@pixelbyte-software/pixcode 1.34.0 → 1.35.0

package/server/modules/providers/list/qwen/qwen-mcp.provider.ts

@@ -1,114 +1,114 @@
-import os from 'node:os';
-import path from 'node:path';
-
-import { McpProvider } from '@/modules/providers/shared/mcp/mcp.provider.js';
-import type { McpScope, ProviderMcpServer, UpsertProviderMcpServerInput } from '@/shared/types.js';
-import {
-  AppError,
-  readJsonConfig,
-  readObjectRecord,
-  readOptionalString,
-  readStringArray,
-  readStringRecord,
-  writeJsonConfig,
-} from '@/shared/utils.js';
-
-/**
- * Qwen Code MCP provider. Qwen reads MCP servers out of the same
- * `settings.json` shape Gemini uses, just under `~/.qwen/` instead of
- * `~/.gemini/`. Supported transports and scopes match Gemini.
- */
-export class QwenMcpProvider extends McpProvider {
-  constructor() {
-    super('qwen', ['user', 'project'], ['stdio', 'http', 'sse']);
-  }
-
-  protected async readScopedServers(scope: McpScope, workspacePath: string): Promise<Record<string, unknown>> {
-    const filePath = scope === 'user'
-      ? path.join(os.homedir(), '.qwen', 'settings.json')
-      : path.join(workspacePath, '.qwen', 'settings.json');
-    const config = await readJsonConfig(filePath);
-    return readObjectRecord(config.mcpServers) ?? {};
-  }
-
-  protected async writeScopedServers(
-    scope: McpScope,
-    workspacePath: string,
-    servers: Record<string, unknown>,
-  ): Promise<void> {
-    const filePath = scope === 'user'
-      ? path.join(os.homedir(), '.qwen', 'settings.json')
-      : path.join(workspacePath, '.qwen', 'settings.json');
-    const config = await readJsonConfig(filePath);
-    config.mcpServers = servers;
-    await writeJsonConfig(filePath, config);
-  }
-
-  protected buildServerConfig(input: UpsertProviderMcpServerInput): Record<string, unknown> {
-    if (input.transport === 'stdio') {
-      if (!input.command?.trim()) {
-        throw new AppError('command is required for stdio MCP servers.', {
-          code: 'MCP_COMMAND_REQUIRED',
-          statusCode: 400,
-        });
-      }
-      return {
-        command: input.command,
-        args: input.args ?? [],
-        env: input.env ?? {},
-        cwd: input.cwd,
-      };
-    }
-
-    if (!input.url?.trim()) {
-      throw new AppError('url is required for http/sse MCP servers.', {
-        code: 'MCP_URL_REQUIRED',
-        statusCode: 400,
-      });
-    }
-
-    return {
-      type: input.transport,
-      url: input.url,
-      headers: input.headers ?? {},
-    };
-  }
-
-  protected normalizeServerConfig(
-    scope: McpScope,
-    name: string,
-    rawConfig: unknown,
-  ): ProviderMcpServer | null {
-    if (!rawConfig || typeof rawConfig !== 'object') {
-      return null;
-    }
-
-    const config = rawConfig as Record<string, unknown>;
-    if (typeof config.command === 'string') {
-      return {
-        provider: 'qwen',
-        name,
-        scope,
-        transport: 'stdio',
-        command: config.command,
-        args: readStringArray(config.args),
-        env: readStringRecord(config.env),
-        cwd: readOptionalString(config.cwd),
-      };
-    }
-
-    if (typeof config.url === 'string') {
-      const transport = readOptionalString(config.type) === 'sse' ? 'sse' : 'http';
-      return {
-        provider: 'qwen',
-        name,
-        scope,
-        transport,
-        url: config.url,
-        headers: readStringRecord(config.headers),
-      };
-    }
-
-    return null;
-  }
-}
+import os from 'node:os';
+import path from 'node:path';
+
+import { McpProvider } from '@/modules/providers/shared/mcp/mcp.provider.js';
+import type { McpScope, ProviderMcpServer, UpsertProviderMcpServerInput } from '@/shared/types.js';
+import {
+  AppError,
+  readJsonConfig,
+  readObjectRecord,
+  readOptionalString,
+  readStringArray,
+  readStringRecord,
+  writeJsonConfig,
+} from '@/shared/utils.js';
+
+/**
+ * Qwen Code MCP provider. Qwen reads MCP servers out of the same
+ * `settings.json` shape Gemini uses, just under `~/.qwen/` instead of
+ * `~/.gemini/`. Supported transports and scopes match Gemini.
+ */
+export class QwenMcpProvider extends McpProvider {
+  constructor() {
+    super('qwen', ['user', 'project'], ['stdio', 'http', 'sse']);
+  }
+
+  protected async readScopedServers(scope: McpScope, workspacePath: string): Promise<Record<string, unknown>> {
+    const filePath = scope === 'user'
+      ? path.join(os.homedir(), '.qwen', 'settings.json')
+      : path.join(workspacePath, '.qwen', 'settings.json');
+    const config = await readJsonConfig(filePath);
+    return readObjectRecord(config.mcpServers) ?? {};
+  }
+
+  protected async writeScopedServers(
+    scope: McpScope,
+    workspacePath: string,
+    servers: Record<string, unknown>,
+  ): Promise<void> {
+    const filePath = scope === 'user'
+      ? path.join(os.homedir(), '.qwen', 'settings.json')
+      : path.join(workspacePath, '.qwen', 'settings.json');
+    const config = await readJsonConfig(filePath);
+    config.mcpServers = servers;
+    await writeJsonConfig(filePath, config);
+  }
+
+  protected buildServerConfig(input: UpsertProviderMcpServerInput): Record<string, unknown> {
+    if (input.transport === 'stdio') {
+      if (!input.command?.trim()) {
+        throw new AppError('command is required for stdio MCP servers.', {
+          code: 'MCP_COMMAND_REQUIRED',
+          statusCode: 400,
+        });
+      }
+      return {
+        command: input.command,
+        args: input.args ?? [],
+        env: input.env ?? {},
+        cwd: input.cwd,
+      };
+    }
+
+    if (!input.url?.trim()) {
+      throw new AppError('url is required for http/sse MCP servers.', {
+        code: 'MCP_URL_REQUIRED',
+        statusCode: 400,
+      });
+    }
+
+    return {
+      type: input.transport,
+      url: input.url,
+      headers: input.headers ?? {},
+    };
+  }
+
+  protected normalizeServerConfig(
+    scope: McpScope,
+    name: string,
+    rawConfig: unknown,
+  ): ProviderMcpServer | null {
+    if (!rawConfig || typeof rawConfig !== 'object') {
+      return null;
+    }
+
+    const config = rawConfig as Record<string, unknown>;
+    if (typeof config.command === 'string') {
+      return {
+        provider: 'qwen',
+        name,
+        scope,
+        transport: 'stdio',
+        command: config.command,
+        args: readStringArray(config.args),
+        env: readStringRecord(config.env),
+        cwd: readOptionalString(config.cwd),
+      };
+    }
+
+    if (typeof config.url === 'string') {
+      const transport = readOptionalString(config.type) === 'sse' ? 'sse' : 'http';
+      return {
+        provider: 'qwen',
+        name,
+        scope,
+        transport,
+        url: config.url,
+        headers: readStringRecord(config.headers),
+      };
+    }
+
+    return null;
+  }
+}

