indifferentketchup/boocode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
876c9bcd0229c67a6d5ba7f7e2e2de3af189a3b2
boocode/apps/server/src/routes/projects.ts
indifferentketchup 31d8efe66a feat(web): enhanced file panel — side-by-side diff, hide whitespace, inline review 
Adds DiffSplitView component for side-by-side diff mode, whitespace-only
change filtering, inline review comments with thread/gutter cell UI, diff
preferences persistence, and write-file API support for in-browser editing.

Backend: hideWhitespace param on git diff endpoint, write_file route.
2026-06-07 22:16:20 +00:00

705 lines
25 KiB
TypeScript
Raw Blame History

import type { FastifyInstance } from 'fastify';
import { z } from 'zod';
import { realpath, stat, readdir, access, writeFile, rename } from 'node:fs/promises';
import { basename, resolve, sep } from 'node:path';
import type { Sql } from '../db.js';
import type { Config } from '../config.js';
import type { Broker } from '../services/broker.js';
import type { Project, AvailableProject } from '../types/api.js';
import { resolveProjectRoot, PathScopeError } from '../services/path_guard.js';
import { listDir, viewFile } from '../services/file_ops.js';
import { getProjectFiles } from '../services/file_index.js';
import { getGitMeta } from '../services/git_meta.js';
import {
getGitDiff,
stageFiles,
unstageFiles,
commitFiles,
discardFiles,
detectInProgress,
isRepoDirty,
autoSelectMode,
GitWriteError,
} from '../services/git_diff.js';
import type { GitDiffMode } from '../services/git_diff.js';
import {
bootstrapProject,
BootstrapNameError,
BootstrapCollisionError,
BootstrapPathError,
} from '../services/project_bootstrap.js';
const AddProjectBody = z.object({
path: z.string().min(1),
name: z.string().min(1).optional(),
});
// v1.9: PATCH accepts the new per-project defaults. All fields optional so
// the existing rename-only callers keep working. Empty string on
// default_system_prompt is the "no override" sentinel — same convention as
// sessions.system_prompt.
const PatchProjectBody = z.object({
name: z.string().min(1).max(200).optional(),
default_system_prompt: z.string().max(8000).optional(),
default_web_search_enabled: z.boolean().optional(),
});
const CreateProjectBody = z.object({
name: z.string().min(1).max(64),
commit_message: z.string().min(1).max(200).optional(),
visibility: z.enum(['private', 'public']).optional(),
create_gitea_remote: z.boolean().optional(),
});
async function isDir(path: string): Promise<boolean> {
try {
const s = await stat(path);
return s.isDirectory();
} catch {
return false;
}
}
export async function resolveProjectPath(
raw: string,
whitelist: string
): Promise<{ real: string; name: string } | { error: string }> {
if (!raw.startsWith('/')) return { error: 'path must be absolute' };
let real: string;
try {
real = await realpath(raw);
} catch {
return { error: 'path does not exist' };
}
const whitelistReal = await realpath(whitelist);
if (!real.startsWith(whitelistReal + sep)) {
return { error: `path must be under ${whitelist}` };
}
if (!(await isDir(real))) return { error: 'path is not a directory' };
return { real, name: basename(real) };
}
async function selectProject(sql: Sql, id: string): Promise<Project | null> {
const rows = await sql<Project[]>`
SELECT id, name, path, added_at, last_session_id, status, gitea_remote,
default_system_prompt, default_web_search_enabled
FROM projects WHERE id = ${id}
`;
return rows[0] ?? null;
}
async function selectProjectPath(sql: Sql, id: string): Promise<string | null> {
const rows = await sql<{ path: string }[]>`SELECT path FROM projects WHERE id = ${id}`;
return rows[0]?.path ?? null;
}
export function registerProjectRoutes(
app: FastifyInstance,
sql: Sql,
config: Config,
broker: Broker
): void {
app.get<{ Querystring: { status?: string } }>('/api/projects', async (req) => {
