@pixelbyte-software/pixcode 1.33.10 → 1.33.11

package/server/modules/providers/shared/provider-configs.ts

@@ -1,142 +1,142 @@
-/**
- * Registry of user-editable config files per provider CLI.
- *
- * This is the single source of truth for the Settings → Agents →
- * Configuration tab. Adding a new provider? Append a row here and the
- * UI + API pick it up — no component changes required.
- *
- * Rules:
- *   - `relativePath` is relative to the user's home directory.
- *     We never accept absolute paths from the client; the server
- *     resolves these explicitly so path traversal is impossible.
- *   - `format` drives the CodeMirror language extension on the client.
- *   - `readonly: true` hides the Save button and the server rejects
- *     writes. Use it for files the CLI owns (e.g. OAuth tokens).
- *   - `description` is shown as a subtle caption under the editor.
- */
-
-export type ProviderConfigFormat = 'json' | 'toml' | 'env' | 'text';
-
-export type ProviderConfigFile = {
-  id: string;
-  label: string;
-  relativePath: string;
-  format: ProviderConfigFormat;
-  readonly?: boolean;
-  description?: string;
-};
-
-export const PROVIDER_CONFIG_FILES: Record<string, ProviderConfigFile[]> = {
-  claude: [
-    {
-      id: 'settings',
-      label: 'settings.json',
-      relativePath: '.claude/settings.json',
-      format: 'json',
-      description: 'Main Claude Code settings — default model, system prompt, tool policy.',
-    },
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.claude/.env',
-      format: 'env',
-      description: 'Environment variables loaded when Claude runs (e.g. ANTHROPIC_API_KEY).',
-    },
-  ],
-  codex: [
-    {
-      id: 'config',
-      label: 'config.toml',
-      relativePath: '.codex/config.toml',
-      format: 'toml',
-      description: 'Main Codex CLI config — models, MCP servers, approval policy, sandbox mode.',
-    },
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.codex/.env',
-      format: 'env',
-      description: 'Environment variables (OPENAI_API_KEY, OPENAI_BASE_URL, …).',
-    },
-    {
-      id: 'auth',
-      label: 'auth.json',
-      relativePath: '.codex/auth.json',
-      format: 'json',
-      readonly: true,
-      description: 'OAuth tokens managed by `codex login`. Read-only; editing here would corrupt the session.',
-    },
-  ],
-  cursor: [
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.cursor/.env',
-      format: 'env',
-      description: 'Cursor CLI environment variables.',
-    },
-  ],
-  gemini: [
-    {
-      id: 'settings',
-      label: 'settings.json',
-      relativePath: '.gemini/settings.json',
-      format: 'json',
-      description: 'Main Gemini CLI settings — selected model, MCP servers, tool approval mode.',
-    },
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.gemini/.env',
-      format: 'env',
-      description: 'Environment variables (GOOGLE_API_KEY, GEMINI_API_KEY, …).',
-    },
-  ],
-  qwen: [
-    {
-      id: 'settings',
-      label: 'settings.json',
-      relativePath: '.qwen/settings.json',
-      format: 'json',
-      description: 'Main Qwen Code settings — selected model, MCP servers, approval mode.',
-    },
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.qwen/.env',
-      format: 'env',
-      description: 'Environment variables (DASHSCOPE_API_KEY, OPENAI_API_KEY for OpenAI-compatible routes, …).',
-    },
-  ],
-  opencode: [
-    {
-      id: 'config',
-      label: 'opencode.json',
-      relativePath: '.config/opencode/opencode.json',
-      format: 'json',
-      description: 'Main OpenCode config — provider, model, MCP servers, permission rules, agents.',
-    },
-    {
-      id: 'tui',
-      label: 'tui.json',
-      relativePath: '.config/opencode/tui.json',
-      format: 'json',
-      description: 'Terminal UI preferences (theme, keybinds). Separate from the main config since 2026-02.',
-    },
-    {
-      id: 'auth',
-      label: 'auth.json',
-      relativePath: '.local/share/opencode/auth.json',
-      format: 'json',
-      readonly: true,
-      description: 'Provider credentials managed by `opencode auth login`. Read-only here; editing would corrupt stored OAuth tokens.',
-    },
-  ],
-};
-
-export const SUPPORTED_CONFIG_PROVIDERS = Object.keys(PROVIDER_CONFIG_FILES);
-
-// Hard cap — no config file we care about is remotely this big, but we
-// want to refuse reads and writes that would swell memory. Editing a 1 MB
-// settings.json is already a smell.
