omnius 1.0.264 → 1.0.265

package/dist/index.js

@@ -606077,6 +606077,7 @@ var init_status_bar = __esm({
       _autoScroll = true;
       /** Cached click region for the spacer button */
       _scrollBtnRegion = null;
+      _copyBtnRegion = null;
       stdinHooked = false;
       /** COHERE distributed cognitive commons active flag */
       _cohereActive = false;
@@ -607776,6 +607777,12 @@ var init_status_bar = __esm({
             return;
           }
         }
+        if (type === "press" && this._copyBtnRegion && row === this._copyBtnRegion.row) {
+          if (col >= this._copyBtnRegion.start && col <= this._copyBtnRegion.end) {
+            this.copySessionToClipboard();
+            return;
+          }
+        }
         const pos = this.rowPositions(termRows());
         if (type === "press" && pos.tabBarRow > 0 && row === pos.tabBarRow) {
           const viewId = this.hitTestTabBar(col);
@@ -608627,6 +608634,60 @@ ${CONTENT_BG_SEQ}`);
         this._syncPagerScope();
         this.repaintContent();
       }
+      /** Copy the visible session content to the system clipboard */
+      copySessionToClipboard() {
+        const lines = this._contentLines;
+        if (!lines || lines.length === 0) return;
+        const offset = this._contentScrollOffset;
+        const visible = this.contentHeight;
+        const startIdx = Math.max(0, offset);
+        const endIdx = Math.min(lines.length, startIdx + visible);
+        const visibleLines = lines.slice(startIdx, endIdx);
+        const stripped = visibleLines.map(
+          (line) => line.replace(/\x1B\[[0-9;]*[a-zA-Z]/g, "").replace(/\x1B\]?[^\x07]*\x07/g, "")
+        );
+        const text2 = stripped.join("\n");
+        const clipboardCmds = [
+          ["wl-copy", text2],
+          ["xclip", ["-selection", "clipboard"], "-i"],
+          ["xsel", "--clipboard", "--input"]
+        ];
+        let success = false;
+        for (const [cmd, ...args] of clipboardCmds) {
+          try {
+            const { execSync: execSync63 } = __require("child_process");
+            const child = __require("child_process").spawn(cmd, args, {
+              stdio: ["pipe", "pipe", "pipe"]
+            });
+            if (child.stdin) {
+              child.stdin.write(text2);
+              child.stdin.end();
+            }
+            child.on("close", (code8) => {
+              if (code8 === 0) success = true;
+            });
+            setTimeout(() => {
+              if (!success) {
+                try {
+                  child.kill();
+                } catch {
+                }
+              }
+            }, 500);
+            break;
+          } catch {
+            continue;
+          }
+        }
+        if (!success) {
+          const fs11 = __require("fs");
+          const os9 = __require("os");
+          const tmpPath = __require("path").join(os9.tmpdir(), "omnius-session-copy.txt");
+          fs11.writeFileSync(tmpPath, text2, "utf-8");
+          process.stderr.write(`\x1B[38;5;208mClipboard unavailable — session saved to ${tmpPath}\x1B[0m
+`);
+        }
+      }
       /**
        * WO-TASK-02 — sync the tasks panel "pager" scope flag with the current
        * scroll-back state. While the user is scrolled back through content
@@ -608692,8 +608753,19 @@ ${CONTENT_BG_SEQ}`);
               start: startCol,
