@pixelbyte-software/pixcode 1.33.7 → 1.33.8

package/server/database/json-store.js

@@ -1,194 +1,194 @@
-import fs from 'node:fs';
-import path from 'node:path';
-
-/**
- * Minimal JSON-backed store with atomic writes.
- *
- * Replaces the `better-sqlite3` auth/session/telegram DB from previous
- * releases. The backing store is kilobytes, not gigabytes — a SQL engine
- * was overkill and the native compile dragged install-time warnings +
- * on-disk WAL files that confused users. This impl:
- *
- *   - Loads the entire store into memory on first access (synchronous
- *     readFileSync) and keeps it cached; all subsequent reads hit the
- *     in-memory structure.
- *   - Every write flushes the whole document via write-to-tmp + rename
- *     so a crash mid-write can never truncate the file; either the
- *     old file survives or the new one is fully written.
- *   - All operations are synchronous and rely on Node's single-threaded
- *     JS execution for concurrency safety. No async queue, no locks.
- *
- * The schema is a flat object with one array per "table":
- *   { _version, _sequences: {<table>: nextId}, users: [...], ... }
- *
- * Callers use helpers like `insert`, `updateWhere`, `findWhere`,
- * `deleteWhere` rather than composing queries — this is a key/value map
- * with filter helpers, not a SQL engine.
- */
-
-const CURRENT_VERSION = 1;
-
-// Tables the store manages — empty arrays on a fresh file.
-const EMPTY_STORE = () => ({
-  _version: CURRENT_VERSION,
-  _sequences: {
-    users: 0,
-    api_keys: 0,
-    user_credentials: 0,
-    vapid_keys: 0,
-    push_subscriptions: 0,
-  },
-  users: [],
-  api_keys: [],
-  user_credentials: [],
-  user_notification_preferences: [], // each row: { user_id, preferences_json, updated_at }
-  vapid_keys: [],
-  push_subscriptions: [],
-  session_names: [], // each row: { session_id, provider, custom_name, created_at, updated_at }
-  app_config: [], // each row: { key, value, created_at }
-  telegram_config: [], // 0 or 1 row: { id=1, bot_token, bot_username, updated_at }
-  telegram_links: [], // each row: { user_id, chat_id, ... }
-});
-
-export class JsonStore {
-  constructor(filePath) {
-    this.filePath = filePath;
-    this.tmpPath = `${filePath}.tmp`;
-    this.data = null;
-    this._ensureLoaded();
-  }
-
-  _ensureLoaded() {
-    if (this.data) return;
-
-    // Ensure parent directory exists — matches the old better-sqlite3
-    // behavior where the directory was created during initialization.
-    const dir = path.dirname(this.filePath);
-    if (!fs.existsSync(dir)) {
-      fs.mkdirSync(dir, { recursive: true });
-    }
-
-    if (!fs.existsSync(this.filePath)) {
-      this.data = EMPTY_STORE();
-      this._flush();
-      return;
-    }
-
-    try {
-      const raw = fs.readFileSync(this.filePath, 'utf8');
-      const parsed = JSON.parse(raw);
-      // Fill missing keys from EMPTY_STORE so adding a new "table" in a
-      // later schema doesn't crash a fresh deploy reading an old file.
-      this.data = { ...EMPTY_STORE(), ...parsed };
-      // Ensure each well-known array key is actually an array — defends
-      // against a hand-edited file that set one to null or an object.
-      const empty = EMPTY_STORE();
-      for (const key of Object.keys(empty)) {
-        if (key === '_version' || key === '_sequences') continue;
-        if (!Array.isArray(this.data[key])) {
-          this.data[key] = [];
-        }
-      }
-      this.data._sequences = { ...empty._sequences, ...(parsed._sequences || {}) };
-    } catch (err) {
-      // Corrupted file — back up and start fresh. Never hide this; it's
-      // very likely user-visible (logins will reset).
