@thevinci/web 1.0.0

package/server/lib/opencode/pwa-manifest-routes.test.js

@@ -0,0 +1,133 @@
+import { describe, expect, it } from 'vitest';
+import { registerPwaManifestRoute } from './pwa-manifest-routes.js';
+
+const createResponse = () => ({
+  headers: new Map(),
+  contentType: '',
+  body: '',
+  setHeader(name, value) {
+    this.headers.set(name, value);
+    return this;
+  },
+  type(value) {
+    this.contentType = value;
+    return this;
+  },
+  send(value) {
+    this.body = value;
+    return this;
+  },
+});
+
+describe('PWA manifest route', () => {
+  it('does not fall back to unrelated global session shortcuts for scoped manifests', async () => {
+    const routes = new Map();
+    const app = {
+      get(route, handler) {
+        routes.set(route, handler);
+      },
+    };
+    const originalFetch = globalThis.fetch;
+    const fetchCalls = [];
+    globalThis.fetch = async (url) => {
+      fetchCalls.push(String(url));
+      const sessions = String(url).includes('?directory=')
+        ? []
+        : [
+            {
+              id: 'other-session',
+              title: 'Other project',
+              directory: '/workspace/other',
+              time: { updated: 2 },
+            },
+          ];
+      return {
+        ok: true,
+        json: async () => sessions,
+      };
+    };
+
+    try {
+      registerPwaManifestRoute(app, {
+        process: { platform: 'darwin' },
+        resolveProjectDirectory: async () => ({ directory: '/workspace/app' }),
+        buildOpenCodeUrl: (route) => route,
+        getOpenCodeAuthHeaders: () => ({}),
+        readSettingsFromDiskMigrated: async () => ({}),
+        normalizePwaAppName: (value, fallback) => typeof value === 'string' && value.trim() ? value.trim() : fallback,
+        normalizePwaOrientation: (value, fallback) => typeof value === 'string' && value.trim() ? value.trim() : fallback,
+      });
+
+      const handler = routes.get('/manifest.webmanifest');
+      const res = createResponse();
+      await handler({ query: {} }, res);
+
+      const manifest = JSON.parse(res.body);
+      expect(fetchCalls).toHaveLength(2);
+      expect(manifest.shortcuts).toEqual([
+        {
+          name: 'Appearance Settings',
+          short_name: 'Settings',
+          description: 'Open appearance settings',
+          url: '/?settings=appearance',
+          icons: [{ src: '/pwa-192.png', sizes: '192x192', type: 'image/png' }],
+        },
+      ]);
+    } finally {
+      globalThis.fetch = originalFetch;
+    }
+  });
+
+  it('includes child session shortcuts for root-scoped manifests', async () => {
+    const routes = new Map();
+    const app = {
+      get(route, handler) {
+        routes.set(route, handler);
+      },
+    };
+    const originalFetch = globalThis.fetch;
+    const fetchCalls = [];
+    globalThis.fetch = async (url) => {
+      fetchCalls.push(String(url));
+      return {
+        ok: true,
+        json: async () => [
+          {
+            id: 'root-child',
+            title: 'Root child',
+            directory: '/workspace/app',
+            time: { updated: 2 },
+          },
+        ],
+      };
+    };
+
+    try {
+      registerPwaManifestRoute(app, {
+        process: { platform: 'darwin' },
+        resolveProjectDirectory: async () => ({ directory: '/' }),
+        buildOpenCodeUrl: (route) => route,
+        getOpenCodeAuthHeaders: () => ({}),
+        readSettingsFromDiskMigrated: async () => ({}),
+        normalizePwaAppName: (value, fallback) => typeof value === 'string' && value.trim() ? value.trim() : fallback,
+        normalizePwaOrientation: (value, fallback) => typeof value === 'string' && value.trim() ? value.trim() : fallback,
+      });
+
+      const handler = routes.get('/manifest.webmanifest');
+      const res = createResponse();
+      await handler({ query: {} }, res);
+
+      const manifest = JSON.parse(res.body);
+      expect(fetchCalls).toEqual(['/session?directory=%2F']);
+      expect(manifest.shortcuts).toContainEqual({
+        name: 'Root child',
+        short_name: 'Root child',
