npm - @pixelbyte-software/pixcode - Versions diffs - 1.30.1 → 1.31.0 - Mend

@pixelbyte-software/pixcode 1.30.1 → 1.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

package/LICENSE +718 -718
package/README.de.md +248 -248
package/README.ja.md +240 -240
package/README.ko.md +240 -240
package/README.md +295 -285
package/README.ru.md +248 -248
package/README.tr.md +250 -250
package/README.zh-CN.md +240 -240
package/dist/api-docs.html +879 -879
package/dist/assets/index-BRRJ47XQ.css +32 -0
package/dist/assets/index-EQohwyiC.js +837 -0
package/dist/clear-cache.html +85 -85
package/dist/convert-icons.md +52 -52
package/dist/favicon.png +0 -0
package/dist/favicon.svg +7 -8
package/dist/generate-icons.js +48 -48
package/dist/icons/codex-white.svg +3 -3
package/dist/icons/codex.svg +3 -3
package/dist/icons/cursor-white.svg +11 -11
package/dist/icons/icon-128x128.png +0 -0
package/dist/icons/icon-128x128.svg +9 -12
package/dist/icons/icon-144x144.png +0 -0
package/dist/icons/icon-144x144.svg +9 -12
package/dist/icons/icon-152x152.png +0 -0
package/dist/icons/icon-152x152.svg +9 -12
package/dist/icons/icon-192x192.png +0 -0
package/dist/icons/icon-192x192.svg +9 -12
package/dist/icons/icon-384x384.png +0 -0
package/dist/icons/icon-384x384.svg +9 -12
package/dist/icons/icon-512x512.png +0 -0
package/dist/icons/icon-512x512.svg +9 -12
package/dist/icons/icon-72x72.png +0 -0
package/dist/icons/icon-72x72.svg +9 -12
package/dist/icons/icon-96x96.png +0 -0
package/dist/icons/icon-96x96.svg +9 -12
package/dist/icons/icon-template.svg +9 -12
package/dist/icons/qwen-ai-icon.png +0 -0
package/dist/index.html +59 -49
package/dist/logo.png +0 -0
package/dist/logo.svg +11 -16
package/dist/manifest.json +60 -60
package/dist/sw.js +124 -124
package/dist-server/server/cli.js +100 -97
package/dist-server/server/cli.js.map +1 -1
package/dist-server/server/daemon/manager.js +33 -33
package/dist-server/server/daemon-manager.js +62 -62
package/dist-server/server/database/db.js +114 -22
package/dist-server/server/database/db.js.map +1 -1
package/dist-server/server/database/schema.js +122 -89
package/dist-server/server/database/schema.js.map +1 -1
package/dist-server/server/gemini-cli.js +6 -1
package/dist-server/server/gemini-cli.js.map +1 -1
package/dist-server/server/index.js +234 -65
package/dist-server/server/index.js.map +1 -1
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js +29 -2
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js +22 -2
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js +2 -2
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js +14 -2
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js +132 -0
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js +87 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js +201 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js +19 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js.map +1 -0
package/dist-server/server/modules/providers/provider.registry.js +2 -0
package/dist-server/server/modules/providers/provider.registry.js.map +1 -1
package/dist-server/server/modules/providers/provider.routes.js +310 -1
package/dist-server/server/modules/providers/provider.routes.js.map +1 -1
package/dist-server/server/projects.js +197 -6
package/dist-server/server/projects.js.map +1 -1
package/dist-server/server/qwen-code-cli.js +350 -0
package/dist-server/server/qwen-code-cli.js.map +1 -0
package/dist-server/server/qwen-response-handler.js +70 -0
package/dist-server/server/qwen-response-handler.js.map +1 -0
package/dist-server/server/routes/commands.js +25 -25
package/dist-server/server/routes/git.js +17 -17
package/dist-server/server/routes/network.js +116 -0
