npm - @vibe80/vibe80 - Versions diffs - 0.1.3 → 0.1.7 - Mend

@vibe80/vibe80 0.1.3 → 0.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/bin/vibe80.js +1 -2
package/package.json +1 -1
package/server/src/index.js +2 -0
package/server/src/middleware/auth.js +8 -1
package/server/src/runAs.js +11 -3
package/server/src/services/workspace.js +102 -1
package/server/src/storage/sqlite.js +8 -1

package/bin/vibe80.js CHANGED Viewed

@@ -14,9 +14,8 @@ const monoAuthUrlFile = path.join(
 );
 const defaultEnv = {
   DEPLOYMENT_MODE: "mono_user",
-  JWT_KEY_PATH: path.join(homeDir, ".vibe80", "jwt.key"),
+  VIBE80_DATA_DIRECTORY: path.join(homeDir, ".vibe80"),
   STORAGE_BACKEND: "sqlite",
-  SQLITE_PATH: path.join(homeDir, ".vibe80", "data.sqlite"),
 };
 const deploymentMode = process.env.DEPLOYMENT_MODE || defaultEnv.DEPLOYMENT_MODE;
 const serverPort = process.env.PORT || "5179";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vibe80/vibe80",
-  "version": "0.1.3",
+  "version": "0.1.7",
   "private": false,
   "workspaces": [
     "server",

package/server/src/index.js CHANGED Viewed

@@ -45,6 +45,7 @@ import {
 } from "./services/auth.js";
 import {
   ensureDefaultMonoWorkspace,
+  applyMonoUserProviderOverridesFromEnv,
   isMonoUser,
   getWorkspacePaths,
   getWorkspaceSshPaths,
@@ -154,6 +155,7 @@ const sudoPath = process.env.VIBE80_SUDO_PATH || "sudo";
 await storage.init();
 await ensureDefaultMonoWorkspace();
+await applyMonoUserProviderOverridesFromEnv();
 // ---------------------------------------------------------------------------
 // Middleware pipeline

package/server/src/middleware/auth.js CHANGED Viewed

@@ -1,9 +1,16 @@
 import crypto from "crypto";
 import fs from "fs";
+import os from "os";
 import path from "path";
 import jwt from "jsonwebtoken";
-const jwtKeyPath = process.env.JWT_KEY_PATH || "/var/lib/vibe80/jwt.key";
+const homeDir = process.env.HOME || os.homedir();
+const isMonoUser = process.env.DEPLOYMENT_MODE === "mono_user";
+const defaultDataDirectory = isMonoUser
+  ? path.join(homeDir, ".vibe80")
+  : "/var/lib/vibe80";
+const dataDirectory = process.env.VIBE80_DATA_DIRECTORY || defaultDataDirectory;
+const jwtKeyPath = process.env.JWT_KEY_PATH || path.join(dataDirectory, "jwt.key");
 const jwtIssuer = process.env.JWT_ISSUER || "vibe80";
 const jwtAudience = process.env.JWT_AUDIENCE || "workspace";
 const accessTokenTtlSeconds =

package/server/src/runAs.js CHANGED Viewed

@@ -8,6 +8,8 @@ const SUDO_PATH = process.env.VIBE80_SUDO_PATH || "sudo";
 const DEPLOYMENT_MODE = process.env.DEPLOYMENT_MODE;
 const IS_MONO_USER = DEPLOYMENT_MODE === "mono_user";
 const WORKSPACE_ROOT_DIRECTORY = process.env.WORKSPACE_ROOT_DIRECTORY || "/workspaces";
+const MONO_USER_WORKSPACE_DIR =
+  process.env.MONO_USER_WORKSPACE_DIR || path.join(os.homedir(), "vibe80_workspace");
 const ALLOWED_ENV_KEYS = new Set([
   "GIT_SSH_COMMAND",
   "GIT_CONFIG_GLOBAL",
@@ -151,15 +153,21 @@ export const getWorkspaceHome = (workspaceId) => {
 export const getWorkspaceRoot = (workspaceId) =>
   (IS_MONO_USER
-    ? path.join(os.homedir(), "vibe80_workspace")
+    ? MONO_USER_WORKSPACE_DIR
     : path.join(WORKSPACE_ROOT_DIRECTORY, workspaceId));
 const validateCwd = (workspaceId, cwd) => {
   const resolved = path.resolve(cwd);
   const homeDir = getWorkspaceHome(workspaceId);
+  const workspaceRootDir = getWorkspaceRoot(workspaceId);
+  const inHome =
+    resolved === homeDir || resolved.startsWith(homeDir + path.sep);
+  const inWorkspaceRoot =
+    resolved === workspaceRootDir ||
+    resolved.startsWith(workspaceRootDir + path.sep);
   if (
-    resolved !== homeDir &&
-    !resolved.startsWith(homeDir + path.sep)
+    !inHome &&
+    !(IS_MONO_USER && inWorkspaceRoot)
   ) {
     throw new Error("cwd outside workspace");
   }