+        description: 'Open recent session',
+        url: '/?session=root-child',
+        icons: [{ src: '/pwa-192.png', sizes: '192x192', type: 'image/png' }],
+      });
+    } finally {
+      globalThis.fetch = originalFetch;
+    }
+  });
+});

package/server/lib/opencode/routes.js

@@ -0,0 +1,541 @@
+import { createProjectIdFromPath } from '../projects/project-id.js';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { writeEnvKeys } from './env-keys.js';
+
+export const registerOpenCodeRoutes = (app, dependencies) => {
+  const {
+    crypto,
+    clientReloadDelayMs,
+    getOpenCodeResolutionSnapshot,
+    formatSettingsResponse,
+    readSettingsFromDisk,
+    readSettingsFromDiskMigrated,
+    persistSettings,
+    sanitizeProjects,
+    validateDirectoryPath,
+    resolveProjectDirectory,
+    getProviderSources,
+    removeProviderConfig,
+    refreshOpenCodeAfterConfigChange,
+    buildOpenCodeUrl,
+    getOpenCodeAuthHeaders,
+  } = dependencies;
+
+  let authLibrary = null;
+  const pendingMcpAuthContextByState = new Map();
+  const PENDING_MCP_AUTH_TTL_MS = 30 * 60 * 1000;
+  const getAuthLibrary = async () => {
+    if (!authLibrary) {
+      authLibrary = await import('./auth.js');
+    }
+    return authLibrary;
+  };
+
+  const normalizePendingString = (value) => {
+    if (typeof value !== 'string') {
+      return null;
+    }
+
+    const trimmed = value.trim();
+    return trimmed || null;
+  };
+
+  const parseVersionForComparison = (value) => {
+    const normalized = String(value || '').replace(/^v/, '').split('+')[0];
+    const prereleaseIndex = normalized.indexOf('-');
+    const core = prereleaseIndex >= 0 ? normalized.slice(0, prereleaseIndex) : normalized;
+    const parts = core.split('.').map((part) => {
+      const parsed = Number.parseInt(part || '0', 10);
+      return Number.isFinite(parsed) ? parsed : 0;
+    });
+    return { parts, prerelease: prereleaseIndex >= 0 };
+  };
+
+  const compareVersions = (left, right) => {
+    const a = parseVersionForComparison(left);
+    const b = parseVersionForComparison(right);
+    const length = Math.max(a.parts.length, b.parts.length);
+    for (let index = 0; index < length; index += 1) {
+      const diff = (a.parts[index] || 0) - (b.parts[index] || 0);
+      if (diff !== 0) return diff;
+    }
+    if (a.prerelease !== b.prerelease) return a.prerelease ? -1 : 1;
+    return 0;
+  };
+
+  const fetchLatestOpenCodeVersionFromGithub = async () => {
+    const response = await fetch('https://api.github.com/repos/anomalyco/opencode/releases/latest', {
+      headers: { Accept: 'application/json' },
+      signal: AbortSignal.timeout(10_000),
+    });
+    if (!response.ok) {
+      throw new Error(`OpenCode releases responded with ${response.status}`);
+    }
+    const payload = await response.json();
+    const tag = typeof payload?.tag_name === 'string' ? payload.tag_name.trim() : '';
+    return tag.replace(/^v/, '');
+  };
+
+  const fetchLatestOpenCodeVersionFromNpm = async () => {
+    const response = await fetch('https://registry.npmjs.org/opencode-ai/latest', {
+      headers: { Accept: 'application/json' },
+      signal: AbortSignal.timeout(10_000),
+    });
+    if (!response.ok) {
+      throw new Error(`OpenCode npm registry responded with ${response.status}`);
+    }
+    const payload = await response.json();
+    return typeof payload?.version === 'string' ? payload.version.trim().replace(/^v/, '') : '';
+  };
+
+  const fetchLatestOpenCodeVersion = async () => {
+    const results = await Promise.allSettled([
+      fetchLatestOpenCodeVersionFromNpm(),
+      fetchLatestOpenCodeVersionFromGithub(),
+    ]);
+    const versions = results
+      .filter((result) => result.status === 'fulfilled' && result.value)
+      .map((result) => result.value);
+    if (versions.length === 0) {
+      const failure = results.find((result) => result.status === 'rejected');
+      throw failure?.reason instanceof Error ? failure.reason : new Error('Failed to resolve latest OpenCode version');
+    }
+    return versions.sort((left, right) => compareVersions(right, left))[0];
