@simonyea/holysheep-cli 2.1.13 → 2.1.14

package/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@simonyea/holysheep-cli",
-  "version": "2.1.13",
+  "version": "2.1.14",
   "description": "Claude Code/Cursor/Cline API relay for China — ¥1=$1, WeChat/Alipay payment, no credit card, no VPN. One command setup for all AI coding tools.",
   "scripts": {
-    "test": "node tests/droid.test.js && node tests/workspace-store.test.js && node tests/runtime-stale-upgrade.test.js",
+    "test": "node tests/droid.test.js && node tests/workspace-store.test.js && node tests/runtime-stale-upgrade.test.js && node tests/hermes.test.js",
     "prepublishOnly": "node scripts/check-tarball-size.js"
   },
   "keywords": [

package/src/commands/balance.js

@@ -15,9 +15,10 @@ async function balance() {
   const spinner = ora('获取账户信息...').start()
   try {
     const fetch = require('node-fetch')
-    // shop 的 /api/stats/overview 需要 JWT，这里通过 /internal 接口查余额
-    // 或者通过 shop API 查询
-    const res = await fetch(`${SHOP_URL}/api/stats/overview`, {
+    // Use the canonical www host directly. `${SHOP_URL}` returns a 301 redirect,
+    // and node-fetch drops the Authorization header on cross-origin redirects,
+    // which surfaced as "HTTP 404" on every `hs balance` call (2.1.13 bug).
+    const res = await fetch('https://www.holysheep.ai/api/stats/overview', {
       headers: { 'Authorization': `Bearer ${apiKey}` },
       timeout: 8000,
     })

package/src/commands/webui.js

@@ -138,8 +138,14 @@ function probeAionUiRuntimeLabel() {
       isVersionCurrent,
     } = require('../webui/aionui-runtime-fetcher')
 
-    const forkDir = path.resolve(__dirname, '..', '..', 'aionui-fork')
-    if (isValidRuntimeDir(forkDir)) return 'aionui-fork'
+    // aionui-fork/ label only appears when dev opted-in via HOLYSHEEP_DEV=1 —
+    // must match the resolver gating in aionui-runtime-fetcher.js, otherwise
+    // the status line would lie ("runtime=aionui-fork" when the actual resolver
+    // is about to return user-cache).
+    if (process.env.HOLYSHEEP_DEV === '1') {
+      const forkDir = path.resolve(__dirname, '..', '..', 'aionui-fork')
+      if (isValidRuntimeDir(forkDir)) return 'aionui-fork'
+    }
     if (isValidRuntimeDir(VENDOR_DIR)) return 'vendor'
     if (isValidRuntimeDir(USER_CACHE_DIR)) {
       return isVersionCurrent(USER_CACHE_DIR) ? 'installed' : 'installed-stale'
@@ -464,14 +470,33 @@ async function startAionUiMode(opts) {
 
   console.log(chalk.cyan(`▶ Starting AionUi v1.9.18 (HolySheep fork, source: ${runtime.source})`))
 
-  // 3. Spawn server on the user-visible port directly — no proxy wrapper
+  // 3. Spawn AionUi on an internal loopback port and wrap it with
+  // `aionui-wrapper.js` which listens on the user-visible port. This is the
+  // critical architectural piece that makes `/api/holysheep/balance`,
+  // `/api/holysheep/tools`, `/api/holysheep/setup`, etc. actually reachable
+  // from the browser: the wrapper in-process dispatches those routes to
+  // `src/webui/server.js`'s exported handlers, and proxies everything else
+  // (including /login, /api/auth/*, WebSocket /ws) to AionUi.
+  //
+  // Before 2.1.14 hs web spawned AionUi directly on :9876 and the wrapper
+  // was dead code — so the Dashboard couldn't fetch balance/tools at all.
+  const { startWrapper } = require('../webui/aionui-wrapper')
+
+  // Pick an internal port. We rely on the wrapper's own picker to avoid
+  // duplicating logic, but we need to know the public port upfront for the
+  // user-visible URL message.
+  let wrapper
   let aionuiProc
   try {
-    aionuiProc = await spawnAionUiServer({ bunPath, runtimeDir: runtime.dir, port })
+    wrapper = await startWrapper({
+      port,                 // user-visible port (default 9876)
+      runtimeDir: runtime.dir,
+      runtimeVersion: runtime.version,
+      runtimeSource: runtime.source,
+      bunPath,
+    })
+    aionuiProc = wrapper.aionui
   } catch (e) {
-    // `e.message` may now be multi-line (includes bun/AionUi stderr tail).
-    // Print the first line in red (the reason), then any extra lines verbatim
-    // so the user can see the real bun/AionUi error and paste it back to us.
     const [firstLine, ...rest] = String(e.message).split(/\r?\n/)
     console.log(chalk.red(`✗ AionUi server failed to start: ${firstLine}`))
     for (const line of rest) {
@@ -487,13 +512,16 @@ async function startAionUiMode(opts) {
   }
 
