omnikey-cli 1.0.22 → 1.0.24

package/backend-dist/agent/agentAuth.js

@@ -0,0 +1,134 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authenticateFromAuthHeader = authenticateFromAuthHeader;
+exports.createLazyAuthContext = createLazyAuthContext;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const config_1 = require("../config");
+const subscription_1 = require("../models/subscription");
+const authMiddleware_1 = require("../authMiddleware");
+/**
+ * Authenticates a WebSocket connection from a Bearer token in the Authorization header.
+ *
+ * In self-hosted mode, skips JWT verification and returns the self-hosted subscription directly.
+ * Otherwise, verifies the JWT, looks up the subscription by ID, and checks that it is not expired.
+ * Marks the subscription as expired and persists the change if the license key has passed its expiry date.
+ *
+ * @param authHeader - The raw `Authorization` header value (e.g. `"Bearer <token>"`).
+ * @param log - Logger instance scoped to the current connection.
+ * @returns The authenticated `Subscription`, or `null` if authentication fails for any reason.
+ */
+async function authenticateFromAuthHeader(authHeader, log) {
+    if (config_1.config.isSelfHosted) {
+        log.info('Self-hosted mode: skipping JWT authentication for agent WebSocket connection.');
+        try {
+            const subscription = await (0, authMiddleware_1.selfHostedSubscription)();
+            log.info('Retrieved self-hosted subscription for agent WebSocket connection', {
+                subscriptionId: subscription.id,
+            });
+            return subscription;
+        }
+        catch (err) {
+            log.error('Failed to retrieve self-hosted subscription for agent WebSocket connection', {
+                error: err,
+            });
+            return null;
+        }
+    }
+    if (!config_1.config.jwtSecret) {
+        log.error('JWT secret is not configured. Cannot authenticate subscription from auth header.');
+        return null;
+    }
+    if (!authHeader) {
+        log.warn('Agent WebSocket connection missing authorization header');
+        return null;
+    }
+    const [scheme, token] = authHeader.split(' ');
+    if (scheme !== 'Bearer' || !token) {
+        log.warn('Agent WebSocket connection has malformed authorization header');
+        return null;
+    }
+    try {
+        const decoded = jsonwebtoken_1.default.verify(token, config_1.config.jwtSecret);
+        const subscription = await subscription_1.Subscription.findByPk(decoded.sid);
+        if (!subscription) {
+            log.warn('Agent WebSocket auth failed: subscription not found', {
+                sid: decoded.sid,
+            });
+            return null;
+        }
+        if (subscription.subscriptionStatus === 'expired') {
+            log.warn('Agent WebSocket auth failed: subscription expired', {
+                sid: decoded.sid,
+            });
+            return null;
+        }
+        const now = new Date();
+        if (subscription.licenseKeyExpiresAt && subscription.licenseKeyExpiresAt <= now) {
+            subscription.subscriptionStatus = 'expired';
+            await subscription.save();
+            log.info('Agent WebSocket auth: subscription key expired during connection', {
+                subscriptionId: subscription.id,
+            });
+            return null;
+        }
+        log.debug('Agent WebSocket auth succeeded', {
+            subscriptionId: subscription.id,
+            status: subscription.subscriptionStatus,
+        });
+        return subscription;
+    }
+    catch (err) {
+        log.warn('Agent WebSocket auth failed: invalid or expired JWT', { error: err });
+        return null;
+    }
+}
+/**
+ * Creates a lazy authentication context for a WebSocket connection.
+ *
+ * Authentication is deferred until the first call to `ensureAuthenticated`, and the result
+ * is cached so subsequent calls resolve immediately without re-verifying the token.
+ * Concurrent calls during the first authentication are coalesced into a single in-flight promise.
+ *
+ * @param authHeader - The raw `Authorization` header value forwarded from the upgrade request.
+ * @param log - Logger instance scoped to the current connection.
+ * @returns An `AuthContext` with `ensureAuthenticated` and `getSubscription` accessors.
+ */
+function createLazyAuthContext(authHeader, log) {
+    let authenticatedSubscription = null;
+    let authFailed = false;
+    let authPromise = null;
+    const ensureAuthenticated = async () => {
+        if (authenticatedSubscription) {
+            return true;
+        }
+        if (authFailed) {
+            return false;
+        }
+        if (!authPromise) {
+            authPromise = (async () => {
+                try {
+                    const sub = await authenticateFromAuthHeader(authHeader, log);
+                    if (!sub) {
+                        authFailed = true;
+                        return;
+                    }
+                    authenticatedSubscription = sub;
+                    log.info('Agent WebSocket authenticated', {
+                        subscriptionId: authenticatedSubscription.id,
+                    });
+                }
+                catch (err) {
+                    authFailed = true;
+                    log.error('Unexpected error during agent WebSocket auth', { error: err });
+                }
+            })();
+        }
+        await authPromise;
+        return Boolean(authenticatedSubscription);
+    };
+    const getSubscription = () => authenticatedSubscription;
+    return { ensureAuthenticated, getSubscription };
+}

