@pixelbyte-software/pixcode 1.33.9 → 1.33.11

package/server/modules/providers/list/opencode/opencode-sessions.provider.ts

@@ -16,8 +16,15 @@ const PROVIDER = 'opencode';
  * captured streams); restoring historical sessions from disk will land
  * in a follow-up once the exact schema is pinned.
  *
- * Stream events follow the headless `opencode serve` API contract —
- * messages carry `{ role, parts: [{ type: text|tool-use|tool-result, ... }] }`.
+ * Stream shape from `opencode run --format json` (verified against
+ * opencode-ai 0.x at the wire):
+ *   { type:"step_start",  timestamp, sessionID, part:{ type:"step-start",  ... } }
+ *   { type:"text",        timestamp, sessionID, part:{ type:"text", text:"…", time:{…}, metadata:{…} } }
+ *   { type:"tool_use",    timestamp, sessionID, part:{ type:"tool-use",  callID, tool, state:{ input } } }
+ *   { type:"tool_result", timestamp, sessionID, part:{ type:"tool-result", callID, state:{ output, status } } }
+ *   { type:"step_finish", timestamp, sessionID, part:{ type:"step-finish", reason, tokens, cost } }
+ *   { type:"error",       timestamp, sessionID, error:{ name, data:{ message, statusCode? } } }
+ * Field names are camelCase (`sessionID`, `callID`) — NOT snake_case.
  */
 export class OpencodeSessionsProvider implements IProviderSessions {
   normalizeMessage(rawMessage: unknown, sessionId: string | null): NormalizedMessage[] {
@@ -26,20 +33,39 @@ export class OpencodeSessionsProvider implements IProviderSessions {
 
     const ts = raw.timestamp || new Date().toISOString();
     const baseId = raw.uuid || raw.id || generateMessageId('opencode');
+    const part = readObjectRecord(raw.part) || {};
+
+    // Modern shape: { type:"text", part:{ type:"text", text:"…" } }.
+    // The full text arrives in a single event (not token-by-token), but it
+    // can also legitimately be empty during a step_start preamble — we only
+    // emit when there's actual text. `stream_end` is emitted on step_finish
+    // (which is guaranteed at the end of every assistant turn), so we don't
+    // close the stream here.
+    if (raw.type === 'text') {
+      const text = typeof part.text === 'string' ? part.text : '';
+      if (!text) return [];
+      return [createNormalizedMessage({
+        id: baseId,
+        sessionId,
+        timestamp: ts,
+        provider: PROVIDER,
+        kind: 'stream_delta',
+        content: text,
+      })];
+    }
 
+    // Legacy fallback for older builds that still emit `{ type:"message", role:"assistant", content }`.
     if (raw.type === 'message' && raw.role === 'assistant') {
-      const content = raw.content || '';
-      const messages: NormalizedMessage[] = [];
-      if (content) {
-        messages.push(createNormalizedMessage({
-          id: baseId,
-          sessionId,
-          timestamp: ts,
-          provider: PROVIDER,
-          kind: 'stream_delta',
-          content,
-        }));
-      }
+      const content = typeof raw.content === 'string' ? raw.content : '';
+      if (!content) return [];
+      const messages: NormalizedMessage[] = [createNormalizedMessage({
+        id: baseId,
+        sessionId,
+        timestamp: ts,
+        provider: PROVIDER,
+        kind: 'stream_delta',
+        content,
+      })];
       if (raw.delta !== true) {
         messages.push(createNormalizedMessage({
           sessionId,
@@ -52,32 +78,39 @@ export class OpencodeSessionsProvider implements IProviderSessions {
     }
 
     if (raw.type === 'tool_use' || raw.type === 'tool-use') {
+      const state = readObjectRecord(part.state) || {};
       return [createNormalizedMessage({
         id: baseId,
         sessionId,
         timestamp: ts,
         provider: PROVIDER,
         kind: 'tool_use',
-        toolName: raw.tool_name || raw.name,
-        toolInput: raw.parameters || raw.input || {},
-        toolId: raw.tool_id || raw.id || baseId,
+        toolName: String(part.tool || raw.tool_name || raw.name || ''),
+        toolInput: state.input || part.input || raw.parameters || raw.input || {},
+        toolId: String(part.callID || part.id || raw.tool_id || raw.id || baseId),
       })];
     }
 
