@vibe80/vibe80 0.2.0 → 0.2.2

package/server/src/routes/sessions.js

@@ -21,6 +21,7 @@ import {
   getSession,
   touchSession,
   createSession,
+  updateSessionAuth,
   cleanupSession,
   getRepoDiff,
   getCurrentBranch,
@@ -46,6 +47,59 @@ export default function sessionRoutes(deps) {
   } = deps;
 
   const router = Router();
+  const buildSessionResponse = async (session) => {
+    const repoDiff = await getRepoDiff(session);
+    const activeProvider = session.activeProvider || "codex";
+    const enabledProviders = await resolveEnabledProviders(session.workspaceId);
+    return {
+      sessionId: session.sessionId,
+      workspaceId: session.workspaceId,
+      path: session.dir,
+      repoUrl: session.repoUrl,
+      name: session.name || "",
+      defaultProvider: activeProvider,
+      providers: enabledProviders,
+      defaultInternetAccess:
+        typeof session.defaultInternetAccess === "boolean"
+          ? session.defaultInternetAccess
+          : true,
+      defaultDenyGitCredentialsAccess: resolveDefaultDenyGitCredentialsAccess(session),
+      repoDiff,
+      rpcLogsEnabled: debugApiWsLog,
+      rpcLogs: debugApiWsLog ? session.rpcLogs || [] : [],
+      terminalEnabled,
+    };
+  };
+
+  const restartMainProvider = async (session) => {
+    const provider = session.activeProvider || "codex";
+    const client = await getOrCreateClient(session, provider);
+    if (!client) {
+      return;
+    }
+    if (typeof session.defaultInternetAccess === "boolean") {
+      client.internetAccess = session.defaultInternetAccess;
+    }
+    client.denyGitCredentialsAccess = resolveDefaultDenyGitCredentialsAccess(session);
+    client.gitDir = session.gitDir || client.gitDir || null;
+    const status = typeof client.getStatus === "function" ? client.getStatus() : "";
+    if (status === "idle" && typeof client.restart === "function") {
+      await client.restart();
+      return;
+    }
+    if (
+      (status === "stopped" || !status) &&
+      !client.ready &&
+      !client.proc &&
+      typeof client.start === "function"
+    ) {
+      await client.start();
+      return;
+    }
+    if (typeof client.requestRestart === "function") {
+      client.requestRestart();
+    }
+  };
   const resolveEnabledProviders = async (workspaceId) => {
     try {
       const workspaceConfig = await readWorkspaceConfig(workspaceId);
@@ -144,27 +198,85 @@ export default function sessionRoutes(deps) {
       return;
     }
     await touchSession(session);
-    const repoDiff = await getRepoDiff(session);
-    const activeProvider = session.activeProvider || "codex";
-    const enabledProviders = await resolveEnabledProviders(session.workspaceId);
-    res.json({
-      sessionId: req.params.sessionId,
-      workspaceId: session.workspaceId,
-      path: session.dir,
-      repoUrl: session.repoUrl,
-      name: session.name || "",
-      defaultProvider: activeProvider,
-      providers: enabledProviders,
-      defaultInternetAccess:
-        typeof session.defaultInternetAccess === "boolean"
-          ? session.defaultInternetAccess
-          : true,
-      defaultDenyGitCredentialsAccess: resolveDefaultDenyGitCredentialsAccess(session),
-      repoDiff,
-      rpcLogsEnabled: debugApiWsLog,
-      rpcLogs: debugApiWsLog ? session.rpcLogs || [] : [],
-      terminalEnabled,
-    });
+    res.json(await buildSessionResponse(session));
+  });
+
+  router.patch("/sessions/:sessionId", async (req, res) => {
+    const session = await getSession(req.params.sessionId, req.workspaceId);
+    if (!session) {
+      res.status(404).json({ error: "Session not found." });
+      return;
+    }
+    await touchSession(session);
+
+    const hasName = Object.prototype.hasOwnProperty.call(req.body || {}, "name");
+    const hasAuth = Object.prototype.hasOwnProperty.call(req.body || {}, "auth");
+    const hasInternet = Object.prototype.hasOwnProperty.call(req.body || {}, "defaultInternetAccess");
+    const hasDeny = Object.prototype.hasOwnProperty.call(
+      req.body || {},
+      "defaultDenyGitCredentialsAccess"
+    );
+    if (!hasName && !hasAuth && !hasInternet && !hasDeny) {
+      res.status(400).json({ error: "No updatable fields provided." });
+      return;
+    }
+
+    let updated = { ...session };
+    const changes = {};
+
+    try {
+      if (hasName) {
+        const name = typeof req.body?.name === "string" ? req.body.name.trim() : "";
+        if (!name) {
+          res.status(400).json({ error: "name is required." });
+          return;
+        }
+        updated.name = name;
+        changes.name = name;
+      }
+
+      if (hasInternet) {
+        if (typeof req.body?.defaultInternetAccess !== "boolean") {
+          res.status(400).json({ error: "defaultInternetAccess must be a boolean." });
+          return;
+        }
+        updated.defaultInternetAccess = req.body.defaultInternetAccess;
+        changes.defaultInternetAccess = req.body.defaultInternetAccess;
+      }
+
+      if (hasDeny) {
+        if (typeof req.body?.defaultDenyGitCredentialsAccess !== "boolean") {
+          res.status(400).json({ error: "defaultDenyGitCredentialsAccess must be a boolean." });
+          return;
+        }
+        updated.defaultDenyGitCredentialsAccess = req.body.defaultDenyGitCredentialsAccess;
+        changes.defaultDenyGitCredentialsAccess = req.body.defaultDenyGitCredentialsAccess;
+      }
+
+      if (hasAuth) {
+        const auth = req.body?.auth;
+        if (!auth || typeof auth !== "object" || Array.isArray(auth)) {
+          res.status(400).json({ error: "auth object is required." });
+          return;
+        }
+        updated = await updateSessionAuth(updated, auth);
+        changes.authUpdated = true;
+      }
+
+      updated.lastActivityAt = Date.now();
+      await storage.saveSession(session.sessionId, updated);
+      await restartMainProvider(updated);
+
+      const runtimePayload = await buildSessionResponse(updated);
+      res.json(runtimePayload);
+      broadcastToSession(session.sessionId, {
+        type: "session_updated",
+        sessionId: session.sessionId,
+        changes,
+      });
+    } catch (error) {
+      res.status(400).json({ error: error?.message || "Failed to update session." });
+    }
   });
 
