npm - @pixelbyte-software/pixcode - Versions diffs - 1.30.2 → 1.31.1 - Mend

@pixelbyte-software/pixcode 1.30.2 → 1.31.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (209) hide show

package/LICENSE +718 -718
package/README.de.md +248 -248
package/README.ja.md +240 -240
package/README.ko.md +240 -240
package/README.md +295 -285
package/README.ru.md +248 -248
package/README.tr.md +250 -250
package/README.zh-CN.md +240 -240
package/dist/api-docs.html +879 -879
package/dist/assets/index-BtOeB3cE.js +837 -0
package/dist/assets/index-CDpePeIN.css +32 -0
package/dist/assets/vendor-codemirror-CzYAOTxS.js +41 -0
package/dist/clear-cache.html +85 -85
package/dist/convert-icons.md +52 -52
package/dist/favicon.png +0 -0
package/dist/favicon.svg +7 -8
package/dist/generate-icons.js +48 -48
package/dist/icons/codex-white.svg +3 -3
package/dist/icons/codex.svg +3 -3
package/dist/icons/cursor-white.svg +11 -11
package/dist/icons/icon-128x128.png +0 -0
package/dist/icons/icon-128x128.svg +9 -12
package/dist/icons/icon-144x144.png +0 -0
package/dist/icons/icon-144x144.svg +9 -12
package/dist/icons/icon-152x152.png +0 -0
package/dist/icons/icon-152x152.svg +9 -12
package/dist/icons/icon-192x192.png +0 -0
package/dist/icons/icon-192x192.svg +9 -12
package/dist/icons/icon-384x384.png +0 -0
package/dist/icons/icon-384x384.svg +9 -12
package/dist/icons/icon-512x512.png +0 -0
package/dist/icons/icon-512x512.svg +9 -12
package/dist/icons/icon-72x72.png +0 -0
package/dist/icons/icon-72x72.svg +9 -12
package/dist/icons/icon-96x96.png +0 -0
package/dist/icons/icon-96x96.svg +9 -12
package/dist/icons/icon-template.svg +9 -12
package/dist/icons/qwen-ai-icon.png +0 -0
package/dist/index.html +60 -50
package/dist/logo.png +0 -0
package/dist/logo.svg +11 -16
package/dist/manifest.json +60 -60
package/dist/sw.js +124 -124
package/dist-server/server/claude-sdk.js +28 -5
package/dist-server/server/claude-sdk.js.map +1 -1
package/dist-server/server/cli.js +100 -97
package/dist-server/server/cli.js.map +1 -1
package/dist-server/server/daemon/manager.js +33 -33
package/dist-server/server/daemon-manager.js +62 -62
package/dist-server/server/database/db.js +114 -22
package/dist-server/server/database/db.js.map +1 -1
package/dist-server/server/database/schema.js +122 -89
package/dist-server/server/database/schema.js.map +1 -1
package/dist-server/server/gemini-cli.js +6 -1
package/dist-server/server/gemini-cli.js.map +1 -1
package/dist-server/server/index.js +346 -61
package/dist-server/server/index.js.map +1 -1
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js +29 -2
package/dist-server/server/modules/providers/list/claude/claude-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js +22 -2
package/dist-server/server/modules/providers/list/codex/codex-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js +2 -2
package/dist-server/server/modules/providers/list/cursor/cursor-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js +14 -2
package/dist-server/server/modules/providers/list/gemini/gemini-auth.provider.js.map +1 -1
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js +132 -0
package/dist-server/server/modules/providers/list/qwen/qwen-auth.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js +87 -0
package/dist-server/server/modules/providers/list/qwen/qwen-mcp.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js +201 -0
package/dist-server/server/modules/providers/list/qwen/qwen-sessions.provider.js.map +1 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js +19 -0
package/dist-server/server/modules/providers/list/qwen/qwen.provider.js.map +1 -0
package/dist-server/server/modules/providers/provider.registry.js +2 -0
package/dist-server/server/modules/providers/provider.registry.js.map +1 -1
package/dist-server/server/modules/providers/provider.routes.js +478 -1
package/dist-server/server/modules/providers/provider.routes.js.map +1 -1
