hedgequantx 2.6.100 → 2.6.102

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hedgequantx",
-  "version": "2.6.100",
+  "version": "2.6.102",
   "description": "HedgeQuantX - Prop Futures Trading CLI",
   "main": "src/app.js",
   "bin": {

package/src/menus/ai-agent.js

@@ -782,7 +782,7 @@ const getOAuthConfig = (providerId) => {
 
 /**
  * Setup OAuth connection for any provider with OAuth support
- * Unified flow: copy code from URL (works on local and VPS)
+ * Uses CLIProxyAPI for proper OAuth handling and API access
  */
 const setupOAuthConnection = async (provider) => {
   const config = getOAuthConfig(provider.id);
@@ -792,8 +792,8 @@ const setupOAuthConnection = async (provider) => {
     return await selectProviderOption(provider);
   }
   
-  // Use unified manual flow for all providers and environments
-  return await setupRemoteOAuth(provider, config);
+  // Use CLIProxyAPI for OAuth flow - it handles token exchange and API calls
+  return await setupProxyOAuth(provider, config);
 };
 
 /**
@@ -892,35 +892,42 @@ const setupRemoteOAuth = async (provider, config) => {
   };
   
   // Try to fetch models with the new token
-  spinner.text = 'Fetching available models...';
+  spinner.text = 'Fetching available models from API...';
   spinner.start();
   
   let models = [];
+  let fetchError = null;
   try {
     const { fetchModelsWithOAuth } = require('../services/ai/client');
     models = await fetchModelsWithOAuth(provider.id, result.access);
   } catch (e) {
-    // API failed - will prompt for manual input
+    fetchError = e.message;
   }
   
-  let selectedModel;
-  
+  // RULE: Models MUST come from API - no hardcoded fallback
   if (!models || models.length === 0) {
-    spinner.warn('Could not fetch models from API');
-    
-    // Prompt user to enter model name manually
-    selectedModel = await promptForModelName(config.name);
-    if (!selectedModel) {
-      return await selectProviderOption(provider);
-    }
-  } else {
-    spinner.succeed(`Found ${models.length} models`);
-    
-    // Let user select model from list
-    selectedModel = await selectModelFromList(models, config.name);
-    if (!selectedModel) {
-      return await selectProviderOption(provider);
+    spinner.fail('Could not fetch models from API');
+    console.log();
+    console.log(chalk.red('  ERROR: Unable to retrieve models from provider API'));
+    console.log(chalk.white('  Possible causes:'));
+    console.log(chalk.gray('  - OAuth token may not have permission to list models'));
+    console.log(chalk.gray('  - Network issue or API temporarily unavailable'));
+    console.log(chalk.gray('  - Provider API may have changed'));
+    if (fetchError) {
+      console.log(chalk.gray(`  - Error: ${fetchError}`));
     }
+    console.log();
+    console.log(chalk.yellow('  Please try again or use API Key authentication instead.'));
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  spinner.succeed(`Found ${models.length} models`);
+  
+  // Let user select model from list
+  const selectedModel = await selectModelFromList(models, config.name);
+  if (!selectedModel) {
+    return await selectProviderOption(provider);
   }
   
   // Add agent
@@ -938,32 +945,172 @@ const setupRemoteOAuth = async (provider, config) => {
   return await aiAgentMenu();
 };
 