package/dist-server/server/routes/network.js.map +1 -0
package/dist-server/server/routes/projects.js +43 -0
package/dist-server/server/routes/projects.js.map +1 -1
package/dist-server/server/routes/qwen.js +23 -0
package/dist-server/server/routes/qwen.js.map +1 -0
package/dist-server/server/routes/taskmaster.js +419 -419
package/dist-server/server/routes/telegram.js +119 -0
package/dist-server/server/routes/telegram.js.map +1 -0
package/dist-server/server/services/external-access.js +228 -0
package/dist-server/server/services/external-access.js.map +1 -0
package/dist-server/server/services/install-jobs.js +394 -0
package/dist-server/server/services/install-jobs.js.map +1 -0
package/dist-server/server/services/notification-orchestrator.js +19 -5
package/dist-server/server/services/notification-orchestrator.js.map +1 -1
package/dist-server/server/services/provider-credentials.js +154 -0
package/dist-server/server/services/provider-credentials.js.map +1 -0
package/dist-server/server/services/provider-models.js +218 -0
package/dist-server/server/services/provider-models.js.map +1 -0
package/dist-server/server/services/telegram/bot.js +259 -0
package/dist-server/server/services/telegram/bot.js.map +1 -0
package/dist-server/server/services/telegram/translations.js +160 -0
package/dist-server/server/services/telegram/translations.js.map +1 -0
package/dist-server/server/utils/port-access.js +196 -0
package/dist-server/server/utils/port-access.js.map +1 -0
package/dist-server/shared/modelConstants.js +18 -0
package/dist-server/shared/modelConstants.js.map +1 -1
package/package.json +177 -168
package/scripts/fix-node-pty.js +67 -67
package/server/claude-sdk.js +834 -834
package/server/cli.js +940 -937
package/server/constants/config.js +4 -4
package/server/cursor-cli.js +342 -342
package/server/daemon/manager.js +564 -564
package/server/daemon-manager.js +920 -920
package/server/database/db.js +696 -593
package/server/database/schema.js +138 -102
package/server/gemini-cli.js +475 -469
package/server/gemini-response-handler.js +79 -79
package/server/index.js +2730 -2557
package/server/load-env.js +34 -34
package/server/middleware/auth.js +132 -132
package/server/modules/providers/list/claude/claude-auth.provider.ts +145 -123
package/server/modules/providers/list/claude/claude-mcp.provider.ts +135 -135
package/server/modules/providers/list/claude/claude-sessions.provider.ts +306 -306
package/server/modules/providers/list/claude/claude.provider.ts +15 -15
package/server/modules/providers/list/codex/codex-auth.provider.ts +115 -100
package/server/modules/providers/list/codex/codex-mcp.provider.ts +135 -135
package/server/modules/providers/list/codex/codex-sessions.provider.ts +319 -319
package/server/modules/providers/list/codex/codex.provider.ts +15 -15
package/server/modules/providers/list/cursor/cursor-auth.provider.ts +143 -143
package/server/modules/providers/list/cursor/cursor-mcp.provider.ts +108 -108
package/server/modules/providers/list/cursor/cursor-sessions.provider.ts +421 -421
package/server/modules/providers/list/cursor/cursor.provider.ts +15 -15
package/server/modules/providers/list/gemini/gemini-auth.provider.ts +163 -151
package/server/modules/providers/list/gemini/gemini-mcp.provider.ts +110 -110
package/server/modules/providers/list/gemini/gemini-sessions.provider.ts +227 -227
package/server/modules/providers/list/gemini/gemini.provider.ts +15 -15
package/server/modules/providers/list/qwen/qwen-auth.provider.ts +145 -0
package/server/modules/providers/list/qwen/qwen-mcp.provider.ts +114 -0
package/server/modules/providers/list/qwen/qwen-sessions.provider.ts +218 -0
