npm - @pixelbyte-software/pixcode - Versions diffs - 1.30.2 → 1.31.1 - Mend

@pixelbyte-software/pixcode 1.30.2 → 1.31.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/LICENSE +718 -718
package/README.de.md +248 -248
package/README.ja.md +240 -240
package/README.ko.md +240 -240
package/README.md +295 -285
package/README.ru.md +248 -248
package/README.tr.md +250 -250
package/README.zh-CN.md +240 -240
package/dist/api-docs.html +879 -879
package/dist/assets/index-BtOeB3cE.js +837 -0
package/dist/assets/index-CDpePeIN.css +32 -0
package/dist/assets/vendor-codemirror-CzYAOTxS.js +41 -0
package/dist/clear-cache.html +85 -85
package/dist/convert-icons.md +52 -52
package/dist/favicon.png +0 -0
package/dist/favicon.svg +7 -8
package/dist/generate-icons.js +48 -48
package/dist/icons/codex-white.svg +3 -3
package/dist/icons/codex.svg +3 -3
package/dist/icons/cursor-white.svg +11 -11
package/dist/icons/icon-128x128.png +0 -0
package/dist/icons/icon-128x128.svg +9 -12
package/dist/icons/icon-144x144.png +0 -0
package/dist/icons/icon-144x144.svg +9 -12
package/dist/icons/icon-152x152.png +0 -0
package/dist/icons/icon-152x152.svg +9 -12
package/dist/icons/icon-192x192.png +0 -0
package/dist/icons/icon-192x192.svg +9 -12
package/dist/icons/icon-384x384.png +0 -0
package/dist/icons/icon-384x384.svg +9 -12
package/dist/icons/icon-512x512.png +0 -0
package/dist/icons/icon-512x512.svg +9 -12
package/dist/icons/icon-72x72.png +0 -0
package/dist/icons/icon-72x72.svg +9 -12
package/dist/icons/icon-96x96.png +0 -0
package/dist/icons/icon-96x96.svg +9 -12
package/dist/icons/icon-template.svg +9 -12
package/dist/icons/qwen-ai-icon.png +0 -0
package/dist/index.html +60 -50
package/dist/logo.png +0 -0
package/dist/logo.svg +11 -16
package/dist/manifest.json +60 -60
package/dist/sw.js +124 -124
package/dist-server/server/claude-sdk.js +28 -5
package/dist-server/server/claude-sdk.js.map +1 -1
package/dist-server/server/cli.js +100 -97
package/dist-server/server/cli.js.map +1 -1
package/dist-server/server/daemon/manager.js +33 -33
package/dist-server/server/daemon-manager.js +62 -62
package/dist-server/server/database/db.js +114 -22
package/dist-server/server/database/db.js.map +1 -1
package/dist-server/server/database/schema.js +122 -89
package/dist-server/server/database/schema.js.map +1 -1
package/dist-server/server/gemini-cli.js +6 -1
package/dist-server/server/gemini-cli.js.map +1 -1
package/dist-server/server/index.js +346 -61
package/dist-server/server/index.js.map +1 -1
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js +29 -2
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js +22 -2
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js +2 -2
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js +14 -2
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js +132 -0
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js +87 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js +201 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js +19 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js.map +1 -0
package/dist-server/server/modules/providers/provider.registry.js +2 -0
package/dist-server/server/modules/providers/provider.registry.js.map +1 -1
package/dist-server/server/modules/providers/provider.routes.js +478 -1
package/dist-server/server/modules/providers/provider.routes.js.map +1 -1
package/dist-server/server/modules/providers/shared/provider-configs.js +105 -0
package/dist-server/server/modules/providers/shared/provider-configs.js.map +1 -0
package/dist-server/server/projects.js +197 -6
package/dist-server/server/projects.js.map +1 -1
package/dist-server/server/qwen-code-cli.js +350 -0
package/dist-server/server/qwen-code-cli.js.map +1 -0
