coding-tool-x 3.3.6 → 3.3.8

package/src/server/services/gemini-channels.js

@@ -2,6 +2,7 @@ const fs = require('fs');
 const path = require('path');
 const crypto = require('crypto');
 const { PATHS, NATIVE_PATHS } = require('../../config/paths');
+const { clearNativeOAuth } = require('./native-oauth-adapters');
 
 /**
  * Gemini 渠道管理服务（多渠道架构）
@@ -252,14 +253,6 @@ function updateChannel(channelId, updates) {
     console.log(`[Gemini Single-channel mode] Enabled "${nextChannel.name}", disabled all others`);
   }
 
-  // Prevent disabling last enabled channel when proxy is OFF
-  if (!isProxyRunning && !nextChannel.enabled && oldChannel.enabled) {
-    const enabledCount = data.channels.filter(ch => ch.enabled).length;
-    if (enabledCount === 0) {
-      throw new Error('无法禁用最后一个启用的渠道。请先启用其他渠道或启动动态切换。');
-    }
-  }
-
   saveChannels(data);
 
   // Only sync .env when proxy is OFF.
@@ -299,6 +292,8 @@ function applyChannelToSettings(channelId, channels = null) {
     saveChannels(data);
   }
 
+  clearNativeOAuth('gemini');
+
   const geminiDir = getGeminiDir();
 
   if (!fs.existsSync(geminiDir)) {
@@ -455,6 +450,12 @@ function saveChannelOrder(order) {
   saveChannels(data);
 }
 
+function disableAllChannels() {
+  const data = loadChannels();
+  data.channels.forEach(ch => { ch.enabled = false; });
+  saveChannels(data);
+}
+
 module.exports = {
   getChannels,
   createChannel,
@@ -465,5 +466,6 @@ module.exports = {
   saveChannelOrder,
   isProxyConfig,
   getGeminiDir,
-  applyChannelToSettings
+  applyChannelToSettings,
+  disableAllChannels
 };

package/src/server/services/mcp-client.js

@@ -107,6 +107,65 @@ function resolveWindowsSpawnCommand(command, env, cwd) {
   return normalizedCommand;
 }
 
+function getCommandInstallHint(command) {
+  const normalized = path.basename(stripWrappingQuotes(command)).toLowerCase()
+
+  if (['node', 'node.exe', 'npm', 'npm.cmd', 'npx', 'npx.cmd'].includes(normalized)) {
+    return '请先安装 Node.js，并确认 `node` / `npm` / `npx` 已加入 PATH。'
+  }
+
+  if (['uv', 'uv.exe', 'uvx', 'uvx.exe'].includes(normalized)) {
+    return '请先安装 `uv`，并确认 `uv` / `uvx` 可以在终端直接执行。'
+  }
+
+  if (['python', 'python.exe', 'python3', 'py'].includes(normalized)) {
+    return '请先安装 Python，并确认对应命令已加入 PATH。'
+  }
+
+  if (process.platform === 'win32' && ['netstat', 'taskkill'].includes(normalized)) {
+    return '请确认 Windows 自带命令可用，并检查 `C:\\Windows\\System32` 是否在 PATH 中。'
+  }
+
+  return `请确认已安装 "${command}"，或改用可执行文件的绝对路径。`
+}
+
+function createMissingCommandHint(command, resolvedCommand, env = {}) {
+  const pathKey = getPathEnvKey(env)
+  const pathValue = typeof env[pathKey] === 'string' ? env[pathKey] : ''
+  const pathPreview = pathValue
+    ? pathValue.split(path.delimiter).slice(0, 5).join(path.delimiter)
+    : ''
+  const commandHint = resolvedCommand === command
+    ? command
+    : `${command} (resolved: ${resolvedCommand})`
+
+  const details = [
+    getCommandInstallHint(command),
+    process.platform === 'win32'
+      ? 'Windows 可优先尝试 `.cmd` / `.exe` 文件，必要时直接填写绝对路径。'
+      : `可尝试填写绝对路径（例如 \`/usr/bin/node\` 或 \`$(which ${command})\`）。`
+  ]
+
+  if (pathPreview) {
+    details.push(`当前 PATH 前 5 项: ${pathPreview}`)
+  } else {
+    details.push('当前 PATH 为空，请检查环境变量配置。')
+  }
+
+  return {
+    type: 'missing-command',
+    command,
+    resolvedCommand,
+    title: `命令 "${commandHint}" 未找到`,
+    details
+  }
+}
+
+function buildMissingCommandMessage(command, resolvedCommand, env = {}) {
+  const hint = createMissingCommandHint(command, resolvedCommand, env)
+  return [hint.title, ...hint.details].join('\n')
+}
+
 // ============================================================================
 // McpClient
 // ============================================================================
@@ -356,19 +415,11 @@ class McpClient extends EventEmitter {
 
