@pixelbyte-software/pixcode 1.33.4 → 1.33.6

package/server/projects.js

@@ -699,6 +699,7 @@ async function getProjects(progressCallback = null) {
       sessions: [],
       geminiSessions: [],
       qwenSessions: [],
+      opencodeSessions: [],
       sessionMeta: {
         hasMore: false,
         total: 0
@@ -768,6 +769,14 @@ async function getProjects(progressCallback = null) {
     }
     applyCustomSessionNames(project.qwenSessions, 'qwen');
 
+    try {
+      project.opencodeSessions = await getOpencodeCliSessions(actualProjectDir);
+    } catch (e) {
+      console.warn(`Could not load OpenCode sessions for project ${entry.name}:`, e.message);
+      project.opencodeSessions = [];
+    }
+    applyCustomSessionNames(project.opencodeSessions, 'opencode');
+
     try {
       const taskMasterResult = await detectTaskMasterFolder(actualProjectDir);
       project.taskmaster = {
@@ -831,6 +840,7 @@ async function getProjects(progressCallback = null) {
         sessions: [],
         geminiSessions: [],
         qwenSessions: [],
+        opencodeSessions: [],
         sessionMeta: {
           hasMore: false,
           total: 0
@@ -876,6 +886,13 @@ async function getProjects(progressCallback = null) {
       }
       applyCustomSessionNames(project.geminiSessions, 'gemini');
 
+      try {
+        project.opencodeSessions = await getOpencodeCliSessions(actualProjectDir);
+      } catch (e) {
+        console.warn(`Could not load OpenCode sessions for tracked project ${projectName}:`, e.message);
+      }
+      applyCustomSessionNames(project.opencodeSessions, 'opencode');
+
       try {
         const taskMasterResult = await detectTaskMasterFolder(actualProjectDir);
 
@@ -2798,6 +2815,100 @@ async function getQwenCliSessions(projectPath, options = {}) {
   );
 }
 
+/**
+ * OpenCode session enumerator. Walks `~/.local/share/opencode/project/*` (the
+ * XDG data dir OpenCode uses on every platform — yes, including Windows under
+ * the user profile) and surfaces every session whose `directory` field matches
+ * the project root we're listing. `<projectID>` segments are git-root commit
+ * hashes for git repos and the literal "global" for non-git dirs, so we
+ * don't try to be clever about the slug — we just walk every project bucket
+ * and filter by the stored `directory`.
+ *
+ * This is best-effort: when OpenCode hasn't written anything yet (brand-new
+ * project, no chats sent) the data dir is missing and we return [] without
+ * surfacing an error to the caller.
+ */
+async function getOpencodeCliSessions(projectPath) {
+  const normalizedProjectPath = normalizeComparablePath(projectPath);
+  if (!normalizedProjectPath) return [];
+
+  const sessions = [];
+  const opencodeDataDir = path.join(os.homedir(), '.local', 'share', 'opencode', 'project');
+
+  let projectBuckets;
+  try {
+    projectBuckets = await fs.readdir(opencodeDataDir);
+  } catch {
+    return [];
+  }
+
+  for (const bucket of projectBuckets) {
+    const sessionRoot = path.join(opencodeDataDir, bucket, 'storage', 'session');
+    let projectIdDirs;
+    try {
+      projectIdDirs = await fs.readdir(sessionRoot);
+    } catch {
+      continue;
+    }
+
+    for (const pidDir of projectIdDirs) {
+      const dir = path.join(sessionRoot, pidDir);
+      let sessionFiles;
+      try {
+        sessionFiles = await fs.readdir(dir);
+      } catch {
+        continue;
+      }
+
+      for (const file of sessionFiles) {
+        if (!file.startsWith('ses_') || !file.endsWith('.json')) continue;
+        try {
+          const data = await fs.readFile(path.join(dir, file), 'utf8');
+          const sess = JSON.parse(data);
+          const sessDir = typeof sess?.directory === 'string'
+            ? normalizeComparablePath(sess.directory)
+            : null;
+          if (!sessDir || sessDir !== normalizedProjectPath) continue;
+
+          const id = typeof sess?.id === 'string' ? sess.id : file.replace(/\.json$/, '');
+          sessions.push({
+            id,
+            summary: sess?.title || 'OpenCode Session',
+            messageCount: typeof sess?.messageCount === 'number' ? sess.messageCount : 0,
+            lastActivity: sess?.time?.updated || sess?.time?.created || null,
+            provider: 'opencode',
+          });
+        } catch {
+          // Skip unreadable session files silently — one corrupt file
+          // shouldn't blank the whole list.
+          continue;
+        }
+      }
+    }
+  }
+
+  // Merge in live sessions held by the in-memory sessionManager so a fresh
+  // chat that hasn't been flushed to disk yet still shows in the sidebar.
+  try {
+    const liveSessions = sessionManager.getProjectSessions(projectPath) || [];
+    for (const s of liveSessions) {
+      if (!s.id || !s.id.startsWith('opencode_')) continue;
+      if (sessions.some((existing) => existing.id === s.id)) continue;
+      sessions.push({
+        id: s.id,
+        summary: s.summary || s.title || 'OpenCode Session',
+        messageCount: s.messageCount || 0,
+        lastActivity: s.lastActivity || s.createdAt || null,
+        provider: 'opencode',
+      });
+    }
+  } catch { /* sessionManager not initialised yet — ignore */ }
+
+  return sessions.sort((a, b) =>
+    new Date(b.lastActivity || 0) - new Date(a.lastActivity || 0)
+  );
+}
+
 async function getQwenCliSessionMessages(sessionId) {
   const qwenTmpDir = path.join(os.homedir(), '.qwen', 'tmp');
   let projectDirs;
@@ -2989,5 +3100,6 @@ export {
   getGeminiCliSessionMessages,
   getQwenCliSessions,
   getQwenCliSessionMessages,
+  getOpencodeCliSessions,
   searchConversations
 };

