hermes-web-ui 0.1.6 → 0.1.7

package/dist/server/routes/config.js

@@ -0,0 +1,314 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configRoutes = void 0;
+const router_1 = __importDefault(require("@koa/router"));
+const promises_1 = require("fs/promises");
+const promises_2 = require("fs/promises");
+const path_1 = require("path");
+const os_1 = require("os");
+const js_yaml_1 = __importDefault(require("js-yaml"));
+const hermes_cli_1 = require("../services/hermes-cli");
+// Platform sections that require gateway restart after config change
+const PLATFORM_SECTIONS = new Set([
+    'telegram', 'discord', 'slack', 'whatsapp', 'matrix',
+    'weixin', 'wecom', 'feishu', 'dingtalk',
+]);
+const configPath = (0, path_1.resolve)((0, os_1.homedir)(), '.hermes/config.yaml');
+const envPath = (0, path_1.resolve)((0, os_1.homedir)(), '.hermes/.env');
+// Env var → (platform, configPath in PlatformConfig) mapping
+// Matches hermes _apply_env_overrides() in gateway/config.py
+const envPlatformMap = {
+    TELEGRAM_BOT_TOKEN: ['telegram', 'token'],
+    DISCORD_BOT_TOKEN: ['discord', 'token'],
+    SLACK_BOT_TOKEN: ['slack', 'token'],
+    MATRIX_ACCESS_TOKEN: ['matrix', 'token'],
+    MATRIX_HOMESERVER: ['matrix', 'extra.homeserver'],
+    FEISHU_APP_ID: ['feishu', 'extra.app_id'],
+    FEISHU_APP_SECRET: ['feishu', 'extra.app_secret'],
+    DINGTALK_CLIENT_ID: ['dingtalk', 'extra.client_id'],
+    DINGTALK_CLIENT_SECRET: ['dingtalk', 'extra.client_secret'],
+    // DingTalk has no _apply_env_overrides entry in hermes;
+    // the adapter reads these env vars directly at runtime.
+    DINGTALK_APP_KEY: ['dingtalk', 'extra.app_key'],
+    WECOM_BOT_ID: ['wecom', 'extra.bot_id'],
+    WECOM_SECRET: ['wecom', 'extra.secret'],
+    WEIXIN_TOKEN: ['weixin', 'token'],
+    WEIXIN_ACCOUNT_ID: ['weixin', 'extra.account_id'],
+    WEIXIN_BASE_URL: ['weixin', 'extra.base_url'],
+    WHATSAPP_ENABLED: ['whatsapp', 'enabled'],
+};
+// Reverse map: (platform, configPath) → env var
+const platformEnvMap = {};
+for (const [envVar, [platform, configPath]] of Object.entries(envPlatformMap)) {
+    if (!platformEnvMap[platform])
+        platformEnvMap[platform] = {};
+    platformEnvMap[platform][configPath] = envVar;
+}
+function parseEnv(raw) {
+    const env = {};
+    for (const line of raw.split('\n')) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#'))
+            continue;
+        const eqIdx = trimmed.indexOf('=');
+        if (eqIdx === -1)
+            continue;
+        const key = trimmed.slice(0, eqIdx).trim();
+        const val = trimmed.slice(eqIdx + 1).trim();
+        if (val)
+            env[key] = val;
+    }
+    return env;
+}
+function setNested(obj, path, value) {
+    const parts = path.split('.');
+    let cur = obj;
+    for (let i = 0; i < parts.length - 1; i++) {
+        if (!cur[parts[i]])
+            cur[parts[i]] = {};
+        cur = cur[parts[i]];
+    }
+    cur[parts[parts.length - 1]] = value;
+}
+function getNested(obj, path) {
+    const parts = path.split('.');
+    let cur = obj;
+    for (const p of parts) {
+        if (!cur || typeof cur !== 'object')
+            return undefined;
+        cur = cur[p];
+    }
+    return cur;
+}
+async function readEnvPlatforms() {
+    try {
+        const raw = await (0, promises_1.readFile)(envPath, 'utf-8');
+        const env = parseEnv(raw);
+        const platforms = {};
+        for (const [envKey, [platform, cfgPath]] of Object.entries(envPlatformMap)) {
+            const val = env[envKey];
+            if (val === undefined || val === '')
+                continue;
+            if (!platforms[platform])
+                platforms[platform] = {};
+            let finalVal = val;
+            if (cfgPath === 'enabled')
+                finalVal = val === 'true';
+            setNested(platforms[platform], cfgPath, finalVal);
+        }
+        return platforms;
+    }
+    catch {
+        return {};
+    }
+}
+// Write a KEY=value to .env (matching hermes save_env_value behavior)
+// If value is empty, remove the line instead
+async function saveEnvValue(key, value) {
+    let raw;
+    try {
+        raw = await (0, promises_1.readFile)(envPath, 'utf-8');
+    }
+    catch {
+        raw = '';
