mirror of
https://github.com/siteboon/claudecodeui.git
synced 2026-07-09 07:25:43 +08:00
* fix: don't overlap thinking banner over conversation * feat: support message queue and add attention indicator * fix(shell): use c to copy for claude * fix: strip timestamp tags from cursor * fix: select project when loading session from direct URL * feat: support attached images for all providers * feat(opencode): support permission options * fix: resolve source control and chat UX bugs - make staging real in the git panel: new /stage and /unstage endpoints, /status now reports the actual index via porcelain -z (handles renames, conflicts, and paths with spaces), and Stage/Unstage All run real git commands instead of toggling client-side state - add branch search to the header dropdown and Branches tab - persist the chosen permission mode per provider so a brand-new chat keeps it once the session id arrives, instead of reverting to default - replace cmdk's fuzzy model search with strict token matching so "chatgpt" no longer surfaces unrelated models - unit tests for the git status parser * feat(git): commit graph in history view and cross-spawn everywhere - render a VSCode-style commit graph in the source control history: lane-assignment algorithm, SVG strip with colored rails, merge and branch curves, commit dots, and branch/tag badges per commit - /commits returns parents and ref decorations across all branches (--branches --remotes --tags --topo-order) using unit-separator fields so pipes in commit subjects can't break parsing - collect stats via a single --shortstat pass instead of one `git show --stat` call per commit; raise the history limit to 50 - replace child_process spawn with cross-spawn in all runtimes, routes, and services: it resolves .cmd shims and PATHEXT on Windows (fixing taskmaster's npx invocations) and delegates to native spawn elsewhere, removing the per-file win32 ternaries - unit tests for the log parser and lane assignment * fix: remove gemini support since google discontinued it * fix: address code review findings - validate chat image attachments server-side: only files inside the ~/.cloudcli/assets upload store may reach provider file reads - harden asset serving with nosniff and attachment disposition for SVGs to prevent stored XSS - show the timestamp on image-only user messages - serialize git stage/unstage calls and defer the status re-sync so rapid toggles can't interleave or flicker - use a literal hex fallback for commit ref badges (alpha suffix on a var() string produced invalid CSS) - stop binding a URL session to a guening project instead - add the missing attentionRequiredIndicator key to all sidebar locales - clean up dangling conjunctions left the de/ru/tr/ja/zh-CN/zh-TW READMEs * fix: address code scanning findings - enforce a second image trust boundary in the provider builders: buildClaudeUserContent/buildCodexInputItems only accept files inside the upload store or the run's working directory (CodeQL path injection) - drop an always-true selectedProject check in handleSubmit - remove the unused resume option from spawnCursor * fix: use CodeQL-recognized containment check for image reads Replace the path.relative guard in isPathInsideDirectory with the resolve + startsWith(root + sep) idiom so the path-injection barrier is visible to code scanning; behavior is unchanged. * fix(security): canonicalize Claude image attachment reads Resolve image attachment paths with realpath before reading so symlinks inside allowed roots cannot escape to arbitrary files. Preserve support for symlinked project/upload roots and add focused coverage for both cases. * fix: show agent subtask * fix(sessions): title app-created sessions from the first user message App-created sessions (started by sending a message from cloudcli) were titled with placeholder names — "Untitled Codex Session" from the disk indexer and, briefly, "New session" from the empty canonical upsert — before a later sync finally settled on the right text, causing the sidebar title to flicker. - Codex/OpenCode synchronizers now title app-created sessions (distinct app id mapped to a provider id) from the first user message, while sessions found purely by indexing keep their existing setup. Claude keeps its AI-generated titles; Cursor already used the first message. - Decode OpenCode's JSON-string-literal prompts so titles no longer surface wrapped in quotes; hoist unwrapJsonStringLiteral into shared/utils since it's now used by both the reader and synchronizer. - Guard the sidebar upsert merge so an empty summary can never blank out a title that is already set. - Add codex/opencode synchronizer tests for the app-created vs indexed naming paths. * fix(chat): make message queuing reliable across sessions and turn boundaries Queued messages had four related defects: - A queued message flashed and then vanished at flush time: concurrent transcript refreshes (the `complete` handler racing the watcher-triggered update) could resolve out of order, letting a stale response overwrite newer server messages after the optimistic row was pruned. Session slots now carry a monotonic fetch ticket and discard stale fetch/refresh/ fetchMore responses. - Switching sessions flushed the previous session's queued draft into the newly viewed one (sending it with the wrong provider's settings, e.g. a Claude model into a Codex session). The composer flush is now scoped to its session, and a draft restored into an idle session sends after a short grace period so a live-run ack can cancel it. - The thinking banner never appeared for a queued turn: the chat handler's session-keyed completeRun safety net could fire after a queued message had already started the session's next run, emitting a spurious `complete` that killed it. The safety net is now scoped to its own run via completeRunIfCurrent (with a regression test). - Queued messages only sent while their session was being viewed. Drafts now persist their send options (model, effort, permissions) at queue time, and a new app-level useQueuedMessageAutoSend hook dispatches a non-viewed session's queued message as soon as its run completes, using the storage key as the claim ticket to prevent double sends.
