legion-llm 0.5.19 → 0.5.20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ac3514ef943a51cc0f3d2457cc4fa976b63cb2999896626ade1d76dc7c4f7804
-  data.tar.gz: f71220f0ad03f65436d0e0f6ce0f34a3ecbbb5fc0bda3add29f9dcaa1713b07d
+  metadata.gz: f51b096c53558665dbfc074fa203c8624aa79444324cb686759aee35cd568ca6
+  data.tar.gz: 95c6a41fa6839d476cff0d60a6b56a1fbc7ad5be4f914f290fc877e0198e50bc
 SHA512:
-  metadata.gz: 7112f4a875c4a49f01d2bf30249c44f85e9427722009c7474a3bb303f4f082010e117650bcacddd1ee2a0cd930d45ad043b6374f8050b31046d195975dcdf222
-  data.tar.gz: f01fd5cfc55684040cc9c312154811a117fb568576f136c9e87fb83c178c89f9ea6eceaf025e7c4f678e182be5d0a76eb7f656ce6b8b552eeb577f3fbe1e737a
+  metadata.gz: 33a939afde771b78203d7c84f3fdb9ccbe226907037bc97f86a5650324c089e1034e9de3251ea1deb72d634680b3de6e263a48bbb933648621586598d1244f16
+  data.tar.gz: d0f98e6c6dfbee9040953991e8ab3a0de88cd37ed32a352b2d6d0ef52163e120756238d7d5f96c6f00d028b25e778a2076c9012550879fba1b98b06339d5a63e

data/CHANGELOG.md

@@ -2,18 +2,24 @@
 
 ## [Unreleased]
 
-### Added
-- `Legion::LLM::Helper` module at `lib/legion/llm/helper.rb` — canonical helper following cache/transport pattern
-- Layered defaults: `llm_default_model`, `llm_default_provider`, `llm_default_intent` (LEX-overridable)
-- `llm_embed_batch` — batch embedding convenience
-- `llm_structured` — structured JSON output convenience
-- `llm_ask` — daemon-first single-shot convenience
-- `llm_connected?` / `llm_can_embed?` / `llm_routing_enabled?` — status helpers
-- `llm_cost_estimate` / `llm_cost_summary` / `llm_budget_remaining` — cost and budget helpers
-- Layered model/provider/intent defaults applied to `llm_chat` and `llm_session`
+## [0.5.20] - 2026-03-30
+
+### Added
+- `CodexConfigLoader`: auto-imports OpenAI bearer token from `~/.codex/auth.json` when `auth_mode` is `chatgpt` and no existing OpenAI API key is configured (#15)
+- JWT expiry validation — expired codex tokens are skipped with a debug log (#15)
+- Non-JWT tokens (plain API keys) accepted without validation (#15)
+- Falls back to vault/settings/env when codex auth file is absent or token is expired (#15)
+- `Legion::LLM::Helper` module at `lib/legion/llm/helper.rb` — canonical helper following cache/transport pattern (#20)
+- Layered defaults: `llm_default_model`, `llm_default_provider`, `llm_default_intent` (LEX-overridable) (#20)
+- `llm_embed_batch` — batch embedding convenience (#20)
+- `llm_structured` — structured JSON output convenience (#20)
+- `llm_ask` — daemon-first single-shot convenience (#20)
+- `llm_connected?` / `llm_can_embed?` / `llm_routing_enabled?` — status helpers (#20)
+- `llm_cost_estimate` / `llm_cost_summary` / `llm_budget_remaining` — cost and budget helpers (#20)
+- Layered model/provider/intent defaults applied to `llm_chat` and `llm_session` (#20)
 
 ### Changed
-- `lib/legion/llm/helpers/llm.rb` is now a backward-compat shim that includes `Legion::LLM::Helper`
+- `lib/legion/llm/helpers/llm.rb` is now a backward-compat shim that includes `Legion::LLM::Helper` (#20)
 
 ## [0.5.18] - 2026-03-29
 
@@ -58,6 +64,10 @@
 ## [0.5.14] - 2026-03-27
 
 ### Added
+- `CodexConfigLoader`: auto-imports OpenAI bearer token from `~/.codex/auth.json` when `auth_mode` is `chatgpt` and no existing OpenAI API key is configured
+- JWT expiry validation — expired codex tokens are skipped with a debug log
+- Non-JWT tokens (plain API keys) accepted without validation
+- Falls back to vault/settings/env when codex auth file is absent or token is expired
 - `DaemonClient.inference` method for conversation-level routing — accepts a full `messages:` array and optional `tools:`, `model:`, `provider:`, and `timeout:` keyword args, posts to `POST /api/llm/inference`, and returns a structured `{ status: :ok, data: { content:, tool_calls:, stop_reason:, model:, input_tokens:, output_tokens: } }` hash on success
 - `http_post` now accepts an optional `timeout:` keyword argument (default `DEFAULT_TIMEOUT = 60`) so callers like `inference` can pass a longer timeout (120s) without affecting existing `chat` calls
 - `interpret_inference_response` private helper that maps the `/api/llm/inference` HTTP response — 200 returns `:ok` with structured fields, 4xx/5xx follow the same error handling as `interpret_response`