const status = req.query.status === 'archived' ? 'archived' : 'open';
const rows = await sql<Project[]>`
SELECT id, name, path, added_at, last_session_id, status, gitea_remote,
default_system_prompt, default_web_search_enabled
FROM projects
WHERE status = ${status}
ORDER BY added_at DESC
`;
return rows;
});
app.post('/api/projects/create', async (req, reply) => {
const parsed = CreateProjectBody.safeParse(req.body);
if (!parsed.success) {
reply.code(400);
return { error: 'invalid body', details: parsed.error.flatten() };
}
const visibility = parsed.data.visibility ?? 'private';
const createRemote = parsed.data.create_gitea_remote ?? true;
const commitMessage = parsed.data.commit_message ?? 'Initial commit';
let bootstrap;
try {
bootstrap = await bootstrapProject(config, app.log, {
name: parsed.data.name,
commitMessage,
visibility,
createGiteaRemote: createRemote,
});
} catch (err) {
if (err instanceof BootstrapNameError) {
reply.code(400);
return { error: `invalid project name: ${err.message}` };
}
if (err instanceof BootstrapCollisionError) {
reply.code(409);
return { error: err.message };
}
if (err instanceof BootstrapPathError) {
reply.code(400);
return { error: err.message };
}
app.log.error({ err }, 'bootstrap failed');
reply.code(500);
return { error: err instanceof Error ? err.message : 'bootstrap failed' };
}
// Insert into projects table only after bootstrap succeeded.
try {
const [row] = await sql<Project[]>`
INSERT INTO projects (name, path, gitea_remote)
VALUES (${parsed.data.name}, ${bootstrap.folder_real_path}, ${bootstrap.gitea_remote_url})
RETURNING id, name, path, added_at, last_session_id, status, gitea_remote,
default_system_prompt, default_web_search_enabled
`;
broker.publishUserFrame('default', { type: 'project_created', project: row as unknown as Project });
reply.code(201);
return {
project: row,
bootstrap: {
folder_created: bootstrap.folder_created,
git_initialized: bootstrap.git_initialized,
first_commit: bootstrap.first_commit,
gitea_remote_created: bootstrap.gitea_remote_created,
gitea_pushed: bootstrap.gitea_pushed,
warnings: bootstrap.warnings,
},
};
} catch (err) {
app.log.error({ err, folder: bootstrap.folder_real_path }, 'project insert failed after bootstrap');
reply.code(500);
return {
error: 'project created on disk but DB insert failed',
folder: bootstrap.folder_real_path,
};
}
});
app.post('/api/projects', async (req, reply) => {
const parsed = AddProjectBody.safeParse(req.body);
if (!parsed.success) {
reply.code(400);
return { error: 'invalid body', details: parsed.error.flatten() };
}
const resolved = await resolveProjectPath(parsed.data.path, config.PROJECT_ROOT_WHITELIST);
if ('error' in resolved) {
reply.code(400);
return { error: resolved.error };
}
const name = parsed.data.name?.trim() || resolved.name;
// Pre-check the current row (if any) so we can distinguish three cases:
// - no row → INSERT fresh, 201, project_created
// - row archived → ON CONFLICT UPDATE flips to 'open', 200, project_unarchived
// - row already open → 409 (true duplicate)
const existing = await sql<{ status: string }[]>`
SELECT status FROM projects WHERE path = ${resolved.real}
`;
if (existing.length > 0 && existing[0]!.status === 'open') {
reply.code(409);
return { error: 'project already exists' };
}
const [row] = await sql<Project[]>`
INSERT INTO projects (name, path)
VALUES (${name}, ${resolved.real})
ON CONFLICT (path) DO UPDATE SET status = 'open'
RETURNING id, name, path, added_at, last_session_id, status, gitea_remote,
default_system_prompt, default_web_search_enabled
`;
if (existing.length === 0) {
broker.publishUserFrame('default', { type: 'project_created', project: row as unknown as Project });
reply.code(201);
} else {
// existing.status was 'archived' — row has been restored.