package/server/modules/providers/list/qwen/qwen.provider.ts +21 -0
package/server/modules/providers/provider.registry.ts +38 -36
package/server/modules/providers/provider.routes.ts +583 -217
package/server/modules/providers/services/mcp.service.ts +94 -94
package/server/modules/providers/services/provider-auth.service.ts +26 -26
package/server/modules/providers/services/sessions.service.ts +45 -45
package/server/modules/providers/shared/base/abstract.provider.ts +20 -20
package/server/modules/providers/shared/mcp/mcp.provider.ts +151 -151
package/server/modules/providers/tests/mcp.test.ts +293 -293
package/server/openai-codex.js +426 -426
package/server/projects.js +2993 -2792
package/server/qwen-code-cli.js +392 -0
package/server/qwen-response-handler.js +73 -0
package/server/routes/agent.js +1245 -1245
package/server/routes/auth.js +134 -134
package/server/routes/codex.js +19 -19
package/server/routes/commands.js +554 -554
package/server/routes/cursor.js +52 -52
package/server/routes/gemini.js +24 -24
package/server/routes/git.js +1488 -1488
package/server/routes/mcp-utils.js +31 -31
package/server/routes/messages.js +61 -61
package/server/routes/network.js +128 -0
package/server/routes/plugins.js +307 -307
package/server/routes/projects.js +675 -627
package/server/routes/qwen.js +27 -0
package/server/routes/settings.js +286 -286
package/server/routes/taskmaster.js +1471 -1471
package/server/routes/telegram.js +125 -0
package/server/routes/user.js +123 -123
package/server/services/external-access.js +240 -0
package/server/services/install-jobs.js +410 -0
package/server/services/notification-orchestrator.js +242 -227
package/server/services/provider-credentials.js +151 -0
package/server/services/provider-models.js +225 -0
package/server/services/telegram/bot.js +280 -0
package/server/services/telegram/translations.js +170 -0
package/server/services/vapid-keys.js +35 -35
package/server/sessionManager.js +225 -225
package/server/shared/interfaces.ts +54 -54
package/server/shared/types.ts +172 -172
package/server/shared/utils.ts +193 -193
package/server/tsconfig.json +36 -36
package/server/utils/colors.js +21 -21
package/server/utils/commandParser.js +303 -303
package/server/utils/frontmatter.js +18 -18
package/server/utils/gitConfig.js +34 -34
package/server/utils/mcp-detector.js +147 -147
package/server/utils/plugin-loader.js +457 -457
package/server/utils/plugin-process-manager.js +184 -184
package/server/utils/port-access.js +209 -0
package/server/utils/runtime-paths.js +37 -37
package/server/utils/taskmaster-websocket.js +128 -128
package/server/utils/url-detection.js +71 -71
package/server/vite-daemon.js +78 -78
package/shared/modelConstants.js +117 -97
package/shared/networkHosts.js +22 -22
package/dist/assets/index-C2c9QNwK.css +0 -32
package/dist/assets/index-DyXDZED-.js +0 -1277
package/dist-server/server/routes/cli-auth.js +0 -25
package/dist-server/server/routes/cli-auth.js.map +0 -1
package/server/routes/cli-auth.js +0 -27

package/server/services/install-jobs.js ADDED Viewed

@@ -0,0 +1,410 @@
+/**
+ * In-memory install-job registry + sandboxed local CLI installer.
+ *
+ * Why not `npm install -g`:
+ *   - Requires admin/sudo on Windows and most Linux distros. When Pixcode
+ *     runs as a non-privileged daemon, -g fails with EACCES and the user
+ *     sees a blank log with no actionable error.
+ *   - Even on Windows desktop, npm's global prefix is sometimes broken
+ *     (AppData permissions, antivirus quarantining node_modules/.bin).
+ *   - CI/docker/VPS setups often don't have `npm` on the daemon's PATH at
+ *     all, even when the user's interactive shell does.