-      const backup = `${this.filePath}.corrupt-${Date.now()}`;
-      console.error(`[JsonStore] Failed to read ${this.filePath}: ${err.message}. Backing up to ${backup}.`);
-      try { fs.renameSync(this.filePath, backup); } catch { /* noop */ }
-      this.data = EMPTY_STORE();
-      this._flush();
-    }
-  }
-
-  _flush() {
-    const serialized = JSON.stringify(this.data, null, 2);
-    fs.writeFileSync(this.tmpPath, serialized, 'utf8');
-    fs.renameSync(this.tmpPath, this.filePath);
-  }
-
-  // ---------- Raw access ----------
-  get raw() {
-    this._ensureLoaded();
-    return this.data;
-  }
-
-  save() { this._flush(); }
-
-  // ---------- Sequence (AUTOINCREMENT) ----------
-  nextId(table) {
-    this._ensureLoaded();
-    this.data._sequences[table] = (this.data._sequences[table] || 0) + 1;
-    return this.data._sequences[table];
-  }
-
-  // ---------- Query helpers ----------
-  findWhere(table, predicate) {
-    this._ensureLoaded();
-    return this.data[table].find(predicate) || null;
-  }
-
-  filterWhere(table, predicate) {
-    this._ensureLoaded();
-    return this.data[table].filter(predicate);
-  }
-
-  count(table, predicate) {
-    this._ensureLoaded();
-    if (!predicate) return this.data[table].length;
-    return this.data[table].filter(predicate).length;
-  }
-
-  // ---------- Mutation helpers ----------
-  insert(table, row, { autoId = true, sequenceKey } = {}) {
-    this._ensureLoaded();
-    const finalRow = { ...row };
-    if (autoId && finalRow.id === undefined) {
-      finalRow.id = this.nextId(sequenceKey || table);
-    }
-    this.data[table].push(finalRow);
-    this._flush();
-    return finalRow;
-  }
-
-  updateWhere(table, predicate, updater) {
-    this._ensureLoaded();
-    let changed = 0;
-    for (const row of this.data[table]) {
-      if (predicate(row)) {
-        const patch = typeof updater === 'function' ? updater(row) : updater;
-        Object.assign(row, patch);
-        changed += 1;
-      }
-    }
-    if (changed > 0) this._flush();
-    return changed;
-  }
-
-  upsertWhere(table, predicate, row) {
-    this._ensureLoaded();
-    const existing = this.data[table].find(predicate);
-    if (existing) {
-      Object.assign(existing, row);
-      this._flush();
-      return existing;
-    }
-    return this.insert(table, row);
-  }
-
-  deleteWhere(table, predicate) {
-    this._ensureLoaded();
-    const before = this.data[table].length;
-    this.data[table] = this.data[table].filter((row) => !predicate(row));
-    const removed = before - this.data[table].length;
-    if (removed > 0) this._flush();
-    return removed;
-  }
-}
-
-/**
- * Helper — ISO timestamp matching the DATETIME format SQLite used to
- * write. Stored as a plain ISO string; no one actually parses it beyond
- * displaying "last login X hours ago".
- */
-export const nowIso = () => new Date().toISOString();
+import fs from 'node:fs';
+import path from 'node:path';
+
+/**
+ * Minimal JSON-backed store with atomic writes.
+ *
+ * Replaces the `better-sqlite3` auth/session/telegram DB from previous
+ * releases. The backing store is kilobytes, not gigabytes — a SQL engine
+ * was overkill and the native compile dragged install-time warnings +
+ * on-disk WAL files that confused users. This impl:
+ *
+ *   - Loads the entire store into memory on first access (synchronous
+ *     readFileSync) and keeps it cached; all subsequent reads hit the
+ *     in-memory structure.
+ *   - Every write flushes the whole document via write-to-tmp + rename
+ *     so a crash mid-write can never truncate the file; either the
+ *     old file survives or the new one is fully written.
+ *   - All operations are synchronous and rely on Node's single-threaded
+ *     JS execution for concurrency safety. No async queue, no locks.
