omnikey-cli 1.5.8 → 1.6.1

package/backend-dist/aiProviderRoutes.js

@@ -0,0 +1,247 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.aiProviderRouter = aiProviderRouter;
+const express_1 = __importDefault(require("express"));
+const zod_1 = __importDefault(require("zod"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const authMiddleware_1 = require("./authMiddleware");
+const config_1 = require("./config");
+const logger_1 = require("./logger");
+const providerEnum = zod_1.default.enum(['openai', 'anthropic', 'gemini', 'nemotron']);
+const putSchema = zod_1.default.object({
+    apiKey: zod_1.default.string().min(1).max(4096),
+    baseUrl: zod_1.default
+        .string()
+        .max(1000)
+        .url({ message: 'baseUrl must be a valid URL.' })
+        .nullable()
+        .optional(),
+});
+/** Mapping from provider → env var that holds its API key. */
+const PROVIDER_ENV_KEY = {
+    openai: 'OPENAI_API_KEY',
+    anthropic: 'ANTHROPIC_API_KEY',
+    gemini: 'GEMINI_API_KEY',
+    nemotron: 'NEMOTRON_API_KEY',
+};
+/** Legacy aliases that should be cleared whenever the canonical env is rewritten. */
+const PROVIDER_LEGACY_ALIASES = {
+    nemotron: ['NVIDIA_API_KEY'],
+};
+function getConfigPath() {
+    const home = process.env.HOME || process.env.USERPROFILE || os_1.default.homedir();
+    return path_1.default.join(home, '.omnikey', 'config.json');
+}
+function readConfigFile() {
+    const configPath = getConfigPath();
+    try {
+        if (fs_1.default.existsSync(configPath)) {
+            const raw = fs_1.default.readFileSync(configPath, 'utf-8');
+            const parsed = JSON.parse(raw);
+            if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+                return parsed;
+            }
+        }
+    }
+    catch (err) {
+        logger_1.logger.warn('Could not read ~/.omnikey/config.json — treating as empty.', { error: err });
+    }
+    return {};
+}
+function writeConfigFile(data) {
+    const configPath = getConfigPath();
+    fs_1.default.mkdirSync(path_1.default.dirname(configPath), { recursive: true });
+    fs_1.default.writeFileSync(configPath, JSON.stringify(data, null, 2), 'utf-8');
+}
+/** Mask an API key so a small prefix/suffix is visible (e.g. `sk-…AB12`). */
+function maskApiKey(key) {
+    if (!key)
+        return '';
+    if (key.length <= 8)
+        return '••••••••';
+    return `${key.slice(0, 3)}••••••••${key.slice(-4)}`;
+}
+/** Reads any provider key (canonical or legacy alias) out of the config object. */
+function readProviderKey(cfg, provider) {
+    const canonical = cfg[PROVIDER_ENV_KEY[provider]];
+    if (canonical && typeof canonical === 'string' && canonical.length > 0)
+        return canonical;
+    for (const alias of PROVIDER_LEGACY_ALIASES[provider] ?? []) {
+        const v = cfg[alias];
+        if (v && typeof v === 'string' && v.length > 0)
+            return v;
+    }
+    return undefined;
+}
+function describeProvider(provider, cfg) {
+    const key = readProviderKey(cfg, provider);
+    return {
+        provider,
+        isConfigured: Boolean(key),
+        apiKeyMasked: maskApiKey(key),
+        baseUrl: provider === 'nemotron'
+            ? (typeof cfg.NEMOTRON_BASE_URL === 'string' ? cfg.NEMOTRON_BASE_URL : null)
+            : null,
+    };
+}
+function readActiveProvider(cfg) {
+    const raw = cfg.AI_PROVIDER;
+    if (raw === 'openai' || raw === 'anthropic' || raw === 'gemini' || raw === 'nemotron') {
+        return raw;
+    }
+    // Fall back to the provider currently bound to the running process (config.ts
+    // already auto-detects from the first configured key in env).
+    return config_1.config.aiProvider;
+}
+/**
+ * Triggers a graceful daemon restart. The process is supervised by launchd
+ * (macOS) / NSSM (Windows) with auto-restart enabled, so exiting will cause
+ * the supervisor to relaunch the API with the freshly written config.json.
+ */
+function scheduleDaemonRestart(reason) {
+    setTimeout(() => {
+        logger_1.logger.info(`Exiting process to trigger supervised restart: ${reason}`);
+        process.exit(0);
+    }, 500);
+}
+function aiProviderRouter() {
+    const router = express_1.default.Router();
+    /** GET /api/providers — list which providers have a key in config.json. */
+    router.get('/', authMiddleware_1.authMiddleware, async (_req, res) => {
+        const { logger: reqLogger } = res.locals;
+        try {
+            const cfg = readConfigFile();
+            const providers = ['openai', 'anthropic', 'gemini', 'nemotron'];
+            const active = readActiveProvider(cfg);
+            res.json({
+                providers: providers.map((p) => describeProvider(p, cfg)),
+                activeProvider: active,
+                // The in-process provider may differ from cfg.AI_PROVIDER if the user
+                // changed config.json out of band — surface both so the UI can warn.
+                runtimeProvider: config_1.config.aiProvider,
+            });
+        }
+        catch (err) {
+            reqLogger.error('Error reading provider config.', { error: err });
+            res.status(500).json({ error: 'Failed to read provider config.' });
+        }
+    });
