banana-code 1.2.0

package/lib/monkeyModels.js

@@ -0,0 +1,97 @@
+/**
+ * Monkey Models API Client for Banana Code CLI
+ * Cloud provider wrapping OpenAICompatibleClient.
+ *
+ * Base URL: https://monkey-models-production.up.railway.app
+ * Tiers: silverback, mandrill, gibbon, tamarin
+ * Auth: Bearer token in Authorization header
+ * Vision: image_url content blocks (server proxies to Gemini Flash)
+ * The server handles personality injection, so no system prompts needed.
+ */
+
+const { OpenAICompatibleClient } = require('./providerClients');
+
+const MONKEY_MODELS_URL = 'https://monkey-models-production.up.railway.app';
+// Default token for Banana Code's own Monkey Models server.
+// This is a shared service token (not a user secret). Users can override via env var.
+const MONKEY_MODELS_DEFAULT_TOKEN = '086399eca157e4ad2fc0fecfb254da1118d226ac53371757267388b23bd10fa6';
+const MONKEY_MODELS_TOKEN = process.env.BANANA_MONKEY_TOKEN || MONKEY_MODELS_DEFAULT_TOKEN;
+
+const TIERS = ['silverback', 'mandrill', 'gibbon', 'tamarin'];
+
+class MonkeyModelsClient extends OpenAICompatibleClient {
+  constructor(options = {}) {
+    super({
+      label: 'Monkey Models',
+      baseUrl: options.baseUrl || MONKEY_MODELS_URL,
+      bearerToken: options.token || MONKEY_MODELS_TOKEN,
+      ...options
+    });
+  }
+
+  /**
+   * Sanitizes error messages to prevent leaking upstream provider details (like OpenRouter).
+   * @param {string} errorText The raw error text from the provider.
+   * @returns {string} A sanitized error message.
+   */
+  _sanitizeError(errorText) {
+    if (!errorText) return '';
+    // If it looks like it contains OpenRouter or specific provider JSON/strings,
+    // we want to strip that out and just provide a clean error.
+    // The user's error shows: "OpenRouter 429: {\"error\":{\"message\":\"Provider returned error\"...}}"
+    
+    // Check if it's an error that contains JSON or common provider markers
+    if (errorText.includes('OpenRouter') || errorText.includes('provider_name') || errorText.includes('is_byok')) {
+      return 'Service is temporarily unavailable or rate-limited. Please try again shortly.';
+    }
+    
+    return errorText;
+  }
+
+  /**
+   * Overrides _request to sanitize error messages for Monkey Models.
+   */
+  async _request(path, body, signal) {
+    try {
+      return await super._request(path, body, signal);
+    } catch (err) {
+      if (err.message.startsWith('Monkey Models error')) {
+        // Extract the part after the prefix
+        const parts = err.message.split(': ');
+        if (parts.length > 1) {
+          const originalError = parts.slice(1).join(': ');
+          const sanitized = this._sanitizeError(originalError);
+          throw new Error(`Monkey Models error: ${sanitized}`);
+        }
+      }
+      throw err;
+    }
+  }
+
+  /**
+   * GET /health - no auth required.
+   * Returns parsed JSON on success, null on failure.
+   */
+  async healthCheck() {
+    try {
+      const response = await fetch(`${this.baseUrl}/health`, {
+        signal: AbortSignal.timeout(5000)
+      });
+      if (!response.ok) return null;
+      return await response.json();
+    } catch {
+      return null;
+    }
+  }
+
+  /**
+   * Check connectivity via health endpoint first, then fall back to parent.
+   */
+  async isConnected(options = {}) {
+    const health = await this.healthCheck();
+    if (health) return true;
+    return super.isConnected(options);
+  }
+}
+
+module.exports = { MonkeyModelsClient, MONKEY_MODELS_URL, TIERS };