package/dist-server/server/qwen-response-handler.js +70 -0
package/dist-server/server/qwen-response-handler.js.map +1 -0
package/dist-server/server/routes/commands.js +25 -25
package/dist-server/server/routes/git.js +17 -17
package/dist-server/server/routes/network.js +116 -0
package/dist-server/server/routes/network.js.map +1 -0
package/dist-server/server/routes/projects.js +166 -1
package/dist-server/server/routes/projects.js.map +1 -1
package/dist-server/server/routes/qwen.js +23 -0
package/dist-server/server/routes/qwen.js.map +1 -0
package/dist-server/server/routes/taskmaster.js +419 -419
package/dist-server/server/routes/telegram.js +119 -0
package/dist-server/server/routes/telegram.js.map +1 -0
package/dist-server/server/services/external-access.js +228 -0
package/dist-server/server/services/external-access.js.map +1 -0
package/dist-server/server/services/install-jobs.js +552 -0
package/dist-server/server/services/install-jobs.js.map +1 -0
package/dist-server/server/services/notification-orchestrator.js +19 -5
package/dist-server/server/services/notification-orchestrator.js.map +1 -1
package/dist-server/server/services/provider-credentials.js +154 -0
package/dist-server/server/services/provider-credentials.js.map +1 -0
package/dist-server/server/services/provider-models.js +218 -0
package/dist-server/server/services/provider-models.js.map +1 -0
package/dist-server/server/services/telegram/bot.js +259 -0
package/dist-server/server/services/telegram/bot.js.map +1 -0
package/dist-server/server/services/telegram/translations.js +160 -0
package/dist-server/server/services/telegram/translations.js.map +1 -0
package/dist-server/server/utils/port-access.js +196 -0
package/dist-server/server/utils/port-access.js.map +1 -0
package/dist-server/shared/modelConstants.js +18 -0
package/dist-server/shared/modelConstants.js.map +1 -1
package/package.json +177 -168
package/scripts/fix-node-pty.js +67 -67
package/server/claude-sdk.js +857 -834
package/server/cli.js +940 -937
package/server/constants/config.js +4 -4
package/server/cursor-cli.js +342 -342
package/server/daemon/manager.js +564 -564
package/server/daemon-manager.js +920 -920
package/server/database/db.js +696 -593
package/server/database/schema.js +138 -102
package/server/gemini-cli.js +475 -469
package/server/gemini-response-handler.js +79 -79
package/server/index.js +2854 -2556
package/server/load-env.js +34 -34
package/server/middleware/auth.js +132 -132
package/server/modules/providers/list/claude/claude-auth.provider.ts +145 -123
package/server/modules/providers/list/claude/claude-mcp.provider.ts +135 -135
package/server/modules/providers/list/claude/claude-sessions.provider.ts +306 -306
package/server/modules/providers/list/claude/claude.provider.ts +15 -15
package/server/modules/providers/list/codex/codex-auth.provider.ts +115 -100
package/server/modules/providers/list/codex/codex-mcp.provider.ts +135 -135
package/server/modules/providers/list/codex/codex-sessions.provider.ts +319 -319
package/server/modules/providers/list/codex/codex.provider.ts +15 -15
package/server/modules/providers/list/cursor/cursor-auth.provider.ts +143 -143
package/server/modules/providers/list/cursor/cursor-mcp.provider.ts +108 -108
package/server/modules/providers/list/cursor/cursor-sessions.provider.ts +421 -421
package/server/modules/providers/list/cursor/cursor.provider.ts +15 -15
package/server/modules/providers/list/gemini/gemini-auth.provider.ts +163 -151
package/server/modules/providers/list/gemini/gemini-mcp.provider.ts +110 -110
package/server/modules/providers/list/gemini/gemini-sessions.provider.ts +227 -227
package/server/modules/providers/list/gemini/gemini.provider.ts +15 -15
