agentgui 1.0.752 → 1.0.754

package/lib/oauth-codex.js

@@ -0,0 +1,162 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import crypto from 'crypto';
+import { buildBaseUrl, isRemoteRequest, encodeOAuthState, decodeOAuthState, oauthResultPage, oauthRelayPage } from './oauth-common.js';
+
+const CODEX_HOME = process.env.CODEX_HOME || path.join(os.homedir(), '.codex');
+const CODEX_AUTH_FILE = path.join(CODEX_HOME, 'auth.json');
+const CODEX_OAUTH_ISSUER = 'https://auth.openai.com';
+const CODEX_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+const CODEX_SCOPES = 'openid profile email offline_access api.connectors.read api.connectors.invoke';
+const CODEX_OAUTH_PORT = 1455;
+
+let codexOAuthState = { status: 'idle', error: null, email: null };
+let codexOAuthPending = null;
+
+function generatePkce() {
+  const verifierBytes = crypto.randomBytes(64);
+  const codeVerifier = verifierBytes.toString('base64url');
+  const challengeBytes = crypto.createHash('sha256').update(codeVerifier).digest();
+  const codeChallenge = challengeBytes.toString('base64url');
+  return { codeVerifier, codeChallenge };
+}
+
+function parseJwtEmail(jwt) {
+  try {
+    const parts = jwt.split('.');
+    if (parts.length < 2) return '';
+    const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
+    return payload.email || payload['https://api.openai.com/profile']?.email || '';
+  } catch (_) { return ''; }
+}
+
+function saveCodexCredentials(tokens) {
+  if (!fs.existsSync(CODEX_HOME)) fs.mkdirSync(CODEX_HOME, { recursive: true });
+  const auth = { auth_mode: 'chatgpt', tokens, last_refresh: new Date().toISOString() };
+  fs.writeFileSync(CODEX_AUTH_FILE, JSON.stringify(auth, null, 2), { mode: 0o600 });
+  try { fs.chmodSync(CODEX_AUTH_FILE, 0o600); } catch (_) {}
+}
+
+export function getCodexOAuthStatus() {
+  try {
+    if (fs.existsSync(CODEX_AUTH_FILE)) {
+      const auth = JSON.parse(fs.readFileSync(CODEX_AUTH_FILE, 'utf8'));
+      if (auth.tokens?.access_token || auth.tokens?.refresh_token) {
+        const email = parseJwtEmail(auth.tokens?.id_token || '') || '';
+        return { hasKey: true, apiKey: email || '****oauth', defaultModel: '', path: CODEX_AUTH_FILE, authMethod: 'oauth' };
+      }
+    }
+  } catch (_) {}
+  return null;
+}
+
+export async function startCodexOAuth(req, { PORT, BASE_URL }) {
+  const remote = isRemoteRequest(req);
+  const redirectUri = remote
+    ? `${buildBaseUrl(req, PORT)}${BASE_URL}/codex-oauth2callback`
+    : `http://localhost:${CODEX_OAUTH_PORT}/auth/callback`;
+  const pkce = generatePkce();
+  const csrfToken = crypto.randomBytes(32).toString('hex');
+  const relayUrl = remote ? `${buildBaseUrl(req, PORT)}${BASE_URL}/api/codex-oauth/relay` : null;
+  const state = encodeOAuthState(csrfToken, relayUrl);
+  const params = new URLSearchParams({
+    response_type: 'code',
+    client_id: CODEX_CLIENT_ID,
+    redirect_uri: redirectUri,
+    scope: CODEX_SCOPES,
+    code_challenge: pkce.codeChallenge,
+    code_challenge_method: 'S256',
+    id_token_add_organizations: 'true',
+    codex_cli_simplified_flow: 'true',
+    state,
+  });
+  const authUrl = `${CODEX_OAUTH_ISSUER}/oauth/authorize?${params.toString()}`;
+  const mode = remote ? 'remote' : 'local';
+  codexOAuthPending = { pkce, redirectUri, state: csrfToken };
+  codexOAuthState = { status: 'pending', error: null, email: null };
+  setTimeout(() => {
+    if (codexOAuthState.status === 'pending') {
