codexpanel 0.1.8 → 0.1.10

package/README.md

@@ -1,6 +1,6 @@
 # codexpanel
 
-[中文版本](README.zh.md)
+[涓枃鐗堟湰](README.zh.md)
 
 codexpanel is a mobile control plane for managing local Codex work from a phone. It provides a Next.js web console, relay service, desktop agent, PostgreSQL-backed durable storage, shared protocol package, and reusable UI package in one monorepo.
 
@@ -59,7 +59,7 @@ Web/admin login uses a session cookie. Configure at least one of these before ex
 ```env
 CODEXPANEL_ADMIN_USERNAME=admin
 CODEXPANEL_ADMIN_USER_ID=admin
-CODEXPANEL_ADMIN_PASSWORD=ChangeRoot9361A
+CODEXPANEL_ADMIN_PASSWORD=Admin778899
 CODEXPANEL_SESSION_SECRET=long_random_secret
 CODEXPANEL_LOGIN_MAX_ATTEMPTS=8
 CODEXPANEL_LOGIN_IP_MAX_ATTEMPTS=24
@@ -79,7 +79,7 @@ CODEXPANEL_REGISTRATION_ENABLED=false
 
 Desktop setup uses browser login binding or a one-time terminal token. `CODEXPANEL_ADMIN_*` only bootstraps the first admin; additional users must be created through registration or admin operations.
 
-`CODEXPANEL_REGISTRATION_ENABLED=true` opens self-service web registration. If the variable is omitted, development defaults to open and production defaults to closed; production onboarding must opt in explicitly. New users are stored in the existing relay users table with PBKDF2 password hashes and receive `CODEXPANEL_REGISTRATION_DEFAULT_ROLE` (`operator` or `viewer`, default `operator`).
+`CODEXPANEL_REGISTRATION_ENABLED=true` opens self-service web registration. If the variable is omitted, development defaults to open and production defaults to closed; production onboarding must opt in explicitly. New users are stored in the existing relay users table with PBKDF2 password hashes. Permissions are assigned through IAM permission groups, not account roles.
 
 Desktop setup start requests are also rate-limited by source IP and capped by pending flow count. Tune `CODEXPANEL_DESKTOP_SETUP_*` only if installer traffic legitimately exceeds the defaults.
 
@@ -87,7 +87,7 @@ Desktop setup start requests are also rate-limited by source IP and capped by pe
 
 Use `/admin/` with an admin session for first-batch testing:
 
-- Enable/disable users, change roles, and reset passwords. These actions invalidate existing local-user sessions.
+- Enable/disable users, assign permission groups, and reset passwords. These actions invalidate existing local-user sessions.
 - Recharge, gift, or deduct balance through the wallet adjustment action. Every change requires an idempotency key and is recorded in the user wallet ledger; do not edit `balance` directly.
 - Grant, renew, or revoke monthly cards. Device quota is derived server-side from the user entitlement.
 - Bind devices to users or disable devices from the admin device table. Ordinary users cannot operate another user's device, and disabled devices are blocked for non-admin operation.

package/README.zh.md

@@ -59,7 +59,7 @@ Web/admin 登录使用 session cookie。公网暴露 relay 前至少配置以下
 ```env
 CODEXPANEL_ADMIN_USERNAME=admin
 CODEXPANEL_ADMIN_USER_ID=admin
-CODEXPANEL_ADMIN_PASSWORD=ChangeRoot9361A
+CODEXPANEL_ADMIN_PASSWORD=Admin778899
 CODEXPANEL_SESSION_SECRET=long_random_secret
 CODEXPANEL_LOGIN_MAX_ATTEMPTS=8
 CODEXPANEL_LOGIN_IP_MAX_ATTEMPTS=24
@@ -79,7 +79,7 @@ CODEXPANEL_REGISTRATION_ENABLED=false
 
 电脑端 setup 支持浏览器登录绑定和终端一次性 token 登录。`CODEXPANEL_ADMIN_*` 只用于启动首个管理员；其他用户必须通过注册或后台运营创建。
 
-`CODEXPANEL_REGISTRATION_ENABLED=true` 会打开自助注册。未配置该变量时，开发环境默认开放、生产环境默认关闭；生产环境如需开放注册必须显式设置为 `true`。新用户写入 relay 的 users 表，密码使用 PBKDF2 hash，角色来自 `CODEXPANEL_REGISTRATION_DEFAULT_ROLE`，默认 `operator`。
+`CODEXPANEL_REGISTRATION_ENABLED=true` 会打开自助注册。未配置该变量时，开发环境默认开放、生产环境默认关闭；生产环境如需开放注册必须显式设置为 `true`。新用户写入 relay 的 users 表，密码使用 PBKDF2 hash；后台权限只通过 IAM 权限组和 permission scopes 分配，不再使用账号角色。
 