+ *
+ * The schema is a flat object with one array per "table":
+ *   { _version, _sequences: {<table>: nextId}, users: [...], ... }
+ *
+ * Callers use helpers like `insert`, `updateWhere`, `findWhere`,
+ * `deleteWhere` rather than composing queries — this is a key/value map
+ * with filter helpers, not a SQL engine.
+ */
+
+const CURRENT_VERSION = 1;
+
+// Tables the store manages — empty arrays on a fresh file.
+const EMPTY_STORE = () => ({
+  _version: CURRENT_VERSION,
+  _sequences: {
+    users: 0,
+    api_keys: 0,
+    user_credentials: 0,
+    vapid_keys: 0,
+    push_subscriptions: 0,
+  },
+  users: [],
+  api_keys: [],
+  user_credentials: [],
+  user_notification_preferences: [], // each row: { user_id, preferences_json, updated_at }
+  vapid_keys: [],
+  push_subscriptions: [],
+  session_names: [], // each row: { session_id, provider, custom_name, created_at, updated_at }
+  app_config: [], // each row: { key, value, created_at }
+  telegram_config: [], // 0 or 1 row: { id=1, bot_token, bot_username, updated_at }
+  telegram_links: [], // each row: { user_id, chat_id, ... }
+});
+
+export class JsonStore {
+  constructor(filePath) {
+    this.filePath = filePath;
+    this.tmpPath = `${filePath}.tmp`;
+    this.data = null;
+    this._ensureLoaded();
+  }
+
+  _ensureLoaded() {
+    if (this.data) return;
+
+    // Ensure parent directory exists — matches the old better-sqlite3
+    // behavior where the directory was created during initialization.
+    const dir = path.dirname(this.filePath);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+
+    if (!fs.existsSync(this.filePath)) {
+      this.data = EMPTY_STORE();
+      this._flush();
+      return;
+    }
+
+    try {
+      const raw = fs.readFileSync(this.filePath, 'utf8');
+      const parsed = JSON.parse(raw);
+      // Fill missing keys from EMPTY_STORE so adding a new "table" in a
+      // later schema doesn't crash a fresh deploy reading an old file.
+      this.data = { ...EMPTY_STORE(), ...parsed };
+      // Ensure each well-known array key is actually an array — defends
+      // against a hand-edited file that set one to null or an object.
+      const empty = EMPTY_STORE();
+      for (const key of Object.keys(empty)) {
+        if (key === '_version' || key === '_sequences') continue;
+        if (!Array.isArray(this.data[key])) {
+          this.data[key] = [];
+        }
+      }
+      this.data._sequences = { ...empty._sequences, ...(parsed._sequences || {}) };
+    } catch (err) {
+      // Corrupted file — back up and start fresh. Never hide this; it's
+      // very likely user-visible (logins will reset).
+      const backup = `${this.filePath}.corrupt-${Date.now()}`;
+      console.error(`[JsonStore] Failed to read ${this.filePath}: ${err.message}. Backing up to ${backup}.`);
+      try { fs.renameSync(this.filePath, backup); } catch { /* noop */ }
+      this.data = EMPTY_STORE();
+      this._flush();
+    }
+  }
+
+  _flush() {
+    const serialized = JSON.stringify(this.data, null, 2);
+    fs.writeFileSync(this.tmpPath, serialized, 'utf8');
+    fs.renameSync(this.tmpPath, this.filePath);
+  }
+
+  // ---------- Raw access ----------
+  get raw() {
+    this._ensureLoaded();
+    return this.data;
+  }
+
+  save() { this._flush(); }
+
+  // ---------- Sequence (AUTOINCREMENT) ----------
+  nextId(table) {
+    this._ensureLoaded();
+    this.data._sequences[table] = (this.data._sequences[table] || 0) + 1;