package/server/modules/providers/list/qwen/qwen.provider.ts

@@ -1,21 +1,21 @@
-import { AbstractProvider } from '@/modules/providers/shared/base/abstract.provider.js';
-import { QwenProviderAuth } from '@/modules/providers/list/qwen/qwen-auth.provider.js';
-import { QwenMcpProvider } from '@/modules/providers/list/qwen/qwen-mcp.provider.js';
-import { QwenSessionsProvider } from '@/modules/providers/list/qwen/qwen-sessions.provider.js';
-import type { IProviderAuth, IProviderSessions } from '@/shared/interfaces.js';
-
-/**
- * Qwen Code provider (Alibaba's Gemini CLI fork). The three sub-providers
- * mirror the Gemini layout — Qwen shares the on-disk layout, config format,
- * and stream-json protocol, so the auth/mcp/sessions modules are intentional
- * structural twins.
- */
-export class QwenProvider extends AbstractProvider {
-  readonly mcp = new QwenMcpProvider();
-  readonly auth: IProviderAuth = new QwenProviderAuth();
-  readonly sessions: IProviderSessions = new QwenSessionsProvider();
-
-  constructor() {
-    super('qwen');
-  }
-}
+import { AbstractProvider } from '@/modules/providers/shared/base/abstract.provider.js';
+import { QwenProviderAuth } from '@/modules/providers/list/qwen/qwen-auth.provider.js';
+import { QwenMcpProvider } from '@/modules/providers/list/qwen/qwen-mcp.provider.js';
+import { QwenSessionsProvider } from '@/modules/providers/list/qwen/qwen-sessions.provider.js';
+import type { IProviderAuth, IProviderSessions } from '@/shared/interfaces.js';
+
+/**
+ * Qwen Code provider (Alibaba's Gemini CLI fork). The three sub-providers
+ * mirror the Gemini layout — Qwen shares the on-disk layout, config format,
+ * and stream-json protocol, so the auth/mcp/sessions modules are intentional
+ * structural twins.
+ */
+export class QwenProvider extends AbstractProvider {
+  readonly mcp = new QwenMcpProvider();
+  readonly auth: IProviderAuth = new QwenProviderAuth();
+  readonly sessions: IProviderSessions = new QwenSessionsProvider();
+
+  constructor() {
+    super('qwen');
+  }
+}