package/lib/oauthOpenAI.js

@@ -0,0 +1,167 @@
+const OPENAI_AUTH_ISSUER = 'https://auth.openai.com';
+const OPENAI_CODEX_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+
+function trimSlash(url) {
+  return (url || '').replace(/\/+$/, '');
+}
+
+function sleep(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+function parseInterval(value) {
+  const parsed = Number.parseInt(String(value || ''), 10);
+  return Number.isFinite(parsed) && parsed > 0 ? parsed : 5;
+}
+
+async function readError(response, prefix) {
+  const text = await response.text().catch(() => '');
+  throw new Error(`${prefix} (${response.status}): ${text || response.statusText}`);
+}
+
+async function requestDeviceCode(options = {}) {
+  const issuer = trimSlash(options.issuer || OPENAI_AUTH_ISSUER);
+  const clientId = options.clientId || OPENAI_CODEX_CLIENT_ID;
+  const response = await fetch(`${issuer}/api/accounts/deviceauth/usercode`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ client_id: clientId })
+  });
+
+  if (!response.ok) {
+    await readError(response, 'OpenAI device code request failed');
+  }
+
+  const data = await response.json();
+  return {
+    issuer,
+    clientId,
+    verificationUrl: `${issuer}/codex/device`,
+    userCode: data.user_code || data.usercode,
+    deviceAuthId: data.device_auth_id,
+    interval: parseInterval(data.interval)
+  };
+}
+
+async function pollForDeviceAuthorization(deviceCode, options = {}) {
+  const timeoutMs = options.timeoutMs || 15 * 60 * 1000;
+  const started = Date.now();
+  const issuer = trimSlash(deviceCode.issuer || OPENAI_AUTH_ISSUER);
+  const pollUrl = `${issuer}/api/accounts/deviceauth/token`;
+
+  while (Date.now() - started < timeoutMs) {
+    const response = await fetch(pollUrl, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        device_auth_id: deviceCode.deviceAuthId,
+        user_code: deviceCode.userCode
+      })
+    });
+
+    if (response.ok) {
+      return await response.json();
+    }
+
+    if (response.status === 403 || response.status === 404) {
+      await sleep((deviceCode.interval || 5) * 1000);
+      continue;
+    }
+
+    await readError(response, 'OpenAI device authorization failed');
+  }
+
+  throw new Error('OpenAI device authorization timed out after 15 minutes');
+}
+
+async function exchangeAuthorizationCode(options) {
+  const issuer = trimSlash(options.issuer || OPENAI_AUTH_ISSUER);
+  const clientId = options.clientId || OPENAI_CODEX_CLIENT_ID;
+  const redirectUri = options.redirectUri || `${issuer}/deviceauth/callback`;
+
+  const form = new URLSearchParams({
+    grant_type: 'authorization_code',
+    code: options.authorizationCode,
+    redirect_uri: redirectUri,
+    client_id: clientId,
+    code_verifier: options.codeVerifier
+  });
+
+  const response = await fetch(`${issuer}/oauth/token`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: form.toString()
+  });
+
+  if (!response.ok) {
+    await readError(response, 'OpenAI authorization-code exchange failed');
+  }
+
+  return await response.json();
+}
+
+async function refreshOpenAIToken(options) {
+  const issuer = trimSlash(options.issuer || OPENAI_AUTH_ISSUER);
+  const clientId = options.clientId || OPENAI_CODEX_CLIENT_ID;
+  const form = new URLSearchParams({
+    client_id: clientId,
+    grant_type: 'refresh_token',
+    refresh_token: options.refreshToken
+  });
+  const response = await fetch(`${issuer}/oauth/token`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: form.toString()
+  });
+
+  if (!response.ok) {
+    await readError(response, 'OpenAI token refresh failed');
+  }
+
+  return await response.json();
+}
+
+function buildTokenRecord(tokenPayload) {
+  const expiresIn = Number(tokenPayload.expires_in);
+  const expiresAt = Number.isFinite(expiresIn)
+    ? new Date(Date.now() + (expiresIn * 1000)).toISOString()
+    : null;
+
+  return {
+    accessToken: tokenPayload.access_token,
+    refreshToken: tokenPayload.refresh_token,
+    idToken: tokenPayload.id_token || null,
+    expiresAt
+  };
+}
+
+function isTokenExpired(expiresAt, skewSeconds = 60) {
+  if (!expiresAt) return false;
+  const expiry = new Date(expiresAt).getTime();
+  if (!Number.isFinite(expiry)) return false;
+  return Date.now() >= (expiry - skewSeconds * 1000);
+}
+
+async function completeDeviceCodeLogin(deviceCode, options = {}) {
+  const authorized = await pollForDeviceAuthorization(deviceCode, options);
+  const tokens = await exchangeAuthorizationCode({
+    issuer: deviceCode.issuer,
+    clientId: deviceCode.clientId,
+    authorizationCode: authorized.authorization_code,
+    codeVerifier: authorized.code_verifier,
+    redirectUri: `${trimSlash(deviceCode.issuer)}/deviceauth/callback`
+  });
+  return buildTokenRecord(tokens);
+}
+
+module.exports = {
+  OPENAI_AUTH_ISSUER,
+  OPENAI_CODEX_CLIENT_ID,
+  requestDeviceCode,
+  pollForDeviceAuthorization,
+  exchangeAuthorizationCode,
+  refreshOpenAIToken,
+  completeDeviceCodeLogin,
+  buildTokenRecord,
+  isTokenExpired
+};