package/server/modules/providers/list/qwen/qwen-auth.provider.ts +145 -0
package/server/modules/providers/list/qwen/qwen-mcp.provider.ts +114 -0
package/server/modules/providers/list/qwen/qwen-sessions.provider.ts +218 -0
package/server/modules/providers/list/qwen/qwen.provider.ts +21 -0
package/server/modules/providers/provider.registry.ts +38 -36
package/server/modules/providers/provider.routes.ts +781 -217
package/server/modules/providers/services/mcp.service.ts +94 -94
package/server/modules/providers/services/provider-auth.service.ts +26 -26
package/server/modules/providers/services/sessions.service.ts +45 -45
package/server/modules/providers/shared/base/abstract.provider.ts +20 -20
package/server/modules/providers/shared/mcp/mcp.provider.ts +151 -151
package/server/modules/providers/shared/provider-configs.ts +118 -0
package/server/modules/providers/tests/mcp.test.ts +293 -293
package/server/openai-codex.js +426 -426
package/server/projects.js +2993 -2792
package/server/qwen-code-cli.js +392 -0
package/server/qwen-response-handler.js +73 -0
package/server/routes/agent.js +1245 -1245
package/server/routes/auth.js +134 -134
package/server/routes/codex.js +19 -19
package/server/routes/commands.js +554 -554
package/server/routes/cursor.js +52 -52
package/server/routes/gemini.js +24 -24
package/server/routes/git.js +1488 -1488
package/server/routes/mcp-utils.js +31 -31
package/server/routes/messages.js +61 -61
package/server/routes/network.js +128 -0
package/server/routes/plugins.js +307 -307
package/server/routes/projects.js +795 -627
package/server/routes/qwen.js +27 -0
package/server/routes/settings.js +286 -286
package/server/routes/taskmaster.js +1471 -1471
package/server/routes/telegram.js +125 -0
package/server/routes/user.js +123 -123
package/server/services/external-access.js +240 -0
package/server/services/install-jobs.js +569 -0
package/server/services/notification-orchestrator.js +242 -227
package/server/services/provider-credentials.js +151 -0
package/server/services/provider-models.js +225 -0
package/server/services/telegram/bot.js +280 -0
package/server/services/telegram/translations.js +170 -0
package/server/services/vapid-keys.js +35 -35
package/server/sessionManager.js +225 -225
package/server/shared/interfaces.ts +54 -54
package/server/shared/types.ts +172 -172
package/server/shared/utils.ts +193 -193
package/server/tsconfig.json +36 -36
package/server/utils/colors.js +21 -21
package/server/utils/commandParser.js +303 -303
package/server/utils/frontmatter.js +18 -18
package/server/utils/gitConfig.js +34 -34
package/server/utils/mcp-detector.js +147 -147
package/server/utils/plugin-loader.js +457 -457
package/server/utils/plugin-process-manager.js +184 -184
package/server/utils/port-access.js +209 -0
package/server/utils/runtime-paths.js +37 -37
package/server/utils/taskmaster-websocket.js +128 -128
package/server/utils/url-detection.js +71 -71
package/server/vite-daemon.js +78 -78
package/shared/modelConstants.js +117 -97
package/shared/networkHosts.js +22 -22
package/dist/assets/index-C2c9QNwK.css +0 -32
package/dist/assets/index-DyXDZED-.js +0 -1277
package/dist/assets/vendor-codemirror-NA4v81it.js +0 -41

package/server/load-env.js CHANGED Viewed

@@ -1,34 +1,34 @@
-// Load environment variables from .env before other imports execute.
-import fs from 'fs';
-import os from 'os';
-import path from 'path';
-import { findAppRoot, getModuleDir } from './utils/runtime-paths.js';
-const __dirname = getModuleDir(import.meta.url);
-// Resolve the repo/app root via the nearest /server folder so this file keeps finding the
-// same top-level .env file from both /server/load-env.js and /dist-server/server/load-env.js.
