claude-wec 1.0.0

package/server/middleware/auth.js

@@ -0,0 +1,111 @@
+import jwt from 'jsonwebtoken';
+import { userDb } from '../database/db.js';
+
+// Get JWT secret from environment or use default (for development)
+const JWT_SECRET = process.env.JWT_SECRET || 'claude-ui-dev-secret-change-in-production';
+
+// Optional API key middleware
+const validateApiKey = (req, res, next) => {
+  // Skip API key validation if not configured
+  if (!process.env.API_KEY) {
+    return next();
+  }
+  
+  const apiKey = req.headers['x-api-key'];
+  if (apiKey !== process.env.API_KEY) {
+    return res.status(401).json({ error: 'Invalid API key' });
+  }
+  next();
+};
+
+// JWT authentication middleware
+const authenticateToken = async (req, res, next) => {
+  // Platform mode:  use single database user
+  if (process.env.VITE_IS_PLATFORM === 'true') {
+    try {
+      const user = userDb.getFirstUser();
+      if (!user) {
+        return res.status(500).json({ error: 'Platform mode: No user found in database' });
+      }
+      req.user = user;
+      return next();
+    } catch (error) {
+      console.error('Platform mode error:', error);
+      return res.status(500).json({ error: 'Platform mode: Failed to fetch user' });
+    }
+  }
+
+  // Normal OSS JWT validation
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
+
+  if (!token) {
+    return res.status(401).json({ error: 'Access denied. No token provided.' });
+  }
+
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+
+    // Verify user still exists and is active
+    const user = userDb.getUserById(decoded.userId);
+    if (!user) {
+      return res.status(401).json({ error: 'Invalid token. User not found.' });
+    }
+
+    req.user = user;
+    next();
+  } catch (error) {
+    console.error('Token verification error:', error);
+    return res.status(403).json({ error: 'Invalid token' });
+  }
+};
+
+// Generate JWT token (never expires)
+const generateToken = (user) => {
+  return jwt.sign(
+    { 
+      userId: user.id, 
+      username: user.username 
+    },
+    JWT_SECRET
+    // No expiration - token lasts forever
+  );
+};
+
+// WebSocket authentication function
+const authenticateWebSocket = (token) => {
+  // Platform mode: bypass token validation, return first user
+  if (process.env.VITE_IS_PLATFORM === 'true') {
+    try {
+      const user = userDb.getFirstUser();
+      if (user) {
+        return { userId: user.id, username: user.username };
+      }
+      return null;
+    } catch (error) {
+      console.error('Platform mode WebSocket error:', error);
+      return null;
+    }
+  }
+
+  // Normal OSS JWT validation
+  if (!token) {
+    return null;
+  }
+
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+    return decoded;
+  } catch (error) {
+    console.error('WebSocket token verification error:', error);
+    return null;
+  }
+};
+
+export {
+  validateApiKey,
+  authenticateToken,
+  generateToken,
+  authenticateWebSocket,
+  JWT_SECRET
+};

package/server/openai-codex.js

@@ -0,0 +1,389 @@
+/**
+ * OpenAI Codex SDK Integration
+ * =============================
+ *
+ * This module provides integration with the OpenAI Codex SDK for non-interactive
+ * chat sessions. It mirrors the pattern used in claude-sdk.js for consistency.
