coding-tool-x 3.4.5 → 3.4.6

package/dist/web/index.html

@@ -5,14 +5,14 @@
     <link rel="icon" href="/favicon.ico">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>CC-TOOL - ClaudeCode增强工作助手</title>
-    <script type="module" crossorigin src="/assets/index-BDsmoSfO.js"></script>
+    <script type="module" crossorigin src="/assets/index-B4Wl3JfR.js"></script>
     <link rel="modulepreload" crossorigin href="/assets/markdown-DyTJGI4N.js">
     <link rel="modulepreload" crossorigin href="/assets/vue-vendor-3bf-fPGP.js">
     <link rel="modulepreload" crossorigin href="/assets/vendors-CKPV1OAU.js">
     <link rel="modulepreload" crossorigin href="/assets/naive-ui-Bdxp09n2.js">
     <link rel="modulepreload" crossorigin href="/assets/icons-B5Pl4lrD.js">
     <link rel="stylesheet" crossorigin href="/assets/markdown-BfC0goYb.css">
-    <link rel="stylesheet" crossorigin href="/assets/index-C1pzEgmj.css">
+    <link rel="stylesheet" crossorigin href="/assets/index-Bgt_oqoE.css">
   </head>
   <body>
     <div id="app"></div>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "coding-tool-x",
-  "version": "3.4.5",
+  "version": "3.4.6",
   "description": "Vibe Coding 增强工作助手 - 智能会话管理、动态渠道切换、全局搜索、实时监控",
   "main": "src/index.js",
   "bin": {

package/src/server/api/codex-channels.js

@@ -25,11 +25,26 @@ const { deleteBackup } = require('../services/codex-settings-manager');
 const { PATHS } = require('../../config/paths');
 const { getDefaultSpeedTestModelByToolType } = require('../../config/model-metadata');
 const CODEX_GATEWAY_SOURCE_TYPE = 'codex';
+const CODEX_PROVIDER_KEY_PATTERN = /^[a-z0-9_-]+$/i;
 
 function getDefaultCodexModel() {
   return getDefaultSpeedTestModelByToolType('codex');
 }
 
+function validateCodexProviderKey(value) {
+  const normalized = String(value || '').trim();
+  if (!normalized) {
+    return 'Missing required fields: providerKey';
+  }
+  if (!CODEX_PROVIDER_KEY_PATTERN.test(normalized)) {
+    return 'Invalid providerKey: only letters, numbers, underscores, and hyphens are allowed';
+  }
+  if (normalized.toLowerCase() === 'openai') {
+    return 'Invalid providerKey: "openai" is reserved for the built-in OpenAI provider';
+  }
+  return '';
+}
+
 module.exports = (config) => {
   /**
    * GET /api/codex/channels
@@ -137,6 +152,11 @@ module.exports = (config) => {
         return res.status(400).json({ error: 'Missing required fields: apiKey' });
       }
 
+      const providerKeyError = validateCodexProviderKey(providerKey);
+      if (providerKeyError) {
+        return res.status(400).json({ error: providerKeyError });
+      }
+
       // wireApi 固定为 'responses' (OpenAI Responses API 格式)
       const channel = createChannel(name, providerKey, baseUrl, apiKey, 'responses', {
         websiteUrl,
@@ -168,6 +188,12 @@ module.exports = (config) => {
 
       const { channelId } = req.params;
       const updates = req.body;
+      if (Object.prototype.hasOwnProperty.call(updates, 'providerKey')) {
+        const providerKeyError = validateCodexProviderKey(updates.providerKey);
+        if (providerKeyError) {
+          return res.status(400).json({ error: providerKeyError });
+        }
+      }
 
       const channel = updateChannel(channelId, updates);
       // 清除该渠道的模型重定向日志缓存，使下次请求时重新打印