+    }
+    const remove = !value;
+    const lines = raw.split('\n');
+    let found = false;
+    const result = [];
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith('#')) {
+            // Check if there's a commented-out version of this key
+            if (trimmed.startsWith(`# ${key}=`)) {
+                if (!remove) {
+                    result.push(`${key}=${value}`);
+                }
+                found = true;
+            }
+            else {
+                result.push(line);
+            }
+        }
+        else {
+            const eqIdx = trimmed.indexOf('=');
+            if (eqIdx !== -1 && trimmed.slice(0, eqIdx).trim() === key) {
+                if (!remove) {
+                    result.push(`${key}=${value}`);
+                }
+                found = true;
+            }
+            else {
+                result.push(line);
+            }
+        }
+    }
+    if (!found && !remove) {
+        result.push(`${key}=${value}`);
+    }
+    // Remove trailing empty lines, keep exactly one trailing newline
+    let output = result.join('\n').replace(/\n{3,}/g, '\n\n').replace(/\n+$/, '') + '\n';
+    await (0, promises_1.writeFile)(envPath, output, 'utf-8');
+    // Set permissions to 0600 (owner only), matching hermes behavior
+    try {
+        await (0, promises_2.chmod)(envPath, 0o600);
+    }
+    catch { /* ignore */ }
+}
+async function readConfig() {
+    const raw = await (0, promises_1.readFile)(configPath, 'utf-8');
+    return js_yaml_1.default.load(raw) || {};
+}
+async function writeConfig(data) {
+    await (0, promises_1.copyFile)(configPath, configPath + '.bak');
+    const yamlStr = js_yaml_1.default.dump(data, {
+        lineWidth: -1,
+        noRefs: true,
+        quotingType: '"',
+        forceQuotes: false,
+    });
+    await (0, promises_1.writeFile)(configPath, yamlStr, 'utf-8');
+}
+exports.configRoutes = new router_1.default();
+// GET /api/config — read config sections
+exports.configRoutes.get('/api/config', async (ctx) => {
+    try {
+        const config = await readConfig();
+        // Merge .env platform credentials into platforms section
+        const envPlatforms = await readEnvPlatforms();
+        if (Object.keys(envPlatforms).length > 0) {
+            // Deep-merge: env values fill in missing, don't overwrite config.yaml
+            const existing = config.platforms || {};
+            for (const [platform, vals] of Object.entries(envPlatforms)) {
+                existing[platform] = { ...(existing[platform] || {}), ...vals };
+            }
+            config.platforms = existing;
+        }
+        const { section, sections } = ctx.query;
+        if (section) {
+            ctx.body = { [section]: config[section] || {} };
+        }
+        else if (sections) {
+            const keys = sections.split(',');
+            const result = {};
+            for (const key of keys) {
+                result[key.trim()] = config[key.trim()] || {};
+            }
+            ctx.body = result;
+        }
+        else {
+            ctx.body = config;
+        }
+    }
+    catch (err) {
+        ctx.status = 500;
+        ctx.body = { error: err.message };
+    }
+});
+// PUT /api/config — update a config section (writes to config.yaml)
+exports.configRoutes.put('/api/config', async (ctx) => {
+    const { section, values } = ctx.request.body;
+    if (!section || !values) {
+        ctx.status = 400;
+        ctx.body = { error: 'Missing section or values' };
+        return;
+    }
+    try {
+        const config = await readConfig();
+        config[section] = { ...(config[section] || {}), ...values };
+        await writeConfig(config);
+        // Restart gateway for platform/channel config changes
+        if (PLATFORM_SECTIONS.has(section)) {
+            await (0, hermes_cli_1.restartGateway)();
+        }
+        ctx.body = { success: true };
+    }
+    catch (err) {
+        ctx.status = 500;
+        ctx.body = { error: err.message };
+    }
+});
+// PUT /api/config/credentials — save platform credentials to .env
+// Body: { platform: string, values: Record<string, any> }
+// values keys match PlatformConfig paths: 'token', 'extra.app_id', 'extra.app_secret', etc.