package/dist-server/server/modules/providers/shared/provider-configs.js +105 -0
package/dist-server/server/modules/providers/shared/provider-configs.js.map +1 -0
package/dist-server/server/projects.js +197 -6
package/dist-server/server/projects.js.map +1 -1
package/dist-server/server/qwen-code-cli.js +350 -0
package/dist-server/server/qwen-code-cli.js.map +1 -0
package/dist-server/server/qwen-response-handler.js +70 -0
package/dist-server/server/qwen-response-handler.js.map +1 -0
package/dist-server/server/routes/commands.js +25 -25
package/dist-server/server/routes/git.js +17 -17
package/dist-server/server/routes/network.js +116 -0
package/dist-server/server/routes/network.js.map +1 -0
package/dist-server/server/routes/projects.js +166 -1
package/dist-server/server/routes/projects.js.map +1 -1
package/dist-server/server/routes/qwen.js +23 -0
package/dist-server/server/routes/qwen.js.map +1 -0
package/dist-server/server/routes/taskmaster.js +419 -419
package/dist-server/server/routes/telegram.js +119 -0
package/dist-server/server/routes/telegram.js.map +1 -0
package/dist-server/server/services/external-access.js +228 -0
package/dist-server/server/services/external-access.js.map +1 -0
package/dist-server/server/services/install-jobs.js +552 -0
package/dist-server/server/services/install-jobs.js.map +1 -0
package/dist-server/server/services/notification-orchestrator.js +19 -5
package/dist-server/server/services/notification-orchestrator.js.map +1 -1
package/dist-server/server/services/provider-credentials.js +154 -0
package/dist-server/server/services/provider-credentials.js.map +1 -0
package/dist-server/server/services/provider-models.js +218 -0
package/dist-server/server/services/provider-models.js.map +1 -0
package/dist-server/server/services/telegram/bot.js +259 -0
package/dist-server/server/services/telegram/bot.js.map +1 -0
package/dist-server/server/services/telegram/translations.js +160 -0
package/dist-server/server/services/telegram/translations.js.map +1 -0
package/dist-server/server/utils/port-access.js +196 -0
package/dist-server/server/utils/port-access.js.map +1 -0
package/dist-server/shared/modelConstants.js +18 -0
package/dist-server/shared/modelConstants.js.map +1 -1
package/package.json +177 -168
package/scripts/fix-node-pty.js +67 -67
package/server/claude-sdk.js +857 -834
package/server/cli.js +940 -937
package/server/constants/config.js +4 -4
package/server/cursor-cli.js +342 -342
package/server/daemon/manager.js +564 -564
package/server/daemon-manager.js +920 -920
package/server/database/db.js +696 -593
package/server/database/schema.js +138 -102
package/server/gemini-cli.js +475 -469
package/server/gemini-response-handler.js +79 -79
package/server/index.js +2854 -2556
package/server/load-env.js +34 -34
package/server/middleware/auth.js +132 -132
package/server/modules/providers/list/claude/claude-auth.provider.ts +145 -123
package/server/modules/providers/list/claude/claude-mcp.provider.ts +135 -135
package/server/modules/providers/list/claude/claude-sessions.provider.ts +306 -306
package/server/modules/providers/list/claude/claude.provider.ts +15 -15
package/server/modules/providers/list/codex/codex-auth.provider.ts +115 -100
package/server/modules/providers/list/codex/codex-mcp.provider.ts +135 -135
package/server/modules/providers/list/codex/codex-sessions.provider.ts +319 -319
package/server/modules/providers/list/codex/codex.provider.ts +15 -15
package/server/modules/providers/list/cursor/cursor-auth.provider.ts +143 -143
package/server/modules/providers/list/cursor/cursor-mcp.provider.ts +108 -108
package/server/modules/providers/list/cursor/cursor-sessions.provider.ts +421 -421
package/server/modules/providers/list/cursor/cursor.provider.ts +15 -15
package/server/modules/providers/list/gemini/gemini-auth.provider.ts +163 -151
package/server/modules/providers/list/gemini/gemini-mcp.provider.ts +110 -110