 电脑端 setup 启动请求会按来源 IP 限流，并受 pending flow 总量限制。只有安装流量确实超过默认值时，才需要调整 `CODEXPANEL_DESKTOP_SETUP_*`。
 

package/bin/codexpanel.cjs

@@ -11,7 +11,7 @@ const crypto = require("crypto");
 const readline = require("readline");
 const { spawn, spawnSync } = require("child_process");
 
-const VERSION = "0.1.8";
+const VERSION = "0.1.10";
 const PROD_URL = "https://codexpanel.com";
 const TEST_URL = "https://jd.6a.gs";
 const LOCAL_HOST = "127.0.0.1";
@@ -34,6 +34,7 @@ Options:
   --token-login                 Ask for a one-time terminal token from the setup page
   --no-browser                  Do not open a browser; print the login URL instead
   --no-autostart                Do not enable Windows login autostart
+  --install-only                Install/update the local agent and panel without binding
   --dry-run                     Print resolved installer details without installing
   --print-command               Print the equivalent PowerShell bootstrap command after login approval
   -h, --help                    Show help
@@ -59,6 +60,7 @@ function parseArgs(argv) {
     autoStart: true,
     dryRun: false,
     printCommand: false,
+    installOnly: false,
   };
 
   const readValue = (flag) => {
@@ -80,6 +82,7 @@ function parseArgs(argv) {
     else if (arg === "--token-login") options.tokenLogin = true;
     else if (arg === "--no-browser") options.browser = false;
     else if (arg === "--no-autostart") options.autoStart = false;
+    else if (arg === "--install-only") options.installOnly = true;
     else if (arg === "--legacy-tunnel") throw new Error("--legacy-tunnel has been retired. Device traffic uses the server WSS gateway.");
     else if (arg === "--no-tunnel") throw new Error("--no-tunnel has been retired. Device traffic uses the server WSS gateway.");
     else if (arg === "--dry-run") options.dryRun = true;
@@ -364,6 +367,8 @@ async function preloadResources(relayUrl) {
   let manifest = {};
   try { manifest = JSON.parse(manifestText); }
   catch { throw new Error("Server returned an invalid agent manifest."); }
+  const cacheKey = crypto.createHash("sha256").update(manifestText).digest("hex").slice(0, 16);
+  const preloadDir = path.join(localAgentRoot(), "preload", cacheKey);
   const resources = [
     manifest.hostRuntime,
     manifest.hostRuntimeSchema,
@@ -376,9 +381,16 @@ async function preloadResources(relayUrl) {
     const text = await downloadText(resourceUrl, 60000);
     const hash = crypto.createHash("sha256").update(Buffer.from(text, "utf8")).digest("hex");
     if (item.sha256 && hash !== item.sha256) throw new Error(`Checksum mismatch for ${item.fileName || item.path}`);
+    if (!item.dynamicAfterApproval && item.fileName) {
+      const target = path.join(preloadDir, ...String(item.fileName).split(/[\\/]+/));
+      fs.mkdirSync(path.dirname(target), { recursive: true });
+      fs.writeFileSync(target, text, "utf8");
+    }
   }
   console.log("CodexPanel: 资源已下载并校验完成 / Resources downloaded and verified.");
-  return manifest;
+  fs.mkdirSync(preloadDir, { recursive: true });
+  fs.writeFileSync(path.join(preloadDir, "manifest.json"), JSON.stringify(manifest, null, 2));
+  return { manifest, preloadDir };
 }
 
 function powershellCommand(url) {
@@ -427,14 +439,14 @@ async function tokenLogin(relayUrl, flowId, flowSecret) {
   }
 }
 
-async function runBootstrap(relayUrl, approval, options) {
+async function runBootstrap(relayUrl, profile, options, preloadDir = "") {
   const url = new URL("/agent/bootstrap.ps1", relayUrl);
-  url.searchParams.set("setupToken", approval.setupToken);
   url.searchParams.set("manualDeviceId", "1");
   url.searchParams.set("manualDeviceName", "1");
-  url.searchParams.set("deviceId", approval.deviceId || stableDeviceId());
-  if (approval.deviceName) url.searchParams.set("deviceName", approval.deviceName);
+  url.searchParams.set("deviceId", profile.deviceId || stableDeviceId());
+  if (profile.deviceName) url.searchParams.set("deviceName", profile.deviceName);
   if (options.workspace) url.searchParams.set("workspace", options.workspace);
+  if (preloadDir) url.searchParams.set("preloadDir", preloadDir);
   url.searchParams.set("mode", "host-runtime");
   url.searchParams.set("autoStart", options.autoStart ? "1" : "0");
 