broker.publishUserFrame('default', { type: 'project_unarchived', project: row as unknown as Project });
reply.code(200);
}
return row;
});
// v1.9: single-project fetch so the settings pane can refetch on
// project_updated without pulling the whole project list.
app.get<{ Params: { id: string } }>('/api/projects/:id', async (req, reply) => {
const project = await selectProject(sql, req.params.id);
if (!project) {
reply.code(404);
return { error: 'not found' };
}
return project;
});
app.patch<{ Params: { id: string } }>('/api/projects/:id', async (req, reply) => {
const parsed = PatchProjectBody.safeParse(req.body);
if (!parsed.success) {
reply.code(400);
return { error: 'invalid body', details: parsed.error.flatten() };
}
const { name, default_system_prompt, default_web_search_enabled } = parsed.data;
// v1.9: every field optional. COALESCE on the bind keeps the prior value
// when the caller omits it. Boolean has its own branch since COALESCE
// can't disambiguate "omitted" from "explicitly false" via a single
// nullable parameter.
const dwsProvided = default_web_search_enabled !== undefined;
const rows = await sql<Project[]>`
UPDATE projects
SET
name = COALESCE(${name ?? null}, name),
default_system_prompt = COALESCE(${default_system_prompt ?? null}, default_system_prompt),
default_web_search_enabled = CASE WHEN ${dwsProvided}
THEN ${default_web_search_enabled ?? false}
ELSE default_web_search_enabled END
WHERE id = ${req.params.id}
RETURNING id, name, path, added_at, last_session_id, status, gitea_remote,
default_system_prompt, default_web_search_enabled
`;
if (rows.length === 0) {
reply.code(404);
return { error: 'not found' };
}
const project = rows[0]!;
// v1.9: the project_updated frame still only carries id + name. Clients
// that need the new fields refetch via api.projects.list() — keeps the
// frame payload lean, per the locked recon decision (d).
broker.publishUserFrame('default', {
type: 'project_updated',
project_id: project.id,
name: project.name,
});
return project;
});
app.post<{ Params: { id: string } }>('/api/projects/:id/archive', async (req, reply) => {
const result = await sql`
UPDATE projects SET status = 'archived'
WHERE id = ${req.params.id} AND status = 'open'
`;
if (result.count === 0) {
reply.code(404);
return { error: 'not found or already archived' };
}
broker.publishUserFrame('default', { type: 'project_archived', project_id: req.params.id });
reply.code(204);
return null;
});
app.post<{ Params: { id: string } }>('/api/projects/:id/unarchive', async (req, reply) => {
const rows = await sql<Project[]>`
UPDATE projects SET status = 'open'
WHERE id = ${req.params.id} AND status = 'archived'
RETURNING id, name, path, added_at, last_session_id, status, gitea_remote,
default_system_prompt, default_web_search_enabled
`;
if (rows.length === 0) {
reply.code(404);
return { error: 'not found or not archived' };
}
const project = rows[0]!;
broker.publishUserFrame('default', { type: 'project_unarchived', project });
return project;
});
app.delete<{ Params: { id: string } }>('/api/projects/:id', async (req, reply) => {
const id = req.params.id;
const result = await sql`DELETE FROM projects WHERE id = ${id}`;
if (result.count === 0) {
reply.code(404);
return { error: 'not found' };
}
broker.publishUserFrame('default', { type: 'project_deleted', project_id: id });
reply.code(204);
return null;
});
app.get('/api/projects/available', async () => {
const whitelist = await realpath(config.PROJECT_ROOT_WHITELIST);
let entries: string[];
try {
entries = await readdir(whitelist);
} catch {
return [] as AvailableProject[];
}
// Only exclude paths registered with status='open'. Archived projects'
// folders should reappear as available so re-add via the picker restores
// the existing row (see POST /api/projects ON CONFLICT below).