+  };
+
+  const pruneExpiredPendingMcpAuthContexts = () => {
+    const now = Date.now();
+    for (const [state, entry] of pendingMcpAuthContextByState.entries()) {
+      if (!entry || typeof entry.expiresAt !== 'number' || entry.expiresAt <= now) {
+        pendingMcpAuthContextByState.delete(state);
+      }
+    }
+  };
+
+  app.get('/api/config/settings', async (_req, res) => {
+    try {
+      const settings = await readSettingsFromDiskMigrated();
+      res.json(formatSettingsResponse(settings));
+    } catch (error) {
+      console.error('Failed to read settings:', error);
+      res.status(500).json({ error: 'Failed to read settings' });
+    }
+  });
+
+  app.get('/api/config/opencode-resolution', async (_req, res) => {
+    try {
+      const settings = await readSettingsFromDiskMigrated();
+      const resolution = await getOpenCodeResolutionSnapshot(settings);
+      res.json(resolution);
+    } catch (error) {
+      console.error('Failed to resolve OpenCode binary:', error);
+      res.status(500).json({ error: 'Failed to resolve OpenCode binary' });
+    }
+  });
+
+  app.post('/api/opencode/upgrade', async (req, res) => {
+    try {
+      const target = typeof req.body?.target === 'string' && req.body.target.trim().length > 0
+        ? req.body.target.trim()
+        : undefined;
+      const response = await fetch(buildOpenCodeUrl('/global/upgrade', ''), {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          Accept: 'application/json',
+          ...getOpenCodeAuthHeaders(),
+        },
+        body: JSON.stringify(target ? { target } : {}),
+      });
+      const payload = await response.json().catch(() => null);
+      if (!response.ok) {
+        return res.status(response.status).json({
+          success: false,
+          error: payload?.error || response.statusText || 'Failed to upgrade OpenCode',
+        });
+      }
+      return res.json(payload ?? { success: true });
+    } catch (error) {
+      console.error('Failed to upgrade OpenCode:', error);
+      return res.status(500).json({
+        success: false,
+        error: error instanceof Error ? error.message : 'Failed to upgrade OpenCode',
+      });
+    }
+  });
+
+  app.get('/api/opencode/upgrade-status', async (_req, res) => {
+    try {
+      const [healthResponse, latestVersion] = await Promise.all([
+        fetch(buildOpenCodeUrl('/global/health', ''), {
+          method: 'GET',
+          headers: { Accept: 'application/json', ...getOpenCodeAuthHeaders() },
+        }),
+        fetchLatestOpenCodeVersion(),
+      ]);
+      const health = await healthResponse.json().catch(() => null);
+      if (!healthResponse.ok) {
+        return res.status(healthResponse.status).json({
+          available: null,
+          error: health?.error || healthResponse.statusText || 'Failed to read OpenCode version',
+        });
+      }
+      const currentVersion = typeof health?.version === 'string' ? health.version.replace(/^v/, '') : null;
+      if (!currentVersion || !latestVersion) {
+        return res.json({ available: null, currentVersion, latestVersion: latestVersion || null });
+      }
+      const available = compareVersions(latestVersion, currentVersion) > 0;
+      return res.json({
+        available,
+        currentVersion,
+        latestVersion,
+      });
+    } catch (error) {
+      return res.status(500).json({
+        available: null,
+        error: error instanceof Error ? error.message : 'Failed to check OpenCode upgrade status',
+      });
+    }
+  });
+
+  app.put('/api/config/settings', async (req, res) => {
+    console.log('[API:PUT /api/config/settings] Received request');
+    try {
+      const oldSettings = await readSettingsFromDiskMigrated();
+      const updated = await persistSettings(req.body ?? {});
+      console.log(`[API:PUT /api/config/settings] Success, returning ${updated.projects?.length || 0} projects`);
+
+      // Sync settings-level API keys to env-keys.json and process.env
+      // so they're available to custom opencode tools regardless of settings.json state.