package/server/modules/providers/list/gemini/gemini-sessions.provider.ts +227 -227
package/server/modules/providers/list/gemini/gemini.provider.ts +15 -15
package/server/modules/providers/list/qwen/qwen-auth.provider.ts +145 -0
package/server/modules/providers/list/qwen/qwen-mcp.provider.ts +114 -0
package/server/modules/providers/list/qwen/qwen-sessions.provider.ts +218 -0
package/server/modules/providers/list/qwen/qwen.provider.ts +21 -0
package/server/modules/providers/provider.registry.ts +38 -36
package/server/modules/providers/provider.routes.ts +781 -217
package/server/modules/providers/services/mcp.service.ts +94 -94
package/server/modules/providers/services/provider-auth.service.ts +26 -26
package/server/modules/providers/services/sessions.service.ts +45 -45
package/server/modules/providers/shared/base/abstract.provider.ts +20 -20
package/server/modules/providers/shared/mcp/mcp.provider.ts +151 -151
package/server/modules/providers/shared/provider-configs.ts +118 -0
package/server/modules/providers/tests/mcp.test.ts +293 -293
package/server/openai-codex.js +426 -426
package/server/projects.js +2993 -2792
package/server/qwen-code-cli.js +392 -0
package/server/qwen-response-handler.js +73 -0
package/server/routes/agent.js +1245 -1245
package/server/routes/auth.js +134 -134
package/server/routes/codex.js +19 -19
package/server/routes/commands.js +554 -554
package/server/routes/cursor.js +52 -52
package/server/routes/gemini.js +24 -24
package/server/routes/git.js +1488 -1488
package/server/routes/mcp-utils.js +31 -31
package/server/routes/messages.js +61 -61
package/server/routes/network.js +128 -0
package/server/routes/plugins.js +307 -307
package/server/routes/projects.js +795 -627
package/server/routes/qwen.js +27 -0
package/server/routes/settings.js +286 -286
package/server/routes/taskmaster.js +1471 -1471
package/server/routes/telegram.js +125 -0
package/server/routes/user.js +123 -123
package/server/services/external-access.js +240 -0
package/server/services/install-jobs.js +569 -0
package/server/services/notification-orchestrator.js +242 -227
package/server/services/provider-credentials.js +151 -0
package/server/services/provider-models.js +225 -0
package/server/services/telegram/bot.js +280 -0
package/server/services/telegram/translations.js +170 -0
package/server/services/vapid-keys.js +35 -35
package/server/sessionManager.js +225 -225
package/server/shared/interfaces.ts +54 -54
package/server/shared/types.ts +172 -172
package/server/shared/utils.ts +193 -193
package/server/tsconfig.json +36 -36
package/server/utils/colors.js +21 -21
package/server/utils/commandParser.js +303 -303
package/server/utils/frontmatter.js +18 -18
package/server/utils/gitConfig.js +34 -34
package/server/utils/mcp-detector.js +147 -147
package/server/utils/plugin-loader.js +457 -457
package/server/utils/plugin-process-manager.js +184 -184
package/server/utils/port-access.js +209 -0
package/server/utils/runtime-paths.js +37 -37
package/server/utils/taskmaster-websocket.js +128 -128
package/server/utils/url-detection.js +71 -71
package/server/vite-daemon.js +78 -78
package/shared/modelConstants.js +117 -97
package/shared/networkHosts.js +22 -22
package/dist/assets/index-C2c9QNwK.css +0 -32
package/dist/assets/index-DyXDZED-.js +0 -1277
package/dist/assets/vendor-codemirror-NA4v81it.js +0 -41

package/server/utils/plugin-process-manager.js CHANGED Viewed

@@ -1,184 +1,184 @@
-import { spawn } from 'child_process';
-import path from 'path';
-import { scanPlugins, getPluginsConfig, getPluginDir } from './plugin-loader.js';
-// Map<pluginName, { process, port }>
-const runningPlugins = new Map();
-// Map<pluginName, Promise<port>> — in-flight start operations
-const startingPlugins = new Map();
-/**
- * Start a plugin's server subprocess.
- * The plugin's server entry must print a JSON line with { ready: true, port: <number> }
- * to stdout within 10 seconds.
