@xortex/xcode 3.1.2 → 3.1.3

package/outputStyles/loadOutputStylesDir.ts

@@ -0,0 +1,98 @@
+import memoize from 'lodash-es/memoize.js'
+import { basename } from 'path'
+import type { OutputStyleConfig } from '../constants/outputStyles.js'
+import { logForDebugging } from '../utils/debug.js'
+import { coerceDescriptionToString } from '../utils/frontmatterParser.js'
+import { logError } from '../utils/log.js'
+import {
+  extractDescriptionFromMarkdown,
+  loadMarkdownFilesForSubdir,
+} from '../utils/markdownConfigLoader.js'
+import { clearPluginOutputStyleCache } from '../utils/plugins/loadPluginOutputStyles.js'
+
+/**
+ * Loads markdown files from .claude/output-styles directories throughout the project
+ * and from ~/.claude/output-styles directory and converts them to output styles.
+ *
+ * Each filename becomes a style name, and the file content becomes the style prompt.
+ * The frontmatter provides name and description.
+ *
+ * Structure:
+ * - Project .claude/output-styles/*.md -> project styles
+ * - User ~/.claude/output-styles/*.md -> user styles (overridden by project styles)
+ *
+ * @param cwd Current working directory for project directory traversal
+ */
+export const getOutputStyleDirStyles = memoize(
+  async (cwd: string): Promise<OutputStyleConfig[]> => {
+    try {
+      const markdownFiles = await loadMarkdownFilesForSubdir(
+        'output-styles',
+        cwd,
+      )
+
+      const styles = markdownFiles
+        .map(({ filePath, frontmatter, content, source }) => {
+          try {
+            const fileName = basename(filePath)
+            const styleName = fileName.replace(/\.md$/, '')
+
+            // Get style configuration from frontmatter
+            const name = (frontmatter['name'] || styleName) as string
+            const description =
+              coerceDescriptionToString(
+                frontmatter['description'],
+                styleName,
+              ) ??
+              extractDescriptionFromMarkdown(
+                content,
+                `Custom ${styleName} output style`,
+              )
+
+            // Parse keep-coding-instructions flag (supports both boolean and string values)
+            const keepCodingInstructionsRaw =
+              frontmatter['keep-coding-instructions']
+            const keepCodingInstructions =
+              keepCodingInstructionsRaw === true ||
+              keepCodingInstructionsRaw === 'true'
+                ? true
+                : keepCodingInstructionsRaw === false ||
+                    keepCodingInstructionsRaw === 'false'
+                  ? false
+                  : undefined
+
+            // Warn if force-for-plugin is set on non-plugin output style
+            if (frontmatter['force-for-plugin'] !== undefined) {
+              logForDebugging(
+                `Output style "${name}" has force-for-plugin set, but this option only applies to plugin output styles. Ignoring.`,
+                { level: 'warn' },
+              )
+            }
+
+            return {
+              name,
+              description,
+              prompt: content.trim(),
+              source,
+              keepCodingInstructions,
+            }
+          } catch (error) {
+            logError(error)
+            return null
+          }
+        })
+        .filter(style => style !== null)
+
+      return styles
+    } catch (error) {
+      logError(error)
+      return []
+    }
+  },
+)
+
+export function clearOutputStyleCaches(): void {
+  getOutputStyleDirStyles.cache?.clear?.()
+  loadMarkdownFilesForSubdir.cache?.clear?.()
+  clearPluginOutputStyleCache()
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xortex/xcode",
-  "version": "3.1.2",
+  "version": "3.1.3",
   "description": "XCode - AI-powered coding assistant with XMem long-term memory. Supports Claude, Gemini, Kimi, DeepSeek via OpenRouter.",
   "main": "main.tsx",
   "bin": {
@@ -37,7 +37,14 @@
     "types/",
     "upstreamproxy/",
     "utils/",
+    "vim/",
     "voice/",
+    "plugins/",
+    "public/",
+    "server/",
+    "outputStyles/",
+    "moreright/",
+    "native-ts/",
     "bun-bundle-hook.js",
     "bun-bundle-shim.ts",
     "tsconfig.json",

