copillm 0.1.0

package/dist/pi/init.js

@@ -0,0 +1,174 @@
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { CopilotTokenManager } from "../auth/copilotToken.js";
+import { loadStoredCredential } from "../auth/credentials.js";
+import { loadConfig } from "../config/config.js";
+import { listModelsUnion } from "../models/discovery.js";
+import { ensureSecureDirectory, writeFileSecureAtomic } from "../config/fsSecurity.js";
+export async function generatePiHome(options) {
+    const config = loadConfig();
+    const creds = await loadStoredCredential();
+    if (!creds) {
+        throw new Error("Not authenticated. Run `copillm login` first.");
+    }
+    const tokenManager = new CopilotTokenManager(creds.token);
+    await tokenManager.ensureToken(false);
+    const discovery = await listModelsUnion(config.accountType, creds.token, 3);
+    const eligible = discovery.models.filter(isPickerEligible);
+    // Split the catalog by which upstream endpoint each model supports. Models
+    // that advertise `/chat/completions` flow through copillm's Anthropic surface
+    // (the proxy translates Anthropic-messages → OpenAI chat completions
+    // upstream). Models that only advertise `/responses` (newer GPT-5.x
+    // responses-only variants, codex-class models) flow through copillm's
+    // `/codex/v1/responses` route and surface in pi as a second provider using
+    // pi's `openai-responses` api. A model that supports both endpoints is
+    // exposed via the Anthropic-messages path only, so pi's picker doesn't
+    // double-list it.
+    const anthropicEligible = uniqueByModelId(eligible.filter(supportsChatCompletions));
+    const responsesEligible = uniqueByModelId(eligible.filter((m) => !supportsChatCompletions(m) && supportsResponses(m)));
+    if (anthropicEligible.length === 0 && responsesEligible.length === 0) {
+        throw new Error("No models discovered for pi config.");
+    }
+    const proxyUrl = `http://127.0.0.1:${options.port}/anthropic`;
+    // OpenAI SDK posts to `<baseUrl>/responses`, so the baseUrl must include `/v1`.
+    const responsesProxyUrl = `http://127.0.0.1:${options.port}/codex/v1`;
+    const providerId = options.providerId.trim().length > 0 ? options.providerId : "copillm";
+    const responsesProviderId = `${providerId}-responses`;
+    const providers = {};
+    if (anthropicEligible.length > 0) {
+        providers[providerId] = {
+            baseUrl: proxyUrl,
+            api: "anthropic-messages",
+            apiKey: "copillm-local",
+            models: anthropicEligible.map(toPiModelEntry)
+        };
+    }
+    if (responsesEligible.length > 0) {
+        providers[responsesProviderId] = {
+            baseUrl: responsesProxyUrl,
+            api: "openai-responses",
+            apiKey: "copillm-local",
+            models: responsesEligible.map(toPiModelEntry)
+        };
+    }
+    const payload = { providers };
+    const json = `${JSON.stringify(payload, null, 2)}\n`;
+    // 1. Write copillm-owned mirror under ~/.copillm/pi/models.json
+    const absOutDir = path.resolve(options.outDir);
+    ensureSecureDirectory(absOutDir);
+    const mirrorPath = path.join(absOutDir, "models.json");
+    writeFileSecureAtomic(mirrorPath, json, 0o600);
+    // 2. Write the real config pi reads at launch, backing up any pre-existing file.
+    const configPath = piModelsJsonPath();
+    const backupPath = backupIfMismatch(configPath, json);
+    ensureSecureDirectory(path.dirname(configPath));
+    writeFileSecureAtomic(configPath, json, 0o600);
+    return {
+        outDir: absOutDir,
+        mirrorPath,
+        configPath,
+        backupPath,
+        modelCount: anthropicEligible.length + responsesEligible.length,
+        anthropicModelCount: anthropicEligible.length,
+        responsesModelCount: responsesEligible.length,
+        proxyUrl,
+        responsesProxyUrl
+    };
+}
+export function defaultOutputDir(home) {
+    return path.join(home, "pi");
+}
+/** Absolute path to `~/.pi/agent/models.json`. Honors $HOME for tests. */
+export function piModelsJsonPath() {
+    return path.join(os.homedir(), ".pi", "agent", "models.json");
+}
+/**
+ * Eligibility filter shared by both pi providers. Mirrors the gating in
+ * `/anthropic/v1/models` and `/codex/v1/models`: a model must be marked
+ * picker-enabled by the upstream catalog and its policy must not be disabled.
