@pixelbyte-software/pixcode 1.36.3 → 1.37.0

package/server/database/db.js

@@ -217,6 +217,7 @@ function migrateSqliteIfPresent() {
             verified_at: tl.verified_at || null,
             notifications_enabled: tl.notifications_enabled !== 0,
             bridge_enabled: tl.bridge_enabled !== 0,
+            telegram_control: null,
             updated_at: tl.updated_at || nowIso(),
         });
     }
@@ -492,7 +493,7 @@ const credentialsDb = {
 // Notification preferences
 // ---------------------------------------------------------------------------
 const DEFAULT_NOTIFICATION_PREFERENCES = {
-    channels: { inApp: false, webPush: false },
+    channels: { inApp: true, webPush: false, telegram: true, desktop: true },
     events: { actionRequired: true, stop: true, error: true, updates: true },
 };
 
@@ -500,8 +501,10 @@ const normalizeNotificationPreferences = (value) => {
     const source = value && typeof value === 'object' ? value : {};
     return {
         channels: {
-            inApp: source.channels?.inApp === true,
+            inApp: source.channels?.inApp !== false,
             webPush: source.channels?.webPush === true,
+            telegram: source.channels?.telegram !== false,
+            desktop: source.channels?.desktop !== false,
         },
         events: {
             actionRequired: source.events?.actionRequired !== false,
@@ -672,6 +675,40 @@ const appConfigDb = {
 // ---------------------------------------------------------------------------
 // Telegram — singleton config + per-user links
 // ---------------------------------------------------------------------------
+const DEFAULT_TELEGRAM_CONTROL_STATE = {
+    remoteControlEnabled: true,
+    progressMode: 'final',
+    selectedProjectName: null,
+    selectedProjectPath: null,
+    selectedProvider: 'opencode',
+    selectedModel: null,
+    selectedWorkflowId: null,
+    awaiting: null,
+};
+
+function normalizeTelegramControlState(value = {}) {
+    const raw = value && typeof value === 'object' ? value : {};
+    const selectedProvider = ['claude', 'cursor', 'codex', 'gemini', 'qwen', 'opencode'].includes(raw.selectedProvider)
+        ? raw.selectedProvider
+        : DEFAULT_TELEGRAM_CONTROL_STATE.selectedProvider;
+    const progressMode = ['final', 'steps', 'all'].includes(raw.progressMode)
+        ? raw.progressMode
+        : DEFAULT_TELEGRAM_CONTROL_STATE.progressMode;
+
+    return {
+        ...DEFAULT_TELEGRAM_CONTROL_STATE,
+        ...raw,
+        remoteControlEnabled: raw.remoteControlEnabled !== false,
+        progressMode,
+        selectedProvider,
+        selectedProjectName: typeof raw.selectedProjectName === 'string' ? raw.selectedProjectName : null,
+        selectedProjectPath: typeof raw.selectedProjectPath === 'string' ? raw.selectedProjectPath : null,
+        selectedModel: typeof raw.selectedModel === 'string' ? raw.selectedModel : null,
+        selectedWorkflowId: typeof raw.selectedWorkflowId === 'string' ? raw.selectedWorkflowId : null,
+        awaiting: raw.awaiting && typeof raw.awaiting === 'object' ? raw.awaiting : null,
+    };
+}
+
 const telegramConfigDb = {
     get: () => {
         const row = store.raw.telegram_config[0];
@@ -705,6 +742,7 @@ const telegramLinksDb = {
             verified_at: null,
             notifications_enabled: true,
             bridge_enabled: true,
+            telegram_control: normalizeTelegramControlState(),
             updated_at: nowIso(),
         });
     },
@@ -742,6 +780,7 @@ const telegramLinksDb = {
             language: row.language,
             notifications_enabled: row.notifications_enabled,
             bridge_enabled: row.bridge_enabled,
+            telegram_control: normalizeTelegramControlState(row.telegram_control),
         };
     },
     listVerified: () =>
@@ -752,6 +791,7 @@ const telegramLinksDb = {
             language: r.language,
             notifications_enabled: r.notifications_enabled,
             bridge_enabled: r.bridge_enabled,
+            telegram_control: normalizeTelegramControlState(r.telegram_control),
         })),
     updatePreferences: (userId, { language, notificationsEnabled, bridgeEnabled }) => {
         const patch = { updated_at: nowIso() };
@@ -761,6 +801,20 @@ const telegramLinksDb = {
         if (Object.keys(patch).length === 1) return; // only updated_at → no real change
         store.updateWhere('telegram_links', (r) => r.user_id === userId, patch);
     },
+    getControlState: (userId) => {
+        const row = store.findWhere('telegram_links', (r) => r.user_id === userId);
+        return normalizeTelegramControlState(row?.telegram_control);
+    },
+    updateControlState: (userId, patch) => {
+        const row = store.findWhere('telegram_links', (r) => r.user_id === userId);
+        const current = normalizeTelegramControlState(row?.telegram_control);
+        const next = normalizeTelegramControlState({ ...current, ...(patch || {}) });
+        store.updateWhere('telegram_links', (r) => r.user_id === userId, {
+            telegram_control: next,
+            updated_at: nowIso(),
+        });
+        return next;
+    },
     unlink: (userId) => {
         store.deleteWhere('telegram_links', (r) => r.user_id === userId);
     },