     if (raw.type === 'tool_result' || raw.type === 'tool-result') {
+      const state = readObjectRecord(part.state) || {};
+      const status = (state.status || raw.status) as string | undefined;
+      const output = state.output ?? part.output ?? raw.output;
       return [createNormalizedMessage({
         id: baseId,
         sessionId,
         timestamp: ts,
         provider: PROVIDER,
         kind: 'tool_result',
-        toolId: raw.tool_id || raw.toolCallId || '',
-        content: raw.output === undefined ? '' : String(raw.output),
-        isError: raw.status === 'error' || Boolean(raw.isError),
+        toolId: String(part.callID || part.id || raw.tool_id || raw.toolCallId || ''),
+        content: output === undefined || output === null ? '' : String(output),
+        isError: status === 'error' || Boolean(raw.isError),
       })];
     }
 
-    if (raw.type === 'result') {
+    // OpenCode signals end-of-turn with `step_finish` (run mode never emits
+    // a top-level `result`). Emit stream_end so the UI clears its
+    // "Processing…" state.
+    if (raw.type === 'step_finish' || raw.type === 'result') {
       return [createNormalizedMessage({
         sessionId,
         timestamp: ts,
@@ -86,6 +119,12 @@ export class OpencodeSessionsProvider implements IProviderSessions {
       })];
     }
 
+    // step_start carries the session ID but no user-visible content — we
+    // capture the session ID elsewhere (response handler) and drop the event.
+    if (raw.type === 'step_start') {
+      return [];
+    }
+
     if (raw.type === 'error') {
       // OpenCode `--format json` emits errors as
       //   { type:"error", error:{ name, data:{ message, statusCode?, isRetryable? } } }

package/server/modules/providers/list/qwen/qwen-sessions.provider.ts

@@ -20,6 +20,53 @@ export class QwenSessionsProvider implements IProviderSessions {
     const ts = raw.timestamp || new Date().toISOString();
     const baseId = raw.uuid || generateMessageId('qwen');
 
+    // Qwen Code stream-json (verified from `qwen --output-format stream-json --yolo`):
+    //   { type:"system", subtype:"init", session_id, ... }
+    //   { type:"assistant", uuid, session_id, message:{ role:"assistant", content:[{type:"text", text:"…"}], usage:{...} } }
+    //   { type:"result",  subtype:"success", result:"…final…", usage:{...} }
+    // The previous matcher (`type==='message' && role==='assistant'`) checked
+    // a shape Qwen has never emitted — every chat returned empty messages,
+    // including API-error messages like "[API Error: 401 invalid access token
+    // or token expired]" which then landed in the void instead of reaching
+    // the user. Match the real shape.
+    if (raw.type === 'assistant' && raw.message && typeof raw.message === 'object') {
+      const msg = raw.message as Record<string, unknown>;
+      const parts = Array.isArray(msg.content) ? (msg.content as Record<string, unknown>[]) : [];
+      const text = parts
+        .map((p) => (typeof p?.text === 'string' ? p.text : ''))
+        .filter(Boolean)
+        .join('');
+      const messages: NormalizedMessage[] = [];
+      if (text) {
+        messages.push(createNormalizedMessage({
+          id: baseId,
+          sessionId,
+          timestamp: ts,
+          provider: PROVIDER,
+          kind: 'stream_delta',
+          content: text,
+        }));
+      }
+      // Surface tool_use parts inline so the agent route can see them too.
+      for (const part of parts) {
+        if (part?.type === 'tool_use') {
+          messages.push(createNormalizedMessage({
+            id: typeof part.id === 'string' ? part.id : generateMessageId('qwen'),
+            sessionId,
+            timestamp: ts,
+            provider: PROVIDER,
+            kind: 'tool_use',
+            toolName: typeof part.name === 'string' ? part.name : '',
+            toolInput: (part.input as AnyRecord) || {},
+            toolId: typeof part.id === 'string' ? part.id : '',
+          }));
+        }
+      }
+      return messages;
+    }
+
+    // Legacy `type:"message"` shape — kept so any persisted history that
+    // pre-dates the stream-json migration still parses cleanly.
     if (raw.type === 'message' && raw.role === 'assistant') {
       const content = raw.content || '';
       const messages: NormalizedMessage[] = [];

package/server/modules/providers/provider.routes.ts

@@ -85,6 +85,31 @@ const PROVIDER_INSTALL_COMMANDS: Record<LLMProvider, string | null> = {
   cursor: null,
 };
 