684 lines
21 KiB
TypeScript
684 lines
21 KiB
TypeScript
import express, { type Request, type Response } from 'express';
|
|
|
|
import { providerAuthService } from '@/modules/providers/services/provider-auth.service.js';
|
|
import { providerCapabilitiesService } from '@/modules/providers/services/provider-capabilities.service.js';
|
|
import { providerMcpService } from '@/modules/providers/services/mcp.service.js';
|
|
import { providerModelsService } from '@/modules/providers/services/provider-models.service.js';
|
|
import { providerSkillsService } from '@/modules/providers/services/skills.service.js';
|
|
import { sessionConversationsSearchService } from '@/modules/providers/services/session-conversations-search.service.js';
|
|
import { sessionsService } from '@/modules/providers/services/sessions.service.js';
|
|
import type {
|
|
LLMProvider,
|
|
McpScope,
|
|
McpTransport,
|
|
ProviderChangeActiveModelInput,
|
|
ProviderSkillCreateFile,
|
|
ProviderSkillCreateInput,
|
|
UpsertProviderMcpServerInput,
|
|
} from '@/shared/types.js';
|
|
import { AppError, asyncHandler, createApiSuccessResponse } from '@/shared/utils.js';
|
|
|
|
const router = express.Router();
|
|
|
|
const readPathParam = (value: unknown, name: string): string => {
|
|
if (typeof value === 'string') {
|
|
return value;
|
|
}
|
|
|
|
if (Array.isArray(value) && typeof value[0] === 'string') {
|
|
return value[0];
|
|
}
|
|
|
|
throw new AppError(`${name} path parameter is invalid.`, {
|
|
code: 'INVALID_PATH_PARAMETER',
|
|
statusCode: 400,
|
|
});
|
|
};
|
|
|
|
const normalizeProviderParam = (value: unknown): string =>
|
|
readPathParam(value, 'provider').trim().toLowerCase();
|
|
|
|
const SESSION_ID_PATTERN = /^[a-zA-Z0-9._-]{1,120}$/;
|
|
|
|
const parseSessionId = (value: unknown): string => {
|
|
const sessionId = readPathParam(value, 'sessionId').trim();
|
|
if (!SESSION_ID_PATTERN.test(sessionId)) {
|
|
throw new AppError('Invalid sessionId.', {
|
|
code: 'INVALID_SESSION_ID',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
return sessionId;
|
|
};
|
|
|
|
const readOptionalQueryString = (value: unknown): string | undefined => {
|
|
if (typeof value !== 'string') {
|
|
return undefined;
|
|
}
|
|
|
|
const normalized = value.trim();
|
|
return normalized.length > 0 ? normalized : undefined;
|
|
};
|
|
|
|
const parseOptionalBooleanQuery = (value: unknown, name: string): boolean | undefined => {
|
|
if (value === undefined) {
|
|
return undefined;
|
|
}
|
|
|
|
const normalized = readOptionalQueryString(value);
|
|
if (!normalized) {
|
|
return undefined;
|
|
}
|
|
|
|
if (normalized === 'true') {
|
|
return true;
|
|
}
|
|
if (normalized === 'false') {
|
|
return false;
|
|
}
|
|
|
|
throw new AppError(`${name} must be "true" or "false".`, {
|
|
code: 'INVALID_QUERY_PARAMETER',
|
|
statusCode: 400,
|
|
});
|
|
};
|
|
|
|
const parseMcpScope = (value: unknown): McpScope | undefined => {
|
|
if (value === undefined) {
|
|
return undefined;
|
|
}
|
|
|
|
const normalized = readOptionalQueryString(value);
|
|
if (!normalized) {
|
|
return undefined;
|
|
}
|
|
|
|
if (normalized === 'user' || normalized === 'local' || normalized === 'project') {
|
|
return normalized;
|
|
}
|
|
|
|
throw new AppError(`Unsupported MCP scope "${normalized}".`, {
|
|
code: 'INVALID_MCP_SCOPE',
|
|
statusCode: 400,
|
|
});
|
|
};
|
|
|
|
const parseMcpTransport = (value: unknown): McpTransport => {
|
|
const normalized = readOptionalQueryString(value);
|
|
if (!normalized) {
|
|
throw new AppError('transport is required.', {
|
|