package/backend-dist/agent/agentServer.js

@@ -38,7 +38,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.attachAgentWebSocketServer = attachAgentWebSocketServer;
 const ws_1 = __importStar(require("ws"));
-const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const cuid_1 = __importDefault(require("cuid"));
 const config_1 = require("../config");
 const logger_1 = require("../logger");
@@ -46,8 +45,9 @@ const subscription_1 = require("../models/subscription");
 const subscriptionUsage_1 = require("../models/subscriptionUsage");
 const agentPrompts_1 = require("./agentPrompts");
 const featureRoutes_1 = require("../featureRoutes");
-const authMiddleware_1 = require("../authMiddleware");
 const web_search_provider_1 = require("../web-search-provider");
+const agentAuth_1 = require("./agentAuth");
+const utils_1 = require("./utils");
 const ai_client_1 = require("../ai-client");
 async function runToolLoop(initialResult, session, sessionId, send, log, tools, onUsage) {
     const MAX_TOOL_ITERATIONS = 10;
@@ -61,7 +61,7 @@ async function runToolLoop(initialResult, session, sessionId, send, log, tools,
         // would leave the history ending with an assistant turn, causing a 400.
         if (!toolCalls.length)
             break;
-        session.history.push(result.assistantMessage);
+        (0, utils_1.pushToSessionHistory)(logger_1.logger, session, result.assistantMessage);
         log.info('Agent executing tool calls', {
             sessionId,
             turn: session.turns,
@@ -91,7 +91,7 @@ async function runToolLoop(initialResult, session, sessionId, send, log, tools,
             return { id: tc.id, name: tc.name, result: toolResult };
         }));
         for (const { id, name, result: toolResult } of toolResults) {
-            session.history.push({
+            (0, utils_1.pushToSessionHistory)(logger_1.logger, session, {
                 role: 'tool',
                 tool_call_id: id,
                 tool_name: name,
@@ -109,19 +109,19 @@ async function runToolLoop(initialResult, session, sessionId, send, log, tools,
     // force a final text response by calling again without tools.
     if (result.finish_reason === 'tool_calls') {
         log.warn('Tool loop hit MAX_TOOL_ITERATIONS; forcing final conclusion', { sessionId });
-        session.history.push(result.assistantMessage);
+        (0, utils_1.pushToSessionHistory)(logger_1.logger, session, result.assistantMessage);
         // The API requires a tool_result for every tool_use in the preceding
         // assistant message. Add synthetic results for any unexecuted calls so
         // the history remains valid before we send the follow-up user message.
         for (const tc of result.tool_calls ?? []) {
-            session.history.push({
+            (0, utils_1.pushToSessionHistory)(logger_1.logger, session, {
                 role: 'tool',
                 tool_call_id: tc.id,
                 tool_name: tc.name,
                 content: 'Tool call limit reached. Result unavailable.',
             });
         }
-        session.history.push({
+        (0, utils_1.pushToSessionHistory)(logger_1.logger, session, {
             role: 'user',
             content: 'You have reached the maximum number of tool calls. Do NOT make any further tool calls or web searches. You MUST now provide a final answer directly. If you still need to gather information from the system, generate a `<shell_scripts>` block instead of making tool calls.',
         });
@@ -136,10 +136,6 @@ async function runToolLoop(initialResult, session, sessionId, send, log, tools,
     });
     return result;
 }
-function buildAvailableTools() {
-    // web_search is always available — DuckDuckGo is used as free fallback
-    return [web_search_provider_1.WEB_FETCH_TOOL, web_search_provider_1.WEB_SEARCH_TOOL];
-}
 const aiModel = (0, ai_client_1.getDefaultModel)(config_1.config.aiProvider, 'smart');
 const sessionMessages = new Map();
 const MAX_TURNS = 10;
@@ -199,79 +195,6 @@ ${prompt}
         hasStoredPrompt: !!prompt,
     };
 }
-async function authenticateFromAuthHeader(authHeader, log) {
-    if (config_1.config.isSelfHosted) {
-        log.info('Self-hosted mode: skipping JWT authentication for agent WebSocket connection.');
-        try {
-            const subscription = await (0, authMiddleware_1.selfHostedSubscription)();
-            log.info('Retrieved self-hosted subscription for agent WebSocket connection', {
-                subscriptionId: subscription.id,
-            });
-            return subscription;
-        }
-        catch (err) {
-            log.error('Failed to retrieve self-hosted subscription for agent WebSocket connection', {
-                error: err,
-            });
-            return null;
-        }
-    }
-    if (!config_1.config.jwtSecret) {
-        log.error('JWT secret is not configured. Cannot authenticate subscription from auth header.');
-        return null;
-    }
-    if (!authHeader) {
-        log.warn('Agent WebSocket connection missing authorization header');
-        return null;
-    }
-    const [scheme, token] = authHeader.split(' ');
-    if (scheme !== 'Bearer' || !token) {
-        log.warn('Agent WebSocket connection has malformed authorization header');
-        return null;
-    }
-    try {
-        const decoded = jsonwebtoken_1.default.verify(token, config_1.config.jwtSecret);
-        const subscription = await subscription_1.Subscription.findByPk(decoded.sid);
-        if (!subscription) {
-            log.warn('Agent WebSocket auth failed: subscription not found', {
-                sid: decoded.sid,
-            });
-            return null;
-        }
-        if (subscription.subscriptionStatus === 'expired') {
-            log.warn('Agent WebSocket auth failed: subscription expired', {
-                sid: decoded.sid,
-            });
-            return null;
-        }
-        const now = new Date();
-        if (subscription.licenseKeyExpiresAt && subscription.licenseKeyExpiresAt <= now) {
-            subscription.subscriptionStatus = 'expired';
-            await subscription.save();
-            log.info('Agent WebSocket auth: subscription key expired during connection', {
-                subscriptionId: subscription.id,
-            });
-            return null;
-        }
-        log.debug('Agent WebSocket auth succeeded', {
-            subscriptionId: subscription.id,
-            status: subscription.subscriptionStatus,
-        });
-        return subscription;
-    }
-    catch (err) {
-        log.warn('Agent WebSocket auth failed: invalid or expired JWT', { error: err });
-        return null;
-    }
-}
-function createUserContent(content, hasStoredPrompt) {
-    return hasStoredPrompt
-        ? content
-            .toLowerCase()
-            .replace(/@omniagent/g, '')
-            .trim()
-        : content;
-}
 async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
     const { sessionState: session, hasStoredPrompt } = await getOrCreateSession(sessionId, subscription, clientMessage.platform, log);
     // Count this call as one agent iteration.
@@ -284,7 +207,7 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
     // On the MAX_TURNS iteration, instruct the LLM to provide a final,
     // consolidated answer based on the full conversation context.
     if (session.turns === MAX_TURNS) {
-        session.history.push({
+        (0, utils_1.pushToSessionHistory)(logger_1.logger, session, {
             role: 'system',
             content: 'Provide a single, final, concise answer based on the entire conversation so far. Wrap the answer in a <final_answer>...</final_answer> block and do not ask for further input or mention additional shell scripts to run. Do not include any <shell_script> block in this response.',
