@vibe80/vibe80 0.1.2 → 0.1.7

package/bin/vibe80.js

@@ -7,7 +7,6 @@ const path = require("path");
 const os = require("os");
 
 const rootDir = path.resolve(__dirname, "..");
-const npmCmd = process.platform === "win32" ? "npm.cmd" : "npm";
 const homeDir = process.env.HOME || os.homedir();
 const monoAuthUrlFile = path.join(
   os.tmpdir(),
@@ -15,15 +14,14 @@ const monoAuthUrlFile = path.join(
 );
 const defaultEnv = {
   DEPLOYMENT_MODE: "mono_user",
-  JWT_KEY_PATH: path.join(homeDir, ".vibe80", "jwt.key"),
+  VIBE80_DATA_DIRECTORY: path.join(homeDir, ".vibe80"),
   STORAGE_BACKEND: "sqlite",
-  SQLITE_PATH: path.join(homeDir, ".vibe80", "data.sqlite"),
 };
 const deploymentMode = process.env.DEPLOYMENT_MODE || defaultEnv.DEPLOYMENT_MODE;
 const serverPort = process.env.PORT || "5179";
 
-const spawnProcess = (args, label, extraEnv = {}) => {
-  const child = spawn(npmCmd, args, {
+const spawnProcess = (cmd, args, label, extraEnv = {}) => {
+  const child = spawn(cmd, args, {
     cwd: rootDir,
     env: {
       ...defaultEnv,
@@ -130,7 +128,8 @@ const shutdown = (code = 0) => {
 const startServer = () => {
   unlinkMonoAuthUrlFile();
   server = spawnProcess(
-    ["--workspace", "server", "run", "start"],
+    process.execPath,
+    ["server/src/index.js"],
     "server",
     { VIBE80_MONO_AUTH_URL_FILE: monoAuthUrlFile }
   );

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibe80/vibe80",
-  "version": "0.1.2",
+  "version": "0.1.7",
   "private": false,
   "workspaces": [
     "server",
@@ -31,7 +31,16 @@
     "prepack": "npm --workspace client run build"
   },
   "dependencies": {
-    "concurrently": "^8.2.2"
+    "concurrently": "^8.2.2",
+    "docker-names": "^1.2.1",
+    "express": "^4.19.2",
+    "express-rate-limit": "^7.4.0",
+    "jsonwebtoken": "^9.0.3",
+    "multer": "^1.4.5-lts.1",
+    "node-pty": "^1.0.0",
+    "redis": "^4.7.1",
+    "sqlite3": "^5.1.7",
+    "ws": "^8.17.1"
   },
   "license": "Apache-2.0"
 }

package/server/src/index.js

@@ -45,6 +45,7 @@ import {
 } from "./services/auth.js";
 import {
   ensureDefaultMonoWorkspace,
+  applyMonoUserProviderOverridesFromEnv,
   isMonoUser,
   getWorkspacePaths,
   getWorkspaceSshPaths,
@@ -154,6 +155,7 @@ const sudoPath = process.env.VIBE80_SUDO_PATH || "sudo";
 
 await storage.init();
 await ensureDefaultMonoWorkspace();
+await applyMonoUserProviderOverridesFromEnv();
 
 // ---------------------------------------------------------------------------
 // Middleware pipeline

package/server/src/middleware/auth.js

@@ -1,9 +1,16 @@
 import crypto from "crypto";
 import fs from "fs";
+import os from "os";
 import path from "path";
 import jwt from "jsonwebtoken";
 
-const jwtKeyPath = process.env.JWT_KEY_PATH || "/var/lib/vibe80/jwt.key";
+const homeDir = process.env.HOME || os.homedir();
+const isMonoUser = process.env.DEPLOYMENT_MODE === "mono_user";
+const defaultDataDirectory = isMonoUser
+  ? path.join(homeDir, ".vibe80")
+  : "/var/lib/vibe80";
+const dataDirectory = process.env.VIBE80_DATA_DIRECTORY || defaultDataDirectory;
+const jwtKeyPath = process.env.JWT_KEY_PATH || path.join(dataDirectory, "jwt.key");
 const jwtIssuer = process.env.JWT_ISSUER || "vibe80";
 const jwtAudience = process.env.JWT_AUDIENCE || "workspace";
 const accessTokenTtlSeconds =