+ *
+ * What we do instead:
+ *   - Install targets go into `~/.pixcode/cli-bin/` as LOCAL dependencies
+ *     of a pixcode-owned package.json (no -g, no sudo, no UAC).
+ *   - Resolve `npm` from the same Node install that's running the server
+ *     (sibling file to `process.execPath`) so PATH environment doesn't
+ *     matter.
+ *   - On server boot, `~/.pixcode/cli-bin/node_modules/.bin` is prepended
+ *     to `process.env.PATH`. Every existing `cross-spawn(binary)` call
+ *     (in claude-auth, gemini-cli, qwen-code-cli, etc.) then resolves to
+ *     the locally installed binary without any change to the adapter code.
+ *
+ * The HTTP/stream side of the API is the same as before:
+ *   - POST /install → spawns the child, returns { jobId }
+ *   - GET  /install/:jobId/stream → EventSource that replays the buffered
+ *     transcript and then streams live chunks.
+ *   - DELETE /install/:jobId → cancels an in-flight install.
+ *
+ * Jobs linger 10 minutes after completion so late subscribers still see
+ * the outcome.
+ */
+import { spawn } from 'node:child_process';
+import { EventEmitter } from 'node:events';
+import { randomUUID } from 'node:crypto';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+const jobs = new Map();
+const FINISHED_TTL_MS = 10 * 60 * 1000;
+const HARD_TIMEOUT_MS = 10 * 60 * 1000;
+export const CLI_HOME = path.join(os.homedir(), '.pixcode', 'cli-bin');
+export const CLI_BIN_DIR = path.join(CLI_HOME, 'node_modules', '.bin');
+/**
+ * npm package → the binary name it installs. Used to verify the install
+ * actually dropped an executable we can run, since npm can exit(0) even
+ * when a package has no `bin` entry or our PATH wiring is wrong.
+ */
+const PACKAGE_BINARIES = {
+    '@anthropic-ai/claude-code': 'claude',
+    '@openai/codex': 'codex',
+    '@google/gemini-cli': 'gemini',
+    '@qwen-code/qwen-code': 'qwen',
+};
+/**
+ * Make sure `CLI_HOME` exists with a minimal package.json so `npm install`
+ * doesn't walk up to some unrelated parent and pollute it.
+ */
+function ensureCliHome() {
+    fs.mkdirSync(CLI_HOME, { recursive: true });
+    const pkgPath = path.join(CLI_HOME, 'package.json');
+    if (!fs.existsSync(pkgPath)) {
+        const pkg = {
+            name: 'pixcode-cli-bin',
+            private: true,
+            version: '0.0.0',
+            description:
+                'Pixcode-managed sandbox for provider CLIs (claude/codex/gemini/qwen). '
+                + 'Safe to delete; Pixcode will re-create it on next install.',
+        };
+        fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2));
+    }
+}
+/**
+ * Prepend the pixcode-managed bin dir to PATH. Called at server boot so
+ * every subsequent `spawn('claude'|'gemini'|'codex'|'qwen', …)` in the
+ * provider adapters (which use cross-spawn with bare names) resolves to
+ * the locally installed binary without any per-adapter change.
+ */
+export function primeCliBinPath(env = process.env) {
+    ensureCliHome();
+    const sep = process.platform === 'win32' ? ';' : ':';
+    const current = env.PATH || env.Path || '';
+    if (!current.split(sep).some((entry) => path.resolve(entry || '') === path.resolve(CLI_BIN_DIR))) {
+        const next = current ? `${CLI_BIN_DIR}${sep}${current}` : CLI_BIN_DIR;
+        env.PATH = next;
+        if ('Path' in env) env.Path = next;
+    }
+    // Once PATH is ready, resolve any well-known provider binaries to absolute
+    // paths and export them as *_CLI_PATH env vars. This side-steps a Windows
+    // gotcha: `child_process.spawn('claude', …)` does NOT auto-resolve .cmd /
+    // .bat extensions, and the Claude Agent SDK calls spawn directly instead
+    // of via cross-spawn — so a bare "claude" on PATH works in a shell but
+    // fails inside the SDK. Pinning the full path side-steps it entirely.
