omnikey-cli 1.6.0 → 1.6.2

package/backend-dist/aiProviderRoutes.js

@@ -0,0 +1,282 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.aiProviderRouter = aiProviderRouter;
+const express_1 = __importDefault(require("express"));
+const zod_1 = __importDefault(require("zod"));
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const authMiddleware_1 = require("./authMiddleware");
+const config_1 = require("./config");
+const logger_1 = require("./logger");
+const scheduledJobExecutor_1 = require("./scheduledJobExecutor");
+const providerEnum = zod_1.default.enum(['openai', 'anthropic', 'gemini', 'nemotron']);
+const putSchema = zod_1.default.object({
+    apiKey: zod_1.default.string().min(1).max(4096),
+    baseUrl: zod_1.default
+        .string()
+        .max(1000)
+        .url({ message: 'baseUrl must be a valid URL.' })
+        .nullable()
+        .optional(),
+});
+/** Mapping from provider → env var that holds its API key. */
+const PROVIDER_ENV_KEY = {
+    openai: 'OPENAI_API_KEY',
+    anthropic: 'ANTHROPIC_API_KEY',
+    gemini: 'GEMINI_API_KEY',
+    nemotron: 'NEMOTRON_API_KEY',
+};
+/** Legacy aliases that should be cleared whenever the canonical env is rewritten. */
+const PROVIDER_LEGACY_ALIASES = {
+    nemotron: ['NVIDIA_API_KEY'],
+};
+function getConfigPath() {
+    const home = process.env.HOME || process.env.USERPROFILE || os_1.default.homedir();
+    return path_1.default.join(home, '.omnikey', 'config.json');
+}
+function readConfigFile() {
+    const configPath = getConfigPath();
+    try {
+        if (fs_1.default.existsSync(configPath)) {
+            const raw = fs_1.default.readFileSync(configPath, 'utf-8');
+            const parsed = JSON.parse(raw);
+            if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+                return parsed;
+            }
+        }
+    }
+    catch (err) {
+        logger_1.logger.warn('Could not read ~/.omnikey/config.json — treating as empty.', { error: err });
+    }
+    return {};
+}
+function writeConfigFile(data) {
+    const configPath = getConfigPath();
+    fs_1.default.mkdirSync(path_1.default.dirname(configPath), { recursive: true });
+    fs_1.default.writeFileSync(configPath, JSON.stringify(data, null, 2), 'utf-8');
+}
+/** Mask an API key so a small prefix/suffix is visible (e.g. `sk-…AB12`). */
+function maskApiKey(key) {
+    if (!key)
+        return '';
+    if (key.length <= 8)
+        return '••••••••';
+    return `${key.slice(0, 3)}••••••••${key.slice(-4)}`;
+}
+/** Reads any provider key (canonical or legacy alias) out of the config object. */
+function readProviderKey(cfg, provider) {
+    const canonical = cfg[PROVIDER_ENV_KEY[provider]];
+    if (canonical && typeof canonical === 'string' && canonical.length > 0)
+        return canonical;
+    for (const alias of PROVIDER_LEGACY_ALIASES[provider] ?? []) {
+        const v = cfg[alias];
+        if (v && typeof v === 'string' && v.length > 0)
+            return v;
+    }
+    return undefined;
+}
+function describeProvider(provider, cfg) {
+    const key = readProviderKey(cfg, provider);
+    return {
+        provider,
+        isConfigured: Boolean(key),
+        apiKeyMasked: maskApiKey(key),
+        baseUrl: provider === 'nemotron'
+            ? (typeof cfg.NEMOTRON_BASE_URL === 'string' ? cfg.NEMOTRON_BASE_URL : null)
+            : null,
+    };
+}
+function readActiveProvider(cfg) {
+    const raw = cfg.AI_PROVIDER;
+    if (raw === 'openai' || raw === 'anthropic' || raw === 'gemini' || raw === 'nemotron') {
+        return raw;
+    }
+    // Fall back to the provider currently bound to the running process (config.ts
+    // already auto-detects from the first configured key in env).
+    return config_1.config.aiProvider;
+}
+/**
+ * Triggers a daemon restart by handing off to the shared `runScript` helper
+ * (the same one used by the scheduled-job executor). The script invokes the
+ * `omnikey restart-daemon --port <port>` CLI, which tears down the
+ * launchd / NSSM persistence agent and brings a fresh daemon back up on the
+ * same port — picking up the rewritten config.json values from env on the