         });
@@ -314,17 +237,17 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
         // represent environment feedback that the agent must reason about next.
         // Pushing them as 'assistant' would create two consecutive assistant turns
         // which breaks most LLM APIs and prevents the model from processing the output.
-        session.history.push({
+        (0, utils_1.pushToSessionHistory)(logger_1.logger, session, {
             role: 'user',
             content: isAssistance
                 ? userContent
-                : `<user_input>${createUserContent(userContent, hasStoredPrompt)}</user_input>`,
+                : `<user_input>${(0, utils_1.createUserContent)(userContent, hasStoredPrompt)}</user_input>`,
         });
     }
     // On the final turn we omit tools so the model is forced to emit a
     // plain text <final_answer> rather than issuing another tool call.
     const isFinalTurn = session.turns >= MAX_TURNS;
-    const tools = isFinalTurn ? undefined : buildAvailableTools();
+    const tools = isFinalTurn ? undefined : (0, utils_1.buildAvailableTools)();
     const recordUsage = async (result) => {
         const usage = result.usage;
         if (!usage || !subscription.id || config_1.config.isSelfHosted)
@@ -366,7 +289,7 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
         if (!content && result.finish_reason !== 'tool_calls') {
             log.warn('Agent LLM returned empty content; sending generic error to client.');
             const errorMessage = 'The agent returned an empty response. Please try again.';
-            sendFinalAnswer(send, sessionId, errorMessage, true);
+            (0, utils_1.sendFinalAnswer)(send, sessionId, errorMessage, true);
             // Clear any cached session state so a subsequent attempt can
             // start fresh without a polluted history.
             sessionMessages.delete(sessionId);
@@ -380,7 +303,7 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
                 subscriptionId: subscription.id,
                 turn: session.turns,
             });
-            const toolLoopResult = await runToolLoop(result, session, sessionId, send, log, buildAvailableTools(), recordUsage);
+            const toolLoopResult = await runToolLoop(result, session, sessionId, send, log, (0, utils_1.buildAvailableTools)(), recordUsage);
             const toolLoopContent = toolLoopResult.content.trim();
             const toolLoopHasShell = toolLoopContent.includes('<shell_script>');
             const toolLoopHasFinal = toolLoopContent.includes('<final_answer>');
@@ -402,9 +325,9 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
                 // <final_answer>. The directive below tells it to use <shell_script> as
                 // a fallback instead of asking the user to run commands.
                 if (toolLoopResult.assistantMessage) {
-                    session.history.push(toolLoopResult.assistantMessage);
+                    (0, utils_1.pushToSessionHistory)(logger_1.logger, session, toolLoopResult.assistantMessage);
                 }
-                session.history.push({
+                (0, utils_1.pushToSessionHistory)(logger_1.logger, session, {
                     role: 'user',
                     content: webToolFailed
                         ? [
@@ -450,7 +373,7 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
                 turn: session.turns,
                 responseLength: result.content.length,
             });
-            session.history.push({
+            (0, utils_1.pushToSessionHistory)(logger_1.logger, session, {
                 role: 'assistant',
                 content,
             });
@@ -487,7 +410,7 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
                 subscriptionId: subscription.id,
                 turn: session.turns,
             });
-            session.history.push({ role: 'assistant', content });
+            (0, utils_1.pushToSessionHistory)(log, session, { role: 'assistant', content });
             send({
                 session_id: sessionId,
                 sender: 'agent',
@@ -499,64 +422,19 @@ async function runAgentTurn(sessionId, subscription, clientMessage, send, log) {
             log.warn('Agent returned empty content with no recognized tags; sending error', {
                 sessionId,
             });
-            sendFinalAnswer(send, sessionId, 'The agent returned an empty response. Please try again.', true);
+            (0, utils_1.sendFinalAnswer)(send, sessionId, 'The agent returned an empty response. Please try again.', true);
             sessionMessages.delete(sessionId);
         }
     }
     catch (err) {
         log.error('Agent LLM call failed', { error: err });
         const errorMessage = 'Agent failed to call language model. Please try again later.';
-        sendFinalAnswer(send, sessionId, errorMessage, true);
+        (0, utils_1.sendFinalAnswer)(send, sessionId, errorMessage, true);
         // Clear any cached session state so a subsequent attempt can
         // start fresh without being polluted by a failed turn.
         sessionMessages.delete(sessionId);
     }
 }
-function sendFinalAnswer(send, sessionId, message, isError) {
-    send({
-        session_id: sessionId,
-        sender: 'agent',
-        content: `<final_answer>\n${message}\n</final_answer>`,
-        is_terminal_output: false,
-        is_error: isError,
-    });
-}
-function createLazyAuthContext(authHeader, log) {
-    let authenticatedSubscription = null;
-    let authFailed = false;
-    let authPromise = null;
-    const ensureAuthenticated = async () => {
-        if (authenticatedSubscription) {
-            return true;
-        }
-        if (authFailed) {
-            return false;
-        }
-        if (!authPromise) {
-            authPromise = (async () => {
-                try {
-                    const sub = await authenticateFromAuthHeader(authHeader, log);
-                    if (!sub) {
-                        authFailed = true;
-                        return;
-                    }
-                    authenticatedSubscription = sub;
-                    log.info('Agent WebSocket authenticated', {
-                        subscriptionId: authenticatedSubscription.id,
-                    });
-                }
-                catch (err) {
-                    authFailed = true;
-                    log.error('Unexpected error during agent WebSocket auth', { error: err });
-                }
-            })();
-        }
-        await authPromise;
-        return Boolean(authenticatedSubscription);
-    };
-    const getSubscription = () => authenticatedSubscription;
-    return { ensureAuthenticated, getSubscription };
-}
 function attachAgentWebSocketServer(server) {
     const wss = new ws_1.WebSocketServer({ server, path: '/ws/omni-agent' });
     wss.on('connection', (ws, req) => {
@@ -565,7 +443,7 @@ function attachAgentWebSocketServer(server) {
         log.info('Agent WebSocket connection opened');
         const authHeaderValue = req.headers['authorization'];
         const authHeader = Array.isArray(authHeaderValue) ? authHeaderValue[0] : authHeaderValue;
-        const { ensureAuthenticated, getSubscription } = createLazyAuthContext(authHeader, log);
+        const { ensureAuthenticated, getSubscription } = (0, agentAuth_1.createLazyAuthContext)(authHeader, log);
         const send = (msg) => {
             try {
                 ws.send(JSON.stringify(msg));

