npm - groove-dev - Versions diffs - 0.27.74 → 0.27.75 - Mend

groove-dev 0.27.74 → 0.27.75

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/CLAUDE.md CHANGED Viewed

@@ -263,10 +263,3 @@ Audit-driven release. Multi-agent orchestration system with 7 coordination layer
 - Dashboard: routing donut, cache panel, context health gauges
 - Monitor/QC agent mode (stay active, loop)
 - Distribution: demo video, HN launch, Twitter content
-<!-- GROOVE:START -->
-## GROOVE Orchestration (auto-injected)
-Active agents: 0
-See AGENTS_REGISTRY.md for full agent state.
-**Memory policy:** GROOVE manages project memory automatically. Do not read or write MEMORY.md or .groove/memory/ files directly.
-<!-- GROOVE:END -->

package/node_modules/@groove-dev/cli/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@groove-dev/cli",
-  "version": "0.27.74",
+  "version": "0.27.75",
   "description": "GROOVE CLI — manage AI coding agents from your terminal",
   "license": "FSL-1.1-Apache-2.0",
   "type": "module",

package/node_modules/@groove-dev/daemon/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@groove-dev/daemon",
-  "version": "0.27.74",
+  "version": "0.27.75",
   "description": "GROOVE daemon — agent orchestration engine",
   "license": "FSL-1.1-Apache-2.0",
   "type": "module",