+// NOTE: promptForModelName was removed - models MUST come from API (RULES.md)
+
 /**
- * Prompt user to enter model name manually when API doesn't return models
+ * Setup OAuth using CLIProxyAPI
+ * CLIProxyAPI handles OAuth flow, token storage, and API calls
+ * Models are fetched from CLIProxyAPI /v1/models endpoint
  */
-const promptForModelName = async (providerName) => {
+const setupProxyOAuth = async (provider, config) => {
+  const boxWidth = getLogoWidth();
+  const W = boxWidth - 2;
+  
+  const makeLine = (content) => {
+    const plainLen = content.replace(/\x1b\[[0-9;]*m/g, '').length;
+    const padding = W - plainLen;
+    return chalk.cyan('║') + ' ' + content + ' '.repeat(Math.max(0, padding - 1)) + chalk.cyan('║');
+  };
+  
+  // Step 1: Ensure CLIProxyAPI is installed and running
+  const spinner = ora({ text: 'Setting up CLIProxyAPI...', color: 'cyan' }).start();
+  
+  try {
+    await proxyManager.ensureRunning();
+    spinner.succeed('CLIProxyAPI ready');
+  } catch (error) {
+    spinner.fail(`Failed to start CLIProxyAPI: ${error.message}`);
+    console.log();
+    console.log(chalk.yellow('  CLIProxyAPI is required for OAuth authentication.'));
+    console.log(chalk.gray('  It will be downloaded automatically on first use.'));
+    console.log();
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  // Step 2: Get OAuth URL from CLIProxyAPI
+  spinner.text = 'Getting authorization URL...';
+  spinner.start();
+  
+  let authUrl, authState;
+  try {
+    const authInfo = await proxyManager.getAuthUrl(provider.id);
+    authUrl = authInfo.url;
+    authState = authInfo.state;
+    spinner.succeed('Authorization URL ready');
+  } catch (error) {
+    spinner.fail(`Failed to get auth URL: ${error.message}`);
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  // Step 3: Show instructions to user
+  console.clear();
+  displayBanner();
+  drawBoxHeaderContinue(`CONNECT ${config.name}`, boxWidth);
+  
+  console.log(makeLine(chalk.yellow('CONNECT YOUR ACCOUNT')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('1. OPEN THE LINK BELOW IN YOUR BROWSER')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white(`2. LOGIN WITH YOUR ${config.accountName.toUpperCase()} ACCOUNT`)));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('3. CLICK "AUTHORIZE"')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.green('4. WAIT FOR CONFIRMATION HERE')));
+  console.log(makeLine(chalk.white('   (The page will close automatically)')));
+  console.log(makeLine(''));
+  
+  drawBoxFooter(boxWidth);
+  
+  // Display URL
+  console.log();
+  console.log(chalk.yellow('  OPEN THIS URL IN YOUR BROWSER:'));
   console.log();
-  console.log(chalk.yellow('  Could not fetch models from API.'));
-  console.log(chalk.white('  Please enter the model name manually.'));
-  console.log(chalk.gray('  (Check provider docs for available models)'));
+  console.log(chalk.cyan(`  ${authUrl}`));
   console.log();
   
-  const modelName = await prompts.textInput(chalk.cyan('MODEL NAME:'));
+  // Try to open browser automatically
+  const browserOpened = await openBrowser(authUrl);
+  if (browserOpened) {
+    console.log(chalk.gray('  (Browser opened automatically)'));
+  } else {
+    console.log(chalk.gray('  (Copy and paste the URL in your browser)'));
+  }
+  console.log();
   
-  if (!modelName || modelName.trim() === '' || modelName.trim() === '<') {
-    return null;
+  // Step 4: Wait for OAuth callback
+  const waitSpinner = ora({ text: 'Waiting for authorization...', color: 'cyan' }).start();
+  
+  try {
+    await proxyManager.waitForAuth(authState, 300000, (status) => {
+      waitSpinner.text = status;
+    });
+    waitSpinner.succeed('Authorization successful!');
+  } catch (error) {
+    waitSpinner.fail(`Authorization failed: ${error.message}`);
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
   }
   