+    return this.data._sequences[table];
+  }
+
+  // ---------- Query helpers ----------
+  findWhere(table, predicate) {
+    this._ensureLoaded();
+    return this.data[table].find(predicate) || null;
+  }
+
+  filterWhere(table, predicate) {
+    this._ensureLoaded();
+    return this.data[table].filter(predicate);
+  }
+
+  count(table, predicate) {
+    this._ensureLoaded();
+    if (!predicate) return this.data[table].length;
+    return this.data[table].filter(predicate).length;
+  }
+
+  // ---------- Mutation helpers ----------
+  insert(table, row, { autoId = true, sequenceKey } = {}) {
+    this._ensureLoaded();
+    const finalRow = { ...row };
+    if (autoId && finalRow.id === undefined) {
+      finalRow.id = this.nextId(sequenceKey || table);
+    }
+    this.data[table].push(finalRow);
+    this._flush();
+    return finalRow;
+  }
+
+  updateWhere(table, predicate, updater) {
+    this._ensureLoaded();
+    let changed = 0;
+    for (const row of this.data[table]) {
+      if (predicate(row)) {
+        const patch = typeof updater === 'function' ? updater(row) : updater;
+        Object.assign(row, patch);
+        changed += 1;
+      }
+    }
+    if (changed > 0) this._flush();
+    return changed;
+  }
+
+  upsertWhere(table, predicate, row) {
+    this._ensureLoaded();
+    const existing = this.data[table].find(predicate);
+    if (existing) {
+      Object.assign(existing, row);
+      this._flush();
+      return existing;
+    }
+    return this.insert(table, row);
+  }
+
+  deleteWhere(table, predicate) {
+    this._ensureLoaded();
+    const before = this.data[table].length;
+    this.data[table] = this.data[table].filter((row) => !predicate(row));
+    const removed = before - this.data[table].length;
+    if (removed > 0) this._flush();
+    return removed;
+  }
+}
+
+/**
+ * Helper — ISO timestamp matching the DATETIME format SQLite used to
+ * write. Stored as a plain ISO string; no one actually parses it beyond
+ * displaying "last login X hours ago".
+ */
+export const nowIso = () => new Date().toISOString();

package/server/modules/providers/list/opencode/opencode-auth.provider.ts

@@ -1,130 +1,130 @@
-import { readFile } from 'node:fs/promises';
-import os from 'node:os';
-import path from 'node:path';
-
-import spawn from 'cross-spawn';
-
-import type { IProviderAuth } from '@/shared/interfaces.js';
-import type { ProviderAuthStatus } from '@/shared/types.js';
-import { readObjectRecord, readOptionalString } from '@/shared/utils.js';
-// eslint-disable-next-line @typescript-eslint/ban-ts-comment
-// @ts-ignore — plain-JS module, typed via inference
-import { getProviderCredentials } from '@/services/provider-credentials.js';
-
-type OpencodeCredentialsStatus = {
-  authenticated: boolean;
-  email: string | null;
-  method: string | null;
-  error?: string;
-};
-
-/**
- * OpenCode auth checker.
- *
- * OpenCode stores credentials at `~/.local/share/opencode/auth.json` (XDG
- * data dir — different layout from the other providers which use
- * `~/.<name>/`). The file is a JSON map of `providerName → { type, ... }`
- * where type is `api` (API key), `oauth` (OAuth tokens), or similar.
- *
- * Windows layout (as of the 2026 release): `%LOCALAPPDATA%\opencode\auth.json`.
- *
- * Since OpenCode is multi-provider (OpenAI, Anthropic, Google, Ollama,
- * OpenCode Zen), "authenticated" here means "at least ONE provider in
- * auth.json has credentials" — we don't care which.
