cicy-desktop 2.1.78 → 2.1.80

package/src/cloud/cloud-client.js

@@ -29,9 +29,46 @@ const GATEWAY_URL = process.env.CICY_GATEWAY_URL || "https://gateway.cicy-ai.com
 const GLOBAL_JSON = path.join(os.homedir(), "cicy-ai", "global.json");
 
 // The two provider slots the gateway key must land in, per the contract.
-const GATEWAY_PROVIDER_KEYS = {
-  defaultAnthropic: "anthropic",
-  defaultOpenAi: "openai",
+// Full item templates (主人 spec): cicy-code needs the complete provider
+// entries — protocol, model list, defaultModel — not just a bare key, or the
+// CLIs can't pick a model. apiKey/url are filled in at injection time.
+const GATEWAY_PROVIDER_TEMPLATES = {
+  defaultAnthropic: {
+    key: "defaultAnthropic",
+    name: "CiCyAi",
+    protocol: "anthropic",
+    defaultModel: "deepseek-v4-pro",
+    defaultModels: {},
+    modelMapping: {},
+    models: [
+      "claude-opus-4-8",
+      "claude-opus-4-7",
+      "claude-opus-4-6",
+      "claude-haiku-4-5-20251001",
+      "claude-sonnet-4-6",
+      "deepseek-v4-pro",
+      "deepseek-v4-flash",
+    ],
+    statusLabel: "Opus 4.8 (1M context)",
+  },
+  defaultOpenAi: {
+    key: "defaultOpenAi",
+    name: "CiCyAi",
+    protocol: "openai",
+    defaultModel: "deepseek-v4-pro",
+    modelMapping: {},
+    models: ["deepseek-v4-pro", "deepseek-v4-flash", "gpt-5.5"],
+  },
+};
+
+// Which provider slot each CLI routes to (providers.default in global.json).
+// Filled in only where missing so a user's own routing override survives.
+const GATEWAY_DEFAULT_ROUTING = {
+  cicy: "defaultAnthropic",
+  claude: "defaultAnthropic",
+  codex: "defaultOpenAi",
+  opencode: "defaultOpenAi",
+  stt: "defaultOpenAi",
 };
 
 // ── token / identity ────────────────────────────────────────────────────────
@@ -47,13 +84,46 @@ function loginToken() {
   }
 }
 
-// Stable per-machine UUID. Generated once and persisted in global.json so the
-// SAME machine keeps one identity across restarts; a win box and a mac box each
-// get their own (the `platform` field reported alongside makes that explicit).
+// A STABLE machine-level id, derived from the OS hardware/install UUID so it
+// survives a wipe of ~/cicy-ai (deviceId lived there before → every wipe minted
+// a NEW device in the cloud = zombie devices). Hashed so we never ship the raw
+// machine id, and normalized to UUID shape across platforms. "" if unreadable.
+function machineStableId() {
+  try {
+    const cp = require("child_process");
+    const fs = require("fs");
+    let raw = "";
+    if (process.platform === "darwin") {
+      const out = cp.execSync("ioreg -rd1 -c IOPlatformExpertDevice", { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"] });
+      const m = out.match(/IOPlatformUUID"\s*=\s*"([^"]+)"/);
+      raw = m ? m[1] : "";
+    } else if (process.platform === "win32") {
+      const out = cp.execSync('reg query "HKLM\\SOFTWARE\\Microsoft\\Cryptography" /v MachineGuid', { encoding: "utf8", stdio: ["ignore", "pipe", "ignore"] });
+      const m = out.match(/MachineGuid\s+REG_SZ\s+([0-9a-fA-F-]+)/);
+      raw = m ? m[1] : "";
+    } else {
+      for (const p of ["/etc/machine-id", "/var/lib/dbus/machine-id"]) {
+        try { raw = fs.readFileSync(p, "utf8").trim(); if (raw) break; } catch {}
+      }
+    }
+    raw = (raw || "").trim();
+    if (!raw) return "";
+    const h = crypto.createHash("sha256").update("cicy-device:" + raw).digest("hex");
+    return `${h.slice(0, 8)}-${h.slice(8, 12)}-${h.slice(12, 16)}-${h.slice(16, 20)}-${h.slice(20, 32)}`;
+  } catch {
+    return "";
+  }
+}
+
+// Stable per-machine device id, persisted in global.json so the SAME machine
+// keeps one identity across restarts. Derived from machineStableId() so a wipe
+// of global.json RE-DERIVES the same id (no zombie devices); a random UUID is
+// only a last-resort fallback when the OS machine id is unreadable. A win box
+// and a mac box each get their own (reported `platform` makes that explicit).
 function getDeviceId() {
   const c = readGlobalConfig(GLOBAL_JSON);
   if (c && typeof c.deviceId === "string" && c.deviceId) return c.deviceId;
-  const id = crypto.randomUUID();
+  const id = machineStableId() || crypto.randomUUID();
   updateGlobalConfig(GLOBAL_JSON, (cfg) => {
     if (!cfg.deviceId) cfg.deviceId = id;
     return cfg;
@@ -62,29 +132,105 @@ function getDeviceId() {
   return readGlobalConfig(GLOBAL_JSON).deviceId || id;
 }
 