       this._child.on('error', (err) => {
         if (err.code === 'ENOENT') {
-          const pathKey = getPathEnvKey(mergedEnv);
-          const pathValue = typeof mergedEnv[pathKey] === 'string' ? mergedEnv[pathKey] : '';
-          const pathHint = pathValue
-            ? `\n  Current PATH: ${pathValue.split(path.delimiter).slice(0, 5).join(path.delimiter)}\n  (showing first 5 entries)`
-            : '\n  PATH is not set!';
-          const commandHint = resolvedCommand === command
-            ? command
-            : `${command} (resolved: ${resolvedCommand})`;
+          const hint = createMissingCommandHint(command, resolvedCommand, mergedEnv)
           settle(new McpClientError(
-            `Command "${commandHint}" not found. Please check:\n` +
-            `  1. Is "${command}" installed?\n` +
-            `  2. Try using absolute path${process.platform === 'win32' ? ' (e.g., C:\\\\Program Files\\\\nodejs\\\\npx.cmd)' : ` (e.g., /usr/bin/node or $(which ${command}))`}\n` +
-            `  3. Check your PATH environment variable${pathHint}`
+            buildMissingCommandMessage(command, resolvedCommand, mergedEnv),
+            undefined,
+            { hint }
           ));
         } else {
           settle(new McpClientError(`Failed to start process: ${err.message}`));
@@ -873,5 +924,11 @@ async function createClient(serverSpec, options = {}) {
 module.exports = {
   McpClient,
   McpClientError,
-  createClient
+  createClient,
+  buildMissingCommandMessage,
+  createMissingCommandHint,
+  _test: {
+    createMissingCommandHint,
+    buildMissingCommandMessage
+  }
 };

package/src/server/services/mcp-service.js

@@ -11,7 +11,7 @@ const toml = require('@iarna/toml');
 const { spawn } = require('child_process');
 const http = require('http');
 const https = require('https');
-const { McpClient } = require('./mcp-client');
+const { McpClient, buildMissingCommandMessage, createMissingCommandHint } = require('./mcp-client');
 const { NATIVE_PATHS } = require('../../config/paths');
 const { resolvePreferredHomeDir } = require('../../utils/home-dir');
 
@@ -290,15 +290,16 @@ function writeJsonFile(filePath, data) {
  * 安全读取 TOML 文件
  */
 function readTomlFile(filePath, defaultValue = {}) {
+  if (!fs.existsSync(filePath)) {
+    return defaultValue;
+  }
+
   try {
-    if (fs.existsSync(filePath)) {
-      const content = fs.readFileSync(filePath, 'utf-8');
-      return toml.parse(content);
-    }
+    const content = fs.readFileSync(filePath, 'utf-8');
+    return toml.parse(content);
   } catch (err) {
-    console.error(`[MCP] Failed to read ${filePath}:`, err.message);
+    throw new Error(`Failed to parse ${filePath}: ${err.message}`);
   }
-  return defaultValue;
 }
 
 /**
@@ -501,6 +502,19 @@ function resolveWindowsSpawnCommand(command, env, cwd) {
   return normalizedCommand;
 }
 
+function extractMcpHint(error) {
+  return error?.data?.hint || error?.hint || null;
+}
+
+function buildMcpFailureResult(error, fallbackMessage, duration) {
+  const hint = extractMcpHint(error);
+  return {
+    message: hint?.title || fallbackMessage || error?.message || '操作失败',
+    hint,
+    duration
+  };
+}
+
 // ============================================================================
 // MCP 数据管理
 // ============================================================================
@@ -580,14 +594,14 @@ async function saveServer(server, options = {}) {
     server.apps = normalizeServerApps(server.apps, previousApps || DEFAULT_SERVER_APPS);
   }
 