code: 'MCP_TRANSPORT_REQUIRED',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
if (normalized === 'stdio' || normalized === 'http' || normalized === 'sse') {
|
|
return normalized;
|
|
}
|
|
|
|
throw new AppError(`Unsupported MCP transport "${normalized}".`, {
|
|
code: 'INVALID_MCP_TRANSPORT',
|
|
statusCode: 400,
|
|
});
|
|
};
|
|
|
|
const parseMcpUpsertPayload = (payload: unknown): UpsertProviderMcpServerInput => {
|
|
if (!payload || typeof payload !== 'object') {
|
|
throw new AppError('Request body must be an object.', {
|
|
code: 'INVALID_REQUEST_BODY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const body = payload as Record<string, unknown>;
|
|
const name = readOptionalQueryString(body.name);
|
|
if (!name) {
|
|
throw new AppError('name is required.', {
|
|
code: 'MCP_NAME_REQUIRED',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const transport = parseMcpTransport(body.transport);
|
|
const scope = parseMcpScope(body.scope);
|
|
const workspacePath = readOptionalQueryString(body.workspacePath);
|
|
|
|
return {
|
|
name,
|
|
transport,
|
|
scope,
|
|
workspacePath,
|
|
command: readOptionalQueryString(body.command),
|
|
args: Array.isArray(body.args) ? body.args.filter((entry): entry is string => typeof entry === 'string') : undefined,
|
|
env: typeof body.env === 'object' && body.env !== null
|
|
? Object.fromEntries(
|
|
Object.entries(body.env as Record<string, unknown>).filter(
|
|
(entry): entry is [string, string] => typeof entry[1] === 'string',
|
|
),
|
|
)
|
|
: undefined,
|
|
cwd: readOptionalQueryString(body.cwd),
|
|
url: readOptionalQueryString(body.url),
|
|
headers: typeof body.headers === 'object' && body.headers !== null
|
|
? Object.fromEntries(
|
|
Object.entries(body.headers as Record<string, unknown>).filter(
|
|
(entry): entry is [string, string] => typeof entry[1] === 'string',
|
|
),
|
|
)
|
|
: undefined,
|
|
envVars: Array.isArray(body.envVars)
|
|
? body.envVars.filter((entry): entry is string => typeof entry === 'string')
|
|
: undefined,
|
|
bearerTokenEnvVar: readOptionalQueryString(body.bearerTokenEnvVar),
|
|
envHttpHeaders: typeof body.envHttpHeaders === 'object' && body.envHttpHeaders !== null
|
|
? Object.fromEntries(
|
|
Object.entries(body.envHttpHeaders as Record<string, unknown>).filter(
|
|
(entry): entry is [string, string] => typeof entry[1] === 'string',
|
|
),
|
|
)
|
|
: undefined,
|
|
};
|
|
};
|
|
|
|
const parseProviderSkillCreatePayload = (payload: unknown): ProviderSkillCreateInput => {
|
|
if (!payload || typeof payload !== 'object') {
|
|
throw new AppError('Request body must be an object.', {
|
|
code: 'INVALID_REQUEST_BODY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const body = payload as Record<string, unknown>;
|
|
const rawEntries = Array.isArray(body.entries)
|
|
? body.entries
|
|
: typeof body.content === 'string'
|
|
? [{
|
|
content: body.content,
|
|
directoryName: body.directoryName,
|
|
fileName: body.fileName,
|
|
files: body.files,
|
|
}]
|
|
: null;
|
|
|
|
if (!rawEntries || rawEntries.length === 0) {
|
|
throw new AppError('At least one skill entry is required.', {
|
|
code: 'PROVIDER_SKILLS_REQUIRED',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const entries = rawEntries.map((entry, index) => {
|
|
if (!entry || typeof entry !== 'object') {
|
|
throw new AppError(`Skill entry ${index + 1} must be an object.`, {
|
|
code: 'INVALID_REQUEST_BODY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const record = entry as Record<string, unknown>;
|
|
