agentgui 1.0.212 → 1.0.214

package/lib/claude-runner.js

@@ -208,7 +208,7 @@ class AgentRunner {
       } = config;
 
       const cmd = this.requiresAdapter && this.adapterCommand ? this.adapterCommand : this.command;
-      const baseArgs = this.requiresAdapter && this.adapterCommand ? this.adapterArgs : ['acp'];
+      const baseArgs = this.requiresAdapter && this.adapterCommand ? this.adapterArgs : this.buildArgs(prompt, config);
       const args = [...baseArgs];
 
       const proc = spawn(cmd, args, { cwd });
@@ -351,6 +351,15 @@ class AgentRunner {
           return;
         }
 
+        if (message.id === promptId && message.error) {
+          originalHandler(message);
+          completed = true;
+          clearTimeout(timeoutHandle);
+          proc.kill();
+          reject(new Error(message.error.message || 'ACP prompt error'));
+          return;
+        }
+
         originalHandler(message);
       };
 
@@ -726,7 +735,7 @@ registry.register({
   protocol: 'acp',
   supportsStdin: false,
   supportedFeatures: ['streaming', 'resume', 'acp-protocol'],
-  buildArgs: () => ['acp'],
+  buildArgs: () => ['--experimental-acp', '--yolo'],
   protocolHandler: acpProtocolHandler
 });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentgui",
-  "version": "1.0.212",
+  "version": "1.0.214",
   "description": "Multi-agent ACP client with real-time communication",
   "type": "module",
   "main": "server.js",

package/server.js

@@ -336,6 +336,67 @@ function geminiOAuthResultPage(title, message, success) {
 </div></body></html>`;
 }
 
+function encodeOAuthState(csrfToken, relayUrl) {
+  const payload = JSON.stringify({ t: csrfToken, r: relayUrl });
+  return Buffer.from(payload).toString('base64url');
+}
+
+function decodeOAuthState(stateStr) {
+  try {
+    const payload = JSON.parse(Buffer.from(stateStr, 'base64url').toString());
+    return { csrfToken: payload.t, relayUrl: payload.r };
+  } catch (_) {
+    return { csrfToken: stateStr, relayUrl: null };
+  }
+}
+
+function geminiOAuthRelayPage(code, state, error) {
+  const stateData = decodeOAuthState(state || '');
+  const relayUrl = stateData.relayUrl || '';
+  const escapedCode = (code || '').replace(/['"\\]/g, '');
+  const escapedState = (state || '').replace(/['"\\]/g, '');
+  const escapedError = (error || '').replace(/['"\\]/g, '');
+  const escapedRelay = relayUrl.replace(/['"\\]/g, '');
+  return `<!DOCTYPE html><html><head><title>Completing sign-in...</title></head>
+<body style="margin:0;display:flex;align-items:center;justify-content:center;min-height:100vh;background:#111827;font-family:system-ui,sans-serif;color:white;">
+<div id="status" style="text-align:center;max-width:400px;padding:2rem;">
+<div id="spinner" style="font-size:2rem;margin-bottom:1rem;">&#8987;</div>
+<h1 id="title" style="font-size:1.5rem;margin-bottom:0.5rem;">Completing sign-in...</h1>
+<p id="msg" style="color:#9ca3af;">Relaying authentication to server...</p>
+</div>
+<script>
+(function() {
+  var code = '${escapedCode}';
+  var state = '${escapedState}';
+  var error = '${escapedError}';
+  var relayUrl = '${escapedRelay}';
+  function show(icon, title, msg, color) {
+    document.getElementById('spinner').textContent = icon;
+    document.getElementById('spinner').style.color = color;
+    document.getElementById('title').textContent = title;
+    document.getElementById('msg').textContent = msg;
+  }
+  if (error) { show('\\u2717', 'Authentication Failed', error, '#ef4444'); return; }
+  if (!code) { show('\\u2717', 'Authentication Failed', 'No authorization code received.', '#ef4444'); return; }
+  if (!relayUrl) { show('\\u2713', 'Authentication Successful', 'Credentials saved. You can close this tab.', '#10b981'); return; }
+  fetch(relayUrl, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ code: code, state: state })
+  }).then(function(r) { return r.json(); }).then(function(data) {
+    if (data.success) {
+      show('\\u2713', 'Authentication Successful', data.email ? 'Signed in as ' + data.email + '. You can close this tab.' : 'Credentials saved. You can close this tab.', '#10b981');
+    } else {
+      show('\\u2717', 'Authentication Failed', data.error || 'Unknown error', '#ef4444');
+    }
+  }).catch(function(e) {
+    show('\\u2717', 'Relay Failed', 'Could not reach server: ' + e.message + '. You may need to paste the URL manually.', '#ef4444');
+  });
+})();
+</script>
+</body></html>`;
+}
+
 function isRemoteRequest(req) {
   return !!(req && (req.headers['x-forwarded-for'] || req.headers['x-forwarded-host'] || req.headers['x-forwarded-proto']));
 }
@@ -353,7 +414,10 @@ async function startGeminiOAuth(req) {
     redirectUri = `http://localhost:${PORT}${BASE_URL}/oauth2callback`;
   }
 