   const baseUrl = `http://127.0.0.1:${port}`
+  const internalPort = wrapper.internalPort
 
-  // 4. Auto-login via HolySheep API key if available
+  // 4. Auto-login via HolySheep API key if available — talks to the INTERNAL
+  // AionUi port (bypasses the wrapper's rate limits / middleware), because
+  // this is just a cookie-warmer for the browser launch URL.
   const apiKey = readHolySheepApiKey()
   let launchUrl = baseUrl
   if (apiKey) {
     try {
-      const { cookieLine } = await loginWithApiKey(port, apiKey)
+      const { cookieLine } = await loginWithApiKey(internalPort, apiKey)
       // We can't programmatically seed the browser with cookies easily. Best UX:
       //   - AionUi /login already set the cookie in our HTTP client, not the browser
       //   - We ask user to paste key once in UI, OR we display a one-shot magic link

package/src/tools/codex.js

@@ -160,10 +160,38 @@ function writeJsonConfigIfNeeded(apiKey, baseUrlOpenAI, model) {
 /**
  * 清除 auth.json 中的 ChatGPT OAuth 认证，避免干扰 holysheep provider
  * Codex RS bug: auth_mode=chatgpt 时 OAuth token 会覆盖自定义 provider 的 api_key
+ *
+ * Windows: Defender occasionally holds an open handle to auth.json during the
+ * first post-install scan, so an immediate `unlinkSync` returns EBUSY. Retry
+ * up to 5 times with a short backoff. On non-Windows a single pass suffices.
  */
 function neutralizeAuthJson() {
-  // 直接删除 auth.json，避免干扰 config.toml 的 http_headers 认证
-  try { fs.unlinkSync(AUTH_FILE) } catch {}
+  const MAX_ATTEMPTS = process.platform === 'win32' ? 5 : 1
+  for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
+    try {
+      fs.unlinkSync(AUTH_FILE)
+      return
+    } catch (e) {
+      if (e && e.code === 'ENOENT') return // already gone — success
+      if (attempt === MAX_ATTEMPTS) {
+        // Last try failed — on Windows fall back to truncating the file to
+        // an empty JSON object. Codex RS treats `{}` as "no chatgpt session",
+        // so the config.toml's `http_headers.Authorization` takes over.
+        try { fs.writeFileSync(AUTH_FILE, '{}\n', 'utf8') } catch {}
+        return
+      }
+      // Sleep ~200ms via a synchronous shell command. We avoid pulling in a
+      // new dep or using Atomics.wait here to keep the tool footprint small.
+      try {
+        require('child_process').execSync(
+          process.platform === 'win32'
+            ? 'powershell -NoProfile -Command "Start-Sleep -Milliseconds 200"'
+            : 'sleep 0.2',
+          { stdio: 'ignore' }
+        )
+      } catch {}
+    }
+  }
 }
 
 module.exports = {

package/src/tools/droid.js

@@ -20,6 +20,21 @@ const CONFIG_DIR = path.join(os.homedir(), '.factory')
 const SETTINGS_FILE = path.join(CONFIG_DIR, 'settings.json')
 const LEGACY_CONFIG_FILE = path.join(CONFIG_DIR, 'config.json')
 