- */
-export function startPluginServer(name, pluginDir, serverEntry) {
-  if (runningPlugins.has(name)) {
-    return Promise.resolve(runningPlugins.get(name).port);
-  }
-  // Coalesce concurrent starts for the same plugin
-  if (startingPlugins.has(name)) {
-    return startingPlugins.get(name);
-  }
-  const startPromise = new Promise((resolve, reject) => {
-    const serverPath = path.join(pluginDir, serverEntry);
-    // Restricted env — only essentials, no host secrets
-    const pluginProcess = spawn('node', [serverPath], {
-      cwd: pluginDir,
-      env: {
-        PATH: process.env.PATH,
-        HOME: process.env.HOME,
-        NODE_ENV: process.env.NODE_ENV || 'production',
-        PLUGIN_NAME: name,
-      },
-      stdio: ['ignore', 'pipe', 'pipe'],
-    });
-    let resolved = false;
-    let stdout = '';
-    const timeout = setTimeout(() => {
-      if (!resolved) {
-        resolved = true;
-        pluginProcess.kill();
-        reject(new Error('Plugin server did not report ready within 10 seconds'));
-      }
-    }, 10000);
-    pluginProcess.stdout.on('data', (data) => {
-      if (resolved) return;
-      stdout += data.toString();
-      // Look for the JSON ready line
-      const lines = stdout.split('\n');
-      for (const line of lines) {
-        try {
-          const msg = JSON.parse(line.trim());
-          if (msg.ready && typeof msg.port === 'number') {
-            clearTimeout(timeout);
-            resolved = true;
-            runningPlugins.set(name, { process: pluginProcess, port: msg.port });
-            pluginProcess.on('exit', () => {
-              runningPlugins.delete(name);
-            });
-            console.log(`[Plugins] Server started for "${name}" on port ${msg.port}`);
-            resolve(msg.port);
-          }
-        } catch {
-          // Not JSON yet, keep buffering
-        }
-      }
-    });
-    pluginProcess.stderr.on('data', (data) => {
-      console.warn(`[Plugin:${name}] ${data.toString().trim()}`);
-    });
-    pluginProcess.on('error', (err) => {
-      clearTimeout(timeout);
-      if (!resolved) {
-        resolved = true;
-        reject(new Error(`Failed to start plugin server: ${err.message}`));
-      }
-    });
-    pluginProcess.on('exit', (code) => {
-      clearTimeout(timeout);
-      runningPlugins.delete(name);
-      if (!resolved) {
-        resolved = true;
-        reject(new Error(`Plugin server exited with code ${code} before reporting ready`));
-      }
-    });
-  }).finally(() => {
-    startingPlugins.delete(name);
-  });
-  startingPlugins.set(name, startPromise);
-  return startPromise;
-}
-/**
- * Stop a plugin's server subprocess.
- * Returns a Promise that resolves when the process has fully exited.
- */
-export function stopPluginServer(name) {
-  const entry = runningPlugins.get(name);
-  if (!entry) return Promise.resolve();
-  return new Promise((resolve) => {
-    const cleanup = () => {
-      clearTimeout(forceKillTimer);
-      runningPlugins.delete(name);
-      resolve();
-    };
-    entry.process.once('exit', cleanup);
-    entry.process.kill('SIGTERM');
-    // Force kill after 5 seconds if still running
-    const forceKillTimer = setTimeout(() => {
-      if (runningPlugins.has(name)) {
-        entry.process.kill('SIGKILL');
-        cleanup();
-      }
-    }, 5000);
-    console.log(`[Plugins] Server stopped for "${name}"`);
-  });
-}
-/**
- * Get the port a running plugin server is listening on.
- */
-export function getPluginPort(name) {
-  return runningPlugins.get(name)?.port ?? null;
-}
-/**
- * Check if a plugin's server is running.
- */
-export function isPluginRunning(name) {
-  return runningPlugins.has(name);
-}
-/**
- * Stop all running plugin servers (called on host shutdown).
- */
-export function stopAllPlugins() {
-  const stops = [];
-  for (const [name] of runningPlugins) {
-    stops.push(stopPluginServer(name));
-  }
-  return Promise.all(stops);
-}
-/**
- * Start servers for all enabled plugins that have a server entry.
- * Called once on host server boot.