+    /** PUT /api/providers/:provider — store/update API key for that provider. */
+    router.put('/:provider', authMiddleware_1.authMiddleware, async (req, res) => {
+        const { logger: reqLogger } = res.locals;
+        const providerParam = providerEnum.safeParse(req.params.provider);
+        if (!providerParam.success) {
+            return res.status(400).json({ error: 'Unknown provider.' });
+        }
+        const provider = providerParam.data;
+        try {
+            const parsed = putSchema.parse(req.body);
+            const cfg = readConfigFile();
+            // Always clear legacy aliases so the canonical env wins on next boot.
+            for (const alias of PROVIDER_LEGACY_ALIASES[provider] ?? []) {
+                delete cfg[alias];
+            }
+            cfg[PROVIDER_ENV_KEY[provider]] = parsed.apiKey;
+            if (provider === 'nemotron') {
+                if (parsed.baseUrl) {
+                    cfg.NEMOTRON_BASE_URL = parsed.baseUrl;
+                }
+                else if (parsed.baseUrl === null) {
+                    delete cfg.NEMOTRON_BASE_URL;
+                }
+            }
+            writeConfigFile(cfg);
+            // If the user updated the currently-active provider's key, the running
+            // process is now using a stale key — schedule a restart so it picks
+            // the new one up. We only restart when AI_PROVIDER is *explicitly*
+            // pinned in config.json, because the auto-detected fallback may differ
+            // from what the user is configuring and we don't want to bounce the
+            // server on first-time key save.
+            const explicitActive = typeof cfg.AI_PROVIDER === 'string' ? cfg.AI_PROVIDER : null;
+            let restartScheduled = false;
+            if (explicitActive === provider) {
+                scheduleDaemonRestart(`updated active provider key (${provider})`);
+                restartScheduled = true;
+            }
+            res.json({
+                ...describeProvider(provider, cfg),
+                restartScheduled,
+            });
+        }
+        catch (err) {
+            reqLogger.error('Error storing provider key.', { error: err });
+            if (err instanceof zod_1.default.ZodError) {
+                return res.status(400).json({ error: 'Invalid provider data.' });
+            }
+            res.status(500).json({ error: 'Failed to store provider key.' });
+        }
+    });
+    /** DELETE /api/providers/:provider — remove the saved key. */
+    router.delete('/:provider', authMiddleware_1.authMiddleware, async (req, res) => {
+        const { logger: reqLogger } = res.locals;
+        const providerParam = providerEnum.safeParse(req.params.provider);
+        if (!providerParam.success) {
+            return res.status(400).json({ error: 'Unknown provider.' });
+        }
+        const provider = providerParam.data;
+        try {
+            const cfg = readConfigFile();
+            const active = readActiveProvider(cfg);
+            if (active === provider) {
+                return res.status(409).json({
+                    error: 'Cannot remove the active provider. Activate a different provider first, then remove this one.',
+                });
+            }
+            delete cfg[PROVIDER_ENV_KEY[provider]];
+            for (const alias of PROVIDER_LEGACY_ALIASES[provider] ?? []) {
+                delete cfg[alias];
+            }
+            if (provider === 'nemotron') {
+                delete cfg.NEMOTRON_BASE_URL;
+            }
+            writeConfigFile(cfg);
+            res.status(204).send();
+        }
+        catch (err) {
+            reqLogger.error('Error removing provider key.', { error: err });
+            res.status(500).json({ error: 'Failed to remove provider key.' });
+        }
+    });
+    /** POST /api/providers/:provider/activate — switch AI_PROVIDER + restart. */
+    router.post('/:provider/activate', authMiddleware_1.authMiddleware, async (req, res) => {
+        const { logger: reqLogger } = res.locals;
+        const providerParam = providerEnum.safeParse(req.params.provider);
+        if (!providerParam.success) {
+            return res.status(400).json({ error: 'Unknown provider.' });
+        }
+        const provider = providerParam.data;
+        try {
+            const cfg = readConfigFile();
+            const key = readProviderKey(cfg, provider);
+            if (!key) {
+                return res.status(400).json({
+                    error: `No API key saved for provider "${provider}". Save a key first, then activate.`,
+                });
+            }
+            cfg.AI_PROVIDER = provider;
+            writeConfigFile(cfg);
+            res.json({
+                provider,
+                activeProvider: provider,
+                restartScheduled: true,
+                message: 'Provider activated. Server will restart shortly to apply the change.',
+            });
+            scheduleDaemonRestart(`activated provider ${provider}`);
+        }
+        catch (err) {
+            reqLogger.error('Error activating provider.', { error: err });
+            res.status(500).json({ error: 'Failed to activate provider.' });
+        }
+    });
+    return router;
+}