+exports.configRoutes.put('/api/config/credentials', async (ctx) => {
+    const { platform, values } = ctx.request.body;
+    if (!platform || !values) {
+        ctx.status = 400;
+        ctx.body = { error: 'Missing platform or values' };
+        return;
+    }
+    try {
+        const envMap = platformEnvMap[platform];
+        if (!envMap) {
+            ctx.status = 400;
+            ctx.body = { error: `Unknown platform: ${platform}` };
+            return;
+        }
+        // Also clean up config.yaml platforms.<platform> to keep in sync
+        const config = await readConfig();
+        let configChanged = false;
+        // Flatten nested values: { extra: { app_id: '' } } → { 'extra.app_id': '' }
+        const flatValues = {};
+        for (const [key, val] of Object.entries(values)) {
+            if (key === 'extra' && val && typeof val === 'object') {
+                for (const [subKey, subVal] of Object.entries(val)) {
+                    flatValues[`extra.${subKey}`] = subVal;
+                }
+            }
+            else {
+                flatValues[key] = val;
+            }
+        }
+        for (const [cfgPath, val] of Object.entries(flatValues)) {
+            const envVar = envMap[cfgPath];
+            if (!envVar)
+                continue;
+            if (val === undefined || val === null || val === '') {
+                await saveEnvValue(envVar, '');
+                // Remove from config.yaml too
+                const parts = cfgPath.split('.');
+                let obj = config.platforms?.[platform];
+                if (obj) {
+                    if (parts.length === 1) {
+                        delete obj[parts[0]];
+                    }
+                    else {
+                        let cur = obj;
+                        for (let i = 0; i < parts.length - 1; i++) {
+                            if (!cur[parts[i]])
+                                break;
+                            cur = cur[parts[i]];
+                        }
+                        delete cur[parts[parts.length - 1]];
+                        // Clean up empty extra
+                        if (obj.extra && Object.keys(obj.extra).length === 0)
+                            delete obj.extra;
+                    }
+                    if (Object.keys(obj).length === 0) {
+                        if (!config.platforms)
+                            config.platforms = {};
+                        delete config.platforms[platform];
+                    }
+                    configChanged = true;
+                }
+            }
+            else {
+                await saveEnvValue(envVar, String(val));
+            }
+        }
+        if (configChanged) {
+            await writeConfig(config);
+        }
+        // Restart gateway for platform credential changes
+        await (0, hermes_cli_1.restartGateway)();
+        ctx.body = { success: true };
+    }
+    catch (err) {
+        ctx.status = 500;
+        ctx.body = { error: err.message };
+    }
+});

package/dist/server/routes/filesystem.js

@@ -41,9 +41,15 @@ async function fetchProviderModels(baseUrl, apiKey) {
         return [];
     }
 }
+// --- Hardcoded model catalogs (single source: src/shared/providers.ts) ---
+const providers_1 = require("../shared/providers");
+const PROVIDER_MODEL_CATALOG = (0, providers_1.buildProviderModelMap)();
 exports.fsRoutes = new router_1.default();
 const hermesDir = (0, path_1.resolve)((0, os_1.homedir)(), '.hermes');
 // --- Helpers ---
+function escapeRegExp(s) {
+    return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
 function extractDescription(content) {
     // SKILL.md format: YAML frontmatter between --- delimiters, then markdown body
     // Extract first non-empty, non-frontmatter, non-heading line as description
@@ -313,19 +319,32 @@ exports.fsRoutes.get('/api/available-models', async (ctx) => {
                 token: entry.access_token,
             });
         }
-        // Fetch all provider models in parallel
-        const results = await Promise.allSettled(endpoints.map(async (ep) => {
-            const models = await fetchProviderModels(ep.base_url, ep.token);
-            return { ...ep, models };
-        }));
+        // Resolve models: hardcoded catalog first, live probe as fallback
         const groups = [];
-        for (const result of results) {
-            if (result.status === 'fulfilled' && result.value.models.length > 0) {
-                const { key, label, base_url, models } = result.value;