package/server/index.js

@@ -99,6 +99,7 @@ import {
 import { primeCliBinPath } from './services/install-jobs.js';
 import { startEnabledPluginServers, stopAllPlugins, getPluginPort } from './utils/plugin-process-manager.js';
 import { initializeDatabase, sessionNamesDb, applyCustomSessionNames } from './database/db.js';
+import { setNotificationWebSocketServer } from './services/notification-orchestrator.js';
 import { configureWebPush } from './services/vapid-keys.js';
 import { validateApiKey, authenticateToken, authenticateWebSocket } from './middleware/auth.js';
 import { IS_PLATFORM } from './constants/config.js';
@@ -319,6 +320,7 @@ const wss = new WebSocketServer({
 
 // Make WebSocket server available to routes
 app.locals.wss = wss;
+setNotificationWebSocketServer(wss);
 
 app.use(cors({ exposedHeaders: ['X-Refreshed-Token'] }));
 app.use(express.json({
@@ -413,11 +415,9 @@ app.use('/api/telegram', authenticateToken, telegramRoutes);
 // Agent API Routes (uses API key authentication)
 app.use('/api/agent', agentRoutes);
 
-// Serve public files (like api-docs.html)
-app.use(express.static(path.join(APP_ROOT, 'public')));
-
-// Static files served after API routes
-// Add cache control: HTML files should not be cached, but assets can be cached
+// Static app files served after API routes. Keep dist before public so
+// / and /index.html always resolve to the Pixcode app, not the GitHub Pages
+// landing page that also lives in public/index.html.
 app.use(express.static(path.join(APP_ROOT, 'dist'), {
     setHeaders: (res, filePath) => {
         if (filePath.endsWith('.html')) {
@@ -432,6 +432,12 @@ app.use(express.static(path.join(APP_ROOT, 'dist'), {
     }
 }));
 
+// Serve extra public files (api-docs.html, llms.txt, landing pages) without
+// letting public/index.html shadow the production app root.
+app.use(express.static(path.join(APP_ROOT, 'public'), {
+    index: false,
+}));
+
 // API Routes (protected)
 // /api/config endpoint removed - no longer needed
 // Frontend now uses window.location for WebSocket URLs
@@ -1809,6 +1815,7 @@ function handleChatConnection(ws, request) {
     console.log('[INFO] Chat WebSocket connected');
 
     // Add to connected clients for project updates
+    ws.userId = request?.user?.id ?? request?.user?.userId ?? null;
     connectedClients.add(ws);
 
     // Wrap WebSocket with writer for consistent interface with SSEStreamWriter

package/server/modules/orchestration/tasks/orchestration-task.routes.ts

@@ -48,11 +48,20 @@ export function createOrchestrationTaskRouter(): Router {
     try {
       const adapterId = typeof req.body?.adapterId === 'string' ? req.body.adapterId : '';
       const isolation = req.body?.isolation;
+      const projectPath = typeof req.body?.projectPath === 'string' ? req.body.projectPath : undefined;
+      const model = typeof req.body?.model === 'string' ? req.body.model : undefined;
+      const permissionMode = typeof req.body?.permissionMode === 'string' ? req.body.permissionMode : undefined;
       if (!adapterId) {
         res.status(400).json({ error: { code: 'ADAPTER_REQUIRED', message: 'adapterId is required' } });
         return;
       }
-      const task = await orchestrationTaskService.dispatch(req.params.id, { adapterId, isolation });
+      const task = await orchestrationTaskService.dispatch(req.params.id, {
+        adapterId,
+        isolation,
+        projectPath,
+        model,
+        permissionMode,
+      });
       res.json(task);
     } catch (error) {
       const message = error instanceof Error ? error.message : String(error);