               end: startCol + label.length - 1
             };
+            const copyLabel = " ⎘ copy session ";
+            const copyCol = Math.max(startCol + label.length + 2, w - copyLabel.length);
+            if (copyCol + copyLabel.length <= w) {
+              buf += `\x1B[${spacerRow};${copyCol}H\x1B[38;5;141m${copyLabel}\x1B[0m${CONTENT_BG_SEQ}`;
+              this._copyBtnRegion = {
+                row: spacerRow,
+                start: copyCol,
+                end: copyCol + copyLabel.length - 1
+              };
+            }
           } else {
             this._scrollBtnRegion = null;
+            this._copyBtnRegion = null;
           }
         }
         if (this._contentScrollOffset > 0) {
@@ -690936,7 +691008,7 @@ import {
   readSync as readSync2,
   closeSync as closeSync6
 } from "node:fs";
-import { randomBytes as randomBytes28, randomUUID as randomUUID21 } from "node:crypto";
+import { randomBytes as randomBytes28, randomUUID as randomUUID21, timingSafeEqual as timingSafeEqual2 } from "node:crypto";
 import { createHash as createHash42 } from "node:crypto";
 function memoryDbPaths3(baseDir = process.cwd()) {
   const dir = join164(baseDir, ".omnius");
@@ -692499,16 +692571,69 @@ function runtimeKeysExist() {
     return false;
   }
 }
+function tokensMatch(a2, b) {
+  if (typeof a2 !== "string" || typeof b !== "string") return false;
+  if (a2.length === 0 || b.length === 0) return false;
+  const ab = Buffer.from(a2, "utf8");
+  const bb = Buffer.from(b, "utf8");
+  if (ab.length !== bb.length) return false;
+  try {
+    return timingSafeEqual2(ab, bb);
+  } catch {
+    return false;
+  }
+}
+function scopedEnvKeySources() {
+  const pick = (...names) => {
+    for (const n2 of names) {
+      const v = process.env[n2];
+      if (v && v.trim()) return v.trim();
+    }
+    return void 0;
+  };
+  return [
+    {
+      value: pick("OMNIUS_REST_READ_API_KEY", "OMNIUS_READ_API_KEY"),
+      scope: "read",
+      user: "rest-read"
+    },
+    {
+      value: pick("OMNIUS_REST_RUN_API_KEY", "OMNIUS_RUN_API_KEY"),
+      scope: "run",
+      user: "rest-run"
+    },
+    {
+      value: pick("OMNIUS_REST_AUDITOR_API_KEY", "OMNIUS_AUDITOR_API_KEY"),
+      scope: "read",
+      user: "rest-auditor"
+    },
+    {
+      value: pick("OMNIUS_REST_ADMIN_API_KEY", "OMNIUS_ADMIN_API_KEY"),
+      scope: "admin",
+      user: "rest-admin"
+    },
+    { value: pick("OMNIUS_REST_API_KEY"), scope: "admin", user: "rest-admin" }
+  ];
+}
+function anyEnvAuthKeyConfigured() {
+  if (process.env["OMNIUS_REST_API_KEYS"] || process.env["OMNIUS_API_KEYS"]) {
+    return true;
+  }
+  if (process.env["OMNIUS_API_KEY"]) return true;
+  return scopedEnvKeySources().some((s2) => Boolean(s2.value));
+}
+function anyAuthKeyConfigured() {
+  return anyEnvAuthKeyConfigured() || runtimeKeysExist();
+}
 function resolveAuth(req3) {
   const authHeader = req3.headers["authorization"];
-  const token = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
+  const token = typeof authHeader === "string" && authHeader.startsWith("Bearer ") ? authHeader.slice(7).trim() : null;
   const multiKeys = process.env["OMNIUS_REST_API_KEYS"] || process.env["OMNIUS_API_KEYS"];
-  if (multiKeys) {
-    if (!token) return { authenticated: false, scope: "read" };
+  if (token && multiKeys) {