package/backend-dist/config.js

@@ -45,13 +45,16 @@ function getSqlitePath() {
 }
 function getAIProvider() {
     const value = getEnv('AI_PROVIDER', false);
-    if (value === 'gemini' || value === 'anthropic' || value === 'openai')
+    if (value === 'gemini' || value === 'anthropic' || value === 'openai' || value === 'nemotron') {
         return value;
+    }
     // Auto-detect from available keys
     if (getEnv('ANTHROPIC_API_KEY', false))
         return 'anthropic';
     if (getEnv('GEMINI_API_KEY', false))
         return 'gemini';
+    if (getEnv('NVIDIA_API_KEY', false) || getEnv('NEMOTRON_API_KEY', false))
+        return 'nemotron';
     return 'openai';
 }
 function getActiveApiKey(provider) {
@@ -61,6 +64,14 @@ function getActiveApiKey(provider) {
         return getEnv('ANTHROPIC_API_KEY', true);
     if (provider === 'gemini')
         return getEnv('GEMINI_API_KEY', true);
+    if (provider === 'nemotron') {
+        // Accept either NVIDIA_API_KEY (default name on build.nvidia.com) or
+        // NEMOTRON_API_KEY (more explicit). The latter wins if both are set.
+        const explicit = getEnv('NEMOTRON_API_KEY', false);
+        if (explicit)
+            return explicit;
+        return getEnv('NVIDIA_API_KEY', true);
+    }
     throw new Error(`Unknown AI provider: ${provider}`);
 }
 const _provider = getAIProvider();
@@ -73,6 +84,10 @@ exports.config = {
     aiApiKey: getActiveApiKey(_provider),
     // Legacy — kept for backwards compatibility; may be undefined when using another provider
     openaiApiKey: getEnv('OPENAI_API_KEY', false),
+    // Optional override for the NVIDIA NIM endpoint. Defaults to the public
+    // `https://integrate.api.nvidia.com/v1` gateway when unset. Point this at a
+    // self-hosted NIM (e.g. `http://my-nim-host:8000/v1`) to use private weights.
+    nemotronBaseUrl: getEnv('NEMOTRON_BASE_URL', false),
     // Database
     databaseUrl: getEnv('DATABASE_URL', getBooleanEnv('IS_SELF_HOSTED', false) ? false : true),
     dbLogging: getBooleanEnv('DB_LOGGING', false),