+    resolveProviderExecutables(env);
+}
+/**
+ * Scan PATH (plus known native-installer locations) for every provider
+ * binary we ship support for, and export *_CLI_PATH env vars pointing to
+ * the absolute executable. Existing vars are left alone so users can
+ * override detection.
+ */
+export function resolveProviderExecutables(env = process.env) {
+    const providers = [
+        { name: 'claude', envKey: 'CLAUDE_CLI_PATH' },
+        { name: 'codex', envKey: 'CODEX_CLI_PATH' },
+        { name: 'gemini', envKey: 'GEMINI_CLI_PATH' },
+        { name: 'qwen', envKey: 'QWEN_CLI_PATH' },
+        { name: 'cursor-agent', envKey: 'CURSOR_CLI_PATH' },
+    ];
+    for (const { name, envKey } of providers) {
+        if (env[envKey]) continue;
+        const resolved = findExecutableOnPath(name, env);
+        if (resolved) env[envKey] = resolved;
+    }
+}
+/**
+ * Search PATH for an executable, including the Windows extension variants.
+ * Returns the absolute path or null. Plain Node has no cross-platform
+ * equivalent of `which`, so we roll our own — it's small enough to not be
+ * worth an extra dependency.
+ */
+export function findExecutableOnPath(name, env = process.env) {
+    const isWindows = process.platform === 'win32';
+    const sep = isWindows ? ';' : ':';
+    const paths = (env.PATH || env.Path || '').split(sep).filter(Boolean);
+    // Common native-installer / per-user fallback paths that aren't always on
+    // the daemon's PATH but are on the user's interactive shell PATH. We
+    // union them in so "pixcode --no-daemon" and "pixcode daemon" agree.
+    const home = os.homedir();
+    if (isWindows) {
+        paths.push(path.join(env.APPDATA || path.join(home, 'AppData', 'Roaming'), 'npm'));
+        paths.push(path.join(env.LOCALAPPDATA || path.join(home, 'AppData', 'Local'), 'Programs', `${name}-code`));
+        paths.push(path.join(env.LOCALAPPDATA || path.join(home, 'AppData', 'Local'), 'AnthropicClaude'));
+    } else {
+        paths.push(path.join(home, '.local', 'bin'));
+        paths.push(path.join(home, '.npm-global', 'bin'));
+        paths.push('/usr/local/bin');
+        paths.push('/opt/homebrew/bin');
+    }
+    const exts = isWindows
+        ? ['.cmd', '.exe', '.bat', '.ps1', '']
+        : [''];
+    for (const dir of paths) {
+        for (const ext of exts) {
+            const candidate = path.join(dir, name + ext);
+            try {
+                if (fs.existsSync(candidate) && fs.statSync(candidate).isFile()) {
+                    return candidate;
+                }
+            } catch {
+                // Permission denied / broken symlink — ignore and keep looking.
+            }
+        }
+    }
+    return null;
+}
+/**
+ * Resolve `npm` next to the currently-running `node` binary. This is
+ * more reliable than trusting PATH — when Pixcode runs as a daemon, PATH
+ * is often minimal and doesn't include the user's node install.
+ */
+function resolveNpmCommand() {
+    const nodeDir = path.dirname(process.execPath);
+    const isWindows = process.platform === 'win32';
+    const candidates = isWindows
+        ? ['npm.cmd', 'npm.exe']
+        : ['npm'];
+    for (const c of candidates) {
+        const full = path.join(nodeDir, c);
+        if (fs.existsSync(full)) return full;
+    }
+    // Windows sometimes ships npm in a sibling "npm" directory.