+// Platform-specific install command. Windows previously read the macOS-only
+// `brew install --cask droid` which always fails on fresh Win10/11 boxes —
+// users reported this explicitly in 2.1.12/13. Factory ships an official
+// winget package; Linux gets the official shell installer. macOS keeps brew.
+function installCmdForPlatform() {
+  if (process.platform === 'win32') {
+    return 'winget install --id Factory.Droid -e --accept-source-agreements --accept-package-agreements'
+  }
+  if (process.platform === 'darwin') {
+    return 'brew install --cask droid'
+  }
+  // Linux — Factory's official installer supports Linux amd64/arm64.
+  return 'curl -fsSL https://app.factory.ai/install.sh | bash'
+}
+
 const DEFAULT_MODELS = [
   {
     model: 'gpt-5.4',
@@ -173,6 +188,21 @@ module.exports = {
     legacy.logoAnimation = 'off'
     writeLegacyConfig(legacy)
 
+    // Windows: also write FACTORY_API_KEY to user env via setx so a freshly
+    // opened PowerShell / cmd.exe picks it up without requiring the user to
+    // manually edit env vars. Non-Windows shells don't need this because the
+    // config.json → settings.json path already wires the key through Factory's
+    // own auth resolution.
+    if (process.platform === 'win32') {
+      try {
+        const { execSync } = require('child_process')
+        execSync(`setx FACTORY_API_KEY "${apiKey}"`, { stdio: 'ignore', timeout: 10000 })
+      } catch {
+        // setx can fail in locked-down corp images; best-effort only.
+        // The settings.json / config.json path still works inside Droid CLI itself.
+      }
+    }
+
     return {
       file: SETTINGS_FILE,
       hot: true,
@@ -194,6 +224,6 @@ module.exports = {
   getConfigPath() { return SETTINGS_FILE },
   hint: '已写入 ~/.factory/settings.json；重启 Droid 后可见 HolySheep 模型列表',
   launchCmd: 'droid',
-  installCmd: 'brew install --cask droid',
+  installCmd: installCmdForPlatform(),
   docsUrl: 'https://docs.factory.ai/cli/getting-started/overview',
 }