package/server/modules/providers/shared/provider-configs.ts

@@ -1,142 +1,142 @@
-/**
- * Registry of user-editable config files per provider CLI.
- *
- * This is the single source of truth for the Settings → Agents →
- * Configuration tab. Adding a new provider? Append a row here and the
- * UI + API pick it up — no component changes required.
- *
- * Rules:
- *   - `relativePath` is relative to the user's home directory.
- *     We never accept absolute paths from the client; the server
- *     resolves these explicitly so path traversal is impossible.
- *   - `format` drives the CodeMirror language extension on the client.
- *   - `readonly: true` hides the Save button and the server rejects
- *     writes. Use it for files the CLI owns (e.g. OAuth tokens).
- *   - `description` is shown as a subtle caption under the editor.
- */
-
-export type ProviderConfigFormat = 'json' | 'toml' | 'env' | 'text';
-
-export type ProviderConfigFile = {
-  id: string;
-  label: string;
-  relativePath: string;
-  format: ProviderConfigFormat;
-  readonly?: boolean;
-  description?: string;
-};
-
-export const PROVIDER_CONFIG_FILES: Record<string, ProviderConfigFile[]> = {
-  claude: [
-    {
-      id: 'settings',
-      label: 'settings.json',
-      relativePath: '.claude/settings.json',
-      format: 'json',
-      description: 'Main Claude Code settings — default model, system prompt, tool policy.',
-    },
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.claude/.env',
-      format: 'env',
-      description: 'Environment variables loaded when Claude runs (e.g. ANTHROPIC_API_KEY).',
-    },
-  ],
-  codex: [
-    {
-      id: 'config',
-      label: 'config.toml',
-      relativePath: '.codex/config.toml',
-      format: 'toml',
-      description: 'Main Codex CLI config — models, MCP servers, approval policy, sandbox mode.',
-    },
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.codex/.env',
-      format: 'env',
-      description: 'Environment variables (OPENAI_API_KEY, OPENAI_BASE_URL, …).',
-    },
-    {
-      id: 'auth',
-      label: 'auth.json',
-      relativePath: '.codex/auth.json',
-      format: 'json',
-      readonly: true,
-      description: 'OAuth tokens managed by `codex login`. Read-only; editing here would corrupt the session.',
-    },
-  ],
-  cursor: [
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.cursor/.env',
-      format: 'env',
-      description: 'Cursor CLI environment variables.',
-    },
-  ],
-  gemini: [
-    {
-      id: 'settings',
-      label: 'settings.json',
-      relativePath: '.gemini/settings.json',
-      format: 'json',
-      description: 'Main Gemini CLI settings — selected model, MCP servers, tool approval mode.',
-    },
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.gemini/.env',
-      format: 'env',
-      description: 'Environment variables (GOOGLE_API_KEY, GEMINI_API_KEY, …).',
-    },
-  ],
-  qwen: [
-    {
-      id: 'settings',
-      label: 'settings.json',
-      relativePath: '.qwen/settings.json',
-      format: 'json',
-      description: 'Main Qwen Code settings — selected model, MCP servers, approval mode.',
-    },
-    {
-      id: 'env',
-      label: '.env',
-      relativePath: '.qwen/.env',
-      format: 'env',
-      description: 'Environment variables (DASHSCOPE_API_KEY, OPENAI_API_KEY for OpenAI-compatible routes, …).',
-    },
-  ],
-  opencode: [
-    {
-      id: 'config',
-      label: 'opencode.json',
-      relativePath: '.config/opencode/opencode.json',
-      format: 'json',
-      description: 'Main OpenCode config — provider, model, MCP servers, permission rules, agents.',
-    },
-    {
-      id: 'tui',
-      label: 'tui.json',
-      relativePath: '.config/opencode/tui.json',
-      format: 'json',
-      description: 'Terminal UI preferences (theme, keybinds). Separate from the main config since 2026-02.',
-    },
-    {
-      id: 'auth',
-      label: 'auth.json',
-      relativePath: '.local/share/opencode/auth.json',
-      format: 'json',
-      readonly: true,
-      description: 'Provider credentials managed by `opencode auth login`. Read-only here; editing would corrupt stored OAuth tokens.',
-    },
-  ],
-};
-
-export const SUPPORTED_CONFIG_PROVIDERS = Object.keys(PROVIDER_CONFIG_FILES);
-
-// Hard cap — no config file we care about is remotely this big, but we
-// want to refuse reads and writes that would swell memory. Editing a 1 MB