-// Best-effort public IP. Optional in the contract (cloud falls back to the peer
-// IP), so a failure here is non-fatal — we just send no publicIp.
-async function getPublicIp({ timeoutMs = 4000 } = {}) {
-  const services = [
-    "https://api.ipify.org?format=json", // { ip }
-    "https://ipinfo.io/json", // { ip, ... }
-  ];
-  for (const url of services) {
+// Detect egress public IP + that IP's geo region. Runs in the Electron MAIN
+// process where global `fetch` goes DIRECT — it does NOT use the Electron
+// session proxy (主人令: 出口 IP 探测不能走 proxy). Each request has its own
+// timeout via AbortController; never throws (returns empty/partial on failure).
+async function detectIpGeo({ timeoutMs = 4000 } = {}) {
+  const tryFetch = async (url) => {
+    const ctrl = new AbortController();
+    const t = setTimeout(() => ctrl.abort(), timeoutMs);
     try {
-      const ctrl = new AbortController();
-      const t = setTimeout(() => ctrl.abort(), timeoutMs);
       const r = await fetch(url, { signal: ctrl.signal, cache: "no-store" });
-      clearTimeout(t);
-      if (!r.ok) continue;
-      const j = await r.json();
-      if (j && typeof j.ip === "string" && j.ip) return j.ip;
+      if (!r.ok) return null;
+      return await r.json();
     } catch (_) {
-      /* try next */
+      return null;
+    } finally {
+      clearTimeout(t);
     }
+  };
+  const empty = { country: "", region: "", city: "" };
+  // ipinfo.io (https, no token for ip/city/region/country)
+  let j = await tryFetch("https://ipinfo.io/json");
+  if (j && typeof j.ip === "string" && j.ip) {
+    return { publicIp: j.ip, ipRegion: { country: j.country || "", region: j.region || "", city: j.city || "" } };
+  }
+  // ip-api.com fallback ({ query, country, regionName, city })
+  j = await tryFetch("http://ip-api.com/json");
+  if (j && typeof j.query === "string" && j.query) {
+    return { publicIp: j.query, ipRegion: { country: j.country || "", region: j.regionName || "", city: j.city || "" } };
+  }
+  // ipify last resort (ip only)
+  j = await tryFetch("https://api.ipify.org?format=json");
+  if (j && typeof j.ip === "string" && j.ip) {
+    return { publicIp: j.ip, ipRegion: { ...empty } };
+  }
+  return { publicIp: "", ipRegion: { ...empty } };
+}
+
+// Back-compat thin wrapper — some callers only want the IP string.
+async function getPublicIp(opts) {
+  return (await detectIpGeo(opts)).publicIp;
+}
+
+// The persisted deviceInfo block in global.json (single source of truth).
+function readDeviceInfo() {
+  const c = readGlobalConfig(GLOBAL_JSON) || {};
+  return c.deviceInfo && typeof c.deviceInfo === "object" ? c.deviceInfo : {};
+}
+
+// Flatten ipRegion ({country,region,city}) → "US / California / San Jose" for a
+// clean, human-readable cloud device record (matches the SPA's representation).
+// Pass-through if already a string.
+function flattenIpRegion(r) {
+  if (!r) return "";
+  if (typeof r === "string") return r;
+  if (typeof r === "object") {
+    return [r.country, r.region, r.city].map((x) => String(x || "").trim()).filter(Boolean).join(" / ");
   }
   return "";
 }
 
