npm - @pixelbyte-software/pixcode - Versions diffs - 1.30.1 → 1.31.0 - Mend

@pixelbyte-software/pixcode 1.30.1 → 1.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

package/LICENSE +718 -718
package/README.de.md +248 -248
package/README.ja.md +240 -240
package/README.ko.md +240 -240
package/README.md +295 -285
package/README.ru.md +248 -248
package/README.tr.md +250 -250
package/README.zh-CN.md +240 -240
package/dist/api-docs.html +879 -879
package/dist/assets/index-BRRJ47XQ.css +32 -0
package/dist/assets/index-EQohwyiC.js +837 -0
package/dist/clear-cache.html +85 -85
package/dist/convert-icons.md +52 -52
package/dist/favicon.png +0 -0
package/dist/favicon.svg +7 -8
package/dist/generate-icons.js +48 -48
package/dist/icons/codex-white.svg +3 -3
package/dist/icons/codex.svg +3 -3
package/dist/icons/cursor-white.svg +11 -11
package/dist/icons/icon-128x128.png +0 -0
package/dist/icons/icon-128x128.svg +9 -12
package/dist/icons/icon-144x144.png +0 -0
package/dist/icons/icon-144x144.svg +9 -12
package/dist/icons/icon-152x152.png +0 -0
package/dist/icons/icon-152x152.svg +9 -12
package/dist/icons/icon-192x192.png +0 -0
package/dist/icons/icon-192x192.svg +9 -12
package/dist/icons/icon-384x384.png +0 -0
package/dist/icons/icon-384x384.svg +9 -12
package/dist/icons/icon-512x512.png +0 -0
package/dist/icons/icon-512x512.svg +9 -12
package/dist/icons/icon-72x72.png +0 -0
package/dist/icons/icon-72x72.svg +9 -12
package/dist/icons/icon-96x96.png +0 -0
package/dist/icons/icon-96x96.svg +9 -12
package/dist/icons/icon-template.svg +9 -12
package/dist/icons/qwen-ai-icon.png +0 -0
package/dist/index.html +59 -49
package/dist/logo.png +0 -0
package/dist/logo.svg +11 -16
package/dist/manifest.json +60 -60
package/dist/sw.js +124 -124
package/dist-server/server/cli.js +100 -97
package/dist-server/server/cli.js.map +1 -1
package/dist-server/server/daemon/manager.js +33 -33
package/dist-server/server/daemon-manager.js +62 -62
package/dist-server/server/database/db.js +114 -22
package/dist-server/server/database/db.js.map +1 -1
package/dist-server/server/database/schema.js +122 -89
package/dist-server/server/database/schema.js.map +1 -1
package/dist-server/server/gemini-cli.js +6 -1
package/dist-server/server/gemini-cli.js.map +1 -1
package/dist-server/server/index.js +234 -65
package/dist-server/server/index.js.map +1 -1
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js +29 -2
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js +22 -2
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js +2 -2
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js +14 -2
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js +132 -0
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js +87 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js +201 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js +19 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js.map +1 -0
package/dist-server/server/modules/providers/provider.registry.js +2 -0
package/dist-server/server/modules/providers/provider.registry.js.map +1 -1
package/dist-server/server/modules/providers/provider.routes.js +310 -1
package/dist-server/server/modules/providers/provider.routes.js.map +1 -1
package/dist-server/server/projects.js +197 -6
package/dist-server/server/projects.js.map +1 -1
package/dist-server/server/qwen-code-cli.js +350 -0
package/dist-server/server/qwen-code-cli.js.map +1 -0
package/dist-server/server/qwen-response-handler.js +70 -0
package/dist-server/server/qwen-response-handler.js.map +1 -0
package/dist-server/server/routes/commands.js +25 -25
package/dist-server/server/routes/git.js +17 -17
package/dist-server/server/routes/network.js +116 -0
package/dist-server/server/routes/network.js.map +1 -0
package/dist-server/server/routes/projects.js +43 -0
package/dist-server/server/routes/projects.js.map +1 -1
package/dist-server/server/routes/qwen.js +23 -0
package/dist-server/server/routes/qwen.js.map +1 -0
package/dist-server/server/routes/taskmaster.js +419 -419
package/dist-server/server/routes/telegram.js +119 -0
package/dist-server/server/routes/telegram.js.map +1 -0
package/dist-server/server/services/external-access.js +228 -0
package/dist-server/server/services/external-access.js.map +1 -0
package/dist-server/server/services/install-jobs.js +394 -0
package/dist-server/server/services/install-jobs.js.map +1 -0
package/dist-server/server/services/notification-orchestrator.js +19 -5
package/dist-server/server/services/notification-orchestrator.js.map +1 -1
package/dist-server/server/services/provider-credentials.js +154 -0
package/dist-server/server/services/provider-credentials.js.map +1 -0
package/dist-server/server/services/provider-models.js +218 -0
package/dist-server/server/services/provider-models.js.map +1 -0
package/dist-server/server/services/telegram/bot.js +259 -0
package/dist-server/server/services/telegram/bot.js.map +1 -0
package/dist-server/server/services/telegram/translations.js +160 -0
package/dist-server/server/services/telegram/translations.js.map +1 -0
package/dist-server/server/utils/port-access.js +196 -0
package/dist-server/server/utils/port-access.js.map +1 -0
package/dist-server/shared/modelConstants.js +18 -0