+    if (isWindows) {
+        const siblingNpm = path.join(nodeDir, 'node_modules', 'npm', 'bin', 'npm-cli.js');
+        if (fs.existsSync(siblingNpm)) {
+            return siblingNpm; // we'll invoke `node <npm-cli.js>`
+        }
+    }
+    // Fall back to bare name and let the shell resolve.
+    return isWindows ? 'npm.cmd' : 'npm';
+}
+function packageFromCommand(installCmd) {
+    // Legacy callers still pass `npm install -g <pkg>` strings — extract
+    // the @scope/name so the local installer can reuse the same input.
+    const match = String(installCmd).match(/@[^\s]+\/[^\s]+|[\w.-]+(?:@[\w.-]+)?$/);
+    return match ? match[0] : installCmd;
+}
+export function createInstallJob({ provider, installCmd, packageName }) {
+    const pkg = packageName || packageFromCommand(installCmd);
+    const id = randomUUID();
+    const emitter = new EventEmitter();
+    emitter.setMaxListeners(20);
+    const job = {
+        id,
+        provider,
+        installCmd,
+        package: pkg,
+        status: 'running',
+        startedAt: new Date().toISOString(),
+        finishedAt: null,
+        exitCode: null,
+        error: null,
+        logs: [],
+        emitter,
+        child: null,
+        timer: null,
+    };
+    const appendLog = (stream, chunk) => {
+        const entry = { stream, chunk, at: Date.now() };
+        job.logs.push(entry);
+        if (job.logs.length > 2000) {
+            job.logs.splice(0, job.logs.length - 2000);
+        }
+        emitter.emit('log', entry);
+    };
+    try {
+        ensureCliHome();
+    } catch (err) {
+        job.status = 'error';
+        job.error = `Could not create ${CLI_HOME}: ${err?.message || err}`;
+        job.finishedAt = new Date().toISOString();
+        appendLog('stderr', job.error + '\n');
+        emitter.emit('done', buildDonePayload(job));
+        scheduleCleanup(job);
+        jobs.set(id, job);
+        return job;
+    }
+    appendLog('meta', `Installing ${pkg} into ${CLI_HOME}\n`);
+    appendLog('meta', `(sandboxed — no sudo / admin required)\n`);
+    const npmCmd = resolveNpmCommand();
+    const useNodeRunner = npmCmd.endsWith('.js');
+    const cmd = useNodeRunner ? process.execPath : npmCmd;
+    const args = useNodeRunner
+        ? [npmCmd, 'install', pkg, '--no-audit', '--no-fund', '--loglevel=http']
+        : ['install', pkg, '--no-audit', '--no-fund', '--loglevel=http'];
+    appendLog('meta', `$ ${cmd} ${args.join(' ')}\n`);
+    let child;
+    try {
+        child = spawn(cmd, args, {
+            cwd: CLI_HOME,
+            env: { ...process.env, npm_config_yes: 'true' },
+            stdio: ['ignore', 'pipe', 'pipe'],
+            windowsHide: true,
+            // On Windows, .cmd files need a shell to be invokable by spawn().
+            shell: process.platform === 'win32' && !useNodeRunner,
+        });
+    } catch (err) {
+        const message = err?.message || String(err);
+        console.error(`[install-job:${provider}:${id}] Spawn failed:`, message);
+        job.status = 'error';
+        job.error = `Failed to launch npm: ${message}`;
+        job.finishedAt = new Date().toISOString();
+        appendLog('stderr', job.error + '\n');
+        emitter.emit('done', buildDonePayload(job));
+        scheduleCleanup(job);
+        jobs.set(id, job);
+        return job;
+    }
+    job.child = child;
+    child.stdout.on('data', (buf) => appendLog('stdout', buf.toString()));
+    child.stderr.on('data', (buf) => appendLog('stderr', buf.toString()));
+    child.on('error', (err) => {
+        if (job.status !== 'running') return;
+        job.status = 'error';
+        job.error = `npm process error: ${err.message}`;
+        job.finishedAt = new Date().toISOString();
+        appendLog('stderr', job.error + '\n');
+        emitter.emit('done', buildDonePayload(job));
+        scheduleCleanup(job);
+    });
+    child.on('close', (code, signal) => {
+        if (job.status !== 'running') return;
+        job.exitCode = code ?? null;
+        job.finishedAt = new Date().toISOString();
+        if (code !== 0) {
+            job.status = 'error';
+            job.error = signal
+                ? `Install killed by signal ${signal}`
+                : `npm exited with code ${code}`;
+            emitter.emit('done', buildDonePayload(job));
+            scheduleCleanup(job);
+            return;
+        }
+        // Verify the binary actually landed. If we don't check, a package
+        // without a `bin` entry (or a half-extracted tarball) would still
+        // read as "success" and the user would be confused when auth
+        // status stays red.