const existing = await sql<{ path: string }[]>`
SELECT path FROM projects WHERE status = 'open'
`;
const existingSet = new Set(existing.map((r) => r.path));
const out: AvailableProject[] = [];
for (const entry of entries) {
const full = resolve(whitelist, entry);
let real: string;
try {
real = await realpath(full);
} catch {
continue;
}
if (real !== whitelist && !real.startsWith(whitelist + sep)) continue;
if (existingSet.has(real)) continue;
if (!(await isDir(real))) continue;
try {
await access(resolve(real, '.git'));
} catch {
continue;
}
out.push({ path: real, name: basename(real) });
}
out.sort((a, b) => a.name.localeCompare(b.name));
return out;
});
// GET /api/projects/:id/list_dir?path=<relpath>
app.get<{ Params: { id: string }; Querystring: { path?: string } }>(
'/api/projects/:id/list_dir',
async (req, reply) => {
const { id } = req.params;
const relPath = req.query.path ?? '.';
const projectPath = await selectProjectPath(sql, id);
if (projectPath === null) {
reply.code(404);
return { error: 'not found' };
}
let projectRoot: string;
try {
projectRoot = await resolveProjectRoot(projectPath);
} catch (err) {
if (err instanceof PathScopeError) {
reply.code(404);
return { error: err.message };
}
throw err;
}
try {
const result = await listDir(projectRoot, relPath);
return result;
} catch (err) {
if (err instanceof PathScopeError) {
reply.code(400);
return { error: err.message };
}
throw err;
}
}
);
// GET /api/projects/:id/view_file?path=<relpath>
app.get<{ Params: { id: string }; Querystring: { path?: string } }>(
'/api/projects/:id/view_file',
async (req, reply) => {
const { id } = req.params;
const relPath = req.query.path;
if (!relPath) {
reply.code(400);
return { error: 'path is required' };
}
const projectPath = await selectProjectPath(sql, id);
if (projectPath === null) {
reply.code(404);
return { error: 'not found' };
}
let projectRoot: string;
try {
projectRoot = await resolveProjectRoot(projectPath);
} catch (err) {
if (err instanceof PathScopeError) {
reply.code(404);
return { error: err.message };
}
throw err;
}
try {
const result = await viewFile(projectRoot, relPath);
return result;
} catch (err) {
if (err instanceof PathScopeError) {
reply.code(400);
return { error: err.message };
}
// File not found (pathGuard throws PathScopeError for non-existent paths)
if (err instanceof Error && err.message.includes('does not exist')) {
reply.code(404);
return { error: err.message };
}
throw err;
}
}
);
// GET /api/projects/:id/git
// v1.8 mobile-tabs: feeds the header branch indicator and is the same
// resolver the model's git_status tool uses. Returns 200 with branch=null
// for non-git directories (not 404) so the UI can degrade gracefully.
app.get<{ Params: { id: string } }>(
'/api/projects/:id/git',
async (req, reply) => {
const { id } = req.params;
const projectPath = await selectProjectPath(sql, id);
if (projectPath === null) {
reply.code(404);
return { error: 'not found' };
}
let projectRoot: string;
try {
projectRoot = await resolveProjectRoot(projectPath);
} catch (err) {
if (err instanceof PathScopeError) {
reply.code(404);
return { error: err.message };
}
throw err;
}
const meta = await getGitMeta(projectRoot);
return meta ?? { branch: null, is_dirty: false, ahead: 0, behind: 0 };
}
);
// GET /api/projects/:id/git/diff?mode=uncommitted|committed
// Returns the structured diff payload for the project repository. mode param
// selects the comparison: uncommitted (working tree vs HEAD) or committed
// (branch vs its upstream/default-branch base). When mode is absent the server
// auto-selects based on dirty state (FIX 1: dirty → uncommitted, clean → committed).
// Always includes auto_mode (the dirty-state-derived mode) so the client can
// show a suggestion when a pinned mode diverges from what would be auto-selected.