-  servers[server.id] = server;
-  writeJsonFile(MCP_SERVERS_FILE, servers);
-
   // 同步到各平台配置
   if (syncPlatforms) {
     await syncServerToAllPlatforms(server, previousApps);
   }
 
+  servers[server.id] = server;
+  writeJsonFile(MCP_SERVERS_FILE, servers);
+
   return server;
 }
 
@@ -602,12 +616,12 @@ async function deleteServer(id) {
     return false;
   }
 
-  delete servers[id];
-  writeJsonFile(MCP_SERVERS_FILE, servers);
-
   // 从所有平台配置中移除
   await removeServerFromAllPlatforms(id);
 
+  delete servers[id];
+  writeJsonFile(MCP_SERVERS_FILE, servers);
+
   return true;
 }
 
@@ -629,8 +643,6 @@ async function toggleServerApp(serverId, app, enabled) {
   server.apps[app] = enabled;
   server.updatedAt = Date.now();
 
-  writeJsonFile(MCP_SERVERS_FILE, servers);
-
   // 同步到对应平台
   if (enabled) {
     await syncServerToPlatform(server, app);
@@ -638,6 +650,8 @@ async function toggleServerApp(serverId, app, enabled) {
     await removeServerFromPlatform(serverId, app);
   }
 
+  writeJsonFile(MCP_SERVERS_FILE, servers);
+
   return server;
 }
 
@@ -777,6 +791,7 @@ async function removeServerFromPlatform(serverId, platform) {
     console.log(`[MCP] Removed "${serverId}" from ${platform}`);
   } catch (err) {
     console.error(`[MCP] Failed to remove "${serverId}" from ${platform}:`, err.message);
+    throw err;
   }
 }
 
@@ -820,14 +835,22 @@ function removeFromClaudeConfig(serverId) {
  * 同步到 Codex 配置
  */
 function syncToCodexConfig(server) {
+  if (!fs.existsSync(CODEX_CONFIG_PATH)) {
+    throw new Error('Codex config.toml not found. Please run Codex CLI at least once before syncing MCP servers.');
+  }
+
   const config = readTomlFile(CODEX_CONFIG_PATH, {});
+  const nextSpec = convertToCodexFormat(server.server);
 
   if (!config.mcp_servers) {
     config.mcp_servers = {};
   }
 
-  // 转换为 Codex TOML 格式
-  config.mcp_servers[server.id] = convertToCodexFormat(server.server);
+  if (JSON.stringify(config.mcp_servers[server.id] || null) === JSON.stringify(nextSpec)) {
+    return;
+  }
+
+  config.mcp_servers[server.id] = nextSpec;
 
   writeTomlFile(CODEX_CONFIG_PATH, config);
 }
@@ -836,10 +859,17 @@ function syncToCodexConfig(server) {
  * 从 Codex 配置移除
  */
 function removeFromCodexConfig(serverId) {
+  if (!fs.existsSync(CODEX_CONFIG_PATH)) {
+    return;
+  }
+
   const config = readTomlFile(CODEX_CONFIG_PATH, {});
 
   if (config.mcp_servers && config.mcp_servers[serverId]) {
     delete config.mcp_servers[serverId];
+    if (Object.keys(config.mcp_servers).length === 0) {
+      delete config.mcp_servers;
+    }
     writeTomlFile(CODEX_CONFIG_PATH, config);
   }
 }
@@ -1301,10 +1331,12 @@ async function testServer(serverId) {
       return { success: false, message: `不支持的服务器类型: ${type}` };
     }
   } catch (err) {
+    const failure = buildMcpFailureResult(err, err.message, Date.now() - startTime);
     return {
       success: false,
-      message: err.message,
-      duration: Date.now() - startTime
+      message: failure.message,
+      hint: failure.hint,
+      duration: failure.duration
     };
   }
 }
@@ -1370,10 +1402,11 @@ async function testStdioServer(spec) {
 
       child.on('error', (err) => {
         if (err.code === 'ENOENT') {
-          const commandLabel = resolvedCommand === command ? command : `${command} (resolved: ${resolvedCommand})`;
+          const hint = createMissingCommandHint(command, resolvedCommand, mergedEnv);
           done({
             success: false,
-            message: `命令 "${commandLabel}" 未找到，请确保已安装（Windows 可尝试 npx.cmd 或绝对路径）`,
+            message: buildMissingCommandMessage(command, resolvedCommand, mergedEnv),
+            hint,
             duration: Date.now() - startTime
           });
         } else {
@@ -1423,10 +1456,12 @@ async function testStdioServer(spec) {
       }, timeout);
 