+      const envKeyMappings = {
+        klipyAppKey: 'KLIPY_APP_KEY',
+        imageGenApiKey: 'GOOGLE_GENERATIVE_AI_API_KEY',
+        elevenlabsApiKey: 'ELEVENLABS_API_KEY',
+      };
+      const body = req.body ?? {};
+      const envBatch = {};
+      for (const [settingsKey, envVar] of Object.entries(envKeyMappings)) {
+        const val = body[settingsKey];
+        if (typeof val === 'string' && val.trim().length > 0) {
+          const trimmed = val.trim();
+          process.env[envVar] = trimmed;
+          envBatch[envVar] = trimmed;
+        } else if (val === '' || val === null) {
+          delete process.env[envVar];
+          envBatch[envVar] = '';
+        }
+      }
+      if (Object.keys(envBatch).length > 0) {
+        writeEnvKeys(envBatch);
+      }
+
+      // Sync generic extra env vars from settings to env-keys.json and process.env
+      if (body.extraEnvVars && typeof body.extraEnvVars === 'object' && !Array.isArray(body.extraEnvVars)) {
+        const extraBatch = {};
+        for (const [key, value] of Object.entries(body.extraEnvVars)) {
+          if (typeof key === 'string' && typeof value === 'string' && key.trim()) {
+            const trimmed = value.trim();
+            process.env[key] = trimmed;
+            extraBatch[key] = trimmed;
+          }
+        }
+        if (Object.keys(extraBatch).length > 0) {
+          writeEnvKeys(extraBatch);
+        }
+      }
+
+      const keysChanged =
+        oldSettings.klipyAppKey !== updated.klipyAppKey ||
+        oldSettings.imageGenApiKey !== updated.imageGenApiKey ||
+        oldSettings.elevenlabsApiKey !== updated.elevenlabsApiKey ||
+        oldSettings.opencodeBinary !== updated.opencodeBinary ||
+        JSON.stringify(oldSettings.extraEnvVars) !== JSON.stringify(updated.extraEnvVars);
+
+      if (keysChanged) {
+        console.log('[API:PUT /api/config/settings] API keys or OpenCode binary changed, restarting OpenCode...');
+        await refreshOpenCodeAfterConfigChange('API keys or OpenCode binary changed').catch((err) => {
+          console.error('[API:PUT /api/config/settings] Failed to refresh OpenCode after settings change:', err);
+        });
+      }
+
+      res.json(updated);
+    } catch (error) {
+      console.error('[API:PUT /api/config/settings] Failed to save settings:', error);
+      console.error('[API:PUT /api/config/settings] Error stack:', error.stack);
+      res.status(500).json({ error: 'Failed to save settings' });
+    }
+  });
+
+  app.post('/api/mcp/auth/pending', async (req, res) => {
+    try {
+      pruneExpiredPendingMcpAuthContexts();
+
+      const state = normalizePendingString(req.body?.state);
+      if (!state) {
+        return res.json({ success: true, context: null });
+      }
+
+      const name = normalizePendingString(req.body?.name);
+      if (!name) {
+        return res.status(400).json({ error: 'MCP server name is required' });
+      }
+
+      const entry = {
+        name,
+        directory: normalizePendingString(req.body?.directory),
+        expiresAt: Date.now() + PENDING_MCP_AUTH_TTL_MS,
+      };
+      pendingMcpAuthContextByState.set(state, entry);
+
+      return res.json({
+        success: true,
+        context: {
+          name: entry.name,
+          directory: entry.directory,
+        },
+      });
+    } catch (error) {
+      console.error('Failed to store pending MCP auth context:', error);
+      return res.status(500).json({ error: error.message || 'Failed to store pending MCP auth context' });
+    }
+  });
+
+  app.get('/api/mcp/auth/pending', async (req, res) => {
+    try {
+      pruneExpiredPendingMcpAuthContexts();
+
+      const state = normalizePendingString(Array.isArray(req.query?.state) ? req.query.state[0] : req.query?.state);
+      if (!state) {
+        return res.json(null);
+      }
+
+      const pendingMcpAuthContext = pendingMcpAuthContextByState.get(state) ?? null;
+      if (!pendingMcpAuthContext) {
+        return res.status(404).json({ error: 'No pending MCP auth context' });
+      }
+
+      return res.json(pendingMcpAuthContext);
+    } catch (error) {
+      console.error('Failed to read pending MCP auth context:', error);