package/plugins/builtinPlugins.ts

@@ -0,0 +1,159 @@
+/**
+ * Built-in Plugin Registry
+ *
+ * Manages built-in plugins that ship with the CLI and can be enabled/disabled
+ * by users via the /plugin UI.
+ *
+ * Built-in plugins differ from bundled skills (src/skills/bundled/) in that:
+ * - They appear in the /plugin UI under a "Built-in" section
+ * - Users can enable/disable them (persisted to user settings)
+ * - They can provide multiple components (skills, hooks, MCP servers)
+ *
+ * Plugin IDs use the format `{name}@builtin` to distinguish them from
+ * marketplace plugins (`{name}@{marketplace}`).
+ */
+
+import type { Command } from '../commands.js'
+import type { BundledSkillDefinition } from '../skills/bundledSkills.js'
+import type { BuiltinPluginDefinition, LoadedPlugin } from '../types/plugin.js'
+import { getSettings_DEPRECATED } from '../utils/settings/settings.js'
+
+const BUILTIN_PLUGINS: Map<string, BuiltinPluginDefinition> = new Map()
+
+export const BUILTIN_MARKETPLACE_NAME = 'builtin'
+
+/**
+ * Register a built-in plugin. Call this from initBuiltinPlugins() at startup.
+ */
+export function registerBuiltinPlugin(
+  definition: BuiltinPluginDefinition,
+): void {
+  BUILTIN_PLUGINS.set(definition.name, definition)
+}
+
+/**
+ * Check if a plugin ID represents a built-in plugin (ends with @builtin).
+ */
+export function isBuiltinPluginId(pluginId: string): boolean {
+  return pluginId.endsWith(`@${BUILTIN_MARKETPLACE_NAME}`)
+}
+
+/**
+ * Get a specific built-in plugin definition by name.
+ * Useful for the /plugin UI to show the skills/hooks/MCP list without
+ * a marketplace lookup.
+ */
+export function getBuiltinPluginDefinition(
+  name: string,
+): BuiltinPluginDefinition | undefined {
+  return BUILTIN_PLUGINS.get(name)
+}
+
+/**
+ * Get all registered built-in plugins as LoadedPlugin objects, split into
+ * enabled/disabled based on user settings (with defaultEnabled as fallback).
+ * Plugins whose isAvailable() returns false are omitted entirely.
+ */
+export function getBuiltinPlugins(): {
+  enabled: LoadedPlugin[]
+  disabled: LoadedPlugin[]
+} {
+  const settings = getSettings_DEPRECATED()
+  const enabled: LoadedPlugin[] = []
+  const disabled: LoadedPlugin[] = []
+
+  for (const [name, definition] of BUILTIN_PLUGINS) {
+    if (definition.isAvailable && !definition.isAvailable()) {
+      continue
+    }
+
+    const pluginId = `${name}@${BUILTIN_MARKETPLACE_NAME}`
+    const userSetting = settings?.enabledPlugins?.[pluginId]
+    // Enabled state: user preference > plugin default > true
+    const isEnabled =
+      userSetting !== undefined
+        ? userSetting === true
+        : (definition.defaultEnabled ?? true)
+
+    const plugin: LoadedPlugin = {
+      name,
+      manifest: {
+        name,
+        description: definition.description,
+        version: definition.version,
+      },
+      path: BUILTIN_MARKETPLACE_NAME, // sentinel — no filesystem path
+      source: pluginId,
+      repository: pluginId,
+      enabled: isEnabled,
+      isBuiltin: true,
+      hooksConfig: definition.hooks,
+      mcpServers: definition.mcpServers,
+    }
+
+    if (isEnabled) {
+      enabled.push(plugin)
+    } else {
+      disabled.push(plugin)
+    }
+  }
+
+  return { enabled, disabled }
+}
+
+/**
+ * Get skills from enabled built-in plugins as Command objects.
+ * Skills from disabled plugins are not returned.
+ */
+export function getBuiltinPluginSkillCommands(): Command[] {
+  const { enabled } = getBuiltinPlugins()
+  const commands: Command[] = []
+
+  for (const plugin of enabled) {
+    const definition = BUILTIN_PLUGINS.get(plugin.name)
+    if (!definition?.skills) continue
+    for (const skill of definition.skills) {
+      commands.push(skillDefinitionToCommand(skill))
+    }
+  }
+
+  return commands
+}
+
+/**
+ * Clear built-in plugins registry (for testing).
+ */
+export function clearBuiltinPlugins(): void {
+  BUILTIN_PLUGINS.clear()
+}
+
+// --
+
+function skillDefinitionToCommand(definition: BundledSkillDefinition): Command {
+  return {
+    type: 'prompt',
+    name: definition.name,
+    description: definition.description,
+    hasUserSpecifiedDescription: true,
+    allowedTools: definition.allowedTools ?? [],
+    argumentHint: definition.argumentHint,
+    whenToUse: definition.whenToUse,
+    model: definition.model,
+    disableModelInvocation: definition.disableModelInvocation ?? false,
+    userInvocable: definition.userInvocable ?? true,
+    contentLength: 0,
+    // 'bundled' not 'builtin' — 'builtin' in Command.source means hardcoded
+    // slash commands (/help, /clear). Using 'bundled' keeps these skills in
+    // the Skill tool's listing, analytics name logging, and prompt-truncation
+    // exemption. The user-toggleable aspect is tracked on LoadedPlugin.isBuiltin.
+    source: 'bundled',
+    loadedFrom: 'bundled',
+    hooks: definition.hooks,
+    context: definition.context,
+    agent: definition.agent,
+    isEnabled: definition.isEnabled ?? (() => true),
+    isHidden: !(definition.userInvocable ?? true),
+    progressMessage: 'running',
+    getPromptForCommand: definition.getPromptForCommand,
+  }
+}