package/node_modules/@groove-dev/daemon/src/api.js CHANGED Viewed

@@ -9,6 +9,7 @@ import { spawn, execFile, execFileSync } from 'child_process';
 import { createHash, randomUUID } from 'crypto';
 import { hostname, networkInterfaces, homedir } from 'os';
 import { StringDecoder } from 'string_decoder';
+import { request as httpRequest } from 'http';
 import { lookup as mimeLookup } from './mimetypes.js';
 import { listProviders, getProvider, clearInstallCache, getProviderMetadata, getProviderPath, setProviderPaths } from './providers/index.js';
 import { OllamaProvider } from './providers/ollama.js';
@@ -97,12 +98,18 @@ export function createApi(app, daemon) {
     next();
   });
-  // Security headers
+  // Security headers — preview proxy routes get relaxed framing policy so the
+  // GUI can iframe the proxied dev server content.
   app.use((req, res, next) => {
     res.setHeader('X-Content-Type-Options', 'nosniff');
-    res.setHeader('X-Frame-Options', 'DENY');
     res.setHeader('X-XSS-Protection', '0');
-    res.setHeader('Content-Security-Policy', "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; connect-src 'self' ws://localhost:* ws://127.0.0.1:* http://localhost:* http://127.0.0.1:*; font-src 'self' data:; object-src 'none'; base-uri 'self'; frame-ancestors 'none'");
+    const isPreviewProxy = req.path.match(/^\/api\/preview\/[^/]+\/proxy/);
+    if (isPreviewProxy) {
+      res.setHeader('Content-Security-Policy', "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'");
+    } else {
+      res.setHeader('X-Frame-Options', 'DENY');
+      res.setHeader('Content-Security-Policy', "default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; connect-src 'self' ws://localhost:* ws://127.0.0.1:* http://localhost:* http://127.0.0.1:*; font-src 'self' data:; object-src 'none'; base-uri 'self'; frame-src 'self'; frame-ancestors 'none'");
+    }
     next();
   });
@@ -1258,6 +1265,66 @@ export function createApi(app, daemon) {
     }
   });
+  // --- Image Generation ---
+  app.post('/api/conversations/:id/generate-image', async (req, res) => {
+    try {
+      const { prompt, model, size, quality } = req.body;
+      if (!prompt || typeof prompt !== 'string' || !prompt.trim()) {
+        return res.status(400).json({ error: 'prompt is required' });
+      }
+      const conv = daemon.conversations.get(req.params.id);
+      if (!conv) return res.status(404).json({ error: 'Conversation not found' });
+      let providerName = conv.provider;
+      let provider = getProvider(providerName);
+      // If a specific image model was requested, find the right provider
+      if (model) {
+        const imageProviders = ['codex', 'grok', 'nano-banana'];
+        for (const pid of imageProviders) {
+          const p = getProvider(pid);
+          if (p?.constructor.models.some((m) => m.id === model)) {
+            provider = p;
+            providerName = pid;
+            break;
+          }
+        }
+      }
+      if (!provider?.generateImage) {
+        return res.status(400).json({ error: 'Provider does not support image generation' });
+      }
+      const apiKey = daemon.conversations._getApiKey(providerName);
+      if (!apiKey) {
+        return res.status(400).json({ error: `No API key configured for ${providerName}` });
+      }
+      daemon.broadcast({
+        type: 'conversation:image-progress',
+        data: { conversationId: req.params.id, status: 'generating', prompt: prompt.trim() },
+      });
+      const result = await provider.generateImage(prompt.trim(), { model, size, quality, apiKey });
+      daemon.broadcast({
+        type: 'conversation:image',
+        data: { conversationId: req.params.id, ...result, prompt: prompt.trim() },
+      });
+      daemon.conversations.touchUpdatedAt(req.params.id);
+      daemon.audit.log('conversation.image', { id: req.params.id, model: result.model, provider: result.provider });
+      res.json(result);
+    } catch (err) {
+      daemon.broadcast({
+        type: 'conversation:image-progress',
+        data: { conversationId: req.params.id, status: 'error', error: err.message },
+      });
+      res.status(500).json({ error: err.message });
+    }
+  });
   // --- Approvals ---
   app.get('/api/approvals', (req, res) => {
@@ -3385,6 +3452,191 @@ Keep responses concise. Help them think, don't lecture them about the system the
     res.json(result);
   });
+  // --- Preview Proxy (same-origin iframe support) ---
+  // Forwards HTTP requests to the dev server so the GUI can iframe the preview
+  // without cross-origin issues. WebSocket upgrade for HMR is handled in index.js.
+  app.all('/api/preview/:teamId/proxy/*', (req, res) => {
+    const entry = daemon.preview?.get(req.params.teamId);
+    if (!entry || !entry.url) return res.status(404).json({ error: 'No active preview for this team' });
+    let targetUrl;
+    try { targetUrl = new URL(entry.url); } catch { return res.status(500).json({ error: 'Invalid preview URL' }); }
+    const proxyPath = req.params[0] || '';
+    const search = req.url.includes('?') ? '?' + req.url.split('?').slice(1).join('?') : '';
+    const fullPath = '/' + proxyPath + search;
+    const headers = { ...req.headers };
+    delete headers.host;
+    headers.host = targetUrl.host;
+    const proxyReq = httpRequest({
+      hostname: targetUrl.hostname,
+      port: targetUrl.port,
+      path: fullPath,
+      method: req.method,
+      headers,
+    }, (proxyRes) => {
+      const fwdHeaders = { ...proxyRes.headers };
+      delete fwdHeaders['content-security-policy'];
+      delete fwdHeaders['x-frame-options'];
+      res.writeHead(proxyRes.statusCode, fwdHeaders);
+      proxyRes.pipe(res);
+    });
+    proxyReq.on('error', (err) => {
+      if (!res.headersSent) res.status(502).json({ error: `Proxy error: ${err.message}` });
+    });
+    req.pipe(proxyReq);
+  });
+  // Also handle the bare path (no trailing wildcard)
+  app.all('/api/preview/:teamId/proxy', (req, res) => {
+    const entry = daemon.preview?.get(req.params.teamId);
+    if (!entry || !entry.url) return res.status(404).json({ error: 'No active preview for this team' });
+    let targetUrl;
+    try { targetUrl = new URL(entry.url); } catch { return res.status(500).json({ error: 'Invalid preview URL' }); }
+    const search = req.url.includes('?') ? '?' + req.url.split('?').slice(1).join('?') : '';
+    const headers = { ...req.headers };