+      return res.status(500).json({ error: error.message || 'Failed to read pending MCP auth context' });
+    }
+  });
+
+  app.delete('/api/mcp/auth/pending', async (req, res) => {
+    try {
+      const state = normalizePendingString(Array.isArray(req.query?.state) ? req.query.state[0] : req.query?.state);
+      if (!state) {
+        return res.json({ success: true });
+      }
+
+      pendingMcpAuthContextByState.delete(state);
+      return res.json({ success: true });
+    } catch (error) {
+      console.error('Failed to clear pending MCP auth context:', error);
+      return res.status(500).json({ error: error.message || 'Failed to clear pending MCP auth context' });
+    }
+  });
+
+  app.get('/api/provider/:providerId/source', async (req, res) => {
+    try {
+      const { providerId } = req.params;
+      if (!providerId) {
+        return res.status(400).json({ error: 'Provider ID is required' });
+      }
+
+      const headerDirectory = typeof req.get === 'function' ? req.get('x-opencode-directory') : null;
+      const queryDirectory = Array.isArray(req.query?.directory)
+        ? req.query.directory[0]
+        : req.query?.directory;
+      const requestedDirectory = headerDirectory || queryDirectory || null;
+
+      let directory = null;
+      const resolved = await resolveProjectDirectory(req);
+      if (resolved.directory) {
+        directory = resolved.directory;
+      } else if (requestedDirectory) {
+        return res.status(400).json({ error: resolved.error });
+      }
+
+      const sources = getProviderSources(providerId, directory);
+      const { getProviderAuth } = await getAuthLibrary();
+      const auth = getProviderAuth(providerId);
+      sources.sources.auth.exists = Boolean(auth);
+
+      return res.json({
+        providerId,
+        sources: sources.sources,
+      });
+    } catch (error) {
+      console.error('Failed to get provider sources:', error);
+      return res.status(500).json({ error: error.message || 'Failed to get provider sources' });
+    }
+  });
+
+  app.delete('/api/provider/:providerId/auth', async (req, res) => {
+    try {
+      const { providerId } = req.params;
+      if (!providerId) {
+        return res.status(400).json({ error: 'Provider ID is required' });
+      }
+
+      const scope = typeof req.query?.scope === 'string' ? req.query.scope : 'auth';
+      const headerDirectory = typeof req.get === 'function' ? req.get('x-opencode-directory') : null;
+      const queryDirectory = Array.isArray(req.query?.directory)
+        ? req.query.directory[0]
+        : req.query?.directory;
+      const requestedDirectory = headerDirectory || queryDirectory || null;
+      let directory = null;
+
+      if (scope === 'project' || requestedDirectory) {
+        const resolved = await resolveProjectDirectory(req);
+        if (!resolved.directory) {
+          return res.status(400).json({ error: resolved.error });
+        }
+        directory = resolved.directory;
+      } else {
+        const resolved = await resolveProjectDirectory(req);
+        if (resolved.directory) {
+          directory = resolved.directory;
+        }
+      }
+
+      let removed = false;
+      if (scope === 'auth') {
+        const { removeProviderAuth } = await getAuthLibrary();
+        removed = removeProviderAuth(providerId);
+      } else if (scope === 'user' || scope === 'project' || scope === 'custom') {
+        removed = removeProviderConfig(providerId, directory, scope);
+      } else if (scope === 'all') {
+        const { removeProviderAuth } = await getAuthLibrary();
+        const authRemoved = removeProviderAuth(providerId);
+        const userRemoved = removeProviderConfig(providerId, directory, 'user');
+        const projectRemoved = directory ? removeProviderConfig(providerId, directory, 'project') : false;
+        const customRemoved = removeProviderConfig(providerId, directory, 'custom');
+        removed = authRemoved || userRemoved || projectRemoved || customRemoved;
+      } else {
+        return res.status(400).json({ error: 'Invalid scope' });
+      }
+
+      if (removed) {
+        await refreshOpenCodeAfterConfigChange(`provider ${providerId} disconnected (${scope})`);