- */
-export async function startEnabledPluginServers() {
-  const plugins = scanPlugins();
-  const config = getPluginsConfig();
-  for (const plugin of plugins) {
-    if (!plugin.server) continue;
-    if (config[plugin.name]?.enabled === false) continue;
-    const pluginDir = getPluginDir(plugin.name);
-    if (!pluginDir) continue;
-    try {
-      await startPluginServer(plugin.name, pluginDir, plugin.server);
-    } catch (err) {
-      console.error(`[Plugins] Failed to start server for "${plugin.name}":`, err.message);
-    }
-  }
-}
+import { spawn } from 'child_process';
+import path from 'path';
+import { scanPlugins, getPluginsConfig, getPluginDir } from './plugin-loader.js';
+// Map<pluginName, { process, port }>
+const runningPlugins = new Map();
+// Map<pluginName, Promise<port>> — in-flight start operations
+const startingPlugins = new Map();
+/**
+ * Start a plugin's server subprocess.
+ * The plugin's server entry must print a JSON line with { ready: true, port: <number> }
+ * to stdout within 10 seconds.
+ */
+export function startPluginServer(name, pluginDir, serverEntry) {
+  if (runningPlugins.has(name)) {
+    return Promise.resolve(runningPlugins.get(name).port);
+  }
+  // Coalesce concurrent starts for the same plugin
+  if (startingPlugins.has(name)) {
+    return startingPlugins.get(name);
+  }
+  const startPromise = new Promise((resolve, reject) => {
+    const serverPath = path.join(pluginDir, serverEntry);
+    // Restricted env — only essentials, no host secrets
+    const pluginProcess = spawn('node', [serverPath], {
+      cwd: pluginDir,
+      env: {
+        PATH: process.env.PATH,
+        HOME: process.env.HOME,
+        NODE_ENV: process.env.NODE_ENV || 'production',
+        PLUGIN_NAME: name,
+      },
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+    let resolved = false;
+    let stdout = '';
+    const timeout = setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        pluginProcess.kill();
+        reject(new Error('Plugin server did not report ready within 10 seconds'));
+      }
+    }, 10000);
+    pluginProcess.stdout.on('data', (data) => {
+      if (resolved) return;
+      stdout += data.toString();
+      // Look for the JSON ready line
+      const lines = stdout.split('\n');
+      for (const line of lines) {
+        try {
+          const msg = JSON.parse(line.trim());
+          if (msg.ready && typeof msg.port === 'number') {
+            clearTimeout(timeout);
+            resolved = true;
+            runningPlugins.set(name, { process: pluginProcess, port: msg.port });
+            pluginProcess.on('exit', () => {
+              runningPlugins.delete(name);
+            });
+            console.log(`[Plugins] Server started for "${name}" on port ${msg.port}`);
+            resolve(msg.port);
+          }
+        } catch {
+          // Not JSON yet, keep buffering
+        }
+      }
+    });
+    pluginProcess.stderr.on('data', (data) => {
+      console.warn(`[Plugin:${name}] ${data.toString().trim()}`);
+    });
+    pluginProcess.on('error', (err) => {
+      clearTimeout(timeout);
+      if (!resolved) {
+        resolved = true;
+        reject(new Error(`Failed to start plugin server: ${err.message}`));
+      }
+    });
+    pluginProcess.on('exit', (code) => {
+      clearTimeout(timeout);
+      runningPlugins.delete(name);
+      if (!resolved) {
+        resolved = true;
+        reject(new Error(`Plugin server exited with code ${code} before reporting ready`));
+      }
+    });
+  }).finally(() => {
+    startingPlugins.delete(name);
+  });
+  startingPlugins.set(name, startPromise);
+  return startPromise;
+}
+/**
+ * Stop a plugin's server subprocess.
+ * Returns a Promise that resolves when the process has fully exited.
+ */
+export function stopPluginServer(name) {
+  const entry = runningPlugins.get(name);
+  if (!entry) return Promise.resolve();
+  return new Promise((resolve) => {
+    const cleanup = () => {
+      clearTimeout(forceKillTimer);
+      runningPlugins.delete(name);
+      resolve();
+    };
+    entry.process.once('exit', cleanup);
+    entry.process.kill('SIGTERM');
+    // Force kill after 5 seconds if still running
+    const forceKillTimer = setTimeout(() => {
+      if (runningPlugins.has(name)) {
+        entry.process.kill('SIGKILL');
+        cleanup();
+      }
+    }, 5000);
+    console.log(`[Plugins] Server stopped for "${name}"`);
+  });
+}
+/**
+ * Get the port a running plugin server is listening on.