package/plugins/bundled/index.ts

@@ -0,0 +1,23 @@
+/**
+ * Built-in Plugin Initialization
+ *
+ * Initializes built-in plugins that ship with the CLI and appear in the
+ * /plugin UI for users to enable/disable.
+ *
+ * Not all bundled features should be built-in plugins — use this for
+ * features that users should be able to explicitly enable/disable. For
+ * features with complex setup or automatic-enabling logic (e.g.
+ * claude-in-chrome), use src/skills/bundled/ instead.
+ *
+ * To add a new built-in plugin:
+ * 1. Import registerBuiltinPlugin from '../builtinPlugins.js'
+ * 2. Call registerBuiltinPlugin() with the plugin definition here
+ */
+
+/**
+ * Initialize built-in plugins. Called during CLI startup.
+ */
+export function initBuiltinPlugins(): void {
+  // No built-in plugins registered yet — this is the scaffolding for
+  // migrating bundled skills that should be user-toggleable.
+}

package/server/createDirectConnectSession.ts

@@ -0,0 +1,88 @@
+/* eslint-disable eslint-plugin-n/no-unsupported-features/node-builtins */
+
+import { errorMessage } from '../utils/errors.js'
+import { jsonStringify } from '../utils/slowOperations.js'
+import type { DirectConnectConfig } from './directConnectManager.js'
+import { connectResponseSchema } from './types.js'
+
+/**
+ * Errors thrown by createDirectConnectSession when the connection fails.
+ */
+export class DirectConnectError extends Error {
+  constructor(message: string) {
+    super(message)
+    this.name = 'DirectConnectError'
+  }
+}
+
+/**
+ * Create a session on a direct-connect server.
+ *
+ * Posts to `${serverUrl}/sessions`, validates the response, and returns
+ * a DirectConnectConfig ready for use by the REPL or headless runner.
+ *
+ * Throws DirectConnectError on network, HTTP, or response-parsing failures.
+ */
+export async function createDirectConnectSession({
+  serverUrl,
+  authToken,
+  cwd,
+  dangerouslySkipPermissions,
+}: {
+  serverUrl: string
+  authToken?: string
+  cwd: string
+  dangerouslySkipPermissions?: boolean
+}): Promise<{
+  config: DirectConnectConfig
+  workDir?: string
+}> {
+  const headers: Record<string, string> = {
+    'content-type': 'application/json',
+  }
+  if (authToken) {
+    headers['authorization'] = `Bearer ${authToken}`
+  }
+
+  let resp: Response
+  try {
+    resp = await fetch(`${serverUrl}/sessions`, {
+      method: 'POST',
+      headers,
+      body: jsonStringify({
+        cwd,
+        ...(dangerouslySkipPermissions && {
+          dangerously_skip_permissions: true,
+        }),
+      }),
+    })
+  } catch (err) {
+    throw new DirectConnectError(
+      `Failed to connect to server at ${serverUrl}: ${errorMessage(err)}`,
+    )
+  }
+
+  if (!resp.ok) {
+    throw new DirectConnectError(
+      `Failed to create session: ${resp.status} ${resp.statusText}`,
+    )
+  }
+
+  const result = connectResponseSchema().safeParse(await resp.json())
+  if (!result.success) {
+    throw new DirectConnectError(
+      `Invalid session response: ${result.error.message}`,
+    )
+  }
+
+  const data = result.data
+  return {
+    config: {
+      serverUrl,
+      sessionId: data.session_id,
+      wsUrl: data.ws_url,
+      authToken,
+    },
+    workDir: data.work_dir,
+  }
+}