package/backend-dist/agent/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/backend-dist/agent/utils.js

@@ -0,0 +1,104 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildAvailableTools = buildAvailableTools;
+exports.createUserContent = createUserContent;
+exports.sendFinalAnswer = sendFinalAnswer;
+exports.pushToSessionHistory = pushToSessionHistory;
+const web_search_provider_1 = require("../web-search-provider");
+const ai_client_1 = require("../ai-client");
+const config_1 = require("../config");
+/**
+ * Returns the set of web tools available to the agent for every turn.
+ *
+ * `web_search` is always included because DuckDuckGo is used as a free
+ * fallback when no third-party search key is configured.
+ *
+ * @returns An array of `AITool` definitions ready to pass to the AI client.
+ */
+function buildAvailableTools() {
+    return [web_search_provider_1.WEB_FETCH_TOOL, web_search_provider_1.WEB_SEARCH_TOOL];
+}
+/**
+ * Strips the `@omniagent` mention from user-supplied content.
+ *
+ * The desktop client prefixes messages with `@omniAgent` to trigger the agent.
+ * This helper removes that prefix (case-insensitive) so the raw directive
+ * reaches the model without the routing annotation.
+ *
+ * @param content - Raw content string from the client message.
+ * @param hasStoredPrompt - only remove the mention if the command has a stored prompt, otherwise it may be part of the user input
+ * @returns The cleaned content string with the mention removed and whitespace trimmed.
+ */
+function createUserContent(content, hasStoredPrompt) {
+    if (hasStoredPrompt) {
+        return content.replace(/@omniagent/gi, '').trim();
+    }
+    return content;
+}
+/**
+ * Sends a `<final_answer>` message over the WebSocket and closes the agent turn.
+ *
+ * Wraps `message` in `<final_answer>` tags so the client knows the agent has
+ * finished reasoning and can display the result. Used for both successful
+ * conclusions and error responses.
+ *
+ * @param send - The WebSocket send function scoped to the current connection.
+ * @param sessionId - ID of the session this answer belongs to.
+ * @param message - The final answer text to send to the client.
+ * @param isError - When `true`, the client renders the message as an error.
+ */
+function sendFinalAnswer(send, sessionId, message, isError) {
+    send({
+        session_id: sessionId,
+        sender: 'agent',
+        content: `<final_answer>\n${message}\n</final_answer>`,
+        is_terminal_output: false,
+        is_error: isError,
+    });
+}
+// Per-message hard string limit enforced by the provider API.
+const MAX_MESSAGE_CONTENT = (0, ai_client_1.getMaxMessageContentLength)(config_1.config.aiProvider);
+// Total character budget across all history messages (derived from the
+// provider's context-window size minus headroom for output + system prompt).
+const MAX_HISTORY_TOTAL = (0, ai_client_1.getMaxHistoryLength)(config_1.config.aiProvider);
+const FINAL_ANSWER_REQUEST = {
+    role: 'user',
+    content: 'Content was truncated because a length limit was reached. ' +
+        'You MUST stop making tool calls and provide a final answer immediately using <final_answer>...</final_answer>.',
+};
+/**
+ * Pushes a message onto the session history, enforcing two independent limits:
+ *
+ * 1. **Per-message limit** (`MAX_MESSAGE_CONTENT`) — the provider's hard cap
+ *    on a single content string (e.g. Anthropic: 10 MB, OpenAI/Gemini: context-bound).
+ * 2. **Total history limit** (`MAX_HISTORY_TOTAL`) — the cumulative character
+ *    budget derived from each provider's context-window size.
+ *
+ * When either limit is hit the message content is truncated and a separate
+ * `user` message is appended instructing the model to emit a final answer.
+ */
+function pushToSessionHistory(logger, session, message) {
+    if (typeof message.content !== 'string') {
+        session.history.push(message);
+        return;
+    }
+    let content = message.content;
+    let limitHit = false;
+    // 1. Per-message content limit.
+    if (content.length > MAX_MESSAGE_CONTENT) {
+        content = content.slice(0, MAX_MESSAGE_CONTENT);
+        limitHit = true;
+    }
+    // 2. Total history length limit.
+    const currentTotal = session.history.reduce((acc, msg) => acc + (typeof msg.content === 'string' ? msg.content.length : 0), 0);
+    const remaining = MAX_HISTORY_TOTAL - currentTotal;
+    if (content.length > remaining) {
+        content = content.slice(0, Math.max(0, remaining - FINAL_ANSWER_REQUEST.content.length));
+        limitHit = true;
+    }
+    session.history.push({ ...message, content });
+    if (limitHit) {
+        logger.warn(`History limits exceeded. Message truncated to ${content.length} chars, total history is now ${currentTotal + content.length} chars.`);
+        session.history.push(FINAL_ANSWER_REQUEST);
+    }
+}