-  return modelName.trim();
-};
-
-/**
- * Setup OAuth via Manual Code Entry (unified flow for local and VPS)
- * User copies the authorization code from the URL or page
- */
-const setupProxyOAuth = async (provider, config) => {
-  // Use the same flow as VPS - it works everywhere
-  return await setupRemoteOAuth(provider, config);
+  // Step 5: Fetch models from CLIProxyAPI
+  waitSpinner.text = 'Fetching available models from API...';
+  waitSpinner.start();
+  
+  let models = [];
+  try {
+    models = await proxyManager.getModels();
+  } catch (error) {
+    waitSpinner.fail(`Failed to fetch models: ${error.message}`);
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  // Filter models for this provider
+  const providerPrefixes = {
+    anthropic: ['claude'],
+    openai: ['gpt', 'o1', 'o3', 'o4'],
+    gemini: ['gemini'],
+    qwen: ['qwen'],
+    iflow: ['deepseek', 'kimi', 'glm']
+  };
+  
+  const prefixes = providerPrefixes[provider.id] || [];
+  const filteredModels = models.filter(m => {
+    const modelLower = m.toLowerCase();
+    return prefixes.some(p => modelLower.includes(p));
+  });
+  
+  // Use filtered models if available, otherwise use all models
+  const availableModels = filteredModels.length > 0 ? filteredModels : models;
+  
+  if (!availableModels || availableModels.length === 0) {
+    waitSpinner.fail('No models available');
+    console.log();
+    console.log(chalk.red('  ERROR: No models found for this provider'));
+    console.log(chalk.gray('  Make sure your subscription is active.'));
+    console.log();
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  waitSpinner.succeed(`Found ${availableModels.length} models`);
+  
+  // Step 6: Let user select model
+  const selectedModel = await selectModelFromList(availableModels, config.name);
+  if (!selectedModel) {
+    return await selectProviderOption(provider);
+  }
+  
+  // Step 7: Save agent config (CLIProxyAPI stores the actual tokens)
+  // We just save a reference to use the proxy
+  const credentials = {
+    useProxy: true,
+    provider: provider.id
+  };
+  
+  try {
+    await aiService.addAgent(provider.id, config.optionId, credentials, selectedModel, config.agentName);
+    
+    console.log(chalk.green(`\n  CONNECTED TO ${config.name}`));
+    console.log(chalk.white(`  MODEL: ${selectedModel}`));
+    console.log(chalk.white('  UNLIMITED USAGE WITH YOUR SUBSCRIPTION'));
+  } catch (error) {
+    console.log(chalk.red(`\n  FAILED TO SAVE: ${error.message}`));
+  }
+  
+  await prompts.waitForEnter();
+  return await aiAgentMenu();
 };
 
 /**
@@ -1252,7 +1399,7 @@ const setupDeviceFlowOAuth = async (provider, config) => {
     return await selectProviderOption(provider);
   }
   
-  pollSpinner.text = 'FETCHING AVAILABLE MODELS...';
+  pollSpinner.text = 'FETCHING AVAILABLE MODELS FROM API...';
   
   // Store OAuth credentials
   const credentials = {
@@ -1264,13 +1411,36 @@ const setupDeviceFlowOAuth = async (provider, config) => {
     }
   };
   
-  // Default models for Qwen
-  const defaultModels = ['qwen3-coder-plus', 'qwen3-235b', 'qwen-max', 'qwen-plus', 'qwen-turbo'];
+  // Fetch models from API - NO hardcoded fallback (RULES.md)
+  let models = [];
+  let fetchError = null;
+  try {
+    const { fetchModelsWithOAuth } = require('../services/ai/client');
+    models = await fetchModelsWithOAuth(provider.id, pollResult.access);
+  } catch (e) {
+    fetchError = e.message;
+  }
+  
+  if (!models || models.length === 0) {
+    pollSpinner.fail('Could not fetch models from API');
+    console.log();
+    console.log(chalk.red('  ERROR: Unable to retrieve models from provider API'));
+    console.log(chalk.white('  Possible causes:'));
+    console.log(chalk.gray('  - OAuth token may not have permission to list models'));
+    console.log(chalk.gray('  - Network issue or API temporarily unavailable'));
+    if (fetchError) {
+      console.log(chalk.gray(`  - Error: ${fetchError}`));
+    }
+    console.log();
+    console.log(chalk.yellow('  Please try again or use API Key authentication instead.'));
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
   
-  pollSpinner.succeed('AUTHENTICATION SUCCESSFUL');
+  pollSpinner.succeed(`Found ${models.length} models`);
   