package/src/tools/hermes.js

@@ -0,0 +1,157 @@
+/**
+ * Hermes Agent (Nous Research) 适配器
+ * Project: https://github.com/NousResearch/hermes-agent
+ *
+ * Hermes 是 Python 项目，上游推荐用 uv 安装：
+ *   curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash -s -- --skip-setup
+ *
+ * 配置文件：~/.hermes/config.toml（Python 的 TOML 风格）。我们注入一个
+ * [providers.holysheep] block 并把 default_provider 设成 holysheep，让
+ * `hermes` 启动后默认使用 HolySheep。
+ *
+ * 写 TOML 是侵入式操作，宁可保守：
+ *   1. 如果文件不存在，整个写一个最小可用的 HolySheep-only 配置。
+ *   2. 如果已存在，只替换 `[providers.holysheep]` 段和一个 `default_provider = "..."`
+ *      行，其余内容（用户自己加的 other providers / tools / memory 配置）原样保留。
+ *
+ * Windows：官方安装脚本（bash + uv）不支持原生 Windows。hs setup 里我们把
+ * `installCmd` 返回 manual 标记，引导用户到 WSL2。
+ */
+const fs = require('fs')
+const path = require('path')
+const os = require('os')
+const { commandExists } = require('../utils/which')
+
+const CONFIG_DIR = path.join(os.homedir(), '.hermes')
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.toml')
+
+const PROVIDER_SECTION_RE = /^\[providers\.holysheep\]\s*$([\s\S]*?)(?=^\[|\Z)/m
+const DEFAULT_PROVIDER_RE = /^default_provider\s*=\s*"[^"]*"\s*$/m
+
+function readConfig() {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      return fs.readFileSync(CONFIG_FILE, 'utf8')
+    }
+  } catch {}
+  return ''
+}
+
+function writeConfig(content) {
+  if (!fs.existsSync(CONFIG_DIR)) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 })
+  }
+  fs.writeFileSync(CONFIG_FILE, content, { encoding: 'utf8', mode: 0o600 })
+  if (process.platform !== 'win32') {
+    try { fs.chmodSync(CONFIG_FILE, 0o600) } catch {}
+  }
+}
+
+/** Build the [providers.holysheep] block + default_provider pointing at it. */
+function buildHolySheepBlock(apiKey, baseUrlOpenAI, primaryModel) {
+  const cleanBase = String(baseUrlOpenAI || 'https://api.holysheep.ai/v1').replace(/\/+$/, '')
+  const model = primaryModel || 'gpt-5.4'
+  return [
+    '[providers.holysheep]',
+    '# Managed by @simonyea/holysheep-cli. Do not edit by hand — run `hs setup`.',
+    'type = "openai"',
+    `base_url = "${cleanBase}"`,
+    `api_key = "${apiKey}"`,
+    `default_model = "${model}"`,
+    '',
+  ].join('\n')
+}
+
+/**
+ * Strip a previous HolySheep-managed block from the TOML content. Everything
+ * else the user wrote is preserved verbatim. Non-TOML-aware line splicing —
+ * the hermes config uses standard TOML sections which are blank-line separated,
+ * so detecting a section header that starts with `[…]` is sufficient.
+ */
+function stripExisting(content) {
+  const lines = content.replace(/\r\n/g, '\n').split('\n')
+  const out = []
+  let inBlock = false
+  for (const line of lines) {
+    if (/^\[providers\.holysheep\]\s*$/.test(line)) {
+      inBlock = true
+      continue
+    }
+    if (inBlock) {
+      if (/^\[[^\]]+\]\s*$/.test(line)) {
+        inBlock = false
+        out.push(line)
+        continue
+      }
+      continue
+    }
+    out.push(line)
+  }
+  return out.join('\n').replace(/\n{3,}/g, '\n\n').trim()
+}
+
+function mergeConfig(apiKey, baseUrlOpenAI, primaryModel) {
+  const existing = stripExisting(readConfig())
+  const block = buildHolySheepBlock(apiKey, baseUrlOpenAI, primaryModel)
+
+  // Replace an existing `default_provider` line, or insert one near the top.
+  let withDefault = existing
+  if (DEFAULT_PROVIDER_RE.test(withDefault)) {
+    withDefault = withDefault.replace(DEFAULT_PROVIDER_RE, 'default_provider = "holysheep"')
+  } else {
+    withDefault = `default_provider = "holysheep"\n` + withDefault
+  }
+
+  const final = [withDefault.trim(), '', block].filter(Boolean).join('\n')
+  return final.endsWith('\n') ? final : final + '\n'
+}
+
+function isConfiguredInToml(content) {
+  if (!content) return false
+  return /\[providers\.holysheep\]/.test(content) &&
+         /api\.holysheep\.ai/.test(content) &&
+         /api_key\s*=\s*"cr_/.test(content)
+}
+
+function installCmdForPlatform() {
+  if (process.platform === 'win32') {
+    return '' // handled as manual in server.js
+  }
+  return 'curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash -s -- --skip-setup'
+}
+
+module.exports = {
+  name: 'Hermes Agent',
+  id: 'hermes',
+  checkInstalled() {
+    return commandExists('hermes')
+  },
+  isConfigured() {
+    return isConfiguredInToml(readConfig())
+  },
+  configure(apiKey, _baseUrlAnthropic, baseUrlOpenAI, primaryModel /*, _selectedModels */) {
+    const merged = mergeConfig(apiKey, baseUrlOpenAI, primaryModel)
+    writeConfig(merged)
+    return {
+      file: CONFIG_FILE,
+      hot: true, // next `hermes` run picks up the TOML on load
+    }
+  },
+  reset() {
+    const existing = readConfig()
+    if (!existing) return
+    const stripped = stripExisting(existing).replace(DEFAULT_PROVIDER_RE, '').replace(/\n{3,}/g, '\n\n').trim()
+    writeConfig(stripped ? stripped + '\n' : '')
+  },
+  getConfigPath() { return CONFIG_FILE },
+  hint: process.platform === 'win32'
+    ? 'Hermes 官方安装脚本仅支持 macOS/Linux/WSL2，Windows 请先启用 WSL2。'
+    : '已写入 ~/.hermes/config.toml；运行 `hermes` 默认使用 HolySheep。',
+  launchCmd: 'hermes',
+  installCmd: installCmdForPlatform(),
+  docsUrl: 'https://hermes-agent.nousresearch.com/docs/',
+  // Internal helpers — re-exported for tests / inspection.
+  _stripExisting: stripExisting,
+  _mergeConfig: mergeConfig,
+  _buildHolySheepBlock: buildHolySheepBlock,
+}