-  const state = crypto.randomBytes(32).toString('hex');
+  const csrfToken = crypto.randomBytes(32).toString('hex');
+  const relayUrl = req ? `${buildBaseUrl(req)}${BASE_URL}/api/gemini-oauth/relay` : null;
+  const state = encodeOAuthState(csrfToken, relayUrl);
+
   const client = new OAuth2Client({
     clientId: creds.clientId,
     clientSecret: creds.clientSecret,
@@ -367,7 +431,7 @@ async function startGeminiOAuth(req) {
   });
 
   const mode = useCustomClient ? 'custom' : (remote ? 'cli-remote' : 'cli-local');
-  geminiOAuthPending = { client, redirectUri, state };
+  geminiOAuthPending = { client, redirectUri, state: csrfToken };
   geminiOAuthState = { status: 'pending', error: null, email: null };
 
   setTimeout(() => {
@@ -380,12 +444,13 @@ async function startGeminiOAuth(req) {
   return { authUrl, mode };
 }
 
-async function exchangeGeminiOAuthCode(code, state) {
+async function exchangeGeminiOAuthCode(code, stateParam) {
   if (!geminiOAuthPending) throw new Error('No pending OAuth flow. Please start authentication again.');
 
-  const { client, redirectUri, state: expectedState } = geminiOAuthPending;
+  const { client, redirectUri, state: expectedCsrf } = geminiOAuthPending;
+  const { csrfToken } = decodeOAuthState(stateParam);
 
-  if (state !== expectedState) {
+  if (csrfToken !== expectedCsrf) {
     geminiOAuthState = { status: 'error', error: 'State mismatch', email: null };
     geminiOAuthPending = null;
     throw new Error('State mismatch - possible CSRF attack.');
@@ -423,6 +488,23 @@ async function exchangeGeminiOAuthCode(code, state) {
 
 async function handleGeminiOAuthCallback(req, res) {
   const reqUrl = new URL(req.url, `http://localhost:${PORT}`);
+  const code = reqUrl.searchParams.get('code');
+  const state = reqUrl.searchParams.get('state');
+  const error = reqUrl.searchParams.get('error');
+  const errorDesc = reqUrl.searchParams.get('error_description');
+
+  if (error) {
+    const desc = errorDesc || error;
+    geminiOAuthState = { status: 'error', error: desc, email: null };
+    geminiOAuthPending = null;
+  }
+
+  const stateData = decodeOAuthState(state || '');
+  if (stateData.relayUrl) {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(geminiOAuthRelayPage(code, state, errorDesc || error));
+    return;
+  }
 
   if (!geminiOAuthPending) {
     res.writeHead(200, { 'Content-Type': 'text/html' });
@@ -431,20 +513,8 @@ async function handleGeminiOAuthCallback(req, res) {
   }
 