-export const MAX_CONFIG_FILE_SIZE_BYTES = 1_048_576; // 1 MB
+/**
+ * Registry of user-editable config files per provider CLI.
+ *
+ * This is the single source of truth for the Settings → Agents →
+ * Configuration tab. Adding a new provider? Append a row here and the
+ * UI + API pick it up — no component changes required.
+ *
+ * Rules:
+ *   - `relativePath` is relative to the user's home directory.
+ *     We never accept absolute paths from the client; the server
+ *     resolves these explicitly so path traversal is impossible.
+ *   - `format` drives the CodeMirror language extension on the client.
+ *   - `readonly: true` hides the Save button and the server rejects
+ *     writes. Use it for files the CLI owns (e.g. OAuth tokens).
+ *   - `description` is shown as a subtle caption under the editor.
+ */
+
+export type ProviderConfigFormat = 'json' | 'toml' | 'env' | 'text';
+
+export type ProviderConfigFile = {
+  id: string;
+  label: string;
+  relativePath: string;
+  format: ProviderConfigFormat;
+  readonly?: boolean;
+  description?: string;
+};
+
+export const PROVIDER_CONFIG_FILES: Record<string, ProviderConfigFile[]> = {
+  claude: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.claude/settings.json',
+      format: 'json',
+      description: 'Main Claude Code settings — default model, system prompt, tool policy.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.claude/.env',
+      format: 'env',
+      description: 'Environment variables loaded when Claude runs (e.g. ANTHROPIC_API_KEY).',
+    },
+  ],
+  codex: [
+    {
+      id: 'config',
+      label: 'config.toml',
+      relativePath: '.codex/config.toml',
+      format: 'toml',
+      description: 'Main Codex CLI config — models, MCP servers, approval policy, sandbox mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.codex/.env',
+      format: 'env',
+      description: 'Environment variables (OPENAI_API_KEY, OPENAI_BASE_URL, …).',
+    },
+    {
+      id: 'auth',
+      label: 'auth.json',
+      relativePath: '.codex/auth.json',
+      format: 'json',
+      readonly: true,
+      description: 'OAuth tokens managed by `codex login`. Read-only; editing here would corrupt the session.',
+    },
+  ],
+  cursor: [
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.cursor/.env',
+      format: 'env',
+      description: 'Cursor CLI environment variables.',
+    },
+  ],
+  gemini: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.gemini/settings.json',
+      format: 'json',
+      description: 'Main Gemini CLI settings — selected model, MCP servers, tool approval mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.gemini/.env',
+      format: 'env',
+      description: 'Environment variables (GOOGLE_API_KEY, GEMINI_API_KEY, …).',
+    },
+  ],
+  qwen: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.qwen/settings.json',
+      format: 'json',
+      description: 'Main Qwen Code settings — selected model, MCP servers, approval mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.qwen/.env',
+      format: 'env',
+      description: 'Environment variables (DASHSCOPE_API_KEY, OPENAI_API_KEY for OpenAI-compatible routes, …).',
+    },
+  ],
+  opencode: [
+    {
+      id: 'config',
+      label: 'opencode.json',
+      relativePath: '.config/opencode/opencode.json',
+      format: 'json',
+      description: 'Main OpenCode config — provider, model, MCP servers, permission rules, agents.',
+    },
+    {
+      id: 'tui',
+      label: 'tui.json',
+      relativePath: '.config/opencode/tui.json',
+      format: 'json',
+      description: 'Terminal UI preferences (theme, keybinds). Separate from the main config since 2026-02.',
+    },
+    {
+      id: 'auth',
+      label: 'auth.json',
+      relativePath: '.local/share/opencode/auth.json',
+      format: 'json',
+      readonly: true,
+      description: 'Provider credentials managed by `opencode auth login`. Read-only here; editing would corrupt stored OAuth tokens.',
+    },
+  ],
+};
+
+export const SUPPORTED_CONFIG_PROVIDERS = Object.keys(PROVIDER_CONFIG_FILES);
+
+// Hard cap — no config file we care about is remotely this big, but we
+// want to refuse reads and writes that would swell memory. Editing a 1 MB
+// settings.json is already a smell.