@@ -453,9 +465,48 @@ async function runBootstrap(relayUrl, approval, options) {
   if (result.status !== 0) throw new Error(`PowerShell installer exited with code ${result.status}`);
 }
 
+async function bindLocalAgent(approval) {
+  const root = localAgentRoot();
+  const script = path.join(root, "bind-agent.ps1");
+  if (!fs.existsSync(script)) throw new Error(`Local bind script not found: ${script}`);
+  const args = [
+    "-NoLogo", "-NoProfile", "-ExecutionPolicy", "Bypass", "-File", script,
+    "-SetupToken", approval.setupToken || "",
+    "-DeviceToken", approval.deviceToken || "",
+    "-UserId", approval.userId || "",
+    "-DeviceId", approval.deviceId || "",
+  ];
+  if (approval.deviceName) args.push("-DeviceName", approval.deviceName);
+  const result = spawnSync(powershellPath(), args, { stdio: "inherit", windowsHide: false });
+  if (result.error) throw result.error;
+  if (result.status !== 0) throw new Error(`PowerShell bind script exited with code ${result.status}`);
+}
+
+function localProfileFromConfig(options, resolved) {
+  try {
+    const runtime = readLocalRuntimeConfig();
+    const config = runtime.config || {};
+    return {
+      ...computerProfile(options, resolved),
+      deviceId: config.deviceId || config.agentId || stableDeviceId(),
+      deviceName: options.deviceName || config.deviceName || `${os.hostname()} / ${defaultUsername()} Codex Desktop Agent`,
+      workspace: options.workspace || config.workspace || process.env.USERPROFILE || process.cwd(),
+    };
+  } catch {
+    return computerProfile(options, resolved);
+  }
+}
+
 async function install(options) {
+  if (options.command === "login" && !process.env.CODEXPANEL_SERVER) {
+    try {
+      const existing = readLocalRuntimeConfig().config;
+      if (existing.relayUrl && options.server === "production") options.server = existing.relayUrl;
+    } catch {}
+  }
   const resolved = await resolveServer(options.server);
-  const profile = computerProfile(options, resolved);
+  const loginOnly = options.command === "login";
+  const profile = loginOnly ? localProfileFromConfig(options, resolved) : computerProfile(options, resolved);
   if (options.dryRun) {
     console.log(JSON.stringify({
       ok: true,
@@ -480,7 +531,16 @@ async function install(options) {
     console.log(`Local relay port / 本地 relay 端口: ${resolved.localPort} (dynamic, not fixed)`);
   }
 
-  const manifest = await preloadResources(resolved.relayUrl);
+  let manifest = {};
+  if (!loginOnly) {
+    const preload = await preloadResources(resolved.relayUrl);
+    manifest = preload.manifest;
+    await runBootstrap(resolved.relayUrl, profile, options, preload.preloadDir);
+  }
+  if (options.installOnly) {
+    console.log("\nCodexPanel: local agent installed. Run `npx -y codexpanel login` to bind this device.");
+    return;
+  }
   const start = await requestJson("POST", resolved.relayUrl, "/api/desktop/setup/start", {
     ...profile,
     agentVersion: manifest.agentVersion || "",
@@ -514,7 +574,7 @@ async function install(options) {
   console.log("\nCodexPanel: 登录绑定成功 / Sign-in and binding approved.");
   console.log(`User / 用户: ${approval.user?.name || approval.userId || "unknown"}`);
   console.log(`Device / 设备: ${approval.deviceName || approval.deviceId}`);
-  await runBootstrap(resolved.relayUrl, approval, options);
+  await bindLocalAgent(approval);
   if (approval.panelUrl) {
     console.log(`CodexPanel local status panel / 本地状态面板: ${approval.panelUrl}`);
     try { openBrowser(approval.panelUrl); } catch {}

package/docs/desktop-npx-install-flow.md

@@ -263,7 +263,7 @@ relay 会校验：
 - `deviceToken`：给安装后的 agent 使用的长期设备 token 明文，只在这个 flow 内短暂存在。
 - `deviceToken.hash`：后续会写入设备记录，服务端长期保存 hash，不保存明文。
 - `approvedByUserId`
-- `approvedByRole`
+- `approvedByPermissionGroupId`
 - `userId`
 
 浏览器显示：

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codexpanel",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "CodexPanel mobile control plane monorepo.",
   "license": "UNLICENSED",
   "private": false,