-// settings.json is already a smell.
-export const MAX_CONFIG_FILE_SIZE_BYTES = 1_048_576; // 1 MB
+/**
+ * Registry of user-editable config files per provider CLI.
+ *
+ * This is the single source of truth for the Settings → Agents →
+ * Configuration tab. Adding a new provider? Append a row here and the
+ * UI + API pick it up — no component changes required.
+ *
+ * Rules:
+ *   - `relativePath` is relative to the user's home directory.
+ *     We never accept absolute paths from the client; the server
+ *     resolves these explicitly so path traversal is impossible.
+ *   - `format` drives the CodeMirror language extension on the client.
+ *   - `readonly: true` hides the Save button and the server rejects
+ *     writes. Use it for files the CLI owns (e.g. OAuth tokens).
+ *   - `description` is shown as a subtle caption under the editor.
+ */
+
+export type ProviderConfigFormat = 'json' | 'toml' | 'env' | 'text';
+
+export type ProviderConfigFile = {
+  id: string;
+  label: string;
+  relativePath: string;
+  format: ProviderConfigFormat;
+  readonly?: boolean;
+  description?: string;
+};
+
+export const PROVIDER_CONFIG_FILES: Record<string, ProviderConfigFile[]> = {
+  claude: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.claude/settings.json',
+      format: 'json',
+      description: 'Main Claude Code settings — default model, system prompt, tool policy.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.claude/.env',
+      format: 'env',
+      description: 'Environment variables loaded when Claude runs (e.g. ANTHROPIC_API_KEY).',
+    },
+  ],
+  codex: [
+    {
+      id: 'config',
+      label: 'config.toml',
+      relativePath: '.codex/config.toml',
+      format: 'toml',
+      description: 'Main Codex CLI config — models, MCP servers, approval policy, sandbox mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.codex/.env',
+      format: 'env',
+      description: 'Environment variables (OPENAI_API_KEY, OPENAI_BASE_URL, …).',
+    },
+    {
+      id: 'auth',
+      label: 'auth.json',
+      relativePath: '.codex/auth.json',
+      format: 'json',
+      readonly: true,
+      description: 'OAuth tokens managed by `codex login`. Read-only; editing here would corrupt the session.',
+    },
+  ],
+  cursor: [
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.cursor/.env',
+      format: 'env',
+      description: 'Cursor CLI environment variables.',
+    },
+  ],
+  gemini: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.gemini/settings.json',
+      format: 'json',
+      description: 'Main Gemini CLI settings — selected model, MCP servers, tool approval mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.gemini/.env',
+      format: 'env',
+      description: 'Environment variables (GOOGLE_API_KEY, GEMINI_API_KEY, …).',
+    },
+  ],
+  qwen: [
+    {
+      id: 'settings',
+      label: 'settings.json',
+      relativePath: '.qwen/settings.json',
+      format: 'json',
+      description: 'Main Qwen Code settings — selected model, MCP servers, approval mode.',
+    },
+    {
+      id: 'env',
+      label: '.env',
+      relativePath: '.qwen/.env',
+      format: 'env',
+      description: 'Environment variables (DASHSCOPE_API_KEY, OPENAI_API_KEY for OpenAI-compatible routes, …).',
+    },
+  ],
+  opencode: [
+    {
+      id: 'config',
+      label: 'opencode.json',
+      relativePath: '.config/opencode/opencode.json',
+      format: 'json',
+      description: 'Main OpenCode config — provider, model, MCP servers, permission rules, agents.',
+    },
+    {
+      id: 'tui',
+      label: 'tui.json',
+      relativePath: '.config/opencode/tui.json',
+      format: 'json',
+      description: 'Terminal UI preferences (theme, keybinds). Separate from the main config since 2026-02.',
+    },
+    {
+      id: 'auth',
+      label: 'auth.json',
+      relativePath: '.local/share/opencode/auth.json',
+      format: 'json',
+      readonly: true,
+      description: 'Provider credentials managed by `opencode auth login`. Read-only here; editing would corrupt stored OAuth tokens.',
+    },
+  ],
+};
+
+export const SUPPORTED_CONFIG_PROVIDERS = Object.keys(PROVIDER_CONFIG_FILES);
+
+// Hard cap — no config file we care about is remotely this big, but we
+// want to refuse reads and writes that would swell memory. Editing a 1 MB
+// settings.json is already a smell.
+export const MAX_CONFIG_FILE_SIZE_BYTES = 1_048_576; // 1 MB