+      codexOAuthState = { status: 'error', error: 'Authentication timed out', email: null };
+      codexOAuthPending = null;
+    }
+  }, 5 * 60 * 1000);
+  return { authUrl, mode };
+}
+
+export async function exchangeCodexOAuthCode(code, stateParam) {
+  if (!codexOAuthPending) throw new Error('No pending OAuth flow. Please start authentication again.');
+  const { pkce, redirectUri, state: expectedCsrf } = codexOAuthPending;
+  const { csrfToken } = decodeOAuthState(stateParam);
+  if (csrfToken !== expectedCsrf) {
+    codexOAuthState = { status: 'error', error: 'State mismatch', email: null };
+    codexOAuthPending = null;
+    throw new Error('State mismatch - possible CSRF attack.');
+  }
+  if (!code) {
+    codexOAuthState = { status: 'error', error: 'No authorization code received', email: null };
+    codexOAuthPending = null;
+    throw new Error('No authorization code received.');
+  }
+  const body = new URLSearchParams({
+    grant_type: 'authorization_code',
+    code,
+    redirect_uri: redirectUri,
+    client_id: CODEX_CLIENT_ID,
+    code_verifier: pkce.codeVerifier,
+  });
+  const resp = await fetch(`${CODEX_OAUTH_ISSUER}/oauth/token`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: body.toString(),
+  });
+  if (!resp.ok) {
+    const text = await resp.text();
+    codexOAuthState = { status: 'error', error: `Token exchange failed: ${resp.status}`, email: null };
+    codexOAuthPending = null;
+    throw new Error(`Token exchange failed (${resp.status}): ${text}`);
+  }
+  const tokens = await resp.json();
+  const email = parseJwtEmail(tokens.id_token || '');
+  saveCodexCredentials(tokens);
+  codexOAuthState = { status: 'success', error: null, email };
+  codexOAuthPending = null;
+  return email;
+}
+
+export async function handleCodexOAuthCallback(req, res, PORT) {
+  const reqUrl = new URL(req.url, `http://localhost:${PORT}`);
+  const code = reqUrl.searchParams.get('code');
+  const state = reqUrl.searchParams.get('state');
+  const error = reqUrl.searchParams.get('error');
+  const errorDesc = reqUrl.searchParams.get('error_description');
+  if (error) {
+    const desc = errorDesc || error;
+    codexOAuthState = { status: 'error', error: desc, email: null };
+    codexOAuthPending = null;
+  }
+  const stateData = decodeOAuthState(state || '');
+  if (stateData.relayUrl) {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(oauthRelayPage(code, state, errorDesc || error));
+    return;
+  }
+  if (!codexOAuthPending) {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(oauthResultPage('Authentication Failed', 'No pending OAuth flow.', false));
+    return;
+  }
+  try {
+    if (error) throw new Error(errorDesc || error);
+    const email = await exchangeCodexOAuthCode(code, state);
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(oauthResultPage('Authentication Successful', email ? `Signed in as ${email}` : 'Codex CLI credentials saved.', true));
+  } catch (e) {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(oauthResultPage('Authentication Failed', e.message, false));
+  }
+}
+
+export function getCodexOAuthState() { return codexOAuthState; }
+export function getCodexOAuthPending() { return codexOAuthPending; }
+export { CODEX_HOME, CODEX_AUTH_FILE };

package/lib/oauth-common.js

@@ -0,0 +1,92 @@
+import crypto from 'crypto';
+
+export function buildBaseUrl(req, PORT) {
+  const override = process.env.AGENTGUI_BASE_URL;
+  if (override) return override.replace(/\/+$/, '');