package/src/tools/index.js

@@ -7,5 +7,7 @@ module.exports = [
   require('./droid'),
   require('./opencode'),
   require('./openclaw'),
+  // 2.1.14: Hermes Agent (Nous Research) — Python/uv based, macOS/Linux/WSL2 only.
+  require('./hermes'),
   require('./env-config'),
 ]

package/src/webui/aionui-runtime-fetcher.js

@@ -8,9 +8,14 @@
  *      cache is atomically replaced with the current version on next launch.
  *   2. <cli>/src/webui/vendor/aionui/  (dev checkout — not shipped to npm,
  *      no version gate)
- *   3. <cli>/../aionui-fork/  (dev repo checkout — not shipped to npm,
- *      no version gate; lets local `bun run build` take precedence over
- *      any cached runtime when you're iterating on the fork)
+ *   3. <cli>/../aionui-fork/  (ONLY when `HOLYSHEEP_DEV=1` is set — when you
+ *      are actively iterating on the fork and want `bun run build` to take
+ *      precedence over any cached runtime). OFF BY DEFAULT so that even
+ *      when the CLI is run from the source repo, it behaves exactly like a
+ *      user install (user-cache → download). This removed a massive
+ *      silent-drift risk: previously a dev commit that broke the fork would
+ *      silently ship to developers' `hs web` sessions but not to end users,
+ *      so bugs were invisible locally.
  *   4. DEFAULT_RUNTIME_URL + DEFAULT_RUNTIME_SHA256 (baked in; auto-download
  *      when --setup-runtime is passed OR when cache is stale). Users can
  *      override via env.
@@ -55,10 +60,10 @@ const VENDOR_DIR = path.join(__dirname, 'vendor', 'aionui')
 // new CLI release, the next `hs web` invocation on user machines will detect
 // the version drift and upgrade the cache in place.
 const DEFAULT_RUNTIME_URL =
-  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs9.tar.gz'
+  'https://mail.holysheep.ai/app/cli/aionui-runtime-v1.9.18-holysheep-hs10.tar.gz'
 const DEFAULT_RUNTIME_SHA256 =
-  '901a7a3beb6bbac1104ea0e4a6dc3aedaf24281cd8a0614c3087a53346fe788f'
-const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs9'
+  '45dfa23db819ea57f445a5db7652b0e4455d822e07f60458e6713c7d3a28baec'
+const DEFAULT_RUNTIME_VERSION = '1.9.18-holysheep-hs10'
 
 function isValidRuntimeDir(dir) {
   if (!dir) return false
@@ -194,13 +199,15 @@ async function resolveRuntime({ allowDownload = false, logger = () => {} } = {})
     return { dir: VENDOR_DIR, version: readVersion(VENDOR_DIR), source: 'vendor' }
   }
 
-  // 3. Dev repo aionui-fork/ (when running from the holysheep-cli source repo).
-  // No version gate: whoever is building the fork locally is on the bleeding
-  // edge by definition; comparing against DEFAULT_RUNTIME_VERSION would just
-  // break local dev every time you bump the version bakeline.
-  const forkDir = path.resolve(__dirname, '..', '..', 'aionui-fork')
-  if (isValidRuntimeDir(forkDir)) {
-    return { dir: forkDir, version: readVersion(forkDir), source: 'aionui-fork' }
+  // 3. Dev repo aionui-fork/ — GATED BEHIND HOLYSHEEP_DEV=1. See resolver
+  // header docstring (order step 3) for rationale. Users (even devs running
+  // from the repo checkout) go through user-cache → download, so the
+  // production behavior is always what they see locally.
+  if (process.env.HOLYSHEEP_DEV === '1') {
+    const forkDir = path.resolve(__dirname, '..', '..', 'aionui-fork')
+    if (isValidRuntimeDir(forkDir)) {
+      return { dir: forkDir, version: readVersion(forkDir), source: 'aionui-fork' }
+    }
   }
 
