open-agents-ai 0.187.364 → 0.187.366

package/dist/index.js

@@ -544461,11 +544461,31 @@ async function handleSlashCommand(input, ctx3) {
           } else {
             ctx4.saveSettings({ oaAccess: val2 });
           }
-          const { stopDaemon: stopDaemon3, ensureDaemon: ensureDaemon3 } = await Promise.resolve().then(() => (init_daemon(), daemon_exports));
-          stopDaemon3();
-          await new Promise((r2) => setTimeout(r2, 800));
-          const ok3 = await ensureDaemon3();
-          renderInfo2(ok3 ? "Daemon restarted to apply access policy." : "Failed to restart daemon.");
+          const port2 = parseInt(process.env["OA_PORT"] || "11435", 10);
+          let switched2 = false;
+          try {
+            const resp = await fetch(`http://127.0.0.1:${port2}/v1/admin/access`, {
+              method: "POST",
+              headers: { "Content-Type": "application/json" },
+              body: JSON.stringify({ mode: val2 }),
+              signal: AbortSignal.timeout(3e3)
+            });
+            switched2 = resp.ok;
+          } catch {
+          }
+          if (switched2) {
+            renderInfo2(`Access policy now '${val2}' (live, no restart). Persisted to ~/.open-agents/access.`);
+          } else {
+            const { stopDaemon: stopDaemon2, ensureDaemon: ensureDaemon2, isDaemonRunning: isDaemonRunning2 } = await Promise.resolve().then(() => (init_daemon(), daemon_exports));
+            stopDaemon2();
+            const deadline = Date.now() + 4e3;
+            while (Date.now() < deadline) {
+              if (!await isDaemonRunning2(port2)) break;
+              await new Promise((r2) => setTimeout(r2, 200));
+            }
+            const ok2 = await ensureDaemon2();
+            renderInfo2(ok2 ? "Daemon restarted to apply access policy." : "Failed to restart daemon.");
+          }
           return "handled";
         }
       });
@@ -544506,11 +544526,36 @@ async function handleSlashCommand(input, ctx3) {
       } else {
         ctx3.saveSettings({ oaAccess: val });
       }
-      const { stopDaemon: stopDaemon2, ensureDaemon: ensureDaemon2 } = await Promise.resolve().then(() => (init_daemon(), daemon_exports));
-      stopDaemon2();
-      await new Promise((r2) => setTimeout(r2, 800));
-      const ok2 = await ensureDaemon2();
-      renderInfo2(ok2 ? "Daemon restarted to apply access policy." : "Failed to restart daemon.");
+      const port = parseInt(process.env["OA_PORT"] || "11435", 10);
+      let switched = false;
+      try {
+        const resp = await fetch(`http://127.0.0.1:${port}/v1/admin/access`, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ mode: val }),
+          signal: AbortSignal.timeout(3e3)
+        });
+        switched = resp.ok;
+        if (!resp.ok) {
+          const txt = await resp.text().catch(() => "");
+          renderWarning2(`Live access switch HTTP ${resp.status}: ${txt.slice(0, 120)}`);
+        }
+      } catch (e2) {
+        renderWarning2(`Live access switch failed (${e2 instanceof Error ? e2.message : String(e2)}); falling back to daemon restart.`);
+      }
+      if (switched) {
+        renderInfo2(`Access policy now '${val}' (live, no restart). Persisted to ~/.open-agents/access.`);
+      } else {
+        const { stopDaemon: stopDaemon2, ensureDaemon: ensureDaemon2, isDaemonRunning: isDaemonRunning2 } = await Promise.resolve().then(() => (init_daemon(), daemon_exports));
+        stopDaemon2();
+        const deadline = Date.now() + 4e3;
+        while (Date.now() < deadline) {
+          if (!await isDaemonRunning2(port)) break;
+          await new Promise((r2) => setTimeout(r2, 200));
+        }
+        const ok2 = await ensureDaemon2();
+        renderInfo2(ok2 ? "Daemon restarted to apply access policy." : "Failed to restart daemon.");
+      }
       return "handled";
     }
     case "host": {
@@ -568965,12 +569010,12 @@ async function loadScheduled() {
     const rows = tasks.map(t => {
       const enabled = !!t.enabled;
       const btn = enabled
-        ? '<button onclick="toggleScheduled('' + t.id + '',false)" style="background:#2a2a30;border:1px solid #5a2a2a;color:#b25f5f;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">disable</button>'
-        : '<button onclick="toggleScheduled('' + t.id + '',true)" style="background:#2a2a30;border:1px solid #2a3a2a;color:#4ec94e;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">enable</button>';
+        ? '<button onclick="toggleScheduled(\\'' + t.id + '\\',false)" style="background:#2a2a30;border:1px solid #5a2a2a;color:#b25f5f;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">disable</button>'
+        : '<button onclick="toggleScheduled(\\'' + t.id + '\\',true)" style="background:#2a2a30;border:1px solid #2a3a2a;color:#4ec94e;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">enable</button>';
       const color = enabled ? '#4ec94e' : '#5a2a2a';
       const procInfo = t.procs && t.procs.length ? (' (' + t.procs.length + ' proc)') : '';
       const up = t.procs && t.procs[0] && t.procs[0].uptime_s ? (' • up ' + Math.max(1, Math.round(t.procs[0].uptime_s/60)) + 'm') : '';
-      const killBtn = '<button onclick="killScheduledTask('' + t.id + '')" style="background:#2a2a30;border:1px solid #5a2a2a;color:#b25f5f;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">kill</button>';
+      const killBtn = '<button onclick="killScheduledTask(\\'' + t.id + '\\')" style="background:#2a2a30;border:1px solid #5a2a2a;color:#b25f5f;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">kill</button>';
       const row = '<div style="background:#1e1e22;border-left:2px solid ' + color + ';padding:6px 10px;margin:4px 0;font-size:0.72rem">'
         + '<div style="color:#b0b0b0">' + (t.name || '(task)') + ' <span style="color:#555">' + (t.schedule || '') + '</span>' + procInfo + up + '</div>'
         + '<div style="color:#555;font-size:0.6rem">' + t.file + '#' + t.index + '</div>'
@@ -568990,14 +569035,14 @@ async function loadScheduled() {
   } catch {}
 }
 