package/dist-server/shared/modelConstants.js.map +1 -1
package/package.json +177 -168
package/scripts/fix-node-pty.js +67 -67
package/server/claude-sdk.js +834 -834
package/server/cli.js +940 -937
package/server/constants/config.js +4 -4
package/server/cursor-cli.js +342 -342
package/server/daemon/manager.js +564 -564
package/server/daemon-manager.js +920 -920
package/server/database/db.js +696 -593
package/server/database/schema.js +138 -102
package/server/gemini-cli.js +475 -469
package/server/gemini-response-handler.js +79 -79
package/server/index.js +2730 -2557
package/server/load-env.js +34 -34
package/server/middleware/auth.js +132 -132
package/server/modules/providers/list/claude/claude-auth.provider.ts +145 -123
package/server/modules/providers/list/claude/claude-mcp.provider.ts +135 -135
package/server/modules/providers/list/claude/claude-sessions.provider.ts +306 -306
package/server/modules/providers/list/claude/claude.provider.ts +15 -15
package/server/modules/providers/list/codex/codex-auth.provider.ts +115 -100
package/server/modules/providers/list/codex/codex-mcp.provider.ts +135 -135
package/server/modules/providers/list/codex/codex-sessions.provider.ts +319 -319
package/server/modules/providers/list/codex/codex.provider.ts +15 -15
package/server/modules/providers/list/cursor/cursor-auth.provider.ts +143 -143
package/server/modules/providers/list/cursor/cursor-mcp.provider.ts +108 -108
package/server/modules/providers/list/cursor/cursor-sessions.provider.ts +421 -421
package/server/modules/providers/list/cursor/cursor.provider.ts +15 -15
package/server/modules/providers/list/gemini/gemini-auth.provider.ts +163 -151
package/server/modules/providers/list/gemini/gemini-mcp.provider.ts +110 -110
package/server/modules/providers/list/gemini/gemini-sessions.provider.ts +227 -227
package/server/modules/providers/list/gemini/gemini.provider.ts +15 -15
package/server/modules/providers/list/qwen/qwen-auth.provider.ts +145 -0
package/server/modules/providers/list/qwen/qwen-mcp.provider.ts +114 -0
package/server/modules/providers/list/qwen/qwen-sessions.provider.ts +218 -0
package/server/modules/providers/list/qwen/qwen.provider.ts +21 -0
package/server/modules/providers/provider.registry.ts +38 -36
package/server/modules/providers/provider.routes.ts +583 -217
package/server/modules/providers/services/mcp.service.ts +94 -94
package/server/modules/providers/services/provider-auth.service.ts +26 -26
package/server/modules/providers/services/sessions.service.ts +45 -45
package/server/modules/providers/shared/base/abstract.provider.ts +20 -20
package/server/modules/providers/shared/mcp/mcp.provider.ts +151 -151
package/server/modules/providers/tests/mcp.test.ts +293 -293
package/server/openai-codex.js +426 -426
package/server/projects.js +2993 -2792
package/server/qwen-code-cli.js +392 -0
package/server/qwen-response-handler.js +73 -0
package/server/routes/agent.js +1245 -1245
package/server/routes/auth.js +134 -134
package/server/routes/codex.js +19 -19
package/server/routes/commands.js +554 -554
package/server/routes/cursor.js +52 -52
package/server/routes/gemini.js +24 -24
package/server/routes/git.js +1488 -1488
package/server/routes/mcp-utils.js +31 -31
package/server/routes/messages.js +61 -61
package/server/routes/network.js +128 -0
package/server/routes/plugins.js +307 -307
package/server/routes/projects.js +675 -627
package/server/routes/qwen.js +27 -0
package/server/routes/settings.js +286 -286
package/server/routes/taskmaster.js +1471 -1471
package/server/routes/telegram.js +125 -0
package/server/routes/user.js +123 -123
package/server/services/external-access.js +240 -0
package/server/services/install-jobs.js +410 -0
package/server/services/notification-orchestrator.js +242 -227
package/server/services/provider-credentials.js +151 -0
package/server/services/provider-models.js +225 -0
package/server/services/telegram/bot.js +280 -0
package/server/services/telegram/translations.js +170 -0
package/server/services/vapid-keys.js +35 -35
package/server/sessionManager.js +225 -225
package/server/shared/interfaces.ts +54 -54
package/server/shared/types.ts +172 -172
package/server/shared/utils.ts +193 -193
package/server/tsconfig.json +36 -36
package/server/utils/colors.js +21 -21
package/server/utils/commandParser.js +303 -303
package/server/utils/frontmatter.js +18 -18
package/server/utils/gitConfig.js +34 -34
package/server/utils/mcp-detector.js +147 -147
package/server/utils/plugin-loader.js +457 -457
package/server/utils/plugin-process-manager.js +184 -184
package/server/utils/port-access.js +209 -0
package/server/utils/runtime-paths.js +37 -37
package/server/utils/taskmaster-websocket.js +128 -128
package/server/utils/url-detection.js +71 -71
package/server/vite-daemon.js +78 -78
package/shared/modelConstants.js +117 -97
package/shared/networkHosts.js +22 -22
package/dist/assets/index-C2c9QNwK.css +0 -32
package/dist/assets/index-DyXDZED-.js +0 -1277
package/dist-server/server/routes/cli-auth.js +0 -25
package/dist-server/server/routes/cli-auth.js.map +0 -1
package/server/routes/cli-auth.js +0 -27

package/server/services/provider-models.js ADDED Viewed

@@ -0,0 +1,225 @@
+/**
+ * Provider model catalog — dynamic discovery + persistent cache.
