@pixelbyte-software/pixcode 1.34.0 → 1.35.1

package/server/modules/orchestration/workspace/workspace-manager.ts

@@ -0,0 +1,97 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+import { DockerWorkspace } from '@/modules/orchestration/workspace/docker-workspace.js';
+import { safeJoin } from '@/modules/orchestration/workspace/path-safety.js';
+import type {
+  ExecResult,
+  WorkspaceHandle,
+  WorkspaceKind,
+  WorkspaceRequest,
+} from '@/modules/orchestration/workspace/types.js';
+import { WorktreeWorkspace } from '@/modules/orchestration/workspace/worktree-workspace.js';
+
+class HostWorkspace implements WorkspaceHandle {
+  readonly kind = 'host' as const;
+  readonly id: string;
+  readonly path: string;
+  readonly baseRef: string;
+  readonly metadata: Record<string, unknown>;
+
+  constructor(request: WorkspaceRequest) {
+    this.id = `host_${request.taskId}`;
+    this.path = request.projectPath;
+    this.baseRef = request.baseRef ?? 'HEAD';
+    this.metadata = { ...request.metadata, keepAfterCompletion: true };
+  }
+
+  async exec(command: string, args: string[] = []): Promise<ExecResult> {
+    const { execFile } = await import('node:child_process');
+    const { promisify } = await import('node:util');
+    const execFileAsync = promisify(execFile);
+    try {
+      const { stdout, stderr } = await execFileAsync(command, args, {
+        cwd: this.path,
+        maxBuffer: 20 * 1024 * 1024,
+      });
+      return { stdout: String(stdout), stderr: String(stderr), exitCode: 0 };
+    } catch (error) {
+      const err = error as Error & { stdout?: string; stderr?: string; code?: number };
+      return {
+        stdout: String(err.stdout ?? ''),
+        stderr: String(err.stderr ?? err.message),
+        exitCode: typeof err.code === 'number' ? err.code : 1,
+      };
+    }
+  }
+
+  async readFile(relativePath: string): Promise<string> {
+    return fs.promises.readFile(safeJoin(this.path, relativePath), 'utf8');
+  }
+
+  async writeFile(relativePath: string, content: string): Promise<void> {
+    const target = safeJoin(this.path, relativePath);
+    await fs.promises.mkdir(path.dirname(target), { recursive: true });
+    await fs.promises.writeFile(target, content, 'utf8');
+  }
+
+  async diff(): Promise<string> {
+    const result = await this.exec('git', ['diff', `${this.baseRef}...HEAD`]);
+    return result.exitCode === 0 ? result.stdout : result.stderr || result.stdout;
+  }
+
+  destroy(): Promise<void> {
+    return Promise.resolve();
+  }
+}
+
+function readKind(value: unknown): WorkspaceKind {
+  return value === 'host' || value === 'docker' || value === 'worktree' ? value : 'worktree';
+}
+
+class WorkspaceManager {
+  async create(request: WorkspaceRequest): Promise<WorkspaceHandle> {
+    const kind = readKind(request.kind);
+    if (kind === 'host') {
+      return new HostWorkspace(request);
+    }
+    if (kind === 'docker') {
+      return new DockerWorkspace(request);
+    }
+    return WorktreeWorkspace.create(request);
+  }
+
+  recover(request: WorkspaceRequest): WorkspaceHandle {
+    return new HostWorkspace({
+      ...request,
+      kind: 'host',
+      metadata: {
+        ...request.metadata,
+        recovered: true,
+      },
+    });
+  }
+}
+
+export const workspaceManager = new WorkspaceManager();
+export type { WorkspaceManager };