+      }
+
+      return res.json({
+        success: true,
+        removed,
+        requiresReload: removed,
+        message: removed ? 'Provider disconnected successfully' : 'Provider was not connected',
+        reloadDelayMs: removed ? clientReloadDelayMs : undefined,
+      });
+    } catch (error) {
+      console.error('Failed to disconnect provider:', error);
+      return res.status(500).json({ error: error.message || 'Failed to disconnect provider' });
+    }
+  });
+
+  app.post('/api/opencode/directory', async (req, res) => {
+    try {
+      const requestedPath = typeof req.body?.path === 'string' ? req.body.path.trim() : '';
+      if (!requestedPath) {
+        return res.status(400).json({ error: 'Path is required' });
+      }
+
+      const validated = await validateDirectoryPath(requestedPath);
+      if (!validated.ok) {
+        return res.status(400).json({ error: validated.error });
+      }
+
+      const resolvedPath = validated.directory;
+      const currentSettings = await readSettingsFromDisk();
+      const existingProjects = sanitizeProjects(currentSettings.projects) || [];
+      const existing = existingProjects.find((project) => project.path === resolvedPath) || null;
+
+      const nextProjects = existing
+        ? existingProjects
+        : [
+            ...existingProjects,
+            {
+              id: createProjectIdFromPath(resolvedPath),
+              path: resolvedPath,
+              addedAt: Date.now(),
+              lastOpenedAt: Date.now(),
+            },
+          ];
+
+      const activeProjectId = existing ? existing.id : nextProjects[nextProjects.length - 1].id;
+
+      const updated = await persistSettings({
+        projects: nextProjects,
+        activeProjectId,
+        lastDirectory: resolvedPath,
+      });
+
+      return res.json({
+        success: true,
+        restarted: false,
+        path: resolvedPath,
+        settings: updated,
+      });
+    } catch (error) {
+      console.error('Failed to update OpenCode working directory:', error);
+      return res.status(500).json({ error: error.message || 'Failed to update working directory' });
+    }
+  });
+
+  // Behavior / Global AGENTS.md endpoints
+  const opencodeConfigDir = process.env.OPENCODE_CONFIG_DIR
+    ? path.resolve(process.env.OPENCODE_CONFIG_DIR)
+    : path.join(os.homedir(), '.vinci', '.opencode');
+  const AGENTS_MD_PATH = path.join(opencodeConfigDir, 'AGENTS.md');
+  const MAX_BEHAVIOR_PROMPT_SIZE = 1024 * 1024; // 1 MB
+
+  app.get('/api/behavior/agents-md', async (_req, res) => {
+    try {
+      try {
+        await fs.promises.access(AGENTS_MD_PATH);
+      } catch {
+        return res.json({ content: '', exists: false });
+      }
+      const content = await fs.promises.readFile(AGENTS_MD_PATH, 'utf8');
+      return res.json({ content, exists: true });
+    } catch (error) {
+      console.error('Failed to read AGENTS.md:', error);
+      return res.status(500).json({ error: 'Failed to read AGENTS.md' });
+    }
+  });
+
+  app.put('/api/behavior/agents-md', async (req, res) => {
+    try {
+      const content = typeof req.body?.content === 'string' ? req.body.content : '';
+
+      if (content.length > MAX_BEHAVIOR_PROMPT_SIZE) {
+        return res.status(413).json({ error: `Content exceeds maximum size of ${MAX_BEHAVIOR_PROMPT_SIZE} bytes` });
+      }
+
+      // Ensure parent directory exists
+      const parentDir = path.dirname(AGENTS_MD_PATH);
+      try {
+        await fs.promises.access(parentDir);
+      } catch {
+        await fs.promises.mkdir(parentDir, { recursive: true });
+      }
+
+      await fs.promises.writeFile(AGENTS_MD_PATH, content, 'utf8');
+
+      // Refresh OpenCode so it picks up the new AGENTS.md without a full restart
+      try {
+        await refreshOpenCodeAfterConfigChange('global behavior (AGENTS.md) updated');
+      } catch {
+        // Non-fatal: file was written successfully
+      }
+
+      return res.json({ success: true });
+    } catch (error) {
+      console.error('Failed to write AGENTS.md:', error);
+      return res.status(500).json({ error: error.message || 'Failed to write AGENTS.md' });
+    }
+  });
+};