   router.delete("/sessions/:sessionId", async (req, res) => {

package/server/src/routes/workspaces.js

@@ -89,7 +89,7 @@ const restartCodexClientsForWorkspace = async (workspaceId) => {
 
 export default function workspaceRoutes() {
   const router = Router();
-  const deploymentMode = process.env.DEPLOYMENT_MODE;
+  const deploymentMode = process.env.VIBE80_DEPLOYMENT_MODE;
 
   router.post("/workspaces", async (req, res) => {
     if (deploymentMode === "mono_user") {

package/server/src/runAs.js

@@ -5,11 +5,11 @@ import { GIT_HOOKS_DIR } from "./config.js";
 
 const RUN_AS_HELPER = process.env.VIBE80_RUN_AS_HELPER || "/usr/local/bin/vibe80-run-as";
 const SUDO_PATH = process.env.VIBE80_SUDO_PATH || "sudo";
-const DEPLOYMENT_MODE = process.env.DEPLOYMENT_MODE;
-const IS_MONO_USER = DEPLOYMENT_MODE === "mono_user";
-const WORKSPACE_ROOT_DIRECTORY = process.env.WORKSPACE_ROOT_DIRECTORY || "/workspaces";
-const MONO_USER_WORKSPACE_DIR =
-  process.env.MONO_USER_WORKSPACE_DIR || path.join(os.homedir(), "vibe80_workspace");
+const VIBE80_DEPLOYMENT_MODE = process.env.VIBE80_DEPLOYMENT_MODE;
+const IS_MONO_USER = VIBE80_DEPLOYMENT_MODE === "mono_user";
+const VIBE80_WORKSPACE_ROOT_DIRECTORY = process.env.VIBE80_WORKSPACE_ROOT_DIRECTORY || "/workspaces";
+const VIBE80_MONO_USER_WORKSPACE_DIR =
+  process.env.VIBE80_MONO_USER_WORKSPACE_DIR || path.join(os.homedir(), "vibe80_workspace");
 const ALLOWED_ENV_KEYS = new Set([
   "GIT_SSH_COMMAND",
   "GIT_CONFIG_GLOBAL",
@@ -147,14 +147,14 @@ const buildRunEnv = (options = {}) => {
 };
 