package/src/server/api/oauth-credentials.js

@@ -9,6 +9,7 @@ const {
   setDefaultCredential,
   deleteCredential,
   applyStoredCredential,
+  disableStoredCredential,
   clearNativeOAuthState,
   fetchCredentialUsage
 } = require('../services/oauth-credentials-service');
@@ -117,10 +118,31 @@ router.post('/:tool/:credentialId/apply', async (req, res) => {
     assertTool(tool);
     const result = await applyStoredCredential(tool, credentialId);
     broadcastToolProxyState(tool);
+    const message = tool === 'opencode'
+      ? 'opencode 已应用 OAuth 凭证，并保留现有 API providers'
+      : `${tool} 已切换到 OAuth 凭证控制`;
     res.json({
       tool,
       ...result,
-      message: `${tool} 已切换到 OAuth 凭证控制`
+      message
+    });
+  } catch (error) {
+    res.status(error.statusCode || 500).json({ error: error.message });
+  }
+});
+
+router.post('/:tool/:credentialId/disable-native', (req, res) => {
+  try {
+    const { tool, credentialId } = req.params;
+    assertTool(tool);
+    const result = disableStoredCredential(tool, credentialId);
+    broadcastToolProxyState(tool);
+    res.json({
+      tool,
+      ...result,
+      message: tool === 'opencode'
+        ? 'opencode OAuth provider 已关闭'
+        : `${tool} 本机 OAuth 已关闭`
     });
   } catch (error) {
     res.status(error.statusCode || 500).json({ error: error.message });

package/src/server/api/opencode-proxy.js

@@ -16,7 +16,6 @@ const {
   getCurrentProxyPort
 } = require('../services/opencode-settings-manager');
 const { getChannels, getEnabledChannels, applyChannelToSettings } = require('../services/opencode-channels');
-const { clearNativeOAuth } = require('../services/native-oauth-adapters');
 const { getSchedulerState } = require('../services/channel-scheduler');
 const { PATHS, ensureStorageDirMigrated } = require('../../config/paths');
 const fs = require('fs');
@@ -195,7 +194,6 @@ router.post('/start', async (req, res) => {
     });
 
     const activeModel = currentChannel.model || currentChannel.speedTestModel || null;
-    clearNativeOAuth('opencode');
     setProxyConfig(proxyResult.port, { channels: channelPayloads, model: activeModel });
 
     // 5. 广播状态更新

package/src/server/services/native-oauth-adapters.js

@@ -219,7 +219,7 @@ function inspectClaudeState() {
 
   return {
     tool: 'claude',
-    mode: proxyStatus.running ? 'proxy' : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle')),
+    mode: proxyStatus.running ? 'proxy' : (channelConfigured ? 'channel' : (nativeOAuth ? 'oauth' : 'idle')),
     proxyRunning: proxyStatus.running,
     oauthPresent: Boolean(nativeOAuth),
     channelConfigured,
@@ -395,7 +395,7 @@ function inspectCodexState() {
 
   return {
     tool: 'codex',
-    mode: proxyStatus.running ? 'proxy' : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle')),
+    mode: proxyStatus.running ? 'proxy' : (channelConfigured ? 'channel' : (nativeOAuth ? 'oauth' : 'idle')),
     proxyRunning: proxyStatus.running,
     oauthPresent: Boolean(nativeOAuth),
     channelConfigured,
@@ -619,7 +619,7 @@ function inspectGeminiState() {
 
   return {
     tool: 'gemini',
-    mode: proxyStatus.running ? 'proxy' : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle')),
+    mode: proxyStatus.running ? 'proxy' : (channelConfigured ? 'channel' : (nativeOAuth ? 'oauth' : 'idle')),
     proxyRunning: proxyStatus.running,
     oauthPresent: Boolean(nativeOAuth),
     channelConfigured,
@@ -737,10 +737,67 @@ function clearOpenCodeOAuth() {
   writeJsonFile(NATIVE_PATHS.opencode.auth, payload);
 }
 