data/lib/legion/llm/codex_config_loader.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require 'base64'
+require 'json'
+
+module Legion
+  module LLM
+    module CodexConfigLoader
+      CODEX_AUTH = File.expand_path('~/.codex/auth.json')
+
+      module_function
+
+      def load
+        return unless File.exist?(CODEX_AUTH)
+
+        config = read_json(CODEX_AUTH)
+        return if config.empty?
+
+        apply_codex_config(config)
+      end
+
+      def read_json(path)
+        ::JSON.parse(File.read(path), symbolize_names: true)
+      rescue StandardError => e
+        Legion::Logging.debug("CodexConfigLoader could not read #{path}: #{e.message}") if defined?(Legion::Logging)
+        {}
+      end
+
+      def apply_codex_config(config)
+        return unless config[:auth_mode] == 'chatgpt'
+
+        token = config.dig(:tokens, :access_token)
+        return unless token.is_a?(String) && !token.empty?
+
+        unless token_valid?(token)
+          Legion::Logging.debug 'CodexConfigLoader: access token is expired, skipping' if defined?(Legion::Logging)
+          return
+        end
+
+        providers = Legion::LLM.settings[:providers]
+        existing_raw = providers.dig(:openai, :api_key)
+        resolved_existing = resolve_env_api_key(existing_raw)
+        return unless resolved_existing.nil? || (resolved_existing.respond_to?(:empty?) && resolved_existing.empty?)
+
+        providers[:openai][:api_key] = token
+        Legion::Logging.debug 'Imported OpenAI API key from Codex auth config' if defined?(Legion::Logging)
+      end
+
+      def resolve_env_api_key(value)
+        return nil if value.nil?
+
+        if value.is_a?(String)
+          return nil if value.empty?
+
+          if value.start_with?('env://')
+            env_name = value.sub('env://', '')
+            env_value = ENV.fetch(env_name, nil)
+            return nil if env_value.nil? || env_value.empty?
+
+            return env_value
+          end
+
+          return value
+        end
+
+        if value.is_a?(Array)
+          resolved = value.map { |v| resolve_env_api_key(v) }.compact
+          return nil if resolved.empty?
+          return resolved.first if resolved.length == 1
+
+          return resolved
+        end
+
+        value
+      end
+
+      def token_valid?(token)
+        parts = token.split('.')
+        return true unless parts.length == 3
+
+        padded = parts[1] + ('=' * ((4 - (parts[1].length % 4)) % 4))
+        payload = ::JSON.parse(Base64.urlsafe_decode64(padded), symbolize_names: true)
+        exp = payload[:exp]
+        return true unless exp.is_a?(Integer)
+
+        exp > Time.now.to_i
+      rescue StandardError => e
+        Legion::Logging.debug("CodexConfigLoader: failed to parse access token for exp validation: #{e.class}: #{e.message}") if defined?(Legion::Logging)
+        true
+      end
+    end
+  end
+end

data/lib/legion/llm/version.rb

@@ -2,6 +2,6 @@
 
 module Legion
   module LLM
-    VERSION = '0.5.19'
+    VERSION = '0.5.20'
   end
 end

data/lib/legion/llm.rb

@@ -45,6 +45,9 @@ module Legion
         require 'legion/llm/claude_config_loader'
         ClaudeConfigLoader.load
 
+        require 'legion/llm/codex_config_loader'
+        CodexConfigLoader.load
+
         configure_providers
         run_discovery
         detect_embedding_capability

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: legion-llm
 version: !ruby/object:Gem::Version
-  version: 0.5.19
+  version: 0.5.20
 platform: ruby
 authors:
 - Esity
@@ -214,6 +214,7 @@ files:
 - lib/legion/llm/bedrock_bearer_auth.rb
 - lib/legion/llm/cache.rb
 - lib/legion/llm/claude_config_loader.rb
+- lib/legion/llm/codex_config_loader.rb
 - lib/legion/llm/compressor.rb
 - lib/legion/llm/confidence_score.rb
 - lib/legion/llm/confidence_scorer.rb