 export const getWorkspaceHome = (workspaceId) => {
-  const homeBase = process.env.WORKSPACE_HOME_BASE || "/home";
+  const homeBase = process.env.VIBE80_WORKSPACE_HOME_BASE || "/home";
   return IS_MONO_USER ? os.homedir() : path.join(homeBase, workspaceId);
 };
 
 export const getWorkspaceRoot = (workspaceId) =>
   (IS_MONO_USER
-    ? MONO_USER_WORKSPACE_DIR
-    : path.join(WORKSPACE_ROOT_DIRECTORY, workspaceId));
+    ? VIBE80_MONO_USER_WORKSPACE_DIR
+    : path.join(VIBE80_WORKSPACE_ROOT_DIRECTORY, workspaceId));
 
 const validateCwd = (workspaceId, cwd) => {
   const resolved = path.resolve(cwd);
@@ -311,7 +311,7 @@ export const runAsCommand = (workspaceId, command, args, options = {}) =>
         ).catch((error) => {
           const details = [
             "run-as failed",
-            `mode=${DEPLOYMENT_MODE || "unknown"}`,
+            `mode=${VIBE80_DEPLOYMENT_MODE || "unknown"}`,
             `sudo=${SUDO_PATH}`,
             `helper=${RUN_AS_HELPER}`,
             `workspace=${workspaceId}`,
@@ -329,7 +329,7 @@ export const runAsCommand = (workspaceId, command, args, options = {}) =>
     const envPairs = collectEnvPairs(options.env || {});
     const details = [
       "run-as failed",
-      `mode=${DEPLOYMENT_MODE || "unknown"}`,
+      `mode=${VIBE80_DEPLOYMENT_MODE || "unknown"}`,
       IS_MONO_USER ? null : `sudo=${SUDO_PATH}`,
       IS_MONO_USER ? null : `helper=${RUN_AS_HELPER}`,
       `workspace=${workspaceId}`,
@@ -372,7 +372,7 @@ export const runAsCommandOutput = (workspaceId, command, args, options = {}) =>
         ).catch((error) => {
           const details = [
             "run-as output failed",
-            `mode=${DEPLOYMENT_MODE || "unknown"}`,
+            `mode=${VIBE80_DEPLOYMENT_MODE || "unknown"}`,
             `sudo=${SUDO_PATH}`,
             `helper=${RUN_AS_HELPER}`,
             `workspace=${workspaceId}`,
@@ -390,7 +390,7 @@ export const runAsCommandOutput = (workspaceId, command, args, options = {}) =>
     const envPairs = collectEnvPairs(options.env || {});
     const details = [
       "run-as output failed",
-      `mode=${DEPLOYMENT_MODE || "unknown"}`,
+      `mode=${VIBE80_DEPLOYMENT_MODE || "unknown"}`,
       IS_MONO_USER ? null : `sudo=${SUDO_PATH}`,
       IS_MONO_USER ? null : `helper=${RUN_AS_HELPER}`,
       `workspace=${workspaceId}`,
@@ -433,7 +433,7 @@ export const runAsCommandOutputWithStatus = (workspaceId, command, args, options
         ).catch((error) => {
           const details = [
             "run-as output failed",
-            `mode=${DEPLOYMENT_MODE || "unknown"}`,
+            `mode=${VIBE80_DEPLOYMENT_MODE || "unknown"}`,
             `sudo=${SUDO_PATH}`,
             `helper=${RUN_AS_HELPER}`,
             `workspace=${workspaceId}`,
@@ -451,7 +451,7 @@ export const runAsCommandOutputWithStatus = (workspaceId, command, args, options
     const envPairs = collectEnvPairs(options.env || {});
     const details = [
       "run-as output failed",
-      `mode=${DEPLOYMENT_MODE || "unknown"}`,
+      `mode=${VIBE80_DEPLOYMENT_MODE || "unknown"}`,
       IS_MONO_USER ? null : `sudo=${SUDO_PATH}`,
       IS_MONO_USER ? null : `helper=${RUN_AS_HELPER}`,
       `workspace=${workspaceId}`,