+/**
+ * Per-provider manual install hints, surfaced when `/install` is called
+ * for a provider Pixcode can't sandbox-install (anything not on npm).
+ * Each entry includes platform-specific commands so the UI can show the
+ * right one for the user's host. Cursor is the only provider in this
+ * bucket today — it ships via curl|bash on POSIX and a downloadable
+ * installer on Windows. We deliberately don't pipe-to-bash from Pixcode,
+ * so the user runs it themselves.
+ */
+const PROVIDER_MANUAL_INSTALL: Partial<Record<LLMProvider, {
+  docsUrl: string;
+  steps: { platform: 'macos' | 'linux' | 'windows'; command: string }[];
+  note: string;
+}>> = {
+  cursor: {
+    docsUrl: 'https://docs.cursor.com/en/cli/installation',
+    steps: [
+      { platform: 'macos',   command: 'curl https://cursor.com/install -fsS | bash' },
+      { platform: 'linux',   command: 'curl https://cursor.com/install -fsS | bash' },
+      { platform: 'windows', command: 'iwr https://cursor.com/install.ps1 -useb | iex' },
+    ],
+    note: 'Cursor ships outside npm — run the command for your platform in a separate terminal, then click "Refresh" on this page once the binary is on PATH.',
+  },
+};
+
 const router = express.Router();
 
 const readPathParam = (value: unknown, name: string): string => {
@@ -450,10 +475,18 @@ router.post(
     const packageName = PROVIDER_INSTALL_PACKAGES[parsed];
     const installCmd = PROVIDER_INSTALL_COMMANDS[parsed];
     if (!packageName || !installCmd) {
-      throw new AppError(
-        `${parsed} cannot be installed automatically — please follow the documented install steps.`,
-        { code: 'PROVIDER_NOT_AUTO_INSTALLABLE', statusCode: 400 },
-      );
+      const manual = PROVIDER_MANUAL_INSTALL[parsed];
+      // Don't 4xx on this — the call ISN'T malformed, the provider is
+      // simply not npm-installable. Return 200 with a `manual` payload
+      // the UI can present as instructions instead of "install failed".
+      res.json(createApiSuccessResponse({
+        provider: parsed,
+        manual: manual || null,
+        message: manual
+          ? `${parsed} ships outside npm. Run the platform-specific command, then refresh.`
+          : `${parsed} cannot be installed automatically — see the provider's documentation.`,
+      }));
+      return;
     }
 
     const job = createInstallJob({ provider: parsed, installCmd, packageName });

package/server/opencode-cli.js

@@ -50,13 +50,34 @@ function mapPermissionModeToArgs(permissionMode, skipPermissions) {
     return { agent: 'build', dangerously: false };
 }
 
+// Pixcode stores OpenCode permissions as two flat lists (`allowPatterns`,
+// `denyPatterns`) in `opencode-settings` localStorage; the backend collapses
+// them into the JSON shape OpenCode reads from `opencode.json`. We pass the
+// merged config inline via `OPENCODE_CONFIG_CONTENT` (a documented OpenCode
+// env var) instead of writing to disk — that way Pixcode's intent doesn't
+// pollute the user's project tree, and project-local opencode.json overrides
+// still take precedence per OpenCode's own precedence rules.
+function buildOpencodePermissionConfig(settings) {
+    const allow = Array.isArray(settings?.allowPatterns) ? settings.allowPatterns.filter(Boolean) : [];
+    const deny = Array.isArray(settings?.denyPatterns) ? settings.denyPatterns.filter(Boolean) : [];
+    if (!allow.length && !deny.length) return null;
+
+    const bash = {};
+    // Deny rules win when patterns collide — apply allow first so deny
+    // overwrites duplicates.
+    for (const pattern of allow) bash[pattern] = 'allow';
+    for (const pattern of deny) bash[pattern] = 'deny';
+
+    return { permission: { bash } };
+}
+
 async function spawnOpencode(command, options = {}, ws) {
     const { sessionId, projectPath, cwd, toolsSettings, permissionMode, images, sessionSummary, agent: agentOverride } = options;
     let capturedSessionId = sessionId;
     let sessionCreatedSent = false;
     let assistantBlocks = [];
 