+ *
+ * Each CLI provider offers a different way to list the models it can run:
+ *
+ *   - Anthropic: https://api.anthropic.com/v1/models (API key required)
+ *   - OpenAI   : https://api.openai.com/v1/models (or a custom baseUrl when
+ *                the user points Codex at an OpenAI-compatible proxy)
+ *   - Google   : https://generativelanguage.googleapis.com/v1beta/models
+ *   - Qwen     : same OpenAI-compat shape when users BYOK through
+ *                ModelStudio / ModelScope / OpenRouter etc.
+ *
+ * The UI still keeps a hardcoded "known good" catalog as a baseline so
+ * brand-new installs don't show an empty dropdown; discovery merges the
+ * server-reported list on top, dedupes, and persists to
+ * `~/.pixcode/provider-models.json` with a 6-hour freshness window.
+ */
+import { promises as fs } from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { getProviderCredentials } from './provider-credentials.js';
+const CACHE_FILE = path.join(os.homedir(), '.pixcode', 'provider-models.json');
+const CACHE_TTL_MS = 6 * 60 * 60 * 1000; // 6 hours
+async function readCache() {
+    try {
+        const raw = await fs.readFile(CACHE_FILE, 'utf8');
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === 'object' ? parsed : {};
+    } catch {
+        return {};
+    }
+}
+async function writeCache(next) {
+    await fs.mkdir(path.dirname(CACHE_FILE), { recursive: true });
+    await fs.writeFile(CACHE_FILE, JSON.stringify(next, null, 2), { mode: 0o600 });
+}
+/**
+ * Cache entry shape:
+ *   { models: [{ value, label, source: 'static' | 'api' }],
+ *     fetchedAt: '<iso date>',
+ *     error?: '...' }
+ *
+ * `source` tells the UI which entries came from the live API so a
+ * refresh can prune stale ones without losing the hand-maintained
+ * defaults.
+ */
+async function loadCachedEntry(provider) {
+    const cache = await readCache();
+    return cache[provider] || null;
+}
+async function saveCacheEntry(provider, entry) {
+    const cache = await readCache();
+    cache[provider] = { ...entry, fetchedAt: new Date().toISOString() };
+    await writeCache(cache);
+}
+function normalizeList(list) {
+    if (!Array.isArray(list)) return [];
+    const seen = new Set();
+    const out = [];
+    for (const item of list) {
+        if (!item || typeof item !== 'object') continue;
+        const value = typeof item.value === 'string' ? item.value.trim() : '';
+        if (!value || seen.has(value)) continue;
+        seen.add(value);
+        const label = typeof item.label === 'string' && item.label.trim() ? item.label.trim() : value;
+        const source = item.source === 'api' ? 'api' : 'static';
+        out.push({ value, label, source });
+    }
+    return out;
+}
+function mergeCatalogs(primary, secondary) {
+    const seen = new Map();
+    for (const item of [...primary, ...secondary]) {
+        if (!seen.has(item.value)) seen.set(item.value, item);
+    }
+    return Array.from(seen.values());
+}
+// ---------------- Per-provider live discovery ----------------
+async function discoverAnthropic(apiKey, baseUrl) {
+    const endpoint = (baseUrl?.replace(/\/+$/, '') || 'https://api.anthropic.com') + '/v1/models';
+    const response = await fetch(endpoint, {
+        headers: {
+            'x-api-key': apiKey,
+            'anthropic-version': '2023-06-01',
+        },
+    });
+    if (!response.ok) throw new Error(`Anthropic /v1/models returned ${response.status}`);
+    const data = await response.json();
+    const rows = Array.isArray(data?.data) ? data.data : [];
+    return rows
+        .filter((m) => typeof m?.id === 'string')
+        .map((m) => ({
+            value: m.id,
+            label: typeof m.display_name === 'string' && m.display_name.trim() ? m.display_name : m.id,
+            source: 'api',
+        }));
+}
+async function discoverOpenAiCompat(apiKey, baseUrl, fallbackBase) {
+    const endpoint = (baseUrl?.replace(/\/+$/, '') || fallbackBase) + '/models';
+    const response = await fetch(endpoint, {
+        headers: { Authorization: `Bearer ${apiKey}` },
+    });
+    if (!response.ok) throw new Error(`${endpoint} returned ${response.status}`);
+    const data = await response.json();
+    const rows = Array.isArray(data?.data) ? data.data : [];
+    return rows
+        .filter((m) => typeof m?.id === 'string')
+        .map((m) => ({
+            value: m.id,
+            label: m.id,
+            source: 'api',
+        }));
+}
+async function discoverGoogle(apiKey) {
+    // Google Generative Language API — public models list, API key as query.
+    const endpoint = `https://generativelanguage.googleapis.com/v1beta/models?key=${encodeURIComponent(apiKey)}`;
+    const response = await fetch(endpoint);
+    if (!response.ok) throw new Error(`Google /v1beta/models returned ${response.status}`);
+    const data = await response.json();
+    const rows = Array.isArray(data?.models) ? data.models : [];
+    return rows
+        .filter((m) => typeof m?.name === 'string' && m.name.includes('models/'))
+        .map((m) => {
+            const id = m.name.replace(/^models\//, '');
+            return {
+                value: id,
+                label: typeof m.displayName === 'string' && m.displayName.trim() ? m.displayName : id,
+                source: 'api',
+            };
+        });
+}
+/**
+ * Returns the merged catalog for a provider.