+// Instant, no-network: what the get_device_info RPC + cloud report read.
+function getDeviceInfo() {
+  const di = readDeviceInfo();
+  return {
+    deviceId: getDeviceId(),
+    publicIp: di.publicIp || "",
+    ipRegion: di.ipRegion && typeof di.ipRegion === "object" ? di.ipRegion : { country: "", region: "", city: "" },
+    systemLanguage: di.systemLanguage || "",
+    detectedAt: di.detectedAt || "",
+  };
+}
+
+// Detect (network, no proxy, timeout) + merge systemLanguage (passed from the
+// main process via electronApp.getLocale()) + persist to global.json. Never
+// throws. Returns the persisted deviceInfo (incl. deviceId).
+async function detectAndPersistDeviceInfo({ systemLanguage = "", timeoutMs = 4000 } = {}) {
+  let geo = { publicIp: "", ipRegion: { country: "", region: "", city: "" } };
+  try {
+    geo = await detectIpGeo({ timeoutMs });
+  } catch (_) {
+    /* non-fatal */
+  }
+  try {
+    updateGlobalConfig(GLOBAL_JSON, (cfg) => {
+      const prev = cfg.deviceInfo && typeof cfg.deviceInfo === "object" ? cfg.deviceInfo : {};
+      cfg.deviceInfo = {
+        publicIp: geo.publicIp || prev.publicIp || "",
+        ipRegion: geo.publicIp ? geo.ipRegion : prev.ipRegion || { country: "", region: "", city: "" },
+        systemLanguage: String(systemLanguage || "") || prev.systemLanguage || "",
+        detectedAt: new Date().toISOString(),
+      };
+      return cfg;
+    });
+  } catch (e) {
+    log.warn(`[cloud] persist deviceInfo failed: ${e.message}`);
+  }
+  return getDeviceInfo();
+}
+
 // ── HTTP helper ─────────────────────────────────────────────────────────────
 