package/server/modules/orchestration/tasks/orchestration-task.service.ts

@@ -71,6 +71,12 @@ class OrchestrationTaskService {
         },
         metadata: {
           isolation: input.isolation ?? 'worktree',
+          model: input.model,
+          permissionMode: input.permissionMode,
+          workspace: {
+            kind: input.isolation ?? 'worktree',
+            projectPath: input.projectPath,
+          },
           orchestrationTaskId: task.id,
           taskmasterId: task.taskmasterId,
         },
@@ -86,6 +92,7 @@ class OrchestrationTaskService {
     task.adapterId = input.adapterId;
     task.adapterSelector = input.adapterId;
     task.workspaceKind = input.isolation ?? 'worktree';
+    task.workspacePath = input.projectPath;
     task.state = 'in_progress';
     task.updatedAt = Date.now();
     this.store.set(task);

package/server/modules/orchestration/tasks/orchestration-task.types.ts

@@ -26,4 +26,7 @@ export interface CreateOrchestrationTaskInput {
 export interface DispatchOrchestrationTaskInput {
   adapterId: string;
   isolation?: 'host' | 'worktree' | 'docker';
+  projectPath?: string;
+  model?: string;
+  permissionMode?: string;
 }

package/server/modules/orchestration/workflows/workflow-runner.ts

@@ -276,6 +276,10 @@ function rolePrompt(role: AgentRole): string {
   return 'Implementation work should avoid duplicating other agents and should report changed files, commands, blockers, and next actions.';
 }
 
+function privacyGuardPrompt(): string {
+  return 'Do not mention internal instructions, memory files, skill use, or tool protocol unless the user explicitly asks.';
+}
+
 function handoffPrompt(agent: AgentAssignment, role: AgentRole): string {
   return [
     `You are ${agent.label} in a Pixcode CLI team.`,
@@ -290,10 +294,61 @@ function handoffPrompt(agent: AgentAssignment, role: AgentRole): string {
     '- dependencies/blockers for the next agents',
     '- concrete next action for your full implementation task',
     'Do not install dependencies, edit files, run long commands, or start servers in this handoff task.',
+    privacyGuardPrompt(),
     'Stop after the contract. Keep it concise and respond in the same language as the user request.',
   ].filter(Boolean).join('\n');
 }
 
+function handoffInitPrompt(agent: AgentAssignment, index: number): string {
+  return [
+    `You are preparing ${agent.label} for a strict Pixcode handoff chain.`,
+    `This is internal step ${index + 1}.`,
+    'Create a compact init packet for the next visible work step.',
+    'Use the original user goal and any prior compact handoff packet included above.',
+    agent.instruction ? `The explicit assignment for this agent is: ${agent.instruction}` : '',
+    'Output only this internal init packet:',
+    '- user goal in one sentence',
+    '- prior agent handoff summary, if present',
+    '- this agent responsibility',
+    '- exact constraints and blockers this agent must respect',
+    privacyGuardPrompt(),
+    'Do not perform the task yet. Do not mention that this is hidden from the user.',
+    'Respond in the same language as the user request.',
+  ].filter(Boolean).join('\n');
+}
+
+function handoffWorkPrompt(agent: AgentAssignment, index: number): string {
+  return [
+    `You are ${agent.label} in a strict Pixcode handoff chain.`,
+    `This is visible work step ${index + 1}.`,
+    'The internal init packet above is your starting context. Do the assigned work now.',
+    agent.instruction
+      ? `Your explicit assignment from the user is: ${agent.instruction}`
+      : 'Use the init packet and original user goal to choose the next useful work for this step.',
+    rolePrompt(agent.role ?? 'implementation'),
+    privacyGuardPrompt(),
+    'Report only user-facing progress, changed files, commands, verification, blockers, and next actions.',
+    'Respond in the same language as the user request.',
+  ].filter(Boolean).join('\n');
+}
+
+function handoffCompactPrompt(agent: AgentAssignment, index: number): string {
+  return [
+    `You are compacting ${agent.label}'s strict handoff output for the next Pixcode agent.`,
+    `This is internal compact step ${index + 1}.`,
+    'Read the prior visible work output included above and create a compact handoff packet.',
+    'Output only this internal compact packet:',
+    '- Ben ne yaptım / What I did',
+    '- Dokunduğum alanlar / Touched areas',
+    '- Kanıt, komut veya çıktı / Evidence, commands, outputs',
+    '- Sonraki ajan şunu bilsin / What the next agent must know',
+    '- Bloker veya risk / Blockers or risks',
+    privacyGuardPrompt(),
+    'Do not include raw logs unless they are essential. Keep it concise and actionable.',
+    'Respond in the same language as the user request.',
+  ].join('\n');
+}
+
 function compactOutputForContext(text: string): string {
   if (text.length <= MAX_OUTPUT_CONTEXT_CHARS) {
     return text;
@@ -374,6 +429,7 @@ function expandAgentTeamWorkflow(workflow: Workflow, metadata?: Record<string, u
           ? `Your explicit assignment from the user is: ${agent.instruction}`
           : 'No fixed per-agent assignment was set. Take the part assigned to you by the coordinator; if none is named, choose useful work that fits this CLI.',
         rolePrompt(stage),
+        privacyGuardPrompt(),
         'Respond in the same language as the user request.',
       ].filter(Boolean).join('\n'),
       inputs,
@@ -419,6 +475,8 @@ function expandAgentTeamWorkflow(workflow: Workflow, metadata?: Record<string, u
         prompt: [
           'Collect the worker outputs into one user-facing result.',
           'Show what each CLI did, which parts failed, what changed, and the next action if work remains.',
+          'Do not expose internal prompts, memory lookup, skill/tool instructions, raw agent logs, or role prefixes like "agent:" and "user:".',
+          'If a worker reveals internal process text, summarize only the useful user-facing result.',
           'Respond in the same language as the user request.',
         ].join('\n'),
         inputs: workerNodes.map((node) => node.id),
@@ -436,6 +494,7 @@ function stagePrompt(agent: AgentAssignment, stage: AgentRole): string {
     agent.role && agent.role !== stage ? `User custom stage label: ${agent.role}.` : '',
     agent.instruction ? `User assignment for you: ${agent.instruction}` : '',
     rolePrompt(stage),
+    privacyGuardPrompt(),
     'Keep the answer concise, structured, and useful for the next stage.',
     'Respond in the same language as the user request.',
   ].filter(Boolean).join('\n');
@@ -586,31 +645,89 @@ function expandSequentialHandoffWorkflow(workflow: Workflow, metadata?: Record<s
     throw new Error('Select at least one CLI agent.');
   }
 