- */
-export class OpencodeProviderAuth implements IProviderAuth {
-  private checkInstalled(): boolean {
-    const cliPath = process.env.OPENCODE_CLI_PATH || 'opencode';
-    try {
-      const result = spawn.sync(cliPath, ['--version'], { stdio: 'ignore', timeout: 5000 });
-      return !result.error && result.status === 0;
-    } catch {
-      return false;
-    }
-  }
-
-  async getStatus(): Promise<ProviderAuthStatus> {
-    const installed = this.checkInstalled();
-
-    if (!installed) {
-      return {
-        installed,
-        provider: 'opencode',
-        authenticated: false,
-        email: null,
-        method: null,
-        error: 'OpenCode CLI is not installed',
-      };
-    }
-
-    const credentials = await this.checkCredentials();
-
-    return {
-      installed,
-      provider: 'opencode',
-      authenticated: credentials.authenticated,
-      email: credentials.email,
-      method: credentials.method,
-      error: credentials.authenticated ? undefined : credentials.error || 'Not authenticated',
-    };
-  }
-
-  private async checkCredentials(): Promise<OpencodeCredentialsStatus> {
-    // Pixcode-managed credentials come first — if the user stored an API
-    // key via Settings > Agents > API Key, trust that regardless of
-    // env vars or auth.json.
-    try {
-      const creds = await getProviderCredentials('opencode');
-      if (creds?.apiKey) {
-        return { authenticated: true, email: 'API Key Auth', method: 'pixcode_store' };
-      }
-    } catch { /* fall through */ }
-
-    // Env-var shortcut — any of the multi-provider keys OpenCode recognises.
-    const envKeys = ['ANTHROPIC_API_KEY', 'OPENAI_API_KEY', 'GOOGLE_API_KEY', 'OPENROUTER_API_KEY'];
-    for (const k of envKeys) {
-      if (process.env[k]?.trim()) {
-        return { authenticated: true, email: `${k.replace('_API_KEY', '')} env`, method: 'api_key' };
-      }
-    }
-
-    // auth.json — written by `opencode auth login`. On Windows the XDG
-    // data dir typically resolves to `%LOCALAPPDATA%\opencode`, but since
-    // Node's `os.homedir()` + `.local/share/opencode` covers the Linux
-    // default and most WSL cases, we check both paths.
-    const candidatePaths = [
-      path.join(os.homedir(), '.local', 'share', 'opencode', 'auth.json'),
-      path.join(os.homedir(), 'AppData', 'Local', 'opencode', 'auth.json'),
-    ];
-
-    for (const credsPath of candidatePaths) {
-      try {
-        const content = await readFile(credsPath, 'utf8');
-        const creds = readObjectRecord(JSON.parse(content)) ?? {};
-        const providerNames = Object.keys(creds);
-        if (providerNames.length > 0) {
-          // Prefer a real provider label over a generic one when we can
-          // identify it.
-          const firstProvider = providerNames[0];
-          const firstConfig = readObjectRecord(creds[firstProvider]) ?? {};
-          const authType = readOptionalString(firstConfig.type) ?? 'stored';
-          const label = providerNames.length === 1
-            ? `${firstProvider} (${authType})`
-            : `${providerNames.length} providers configured`;
-          return {
-            authenticated: true,
-            email: label,
-            method: authType === 'oauth' ? 'credentials_file' : 'api_key',
-          };
-        }
-      } catch { /* try next path */ }
-    }
-
-    return {
-      authenticated: false,
-      email: null,
-      method: null,
-      error: 'OpenCode is not configured — run `opencode auth login`.',
-    };
-  }
-}
+import { readFile } from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+
+import spawn from 'cross-spawn';
+
+import type { IProviderAuth } from '@/shared/interfaces.js';
+import type { ProviderAuthStatus } from '@/shared/types.js';
+import { readObjectRecord, readOptionalString } from '@/shared/utils.js';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore — plain-JS module, typed via inference
+import { getProviderCredentials } from '@/services/provider-credentials.js';
+
+type OpencodeCredentialsStatus = {
+  authenticated: boolean;
+  email: string | null;
+  method: string | null;
+  error?: string;
+};
+
+/**
+ * OpenCode auth checker.
+ *
+ * OpenCode stores credentials at `~/.local/share/opencode/auth.json` (XDG
+ * data dir — different layout from the other providers which use
+ * `~/.<name>/`). The file is a JSON map of `providerName → { type, ... }`
+ * where type is `api` (API key), `oauth` (OAuth tokens), or similar.