+ *   opts.forceRefresh: ignore cache and hit the upstream API
+ *   opts.staticList: hardcoded fallback from shared/modelConstants.js
+ */
+export async function getProviderModels(provider, opts = {}) {
+    const { forceRefresh = false, staticList = [] } = opts;
+    const staticCatalog = normalizeList(staticList.map((m) => ({ ...m, source: 'static' })));
+    const cached = await loadCachedEntry(provider);
+    const cacheFresh = cached?.fetchedAt
+        ? Date.now() - Date.parse(cached.fetchedAt) < CACHE_TTL_MS
+        : false;
+    if (!forceRefresh && cacheFresh && Array.isArray(cached?.models)) {
+        return {
+            models: mergeCatalogs(normalizeList(cached.models), staticCatalog),
+            fetchedAt: cached.fetchedAt,
+            error: cached.error,
+            fromCache: true,
+        };
+    }
+    // Pick up credentials from Pixcode's UI store first, then fall back to
+    // the native env vars so a user who already exported ANTHROPIC_API_KEY
+    // (or authenticated Claude Code via OAuth — the SDK writes the key into
+    // process.env on boot) gets live models without re-entering anything.
+    const creds = await getProviderCredentials(provider);
+    const envKey = {
+        claude: process.env.ANTHROPIC_API_KEY,
+        codex: process.env.OPENAI_API_KEY,
+        qwen: process.env.OPENAI_API_KEY || process.env.QWEN_API_KEY,
+        gemini: process.env.GEMINI_API_KEY,
+    }[provider];
+    const envBase = {
+        claude: process.env.ANTHROPIC_BASE_URL,
+        codex: process.env.OPENAI_BASE_URL,
+        qwen: process.env.OPENAI_BASE_URL,
+        gemini: undefined,
+    }[provider];
+    const apiKey = creds?.apiKey || envKey;
+    const baseUrl = creds?.baseUrl || envBase || undefined;
+    let liveModels = [];
+    let error;
+    if (!apiKey) {
+        // Be explicit so the UI can surface a useful hint rather than just
+        // showing the static baseline with no reason given.
+        error = `No ${provider} API key configured. Save one in Settings > Agents > API Key to enable live discovery.`;
+    } else {
+        try {
+            if (provider === 'claude') {
+                liveModels = await discoverAnthropic(apiKey, baseUrl);
+            } else if (provider === 'codex') {
+                liveModels = await discoverOpenAiCompat(apiKey, baseUrl, 'https://api.openai.com/v1');
+            } else if (provider === 'qwen') {
+                liveModels = await discoverOpenAiCompat(
+                    apiKey,
+                    baseUrl,
+                    'https://dashscope-intl.aliyuncs.com/compatible-mode/v1',
+                );
+            } else if (provider === 'gemini') {
+                liveModels = await discoverGoogle(apiKey);
+            }
+        } catch (err) {
+            error = err?.message || String(err);
+        }
+    }
+    const merged = mergeCatalogs(normalizeList(liveModels), staticCatalog);
+    const entry = { models: merged, error };
+    await saveCacheEntry(provider, entry).catch(() => { /* non-fatal */ });
+    return { models: merged, fetchedAt: new Date().toISOString(), error, fromCache: false };
+}
+export async function clearProviderModelCache(provider) {
+    const cache = await readCache();
+    if (provider) delete cache[provider];
+    else Object.keys(cache).forEach((k) => delete cache[k]);
+    await writeCache(cache);
+}

package/server/services/telegram/bot.js ADDED Viewed

@@ -0,0 +1,280 @@
+import { EventEmitter } from 'node:events';
+import { createRequire } from 'node:module';
+import { telegramConfigDb, telegramLinksDb } from '../../database/db.js';
+import { t } from './translations.js';
+// node-telegram-bot-api is a CommonJS module. Using createRequire keeps the
+// default-export interop clean across ESM/CJS boundaries.
+const requireCjs = createRequire(import.meta.url);
+const TelegramBot = requireCjs('node-telegram-bot-api');
+// Pairing code TTL. Ten minutes gives a user enough time to switch apps and
+// type the code without leaving a long-lived code sitting around if they
+// abandon the flow.
+const PAIRING_TTL_MS = 10 * 60 * 1000;
+// Singleton bot state. We intentionally host one bot per Pixcode instance —
+// running multiple bots from the same token would cause Telegram to trip
+// polling conflicts, and per-user bots are overkill.
+let bot = null;
+let botInfo = null; // { id, username, first_name }
+let lastError = null;
+// Subscribers (notification-orchestrator, future session bridge) use this to
+// react to events without importing the bot module directly.
+export const telegramEvents = new EventEmitter();
+const now = () => Date.now();
+const generate6DigitCode = () => {
+  // Zero-padded random 6-digit code. Using rand instead of crypto is fine
+  // here: the code is short-lived (10min), single-use, and verified against
+  // a per-user row — brute-force requires both the code AND a live pairing.
+  const n = Math.floor(Math.random() * 1_000_000);
+  return n.toString().padStart(6, '0');
+};
+export const createPairingCode = (userId, language = 'en') => {
+  const code = generate6DigitCode();
+  const expiresAtIso = new Date(now() + PAIRING_TTL_MS).toISOString();
+  telegramLinksDb.setPairingCode(userId, code, expiresAtIso, language);
+  return { code, expiresAt: expiresAtIso };
+};
+export const getBotState = () => ({
+  running: Boolean(bot),
+  username: botInfo?.username || null,
+  error: lastError,
+});
+export const getPublicConfig = () => {
+  const config = telegramConfigDb.get();
+  return {
+    configured: Boolean(config?.bot_token),
+    username: config?.bot_username || null,
+  };
+};
+const parseMaybeCode = (text) => {
+  const trimmed = text.trim();
+  // Only treat the message as a pairing attempt when it's *exactly* 6 digits,
+  // otherwise a paired user typing "123456" as part of a prompt would get
+  // rejected with "invalid code" instead of being forwarded.