package/server/qwen-code-cli.js

@@ -335,10 +335,13 @@ async function spawnQwen(command, options = {}, ws) {
             const installed = await providerAuthService.isProviderInstalled('qwen');
             const errorContent = !installed
                 ? 'Qwen Code CLI is not installed. Install it first: npm install -g @qwen-code/qwen-code'
-                : error.message;
+                : (error?.message || String(error));
 
             const errorSessionId = typeof ws.getSessionId === 'function' ? ws.getSessionId() : finalSessionId;
             ws.send(createNormalizedMessage({ kind: 'error', content: errorContent, sessionId: errorSessionId, provider: 'qwen' }));
+            // Always emit `complete` so the UI's "Processing..." state clears
+            // even when spawn fails (ENOENT, EACCES) and `close` never fires.
+            ws.send(createNormalizedMessage({ kind: 'complete', exitCode: 1, isNewSession: !sessionId && !!command, sessionId: errorSessionId, provider: 'qwen' }));
             notifyTerminalState({ error });
 
             reject(error);

package/server/services/provider-models.js

@@ -71,7 +71,9 @@ function normalizeList(list) {
         seen.add(value);
         const label = typeof item.label === 'string' && item.label.trim() ? item.label.trim() : value;
         const source = item.source === 'api' ? 'api' : 'static';
-        out.push({ value, label, source });
+        const entry = { value, label, source };
+        if (typeof item.free === 'boolean') entry.free = item.free;
+        out.push(entry);
     }
     return out;
 }
@@ -111,7 +113,18 @@ async function discoverOpenAiCompat(apiKey, baseUrl, fallbackBase) {
     const response = await fetch(endpoint, {
         headers: { Authorization: `Bearer ${apiKey}` },
     });
-    if (!response.ok) throw new Error(`${endpoint} returned ${response.status}`);
+    if (!response.ok) {
+        // 401 specifically means our key is bad — but for codex/qwen/etc.
+        // users often log in via OAuth (`codex login`, `qwen auth`) which
+        // doesn't expose an OpenAI-compatible API key. Surface a clean
+        // "no live discovery available" rather than a scary 401 trace.
+        if (response.status === 401) {
+            const err = new Error('OpenAI-compatible /v1/models requires an API key. The static catalog is shown instead — that\'s expected when you signed in via OAuth (e.g. `codex login`).');
+            err.code = 'OAUTH_NO_API_KEY';
+            throw err;
+        }
+        throw new Error(`${endpoint} returned ${response.status}`);
+    }
     const data = await response.json();
     const rows = Array.isArray(data?.data) ? data.data : [];
     return rows
@@ -123,6 +136,123 @@ async function discoverOpenAiCompat(apiKey, baseUrl, fallbackBase) {
         }));
 }
 