+ */
+export function getPluginPort(name) {
+  return runningPlugins.get(name)?.port ?? null;
+}
+/**
+ * Check if a plugin's server is running.
+ */
+export function isPluginRunning(name) {
+  return runningPlugins.has(name);
+}
+/**
+ * Stop all running plugin servers (called on host shutdown).
+ */
+export function stopAllPlugins() {
+  const stops = [];
+  for (const [name] of runningPlugins) {
+    stops.push(stopPluginServer(name));
+  }
+  return Promise.all(stops);
+}
+/**
+ * Start servers for all enabled plugins that have a server entry.
+ * Called once on host server boot.
+ */
+export async function startEnabledPluginServers() {
+  const plugins = scanPlugins();
+  const config = getPluginsConfig();
+  for (const plugin of plugins) {
+    if (!plugin.server) continue;
+    if (config[plugin.name]?.enabled === false) continue;
+    const pluginDir = getPluginDir(plugin.name);
+    if (!pluginDir) continue;
+    try {
+      await startPluginServer(plugin.name, pluginDir, plugin.server);
+    } catch (err) {
+      console.error(`[Plugins] Failed to start server for "${plugin.name}":`, err.message);
+    }
+  }
+}

package/server/utils/port-access.js ADDED Viewed

@@ -0,0 +1,209 @@
+import os from 'os';
+import fs from 'fs';
+import path from 'path';
+import readline from 'readline';
+import { execSync } from 'child_process';
+import { c } from './colors.js';
+/**
+ * Tracks inbound port access decisions across runs so the server doesn't
+ * re-prompt the user (on Windows/macOS) every start, and can skip work on
+ * Linux where a rule has already been applied.
+ */
+const STATE_FILE = path.join(os.homedir(), '.pixcode', 'port-access.json');
+function loadState() {
+  try {
+    return JSON.parse(fs.readFileSync(STATE_FILE, 'utf8'));
+  } catch {
+    return {};
+  }
+}
+function saveState(state) {
+  try {
+    fs.mkdirSync(path.dirname(STATE_FILE), { recursive: true });
+    fs.writeFileSync(STATE_FILE, JSON.stringify(state, null, 2));
+  } catch {
+    // Persisting the decision is a nice-to-have; failure shouldn't block start.
+  }
+}
+/** Return all non-loopback IPv4 addresses assigned to this host. */
+export function getLanIps() {
+  const ifs = os.networkInterfaces();
+  const ips = [];
+  for (const name of Object.keys(ifs)) {
+    for (const ni of ifs[name] || []) {
+      if (ni.family === 'IPv4' && !ni.internal) ips.push(ni.address);
+    }
+  }
+  return ips;
+}
+function askYN(question) {
+  return new Promise((resolve) => {
+    if (!process.stdin.isTTY || !process.stdout.isTTY) {
+      resolve(null); // headless / daemon context — skip
+      return;
+    }
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(question, (answer) => {
+      rl.close();
+      const normalized = answer.trim().toLowerCase();
+      resolve(['y', 'yes', 'e', 'evet'].includes(normalized));
+    });
+  });
+}
+// ---------------- Linux ----------------
+function tryUfw(port) {
+  try {
+    execSync('command -v ufw', { stdio: 'pipe' });
+    const status = execSync('ufw status', { stdio: 'pipe', encoding: 'utf8' });
+    // UFW inactive = no rule needed; the port is already reachable.