package/server/src/services/workspace.js CHANGED Viewed

@@ -16,6 +16,8 @@ const isMonoUser = deploymentMode === "mono_user";
 const workspaceHomeBase = process.env.WORKSPACE_HOME_BASE || "/home";
 const workspaceRootBase = process.env.WORKSPACE_ROOT_DIRECTORY || "/workspaces";
 const workspaceRootName = "vibe80_workspace";
+const monoUserWorkspaceDir =
+  process.env.MONO_USER_WORKSPACE_DIR || path.join(os.homedir(), workspaceRootName);
 const workspaceSessionsDirName = "sessions";
 const rootHelperPath = process.env.VIBE80_ROOT_HELPER || "/usr/local/bin/vibe80-root";
 const sudoPath = process.env.VIBE80_SUDO_PATH || "sudo";
@@ -37,7 +39,7 @@ const runRootCommand = (args, options = {}) => {
 export const getWorkspacePaths = (workspaceId) => {
   const home = isMonoUser ? os.homedir() : path.join(workspaceHomeBase, workspaceId);
   const root = isMonoUser
-    ? path.join(home, workspaceRootName)
+    ? monoUserWorkspaceDir
     : path.join(workspaceRootBase, workspaceId);
   const sessionsDir = path.join(root, workspaceSessionsDirName);
   return {
@@ -782,6 +784,105 @@ export const ensureDefaultMonoWorkspace = async () => {
   }
 };
+const readEnvValue = (name) =>
+  typeof process.env[name] === "string" ? process.env[name].trim() : "";
+const buildMonoUserProviderOverridesFromEnv = () => {
+  const codexApiKey = readEnvValue("CODEX_API_KEY");
+  const codexAuthJsonB64Raw = process.env.CODEX_AUTH_JSON_B64;
+  const hasCodexAuthJsonB64 = typeof codexAuthJsonB64Raw === "string";
+  const codexAuthJsonB64 = hasCodexAuthJsonB64 ? codexAuthJsonB64Raw.trim() : "";
+  const claudeApiKey = readEnvValue("CLAUDE_API_KEY");
+  const claudeSetupTokenRaw = process.env.CLAUDE_SETUP_TOKEN;
+  const hasClaudeSetupToken = typeof claudeSetupTokenRaw === "string";
+  const claudeSetupToken = hasClaudeSetupToken ? claudeSetupTokenRaw.trim() : "";
+  const overrides = {};
+  if (codexApiKey && hasCodexAuthJsonB64) {
+    console.warn(
+      "[warn] Both CODEX_API_KEY and CODEX_AUTH_JSON_B64 are set; using CODEX_AUTH_JSON_B64."
+    );
+  }
+  if (hasCodexAuthJsonB64) {
+    if (!codexAuthJsonB64) {
+      console.warn(
+        "[warn] Invalid CODEX_AUTH_JSON_B64 detected; ignoring codex preprovisioning."
+      );
+    } else {
+      try {
+        const decoded = decodeBase64(codexAuthJsonB64);
+        validateCodexAuthJson(decoded);
+        overrides.codex = {
+          enabled: true,
+          auth: { type: "auth_json_b64", value: codexAuthJsonB64 },
+        };
+      } catch {
+        console.warn(
+          "[warn] Invalid CODEX_AUTH_JSON_B64 detected; ignoring codex preprovisioning."
+        );
+      }
+    }
+  } else if (codexApiKey) {
+    overrides.codex = {
+      enabled: true,
+      auth: { type: "api_key", value: codexApiKey },
+    };
+  }
+  if (claudeApiKey && hasClaudeSetupToken) {
+    console.warn(
+      "[warn] Both CLAUDE_API_KEY and CLAUDE_SETUP_TOKEN are set; using CLAUDE_SETUP_TOKEN."
+    );
+  }
+  if (hasClaudeSetupToken) {
+    if (!claudeSetupToken) {
+      console.warn(
+        "[warn] Invalid CLAUDE_SETUP_TOKEN detected; ignoring claude preprovisioning."
+      );
+    } else {
+      overrides.claude = {
+        enabled: true,
+        auth: { type: "setup_token", value: claudeSetupToken },
+      };
+    }
+  } else if (claudeApiKey) {
+    overrides.claude = {
+      enabled: true,
+      auth: { type: "api_key", value: claudeApiKey },
+    };
+  }
+  return overrides;
+};
+export const applyMonoUserProviderOverridesFromEnv = async () => {
+  if (!isMonoUser) {
+    return;
+  }
+  const overrides = buildMonoUserProviderOverridesFromEnv();
+  if (Object.keys(overrides).length === 0) {
+    return;
+  }
+  const workspaceId = "default";
+  const existing = await storage.getWorkspace(workspaceId);
+  if (!existing) {
+    return;
+  }
+  const mergedProviders = mergeProvidersForUpdate(existing.providers || {}, overrides);
+  const ids = await getWorkspaceUserIds(workspaceId);
+  await writeWorkspaceProviderAuth(workspaceId, mergedProviders);
+  await persistWorkspaceRecord({
+    workspaceId,
+    providers: mergedProviders,
+    ids,
+    existing,
+  });
+  await appendAuditLog(workspaceId, "workspace_providers_preprovisioned_from_env", {
+    providers: Object.keys(overrides),
+  });
+};
 export const createWorkspace = async (providers) => {
   const validationError = validateProvidersConfig(providers);
   if (validationError) {

package/server/src/storage/sqlite.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import fs from "fs";
+import os from "os";
 import path from "path";
 import sqlite3 from "sqlite3";
@@ -70,7 +71,13 @@ const all = (db, sql, params = []) =>
   });
 export const createSqliteStorage = () => {
-  const dbPath = process.env.SQLITE_PATH || "/var/lib/vibe80/base.sqlite";
+  const homeDir = process.env.HOME || os.homedir();
+  const isMonoUser = process.env.DEPLOYMENT_MODE === "mono_user";
+  const defaultDataDirectory = isMonoUser
+    ? path.join(homeDir, ".vibe80")
+    : "/var/lib/vibe80";
+  const dataDirectory = process.env.VIBE80_DATA_DIRECTORY || defaultDataDirectory;
+  const dbPath = process.env.SQLITE_PATH || path.join(dataDirectory, "base.sqlite");
   const resolvedPath = path.resolve(dbPath);
   const dir = path.dirname(resolvedPath);
   fs.mkdirSync(dir, { recursive: true, mode: 0o750 });