   try {
-    const error = reqUrl.searchParams.get('error');
-    if (error) {
-      const desc = reqUrl.searchParams.get('error_description') || error;
-      geminiOAuthState = { status: 'error', error: desc, email: null };
-      geminiOAuthPending = null;
-      res.writeHead(200, { 'Content-Type': 'text/html' });
-      res.end(geminiOAuthResultPage('Authentication Failed', desc, false));
-      return;
-    }
-
-    const code = reqUrl.searchParams.get('code');
-    const state = reqUrl.searchParams.get('state');
+    if (error) throw new Error(errorDesc || error);
     const email = await exchangeGeminiOAuthCode(code, state);
-
     res.writeHead(200, { 'Content-Type': 'text/html' });
     res.end(geminiOAuthResultPage('Authentication Successful', email ? `Signed in as ${email}` : 'Gemini CLI credentials saved.', true));
   } catch (e) {
@@ -1165,6 +1235,24 @@ const server = http.createServer(async (req, res) => {
       return;
     }
 
+    if (pathOnly === '/api/gemini-oauth/relay' && req.method === 'POST') {
+      try {
+        const body = await parseBody(req);
+        const { code, state: stateParam } = body;
+        if (!code || !stateParam) {
+          sendJSON(req, res, 400, { error: 'Missing code or state' });
+          return;
+        }
+        const email = await exchangeGeminiOAuthCode(code, stateParam);
+        sendJSON(req, res, 200, { success: true, email });
+      } catch (e) {
+        geminiOAuthState = { status: 'error', error: e.message, email: null };
+        geminiOAuthPending = null;
+        sendJSON(req, res, 400, { error: e.message });
+      }
+      return;
+    }
+
     if (pathOnly === '/api/gemini-oauth/complete' && req.method === 'POST') {
       try {
         const body = await parseBody(req);

package/static/js/agent-auth.js

@@ -130,46 +130,61 @@
 
   function closeDropdown() { dropdown.classList.remove('open'); editingProvider = null; }
 
-  var oauthPollInterval = null, oauthPollTimeout = null;
+  var oauthPollInterval = null, oauthPollTimeout = null, oauthFallbackTimer = null;
 
   function cleanupOAuthPolling() {
     if (oauthPollInterval) { clearInterval(oauthPollInterval); oauthPollInterval = null; }
     if (oauthPollTimeout) { clearTimeout(oauthPollTimeout); oauthPollTimeout = null; }
+    if (oauthFallbackTimer) { clearTimeout(oauthFallbackTimer); oauthFallbackTimer = null; }
   }
 