   // 4. Fresh install — download from env override OR baked-in default

package/src/webui/aionui-wrapper.js

@@ -45,8 +45,11 @@ const BRIDGE_CRED_FILE = path.join(BRIDGE_DIR, 'aionui-bridge.json')
 const TOKEN_TTL_MS = 30_000
 const INTERNAL_PORT_START = 9877
 const INTERNAL_PORT_TRIES = 10
-const UPSTREAM_STARTUP_TIMEOUT_MS = 25_000
+// First launch on Windows spends 30-40s in Defender + bun JIT + sqlite init,
+// so 25s was flaking on cold boxes. Align with the old standalone spawn path.
+const UPSTREAM_STARTUP_TIMEOUT_MS = Number(process.env.HS_WEB_STARTUP_TIMEOUT_MS) || 60_000
 const UPSTREAM_CONNECT_TIMEOUT_MS = 30_000
+const AIONUI_LOG_TAIL_BYTES = 4096
 
 // Bootstrap token store — Map<token, { createdAt, used }>
 const bootstrapTokens = new Map()
@@ -525,6 +528,14 @@ function buildRouter(ctx) {
       if (route === '/api/holysheep/whoami' && req.method === 'GET') {
         return await legacy().handleWhoami(req, res)
       }
+      // One-click-all (SSE) — configure every installed tool in a single stream.
+      // Must sit next to `/api/holysheep/tool/*` so the Dashboard's
+      // "一键配置所有 CLI" button hits a real route instead of falling
+      // through to the default AionUi proxy (which returns 404/502 and
+      // surfaces as "Failed to load resource" in the console).
+      if (route === '/api/holysheep/setup' && req.method === 'POST') {
+        return await legacy().handleSetup(req, res)
+      }
       // POST handlers: install, configure, reset, launch for a named tool
       if (route === '/api/holysheep/tool/install' && req.method === 'POST') {
         return await legacy().handleToolInstall(req, res)
@@ -586,7 +597,12 @@ async function startWrapper({ port, runtimeDir, runtimeVersion, runtimeSource, b
   const internalPort = await pickInternalPort()
   log(`internal AionUi port: ${internalPort}`)
 
-  // Spawn AionUi, bound 127.0.0.1 only (ALLOW_REMOTE never set)
+  // Spawn AionUi, bound 127.0.0.1 only (ALLOW_REMOTE never set).
+  // stdio is piped (not inherited) so that:
+  //   1. When startup fails we can surface the last ~4KB of bun/AionUi
+  //      output via the rejected `startWrapper` promise (previously silent).
+  //   2. In HS_WEB_DEBUG=1 mode we stream live logs prefixed with [aionui].
+  const debug = process.env.HS_WEB_DEBUG === '1'
   const aionui = spawn(bunPath, ['dist-server/server.mjs'], {
     cwd: runtimeDir,
     env: {
@@ -596,14 +612,40 @@ async function startWrapper({ port, runtimeDir, runtimeVersion, runtimeSource, b
       ALLOW_REMOTE: '',
       NODE_ENV: 'production',
     },
-    stdio: ['ignore', 'inherit', 'inherit'],
+    stdio: ['ignore', 'pipe', 'pipe'],
   })
+
+  let logTail = ''
+  const appendLog = (stream, chunk) => {
+    const s = Buffer.isBuffer(chunk) ? chunk.toString('utf8') : String(chunk)
+    logTail += s
+    if (logTail.length > AIONUI_LOG_TAIL_BYTES) {
+      logTail = logTail.slice(logTail.length - AIONUI_LOG_TAIL_BYTES)
+    }
+    if (debug) {
+      const target = stream === 'err' ? process.stderr : process.stdout
+      target.write(`[aionui] ${s}`)
+    }
+  }
+  aionui.stdout.on('data', (d) => appendLog('out', d))
+  aionui.stderr.on('data', (d) => appendLog('err', d))
   aionui.on('exit', (code) => {
     log(`AionUi upstream exited (code=${code})`)
     process.exit(code || 1)
   })
 