 async function cloudFetch(endpoint, { method = "GET", body = null } = {}) {
@@ -120,13 +266,21 @@ async function registerDevice() {
   const token = loginToken();
   if (!token) return { ok: false, reason: "not_logged_in" };
   const deviceId = getDeviceId();
-  const publicIp = await getPublicIp();
+  // Prefer the persisted deviceInfo (written by the startup task, which also has
+  // the OS locale). If nothing detected yet, detect now (no syslang available here).
+  let di = readDeviceInfo();
+  if (!di || !di.publicIp) {
+    di = await detectAndPersistDeviceInfo({ systemLanguage: (di && di.systemLanguage) || "" });
+  }
   const body = {
     deviceId,
     platform: process.platform, // "win32" | "darwin" | "linux"
     arch: process.arch, // "x64" | "arm64"
   };
-  if (publicIp) body.publicIp = publicIp;
+  if (di.publicIp) body.publicIp = di.publicIp;
+  const region = flattenIpRegion(di.ipRegion);
+  if (region) body.ipRegion = region;
+  if (di.systemLanguage) body.systemLanguage = di.systemLanguage;
   const res = await cloudFetch("/api/device/register", { method: "POST", body });
   if (res.ok) {
     log.info(`[cloud] device registered deviceId=${deviceId} platform=${body.platform}/${body.arch}`);
@@ -142,13 +296,18 @@ async function registerDevice() {
 //   teamId omitted → cloud creates a new team + key.
 //   teamId given   → cloud returns that team's existing key (no rotation).
 // Returns { ok, teamId, apiKey, gatewayUrl } on success.
-async function registerTeam({ teamId = null, title = "" } = {}) {
+async function registerTeam({ teamId = null, title = "", titleVersion = 0 } = {}) {
   const token = loginToken();
   if (!token) return { ok: false, reason: "not_logged_in" };
   const deviceId = getDeviceId();
   const body = { deviceId };
   if (teamId != null) body.teamId = teamId;
   if (title) body.title = title;
+  // 服务端权威版本号(w-10032 契约,commit 06698533;旧 titleUpdatedAt 时间戳契约已废)。
+  // 带上「最后一次从云端看到的」版本作为 base(没有就 0)。服务端乐观并发裁决:title 有变
+  // 且 base>=云端当前版本 → 采用本端 title、版本=当前+1;否则忽略(base 落后=云端在我们
+  // 上次同步后改过名 → 云端赢);相同 title 不 bump。客户端不再用自己的时钟。
+  body.titleVersion = Number(titleVersion) || 0;
   const res = await cloudFetch("/api/team/register", { method: "POST", body });
   if (res.ok && res.json) {
     return {
@@ -157,6 +316,8 @@ async function registerTeam({ teamId = null, title = "" } = {}) {
       apiKey: res.json.apiKey,
       gatewayUrl: res.json.gatewayUrl || GATEWAY_URL,
       protocols: res.json.protocols || ["anthropic", "openai"],
+      title: res.json.title,                          // cloud's authoritative title
+      titleVersion: Number(res.json.titleVersion) || 0, // cloud's authoritative version
     };
   }
   log.warn(`[cloud] team register failed status=${res.status} reason=${res.reason || ""}`);
@@ -182,30 +343,62 @@ async function listTeams({ deviceId = null, kind = null } = {}) {
 
 // ── gateway-key injection ─────────────────────────────────────────────────────
 