package/server/src/runAs.js

@@ -8,6 +8,8 @@ const SUDO_PATH = process.env.VIBE80_SUDO_PATH || "sudo";
 const DEPLOYMENT_MODE = process.env.DEPLOYMENT_MODE;
 const IS_MONO_USER = DEPLOYMENT_MODE === "mono_user";
 const WORKSPACE_ROOT_DIRECTORY = process.env.WORKSPACE_ROOT_DIRECTORY || "/workspaces";
+const MONO_USER_WORKSPACE_DIR =
+  process.env.MONO_USER_WORKSPACE_DIR || path.join(os.homedir(), "vibe80_workspace");
 const ALLOWED_ENV_KEYS = new Set([
   "GIT_SSH_COMMAND",
   "GIT_CONFIG_GLOBAL",
@@ -151,15 +153,21 @@ export const getWorkspaceHome = (workspaceId) => {
 
 export const getWorkspaceRoot = (workspaceId) =>
   (IS_MONO_USER
-    ? path.join(os.homedir(), "vibe80_workspace")
+    ? MONO_USER_WORKSPACE_DIR
     : path.join(WORKSPACE_ROOT_DIRECTORY, workspaceId));
 
 const validateCwd = (workspaceId, cwd) => {
   const resolved = path.resolve(cwd);
   const homeDir = getWorkspaceHome(workspaceId);
+  const workspaceRootDir = getWorkspaceRoot(workspaceId);
+  const inHome =
+    resolved === homeDir || resolved.startsWith(homeDir + path.sep);
+  const inWorkspaceRoot =
+    resolved === workspaceRootDir ||
+    resolved.startsWith(workspaceRootDir + path.sep);
   if (
-    resolved !== homeDir &&
-    !resolved.startsWith(homeDir + path.sep)
+    !inHome &&
+    !(IS_MONO_USER && inWorkspaceRoot)
   ) {
     throw new Error("cwd outside workspace");
   }

package/server/src/services/workspace.js

@@ -16,6 +16,8 @@ const isMonoUser = deploymentMode === "mono_user";
 const workspaceHomeBase = process.env.WORKSPACE_HOME_BASE || "/home";
 const workspaceRootBase = process.env.WORKSPACE_ROOT_DIRECTORY || "/workspaces";
 const workspaceRootName = "vibe80_workspace";
+const monoUserWorkspaceDir =
+  process.env.MONO_USER_WORKSPACE_DIR || path.join(os.homedir(), workspaceRootName);
 const workspaceSessionsDirName = "sessions";
 const rootHelperPath = process.env.VIBE80_ROOT_HELPER || "/usr/local/bin/vibe80-root";
 const sudoPath = process.env.VIBE80_SUDO_PATH || "sudo";
@@ -37,7 +39,7 @@ const runRootCommand = (args, options = {}) => {
 export const getWorkspacePaths = (workspaceId) => {
   const home = isMonoUser ? os.homedir() : path.join(workspaceHomeBase, workspaceId);
   const root = isMonoUser
-    ? path.join(home, workspaceRootName)
+    ? monoUserWorkspaceDir
     : path.join(workspaceRootBase, workspaceId);
   const sessionsDir = path.join(root, workspaceSessionsDirName);
   return {
@@ -782,6 +784,105 @@ export const ensureDefaultMonoWorkspace = async () => {
   }
 };
 