+ *
+ * Windows layout (as of the 2026 release): `%LOCALAPPDATA%\opencode\auth.json`.
+ *
+ * Since OpenCode is multi-provider (OpenAI, Anthropic, Google, Ollama,
+ * OpenCode Zen), "authenticated" here means "at least ONE provider in
+ * auth.json has credentials" — we don't care which.
+ */
+export class OpencodeProviderAuth implements IProviderAuth {
+  private checkInstalled(): boolean {
+    const cliPath = process.env.OPENCODE_CLI_PATH || 'opencode';
+    try {
+      const result = spawn.sync(cliPath, ['--version'], { stdio: 'ignore', timeout: 5000 });
+      return !result.error && result.status === 0;
+    } catch {
+      return false;
+    }
+  }
+
+  async getStatus(): Promise<ProviderAuthStatus> {
+    const installed = this.checkInstalled();
+
+    if (!installed) {
+      return {
+        installed,
+        provider: 'opencode',
+        authenticated: false,
+        email: null,
+        method: null,
+        error: 'OpenCode CLI is not installed',
+      };
+    }
+
+    const credentials = await this.checkCredentials();
+
+    return {
+      installed,
+      provider: 'opencode',
+      authenticated: credentials.authenticated,
+      email: credentials.email,
+      method: credentials.method,
+      error: credentials.authenticated ? undefined : credentials.error || 'Not authenticated',
+    };
+  }
+
+  private async checkCredentials(): Promise<OpencodeCredentialsStatus> {
+    // Pixcode-managed credentials come first — if the user stored an API
+    // key via Settings > Agents > API Key, trust that regardless of
+    // env vars or auth.json.
+    try {
+      const creds = await getProviderCredentials('opencode');
+      if (creds?.apiKey) {
+        return { authenticated: true, email: 'API Key Auth', method: 'pixcode_store' };
+      }
+    } catch { /* fall through */ }
+
+    // Env-var shortcut — any of the multi-provider keys OpenCode recognises.
+    const envKeys = ['ANTHROPIC_API_KEY', 'OPENAI_API_KEY', 'GOOGLE_API_KEY', 'OPENROUTER_API_KEY'];
+    for (const k of envKeys) {
+      if (process.env[k]?.trim()) {
+        return { authenticated: true, email: `${k.replace('_API_KEY', '')} env`, method: 'api_key' };
+      }
+    }
+
+    // auth.json — written by `opencode auth login`. On Windows the XDG
+    // data dir typically resolves to `%LOCALAPPDATA%\opencode`, but since
+    // Node's `os.homedir()` + `.local/share/opencode` covers the Linux
+    // default and most WSL cases, we check both paths.
+    const candidatePaths = [
+      path.join(os.homedir(), '.local', 'share', 'opencode', 'auth.json'),
+      path.join(os.homedir(), 'AppData', 'Local', 'opencode', 'auth.json'),
+    ];
+
+    for (const credsPath of candidatePaths) {
+      try {
+        const content = await readFile(credsPath, 'utf8');
+        const creds = readObjectRecord(JSON.parse(content)) ?? {};
+        const providerNames = Object.keys(creds);
+        if (providerNames.length > 0) {
+          // Prefer a real provider label over a generic one when we can
+          // identify it.
+          const firstProvider = providerNames[0];
+          const firstConfig = readObjectRecord(creds[firstProvider]) ?? {};
+          const authType = readOptionalString(firstConfig.type) ?? 'stored';
+          const label = providerNames.length === 1
+            ? `${firstProvider} (${authType})`
+            : `${providerNames.length} providers configured`;
+          return {
+            authenticated: true,
+            email: label,
+            method: authType === 'oauth' ? 'credentials_file' : 'api_key',
+          };
+        }
+      } catch { /* try next path */ }
+    }
+
+    return {
+      authenticated: false,
+      email: null,
+      method: null,
+      error: 'OpenCode is not configured — run `opencode auth login`.',
+    };
+  }
+}