+        const binName = PACKAGE_BINARIES[pkg] || provider;
+        const binaryPath = findInstalledBinary(binName);
+        if (!binaryPath) {
+            job.status = 'error';
+            job.error = `npm exited cleanly but ${binName} was not found in ${CLI_BIN_DIR}`;
+            appendLog('stderr', job.error + '\n');
+            emitter.emit('done', buildDonePayload(job));
+            scheduleCleanup(job);
+            return;
+        }
+        // Make sure our live server process can resolve the new binary
+        // from this moment on, without a restart. primeCliBinPath is
+        // idempotent so re-calling after each install is cheap.
+        primeCliBinPath();
+        appendLog('meta', `✓ Installed ${binName} → ${binaryPath}\n`);
+        job.status = 'done';
+        job.binaryPath = binaryPath;
+        emitter.emit('done', buildDonePayload(job));
+        scheduleCleanup(job);
+    });
+    job.timer = setTimeout(() => {
+        if (job.status !== 'running') return;
+        try { child.kill('SIGKILL'); } catch { /* noop */ }
+        job.status = 'error';
+        job.error = 'Install timed out after 10 minutes';
+        job.finishedAt = new Date().toISOString();
+        appendLog('stderr', job.error + '\n');
+        emitter.emit('done', buildDonePayload(job));
+        scheduleCleanup(job);
+    }, HARD_TIMEOUT_MS);
+    jobs.set(id, job);
+    return job;
+}
+function findInstalledBinary(name) {
+    const isWindows = process.platform === 'win32';
+    const candidates = isWindows
+        ? [`${name}.cmd`, `${name}.exe`, name]
+        : [name];
+    for (const c of candidates) {
+        const full = path.join(CLI_BIN_DIR, c);
+        if (fs.existsSync(full)) return full;
+    }
+    return null;
+}
+function buildDonePayload(job) {
+    if (job.status === 'done') {
+        return {
+            success: true,
+            exitCode: job.exitCode,
+            binaryPath: job.binaryPath,
+            message: `${job.provider} installed. Refreshing auth status…`,
+        };
+    }
+    return {
+        success: false,
+        exitCode: job.exitCode,
+        error: job.error || 'Install failed',
+    };
+}
+function scheduleCleanup(job) {
+    if (job.timer) {
+        clearTimeout(job.timer);
+        job.timer = null;
+    }
+    setTimeout(() => {
+        jobs.delete(job.id);
+    }, FINISHED_TTL_MS);
+}
+export function getInstallJob(id) {
+    return jobs.get(id) || null;
+}
+export function cancelInstallJob(id) {
+    const job = jobs.get(id);
+    if (!job) return false;
+    if (job.status !== 'running') return false;
+    try { job.child?.kill(); } catch { /* noop */ }
+    job.status = 'error';
+    job.error = 'Install cancelled';
+    job.finishedAt = new Date().toISOString();
+    job.emitter.emit('done', buildDonePayload(job));
+    scheduleCleanup(job);
+    return true;
+}
+export function snapshotDonePayload(job) {
+    return buildDonePayload(job);
+}