package/server/directConnectManager.ts

@@ -0,0 +1,213 @@
+/* eslint-disable eslint-plugin-n/no-unsupported-features/node-builtins */
+
+import type { SDKMessage } from '../entrypoints/agentSdkTypes.js'
+import type {
+  SDKControlPermissionRequest,
+  StdoutMessage,
+} from '../entrypoints/sdk/controlTypes.js'
+import type { RemotePermissionResponse } from '../remote/RemoteSessionManager.js'
+import { logForDebugging } from '../utils/debug.js'
+import { jsonParse, jsonStringify } from '../utils/slowOperations.js'
+import type { RemoteMessageContent } from '../utils/teleport/api.js'
+
+export type DirectConnectConfig = {
+  serverUrl: string
+  sessionId: string
+  wsUrl: string
+  authToken?: string
+}
+
+export type DirectConnectCallbacks = {
+  onMessage: (message: SDKMessage) => void
+  onPermissionRequest: (
+    request: SDKControlPermissionRequest,
+    requestId: string,
+  ) => void
+  onConnected?: () => void
+  onDisconnected?: () => void
+  onError?: (error: Error) => void
+}
+
+function isStdoutMessage(value: unknown): value is StdoutMessage {
+  return (
+    typeof value === 'object' &&
+    value !== null &&
+    'type' in value &&
+    typeof value.type === 'string'
+  )
+}
+
+export class DirectConnectSessionManager {
+  private ws: WebSocket | null = null
+  private config: DirectConnectConfig
+  private callbacks: DirectConnectCallbacks
+
+  constructor(config: DirectConnectConfig, callbacks: DirectConnectCallbacks) {
+    this.config = config
+    this.callbacks = callbacks
+  }
+
+  connect(): void {
+    const headers: Record<string, string> = {}
+    if (this.config.authToken) {
+      headers['authorization'] = `Bearer ${this.config.authToken}`
+    }
+    // Bun's WebSocket supports headers option but the DOM typings don't
+    this.ws = new WebSocket(this.config.wsUrl, {
+      headers,
+    } as unknown as string[])
+
+    this.ws.addEventListener('open', () => {
+      this.callbacks.onConnected?.()
+    })
+
+    this.ws.addEventListener('message', event => {
+      const data = typeof event.data === 'string' ? event.data : ''
+      const lines = data.split('\n').filter((l: string) => l.trim())
+
+      for (const line of lines) {
+        let raw: unknown
+        try {
+          raw = jsonParse(line)
+        } catch {
+          continue
+        }
+
+        if (!isStdoutMessage(raw)) {
+          continue
+        }
+        const parsed = raw
+
+        // Handle control requests (permission requests)
+        if (parsed.type === 'control_request') {
+          if (parsed.request.subtype === 'can_use_tool') {
+            this.callbacks.onPermissionRequest(
+              parsed.request,
+              parsed.request_id,
+            )
+          } else {
+            // Send an error response for unrecognized subtypes so the
+            // server doesn't hang waiting for a reply that never comes.
+            logForDebugging(
+              `[DirectConnect] Unsupported control request subtype: ${parsed.request.subtype}`,
+            )
+            this.sendErrorResponse(
+              parsed.request_id,
+              `Unsupported control request subtype: ${parsed.request.subtype}`,
+            )
+          }
+          continue
+        }
+
+        // Forward SDK messages (assistant, result, system, etc.)
+        if (
+          parsed.type !== 'control_response' &&
+          parsed.type !== 'keep_alive' &&
+          parsed.type !== 'control_cancel_request' &&
+          parsed.type !== 'streamlined_text' &&
+          parsed.type !== 'streamlined_tool_use_summary' &&
+          !(parsed.type === 'system' && parsed.subtype === 'post_turn_summary')
+        ) {
+          this.callbacks.onMessage(parsed)
+        }
+      }
+    })
+
+    this.ws.addEventListener('close', () => {
+      this.callbacks.onDisconnected?.()
+    })
+
+    this.ws.addEventListener('error', () => {
+      this.callbacks.onError?.(new Error('WebSocket connection error'))
+    })
+  }
+
+  sendMessage(content: RemoteMessageContent): boolean {
+    if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+      return false
+    }
+
+    // Must match SDKUserMessage format expected by `--input-format stream-json`
+    const message = jsonStringify({
+      type: 'user',
+      message: {
+        role: 'user',
+        content: content,
+      },
+      parent_tool_use_id: null,
+      session_id: '',
+    })
+    this.ws.send(message)
+    return true
+  }
+
+  respondToPermissionRequest(
+    requestId: string,
+    result: RemotePermissionResponse,
+  ): void {
+    if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+      return
+    }
+
+    // Must match SDKControlResponse format expected by StructuredIO
+    const response = jsonStringify({
+      type: 'control_response',
+      response: {
+        subtype: 'success',
+        request_id: requestId,
+        response: {
+          behavior: result.behavior,
+          ...(result.behavior === 'allow'
+            ? { updatedInput: result.updatedInput }
+            : { message: result.message }),
+        },
+      },
+    })
+    this.ws.send(response)
+  }
+
+  /**
+   * Send an interrupt signal to cancel the current request
+   */
+  sendInterrupt(): void {
+    if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+      return
+    }
+
+    // Must match SDKControlRequest format expected by StructuredIO
+    const request = jsonStringify({
+      type: 'control_request',
+      request_id: crypto.randomUUID(),
+      request: {
+        subtype: 'interrupt',
+      },
+    })
+    this.ws.send(request)
+  }
+
+  private sendErrorResponse(requestId: string, error: string): void {
+    if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+      return
+    }
+    const response = jsonStringify({
+      type: 'control_response',
+      response: {
+        subtype: 'error',
+        request_id: requestId,
+        error,
+      },
+    })
+    this.ws.send(response)
+  }
+
+  disconnect(): void {
+    if (this.ws) {
+      this.ws.close()
+      this.ws = null
+    }
+  }
+
+  isConnected(): boolean {
+    return this.ws?.readyState === WebSocket.OPEN
+  }
+}