+ * We deliberately do NOT filter by vendor name (so OpenAI- and Gemini-family
+ * models surface in pi alongside Anthropic ones); per-endpoint filtering is
+ * done by the caller via `supportsChatCompletions` / `supportsResponses`.
+ */
+function isPickerEligible(model) {
+    if (typeof model.id !== "string" || model.id.length === 0)
+        return false;
+    if (getNested(model, "model_picker_enabled") !== true)
+        return false;
+    const policyState = getNested(model, "policy", "state");
+    if (typeof policyState === "string" && policyState !== "enabled")
+        return false;
+    return true;
+}
+function supportsChatCompletions(model) {
+    return getEndpointList(model).includes("/chat/completions");
+}
+function supportsResponses(model) {
+    return getEndpointList(model).includes("/responses");
+}
+function getEndpointList(model) {
+    const raw = model.supported_endpoints;
+    return Array.isArray(raw) ? raw.filter((v) => typeof v === "string") : [];
+}
+function toPiModelEntry(model) {
+    const entry = { id: model.id };
+    const contextWindow = getNested(model, "capabilities", "limits", "max_context_window_tokens");
+    if (typeof contextWindow === "number" && Number.isFinite(contextWindow) && contextWindow > 0) {
+        entry.contextWindow = contextWindow;
+    }
+    const maxOutput = getNested(model, "capabilities", "limits", "max_output_tokens");
+    if (typeof maxOutput === "number" && Number.isFinite(maxOutput) && maxOutput > 0) {
+        entry.maxTokens = maxOutput;
+    }
+    return entry;
+}
+function uniqueByModelId(models) {
+    const seen = new Set();
+    const out = [];
+    for (const m of models) {
+        const id = typeof m.id === "string" ? m.id : "";
+        if (id.length === 0 || seen.has(id))
+            continue;
+        seen.add(id);
+        out.push(m);
+    }
+    return out;
+}
+function getNested(source, ...path) {
+    let cur = source;
+    for (const key of path) {
+        if (cur === null || typeof cur !== "object")
+            return undefined;
+        cur = cur[key];
+    }
+    return cur;
+}
+/**
+ * If `target` exists and its contents differ from the new payload, copy it
+ * aside to a timestamped `.bak`. Returns the backup path, or null when no
+ * backup was needed. Best-effort: failures don't block the write — we'd
+ * rather configure pi correctly than abort because of a backup error.
+ */
+function backupIfMismatch(target, newContent) {
+    let existing;
+    try {
+        existing = fs.readFileSync(target, "utf8");
+    }
+    catch (error) {
+        if (error.code === "ENOENT")
+            return null;
+        return null;
+    }
+    if (existing === newContent)
+        return null;
+    const stamp = new Date().toISOString().replace(/[:.]/g, "-");
+    const backupPath = `${target}.copillm-backup-${stamp}.bak`;
+    try {
+        fs.copyFileSync(target, backupPath);
+        return backupPath;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/server/anthropicModelsResponse.js

@@ -0,0 +1,151 @@
+/**
+ * Claude Code's only client-side marker for a 1M-context-budget model is a
+ * literal `[1m]` suffix on the model id (matched in its binary via
+ * `id.includes("opus") && id.includes("[1m]")` for opus and
+ * `id.includes("sonnet[1m]") || id.includes("sonnet-4-6[1m]")` for sonnet).
+ * Without it, Claude Code falls back to its hardcoded 200K per-model cap for
+ * unrecognised model ids and auto-compacts conversations well before they
+ * approach the model's real conversation budget.
+ *
+ * Aliasing the advertised id with `[1m]` is the only way to unlock Claude
+ * Code's 1M-class autocompact behaviour via the gateway discovery path —
+ * the `/anthropic/v1/models` response shape itself has no field for a numeric
+ * context window (Claude Code only reads `id` + `display_name`).