+export const MAX_CONFIG_FILE_SIZE_BYTES = 1_048_576; // 1 MB

package/server/opencode-cli.js

@@ -94,7 +94,10 @@ async function spawnOpencode(command, options = {}, ws) {
     if (sessionId) {
         const session = sessionManager.getSession(sessionId);
         const cliId = session?.cliSessionId || sessionId;
-        if (cliId && safeSessionIdPattern.test(cliId)) {
+        // OpenCode CLI requires session IDs to start with 'ses' (e.g. ses_22d6…).
+        // Pixcode's internal IDs (opencode_xxxxx) must NOT be passed to -s,
+        // otherwise the CLI exits with "Invalid session ID: must start with 'ses'".
+        if (cliId && safeSessionIdPattern.test(cliId) && cliId.startsWith('ses')) {
             args.push('-s', cliId);
         }
     }

package/server/opencode-response-handler.js

@@ -1,107 +1,107 @@
-// OpenCode Response Handler — `opencode run --format json` parser.
-//
-// The JSON format streams one event per line (NDJSON). Verified shapes
-// (opencode-ai 0.x, see opencode.ai/docs/cli):
-//
-//   { type:"step_start",  timestamp, sessionID, part:{ type:"step-start",  id, messageID, sessionID } }
-//   { type:"text",        timestamp, sessionID, part:{ type:"text", id, messageID, sessionID, text:"…", time:{…}, metadata:{…} } }
-//   { type:"tool_use",    timestamp, sessionID, part:{ type:"tool-use",  callID, tool, state:{ input } } }
-//   { type:"tool_result", timestamp, sessionID, part:{ type:"tool-result", callID, state:{ output, status } } }
-//   { type:"step_finish", timestamp, sessionID, part:{ type:"step-finish", reason, tokens, cost } }
-//   { type:"error",       timestamp, sessionID, error:{ name, data:{ message, statusCode? } } }
-//
-// Important: field names are camelCase — `sessionID`, `callID`, `messageID`.
-// Earlier integration code assumed snake_case (`session_id`, `tool_id`) which
-// is wrong; nothing in `opencode run --format json` uses snake_case.
-//
-// Lines that don't parse as JSON are surfaced as plain text deltas (covers
-// the CLI's pre-stream banner output, "Shell cwd was reset to …" notices on
-// Windows, and any debug noise).
-import { sessionsService } from './modules/providers/services/sessions.service.js';
-
-class OpencodeResponseHandler {
-  constructor(ws, options = {}) {
-    this.ws = ws;
-    this.buffer = '';
-    this.onContentFragment = options.onContentFragment || null;
-    this.onInit = options.onInit || null;
-    this.onToolUse = options.onToolUse || null;
-    this.onToolResult = options.onToolResult || null;
-    this.capturedCliSessionId = null;
-  }
-
-  processData(data) {
-    this.buffer += data;
-
-    const lines = this.buffer.split('\n');
-    this.buffer = lines.pop() || '';
-
-    for (const line of lines) {
-      const trimmed = line.trim();
-      if (!trimmed) continue;
-      try {
-        const event = JSON.parse(trimmed);
-        this.handleEvent(event);
-      } catch {
-        // Non-JSON line — surface as plain text delta so the user sees CLI
-        // banners / status messages instead of swallowing them silently.