package/server/src/services/auth.js

@@ -3,12 +3,12 @@ import { createWorkspaceToken, accessTokenTtlSeconds } from "../middleware/auth.
 import { generateId, hashRefreshToken, generateRefreshToken } from "../helpers.js";
 
 const refreshTokenTtlSeconds =
-  Number(process.env.REFRESH_TOKEN_TTL_SECONDS) || 30 * 24 * 60 * 60;
+  Number(process.env.VIBE80_REFRESH_TOKEN_TTL_SECONDS) || 30 * 24 * 60 * 60;
 const refreshTokenTtlMs = refreshTokenTtlSeconds * 1000;
 const handoffTokenTtlMs =
-  Number(process.env.HANDOFF_TOKEN_TTL_MS) || 120 * 1000;
+  Number(process.env.VIBE80_HANDOFF_TOKEN_TTL_MS) || 120 * 1000;
 const monoAuthTokenTtlMs =
-  Number(process.env.MONO_AUTH_TOKEN_TTL_MS) || 5 * 60 * 1000;
+  Number(process.env.VIBE80_MONO_AUTH_TOKEN_TTL_MS) || 5 * 60 * 1000;
 
 export const handoffTokens = new Map();
 const monoAuthTokens = new Map();

package/server/src/services/session.js

@@ -18,8 +18,8 @@ import {
 } from "../helpers.js";
 import { debugApiWsLog } from "../middleware/debug.js";
 import {
-  DEFAULT_GIT_AUTHOR_NAME,
-  DEFAULT_GIT_AUTHOR_EMAIL,
+  VIBE80_DEFAULT_GIT_AUTHOR_NAME,
+  VIBE80_DEFAULT_GIT_AUTHOR_EMAIL,
   GIT_HOOKS_DIR,
 } from "../config.js";
 import {
@@ -60,12 +60,27 @@ import {
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
+const parseSessionTtlSeconds = (value) => {
+  if (value == null) {
+    return 0;
+  }
+  const trimmed = String(value).trim();
+  if (!trimmed) {
+    return 0;
+  }
+  const parsed = Number(trimmed);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return 0;
+  }
+  return parsed;
+};
+
 const sessionGcIntervalMs =
-  Number(process.env.SESSION_GC_INTERVAL_MS) || 5 * 60 * 1000;
+  Number(process.env.VIBE80_SESSION_GC_INTERVAL_MS) || 5 * 60 * 1000;
 const sessionIdleTtlMs =
-  Number(process.env.SESSION_IDLE_TTL_MS) || 24 * 60 * 60 * 1000;
+  parseSessionTtlSeconds(process.env.VIBE80_SESSION_IDLE_TTL_SECONDS) * 1000;
 const sessionMaxTtlMs =
-  Number(process.env.SESSION_MAX_TTL_MS) || 7 * 24 * 60 * 60 * 1000;
+  parseSessionTtlSeconds(process.env.VIBE80_SESSION_MAX_TTL_SECONDS) * 1000;
 export const sessionIdPattern = /^s[0-9a-f]{24}$/;
 
 const TREE_IGNORED_NAMES = new Set([
@@ -94,6 +109,16 @@ export { modelCache, modelCacheTtlMs };
 
 export { sessionGcIntervalMs };
 
+const parseCloneDepth = (value) => {
+  const parsed = Number.parseInt(String(value ?? "").trim(), 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return 50;
+  }
+  return parsed;
+};
+
+const cloneDepth = parseCloneDepth(process.env.VIBE80_CLONE_DEPTH);
+
 // ---------------------------------------------------------------------------
 // Session env / command helpers
 // ---------------------------------------------------------------------------
@@ -269,6 +294,20 @@ const normalizeRemoteBranches = (output, remote) =>
       ref.startsWith(`${remote}/`) ? ref.slice(remote.length + 1) : ref
     );
 