package/backend-dist/ai-client.js

@@ -5,6 +5,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.aiClient = exports.AIClient = void 0;
 exports.getDefaultModel = getDefaultModel;
+exports.getMaxMessageContentLength = getMaxMessageContentLength;
+exports.getMaxHistoryLength = getMaxHistoryLength;
 const openai_1 = __importDefault(require("openai"));
 const sdk_1 = __importDefault(require("@anthropic-ai/sdk"));
 const genai_1 = require("@google/genai");
@@ -21,6 +23,44 @@ const DEFAULT_MODELS = {
 function getDefaultModel(provider, tier) {
     return DEFAULT_MODELS[provider][tier];
 }
+/**
+ * Maximum character length for a single message content string per provider.
+ *
+ * - anthropic: hard API-enforced string limit of 10,485,760 chars; we stay
+ *              just below it with a small safety buffer.
+ * - openai:    no documented per-string limit; bounded by the context window
+ *              (~272K tokens for GPT-5.1 ≈ ~1M chars). Use the history cap.
+ * - gemini:    no documented per-string limit; bounded by the 1M-token
+ *              context window (~4M chars). Use the history cap.
+ */
+const MAX_MESSAGE_CONTENT_LENGTH_BY_PROVIDER = {
+    anthropic: 10000000,
+    openai: 800000,
+    gemini: 3500000,
+};
+/**
+ * Maximum total character length across all messages in the conversation
+ * history, derived from each provider's context-window size minus headroom
+ * for the system prompt and max output tokens.
+ *
+ * - anthropic: Claude Sonnet 4.6 — 1M token ctx, 64K max output
+ *              ≈ (1,000,000 - 64,000 - 10,000) tokens × 4 chars ≈ 3.7M chars
+ * - openai:    GPT-5.1 — ~272K token ctx, ~32K max output
+ *              ≈ (272,000 - 32,000 - 5,000) tokens × 4 chars ≈ 940K chars
+ * - gemini:    Gemini 2.5 Pro — 1M token ctx, ~32K max output
+ *              ≈ (1,000,000 - 32,000 - 10,000) tokens × 4 chars ≈ 3.8M chars
+ */
+const MAX_HISTORY_LENGTH_BY_PROVIDER = {
+    anthropic: 3500000,
+    openai: 800000,
+    gemini: 3500000,
+};
+function getMaxMessageContentLength(provider) {
+    return MAX_MESSAGE_CONTENT_LENGTH_BY_PROVIDER[provider];
+}
+function getMaxHistoryLength(provider) {
+    return MAX_HISTORY_LENGTH_BY_PROVIDER[provider];
+}
 // ---------------------------------------------------------------------------
 // OpenAI adapter
 // ---------------------------------------------------------------------------

package/backend-dist/config.js

@@ -91,5 +91,5 @@ exports.config = {
     braveSearchApiKey: getEnv('BRAVE_SEARCH_API_KEY', false),
     tavilyApiKey: getEnv('TAVILY_API_KEY', false),
     searxngUrl: getEnv('SEARXNG_URL', false),
-    terminalPlatform: getEnv('TERMINAL_PLATFORM', false)
+    terminalPlatform: getEnv('TERMINAL_PLATFORM', false),
 };

