@pixelbyte-software/pixcode 1.31.0 → 1.31.2

package/server/modules/providers/provider.routes.ts

@@ -40,7 +40,16 @@ const STATIC_MODELS_BY_PROVIDER: Record<LLMProvider, Array<{ value: string; labe
 };
 import type { LLMProvider, McpScope, McpTransport, UpsertProviderMcpServerInput } from '@/shared/types.js';
 import { AppError, asyncHandler, createApiSuccessResponse } from '@/shared/utils.js';
+import fs from 'node:fs/promises';
 import http from 'node:http';
+import os from 'node:os';
+import path from 'node:path';
+
+import {
+  MAX_CONFIG_FILE_SIZE_BYTES,
+  PROVIDER_CONFIG_FILES,
+  type ProviderConfigFile,
+} from '@/modules/providers/shared/provider-configs.js';
 
 /**
  * npm-global install command per provider. Used by POST
@@ -580,4 +589,193 @@ router.post(
   }),
 );
 
+// ============================================================================
+// Provider config files — read / edit the per-CLI settings/env files from
+// inside Pixcode rather than making the user open a text editor themselves.
+// The registry at server/modules/providers/shared/provider-configs.ts is the
+// single source of truth for which files exist; the client pulls this list
+// via GET /config-files and then reads/writes individual files by id.
+// ============================================================================
+
+// Resolve a config descriptor from (provider, fileId). Throws a 404
+// AppError if either isn't registered so the client sees a clear failure
+// instead of a generic 500.
+const resolveConfigFile = (provider: string, fileId: string): { descriptor: ProviderConfigFile; absolutePath: string } => {
+  const list = PROVIDER_CONFIG_FILES[provider];
+  if (!list) {
+    throw new AppError(`No config files registered for provider "${provider}"`, {
+      code: 'PROVIDER_CONFIG_UNKNOWN_PROVIDER',
+      statusCode: 404,
+    });
+  }
+  const descriptor = list.find((entry) => entry.id === fileId);
+  if (!descriptor) {
+    throw new AppError(`Unknown config file "${fileId}" for provider "${provider}"`, {
+      code: 'PROVIDER_CONFIG_UNKNOWN_FILE',
+      statusCode: 404,
+    });
+  }
+  // Always resolve relative to the server's os.homedir() — we never trust
+  // the client for any part of the path. `path.resolve` then normalises
+  // out any `..` segments the registry might accidentally contain.
+  const absolutePath = path.resolve(os.homedir(), descriptor.relativePath);
+  return { descriptor, absolutePath };
+};
+
+router.get(
+  '/:provider/config-files',
+  asyncHandler(async (req: Request, res: Response) => {
+    const provider = String(req.params.provider);
+    const list = PROVIDER_CONFIG_FILES[provider];
+    if (!list) {
+      throw new AppError(`No config files registered for provider "${provider}"`, {
+        code: 'PROVIDER_CONFIG_UNKNOWN_PROVIDER',
+        statusCode: 404,
+      });
+    }
+    const files = await Promise.all(
+      list.map(async (entry: ProviderConfigFile) => {
+        const absolutePath = path.resolve(os.homedir(), entry.relativePath);
+        let exists = false;
+        let size: number | null = null;
+        let updatedAt: string | null = null;
+        try {
+          const stat = await fs.stat(absolutePath);
+          exists = stat.isFile();
+          size = stat.size;
+          updatedAt = stat.mtime.toISOString();
+        } catch (err) {
+          // ENOENT is the expected path for "user hasn't created this yet".
+          // Anything else (EACCES, EISDIR, …) we surface as a hint rather
+          // than blow up the whole list response.
+          if ((err as NodeJS.ErrnoException).code !== 'ENOENT') {
+            console.warn(`[provider-configs] stat ${absolutePath}:`, (err as Error).message);
+          }
+        }
+        return {
+          id: entry.id,
+          label: entry.label,
+          format: entry.format,
+          readonly: Boolean(entry.readonly),
+          description: entry.description ?? null,
+          relativePath: entry.relativePath,