-  function showOAuthPasteModal() {
-    removeOAuthPasteModal();
+  function showOAuthWaitingModal() {
+    removeOAuthModal();
     var overlay = document.createElement('div');
-    overlay.id = 'oauthPasteModal';
+    overlay.id = 'oauthWaitingModal';
     overlay.style.cssText = 'position:fixed;inset:0;background:rgba(0,0,0,0.7);display:flex;align-items:center;justify-content:center;z-index:9999;';
-    var s = function(c) { return 'font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin:0 0 ' + (c ? '0' : '0.5rem') + ';'; };
     overlay.innerHTML = '<div style="background:var(--color-bg-secondary,#1f2937);border-radius:1rem;padding:2rem;max-width:28rem;width:calc(100% - 2rem);box-shadow:0 25px 50px rgba(0,0,0,0.5);color:var(--color-text-primary,white);font-family:system-ui,sans-serif;" onclick="event.stopPropagation()">' +
       '<div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:1rem;">' +
-      '<h2 style="font-size:1.125rem;font-weight:700;margin:0;">Complete Google Sign-In</h2>' +
-      '<button id="oauthPasteClose" style="background:none;border:none;color:var(--color-text-secondary,#9ca3af);font-size:1.5rem;cursor:pointer;padding:0;line-height:1;">\u00d7</button></div>' +
+      '<h2 style="font-size:1.125rem;font-weight:700;margin:0;">Google Sign-In</h2>' +
+      '<button id="oauthWaitingClose" style="background:none;border:none;color:var(--color-text-secondary,#9ca3af);font-size:1.5rem;cursor:pointer;padding:0;line-height:1;">\u00d7</button></div>' +
+      '<div id="oauthWaitingContent" style="text-align:center;padding:1.5rem 0;">' +
+      '<div style="font-size:2rem;margin-bottom:1rem;animation:pulse 2s infinite;">&#9203;</div>' +
+      '<p style="font-size:0.85rem;color:var(--color-text-secondary,#d1d5db);margin:0 0 0.5rem;">Waiting for Google sign-in to complete...</p>' +
+      '<p style="font-size:0.75rem;color:var(--color-text-secondary,#6b7280);margin:0;">Complete the sign-in in the tab that just opened.</p>' +
+      '<p style="font-size:0.75rem;color:var(--color-text-secondary,#6b7280);margin:0.25rem 0 0;">This dialog will close automatically when done.</p></div>' +
+      '<div id="oauthPasteFallback" style="display:none;">' +
       '<div style="margin-bottom:1rem;padding:1rem;background:var(--color-bg-tertiary,rgba(255,255,255,0.05));border-radius:0.5rem;">' +
-      '<p style="' + s() + '">1. A Google sign-in page has opened in a new tab.</p>' +
-      '<p style="' + s() + '">2. Complete the sign-in process with Google.</p>' +
-      '<p style="' + s() + '">3. After signing in, you will be redirected to a page that <span style="color:#facc15;font-weight:600;">may not load</span> (this is expected).</p>' +
-      '<p style="' + s(1) + '">4. Copy the <span style="color:white;font-weight:600;">entire URL</span> from the address bar and paste it below.</p></div>' +
-      '<label style="display:block;font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin-bottom:0.5rem;">Paste the redirect URL here:</label>' +
+      '<p style="font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin:0 0 0.5rem;">The automatic relay did not complete. This can happen when accessing the server remotely.</p>' +
+      '<p style="font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin:0;">Copy the <span style="color:white;font-weight:600;">entire URL</span> from the sign-in tab and paste it below.</p></div>' +
       '<input type="text" id="oauthPasteInput" placeholder="http://localhost:3000/gm/oauth2callback?code=..." style="width:100%;box-sizing:border-box;padding:0.75rem 1rem;background:var(--color-bg-primary,#374151);border:1px solid var(--color-border,#4b5563);border-radius:0.5rem;color:var(--color-text-primary,white);font-size:0.8rem;font-family:monospace;outline:none;" />' +
-      '<p id="oauthPasteError" style="font-size:0.75rem;color:#ef4444;margin:0.5rem 0 0;display:none;"></p>' +
+      '<p id="oauthPasteError" style="font-size:0.75rem;color:#ef4444;margin:0.5rem 0 0;display:none;"></p></div>' +
       '<div style="display:flex;gap:0.75rem;margin-top:1.25rem;">' +
-      '<button id="oauthPasteCancel" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:1px solid var(--color-border,#4b5563);background:transparent;color:var(--color-text-primary,white);font-size:0.8rem;cursor:pointer;font-weight:600;">Cancel</button>' +
-      '<button id="oauthPasteSubmit" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:none;background:var(--color-primary,#3b82f6);color:white;font-size:0.8rem;cursor:pointer;font-weight:600;">Complete Sign-In</button></div>' +
-      '<p style="font-size:0.7rem;color:var(--color-text-secondary,#6b7280);margin-top:1rem;text-align:center;">If the redirect page loaded successfully, this dialog will close automatically.</p></div>';
+      '<button id="oauthWaitingCancel" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:1px solid var(--color-border,#4b5563);background:transparent;color:var(--color-text-primary,white);font-size:0.8rem;cursor:pointer;font-weight:600;">Cancel</button>' +
+      '<button id="oauthPasteSubmit" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:none;background:var(--color-primary,#3b82f6);color:white;font-size:0.8rem;cursor:pointer;font-weight:600;display:none;">Complete Sign-In</button></div>' +
+      '<style>@keyframes pulse{0%,100%{opacity:1}50%{opacity:0.5}}</style></div>';
     document.body.appendChild(overlay);
-    var dismiss = function() { cleanupOAuthPolling(); authRunning = false; removeOAuthPasteModal(); };
-    document.getElementById('oauthPasteClose').addEventListener('click', dismiss);
-    document.getElementById('oauthPasteCancel').addEventListener('click', dismiss);
+    var dismiss = function() { cleanupOAuthPolling(); authRunning = false; removeOAuthModal(); };
+    document.getElementById('oauthWaitingClose').addEventListener('click', dismiss);
+    document.getElementById('oauthWaitingCancel').addEventListener('click', dismiss);
     document.getElementById('oauthPasteSubmit').addEventListener('click', submitOAuthPasteUrl);
-    document.getElementById('oauthPasteInput').addEventListener('keydown', function(e) { if (e.key === 'Enter') submitOAuthPasteUrl(); });
-    setTimeout(function() { var i = document.getElementById('oauthPasteInput'); if (i) i.focus(); }, 100);
   }
 