-                groups.push({ provider: key, label, base_url, models });
+        const liveEndpoints = [];
+        for (const ep of endpoints) {
+            const catalogModels = PROVIDER_MODEL_CATALOG[ep.key];
+            if (catalogModels && catalogModels.length > 0) {
+                groups.push({ provider: ep.key, label: ep.label, base_url: ep.base_url, models: catalogModels });
             }
-            else if (result.status === 'rejected') {
-                console.error(`[available-models] Failed: ${result.reason?.message || result.reason}`);
+            else {
+                liveEndpoints.push(ep);
+            }
+        }
+        // Only probe endpoints not in the catalog
+        if (liveEndpoints.length > 0) {
+            const results = await Promise.allSettled(liveEndpoints.map(async (ep) => {
+                const models = await fetchProviderModels(ep.base_url, ep.token);
+                return { ...ep, models };
+            }));
+            for (const result of results) {
+                if (result.status === 'fulfilled' && result.value.models.length > 0) {
+                    const { key, label, base_url, models } = result.value;
+                    groups.push({ provider: key, label, base_url, models });
+                }
+                else if (result.status === 'rejected') {
+                    console.error(`[available-models] Failed: ${result.reason?.message || result.reason}`);
+                }
             }
         }
         // Fallback: if no providers returned models, fall back to config.yaml parsing
@@ -384,16 +403,22 @@ exports.fsRoutes.put('/api/config/model', async (ctx) => {
 });
 // POST /api/config/providers
 exports.fsRoutes.post('/api/config/providers', async (ctx) => {
-    const { name, base_url, api_key, model } = ctx.request.body;
+    const { name, base_url, api_key, model, providerKey } = ctx.request.body;
     if (!name || !base_url || !model) {
         ctx.status = 400;
         ctx.body = { error: 'Missing name, base_url, or model' };
         return;
     }
+    if (!api_key) {
+        ctx.status = 400;
+        ctx.body = { error: 'Missing API key' };
+        return;
+    }
     try {
+        // 1. Write to config.yaml custom_providers
         await (0, promises_1.copyFile)(configPath, configPath + '.bak');
         let yaml = await safeReadFile(configPath) || '';
-        const newEntry = `- name: ${name}\n  base_url: ${base_url}\n  api_key: ${api_key || ''}\n  model: ${model}\n`;
+        const newEntry = `- name: ${name}\n  base_url: ${base_url}\n  api_key: ${api_key}\n  model: ${model}\n`;
         if (/^custom_providers:/m.test(yaml)) {
             yaml = yaml.replace(/^(custom_providers:)/m, `$1\n${newEntry}`);
         }
@@ -401,6 +426,32 @@ exports.fsRoutes.post('/api/config/providers', async (ctx) => {
             yaml = yaml.trimEnd() + `\n\ncustom_providers:\n${newEntry}\n`;
         }
         await (0, promises_1.writeFile)(configPath, yaml, 'utf-8');
+        // 2. Write to auth.json credential_pool so GET /api/available-models sees it immediately
+        const poolKey = providerKey
+            || `custom:${name.trim().toLowerCase().replace(/ /g, '-')}`;
+        const auth = await loadAuthJson() || { credential_pool: {} };
+        if (!auth.credential_pool)
+            auth.credential_pool = {};
+        // Don't overwrite existing entries for built-in providers
+        if (!auth.credential_pool[poolKey]) {
+            auth.credential_pool[poolKey] = [];
+        }
+        auth.credential_pool[poolKey].push({
+            id: `${poolKey}-${Date.now()}`,
+            label: name,
+            base_url,
+            access_token: api_key,
+            last_status: null,
+        });
+        await (0, promises_1.writeFile)(authPath, JSON.stringify(auth, null, 2) + '\n', 'utf-8');
+        // 3. Auto-switch model to the newly added provider
+        let yaml2 = await safeReadFile(configPath) || '';
+        const modelBlockMatch = yaml2.match(/^(model:\s*\n(?:  .+\n)*)/m);
+        if (modelBlockMatch) {
+            const lines = [`model:`, `  default: ${model}`, `  provider: ${poolKey}`];
+            yaml2 = yaml2.replace(modelBlockMatch[1], lines.join('\n') + '\n');
+            await (0, promises_1.writeFile)(configPath, yaml2, 'utf-8');
+        }
         ctx.body = { success: true };
     }
     catch (err) {
@@ -408,16 +459,64 @@ exports.fsRoutes.post('/api/config/providers', async (ctx) => {
         ctx.body = { error: err.message };
     }
 });