+  const fwdProto = req.headers['x-forwarded-proto'];
+  const fwdHost = req.headers['x-forwarded-host'] || req.headers['host'];
+  if (fwdHost) {
+    const proto = fwdProto || (req.socket.encrypted ? 'https' : 'http');
+    const cleanHost = fwdHost.replace(/:443$/, '').replace(/:80$/, '');
+    return `${proto}://${cleanHost}`;
+  }
+  return `http://127.0.0.1:${PORT}`;
+}
+
+export function isRemoteRequest(req) {
+  return !!(req && (req.headers['x-forwarded-for'] || req.headers['x-forwarded-host'] || req.headers['x-forwarded-proto']));
+}
+
+export function encodeOAuthState(csrfToken, relayUrl) {
+  const payload = JSON.stringify({ t: csrfToken, r: relayUrl });
+  return Buffer.from(payload).toString('base64url');
+}
+
+export function decodeOAuthState(stateStr) {
+  try {
+    const payload = JSON.parse(Buffer.from(stateStr, 'base64url').toString());
+    return { csrfToken: payload.t, relayUrl: payload.r };
+  } catch (_) {
+    return { csrfToken: stateStr, relayUrl: null };
+  }
+}
+
+export function oauthResultPage(title, message, success) {
+  const color = success ? '#10b981' : '#ef4444';
+  const icon = success ? '✓' : '✗';
+  return `<!DOCTYPE html><html><head><title>${title}</title></head>
+<body style="margin:0;display:flex;align-items:center;justify-content:center;min-height:100vh;background:#111827;font-family:system-ui,sans-serif;color:white;">
+<div style="text-align:center;max-width:400px;padding:2rem;">
+<div style="font-size:4rem;color:${color};margin-bottom:1rem;">${icon}</div>
+<h1 style="font-size:1.5rem;margin-bottom:0.5rem;">${title}</h1>
+<p style="color:#9ca3af;">${message}</p>
+<p style="color:#6b7280;margin-top:1rem;font-size:0.875rem;">You can close this tab.</p>
+</div></body></html>`;
+}
+
+export function oauthRelayPage(code, state, error) {
+  const stateData = decodeOAuthState(state || '');
+  const relayUrl = stateData.relayUrl || '';
+  const escapedCode = (code || '').replace(/['"\\]/g, '');
+  const escapedState = (state || '').replace(/['"\\]/g, '');
+  const escapedError = (error || '').replace(/['"\\]/g, '');
+  const escapedRelay = relayUrl.replace(/['"\\]/g, '');
+  return `<!DOCTYPE html><html><head><title>Completing sign-in...</title></head>
+<body style="margin:0;display:flex;align-items:center;justify-content:center;min-height:100vh;background:#111827;font-family:system-ui,sans-serif;color:white;">
+<div id="status" style="text-align:center;max-width:400px;padding:2rem;">
+<div id="spinner" style="font-size:2rem;margin-bottom:1rem;">&#8987;</div>
+<h1 id="title" style="font-size:1.5rem;margin-bottom:0.5rem;">Completing sign-in...</h1>
+<p id="msg" style="color:#9ca3af;">Relaying authentication to server...</p>
+</div>
+<script>
+(function() {
+  var code = '${escapedCode}';
+  var state = '${escapedState}';
+  var error = '${escapedError}';
+  var relayUrl = '${escapedRelay}';
+  function show(icon, title, msg, color) {
+    document.getElementById('spinner').textContent = icon;
+    document.getElementById('spinner').style.color = color;
+    document.getElementById('title').textContent = title;
+    document.getElementById('msg').textContent = msg;
+  }
+  if (error) { show('\\u2717', 'Authentication Failed', error, '#ef4444'); return; }
+  if (!code) { show('\\u2717', 'Authentication Failed', 'No authorization code received.', '#ef4444'); return; }
+  if (!relayUrl) { show('\\u2713', 'Authentication Successful', 'Credentials saved. You can close this tab.', '#10b981'); return; }