-  await waitForUpstreamReady(internalPort)
+  try {
+    await waitForUpstreamReady(internalPort)
+  } catch (e) {
+    const tail = logTail.trim()
+    const msg = tail
+      ? `${e.message}\n\n  --- last AionUi output (tail) ---\n${tail
+          .split(/\r?\n/)
+          .map((ln) => `  ${ln}`)
+          .join('\n')}\n  ------------------------------------`
+      : e.message
+    throw new Error(msg)
+  }
   log(`AionUi upstream ready (version=${runtimeVersion}, source=${runtimeSource})`)
 
   const ctx = { internalPort, runtimeDir, runtimeVersion, runtimeSource, bunPath }

package/src/webui/server.js

@@ -74,6 +74,7 @@ function getVersionAsync(tool) {
     'opencode': 'opencode --version',
     'openclaw': 'openclaw --version',
     'aider': 'aider --version',
+    'hermes': 'hermes --version',
   }
   const cmd = cmds[tool.id]
   if (!cmd) return Promise.resolve(null)
@@ -106,6 +107,7 @@ function getToolCommand(toolId) {
     'opencode': 'opencode',
     'openclaw': 'openclaw',
     'aider': 'aider',
+    'hermes': 'hermes',
     'env-config': null,
   }
   return cmds[toolId] ?? null
@@ -169,10 +171,28 @@ const AUTO_INSTALL = {
       : 'curl -fsSL https://claude.ai/install.sh | bash',
   },
   'codex':       { cmd: 'npm install -g @openai/codex' },
+  'droid': {
+    // 2.1.14 fix: Windows/Linux now have official installers; previously
+    // the WebUI piped the macOS-only brew command on every platform.
+    cmd: process.platform === 'win32'
+      ? 'winget install --id Factory.Droid -e --accept-source-agreements --accept-package-agreements'
+      : process.platform === 'darwin'
+        ? 'brew install --cask droid'
+        : 'curl -fsSL https://app.factory.ai/install.sh | bash',
+  },
   'gemini-cli':  { cmd: 'npm install -g @google/gemini-cli' },
   'opencode':    { cmd: 'npm install -g opencode-ai' },
   'openclaw':    { cmd: 'npm install -g openclaw@latest' },
   'aider':       { cmd: 'pip install aider-chat' },
+  // Hermes Agent (Nous Research). Python-based, installed via uv. Windows
+  // requires WSL2 (the installer explicitly rejects native Windows). On
+  // Windows the CLI's hermes tool reports manual steps instead of running
+  // this shell command — see src/tools/hermes.js.
+  'hermes': {
+    cmd: process.platform === 'win32'
+      ? '' // unsupported — see hermes tool for manual steps
+      : 'curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash -s -- --skip-setup',
+  },
 }
 
 // ── UPGRADABLE_TOOLS (from upgrade.js) ───────────────────────────────────────
@@ -187,10 +207,26 @@ const UPGRADABLE_TOOLS = [
       : 'curl -fsSL https://claude.ai/install.sh | bash',
   },
   { name: 'Codex CLI', id: 'codex', command: 'codex', versionCmd: 'codex --version', npmPkg: '@openai/codex', installCmd: 'npm install -g @openai/codex@latest' },
-  { name: 'Droid CLI', id: 'droid', command: 'droid', versionCmd: 'droid --version', npmPkg: null, installCmd: process.platform === 'win32' ? 'winget upgrade --id Droid.Droid' : 'brew install --cask droid' },
+  {
+    name: 'Droid CLI', id: 'droid', command: 'droid', versionCmd: 'droid --version', npmPkg: null,
+    // 2.1.14: Correct Factory winget package id is `Factory.Droid` (not `Droid.Droid`)
+    // and Linux/macOS get platform-native installers. Previously the Linux
+    // fallback was the macOS brew cmd which fails.
+    installCmd: process.platform === 'win32'
+      ? 'winget install --id Factory.Droid -e --accept-source-agreements --accept-package-agreements'
+      : process.platform === 'darwin'
+        ? 'brew install --cask droid'
+        : 'curl -fsSL https://app.factory.ai/install.sh | bash',
+  },
   { name: 'OpenCode', id: 'opencode', command: 'opencode', versionCmd: 'opencode --version', npmPkg: 'opencode-ai', installCmd: 'npm install -g opencode-ai@latest' },
   { name: 'OpenClaw', id: 'openclaw', command: 'openclaw', versionCmd: 'openclaw --version', npmPkg: 'openclaw', installCmd: 'npm install -g openclaw@latest' },
   { name: 'Gemini CLI', id: 'gemini-cli', command: 'gemini', versionCmd: 'gemini --version', npmPkg: '@google/gemini-cli', installCmd: 'npm install -g @google/gemini-cli@latest' },
+  {
+    name: 'Hermes Agent', id: 'hermes', command: 'hermes', versionCmd: 'hermes --version', npmPkg: null,
+    installCmd: process.platform === 'win32'
+      ? '' // unsupported on native Windows — see hermes tool hint
+      : 'curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash -s -- --skip-setup',
+  },
 ]
 