-const APP_ROOT = findAppRoot(__dirname);
-try {
-  const envPath = path.join(APP_ROOT, '.env');
-  const envFile = fs.readFileSync(envPath, 'utf8');
-  envFile.split('\n').forEach(line => {
-    const trimmedLine = line.trim();
-    if (trimmedLine && !trimmedLine.startsWith('#')) {
-      const [key, ...valueParts] = trimmedLine.split('=');
-      if (key && valueParts.length > 0 && !process.env[key]) {
-        process.env[key] = valueParts.join('=').trim();
-      }
-    }
-  });
-} catch (e) {
-  console.log('No .env file found or error reading it:', e.message);
-}
-// Keep the default database in a stable user-level location so rebuilding dist-server
-// never changes where the backend stores auth.db when DATABASE_PATH is not set explicitly.
-const DEFAULT_DATABASE_PATH = path.join(os.homedir(), '.pixcode', 'auth.db');
-if (!process.env.DATABASE_PATH) {
-  process.env.DATABASE_PATH = DEFAULT_DATABASE_PATH;
-}
+// Load environment variables from .env before other imports execute.
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { findAppRoot, getModuleDir } from './utils/runtime-paths.js';
+const __dirname = getModuleDir(import.meta.url);
+// Resolve the repo/app root via the nearest /server folder so this file keeps finding the
+// same top-level .env file from both /server/load-env.js and /dist-server/server/load-env.js.
+const APP_ROOT = findAppRoot(__dirname);
+try {
+  const envPath = path.join(APP_ROOT, '.env');
+  const envFile = fs.readFileSync(envPath, 'utf8');
+  envFile.split('\n').forEach(line => {
+    const trimmedLine = line.trim();
+    if (trimmedLine && !trimmedLine.startsWith('#')) {
+      const [key, ...valueParts] = trimmedLine.split('=');
+      if (key && valueParts.length > 0 && !process.env[key]) {
+        process.env[key] = valueParts.join('=').trim();
+      }
+    }
+  });
+} catch (e) {
+  console.log('No .env file found or error reading it:', e.message);
+}
+// Keep the default database in a stable user-level location so rebuilding dist-server
+// never changes where the backend stores auth.db when DATABASE_PATH is not set explicitly.
+const DEFAULT_DATABASE_PATH = path.join(os.homedir(), '.pixcode', 'auth.db');
+if (!process.env.DATABASE_PATH) {
+  process.env.DATABASE_PATH = DEFAULT_DATABASE_PATH;
+}

package/server/middleware/auth.js CHANGED Viewed

@@ -1,132 +1,132 @@
-import jwt from 'jsonwebtoken';
-import { userDb, appConfigDb } from '../database/db.js';
-import { IS_PLATFORM } from '../constants/config.js';
-// Use env var if set, otherwise auto-generate a unique secret per installation
-const JWT_SECRET = process.env.JWT_SECRET || appConfigDb.getOrCreateJwtSecret();
-// Optional API key middleware
-const validateApiKey = (req, res, next) => {
-  // Skip API key validation if not configured
-  if (!process.env.API_KEY) {
-    return next();
-  }
-  const apiKey = req.headers['x-api-key'];
-  if (apiKey !== process.env.API_KEY) {
-    return res.status(401).json({ error: 'Invalid API key' });
-  }
-  next();
-};
-// JWT authentication middleware
-const authenticateToken = async (req, res, next) => {
-  // Platform mode:  use single database user
-  if (IS_PLATFORM) {
-    try {
-      const user = userDb.getFirstUser();
-      if (!user) {
-        return res.status(500).json({ error: 'Platform mode: No user found in database' });
-      }
-      req.user = user;
-      return next();
-    } catch (error) {
-      console.error('Platform mode error:', error);
-      return res.status(500).json({ error: 'Platform mode: Failed to fetch user' });
-    }
-  }
-  // Normal OSS JWT validation
-  const authHeader = req.headers['authorization'];