package/backend-dist/db.js

@@ -30,7 +30,11 @@ else if (config_1.config.databaseUrl) {
 }
 const COLUMN_MIGRATIONS = [
     // Added: context-window tracking (prompt token count of last API call)
-    { table: 'agent_sessions', column: 'last_prompt_tokens', definition: 'INTEGER NOT NULL DEFAULT 0' },
+    {
+        table: 'agent_sessions',
+        column: 'last_prompt_tokens',
+        definition: 'INTEGER NOT NULL DEFAULT 0',
+    },
     // Added: project grouping
     { table: 'agent_sessions', column: 'group_name', definition: 'VARCHAR(255)' },
     { table: 'agent_sessions', column: 'group_description', definition: 'TEXT' },

package/backend-dist/index.js

@@ -15,6 +15,7 @@ const logger_1 = require("./logger");
 const taskInstructionRoutes_1 = require("./taskInstructionRoutes");
 const scheduledJobRoutes_1 = require("./scheduledJobRoutes");
 const mcpServerRoutes_1 = require("./mcpServerRoutes");
+const aiProviderRoutes_1 = require("./aiProviderRoutes");
 const spawn_1 = require("./workers/spawn");
 const scheduledJobWorkerClient_1 = require("./workers/scheduledJobWorkerClient");
 const config_1 = require("./config");
@@ -36,6 +37,7 @@ app.use('/api/feature', (0, featureRoutes_1.createFeatureRouter)());
 app.use('/api/instructions', (0, taskInstructionRoutes_1.taskInstructionRouter)());
 app.use('/api/scheduled-jobs', (0, scheduledJobRoutes_1.scheduledJobRouter)());
 app.use('/api/mcp-servers', (0, mcpServerRoutes_1.mcpServerRouter)());
+app.use('/api/providers', (0, aiProviderRoutes_1.aiProviderRouter)());
 app.use('/api/agent', (0, agentServer_1.createAgentRouter)());
 app.get('/macos/download', (_req, res) => {
     const dmgPath = path_1.default.join(process.cwd(), 'macOS', 'OmniKeyAI.dmg');
@@ -43,21 +45,25 @@ app.get('/macos/download', (_req, res) => {
         res.status(404).send('File not found.');
         return;
     }
+    let fileSize = 0;
+    try {
+        fileSize = fs_1.default.statSync(dmgPath).size;
+    }
+    catch (_) { }
     res.set({
         'Content-Type': 'application/octet-stream',
         'Content-Disposition': 'attachment; filename="OmniKeyAI.dmg"',
-        'Content-Encoding': 'gzip',
+        ...(fileSize ? { 'Content-Length': String(fileSize) } : {}),
     });
     (0, bucket_adapter_1.incrementDownloadCount)('macos').catch(() => { });
     const fileStream = fs_1.default.createReadStream(dmgPath);
-    const gzip = zlib_1.default.createGzip();
     fileStream.on('error', (err) => {
         logger_1.logger.error('Failed to send OmniKeyAI.dmg for download.', { error: err });
         if (!res.headersSent) {
             res.status(500).send('Unable to download file.');
         }
     });
-    fileStream.pipe(gzip).pipe(res);
+    fileStream.pipe(res);
 });
 // Sparkle appcast feed for macOS updates.
 // This feed uses the existing /macos/download endpoint as the
@@ -181,6 +187,24 @@ app.get('/downloads/stats', async (_req, res) => {
 app.get('/health', (_req, res) => {
     res.json({ status: 'ok' });
 });
+app.get('/install.sh', (_req, res) => {
+    const scriptPath = path_1.default.join(process.cwd(), 'install.sh');
+    if (!fs_1.default.existsSync(scriptPath)) {
+        res.status(404).send('Not found.');
+        return;
+    }
+    res.set('Content-Type', 'text/plain; charset=utf-8');
+    res.sendFile(scriptPath);
+});
+app.get('/install.ps1', (_req, res) => {
+    const scriptPath = path_1.default.join(process.cwd(), 'install.ps1');
+    if (!fs_1.default.existsSync(scriptPath)) {
+        res.status(404).send('Not found.');
+        return;
+    }
+    res.set('Content-Type', 'text/plain; charset=utf-8');
+    res.sendFile(scriptPath);
+});
 app.get('*', (_req, res) => {
     res.sendFile(path_1.default.join(process.cwd(), 'public', 'index.html'));
 });