const content = typeof record.content === 'string' ? record.content : '';
|
|
const directoryName = readOptionalQueryString(record.directoryName);
|
|
const fileName = readOptionalQueryString(record.fileName);
|
|
const rawFiles = record.files;
|
|
|
|
if (!content.trim()) {
|
|
throw new AppError(`Skill entry ${index + 1} must include markdown content.`, {
|
|
code: 'PROVIDER_SKILL_CONTENT_REQUIRED',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
if (rawFiles !== undefined && !Array.isArray(rawFiles)) {
|
|
throw new AppError(`Skill entry ${index + 1} files must be an array.`, {
|
|
code: 'INVALID_REQUEST_BODY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const files: ProviderSkillCreateFile[] | undefined = rawFiles?.map((file, fileIndex) => {
|
|
if (!file || typeof file !== 'object') {
|
|
throw new AppError(`Skill entry ${index + 1} file ${fileIndex + 1} must be an object.`, {
|
|
code: 'INVALID_REQUEST_BODY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const fileRecord = file as Record<string, unknown>;
|
|
const relativePath = readOptionalQueryString(fileRecord.relativePath);
|
|
const fileContent = typeof fileRecord.content === 'string' ? fileRecord.content : null;
|
|
const encoding = fileRecord.encoding === 'utf8' || fileRecord.encoding === 'base64'
|
|
? fileRecord.encoding
|
|
: null;
|
|
|
|
if (!relativePath || fileContent === null || !encoding) {
|
|
throw new AppError(
|
|
`Skill entry ${index + 1} file ${fileIndex + 1} requires relativePath, content, and encoding.`,
|
|
{
|
|
code: 'INVALID_REQUEST_BODY',
|
|
statusCode: 400,
|
|
},
|
|
);
|
|
}
|
|
|
|
return {
|
|
relativePath,
|
|
content: fileContent,
|
|
encoding,
|
|
};
|
|
});
|
|
|
|
return {
|
|
content,
|
|
directoryName,
|
|
fileName,
|
|
files,
|
|
};
|
|
});
|
|
|
|
return { entries };
|
|
};
|
|
|
|
const parseProvider = (value: unknown): LLMProvider => {
|
|
const normalized = normalizeProviderParam(value);
|
|
if (
|
|
normalized === 'claude'
|
|
|| normalized === 'codex'
|
|
|| normalized === 'cursor'
|
|
|| normalized === 'opencode'
|
|
) {
|
|
return normalized;
|
|
}
|
|
|
|
throw new AppError(`Unsupported provider "${normalized}".`, {
|
|
code: 'UNSUPPORTED_PROVIDER',
|
|
statusCode: 400,
|
|
});
|
|
};
|
|
|
|
const parseSessionRenameSummary = (payload: unknown): string => {
|
|
if (!payload || typeof payload !== 'object') {
|
|
throw new AppError('Request body must be an object.', {
|
|
code: 'INVALID_REQUEST_BODY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const body = payload as Record<string, unknown>;
|
|
const summary = typeof body.summary === 'string' ? body.summary.trim() : '';
|
|
if (!summary) {
|
|
throw new AppError('Summary is required.', {
|
|
code: 'INVALID_SESSION_SUMMARY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
if (summary.length > 500) {
|
|
throw new AppError('Summary must not exceed 500 characters.', {
|
|
code: 'INVALID_SESSION_SUMMARY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
return summary;
|
|
};
|
|
|
|
const parseSessionSearchQuery = (value: unknown): string => {
|
|
const query = readOptionalQueryString(value) ?? '';
|
|
if (query.length < 2) {
|
|
throw new AppError('Query must be at least 2 characters', {
|
|
code: 'INVALID_SEARCH_QUERY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
return query;
|
|
};
|
|
|
|
const parseSessionSearchLimit = (value: unknown): number => {
|
|
const raw = readOptionalQueryString(value);
|
|
if (!raw) {
|
|
return 50;
|
|
}
|
|
|
|
const parsed = Number.parseInt(raw, 10);
|
|
if (Number.isNaN(parsed)) {
|
|