+  fetch(relayUrl, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ code: code, state: state })
+  }).then(function(r) { return r.json(); }).then(function(data) {
+    if (data.success) {
+      show('\\u2713', 'Authentication Successful', data.email ? 'Signed in as ' + data.email + '. You can close this tab.' : 'Credentials saved. You can close this tab.', '#10b981');
+    } else {
+      show('\\u2717', 'Authentication Failed', data.error || 'Unknown error', '#ef4444');
+    }
+  }).catch(function(e) {
+    show('\\u2717', 'Relay Failed', 'Could not reach server: ' + e.message + '. You may need to paste the URL manually.', '#ef4444');
+  });
+})();
+</script>
+</body></html>`;
+}

package/lib/oauth-gemini.js

@@ -0,0 +1,200 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import crypto from 'crypto';
+import { execSync } from 'child_process';
+import { OAuth2Client } from 'google-auth-library';
+import { findCommand } from './agent-discovery.js';
+import { buildBaseUrl, isRemoteRequest, encodeOAuthState, decodeOAuthState, oauthResultPage, oauthRelayPage } from './oauth-common.js';
+
+const GEMINI_SCOPES = [
+  'https://www.googleapis.com/auth/cloud-platform',
+  'https://www.googleapis.com/auth/userinfo.email',
+  'https://www.googleapis.com/auth/userinfo.profile',
+];
+const GEMINI_DIR = path.join(os.homedir(), '.gemini');
+const GEMINI_OAUTH_FILE = path.join(GEMINI_DIR, 'oauth_creds.json');
+const GEMINI_ACCOUNTS_FILE = path.join(GEMINI_DIR, 'google_accounts.json');
+
+let geminiOAuthState = { status: 'idle', error: null, email: null };
+let geminiOAuthPending = null;
+
+function extractOAuthFromFile(oauth2Path) {
+  try {
+    const src = fs.readFileSync(oauth2Path, 'utf8');
+    const idMatch = src.match(/OAUTH_CLIENT_ID\s*=\s*['"]([^'"]+)['"]/);
+    const secretMatch = src.match(/OAUTH_CLIENT_SECRET\s*=\s*['"]([^'"]+)['"]/);
+    if (idMatch && secretMatch) return { clientId: idMatch[1], clientSecret: secretMatch[1] };
+  } catch {}
+  return null;
+}
+
+export function getGeminiOAuthCreds(rootDir) {
+  if (process.env.GOOGLE_OAUTH_CLIENT_ID && process.env.GOOGLE_OAUTH_CLIENT_SECRET) {
+    return { clientId: process.env.GOOGLE_OAUTH_CLIENT_ID, clientSecret: process.env.GOOGLE_OAUTH_CLIENT_SECRET, custom: true };
+  }
+  const oauthRelPath = path.join('node_modules', '@google', 'gemini-cli-core', 'dist', 'src', 'code_assist', 'oauth2.js');
+  try {
+    const geminiPath = findCommand('gemini', rootDir);
+    if (geminiPath) {
+      const realPath = fs.realpathSync(geminiPath);
+      const pkgRoot = path.resolve(path.dirname(realPath), '..');
+      const result = extractOAuthFromFile(path.join(pkgRoot, oauthRelPath));
+      if (result) return result;
+    }
+  } catch (e) {
+    console.error('[gemini-oauth] gemini lookup failed:', e.message);
+  }
+  try {
+    const npmCacheDirs = new Set();
+    const addDir = (d) => { if (d) npmCacheDirs.add(path.join(d, '_npx')); };
+    addDir(path.join(os.homedir(), '.npm'));
+    addDir(path.join(os.homedir(), '.cache', '.npm'));
+    if (process.env.NPM_CACHE) addDir(process.env.NPM_CACHE);
+    if (process.env.npm_config_cache) addDir(process.env.npm_config_cache);
+    try { addDir(execSync('npm config get cache', { encoding: 'utf8', timeout: 5000 }).trim()); } catch {}
+    for (const cacheDir of npmCacheDirs) {
+      if (!fs.existsSync(cacheDir)) continue;
+      for (const d of fs.readdirSync(cacheDir).filter(d => !d.startsWith('.'))) {