+ * way up.
+ *
+ * Important: `omnikey restart-daemon` calls `killDaemon()` first, which kills
+ * *this* Node process. To survive that, we wrap the call in `nohup ... &`
+ * with stdio redirected to a log file and `disown` so the actual
+ * `omnikey restart-daemon` invocation escapes the shell's process tree
+ * before this process is terminated. `runScript` is fire-and-forget: we do
+ * not await it because we expect to be killed before it returns.
+ */
+function scheduleDaemonRestart(reason) {
+    setTimeout(() => {
+        const port = config_1.config.port;
+        const logFile = path_1.default.join(process.env.HOME || os_1.default.homedir(), '.omnikey', 'restart-daemon.log');
+        const script = [
+            '#!/usr/bin/env bash',
+            'set -u',
+            `mkdir -p "$(dirname "${logFile}")"`,
+            `echo "[$(date -Iseconds)] restart-daemon triggered: ${reason}" >> "${logFile}"`,
+            // Detach the actual restart so it survives this daemon's imminent death.
+            `nohup omnikey restart-daemon --port ${port} >> "${logFile}" 2>&1 &`,
+            'disown || true',
+            'exit 0',
+        ].join('\n');
+        logger_1.logger.info(`Running \`omnikey restart-daemon --port ${port}\` via runScript (${reason})`);
+        // Fire-and-forget: we expect `omnikey restart-daemon` to kill this process
+        // long before runScript's exec promise resolves.
+        void (0, scheduledJobExecutor_1.runScript)(script)
+            .then((result) => {
+            if (result.isError) {
+                logger_1.logger.error('runScript reported a non-zero exit for restart-daemon.', {
+                    output: result.output,
+                });
+            }
+        })
+            .catch((err) => {
+            logger_1.logger.error('Unexpected runScript failure while restarting daemon.', { error: err });
+        });
+    }, 500);
+}
+function aiProviderRouter() {
+    const router = express_1.default.Router();
+    /** GET /api/providers — list which providers have a key in config.json. */
+    router.get('/', authMiddleware_1.authMiddleware, async (_req, res) => {
+        const { logger: reqLogger } = res.locals;
+        try {
+            const cfg = readConfigFile();
+            const providers = ['openai', 'anthropic', 'gemini', 'nemotron'];
+            const active = readActiveProvider(cfg);
+            res.json({
+                providers: providers.map((p) => describeProvider(p, cfg)),
+                activeProvider: active,
+                // The in-process provider may differ from cfg.AI_PROVIDER if the user
+                // changed config.json out of band — surface both so the UI can warn.
+                runtimeProvider: config_1.config.aiProvider,
+            });
+        }
+        catch (err) {
+            reqLogger.error('Error reading provider config.', { error: err });
+            res.status(500).json({ error: 'Failed to read provider config.' });
+        }
+    });
+    /** PUT /api/providers/:provider — store/update API key for that provider. */
+    router.put('/:provider', authMiddleware_1.authMiddleware, async (req, res) => {
+        const { logger: reqLogger } = res.locals;
+        const providerParam = providerEnum.safeParse(req.params.provider);
+        if (!providerParam.success) {
+            return res.status(400).json({ error: 'Unknown provider.' });
+        }
+        const provider = providerParam.data;
+        try {
+            const parsed = putSchema.parse(req.body);
+            const cfg = readConfigFile();
+            // Always clear legacy aliases so the canonical env wins on next boot.
+            for (const alias of PROVIDER_LEGACY_ALIASES[provider] ?? []) {
+                delete cfg[alias];
+            }
+            cfg[PROVIDER_ENV_KEY[provider]] = parsed.apiKey;
+            if (provider === 'nemotron') {
+                if (parsed.baseUrl) {
+                    cfg.NEMOTRON_BASE_URL = parsed.baseUrl;
+                }
+                else if (parsed.baseUrl === null) {
+                    delete cfg.NEMOTRON_BASE_URL;
+                }