package/lib/parser.js

@@ -0,0 +1,134 @@
+/**
+ * Parser - Extract file operations from AI responses
+ */
+
+/**
+ * Parse AI response for file operations
+ *
+ * Expected format:
+ * <file_operation>
+ * <action>create|edit|delete</action>
+ * <path>relative/path/to/file.ts</path>
+ * <content>
+ * ... file content ...
+ * </content>
+ * </file_operation>
+ *
+ * Also handles common local model variations:
+ * - <fileoperation> (no underscore)
+ * - <file-operation> (hyphen)
+ * - <parameter=action>create</parameter> (Nemotron-style)
+ * - <parameter=path>...</parameter> (Nemotron-style)
+ */
+function parseFileOperations(response) {
+  const operations = [];
+
+  // First, strip markdown code fences that might wrap the XML blocks
+  let cleanedResponse = response
+    .replace(/```(?:xml|html|text)?\s*\n?(<(?:file[-_]?operation)>)/gi, '$1')
+    .replace(/(<\/(?:file[-_]?operation)>)\s*\n?```/gi, '$1');
+
+  // Match file_operation blocks - tolerate missing underscore, hyphen, etc.
+  const operationRegex = /<file[-_]?operation>([\s\S]*?)<\/file[-_]?operation>/gi;
+  let match;
+
+  while ((match = operationRegex.exec(cleanedResponse)) !== null) {
+    const block = match[1];
+
+    // Extract action - standard format OR Nemotron <parameter=action> format
+    const actionMatch = block.match(/<action>(create|edit|delete)<\/action>/i)
+      || block.match(/<parameter\s*=\s*"?action"?\s*>\s*(create|edit|delete)\s*<\/parameter>/i);
+    if (!actionMatch) continue;
+
+    // Extract path - standard format OR Nemotron <parameter=path> format
+    const pathMatch = block.match(/<path>([^<]+)<\/path>/)
+      || block.match(/<parameter\s*=\s*"?path"?\s*>\s*([^<]+?)\s*<\/parameter>/i);
+    if (!pathMatch) continue;
+
+    // Extract content - standard format OR Nemotron <parameter=content> format
+    const contentMatch = block.match(/<content>([\s\S]*?)<\/content>/)
+      || block.match(/<parameter\s*=\s*"?content"?\s*>([\s\S]*?)<\/parameter>/i);
+
+    operations.push({
+      action: actionMatch[1].toLowerCase(),
+      path: pathMatch[1].trim(),
+      content: contentMatch ? contentMatch[1].trim() : null
+    });
+  }
+
+  return operations;
+}
+
+/**
+ * Parse AI response for shell commands
+ *
+ * Expected format:
+ * <run_command>
+ * npm install axios
+ * </run_command>
+ */
+function parseCommands(response) {
+  const commands = [];
+
+  // Strip markdown code fences that might wrap the XML blocks
+  let cleanedResponse = response
+    .replace(/```(?:bash|shell|sh|text)?\s*\n?(<run[-_]?command>)/gi, '$1')
+    .replace(/(<\/run[-_]?command>)\s*\n?```/gi, '$1');
+
+  const commandRegex = /<run[-_]?command>([\s\S]*?)<\/run[-_]?command>/gi;
+  let match;
+
+  while ((match = commandRegex.exec(cleanedResponse)) !== null) {
+    const command = match[1].trim();
+    if (command) {
+      commands.push(command);
+    }
+  }
+
+  return commands;
+}
+
+/**
+ * Extract the explanation text (everything not in special blocks)
+ */
+function extractExplanation(response) {
+  let text = response;
+
+  // Remove file operation blocks (including model variants)
+  text = text.replace(/<file[-_]?operation>[\s\S]*?<\/file[-_]?operation>/gi, '');
+
+  // Remove command blocks (including model variants)
+  text = text.replace(/<run[-_]?command>[\s\S]*?<\/run[-_]?command>/gi, '');
+
+  // Clean up excess whitespace
+  text = text.replace(/\n{3,}/g, '\n\n').trim();
+
+  return text;
+}
+
+/**
+ * Parse a complete AI response
+ */
+function parseResponse(response) {
+  return {
+    explanation: extractExplanation(response),
+    fileOperations: parseFileOperations(response),
+    commands: parseCommands(response)
+  };
+}
+
+/**
+ * Check if response contains any actionable items
+ */
+function hasActions(response) {
+  const parsed = parseResponse(response);
+  return parsed.fileOperations.length > 0 || parsed.commands.length > 0;
+}
+
+module.exports = {
+  parseFileOperations,
+  parseCommands,
+  extractExplanation,
+  parseResponse,
+  hasActions
+};