package/backend-dist/mcpServerRoutes.js

@@ -165,11 +165,23 @@ function mcpServerRouter() {
             // When transport changes, clear fields incompatible with the new transport so
             // stale credentials/config never persist across a transport switch.
             const command = transportChanged
-                ? (transport === 'stdio' ? (parsed.command !== undefined ? parsed.command : server.command) : null)
-                : (parsed.command !== undefined ? parsed.command : server.command);
+                ? transport === 'stdio'
+                    ? parsed.command !== undefined
+                        ? parsed.command
+                        : server.command
+                    : null
+                : parsed.command !== undefined
+                    ? parsed.command
+                    : server.command;
             const url = transportChanged
-                ? (transport !== 'stdio' ? (parsed.url !== undefined ? parsed.url : server.url) : null)
-                : (parsed.url !== undefined ? parsed.url : server.url);
+                ? transport !== 'stdio'
+                    ? parsed.url !== undefined
+                        ? parsed.url
+                        : server.url
+                    : null
+                : parsed.url !== undefined
+                    ? parsed.url
+                    : server.url;
             const args = transportChanged && transport !== 'stdio' ? [] : (parsed.args ?? server.args);
             const env = transportChanged && transport !== 'stdio' ? {} : (parsed.env ?? server.env);
             const headers = transportChanged && transport === 'stdio' ? {} : (parsed.headers ?? server.headers);

package/backend-dist/scheduledJobRoutes.js

@@ -14,7 +14,10 @@ const CRON_REGEX = /^(\S+\s){4}\S+$/;
 const jobSchema = zod_1.default.object({
     label: zod_1.default.string().min(1).max(200),
     prompt: zod_1.default.string().min(1),
-    cronExpression: zod_1.default.string().regex(CRON_REGEX, 'Invalid cron expression (must be 5 fields)').optional(),
+    cronExpression: zod_1.default
+        .string()
+        .regex(CRON_REGEX, 'Invalid cron expression (must be 5 fields)')
+        .optional(),
     runAt: zod_1.default.string().optional(),
     isActive: zod_1.default.boolean().optional(),
     sessionId: zod_1.default.string().nullable().optional(),
@@ -108,7 +111,7 @@ function scheduledJobRouter() {
             if (!job) {
                 return res.status(404).json({ error: 'Scheduled job not found.' });
             }
-            const cronExpression = parsed.cronExpression !== undefined ? parsed.cronExpression ?? null : job.cronExpression;
+            const cronExpression = parsed.cronExpression !== undefined ? (parsed.cronExpression ?? null) : job.cronExpression;
             let runAt = job.runAt;
             if (parsed.runAt !== undefined) {
                 if (parsed.runAt) {

package/dist/index.js

@@ -18,7 +18,7 @@ const program = new commander_1.Command();
 program
     .name('omnikey')
     .description('Omnikey CLI for onboarding and configuration')
-    .version('1.5.4');
+    .version('1.6.0');
 program
     .command('onboard')
     .description('Onboard and configure your AI provider')