package/backend-dist/index.js

@@ -15,8 +15,10 @@ const logger_1 = require("./logger");
 const taskInstructionRoutes_1 = require("./taskInstructionRoutes");
 const config_1 = require("./config");
 const agentServer_1 = require("./agent/agentServer");
+const appDownload_1 = require("./models/appDownload");
 const app = (0, express_1.default)();
 const PORT = Number(config_1.config.port);
+app.set('trust proxy', 1);
 app.use((0, cors_1.default)());
 app.use(express_1.default.json());
 // Landing page
@@ -30,6 +32,14 @@ app.get('/macos/download', (_req, res) => {
         res.status(404).send('File not found.');
         return;
     }
+    if (!config_1.config.isSelfHosted) {
+        appDownload_1.AppDownload.findOrCreate({
+            where: { platform: 'macos' },
+            defaults: { platform: 'macos', count: 0 },
+        })
+            .then(([record]) => record.increment('count'))
+            .catch((err) => logger_1.logger.error('Failed to increment macOS download count.', { error: err }));
+    }
     res.set({
         'Content-Type': 'application/octet-stream',
         'Content-Disposition': 'attachment; filename="OmniKeyAI.dmg"',
@@ -59,13 +69,13 @@ app.get('/macos/appcast', (req, res) => {
     catch (error) {
         logger_1.logger.error('Failed to stat OmniKeyAI.dmg for appcast.', { error });
     }
-    const baseUrl = `${req.protocol}://${req.get('host')}`;
+    const baseUrl = `https://${req.get('host')}`;
     const downloadUrl = `${baseUrl}/macos/download`;
     const appcastUrl = `${baseUrl}/macos/appcast`;
     // These should match the values embedded into the macOS app
     // Info.plist in macOS/build_release_dmg.sh.
-    const bundleVersion = '18';
-    const shortVersion = '1.0.17';
+    const bundleVersion = '19';
+    const shortVersion = '1.0.18';
     const xml = `<?xml version="1.0" encoding="utf-8"?>
 <rss version="2.0"
      xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle"
@@ -93,7 +103,7 @@ app.get('/macos/appcast', (req, res) => {
 // ── Windows distribution endpoints ───────────────────────────────────────────
 // These should match the values in windows/OmniKey.Windows.csproj
 // <Version> and windows/build_release_zip.ps1 $APP_VERSION.
-const WIN_VERSION = '1.4';
+const WIN_VERSION = '1.7';
 const WIN_ZIP_FILENAME = 'OmniKeyAI-windows-win-x64.zip';
 const WIN_ZIP_PATH = path_1.default.join(process.cwd(), 'windows', WIN_ZIP_FILENAME);
 // Serves the pre-built ZIP produced by windows/build_release_zip.ps1.
@@ -103,6 +113,14 @@ app.get('/windows/download', (_req, res) => {
         res.status(404).send('File not found.');
         return;
     }
+    if (!config_1.config.isSelfHosted) {
+        appDownload_1.AppDownload.findOrCreate({
+            where: { platform: 'windows' },
+            defaults: { platform: 'windows', count: 0 },
+        })
+            .then(([record]) => record.increment('count'))
+            .catch((err) => logger_1.logger.error('Failed to increment Windows download count.', { error: err }));
+    }
     res.set({
         'Content-Type': 'application/zip',
         'Content-Disposition': `attachment; filename="${WIN_ZIP_FILENAME}"`,
@@ -122,7 +140,7 @@ app.get('/windows/download', (_req, res) => {
 // Returns the latest version + download URL so the client can decide whether
 // to prompt the user for an update.
 app.get('/windows/update', (req, res) => {
-    const baseUrl = `${req.protocol}://${req.get('host')}`;
+    const baseUrl = `https://${req.get('host')}`;
     let fileSize = 0;
     try {
         fileSize = fs_1.default.statSync(WIN_ZIP_PATH).size;
@@ -137,6 +155,11 @@ app.get('/windows/update', (req, res) => {
         releaseNotes: '',
     });
 });
+app.get('/api/downloads', async (_req, res) => {
+    const rows = await appDownload_1.AppDownload.findAll({ where: { platform: ['macos', 'windows'] } });
+    const find = (p) => Number(rows.find((r) => r.platform === p)?.count ?? 0);
+    res.json({ macos: find('macos'), windows: find('windows') });
+});
 app.get('/health', (_req, res) => {
     res.json({ status: 'ok' });
 });

package/backend-dist/models/appDownload.js

@@ -0,0 +1,34 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppDownload = void 0;
+const sequelize_1 = require("sequelize");
+const cuid_1 = __importDefault(require("cuid"));
+const db_1 = require("../db");
+class AppDownload extends sequelize_1.Model {
+}
+exports.AppDownload = AppDownload;
+AppDownload.init({
+    id: {
+        type: sequelize_1.DataTypes.STRING,
+        primaryKey: true,
+        allowNull: false,
+        defaultValue: () => (0, cuid_1.default)(),
+    },
+    platform: {
+        type: sequelize_1.DataTypes.STRING,
+        allowNull: false,
+        unique: true,
+    },
+    count: {
+        type: sequelize_1.DataTypes.BIGINT,
+        allowNull: false,
+        defaultValue: 0,
+    },
+}, {
+    sequelize: db_1.sequelize,
+    tableName: 'app_downloads',
+    modelName: 'AppDownload',
+});

package/backend-dist/web-search-provider.js

@@ -157,7 +157,10 @@ async function executeTool(name, args, log) {
             return text || 'No content retrieved';
         }
         catch (err) {
-            log.warn('web_fetch tool failed', { url, error: err });
+            log.warn('web_fetch tool failed', {
+                url,
+                error: err instanceof Error ? err.message : String(err),
+            });
             return `Error fetching URL: ${err instanceof Error ? err.message : String(err)}`;
         }
     }
@@ -170,7 +173,10 @@ async function executeTool(name, args, log) {
             return await executeWebSearch(query, log);
         }
         catch (err) {
-            log.warn('web_search tool failed', { query, error: err });
+            log.warn('web_search tool failed', {
+                query,
+                error: err instanceof Error ? err.message : String(err),
+            });
             return `Error searching: ${err instanceof Error ? err.message : String(err)}`;
         }
     }