package/lib/promptManager.js

@@ -0,0 +1,96 @@
+/**
+ * Prompt Manager for Banana Code
+ * Loads system prompts from the prompts/ directory.
+ * Drop any .md file into prompts/ and it becomes available via /prompt <name>.
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+class PromptManager {
+  constructor(promptsDir) {
+    this.promptsDir = promptsDir;
+    this.prompts = {};
+    this.load();
+  }
+
+  load() {
+    this.prompts = {};
+    try {
+      const files = fs.readdirSync(this.promptsDir).filter(f => f.endsWith('.md'));
+      for (const file of files) {
+        const name = path.basename(file, '.md');
+        this.prompts[name] = fs.readFileSync(path.join(this.promptsDir, file), 'utf-8');
+      }
+    } catch {
+      // No prompts directory or can't read - that's ok
+    }
+  }
+
+  /**
+   * Get a prompt by name. Falls back to 'base' if not found.
+   *
+   * For code-agent-* prompts, auto-assembles: base.md + code-agent.md + code-agent-{model}.md
+   * This eliminates duplication - model files only need their unique quirks.
+   *
+   * Injects dynamic OS detection to replace the static ## OS block.
+   */
+  get(name) {
+    let prompt;
+
+    if (name.startsWith('code-agent-') && this.prompts[name]) {
+      // Assemble: base + code-agent (shared tool instructions) + model-specific quirks
+      const parts = [];
+      if (this.prompts['base']) parts.push(this.prompts['base']);
+      if (this.prompts['code-agent']) parts.push(this.prompts['code-agent']);
+      parts.push(this.prompts[name]);
+      prompt = parts.join('\n\n');
+    } else if (name === 'code-agent' && this.prompts['code-agent']) {
+      // code-agent alone: base + code-agent
+      const parts = [];
+      if (this.prompts['base']) parts.push(this.prompts['base']);
+      parts.push(this.prompts['code-agent']);
+      prompt = parts.join('\n\n');
+    } else {
+      prompt = this.prompts[name] || this.prompts['base'] || '';
+    }
+
+    // Dynamic OS detection
+    const osLine = process.platform === 'win32'
+      ? 'Windows. Use PowerShell/cmd syntax for shell commands. No bash, no `ls`, no `grep`. Use `dir`, `Get-ChildItem`, `findstr`, etc.'
+      : process.platform === 'darwin'
+        ? 'macOS. Use bash/zsh syntax for shell commands. No PowerShell, no `dir`, no `findstr`. Use `ls`, `find`, `grep`, etc.'
+        : 'Linux. Use bash syntax for shell commands. No PowerShell, no `dir`, no `findstr`. Use `ls`, `find`, `grep`, etc.';
+    prompt = prompt.replace(/^## OS\n\n.+$/gm, `## OS\n\n${osLine}`);
+    prompt = prompt.replace(/^OS: Windows\..+$/gm, `OS: ${osLine}`);
+    if (process.platform !== 'win32') {
+      prompt = prompt.replace(/PowerShell syntax only/g, 'bash/zsh syntax');
+      prompt = prompt.replace(/PowerShell syntax only, not bash/g, 'bash/zsh syntax');
+      prompt = prompt.replace(/\(PowerShell syntax\)/g, '(bash/zsh syntax)');
+    }
+    return prompt;
+  }
+
+  /**
+   * List available prompt names
+   */
+  list() {
+    return Object.keys(this.prompts);
+  }
+
+  /**
+   * Check if a prompt exists
+   */
+  has(name) {
+    return name in this.prompts;
+  }
+
+  /**
+   * Reload prompts from disk (useful if user drops a new .md file in)
+   */
+  reload() {
+    this.load();
+  }
+}
+
+module.exports = PromptManager;