+          absolutePath,
+          exists,
+          size,
+          updatedAt,
+        };
+      }),
+    );
+    res.json(createApiSuccessResponse({ provider, files }));
+  }),
+);
+
+router.get(
+  '/:provider/config-files/:fileId',
+  asyncHandler(async (req: Request, res: Response) => {
+    const provider = String(req.params.provider);
+    const fileId = String(req.params.fileId);
+    const { descriptor, absolutePath } = resolveConfigFile(provider, fileId);
+
+    try {
+      const stat = await fs.stat(absolutePath);
+      if (!stat.isFile()) {
+        throw new AppError(`${absolutePath} is not a regular file`, {
+          code: 'PROVIDER_CONFIG_NOT_FILE',
+          statusCode: 409,
+        });
+      }
+      if (stat.size > MAX_CONFIG_FILE_SIZE_BYTES) {
+        throw new AppError(
+          `Config file is larger than ${MAX_CONFIG_FILE_SIZE_BYTES} bytes — refusing to load`,
+          { code: 'PROVIDER_CONFIG_TOO_LARGE', statusCode: 413 },
+        );
+      }
+      const contents = await fs.readFile(absolutePath, 'utf8');
+      res.json(createApiSuccessResponse({
+        id: descriptor.id,
+        label: descriptor.label,
+        format: descriptor.format,
+        readonly: Boolean(descriptor.readonly),
+        relativePath: descriptor.relativePath,
+        absolutePath,
+        exists: true,
+        size: stat.size,
+        updatedAt: stat.mtime.toISOString(),
+        contents,
+      }));
+    } catch (err) {
+      if ((err as NodeJS.ErrnoException).code === 'ENOENT') {
+        // Report "file doesn't exist yet" with empty contents so the UI can
+        // still open an editor and let the user create it with a save.
+        res.json(createApiSuccessResponse({
+          id: descriptor.id,
+          label: descriptor.label,
+          format: descriptor.format,
+          readonly: Boolean(descriptor.readonly),
+          relativePath: descriptor.relativePath,
+          absolutePath,
+          exists: false,
+          size: 0,
+          updatedAt: null,
+          contents: '',
+        }));
+        return;
+      }
+      throw err;
+    }
+  }),
+);
+
+router.put(
+  '/:provider/config-files/:fileId',
+  asyncHandler(async (req: Request, res: Response) => {
+    const provider = String(req.params.provider);
+    const fileId = String(req.params.fileId);
+    const { descriptor, absolutePath } = resolveConfigFile(provider, fileId);
+
+    if (descriptor.readonly) {
+      throw new AppError(`${descriptor.label} is read-only`, {
+        code: 'PROVIDER_CONFIG_READONLY',
+        statusCode: 403,
+      });
+    }
+
+    const contents = typeof req.body?.contents === 'string' ? req.body.contents : '';
+    if (Buffer.byteLength(contents, 'utf8') > MAX_CONFIG_FILE_SIZE_BYTES) {
+      throw new AppError(
+        `Refusing to write: contents exceed ${MAX_CONFIG_FILE_SIZE_BYTES} bytes`,
+        { code: 'PROVIDER_CONFIG_TOO_LARGE', statusCode: 413 },
+      );
+    }
+
+    // Light format validation — catches "pasted a stray character and now
+    // the CLI refuses to start" before we actually save the file. We don't
+    // try to be strict about TOML / env formats because a user who's
+    // editing these probably knows the grammar better than our regex.
+    if (descriptor.format === 'json') {
+      try {
+        JSON.parse(contents || '{}');
+      } catch (err) {
+        throw new AppError(`Invalid JSON: ${(err as Error).message}`, {
+          code: 'PROVIDER_CONFIG_INVALID_JSON',
+          statusCode: 400,
+        });
+      }
+    }
+
+    await fs.mkdir(path.dirname(absolutePath), { recursive: true });
+    await fs.writeFile(absolutePath, contents, 'utf8');
+
+    const stat = await fs.stat(absolutePath);
+    res.json(createApiSuccessResponse({
+      id: descriptor.id,
+      relativePath: descriptor.relativePath,
+      absolutePath,
+      size: stat.size,
+      updatedAt: stat.mtime.toISOString(),
+    }));
+  }),
+);
+
 export default router;