-    const settings = toolsSettings || { allowedTools: [], disallowedTools: [], skipPermissions: false };
+    const settings = toolsSettings || { allowPatterns: [], denyPatterns: [], skipPermissions: false };
 
     const safeSessionIdPattern = /^[a-zA-Z0-9_.\-:]+$/;
     const args = ['run', '--format', 'json'];
@@ -73,7 +94,10 @@ async function spawnOpencode(command, options = {}, ws) {
     if (sessionId) {
         const session = sessionManager.getSession(sessionId);
         const cliId = session?.cliSessionId || sessionId;
-        if (cliId && safeSessionIdPattern.test(cliId)) {
+        // OpenCode CLI requires session IDs to start with 'ses' (e.g. ses_22d6…).
+        // Pixcode's internal IDs (opencode_xxxxx) must NOT be passed to -s,
+        // otherwise the CLI exits with "Invalid session ID: must start with 'ses'".
+        if (cliId && safeSessionIdPattern.test(cliId) && cliId.startsWith('ses')) {
             args.push('-s', cliId);
         }
     }
@@ -135,6 +159,21 @@ async function spawnOpencode(command, options = {}, ws) {
 
     const spawnEnv = await buildSpawnEnv('opencode');
 
+    // Inject Pixcode's permission allow/deny patterns as inline OpenCode config.
+    // Skipped when `--dangerously-skip-permissions` is on (the flag overrides
+    // the config anyway) and when both lists are empty (avoid clobbering a
+    // project-local opencode.json the user has hand-tuned).
+    if (!dangerously) {
+        const permConfig = buildOpencodePermissionConfig(settings);
+        if (permConfig) {
+            try {
+                spawnEnv.OPENCODE_CONFIG_CONTENT = JSON.stringify(permConfig);
+            } catch (error) {
+                console.warn('[opencode] Failed to serialize permission config:', error?.message || error);
+            }
+        }
+    }
+
     return new Promise((resolve, reject) => {
         const opencodeProcess = spawnFunction(spawnCmd, spawnArgs, {
             cwd: workingDir,

package/server/opencode-response-handler.js

@@ -1,10 +1,22 @@
 // OpenCode Response Handler — `opencode run --format json` parser.
 //
-// The JSON format streams one event per line (NDJSON). Event shapes follow
-// the OpenAPI contract exposed by `opencode serve`. We treat the stream
-// permissively: lines that don't parse as JSON are passed through as plain
-// text deltas (covers OpenCode's pre-stream banner output and any debug
-// noise the CLI emits to stdout).
+// The JSON format streams one event per line (NDJSON). Verified shapes
+// (opencode-ai 0.x, see opencode.ai/docs/cli):
+//
+//   { type:"step_start",  timestamp, sessionID, part:{ type:"step-start",  id, messageID, sessionID } }
+//   { type:"text",        timestamp, sessionID, part:{ type:"text", id, messageID, sessionID, text:"…", time:{…}, metadata:{…} } }
+//   { type:"tool_use",    timestamp, sessionID, part:{ type:"tool-use",  callID, tool, state:{ input } } }
+//   { type:"tool_result", timestamp, sessionID, part:{ type:"tool-result", callID, state:{ output, status } } }
+//   { type:"step_finish", timestamp, sessionID, part:{ type:"step-finish", reason, tokens, cost } }
+//   { type:"error",       timestamp, sessionID, error:{ name, data:{ message, statusCode? } } }
+//
+// Important: field names are camelCase — `sessionID`, `callID`, `messageID`.
+// Earlier integration code assumed snake_case (`session_id`, `tool_id`) which
+// is wrong; nothing in `opencode run --format json` uses snake_case.
+//
+// Lines that don't parse as JSON are surfaced as plain text deltas (covers
+// the CLI's pre-stream banner output, "Shell cwd was reset to …" notices on
+// Windows, and any debug noise).
 import { sessionsService } from './modules/providers/services/sessions.service.js';
 