package/server/modules/orchestration/workspace/worktree-workspace.ts

@@ -0,0 +1,125 @@
+import { execFile } from 'node:child_process';
+import fs from 'node:fs/promises';
+import path from 'node:path';
+import { promisify } from 'node:util';
+
+import { assertSafeId, safeJoin, safeWorkspacePath } from '@/modules/orchestration/workspace/path-safety.js';
+import type {
+  ExecResult,
+  WorkspaceHandle,
+  WorkspaceRequest,
+} from '@/modules/orchestration/workspace/types.js';
+import { WorkspaceError } from '@/modules/orchestration/workspace/types.js';
+
+const execFileAsync = promisify(execFile);
+
+async function run(
+  command: string,
+  args: string[],
+  cwd: string,
+): Promise<ExecResult> {
+  try {
+    const { stdout, stderr } = await execFileAsync(command, args, {
+      cwd,
+      maxBuffer: 20 * 1024 * 1024,
+    });
+    return {
+      stdout: String(stdout),
+      stderr: String(stderr),
+      exitCode: 0,
+    };
+  } catch (error) {
+    const err = error as Error & {
+      stdout?: string | Buffer;
+      stderr?: string | Buffer;
+      code?: number;
+    };
+    return {
+      stdout: String(err.stdout ?? ''),
+      stderr: String(err.stderr ?? err.message),
+      exitCode: typeof err.code === 'number' ? err.code : 1,
+    };
+  }
+}
+
+export class WorktreeWorkspace implements WorkspaceHandle {
+  readonly kind = 'worktree' as const;
+  readonly id: string;
+  readonly path: string;
+  readonly baseRef: string;
+  readonly branchName: string;
+  readonly metadata: Record<string, unknown>;
+  private readonly projectPath: string;
+
+  private constructor(request: WorkspaceRequest, workspaceId: string, branchName: string) {
+    this.id = workspaceId;
+    this.path = safeWorkspacePath(workspaceId);
+    this.baseRef = request.baseRef ?? 'HEAD';
+    this.branchName = branchName;
+    this.projectPath = request.projectPath;
+    this.metadata = {
+      ...request.metadata,
+      keepAfterCompletion: request.keepAfterCompletion === true,
+    };
+  }
+
+  static async create(request: WorkspaceRequest): Promise<WorktreeWorkspace> {
+    assertSafeId(request.taskId, 'task id');
+    const workspaceId = `ws_${request.taskId}`;
+    const branchName = `pixcode/task_${request.taskId}`;
+    const workspace = new WorktreeWorkspace(request, workspaceId, branchName);
+
+    const existingBranch = await run('git', ['rev-parse', '--verify', branchName], request.projectPath);
+    if (existingBranch.exitCode === 0) {
+      throw new WorkspaceError('WORKSPACE_EXISTS', `Workspace branch already exists: ${branchName}`, {
+        branchName,
+      });
+    }
+
+    const result = await run(
+      'git',
+      ['worktree', 'add', workspace.path, '-b', branchName, workspace.baseRef],
+      request.projectPath,
+    );
+    if (result.exitCode !== 0) {
+      throw new WorkspaceError('WORKSPACE_CREATE_FAILED', result.stderr || result.stdout, {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        baseRef: workspace.baseRef,
+      });
+    }
+
+    return workspace;
+  }
+
+  exec(command: string, args: string[] = []): Promise<ExecResult> {
+    return run(command, args, this.path);
+  }
+
+  async readFile(relativePath: string): Promise<string> {
+    return fs.readFile(safeJoin(this.path, relativePath), 'utf8');
+  }
+
+  async writeFile(relativePath: string, content: string): Promise<void> {
+    const target = safeJoin(this.path, relativePath);
+    await fs.mkdir(path.dirname(target), { recursive: true });
+    await fs.writeFile(target, content, 'utf8');
+  }
+
+  async diff(): Promise<string> {
+    const result = await run('git', ['diff', `${this.baseRef}...HEAD`], this.path);
+    if (result.exitCode !== 0) {
+      return result.stderr || result.stdout;
+    }
+    return result.stdout;
+  }
+
+  async destroy(): Promise<void> {
+    const result = await run('git', ['worktree', 'remove', '--force', this.path], this.projectPath);
+    if (result.exitCode !== 0) {
+      throw new WorkspaceError('WORKSPACE_DESTROY_FAILED', result.stderr || result.stdout, {
+        workspacePath: this.path,
+      });
+    }
+  }
+}

package/server/modules/providers/index.ts

@@ -0,0 +1,2 @@
+export { providerRegistry } from './provider.registry.js';
+export { CodexSessionsProvider } from './list/codex/codex-sessions.provider.js';