package/server/modules/providers/shared/provider-configs.ts

@@ -0,0 +1,118 @@
+/**
+ * Registry of user-editable config files per provider CLI.
+ *
+ * This is the single source of truth for the Settings → Agents →
+ * Configuration tab. Adding a new provider? Append a row here and the
+ * UI + API pick it up — no component changes required.
+ *
+ * Rules:
+ *   - `relativePath` is relative to the user's home directory.
+ *     We never accept absolute paths from the client; the server
+ *     resolves these explicitly so path traversal is impossible.
+ *   - `format` drives the CodeMirror language extension on the client.
+ *   - `readonly: true` hides the Save button and the server rejects
+ *     writes. Use it for files the CLI owns (e.g. OAuth tokens).
+ *   - `description` is shown as a subtle caption under the editor.
+ */
+
+export type ProviderConfigFormat = 'json' | 'toml' | 'env' | 'text';
+
+export type ProviderConfigFile = {
+  id: string;
+  label: string;
+  relativePath: string;
+  format: ProviderConfigFormat;
+  readonly?: boolean;
+  description?: string;
+};
+
+export const PROVIDER_CONFIG_FILES: Record<string, ProviderConfigFile[]> = {
+  claude: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.claude/settings.json',
+      format: 'json',
+      description: 'Main Claude Code settings — default model, system prompt, tool policy.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.claude/.env',
+      format: 'env',
+      description: 'Environment variables loaded when Claude runs (e.g. ANTHROPIC_API_KEY).',
+    },
+  ],
+  codex: [
+    {
+      id: 'config',
+      label: 'config.toml',
+      relativePath: '.codex/config.toml',
+      format: 'toml',
+      description: 'Main Codex CLI config — models, MCP servers, approval policy, sandbox mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.codex/.env',
+      format: 'env',
+      description: 'Environment variables (OPENAI_API_KEY, OPENAI_BASE_URL, …).',
+    },
+    {
+      id: 'auth',
+      label: 'auth.json',
+      relativePath: '.codex/auth.json',
+      format: 'json',
+      readonly: true,
+      description: 'OAuth tokens managed by `codex login`. Read-only; editing here would corrupt the session.',
+    },
+  ],
+  cursor: [
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.cursor/.env',
+      format: 'env',
+      description: 'Cursor CLI environment variables.',
+    },
+  ],
+  gemini: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.gemini/settings.json',
+      format: 'json',
+      description: 'Main Gemini CLI settings — selected model, MCP servers, tool approval mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.gemini/.env',
+      format: 'env',
+      description: 'Environment variables (GOOGLE_API_KEY, GEMINI_API_KEY, …).',
+    },
+  ],
+  qwen: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.qwen/settings.json',
+      format: 'json',
+      description: 'Main Qwen Code settings — selected model, MCP servers, approval mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.qwen/.env',
+      format: 'env',
+      description: 'Environment variables (DASHSCOPE_API_KEY, OPENAI_API_KEY for OpenAI-compatible routes, …).',
+    },
+  ],
+};
+
+export const SUPPORTED_CONFIG_PROVIDERS = Object.keys(PROVIDER_CONFIG_FILES);
+
+// Hard cap — no config file we care about is remotely this big, but we
+// want to refuse reads and writes that would swell memory. Editing a 1 MB
+// settings.json is already a smell.
+export const MAX_CONFIG_FILE_SIZE_BYTES = 1_048_576; // 1 MB

package/server/routes/projects.js

@@ -3,7 +3,7 @@ import { promises as fs } from 'fs';
 import path from 'path';
 import { spawn } from 'child_process';
 import os from 'os';
-import { addProjectManually } from '../projects.js';
+import { addProjectManually, extractProjectDirectory } from '../projects.js';
 
 const router = express.Router();
 