+ *
+ * Request bodies that carry an aliased id are normalised back to the
+ * canonical upstream id before being forwarded (see
+ * `stripOneMillionAlias` in `src/translation/openaiAnthropic.ts` and the
+ * defensive strip in `src/server/proxy.ts`).
+ */
+export const ONE_M_ALIAS_SUFFIX = "[1m]";
+const ONE_M_CONTEXT_THRESHOLD_TOKENS = 1_000_000;
+export function buildAnthropicModelsResponse(models) {
+    const filtered = models.filter(isAnthropicSurfaceEligible);
+    const nowIso = new Date().toISOString();
+    const data = filtered.map((model) => ({
+        type: "model",
+        id: applyOneMillionAlias(model),
+        display_name: extractDisplayName(model),
+        created_at: extractCreatedAt(model) ?? nowIso
+    }));
+    return {
+        data,
+        has_more: false,
+        first_id: data.length > 0 ? data[0].id : null,
+        last_id: data.length > 0 ? data[data.length - 1].id : null
+    };
+}
+/**
+ * Append `[1m]` to a model id when (and only when) the upstream catalog
+ * reports `capabilities.limits.max_context_window_tokens >= 1_000_000` AND
+ * the id contains `opus`.
+ *
+ * Claude Code's 1M-tier matchers (extracted from its binary) only fire for
+ * opus models:
+ *
+ *   dN3(id) = !... && !... && id.toLowerCase().includes("opus") && id.toLowerCase().includes("[1m]")
+ *
+ * The sonnet matcher (`cN3`) requires the literal substring `sonnet[1m]` or
+ * `sonnet-4-6[1m]`, which doesn't fit copillm-aliased ids (an aliased
+ * sonnet would end in `[1m]` but its base would not contain a contiguous
+ * `sonnet[1m]` substring), so a `[1m]` suffix on a sonnet wouldn't unlock
+ * the 1M cap anyway. And no non-Claude vendor (gpt, gemini, ...) has any
+ * `[1m]` matcher at all.
+ *
+ * Restricting the alias to opus avoids showing a misleading `[1m]` next to
+ * a non-opus model (e.g. a gpt or gemini variant) in Claude Code's `/model`
+ * picker — a label that would imply 1M-class behaviour Claude Code would
+ * never deliver for that vendor.
+ *
+ * Models already carrying the suffix are left alone. Models below the 1M
+ * threshold get no alias regardless of name — Claude Code has no
+ * client-side marker for the 200K-1M intermediate range, and over-claiming
+ * would set the wrong autocompact trigger.
+ */
+export function applyOneMillionAlias(model) {
+    const baseId = typeof model.id === "string" ? model.id : "";
+    if (baseId.endsWith(ONE_M_ALIAS_SUFFIX)) {
+        return baseId;
+    }
+    if (!baseId.toLowerCase().includes("opus")) {
+        return baseId;
+    }
+    const maxContext = getNested(model, "capabilities", "limits", "max_context_window_tokens");
+    if (typeof maxContext !== "number" || !Number.isFinite(maxContext)) {
+        return baseId;
+    }
+    if (maxContext < ONE_M_CONTEXT_THRESHOLD_TOKENS) {
+        return baseId;
+    }
+    return `${baseId}${ONE_M_ALIAS_SUFFIX}`;
+}
+/**
+ * Decide which upstream Copilot models should appear in `/anthropic/v1/models`.
+ *
+ * The proxy's Anthropic surface (`/anthropic/v1/messages`) already translates
+ * Anthropic-shape requests into OpenAI `/chat/completions` calls upstream and
+ * translates responses back — see src/server/proxy.ts line ~234, which sends
+ * EVERY Anthropic-surface request to `/chat/completions` regardless of the
+ * model's vendor. The historical filter was a regex on model id matching
+ * `^(claude|anthropic)` which silently dropped Gemini, gpt-4.1, and the
+ * gpt-5.x family from the Claude Code model picker even though the translation
+ * pipeline already handled them end-to-end.
+ *
+ * Gate eligibility on *capability* instead of vendor naming:
+ *   1. `model_picker_enabled === true` — upstream marks the model as user-pickable.
+ *   2. `policy.state` is "enabled" or absent — upstream policy doesn't disable it.
+ *   3. `supported_endpoints` includes `/chat/completions` — the upstream actually
+ *      speaks the protocol the proxy translates against.