+            }
+            writeConfigFile(cfg);
+            // If the user updated the currently-active provider's key, the running
+            // process is now using a stale key — schedule a restart so it picks
+            // the new one up. We only restart when AI_PROVIDER is *explicitly*
+            // pinned in config.json, because the auto-detected fallback may differ
+            // from what the user is configuring and we don't want to bounce the
+            // server on first-time key save.
+            const explicitActive = typeof cfg.AI_PROVIDER === 'string' ? cfg.AI_PROVIDER : null;
+            let restartScheduled = false;
+            if (explicitActive === provider) {
+                scheduleDaemonRestart(`updated active provider key (${provider})`);
+                restartScheduled = true;
+            }
+            res.json({
+                ...describeProvider(provider, cfg),
+                restartScheduled,
+            });
+        }
+        catch (err) {
+            reqLogger.error('Error storing provider key.', { error: err });
+            if (err instanceof zod_1.default.ZodError) {
+                return res.status(400).json({ error: 'Invalid provider data.' });
+            }
+            res.status(500).json({ error: 'Failed to store provider key.' });
+        }
+    });
+    /** DELETE /api/providers/:provider — remove the saved key. */
+    router.delete('/:provider', authMiddleware_1.authMiddleware, async (req, res) => {
+        const { logger: reqLogger } = res.locals;
+        const providerParam = providerEnum.safeParse(req.params.provider);
+        if (!providerParam.success) {
+            return res.status(400).json({ error: 'Unknown provider.' });
+        }
+        const provider = providerParam.data;
+        try {
+            const cfg = readConfigFile();
+            const active = readActiveProvider(cfg);
+            if (active === provider) {
+                return res.status(409).json({
+                    error: 'Cannot remove the active provider. Activate a different provider first, then remove this one.',
+                });
+            }
+            delete cfg[PROVIDER_ENV_KEY[provider]];
+            for (const alias of PROVIDER_LEGACY_ALIASES[provider] ?? []) {
+                delete cfg[alias];
+            }
+            if (provider === 'nemotron') {
+                delete cfg.NEMOTRON_BASE_URL;
+            }
+            writeConfigFile(cfg);
+            res.status(204).send();
+        }
+        catch (err) {
+            reqLogger.error('Error removing provider key.', { error: err });
+            res.status(500).json({ error: 'Failed to remove provider key.' });
+        }
+    });
+    /** POST /api/providers/:provider/activate — switch AI_PROVIDER + restart. */
+    router.post('/:provider/activate', authMiddleware_1.authMiddleware, async (req, res) => {
+        const { logger: reqLogger } = res.locals;
+        const providerParam = providerEnum.safeParse(req.params.provider);
+        if (!providerParam.success) {
+            return res.status(400).json({ error: 'Unknown provider.' });
+        }
+        const provider = providerParam.data;
+        try {
+            const cfg = readConfigFile();
+            const key = readProviderKey(cfg, provider);
+            if (!key) {
+                return res.status(400).json({
+                    error: `No API key saved for provider "${provider}". Save a key first, then activate.`,
+                });
+            }
+            cfg.AI_PROVIDER = provider;
+            writeConfigFile(cfg);
+            res.json({
+                provider,
+                activeProvider: provider,
+                restartScheduled: true,
+                message: 'Provider activated. Server will restart shortly to apply the change.',
+            });
+            scheduleDaemonRestart(`activated provider ${provider}`);
+        }
+        catch (err) {
+            reqLogger.error('Error activating provider.', { error: err });
+            res.status(500).json({ error: 'Failed to activate provider.' });
+        }
+    });
+    return router;
+}