-(window as any).toggleScheduled = async function(id: string, enabled: boolean) {
+window.toggleScheduled = async function(id, enabled) {
   try {
     await fetch('/v1/scheduled/' + encodeURIComponent(id), { method:'POST', headers: headers(), body: JSON.stringify({enabled}) });
     loadScheduled();
   } catch {}
 }
 
-(window as any).killScheduled = async function() {
+window.killScheduled = async function() {
   try {
     const r = await fetch('/v1/scheduled/kill', { method:'POST', headers: headers(), body: JSON.stringify({}) });
     const j = await r.json();
@@ -569008,18 +569053,15 @@ async function loadScheduled() {
     const rem = Array.isArray(j.procs_after) ? j.procs_after.length : 0;
     let msg = 'Killed ' + (kb + ka) + ' processes.';
     if (before && after) {
-      msg += '
-GPU util: ' + before.gpu_pct + '% → ' + after.gpu_pct + '%, VRAM: ' + before.vram_used_gb + '/' + before.vram_total_gb + ' GB → ' + after.vram_used_gb + '/' + after.vram_total_gb + ' GB';
+      msg += '\\nGPU util: ' + before.gpu_pct + '% → ' + after.gpu_pct + '%, VRAM: ' + before.vram_used_gb + '/' + before.vram_total_gb + ' GB → ' + after.vram_used_gb + '/' + after.vram_total_gb + ' GB';
     }
-    msg += rem > 0 ? ('
-Remaining matched processes: ' + rem) : '
-No remaining matched processes.';
+    msg += rem > 0 ? ('\\nRemaining matched processes: ' + rem) : '\\nNo remaining matched processes.';
     alert(msg);
     loadScheduled();
   } catch (e) { alert('Kill failed: ' + (e && e.message || String(e))); }
 }
 
-(window as any).disableAllScheduled = async function() {
+window.disableAllScheduled = async function() {
   try {
     const r = await fetch('/v1/scheduled', { headers: headers() });
     const d = await r.json();
@@ -569036,7 +569078,7 @@ No remaining matched processes.';
   } catch {}
 }
 
-(window as any).enableAllScheduled = async function() {
+window.enableAllScheduled = async function() {
   try {
     const r = await fetch('/v1/scheduled', { headers: headers() });
     const d = await r.json();
@@ -569053,7 +569095,7 @@ No remaining matched processes.';
   } catch {}
 }
 
-(window as any).adoptScheduled = async function() {
+window.adoptScheduled = async function() {
   try {
     const r = await fetch('/v1/scheduled/reconcile', { method:'POST', headers: headers(), body: JSON.stringify({ apply: true }) });
     const j = await r.json();
@@ -569065,7 +569107,7 @@ No remaining matched processes.';
   } catch (e) { alert('Adopt failed: ' + (e && e.message || String(e))); }
 }
 
-(window as any).fixupScheduled = async function() {
+window.fixupScheduled = async function() {
   try {
     if (!confirm('Rewrite OA cron entries to canonical launcher?')) return;
     const r = await fetch('/v1/scheduled/fixup', { method:'POST', headers: headers(), body: JSON.stringify({ mode: 'cron', dryRun: false }) });
@@ -569075,7 +569117,7 @@ No remaining matched processes.';
   } catch (e) { alert('Fixup failed: ' + (e && e.message || String(e))); }
 }
 