+ *
+ * Models that fail any one of these don't appear in the picker. Whether a model
+ * that DOES pass actually returns 2xx for a translated Anthropic request is a
+ * separate concern (some gpt-5.x reasoning models reject the default
+ * chat-completions body shape and 400 at runtime); that's surfaced as an
+ * upstream error per request, not hidden at the catalog level.
+ */
+export function isAnthropicSurfaceEligible(model) {
+    if (typeof model.id !== "string" || model.id.length === 0) {
+        return false;
+    }
+    const pickerEnabled = getNested(model, "model_picker_enabled") === true;
+    if (!pickerEnabled) {
+        return false;
+    }
+    const policyState = getNested(model, "policy", "state");
+    if (policyState !== undefined && policyState !== "enabled") {
+        return false;
+    }
+    const supportedEndpoints = getNested(model, "supported_endpoints");
+    if (!Array.isArray(supportedEndpoints) || !supportedEndpoints.includes("/chat/completions")) {
+        return false;
+    }
+    return true;
+}
+function getNested(obj, ...keys) {
+    let current = obj;
+    for (const key of keys) {
+        if (!current || typeof current !== "object") {
+            return undefined;
+        }
+        current = current[key];
+    }
+    return current;
+}
+function extractDisplayName(model) {
+    const candidate = model.name;
+    if (typeof candidate === "string" && candidate.length > 0) {
+        return candidate;
+    }
+    const displayCandidate = model.display_name;
+    if (typeof displayCandidate === "string" && displayCandidate.length > 0) {
+        return displayCandidate;
+    }
+    return model.id;
+}
+function extractCreatedAt(model) {
+    const candidate = model.created_at;
+    if (typeof candidate === "string" && candidate.length > 0) {
+        return candidate;
+    }
+    return null;
+}

package/dist/server/codexSchema.js

@@ -0,0 +1,100 @@
+const VALID_REASONING_EFFORTS = new Set([
+    "none",
+    "minimal",
+    "low",
+    "medium",
+    "high",
+    "xhigh"
+]);
+function toReasoningEffort(value) {
+    if (typeof value === "string" && VALID_REASONING_EFFORTS.has(value)) {
+        return value;
+    }
+    return "medium";
+}
+function getNested(obj, ...keys) {
+    let current = obj;
+    for (const key of keys) {
+        if (!current || typeof current !== "object") {
+            return undefined;
+        }
+        current = current[key];
+    }
+    return current;
+}
+export function isCodexEligible(model) {
+    const pickerEnabled = getNested(model, "model_picker_enabled") === true;
+    if (!pickerEnabled) {
+        return false;
+    }
+    const policyState = getNested(model, "policy", "state");
+    if (policyState !== undefined && policyState !== "enabled") {
+        return false;
+    }
+    const supportedEndpoints = getNested(model, "supported_endpoints");
+    if (!Array.isArray(supportedEndpoints) || !supportedEndpoints.includes("/responses")) {
+        return false;
+    }
+    return true;
+}
+export function mapCopilotModelToCodex(model) {
+    const supportsReasoning = getNested(model, "capabilities", "supports", "reasoning_effort");
+    const reasoningArray = Array.isArray(supportsReasoning) ? supportsReasoning : ["medium"];
+    const supportedLevels = reasoningArray.map((effort) => ({
+        effort: toReasoningEffort(effort),
+        description: String(effort)
+    }));
+    const contextWindow = getNested(model, "capabilities", "limits", "max_context_window_tokens") ?? null;
+    const parallelTools = getNested(model, "capabilities", "supports", "parallel_tool_calls") === true;
+    const pickerEnabled = getNested(model, "model_picker_enabled") === true;
+    const vendor = getNested(model, "vendor") ?? "Unknown";
+    const displayName = getNested(model, "name") ?? model.id;
+    // Derive vision support from the upstream Copilot capability flag rather
+    // than advertising image input for every model. Models without
+    // `capabilities.supports.vision === true` (e.g. gpt-3.5-turbo, gpt-4-0613,
+    // gpt-4o-mini) would 400 on image content if we claimed otherwise.