 // ── Update check (cached, refreshes every 30min) ────────────────────────────
@@ -295,8 +331,18 @@ async function handleWhoami(_req, res) {
 async function handleBalance(_req, res) {
   const apiKey = getApiKey()
   if (!apiKey) return json(res, { error: '未登录' }, 401)
+  // IMPORTANT (2.1.14): SHOP_URL is `https://holysheep.ai` which issues a
+  // 301 to `https://www.holysheep.ai`. node-fetch's default redirect flow
+  // drops the Authorization header on cross-origin redirects (even between
+  // same-reg-domain hosts), so the downstream request would hit the Next.js
+  // app unauthenticated and return 404/HTML. We hit www.* directly to keep
+  // the Bearer header intact.
+  //
+  // Response schema (verified 2026-04-22):
+  //   { balance, todayCost, monthCost, totalCalls, totalCost, recentRecords:[…] }
+  const STATS_URL = 'https://www.holysheep.ai/api/stats/overview'
   try {
-    const r = await fetchWithRetry(`${SHOP_URL}/api/stats/overview`, {
+    const r = await fetchWithRetry(STATS_URL, {
       headers: { Authorization: `Bearer ${apiKey}` },
     })
     if (r.status === 401) return json(res, { error: 'API Key 无效或已过期' }, 401)
@@ -307,6 +353,8 @@ async function handleBalance(_req, res) {
       todayCost: Number(data.todayCost || 0),
       monthCost: Number(data.monthCost || 0),
       totalCalls: Number(data.totalCalls || 0),
+      totalCost: Number(data.totalCost || 0),
+      plans: Array.isArray(data.plans) ? data.plans : [],
     })
   } catch (e) {
     const msg = e.code === 'EAI_AGAIN' ? 'DNS 解析失败，请检查网络' : e.message
@@ -597,6 +645,14 @@ async function handleToolInstall(req, res) {
   if (!toolId || !AUTO_INSTALL[toolId]) {
     return json(res, { error: '不支持自动安装此工具' }, 400)
   }
+  // Hermes on Windows: installer only supports Linux/macOS/WSL2. Instead of
+  // spawning an empty cmd (which hangs SSE), short-circuit with guidance.
+  if (toolId === 'hermes' && process.platform === 'win32') {
+    sseStart(res)
+    sseEmit(res, { type: 'output', text: 'Hermes Agent 官方安装脚本不支持原生 Windows。\n请先启用 WSL2（`wsl --install`）后，在 Ubuntu 终端里运行：\n  curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash -s -- --skip-setup\n' })
+    sseEmit(res, { type: 'done', success: false, manual: true })
+    return res.end()
+  }
 
   sseStart(res)
   sseEmit(res, { type: 'progress', message: `正在安装 ${toolId}...` })
@@ -615,6 +671,21 @@ async function handleToolInstall(req, res) {
     child.on('error', () => { clearTimeout(timer); resolve(false) })
   })
 
+  // Windows: npm-global installs (codex, gemini-cli, opencode, openclaw) drop
+  // the binary under %APPDATA%\npm which isn't in the freshly-installed user's
+  // Path. Fix it now so the very next tool check sees the binary. No-op on
+  // non-Windows or when already present.
+  if (ok && process.platform === 'win32') {
+    try {
+      const { ensureWindowsUserPathHasNpmBin } = require('../utils/shell')
+      ensureWindowsUserPathHasNpmBin()
+      sseEmit(res, { type: 'output', text: '\n✓ 已更新 Windows 用户 PATH（包含 npm global bin）\n' })
+    } catch {}
+    // Bust the tool-check cache so the follow-up /api/holysheep/tools sees
+    // the new binary without waiting 10s for the TTL.
+    toolStateCache.delete(toolId)
+  }
+
   sseEmit(res, { type: 'done', success: ok })
   res.end()
 }