+ *
+ * ## Usage
+ *
+ * - queryCodex(command, options, ws) - Execute a prompt with streaming via WebSocket
+ * - abortCodexSession(sessionId) - Cancel an active session
+ * - isCodexSessionActive(sessionId) - Check if a session is running
+ * - getActiveCodexSessions() - List all active sessions
+ */
+
+import { Codex } from '@openai/codex-sdk';
+
+// Track active sessions
+const activeCodexSessions = new Map();
+
+/**
+ * Transform Codex SDK event to WebSocket message format
+ * @param {object} event - SDK event
+ * @returns {object} - Transformed event for WebSocket
+ */
+function transformCodexEvent(event) {
+  // Map SDK event types to a consistent format
+  switch (event.type) {
+    case 'item.started':
+    case 'item.updated':
+    case 'item.completed':
+      const item = event.item;
+      if (!item) {
+        return { type: event.type, item: null };
+      }
+
+      // Transform based on item type
+      switch (item.type) {
+        case 'agent_message':
+          return {
+            type: 'item',
+            itemType: 'agent_message',
+            message: {
+              role: 'assistant',
+              content: item.text
+            }
+          };
+
+        case 'reasoning':
+          return {
+            type: 'item',
+            itemType: 'reasoning',
+            message: {
+              role: 'assistant',
+              content: item.text,
+              isReasoning: true
+            }
+          };
+
+        case 'command_execution':
+          return {
+            type: 'item',
+            itemType: 'command_execution',
+            command: item.command,
+            output: item.aggregated_output,
+            exitCode: item.exit_code,
+            status: item.status
+          };
+
+        case 'file_change':
+          return {
+            type: 'item',
+            itemType: 'file_change',
+            changes: item.changes,
+            status: item.status
+          };
+
+        case 'mcp_tool_call':
+          return {
+            type: 'item',
+            itemType: 'mcp_tool_call',
+            server: item.server,
+            tool: item.tool,
+            arguments: item.arguments,
+            result: item.result,
+            error: item.error,
+            status: item.status
+          };
+
+        case 'web_search':
+          return {
+            type: 'item',
+            itemType: 'web_search',
+            query: item.query
+          };
+
+        case 'todo_list':
+          return {
+            type: 'item',
+            itemType: 'todo_list',
+            items: item.items
+          };
+
+        case 'error':
+          return {
+            type: 'item',
+            itemType: 'error',
+            message: {
+              role: 'error',
+              content: item.message
+            }
+          };
+
+        default:
+          return {
+            type: 'item',
+            itemType: item.type,
+            item: item
+          };
+      }
+
+    case 'turn.started':
+      return {
+        type: 'turn_started'
+      };
+
+    case 'turn.completed':
+      return {
+        type: 'turn_complete',
+        usage: event.usage
+      };
+
+    case 'turn.failed':
+      return {
+        type: 'turn_failed',
+        error: event.error
+      };
+
+    case 'thread.started':
+      return {
+        type: 'thread_started',
+        threadId: event.id
+      };
+
+    case 'error':
+      return {
+        type: 'error',
+        message: event.message
+      };
+
+    default:
+      return {
+        type: event.type,
+        data: event
+      };
+  }
+}
+
+/**
+ * Map permission mode to Codex SDK options
+ * @param {string} permissionMode - 'default', 'acceptEdits', or 'bypassPermissions'
+ * @returns {object} - { sandboxMode, approvalPolicy }
+ */
+function mapPermissionModeToCodexOptions(permissionMode) {
+  switch (permissionMode) {
+    case 'acceptEdits':
+      return {
+        sandboxMode: 'workspace-write',
+        approvalPolicy: 'never'
+      };
+    case 'bypassPermissions':
+      return {
+        sandboxMode: 'danger-full-access',
+        approvalPolicy: 'never'
+      };
+    case 'default':
+    default:
+      return {
+        sandboxMode: 'workspace-write',
+        approvalPolicy: 'untrusted'
+      };
+  }
+}
+
+/**
+ * Execute a Codex query with streaming
+ * @param {string} command - The prompt to send
+ * @param {object} options - Options including cwd, sessionId, model, permissionMode
+ * @param {WebSocket|object} ws - WebSocket connection or response writer
+ */
+export async function queryCodex(command, options = {}, ws) {
+  const {
+    sessionId,
+    cwd,
+    projectPath,
+    model,
+    permissionMode = 'default'
+  } = options;
+
+  const workingDirectory = cwd || projectPath || process.cwd();
+  const { sandboxMode, approvalPolicy } = mapPermissionModeToCodexOptions(permissionMode);
+