// Returns { git_repo: false } when the path is not a git repository.
app.get<{ Params: { id: string }; Querystring: { mode?: string; whitespace?: string } }>(
'/api/projects/:id/git/diff',
async (req, reply) => {
const { id } = req.params;
const rawMode = req.query.mode;
const projectPath = await selectProjectPath(sql, id);
if (projectPath === null) {
reply.code(404);
return { error: 'not found' };
}
let projectRoot: string;
try {
projectRoot = await resolveProjectRoot(projectPath);
} catch (err) {
if (err instanceof PathScopeError) {
reply.code(404);
return { error: err.message };
}
throw err;
}
// Always detect dirty state: used for auto-select (FIX 1) and suggestion (FIX 4).
const dirty = await isRepoDirty(projectRoot);
const auto_mode = autoSelectMode(dirty);
const mode: GitDiffMode =
rawMode === 'committed' ? 'committed' :
rawMode === 'uncommitted' ? 'uncommitted' :
auto_mode; // no mode param → auto-select (FIX 1)
const ignoreWhitespace = req.query.whitespace === '1';
const result = await getGitDiff(projectRoot, mode, ignoreWhitespace);
if (result === null) {
return { git_repo: false, mode, auto_mode, base_label: null, in_progress_op: null, files: [] };
}
return { git_repo: true, ...result, auto_mode };
}
);
// ── Git write routes (Phase 2) ─────────────────────────────────────────────
// These are user UI actions — NOT registered in the assistant tool registry.
// D-3: argv-safe runGit/execFile with -- separators (never shell strings).
// D-4: per-file pathGuard validation via validateWritePath.
// D-5: commit identity server-derived; request body .strict(), no author fields.
// D-7: index-lock → 409; in-progress op → 409.
// D-13: NOT in ALL_TOOLS.
const GitFilesBody = z.object({ files: z.array(z.string().min(1)).min(1) });
const GitCommitBody = z
.object({
message: z.string().min(1),
files: z.array(z.string().min(1)).optional(),
})
.strict();
const GitDiscardBody = z.object({
files: z.array(
z
.object({
path: z.string().min(1),
change_type: z.string().min(1),
staged: z.boolean(),
})
.strict(),
).min(1),
});
const WriteFileBody = z.object({
path: z.string().min(1),
content: z.string(),
});
// POST /api/projects/:id/git/stage — stage whole files
app.post<{ Params: { id: string } }>(
'/api/projects/:id/git/stage',
async (req, reply) => {
const body = GitFilesBody.safeParse(req.body);
if (!body.success) { reply.code(400); return { error: body.error.message }; }
const { id } = req.params;
const projectPath = await selectProjectPath(sql, id);
if (!projectPath) { reply.code(404); return { error: 'not found' }; }
let root: string;
try { root = await resolveProjectRoot(projectPath); }
catch (err) { if (err instanceof PathScopeError) { reply.code(404); return { error: (err as Error).message }; } throw err; }
const inProg = await detectInProgress(root);
if (inProg) { reply.code(409); return { error: `git ${inProg} in progress — write actions disabled` }; }
try {
await stageFiles(root, body.data.files);
return { ok: true };
} catch (err) {
if (err instanceof GitWriteError) { reply.code(err.busy ? 409 : 500); return { error: err.message }; }
throw err;
}
},
);
// POST /api/projects/:id/git/unstage — unstage whole files
app.post<{ Params: { id: string } }>(
'/api/projects/:id/git/unstage',
async (req, reply) => {
const body = GitFilesBody.safeParse(req.body);
if (!body.success) { reply.code(400); return { error: body.error.message }; }
const { id } = req.params;
const projectPath = await selectProjectPath(sql, id);
if (!projectPath) { reply.code(404); return { error: 'not found' }; }
let root: string;
try { root = await resolveProjectRoot(projectPath); }
catch (err) { if (err instanceof PathScopeError) { reply.code(404); return { error: (err as Error).message }; } throw err; }
const inProg = await detectInProgress(root);
if (inProg) { reply.code(409); return { error: `git ${inProg} in progress — write actions disabled` }; }
try {
await unstageFiles(root, body.data.files);
return { ok: true };
} catch (err) {