+    delete headers.host;
+    headers.host = targetUrl.host;
+    const proxyReq = httpRequest({
+      hostname: targetUrl.hostname,
+      port: targetUrl.port,
+      path: '/' + search,
+      method: req.method,
+      headers,
+    }, (proxyRes) => {
+      const fwdHeaders = { ...proxyRes.headers };
+      delete fwdHeaders['content-security-policy'];
+      delete fwdHeaders['x-frame-options'];
+      res.writeHead(proxyRes.statusCode, fwdHeaders);
+      proxyRes.pipe(res);
+    });
+    proxyReq.on('error', (err) => {
+      if (!res.headersSent) res.status(502).json({ error: `Proxy error: ${err.message}` });
+    });
+    req.pipe(proxyReq);
+  });
+  // --- Iteration endpoint (planner routing for live preview feedback) ---
+  app.post('/api/preview/:teamId/iterate', async (req, res) => {
+    try {
+      const { message, screenshot } = req.body;
+      if (!message || typeof message !== 'string' || !message.trim()) {
+        return res.status(400).json({ error: 'message is required and must be a non-empty string' });
+      }
+      const teamId = req.params.teamId;
+      const agents = daemon.registry.getAll().filter((a) => a.teamId === teamId);
+      const planner = agents.find((a) => a.role === 'planner');
+      if (!planner) {
+        return res.status(400).json({ error: 'No planner found for this team. Iteration routing requires a planner-based team.' });
+      }
+      const terminal = new Set(['completed', 'crashed', 'stopped', 'killed']);
+      const feedbackPrompt = [
+        'ITERATION REQUEST: The user is viewing the live preview and wants changes.',
+        '',
+        `User feedback: ${message.trim()}`,
+        '',
+        screenshot ? 'The user attached a screenshot highlighting what they want changed.' : '',
+        '',
+        'Analyze this feedback and route it to the appropriate team agent (frontend, backend, or fullstack) by writing .groove/recommended-team.json. Be specific about what files to change and what the change should be.',
+      ].filter(Boolean).join('\n');
+      if (terminal.has(planner.status)) {
+        const newAgent = await daemon.processes.spawn({
+          role: planner.role,
+          scope: planner.scope,
+          provider: planner.provider,
+          model: planner.model,
+          prompt: feedbackPrompt,
+          permission: planner.permission || 'full',
+          workingDir: planner.workingDir,
+          name: planner.name,
+          teamId: planner.teamId,
+        });
+        daemon.audit.log('preview.iterate', { teamId, plannerId: newAgent.id, respawned: true });
+        return res.json({ status: 'routed', plannerAgent: newAgent.id, message: 'Feedback sent to respawned planner for routing' });
+      }
+      if (daemon.processes.hasAgentLoop(planner.id)) {
+        await daemon.processes.sendMessage(planner.id, feedbackPrompt);
+      } else if (daemon.processes.isRunning(planner.id)) {
+        daemon.processes.queueMessage(planner.id, feedbackPrompt);
+      } else {
+        return res.status(400).json({ error: 'Planner exists but is not reachable. Try again.' });
+      }
+      daemon.audit.log('preview.iterate', { teamId, plannerId: planner.id, respawned: false });
+      res.json({ status: 'routed', plannerAgent: planner.id, message: 'Feedback sent to planner for routing' });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  // --- Screenshot storage for preview iteration ---
+  app.post('/api/preview/:teamId/screenshot', (req, res) => {
+    try {
+      const { image, filename } = req.body;
+      if (!image || typeof image !== 'string') {
+        return res.status(400).json({ error: 'image (base64 string) is required' });
+      }
+      const teamId = req.params.teamId;
+      const agents = daemon.registry.getAll().filter((a) => a.teamId === teamId);
+      const teamAgent = agents[0];
+      if (!teamAgent) return res.status(404).json({ error: 'No agents found for this team' });
+      const workDir = teamAgent.workingDir || daemon.projectDir;
+      const screenshotDir = resolve(workDir, '.groove', 'screenshots');
+      mkdirSync(screenshotDir, { recursive: true });
+      const ts = Date.now();
+      const safeName = (filename || 'screenshot').replace(/[^a-zA-Z0-9._-]/g, '_');
+      const fname = `${ts}-${safeName}.png`;
+      const filePath = resolve(screenshotDir, fname);
+      const base64Data = image.replace(/^data:image\/\w+;base64,/, '');
+      writeFileSync(filePath, Buffer.from(base64Data, 'base64'));
+      const relativePath = `.groove/screenshots/${fname}`;
+      daemon.audit.log('preview.screenshot', { teamId, path: relativePath });
+      res.json({
+        path: relativePath,
+        url: `/api/preview/${teamId}/screenshots/${fname}`,
+      });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  app.get('/api/preview/:teamId/screenshots/:filename', (req, res) => {
+    const teamId = req.params.teamId;
+    const fname = req.params.filename;
+    if (!fname || fname.includes('..') || fname.includes('/') || fname.includes('\\')) {
+      return res.status(400).json({ error: 'Invalid filename' });
+    }
+    const agents = daemon.registry.getAll().filter((a) => a.teamId === teamId);
+    const teamAgent = agents[0];
+    if (!teamAgent) return res.status(404).json({ error: 'No agents found for this team' });
+    const workDir = teamAgent.workingDir || daemon.projectDir;
+    const filePath = resolve(workDir, '.groove', 'screenshots', fname);
+    if (!existsSync(filePath)) return res.status(404).json({ error: 'Screenshot not found' });
+    res.setHeader('Content-Type', 'image/png');
+    createReadStream(filePath).pipe(res);
+  });
   // Clean up stale artifacts. Scope to a single team when teamId is provided —
   // wiping every agent's working dir on a global cleanup would delete other
   // in-flight teams' unlaunched plans. When called with no teamId, only the
@@ -4166,7 +4418,7 @@ Keep responses concise. Help them think, don't lecture them about the system the
     const ALLOWED_KEYS = [
       'port', 'journalistInterval', 'rotationThreshold', 'autoRotation',
       'qcThreshold', 'maxAgents', 'defaultProvider', 'defaultWorkingDir',
-      'onboardingDismissed', 'defaultModel',
+      'onboardingDismissed', 'defaultModel', 'defaultChatProvider', 'defaultChatModel',
     ];
     for (const key of Object.keys(req.body)) {
       if (!ALLOWED_KEYS.includes(key)) {