+    if (!/active/i.test(status)) return 'inactive';
+    execSync(`sudo -n ufw allow ${port}/tcp`, { stdio: 'pipe' });
+    return 'applied';
+  } catch {
+    return null;
+  }
+}
+function tryFirewalld(port) {
+  try {
+    execSync('command -v firewall-cmd', { stdio: 'pipe' });
+    const state = execSync('firewall-cmd --state', { stdio: 'pipe', encoding: 'utf8' });
+    if (!/running/i.test(state)) return 'inactive';
+    execSync(`sudo -n firewall-cmd --add-port=${port}/tcp --permanent`, { stdio: 'pipe' });
+    execSync('sudo -n firewall-cmd --reload', { stdio: 'pipe' });
+    return 'applied';
+  } catch {
+    return null;
+  }
+}
+// ---------------- Windows ----------------
+function applyWindowsRule(port) {
+  const ruleName = `Pixcode-${port}`;
+  const cmd = `netsh advfirewall firewall add rule name="${ruleName}" dir=in action=allow protocol=TCP localport=${port}`;
+  try {
+    execSync(cmd, { stdio: 'pipe' });
+    return { ok: true, cmd, ruleName };
+  } catch (error) {
+    return { ok: false, cmd, ruleName, error: error.message };
+  }
+}
+// ---------------- macOS ----------------
+function macFirewallHint(port) {
+  return [
+    `${c.tip('[TIP]')}  macOS Application Firewall is per-app, not per-port.`,
+    '       If other devices can\'t connect, open:',
+    '       System Settings > Network > Firewall > Options',
+    `       and add Node.js to "Allow incoming connections" (port ${port}).`,
+  ].join('\n');
+}
+// ---------------- Main entry ----------------
+/**
+ * Make sure inbound traffic can reach `port` from the local network.
+ *
+ * - Linux: silently try ufw/firewalld with `sudo -n` (passwordless). Skips
+ *   cleanly when no firewall is running or sudo is gated — LAN access
+ *   already works on most desktop distros.
+ * - Windows/macOS: ask the user once; remember the decision in
+ *   ~/.pixcode/port-access.json so subsequent starts stay quiet.
+ *
+ * All failure paths are non-fatal: the server is already listening when
+ * we get here, and LAN clients on the same subnet often can reach it
+ * without any firewall change.
+ */
+export async function ensurePortOpen(port) {
+  const state = loadState();
+  const key = `port:${port}`;
+  const entry = state[key];
+  const lanIps = getLanIps();
+  if (lanIps.length) {
+    console.log(`${c.info('[INFO]')} LAN access:  ${c.bright(`http://${lanIps[0]}:${port}`)}`);
+    if (lanIps.length > 1) {
+      for (const extra of lanIps.slice(1)) {
+        console.log(`${c.dim('       also:')}  http://${extra}:${port}`);
+      }
+    }
+  }
+  if (entry && entry.decision === 'deny') {
+    console.log(`${c.dim('[INFO]')} Firewall prompt suppressed (previously declined). Re-enable via ~/.pixcode/port-access.json`);
+    return;
+  }
+  const platform = process.platform;
+  if (platform === 'linux') {
+    if (entry && entry.status === 'applied') return;
+    const result = tryUfw(port) || tryFirewalld(port);
+    if (result === 'applied') {
+      console.log(`${c.ok('[OK]')}   Inbound firewall rule added for port ${port}.`);
+      saveState({ ...state, [key]: { decision: 'allow', status: 'applied', via: 'linux' } });
+    } else if (result === 'inactive') {
+      console.log(`${c.dim('[INFO]')} No active firewall detected — port ${port} should be reachable.`);
+    } else {
+      console.log(`${c.tip('[TIP]')}  Couldn't auto-open port (no sudo / unsupported firewall).`);
+      console.log(`       Manual: ${c.bright(`sudo ufw allow ${port}/tcp`)}  ${c.dim('(or firewall-cmd equivalent)')}`);
+    }
+    return;
+  }
+  if (platform === 'win32') {
+    if (entry && entry.status === 'applied') return;
+    const approved = await askYN(
+      `${c.tip('[?]')}    Open port ${port} in Windows Firewall so other devices on your network can connect? [y/N] `,
+    );
+    if (approved === null) {
+      // No TTY — just show the manual command and move on.