-function applyOpenCodeOAuth(credential) {
-  clearOpenCodeOAuth();
-  opencodeSettingsManager.clearManagedChannelConfig();
+function disableOpenCodeOAuthCredential(credential = {}) {
+  const providerId = String(credential.providerId || '').trim();
+  const accessToken = String(credential.accessToken || credential.primaryToken || '').trim();
+  const payload = readJsonFile(NATIVE_PATHS.opencode.auth, {});
+  if (!payload || typeof payload !== 'object') {
+    return;
+  }
+
+  Object.keys(payload).forEach((key) => {
+    const target = payload[key];
+    if (!target || target.type !== 'oauth') {
+      return;
+    }
+
+    const providerMatched = providerId && key === providerId;
+    const tokenMatched = accessToken && String(target.access || '').trim() === accessToken;
+    if (providerMatched || tokenMatched) {
+      delete payload[key];
+    }
+  });
+
+  if (Object.keys(payload).length === 0) {
+    removeFileIfExists(NATIVE_PATHS.opencode.auth);
+    return;
+  }
+
+  writeJsonFile(NATIVE_PATHS.opencode.auth, payload);
+}
+
+function isManagedOpenCodeProvider(provider) {
+  if (!provider || typeof provider !== 'object') {
+    return false;
+  }
+
+  if (provider.__ctx_managed__ === true) {
+    return true;
+  }
+
+  const apiKey = String(provider?.options?.apiKey || '').trim();
+  const baseUrl = String(provider?.options?.baseURL || '').trim();
+  return apiKey === 'PROXY_KEY' && (baseUrl.includes('127.0.0.1') || baseUrl.includes('localhost'));
+}
+
+function clearOpenCodeManagedModelSelection(config) {
+  const modelRef = String(config?.model || '').trim();
+  if (!modelRef || !modelRef.includes('/')) {
+    return;
+  }
+
+  const providerId = modelRef.split('/')[0].trim();
+  if (!providerId) {
+    return;
+  }
+
+  const provider = config?.provider?.[providerId];
+  if (isManagedOpenCodeProvider(provider)) {
+    delete config.model;
+  }
+}
 
+function applyOpenCodeOAuth(credential) {
   const providerId = String(credential.providerId || 'openai').trim() || 'openai';
   const payload = readJsonFile(NATIVE_PATHS.opencode.auth, {});
   payload[providerId] = {
@@ -758,9 +815,12 @@ function applyOpenCodeOAuth(credential) {
     ? opencodeSettingsManager.readConfig(configPath)
     : {};
   config.provider = config.provider && typeof config.provider === 'object' ? config.provider : {};
-  if (!config.provider[providerId]) {
-    config.provider[providerId] = {};
-  }
+  config.provider[providerId] = config.provider[providerId] && typeof config.provider[providerId] === 'object'
+    ? config.provider[providerId]
+    : {};
+  // Preserve existing ctx-managed API providers for OpenCode coexistence, but
+  // drop the active managed selection so OAuth-backed providers become available.
+  clearOpenCodeManagedModelSelection(config);
   opencodeSettingsManager.writeConfig(configPath, config);
 
   return { storage: 'auth-file' };
@@ -787,7 +847,11 @@ function inspectOpenCodeState() {
 
   return {
     tool: 'opencode',
-    mode: proxyStatus.running ? 'proxy' : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle')),
+    mode: proxyStatus.running
+      ? 'proxy'
+      : (nativeOAuth && channelConfigured
+          ? 'mixed'
+          : (nativeOAuth ? 'oauth' : (channelConfigured ? 'channel' : 'idle'))),
     proxyRunning: proxyStatus.running,
     oauthPresent: Boolean(nativeOAuth),
     channelConfigured,
@@ -865,6 +929,25 @@ function clearNativeOAuth(tool) {
   }
 }
 
+function disableNativeOAuthCredential(tool, credential = {}) {
+  switch (tool) {
+    case 'claude':
+      clearClaudeOAuth();
+      return;
+    case 'codex':
+      clearCodexOAuth();
+      return;
+    case 'gemini':
+      clearGeminiOAuth();
+      return;
+    case 'opencode':
+      disableOpenCodeOAuthCredential(credential);
+      return;
+    default:
+      throw new Error(`Unsupported OAuth tool: ${tool}`);
+  }
+}
+
 function applyOAuthCredential(tool, credential) {
   switch (tool) {
     case 'claude':
@@ -887,5 +970,6 @@ module.exports = {
   readNativeOAuth,
   readAllNativeOAuth,
   clearNativeOAuth,
+  disableNativeOAuthCredential,
   applyOAuthCredential
 };

package/src/server/services/oauth-credentials-service.js

@@ -12,6 +12,7 @@ const {
   inspectTool,
   readAllNativeOAuth,
   clearNativeOAuth,
+  disableNativeOAuthCredential,
   applyOAuthCredential
 } = require('./native-oauth-adapters');
 const { maskToken, decodeJwtPayload, removeFileIfExists } = require('./oauth-utils');
@@ -300,6 +301,23 @@ function sanitizeCredential(entry, defaultCredentialId) {
   };
 }
 