-  let token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
-  // Also check query param for SSE endpoints (EventSource can't set headers)
-  if (!token && req.query.token) {
-    token = req.query.token;
-  }
-  if (!token) {
-    return res.status(401).json({ error: 'Access denied. No token provided.' });
-  }
-  try {
-    const decoded = jwt.verify(token, JWT_SECRET);
-    // Verify user still exists and is active
-    const user = userDb.getUserById(decoded.userId);
-    if (!user) {
-      return res.status(401).json({ error: 'Invalid token. User not found.' });
-    }
-    // Auto-refresh: if token is past halfway through its lifetime, issue a new one
-    if (decoded.exp && decoded.iat) {
-      const now = Math.floor(Date.now() / 1000);
-      const halfLife = (decoded.exp - decoded.iat) / 2;
-      if (now > decoded.iat + halfLife) {
-        const newToken = generateToken(user);
-        res.setHeader('X-Refreshed-Token', newToken);
-      }
-    }
-    req.user = user;
-    next();
-  } catch (error) {
-    console.error('Token verification error:', error);
-    return res.status(403).json({ error: 'Invalid token' });
-  }
-};
-// Generate JWT token
-const generateToken = (user) => {
-  return jwt.sign(
-    {
-      userId: user.id,
-      username: user.username
-    },
-    JWT_SECRET,
-    { expiresIn: '7d' }
-  );
-};
-// WebSocket authentication function
-const authenticateWebSocket = (token) => {
-  // Platform mode: bypass token validation, return first user
-  if (IS_PLATFORM) {
-    try {
-      const user = userDb.getFirstUser();
-      if (user) {
-        return { id: user.id, userId: user.id, username: user.username };
-      }
-      return null;
-    } catch (error) {
-      console.error('Platform mode WebSocket error:', error);
-      return null;
-    }
-  }
-  // Normal OSS JWT validation
-  if (!token) {
-    return null;
-  }
-  try {
-    const decoded = jwt.verify(token, JWT_SECRET);
-    // Verify user actually exists in database (matches REST authenticateToken behavior)
-    const user = userDb.getUserById(decoded.userId);
-    if (!user) {
-      return null;
-    }
-    return { userId: user.id, username: user.username };
-  } catch (error) {
-    console.error('WebSocket token verification error:', error);
-    return null;
-  }
-};
-export {
-  validateApiKey,
-  authenticateToken,
-  generateToken,
-  authenticateWebSocket,
-  JWT_SECRET
-};
+import jwt from 'jsonwebtoken';
+import { userDb, appConfigDb } from '../database/db.js';
+import { IS_PLATFORM } from '../constants/config.js';
+// Use env var if set, otherwise auto-generate a unique secret per installation
+const JWT_SECRET = process.env.JWT_SECRET || appConfigDb.getOrCreateJwtSecret();
+// Optional API key middleware
+const validateApiKey = (req, res, next) => {
+  // Skip API key validation if not configured
+  if (!process.env.API_KEY) {
+    return next();
+  }
+  const apiKey = req.headers['x-api-key'];
+  if (apiKey !== process.env.API_KEY) {
+    return res.status(401).json({ error: 'Invalid API key' });
+  }
+  next();
+};
+// JWT authentication middleware
+const authenticateToken = async (req, res, next) => {
+  // Platform mode:  use single database user
+  if (IS_PLATFORM) {
+    try {
+      const user = userDb.getFirstUser();
+      if (!user) {
+        return res.status(500).json({ error: 'Platform mode: No user found in database' });
+      }
+      req.user = user;
+      return next();
+    } catch (error) {
+      console.error('Platform mode error:', error);
+      return res.status(500).json({ error: 'Platform mode: Failed to fetch user' });