+  return /^\d{6}$/.test(trimmed) ? trimmed : null;
+};
+const safeSend = async (chatId, text) => {
+  if (!bot) return;
+  try {
+    await bot.sendMessage(chatId, text, { parse_mode: 'Markdown' });
+  } catch (err) {
+    // Markdown parse errors from user input are common; retry plaintext.
+    try {
+      await bot.sendMessage(chatId, text);
+    } catch (fallbackErr) {
+      console.warn('[telegram] sendMessage failed:', fallbackErr?.message || fallbackErr);
+    }
+  }
+};
+const handlePairing = async (msg, code) => {
+  const link = telegramLinksDb.findByPairingCode(code);
+  const language = link?.language || 'en';
+  if (!link) {
+    await safeSend(msg.chat.id, t(language, 'pairing.notFound'));
+    return;
+  }
+  const expiresAt = link.pairing_code_expires_at ? Date.parse(link.pairing_code_expires_at) : 0;
+  if (!expiresAt || expiresAt < now()) {
+    await safeSend(msg.chat.id, t(language, 'pairing.expired'));
+    return;
+  }
+  const telegramUsername = msg.from?.username || null;
+  telegramLinksDb.verify(link.user_id, String(msg.chat.id), telegramUsername);
+  telegramEvents.emit('paired', { userId: link.user_id, chatId: String(msg.chat.id), username: telegramUsername });
+  await safeSend(msg.chat.id, t(language, 'pairing.success'));
+};
+const handleBridgeMessage = async (msg, existing) => {
+  const language = existing.language || 'en';
+  if (!existing.bridge_enabled) {
+    await safeSend(msg.chat.id, t(language, 'bridge.disabled'));
+    return;
+  }
+  // Fan out to subscribers (future: session-prompt bridge). We don't do the
+  // actual agent dispatch here to keep the bot service narrowly focused on
+  // Telegram I/O and let the rest of the server opt in.
+  telegramEvents.emit('prompt', {
+    userId: existing.user_id,
+    chatId: String(msg.chat.id),
+    text: msg.text || '',
+    language,
+    messageId: msg.message_id,
+  });
+  await safeSend(msg.chat.id, t(language, 'bridge.queued'));
+};
+const handleMessage = async (msg) => {
+  if (!msg?.chat?.id || !msg?.text) return;
+  const existing = telegramLinksDb.getByChatId(String(msg.chat.id));
+  if (existing) {
+    // Paired user path: a 6-digit-only message is treated as noise (we keep
+    // the already-paired binding); anything else is bridge traffic.
+    const maybeCode = parseMaybeCode(msg.text);
+    if (maybeCode) {
+      await safeSend(msg.chat.id, t(existing.language || 'en', 'welcome.alreadyPaired'));
+      return;
+    }
+    await handleBridgeMessage(msg, existing);
+    return;
+  }
+  // Unpaired user path: only thing we accept is a 6-digit code. Anything else
+  // is gently redirected to "please send your code" in a best-effort language
+  // (we don't know their app language yet, so fall back to English).
+  const maybeCode = parseMaybeCode(msg.text);
+  if (maybeCode) {
+    await handlePairing(msg, maybeCode);
+    return;
+  }
+  if (/^\/start\b/i.test(msg.text)) {
+    await safeSend(msg.chat.id, t('en', 'welcome.needsCode'));
+    return;
+  }
+  // Anything else: keep nudging for the code (per user's "hep lütfen kodu
+  // giriniz desin" requirement).
+  await safeSend(msg.chat.id, t('en', 'pairing.stillNeeded'));
+};
+const wirePollingErrors = () => {
+  if (!bot) return;
+  bot.on('polling_error', (err) => {
+    // 401 = bad token. 409 = another polling instance exists. Both mean we
+    // should stop and surface the error rather than thrash.
+    const code = err?.response?.statusCode || err?.code;
+    lastError = { code: code || 'polling_error', message: err?.message || String(err) };
+    if (code === 401 || code === 409) {
+      console.error('[telegram] fatal polling error, stopping:', lastError);
+      stopBot().catch(() => {});
+    } else {
+      console.warn('[telegram] polling error:', lastError);
+    }
+  });
+};
+export const startBot = async ({ token, persist = true } = {}) => {
+  if (!token) {
+    const config = telegramConfigDb.get();
+    token = config?.bot_token;
+  }
+  if (!token) {
+    throw new Error('No Telegram bot token available');
+  }
+  // Stop any previously-running instance before creating a new one — otherwise
+  // node-telegram-bot-api will keep two pollers alive and Telegram will throw
+  // 409 conflicts on every long-poll.
+  if (bot) await stopBot();
+  const instance = new TelegramBot(token, { polling: true });
+  // Validate the token first — if getMe fails we never want to persist a
+  // broken token or leave the poller running.
