cicy-desktop 2.1.113 → 2.1.114

package/src/backends/homepage-react/index.html

@@ -6,7 +6,7 @@
   <link rel="icon" type="image/svg+xml" href="./favicon.svg" />
   <link rel="icon" type="image/png" sizes="256x256" href="./favicon-256.png" />
   <title>CiCy Desktop</title>
-  <script type="module" crossorigin src="./assets/index-CgqXmbpX.js"></script>
+  <script type="module" crossorigin src="./assets/index-CmVf11CZ.js"></script>
   <link rel="stylesheet" crossorigin href="./assets/index-BcVFakIC.css">
 </head>
 <body>

package/src/backends/sidecar-ipc.js

@@ -130,13 +130,33 @@ function register({ sidecarLogPath } = {}) {
   };
   // Register the running :8009 instance as a (custom) team so the card's "打开"
   // reuses the token-injected open/reload flow. addTeam dedups by host:port.
+  // Upsert the :8009 team with the CONTAINER's OWN live token. Critical: never
+  // fall back to the host 8008 token (addTeam auto-fills global.json on an empty
+  // api_token — that's the host credential, which 8009 rejects → login screen).
+  // Returns the team id, or {ok:false} when the container token can't be read.
   const registerAppTeam = async () => {
+    const lt = require("./local-teams");
+    const tok = await wslDocker.readContainerToken(APP_PORT); // retried inside
+    if (!tok) return { ok: false, error: "no_token", id: null };
+    const r = await lt.addTeam({ base_url: `http://127.0.0.1:${APP_PORT}`, name: "Docker cicy-code", api_token: tok });
+    return { ok: true, id: r && r.id };
+  };
+
+  // Card「打开」→ ALWAYS re-read the live container token and upsert the team
+  // before opening, so the URL carries the current ?token= (a token captured at
+  // install time goes stale after the container is recreated/reset). If the
+  // token can't be read we refuse to open — opening tokenless / with the host
+  // token just strands the user at a login screen (主人: 必须拿到 token 才能打开).
+  ipcMain.handle("docker:app-open", async () => {
+    if (process.platform !== "win32") return { ok: false, error: "windows_only" };
     try {
+      const reg = await registerAppTeam();
+      if (!reg.ok || !reg.id) return { ok: false, error: reg.error || "no_token" };
       const lt = require("./local-teams");
-      const tok = await wslDocker.readContainerToken(APP_PORT);
-      await lt.addTeam({ base_url: `http://127.0.0.1:${APP_PORT}`, name: "Docker cicy-code", ...(tok ? { api_token: tok } : {}) });
-    } catch { /* best-effort — the container itself is up */ }
-  };
+      const r = await lt.openTeam(reg.id);
+      return r && r.ok ? { ok: true } : { ok: false, error: (r && r.error) || "open_failed" };
+    } catch (e) { return { ok: false, error: e.message }; }
+  });
 
   // One-click bootstrap (方案 A): ensure WSL2 → Ubuntu → Docker Engine → load
   // image → start :8009 container → health. Streams phase/progress on

package/src/sidecar/wsl-docker.js

@@ -262,17 +262,26 @@ async function runContainer({ port = 8009, container = "cicy-code-docker", volum
   return { started: true };
 }
 
-// Read the container's own api_token (its volume-persisted global.json) for the
-// team registration — the host token is a different credential.
+// Read the container's OWN api_token (its volume-persisted global.json). This is
+// the ONLY correct credential for :8009 — the host's 8008 token is different and
+// 8009 rejects it. Retries because right after start the entrypoint may not have
+// written global.json yet; returns "" only if it truly can't be read (callers
+// must then NOT open with a wrong/host token — that strands the user at login).
 async function readContainerToken(port = 8009, container = "cicy-code-docker") {
-  try {
-    // Look the container up by name and read the token from inside it.
-    const { stdout } = await wslRun(`docker ps --filter "name=${container}" --format '{{.Names}}'`, { timeout: 10000 });
-    const name = stdout.trim().split("\n")[0];
-    if (!name) return "";
-    const r = await wslRun(`docker exec ${name} cat /home/cicy/cicy-ai/global.json`, { timeout: 10000 });
-    return JSON.parse(r.stdout).api_token || "";
-  } catch { return ""; }
+  for (let attempt = 1; attempt <= 5; attempt++) {
+    try {
+      // Look the container up by name and read the token from inside it.
+      const { stdout } = await wslRun(`docker ps --filter "name=${container}" --format '{{.Names}}'`, { timeout: 10000 });
+      const name = stdout.trim().split("\n")[0];
+      if (name) {
+        const r = await wslRun(`docker exec ${name} cat /home/cicy/cicy-ai/global.json`, { timeout: 10000 });
+        const tok = JSON.parse(r.stdout).api_token || "";
+        if (tok) return tok;
+      }
+    } catch { /* container/global.json not ready yet — retry */ }
+    await new Promise((r) => setTimeout(r, 2000));
+  }
+  return "";
 }
 
 // Register a Windows logon task that starts dockerd in our distro on every

package/workers/render/src/App.jsx

@@ -740,7 +740,15 @@ export default function App() {
           {showLocal && (
             <DockerCard
               dockerTeam={dockerTeam}
-              onOpen={(id) => { if (id) openLocalTeam(id); else window.cicy?.tabs?.open?.("http://127.0.0.1:8009", "Docker cicy-code"); }}
+              onOpen={async () => {
+                // Always open via the live-token path: re-reads the container's
+                // own api_token and refuses to open a tokenless/host-token page
+                // (主人: 必须拿到 token 才能打开,否则被卡在登录页).
+                try {
+                  const r = await window.cicy?.docker?.appOpen?.();
+                  if (!r?.ok) window.alert("拿不到容器 token,无法打开 :8009。请确认服务已就绪(或用卡片菜单「重启」)后再试。");
+                } catch (e) { console.warn("[DockerCard] open", e); }
+              }}
               onRefresh={fetchLocalTeams}
             />
           )}