+const parseLsRemoteBranches = (output) =>
+  output
+    .split(/\r?\n/)
+    .map((line) => line.trim())
+    .filter(Boolean)
+    .map((line) => {
+      const [, ref] = line.split(/\s+/);
+      if (!ref || !ref.startsWith("refs/heads/")) {
+        return "";
+      }
+      return ref.slice("refs/heads/".length).trim();
+    })
+    .filter(Boolean);
+
 export const getCurrentBranch = async (session) => {
   const output = await runSessionCommandOutput(
     session,
@@ -292,10 +331,7 @@ export const getLastCommit = async (session, cwd) => {
 };
 
 export const getBranchInfo = async (session, remote = "origin") => {
-  await runSessionCommand(session, "git", ["fetch", "--prune"], {
-    cwd: session.repoDir,
-  });
-  const [current, branchesOutput] = await Promise.all([
+  const [current, localBranchesOutput, remoteBranchesOutput] = await Promise.all([
     getCurrentBranch(session),
     runSessionCommandOutput(
       session,
@@ -303,11 +339,20 @@ export const getBranchInfo = async (session, remote = "origin") => {
       ["for-each-ref", "--format=%(refname:short)", `refs/remotes/${remote}`],
       { cwd: session.repoDir }
     ),
+    runSessionCommandOutput(
+      session,
+      "git",
+      ["ls-remote", "--heads", "--refs", remote],
+      { cwd: session.repoDir }
+    ).catch(() => ""),
   ]);
+  const localBranches = normalizeRemoteBranches(localBranchesOutput, remote);
+  const remoteBranches = parseLsRemoteBranches(remoteBranchesOutput);
+  const branches = Array.from(new Set([...localBranches, ...remoteBranches])).sort();
   return {
     current,
     remote,
-    branches: normalizeRemoteBranches(branchesOutput, remote).sort(),
+    branches,
   };
 };
 
@@ -450,7 +495,20 @@ export const createSession = async (
         );
         await runAsCommand(workspaceId, "/bin/rm", ["-f", credInputPath]);
       }
-      const cloneArgs = ["clone", repoUrl, repoDir];
+      const cloneArgs = [
+        "-c",
+        "http.version=HTTP/2",
+        "-c",
+        "fetch.parallel=10",
+        "clone",
+        "--depth",
+        String(cloneDepth),
+        "--filter=blob:none",
+        "--single-branch",
+        "--no-tags",
+        repoUrl,
+        repoDir,
+      ];
       const cloneEnv = { ...env };
       const cloneCmd = [];
       if (auth?.type === "http" && auth.username && auth.password) {
@@ -482,17 +540,17 @@ export const createSession = async (
           { cwd: repoDir }
         );
       }
-      if (DEFAULT_GIT_AUTHOR_NAME && DEFAULT_GIT_AUTHOR_EMAIL) {
+      if (VIBE80_DEFAULT_GIT_AUTHOR_NAME && VIBE80_DEFAULT_GIT_AUTHOR_EMAIL) {
         await runAsCommand(
           workspaceId,
           "git",
-          ["-C", repoDir, "config", "user.name", DEFAULT_GIT_AUTHOR_NAME],
+          ["-C", repoDir, "config", "user.name", VIBE80_DEFAULT_GIT_AUTHOR_NAME],
           { env }
         );
         await runAsCommand(
           workspaceId,
           "git",
-          ["-C", repoDir, "config", "user.email", DEFAULT_GIT_AUTHOR_EMAIL],
+          ["-C", repoDir, "config", "user.email", VIBE80_DEFAULT_GIT_AUTHOR_EMAIL],
           { env }
         );
       }
@@ -599,6 +657,116 @@ export const createSession = async (
   }
 };
 