package/server/modules/providers/list/claude/claude-auth.provider.ts

@@ -1,145 +1,145 @@
-import { readFile } from 'node:fs/promises';
-import os from 'node:os';
-import path from 'node:path';
-
-import spawn from 'cross-spawn';
-
-import type { IProviderAuth } from '@/shared/interfaces.js';
-import type { ProviderAuthStatus } from '@/shared/types.js';
-import { readObjectRecord, readOptionalString } from '@/shared/utils.js';
-// eslint-disable-next-line @typescript-eslint/ban-ts-comment
-// @ts-ignore — plain-JS module
-import { getProviderCredentials } from '@/services/provider-credentials.js';
-
-type ClaudeCredentialsStatus = {
-  authenticated: boolean;
-  email: string | null;
-  method: string | null;
-  error?: string;
-};
-
-export class ClaudeProviderAuth implements IProviderAuth {
-  /**
-   * Checks whether the Claude Code CLI is available on this host.
-   *
-   * NOTE: `cross-spawn.sync` does NOT throw on ENOENT — it returns a result
-   * object with `error` populated. The try/catch alone was always returning
-   * true and every provider appeared "installed". We now require both
-   * `!result.error` and a numeric exit status (0 for `--version`) before
-   * trusting the install.
-   */
-  private checkInstalled(): boolean {
-    const cliPath = process.env.CLAUDE_CLI_PATH || 'claude';
-    try {
-      const result = spawn.sync(cliPath, ['--version'], { stdio: 'ignore', timeout: 5000 });
-      return !result.error && result.status === 0;
-    } catch {
-      return false;
-    }
-  }
-
-  /**
-   * Returns Claude installation and credential status using Claude Code's auth priority.
-   */
-  async getStatus(): Promise<ProviderAuthStatus> {
-    const installed = this.checkInstalled();
-
-    if (!installed) {
-      return {
-        installed,
-        provider: 'claude',
-        authenticated: false,
-        email: null,
-        method: null,
-        error: 'Claude Code CLI is not installed',
-      };
-    }
-
-    const credentials = await this.checkCredentials();
-
-    return {
-      installed,
-      provider: 'claude',
-      authenticated: credentials.authenticated,
-      email: credentials.authenticated ? credentials.email || 'Authenticated' : credentials.email,
-      method: credentials.method,
-      error: credentials.authenticated ? undefined : credentials.error || 'Not authenticated',
-    };
-  }
-
-  /**
-   * Reads Claude settings env values that the CLI can use even when the server process env is empty.
-   */
-  private async loadSettingsEnv(): Promise<Record<string, unknown>> {
-    try {
-      const settingsPath = path.join(os.homedir(), '.claude', 'settings.json');
-      const content = await readFile(settingsPath, 'utf8');
-      const settings = readObjectRecord(JSON.parse(content));
-      return readObjectRecord(settings?.env) ?? {};
-    } catch {
-      return {};
-    }
-  }
-
-  /**
-   * Checks Claude credentials in the same priority order used by Claude Code.
-   */
-  private async checkCredentials(): Promise<ClaudeCredentialsStatus> {
-    // Pixcode-UI-saved credentials win. Users who paste a key into our
-    // Settings > Agents form expect authenticated status immediately,
-    // regardless of env var timing.
-    try {
-      const creds = await getProviderCredentials('claude');
-      if (creds?.apiKey) {
-        const label = creds.baseUrl
-          ? `API Key · ${(() => { try { return new URL(creds.baseUrl).host; } catch { return creds.baseUrl; } })()}`
-          : 'API Key Auth';
-        return { authenticated: true, email: label, method: 'pixcode_store' };
-      }
-    } catch { /* fall through */ }
-
-    if (process.env.ANTHROPIC_API_KEY?.trim()) {
-      return { authenticated: true, email: 'API Key Auth', method: 'api_key' };
-    }
-
-    const settingsEnv = await this.loadSettingsEnv();
-    if (readOptionalString(settingsEnv.ANTHROPIC_API_KEY)) {
-      return { authenticated: true, email: 'API Key Auth', method: 'api_key' };
-    }
-
-    if (readOptionalString(settingsEnv.ANTHROPIC_AUTH_TOKEN)) {
-      return { authenticated: true, email: 'Configured via settings.json', method: 'api_key' };
-    }
-
-    try {
-      const credPath = path.join(os.homedir(), '.claude', '.credentials.json');
-      const content = await readFile(credPath, 'utf8');
-      const creds = readObjectRecord(JSON.parse(content)) ?? {};
-      const oauth = readObjectRecord(creds.claudeAiOauth);
-      const accessToken = readOptionalString(oauth?.accessToken);
-
-      if (accessToken) {
-        const expiresAt = typeof oauth?.expiresAt === 'number' ? oauth.expiresAt : undefined;
-        const email = readOptionalString(creds.email) ?? readOptionalString(creds.user) ?? null;
-        if (!expiresAt || Date.now() < expiresAt) {
-          return {
-            authenticated: true,
-            email,
-            method: 'credentials_file',
-          };
-        }
-
-        return {
-          authenticated: false,
-          email,
-          method: 'credentials_file',
-          error: 'OAuth token has expired. Please re-authenticate with claude login',
-        };
-      }
-
-      return { authenticated: false, email: null, method: null };
-    } catch {