-// DELETE /api/config/providers/:name
-exports.fsRoutes.delete('/api/config/providers/:name', async (ctx) => {
-    const name = ctx.params.name;
+// DELETE /api/config/providers/:poolKey
+exports.fsRoutes.delete('/api/config/providers/:poolKey', async (ctx) => {
+    const poolKey = decodeURIComponent(ctx.params.poolKey);
     try {
-        await (0, promises_1.copyFile)(configPath, configPath + '.bak');
-        let yaml = await safeReadFile(configPath) || '';
-        const escaped = name.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-        const blockRegex = new RegExp(`  - name:\\s*${escaped}\\s*\\n(?:    .+\\n)*`, 'g');
-        yaml = yaml.replace(blockRegex, '');
-        await (0, promises_1.writeFile)(configPath, yaml, 'utf-8');
+        const auth = await loadAuthJson();
+        if (!auth?.credential_pool) {
+            ctx.status = 404;
+            ctx.body = { error: 'No credential pool found' };
+            return;
+        }
+        const keys = Object.keys(auth.credential_pool);
+        // Guard: cannot delete the last provider
+        if (keys.length <= 1) {
+            ctx.status = 400;
+            ctx.body = { error: 'Cannot delete the last provider' };
+            return;
+        }
+        if (!(poolKey in auth.credential_pool)) {
+            ctx.status = 404;
+            ctx.body = { error: `Provider "${poolKey}" not found` };
+            return;
+        }
+        // Check if this is the current active provider
+        const yaml = await safeReadFile(configPath) || '';
+        const providerMatch = yaml.match(/^  provider:\s*(.+)$/m);
+        const isCurrent = providerMatch && providerMatch[1].trim() === poolKey;
+        // Save base_url before deleting (needed for config.yaml cleanup)
+        const deletedBaseUrl = auth.credential_pool[poolKey]?.[0]?.base_url;
+        // 1. Delete from auth.json
+        delete auth.credential_pool[poolKey];
+        await (0, promises_1.writeFile)(authPath, JSON.stringify(auth, null, 2) + '\n', 'utf-8');
+        // 2. Remove matching entry from config.yaml custom_providers
+        //    Use base_url to match — more reliable than name (preset key ≠ display name)
+        if (deletedBaseUrl) {
+            await (0, promises_1.copyFile)(configPath, configPath + '.bak');
+            let newYaml = await safeReadFile(configPath) || '';
+            const entryRegex = new RegExp(`^- name:.*\\n(?:[ \\t]+.*\\n)*?  base_url:\\s*${escapeRegExp(deletedBaseUrl)}\\s*\\n(?:[ \\t]+.*\\n)*`, 'gm');
+            newYaml = newYaml.replace(entryRegex, '').replace(/\n{3,}/g, '\n\n').trimEnd() + '\n';
+            await (0, promises_1.writeFile)(configPath, newYaml, 'utf-8');
+        }
+        // 3. If was the current provider, switch to first remaining
+        if (isCurrent) {
+            const remainingKeys = Object.keys(auth.credential_pool);
+            if (remainingKeys.length > 0) {
+                const fallback = remainingKeys[0];
+                const fallbackEntry = auth.credential_pool[fallback]?.[0];
+                const catalogModels = PROVIDER_MODEL_CATALOG[fallback] || [];
+                const fallbackModel = catalogModels[0] || fallbackEntry?.label || fallback;
+                await (0, promises_1.copyFile)(configPath, configPath + '.bak');
+                let newYaml = await safeReadFile(configPath) || '';
+                const modelBlockMatch = newYaml.match(/^(model:\s*\n(?:  .+\n)*)/m);
+                if (modelBlockMatch) {
+                    const lines = [`model:`, `  default: ${fallbackModel}`, `  provider: ${fallback}`];
+                    newYaml = newYaml.replace(modelBlockMatch[1], lines.join('\n') + '\n');
+                    await (0, promises_1.writeFile)(configPath, newYaml, 'utf-8');
+                }
+            }
+        }
         ctx.body = { success: true };
     }
     catch (err) {

package/dist/server/routes/weixin.d.ts

@@ -0,0 +1,2 @@
+import Router from '@koa/router';
+export declare const weixinRoutes: Router<import("koa").DefaultState, import("koa").DefaultContext>;

package/dist/server/routes/weixin.js

@@ -0,0 +1,131 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.weixinRoutes = void 0;
+const router_1 = __importDefault(require("@koa/router"));
+const axios_1 = __importDefault(require("axios"));
+const promises_1 = require("fs/promises");
+const promises_2 = require("fs/promises");
+const path_1 = require("path");
+const os_1 = require("os");
+const hermes_cli_1 = require("../services/hermes-cli");