+  let me;
+  try {
+    me = await instance.getMe();
+  } catch (err) {
+    try { await instance.stopPolling(); } catch { /* ignore */ }
+    const reason = err?.response?.body?.description || err?.message || String(err);
+    lastError = { code: 'auth', message: reason };
+    const error = new Error(`Invalid bot token: ${reason}`);
+    error.code = 'INVALID_TOKEN';
+    throw error;
+  }
+  bot = instance;
+  botInfo = { id: me.id, username: me.username, first_name: me.first_name };
+  lastError = null;
+  if (persist) telegramConfigDb.set(token, me.username);
+  bot.on('message', (msg) => {
+    handleMessage(msg).catch((err) => {
+      console.error('[telegram] handleMessage crashed:', err);
+    });
+  });
+  wirePollingErrors();
+  console.log(`[telegram] bot started as @${me.username}`);
+  telegramEvents.emit('started', { username: me.username });
+  return botInfo;
+};
+export const stopBot = async () => {
+  if (!bot) return;
+  try {
+    await bot.stopPolling({ cancel: true });
+  } catch (err) {
+    console.warn('[telegram] stopPolling failed:', err?.message || err);
+  }
+  bot = null;
+  botInfo = null;
+  telegramEvents.emit('stopped');
+};
+export const removeBotConfig = async () => {
+  await stopBot();
+  telegramConfigDb.clear();
+};
+export const sendToUser = async (userId, text) => {
+  const link = telegramLinksDb.getByUserId(userId);
+  if (!link?.chat_id || !bot) return false;
+  try {
+    await bot.sendMessage(link.chat_id, text);
+    return true;
+  } catch (err) {
+    console.warn('[telegram] sendToUser failed:', err?.message || err);
+    return false;
+  }
+};
+// Convenience helper for notification-orchestrator: pick a translation key
+// based on notification kind, fill vars, and dispatch if the user has
+// notifications enabled.
+export const notifyUser = async ({ userId, kind, title, error }) => {
+  const link = telegramLinksDb.getByUserId(userId);
+  if (!link?.chat_id || !link.notifications_enabled) return false;
+  const lang = link.language || 'en';
+  const key =
+    kind === 'error'
+      ? 'notification.taskFailed'
+      : kind === 'action_required'
+        ? 'notification.actionRequired'
+        : 'notification.taskDone';
+  const text = t(lang, key, { title: title || 'Session', error: error || '' });
+  return sendToUser(userId, text);
+};
+// Boot the bot automatically if a token was previously persisted. This runs
+// once during server startup so a restart doesn't silently un-pair everyone.
+export const restoreBotFromConfig = async () => {
+  const config = telegramConfigDb.get();
+  if (!config?.bot_token) return;
+  try {
+    await startBot({ token: config.bot_token, persist: false });
+  } catch (err) {
+    console.warn('[telegram] Failed to restore bot:', err?.message || err);
+  }
+};

package/server/services/telegram/translations.js ADDED Viewed

@@ -0,0 +1,170 @@
+// Translations for bot-originated replies. These are strictly server-side —
+// the frontend has its own i18n system in src/i18n. When the user changes the
+// app language, we persist it on the telegram_links row and the bot consults
+// this map via `t(lang, key, vars)`.
+//
+// Keep keys flat; nested lookups are overkill for the small number of strings
+// the bot actually emits. English is the source of truth; missing keys in
+// other locales silently fall back to English.
+const EN = {
+  'welcome.needsCode': '👋 Hi! Please send me your 6-digit pairing code to link this chat with your Pixcode account.',
+  'welcome.alreadyPaired': '👋 You are already paired. I will forward your messages to your most recent session.',
+  'pairing.invalidFormat': 'Please send only the 6-digit code (digits only).',
+  'pairing.notFound': 'That code is invalid or has already been used. Please generate a new one in Pixcode and try again.',
+  'pairing.expired': 'That code has expired. Please generate a new one in Pixcode.',
+  'pairing.success': '✅ Linked successfully! You will now receive notifications for completed tasks. Send me a message any time to prompt your most recent session.',
+  'pairing.stillNeeded': 'Please send your 6-digit pairing code first. Open Pixcode → Settings → Telegram to get one.',
+  'bridge.queued': '📨 Message forwarded to your latest session. I will reply when the agent responds.',
+  'bridge.disabled': 'Message bridge is disabled. Enable it in Pixcode → Settings → Telegram.',
+  'notification.taskDone': '✅ {{title}} — task completed.',
+  'notification.taskFailed': '⚠️ {{title}} — task failed: {{error}}',