+        const result = extractOAuthFromFile(path.join(cacheDir, d, oauthRelPath));
+        if (result) return result;
+      }
+    }
+  } catch (e) {
+    console.error('[gemini-oauth] npm cache scan failed:', e.message);
+  }
+  console.error('[gemini-oauth] Could not find Gemini CLI OAuth credentials in any known location');
+  return null;
+}
+
+function saveGeminiCredentials(tokens, email) {
+  if (!fs.existsSync(GEMINI_DIR)) fs.mkdirSync(GEMINI_DIR, { recursive: true });
+  fs.writeFileSync(GEMINI_OAUTH_FILE, JSON.stringify(tokens, null, 2), { mode: 0o600 });
+  try { fs.chmodSync(GEMINI_OAUTH_FILE, 0o600); } catch (_) {}
+  let accounts = { active: null, old: [] };
+  try {
+    if (fs.existsSync(GEMINI_ACCOUNTS_FILE)) {
+      accounts = JSON.parse(fs.readFileSync(GEMINI_ACCOUNTS_FILE, 'utf8'));
+    }
+  } catch (_) {}
+  if (email) {
+    if (accounts.active && accounts.active !== email && !accounts.old.includes(accounts.active)) {
+      accounts.old.push(accounts.active);
+    }
+    accounts.active = email;
+  }
+  fs.writeFileSync(GEMINI_ACCOUNTS_FILE, JSON.stringify(accounts, null, 2), { mode: 0o600 });
+}
+
+export async function startGeminiOAuth(req, { PORT, BASE_URL, rootDir }) {
+  const creds = getGeminiOAuthCreds(rootDir);
+  if (!creds) throw new Error('Could not find Gemini CLI OAuth credentials. Install gemini CLI first.');
+  const useCustomClient = !!creds.custom;
+  const remote = isRemoteRequest(req);
+  let redirectUri;
+  if (useCustomClient && req) {
+    redirectUri = `${buildBaseUrl(req, PORT)}${BASE_URL}/oauth2callback`;
+  } else {
+    redirectUri = `http://localhost:${PORT}${BASE_URL}/oauth2callback`;
+  }
+  const csrfToken = crypto.randomBytes(32).toString('hex');
+  const relayUrl = req ? `${buildBaseUrl(req, PORT)}${BASE_URL}/api/gemini-oauth/relay` : null;
+  const state = encodeOAuthState(csrfToken, relayUrl);
+  const client = new OAuth2Client({ clientId: creds.clientId, clientSecret: creds.clientSecret });
+  const authUrl = client.generateAuthUrl({ redirect_uri: redirectUri, access_type: 'offline', scope: GEMINI_SCOPES, state });
+  const mode = useCustomClient ? 'custom' : (remote ? 'cli-remote' : 'cli-local');
+  geminiOAuthPending = { client, redirectUri, state: csrfToken };
+  geminiOAuthState = { status: 'pending', error: null, email: null };
+  setTimeout(() => {
+    if (geminiOAuthState.status === 'pending') {
+      geminiOAuthState = { status: 'error', error: 'Authentication timed out', email: null };
+      geminiOAuthPending = null;
+    }
+  }, 5 * 60 * 1000);
+  return { authUrl, mode };
+}
+
+export async function exchangeGeminiOAuthCode(code, stateParam) {
+  if (!geminiOAuthPending) throw new Error('No pending OAuth flow. Please start authentication again.');
+  const { client, redirectUri, state: expectedCsrf } = geminiOAuthPending;
+  const { csrfToken } = decodeOAuthState(stateParam);
+  if (csrfToken !== expectedCsrf) {
+    geminiOAuthState = { status: 'error', error: 'State mismatch', email: null };
+    geminiOAuthPending = null;
+    throw new Error('State mismatch - possible CSRF attack.');
+  }
+  if (!code) {
+    geminiOAuthState = { status: 'error', error: 'No authorization code received', email: null };
+    geminiOAuthPending = null;
+    throw new Error('No authorization code received.');
+  }
+  const { tokens } = await client.getToken({ code, redirect_uri: redirectUri });
+  client.setCredentials(tokens);
+  let email = '';
+  try {