package/server/openai-codex.js

@@ -13,7 +13,11 @@
  * - getActiveCodexSessions() - List all active sessions
  */
 
+import { accessSync, constants } from 'node:fs';
+import path from 'node:path';
+
 import { Codex } from '@openai/codex-sdk';
+
 import { notifyRunFailed, notifyRunStopped } from './services/notification-orchestrator.js';
 import { sessionsService } from './modules/providers/services/sessions.service.js';
 import { providerAuthService } from './modules/providers/services/provider-auth.service.js';
@@ -22,6 +26,34 @@ import { createNormalizedMessage } from './shared/utils.js';
 // Track active sessions
 const activeCodexSessions = new Map();
 
+function isExecutable(filePath) {
+  try {
+    accessSync(filePath, constants.X_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function resolveCodexPathOverride() {
+  const configuredPath = process.env.CODEX_CLI_PATH || process.env.CODEX_PATH;
+  if (configuredPath && isExecutable(configuredPath)) {
+    return configuredPath;
+  }
+
+  const pathCandidates = (process.env.PATH || '')
+    .split(path.delimiter)
+    .filter(Boolean)
+    .map((entry) => path.join(entry, 'codex'));
+
+  return [
+    ...pathCandidates,
+    '/root/.npm-global/bin/codex',
+    '/usr/local/bin/codex',
+    '/usr/bin/codex',
+  ].find(isExecutable);
+}
+
 /**
  * Transform Codex SDK event to WebSocket message format
  * @param {object} event - SDK event
@@ -213,16 +245,20 @@ export async function queryCodex(command, options = {}, ws) {
 
   try {
     // Initialize Codex SDK
-    codex = new Codex();
+    const codexPathOverride = resolveCodexPathOverride();
+    codex = new Codex(codexPathOverride ? { codexPathOverride } : undefined);
 
-    // Thread options with sandbox and approval settings
+    // Thread options with sandbox and approval settings. Do not pass a blank
+    // model: the SDK may resolve it to a hard default instead of CLI settings.
     const threadOptions = {
       workingDirectory,
       skipGitRepoCheck: true,
       sandboxMode,
-      approvalPolicy,
-      model
+      approvalPolicy
     };
+    if (typeof model === 'string' && model.trim()) {
+      threadOptions.model = model.trim();
+    }
 
     // Start or resume thread
     if (sessionId) {