+  'notification.actionRequired': '❗ {{title}} — action required.',
+  'unpaired.notice': 'This chat has been unlinked from Pixcode. Send your 6-digit code to link again.',
+  'error.generic': 'Something went wrong. Please try again.',
+};
+const TR = {
+  'welcome.needsCode': '👋 Merhaba! Bu sohbeti Pixcode hesabınla eşlemek için 6 haneli kodunu gönder.',
+  'welcome.alreadyPaired': '👋 Zaten eşleşmişsin. Mesajlarını en son oturumuna ileteceğim.',
+  'pairing.invalidFormat': 'Lütfen sadece 6 haneli kodu gönder (yalnız rakam).',
+  'pairing.notFound': 'Bu kod geçersiz veya daha önce kullanılmış. Pixcode\'dan yeni bir tane oluştur.',
+  'pairing.expired': 'Bu kodun süresi doldu. Pixcode\'dan yeni bir tane oluştur.',
+  'pairing.success': '✅ Eşleşme başarılı! Bundan sonra tamamlanan görev bildirimlerini buradan alırsın. İstediğin zaman mesaj yazarak son oturumuna prompt gönderebilirsin.',
+  'pairing.stillNeeded': 'Önce 6 haneli eşleşme kodunu gönder. Pixcode → Ayarlar → Telegram\'dan alabilirsin.',
+  'bridge.queued': '📨 Mesaj son oturumuna iletildi. Ajan cevap verince sana yazacağım.',
+  'bridge.disabled': 'Mesaj köprüsü kapalı. Pixcode → Ayarlar → Telegram\'dan açabilirsin.',
+  'notification.taskDone': '✅ {{title}} — görev tamamlandı.',
+  'notification.taskFailed': '⚠️ {{title}} — görev başarısız: {{error}}',
+  'notification.actionRequired': '❗ {{title}} — işlem gerekli.',
+  'unpaired.notice': 'Bu sohbetin Pixcode ile bağlantısı kesildi. Tekrar eşleşmek için 6 haneli kodunu gönder.',
+  'error.generic': 'Bir şeyler ters gitti. Lütfen tekrar dene.',
+};
+const DE = {
+  'welcome.needsCode': '👋 Hallo! Bitte sende mir deinen 6-stelligen Pairing-Code, um diesen Chat mit deinem Pixcode-Konto zu verknüpfen.',
+  'welcome.alreadyPaired': '👋 Du bist bereits verknüpft. Ich leite deine Nachrichten an deine letzte Sitzung weiter.',
+  'pairing.invalidFormat': 'Bitte sende nur den 6-stelligen Code (nur Ziffern).',
+  'pairing.notFound': 'Dieser Code ist ungültig oder wurde bereits verwendet. Erzeuge in Pixcode einen neuen.',
+  'pairing.expired': 'Der Code ist abgelaufen. Erzeuge in Pixcode einen neuen.',
+  'pairing.success': '✅ Erfolgreich verknüpft! Du bekommst jetzt Benachrichtigungen zu abgeschlossenen Aufgaben und kannst jederzeit Nachrichten an deine letzte Sitzung senden.',
+  'pairing.stillNeeded': 'Bitte sende zuerst deinen 6-stelligen Pairing-Code aus Pixcode → Einstellungen → Telegram.',
+  'bridge.queued': '📨 Nachricht an deine letzte Sitzung weitergeleitet. Ich antworte, sobald der Agent antwortet.',
+  'bridge.disabled': 'Die Nachrichtenbrücke ist deaktiviert. Aktiviere sie in Pixcode → Einstellungen → Telegram.',
+  'notification.taskDone': '✅ {{title}} — Aufgabe abgeschlossen.',
+  'notification.taskFailed': '⚠️ {{title}} — Aufgabe fehlgeschlagen: {{error}}',
+  'notification.actionRequired': '❗ {{title}} — Aktion erforderlich.',
+  'unpaired.notice': 'Dieser Chat wurde von Pixcode getrennt. Sende deinen 6-stelligen Code, um ihn erneut zu verknüpfen.',
+  'error.generic': 'Etwas ist schiefgelaufen. Bitte versuche es erneut.',
+};
+const IT = {
+  'welcome.needsCode': '👋 Ciao! Inviami il tuo codice di abbinamento di 6 cifre per collegare questa chat al tuo account Pixcode.',
+  'welcome.alreadyPaired': '👋 Sei già collegato. Inoltrerò i tuoi messaggi alla tua ultima sessione.',
+  'pairing.invalidFormat': 'Invia solo il codice di 6 cifre (solo numeri).',
+  'pairing.notFound': 'Codice non valido o già utilizzato. Generane uno nuovo in Pixcode.',
+  'pairing.expired': 'Codice scaduto. Generane uno nuovo in Pixcode.',
+  'pairing.success': '✅ Collegato con successo! Riceverai le notifiche delle attività completate e potrai inviare messaggi alla tua ultima sessione.',
+  'pairing.stillNeeded': 'Invia prima il tuo codice di 6 cifre da Pixcode → Impostazioni → Telegram.',
+  'bridge.queued': '📨 Messaggio inoltrato alla tua ultima sessione. Risponderò quando l\'agente risponde.',
+  'bridge.disabled': 'Il bridge dei messaggi è disabilitato. Attivalo in Pixcode → Impostazioni → Telegram.',
+  'notification.taskDone': '✅ {{title}} — attività completata.',
+  'notification.taskFailed': '⚠️ {{title}} — attività fallita: {{error}}',
+  'notification.actionRequired': '❗ {{title}} — azione richiesta.',
+  'unpaired.notice': 'Questa chat è stata scollegata da Pixcode. Invia il tuo codice per ricollegarla.',
+  'error.generic': 'Qualcosa è andato storto. Riprova.',
+};
+const JA = {