throw new AppError('limit must be a valid integer.', {
|
|
code: 'INVALID_QUERY_PARAMETER',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
return Math.max(1, Math.min(parsed, 100));
|
|
};
|
|
|
|
const parseChangeActiveModelPayload = (payload: unknown): ProviderChangeActiveModelInput => {
|
|
if (!payload || typeof payload !== 'object') {
|
|
throw new AppError('Request body must be an object.', {
|
|
code: 'INVALID_REQUEST_BODY',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const body = payload as Record<string, unknown>;
|
|
const model = readOptionalQueryString(body.model);
|
|
if (!model) {
|
|
throw new AppError('model is required.', {
|
|
code: 'MODEL_REQUIRED',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
return {
|
|
sessionId: '',
|
|
model,
|
|
};
|
|
};
|
|
|
|
router.get(
|
|
'/:provider/auth/status',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const status = await providerAuthService.getProviderAuthStatus(provider);
|
|
res.json(createApiSuccessResponse(status));
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/:provider/models',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const bypassCache = parseOptionalBooleanQuery(req.query.bypassCache, 'bypassCache') ?? false;
|
|
const result = await providerModelsService.getProviderModels(provider, { bypassCache });
|
|
res.json(createApiSuccessResponse({ provider, models: result.models, cache: result.cache }));
|
|
}),
|
|
);
|
|
|
|
router.post(
|
|
'/:provider/sessions/:sessionId/active-model',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const sessionId = parseSessionId(req.params.sessionId);
|
|
const payload = parseChangeActiveModelPayload(req.body);
|
|
const result = await providerModelsService.changeActiveModel(provider, {
|
|
...payload,
|
|
sessionId,
|
|
});
|
|
res.json(createApiSuccessResponse(result));
|
|
}),
|
|
);
|
|
|
|
// ----------------- Skills routes -----------------
|
|
router.get(
|
|
'/:provider/skills',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const workspacePath = readOptionalQueryString(req.query.workspacePath);
|
|
const skills = await providerSkillsService.listProviderSkills(provider, { workspacePath });
|
|
res.json(createApiSuccessResponse({ provider, skills }));
|
|
}),
|
|
);
|
|
|
|
router.post(
|
|
'/:provider/skills',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const input = parseProviderSkillCreatePayload(req.body);
|
|
const skills = await providerSkillsService.addProviderSkills(provider, input);
|
|
res.json(createApiSuccessResponse({ provider, skills }));
|
|
}),
|
|
);
|
|
|
|
router.delete(
|
|
'/:provider/skills/:directoryName',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const result = await providerSkillsService.removeProviderSkill(provider, {
|
|
directoryName: readPathParam(req.params.directoryName, 'directoryName'),
|
|
});
|
|
res.json(createApiSuccessResponse(result));
|
|
}),
|
|
);
|
|
|
|
// ----------------- MCP routes -----------------
|
|
router.get(
|
|
'/:provider/mcp/servers',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const workspacePath = readOptionalQueryString(req.query.workspacePath);
|
|
const scope = parseMcpScope(req.query.scope);
|
|
|
|
if (scope) {
|
|
const servers = await providerMcpService.listProviderMcpServersForScope(provider, scope, { workspacePath });
|
|
res.json(createApiSuccessResponse({ provider, scope, servers }));
|
|
return;
|
|
}
|
|
|
|
const groupedServers = await providerMcpService.listProviderMcpServers(provider, { workspacePath });
|
|
res.json(createApiSuccessResponse({ provider, scopes: groupedServers }));