     for (const entry of multiKeys.split(",")) {
       const parts = entry.trim().split(":");
       const [key, scope, user, rpmStr, tpdStr, maxJobsStr] = parts;
-      if (key === token) {
+      if (key && tokensMatch(key, token)) {
         return {
           authenticated: true,
           scope: scope || "admin",
@@ -692519,26 +692644,25 @@ function resolveAuth(req3) {
         };
       }
     }
-    return { authenticated: false, scope: "read" };
   }
-  const scopedRestKeys = [
-    [process.env["OMNIUS_REST_READ_API_KEY"], "read", "rest-read"],
-    [process.env["OMNIUS_REST_RUN_API_KEY"], "run", "rest-run"],
-    [process.env["OMNIUS_REST_AUDITOR_API_KEY"], "read", "rest-auditor"],
-    [process.env["OMNIUS_REST_ADMIN_API_KEY"], "admin", "rest-admin"],
-    [process.env["OMNIUS_REST_API_KEY"], "admin", "rest-admin"]
-  ];
-  for (const [key, scope, user] of scopedRestKeys) {
-    if (key && token === key) return { authenticated: true, scope, user };
+  if (token) {
+    for (const source of scopedEnvKeySources()) {
+      if (source.value && tokensMatch(source.value, token)) {
+        return {
+          authenticated: true,
+          scope: source.scope,
+          user: source.user
+        };
+      }
+    }
   }
   const singleKey = process.env["OMNIUS_API_KEY"];
-  if (singleKey) {
-    if (token === singleKey)
-      return {
-        authenticated: true,
-        scope: "admin",
-        user: "legacy-omnius-api-key"
-      };
+  if (token && singleKey && tokensMatch(singleKey, token)) {
+    return {
+      authenticated: true,
+      scope: "admin",
+      user: "legacy-omnius-api-key"
+    };
   }
   if (token) {
     try {
@@ -692558,13 +692682,12 @@ function resolveAuth(req3) {
     } catch {
     }
   }
-  if (!singleKey) {
+  if (!anyEnvAuthKeyConfigured()) {
     const insecureLoopbackAdmin = process.env["OMNIUS_INSECURE_LOOPBACK_ADMIN"] === "1";
     const remoteIp = (req3.socket?.remoteAddress || "").replace(/^::ffff:/, "");
     if (insecureLoopbackAdmin && isLoopbackIP(remoteIp)) {
       return { authenticated: true, scope: "admin", user: "insecure-loopback" };
     }
-    return { authenticated: false, scope: "read" };
   }
   return { authenticated: false, scope: "read" };
 }
@@ -692572,9 +692695,22 @@ function checkAuth(req3, res, requiredScope = "read") {
   const scopeLevel = { read: 1, run: 2, admin: 3 };
   const auth = resolveAuth(req3);
   if (!auth.authenticated) {
+    if (process.env["OMNIUS_AUTH_DEBUG"] === "1") {
+      const hasBearer = typeof req3.headers["authorization"] === "string" && req3.headers["authorization"].startsWith("Bearer ");
+      const remoteIp = (req3.socket?.remoteAddress || "").replace(
+        /^::ffff:/,
+        ""
+      );
+      const reason = !hasBearer ? "no_bearer_token" : anyAuthKeyConfigured() ? "token_not_recognized" : "no_server_keys_configured";
+      process.stderr.write(
+        `[auth] 401 ${reason} ip=${remoteIp} requiredScope=${requiredScope}
+`
+      );
+    }
     jsonResponse(res, 401, {
       error: "Unauthorized",
-      message: "Invalid or missing Bearer token"
+      message: "Invalid or missing Bearer token",
+      hint: "Send 'Authorization: Bearer <token>'. The token must match OMNIUS_API_KEYS, a scoped OMNIUS_[REST_]<SCOPE>_API_KEY, OMNIUS_API_KEY, or a runtime/dashboard-minted key."