+const readEnvValue = (name) =>
+  typeof process.env[name] === "string" ? process.env[name].trim() : "";
+
+const buildMonoUserProviderOverridesFromEnv = () => {
+  const codexApiKey = readEnvValue("CODEX_API_KEY");
+  const codexAuthJsonB64Raw = process.env.CODEX_AUTH_JSON_B64;
+  const hasCodexAuthJsonB64 = typeof codexAuthJsonB64Raw === "string";
+  const codexAuthJsonB64 = hasCodexAuthJsonB64 ? codexAuthJsonB64Raw.trim() : "";
+  const claudeApiKey = readEnvValue("CLAUDE_API_KEY");
+  const claudeSetupTokenRaw = process.env.CLAUDE_SETUP_TOKEN;
+  const hasClaudeSetupToken = typeof claudeSetupTokenRaw === "string";
+  const claudeSetupToken = hasClaudeSetupToken ? claudeSetupTokenRaw.trim() : "";
+
+  const overrides = {};
+
+  if (codexApiKey && hasCodexAuthJsonB64) {
+    console.warn(
+      "[warn] Both CODEX_API_KEY and CODEX_AUTH_JSON_B64 are set; using CODEX_AUTH_JSON_B64."
+    );
+  }
+  if (hasCodexAuthJsonB64) {
+    if (!codexAuthJsonB64) {
+      console.warn(
+        "[warn] Invalid CODEX_AUTH_JSON_B64 detected; ignoring codex preprovisioning."
+      );
+    } else {
+      try {
+        const decoded = decodeBase64(codexAuthJsonB64);
+        validateCodexAuthJson(decoded);
+        overrides.codex = {
+          enabled: true,
+          auth: { type: "auth_json_b64", value: codexAuthJsonB64 },
+        };
+      } catch {
+        console.warn(
+          "[warn] Invalid CODEX_AUTH_JSON_B64 detected; ignoring codex preprovisioning."
+        );
+      }
+    }
+  } else if (codexApiKey) {
+    overrides.codex = {
+      enabled: true,
+      auth: { type: "api_key", value: codexApiKey },
+    };
+  }
+
+  if (claudeApiKey && hasClaudeSetupToken) {
+    console.warn(
+      "[warn] Both CLAUDE_API_KEY and CLAUDE_SETUP_TOKEN are set; using CLAUDE_SETUP_TOKEN."
+    );
+  }
+  if (hasClaudeSetupToken) {
+    if (!claudeSetupToken) {
+      console.warn(
+        "[warn] Invalid CLAUDE_SETUP_TOKEN detected; ignoring claude preprovisioning."
+      );
+    } else {
+      overrides.claude = {
+        enabled: true,
+        auth: { type: "setup_token", value: claudeSetupToken },
+      };
+    }
+  } else if (claudeApiKey) {
+    overrides.claude = {
+      enabled: true,
+      auth: { type: "api_key", value: claudeApiKey },
+    };
+  }
+
+  return overrides;
+};
+
+export const applyMonoUserProviderOverridesFromEnv = async () => {
+  if (!isMonoUser) {
+    return;
+  }
+  const overrides = buildMonoUserProviderOverridesFromEnv();
+  if (Object.keys(overrides).length === 0) {
+    return;
+  }
+  const workspaceId = "default";
+  const existing = await storage.getWorkspace(workspaceId);
+  if (!existing) {
+    return;
+  }
+  const mergedProviders = mergeProvidersForUpdate(existing.providers || {}, overrides);
+  const ids = await getWorkspaceUserIds(workspaceId);
+  await writeWorkspaceProviderAuth(workspaceId, mergedProviders);
+  await persistWorkspaceRecord({
+    workspaceId,
+    providers: mergedProviders,
+    ids,
+    existing,
+  });
+  await appendAuditLog(workspaceId, "workspace_providers_preprovisioned_from_env", {
+    providers: Object.keys(overrides),
+  });
+};
+
 export const createWorkspace = async (providers) => {
   const validationError = validateProvidersConfig(providers);
   if (validationError) {

package/server/src/storage/sqlite.js

@@ -1,4 +1,5 @@
 import fs from "fs";
+import os from "os";
 import path from "path";
 import sqlite3 from "sqlite3";
 
@@ -70,7 +71,13 @@ const all = (db, sql, params = []) =>
   });
 
 export const createSqliteStorage = () => {
-  const dbPath = process.env.SQLITE_PATH || "/var/lib/vibe80/base.sqlite";
+  const homeDir = process.env.HOME || os.homedir();
+  const isMonoUser = process.env.DEPLOYMENT_MODE === "mono_user";
+  const defaultDataDirectory = isMonoUser
+    ? path.join(homeDir, ".vibe80")
+    : "/var/lib/vibe80";
+  const dataDirectory = process.env.VIBE80_DATA_DIRECTORY || defaultDataDirectory;
+  const dbPath = process.env.SQLITE_PATH || path.join(dataDirectory, "base.sqlite");
   const resolvedPath = path.resolve(dbPath);
   const dir = path.dirname(resolvedPath);
   fs.mkdirSync(dir, { recursive: true, mode: 0o750 });