     } catch (err) {
+      const failure = buildMcpFailureResult(err, `测试失败: ${err.message}`, Date.now() - startTime);
       done({
         success: false,
-        message: `测试失败: ${err.message}`,
-        duration: Date.now() - startTime
+        message: failure.message,
+        hint: failure.hint,
+        duration: failure.duration
       });
     }
   });
@@ -1571,11 +1606,14 @@ async function getServerTools(serverId) {
       mcpClientPool.delete(serverId);
     }
 
+    const failure = buildMcpFailureResult(err, err.message, Date.now() - startTime);
     return {
       tools: [],
-      duration: Date.now() - startTime,
+      duration: failure.duration,
       status: 'error',
-      error: err.message
+      error: failure.message,
+      message: failure.message,
+      hint: failure.hint
     };
   }
 }
@@ -1677,14 +1715,17 @@ async function callServerTool(serverId, toolName, arguments = {}) {
       mcpClientPool.delete(serverId);
     }
 
+    const failure = buildMcpFailureResult(err, err.message, Date.now() - startTime);
     return {
       result: {
-        error: err.message,
+        error: failure.message,
         code: err.code,
         data: err.data
       },
-      duration: Date.now() - startTime,
-      isError: true
+      duration: failure.duration,
+      isError: true,
+      message: failure.message,
+      hint: failure.hint
     };
   }
 }
@@ -1864,5 +1905,9 @@ module.exports = {
   callServerTool,
   updateServerStatus,
   updateServerOrder,
-  exportServers
+  exportServers,
+  _test: {
+    extractMcpHint,
+    buildMcpFailureResult
+  }
 };

package/src/server/services/model-detector.js

@@ -23,6 +23,7 @@ const MODEL_PRIORITY = {
     'claude-haiku-4-5-20251001'
   ],
   codex: [
+    'gpt-5.4',
     'gpt-5.2-codex',
     'gpt-5.1-codex-max',
     'gpt-5.1-codex',