+  let codex;
+  let thread;
+  let currentSessionId = sessionId;
+
+  try {
+    // Initialize Codex SDK
+    codex = new Codex();
+
+    // Thread options with sandbox and approval settings
+    const threadOptions = {
+      workingDirectory,
+      skipGitRepoCheck: true,
+      sandboxMode,
+      approvalPolicy,
+      model
+    };
+
+    // Start or resume thread
+    if (sessionId) {
+      thread = codex.resumeThread(sessionId, threadOptions);
+    } else {
+      thread = codex.startThread(threadOptions);
+    }
+
+    // Get the thread ID
+    currentSessionId = thread.id || sessionId || `codex-${Date.now()}`;
+
+    // Track the session
+    activeCodexSessions.set(currentSessionId, {
+      thread,
+      codex,
+      status: 'running',
+      startedAt: new Date().toISOString()
+    });
+
+    // Send session created event
+    sendMessage(ws, {
+      type: 'session-created',
+      sessionId: currentSessionId,
+      provider: 'codex'
+    });
+
+    // Execute with streaming
+    const streamedTurn = await thread.runStreamed(command);
+
+    for await (const event of streamedTurn.events) {
+      // Check if session was aborted
+      const session = activeCodexSessions.get(currentSessionId);
+      if (!session || session.status === 'aborted') {
+        break;
+      }
+
+      if (event.type === 'item.started' || event.type === 'item.updated') {
+        continue;
+      }
+
+      const transformed = transformCodexEvent(event);
+
+      sendMessage(ws, {
+        type: 'codex-response',
+        data: transformed,
+        sessionId: currentSessionId
+      });
+
+      // Extract and send token usage if available (normalized to match Claude format)
+      if (event.type === 'turn.completed' && event.usage) {
+        const totalTokens = (event.usage.input_tokens || 0) + (event.usage.output_tokens || 0);
+        sendMessage(ws, {
+          type: 'token-budget',
+          data: {
+            used: totalTokens,
+            total: 200000 // Default context window for Codex models
+          }
+        });
+      }
+    }
+
+    // Send completion event
+    sendMessage(ws, {
+      type: 'codex-complete',
+      sessionId: currentSessionId,
+      actualSessionId: thread.id
+    });
+
+  } catch (error) {
+    console.error('[Codex] Error:', error);
+
+    sendMessage(ws, {
+      type: 'codex-error',
+      error: error.message,
+      sessionId: currentSessionId
+    });
+
+  } finally {
+    // Update session status
+    if (currentSessionId) {
+      const session = activeCodexSessions.get(currentSessionId);
+      if (session) {
+        session.status = 'completed';
+      }
+    }
+  }
+}
+
+/**
+ * Abort an active Codex session
+ * @param {string} sessionId - Session ID to abort
+ * @returns {boolean} - Whether abort was successful
+ */
+export function abortCodexSession(sessionId) {
+  const session = activeCodexSessions.get(sessionId);
+
+  if (!session) {
+    return false;
+  }
+
+  session.status = 'aborted';
+
+  // The SDK doesn't have a direct abort method, but marking status
+  // will cause the streaming loop to exit
+
+  return true;
+}
+
+/**
+ * Check if a session is active
+ * @param {string} sessionId - Session ID to check
+ * @returns {boolean} - Whether session is active
+ */
+export function isCodexSessionActive(sessionId) {
+  const session = activeCodexSessions.get(sessionId);
+  return session?.status === 'running';
+}
+
+/**
+ * Get all active sessions
+ * @returns {Array} - Array of active session info
+ */
+export function getActiveCodexSessions() {
+  const sessions = [];
+
+  for (const [id, session] of activeCodexSessions.entries()) {
+    if (session.status === 'running') {
+      sessions.push({
+        id,
+        status: session.status,
+        startedAt: session.startedAt
+      });
+    }
+  }
+
+  return sessions;
+}
+
+/**
+ * Helper to send message via WebSocket or writer
+ * @param {WebSocket|object} ws - WebSocket or response writer
+ * @param {object} data - Data to send
+ */
+function sendMessage(ws, data) {
+  try {
+    if (ws.isSSEStreamWriter || ws.isWebSocketWriter) {
+      // Writer handles stringification (SSEStreamWriter or WebSocketWriter)
+      ws.send(data);
+    } else if (typeof ws.send === 'function') {
+      // Raw WebSocket - stringify here
+      ws.send(JSON.stringify(data));
+    }
+  } catch (error) {
+    console.error('[Codex] Error sending message:', error);
+  }
+}
+
+// Clean up old completed sessions periodically
+setInterval(() => {
+  const now = Date.now();
+  const maxAge = 30 * 60 * 1000; // 30 minutes
+
+  for (const [id, session] of activeCodexSessions.entries()) {
+    if (session.status !== 'running') {
+      const startedAt = new Date(session.startedAt).getTime();
+      if (now - startedAt > maxAge) {
+        activeCodexSessions.delete(id);
+      }
+    }
+  }
+}, 5 * 60 * 1000); // Every 5 minutes