+/**
+ * Detect whether the user is authenticated via the provider's OAuth flow
+ * (codex login / qwen auth) so we can skip live model discovery silently
+ * — those flows don't surface a usable OpenAI-compatible API key, and the
+ * SDK calls the upstream APIs through its own internal auth path.
+ */
+async function hasProviderOauthAuth(provider) {
+    if (provider === 'codex') {
+        try {
+            await fs.access(path.join(os.homedir(), '.codex', 'auth.json'));
+            return true;
+        } catch { return false; }
+    }
+    if (provider === 'qwen') {
+        try {
+            await fs.access(path.join(os.homedir(), '.qwen', 'oauth_creds.json'));
+            return true;
+        } catch { return false; }
+    }
+    return false;
+}
+
+/**
+ * OpenCode is multi-provider — its "model" picker isn't a single API list,
+ * it's the union of every provider it can route to (Anthropic, OpenAI,
+ * Google, xAI, OpenRouter, OpenCode Zen, Ollama, etc.). The canonical
+ * catalog lives at https://models.dev/api.json (no auth, ~1.8 MB JSON, 115
+ * providers as of 2026-04). We pull that, filter to providers the user
+ * has authenticated with (read `~/.local/share/opencode/auth.json`) plus
+ * always include the OpenCode Zen tier (works without explicit auth on
+ * the free models), drop deprecated entries, and tag free models.
+ */
+async function discoverOpencode() {
+    const url = process.env.OPENCODE_MODELS_URL || 'https://models.dev/api.json';
+    const response = await fetch(url, {
+        // OpenCode itself caches this for hours; we cache for 6h via the
+        // outer wrapper so a single 7s fetch on cold start is acceptable.
+        signal: AbortSignal.timeout(15000),
+    });
+    if (!response.ok) throw new Error(`models.dev/api.json returned ${response.status}`);
+    const data = await response.json();
+    if (!data || typeof data !== 'object') throw new Error('models.dev returned a non-object payload');
+
+    // Read OpenCode's auth.json to know which providers the user can
+    // actually call. Missing file → only show always-free Zen.
+    const authedProviders = new Set(['opencode']);
+    try {
+        const authPath = path.join(os.homedir(), '.local', 'share', 'opencode', 'auth.json');
+        const raw = await fs.readFile(authPath, 'utf8');
+        const auth = JSON.parse(raw);
+        if (auth && typeof auth === 'object') {
+            for (const k of Object.keys(auth)) authedProviders.add(k);
+        }
+    } catch { /* no auth.json → only Zen free models surface */ }
+
+    // Common env-var providers OpenCode picks up automatically. If the user
+    // exported one in their shell, surface those models too even without
+    // auth.json. Mirrors the env list in opencode-auth.provider.ts.
+    const envProviderHints = {
+        anthropic: ['ANTHROPIC_API_KEY'],
+        openai: ['OPENAI_API_KEY'],
+        google: ['GOOGLE_GENERATIVE_AI_API_KEY', 'GEMINI_API_KEY'],
+        'google-vertex': ['GOOGLE_APPLICATION_CREDENTIALS'],
+        xai: ['XAI_API_KEY'],
+        groq: ['GROQ_API_KEY'],
+        cerebras: ['CEREBRAS_API_KEY'],
+        openrouter: ['OPENROUTER_API_KEY'],
+    };
+    for (const [providerId, envVars] of Object.entries(envProviderHints)) {
+        if (envVars.some((v) => process.env[v]?.trim())) authedProviders.add(providerId);
+    }
+
+    const out = [];
+    for (const [providerId, providerCfg] of Object.entries(data)) {
+        if (!authedProviders.has(providerId)) continue;
+        if (!providerCfg || typeof providerCfg !== 'object') continue;
+        const models = providerCfg.models;
+        if (!models || typeof models !== 'object') continue;
+
+        const providerName = typeof providerCfg.name === 'string' && providerCfg.name.trim()
+            ? providerCfg.name
+            : providerId;
+
+        for (const [modelId, modelCfg] of Object.entries(models)) {
+            if (!modelCfg || typeof modelCfg !== 'object') continue;
+            // Skip deprecated entries from the default list — users can
+            // still hand-type them if they really need to.
+            if (modelCfg.status === 'deprecated') continue;
+            const cost = modelCfg.cost && typeof modelCfg.cost === 'object' ? modelCfg.cost : null;
+            const free = !cost || (Number(cost.input) === 0 && Number(cost.output) === 0);
+            const ctx = modelCfg.limit?.context;
+            const ctxLabel = typeof ctx === 'number' && ctx > 0
+                ? ` · ${ctx >= 1_000_000 ? `${(ctx / 1_000_000).toFixed(1)}M` : `${Math.round(ctx / 1000)}K`}`
+                : '';
+            const freeLabel = free ? ' · Free' : '';
+            const modelName = typeof modelCfg.name === 'string' && modelCfg.name.trim()
+                ? modelCfg.name
+                : modelId;
+
+            out.push({
+                value: `${providerId}/${modelId}`,
+                label: `${providerName} · ${modelName}${ctxLabel}${freeLabel}`,
+                source: 'api',
+                free,
+            });
+        }
+    }
+
+    // Sort: free first (handy when the user is unauthed), then by label.
+    out.sort((a, b) => {
+        if (a.free !== b.free) return a.free ? -1 : 1;
+        return a.label.localeCompare(b.label);
+    });
+
+    return out;
+}
+
 async function discoverGoogle(apiKey) {
     // Google Generative Language API — public models list, API key as query.
     const endpoint = `https://generativelanguage.googleapis.com/v1beta/models?key=${encodeURIComponent(apiKey)}`;
@@ -165,6 +295,22 @@ export async function getProviderModels(provider, opts = {}) {
         };
     }
 