-  function removeOAuthPasteModal() {
-    var el = document.getElementById('oauthPasteModal');
+  function showOAuthPasteFallback() {
+    var fallback = document.getElementById('oauthPasteFallback');
+    var waitContent = document.getElementById('oauthWaitingContent');
+    var submitBtn = document.getElementById('oauthPasteSubmit');
+    if (fallback) fallback.style.display = 'block';
+    if (waitContent) waitContent.style.display = 'none';
+    if (submitBtn) submitBtn.style.display = 'block';
+    var input = document.getElementById('oauthPasteInput');
+    if (input) {
+      input.addEventListener('keydown', function(e) { if (e.key === 'Enter') submitOAuthPasteUrl(); });
+      setTimeout(function() { input.focus(); }, 100);
+    }
+  }
+
+  function removeOAuthModal() {
+    var el = document.getElementById('oauthWaitingModal');
     if (el) el.remove();
   }
 
@@ -193,7 +208,7 @@
       if (data.success) {
         cleanupOAuthPolling();
         authRunning = false;
-        removeOAuthPasteModal();
+        removeOAuthModal();
         refresh();
       } else {
         if (errorEl) { errorEl.textContent = data.error || 'Failed to complete authentication.'; errorEl.style.display = 'block'; }
@@ -217,26 +232,28 @@
         if (data.authUrl) {
           window.open(data.authUrl, '_blank');
           if (agentId === 'gemini') {
-            var needsPaste = data.mode === 'cli-remote';
-            if (needsPaste) showOAuthPasteModal();
+            showOAuthWaitingModal();
             cleanupOAuthPolling();
             oauthPollInterval = setInterval(function() {
               fetch(BASE + '/api/gemini-oauth/status').then(function(r) { return r.json(); }).then(function(status) {
                 if (status.status === 'success') {
                   cleanupOAuthPolling();
                   authRunning = false;
-                  removeOAuthPasteModal();
+                  removeOAuthModal();
                   refresh();
                 } else if (status.status === 'error') {
                   cleanupOAuthPolling();
                   authRunning = false;
-                  removeOAuthPasteModal();
+                  removeOAuthModal();
                 }
               }).catch(function() {});
             }, 1500);
+            oauthFallbackTimer = setTimeout(function() {
+              if (authRunning) showOAuthPasteFallback();
+            }, 30000);
             oauthPollTimeout = setTimeout(function() {
               cleanupOAuthPolling();
-              if (authRunning) { authRunning = false; removeOAuthPasteModal(); }
+              if (authRunning) { authRunning = false; removeOAuthModal(); }
             }, 5 * 60 * 1000);
           }
         }
@@ -257,7 +274,7 @@
       if (term) term.write(data.data);
     } else if (data.type === 'script_stopped') {
       authRunning = false;
-      removeOAuthPasteModal();
+      removeOAuthModal();
       cleanupOAuthPolling();
       var term = getTerminal();
       var msg = data.error ? data.error : ('exited with code ' + (data.code || 0));