1378,6 +1467,9 @@ function handleChatConnection(ws, request) {
                 else if (provider === 'gemini') {
                     isActive = isGeminiSessionActive(sessionId);
                 }
+                else if (provider === 'qwen') {
+                    isActive = isQwenSessionActive(sessionId);
+                }
                 else {
                     // Use Claude Agents SDK
                     isActive = isClaudeSDKSessionActive(sessionId);
@@ -1412,7 +1504,8 @@ function handleChatConnection(ws, request) {
                     claude: getActiveClaudeSDKSessions(),
                     cursor: getActiveCursorSessions(),
                     codex: getActiveCodexSessions(),
-                    gemini: getActiveGeminiSessions()
+                    gemini: getActiveGeminiSessions(),
+                    qwen: getActiveQwenSessions()
                 };
                 writer.send({
                     type: 'active-sessions',
@@ -1508,7 +1601,11 @@ function handleShellConnection(ws) {
                     welcomeMsg = `\x1b[36mStarting terminal in: ${projectPath}\x1b[0m\r\n`;
                 }
                 else {
-                    const providerName = provider === 'cursor' ? 'Cursor' : (provider === 'codex' ? 'Codex' : (provider === 'gemini' ? 'Gemini' : 'Claude'));
+                    const providerName = provider === 'cursor' ? 'Cursor'
+                        : provider === 'codex' ? 'Codex'
+                            : provider === 'gemini' ? 'Gemini'
+                                : provider === 'qwen' ? 'Qwen Code'
+                                    : 'Claude';
                     welcomeMsg = hasSession ?
                         `\x1b[36mResuming ${providerName} session ${sessionId} in: ${projectPath}\x1b[0m\r\n` :
                         `\x1b[36mStarting new ${providerName} session in: ${projectPath}\x1b[0m\r\n`;
@@ -1593,6 +1690,33 @@ function handleShellConnection(ws) {
                             shellCommand = command;
                         }
                     }
+                    else if (provider === 'qwen') {
+                        // Qwen Code shares Gemini CLI's --resume semantics (it's a fork),
+                        // so the resume path resolves the backend-tracked cliSessionId the
+                        // same way. Falls back to a fresh session when the ID can't be found.
+                        const command = initialCommand || 'qwen';
+                        let resumeId = sessionId;
+                        if (hasSession && sessionId) {
+                            try {
+                                const sess = sessionManager.getSession(sessionId);
+                                if (sess && sess.cliSessionId) {
+                                    resumeId = sess.cliSessionId;
+                                    if (!safeSessionIdPattern.test(resumeId)) {
+                                        resumeId = null;
+                                    }
+                                }
+                            }
+                            catch (err) {
+                                console.error('Failed to get Qwen Code CLI session ID:', err);
+                            }
+                        }
+                        if (hasSession && resumeId) {
+                            shellCommand = `${command} --resume "${resumeId}"`;
+                        }
+                        else {
+                            shellCommand = command;
+                        }
+                    }
                     else {
                         // Claude (default provider)
                         const command = initialCommand || 'claude';
@@ -1870,6 +1994,17 @@ app.get('/api/projects/:projectName/sessions/:sessionId/token-usage', authentica
                 message: 'Token usage tracking not available for Gemini sessions'
             });
         }
+        // Qwen Code is a Gemini CLI fork and doesn't expose per-session token
+        // accounting either; treat it the same way.
+        if (provider === 'qwen') {
+            return res.json({
+                used: 0,
+                total: 0,
+                breakdown: { input: 0, cacheCreation: 0, cacheRead: 0 },
+                unsupported: true,
+                message: 'Token usage tracking not available for Qwen Code sessions'
+            });
+        }
         // Handle Codex sessions
         if (provider === 'codex') {
             const codexSessionsDir = path.join(homeDir, '.codex', 'sessions');
@@ -2280,6 +2415,31 @@ async function startServer() {
         await initializeDatabase();
         // Configure Web Push (VAPID keys)
         configureWebPush();
+        // Load any provider API keys saved through the UI into process.env so
+        // the Claude/Codex SDKs pick them up automatically. Spawn-based
+        // adapters (Gemini, Qwen) layer their own env on top via buildSpawnEnv.
+        try {
+            await applyAllStoredCredentialsToEnv();
+        }
+        catch (err) {
+            console.warn('[provider-credentials] Failed to apply stored credentials:', err?.message || err);
+        }
+        // Prepend the pixcode-managed CLI sandbox
+        // (~/.pixcode/cli-bin/node_modules/.bin) to PATH so any provider CLI
+        // installed via the in-app installer is instantly resolvable by
+        // cross-spawn calls in the provider adapters — no server restart
+        // required, no need to touch the user's shell PATH.
+        try {
+            primeCliBinPath();
+        }
+        catch (err) {
+            console.warn('[install-jobs] Failed to prime CLI bin path:', err?.message || err);
+        }
+        // Restore any previously-configured Telegram bot. This is best-effort:
+        // a bad token or network blip should warn, not crash the server.
+        restoreBotFromConfig().catch((err) => {
+            console.warn('[telegram] restore failed:', err?.message || err);
+        });
         // Check if running in production mode (dist folder exists)
         const distIndexPath = path.join(APP_ROOT, 'dist', 'index.html');
         const isProduction = fs.existsSync(distIndexPath);
@@ -2299,6 +2459,15 @@ async function startServer() {
             console.log('');
             console.log(`${c.info('[INFO]')} Server URL:  ${c.bright('http://' + DISPLAY_HOST + ':' + SERVER_PORT)}`);
             console.log(`${c.info('[INFO]')} Installed at: ${c.dim(appInstallPath)}`);
+            // Print LAN IP + open inbound firewall port (Linux auto, Windows/Mac
+            // ask interactively once, then persist the decision). Non-fatal on
+            // any error — LAN access often works without a rule anyway.
+            try {
+                await ensurePortOpen(Number(SERVER_PORT));
+            }
+            catch (err) {
+                console.log(`${c.dim('[INFO]')} Port-access helper failed: ${err?.message || err}`);
+            }
             console.log(`${c.tip('[TIP]')}  Run "pixcode status" for full configuration details`);
             console.log('');
             // Start watching the projects folder for changes