-(window as any).migrateScheduled = async function() {
+window.migrateScheduled = async function() {
   try {
     if (!confirm('Migrate OA cron entries to systemd user timers?')) return;
     const r = await fetch('/v1/scheduled/fixup', { method:'POST', headers: headers(), body: JSON.stringify({ mode: 'migrate', dryRun: false }) });
@@ -569085,7 +569127,7 @@ No remaining matched processes.';
   } catch (e) { alert('Migrate failed: ' + (e && e.message || String(e))); }
 }
 
-(window as any).killScheduledTask = async function(id) {
+window.killScheduledTask = async function(id) {
   try {
     // Fetch task to derive a pattern (directory of tasks.json)
     const r = await fetch('/v1/scheduled/status', { headers: headers() });
@@ -569096,20 +569138,20 @@ No remaining matched processes.';
     const dir = (t.file || '').split('/').slice(0, -1).join('/') || t.file;
     // Escape for regex without using a character class that includes brace/dollar combo (parser quirk)
     const safe = dir
-      .replace(/\\/g, "\\\\")
-      .replace(/[/g, "\\[")
-      .replace(/]/g, "\\]")
-      .replace(/{/g, "\\{")
-      .replace(/}/g, "\\}")
-      .replace(/(/g, "\\(")
-      .replace(/)/g, "\\)")
-      .replace(/*/g, "\\*")
-      .replace(/+/g, "\\+")
-      .replace(/?/g, "\\?")
-      .replace(/^/g, "\\^")
-      .replace(/$/g, "\\$")
-      .replace(/|/g, "\\|")
-      .replace(/./g, "\\.");
+      .replace(/\\\\/g, "\\\\\\\\")
+      .replace(/\\[/g, "\\\\[")
+      .replace(/\\]/g, "\\\\]")
+      .replace(/\\{/g, "\\\\{")
+      .replace(/\\}/g, "\\\\}")
+      .replace(/\\(/g, "\\\\(")
+      .replace(/\\)/g, "\\\\)")
+      .replace(/\\*/g, "\\\\*")
+      .replace(/\\+/g, "\\\\+")
+      .replace(/\\?/g, "\\\\?")
+      .replace(/\\^/g, "\\\\^")
+      .replace(/\\$/g, "\\\\$")
+      .replace(/\\|/g, "\\\\|")
+      .replace(/\\./g, "\\\\.");
     const body = { pattern: safe };
     const resp = await fetch('/v1/scheduled/kill', { method:'POST', headers: headers(), body: JSON.stringify(body) });
     const j = await resp.json();
@@ -569119,11 +569161,8 @@ No remaining matched processes.';
     const after = j.gpu_after && j.gpu_after[0] ? j.gpu_after[0] : null;
     const rem = Array.isArray(j.procs_after) ? j.procs_after.length : 0;
     let msg = 'Killed ' + (kb + ka) + ' processes for task.';
-    if (before && after) msg += '
-GPU util: ' + before.gpu_pct + '% → ' + after.gpu_pct + '%';
-    msg += rem > 0 ? ('
-Remaining matched processes: ' + rem) : '
-No remaining matched processes.';
+    if (before && after) msg += '\\nGPU util: ' + before.gpu_pct + '% → ' + after.gpu_pct + '%';
+    msg += rem > 0 ? ('\\nRemaining matched processes: ' + rem) : '\\nNo remaining matched processes.';
     alert(msg);
     loadScheduled();
   } catch (e) { alert('Kill failed: ' + (e && e.message || String(e))); }
@@ -569138,8 +569177,8 @@ async function loadServices() {
     const svcs = Array.isArray(d.services) ? d.services : [];
     if (!svcs.length) { el.innerHTML = ''; return; }
     const rows = svcs.map(s => {
-      const stopBtn = '<button onclick="svcAction('' + s.name + '','stop')" style="background:#2a2a30;border:1px solid #5a2a2a;color:#b25f5f;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">stop</button>';
-      const disBtn = '<button onclick="svcAction('' + s.name + '','disable')" style="background:#2a2a30;border:1px solid #5a2a2a;color:#b25f5f;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">disable</button>';
+      const stopBtn = '<button onclick="svcAction(\\'' + s.name + '\\',\\'stop\\')" style="background:#2a2a30;border:1px solid #5a2a2a;color:#b25f5f;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">stop</button>';
+      const disBtn = '<button onclick="svcAction(\\'' + s.name + '\\',\\'disable\\')" style="background:#2a2a30;border:1px solid #5a2a2a;color:#b25f5f;padding:2px 6px;border-radius:3px;font-size:0.65rem;cursor:pointer">disable</button>';
       return '<div style="background:#1e1e22;border-left:2px solid #3a3a42;padding:6px 10px;margin:4px 0;font-size:0.72rem">'
         + '<div style="color:#b0b0b0">' + s.name + '</div>'
         + '<div style="color:#555;font-size:0.6rem">enabled: ' + s.enabled + ' • active: ' + s.active + '</div>'
@@ -569150,7 +569189,7 @@ async function loadServices() {
   } catch {}
 }
 