|
|
}),
|
|
);
|
|
|
|
router.post(
|
|
'/:provider/mcp/servers',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const payload = parseMcpUpsertPayload(req.body);
|
|
const server = await providerMcpService.upsertProviderMcpServer(provider, payload);
|
|
res.status(201).json(createApiSuccessResponse({ server }));
|
|
}),
|
|
);
|
|
|
|
router.delete(
|
|
'/:provider/mcp/servers/:name',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
const scope = parseMcpScope(req.query.scope);
|
|
const workspacePath = readOptionalQueryString(req.query.workspacePath);
|
|
const result = await providerMcpService.removeProviderMcpServer(provider, {
|
|
name: readPathParam(req.params.name, 'name'),
|
|
scope,
|
|
workspacePath,
|
|
});
|
|
res.json(createApiSuccessResponse(result));
|
|
}),
|
|
);
|
|
|
|
router.post(
|
|
'/mcp/servers/global',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const payload = parseMcpUpsertPayload(req.body);
|
|
if (payload.scope === 'local') {
|
|
throw new AppError('Global MCP add supports only "user" or "project" scopes.', {
|
|
code: 'INVALID_GLOBAL_MCP_SCOPE',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
|
|
const results = await providerMcpService.addMcpServerToAllProviders({
|
|
...payload,
|
|
scope: payload.scope === 'user' ? 'user' : 'project',
|
|
});
|
|
res.status(201).json(createApiSuccessResponse({ results }));
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/capabilities',
|
|
asyncHandler(async (_req: Request, res: Response) => {
|
|
res.json(createApiSuccessResponse({
|
|
providers: providerCapabilitiesService.listAllProviderCapabilities(),
|
|
}));
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/:provider/capabilities',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const provider = parseProvider(req.params.provider);
|
|
res.json(createApiSuccessResponse(
|
|
providerCapabilitiesService.getProviderCapabilities(provider),
|
|
));
|
|
}),
|
|
);
|
|
|
|
// ----------------- Session routes -----------------
|
|
/**
|
|
* Session gateway entry point: allocates the stable app-facing session id for
|
|
* a brand-new chat. The frontend must call this before the first `chat.send`
|
|
* so the session id in the URL, the store, and the websocket all agree from
|
|
* the very first message — there is no client-visible session-id handoff.
|
|
*/
|
|
router.post(
|
|
'/sessions',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const body = (req.body ?? {}) as Record<string, unknown>;
|
|
const provider = parseProvider(body.provider);
|
|
const projectPath = typeof body.projectPath === 'string' ? body.projectPath : '';
|
|
const result = sessionsService.createAppSession(provider, projectPath);
|
|
res.status(201).json(createApiSuccessResponse(result));
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/sessions/running',
|
|
asyncHandler(async (_req: Request, res: Response) => {
|
|
const sessions = sessionsService.listRunningSessions();
|
|
res.json(createApiSuccessResponse({ sessions }));
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/sessions/archived',
|
|
asyncHandler(async (_req: Request, res: Response) => {
|
|
const sessions = sessionsService.listArchivedSessions();
|
|
res.json(createApiSuccessResponse({ sessions }));
|
|
}),
|
|
);
|
|
|
|
router.delete(
|
|
'/sessions/:sessionId',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const sessionId = parseSessionId(req.params.sessionId);
|
|
const force = parseOptionalBooleanQuery(req.query.force, 'force') ?? false;
|
|