+const envPath = (0, path_1.resolve)((0, os_1.homedir)(), '.hermes/.env');
+const ILINK_BASE = 'https://ilinkai.weixin.qq.com';
+exports.weixinRoutes = new router_1.default();
+// GET /api/weixin/qrcode — fetch QR code from Tencent iLink API
+exports.weixinRoutes.get('/api/weixin/qrcode', async (ctx) => {
+    try {
+        const res = await axios_1.default.get(`${ILINK_BASE}/ilink/bot/get_bot_qrcode`, {
+            params: { bot_type: 3 },
+            timeout: 15000,
+        });
+        const data = res.data;
+        if (!data || !data.qrcode) {
+            ctx.status = 500;
+            ctx.body = { error: 'Failed to get QR code' };
+            return;
+        }
+        ctx.body = {
+            qrcode: data.qrcode,
+            qrcode_url: data.qrcode_img_content,
+        };
+    }
+    catch (err) {
+        ctx.status = 500;
+        ctx.body = { error: err.message || 'Failed to connect to iLink API' };
+    }
+});
+// GET /api/weixin/qrcode/status — poll QR scan status
+exports.weixinRoutes.get('/api/weixin/qrcode/status', async (ctx) => {
+    const qrcode = ctx.query.qrcode;
+    if (!qrcode) {
+        ctx.status = 400;
+        ctx.body = { error: 'Missing qrcode parameter' };
+        return;
+    }
+    try {
+        const res = await axios_1.default.get(`${ILINK_BASE}/ilink/bot/get_qrcode_status`, {
+            params: { qrcode },
+            timeout: 35000,
+        });
+        const data = res.data;
+        const status = data?.status || 'wait';
+        ctx.body = { status };
+        // If confirmed, return credentials so frontend can save them
+        if (status === 'confirmed') {
+            ctx.body = {
+                status: 'confirmed',
+                account_id: data.ilink_bot_id,
+                token: data.bot_token,
+                base_url: data.baseurl,
+            };
+        }
+    }
+    catch (err) {
+        ctx.status = 500;
+        ctx.body = { error: err.message || 'Failed to poll QR status' };
+    }
+});
+// POST /api/weixin/save — save weixin credentials to .env
+exports.weixinRoutes.post('/api/weixin/save', async (ctx) => {
+    const { account_id, token, base_url } = ctx.request.body;
+    if (!account_id || !token) {
+        ctx.status = 400;
+        ctx.body = { error: 'Missing account_id or token' };
+        return;
+    }
+    try {
+        let raw;
+        try {
+            raw = await (0, promises_1.readFile)(envPath, 'utf-8');
+        }
+        catch {
+            raw = '';
+        }
+        const entries = {
+            WEIXIN_ACCOUNT_ID: account_id,
+            WEIXIN_TOKEN: token,
+        };
+        if (base_url)
+            entries.WEIXIN_BASE_URL = base_url;
+        const lines = raw.split('\n');
+        const existingKeys = new Set();
+        const result = [];
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (trimmed.startsWith('#')) {
+                result.push(line);
+                continue;
+            }
+            const eqIdx = trimmed.indexOf('=');
+            if (eqIdx !== -1) {
+                const key = trimmed.slice(0, eqIdx).trim();
+                if (key in entries) {
+                    result.push(`${key}=${entries[key]}`);
+                    existingKeys.add(key);
+                    continue;
+                }
+            }
+            result.push(line);
+        }
+        for (const [key, val] of Object.entries(entries)) {
+            if (!existingKeys.has(key)) {
+                result.push(`${key}=${val}`);
+            }
+        }
+        let output = result.join('\n').replace(/\n{3,}/g, '\n\n').replace(/\n+$/, '') + '\n';
+        await (0, promises_1.writeFile)(envPath, output, 'utf-8');
+        try {
+            await (0, promises_2.chmod)(envPath, 0o600);
+        }
+        catch { /* ignore */ }
+        await (0, hermes_cli_1.restartGateway)();
+        ctx.body = { success: true };
+    }
+    catch (err) {
+        ctx.status = 500;
+        ctx.body = { error: err.message };
+    }
+});

package/dist/server/shared/providers.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Provider registry — single source of truth for both frontend and backend.
+ * Synced from hermes-agent hermes_cli/models.py _PROVIDER_MODELS.
+ */
+export interface ProviderPreset {
+    label: string;
+    value: string;
+    base_url: string;
+    models: string[];
+}
+export declare const PROVIDER_PRESETS: ProviderPreset[];
+/** Build a Record<providerKey, models[]> for backend lookup */
+export declare function buildProviderModelMap(): Record<string, string[]>;