package/src/server/services/native-keychain.js

@@ -0,0 +1,243 @@
+const { spawnSync } = require('child_process');
+
+function runCommand(command, args, options = {}) {
+  const result = spawnSync(command, args, {
+    encoding: 'utf8',
+    maxBuffer: 10 * 1024 * 1024,
+    ...options
+  });
+
+  if (result.error) {
+    throw result.error;
+  }
+
+  return result;
+}
+
+function getWindowsPowerShellCommand() {
+  return process.env.ComSpec && process.env.ComSpec.toLowerCase().includes('powershell')
+    ? process.env.ComSpec
+    : 'powershell.exe';
+}
+
+function runPowerShell(script, env = {}) {
+  return runCommand(getWindowsPowerShellCommand(), [
+    '-NoProfile',
+    '-NonInteractive',
+    '-Command',
+    script
+  ], {
+    env: {
+      ...process.env,
+      ...env
+    }
+  });
+}
+
+function isSupported() {
+  if (process.platform === 'darwin') return true;
+  if (process.platform === 'win32') return true;
+
+  if (process.platform === 'linux') {
+    try {
+      const result = runCommand('secret-tool', ['--help']);
+      return result.status === 0 || result.status === 1;
+    } catch {
+      return false;
+    }
+  }
+
+  return false;
+}
+
+function getPassword(service, account) {
+  if (!service || !account) {
+    return null;
+  }
+
+  try {
+    if (process.platform === 'darwin') {
+      const result = runCommand('security', [
+        'find-generic-password',
+        '-a',
+        String(account),
+        '-w',
+        '-s',
+        String(service)
+      ]);
+
+      if (result.status !== 0) {
+        return null;
+      }
+
+      return String(result.stdout || '').trim() || null;
+    }
+
+    if (process.platform === 'linux') {
+      const result = runCommand('secret-tool', [
+        'lookup',
+        'service',
+        String(service),
+        'account',
+        String(account)
+      ]);
+
+      if (result.status !== 0) {
+        return null;
+      }
+
+      return String(result.stdout || '').trim() || null;
+    }
+
+    if (process.platform === 'win32') {
+      const script = `
+Add-Type -AssemblyName System.Runtime.WindowsRuntime
+$vault = New-Object Windows.Security.Credentials.PasswordVault
+try {
+  $cred = $vault.Retrieve($env:CC_TOOL_SERVICE, $env:CC_TOOL_ACCOUNT)
+  $cred.RetrievePassword()
+  [Console]::Out.Write($cred.Password)
+  exit 0
+} catch {
+  exit 2
+}
+`;
+      const result = runPowerShell(script, {
+        CC_TOOL_SERVICE: String(service),
+        CC_TOOL_ACCOUNT: String(account)
+      });
+
+      if (result.status !== 0) {
+        return null;
+      }
+
+      return String(result.stdout || '').trim() || null;
+    }
+  } catch {
+    return null;
+  }
+
+  return null;
+}
+
+function setPassword(service, account, password) {
+  if (!service || !account) {
+    return false;
+  }
+
+  try {
+    if (process.platform === 'darwin') {
+      const result = runCommand('security', [
+        'add-generic-password',
+        '-U',
+        '-a',
+        String(account),
+        '-s',
+        String(service),
+        '-w',
+        String(password ?? '')
+      ]);
+      return result.status === 0;
+    }
+
+    if (process.platform === 'linux') {
+      deletePassword(service, account);
+      const result = runCommand('secret-tool', [
+        'store',
+        '--label',
+        String(service),
+        'service',
+        String(service),
+        'account',
+        String(account)
+      ], {
+        input: String(password ?? '')
+      });
+      return result.status === 0;
+    }
+
+    if (process.platform === 'win32') {
+      const script = `
+Add-Type -AssemblyName System.Runtime.WindowsRuntime
+$vault = New-Object Windows.Security.Credentials.PasswordVault
+try {
+  $existing = $vault.Retrieve($env:CC_TOOL_SERVICE, $env:CC_TOOL_ACCOUNT)
+  $vault.Remove($existing)
+} catch {}
+$credential = New-Object Windows.Security.Credentials.PasswordCredential($env:CC_TOOL_SERVICE, $env:CC_TOOL_ACCOUNT, $env:CC_TOOL_PASSWORD)
+$vault.Add($credential)
+exit 0
+`;
+      const result = runPowerShell(script, {
+        CC_TOOL_SERVICE: String(service),
+        CC_TOOL_ACCOUNT: String(account),
+        CC_TOOL_PASSWORD: String(password ?? '')
+      });
+      return result.status === 0;
+    }
+  } catch {
+    return false;
+  }
+
+  return false;
+}
+
+function deletePassword(service, account) {
+  if (!service || !account) {
+    return false;
+  }
+
+  try {
+    if (process.platform === 'darwin') {
+      const result = runCommand('security', [
+        'delete-generic-password',
+        '-a',
+        String(account),
+        '-s',
+        String(service)
+      ]);
+      return result.status === 0;
+    }
+
+    if (process.platform === 'linux') {
+      const result = runCommand('secret-tool', [
+        'clear',
+        'service',
+        String(service),
+        'account',
+        String(account)
+      ]);
+      return result.status === 0;
+    }
+
+    if (process.platform === 'win32') {
+      const script = `
+Add-Type -AssemblyName System.Runtime.WindowsRuntime
+$vault = New-Object Windows.Security.Credentials.PasswordVault
+try {
+  $credential = $vault.Retrieve($env:CC_TOOL_SERVICE, $env:CC_TOOL_ACCOUNT)
+  $vault.Remove($credential)
+  exit 0
+} catch {
+  exit 2
+}
+`;
+      const result = runPowerShell(script, {
+        CC_TOOL_SERVICE: String(service),
+        CC_TOOL_ACCOUNT: String(account)
+      });
+      return result.status === 0;
+    }
+  } catch {
+    return false;
+  }
+
+  return false;
+}
+
+module.exports = {
+  isSupported,
+  getPassword,
+  setPassword,
+  deletePassword
+};