+      console.log(
+        `${c.tip('[TIP]')}  To allow LAN access, run this in an elevated PowerShell:\n       ${c.bright(
+          `netsh advfirewall firewall add rule name="Pixcode-${port}" dir=in action=allow protocol=TCP localport=${port}`,
+        )}`,
+      );
+      return;
+    }
+    if (!approved) {
+      console.log(`${c.dim('[INFO]')} Skipping firewall change.`);
+      saveState({ ...state, [key]: { decision: 'deny' } });
+      return;
+    }
+    const result = applyWindowsRule(port);
+    if (result.ok) {
+      console.log(`${c.ok('[OK]')}   Firewall rule "${result.ruleName}" added.`);
+      saveState({ ...state, [key]: { decision: 'allow', status: 'applied', via: 'windows' } });
+    } else {
+      console.log(`${c.tip('[TIP]')}  Adding the rule needs Administrator. Run this in an elevated PowerShell:`);
+      console.log(`       ${c.bright(result.cmd)}`);
+      saveState({ ...state, [key]: { decision: 'allow', status: 'manual' } });
+    }
+    return;
+  }
+  if (platform === 'darwin') {
+    if (entry && entry.status) return;
+    const approved = await askYN(
+      `${c.tip('[?]')}    Allow inbound connections on port ${port} through macOS firewall? [y/N] `,
+    );
+    if (approved === null) return;
+    if (!approved) {
+      console.log(`${c.dim('[INFO]')} Skipping firewall hint.`);
+      saveState({ ...state, [key]: { decision: 'deny' } });
+      return;
+    }
+    console.log(macFirewallHint(port));
+    saveState({ ...state, [key]: { decision: 'allow', status: 'manual', via: 'macos' } });
+  }
+}

package/server/utils/runtime-paths.js CHANGED Viewed

@@ -1,37 +1,37 @@
-import path from 'path';
-import { fileURLToPath } from 'url';
-export function getModuleDir(importMetaUrl) {
-  return path.dirname(fileURLToPath(importMetaUrl));
-}
-export function findServerRoot(startDir) {
-  // Source files live under /server, while compiled files live under /dist-server/server.
-  // Walking up to the nearest "server" folder gives every backend module one stable anchor
-  // that works in both layouts instead of relying on fragile "../.." assumptions.
-  let currentDir = startDir;
-  while (path.basename(currentDir) !== 'server') {
-    const parentDir = path.dirname(currentDir);
-    if (parentDir === currentDir) {
-      throw new Error(`Could not resolve the backend server root from "${startDir}".`);
-    }
-    currentDir = parentDir;
-  }
-  return currentDir;
-}
-export function findAppRoot(startDir) {
-  const serverRoot = findServerRoot(startDir);
-  const parentOfServerRoot = path.dirname(serverRoot);
-  // Source files live at <app>/server, while compiled files live at <app>/dist-server/server.
-  // When the nearest server folder sits inside dist-server we need to hop one extra level up
-  // so repo-level files still resolve from the real app root instead of the build directory.
-  return path.basename(parentOfServerRoot) === 'dist-server'
-    ? path.dirname(parentOfServerRoot)
-    : parentOfServerRoot;
-}
+import path from 'path';
+import { fileURLToPath } from 'url';
+export function getModuleDir(importMetaUrl) {
+  return path.dirname(fileURLToPath(importMetaUrl));
+}
+export function findServerRoot(startDir) {
+  // Source files live under /server, while compiled files live under /dist-server/server.
+  // Walking up to the nearest "server" folder gives every backend module one stable anchor
+  // that works in both layouts instead of relying on fragile "../.." assumptions.
+  let currentDir = startDir;
+  while (path.basename(currentDir) !== 'server') {
+    const parentDir = path.dirname(currentDir);
+    if (parentDir === currentDir) {
+      throw new Error(`Could not resolve the backend server root from "${startDir}".`);
+    }
+    currentDir = parentDir;
+  }
+  return currentDir;
+}
+export function findAppRoot(startDir) {
+  const serverRoot = findServerRoot(startDir);
+  const parentOfServerRoot = path.dirname(serverRoot);
+  // Source files live at <app>/server, while compiled files live at <app>/dist-server/server.
+  // When the nearest server folder sits inside dist-server we need to hop one extra level up
+  // so repo-level files still resolve from the real app root instead of the build directory.
+  return path.basename(parentOfServerRoot) === 'dist-server'
+    ? path.dirname(parentOfServerRoot)
+    : parentOfServerRoot;
+}