+export const updateSessionAuth = async (session, auth) => {
+  if (!session) {
+    throw new Error("Invalid session.");
+  }
+  const authType = typeof auth?.type === "string" ? auth.type.trim() : "";
+  if (authType !== "none" && authType !== "ssh" && authType !== "http") {
+    throw new Error("Invalid auth type.");
+  }
+
+  const gitCredsDir = session.gitDir || path.join(session.dir, "git");
+  const sshPaths = getWorkspaceSshPaths(getWorkspacePaths(session.workspaceId).homeDir);
+  const credentialFile = path.join(gitCredsDir, "git-credentials");
+  const credentialInputFile = path.join(gitCredsDir, "git-credential-input");
+  const next = {
+    ...session,
+    gitDir: gitCredsDir,
+    sshKeyPath: null,
+    lastActivityAt: Date.now(),
+  };
+
+  await runAsCommand(session.workspaceId, "/bin/mkdir", ["-p", gitCredsDir]);
+  await runAsCommand(session.workspaceId, "/bin/chmod", ["2750", gitCredsDir]);
+
+  if (session.sshKeyPath) {
+    await runAsCommand(session.workspaceId, "/bin/rm", ["-f", session.sshKeyPath]).catch(() => {});
+  }
+  await runAsCommand(session.workspaceId, "/bin/rm", ["-f", credentialFile]).catch(() => {});
+  await runAsCommand(session.workspaceId, "/bin/rm", ["-f", credentialInputFile]).catch(() => {});
+  await runAsCommand(
+    session.workspaceId,
+    "git",
+    ["-C", session.repoDir, "config", "--unset-all", "core.sshCommand"]
+  ).catch(() => {});
+  await runAsCommand(
+    session.workspaceId,
+    "git",
+    ["-C", session.repoDir, "config", "--unset-all", "credential.helper"]
+  ).catch(() => {});
+
+  if (authType === "none") {
+    return next;
+  }
+
+  if (authType === "ssh") {
+    const privateKey = typeof auth?.privateKey === "string" ? auth.privateKey.trim() : "";
+    if (!privateKey) {
+      throw new Error("SSH private key is required.");
+    }
+    await ensureWorkspaceDir(session.workspaceId, sshPaths.sshDir, 0o700);
+    const keyPath = path.join(gitCredsDir, `ssh-key-${session.sessionId}`);
+    await writeWorkspaceFile(session.workspaceId, keyPath, `${privateKey}\n`, 0o600);
+    await ensureKnownHost(session.workspaceId, session.repoUrl, sshPaths);
+    await runAsCommand(
+      session.workspaceId,
+      "git",
+      [
+        "-C",
+        session.repoDir,
+        "config",
+        "core.sshCommand",
+        `ssh -i ${keyPath} -o IdentitiesOnly=yes`,
+      ]
+    );
+    return {
+      ...next,
+      sshKeyPath: keyPath,
+    };
+  }
+
+  const username = typeof auth?.username === "string" ? auth.username.trim() : "";
+  const password = typeof auth?.password === "string" ? auth.password : "";
+  if (!username || !password) {
+    throw new Error("HTTP username and password are required.");
+  }
+  const authInfo = resolveHttpAuthInfo(session.repoUrl);
+  if (!authInfo) {
+    throw new Error("Invalid HTTP repository URL for credential auth.");
+  }
+  const credentialPayload = [
+    `protocol=${authInfo.protocol}`,
+    `host=${authInfo.host}`,
+    `username=${username}`,
+    `password=${password}`,
+    "",
+    "",
+  ].join("\n");
+  await writeWorkspaceFile(session.workspaceId, credentialFile, "", 0o600);
+  await writeWorkspaceFile(session.workspaceId, credentialInputFile, credentialPayload, 0o600);
+  await runAsCommand(
+    session.workspaceId,
+    "git",
+    ["-c", `credential.helper=store --file ${credentialFile}`, "credential", "approve"],
+    { input: credentialPayload }
+  );
+  await runAsCommand(session.workspaceId, "/bin/rm", ["-f", credentialInputFile]).catch(() => {});
+  await runAsCommand(
+    session.workspaceId,
+    "git",
+    [
+      "-C",
+      session.repoDir,
+      "config",
+      "--add",
+      "credential.helper",
+      `store --file ${credentialFile}`,
+    ]
+  );
+  return next;
+};
+
 // ---------------------------------------------------------------------------
 // Message helpers
 // ---------------------------------------------------------------------------