+function sanitizeNativeCredential(entry = {}) {
+  const primaryToken = entry.primaryToken
+    || entry.accessToken
+    || entry.token
+    || '';
+
+  return {
+    providerId: entry.providerId || '',
+    accountId: entry.accountId || '',
+    accountEmail: entry.accountEmail || '',
+    expiresAt: entry.expiresAt || null,
+    lastRefresh: entry.lastRefresh || null,
+    storage: entry.storage || '',
+    tokenPreview: maskToken(primaryToken)
+  };
+}
+
 function sanitizeToolSummary(tool, toolStore) {
   const credentials = (toolStore.credentials || [])
     .map((entry) => sanitizeCredential(entry, toolStore.defaultCredentialId))
@@ -309,11 +327,16 @@ function sanitizeToolSummary(tool, toolStore) {
       if (aTime !== bTime) return bTime - aTime;
       return (b.createdAt || 0) - (a.createdAt || 0);
     });
+  const nativeState = inspectTool(tool);
+  const nativeCredentials = readAllNativeOAuth(tool).map((entry) => sanitizeNativeCredential(entry));
   return {
     tool,
     defaultCredentialId: toolStore.defaultCredentialId || null,
     credentials,
-    nativeState: inspectTool(tool)
+    nativeState: {
+      ...nativeState,
+      nativeCredentials
+    }
   };
 }
 
@@ -612,7 +635,9 @@ async function applyStoredCredential(tool, credentialId) {
   const entry = findStoredCredential(tool, credentialId);
   const proxyStopped = await stopProxyIfRunning(tool);
   cleanupManagedArtifacts(tool);
-  disableAllChannelsForTool(tool);
+  if (tool !== 'opencode') {
+    disableAllChannelsForTool(tool);
+  }
   applyOAuthCredential(tool, entry.secrets);
 
   // 记录最近使用时间
@@ -631,6 +656,22 @@ async function applyStoredCredential(tool, credentialId) {
   };
 }
 
+function disableStoredCredential(tool, credentialId) {
+  assertSupportedTool(tool);
+  const entry = findStoredCredential(tool, credentialId);
+  disableNativeOAuthCredential(tool, {
+    ...(entry.secrets || {}),
+    providerId: entry.providerId || entry.secrets?.providerId || '',
+    accountId: entry.accountId || entry.secrets?.accountId || ''
+  });
+
+  return {
+    credential: sanitizeCredential(entry, readStore().tools[tool]?.defaultCredentialId || null),
+    toolSummary: getToolSummary(tool),
+    nativeState: inspectTool(tool)
+  };
+}
+
 function clearNativeOAuthState(tool) {
   assertSupportedTool(tool);
   clearNativeOAuth(tool);
@@ -791,6 +832,7 @@ module.exports = {
   setDefaultCredential,
   deleteCredential,
   applyStoredCredential,
+  disableStoredCredential,
   clearNativeOAuthState,
   fetchCredentialUsage
 };

package/src/server/services/opencode-channels.js

@@ -2,7 +2,6 @@ const fs = require('fs');
 const path = require('path');
 const crypto = require('crypto');
 const { PATHS } = require('../../config/paths');
-const { clearNativeOAuth } = require('./native-oauth-adapters');
 const { setChannelConfig } = require('./opencode-settings-manager');
 const { normalizeGatewaySourceType } = require('./base/proxy-utils');
 
@@ -251,7 +250,6 @@ function applyChannelToSettings(channelId) {
   });
   saveChannels(data);
 
-  clearNativeOAuth('opencode');
   setChannelConfig(channel);
 
   return channel;