if (err instanceof GitWriteError) { reply.code(err.busy ? 409 : 500); return { error: err.message }; }
throw err;
}
},
);
// POST /api/projects/:id/git/commit — commit staged files (identity server-derived)
app.post<{ Params: { id: string } }>(
'/api/projects/:id/git/commit',
async (req, reply) => {
const body = GitCommitBody.safeParse(req.body);
if (!body.success) { reply.code(400); return { error: body.error.message }; }
const { id } = req.params;
const projectPath = await selectProjectPath(sql, id);
if (!projectPath) { reply.code(404); return { error: 'not found' }; }
let root: string;
try { root = await resolveProjectRoot(projectPath); }
catch (err) { if (err instanceof PathScopeError) { reply.code(404); return { error: (err as Error).message }; } throw err; }
const inProg = await detectInProgress(root);
if (inProg) { reply.code(409); return { error: `git ${inProg} in progress — write actions disabled` }; }
try {
await commitFiles(root, body.data.message, body.data.files);
return { ok: true };
} catch (err) {
if (err instanceof GitWriteError) { reply.code(err.busy ? 409 : 500); return { error: err.message }; }
throw err;
}
},
);
// POST /api/projects/:id/git/discard — discard file changes (irrecoverable)
app.post<{ Params: { id: string } }>(
'/api/projects/:id/git/discard',
async (req, reply) => {
const body = GitDiscardBody.safeParse(req.body);
if (!body.success) { reply.code(400); return { error: body.error.message }; }
const { id } = req.params;
const projectPath = await selectProjectPath(sql, id);
if (!projectPath) { reply.code(404); return { error: 'not found' }; }
let root: string;
try { root = await resolveProjectRoot(projectPath); }
catch (err) { if (err instanceof PathScopeError) { reply.code(404); return { error: (err as Error).message }; } throw err; }
const inProg = await detectInProgress(root);
if (inProg) { reply.code(409); return { error: `git ${inProg} in progress — write actions disabled` }; }
try {
await discardFiles(root, body.data.files);
return { ok: true };
} catch (err) {
if (err instanceof GitWriteError) { reply.code(err.busy ? 409 : 500); return { error: err.message }; }
throw err;
}
},
);
// POST /api/projects/:id/write_file — write a file atomically
app.post<{ Params: { id: string } }>(
'/api/projects/:id/write_file',
async (req, reply) => {
const body = WriteFileBody.safeParse(req.body);
if (!body.success) { reply.code(400); return { error: body.error.message }; }
const { id } = req.params;
const projectPath = await selectProjectPath(sql, id);
if (!projectPath) { reply.code(404); return { error: 'not found' }; }
let root: string;
try { root = await resolveProjectRoot(projectPath); }
catch (err) { if (err instanceof PathScopeError) { reply.code(404); return { error: (err as Error).message }; } throw err; }
const target = body.data.path.startsWith('/') ? body.data.path : resolve(root, body.data.path);
// Validate path stays within project root
const realTarget = await realpath(target).catch(() => target);
if (!realTarget.startsWith(root + sep) && realTarget !== root) {
reply.code(403);
return { error: 'path escapes project root' };
}
const tmp = target + '.tmp';
try {
await writeFile(tmp, body.data.content, 'utf-8');
await rename(tmp, target);
return { ok: true };
} catch (err) {
// Clean up tmp on failure
await access(tmp).then(() => rename(tmp, target + '.bak').catch(() => {})).catch(() => {});
throw err;
}
},
);
// GET /api/projects/:id/files
app.get<{ Params: { id: string } }>(
'/api/projects/:id/files',
async (req, reply) => {
const { id } = req.params;
const projectPath = await selectProjectPath(sql, id);
if (projectPath === null) {
reply.code(404);
return { error: 'not found' };
}
let projectRoot: string;
try {
projectRoot = await resolveProjectRoot(projectPath);
} catch (err) {
if (err instanceof PathScopeError) {
reply.code(404);
return { error: err.message };
}
throw err;
}
const files = await getProjectFiles(id, projectRoot);
return { files };
}
);
}
Reference in New Issue View Git Blame Copy Permalink