package/dist/onboard.js

@@ -12,6 +12,10 @@ const AI_PROVIDERS = [
     { name: 'OpenAI (gpt-4o-mini / gpt-5.5)', value: 'openai' },
     { name: 'Anthropic — Claude (claude-haiku / claude-opus)', value: 'anthropic' },
     { name: 'Google Gemini (gemini-2.5-flash / gemini-2.5-pro)', value: 'gemini' },
+    {
+        name: 'NVIDIA Nemotron (nemotron-3-nano / nemotron-3-ultra) — open weights',
+        value: 'nemotron',
+    },
 ];
 const SEARCH_PROVIDERS = [
     { name: 'Skip', value: 'skip' },
@@ -25,11 +29,13 @@ const AI_PROVIDER_KEY_ENV = {
     openai: 'OPENAI_API_KEY',
     anthropic: 'ANTHROPIC_API_KEY',
     gemini: 'GEMINI_API_KEY',
+    nemotron: 'NVIDIA_API_KEY',
 };
 const AI_PROVIDER_KEY_LABEL = {
     openai: 'OpenAI API key (from platform.openai.com)',
     anthropic: 'Anthropic API key (from console.anthropic.com)',
     gemini: 'Google Gemini API key (from ai.google.dev)',
+    nemotron: 'NVIDIA API key (from build.nvidia.com — used by NIM/Nemotron)',
 };
 /**
  * Onboard the user by configuring their AI provider API key and generating config for self-hosted use.
@@ -55,6 +61,37 @@ async function onboard() {
             validate: (input) => input.trim() !== '' || 'API key cannot be empty',
         },
     ]);
+    // Provider-specific extras
+    const providerExtras = {};
+    if (aiProvider === 'nemotron') {
+        // Nemotron is served either via the public NVIDIA NIM gateway or a
+        // self-hosted NIM microservice. Always ask the user for the base URL so
+        // they can point at either. The default value matches the public gateway
+        // so pressing Enter "just works" for build.nvidia.com keys.
+        const DEFAULT_NEMOTRON_URL = 'https://integrate.api.nvidia.com/v1';
+        const { nemotronBaseUrl } = await inquirer_1.default.prompt([
+            {
+                type: 'input',
+                name: 'nemotronBaseUrl',
+                message: 'Enter the Nemotron / NVIDIA NIM base URL (press Enter for the public gateway):',
+                default: DEFAULT_NEMOTRON_URL,
+                validate: (input) => {
+                    const trimmed = input.trim();
+                    if (trimmed === '')
+                        return 'URL cannot be empty';
+                    try {
+                        // eslint-disable-next-line no-new
+                        new URL(trimmed);
+                        return true;
+                    }
+                    catch {
+                        return 'Please enter a valid URL (including the scheme, e.g. https://...)';
+                    }
+                },
+            },
+        ]);
+        providerExtras['NEMOTRON_BASE_URL'] = nemotronBaseUrl.trim();
+    }
     // Web search provider (optional)
     const { provider } = await inquirer_1.default.prompt([
         {
@@ -119,6 +156,7 @@ async function onboard() {
         [AI_PROVIDER_KEY_ENV[aiProvider]]: apiKey,
         IS_SELF_HOSTED: true,
         SQLITE_PATH: sqlitePath,
+        ...providerExtras,
         ...searchConfig,
     };
     fs_1.default.writeFileSync(configPath, JSON.stringify(configVars, null, 2));

package/dist/telegramClient.js

@@ -23,7 +23,7 @@ function resolveBundleRoot() {
     return path_1.default.resolve(__dirname, '..', 'telegram-client-dist');
 }
 function resolveBundledEntry() {
-    return path_1.default.join(resolveBundleRoot(), 'dist', 'index.js');
+    return path_1.default.join(resolveBundleRoot(), 'index.js');
 }
 function persistConfig(values) {
     const configDir = (0, utils_1.getConfigDir)();