+    const { token } = await client.getAccessToken();
+    if (token) {
+      const resp = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', { headers: { Authorization: `Bearer ${token}` } });
+      if (resp.ok) { const info = await resp.json(); email = info.email || ''; }
+    }
+  } catch (_) {}
+  saveGeminiCredentials(tokens, email);
+  geminiOAuthState = { status: 'success', error: null, email };
+  geminiOAuthPending = null;
+  return email;
+}
+
+export async function handleGeminiOAuthCallback(req, res, PORT) {
+  const reqUrl = new URL(req.url, `http://localhost:${PORT}`);
+  const code = reqUrl.searchParams.get('code');
+  const state = reqUrl.searchParams.get('state');
+  const error = reqUrl.searchParams.get('error');
+  const errorDesc = reqUrl.searchParams.get('error_description');
+  if (error) {
+    const desc = errorDesc || error;
+    geminiOAuthState = { status: 'error', error: desc, email: null };
+    geminiOAuthPending = null;
+  }
+  const stateData = decodeOAuthState(state || '');
+  if (stateData.relayUrl) {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(oauthRelayPage(code, state, errorDesc || error));
+    return;
+  }
+  if (!geminiOAuthPending) {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(oauthResultPage('Authentication Failed', 'No pending OAuth flow.', false));
+    return;
+  }
+  try {
+    if (error) throw new Error(errorDesc || error);
+    const email = await exchangeGeminiOAuthCode(code, state);
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(oauthResultPage('Authentication Successful', email ? `Signed in as ${email}` : 'Gemini CLI credentials saved.', true));
+  } catch (e) {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(oauthResultPage('Authentication Failed', e.message, false));
+  }
+}
+
+export function getGeminiOAuthStatus() {
+  try {
+    if (fs.existsSync(GEMINI_OAUTH_FILE)) {
+      const creds = JSON.parse(fs.readFileSync(GEMINI_OAUTH_FILE, 'utf8'));
+      if (creds.refresh_token || creds.access_token) {
+        let email = '';
+        try {
+          if (fs.existsSync(GEMINI_ACCOUNTS_FILE)) {
+            const accts = JSON.parse(fs.readFileSync(GEMINI_ACCOUNTS_FILE, 'utf8'));
+            email = accts.active || '';
+          }
+        } catch (_) {}
+        return { hasKey: true, apiKey: email || '****oauth', defaultModel: '', path: GEMINI_OAUTH_FILE, authMethod: 'oauth' };
+      }
+    }
+  } catch (_) {}
+  return null;
+}
+
+export function getGeminiOAuthState() { return geminiOAuthState; }
+export function getGeminiOAuthPending() { return geminiOAuthPending; }

package/lib/speech-manager.js

@@ -0,0 +1,203 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { createRequire } from 'module';
+
+let speechModule = null;
+let _broadcastSync = null;
+let _syncClients = null;
+let _queries = null;
+
+export function initSpeechManager({ broadcastSync, syncClients, queries }) {
+  _broadcastSync = broadcastSync;
+  _syncClients = syncClients;
+  _queries = queries;
+}
+
+export async function ensurePocketTtsSetup(onProgress) {
+  const r = createRequire(import.meta.url);
+  const serverTTS = r('webtalk/server-tts');
+  return serverTTS.ensureInstalled(onProgress);
+}
+
+export async function getSpeech() {
+  if (!speechModule) speechModule = await import('./speech.js');
+  return speechModule;
+}
+
+const ttsTextAccumulators = new Map();
+
+export const voiceCacheManager = {
+  generating: new Map(),
+  maxCacheSize: 10 * 1024 * 1024,