package/server/types.ts

@@ -0,0 +1,57 @@
+import type { ChildProcess } from 'child_process'
+import { z } from 'zod/v4'
+import { lazySchema } from '../utils/lazySchema.js'
+
+export const connectResponseSchema = lazySchema(() =>
+  z.object({
+    session_id: z.string(),
+    ws_url: z.string(),
+    work_dir: z.string().optional(),
+  }),
+)
+
+export type ServerConfig = {
+  port: number
+  host: string
+  authToken: string
+  unix?: string
+  /** Idle timeout for detached sessions (ms). 0 = never expire. */
+  idleTimeoutMs?: number
+  /** Maximum number of concurrent sessions. */
+  maxSessions?: number
+  /** Default workspace directory for sessions that don't specify cwd. */
+  workspace?: string
+}
+
+export type SessionState =
+  | 'starting'
+  | 'running'
+  | 'detached'
+  | 'stopping'
+  | 'stopped'
+
+export type SessionInfo = {
+  id: string
+  status: SessionState
+  createdAt: number
+  workDir: string
+  process: ChildProcess | null
+  sessionKey?: string
+}
+
+/**
+ * Stable session key → session metadata. Persisted to ~/.claude/server-sessions.json
+ * so sessions can be resumed across server restarts.
+ */
+export type SessionIndexEntry = {
+  /** Server-assigned session ID (matches the subprocess's claude session). */
+  sessionId: string
+  /** The claude transcript session ID for --resume. Same as sessionId for direct sessions. */
+  transcriptSessionId: string
+  cwd: string
+  permissionMode?: string
+  createdAt: number
+  lastActiveAt: number
+}
+
+export type SessionIndex = Record<string, SessionIndexEntry>