package/dist/telegramDaemon.js

@@ -20,12 +20,12 @@ const LABEL = `com.${os_1.default.userInfo().username}.telegram`;
 const PLIST_NAME = `${LABEL}.plist`;
 const WINDOWS_SERVICE_NAME = 'OmnikeyTelegram';
 // At runtime __dirname is cli/dist/. The bundled telegram app is copied into
-// cli/telegram-client-dist/ by the build:telegram-client script, so one level
-// up from dist/ lands at the package root, then into the bundle directory.
+// cli/telegram-client-dist/ by the build:telegram-client script (flat layout,
+// matching backend-dist/), so one level up from dist/ lands at the package
 // This matches resolveBundleRoot() in telegramClient.ts and works correctly
 // both in the monorepo and after `npm install -g omnikey-cli`.
 const TELEGRAM_BOT_ROOT = path_1.default.resolve(__dirname, '..', 'telegram-client-dist');
-const ENTRY_POINT = path_1.default.join(TELEGRAM_BOT_ROOT, 'dist', 'index.js');
+const ENTRY_POINT = path_1.default.join(TELEGRAM_BOT_ROOT, 'index.js');
 const HOME = (0, utils_1.getHomeDir)();
 // macOS — launchd LaunchAgent paths
 const LAUNCH_AGENTS_DIR = path_1.default.join(HOME, 'Library', 'LaunchAgents');
@@ -289,7 +289,9 @@ async function startWindows() {
         (0, child_process_1.execFileSync)(nssmPath, ['set', WINDOWS_SERVICE_NAME, 'Start', 'SERVICE_AUTO_START'], {
             stdio: 'pipe',
         });
-        (0, child_process_1.execFileSync)(nssmPath, ['set', WINDOWS_SERVICE_NAME, 'DisplayName', 'Omnikey Telegram'], { stdio: 'pipe' });
+        (0, child_process_1.execFileSync)(nssmPath, ['set', WINDOWS_SERVICE_NAME, 'DisplayName', 'Omnikey Telegram'], {
+            stdio: 'pipe',
+        });
         (0, child_process_1.execFileSync)(nssmPath, ['set', WINDOWS_SERVICE_NAME, 'Description', 'Omnikey Telegram Daemon'], { stdio: 'pipe' });
         (0, child_process_1.execFileSync)(nssmPath, ['start', WINDOWS_SERVICE_NAME], { stdio: 'pipe' });
         console.log(`NSSM service installed and started: ${WINDOWS_SERVICE_NAME}`);

package/package.json

@@ -4,7 +4,7 @@
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
-  "version": "1.5.8",
+  "version": "1.6.1",
   "description": "CLI for onboarding users to Omnikey AI and configuring OPENAI_API_KEY. Use Yarn for install/build.",
   "engines": {
     "node": ">=14.0.0",
@@ -14,10 +14,14 @@
     "omnikey": "dist/index.js"
   },
   "scripts": {
-    "build": "tsc && npm run copy-backend && npm run build:telegram-client",
+    "build": "tsc && yarn run copy-backend && yarn run build:telegram-client",
     "start": "node dist/index.js",
-    "copy-backend": "rm -rf backend-dist && mkdir -p backend-dist && cp -R ../dist/* backend-dist/",
-    "build:telegram-client": "rm -rf telegram-client-dist && mkdir -p telegram-client-dist/dist && cp -R ../telegram/dist/* telegram-client-dist/dist/"
+    "copy-backend": "rm -rf backend-dist && mkdir -p backend-dist && cp -R ../api/dist/* backend-dist/",
+    "build:telegram-client": "rm -rf telegram-client-dist && mkdir -p telegram-client-dist && cp -R ../telegram/dist/* telegram-client-dist/",
+    "clean": "rm -rf dist backend-dist telegram-client-dist",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "test": "echo \"(no tests in this workspace)\" && exit 0",
+    "lint": "echo \"(no lint in this workspace)\" && exit 0"
   },
   "keywords": [
     "cli",
@@ -33,7 +37,6 @@
     "@google/genai": "^1.46.0",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "axios": "^1.13.5",
-    "better-sqlite3": "^12.10.0",
     "commander": "^11.0.0",
     "cors": "^2.8.5",
     "cron-parser": "^4.9.0",
@@ -54,7 +57,6 @@
     "zod": "^4.3.6"
   },
   "devDependencies": {
-    "@types/better-sqlite3": "^7.6.13",
     "@types/inquirer": "^9.0.9",
     "@types/node-telegram-bot-api": "^0.64.0",
     "typescript": "^5.0.0"