+  async getOrGenerateCache(conversationId, text) {
+    const cacheKey = `${conversationId}:${text}`;
+    if (this.generating.has(cacheKey)) {
+      return new Promise((resolve) => {
+        const checkInterval = setInterval(() => {
+          const cached = _queries.getVoiceCache(conversationId, text);
+          if (cached) { clearInterval(checkInterval); resolve(cached); }
+        }, 50);
+      });
+    }
+    const cached = _queries.getVoiceCache(conversationId, text);
+    if (cached) return cached;
+    this.generating.set(cacheKey, true);
+    try {
+      const speech = await getSpeech();
+      const audioBlob = await speech.synthesize(text, 'default');
+      const saved = _queries.saveVoiceCache(conversationId, text, audioBlob);
+      const totalSize = _queries.getVoiceCacheSize(conversationId);
+      if (totalSize > this.maxCacheSize) {
+        const needed = totalSize - this.maxCacheSize;
+        _queries.deleteOldestVoiceCache(conversationId, needed);
+      }
+      return saved;
+    } finally {
+      this.generating.delete(cacheKey);
+    }
+  }
+};
+
+export const modelDownloadState = {
+  downloading: false,
+  progress: null,
+  error: null,
+  complete: false,
+  startTime: null,
+  downloadMetrics: new Map()
+};
+
+export function broadcastModelProgress(progress) {
+  modelDownloadState.progress = progress;
+  const broadcastData = {
+    type: 'model_download_progress',
+    modelId: progress.type || 'unknown',
+    bytesDownloaded: progress.bytesDownloaded || 0,
+    bytesRemaining: progress.bytesRemaining || 0,
+    totalBytes: progress.totalBytes || 0,
+    downloadSpeed: progress.downloadSpeed || 0,
+    eta: progress.eta || 0,
+    retryCount: progress.retryCount || 0,
+    currentGateway: progress.currentGateway || '',
+    status: progress.status || (progress.done ? 'completed' : progress.downloading ? 'downloading' : 'paused'),
+    percentComplete: progress.percentComplete || 0,
+    completedFiles: progress.completedFiles || 0,
+    totalFiles: progress.totalFiles || 0,
+    timestamp: Date.now(),
+    ...progress
+  };
+  _broadcastSync(broadcastData);
+}
+
+async function validateAndCleanupModels(modelsDir) {
+  try {
+    const manifestPath = path.join(modelsDir, '.manifests.json');
+    if (fs.existsSync(manifestPath)) {
+      try {
+        const content = fs.readFileSync(manifestPath, 'utf8');
+        JSON.parse(content);
+      } catch (e) {
+        console.error('[MODELS] Manifest corrupted, removing:', e.message);
+        fs.unlinkSync(manifestPath);
+      }
+    }
+    const files = fs.readdirSync(modelsDir);
+    for (const file of files) {
+      if (file.endsWith('.tmp')) {
+        try { fs.unlinkSync(path.join(modelsDir, file)); console.log('[MODELS] Cleaned up temp file:', file); }
+        catch (e) { console.warn('[MODELS] Failed to clean:', file); }
+      }
+    }
+  } catch (e) {
+    console.warn('[MODELS] Cleanup check failed:', e.message);
+  }
+}
+
+export async function ensureModelsDownloaded() {
+  if (modelDownloadState.downloading) {
+    while (modelDownloadState.downloading) { await new Promise(r => setTimeout(r, 100)); }
+    return modelDownloadState.complete;
+  }
+  modelDownloadState.downloading = true;
+  modelDownloadState.error = null;
+  try {
+    const r = createRequire(import.meta.url);
+    const { createConfig } = r('webtalk/config');
+    const { ensureModel } = r('webtalk/whisper-models');
+    const { ensureTTSModels } = r('webtalk/tts-models');