+    }
+  }
+  // Normal OSS JWT validation
+  const authHeader = req.headers['authorization'];
+  let token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
+  // Also check query param for SSE endpoints (EventSource can't set headers)
+  if (!token && req.query.token) {
+    token = req.query.token;
+  }
+  if (!token) {
+    return res.status(401).json({ error: 'Access denied. No token provided.' });
+  }
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+    // Verify user still exists and is active
+    const user = userDb.getUserById(decoded.userId);
+    if (!user) {
+      return res.status(401).json({ error: 'Invalid token. User not found.' });
+    }
+    // Auto-refresh: if token is past halfway through its lifetime, issue a new one
+    if (decoded.exp && decoded.iat) {
+      const now = Math.floor(Date.now() / 1000);
+      const halfLife = (decoded.exp - decoded.iat) / 2;
+      if (now > decoded.iat + halfLife) {
+        const newToken = generateToken(user);
+        res.setHeader('X-Refreshed-Token', newToken);
+      }
+    }
+    req.user = user;
+    next();
+  } catch (error) {
+    console.error('Token verification error:', error);
+    return res.status(403).json({ error: 'Invalid token' });
+  }
+};
+// Generate JWT token
+const generateToken = (user) => {
+  return jwt.sign(
+    {
+      userId: user.id,
+      username: user.username
+    },
+    JWT_SECRET,
+    { expiresIn: '7d' }
+  );
+};
+// WebSocket authentication function
+const authenticateWebSocket = (token) => {
+  // Platform mode: bypass token validation, return first user
+  if (IS_PLATFORM) {
+    try {
+      const user = userDb.getFirstUser();
+      if (user) {
+        return { id: user.id, userId: user.id, username: user.username };
+      }
+      return null;
+    } catch (error) {
+      console.error('Platform mode WebSocket error:', error);
+      return null;
+    }
+  }
+  // Normal OSS JWT validation
+  if (!token) {
+    return null;
+  }
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+    // Verify user actually exists in database (matches REST authenticateToken behavior)
+    const user = userDb.getUserById(decoded.userId);
+    if (!user) {
+      return null;
+    }
+    return { userId: user.id, username: user.username };
+  } catch (error) {
+    console.error('WebSocket token verification error:', error);
+    return null;
+  }
+};
+export {
+  validateApiKey,
+  authenticateToken,
+  generateToken,
+  authenticateWebSocket,
+  JWT_SECRET
+};

package/server/modules/providers/list/claude/claude-auth.provider.ts CHANGED Viewed

@@ -1,123 +1,145 @@
-import { readFile } from 'node:fs/promises';
-import os from 'node:os';
-import path from 'node:path';
-import spawn from 'cross-spawn';
-import type { IProviderAuth } from '@/shared/interfaces.js';
-import type { ProviderAuthStatus } from '@/shared/types.js';
-import { readObjectRecord, readOptionalString } from '@/shared/utils.js';
-type ClaudeCredentialsStatus = {
-  authenticated: boolean;
-  email: string | null;
-  method: string | null;
-  error?: string;
-};
-export class ClaudeProviderAuth implements IProviderAuth {
-  /**
-   * Checks whether the Claude Code CLI is available on this host.
-   */
-  private checkInstalled(): boolean {
-      const cliPath = process.env.CLAUDE_CLI_PATH || 'claude';
-      try {
-        spawn.sync(cliPath, ['--version'], { stdio: 'ignore', timeout: 5000 });
-        return true;
-      } catch {
-        return false;
-      }
-  }
-  /**
-   * Returns Claude installation and credential status using Claude Code's auth priority.