+    // `capabilities.limits.vision` (when present) carries per-model image
+    // budgets — image count, byte size, allowed media types. We don't surface
+    // those limits in Codex's schema (it has no field for them today), but the
+    // boolean gate alone is enough to prevent advertising image_modality on
+    // text-only models.
+    const supportsVision = getNested(model, "capabilities", "supports", "vision") === true;
+    return {
+        slug: model.id,
+        display_name: displayName,
+        description: `${vendor} model: ${model.id}`,
+        default_reasoning_level: toReasoningEffort(reasoningArray[0] ?? "medium"),
+        supported_reasoning_levels: supportedLevels,
+        shell_type: "default",
+        visibility: pickerEnabled ? "list" : "hide",
+        supported_in_api: true,
+        priority: 0,
+        additional_speed_tiers: [],
+        service_tiers: [],
+        availability_nux: null,
+        upgrade: null,
+        base_instructions: "",
+        model_messages: null,
+        supports_reasoning_summaries: false,
+        default_reasoning_summary: "none",
+        support_verbosity: false,
+        default_verbosity: null,
+        apply_patch_tool_type: null,
+        web_search_tool_type: "text",
+        truncation_policy: { mode: "bytes", limit: 10_000 },
+        supports_parallel_tool_calls: parallelTools,
+        supports_image_detail_original: supportsVision,
+        context_window: contextWindow,
+        max_context_window: contextWindow,
+        auto_compact_token_limit: null,
+        effective_context_window_percent: 95,
+        experimental_supported_tools: [],
+        input_modalities: supportsVision ? ["text", "image"] : ["text"],
+        supports_search_tool: false
+    };
+}
+export function buildCodexCatalog(models) {
+    return {
+        models: models.filter(isCodexEligible).map(mapCopilotModelToCodex)
+    };
+}

package/dist/server/debugInfo.js

@@ -0,0 +1,48 @@
+import { githubUserUrl } from "../config/upstream.js";
+const CACHE_TTL_MS = 5 * 60 * 1_000;
+let cached = null;
+export async function getGithubUserSummary(githubToken, options = {}) {
+    const now = Date.now();
+    if (cached && now - cached.fetchedAt < CACHE_TTL_MS) {
+        return cached.summary;
+    }
+    const response = await fetch(githubUserUrl(), {
+        headers: {
+            Authorization: `token ${githubToken}`,
+            Accept: "application/vnd.github+json",
+            "User-Agent": "copillm/0.1.0",
+            "X-GitHub-Api-Version": "2022-11-28"
+        },
+        signal: typeof options.timeoutMs === "number" ? AbortSignal.timeout(options.timeoutMs) : undefined
+    });
+    if (!response.ok) {
+        const detail = await response.text();
+        throw new GithubUserFetchError(response.status, detail.slice(0, 256));
+    }
+    const payload = (await response.json());
+    const summary = {
+        login: typeof payload.login === "string" ? payload.login : "",
+        id: typeof payload.id === "number" ? payload.id : 0,
+        name: typeof payload.name === "string" ? payload.name : null,
+        email: typeof payload.email === "string" ? payload.email : null,
+        type: typeof payload.type === "string" ? payload.type : "User",
+        avatar_url: typeof payload.avatar_url === "string" ? payload.avatar_url : null,
+        html_url: typeof payload.html_url === "string" ? payload.html_url : null,
+        plan_name: typeof payload.plan?.name === "string" ? payload.plan.name : null
+    };
+    cached = { fetchedAt: now, summary };
+    return summary;
+}
+export function clearGithubUserCache() {
+    cached = null;
+}
+export class GithubUserFetchError extends Error {
+    status;
+    bodySnippet;
+    constructor(status, bodySnippet) {
+        super(`GitHub user lookup failed (${status}).`);
+        this.status = status;
+        this.bodySnippet = bodySnippet;
+        this.name = "GithubUserFetchError";
+    }
+}

package/dist/server/lock.js

@@ -0,0 +1,150 @@
+import fs from "node:fs";
+import { readFileSync } from "node:fs";
+import { getCopillmHome, lockPath, lockReadPath } from "../config/home.js";
+import { ensureSecureDirectory, writeFileSecureAtomic } from "../config/fsSecurity.js";