 class OpencodeResponseHandler {
@@ -15,6 +27,7 @@ class OpencodeResponseHandler {
     this.onInit = options.onInit || null;
     this.onToolUse = options.onToolUse || null;
     this.onToolResult = options.onToolResult || null;
+    this.capturedCliSessionId = null;
   }
 
   processData(data) {
@@ -40,37 +53,31 @@ class OpencodeResponseHandler {
   handleEvent(event) {
     const sid = typeof this.ws.getSessionId === 'function' ? this.ws.getSessionId() : null;
 
-    if (event.type === 'init' || event.type === 'session.start') {
-      if (this.onInit) this.onInit(event);
-      return;
+    // Capture OpenCode's real session ID (e.g. `ses_22d6…`) the first time we
+    // see one. Every event carries `sessionID` at the top level — we don't
+    // wait for an `init`/`session.start` event because OpenCode `run --format
+    // json` never emits those (the first event is always `step_start`).
+    if (!this.capturedCliSessionId && typeof event.sessionID === 'string' && event.sessionID) {
+      this.capturedCliSessionId = event.sessionID;
+      if (this.onInit) this.onInit({ session_id: event.sessionID, sessionID: event.sessionID });
     }
 
-    // OpenCode emits assistant text as either a top-level `text` event
-    // (current `--format json` shape: `{ type: "text", part: { text } }`)
-    // or as `message`/`part` legacy shapes from earlier builds. Cover all
-    // three so we don't drop tokens on a CLI version we haven't matched.
-    if (event.type === 'text' && event.part && typeof event.part.text === 'string') {
-      if (this.onContentFragment && event.part.text) this.onContentFragment(event.part.text);
-    } else if (event.type === 'message' && event.role === 'assistant') {
-      const content = event.content || event.text || '';
-      if (this.onContentFragment && content) this.onContentFragment(content);
-    } else if (event.type === 'part' && event.part_type === 'text') {
-      const content = event.text || event.content || '';
-      if (this.onContentFragment && content) this.onContentFragment(content);
+    const part = event.part && typeof event.part === 'object' ? event.part : null;
+
+    if (event.type === 'text' && part && typeof part.text === 'string') {
+      if (this.onContentFragment && part.text) this.onContentFragment(part.text);
     } else if (event.type === 'tool_use' || event.type === 'tool-use' || event.type === 'tool.start') {
-      // Tool-use shape on `--format json`: `{ type:"tool_use", part:{ callID, tool, state:{ input } } }`
-      const part = event.part || event;
+      const state = part?.state && typeof part.state === 'object' ? part.state : {};
       if (this.onToolUse) this.onToolUse({
-        tool_id: part.callID || part.id || event.tool_id,
-        tool_name: part.tool || part.name || event.tool_name,
-        parameters: part.state?.input || part.input || event.parameters || {},
+        tool_id: part?.callID || part?.id || event.tool_id || '',
+        tool_name: part?.tool || part?.name || event.tool_name || '',
+        parameters: state.input || part?.input || event.parameters || {},
       });
     } else if (event.type === 'tool_result' || event.type === 'tool-result' || event.type === 'tool.end') {
-      const part = event.part || event;
-      const state = part.state || {};
+      const state = part?.state && typeof part.state === 'object' ? part.state : {};
       if (this.onToolResult) this.onToolResult({
-        tool_id: part.callID || part.id || event.tool_id,
-        output: state.output ?? part.output ?? event.output ?? event.result ?? '',
+        tool_id: part?.callID || part?.id || event.tool_id || '',
+        output: state.output ?? part?.output ?? event.output ?? event.result ?? '',
         status: state.status || event.status || (event.isError ? 'error' : 'ok'),
       });
     }