@@ -240,15 +240,100 @@ export async function validateWorkspacePath(requestedPath) {
   }
 }
 
+/**
+ * Is this `pixcode-project-N` slot already in use? "In use" means the
+ * user has sent at least one message under any provider — presence of a
+ * session file under ~/.claude/projects/<encoded>/, ~/.codex/sessions/,
+ * or ~/.gemini/… is our signal. We keep it best-effort: if we can't
+ * probe a provider's session dir (no permissions, path missing), we
+ * treat it as "no sessions for this provider" rather than raise.
+ *
+ * Checking the on-disk workspace dir for files is NOT a reliable signal
+ * — providers store their history outside the workspace, so a project
+ * that has had 20 messages still has an empty folder.
+ */
+async function projectHasAnySessions(workspacePath) {
+  const home = os.homedir();
+  // encodeProjectName strips drive separators (C:\ → -C--…) and dots so
+  // `extractProjectDirectory` can round-trip. Using the same encoder as
+  // the rest of projects.js keeps us aligned with however Claude's CLI
+  // computes its per-project directory name.
+  const slug = workspacePath.replace(/[\\/:]/g, '-').replace(/\./g, '-');
+
+  const probes = [
+    // Claude Code: JSONL-per-session files under a per-project subdir.
+    path.join(home, '.claude', 'projects', slug),
+    // Codex writes session logs under ~/.codex/sessions — they're cross-project
+    // so we can't cheaply attribute them to a specific slot; skip.
+    // Gemini: same layout as Claude.
+    path.join(home, '.gemini', 'projects', slug),
+    // Qwen Code (Gemini fork): same layout.
+    path.join(home, '.qwen', 'projects', slug),
+  ];
+
+  for (const dir of probes) {
+    try {
+      const entries = await fs.readdir(dir);
+      if (entries.some((name) => name.endsWith('.jsonl') || name.endsWith('.json'))) {
+        return true;
+      }
+    } catch {
+      // Missing / unreadable dir just means "no sessions here", not fatal.
+    }
+  }
+  return false;
+}
+
+/**
+ * GET /api/projects/:projectName/dir-status
+ *
+ * Lightweight "does the workspace still exist on disk?" check used by
+ * the chat composer to detect deleted-directory sessions. We decode the
+ * project name back to an absolute path and stat it — a slug alone isn't
+ * useful because the user may have deleted the workspace while the
+ * session metadata still lives under ~/.<provider>/projects/.
+ *
+ * Returns `{ exists, path, isDirectory }` so the UI can lock the
+ * composer and surface a "directory deleted" warning instead of letting
+ * the user fire prompts into a void.
+ */
+router.get('/:projectName/dir-status', async (req, res) => {
+  const { projectName } = req.params;
+  try {
+    const actualPath = await extractProjectDirectory(projectName);
+    if (!actualPath) {
+      return res.json({ exists: false, path: null, isDirectory: false });
+    }
+    try {
+      const stat = await fs.stat(actualPath);
+      return res.json({
+        exists: true,
+        path: actualPath,
+        isDirectory: stat.isDirectory(),
+      });
+    } catch (err) {
+      // ENOENT is the typical "user rm -rf'd the workspace" path.
+      if (err.code === 'ENOENT') {
+        return res.json({ exists: false, path: actualPath, isDirectory: false });
+      }
+      throw err;
+    }
+  } catch (error) {
+    console.error(`[projects] dir-status ${projectName}:`, error);
+    res.status(500).json({ error: error.message || 'Failed to check project directory' });
+  }
+});
+
 /**
  * POST /api/projects/quick-start
  *
- * Zero-config project creation: picks the next available
- * `pixcode-project-N` slot under WORKSPACES_BASE, creates the directory,
- * registers it, and returns the project record. Used by the "start
- * chatting without setting up a project first" landing flow — we want
- * the user to type + send a message and have a real workspace appear
- * underneath them without prompting for a name or path up front.
+ * Zero-config project creation: **reuses** the first unused
+ * `pixcode-project-N` slot if one exists, otherwise creates the next
+ * free index. "Unused" = no session files on disk for any provider.
+ * Without reuse, clicking "New chat" rapidly stacks up pixcode-project-1
+ * through pixcode-project-N and litters the workspace — the UX we want
+ * matches ChatGPT's "New chat" which reuses the empty canvas until the
+ * user actually commits a message.
  */
 router.post('/quick-start', async (req, res) => {
   try {
@@ -258,30 +343,65 @@ router.post('/quick-start', async (req, res) => {
     try {
       entries = await fs.readdir(WORKSPACES_BASE, { withFileTypes: true });
     } catch { /* empty is fine */ }
-    const taken = new Set(
-      entries.filter((e) => e.isDirectory()).map((e) => e.name.toLowerCase()),
-    );
 
