cicy-desktop 2.1.41 → 2.1.43

package/src/backends/homepage-react/index.html

@@ -4,7 +4,7 @@
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <title>CiCy Desktop</title>
-  <script type="module" crossorigin src="./assets/index-BhLjpIIu.js"></script>
+  <script type="module" crossorigin src="./assets/index-BqRSij9W.js"></script>
   <link rel="stylesheet" crossorigin href="./assets/index-CNVsvsZX.css">
 </head>
 <body>

package/src/backends/homepage-window.js

@@ -1,26 +1,26 @@
 // Homepage window — primary CiCy Desktop window. Singleton; closing it
 // does NOT quit the app.
 //
-// URL selection:
-//   1. CICY_HOMEPAGE_URL env (Vite dev server) — wins everywhere if set;
-//      if the URL fails to load (tunnel down, server not running) the window
-//      automatically falls back to the local file:// SPA.
-//   2. Windows: remote https://desktop.cicy-ai.com — keeps Win shipping
-//      without rebuilding (Win release cadence is slower than render's)
-//   3. Mac/Linux: bundled local SPA file:// — works offline, no mixed-
-//      content concerns when embedding the team-assistant webview
-//      (the cicy-desktop preload's IPC bridge still attaches).
+// URL selection (HARDCODED — no env/dev-URL switch, no Vite):
+//   - Windows: the remote Cloudflare worker https://desktop.cicy-ai.com — keeps
+//     Win shipping without rebuilding (Win release cadence is slower than
+//     render's). Falls back to the local file:// SPA if unreachable.
+//   - Mac/Linux: the bundled local SPA file:// — works offline, fast, no remote
+//     dependency, no mixed-content concerns when embedding the team-assistant
+//     webview (the cicy-desktop preload's IPC bridge still attaches).
 
 const path = require("path");
 const { BrowserWindow } = require("electron");
 const log = require("electron-log");
 
-const REMOTE_URL = "https://desktop.cicy-ai.com/";
-const DEV_URL = process.env.CICY_HOMEPAGE_URL || "";
+// Hardcoded homepage source — no Vite / CICY_HOMEPAGE_URL dev-URL switch.
+//   - mac/linux: the bundled file:// SPA (offline, fast, no remote dependency).
+//   - Windows:   the remote Cloudflare worker (Win release cadence is slower
+//                than render's, so it loads the homepage remotely).
+const REMOTE_URL = "https://desktop.cicy-ai.com/"; // Cloudflare worker (remote homepage)
 const LOCAL_INDEX = path.join(__dirname, "homepage-react", "index.html");
 
 function pickHomepageURL() {
-  if (DEV_URL) return DEV_URL;
   if (process.platform === "win32") return REMOTE_URL;
   return `file://${LOCAL_INDEX}`;
 }
@@ -88,8 +88,10 @@ async function openHomepage() {
   homepage.webContents.on("did-fail-load", (_e, code, desc, url) => {
     console.error(`[homepage] did-fail-load ${code} ${desc} ${url}`);
     const fallback = `file://${LOCAL_INDEX}`;
-    if (url && DEV_URL && url.startsWith(DEV_URL.replace(/\/$/, "")) && url !== fallback) {
-      log.warn(`[homepage] dev URL unreachable, falling back to ${fallback}`);
+    // If the remote (Windows) Cloudflare homepage is unreachable, fall back to
+    // the bundled local SPA so the window never stays blank.
+    if (url && url.startsWith(REMOTE_URL.replace(/\/$/, "")) && url !== fallback) {
+      log.warn(`[homepage] remote homepage unreachable, falling back to ${fallback}`);
       homepage.loadURL(fallback);
     }
   });

package/src/main.js

@@ -669,6 +669,10 @@ electronApp.whenReady().then(async () => {
   backendsIPC.register({ sidecarLogPath: path.join(os.homedir(), "logs", "cicy-code-sidecar.log") });
   require("./backends/sidecar-ipc").register({ sidecarLogPath: path.join(os.homedir(), "logs", "cicy-code-sidecar.log") });
 