package/src/index.ts

@@ -26,7 +26,7 @@ const program = new Command();
 program
   .name('omnikey')
   .description('Omnikey CLI for onboarding and configuration')
-  .version('1.5.4');
+  .version('1.6.0');
 
 program
   .command('onboard')

package/src/onboard.ts

@@ -7,6 +7,10 @@ const AI_PROVIDERS = [
   { name: 'OpenAI (gpt-4o-mini / gpt-5.5)', value: 'openai' },
   { name: 'Anthropic — Claude (claude-haiku / claude-opus)', value: 'anthropic' },
   { name: 'Google Gemini (gemini-2.5-flash / gemini-2.5-pro)', value: 'gemini' },
+  {
+    name: 'NVIDIA Nemotron (nemotron-3-nano / nemotron-3-ultra) — open weights',
+    value: 'nemotron',
+  },
 ];
 
 const SEARCH_PROVIDERS = [
@@ -22,12 +26,14 @@ const AI_PROVIDER_KEY_ENV: Record<string, string> = {
   openai: 'OPENAI_API_KEY',
   anthropic: 'ANTHROPIC_API_KEY',
   gemini: 'GEMINI_API_KEY',
+  nemotron: 'NVIDIA_API_KEY',
 };
 
 const AI_PROVIDER_KEY_LABEL: Record<string, string> = {
   openai: 'OpenAI API key (from platform.openai.com)',
   anthropic: 'Anthropic API key (from console.anthropic.com)',
   gemini: 'Google Gemini API key (from ai.google.dev)',
+  nemotron: 'NVIDIA API key (from build.nvidia.com — used by NIM/Nemotron)',
 };
 
 /**
@@ -57,6 +63,37 @@ export async function onboard() {
     },
   ]);
 
+  // Provider-specific extras
+  const providerExtras: Record<string, string> = {};
+
+  if (aiProvider === 'nemotron') {
+    // Nemotron is served either via the public NVIDIA NIM gateway or a
+    // self-hosted NIM microservice. Always ask the user for the base URL so
+    // they can point at either. The default value matches the public gateway
+    // so pressing Enter "just works" for build.nvidia.com keys.
+    const DEFAULT_NEMOTRON_URL = 'https://integrate.api.nvidia.com/v1';
+    const { nemotronBaseUrl } = await inquirer.prompt([
+      {
+        type: 'input',
+        name: 'nemotronBaseUrl',
+        message: 'Enter the Nemotron / NVIDIA NIM base URL (press Enter for the public gateway):',
+        default: DEFAULT_NEMOTRON_URL,
+        validate: (input: string) => {
+          const trimmed = input.trim();
+          if (trimmed === '') return 'URL cannot be empty';
+          try {
+            // eslint-disable-next-line no-new
+            new URL(trimmed);
+            return true;
+          } catch {
+            return 'Please enter a valid URL (including the scheme, e.g. https://...)';
+          }
+        },
+      },
+    ]);
+    providerExtras['NEMOTRON_BASE_URL'] = nemotronBaseUrl.trim();
+  }
+
   // Web search provider (optional)
   const { provider } = await inquirer.prompt([
     {
@@ -122,6 +159,7 @@ export async function onboard() {
     [AI_PROVIDER_KEY_ENV[aiProvider]]: apiKey,
     IS_SELF_HOSTED: true,
     SQLITE_PATH: sqlitePath,
+    ...providerExtras,
     ...searchConfig,
   };
   fs.writeFileSync(configPath, JSON.stringify(configVars, null, 2));