     });
     return false;
   }
@@ -699711,9 +699847,7 @@ function startApiServer(options2 = {}) {
     res.setHeader("X-API-Version", API_VERSION);
     const rawIp = req3.socket?.remoteAddress ?? "";
     const hasBearer = typeof req3.headers["authorization"] === "string" && req3.headers["authorization"].startsWith("Bearer ");
-    const anyKeyConfigured = hasBearer && Boolean(
-      process.env["OMNIUS_API_KEY"] || process.env["OMNIUS_API_KEYS"] || process.env["OMNIUS_REST_API_KEY"] || process.env["OMNIUS_REST_API_KEYS"] || process.env["OMNIUS_REST_READ_API_KEY"] || process.env["OMNIUS_REST_RUN_API_KEY"] || process.env["OMNIUS_REST_ADMIN_API_KEY"] || runtimeKeysExist()
-    );
+    const anyKeyConfigured = hasBearer && anyAuthKeyConfigured();
     if (!isAllowedIP(rawIp, runtimeAccessMode) && !(hasBearer && anyKeyConfigured)) {
       _accessRejected++;
       metrics.totalErrors++;
@@ -700278,19 +700412,27 @@ function startApiServer(options2 = {}) {
         }
       }, 36e5).unref();
     }
-    const configuredRestKeys = process.env["OMNIUS_REST_API_KEYS"] || process.env["OMNIUS_API_KEYS"];
-    if (configuredRestKeys) {
-      const keyCount = configuredRestKeys.split(",").length;
-      log22(`  Auth: ${keyCount} scoped key(s) (read/run/admin)
-`);
-    } else if (process.env["OMNIUS_REST_API_KEY"] || process.env["OMNIUS_REST_ADMIN_API_KEY"] || process.env["OMNIUS_API_KEY"]) {
-      log22(`  Auth: single Bearer token (admin scope)
+    {
+      const sources = [];
+      const multiMap = process.env["OMNIUS_REST_API_KEYS"] || process.env["OMNIUS_API_KEYS"];
+      if (multiMap) {
+        sources.push(`${multiMap.split(",").length} multi-key map entry(ies)`);
+      }
+      const scopedCount = scopedEnvKeySources().filter(
+        (s2) => Boolean(s2.value)
+      ).length;
+      if (scopedCount > 0) sources.push(`${scopedCount} scoped env key(s)`);
+      if (process.env["OMNIUS_API_KEY"]) sources.push("legacy single key");
+      if (runtimeKeysExist()) sources.push("runtime/dashboard keys");
+      if (sources.length > 0) {
+        log22(`  Auth: enabled — ${sources.join(", ")}
 `);
-    } else {
-      log22(
-        `  Auth: disabled (set OMNIUS_REST_API_KEY or OMNIUS_REST_API_KEYS to enable)
+      } else {
+        log22(
+          `  Auth: disabled (set OMNIUS_RUN_API_KEY / OMNIUS_REST_API_KEY / OMNIUS_API_KEYS, or mint a runtime key, to enable)
 `
-      );
+        );
+      }
     }
     log22(`  Discovering sponsors in background...
 

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "omnius",
-  "version": "1.0.264",
+  "version": "1.0.265",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "omnius",
-      "version": "1.0.264",
+      "version": "1.0.265",
       "bundleDependencies": [
         "image-to-ascii"
       ],
@@ -6337,9 +6337,9 @@
       "license": "MIT"
     },
     "node_modules/semver": {
-      "version": "7.8.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.3.tgz",
-      "integrity": "sha512-wnilbGyMxzbY7dNOl7jpKbLSjcfeweJWU5j4+u5qW+6/wuGD9KzIGOyZnQVSBM9E7DtWaaH3CyHkppYrKYoxwg==",
+      "version": "7.8.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.4.tgz",
+      "integrity": "sha512-rUCObTnP32Q08R2uuIrt7r9PlEonuTmtuXYcW6s5kjdlj3xbnwe+21yXptAUYcMAABLkYYTtnmzb3w3EDZfueA==",
       "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "omnius",
-  "version": "1.0.264",
+  "version": "1.0.265",
   "description": "AI coding agent powered by open-source models (Ollama/vLLM) — interactive TUI with agentic tool-calling loop",
   "type": "module",
   "main": "./dist/index.js",