+  // window.cicy.artifact bridge — CDP/webContents control of the cicy-code
+  // 产物 (artifact) <webview> guest. Injected renderer-side in window-utils.js.
+  require("./backends/artifact-ipc").register();
+
   // Browser-login loopback listener. Renderer calls auth:login-start when
   // the user clicks Login; main opens a 127.0.0.1 server + the browser,
   // and broadcasts auth:complete back to the homepage window once the
@@ -676,10 +680,38 @@ electronApp.whenReady().then(async () => {
   {
     const auth = require("./backends/auth-loopback");
     const { ipcMain: __ipcMainAuth } = require("electron");
+    const { readGlobalConfig, updateGlobalConfig } = require("./utils/global-json");
+    const GLOBAL_JSON = path.join(os.homedir(), "cicy-ai", "global.json");
+
+    // Persist the cloud login durably in the MAIN process (global.json),
+    // independent of the homepage renderer's origin. The renderer keeps the
+    // token in localStorage, which Chromium scopes to the homepage window's
+    // origin — and that origin drifts (file:// on mac, https://desktop.cicy-ai.com
+    // on Windows, http://<ip>:port or the team domain when CICY_HOMEPAGE_URL is
+    // set). A token saved under one origin is invisible after the URL changes,
+    // which forced the user to log in again and again. Storing it here and
+    // restoring it on every homepage load makes "logged in once" survive origin
+    // changes, restarts and public-URL switches. ONLY explicit logout clears it.
+    const saveDesktopAuth = (p) => {
+      try {
+        updateGlobalConfig(GLOBAL_JSON, (c) => {
+          c.desktopAuth = {
+            token: p.token || "",
+            accessToken: p.accessToken || "",
+            userId: p.userId != null ? String(p.userId) : "",
+            savedAt: Date.now(),
+          };
+          return c;
+        });
+        log.info("[auth] desktop login persisted to global.json (origin-independent)");
+      } catch (e) { log.warn(`[auth] persist failed: ${e.message}`); }
+    };
+
     __ipcMainAuth.handle("auth:login-start", async () => {
       try {
         await auth.startLogin({
           onResult: (payload) => {
+            if (payload && payload.token) saveDesktopAuth(payload);
             const hw = require("./backends/homepage-window");
             const w = hw.getHomepageWindow && hw.getHomepageWindow();
             if (w && !w.isDestroyed()) {
@@ -694,6 +726,29 @@ electronApp.whenReady().then(async () => {
       }
     });
     __ipcMainAuth.handle("auth:login-cancel", () => { auth.cancel(); return { ok: true }; });
+
+    // Origin-independent restore. The homepage SPA calls this on mount; if its
+    // own (origin-scoped) localStorage has no token, it adopts this one — so a
+    // homepage URL/origin change never forces a needless re-login.
+    __ipcMainAuth.handle("auth:get-saved", () => {
+      try {
+        const c = readGlobalConfig(GLOBAL_JSON);
+        const a = c && c.desktopAuth;
+        if (a && a.token) {
+          return { token: a.token, accessToken: a.accessToken || "", userId: a.userId || "" };
+        }
+      } catch (e) { log.warn(`[auth] get-saved failed: ${e.message}`); }
+      return null;
+    });
+
+    // Explicit logout is the ONLY thing that clears the durable store.
+    __ipcMainAuth.handle("auth:logout", () => {
+      try {
+        updateGlobalConfig(GLOBAL_JSON, (c) => { delete c.desktopAuth; return c; });
+        log.info("[auth] desktop login cleared (explicit logout)");
+      } catch (e) { log.warn(`[auth] logout clear failed: ${e.message}`); }
+      return { ok: true };
+    });
   }
 