-        if (this.onContentFragment) this.onContentFragment(trimmed + '\n');
-      }
-    }
-  }
-
-  handleEvent(event) {
-    const sid = typeof this.ws.getSessionId === 'function' ? this.ws.getSessionId() : null;
-
-    // Capture OpenCode's real session ID (e.g. `ses_22d6…`) the first time we
-    // see one. Every event carries `sessionID` at the top level — we don't
-    // wait for an `init`/`session.start` event because OpenCode `run --format
-    // json` never emits those (the first event is always `step_start`).
-    if (!this.capturedCliSessionId && typeof event.sessionID === 'string' && event.sessionID) {
-      this.capturedCliSessionId = event.sessionID;
-      if (this.onInit) this.onInit({ session_id: event.sessionID, sessionID: event.sessionID });
-    }
-
-    const part = event.part && typeof event.part === 'object' ? event.part : null;
-
-    if (event.type === 'text' && part && typeof part.text === 'string') {
-      if (this.onContentFragment && part.text) this.onContentFragment(part.text);
-    } else if (event.type === 'tool_use' || event.type === 'tool-use' || event.type === 'tool.start') {
-      const state = part?.state && typeof part.state === 'object' ? part.state : {};
-      if (this.onToolUse) this.onToolUse({
-        tool_id: part?.callID || part?.id || event.tool_id || '',
-        tool_name: part?.tool || part?.name || event.tool_name || '',
-        parameters: state.input || part?.input || event.parameters || {},
-      });
-    } else if (event.type === 'tool_result' || event.type === 'tool-result' || event.type === 'tool.end') {
-      const state = part?.state && typeof part.state === 'object' ? part.state : {};
-      if (this.onToolResult) this.onToolResult({
-        tool_id: part?.callID || part?.id || event.tool_id || '',
-        output: state.output ?? part?.output ?? event.output ?? event.result ?? '',
-        status: state.status || event.status || (event.isError ? 'error' : 'ok'),
-      });
-    }
-
-    const normalized = sessionsService.normalizeMessage('opencode', event, sid);
-    for (const msg of normalized) {
-      this.ws.send(msg);
-    }
-  }
-
-  forceFlush() {
-    if (this.buffer.trim()) {
-      try {
-        const event = JSON.parse(this.buffer);
-        this.handleEvent(event);
-      } catch {
-        if (this.onContentFragment) this.onContentFragment(this.buffer);
-      }
-    }
-  }
-
-  destroy() {
-    this.buffer = '';
-  }
-}
-
-export default OpencodeResponseHandler;
+// OpenCode Response Handler — `opencode run --format json` parser.
+//
+// The JSON format streams one event per line (NDJSON). Verified shapes
+// (opencode-ai 0.x, see opencode.ai/docs/cli):
+//
+//   { type:"step_start",  timestamp, sessionID, part:{ type:"step-start",  id, messageID, sessionID } }
+//   { type:"text",        timestamp, sessionID, part:{ type:"text", id, messageID, sessionID, text:"…", time:{…}, metadata:{…} } }
+//   { type:"tool_use",    timestamp, sessionID, part:{ type:"tool-use",  callID, tool, state:{ input } } }
+//   { type:"tool_result", timestamp, sessionID, part:{ type:"tool-result", callID, state:{ output, status } } }
+//   { type:"step_finish", timestamp, sessionID, part:{ type:"step-finish", reason, tokens, cost } }
+//   { type:"error",       timestamp, sessionID, error:{ name, data:{ message, statusCode? } } }
+//
+// Important: field names are camelCase — `sessionID`, `callID`, `messageID`.