+export class LockAlreadyRunningError extends Error {
+    lock;
+    constructor(lock) {
+        super(`copillm is already running (pid ${lock.pid}, port ${lock.port}).`);
+        this.lock = lock;
+        this.name = "LockAlreadyRunningError";
+    }
+}
+export async function acquireLock(port, options) {
+    await acquireLockWithRetry(port, options, false);
+}
+async function acquireLockWithRetry(port, options, alreadyRetried) {
+    const file = lockPath();
+    ensureSecureDirectory(getCopillmHome());
+    const data = {
+        pid: process.pid,
+        port,
+        started_at_iso: new Date().toISOString()
+    };
+    try {
+        const fd = fs.openSync(file, fs.constants.O_CREAT | fs.constants.O_EXCL | fs.constants.O_WRONLY, 0o600);
+        fs.closeSync(fd);
+        writeFileSecureAtomic(file, JSON.stringify(data, null, 2), 0o600);
+        return;
+    }
+    catch (error) {
+        if (!(error instanceof Error) || !("code" in error) || error.code !== "EEXIST") {
+            throw error;
+        }
+    }
+    const inspection = inspectLock();
+    if (inspection.state === "running") {
+        if (options?.isRunning && (await options.isRunning(inspection.lock))) {
+            throw new LockAlreadyRunningError(inspection.lock);
+        }
+        if (alreadyRetried) {
+            throw new Error("Unable to acquire lock after removing stale lock.");
+        }
+        tryUnlinkLock();
+        await acquireLockWithRetry(port, options, true);
+        return;
+    }
+    if (alreadyRetried) {
+        const reason = inspection.state === "stale" ? inspection.reason : "lock_exists";
+        throw new Error(`Unable to acquire lock: ${reason}`);
+    }
+    tryUnlinkLock();
+    await acquireLockWithRetry(port, options, true);
+}
+export function releaseLock() {
+    tryUnlinkLock();
+}
+export function inspectLock() {
+    const file = lockReadPath();
+    if (!fs.existsSync(file)) {
+        return { state: "missing" };
+    }
+    let raw;
+    try {
+        raw = readFileSync(file, "utf8");
+    }
+    catch (error) {
+        return { state: "stale", reason: `failed_to_read_lock: ${errorMessage(error)}`, lock: null };
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return { state: "stale", reason: "lock_json_invalid", lock: null };
+    }
+    const lock = parseLockFileData(parsed);
+    if (!lock) {
+        return { state: "stale", reason: "lock_schema_invalid", lock: null };
+    }
+    const alive = processAlive(lock.pid);
+    if (!alive) {
+        return { state: "stale", reason: "pid_not_alive", lock };
+    }
+    return { state: "running", lock };
+}
+export function readLock() {
+    const inspection = inspectLock();
+    if (inspection.state !== "running") {
+        return null;
+    }
+    return inspection.lock;
+}
+function processAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch (error) {
+        if (!(error instanceof Error) || !("code" in error)) {
+            throw error;
+        }
+        const code = error.code;
+        if (code === "ESRCH") {
+            return false;
+        }
+        if (code === "EPERM") {
+            return true;
+        }
+        return false;
+    }
+}
+function tryUnlinkLock() {
+    const file = lockPath();
+    if (!fs.existsSync(file)) {
+        return;
+    }
+    try {
+        fs.unlinkSync(file);
+    }
+    catch (error) {
+        if (!(error instanceof Error) || !("code" in error) || error.code !== "ENOENT") {
+            throw error;
+        }
+    }
+}
+function parseLockFileData(input) {
+    if (!input || typeof input !== "object") {
+        return null;
+    }
+    const obj = input;
+    if (typeof obj.pid !== "number" ||
+        !Number.isInteger(obj.pid) ||
+        obj.pid <= 0 ||
+        typeof obj.port !== "number" ||
+        !Number.isInteger(obj.port) ||
+        obj.port < 1 ||
+        obj.port > 65535 ||
+        typeof obj.started_at_iso !== "string" ||
+        obj.started_at_iso.length === 0) {
+        return null;
+    }
+    return {
+        pid: obj.pid,
+        port: obj.port,
+        started_at_iso: obj.started_at_iso
+    };
+}
+function errorMessage(error) {
+    return error instanceof Error ? error.message : "unknown_error";
+}