   // Local-team discovery — reads ~/cicy-ai/global.json's cicyDesktopNodes

package/src/tools/index.js

@@ -17,4 +17,5 @@ module.exports = [
   require("./ipc-bridge"),
   require("./hook-gemini"),
   require("./chrome-tools"),
+  require("./list-tools"),
 ];

package/src/tools/list-tools.js

@@ -0,0 +1,46 @@
+const { z } = require("zod");
+const { loadToolCatalog } = require("../server/tool-catalog");
+const { zodToJsonSchema } = require("../server/tool-registry");
+
+// A meta-tool: lets any electronRPC caller (renderer, <webview>, agent-desktop
+// `rpc list_tools`) discover the full set of registered tools at runtime —
+// previously the only index was HTTP /openapi.json, unreachable over the IPC /
+// desktop_event bridge.
+module.exports = (registerTool) => {
+  registerTool(
+    "list_tools",
+    "列出本机 cicy-desktop 当前注册的所有 electronRPC 工具(name/description/tag;可选 inputSchema)。用于运行时发现可调用工具全集。",
+    z.object({
+      tag: z.string().optional().describe("只列某个 tag 下的工具,如 Chrome / System / General"),
+      schema: z.boolean().optional().describe("为 true 时附带每个工具的 inputSchema(JSON Schema)"),
+      names_only: z.boolean().optional().describe("为 true 时只返回工具名数组"),
+    }),
+    async ({ tag, schema, names_only } = {}) => {
+      const cat = loadToolCatalog();
+      let records = Array.from(cat.toolsByName.values());
+      if (tag) records = records.filter((r) => (r.tag || "General") === tag);
+      records.sort(
+        (a, b) => (a.tag || "General").localeCompare(b.tag || "General") || a.name.localeCompare(b.name)
+      );
+
+      let payload;
+      if (names_only) {
+        payload = { count: records.length, tools: records.map((r) => r.name) };
+      } else {
+        payload = {
+          count: records.length,
+          tags: [...new Set(records.map((r) => r.tag || "General"))].sort(),
+          tools: records.map((r) => {
+            const t = { name: r.name, description: r.description, tag: r.tag || "General" };
+            if (schema) {
+              try { t.inputSchema = zodToJsonSchema(r.schema); } catch { t.inputSchema = null; }
+            }
+            return t;
+          }),
+        };
+      }
+      return { content: [{ type: "text", text: JSON.stringify(payload, null, 2) }] };
+    },
+    { tag: "System" }
+  );
+};

package/src/utils/window-utils.js

@@ -75,6 +75,44 @@ function setupWindowHandlers(win) {
               console.log('[RPC] electronRPC ready');
             } catch(e) {}
           }
+          // window.cicy.artifact — remote control of the 产物 (artifact) <webview>
+          // guest webContents for cicy-code's artifactBridge.ts. Targets the
+          // element id 'cicy-artifact-webview'; round-trips to artifact-ipc.js.
+          (function(){
+            try {
+              if (window.cicy && window.cicy.artifact) return;
+              const { ipcRenderer } = require('electron');
+              window.cicy = window.cicy || {};
+              const guestId = () => {
+                const el = document.getElementById('cicy-artifact-webview');
+                if (!el || typeof el.getWebContentsId !== 'function')
+                  throw new Error('artifact webview not mounted (open the 产物 tab once)');
+                return el.getWebContentsId();
+              };
+              let _attached = false;
+              window.cicy.artifact = {
+                invoke: (method, args) =>
+                  ipcRenderer.invoke('artifact:invoke', { guestId: guestId(), method, args: args || [] }),
+                cdp: {
+                  attach: (protocolVersion) =>
+                    ipcRenderer.invoke('artifact:cdp-attach', { guestId: guestId(), protocolVersion })
+                      .then((r) => { _attached = true; return r; }),
+                  detach: () =>
+                    ipcRenderer.invoke('artifact:cdp-detach', { guestId: guestId() })
+                      .then((r) => { _attached = false; return r; }),
+                  isAttached: () => _attached,
+                  send: (method, params) =>
+                    ipcRenderer.invoke('artifact:cdp-send', { guestId: guestId(), method, params: params || {} }),
+                },
+              };
+              try { ipcRenderer.removeAllListeners('artifact:event'); } catch(e) {}
+              ipcRenderer.on('artifact:event', (_e, detail) => {
+                if (detail && detail.source === 'cdp' && detail.method === '__detached') _attached = false;
+                try { window.dispatchEvent(new CustomEvent('cicy-artifact-event', { detail: detail })); } catch(e) {}
+              });
+              console.log('[artifact] window.cicy.artifact ready');
+            } catch(e) { console.error('[artifact] bridge inject failed', e && e.message); }
+          })();
         `;
         if (win.webContents.debugger.isAttached()) {
           await win.webContents.debugger.sendCommand("Runtime.evaluate", { expression: rpcCode });