+// Earlier integration code assumed snake_case (`session_id`, `tool_id`) which
+// is wrong; nothing in `opencode run --format json` uses snake_case.
+//
+// Lines that don't parse as JSON are surfaced as plain text deltas (covers
+// the CLI's pre-stream banner output, "Shell cwd was reset to …" notices on
+// Windows, and any debug noise).
+import { sessionsService } from './modules/providers/services/sessions.service.js';
+
+class OpencodeResponseHandler {
+  constructor(ws, options = {}) {
+    this.ws = ws;
+    this.buffer = '';
+    this.onContentFragment = options.onContentFragment || null;
+    this.onInit = options.onInit || null;
+    this.onToolUse = options.onToolUse || null;
+    this.onToolResult = options.onToolResult || null;
+    this.capturedCliSessionId = null;
+  }
+
+  processData(data) {
+    this.buffer += data;
+
+    const lines = this.buffer.split('\n');
+    this.buffer = lines.pop() || '';
+
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (!trimmed) continue;
+      try {
+        const event = JSON.parse(trimmed);
+        this.handleEvent(event);
+      } catch {
+        // Non-JSON line — surface as plain text delta so the user sees CLI
+        // banners / status messages instead of swallowing them silently.
+        if (this.onContentFragment) this.onContentFragment(trimmed + '\n');
+      }
+    }
+  }
+
+  handleEvent(event) {
+    const sid = typeof this.ws.getSessionId === 'function' ? this.ws.getSessionId() : null;
+
+    // Capture OpenCode's real session ID (e.g. `ses_22d6…`) the first time we
+    // see one. Every event carries `sessionID` at the top level — we don't
+    // wait for an `init`/`session.start` event because OpenCode `run --format
+    // json` never emits those (the first event is always `step_start`).
+    if (!this.capturedCliSessionId && typeof event.sessionID === 'string' && event.sessionID) {
+      this.capturedCliSessionId = event.sessionID;
+      if (this.onInit) this.onInit({ session_id: event.sessionID, sessionID: event.sessionID });
+    }
+
+    const part = event.part && typeof event.part === 'object' ? event.part : null;
+
+    if (event.type === 'text' && part && typeof part.text === 'string') {
+      if (this.onContentFragment && part.text) this.onContentFragment(part.text);
+    } else if (event.type === 'tool_use' || event.type === 'tool-use' || event.type === 'tool.start') {
+      const state = part?.state && typeof part.state === 'object' ? part.state : {};
+      if (this.onToolUse) this.onToolUse({
+        tool_id: part?.callID || part?.id || event.tool_id || '',
+        tool_name: part?.tool || part?.name || event.tool_name || '',
+        parameters: state.input || part?.input || event.parameters || {},
+      });
+    } else if (event.type === 'tool_result' || event.type === 'tool-result' || event.type === 'tool.end') {
+      const state = part?.state && typeof part.state === 'object' ? part.state : {};
+      if (this.onToolResult) this.onToolResult({
+        tool_id: part?.callID || part?.id || event.tool_id || '',
+        output: state.output ?? part?.output ?? event.output ?? event.result ?? '',
+        status: state.status || event.status || (event.isError ? 'error' : 'ok'),
+      });
+    }
+
+    const normalized = sessionsService.normalizeMessage('opencode', event, sid);
+    for (const msg of normalized) {
+      this.ws.send(msg);
+    }
+  }
+
+  forceFlush() {
+    if (this.buffer.trim()) {
+      try {
+        const event = JSON.parse(this.buffer);
+        this.handleEvent(event);
+      } catch {
+        if (this.onContentFragment) this.onContentFragment(this.buffer);
+      }
+    }
+  }
+
+  destroy() {
+    this.buffer = '';
+  }
+}
+
+export default OpencodeResponseHandler;