package/node_modules/@groove-dev/daemon/src/conversations.js CHANGED Viewed

@@ -56,6 +56,13 @@ export class ConversationManager {
   }
   async create(provider, model, title, mode = 'api') {
+    if (!provider && this.daemon.config?.defaultChatProvider) {
+      provider = this.daemon.config.defaultChatProvider;
+    }
+    if (!model && this.daemon.config?.defaultChatModel) {
+      model = this.daemon.config.defaultChatModel;
+    }
     const id = randomUUID().slice(0, 12);
     const now = new Date().toISOString();
@@ -285,6 +292,8 @@ export class ConversationManager {
       'claude-code': 'ANTHROPIC_API_KEY',
       'codex': 'OPENAI_API_KEY',
       'gemini': 'GEMINI_API_KEY',
+      'grok': 'XAI_API_KEY',
+      'nano-banana': 'GEMINI_API_KEY',
     };
     const envVar = envMap[providerName];
     if (envVar && process.env[envVar]) return process.env[envVar];
@@ -355,6 +364,13 @@ export class ConversationManager {
     // Fallback: headless CLI spawn (for providers without streamChat or missing API key)
     const prompt = this._buildHistoryPrompt(history, message);
     const headlessCmd = provider.buildHeadlessCommand(prompt, modelId);
+    if (!headlessCmd) {
+      this.daemon.broadcast({
+        type: 'conversation:error',
+        data: { conversationId: id, error: `${providerName} requires an API key for chat` },
+      });
+      return;
+    }
     const { command, args, env, stdin: stdinData, cwd } = headlessCmd;
     const spawnOpts = {