+    // OpenCode is the odd one out: its catalog is models.dev, not a per-key
+    // API endpoint. Skip the credential plumbing and dispatch straight.
+    let liveModels = [];
+    let error;
+    if (provider === 'opencode') {
+        try {
+            liveModels = await discoverOpencode();
+        } catch (err) {
+            error = err?.message || String(err);
+        }
+        const merged = mergeCatalogs(normalizeList(liveModels), staticCatalog);
+        const entry = { models: merged, error };
+        await saveCacheEntry(provider, entry).catch(() => { /* non-fatal */ });
+        return { models: merged, fetchedAt: new Date().toISOString(), error, fromCache: false };
+    }
+
     // Pick up credentials from Pixcode's UI store first, then fall back to
     // the native env vars so a user who already exported ANTHROPIC_API_KEY
     // (or authenticated Claude Code via OAuth — the SDK writes the key into
@@ -185,12 +331,17 @@ export async function getProviderModels(provider, opts = {}) {
     const apiKey = creds?.apiKey || envKey;
     const baseUrl = creds?.baseUrl || envBase || undefined;
 
-    let liveModels = [];
-    let error;
     if (!apiKey) {
-        // Be explicit so the UI can surface a useful hint rather than just
-        // showing the static baseline with no reason given.
-        error = `No ${provider} API key configured. Save one in Settings > Agents > API Key to enable live discovery.`;
+        // Codex and Qwen support OAuth (`codex login`, `qwen auth`) which
+        // DOESN'T expose a usable API key — the SDK auths against the
+        // upstream API directly. Skip the discovery step silently in that
+        // case; the static catalog is the right answer.
+        const oauthOnly = await hasProviderOauthAuth(provider);
+        if (!oauthOnly) {
+            // Be explicit so the UI can surface a useful hint rather than just
+            // showing the static baseline with no reason given.
+            error = `No ${provider} API key configured. Save one in Settings > Agents > API Key, or sign in via the CLI (e.g. \`codex login\`).`;
+        }
     } else {
         try {
             if (provider === 'claude') {
@@ -207,7 +358,12 @@ export async function getProviderModels(provider, opts = {}) {
                 liveModels = await discoverGoogle(apiKey);
             }
         } catch (err) {
-            error = err?.message || String(err);
+            // OAuth users get a clean message instead of a raw 401 stack.
+            if (err?.code === 'OAUTH_NO_API_KEY') {
+                error = err.message;
+            } else {
+                error = err?.message || String(err);
+            }
         }
     }
 

package/shared/modelConstants.js

@@ -95,25 +95,48 @@ export const QWEN_MODELS = {
 };
 