-      return { authenticated: false, email: null, method: null };
-    }
-  }
-}
+import { readFile } from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
+
+import spawn from 'cross-spawn';
+
+import type { IProviderAuth } from '@/shared/interfaces.js';
+import type { ProviderAuthStatus } from '@/shared/types.js';
+import { readObjectRecord, readOptionalString } from '@/shared/utils.js';
+// eslint-disable-next-line @typescript-eslint/ban-ts-comment
+// @ts-ignore — plain-JS module
+import { getProviderCredentials } from '@/services/provider-credentials.js';
+
+type ClaudeCredentialsStatus = {
+  authenticated: boolean;
+  email: string | null;
+  method: string | null;
+  error?: string;
+};
+
+export class ClaudeProviderAuth implements IProviderAuth {
+  /**
+   * Checks whether the Claude Code CLI is available on this host.
+   *
+   * NOTE: `cross-spawn.sync` does NOT throw on ENOENT — it returns a result
+   * object with `error` populated. The try/catch alone was always returning
+   * true and every provider appeared "installed". We now require both
+   * `!result.error` and a numeric exit status (0 for `--version`) before
+   * trusting the install.
+   */
+  private checkInstalled(): boolean {
+    const cliPath = process.env.CLAUDE_CLI_PATH || 'claude';
+    try {
+      const result = spawn.sync(cliPath, ['--version'], { stdio: 'ignore', timeout: 5000 });
+      return !result.error && result.status === 0;
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Returns Claude installation and credential status using Claude Code's auth priority.
+   */
+  async getStatus(): Promise<ProviderAuthStatus> {
+    const installed = this.checkInstalled();
+
+    if (!installed) {
+      return {
+        installed,
+        provider: 'claude',
+        authenticated: false,
+        email: null,
+        method: null,
+        error: 'Claude Code CLI is not installed',
+      };
+    }
+
+    const credentials = await this.checkCredentials();
+
+    return {
+      installed,
+      provider: 'claude',
+      authenticated: credentials.authenticated,
+      email: credentials.authenticated ? credentials.email || 'Authenticated' : credentials.email,
+      method: credentials.method,
+      error: credentials.authenticated ? undefined : credentials.error || 'Not authenticated',
+    };
+  }
+
+  /**
+   * Reads Claude settings env values that the CLI can use even when the server process env is empty.
+   */
+  private async loadSettingsEnv(): Promise<Record<string, unknown>> {
+    try {
+      const settingsPath = path.join(os.homedir(), '.claude', 'settings.json');
+      const content = await readFile(settingsPath, 'utf8');
+      const settings = readObjectRecord(JSON.parse(content));
+      return readObjectRecord(settings?.env) ?? {};
+    } catch {
+      return {};
+    }
+  }
+
+  /**
+   * Checks Claude credentials in the same priority order used by Claude Code.
+   */
+  private async checkCredentials(): Promise<ClaudeCredentialsStatus> {
+    // Pixcode-UI-saved credentials win. Users who paste a key into our
+    // Settings > Agents form expect authenticated status immediately,
+    // regardless of env var timing.
+    try {
+      const creds = await getProviderCredentials('claude');
+      if (creds?.apiKey) {
+        const label = creds.baseUrl
+          ? `API Key · ${(() => { try { return new URL(creds.baseUrl).host; } catch { return creds.baseUrl; } })()}`
+          : 'API Key Auth';
+        return { authenticated: true, email: label, method: 'pixcode_store' };
+      }
+    } catch { /* fall through */ }
+
+    if (process.env.ANTHROPIC_API_KEY?.trim()) {
+      return { authenticated: true, email: 'API Key Auth', method: 'api_key' };
+    }
+
+    const settingsEnv = await this.loadSettingsEnv();
+    if (readOptionalString(settingsEnv.ANTHROPIC_API_KEY)) {
+      return { authenticated: true, email: 'API Key Auth', method: 'api_key' };
+    }
+
+    if (readOptionalString(settingsEnv.ANTHROPIC_AUTH_TOKEN)) {
+      return { authenticated: true, email: 'Configured via settings.json', method: 'api_key' };
+    }
+
+    try {
+      const credPath = path.join(os.homedir(), '.claude', '.credentials.json');
+      const content = await readFile(credPath, 'utf8');
+      const creds = readObjectRecord(JSON.parse(content)) ?? {};
+      const oauth = readObjectRecord(creds.claudeAiOauth);
+      const accessToken = readOptionalString(oauth?.accessToken);
+
+      if (accessToken) {
+        const expiresAt = typeof oauth?.expiresAt === 'number' ? oauth.expiresAt : undefined;
+        const email = readOptionalString(creds.email) ?? readOptionalString(creds.user) ?? null;
+        if (!expiresAt || Date.now() < expiresAt) {
+          return {
+            authenticated: true,
+            email,
+            method: 'credentials_file',
+          };
+        }
+
+        return {
+          authenticated: false,
+          email,
+          method: 'credentials_file',
+          error: 'OAuth token has expired. Please re-authenticate with claude login',
+        };
+      }
+
+      return { authenticated: false, email: null, method: null };
+    } catch {
+      return { authenticated: false, email: null, method: null };
+    }
+  }
+}