package/dist/daemon.js

@@ -87,7 +87,10 @@ async function startDaemonWindows(opts) {
         // won't see it — spawn a fresh cmd to resolve the new location.
         try {
             nssmPath = (0, child_process_1.execSync)('cmd /c where nssm', { stdio: 'pipe' })
-                .toString().trim().split('\n')[0].trim();
+                .toString()
+                .trim()
+                .split('\n')[0]
+                .trim();
         }
         catch {
             nssmPath = null;
@@ -103,11 +106,15 @@ async function startDaemonWindows(opts) {
     try {
         (0, child_process_1.execFileSync)(nssmPath, ['stop', serviceName], { stdio: 'pipe' });
     }
-    catch { /* not running */ }
+    catch {
+        /* not running */
+    }
     try {
         (0, child_process_1.execFileSync)(nssmPath, ['remove', serviceName, 'confirm'], { stdio: 'pipe' });
     }
-    catch { /* didn't exist */ }
+    catch {
+        /* didn't exist */
+    }
     // NSSM services run as LocalSystem; pass USERPROFILE so the backend's
     // getHomeDir() resolves to the correct user config directory.
     const env = {
@@ -122,17 +129,25 @@ async function startDaemonWindows(opts) {
         (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppDirectory', configDir], { stdio: 'pipe' });
         // Pass all env vars in a single call (replaces the entire AppEnvironmentExtra key)
         const envEntries = Object.entries(env).map(([k, v]) => `${k}=${v}`);
-        (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppEnvironmentExtra', ...envEntries], { stdio: 'pipe' });
+        (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppEnvironmentExtra', ...envEntries], {
+            stdio: 'pipe',
+        });
         (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppStdout', logPath], { stdio: 'pipe' });
         (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppStderr', errorLogPath], { stdio: 'pipe' });
         (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppRotateFiles', '1'], { stdio: 'pipe' });
         // Restart automatically after a 3-second delay on any exit
-        (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppExit', 'Default', 'Restart'], { stdio: 'pipe' });
+        (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppExit', 'Default', 'Restart'], {
+            stdio: 'pipe',
+        });
         (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'AppRestartDelay', '3000'], { stdio: 'pipe' });
         // Start automatically at boot (no login required)
         (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'Start', 'SERVICE_AUTO_START'], { stdio: 'pipe' });
-        (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'DisplayName', 'Omnikey API Backend'], { stdio: 'pipe' });
-        (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'Description', 'Omnikey API Backend Daemon'], { stdio: 'pipe' });
+        (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'DisplayName', 'Omnikey API Backend'], {
+            stdio: 'pipe',
+        });
+        (0, child_process_1.execFileSync)(nssmPath, ['set', serviceName, 'Description', 'Omnikey API Backend Daemon'], {
+            stdio: 'pipe',
+        });
         (0, child_process_1.execFileSync)(nssmPath, ['start', serviceName], { stdio: 'pipe' });
         console.log(`NSSM service installed and started: ${serviceName}`);
         console.log('Omnikey daemon runs on boot, without login, and auto-restarts on crash.');

package/dist/removeConfig.js

@@ -35,12 +35,16 @@ function killWindowsTask() {
     try {
         nssmPath = (0, child_process_1.execSync)('where nssm', { stdio: 'pipe' }).toString().trim().split('\n')[0].trim();
     }
-    catch { /* NSSM not installed */ }
+    catch {
+        /* NSSM not installed */
+    }
     if (nssmPath) {
         try {
             (0, child_process_1.execFileSync)(nssmPath, ['stop', serviceName], { stdio: 'pipe' });
         }
-        catch { /* not running */ }
+        catch {
+            /* not running */
+        }
         try {
             (0, child_process_1.execFileSync)(nssmPath, ['remove', serviceName, 'confirm'], { stdio: 'pipe' });
             console.log(`Removed NSSM service: ${serviceName}`);
@@ -54,7 +58,9 @@ function killWindowsTask() {
         try {
             (0, child_process_1.execSync)(`schtasks /end /tn "${serviceName}"`, { stdio: 'pipe' });
         }
-        catch { /* not running */ }
+        catch {
+            /* not running */
+        }
         try {
             (0, child_process_1.execSync)(`schtasks /delete /tn "${serviceName}" /f`, { stdio: 'pipe' });
             console.log(`Removed Windows Task Scheduler task: ${serviceName}`);
@@ -69,7 +75,9 @@ function killWindowsTask() {
         try {
             fs_1.default.rmSync(wrapperPath);
         }
-        catch { /* ignore */ }
+        catch {
+            /* ignore */
+        }
     }
 }
 /**

package/package.json

@@ -4,7 +4,7 @@
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
-  "version": "1.0.22",
+  "version": "1.0.24",
   "description": "CLI for onboarding users to Omnikey AI and configuring OPENAI_API_KEY. Use Yarn for install/build.",
   "engines": {
     "node": ">=14.0.0",

package/src/daemon.ts

@@ -86,7 +86,9 @@ async function startDaemonWindows(opts: DaemonOptions) {
     ]);
 
     if (!install) {
-      console.log('Aborted. Install NSSM manually and re-run in an elevated (Administrator) terminal.');
+      console.log(
+        'Aborted. Install NSSM manually and re-run in an elevated (Administrator) terminal.',
+      );
       return;
     }
 