-// Write the per-team gateway apiKey + url into the team's global.json
-// providers.items entries keyed defaultAnthropic / defaultOpenAi. Existing
-// entries are updated in place (preserving model lists etc.); missing ones are
-// created minimally. `globalJsonPath` defaults to the user-global config, which
-// is also the local team's config home on this machine.
+// Write the per-team gateway apiKey + url into the team's global.json:
+// providers.default CLI routing (cicy/claude→anthropic slot, codex/opencode/
+// stt→openai slot) plus full provider items keyed defaultAnthropic /
+// defaultOpenAi (protocol, model list, defaultModel — cicy-code can't drive an
+// LLM from a bare key). Existing entries keep user-tuned fields (model lists,
+// routing overrides); only apiKey/url are forced and missing fields filled.
+// No-ops (no write) when everything is already in place, so calling this on
+// every launch is free. `globalJsonPath` defaults to the user-global config,
+// which is also the local team's config home on this machine.
 function injectGatewayKey(apiKey, gatewayUrl = GATEWAY_URL, globalJsonPath = GLOBAL_JSON) {
   if (!apiKey) throw new Error("injectGatewayKey: apiKey required");
-  return updateGlobalConfig(globalJsonPath, (cfg) => {
+  // Pre-check (updateGlobalConfig always rewrites the file): skip the write
+  // when routing + both items are already exactly in place.
+  try {
+    const cur = readGlobalConfig(globalJsonPath);
+    const p = cur.providers;
+    // stt must specifically be on the gateway slot (defaultOpenAi), overriding
+    // cicy-code's seeded "cloudflare-ai" — so require the exact value here, not
+    // just "any truthy routing", or the pre-check would short-circuit the fix.
+    const routed = p && p.default && Object.keys(GATEWAY_DEFAULT_ROUTING).every((cli) => p.default[cli]) && p.default.stt === "defaultOpenAi";
+    const itemsOk = p && Array.isArray(p.items) && Object.entries(GATEWAY_PROVIDER_TEMPLATES).every(([key, tpl]) => {
+      const it = p.items.find((x) => x && x.key === key);
+      return it && it.apiKey === apiKey && it.url === gatewayUrl && Object.keys(tpl).every((f) => it[f] !== undefined);
+    });
+    if (routed && itemsOk) return { changed: false, config: cur };
+  } catch {}
+  let changed = false;
+  const next = updateGlobalConfig(globalJsonPath, (cfg) => {
     if (!cfg.providers || typeof cfg.providers !== "object") cfg.providers = {};
-    if (!Array.isArray(cfg.providers.items)) cfg.providers.items = [];
-    const items = cfg.providers.items;
-    for (const [key, protocol] of Object.entries(GATEWAY_PROVIDER_KEYS)) {
-      let item = items.find((it) => it && it.key === key);
+    const p = cfg.providers;
+    if (!p.default || typeof p.default !== "object") p.default = {};
+    for (const [cli, slot] of Object.entries(GATEWAY_DEFAULT_ROUTING)) {
+      if (!p.default[cli]) { p.default[cli] = slot; changed = true; }
+    }
+    // Force STT onto the gateway slot. cicy-code seeds default.stt="cloudflare-ai"
+    // (direct-to-Cloudflare, needs .cf.prod creds), which the only-if-absent loop
+    // above never overwrites. Route it through the gateway instead so STT is
+    // metered via the team key and doesn't depend on local CF credentials.
+    if (p.default.stt !== "defaultOpenAi") { p.default.stt = "defaultOpenAi"; changed = true; }
+    if (!Array.isArray(p.items)) p.items = [];
+    for (const [key, tpl] of Object.entries(GATEWAY_PROVIDER_TEMPLATES)) {
+      let item = p.items.find((it) => it && it.key === key);
       if (!item) {
-        item = { key, protocol, name: "CiCyAi", url: gatewayUrl, apiKey };
-        items.push(item);
-      } else {
-        item.apiKey = apiKey;
-        item.url = gatewayUrl;
-        if (!item.protocol) item.protocol = protocol;
+        p.items.push({ ...tpl, url: gatewayUrl, apiKey });
+        changed = true;
+        continue;
+      }
+      if (item.apiKey !== apiKey) { item.apiKey = apiKey; changed = true; }
+      if (item.url !== gatewayUrl) { item.url = gatewayUrl; changed = true; }
+      for (const [f, v] of Object.entries(tpl)) {
+        if (item[f] === undefined) { item[f] = Array.isArray(v) ? [...v] : (v && typeof v === "object" ? { ...v } : v); changed = true; }
       }
     }
     return cfg;
   });
+  return { changed, config: next };
 }
 
 // Convenience: register a team and immediately wire its key into the local
@@ -231,6 +424,9 @@ module.exports = {
   loginToken,
   getDeviceId,
   getPublicIp,
+  detectIpGeo,
+  getDeviceInfo,
+  detectAndPersistDeviceInfo,
   registerDevice,
   registerTeam,
   listTeams,

package/src/cluster/types.js

@@ -18,14 +18,9 @@ function createRuntimeSessionId(workerId, partition, accountIdx) {
   return `${workerId}:runtime:${partition || `account-${accountIdx}`}`;
 }
 
-function createArtifactId(workerId, kind, localId) {
-  return `${workerId}:artifact:${kind}:${localId}`;
-}
-
 module.exports = {
   toIsoString,
   createWindowRef,
   createAgentId,
   createRuntimeSessionId,
-  createArtifactId,
 };

package/src/extension/inject.js

@@ -11,7 +11,7 @@ window._g = window._g || {};
 // ========================================
 try {
   const { ipcRenderer } = require('electron');
-  window.electronRPC = (tool, args) => ipcRenderer.invoke('rpc', tool, args || {});
+  window.electronRPC = (tool, args) => ipcRenderer.invoke('rpc:guarded', tool, args || {});
   window._g.rpc = window.electronRPC;
   console.log('[RPC] electronRPC ready');
 } catch(e) {