package/node_modules/@groove-dev/daemon/src/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 // GROOVE Daemon — Entry Point
 // FSL-1.1-Apache-2.0 — see LICENSE
-import { createServer as createHttpServer } from 'http';
+import { createServer as createHttpServer, request as httpProxyRequest } from 'http';
 import { createServer as createNetServer } from 'net';
 import { execFileSync } from 'child_process';
 import { resolve } from 'path';
@@ -208,6 +208,46 @@ export class Daemon {
         this.federationWss.handleUpgrade(req, socket, head, (ws) => {
           this.federation.handleWsUpgrade(ws, daemonId, callerIp, signatureHeader);
         });
+      } else if (req.url?.startsWith('/api/preview/') && req.url.includes('/proxy')) {
+        // HMR WebSocket proxy — forward to the dev server's WebSocket
+        const match = req.url.match(/^\/api\/preview\/([^/]+)\/proxy\/?(.*)$/);
+        if (!match || !this.preview) { socket.destroy(); return; }
+        const entry = this.preview.get(match[1]);
+        if (!entry?.url) { socket.destroy(); return; }
+        let targetUrl;
+        try { targetUrl = new URL(entry.url); } catch { socket.destroy(); return; }
+        const wsPath = '/' + (match[2] || '');
+        const opts = {
+          hostname: targetUrl.hostname,
+          port: targetUrl.port,
+          path: wsPath,
+          method: 'GET',
+          headers: { ...req.headers, host: targetUrl.host },
+        };
+        const upstream = httpProxyRequest(opts);
+        upstream.on('upgrade', (_res, upSocket, upHead) => {
+          const skipHeaders = new Set(['upgrade', 'connection', 'sec-websocket-accept']);
+          const extra = Object.entries(_res.headers)
+            .filter(([k]) => !skipHeaders.has(k))
+            .map(([k, v]) => `${k}: ${v}\r\n`).join('');
+          socket.write(
+            'HTTP/1.1 101 Switching Protocols\r\n' +
+            `Upgrade: ${_res.headers.upgrade || 'websocket'}\r\n` +
+            `Connection: Upgrade\r\n` +
+            `Sec-WebSocket-Accept: ${_res.headers['sec-websocket-accept'] || ''}\r\n` +
+            extra +
+            '\r\n'
+          );
+          if (upHead.length) socket.write(upHead);
+          upSocket.pipe(socket);
+          socket.pipe(upSocket);
+          upSocket.on('error', () => socket.destroy());
+          socket.on('error', () => upSocket.destroy());
+          upSocket.on('close', () => socket.destroy());
+          socket.on('close', () => upSocket.destroy());
+        });
+        upstream.on('error', () => socket.destroy());
+        upstream.end();
       } else {
         this.wss.handleUpgrade(req, socket, head, (ws) => {
           this.wss.emit('connection', ws, req);

package/node_modules/@groove-dev/daemon/src/preview.js CHANGED Viewed

@@ -17,7 +17,7 @@ import { existsSync, readFileSync, statSync } from 'fs';
 import { createServer } from 'http';
 import { lookup as mimeLookup } from './mimetypes.js';
-const READY_TIMEOUT_MS = 60_000;  // give dev servers a minute to boot
+const READY_TIMEOUT_MS = 120_000;  // give dev servers 2 minutes (large projects need npm install)
 const MAX_STDOUT_BYTES = 256 * 1024;
 // Strip CSI/OSC/other ANSI escape sequences — Vite prints URLs with inline
 // bold/color codes (e.g. "http://localhost:\x1b[1m5175\x1b[22m/") which would
@@ -147,8 +147,24 @@ export class PreviewService {
     });
   }
+  _autoDetectDevCommand(baseDir) {
+    const pkgPath = resolve(baseDir, 'package.json');
+    if (!existsSync(pkgPath)) return null;
+    try {
+      const pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));
+      const scripts = pkg.scripts || {};
+      for (const name of ['dev', 'start', 'serve']) {
+        if (scripts[name]) return `npm run ${name}`;
+      }
+    } catch { /* malformed package.json */ }
+    return null;
+  }
   _launchDevServer(teamId, baseDir, preview) {
-    const command = String(preview.command || '').trim();
+    let command = String(preview.command || '').trim();
+    if (!command) {
+      command = this._autoDetectDevCommand(baseDir) || '';
+    }
     if (!command) {
       return Promise.resolve({ launched: false, reason: 'no_command' });
     }