-(window as any).svcAction = async function(name, action) {
+window.svcAction = async function(name, action) {
   try {
     await fetch('/v1/services/systemd/' + encodeURIComponent(name), { method:'POST', headers: headers(), body: JSON.stringify({ action }) });
     loadServices();
@@ -576838,23 +576877,85 @@ function startApiServer(options2 = {}) {
       process.exit(1);
     }
   }
-  const accessMode = resolveAccessMode(process.env["OA_ACCESS"], host);
+  let runtimeAccessMode = resolveAccessMode(process.env["OA_ACCESS"], host);
+  try {
+    const accessFile = join104(homedir38(), ".open-agents", "access");
+    if (existsSync87(accessFile)) {
+      const persisted = readFileSync69(accessFile, "utf8").trim();
+      const resolved = resolveAccessMode(persisted, host);
+      if (resolved) runtimeAccessMode = resolved;
+    }
+  } catch {
+  }
   let _accessRejected = 0;
   const handler = (req2, res) => {
     const rawIp = req2.socket?.remoteAddress ?? "";
-    if (!isAllowedIP(rawIp, accessMode)) {
+    if (!isAllowedIP(rawIp, runtimeAccessMode)) {
       _accessRejected++;
       metrics.totalErrors++;
       try {
         res.writeHead(403, { "Content-Type": "application/json" });
         res.end(JSON.stringify({
           error: "access_denied",
-          message: `Address ${rawIp} is not in the allowed network (mode: ${accessMode}). Set OA_ACCESS=any to disable.`
+          message: `Address ${rawIp} is not in the allowed network (mode: ${runtimeAccessMode}). Set OA_ACCESS=any to disable.`
         }));
       } catch {
       }
       return;
     }
+    try {
+      const url = new URL(req2.url || "", "http://local");
+      if (url.pathname === "/v1/admin/access" && req2.method === "POST") {
+        if (!isLoopbackIP(rawIp)) {
+          res.writeHead(403, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "loopback_required", message: "POST /v1/admin/access requires a loopback origin." }));
+          return;
+        }
+        let body = "";
+        req2.on("data", (chunk) => {
+          body += chunk;
+          if (body.length > 4096) {
+            try {
+              req2.destroy();
+            } catch {
+            }
+          }
+        });
+        req2.on("end", () => {
+          try {
+            const payload = JSON.parse(body || "{}");
+            const requested = (payload?.mode || "").toLowerCase().trim();
+            const allowed = /* @__PURE__ */ new Set(["loopback", "lan", "any"]);
+            if (!allowed.has(requested)) {
+              res.writeHead(400, { "Content-Type": "application/json" });
+              res.end(JSON.stringify({ error: "invalid_mode", message: `mode must be one of: ${[...allowed].join(", ")}` }));
+              return;
+            }
+            const previous = runtimeAccessMode;
+            runtimeAccessMode = requested;
+            try {
+              const dir = join104(homedir38(), ".open-agents");
+              mkdirSync54(dir, { recursive: true });
+              writeFileSync47(join104(dir, "access"), `${runtimeAccessMode}
+`, "utf8");
+            } catch {
+            }
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ ok: true, previous, current: runtimeAccessMode }));
+          } catch (e2) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: "bad_request", message: e2 instanceof Error ? e2.message : String(e2) }));
+          }
+        });
+        return;
+      }
+      if (url.pathname === "/v1/admin/access" && req2.method === "GET") {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ mode: runtimeAccessMode, host }));
+        return;
+      }
+    } catch {
+    }
     try {
       const url = new URL(req2.url || "", "http://local");
       if (req2.method === "POST" && url.pathname === "/v1/vision/embed") {
@@ -576971,7 +577072,7 @@ function startApiServer(options2 = {}) {
     const proto = useTls ? "https" : "http";
     log22(`  Listening on ${proto}://${host}:${port}
 `);
-    log22(`  Access: ${accessMode} (${describeAccessMode(accessMode)})
+    log22(`  Access: ${runtimeAccessMode} (${describeAccessMode(runtimeAccessMode)})
 `);
     log22(`  Primary: ${config.backendUrl} (${config.backendType || "ollama"})
 `);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "open-agents-ai",
-  "version": "0.187.364",
+  "version": "0.187.366",
   "description": "AI coding agent powered by open-source models (Ollama/vLLM) — interactive TUI with agentic tool-calling loop",
   "type": "module",
   "main": "./dist/index.js",