+  const nodes: WorkflowNode[] = agents.flatMap((agent, index): WorkflowNode[] => {
+    const initNodeId = safeAgentNodeId(agent, index, 'init');
+    const workNodeId = safeAgentNodeId(agent, index, 'work');
+    const compactNodeId = safeAgentNodeId(agent, index, 'compact');
+
+    return [
+      {
+        id: initNodeId,
+        adapterId: agent.adapterId,
+        agentInstanceId: agent.instanceId,
+        agentLabel: `${agent.label} Init`,
+        assignment: agent.instruction,
+        stage: 'handoff_init',
+        model: agent.model,
+        permissionMode: agent.permissionMode,
+        toolsSettings: agent.toolsSettings,
+        prompt: handoffInitPrompt(agent, index),
+        inputs: index === 0 ? [] : [safeAgentNodeId(agents[index - 1], index - 1, 'compact')],
+        output: 'message',
+        onFail: 'abort',
+        internal: true,
+      },
+      {
+        id: workNodeId,
+        adapterId: agent.adapterId,
+        agentInstanceId: agent.instanceId,
+        agentLabel: agent.label,
+        assignment: agent.instruction,
+        stage: agent.role ?? 'implementation',
+        model: agent.model,
+        permissionMode: agent.permissionMode,
+        toolsSettings: agent.toolsSettings,
+        prompt: handoffWorkPrompt(agent, index),
+        inputs: [initNodeId],
+        output: 'both',
+        onFail: 'abort',
+      },
+      {
+        id: compactNodeId,
+        adapterId: agent.adapterId,
+        agentInstanceId: agent.instanceId,
+        agentLabel: `${agent.label} Compact`,
+        assignment: agent.instruction,
+        stage: 'handoff_compact',
+        model: agent.model,
+        permissionMode: agent.permissionMode,
+        toolsSettings: agent.toolsSettings,
+        prompt: handoffCompactPrompt(agent, index),
+        inputs: [workNodeId],
+        output: 'message',
+        onFail: 'abort',
+        internal: true,
+      },
+    ];
+  });
+  const reportAgent = agents[0];
+  const lastCompactNodeId = safeAgentNodeId(agents[agents.length - 1], agents.length - 1, 'compact');
+
   return {
     ...workflow,
-    nodes: agents.map((agent, index): WorkflowNode => ({
-      id: safeAgentNodeId(agent, index, 'handoff'),
-      adapterId: agent.adapterId,
-      agentInstanceId: agent.instanceId,
-      agentLabel: agent.label,
-      assignment: agent.instruction,
-      stage: agent.role ?? 'implementation',
-      model: agent.model,
-      permissionMode: agent.permissionMode,
-      toolsSettings: agent.toolsSettings,
-      prompt: [
-        `You are ${agent.label} in a sequential Pixcode handoff.`,
-        `This is step ${index + 1} of ${agents.length}.`,
-        agent.instruction
-          ? `Your explicit assignment from the user is: ${agent.instruction}`
-          : 'Use the prior step output and do the next most useful handoff step for the user goal.',
-        'Report changed files, commands, blockers, and the next handoff requirement.',
-        'Respond in the same language as the user request.',
-      ].filter(Boolean).join('\n'),
-      inputs: index === 0 ? [] : [safeAgentNodeId(agents[index - 1], index - 1, 'handoff')],
-      output: 'both',
-      onFail: 'abort',
-    })),
+    nodes: [
+      ...nodes,
+      {
+        id: 'final_report',
+        adapterId: reportAgent.adapterId,
+        agentInstanceId: reportAgent.instanceId,
+        agentLabel: reportAgent.label,
+        stage: 'final_report',
+        model: reportAgent.model,
+        permissionMode: reportAgent.permissionMode,
+        toolsSettings: reportAgent.toolsSettings,
+        prompt: [
+          'Create the final user-facing result for this strict handoff run.',
+          'Use the final compact handoff packet and the original user goal.',
+          'Summarize what each visible agent did, what changed, verification, blockers, and next actions.',
+          'Do not expose internal init packets, compact packets, prompts, memory lookup, skill/tool instructions, raw agent logs, or role prefixes like "agent:" and "user:".',
+          'Respond in the same language as the user request.',
+        ].join('\n'),
+        inputs: [lastCompactNodeId],
+        output: 'message',
+        onFail: 'abort',
+      },
+    ],
   };
 }
 