 /**
- * OpenCode Models
+ * OpenCode Models — STATIC FALLBACK ONLY.
  *
- * OpenCode is multi-provider, so the picker is really "which upstream
- * model does opencode talk to?". The defaults here point at OpenCode Zen
- * (their curated routing tier) plus a few direct picks the docs call
- * out as well-supported. Advanced users override via opencode.json's
- * `provider` / `model` block, which bypasses this list.
+ * OpenCode is multi-provider and the live model catalog rotates often
+ * (Zen free models come and go; new Anthropic/OpenAI/Google models ship
+ * every few weeks). The runtime fetches the live catalog from
+ * `https://models.dev/api.json` via server/services/provider-models.js
+ * and merges it on top of this list — these entries only show when the
+ * fetch fails (offline install, firewalled host).
+ *
+ * Curated current free Zen tier + canonical paid picks. Update when the
+ * fallback feels stale, but the live fetch is the source of truth.
  */
 export const OPENCODE_MODELS = {
   OPTIONS: [
-    { value: "opencode/zen-best", label: "OpenCode Zen (Best)" },
-    { value: "opencode/zen-fast", label: "OpenCode Zen (Fast)" },
+    // OpenCode Zen — free tier (no charge, may rate-limit). The "limited
+    // time" Zen freebies rotate, so this is the safest small set.
+    { value: "opencode/big-pickle", label: "OpenCode Zen · Big Pickle (Free)", free: true },
+    { value: "opencode/minimax-m2.5-free", label: "OpenCode Zen · MiniMax M2.5 (Free)", free: true },
+    { value: "opencode/hy3-preview-free", label: "OpenCode Zen · Hy3 Preview (Free)", free: true },
+    { value: "opencode/ling-2.6-flash-free", label: "OpenCode Zen · Ling 2.6 Flash (Free)", free: true },
+    { value: "opencode/nemotron-3-super-free", label: "OpenCode Zen · Nemotron 3 Super (Free)", free: true },
+    { value: "opencode/gpt-5-nano", label: "OpenCode Zen · GPT-5 Nano (Free)", free: true },
+
+    // Anthropic — current flagship + cheap.
+    { value: "anthropic/claude-opus-4-7", label: "Claude Opus 4.7 (Anthropic)" },
     { value: "anthropic/claude-sonnet-4-6", label: "Claude Sonnet 4.6 (Anthropic)" },
-    { value: "anthropic/claude-opus-4-6", label: "Claude Opus 4.6 (Anthropic)" },
+    { value: "anthropic/claude-haiku-4-5", label: "Claude Haiku 4.5 (Anthropic)" },
+
+    // OpenAI — current GPT-5 family.
     { value: "openai/gpt-5.4", label: "GPT-5.4 (OpenAI)" },
-    { value: "google/gemini-3-pro-preview", label: "Gemini 3 Pro (Google)" },
+    { value: "openai/gpt-5.1-codex", label: "GPT-5.1 Codex (OpenAI)" },
+
+    // Google — current Gemini 3 family.
+    { value: "google/gemini-3.1-pro-preview", label: "Gemini 3.1 Pro (Google)" },
+    { value: "google/gemini-3-flash-preview", label: "Gemini 3 Flash (Google)" },
+
+    // xAI — fast & cheap coding model.
+    { value: "xai/grok-code-fast-1", label: "Grok Code Fast 1 (xAI)" },
   ],
 
-  DEFAULT: "opencode/zen-best",
+  // Free Zen freebie that historically works for unauthed installs.
+  DEFAULT: "opencode/big-pickle",
 };
 
 /**