+    const gmguiModels = path.join(os.homedir(), '.gmgui', 'models');
+    const modelsBase = process.env.PORTABLE_EXE_DIR
+      ? (fs.existsSync(path.join(process.env.PORTABLE_EXE_DIR, 'models', 'onnx-community')) ? path.join(process.env.PORTABLE_EXE_DIR, 'models') : gmguiModels)
+      : gmguiModels;
+    await validateAndCleanupModels(modelsBase);
+    const config = createConfig({ modelsDir: modelsBase, ttsModelsDir: path.join(modelsBase, 'tts') });
+    const onProgress = (progress) => { broadcastModelProgress({ ...progress, started: true, done: false, downloading: true }); };
+    broadcastModelProgress({ started: true, done: false, downloading: true, type: 'whisper', status: 'starting' });
+    await ensureModel('onnx-community/whisper-base', config, onProgress);
+    broadcastModelProgress({ started: true, done: false, downloading: true, type: 'tts', status: 'starting' });
+    await ensureTTSModels(config, onProgress);
+    modelDownloadState.complete = true;
+    broadcastModelProgress({ started: true, done: true, complete: true, downloading: false });
+    return true;
+  } catch (err) {
+    console.error('[MODELS] Download error:', err.message);
+    modelDownloadState.error = err.message;
+    broadcastModelProgress({ done: true, error: err.message });
+    return false;
+  } finally {
+    modelDownloadState.downloading = false;
+  }
+}
+
+export function eagerTTS(text, conversationId, sessionId) {
+  const key = `${conversationId}:${sessionId}`;
+  let acc = ttsTextAccumulators.get(key);
+  if (!acc) { acc = { text: '', timer: null }; ttsTextAccumulators.set(key, acc); }
+  acc.text += text;
+  if (acc.timer) clearTimeout(acc.timer);
+  acc.timer = setTimeout(() => flushTTSaccumulator(key, conversationId, sessionId), 600);
+}
+
+function flushTTSaccumulator(key, conversationId, sessionId) {
+  const acc = ttsTextAccumulators.get(key);
+  if (!acc || !acc.text) return;
+  const text = acc.text.trim();
+  acc.text = '';
+  ttsTextAccumulators.delete(key);
+  getSpeech().then(speech => {
+    const status = speech.getStatus();
+    if (!status.ttsReady || status.ttsError) return;
+    const voices = new Set();
+    for (const ws of _syncClients) {
+      const vid = ws.ttsVoiceId || 'default';
+      const convKey = `conv-${conversationId}`;
+      if (ws.subscriptions && (ws.subscriptions.has(sessionId) || ws.subscriptions.has(convKey))) {
+        voices.add(vid);
+      }
+    }
+    if (voices.size === 0) return;
+    for (const vid of voices) {
+      const cacheKey = speech.ttsCacheKey(text, vid);
+      const cached = speech.ttsCacheGet(cacheKey);
+      if (cached) { pushTTSAudio(cacheKey, cached, conversationId, sessionId, vid); continue; }
+      speech.synthesize(text, vid).then(wav => {
+        if (speech.ttsCacheSet) speech.ttsCacheSet(cacheKey, wav);
+        pushTTSAudio(cacheKey, wav, conversationId, sessionId, vid);
+      }).catch(() => {});
+    }
+  }).catch(() => {});
+}
+
+function pushTTSAudio(cacheKey, wav, conversationId, sessionId, voiceId) {
+  const b64 = wav.toString('base64');
+  _broadcastSync({
+    type: 'tts_audio',
+    cacheKey,
+    audio: b64,
+    voiceId,
+    conversationId,
+    sessionId,
+    timestamp: Date.now()
+  });
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentgui",
-  "version": "1.0.752",
+  "version": "1.0.754",
   "description": "Multi-agent ACP client with real-time communication",
   "type": "module",
   "main": "electron/main.js",