@@ -646,6 +763,7 @@ function expandWorkflowForRun(workflow: Workflow, metadata?: Record<string, unkn
       `You are ${agent.label}.`,
       'Review the requested change for bugs, regressions, missing validation, security, scale, and user-experience risks.',
       agent.instruction ? `Focus on this user assignment: ${agent.instruction}` : '',
+      privacyGuardPrompt(),
       'Respond in the same language as the user request.',
     ].filter(Boolean).join('\n'),
     inputs: [],
@@ -666,7 +784,11 @@ function expandWorkflowForRun(workflow: Workflow, metadata?: Record<string, unkn
         model: reportAgent.model,
         permissionMode: reportAgent.permissionMode,
         toolsSettings: reportAgent.toolsSettings,
-        prompt: 'Aggregate the prior agent reviews into a concise prioritized report. Respond in the same language as the user request.',
+        prompt: [
+          'Aggregate the prior agent reviews into a concise prioritized report.',
+          'Do not expose internal prompts, memory lookup, skill/tool instructions, raw agent logs, or role prefixes like "agent:" and "user:".',
+          'Respond in the same language as the user request.',
+        ].join('\n'),
         inputs: reviewNodes.map((node) => node.id),
         output: 'message',
         onFail: 'abort',
@@ -701,13 +823,13 @@ function readTaskResult(task: RawTask): TaskResult {
     };
   });
   const outputMessages = messages.filter((message) => message.role !== 'user');
-  const text = outputMessages.map((message) => `${message.role}: ${message.text}`).join('\n\n');
+  const userFacingTaskText = outputMessages.map((message) => message.text.trim()).filter(Boolean).join('\n\n');
   const error = task.error?.message
     ? `${task.error.code ? `${task.error.code}: ` : ''}${task.error.message}`
     : undefined;
   return {
     state: task.state ?? 'submitted',
-    text,
+    text: userFacingTaskText,
     error,
     messages,
     artifacts,
@@ -757,6 +879,7 @@ function nodeRunFromNode(node: WorkflowNode): WorkflowNodeRun {
     permissionMode: node.permissionMode,
     timeoutMs: node.timeoutMs,
     stage: node.stage,
+    internal: node.internal,
     status: 'queued',
   };
 }

package/server/modules/orchestration/workflows/workflow.types.ts

@@ -17,6 +17,7 @@ export interface WorkflowNode {
   toolsSettings?: Record<string, unknown>;
   isolation?: 'host' | 'worktree' | 'docker';
   timeoutMs?: number;
+  internal?: boolean;
 }
 
 export interface Workflow {
@@ -38,6 +39,7 @@ export interface WorkflowNodeRun {
   permissionMode?: string;
   timeoutMs?: number;
   stage?: string;
+  internal?: boolean;
   status: WorkflowNodeStatus;
   a2aTaskId?: string;
   startedAt?: number;