-  // Let user select model
-  const selectedModel = await selectModelFromList(defaultModels, config.name);
+  // Let user select model from API list
+  const selectedModel = await selectModelFromList(models, config.name);
   if (!selectedModel) {
     return await selectProviderOption(provider);
   }

package/src/services/ai/client.js

@@ -525,15 +525,17 @@ const fetchAnthropicModels = async (apiKey) => {
 
 /**
  * Fetch available models from Anthropic API (OAuth auth)
+ * 
  * @param {string} accessToken - OAuth access token
- * @returns {Promise<Array|null>} Array of model IDs or null on error
+ * @returns {Promise<Object>} { models: Array, error: string|null }
  * 
  * Data source: https://api.anthropic.com/v1/models (GET with Bearer token)
+ * NO HARDCODED FALLBACK - models must come from API only
  */
 const fetchAnthropicModelsOAuth = async (accessToken) => {
-  if (!accessToken) return null;
+  if (!accessToken) return { models: null, error: 'No access token provided' };
   
-  const url = 'https://api.anthropic.com/v1/models';
+  const modelsUrl = 'https://api.anthropic.com/v1/models';
   
   const headers = {
     'Authorization': `Bearer ${accessToken}`,
@@ -542,15 +544,14 @@ const fetchAnthropicModelsOAuth = async (accessToken) => {
   };
   
   try {
-    const response = await makeRequest(url, { method: 'GET', headers, timeout: 10000 });
+    const response = await makeRequest(modelsUrl, { method: 'GET', headers, timeout: 15000 });
     if (response.data && Array.isArray(response.data)) {
       const models = response.data.map(m => m.id).filter(Boolean);
-      if (models.length > 0) return models;
+      if (models.length > 0) return { models, error: null };
     }
-    return null;
+    return { models: null, error: 'API returned empty or invalid response' };
   } catch (error) {
-    // OAuth token may not support /models endpoint
-    return null;
+    return { models: null, error: error.message };
   }
 };
 
@@ -661,6 +662,7 @@ const fetchModelsWithOAuth = async (providerId, accessToken) => {
       
       case 'openai': {
         // Try OpenAI /v1/models endpoint with OAuth token
+        // NO HARDCODED FALLBACK - models must come from API only
         const openaiModels = await fetchOpenAIModels('https://api.openai.com/v1', accessToken);
         if (openaiModels && openaiModels.length > 0) {
           return openaiModels;
@@ -684,7 +686,9 @@ const fetchModelsWithOAuth = async (providerId, accessToken) => {
               .filter(Boolean);
           }
         } catch (e) {
-          // ChatGPT backend not available
+          if (process.env.HQX_DEBUG) {
+            console.error('[DEBUG] ChatGPT backend error:', e.message);
+          }
         }
         
         return null;
@@ -692,21 +696,30 @@ const fetchModelsWithOAuth = async (providerId, accessToken) => {
       
       case 'gemini': {
         // Gemini OAuth - fetch from Generative Language API
-        const geminiUrl = 'https://generativelanguage.googleapis.com/v1/models';
-        const geminiHeaders = {
-          'Authorization': `Bearer ${accessToken}`
-        };
-        const geminiResponse = await makeRequest(geminiUrl, { 
-          method: 'GET', 
-          headers: geminiHeaders, 
-          timeout: 10000 
-        });
-        if (geminiResponse.models && Array.isArray(geminiResponse.models)) {
-          return geminiResponse.models
-            .filter(m => m.supportedGenerationMethods?.includes('generateContent'))
-            .map(m => m.name.replace('models/', ''))
-            .filter(Boolean);
+        // NO HARDCODED FALLBACK - models must come from API only
+        try {
+          const geminiUrl = 'https://generativelanguage.googleapis.com/v1/models';
+          const geminiHeaders = {
+            'Authorization': `Bearer ${accessToken}`
+          };
+          const geminiResponse = await makeRequest(geminiUrl, { 
+            method: 'GET', 
+            headers: geminiHeaders, 
+            timeout: 15000 
+          });
+          if (geminiResponse.models && Array.isArray(geminiResponse.models)) {
+            const models = geminiResponse.models
+              .filter(m => m.supportedGenerationMethods?.includes('generateContent'))
+              .map(m => m.name.replace('models/', ''))
+              .filter(Boolean);
+            if (models.length > 0) return models;
+          }
+        } catch (e) {
+          if (process.env.HQX_DEBUG) {
+            console.error('[DEBUG] Gemini models API error:', e.message);
+          }
         }
+        
         return null;
       }