+  'welcome.needsCode': '👋 こんにちは！このチャットをPixcodeアカウントにリンクするため、6桁のペアリングコードを送信してください。',
+  'welcome.alreadyPaired': '👋 既にリンク済みです。メッセージは最新のセッションに転送されます。',
+  'pairing.invalidFormat': '6桁の数字のみを送信してください。',
+  'pairing.notFound': 'コードが無効か既に使用されています。Pixcodeで新しいコードを生成してください。',
+  'pairing.expired': 'コードの有効期限が切れました。Pixcodeで新しいコードを生成してください。',
+  'pairing.success': '✅ リンクに成功しました！完了通知を受け取り、最新セッションへメッセージを送信できます。',
+  'pairing.stillNeeded': 'まず6桁のペアリングコードを送信してください。Pixcode → 設定 → Telegramで取得できます。',
+  'bridge.queued': '📨 メッセージを最新セッションに転送しました。エージェントの応答時にお知らせします。',
+  'bridge.disabled': 'メッセージブリッジは無効です。Pixcode → 設定 → Telegramで有効化してください。',
+  'notification.taskDone': '✅ {{title}} — タスク完了。',
+  'notification.taskFailed': '⚠️ {{title}} — タスク失敗: {{error}}',
+  'notification.actionRequired': '❗ {{title}} — 操作が必要。',
+  'unpaired.notice': 'このチャットはPixcodeから解除されました。6桁のコードで再リンクしてください。',
+  'error.generic': 'エラーが発生しました。もう一度お試しください。',
+};
+const KO = {
+  'welcome.needsCode': '👋 안녕하세요! Pixcode 계정과 이 채팅을 연결하려면 6자리 페어링 코드를 보내주세요.',
+  'welcome.alreadyPaired': '👋 이미 연결되어 있습니다. 메시지를 최근 세션으로 전달합니다.',
+  'pairing.invalidFormat': '숫자 6자리만 보내주세요.',
+  'pairing.notFound': '코드가 유효하지 않거나 이미 사용되었습니다. Pixcode에서 새 코드를 생성하세요.',
+  'pairing.expired': '코드가 만료되었습니다. Pixcode에서 새 코드를 생성하세요.',
+  'pairing.success': '✅ 연결 성공! 완료 알림을 받고, 최근 세션에 메시지를 보낼 수 있습니다.',
+  'pairing.stillNeeded': '먼저 6자리 페어링 코드를 보내주세요. Pixcode → 설정 → Telegram에서 얻을 수 있습니다.',
+  'bridge.queued': '📨 메시지를 최근 세션에 전달했습니다. 에이전트가 응답하면 알려드릴게요.',
+  'bridge.disabled': '메시지 브리지가 비활성화되어 있습니다. Pixcode → 설정 → Telegram에서 활성화하세요.',
+  'notification.taskDone': '✅ {{title}} — 작업 완료.',
+  'notification.taskFailed': '⚠️ {{title}} — 작업 실패: {{error}}',
+  'notification.actionRequired': '❗ {{title}} — 조치 필요.',
+  'unpaired.notice': '이 채팅은 Pixcode에서 연결 해제되었습니다. 6자리 코드로 다시 연결하세요.',
+  'error.generic': '문제가 발생했습니다. 다시 시도해주세요.',
+};
+const RU = {
+  'welcome.needsCode': '👋 Привет! Отправь мне 6-значный код сопряжения, чтобы связать этот чат с твоим аккаунтом Pixcode.',
+  'welcome.alreadyPaired': '👋 Ты уже связан. Я буду пересылать твои сообщения в последнюю сессию.',
+  'pairing.invalidFormat': 'Отправь только 6-значный код (только цифры).',
+  'pairing.notFound': 'Код недействителен или уже использован. Создай новый в Pixcode.',
+  'pairing.expired': 'Код истёк. Создай новый в Pixcode.',
+  'pairing.success': '✅ Связано! Теперь ты будешь получать уведомления о завершённых задачах и сможешь отправлять сообщения в последнюю сессию.',
+  'pairing.stillNeeded': 'Сначала отправь 6-значный код из Pixcode → Настройки → Telegram.',
+  'bridge.queued': '📨 Сообщение переслано в последнюю сессию. Отвечу, когда агент ответит.',
+  'bridge.disabled': 'Мост сообщений отключён. Включи его в Pixcode → Настройки → Telegram.',
+  'notification.taskDone': '✅ {{title}} — задача выполнена.',
+  'notification.taskFailed': '⚠️ {{title}} — задача провалена: {{error}}',
+  'notification.actionRequired': '❗ {{title}} — требуется действие.',
+  'unpaired.notice': 'Этот чат отвязан от Pixcode. Отправь 6-значный код, чтобы связать снова.',
+  'error.generic': 'Что-то пошло не так. Попробуй ещё раз.',
+};
+const ZH = {
+  'welcome.needsCode': '👋 你好！请发送 6 位配对码，将此聊天链接到你的 Pixcode 账户。',
+  'welcome.alreadyPaired': '👋 你已经链接。我会把消息转发到你最近的会话。',
+  'pairing.invalidFormat': '请只发送 6 位数字代码。',
+  'pairing.notFound': '代码无效或已使用。请在 Pixcode 中生成新代码。',
+  'pairing.expired': '代码已过期。请在 Pixcode 中生成新代码。',
+  'pairing.success': '✅ 链接成功！你将收到任务完成通知，并可以向最近的会话发送消息。',
+  'pairing.stillNeeded': '请先发送 6 位配对码。在 Pixcode → 设置 → Telegram 中获取。',
+  'bridge.queued': '📨 消息已转发到最近的会话。智能体回复时我会通知你。',
+  'bridge.disabled': '消息桥已禁用。在 Pixcode → 设置 → Telegram 中启用。',
+  'notification.taskDone': '✅ {{title}} — 任务完成。',
+  'notification.taskFailed': '⚠️ {{title}} — 任务失败：{{error}}',
+  'notification.actionRequired': '❗ {{title}} — 需要操作。',
+  'unpaired.notice': '此聊天已从 Pixcode 取消链接。发送 6 位代码即可重新链接。',
+  'error.generic': '出了点问题，请重试。',
+};
+const LOCALES = {
+  en: EN,
+  tr: TR,
+  de: DE,
+  it: IT,
+  ja: JA,
+  ko: KO,
+  ru: RU,
+  'zh-CN': ZH,
+};
+const interpolate = (template, vars) => {
+  if (!vars) return template;
+  return template.replace(/\{\{(\w+)\}\}/g, (match, name) => {
+    return Object.prototype.hasOwnProperty.call(vars, name) ? String(vars[name]) : match;
+  });
+};
+export const t = (language, key, vars) => {
+  const locale = LOCALES[language] || LOCALES.en;
+  const raw = locale[key] || LOCALES.en[key] || key;
+  return interpolate(raw, vars);
+};
+export const SUPPORTED_LANGUAGES = Object.keys(LOCALES);