package/workers/render/src/App.jsx

@@ -34,6 +34,9 @@ export default function App() {
   // Required as `New-Api-User: <id>` header on every console-API call —
   // middleware.UserAuth() rejects requests without it.
   const [userId, setUserId] = useState(() => safeGet(USER_ID_KEY));
+  // True while we ask main for a durably-saved login (origin-independent).
+  // Prevents the login card from flashing on every launch before restore.
+  const [authRestoring, setAuthRestoring] = useState(() => !safeGet(TOKEN_KEY));
   const [loggingIn, setLoggingIn] = useState(false);
   const [error, setError] = useState("");
   const [welcome, setWelcome] = useState("");
@@ -338,6 +341,38 @@ export default function App() {
   // happens INSIDE the agent via `agent-webpage exec-js navigator.language`
   // against the same client — see AGENTS.md.)
 
+  // Restore login from the main-process durable store when THIS origin's
+  // localStorage has none. The homepage origin drifts (file:// / the team
+  // domain / an IP:port), and localStorage is origin-scoped, so without this a
+  // token saved under a previous origin would force a needless re-login. Main
+  // persists the login origin-independently (global.json); we adopt it here so
+  // "logged in once" stays valid until an explicit logout.
+  useEffect(() => {
+    if (safeGet(TOKEN_KEY)) { setAuthRestoring(false); return; }
+    if (!window.cicy?.auth?.getSaved) { setAuthRestoring(false); return; }
+    let cancelled = false;
+    (async () => {
+      try {
+        const saved = await window.cicy.auth.getSaved();
+        if (cancelled) return;
+        if (saved?.token) {
+          try { localStorage.setItem(TOKEN_KEY, saved.token); } catch {}
+          setToken(saved.token);
+          if (saved.accessToken) {
+            try { localStorage.setItem(ACCESS_TOKEN_KEY, saved.accessToken); } catch {}
+            setAccessToken(saved.accessToken);
+          }
+          if (saved.userId) {
+            try { localStorage.setItem(USER_ID_KEY, String(saved.userId)); } catch {}
+            setUserId(String(saved.userId));
+          }
+        }
+      } catch {}
+      finally { if (!cancelled) setAuthRestoring(false); }
+    })();
+    return () => { cancelled = true; };
+  }, []);
+
   // auth:complete from main.
   useEffect(() => {
     if (!window.cicy?.auth?.onComplete) return;
@@ -385,6 +420,9 @@ export default function App() {
       localStorage.removeItem(ACCESS_TOKEN_KEY);
       localStorage.removeItem(USER_ID_KEY);
     } catch {}
+    // Clear the durable main-process store too — explicit logout is the ONLY
+    // path that should invalidate the persisted login.
+    try { window.cicy?.auth?.logout?.(); } catch {}
     setToken(null);
     setAccessToken(null);
     setUserId(null);
@@ -394,6 +432,20 @@ export default function App() {
     setProfileError("");
   }
 
+  // Still checking the durable store — show a minimal splash, not the login
+  // card, so we never flash "please log in" before restore completes.
+  if (!token && authRestoring) {
+    return (
+      <div className="shell" data-id="AuthRestoringSplash">
+        <div className="glow" aria-hidden />
+        <div className="card">
+          <Brand />
+          <div className="spinner-row"><Spinner /><span>正在恢复登录…</span></div>
+        </div>
+      </div>
+    );
+  }
+
   // Not logged in yet → centered login card.
   if (!token) {
     return (