-   */
-  async getStatus(): Promise<ProviderAuthStatus> {
-    const installed = this.checkInstalled();
-    if (!installed) {
-      return {
-        installed,
-        provider: 'claude',
-        authenticated: false,
-        email: null,
-        method: null,
-        error: 'Claude Code CLI is not installed',
-      };
-    }
-    const credentials = await this.checkCredentials();
-    return {
-      installed,
-      provider: 'claude',
-      authenticated: credentials.authenticated,
-      email: credentials.authenticated ? credentials.email || 'Authenticated' : credentials.email,
-      method: credentials.method,
-      error: credentials.authenticated ? undefined : credentials.error || 'Not authenticated',
-    };
-  }
-  /**
-   * Reads Claude settings env values that the CLI can use even when the server process env is empty.
-   */
-  private async loadSettingsEnv(): Promise<Record<string, unknown>> {
-    try {
-      const settingsPath = path.join(os.homedir(), '.claude', 'settings.json');
-      const content = await readFile(settingsPath, 'utf8');
-      const settings = readObjectRecord(JSON.parse(content));
-      return readObjectRecord(settings?.env) ?? {};
-    } catch {
-      return {};
-    }
-  }
-  /**
-   * Checks Claude credentials in the same priority order used by Claude Code.
-   */
-  private async checkCredentials(): Promise<ClaudeCredentialsStatus> {
-    if (process.env.ANTHROPIC_API_KEY?.trim()) {
-      return { authenticated: true, email: 'API Key Auth', method: 'api_key' };
-    }
-    const settingsEnv = await this.loadSettingsEnv();
-    if (readOptionalString(settingsEnv.ANTHROPIC_API_KEY)) {
-      return { authenticated: true, email: 'API Key Auth', method: 'api_key' };
-    }
-    if (readOptionalString(settingsEnv.ANTHROPIC_AUTH_TOKEN)) {
-      return { authenticated: true, email: 'Configured via settings.json', method: 'api_key' };
-    }
-    try {
-      const credPath = path.join(os.homedir(), '.claude', '.credentials.json');
-      const content = await readFile(credPath, 'utf8');
-      const creds = readObjectRecord(JSON.parse(content)) ?? {};
-      const oauth = readObjectRecord(creds.claudeAiOauth);
-      const accessToken = readOptionalString(oauth?.accessToken);
-      if (accessToken) {
-        const expiresAt = typeof oauth?.expiresAt === 'number' ? oauth.expiresAt : undefined;
-        const email = readOptionalString(creds.email) ?? readOptionalString(creds.user) ?? null;
-        if (!expiresAt || Date.now() < expiresAt) {
-          return {
-            authenticated: true,
-            email,
-            method: 'credentials_file',
-          };
-        }
-        return {
-          authenticated: false,
-          email,
-          method: 'credentials_file',
-          error: 'OAuth token has expired. Please re-authenticate with claude login',
-        };
-      }
-      return { authenticated: false, email: null, method: null };
-    } catch {
-      return { authenticated: false, email: null, method: null };
-    }
-  }
-}
+import { readFile } from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+import spawn from 'cross-spawn';
+import type { IProviderAuth } from '@/shared/interfaces.js';
+import type { ProviderAuthStatus } from '@/shared/types.js';
+import { readObjectRecord, readOptionalString } from '@/shared/utils.js';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore — plain-JS module
+import { getProviderCredentials } from '@/services/provider-credentials.js';
+type ClaudeCredentialsStatus = {
+  authenticated: boolean;
+  email: string | null;
+  method: string | null;
+  error?: string;
+};
+export class ClaudeProviderAuth implements IProviderAuth {
+  /**
+   * Checks whether the Claude Code CLI is available on this host.
+   *
+   * NOTE: `cross-spawn.sync` does NOT throw on ENOENT — it returns a result
+   * object with `error` populated. The try/catch alone was always returning
+   * true and every provider appeared "installed". We now require both
+   * `!result.error` and a numeric exit status (0 for `--version`) before
+   * trusting the install.