package/backend-dist/index.js

@@ -15,6 +15,7 @@ const logger_1 = require("./logger");
 const taskInstructionRoutes_1 = require("./taskInstructionRoutes");
 const scheduledJobRoutes_1 = require("./scheduledJobRoutes");
 const mcpServerRoutes_1 = require("./mcpServerRoutes");
+const aiProviderRoutes_1 = require("./aiProviderRoutes");
 const spawn_1 = require("./workers/spawn");
 const scheduledJobWorkerClient_1 = require("./workers/scheduledJobWorkerClient");
 const config_1 = require("./config");
@@ -36,6 +37,7 @@ app.use('/api/feature', (0, featureRoutes_1.createFeatureRouter)());
 app.use('/api/instructions', (0, taskInstructionRoutes_1.taskInstructionRouter)());
 app.use('/api/scheduled-jobs', (0, scheduledJobRoutes_1.scheduledJobRouter)());
 app.use('/api/mcp-servers', (0, mcpServerRoutes_1.mcpServerRouter)());
+app.use('/api/providers', (0, aiProviderRoutes_1.aiProviderRouter)());
 app.use('/api/agent', (0, agentServer_1.createAgentRouter)());
 app.get('/macos/download', (_req, res) => {
     const dmgPath = path_1.default.join(process.cwd(), 'macOS', 'OmniKeyAI.dmg');
@@ -43,21 +45,25 @@ app.get('/macos/download', (_req, res) => {
         res.status(404).send('File not found.');
         return;
     }
+    let fileSize = 0;
+    try {
+        fileSize = fs_1.default.statSync(dmgPath).size;
+    }
+    catch (_) { }
     res.set({
         'Content-Type': 'application/octet-stream',
         'Content-Disposition': 'attachment; filename="OmniKeyAI.dmg"',
-        'Content-Encoding': 'gzip',
+        ...(fileSize ? { 'Content-Length': String(fileSize) } : {}),
     });
     (0, bucket_adapter_1.incrementDownloadCount)('macos').catch(() => { });
     const fileStream = fs_1.default.createReadStream(dmgPath);
-    const gzip = zlib_1.default.createGzip();
     fileStream.on('error', (err) => {
         logger_1.logger.error('Failed to send OmniKeyAI.dmg for download.', { error: err });
         if (!res.headersSent) {
             res.status(500).send('Unable to download file.');
         }
     });
-    fileStream.pipe(gzip).pipe(res);
+    fileStream.pipe(res);
 });
 // Sparkle appcast feed for macOS updates.
 // This feed uses the existing /macos/download endpoint as the
@@ -78,8 +84,8 @@ app.get('/macos/appcast', (req, res) => {
     const appcastUrl = `${baseUrl}/macos/appcast`;
     // These should match the values embedded into the macOS app
     // Info.plist in macOS/build_release_dmg.sh.
-    const bundleVersion = '37';
-    const shortVersion = '1.0.36';
+    const bundleVersion = '39';
+    const shortVersion = '1.0.38';
     const xml = `<?xml version="1.0" encoding="utf-8"?>
 <rss version="2.0"
      xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle"
@@ -181,6 +187,24 @@ app.get('/downloads/stats', async (_req, res) => {
 app.get('/health', (_req, res) => {
     res.json({ status: 'ok' });
 });
+app.get('/install.sh', (_req, res) => {
+    const scriptPath = path_1.default.join(process.cwd(), 'install.sh');
+    if (!fs_1.default.existsSync(scriptPath)) {
+        res.status(404).send('Not found.');
+        return;
+    }
+    res.set('Content-Type', 'text/plain; charset=utf-8');
+    res.sendFile(scriptPath);
+});
+app.get('/install.ps1', (_req, res) => {
+    const scriptPath = path_1.default.join(process.cwd(), 'install.ps1');
+    if (!fs_1.default.existsSync(scriptPath)) {
+        res.status(404).send('Not found.');
+        return;
+    }
+    res.set('Content-Type', 'text/plain; charset=utf-8');
+    res.sendFile(scriptPath);
+});
 app.get('*', (_req, res) => {
     res.sendFile(path_1.default.join(process.cwd(), 'public', 'index.html'));
 });

package/backend-dist/scheduledJobExecutor.js

@@ -5,6 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.computeNextRunAt = computeNextRunAt;
 exports.startScheduledJobExecutor = startScheduledJobExecutor;
+exports.runScript = runScript;
 exports.executeJob = executeJob;
 const child_process_1 = require("child_process");
 const promises_1 = require("fs/promises");

package/package.json

@@ -4,7 +4,7 @@
     "access": "public",
     "registry": "https://registry.npmjs.org/"
   },
-  "version": "1.6.0",
+  "version": "1.6.2",
   "description": "CLI for onboarding users to Omnikey AI and configuring OPENAI_API_KEY. Use Yarn for install/build.",
   "engines": {
     "node": ">=14.0.0",