-    let nextIndex = 1;
-    let name = '';
-    // eslint-disable-next-line no-constant-condition
-    while (true) {
-      const candidate = `pixcode-project-${nextIndex}`;
-      if (!taken.has(candidate.toLowerCase())) {
-        name = candidate;
-        break;
+    // Pixcode-owned slots, sorted by numeric index so reuse is deterministic
+    // and picks the lowest idle slot (pixcode-project-1 before -3).
+    const existingSlots = entries
+      .filter((e) => e.isDirectory() && /^pixcode-project-\d+$/i.test(e.name))
+      .map((e) => ({
+        name: e.name,
+        index: parseInt(e.name.split('-').pop(), 10) || 0,
+      }))
+      .sort((a, b) => a.index - b.index);
+
+    // 1. First pass: reuse the lowest-indexed slot that has no sessions.
+    for (const slot of existingSlots) {
+      const absolutePath = path.join(WORKSPACES_BASE, slot.name);
+      const used = await projectHasAnySessions(absolutePath);
+      if (!used) {
+        let project;
+        try {
+          project = await addProjectManually(absolutePath);
+        } catch (err) {
+          // addProjectManually throws when the project is already
+          // registered. That's fine — look it up via its encoded name
+          // instead of creating a duplicate.
+          const msg = err?.message || '';
+          if (!/already configured/i.test(msg)) throw err;
+          project = {
+            name: absolutePath.replace(/[\\/:]/g, '-').replace(/\./g, '-'),
+            path: absolutePath,
+            fullPath: absolutePath,
+            displayName: slot.name,
+            isManuallyAdded: true,
+            sessions: [],
+            cursorSessions: [],
+          };
+        }
+        return res.json({
+          success: true,
+          project,
+          suggestedName: slot.name,
+          reused: true,
+        });
       }
+    }
+
+    // 2. No idle slot — create the next free index above what exists.
+    const takenIndices = new Set(existingSlots.map((s) => s.index));
+    let nextIndex = 1;
+    while (takenIndices.has(nextIndex)) {
       nextIndex += 1;
       if (nextIndex > 9999) {
         return res.status(500).json({ error: 'No free pixcode-project slot (exhausted 1..9999)' });
       }
     }
-
+    const name = `pixcode-project-${nextIndex}`;
     const absolutePath = path.join(WORKSPACES_BASE, name);
     await fs.mkdir(absolutePath, { recursive: true });
     const project = await addProjectManually(absolutePath);
 
-    res.json({ success: true, project, suggestedName: name });
+    res.json({ success: true, project, suggestedName: name, reused: false });
   } catch (error) {
     console.error('[projects] quick-start failed:', error);
     res.status(500).json({ error: error.message || 'Failed to quick-start project' });