package/node_modules/@groove-dev/daemon/src/process.js CHANGED Viewed

@@ -1161,6 +1161,11 @@ For normal file edits within your scope, proceed without review.
     const workingDir = plan.workingDir;
     preview.launch(teamId, workingDir, plan.preview).then((result) => {
       if (!result.launched) {
+        const intentionalSkips = new Set(['no_preview', 'cli', 'none']);
+        if (intentionalSkips.has(result.reason)) {
+          console.log(`[Groove] Preview for team ${teamId} intentionally skipped: ${result.reason}`);
+          return;
+        }
         console.warn(`[Groove] Preview for team ${teamId} did not launch: ${result.reason}`);
         this.daemon.broadcast({
           type: 'preview:failed',
@@ -1171,7 +1176,7 @@ For normal file edits within your scope, proceed without review.
       }
     }).catch((err) => {
       console.error(`[Groove] Preview launch error for team ${teamId}:`, err.message);
-      this.daemon.broadcast({ type: 'preview:failed', teamId, reason: err.message });
+      this.daemon.broadcast({ type: 'preview:failed', teamId, kind: plan.preview?.kind, reason: err.message });
     });
   }

package/node_modules/@groove-dev/daemon/src/providers/base.js CHANGED Viewed

@@ -37,6 +37,10 @@ export class Provider {
     return null;
   }
+  async generateImage(prompt, options = {}) {
+    return null;
+  }
   static setupGuide() {
     return { installSteps: [], authMethods: [], authInstructions: {} };
   }

package/node_modules/@groove-dev/daemon/src/providers/codex.js CHANGED Viewed

@@ -43,6 +43,8 @@ export class CodexProvider extends Provider {
     { id: 'gpt-5.4-nano', name: 'GPT-5.4 Nano', tier: 'light', maxContext: 200000, pricing: { input: 0.0004, output: 0.0016 } },
     { id: 'gpt-5-mini', name: 'GPT-5 Mini', tier: 'medium', maxContext: 200000, pricing: { input: 0.0005, output: 0.002 } },
     { id: 'gpt-5-nano', name: 'GPT-5 Nano', tier: 'light', maxContext: 200000, pricing: { input: 0.0001, output: 0.0004 } },
+    { id: 'gpt-image-2', name: 'GPT Image 2', tier: 'medium', type: 'image', pricing: { perImage: 0.07 } },
+    { id: 'gpt-image-1', name: 'GPT Image 1', tier: 'medium', type: 'image', pricing: { perImage: 0.02 } },
   ];
   static isInstalled() {
@@ -186,6 +188,42 @@ export class CodexProvider extends Provider {
     return controller;
   }
+  async generateImage(prompt, options = {}) {
+    const apiKey = options.apiKey;
+    if (!apiKey) throw new Error('OPENAI_API_KEY required for image generation');
+    const body = {
+      model: options.model || 'gpt-image-1',
+      prompt,
+      n: 1,
+    };
+    if (options.size) body.size = options.size;
+    if (options.quality) body.quality = options.quality;
+    const res = await fetch('https://api.openai.com/v1/images/generations', {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${apiKey}`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(body),
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`OpenAI Image API ${res.status}: ${text.slice(0, 200)}`);
+    }
+    const data = await res.json();
+    const image = data.data?.[0];
+    return {
+      url: image?.url || null,
+      b64_json: image?.b64_json || null,
+      model: body.model,
+      provider: 'codex',
+    };
+  }
   parseOutput(line) {
     const trimmed = line.trim();
     if (!trimmed) return null;