@@ -105,7 +107,10 @@ async function startDaemonWindows(opts: DaemonOptions) {
     // won't see it — spawn a fresh cmd to resolve the new location.
     try {
       nssmPath = execSync('cmd /c where nssm', { stdio: 'pipe' })
-        .toString().trim().split('\n')[0].trim();
+        .toString()
+        .trim()
+        .split('\n')[0]
+        .trim();
     } catch {
       nssmPath = null;
     }
@@ -120,8 +125,16 @@ async function startDaemonWindows(opts: DaemonOptions) {
   initLogFiles(logPath, errorLogPath);
 
   // Remove any existing service (stop first, then remove)
-  try { execFileSync(nssmPath, ['stop', serviceName], { stdio: 'pipe' }); } catch { /* not running */ }
-  try { execFileSync(nssmPath, ['remove', serviceName, 'confirm'], { stdio: 'pipe' }); } catch { /* didn't exist */ }
+  try {
+    execFileSync(nssmPath, ['stop', serviceName], { stdio: 'pipe' });
+  } catch {
+    /* not running */
+  }
+  try {
+    execFileSync(nssmPath, ['remove', serviceName, 'confirm'], { stdio: 'pipe' });
+  } catch {
+    /* didn't exist */
+  }
 
   // NSSM services run as LocalSystem; pass USERPROFILE so the backend's
   // getHomeDir() resolves to the correct user config directory.
@@ -140,21 +153,29 @@ async function startDaemonWindows(opts: DaemonOptions) {
 
     // Pass all env vars in a single call (replaces the entire AppEnvironmentExtra key)
     const envEntries = Object.entries(env).map(([k, v]) => `${k}=${v}`);
-    execFileSync(nssmPath, ['set', serviceName, 'AppEnvironmentExtra', ...envEntries], { stdio: 'pipe' });
+    execFileSync(nssmPath, ['set', serviceName, 'AppEnvironmentExtra', ...envEntries], {
+      stdio: 'pipe',
+    });
 
     execFileSync(nssmPath, ['set', serviceName, 'AppStdout', logPath], { stdio: 'pipe' });
     execFileSync(nssmPath, ['set', serviceName, 'AppStderr', errorLogPath], { stdio: 'pipe' });
     execFileSync(nssmPath, ['set', serviceName, 'AppRotateFiles', '1'], { stdio: 'pipe' });
 
     // Restart automatically after a 3-second delay on any exit
-    execFileSync(nssmPath, ['set', serviceName, 'AppExit', 'Default', 'Restart'], { stdio: 'pipe' });
+    execFileSync(nssmPath, ['set', serviceName, 'AppExit', 'Default', 'Restart'], {
+      stdio: 'pipe',
+    });
     execFileSync(nssmPath, ['set', serviceName, 'AppRestartDelay', '3000'], { stdio: 'pipe' });
 
     // Start automatically at boot (no login required)
     execFileSync(nssmPath, ['set', serviceName, 'Start', 'SERVICE_AUTO_START'], { stdio: 'pipe' });
 
-    execFileSync(nssmPath, ['set', serviceName, 'DisplayName', 'Omnikey API Backend'], { stdio: 'pipe' });
-    execFileSync(nssmPath, ['set', serviceName, 'Description', 'Omnikey API Backend Daemon'], { stdio: 'pipe' });
+    execFileSync(nssmPath, ['set', serviceName, 'DisplayName', 'Omnikey API Backend'], {
+      stdio: 'pipe',
+    });
+    execFileSync(nssmPath, ['set', serviceName, 'Description', 'Omnikey API Backend Daemon'], {
+      stdio: 'pipe',
+    });
 
     execFileSync(nssmPath, ['start', serviceName], { stdio: 'pipe' });
 

package/src/removeConfig.ts

@@ -26,10 +26,16 @@ export function killWindowsTask() {
   let nssmPath: string | null = null;
   try {
     nssmPath = execSync('where nssm', { stdio: 'pipe' }).toString().trim().split('\n')[0].trim();
-  } catch { /* NSSM not installed */ }
+  } catch {
+    /* NSSM not installed */
+  }
 
   if (nssmPath) {
-    try { execFileSync(nssmPath, ['stop', serviceName], { stdio: 'pipe' }); } catch { /* not running */ }
+    try {
+      execFileSync(nssmPath, ['stop', serviceName], { stdio: 'pipe' });
+    } catch {
+      /* not running */
+    }
     try {
       execFileSync(nssmPath, ['remove', serviceName, 'confirm'], { stdio: 'pipe' });
       console.log(`Removed NSSM service: ${serviceName}`);
@@ -38,7 +44,11 @@ export function killWindowsTask() {
     }
   } else {
     // Fallback: remove legacy Task Scheduler task from previous installs
-    try { execSync(`schtasks /end /tn "${serviceName}"`, { stdio: 'pipe' }); } catch { /* not running */ }
+    try {
+      execSync(`schtasks /end /tn "${serviceName}"`, { stdio: 'pipe' });
+    } catch {
+      /* not running */
+    }
     try {
       execSync(`schtasks /delete /tn "${serviceName}" /f`, { stdio: 'pipe' });
       console.log(`Removed Windows Task Scheduler task: ${serviceName}`);
@@ -50,7 +60,11 @@ export function killWindowsTask() {
   // Remove legacy wrapper script if present
   const wrapperPath = path.join(getConfigDir(), 'start-daemon.cmd');
   if (fs.existsSync(wrapperPath)) {
-    try { fs.rmSync(wrapperPath); } catch { /* ignore */ }
+    try {
+      fs.rmSync(wrapperPath);
+    } catch {
+      /* ignore */
+    }
   }
 }