const deletedFromDisk = parseOptionalBooleanQuery(req.query.deletedFromDisk, 'deletedFromDisk') ?? force;
|
|
const result = await sessionsService.deleteOrArchiveSessionById(sessionId, {
|
|
force,
|
|
deletedFromDisk,
|
|
});
|
|
res.json(createApiSuccessResponse(result));
|
|
}),
|
|
);
|
|
|
|
router.post(
|
|
'/sessions/:sessionId/restore',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const sessionId = parseSessionId(req.params.sessionId);
|
|
const result = sessionsService.restoreSessionById(sessionId);
|
|
res.json(createApiSuccessResponse(result));
|
|
}),
|
|
);
|
|
|
|
router.put(
|
|
'/sessions/:sessionId',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const sessionId = parseSessionId(req.params.sessionId);
|
|
const summary = parseSessionRenameSummary(req.body);
|
|
const result = sessionsService.renameSessionById(sessionId, summary);
|
|
res.json(createApiSuccessResponse(result));
|
|
}),
|
|
);
|
|
|
|
router.get(
|
|
'/sessions/:sessionId/messages',
|
|
asyncHandler(async (req: Request, res: Response) => {
|
|
const sessionId = parseSessionId(req.params.sessionId);
|
|
const limitRaw = readOptionalQueryString(req.query.limit);
|
|
const offsetRaw = readOptionalQueryString(req.query.offset);
|
|
|
|
let limit: number | null = null;
|
|
if (limitRaw !== undefined) {
|
|
const parsedLimit = Number.parseInt(limitRaw, 10);
|
|
if (Number.isNaN(parsedLimit) || parsedLimit < 0) {
|
|
throw new AppError('limit must be a non-negative integer.', {
|
|
code: 'INVALID_QUERY_PARAMETER',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
limit = parsedLimit;
|
|
}
|
|
|
|
let offset = 0;
|
|
if (offsetRaw !== undefined) {
|
|
const parsedOffset = Number.parseInt(offsetRaw, 10);
|
|
if (Number.isNaN(parsedOffset) || parsedOffset < 0) {
|
|
throw new AppError('offset must be a non-negative integer.', {
|
|
code: 'INVALID_QUERY_PARAMETER',
|
|
statusCode: 400,
|
|
});
|
|
}
|
|
offset = parsedOffset;
|
|
}
|
|
|
|
const result = await sessionsService.fetchHistory(sessionId, {
|
|
limit,
|
|
offset,
|
|
});
|
|
res.json(createApiSuccessResponse(result));
|
|
}),
|
|
);
|
|
|
|
router.get('/search/sessions', asyncHandler(async (req: Request, res: Response) => {
|
|
const query = parseSessionSearchQuery(req.query.q);
|
|
const limit = parseSessionSearchLimit(req.query.limit);
|
|
|
|
res.writeHead(200, {
|
|
'Content-Type': 'text/event-stream',
|
|
'Cache-Control': 'no-cache',
|
|
Connection: 'keep-alive',
|
|
'X-Accel-Buffering': 'no',
|
|
});
|
|
|
|
let closed = false;
|
|
const abortController = new AbortController();
|
|
req.on('close', () => {
|
|
closed = true;
|
|
abortController.abort();
|
|
});
|
|
|
|
try {
|
|
await sessionConversationsSearchService.search({
|
|
query,
|
|
limit,
|
|
signal: abortController.signal,
|
|
onProgress: ({ projectResult, totalMatches, scannedProjects, totalProjects }) => {
|
|
if (closed) {
|
|
return;
|
|
}
|
|
|
|
if (projectResult) {
|
|
res.write(`event: result\ndata: ${JSON.stringify({ projectResult, totalMatches, scannedProjects, totalProjects })}\n\n`);
|
|
return;
|
|
}
|
|
|
|
res.write(`event: progress\ndata: ${JSON.stringify({ totalMatches, scannedProjects, totalProjects })}\n\n`);
|
|
},
|
|
});
|
|
|
|
if (!closed) {
|
|
res.write('event: done\ndata: {}\n\n');
|
|
}
|
|
} catch (error) {
|
|
console.error('Error searching conversations:', error);
|
|
if (!closed) {
|
|
res.write(`event: error\ndata: ${JSON.stringify({ error: 'Search failed' })}\n\n`);
|
|
}
|
|
} finally {
|
|
if (!closed) {
|
|
res.end();
|
|
}
|
|
}
|
|
}));
|
|
|
|
export default router;
|