+   */
+  private checkInstalled(): boolean {
+    const cliPath = process.env.CLAUDE_CLI_PATH || 'claude';
+    try {
+      const result = spawn.sync(cliPath, ['--version'], { stdio: 'ignore', timeout: 5000 });
+      return !result.error && result.status === 0;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Returns Claude installation and credential status using Claude Code's auth priority.
+   */
+  async getStatus(): Promise<ProviderAuthStatus> {
+    const installed = this.checkInstalled();
+    if (!installed) {
+      return {
+        installed,
+        provider: 'claude',
+        authenticated: false,
+        email: null,
+        method: null,
+        error: 'Claude Code CLI is not installed',
+      };
+    }
+    const credentials = await this.checkCredentials();
+    return {
+      installed,
+      provider: 'claude',
+      authenticated: credentials.authenticated,
+      email: credentials.authenticated ? credentials.email || 'Authenticated' : credentials.email,
+      method: credentials.method,
+      error: credentials.authenticated ? undefined : credentials.error || 'Not authenticated',
+    };
+  }
+  /**
+   * Reads Claude settings env values that the CLI can use even when the server process env is empty.
+   */
+  private async loadSettingsEnv(): Promise<Record<string, unknown>> {
+    try {
+      const settingsPath = path.join(os.homedir(), '.claude', 'settings.json');
+      const content = await readFile(settingsPath, 'utf8');
+      const settings = readObjectRecord(JSON.parse(content));
+      return readObjectRecord(settings?.env) ?? {};
+    } catch {
+      return {};
+    }
+  }
+  /**
+   * Checks Claude credentials in the same priority order used by Claude Code.
+   */
+  private async checkCredentials(): Promise<ClaudeCredentialsStatus> {
+    // Pixcode-UI-saved credentials win. Users who paste a key into our
+    // Settings > Agents form expect authenticated status immediately,
+    // regardless of env var timing.
+    try {
+      const creds = await getProviderCredentials('claude');
+      if (creds?.apiKey) {
+        const label = creds.baseUrl
+          ? `API Key · ${(() => { try { return new URL(creds.baseUrl).host; } catch { return creds.baseUrl; } })()}`
+          : 'API Key Auth';
+        return { authenticated: true, email: label, method: 'pixcode_store' };
+      }
+    } catch { /* fall through */ }
+    if (process.env.ANTHROPIC_API_KEY?.trim()) {
+      return { authenticated: true, email: 'API Key Auth', method: 'api_key' };
+    }
+    const settingsEnv = await this.loadSettingsEnv();
+    if (readOptionalString(settingsEnv.ANTHROPIC_API_KEY)) {
+      return { authenticated: true, email: 'API Key Auth', method: 'api_key' };
+    }
+    if (readOptionalString(settingsEnv.ANTHROPIC_AUTH_TOKEN)) {
+      return { authenticated: true, email: 'Configured via settings.json', method: 'api_key' };
+    }
+    try {
+      const credPath = path.join(os.homedir(), '.claude', '.credentials.json');
+      const content = await readFile(credPath, 'utf8');
+      const creds = readObjectRecord(JSON.parse(content)) ?? {};
+      const oauth = readObjectRecord(creds.claudeAiOauth);
+      const accessToken = readOptionalString(oauth?.accessToken);
+      if (accessToken) {
+        const expiresAt = typeof oauth?.expiresAt === 'number' ? oauth.expiresAt : undefined;
+        const email = readOptionalString(creds.email) ?? readOptionalString(creds.user) ?? null;
+        if (!expiresAt || Date.now() < expiresAt) {
+          return {
+            authenticated: true,
+            email,
+            method: 'credentials_file',
+          };
+        }
+        return {
+          authenticated: false,
+          email,
+          method: 'credentials_file',
+          error: 'OAuth token has expired. Please re-authenticate with claude login',
+        };
+      }
+      return { authenticated: false, email: null, method: null };
+    } catch {
+      return { authenticated: false, email: null, method: null };
+    }
+  }
+}